diff options
| author | djm <> | 2008-09-06 12:17:54 +0000 |
|---|---|---|
| committer | djm <> | 2008-09-06 12:17:54 +0000 |
| commit | 38ce604e3cc97706b876b0525ddff0121115456d (patch) | |
| tree | 7ccc28afe1789ea3dbedf72365f955d5b8e105b5 /src/lib/libssl | |
| parent | 12867252827c8efaa8ddd1fa3b3d6e321e2bcdef (diff) | |
| download | openbsd-38ce604e3cc97706b876b0525ddff0121115456d.tar.gz openbsd-38ce604e3cc97706b876b0525ddff0121115456d.tar.bz2 openbsd-38ce604e3cc97706b876b0525ddff0121115456d.zip | |
resolve conflicts
Diffstat (limited to 'src/lib/libssl')
697 files changed, 44294 insertions, 15897 deletions
diff --git a/src/lib/libssl/LICENSE b/src/lib/libssl/LICENSE index e6afecc724..a2c4adcbe6 100644 --- a/src/lib/libssl/LICENSE +++ b/src/lib/libssl/LICENSE | |||
| @@ -12,7 +12,7 @@ | |||
| 12 | --------------- | 12 | --------------- |
| 13 | 13 | ||
| 14 | /* ==================================================================== | 14 | /* ==================================================================== |
| 15 | * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved. | 15 | * Copyright (c) 1998-2008 The OpenSSL Project. All rights reserved. |
| 16 | * | 16 | * |
| 17 | * Redistribution and use in source and binary forms, with or without | 17 | * Redistribution and use in source and binary forms, with or without |
| 18 | * modification, are permitted provided that the following conditions | 18 | * modification, are permitted provided that the following conditions |
diff --git a/src/lib/libssl/bio_ssl.c b/src/lib/libssl/bio_ssl.c index d683ee43e1..420deb7fc9 100644 --- a/src/lib/libssl/bio_ssl.c +++ b/src/lib/libssl/bio_ssl.c | |||
| @@ -456,7 +456,7 @@ static long ssl_ctrl(BIO *b, int cmd, long num, void *ptr) | |||
| 456 | case BIO_CTRL_SET_CALLBACK: | 456 | case BIO_CTRL_SET_CALLBACK: |
| 457 | { | 457 | { |
| 458 | #if 0 /* FIXME: Should this be used? -- Richard Levitte */ | 458 | #if 0 /* FIXME: Should this be used? -- Richard Levitte */ |
| 459 | BIOerr(SSL_F_SSL_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); | 459 | SSLerr(SSL_F_SSL_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); |
| 460 | ret = -1; | 460 | ret = -1; |
| 461 | #else | 461 | #else |
| 462 | ret=0; | 462 | ret=0; |
| @@ -465,9 +465,9 @@ static long ssl_ctrl(BIO *b, int cmd, long num, void *ptr) | |||
| 465 | break; | 465 | break; |
| 466 | case BIO_CTRL_GET_CALLBACK: | 466 | case BIO_CTRL_GET_CALLBACK: |
| 467 | { | 467 | { |
| 468 | void (**fptr)(); | 468 | void (**fptr)(const SSL *xssl,int type,int val); |
| 469 | 469 | ||
| 470 | fptr=(void (**)())ptr; | 470 | fptr=(void (**)(const SSL *xssl,int type,int val))ptr; |
| 471 | *fptr=SSL_get_info_callback(ssl); | 471 | *fptr=SSL_get_info_callback(ssl); |
| 472 | } | 472 | } |
| 473 | break; | 473 | break; |
diff --git a/src/lib/libssl/doc/openssl.cnf b/src/lib/libssl/doc/openssl.cnf index 4c1d595b0a..9e59020c17 100644 --- a/src/lib/libssl/doc/openssl.cnf +++ b/src/lib/libssl/doc/openssl.cnf | |||
| @@ -44,8 +44,8 @@ new_certs_dir = $dir/newcerts # default place for new certs. | |||
| 44 | 44 | ||
| 45 | certificate = $dir/cacert.pem # The CA certificate | 45 | certificate = $dir/cacert.pem # The CA certificate |
| 46 | serial = $dir/serial # The current serial number | 46 | serial = $dir/serial # The current serial number |
| 47 | #crlnumber = $dir/crlnumber # the current crl number must be | 47 | crlnumber = $dir/crlnumber # the current crl number |
| 48 | # commented out to leave a V1 CRL | 48 | # must be commented out to leave a V1 CRL |
| 49 | crl = $dir/crl.pem # The current CRL | 49 | crl = $dir/crl.pem # The current CRL |
| 50 | private_key = $dir/private/cakey.pem# The private key | 50 | private_key = $dir/private/cakey.pem# The private key |
| 51 | RANDFILE = $dir/private/.rand # private random number file | 51 | RANDFILE = $dir/private/.rand # private random number file |
| @@ -67,7 +67,7 @@ cert_opt = ca_default # Certificate field options | |||
| 67 | 67 | ||
| 68 | default_days = 365 # how long to certify for | 68 | default_days = 365 # how long to certify for |
| 69 | default_crl_days= 30 # how long before next CRL | 69 | default_crl_days= 30 # how long before next CRL |
| 70 | default_md = md5 # which md to use. | 70 | default_md = sha1 # which md to use. |
| 71 | preserve = no # keep passed DN ordering | 71 | preserve = no # keep passed DN ordering |
| 72 | 72 | ||
| 73 | # A few difference way of specifying how similar the request should look | 73 | # A few difference way of specifying how similar the request should look |
| @@ -188,7 +188,7 @@ nsComment = "OpenSSL Generated Certificate" | |||
| 188 | 188 | ||
| 189 | # PKIX recommendations harmless if included in all certificates. | 189 | # PKIX recommendations harmless if included in all certificates. |
| 190 | subjectKeyIdentifier=hash | 190 | subjectKeyIdentifier=hash |
| 191 | authorityKeyIdentifier=keyid,issuer:always | 191 | authorityKeyIdentifier=keyid,issuer |
| 192 | 192 | ||
| 193 | # This stuff is for subjectAltName and issuerAltname. | 193 | # This stuff is for subjectAltName and issuerAltname. |
| 194 | # Import the email address. | 194 | # Import the email address. |
diff --git a/src/lib/libssl/doc/openssl.txt b/src/lib/libssl/doc/openssl.txt index 432a17b66c..f8817b0a71 100644 --- a/src/lib/libssl/doc/openssl.txt +++ b/src/lib/libssl/doc/openssl.txt | |||
| @@ -154,8 +154,22 @@ for example contain data in multiple sections. The correct syntax to | |||
| 154 | use is defined by the extension code itself: check out the certificate | 154 | use is defined by the extension code itself: check out the certificate |
| 155 | policies extension for an example. | 155 | policies extension for an example. |
| 156 | 156 | ||
| 157 | In addition it is also possible to use the word DER to include arbitrary | 157 | There are two ways to encode arbitrary extensions. |
| 158 | data in any extension. | 158 | |
| 159 | The first way is to use the word ASN1 followed by the extension content | ||
| 160 | using the same syntax as ASN1_generate_nconf(). For example: | ||
| 161 | |||
| 162 | 1.2.3.4=critical,ASN1:UTF8String:Some random data | ||
| 163 | |||
| 164 | 1.2.3.4=ASN1:SEQUENCE:seq_sect | ||
| 165 | |||
| 166 | [seq_sect] | ||
| 167 | |||
| 168 | field1 = UTF8:field1 | ||
| 169 | field2 = UTF8:field2 | ||
| 170 | |||
| 171 | It is also possible to use the word DER to include arbitrary data in any | ||
| 172 | extension. | ||
| 159 | 173 | ||
| 160 | 1.2.3.4=critical,DER:01:02:03:04 | 174 | 1.2.3.4=critical,DER:01:02:03:04 |
| 161 | 1.2.3.4=DER:01020304 | 175 | 1.2.3.4=DER:01020304 |
| @@ -336,16 +350,21 @@ Subject Alternative Name. | |||
| 336 | The subject alternative name extension allows various literal values to be | 350 | The subject alternative name extension allows various literal values to be |
| 337 | included in the configuration file. These include "email" (an email address) | 351 | included in the configuration file. These include "email" (an email address) |
| 338 | "URI" a uniform resource indicator, "DNS" (a DNS domain name), RID (a | 352 | "URI" a uniform resource indicator, "DNS" (a DNS domain name), RID (a |
| 339 | registered ID: OBJECT IDENTIFIER) and IP (and IP address). | 353 | registered ID: OBJECT IDENTIFIER), IP (and IP address) and otherName. |
| 340 | 354 | ||
| 341 | Also the email option include a special 'copy' value. This will automatically | 355 | Also the email option include a special 'copy' value. This will automatically |
| 342 | include and email addresses contained in the certificate subject name in | 356 | include and email addresses contained in the certificate subject name in |
| 343 | the extension. | 357 | the extension. |
| 344 | 358 | ||
| 359 | otherName can include arbitrary data associated with an OID: the value | ||
| 360 | should be the OID followed by a semicolon and the content in standard | ||
| 361 | ASN1_generate_nconf() format. | ||
| 362 | |||
| 345 | Examples: | 363 | Examples: |
| 346 | 364 | ||
| 347 | subjectAltName=email:copy,email:my@other.address,URI:http://my.url.here/ | 365 | subjectAltName=email:copy,email:my@other.address,URI:http://my.url.here/ |
| 348 | subjectAltName=email:my@other.address,RID:1.2.3.4 | 366 | subjectAltName=email:my@other.address,RID:1.2.3.4 |
| 367 | subjectAltName=otherName:1.2.3.4;UTF8:some other identifier | ||
| 349 | 368 | ||
| 350 | Issuer Alternative Name. | 369 | Issuer Alternative Name. |
| 351 | 370 | ||
| @@ -759,7 +778,7 @@ called. | |||
| 759 | 778 | ||
| 760 | The X509V3_EXT_METHOD structure is described below. | 779 | The X509V3_EXT_METHOD structure is described below. |
| 761 | 780 | ||
| 762 | strut { | 781 | struct { |
| 763 | int ext_nid; | 782 | int ext_nid; |
| 764 | int ext_flags; | 783 | int ext_flags; |
| 765 | X509V3_EXT_NEW ext_new; | 784 | X509V3_EXT_NEW ext_new; |
diff --git a/src/lib/libssl/doc/standards.txt b/src/lib/libssl/doc/standards.txt index f6675b574b..a5ce778f8e 100644 --- a/src/lib/libssl/doc/standards.txt +++ b/src/lib/libssl/doc/standards.txt | |||
| @@ -88,10 +88,26 @@ PKCS#12: Personal Information Exchange Syntax Standard, version 1.0. | |||
| 88 | (Format: TXT=143173 bytes) (Obsoletes RFC2437) (Status: | 88 | (Format: TXT=143173 bytes) (Obsoletes RFC2437) (Status: |
| 89 | INFORMATIONAL) | 89 | INFORMATIONAL) |
| 90 | 90 | ||
| 91 | 3713 A Description of the Camellia Encryption Algorithm. M. Matsui, | ||
| 92 | J. Nakajima, S. Moriai. April 2004. (Format: TXT=25031 bytes) | ||
| 93 | (Status: INFORMATIONAL) | ||
| 94 | |||
| 91 | 3820 Internet X.509 Public Key Infrastructure (PKI) Proxy Certificate | 95 | 3820 Internet X.509 Public Key Infrastructure (PKI) Proxy Certificate |
| 92 | Profile. S. Tuecke, V. Welch, D. Engert, L. Pearlman, M. Thompson. | 96 | Profile. S. Tuecke, V. Welch, D. Engert, L. Pearlman, M. Thompson. |
| 93 | June 2004. (Format: TXT=86374 bytes) (Status: PROPOSED STANDARD) | 97 | June 2004. (Format: TXT=86374 bytes) (Status: PROPOSED STANDARD) |
| 94 | 98 | ||
| 99 | 4132 Addition of Camellia Cipher Suites to Transport Layer Security | ||
| 100 | (TLS). S. Moriai, A. Kato, M. Kanda. July 2005. (Format: TXT=13590 | ||
| 101 | bytes) (Status: PROPOSED STANDARD) | ||
| 102 | |||
| 103 | 4162 Addition of SEED Cipher Suites to Transport Layer Security (TLS). | ||
| 104 | H.J. Lee, J.H. Yoon, J.I. Lee. August 2005. (Format: TXT=10578 bytes) | ||
| 105 | (Status: PROPOSED STANDARD) | ||
| 106 | |||
| 107 | 4269 The SEED Encryption Algorithm. H.J. Lee, S.J. Lee, J.H. Yoon, | ||
| 108 | D.H. Cheon, J.I. Lee. December 2005. (Format: TXT=34390 bytes) | ||
| 109 | (Obsoletes RFC4009) (Status: INFORMATIONAL) | ||
| 110 | |||
| 95 | 111 | ||
| 96 | Related: | 112 | Related: |
| 97 | -------- | 113 | -------- |
| @@ -250,7 +266,11 @@ STARTTLS documents. | |||
| 250 | Protocol. A. Jungmaier, E. Rescorla, M. Tuexen. December 2002. | 266 | Protocol. A. Jungmaier, E. Rescorla, M. Tuexen. December 2002. |
| 251 | (Format: TXT=16333 bytes) (Status: PROPOSED STANDARD) | 267 | (Format: TXT=16333 bytes) (Status: PROPOSED STANDARD) |
| 252 | 268 | ||
| 253 | "Securing FTP with TLS", 01/27/2000, <draft-murray-auth-ftp-ssl-05.txt> | 269 | 3657 Use of the Camellia Encryption Algorithm in Cryptographic |
| 270 | Message Syntax (CMS). S. Moriai, A. Kato. January 2004. | ||
| 271 | (Format: TXT=26282 bytes) (Status: PROPOSED STANDARD) | ||
| 272 | |||
| 273 | "Securing FTP with TLS", 01/27/2000, <draft-murray-auth-ftp-ssl-05.txt> | ||
| 254 | 274 | ||
| 255 | 275 | ||
| 256 | To be implemented: | 276 | To be implemented: |
diff --git a/src/lib/libssl/s23_clnt.c b/src/lib/libssl/s23_clnt.c index 86356731ea..c45a8e0a04 100644 --- a/src/lib/libssl/s23_clnt.c +++ b/src/lib/libssl/s23_clnt.c | |||
| @@ -80,28 +80,10 @@ static SSL_METHOD *ssl23_get_client_method(int ver) | |||
| 80 | return(NULL); | 80 | return(NULL); |
| 81 | } | 81 | } |
| 82 | 82 | ||
| 83 | SSL_METHOD *SSLv23_client_method(void) | 83 | IMPLEMENT_ssl23_meth_func(SSLv23_client_method, |
| 84 | { | 84 | ssl_undefined_function, |
| 85 | static int init=1; | 85 | ssl23_connect, |
| 86 | static SSL_METHOD SSLv23_client_data; | 86 | ssl23_get_client_method) |
| 87 | |||
| 88 | if (init) | ||
| 89 | { | ||
| 90 | CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD); | ||
| 91 | |||
| 92 | if (init) | ||
| 93 | { | ||
| 94 | memcpy((char *)&SSLv23_client_data, | ||
| 95 | (char *)sslv23_base_method(),sizeof(SSL_METHOD)); | ||
| 96 | SSLv23_client_data.ssl_connect=ssl23_connect; | ||
| 97 | SSLv23_client_data.get_ssl_method=ssl23_get_client_method; | ||
| 98 | init=0; | ||
| 99 | } | ||
| 100 | |||
| 101 | CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD); | ||
| 102 | } | ||
| 103 | return(&SSLv23_client_data); | ||
| 104 | } | ||
| 105 | 87 | ||
| 106 | int ssl23_connect(SSL *s) | 88 | int ssl23_connect(SSL *s) |
| 107 | { | 89 | { |
| @@ -241,6 +223,17 @@ static int ssl23_client_hello(SSL *s) | |||
| 241 | { | 223 | { |
| 242 | version = SSL2_VERSION; | 224 | version = SSL2_VERSION; |
| 243 | } | 225 | } |
| 226 | #ifndef OPENSSL_NO_TLSEXT | ||
| 227 | if (version != SSL2_VERSION) | ||
| 228 | { | ||
| 229 | /* have to disable SSL 2.0 compatibility if we need TLS extensions */ | ||
| 230 | |||
| 231 | if (s->tlsext_hostname != NULL) | ||
| 232 | ssl2_compat = 0; | ||
| 233 | if (s->tlsext_status_type != -1) | ||
| 234 | ssl2_compat = 0; | ||
| 235 | } | ||
| 236 | #endif | ||
| 244 | 237 | ||
| 245 | buf=(unsigned char *)s->init_buf->data; | 238 | buf=(unsigned char *)s->init_buf->data; |
| 246 | if (s->state == SSL23_ST_CW_CLNT_HELLO_A) | 239 | if (s->state == SSL23_ST_CW_CLNT_HELLO_A) |
| @@ -254,7 +247,7 @@ static int ssl23_client_hello(SSL *s) | |||
| 254 | #endif | 247 | #endif |
| 255 | 248 | ||
| 256 | p=s->s3->client_random; | 249 | p=s->s3->client_random; |
| 257 | Time=(unsigned long)time(NULL); /* Time */ | 250 | Time=(unsigned long)time(NULL); /* Time */ |
| 258 | l2n(Time,p); | 251 | l2n(Time,p); |
| 259 | if (RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-4) <= 0) | 252 | if (RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-4) <= 0) |
| 260 | return -1; | 253 | return -1; |
| @@ -264,14 +257,6 @@ static int ssl23_client_hello(SSL *s) | |||
| 264 | version_major = TLS1_VERSION_MAJOR; | 257 | version_major = TLS1_VERSION_MAJOR; |
| 265 | version_minor = TLS1_VERSION_MINOR; | 258 | version_minor = TLS1_VERSION_MINOR; |
| 266 | } | 259 | } |
| 267 | #ifdef OPENSSL_FIPS | ||
| 268 | else if(FIPS_mode()) | ||
| 269 | { | ||
| 270 | SSLerr(SSL_F_SSL23_CLIENT_HELLO, | ||
| 271 | SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE); | ||
| 272 | return -1; | ||
| 273 | } | ||
| 274 | #endif | ||
| 275 | else if (version == SSL3_VERSION) | 260 | else if (version == SSL3_VERSION) |
| 276 | { | 261 | { |
| 277 | version_major = SSL3_VERSION_MAJOR; | 262 | version_major = SSL3_VERSION_MAJOR; |
| @@ -386,6 +371,13 @@ static int ssl23_client_hello(SSL *s) | |||
| 386 | *(p++)=comp->id; | 371 | *(p++)=comp->id; |
| 387 | } | 372 | } |
| 388 | *(p++)=0; /* Add the NULL method */ | 373 | *(p++)=0; /* Add the NULL method */ |
| 374 | #ifndef OPENSSL_NO_TLSEXT | ||
| 375 | if ((p = ssl_add_clienthello_tlsext(s, p, buf+SSL3_RT_MAX_PLAIN_LENGTH)) == NULL) | ||
| 376 | { | ||
| 377 | SSLerr(SSL_F_SSL23_CLIENT_HELLO,ERR_R_INTERNAL_ERROR); | ||
| 378 | return -1; | ||
| 379 | } | ||
| 380 | #endif | ||
| 389 | 381 | ||
| 390 | l = p-d; | 382 | l = p-d; |
| 391 | *p = 42; | 383 | *p = 42; |
| @@ -544,14 +536,6 @@ static int ssl23_get_server_hello(SSL *s) | |||
| 544 | if ((p[2] == SSL3_VERSION_MINOR) && | 536 | if ((p[2] == SSL3_VERSION_MINOR) && |
| 545 | !(s->options & SSL_OP_NO_SSLv3)) | 537 | !(s->options & SSL_OP_NO_SSLv3)) |
| 546 | { | 538 | { |
| 547 | #ifdef OPENSSL_FIPS | ||
| 548 | if(FIPS_mode()) | ||
| 549 | { | ||
| 550 | SSLerr(SSL_F_SSL23_GET_SERVER_HELLO, | ||
| 551 | SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE); | ||
| 552 | goto err; | ||
| 553 | } | ||
| 554 | #endif | ||
| 555 | s->version=SSL3_VERSION; | 539 | s->version=SSL3_VERSION; |
| 556 | s->method=SSLv3_client_method(); | 540 | s->method=SSLv3_client_method(); |
| 557 | } | 541 | } |
| @@ -608,7 +592,6 @@ static int ssl23_get_server_hello(SSL *s) | |||
| 608 | if (!ssl_get_new_session(s,0)) | 592 | if (!ssl_get_new_session(s,0)) |
| 609 | goto err; | 593 | goto err; |
| 610 | 594 | ||
| 611 | s->first_packet=1; | ||
| 612 | return(SSL_connect(s)); | 595 | return(SSL_connect(s)); |
| 613 | err: | 596 | err: |
| 614 | return(-1); | 597 | return(-1); |
diff --git a/src/lib/libssl/s23_lib.c b/src/lib/libssl/s23_lib.c index 8d7dbcf569..fc2981308d 100644 --- a/src/lib/libssl/s23_lib.c +++ b/src/lib/libssl/s23_lib.c | |||
| @@ -60,55 +60,17 @@ | |||
| 60 | #include <openssl/objects.h> | 60 | #include <openssl/objects.h> |
| 61 | #include "ssl_locl.h" | 61 | #include "ssl_locl.h" |
| 62 | 62 | ||
| 63 | static int ssl23_num_ciphers(void ); | 63 | long ssl23_default_timeout(void) |
| 64 | static SSL_CIPHER *ssl23_get_cipher(unsigned int u); | ||
| 65 | static int ssl23_read(SSL *s, void *buf, int len); | ||
| 66 | static int ssl23_peek(SSL *s, void *buf, int len); | ||
| 67 | static int ssl23_write(SSL *s, const void *buf, int len); | ||
| 68 | static long ssl23_default_timeout(void ); | ||
| 69 | static int ssl23_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p); | ||
| 70 | static SSL_CIPHER *ssl23_get_cipher_by_char(const unsigned char *p); | ||
| 71 | const char *SSL23_version_str="SSLv2/3 compatibility" OPENSSL_VERSION_PTEXT; | ||
| 72 | |||
| 73 | static SSL_METHOD SSLv23_data= { | ||
| 74 | TLS1_VERSION, | ||
| 75 | tls1_new, | ||
| 76 | tls1_clear, | ||
| 77 | tls1_free, | ||
| 78 | ssl_undefined_function, | ||
| 79 | ssl_undefined_function, | ||
| 80 | ssl23_read, | ||
| 81 | ssl23_peek, | ||
| 82 | ssl23_write, | ||
| 83 | ssl_undefined_function, | ||
| 84 | ssl_undefined_function, | ||
| 85 | ssl_ok, | ||
| 86 | ssl3_ctrl, | ||
| 87 | ssl3_ctx_ctrl, | ||
| 88 | ssl23_get_cipher_by_char, | ||
| 89 | ssl23_put_cipher_by_char, | ||
| 90 | ssl_undefined_const_function, | ||
| 91 | ssl23_num_ciphers, | ||
| 92 | ssl23_get_cipher, | ||
| 93 | ssl_bad_method, | ||
| 94 | ssl23_default_timeout, | ||
| 95 | &ssl3_undef_enc_method, | ||
| 96 | ssl_undefined_function, | ||
| 97 | ssl3_callback_ctrl, | ||
| 98 | ssl3_ctx_callback_ctrl, | ||
| 99 | }; | ||
| 100 | |||
| 101 | static long ssl23_default_timeout(void) | ||
| 102 | { | 64 | { |
| 103 | return(300); | 65 | return(300); |
| 104 | } | 66 | } |
| 105 | 67 | ||
| 106 | SSL_METHOD *sslv23_base_method(void) | 68 | IMPLEMENT_ssl23_meth_func(sslv23_base_method, |
| 107 | { | 69 | ssl_undefined_function, |
| 108 | return(&SSLv23_data); | 70 | ssl_undefined_function, |
| 109 | } | 71 | ssl_bad_method) |
| 110 | 72 | ||
| 111 | static int ssl23_num_ciphers(void) | 73 | int ssl23_num_ciphers(void) |
| 112 | { | 74 | { |
| 113 | return(ssl3_num_ciphers() | 75 | return(ssl3_num_ciphers() |
| 114 | #ifndef OPENSSL_NO_SSL2 | 76 | #ifndef OPENSSL_NO_SSL2 |
| @@ -117,7 +79,7 @@ static int ssl23_num_ciphers(void) | |||
| 117 | ); | 79 | ); |
| 118 | } | 80 | } |
| 119 | 81 | ||
| 120 | static SSL_CIPHER *ssl23_get_cipher(unsigned int u) | 82 | SSL_CIPHER *ssl23_get_cipher(unsigned int u) |
| 121 | { | 83 | { |
| 122 | unsigned int uu=ssl3_num_ciphers(); | 84 | unsigned int uu=ssl3_num_ciphers(); |
| 123 | 85 | ||
| @@ -133,7 +95,7 @@ static SSL_CIPHER *ssl23_get_cipher(unsigned int u) | |||
| 133 | 95 | ||
| 134 | /* This function needs to check if the ciphers required are actually | 96 | /* This function needs to check if the ciphers required are actually |
| 135 | * available */ | 97 | * available */ |
| 136 | static SSL_CIPHER *ssl23_get_cipher_by_char(const unsigned char *p) | 98 | SSL_CIPHER *ssl23_get_cipher_by_char(const unsigned char *p) |
| 137 | { | 99 | { |
| 138 | SSL_CIPHER c,*cp; | 100 | SSL_CIPHER c,*cp; |
| 139 | unsigned long id; | 101 | unsigned long id; |
| @@ -151,7 +113,7 @@ static SSL_CIPHER *ssl23_get_cipher_by_char(const unsigned char *p) | |||
| 151 | return(cp); | 113 | return(cp); |
| 152 | } | 114 | } |
| 153 | 115 | ||
| 154 | static int ssl23_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p) | 116 | int ssl23_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p) |
| 155 | { | 117 | { |
| 156 | long l; | 118 | long l; |
| 157 | 119 | ||
| @@ -166,7 +128,7 @@ static int ssl23_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p) | |||
| 166 | return(3); | 128 | return(3); |
| 167 | } | 129 | } |
| 168 | 130 | ||
| 169 | static int ssl23_read(SSL *s, void *buf, int len) | 131 | int ssl23_read(SSL *s, void *buf, int len) |
| 170 | { | 132 | { |
| 171 | int n; | 133 | int n; |
| 172 | 134 | ||
| @@ -189,7 +151,7 @@ static int ssl23_read(SSL *s, void *buf, int len) | |||
| 189 | } | 151 | } |
| 190 | } | 152 | } |
| 191 | 153 | ||
| 192 | static int ssl23_peek(SSL *s, void *buf, int len) | 154 | int ssl23_peek(SSL *s, void *buf, int len) |
| 193 | { | 155 | { |
| 194 | int n; | 156 | int n; |
| 195 | 157 | ||
| @@ -212,7 +174,7 @@ static int ssl23_peek(SSL *s, void *buf, int len) | |||
| 212 | } | 174 | } |
| 213 | } | 175 | } |
| 214 | 176 | ||
| 215 | static int ssl23_write(SSL *s, const void *buf, int len) | 177 | int ssl23_write(SSL *s, const void *buf, int len) |
| 216 | { | 178 | { |
| 217 | int n; | 179 | int n; |
| 218 | 180 | ||
diff --git a/src/lib/libssl/s23_srvr.c b/src/lib/libssl/s23_srvr.c index b73abc448f..6637bb9549 100644 --- a/src/lib/libssl/s23_srvr.c +++ b/src/lib/libssl/s23_srvr.c | |||
| @@ -132,28 +132,10 @@ static SSL_METHOD *ssl23_get_server_method(int ver) | |||
| 132 | return(NULL); | 132 | return(NULL); |
| 133 | } | 133 | } |
| 134 | 134 | ||
| 135 | SSL_METHOD *SSLv23_server_method(void) | 135 | IMPLEMENT_ssl23_meth_func(SSLv23_server_method, |
| 136 | { | 136 | ssl23_accept, |
| 137 | static int init=1; | 137 | ssl_undefined_function, |
| 138 | static SSL_METHOD SSLv23_server_data; | 138 | ssl23_get_server_method) |
| 139 | |||
| 140 | if (init) | ||
| 141 | { | ||
| 142 | CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD); | ||
| 143 | |||
| 144 | if (init) | ||
| 145 | { | ||
| 146 | memcpy((char *)&SSLv23_server_data, | ||
| 147 | (char *)sslv23_base_method(),sizeof(SSL_METHOD)); | ||
| 148 | SSLv23_server_data.ssl_accept=ssl23_accept; | ||
| 149 | SSLv23_server_data.get_ssl_method=ssl23_get_server_method; | ||
| 150 | init=0; | ||
| 151 | } | ||
| 152 | |||
| 153 | CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD); | ||
| 154 | } | ||
| 155 | return(&SSLv23_server_data); | ||
| 156 | } | ||
| 157 | 139 | ||
| 158 | int ssl23_accept(SSL *s) | 140 | int ssl23_accept(SSL *s) |
| 159 | { | 141 | { |
| @@ -404,15 +386,6 @@ int ssl23_get_client_hello(SSL *s) | |||
| 404 | } | 386 | } |
| 405 | } | 387 | } |
| 406 | 388 | ||
| 407 | #ifdef OPENSSL_FIPS | ||
| 408 | if (FIPS_mode() && (s->version < TLS1_VERSION)) | ||
| 409 | { | ||
| 410 | SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO, | ||
| 411 | SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE); | ||
| 412 | goto err; | ||
| 413 | } | ||
| 414 | #endif | ||
| 415 | |||
| 416 | if (s->state == SSL23_ST_SR_CLNT_HELLO_B) | 389 | if (s->state == SSL23_ST_SR_CLNT_HELLO_B) |
| 417 | { | 390 | { |
| 418 | /* we have SSLv3/TLSv1 in an SSLv2 header | 391 | /* we have SSLv3/TLSv1 in an SSLv2 header |
| @@ -592,7 +565,6 @@ int ssl23_get_client_hello(SSL *s) | |||
| 592 | s->init_num=0; | 565 | s->init_num=0; |
| 593 | 566 | ||
| 594 | if (buf != buf_space) OPENSSL_free(buf); | 567 | if (buf != buf_space) OPENSSL_free(buf); |
| 595 | s->first_packet=1; | ||
| 596 | return(SSL_accept(s)); | 568 | return(SSL_accept(s)); |
| 597 | err: | 569 | err: |
| 598 | if (buf != buf_space) OPENSSL_free(buf); | 570 | if (buf != buf_space) OPENSSL_free(buf); |
diff --git a/src/lib/libssl/s3_both.c b/src/lib/libssl/s3_both.c index 64d317b7ac..2ecfbb77cb 100644 --- a/src/lib/libssl/s3_both.c +++ b/src/lib/libssl/s3_both.c | |||
| @@ -108,6 +108,11 @@ | |||
| 108 | * Hudson (tjh@cryptsoft.com). | 108 | * Hudson (tjh@cryptsoft.com). |
| 109 | * | 109 | * |
| 110 | */ | 110 | */ |
| 111 | /* ==================================================================== | ||
| 112 | * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. | ||
| 113 | * ECC cipher suite support in OpenSSL originally developed by | ||
| 114 | * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. | ||
| 115 | */ | ||
| 111 | 116 | ||
| 112 | #include <limits.h> | 117 | #include <limits.h> |
| 113 | #include <string.h> | 118 | #include <string.h> |
| @@ -192,7 +197,7 @@ int ssl3_get_finished(SSL *s, int a, int b) | |||
| 192 | * change cipher spec message and is in s->s3->tmp.peer_finish_md | 197 | * change cipher spec message and is in s->s3->tmp.peer_finish_md |
| 193 | */ | 198 | */ |
| 194 | 199 | ||
| 195 | n=ssl3_get_message(s, | 200 | n=s->method->ssl_get_message(s, |
| 196 | a, | 201 | a, |
| 197 | b, | 202 | b, |
| 198 | SSL3_MT_FINISHED, | 203 | SSL3_MT_FINISHED, |
| @@ -386,8 +391,8 @@ long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok) | |||
| 386 | { | 391 | { |
| 387 | while (s->init_num < 4) | 392 | while (s->init_num < 4) |
| 388 | { | 393 | { |
| 389 | i=ssl3_read_bytes(s,SSL3_RT_HANDSHAKE,&p[s->init_num], | 394 | i=s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE, |
| 390 | 4 - s->init_num, 0); | 395 | &p[s->init_num],4 - s->init_num, 0); |
| 391 | if (i <= 0) | 396 | if (i <= 0) |
| 392 | { | 397 | { |
| 393 | s->rwstate=SSL_READING; | 398 | s->rwstate=SSL_READING; |
| @@ -467,7 +472,7 @@ long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok) | |||
| 467 | n = s->s3->tmp.message_size - s->init_num; | 472 | n = s->s3->tmp.message_size - s->init_num; |
| 468 | while (n > 0) | 473 | while (n > 0) |
| 469 | { | 474 | { |
| 470 | i=ssl3_read_bytes(s,SSL3_RT_HANDSHAKE,&p[s->init_num],n,0); | 475 | i=s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE,&p[s->init_num],n,0); |
| 471 | if (i <= 0) | 476 | if (i <= 0) |
| 472 | { | 477 | { |
| 473 | s->rwstate=SSL_READING; | 478 | s->rwstate=SSL_READING; |
| @@ -492,7 +497,7 @@ err: | |||
| 492 | int ssl_cert_type(X509 *x, EVP_PKEY *pkey) | 497 | int ssl_cert_type(X509 *x, EVP_PKEY *pkey) |
| 493 | { | 498 | { |
| 494 | EVP_PKEY *pk; | 499 | EVP_PKEY *pk; |
| 495 | int ret= -1,i,j; | 500 | int ret= -1,i; |
| 496 | 501 | ||
| 497 | if (pkey == NULL) | 502 | if (pkey == NULL) |
| 498 | pk=X509_get_pubkey(x); | 503 | pk=X509_get_pubkey(x); |
| @@ -504,35 +509,17 @@ int ssl_cert_type(X509 *x, EVP_PKEY *pkey) | |||
| 504 | if (i == EVP_PKEY_RSA) | 509 | if (i == EVP_PKEY_RSA) |
| 505 | { | 510 | { |
| 506 | ret=SSL_PKEY_RSA_ENC; | 511 | ret=SSL_PKEY_RSA_ENC; |
| 507 | if (x != NULL) | ||
| 508 | { | ||
| 509 | j=X509_get_ext_count(x); | ||
| 510 | /* check to see if this is a signing only certificate */ | ||
| 511 | /* EAY EAY EAY EAY */ | ||
| 512 | } | ||
| 513 | } | 512 | } |
| 514 | else if (i == EVP_PKEY_DSA) | 513 | else if (i == EVP_PKEY_DSA) |
| 515 | { | 514 | { |
| 516 | ret=SSL_PKEY_DSA_SIGN; | 515 | ret=SSL_PKEY_DSA_SIGN; |
| 517 | } | 516 | } |
| 518 | else if (i == EVP_PKEY_DH) | 517 | #ifndef OPENSSL_NO_EC |
| 518 | else if (i == EVP_PKEY_EC) | ||
| 519 | { | 519 | { |
| 520 | /* if we just have a key, we needs to be guess */ | 520 | ret = SSL_PKEY_ECC; |
| 521 | |||
| 522 | if (x == NULL) | ||
| 523 | ret=SSL_PKEY_DH_DSA; | ||
| 524 | else | ||
| 525 | { | ||
| 526 | j=X509_get_signature_type(x); | ||
| 527 | if (j == EVP_PKEY_RSA) | ||
| 528 | ret=SSL_PKEY_DH_RSA; | ||
| 529 | else if (j== EVP_PKEY_DSA) | ||
| 530 | ret=SSL_PKEY_DH_DSA; | ||
| 531 | else ret= -1; | ||
| 532 | } | ||
| 533 | } | 521 | } |
| 534 | else | 522 | #endif |
| 535 | ret= -1; | ||
| 536 | 523 | ||
| 537 | err: | 524 | err: |
| 538 | if(!pkey) EVP_PKEY_free(pk); | 525 | if(!pkey) EVP_PKEY_free(pk); |
diff --git a/src/lib/libssl/s3_clnt.c b/src/lib/libssl/s3_clnt.c index 4163d97944..9a87c1cfb3 100644 --- a/src/lib/libssl/s3_clnt.c +++ b/src/lib/libssl/s3_clnt.c | |||
| @@ -56,7 +56,7 @@ | |||
| 56 | * [including the GNU Public Licence.] | 56 | * [including the GNU Public Licence.] |
| 57 | */ | 57 | */ |
| 58 | /* ==================================================================== | 58 | /* ==================================================================== |
| 59 | * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. | 59 | * Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved. |
| 60 | * | 60 | * |
| 61 | * Redistribution and use in source and binary forms, with or without | 61 | * Redistribution and use in source and binary forms, with or without |
| 62 | * modification, are permitted provided that the following conditions | 62 | * modification, are permitted provided that the following conditions |
| @@ -108,6 +108,19 @@ | |||
| 108 | * Hudson (tjh@cryptsoft.com). | 108 | * Hudson (tjh@cryptsoft.com). |
| 109 | * | 109 | * |
| 110 | */ | 110 | */ |
| 111 | /* ==================================================================== | ||
| 112 | * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. | ||
| 113 | * | ||
| 114 | * Portions of the attached software ("Contribution") are developed by | ||
| 115 | * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project. | ||
| 116 | * | ||
| 117 | * The Contribution is licensed pursuant to the OpenSSL open source | ||
| 118 | * license provided above. | ||
| 119 | * | ||
| 120 | * ECC cipher suite support in OpenSSL originally written by | ||
| 121 | * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories. | ||
| 122 | * | ||
| 123 | */ | ||
| 111 | 124 | ||
| 112 | #include <stdio.h> | 125 | #include <stdio.h> |
| 113 | #include "ssl_locl.h" | 126 | #include "ssl_locl.h" |
| @@ -117,20 +130,22 @@ | |||
| 117 | #include <openssl/objects.h> | 130 | #include <openssl/objects.h> |
| 118 | #include <openssl/evp.h> | 131 | #include <openssl/evp.h> |
| 119 | #include <openssl/md5.h> | 132 | #include <openssl/md5.h> |
| 120 | #include <openssl/fips.h> | 133 | #ifndef OPENSSL_NO_DH |
| 134 | #include <openssl/dh.h> | ||
| 135 | #endif | ||
| 136 | #include <openssl/bn.h> | ||
| 121 | 137 | ||
| 122 | static SSL_METHOD *ssl3_get_client_method(int ver); | 138 | static SSL_METHOD *ssl3_get_client_method(int ver); |
| 123 | static int ssl3_client_hello(SSL *s); | ||
| 124 | static int ssl3_get_server_hello(SSL *s); | ||
| 125 | static int ssl3_get_certificate_request(SSL *s); | ||
| 126 | static int ca_dn_cmp(const X509_NAME * const *a,const X509_NAME * const *b); | 139 | static int ca_dn_cmp(const X509_NAME * const *a,const X509_NAME * const *b); |
| 127 | static int ssl3_get_server_done(SSL *s); | 140 | #ifndef OPENSSL_NO_TLSEXT |
| 128 | static int ssl3_send_client_verify(SSL *s); | 141 | static int ssl3_check_finished(SSL *s); |
| 129 | static int ssl3_send_client_certificate(SSL *s); | 142 | #endif |
| 130 | static int ssl3_send_client_key_exchange(SSL *s); | 143 | |
| 131 | static int ssl3_get_key_exchange(SSL *s); | 144 | #ifndef OPENSSL_NO_ECDH |
| 132 | static int ssl3_get_server_certificate(SSL *s); | 145 | static int curve_id2nid(int curve_id); |
| 133 | static int ssl3_check_cert_and_algorithm(SSL *s); | 146 | int check_srvr_ecc_cert_and_alg(X509 *x, SSL_CIPHER *cs); |
| 147 | #endif | ||
| 148 | |||
| 134 | static SSL_METHOD *ssl3_get_client_method(int ver) | 149 | static SSL_METHOD *ssl3_get_client_method(int ver) |
| 135 | { | 150 | { |
| 136 | if (ver == SSL3_VERSION) | 151 | if (ver == SSL3_VERSION) |
| @@ -139,28 +154,10 @@ static SSL_METHOD *ssl3_get_client_method(int ver) | |||
| 139 | return(NULL); | 154 | return(NULL); |
| 140 | } | 155 | } |
| 141 | 156 | ||
| 142 | SSL_METHOD *SSLv3_client_method(void) | 157 | IMPLEMENT_ssl3_meth_func(SSLv3_client_method, |
| 143 | { | 158 | ssl_undefined_function, |
| 144 | static int init=1; | 159 | ssl3_connect, |
| 145 | static SSL_METHOD SSLv3_client_data; | 160 | ssl3_get_client_method) |
| 146 | |||
| 147 | if (init) | ||
| 148 | { | ||
| 149 | CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD); | ||
| 150 | |||
| 151 | if (init) | ||
| 152 | { | ||
| 153 | memcpy((char *)&SSLv3_client_data,(char *)sslv3_base_method(), | ||
| 154 | sizeof(SSL_METHOD)); | ||
| 155 | SSLv3_client_data.ssl_connect=ssl3_connect; | ||
| 156 | SSLv3_client_data.get_ssl_method=ssl3_get_client_method; | ||
| 157 | init=0; | ||
| 158 | } | ||
| 159 | |||
| 160 | CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD); | ||
| 161 | } | ||
| 162 | return(&SSLv3_client_data); | ||
| 163 | } | ||
| 164 | 161 | ||
| 165 | int ssl3_connect(SSL *s) | 162 | int ssl3_connect(SSL *s) |
| 166 | { | 163 | { |
| @@ -270,15 +267,43 @@ int ssl3_connect(SSL *s) | |||
| 270 | 267 | ||
| 271 | case SSL3_ST_CR_CERT_A: | 268 | case SSL3_ST_CR_CERT_A: |
| 272 | case SSL3_ST_CR_CERT_B: | 269 | case SSL3_ST_CR_CERT_B: |
| 273 | /* Check if it is anon DH */ | 270 | #ifndef OPENSSL_NO_TLSEXT |
| 271 | ret=ssl3_check_finished(s); | ||
| 272 | if (ret <= 0) goto end; | ||
| 273 | if (ret == 2) | ||
| 274 | { | ||
| 275 | s->hit = 1; | ||
| 276 | if (s->tlsext_ticket_expected) | ||
| 277 | s->state=SSL3_ST_CR_SESSION_TICKET_A; | ||
| 278 | else | ||
| 279 | s->state=SSL3_ST_CR_FINISHED_A; | ||
| 280 | s->init_num=0; | ||
| 281 | break; | ||
| 282 | } | ||
| 283 | #endif | ||
| 284 | /* Check if it is anon DH/ECDH */ | ||
| 274 | if (!(s->s3->tmp.new_cipher->algorithms & SSL_aNULL)) | 285 | if (!(s->s3->tmp.new_cipher->algorithms & SSL_aNULL)) |
| 275 | { | 286 | { |
| 276 | ret=ssl3_get_server_certificate(s); | 287 | ret=ssl3_get_server_certificate(s); |
| 277 | if (ret <= 0) goto end; | 288 | if (ret <= 0) goto end; |
| 289 | #ifndef OPENSSL_NO_TLSEXT | ||
| 290 | if (s->tlsext_status_expected) | ||
| 291 | s->state=SSL3_ST_CR_CERT_STATUS_A; | ||
| 292 | else | ||
| 293 | s->state=SSL3_ST_CR_KEY_EXCH_A; | ||
| 294 | } | ||
| 295 | else | ||
| 296 | { | ||
| 297 | skip = 1; | ||
| 298 | s->state=SSL3_ST_CR_KEY_EXCH_A; | ||
| 299 | } | ||
| 300 | #else | ||
| 278 | } | 301 | } |
| 279 | else | 302 | else |
| 280 | skip=1; | 303 | skip=1; |
| 304 | |||
| 281 | s->state=SSL3_ST_CR_KEY_EXCH_A; | 305 | s->state=SSL3_ST_CR_KEY_EXCH_A; |
| 306 | #endif | ||
| 282 | s->init_num=0; | 307 | s->init_num=0; |
| 283 | break; | 308 | break; |
| 284 | 309 | ||
| @@ -337,6 +362,13 @@ int ssl3_connect(SSL *s) | |||
| 337 | * sent back */ | 362 | * sent back */ |
| 338 | /* For TLS, cert_req is set to 2, so a cert chain | 363 | /* For TLS, cert_req is set to 2, so a cert chain |
| 339 | * of nothing is sent, but no verify packet is sent */ | 364 | * of nothing is sent, but no verify packet is sent */ |
| 365 | /* XXX: For now, we do not support client | ||
| 366 | * authentication in ECDH cipher suites with | ||
| 367 | * ECDH (rather than ECDSA) certificates. | ||
| 368 | * We need to skip the certificate verify | ||
| 369 | * message when client's ECDH public key is sent | ||
| 370 | * inside the client certificate. | ||
| 371 | */ | ||
| 340 | if (s->s3->tmp.cert_req == 1) | 372 | if (s->s3->tmp.cert_req == 1) |
| 341 | { | 373 | { |
| 342 | s->state=SSL3_ST_CW_CERT_VRFY_A; | 374 | s->state=SSL3_ST_CW_CERT_VRFY_A; |
| @@ -368,11 +400,15 @@ int ssl3_connect(SSL *s) | |||
| 368 | s->init_num=0; | 400 | s->init_num=0; |
| 369 | 401 | ||
| 370 | s->session->cipher=s->s3->tmp.new_cipher; | 402 | s->session->cipher=s->s3->tmp.new_cipher; |
| 403 | #ifdef OPENSSL_NO_COMP | ||
| 404 | s->session->compress_meth=0; | ||
| 405 | #else | ||
| 371 | if (s->s3->tmp.new_compression == NULL) | 406 | if (s->s3->tmp.new_compression == NULL) |
| 372 | s->session->compress_meth=0; | 407 | s->session->compress_meth=0; |
| 373 | else | 408 | else |
| 374 | s->session->compress_meth= | 409 | s->session->compress_meth= |
| 375 | s->s3->tmp.new_compression->id; | 410 | s->s3->tmp.new_compression->id; |
| 411 | #endif | ||
| 376 | if (!s->method->ssl3_enc->setup_key_block(s)) | 412 | if (!s->method->ssl3_enc->setup_key_block(s)) |
| 377 | { | 413 | { |
| 378 | ret= -1; | 414 | ret= -1; |
| @@ -411,11 +447,36 @@ int ssl3_connect(SSL *s) | |||
| 411 | } | 447 | } |
| 412 | else | 448 | else |
| 413 | { | 449 | { |
| 450 | #ifndef OPENSSL_NO_TLSEXT | ||
| 451 | /* Allow NewSessionTicket if ticket expected */ | ||
| 452 | if (s->tlsext_ticket_expected) | ||
| 453 | s->s3->tmp.next_state=SSL3_ST_CR_SESSION_TICKET_A; | ||
| 454 | else | ||
| 455 | #endif | ||
| 456 | |||
| 414 | s->s3->tmp.next_state=SSL3_ST_CR_FINISHED_A; | 457 | s->s3->tmp.next_state=SSL3_ST_CR_FINISHED_A; |
| 415 | } | 458 | } |
| 416 | s->init_num=0; | 459 | s->init_num=0; |
| 417 | break; | 460 | break; |
| 418 | 461 | ||
| 462 | #ifndef OPENSSL_NO_TLSEXT | ||
| 463 | case SSL3_ST_CR_SESSION_TICKET_A: | ||
| 464 | case SSL3_ST_CR_SESSION_TICKET_B: | ||
| 465 | ret=ssl3_get_new_session_ticket(s); | ||
| 466 | if (ret <= 0) goto end; | ||
| 467 | s->state=SSL3_ST_CR_FINISHED_A; | ||
| 468 | s->init_num=0; | ||
| 469 | break; | ||
| 470 | |||
| 471 | case SSL3_ST_CR_CERT_STATUS_A: | ||
| 472 | case SSL3_ST_CR_CERT_STATUS_B: | ||
| 473 | ret=ssl3_get_cert_status(s); | ||
| 474 | if (ret <= 0) goto end; | ||
| 475 | s->state=SSL3_ST_CR_KEY_EXCH_A; | ||
| 476 | s->init_num=0; | ||
| 477 | break; | ||
| 478 | #endif | ||
| 479 | |||
| 419 | case SSL3_ST_CR_FINISHED_A: | 480 | case SSL3_ST_CR_FINISHED_A: |
| 420 | case SSL3_ST_CR_FINISHED_B: | 481 | case SSL3_ST_CR_FINISHED_B: |
| 421 | 482 | ||
| @@ -512,13 +573,16 @@ end: | |||
| 512 | } | 573 | } |
| 513 | 574 | ||
| 514 | 575 | ||
| 515 | static int ssl3_client_hello(SSL *s) | 576 | int ssl3_client_hello(SSL *s) |
| 516 | { | 577 | { |
| 517 | unsigned char *buf; | 578 | unsigned char *buf; |
| 518 | unsigned char *p,*d; | 579 | unsigned char *p,*d; |
| 519 | int i,j; | 580 | int i; |
| 520 | unsigned long Time,l; | 581 | unsigned long Time,l; |
| 582 | #ifndef OPENSSL_NO_COMP | ||
| 583 | int j; | ||
| 521 | SSL_COMP *comp; | 584 | SSL_COMP *comp; |
| 585 | #endif | ||
| 522 | 586 | ||
| 523 | buf=(unsigned char *)s->init_buf->data; | 587 | buf=(unsigned char *)s->init_buf->data; |
| 524 | if (s->state == SSL3_ST_CW_CLNT_HELLO_A) | 588 | if (s->state == SSL3_ST_CW_CLNT_HELLO_A) |
| @@ -535,8 +599,8 @@ static int ssl3_client_hello(SSL *s) | |||
| 535 | p=s->s3->client_random; | 599 | p=s->s3->client_random; |
| 536 | Time=(unsigned long)time(NULL); /* Time */ | 600 | Time=(unsigned long)time(NULL); /* Time */ |
| 537 | l2n(Time,p); | 601 | l2n(Time,p); |
| 538 | if(RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-4) <= 0) | 602 | if (RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-4) <= 0) |
| 539 | goto err; | 603 | goto err; |
| 540 | 604 | ||
| 541 | /* Do the message type and length last */ | 605 | /* Do the message type and length last */ |
| 542 | d=p= &(buf[4]); | 606 | d=p= &(buf[4]); |
| @@ -557,7 +621,7 @@ static int ssl3_client_hello(SSL *s) | |||
| 557 | *(p++)=i; | 621 | *(p++)=i; |
| 558 | if (i != 0) | 622 | if (i != 0) |
| 559 | { | 623 | { |
| 560 | if (i > sizeof s->session->session_id) | 624 | if (i > (int)sizeof(s->session->session_id)) |
| 561 | { | 625 | { |
| 562 | SSLerr(SSL_F_SSL3_CLIENT_HELLO, ERR_R_INTERNAL_ERROR); | 626 | SSLerr(SSL_F_SSL3_CLIENT_HELLO, ERR_R_INTERNAL_ERROR); |
| 563 | goto err; | 627 | goto err; |
| @@ -577,6 +641,9 @@ static int ssl3_client_hello(SSL *s) | |||
| 577 | p+=i; | 641 | p+=i; |
| 578 | 642 | ||
| 579 | /* COMPRESSION */ | 643 | /* COMPRESSION */ |
| 644 | #ifdef OPENSSL_NO_COMP | ||
| 645 | *(p++)=1; | ||
| 646 | #else | ||
| 580 | if (s->ctx->comp_methods == NULL) | 647 | if (s->ctx->comp_methods == NULL) |
| 581 | j=0; | 648 | j=0; |
| 582 | else | 649 | else |
| @@ -587,8 +654,15 @@ static int ssl3_client_hello(SSL *s) | |||
| 587 | comp=sk_SSL_COMP_value(s->ctx->comp_methods,i); | 654 | comp=sk_SSL_COMP_value(s->ctx->comp_methods,i); |
| 588 | *(p++)=comp->id; | 655 | *(p++)=comp->id; |
| 589 | } | 656 | } |
| 657 | #endif | ||
| 590 | *(p++)=0; /* Add the NULL method */ | 658 | *(p++)=0; /* Add the NULL method */ |
| 591 | 659 | #ifndef OPENSSL_NO_TLSEXT | |
| 660 | if ((p = ssl_add_clienthello_tlsext(s, p, buf+SSL3_RT_MAX_PLAIN_LENGTH)) == NULL) | ||
| 661 | { | ||
| 662 | SSLerr(SSL_F_SSL3_CLIENT_HELLO,ERR_R_INTERNAL_ERROR); | ||
| 663 | goto err; | ||
| 664 | } | ||
| 665 | #endif | ||
| 592 | l=(p-d); | 666 | l=(p-d); |
| 593 | d=buf; | 667 | d=buf; |
| 594 | *(d++)=SSL3_MT_CLIENT_HELLO; | 668 | *(d++)=SSL3_MT_CLIENT_HELLO; |
| @@ -606,7 +680,7 @@ err: | |||
| 606 | return(-1); | 680 | return(-1); |
| 607 | } | 681 | } |
| 608 | 682 | ||
| 609 | static int ssl3_get_server_hello(SSL *s) | 683 | int ssl3_get_server_hello(SSL *s) |
| 610 | { | 684 | { |
| 611 | STACK_OF(SSL_CIPHER) *sk; | 685 | STACK_OF(SSL_CIPHER) *sk; |
| 612 | SSL_CIPHER *c; | 686 | SSL_CIPHER *c; |
| @@ -614,16 +688,44 @@ static int ssl3_get_server_hello(SSL *s) | |||
| 614 | int i,al,ok; | 688 | int i,al,ok; |
| 615 | unsigned int j; | 689 | unsigned int j; |
| 616 | long n; | 690 | long n; |
| 691 | #ifndef OPENSSL_NO_COMP | ||
| 617 | SSL_COMP *comp; | 692 | SSL_COMP *comp; |
| 693 | #endif | ||
| 618 | 694 | ||
| 619 | n=ssl3_get_message(s, | 695 | n=s->method->ssl_get_message(s, |
| 620 | SSL3_ST_CR_SRVR_HELLO_A, | 696 | SSL3_ST_CR_SRVR_HELLO_A, |
| 621 | SSL3_ST_CR_SRVR_HELLO_B, | 697 | SSL3_ST_CR_SRVR_HELLO_B, |
| 622 | SSL3_MT_SERVER_HELLO, | 698 | -1, |
| 623 | 300, /* ?? */ | 699 | 20000, /* ?? */ |
| 624 | &ok); | 700 | &ok); |
| 625 | 701 | ||
| 626 | if (!ok) return((int)n); | 702 | if (!ok) return((int)n); |
| 703 | |||
| 704 | if ( SSL_version(s) == DTLS1_VERSION) | ||
| 705 | { | ||
| 706 | if ( s->s3->tmp.message_type == DTLS1_MT_HELLO_VERIFY_REQUEST) | ||
| 707 | { | ||
| 708 | if ( s->d1->send_cookie == 0) | ||
| 709 | { | ||
| 710 | s->s3->tmp.reuse_message = 1; | ||
| 711 | return 1; | ||
| 712 | } | ||
| 713 | else /* already sent a cookie */ | ||
| 714 | { | ||
| 715 | al=SSL_AD_UNEXPECTED_MESSAGE; | ||
| 716 | SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_BAD_MESSAGE_TYPE); | ||
| 717 | goto f_err; | ||
| 718 | } | ||
| 719 | } | ||
| 720 | } | ||
| 721 | |||
| 722 | if ( s->s3->tmp.message_type != SSL3_MT_SERVER_HELLO) | ||
| 723 | { | ||
| 724 | al=SSL_AD_UNEXPECTED_MESSAGE; | ||
| 725 | SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_BAD_MESSAGE_TYPE); | ||
| 726 | goto f_err; | ||
| 727 | } | ||
| 728 | |||
| 627 | d=p=(unsigned char *)s->init_msg; | 729 | d=p=(unsigned char *)s->init_msg; |
| 628 | 730 | ||
| 629 | if ((p[0] != (s->version>>8)) || (p[1] != (s->version&0xff))) | 731 | if ((p[0] != (s->version>>8)) || (p[1] != (s->version&0xff))) |
| @@ -719,6 +821,14 @@ static int ssl3_get_server_hello(SSL *s) | |||
| 719 | 821 | ||
| 720 | /* lets get the compression algorithm */ | 822 | /* lets get the compression algorithm */ |
| 721 | /* COMPRESSION */ | 823 | /* COMPRESSION */ |
| 824 | #ifdef OPENSSL_NO_COMP | ||
| 825 | if (*(p++) != 0) | ||
| 826 | { | ||
| 827 | al=SSL_AD_ILLEGAL_PARAMETER; | ||
| 828 | SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM); | ||
| 829 | goto f_err; | ||
| 830 | } | ||
| 831 | #else | ||
| 722 | j= *(p++); | 832 | j= *(p++); |
| 723 | if (j == 0) | 833 | if (j == 0) |
| 724 | comp=NULL; | 834 | comp=NULL; |
| @@ -735,6 +845,25 @@ static int ssl3_get_server_hello(SSL *s) | |||
| 735 | { | 845 | { |
| 736 | s->s3->tmp.new_compression=comp; | 846 | s->s3->tmp.new_compression=comp; |
| 737 | } | 847 | } |
| 848 | #endif | ||
| 849 | #ifndef OPENSSL_NO_TLSEXT | ||
| 850 | /* TLS extensions*/ | ||
| 851 | if (s->version > SSL3_VERSION) | ||
| 852 | { | ||
| 853 | if (!ssl_parse_serverhello_tlsext(s,&p,d,n, &al)) | ||
| 854 | { | ||
| 855 | /* 'al' set by ssl_parse_serverhello_tlsext */ | ||
| 856 | SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_PARSE_TLSEXT); | ||
| 857 | goto f_err; | ||
| 858 | } | ||
| 859 | if (ssl_check_serverhello_tlsext(s) <= 0) | ||
| 860 | { | ||
| 861 | SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_SERVERHELLO_TLSEXT); | ||
| 862 | goto err; | ||
| 863 | } | ||
| 864 | } | ||
| 865 | #endif | ||
| 866 | |||
| 738 | 867 | ||
| 739 | if (p != (d+n)) | 868 | if (p != (d+n)) |
| 740 | { | 869 | { |
| @@ -751,18 +880,19 @@ err: | |||
| 751 | return(-1); | 880 | return(-1); |
| 752 | } | 881 | } |
| 753 | 882 | ||
| 754 | static int ssl3_get_server_certificate(SSL *s) | 883 | int ssl3_get_server_certificate(SSL *s) |
| 755 | { | 884 | { |
| 756 | int al,i,ok,ret= -1; | 885 | int al,i,ok,ret= -1; |
| 757 | unsigned long n,nc,llen,l; | 886 | unsigned long n,nc,llen,l; |
| 758 | X509 *x=NULL; | 887 | X509 *x=NULL; |
| 759 | unsigned char *p,*d,*q; | 888 | const unsigned char *q,*p; |
| 889 | unsigned char *d; | ||
| 760 | STACK_OF(X509) *sk=NULL; | 890 | STACK_OF(X509) *sk=NULL; |
| 761 | SESS_CERT *sc; | 891 | SESS_CERT *sc; |
| 762 | EVP_PKEY *pkey=NULL; | 892 | EVP_PKEY *pkey=NULL; |
| 763 | int need_cert = 1; /* VRS: 0=> will allow null cert if auth == KRB5 */ | 893 | int need_cert = 1; /* VRS: 0=> will allow null cert if auth == KRB5 */ |
| 764 | 894 | ||
| 765 | n=ssl3_get_message(s, | 895 | n=s->method->ssl_get_message(s, |
| 766 | SSL3_ST_CR_CERT_A, | 896 | SSL3_ST_CR_CERT_A, |
| 767 | SSL3_ST_CR_CERT_B, | 897 | SSL3_ST_CR_CERT_B, |
| 768 | -1, | 898 | -1, |
| @@ -771,7 +901,9 @@ static int ssl3_get_server_certificate(SSL *s) | |||
| 771 | 901 | ||
| 772 | if (!ok) return((int)n); | 902 | if (!ok) return((int)n); |
| 773 | 903 | ||
| 774 | if (s->s3->tmp.message_type == SSL3_MT_SERVER_KEY_EXCHANGE) | 904 | if ((s->s3->tmp.message_type == SSL3_MT_SERVER_KEY_EXCHANGE) || |
| 905 | ((s->s3->tmp.new_cipher->algorithms & SSL_aKRB5) && | ||
| 906 | (s->s3->tmp.message_type == SSL3_MT_SERVER_DONE))) | ||
| 775 | { | 907 | { |
| 776 | s->s3->tmp.reuse_message=1; | 908 | s->s3->tmp.reuse_message=1; |
| 777 | return(1); | 909 | return(1); |
| @@ -783,7 +915,7 @@ static int ssl3_get_server_certificate(SSL *s) | |||
| 783 | SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_BAD_MESSAGE_TYPE); | 915 | SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_BAD_MESSAGE_TYPE); |
| 784 | goto f_err; | 916 | goto f_err; |
| 785 | } | 917 | } |
| 786 | d=p=(unsigned char *)s->init_msg; | 918 | p=d=(unsigned char *)s->init_msg; |
| 787 | 919 | ||
| 788 | if ((sk=sk_X509_new_null()) == NULL) | 920 | if ((sk=sk_X509_new_null()) == NULL) |
| 789 | { | 921 | { |
| @@ -835,10 +967,10 @@ static int ssl3_get_server_certificate(SSL *s) | |||
| 835 | i=ssl_verify_cert_chain(s,sk); | 967 | i=ssl_verify_cert_chain(s,sk); |
| 836 | if ((s->verify_mode != SSL_VERIFY_NONE) && (!i) | 968 | if ((s->verify_mode != SSL_VERIFY_NONE) && (!i) |
| 837 | #ifndef OPENSSL_NO_KRB5 | 969 | #ifndef OPENSSL_NO_KRB5 |
| 838 | && (s->s3->tmp.new_cipher->algorithms & (SSL_MKEY_MASK|SSL_AUTH_MASK)) | 970 | && (s->s3->tmp.new_cipher->algorithms & (SSL_MKEY_MASK|SSL_AUTH_MASK)) |
| 839 | != (SSL_aKRB5|SSL_kKRB5) | 971 | != (SSL_aKRB5|SSL_kKRB5) |
| 840 | #endif /* OPENSSL_NO_KRB5 */ | 972 | #endif /* OPENSSL_NO_KRB5 */ |
| 841 | ) | 973 | ) |
| 842 | { | 974 | { |
| 843 | al=ssl_verify_alarm_type(s->verify_result); | 975 | al=ssl_verify_alarm_type(s->verify_result); |
| 844 | SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_CERTIFICATE_VERIFY_FAILED); | 976 | SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_CERTIFICATE_VERIFY_FAILED); |
| @@ -861,16 +993,16 @@ static int ssl3_get_server_certificate(SSL *s) | |||
| 861 | 993 | ||
| 862 | pkey=X509_get_pubkey(x); | 994 | pkey=X509_get_pubkey(x); |
| 863 | 995 | ||
| 864 | /* VRS: allow null cert if auth == KRB5 */ | 996 | /* VRS: allow null cert if auth == KRB5 */ |
| 865 | need_cert = ((s->s3->tmp.new_cipher->algorithms | 997 | need_cert = ((s->s3->tmp.new_cipher->algorithms |
| 866 | & (SSL_MKEY_MASK|SSL_AUTH_MASK)) | 998 | & (SSL_MKEY_MASK|SSL_AUTH_MASK)) |
| 867 | == (SSL_aKRB5|SSL_kKRB5))? 0: 1; | 999 | == (SSL_aKRB5|SSL_kKRB5))? 0: 1; |
| 868 | 1000 | ||
| 869 | #ifdef KSSL_DEBUG | 1001 | #ifdef KSSL_DEBUG |
| 870 | printf("pkey,x = %p, %p\n", pkey,x); | 1002 | printf("pkey,x = %p, %p\n", pkey,x); |
| 871 | printf("ssl_cert_type(x,pkey) = %d\n", ssl_cert_type(x,pkey)); | 1003 | printf("ssl_cert_type(x,pkey) = %d\n", ssl_cert_type(x,pkey)); |
| 872 | printf("cipher, alg, nc = %s, %lx, %d\n", s->s3->tmp.new_cipher->name, | 1004 | printf("cipher, alg, nc = %s, %lx, %d\n", s->s3->tmp.new_cipher->name, |
| 873 | s->s3->tmp.new_cipher->algorithms, need_cert); | 1005 | s->s3->tmp.new_cipher->algorithms, need_cert); |
| 874 | #endif /* KSSL_DEBUG */ | 1006 | #endif /* KSSL_DEBUG */ |
| 875 | 1007 | ||
| 876 | if (need_cert && ((pkey == NULL) || EVP_PKEY_missing_parameters(pkey))) | 1008 | if (need_cert && ((pkey == NULL) || EVP_PKEY_missing_parameters(pkey))) |
| @@ -892,31 +1024,31 @@ static int ssl3_get_server_certificate(SSL *s) | |||
| 892 | goto f_err; | 1024 | goto f_err; |
| 893 | } | 1025 | } |
| 894 | 1026 | ||
| 895 | if (need_cert) | 1027 | if (need_cert) |
| 896 | { | 1028 | { |
| 897 | sc->peer_cert_type=i; | 1029 | sc->peer_cert_type=i; |
| 898 | CRYPTO_add(&x->references,1,CRYPTO_LOCK_X509); | 1030 | CRYPTO_add(&x->references,1,CRYPTO_LOCK_X509); |
| 899 | /* Why would the following ever happen? | 1031 | /* Why would the following ever happen? |
| 900 | * We just created sc a couple of lines ago. */ | 1032 | * We just created sc a couple of lines ago. */ |
| 901 | if (sc->peer_pkeys[i].x509 != NULL) | 1033 | if (sc->peer_pkeys[i].x509 != NULL) |
| 902 | X509_free(sc->peer_pkeys[i].x509); | 1034 | X509_free(sc->peer_pkeys[i].x509); |
| 903 | sc->peer_pkeys[i].x509=x; | 1035 | sc->peer_pkeys[i].x509=x; |
| 904 | sc->peer_key= &(sc->peer_pkeys[i]); | 1036 | sc->peer_key= &(sc->peer_pkeys[i]); |
| 905 | 1037 | ||
| 906 | if (s->session->peer != NULL) | 1038 | if (s->session->peer != NULL) |
| 907 | X509_free(s->session->peer); | 1039 | X509_free(s->session->peer); |
| 908 | CRYPTO_add(&x->references,1,CRYPTO_LOCK_X509); | 1040 | CRYPTO_add(&x->references,1,CRYPTO_LOCK_X509); |
| 909 | s->session->peer=x; | 1041 | s->session->peer=x; |
| 910 | } | 1042 | } |
| 911 | else | 1043 | else |
| 912 | { | 1044 | { |
| 913 | sc->peer_cert_type=i; | 1045 | sc->peer_cert_type=i; |
| 914 | sc->peer_key= NULL; | 1046 | sc->peer_key= NULL; |
| 915 | 1047 | ||
| 916 | if (s->session->peer != NULL) | 1048 | if (s->session->peer != NULL) |
| 917 | X509_free(s->session->peer); | 1049 | X509_free(s->session->peer); |
| 918 | s->session->peer=NULL; | 1050 | s->session->peer=NULL; |
| 919 | } | 1051 | } |
| 920 | s->session->verify_result = s->verify_result; | 1052 | s->session->verify_result = s->verify_result; |
| 921 | 1053 | ||
| 922 | x=NULL; | 1054 | x=NULL; |
| @@ -934,7 +1066,7 @@ err: | |||
| 934 | return(ret); | 1066 | return(ret); |
| 935 | } | 1067 | } |
| 936 | 1068 | ||
| 937 | static int ssl3_get_key_exchange(SSL *s) | 1069 | int ssl3_get_key_exchange(SSL *s) |
| 938 | { | 1070 | { |
| 939 | #ifndef OPENSSL_NO_RSA | 1071 | #ifndef OPENSSL_NO_RSA |
| 940 | unsigned char *q,md_buf[EVP_MAX_MD_SIZE*2]; | 1072 | unsigned char *q,md_buf[EVP_MAX_MD_SIZE*2]; |
| @@ -950,10 +1082,17 @@ static int ssl3_get_key_exchange(SSL *s) | |||
| 950 | #ifndef OPENSSL_NO_DH | 1082 | #ifndef OPENSSL_NO_DH |
| 951 | DH *dh=NULL; | 1083 | DH *dh=NULL; |
| 952 | #endif | 1084 | #endif |
| 1085 | #ifndef OPENSSL_NO_ECDH | ||
| 1086 | EC_KEY *ecdh = NULL; | ||
| 1087 | BN_CTX *bn_ctx = NULL; | ||
| 1088 | EC_POINT *srvr_ecpoint = NULL; | ||
| 1089 | int curve_nid = 0; | ||
| 1090 | int encoded_pt_len = 0; | ||
| 1091 | #endif | ||
| 953 | 1092 | ||
| 954 | /* use same message size as in ssl3_get_certificate_request() | 1093 | /* use same message size as in ssl3_get_certificate_request() |
| 955 | * as ServerKeyExchange message may be skipped */ | 1094 | * as ServerKeyExchange message may be skipped */ |
| 956 | n=ssl3_get_message(s, | 1095 | n=s->method->ssl_get_message(s, |
| 957 | SSL3_ST_CR_KEY_EXCH_A, | 1096 | SSL3_ST_CR_KEY_EXCH_A, |
| 958 | SSL3_ST_CR_KEY_EXCH_B, | 1097 | SSL3_ST_CR_KEY_EXCH_B, |
| 959 | -1, | 1098 | -1, |
| @@ -986,6 +1125,13 @@ static int ssl3_get_key_exchange(SSL *s) | |||
| 986 | s->session->sess_cert->peer_dh_tmp=NULL; | 1125 | s->session->sess_cert->peer_dh_tmp=NULL; |
| 987 | } | 1126 | } |
| 988 | #endif | 1127 | #endif |
| 1128 | #ifndef OPENSSL_NO_ECDH | ||
| 1129 | if (s->session->sess_cert->peer_ecdh_tmp) | ||
| 1130 | { | ||
| 1131 | EC_KEY_free(s->session->sess_cert->peer_ecdh_tmp); | ||
| 1132 | s->session->sess_cert->peer_ecdh_tmp=NULL; | ||
| 1133 | } | ||
| 1134 | #endif | ||
| 989 | } | 1135 | } |
| 990 | else | 1136 | else |
| 991 | { | 1137 | { |
| @@ -1127,6 +1273,114 @@ static int ssl3_get_key_exchange(SSL *s) | |||
| 1127 | goto f_err; | 1273 | goto f_err; |
| 1128 | } | 1274 | } |
| 1129 | #endif /* !OPENSSL_NO_DH */ | 1275 | #endif /* !OPENSSL_NO_DH */ |
| 1276 | |||
| 1277 | #ifndef OPENSSL_NO_ECDH | ||
| 1278 | else if (alg & SSL_kECDHE) | ||
| 1279 | { | ||
| 1280 | EC_GROUP *ngroup; | ||
| 1281 | const EC_GROUP *group; | ||
| 1282 | |||
| 1283 | if ((ecdh=EC_KEY_new()) == NULL) | ||
| 1284 | { | ||
| 1285 | SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE); | ||
| 1286 | goto err; | ||
| 1287 | } | ||
| 1288 | |||
| 1289 | /* Extract elliptic curve parameters and the | ||
| 1290 | * server's ephemeral ECDH public key. | ||
| 1291 | * Keep accumulating lengths of various components in | ||
| 1292 | * param_len and make sure it never exceeds n. | ||
| 1293 | */ | ||
| 1294 | |||
| 1295 | /* XXX: For now we only support named (not generic) curves | ||
| 1296 | * and the ECParameters in this case is just three bytes. | ||
| 1297 | */ | ||
| 1298 | param_len=3; | ||
| 1299 | if ((param_len > n) || | ||
| 1300 | (*p != NAMED_CURVE_TYPE) || | ||
| 1301 | ((curve_nid = curve_id2nid(*(p + 2))) == 0)) | ||
| 1302 | { | ||
| 1303 | al=SSL_AD_INTERNAL_ERROR; | ||
| 1304 | SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS); | ||
| 1305 | goto f_err; | ||
| 1306 | } | ||
| 1307 | |||
| 1308 | ngroup = EC_GROUP_new_by_curve_name(curve_nid); | ||
| 1309 | if (ngroup == NULL) | ||
| 1310 | { | ||
| 1311 | SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_EC_LIB); | ||
| 1312 | goto err; | ||
| 1313 | } | ||
| 1314 | if (EC_KEY_set_group(ecdh, ngroup) == 0) | ||
| 1315 | { | ||
| 1316 | SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_EC_LIB); | ||
| 1317 | goto err; | ||
| 1318 | } | ||
| 1319 | EC_GROUP_free(ngroup); | ||
| 1320 | |||
| 1321 | group = EC_KEY_get0_group(ecdh); | ||
| 1322 | |||
| 1323 | if (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) && | ||
| 1324 | (EC_GROUP_get_degree(group) > 163)) | ||
| 1325 | { | ||
| 1326 | al=SSL_AD_EXPORT_RESTRICTION; | ||
| 1327 | SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER); | ||
| 1328 | goto f_err; | ||
| 1329 | } | ||
| 1330 | |||
| 1331 | p+=3; | ||
| 1332 | |||
| 1333 | /* Next, get the encoded ECPoint */ | ||
| 1334 | if (((srvr_ecpoint = EC_POINT_new(group)) == NULL) || | ||
| 1335 | ((bn_ctx = BN_CTX_new()) == NULL)) | ||
| 1336 | { | ||
| 1337 | SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE); | ||
| 1338 | goto err; | ||
| 1339 | } | ||
| 1340 | |||
| 1341 | encoded_pt_len = *p; /* length of encoded point */ | ||
| 1342 | p+=1; | ||
| 1343 | param_len += (1 + encoded_pt_len); | ||
| 1344 | if ((param_len > n) || | ||
| 1345 | (EC_POINT_oct2point(group, srvr_ecpoint, | ||
| 1346 | p, encoded_pt_len, bn_ctx) == 0)) | ||
| 1347 | { | ||
| 1348 | al=SSL_AD_DECODE_ERROR; | ||
| 1349 | SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_ECPOINT); | ||
| 1350 | goto f_err; | ||
| 1351 | } | ||
| 1352 | |||
| 1353 | n-=param_len; | ||
| 1354 | p+=encoded_pt_len; | ||
| 1355 | |||
| 1356 | /* The ECC/TLS specification does not mention | ||
| 1357 | * the use of DSA to sign ECParameters in the server | ||
| 1358 | * key exchange message. We do support RSA and ECDSA. | ||
| 1359 | */ | ||
| 1360 | if (0) ; | ||
| 1361 | #ifndef OPENSSL_NO_RSA | ||
| 1362 | else if (alg & SSL_aRSA) | ||
| 1363 | pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509); | ||
| 1364 | #endif | ||
| 1365 | #ifndef OPENSSL_NO_ECDSA | ||
| 1366 | else if (alg & SSL_aECDSA) | ||
| 1367 | pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_ECC].x509); | ||
| 1368 | #endif | ||
| 1369 | /* else anonymous ECDH, so no certificate or pkey. */ | ||
| 1370 | EC_KEY_set_public_key(ecdh, srvr_ecpoint); | ||
| 1371 | s->session->sess_cert->peer_ecdh_tmp=ecdh; | ||
| 1372 | ecdh=NULL; | ||
| 1373 | BN_CTX_free(bn_ctx); | ||
| 1374 | EC_POINT_free(srvr_ecpoint); | ||
| 1375 | srvr_ecpoint = NULL; | ||
| 1376 | } | ||
| 1377 | else if (alg & SSL_kECDH) | ||
| 1378 | { | ||
| 1379 | al=SSL_AD_UNEXPECTED_MESSAGE; | ||
| 1380 | SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_UNEXPECTED_MESSAGE); | ||
| 1381 | goto f_err; | ||
| 1382 | } | ||
| 1383 | #endif /* !OPENSSL_NO_ECDH */ | ||
| 1130 | if (alg & SSL_aFZA) | 1384 | if (alg & SSL_aFZA) |
| 1131 | { | 1385 | { |
| 1132 | al=SSL_AD_HANDSHAKE_FAILURE; | 1386 | al=SSL_AD_HANDSHAKE_FAILURE; |
| @@ -1137,7 +1391,6 @@ static int ssl3_get_key_exchange(SSL *s) | |||
| 1137 | 1391 | ||
| 1138 | /* p points to the next byte, there are 'n' bytes left */ | 1392 | /* p points to the next byte, there are 'n' bytes left */ |
| 1139 | 1393 | ||
| 1140 | |||
| 1141 | /* if it was signed, check the signature */ | 1394 | /* if it was signed, check the signature */ |
| 1142 | if (pkey != NULL) | 1395 | if (pkey != NULL) |
| 1143 | { | 1396 | { |
| @@ -1162,14 +1415,11 @@ static int ssl3_get_key_exchange(SSL *s) | |||
| 1162 | q=md_buf; | 1415 | q=md_buf; |
| 1163 | for (num=2; num > 0; num--) | 1416 | for (num=2; num > 0; num--) |
| 1164 | { | 1417 | { |
| 1165 | EVP_MD_CTX_set_flags(&md_ctx, | ||
| 1166 | EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); | ||
| 1167 | EVP_DigestInit_ex(&md_ctx,(num == 2) | 1418 | EVP_DigestInit_ex(&md_ctx,(num == 2) |
| 1168 | ?s->ctx->md5:s->ctx->sha1, NULL); | 1419 | ?s->ctx->md5:s->ctx->sha1, NULL); |
| 1169 | EVP_DigestUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE); | 1420 | EVP_DigestUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE); |
| 1170 | EVP_DigestUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE); | 1421 | EVP_DigestUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE); |
| 1171 | EVP_DigestUpdate(&md_ctx,param,param_len); | 1422 | EVP_DigestUpdate(&md_ctx,param,param_len); |
| 1172 | |||
| 1173 | EVP_DigestFinal_ex(&md_ctx,q,(unsigned int *)&i); | 1423 | EVP_DigestFinal_ex(&md_ctx,q,(unsigned int *)&i); |
| 1174 | q+=i; | 1424 | q+=i; |
| 1175 | j+=i; | 1425 | j+=i; |
| @@ -1210,6 +1460,24 @@ static int ssl3_get_key_exchange(SSL *s) | |||
| 1210 | } | 1460 | } |
| 1211 | else | 1461 | else |
| 1212 | #endif | 1462 | #endif |
| 1463 | #ifndef OPENSSL_NO_ECDSA | ||
| 1464 | if (pkey->type == EVP_PKEY_EC) | ||
| 1465 | { | ||
| 1466 | /* let's do ECDSA */ | ||
| 1467 | EVP_VerifyInit_ex(&md_ctx,EVP_ecdsa(), NULL); | ||
| 1468 | EVP_VerifyUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE); | ||
| 1469 | EVP_VerifyUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE); | ||
| 1470 | EVP_VerifyUpdate(&md_ctx,param,param_len); | ||
| 1471 | if (!EVP_VerifyFinal(&md_ctx,p,(int)n,pkey)) | ||
| 1472 | { | ||
| 1473 | /* bad signature */ | ||
| 1474 | al=SSL_AD_DECRYPT_ERROR; | ||
| 1475 | SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_SIGNATURE); | ||
| 1476 | goto f_err; | ||
| 1477 | } | ||
| 1478 | } | ||
| 1479 | else | ||
| 1480 | #endif | ||
| 1213 | { | 1481 | { |
| 1214 | SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_INTERNAL_ERROR); | 1482 | SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_INTERNAL_ERROR); |
| 1215 | goto err; | 1483 | goto err; |
| @@ -1245,20 +1513,27 @@ err: | |||
| 1245 | if (dh != NULL) | 1513 | if (dh != NULL) |
| 1246 | DH_free(dh); | 1514 | DH_free(dh); |
| 1247 | #endif | 1515 | #endif |
| 1516 | #ifndef OPENSSL_NO_ECDH | ||
| 1517 | BN_CTX_free(bn_ctx); | ||
| 1518 | EC_POINT_free(srvr_ecpoint); | ||
| 1519 | if (ecdh != NULL) | ||
| 1520 | EC_KEY_free(ecdh); | ||
| 1521 | #endif | ||
| 1248 | EVP_MD_CTX_cleanup(&md_ctx); | 1522 | EVP_MD_CTX_cleanup(&md_ctx); |
| 1249 | return(-1); | 1523 | return(-1); |
| 1250 | } | 1524 | } |
| 1251 | 1525 | ||
| 1252 | static int ssl3_get_certificate_request(SSL *s) | 1526 | int ssl3_get_certificate_request(SSL *s) |
| 1253 | { | 1527 | { |
| 1254 | int ok,ret=0; | 1528 | int ok,ret=0; |
| 1255 | unsigned long n,nc,l; | 1529 | unsigned long n,nc,l; |
| 1256 | unsigned int llen,ctype_num,i; | 1530 | unsigned int llen,ctype_num,i; |
| 1257 | X509_NAME *xn=NULL; | 1531 | X509_NAME *xn=NULL; |
| 1258 | unsigned char *p,*d,*q; | 1532 | const unsigned char *p,*q; |
| 1533 | unsigned char *d; | ||
| 1259 | STACK_OF(X509_NAME) *ca_sk=NULL; | 1534 | STACK_OF(X509_NAME) *ca_sk=NULL; |
| 1260 | 1535 | ||
| 1261 | n=ssl3_get_message(s, | 1536 | n=s->method->ssl_get_message(s, |
| 1262 | SSL3_ST_CR_CERT_REQ_A, | 1537 | SSL3_ST_CR_CERT_REQ_A, |
| 1263 | SSL3_ST_CR_CERT_REQ_B, | 1538 | SSL3_ST_CR_CERT_REQ_B, |
| 1264 | -1, | 1539 | -1, |
| @@ -1294,7 +1569,7 @@ static int ssl3_get_certificate_request(SSL *s) | |||
| 1294 | } | 1569 | } |
| 1295 | } | 1570 | } |
| 1296 | 1571 | ||
| 1297 | d=p=(unsigned char *)s->init_msg; | 1572 | p=d=(unsigned char *)s->init_msg; |
| 1298 | 1573 | ||
| 1299 | if ((ca_sk=sk_X509_NAME_new(ca_dn_cmp)) == NULL) | 1574 | if ((ca_sk=sk_X509_NAME_new(ca_dn_cmp)) == NULL) |
| 1300 | { | 1575 | { |
| @@ -1395,13 +1670,150 @@ static int ca_dn_cmp(const X509_NAME * const *a, const X509_NAME * const *b) | |||
| 1395 | { | 1670 | { |
| 1396 | return(X509_NAME_cmp(*a,*b)); | 1671 | return(X509_NAME_cmp(*a,*b)); |
| 1397 | } | 1672 | } |
| 1673 | #ifndef OPENSSL_NO_TLSEXT | ||
| 1674 | int ssl3_get_new_session_ticket(SSL *s) | ||
| 1675 | { | ||
| 1676 | int ok,al,ret=0, ticklen; | ||
| 1677 | long n; | ||
| 1678 | const unsigned char *p; | ||
| 1679 | unsigned char *d; | ||
| 1398 | 1680 | ||
| 1399 | static int ssl3_get_server_done(SSL *s) | 1681 | n=s->method->ssl_get_message(s, |
| 1682 | SSL3_ST_CR_SESSION_TICKET_A, | ||
| 1683 | SSL3_ST_CR_SESSION_TICKET_B, | ||
| 1684 | -1, | ||
| 1685 | 16384, | ||
| 1686 | &ok); | ||
| 1687 | |||
| 1688 | if (!ok) | ||
| 1689 | return((int)n); | ||
| 1690 | |||
| 1691 | if (s->s3->tmp.message_type == SSL3_MT_FINISHED) | ||
| 1692 | { | ||
| 1693 | s->s3->tmp.reuse_message=1; | ||
| 1694 | return(1); | ||
| 1695 | } | ||
| 1696 | if (s->s3->tmp.message_type != SSL3_MT_NEWSESSION_TICKET) | ||
| 1697 | { | ||
| 1698 | al=SSL_AD_UNEXPECTED_MESSAGE; | ||
| 1699 | SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET,SSL_R_BAD_MESSAGE_TYPE); | ||
| 1700 | goto f_err; | ||
| 1701 | } | ||
| 1702 | if (n < 6) | ||
| 1703 | { | ||
| 1704 | /* need at least ticket_lifetime_hint + ticket length */ | ||
| 1705 | al = SSL3_AL_FATAL,SSL_AD_DECODE_ERROR; | ||
| 1706 | SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET,SSL_R_LENGTH_MISMATCH); | ||
| 1707 | goto f_err; | ||
| 1708 | } | ||
| 1709 | p=d=(unsigned char *)s->init_msg; | ||
| 1710 | n2l(p, s->session->tlsext_tick_lifetime_hint); | ||
| 1711 | n2s(p, ticklen); | ||
| 1712 | /* ticket_lifetime_hint + ticket_length + ticket */ | ||
| 1713 | if (ticklen + 6 != n) | ||
| 1714 | { | ||
| 1715 | al = SSL3_AL_FATAL,SSL_AD_DECODE_ERROR; | ||
| 1716 | SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET,SSL_R_LENGTH_MISMATCH); | ||
| 1717 | goto f_err; | ||
| 1718 | } | ||
| 1719 | if (s->session->tlsext_tick) | ||
| 1720 | { | ||
| 1721 | OPENSSL_free(s->session->tlsext_tick); | ||
| 1722 | s->session->tlsext_ticklen = 0; | ||
| 1723 | } | ||
| 1724 | s->session->tlsext_tick = OPENSSL_malloc(ticklen); | ||
| 1725 | if (!s->session->tlsext_tick) | ||
| 1726 | { | ||
| 1727 | SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET,ERR_R_MALLOC_FAILURE); | ||
| 1728 | goto err; | ||
| 1729 | } | ||
| 1730 | memcpy(s->session->tlsext_tick, p, ticklen); | ||
| 1731 | s->session->tlsext_ticklen = ticklen; | ||
| 1732 | |||
| 1733 | ret=1; | ||
| 1734 | return(ret); | ||
| 1735 | f_err: | ||
| 1736 | ssl3_send_alert(s,SSL3_AL_FATAL,al); | ||
| 1737 | err: | ||
| 1738 | return(-1); | ||
| 1739 | } | ||
| 1740 | |||
| 1741 | int ssl3_get_cert_status(SSL *s) | ||
| 1742 | { | ||
| 1743 | int ok, al; | ||
| 1744 | unsigned long resplen; | ||
| 1745 | long n; | ||
| 1746 | const unsigned char *p; | ||
| 1747 | |||
| 1748 | n=s->method->ssl_get_message(s, | ||
| 1749 | SSL3_ST_CR_CERT_STATUS_A, | ||
| 1750 | SSL3_ST_CR_CERT_STATUS_B, | ||
| 1751 | SSL3_MT_CERTIFICATE_STATUS, | ||
| 1752 | 16384, | ||
| 1753 | &ok); | ||
| 1754 | |||
| 1755 | if (!ok) return((int)n); | ||
| 1756 | if (n < 4) | ||
| 1757 | { | ||
| 1758 | /* need at least status type + length */ | ||
| 1759 | al = SSL_AD_DECODE_ERROR; | ||
| 1760 | SSLerr(SSL_F_SSL3_GET_CERT_STATUS,SSL_R_LENGTH_MISMATCH); | ||
| 1761 | goto f_err; | ||
| 1762 | } | ||
| 1763 | p = (unsigned char *)s->init_msg; | ||
| 1764 | if (*p++ != TLSEXT_STATUSTYPE_ocsp) | ||
| 1765 | { | ||
| 1766 | al = SSL_AD_DECODE_ERROR; | ||
| 1767 | SSLerr(SSL_F_SSL3_GET_CERT_STATUS,SSL_R_UNSUPPORTED_STATUS_TYPE); | ||
| 1768 | goto f_err; | ||
| 1769 | } | ||
| 1770 | n2l3(p, resplen); | ||
| 1771 | if (resplen + 4 != n) | ||
| 1772 | { | ||
| 1773 | al = SSL_AD_DECODE_ERROR; | ||
| 1774 | SSLerr(SSL_F_SSL3_GET_CERT_STATUS,SSL_R_LENGTH_MISMATCH); | ||
| 1775 | goto f_err; | ||
| 1776 | } | ||
| 1777 | if (s->tlsext_ocsp_resp) | ||
| 1778 | OPENSSL_free(s->tlsext_ocsp_resp); | ||
| 1779 | s->tlsext_ocsp_resp = BUF_memdup(p, resplen); | ||
| 1780 | if (!s->tlsext_ocsp_resp) | ||
| 1781 | { | ||
| 1782 | al = SSL_AD_INTERNAL_ERROR; | ||
| 1783 | SSLerr(SSL_F_SSL3_GET_CERT_STATUS,ERR_R_MALLOC_FAILURE); | ||
| 1784 | goto f_err; | ||
| 1785 | } | ||
| 1786 | s->tlsext_ocsp_resplen = resplen; | ||
| 1787 | if (s->ctx->tlsext_status_cb) | ||
| 1788 | { | ||
| 1789 | int ret; | ||
| 1790 | ret = s->ctx->tlsext_status_cb(s, s->ctx->tlsext_status_arg); | ||
| 1791 | if (ret == 0) | ||
| 1792 | { | ||
| 1793 | al = SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE; | ||
| 1794 | SSLerr(SSL_F_SSL3_GET_CERT_STATUS,SSL_R_INVALID_STATUS_RESPONSE); | ||
| 1795 | goto f_err; | ||
| 1796 | } | ||
| 1797 | if (ret < 0) | ||
| 1798 | { | ||
| 1799 | al = SSL_AD_INTERNAL_ERROR; | ||
| 1800 | SSLerr(SSL_F_SSL3_GET_CERT_STATUS,ERR_R_MALLOC_FAILURE); | ||
| 1801 | goto f_err; | ||
| 1802 | } | ||
| 1803 | } | ||
| 1804 | return 1; | ||
| 1805 | f_err: | ||
| 1806 | ssl3_send_alert(s,SSL3_AL_FATAL,al); | ||
| 1807 | return(-1); | ||
| 1808 | } | ||
| 1809 | #endif | ||
| 1810 | |||
| 1811 | int ssl3_get_server_done(SSL *s) | ||
| 1400 | { | 1812 | { |
| 1401 | int ok,ret=0; | 1813 | int ok,ret=0; |
| 1402 | long n; | 1814 | long n; |
| 1403 | 1815 | ||
| 1404 | n=ssl3_get_message(s, | 1816 | n=s->method->ssl_get_message(s, |
| 1405 | SSL3_ST_CR_SRVR_DONE_A, | 1817 | SSL3_ST_CR_SRVR_DONE_A, |
| 1406 | SSL3_ST_CR_SRVR_DONE_B, | 1818 | SSL3_ST_CR_SRVR_DONE_B, |
| 1407 | SSL3_MT_SERVER_DONE, | 1819 | SSL3_MT_SERVER_DONE, |
| @@ -1420,7 +1832,8 @@ static int ssl3_get_server_done(SSL *s) | |||
| 1420 | return(ret); | 1832 | return(ret); |
| 1421 | } | 1833 | } |
| 1422 | 1834 | ||
| 1423 | static int ssl3_send_client_key_exchange(SSL *s) | 1835 | |
| 1836 | int ssl3_send_client_key_exchange(SSL *s) | ||
| 1424 | { | 1837 | { |
| 1425 | unsigned char *p,*d; | 1838 | unsigned char *p,*d; |
| 1426 | int n; | 1839 | int n; |
| @@ -1430,8 +1843,16 @@ static int ssl3_send_client_key_exchange(SSL *s) | |||
| 1430 | EVP_PKEY *pkey=NULL; | 1843 | EVP_PKEY *pkey=NULL; |
| 1431 | #endif | 1844 | #endif |
| 1432 | #ifndef OPENSSL_NO_KRB5 | 1845 | #ifndef OPENSSL_NO_KRB5 |
| 1433 | KSSL_ERR kssl_err; | 1846 | KSSL_ERR kssl_err; |
| 1434 | #endif /* OPENSSL_NO_KRB5 */ | 1847 | #endif /* OPENSSL_NO_KRB5 */ |
| 1848 | #ifndef OPENSSL_NO_ECDH | ||
| 1849 | EC_KEY *clnt_ecdh = NULL; | ||
| 1850 | const EC_POINT *srvr_ecpoint = NULL; | ||
| 1851 | EVP_PKEY *srvr_pub_pkey = NULL; | ||
| 1852 | unsigned char *encodedPoint = NULL; | ||
| 1853 | int encoded_pt_len = 0; | ||
| 1854 | BN_CTX * bn_ctx = NULL; | ||
| 1855 | #endif | ||
| 1435 | 1856 | ||
| 1436 | if (s->state == SSL3_ST_CW_KEY_EXCH_A) | 1857 | if (s->state == SSL3_ST_CW_KEY_EXCH_A) |
| 1437 | { | 1858 | { |
| @@ -1440,8 +1861,8 @@ static int ssl3_send_client_key_exchange(SSL *s) | |||
| 1440 | 1861 | ||
| 1441 | l=s->s3->tmp.new_cipher->algorithms; | 1862 | l=s->s3->tmp.new_cipher->algorithms; |
| 1442 | 1863 | ||
| 1443 | /* Fool emacs indentation */ | 1864 | /* Fool emacs indentation */ |
| 1444 | if (0) {} | 1865 | if (0) {} |
| 1445 | #ifndef OPENSSL_NO_RSA | 1866 | #ifndef OPENSSL_NO_RSA |
| 1446 | else if (l & SSL_kRSA) | 1867 | else if (l & SSL_kRSA) |
| 1447 | { | 1868 | { |
| @@ -1503,12 +1924,12 @@ static int ssl3_send_client_key_exchange(SSL *s) | |||
| 1503 | #endif | 1924 | #endif |
| 1504 | #ifndef OPENSSL_NO_KRB5 | 1925 | #ifndef OPENSSL_NO_KRB5 |
| 1505 | else if (l & SSL_kKRB5) | 1926 | else if (l & SSL_kKRB5) |
| 1506 | { | 1927 | { |
| 1507 | krb5_error_code krb5rc; | 1928 | krb5_error_code krb5rc; |
| 1508 | KSSL_CTX *kssl_ctx = s->kssl_ctx; | 1929 | KSSL_CTX *kssl_ctx = s->kssl_ctx; |
| 1509 | /* krb5_data krb5_ap_req; */ | 1930 | /* krb5_data krb5_ap_req; */ |
| 1510 | krb5_data *enc_ticket; | 1931 | krb5_data *enc_ticket; |
| 1511 | krb5_data authenticator, *authp = NULL; | 1932 | krb5_data authenticator, *authp = NULL; |
| 1512 | EVP_CIPHER_CTX ciph_ctx; | 1933 | EVP_CIPHER_CTX ciph_ctx; |
| 1513 | EVP_CIPHER *enc = NULL; | 1934 | EVP_CIPHER *enc = NULL; |
| 1514 | unsigned char iv[EVP_MAX_IV_LENGTH]; | 1935 | unsigned char iv[EVP_MAX_IV_LENGTH]; |
| @@ -1520,8 +1941,8 @@ static int ssl3_send_client_key_exchange(SSL *s) | |||
| 1520 | EVP_CIPHER_CTX_init(&ciph_ctx); | 1941 | EVP_CIPHER_CTX_init(&ciph_ctx); |
| 1521 | 1942 | ||
| 1522 | #ifdef KSSL_DEBUG | 1943 | #ifdef KSSL_DEBUG |
| 1523 | printf("ssl3_send_client_key_exchange(%lx & %lx)\n", | 1944 | printf("ssl3_send_client_key_exchange(%lx & %lx)\n", |
| 1524 | l, SSL_kKRB5); | 1945 | l, SSL_kKRB5); |
| 1525 | #endif /* KSSL_DEBUG */ | 1946 | #endif /* KSSL_DEBUG */ |
| 1526 | 1947 | ||
| 1527 | authp = NULL; | 1948 | authp = NULL; |
| @@ -1529,37 +1950,37 @@ static int ssl3_send_client_key_exchange(SSL *s) | |||
| 1529 | if (KRB5SENDAUTH) authp = &authenticator; | 1950 | if (KRB5SENDAUTH) authp = &authenticator; |
| 1530 | #endif /* KRB5SENDAUTH */ | 1951 | #endif /* KRB5SENDAUTH */ |
| 1531 | 1952 | ||
| 1532 | krb5rc = kssl_cget_tkt(kssl_ctx, &enc_ticket, authp, | 1953 | krb5rc = kssl_cget_tkt(kssl_ctx, &enc_ticket, authp, |
| 1533 | &kssl_err); | 1954 | &kssl_err); |
| 1534 | enc = kssl_map_enc(kssl_ctx->enctype); | 1955 | enc = kssl_map_enc(kssl_ctx->enctype); |
| 1535 | if (enc == NULL) | 1956 | if (enc == NULL) |
| 1536 | goto err; | 1957 | goto err; |
| 1537 | #ifdef KSSL_DEBUG | 1958 | #ifdef KSSL_DEBUG |
| 1538 | { | 1959 | { |
| 1539 | printf("kssl_cget_tkt rtn %d\n", krb5rc); | 1960 | printf("kssl_cget_tkt rtn %d\n", krb5rc); |
| 1540 | if (krb5rc && kssl_err.text) | 1961 | if (krb5rc && kssl_err.text) |
| 1541 | printf("kssl_cget_tkt kssl_err=%s\n", kssl_err.text); | 1962 | printf("kssl_cget_tkt kssl_err=%s\n", kssl_err.text); |
| 1542 | } | 1963 | } |
| 1543 | #endif /* KSSL_DEBUG */ | 1964 | #endif /* KSSL_DEBUG */ |
| 1544 | 1965 | ||
| 1545 | if (krb5rc) | 1966 | if (krb5rc) |
| 1546 | { | 1967 | { |
| 1547 | ssl3_send_alert(s,SSL3_AL_FATAL, | 1968 | ssl3_send_alert(s,SSL3_AL_FATAL, |
| 1548 | SSL_AD_HANDSHAKE_FAILURE); | 1969 | SSL_AD_HANDSHAKE_FAILURE); |
| 1549 | SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, | 1970 | SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, |
| 1550 | kssl_err.reason); | 1971 | kssl_err.reason); |
| 1551 | goto err; | 1972 | goto err; |
| 1552 | } | 1973 | } |
| 1553 | 1974 | ||
| 1554 | /* 20010406 VRS - Earlier versions used KRB5 AP_REQ | 1975 | /* 20010406 VRS - Earlier versions used KRB5 AP_REQ |
| 1555 | ** in place of RFC 2712 KerberosWrapper, as in: | 1976 | ** in place of RFC 2712 KerberosWrapper, as in: |
| 1556 | ** | 1977 | ** |
| 1557 | ** Send ticket (copy to *p, set n = length) | 1978 | ** Send ticket (copy to *p, set n = length) |
| 1558 | ** n = krb5_ap_req.length; | 1979 | ** n = krb5_ap_req.length; |
| 1559 | ** memcpy(p, krb5_ap_req.data, krb5_ap_req.length); | 1980 | ** memcpy(p, krb5_ap_req.data, krb5_ap_req.length); |
| 1560 | ** if (krb5_ap_req.data) | 1981 | ** if (krb5_ap_req.data) |
| 1561 | ** kssl_krb5_free_data_contents(NULL,&krb5_ap_req); | 1982 | ** kssl_krb5_free_data_contents(NULL,&krb5_ap_req); |
| 1562 | ** | 1983 | ** |
| 1563 | ** Now using real RFC 2712 KerberosWrapper | 1984 | ** Now using real RFC 2712 KerberosWrapper |
| 1564 | ** (Thanks to Simon Wilkinson <sxw@sxw.org.uk>) | 1985 | ** (Thanks to Simon Wilkinson <sxw@sxw.org.uk>) |
| 1565 | ** Note: 2712 "opaque" types are here replaced | 1986 | ** Note: 2712 "opaque" types are here replaced |
| @@ -1594,8 +2015,10 @@ static int ssl3_send_client_key_exchange(SSL *s) | |||
| 1594 | n+=2; | 2015 | n+=2; |
| 1595 | } | 2016 | } |
| 1596 | 2017 | ||
| 1597 | if (RAND_bytes(tmp_buf,sizeof tmp_buf) <= 0) | 2018 | tmp_buf[0]=s->client_version>>8; |
| 1598 | goto err; | 2019 | tmp_buf[1]=s->client_version&0xff; |
| 2020 | if (RAND_bytes(&(tmp_buf[2]),sizeof tmp_buf-2) <= 0) | ||
| 2021 | goto err; | ||
| 1599 | 2022 | ||
| 1600 | /* 20010420 VRS. Tried it this way; failed. | 2023 | /* 20010420 VRS. Tried it this way; failed. |
| 1601 | ** EVP_EncryptInit_ex(&ciph_ctx,enc, NULL,NULL); | 2024 | ** EVP_EncryptInit_ex(&ciph_ctx,enc, NULL,NULL); |
| @@ -1624,20 +2047,27 @@ static int ssl3_send_client_key_exchange(SSL *s) | |||
| 1624 | p+=outl; | 2047 | p+=outl; |
| 1625 | n+=outl + 2; | 2048 | n+=outl + 2; |
| 1626 | 2049 | ||
| 1627 | s->session->master_key_length= | 2050 | s->session->master_key_length= |
| 1628 | s->method->ssl3_enc->generate_master_secret(s, | 2051 | s->method->ssl3_enc->generate_master_secret(s, |
| 1629 | s->session->master_key, | 2052 | s->session->master_key, |
| 1630 | tmp_buf, sizeof tmp_buf); | 2053 | tmp_buf, sizeof tmp_buf); |
| 1631 | 2054 | ||
| 1632 | OPENSSL_cleanse(tmp_buf, sizeof tmp_buf); | 2055 | OPENSSL_cleanse(tmp_buf, sizeof tmp_buf); |
| 1633 | OPENSSL_cleanse(epms, outl); | 2056 | OPENSSL_cleanse(epms, outl); |
| 1634 | } | 2057 | } |
| 1635 | #endif | 2058 | #endif |
| 1636 | #ifndef OPENSSL_NO_DH | 2059 | #ifndef OPENSSL_NO_DH |
| 1637 | else if (l & (SSL_kEDH|SSL_kDHr|SSL_kDHd)) | 2060 | else if (l & (SSL_kEDH|SSL_kDHr|SSL_kDHd)) |
| 1638 | { | 2061 | { |
| 1639 | DH *dh_srvr,*dh_clnt; | 2062 | DH *dh_srvr,*dh_clnt; |
| 1640 | 2063 | ||
| 2064 | if (s->session->sess_cert == NULL) | ||
| 2065 | { | ||
| 2066 | ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_UNEXPECTED_MESSAGE); | ||
| 2067 | SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,SSL_R_UNEXPECTED_MESSAGE); | ||
| 2068 | goto err; | ||
| 2069 | } | ||
| 2070 | |||
| 1641 | if (s->session->sess_cert->peer_dh_tmp != NULL) | 2071 | if (s->session->sess_cert->peer_dh_tmp != NULL) |
| 1642 | dh_srvr=s->session->sess_cert->peer_dh_tmp; | 2072 | dh_srvr=s->session->sess_cert->peer_dh_tmp; |
| 1643 | else | 2073 | else |
| @@ -1689,10 +2119,198 @@ static int ssl3_send_client_key_exchange(SSL *s) | |||
| 1689 | /* perhaps clean things up a bit EAY EAY EAY EAY*/ | 2119 | /* perhaps clean things up a bit EAY EAY EAY EAY*/ |
| 1690 | } | 2120 | } |
| 1691 | #endif | 2121 | #endif |
| 2122 | |||
| 2123 | #ifndef OPENSSL_NO_ECDH | ||
| 2124 | else if ((l & SSL_kECDH) || (l & SSL_kECDHE)) | ||
| 2125 | { | ||
| 2126 | const EC_GROUP *srvr_group = NULL; | ||
| 2127 | EC_KEY *tkey; | ||
| 2128 | int ecdh_clnt_cert = 0; | ||
| 2129 | int field_size = 0; | ||
| 2130 | |||
| 2131 | /* Did we send out the client's | ||
| 2132 | * ECDH share for use in premaster | ||
| 2133 | * computation as part of client certificate? | ||
| 2134 | * If so, set ecdh_clnt_cert to 1. | ||
| 2135 | */ | ||
| 2136 | if ((l & SSL_kECDH) && (s->cert != NULL)) | ||
| 2137 | { | ||
| 2138 | /* XXX: For now, we do not support client | ||
| 2139 | * authentication using ECDH certificates. | ||
| 2140 | * To add such support, one needs to add | ||
| 2141 | * code that checks for appropriate | ||
| 2142 | * conditions and sets ecdh_clnt_cert to 1. | ||
| 2143 | * For example, the cert have an ECC | ||
| 2144 | * key on the same curve as the server's | ||
| 2145 | * and the key should be authorized for | ||
| 2146 | * key agreement. | ||
| 2147 | * | ||
| 2148 | * One also needs to add code in ssl3_connect | ||
| 2149 | * to skip sending the certificate verify | ||
| 2150 | * message. | ||
| 2151 | * | ||
| 2152 | * if ((s->cert->key->privatekey != NULL) && | ||
| 2153 | * (s->cert->key->privatekey->type == | ||
| 2154 | * EVP_PKEY_EC) && ...) | ||
| 2155 | * ecdh_clnt_cert = 1; | ||
| 2156 | */ | ||
| 2157 | } | ||
| 2158 | |||
| 2159 | if (s->session->sess_cert->peer_ecdh_tmp != NULL) | ||
| 2160 | { | ||
| 2161 | tkey = s->session->sess_cert->peer_ecdh_tmp; | ||
| 2162 | } | ||
| 2163 | else | ||
| 2164 | { | ||
| 2165 | /* Get the Server Public Key from Cert */ | ||
| 2166 | srvr_pub_pkey = X509_get_pubkey(s->session-> \ | ||
| 2167 | sess_cert->peer_pkeys[SSL_PKEY_ECC].x509); | ||
| 2168 | if ((srvr_pub_pkey == NULL) || | ||
| 2169 | (srvr_pub_pkey->type != EVP_PKEY_EC) || | ||
| 2170 | (srvr_pub_pkey->pkey.ec == NULL)) | ||
| 2171 | { | ||
| 2172 | SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, | ||
| 2173 | ERR_R_INTERNAL_ERROR); | ||
| 2174 | goto err; | ||
| 2175 | } | ||
| 2176 | |||
| 2177 | tkey = srvr_pub_pkey->pkey.ec; | ||
| 2178 | } | ||
| 2179 | |||
| 2180 | srvr_group = EC_KEY_get0_group(tkey); | ||
| 2181 | srvr_ecpoint = EC_KEY_get0_public_key(tkey); | ||
| 2182 | |||
| 2183 | if ((srvr_group == NULL) || (srvr_ecpoint == NULL)) | ||
| 2184 | { | ||
| 2185 | SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, | ||
| 2186 | ERR_R_INTERNAL_ERROR); | ||
| 2187 | goto err; | ||
| 2188 | } | ||
| 2189 | |||
| 2190 | if ((clnt_ecdh=EC_KEY_new()) == NULL) | ||
| 2191 | { | ||
| 2192 | SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE); | ||
| 2193 | goto err; | ||
| 2194 | } | ||
| 2195 | |||
| 2196 | if (!EC_KEY_set_group(clnt_ecdh, srvr_group)) | ||
| 2197 | { | ||
| 2198 | SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_EC_LIB); | ||
| 2199 | goto err; | ||
| 2200 | } | ||
| 2201 | if (ecdh_clnt_cert) | ||
| 2202 | { | ||
| 2203 | /* Reuse key info from our certificate | ||
| 2204 | * We only need our private key to perform | ||
| 2205 | * the ECDH computation. | ||
| 2206 | */ | ||
| 2207 | const BIGNUM *priv_key; | ||
| 2208 | tkey = s->cert->key->privatekey->pkey.ec; | ||
| 2209 | priv_key = EC_KEY_get0_private_key(tkey); | ||
| 2210 | if (priv_key == NULL) | ||
| 2211 | { | ||
| 2212 | SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE); | ||
| 2213 | goto err; | ||
| 2214 | } | ||
| 2215 | if (!EC_KEY_set_private_key(clnt_ecdh, priv_key)) | ||
| 2216 | { | ||
| 2217 | SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_EC_LIB); | ||
| 2218 | goto err; | ||
| 2219 | } | ||
| 2220 | } | ||
| 2221 | else | ||
| 2222 | { | ||
| 2223 | /* Generate a new ECDH key pair */ | ||
| 2224 | if (!(EC_KEY_generate_key(clnt_ecdh))) | ||
| 2225 | { | ||
| 2226 | SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_ECDH_LIB); | ||
| 2227 | goto err; | ||
| 2228 | } | ||
| 2229 | } | ||
| 2230 | |||
| 2231 | /* use the 'p' output buffer for the ECDH key, but | ||
| 2232 | * make sure to clear it out afterwards | ||
| 2233 | */ | ||
| 2234 | |||
| 2235 | field_size = EC_GROUP_get_degree(srvr_group); | ||
| 2236 | if (field_size <= 0) | ||
| 2237 | { | ||
| 2238 | SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, | ||
| 2239 | ERR_R_ECDH_LIB); | ||
| 2240 | goto err; | ||
| 2241 | } | ||
| 2242 | n=ECDH_compute_key(p, (field_size+7)/8, srvr_ecpoint, clnt_ecdh, NULL); | ||
| 2243 | if (n <= 0) | ||
| 2244 | { | ||
| 2245 | SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, | ||
| 2246 | ERR_R_ECDH_LIB); | ||
| 2247 | goto err; | ||
| 2248 | } | ||
| 2249 | |||
| 2250 | /* generate master key from the result */ | ||
| 2251 | s->session->master_key_length = s->method->ssl3_enc \ | ||
| 2252 | -> generate_master_secret(s, | ||
| 2253 | s->session->master_key, | ||
| 2254 | p, n); | ||
| 2255 | |||
| 2256 | memset(p, 0, n); /* clean up */ | ||
| 2257 | |||
| 2258 | if (ecdh_clnt_cert) | ||
| 2259 | { | ||
| 2260 | /* Send empty client key exch message */ | ||
| 2261 | n = 0; | ||
| 2262 | } | ||
| 2263 | else | ||
| 2264 | { | ||
| 2265 | /* First check the size of encoding and | ||
| 2266 | * allocate memory accordingly. | ||
| 2267 | */ | ||
| 2268 | encoded_pt_len = | ||
| 2269 | EC_POINT_point2oct(srvr_group, | ||
| 2270 | EC_KEY_get0_public_key(clnt_ecdh), | ||
| 2271 | POINT_CONVERSION_UNCOMPRESSED, | ||
| 2272 | NULL, 0, NULL); | ||
| 2273 | |||
| 2274 | encodedPoint = (unsigned char *) | ||
| 2275 | OPENSSL_malloc(encoded_pt_len * | ||
| 2276 | sizeof(unsigned char)); | ||
| 2277 | bn_ctx = BN_CTX_new(); | ||
| 2278 | if ((encodedPoint == NULL) || | ||
| 2279 | (bn_ctx == NULL)) | ||
| 2280 | { | ||
| 2281 | SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE); | ||
| 2282 | goto err; | ||
| 2283 | } | ||
| 2284 | |||
| 2285 | /* Encode the public key */ | ||
| 2286 | n = EC_POINT_point2oct(srvr_group, | ||
| 2287 | EC_KEY_get0_public_key(clnt_ecdh), | ||
| 2288 | POINT_CONVERSION_UNCOMPRESSED, | ||
| 2289 | encodedPoint, encoded_pt_len, bn_ctx); | ||
| 2290 | |||
| 2291 | *p = n; /* length of encoded point */ | ||
| 2292 | /* Encoded point will be copied here */ | ||
| 2293 | p += 1; | ||
| 2294 | /* copy the point */ | ||
| 2295 | memcpy((unsigned char *)p, encodedPoint, n); | ||
| 2296 | /* increment n to account for length field */ | ||
| 2297 | n += 1; | ||
| 2298 | } | ||
| 2299 | |||
| 2300 | /* Free allocated memory */ | ||
| 2301 | BN_CTX_free(bn_ctx); | ||
| 2302 | if (encodedPoint != NULL) OPENSSL_free(encodedPoint); | ||
| 2303 | if (clnt_ecdh != NULL) | ||
| 2304 | EC_KEY_free(clnt_ecdh); | ||
| 2305 | EVP_PKEY_free(srvr_pub_pkey); | ||
| 2306 | } | ||
| 2307 | #endif /* !OPENSSL_NO_ECDH */ | ||
| 1692 | else | 2308 | else |
| 1693 | { | 2309 | { |
| 1694 | ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE_FAILURE); | 2310 | ssl3_send_alert(s, SSL3_AL_FATAL, |
| 1695 | SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_INTERNAL_ERROR); | 2311 | SSL_AD_HANDSHAKE_FAILURE); |
| 2312 | SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, | ||
| 2313 | ERR_R_INTERNAL_ERROR); | ||
| 1696 | goto err; | 2314 | goto err; |
| 1697 | } | 2315 | } |
| 1698 | 2316 | ||
| @@ -1708,10 +2326,17 @@ static int ssl3_send_client_key_exchange(SSL *s) | |||
| 1708 | /* SSL3_ST_CW_KEY_EXCH_B */ | 2326 | /* SSL3_ST_CW_KEY_EXCH_B */ |
| 1709 | return(ssl3_do_write(s,SSL3_RT_HANDSHAKE)); | 2327 | return(ssl3_do_write(s,SSL3_RT_HANDSHAKE)); |
| 1710 | err: | 2328 | err: |
| 2329 | #ifndef OPENSSL_NO_ECDH | ||
| 2330 | BN_CTX_free(bn_ctx); | ||
| 2331 | if (encodedPoint != NULL) OPENSSL_free(encodedPoint); | ||
| 2332 | if (clnt_ecdh != NULL) | ||
| 2333 | EC_KEY_free(clnt_ecdh); | ||
| 2334 | EVP_PKEY_free(srvr_pub_pkey); | ||
| 2335 | #endif | ||
| 1711 | return(-1); | 2336 | return(-1); |
| 1712 | } | 2337 | } |
| 1713 | 2338 | ||
| 1714 | static int ssl3_send_client_verify(SSL *s) | 2339 | int ssl3_send_client_verify(SSL *s) |
| 1715 | { | 2340 | { |
| 1716 | unsigned char *p,*d; | 2341 | unsigned char *p,*d; |
| 1717 | unsigned char data[MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH]; | 2342 | unsigned char data[MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH]; |
| @@ -1720,7 +2345,7 @@ static int ssl3_send_client_verify(SSL *s) | |||
| 1720 | unsigned u=0; | 2345 | unsigned u=0; |
| 1721 | #endif | 2346 | #endif |
| 1722 | unsigned long n; | 2347 | unsigned long n; |
| 1723 | #ifndef OPENSSL_NO_DSA | 2348 | #if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_ECDSA) |
| 1724 | int j; | 2349 | int j; |
| 1725 | #endif | 2350 | #endif |
| 1726 | 2351 | ||
| @@ -1766,6 +2391,23 @@ static int ssl3_send_client_verify(SSL *s) | |||
| 1766 | } | 2391 | } |
| 1767 | else | 2392 | else |
| 1768 | #endif | 2393 | #endif |
| 2394 | #ifndef OPENSSL_NO_ECDSA | ||
| 2395 | if (pkey->type == EVP_PKEY_EC) | ||
| 2396 | { | ||
| 2397 | if (!ECDSA_sign(pkey->save_type, | ||
| 2398 | &(data[MD5_DIGEST_LENGTH]), | ||
| 2399 | SHA_DIGEST_LENGTH,&(p[2]), | ||
| 2400 | (unsigned int *)&j,pkey->pkey.ec)) | ||
| 2401 | { | ||
| 2402 | SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY, | ||
| 2403 | ERR_R_ECDSA_LIB); | ||
| 2404 | goto err; | ||
| 2405 | } | ||
| 2406 | s2n(j,p); | ||
| 2407 | n=j+2; | ||
| 2408 | } | ||
| 2409 | else | ||
| 2410 | #endif | ||
| 1769 | { | 2411 | { |
| 1770 | SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,ERR_R_INTERNAL_ERROR); | 2412 | SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,ERR_R_INTERNAL_ERROR); |
| 1771 | goto err; | 2413 | goto err; |
| @@ -1782,7 +2424,7 @@ err: | |||
| 1782 | return(-1); | 2424 | return(-1); |
| 1783 | } | 2425 | } |
| 1784 | 2426 | ||
| 1785 | static int ssl3_send_client_certificate(SSL *s) | 2427 | int ssl3_send_client_certificate(SSL *s) |
| 1786 | { | 2428 | { |
| 1787 | X509 *x509=NULL; | 2429 | X509 *x509=NULL; |
| 1788 | EVP_PKEY *pkey=NULL; | 2430 | EVP_PKEY *pkey=NULL; |
| @@ -1861,7 +2503,7 @@ static int ssl3_send_client_certificate(SSL *s) | |||
| 1861 | 2503 | ||
| 1862 | #define has_bits(i,m) (((i)&(m)) == (m)) | 2504 | #define has_bits(i,m) (((i)&(m)) == (m)) |
| 1863 | 2505 | ||
| 1864 | static int ssl3_check_cert_and_algorithm(SSL *s) | 2506 | int ssl3_check_cert_and_algorithm(SSL *s) |
| 1865 | { | 2507 | { |
| 1866 | int i,idx; | 2508 | int i,idx; |
| 1867 | long algs; | 2509 | long algs; |
| @@ -1876,18 +2518,18 @@ static int ssl3_check_cert_and_algorithm(SSL *s) | |||
| 1876 | 2518 | ||
| 1877 | sc=s->session->sess_cert; | 2519 | sc=s->session->sess_cert; |
| 1878 | 2520 | ||
| 1879 | if (sc == NULL) | ||
| 1880 | { | ||
| 1881 | SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,ERR_R_INTERNAL_ERROR); | ||
| 1882 | goto err; | ||
| 1883 | } | ||
| 1884 | |||
| 1885 | algs=s->s3->tmp.new_cipher->algorithms; | 2521 | algs=s->s3->tmp.new_cipher->algorithms; |
| 1886 | 2522 | ||
| 1887 | /* we don't have a certificate */ | 2523 | /* we don't have a certificate */ |
| 1888 | if (algs & (SSL_aDH|SSL_aNULL|SSL_aKRB5)) | 2524 | if (algs & (SSL_aDH|SSL_aNULL|SSL_aKRB5)) |
| 1889 | return(1); | 2525 | return(1); |
| 1890 | 2526 | ||
| 2527 | if (sc == NULL) | ||
| 2528 | { | ||
| 2529 | SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,ERR_R_INTERNAL_ERROR); | ||
| 2530 | goto err; | ||
| 2531 | } | ||
| 2532 | |||
| 1891 | #ifndef OPENSSL_NO_RSA | 2533 | #ifndef OPENSSL_NO_RSA |
| 1892 | rsa=s->session->sess_cert->peer_rsa_tmp; | 2534 | rsa=s->session->sess_cert->peer_rsa_tmp; |
| 1893 | #endif | 2535 | #endif |
| @@ -1898,6 +2540,21 @@ static int ssl3_check_cert_and_algorithm(SSL *s) | |||
| 1898 | /* This is the passed certificate */ | 2540 | /* This is the passed certificate */ |
| 1899 | 2541 | ||
| 1900 | idx=sc->peer_cert_type; | 2542 | idx=sc->peer_cert_type; |
| 2543 | #ifndef OPENSSL_NO_ECDH | ||
| 2544 | if (idx == SSL_PKEY_ECC) | ||
| 2545 | { | ||
| 2546 | if (check_srvr_ecc_cert_and_alg(sc->peer_pkeys[idx].x509, | ||
| 2547 | s->s3->tmp.new_cipher) == 0) | ||
| 2548 | { /* check failed */ | ||
| 2549 | SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_BAD_ECC_CERT); | ||
| 2550 | goto f_err; | ||
| 2551 | } | ||
| 2552 | else | ||
| 2553 | { | ||
| 2554 | return 1; | ||
| 2555 | } | ||
| 2556 | } | ||
| 2557 | #endif | ||
| 1901 | pkey=X509_get_pubkey(sc->peer_pkeys[idx].x509); | 2558 | pkey=X509_get_pubkey(sc->peer_pkeys[idx].x509); |
| 1902 | i=X509_certificate_type(sc->peer_pkeys[idx].x509,pkey); | 2559 | i=X509_certificate_type(sc->peer_pkeys[idx].x509,pkey); |
| 1903 | EVP_PKEY_free(pkey); | 2560 | EVP_PKEY_free(pkey); |
| @@ -1983,3 +2640,79 @@ err: | |||
| 1983 | return(0); | 2640 | return(0); |
| 1984 | } | 2641 | } |
| 1985 | 2642 | ||
| 2643 | |||
| 2644 | #ifndef OPENSSL_NO_ECDH | ||
| 2645 | /* This is the complement of nid2curve_id in s3_srvr.c. */ | ||
| 2646 | static int curve_id2nid(int curve_id) | ||
| 2647 | { | ||
| 2648 | /* ECC curves from draft-ietf-tls-ecc-01.txt (Mar 15, 2001) | ||
| 2649 | * (no changes in draft-ietf-tls-ecc-03.txt [June 2003]) */ | ||
| 2650 | static int nid_list[26] = | ||
| 2651 | { | ||
| 2652 | 0, | ||
| 2653 | NID_sect163k1, /* sect163k1 (1) */ | ||
| 2654 | NID_sect163r1, /* sect163r1 (2) */ | ||
| 2655 | NID_sect163r2, /* sect163r2 (3) */ | ||
| 2656 | NID_sect193r1, /* sect193r1 (4) */ | ||
| 2657 | NID_sect193r2, /* sect193r2 (5) */ | ||
| 2658 | NID_sect233k1, /* sect233k1 (6) */ | ||
| 2659 | NID_sect233r1, /* sect233r1 (7) */ | ||
| 2660 | NID_sect239k1, /* sect239k1 (8) */ | ||
| 2661 | NID_sect283k1, /* sect283k1 (9) */ | ||
| 2662 | NID_sect283r1, /* sect283r1 (10) */ | ||
| 2663 | NID_sect409k1, /* sect409k1 (11) */ | ||
| 2664 | NID_sect409r1, /* sect409r1 (12) */ | ||
| 2665 | NID_sect571k1, /* sect571k1 (13) */ | ||
| 2666 | NID_sect571r1, /* sect571r1 (14) */ | ||
| 2667 | NID_secp160k1, /* secp160k1 (15) */ | ||
| 2668 | NID_secp160r1, /* secp160r1 (16) */ | ||
| 2669 | NID_secp160r2, /* secp160r2 (17) */ | ||
| 2670 | NID_secp192k1, /* secp192k1 (18) */ | ||
| 2671 | NID_X9_62_prime192v1, /* secp192r1 (19) */ | ||
| 2672 | NID_secp224k1, /* secp224k1 (20) */ | ||
| 2673 | NID_secp224r1, /* secp224r1 (21) */ | ||
| 2674 | NID_secp256k1, /* secp256k1 (22) */ | ||
| 2675 | NID_X9_62_prime256v1, /* secp256r1 (23) */ | ||
| 2676 | NID_secp384r1, /* secp384r1 (24) */ | ||
| 2677 | NID_secp521r1 /* secp521r1 (25) */ | ||
| 2678 | }; | ||
| 2679 | |||
| 2680 | if ((curve_id < 1) || (curve_id > 25)) return 0; | ||
| 2681 | |||
| 2682 | return nid_list[curve_id]; | ||
| 2683 | } | ||
| 2684 | #endif | ||
| 2685 | |||
| 2686 | /* Check to see if handshake is full or resumed. Usually this is just a | ||
| 2687 | * case of checking to see if a cache hit has occurred. In the case of | ||
| 2688 | * session tickets we have to check the next message to be sure. | ||
| 2689 | */ | ||
| 2690 | |||
| 2691 | #ifndef OPENSSL_NO_TLSEXT | ||
| 2692 | static int ssl3_check_finished(SSL *s) | ||
| 2693 | { | ||
| 2694 | int ok; | ||
| 2695 | long n; | ||
| 2696 | /* If we have no ticket or session ID is non-zero length (a match of | ||
| 2697 | * a non-zero session length would never reach here) it cannot be a | ||
| 2698 | * resumed session. | ||
| 2699 | */ | ||
| 2700 | if (!s->session->tlsext_tick || s->session->session_id_length) | ||
| 2701 | return 1; | ||
| 2702 | /* this function is called when we really expect a Certificate | ||
| 2703 | * message, so permit appropriate message length */ | ||
| 2704 | n=s->method->ssl_get_message(s, | ||
| 2705 | SSL3_ST_CR_CERT_A, | ||
| 2706 | SSL3_ST_CR_CERT_B, | ||
| 2707 | -1, | ||
| 2708 | s->max_cert_list, | ||
| 2709 | &ok); | ||
| 2710 | if (!ok) return((int)n); | ||
| 2711 | s->s3->tmp.reuse_message = 1; | ||
| 2712 | if ((s->s3->tmp.message_type == SSL3_MT_FINISHED) | ||
| 2713 | || (s->s3->tmp.message_type == SSL3_MT_NEWSESSION_TICKET)) | ||
| 2714 | return 2; | ||
| 2715 | |||
| 2716 | return 1; | ||
| 2717 | } | ||
| 2718 | #endif | ||
diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c index a77588e725..bdbcd44f27 100644 --- a/src/lib/libssl/s3_lib.c +++ b/src/lib/libssl/s3_lib.c | |||
| @@ -56,7 +56,7 @@ | |||
| 56 | * [including the GNU Public Licence.] | 56 | * [including the GNU Public Licence.] |
| 57 | */ | 57 | */ |
| 58 | /* ==================================================================== | 58 | /* ==================================================================== |
| 59 | * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. | 59 | * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. |
| 60 | * | 60 | * |
| 61 | * Redistribution and use in source and binary forms, with or without | 61 | * Redistribution and use in source and binary forms, with or without |
| 62 | * modification, are permitted provided that the following conditions | 62 | * modification, are permitted provided that the following conditions |
| @@ -108,19 +108,35 @@ | |||
| 108 | * Hudson (tjh@cryptsoft.com). | 108 | * Hudson (tjh@cryptsoft.com). |
| 109 | * | 109 | * |
| 110 | */ | 110 | */ |
| 111 | /* ==================================================================== | ||
| 112 | * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. | ||
| 113 | * | ||
| 114 | * Portions of the attached software ("Contribution") are developed by | ||
| 115 | * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project. | ||
| 116 | * | ||
| 117 | * The Contribution is licensed pursuant to the OpenSSL open source | ||
| 118 | * license provided above. | ||
| 119 | * | ||
| 120 | * ECC cipher suite support in OpenSSL originally written by | ||
| 121 | * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories. | ||
| 122 | * | ||
| 123 | */ | ||
| 111 | 124 | ||
| 112 | #include <stdio.h> | 125 | #include <stdio.h> |
| 113 | #include <openssl/objects.h> | 126 | #include <openssl/objects.h> |
| 114 | #include "ssl_locl.h" | 127 | #include "ssl_locl.h" |
| 115 | #include "kssl_lcl.h" | 128 | #include "kssl_lcl.h" |
| 116 | #include <openssl/md5.h> | 129 | #include <openssl/md5.h> |
| 130 | #ifndef OPENSSL_NO_DH | ||
| 131 | #include <openssl/dh.h> | ||
| 132 | #endif | ||
| 133 | #include <openssl/pq_compat.h> | ||
| 117 | 134 | ||
| 118 | const char *ssl3_version_str="SSLv3" OPENSSL_VERSION_PTEXT; | 135 | const char ssl3_version_str[]="SSLv3" OPENSSL_VERSION_PTEXT; |
| 119 | 136 | ||
| 120 | #define SSL3_NUM_CIPHERS (sizeof(ssl3_ciphers)/sizeof(SSL_CIPHER)) | 137 | #define SSL3_NUM_CIPHERS (sizeof(ssl3_ciphers)/sizeof(SSL_CIPHER)) |
| 121 | 138 | ||
| 122 | static long ssl3_default_timeout(void ); | 139 | /* list of available SSLv3 ciphers (sorted by id) */ |
| 123 | |||
| 124 | OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ | 140 | OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ |
| 125 | /* The RSA ciphers */ | 141 | /* The RSA ciphers */ |
| 126 | /* Cipher 01 */ | 142 | /* Cipher 01 */ |
| @@ -142,82 +158,13 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ | |||
| 142 | SSL3_TXT_RSA_NULL_SHA, | 158 | SSL3_TXT_RSA_NULL_SHA, |
| 143 | SSL3_CK_RSA_NULL_SHA, | 159 | SSL3_CK_RSA_NULL_SHA, |
| 144 | SSL_kRSA|SSL_aRSA|SSL_eNULL |SSL_SHA1|SSL_SSLV3, | 160 | SSL_kRSA|SSL_aRSA|SSL_eNULL |SSL_SHA1|SSL_SSLV3, |
| 145 | SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS, | 161 | SSL_NOT_EXP|SSL_STRONG_NONE, |
| 146 | 0, | ||
| 147 | 0, | ||
| 148 | 0, | ||
| 149 | SSL_ALL_CIPHERS, | ||
| 150 | SSL_ALL_STRENGTHS, | ||
| 151 | }, | ||
| 152 | |||
| 153 | /* anon DH */ | ||
| 154 | /* Cipher 17 */ | ||
| 155 | { | ||
| 156 | 1, | ||
| 157 | SSL3_TXT_ADH_RC4_40_MD5, | ||
| 158 | SSL3_CK_ADH_RC4_40_MD5, | ||
| 159 | SSL_kEDH |SSL_aNULL|SSL_RC4 |SSL_MD5 |SSL_SSLV3, | ||
| 160 | SSL_EXPORT|SSL_EXP40, | ||
| 161 | 0, | ||
| 162 | 40, | ||
| 163 | 128, | ||
| 164 | SSL_ALL_CIPHERS, | ||
| 165 | SSL_ALL_STRENGTHS, | ||
| 166 | }, | ||
| 167 | /* Cipher 18 */ | ||
| 168 | { | ||
| 169 | 1, | ||
| 170 | SSL3_TXT_ADH_RC4_128_MD5, | ||
| 171 | SSL3_CK_ADH_RC4_128_MD5, | ||
| 172 | SSL_kEDH |SSL_aNULL|SSL_RC4 |SSL_MD5 |SSL_SSLV3, | ||
| 173 | SSL_NOT_EXP|SSL_MEDIUM, | ||
| 174 | 0, | ||
| 175 | 128, | ||
| 176 | 128, | ||
| 177 | SSL_ALL_CIPHERS, | ||
| 178 | SSL_ALL_STRENGTHS, | ||
| 179 | }, | ||
| 180 | /* Cipher 19 */ | ||
| 181 | { | ||
| 182 | 1, | ||
| 183 | SSL3_TXT_ADH_DES_40_CBC_SHA, | ||
| 184 | SSL3_CK_ADH_DES_40_CBC_SHA, | ||
| 185 | SSL_kEDH |SSL_aNULL|SSL_DES|SSL_SHA1|SSL_SSLV3, | ||
| 186 | SSL_EXPORT|SSL_EXP40|SSL_FIPS, | ||
| 187 | 0, | 162 | 0, |
| 188 | 40, | ||
| 189 | 128, | ||
| 190 | SSL_ALL_CIPHERS, | ||
| 191 | SSL_ALL_STRENGTHS, | ||
| 192 | }, | ||
| 193 | /* Cipher 1A */ | ||
| 194 | { | ||
| 195 | 1, | ||
| 196 | SSL3_TXT_ADH_DES_64_CBC_SHA, | ||
| 197 | SSL3_CK_ADH_DES_64_CBC_SHA, | ||
| 198 | SSL_kEDH |SSL_aNULL|SSL_DES |SSL_SHA1|SSL_SSLV3, | ||
| 199 | SSL_NOT_EXP|SSL_LOW|SSL_FIPS, | ||
| 200 | 0, | 163 | 0, |
| 201 | 56, | ||
| 202 | 56, | ||
| 203 | SSL_ALL_CIPHERS, | ||
| 204 | SSL_ALL_STRENGTHS, | ||
| 205 | }, | ||
| 206 | /* Cipher 1B */ | ||
| 207 | { | ||
| 208 | 1, | ||
| 209 | SSL3_TXT_ADH_DES_192_CBC_SHA, | ||
| 210 | SSL3_CK_ADH_DES_192_CBC_SHA, | ||
| 211 | SSL_kEDH |SSL_aNULL|SSL_3DES |SSL_SHA1|SSL_SSLV3, | ||
| 212 | SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, | ||
| 213 | 0, | 164 | 0, |
| 214 | 168, | ||
| 215 | 168, | ||
| 216 | SSL_ALL_CIPHERS, | 165 | SSL_ALL_CIPHERS, |
| 217 | SSL_ALL_STRENGTHS, | 166 | SSL_ALL_STRENGTHS, |
| 218 | }, | 167 | }, |
| 219 | |||
| 220 | /* RSA again */ | ||
| 221 | /* Cipher 03 */ | 168 | /* Cipher 03 */ |
| 222 | { | 169 | { |
| 223 | 1, | 170 | 1, |
| @@ -291,7 +238,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ | |||
| 291 | SSL3_TXT_RSA_DES_40_CBC_SHA, | 238 | SSL3_TXT_RSA_DES_40_CBC_SHA, |
| 292 | SSL3_CK_RSA_DES_40_CBC_SHA, | 239 | SSL3_CK_RSA_DES_40_CBC_SHA, |
| 293 | SSL_kRSA|SSL_aRSA|SSL_DES|SSL_SHA1|SSL_SSLV3, | 240 | SSL_kRSA|SSL_aRSA|SSL_DES|SSL_SHA1|SSL_SSLV3, |
| 294 | SSL_EXPORT|SSL_EXP40|SSL_FIPS, | 241 | SSL_EXPORT|SSL_EXP40, |
| 295 | 0, | 242 | 0, |
| 296 | 40, | 243 | 40, |
| 297 | 56, | 244 | 56, |
| @@ -304,7 +251,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ | |||
| 304 | SSL3_TXT_RSA_DES_64_CBC_SHA, | 251 | SSL3_TXT_RSA_DES_64_CBC_SHA, |
| 305 | SSL3_CK_RSA_DES_64_CBC_SHA, | 252 | SSL3_CK_RSA_DES_64_CBC_SHA, |
| 306 | SSL_kRSA|SSL_aRSA|SSL_DES |SSL_SHA1|SSL_SSLV3, | 253 | SSL_kRSA|SSL_aRSA|SSL_DES |SSL_SHA1|SSL_SSLV3, |
| 307 | SSL_NOT_EXP|SSL_LOW|SSL_FIPS, | 254 | SSL_NOT_EXP|SSL_LOW, |
| 308 | 0, | 255 | 0, |
| 309 | 56, | 256 | 56, |
| 310 | 56, | 257 | 56, |
| @@ -317,22 +264,21 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ | |||
| 317 | SSL3_TXT_RSA_DES_192_CBC3_SHA, | 264 | SSL3_TXT_RSA_DES_192_CBC3_SHA, |
| 318 | SSL3_CK_RSA_DES_192_CBC3_SHA, | 265 | SSL3_CK_RSA_DES_192_CBC3_SHA, |
| 319 | SSL_kRSA|SSL_aRSA|SSL_3DES |SSL_SHA1|SSL_SSLV3, | 266 | SSL_kRSA|SSL_aRSA|SSL_3DES |SSL_SHA1|SSL_SSLV3, |
| 320 | SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, | 267 | SSL_NOT_EXP|SSL_HIGH, |
| 321 | 0, | 268 | 0, |
| 322 | 168, | 269 | 168, |
| 323 | 168, | 270 | 168, |
| 324 | SSL_ALL_CIPHERS, | 271 | SSL_ALL_CIPHERS, |
| 325 | SSL_ALL_STRENGTHS, | 272 | SSL_ALL_STRENGTHS, |
| 326 | }, | 273 | }, |
| 327 | 274 | /* The DH ciphers */ | |
| 328 | /* The DH ciphers */ | ||
| 329 | /* Cipher 0B */ | 275 | /* Cipher 0B */ |
| 330 | { | 276 | { |
| 331 | 0, | 277 | 0, |
| 332 | SSL3_TXT_DH_DSS_DES_40_CBC_SHA, | 278 | SSL3_TXT_DH_DSS_DES_40_CBC_SHA, |
| 333 | SSL3_CK_DH_DSS_DES_40_CBC_SHA, | 279 | SSL3_CK_DH_DSS_DES_40_CBC_SHA, |
| 334 | SSL_kDHd |SSL_aDH|SSL_DES|SSL_SHA1|SSL_SSLV3, | 280 | SSL_kDHd |SSL_aDH|SSL_DES|SSL_SHA1|SSL_SSLV3, |
| 335 | SSL_EXPORT|SSL_EXP40|SSL_FIPS, | 281 | SSL_EXPORT|SSL_EXP40, |
| 336 | 0, | 282 | 0, |
| 337 | 40, | 283 | 40, |
| 338 | 56, | 284 | 56, |
| @@ -345,7 +291,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ | |||
| 345 | SSL3_TXT_DH_DSS_DES_64_CBC_SHA, | 291 | SSL3_TXT_DH_DSS_DES_64_CBC_SHA, |
| 346 | SSL3_CK_DH_DSS_DES_64_CBC_SHA, | 292 | SSL3_CK_DH_DSS_DES_64_CBC_SHA, |
| 347 | SSL_kDHd |SSL_aDH|SSL_DES |SSL_SHA1|SSL_SSLV3, | 293 | SSL_kDHd |SSL_aDH|SSL_DES |SSL_SHA1|SSL_SSLV3, |
| 348 | SSL_NOT_EXP|SSL_LOW|SSL_FIPS, | 294 | SSL_NOT_EXP|SSL_LOW, |
| 349 | 0, | 295 | 0, |
| 350 | 56, | 296 | 56, |
| 351 | 56, | 297 | 56, |
| @@ -358,7 +304,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ | |||
| 358 | SSL3_TXT_DH_DSS_DES_192_CBC3_SHA, | 304 | SSL3_TXT_DH_DSS_DES_192_CBC3_SHA, |
| 359 | SSL3_CK_DH_DSS_DES_192_CBC3_SHA, | 305 | SSL3_CK_DH_DSS_DES_192_CBC3_SHA, |
| 360 | SSL_kDHd |SSL_aDH|SSL_3DES |SSL_SHA1|SSL_SSLV3, | 306 | SSL_kDHd |SSL_aDH|SSL_3DES |SSL_SHA1|SSL_SSLV3, |
| 361 | SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, | 307 | SSL_NOT_EXP|SSL_HIGH, |
| 362 | 0, | 308 | 0, |
| 363 | 168, | 309 | 168, |
| 364 | 168, | 310 | 168, |
| @@ -371,7 +317,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ | |||
| 371 | SSL3_TXT_DH_RSA_DES_40_CBC_SHA, | 317 | SSL3_TXT_DH_RSA_DES_40_CBC_SHA, |
| 372 | SSL3_CK_DH_RSA_DES_40_CBC_SHA, | 318 | SSL3_CK_DH_RSA_DES_40_CBC_SHA, |
| 373 | SSL_kDHr |SSL_aDH|SSL_DES|SSL_SHA1|SSL_SSLV3, | 319 | SSL_kDHr |SSL_aDH|SSL_DES|SSL_SHA1|SSL_SSLV3, |
| 374 | SSL_EXPORT|SSL_EXP40|SSL_FIPS, | 320 | SSL_EXPORT|SSL_EXP40, |
| 375 | 0, | 321 | 0, |
| 376 | 40, | 322 | 40, |
| 377 | 56, | 323 | 56, |
| @@ -384,7 +330,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ | |||
| 384 | SSL3_TXT_DH_RSA_DES_64_CBC_SHA, | 330 | SSL3_TXT_DH_RSA_DES_64_CBC_SHA, |
| 385 | SSL3_CK_DH_RSA_DES_64_CBC_SHA, | 331 | SSL3_CK_DH_RSA_DES_64_CBC_SHA, |
| 386 | SSL_kDHr |SSL_aDH|SSL_DES |SSL_SHA1|SSL_SSLV3, | 332 | SSL_kDHr |SSL_aDH|SSL_DES |SSL_SHA1|SSL_SSLV3, |
| 387 | SSL_NOT_EXP|SSL_LOW|SSL_FIPS, | 333 | SSL_NOT_EXP|SSL_LOW, |
| 388 | 0, | 334 | 0, |
| 389 | 56, | 335 | 56, |
| 390 | 56, | 336 | 56, |
| @@ -397,7 +343,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ | |||
| 397 | SSL3_TXT_DH_RSA_DES_192_CBC3_SHA, | 343 | SSL3_TXT_DH_RSA_DES_192_CBC3_SHA, |
| 398 | SSL3_CK_DH_RSA_DES_192_CBC3_SHA, | 344 | SSL3_CK_DH_RSA_DES_192_CBC3_SHA, |
| 399 | SSL_kDHr |SSL_aDH|SSL_3DES |SSL_SHA1|SSL_SSLV3, | 345 | SSL_kDHr |SSL_aDH|SSL_3DES |SSL_SHA1|SSL_SSLV3, |
| 400 | SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, | 346 | SSL_NOT_EXP|SSL_HIGH, |
| 401 | 0, | 347 | 0, |
| 402 | 168, | 348 | 168, |
| 403 | 168, | 349 | 168, |
| @@ -412,7 +358,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ | |||
| 412 | SSL3_TXT_EDH_DSS_DES_40_CBC_SHA, | 358 | SSL3_TXT_EDH_DSS_DES_40_CBC_SHA, |
| 413 | SSL3_CK_EDH_DSS_DES_40_CBC_SHA, | 359 | SSL3_CK_EDH_DSS_DES_40_CBC_SHA, |
| 414 | SSL_kEDH|SSL_aDSS|SSL_DES|SSL_SHA1|SSL_SSLV3, | 360 | SSL_kEDH|SSL_aDSS|SSL_DES|SSL_SHA1|SSL_SSLV3, |
| 415 | SSL_EXPORT|SSL_EXP40|SSL_FIPS, | 361 | SSL_EXPORT|SSL_EXP40, |
| 416 | 0, | 362 | 0, |
| 417 | 40, | 363 | 40, |
| 418 | 56, | 364 | 56, |
| @@ -425,7 +371,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ | |||
| 425 | SSL3_TXT_EDH_DSS_DES_64_CBC_SHA, | 371 | SSL3_TXT_EDH_DSS_DES_64_CBC_SHA, |
| 426 | SSL3_CK_EDH_DSS_DES_64_CBC_SHA, | 372 | SSL3_CK_EDH_DSS_DES_64_CBC_SHA, |
| 427 | SSL_kEDH|SSL_aDSS|SSL_DES |SSL_SHA1|SSL_SSLV3, | 373 | SSL_kEDH|SSL_aDSS|SSL_DES |SSL_SHA1|SSL_SSLV3, |
| 428 | SSL_NOT_EXP|SSL_LOW|SSL_FIPS, | 374 | SSL_NOT_EXP|SSL_LOW, |
| 429 | 0, | 375 | 0, |
| 430 | 56, | 376 | 56, |
| 431 | 56, | 377 | 56, |
| @@ -438,7 +384,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ | |||
| 438 | SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA, | 384 | SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA, |
| 439 | SSL3_CK_EDH_DSS_DES_192_CBC3_SHA, | 385 | SSL3_CK_EDH_DSS_DES_192_CBC3_SHA, |
| 440 | SSL_kEDH|SSL_aDSS|SSL_3DES |SSL_SHA1|SSL_SSLV3, | 386 | SSL_kEDH|SSL_aDSS|SSL_3DES |SSL_SHA1|SSL_SSLV3, |
| 441 | SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, | 387 | SSL_NOT_EXP|SSL_HIGH, |
| 442 | 0, | 388 | 0, |
| 443 | 168, | 389 | 168, |
| 444 | 168, | 390 | 168, |
| @@ -451,7 +397,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ | |||
| 451 | SSL3_TXT_EDH_RSA_DES_40_CBC_SHA, | 397 | SSL3_TXT_EDH_RSA_DES_40_CBC_SHA, |
| 452 | SSL3_CK_EDH_RSA_DES_40_CBC_SHA, | 398 | SSL3_CK_EDH_RSA_DES_40_CBC_SHA, |
| 453 | SSL_kEDH|SSL_aRSA|SSL_DES|SSL_SHA1|SSL_SSLV3, | 399 | SSL_kEDH|SSL_aRSA|SSL_DES|SSL_SHA1|SSL_SSLV3, |
| 454 | SSL_EXPORT|SSL_EXP40|SSL_FIPS, | 400 | SSL_EXPORT|SSL_EXP40, |
| 455 | 0, | 401 | 0, |
| 456 | 40, | 402 | 40, |
| 457 | 56, | 403 | 56, |
| @@ -464,7 +410,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ | |||
| 464 | SSL3_TXT_EDH_RSA_DES_64_CBC_SHA, | 410 | SSL3_TXT_EDH_RSA_DES_64_CBC_SHA, |
| 465 | SSL3_CK_EDH_RSA_DES_64_CBC_SHA, | 411 | SSL3_CK_EDH_RSA_DES_64_CBC_SHA, |
| 466 | SSL_kEDH|SSL_aRSA|SSL_DES |SSL_SHA1|SSL_SSLV3, | 412 | SSL_kEDH|SSL_aRSA|SSL_DES |SSL_SHA1|SSL_SSLV3, |
| 467 | SSL_NOT_EXP|SSL_LOW|SSL_FIPS, | 413 | SSL_NOT_EXP|SSL_LOW, |
| 468 | 0, | 414 | 0, |
| 469 | 56, | 415 | 56, |
| 470 | 56, | 416 | 56, |
| @@ -477,7 +423,72 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ | |||
| 477 | SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA, | 423 | SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA, |
| 478 | SSL3_CK_EDH_RSA_DES_192_CBC3_SHA, | 424 | SSL3_CK_EDH_RSA_DES_192_CBC3_SHA, |
| 479 | SSL_kEDH|SSL_aRSA|SSL_3DES |SSL_SHA1|SSL_SSLV3, | 425 | SSL_kEDH|SSL_aRSA|SSL_3DES |SSL_SHA1|SSL_SSLV3, |
| 480 | SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, | 426 | SSL_NOT_EXP|SSL_HIGH, |
| 427 | 0, | ||
| 428 | 168, | ||
| 429 | 168, | ||
| 430 | SSL_ALL_CIPHERS, | ||
| 431 | SSL_ALL_STRENGTHS, | ||
| 432 | }, | ||
| 433 | /* Cipher 17 */ | ||
| 434 | { | ||
| 435 | 1, | ||
| 436 | SSL3_TXT_ADH_RC4_40_MD5, | ||
| 437 | SSL3_CK_ADH_RC4_40_MD5, | ||
| 438 | SSL_kEDH |SSL_aNULL|SSL_RC4 |SSL_MD5 |SSL_SSLV3, | ||
| 439 | SSL_EXPORT|SSL_EXP40, | ||
| 440 | 0, | ||
| 441 | 40, | ||
| 442 | 128, | ||
| 443 | SSL_ALL_CIPHERS, | ||
| 444 | SSL_ALL_STRENGTHS, | ||
| 445 | }, | ||
| 446 | /* Cipher 18 */ | ||
| 447 | { | ||
| 448 | 1, | ||
| 449 | SSL3_TXT_ADH_RC4_128_MD5, | ||
| 450 | SSL3_CK_ADH_RC4_128_MD5, | ||
| 451 | SSL_kEDH |SSL_aNULL|SSL_RC4 |SSL_MD5 |SSL_SSLV3, | ||
| 452 | SSL_NOT_EXP|SSL_MEDIUM, | ||
| 453 | 0, | ||
| 454 | 128, | ||
| 455 | 128, | ||
| 456 | SSL_ALL_CIPHERS, | ||
| 457 | SSL_ALL_STRENGTHS, | ||
| 458 | }, | ||
| 459 | /* Cipher 19 */ | ||
| 460 | { | ||
| 461 | 1, | ||
| 462 | SSL3_TXT_ADH_DES_40_CBC_SHA, | ||
| 463 | SSL3_CK_ADH_DES_40_CBC_SHA, | ||
| 464 | SSL_kEDH |SSL_aNULL|SSL_DES|SSL_SHA1|SSL_SSLV3, | ||
| 465 | SSL_EXPORT|SSL_EXP40, | ||
| 466 | 0, | ||
| 467 | 40, | ||
| 468 | 128, | ||
| 469 | SSL_ALL_CIPHERS, | ||
| 470 | SSL_ALL_STRENGTHS, | ||
| 471 | }, | ||
| 472 | /* Cipher 1A */ | ||
| 473 | { | ||
| 474 | 1, | ||
| 475 | SSL3_TXT_ADH_DES_64_CBC_SHA, | ||
| 476 | SSL3_CK_ADH_DES_64_CBC_SHA, | ||
| 477 | SSL_kEDH |SSL_aNULL|SSL_DES |SSL_SHA1|SSL_SSLV3, | ||
| 478 | SSL_NOT_EXP|SSL_LOW, | ||
| 479 | 0, | ||
| 480 | 56, | ||
| 481 | 56, | ||
| 482 | SSL_ALL_CIPHERS, | ||
| 483 | SSL_ALL_STRENGTHS, | ||
| 484 | }, | ||
| 485 | /* Cipher 1B */ | ||
| 486 | { | ||
| 487 | 1, | ||
| 488 | SSL3_TXT_ADH_DES_192_CBC_SHA, | ||
| 489 | SSL3_CK_ADH_DES_192_CBC_SHA, | ||
| 490 | SSL_kEDH |SSL_aNULL|SSL_3DES |SSL_SHA1|SSL_SSLV3, | ||
| 491 | SSL_NOT_EXP|SSL_HIGH, | ||
| 481 | 0, | 492 | 0, |
| 482 | 168, | 493 | 168, |
| 483 | 168, | 494 | 168, |
| @@ -531,17 +542,14 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ | |||
| 531 | #endif | 542 | #endif |
| 532 | 543 | ||
| 533 | #ifndef OPENSSL_NO_KRB5 | 544 | #ifndef OPENSSL_NO_KRB5 |
| 534 | /* The Kerberos ciphers | 545 | /* The Kerberos ciphers */ |
| 535 | ** 20000107 VRS: And the first shall be last, | 546 | /* Cipher 1E */ |
| 536 | ** in hopes of avoiding the lynx ssl renegotiation problem. | ||
| 537 | */ | ||
| 538 | /* Cipher 1E VRS */ | ||
| 539 | { | 547 | { |
| 540 | 1, | 548 | 1, |
| 541 | SSL3_TXT_KRB5_DES_64_CBC_SHA, | 549 | SSL3_TXT_KRB5_DES_64_CBC_SHA, |
| 542 | SSL3_CK_KRB5_DES_64_CBC_SHA, | 550 | SSL3_CK_KRB5_DES_64_CBC_SHA, |
| 543 | SSL_kKRB5|SSL_aKRB5| SSL_DES|SSL_SHA1 |SSL_SSLV3, | 551 | SSL_kKRB5|SSL_aKRB5| SSL_DES|SSL_SHA1 |SSL_SSLV3, |
| 544 | SSL_NOT_EXP|SSL_LOW|SSL_FIPS, | 552 | SSL_NOT_EXP|SSL_LOW, |
| 545 | 0, | 553 | 0, |
| 546 | 56, | 554 | 56, |
| 547 | 56, | 555 | 56, |
| @@ -549,21 +557,21 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ | |||
| 549 | SSL_ALL_STRENGTHS, | 557 | SSL_ALL_STRENGTHS, |
| 550 | }, | 558 | }, |
| 551 | 559 | ||
| 552 | /* Cipher 1F VRS */ | 560 | /* Cipher 1F */ |
| 553 | { | 561 | { |
| 554 | 1, | 562 | 1, |
| 555 | SSL3_TXT_KRB5_DES_192_CBC3_SHA, | 563 | SSL3_TXT_KRB5_DES_192_CBC3_SHA, |
| 556 | SSL3_CK_KRB5_DES_192_CBC3_SHA, | 564 | SSL3_CK_KRB5_DES_192_CBC3_SHA, |
| 557 | SSL_kKRB5|SSL_aKRB5| SSL_3DES|SSL_SHA1 |SSL_SSLV3, | 565 | SSL_kKRB5|SSL_aKRB5| SSL_3DES|SSL_SHA1 |SSL_SSLV3, |
| 558 | SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, | 566 | SSL_NOT_EXP|SSL_HIGH, |
| 559 | 0, | 567 | 0, |
| 560 | 112, | 568 | 168, |
| 561 | 168, | 569 | 168, |
| 562 | SSL_ALL_CIPHERS, | 570 | SSL_ALL_CIPHERS, |
| 563 | SSL_ALL_STRENGTHS, | 571 | SSL_ALL_STRENGTHS, |
| 564 | }, | 572 | }, |
| 565 | 573 | ||
| 566 | /* Cipher 20 VRS */ | 574 | /* Cipher 20 */ |
| 567 | { | 575 | { |
| 568 | 1, | 576 | 1, |
| 569 | SSL3_TXT_KRB5_RC4_128_SHA, | 577 | SSL3_TXT_KRB5_RC4_128_SHA, |
| @@ -577,7 +585,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ | |||
| 577 | SSL_ALL_STRENGTHS, | 585 | SSL_ALL_STRENGTHS, |
| 578 | }, | 586 | }, |
| 579 | 587 | ||
| 580 | /* Cipher 21 VRS */ | 588 | /* Cipher 21 */ |
| 581 | { | 589 | { |
| 582 | 1, | 590 | 1, |
| 583 | SSL3_TXT_KRB5_IDEA_128_CBC_SHA, | 591 | SSL3_TXT_KRB5_IDEA_128_CBC_SHA, |
| @@ -591,7 +599,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ | |||
| 591 | SSL_ALL_STRENGTHS, | 599 | SSL_ALL_STRENGTHS, |
| 592 | }, | 600 | }, |
| 593 | 601 | ||
| 594 | /* Cipher 22 VRS */ | 602 | /* Cipher 22 */ |
| 595 | { | 603 | { |
| 596 | 1, | 604 | 1, |
| 597 | SSL3_TXT_KRB5_DES_64_CBC_MD5, | 605 | SSL3_TXT_KRB5_DES_64_CBC_MD5, |
| @@ -605,7 +613,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ | |||
| 605 | SSL_ALL_STRENGTHS, | 613 | SSL_ALL_STRENGTHS, |
| 606 | }, | 614 | }, |
| 607 | 615 | ||
| 608 | /* Cipher 23 VRS */ | 616 | /* Cipher 23 */ |
| 609 | { | 617 | { |
| 610 | 1, | 618 | 1, |
| 611 | SSL3_TXT_KRB5_DES_192_CBC3_MD5, | 619 | SSL3_TXT_KRB5_DES_192_CBC3_MD5, |
| @@ -613,13 +621,13 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ | |||
| 613 | SSL_kKRB5|SSL_aKRB5| SSL_3DES|SSL_MD5 |SSL_SSLV3, | 621 | SSL_kKRB5|SSL_aKRB5| SSL_3DES|SSL_MD5 |SSL_SSLV3, |
| 614 | SSL_NOT_EXP|SSL_HIGH, | 622 | SSL_NOT_EXP|SSL_HIGH, |
| 615 | 0, | 623 | 0, |
| 616 | 112, | 624 | 168, |
| 617 | 168, | 625 | 168, |
| 618 | SSL_ALL_CIPHERS, | 626 | SSL_ALL_CIPHERS, |
| 619 | SSL_ALL_STRENGTHS, | 627 | SSL_ALL_STRENGTHS, |
| 620 | }, | 628 | }, |
| 621 | 629 | ||
| 622 | /* Cipher 24 VRS */ | 630 | /* Cipher 24 */ |
| 623 | { | 631 | { |
| 624 | 1, | 632 | 1, |
| 625 | SSL3_TXT_KRB5_RC4_128_MD5, | 633 | SSL3_TXT_KRB5_RC4_128_MD5, |
| @@ -633,7 +641,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ | |||
| 633 | SSL_ALL_STRENGTHS, | 641 | SSL_ALL_STRENGTHS, |
| 634 | }, | 642 | }, |
| 635 | 643 | ||
| 636 | /* Cipher 25 VRS */ | 644 | /* Cipher 25 */ |
| 637 | { | 645 | { |
| 638 | 1, | 646 | 1, |
| 639 | SSL3_TXT_KRB5_IDEA_128_CBC_MD5, | 647 | SSL3_TXT_KRB5_IDEA_128_CBC_MD5, |
| @@ -647,13 +655,13 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ | |||
| 647 | SSL_ALL_STRENGTHS, | 655 | SSL_ALL_STRENGTHS, |
| 648 | }, | 656 | }, |
| 649 | 657 | ||
| 650 | /* Cipher 26 VRS */ | 658 | /* Cipher 26 */ |
| 651 | { | 659 | { |
| 652 | 1, | 660 | 1, |
| 653 | SSL3_TXT_KRB5_DES_40_CBC_SHA, | 661 | SSL3_TXT_KRB5_DES_40_CBC_SHA, |
| 654 | SSL3_CK_KRB5_DES_40_CBC_SHA, | 662 | SSL3_CK_KRB5_DES_40_CBC_SHA, |
| 655 | SSL_kKRB5|SSL_aKRB5| SSL_DES|SSL_SHA1 |SSL_SSLV3, | 663 | SSL_kKRB5|SSL_aKRB5| SSL_DES|SSL_SHA1 |SSL_SSLV3, |
| 656 | SSL_EXPORT|SSL_EXP40|SSL_FIPS, | 664 | SSL_EXPORT|SSL_EXP40, |
| 657 | 0, | 665 | 0, |
| 658 | 40, | 666 | 40, |
| 659 | 56, | 667 | 56, |
| @@ -661,7 +669,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ | |||
| 661 | SSL_ALL_STRENGTHS, | 669 | SSL_ALL_STRENGTHS, |
| 662 | }, | 670 | }, |
| 663 | 671 | ||
| 664 | /* Cipher 27 VRS */ | 672 | /* Cipher 27 */ |
| 665 | { | 673 | { |
| 666 | 1, | 674 | 1, |
| 667 | SSL3_TXT_KRB5_RC2_40_CBC_SHA, | 675 | SSL3_TXT_KRB5_RC2_40_CBC_SHA, |
| @@ -675,7 +683,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ | |||
| 675 | SSL_ALL_STRENGTHS, | 683 | SSL_ALL_STRENGTHS, |
| 676 | }, | 684 | }, |
| 677 | 685 | ||
| 678 | /* Cipher 28 VRS */ | 686 | /* Cipher 28 */ |
| 679 | { | 687 | { |
| 680 | 1, | 688 | 1, |
| 681 | SSL3_TXT_KRB5_RC4_40_SHA, | 689 | SSL3_TXT_KRB5_RC4_40_SHA, |
| @@ -683,13 +691,13 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ | |||
| 683 | SSL_kKRB5|SSL_aKRB5| SSL_RC4|SSL_SHA1 |SSL_SSLV3, | 691 | SSL_kKRB5|SSL_aKRB5| SSL_RC4|SSL_SHA1 |SSL_SSLV3, |
| 684 | SSL_EXPORT|SSL_EXP40, | 692 | SSL_EXPORT|SSL_EXP40, |
| 685 | 0, | 693 | 0, |
| 686 | 128, | 694 | 40, |
| 687 | 128, | 695 | 128, |
| 688 | SSL_ALL_CIPHERS, | 696 | SSL_ALL_CIPHERS, |
| 689 | SSL_ALL_STRENGTHS, | 697 | SSL_ALL_STRENGTHS, |
| 690 | }, | 698 | }, |
| 691 | 699 | ||
| 692 | /* Cipher 29 VRS */ | 700 | /* Cipher 29 */ |
| 693 | { | 701 | { |
| 694 | 1, | 702 | 1, |
| 695 | SSL3_TXT_KRB5_DES_40_CBC_MD5, | 703 | SSL3_TXT_KRB5_DES_40_CBC_MD5, |
| @@ -703,7 +711,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ | |||
| 703 | SSL_ALL_STRENGTHS, | 711 | SSL_ALL_STRENGTHS, |
| 704 | }, | 712 | }, |
| 705 | 713 | ||
| 706 | /* Cipher 2A VRS */ | 714 | /* Cipher 2A */ |
| 707 | { | 715 | { |
| 708 | 1, | 716 | 1, |
| 709 | SSL3_TXT_KRB5_RC2_40_CBC_MD5, | 717 | SSL3_TXT_KRB5_RC2_40_CBC_MD5, |
| @@ -717,7 +725,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ | |||
| 717 | SSL_ALL_STRENGTHS, | 725 | SSL_ALL_STRENGTHS, |
| 718 | }, | 726 | }, |
| 719 | 727 | ||
| 720 | /* Cipher 2B VRS */ | 728 | /* Cipher 2B */ |
| 721 | { | 729 | { |
| 722 | 1, | 730 | 1, |
| 723 | SSL3_TXT_KRB5_RC4_40_MD5, | 731 | SSL3_TXT_KRB5_RC4_40_MD5, |
| @@ -725,16 +733,258 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ | |||
| 725 | SSL_kKRB5|SSL_aKRB5| SSL_RC4|SSL_MD5 |SSL_SSLV3, | 733 | SSL_kKRB5|SSL_aKRB5| SSL_RC4|SSL_MD5 |SSL_SSLV3, |
| 726 | SSL_EXPORT|SSL_EXP40, | 734 | SSL_EXPORT|SSL_EXP40, |
| 727 | 0, | 735 | 0, |
| 728 | 128, | 736 | 40, |
| 729 | 128, | 737 | 128, |
| 730 | SSL_ALL_CIPHERS, | 738 | SSL_ALL_CIPHERS, |
| 731 | SSL_ALL_STRENGTHS, | 739 | SSL_ALL_STRENGTHS, |
| 732 | }, | 740 | }, |
| 733 | #endif /* OPENSSL_NO_KRB5 */ | 741 | #endif /* OPENSSL_NO_KRB5 */ |
| 734 | 742 | ||
| 743 | /* New AES ciphersuites */ | ||
| 744 | /* Cipher 2F */ | ||
| 745 | { | ||
| 746 | 1, | ||
| 747 | TLS1_TXT_RSA_WITH_AES_128_SHA, | ||
| 748 | TLS1_CK_RSA_WITH_AES_128_SHA, | ||
| 749 | SSL_kRSA|SSL_aRSA|SSL_AES|SSL_SHA |SSL_TLSV1, | ||
| 750 | SSL_NOT_EXP|SSL_HIGH, | ||
| 751 | 0, | ||
| 752 | 128, | ||
| 753 | 128, | ||
| 754 | SSL_ALL_CIPHERS, | ||
| 755 | SSL_ALL_STRENGTHS, | ||
| 756 | }, | ||
| 757 | /* Cipher 30 */ | ||
| 758 | { | ||
| 759 | 0, | ||
| 760 | TLS1_TXT_DH_DSS_WITH_AES_128_SHA, | ||
| 761 | TLS1_CK_DH_DSS_WITH_AES_128_SHA, | ||
| 762 | SSL_kDHd|SSL_aDH|SSL_AES|SSL_SHA|SSL_TLSV1, | ||
| 763 | SSL_NOT_EXP|SSL_HIGH, | ||
| 764 | 0, | ||
| 765 | 128, | ||
| 766 | 128, | ||
| 767 | SSL_ALL_CIPHERS, | ||
| 768 | SSL_ALL_STRENGTHS, | ||
| 769 | }, | ||
| 770 | /* Cipher 31 */ | ||
| 771 | { | ||
| 772 | 0, | ||
| 773 | TLS1_TXT_DH_RSA_WITH_AES_128_SHA, | ||
| 774 | TLS1_CK_DH_RSA_WITH_AES_128_SHA, | ||
| 775 | SSL_kDHr|SSL_aDH|SSL_AES|SSL_SHA|SSL_TLSV1, | ||
| 776 | SSL_NOT_EXP|SSL_HIGH, | ||
| 777 | 0, | ||
| 778 | 128, | ||
| 779 | 128, | ||
| 780 | SSL_ALL_CIPHERS, | ||
| 781 | SSL_ALL_STRENGTHS, | ||
| 782 | }, | ||
| 783 | /* Cipher 32 */ | ||
| 784 | { | ||
| 785 | 1, | ||
| 786 | TLS1_TXT_DHE_DSS_WITH_AES_128_SHA, | ||
| 787 | TLS1_CK_DHE_DSS_WITH_AES_128_SHA, | ||
| 788 | SSL_kEDH|SSL_aDSS|SSL_AES|SSL_SHA|SSL_TLSV1, | ||
| 789 | SSL_NOT_EXP|SSL_HIGH, | ||
| 790 | 0, | ||
| 791 | 128, | ||
| 792 | 128, | ||
| 793 | SSL_ALL_CIPHERS, | ||
| 794 | SSL_ALL_STRENGTHS, | ||
| 795 | }, | ||
| 796 | /* Cipher 33 */ | ||
| 797 | { | ||
| 798 | 1, | ||
| 799 | TLS1_TXT_DHE_RSA_WITH_AES_128_SHA, | ||
| 800 | TLS1_CK_DHE_RSA_WITH_AES_128_SHA, | ||
| 801 | SSL_kEDH|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1, | ||
| 802 | SSL_NOT_EXP|SSL_HIGH, | ||
| 803 | 0, | ||
| 804 | 128, | ||
| 805 | 128, | ||
| 806 | SSL_ALL_CIPHERS, | ||
| 807 | SSL_ALL_STRENGTHS, | ||
| 808 | }, | ||
| 809 | /* Cipher 34 */ | ||
| 810 | { | ||
| 811 | 1, | ||
| 812 | TLS1_TXT_ADH_WITH_AES_128_SHA, | ||
| 813 | TLS1_CK_ADH_WITH_AES_128_SHA, | ||
| 814 | SSL_kEDH|SSL_aNULL|SSL_AES|SSL_SHA|SSL_TLSV1, | ||
| 815 | SSL_NOT_EXP|SSL_HIGH, | ||
| 816 | 0, | ||
| 817 | 128, | ||
| 818 | 128, | ||
| 819 | SSL_ALL_CIPHERS, | ||
| 820 | SSL_ALL_STRENGTHS, | ||
| 821 | }, | ||
| 822 | |||
| 823 | /* Cipher 35 */ | ||
| 824 | { | ||
| 825 | 1, | ||
| 826 | TLS1_TXT_RSA_WITH_AES_256_SHA, | ||
| 827 | TLS1_CK_RSA_WITH_AES_256_SHA, | ||
| 828 | SSL_kRSA|SSL_aRSA|SSL_AES|SSL_SHA |SSL_TLSV1, | ||
| 829 | SSL_NOT_EXP|SSL_HIGH, | ||
| 830 | 0, | ||
| 831 | 256, | ||
| 832 | 256, | ||
| 833 | SSL_ALL_CIPHERS, | ||
| 834 | SSL_ALL_STRENGTHS, | ||
| 835 | }, | ||
| 836 | /* Cipher 36 */ | ||
| 837 | { | ||
| 838 | 0, | ||
| 839 | TLS1_TXT_DH_DSS_WITH_AES_256_SHA, | ||
| 840 | TLS1_CK_DH_DSS_WITH_AES_256_SHA, | ||
| 841 | SSL_kDHd|SSL_aDH|SSL_AES|SSL_SHA|SSL_TLSV1, | ||
| 842 | SSL_NOT_EXP|SSL_HIGH, | ||
| 843 | 0, | ||
| 844 | 256, | ||
| 845 | 256, | ||
| 846 | SSL_ALL_CIPHERS, | ||
| 847 | SSL_ALL_STRENGTHS, | ||
| 848 | }, | ||
| 849 | /* Cipher 37 */ | ||
| 850 | { | ||
| 851 | 0, | ||
| 852 | TLS1_TXT_DH_RSA_WITH_AES_256_SHA, | ||
| 853 | TLS1_CK_DH_RSA_WITH_AES_256_SHA, | ||
| 854 | SSL_kDHr|SSL_aDH|SSL_AES|SSL_SHA|SSL_TLSV1, | ||
| 855 | SSL_NOT_EXP|SSL_HIGH, | ||
| 856 | 0, | ||
| 857 | 256, | ||
| 858 | 256, | ||
| 859 | SSL_ALL_CIPHERS, | ||
| 860 | SSL_ALL_STRENGTHS, | ||
| 861 | }, | ||
| 862 | /* Cipher 38 */ | ||
| 863 | { | ||
| 864 | 1, | ||
| 865 | TLS1_TXT_DHE_DSS_WITH_AES_256_SHA, | ||
| 866 | TLS1_CK_DHE_DSS_WITH_AES_256_SHA, | ||
| 867 | SSL_kEDH|SSL_aDSS|SSL_AES|SSL_SHA|SSL_TLSV1, | ||
| 868 | SSL_NOT_EXP|SSL_HIGH, | ||
| 869 | 0, | ||
| 870 | 256, | ||
| 871 | 256, | ||
| 872 | SSL_ALL_CIPHERS, | ||
| 873 | SSL_ALL_STRENGTHS, | ||
| 874 | }, | ||
| 875 | /* Cipher 39 */ | ||
| 876 | { | ||
| 877 | 1, | ||
| 878 | TLS1_TXT_DHE_RSA_WITH_AES_256_SHA, | ||
| 879 | TLS1_CK_DHE_RSA_WITH_AES_256_SHA, | ||
| 880 | SSL_kEDH|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1, | ||
| 881 | SSL_NOT_EXP|SSL_HIGH, | ||
| 882 | 0, | ||
| 883 | 256, | ||
| 884 | 256, | ||
| 885 | SSL_ALL_CIPHERS, | ||
| 886 | SSL_ALL_STRENGTHS, | ||
| 887 | }, | ||
| 888 | /* Cipher 3A */ | ||
| 889 | { | ||
| 890 | 1, | ||
| 891 | TLS1_TXT_ADH_WITH_AES_256_SHA, | ||
| 892 | TLS1_CK_ADH_WITH_AES_256_SHA, | ||
| 893 | SSL_kEDH|SSL_aNULL|SSL_AES|SSL_SHA|SSL_TLSV1, | ||
| 894 | SSL_NOT_EXP|SSL_HIGH, | ||
| 895 | 0, | ||
| 896 | 256, | ||
| 897 | 256, | ||
| 898 | SSL_ALL_CIPHERS, | ||
| 899 | SSL_ALL_STRENGTHS, | ||
| 900 | }, | ||
| 901 | |||
| 902 | #ifndef OPENSSL_NO_CAMELLIA | ||
| 903 | /* Camellia ciphersuites from RFC4132 (128-bit portion) */ | ||
| 904 | |||
| 905 | /* Cipher 41 */ | ||
| 906 | { | ||
| 907 | 1, | ||
| 908 | TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA, | ||
| 909 | TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA, | ||
| 910 | SSL_kRSA|SSL_aRSA|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1, | ||
| 911 | SSL_NOT_EXP|SSL_HIGH, | ||
| 912 | 0, | ||
| 913 | 128, | ||
| 914 | 128, | ||
| 915 | SSL_ALL_CIPHERS, | ||
| 916 | SSL_ALL_STRENGTHS | ||
| 917 | }, | ||
| 918 | /* Cipher 42 */ | ||
| 919 | { | ||
| 920 | 0, /* not implemented (non-ephemeral DH) */ | ||
| 921 | TLS1_TXT_DH_DSS_WITH_CAMELLIA_128_CBC_SHA, | ||
| 922 | TLS1_CK_DH_DSS_WITH_CAMELLIA_128_CBC_SHA, | ||
| 923 | SSL_kDHd|SSL_aDH|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1, | ||
| 924 | SSL_NOT_EXP|SSL_HIGH, | ||
| 925 | 0, | ||
| 926 | 128, | ||
| 927 | 128, | ||
| 928 | SSL_ALL_CIPHERS, | ||
| 929 | SSL_ALL_STRENGTHS | ||
| 930 | }, | ||
| 931 | /* Cipher 43 */ | ||
| 932 | { | ||
| 933 | 0, /* not implemented (non-ephemeral DH) */ | ||
| 934 | TLS1_TXT_DH_RSA_WITH_CAMELLIA_128_CBC_SHA, | ||
| 935 | TLS1_CK_DH_RSA_WITH_CAMELLIA_128_CBC_SHA, | ||
| 936 | SSL_kDHr|SSL_aDH|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1, | ||
| 937 | SSL_NOT_EXP|SSL_HIGH, | ||
| 938 | 0, | ||
| 939 | 128, | ||
| 940 | 128, | ||
| 941 | SSL_ALL_CIPHERS, | ||
| 942 | SSL_ALL_STRENGTHS | ||
| 943 | }, | ||
| 944 | /* Cipher 44 */ | ||
| 945 | { | ||
| 946 | 1, | ||
| 947 | TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA, | ||
| 948 | TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA, | ||
| 949 | SSL_kEDH|SSL_aDSS|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1, | ||
| 950 | SSL_NOT_EXP|SSL_HIGH, | ||
| 951 | 0, | ||
| 952 | 128, | ||
| 953 | 128, | ||
| 954 | SSL_ALL_CIPHERS, | ||
| 955 | SSL_ALL_STRENGTHS | ||
| 956 | }, | ||
| 957 | /* Cipher 45 */ | ||
| 958 | { | ||
| 959 | 1, | ||
| 960 | TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, | ||
| 961 | TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, | ||
| 962 | SSL_kEDH|SSL_aRSA|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1, | ||
| 963 | SSL_NOT_EXP|SSL_HIGH, | ||
| 964 | 0, | ||
| 965 | 128, | ||
| 966 | 128, | ||
| 967 | SSL_ALL_CIPHERS, | ||
| 968 | SSL_ALL_STRENGTHS | ||
| 969 | }, | ||
| 970 | /* Cipher 46 */ | ||
| 971 | { | ||
| 972 | 1, | ||
| 973 | TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA, | ||
| 974 | TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA, | ||
| 975 | SSL_kEDH|SSL_aNULL|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1, | ||
| 976 | SSL_NOT_EXP|SSL_HIGH, | ||
| 977 | 0, | ||
| 978 | 128, | ||
| 979 | 128, | ||
| 980 | SSL_ALL_CIPHERS, | ||
| 981 | SSL_ALL_STRENGTHS | ||
| 982 | }, | ||
| 983 | #endif /* OPENSSL_NO_CAMELLIA */ | ||
| 735 | 984 | ||
| 736 | #if TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES | 985 | #if TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES |
| 737 | /* New TLS Export CipherSuites */ | 986 | /* New TLS Export CipherSuites from expired ID */ |
| 987 | #if 0 | ||
| 738 | /* Cipher 60 */ | 988 | /* Cipher 60 */ |
| 739 | { | 989 | { |
| 740 | 1, | 990 | 1, |
| @@ -761,13 +1011,14 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ | |||
| 761 | SSL_ALL_CIPHERS, | 1011 | SSL_ALL_CIPHERS, |
| 762 | SSL_ALL_STRENGTHS, | 1012 | SSL_ALL_STRENGTHS, |
| 763 | }, | 1013 | }, |
| 1014 | #endif | ||
| 764 | /* Cipher 62 */ | 1015 | /* Cipher 62 */ |
| 765 | { | 1016 | { |
| 766 | 1, | 1017 | 1, |
| 767 | TLS1_TXT_RSA_EXPORT1024_WITH_DES_CBC_SHA, | 1018 | TLS1_TXT_RSA_EXPORT1024_WITH_DES_CBC_SHA, |
| 768 | TLS1_CK_RSA_EXPORT1024_WITH_DES_CBC_SHA, | 1019 | TLS1_CK_RSA_EXPORT1024_WITH_DES_CBC_SHA, |
| 769 | SSL_kRSA|SSL_aRSA|SSL_DES|SSL_SHA|SSL_TLSV1, | 1020 | SSL_kRSA|SSL_aRSA|SSL_DES|SSL_SHA|SSL_TLSV1, |
| 770 | SSL_EXPORT|SSL_EXP56|SSL_FIPS, | 1021 | SSL_EXPORT|SSL_EXP56, |
| 771 | 0, | 1022 | 0, |
| 772 | 56, | 1023 | 56, |
| 773 | 56, | 1024 | 56, |
| @@ -780,7 +1031,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ | |||
| 780 | TLS1_TXT_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA, | 1031 | TLS1_TXT_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA, |
| 781 | TLS1_CK_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA, | 1032 | TLS1_CK_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA, |
| 782 | SSL_kEDH|SSL_aDSS|SSL_DES|SSL_SHA|SSL_TLSV1, | 1033 | SSL_kEDH|SSL_aDSS|SSL_DES|SSL_SHA|SSL_TLSV1, |
| 783 | SSL_EXPORT|SSL_EXP56|SSL_FIPS, | 1034 | SSL_EXPORT|SSL_EXP56, |
| 784 | 0, | 1035 | 0, |
| 785 | 56, | 1036 | 56, |
| 786 | 56, | 1037 | 56, |
| @@ -827,170 +1078,536 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ | |||
| 827 | SSL_ALL_STRENGTHS | 1078 | SSL_ALL_STRENGTHS |
| 828 | }, | 1079 | }, |
| 829 | #endif | 1080 | #endif |
| 830 | /* New AES ciphersuites */ | ||
| 831 | 1081 | ||
| 832 | /* Cipher 2F */ | 1082 | #ifndef OPENSSL_NO_CAMELLIA |
| 1083 | /* Camellia ciphersuites from RFC4132 (256-bit portion) */ | ||
| 1084 | |||
| 1085 | /* Cipher 84 */ | ||
| 1086 | { | ||
| 1087 | 1, | ||
| 1088 | TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA, | ||
| 1089 | TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA, | ||
| 1090 | SSL_kRSA|SSL_aRSA|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1, | ||
| 1091 | SSL_NOT_EXP|SSL_HIGH, | ||
| 1092 | 0, | ||
| 1093 | 256, | ||
| 1094 | 256, | ||
| 1095 | SSL_ALL_CIPHERS, | ||
| 1096 | SSL_ALL_STRENGTHS | ||
| 1097 | }, | ||
| 1098 | /* Cipher 85 */ | ||
| 1099 | { | ||
| 1100 | 0, /* not implemented (non-ephemeral DH) */ | ||
| 1101 | TLS1_TXT_DH_DSS_WITH_CAMELLIA_256_CBC_SHA, | ||
| 1102 | TLS1_CK_DH_DSS_WITH_CAMELLIA_256_CBC_SHA, | ||
| 1103 | SSL_kDHd|SSL_aDH|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1, | ||
| 1104 | SSL_NOT_EXP|SSL_HIGH, | ||
| 1105 | 0, | ||
| 1106 | 256, | ||
| 1107 | 256, | ||
| 1108 | SSL_ALL_CIPHERS, | ||
| 1109 | SSL_ALL_STRENGTHS | ||
| 1110 | }, | ||
| 1111 | /* Cipher 86 */ | ||
| 1112 | { | ||
| 1113 | 0, /* not implemented (non-ephemeral DH) */ | ||
| 1114 | TLS1_TXT_DH_RSA_WITH_CAMELLIA_256_CBC_SHA, | ||
| 1115 | TLS1_CK_DH_RSA_WITH_CAMELLIA_256_CBC_SHA, | ||
| 1116 | SSL_kDHr|SSL_aDH|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1, | ||
| 1117 | SSL_NOT_EXP|SSL_HIGH, | ||
| 1118 | 0, | ||
| 1119 | 256, | ||
| 1120 | 256, | ||
| 1121 | SSL_ALL_CIPHERS, | ||
| 1122 | SSL_ALL_STRENGTHS | ||
| 1123 | }, | ||
| 1124 | /* Cipher 87 */ | ||
| 1125 | { | ||
| 1126 | 1, | ||
| 1127 | TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, | ||
| 1128 | TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, | ||
| 1129 | SSL_kEDH|SSL_aDSS|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1, | ||
| 1130 | SSL_NOT_EXP|SSL_HIGH, | ||
| 1131 | 0, | ||
| 1132 | 256, | ||
| 1133 | 256, | ||
| 1134 | SSL_ALL_CIPHERS, | ||
| 1135 | SSL_ALL_STRENGTHS | ||
| 1136 | }, | ||
| 1137 | /* Cipher 88 */ | ||
| 1138 | { | ||
| 1139 | 1, | ||
| 1140 | TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, | ||
| 1141 | TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, | ||
| 1142 | SSL_kEDH|SSL_aRSA|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1, | ||
| 1143 | SSL_NOT_EXP|SSL_HIGH, | ||
| 1144 | 0, | ||
| 1145 | 256, | ||
| 1146 | 256, | ||
| 1147 | SSL_ALL_CIPHERS, | ||
| 1148 | SSL_ALL_STRENGTHS | ||
| 1149 | }, | ||
| 1150 | /* Cipher 89 */ | ||
| 1151 | { | ||
| 1152 | 1, | ||
| 1153 | TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA, | ||
| 1154 | TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA, | ||
| 1155 | SSL_kEDH|SSL_aNULL|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1, | ||
| 1156 | SSL_NOT_EXP|SSL_HIGH, | ||
| 1157 | 0, | ||
| 1158 | 256, | ||
| 1159 | 256, | ||
| 1160 | SSL_ALL_CIPHERS, | ||
| 1161 | SSL_ALL_STRENGTHS | ||
| 1162 | }, | ||
| 1163 | #endif /* OPENSSL_NO_CAMELLIA */ | ||
| 1164 | |||
| 1165 | #ifndef OPENSSL_NO_SEED | ||
| 1166 | /* SEED ciphersuites from RFC4162 */ | ||
| 1167 | |||
| 1168 | /* Cipher 96 */ | ||
| 1169 | { | ||
| 1170 | 1, | ||
| 1171 | TLS1_TXT_RSA_WITH_SEED_SHA, | ||
| 1172 | TLS1_CK_RSA_WITH_SEED_SHA, | ||
| 1173 | SSL_kRSA|SSL_aRSA|SSL_SEED|SSL_SHA1|SSL_TLSV1, | ||
| 1174 | SSL_NOT_EXP|SSL_MEDIUM, | ||
| 1175 | 0, | ||
| 1176 | 128, | ||
| 1177 | 128, | ||
| 1178 | SSL_ALL_CIPHERS, | ||
| 1179 | SSL_ALL_STRENGTHS, | ||
| 1180 | }, | ||
| 1181 | |||
| 1182 | /* Cipher 97 */ | ||
| 1183 | { | ||
| 1184 | 0, /* not implemented (non-ephemeral DH) */ | ||
| 1185 | TLS1_TXT_DH_DSS_WITH_SEED_SHA, | ||
| 1186 | TLS1_CK_DH_DSS_WITH_SEED_SHA, | ||
| 1187 | SSL_kDHd|SSL_aDH|SSL_SEED|SSL_SHA1|SSL_TLSV1, | ||
| 1188 | SSL_NOT_EXP|SSL_MEDIUM, | ||
| 1189 | 0, | ||
| 1190 | 128, | ||
| 1191 | 128, | ||
| 1192 | SSL_ALL_CIPHERS, | ||
| 1193 | SSL_ALL_STRENGTHS, | ||
| 1194 | }, | ||
| 1195 | |||
| 1196 | /* Cipher 98 */ | ||
| 1197 | { | ||
| 1198 | 0, /* not implemented (non-ephemeral DH) */ | ||
| 1199 | TLS1_TXT_DH_RSA_WITH_SEED_SHA, | ||
| 1200 | TLS1_CK_DH_RSA_WITH_SEED_SHA, | ||
| 1201 | SSL_kDHr|SSL_aDH|SSL_SEED|SSL_SHA1|SSL_TLSV1, | ||
| 1202 | SSL_NOT_EXP|SSL_MEDIUM, | ||
| 1203 | 0, | ||
| 1204 | 128, | ||
| 1205 | 128, | ||
| 1206 | SSL_ALL_CIPHERS, | ||
| 1207 | SSL_ALL_STRENGTHS, | ||
| 1208 | }, | ||
| 1209 | |||
| 1210 | /* Cipher 99 */ | ||
| 1211 | { | ||
| 1212 | 1, | ||
| 1213 | TLS1_TXT_DHE_DSS_WITH_SEED_SHA, | ||
| 1214 | TLS1_CK_DHE_DSS_WITH_SEED_SHA, | ||
| 1215 | SSL_kEDH|SSL_aDSS|SSL_SEED|SSL_SHA1|SSL_TLSV1, | ||
| 1216 | SSL_NOT_EXP|SSL_MEDIUM, | ||
| 1217 | 0, | ||
| 1218 | 128, | ||
| 1219 | 128, | ||
| 1220 | SSL_ALL_CIPHERS, | ||
| 1221 | SSL_ALL_STRENGTHS, | ||
| 1222 | }, | ||
| 1223 | |||
| 1224 | /* Cipher 9A */ | ||
| 1225 | { | ||
| 1226 | 1, | ||
| 1227 | TLS1_TXT_DHE_RSA_WITH_SEED_SHA, | ||
| 1228 | TLS1_CK_DHE_RSA_WITH_SEED_SHA, | ||
| 1229 | SSL_kEDH|SSL_aRSA|SSL_SEED|SSL_SHA1|SSL_TLSV1, | ||
| 1230 | SSL_NOT_EXP|SSL_MEDIUM, | ||
| 1231 | 0, | ||
| 1232 | 128, | ||
| 1233 | 128, | ||
| 1234 | SSL_ALL_CIPHERS, | ||
| 1235 | SSL_ALL_STRENGTHS, | ||
| 1236 | }, | ||
| 1237 | |||
| 1238 | /* Cipher 9B */ | ||
| 1239 | { | ||
| 1240 | 1, | ||
| 1241 | TLS1_TXT_ADH_WITH_SEED_SHA, | ||
| 1242 | TLS1_CK_ADH_WITH_SEED_SHA, | ||
| 1243 | SSL_kEDH|SSL_aNULL|SSL_SEED|SSL_SHA1|SSL_TLSV1, | ||
| 1244 | SSL_NOT_EXP|SSL_MEDIUM, | ||
| 1245 | 0, | ||
| 1246 | 128, | ||
| 1247 | 128, | ||
| 1248 | SSL_ALL_CIPHERS, | ||
| 1249 | SSL_ALL_STRENGTHS, | ||
| 1250 | }, | ||
| 1251 | |||
| 1252 | #endif /* OPENSSL_NO_SEED */ | ||
| 1253 | |||
| 1254 | #ifndef OPENSSL_NO_ECDH | ||
| 1255 | /* Cipher C001 */ | ||
| 833 | { | 1256 | { |
| 834 | 1, | 1257 | 1, |
| 835 | TLS1_TXT_RSA_WITH_AES_128_SHA, | 1258 | TLS1_TXT_ECDH_ECDSA_WITH_NULL_SHA, |
| 836 | TLS1_CK_RSA_WITH_AES_128_SHA, | 1259 | TLS1_CK_ECDH_ECDSA_WITH_NULL_SHA, |
| 837 | SSL_kRSA|SSL_aRSA|SSL_AES|SSL_SHA |SSL_TLSV1, | 1260 | SSL_kECDH|SSL_aECDSA|SSL_eNULL|SSL_SHA|SSL_TLSV1, |
| 838 | SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, | 1261 | SSL_NOT_EXP, |
| 839 | 0, | 1262 | 0, |
| 840 | 128, | 1263 | 0, |
| 841 | 128, | 1264 | 0, |
| 842 | SSL_ALL_CIPHERS, | 1265 | SSL_ALL_CIPHERS, |
| 843 | SSL_ALL_STRENGTHS, | 1266 | SSL_ALL_STRENGTHS, |
| 844 | }, | 1267 | }, |
| 845 | /* Cipher 30 */ | 1268 | |
| 1269 | /* Cipher C002 */ | ||
| 846 | { | 1270 | { |
| 847 | 0, | 1271 | 1, |
| 848 | TLS1_TXT_DH_DSS_WITH_AES_128_SHA, | 1272 | TLS1_TXT_ECDH_ECDSA_WITH_RC4_128_SHA, |
| 849 | TLS1_CK_DH_DSS_WITH_AES_128_SHA, | 1273 | TLS1_CK_ECDH_ECDSA_WITH_RC4_128_SHA, |
| 850 | SSL_kDHd|SSL_aDH|SSL_AES|SSL_SHA|SSL_TLSV1, | 1274 | SSL_kECDH|SSL_aECDSA|SSL_RC4|SSL_SHA|SSL_TLSV1, |
| 851 | SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, | 1275 | SSL_NOT_EXP, |
| 852 | 0, | 1276 | 0, |
| 853 | 128, | 1277 | 128, |
| 854 | 128, | 1278 | 128, |
| 855 | SSL_ALL_CIPHERS, | 1279 | SSL_ALL_CIPHERS, |
| 856 | SSL_ALL_STRENGTHS, | 1280 | SSL_ALL_STRENGTHS, |
| 857 | }, | 1281 | }, |
| 858 | /* Cipher 31 */ | 1282 | |
| 1283 | /* Cipher C003 */ | ||
| 859 | { | 1284 | { |
| 860 | 0, | 1285 | 1, |
| 861 | TLS1_TXT_DH_RSA_WITH_AES_128_SHA, | 1286 | TLS1_TXT_ECDH_ECDSA_WITH_DES_192_CBC3_SHA, |
| 862 | TLS1_CK_DH_RSA_WITH_AES_128_SHA, | 1287 | TLS1_CK_ECDH_ECDSA_WITH_DES_192_CBC3_SHA, |
| 863 | SSL_kDHr|SSL_aDH|SSL_AES|SSL_SHA|SSL_TLSV1, | 1288 | SSL_kECDH|SSL_aECDSA|SSL_3DES|SSL_SHA|SSL_TLSV1, |
| 864 | SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, | 1289 | SSL_NOT_EXP|SSL_HIGH, |
| 865 | 0, | 1290 | 0, |
| 866 | 128, | 1291 | 168, |
| 867 | 128, | 1292 | 168, |
| 868 | SSL_ALL_CIPHERS, | 1293 | SSL_ALL_CIPHERS, |
| 869 | SSL_ALL_STRENGTHS, | 1294 | SSL_ALL_STRENGTHS, |
| 870 | }, | 1295 | }, |
| 871 | /* Cipher 32 */ | 1296 | |
| 1297 | /* Cipher C004 */ | ||
| 872 | { | 1298 | { |
| 873 | 1, | 1299 | 1, |
| 874 | TLS1_TXT_DHE_DSS_WITH_AES_128_SHA, | 1300 | TLS1_TXT_ECDH_ECDSA_WITH_AES_128_CBC_SHA, |
| 875 | TLS1_CK_DHE_DSS_WITH_AES_128_SHA, | 1301 | TLS1_CK_ECDH_ECDSA_WITH_AES_128_CBC_SHA, |
| 876 | SSL_kEDH|SSL_aDSS|SSL_AES|SSL_SHA|SSL_TLSV1, | 1302 | SSL_kECDH|SSL_aECDSA|SSL_AES|SSL_SHA|SSL_TLSV1, |
| 877 | SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, | 1303 | SSL_NOT_EXP|SSL_HIGH, |
| 878 | 0, | 1304 | 0, |
| 879 | 128, | 1305 | 128, |
| 880 | 128, | 1306 | 128, |
| 881 | SSL_ALL_CIPHERS, | 1307 | SSL_ALL_CIPHERS, |
| 882 | SSL_ALL_STRENGTHS, | 1308 | SSL_ALL_STRENGTHS, |
| 883 | }, | 1309 | }, |
| 884 | /* Cipher 33 */ | 1310 | |
| 1311 | /* Cipher C005 */ | ||
| 885 | { | 1312 | { |
| 886 | 1, | 1313 | 1, |
| 887 | TLS1_TXT_DHE_RSA_WITH_AES_128_SHA, | 1314 | TLS1_TXT_ECDH_ECDSA_WITH_AES_256_CBC_SHA, |
| 888 | TLS1_CK_DHE_RSA_WITH_AES_128_SHA, | 1315 | TLS1_CK_ECDH_ECDSA_WITH_AES_256_CBC_SHA, |
| 889 | SSL_kEDH|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1, | 1316 | SSL_kECDH|SSL_aECDSA|SSL_AES|SSL_SHA|SSL_TLSV1, |
| 890 | SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, | 1317 | SSL_NOT_EXP|SSL_HIGH, |
| 891 | 0, | 1318 | 0, |
| 892 | 128, | 1319 | 256, |
| 893 | 128, | 1320 | 256, |
| 894 | SSL_ALL_CIPHERS, | 1321 | SSL_ALL_CIPHERS, |
| 895 | SSL_ALL_STRENGTHS, | 1322 | SSL_ALL_STRENGTHS, |
| 896 | }, | 1323 | }, |
| 897 | /* Cipher 34 */ | 1324 | |
| 1325 | /* Cipher C006 */ | ||
| 898 | { | 1326 | { |
| 899 | 1, | 1327 | 1, |
| 900 | TLS1_TXT_ADH_WITH_AES_128_SHA, | 1328 | TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA, |
| 901 | TLS1_CK_ADH_WITH_AES_128_SHA, | 1329 | TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA, |
| 902 | SSL_kEDH|SSL_aNULL|SSL_AES|SSL_SHA|SSL_TLSV1, | 1330 | SSL_kECDHE|SSL_aECDSA|SSL_eNULL|SSL_SHA|SSL_TLSV1, |
| 903 | SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, | 1331 | SSL_NOT_EXP, |
| 904 | 0, | 1332 | 0, |
| 905 | 128, | 1333 | 0, |
| 906 | 128, | 1334 | 0, |
| 907 | SSL_ALL_CIPHERS, | 1335 | SSL_ALL_CIPHERS, |
| 908 | SSL_ALL_STRENGTHS, | 1336 | SSL_ALL_STRENGTHS, |
| 909 | }, | 1337 | }, |
| 910 | 1338 | ||
| 911 | /* Cipher 35 */ | 1339 | /* Cipher C007 */ |
| 912 | { | 1340 | { |
| 913 | 1, | 1341 | 1, |
| 914 | TLS1_TXT_RSA_WITH_AES_256_SHA, | 1342 | TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA, |
| 915 | TLS1_CK_RSA_WITH_AES_256_SHA, | 1343 | TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA, |
| 916 | SSL_kRSA|SSL_aRSA|SSL_AES|SSL_SHA |SSL_TLSV1, | 1344 | SSL_kECDHE|SSL_aECDSA|SSL_RC4|SSL_SHA|SSL_TLSV1, |
| 917 | SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, | 1345 | SSL_NOT_EXP, |
| 918 | 0, | 1346 | 0, |
| 919 | 256, | 1347 | 128, |
| 920 | 256, | 1348 | 128, |
| 921 | SSL_ALL_CIPHERS, | 1349 | SSL_ALL_CIPHERS, |
| 922 | SSL_ALL_STRENGTHS, | 1350 | SSL_ALL_STRENGTHS, |
| 923 | }, | 1351 | }, |
| 924 | /* Cipher 36 */ | 1352 | |
| 1353 | /* Cipher C008 */ | ||
| 925 | { | 1354 | { |
| 926 | 0, | 1355 | 1, |
| 927 | TLS1_TXT_DH_DSS_WITH_AES_256_SHA, | 1356 | TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA, |
| 928 | TLS1_CK_DH_DSS_WITH_AES_256_SHA, | 1357 | TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA, |
| 929 | SSL_kDHd|SSL_aDH|SSL_AES|SSL_SHA|SSL_TLSV1, | 1358 | SSL_kECDHE|SSL_aECDSA|SSL_3DES|SSL_SHA|SSL_TLSV1, |
| 930 | SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, | 1359 | SSL_NOT_EXP|SSL_HIGH, |
| 931 | 0, | 1360 | 0, |
| 932 | 256, | 1361 | 168, |
| 933 | 256, | 1362 | 168, |
| 934 | SSL_ALL_CIPHERS, | 1363 | SSL_ALL_CIPHERS, |
| 935 | SSL_ALL_STRENGTHS, | 1364 | SSL_ALL_STRENGTHS, |
| 936 | }, | 1365 | }, |
| 937 | /* Cipher 37 */ | 1366 | |
| 1367 | /* Cipher C009 */ | ||
| 938 | { | 1368 | { |
| 939 | 0, | 1369 | 1, |
| 940 | TLS1_TXT_DH_RSA_WITH_AES_256_SHA, | 1370 | TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, |
| 941 | TLS1_CK_DH_RSA_WITH_AES_256_SHA, | 1371 | TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, |
| 942 | SSL_kDHr|SSL_aDH|SSL_AES|SSL_SHA|SSL_TLSV1, | 1372 | SSL_kECDHE|SSL_aECDSA|SSL_AES|SSL_SHA|SSL_TLSV1, |
| 943 | SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, | 1373 | SSL_NOT_EXP|SSL_HIGH, |
| 944 | 0, | 1374 | 0, |
| 945 | 256, | 1375 | 128, |
| 946 | 256, | 1376 | 128, |
| 947 | SSL_ALL_CIPHERS, | 1377 | SSL_ALL_CIPHERS, |
| 948 | SSL_ALL_STRENGTHS, | 1378 | SSL_ALL_STRENGTHS, |
| 949 | }, | 1379 | }, |
| 950 | /* Cipher 38 */ | 1380 | |
| 1381 | /* Cipher C00A */ | ||
| 951 | { | 1382 | { |
| 952 | 1, | 1383 | 1, |
| 953 | TLS1_TXT_DHE_DSS_WITH_AES_256_SHA, | 1384 | TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, |
| 954 | TLS1_CK_DHE_DSS_WITH_AES_256_SHA, | 1385 | TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, |
| 955 | SSL_kEDH|SSL_aDSS|SSL_AES|SSL_SHA|SSL_TLSV1, | 1386 | SSL_kECDHE|SSL_aECDSA|SSL_AES|SSL_SHA|SSL_TLSV1, |
| 956 | SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, | 1387 | SSL_NOT_EXP|SSL_HIGH, |
| 957 | 0, | 1388 | 0, |
| 958 | 256, | 1389 | 256, |
| 959 | 256, | 1390 | 256, |
| 960 | SSL_ALL_CIPHERS, | 1391 | SSL_ALL_CIPHERS, |
| 961 | SSL_ALL_STRENGTHS, | 1392 | SSL_ALL_STRENGTHS, |
| 962 | }, | 1393 | }, |
| 963 | /* Cipher 39 */ | 1394 | |
| 1395 | /* Cipher C00B */ | ||
| 964 | { | 1396 | { |
| 965 | 1, | 1397 | 1, |
| 966 | TLS1_TXT_DHE_RSA_WITH_AES_256_SHA, | 1398 | TLS1_TXT_ECDH_RSA_WITH_NULL_SHA, |
| 967 | TLS1_CK_DHE_RSA_WITH_AES_256_SHA, | 1399 | TLS1_CK_ECDH_RSA_WITH_NULL_SHA, |
| 968 | SSL_kEDH|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1, | 1400 | SSL_kECDH|SSL_aRSA|SSL_eNULL|SSL_SHA|SSL_TLSV1, |
| 969 | SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, | 1401 | SSL_NOT_EXP, |
| 970 | 0, | 1402 | 0, |
| 971 | 256, | 1403 | 0, |
| 972 | 256, | 1404 | 0, |
| 973 | SSL_ALL_CIPHERS, | 1405 | SSL_ALL_CIPHERS, |
| 974 | SSL_ALL_STRENGTHS, | 1406 | SSL_ALL_STRENGTHS, |
| 975 | }, | 1407 | }, |
| 976 | /* Cipher 3A */ | 1408 | |
| 1409 | /* Cipher C00C */ | ||
| 977 | { | 1410 | { |
| 978 | 1, | 1411 | 1, |
| 979 | TLS1_TXT_ADH_WITH_AES_256_SHA, | 1412 | TLS1_TXT_ECDH_RSA_WITH_RC4_128_SHA, |
| 980 | TLS1_CK_ADH_WITH_AES_256_SHA, | 1413 | TLS1_CK_ECDH_RSA_WITH_RC4_128_SHA, |
| 981 | SSL_kEDH|SSL_aNULL|SSL_AES|SSL_SHA|SSL_TLSV1, | 1414 | SSL_kECDH|SSL_aRSA|SSL_RC4|SSL_SHA|SSL_TLSV1, |
| 982 | SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, | 1415 | SSL_NOT_EXP, |
| 983 | 0, | 1416 | 0, |
| 984 | 256, | 1417 | 128, |
| 985 | 256, | 1418 | 128, |
| 986 | SSL_ALL_CIPHERS, | 1419 | SSL_ALL_CIPHERS, |
| 987 | SSL_ALL_STRENGTHS, | 1420 | SSL_ALL_STRENGTHS, |
| 1421 | }, | ||
| 1422 | |||
| 1423 | /* Cipher C00D */ | ||
| 1424 | { | ||
| 1425 | 1, | ||
| 1426 | TLS1_TXT_ECDH_RSA_WITH_DES_192_CBC3_SHA, | ||
| 1427 | TLS1_CK_ECDH_RSA_WITH_DES_192_CBC3_SHA, | ||
| 1428 | SSL_kECDH|SSL_aRSA|SSL_3DES|SSL_SHA|SSL_TLSV1, | ||
| 1429 | SSL_NOT_EXP|SSL_HIGH, | ||
| 1430 | 0, | ||
| 1431 | 168, | ||
| 1432 | 168, | ||
| 1433 | SSL_ALL_CIPHERS, | ||
| 1434 | SSL_ALL_STRENGTHS, | ||
| 1435 | }, | ||
| 1436 | |||
| 1437 | /* Cipher C00E */ | ||
| 1438 | { | ||
| 1439 | 1, | ||
| 1440 | TLS1_TXT_ECDH_RSA_WITH_AES_128_CBC_SHA, | ||
| 1441 | TLS1_CK_ECDH_RSA_WITH_AES_128_CBC_SHA, | ||
| 1442 | SSL_kECDH|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1, | ||
| 1443 | SSL_NOT_EXP|SSL_HIGH, | ||
| 1444 | 0, | ||
| 1445 | 128, | ||
| 1446 | 128, | ||
| 1447 | SSL_ALL_CIPHERS, | ||
| 1448 | SSL_ALL_STRENGTHS, | ||
| 1449 | }, | ||
| 1450 | |||
| 1451 | /* Cipher C00F */ | ||
| 1452 | { | ||
| 1453 | 1, | ||
| 1454 | TLS1_TXT_ECDH_RSA_WITH_AES_256_CBC_SHA, | ||
| 1455 | TLS1_CK_ECDH_RSA_WITH_AES_256_CBC_SHA, | ||
| 1456 | SSL_kECDH|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1, | ||
| 1457 | SSL_NOT_EXP|SSL_HIGH, | ||
| 1458 | 0, | ||
| 1459 | 256, | ||
| 1460 | 256, | ||
| 1461 | SSL_ALL_CIPHERS, | ||
| 1462 | SSL_ALL_STRENGTHS, | ||
| 1463 | }, | ||
| 1464 | |||
| 1465 | /* Cipher C010 */ | ||
| 1466 | { | ||
| 1467 | 1, | ||
| 1468 | TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA, | ||
| 1469 | TLS1_CK_ECDHE_RSA_WITH_NULL_SHA, | ||
| 1470 | SSL_kECDHE|SSL_aRSA|SSL_eNULL|SSL_SHA|SSL_TLSV1, | ||
| 1471 | SSL_NOT_EXP, | ||
| 1472 | 0, | ||
| 1473 | 0, | ||
| 1474 | 0, | ||
| 1475 | SSL_ALL_CIPHERS, | ||
| 1476 | SSL_ALL_STRENGTHS, | ||
| 1477 | }, | ||
| 1478 | |||
| 1479 | /* Cipher C011 */ | ||
| 1480 | { | ||
| 1481 | 1, | ||
| 1482 | TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA, | ||
| 1483 | TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA, | ||
| 1484 | SSL_kECDHE|SSL_aRSA|SSL_RC4|SSL_SHA|SSL_TLSV1, | ||
| 1485 | SSL_NOT_EXP, | ||
| 1486 | 0, | ||
| 1487 | 128, | ||
| 1488 | 128, | ||
| 1489 | SSL_ALL_CIPHERS, | ||
| 1490 | SSL_ALL_STRENGTHS, | ||
| 1491 | }, | ||
| 1492 | |||
| 1493 | /* Cipher C012 */ | ||
| 1494 | { | ||
| 1495 | 1, | ||
| 1496 | TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA, | ||
| 1497 | TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA, | ||
| 1498 | SSL_kECDHE|SSL_aRSA|SSL_3DES|SSL_SHA|SSL_TLSV1, | ||
| 1499 | SSL_NOT_EXP|SSL_HIGH, | ||
| 1500 | 0, | ||
| 1501 | 168, | ||
| 1502 | 168, | ||
| 1503 | SSL_ALL_CIPHERS, | ||
| 1504 | SSL_ALL_STRENGTHS, | ||
| 1505 | }, | ||
| 1506 | |||
| 1507 | /* Cipher C013 */ | ||
| 1508 | { | ||
| 1509 | 1, | ||
| 1510 | TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA, | ||
| 1511 | TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA, | ||
| 1512 | SSL_kECDHE|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1, | ||
| 1513 | SSL_NOT_EXP|SSL_HIGH, | ||
| 1514 | 0, | ||
| 1515 | 128, | ||
| 1516 | 128, | ||
| 1517 | SSL_ALL_CIPHERS, | ||
| 1518 | SSL_ALL_STRENGTHS, | ||
| 1519 | }, | ||
| 1520 | |||
| 1521 | /* Cipher C014 */ | ||
| 1522 | { | ||
| 1523 | 1, | ||
| 1524 | TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA, | ||
| 1525 | TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA, | ||
| 1526 | SSL_kECDHE|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1, | ||
| 1527 | SSL_NOT_EXP|SSL_HIGH, | ||
| 1528 | 0, | ||
| 1529 | 256, | ||
| 1530 | 256, | ||
| 1531 | SSL_ALL_CIPHERS, | ||
| 1532 | SSL_ALL_STRENGTHS, | ||
| 1533 | }, | ||
| 1534 | |||
| 1535 | /* Cipher C015 */ | ||
| 1536 | { | ||
| 1537 | 1, | ||
| 1538 | TLS1_TXT_ECDH_anon_WITH_NULL_SHA, | ||
| 1539 | TLS1_CK_ECDH_anon_WITH_NULL_SHA, | ||
| 1540 | SSL_kECDHE|SSL_aNULL|SSL_eNULL|SSL_SHA|SSL_TLSV1, | ||
| 1541 | SSL_NOT_EXP, | ||
| 1542 | 0, | ||
| 1543 | 0, | ||
| 1544 | 0, | ||
| 1545 | SSL_ALL_CIPHERS, | ||
| 1546 | SSL_ALL_STRENGTHS, | ||
| 988 | }, | 1547 | }, |
| 989 | 1548 | ||
| 1549 | /* Cipher C016 */ | ||
| 1550 | { | ||
| 1551 | 1, | ||
| 1552 | TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA, | ||
| 1553 | TLS1_CK_ECDH_anon_WITH_RC4_128_SHA, | ||
| 1554 | SSL_kECDHE|SSL_aNULL|SSL_RC4|SSL_SHA|SSL_TLSV1, | ||
| 1555 | SSL_NOT_EXP, | ||
| 1556 | 0, | ||
| 1557 | 128, | ||
| 1558 | 128, | ||
| 1559 | SSL_ALL_CIPHERS, | ||
| 1560 | SSL_ALL_STRENGTHS, | ||
| 1561 | }, | ||
| 1562 | |||
| 1563 | /* Cipher C017 */ | ||
| 1564 | { | ||
| 1565 | 1, | ||
| 1566 | TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA, | ||
| 1567 | TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA, | ||
| 1568 | SSL_kECDHE|SSL_aNULL|SSL_3DES|SSL_SHA|SSL_TLSV1, | ||
| 1569 | SSL_NOT_EXP|SSL_HIGH, | ||
| 1570 | 0, | ||
| 1571 | 168, | ||
| 1572 | 168, | ||
| 1573 | SSL_ALL_CIPHERS, | ||
| 1574 | SSL_ALL_STRENGTHS, | ||
| 1575 | }, | ||
| 1576 | |||
| 1577 | /* Cipher C018 */ | ||
| 1578 | { | ||
| 1579 | 1, | ||
| 1580 | TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA, | ||
| 1581 | TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA, | ||
| 1582 | SSL_kECDHE|SSL_aNULL|SSL_AES|SSL_SHA|SSL_TLSV1, | ||
| 1583 | SSL_NOT_EXP|SSL_HIGH, | ||
| 1584 | 0, | ||
| 1585 | 128, | ||
| 1586 | 128, | ||
| 1587 | SSL_ALL_CIPHERS, | ||
| 1588 | SSL_ALL_STRENGTHS, | ||
| 1589 | }, | ||
| 1590 | |||
| 1591 | /* Cipher C019 */ | ||
| 1592 | { | ||
| 1593 | 1, | ||
| 1594 | TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA, | ||
| 1595 | TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA, | ||
| 1596 | SSL_kECDHE|SSL_aNULL|SSL_AES|SSL_SHA|SSL_TLSV1, | ||
| 1597 | SSL_NOT_EXP|SSL_HIGH, | ||
| 1598 | 0, | ||
| 1599 | 256, | ||
| 1600 | 256, | ||
| 1601 | SSL_ALL_CIPHERS, | ||
| 1602 | SSL_ALL_STRENGTHS, | ||
| 1603 | }, | ||
| 1604 | #endif /* OPENSSL_NO_ECDH */ | ||
| 1605 | |||
| 1606 | |||
| 990 | /* end of list */ | 1607 | /* end of list */ |
| 991 | }; | 1608 | }; |
| 992 | 1609 | ||
| 993 | static SSL3_ENC_METHOD SSLv3_enc_data={ | 1610 | SSL3_ENC_METHOD SSLv3_enc_data={ |
| 994 | ssl3_enc, | 1611 | ssl3_enc, |
| 995 | ssl3_mac, | 1612 | ssl3_mac, |
| 996 | ssl3_setup_key_block, | 1613 | ssl3_setup_key_block, |
| @@ -1004,45 +1621,17 @@ static SSL3_ENC_METHOD SSLv3_enc_data={ | |||
| 1004 | ssl3_alert_code, | 1621 | ssl3_alert_code, |
| 1005 | }; | 1622 | }; |
| 1006 | 1623 | ||
| 1007 | static SSL_METHOD SSLv3_data= { | 1624 | long ssl3_default_timeout(void) |
| 1008 | SSL3_VERSION, | ||
| 1009 | ssl3_new, | ||
| 1010 | ssl3_clear, | ||
| 1011 | ssl3_free, | ||
| 1012 | ssl_undefined_function, | ||
| 1013 | ssl_undefined_function, | ||
| 1014 | ssl3_read, | ||
| 1015 | ssl3_peek, | ||
| 1016 | ssl3_write, | ||
| 1017 | ssl3_shutdown, | ||
| 1018 | ssl3_renegotiate, | ||
| 1019 | ssl3_renegotiate_check, | ||
| 1020 | ssl3_ctrl, | ||
| 1021 | ssl3_ctx_ctrl, | ||
| 1022 | ssl3_get_cipher_by_char, | ||
| 1023 | ssl3_put_cipher_by_char, | ||
| 1024 | ssl3_pending, | ||
| 1025 | ssl3_num_ciphers, | ||
| 1026 | ssl3_get_cipher, | ||
| 1027 | ssl_bad_method, | ||
| 1028 | ssl3_default_timeout, | ||
| 1029 | &SSLv3_enc_data, | ||
| 1030 | ssl_undefined_function, | ||
| 1031 | ssl3_callback_ctrl, | ||
| 1032 | ssl3_ctx_callback_ctrl, | ||
| 1033 | }; | ||
| 1034 | |||
| 1035 | static long ssl3_default_timeout(void) | ||
| 1036 | { | 1625 | { |
| 1037 | /* 2 hours, the 24 hours mentioned in the SSLv3 spec | 1626 | /* 2 hours, the 24 hours mentioned in the SSLv3 spec |
| 1038 | * is way too long for http, the cache would over fill */ | 1627 | * is way too long for http, the cache would over fill */ |
| 1039 | return(60*60*2); | 1628 | return(60*60*2); |
| 1040 | } | 1629 | } |
| 1041 | 1630 | ||
| 1042 | SSL_METHOD *sslv3_base_method(void) | 1631 | IMPLEMENT_ssl3_meth_func(sslv3_base_method, |
| 1043 | { | 1632 | ssl_undefined_function, |
| 1044 | return(&SSLv3_data); | 1633 | ssl_undefined_function, |
| 1045 | } | 1634 | ssl_bad_method) |
| 1046 | 1635 | ||
| 1047 | int ssl3_num_ciphers(void) | 1636 | int ssl3_num_ciphers(void) |
| 1048 | { | 1637 | { |
| @@ -1073,6 +1662,8 @@ int ssl3_new(SSL *s) | |||
| 1073 | memset(s3,0,sizeof *s3); | 1662 | memset(s3,0,sizeof *s3); |
| 1074 | EVP_MD_CTX_init(&s3->finish_dgst1); | 1663 | EVP_MD_CTX_init(&s3->finish_dgst1); |
| 1075 | EVP_MD_CTX_init(&s3->finish_dgst2); | 1664 | EVP_MD_CTX_init(&s3->finish_dgst2); |
| 1665 | pq_64bit_init(&(s3->rrec.seq_num)); | ||
| 1666 | pq_64bit_init(&(s3->wrec.seq_num)); | ||
| 1076 | 1667 | ||
| 1077 | s->s3=s3; | 1668 | s->s3=s3; |
| 1078 | 1669 | ||
| @@ -1098,10 +1689,18 @@ void ssl3_free(SSL *s) | |||
| 1098 | if (s->s3->tmp.dh != NULL) | 1689 | if (s->s3->tmp.dh != NULL) |
| 1099 | DH_free(s->s3->tmp.dh); | 1690 | DH_free(s->s3->tmp.dh); |
| 1100 | #endif | 1691 | #endif |
| 1692 | #ifndef OPENSSL_NO_ECDH | ||
| 1693 | if (s->s3->tmp.ecdh != NULL) | ||
| 1694 | EC_KEY_free(s->s3->tmp.ecdh); | ||
| 1695 | #endif | ||
| 1696 | |||
| 1101 | if (s->s3->tmp.ca_names != NULL) | 1697 | if (s->s3->tmp.ca_names != NULL) |
| 1102 | sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free); | 1698 | sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free); |
| 1103 | EVP_MD_CTX_cleanup(&s->s3->finish_dgst1); | 1699 | EVP_MD_CTX_cleanup(&s->s3->finish_dgst1); |
| 1104 | EVP_MD_CTX_cleanup(&s->s3->finish_dgst2); | 1700 | EVP_MD_CTX_cleanup(&s->s3->finish_dgst2); |
| 1701 | pq_64bit_free(&(s->s3->rrec.seq_num)); | ||
| 1702 | pq_64bit_free(&(s->s3->wrec.seq_num)); | ||
| 1703 | |||
| 1105 | OPENSSL_cleanse(s->s3,sizeof *s->s3); | 1704 | OPENSSL_cleanse(s->s3,sizeof *s->s3); |
| 1106 | OPENSSL_free(s->s3); | 1705 | OPENSSL_free(s->s3); |
| 1107 | s->s3=NULL; | 1706 | s->s3=NULL; |
| @@ -1125,6 +1724,10 @@ void ssl3_clear(SSL *s) | |||
| 1125 | if (s->s3->tmp.dh != NULL) | 1724 | if (s->s3->tmp.dh != NULL) |
| 1126 | DH_free(s->s3->tmp.dh); | 1725 | DH_free(s->s3->tmp.dh); |
| 1127 | #endif | 1726 | #endif |
| 1727 | #ifndef OPENSSL_NO_ECDH | ||
| 1728 | if (s->s3->tmp.ecdh != NULL) | ||
| 1729 | EC_KEY_free(s->s3->tmp.ecdh); | ||
| 1730 | #endif | ||
| 1128 | 1731 | ||
| 1129 | rp = s->s3->rbuf.buf; | 1732 | rp = s->s3->rbuf.buf; |
| 1130 | wp = s->s3->wbuf.buf; | 1733 | wp = s->s3->wbuf.buf; |
| @@ -1263,13 +1866,122 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) | |||
| 1263 | } | 1866 | } |
| 1264 | break; | 1867 | break; |
| 1265 | #endif | 1868 | #endif |
| 1869 | #ifndef OPENSSL_NO_ECDH | ||
| 1870 | case SSL_CTRL_SET_TMP_ECDH: | ||
| 1871 | { | ||
| 1872 | EC_KEY *ecdh = NULL; | ||
| 1873 | |||
| 1874 | if (parg == NULL) | ||
| 1875 | { | ||
| 1876 | SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER); | ||
| 1877 | return(ret); | ||
| 1878 | } | ||
| 1879 | if (!EC_KEY_up_ref((EC_KEY *)parg)) | ||
| 1880 | { | ||
| 1881 | SSLerr(SSL_F_SSL3_CTRL,ERR_R_ECDH_LIB); | ||
| 1882 | return(ret); | ||
| 1883 | } | ||
| 1884 | ecdh = (EC_KEY *)parg; | ||
| 1885 | if (!(s->options & SSL_OP_SINGLE_ECDH_USE)) | ||
| 1886 | { | ||
| 1887 | if (!EC_KEY_generate_key(ecdh)) | ||
| 1888 | { | ||
| 1889 | EC_KEY_free(ecdh); | ||
| 1890 | SSLerr(SSL_F_SSL3_CTRL,ERR_R_ECDH_LIB); | ||
| 1891 | return(ret); | ||
| 1892 | } | ||
| 1893 | } | ||
| 1894 | if (s->cert->ecdh_tmp != NULL) | ||
| 1895 | EC_KEY_free(s->cert->ecdh_tmp); | ||
| 1896 | s->cert->ecdh_tmp = ecdh; | ||
| 1897 | ret = 1; | ||
| 1898 | } | ||
| 1899 | break; | ||
| 1900 | case SSL_CTRL_SET_TMP_ECDH_CB: | ||
| 1901 | { | ||
| 1902 | SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); | ||
| 1903 | return(ret); | ||
| 1904 | } | ||
| 1905 | break; | ||
| 1906 | #endif /* !OPENSSL_NO_ECDH */ | ||
| 1907 | #ifndef OPENSSL_NO_TLSEXT | ||
| 1908 | case SSL_CTRL_SET_TLSEXT_HOSTNAME: | ||
| 1909 | if (larg == TLSEXT_NAMETYPE_host_name) | ||
| 1910 | { | ||
| 1911 | if (s->tlsext_hostname != NULL) | ||
| 1912 | OPENSSL_free(s->tlsext_hostname); | ||
| 1913 | s->tlsext_hostname = NULL; | ||
| 1914 | |||
| 1915 | ret = 1; | ||
| 1916 | if (parg == NULL) | ||
| 1917 | break; | ||
| 1918 | if (strlen((char *)parg) > TLSEXT_MAXLEN_host_name) | ||
| 1919 | { | ||
| 1920 | SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME); | ||
| 1921 | return 0; | ||
| 1922 | } | ||
| 1923 | if ((s->tlsext_hostname = BUF_strdup((char *)parg)) == NULL) | ||
| 1924 | { | ||
| 1925 | SSLerr(SSL_F_SSL3_CTRL, ERR_R_INTERNAL_ERROR); | ||
| 1926 | return 0; | ||
| 1927 | } | ||
| 1928 | } | ||
| 1929 | else | ||
| 1930 | { | ||
| 1931 | SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE); | ||
| 1932 | return 0; | ||
| 1933 | } | ||
| 1934 | break; | ||
| 1935 | case SSL_CTRL_SET_TLSEXT_DEBUG_ARG: | ||
| 1936 | s->tlsext_debug_arg=parg; | ||
| 1937 | ret = 1; | ||
| 1938 | break; | ||
| 1939 | |||
| 1940 | case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE: | ||
| 1941 | s->tlsext_status_type=larg; | ||
| 1942 | ret = 1; | ||
| 1943 | break; | ||
| 1944 | |||
| 1945 | case SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS: | ||
| 1946 | *(STACK_OF(X509_EXTENSION) **)parg = s->tlsext_ocsp_exts; | ||
| 1947 | ret = 1; | ||
| 1948 | break; | ||
| 1949 | |||
| 1950 | case SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS: | ||
| 1951 | s->tlsext_ocsp_exts = parg; | ||
| 1952 | ret = 1; | ||
| 1953 | break; | ||
| 1954 | |||
| 1955 | case SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS: | ||
| 1956 | *(STACK_OF(OCSP_RESPID) **)parg = s->tlsext_ocsp_ids; | ||
| 1957 | ret = 1; | ||
| 1958 | break; | ||
| 1959 | |||
| 1960 | case SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS: | ||
| 1961 | s->tlsext_ocsp_ids = parg; | ||
| 1962 | ret = 1; | ||
| 1963 | break; | ||
| 1964 | |||
| 1965 | case SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP: | ||
| 1966 | *(unsigned char **)parg = s->tlsext_ocsp_resp; | ||
| 1967 | return s->tlsext_ocsp_resplen; | ||
| 1968 | |||
| 1969 | case SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP: | ||
| 1970 | if (s->tlsext_ocsp_resp) | ||
| 1971 | OPENSSL_free(s->tlsext_ocsp_resp); | ||
| 1972 | s->tlsext_ocsp_resp = parg; | ||
| 1973 | s->tlsext_ocsp_resplen = larg; | ||
| 1974 | ret = 1; | ||
| 1975 | break; | ||
| 1976 | |||
| 1977 | #endif /* !OPENSSL_NO_TLSEXT */ | ||
| 1266 | default: | 1978 | default: |
| 1267 | break; | 1979 | break; |
| 1268 | } | 1980 | } |
| 1269 | return(ret); | 1981 | return(ret); |
| 1270 | } | 1982 | } |
| 1271 | 1983 | ||
| 1272 | long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp)()) | 1984 | long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp)(void)) |
| 1273 | { | 1985 | { |
| 1274 | int ret=0; | 1986 | int ret=0; |
| 1275 | 1987 | ||
| @@ -1307,6 +2019,19 @@ long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp)()) | |||
| 1307 | } | 2019 | } |
| 1308 | break; | 2020 | break; |
| 1309 | #endif | 2021 | #endif |
| 2022 | #ifndef OPENSSL_NO_ECDH | ||
| 2023 | case SSL_CTRL_SET_TMP_ECDH_CB: | ||
| 2024 | { | ||
| 2025 | s->cert->ecdh_tmp_cb = (EC_KEY *(*)(SSL *, int, int))fp; | ||
| 2026 | } | ||
| 2027 | break; | ||
| 2028 | #endif | ||
| 2029 | #ifndef OPENSSL_NO_TLSEXT | ||
| 2030 | case SSL_CTRL_SET_TLSEXT_DEBUG_CB: | ||
| 2031 | s->tlsext_debug_cb=(void (*)(SSL *,int ,int, | ||
| 2032 | unsigned char *, int, void *))fp; | ||
| 2033 | break; | ||
| 2034 | #endif | ||
| 1310 | default: | 2035 | default: |
| 1311 | break; | 2036 | break; |
| 1312 | } | 2037 | } |
| @@ -1399,6 +2124,83 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) | |||
| 1399 | } | 2124 | } |
| 1400 | break; | 2125 | break; |
| 1401 | #endif | 2126 | #endif |
| 2127 | #ifndef OPENSSL_NO_ECDH | ||
| 2128 | case SSL_CTRL_SET_TMP_ECDH: | ||
| 2129 | { | ||
| 2130 | EC_KEY *ecdh = NULL; | ||
| 2131 | |||
| 2132 | if (parg == NULL) | ||
| 2133 | { | ||
| 2134 | SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_ECDH_LIB); | ||
| 2135 | return 0; | ||
| 2136 | } | ||
| 2137 | ecdh = EC_KEY_dup((EC_KEY *)parg); | ||
| 2138 | if (ecdh == NULL) | ||
| 2139 | { | ||
| 2140 | SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_EC_LIB); | ||
| 2141 | return 0; | ||
| 2142 | } | ||
| 2143 | if (!(ctx->options & SSL_OP_SINGLE_ECDH_USE)) | ||
| 2144 | { | ||
| 2145 | if (!EC_KEY_generate_key(ecdh)) | ||
| 2146 | { | ||
| 2147 | EC_KEY_free(ecdh); | ||
| 2148 | SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_ECDH_LIB); | ||
| 2149 | return 0; | ||
| 2150 | } | ||
| 2151 | } | ||
| 2152 | |||
| 2153 | if (cert->ecdh_tmp != NULL) | ||
| 2154 | { | ||
| 2155 | EC_KEY_free(cert->ecdh_tmp); | ||
| 2156 | } | ||
| 2157 | cert->ecdh_tmp = ecdh; | ||
| 2158 | return 1; | ||
| 2159 | } | ||
| 2160 | /* break; */ | ||
| 2161 | case SSL_CTRL_SET_TMP_ECDH_CB: | ||
| 2162 | { | ||
| 2163 | SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); | ||
| 2164 | return(0); | ||
| 2165 | } | ||
| 2166 | break; | ||
| 2167 | #endif /* !OPENSSL_NO_ECDH */ | ||
| 2168 | #ifndef OPENSSL_NO_TLSEXT | ||
| 2169 | case SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG: | ||
| 2170 | ctx->tlsext_servername_arg=parg; | ||
| 2171 | break; | ||
| 2172 | case SSL_CTRL_SET_TLSEXT_TICKET_KEYS: | ||
| 2173 | case SSL_CTRL_GET_TLSEXT_TICKET_KEYS: | ||
| 2174 | { | ||
| 2175 | unsigned char *keys = parg; | ||
| 2176 | if (!keys) | ||
| 2177 | return 48; | ||
| 2178 | if (larg != 48) | ||
| 2179 | { | ||
| 2180 | SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_INVALID_TICKET_KEYS_LENGTH); | ||
| 2181 | return 0; | ||
| 2182 | } | ||
| 2183 | if (cmd == SSL_CTRL_SET_TLSEXT_TICKET_KEYS) | ||
| 2184 | { | ||
| 2185 | memcpy(ctx->tlsext_tick_key_name, keys, 16); | ||
| 2186 | memcpy(ctx->tlsext_tick_hmac_key, keys + 16, 16); | ||
| 2187 | memcpy(ctx->tlsext_tick_aes_key, keys + 32, 16); | ||
| 2188 | } | ||
| 2189 | else | ||
| 2190 | { | ||
| 2191 | memcpy(keys, ctx->tlsext_tick_key_name, 16); | ||
| 2192 | memcpy(keys + 16, ctx->tlsext_tick_hmac_key, 16); | ||
| 2193 | memcpy(keys + 32, ctx->tlsext_tick_aes_key, 16); | ||
| 2194 | } | ||
| 2195 | return 1; | ||
| 2196 | } | ||
| 2197 | |||
| 2198 | case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG: | ||
| 2199 | ctx->tlsext_status_arg=parg; | ||
| 2200 | return 1; | ||
| 2201 | break; | ||
| 2202 | |||
| 2203 | #endif /* !OPENSSL_NO_TLSEXT */ | ||
| 1402 | /* A Thawte special :-) */ | 2204 | /* A Thawte special :-) */ |
| 1403 | case SSL_CTRL_EXTRA_CHAIN_CERT: | 2205 | case SSL_CTRL_EXTRA_CHAIN_CERT: |
| 1404 | if (ctx->extra_certs == NULL) | 2206 | if (ctx->extra_certs == NULL) |
| @@ -1415,7 +2217,7 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) | |||
| 1415 | return(1); | 2217 | return(1); |
| 1416 | } | 2218 | } |
| 1417 | 2219 | ||
| 1418 | long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)()) | 2220 | long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void)) |
| 1419 | { | 2221 | { |
| 1420 | CERT *cert; | 2222 | CERT *cert; |
| 1421 | 2223 | ||
| @@ -1437,6 +2239,30 @@ long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)()) | |||
| 1437 | } | 2239 | } |
| 1438 | break; | 2240 | break; |
| 1439 | #endif | 2241 | #endif |
| 2242 | #ifndef OPENSSL_NO_ECDH | ||
| 2243 | case SSL_CTRL_SET_TMP_ECDH_CB: | ||
| 2244 | { | ||
| 2245 | cert->ecdh_tmp_cb = (EC_KEY *(*)(SSL *, int, int))fp; | ||
| 2246 | } | ||
| 2247 | break; | ||
| 2248 | #endif | ||
| 2249 | #ifndef OPENSSL_NO_TLSEXT | ||
| 2250 | case SSL_CTRL_SET_TLSEXT_SERVERNAME_CB: | ||
| 2251 | ctx->tlsext_servername_callback=(int (*)(SSL *,int *,void *))fp; | ||
| 2252 | break; | ||
| 2253 | |||
| 2254 | case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB: | ||
| 2255 | ctx->tlsext_status_cb=(int (*)(SSL *,void *))fp; | ||
| 2256 | break; | ||
| 2257 | |||
| 2258 | case SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB: | ||
| 2259 | ctx->tlsext_ticket_key_cb=(int (*)(SSL *,unsigned char *, | ||
| 2260 | unsigned char *, | ||
| 2261 | EVP_CIPHER_CTX *, | ||
| 2262 | HMAC_CTX *, int))fp; | ||
| 2263 | break; | ||
| 2264 | |||
| 2265 | #endif | ||
| 1440 | default: | 2266 | default: |
| 1441 | return(0); | 2267 | return(0); |
| 1442 | } | 2268 | } |
| @@ -1447,41 +2273,19 @@ long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)()) | |||
| 1447 | * available */ | 2273 | * available */ |
| 1448 | SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p) | 2274 | SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p) |
| 1449 | { | 2275 | { |
| 1450 | static int init=1; | 2276 | SSL_CIPHER c,*cp; |
| 1451 | static SSL_CIPHER *sorted[SSL3_NUM_CIPHERS]; | ||
| 1452 | SSL_CIPHER c,*cp= &c,**cpp; | ||
| 1453 | unsigned long id; | 2277 | unsigned long id; |
| 1454 | int i; | ||
| 1455 | |||
| 1456 | if (init) | ||
| 1457 | { | ||
| 1458 | CRYPTO_w_lock(CRYPTO_LOCK_SSL); | ||
| 1459 | |||
| 1460 | if (init) | ||
| 1461 | { | ||
| 1462 | for (i=0; i<SSL3_NUM_CIPHERS; i++) | ||
| 1463 | sorted[i]= &(ssl3_ciphers[i]); | ||
| 1464 | |||
| 1465 | qsort(sorted, | ||
| 1466 | SSL3_NUM_CIPHERS,sizeof(SSL_CIPHER *), | ||
| 1467 | FP_ICC ssl_cipher_ptr_id_cmp); | ||
| 1468 | |||
| 1469 | init=0; | ||
| 1470 | } | ||
| 1471 | |||
| 1472 | CRYPTO_w_unlock(CRYPTO_LOCK_SSL); | ||
| 1473 | } | ||
| 1474 | 2278 | ||
| 1475 | id=0x03000000L|((unsigned long)p[0]<<8L)|(unsigned long)p[1]; | 2279 | id=0x03000000L|((unsigned long)p[0]<<8L)|(unsigned long)p[1]; |
| 1476 | c.id=id; | 2280 | c.id=id; |
| 1477 | cpp=(SSL_CIPHER **)OBJ_bsearch((char *)&cp, | 2281 | cp = (SSL_CIPHER *)OBJ_bsearch((char *)&c, |
| 1478 | (char *)sorted, | 2282 | (char *)ssl3_ciphers, |
| 1479 | SSL3_NUM_CIPHERS,sizeof(SSL_CIPHER *), | 2283 | SSL3_NUM_CIPHERS,sizeof(SSL_CIPHER), |
| 1480 | FP_ICC ssl_cipher_ptr_id_cmp); | 2284 | FP_ICC ssl_cipher_id_cmp); |
| 1481 | if ((cpp == NULL) || !(*cpp)->valid) | 2285 | if (cp == NULL || cp->valid == 0) |
| 1482 | return(NULL); | 2286 | return NULL; |
| 1483 | else | 2287 | else |
| 1484 | return(*cpp); | 2288 | return cp; |
| 1485 | } | 2289 | } |
| 1486 | 2290 | ||
| 1487 | int ssl3_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p) | 2291 | int ssl3_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p) |
| @@ -1504,6 +2308,7 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, | |||
| 1504 | SSL_CIPHER *c,*ret=NULL; | 2308 | SSL_CIPHER *c,*ret=NULL; |
| 1505 | STACK_OF(SSL_CIPHER) *prio, *allow; | 2309 | STACK_OF(SSL_CIPHER) *prio, *allow; |
| 1506 | int i,j,ok; | 2310 | int i,j,ok; |
| 2311 | |||
| 1507 | CERT *cert; | 2312 | CERT *cert; |
| 1508 | unsigned long alg,mask,emask; | 2313 | unsigned long alg,mask,emask; |
| 1509 | 2314 | ||
| @@ -1584,7 +2389,6 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, | |||
| 1584 | } | 2389 | } |
| 1585 | 2390 | ||
| 1586 | if (!ok) continue; | 2391 | if (!ok) continue; |
| 1587 | |||
| 1588 | j=sk_SSL_CIPHER_find(allow,c); | 2392 | j=sk_SSL_CIPHER_find(allow,c); |
| 1589 | if (j >= 0) | 2393 | if (j >= 0) |
| 1590 | { | 2394 | { |
| @@ -1629,6 +2433,26 @@ int ssl3_get_req_cert_type(SSL *s, unsigned char *p) | |||
| 1629 | #ifndef OPENSSL_NO_DSA | 2433 | #ifndef OPENSSL_NO_DSA |
| 1630 | p[ret++]=SSL3_CT_DSS_SIGN; | 2434 | p[ret++]=SSL3_CT_DSS_SIGN; |
| 1631 | #endif | 2435 | #endif |
| 2436 | #ifndef OPENSSL_NO_ECDH | ||
| 2437 | /* We should ask for fixed ECDH certificates only | ||
| 2438 | * for SSL_kECDH (and not SSL_kECDHE) | ||
| 2439 | */ | ||
| 2440 | if ((alg & SSL_kECDH) && (s->version >= TLS1_VERSION)) | ||
| 2441 | { | ||
| 2442 | p[ret++]=TLS_CT_RSA_FIXED_ECDH; | ||
| 2443 | p[ret++]=TLS_CT_ECDSA_FIXED_ECDH; | ||
| 2444 | } | ||
| 2445 | #endif | ||
| 2446 | |||
| 2447 | #ifndef OPENSSL_NO_ECDSA | ||
| 2448 | /* ECDSA certs can be used with RSA cipher suites as well | ||
| 2449 | * so we don't need to check for SSL_kECDH or SSL_kECDHE | ||
| 2450 | */ | ||
| 2451 | if (s->version >= TLS1_VERSION) | ||
| 2452 | { | ||
| 2453 | p[ret++]=TLS_CT_ECDSA_SIGN; | ||
| 2454 | } | ||
| 2455 | #endif | ||
| 1632 | return(ret); | 2456 | return(ret); |
| 1633 | } | 2457 | } |
| 1634 | 2458 | ||
| @@ -1656,13 +2480,13 @@ int ssl3_shutdown(SSL *s) | |||
| 1656 | { | 2480 | { |
| 1657 | /* resend it if not sent */ | 2481 | /* resend it if not sent */ |
| 1658 | #if 1 | 2482 | #if 1 |
| 1659 | ssl3_dispatch_alert(s); | 2483 | s->method->ssl_dispatch_alert(s); |
| 1660 | #endif | 2484 | #endif |
| 1661 | } | 2485 | } |
| 1662 | else if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) | 2486 | else if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) |
| 1663 | { | 2487 | { |
| 1664 | /* If we are waiting for a close from our peer, we are closed */ | 2488 | /* If we are waiting for a close from our peer, we are closed */ |
| 1665 | ssl3_read_bytes(s,0,NULL,0,0); | 2489 | s->method->ssl_read_bytes(s,0,NULL,0,0); |
| 1666 | } | 2490 | } |
| 1667 | 2491 | ||
| 1668 | if ((s->shutdown == (SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN)) && | 2492 | if ((s->shutdown == (SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN)) && |
| @@ -1717,8 +2541,8 @@ int ssl3_write(SSL *s, const void *buf, int len) | |||
| 1717 | } | 2541 | } |
| 1718 | else | 2542 | else |
| 1719 | { | 2543 | { |
| 1720 | ret=ssl3_write_bytes(s,SSL3_RT_APPLICATION_DATA, | 2544 | ret=s->method->ssl_write_bytes(s,SSL3_RT_APPLICATION_DATA, |
| 1721 | buf,len); | 2545 | buf,len); |
| 1722 | if (ret <= 0) return(ret); | 2546 | if (ret <= 0) return(ret); |
| 1723 | } | 2547 | } |
| 1724 | 2548 | ||
| @@ -1732,7 +2556,7 @@ static int ssl3_read_internal(SSL *s, void *buf, int len, int peek) | |||
| 1732 | clear_sys_error(); | 2556 | clear_sys_error(); |
| 1733 | if (s->s3->renegotiate) ssl3_renegotiate_check(s); | 2557 | if (s->s3->renegotiate) ssl3_renegotiate_check(s); |
| 1734 | s->s3->in_read_app_data=1; | 2558 | s->s3->in_read_app_data=1; |
| 1735 | ret=ssl3_read_bytes(s,SSL3_RT_APPLICATION_DATA,buf,len,peek); | 2559 | ret=s->method->ssl_read_bytes(s,SSL3_RT_APPLICATION_DATA,buf,len,peek); |
| 1736 | if ((ret == -1) && (s->s3->in_read_app_data == 2)) | 2560 | if ((ret == -1) && (s->s3->in_read_app_data == 2)) |
| 1737 | { | 2561 | { |
| 1738 | /* ssl3_read_bytes decided to call s->handshake_func, which | 2562 | /* ssl3_read_bytes decided to call s->handshake_func, which |
| @@ -1741,7 +2565,7 @@ static int ssl3_read_internal(SSL *s, void *buf, int len, int peek) | |||
| 1741 | * and thinks that application data makes sense here; so disable | 2565 | * and thinks that application data makes sense here; so disable |
| 1742 | * handshake processing and try to read application data again. */ | 2566 | * handshake processing and try to read application data again. */ |
| 1743 | s->in_handshake++; | 2567 | s->in_handshake++; |
| 1744 | ret=ssl3_read_bytes(s,SSL3_RT_APPLICATION_DATA,buf,len,peek); | 2568 | ret=s->method->ssl_read_bytes(s,SSL3_RT_APPLICATION_DATA,buf,len,peek); |
| 1745 | s->in_handshake--; | 2569 | s->in_handshake--; |
| 1746 | } | 2570 | } |
| 1747 | else | 2571 | else |
diff --git a/src/lib/libssl/s3_pkt.c b/src/lib/libssl/s3_pkt.c index cb0b12b400..44c7c143fe 100644 --- a/src/lib/libssl/s3_pkt.c +++ b/src/lib/libssl/s3_pkt.c | |||
| @@ -118,15 +118,9 @@ | |||
| 118 | 118 | ||
| 119 | static int do_ssl3_write(SSL *s, int type, const unsigned char *buf, | 119 | static int do_ssl3_write(SSL *s, int type, const unsigned char *buf, |
| 120 | unsigned int len, int create_empty_fragment); | 120 | unsigned int len, int create_empty_fragment); |
| 121 | static int ssl3_write_pending(SSL *s, int type, const unsigned char *buf, | ||
| 122 | unsigned int len); | ||
| 123 | static int ssl3_get_record(SSL *s); | 121 | static int ssl3_get_record(SSL *s); |
| 124 | static int do_compress(SSL *ssl); | ||
| 125 | static int do_uncompress(SSL *ssl); | ||
| 126 | static int do_change_cipher_spec(SSL *ssl); | ||
| 127 | 122 | ||
| 128 | /* used only by ssl3_get_record */ | 123 | int ssl3_read_n(SSL *s, int n, int max, int extend) |
| 129 | static int ssl3_read_n(SSL *s, int n, int max, int extend) | ||
| 130 | { | 124 | { |
| 131 | /* If extend == 0, obtain new n-byte packet; if extend == 1, increase | 125 | /* If extend == 0, obtain new n-byte packet; if extend == 1, increase |
| 132 | * packet by another n bytes. | 126 | * packet by another n bytes. |
| @@ -147,6 +141,14 @@ static int ssl3_read_n(SSL *s, int n, int max, int extend) | |||
| 147 | /* ... now we can act as if 'extend' was set */ | 141 | /* ... now we can act as if 'extend' was set */ |
| 148 | } | 142 | } |
| 149 | 143 | ||
| 144 | /* extend reads should not span multiple packets for DTLS */ | ||
| 145 | if ( SSL_version(s) == DTLS1_VERSION && | ||
| 146 | extend) | ||
| 147 | { | ||
| 148 | if ( s->s3->rbuf.left > 0 && n > s->s3->rbuf.left) | ||
| 149 | n = s->s3->rbuf.left; | ||
| 150 | } | ||
| 151 | |||
| 150 | /* if there is enough in the buffer from a previous read, take some */ | 152 | /* if there is enough in the buffer from a previous read, take some */ |
| 151 | if (s->s3->rbuf.left >= (int)n) | 153 | if (s->s3->rbuf.left >= (int)n) |
| 152 | { | 154 | { |
| @@ -275,11 +277,7 @@ again: | |||
| 275 | n2s(p,rr->length); | 277 | n2s(p,rr->length); |
| 276 | 278 | ||
| 277 | /* Lets check version */ | 279 | /* Lets check version */ |
| 278 | if (s->first_packet) | 280 | if (!s->first_packet) |
| 279 | { | ||
| 280 | s->first_packet=0; | ||
| 281 | } | ||
| 282 | else | ||
| 283 | { | 281 | { |
| 284 | if (version != s->version) | 282 | if (version != s->version) |
| 285 | { | 283 | { |
| @@ -434,7 +432,7 @@ printf("\n"); | |||
| 434 | SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_COMPRESSED_LENGTH_TOO_LONG); | 432 | SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_COMPRESSED_LENGTH_TOO_LONG); |
| 435 | goto f_err; | 433 | goto f_err; |
| 436 | } | 434 | } |
| 437 | if (!do_uncompress(s)) | 435 | if (!ssl3_do_uncompress(s)) |
| 438 | { | 436 | { |
| 439 | al=SSL_AD_DECOMPRESSION_FAILURE; | 437 | al=SSL_AD_DECOMPRESSION_FAILURE; |
| 440 | SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_BAD_DECOMPRESSION); | 438 | SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_BAD_DECOMPRESSION); |
| @@ -472,8 +470,9 @@ err: | |||
| 472 | return(ret); | 470 | return(ret); |
| 473 | } | 471 | } |
| 474 | 472 | ||
| 475 | static int do_uncompress(SSL *ssl) | 473 | int ssl3_do_uncompress(SSL *ssl) |
| 476 | { | 474 | { |
| 475 | #ifndef OPENSSL_NO_COMP | ||
| 477 | int i; | 476 | int i; |
| 478 | SSL3_RECORD *rr; | 477 | SSL3_RECORD *rr; |
| 479 | 478 | ||
| @@ -485,12 +484,13 @@ static int do_uncompress(SSL *ssl) | |||
| 485 | else | 484 | else |
| 486 | rr->length=i; | 485 | rr->length=i; |
| 487 | rr->data=rr->comp; | 486 | rr->data=rr->comp; |
| 488 | 487 | #endif | |
| 489 | return(1); | 488 | return(1); |
| 490 | } | 489 | } |
| 491 | 490 | ||
| 492 | static int do_compress(SSL *ssl) | 491 | int ssl3_do_compress(SSL *ssl) |
| 493 | { | 492 | { |
| 493 | #ifndef OPENSSL_NO_COMP | ||
| 494 | int i; | 494 | int i; |
| 495 | SSL3_RECORD *wr; | 495 | SSL3_RECORD *wr; |
| 496 | 496 | ||
| @@ -504,6 +504,7 @@ static int do_compress(SSL *ssl) | |||
| 504 | wr->length=i; | 504 | wr->length=i; |
| 505 | 505 | ||
| 506 | wr->input=wr->data; | 506 | wr->input=wr->data; |
| 507 | #endif | ||
| 507 | return(1); | 508 | return(1); |
| 508 | } | 509 | } |
| 509 | 510 | ||
| @@ -580,7 +581,7 @@ static int do_ssl3_write(SSL *s, int type, const unsigned char *buf, | |||
| 580 | /* If we have an alert to send, lets send it */ | 581 | /* If we have an alert to send, lets send it */ |
| 581 | if (s->s3->alert_dispatch) | 582 | if (s->s3->alert_dispatch) |
| 582 | { | 583 | { |
| 583 | i=ssl3_dispatch_alert(s); | 584 | i=s->method->ssl_dispatch_alert(s); |
| 584 | if (i <= 0) | 585 | if (i <= 0) |
| 585 | return(i); | 586 | return(i); |
| 586 | /* if it went, fall through and send more stuff */ | 587 | /* if it went, fall through and send more stuff */ |
| @@ -655,7 +656,7 @@ static int do_ssl3_write(SSL *s, int type, const unsigned char *buf, | |||
| 655 | /* first we compress */ | 656 | /* first we compress */ |
| 656 | if (s->compress != NULL) | 657 | if (s->compress != NULL) |
| 657 | { | 658 | { |
| 658 | if (!do_compress(s)) | 659 | if (!ssl3_do_compress(s)) |
| 659 | { | 660 | { |
| 660 | SSLerr(SSL_F_DO_SSL3_WRITE,SSL_R_COMPRESSION_FAILURE); | 661 | SSLerr(SSL_F_DO_SSL3_WRITE,SSL_R_COMPRESSION_FAILURE); |
| 661 | goto err; | 662 | goto err; |
| @@ -716,8 +717,8 @@ err: | |||
| 716 | } | 717 | } |
| 717 | 718 | ||
| 718 | /* if s->s3->wbuf.left != 0, we need to call this */ | 719 | /* if s->s3->wbuf.left != 0, we need to call this */ |
| 719 | static int ssl3_write_pending(SSL *s, int type, const unsigned char *buf, | 720 | int ssl3_write_pending(SSL *s, int type, const unsigned char *buf, |
| 720 | unsigned int len) | 721 | unsigned int len) |
| 721 | { | 722 | { |
| 722 | int i; | 723 | int i; |
| 723 | 724 | ||
| @@ -1089,7 +1090,7 @@ start: | |||
| 1089 | if (s->s3->tmp.new_cipher == NULL) | 1090 | if (s->s3->tmp.new_cipher == NULL) |
| 1090 | { | 1091 | { |
| 1091 | al=SSL_AD_UNEXPECTED_MESSAGE; | 1092 | al=SSL_AD_UNEXPECTED_MESSAGE; |
| 1092 | SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_CCS_RECEIVED_EARLY); | 1093 | SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_CCS_RECEIVED_EARLY); |
| 1093 | goto f_err; | 1094 | goto f_err; |
| 1094 | } | 1095 | } |
| 1095 | 1096 | ||
| @@ -1099,7 +1100,7 @@ start: | |||
| 1099 | s->msg_callback(0, s->version, SSL3_RT_CHANGE_CIPHER_SPEC, rr->data, 1, s, s->msg_callback_arg); | 1100 | s->msg_callback(0, s->version, SSL3_RT_CHANGE_CIPHER_SPEC, rr->data, 1, s, s->msg_callback_arg); |
| 1100 | 1101 | ||
| 1101 | s->s3->change_cipher_spec=1; | 1102 | s->s3->change_cipher_spec=1; |
| 1102 | if (!do_change_cipher_spec(s)) | 1103 | if (!ssl3_do_change_cipher_spec(s)) |
| 1103 | goto err; | 1104 | goto err; |
| 1104 | else | 1105 | else |
| 1105 | goto start; | 1106 | goto start; |
| @@ -1211,7 +1212,7 @@ err: | |||
| 1211 | return(-1); | 1212 | return(-1); |
| 1212 | } | 1213 | } |
| 1213 | 1214 | ||
| 1214 | static int do_change_cipher_spec(SSL *s) | 1215 | int ssl3_do_change_cipher_spec(SSL *s) |
| 1215 | { | 1216 | { |
| 1216 | int i; | 1217 | int i; |
| 1217 | const char *sender; | 1218 | const char *sender; |
| @@ -1268,7 +1269,7 @@ void ssl3_send_alert(SSL *s, int level, int desc) | |||
| 1268 | s->s3->send_alert[0]=level; | 1269 | s->s3->send_alert[0]=level; |
| 1269 | s->s3->send_alert[1]=desc; | 1270 | s->s3->send_alert[1]=desc; |
| 1270 | if (s->s3->wbuf.left == 0) /* data still being written out? */ | 1271 | if (s->s3->wbuf.left == 0) /* data still being written out? */ |
| 1271 | ssl3_dispatch_alert(s); | 1272 | s->method->ssl_dispatch_alert(s); |
| 1272 | /* else data is still being written out, we will get written | 1273 | /* else data is still being written out, we will get written |
| 1273 | * some time in the future */ | 1274 | * some time in the future */ |
| 1274 | } | 1275 | } |
diff --git a/src/lib/libssl/s3_srvr.c b/src/lib/libssl/s3_srvr.c index 36fc39d7f8..903522ab59 100644 --- a/src/lib/libssl/s3_srvr.c +++ b/src/lib/libssl/s3_srvr.c | |||
| @@ -56,7 +56,7 @@ | |||
| 56 | * [including the GNU Public Licence.] | 56 | * [including the GNU Public Licence.] |
| 57 | */ | 57 | */ |
| 58 | /* ==================================================================== | 58 | /* ==================================================================== |
| 59 | * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. | 59 | * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved. |
| 60 | * | 60 | * |
| 61 | * Redistribution and use in source and binary forms, with or without | 61 | * Redistribution and use in source and binary forms, with or without |
| 62 | * modification, are permitted provided that the following conditions | 62 | * modification, are permitted provided that the following conditions |
| @@ -108,11 +108,23 @@ | |||
| 108 | * Hudson (tjh@cryptsoft.com). | 108 | * Hudson (tjh@cryptsoft.com). |
| 109 | * | 109 | * |
| 110 | */ | 110 | */ |
| 111 | /* ==================================================================== | ||
| 112 | * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. | ||
| 113 | * | ||
| 114 | * Portions of the attached software ("Contribution") are developed by | ||
| 115 | * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project. | ||
| 116 | * | ||
| 117 | * The Contribution is licensed pursuant to the OpenSSL open source | ||
| 118 | * license provided above. | ||
| 119 | * | ||
| 120 | * ECC cipher suite support in OpenSSL originally written by | ||
| 121 | * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories. | ||
| 122 | * | ||
| 123 | */ | ||
| 111 | 124 | ||
| 112 | #define REUSE_CIPHER_BUG | 125 | #define REUSE_CIPHER_BUG |
| 113 | #define NETSCAPE_HANG_BUG | 126 | #define NETSCAPE_HANG_BUG |
| 114 | 127 | ||
| 115 | |||
| 116 | #include <stdio.h> | 128 | #include <stdio.h> |
| 117 | #include "ssl_locl.h" | 129 | #include "ssl_locl.h" |
| 118 | #include "kssl_lcl.h" | 130 | #include "kssl_lcl.h" |
| @@ -120,24 +132,21 @@ | |||
| 120 | #include <openssl/rand.h> | 132 | #include <openssl/rand.h> |
| 121 | #include <openssl/objects.h> | 133 | #include <openssl/objects.h> |
| 122 | #include <openssl/evp.h> | 134 | #include <openssl/evp.h> |
| 135 | #include <openssl/hmac.h> | ||
| 123 | #include <openssl/x509.h> | 136 | #include <openssl/x509.h> |
| 137 | #ifndef OPENSSL_NO_DH | ||
| 138 | #include <openssl/dh.h> | ||
| 139 | #endif | ||
| 140 | #include <openssl/bn.h> | ||
| 124 | #ifndef OPENSSL_NO_KRB5 | 141 | #ifndef OPENSSL_NO_KRB5 |
| 125 | #include <openssl/krb5_asn.h> | 142 | #include <openssl/krb5_asn.h> |
| 126 | #endif | 143 | #endif |
| 127 | #include <openssl/md5.h> | 144 | #include <openssl/md5.h> |
| 128 | #include <openssl/fips.h> | ||
| 129 | 145 | ||
| 130 | static SSL_METHOD *ssl3_get_server_method(int ver); | 146 | static SSL_METHOD *ssl3_get_server_method(int ver); |
| 131 | static int ssl3_get_client_hello(SSL *s); | 147 | #ifndef OPENSSL_NO_ECDH |
| 132 | static int ssl3_check_client_hello(SSL *s); | 148 | static int nid2curve_id(int nid); |
| 133 | static int ssl3_send_server_hello(SSL *s); | 149 | #endif |
| 134 | static int ssl3_send_server_key_exchange(SSL *s); | ||
| 135 | static int ssl3_send_certificate_request(SSL *s); | ||
| 136 | static int ssl3_send_server_done(SSL *s); | ||
| 137 | static int ssl3_get_client_key_exchange(SSL *s); | ||
| 138 | static int ssl3_get_client_certificate(SSL *s); | ||
| 139 | static int ssl3_get_cert_verify(SSL *s); | ||
| 140 | static int ssl3_send_hello_request(SSL *s); | ||
| 141 | 150 | ||
| 142 | static SSL_METHOD *ssl3_get_server_method(int ver) | 151 | static SSL_METHOD *ssl3_get_server_method(int ver) |
| 143 | { | 152 | { |
| @@ -147,28 +156,10 @@ static SSL_METHOD *ssl3_get_server_method(int ver) | |||
| 147 | return(NULL); | 156 | return(NULL); |
| 148 | } | 157 | } |
| 149 | 158 | ||
| 150 | SSL_METHOD *SSLv3_server_method(void) | 159 | IMPLEMENT_ssl3_meth_func(SSLv3_server_method, |
| 151 | { | 160 | ssl3_accept, |
| 152 | static int init=1; | 161 | ssl_undefined_function, |
| 153 | static SSL_METHOD SSLv3_server_data; | 162 | ssl3_get_server_method) |
| 154 | |||
| 155 | if (init) | ||
| 156 | { | ||
| 157 | CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD); | ||
| 158 | |||
| 159 | if (init) | ||
| 160 | { | ||
| 161 | memcpy((char *)&SSLv3_server_data,(char *)sslv3_base_method(), | ||
| 162 | sizeof(SSL_METHOD)); | ||
| 163 | SSLv3_server_data.ssl_accept=ssl3_accept; | ||
| 164 | SSLv3_server_data.get_ssl_method=ssl3_get_server_method; | ||
| 165 | init=0; | ||
| 166 | } | ||
| 167 | |||
| 168 | CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD); | ||
| 169 | } | ||
| 170 | return(&SSLv3_server_data); | ||
| 171 | } | ||
| 172 | 163 | ||
| 173 | int ssl3_accept(SSL *s) | 164 | int ssl3_accept(SSL *s) |
| 174 | { | 165 | { |
| @@ -299,9 +290,18 @@ int ssl3_accept(SSL *s) | |||
| 299 | case SSL3_ST_SW_SRVR_HELLO_B: | 290 | case SSL3_ST_SW_SRVR_HELLO_B: |
| 300 | ret=ssl3_send_server_hello(s); | 291 | ret=ssl3_send_server_hello(s); |
| 301 | if (ret <= 0) goto end; | 292 | if (ret <= 0) goto end; |
| 302 | 293 | #ifndef OPENSSL_NO_TLSEXT | |
| 303 | if (s->hit) | 294 | if (s->hit) |
| 304 | s->state=SSL3_ST_SW_CHANGE_A; | 295 | { |
| 296 | if (s->tlsext_ticket_expected) | ||
| 297 | s->state=SSL3_ST_SW_SESSION_TICKET_A; | ||
| 298 | else | ||
| 299 | s->state=SSL3_ST_SW_CHANGE_A; | ||
| 300 | } | ||
| 301 | #else | ||
| 302 | if (s->hit) | ||
| 303 | s->state=SSL3_ST_SW_CHANGE_A; | ||
| 304 | #endif | ||
| 305 | else | 305 | else |
| 306 | s->state=SSL3_ST_SW_CERT_A; | 306 | s->state=SSL3_ST_SW_CERT_A; |
| 307 | s->init_num=0; | 307 | s->init_num=0; |
| @@ -309,15 +309,30 @@ int ssl3_accept(SSL *s) | |||
| 309 | 309 | ||
| 310 | case SSL3_ST_SW_CERT_A: | 310 | case SSL3_ST_SW_CERT_A: |
| 311 | case SSL3_ST_SW_CERT_B: | 311 | case SSL3_ST_SW_CERT_B: |
| 312 | /* Check if it is anon DH */ | 312 | /* Check if it is anon DH or anon ECDH or KRB5 */ |
| 313 | if (!(s->s3->tmp.new_cipher->algorithms & SSL_aNULL)) | 313 | if (!(s->s3->tmp.new_cipher->algorithms & SSL_aNULL) |
| 314 | && !(s->s3->tmp.new_cipher->algorithms & SSL_aKRB5)) | ||
| 314 | { | 315 | { |
| 315 | ret=ssl3_send_server_certificate(s); | 316 | ret=ssl3_send_server_certificate(s); |
| 316 | if (ret <= 0) goto end; | 317 | if (ret <= 0) goto end; |
| 318 | #ifndef OPENSSL_NO_TLSEXT | ||
| 319 | if (s->tlsext_status_expected) | ||
| 320 | s->state=SSL3_ST_SW_CERT_STATUS_A; | ||
| 321 | else | ||
| 322 | s->state=SSL3_ST_SW_KEY_EXCH_A; | ||
| 323 | } | ||
| 324 | else | ||
| 325 | { | ||
| 326 | skip = 1; | ||
| 327 | s->state=SSL3_ST_SW_KEY_EXCH_A; | ||
| 328 | } | ||
| 329 | #else | ||
| 317 | } | 330 | } |
| 318 | else | 331 | else |
| 319 | skip=1; | 332 | skip=1; |
| 333 | |||
| 320 | s->state=SSL3_ST_SW_KEY_EXCH_A; | 334 | s->state=SSL3_ST_SW_KEY_EXCH_A; |
| 335 | #endif | ||
| 321 | s->init_num=0; | 336 | s->init_num=0; |
| 322 | break; | 337 | break; |
| 323 | 338 | ||
| @@ -340,9 +355,18 @@ int ssl3_accept(SSL *s) | |||
| 340 | else | 355 | else |
| 341 | s->s3->tmp.use_rsa_tmp=0; | 356 | s->s3->tmp.use_rsa_tmp=0; |
| 342 | 357 | ||
| 358 | |||
| 343 | /* only send if a DH key exchange, fortezza or | 359 | /* only send if a DH key exchange, fortezza or |
| 344 | * RSA but we have a sign only certificate */ | 360 | * RSA but we have a sign only certificate |
| 361 | * | ||
| 362 | * For ECC ciphersuites, we send a serverKeyExchange | ||
| 363 | * message only if the cipher suite is either | ||
| 364 | * ECDH-anon or ECDHE. In other cases, the | ||
| 365 | * server certificate contains the server's | ||
| 366 | * public key for key exchange. | ||
| 367 | */ | ||
| 345 | if (s->s3->tmp.use_rsa_tmp | 368 | if (s->s3->tmp.use_rsa_tmp |
| 369 | || (l & SSL_kECDHE) | ||
| 346 | || (l & (SSL_DH|SSL_kFZA)) | 370 | || (l & (SSL_DH|SSL_kFZA)) |
| 347 | || ((l & SSL_kRSA) | 371 | || ((l & SSL_kRSA) |
| 348 | && (s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL | 372 | && (s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL |
| @@ -446,19 +470,33 @@ int ssl3_accept(SSL *s) | |||
| 446 | case SSL3_ST_SR_KEY_EXCH_A: | 470 | case SSL3_ST_SR_KEY_EXCH_A: |
| 447 | case SSL3_ST_SR_KEY_EXCH_B: | 471 | case SSL3_ST_SR_KEY_EXCH_B: |
| 448 | ret=ssl3_get_client_key_exchange(s); | 472 | ret=ssl3_get_client_key_exchange(s); |
| 449 | if (ret <= 0) goto end; | 473 | if (ret <= 0) |
| 450 | s->state=SSL3_ST_SR_CERT_VRFY_A; | 474 | goto end; |
| 451 | s->init_num=0; | 475 | if (ret == 2) |
| 452 | 476 | { | |
| 453 | /* We need to get hashes here so if there is | 477 | /* For the ECDH ciphersuites when |
| 454 | * a client cert, it can be verified */ | 478 | * the client sends its ECDH pub key in |
| 455 | s->method->ssl3_enc->cert_verify_mac(s, | 479 | * a certificate, the CertificateVerify |
| 456 | &(s->s3->finish_dgst1), | 480 | * message is not sent. |
| 457 | &(s->s3->tmp.cert_verify_md[0])); | 481 | */ |
| 458 | s->method->ssl3_enc->cert_verify_mac(s, | 482 | s->state=SSL3_ST_SR_FINISHED_A; |
| 459 | &(s->s3->finish_dgst2), | 483 | s->init_num = 0; |
| 460 | &(s->s3->tmp.cert_verify_md[MD5_DIGEST_LENGTH])); | 484 | } |
| 485 | else | ||
| 486 | { | ||
| 487 | s->state=SSL3_ST_SR_CERT_VRFY_A; | ||
| 488 | s->init_num=0; | ||
| 461 | 489 | ||
| 490 | /* We need to get hashes here so if there is | ||
| 491 | * a client cert, it can be verified | ||
| 492 | */ | ||
| 493 | s->method->ssl3_enc->cert_verify_mac(s, | ||
| 494 | &(s->s3->finish_dgst1), | ||
| 495 | &(s->s3->tmp.cert_verify_md[0])); | ||
| 496 | s->method->ssl3_enc->cert_verify_mac(s, | ||
| 497 | &(s->s3->finish_dgst2), | ||
| 498 | &(s->s3->tmp.cert_verify_md[MD5_DIGEST_LENGTH])); | ||
| 499 | } | ||
| 462 | break; | 500 | break; |
| 463 | 501 | ||
| 464 | case SSL3_ST_SR_CERT_VRFY_A: | 502 | case SSL3_ST_SR_CERT_VRFY_A: |
| @@ -479,11 +517,34 @@ int ssl3_accept(SSL *s) | |||
| 479 | if (ret <= 0) goto end; | 517 | if (ret <= 0) goto end; |
| 480 | if (s->hit) | 518 | if (s->hit) |
| 481 | s->state=SSL_ST_OK; | 519 | s->state=SSL_ST_OK; |
| 520 | #ifndef OPENSSL_NO_TLSEXT | ||
| 521 | else if (s->tlsext_ticket_expected) | ||
| 522 | s->state=SSL3_ST_SW_SESSION_TICKET_A; | ||
| 523 | #endif | ||
| 482 | else | 524 | else |
| 483 | s->state=SSL3_ST_SW_CHANGE_A; | 525 | s->state=SSL3_ST_SW_CHANGE_A; |
| 484 | s->init_num=0; | 526 | s->init_num=0; |
| 485 | break; | 527 | break; |
| 486 | 528 | ||
| 529 | #ifndef OPENSSL_NO_TLSEXT | ||
| 530 | case SSL3_ST_SW_SESSION_TICKET_A: | ||
| 531 | case SSL3_ST_SW_SESSION_TICKET_B: | ||
| 532 | ret=ssl3_send_newsession_ticket(s); | ||
| 533 | if (ret <= 0) goto end; | ||
| 534 | s->state=SSL3_ST_SW_CHANGE_A; | ||
| 535 | s->init_num=0; | ||
| 536 | break; | ||
| 537 | |||
| 538 | case SSL3_ST_SW_CERT_STATUS_A: | ||
| 539 | case SSL3_ST_SW_CERT_STATUS_B: | ||
| 540 | ret=ssl3_send_cert_status(s); | ||
| 541 | if (ret <= 0) goto end; | ||
| 542 | s->state=SSL3_ST_SW_KEY_EXCH_A; | ||
| 543 | s->init_num=0; | ||
| 544 | break; | ||
| 545 | |||
| 546 | #endif | ||
| 547 | |||
| 487 | case SSL3_ST_SW_CHANGE_A: | 548 | case SSL3_ST_SW_CHANGE_A: |
| 488 | case SSL3_ST_SW_CHANGE_B: | 549 | case SSL3_ST_SW_CHANGE_B: |
| 489 | 550 | ||
| @@ -589,7 +650,7 @@ end: | |||
| 589 | return(ret); | 650 | return(ret); |
| 590 | } | 651 | } |
| 591 | 652 | ||
| 592 | static int ssl3_send_hello_request(SSL *s) | 653 | int ssl3_send_hello_request(SSL *s) |
| 593 | { | 654 | { |
| 594 | unsigned char *p; | 655 | unsigned char *p; |
| 595 | 656 | ||
| @@ -611,14 +672,14 @@ static int ssl3_send_hello_request(SSL *s) | |||
| 611 | return(ssl3_do_write(s,SSL3_RT_HANDSHAKE)); | 672 | return(ssl3_do_write(s,SSL3_RT_HANDSHAKE)); |
| 612 | } | 673 | } |
| 613 | 674 | ||
| 614 | static int ssl3_check_client_hello(SSL *s) | 675 | int ssl3_check_client_hello(SSL *s) |
| 615 | { | 676 | { |
| 616 | int ok; | 677 | int ok; |
| 617 | long n; | 678 | long n; |
| 618 | 679 | ||
| 619 | /* this function is called when we really expect a Certificate message, | 680 | /* this function is called when we really expect a Certificate message, |
| 620 | * so permit appropriate message length */ | 681 | * so permit appropriate message length */ |
| 621 | n=ssl3_get_message(s, | 682 | n=s->method->ssl_get_message(s, |
| 622 | SSL3_ST_SR_CERT_A, | 683 | SSL3_ST_SR_CERT_A, |
| 623 | SSL3_ST_SR_CERT_B, | 684 | SSL3_ST_SR_CERT_B, |
| 624 | -1, | 685 | -1, |
| @@ -644,14 +705,17 @@ static int ssl3_check_client_hello(SSL *s) | |||
| 644 | return 1; | 705 | return 1; |
| 645 | } | 706 | } |
| 646 | 707 | ||
| 647 | static int ssl3_get_client_hello(SSL *s) | 708 | int ssl3_get_client_hello(SSL *s) |
| 648 | { | 709 | { |
| 649 | int i,j,ok,al,ret= -1; | 710 | int i,j,ok,al,ret= -1; |
| 711 | unsigned int cookie_len; | ||
| 650 | long n; | 712 | long n; |
| 651 | unsigned long id; | 713 | unsigned long id; |
| 652 | unsigned char *p,*d,*q; | 714 | unsigned char *p,*d,*q; |
| 653 | SSL_CIPHER *c; | 715 | SSL_CIPHER *c; |
| 716 | #ifndef OPENSSL_NO_COMP | ||
| 654 | SSL_COMP *comp=NULL; | 717 | SSL_COMP *comp=NULL; |
| 718 | #endif | ||
| 655 | STACK_OF(SSL_CIPHER) *ciphers=NULL; | 719 | STACK_OF(SSL_CIPHER) *ciphers=NULL; |
| 656 | 720 | ||
| 657 | /* We do this so that we will respond with our native type. | 721 | /* We do this so that we will respond with our native type. |
| @@ -662,10 +726,10 @@ static int ssl3_get_client_hello(SSL *s) | |||
| 662 | */ | 726 | */ |
| 663 | if (s->state == SSL3_ST_SR_CLNT_HELLO_A) | 727 | if (s->state == SSL3_ST_SR_CLNT_HELLO_A) |
| 664 | { | 728 | { |
| 665 | s->first_packet=1; | ||
| 666 | s->state=SSL3_ST_SR_CLNT_HELLO_B; | 729 | s->state=SSL3_ST_SR_CLNT_HELLO_B; |
| 667 | } | 730 | } |
| 668 | n=ssl3_get_message(s, | 731 | s->first_packet=1; |
| 732 | n=s->method->ssl_get_message(s, | ||
| 669 | SSL3_ST_SR_CLNT_HELLO_B, | 733 | SSL3_ST_SR_CLNT_HELLO_B, |
| 670 | SSL3_ST_SR_CLNT_HELLO_C, | 734 | SSL3_ST_SR_CLNT_HELLO_C, |
| 671 | SSL3_MT_CLIENT_HELLO, | 735 | SSL3_MT_CLIENT_HELLO, |
| @@ -673,6 +737,7 @@ static int ssl3_get_client_hello(SSL *s) | |||
| 673 | &ok); | 737 | &ok); |
| 674 | 738 | ||
| 675 | if (!ok) return((int)n); | 739 | if (!ok) return((int)n); |
| 740 | s->first_packet=0; | ||
| 676 | d=p=(unsigned char *)s->init_msg; | 741 | d=p=(unsigned char *)s->init_msg; |
| 677 | 742 | ||
| 678 | /* use version from inside client hello, not from record header | 743 | /* use version from inside client hello, not from record header |
| @@ -680,7 +745,8 @@ static int ssl3_get_client_hello(SSL *s) | |||
| 680 | s->client_version=(((int)p[0])<<8)|(int)p[1]; | 745 | s->client_version=(((int)p[0])<<8)|(int)p[1]; |
| 681 | p+=2; | 746 | p+=2; |
| 682 | 747 | ||
| 683 | if (s->client_version < s->version) | 748 | if ((s->version == DTLS1_VERSION && s->client_version > s->version) || |
| 749 | (s->version != DTLS1_VERSION && s->client_version < s->version)) | ||
| 684 | { | 750 | { |
| 685 | SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_WRONG_VERSION_NUMBER); | 751 | SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_WRONG_VERSION_NUMBER); |
| 686 | if ((s->client_version>>8) == SSL3_VERSION_MAJOR) | 752 | if ((s->client_version>>8) == SSL3_VERSION_MAJOR) |
| @@ -708,14 +774,14 @@ static int ssl3_get_client_hello(SSL *s) | |||
| 708 | * might be written that become totally unsecure when compiled with | 774 | * might be written that become totally unsecure when compiled with |
| 709 | * an earlier library version) | 775 | * an earlier library version) |
| 710 | */ | 776 | */ |
| 711 | if (j == 0 || (s->new_session && (s->options & SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION))) | 777 | if ((s->new_session && (s->options & SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION))) |
| 712 | { | 778 | { |
| 713 | if (!ssl_get_new_session(s,1)) | 779 | if (!ssl_get_new_session(s,1)) |
| 714 | goto err; | 780 | goto err; |
| 715 | } | 781 | } |
| 716 | else | 782 | else |
| 717 | { | 783 | { |
| 718 | i=ssl_get_prev_session(s,p,j); | 784 | i=ssl_get_prev_session(s, p, j, d + n); |
| 719 | if (i == 1) | 785 | if (i == 1) |
| 720 | { /* previous session */ | 786 | { /* previous session */ |
| 721 | s->hit=1; | 787 | s->hit=1; |
| @@ -730,6 +796,68 @@ static int ssl3_get_client_hello(SSL *s) | |||
| 730 | } | 796 | } |
| 731 | 797 | ||
| 732 | p+=j; | 798 | p+=j; |
| 799 | |||
| 800 | if (s->version == DTLS1_VERSION) | ||
| 801 | { | ||
| 802 | /* cookie stuff */ | ||
| 803 | cookie_len = *(p++); | ||
| 804 | |||
| 805 | if ( (SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE) && | ||
| 806 | s->d1->send_cookie == 0) | ||
| 807 | { | ||
| 808 | /* HelloVerifyMessage has already been sent */ | ||
| 809 | if ( cookie_len != s->d1->cookie_len) | ||
| 810 | { | ||
| 811 | al = SSL_AD_HANDSHAKE_FAILURE; | ||
| 812 | SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_COOKIE_MISMATCH); | ||
| 813 | goto f_err; | ||
| 814 | } | ||
| 815 | } | ||
| 816 | |||
| 817 | /* | ||
| 818 | * The ClientHello may contain a cookie even if the | ||
| 819 | * HelloVerify message has not been sent--make sure that it | ||
| 820 | * does not cause an overflow. | ||
| 821 | */ | ||
| 822 | if ( cookie_len > sizeof(s->d1->rcvd_cookie)) | ||
| 823 | { | ||
| 824 | /* too much data */ | ||
| 825 | al = SSL_AD_DECODE_ERROR; | ||
| 826 | SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_COOKIE_MISMATCH); | ||
| 827 | goto f_err; | ||
| 828 | } | ||
| 829 | |||
| 830 | /* verify the cookie if appropriate option is set. */ | ||
| 831 | if ( (SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE) && | ||
| 832 | cookie_len > 0) | ||
| 833 | { | ||
| 834 | memcpy(s->d1->rcvd_cookie, p, cookie_len); | ||
| 835 | |||
| 836 | if ( s->ctx->app_verify_cookie_cb != NULL) | ||
| 837 | { | ||
| 838 | if ( s->ctx->app_verify_cookie_cb(s, s->d1->rcvd_cookie, | ||
| 839 | cookie_len) == 0) | ||
| 840 | { | ||
| 841 | al=SSL_AD_HANDSHAKE_FAILURE; | ||
| 842 | SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, | ||
| 843 | SSL_R_COOKIE_MISMATCH); | ||
| 844 | goto f_err; | ||
| 845 | } | ||
| 846 | /* else cookie verification succeeded */ | ||
| 847 | } | ||
| 848 | else if ( memcmp(s->d1->rcvd_cookie, s->d1->cookie, | ||
| 849 | s->d1->cookie_len) != 0) /* default verification */ | ||
| 850 | { | ||
| 851 | al=SSL_AD_HANDSHAKE_FAILURE; | ||
| 852 | SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, | ||
| 853 | SSL_R_COOKIE_MISMATCH); | ||
| 854 | goto f_err; | ||
| 855 | } | ||
| 856 | } | ||
| 857 | |||
| 858 | p += cookie_len; | ||
| 859 | } | ||
| 860 | |||
| 733 | n2s(p,i); | 861 | n2s(p,i); |
| 734 | if ((i == 0) && (j != 0)) | 862 | if ((i == 0) && (j != 0)) |
| 735 | { | 863 | { |
| @@ -779,8 +907,7 @@ static int ssl3_get_client_hello(SSL *s) | |||
| 779 | if ((s->options & SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG) && (sk_SSL_CIPHER_num(ciphers) == 1)) | 907 | if ((s->options & SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG) && (sk_SSL_CIPHER_num(ciphers) == 1)) |
| 780 | { | 908 | { |
| 781 | /* Very bad for multi-threading.... */ | 909 | /* Very bad for multi-threading.... */ |
| 782 | s->session->cipher=sk_SSL_CIPHER_value(ciphers, | 910 | s->session->cipher=sk_SSL_CIPHER_value(ciphers, 0); |
| 783 | 0); | ||
| 784 | } | 911 | } |
| 785 | else | 912 | else |
| 786 | { | 913 | { |
| @@ -817,10 +944,27 @@ static int ssl3_get_client_hello(SSL *s) | |||
| 817 | goto f_err; | 944 | goto f_err; |
| 818 | } | 945 | } |
| 819 | 946 | ||
| 947 | #ifndef OPENSSL_NO_TLSEXT | ||
| 948 | /* TLS extensions*/ | ||
| 949 | if (s->version > SSL3_VERSION) | ||
| 950 | { | ||
| 951 | if (!ssl_parse_clienthello_tlsext(s,&p,d,n, &al)) | ||
| 952 | { | ||
| 953 | /* 'al' set by ssl_parse_clienthello_tlsext */ | ||
| 954 | SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_PARSE_TLSEXT); | ||
| 955 | goto f_err; | ||
| 956 | } | ||
| 957 | } | ||
| 958 | if (ssl_check_clienthello_tlsext(s) <= 0) { | ||
| 959 | SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_CLIENTHELLO_TLSEXT); | ||
| 960 | goto err; | ||
| 961 | } | ||
| 962 | #endif | ||
| 820 | /* Worst case, we will use the NULL compression, but if we have other | 963 | /* Worst case, we will use the NULL compression, but if we have other |
| 821 | * options, we will now look for them. We have i-1 compression | 964 | * options, we will now look for them. We have i-1 compression |
| 822 | * algorithms from the client, starting at q. */ | 965 | * algorithms from the client, starting at q. */ |
| 823 | s->s3->tmp.new_compression=NULL; | 966 | s->s3->tmp.new_compression=NULL; |
| 967 | #ifndef OPENSSL_NO_COMP | ||
| 824 | if (s->ctx->comp_methods != NULL) | 968 | if (s->ctx->comp_methods != NULL) |
| 825 | { /* See if we have a match */ | 969 | { /* See if we have a match */ |
| 826 | int m,nn,o,v,done=0; | 970 | int m,nn,o,v,done=0; |
| @@ -845,6 +989,7 @@ static int ssl3_get_client_hello(SSL *s) | |||
| 845 | else | 989 | else |
| 846 | comp=NULL; | 990 | comp=NULL; |
| 847 | } | 991 | } |
| 992 | #endif | ||
| 848 | 993 | ||
| 849 | /* TLS does not mind if there is extra stuff */ | 994 | /* TLS does not mind if there is extra stuff */ |
| 850 | #if 0 /* SSL 3.0 does not mind either, so we should disable this test | 995 | #if 0 /* SSL 3.0 does not mind either, so we should disable this test |
| @@ -868,7 +1013,11 @@ static int ssl3_get_client_hello(SSL *s) | |||
| 868 | 1013 | ||
| 869 | if (!s->hit) | 1014 | if (!s->hit) |
| 870 | { | 1015 | { |
| 1016 | #ifdef OPENSSL_NO_COMP | ||
| 1017 | s->session->compress_meth=0; | ||
| 1018 | #else | ||
| 871 | s->session->compress_meth=(comp == NULL)?0:comp->id; | 1019 | s->session->compress_meth=(comp == NULL)?0:comp->id; |
| 1020 | #endif | ||
| 872 | if (s->session->ciphers != NULL) | 1021 | if (s->session->ciphers != NULL) |
| 873 | sk_SSL_CIPHER_free(s->session->ciphers); | 1022 | sk_SSL_CIPHER_free(s->session->ciphers); |
| 874 | s->session->ciphers=ciphers; | 1023 | s->session->ciphers=ciphers; |
| @@ -943,7 +1092,7 @@ err: | |||
| 943 | return(ret); | 1092 | return(ret); |
| 944 | } | 1093 | } |
| 945 | 1094 | ||
| 946 | static int ssl3_send_server_hello(SSL *s) | 1095 | int ssl3_send_server_hello(SSL *s) |
| 947 | { | 1096 | { |
| 948 | unsigned char *buf; | 1097 | unsigned char *buf; |
| 949 | unsigned char *p,*d; | 1098 | unsigned char *p,*d; |
| @@ -956,7 +1105,7 @@ static int ssl3_send_server_hello(SSL *s) | |||
| 956 | p=s->s3->server_random; | 1105 | p=s->s3->server_random; |
| 957 | Time=(unsigned long)time(NULL); /* Time */ | 1106 | Time=(unsigned long)time(NULL); /* Time */ |
| 958 | l2n(Time,p); | 1107 | l2n(Time,p); |
| 959 | if(RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-4) <= 0) | 1108 | if (RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-4) <= 0) |
| 960 | return -1; | 1109 | return -1; |
| 961 | /* Do the message type and length last */ | 1110 | /* Do the message type and length last */ |
| 962 | d=p= &(buf[4]); | 1111 | d=p= &(buf[4]); |
| @@ -975,12 +1124,20 @@ static int ssl3_send_server_hello(SSL *s) | |||
| 975 | * session-id if we want it to be single use. | 1124 | * session-id if we want it to be single use. |
| 976 | * Currently I will not implement the '0' length session-id | 1125 | * Currently I will not implement the '0' length session-id |
| 977 | * 12-Jan-98 - I'll now support the '0' length stuff. | 1126 | * 12-Jan-98 - I'll now support the '0' length stuff. |
| 1127 | * | ||
| 1128 | * We also have an additional case where stateless session | ||
| 1129 | * resumption is successful: we always send back the old | ||
| 1130 | * session id. In this case s->hit is non zero: this can | ||
| 1131 | * only happen if stateless session resumption is succesful | ||
| 1132 | * if session caching is disabled so existing functionality | ||
| 1133 | * is unaffected. | ||
| 978 | */ | 1134 | */ |
| 979 | if (!(s->ctx->session_cache_mode & SSL_SESS_CACHE_SERVER)) | 1135 | if (!(s->ctx->session_cache_mode & SSL_SESS_CACHE_SERVER) |
| 1136 | && !s->hit) | ||
| 980 | s->session->session_id_length=0; | 1137 | s->session->session_id_length=0; |
| 981 | 1138 | ||
| 982 | sl=s->session->session_id_length; | 1139 | sl=s->session->session_id_length; |
| 983 | if (sl > sizeof s->session->session_id) | 1140 | if (sl > (int)sizeof(s->session->session_id)) |
| 984 | { | 1141 | { |
| 985 | SSLerr(SSL_F_SSL3_SEND_SERVER_HELLO, ERR_R_INTERNAL_ERROR); | 1142 | SSLerr(SSL_F_SSL3_SEND_SERVER_HELLO, ERR_R_INTERNAL_ERROR); |
| 986 | return -1; | 1143 | return -1; |
| @@ -994,11 +1151,21 @@ static int ssl3_send_server_hello(SSL *s) | |||
| 994 | p+=i; | 1151 | p+=i; |
| 995 | 1152 | ||
| 996 | /* put the compression method */ | 1153 | /* put the compression method */ |
| 1154 | #ifdef OPENSSL_NO_COMP | ||
| 1155 | *(p++)=0; | ||
| 1156 | #else | ||
| 997 | if (s->s3->tmp.new_compression == NULL) | 1157 | if (s->s3->tmp.new_compression == NULL) |
| 998 | *(p++)=0; | 1158 | *(p++)=0; |
| 999 | else | 1159 | else |
| 1000 | *(p++)=s->s3->tmp.new_compression->id; | 1160 | *(p++)=s->s3->tmp.new_compression->id; |
| 1001 | 1161 | #endif | |
| 1162 | #ifndef OPENSSL_NO_TLSEXT | ||
| 1163 | if ((p = ssl_add_serverhello_tlsext(s, p, buf+SSL3_RT_MAX_PLAIN_LENGTH)) == NULL) | ||
| 1164 | { | ||
| 1165 | SSLerr(SSL_F_SSL3_SEND_SERVER_HELLO,ERR_R_INTERNAL_ERROR); | ||
| 1166 | return -1; | ||
| 1167 | } | ||
| 1168 | #endif | ||
| 1002 | /* do the header */ | 1169 | /* do the header */ |
| 1003 | l=(p-d); | 1170 | l=(p-d); |
| 1004 | d=buf; | 1171 | d=buf; |
| @@ -1015,7 +1182,7 @@ static int ssl3_send_server_hello(SSL *s) | |||
| 1015 | return(ssl3_do_write(s,SSL3_RT_HANDSHAKE)); | 1182 | return(ssl3_do_write(s,SSL3_RT_HANDSHAKE)); |
| 1016 | } | 1183 | } |
| 1017 | 1184 | ||
| 1018 | static int ssl3_send_server_done(SSL *s) | 1185 | int ssl3_send_server_done(SSL *s) |
| 1019 | { | 1186 | { |
| 1020 | unsigned char *p; | 1187 | unsigned char *p; |
| 1021 | 1188 | ||
| @@ -1039,7 +1206,7 @@ static int ssl3_send_server_done(SSL *s) | |||
| 1039 | return(ssl3_do_write(s,SSL3_RT_HANDSHAKE)); | 1206 | return(ssl3_do_write(s,SSL3_RT_HANDSHAKE)); |
| 1040 | } | 1207 | } |
| 1041 | 1208 | ||
| 1042 | static int ssl3_send_server_key_exchange(SSL *s) | 1209 | int ssl3_send_server_key_exchange(SSL *s) |
| 1043 | { | 1210 | { |
| 1044 | #ifndef OPENSSL_NO_RSA | 1211 | #ifndef OPENSSL_NO_RSA |
| 1045 | unsigned char *q; | 1212 | unsigned char *q; |
| @@ -1051,6 +1218,13 @@ static int ssl3_send_server_key_exchange(SSL *s) | |||
| 1051 | #ifndef OPENSSL_NO_DH | 1218 | #ifndef OPENSSL_NO_DH |
| 1052 | DH *dh=NULL,*dhp; | 1219 | DH *dh=NULL,*dhp; |
| 1053 | #endif | 1220 | #endif |
| 1221 | #ifndef OPENSSL_NO_ECDH | ||
| 1222 | EC_KEY *ecdh=NULL, *ecdhp; | ||
| 1223 | unsigned char *encodedPoint = NULL; | ||
| 1224 | int encodedlen = 0; | ||
| 1225 | int curve_id = 0; | ||
| 1226 | BN_CTX *bn_ctx = NULL; | ||
| 1227 | #endif | ||
| 1054 | EVP_PKEY *pkey; | 1228 | EVP_PKEY *pkey; |
| 1055 | unsigned char *p,*d; | 1229 | unsigned char *p,*d; |
| 1056 | int al,i; | 1230 | int al,i; |
| @@ -1159,6 +1333,134 @@ static int ssl3_send_server_key_exchange(SSL *s) | |||
| 1159 | } | 1333 | } |
| 1160 | else | 1334 | else |
| 1161 | #endif | 1335 | #endif |
| 1336 | #ifndef OPENSSL_NO_ECDH | ||
| 1337 | if (type & SSL_kECDHE) | ||
| 1338 | { | ||
| 1339 | const EC_GROUP *group; | ||
| 1340 | |||
| 1341 | ecdhp=cert->ecdh_tmp; | ||
| 1342 | if ((ecdhp == NULL) && (s->cert->ecdh_tmp_cb != NULL)) | ||
| 1343 | { | ||
| 1344 | ecdhp=s->cert->ecdh_tmp_cb(s, | ||
| 1345 | SSL_C_IS_EXPORT(s->s3->tmp.new_cipher), | ||
| 1346 | SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)); | ||
| 1347 | } | ||
| 1348 | if (ecdhp == NULL) | ||
| 1349 | { | ||
| 1350 | al=SSL_AD_HANDSHAKE_FAILURE; | ||
| 1351 | SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,SSL_R_MISSING_TMP_ECDH_KEY); | ||
| 1352 | goto f_err; | ||
| 1353 | } | ||
| 1354 | |||
| 1355 | if (s->s3->tmp.ecdh != NULL) | ||
| 1356 | { | ||
| 1357 | EC_KEY_free(s->s3->tmp.ecdh); | ||
| 1358 | SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); | ||
| 1359 | goto err; | ||
| 1360 | } | ||
| 1361 | |||
| 1362 | /* Duplicate the ECDH structure. */ | ||
| 1363 | if (ecdhp == NULL) | ||
| 1364 | { | ||
| 1365 | SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB); | ||
| 1366 | goto err; | ||
| 1367 | } | ||
| 1368 | if (!EC_KEY_up_ref(ecdhp)) | ||
| 1369 | { | ||
| 1370 | SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB); | ||
| 1371 | goto err; | ||
| 1372 | } | ||
| 1373 | ecdh = ecdhp; | ||
| 1374 | |||
| 1375 | s->s3->tmp.ecdh=ecdh; | ||
| 1376 | if ((EC_KEY_get0_public_key(ecdh) == NULL) || | ||
| 1377 | (EC_KEY_get0_private_key(ecdh) == NULL) || | ||
| 1378 | (s->options & SSL_OP_SINGLE_ECDH_USE)) | ||
| 1379 | { | ||
| 1380 | if(!EC_KEY_generate_key(ecdh)) | ||
| 1381 | { | ||
| 1382 | SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB); | ||
| 1383 | goto err; | ||
| 1384 | } | ||
| 1385 | } | ||
| 1386 | |||
| 1387 | if (((group = EC_KEY_get0_group(ecdh)) == NULL) || | ||
| 1388 | (EC_KEY_get0_public_key(ecdh) == NULL) || | ||
| 1389 | (EC_KEY_get0_private_key(ecdh) == NULL)) | ||
| 1390 | { | ||
| 1391 | SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB); | ||
| 1392 | goto err; | ||
| 1393 | } | ||
| 1394 | |||
| 1395 | if (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) && | ||
| 1396 | (EC_GROUP_get_degree(group) > 163)) | ||
| 1397 | { | ||
| 1398 | SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER); | ||
| 1399 | goto err; | ||
| 1400 | } | ||
| 1401 | |||
| 1402 | /* XXX: For now, we only support ephemeral ECDH | ||
| 1403 | * keys over named (not generic) curves. For | ||
| 1404 | * supported named curves, curve_id is non-zero. | ||
| 1405 | */ | ||
| 1406 | if ((curve_id = | ||
| 1407 | nid2curve_id(EC_GROUP_get_curve_name(group))) | ||
| 1408 | == 0) | ||
| 1409 | { | ||
| 1410 | SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,SSL_R_UNSUPPORTED_ELLIPTIC_CURVE); | ||
| 1411 | goto err; | ||
| 1412 | } | ||
| 1413 | |||
| 1414 | /* Encode the public key. | ||
| 1415 | * First check the size of encoding and | ||
| 1416 | * allocate memory accordingly. | ||
| 1417 | */ | ||
| 1418 | encodedlen = EC_POINT_point2oct(group, | ||
| 1419 | EC_KEY_get0_public_key(ecdh), | ||
| 1420 | POINT_CONVERSION_UNCOMPRESSED, | ||
| 1421 | NULL, 0, NULL); | ||
| 1422 | |||
| 1423 | encodedPoint = (unsigned char *) | ||
| 1424 | OPENSSL_malloc(encodedlen*sizeof(unsigned char)); | ||
| 1425 | bn_ctx = BN_CTX_new(); | ||
| 1426 | if ((encodedPoint == NULL) || (bn_ctx == NULL)) | ||
| 1427 | { | ||
| 1428 | SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE); | ||
| 1429 | goto err; | ||
| 1430 | } | ||
| 1431 | |||
| 1432 | |||
| 1433 | encodedlen = EC_POINT_point2oct(group, | ||
| 1434 | EC_KEY_get0_public_key(ecdh), | ||
| 1435 | POINT_CONVERSION_UNCOMPRESSED, | ||
| 1436 | encodedPoint, encodedlen, bn_ctx); | ||
| 1437 | |||
| 1438 | if (encodedlen == 0) | ||
| 1439 | { | ||
| 1440 | SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB); | ||
| 1441 | goto err; | ||
| 1442 | } | ||
| 1443 | |||
| 1444 | BN_CTX_free(bn_ctx); bn_ctx=NULL; | ||
| 1445 | |||
| 1446 | /* XXX: For now, we only support named (not | ||
| 1447 | * generic) curves in ECDH ephemeral key exchanges. | ||
| 1448 | * In this situation, we need four additional bytes | ||
| 1449 | * to encode the entire ServerECDHParams | ||
| 1450 | * structure. | ||
| 1451 | */ | ||
| 1452 | n = 4 + encodedlen; | ||
| 1453 | |||
| 1454 | /* We'll generate the serverKeyExchange message | ||
| 1455 | * explicitly so we can set these to NULLs | ||
| 1456 | */ | ||
| 1457 | r[0]=NULL; | ||
| 1458 | r[1]=NULL; | ||
| 1459 | r[2]=NULL; | ||
| 1460 | r[3]=NULL; | ||
| 1461 | } | ||
| 1462 | else | ||
| 1463 | #endif /* !OPENSSL_NO_ECDH */ | ||
| 1162 | { | 1464 | { |
| 1163 | al=SSL_AD_HANDSHAKE_FAILURE; | 1465 | al=SSL_AD_HANDSHAKE_FAILURE; |
| 1164 | SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE); | 1466 | SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE); |
| @@ -1201,6 +1503,31 @@ static int ssl3_send_server_key_exchange(SSL *s) | |||
| 1201 | p+=nr[i]; | 1503 | p+=nr[i]; |
| 1202 | } | 1504 | } |
| 1203 | 1505 | ||
| 1506 | #ifndef OPENSSL_NO_ECDH | ||
| 1507 | if (type & SSL_kECDHE) | ||
| 1508 | { | ||
| 1509 | /* XXX: For now, we only support named (not generic) curves. | ||
| 1510 | * In this situation, the serverKeyExchange message has: | ||
| 1511 | * [1 byte CurveType], [2 byte CurveName] | ||
| 1512 | * [1 byte length of encoded point], followed by | ||
| 1513 | * the actual encoded point itself | ||
| 1514 | */ | ||
| 1515 | *p = NAMED_CURVE_TYPE; | ||
| 1516 | p += 1; | ||
| 1517 | *p = 0; | ||
| 1518 | p += 1; | ||
| 1519 | *p = curve_id; | ||
| 1520 | p += 1; | ||
| 1521 | *p = encodedlen; | ||
| 1522 | p += 1; | ||
| 1523 | memcpy((unsigned char*)p, | ||
| 1524 | (unsigned char *)encodedPoint, | ||
| 1525 | encodedlen); | ||
| 1526 | OPENSSL_free(encodedPoint); | ||
| 1527 | p += encodedlen; | ||
| 1528 | } | ||
| 1529 | #endif | ||
| 1530 | |||
| 1204 | /* not anonymous */ | 1531 | /* not anonymous */ |
| 1205 | if (pkey != NULL) | 1532 | if (pkey != NULL) |
| 1206 | { | 1533 | { |
| @@ -1213,8 +1540,6 @@ static int ssl3_send_server_key_exchange(SSL *s) | |||
| 1213 | j=0; | 1540 | j=0; |
| 1214 | for (num=2; num > 0; num--) | 1541 | for (num=2; num > 0; num--) |
| 1215 | { | 1542 | { |
| 1216 | EVP_MD_CTX_set_flags(&md_ctx, | ||
| 1217 | EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); | ||
| 1218 | EVP_DigestInit_ex(&md_ctx,(num == 2) | 1543 | EVP_DigestInit_ex(&md_ctx,(num == 2) |
| 1219 | ?s->ctx->md5:s->ctx->sha1, NULL); | 1544 | ?s->ctx->md5:s->ctx->sha1, NULL); |
| 1220 | EVP_DigestUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE); | 1545 | EVP_DigestUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE); |
| @@ -1255,6 +1580,25 @@ static int ssl3_send_server_key_exchange(SSL *s) | |||
| 1255 | } | 1580 | } |
| 1256 | else | 1581 | else |
| 1257 | #endif | 1582 | #endif |
| 1583 | #if !defined(OPENSSL_NO_ECDSA) | ||
| 1584 | if (pkey->type == EVP_PKEY_EC) | ||
| 1585 | { | ||
| 1586 | /* let's do ECDSA */ | ||
| 1587 | EVP_SignInit_ex(&md_ctx,EVP_ecdsa(), NULL); | ||
| 1588 | EVP_SignUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE); | ||
| 1589 | EVP_SignUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE); | ||
| 1590 | EVP_SignUpdate(&md_ctx,&(d[4]),n); | ||
| 1591 | if (!EVP_SignFinal(&md_ctx,&(p[2]), | ||
| 1592 | (unsigned int *)&i,pkey)) | ||
| 1593 | { | ||
| 1594 | SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_LIB_ECDSA); | ||
| 1595 | goto err; | ||
| 1596 | } | ||
| 1597 | s2n(i,p); | ||
| 1598 | n+=i+2; | ||
| 1599 | } | ||
| 1600 | else | ||
| 1601 | #endif | ||
| 1258 | { | 1602 | { |
| 1259 | /* Is this error check actually needed? */ | 1603 | /* Is this error check actually needed? */ |
| 1260 | al=SSL_AD_HANDSHAKE_FAILURE; | 1604 | al=SSL_AD_HANDSHAKE_FAILURE; |
| @@ -1278,11 +1622,15 @@ static int ssl3_send_server_key_exchange(SSL *s) | |||
| 1278 | f_err: | 1622 | f_err: |
| 1279 | ssl3_send_alert(s,SSL3_AL_FATAL,al); | 1623 | ssl3_send_alert(s,SSL3_AL_FATAL,al); |
| 1280 | err: | 1624 | err: |
| 1625 | #ifndef OPENSSL_NO_ECDH | ||
| 1626 | if (encodedPoint != NULL) OPENSSL_free(encodedPoint); | ||
| 1627 | BN_CTX_free(bn_ctx); | ||
| 1628 | #endif | ||
| 1281 | EVP_MD_CTX_cleanup(&md_ctx); | 1629 | EVP_MD_CTX_cleanup(&md_ctx); |
| 1282 | return(-1); | 1630 | return(-1); |
| 1283 | } | 1631 | } |
| 1284 | 1632 | ||
| 1285 | static int ssl3_send_certificate_request(SSL *s) | 1633 | int ssl3_send_certificate_request(SSL *s) |
| 1286 | { | 1634 | { |
| 1287 | unsigned char *p,*d; | 1635 | unsigned char *p,*d; |
| 1288 | int i,j,nl,off,n; | 1636 | int i,j,nl,off,n; |
| @@ -1371,7 +1719,7 @@ err: | |||
| 1371 | return(-1); | 1719 | return(-1); |
| 1372 | } | 1720 | } |
| 1373 | 1721 | ||
| 1374 | static int ssl3_get_client_key_exchange(SSL *s) | 1722 | int ssl3_get_client_key_exchange(SSL *s) |
| 1375 | { | 1723 | { |
| 1376 | int i,al,ok; | 1724 | int i,al,ok; |
| 1377 | long n; | 1725 | long n; |
| @@ -1389,7 +1737,14 @@ static int ssl3_get_client_key_exchange(SSL *s) | |||
| 1389 | KSSL_ERR kssl_err; | 1737 | KSSL_ERR kssl_err; |
| 1390 | #endif /* OPENSSL_NO_KRB5 */ | 1738 | #endif /* OPENSSL_NO_KRB5 */ |
| 1391 | 1739 | ||
| 1392 | n=ssl3_get_message(s, | 1740 | #ifndef OPENSSL_NO_ECDH |
| 1741 | EC_KEY *srvr_ecdh = NULL; | ||
| 1742 | EVP_PKEY *clnt_pub_pkey = NULL; | ||
| 1743 | EC_POINT *clnt_ecpoint = NULL; | ||
| 1744 | BN_CTX *bn_ctx = NULL; | ||
| 1745 | #endif | ||
| 1746 | |||
| 1747 | n=s->method->ssl_get_message(s, | ||
| 1393 | SSL3_ST_SR_KEY_EXCH_A, | 1748 | SSL3_ST_SR_KEY_EXCH_A, |
| 1394 | SSL3_ST_SR_KEY_EXCH_B, | 1749 | SSL3_ST_SR_KEY_EXCH_B, |
| 1395 | SSL3_MT_CLIENT_KEY_EXCHANGE, | 1750 | SSL3_MT_CLIENT_KEY_EXCHANGE, |
| @@ -1433,8 +1788,9 @@ static int ssl3_get_client_key_exchange(SSL *s) | |||
| 1433 | rsa=pkey->pkey.rsa; | 1788 | rsa=pkey->pkey.rsa; |
| 1434 | } | 1789 | } |
| 1435 | 1790 | ||
| 1436 | /* TLS */ | 1791 | /* TLS and [incidentally] DTLS, including pre-0.9.8f */ |
| 1437 | if (s->version > SSL3_VERSION) | 1792 | if (s->version > SSL3_VERSION && |
| 1793 | s->client_version != DTLS1_BAD_VER) | ||
| 1438 | { | 1794 | { |
| 1439 | n2s(p,i); | 1795 | n2s(p,i); |
| 1440 | if (n != i+2) | 1796 | if (n != i+2) |
| @@ -1495,7 +1851,7 @@ static int ssl3_get_client_key_exchange(SSL *s) | |||
| 1495 | i = SSL_MAX_MASTER_KEY_LENGTH; | 1851 | i = SSL_MAX_MASTER_KEY_LENGTH; |
| 1496 | p[0] = s->client_version >> 8; | 1852 | p[0] = s->client_version >> 8; |
| 1497 | p[1] = s->client_version & 0xff; | 1853 | p[1] = s->client_version & 0xff; |
| 1498 | if(RAND_pseudo_bytes(p+2, i-2) <= 0) /* should be RAND_bytes, but we cannot work around a failure */ | 1854 | if (RAND_pseudo_bytes(p+2, i-2) <= 0) /* should be RAND_bytes, but we cannot work around a failure */ |
| 1499 | goto err; | 1855 | goto err; |
| 1500 | } | 1856 | } |
| 1501 | 1857 | ||
| @@ -1594,7 +1950,7 @@ static int ssl3_get_client_key_exchange(SSL *s) | |||
| 1594 | n2s(p,i); | 1950 | n2s(p,i); |
| 1595 | enc_ticket.length = i; | 1951 | enc_ticket.length = i; |
| 1596 | 1952 | ||
| 1597 | if (n < (long)enc_ticket.length + 6) | 1953 | if (n < (int)enc_ticket.length + 6) |
| 1598 | { | 1954 | { |
| 1599 | SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, | 1955 | SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, |
| 1600 | SSL_R_DATA_LENGTH_TOO_LONG); | 1956 | SSL_R_DATA_LENGTH_TOO_LONG); |
| @@ -1607,7 +1963,7 @@ static int ssl3_get_client_key_exchange(SSL *s) | |||
| 1607 | n2s(p,i); | 1963 | n2s(p,i); |
| 1608 | authenticator.length = i; | 1964 | authenticator.length = i; |
| 1609 | 1965 | ||
| 1610 | if (n < (long)(enc_ticket.length + authenticator.length + 6)) | 1966 | if (n < (int)(enc_ticket.length + authenticator.length) + 6) |
| 1611 | { | 1967 | { |
| 1612 | SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, | 1968 | SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, |
| 1613 | SSL_R_DATA_LENGTH_TOO_LONG); | 1969 | SSL_R_DATA_LENGTH_TOO_LONG); |
| @@ -1649,7 +2005,7 @@ static int ssl3_get_client_key_exchange(SSL *s) | |||
| 1649 | if (kssl_err.text) | 2005 | if (kssl_err.text) |
| 1650 | printf("kssl_err text= %s\n", kssl_err.text); | 2006 | printf("kssl_err text= %s\n", kssl_err.text); |
| 1651 | #endif /* KSSL_DEBUG */ | 2007 | #endif /* KSSL_DEBUG */ |
| 1652 | SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, | 2008 | SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, |
| 1653 | kssl_err.reason); | 2009 | kssl_err.reason); |
| 1654 | goto err; | 2010 | goto err; |
| 1655 | } | 2011 | } |
| @@ -1666,14 +2022,14 @@ static int ssl3_get_client_key_exchange(SSL *s) | |||
| 1666 | if (kssl_err.text) | 2022 | if (kssl_err.text) |
| 1667 | printf("kssl_err text= %s\n", kssl_err.text); | 2023 | printf("kssl_err text= %s\n", kssl_err.text); |
| 1668 | #endif /* KSSL_DEBUG */ | 2024 | #endif /* KSSL_DEBUG */ |
| 1669 | SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, | 2025 | SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, |
| 1670 | kssl_err.reason); | 2026 | kssl_err.reason); |
| 1671 | goto err; | 2027 | goto err; |
| 1672 | } | 2028 | } |
| 1673 | 2029 | ||
| 1674 | if ((krb5rc = kssl_validate_times(authtime, &ttimes)) != 0) | 2030 | if ((krb5rc = kssl_validate_times(authtime, &ttimes)) != 0) |
| 1675 | { | 2031 | { |
| 1676 | SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, krb5rc); | 2032 | SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, krb5rc); |
| 1677 | goto err; | 2033 | goto err; |
| 1678 | } | 2034 | } |
| 1679 | 2035 | ||
| @@ -1719,6 +2075,24 @@ static int ssl3_get_client_key_exchange(SSL *s) | |||
| 1719 | SSL_R_DATA_LENGTH_TOO_LONG); | 2075 | SSL_R_DATA_LENGTH_TOO_LONG); |
| 1720 | goto err; | 2076 | goto err; |
| 1721 | } | 2077 | } |
| 2078 | if (!((pms[0] == (s->client_version>>8)) && (pms[1] == (s->client_version & 0xff)))) | ||
| 2079 | { | ||
| 2080 | /* The premaster secret must contain the same version number as the | ||
| 2081 | * ClientHello to detect version rollback attacks (strangely, the | ||
| 2082 | * protocol does not offer such protection for DH ciphersuites). | ||
| 2083 | * However, buggy clients exist that send random bytes instead of | ||
| 2084 | * the protocol version. | ||
| 2085 | * If SSL_OP_TLS_ROLLBACK_BUG is set, tolerate such clients. | ||
| 2086 | * (Perhaps we should have a separate BUG value for the Kerberos cipher) | ||
| 2087 | */ | ||
| 2088 | if (!(s->options & SSL_OP_TLS_ROLLBACK_BUG)) | ||
| 2089 | { | ||
| 2090 | SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, | ||
| 2091 | SSL_AD_DECODE_ERROR); | ||
| 2092 | goto err; | ||
| 2093 | } | ||
| 2094 | } | ||
| 2095 | |||
| 1722 | EVP_CIPHER_CTX_cleanup(&ciph_ctx); | 2096 | EVP_CIPHER_CTX_cleanup(&ciph_ctx); |
| 1723 | 2097 | ||
| 1724 | s->session->master_key_length= | 2098 | s->session->master_key_length= |
| @@ -1727,7 +2101,7 @@ static int ssl3_get_client_key_exchange(SSL *s) | |||
| 1727 | 2101 | ||
| 1728 | if (kssl_ctx->client_princ) | 2102 | if (kssl_ctx->client_princ) |
| 1729 | { | 2103 | { |
| 1730 | int len = strlen(kssl_ctx->client_princ); | 2104 | size_t len = strlen(kssl_ctx->client_princ); |
| 1731 | if ( len < SSL_MAX_KRB5_PRINCIPAL_LENGTH ) | 2105 | if ( len < SSL_MAX_KRB5_PRINCIPAL_LENGTH ) |
| 1732 | { | 2106 | { |
| 1733 | s->session->krb5_client_princ_len = len; | 2107 | s->session->krb5_client_princ_len = len; |
| @@ -1744,6 +2118,156 @@ static int ssl3_get_client_key_exchange(SSL *s) | |||
| 1744 | } | 2118 | } |
| 1745 | else | 2119 | else |
| 1746 | #endif /* OPENSSL_NO_KRB5 */ | 2120 | #endif /* OPENSSL_NO_KRB5 */ |
| 2121 | |||
| 2122 | #ifndef OPENSSL_NO_ECDH | ||
| 2123 | if ((l & SSL_kECDH) || (l & SSL_kECDHE)) | ||
| 2124 | { | ||
| 2125 | int ret = 1; | ||
| 2126 | int field_size = 0; | ||
| 2127 | const EC_KEY *tkey; | ||
| 2128 | const EC_GROUP *group; | ||
| 2129 | const BIGNUM *priv_key; | ||
| 2130 | |||
| 2131 | /* initialize structures for server's ECDH key pair */ | ||
| 2132 | if ((srvr_ecdh = EC_KEY_new()) == NULL) | ||
| 2133 | { | ||
| 2134 | SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, | ||
| 2135 | ERR_R_MALLOC_FAILURE); | ||
| 2136 | goto err; | ||
| 2137 | } | ||
| 2138 | |||
| 2139 | /* Let's get server private key and group information */ | ||
| 2140 | if (l & SSL_kECDH) | ||
| 2141 | { | ||
| 2142 | /* use the certificate */ | ||
| 2143 | tkey = s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec; | ||
| 2144 | } | ||
| 2145 | else | ||
| 2146 | { | ||
| 2147 | /* use the ephermeral values we saved when | ||
| 2148 | * generating the ServerKeyExchange msg. | ||
| 2149 | */ | ||
| 2150 | tkey = s->s3->tmp.ecdh; | ||
| 2151 | } | ||
| 2152 | |||
| 2153 | group = EC_KEY_get0_group(tkey); | ||
| 2154 | priv_key = EC_KEY_get0_private_key(tkey); | ||
| 2155 | |||
| 2156 | if (!EC_KEY_set_group(srvr_ecdh, group) || | ||
| 2157 | !EC_KEY_set_private_key(srvr_ecdh, priv_key)) | ||
| 2158 | { | ||
| 2159 | SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, | ||
| 2160 | ERR_R_EC_LIB); | ||
| 2161 | goto err; | ||
| 2162 | } | ||
| 2163 | |||
| 2164 | /* Let's get client's public key */ | ||
| 2165 | if ((clnt_ecpoint = EC_POINT_new(group)) == NULL) | ||
| 2166 | { | ||
| 2167 | SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, | ||
| 2168 | ERR_R_MALLOC_FAILURE); | ||
| 2169 | goto err; | ||
| 2170 | } | ||
| 2171 | |||
| 2172 | if (n == 0L) | ||
| 2173 | { | ||
| 2174 | /* Client Publickey was in Client Certificate */ | ||
| 2175 | |||
| 2176 | if (l & SSL_kECDHE) | ||
| 2177 | { | ||
| 2178 | al=SSL_AD_HANDSHAKE_FAILURE; | ||
| 2179 | SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_MISSING_TMP_ECDH_KEY); | ||
| 2180 | goto f_err; | ||
| 2181 | } | ||
| 2182 | if (((clnt_pub_pkey=X509_get_pubkey(s->session->peer)) | ||
| 2183 | == NULL) || | ||
| 2184 | (clnt_pub_pkey->type != EVP_PKEY_EC)) | ||
| 2185 | { | ||
| 2186 | /* XXX: For now, we do not support client | ||
| 2187 | * authentication using ECDH certificates | ||
| 2188 | * so this branch (n == 0L) of the code is | ||
| 2189 | * never executed. When that support is | ||
| 2190 | * added, we ought to ensure the key | ||
| 2191 | * received in the certificate is | ||
| 2192 | * authorized for key agreement. | ||
| 2193 | * ECDH_compute_key implicitly checks that | ||
| 2194 | * the two ECDH shares are for the same | ||
| 2195 | * group. | ||
| 2196 | */ | ||
| 2197 | al=SSL_AD_HANDSHAKE_FAILURE; | ||
| 2198 | SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, | ||
| 2199 | SSL_R_UNABLE_TO_DECODE_ECDH_CERTS); | ||
| 2200 | goto f_err; | ||
| 2201 | } | ||
| 2202 | |||
| 2203 | if (EC_POINT_copy(clnt_ecpoint, | ||
| 2204 | EC_KEY_get0_public_key(clnt_pub_pkey->pkey.ec)) == 0) | ||
| 2205 | { | ||
| 2206 | SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, | ||
| 2207 | ERR_R_EC_LIB); | ||
| 2208 | goto err; | ||
| 2209 | } | ||
| 2210 | ret = 2; /* Skip certificate verify processing */ | ||
| 2211 | } | ||
| 2212 | else | ||
| 2213 | { | ||
| 2214 | /* Get client's public key from encoded point | ||
| 2215 | * in the ClientKeyExchange message. | ||
| 2216 | */ | ||
| 2217 | if ((bn_ctx = BN_CTX_new()) == NULL) | ||
| 2218 | { | ||
| 2219 | SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, | ||
| 2220 | ERR_R_MALLOC_FAILURE); | ||
| 2221 | goto err; | ||
| 2222 | } | ||
| 2223 | |||
| 2224 | /* Get encoded point length */ | ||
| 2225 | i = *p; | ||
| 2226 | p += 1; | ||
| 2227 | if (EC_POINT_oct2point(group, | ||
| 2228 | clnt_ecpoint, p, i, bn_ctx) == 0) | ||
| 2229 | { | ||
| 2230 | SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, | ||
| 2231 | ERR_R_EC_LIB); | ||
| 2232 | goto err; | ||
| 2233 | } | ||
| 2234 | /* p is pointing to somewhere in the buffer | ||
| 2235 | * currently, so set it to the start | ||
| 2236 | */ | ||
| 2237 | p=(unsigned char *)s->init_buf->data; | ||
| 2238 | } | ||
| 2239 | |||
| 2240 | /* Compute the shared pre-master secret */ | ||
| 2241 | field_size = EC_GROUP_get_degree(group); | ||
| 2242 | if (field_size <= 0) | ||
| 2243 | { | ||
| 2244 | SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, | ||
| 2245 | ERR_R_ECDH_LIB); | ||
| 2246 | goto err; | ||
| 2247 | } | ||
| 2248 | i = ECDH_compute_key(p, (field_size+7)/8, clnt_ecpoint, srvr_ecdh, NULL); | ||
| 2249 | if (i <= 0) | ||
| 2250 | { | ||
| 2251 | SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, | ||
| 2252 | ERR_R_ECDH_LIB); | ||
| 2253 | goto err; | ||
| 2254 | } | ||
| 2255 | |||
| 2256 | EVP_PKEY_free(clnt_pub_pkey); | ||
| 2257 | EC_POINT_free(clnt_ecpoint); | ||
| 2258 | if (srvr_ecdh != NULL) | ||
| 2259 | EC_KEY_free(srvr_ecdh); | ||
| 2260 | BN_CTX_free(bn_ctx); | ||
| 2261 | |||
| 2262 | /* Compute the master secret */ | ||
| 2263 | s->session->master_key_length = s->method->ssl3_enc-> \ | ||
| 2264 | generate_master_secret(s, s->session->master_key, p, i); | ||
| 2265 | |||
| 2266 | OPENSSL_cleanse(p, i); | ||
| 2267 | return (ret); | ||
| 2268 | } | ||
| 2269 | else | ||
| 2270 | #endif | ||
| 1747 | { | 2271 | { |
| 1748 | al=SSL_AD_HANDSHAKE_FAILURE; | 2272 | al=SSL_AD_HANDSHAKE_FAILURE; |
| 1749 | SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, | 2273 | SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, |
| @@ -1754,13 +2278,20 @@ static int ssl3_get_client_key_exchange(SSL *s) | |||
| 1754 | return(1); | 2278 | return(1); |
| 1755 | f_err: | 2279 | f_err: |
| 1756 | ssl3_send_alert(s,SSL3_AL_FATAL,al); | 2280 | ssl3_send_alert(s,SSL3_AL_FATAL,al); |
| 1757 | #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_RSA) | 2281 | #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_RSA) || !defined(OPENSSL_NO_ECDH) |
| 1758 | err: | 2282 | err: |
| 1759 | #endif | 2283 | #endif |
| 2284 | #ifndef OPENSSL_NO_ECDH | ||
| 2285 | EVP_PKEY_free(clnt_pub_pkey); | ||
| 2286 | EC_POINT_free(clnt_ecpoint); | ||
| 2287 | if (srvr_ecdh != NULL) | ||
| 2288 | EC_KEY_free(srvr_ecdh); | ||
| 2289 | BN_CTX_free(bn_ctx); | ||
| 2290 | #endif | ||
| 1760 | return(-1); | 2291 | return(-1); |
| 1761 | } | 2292 | } |
| 1762 | 2293 | ||
| 1763 | static int ssl3_get_cert_verify(SSL *s) | 2294 | int ssl3_get_cert_verify(SSL *s) |
| 1764 | { | 2295 | { |
| 1765 | EVP_PKEY *pkey=NULL; | 2296 | EVP_PKEY *pkey=NULL; |
| 1766 | unsigned char *p; | 2297 | unsigned char *p; |
| @@ -1769,7 +2300,7 @@ static int ssl3_get_cert_verify(SSL *s) | |||
| 1769 | int type=0,i,j; | 2300 | int type=0,i,j; |
| 1770 | X509 *peer; | 2301 | X509 *peer; |
| 1771 | 2302 | ||
| 1772 | n=ssl3_get_message(s, | 2303 | n=s->method->ssl_get_message(s, |
| 1773 | SSL3_ST_SR_CERT_VRFY_A, | 2304 | SSL3_ST_SR_CERT_VRFY_A, |
| 1774 | SSL3_ST_SR_CERT_VRFY_B, | 2305 | SSL3_ST_SR_CERT_VRFY_B, |
| 1775 | -1, | 2306 | -1, |
| @@ -1880,6 +2411,23 @@ static int ssl3_get_cert_verify(SSL *s) | |||
| 1880 | } | 2411 | } |
| 1881 | else | 2412 | else |
| 1882 | #endif | 2413 | #endif |
| 2414 | #ifndef OPENSSL_NO_ECDSA | ||
| 2415 | if (pkey->type == EVP_PKEY_EC) | ||
| 2416 | { | ||
| 2417 | j=ECDSA_verify(pkey->save_type, | ||
| 2418 | &(s->s3->tmp.cert_verify_md[MD5_DIGEST_LENGTH]), | ||
| 2419 | SHA_DIGEST_LENGTH,p,i,pkey->pkey.ec); | ||
| 2420 | if (j <= 0) | ||
| 2421 | { | ||
| 2422 | /* bad signature */ | ||
| 2423 | al=SSL_AD_DECRYPT_ERROR; | ||
| 2424 | SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, | ||
| 2425 | SSL_R_BAD_ECDSA_SIGNATURE); | ||
| 2426 | goto f_err; | ||
| 2427 | } | ||
| 2428 | } | ||
| 2429 | else | ||
| 2430 | #endif | ||
| 1883 | { | 2431 | { |
| 1884 | SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,ERR_R_INTERNAL_ERROR); | 2432 | SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,ERR_R_INTERNAL_ERROR); |
| 1885 | al=SSL_AD_UNSUPPORTED_CERTIFICATE; | 2433 | al=SSL_AD_UNSUPPORTED_CERTIFICATE; |
| @@ -1898,15 +2446,16 @@ end: | |||
| 1898 | return(ret); | 2446 | return(ret); |
| 1899 | } | 2447 | } |
| 1900 | 2448 | ||
| 1901 | static int ssl3_get_client_certificate(SSL *s) | 2449 | int ssl3_get_client_certificate(SSL *s) |
| 1902 | { | 2450 | { |
| 1903 | int i,ok,al,ret= -1; | 2451 | int i,ok,al,ret= -1; |
| 1904 | X509 *x=NULL; | 2452 | X509 *x=NULL; |
| 1905 | unsigned long l,nc,llen,n; | 2453 | unsigned long l,nc,llen,n; |
| 1906 | unsigned char *p,*d,*q; | 2454 | const unsigned char *p,*q; |
| 2455 | unsigned char *d; | ||
| 1907 | STACK_OF(X509) *sk=NULL; | 2456 | STACK_OF(X509) *sk=NULL; |
| 1908 | 2457 | ||
| 1909 | n=ssl3_get_message(s, | 2458 | n=s->method->ssl_get_message(s, |
| 1910 | SSL3_ST_SR_CERT_A, | 2459 | SSL3_ST_SR_CERT_A, |
| 1911 | SSL3_ST_SR_CERT_B, | 2460 | SSL3_ST_SR_CERT_B, |
| 1912 | -1, | 2461 | -1, |
| @@ -1941,7 +2490,7 @@ static int ssl3_get_client_certificate(SSL *s) | |||
| 1941 | SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_WRONG_MESSAGE_TYPE); | 2490 | SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_WRONG_MESSAGE_TYPE); |
| 1942 | goto f_err; | 2491 | goto f_err; |
| 1943 | } | 2492 | } |
| 1944 | d=p=(unsigned char *)s->init_msg; | 2493 | p=d=(unsigned char *)s->init_msg; |
| 1945 | 2494 | ||
| 1946 | if ((sk=sk_X509_new_null()) == NULL) | 2495 | if ((sk=sk_X509_new_null()) == NULL) |
| 1947 | { | 2496 | { |
| @@ -2080,3 +2629,209 @@ int ssl3_send_server_certificate(SSL *s) | |||
| 2080 | /* SSL3_ST_SW_CERT_B */ | 2629 | /* SSL3_ST_SW_CERT_B */ |
| 2081 | return(ssl3_do_write(s,SSL3_RT_HANDSHAKE)); | 2630 | return(ssl3_do_write(s,SSL3_RT_HANDSHAKE)); |
| 2082 | } | 2631 | } |
| 2632 | |||
| 2633 | |||
| 2634 | #ifndef OPENSSL_NO_ECDH | ||
| 2635 | /* This is the complement of curve_id2nid in s3_clnt.c. */ | ||
| 2636 | static int nid2curve_id(int nid) | ||
| 2637 | { | ||
| 2638 | /* ECC curves from draft-ietf-tls-ecc-01.txt (Mar 15, 2001) | ||
| 2639 | * (no changes in draft-ietf-tls-ecc-03.txt [June 2003]) */ | ||
| 2640 | switch (nid) { | ||
| 2641 | case NID_sect163k1: /* sect163k1 (1) */ | ||
| 2642 | return 1; | ||
| 2643 | case NID_sect163r1: /* sect163r1 (2) */ | ||
| 2644 | return 2; | ||
| 2645 | case NID_sect163r2: /* sect163r2 (3) */ | ||
| 2646 | return 3; | ||
| 2647 | case NID_sect193r1: /* sect193r1 (4) */ | ||
| 2648 | return 4; | ||
| 2649 | case NID_sect193r2: /* sect193r2 (5) */ | ||
| 2650 | return 5; | ||
| 2651 | case NID_sect233k1: /* sect233k1 (6) */ | ||
| 2652 | return 6; | ||
| 2653 | case NID_sect233r1: /* sect233r1 (7) */ | ||
| 2654 | return 7; | ||
| 2655 | case NID_sect239k1: /* sect239k1 (8) */ | ||
| 2656 | return 8; | ||
| 2657 | case NID_sect283k1: /* sect283k1 (9) */ | ||
| 2658 | return 9; | ||
| 2659 | case NID_sect283r1: /* sect283r1 (10) */ | ||
| 2660 | return 10; | ||
| 2661 | case NID_sect409k1: /* sect409k1 (11) */ | ||
| 2662 | return 11; | ||
| 2663 | case NID_sect409r1: /* sect409r1 (12) */ | ||
| 2664 | return 12; | ||
| 2665 | case NID_sect571k1: /* sect571k1 (13) */ | ||
| 2666 | return 13; | ||
| 2667 | case NID_sect571r1: /* sect571r1 (14) */ | ||
| 2668 | return 14; | ||
| 2669 | case NID_secp160k1: /* secp160k1 (15) */ | ||
| 2670 | return 15; | ||
| 2671 | case NID_secp160r1: /* secp160r1 (16) */ | ||
| 2672 | return 16; | ||
| 2673 | case NID_secp160r2: /* secp160r2 (17) */ | ||
| 2674 | return 17; | ||
| 2675 | case NID_secp192k1: /* secp192k1 (18) */ | ||
| 2676 | return 18; | ||
| 2677 | case NID_X9_62_prime192v1: /* secp192r1 (19) */ | ||
| 2678 | return 19; | ||
| 2679 | case NID_secp224k1: /* secp224k1 (20) */ | ||
| 2680 | return 20; | ||
| 2681 | case NID_secp224r1: /* secp224r1 (21) */ | ||
| 2682 | return 21; | ||
| 2683 | case NID_secp256k1: /* secp256k1 (22) */ | ||
| 2684 | return 22; | ||
| 2685 | case NID_X9_62_prime256v1: /* secp256r1 (23) */ | ||
| 2686 | return 23; | ||
| 2687 | case NID_secp384r1: /* secp384r1 (24) */ | ||
| 2688 | return 24; | ||
| 2689 | case NID_secp521r1: /* secp521r1 (25) */ | ||
| 2690 | return 25; | ||
| 2691 | default: | ||
| 2692 | return 0; | ||
| 2693 | } | ||
| 2694 | } | ||
| 2695 | #endif | ||
| 2696 | #ifndef OPENSSL_NO_TLSEXT | ||
| 2697 | int ssl3_send_newsession_ticket(SSL *s) | ||
| 2698 | { | ||
| 2699 | if (s->state == SSL3_ST_SW_SESSION_TICKET_A) | ||
| 2700 | { | ||
| 2701 | unsigned char *p, *senc, *macstart; | ||
| 2702 | int len, slen; | ||
| 2703 | unsigned int hlen; | ||
| 2704 | EVP_CIPHER_CTX ctx; | ||
| 2705 | HMAC_CTX hctx; | ||
| 2706 | unsigned char iv[EVP_MAX_IV_LENGTH]; | ||
| 2707 | unsigned char key_name[16]; | ||
| 2708 | |||
| 2709 | /* get session encoding length */ | ||
| 2710 | slen = i2d_SSL_SESSION(s->session, NULL); | ||
| 2711 | /* Some length values are 16 bits, so forget it if session is | ||
| 2712 | * too long | ||
| 2713 | */ | ||
| 2714 | if (slen > 0xFF00) | ||
| 2715 | return -1; | ||
| 2716 | /* Grow buffer if need be: the length calculation is as | ||
| 2717 | * follows 1 (size of message name) + 3 (message length | ||
| 2718 | * bytes) + 4 (ticket lifetime hint) + 2 (ticket length) + | ||
| 2719 | * 16 (key name) + max_iv_len (iv length) + | ||
| 2720 | * session_length + max_enc_block_size (max encrypted session | ||
| 2721 | * length) + max_md_size (HMAC). | ||
| 2722 | */ | ||
| 2723 | if (!BUF_MEM_grow(s->init_buf, | ||
| 2724 | 26 + EVP_MAX_IV_LENGTH + EVP_MAX_BLOCK_LENGTH + | ||
| 2725 | EVP_MAX_MD_SIZE + slen)) | ||
| 2726 | return -1; | ||
| 2727 | senc = OPENSSL_malloc(slen); | ||
| 2728 | if (!senc) | ||
| 2729 | return -1; | ||
| 2730 | p = senc; | ||
| 2731 | i2d_SSL_SESSION(s->session, &p); | ||
| 2732 | |||
| 2733 | p=(unsigned char *)s->init_buf->data; | ||
| 2734 | /* do the header */ | ||
| 2735 | *(p++)=SSL3_MT_NEWSESSION_TICKET; | ||
| 2736 | /* Skip message length for now */ | ||
| 2737 | p += 3; | ||
| 2738 | EVP_CIPHER_CTX_init(&ctx); | ||
| 2739 | HMAC_CTX_init(&hctx); | ||
| 2740 | /* Initialize HMAC and cipher contexts. If callback present | ||
| 2741 | * it does all the work otherwise use generated values | ||
| 2742 | * from parent ctx. | ||
| 2743 | */ | ||
| 2744 | if (s->ctx->tlsext_ticket_key_cb) | ||
| 2745 | { | ||
| 2746 | if (s->ctx->tlsext_ticket_key_cb(s, key_name, iv, &ctx, | ||
| 2747 | &hctx, 1) < 0) | ||
| 2748 | { | ||
| 2749 | OPENSSL_free(senc); | ||
| 2750 | return -1; | ||
| 2751 | } | ||
| 2752 | } | ||
| 2753 | else | ||
| 2754 | { | ||
| 2755 | RAND_pseudo_bytes(iv, 16); | ||
| 2756 | EVP_EncryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, | ||
| 2757 | s->ctx->tlsext_tick_aes_key, iv); | ||
| 2758 | HMAC_Init_ex(&hctx, s->ctx->tlsext_tick_hmac_key, 16, | ||
| 2759 | tlsext_tick_md(), NULL); | ||
| 2760 | memcpy(key_name, s->ctx->tlsext_tick_key_name, 16); | ||
| 2761 | } | ||
| 2762 | l2n(s->session->tlsext_tick_lifetime_hint, p); | ||
| 2763 | /* Skip ticket length for now */ | ||
| 2764 | p += 2; | ||
| 2765 | /* Output key name */ | ||
| 2766 | macstart = p; | ||
| 2767 | memcpy(p, key_name, 16); | ||
| 2768 | p += 16; | ||
| 2769 | /* output IV */ | ||
| 2770 | memcpy(p, iv, EVP_CIPHER_CTX_iv_length(&ctx)); | ||
| 2771 | p += EVP_CIPHER_CTX_iv_length(&ctx); | ||
| 2772 | /* Encrypt session data */ | ||
| 2773 | EVP_EncryptUpdate(&ctx, p, &len, senc, slen); | ||
| 2774 | p += len; | ||
| 2775 | EVP_EncryptFinal(&ctx, p, &len); | ||
| 2776 | p += len; | ||
| 2777 | EVP_CIPHER_CTX_cleanup(&ctx); | ||
| 2778 | |||
| 2779 | HMAC_Update(&hctx, macstart, p - macstart); | ||
| 2780 | HMAC_Final(&hctx, p, &hlen); | ||
| 2781 | HMAC_CTX_cleanup(&hctx); | ||
| 2782 | |||
| 2783 | p += hlen; | ||
| 2784 | /* Now write out lengths: p points to end of data written */ | ||
| 2785 | /* Total length */ | ||
| 2786 | len = p - (unsigned char *)s->init_buf->data; | ||
| 2787 | p=(unsigned char *)s->init_buf->data + 1; | ||
| 2788 | l2n3(len - 4, p); /* Message length */ | ||
| 2789 | p += 4; | ||
| 2790 | s2n(len - 10, p); /* Ticket length */ | ||
| 2791 | |||
| 2792 | /* number of bytes to write */ | ||
| 2793 | s->init_num= len; | ||
| 2794 | s->state=SSL3_ST_SW_SESSION_TICKET_B; | ||
| 2795 | s->init_off=0; | ||
| 2796 | OPENSSL_free(senc); | ||
| 2797 | } | ||
| 2798 | |||
| 2799 | /* SSL3_ST_SW_SESSION_TICKET_B */ | ||
| 2800 | return(ssl3_do_write(s,SSL3_RT_HANDSHAKE)); | ||
| 2801 | } | ||
| 2802 | |||
| 2803 | int ssl3_send_cert_status(SSL *s) | ||
| 2804 | { | ||
| 2805 | if (s->state == SSL3_ST_SW_CERT_STATUS_A) | ||
| 2806 | { | ||
| 2807 | unsigned char *p; | ||
| 2808 | /* Grow buffer if need be: the length calculation is as | ||
| 2809 | * follows 1 (message type) + 3 (message length) + | ||
| 2810 | * 1 (ocsp response type) + 3 (ocsp response length) | ||
| 2811 | * + (ocsp response) | ||
| 2812 | */ | ||
| 2813 | if (!BUF_MEM_grow(s->init_buf, 8 + s->tlsext_ocsp_resplen)) | ||
| 2814 | return -1; | ||
| 2815 | |||
| 2816 | p=(unsigned char *)s->init_buf->data; | ||
| 2817 | |||
| 2818 | /* do the header */ | ||
| 2819 | *(p++)=SSL3_MT_CERTIFICATE_STATUS; | ||
| 2820 | /* message length */ | ||
| 2821 | l2n3(s->tlsext_ocsp_resplen + 4, p); | ||
| 2822 | /* status type */ | ||
| 2823 | *(p++)= s->tlsext_status_type; | ||
| 2824 | /* length of OCSP response */ | ||
| 2825 | l2n3(s->tlsext_ocsp_resplen, p); | ||
| 2826 | /* actual response */ | ||
| 2827 | memcpy(p, s->tlsext_ocsp_resp, s->tlsext_ocsp_resplen); | ||
| 2828 | /* number of bytes to write */ | ||
| 2829 | s->init_num = 8 + s->tlsext_ocsp_resplen; | ||
| 2830 | s->state=SSL3_ST_SW_CERT_STATUS_B; | ||
| 2831 | s->init_off = 0; | ||
| 2832 | } | ||
| 2833 | |||
| 2834 | /* SSL3_ST_SW_CERT_STATUS_B */ | ||
| 2835 | return(ssl3_do_write(s,SSL3_RT_HANDSHAKE)); | ||
| 2836 | } | ||
| 2837 | #endif | ||
diff --git a/src/lib/libssl/src/CHANGES b/src/lib/libssl/src/CHANGES index 2840a36a6d..217aa70dcb 100644 --- a/src/lib/libssl/src/CHANGES +++ b/src/lib/libssl/src/CHANGES | |||
| @@ -2,6 +2,1459 @@ | |||
| 2 | OpenSSL CHANGES | 2 | OpenSSL CHANGES |
| 3 | _______________ | 3 | _______________ |
| 4 | 4 | ||
| 5 | Changes between 0.9.8g and 0.9.8h [28 May 2008] | ||
| 6 | |||
| 7 | *) Fix flaw if 'Server Key exchange message' is omitted from a TLS | ||
| 8 | handshake which could lead to a cilent crash as found using the | ||
| 9 | Codenomicon TLS test suite (CVE-2008-1672) | ||
| 10 | [Steve Henson, Mark Cox] | ||
| 11 | |||
| 12 | *) Fix double free in TLS server name extensions which could lead to | ||
| 13 | a remote crash found by Codenomicon TLS test suite (CVE-2008-0891) | ||
| 14 | [Joe Orton] | ||
| 15 | |||
| 16 | *) Clear error queue in SSL_CTX_use_certificate_chain_file() | ||
| 17 | |||
| 18 | Clear the error queue to ensure that error entries left from | ||
| 19 | older function calls do not interfere with the correct operation. | ||
| 20 | [Lutz Jaenicke, Erik de Castro Lopo] | ||
| 21 | |||
| 22 | *) Remove root CA certificates of commercial CAs: | ||
| 23 | |||
| 24 | The OpenSSL project does not recommend any specific CA and does not | ||
| 25 | have any policy with respect to including or excluding any CA. | ||
| 26 | Therefore it does not make any sense to ship an arbitrary selection | ||
| 27 | of root CA certificates with the OpenSSL software. | ||
| 28 | [Lutz Jaenicke] | ||
| 29 | |||
| 30 | *) RSA OAEP patches to fix two separate invalid memory reads. | ||
| 31 | The first one involves inputs when 'lzero' is greater than | ||
| 32 | 'SHA_DIGEST_LENGTH' (it would read about SHA_DIGEST_LENGTH bytes | ||
| 33 | before the beginning of from). The second one involves inputs where | ||
| 34 | the 'db' section contains nothing but zeroes (there is a one-byte | ||
| 35 | invalid read after the end of 'db'). | ||
| 36 | [Ivan Nestlerode <inestlerode@us.ibm.com>] | ||
| 37 | |||
| 38 | *) Partial backport from 0.9.9-dev: | ||
| 39 | |||
| 40 | Introduce bn_mul_mont (dedicated Montgomery multiplication | ||
| 41 | procedure) as a candidate for BIGNUM assembler implementation. | ||
| 42 | While 0.9.9-dev uses assembler for various architectures, only | ||
| 43 | x86_64 is available by default here in the 0.9.8 branch, and | ||
| 44 | 32-bit x86 is available through a compile-time setting. | ||
| 45 | |||
| 46 | To try the 32-bit x86 assembler implementation, use Configure | ||
| 47 | option "enable-montasm" (which exists only for this backport). | ||
| 48 | |||
| 49 | As "enable-montasm" for 32-bit x86 disclaims code stability | ||
| 50 | anyway, in this constellation we activate additional code | ||
| 51 | backported from 0.9.9-dev for further performance improvements, | ||
| 52 | namely BN_from_montgomery_word. (To enable this otherwise, | ||
| 53 | e.g. x86_64, try "-DMONT_FROM_WORD___NON_DEFAULT_0_9_8_BUILD".) | ||
| 54 | |||
| 55 | [Andy Polyakov (backport partially by Bodo Moeller)] | ||
| 56 | |||
| 57 | *) Add TLS session ticket callback. This allows an application to set | ||
| 58 | TLS ticket cipher and HMAC keys rather than relying on hardcoded fixed | ||
| 59 | values. This is useful for key rollover for example where several key | ||
| 60 | sets may exist with different names. | ||
| 61 | [Steve Henson] | ||
| 62 | |||
| 63 | *) Reverse ENGINE-internal logic for caching default ENGINE handles. | ||
| 64 | This was broken until now in 0.9.8 releases, such that the only way | ||
| 65 | a registered ENGINE could be used (assuming it initialises | ||
| 66 | successfully on the host) was to explicitly set it as the default | ||
| 67 | for the relevant algorithms. This is in contradiction with 0.9.7 | ||
| 68 | behaviour and the documentation. With this fix, when an ENGINE is | ||
| 69 | registered into a given algorithm's table of implementations, the | ||
| 70 | 'uptodate' flag is reset so that auto-discovery will be used next | ||
| 71 | time a new context for that algorithm attempts to select an | ||
| 72 | implementation. | ||
| 73 | [Ian Lister (tweaked by Geoff Thorpe)] | ||
| 74 | |||
| 75 | *) Backport of CMS code to OpenSSL 0.9.8. This differs from the 0.9.9 | ||
| 76 | implemention in the following ways: | ||
| 77 | |||
| 78 | Lack of EVP_PKEY_ASN1_METHOD means algorithm parameters have to be | ||
| 79 | hard coded. | ||
| 80 | |||
| 81 | Lack of BER streaming support means one pass streaming processing is | ||
| 82 | only supported if data is detached: setting the streaming flag is | ||
| 83 | ignored for embedded content. | ||
| 84 | |||
| 85 | CMS support is disabled by default and must be explicitly enabled | ||
| 86 | with the enable-cms configuration option. | ||
| 87 | [Steve Henson] | ||
| 88 | |||
| 89 | *) Update the GMP engine glue to do direct copies between BIGNUM and | ||
| 90 | mpz_t when openssl and GMP use the same limb size. Otherwise the | ||
| 91 | existing "conversion via a text string export" trick is still used. | ||
| 92 | [Paul Sheer <paulsheer@gmail.com>] | ||
| 93 | |||
| 94 | *) Zlib compression BIO. This is a filter BIO which compressed and | ||
| 95 | uncompresses any data passed through it. | ||
| 96 | [Steve Henson] | ||
| 97 | |||
| 98 | *) Add AES_wrap_key() and AES_unwrap_key() functions to implement | ||
| 99 | RFC3394 compatible AES key wrapping. | ||
| 100 | [Steve Henson] | ||
| 101 | |||
| 102 | *) Add utility functions to handle ASN1 structures. ASN1_STRING_set0(): | ||
| 103 | sets string data without copying. X509_ALGOR_set0() and | ||
| 104 | X509_ALGOR_get0(): set and retrieve X509_ALGOR (AlgorithmIdentifier) | ||
| 105 | data. Attribute function X509at_get0_data_by_OBJ(): retrieves data | ||
| 106 | from an X509_ATTRIBUTE structure optionally checking it occurs only | ||
| 107 | once. ASN1_TYPE_set1(): set and ASN1_TYPE structure copying supplied | ||
| 108 | data. | ||
| 109 | [Steve Henson] | ||
| 110 | |||
| 111 | *) Fix BN flag handling in RSA_eay_mod_exp() and BN_MONT_CTX_set() | ||
| 112 | to get the expected BN_FLG_CONSTTIME behavior. | ||
| 113 | [Bodo Moeller (Google)] | ||
| 114 | |||
| 115 | *) Netware support: | ||
| 116 | |||
| 117 | - fixed wrong usage of ioctlsocket() when build for LIBC BSD sockets | ||
| 118 | - fixed do_tests.pl to run the test suite with CLIB builds too (CLIB_OPT) | ||
| 119 | - added some more tests to do_tests.pl | ||
| 120 | - fixed RunningProcess usage so that it works with newer LIBC NDKs too | ||
| 121 | - removed usage of BN_LLONG for CLIB builds to avoid runtime dependency | ||
| 122 | - added new Configure targets netware-clib-bsdsock, netware-clib-gcc, | ||
| 123 | netware-clib-bsdsock-gcc, netware-libc-bsdsock-gcc | ||
| 124 | - various changes to netware.pl to enable gcc-cross builds on Win32 | ||
| 125 | platform | ||
| 126 | - changed crypto/bio/b_sock.c to work with macro functions (CLIB BSD) | ||
| 127 | - various changes to fix missing prototype warnings | ||
| 128 | - fixed x86nasm.pl to create correct asm files for NASM COFF output | ||
| 129 | - added AES, WHIRLPOOL and CPUID assembler code to build files | ||
| 130 | - added missing AES assembler make rules to mk1mf.pl | ||
| 131 | - fixed order of includes in apps/ocsp.c so that e_os.h settings apply | ||
| 132 | [Guenter Knauf <eflash@gmx.net>] | ||
| 133 | |||
| 134 | *) Implement certificate status request TLS extension defined in RFC3546. | ||
| 135 | A client can set the appropriate parameters and receive the encoded | ||
| 136 | OCSP response via a callback. A server can query the supplied parameters | ||
| 137 | and set the encoded OCSP response in the callback. Add simplified examples | ||
| 138 | to s_client and s_server. | ||
| 139 | [Steve Henson] | ||
| 140 | |||
| 141 | Changes between 0.9.8f and 0.9.8g [19 Oct 2007] | ||
| 142 | |||
| 143 | *) Fix various bugs: | ||
| 144 | + Binary incompatibility of ssl_ctx_st structure | ||
| 145 | + DTLS interoperation with non-compliant servers | ||
| 146 | + Don't call get_session_cb() without proposed session | ||
| 147 | + Fix ia64 assembler code | ||
| 148 | [Andy Polyakov, Steve Henson] | ||
| 149 | |||
| 150 | Changes between 0.9.8e and 0.9.8f [11 Oct 2007] | ||
| 151 | |||
| 152 | *) DTLS Handshake overhaul. There were longstanding issues with | ||
| 153 | OpenSSL DTLS implementation, which were making it impossible for | ||
| 154 | RFC 4347 compliant client to communicate with OpenSSL server. | ||
| 155 | Unfortunately just fixing these incompatibilities would "cut off" | ||
| 156 | pre-0.9.8f clients. To allow for hassle free upgrade post-0.9.8e | ||
| 157 | server keeps tolerating non RFC compliant syntax. The opposite is | ||
| 158 | not true, 0.9.8f client can not communicate with earlier server. | ||
| 159 | This update even addresses CVE-2007-4995. | ||
| 160 | [Andy Polyakov] | ||
| 161 | |||
| 162 | *) Changes to avoid need for function casts in OpenSSL: some compilers | ||
| 163 | (gcc 4.2 and later) reject their use. | ||
| 164 | [Kurt Roeckx <kurt@roeckx.be>, Peter Hartley <pdh@utter.chaos.org.uk>, | ||
| 165 | Steve Henson] | ||
| 166 | |||
| 167 | *) Add RFC4507 support to OpenSSL. This includes the corrections in | ||
| 168 | RFC4507bis. The encrypted ticket format is an encrypted encoded | ||
| 169 | SSL_SESSION structure, that way new session features are automatically | ||
| 170 | supported. | ||
| 171 | |||
| 172 | If a client application caches session in an SSL_SESSION structure | ||
| 173 | support is transparent because tickets are now stored in the encoded | ||
| 174 | SSL_SESSION. | ||
| 175 | |||
| 176 | The SSL_CTX structure automatically generates keys for ticket | ||
| 177 | protection in servers so again support should be possible | ||
| 178 | with no application modification. | ||
| 179 | |||
| 180 | If a client or server wishes to disable RFC4507 support then the option | ||
| 181 | SSL_OP_NO_TICKET can be set. | ||
| 182 | |||
| 183 | Add a TLS extension debugging callback to allow the contents of any client | ||
| 184 | or server extensions to be examined. | ||
| 185 | |||
| 186 | This work was sponsored by Google. | ||
| 187 | [Steve Henson] | ||
| 188 | |||
| 189 | *) Add initial support for TLS extensions, specifically for the server_name | ||
| 190 | extension so far. The SSL_SESSION, SSL_CTX, and SSL data structures now | ||
| 191 | have new members for a host name. The SSL data structure has an | ||
| 192 | additional member SSL_CTX *initial_ctx so that new sessions can be | ||
| 193 | stored in that context to allow for session resumption, even after the | ||
| 194 | SSL has been switched to a new SSL_CTX in reaction to a client's | ||
| 195 | server_name extension. | ||
| 196 | |||
| 197 | New functions (subject to change): | ||
| 198 | |||
| 199 | SSL_get_servername() | ||
| 200 | SSL_get_servername_type() | ||
| 201 | SSL_set_SSL_CTX() | ||
| 202 | |||
| 203 | New CTRL codes and macros (subject to change): | ||
| 204 | |||
| 205 | SSL_CTRL_SET_TLSEXT_SERVERNAME_CB | ||
| 206 | - SSL_CTX_set_tlsext_servername_callback() | ||
| 207 | SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG | ||
| 208 | - SSL_CTX_set_tlsext_servername_arg() | ||
| 209 | SSL_CTRL_SET_TLSEXT_HOSTNAME - SSL_set_tlsext_host_name() | ||
| 210 | |||
| 211 | openssl s_client has a new '-servername ...' option. | ||
| 212 | |||
| 213 | openssl s_server has new options '-servername_host ...', '-cert2 ...', | ||
| 214 | '-key2 ...', '-servername_fatal' (subject to change). This allows | ||
| 215 | testing the HostName extension for a specific single host name ('-cert' | ||
| 216 | and '-key' remain fallbacks for handshakes without HostName | ||
| 217 | negotiation). If the unrecogninzed_name alert has to be sent, this by | ||
| 218 | default is a warning; it becomes fatal with the '-servername_fatal' | ||
| 219 | option. | ||
| 220 | |||
| 221 | [Peter Sylvester, Remy Allais, Christophe Renou, Steve Henson] | ||
| 222 | |||
| 223 | *) Add AES and SSE2 assembly language support to VC++ build. | ||
| 224 | [Steve Henson] | ||
| 225 | |||
| 226 | *) Mitigate attack on final subtraction in Montgomery reduction. | ||
| 227 | [Andy Polyakov] | ||
| 228 | |||
| 229 | *) Fix crypto/ec/ec_mult.c to work properly with scalars of value 0 | ||
| 230 | (which previously caused an internal error). | ||
| 231 | [Bodo Moeller] | ||
| 232 | |||
| 233 | *) Squeeze another 10% out of IGE mode when in != out. | ||
| 234 | [Ben Laurie] | ||
| 235 | |||
| 236 | *) AES IGE mode speedup. | ||
| 237 | [Dean Gaudet (Google)] | ||
| 238 | |||
| 239 | *) Add the Korean symmetric 128-bit cipher SEED (see | ||
| 240 | http://www.kisa.or.kr/kisa/seed/jsp/seed_eng.jsp) and | ||
| 241 | add SEED ciphersuites from RFC 4162: | ||
| 242 | |||
| 243 | TLS_RSA_WITH_SEED_CBC_SHA = "SEED-SHA" | ||
| 244 | TLS_DHE_DSS_WITH_SEED_CBC_SHA = "DHE-DSS-SEED-SHA" | ||
| 245 | TLS_DHE_RSA_WITH_SEED_CBC_SHA = "DHE-RSA-SEED-SHA" | ||
| 246 | TLS_DH_anon_WITH_SEED_CBC_SHA = "ADH-SEED-SHA" | ||
| 247 | |||
| 248 | To minimize changes between patchlevels in the OpenSSL 0.9.8 | ||
| 249 | series, SEED remains excluded from compilation unless OpenSSL | ||
| 250 | is configured with 'enable-seed'. | ||
| 251 | [KISA, Bodo Moeller] | ||
| 252 | |||
| 253 | *) Mitigate branch prediction attacks, which can be practical if a | ||
| 254 | single processor is shared, allowing a spy process to extract | ||
| 255 | information. For detailed background information, see | ||
| 256 | http://eprint.iacr.org/2007/039 (O. Aciicmez, S. Gueron, | ||
| 257 | J.-P. Seifert, "New Branch Prediction Vulnerabilities in OpenSSL | ||
| 258 | and Necessary Software Countermeasures"). The core of the change | ||
| 259 | are new versions BN_div_no_branch() and | ||
| 260 | BN_mod_inverse_no_branch() of BN_div() and BN_mod_inverse(), | ||
| 261 | respectively, which are slower, but avoid the security-relevant | ||
| 262 | conditional branches. These are automatically called by BN_div() | ||
| 263 | and BN_mod_inverse() if the flag BN_FLG_CONSTTIME is set for one | ||
| 264 | of the input BIGNUMs. Also, BN_is_bit_set() has been changed to | ||
| 265 | remove a conditional branch. | ||
| 266 | |||
| 267 | BN_FLG_CONSTTIME is the new name for the previous | ||
| 268 | BN_FLG_EXP_CONSTTIME flag, since it now affects more than just | ||
| 269 | modular exponentiation. (Since OpenSSL 0.9.7h, setting this flag | ||
| 270 | in the exponent causes BN_mod_exp_mont() to use the alternative | ||
| 271 | implementation in BN_mod_exp_mont_consttime().) The old name | ||
| 272 | remains as a deprecated alias. | ||
| 273 | |||
| 274 | Similary, RSA_FLAG_NO_EXP_CONSTTIME is replaced by a more general | ||
| 275 | RSA_FLAG_NO_CONSTTIME flag since the RSA implementation now uses | ||
| 276 | constant-time implementations for more than just exponentiation. | ||
| 277 | Here too the old name is kept as a deprecated alias. | ||
| 278 | |||
| 279 | BN_BLINDING_new() will now use BN_dup() for the modulus so that | ||
| 280 | the BN_BLINDING structure gets an independent copy of the | ||
| 281 | modulus. This means that the previous "BIGNUM *m" argument to | ||
| 282 | BN_BLINDING_new() and to BN_BLINDING_create_param() now | ||
| 283 | essentially becomes "const BIGNUM *m", although we can't actually | ||
| 284 | change this in the header file before 0.9.9. It allows | ||
| 285 | RSA_setup_blinding() to use BN_with_flags() on the modulus to | ||
| 286 | enable BN_FLG_CONSTTIME. | ||
| 287 | |||
| 288 | [Matthew D Wood (Intel Corp)] | ||
| 289 | |||
| 290 | *) In the SSL/TLS server implementation, be strict about session ID | ||
| 291 | context matching (which matters if an application uses a single | ||
| 292 | external cache for different purposes). Previously, | ||
| 293 | out-of-context reuse was forbidden only if SSL_VERIFY_PEER was | ||
| 294 | set. This did ensure strict client verification, but meant that, | ||
| 295 | with applications using a single external cache for quite | ||
| 296 | different requirements, clients could circumvent ciphersuite | ||
| 297 | restrictions for a given session ID context by starting a session | ||
| 298 | in a different context. | ||
| 299 | [Bodo Moeller] | ||
| 300 | |||
| 301 | *) Include "!eNULL" in SSL_DEFAULT_CIPHER_LIST to make sure that | ||
| 302 | a ciphersuite string such as "DEFAULT:RSA" cannot enable | ||
| 303 | authentication-only ciphersuites. | ||
| 304 | [Bodo Moeller] | ||
| 305 | |||
| 306 | *) Update the SSL_get_shared_ciphers() fix CVE-2006-3738 which was | ||
| 307 | not complete and could lead to a possible single byte overflow | ||
| 308 | (CVE-2007-5135) [Ben Laurie] | ||
| 309 | |||
| 310 | Changes between 0.9.8d and 0.9.8e [23 Feb 2007] | ||
| 311 | |||
| 312 | *) Since AES128 and AES256 (and similarly Camellia128 and | ||
| 313 | Camellia256) share a single mask bit in the logic of | ||
| 314 | ssl/ssl_ciph.c, the code for masking out disabled ciphers needs a | ||
| 315 | kludge to work properly if AES128 is available and AES256 isn't | ||
| 316 | (or if Camellia128 is available and Camellia256 isn't). | ||
| 317 | [Victor Duchovni] | ||
| 318 | |||
| 319 | *) Fix the BIT STRING encoding generated by crypto/ec/ec_asn1.c | ||
| 320 | (within i2d_ECPrivateKey, i2d_ECPKParameters, i2d_ECParameters): | ||
| 321 | When a point or a seed is encoded in a BIT STRING, we need to | ||
| 322 | prevent the removal of trailing zero bits to get the proper DER | ||
| 323 | encoding. (By default, crypto/asn1/a_bitstr.c assumes the case | ||
| 324 | of a NamedBitList, for which trailing 0 bits need to be removed.) | ||
| 325 | [Bodo Moeller] | ||
| 326 | |||
| 327 | *) Have SSL/TLS server implementation tolerate "mismatched" record | ||
| 328 | protocol version while receiving ClientHello even if the | ||
| 329 | ClientHello is fragmented. (The server can't insist on the | ||
| 330 | particular protocol version it has chosen before the ServerHello | ||
| 331 | message has informed the client about his choice.) | ||
| 332 | [Bodo Moeller] | ||
| 333 | |||
| 334 | *) Add RFC 3779 support. | ||
| 335 | [Rob Austein for ARIN, Ben Laurie] | ||
| 336 | |||
| 337 | *) Load error codes if they are not already present instead of using a | ||
| 338 | static variable. This allows them to be cleanly unloaded and reloaded. | ||
| 339 | Improve header file function name parsing. | ||
| 340 | [Steve Henson] | ||
| 341 | |||
| 342 | *) extend SMTP and IMAP protocol emulation in s_client to use EHLO | ||
| 343 | or CAPABILITY handshake as required by RFCs. | ||
| 344 | [Goetz Babin-Ebell] | ||
| 345 | |||
| 346 | Changes between 0.9.8c and 0.9.8d [28 Sep 2006] | ||
| 347 | |||
| 348 | *) Introduce limits to prevent malicious keys being able to | ||
| 349 | cause a denial of service. (CVE-2006-2940) | ||
| 350 | [Steve Henson, Bodo Moeller] | ||
| 351 | |||
| 352 | *) Fix ASN.1 parsing of certain invalid structures that can result | ||
| 353 | in a denial of service. (CVE-2006-2937) [Steve Henson] | ||
| 354 | |||
| 355 | *) Fix buffer overflow in SSL_get_shared_ciphers() function. | ||
| 356 | (CVE-2006-3738) [Tavis Ormandy and Will Drewry, Google Security Team] | ||
| 357 | |||
| 358 | *) Fix SSL client code which could crash if connecting to a | ||
| 359 | malicious SSLv2 server. (CVE-2006-4343) | ||
| 360 | [Tavis Ormandy and Will Drewry, Google Security Team] | ||
| 361 | |||
| 362 | *) Since 0.9.8b, ciphersuite strings naming explicit ciphersuites | ||
| 363 | match only those. Before that, "AES256-SHA" would be interpreted | ||
| 364 | as a pattern and match "AES128-SHA" too (since AES128-SHA got | ||
| 365 | the same strength classification in 0.9.7h) as we currently only | ||
| 366 | have a single AES bit in the ciphersuite description bitmap. | ||
| 367 | That change, however, also applied to ciphersuite strings such as | ||
| 368 | "RC4-MD5" that intentionally matched multiple ciphersuites -- | ||
| 369 | namely, SSL 2.0 ciphersuites in addition to the more common ones | ||
| 370 | from SSL 3.0/TLS 1.0. | ||
| 371 | |||
| 372 | So we change the selection algorithm again: Naming an explicit | ||
| 373 | ciphersuite selects this one ciphersuite, and any other similar | ||
| 374 | ciphersuite (same bitmap) from *other* protocol versions. | ||
| 375 | Thus, "RC4-MD5" again will properly select both the SSL 2.0 | ||
| 376 | ciphersuite and the SSL 3.0/TLS 1.0 ciphersuite. | ||
| 377 | |||
| 378 | Since SSL 2.0 does not have any ciphersuites for which the | ||
| 379 | 128/256 bit distinction would be relevant, this works for now. | ||
| 380 | The proper fix will be to use different bits for AES128 and | ||
| 381 | AES256, which would have avoided the problems from the beginning; | ||
| 382 | however, bits are scarce, so we can only do this in a new release | ||
| 383 | (not just a patchlevel) when we can change the SSL_CIPHER | ||
| 384 | definition to split the single 'unsigned long mask' bitmap into | ||
| 385 | multiple values to extend the available space. | ||
| 386 | |||
| 387 | [Bodo Moeller] | ||
| 388 | |||
| 389 | Changes between 0.9.8b and 0.9.8c [05 Sep 2006] | ||
| 390 | |||
| 391 | *) Avoid PKCS #1 v1.5 signature attack discovered by Daniel Bleichenbacher | ||
| 392 | (CVE-2006-4339) [Ben Laurie and Google Security Team] | ||
| 393 | |||
| 394 | *) Add AES IGE and biIGE modes. | ||
| 395 | [Ben Laurie] | ||
| 396 | |||
| 397 | *) Change the Unix randomness entropy gathering to use poll() when | ||
| 398 | possible instead of select(), since the latter has some | ||
| 399 | undesirable limitations. | ||
| 400 | [Darryl Miles via Richard Levitte and Bodo Moeller] | ||
| 401 | |||
| 402 | *) Disable "ECCdraft" ciphersuites more thoroughly. Now special | ||
| 403 | treatment in ssl/ssl_ciph.s makes sure that these ciphersuites | ||
| 404 | cannot be implicitly activated as part of, e.g., the "AES" alias. | ||
| 405 | However, please upgrade to OpenSSL 0.9.9[-dev] for | ||
| 406 | non-experimental use of the ECC ciphersuites to get TLS extension | ||
| 407 | support, which is required for curve and point format negotiation | ||
| 408 | to avoid potential handshake problems. | ||
| 409 | [Bodo Moeller] | ||
| 410 | |||
| 411 | *) Disable rogue ciphersuites: | ||
| 412 | |||
| 413 | - SSLv2 0x08 0x00 0x80 ("RC4-64-MD5") | ||
| 414 | - SSLv3/TLSv1 0x00 0x61 ("EXP1024-RC2-CBC-MD5") | ||
| 415 | - SSLv3/TLSv1 0x00 0x60 ("EXP1024-RC4-MD5") | ||
| 416 | |||
| 417 | The latter two were purportedly from | ||
| 418 | draft-ietf-tls-56-bit-ciphersuites-0[01].txt, but do not really | ||
| 419 | appear there. | ||
| 420 | |||
| 421 | Also deactivate the remaining ciphersuites from | ||
| 422 | draft-ietf-tls-56-bit-ciphersuites-01.txt. These are just as | ||
| 423 | unofficial, and the ID has long expired. | ||
| 424 | [Bodo Moeller] | ||
| 425 | |||
| 426 | *) Fix RSA blinding Heisenbug (problems sometimes occured on | ||
| 427 | dual-core machines) and other potential thread-safety issues. | ||
| 428 | [Bodo Moeller] | ||
| 429 | |||
| 430 | *) Add the symmetric cipher Camellia (128-bit, 192-bit, 256-bit key | ||
| 431 | versions), which is now available for royalty-free use | ||
| 432 | (see http://info.isl.ntt.co.jp/crypt/eng/info/chiteki.html). | ||
| 433 | Also, add Camellia TLS ciphersuites from RFC 4132. | ||
| 434 | |||
| 435 | To minimize changes between patchlevels in the OpenSSL 0.9.8 | ||
| 436 | series, Camellia remains excluded from compilation unless OpenSSL | ||
| 437 | is configured with 'enable-camellia'. | ||
| 438 | [NTT] | ||
| 439 | |||
| 440 | *) Disable the padding bug check when compression is in use. The padding | ||
| 441 | bug check assumes the first packet is of even length, this is not | ||
| 442 | necessarily true if compresssion is enabled and can result in false | ||
| 443 | positives causing handshake failure. The actual bug test is ancient | ||
| 444 | code so it is hoped that implementations will either have fixed it by | ||
| 445 | now or any which still have the bug do not support compression. | ||
| 446 | [Steve Henson] | ||
| 447 | |||
| 448 | Changes between 0.9.8a and 0.9.8b [04 May 2006] | ||
| 449 | |||
| 450 | *) When applying a cipher rule check to see if string match is an explicit | ||
| 451 | cipher suite and only match that one cipher suite if it is. | ||
| 452 | [Steve Henson] | ||
| 453 | |||
| 454 | *) Link in manifests for VC++ if needed. | ||
| 455 | [Austin Ziegler <halostatue@gmail.com>] | ||
| 456 | |||
| 457 | *) Update support for ECC-based TLS ciphersuites according to | ||
| 458 | draft-ietf-tls-ecc-12.txt with proposed changes (but without | ||
| 459 | TLS extensions, which are supported starting with the 0.9.9 | ||
| 460 | branch, not in the OpenSSL 0.9.8 branch). | ||
| 461 | [Douglas Stebila] | ||
| 462 | |||
| 463 | *) New functions EVP_CIPHER_CTX_new() and EVP_CIPHER_CTX_free() to support | ||
| 464 | opaque EVP_CIPHER_CTX handling. | ||
| 465 | [Steve Henson] | ||
| 466 | |||
| 467 | *) Fixes and enhancements to zlib compression code. We now only use | ||
| 468 | "zlib1.dll" and use the default __cdecl calling convention on Win32 | ||
| 469 | to conform with the standards mentioned here: | ||
| 470 | http://www.zlib.net/DLL_FAQ.txt | ||
| 471 | Static zlib linking now works on Windows and the new --with-zlib-include | ||
| 472 | --with-zlib-lib options to Configure can be used to supply the location | ||
| 473 | of the headers and library. Gracefully handle case where zlib library | ||
| 474 | can't be loaded. | ||
| 475 | [Steve Henson] | ||
| 476 | |||
| 477 | *) Several fixes and enhancements to the OID generation code. The old code | ||
| 478 | sometimes allowed invalid OIDs (1.X for X >= 40 for example), couldn't | ||
| 479 | handle numbers larger than ULONG_MAX, truncated printing and had a | ||
| 480 | non standard OBJ_obj2txt() behaviour. | ||
| 481 | [Steve Henson] | ||
| 482 | |||
| 483 | *) Add support for building of engines under engine/ as shared libraries | ||
| 484 | under VC++ build system. | ||
| 485 | [Steve Henson] | ||
| 486 | |||
| 487 | *) Corrected the numerous bugs in the Win32 path splitter in DSO. | ||
| 488 | Hopefully, we will not see any false combination of paths any more. | ||
| 489 | [Richard Levitte] | ||
| 490 | |||
| 491 | Changes between 0.9.8 and 0.9.8a [11 Oct 2005] | ||
| 492 | |||
| 493 | *) Remove the functionality of SSL_OP_MSIE_SSLV2_RSA_PADDING | ||
| 494 | (part of SSL_OP_ALL). This option used to disable the | ||
| 495 | countermeasure against man-in-the-middle protocol-version | ||
| 496 | rollback in the SSL 2.0 server implementation, which is a bad | ||
| 497 | idea. (CVE-2005-2969) | ||
| 498 | |||
| 499 | [Bodo Moeller; problem pointed out by Yutaka Oiwa (Research Center | ||
| 500 | for Information Security, National Institute of Advanced Industrial | ||
| 501 | Science and Technology [AIST], Japan)] | ||
| 502 | |||
| 503 | *) Add two function to clear and return the verify parameter flags. | ||
| 504 | [Steve Henson] | ||
| 505 | |||
| 506 | *) Keep cipherlists sorted in the source instead of sorting them at | ||
| 507 | runtime, thus removing the need for a lock. | ||
| 508 | [Nils Larsch] | ||
| 509 | |||
| 510 | *) Avoid some small subgroup attacks in Diffie-Hellman. | ||
| 511 | [Nick Mathewson and Ben Laurie] | ||
| 512 | |||
| 513 | *) Add functions for well-known primes. | ||
| 514 | [Nick Mathewson] | ||
| 515 | |||
| 516 | *) Extended Windows CE support. | ||
| 517 | [Satoshi Nakamura and Andy Polyakov] | ||
| 518 | |||
| 519 | *) Initialize SSL_METHOD structures at compile time instead of during | ||
| 520 | runtime, thus removing the need for a lock. | ||
| 521 | [Steve Henson] | ||
| 522 | |||
| 523 | *) Make PKCS7_decrypt() work even if no certificate is supplied by | ||
| 524 | attempting to decrypt each encrypted key in turn. Add support to | ||
| 525 | smime utility. | ||
| 526 | [Steve Henson] | ||
| 527 | |||
| 528 | Changes between 0.9.7h and 0.9.8 [05 Jul 2005] | ||
| 529 | |||
| 530 | [NB: OpenSSL 0.9.7i and later 0.9.7 patch levels were released after | ||
| 531 | OpenSSL 0.9.8.] | ||
| 532 | |||
| 533 | *) Add libcrypto.pc and libssl.pc for those who feel they need them. | ||
| 534 | [Richard Levitte] | ||
| 535 | |||
| 536 | *) Change CA.sh and CA.pl so they don't bundle the CSR and the private | ||
| 537 | key into the same file any more. | ||
| 538 | [Richard Levitte] | ||
| 539 | |||
| 540 | *) Add initial support for Win64, both IA64 and AMD64/x64 flavors. | ||
| 541 | [Andy Polyakov] | ||
| 542 | |||
| 543 | *) Add -utf8 command line and config file option to 'ca'. | ||
| 544 | [Stefan <stf@udoma.org] | ||
| 545 | |||
| 546 | *) Removed the macro des_crypt(), as it seems to conflict with some | ||
| 547 | libraries. Use DES_crypt(). | ||
| 548 | [Richard Levitte] | ||
| 549 | |||
| 550 | *) Correct naming of the 'chil' and '4758cca' ENGINEs. This | ||
| 551 | involves renaming the source and generated shared-libs for | ||
| 552 | both. The engines will accept the corrected or legacy ids | ||
| 553 | ('ncipher' and '4758_cca' respectively) when binding. NB, | ||
| 554 | this only applies when building 'shared'. | ||
| 555 | [Corinna Vinschen <vinschen@redhat.com> and Geoff Thorpe] | ||
| 556 | |||
| 557 | *) Add attribute functions to EVP_PKEY structure. Modify | ||
| 558 | PKCS12_create() to recognize a CSP name attribute and | ||
| 559 | use it. Make -CSP option work again in pkcs12 utility. | ||
| 560 | [Steve Henson] | ||
| 561 | |||
| 562 | *) Add new functionality to the bn blinding code: | ||
| 563 | - automatic re-creation of the BN_BLINDING parameters after | ||
| 564 | a fixed number of uses (currently 32) | ||
| 565 | - add new function for parameter creation | ||
| 566 | - introduce flags to control the update behaviour of the | ||
| 567 | BN_BLINDING parameters | ||
| 568 | - hide BN_BLINDING structure | ||
| 569 | Add a second BN_BLINDING slot to the RSA structure to improve | ||
| 570 | performance when a single RSA object is shared among several | ||
| 571 | threads. | ||
| 572 | [Nils Larsch] | ||
| 573 | |||
| 574 | *) Add support for DTLS. | ||
| 575 | [Nagendra Modadugu <nagendra@cs.stanford.edu> and Ben Laurie] | ||
| 576 | |||
| 577 | *) Add support for DER encoded private keys (SSL_FILETYPE_ASN1) | ||
| 578 | to SSL_CTX_use_PrivateKey_file() and SSL_use_PrivateKey_file() | ||
| 579 | [Walter Goulet] | ||
| 580 | |||
| 581 | *) Remove buggy and incompletet DH cert support from | ||
| 582 | ssl/ssl_rsa.c and ssl/s3_both.c | ||
| 583 | [Nils Larsch] | ||
| 584 | |||
| 585 | *) Use SHA-1 instead of MD5 as the default digest algorithm for | ||
| 586 | the apps/openssl applications. | ||
| 587 | [Nils Larsch] | ||
| 588 | |||
| 589 | *) Compile clean with "-Wall -Wmissing-prototypes | ||
| 590 | -Wstrict-prototypes -Wmissing-declarations -Werror". Currently | ||
| 591 | DEBUG_SAFESTACK must also be set. | ||
| 592 | [Ben Laurie] | ||
| 593 | |||
| 594 | *) Change ./Configure so that certain algorithms can be disabled by default. | ||
| 595 | The new counterpiece to "no-xxx" is "enable-xxx". | ||
| 596 | |||
| 597 | The patented RC5 and MDC2 algorithms will now be disabled unless | ||
| 598 | "enable-rc5" and "enable-mdc2", respectively, are specified. | ||
| 599 | |||
| 600 | (IDEA remains enabled despite being patented. This is because IDEA | ||
| 601 | is frequently required for interoperability, and there is no license | ||
| 602 | fee for non-commercial use. As before, "no-idea" can be used to | ||
| 603 | avoid this algorithm.) | ||
| 604 | |||
| 605 | [Bodo Moeller] | ||
| 606 | |||
| 607 | *) Add processing of proxy certificates (see RFC 3820). This work was | ||
| 608 | sponsored by KTH (The Royal Institute of Technology in Stockholm) and | ||
| 609 | EGEE (Enabling Grids for E-science in Europe). | ||
| 610 | [Richard Levitte] | ||
| 611 | |||
| 612 | *) RC4 performance overhaul on modern architectures/implementations, such | ||
| 613 | as Intel P4, IA-64 and AMD64. | ||
| 614 | [Andy Polyakov] | ||
| 615 | |||
| 616 | *) New utility extract-section.pl. This can be used specify an alternative | ||
| 617 | section number in a pod file instead of having to treat each file as | ||
| 618 | a separate case in Makefile. This can be done by adding two lines to the | ||
| 619 | pod file: | ||
| 620 | |||
| 621 | =for comment openssl_section:XXX | ||
| 622 | |||
| 623 | The blank line is mandatory. | ||
| 624 | |||
| 625 | [Steve Henson] | ||
| 626 | |||
| 627 | *) New arguments -certform, -keyform and -pass for s_client and s_server | ||
| 628 | to allow alternative format key and certificate files and passphrase | ||
| 629 | sources. | ||
| 630 | [Steve Henson] | ||
| 631 | |||
| 632 | *) New structure X509_VERIFY_PARAM which combines current verify parameters, | ||
| 633 | update associated structures and add various utility functions. | ||
| 634 | |||
| 635 | Add new policy related verify parameters, include policy checking in | ||
| 636 | standard verify code. Enhance 'smime' application with extra parameters | ||
| 637 | to support policy checking and print out. | ||
| 638 | [Steve Henson] | ||
| 639 | |||
| 640 | *) Add a new engine to support VIA PadLock ACE extensions in the VIA C3 | ||
| 641 | Nehemiah processors. These extensions support AES encryption in hardware | ||
| 642 | as well as RNG (though RNG support is currently disabled). | ||
| 643 | [Michal Ludvig <michal@logix.cz>, with help from Andy Polyakov] | ||
| 644 | |||
| 645 | *) Deprecate BN_[get|set]_params() functions (they were ignored internally). | ||
| 646 | [Geoff Thorpe] | ||
| 647 | |||
| 648 | *) New FIPS 180-2 algorithms, SHA-224/-256/-384/-512 are implemented. | ||
| 649 | [Andy Polyakov and a number of other people] | ||
| 650 | |||
| 651 | *) Improved PowerPC platform support. Most notably BIGNUM assembler | ||
| 652 | implementation contributed by IBM. | ||
| 653 | [Suresh Chari, Peter Waltenberg, Andy Polyakov] | ||
| 654 | |||
| 655 | *) The new 'RSA_generate_key_ex' function now takes a BIGNUM for the public | ||
| 656 | exponent rather than 'unsigned long'. There is a corresponding change to | ||
| 657 | the new 'rsa_keygen' element of the RSA_METHOD structure. | ||
| 658 | [Jelte Jansen, Geoff Thorpe] | ||
| 659 | |||
| 660 | *) Functionality for creating the initial serial number file is now | ||
| 661 | moved from CA.pl to the 'ca' utility with a new option -create_serial. | ||
| 662 | |||
| 663 | (Before OpenSSL 0.9.7e, CA.pl used to initialize the serial | ||
| 664 | number file to 1, which is bound to cause problems. To avoid | ||
| 665 | the problems while respecting compatibility between different 0.9.7 | ||
| 666 | patchlevels, 0.9.7e employed 'openssl x509 -next_serial' in | ||
| 667 | CA.pl for serial number initialization. With the new release 0.9.8, | ||
| 668 | we can fix the problem directly in the 'ca' utility.) | ||
| 669 | [Steve Henson] | ||
| 670 | |||
| 671 | *) Reduced header interdepencies by declaring more opaque objects in | ||
| 672 | ossl_typ.h. As a consequence, including some headers (eg. engine.h) will | ||
| 673 | give fewer recursive includes, which could break lazy source code - so | ||
| 674 | this change is covered by the OPENSSL_NO_DEPRECATED symbol. As always, | ||
| 675 | developers should define this symbol when building and using openssl to | ||
| 676 | ensure they track the recommended behaviour, interfaces, [etc], but | ||
| 677 | backwards-compatible behaviour prevails when this isn't defined. | ||
| 678 | [Geoff Thorpe] | ||
| 679 | |||
| 680 | *) New function X509_POLICY_NODE_print() which prints out policy nodes. | ||
| 681 | [Steve Henson] | ||
| 682 | |||
| 683 | *) Add new EVP function EVP_CIPHER_CTX_rand_key and associated functionality. | ||
| 684 | This will generate a random key of the appropriate length based on the | ||
| 685 | cipher context. The EVP_CIPHER can provide its own random key generation | ||
| 686 | routine to support keys of a specific form. This is used in the des and | ||
| 687 | 3des routines to generate a key of the correct parity. Update S/MIME | ||
| 688 | code to use new functions and hence generate correct parity DES keys. | ||
| 689 | Add EVP_CHECK_DES_KEY #define to return an error if the key is not | ||
| 690 | valid (weak or incorrect parity). | ||
| 691 | [Steve Henson] | ||
| 692 | |||
| 693 | *) Add a local set of CRLs that can be used by X509_verify_cert() as well | ||
| 694 | as looking them up. This is useful when the verified structure may contain | ||
| 695 | CRLs, for example PKCS#7 signedData. Modify PKCS7_verify() to use any CRLs | ||
| 696 | present unless the new PKCS7_NO_CRL flag is asserted. | ||
| 697 | [Steve Henson] | ||
| 698 | |||
| 699 | *) Extend ASN1 oid configuration module. It now additionally accepts the | ||
| 700 | syntax: | ||
| 701 | |||
| 702 | shortName = some long name, 1.2.3.4 | ||
| 703 | [Steve Henson] | ||
| 704 | |||
| 705 | *) Reimplemented the BN_CTX implementation. There is now no more static | ||
| 706 | limitation on the number of variables it can handle nor the depth of the | ||
| 707 | "stack" handling for BN_CTX_start()/BN_CTX_end() pairs. The stack | ||
| 708 | information can now expand as required, and rather than having a single | ||
| 709 | static array of bignums, BN_CTX now uses a linked-list of such arrays | ||
| 710 | allowing it to expand on demand whilst maintaining the usefulness of | ||
| 711 | BN_CTX's "bundling". | ||
| 712 | [Geoff Thorpe] | ||
| 713 | |||
| 714 | *) Add a missing BN_CTX parameter to the 'rsa_mod_exp' callback in RSA_METHOD | ||
| 715 | to allow all RSA operations to function using a single BN_CTX. | ||
| 716 | [Geoff Thorpe] | ||
| 717 | |||
| 718 | *) Preliminary support for certificate policy evaluation and checking. This | ||
| 719 | is initially intended to pass the tests outlined in "Conformance Testing | ||
| 720 | of Relying Party Client Certificate Path Processing Logic" v1.07. | ||
| 721 | [Steve Henson] | ||
| 722 | |||
| 723 | *) bn_dup_expand() has been deprecated, it was introduced in 0.9.7 and | ||
| 724 | remained unused and not that useful. A variety of other little bignum | ||
| 725 | tweaks and fixes have also been made continuing on from the audit (see | ||
| 726 | below). | ||
| 727 | [Geoff Thorpe] | ||
| 728 | |||
| 729 | *) Constify all or almost all d2i, c2i, s2i and r2i functions, along with | ||
| 730 | associated ASN1, EVP and SSL functions and old ASN1 macros. | ||
| 731 | [Richard Levitte] | ||
| 732 | |||
| 733 | *) BN_zero() only needs to set 'top' and 'neg' to zero for correct results, | ||
| 734 | and this should never fail. So the return value from the use of | ||
| 735 | BN_set_word() (which can fail due to needless expansion) is now deprecated; | ||
| 736 | if OPENSSL_NO_DEPRECATED is defined, BN_zero() is a void macro. | ||
| 737 | [Geoff Thorpe] | ||
| 738 | |||
| 739 | *) BN_CTX_get() should return zero-valued bignums, providing the same | ||
| 740 | initialised value as BN_new(). | ||
| 741 | [Geoff Thorpe, suggested by Ulf Möller] | ||
| 742 | |||
| 743 | *) Support for inhibitAnyPolicy certificate extension. | ||
| 744 | [Steve Henson] | ||
| 745 | |||
| 746 | *) An audit of the BIGNUM code is underway, for which debugging code is | ||
| 747 | enabled when BN_DEBUG is defined. This makes stricter enforcements on what | ||
| 748 | is considered valid when processing BIGNUMs, and causes execution to | ||
| 749 | assert() when a problem is discovered. If BN_DEBUG_RAND is defined, | ||
| 750 | further steps are taken to deliberately pollute unused data in BIGNUM | ||
| 751 | structures to try and expose faulty code further on. For now, openssl will | ||
| 752 | (in its default mode of operation) continue to tolerate the inconsistent | ||
| 753 | forms that it has tolerated in the past, but authors and packagers should | ||
| 754 | consider trying openssl and their own applications when compiled with | ||
| 755 | these debugging symbols defined. It will help highlight potential bugs in | ||
| 756 | their own code, and will improve the test coverage for OpenSSL itself. At | ||
| 757 | some point, these tighter rules will become openssl's default to improve | ||
| 758 | maintainability, though the assert()s and other overheads will remain only | ||
| 759 | in debugging configurations. See bn.h for more details. | ||
| 760 | [Geoff Thorpe, Nils Larsch, Ulf Möller] | ||
| 761 | |||
| 762 | *) BN_CTX_init() has been deprecated, as BN_CTX is an opaque structure | ||
| 763 | that can only be obtained through BN_CTX_new() (which implicitly | ||
| 764 | initialises it). The presence of this function only made it possible | ||
| 765 | to overwrite an existing structure (and cause memory leaks). | ||
| 766 | [Geoff Thorpe] | ||
| 767 | |||
| 768 | *) Because of the callback-based approach for implementing LHASH as a | ||
| 769 | template type, lh_insert() adds opaque objects to hash-tables and | ||
| 770 | lh_doall() or lh_doall_arg() are typically used with a destructor callback | ||
| 771 | to clean up those corresponding objects before destroying the hash table | ||
| 772 | (and losing the object pointers). So some over-zealous constifications in | ||
| 773 | LHASH have been relaxed so that lh_insert() does not take (nor store) the | ||
| 774 | objects as "const" and the lh_doall[_arg] callback wrappers are not | ||
| 775 | prototyped to have "const" restrictions on the object pointers they are | ||
| 776 | given (and so aren't required to cast them away any more). | ||
| 777 | [Geoff Thorpe] | ||
| 778 | |||
| 779 | *) The tmdiff.h API was so ugly and minimal that our own timing utility | ||
| 780 | (speed) prefers to use its own implementation. The two implementations | ||
| 781 | haven't been consolidated as yet (volunteers?) but the tmdiff API has had | ||
| 782 | its object type properly exposed (MS_TM) instead of casting to/from "char | ||
| 783 | *". This may still change yet if someone realises MS_TM and "ms_time_***" | ||
| 784 | aren't necessarily the greatest nomenclatures - but this is what was used | ||
| 785 | internally to the implementation so I've used that for now. | ||
| 786 | [Geoff Thorpe] | ||
| 787 | |||
| 788 | *) Ensure that deprecated functions do not get compiled when | ||
| 789 | OPENSSL_NO_DEPRECATED is defined. Some "openssl" subcommands and a few of | ||
| 790 | the self-tests were still using deprecated key-generation functions so | ||
| 791 | these have been updated also. | ||
| 792 | [Geoff Thorpe] | ||
| 793 | |||
| 794 | *) Reorganise PKCS#7 code to separate the digest location functionality | ||
| 795 | into PKCS7_find_digest(), digest addtion into PKCS7_bio_add_digest(). | ||
| 796 | New function PKCS7_set_digest() to set the digest type for PKCS#7 | ||
| 797 | digestedData type. Add additional code to correctly generate the | ||
| 798 | digestedData type and add support for this type in PKCS7 initialization | ||
| 799 | functions. | ||
| 800 | [Steve Henson] | ||
| 801 | |||
| 802 | *) New function PKCS7_set0_type_other() this initializes a PKCS7 | ||
| 803 | structure of type "other". | ||
| 804 | [Steve Henson] | ||
| 805 | |||
| 806 | *) Fix prime generation loop in crypto/bn/bn_prime.pl by making | ||
| 807 | sure the loop does correctly stop and breaking ("division by zero") | ||
| 808 | modulus operations are not performed. The (pre-generated) prime | ||
| 809 | table crypto/bn/bn_prime.h was already correct, but it could not be | ||
| 810 | re-generated on some platforms because of the "division by zero" | ||
| 811 | situation in the script. | ||
| 812 | [Ralf S. Engelschall] | ||
| 813 | |||
| 814 | *) Update support for ECC-based TLS ciphersuites according to | ||
| 815 | draft-ietf-tls-ecc-03.txt: the KDF1 key derivation function with | ||
| 816 | SHA-1 now is only used for "small" curves (where the | ||
| 817 | representation of a field element takes up to 24 bytes); for | ||
| 818 | larger curves, the field element resulting from ECDH is directly | ||
| 819 | used as premaster secret. | ||
| 820 | [Douglas Stebila (Sun Microsystems Laboratories)] | ||
| 821 | |||
| 822 | *) Add code for kP+lQ timings to crypto/ec/ectest.c, and add SEC2 | ||
| 823 | curve secp160r1 to the tests. | ||
| 824 | [Douglas Stebila (Sun Microsystems Laboratories)] | ||
| 825 | |||
| 826 | *) Add the possibility to load symbols globally with DSO. | ||
| 827 | [Götz Babin-Ebell <babin-ebell@trustcenter.de> via Richard Levitte] | ||
| 828 | |||
| 829 | *) Add the functions ERR_set_mark() and ERR_pop_to_mark() for better | ||
| 830 | control of the error stack. | ||
| 831 | [Richard Levitte] | ||
| 832 | |||
| 833 | *) Add support for STORE in ENGINE. | ||
| 834 | [Richard Levitte] | ||
| 835 | |||
| 836 | *) Add the STORE type. The intention is to provide a common interface | ||
| 837 | to certificate and key stores, be they simple file-based stores, or | ||
| 838 | HSM-type store, or LDAP stores, or... | ||
| 839 | NOTE: The code is currently UNTESTED and isn't really used anywhere. | ||
| 840 | [Richard Levitte] | ||
| 841 | |||
| 842 | *) Add a generic structure called OPENSSL_ITEM. This can be used to | ||
| 843 | pass a list of arguments to any function as well as provide a way | ||
| 844 | for a function to pass data back to the caller. | ||
| 845 | [Richard Levitte] | ||
| 846 | |||
| 847 | *) Add the functions BUF_strndup() and BUF_memdup(). BUF_strndup() | ||
| 848 | works like BUF_strdup() but can be used to duplicate a portion of | ||
| 849 | a string. The copy gets NUL-terminated. BUF_memdup() duplicates | ||
| 850 | a memory area. | ||
| 851 | [Richard Levitte] | ||
| 852 | |||
| 853 | *) Add the function sk_find_ex() which works like sk_find(), but will | ||
| 854 | return an index to an element even if an exact match couldn't be | ||
| 855 | found. The index is guaranteed to point at the element where the | ||
| 856 | searched-for key would be inserted to preserve sorting order. | ||
| 857 | [Richard Levitte] | ||
| 858 | |||
| 859 | *) Add the function OBJ_bsearch_ex() which works like OBJ_bsearch() but | ||
| 860 | takes an extra flags argument for optional functionality. Currently, | ||
| 861 | the following flags are defined: | ||
| 862 | |||
| 863 | OBJ_BSEARCH_VALUE_ON_NOMATCH | ||
| 864 | This one gets OBJ_bsearch_ex() to return a pointer to the first | ||
| 865 | element where the comparing function returns a negative or zero | ||
| 866 | number. | ||
| 867 | |||
| 868 | OBJ_BSEARCH_FIRST_VALUE_ON_MATCH | ||
| 869 | This one gets OBJ_bsearch_ex() to return a pointer to the first | ||
| 870 | element where the comparing function returns zero. This is useful | ||
| 871 | if there are more than one element where the comparing function | ||
| 872 | returns zero. | ||
| 873 | [Richard Levitte] | ||
| 874 | |||
| 875 | *) Make it possible to create self-signed certificates with 'openssl ca' | ||
| 876 | in such a way that the self-signed certificate becomes part of the | ||
| 877 | CA database and uses the same mechanisms for serial number generation | ||
| 878 | as all other certificate signing. The new flag '-selfsign' enables | ||
| 879 | this functionality. Adapt CA.sh and CA.pl.in. | ||
| 880 | [Richard Levitte] | ||
| 881 | |||
| 882 | *) Add functionality to check the public key of a certificate request | ||
| 883 | against a given private. This is useful to check that a certificate | ||
| 884 | request can be signed by that key (self-signing). | ||
| 885 | [Richard Levitte] | ||
| 886 | |||
| 887 | *) Make it possible to have multiple active certificates with the same | ||
| 888 | subject in the CA index file. This is done only if the keyword | ||
| 889 | 'unique_subject' is set to 'no' in the main CA section (default | ||
| 890 | if 'CA_default') of the configuration file. The value is saved | ||
| 891 | with the database itself in a separate index attribute file, | ||
| 892 | named like the index file with '.attr' appended to the name. | ||
| 893 | [Richard Levitte] | ||
| 894 | |||
| 895 | *) Generate muti valued AVAs using '+' notation in config files for | ||
| 896 | req and dirName. | ||
| 897 | [Steve Henson] | ||
| 898 | |||
| 899 | *) Support for nameConstraints certificate extension. | ||
| 900 | [Steve Henson] | ||
| 901 | |||
| 902 | *) Support for policyConstraints certificate extension. | ||
| 903 | [Steve Henson] | ||
| 904 | |||
| 905 | *) Support for policyMappings certificate extension. | ||
| 906 | [Steve Henson] | ||
| 907 | |||
| 908 | *) Make sure the default DSA_METHOD implementation only uses its | ||
| 909 | dsa_mod_exp() and/or bn_mod_exp() handlers if they are non-NULL, | ||
| 910 | and change its own handlers to be NULL so as to remove unnecessary | ||
| 911 | indirection. This lets alternative implementations fallback to the | ||
| 912 | default implementation more easily. | ||
| 913 | [Geoff Thorpe] | ||
| 914 | |||
| 915 | *) Support for directoryName in GeneralName related extensions | ||
| 916 | in config files. | ||
| 917 | [Steve Henson] | ||
| 918 | |||
| 919 | *) Make it possible to link applications using Makefile.shared. | ||
| 920 | Make that possible even when linking against static libraries! | ||
| 921 | [Richard Levitte] | ||
| 922 | |||
| 923 | *) Support for single pass processing for S/MIME signing. This now | ||
| 924 | means that S/MIME signing can be done from a pipe, in addition | ||
| 925 | cleartext signing (multipart/signed type) is effectively streaming | ||
| 926 | and the signed data does not need to be all held in memory. | ||
| 927 | |||
| 928 | This is done with a new flag PKCS7_STREAM. When this flag is set | ||
| 929 | PKCS7_sign() only initializes the PKCS7 structure and the actual signing | ||
| 930 | is done after the data is output (and digests calculated) in | ||
| 931 | SMIME_write_PKCS7(). | ||
| 932 | [Steve Henson] | ||
| 933 | |||
| 934 | *) Add full support for -rpath/-R, both in shared libraries and | ||
| 935 | applications, at least on the platforms where it's known how | ||
| 936 | to do it. | ||
| 937 | [Richard Levitte] | ||
| 938 | |||
| 939 | *) In crypto/ec/ec_mult.c, implement fast point multiplication with | ||
| 940 | precomputation, based on wNAF splitting: EC_GROUP_precompute_mult() | ||
| 941 | will now compute a table of multiples of the generator that | ||
| 942 | makes subsequent invocations of EC_POINTs_mul() or EC_POINT_mul() | ||
| 943 | faster (notably in the case of a single point multiplication, | ||
| 944 | scalar * generator). | ||
| 945 | [Nils Larsch, Bodo Moeller] | ||
| 946 | |||
| 947 | *) IPv6 support for certificate extensions. The various extensions | ||
| 948 | which use the IP:a.b.c.d can now take IPv6 addresses using the | ||
| 949 | formats of RFC1884 2.2 . IPv6 addresses are now also displayed | ||
| 950 | correctly. | ||
| 951 | [Steve Henson] | ||
| 952 | |||
| 953 | *) Added an ENGINE that implements RSA by performing private key | ||
| 954 | exponentiations with the GMP library. The conversions to and from | ||
| 955 | GMP's mpz_t format aren't optimised nor are any montgomery forms | ||
| 956 | cached, and on x86 it appears OpenSSL's own performance has caught up. | ||
| 957 | However there are likely to be other architectures where GMP could | ||
| 958 | provide a boost. This ENGINE is not built in by default, but it can be | ||
| 959 | specified at Configure time and should be accompanied by the necessary | ||
| 960 | linker additions, eg; | ||
| 961 | ./config -DOPENSSL_USE_GMP -lgmp | ||
| 962 | [Geoff Thorpe] | ||
| 963 | |||
| 964 | *) "openssl engine" will not display ENGINE/DSO load failure errors when | ||
| 965 | testing availability of engines with "-t" - the old behaviour is | ||
| 966 | produced by increasing the feature's verbosity with "-tt". | ||
| 967 | [Geoff Thorpe] | ||
| 968 | |||
| 969 | *) ECDSA routines: under certain error conditions uninitialized BN objects | ||
| 970 | could be freed. Solution: make sure initialization is performed early | ||
| 971 | enough. (Reported and fix supplied by Nils Larsch <nla@trustcenter.de> | ||
| 972 | via PR#459) | ||
| 973 | [Lutz Jaenicke] | ||
| 974 | |||
| 975 | *) Key-generation can now be implemented in RSA_METHOD, DSA_METHOD | ||
| 976 | and DH_METHOD (eg. by ENGINE implementations) to override the normal | ||
| 977 | software implementations. For DSA and DH, parameter generation can | ||
| 978 | also be overriden by providing the appropriate method callbacks. | ||
| 979 | [Geoff Thorpe] | ||
| 980 | |||
| 981 | *) Change the "progress" mechanism used in key-generation and | ||
| 982 | primality testing to functions that take a new BN_GENCB pointer in | ||
| 983 | place of callback/argument pairs. The new API functions have "_ex" | ||
| 984 | postfixes and the older functions are reimplemented as wrappers for | ||
| 985 | the new ones. The OPENSSL_NO_DEPRECATED symbol can be used to hide | ||
| 986 | declarations of the old functions to help (graceful) attempts to | ||
| 987 | migrate to the new functions. Also, the new key-generation API | ||
| 988 | functions operate on a caller-supplied key-structure and return | ||
| 989 | success/failure rather than returning a key or NULL - this is to | ||
| 990 | help make "keygen" another member function of RSA_METHOD etc. | ||
| 991 | |||
| 992 | Example for using the new callback interface: | ||
| 993 | |||
| 994 | int (*my_callback)(int a, int b, BN_GENCB *cb) = ...; | ||
| 995 | void *my_arg = ...; | ||
| 996 | BN_GENCB my_cb; | ||
| 997 | |||
| 998 | BN_GENCB_set(&my_cb, my_callback, my_arg); | ||
| 999 | |||
| 1000 | return BN_is_prime_ex(some_bignum, BN_prime_checks, NULL, &cb); | ||
| 1001 | /* For the meaning of a, b in calls to my_callback(), see the | ||
| 1002 | * documentation of the function that calls the callback. | ||
| 1003 | * cb will point to my_cb; my_arg can be retrieved as cb->arg. | ||
| 1004 | * my_callback should return 1 if it wants BN_is_prime_ex() | ||
| 1005 | * to continue, or 0 to stop. | ||
| 1006 | */ | ||
| 1007 | |||
| 1008 | [Geoff Thorpe] | ||
| 1009 | |||
| 1010 | *) Change the ZLIB compression method to be stateful, and make it | ||
| 1011 | available to TLS with the number defined in | ||
| 1012 | draft-ietf-tls-compression-04.txt. | ||
| 1013 | [Richard Levitte] | ||
| 1014 | |||
| 1015 | *) Add the ASN.1 structures and functions for CertificatePair, which | ||
| 1016 | is defined as follows (according to X.509_4thEditionDraftV6.pdf): | ||
| 1017 | |||
| 1018 | CertificatePair ::= SEQUENCE { | ||
| 1019 | forward [0] Certificate OPTIONAL, | ||
| 1020 | reverse [1] Certificate OPTIONAL, | ||
| 1021 | -- at least one of the pair shall be present -- } | ||
| 1022 | |||
| 1023 | Also implement the PEM functions to read and write certificate | ||
| 1024 | pairs, and defined the PEM tag as "CERTIFICATE PAIR". | ||
| 1025 | |||
| 1026 | This needed to be defined, mostly for the sake of the LDAP | ||
| 1027 | attribute crossCertificatePair, but may prove useful elsewhere as | ||
| 1028 | well. | ||
| 1029 | [Richard Levitte] | ||
| 1030 | |||
| 1031 | *) Make it possible to inhibit symlinking of shared libraries in | ||
| 1032 | Makefile.shared, for Cygwin's sake. | ||
| 1033 | [Richard Levitte] | ||
| 1034 | |||
| 1035 | *) Extend the BIGNUM API by creating a function | ||
| 1036 | void BN_set_negative(BIGNUM *a, int neg); | ||
| 1037 | and a macro that behave like | ||
| 1038 | int BN_is_negative(const BIGNUM *a); | ||
| 1039 | |||
| 1040 | to avoid the need to access 'a->neg' directly in applications. | ||
| 1041 | [Nils Larsch] | ||
| 1042 | |||
| 1043 | *) Implement fast modular reduction for pseudo-Mersenne primes | ||
| 1044 | used in NIST curves (crypto/bn/bn_nist.c, crypto/ec/ecp_nist.c). | ||
| 1045 | EC_GROUP_new_curve_GFp() will now automatically use this | ||
| 1046 | if applicable. | ||
| 1047 | [Nils Larsch <nla@trustcenter.de>] | ||
| 1048 | |||
| 1049 | *) Add new lock type (CRYPTO_LOCK_BN). | ||
| 1050 | [Bodo Moeller] | ||
| 1051 | |||
| 1052 | *) Change the ENGINE framework to automatically load engines | ||
| 1053 | dynamically from specific directories unless they could be | ||
| 1054 | found to already be built in or loaded. Move all the | ||
| 1055 | current engines except for the cryptodev one to a new | ||
| 1056 | directory engines/. | ||
| 1057 | The engines in engines/ are built as shared libraries if | ||
| 1058 | the "shared" options was given to ./Configure or ./config. | ||
| 1059 | Otherwise, they are inserted in libcrypto.a. | ||
| 1060 | /usr/local/ssl/engines is the default directory for dynamic | ||
| 1061 | engines, but that can be overriden at configure time through | ||
| 1062 | the usual use of --prefix and/or --openssldir, and at run | ||
| 1063 | time with the environment variable OPENSSL_ENGINES. | ||
| 1064 | [Geoff Thorpe and Richard Levitte] | ||
| 1065 | |||
| 1066 | *) Add Makefile.shared, a helper makefile to build shared | ||
| 1067 | libraries. Addapt Makefile.org. | ||
| 1068 | [Richard Levitte] | ||
| 1069 | |||
| 1070 | *) Add version info to Win32 DLLs. | ||
| 1071 | [Peter 'Luna' Runestig" <peter@runestig.com>] | ||
| 1072 | |||
| 1073 | *) Add new 'medium level' PKCS#12 API. Certificates and keys | ||
| 1074 | can be added using this API to created arbitrary PKCS#12 | ||
| 1075 | files while avoiding the low level API. | ||
| 1076 | |||
| 1077 | New options to PKCS12_create(), key or cert can be NULL and | ||
| 1078 | will then be omitted from the output file. The encryption | ||
| 1079 | algorithm NIDs can be set to -1 for no encryption, the mac | ||
| 1080 | iteration count can be set to 0 to omit the mac. | ||
| 1081 | |||
| 1082 | Enhance pkcs12 utility by making the -nokeys and -nocerts | ||
| 1083 | options work when creating a PKCS#12 file. New option -nomac | ||
| 1084 | to omit the mac, NONE can be set for an encryption algorithm. | ||
| 1085 | New code is modified to use the enhanced PKCS12_create() | ||
| 1086 | instead of the low level API. | ||
| 1087 | [Steve Henson] | ||
| 1088 | |||
| 1089 | *) Extend ASN1 encoder to support indefinite length constructed | ||
| 1090 | encoding. This can output sequences tags and octet strings in | ||
| 1091 | this form. Modify pk7_asn1.c to support indefinite length | ||
| 1092 | encoding. This is experimental and needs additional code to | ||
| 1093 | be useful, such as an ASN1 bio and some enhanced streaming | ||
| 1094 | PKCS#7 code. | ||
| 1095 | |||
| 1096 | Extend template encode functionality so that tagging is passed | ||
| 1097 | down to the template encoder. | ||
| 1098 | [Steve Henson] | ||
| 1099 | |||
| 1100 | *) Let 'openssl req' fail if an argument to '-newkey' is not | ||
| 1101 | recognized instead of using RSA as a default. | ||
| 1102 | [Bodo Moeller] | ||
| 1103 | |||
| 1104 | *) Add support for ECC-based ciphersuites from draft-ietf-tls-ecc-01.txt. | ||
| 1105 | As these are not official, they are not included in "ALL"; | ||
| 1106 | the "ECCdraft" ciphersuite group alias can be used to select them. | ||
| 1107 | [Vipul Gupta and Sumit Gupta (Sun Microsystems Laboratories)] | ||
| 1108 | |||
| 1109 | *) Add ECDH engine support. | ||
| 1110 | [Nils Gura and Douglas Stebila (Sun Microsystems Laboratories)] | ||
| 1111 | |||
| 1112 | *) Add ECDH in new directory crypto/ecdh/. | ||
| 1113 | [Douglas Stebila (Sun Microsystems Laboratories)] | ||
| 1114 | |||
| 1115 | *) Let BN_rand_range() abort with an error after 100 iterations | ||
| 1116 | without success (which indicates a broken PRNG). | ||
| 1117 | [Bodo Moeller] | ||
| 1118 | |||
| 1119 | *) Change BN_mod_sqrt() so that it verifies that the input value | ||
| 1120 | is really the square of the return value. (Previously, | ||
| 1121 | BN_mod_sqrt would show GIGO behaviour.) | ||
| 1122 | [Bodo Moeller] | ||
| 1123 | |||
| 1124 | *) Add named elliptic curves over binary fields from X9.62, SECG, | ||
| 1125 | and WAP/WTLS; add OIDs that were still missing. | ||
| 1126 | |||
| 1127 | [Sheueling Chang Shantz and Douglas Stebila | ||
| 1128 | (Sun Microsystems Laboratories)] | ||
| 1129 | |||
| 1130 | *) Extend the EC library for elliptic curves over binary fields | ||
| 1131 | (new files ec2_smpl.c, ec2_smpt.c, ec2_mult.c in crypto/ec/). | ||
| 1132 | New EC_METHOD: | ||
| 1133 | |||
| 1134 | EC_GF2m_simple_method | ||
| 1135 | |||
| 1136 | New API functions: | ||
| 1137 | |||
| 1138 | EC_GROUP_new_curve_GF2m | ||
| 1139 | EC_GROUP_set_curve_GF2m | ||
| 1140 | EC_GROUP_get_curve_GF2m | ||
| 1141 | EC_POINT_set_affine_coordinates_GF2m | ||
| 1142 | EC_POINT_get_affine_coordinates_GF2m | ||
| 1143 | EC_POINT_set_compressed_coordinates_GF2m | ||
| 1144 | |||
| 1145 | Point compression for binary fields is disabled by default for | ||
| 1146 | patent reasons (compile with OPENSSL_EC_BIN_PT_COMP defined to | ||
| 1147 | enable it). | ||
| 1148 | |||
| 1149 | As binary polynomials are represented as BIGNUMs, various members | ||
| 1150 | of the EC_GROUP and EC_POINT data structures can be shared | ||
| 1151 | between the implementations for prime fields and binary fields; | ||
| 1152 | the above ..._GF2m functions (except for EX_GROUP_new_curve_GF2m) | ||
| 1153 | are essentially identical to their ..._GFp counterparts. | ||
| 1154 | (For simplicity, the '..._GFp' prefix has been dropped from | ||
| 1155 | various internal method names.) | ||
| 1156 | |||
| 1157 | An internal 'field_div' method (similar to 'field_mul' and | ||
| 1158 | 'field_sqr') has been added; this is used only for binary fields. | ||
| 1159 | |||
| 1160 | [Sheueling Chang Shantz and Douglas Stebila | ||
| 1161 | (Sun Microsystems Laboratories)] | ||
| 1162 | |||
| 1163 | *) Optionally dispatch EC_POINT_mul(), EC_POINT_precompute_mult() | ||
| 1164 | through methods ('mul', 'precompute_mult'). | ||
| 1165 | |||
| 1166 | The generic implementations (now internally called 'ec_wNAF_mul' | ||
| 1167 | and 'ec_wNAF_precomputed_mult') remain the default if these | ||
| 1168 | methods are undefined. | ||
| 1169 | |||
| 1170 | [Sheueling Chang Shantz and Douglas Stebila | ||
| 1171 | (Sun Microsystems Laboratories)] | ||
| 1172 | |||
| 1173 | *) New function EC_GROUP_get_degree, which is defined through | ||
| 1174 | EC_METHOD. For curves over prime fields, this returns the bit | ||
| 1175 | length of the modulus. | ||
| 1176 | |||
| 1177 | [Sheueling Chang Shantz and Douglas Stebila | ||
| 1178 | (Sun Microsystems Laboratories)] | ||
| 1179 | |||
| 1180 | *) New functions EC_GROUP_dup, EC_POINT_dup. | ||
| 1181 | (These simply call ..._new and ..._copy). | ||
| 1182 | |||
| 1183 | [Sheueling Chang Shantz and Douglas Stebila | ||
| 1184 | (Sun Microsystems Laboratories)] | ||
| 1185 | |||
| 1186 | *) Add binary polynomial arithmetic software in crypto/bn/bn_gf2m.c. | ||
| 1187 | Polynomials are represented as BIGNUMs (where the sign bit is not | ||
| 1188 | used) in the following functions [macros]: | ||
| 1189 | |||
| 1190 | BN_GF2m_add | ||
| 1191 | BN_GF2m_sub [= BN_GF2m_add] | ||
| 1192 | BN_GF2m_mod [wrapper for BN_GF2m_mod_arr] | ||
| 1193 | BN_GF2m_mod_mul [wrapper for BN_GF2m_mod_mul_arr] | ||
| 1194 | BN_GF2m_mod_sqr [wrapper for BN_GF2m_mod_sqr_arr] | ||
| 1195 | BN_GF2m_mod_inv | ||
| 1196 | BN_GF2m_mod_exp [wrapper for BN_GF2m_mod_exp_arr] | ||
| 1197 | BN_GF2m_mod_sqrt [wrapper for BN_GF2m_mod_sqrt_arr] | ||
| 1198 | BN_GF2m_mod_solve_quad [wrapper for BN_GF2m_mod_solve_quad_arr] | ||
| 1199 | BN_GF2m_cmp [= BN_ucmp] | ||
| 1200 | |||
| 1201 | (Note that only the 'mod' functions are actually for fields GF(2^m). | ||
| 1202 | BN_GF2m_add() is misnomer, but this is for the sake of consistency.) | ||
| 1203 | |||
| 1204 | For some functions, an the irreducible polynomial defining a | ||
| 1205 | field can be given as an 'unsigned int[]' with strictly | ||
| 1206 | decreasing elements giving the indices of those bits that are set; | ||
| 1207 | i.e., p[] represents the polynomial | ||
| 1208 | f(t) = t^p[0] + t^p[1] + ... + t^p[k] | ||
| 1209 | where | ||
| 1210 | p[0] > p[1] > ... > p[k] = 0. | ||
| 1211 | This applies to the following functions: | ||
| 1212 | |||
| 1213 | BN_GF2m_mod_arr | ||
| 1214 | BN_GF2m_mod_mul_arr | ||
| 1215 | BN_GF2m_mod_sqr_arr | ||
| 1216 | BN_GF2m_mod_inv_arr [wrapper for BN_GF2m_mod_inv] | ||
| 1217 | BN_GF2m_mod_div_arr [wrapper for BN_GF2m_mod_div] | ||
| 1218 | BN_GF2m_mod_exp_arr | ||
| 1219 | BN_GF2m_mod_sqrt_arr | ||
| 1220 | BN_GF2m_mod_solve_quad_arr | ||
| 1221 | BN_GF2m_poly2arr | ||
| 1222 | BN_GF2m_arr2poly | ||
| 1223 | |||
| 1224 | Conversion can be performed by the following functions: | ||
| 1225 | |||
| 1226 | BN_GF2m_poly2arr | ||
| 1227 | BN_GF2m_arr2poly | ||
| 1228 | |||
| 1229 | bntest.c has additional tests for binary polynomial arithmetic. | ||
| 1230 | |||
| 1231 | Two implementations for BN_GF2m_mod_div() are available. | ||
| 1232 | The default algorithm simply uses BN_GF2m_mod_inv() and | ||
| 1233 | BN_GF2m_mod_mul(). The alternative algorithm is compiled in only | ||
| 1234 | if OPENSSL_SUN_GF2M_DIV is defined (patent pending; read the | ||
| 1235 | copyright notice in crypto/bn/bn_gf2m.c before enabling it). | ||
| 1236 | |||
| 1237 | [Sheueling Chang Shantz and Douglas Stebila | ||
| 1238 | (Sun Microsystems Laboratories)] | ||
| 1239 | |||
| 1240 | *) Add new error code 'ERR_R_DISABLED' that can be used when some | ||
| 1241 | functionality is disabled at compile-time. | ||
| 1242 | [Douglas Stebila <douglas.stebila@sun.com>] | ||
| 1243 | |||
| 1244 | *) Change default behaviour of 'openssl asn1parse' so that more | ||
| 1245 | information is visible when viewing, e.g., a certificate: | ||
| 1246 | |||
| 1247 | Modify asn1_parse2 (crypto/asn1/asn1_par.c) so that in non-'dump' | ||
| 1248 | mode the content of non-printable OCTET STRINGs is output in a | ||
| 1249 | style similar to INTEGERs, but with '[HEX DUMP]' prepended to | ||
| 1250 | avoid the appearance of a printable string. | ||
| 1251 | [Nils Larsch <nla@trustcenter.de>] | ||
| 1252 | |||
| 1253 | *) Add 'asn1_flag' and 'asn1_form' member to EC_GROUP with access | ||
| 1254 | functions | ||
| 1255 | EC_GROUP_set_asn1_flag() | ||
| 1256 | EC_GROUP_get_asn1_flag() | ||
| 1257 | EC_GROUP_set_point_conversion_form() | ||
| 1258 | EC_GROUP_get_point_conversion_form() | ||
| 1259 | These control ASN1 encoding details: | ||
| 1260 | - Curves (i.e., groups) are encoded explicitly unless asn1_flag | ||
| 1261 | has been set to OPENSSL_EC_NAMED_CURVE. | ||
| 1262 | - Points are encoded in uncompressed form by default; options for | ||
| 1263 | asn1_for are as for point2oct, namely | ||
| 1264 | POINT_CONVERSION_COMPRESSED | ||
| 1265 | POINT_CONVERSION_UNCOMPRESSED | ||
| 1266 | POINT_CONVERSION_HYBRID | ||
| 1267 | |||
| 1268 | Also add 'seed' and 'seed_len' members to EC_GROUP with access | ||
| 1269 | functions | ||
| 1270 | EC_GROUP_set_seed() | ||
| 1271 | EC_GROUP_get0_seed() | ||
| 1272 | EC_GROUP_get_seed_len() | ||
| 1273 | This is used only for ASN1 purposes (so far). | ||
| 1274 | [Nils Larsch <nla@trustcenter.de>] | ||
| 1275 | |||
| 1276 | *) Add 'field_type' member to EC_METHOD, which holds the NID | ||
| 1277 | of the appropriate field type OID. The new function | ||
| 1278 | EC_METHOD_get_field_type() returns this value. | ||
| 1279 | [Nils Larsch <nla@trustcenter.de>] | ||
| 1280 | |||
| 1281 | *) Add functions | ||
| 1282 | EC_POINT_point2bn() | ||
| 1283 | EC_POINT_bn2point() | ||
| 1284 | EC_POINT_point2hex() | ||
| 1285 | EC_POINT_hex2point() | ||
| 1286 | providing useful interfaces to EC_POINT_point2oct() and | ||
| 1287 | EC_POINT_oct2point(). | ||
| 1288 | [Nils Larsch <nla@trustcenter.de>] | ||
| 1289 | |||
| 1290 | *) Change internals of the EC library so that the functions | ||
| 1291 | EC_GROUP_set_generator() | ||
| 1292 | EC_GROUP_get_generator() | ||
| 1293 | EC_GROUP_get_order() | ||
| 1294 | EC_GROUP_get_cofactor() | ||
| 1295 | are implemented directly in crypto/ec/ec_lib.c and not dispatched | ||
| 1296 | to methods, which would lead to unnecessary code duplication when | ||
| 1297 | adding different types of curves. | ||
| 1298 | [Nils Larsch <nla@trustcenter.de> with input by Bodo Moeller] | ||
| 1299 | |||
| 1300 | *) Implement compute_wNAF (crypto/ec/ec_mult.c) without BIGNUM | ||
| 1301 | arithmetic, and such that modified wNAFs are generated | ||
| 1302 | (which avoid length expansion in many cases). | ||
| 1303 | [Bodo Moeller] | ||
| 1304 | |||
| 1305 | *) Add a function EC_GROUP_check_discriminant() (defined via | ||
| 1306 | EC_METHOD) that verifies that the curve discriminant is non-zero. | ||
| 1307 | |||
| 1308 | Add a function EC_GROUP_check() that makes some sanity tests | ||
| 1309 | on a EC_GROUP, its generator and order. This includes | ||
| 1310 | EC_GROUP_check_discriminant(). | ||
| 1311 | [Nils Larsch <nla@trustcenter.de>] | ||
| 1312 | |||
| 1313 | *) Add ECDSA in new directory crypto/ecdsa/. | ||
| 1314 | |||
| 1315 | Add applications 'openssl ecparam' and 'openssl ecdsa' | ||
| 1316 | (these are based on 'openssl dsaparam' and 'openssl dsa'). | ||
| 1317 | |||
| 1318 | ECDSA support is also included in various other files across the | ||
| 1319 | library. Most notably, | ||
| 1320 | - 'openssl req' now has a '-newkey ecdsa:file' option; | ||
| 1321 | - EVP_PKCS82PKEY (crypto/evp/evp_pkey.c) now can handle ECDSA; | ||
| 1322 | - X509_PUBKEY_get (crypto/asn1/x_pubkey.c) and | ||
| 1323 | d2i_PublicKey (crypto/asn1/d2i_pu.c) have been modified to make | ||
| 1324 | them suitable for ECDSA where domain parameters must be | ||
| 1325 | extracted before the specific public key; | ||
| 1326 | - ECDSA engine support has been added. | ||
| 1327 | [Nils Larsch <nla@trustcenter.de>] | ||
| 1328 | |||
| 1329 | *) Include some named elliptic curves, and add OIDs from X9.62, | ||
| 1330 | SECG, and WAP/WTLS. Each curve can be obtained from the new | ||
| 1331 | function | ||
| 1332 | EC_GROUP_new_by_curve_name(), | ||
| 1333 | and the list of available named curves can be obtained with | ||
| 1334 | EC_get_builtin_curves(). | ||
| 1335 | Also add a 'curve_name' member to EC_GROUP objects, which can be | ||
| 1336 | accessed via | ||
| 1337 | EC_GROUP_set_curve_name() | ||
| 1338 | EC_GROUP_get_curve_name() | ||
| 1339 | [Nils Larsch <larsch@trustcenter.de, Bodo Moeller] | ||
| 1340 | |||
| 1341 | *) Remove a few calls to bn_wexpand() in BN_sqr() (the one in there | ||
| 1342 | was actually never needed) and in BN_mul(). The removal in BN_mul() | ||
| 1343 | required a small change in bn_mul_part_recursive() and the addition | ||
| 1344 | of the functions bn_cmp_part_words(), bn_sub_part_words() and | ||
| 1345 | bn_add_part_words(), which do the same thing as bn_cmp_words(), | ||
| 1346 | bn_sub_words() and bn_add_words() except they take arrays with | ||
| 1347 | differing sizes. | ||
| 1348 | [Richard Levitte] | ||
| 1349 | |||
| 1350 | Changes between 0.9.7m and 0.9.7n [xx XXX xxxx] | ||
| 1351 | |||
| 1352 | *) In the SSL/TLS server implementation, be strict about session ID | ||
| 1353 | context matching (which matters if an application uses a single | ||
| 1354 | external cache for different purposes). Previously, | ||
| 1355 | out-of-context reuse was forbidden only if SSL_VERIFY_PEER was | ||
| 1356 | set. This did ensure strict client verification, but meant that, | ||
| 1357 | with applications using a single external cache for quite | ||
| 1358 | different requirements, clients could circumvent ciphersuite | ||
| 1359 | restrictions for a given session ID context by starting a session | ||
| 1360 | in a different context. | ||
| 1361 | [Bodo Moeller] | ||
| 1362 | |||
| 1363 | Changes between 0.9.7l and 0.9.7m [23 Feb 2007] | ||
| 1364 | |||
| 1365 | *) Cleanse PEM buffers before freeing them since they may contain | ||
| 1366 | sensitive data. | ||
| 1367 | [Benjamin Bennett <ben@psc.edu>] | ||
| 1368 | |||
| 1369 | *) Include "!eNULL" in SSL_DEFAULT_CIPHER_LIST to make sure that | ||
| 1370 | a ciphersuite string such as "DEFAULT:RSA" cannot enable | ||
| 1371 | authentication-only ciphersuites. | ||
| 1372 | [Bodo Moeller] | ||
| 1373 | |||
| 1374 | *) Since AES128 and AES256 share a single mask bit in the logic of | ||
| 1375 | ssl/ssl_ciph.c, the code for masking out disabled ciphers needs a | ||
| 1376 | kludge to work properly if AES128 is available and AES256 isn't. | ||
| 1377 | [Victor Duchovni] | ||
| 1378 | |||
| 1379 | *) Expand security boundary to match 1.1.1 module. | ||
| 1380 | [Steve Henson] | ||
| 1381 | |||
| 1382 | *) Remove redundant features: hash file source, editing of test vectors | ||
| 1383 | modify fipsld to use external fips_premain.c signature. | ||
| 1384 | [Steve Henson] | ||
| 1385 | |||
| 1386 | *) New perl script mkfipsscr.pl to create shell scripts or batch files to | ||
| 1387 | run algorithm test programs. | ||
| 1388 | [Steve Henson] | ||
| 1389 | |||
| 1390 | *) Make algorithm test programs more tolerant of whitespace. | ||
| 1391 | [Steve Henson] | ||
| 1392 | |||
| 1393 | *) Have SSL/TLS server implementation tolerate "mismatched" record | ||
| 1394 | protocol version while receiving ClientHello even if the | ||
| 1395 | ClientHello is fragmented. (The server can't insist on the | ||
| 1396 | particular protocol version it has chosen before the ServerHello | ||
| 1397 | message has informed the client about his choice.) | ||
| 1398 | [Bodo Moeller] | ||
| 1399 | |||
| 1400 | *) Load error codes if they are not already present instead of using a | ||
| 1401 | static variable. This allows them to be cleanly unloaded and reloaded. | ||
| 1402 | [Steve Henson] | ||
| 1403 | |||
| 1404 | Changes between 0.9.7k and 0.9.7l [28 Sep 2006] | ||
| 1405 | |||
| 1406 | *) Introduce limits to prevent malicious keys being able to | ||
| 1407 | cause a denial of service. (CVE-2006-2940) | ||
| 1408 | [Steve Henson, Bodo Moeller] | ||
| 1409 | |||
| 1410 | *) Fix ASN.1 parsing of certain invalid structures that can result | ||
| 1411 | in a denial of service. (CVE-2006-2937) [Steve Henson] | ||
| 1412 | |||
| 1413 | *) Fix buffer overflow in SSL_get_shared_ciphers() function. | ||
| 1414 | (CVE-2006-3738) [Tavis Ormandy and Will Drewry, Google Security Team] | ||
| 1415 | |||
| 1416 | *) Fix SSL client code which could crash if connecting to a | ||
| 1417 | malicious SSLv2 server. (CVE-2006-4343) | ||
| 1418 | [Tavis Ormandy and Will Drewry, Google Security Team] | ||
| 1419 | |||
| 1420 | *) Change ciphersuite string processing so that an explicit | ||
| 1421 | ciphersuite selects this one ciphersuite (so that "AES256-SHA" | ||
| 1422 | will no longer include "AES128-SHA"), and any other similar | ||
| 1423 | ciphersuite (same bitmap) from *other* protocol versions (so that | ||
| 1424 | "RC4-MD5" will still include both the SSL 2.0 ciphersuite and the | ||
| 1425 | SSL 3.0/TLS 1.0 ciphersuite). This is a backport combining | ||
| 1426 | changes from 0.9.8b and 0.9.8d. | ||
| 1427 | [Bodo Moeller] | ||
| 1428 | |||
| 1429 | Changes between 0.9.7j and 0.9.7k [05 Sep 2006] | ||
| 1430 | |||
| 1431 | *) Avoid PKCS #1 v1.5 signature attack discovered by Daniel Bleichenbacher | ||
| 1432 | (CVE-2006-4339) [Ben Laurie and Google Security Team] | ||
| 1433 | |||
| 1434 | *) Change the Unix randomness entropy gathering to use poll() when | ||
| 1435 | possible instead of select(), since the latter has some | ||
| 1436 | undesirable limitations. | ||
| 1437 | [Darryl Miles via Richard Levitte and Bodo Moeller] | ||
| 1438 | |||
| 1439 | *) Disable rogue ciphersuites: | ||
| 1440 | |||
| 1441 | - SSLv2 0x08 0x00 0x80 ("RC4-64-MD5") | ||
| 1442 | - SSLv3/TLSv1 0x00 0x61 ("EXP1024-RC2-CBC-MD5") | ||
| 1443 | - SSLv3/TLSv1 0x00 0x60 ("EXP1024-RC4-MD5") | ||
| 1444 | |||
| 1445 | The latter two were purportedly from | ||
| 1446 | draft-ietf-tls-56-bit-ciphersuites-0[01].txt, but do not really | ||
| 1447 | appear there. | ||
| 1448 | |||
| 1449 | Also deactive the remaining ciphersuites from | ||
| 1450 | draft-ietf-tls-56-bit-ciphersuites-01.txt. These are just as | ||
| 1451 | unofficial, and the ID has long expired. | ||
| 1452 | [Bodo Moeller] | ||
| 1453 | |||
| 1454 | *) Fix RSA blinding Heisenbug (problems sometimes occured on | ||
| 1455 | dual-core machines) and other potential thread-safety issues. | ||
| 1456 | [Bodo Moeller] | ||
| 1457 | |||
| 5 | Changes between 0.9.7i and 0.9.7j [04 May 2006] | 1458 | Changes between 0.9.7i and 0.9.7j [04 May 2006] |
| 6 | 1459 | ||
| 7 | *) Adapt fipsld and the build system to link against the validated FIPS | 1460 | *) Adapt fipsld and the build system to link against the validated FIPS |
diff --git a/src/lib/libssl/src/Configure b/src/lib/libssl/src/Configure index a38783dd98..1a9a59f969 100644 --- a/src/lib/libssl/src/Configure +++ b/src/lib/libssl/src/Configure | |||
| @@ -10,7 +10,7 @@ use strict; | |||
| 10 | 10 | ||
| 11 | # see INSTALL for instructions. | 11 | # see INSTALL for instructions. |
| 12 | 12 | ||
| 13 | my $usage="Usage: Configure [no-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-engine] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-dso] [no-krb5] [386] [[no-]fips] [debug] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--test-sanity] os/compiler[:flags]\n"; | 13 | my $usage="Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [enable-montasm] [no-asm] [no-dso] [no-krb5] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--test-sanity] os/compiler[:flags]\n"; |
| 14 | 14 | ||
| 15 | # Options: | 15 | # Options: |
| 16 | # | 16 | # |
| @@ -38,7 +38,6 @@ my $usage="Usage: Configure [no-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [- | |||
| 38 | # --test-sanity Make a number of sanity checks on the data in this file. | 38 | # --test-sanity Make a number of sanity checks on the data in this file. |
| 39 | # This is a debugging tool for OpenSSL developers. | 39 | # This is a debugging tool for OpenSSL developers. |
| 40 | # | 40 | # |
| 41 | # no-engine do not compile in any engine code. | ||
| 42 | # no-hw-xxx do not compile support for specific crypto hardware. | 41 | # no-hw-xxx do not compile support for specific crypto hardware. |
| 43 | # Generic OpenSSL-style methods relating to this support | 42 | # Generic OpenSSL-style methods relating to this support |
| 44 | # are always compiled but return NULL if the hardware | 43 | # are always compiled but return NULL if the hardware |
| @@ -55,7 +54,10 @@ my $usage="Usage: Configure [no-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [- | |||
| 55 | # [no-]zlib [don't] compile support for zlib compression. | 54 | # [no-]zlib [don't] compile support for zlib compression. |
| 56 | # zlib-dynamic Like "zlib", but the zlib library is expected to be a shared | 55 | # zlib-dynamic Like "zlib", but the zlib library is expected to be a shared |
| 57 | # library and will be loaded in run-time by the OpenSSL library. | 56 | # library and will be loaded in run-time by the OpenSSL library. |
| 57 | # enable-montasm 0.9.8 branch only: enable Montgomery x86 assembler backport | ||
| 58 | # from 0.9.9 | ||
| 58 | # 386 generate 80386 code | 59 | # 386 generate 80386 code |
| 60 | # no-sse2 disables IA-32 SSE2 code, above option implies no-sse2 | ||
| 59 | # no-<cipher> build without specified algorithm (rsa, idea, rc5, ...) | 61 | # no-<cipher> build without specified algorithm (rsa, idea, rc5, ...) |
| 60 | # -<xxx> +<xxx> compiler options are passed through | 62 | # -<xxx> +<xxx> compiler options are passed through |
| 61 | # | 63 | # |
| @@ -87,9 +89,15 @@ my $usage="Usage: Configure [no-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [- | |||
| 87 | # (intended for 64-bit CPUs running 32-bit OS). | 89 | # (intended for 64-bit CPUs running 32-bit OS). |
| 88 | # BF_PTR use 'pointer arithmatic' for Blowfish (unsafe on Alpha). | 90 | # BF_PTR use 'pointer arithmatic' for Blowfish (unsafe on Alpha). |
| 89 | # BF_PTR2 intel specific version (generic version is more efficient). | 91 | # BF_PTR2 intel specific version (generic version is more efficient). |
| 92 | # | ||
| 93 | # Following are set automatically by this script | ||
| 94 | # | ||
| 90 | # MD5_ASM use some extra md5 assember, | 95 | # MD5_ASM use some extra md5 assember, |
| 91 | # SHA1_ASM use some extra sha1 assember, must define L_ENDIAN for x86 | 96 | # SHA1_ASM use some extra sha1 assember, must define L_ENDIAN for x86 |
| 92 | # RMD160_ASM use some extra ripemd160 assember, | 97 | # RMD160_ASM use some extra ripemd160 assember, |
| 98 | # SHA256_ASM sha256_block is implemented in assembler | ||
| 99 | # SHA512_ASM sha512_block is implemented in assembler | ||
| 100 | # AES_ASM ASE_[en|de]crypt is implemented in assembler | ||
| 93 | 101 | ||
| 94 | my $x86_gcc_des="DES_PTR DES_RISC1 DES_UNROLL"; | 102 | my $x86_gcc_des="DES_PTR DES_RISC1 DES_UNROLL"; |
| 95 | 103 | ||
| @@ -108,19 +116,25 @@ my $tlib="-lnsl -lsocket"; | |||
| 108 | my $bits1="THIRTY_TWO_BIT "; | 116 | my $bits1="THIRTY_TWO_BIT "; |
| 109 | my $bits2="SIXTY_FOUR_BIT "; | 117 | my $bits2="SIXTY_FOUR_BIT "; |
| 110 | 118 | ||
| 111 | my $x86_elf_asm="asm/bn86-elf.o asm/co86-elf.o:asm/dx86-elf.o asm/yx86-elf.o:asm/bx86-elf.o:asm/mx86-elf.o:asm/sx86-elf.o:asm/cx86-elf.o:asm/rx86-elf.o:asm/rm86-elf.o:asm/r586-elf.o"; | 119 | my $x86_elf_asm="x86cpuid-elf.o:bn86-elf.o co86-elf.o MAYBE-MO86-elf.o:dx86-elf.o yx86-elf.o:ax86-elf.o:bx86-elf.o:mx86-elf.o:sx86-elf.o s512sse2-elf.o:cx86-elf.o:rx86-elf.o rc4_skey.o:rm86-elf.o:r586-elf.o"; |
| 112 | my $x86_out_asm="asm/bn86-out.o asm/co86-out.o:asm/dx86-out.o asm/yx86-out.o:asm/bx86-out.o:asm/mx86-out.o:asm/sx86-out.o:asm/cx86-out.o:asm/rx86-out.o:asm/rm86-out.o:asm/r586-out.o"; | 120 | my $x86_coff_asm="x86cpuid-cof.o:bn86-cof.o co86-cof.o MAYBE-MO86-cof.o:dx86-cof.o yx86-cof.o:ax86-cof.o:bx86-cof.o:mx86-cof.o:sx86-cof.o s512sse2-cof.o:cx86-cof.o:rx86-cof.o rc4_skey.o:rm86-cof.o:r586-cof.o"; |
| 113 | my $x86_bsdi_asm="asm/bn86bsdi.o asm/co86bsdi.o:asm/dx86bsdi.o asm/yx86bsdi.o:asm/bx86bsdi.o:asm/mx86bsdi.o:asm/sx86bsdi.o:asm/cx86bsdi.o:asm/rx86bsdi.o:asm/rm86bsdi.o:asm/r586bsdi.o"; | 121 | my $x86_out_asm="x86cpuid-out.o:bn86-out.o co86-out.o MAYBE-MO86-out.o:dx86-out.o yx86-out.o:ax86-out.o:bx86-out.o:mx86-out.o:sx86-out.o s512sse2-out.o:cx86-out.o:rx86-out.o rc4_skey.o:rm86-out.o:r586-out.o"; |
| 122 | |||
| 123 | my $x86_64_asm="x86_64cpuid.o:x86_64-gcc.o x86_64-mont.o::aes-x86_64.o::md5-x86_64.o:sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o::rc4-x86_64.o::"; | ||
| 124 | my $ia64_asm=":bn-ia64.o::aes_core.o aes_cbc.o aes-ia64.o:::sha1-ia64.o sha256-ia64.o sha512-ia64.o::rc4-ia64.o rc4_skey.o::"; | ||
| 114 | 125 | ||
| 115 | my $mips3_irix_asm="asm/mips3.o::::::::"; | 126 | my $no_asm="::::::::::"; |
| 116 | # There seems to be boundary faults in asm/alpha.s. | ||
| 117 | #my $alpha_asm="asm/alpha.o::::::::"; | ||
| 118 | my $alpha_asm="::::::::"; | ||
| 119 | 127 | ||
| 120 | # -DB_ENDIAN slows things down on a sparc for md5, but helps sha1. | 128 | # As for $BSDthreads. Idea is to maintain "collective" set of flags, |
| 121 | # So the md5_locl.h file has an undef B_ENDIAN if sun is defined | 129 | # which would cover all BSD flavors. -pthread applies to them all, |
| 130 | # but is treated differently. OpenBSD expands is as -D_POSIX_THREAD | ||
| 131 | # -lc_r, which is sufficient. FreeBSD 4.x expands it as -lc_r, | ||
| 132 | # which has to be accompanied by explicit -D_THREAD_SAFE and | ||
| 133 | # sometimes -D_REENTRANT. FreeBSD 5.x expands it as -lc_r, which | ||
| 134 | # seems to be sufficient? | ||
| 135 | my $BSDthreads="-pthread -D_THREAD_SAFE -D_REENTRANT"; | ||
| 122 | 136 | ||
| 123 | #config-string $cc : $cflags : $unistd : $thread_cflag : $sys_id : $lflags : $bn_ops : $bn_obj : $des_obj : $bf_obj : $md5_obj : $sha1_obj : $cast_obj : $rc4_obj : $rmd160_obj : $rc5_obj : $dso_scheme : $shared_target : $shared_cflag : $shared_ldflag : $shared_extension : $ranlib : $arflags | 137 | #config-string $cc : $cflags : $unistd : $thread_cflag : $sys_id : $lflags : $bn_ops : $cpuid_obj : $bn_obj : $des_obj : $aes_obj : $bf_obj : $md5_obj : $sha1_obj : $cast_obj : $rc4_obj : $rmd160_obj : $rc5_obj : $dso_scheme : $shared_target : $shared_cflag : $shared_ldflag : $shared_extension : $ranlib : $arflags |
| 124 | 138 | ||
| 125 | my %table=( | 139 | my %table=( |
| 126 | # File 'TABLE' (created by 'make TABLE') contains the data from this list, | 140 | # File 'TABLE' (created by 'make TABLE') contains the data from this list, |
| @@ -135,21 +149,28 @@ my %table=( | |||
| 135 | # Our development configs | 149 | # Our development configs |
| 136 | "purify", "purify gcc:-g -DPURIFY -Wall::(unknown)::-lsocket -lnsl::::", | 150 | "purify", "purify gcc:-g -DPURIFY -Wall::(unknown)::-lsocket -lnsl::::", |
| 137 | "debug", "gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -ggdb -g2 -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations -Werror::(unknown)::-lefence::::", | 151 | "debug", "gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -ggdb -g2 -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations -Werror::(unknown)::-lefence::::", |
| 138 | "debug-ben", "gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -O2 -Wall -Wshadow -Werror -pipe::(unknown)::::asm/bn86-elf.o asm/co86-elf.o", | 152 | "debug-ben", "gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown):::::bn86-elf.o co86-elf.o", |
| 139 | "debug-ben-openbsd","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DOPENSSL_OPENBSD_DEV_CRYPTO -DOPENSSL_NO_ASM -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown)::::", | 153 | "debug-ben-openbsd","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DOPENSSL_OPENBSD_DEV_CRYPTO -DOPENSSL_NO_ASM -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown)::::", |
| 140 | "debug-ben-openbsd-debug","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DOPENSSL_OPENBSD_DEV_CRYPTO -DOPENSSL_NO_ASM -g3 -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown)::::", | 154 | "debug-ben-openbsd-debug","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DOPENSSL_OPENBSD_DEV_CRYPTO -DOPENSSL_NO_ASM -g3 -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown)::::", |
| 141 | "debug-ben-debug", "gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -g3 -O2 -Wall -Wshadow -Werror -pipe::(unknown)::::::", | 155 | "debug-ben-debug", "gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -g3 -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown)::::::", |
| 142 | "debug-ben-strict", "gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DCONST_STRICT -O2 -Wall -Wshadow -Werror -Wpointer-arith -Wcast-qual -Wwrite-strings -pipe::(unknown)::::::", | 156 | "debug-ben-strict", "gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DCONST_STRICT -O2 -Wall -Wshadow -Werror -Wpointer-arith -Wcast-qual -Wwrite-strings -pipe::(unknown)::::::", |
| 143 | "debug-ben-fips-debug","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DOPENSSL_FIPS -g3 -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown)::::asm/bn86-elf.o asm/co86-elf.o", | ||
| 144 | "debug-rse","cc:-DTERMIOS -DL_ENDIAN -pipe -O -g -ggdb3 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}", | 157 | "debug-rse","cc:-DTERMIOS -DL_ENDIAN -pipe -O -g -ggdb3 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}", |
| 145 | "debug-bodo", "gcc:-DL_ENDIAN -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DBIO_PAIR_DEBUG -DPEDANTIC -g -m486 -pedantic -Wshadow -Wall::-D_REENTRANT:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}", | 158 | "debug-bodo", "gcc:-DL_ENDIAN -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBIO_PAIR_DEBUG -DPEDANTIC -g -march=i486 -pedantic -Wshadow -Wall::-D_REENTRANT:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}", |
| 146 | "debug-ulf", "gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -g -O2 -m486 -Wall -Werror -Wshadow -pipe::-D_REENTRANT:::${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}", | 159 | "debug-ulf", "gcc:-DTERMIOS -DL_ENDIAN -march=i486 -Wall -DBN_DEBUG -DBN_DEBUG_RAND -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -g -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations:::CYGWIN32:::${no_asm}:win32:cygwin-shared:::.dll", |
| 147 | "debug-steve", "gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DPEDANTIC -g -mcpu=i486 -pedantic -Wno-long-long -Wall -Werror -Wshadow -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn", | 160 | "debug-steve64", "gcc:-m64 -DL_ENDIAN -DTERMIO -DREF_CHECK -DCONF_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DPEDANTIC -DOPENSSL_NO_DEPRECATED -g -pedantic -Wall -Werror -Wno-long-long -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK BF_PTR2 DES_INT DES_UNROLL:${x86_64_asm}:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", |
| 148 | "debug-steve-linux-pseudo64", "gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DOPENSSL_NO_ASM -g -mcpu=i486 -Wall -Werror -Wshadow -pipe::-D_REENTRANT::-rdynamic -ldl:SIXTY_FOUR_BIT::dlfcn", | 161 | "debug-steve32", "gcc:-m32 -DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DPEDANTIC -DOPENSSL_NO_DEPRECATED -g -pedantic -Wno-long-long -Wall -Werror -Wshadow -pipe::-D_REENTRANT::-rdynamic -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC:-m32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", |
| 149 | "debug-levitte-linux-elf","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -Wshadow -Wcast-align -Wmissing-prototypes -Wno-long-long -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | 162 | "debug-steve", "gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DPEDANTIC -m32 -g -pedantic -Wno-long-long -Wall -Werror -Wshadow -pipe::-D_REENTRANT::-rdynamic -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared", |
| 150 | "debug-levitte-linux-noasm","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -Wshadow -Wcast-align -Wmissing-prototypes -Wno-long-long -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | 163 | "debug-steve-opt", "gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DPEDANTIC -m32 -O3 -g -pedantic -Wno-long-long -Wall -Werror -Wshadow -pipe::-D_REENTRANT::-rdynamic -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared", |
| 151 | "debug-levitte-linux-elf-extreme","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wmissing-prototypes -Wconversion -Wno-long-long -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | 164 | "debug-steve-linux-pseudo64", "gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DOPENSSL_NO_ASM -g -mcpu=i486 -Wall -Werror -Wshadow -pipe::-D_REENTRANT::-rdynamic -ldl:SIXTY_FOUR_BIT:${no_asm}:dlfcn:linux-shared", |
| 152 | "debug-levitte-linux-noasm-extreme","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wmissing-prototypes -Wconversion -Wno-long-long -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | 165 | "debug-levitte-linux-elf","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", |
| 166 | "debug-levitte-linux-noasm","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | ||
| 167 | "debug-levitte-linux-elf-extreme","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | ||
| 168 | "debug-levitte-linux-noasm-extreme","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | ||
| 169 | "debug-geoff","gcc:-DBN_DEBUG -DBN_DEBUG_RAND -DBN_STRICT -DPURIFY -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_ASM -DOPENSSL_NO_INLINE_ASM -DL_ENDIAN -DTERMIO -DPEDANTIC -O1 -ggdb2 -Wall -Werror -Wundef -pedantic -Wshadow -Wpointer-arith -Wbad-function-cast -Wcast-align -Wsign-compare -Wmissing-prototypes -Wmissing-declarations -Wno-long-long::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | ||
| 170 | "debug-linux-pentium","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -mcpu=pentium -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn", | ||
| 171 | "debug-linux-ppro","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -mcpu=pentiumpro -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn", | ||
| 172 | "debug-linux-elf","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -march=i486 -Wall::-D_REENTRANT::-lefence -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | ||
| 173 | "debug-linux-elf-noefence","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -march=i486 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | ||
| 153 | "dist", "cc:-O::(unknown)::::::", | 174 | "dist", "cc:-O::(unknown)::::::", |
| 154 | 175 | ||
| 155 | # Basic configs that should work on any (32 and less bit) box | 176 | # Basic configs that should work on any (32 and less bit) box |
| @@ -157,10 +178,8 @@ my %table=( | |||
| 157 | "cc", "cc:-O::(unknown)::::::", | 178 | "cc", "cc:-O::(unknown)::::::", |
| 158 | 179 | ||
| 159 | ####VOS Configurations | 180 | ####VOS Configurations |
| 160 | "vos-gcc","gcc:-b hppa1.1-stratus-vos -O3 -Wall -Wuninitialized -D_POSIX_C_SOURCE=200112L -D_BSD::(unknown):VOS:-Wl,-map:BN_LLONG:::::::::::::.so:", | 181 | "vos-gcc","gcc:-O3 -Wall -D_POSIX_C_SOURCE=200112L -D_BSD -DB_ENDIAN::(unknown):VOS:-Wl,-map:BN_LLONG:${no_asm}:::::.so:", |
| 161 | "debug-vos-gcc","gcc:-b hppa1.1-stratus-vos -O0 -g -Wall -D_POSIX_C_SOURCE=200112L -D_BSD -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG::(unknown):VOS:-Wl,-map:BN_LLONG:::::::::::::.so:", | 182 | "debug-vos-gcc","gcc:-O0 -g -Wall -D_POSIX_C_SOURCE=200112L -D_BSD -DB_ENDIAN -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG::(unknown):VOS:-Wl,-map:BN_LLONG:${no_asm}:::::.so:", |
| 162 | "vos-vcc","vcc:-b i386-stratus-vos -O3 -D_POSIX_C_SOURCE=200112L -D_BSD::(unknown):VOS:-Wl,-map::::::::::::::.so:", | ||
| 163 | "debug-vos-vcc","vcc:-b i386-stratus-vos -O0 -g -D_POSIX_C_SOURCE=200112L -D_BSD -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG::(unknown):VOS:-Wl,-map::::::::::::::.so:", | ||
| 164 | 183 | ||
| 165 | #### Solaris x86 with GNU C setups | 184 | #### Solaris x86 with GNU C setups |
| 166 | # -DOPENSSL_NO_INLINE_ASM switches off inline assembler. We have to do it | 185 | # -DOPENSSL_NO_INLINE_ASM switches off inline assembler. We have to do it |
| @@ -168,7 +187,7 @@ my %table=( | |||
| 168 | # surrounds it with #APP #NO_APP comment pair which (at least Solaris | 187 | # surrounds it with #APP #NO_APP comment pair which (at least Solaris |
| 169 | # 7_x86) /usr/ccs/bin/as fails to assemble with "Illegal mnemonic" | 188 | # 7_x86) /usr/ccs/bin/as fails to assemble with "Illegal mnemonic" |
| 170 | # error message. | 189 | # error message. |
| 171 | "solaris-x86-gcc","gcc:-O3 -fomit-frame-pointer -m486 -Wall -DL_ENDIAN -DOPENSSL_NO_INLINE_ASM::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | 190 | "solaris-x86-gcc","gcc:-O3 -fomit-frame-pointer -march=pentium -Wall -DL_ENDIAN -DOPENSSL_NO_INLINE_ASM::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", |
| 172 | # -shared -static-libgcc might appear controversial, but modules taken | 191 | # -shared -static-libgcc might appear controversial, but modules taken |
| 173 | # from static libgcc do not have relocations and linking them into our | 192 | # from static libgcc do not have relocations and linking them into our |
| 174 | # shared objects doesn't have any negative side-effects. On the contrary, | 193 | # shared objects doesn't have any negative side-effects. On the contrary, |
| @@ -177,69 +196,50 @@ my %table=( | |||
| 177 | # actually recommend to consider using gcc shared build even with vendor | 196 | # actually recommend to consider using gcc shared build even with vendor |
| 178 | # compiler:-) | 197 | # compiler:-) |
| 179 | # <appro@fy.chalmers.se> | 198 | # <appro@fy.chalmers.se> |
| 180 | "solaris64-x86_64-gcc","gcc:-m64 -O3 -Wall -DL_ENDIAN -DMD32_REG_T=int::-D_REENTRANT::-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK RC4_CHAR BF_PTR2 DES_INT DES_UNROLL:asm/x86_64-gcc.o::::::asm/rc4-x86_64.o:::dlfcn:solaris-shared:-fPIC:-m64 -shared -static-libgcc:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | 199 | "solaris64-x86_64-gcc","gcc:-m64 -O3 -Wall -DL_ENDIAN -DMD32_REG_T=int::-D_REENTRANT::-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK BF_PTR2 DES_INT DES_UNROLL:${x86_64_asm}:dlfcn:solaris-shared:-fPIC:-m64 -shared -static-libgcc:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", |
| 181 | 200 | ||
| 182 | #### Solaris x86 with Sun C setups | 201 | #### Solaris x86 with Sun C setups |
| 183 | "solaris-x86-cc","cc:-fast -O -Xa::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_UNROLL BF_PTR::::::::::dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | 202 | "solaris-x86-cc","cc:-fast -O -Xa::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_UNROLL BF_PTR:${no_asm}:dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", |
| 184 | "solaris64-x86_64-cc","cc:-fast -xarch=amd64 -xstrconst -Xa -DL_ENDIAN::-D_REENTRANT::-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK RC4_CHAR BF_PTR2 DES_INT DES_UNROLL::::::::::dlfcn:solaris-shared:-KPIC:-xarch=amd64 -G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | 203 | "solaris64-x86_64-cc","cc:-fast -xarch=amd64 -xstrconst -Xa -DL_ENDIAN::-D_REENTRANT::-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK BF_PTR2 DES_INT DES_UNROLL:${x86_64_asm}:dlfcn:solaris-shared:-KPIC:-xarch=amd64 -G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", |
| 185 | 204 | ||
| 186 | #### SPARC Solaris with GNU C setups | 205 | #### SPARC Solaris with GNU C setups |
| 187 | "solaris-sparcv7-gcc","gcc:-O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::::::::::dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | 206 | "solaris-sparcv7-gcc","gcc:-O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${no_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", |
| 188 | "solaris-sparcv8-gcc","gcc:-mv8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8.o:::::::::dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | 207 | "solaris-sparcv8-gcc","gcc:-mv8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::sparcv8.o:des_enc-sparc.o fcrypt_b.o:::::::::dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", |
| 189 | # -m32 should be safe to add as long as driver recognizes -mcpu=ultrasparc | 208 | # -m32 should be safe to add as long as driver recognizes -mcpu=ultrasparc |
| 190 | "solaris-sparcv9-gcc","gcc:-m32 -mcpu=ultrasparc -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus.o:::asm/md5-sparcv8plus.o::::::dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | 209 | "solaris-sparcv9-gcc","gcc:-m32 -mcpu=ultrasparc -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::sparcv8plus.o:des_enc-sparc.o fcrypt_b.o:::::::::dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", |
| 191 | "solaris64-sparcv9-gcc31","gcc:-mcpu=ultrasparc -m64 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR::::asm/md5-sparcv9.o::::::dlfcn:solaris-shared:-fPIC:-m64 -shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | 210 | "solaris64-sparcv9-gcc","gcc:-m64 -mcpu=ultrasparc -O3 -Wall -DB_ENDIAN::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:::des_enc-sparc.o fcrypt_b.o:::::::::dlfcn:solaris-shared:-fPIC:-m64 -shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", |
| 192 | # gcc pre-2.8 doesn't understand -mcpu=ultrasparc, so fall down to -mv8 | ||
| 193 | # but keep the assembler modules. | ||
| 194 | "solaris-sparcv9-gcc27","gcc:-mv8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus-gcc27.o:::asm/md5-sparcv8plus-gcc27.o::::::dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | ||
| 195 | "solaris64-sparcv9-gcc","gcc:-m64 -mcpu=ultrasparc -O3 -Wall -DB_ENDIAN::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR::::asm/md5-sparcv9.o::::::dlfcn:solaris-shared:-fPIC:-m64 -shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | ||
| 196 | |||
| 197 | #### | 211 | #### |
| 198 | "debug-solaris-sparcv8-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -O -g -mv8 -Wall -DB_ENDIAN::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8.o:::::::::dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | 212 | "debug-solaris-sparcv8-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG_ALL -O -g -mv8 -Wall -DB_ENDIAN::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::sparcv8.o::::::::::dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", |
| 199 | "debug-solaris-sparcv9-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -O -g -mcpu=ultrasparc -Wall -DB_ENDIAN::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus.o:::::::::dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | 213 | "debug-solaris-sparcv9-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG_ALL -DPEDANTIC -O -g -mcpu=ultrasparc -pedantic -ansi -Wall -Wshadow -Wno-long-long -D__EXTENSIONS__ -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::sparcv8plus.o:des_enc-sparc.o fcrypt_b.o:::::::::dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", |
| 200 | 214 | ||
| 201 | #### SPARC Solaris with Sun C setups | 215 | #### SPARC Solaris with Sun C setups |
| 202 | # DO NOT use /xO[34] on sparc with SC3.0. It is broken, and will not pass the tests | ||
| 203 | "solaris-sparc-sc3","cc:-fast -O -Xa -DB_ENDIAN::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_UNROLL BF_PTR::::::::::dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | ||
| 204 | # SC4.0 doesn't pass 'make test', upgrade to SC5.0 or SC4.2. | 216 | # SC4.0 doesn't pass 'make test', upgrade to SC5.0 or SC4.2. |
| 205 | # SC4.2 is ok, better than gcc even on bn as long as you tell it -xarch=v8 | 217 | # SC4.2 is ok, better than gcc even on bn as long as you tell it -xarch=v8 |
| 206 | # SC5.0 note: Compiler common patch 107357-01 or later is required! | 218 | # SC5.0 note: Compiler common patch 107357-01 or later is required! |
| 207 | "solaris-sparcv7-cc","cc:-xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR::::::::::dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | 219 | "solaris-sparcv7-cc","cc:-xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${no_asm}:dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", |
| 208 | "solaris-sparcv8-cc","cc:-xarch=v8 -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparcv8.o:::::::::dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | 220 | "solaris-sparcv8-cc","cc:-xarch=v8 -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR::sparcv8.o:des_enc-sparc.o fcrypt_b.o:::::::::dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", |
| 209 | "solaris-sparcv9-cc","cc:-xtarget=ultra -xarch=v8plus -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK_LL DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparcv8plus.o:::asm/md5-sparcv8plus.o::::::dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | 221 | "solaris-sparcv9-cc","cc:-xtarget=ultra -xarch=v8plus -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK_LL DES_PTR DES_RISC1 DES_UNROLL BF_PTR::sparcv8plus.o:des_enc-sparc.o fcrypt_b.o:::::::::dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", |
| 210 | "solaris64-sparcv9-cc","cc:-xtarget=ultra -xarch=v9 -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR::::asm/md5-sparcv9.o::::::dlfcn:solaris-shared:-KPIC:-xarch=v9 -G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):/usr/ccs/bin/ar rs", | 222 | "solaris64-sparcv9-cc","cc:-xtarget=ultra -xarch=v9 -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:::des_enc-sparc.o fcrypt_b.o:::::::::dlfcn:solaris-shared:-KPIC:-xarch=v9 -G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):/usr/ccs/bin/ar rs", |
| 211 | #### | 223 | #### |
| 212 | "debug-solaris-sparcv8-cc","cc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -xarch=v8 -g -O -xstrconst -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparcv8.o:::::::::dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | 224 | "debug-solaris-sparcv8-cc","cc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG_ALL -xarch=v8 -g -O -xstrconst -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR::sparcv8.o::::::::::dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", |
| 213 | "debug-solaris-sparcv9-cc","cc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -xtarget=ultra -xarch=v8plus -g -O -xstrconst -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK_LL DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparcv8plus.o:::asm/md5-sparcv8plus.o::::::dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | 225 | "debug-solaris-sparcv9-cc","cc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG_ALL -xtarget=ultra -xarch=v8plus -g -O -xstrconst -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK_LL DES_PTR DES_RISC1 DES_UNROLL BF_PTR::sparcv8plus.o::::::::::dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", |
| 214 | |||
| 215 | #### SPARC Linux setups | ||
| 216 | "linux-sparcv7","gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::", | ||
| 217 | # Ray Miller <ray.miller@computing-services.oxford.ac.uk> has patiently | ||
| 218 | # assisted with debugging of following two configs. | ||
| 219 | "linux-sparcv8","gcc:-mv8 -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8.o:::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | ||
| 220 | # it's a real mess with -mcpu=ultrasparc option under Linux, but | ||
| 221 | # -Wa,-Av8plus should do the trick no matter what. | ||
| 222 | "linux-sparcv9","gcc:-mcpu=ultrasparc -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -Wa,-Av8plus -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus.o:::asm/md5-sparcv8plus.o::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | ||
| 223 | # GCC 3.1 is a requirement | ||
| 224 | "linux64-sparcv9","gcc:-m64 -mcpu=ultrasparc -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:ULTRASPARC:-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::::asm/md5-sparcv9.o::::::dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | ||
| 225 | 226 | ||
| 226 | # Sunos configs, assuming sparc for the gcc one. | 227 | #### SunOS configs, assuming sparc for the gcc one. |
| 227 | ##"sunos-cc", "cc:-O4 -DNOPROTO -DNOCONST::(unknown):SUNOS::DES_UNROLL:::", | 228 | #"sunos-cc", "cc:-O4 -DNOPROTO -DNOCONST::(unknown):SUNOS::DES_UNROLL:${no_asm}::", |
| 228 | "sunos-gcc","gcc:-O3 -mv8 -Dssize_t=int::(unknown):SUNOS::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL DES_PTR DES_RISC1:::", | 229 | "sunos-gcc","gcc:-O3 -mv8 -Dssize_t=int::(unknown):SUNOS::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL DES_PTR DES_RISC1:${no_asm}::", |
| 229 | 230 | ||
| 230 | #### IRIX 5.x configs | 231 | #### IRIX 5.x configs |
| 231 | # -mips2 flag is added by ./config when appropriate. | 232 | # -mips2 flag is added by ./config when appropriate. |
| 232 | "irix-gcc","gcc:-O3 -DTERMIOS -DB_ENDIAN::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX RC4_CHAR RC4_CHUNK DES_UNROLL DES_RISC2 DES_PTR BF_PTR::::::::::dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | 233 | "irix-gcc","gcc:-O3 -DTERMIOS -DB_ENDIAN::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX RC4_CHAR RC4_CHUNK DES_UNROLL DES_RISC2 DES_PTR BF_PTR:${no_asm}:dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", |
| 233 | "irix-cc", "cc:-O2 -use_readonly_const -DTERMIOS -DB_ENDIAN::(unknown):::BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC2 DES_UNROLL BF_PTR::::::::::dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | 234 | "irix-cc", "cc:-O2 -use_readonly_const -DTERMIOS -DB_ENDIAN::(unknown):::BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC2 DES_UNROLL BF_PTR:${no_asm}:dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", |
| 234 | #### IRIX 6.x configs | 235 | #### IRIX 6.x configs |
| 235 | # Only N32 and N64 ABIs are supported. If you need O32 ABI build, invoke | 236 | # Only N32 and N64 ABIs are supported. If you need O32 ABI build, invoke |
| 236 | # './Configure irix-cc -o32' manually. | 237 | # './Configure irix-cc -o32' manually. |
| 237 | # -mips4 flag is added by ./config when appropriate. | 238 | "irix-mips3-gcc","gcc:-mabi=n32 -O3 -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::MD2_CHAR RC4_INDEX RC4_CHAR RC4_CHUNK_LL DES_UNROLL DES_RISC2 DES_PTR BF_PTR SIXTY_FOUR_BIT::bn-mips3.o::::::::::dlfcn:irix-shared::-mabi=n32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", |
| 238 | "irix-mips3-gcc","gcc:-mabi=n32 -mmips-as -O3 -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::MD2_CHAR RC4_INDEX RC4_CHAR RC4_CHUNK_LL DES_UNROLL DES_RISC2 DES_PTR BF_PTR SIXTY_FOUR_BIT:${mips3_irix_asm}:dlfcn:irix-shared::-mabi=n32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | 239 | "irix-mips3-cc", "cc:-n32 -mips3 -O2 -use_readonly_const -G0 -rdata_shared -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::DES_PTR RC4_CHAR RC4_CHUNK_LL DES_RISC2 DES_UNROLL BF_PTR SIXTY_FOUR_BIT::bn-mips3.o::::::::::dlfcn:irix-shared::-n32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", |
| 239 | "irix-mips3-cc", "cc:-n32 -mips3 -O2 -use_readonly_const -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::DES_PTR RC4_CHAR RC4_CHUNK_LL DES_RISC2 DES_UNROLL BF_PTR SIXTY_FOUR_BIT:${mips3_irix_asm}:dlfcn:irix-shared::-n32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | ||
| 240 | # N64 ABI builds. | 240 | # N64 ABI builds. |
| 241 | "irix64-mips4-gcc","gcc:-mabi=64 -mips4 -mmips-as -O3 -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG:${mips3_irix_asm}:dlfcn:irix-shared::-mabi=64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | 241 | "irix64-mips4-gcc","gcc:-mabi=64 -mips4 -O3 -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG::bn-mips3.o::::::::::dlfcn:irix-shared::-mabi=64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", |
| 242 | "irix64-mips4-cc", "cc:-64 -mips4 -O2 -use_readonly_const -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG:${mips3_irix_asm}:dlfcn:irix-shared::-64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | 242 | "irix64-mips4-cc", "cc:-64 -mips4 -O2 -use_readonly_const -G0 -rdata_shared -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG::bn-mips3.o::::::::::dlfcn:irix-shared::-64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", |
| 243 | 243 | ||
| 244 | #### Unified HP-UX ANSI C configs. | 244 | #### Unified HP-UX ANSI C configs. |
| 245 | # Special notes: | 245 | # Special notes: |
| @@ -258,7 +258,7 @@ my %table=( | |||
| 258 | # suitable for execution on the host you're currently compiling at. | 258 | # suitable for execution on the host you're currently compiling at. |
| 259 | # If the toolkit is ment to be used on various PA-RISC processors | 259 | # If the toolkit is ment to be used on various PA-RISC processors |
| 260 | # consider './config +DAportable'. | 260 | # consider './config +DAportable'. |
| 261 | # - +DD64 is chosen in favour of +DA2.0W because it's ment to be | 261 | # - +DD64 is chosen in favour of +DA2.0W because it's meant to be |
| 262 | # compatible with *future* releases. | 262 | # compatible with *future* releases. |
| 263 | # - If you run ./Configure hpux-parisc-[g]cc manually don't forget to | 263 | # - If you run ./Configure hpux-parisc-[g]cc manually don't forget to |
| 264 | # pass -D_REENTRANT on HP-UX 10 and later. | 264 | # pass -D_REENTRANT on HP-UX 10 and later. |
| @@ -269,106 +269,77 @@ my %table=( | |||
| 269 | # crypto/sha/sha_lcl.h. | 269 | # crypto/sha/sha_lcl.h. |
| 270 | # <appro@fy.chalmers.se> | 270 | # <appro@fy.chalmers.se> |
| 271 | # | 271 | # |
| 272 | #!#"hpux-parisc-cc","cc:-Ae +O3 +ESlit -z -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY::::-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl", | ||
| 273 | # Since there is mention of this in shlib/hpux10-cc.sh | 272 | # Since there is mention of this in shlib/hpux10-cc.sh |
| 274 | "hpux-parisc-cc-o4","cc:-Ae +O4 +ESlit -z -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY::::-Wl,+cdp,../%3a,+cdp,./%3a,+s,+b,\$(INSTALLTOP)/lib -ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:+Z:-b:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | 273 | "hpux-parisc-cc-o4","cc:-Ae +O4 +ESlit -z -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY::-D_REENTRANT::-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1:${no_asm}:dl:hpux-shared:+Z:-b:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", |
| 275 | "hpux-parisc-gcc","gcc:-O3 -DB_ENDIAN -DBN_DIV2W::::-Wl,+cdp,../%3a,+cdp,./%3a,+s,+b,\$(INSTALLTOP)/lib -ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:-fPIC:-shared:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | 274 | "hpux-parisc-gcc","gcc:-O3 -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-Wl,+s -ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1:${no_asm}:dl:hpux-shared:-fPIC:-shared:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", |
| 276 | "hpux64-parisc-cc","cc:-Ae +DD64 +O3 +ESlit -z -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT::-Wl,+s,+b,\$(INSTALLTOP)/lib -ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::::::::::dlfcn:hpux-shared:+Z:+DD64 -b:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | 275 | "hpux-parisc2-gcc","gcc:-march=2.0 -O3 -DB_ENDIAN -D_REENTRANT::::-Wl,+s -ldld:SIXTY_FOUR_BIT RC4_CHAR RC4_CHUNK DES_PTR DES_UNROLL DES_RISC1::pa-risc2.o::::::::::dl:hpux-shared:-fPIC:-shared:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", |
| 277 | # 64bit PARISC for GCC without optimization, which seems to make problems. | 276 | "hpux64-parisc2-gcc","gcc:-O3 -DB_ENDIAN -D_REENTRANT::::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::pa-risc2W.o::::::::::dlfcn:hpux-shared:-fpic:-shared:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", |
| 278 | # Submitted by <ross.alexander@uk.neceur.com> | ||
| 279 | "hpux64-parisc-gcc","gcc:-DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT::-Wl,+s,+b,\$(INSTALLTOP)/lib -ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::::::::::dlfcn:hpux-shared:-fpic:-shared:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | ||
| 280 | "hpux64-parisc2-gcc","gcc:-O3 -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT::-Wl,+s,+b,\$(INSTALLTOP)/lib -ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:asm/pa-risc2W.o:::::::::dlfcn:hpux-shared:-fPIC:-shared:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | ||
| 281 | |||
| 282 | # IA-64 targets | ||
| 283 | "hpux-ia64-cc","cc:-Ae +DD32 +O3 +Olit=all -z -DB_ENDIAN::-D_REENTRANT::-Wl,+s,+b,\$(INSTALLTOP)/lib -ldl:SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:asm/ia64-cpp.o::::asm/sha1-ia64.o::asm/rc4-ia64.o:::dlfcn:hpux-shared:+Z:-b:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | ||
| 284 | # Frank Geurts <frank.geurts@nl.abnamro.com> has patiently assisted with | ||
| 285 | # with debugging of the following config. | ||
| 286 | "hpux64-ia64-cc","cc:-Ae +DD64 +O3 +Olit=all -z -DB_ENDIAN::-D_REENTRANT::-Wl,+s,+b,\$(INSTALLTOP)/lib -ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:asm/ia64-cpp.o::::asm/sha1-ia64.o::asm/rc4-ia64.o:::dlfcn:hpux-shared:+Z:+DD64 -b:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | ||
| 287 | 277 | ||
| 288 | # More attempts at unified 10.X and 11.X targets for HP C compiler. | 278 | # More attempts at unified 10.X and 11.X targets for HP C compiler. |
| 289 | # | 279 | # |
| 290 | # Chris Ruemmler <ruemmler@cup.hp.com> | 280 | # Chris Ruemmler <ruemmler@cup.hp.com> |
| 291 | # Kevin Steves <ks@hp.se> | 281 | # Kevin Steves <ks@hp.se> |
| 292 | "hpux-parisc-cc","cc:+O3 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY::-D_REENTRANT::-Wl,+cdp,../%3a,+cdp,./%3a,+s,+b,\$(INSTALLTOP)/lib -ldld:MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::::::::::dl:hpux-shared:+Z:-b:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | 282 | "hpux-parisc-cc","cc:+O3 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY::-D_REENTRANT::-Wl,+s -ldld:MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:${no_asm}:dl:hpux-shared:+Z:-b:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", |
| 293 | "hpux-parisc2-cc","cc:+DA2.0 +DS2.0 +O3 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT::-Wl,+cdp,../%3a,+cdp,./%3a,+s,+b,\$(INSTALLTOP)/lib -ldld:SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:asm/pa-risc2.o:::::::::dl:hpux-shared:+Z:-b:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | 283 | "hpux-parisc1_0-cc","cc:+DAportable +O3 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT::-Wl,+s -ldld:MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:${no_asm}:dl:hpux-shared:+Z:-b:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", |
| 294 | "hpux64-parisc2-cc","cc:+DD64 +O3 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT::-Wl,+s,+b,\$(INSTALLTOP)/lib -ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:asm/pa-risc2W.o:::::::::dlfcn:hpux-shared:+Z:+DD64 -b:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | 284 | "hpux-parisc2-cc","cc:+DA2.0 +DS2.0 +O3 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY -D_REENTRANT::::-Wl,+s -ldld:SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::pa-risc2.o::::::::::dl:hpux-shared:+Z:-b:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", |
| 295 | # Isn't the line below meaningless? HP-UX cc optimizes for host by default. | 285 | "hpux64-parisc2-cc","cc:+DD64 +O3 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY -D_REENTRANT::::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::pa-risc2W.o::::::::::dlfcn:hpux-shared:+Z:+DD64 -b:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", |
| 296 | # hpux-parisc1_0-cc with +DAportable flag would make more sense. <appro> | ||
| 297 | "hpux-parisc1_1-cc","cc:+DA1.1 +DS1.1 +O3 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT::-Wl,+cdp,../%3a,+cdp,./%3a,+s,+b,\$(INSTALLTOP)/lib -ldld:MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::::::::::dl:hpux-shared:+Z:-b:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | ||
| 298 | |||
| 299 | # HPUX 9.X config. | ||
| 300 | # Don't use the bundled cc. It is broken. Use HP ANSI C if possible, or | ||
| 301 | # egcs. gcc 2.8.1 is also broken. | ||
| 302 | |||
| 303 | "hpux-cc", "cc:-DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY -Ae +ESlit +O3 -z::(unknown)::-Wl,+s,+b,\$(INSTALLTOP)/lib -ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:+Z:-b:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | ||
| 304 | # If hpux-cc fails (e.g. during "make test"), try the next one; otherwise, | ||
| 305 | # please report your OS and compiler version to the openssl-bugs@openssl.org | ||
| 306 | # mailing list. | ||
| 307 | "hpux-brokencc", "cc:-DB_ENDIAN -DBN_DIV2W -Ae +ESlit +O2 -z::(unknown)::-Wl,+s,+b,\$(INSTALLTOP)/lib -ldld:DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:+Z:-b:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | ||
| 308 | |||
| 309 | "hpux-gcc", "gcc:-DB_ENDIAN -DBN_DIV2W -O3::(unknown)::-Wl,+s,+b,\$(INSTALLTOP)/lib -ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:-fPIC:-shared:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | ||
| 310 | # If hpux-gcc fails, try this one: | ||
| 311 | "hpux-brokengcc", "gcc:-DB_ENDIAN -DBN_DIV2W -O3::(unknown)::-Wl,+s,+b,\$(INSTALLTOP)/lib -ldld:DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:-fPIC:-shared:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | ||
| 312 | |||
| 313 | # HPUX 9.X on Motorola 68k platforms with gcc | ||
| 314 | "hpux-m68k-gcc", "gcc:-DB_ENDIAN -DBN_DIV2W -O3::(unknown):::BN_LLONG DES_PTR DES_UNROLL:::::::::::::", | ||
| 315 | |||
| 316 | # HPUX 10.X config. Supports threads. | ||
| 317 | "hpux10-cc", "cc:-DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY -Ae +ESlit +O3 -z::-D_REENTRANT::-Wl,+s,+b,\$(INSTALLTOP)/lib -ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:+Z:-b:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | ||
| 318 | # If hpux10-cc fails, try this one (if still fails, try deleting BN_LLONG): | ||
| 319 | "hpux10-brokencc", "cc:-DB_ENDIAN -DBN_DIV2W -Ae +ESlit +O2 -z::-D_REENTRANT::-Wl,+s,+b,\$(INSTALLTOP)/lib -ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:+Z:-b:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | ||
| 320 | |||
| 321 | "hpux10-gcc", "gcc:-DB_ENDIAN -DBN_DIV2W -O3::-D_REENTRANT::-Wl,+s,+b,\$(INSTALLTOP)/lib -ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:-fPIC:-shared:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | ||
| 322 | # If hpux10-gcc fails, try this one: | ||
| 323 | "hpux10-brokengcc", "gcc:-DB_ENDIAN -DBN_DIV2W -O3::-D_REENTRANT::-Wl,+s,+b,\$(INSTALLTOP)/lib -ldld:DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:-fPIC:-shared:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | ||
| 324 | |||
| 325 | # HPUX 11.X from www.globus.org. | ||
| 326 | # Only works on PA-RISC 2.0 cpus, and not optimized. Why? | ||
| 327 | #"hpux11-32bit-cc","cc:+DA2.0 -DB_ENDIAN -D_HPUX_SOURCE -Aa -Ae +ESlit::-D_REENTRANT:::DES_PTR DES_UNROLL DES_RISC1:::", | ||
| 328 | #"hpux11-64bit-cc","cc:+DA2.0W -g -D_HPUX_SOURCE -Aa -Ae +ESlit::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT :::", | ||
| 329 | # Use unified settings above instead. | ||
| 330 | 286 | ||
| 331 | #### HP MPE/iX http://jazz.external.hp.com/src/openssl/ | 287 | # HP/UX IA-64 targets |
| 332 | "MPE/iX-gcc", "gcc:-D_ENDIAN -DBN_DIV2W -O3 -D_POSIX_SOURCE -D_SOCKET_SOURCE -I/SYSLOG/PUB::(unknown):MPE:-L/SYSLOG/PUB -lsyslog -lsocket -lcurses:BN_LLONG DES_PTR DES_UNROLL DES_RISC1:::", | 288 | "hpux-ia64-cc","cc:-Ae +DD32 +O2 +Olit=all -z -DB_ENDIAN -D_REENTRANT::::-ldl:SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX DES_UNROLL DES_RISC1 DES_INT:${ia64_asm}:dlfcn:hpux-shared:+Z:+DD32 -b:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", |
| 289 | # Frank Geurts <frank.geurts@nl.abnamro.com> has patiently assisted with | ||
| 290 | # with debugging of the following config. | ||
| 291 | "hpux64-ia64-cc","cc:-Ae +DD64 +O3 +Olit=all -z -DB_ENDIAN -D_REENTRANT::::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX DES_UNROLL DES_RISC1 DES_INT:${ia64_asm}:dlfcn:hpux-shared:+Z:+DD64 -b:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | ||
| 292 | # GCC builds... | ||
| 293 | "hpux-ia64-gcc","gcc:-O3 -DB_ENDIAN -D_REENTRANT::::-ldl:SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX DES_UNROLL DES_RISC1 DES_INT:${ia64_asm}:dlfcn:hpux-shared:-fpic:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | ||
| 294 | "hpux64-ia64-gcc","gcc:-mlp64 -O3 -DB_ENDIAN -D_REENTRANT::::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX DES_UNROLL DES_RISC1 DES_INT:${ia64_asm}:dlfcn:hpux-shared:-fpic:-mlp64 -shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | ||
| 333 | 295 | ||
| 334 | #### PARISC Linux setups | 296 | # Legacy HPUX 9.X configs... |
| 335 | "linux-parisc","gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -DBN_DIV2W::-D_REENTRANT:::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::", | 297 | "hpux-cc", "cc:-DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY -Ae +ESlit +O2 -z::(unknown)::-Wl,+s -ldld:DES_PTR DES_UNROLL DES_RISC1:${no_asm}:dl:hpux-shared:+Z:-b:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", |
| 298 | "hpux-gcc", "gcc:-DB_ENDIAN -DBN_DIV2W -O3::(unknown)::-Wl,+s -ldld:DES_PTR DES_UNROLL DES_RISC1:${no_asm}:dl:hpux-shared:-fPIC:-shared:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | ||
| 336 | 299 | ||
| 337 | # Dec Alpha, OSF/1 - the alpha164-cc is historical, for the conversion | 300 | #### HP MPE/iX http://jazz.external.hp.com/src/openssl/ |
| 338 | # from the older DEC C Compiler to the newer compiler. It's now the | 301 | "MPE/iX-gcc", "gcc:-D_ENDIAN -DBN_DIV2W -O3 -D_POSIX_SOURCE -D_SOCKET_SOURCE -I/SYSLOG/PUB::(unknown):MPE:-L/SYSLOG/PUB -lsyslog -lsocket -lcurses:BN_LLONG DES_PTR DES_UNROLL DES_RISC1:::", |
| 339 | # same as the preferred entry, alpha-cc. If you are still using the | 302 | |
| 340 | # older compiler (you're at 3.x or earlier, or perhaps very early 4.x) | 303 | # DEC Alpha OSF/1/Tru64 targets. |
| 341 | # you should use `alphaold-cc'. | ||
| 342 | # | 304 | # |
| 343 | # "What's in a name? That which we call a rose | 305 | # "What's in a name? That which we call a rose |
| 344 | # By any other word would smell as sweet." | 306 | # By any other word would smell as sweet." |
| 345 | # | 307 | # |
| 346 | # - William Shakespeare, "Romeo & Juliet", Act II, scene II. | 308 | # - William Shakespeare, "Romeo & Juliet", Act II, scene II. |
| 347 | # | 309 | # |
| 348 | # For OSF/1 3.2b and earlier, and Digital UNIX 3.2c - 3.2g, with the | ||
| 349 | # vendor compiler, use alphaold-cc. | ||
| 350 | # For Digital UNIX 4.0 - 4.0e, with the vendor compiler, use alpha-cc. | ||
| 351 | # For Tru64 UNIX 4.f - current, with the vendor compiler, use alpha-cc. | ||
| 352 | # | ||
| 353 | # There's also an alternate target available (which `config' will never | ||
| 354 | # select) called alpha-cc-rpath. This target builds an RPATH into the | ||
| 355 | # shared libraries, which is very convenient on Tru64 since binaries | ||
| 356 | # linked against that shared library will automatically inherit that RPATH, | ||
| 357 | # and hence know where to look for the openssl libraries, even if they're in | ||
| 358 | # an odd place. | ||
| 359 | # | ||
| 360 | # For gcc, the following gave a %50 speedup on a 164 over the 'DES_INT' version | 310 | # For gcc, the following gave a %50 speedup on a 164 over the 'DES_INT' version |
| 361 | # | 311 | # |
| 362 | "alpha-gcc","gcc:-O3::(unknown):::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_RISC1:${alpha_asm}:dlfcn:alpha-osf1-shared:::.so", | 312 | "osf1-alpha-gcc", "gcc:-O3::(unknown):::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_RISC1:${no_asm}:dlfcn:alpha-osf1-shared:::.so", |
| 363 | "alphaold-cc", "cc:-std1 -tune host -O4 -readonly_strings::(unknown):::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${alpha_asm}:dlfcn:alpha-osf1-shared:::.so", | 313 | "osf1-alpha-cc", "cc:-std1 -tune host -O4 -readonly_strings::(unknown):::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${no_asm}:dlfcn:alpha-osf1-shared:::.so", |
| 364 | "alpha164-cc", "cc:-std1 -tune host -fast -readonly_strings::-pthread:::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${alpha_asm}:dlfcn:tru64-shared:::.so", | 314 | "tru64-alpha-cc", "cc:-std1 -tune host -fast -readonly_strings::-pthread:::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${no_asm}:dlfcn:alpha-osf1-shared::-msym:.so", |
| 365 | "alpha-cc", "cc:-std1 -tune host -fast -readonly_strings::-pthread:::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${alpha_asm}:dlfcn:tru64-shared:::.so", | ||
| 366 | "alpha-cc-rpath", "cc:-std1 -tune host -fast -readonly_strings::-pthread:::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${alpha_asm}:dlfcn:tru64-shared-rpath:::.so", | ||
| 367 | # | ||
| 368 | # This probably belongs in a different section. | ||
| 369 | # | ||
| 370 | "FreeBSD-alpha","gcc:-DTERMIOS -O -fomit-frame-pointer::(unknown):::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC2::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | ||
| 371 | 315 | ||
| 316 | #### | ||
| 317 | #### Variety of LINUX:-) | ||
| 318 | #### | ||
| 319 | # *-generic* is endian-neutral target, but ./config is free to | ||
| 320 | # throw in -D[BL]_ENDIAN, whichever appropriate... | ||
| 321 | "linux-generic32","gcc:-DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | ||
| 322 | "linux-ppc", "gcc:-DB_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL::linux_ppc32.o::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | ||
| 323 | #### IA-32 targets... | ||
| 324 | "linux-ia32-icc", "icc:-DL_ENDIAN -DTERMIO -O2 -no_cpprt::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | ||
| 325 | "linux-elf", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | ||
| 326 | "linux-aout", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -march=i486 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}", | ||
| 327 | #### | ||
| 328 | "linux-generic64","gcc:-DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | ||
| 329 | "linux-ppc64", "gcc:-m64 -DB_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL::linux_ppc64.o::::::::::dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | ||
| 330 | "linux-ia64", "gcc:-DL_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | ||
| 331 | "linux-ia64-ecc","ecc:-DL_ENDIAN -DTERMIO -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | ||
| 332 | "linux-ia64-icc","icc:-DL_ENDIAN -DTERMIO -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | ||
| 333 | "linux-x86_64", "gcc:-m64 -DL_ENDIAN -DTERMIO -O3 -Wall -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK BF_PTR2 DES_INT DES_UNROLL:${x86_64_asm}:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | ||
| 334 | #### SPARC Linux setups | ||
| 335 | # Ray Miller <ray.miller@computing-services.oxford.ac.uk> has patiently | ||
| 336 | # assisted with debugging of following two configs. | ||
| 337 | "linux-sparcv8","gcc:-mv8 -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::sparcv8.o:des_enc-sparc.o fcrypt_b.o:::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | ||
| 338 | # it's a real mess with -mcpu=ultrasparc option under Linux, but | ||
| 339 | # -Wa,-Av8plus should do the trick no matter what. | ||
| 340 | "linux-sparcv9","gcc:-m32 -mcpu=ultrasparc -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -Wa,-Av8plus -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::sparcv8plus.o:des_enc-sparc.o fcrypt_b.o:::::::::dlfcn:linux-shared:-fPIC:-m32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | ||
| 341 | # GCC 3.1 is a requirement | ||
| 342 | "linux64-sparcv9","gcc:-m64 -mcpu=ultrasparc -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:ULTRASPARC:-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::::::::::::dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | ||
| 372 | #### Alpha Linux with GNU C and Compaq C setups | 343 | #### Alpha Linux with GNU C and Compaq C setups |
| 373 | # Special notes: | 344 | # Special notes: |
| 374 | # - linux-alpha+bwx-gcc is ment to be used from ./config only. If you | 345 | # - linux-alpha+bwx-gcc is ment to be used from ./config only. If you |
| @@ -382,63 +353,39 @@ my %table=( | |||
| 382 | # | 353 | # |
| 383 | # <appro@fy.chalmers.se> | 354 | # <appro@fy.chalmers.se> |
| 384 | # | 355 | # |
| 385 | "linux-alpha-gcc","gcc:-O3 -DL_ENDIAN -DTERMIO::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | 356 | "linux-alpha-gcc","gcc:-O3 -DL_ENDIAN -DTERMIO::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", |
| 386 | "linux-alpha+bwx-gcc","gcc:-O3 -DL_ENDIAN -DTERMIO::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | 357 | "linux-alpha+bwx-gcc","gcc:-O3 -DL_ENDIAN -DTERMIO::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", |
| 387 | "linux-alpha-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}", | 358 | "linux-alpha-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${no_asm}", |
| 388 | "linux-alpha+bwx-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}", | 359 | "linux-alpha+bwx-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${no_asm}", |
| 389 | 360 | ||
| 390 | # assembler versions -- currently defunct: | 361 | #### *BSD [do see comment about ${BSDthreads} above!] |
| 391 | ##"OpenBSD-alpha","gcc:-DTERMIOS -O3 -fomit-frame-pointer:::(unknown):SIXTY_FOUR_BIT_LONG DES_INT DES_PTR DES_RISC2:${alpha_asm}", | 362 | "BSD-generic32","gcc:-DTERMIOS -O3 -fomit-frame-pointer -Wall::${BSDthreads}:::BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", |
| 392 | 363 | "BSD-x86", "gcc:-DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer -Wall::${BSDthreads}:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}:dlfcn:bsd-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | |
| 393 | # The intel boxes :-), It would be worth seeing if bsdi-gcc can use the | 364 | "BSD-x86-elf", "gcc:-DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer -Wall::${BSDthreads}:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", |
| 394 | # bn86-elf.o file file since it is hand tweaked assembler. | 365 | "debug-BSD-x86-elf", "gcc:-DL_ENDIAN -DTERMIOS -O3 -Wall -g::${BSDthreads}:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", |
| 395 | "linux-elf", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | 366 | "BSD-sparcv8", "gcc:-DB_ENDIAN -DTERMIOS -O3 -mv8 -Wall::${BSDthreads}:::BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL::sparcv8.o:des_enc-sparc.o fcrypt_b.o:::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", |
| 396 | "linux-pentium", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -mcpu=pentium -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | 367 | |
| 397 | "linux-ppro", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -mcpu=pentiumpro -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | 368 | "BSD-generic64","gcc:-DTERMIOS -O3 -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", |
| 398 | "linux-k6", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -mcpu=k6 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | 369 | # -DMD32_REG_T=int doesn't actually belong in sparc64 target, it |
| 399 | "debug-linux-pentium","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -mcpu=pentium -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn", | 370 | # simply *happens* to work around a compiler bug in gcc 3.3.3, |
| 400 | "debug-linux-ppro","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -mcpu=pentiumpro -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn", | 371 | # triggered by RIPEMD160 code. |
| 401 | "debug-linux-elf","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall::-D_REENTRANT::-lefence -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | 372 | "BSD-sparc64", "gcc:-DB_ENDIAN -DTERMIOS -O3 -DMD32_REG_T=int -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC2_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC2 BF_PTR:::des_enc-sparc.o fcrypt_b.o:::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", |
| 402 | "debug-linux-elf-noefence","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | 373 | "BSD-ia64", "gcc:-DL_ENDIAN -DTERMIOS -O3 -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${ia64_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", |
| 403 | "linux-aout", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}", | 374 | "BSD-x86_64", "gcc:-DL_ENDIAN -DTERMIOS -O3 -DMD32_REG_T=int -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", |
| 404 | "linux-mipsel", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | 375 | |
| 405 | "linux-mips", "gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | 376 | "bsdi-elf-gcc", "gcc:-DPERL5 -DL_ENDIAN -fomit-frame-pointer -O3 -march=i486 -Wall::(unknown)::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", |
| 406 | "linux-ppc", "gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:asm/linux_ppc32.o:::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | 377 | |
| 407 | # -bpowerpc64-linux is transient option, -m64 should be the one to use... | ||
| 408 | "linux-ppc64", "gcc:-bpowerpc64-linux -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:asm/linux_ppc64.o:::::::::dlfcn:linux-shared:-fPIC:-bpowerpc64-linux:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | ||
| 409 | "linux-m68k", "gcc:-DB_ENDIAN -DTERMIO -O2 -fomit-frame-pointer -Wall::-D_REENTRANT:::BN_LLONG::", | ||
| 410 | "linux-s390", "gcc:-DB_ENDIAN -DTERMIO -DNO_ASM -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | ||
| 411 | "linux-s390x", "gcc:-DB_ENDIAN -DTERMIO -DNO_ASM -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | ||
| 412 | "linux-ia64", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK RC4_CHAR:asm/ia64.o::::asm/sha1-ia64.o::asm/rc4-ia64.o:::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | ||
| 413 | "linux-ia64-ecc", "ecc:-DL_ENDIAN -DTERMIO -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK RC4_CHAR:asm/ia64.o::::asm/sha1-ia64.o::asm/rc4-ia64.o:::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | ||
| 414 | "linux-x86_64", "gcc:-m64 -DL_ENDIAN -DTERMIO -O3 -Wall -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK RC4_CHAR BF_PTR2 DES_INT DES_UNROLL:asm/x86_64-gcc.o::::::asm/rc4-x86_64.o:::dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | ||
| 415 | "NetBSD-sparc", "gcc:-DTERMIOS -O3 -fomit-frame-pointer -mv8 -Wall -DB_ENDIAN::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | ||
| 416 | "NetBSD-m68", "gcc:-DTERMIOS -O3 -fomit-frame-pointer -Wall -DB_ENDIAN::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | ||
| 417 | "NetBSD-x86", "gcc:-DTERMIOS -O3 -fomit-frame-pointer -m486 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | ||
| 418 | "FreeBSD-elf", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::-pthread -D_REENTRANT -D_THREAD_SAFE -D_THREADSAFE:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | ||
| 419 | "FreeBSD-sparc64","gcc:-DB_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer::-pthread -D_REENTRANT -D_THREAD_SAFE -D_THREADSAFE:::SIXTY_FOUR_BIT_LONG DES_INT DES_PTR DES_RISC2 BF_PTR::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | ||
| 420 | "FreeBSD-ia64","gcc:-DL_ENDIAN -DTERMIOS -O -fomit-frame-pointer::(unknown):::SIXTY_FOUR_BIT_LONG RC4_CHUNK RC4_CHAR:asm/ia64-cpp.o:::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | ||
| 421 | "FreeBSD", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}", | ||
| 422 | "bsdi-gcc", "gcc:-O3 -ffast-math -DL_ENDIAN -DPERL5 -m486::(unknown):::RSA_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_bsdi_asm}", | ||
| 423 | "bsdi-elf-gcc", "gcc:-DPERL5 -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::(unknown)::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | ||
| 424 | "nextstep", "cc:-O -Wall:<libc.h>:(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:::", | 378 | "nextstep", "cc:-O -Wall:<libc.h>:(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:::", |
| 425 | "nextstep3.3", "cc:-O3 -Wall:<libc.h>:(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:::", | 379 | "nextstep3.3", "cc:-O3 -Wall:<libc.h>:(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:::", |
| 426 | 380 | ||
| 427 | # NCR MP-RAS UNIX ver 02.03.01 | 381 | # NCR MP-RAS UNIX ver 02.03.01 |
| 428 | "ncr-scde","cc:-O6 -Xa -Hoff=BEHAVED -686 -Hwide -Hiw::(unknown)::-lsocket -lnsl -lc89:${x86_gcc_des} ${x86_gcc_opts}:::", | 382 | "ncr-scde","cc:-O6 -Xa -Hoff=BEHAVED -686 -Hwide -Hiw::(unknown)::-lsocket -lnsl -lc89:${x86_gcc_des} ${x86_gcc_opts}:::", |
| 429 | 383 | ||
| 430 | # QNX 4 | 384 | # QNX |
| 431 | "qnx4", "cc:-DL_ENDIAN -DTERMIO::(unknown):::${x86_gcc_des} ${x86_gcc_opts}:", | 385 | "qnx4", "cc:-DL_ENDIAN -DTERMIO::(unknown):::${x86_gcc_des} ${x86_gcc_opts}:", |
| 432 | |||
| 433 | # QNX 6 | ||
| 434 | "qnx6", "cc:-DL_ENDIAN -DTERMIOS::(unknown)::-lsocket:${x86_gcc_des} ${x86_gcc_opts}:", | 386 | "qnx6", "cc:-DL_ENDIAN -DTERMIOS::(unknown)::-lsocket:${x86_gcc_des} ${x86_gcc_opts}:", |
| 435 | 387 | ||
| 436 | # Linux on ARM | 388 | #### SCO/Caldera targets. |
| 437 | # ARM comes in both little- and big-endian flavors. The following line is | ||
| 438 | # endian neutral, but ./config is free to throw in -D[BL]_ENDIAN... | ||
| 439 | "linux-elf-arm","gcc:-DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | ||
| 440 | |||
| 441 | # SCO/Caldera targets. | ||
| 442 | # | 389 | # |
| 443 | # Originally we had like unixware-*, unixware-*-pentium, unixware-*-p6, etc. | 390 | # Originally we had like unixware-*, unixware-*-pentium, unixware-*-p6, etc. |
| 444 | # Now we only have blended unixware-* as it's the only one used by ./config. | 391 | # Now we only have blended unixware-* as it's the only one used by ./config. |
| @@ -449,24 +396,23 @@ my %table=( | |||
| 449 | # compiler drivers and assemblers. Tim Rice <tim@multitalents.net> has | 396 | # compiler drivers and assemblers. Tim Rice <tim@multitalents.net> has |
| 450 | # patiently assisted to debug most of it. | 397 | # patiently assisted to debug most of it. |
| 451 | # | 398 | # |
| 452 | # UnixWare 2.0x fails destest with -O | 399 | # UnixWare 2.0x fails destest with -O. |
| 453 | "unixware-2.0","cc:-DFILIO_H -DNO_STRINGS_H::-Kthread::-lsocket -lnsl -lresolv -lx:${x86_gcc_des} ${x86_gcc_opts}:::", | 400 | "unixware-2.0","cc:-DFILIO_H -DNO_STRINGS_H::-Kthread::-lsocket -lnsl -lresolv -lx:${x86_gcc_des} ${x86_gcc_opts}:::", |
| 454 | "unixware-2.1","cc:-O -DFILIO_H::-Kthread::-lsocket -lnsl -lresolv -lx:${x86_gcc_des} ${x86_gcc_opts}:::", | 401 | "unixware-2.1","cc:-O -DFILIO_H::-Kthread::-lsocket -lnsl -lresolv -lx:${x86_gcc_des} ${x86_gcc_opts}:::", |
| 455 | "unixware-7","cc:-O -DFILIO_H -Kalloca::-Kthread::-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}:${x86_elf_asm}:dlfcn:svr5-shared:-Kpic::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | 402 | "unixware-7","cc:-O -DFILIO_H -Kalloca::-Kthread::-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}:${x86_elf_asm}:dlfcn:svr5-shared:-Kpic::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", |
| 456 | "unixware-7-gcc","gcc:-DL_ENDIAN -DFILIO_H -O3 -fomit-frame-pointer -m486 -Wall::-D_REENTRANT::-lsocket -lnsl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:gnu-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | 403 | "unixware-7-gcc","gcc:-DL_ENDIAN -DFILIO_H -O3 -fomit-frame-pointer -march=pentium -Wall::-D_REENTRANT::-lsocket -lnsl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:gnu-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", |
| 457 | "OpenUNIX-8","cc:-O -DFILIO_H -Kalloca::-Kthread::-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}:${x86_elf_asm}:dlfcn:svr5-shared:-Kpic::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | ||
| 458 | "OpenUNIX-8-gcc","gcc:-O -DFILIO_H -fomit-frame-pointer::-pthread::-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}:${x86_elf_asm}:dlfcn:svr5-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | ||
| 459 | "sco3-gcc", "gcc:-O3 -fomit-frame-pointer -Dssize_t=int -DNO_SYS_UN_H::(unknown)::-lsocket:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:::", # the SCO assembler doesn't seem to like our assembler files ... | ||
| 460 | # SCO 5 - Ben Laurie <ben@algroup.co.uk> says the -O breaks the SCO cc. | 404 | # SCO 5 - Ben Laurie <ben@algroup.co.uk> says the -O breaks the SCO cc. |
| 461 | "sco5-cc", "cc:-belf::(unknown)::-lsocket -lnsl:${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:svr3-shared:-Kpic::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | 405 | "sco5-cc", "cc:-belf::(unknown)::-lsocket -lnsl:${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:svr3-shared:-Kpic::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", |
| 462 | "sco5-gcc", "gcc:-O3 -fomit-frame-pointer::(unknown)::-lsocket -lnsl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:svr3-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | 406 | "sco5-gcc", "gcc:-O3 -fomit-frame-pointer::(unknown)::-lsocket -lnsl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:svr3-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", |
| 463 | 407 | ||
| 464 | 408 | #### IBM's AIX. | |
| 465 | # IBM's AIX. | 409 | "aix3-cc", "cc:-O -DB_ENDIAN -qmaxmem=16384::(unknown):AIX::BN_LLONG RC4_CHAR:::", |
| 466 | "aix3-cc", "cc:-O -DB_ENDIAN -qmaxmem=16384::(unknown):AIX::BN_LLONG RC4_CHAR:::", | 410 | "aix-gcc", "gcc:-O -DB_ENDIAN::-D_THREAD_SAFE:AIX::BN_LLONG RC4_CHAR::aix_ppc32.o::::::::::dlfcn:aix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X 32", |
| 467 | "aix-gcc", "gcc:-O3 -DB_ENDIAN::-D_THREAD_SAFE:AIX::BN_LLONG RC4_CHAR:asm/aix_ppc32.o:::::::::dlfcn:", | 411 | "aix64-gcc","gcc:-maix64 -O -DB_ENDIAN::-D_THREAD_SAFE:AIX::SIXTY_FOUR_BIT_LONG RC4_CHAR::aix_ppc64.o::::::::::dlfcn:aix-shared::-maix64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X64", |
| 468 | "aix-cc", "cc:-q32 -O -DB_ENDIAN -qmaxmem=16384::-qthreaded:AIX::BN_LLONG RC4_CHAR:asm/aix_ppc32.o:::::::::dlfcn:aix-shared::-q32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X 32", | 412 | # Below targets assume AIX 5. Idea is to effectively disregard $OBJECT_MODE |
| 469 | "aix64-cc", "cc:-q64 -O -DB_ENDIAN -qmaxmem=16384::-qthreaded:AIX::SIXTY_FOUR_BIT_LONG RC4_CHAR:asm/aix_ppc64.o:::::::::dlfcn:aix-shared::-q64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X 64", | 413 | # at build time. $OBJECT_MODE is respected at ./config stage! |
| 414 | "aix-cc", "cc:-q32 -O -DB_ENDIAN -qmaxmem=16384 -qro -qroconst::-qthreaded:AIX::BN_LLONG RC4_CHAR::aix_ppc32.o::::::::::dlfcn:aix-shared::-q32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X 32", | ||
| 415 | "aix64-cc", "cc:-q64 -O -DB_ENDIAN -qmaxmem=16384 -qro -qroconst::-qthreaded:AIX::SIXTY_FOUR_BIT_LONG RC4_CHAR::aix_ppc64.o::::::::::dlfcn:aix-shared::-q64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X 64", | ||
| 470 | 416 | ||
| 471 | # | 417 | # |
| 472 | # Cray T90 and similar (SDSC) | 418 | # Cray T90 and similar (SDSC) |
| @@ -501,7 +447,7 @@ my %table=( | |||
| 501 | 447 | ||
| 502 | # Sinix/ReliantUNIX RM400 | 448 | # Sinix/ReliantUNIX RM400 |
| 503 | # NOTE: The CDS++ Compiler up to V2.0Bsomething has the IRIX_CC_BUG optimizer problem. Better use -g */ | 449 | # NOTE: The CDS++ Compiler up to V2.0Bsomething has the IRIX_CC_BUG optimizer problem. Better use -g */ |
| 504 | "ReliantUNIX","cc:-KPIC -g -DTERMIOS -DB_ENDIAN::-Kthread:SNI:-lsocket -lnsl -lc -L/usr/ucblib -lucb:BN_LLONG DES_PTR DES_RISC2 DES_UNROLL BF_PTR::::::::::dlfcn:reliantunix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | 450 | "ReliantUNIX","cc:-KPIC -g -DTERMIOS -DB_ENDIAN::-Kthread:SNI:-lsocket -lnsl -lc -L/usr/ucblib -lucb:BN_LLONG DES_PTR DES_RISC2 DES_UNROLL BF_PTR:${no_asm}:dlfcn:reliantunix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", |
| 505 | "SINIX","cc:-O::(unknown):SNI:-lsocket -lnsl -lc -L/usr/ucblib -lucb:RC4_INDEX RC4_CHAR:::", | 451 | "SINIX","cc:-O::(unknown):SNI:-lsocket -lnsl -lc -L/usr/ucblib -lucb:RC4_INDEX RC4_CHAR:::", |
| 506 | "SINIX-N","/usr/ucb/cc:-O2 -misaligned::(unknown)::-lucb:RC4_INDEX RC4_CHAR:::", | 452 | "SINIX-N","/usr/ucb/cc:-O2 -misaligned::(unknown)::-lucb:RC4_INDEX RC4_CHAR:::", |
| 507 | 453 | ||
| @@ -514,56 +460,60 @@ my %table=( | |||
| 514 | # | 460 | # |
| 515 | "OS390-Unix","c89.sh:-O -DB_ENDIAN -DCHARSET_EBCDIC -DNO_SYS_PARAM_H -D_ALL_SOURCE::(unknown):::THIRTY_TWO_BIT DES_PTR DES_UNROLL MD2_CHAR RC4_INDEX RC4_CHAR BF_PTR:::", | 461 | "OS390-Unix","c89.sh:-O -DB_ENDIAN -DCHARSET_EBCDIC -DNO_SYS_PARAM_H -D_ALL_SOURCE::(unknown):::THIRTY_TWO_BIT DES_PTR DES_UNROLL MD2_CHAR RC4_INDEX RC4_CHAR BF_PTR:::", |
| 516 | 462 | ||
| 517 | # Windows NT, Microsoft Visual C++ 4.0 | 463 | # Win64 targets, WIN64I denotes IA-64 and WIN64A - AMD64 |
| 464 | "VC-WIN64I","cl::::WIN64I::SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:${no_asm}:win32", | ||
| 465 | "VC-WIN64A","cl::::WIN64A::SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:${no_asm}:win32", | ||
| 518 | 466 | ||
| 519 | "VC-NT","cl::::WINNT::BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN ${x86_gcc_opts}::::::::::win32", | 467 | # Visual C targets |
| 520 | "VC-CE","cl::::WINCE::BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN ${x86_gcc_opts}::::::::::win32", | 468 | "VC-NT","cl::::WINNT::BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN ${x86_gcc_opts}:${no_asm}:win32", |
| 521 | "VC-WIN32","cl::::WIN32::BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN ${x86_gcc_opts}::::::::::win32", | 469 | "VC-CE","cl::::WINCE::BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN ${x86_gcc_opts}:${no_asm}:win32", |
| 522 | "VC-WIN16","cl:::(unknown):WIN16::MD2_CHAR DES_UNROLL DES_PTR RC4_INDEX THIRTY_TWO_BIT:::", | 470 | "VC-WIN32","cl::::WIN32::BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN ${x86_gcc_opts}:${no_asm}:win32", |
| 523 | "VC-W31-16","cl:::(unknown):WIN16::BN_LLONG MD2_CHAR DES_UNROLL DES_PTR RC4_INDEX SIXTEEN_BIT:::", | ||
| 524 | "VC-W31-32","cl::::WIN16::BN_LLONG MD2_CHAR DES_UNROLL DES_PTR RC4_INDEX THIRTY_TWO_BIT:::", | ||
| 525 | "VC-MSDOS","cl:::(unknown):MSDOS::BN_LLONG MD2_CHAR DES_UNROLL DES_PTR RC4_INDEX SIXTEEN_BIT:::", | ||
| 526 | 471 | ||
| 527 | # Borland C++ 4.5 | 472 | # Borland C++ 4.5 |
| 528 | "BC-32","bcc32::::WIN32::BN_LLONG DES_PTR RC4_INDEX EXPORT_VAR_AS_FN::::::::::win32", | 473 | "BC-32","bcc32::::WIN32::BN_LLONG DES_PTR RC4_INDEX EXPORT_VAR_AS_FN:${no_asm}:win32", |
| 529 | "BC-16","bcc:::(unknown):WIN16::BN_LLONG DES_PTR RC4_INDEX SIXTEEN_BIT:::", | ||
| 530 | 474 | ||
| 531 | # MinGW | 475 | # MinGW |
| 532 | "mingw", "gcc:-DL_ENDIAN -fomit-frame-pointer -O3 -march=i486 -mno-cygwin -Wall -D_WIN32_WINNT=0x333:::MINGW32:-lwsock32 -lgdi32:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts} EXPORT_VAR_AS_FN:${x86_out_asm}:win32:cygwin-shared:-D_WINDLL:-mno-cygwin:.dll.a", | 476 | "mingw", "gcc:-mno-cygwin -DL_ENDIAN -fomit-frame-pointer -O3 -march=i486 -Wall -D_WIN32_WINNT=0x333:::MINGW32:-lwsock32 -lgdi32:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts} EXPORT_VAR_AS_FN:${x86_coff_asm}:win32:cygwin-shared:-D_WINDLL -DOPENSSL_USE_APPLINK:-mno-cygwin -shared:.dll.a", |
| 533 | 477 | ||
| 534 | # UWIN | 478 | # UWIN |
| 535 | "UWIN", "cc:-DTERMIOS -DL_ENDIAN -O -Wall:::UWIN::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::win32", | 479 | "UWIN", "cc:-DTERMIOS -DL_ENDIAN -O -Wall:::UWIN::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:win32", |
| 536 | 480 | ||
| 537 | # Cygwin | 481 | # Cygwin |
| 538 | "Cygwin-pre1.3", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::(unknown):CYGWIN32::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::win32", | 482 | "Cygwin-pre1.3", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::(unknown):CYGWIN32::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:win32", |
| 539 | "Cygwin", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -march=i486 -Wall:::CYGWIN32::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}:dlfcn:cygwin-shared:-D_WINDLL::.dll.a", | 483 | "Cygwin", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -march=i486 -Wall:::CYGWIN32::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_coff_asm}:dlfcn:cygwin-shared:-D_WINDLL:-shared:.dll.a", |
| 484 | "debug-Cygwin", "gcc:-DTERMIOS -DL_ENDIAN -march=i486 -Wall -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -g -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations -Werror:::CYGWIN32:::${no_asm}:dlfcn:cygwin-shared:-D_WINDLL:-shared:.dll.a", | ||
| 485 | |||
| 486 | # NetWare from David Ward (dsward@novell.com) | ||
| 487 | # requires either MetroWerks NLM development tools, or gcc / nlmconv | ||
| 488 | # NetWare defaults socket bio to WinSock sockets. However, | ||
| 489 | # the builds can be configured to use BSD sockets instead. | ||
| 490 | # netware-clib => legacy CLib c-runtime support | ||
| 491 | "netware-clib", "mwccnlm::::::${x86_gcc_opts}::", | ||
| 492 | "netware-clib-bsdsock", "mwccnlm::::::${x86_gcc_opts}::", | ||
| 493 | "netware-clib-gcc", "i586-netware-gcc:-nostdinc -I/ndk/nwsdk/include/nlm -I/ndk/ws295sdk/include -DL_ENDIAN -DNETWARE_CLIB -DOPENSSL_SYSNAME_NETWARE -O2 -Wall:::::${x86_gcc_opts}::", | ||
| 494 | "netware-clib-bsdsock-gcc", "i586-netware-gcc:-nostdinc -I/ndk/nwsdk/include/nlm -DNETWARE_BSDSOCK -DNETDB_USE_INTERNET -DL_ENDIAN -DNETWARE_CLIB -DOPENSSL_SYSNAME_NETWARE -O2 -Wall:::::${x86_gcc_opts}::", | ||
| 495 | # netware-libc => LibC/NKS support | ||
| 496 | "netware-libc", "mwccnlm::::::BN_LLONG ${x86_gcc_opts}::", | ||
| 497 | "netware-libc-bsdsock", "mwccnlm::::::BN_LLONG ${x86_gcc_opts}::", | ||
| 498 | "netware-libc-gcc", "i586-netware-gcc:-nostdinc -I/ndk/libc/include -I/ndk/libc/include/winsock -DL_ENDIAN -DNETWARE_LIBC -DOPENSSL_SYSNAME_NETWARE -DTERMIO -O2 -Wall:::::BN_LLONG ${x86_gcc_opts}::", | ||
| 499 | "netware-libc-bsdsock-gcc", "i586-netware-gcc:-nostdinc -I/ndk/libc/include -DNETWARE_BSDSOCK -DL_ENDIAN -DNETWARE_LIBC -DOPENSSL_SYSNAME_NETWARE -DTERMIO -O2 -Wall:::::BN_LLONG ${x86_gcc_opts}::", | ||
| 540 | 500 | ||
| 541 | # DJGPP | 501 | # DJGPP |
| 542 | "DJGPP", "gcc:-I/dev/env/WATT_ROOT/inc -DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O2 -Wall:::MSDOS:-L/dev/env/WATT_ROOT/lib -lwatt:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::", | 502 | "DJGPP", "gcc:-I/dev/env/WATT_ROOT/inc -DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O2 -Wall:::MSDOS:-L/dev/env/WATT_ROOT/lib -lwatt:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}:", |
| 543 | 503 | ||
| 544 | # Ultrix from Bernhard Simon <simon@zid.tuwien.ac.at> | 504 | # Ultrix from Bernhard Simon <simon@zid.tuwien.ac.at> |
| 545 | "ultrix-cc","cc:-std1 -O -Olimit 2500 -DL_ENDIAN::(unknown):::::::", | 505 | "ultrix-cc","cc:-std1 -O -Olimit 2500 -DL_ENDIAN::(unknown):::::::", |
| 546 | "ultrix-gcc","gcc:-O3 -DL_ENDIAN::(unknown):::::::", | 506 | "ultrix-gcc","gcc:-O3 -DL_ENDIAN::(unknown):::BN_LLONG::::", |
| 547 | # K&R C is no longer supported; you need gcc on old Ultrix installations | 507 | # K&R C is no longer supported; you need gcc on old Ultrix installations |
| 548 | ##"ultrix","cc:-O2 -DNOPROTO -DNOCONST -DL_ENDIAN::(unknown):::::::", | 508 | ##"ultrix","cc:-O2 -DNOPROTO -DNOCONST -DL_ENDIAN::(unknown):::::::", |
| 549 | 509 | ||
| 550 | # Some OpenBSD from Bob Beck <beck@obtuse.com> | ||
| 551 | "OpenBSD", "gcc:-DTERMIOS -O3 -fomit-frame-pointer::(unknown):::BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | ||
| 552 | "OpenBSD-alpha", "gcc:-DTERMIOS -O3 -fomit-frame-pointer::(unknown):::SIXTY_FOUR_BIT_LONG DES_INT DES_PTR DES_RISC2::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | ||
| 553 | "OpenBSD-i386", "gcc:-DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | ||
| 554 | "OpenBSD-m68k", "gcc:-DTERMIOS -O3 -fomit-frame-pointer::(unknown):::BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | ||
| 555 | "OpenBSD-m88k", "gcc:-DTERMIOS -O3 -fomit-frame-pointer::(unknown):::BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | ||
| 556 | "OpenBSD-mips", "gcc:-DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer::(unknown):::BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | ||
| 557 | "OpenBSD-powerpc", "gcc:-DTERMIOS -O3 -fomit-frame-pointer::(unknown):::BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | ||
| 558 | "OpenBSD-sparc", "gcc:-DTERMIOS -O3 -fomit-frame-pointer::(unknown):::BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | ||
| 559 | "OpenBSD-sparc64", "gcc:-DB_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer::(unknown):::SIXTY_FOUR_BIT_LONG DES_INT DES_PTR DES_RISC2 BF_PTR::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | ||
| 560 | "OpenBSD-vax", "gcc:-DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer::(unknown):::BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | ||
| 561 | "OpenBSD-hppa", "gcc:-DTERMIOS -O3 -fomit-frame-pointer::(unknown):::BN_LLONG RC2_CHAR RC4_INDEX DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | ||
| 562 | |||
| 563 | ##### MacOS X (a.k.a. Rhapsody or Darwin) setup | 510 | ##### MacOS X (a.k.a. Rhapsody or Darwin) setup |
| 564 | "rhapsody-ppc-cc","cc:-O3 -DB_ENDIAN::(unknown):MACOSX_RHAPSODY::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:::", | 511 | "rhapsody-ppc-cc","cc:-O3 -DB_ENDIAN::(unknown):MACOSX_RHAPSODY::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${no_asm}::", |
| 565 | "darwin-ppc-cc","cc:-O3 -fomit-frame-pointer -DB_ENDIAN::-D_REENTRANT:MACOSX::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/osx_ppc32.o:::::::::dlfcn:darwin-shared:-fPIC -fno-common::.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib", | 512 | "darwin-ppc-cc","cc:-arch ppc -O3 -DB_ENDIAN::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::osx_ppc32.o::::::::::dlfcn:darwin-shared:-fPIC -fno-common:-arch ppc -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib", |
| 566 | "darwin-i386-cc","cc:-O3 -fomit-frame-pointer -fno-common::-D_REENTRANT:MACOSX::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:::::::::::darwin-shared:-fPIC::.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib", | 513 | "darwin64-ppc-cc","cc:-arch ppc64 -O3 -DB_ENDIAN::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:ppccpuid_osx64.o:osx_ppc64.o osx_ppc64-mont.o:::::sha1-ppc_osx64.o sha256-ppc_osx64.o sha512-ppc_osx64.o:::::dlfcn:darwin-shared:-fPIC -fno-common:-arch ppc64 -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib", |
| 514 | "darwin-i386-cc","cc:-arch i386 -O3 -fomit-frame-pointer -fno-common::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${no_asm}:dlfcn:darwin-shared:-fPIC -fno-common:-arch i386 -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib", | ||
| 515 | "darwin64-x86_64-cc","cc:-arch x86_64 -O3 -fomit-frame-pointer -DL_ENDIAN -DMD32_REG_T=int -Wall::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK BF_PTR2 DES_INT DES_UNROLL:${no_asm}:dlfcn:darwin-shared:-fPIC -fno-common:-arch x86_64 -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib", | ||
| 516 | "debug-darwin-ppc-cc","cc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DB_ENDIAN -g -Wall -O::-D_REENTRANT:MACOSX::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::osx_ppc32.o::::::::::dlfcn:darwin-shared:-fPIC -fno-common:-dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib", | ||
| 567 | 517 | ||
| 568 | ##### A/UX | 518 | ##### A/UX |
| 569 | "aux3-gcc","gcc:-O2 -DTERMIO::(unknown):AUX:-lbsd:RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:::", | 519 | "aux3-gcc","gcc:-O2 -DTERMIO::(unknown):AUX:-lbsd:RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:::", |
| @@ -572,7 +522,7 @@ my %table=( | |||
| 572 | "newsos4-gcc","gcc:-O -DB_ENDIAN::(unknown):NEWS4:-lmld -liberty:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR::::", | 522 | "newsos4-gcc","gcc:-O -DB_ENDIAN::(unknown):NEWS4:-lmld -liberty:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR::::", |
| 573 | 523 | ||
| 574 | ##### GNU Hurd | 524 | ##### GNU Hurd |
| 575 | "hurd-x86", "gcc:-DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer -m486 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC", | 525 | "hurd-x86", "gcc:-DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer -march=i486 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC", |
| 576 | 526 | ||
| 577 | ##### OS/2 EMX | 527 | ##### OS/2 EMX |
| 578 | "OS2-EMX", "gcc::::::::", | 528 | "OS2-EMX", "gcc::::::::", |
| @@ -580,17 +530,20 @@ my %table=( | |||
| 580 | ##### VxWorks for various targets | 530 | ##### VxWorks for various targets |
| 581 | "vxworks-ppc405","ccppc:-g -msoft-float -mlongcall -DCPU=PPC405 -I\$(WIND_BASE)/target/h:::VXWORKS:-r:::::", | 531 | "vxworks-ppc405","ccppc:-g -msoft-float -mlongcall -DCPU=PPC405 -I\$(WIND_BASE)/target/h:::VXWORKS:-r:::::", |
| 582 | "vxworks-ppc750","ccppc:-ansi -nostdinc -DPPC750 -D_REENTRANT -fvolatile -fno-builtin -fno-for-scope -fsigned-char -Wall -msoft-float -mlongcall -DCPU=PPC604 -I\$(WIND_BASE)/target/h \$(DEBUG_FLAG):::VXWORKS:-r:::::", | 532 | "vxworks-ppc750","ccppc:-ansi -nostdinc -DPPC750 -D_REENTRANT -fvolatile -fno-builtin -fno-for-scope -fsigned-char -Wall -msoft-float -mlongcall -DCPU=PPC604 -I\$(WIND_BASE)/target/h \$(DEBUG_FLAG):::VXWORKS:-r:::::", |
| 583 | "vxworks-ppc750-debug","ccppc:-ansi -nostdinc -DPPC750 -D_REENTRANT -fvolatile -fno-builtin -fno-for-scope -fsigned-char -Wall -msoft-float -mlongcall -DCPU=PPC604 -I\$(WIND_BASE)/target/h -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DDEBUG -g:::VXWORKS:-r:::::", | 533 | "vxworks-ppc750-debug","ccppc:-ansi -nostdinc -DPPC750 -D_REENTRANT -fvolatile -fno-builtin -fno-for-scope -fsigned-char -Wall -msoft-float -mlongcall -DCPU=PPC604 -I\$(WIND_BASE)/target/h -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DDEBUG -g:::VXWORKS:-r:::::", |
| 584 | "vxworks-ppc860","ccppc:-nostdinc -msoft-float -DCPU=PPC860 -DNO_STRINGS_H -I\$(WIND_BASE)/target/h:::VXWORKS:-r:::::", | 534 | "vxworks-ppc860","ccppc:-nostdinc -msoft-float -DCPU=PPC860 -DNO_STRINGS_H -I\$(WIND_BASE)/target/h:::VXWORKS:-r:::::", |
| 585 | "vxworks-mipsle","ccmips:-B\$(WIND_BASE)/host/\$(WIND_HOST_TYPE)/lib/gcc-lib/ -DL_ENDIAN -EL -Wl,-EL -mips2 -mno-branch-likely -G 0 -fno-builtin -msoft-float -DCPU=MIPS32 -DMIPSEL -DNO_STRINGS_H -I\$(WIND_BASE)/target/h:::VXWORKS:-r::::::::::::::::ranlibmips:", | 535 | "vxworks-mipsle","ccmips:-B\$(WIND_BASE)/host/\$(WIND_HOST_TYPE)/lib/gcc-lib/ -DL_ENDIAN -EL -Wl,-EL -mips2 -mno-branch-likely -G 0 -fno-builtin -msoft-float -DCPU=MIPS32 -DMIPSEL -DNO_STRINGS_H -I\$(WIND_BASE)/target/h:::VXWORKS:-r::${no_asm}::::::ranlibmips:", |
| 586 | 536 | ||
| 587 | ##### Compaq Non-Stop Kernel (Tandem) | 537 | ##### Compaq Non-Stop Kernel (Tandem) |
| 588 | "tandem-c89","c89:-Ww -D__TANDEM -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1 -D_TANDEM_SOURCE -DB_ENDIAN::(unknown):::THIRTY_TWO_BIT:::", | 538 | "tandem-c89","c89:-Ww -D__TANDEM -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1 -D_TANDEM_SOURCE -DB_ENDIAN::(unknown):::THIRTY_TWO_BIT:::", |
| 589 | 539 | ||
| 590 | ); | 540 | ); |
| 591 | 541 | ||
| 592 | my @WinTargets=qw(VC-NT VC-CE VC-WIN32 VC-WIN16 VC-W31-16 VC-W31-32 VC-MSDOS | 542 | my @MK1MF_Builds=qw(VC-WIN64I VC-WIN64A |
| 593 | BC-32 BC-16 Mingw32 OS2-EMX); | 543 | VC-NT VC-CE VC-WIN32 |
| 544 | BC-32 OS2-EMX | ||
| 545 | netware-clib netware-clib-bsdsock | ||
| 546 | netware-libc netware-libc-bsdsock); | ||
| 594 | 547 | ||
| 595 | my $idx = 0; | 548 | my $idx = 0; |
| 596 | my $idx_cc = $idx++; | 549 | my $idx_cc = $idx++; |
| @@ -600,8 +553,10 @@ my $idx_thread_cflag = $idx++; | |||
| 600 | my $idx_sys_id = $idx++; | 553 | my $idx_sys_id = $idx++; |
| 601 | my $idx_lflags = $idx++; | 554 | my $idx_lflags = $idx++; |
| 602 | my $idx_bn_ops = $idx++; | 555 | my $idx_bn_ops = $idx++; |
| 556 | my $idx_cpuid_obj = $idx++; | ||
| 603 | my $idx_bn_obj = $idx++; | 557 | my $idx_bn_obj = $idx++; |
| 604 | my $idx_des_obj = $idx++; | 558 | my $idx_des_obj = $idx++; |
| 559 | my $idx_aes_obj = $idx++; | ||
| 605 | my $idx_bf_obj = $idx++; | 560 | my $idx_bf_obj = $idx++; |
| 606 | my $idx_md5_obj = $idx++; | 561 | my $idx_md5_obj = $idx++; |
| 607 | my $idx_sha1_obj = $idx++; | 562 | my $idx_sha1_obj = $idx++; |
| @@ -621,15 +576,16 @@ my $prefix=""; | |||
| 621 | my $openssldir=""; | 576 | my $openssldir=""; |
| 622 | my $exe_ext=""; | 577 | my $exe_ext=""; |
| 623 | my $install_prefix=""; | 578 | my $install_prefix=""; |
| 624 | my $fipslibdir="/usr/local/ssl/lib"; | ||
| 625 | my $baseaddr="0xFB00000"; | ||
| 626 | my $no_threads=0; | 579 | my $no_threads=0; |
| 627 | my $no_shared=1; | ||
| 628 | my $zlib=0; | ||
| 629 | my $no_krb5=0; | ||
| 630 | my $threads=0; | 580 | my $threads=0; |
| 581 | my $no_shared=0; # but "no-shared" is default | ||
| 582 | my $zlib=1; # but "no-zlib" is default | ||
| 583 | my $no_krb5=0; # but "no-krb5" is implied unless "--with-krb5-..." is used | ||
| 584 | my $no_rfc3779=1; # but "no-rfc3779" is default | ||
| 585 | my $montasm=1; # but "no-montasm" is default | ||
| 631 | my $no_asm=0; | 586 | my $no_asm=0; |
| 632 | my $no_dso=0; | 587 | my $no_dso=0; |
| 588 | my $no_gmp=0; | ||
| 633 | my @skip=(); | 589 | my @skip=(); |
| 634 | my $Makefile="Makefile"; | 590 | my $Makefile="Makefile"; |
| 635 | my $des_locl="crypto/des/des_locl.h"; | 591 | my $des_locl="crypto/des/des_locl.h"; |
| @@ -643,10 +599,10 @@ my $rc2 ="crypto/rc2/rc2.h"; | |||
| 643 | my $bf ="crypto/bf/bf_locl.h"; | 599 | my $bf ="crypto/bf/bf_locl.h"; |
| 644 | my $bn_asm ="bn_asm.o"; | 600 | my $bn_asm ="bn_asm.o"; |
| 645 | my $des_enc="des_enc.o fcrypt_b.o"; | 601 | my $des_enc="des_enc.o fcrypt_b.o"; |
| 646 | my $fips_des_enc="fips_des_enc.o"; | 602 | my $aes_enc="aes_core.o aes_cbc.o"; |
| 647 | my $bf_enc ="bf_enc.o"; | 603 | my $bf_enc ="bf_enc.o"; |
| 648 | my $cast_enc="c_enc.o"; | 604 | my $cast_enc="c_enc.o"; |
| 649 | my $rc4_enc="rc4_enc.o"; | 605 | my $rc4_enc="rc4_enc.o rc4_skey.o"; |
| 650 | my $rc5_enc="rc5_enc.o"; | 606 | my $rc5_enc="rc5_enc.o"; |
| 651 | my $md5_obj=""; | 607 | my $md5_obj=""; |
| 652 | my $sha1_obj=""; | 608 | my $sha1_obj=""; |
| @@ -654,16 +610,34 @@ my $rmd160_obj=""; | |||
| 654 | my $processor=""; | 610 | my $processor=""; |
| 655 | my $default_ranlib; | 611 | my $default_ranlib; |
| 656 | my $perl; | 612 | my $perl; |
| 657 | my $fips=0; | ||
| 658 | my $debug=0; | ||
| 659 | 613 | ||
| 660 | my $no_ssl2=0; | 614 | |
| 661 | my $no_ssl3=0; | 615 | # All of the following is disabled by default (RC5 was enabled before 0.9.8): |
| 662 | my $no_tls1=0; | 616 | |
| 663 | my $no_md5=0; | 617 | my %disabled = ( # "what" => "comment" |
| 664 | my $no_sha=0; | 618 | "camellia" => "default", |
| 665 | my $no_rsa=0; | 619 | "cms" => "default", |
| 666 | my $no_dh=0; | 620 | "gmp" => "default", |
| 621 | "mdc2" => "default", | ||
| 622 | "montasm" => "default", # explicit option in 0.9.8 only (implicitly enabled in 0.9.9) | ||
| 623 | "rc5" => "default", | ||
| 624 | "rfc3779" => "default", | ||
| 625 | "seed" => "default", | ||
| 626 | "shared" => "default", | ||
| 627 | "tlsext" => "default", | ||
| 628 | "zlib" => "default", | ||
| 629 | "zlib-dynamic" => "default" | ||
| 630 | ); | ||
| 631 | |||
| 632 | # Additional "no-..." options will be collected in %disabled. | ||
| 633 | # To remove something from %disabled, use e.g. "enable-rc5". | ||
| 634 | # For symmetry, "disable-..." is a synonym for "no-...". | ||
| 635 | |||
| 636 | # This is what $depflags will look like with the above default: | ||
| 637 | my $default_depflags = "-DOPENSSL_NO_CAMELLIA -DOPENSSL_NO_CMS -DOPENSSL_NO_GMP -DOPENSSL_NO_MDC2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_RFC3779 -DOPENSSL_NO_SEED -DOPENSSL_NO_TLSEXT "; | ||
| 638 | |||
| 639 | |||
| 640 | my $no_sse2=0; | ||
| 667 | 641 | ||
| 668 | &usage if ($#ARGV < 0); | 642 | &usage if ($#ARGV < 0); |
| 669 | 643 | ||
| @@ -705,102 +679,38 @@ PROCESS_ARGS: | |||
| 705 | foreach (@argvcopy) | 679 | foreach (@argvcopy) |
| 706 | { | 680 | { |
| 707 | s /^-no-/no-/; # some people just can't read the instructions | 681 | s /^-no-/no-/; # some people just can't read the instructions |
| 708 | if (/^--test-sanity$/) | 682 | |
| 709 | { | 683 | # rewrite some options in "enable-..." form |
| 710 | exit(&test_sanity()); | 684 | s /^-?-?shared$/enable-shared/; |
| 711 | } | 685 | s /^threads$/enable-threads/; |
| 712 | elsif (/^no-asm$/) | 686 | s /^zlib$/enable-zlib/; |
| 713 | { | 687 | s /^zlib-dynamic$/enable-zlib-dynamic/; |
| 714 | $no_asm=1; | 688 | |
| 715 | $flags .= "-DOPENSSL_NO_ASM "; | 689 | if (/^no-(.+)$/ || /^disable-(.+)$/) |
| 716 | $openssl_other_defines .= "#define OPENSSL_NO_ASM\n"; | ||
| 717 | } | ||
| 718 | elsif (/^no-err$/) | ||
| 719 | { | ||
| 720 | $flags .= "-DOPENSSL_NO_ERR "; | ||
| 721 | $openssl_other_defines .= "#define OPENSSL_NO_ERR\n"; | ||
| 722 | } | ||
| 723 | elsif (/^no-hw-(.+)$/) | ||
| 724 | { | ||
| 725 | my $hw=$1; | ||
| 726 | $hw =~ tr/[a-z]/[A-Z]/; | ||
| 727 | $flags .= "-DOPENSSL_NO_HW_$hw "; | ||
| 728 | $openssl_other_defines .= "#define OPENSSL_NO_HW_$hw\n"; | ||
| 729 | } | ||
| 730 | elsif (/^no-hw$/) | ||
| 731 | { | ||
| 732 | $flags .= "-DOPENSSL_NO_HW "; | ||
| 733 | $openssl_other_defines .= "#define OPENSSL_NO_HW\n"; | ||
| 734 | } | ||
| 735 | elsif (/^no-dso$/) | ||
| 736 | { $no_dso=1; } | ||
| 737 | elsif (/^no-krb5$/) | ||
| 738 | { $no_krb5=1; } | ||
| 739 | elsif (/^no-threads$/) | ||
| 740 | { $no_threads=1; } | ||
| 741 | elsif (/^threads$/) | ||
| 742 | { $threads=1; } | ||
| 743 | elsif (/^no-shared$/) | ||
| 744 | { $no_shared=1; } | ||
| 745 | elsif (/^shared$/ || /^-shared$/ || /^--shared$/) | ||
| 746 | { $no_shared=0; } | ||
| 747 | elsif (/^no-zlib$/) | ||
| 748 | { $zlib=0; } | ||
| 749 | elsif (/^zlib$/) | ||
| 750 | { $zlib=1; } | ||
| 751 | elsif (/^zlib-dynamic$/) | ||
| 752 | { $zlib=2; } | ||
| 753 | elsif (/^no-symlinks$/) | ||
| 754 | { $symlink=0; } | ||
| 755 | elsif (/^no-ssl$/) | ||
| 756 | { $no_ssl2 = $no_ssl3 = 1; } | ||
| 757 | elsif (/^no-ssl2$/) | ||
| 758 | { $no_ssl2 = 1; } | ||
| 759 | elsif (/^no-ssl3$/) | ||
| 760 | { $no_ssl3 = 1; } | ||
| 761 | elsif (/^no-tls1?$/) | ||
| 762 | { $no_tls1 = 1; } | ||
| 763 | elsif (/^no-fips$/) | ||
| 764 | { $fips = 0; } | ||
| 765 | elsif (/^no-(.+)$/) | ||
| 766 | { | 690 | { |
| 767 | my $algo=$1; | 691 | if ($1 eq "ssl") |
| 768 | push @skip,$algo; | ||
| 769 | $algo =~ tr/[a-z]/[A-Z]/; | ||
| 770 | $flags .= "-DOPENSSL_NO_$algo "; | ||
| 771 | $depflags .= "-DOPENSSL_NO_$algo "; | ||
| 772 | $openssl_algorithm_defines .= "#define OPENSSL_NO_$algo\n"; | ||
| 773 | if ($algo eq "RIJNDAEL") | ||
| 774 | { | ||
| 775 | push @skip, "aes"; | ||
| 776 | $flags .= "-DOPENSSL_NO_AES "; | ||
| 777 | $depflags .= "-DOPENSSL_NO_AES "; | ||
| 778 | $openssl_algorithm_defines .= "#define OPENSSL_NO_AES\n"; | ||
| 779 | } | ||
| 780 | if ($algo eq "DES") | ||
| 781 | { | 692 | { |
| 782 | push @skip, "mdc2"; | 693 | $disabled{"ssl2"} = "option(ssl)"; |
| 783 | $options .= " no-mdc2"; | 694 | $disabled{"ssl3"} = "option(ssl)"; |
| 784 | $flags .= "-DOPENSSL_NO_MDC2 "; | ||
| 785 | $depflags .= "-DOPENSSL_NO_MDC2 "; | ||
| 786 | $openssl_algorithm_defines .= "#define OPENSSL_NO_MDC2\n"; | ||
| 787 | } | 695 | } |
| 788 | if ($algo eq "MD5") | 696 | elsif ($1 eq "tls") |
| 789 | { | 697 | { |
| 790 | $no_md5 = 1; | 698 | $disabled{"tls1"} = "option(tls)" |
| 791 | } | 699 | } |
| 792 | if ($algo eq "SHA") | 700 | else |
| 793 | { | ||
| 794 | $no_sha = 1; | ||
| 795 | } | ||
| 796 | if ($algo eq "RSA") | ||
| 797 | { | ||
| 798 | $no_rsa = 1; | ||
| 799 | } | ||
| 800 | if ($algo eq "DH") | ||
| 801 | { | 701 | { |
| 802 | $no_dh = 1; | 702 | $disabled{$1} = "option"; |
| 803 | } | 703 | } |
| 704 | } | ||
| 705 | elsif (/^enable-(.+)$/) | ||
| 706 | { | ||
| 707 | delete $disabled{$1}; | ||
| 708 | |||
| 709 | $threads = 1 if ($1 eq "threads"); | ||
| 710 | } | ||
| 711 | elsif (/^--test-sanity$/) | ||
| 712 | { | ||
| 713 | exit(&test_sanity()); | ||
| 804 | } | 714 | } |
| 805 | elsif (/^reconfigure/ || /^reconf/) | 715 | elsif (/^reconfigure/ || /^reconf/) |
| 806 | { | 716 | { |
| @@ -827,14 +737,6 @@ PROCESS_ARGS: | |||
| 827 | } | 737 | } |
| 828 | elsif (/^386$/) | 738 | elsif (/^386$/) |
| 829 | { $processor=386; } | 739 | { $processor=386; } |
| 830 | elsif (/^fips$/) | ||
| 831 | { | ||
| 832 | $fips=1; | ||
| 833 | } | ||
| 834 | elsif (/^debug$/) | ||
| 835 | { | ||
| 836 | $debug=1; | ||
| 837 | } | ||
| 838 | elsif (/^rsaref$/) | 740 | elsif (/^rsaref$/) |
| 839 | { | 741 | { |
| 840 | # No RSAref support any more since it's not needed. | 742 | # No RSAref support any more since it's not needed. |
| @@ -871,14 +773,6 @@ PROCESS_ARGS: | |||
| 871 | { | 773 | { |
| 872 | $withargs{"zlib-lib"}=$1; | 774 | $withargs{"zlib-lib"}=$1; |
| 873 | } | 775 | } |
| 874 | elsif (/^--with-fipslibdir=(.*)$/) | ||
| 875 | { | ||
| 876 | $fipslibdir="$1"; | ||
| 877 | } | ||
| 878 | elsif (/^--with-baseaddr=(.*)$/) | ||
| 879 | { | ||
| 880 | $baseaddr="$1"; | ||
| 881 | } | ||
| 882 | elsif (/^--with-zlib-include=(.*)$/) | 776 | elsif (/^--with-zlib-include=(.*)$/) |
| 883 | { | 777 | { |
| 884 | $withargs{"zlib-include"}="-I$1"; | 778 | $withargs{"zlib-include"}="-I$1"; |
| @@ -899,47 +793,72 @@ PROCESS_ARGS: | |||
| 899 | die "target already defined - $target (offending arg: $_)\n" if ($target ne ""); | 793 | die "target already defined - $target (offending arg: $_)\n" if ($target ne ""); |
| 900 | $target=$_; | 794 | $target=$_; |
| 901 | } | 795 | } |
| 902 | unless ($_ eq $target) { | 796 | |
| 903 | if ($options eq "") { | 797 | unless ($_ eq $target || /^no-/ || /^disable-/) |
| 904 | $options = $_; | 798 | { |
| 905 | } else { | 799 | # "no-..." follows later after implied disactivations |
| 906 | $options .= " ".$_; | 800 | # have been derived. (Don't take this too seroiusly, |
| 801 | # we really only write OPTIONS to the Makefile out of | ||
| 802 | # nostalgia.) | ||
| 803 | |||
| 804 | if ($options eq "") | ||
| 805 | { $options = $_; } | ||
| 806 | else | ||
| 807 | { $options .= " ".$_; } | ||
| 907 | } | 808 | } |
| 908 | } | 809 | } |
| 909 | } | 810 | } |
| 910 | } | ||
| 911 | 811 | ||
| 912 | $no_ssl3=1 if ($no_md5 || $no_sha); | ||
| 913 | $no_ssl3=1 if ($no_rsa && $no_dh); | ||
| 914 | 812 | ||
| 915 | $no_ssl2=1 if ($no_md5); | ||
| 916 | $no_ssl2=1 if ($no_rsa); | ||
| 917 | 813 | ||
| 918 | $no_tls1=1 if ($no_md5 || $no_sha); | 814 | if ($processor eq "386") |
| 919 | $no_tls1=1 if ($no_dh); | 815 | { |
| 816 | $disabled{"sse2"} = "forced"; | ||
| 817 | } | ||
| 818 | |||
| 819 | if (!defined($withargs{"krb5-flavor"}) || $withargs{"krb5-flavor"} eq "") | ||
| 820 | { | ||
| 821 | $disabled{"krb5"} = "krb5-flavor not specified"; | ||
| 822 | } | ||
| 823 | |||
| 824 | if (!defined($disabled{"zlib-dynamic"})) | ||
| 825 | { | ||
| 826 | # "zlib-dynamic" was specifically enabled, so enable "zlib" | ||
| 827 | delete $disabled{"zlib"}; | ||
| 828 | } | ||
| 829 | |||
| 830 | if (defined($disabled{"rijndael"})) | ||
| 831 | { | ||
| 832 | $disabled{"aes"} = "forced"; | ||
| 833 | } | ||
| 834 | if (defined($disabled{"des"})) | ||
| 835 | { | ||
| 836 | $disabled{"mdc2"} = "forced"; | ||
| 837 | } | ||
| 838 | if (defined($disabled{"ec"})) | ||
| 839 | { | ||
| 840 | $disabled{"ecdsa"} = "forced"; | ||
| 841 | $disabled{"ecdh"} = "forced"; | ||
| 842 | } | ||
| 920 | 843 | ||
| 921 | if ($no_ssl2) | 844 | # SSL 2.0 requires MD5 and RSA |
| 845 | if (defined($disabled{"md5"}) || defined($disabled{"rsa"})) | ||
| 922 | { | 846 | { |
| 923 | push @skip,"SSL2"; | 847 | $disabled{"ssl2"} = "forced"; |
| 924 | $flags .= "-DOPENSSL_NO_SSL2 "; | ||
| 925 | $depflags .= "-DOPENSSL_NO_SSL2 "; | ||
| 926 | $openssl_algorithm_defines .= "#define OPENSSL_NO_SSL2\n"; | ||
| 927 | } | 848 | } |
| 928 | 849 | ||
| 929 | if ($no_ssl3) | 850 | # SSL 3.0 and TLS requires MD5 and SHA and either RSA or DSA+DH |
| 851 | if (defined($disabled{"md5"}) || defined($disabled{"sha"}) | ||
| 852 | || (defined($disabled{"rsa"}) | ||
| 853 | && (defined($disabled{"dsa"}) || defined($disabled{"dh"})))) | ||
| 930 | { | 854 | { |
| 931 | push @skip,"SSL3"; | 855 | $disabled{"ssl3"} = "forced"; |
| 932 | $flags .= "-DOPENSSL_NO_SSL3 "; | 856 | $disabled{"tls1"} = "forced"; |
| 933 | $depflags .= "-DOPENSSL_NO_SSL3 "; | ||
| 934 | $openssl_algorithm_defines .= "#define OPENSSL_NO_SSL3\n"; | ||
| 935 | } | 857 | } |
| 936 | 858 | ||
| 937 | if ($no_tls1) | 859 | if (defined($disabled{"tls1"})) |
| 938 | { | 860 | { |
| 939 | push @skip,"TLS1"; | 861 | $disabled{"tlsext"} = "forced"; |
| 940 | $flags .= "-DOPENSSL_NO_TLS1 "; | ||
| 941 | $depflags .= "-DOPENSSL_NO_TLS1 "; | ||
| 942 | $openssl_algorithm_defines .= "#define OPENSSL_NO_TLS1\n"; | ||
| 943 | } | 862 | } |
| 944 | 863 | ||
| 945 | if ($target eq "TABLE") { | 864 | if ($target eq "TABLE") { |
| @@ -965,10 +884,72 @@ print "Configuring for $target\n"; | |||
| 965 | 884 | ||
| 966 | &usage if (!defined($table{$target})); | 885 | &usage if (!defined($table{$target})); |
| 967 | 886 | ||
| 968 | my $IsWindows=scalar grep /^$target$/,@WinTargets; | 887 | |
| 888 | foreach (sort (keys %disabled)) | ||
| 889 | { | ||
| 890 | $options .= " no-$_"; | ||
| 891 | |||
| 892 | printf " no-%-12s %-10s", $_, "[$disabled{$_}]"; | ||
| 893 | |||
| 894 | if (/^dso$/) | ||
| 895 | { $no_dso = 1; } | ||
| 896 | elsif (/^threads$/) | ||
| 897 | { $no_threads = 1; } | ||
| 898 | elsif (/^shared$/) | ||
| 899 | { $no_shared = 1; } | ||
| 900 | elsif (/^zlib$/) | ||
| 901 | { $zlib = 0; } | ||
| 902 | elsif (/^montasm$/) | ||
| 903 | { $montasm = 0; } | ||
| 904 | elsif (/^static-engine$/) | ||
| 905 | { } | ||
| 906 | elsif (/^zlib-dynamic$/) | ||
| 907 | { } | ||
| 908 | elsif (/^symlinks$/) | ||
| 909 | { $symlink = 0; } | ||
| 910 | elsif (/^sse2$/) | ||
| 911 | { $no_sse2 = 1; } | ||
| 912 | else | ||
| 913 | { | ||
| 914 | my ($ALGO, $algo); | ||
| 915 | ($ALGO = $algo = $_) =~ tr/[a-z]/[A-Z]/; | ||
| 916 | |||
| 917 | if (/^asm$/ || /^err$/ || /^hw$/ || /^hw-/) | ||
| 918 | { | ||
| 919 | $openssl_other_defines .= "#define OPENSSL_NO_$ALGO\n"; | ||
| 920 | print " OPENSSL_NO_$ALGO"; | ||
| 921 | |||
| 922 | if (/^err$/) { $flags .= "-DOPENSSL_NO_ERR "; } | ||
| 923 | elsif (/^asm$/) { $no_asm = 1; } | ||
| 924 | } | ||
| 925 | else | ||
| 926 | { | ||
| 927 | $openssl_algorithm_defines .= "#define OPENSSL_NO_$ALGO\n"; | ||
| 928 | print " OPENSSL_NO_$ALGO"; | ||
| 929 | |||
| 930 | if (/^krb5$/) | ||
| 931 | { $no_krb5 = 1; } | ||
| 932 | else | ||
| 933 | { | ||
| 934 | push @skip, $algo; | ||
| 935 | print " (skip dir)"; | ||
| 936 | |||
| 937 | $depflags .="-DOPENSSL_NO_$ALGO "; | ||
| 938 | } | ||
| 939 | } | ||
| 940 | } | ||
| 941 | |||
| 942 | print "\n"; | ||
| 943 | } | ||
| 944 | |||
| 945 | |||
| 946 | my $IsMK1MF=scalar grep /^$target$/,@MK1MF_Builds; | ||
| 947 | |||
| 948 | $IsMK1MF=1 if ($target eq "mingw" && $^O ne "cygwin" && !is_msys()); | ||
| 969 | 949 | ||
| 970 | $exe_ext=".exe" if ($target eq "Cygwin" || $target eq "DJGPP" || $target eq "mingw"); | 950 | $exe_ext=".exe" if ($target eq "Cygwin" || $target eq "DJGPP" || $target eq "mingw"); |
| 971 | $exe_ext=".pm" if ($target eq "vos-gcc" or $target eq "debug-vos-gcc" or $target eq "vos-vcc" or $target eq "debug-vos-vcc"); | 951 | $exe_ext=".nlm" if ($target =~ /netware/); |
| 952 | $exe_ext=".pm" if ($target =~ /vos/); | ||
| 972 | $openssldir="/usr/local/ssl" if ($openssldir eq "" and $prefix eq ""); | 953 | $openssldir="/usr/local/ssl" if ($openssldir eq "" and $prefix eq ""); |
| 973 | $prefix=$openssldir if $prefix eq ""; | 954 | $prefix=$openssldir if $prefix eq ""; |
| 974 | 955 | ||
| @@ -982,26 +963,10 @@ chop $prefix if $prefix =~ /\/$/; | |||
| 982 | $openssldir=$prefix . "/ssl" if $openssldir eq ""; | 963 | $openssldir=$prefix . "/ssl" if $openssldir eq ""; |
| 983 | $openssldir=$prefix . "/" . $openssldir if $openssldir !~ /(^\/|^[a-zA-Z]:[\\\/])/; | 964 | $openssldir=$prefix . "/" . $openssldir if $openssldir !~ /(^\/|^[a-zA-Z]:[\\\/])/; |
| 984 | 965 | ||
| 985 | if ($fips && ! -f "$fipslibdir/fipscanister.o") | ||
| 986 | { | ||
| 987 | my $fipswinerr = ""; | ||
| 988 | $fipswinerr = <<EOF if $IsWindows; | ||
| 989 | Ensure that the correct path to the FIPS module directory | ||
| 990 | has been given to the --with-fipslibdir option. | ||
| 991 | EOF | ||
| 992 | print STDERR <<EOF; | ||
| 993 | The file fipscanister.o could not be located. Please build and install the | ||
| 994 | FIPS module using the instructions in the user guide before compiling OpenSSL | ||
| 995 | in FIPS mode.$fipswinerr | ||
| 996 | EOF | ||
| 997 | exit 1; | ||
| 998 | } | ||
| 999 | 966 | ||
| 1000 | 967 | print "IsMK1MF=$IsMK1MF\n"; | |
| 1001 | print "IsWindows=$IsWindows\n"; | ||
| 1002 | 968 | ||
| 1003 | my @fields = split(/\s*:\s*/,$table{$target} . ":" x 30 , -1); | 969 | my @fields = split(/\s*:\s*/,$table{$target} . ":" x 30 , -1); |
| 1004 | for (@fields) { s/%([\dA-Fa-f]{2})/chr(hex($1))/eg; } | ||
| 1005 | my $cc = $fields[$idx_cc]; | 970 | my $cc = $fields[$idx_cc]; |
| 1006 | my $cflags = $fields[$idx_cflags]; | 971 | my $cflags = $fields[$idx_cflags]; |
| 1007 | my $unistd = $fields[$idx_unistd]; | 972 | my $unistd = $fields[$idx_unistd]; |
| @@ -1009,14 +974,16 @@ my $thread_cflag = $fields[$idx_thread_cflag]; | |||
| 1009 | my $sys_id = $fields[$idx_sys_id]; | 974 | my $sys_id = $fields[$idx_sys_id]; |
| 1010 | my $lflags = $fields[$idx_lflags]; | 975 | my $lflags = $fields[$idx_lflags]; |
| 1011 | my $bn_ops = $fields[$idx_bn_ops]; | 976 | my $bn_ops = $fields[$idx_bn_ops]; |
| 977 | my $cpuid_obj = $fields[$idx_cpuid_obj]; | ||
| 1012 | my $bn_obj = $fields[$idx_bn_obj]; | 978 | my $bn_obj = $fields[$idx_bn_obj]; |
| 1013 | my $des_obj = $fields[$idx_des_obj]; | 979 | my $des_obj = $fields[$idx_des_obj]; |
| 980 | my $aes_obj = $fields[$idx_aes_obj]; | ||
| 1014 | my $bf_obj = $fields[$idx_bf_obj]; | 981 | my $bf_obj = $fields[$idx_bf_obj]; |
| 1015 | $md5_obj = $fields[$idx_md5_obj]; | 982 | my $md5_obj = $fields[$idx_md5_obj]; |
| 1016 | $sha1_obj = $fields[$idx_sha1_obj]; | 983 | my $sha1_obj = $fields[$idx_sha1_obj]; |
| 1017 | my $cast_obj = $fields[$idx_cast_obj]; | 984 | my $cast_obj = $fields[$idx_cast_obj]; |
| 1018 | my $rc4_obj = $fields[$idx_rc4_obj]; | 985 | my $rc4_obj = $fields[$idx_rc4_obj]; |
| 1019 | $rmd160_obj = $fields[$idx_rmd160_obj]; | 986 | my $rmd160_obj = $fields[$idx_rmd160_obj]; |
| 1020 | my $rc5_obj = $fields[$idx_rc5_obj]; | 987 | my $rc5_obj = $fields[$idx_rc5_obj]; |
| 1021 | my $dso_scheme = $fields[$idx_dso_scheme]; | 988 | my $dso_scheme = $fields[$idx_dso_scheme]; |
| 1022 | my $shared_target = $fields[$idx_shared_target]; | 989 | my $shared_target = $fields[$idx_shared_target]; |
| @@ -1026,21 +993,20 @@ my $shared_extension = $fields[$idx_shared_extension]; | |||
| 1026 | my $ranlib = $fields[$idx_ranlib]; | 993 | my $ranlib = $fields[$idx_ranlib]; |
| 1027 | my $arflags = $fields[$idx_arflags]; | 994 | my $arflags = $fields[$idx_arflags]; |
| 1028 | 995 | ||
| 996 | # '%' in $lflags is used to split flags to "pre-" and post-flags | ||
| 997 | my ($prelflags,$postlflags)=split('%',$lflags); | ||
| 998 | if (defined($postlflags)) { $lflags=$postlflags; } | ||
| 999 | else { $lflags=$prelflags; undef $prelflags; } | ||
| 1000 | |||
| 1029 | my $no_shared_warn=0; | 1001 | my $no_shared_warn=0; |
| 1002 | my $no_user_cflags=0; | ||
| 1030 | 1003 | ||
| 1031 | $cflags="$flags$cflags" if ($flags ne ""); | 1004 | if ($flags ne "") { $cflags="$flags$cflags"; } |
| 1005 | else { $no_user_cflags=1; } | ||
| 1032 | 1006 | ||
| 1033 | # Kerberos settings. The flavor must be provided from outside, either through | 1007 | # Kerberos settings. The flavor must be provided from outside, either through |
| 1034 | # the script "config" or manually. | 1008 | # the script "config" or manually. |
| 1035 | if ($no_krb5 | 1009 | if (!$no_krb5) |
| 1036 | || !defined($withargs{"krb5-flavor"}) | ||
| 1037 | || $withargs{"krb5-flavor"} eq "") | ||
| 1038 | { | ||
| 1039 | $cflags="-DOPENSSL_NO_KRB5 $cflags"; | ||
| 1040 | $options.=" no-krb5" unless $no_krb5; | ||
| 1041 | $openssl_algorithm_defines .= "#define OPENSSL_NO_KRB5\n"; | ||
| 1042 | } | ||
| 1043 | else | ||
| 1044 | { | 1010 | { |
| 1045 | my ($lresolv, $lpath, $lext); | 1011 | my ($lresolv, $lpath, $lext); |
| 1046 | if ($withargs{"krb5-flavor"} =~ /^[Hh]eimdal$/) | 1012 | if ($withargs{"krb5-flavor"} =~ /^[Hh]eimdal$/) |
| @@ -1060,7 +1026,7 @@ else | |||
| 1060 | if $withargs{"krb5-dir"} eq ""; | 1026 | if $withargs{"krb5-dir"} eq ""; |
| 1061 | $withargs{"krb5-lib"} = "-L".$withargs{"krb5-dir"}. | 1027 | $withargs{"krb5-lib"} = "-L".$withargs{"krb5-dir"}. |
| 1062 | "/lib -lgssapi -lkrb5 -lcom_err" | 1028 | "/lib -lgssapi -lkrb5 -lcom_err" |
| 1063 | if $withargs{"krb5-lib"} eq "" && !$IsWindows; | 1029 | if $withargs{"krb5-lib"} eq "" && !$IsMK1MF; |
| 1064 | $cflags="-DKRB5_HEIMDAL $cflags"; | 1030 | $cflags="-DKRB5_HEIMDAL $cflags"; |
| 1065 | } | 1031 | } |
| 1066 | if ($withargs{"krb5-flavor"} =~ /^[Mm][Ii][Tt]/) | 1032 | if ($withargs{"krb5-flavor"} =~ /^[Mm][Ii][Tt]/) |
| @@ -1069,7 +1035,7 @@ else | |||
| 1069 | if $withargs{"krb5-dir"} eq ""; | 1035 | if $withargs{"krb5-dir"} eq ""; |
| 1070 | $withargs{"krb5-lib"} = "-L".$withargs{"krb5-dir"}. | 1036 | $withargs{"krb5-lib"} = "-L".$withargs{"krb5-dir"}. |
| 1071 | "/lib -lgssapi_krb5 -lkrb5 -lcom_err -lk5crypto" | 1037 | "/lib -lgssapi_krb5 -lkrb5 -lcom_err -lk5crypto" |
| 1072 | if $withargs{"krb5-lib"} eq "" && !$IsWindows; | 1038 | if $withargs{"krb5-lib"} eq "" && !$IsMK1MF; |
| 1073 | $cflags="-DKRB5_MIT $cflags"; | 1039 | $cflags="-DKRB5_MIT $cflags"; |
| 1074 | $withargs{"krb5-flavor"} =~ s/^[Mm][Ii][Tt][._-]*//; | 1040 | $withargs{"krb5-flavor"} =~ s/^[Mm][Ii][Tt][._-]*//; |
| 1075 | if ($withargs{"krb5-flavor"} =~ /^1[._-]*[01]/) | 1041 | if ($withargs{"krb5-flavor"} =~ /^1[._-]*[01]/) |
| @@ -1088,7 +1054,7 @@ else | |||
| 1088 | } | 1054 | } |
| 1089 | } | 1055 | } |
| 1090 | $withargs{"krb5-lib"} .= " -lresolv" | 1056 | $withargs{"krb5-lib"} .= " -lresolv" |
| 1091 | if ("$lresolv" ne "" && !$IsWindows); | 1057 | if ("$lresolv" ne ""); |
| 1092 | $withargs{"krb5-include"} = "-I".$withargs{"krb5-dir"}."/include" | 1058 | $withargs{"krb5-include"} = "-I".$withargs{"krb5-dir"}."/include" |
| 1093 | if $withargs{"krb5-include"} eq "" && | 1059 | if $withargs{"krb5-include"} eq "" && |
| 1094 | $withargs{"krb5-dir"} ne ""; | 1060 | $withargs{"krb5-dir"} ne ""; |
| @@ -1126,10 +1092,17 @@ if ($thread_cflag ne "(unknown)" && !$no_threads) | |||
| 1126 | # If we know how to do it, support threads by default. | 1092 | # If we know how to do it, support threads by default. |
| 1127 | $threads = 1; | 1093 | $threads = 1; |
| 1128 | } | 1094 | } |
| 1129 | if ($thread_cflag eq "(unknown)") | 1095 | if ($thread_cflag eq "(unknown)" && $threads) |
| 1130 | { | 1096 | { |
| 1131 | # If the user asked for "threads", hopefully they also provided | 1097 | # If the user asked for "threads", [s]he is also expected to |
| 1132 | # any system-dependent compiler options that are necessary. | 1098 | # provide any system-dependent compiler options that are |
| 1099 | # necessary. | ||
| 1100 | if ($no_user_cflags) | ||
| 1101 | { | ||
| 1102 | print "You asked for multi-threading support, but didn't\n"; | ||
| 1103 | print "provide any system-specific compiler options\n"; | ||
| 1104 | exit(1); | ||
| 1105 | } | ||
| 1133 | $thread_cflags="-DOPENSSL_THREADS $cflags" ; | 1106 | $thread_cflags="-DOPENSSL_THREADS $cflags" ; |
| 1134 | $thread_defines .= "#define OPENSSL_THREADS\n"; | 1107 | $thread_defines .= "#define OPENSSL_THREADS\n"; |
| 1135 | } | 1108 | } |
| @@ -1151,9 +1124,17 @@ $lflags="$libs$lflags" if ($libs ne ""); | |||
| 1151 | 1124 | ||
| 1152 | if ($no_asm) | 1125 | if ($no_asm) |
| 1153 | { | 1126 | { |
| 1154 | $bn_obj=$des_obj=$bf_obj=$cast_obj=$rc4_obj=$rc5_obj=""; | 1127 | $cpuid_obj=$bn_obj=$des_obj=$aes_obj=$bf_obj=$cast_obj=$rc4_obj=$rc5_obj=""; |
| 1155 | $sha1_obj=$md5_obj=$rmd160_obj=""; | 1128 | $sha1_obj=$md5_obj=$rmd160_obj=""; |
| 1156 | } | 1129 | } |
| 1130 | if ($montasm) | ||
| 1131 | { | ||
| 1132 | $bn_obj =~ s/MAYBE-MO86-/mo86-/; | ||
| 1133 | } | ||
| 1134 | else | ||
| 1135 | { | ||
| 1136 | $bn_obj =~ s/MAYBE-MO86-[a-z.]*//; | ||
| 1137 | } | ||
| 1157 | 1138 | ||
| 1158 | if (!$no_shared) | 1139 | if (!$no_shared) |
| 1159 | { | 1140 | { |
| @@ -1169,8 +1150,14 @@ if ($threads) | |||
| 1169 | if ($zlib) | 1150 | if ($zlib) |
| 1170 | { | 1151 | { |
| 1171 | $cflags = "-DZLIB $cflags"; | 1152 | $cflags = "-DZLIB $cflags"; |
| 1172 | $cflags = "-DZLIB_SHARED $cflags" if $zlib == 2; | 1153 | if (defined($disabled{"zlib-dynamic"})) |
| 1173 | $lflags = "$lflags -lz" if $zlib == 1; | 1154 | { |
| 1155 | $lflags = "$lflags -lz"; | ||
| 1156 | } | ||
| 1157 | else | ||
| 1158 | { | ||
| 1159 | $cflags = "-DZLIB_SHARED $cflags"; | ||
| 1160 | } | ||
| 1174 | } | 1161 | } |
| 1175 | 1162 | ||
| 1176 | # You will find shlib_mark1 and shlib_mark2 explained in Makefile.org | 1163 | # You will find shlib_mark1 and shlib_mark2 explained in Makefile.org |
| @@ -1185,13 +1172,68 @@ if (!$no_shared) | |||
| 1185 | if ($shared_cflag ne "") | 1172 | if ($shared_cflag ne "") |
| 1186 | { | 1173 | { |
| 1187 | $cflags = "$shared_cflag -DOPENSSL_PIC $cflags"; | 1174 | $cflags = "$shared_cflag -DOPENSSL_PIC $cflags"; |
| 1188 | $shared_ldflag = "$shared_ldflag $shared_cflag" if($fips); | ||
| 1189 | } | 1175 | } |
| 1190 | } | 1176 | } |
| 1191 | 1177 | ||
| 1178 | if (!$IsMK1MF) | ||
| 1179 | { | ||
| 1180 | if ($no_shared) | ||
| 1181 | { | ||
| 1182 | $openssl_other_defines.="#define OPENSSL_NO_DYNAMIC_ENGINE\n"; | ||
| 1183 | } | ||
| 1184 | else | ||
| 1185 | { | ||
| 1186 | $openssl_other_defines.="#define OPENSSL_NO_STATIC_ENGINE\n"; | ||
| 1187 | } | ||
| 1188 | } | ||
| 1189 | |||
| 1190 | $cpuid_obj.=" uplink.o uplink-cof.o" if ($cflags =~ /\-DOPENSSL_USE_APPLINK/); | ||
| 1191 | |||
| 1192 | # | ||
| 1193 | # Platform fix-ups | ||
| 1194 | # | ||
| 1195 | if ($target =~ /\-icc$/) # Intel C compiler | ||
| 1196 | { | ||
| 1197 | my $iccver=0; | ||
| 1198 | if (open(FD,"$cc -V 2>&1 |")) | ||
| 1199 | { | ||
| 1200 | while(<FD>) { $iccver=$1 if (/Version ([0-9]+)\./); } | ||
| 1201 | close(FD); | ||
| 1202 | } | ||
| 1203 | if ($iccver>=8) | ||
| 1204 | { | ||
| 1205 | # Eliminate unnecessary dependency from libirc.a. This is | ||
| 1206 | # essential for shared library support, as otherwise | ||
| 1207 | # apps/openssl can end up in endless loop upon startup... | ||
| 1208 | $cflags.=" -Dmemcpy=__builtin_memcpy -Dmemset=__builtin_memset"; | ||
| 1209 | } | ||
| 1210 | if ($iccver>=9) | ||
| 1211 | { | ||
| 1212 | $cflags.=" -i-static"; | ||
| 1213 | $cflags=~s/\-no_cpprt/-no-cpprt/; | ||
| 1214 | } | ||
| 1215 | if ($iccver>=10) | ||
| 1216 | { | ||
| 1217 | $cflags=~s/\-i\-static/-static-intel/; | ||
| 1218 | } | ||
| 1219 | } | ||
| 1220 | |||
| 1221 | # Unlike other OSes (like Solaris, Linux, Tru64, IRIX) BSD run-time | ||
| 1222 | # linkers (tested OpenBSD, NetBSD and FreeBSD) "demand" RPATH set on | ||
| 1223 | # .so objects. Apparently application RPATH is not global and does | ||
| 1224 | # not apply to .so linked with other .so. Problem manifests itself | ||
| 1225 | # when libssl.so fails to load libcrypto.so. One can argue that we | ||
| 1226 | # should engrave this into Makefile.shared rules or into BSD-* config | ||
| 1227 | # lines above. Meanwhile let's try to be cautious and pass -rpath to | ||
| 1228 | # linker only when --prefix is not /usr. | ||
| 1229 | if ($target =~ /^BSD\-/) | ||
| 1230 | { | ||
| 1231 | $shared_ldflag.=" -Wl,-rpath,\$(LIBRPATH)" if ($prefix !~ m|^/usr[/]*$|); | ||
| 1232 | } | ||
| 1233 | |||
| 1192 | if ($sys_id ne "") | 1234 | if ($sys_id ne "") |
| 1193 | { | 1235 | { |
| 1194 | $cflags="-DOPENSSL_SYSNAME_$sys_id $cflags"; | 1236 | #$cflags="-DOPENSSL_SYSNAME_$sys_id $cflags"; |
| 1195 | $openssl_sys_defines="#define OPENSSL_SYSNAME_$sys_id\n"; | 1237 | $openssl_sys_defines="#define OPENSSL_SYSNAME_$sys_id\n"; |
| 1196 | } | 1238 | } |
| 1197 | 1239 | ||
| @@ -1205,37 +1247,31 @@ if ($ranlib eq "") | |||
| 1205 | #$bn1=$bn_asm unless ($bn1 =~ /\.o$/); | 1247 | #$bn1=$bn_asm unless ($bn1 =~ /\.o$/); |
| 1206 | #$bn_obj="$bn1"; | 1248 | #$bn_obj="$bn1"; |
| 1207 | 1249 | ||
| 1250 | $cpuid_obj="" if ($processor eq "386"); | ||
| 1251 | |||
| 1208 | $bn_obj = $bn_asm unless $bn_obj ne ""; | 1252 | $bn_obj = $bn_asm unless $bn_obj ne ""; |
| 1253 | # bn86* is the only one implementing bn_*_part_words | ||
| 1254 | $cflags.=" -DOPENSSL_BN_ASM_PART_WORDS" if ($bn_obj =~ /bn86/); | ||
| 1255 | $cflags.=" -DOPENSSL_IA32_SSE2" if (!$no_sse2 && $bn_obj =~ /bn86/); | ||
| 1256 | $cflags.=" -DOPENSSL_BN_ASM_MONT" if ($bn_obj =~ /\-mont|mo86\-/); | ||
| 1209 | 1257 | ||
| 1210 | my $fips_des_obj; | ||
| 1211 | my $fips_aes_obj; | ||
| 1212 | my $fips_sha1_obj; | ||
| 1213 | if ($fips) | ||
| 1214 | { | ||
| 1215 | if ($des_obj =~ /\-elf\.o$/) | ||
| 1216 | { | ||
| 1217 | $fips_des_obj='asm/fips-dx86-elf.o'; | ||
| 1218 | $openssl_other_defines.="#define OPENSSL_FIPS_DES_ASM\n"; | ||
| 1219 | $fips_aes_obj='asm/fips-ax86-elf.o'; | ||
| 1220 | $openssl_other_defines.="#define OPENSSL_FIPS_AES_ASM\n"; | ||
| 1221 | } | ||
| 1222 | else { | ||
| 1223 | $fips_des_obj=$fips_des_enc; | ||
| 1224 | $fips_aes_obj='fips_aes_core.o'; | ||
| 1225 | } | ||
| 1226 | $fips_sha1_obj='asm/fips-sx86-elf.o' if ($sha1_obj =~ /\-elf\.o$/); | ||
| 1227 | $des_obj=$sha1_obj=""; | ||
| 1228 | $openssl_other_defines.="#define OPENSSL_FIPS\n"; | ||
| 1229 | } | ||
| 1230 | $des_obj=$des_enc unless ($des_obj =~ /\.o$/); | 1258 | $des_obj=$des_enc unless ($des_obj =~ /\.o$/); |
| 1231 | $bf_obj=$bf_enc unless ($bf_obj =~ /\.o$/); | 1259 | $bf_obj=$bf_enc unless ($bf_obj =~ /\.o$/); |
| 1232 | $cast_obj=$cast_enc unless ($cast_obj =~ /\.o$/); | 1260 | $cast_obj=$cast_enc unless ($cast_obj =~ /\.o$/); |
| 1233 | $rc4_obj=$rc4_enc unless ($rc4_obj =~ /\.o$/); | 1261 | $rc4_obj=$rc4_enc unless ($rc4_obj =~ /\.o$/); |
| 1234 | $rc5_obj=$rc5_enc unless ($rc5_obj =~ /\.o$/); | 1262 | $rc5_obj=$rc5_enc unless ($rc5_obj =~ /\.o$/); |
| 1235 | if ($sha1_obj =~ /\.o$/ || $fips_sha1_obj =~ /\.o$/) | 1263 | if ($sha1_obj =~ /\.o$/) |
| 1236 | { | 1264 | { |
| 1237 | # $sha1_obj=$sha1_enc; | 1265 | # $sha1_obj=$sha1_enc; |
| 1238 | $cflags.=" -DSHA1_ASM"; | 1266 | $cflags.=" -DSHA1_ASM" if ($sha1_obj =~ /sx86/ || $sha1_obj =~ /sha1/); |
| 1267 | $cflags.=" -DSHA256_ASM" if ($sha1_obj =~ /sha256/); | ||
| 1268 | $cflags.=" -DSHA512_ASM" if ($sha1_obj =~ /sha512/); | ||
| 1269 | if ($sha1_obj =~ /sse2/) | ||
| 1270 | { if ($no_sse2) | ||
| 1271 | { $sha1_obj =~ s/\S*sse2\S+//; } | ||
| 1272 | elsif ($cflags !~ /OPENSSL_IA32_SSE2/) | ||
| 1273 | { $cflags.=" -DOPENSSL_IA32_SSE2"; } | ||
| 1274 | } | ||
| 1239 | } | 1275 | } |
| 1240 | if ($md5_obj =~ /\.o$/) | 1276 | if ($md5_obj =~ /\.o$/) |
| 1241 | { | 1277 | { |
| @@ -1247,11 +1283,12 @@ if ($rmd160_obj =~ /\.o$/) | |||
| 1247 | # $rmd160_obj=$rmd160_enc; | 1283 | # $rmd160_obj=$rmd160_enc; |
| 1248 | $cflags.=" -DRMD160_ASM"; | 1284 | $cflags.=" -DRMD160_ASM"; |
| 1249 | } | 1285 | } |
| 1250 | 1286 | if ($aes_obj =~ /\.o$/) | |
| 1251 | if ($debug) | ||
| 1252 | { | 1287 | { |
| 1253 | $cflags.=" -g"; | 1288 | $cflags.=" -DAES_ASM"; |
| 1254 | $cflags=~s/-fomit-frame-pointer//; | 1289 | } |
| 1290 | else { | ||
| 1291 | $aes_obj=$aes_enc; | ||
| 1255 | } | 1292 | } |
| 1256 | 1293 | ||
| 1257 | # "Stringify" the C flags string. This permits it to be made part of a string | 1294 | # "Stringify" the C flags string. This permits it to be made part of a string |
| @@ -1259,6 +1296,7 @@ if ($debug) | |||
| 1259 | $cflags =~ s/([\\\"])/\\\1/g; | 1296 | $cflags =~ s/([\\\"])/\\\1/g; |
| 1260 | 1297 | ||
| 1261 | my $version = "unknown"; | 1298 | my $version = "unknown"; |
| 1299 | my $version_num = "unknown"; | ||
| 1262 | my $major = "unknown"; | 1300 | my $major = "unknown"; |
| 1263 | my $minor = "unknown"; | 1301 | my $minor = "unknown"; |
| 1264 | my $shlib_version_number = "unknown"; | 1302 | my $shlib_version_number = "unknown"; |
| @@ -1270,6 +1308,7 @@ open(IN,'<crypto/opensslv.h') || die "unable to read opensslv.h:$!\n"; | |||
| 1270 | while (<IN>) | 1308 | while (<IN>) |
| 1271 | { | 1309 | { |
| 1272 | $version=$1 if /OPENSSL.VERSION.TEXT.*OpenSSL (\S+) /; | 1310 | $version=$1 if /OPENSSL.VERSION.TEXT.*OpenSSL (\S+) /; |
| 1311 | $version_num=$1 if /OPENSSL.VERSION.NUMBER.*0x(\S+)/; | ||
| 1273 | $shlib_version_number=$1 if /SHLIB_VERSION_NUMBER *"([^"]+)"/; | 1312 | $shlib_version_number=$1 if /SHLIB_VERSION_NUMBER *"([^"]+)"/; |
| 1274 | $shlib_version_history=$1 if /SHLIB_VERSION_HISTORY *"([^"]*)"/; | 1313 | $shlib_version_history=$1 if /SHLIB_VERSION_HISTORY *"([^"]*)"/; |
| 1275 | } | 1314 | } |
| @@ -1322,19 +1361,19 @@ while (<IN>) | |||
| 1322 | s/^MAKEDEPPROG=.*$/MAKEDEPPROG= $cc/ if $cc eq "gcc"; | 1361 | s/^MAKEDEPPROG=.*$/MAKEDEPPROG= $cc/ if $cc eq "gcc"; |
| 1323 | s/^CFLAG=.*$/CFLAG= $cflags/; | 1362 | s/^CFLAG=.*$/CFLAG= $cflags/; |
| 1324 | s/^DEPFLAG=.*$/DEPFLAG= $depflags/; | 1363 | s/^DEPFLAG=.*$/DEPFLAG= $depflags/; |
| 1364 | s/^PEX_LIBS=.*$/PEX_LIBS= $prelflags/; | ||
| 1325 | s/^EX_LIBS=.*$/EX_LIBS= $lflags/; | 1365 | s/^EX_LIBS=.*$/EX_LIBS= $lflags/; |
| 1326 | s/^EXE_EXT=.*$/EXE_EXT= $exe_ext/; | 1366 | s/^EXE_EXT=.*$/EXE_EXT= $exe_ext/; |
| 1367 | s/^CPUID_OBJ=.*$/CPUID_OBJ= $cpuid_obj/; | ||
| 1327 | s/^BN_ASM=.*$/BN_ASM= $bn_obj/; | 1368 | s/^BN_ASM=.*$/BN_ASM= $bn_obj/; |
| 1328 | s/^DES_ENC=.*$/DES_ENC= $des_obj/; | 1369 | s/^DES_ENC=.*$/DES_ENC= $des_obj/; |
| 1329 | s/^FIPS_DES_ENC=.*$/FIPS_DES_ENC= $fips_des_obj/; | 1370 | s/^AES_ASM_OBJ=.*$/AES_ASM_OBJ= $aes_obj/; |
| 1330 | s/^FIPS_AES_ENC=.*$/FIPS_AES_ENC= $fips_aes_obj/; | ||
| 1331 | s/^BF_ENC=.*$/BF_ENC= $bf_obj/; | 1371 | s/^BF_ENC=.*$/BF_ENC= $bf_obj/; |
| 1332 | s/^CAST_ENC=.*$/CAST_ENC= $cast_obj/; | 1372 | s/^CAST_ENC=.*$/CAST_ENC= $cast_obj/; |
| 1333 | s/^RC4_ENC=.*$/RC4_ENC= $rc4_obj/; | 1373 | s/^RC4_ENC=.*$/RC4_ENC= $rc4_obj/; |
| 1334 | s/^RC5_ENC=.*$/RC5_ENC= $rc5_obj/; | 1374 | s/^RC5_ENC=.*$/RC5_ENC= $rc5_obj/; |
| 1335 | s/^MD5_ASM_OBJ=.*$/MD5_ASM_OBJ= $md5_obj/; | 1375 | s/^MD5_ASM_OBJ=.*$/MD5_ASM_OBJ= $md5_obj/; |
| 1336 | s/^SHA1_ASM_OBJ=.*$/SHA1_ASM_OBJ= $sha1_obj/; | 1376 | s/^SHA1_ASM_OBJ=.*$/SHA1_ASM_OBJ= $sha1_obj/; |
| 1337 | s/^FIPS_SHA1_ASM_OBJ=.*$/FIPS_SHA1_ASM_OBJ= $fips_sha1_obj/; | ||
| 1338 | s/^RMD160_ASM_OBJ=.*$/RMD160_ASM_OBJ= $rmd160_obj/; | 1377 | s/^RMD160_ASM_OBJ=.*$/RMD160_ASM_OBJ= $rmd160_obj/; |
| 1339 | s/^PROCESSOR=.*/PROCESSOR= $processor/; | 1378 | s/^PROCESSOR=.*/PROCESSOR= $processor/; |
| 1340 | s/^RANLIB=.*/RANLIB= $ranlib/; | 1379 | s/^RANLIB=.*/RANLIB= $ranlib/; |
| @@ -1343,8 +1382,6 @@ while (<IN>) | |||
| 1343 | s/^KRB5_INCLUDES=.*/KRB5_INCLUDES=$withargs{"krb5-include"}/; | 1382 | s/^KRB5_INCLUDES=.*/KRB5_INCLUDES=$withargs{"krb5-include"}/; |
| 1344 | s/^LIBKRB5=.*/LIBKRB5=$withargs{"krb5-lib"}/; | 1383 | s/^LIBKRB5=.*/LIBKRB5=$withargs{"krb5-lib"}/; |
| 1345 | s/^LIBZLIB=.*/LIBZLIB=$withargs{"zlib-lib"}/; | 1384 | s/^LIBZLIB=.*/LIBZLIB=$withargs{"zlib-lib"}/; |
| 1346 | s/^FIPSLIBDIR=.*/FIPSLIBDIR=$fipslibdir/; | ||
| 1347 | s/^BASEADDR=.*/BASEADDR=$baseaddr/; | ||
| 1348 | s/^ZLIB_INCLUDE=.*/ZLIB_INCLUDE=$withargs{"zlib-include"}/; | 1385 | s/^ZLIB_INCLUDE=.*/ZLIB_INCLUDE=$withargs{"zlib-include"}/; |
| 1349 | s/^SHLIB_TARGET=.*/SHLIB_TARGET=$shared_target/; | 1386 | s/^SHLIB_TARGET=.*/SHLIB_TARGET=$shared_target/; |
| 1350 | s/^SHLIB_MARK=.*/SHLIB_MARK=$shared_mark/; | 1387 | s/^SHLIB_MARK=.*/SHLIB_MARK=$shared_mark/; |
| @@ -1378,8 +1415,10 @@ rename("$Makefile.new",$Makefile) || die "unable to rename $Makefile.new\n"; | |||
| 1378 | print "CC =$cc\n"; | 1415 | print "CC =$cc\n"; |
| 1379 | print "CFLAG =$cflags\n"; | 1416 | print "CFLAG =$cflags\n"; |
| 1380 | print "EX_LIBS =$lflags\n"; | 1417 | print "EX_LIBS =$lflags\n"; |
| 1418 | print "CPUID_OBJ =$cpuid_obj\n"; | ||
| 1381 | print "BN_ASM =$bn_obj\n"; | 1419 | print "BN_ASM =$bn_obj\n"; |
| 1382 | print "DES_ENC =$des_obj\n"; | 1420 | print "DES_ENC =$des_obj\n"; |
| 1421 | print "AES_ASM_OBJ =$aes_obj\n"; | ||
| 1383 | print "BF_ENC =$bf_obj\n"; | 1422 | print "BF_ENC =$bf_obj\n"; |
| 1384 | print "CAST_ENC =$cast_obj\n"; | 1423 | print "CAST_ENC =$cast_obj\n"; |
| 1385 | print "RC4_ENC =$rc4_obj\n"; | 1424 | print "RC4_ENC =$rc4_obj\n"; |
| @@ -1471,10 +1510,14 @@ print OUT "#ifdef OPENSSL_ALGORITHM_DEFINES\n"; | |||
| 1471 | print OUT $openssl_algorithm_defines_trans; | 1510 | print OUT $openssl_algorithm_defines_trans; |
| 1472 | print OUT "#endif\n\n"; | 1511 | print OUT "#endif\n\n"; |
| 1473 | 1512 | ||
| 1513 | print OUT "#define OPENSSL_CPUID_OBJ\n\n" if ($cpuid_obj); | ||
| 1514 | |||
| 1474 | while (<IN>) | 1515 | while (<IN>) |
| 1475 | { | 1516 | { |
| 1476 | if (/^#define\s+OPENSSLDIR/) | 1517 | if (/^#define\s+OPENSSLDIR/) |
| 1477 | { print OUT "#define OPENSSLDIR \"$openssldir\"\n"; } | 1518 | { print OUT "#define OPENSSLDIR \"$openssldir\"\n"; } |
| 1519 | elsif (/^#define\s+ENGINESDIR/) | ||
| 1520 | { print OUT "#define ENGINESDIR \"$prefix/lib/engines\"\n"; } | ||
| 1478 | elsif (/^#((define)|(undef))\s+OPENSSL_EXPORT_VAR_AS_FUNCTION/) | 1521 | elsif (/^#((define)|(undef))\s+OPENSSL_EXPORT_VAR_AS_FUNCTION/) |
| 1479 | { printf OUT "#undef OPENSSL_EXPORT_VAR_AS_FUNCTION\n" | 1522 | { printf OUT "#undef OPENSSL_EXPORT_VAR_AS_FUNCTION\n" |
| 1480 | if $export_var_as_fn; | 1523 | if $export_var_as_fn; |
| @@ -1519,7 +1562,7 @@ while (<IN>) | |||
| 1519 | elsif (/^#((define)|(undef))\s+RC4_INDEX/) | 1562 | elsif (/^#((define)|(undef))\s+RC4_INDEX/) |
| 1520 | { printf OUT "#%s RC4_INDEX\n",($rc4_idx)?"define":"undef"; } | 1563 | { printf OUT "#%s RC4_INDEX\n",($rc4_idx)?"define":"undef"; } |
| 1521 | elsif (/^#(define|undef)\s+I386_ONLY/) | 1564 | elsif (/^#(define|undef)\s+I386_ONLY/) |
| 1522 | { printf OUT "#%s I386_ONLY\n", ($processor == 386)? | 1565 | { printf OUT "#%s I386_ONLY\n", ($processor eq "386")? |
| 1523 | "define":"undef"; } | 1566 | "define":"undef"; } |
| 1524 | elsif (/^#define\s+MD2_INT\s/) | 1567 | elsif (/^#define\s+MD2_INT\s/) |
| 1525 | { printf OUT "#define MD2_INT unsigned %s\n",$type[$md2_int]; } | 1568 | { printf OUT "#define MD2_INT unsigned %s\n",$type[$md2_int]; } |
| @@ -1566,12 +1609,12 @@ print "RC2 uses u$type[$rc2_int]\n" if $rc2_int != $def_int; | |||
| 1566 | print "BF_PTR used\n" if $bf_ptr == 1; | 1609 | print "BF_PTR used\n" if $bf_ptr == 1; |
| 1567 | print "BF_PTR2 used\n" if $bf_ptr == 2; | 1610 | print "BF_PTR2 used\n" if $bf_ptr == 2; |
| 1568 | 1611 | ||
| 1569 | if($IsWindows) { | 1612 | if($IsMK1MF) { |
| 1570 | open (OUT,">crypto/buildinf.h") || die "Can't open buildinf.h"; | 1613 | open (OUT,">crypto/buildinf.h") || die "Can't open buildinf.h"; |
| 1571 | printf OUT <<EOF; | 1614 | printf OUT <<EOF; |
| 1572 | #ifndef MK1MF_BUILD | 1615 | #ifndef MK1MF_BUILD |
| 1573 | /* auto-generated by Configure for crypto/cversion.c: | 1616 | /* auto-generated by Configure for crypto/cversion.c: |
| 1574 | * for Unix builds, crypto/Makefile generates functional definitions; | 1617 | * for Unix builds, crypto/Makefile.ssl generates functional definitions; |
| 1575 | * Windows builds (and other mk1mf builds) compile cversion.c with | 1618 | * Windows builds (and other mk1mf builds) compile cversion.c with |
| 1576 | * -DMK1MF_BUILD and use definitions added to this file by util/mk1mf.pl. */ | 1619 | * -DMK1MF_BUILD and use definitions added to this file by util/mk1mf.pl. */ |
| 1577 | #error "Windows builds (PLATFORM=$target) use mk1mf.pl-created Makefiles" | 1620 | #error "Windows builds (PLATFORM=$target) use mk1mf.pl-created Makefiles" |
| @@ -1582,7 +1625,7 @@ EOF | |||
| 1582 | my $make_command = "make PERL=\'$perl\'"; | 1625 | my $make_command = "make PERL=\'$perl\'"; |
| 1583 | my $make_targets = ""; | 1626 | my $make_targets = ""; |
| 1584 | $make_targets .= " links" if $symlink; | 1627 | $make_targets .= " links" if $symlink; |
| 1585 | $make_targets .= " depend" if $depflags ne "" && $make_depend; | 1628 | $make_targets .= " depend" if $depflags ne $default_depflags && $make_depend; |
| 1586 | $make_targets .= " gentests" if $symlink; | 1629 | $make_targets .= " gentests" if $symlink; |
| 1587 | (system $make_command.$make_targets) == 0 or exit $? | 1630 | (system $make_command.$make_targets) == 0 or exit $? |
| 1588 | if $make_targets ne ""; | 1631 | if $make_targets ne ""; |
| @@ -1594,17 +1637,79 @@ EOF | |||
| 1594 | &dofile("tools/c_rehash",'/usr/local/bin/perl','^#!/', '#!%s','^my \$dir;$', 'my $dir = "' . $openssldir . '";'); | 1637 | &dofile("tools/c_rehash",'/usr/local/bin/perl','^#!/', '#!%s','^my \$dir;$', 'my $dir = "' . $openssldir . '";'); |
| 1595 | &dofile("apps/CA.pl",'/usr/local/bin/perl','^#!/', '#!%s'); | 1638 | &dofile("apps/CA.pl",'/usr/local/bin/perl','^#!/', '#!%s'); |
| 1596 | } | 1639 | } |
| 1597 | if ($depflags ne "" && !$make_depend) { | 1640 | if ($depflags ne $default_depflags && !$make_depend) { |
| 1598 | print <<EOF; | 1641 | print <<EOF; |
| 1599 | 1642 | ||
| 1600 | Since you've disabled at least one algorithm, you need to do the following | 1643 | Since you've disabled or enabled at least one algorithm, you need to do |
| 1601 | before building: | 1644 | the following before building: |
| 1602 | 1645 | ||
| 1603 | make depend | 1646 | make depend |
| 1604 | EOF | 1647 | EOF |
| 1605 | } | 1648 | } |
| 1606 | } | 1649 | } |
| 1607 | 1650 | ||
| 1651 | # create the ms/version32.rc file if needed | ||
| 1652 | if ($IsMK1MF && ($target !~ /^netware/)) { | ||
| 1653 | my ($v1, $v2, $v3, $v4); | ||
| 1654 | if ($version_num =~ /(^[0-9a-f]{1})([0-9a-f]{2})([0-9a-f]{2})([0-9a-f]{2})/i) { | ||
| 1655 | $v1=hex $1; | ||
| 1656 | $v2=hex $2; | ||
| 1657 | $v3=hex $3; | ||
| 1658 | $v4=hex $4; | ||
| 1659 | } | ||
| 1660 | open (OUT,">ms/version32.rc") || die "Can't open ms/version32.rc"; | ||
| 1661 | print OUT <<EOF; | ||
| 1662 | #include <winver.h> | ||
| 1663 | |||
| 1664 | LANGUAGE 0x09,0x01 | ||
| 1665 | |||
| 1666 | 1 VERSIONINFO | ||
| 1667 | FILEVERSION $v1,$v2,$v3,$v4 | ||
| 1668 | PRODUCTVERSION $v1,$v2,$v3,$v4 | ||
| 1669 | FILEFLAGSMASK 0x3fL | ||
| 1670 | #ifdef _DEBUG | ||
| 1671 | FILEFLAGS 0x01L | ||
| 1672 | #else | ||
| 1673 | FILEFLAGS 0x00L | ||
| 1674 | #endif | ||
| 1675 | FILEOS VOS__WINDOWS32 | ||
| 1676 | FILETYPE VFT_DLL | ||
| 1677 | FILESUBTYPE 0x0L | ||
| 1678 | BEGIN | ||
| 1679 | BLOCK "StringFileInfo" | ||
| 1680 | BEGIN | ||
| 1681 | BLOCK "040904b0" | ||
| 1682 | BEGIN | ||
| 1683 | // Required: | ||
| 1684 | VALUE "CompanyName", "The OpenSSL Project, http://www.openssl.org/\\0" | ||
| 1685 | VALUE "FileDescription", "OpenSSL Shared Library\\0" | ||
| 1686 | VALUE "FileVersion", "$version\\0" | ||
| 1687 | #if defined(CRYPTO) | ||
| 1688 | VALUE "InternalName", "libeay32\\0" | ||
| 1689 | VALUE "OriginalFilename", "libeay32.dll\\0" | ||
| 1690 | #elif defined(SSL) | ||
| 1691 | VALUE "InternalName", "ssleay32\\0" | ||
| 1692 | VALUE "OriginalFilename", "ssleay32.dll\\0" | ||
| 1693 | #endif | ||
| 1694 | VALUE "ProductName", "The OpenSSL Toolkit\\0" | ||
| 1695 | VALUE "ProductVersion", "$version\\0" | ||
| 1696 | // Optional: | ||
| 1697 | //VALUE "Comments", "\\0" | ||
| 1698 | VALUE "LegalCopyright", "Copyright © 1998-2005 The OpenSSL Project. Copyright © 1995-1998 Eric A. Young, Tim J. Hudson. All rights reserved.\\0" | ||
| 1699 | //VALUE "LegalTrademarks", "\\0" | ||
| 1700 | //VALUE "PrivateBuild", "\\0" | ||
| 1701 | //VALUE "SpecialBuild", "\\0" | ||
| 1702 | END | ||
| 1703 | END | ||
| 1704 | BLOCK "VarFileInfo" | ||
| 1705 | BEGIN | ||
| 1706 | VALUE "Translation", 0x409, 0x4b0 | ||
| 1707 | END | ||
| 1708 | END | ||
| 1709 | EOF | ||
| 1710 | close(OUT); | ||
| 1711 | } | ||
| 1712 | |||
| 1608 | print <<EOF; | 1713 | print <<EOF; |
| 1609 | 1714 | ||
| 1610 | Configured for $target. | 1715 | Configured for $target. |
| @@ -1699,13 +1804,12 @@ sub print_table_entry | |||
| 1699 | { | 1804 | { |
| 1700 | my $target = shift; | 1805 | my $target = shift; |
| 1701 | 1806 | ||
| 1702 | my @fields = split(/\s*:\s*/,$table{$target} . ":" x 30 , -1); | ||
| 1703 | for (@fields) { s/%([\dA-Fa-f]{2})/chr(hex($1))/eg; } | ||
| 1704 | (my $cc,my $cflags,my $unistd,my $thread_cflag,my $sys_id,my $lflags, | 1807 | (my $cc,my $cflags,my $unistd,my $thread_cflag,my $sys_id,my $lflags, |
| 1705 | my $bn_ops,my $bn_obj,my $des_obj,my $bf_obj, | 1808 | my $bn_ops,my $cpuid_obj,my $bn_obj,my $des_obj,my $aes_obj, my $bf_obj, |
| 1706 | my $md5_obj,my $sha1_obj,my $cast_obj,my $rc4_obj,my $rmd160_obj, | 1809 | my $md5_obj,my $sha1_obj,my $cast_obj,my $rc4_obj,my $rmd160_obj, |
| 1707 | my $rc5_obj,my $dso_scheme,my $shared_target,my $shared_cflag, | 1810 | my $rc5_obj,my $dso_scheme,my $shared_target,my $shared_cflag, |
| 1708 | my $shared_ldflag,my $shared_extension,my $ranlib,my $arflags)=@fields; | 1811 | my $shared_ldflag,my $shared_extension,my $ranlib,my $arflags)= |
| 1812 | split(/\s*:\s*/,$table{$target} . ":" x 30 , -1); | ||
| 1709 | 1813 | ||
| 1710 | print <<EOF | 1814 | print <<EOF |
| 1711 | 1815 | ||
| @@ -1717,8 +1821,10 @@ sub print_table_entry | |||
| 1717 | \$sys_id = $sys_id | 1821 | \$sys_id = $sys_id |
| 1718 | \$lflags = $lflags | 1822 | \$lflags = $lflags |
| 1719 | \$bn_ops = $bn_ops | 1823 | \$bn_ops = $bn_ops |
| 1824 | \$cpuid_obj = $cpuid_obj | ||
| 1720 | \$bn_obj = $bn_obj | 1825 | \$bn_obj = $bn_obj |
| 1721 | \$des_obj = $des_obj | 1826 | \$des_obj = $des_obj |
| 1827 | \$aes_obj = $aes_obj | ||
| 1722 | \$bf_obj = $bf_obj | 1828 | \$bf_obj = $bf_obj |
| 1723 | \$md5_obj = $md5_obj | 1829 | \$md5_obj = $md5_obj |
| 1724 | \$sha1_obj = $sha1_obj | 1830 | \$sha1_obj = $sha1_obj |
| @@ -1748,7 +1854,6 @@ sub test_sanity | |||
| 1748 | foreach $target (sort keys %table) | 1854 | foreach $target (sort keys %table) |
| 1749 | { | 1855 | { |
| 1750 | @fields = split(/\s*:\s*/,$table{$target} . ":" x 30 , -1); | 1856 | @fields = split(/\s*:\s*/,$table{$target} . ":" x 30 , -1); |
| 1751 | for (@fields) { s/%([\dA-Fa-f]{2})/chr(hex($1))/eg; } | ||
| 1752 | 1857 | ||
| 1753 | if ($fields[$idx_dso_scheme-1] =~ /^(dl|dlfcn|win32|vms)$/) | 1858 | if ($fields[$idx_dso_scheme-1] =~ /^(dl|dlfcn|win32|vms)$/) |
| 1754 | { | 1859 | { |
| @@ -1772,3 +1877,11 @@ sub test_sanity | |||
| 1772 | print STDERR "No sanity errors detected!\n" if $errorcnt == 0; | 1877 | print STDERR "No sanity errors detected!\n" if $errorcnt == 0; |
| 1773 | return $errorcnt; | 1878 | return $errorcnt; |
| 1774 | } | 1879 | } |
| 1880 | |||
| 1881 | # Attempt to detect MSYS environment | ||
| 1882 | |||
| 1883 | sub is_msys | ||
| 1884 | { | ||
| 1885 | return 1 if (exists $ENV{"TERM"} && $ENV{"TERM"} eq "msys"); | ||
| 1886 | return 0; | ||
| 1887 | } | ||
diff --git a/src/lib/libssl/src/FAQ b/src/lib/libssl/src/FAQ index 6545cd72aa..09f700cc3a 100644 --- a/src/lib/libssl/src/FAQ +++ b/src/lib/libssl/src/FAQ | |||
| @@ -31,6 +31,8 @@ OpenSSL - Frequently Asked Questions | |||
| 31 | * Why does my browser give a warning about a mismatched hostname? | 31 | * Why does my browser give a warning about a mismatched hostname? |
| 32 | * How do I install a CA certificate into a browser? | 32 | * How do I install a CA certificate into a browser? |
| 33 | * Why is OpenSSL x509 DN output not conformant to RFC2253? | 33 | * Why is OpenSSL x509 DN output not conformant to RFC2253? |
| 34 | * What is a "128 bit certificate"? Can I create one with OpenSSL? | ||
| 35 | * How can I set up a bundle of commercial root CA certificates? | ||
| 34 | 36 | ||
| 35 | [BUILD] Questions about building and testing OpenSSL | 37 | [BUILD] Questions about building and testing OpenSSL |
| 36 | 38 | ||
| @@ -46,6 +48,9 @@ OpenSSL - Frequently Asked Questions | |||
| 46 | * Why does the OpenSSL test suite fail on MacOS X? | 48 | * Why does the OpenSSL test suite fail on MacOS X? |
| 47 | * Why does the OpenSSL test suite fail in BN_sqr test [on a 64-bit platform]? | 49 | * Why does the OpenSSL test suite fail in BN_sqr test [on a 64-bit platform]? |
| 48 | * Why does OpenBSD-i386 build fail on des-586.s with "Unimplemented segment type"? | 50 | * Why does OpenBSD-i386 build fail on des-586.s with "Unimplemented segment type"? |
| 51 | * Why does the OpenSSL test suite fail in sha512t on x86 CPU? | ||
| 52 | * Why does compiler fail to compile sha512.c? | ||
| 53 | * Test suite still fails, what to do? | ||
| 49 | 54 | ||
| 50 | [PROG] Questions about programming with OpenSSL | 55 | [PROG] Questions about programming with OpenSSL |
| 51 | 56 | ||
| @@ -62,6 +67,7 @@ OpenSSL - Frequently Asked Questions | |||
| 62 | * Why doesn't my server application receive a client certificate? | 67 | * Why doesn't my server application receive a client certificate? |
| 63 | * Why does compilation fail due to an undefined symbol NID_uniqueIdentifier? | 68 | * Why does compilation fail due to an undefined symbol NID_uniqueIdentifier? |
| 64 | * I think I've detected a memory leak, is this a bug? | 69 | * I think I've detected a memory leak, is this a bug? |
| 70 | * Why does Valgrind complain about the use of uninitialized data? | ||
| 65 | 71 | ||
| 66 | =============================================================================== | 72 | =============================================================================== |
| 67 | 73 | ||
| @@ -70,7 +76,7 @@ OpenSSL - Frequently Asked Questions | |||
| 70 | * Which is the current version of OpenSSL? | 76 | * Which is the current version of OpenSSL? |
| 71 | 77 | ||
| 72 | The current version is available from <URL: http://www.openssl.org>. | 78 | The current version is available from <URL: http://www.openssl.org>. |
| 73 | OpenSSL 0.9.7j was released on May 4, 2006. | 79 | OpenSSL 0.9.8h was released on May 28th, 2008. |
| 74 | 80 | ||
| 75 | In addition to the current stable release, you can also access daily | 81 | In addition to the current stable release, you can also access daily |
| 76 | snapshots of the OpenSSL development version at <URL: | 82 | snapshots of the OpenSSL development version at <URL: |
| @@ -152,7 +158,8 @@ Use MD5 to check that a tarball from a mirror site is identical: | |||
| 152 | md5sum TARBALL | awk '{print $1;}' | cmp - TARBALL.md5 | 158 | md5sum TARBALL | awk '{print $1;}' | cmp - TARBALL.md5 |
| 153 | 159 | ||
| 154 | You can check authenticity using pgp or gpg. You need the OpenSSL team | 160 | You can check authenticity using pgp or gpg. You need the OpenSSL team |
| 155 | member public key used to sign it (download it from a key server). Then | 161 | member public key used to sign it (download it from a key server, see a |
| 162 | list of keys at <URL: http://www.openssl.org/about/>). Then | ||
| 156 | just do: | 163 | just do: |
| 157 | 164 | ||
| 158 | pgp TARBALL.asc | 165 | pgp TARBALL.asc |
| @@ -166,8 +173,8 @@ you if you want to use OpenSSL. For information on intellectual | |||
| 166 | property rights, please consult a lawyer. The OpenSSL team does not | 173 | property rights, please consult a lawyer. The OpenSSL team does not |
| 167 | offer legal advice. | 174 | offer legal advice. |
| 168 | 175 | ||
| 169 | You can configure OpenSSL so as not to use RC5 and IDEA by using | 176 | You can configure OpenSSL so as not to use IDEA, MDC2 and RC5 by using |
| 170 | ./config no-rc5 no-idea | 177 | ./config no-idea no-mdc2 no-rc5 |
| 171 | 178 | ||
| 172 | 179 | ||
| 173 | * Can I use OpenSSL with GPL software? | 180 | * Can I use OpenSSL with GPL software? |
| @@ -383,6 +390,57 @@ interface, the "-nameopt" option could be introduded. See the manual | |||
| 383 | page of the "openssl x509" commandline tool for details. The old behaviour | 390 | page of the "openssl x509" commandline tool for details. The old behaviour |
| 384 | has however been left as default for the sake of compatibility. | 391 | has however been left as default for the sake of compatibility. |
| 385 | 392 | ||
| 393 | * What is a "128 bit certificate"? Can I create one with OpenSSL? | ||
| 394 | |||
| 395 | The term "128 bit certificate" is a highly misleading marketing term. It does | ||
| 396 | *not* refer to the size of the public key in the certificate! A certificate | ||
| 397 | containing a 128 bit RSA key would have negligible security. | ||
| 398 | |||
| 399 | There were various other names such as "magic certificates", "SGC | ||
| 400 | certificates", "step up certificates" etc. | ||
| 401 | |||
| 402 | You can't generally create such a certificate using OpenSSL but there is no | ||
| 403 | need to any more. Nowadays web browsers using unrestricted strong encryption | ||
| 404 | are generally available. | ||
| 405 | |||
| 406 | When there were tight export restrictions on the export of strong encryption | ||
| 407 | software from the US only weak encryption algorithms could be freely exported | ||
| 408 | (initially 40 bit and then 56 bit). It was widely recognised that this was | ||
| 409 | inadequate. A relaxation the rules allowed the use of strong encryption but | ||
| 410 | only to an authorised server. | ||
| 411 | |||
| 412 | Two slighly different techniques were developed to support this, one used by | ||
| 413 | Netscape was called "step up", the other used by MSIE was called "Server Gated | ||
| 414 | Cryptography" (SGC). When a browser initially connected to a server it would | ||
| 415 | check to see if the certificate contained certain extensions and was issued by | ||
| 416 | an authorised authority. If these test succeeded it would reconnect using | ||
| 417 | strong encryption. | ||
| 418 | |||
| 419 | Only certain (initially one) certificate authorities could issue the | ||
| 420 | certificates and they generally cost more than ordinary certificates. | ||
| 421 | |||
| 422 | Although OpenSSL can create certificates containing the appropriate extensions | ||
| 423 | the certificate would not come from a permitted authority and so would not | ||
| 424 | be recognized. | ||
| 425 | |||
| 426 | The export laws were later changed to allow almost unrestricted use of strong | ||
| 427 | encryption so these certificates are now obsolete. | ||
| 428 | |||
| 429 | |||
| 430 | * How can I set up a bundle of commercial root CA certificates? | ||
| 431 | |||
| 432 | The OpenSSL software is shipped without any root CA certificate as the | ||
| 433 | OpenSSL project does not have any policy on including or excluding | ||
| 434 | any specific CA and does not intend to set up such a policy. Deciding | ||
| 435 | about which CAs to support is up to application developers or | ||
| 436 | administrators. | ||
| 437 | |||
| 438 | Other projects do have other policies so you can for example extract the CA | ||
| 439 | bundle used by Mozilla and/or modssl as described in this article: | ||
| 440 | |||
| 441 | http://www.mail-archive.com/modssl-users@modssl.org/msg16980.html | ||
| 442 | |||
| 443 | |||
| 386 | [BUILD] ======================================================================= | 444 | [BUILD] ======================================================================= |
| 387 | 445 | ||
| 388 | * Why does the linker complain about undefined symbols? | 446 | * Why does the linker complain about undefined symbols? |
| @@ -462,7 +520,7 @@ get the best result from OpenSSL. A bit more complicated solution is the | |||
| 462 | following: | 520 | following: |
| 463 | 521 | ||
| 464 | ----- snip:start ----- | 522 | ----- snip:start ----- |
| 465 | make DIRS=crypto SDIRS=sha "`grep '^CFLAG=' Makefile | \ | 523 | make DIRS=crypto SDIRS=sha "`grep '^CFLAG=' Makefile.ssl | \ |
| 466 | sed -e 's/ -O[0-9] / -O0 /'`" | 524 | sed -e 's/ -O[0-9] / -O0 /'`" |
| 467 | rm `ls crypto/*.o crypto/sha/*.o | grep -v 'sha_dgst\.o'` | 525 | rm `ls crypto/*.o crypto/sha/*.o | grep -v 'sha_dgst\.o'` |
| 468 | make | 526 | make |
| @@ -472,7 +530,7 @@ This will only compile sha_dgst.c with -O0, the rest with the optimization | |||
| 472 | level chosen by the configuration process. When the above is done, do the | 530 | level chosen by the configuration process. When the above is done, do the |
| 473 | test and installation and you're set. | 531 | test and installation and you're set. |
| 474 | 532 | ||
| 475 | 3. Reconfigure the toolkit with no-sha0 option to leave out SHA0. It | 533 | 3. Reconfigure the toolkit with no-sha0 option to leave out SHA0. It |
| 476 | should not be used and is not used in SSL/TLS nor any other recognized | 534 | should not be used and is not used in SSL/TLS nor any other recognized |
| 477 | protocol in either case. | 535 | protocol in either case. |
| 478 | 536 | ||
| @@ -597,6 +655,35 @@ Reportedly elder *BSD a.out platforms also suffer from this problem and | |||
| 597 | remedy should be same. Provided binary is statically linked and should be | 655 | remedy should be same. Provided binary is statically linked and should be |
| 598 | working across wider range of *BSD branches, not just OpenBSD. | 656 | working across wider range of *BSD branches, not just OpenBSD. |
| 599 | 657 | ||
| 658 | * Why does the OpenSSL test suite fail in sha512t on x86 CPU? | ||
| 659 | |||
| 660 | If the test program in question fails withs SIGILL, Illegal Instruction | ||
| 661 | exception, then you more than likely to run SSE2-capable CPU, such as | ||
| 662 | Intel P4, under control of kernel which does not support SSE2 | ||
| 663 | instruction extentions. See accompanying INSTALL file and | ||
| 664 | OPENSSL_ia32cap(3) documentation page for further information. | ||
| 665 | |||
| 666 | * Why does compiler fail to compile sha512.c? | ||
| 667 | |||
| 668 | OpenSSL SHA-512 implementation depends on compiler support for 64-bit | ||
| 669 | integer type. Few elder compilers [ULTRIX cc, SCO compiler to mention a | ||
| 670 | couple] lack support for this and therefore are incapable of compiling | ||
| 671 | the module in question. The recommendation is to disable SHA-512 by | ||
| 672 | adding no-sha512 to ./config [or ./Configure] command line. Another | ||
| 673 | possible alternative might be to switch to GCC. | ||
| 674 | |||
| 675 | * Test suite still fails, what to do? | ||
| 676 | |||
| 677 | Another common reason for failure to complete some particular test is | ||
| 678 | simply bad code generated by a buggy component in toolchain or deficiency | ||
| 679 | in run-time environment. There are few cases documented in PROBLEMS file, | ||
| 680 | consult it for possible workaround before you beat the drum. Even if you | ||
| 681 | don't find solution or even mention there, do reserve for possibility of | ||
| 682 | a compiler bug. Compiler bugs might appear in rather bizarre ways, they | ||
| 683 | never make sense, and tend to emerge when you least expect them. In order | ||
| 684 | to identify one, drop optimization level, e.g. by editing CFLAG line in | ||
| 685 | top-level Makefile, recompile and re-run the test. | ||
| 686 | |||
| 600 | [PROG] ======================================================================== | 687 | [PROG] ======================================================================== |
| 601 | 688 | ||
| 602 | * Is OpenSSL thread-safe? | 689 | * Is OpenSSL thread-safe? |
| @@ -608,8 +695,9 @@ libraries. If your platform is not one of these, consult the INSTALL | |||
| 608 | file. | 695 | file. |
| 609 | 696 | ||
| 610 | Multi-threaded applications must provide two callback functions to | 697 | Multi-threaded applications must provide two callback functions to |
| 611 | OpenSSL. This is described in the threads(3) manpage. | 698 | OpenSSL by calling CRYPTO_set_locking_callback() and |
| 612 | 699 | CRYPTO_set_id_callback(). This is described in the threads(3) | |
| 700 | manpage. | ||
| 613 | 701 | ||
| 614 | * I've compiled a program under Windows and it crashes: why? | 702 | * I've compiled a program under Windows and it crashes: why? |
| 615 | 703 | ||
| @@ -629,10 +717,10 @@ your application must link against the same by which OpenSSL was | |||
| 629 | built. If you are using MS Visual C++ (Studio) this can be changed | 717 | built. If you are using MS Visual C++ (Studio) this can be changed |
| 630 | by: | 718 | by: |
| 631 | 719 | ||
| 632 | 1. Select Settings... from the Project Menu. | 720 | 1. Select Settings... from the Project Menu. |
| 633 | 2. Select the C/C++ Tab. | 721 | 2. Select the C/C++ Tab. |
| 634 | 3. Select "Code Generation from the "Category" drop down list box | 722 | 3. Select "Code Generation from the "Category" drop down list box |
| 635 | 4. Select the Appropriate library (see table below) from the "Use | 723 | 4. Select the Appropriate library (see table below) from the "Use |
| 636 | run-time library" drop down list box. Perform this step for both | 724 | run-time library" drop down list box. Perform this step for both |
| 637 | your debug and release versions of your application (look at the | 725 | your debug and release versions of your application (look at the |
| 638 | top left of the settings panel to change between the two) | 726 | top left of the settings panel to change between the two) |
| @@ -651,30 +739,44 @@ by: | |||
| 651 | Note that debug and release libraries are NOT interchangeable. If you | 739 | Note that debug and release libraries are NOT interchangeable. If you |
| 652 | built OpenSSL with /MD your application must use /MD and cannot use /MDd. | 740 | built OpenSSL with /MD your application must use /MD and cannot use /MDd. |
| 653 | 741 | ||
| 742 | As per 0.9.8 the above limitation is eliminated for .DLLs. OpenSSL | ||
| 743 | .DLLs compiled with some specific run-time option [we insist on the | ||
| 744 | default /MD] can be deployed with application compiled with different | ||
| 745 | option or even different compiler. But there is a catch! Instead of | ||
| 746 | re-compiling OpenSSL toolkit, as you would have to with prior versions, | ||
| 747 | you have to compile small C snippet with compiler and/or options of | ||
| 748 | your choice. The snippet gets installed as | ||
| 749 | <install-root>/include/openssl/applink.c and should be either added to | ||
| 750 | your application project or simply #include-d in one [and only one] | ||
| 751 | of your application source files. Failure to link this shim module | ||
| 752 | into your application manifests itself as fatal "no OPENSSL_Applink" | ||
| 753 | run-time error. An explicit reminder is due that in this situation | ||
| 754 | [mixing compiler options] it is as important to add CRYPTO_malloc_init | ||
| 755 | prior first call to OpenSSL. | ||
| 654 | 756 | ||
| 655 | * How do I read or write a DER encoded buffer using the ASN1 functions? | 757 | * How do I read or write a DER encoded buffer using the ASN1 functions? |
| 656 | 758 | ||
| 657 | You have two options. You can either use a memory BIO in conjunction | 759 | You have two options. You can either use a memory BIO in conjunction |
| 658 | with the i2d_XXX_bio() or d2i_XXX_bio() functions or you can use the | 760 | with the i2d_*_bio() or d2i_*_bio() functions or you can use the |
| 659 | i2d_XXX(), d2i_XXX() functions directly. Since these are often the | 761 | i2d_*(), d2i_*() functions directly. Since these are often the |
| 660 | cause of grief here are some code fragments using PKCS7 as an example: | 762 | cause of grief here are some code fragments using PKCS7 as an example: |
| 661 | 763 | ||
| 662 | unsigned char *buf, *p; | 764 | unsigned char *buf, *p; |
| 663 | int len; | 765 | int len; |
| 664 | 766 | ||
| 665 | len = i2d_PKCS7(p7, NULL); | 767 | len = i2d_PKCS7(p7, NULL); |
| 666 | buf = OPENSSL_malloc(len); /* or Malloc, error checking omitted */ | 768 | buf = OPENSSL_malloc(len); /* or Malloc, error checking omitted */ |
| 667 | p = buf; | 769 | p = buf; |
| 668 | i2d_PKCS7(p7, &p); | 770 | i2d_PKCS7(p7, &p); |
| 669 | 771 | ||
| 670 | At this point buf contains the len bytes of the DER encoding of | 772 | At this point buf contains the len bytes of the DER encoding of |
| 671 | p7. | 773 | p7. |
| 672 | 774 | ||
| 673 | The opposite assumes we already have len bytes in buf: | 775 | The opposite assumes we already have len bytes in buf: |
| 674 | 776 | ||
| 675 | unsigned char *p; | 777 | unsigned char *p; |
| 676 | p = buf; | 778 | p = buf; |
| 677 | p7 = d2i_PKCS7(NULL, &p, len); | 779 | p7 = d2i_PKCS7(NULL, &p, len); |
| 678 | 780 | ||
| 679 | At this point p7 contains a valid PKCS7 structure of NULL if an error | 781 | At this point p7 contains a valid PKCS7 structure of NULL if an error |
| 680 | occurred. If an error occurred ERR_print_errors(bio) should give more | 782 | occurred. If an error occurred ERR_print_errors(bio) should give more |
| @@ -736,11 +838,11 @@ code itself (the hex digits after the second colon). | |||
| 736 | 838 | ||
| 737 | * Why do I get errors about unknown algorithms? | 839 | * Why do I get errors about unknown algorithms? |
| 738 | 840 | ||
| 739 | This can happen under several circumstances such as reading in an | 841 | The cause is forgetting to load OpenSSL's table of algorithms with |
| 740 | encrypted private key or attempting to decrypt a PKCS#12 file. The cause | 842 | OpenSSL_add_all_algorithms(). See the manual page for more information. This |
| 741 | is forgetting to load OpenSSL's table of algorithms with | 843 | can cause several problems such as being unable to read in an encrypted |
| 742 | OpenSSL_add_all_algorithms(). See the manual page for more information. | 844 | PEM file, unable to decrypt a PKCS#12 file or signature failure when |
| 743 | 845 | verifying certificates. | |
| 744 | 846 | ||
| 745 | * Why can't the OpenSSH configure script detect OpenSSL? | 847 | * Why can't the OpenSSH configure script detect OpenSSL? |
| 746 | 848 | ||
| @@ -808,5 +910,15 @@ thread-safe): | |||
| 808 | ERR_free_strings(), EVP_cleanup() and CRYPTO_cleanup_all_ex_data(). | 910 | ERR_free_strings(), EVP_cleanup() and CRYPTO_cleanup_all_ex_data(). |
| 809 | 911 | ||
| 810 | 912 | ||
| 913 | * Why does Valgrind complain about the use of uninitialized data? | ||
| 914 | |||
| 915 | When OpenSSL's PRNG routines are called to generate random numbers the supplied | ||
| 916 | buffer contents are mixed into the entropy pool: so it technically does not | ||
| 917 | matter whether the buffer is initialized at this point or not. Valgrind (and | ||
| 918 | other test tools) will complain about this. When using Valgrind, make sure the | ||
| 919 | OpenSSL library has been compiled with the PURIFY macro defined (-DPURIFY) | ||
| 920 | to get rid of these warnings. | ||
| 921 | |||
| 922 | |||
| 811 | =============================================================================== | 923 | =============================================================================== |
| 812 | 924 | ||
diff --git a/src/lib/libssl/src/INSTALL b/src/lib/libssl/src/INSTALL index 503474f2e4..c72cc1dcee 100644 --- a/src/lib/libssl/src/INSTALL +++ b/src/lib/libssl/src/INSTALL | |||
| @@ -2,8 +2,10 @@ | |||
| 2 | INSTALLATION ON THE UNIX PLATFORM | 2 | INSTALLATION ON THE UNIX PLATFORM |
| 3 | --------------------------------- | 3 | --------------------------------- |
| 4 | 4 | ||
| 5 | [Installation on DOS (with djgpp), Windows, OpenVMS and MacOS (before MacOS X) | 5 | [Installation on DOS (with djgpp), Windows, OpenVMS, MacOS (before MacOS X) |
| 6 | is described in INSTALL.DJGPP, INSTALL.W32, INSTALL.VMS and INSTALL.MacOS. | 6 | and NetWare is described in INSTALL.DJGPP, INSTALL.W32, INSTALL.VMS, |
| 7 | INSTALL.MacOS and INSTALL.NW. | ||
| 8 | |||
| 7 | This document describes installation on operating systems in the Unix | 9 | This document describes installation on operating systems in the Unix |
| 8 | family.] | 10 | family.] |
| 9 | 11 | ||
| @@ -73,14 +75,30 @@ | |||
| 73 | no-asm Do not use assembler code. | 75 | no-asm Do not use assembler code. |
| 74 | 76 | ||
| 75 | 386 Use the 80386 instruction set only (the default x86 code is | 77 | 386 Use the 80386 instruction set only (the default x86 code is |
| 76 | more efficient, but requires at least a 486). | 78 | more efficient, but requires at least a 486). Note: Use |
| 79 | compiler flags for any other CPU specific configuration, | ||
| 80 | e.g. "-m32" to build x86 code on an x64 system. | ||
| 81 | |||
| 82 | no-sse2 Exclude SSE2 code pathes. Normally SSE2 extention is | ||
| 83 | detected at run-time, but the decision whether or not the | ||
| 84 | machine code will be executed is taken solely on CPU | ||
| 85 | capability vector. This means that if you happen to run OS | ||
| 86 | kernel which does not support SSE2 extension on Intel P4 | ||
| 87 | processor, then your application might be exposed to | ||
| 88 | "illegal instruction" exception. There might be a way | ||
| 89 | to enable support in kernel, e.g. FreeBSD kernel can be | ||
| 90 | compiled with CPU_ENABLE_SSE, and there is a way to | ||
| 91 | disengage SSE2 code pathes upon application start-up, | ||
| 92 | but if you aim for wider "audience" running such kernel, | ||
| 93 | consider no-sse2. Both 386 and no-asm options above imply | ||
| 94 | no-sse2. | ||
| 77 | 95 | ||
| 78 | no-<cipher> Build without the specified cipher (bf, cast, des, dh, dsa, | 96 | no-<cipher> Build without the specified cipher (bf, cast, des, dh, dsa, |
| 79 | hmac, md2, md5, mdc2, rc2, rc4, rc5, rsa, sha). | 97 | hmac, md2, md5, mdc2, rc2, rc4, rc5, rsa, sha). |
| 80 | The crypto/<cipher> directory can be removed after running | 98 | The crypto/<cipher> directory can be removed after running |
| 81 | "make depend". | 99 | "make depend". |
| 82 | 100 | ||
| 83 | -Dxxx, -lxxx, -Lxxx, -fxxx, -Kxxx These system specific options will | 101 | -Dxxx, -lxxx, -Lxxx, -fxxx, -mxxx, -Kxxx These system specific options will |
| 84 | be passed through to the compiler to allow you to | 102 | be passed through to the compiler to allow you to |
| 85 | define preprocessor symbols, specify additional libraries, | 103 | define preprocessor symbols, specify additional libraries, |
| 86 | library directories or other compiler options. | 104 | library directories or other compiler options. |
| @@ -123,7 +141,7 @@ | |||
| 123 | generic configurations "cc" or "gcc" should usually work on 32 bit | 141 | generic configurations "cc" or "gcc" should usually work on 32 bit |
| 124 | systems. | 142 | systems. |
| 125 | 143 | ||
| 126 | Configure creates the file Makefile from Makefile.org and | 144 | Configure creates the file Makefile.ssl from Makefile.org and |
| 127 | defines various macros in crypto/opensslconf.h (generated from | 145 | defines various macros in crypto/opensslconf.h (generated from |
| 128 | crypto/opensslconf.h.in). | 146 | crypto/opensslconf.h.in). |
| 129 | 147 | ||
| @@ -140,7 +158,7 @@ | |||
| 140 | standard headers). If it is a problem with OpenSSL itself, please | 158 | standard headers). If it is a problem with OpenSSL itself, please |
| 141 | report the problem to <openssl-bugs@openssl.org> (note that your | 159 | report the problem to <openssl-bugs@openssl.org> (note that your |
| 142 | message will be recorded in the request tracker publicly readable | 160 | message will be recorded in the request tracker publicly readable |
| 143 | via http://www.openssl.org/support/rt2.html and will be forwarded to a | 161 | via http://www.openssl.org/support/rt.html and will be forwarded to a |
| 144 | public mailing list). Include the output of "make report" in your message. | 162 | public mailing list). Include the output of "make report" in your message. |
| 145 | Please check out the request tracker. Maybe the bug was already | 163 | Please check out the request tracker. Maybe the bug was already |
| 146 | reported or has already been fixed. | 164 | reported or has already been fixed. |
| @@ -159,10 +177,10 @@ | |||
| 159 | the failure that isn't a problem in OpenSSL itself (like a missing | 177 | the failure that isn't a problem in OpenSSL itself (like a missing |
| 160 | or malfunctioning bc). If it is a problem with OpenSSL itself, | 178 | or malfunctioning bc). If it is a problem with OpenSSL itself, |
| 161 | try removing any compiler optimization flags from the CFLAG line | 179 | try removing any compiler optimization flags from the CFLAG line |
| 162 | in Makefile and run "make clean; make". Please send a bug | 180 | in Makefile.ssl and run "make clean; make". Please send a bug |
| 163 | report to <openssl-bugs@openssl.org>, including the output of | 181 | report to <openssl-bugs@openssl.org>, including the output of |
| 164 | "make report" in order to be added to the request tracker at | 182 | "make report" in order to be added to the request tracker at |
| 165 | http://www.openssl.org/support/rt2.html. | 183 | http://www.openssl.org/support/rt.html. |
| 166 | 184 | ||
| 167 | 4. If everything tests ok, install OpenSSL with | 185 | 4. If everything tests ok, install OpenSSL with |
| 168 | 186 | ||
| @@ -284,10 +302,10 @@ | |||
| 284 | Note on shared libraries | 302 | Note on shared libraries |
| 285 | ------------------------ | 303 | ------------------------ |
| 286 | 304 | ||
| 287 | Shared library is currently an experimental feature. The only reason to | 305 | Shared libraries have certain caveats. Binary backward compatibility |
| 288 | have them would be to conserve memory on systems where several program | 306 | can't be guaranteed before OpenSSL version 1.0. The only reason to |
| 289 | are using OpenSSL. Binary backward compatibility can't be guaranteed | 307 | use them would be to conserve memory on systems where several programs |
| 290 | before OpenSSL version 1.0. | 308 | are using OpenSSL. |
| 291 | 309 | ||
| 292 | For some systems, the OpenSSL Configure script knows what is needed to | 310 | For some systems, the OpenSSL Configure script knows what is needed to |
| 293 | build shared libraries for libcrypto and libssl. On these systems, | 311 | build shared libraries for libcrypto and libssl. On these systems, |
| @@ -312,7 +330,7 @@ | |||
| 312 | Note on support for multiple builds | 330 | Note on support for multiple builds |
| 313 | ----------------------------------- | 331 | ----------------------------------- |
| 314 | 332 | ||
| 315 | OpenSSL is usually built in it's source tree. Unfortunately, this doesn't | 333 | OpenSSL is usually built in its source tree. Unfortunately, this doesn't |
| 316 | support building for multiple platforms from the same source tree very well. | 334 | support building for multiple platforms from the same source tree very well. |
| 317 | It is however possible to build in a separate tree through the use of lots | 335 | It is however possible to build in a separate tree through the use of lots |
| 318 | of symbolic links, which should be prepared like this: | 336 | of symbolic links, which should be prepared like this: |
diff --git a/src/lib/libssl/src/INSTALL.W32 b/src/lib/libssl/src/INSTALL.W32 index c277efa18b..3dd7832f4e 100644 --- a/src/lib/libssl/src/INSTALL.W32 +++ b/src/lib/libssl/src/INSTALL.W32 | |||
| @@ -3,6 +3,7 @@ | |||
| 3 | ---------------------------------- | 3 | ---------------------------------- |
| 4 | 4 | ||
| 5 | [Instructions for building for Windows CE can be found in INSTALL.WCE] | 5 | [Instructions for building for Windows CE can be found in INSTALL.WCE] |
| 6 | [Instructions for building for Win64 can be found in INSTALL.W64] | ||
| 6 | 7 | ||
| 7 | Heres a few comments about building OpenSSL in Windows environments. Most | 8 | Heres a few comments about building OpenSSL in Windows environments. Most |
| 8 | of this is tested on Win32 but it may also work in Win 3.1 with some | 9 | of this is tested on Win32 but it may also work in Win 3.1 with some |
| @@ -46,13 +47,14 @@ | |||
| 46 | http://www.kernel.org/pub/software/devel/nasm/binaries/win32/ | 47 | http://www.kernel.org/pub/software/devel/nasm/binaries/win32/ |
| 47 | The NASM binary nasmw.exe needs to be installed anywhere on your PATH. | 48 | The NASM binary nasmw.exe needs to be installed anywhere on your PATH. |
| 48 | 49 | ||
| 49 | Firstly you should run Configure (to build a FIPS-certified variant of | 50 | Firstly you should run Configure: |
| 50 | OpenSSL, add the option "fips"): | ||
| 51 | 51 | ||
| 52 | > perl Configure VC-WIN32 | 52 | > perl Configure VC-WIN32 --prefix=c:/some/openssl/dir |
| 53 | |||
| 54 | Where the prefix argument specifies where OpenSSL will be installed to. | ||
| 53 | 55 | ||
| 54 | Next you need to build the Makefiles and optionally the assembly language | 56 | Next you need to build the Makefiles and optionally the assembly language |
| 55 | files (to build a FIPS-certified variant of OpenSSL, add the argument "fips"): | 57 | files: |
| 56 | 58 | ||
| 57 | - If you are using MASM then run: | 59 | - If you are using MASM then run: |
| 58 | 60 | ||
| @@ -77,8 +79,12 @@ | |||
| 77 | If all is well it should compile and you will have some DLLs and executables | 79 | If all is well it should compile and you will have some DLLs and executables |
| 78 | in out32dll. If you want to try the tests then do: | 80 | in out32dll. If you want to try the tests then do: |
| 79 | 81 | ||
| 80 | > cd out32dll | 82 | > nmake -f ms\ntdll.mak test |
| 81 | > ..\ms\test | 83 | |
| 84 | |||
| 85 | To install OpenSSL to the specified location do: | ||
| 86 | |||
| 87 | > nmake -f ms\ntdll.mak install | ||
| 82 | 88 | ||
| 83 | Tweaks: | 89 | Tweaks: |
| 84 | 90 | ||
| @@ -88,6 +94,12 @@ | |||
| 88 | compiled in. Note that mk1mf.pl expects the platform to be the last argument | 94 | compiled in. Note that mk1mf.pl expects the platform to be the last argument |
| 89 | on the command line, so 'debug' must appear before that, as all other options. | 95 | on the command line, so 'debug' must appear before that, as all other options. |
| 90 | 96 | ||
| 97 | |||
| 98 | By default in 0.9.8 OpenSSL will compile builtin ENGINES into the libeay32.dll | ||
| 99 | shared library. If you specify the "no-static-engine" option on the command | ||
| 100 | line to Configure the shared library build (ms\ntdll.mak) will compile the | ||
| 101 | engines as separate DLLs. | ||
| 102 | |||
| 91 | The default Win32 environment is to leave out any Windows NT specific | 103 | The default Win32 environment is to leave out any Windows NT specific |
| 92 | features. | 104 | features. |
| 93 | 105 | ||
| @@ -98,15 +110,15 @@ | |||
| 98 | You can also build a static version of the library using the Makefile | 110 | You can also build a static version of the library using the Makefile |
| 99 | ms\nt.mak | 111 | ms\nt.mak |
| 100 | 112 | ||
| 113 | |||
| 114 | |||
| 101 | Borland C++ builder 5 | 115 | Borland C++ builder 5 |
| 102 | --------------------- | 116 | --------------------- |
| 103 | 117 | ||
| 104 | * Configure for building with Borland Builder (to build a FIPS-certified | 118 | * Configure for building with Borland Builder: |
| 105 | variant of OpenSSL, add the option "fips"): | ||
| 106 | > perl Configure BC-32 | 119 | > perl Configure BC-32 |
| 107 | 120 | ||
| 108 | * Create the appropriate makefile (to build a FIPS-certified variant of | 121 | * Create the appropriate makefile |
| 109 | OpenSSL, add the argument "fips") | ||
| 110 | > ms\do_nasm | 122 | > ms\do_nasm |
| 111 | 123 | ||
| 112 | * Build | 124 | * Build |
| @@ -197,8 +209,6 @@ | |||
| 197 | occur, try | 209 | occur, try |
| 198 | > ms\mingw32 no-asm | 210 | > ms\mingw32 no-asm |
| 199 | instead. | 211 | instead. |
| 200 | If you want to build a FIPS-certified variant of OpenSSL, add the argument | ||
| 201 | "fips" | ||
| 202 | 212 | ||
| 203 | libcrypto.a and libssl.a are the static libraries. To use the DLLs, | 213 | libcrypto.a and libssl.a are the static libraries. To use the DLLs, |
| 204 | link with libeay32.a and libssl32.a instead. | 214 | link with libeay32.a and libssl32.a instead. |
| @@ -291,3 +301,21 @@ | |||
| 291 | (e.g. fopen()), and OpenSSL cannot change these; so in general you cannot | 301 | (e.g. fopen()), and OpenSSL cannot change these; so in general you cannot |
| 292 | rely on CRYPTO_malloc_init() solving your problem, and you should | 302 | rely on CRYPTO_malloc_init() solving your problem, and you should |
| 293 | consistently use the multithreaded library. | 303 | consistently use the multithreaded library. |
| 304 | |||
| 305 | Linking your application | ||
| 306 | ------------------------ | ||
| 307 | |||
| 308 | If you link with static OpenSSL libraries [those built with ms/nt.mak], | ||
| 309 | then you're expected to additionally link your application with | ||
| 310 | WSOCK32.LIB, ADVAPI32.LIB, GDI32.LIB and USER32.LIB. Those developing | ||
| 311 | non-interactive service applications might feel concerned about linking | ||
| 312 | with latter two, as they are justly associated with interactive desktop, | ||
| 313 | which is not available to service processes. The toolkit is designed | ||
| 314 | to detect in which context it's currently executed, GUI, console app | ||
| 315 | or service, and act accordingly, namely whether or not to actually make | ||
| 316 | GUI calls. | ||
| 317 | |||
| 318 | If you link with OpenSSL .DLLs, then you're expected to include into | ||
| 319 | your application code small "shim" snippet, which provides glue between | ||
| 320 | OpenSSL BIO layer and your compiler run-time. Look up OPENSSL_Applink | ||
| 321 | reference page for further details. | ||
diff --git a/src/lib/libssl/src/LICENSE b/src/lib/libssl/src/LICENSE index e6afecc724..a2c4adcbe6 100644 --- a/src/lib/libssl/src/LICENSE +++ b/src/lib/libssl/src/LICENSE | |||
| @@ -12,7 +12,7 @@ | |||
| 12 | --------------- | 12 | --------------- |
| 13 | 13 | ||
| 14 | /* ==================================================================== | 14 | /* ==================================================================== |
| 15 | * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved. | 15 | * Copyright (c) 1998-2008 The OpenSSL Project. All rights reserved. |
| 16 | * | 16 | * |
| 17 | * Redistribution and use in source and binary forms, with or without | 17 | * Redistribution and use in source and binary forms, with or without |
| 18 | * modification, are permitted provided that the following conditions | 18 | * modification, are permitted provided that the following conditions |
diff --git a/src/lib/libssl/src/Makefile.org b/src/lib/libssl/src/Makefile.org index b9db0dd57d..22b1699257 100644 --- a/src/lib/libssl/src/Makefile.org +++ b/src/lib/libssl/src/Makefile.org | |||
| @@ -57,9 +57,8 @@ OPENSSLDIR=/usr/local/ssl | |||
| 57 | # equal 4. | 57 | # equal 4. |
| 58 | # PKCS1_CHECK - pkcs1 tests. | 58 | # PKCS1_CHECK - pkcs1 tests. |
| 59 | 59 | ||
| 60 | CC= gcc | 60 | CC= cc |
| 61 | #CFLAG= -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall -Wuninitialized -DSHA1_ASM -DMD5_ASM -DRMD160_ASM | 61 | CFLAG= -O |
| 62 | CFLAG= -DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall -DSHA1_ASM -DMD5_ASM -DRMD160_ASM | ||
| 63 | DEPFLAG= | 62 | DEPFLAG= |
| 64 | PEX_LIBS= | 63 | PEX_LIBS= |
| 65 | EX_LIBS= | 64 | EX_LIBS= |
| @@ -80,93 +79,22 @@ MAKEDEPPROG=makedepend | |||
| 80 | AS=$(CC) -c | 79 | AS=$(CC) -c |
| 81 | ASFLAG=$(CFLAG) | 80 | ASFLAG=$(CFLAG) |
| 82 | 81 | ||
| 83 | # Set BN_ASM to bn_asm.o if you want to use the C version | ||
| 84 | BN_ASM= bn_asm.o | ||
| 85 | #BN_ASM= bn_asm.o | ||
| 86 | #BN_ASM= asm/bn86-elf.o # elf, linux-elf | ||
| 87 | #BN_ASM= asm/bn86-sol.o # solaris | ||
| 88 | #BN_ASM= asm/bn86-out.o # a.out, FreeBSD | ||
| 89 | #BN_ASM= asm/bn86bsdi.o # bsdi | ||
| 90 | #BN_ASM= asm/alpha.o # DEC Alpha | ||
| 91 | #BN_ASM= asm/pa-risc2.o # HP-UX PA-RISC | ||
| 92 | #BN_ASM= asm/r3000.o # SGI MIPS cpu | ||
| 93 | #BN_ASM= asm/sparc.o # Sun solaris/SunOS | ||
| 94 | #BN_ASM= asm/bn-win32.o # Windows 95/NT | ||
| 95 | #BN_ASM= asm/x86w16.o # 16 bit code for Windows 3.1/DOS | ||
| 96 | #BN_ASM= asm/x86w32.o # 32 bit code for Windows 3.1 | ||
| 97 | |||
| 98 | # For x86 assembler: Set PROCESSOR to 386 if you want to support | 82 | # For x86 assembler: Set PROCESSOR to 386 if you want to support |
| 99 | # the 80386. | 83 | # the 80386. |
| 100 | PROCESSOR= | 84 | PROCESSOR= |
| 101 | 85 | ||
| 102 | # Set DES_ENC to des_enc.o if you want to use the C version | 86 | # CPUID module collects small commonly used assembler snippets |
| 103 | #There are 4 x86 assember options. | 87 | CPUID_OBJ= |
| 104 | FIPS_DES_ENC= des_enc.o fcrypt_b.o | 88 | BN_ASM= bn_asm.o |
| 105 | FIPS_AES_ENC= fips_aes_core.o | 89 | DES_ENC= des_enc.o fcrypt_b.o |
| 106 | DES_ENC= asm/dx86-out.o asm/yx86-out.o | 90 | AES_ASM_OBJ=aes_core.o aes_cbc.o |
| 107 | #DES_ENC= des_enc.o fcrypt_b.o # C | 91 | BF_ENC= bf_enc.o |
| 108 | #DES_ENC= asm/dx86-elf.o asm/yx86-elf.o # elf | 92 | CAST_ENC= c_enc.o |
| 109 | #DES_ENC= asm/dx86-sol.o asm/yx86-sol.o # solaris | 93 | RC4_ENC= rc4_enc.o |
| 110 | #DES_ENC= asm/dx86-out.o asm/yx86-out.o # a.out, FreeBSD | 94 | RC5_ENC= rc5_enc.o |
| 111 | #DES_ENC= asm/dx86bsdi.o asm/yx86bsdi.o # bsdi | 95 | MD5_ASM_OBJ= |
| 112 | 96 | SHA1_ASM_OBJ= | |
| 113 | # Set BF_ENC to bf_enc.o if you want to use the C version | 97 | RMD160_ASM_OBJ= |
| 114 | #There are 4 x86 assember options. | ||
| 115 | BF_ENC= asm/bx86-out.o | ||
| 116 | #BF_ENC= bf_enc.o | ||
| 117 | #BF_ENC= asm/bx86-elf.o # elf | ||
| 118 | #BF_ENC= asm/bx86-sol.o # solaris | ||
| 119 | #BF_ENC= asm/bx86-out.o # a.out, FreeBSD | ||
| 120 | #BF_ENC= asm/bx86bsdi.o # bsdi | ||
| 121 | |||
| 122 | # Set CAST_ENC to c_enc.o if you want to use the C version | ||
| 123 | #There are 4 x86 assember options. | ||
| 124 | CAST_ENC= asm/cx86-out.o | ||
| 125 | #CAST_ENC= c_enc.o | ||
| 126 | #CAST_ENC= asm/cx86-elf.o # elf | ||
| 127 | #CAST_ENC= asm/cx86-sol.o # solaris | ||
| 128 | #CAST_ENC= asm/cx86-out.o # a.out, FreeBSD | ||
| 129 | #CAST_ENC= asm/cx86bsdi.o # bsdi | ||
| 130 | |||
| 131 | # Set RC4_ENC to rc4_enc.o if you want to use the C version | ||
| 132 | #There are 4 x86 assember options. | ||
| 133 | RC4_ENC= asm/rx86-out.o | ||
| 134 | #RC4_ENC= rc4_enc.o | ||
| 135 | #RC4_ENC= asm/rx86-elf.o # elf | ||
| 136 | #RC4_ENC= asm/rx86-sol.o # solaris | ||
| 137 | #RC4_ENC= asm/rx86-out.o # a.out, FreeBSD | ||
| 138 | #RC4_ENC= asm/rx86bsdi.o # bsdi | ||
| 139 | |||
| 140 | # Set RC5_ENC to rc5_enc.o if you want to use the C version | ||
| 141 | #There are 4 x86 assember options. | ||
| 142 | RC5_ENC= asm/r586-out.o | ||
| 143 | #RC5_ENC= rc5_enc.o | ||
| 144 | #RC5_ENC= asm/r586-elf.o # elf | ||
| 145 | #RC5_ENC= asm/r586-sol.o # solaris | ||
| 146 | #RC5_ENC= asm/r586-out.o # a.out, FreeBSD | ||
| 147 | #RC5_ENC= asm/r586bsdi.o # bsdi | ||
| 148 | |||
| 149 | # Also need MD5_ASM defined | ||
| 150 | MD5_ASM_OBJ= asm/mx86-out.o | ||
| 151 | #MD5_ASM_OBJ= asm/mx86-elf.o # elf | ||
| 152 | #MD5_ASM_OBJ= asm/mx86-sol.o # solaris | ||
| 153 | #MD5_ASM_OBJ= asm/mx86-out.o # a.out, FreeBSD | ||
| 154 | #MD5_ASM_OBJ= asm/mx86bsdi.o # bsdi | ||
| 155 | |||
| 156 | # Also need SHA1_ASM defined | ||
| 157 | SHA1_ASM_OBJ= asm/sx86-out.o | ||
| 158 | FIPS_SHA1_ASM_OBJ= asm/sx86-out.o | ||
| 159 | #SHA1_ASM_OBJ= asm/sx86-elf.o # elf | ||
| 160 | #SHA1_ASM_OBJ= asm/sx86-sol.o # solaris | ||
| 161 | #SHA1_ASM_OBJ= asm/sx86-out.o # a.out, FreeBSD | ||
| 162 | #SHA1_ASM_OBJ= asm/sx86bsdi.o # bsdi | ||
| 163 | |||
| 164 | # Also need RMD160_ASM defined | ||
| 165 | RMD160_ASM_OBJ= asm/rm86-out.o | ||
| 166 | #RMD160_ASM_OBJ= asm/rm86-elf.o # elf | ||
| 167 | #RMD160_ASM_OBJ= asm/rm86-sol.o # solaris | ||
| 168 | #RMD160_ASM_OBJ= asm/rm86-out.o # a.out, FreeBSD | ||
| 169 | #RMD160_ASM_OBJ= asm/rm86bsdi.o # bsdi | ||
| 170 | 98 | ||
| 171 | # KRB5 stuff | 99 | # KRB5 stuff |
| 172 | KRB5_INCLUDES= | 100 | KRB5_INCLUDES= |
| @@ -176,36 +104,20 @@ LIBKRB5= | |||
| 176 | ZLIB_INCLUDE= | 104 | ZLIB_INCLUDE= |
| 177 | LIBZLIB= | 105 | LIBZLIB= |
| 178 | 106 | ||
| 179 | # This is the location of fipscanister.o and friends. | 107 | DIRS= crypto ssl engines apps test tools |
| 180 | # The FIPS module build will place it $(INSTALLTOP)/lib | ||
| 181 | # but since $(INSTALLTOP) can only take the default value | ||
| 182 | # when the module is built it will be in /usr/local/ssl/lib | ||
| 183 | # $(INSTALLTOP) for this build make be different so hard | ||
| 184 | # code the path. | ||
| 185 | |||
| 186 | FIPSLIBDIR=/usr/local/ssl/lib | ||
| 187 | |||
| 188 | # Shared library base address. Currently only used on Windows. | ||
| 189 | # | ||
| 190 | |||
| 191 | BASEADDR= | ||
| 192 | |||
| 193 | # When we're prepared to use shared libraries in the programs we link here | ||
| 194 | # we might set SHLIB_MARK to '$(SHARED_LIBS)'. | ||
| 195 | SHLIB_MARK= | ||
| 196 | |||
| 197 | DIRS= crypto fips-1.0 ssl $(SHLIB_MARK) apps test tools | ||
| 198 | SHLIBDIRS= crypto ssl | 108 | SHLIBDIRS= crypto ssl |
| 199 | 109 | ||
| 200 | # dirs in crypto to build | 110 | # dirs in crypto to build |
| 201 | SDIRS= objects \ | 111 | SDIRS= \ |
| 112 | objects \ | ||
| 202 | md2 md4 md5 sha mdc2 hmac ripemd \ | 113 | md2 md4 md5 sha mdc2 hmac ripemd \ |
| 203 | des rc2 rc4 rc5 idea bf cast \ | 114 | des aes rc2 rc4 rc5 idea bf cast camellia seed \ |
| 204 | bn ec rsa dsa dh dso engine aes \ | 115 | bn ec rsa dsa ecdsa dh ecdh dso engine \ |
| 205 | buffer bio stack lhash rand err \ | 116 | buffer bio stack lhash rand err \ |
| 206 | evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp ocsp ui krb5 | 117 | evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp ocsp ui krb5 \ |
| 207 | 118 | store cms pqueue | |
| 208 | FDIRS= sha rand des aes dsa rsa dh hmac | 119 | # keep in mind that the above list is adjusted by ./Configure |
| 120 | # according to no-xxx arguments... | ||
| 209 | 121 | ||
| 210 | # tests to perform. "alltests" is a special word indicating that all tests | 122 | # tests to perform. "alltests" is a special word indicating that all tests |
| 211 | # should be performed. | 123 | # should be performed. |
| @@ -238,38 +150,106 @@ WTARFILE= $(NAME)-win.tar | |||
| 238 | EXHEADER= e_os2.h | 150 | EXHEADER= e_os2.h |
| 239 | HEADER= e_os.h | 151 | HEADER= e_os.h |
| 240 | 152 | ||
| 241 | # When we're prepared to use shared libraries in the programs we link here | 153 | all: Makefile build_all openssl.pc libssl.pc libcrypto.pc |
| 242 | # we might remove 'clean-shared' from the targets to perform at this stage | 154 | |
| 155 | # as we stick to -e, CLEARENV ensures that local variables in lower | ||
| 156 | # Makefiles remain local and variable. $${VAR+VAR} is tribute to Korn | ||
| 157 | # shell, which [annoyingly enough] terminates unset with error if VAR | ||
| 158 | # is not present:-( TOP= && unset TOP is tribute to HP-UX /bin/sh, | ||
| 159 | # which terminates unset with error if no variable was present:-( | ||
| 160 | CLEARENV= TOP= && unset TOP $${LIB+LIB} $${LIBS+LIBS} \ | ||
| 161 | $${INCLUDE+INCLUDE} $${INCLUDES+INCLUDES} \ | ||
| 162 | $${DIR+DIR} $${DIRS+DIRS} $${SRC+SRC} \ | ||
| 163 | $${LIBSRC+LIBSRC} $${LIBOBJ+LIBOBJ} $${ALL+ALL} \ | ||
| 164 | $${EXHEADER+EXHEADER} $${HEADER+HEADER} \ | ||
| 165 | $${GENERAL+GENERAL} $${CFLAGS+CFLAGS} \ | ||
| 166 | $${ASFLAGS+ASFLAGS} $${AFLAGS+AFLAGS} \ | ||
| 167 | $${LDCMD+LDCMD} $${LDFLAGS+LDFLAGS} \ | ||
| 168 | $${SHAREDCMD+SHAREDCMD} $${SHAREDFLAGS+SHAREDFLAGS} \ | ||
| 169 | $${SHARED_LIB+SHARED_LIB} $${LIBEXTRAS+LIBEXTRAS} | ||
| 170 | |||
| 171 | BUILDENV= PLATFORM='${PLATFORM}' PROCESSOR='${PROCESSOR}' \ | ||
| 172 | CC='${CC}' CFLAG='${CFLAG}' \ | ||
| 173 | AS='${CC}' ASFLAG='${CFLAG} -c' \ | ||
| 174 | AR='${AR}' PERL='${PERL}' RANLIB='${RANLIB}' \ | ||
| 175 | SDIRS='${SDIRS}' LIBRPATH='${INSTALLTOP}/lib' \ | ||
| 176 | INSTALL_PREFIX='${INSTALL_PREFIX}' \ | ||
| 177 | INSTALLTOP='${INSTALLTOP}' OPENSSLDIR='${OPENSSLDIR}' \ | ||
| 178 | MAKEDEPEND='$$$${TOP}/util/domd $$$${TOP} -MD ${MAKEDEPPROG}' \ | ||
| 179 | DEPFLAG='-DOPENSSL_NO_DEPRECATED ${DEPFLAG}' \ | ||
| 180 | MAKEDEPPROG='${MAKEDEPPROG}' \ | ||
| 181 | SHARED_LDFLAGS='${SHARED_LDFLAGS}' \ | ||
| 182 | KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' \ | ||
| 183 | EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' \ | ||
| 184 | SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' \ | ||
| 185 | PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' \ | ||
| 186 | CPUID_OBJ='${CPUID_OBJ}' \ | ||
| 187 | BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' \ | ||
| 188 | AES_ASM_OBJ='${AES_ASM_OBJ}' \ | ||
| 189 | BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' \ | ||
| 190 | RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' \ | ||
| 191 | SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' \ | ||
| 192 | MD5_ASM_OBJ='${MD5_ASM_OBJ}' \ | ||
| 193 | RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' \ | ||
| 194 | THIS=$${THIS:-$@} MAKEFILE=Makefile MAKEOVERRIDES= | ||
| 195 | # MAKEOVERRIDES= effectively "equalizes" GNU-ish and SysV-ish make flavors, | ||
| 196 | # which in turn eliminates ambiguities in variable treatment with -e. | ||
| 197 | |||
| 198 | # BUILD_CMD is a generic macro to build a given target in a given | ||
| 199 | # subdirectory. The target must be given through the shell variable | ||
| 200 | # `target' and the subdirectory to build in must be given through `dir'. | ||
| 201 | # This macro shouldn't be used directly, use RECURSIVE_BUILD_CMD or | ||
| 202 | # BUILD_ONE_CMD instead. | ||
| 203 | # | ||
| 204 | # BUILD_ONE_CMD is a macro to build a given target in a given | ||
| 205 | # subdirectory if that subdirectory is part of $(DIRS). It requires | ||
| 206 | # exactly the same shell variables as BUILD_CMD. | ||
| 207 | # | ||
| 208 | # RECURSIVE_BUILD_CMD is a macro to build a given target in all | ||
| 209 | # subdirectories defined in $(DIRS). It requires that the target | ||
| 210 | # is given through the shell variable `target'. | ||
| 211 | BUILD_CMD= if [ -d "$$dir" ]; then \ | ||
| 212 | ( cd $$dir && echo "making $$target in $$dir..." && \ | ||
| 213 | $(CLEARENV) && $(MAKE) -e $(BUILDENV) TOP=.. DIR=$$dir $$target \ | ||
| 214 | ) || exit 1; \ | ||
| 215 | fi | ||
| 216 | RECURSIVE_BUILD_CMD=for dir in $(DIRS); do $(BUILD_CMD); done | ||
| 217 | BUILD_ONE_CMD=\ | ||
| 218 | if echo " $(DIRS) " | grep " $$dir " >/dev/null 2>/dev/null; then \ | ||
| 219 | $(BUILD_CMD); \ | ||
| 220 | fi | ||
| 243 | 221 | ||
| 244 | all: Makefile sub_all openssl.pc | 222 | reflect: |
| 223 | @[ -n "$(THIS)" ] && $(CLEARENV) && $(MAKE) $(THIS) -e $(BUILDENV) | ||
| 245 | 224 | ||
| 246 | sub_all: | 225 | sub_all: build_all |
| 247 | @for i in $(DIRS); \ | 226 | build_all: build_libs build_apps build_tests build_tools |
| 248 | do \ | ||
| 249 | if [ -d "$$i" ]; then \ | ||
| 250 | (cd $$i && echo "making all in $$i..." && \ | ||
| 251 | $(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' AS='${AS}' ASFLAG='${ASFLAG}' SDIRS='$(SDIRS)' FDIRS='$(FDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' FIPS_DES_ENC='${FIPS_DES_ENC}' FIPS_AES_ENC='${FIPS_AES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' FIPS_SHA1_ASM_OBJ='${FIPS_SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' FIPSLIBDIR='${FIPSLIBDIR}' all ) || exit 1; \ | ||
| 252 | else \ | ||
| 253 | $(MAKE) $$i; \ | ||
| 254 | fi; \ | ||
| 255 | done; | ||
| 256 | 227 | ||
| 257 | sub_target: | 228 | build_libs: build_crypto build_ssl build_engines |
| 258 | @for i in $(DIRS); \ | 229 | |
| 259 | do \ | 230 | build_crypto: |
| 260 | if [ -d "$$i" ]; then \ | 231 | @dir=crypto; target=all; $(BUILD_ONE_CMD) |
| 261 | (cd $$i && echo "making $(TARGET) in $$i..." && \ | 232 | build_ssl: |
| 262 | $(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' AS='${AS}' ASFLAG='${ASFLAG}' SDIRS='$(SDIRS)' FDIRS='$(FDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' FIPS_DES_ENC='${FIPS_DES_ENC}' FIPS_AES_ENC='${FIPS_AES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' FIPS_SHA1_ASM_OBJ='${FIPS_SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' TARGET='$(TARGET)' sub_target ) || exit 1; \ | 233 | @dir=ssl; target=all; $(BUILD_ONE_CMD) |
| 263 | else \ | 234 | build_engines: |
| 264 | $(MAKE) $$i; \ | 235 | @dir=engines; target=all; $(BUILD_ONE_CMD) |
| 265 | fi; \ | 236 | build_apps: |
| 266 | done; | 237 | @dir=apps; target=all; $(BUILD_ONE_CMD) |
| 238 | build_tests: | ||
| 239 | @dir=test; target=all; $(BUILD_ONE_CMD) | ||
| 240 | build_tools: | ||
| 241 | @dir=tools; target=all; $(BUILD_ONE_CMD) | ||
| 242 | |||
| 243 | all_testapps: build_libs build_testapps | ||
| 244 | build_testapps: | ||
| 245 | @dir=crypto; target=testapps; $(BUILD_ONE_CMD) | ||
| 267 | 246 | ||
| 268 | libcrypto$(SHLIB_EXT): libcrypto.a | 247 | libcrypto$(SHLIB_EXT): libcrypto.a |
| 269 | @if [ "$(SHLIB_TARGET)" != "" ]; then \ | 248 | @if [ "$(SHLIB_TARGET)" != "" ]; then \ |
| 270 | $(MAKE) SHLIBDIRS=crypto build-shared; \ | 249 | $(MAKE) SHLIBDIRS=crypto build-shared; \ |
| 271 | else \ | 250 | else \ |
| 272 | echo "There's no support for shared libraries on this platform" >&2; \ | 251 | echo "There's no support for shared libraries on this platform" >&2; \ |
| 252 | exit 1; \ | ||
| 273 | fi | 253 | fi |
| 274 | 254 | ||
| 275 | libssl$(SHLIB_EXT): libcrypto$(SHLIB_EXT) libssl.a | 255 | libssl$(SHLIB_EXT): libcrypto$(SHLIB_EXT) libssl.a |
| @@ -277,10 +257,11 @@ libssl$(SHLIB_EXT): libcrypto$(SHLIB_EXT) libssl.a | |||
| 277 | $(MAKE) SHLIBDIRS=ssl SHLIBDEPS='-lcrypto' build-shared; \ | 257 | $(MAKE) SHLIBDIRS=ssl SHLIBDEPS='-lcrypto' build-shared; \ |
| 278 | else \ | 258 | else \ |
| 279 | echo "There's no support for shared libraries on this platform" >&2; \ | 259 | echo "There's no support for shared libraries on this platform" >&2; \ |
| 260 | exit 1; \ | ||
| 280 | fi | 261 | fi |
| 281 | 262 | ||
| 282 | clean-shared: | 263 | clean-shared: |
| 283 | @for i in $(SHLIBDIRS); do \ | 264 | @set -e; for i in $(SHLIBDIRS); do \ |
| 284 | if [ -n "$(SHARED_LIBS_LINK_EXTS)" ]; then \ | 265 | if [ -n "$(SHARED_LIBS_LINK_EXTS)" ]; then \ |
| 285 | tmp="$(SHARED_LIBS_LINK_EXTS)"; \ | 266 | tmp="$(SHARED_LIBS_LINK_EXTS)"; \ |
| 286 | for j in $${tmp:-x}; do \ | 267 | for j in $${tmp:-x}; do \ |
| @@ -289,312 +270,59 @@ clean-shared: | |||
| 289 | fi; \ | 270 | fi; \ |
| 290 | ( set -x; rm -f lib$$i$(SHLIB_EXT) ); \ | 271 | ( set -x; rm -f lib$$i$(SHLIB_EXT) ); \ |
| 291 | if [ "$(PLATFORM)" = "Cygwin" ]; then \ | 272 | if [ "$(PLATFORM)" = "Cygwin" ]; then \ |
| 292 | ( set -x; rm -f cyg$$i-$(SHLIB_VERSION_NUMBER)$(SHLIB_EXT) lib$$i$(SHLIB_EXT).a ); \ | 273 | ( set -x; rm -f cyg$$i$(SHLIB_EXT) lib$$i$(SHLIB_EXT).a ); \ |
| 293 | fi; \ | 274 | fi; \ |
| 294 | done | 275 | done |
| 295 | 276 | ||
| 296 | link-shared: | 277 | link-shared: |
| 297 | @if [ -n "$(SHARED_LIBS_LINK_EXTS)" ]; then \ | 278 | @ set -e; for i in ${SHLIBDIRS}; do \ |
| 298 | tmp="$(SHARED_LIBS_LINK_EXTS)"; \ | 279 | $(MAKE) -f $(HERE)/Makefile.shared -e $(BUILDENV) \ |
| 299 | for i in $(SHLIBDIRS); do \ | 280 | LIBNAME=$$i LIBVERSION=${SHLIB_MAJOR}.${SHLIB_MINOR} \ |
| 300 | prev=lib$$i$(SHLIB_EXT); \ | 281 | LIBCOMPATVERSIONS=";${SHLIB_VERSION_HISTORY}" \ |
| 301 | for j in $${tmp:-x}; do \ | 282 | symlink.$(SHLIB_TARGET); \ |
| 302 | ( set -x; \ | 283 | libs="$$libs -l$$i"; \ |
| 303 | rm -f lib$$i$$j; ln -s $$prev lib$$i$$j ); \ | ||
| 304 | prev=lib$$i$$j; \ | ||
| 305 | done; \ | ||
| 306 | done; \ | ||
| 307 | fi | ||
| 308 | |||
| 309 | build-shared: clean-shared do_$(SHLIB_TARGET) link-shared | ||
| 310 | |||
| 311 | do_bsd-gcc-shared: do_gnu-shared | ||
| 312 | do_linux-shared: do_gnu-shared | ||
| 313 | do_gnu-shared: | ||
| 314 | libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \ | ||
| 315 | if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \ | ||
| 316 | libs="$(LIBKRB5) $$libs"; \ | ||
| 317 | fi; \ | ||
| 318 | ( set -x; $${FIPSLD:-${CC}} ${SHARED_LDFLAGS} \ | ||
| 319 | -shared -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \ | ||
| 320 | -Wl,-soname=lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \ | ||
| 321 | -Wl,-Bsymbolic \ | ||
| 322 | -Wl,--whole-archive lib$$i.a \ | ||
| 323 | -Wl,--no-whole-archive $$libs ${EX_LIBS} ) || exit 1; \ | ||
| 324 | libs="-l$$i $$libs"; \ | ||
| 325 | done | ||
| 326 | |||
| 327 | DETECT_GNU_LD=(${CC} -Wl,-V /dev/null 2>&1 | grep '^GNU ld' )>/dev/null | ||
| 328 | |||
| 329 | # For Darwin AKA Mac OS/X (dyld) | ||
| 330 | do_darwin-shared: | ||
| 331 | libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \ | ||
| 332 | if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \ | ||
| 333 | libs="$(LIBKRB5) $$libs"; \ | ||
| 334 | fi; \ | ||
| 335 | ( set -x; $${FIPSLD:-${CC}} ${SHARED_LDFLAGS} \ | ||
| 336 | --verbose -dynamiclib -o lib$$i${SHLIB_EXT} \ | ||
| 337 | lib$$i.a $$libs -all_load -current_version ${SHLIB_MAJOR}.${SHLIB_MINOR} \ | ||
| 338 | -compatibility_version ${SHLIB_MAJOR}.`echo ${SHLIB_MINOR} | cut -d. -f1` \ | ||
| 339 | -install_name ${INSTALLTOP}/lib/lib$$i${SHLIB_EXT} ) || exit 1; \ | ||
| 340 | libs="-l`basename $$i${SHLIB_EXT} .dylib` $$libs"; \ | ||
| 341 | echo "" ; \ | ||
| 342 | done | 284 | done |
| 343 | 285 | ||
| 344 | do_cygwin-shared: | 286 | build-shared: do_$(SHLIB_TARGET) link-shared |
| 345 | libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \ | ||
| 346 | if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \ | ||
| 347 | libs="$(LIBKRB5) $$libs"; \ | ||
| 348 | fi; \ | ||
| 349 | shlib=cyg$${i}-$(SHLIB_VERSION_NUMBER).dll; \ | ||
| 350 | [ "$(PLATFORM)" = "mingw" ] && shlib=$${i}eay32.dll; \ | ||
| 351 | [ -f apps/$$shlib ] && rm apps/$$shlib; \ | ||
| 352 | [ -f test/$$shlib ] && rm test/$$shlib; \ | ||
| 353 | base=; [ $$i = "crypto" ] && base=-Wl,--image-base,0x63000000; \ | ||
| 354 | ( set -x; $${FIPSLD:-${CC}} ${SHARED_LDFLAGS} \ | ||
| 355 | -shared $$base -o $$shlib \ | ||
| 356 | -Wl,-Bsymbolic \ | ||
| 357 | -Wl,--whole-archive lib$$i.a \ | ||
| 358 | -Wl,--out-implib,lib$$i.dll.a \ | ||
| 359 | -Wl,--no-whole-archive $$libs ${EX_LIBS} ) || exit 1; \ | ||
| 360 | cp -p $$shlib apps/; cp -p $$shlib test/; \ | ||
| 361 | touch -c lib$$i.dll.a; \ | ||
| 362 | libs="-l$$i $$libs"; \ | ||
| 363 | done | ||
| 364 | |||
| 365 | # This assumes that GNU utilities are *not* used | ||
| 366 | do_alpha-osf1-shared: | ||
| 367 | if ${DETECT_GNU_LD}; then \ | ||
| 368 | $(MAKE) do_gnu-shared; \ | ||
| 369 | else \ | ||
| 370 | libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \ | ||
| 371 | if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \ | ||
| 372 | libs="$(LIBKRB5) $$libs"; \ | ||
| 373 | fi; \ | ||
| 374 | ( set -x; $${FIPSLD:-${CC}} ${SHARED_LDFLAGS} \ | ||
| 375 | -shared -o lib$$i.so \ | ||
| 376 | -set_version "${SHLIB_VERSION_HISTORY}${SHLIB_VERSION_NUMBER}" \ | ||
| 377 | -all lib$$i.a -none $$libs ${EX_LIBS} ) || exit 1; \ | ||
| 378 | libs="-l$$i $$libs"; \ | ||
| 379 | done; \ | ||
| 380 | fi | ||
| 381 | |||
| 382 | # This assumes that GNU utilities are *not* used | ||
| 383 | # The difference between alpha-osf1-shared and tru64-shared is the `-msym' | ||
| 384 | # option passed to the linker. | ||
| 385 | do_tru64-shared: | ||
| 386 | if ${DETECT_GNU_LD}; then \ | ||
| 387 | $(MAKE) do_gnu-shared; \ | ||
| 388 | else \ | ||
| 389 | libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \ | ||
| 390 | if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \ | ||
| 391 | libs="$(LIBKRB5) $$libs"; \ | ||
| 392 | fi; \ | ||
| 393 | ( set -x; $${FIPSLD:-${CC}} ${SHARED_LDFLAGS} \ | ||
| 394 | -shared -msym -o lib$$i.so \ | ||
| 395 | -set_version "${SHLIB_VERSION_HISTORY}${SHLIB_VERSION_NUMBER}" \ | ||
| 396 | -all lib$$i.a -none $$libs ${EX_LIBS} ) || exit 1; \ | ||
| 397 | libs="-l$$i $$libs"; \ | ||
| 398 | done; \ | ||
| 399 | fi | ||
| 400 | 287 | ||
| 401 | # This assumes that GNU utilities are *not* used | 288 | do_$(SHLIB_TARGET): |
| 402 | # The difference between tru64-shared and tru64-shared-rpath is the | 289 | @ set -e; libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \ |
| 403 | # -rpath ${INSTALLTOP}/lib passed to the linker. | ||
| 404 | do_tru64-shared-rpath: | ||
| 405 | if ${DETECT_GNU_LD}; then \ | ||
| 406 | $(MAKE) do_gnu-shared; \ | ||
| 407 | else \ | ||
| 408 | libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \ | ||
| 409 | if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \ | 290 | if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \ |
| 410 | libs="$(LIBKRB5) $$libs"; \ | 291 | libs="$(LIBKRB5) $$libs"; \ |
| 411 | fi; \ | 292 | fi; \ |
| 412 | ( set -x; $${FIPSLD:-${CC}} ${SHARED_LDFLAGS} \ | 293 | $(CLEARENV) && $(MAKE) -f Makefile.shared -e $(BUILDENV) \ |
| 413 | -shared -msym -o lib$$i.so \ | 294 | LIBNAME=$$i LIBVERSION=${SHLIB_MAJOR}.${SHLIB_MINOR} \ |
| 414 | -rpath ${INSTALLTOP}/lib \ | 295 | LIBCOMPATVERSIONS=";${SHLIB_VERSION_HISTORY}" \ |
| 415 | -set_version "${SHLIB_VERSION_HISTORY}${SHLIB_VERSION_NUMBER}" \ | 296 | LIBDEPS="$$libs $(EX_LIBS)" \ |
| 416 | -all lib$$i.a -none $$libs ${EX_LIBS} ) || exit 1; \ | 297 | link_a.$(SHLIB_TARGET); \ |
| 417 | libs="-l$$i $$libs"; \ | 298 | libs="-l$$i $$libs"; \ |
| 418 | done; \ | ||
| 419 | fi | ||
| 420 | |||
| 421 | |||
| 422 | # This assumes that GNU utilities are *not* used | ||
| 423 | do_solaris-shared: | ||
| 424 | if ${DETECT_GNU_LD}; then \ | ||
| 425 | $(MAKE) do_gnu-shared; \ | ||
| 426 | else \ | ||
| 427 | libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \ | ||
| 428 | if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \ | ||
| 429 | libs="$(LIBKRB5) $$libs"; \ | ||
| 430 | fi; \ | ||
| 431 | ( PATH=/usr/ccs/bin:$$PATH ; export PATH; \ | ||
| 432 | MINUSZ='-z '; \ | ||
| 433 | (${CC} -v 2>&1 | grep gcc) > /dev/null && MINUSZ='-Wl,-z,'; \ | ||
| 434 | set -x; $${FIPSLD:-${CC}} ${SHARED_LDFLAGS} \ | ||
| 435 | -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \ | ||
| 436 | -h lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \ | ||
| 437 | -Wl,-Bsymbolic \ | ||
| 438 | $${MINUSZ}allextract lib$$i.a $${MINUSZ}defaultextract \ | ||
| 439 | $$libs ${EX_LIBS} ) || exit 1; \ | ||
| 440 | libs="-l$$i $$libs"; \ | ||
| 441 | done; \ | ||
| 442 | fi | ||
| 443 | |||
| 444 | # OpenServer 5 native compilers used | ||
| 445 | do_svr3-shared: | ||
| 446 | if ${DETECT_GNU_LD}; then \ | ||
| 447 | $(MAKE) do_gnu-shared; \ | ||
| 448 | else \ | ||
| 449 | libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \ | ||
| 450 | if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \ | ||
| 451 | libs="$(LIBKRB5) $$libs"; \ | ||
| 452 | fi; \ | ||
| 453 | ( PATH=/usr/ccs/bin:$$PATH ; export PATH; \ | ||
| 454 | find . -name "*.o" -print > allobjs ; \ | ||
| 455 | OBJS= ; export OBJS ; \ | ||
| 456 | for obj in `ar t lib$$i.a` ; do \ | ||
| 457 | OBJS="$${OBJS} `grep /$$obj allobjs`" ; \ | ||
| 458 | done ; \ | ||
| 459 | set -x; $${FIPSLD:-${CC}} ${SHARED_LDFLAGS} \ | ||
| 460 | -G -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \ | ||
| 461 | -h lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \ | ||
| 462 | $${OBJS} $$libs ${EX_LIBS} ) || exit 1; \ | ||
| 463 | libs="-l$$i $$libs"; \ | ||
| 464 | done; \ | ||
| 465 | fi | ||
| 466 | |||
| 467 | # UnixWare 7 and OpenUNIX 8 native compilers used | ||
| 468 | do_svr5-shared: | ||
| 469 | if ${DETECT_GNU_LD}; then \ | ||
| 470 | $(MAKE) do_gnu-shared; \ | ||
| 471 | else \ | ||
| 472 | libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \ | ||
| 473 | if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \ | ||
| 474 | libs="$(LIBKRB5) $$libs"; \ | ||
| 475 | fi; \ | ||
| 476 | ( PATH=/usr/ccs/bin:$$PATH ; export PATH; \ | ||
| 477 | SHARE_FLAG='-G'; \ | ||
| 478 | (${CC} -v 2>&1 | grep gcc) > /dev/null && SHARE_FLAG='-shared'; \ | ||
| 479 | find . -name "*.o" -print > allobjs ; \ | ||
| 480 | OBJS= ; export OBJS ; \ | ||
| 481 | for obj in `ar t lib$$i.a` ; do \ | ||
| 482 | OBJS="$${OBJS} `grep /$$obj allobjs`" ; \ | ||
| 483 | done ; \ | ||
| 484 | set -x; LD_LIBRARY_PATH=.:$$LD_LIBRARY_PATH \ | ||
| 485 | $${FIPSLD:-${CC}} ${SHARED_LDFLAGS} \ | ||
| 486 | $${SHARE_FLAG} -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \ | ||
| 487 | -h lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \ | ||
| 488 | $${OBJS} $$libs ${EX_LIBS} ) || exit 1; \ | ||
| 489 | libs="-l$$i $$libs"; \ | ||
| 490 | done; \ | ||
| 491 | fi | ||
| 492 | |||
| 493 | # This assumes that GNU utilities are *not* used | ||
| 494 | do_irix-shared: | ||
| 495 | if ${DETECT_GNU_LD}; then \ | ||
| 496 | $(MAKE) do_gnu-shared; \ | ||
| 497 | else \ | ||
| 498 | libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \ | ||
| 499 | if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \ | ||
| 500 | libs="$(LIBKRB5) $$libs"; \ | ||
| 501 | fi; \ | ||
| 502 | ( WHOLELIB="-all lib$$i.a -none"; \ | ||
| 503 | (${CC} -v 2>&1 | grep gcc) > /dev/null && WHOLELIB="-Wl,-all,lib$$i.a,-none"; \ | ||
| 504 | set -x; $${FIPSLD:-${CC}} ${SHARED_LDFLAGS} \ | ||
| 505 | -shared -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \ | ||
| 506 | -Wl,-soname,lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \ | ||
| 507 | $${WHOLELIB} $$libs ${EX_LIBS}) || exit 1; \ | ||
| 508 | libs="-l$$i $$libs"; \ | ||
| 509 | done; \ | ||
| 510 | fi | ||
| 511 | |||
| 512 | # This assumes that GNU utilities are *not* used | ||
| 513 | # | ||
| 514 | do_hpux-shared: | ||
| 515 | for i in ${SHLIBDIRS}; do \ | ||
| 516 | if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \ | ||
| 517 | libs="$(LIBKRB5) $$libs"; \ | ||
| 518 | fi; \ | ||
| 519 | if expr $(PLATFORM) : '.*ia64' > /dev/null; then \ | ||
| 520 | shlib=lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR}; \ | ||
| 521 | else \ | ||
| 522 | shlib=lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR}; \ | ||
| 523 | fi; \ | ||
| 524 | [ -f $$shlib ] && rm -f $$shlib; \ | ||
| 525 | ALLSYMSFLAGS='-Wl,-Fl'; \ | ||
| 526 | expr $(PLATFORM) : 'hpux64' > /dev/null && ALLSYMSFLAGS='-Wl,+forceload'; \ | ||
| 527 | ( set -x; $${FIPSLD:-${CC}} ${SHARED_LDFLAGS} \ | ||
| 528 | -Wl,-B,symbolic,+vnocompatwarnings,-z,+h,$$shlib \ | ||
| 529 | -o $$shlib $$ALLSYMSFLAGS,lib$$i.a -ldld ) || exit 1; \ | ||
| 530 | chmod a=rx $$shlib; \ | ||
| 531 | done | 299 | done |
| 532 | 300 | ||
| 533 | # The following method is said to work on all platforms. Tests will | 301 | libcrypto.pc: Makefile |
| 534 | # determine if that's how it's gong to be used. | 302 | @ ( echo 'prefix=$(INSTALLTOP)'; \ |
| 535 | # This assumes that for all but GNU systems, GNU utilities are *not* used. | 303 | echo 'exec_prefix=$${prefix}'; \ |
| 536 | # ALLSYMSFLAGS would be: | 304 | echo 'libdir=$${exec_prefix}/lib'; \ |
| 537 | # GNU systems: --whole-archive | 305 | echo 'includedir=$${prefix}/include'; \ |
| 538 | # Tru64 Unix: -all | 306 | echo ''; \ |
| 539 | # Solaris: -z allextract | 307 | echo 'Name: OpenSSL-libcrypto'; \ |
| 540 | # Irix: -all | 308 | echo 'Description: OpenSSL cryptography library'; \ |
| 541 | # HP/UX-32bit: -Fl | 309 | echo 'Version: '$(VERSION); \ |
| 542 | # HP/UX-64bit: +forceload | 310 | echo 'Requires: '; \ |
| 543 | # AIX: -bnogc | 311 | echo 'Libs: -L$${libdir} -lcrypto $(EX_LIBS)'; \ |
| 544 | # SHAREDFLAGS would be: | 312 | echo 'Cflags: -I$${includedir} $(KRB5_INCLUDES)' ) > libcrypto.pc |
| 545 | # GNU systems: -shared -Wl,-soname=lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} | ||
| 546 | # Tru64 Unix: -shared \ | ||
| 547 | # -set_version "${SHLIB_VERSION_HISTORY}${SHLIB_VERSION_NUMBER}" | ||
| 548 | # Solaris: -G -h lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} | ||
| 549 | # Irix: -shared -Wl,-soname,lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} | ||
| 550 | # HP/UX-32bit: +vnocompatwarnings -b -z +s \ | ||
| 551 | # +h lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} | ||
| 552 | # HP/UX-64bit: -b -z +h lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} | ||
| 553 | # AIX: -G -bE:lib$$i.exp -bM:SRE | ||
| 554 | # SHAREDCMD would be: | ||
| 555 | # GNU systems: $(CC) | ||
| 556 | # Tru64 Unix: $(CC) | ||
| 557 | # Solaris: $(CC) | ||
| 558 | # Irix: $(CC) | ||
| 559 | # HP/UX-32bit: /usr/ccs/bin/ld | ||
| 560 | # HP/UX-64bit: /usr/ccs/bin/ld | ||
| 561 | # AIX: $(CC) | ||
| 562 | ALLSYMSFLAG=-bnogc | ||
| 563 | SHAREDFLAGS=${SHARED_LDFLAGS} -G -bE:lib$$i.exp -bM:SRE | ||
| 564 | SHAREDCMD=$(CC) | ||
| 565 | do_aix-shared: | ||
| 566 | libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \ | ||
| 567 | if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \ | ||
| 568 | libs="$(LIBKRB5) $$libs"; \ | ||
| 569 | fi; \ | ||
| 570 | ( set -x; \ | ||
| 571 | OBJECT_MODE=`expr x${SHARED_LDFLAGS} : 'x\-[a-z]\([0-9]*\)'`; \ | ||
| 572 | OBJECT_MODE=$${OBJECT_MODE:-32}; export OBJECT_MODE; \ | ||
| 573 | ld -r -o lib$$i.o $(ALLSYMSFLAG) lib$$i.a && \ | ||
| 574 | ( nm -Pg lib$$i.o | grep ' [BD] ' | cut -f1 -d' ' > lib$$i.exp; \ | ||
| 575 | $${FIPSLD:-${CC}} $(SHAREDFLAGS) \ | ||
| 576 | -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} lib$$i.o \ | ||
| 577 | $$libs ${EX_LIBS} ) ) \ | ||
| 578 | || exit 1; \ | ||
| 579 | libs="-l$$i $$libs"; \ | ||
| 580 | done | ||
| 581 | 313 | ||
| 582 | do_reliantunix-shared: | 314 | libssl.pc: Makefile |
| 583 | libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \ | 315 | @ ( echo 'prefix=$(INSTALLTOP)'; \ |
| 584 | if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \ | 316 | echo 'exec_prefix=$${prefix}'; \ |
| 585 | libs="$(LIBKRB5) $$libs"; \ | 317 | echo 'libdir=$${exec_prefix}/lib'; \ |
| 586 | fi; \ | 318 | echo 'includedir=$${prefix}/include'; \ |
| 587 | tmpdir=/tmp/openssl.$$$$ ; rm -rf $$tmpdir ; \ | 319 | echo ''; \ |
| 588 | ( set -x; \ | 320 | echo 'Name: OpenSSL'; \ |
| 589 | ( Opwd=`pwd` ; mkdir $$tmpdir || exit 1; \ | 321 | echo 'Description: Secure Sockets Layer and cryptography libraries'; \ |
| 590 | cd $$tmpdir || exit 1 ; ar x $$Opwd/lib$$i.a ; \ | 322 | echo 'Version: '$(VERSION); \ |
| 591 | $${FIPSLD:-${CC}} -G -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} *.o \ | 323 | echo 'Requires: '; \ |
| 592 | ) || exit 1; \ | 324 | echo 'Libs: -L$${libdir} -lssl -lcrypto $(EX_LIBS)'; \ |
| 593 | cp $$tmpdir/lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} . ; \ | 325 | echo 'Cflags: -I$${includedir} $(KRB5_INCLUDES)' ) > libssl.pc |
| 594 | ) || exit 1; \ | ||
| 595 | rm -rf $$tmpdir ; \ | ||
| 596 | libs="-l$$i $$libs"; \ | ||
| 597 | done | ||
| 598 | 326 | ||
| 599 | openssl.pc: Makefile | 327 | openssl.pc: Makefile |
| 600 | @ ( echo 'prefix=$(INSTALLTOP)'; \ | 328 | @ ( echo 'prefix=$(INSTALLTOP)'; \ |
| @@ -606,31 +334,25 @@ openssl.pc: Makefile | |||
| 606 | echo 'Description: Secure Sockets Layer and cryptography libraries and tools'; \ | 334 | echo 'Description: Secure Sockets Layer and cryptography libraries and tools'; \ |
| 607 | echo 'Version: '$(VERSION); \ | 335 | echo 'Version: '$(VERSION); \ |
| 608 | echo 'Requires: '; \ | 336 | echo 'Requires: '; \ |
| 609 | echo 'Libs: -L$${libdir} -lssl -lcrypto $(LIBKRB5) $(EX_LIBS)'; \ | 337 | echo 'Libs: -L$${libdir} -lssl -lcrypto $(EX_LIBS)'; \ |
| 610 | echo 'Cflags: -I$${includedir} $(KRB5_INCLUDES)' ) > openssl.pc | 338 | echo 'Cflags: -I$${includedir} $(KRB5_INCLUDES)' ) > openssl.pc |
| 611 | 339 | ||
| 612 | Makefile: Makefile.org | 340 | Makefile: Makefile.org Configure config |
| 613 | @echo "Makefile is older than Makefile.org." | 341 | @echo "Makefile is older than Makefile.org, Configure or config." |
| 614 | @echo "Reconfigure the source tree (via './config' or 'perl Configure'), please." | 342 | @echo "Reconfigure the source tree (via './config' or 'perl Configure'), please." |
| 615 | @false | 343 | @false |
| 616 | 344 | ||
| 617 | libclean: | 345 | libclean: |
| 618 | rm -f *.map *.so *.so.* engines/*.so *.a */lib */*/lib | 346 | rm -f *.map *.so *.so.* *.dll engines/*.so engines/*.dll *.a engines/*.a */lib */*/lib |
| 619 | 347 | ||
| 620 | clean: libclean | 348 | clean: libclean |
| 621 | rm -f shlib/*.o *.o core a.out fluff rehash.time testlog make.log cctest cctest.c | 349 | rm -f shlib/*.o *.o core a.out fluff rehash.time testlog make.log cctest cctest.c |
| 622 | @for i in $(DIRS) ;\ | 350 | @set -e; target=clean; $(RECURSIVE_BUILD_CMD) |
| 623 | do \ | 351 | rm -f $(LIBS) |
| 624 | if [ -d "$$i" ]; then \ | 352 | rm -f openssl.pc libssl.pc libcrypto.pc |
| 625 | (cd $$i && echo "making clean in $$i..." && \ | ||
| 626 | $(MAKE) EXE_EXT='${EXE_EXT}' SDIRS='${SDIRS}' clean ) || exit 1; \ | ||
| 627 | rm -f $(LIBS); \ | ||
| 628 | fi; \ | ||
| 629 | done; | ||
| 630 | rm -f openssl.pc | ||
| 631 | rm -f speed.* .pure | 353 | rm -f speed.* .pure |
| 632 | rm -f $(TARFILE) | 354 | rm -f $(TARFILE) |
| 633 | @for i in $(ONEDIRS) ;\ | 355 | @set -e; for i in $(ONEDIRS) ;\ |
| 634 | do \ | 356 | do \ |
| 635 | rm -fr $$i/*; \ | 357 | rm -fr $$i/*; \ |
| 636 | done | 358 | done |
| @@ -641,37 +363,20 @@ makefile.one: files | |||
| 641 | 363 | ||
| 642 | files: | 364 | files: |
| 643 | $(PERL) $(TOP)/util/files.pl Makefile > $(TOP)/MINFO | 365 | $(PERL) $(TOP)/util/files.pl Makefile > $(TOP)/MINFO |
| 644 | @for i in $(DIRS) ;\ | 366 | @set -e; target=files; $(RECURSIVE_BUILD_CMD) |
| 645 | do \ | ||
| 646 | if [ -d "$$i" ]; then \ | ||
| 647 | (cd $$i && echo "making 'files' in $$i..." && \ | ||
| 648 | $(MAKE) SDIRS='${SDIRS}' PERL='${PERL}' files ) || exit 1; \ | ||
| 649 | fi; \ | ||
| 650 | done; | ||
| 651 | 367 | ||
| 652 | links: | 368 | links: |
| 653 | @$(PERL) $(TOP)/util/mkdir-p.pl include/openssl | 369 | @$(PERL) $(TOP)/util/mkdir-p.pl include/openssl |
| 654 | @$(PERL) $(TOP)/util/mklink.pl include/openssl $(EXHEADER) | 370 | @$(PERL) $(TOP)/util/mklink.pl include/openssl $(EXHEADER) |
| 655 | @for i in $(DIRS); do \ | 371 | @set -e; target=links; $(RECURSIVE_BUILD_CMD) |
| 656 | if [ -d "$$i" ]; then \ | ||
| 657 | (cd $$i && echo "making links in $$i..." && \ | ||
| 658 | $(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' FIPS_DES_ENC='${FIPS_DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' FIPS_SHA1_ASM_OBJ='${FIPS_SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PERL='${PERL}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' links ) || exit 1; \ | ||
| 659 | fi; \ | ||
| 660 | done; | ||
| 661 | 372 | ||
| 662 | gentests: | 373 | gentests: |
| 663 | @(cd test && echo "generating dummy tests (if needed)..." && \ | 374 | @(cd test && echo "generating dummy tests (if needed)..." && \ |
| 664 | $(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' FIPS_DES_ENC='${FIPS_DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' FIPS_SHA1_ASM_OBJ='${FIPS_SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' TESTS='${TESTS}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' TESTS='${TESTS}' OPENSSL_DEBUG_MEMORY=on generate ); | 375 | $(CLEARENV) && $(MAKE) -e $(BUILDENV) TESTS='${TESTS}' OPENSSL_DEBUG_MEMORY=on generate ); |
| 665 | 376 | ||
| 666 | dclean: | 377 | dclean: |
| 667 | rm -f *.bak | 378 | rm -f *.bak |
| 668 | @for i in $(DIRS) ;\ | 379 | @set -e; target=dclean; $(RECURSIVE_BUILD_CMD) |
| 669 | do \ | ||
| 670 | if [ -d "$$i" ]; then \ | ||
| 671 | (cd $$i && echo "making dclean in $$i..." && \ | ||
| 672 | $(MAKE) SDIRS='${SDIRS}' PERL='${PERL}' dclean ) || exit 1; \ | ||
| 673 | fi; \ | ||
| 674 | done; | ||
| 675 | 380 | ||
| 676 | rehash: rehash.time | 381 | rehash: rehash.time |
| 677 | rehash.time: certs | 382 | rehash.time: certs |
| @@ -685,29 +390,17 @@ test: tests | |||
| 685 | 390 | ||
| 686 | tests: rehash | 391 | tests: rehash |
| 687 | @(cd test && echo "testing..." && \ | 392 | @(cd test && echo "testing..." && \ |
| 688 | $(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' FIPS_DES_ENC='${FIPS_DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' FIPS_SHA1_ASM_OBJ='${FIPS_SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' TESTS='${TESTS}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' TESTS='${TESTS}' OPENSSL_DEBUG_MEMORY=on tests ); | 393 | $(CLEARENV) && $(MAKE) -e $(BUILDENV) TOP=.. TESTS='${TESTS}' OPENSSL_DEBUG_MEMORY=on tests ); |
| 689 | util/shlib_wrap.sh apps/openssl version -a | 394 | util/opensslwrap.sh version -a |
| 690 | 395 | ||
| 691 | report: | 396 | report: |
| 692 | @$(PERL) util/selftest.pl | 397 | @$(PERL) util/selftest.pl |
| 693 | 398 | ||
| 694 | depend: | 399 | depend: |
| 695 | @for i in $(DIRS) ;\ | 400 | @set -e; target=depend; $(RECURSIVE_BUILD_CMD) |
| 696 | do \ | ||
| 697 | if [ -d "$$i" ]; then \ | ||
| 698 | (cd $$i && echo "making dependencies $$i..." && \ | ||
| 699 | $(MAKE) SDIRS='${SDIRS}' CFLAG='${CFLAG}' DEPFLAG='${DEPFLAG}' MAKEDEPPROG='${MAKEDEPPROG}' KRB5_INCLUDES='${KRB5_INCLUDES}' PERL='${PERL}' depend ) || exit 1; \ | ||
| 700 | fi; \ | ||
| 701 | done; | ||
| 702 | 401 | ||
| 703 | lint: | 402 | lint: |
| 704 | @for i in $(DIRS) ;\ | 403 | @set -e; target=lint; $(RECURSIVE_BUILD_CMD) |
| 705 | do \ | ||
| 706 | if [ -d "$$i" ]; then \ | ||
| 707 | (cd $$i && echo "making lint $$i..." && \ | ||
| 708 | $(MAKE) SDIRS='${SDIRS}' lint ) || exit 1; \ | ||
| 709 | fi; \ | ||
| 710 | done; | ||
| 711 | 404 | ||
| 712 | tags: | 405 | tags: |
| 713 | rm -f TAGS | 406 | rm -f TAGS |
| @@ -715,7 +408,8 @@ tags: | |||
| 715 | 408 | ||
| 716 | errors: | 409 | errors: |
| 717 | $(PERL) util/mkerr.pl -recurse -write | 410 | $(PERL) util/mkerr.pl -recurse -write |
| 718 | (cd crypto/engine; $(MAKE) PERL=$(PERL) errors) | 411 | (cd engines; $(MAKE) PERL=$(PERL) errors) |
| 412 | $(PERL) util/ck_errf.pl */*.c */*/*.c | ||
| 719 | 413 | ||
| 720 | stacks: | 414 | stacks: |
| 721 | $(PERL) util/mkstack.pl -write | 415 | $(PERL) util/mkstack.pl -write |
| @@ -777,45 +471,36 @@ dist: | |||
| 777 | @$(MAKE) TAR='${TAR}' TARFLAGS='${TARFLAGS}' tar | 471 | @$(MAKE) TAR='${TAR}' TARFLAGS='${TARFLAGS}' tar |
| 778 | 472 | ||
| 779 | dist_pem_h: | 473 | dist_pem_h: |
| 780 | (cd crypto/pem; $(MAKE) CC='${CC}' SDIRS='${SDIRS}' CFLAG='${CFLAG}' pem.h; $(MAKE) clean) | 474 | (cd crypto/pem; $(MAKE) -e $(BUILDENV) pem.h; $(MAKE) clean) |
| 781 | 475 | ||
| 782 | install: all install_docs install_sw | 476 | install: all install_docs install_sw |
| 783 | 477 | ||
| 784 | install_sw: | 478 | install_sw: |
| 785 | @$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \ | 479 | @$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \ |
| 786 | $(INSTALL_PREFIX)$(INSTALLTOP)/lib \ | 480 | $(INSTALL_PREFIX)$(INSTALLTOP)/lib \ |
| 481 | $(INSTALL_PREFIX)$(INSTALLTOP)/lib/engines \ | ||
| 787 | $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig \ | 482 | $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig \ |
| 788 | $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl \ | 483 | $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl \ |
| 789 | $(INSTALL_PREFIX)$(OPENSSLDIR)/misc \ | 484 | $(INSTALL_PREFIX)$(OPENSSLDIR)/misc \ |
| 790 | $(INSTALL_PREFIX)$(OPENSSLDIR)/certs \ | 485 | $(INSTALL_PREFIX)$(OPENSSLDIR)/certs \ |
| 791 | $(INSTALL_PREFIX)$(OPENSSLDIR)/private | 486 | $(INSTALL_PREFIX)$(OPENSSLDIR)/private |
| 792 | @headerlist="$(EXHEADER)"; for i in $$headerlist ;\ | 487 | @set -e; headerlist="$(EXHEADER)"; for i in $$headerlist;\ |
| 793 | do \ | 488 | do \ |
| 794 | (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ | 489 | (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ |
| 795 | chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ | 490 | chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ |
| 796 | done; | 491 | done; |
| 797 | @for i in $(DIRS) ;\ | 492 | @set -e; target=install; $(RECURSIVE_BUILD_CMD) |
| 798 | do \ | 493 | @set -e; for i in $(LIBS) ;\ |
| 799 | if [ -d "$$i" ]; then \ | ||
| 800 | (cd $$i; echo "installing $$i..."; \ | ||
| 801 | $(MAKE) CC='${CC}' CFLAG='${CFLAG}' INSTALL_PREFIX='${INSTALL_PREFIX}' INSTALLTOP='${INSTALLTOP}' OPENSSLDIR='${OPENSSLDIR}' EX_LIBS='${EX_LIBS}' SDIRS='${SDIRS}' RANLIB='${RANLIB}' EXE_EXT='${EXE_EXT}' install ); \ | ||
| 802 | fi; \ | ||
| 803 | done | ||
| 804 | @for i in $(LIBS) ;\ | ||
| 805 | do \ | 494 | do \ |
| 806 | if [ -f "$$i" ]; then \ | 495 | if [ -f "$$i" ]; then \ |
| 807 | ( echo installing $$i; \ | 496 | ( echo installing $$i; \ |
| 808 | cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \ | 497 | cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \ |
| 809 | if egrep 'define OPENSSL_FIPS' $(TOP)/include/openssl/opensslconf.h > /dev/null; then \ | 498 | $(RANLIB) $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \ |
| 810 | : ; \ | ||
| 811 | else \ | ||
| 812 | $(RANLIB) $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \ | ||
| 813 | fi; \ | ||
| 814 | chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \ | 499 | chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \ |
| 815 | mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i ); \ | 500 | mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i ); \ |
| 816 | fi; \ | 501 | fi; \ |
| 817 | done; | 502 | done; |
| 818 | @if [ -n "$(SHARED_LIBS)" ]; then \ | 503 | @set -e; if [ -n "$(SHARED_LIBS)" ]; then \ |
| 819 | tmp="$(SHARED_LIBS)"; \ | 504 | tmp="$(SHARED_LIBS)"; \ |
| 820 | for i in $${tmp:-x}; \ | 505 | for i in $${tmp:-x}; \ |
| 821 | do \ | 506 | do \ |
| @@ -826,20 +511,19 @@ install_sw: | |||
| 826 | chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \ | 511 | chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \ |
| 827 | mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i; \ | 512 | mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i; \ |
| 828 | else \ | 513 | else \ |
| 829 | c=`echo $$i | sed 's/^lib\(.*\)\.dll/cyg\1-$(SHLIB_VERSION_NUMBER).dll/'`; \ | 514 | c=`echo $$i | sed 's/^lib\(.*\)\.dll\.a/cyg\1-$(SHLIB_VERSION_NUMBER).dll/'`; \ |
| 830 | cp $$c $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new; \ | 515 | cp $$c $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new; \ |
| 831 | chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new; \ | 516 | chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new; \ |
| 832 | mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c; \ | 517 | mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c; \ |
| 833 | cp $$i.a $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.a.new; \ | 518 | cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \ |
| 834 | chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.a.new; \ | 519 | chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \ |
| 835 | mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.a.new $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.a; \ | 520 | mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i; \ |
| 836 | fi ); \ | 521 | fi ); \ |
| 837 | fi; \ | 522 | fi; \ |
| 838 | done; \ | 523 | done; \ |
| 839 | ( here="`pwd`"; \ | 524 | ( here="`pwd`"; \ |
| 840 | cd $(INSTALL_PREFIX)$(INSTALLTOP)/lib; \ | 525 | cd $(INSTALL_PREFIX)$(INSTALLTOP)/lib; \ |
| 841 | set $(MAKE); \ | 526 | $(MAKE) -f $$here/Makefile HERE="$$here" link-shared ); \ |
| 842 | $$1 -f $$here/Makefile link-shared ); \ | ||
| 843 | if [ "$(INSTALLTOP)" != "/usr" ]; then \ | 527 | if [ "$(INSTALLTOP)" != "/usr" ]; then \ |
| 844 | echo 'OpenSSL shared libraries have been installed in:'; \ | 528 | echo 'OpenSSL shared libraries have been installed in:'; \ |
| 845 | echo ' $(INSTALLTOP)'; \ | 529 | echo ' $(INSTALLTOP)'; \ |
| @@ -847,6 +531,10 @@ install_sw: | |||
| 847 | sed -e '1,/^$$/d' doc/openssl-shared.txt; \ | 531 | sed -e '1,/^$$/d' doc/openssl-shared.txt; \ |
| 848 | fi; \ | 532 | fi; \ |
| 849 | fi | 533 | fi |
| 534 | cp libcrypto.pc $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig | ||
| 535 | chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig/libcrypto.pc | ||
| 536 | cp libssl.pc $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig | ||
| 537 | chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig/libssl.pc | ||
| 850 | cp openssl.pc $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig | 538 | cp openssl.pc $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig |
| 851 | chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig/openssl.pc | 539 | chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig/openssl.pc |
| 852 | 540 | ||
| @@ -862,9 +550,9 @@ install_docs: | |||
| 862 | if [ "$(PLATFORM)" = "DJGPP" -o "$(PLATFORM)" = "Cygwin" -o "$(PLATFORM)" = "mingw" ]; then \ | 550 | if [ "$(PLATFORM)" = "DJGPP" -o "$(PLATFORM)" = "Cygwin" -o "$(PLATFORM)" = "mingw" ]; then \ |
| 863 | filecase=-i; \ | 551 | filecase=-i; \ |
| 864 | fi; \ | 552 | fi; \ |
| 865 | for i in doc/apps/*.pod; do \ | 553 | set -e; for i in doc/apps/*.pod; do \ |
| 866 | fn=`basename $$i .pod`; \ | 554 | fn=`basename $$i .pod`; \ |
| 867 | if [ "$$fn" = "config" ]; then sec=5; else sec=1; fi; \ | 555 | sec=`$(PERL) util/extract-section.pl 1 < $$i`; \ |
| 868 | echo "installing man$$sec/$$fn.$${sec}$(MANSUFFIX)"; \ | 556 | echo "installing man$$sec/$$fn.$${sec}$(MANSUFFIX)"; \ |
| 869 | (cd `$(PERL) util/dirname.pl $$i`; \ | 557 | (cd `$(PERL) util/dirname.pl $$i`; \ |
| 870 | sh -c "$$pod2man \ | 558 | sh -c "$$pod2man \ |
| @@ -879,9 +567,9 @@ install_docs: | |||
| 879 | $$here/util/point.sh $$fn.$${sec}$(MANSUFFIX) "$$n".$${sec}$(MANSUFFIX); \ | 567 | $$here/util/point.sh $$fn.$${sec}$(MANSUFFIX) "$$n".$${sec}$(MANSUFFIX); \ |
| 880 | done); \ | 568 | done); \ |
| 881 | done; \ | 569 | done; \ |
| 882 | for i in doc/crypto/*.pod doc/ssl/*.pod; do \ | 570 | set -e; for i in doc/crypto/*.pod doc/ssl/*.pod; do \ |
| 883 | fn=`basename $$i .pod`; \ | 571 | fn=`basename $$i .pod`; \ |
| 884 | if [ "$$fn" = "des_modes" ]; then sec=7; else sec=3; fi; \ | 572 | sec=`$(PERL) util/extract-section.pl 3 < $$i`; \ |
| 885 | echo "installing man$$sec/$$fn.$${sec}$(MANSUFFIX)"; \ | 573 | echo "installing man$$sec/$$fn.$${sec}$(MANSUFFIX)"; \ |
| 886 | (cd `$(PERL) util/dirname.pl $$i`; \ | 574 | (cd `$(PERL) util/dirname.pl $$i`; \ |
| 887 | sh -c "$$pod2man \ | 575 | sh -c "$$pod2man \ |
diff --git a/src/lib/libssl/src/NEWS b/src/lib/libssl/src/NEWS index 49b443ed4d..40ded1aebf 100644 --- a/src/lib/libssl/src/NEWS +++ b/src/lib/libssl/src/NEWS | |||
| @@ -5,8 +5,138 @@ | |||
| 5 | This file gives a brief overview of the major changes between each OpenSSL | 5 | This file gives a brief overview of the major changes between each OpenSSL |
| 6 | release. For more details please read the CHANGES file. | 6 | release. For more details please read the CHANGES file. |
| 7 | 7 | ||
| 8 | Major changes between OpenSSL 0.9.8f and OpenSSL 0.9.8g: | ||
| 9 | |||
| 10 | o Fixes for bugs introduced with 0.9.8f. | ||
| 11 | |||
| 12 | Major changes between OpenSSL 0.9.8e and OpenSSL 0.9.8f: | ||
| 13 | |||
| 14 | o Add gcc 4.2 support. | ||
| 15 | o Add support for AES and SSE2 assembly lanugauge optimization | ||
| 16 | for VC++ build. | ||
| 17 | o Support for RFC4507bis and server name extensions if explicitly | ||
| 18 | selected at compile time. | ||
| 19 | o DTLS improvements. | ||
| 20 | o RFC4507bis support. | ||
| 21 | o TLS Extensions support. | ||
| 22 | |||
| 23 | Major changes between OpenSSL 0.9.8d and OpenSSL 0.9.8e: | ||
| 24 | |||
| 25 | o Various ciphersuite selection fixes. | ||
| 26 | o RFC3779 support. | ||
| 27 | |||
| 28 | Major changes between OpenSSL 0.9.8c and OpenSSL 0.9.8d: | ||
| 29 | |||
| 30 | o Introduce limits to prevent malicious key DoS (CVE-2006-2940) | ||
| 31 | o Fix security issues (CVE-2006-2937, CVE-2006-3737, CVE-2006-4343) | ||
| 32 | o Changes to ciphersuite selection algorithm | ||
| 33 | |||
| 34 | Major changes between OpenSSL 0.9.8b and OpenSSL 0.9.8c: | ||
| 35 | |||
| 36 | o Fix Daniel Bleichenbacher forged signature attack, CVE-2006-4339 | ||
| 37 | o New cipher Camellia | ||
| 38 | |||
| 39 | Major changes between OpenSSL 0.9.8a and OpenSSL 0.9.8b: | ||
| 40 | |||
| 41 | o Cipher string fixes. | ||
| 42 | o Fixes for VC++ 2005. | ||
| 43 | o Updated ECC cipher suite support. | ||
| 44 | o New functions EVP_CIPHER_CTX_new() and EVP_CIPHER_CTX_free(). | ||
| 45 | o Zlib compression usage fixes. | ||
| 46 | o Built in dynamic engine compilation support on Win32. | ||
| 47 | o Fixes auto dynamic engine loading in Win32. | ||
| 48 | |||
| 49 | Major changes between OpenSSL 0.9.8 and OpenSSL 0.9.8a: | ||
| 50 | |||
| 51 | o Fix potential SSL 2.0 rollback, CVE-2005-2969 | ||
| 52 | o Extended Windows CE support | ||
| 53 | |||
| 54 | Major changes between OpenSSL 0.9.7g and OpenSSL 0.9.8: | ||
| 55 | |||
| 56 | o Major work on the BIGNUM library for higher efficiency and to | ||
| 57 | make operations more streamlined and less contradictory. This | ||
| 58 | is the result of a major audit of the BIGNUM library. | ||
| 59 | o Addition of BIGNUM functions for fields GF(2^m) and NIST | ||
| 60 | curves, to support the Elliptic Crypto functions. | ||
| 61 | o Major work on Elliptic Crypto; ECDH and ECDSA added, including | ||
| 62 | the use through EVP, X509 and ENGINE. | ||
| 63 | o New ASN.1 mini-compiler that's usable through the OpenSSL | ||
| 64 | configuration file. | ||
| 65 | o Added support for ASN.1 indefinite length constructed encoding. | ||
| 66 | o New PKCS#12 'medium level' API to manipulate PKCS#12 files. | ||
| 67 | o Complete rework of shared library construction and linking | ||
| 68 | programs with shared or static libraries, through a separate | ||
| 69 | Makefile.shared. | ||
| 70 | o Rework of the passing of parameters from one Makefile to another. | ||
| 71 | o Changed ENGINE framework to load dynamic engine modules | ||
| 72 | automatically from specifically given directories. | ||
| 73 | o New structure and ASN.1 functions for CertificatePair. | ||
| 74 | o Changed the ZLIB compression method to be stateful. | ||
| 75 | o Changed the key-generation and primality testing "progress" | ||
| 76 | mechanism to take a structure that contains the ticker | ||
| 77 | function and an argument. | ||
| 78 | o New engine module: GMP (performs private key exponentiation). | ||
| 79 | o New engine module: VIA PadLOck ACE extension in VIA C3 | ||
| 80 | Nehemiah processors. | ||
| 81 | o Added support for IPv6 addresses in certificate extensions. | ||
| 82 | See RFC 1884, section 2.2. | ||
| 83 | o Added support for certificate policy mappings, policy | ||
| 84 | constraints and name constraints. | ||
| 85 | o Added support for multi-valued AVAs in the OpenSSL | ||
| 86 | configuration file. | ||
| 87 | o Added support for multiple certificates with the same subject | ||
| 88 | in the 'openssl ca' index file. | ||
| 89 | o Make it possible to create self-signed certificates using | ||
| 90 | 'openssl ca -selfsign'. | ||
| 91 | o Make it possible to generate a serial number file with | ||
| 92 | 'openssl ca -create_serial'. | ||
| 93 | o New binary search functions with extended functionality. | ||
| 94 | o New BUF functions. | ||
| 95 | o New STORE structure and library to provide an interface to all | ||
| 96 | sorts of data repositories. Supports storage of public and | ||
| 97 | private keys, certificates, CRLs, numbers and arbitrary blobs. | ||
| 98 | This library is unfortunately unfinished and unused withing | ||
| 99 | OpenSSL. | ||
| 100 | o New control functions for the error stack. | ||
| 101 | o Changed the PKCS#7 library to support one-pass S/MIME | ||
| 102 | processing. | ||
| 103 | o Added the possibility to compile without old deprecated | ||
| 104 | functionality with the OPENSSL_NO_DEPRECATED macro or the | ||
| 105 | 'no-deprecated' argument to the config and Configure scripts. | ||
| 106 | o Constification of all ASN.1 conversion functions, and other | ||
| 107 | affected functions. | ||
| 108 | o Improved platform support for PowerPC. | ||
| 109 | o New FIPS 180-2 algorithms (SHA-224, -256, -384 and -512). | ||
| 110 | o New X509_VERIFY_PARAM structure to support parametrisation | ||
| 111 | of X.509 path validation. | ||
| 112 | o Major overhaul of RC4 performance on Intel P4, IA-64 and | ||
| 113 | AMD64. | ||
| 114 | o Changed the Configure script to have some algorithms disabled | ||
| 115 | by default. Those can be explicitely enabled with the new | ||
| 116 | argument form 'enable-xxx'. | ||
| 117 | o Change the default digest in 'openssl' commands from MD5 to | ||
| 118 | SHA-1. | ||
| 119 | o Added support for DTLS. | ||
| 120 | o New BIGNUM blinding. | ||
| 121 | o Added support for the RSA-PSS encryption scheme | ||
| 122 | o Added support for the RSA X.931 padding. | ||
| 123 | o Added support for BSD sockets on NetWare. | ||
| 124 | o Added support for files larger than 2GB. | ||
| 125 | o Added initial support for Win64. | ||
| 126 | o Added alternate pkg-config files. | ||
| 127 | |||
| 128 | Major changes between OpenSSL 0.9.7k and OpenSSL 0.9.7l: | ||
| 129 | |||
| 130 | o Introduce limits to prevent malicious key DoS (CVE-2006-2940) | ||
| 131 | o Fix security issues (CVE-2006-2937, CVE-2006-3737, CVE-2006-4343) | ||
| 132 | |||
| 133 | Major changes between OpenSSL 0.9.7j and OpenSSL 0.9.7k: | ||
| 134 | |||
| 135 | o Fix Daniel Bleichenbacher forged signature attack, CVE-2006-4339 | ||
| 136 | |||
| 8 | Major changes between OpenSSL 0.9.7i and OpenSSL 0.9.7j: | 137 | Major changes between OpenSSL 0.9.7i and OpenSSL 0.9.7j: |
| 9 | 138 | ||
| 139 | o Visual C++ 2005 fixes. | ||
| 10 | o Update Windows build system for FIPS. | 140 | o Update Windows build system for FIPS. |
| 11 | 141 | ||
| 12 | Major changes between OpenSSL 0.9.7h and OpenSSL 0.9.7i: | 142 | Major changes between OpenSSL 0.9.7h and OpenSSL 0.9.7i: |
| @@ -15,7 +145,7 @@ | |||
| 15 | 145 | ||
| 16 | Major changes between OpenSSL 0.9.7g and OpenSSL 0.9.7h: | 146 | Major changes between OpenSSL 0.9.7g and OpenSSL 0.9.7h: |
| 17 | 147 | ||
| 18 | o Fix SSL 2.0 Rollback, CAN-2005-2969 | 148 | o Fix SSL 2.0 Rollback, CVE-2005-2969 |
| 19 | o Allow use of fixed-length exponent on DSA signing | 149 | o Allow use of fixed-length exponent on DSA signing |
| 20 | o Default fixed-window RSA, DSA, DH private-key operations | 150 | o Default fixed-window RSA, DSA, DH private-key operations |
| 21 | 151 | ||
diff --git a/src/lib/libssl/src/README b/src/lib/libssl/src/README index a6a97c8858..df02ae076d 100644 --- a/src/lib/libssl/src/README +++ b/src/lib/libssl/src/README | |||
| @@ -1,7 +1,7 @@ | |||
| 1 | 1 | ||
| 2 | OpenSSL 0.9.7j 04 May 2006 | 2 | OpenSSL 0.9.8h |
| 3 | 3 | ||
| 4 | Copyright (c) 1998-2005 The OpenSSL Project | 4 | Copyright (c) 1998-2008 The OpenSSL Project |
| 5 | Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson | 5 | Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson |
| 6 | All rights reserved. | 6 | All rights reserved. |
| 7 | 7 | ||
| @@ -36,12 +36,13 @@ | |||
| 36 | actually logically part of it. It includes routines for the following: | 36 | actually logically part of it. It includes routines for the following: |
| 37 | 37 | ||
| 38 | Ciphers | 38 | Ciphers |
| 39 | libdes - EAY's libdes DES encryption package which has been floating | 39 | libdes - EAY's libdes DES encryption package which was floating |
| 40 | around the net for a few years. It includes 15 | 40 | around the net for a few years, and was then relicensed by |
| 41 | 'modes/variations' of DES (1, 2 and 3 key versions of ecb, | 41 | him as part of SSLeay. It includes 15 'modes/variations' |
| 42 | cbc, cfb and ofb; pcbc and a more general form of cfb and | 42 | of DES (1, 2 and 3 key versions of ecb, cbc, cfb and ofb; |
| 43 | ofb) including desx in cbc mode, a fast crypt(3), and | 43 | pcbc and a more general form of cfb and ofb) including desx |
| 44 | routines to read passwords from the keyboard. | 44 | in cbc mode, a fast crypt(3), and routines to read |
| 45 | passwords from the keyboard. | ||
| 45 | RC4 encryption, | 46 | RC4 encryption, |
| 46 | RC2 encryption - 4 different modes, ecb, cbc, cfb and ofb. | 47 | RC2 encryption - 4 different modes, ecb, cbc, cfb and ofb. |
| 47 | Blowfish encryption - 4 different modes, ecb, cbc, cfb and ofb. | 48 | Blowfish encryption - 4 different modes, ecb, cbc, cfb and ofb. |
| @@ -113,6 +114,10 @@ | |||
| 113 | 114 | ||
| 114 | The MDC2 algorithm is patented by IBM. | 115 | The MDC2 algorithm is patented by IBM. |
| 115 | 116 | ||
| 117 | NTT and Mitsubishi have patents and pending patents on the Camellia | ||
| 118 | algorithm, but allow use at no charge without requiring an explicit | ||
| 119 | licensing agreement: http://info.isl.ntt.co.jp/crypt/eng/info/chiteki.html | ||
| 120 | |||
| 116 | INSTALLATION | 121 | INSTALLATION |
| 117 | ------------ | 122 | ------------ |
| 118 | 123 | ||
| @@ -156,7 +161,7 @@ | |||
| 156 | - Stack Traceback (if the application dumps core) | 161 | - Stack Traceback (if the application dumps core) |
| 157 | 162 | ||
| 158 | Report the bug to the OpenSSL project via the Request Tracker | 163 | Report the bug to the OpenSSL project via the Request Tracker |
| 159 | (http://www.openssl.org/support/rt2.html) by mail to: | 164 | (http://www.openssl.org/support/rt.html) by mail to: |
| 160 | 165 | ||
| 161 | openssl-bugs@openssl.org | 166 | openssl-bugs@openssl.org |
| 162 | 167 | ||
diff --git a/src/lib/libssl/src/VMS/mkshared.com b/src/lib/libssl/src/VMS/mkshared.com index 19f3821bc6..1356fb9dd7 100644 --- a/src/lib/libssl/src/VMS/mkshared.com +++ b/src/lib/libssl/src/VMS/mkshared.com | |||
| @@ -266,14 +266,6 @@ $ falsesum = falsesum + 1 | |||
| 266 | $ endif | 266 | $ endif |
| 267 | $ if plat_entry .eqs. "VMS" then truesum = truesum + 1 | 267 | $ if plat_entry .eqs. "VMS" then truesum = truesum + 1 |
| 268 | $ if plat_entry .eqs. "!VMS" then falsesum = falsesum + 1 | 268 | $ if plat_entry .eqs. "!VMS" then falsesum = falsesum + 1 |
| 269 | $ if f$trnlnm("OPENSSL_FIPS") .nes. "" | ||
| 270 | $ then | ||
| 271 | $ if plat_entry .eqs. "OPENSSL_FIPS" then truesum = truesum + 1 | ||
| 272 | $ if plat_entry .eqs. "!OPENSSL_FIPS" then falsesum = falsesum + 1 | ||
| 273 | $ else | ||
| 274 | $ if plat_entry .eqs. "OPENSSL_FIPS" then falsesum = falsesum + 1 | ||
| 275 | $ if plat_entry .eqs. "!OPENSSL_FIPS" then truesum = truesum + 1 | ||
| 276 | $ endif | ||
| 277 | $ goto loop1 | 269 | $ goto loop1 |
| 278 | $ endif | 270 | $ endif |
| 279 | $ endloop1: | 271 | $ endloop1: |
| @@ -293,6 +285,7 @@ $ if alg_entry .eqs. "" then goto loop2 | |||
| 293 | $ if alg_entry .nes. "," | 285 | $ if alg_entry .nes. "," |
| 294 | $ then | 286 | $ then |
| 295 | $ if alg_entry .eqs. "KRB5" then goto loop ! Special for now | 287 | $ if alg_entry .eqs. "KRB5" then goto loop ! Special for now |
| 288 | $ if alg_entry .eqs. "STATIC_ENGINE" then goto loop ! Special for now | ||
| 296 | $ if f$trnlnm("OPENSSL_NO_"+alg_entry) .nes. "" then goto loop | 289 | $ if f$trnlnm("OPENSSL_NO_"+alg_entry) .nes. "" then goto loop |
| 297 | $ goto loop2 | 290 | $ goto loop2 |
| 298 | $ endif | 291 | $ endif |
diff --git a/src/lib/libssl/src/apps/CA.pl.in b/src/lib/libssl/src/apps/CA.pl.in index 9c99739092..c783a6e6a5 100644 --- a/src/lib/libssl/src/apps/CA.pl.in +++ b/src/lib/libssl/src/apps/CA.pl.in | |||
| @@ -45,7 +45,8 @@ if(defined $ENV{OPENSSL}) { | |||
| 45 | } | 45 | } |
| 46 | 46 | ||
| 47 | $SSLEAY_CONFIG=$ENV{"SSLEAY_CONFIG"}; | 47 | $SSLEAY_CONFIG=$ENV{"SSLEAY_CONFIG"}; |
| 48 | $DAYS="-days 365"; | 48 | $DAYS="-days 365"; # 1 year |
| 49 | $CADAYS="-days 1095"; # 3 years | ||
| 49 | $REQ="$openssl req $SSLEAY_CONFIG"; | 50 | $REQ="$openssl req $SSLEAY_CONFIG"; |
| 50 | $CA="$openssl ca $SSLEAY_CONFIG"; | 51 | $CA="$openssl ca $SSLEAY_CONFIG"; |
| 51 | $VERIFY="$openssl verify"; | 52 | $VERIFY="$openssl verify"; |
| @@ -54,6 +55,7 @@ $PKCS12="$openssl pkcs12"; | |||
| 54 | 55 | ||
| 55 | $CATOP="./demoCA"; | 56 | $CATOP="./demoCA"; |
| 56 | $CAKEY="cakey.pem"; | 57 | $CAKEY="cakey.pem"; |
| 58 | $CAREQ="careq.pem"; | ||
| 57 | $CACERT="cacert.pem"; | 59 | $CACERT="cacert.pem"; |
| 58 | 60 | ||
| 59 | $DIRMODE = 0777; | 61 | $DIRMODE = 0777; |
| @@ -92,6 +94,9 @@ foreach (@ARGV) { | |||
| 92 | mkdir "${CATOP}/private", $DIRMODE; | 94 | mkdir "${CATOP}/private", $DIRMODE; |
| 93 | open OUT, ">${CATOP}/index.txt"; | 95 | open OUT, ">${CATOP}/index.txt"; |
| 94 | close OUT; | 96 | close OUT; |
| 97 | open OUT, ">${CATOP}/crlnumber"; | ||
| 98 | print OUT "01\n"; | ||
| 99 | close OUT; | ||
| 95 | } | 100 | } |
| 96 | if ( ! -f "${CATOP}/private/$CAKEY" ) { | 101 | if ( ! -f "${CATOP}/private/$CAKEY" ) { |
| 97 | print "CA certificate filename (or enter to create)\n"; | 102 | print "CA certificate filename (or enter to create)\n"; |
| @@ -106,15 +111,16 @@ foreach (@ARGV) { | |||
| 106 | $RET=$?; | 111 | $RET=$?; |
| 107 | } else { | 112 | } else { |
| 108 | print "Making CA certificate ...\n"; | 113 | print "Making CA certificate ...\n"; |
| 109 | system ("$REQ -new -x509 -keyout " . | 114 | system ("$REQ -new -keyout " . |
| 110 | "${CATOP}/private/$CAKEY -out ${CATOP}/$CACERT $DAYS"); | 115 | "${CATOP}/private/$CAKEY -out ${CATOP}/$CAREQ"); |
| 116 | system ("$CA -create_serial " . | ||
| 117 | "-out ${CATOP}/$CACERT $CADAYS -batch " . | ||
| 118 | "-keyfile ${CATOP}/private/$CAKEY -selfsign " . | ||
| 119 | "-extensions v3_ca " . | ||
| 120 | "-infiles ${CATOP}/$CAREQ "); | ||
| 111 | $RET=$?; | 121 | $RET=$?; |
| 112 | } | 122 | } |
| 113 | } | 123 | } |
| 114 | if (! -f "${CATOP}/serial" ) { | ||
| 115 | system ("$X509 -in ${CATOP}/$CACERT -noout " | ||
| 116 | . "-next_serial -out ${CATOP}/serial"); | ||
| 117 | } | ||
| 118 | } elsif (/^-pkcs12$/) { | 124 | } elsif (/^-pkcs12$/) { |
| 119 | my $cname = $ARGV[1]; | 125 | my $cname = $ARGV[1]; |
| 120 | $cname = "My Certificate" unless defined $cname; | 126 | $cname = "My Certificate" unless defined $cname; |
diff --git a/src/lib/libssl/src/apps/CA.sh b/src/lib/libssl/src/apps/CA.sh index 84d7ec0b33..a0b20d85a9 100644 --- a/src/lib/libssl/src/apps/CA.sh +++ b/src/lib/libssl/src/apps/CA.sh | |||
| @@ -32,7 +32,8 @@ | |||
| 32 | 32 | ||
| 33 | if [ -z "$OPENSSL" ]; then OPENSSL=openssl; fi | 33 | if [ -z "$OPENSSL" ]; then OPENSSL=openssl; fi |
| 34 | 34 | ||
| 35 | DAYS="-days 365" | 35 | DAYS="-days 365" # 1 year |
| 36 | CADAYS="-days 1095" # 3 years | ||
| 36 | REQ="$OPENSSL req $SSLEAY_CONFIG" | 37 | REQ="$OPENSSL req $SSLEAY_CONFIG" |
| 37 | CA="$OPENSSL ca $SSLEAY_CONFIG" | 38 | CA="$OPENSSL ca $SSLEAY_CONFIG" |
| 38 | VERIFY="$OPENSSL verify" | 39 | VERIFY="$OPENSSL verify" |
| @@ -40,6 +41,7 @@ X509="$OPENSSL x509" | |||
| 40 | 41 | ||
| 41 | CATOP=./demoCA | 42 | CATOP=./demoCA |
| 42 | CAKEY=./cakey.pem | 43 | CAKEY=./cakey.pem |
| 44 | CAREQ=./careq.pem | ||
| 43 | CACERT=./cacert.pem | 45 | CACERT=./cacert.pem |
| 44 | 46 | ||
| 45 | for i | 47 | for i |
| @@ -72,7 +74,7 @@ case $i in | |||
| 72 | mkdir ${CATOP}/crl | 74 | mkdir ${CATOP}/crl |
| 73 | mkdir ${CATOP}/newcerts | 75 | mkdir ${CATOP}/newcerts |
| 74 | mkdir ${CATOP}/private | 76 | mkdir ${CATOP}/private |
| 75 | echo "01" > ${CATOP}/serial | 77 | echo "00" > ${CATOP}/serial |
| 76 | touch ${CATOP}/index.txt | 78 | touch ${CATOP}/index.txt |
| 77 | fi | 79 | fi |
| 78 | if [ ! -f ${CATOP}/private/$CAKEY ]; then | 80 | if [ ! -f ${CATOP}/private/$CAKEY ]; then |
| @@ -85,8 +87,11 @@ case $i in | |||
| 85 | RET=$? | 87 | RET=$? |
| 86 | else | 88 | else |
| 87 | echo "Making CA certificate ..." | 89 | echo "Making CA certificate ..." |
| 88 | $REQ -new -x509 -keyout ${CATOP}/private/$CAKEY \ | 90 | $REQ -new -keyout ${CATOP}/private/$CAKEY \ |
| 89 | -out ${CATOP}/$CACERT $DAYS | 91 | -out ${CATOP}/$CAREQ |
| 92 | $CA -out ${CATOP}/$CACERT $CADAYS -batch \ | ||
| 93 | -keyfile ${CATOP}/private/$CAKEY -selfsign \ | ||
| 94 | -infiles ${CATOP}/$CAREQ | ||
| 90 | RET=$? | 95 | RET=$? |
| 91 | fi | 96 | fi |
| 92 | fi | 97 | fi |
diff --git a/src/lib/libssl/src/apps/apps.c b/src/lib/libssl/src/apps/apps.c index 9b07e913c5..5209caba2e 100644 --- a/src/lib/libssl/src/apps/apps.c +++ b/src/lib/libssl/src/apps/apps.c | |||
| @@ -125,13 +125,17 @@ | |||
| 125 | #ifndef OPENSSL_NO_ENGINE | 125 | #ifndef OPENSSL_NO_ENGINE |
| 126 | #include <openssl/engine.h> | 126 | #include <openssl/engine.h> |
| 127 | #endif | 127 | #endif |
| 128 | #ifndef OPENSSL_NO_RSA | ||
| 129 | #include <openssl/rsa.h> | ||
| 130 | #endif | ||
| 131 | #include <openssl/bn.h> | ||
| 128 | 132 | ||
| 129 | #define NON_MAIN | 133 | #define NON_MAIN |
| 130 | #include "apps.h" | 134 | #include "apps.h" |
| 131 | #undef NON_MAIN | 135 | #undef NON_MAIN |
| 132 | 136 | ||
| 133 | typedef struct { | 137 | typedef struct { |
| 134 | char *name; | 138 | const char *name; |
| 135 | unsigned long flag; | 139 | unsigned long flag; |
| 136 | unsigned long mask; | 140 | unsigned long mask; |
| 137 | } NAME_EX_TBL; | 141 | } NAME_EX_TBL; |
| @@ -250,7 +254,7 @@ int str2fmt(char *s) | |||
| 250 | return(FORMAT_UNDEF); | 254 | return(FORMAT_UNDEF); |
| 251 | } | 255 | } |
| 252 | 256 | ||
| 253 | #if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WIN16) | 257 | #if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WIN16) || defined(OPENSSL_SYS_NETWARE) |
| 254 | void program_name(char *in, char *out, int size) | 258 | void program_name(char *in, char *out, int size) |
| 255 | { | 259 | { |
| 256 | int i,n; | 260 | int i,n; |
| @@ -269,12 +273,23 @@ void program_name(char *in, char *out, int size) | |||
| 269 | if (p == NULL) | 273 | if (p == NULL) |
| 270 | p=in; | 274 | p=in; |
| 271 | n=strlen(p); | 275 | n=strlen(p); |
| 276 | |||
| 277 | #if defined(OPENSSL_SYS_NETWARE) | ||
| 278 | /* strip off trailing .nlm if present. */ | ||
| 279 | if ((n > 4) && (p[n-4] == '.') && | ||
| 280 | ((p[n-3] == 'n') || (p[n-3] == 'N')) && | ||
| 281 | ((p[n-2] == 'l') || (p[n-2] == 'L')) && | ||
| 282 | ((p[n-1] == 'm') || (p[n-1] == 'M'))) | ||
| 283 | n-=4; | ||
| 284 | #else | ||
| 272 | /* strip off trailing .exe if present. */ | 285 | /* strip off trailing .exe if present. */ |
| 273 | if ((n > 4) && (p[n-4] == '.') && | 286 | if ((n > 4) && (p[n-4] == '.') && |
| 274 | ((p[n-3] == 'e') || (p[n-3] == 'E')) && | 287 | ((p[n-3] == 'e') || (p[n-3] == 'E')) && |
| 275 | ((p[n-2] == 'x') || (p[n-2] == 'X')) && | 288 | ((p[n-2] == 'x') || (p[n-2] == 'X')) && |
| 276 | ((p[n-1] == 'e') || (p[n-1] == 'E'))) | 289 | ((p[n-1] == 'e') || (p[n-1] == 'E'))) |
| 277 | n-=4; | 290 | n-=4; |
| 291 | #endif | ||
| 292 | |||
| 278 | if (n > size-1) | 293 | if (n > size-1) |
| 279 | n=size-1; | 294 | n=size-1; |
| 280 | 295 | ||
| @@ -761,7 +776,7 @@ X509 *load_cert(BIO *err, const char *file, int format, | |||
| 761 | x=d2i_X509_bio(cert,NULL); | 776 | x=d2i_X509_bio(cert,NULL); |
| 762 | else if (format == FORMAT_NETSCAPE) | 777 | else if (format == FORMAT_NETSCAPE) |
| 763 | { | 778 | { |
| 764 | unsigned char *p,*op; | 779 | const unsigned char *p,*op; |
| 765 | int size=0,i; | 780 | int size=0,i; |
| 766 | 781 | ||
| 767 | /* We sort of have to do it this way because it is sort of nice | 782 | /* We sort of have to do it this way because it is sort of nice |
| @@ -1263,7 +1278,7 @@ static int set_table_opts(unsigned long *flags, const char *arg, const NAME_EX_T | |||
| 1263 | return 0; | 1278 | return 0; |
| 1264 | } | 1279 | } |
| 1265 | 1280 | ||
| 1266 | void print_name(BIO *out, char *title, X509_NAME *nm, unsigned long lflags) | 1281 | void print_name(BIO *out, const char *title, X509_NAME *nm, unsigned long lflags) |
| 1267 | { | 1282 | { |
| 1268 | char *buf; | 1283 | char *buf; |
| 1269 | char mline = 0; | 1284 | char mline = 0; |
| @@ -1731,23 +1746,10 @@ CA_DB *load_index(char *dbfile, DB_ATTR *db_attr) | |||
| 1731 | char *p = NCONF_get_string(dbattr_conf,NULL,"unique_subject"); | 1746 | char *p = NCONF_get_string(dbattr_conf,NULL,"unique_subject"); |
| 1732 | if (p) | 1747 | if (p) |
| 1733 | { | 1748 | { |
| 1749 | #ifdef RL_DEBUG | ||
| 1734 | BIO_printf(bio_err, "DEBUG[load_index]: unique_subject = \"%s\"\n", p); | 1750 | BIO_printf(bio_err, "DEBUG[load_index]: unique_subject = \"%s\"\n", p); |
| 1735 | switch(*p) | 1751 | #endif |
| 1736 | { | 1752 | retdb->attributes.unique_subject = parse_yesno(p,1); |
| 1737 | case 'f': /* false */ | ||
| 1738 | case 'F': /* FALSE */ | ||
| 1739 | case 'n': /* no */ | ||
| 1740 | case 'N': /* NO */ | ||
| 1741 | retdb->attributes.unique_subject = 0; | ||
| 1742 | break; | ||
| 1743 | case 't': /* true */ | ||
| 1744 | case 'T': /* TRUE */ | ||
| 1745 | case 'y': /* yes */ | ||
| 1746 | case 'Y': /* YES */ | ||
| 1747 | default: | ||
| 1748 | retdb->attributes.unique_subject = 1; | ||
| 1749 | break; | ||
| 1750 | } | ||
| 1751 | } | 1753 | } |
| 1752 | } | 1754 | } |
| 1753 | 1755 | ||
| @@ -1782,7 +1784,7 @@ int index_index(CA_DB *db) | |||
| 1782 | return 1; | 1784 | return 1; |
| 1783 | } | 1785 | } |
| 1784 | 1786 | ||
| 1785 | int save_index(char *dbfile, char *suffix, CA_DB *db) | 1787 | int save_index(const char *dbfile, const char *suffix, CA_DB *db) |
| 1786 | { | 1788 | { |
| 1787 | char buf[3][BSIZE]; | 1789 | char buf[3][BSIZE]; |
| 1788 | BIO *out = BIO_new(BIO_s_file()); | 1790 | BIO *out = BIO_new(BIO_s_file()); |
| @@ -1849,7 +1851,7 @@ int save_index(char *dbfile, char *suffix, CA_DB *db) | |||
| 1849 | return 0; | 1851 | return 0; |
| 1850 | } | 1852 | } |
| 1851 | 1853 | ||
| 1852 | int rotate_index(char *dbfile, char *new_suffix, char *old_suffix) | 1854 | int rotate_index(const char *dbfile, const char *new_suffix, const char *old_suffix) |
| 1853 | { | 1855 | { |
| 1854 | char buf[5][BSIZE]; | 1856 | char buf[5][BSIZE]; |
| 1855 | int i,j; | 1857 | int i,j; |
| @@ -1989,9 +1991,174 @@ void free_index(CA_DB *db) | |||
| 1989 | } | 1991 | } |
| 1990 | } | 1992 | } |
| 1991 | 1993 | ||
| 1994 | int parse_yesno(const char *str, int def) | ||
| 1995 | { | ||
| 1996 | int ret = def; | ||
| 1997 | if (str) | ||
| 1998 | { | ||
| 1999 | switch (*str) | ||
| 2000 | { | ||
| 2001 | case 'f': /* false */ | ||
| 2002 | case 'F': /* FALSE */ | ||
| 2003 | case 'n': /* no */ | ||
| 2004 | case 'N': /* NO */ | ||
| 2005 | case '0': /* 0 */ | ||
| 2006 | ret = 0; | ||
| 2007 | break; | ||
| 2008 | case 't': /* true */ | ||
| 2009 | case 'T': /* TRUE */ | ||
| 2010 | case 'y': /* yes */ | ||
| 2011 | case 'Y': /* YES */ | ||
| 2012 | case '1': /* 1 */ | ||
| 2013 | ret = 1; | ||
| 2014 | break; | ||
| 2015 | default: | ||
| 2016 | ret = def; | ||
| 2017 | break; | ||
| 2018 | } | ||
| 2019 | } | ||
| 2020 | return ret; | ||
| 2021 | } | ||
| 2022 | |||
| 2023 | /* | ||
| 2024 | * subject is expected to be in the format /type0=value0/type1=value1/type2=... | ||
| 2025 | * where characters may be escaped by \ | ||
| 2026 | */ | ||
| 2027 | X509_NAME *parse_name(char *subject, long chtype, int multirdn) | ||
| 2028 | { | ||
| 2029 | size_t buflen = strlen(subject)+1; /* to copy the types and values into. due to escaping, the copy can only become shorter */ | ||
| 2030 | char *buf = OPENSSL_malloc(buflen); | ||
| 2031 | size_t max_ne = buflen / 2 + 1; /* maximum number of name elements */ | ||
| 2032 | char **ne_types = OPENSSL_malloc(max_ne * sizeof (char *)); | ||
| 2033 | char **ne_values = OPENSSL_malloc(max_ne * sizeof (char *)); | ||
| 2034 | int *mval = OPENSSL_malloc (max_ne * sizeof (int)); | ||
| 2035 | |||
| 2036 | char *sp = subject, *bp = buf; | ||
| 2037 | int i, ne_num = 0; | ||
| 2038 | |||
| 2039 | X509_NAME *n = NULL; | ||
| 2040 | int nid; | ||
| 2041 | |||
| 2042 | if (!buf || !ne_types || !ne_values) | ||
| 2043 | { | ||
| 2044 | BIO_printf(bio_err, "malloc error\n"); | ||
| 2045 | goto error; | ||
| 2046 | } | ||
| 2047 | |||
| 2048 | if (*subject != '/') | ||
| 2049 | { | ||
| 2050 | BIO_printf(bio_err, "Subject does not start with '/'.\n"); | ||
| 2051 | goto error; | ||
| 2052 | } | ||
| 2053 | sp++; /* skip leading / */ | ||
| 2054 | |||
| 2055 | /* no multivalued RDN by default */ | ||
| 2056 | mval[ne_num] = 0; | ||
| 2057 | |||
| 2058 | while (*sp) | ||
| 2059 | { | ||
| 2060 | /* collect type */ | ||
| 2061 | ne_types[ne_num] = bp; | ||
| 2062 | while (*sp) | ||
| 2063 | { | ||
| 2064 | if (*sp == '\\') /* is there anything to escape in the type...? */ | ||
| 2065 | { | ||
| 2066 | if (*++sp) | ||
| 2067 | *bp++ = *sp++; | ||
| 2068 | else | ||
| 2069 | { | ||
| 2070 | BIO_printf(bio_err, "escape character at end of string\n"); | ||
| 2071 | goto error; | ||
| 2072 | } | ||
| 2073 | } | ||
| 2074 | else if (*sp == '=') | ||
| 2075 | { | ||
| 2076 | sp++; | ||
| 2077 | *bp++ = '\0'; | ||
| 2078 | break; | ||
| 2079 | } | ||
| 2080 | else | ||
| 2081 | *bp++ = *sp++; | ||
| 2082 | } | ||
| 2083 | if (!*sp) | ||
| 2084 | { | ||
| 2085 | BIO_printf(bio_err, "end of string encountered while processing type of subject name element #%d\n", ne_num); | ||
| 2086 | goto error; | ||
| 2087 | } | ||
| 2088 | ne_values[ne_num] = bp; | ||
| 2089 | while (*sp) | ||
| 2090 | { | ||
| 2091 | if (*sp == '\\') | ||
| 2092 | { | ||
| 2093 | if (*++sp) | ||
| 2094 | *bp++ = *sp++; | ||
| 2095 | else | ||
| 2096 | { | ||
| 2097 | BIO_printf(bio_err, "escape character at end of string\n"); | ||
| 2098 | goto error; | ||
| 2099 | } | ||
| 2100 | } | ||
| 2101 | else if (*sp == '/') | ||
| 2102 | { | ||
| 2103 | sp++; | ||
| 2104 | /* no multivalued RDN by default */ | ||
| 2105 | mval[ne_num+1] = 0; | ||
| 2106 | break; | ||
| 2107 | } | ||
| 2108 | else if (*sp == '+' && multirdn) | ||
| 2109 | { | ||
| 2110 | /* a not escaped + signals a mutlivalued RDN */ | ||
| 2111 | sp++; | ||
| 2112 | mval[ne_num+1] = -1; | ||
| 2113 | break; | ||
| 2114 | } | ||
| 2115 | else | ||
| 2116 | *bp++ = *sp++; | ||
| 2117 | } | ||
| 2118 | *bp++ = '\0'; | ||
| 2119 | ne_num++; | ||
| 2120 | } | ||
| 2121 | |||
| 2122 | if (!(n = X509_NAME_new())) | ||
| 2123 | goto error; | ||
| 2124 | |||
| 2125 | for (i = 0; i < ne_num; i++) | ||
| 2126 | { | ||
| 2127 | if ((nid=OBJ_txt2nid(ne_types[i])) == NID_undef) | ||
| 2128 | { | ||
| 2129 | BIO_printf(bio_err, "Subject Attribute %s has no known NID, skipped\n", ne_types[i]); | ||
| 2130 | continue; | ||
| 2131 | } | ||
| 2132 | |||
| 2133 | if (!*ne_values[i]) | ||
| 2134 | { | ||
| 2135 | BIO_printf(bio_err, "No value provided for Subject Attribute %s, skipped\n", ne_types[i]); | ||
| 2136 | continue; | ||
| 2137 | } | ||
| 2138 | |||
| 2139 | if (!X509_NAME_add_entry_by_NID(n, nid, chtype, (unsigned char*)ne_values[i], -1,-1,mval[i])) | ||
| 2140 | goto error; | ||
| 2141 | } | ||
| 2142 | |||
| 2143 | OPENSSL_free(ne_values); | ||
| 2144 | OPENSSL_free(ne_types); | ||
| 2145 | OPENSSL_free(buf); | ||
| 2146 | return n; | ||
| 2147 | |||
| 2148 | error: | ||
| 2149 | X509_NAME_free(n); | ||
| 2150 | if (ne_values) | ||
| 2151 | OPENSSL_free(ne_values); | ||
| 2152 | if (ne_types) | ||
| 2153 | OPENSSL_free(ne_types); | ||
| 2154 | if (buf) | ||
| 2155 | OPENSSL_free(buf); | ||
| 2156 | return NULL; | ||
| 2157 | } | ||
| 2158 | |||
| 1992 | /* This code MUST COME AFTER anything that uses rename() */ | 2159 | /* This code MUST COME AFTER anything that uses rename() */ |
| 1993 | #ifdef OPENSSL_SYS_WIN32 | 2160 | #ifdef OPENSSL_SYS_WIN32 |
| 1994 | int WIN32_rename(char *from, char *to) | 2161 | int WIN32_rename(const char *from, const char *to) |
| 1995 | { | 2162 | { |
| 1996 | #ifndef OPENSSL_SYS_WINCE | 2163 | #ifndef OPENSSL_SYS_WINCE |
| 1997 | /* Windows rename gives an error if 'to' exists, so delete it | 2164 | /* Windows rename gives an error if 'to' exists, so delete it |
| @@ -2027,3 +2194,142 @@ int WIN32_rename(char *from, char *to) | |||
| 2027 | #endif | 2194 | #endif |
| 2028 | } | 2195 | } |
| 2029 | #endif | 2196 | #endif |
| 2197 | |||
| 2198 | int args_verify(char ***pargs, int *pargc, | ||
| 2199 | int *badarg, BIO *err, X509_VERIFY_PARAM **pm) | ||
| 2200 | { | ||
| 2201 | ASN1_OBJECT *otmp = NULL; | ||
| 2202 | unsigned long flags = 0; | ||
| 2203 | int i; | ||
| 2204 | int purpose = 0; | ||
| 2205 | char **oldargs = *pargs; | ||
| 2206 | char *arg = **pargs, *argn = (*pargs)[1]; | ||
| 2207 | if (!strcmp(arg, "-policy")) | ||
| 2208 | { | ||
| 2209 | if (!argn) | ||
| 2210 | *badarg = 1; | ||
| 2211 | else | ||
| 2212 | { | ||
| 2213 | otmp = OBJ_txt2obj(argn, 0); | ||
| 2214 | if (!otmp) | ||
| 2215 | { | ||
| 2216 | BIO_printf(err, "Invalid Policy \"%s\"\n", | ||
| 2217 | argn); | ||
| 2218 | *badarg = 1; | ||
| 2219 | } | ||
| 2220 | } | ||
| 2221 | (*pargs)++; | ||
| 2222 | } | ||
| 2223 | else if (strcmp(arg,"-purpose") == 0) | ||
| 2224 | { | ||
| 2225 | X509_PURPOSE *xptmp; | ||
| 2226 | if (!argn) | ||
| 2227 | *badarg = 1; | ||
| 2228 | else | ||
| 2229 | { | ||
| 2230 | i = X509_PURPOSE_get_by_sname(argn); | ||
| 2231 | if(i < 0) | ||
| 2232 | { | ||
| 2233 | BIO_printf(err, "unrecognized purpose\n"); | ||
| 2234 | *badarg = 1; | ||
| 2235 | } | ||
| 2236 | else | ||
| 2237 | { | ||
| 2238 | xptmp = X509_PURPOSE_get0(i); | ||
| 2239 | purpose = X509_PURPOSE_get_id(xptmp); | ||
| 2240 | } | ||
| 2241 | } | ||
| 2242 | (*pargs)++; | ||
| 2243 | } | ||
| 2244 | else if (!strcmp(arg, "-ignore_critical")) | ||
| 2245 | flags |= X509_V_FLAG_IGNORE_CRITICAL; | ||
| 2246 | else if (!strcmp(arg, "-issuer_checks")) | ||
| 2247 | flags |= X509_V_FLAG_CB_ISSUER_CHECK; | ||
| 2248 | else if (!strcmp(arg, "-crl_check")) | ||
| 2249 | flags |= X509_V_FLAG_CRL_CHECK; | ||
| 2250 | else if (!strcmp(arg, "-crl_check_all")) | ||
| 2251 | flags |= X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL; | ||
| 2252 | else if (!strcmp(arg, "-policy_check")) | ||
| 2253 | flags |= X509_V_FLAG_POLICY_CHECK; | ||
| 2254 | else if (!strcmp(arg, "-explicit_policy")) | ||
| 2255 | flags |= X509_V_FLAG_EXPLICIT_POLICY; | ||
| 2256 | else if (!strcmp(arg, "-x509_strict")) | ||
| 2257 | flags |= X509_V_FLAG_X509_STRICT; | ||
| 2258 | else if (!strcmp(arg, "-policy_print")) | ||
| 2259 | flags |= X509_V_FLAG_NOTIFY_POLICY; | ||
| 2260 | else | ||
| 2261 | return 0; | ||
| 2262 | |||
| 2263 | if (*badarg) | ||
| 2264 | { | ||
| 2265 | if (*pm) | ||
| 2266 | X509_VERIFY_PARAM_free(*pm); | ||
| 2267 | *pm = NULL; | ||
| 2268 | goto end; | ||
| 2269 | } | ||
| 2270 | |||
| 2271 | if (!*pm && !(*pm = X509_VERIFY_PARAM_new())) | ||
| 2272 | { | ||
| 2273 | *badarg = 1; | ||
| 2274 | goto end; | ||
| 2275 | } | ||
| 2276 | |||
| 2277 | if (otmp) | ||
| 2278 | X509_VERIFY_PARAM_add0_policy(*pm, otmp); | ||
| 2279 | if (flags) | ||
| 2280 | X509_VERIFY_PARAM_set_flags(*pm, flags); | ||
| 2281 | |||
| 2282 | if (purpose) | ||
| 2283 | X509_VERIFY_PARAM_set_purpose(*pm, purpose); | ||
| 2284 | |||
| 2285 | end: | ||
| 2286 | |||
| 2287 | (*pargs)++; | ||
| 2288 | |||
| 2289 | if (pargc) | ||
| 2290 | *pargc -= *pargs - oldargs; | ||
| 2291 | |||
| 2292 | return 1; | ||
| 2293 | |||
| 2294 | } | ||
| 2295 | |||
| 2296 | static void nodes_print(BIO *out, const char *name, | ||
| 2297 | STACK_OF(X509_POLICY_NODE) *nodes) | ||
| 2298 | { | ||
| 2299 | X509_POLICY_NODE *node; | ||
| 2300 | int i; | ||
| 2301 | BIO_printf(out, "%s Policies:", name); | ||
| 2302 | if (nodes) | ||
| 2303 | { | ||
| 2304 | BIO_puts(out, "\n"); | ||
| 2305 | for (i = 0; i < sk_X509_POLICY_NODE_num(nodes); i++) | ||
| 2306 | { | ||
| 2307 | node = sk_X509_POLICY_NODE_value(nodes, i); | ||
| 2308 | X509_POLICY_NODE_print(out, node, 2); | ||
| 2309 | } | ||
| 2310 | } | ||
| 2311 | else | ||
| 2312 | BIO_puts(out, " <empty>\n"); | ||
| 2313 | } | ||
| 2314 | |||
| 2315 | void policies_print(BIO *out, X509_STORE_CTX *ctx) | ||
| 2316 | { | ||
| 2317 | X509_POLICY_TREE *tree; | ||
| 2318 | int explicit_policy; | ||
| 2319 | int free_out = 0; | ||
| 2320 | if (out == NULL) | ||
| 2321 | { | ||
| 2322 | out = BIO_new_fp(stderr, BIO_NOCLOSE); | ||
| 2323 | free_out = 1; | ||
| 2324 | } | ||
| 2325 | tree = X509_STORE_CTX_get0_policy_tree(ctx); | ||
| 2326 | explicit_policy = X509_STORE_CTX_get_explicit_policy(ctx); | ||
| 2327 | |||
| 2328 | BIO_printf(out, "Require explicit Policy: %s\n", | ||
| 2329 | explicit_policy ? "True" : "False"); | ||
| 2330 | |||
| 2331 | nodes_print(out, "Authority", X509_policy_tree_get0_policies(tree)); | ||
| 2332 | nodes_print(out, "User", X509_policy_tree_get0_user_policies(tree)); | ||
| 2333 | if (free_out) | ||
| 2334 | BIO_free(out); | ||
| 2335 | } | ||
diff --git a/src/lib/libssl/src/apps/apps.h b/src/lib/libssl/src/apps/apps.h index 4320410dad..0df170813a 100644 --- a/src/lib/libssl/src/apps/apps.h +++ b/src/lib/libssl/src/apps/apps.h | |||
| @@ -114,9 +114,7 @@ | |||
| 114 | 114 | ||
| 115 | #include "e_os.h" | 115 | #include "e_os.h" |
| 116 | 116 | ||
| 117 | #include <openssl/buffer.h> | ||
| 118 | #include <openssl/bio.h> | 117 | #include <openssl/bio.h> |
| 119 | #include <openssl/crypto.h> | ||
| 120 | #include <openssl/x509.h> | 118 | #include <openssl/x509.h> |
| 121 | #include <openssl/lhash.h> | 119 | #include <openssl/lhash.h> |
| 122 | #include <openssl/conf.h> | 120 | #include <openssl/conf.h> |
| @@ -124,6 +122,9 @@ | |||
| 124 | #ifndef OPENSSL_NO_ENGINE | 122 | #ifndef OPENSSL_NO_ENGINE |
| 125 | #include <openssl/engine.h> | 123 | #include <openssl/engine.h> |
| 126 | #endif | 124 | #endif |
| 125 | #ifndef OPENSSL_NO_OCSP | ||
| 126 | #include <openssl/ocsp.h> | ||
| 127 | #endif | ||
| 127 | #include <openssl/ossl_typ.h> | 128 | #include <openssl/ossl_typ.h> |
| 128 | 129 | ||
| 129 | int app_RAND_load_file(const char *file, BIO *bio_e, int dont_warn); | 130 | int app_RAND_load_file(const char *file, BIO *bio_e, int dont_warn); |
| @@ -138,7 +139,7 @@ long app_RAND_load_files(char *file); /* `file' is a list of files to read, | |||
| 138 | 139 | ||
| 139 | #ifdef OPENSSL_SYS_WIN32 | 140 | #ifdef OPENSSL_SYS_WIN32 |
| 140 | #define rename(from,to) WIN32_rename((from),(to)) | 141 | #define rename(from,to) WIN32_rename((from),(to)) |
| 141 | int WIN32_rename(char *oldname,char *newname); | 142 | int WIN32_rename(const char *oldname,const char *newname); |
| 142 | #endif | 143 | #endif |
| 143 | 144 | ||
| 144 | #ifndef MONOLITH | 145 | #ifndef MONOLITH |
| @@ -148,11 +149,9 @@ int WIN32_rename(char *oldname,char *newname); | |||
| 148 | #ifndef NON_MAIN | 149 | #ifndef NON_MAIN |
| 149 | CONF *config=NULL; | 150 | CONF *config=NULL; |
| 150 | BIO *bio_err=NULL; | 151 | BIO *bio_err=NULL; |
| 151 | int in_FIPS_mode=0; | ||
| 152 | #else | 152 | #else |
| 153 | extern CONF *config; | 153 | extern CONF *config; |
| 154 | extern BIO *bio_err; | 154 | extern BIO *bio_err; |
| 155 | extern int in_FIPS_mode; | ||
| 156 | #endif | 155 | #endif |
| 157 | 156 | ||
| 158 | #else | 157 | #else |
| @@ -161,11 +160,12 @@ extern int in_FIPS_mode; | |||
| 161 | extern CONF *config; | 160 | extern CONF *config; |
| 162 | extern char *default_config_file; | 161 | extern char *default_config_file; |
| 163 | extern BIO *bio_err; | 162 | extern BIO *bio_err; |
| 164 | extern int in_FIPS_mode; | ||
| 165 | 163 | ||
| 166 | #endif | 164 | #endif |
| 167 | 165 | ||
| 166 | #ifndef OPENSSL_SYS_NETWARE | ||
| 168 | #include <signal.h> | 167 | #include <signal.h> |
| 168 | #endif | ||
| 169 | 169 | ||
| 170 | #ifdef SIGPIPE | 170 | #ifdef SIGPIPE |
| 171 | #define do_pipe_sig() signal(SIGPIPE,SIG_IGN) | 171 | #define do_pipe_sig() signal(SIGPIPE,SIG_IGN) |
| @@ -231,6 +231,12 @@ extern int in_FIPS_mode; | |||
| 231 | # endif | 231 | # endif |
| 232 | #endif | 232 | #endif |
| 233 | 233 | ||
| 234 | #ifdef OPENSSL_SYSNAME_WIN32 | ||
| 235 | # define openssl_fdset(a,b) FD_SET((unsigned int)a, b) | ||
| 236 | #else | ||
| 237 | # define openssl_fdset(a,b) FD_SET(a, b) | ||
| 238 | #endif | ||
| 239 | |||
| 234 | typedef struct args_st | 240 | typedef struct args_st |
| 235 | { | 241 | { |
| 236 | char **data; | 242 | char **data; |
| @@ -257,7 +263,7 @@ void program_name(char *in,char *out,int size); | |||
| 257 | int chopup_args(ARGS *arg,char *buf, int *argc, char **argv[]); | 263 | int chopup_args(ARGS *arg,char *buf, int *argc, char **argv[]); |
| 258 | #ifdef HEADER_X509_H | 264 | #ifdef HEADER_X509_H |
| 259 | int dump_cert_text(BIO *out, X509 *x); | 265 | int dump_cert_text(BIO *out, X509 *x); |
| 260 | void print_name(BIO *out, char *title, X509_NAME *nm, unsigned long lflags); | 266 | void print_name(BIO *out, const char *title, X509_NAME *nm, unsigned long lflags); |
| 261 | #endif | 267 | #endif |
| 262 | int set_cert_ex(unsigned long *flags, const char *arg); | 268 | int set_cert_ex(unsigned long *flags, const char *arg); |
| 263 | int set_name_ex(unsigned long *flags, const char *arg); | 269 | int set_name_ex(unsigned long *flags, const char *arg); |
| @@ -278,12 +284,18 @@ X509_STORE *setup_verify(BIO *bp, char *CAfile, char *CApath); | |||
| 278 | ENGINE *setup_engine(BIO *err, const char *engine, int debug); | 284 | ENGINE *setup_engine(BIO *err, const char *engine, int debug); |
| 279 | #endif | 285 | #endif |
| 280 | 286 | ||
| 287 | #ifndef OPENSSL_NO_OCSP | ||
| 288 | OCSP_RESPONSE *process_responder(BIO *err, OCSP_REQUEST *req, | ||
| 289 | char *host, char *path, char *port, int use_ssl, | ||
| 290 | int req_timeout); | ||
| 291 | #endif | ||
| 292 | |||
| 281 | int load_config(BIO *err, CONF *cnf); | 293 | int load_config(BIO *err, CONF *cnf); |
| 282 | char *make_config_name(void); | 294 | char *make_config_name(void); |
| 283 | 295 | ||
| 284 | /* Functions defined in ca.c and also used in ocsp.c */ | 296 | /* Functions defined in ca.c and also used in ocsp.c */ |
| 285 | int unpack_revinfo(ASN1_TIME **prevtm, int *preason, ASN1_OBJECT **phold, | 297 | int unpack_revinfo(ASN1_TIME **prevtm, int *preason, ASN1_OBJECT **phold, |
| 286 | ASN1_GENERALIZEDTIME **pinvtm, char *str); | 298 | ASN1_GENERALIZEDTIME **pinvtm, const char *str); |
| 287 | 299 | ||
| 288 | #define DB_type 0 | 300 | #define DB_type 0 |
| 289 | #define DB_exp_date 1 | 301 | #define DB_exp_date 1 |
| @@ -313,12 +325,16 @@ int rotate_serial(char *serialfile, char *new_suffix, char *old_suffix); | |||
| 313 | int rand_serial(BIGNUM *b, ASN1_INTEGER *ai); | 325 | int rand_serial(BIGNUM *b, ASN1_INTEGER *ai); |
| 314 | CA_DB *load_index(char *dbfile, DB_ATTR *dbattr); | 326 | CA_DB *load_index(char *dbfile, DB_ATTR *dbattr); |
| 315 | int index_index(CA_DB *db); | 327 | int index_index(CA_DB *db); |
| 316 | int save_index(char *dbfile, char *suffix, CA_DB *db); | 328 | int save_index(const char *dbfile, const char *suffix, CA_DB *db); |
| 317 | int rotate_index(char *dbfile, char *new_suffix, char *old_suffix); | 329 | int rotate_index(const char *dbfile, const char *new_suffix, const char *old_suffix); |
| 318 | void free_index(CA_DB *db); | 330 | void free_index(CA_DB *db); |
| 319 | int index_name_cmp(const char **a, const char **b); | 331 | int index_name_cmp(const char **a, const char **b); |
| 332 | int parse_yesno(const char *str, int def); | ||
| 320 | 333 | ||
| 321 | X509_NAME *do_subject(char *str, long chtype); | 334 | X509_NAME *parse_name(char *str, long chtype, int multirdn); |
| 335 | int args_verify(char ***pargs, int *pargc, | ||
| 336 | int *badarg, BIO *err, X509_VERIFY_PARAM **pm); | ||
| 337 | void policies_print(BIO *out, X509_STORE_CTX *ctx); | ||
| 322 | 338 | ||
| 323 | #define FORMAT_UNDEF 0 | 339 | #define FORMAT_UNDEF 0 |
| 324 | #define FORMAT_ASN1 1 | 340 | #define FORMAT_ASN1 1 |
diff --git a/src/lib/libssl/src/apps/asn1pars.c b/src/lib/libssl/src/apps/asn1pars.c index a6b6c41f13..b1a7c8e5db 100644 --- a/src/lib/libssl/src/apps/asn1pars.c +++ b/src/lib/libssl/src/apps/asn1pars.c | |||
| @@ -82,6 +82,8 @@ | |||
| 82 | 82 | ||
| 83 | int MAIN(int, char **); | 83 | int MAIN(int, char **); |
| 84 | 84 | ||
| 85 | static int do_generate(BIO *bio, char *genstr, char *genconf, BUF_MEM *buf); | ||
| 86 | |||
| 85 | int MAIN(int argc, char **argv) | 87 | int MAIN(int argc, char **argv) |
| 86 | { | 88 | { |
| 87 | int i,badops=0,offset=0,ret=1,j; | 89 | int i,badops=0,offset=0,ret=1,j; |
| @@ -90,7 +92,9 @@ int MAIN(int argc, char **argv) | |||
| 90 | BIO *in=NULL,*out=NULL,*b64=NULL, *derout = NULL; | 92 | BIO *in=NULL,*out=NULL,*b64=NULL, *derout = NULL; |
| 91 | int informat,indent=0, noout = 0, dump = 0; | 93 | int informat,indent=0, noout = 0, dump = 0; |
| 92 | char *infile=NULL,*str=NULL,*prog,*oidfile=NULL, *derfile=NULL; | 94 | char *infile=NULL,*str=NULL,*prog,*oidfile=NULL, *derfile=NULL; |
| 95 | char *genstr=NULL, *genconf=NULL; | ||
| 93 | unsigned char *tmpbuf; | 96 | unsigned char *tmpbuf; |
| 97 | const unsigned char *ctmpbuf; | ||
| 94 | BUF_MEM *buf=NULL; | 98 | BUF_MEM *buf=NULL; |
| 95 | STACK *osk=NULL; | 99 | STACK *osk=NULL; |
| 96 | ASN1_TYPE *at=NULL; | 100 | ASN1_TYPE *at=NULL; |
| @@ -167,6 +171,16 @@ int MAIN(int argc, char **argv) | |||
| 167 | if (--argc < 1) goto bad; | 171 | if (--argc < 1) goto bad; |
| 168 | sk_push(osk,*(++argv)); | 172 | sk_push(osk,*(++argv)); |
| 169 | } | 173 | } |
| 174 | else if (strcmp(*argv,"-genstr") == 0) | ||
| 175 | { | ||
| 176 | if (--argc < 1) goto bad; | ||
| 177 | genstr= *(++argv); | ||
| 178 | } | ||
| 179 | else if (strcmp(*argv,"-genconf") == 0) | ||
| 180 | { | ||
| 181 | if (--argc < 1) goto bad; | ||
| 182 | genconf= *(++argv); | ||
| 183 | } | ||
| 170 | else | 184 | else |
| 171 | { | 185 | { |
| 172 | BIO_printf(bio_err,"unknown option %s\n",*argv); | 186 | BIO_printf(bio_err,"unknown option %s\n",*argv); |
| @@ -195,6 +209,8 @@ bad: | |||
| 195 | BIO_printf(bio_err," -strparse offset\n"); | 209 | BIO_printf(bio_err," -strparse offset\n"); |
| 196 | BIO_printf(bio_err," a series of these can be used to 'dig' into multiple\n"); | 210 | BIO_printf(bio_err," a series of these can be used to 'dig' into multiple\n"); |
| 197 | BIO_printf(bio_err," ASN1 blob wrappings\n"); | 211 | BIO_printf(bio_err," ASN1 blob wrappings\n"); |
| 212 | BIO_printf(bio_err," -genstr str string to generate ASN1 structure from\n"); | ||
| 213 | BIO_printf(bio_err," -genconf file file to generate ASN1 structure from\n"); | ||
| 198 | goto end; | 214 | goto end; |
| 199 | } | 215 | } |
| 200 | 216 | ||
| @@ -248,25 +264,39 @@ bad: | |||
| 248 | if ((buf=BUF_MEM_new()) == NULL) goto end; | 264 | if ((buf=BUF_MEM_new()) == NULL) goto end; |
| 249 | if (!BUF_MEM_grow(buf,BUFSIZ*8)) goto end; /* Pre-allocate :-) */ | 265 | if (!BUF_MEM_grow(buf,BUFSIZ*8)) goto end; /* Pre-allocate :-) */ |
| 250 | 266 | ||
| 251 | if (informat == FORMAT_PEM) | 267 | if (genstr || genconf) |
| 252 | { | 268 | { |
| 253 | BIO *tmp; | 269 | num = do_generate(bio_err, genstr, genconf, buf); |
| 254 | 270 | if (num < 0) | |
| 255 | if ((b64=BIO_new(BIO_f_base64())) == NULL) | 271 | { |
| 272 | ERR_print_errors(bio_err); | ||
| 256 | goto end; | 273 | goto end; |
| 257 | BIO_push(b64,in); | 274 | } |
| 258 | tmp=in; | ||
| 259 | in=b64; | ||
| 260 | b64=tmp; | ||
| 261 | } | 275 | } |
| 262 | 276 | ||
| 263 | num=0; | 277 | else |
| 264 | for (;;) | ||
| 265 | { | 278 | { |
| 266 | if (!BUF_MEM_grow(buf,(int)num+BUFSIZ)) goto end; | 279 | |
| 267 | i=BIO_read(in,&(buf->data[num]),BUFSIZ); | 280 | if (informat == FORMAT_PEM) |
| 268 | if (i <= 0) break; | 281 | { |
| 269 | num+=i; | 282 | BIO *tmp; |
| 283 | |||
| 284 | if ((b64=BIO_new(BIO_f_base64())) == NULL) | ||
| 285 | goto end; | ||
| 286 | BIO_push(b64,in); | ||
| 287 | tmp=in; | ||
| 288 | in=b64; | ||
| 289 | b64=tmp; | ||
| 290 | } | ||
| 291 | |||
| 292 | num=0; | ||
| 293 | for (;;) | ||
| 294 | { | ||
| 295 | if (!BUF_MEM_grow(buf,(int)num+BUFSIZ)) goto end; | ||
| 296 | i=BIO_read(in,&(buf->data[num]),BUFSIZ); | ||
| 297 | if (i <= 0) break; | ||
| 298 | num+=i; | ||
| 299 | } | ||
| 270 | } | 300 | } |
| 271 | str=buf->data; | 301 | str=buf->data; |
| 272 | 302 | ||
| @@ -278,8 +308,8 @@ bad: | |||
| 278 | tmplen=num; | 308 | tmplen=num; |
| 279 | for (i=0; i<sk_num(osk); i++) | 309 | for (i=0; i<sk_num(osk); i++) |
| 280 | { | 310 | { |
| 281 | int typ; | ||
| 282 | ASN1_TYPE *atmp; | 311 | ASN1_TYPE *atmp; |
| 312 | int typ; | ||
| 283 | j=atoi(sk_value(osk,i)); | 313 | j=atoi(sk_value(osk,i)); |
| 284 | if (j == 0) | 314 | if (j == 0) |
| 285 | { | 315 | { |
| @@ -289,7 +319,8 @@ bad: | |||
| 289 | tmpbuf+=j; | 319 | tmpbuf+=j; |
| 290 | tmplen-=j; | 320 | tmplen-=j; |
| 291 | atmp = at; | 321 | atmp = at; |
| 292 | at = d2i_ASN1_TYPE(NULL,&tmpbuf,tmplen); | 322 | ctmpbuf = tmpbuf; |
| 323 | at = d2i_ASN1_TYPE(NULL,&ctmpbuf,tmplen); | ||
| 293 | ASN1_TYPE_free(atmp); | 324 | ASN1_TYPE_free(atmp); |
| 294 | if(!at) | 325 | if(!at) |
| 295 | { | 326 | { |
| @@ -353,3 +384,61 @@ end: | |||
| 353 | OPENSSL_EXIT(ret); | 384 | OPENSSL_EXIT(ret); |
| 354 | } | 385 | } |
| 355 | 386 | ||
| 387 | static int do_generate(BIO *bio, char *genstr, char *genconf, BUF_MEM *buf) | ||
| 388 | { | ||
| 389 | CONF *cnf = NULL; | ||
| 390 | int len; | ||
| 391 | long errline; | ||
| 392 | unsigned char *p; | ||
| 393 | ASN1_TYPE *atyp = NULL; | ||
| 394 | |||
| 395 | if (genconf) | ||
| 396 | { | ||
| 397 | cnf = NCONF_new(NULL); | ||
| 398 | if (!NCONF_load(cnf, genconf, &errline)) | ||
| 399 | goto conferr; | ||
| 400 | if (!genstr) | ||
| 401 | genstr = NCONF_get_string(cnf, "default", "asn1"); | ||
| 402 | if (!genstr) | ||
| 403 | { | ||
| 404 | BIO_printf(bio, "Can't find 'asn1' in '%s'\n", genconf); | ||
| 405 | goto err; | ||
| 406 | } | ||
| 407 | } | ||
| 408 | |||
| 409 | atyp = ASN1_generate_nconf(genstr, cnf); | ||
| 410 | NCONF_free(cnf); | ||
| 411 | |||
| 412 | if (!atyp) | ||
| 413 | return -1; | ||
| 414 | |||
| 415 | len = i2d_ASN1_TYPE(atyp, NULL); | ||
| 416 | |||
| 417 | if (len <= 0) | ||
| 418 | goto err; | ||
| 419 | |||
| 420 | if (!BUF_MEM_grow(buf,len)) | ||
| 421 | goto err; | ||
| 422 | |||
| 423 | p=(unsigned char *)buf->data; | ||
| 424 | |||
| 425 | i2d_ASN1_TYPE(atyp, &p); | ||
| 426 | |||
| 427 | ASN1_TYPE_free(atyp); | ||
| 428 | return len; | ||
| 429 | |||
| 430 | conferr: | ||
| 431 | |||
| 432 | if (errline > 0) | ||
| 433 | BIO_printf(bio, "Error on line %ld of config file '%s'\n", | ||
| 434 | errline, genconf); | ||
| 435 | else | ||
| 436 | BIO_printf(bio, "Error loading config file '%s'\n", genconf); | ||
| 437 | |||
| 438 | err: | ||
| 439 | NCONF_free(cnf); | ||
| 440 | ASN1_TYPE_free(atyp); | ||
| 441 | |||
| 442 | return -1; | ||
| 443 | |||
| 444 | } | ||
diff --git a/src/lib/libssl/src/apps/ca.c b/src/lib/libssl/src/apps/ca.c index c6cd4c9aa9..d74a8bcfcf 100644 --- a/src/lib/libssl/src/apps/ca.c +++ b/src/lib/libssl/src/apps/ca.c | |||
| @@ -83,7 +83,7 @@ | |||
| 83 | # else | 83 | # else |
| 84 | # include <unixlib.h> | 84 | # include <unixlib.h> |
| 85 | # endif | 85 | # endif |
| 86 | # elif !defined(OPENSSL_SYS_VXWORKS) && !defined(OPENSSL_SYS_WINDOWS) | 86 | # elif !defined(OPENSSL_SYS_VXWORKS) && !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_NETWARE) |
| 87 | # include <sys/file.h> | 87 | # include <sys/file.h> |
| 88 | # endif | 88 | # endif |
| 89 | #endif | 89 | #endif |
| @@ -105,6 +105,9 @@ | |||
| 105 | 105 | ||
| 106 | #define ENV_DEFAULT_CA "default_ca" | 106 | #define ENV_DEFAULT_CA "default_ca" |
| 107 | 107 | ||
| 108 | #define STRING_MASK "string_mask" | ||
| 109 | #define UTF8_IN "utf8" | ||
| 110 | |||
| 108 | #define ENV_DIR "dir" | 111 | #define ENV_DIR "dir" |
| 109 | #define ENV_CERTS "certs" | 112 | #define ENV_CERTS "certs" |
| 110 | #define ENV_CRL_DIR "crl_dir" | 113 | #define ENV_CRL_DIR "crl_dir" |
| @@ -131,6 +134,7 @@ | |||
| 131 | #define ENV_NAMEOPT "name_opt" | 134 | #define ENV_NAMEOPT "name_opt" |
| 132 | #define ENV_CERTOPT "cert_opt" | 135 | #define ENV_CERTOPT "cert_opt" |
| 133 | #define ENV_EXTCOPY "copy_extensions" | 136 | #define ENV_EXTCOPY "copy_extensions" |
| 137 | #define ENV_UNIQUE_SUBJECT "unique_subject" | ||
| 134 | 138 | ||
| 135 | #define ENV_DATABASE "database" | 139 | #define ENV_DATABASE "database" |
| 136 | 140 | ||
| @@ -142,7 +146,7 @@ | |||
| 142 | #define REV_KEY_COMPROMISE 3 /* Value is cert key compromise time */ | 146 | #define REV_KEY_COMPROMISE 3 /* Value is cert key compromise time */ |
| 143 | #define REV_CA_COMPROMISE 4 /* Value is CA key compromise time */ | 147 | #define REV_CA_COMPROMISE 4 /* Value is CA key compromise time */ |
| 144 | 148 | ||
| 145 | static char *ca_usage[]={ | 149 | static const char *ca_usage[]={ |
| 146 | "usage: ca args\n", | 150 | "usage: ca args\n", |
| 147 | "\n", | 151 | "\n", |
| 148 | " -verbose - Talk alot while doing things\n", | 152 | " -verbose - Talk alot while doing things\n", |
| @@ -160,6 +164,7 @@ static char *ca_usage[]={ | |||
| 160 | " -keyform arg - private key file format (PEM or ENGINE)\n", | 164 | " -keyform arg - private key file format (PEM or ENGINE)\n", |
| 161 | " -key arg - key to decode the private key if it is encrypted\n", | 165 | " -key arg - key to decode the private key if it is encrypted\n", |
| 162 | " -cert file - The CA certificate\n", | 166 | " -cert file - The CA certificate\n", |
| 167 | " -selfsign - sign a certificate with the key associated with it\n", | ||
| 163 | " -in file - The input PEM encoded certificate request(s)\n", | 168 | " -in file - The input PEM encoded certificate request(s)\n", |
| 164 | " -out file - Where to put the output file(s)\n", | 169 | " -out file - Where to put the output file(s)\n", |
| 165 | " -outdir dir - Where to put output certificates\n", | 170 | " -outdir dir - Where to put output certificates\n", |
| @@ -172,6 +177,8 @@ static char *ca_usage[]={ | |||
| 172 | " -msie_hack - msie modifications to handle all those universal strings\n", | 177 | " -msie_hack - msie modifications to handle all those universal strings\n", |
| 173 | " -revoke file - Revoke a certificate (given in file)\n", | 178 | " -revoke file - Revoke a certificate (given in file)\n", |
| 174 | " -subj arg - Use arg instead of request's subject\n", | 179 | " -subj arg - Use arg instead of request's subject\n", |
| 180 | " -utf8 - input characters are UTF8 (default ASCII)\n", | ||
| 181 | " -multivalue-rdn - enable support for multivalued RDNs\n", | ||
| 175 | " -extensions .. - Extension section (override value in config file)\n", | 182 | " -extensions .. - Extension section (override value in config file)\n", |
| 176 | " -extfile file - Configuration file with X509v3 extentions to add\n", | 183 | " -extfile file - Configuration file with X509v3 extentions to add\n", |
| 177 | " -crlexts .. - CRL extension section (override value in config file)\n", | 184 | " -crlexts .. - CRL extension section (override value in config file)\n", |
| @@ -189,40 +196,40 @@ extern int EF_PROTECT_BELOW; | |||
| 189 | extern int EF_ALIGNMENT; | 196 | extern int EF_ALIGNMENT; |
| 190 | #endif | 197 | #endif |
| 191 | 198 | ||
| 192 | static void lookup_fail(char *name,char *tag); | 199 | static void lookup_fail(const char *name, const char *tag); |
| 193 | static int certify(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509, | 200 | static int certify(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509, |
| 194 | const EVP_MD *dgst,STACK_OF(CONF_VALUE) *policy,CA_DB *db, | 201 | const EVP_MD *dgst,STACK_OF(CONF_VALUE) *policy,CA_DB *db, |
| 195 | BIGNUM *serial, char *subj, int email_dn, char *startdate, | 202 | BIGNUM *serial, char *subj,unsigned long chtype, int multirdn, int email_dn, char *startdate, |
| 196 | char *enddate, long days, int batch, char *ext_sect, CONF *conf, | 203 | char *enddate, long days, int batch, char *ext_sect, CONF *conf, |
| 197 | int verbose, unsigned long certopt, unsigned long nameopt, | 204 | int verbose, unsigned long certopt, unsigned long nameopt, |
| 198 | int default_op, int ext_copy); | 205 | int default_op, int ext_copy, int selfsign); |
| 199 | static int certify_cert(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509, | 206 | static int certify_cert(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509, |
| 200 | const EVP_MD *dgst,STACK_OF(CONF_VALUE) *policy, | 207 | const EVP_MD *dgst,STACK_OF(CONF_VALUE) *policy, |
| 201 | CA_DB *db, BIGNUM *serial, char *subj, int email_dn, | 208 | CA_DB *db, BIGNUM *serial, char *subj,unsigned long chtype, int multirdn, int email_dn, |
| 202 | char *startdate, char *enddate, long days, int batch, | 209 | char *startdate, char *enddate, long days, int batch, |
| 203 | char *ext_sect, CONF *conf,int verbose, unsigned long certopt, | 210 | char *ext_sect, CONF *conf,int verbose, unsigned long certopt, |
| 204 | unsigned long nameopt, int default_op, int ext_copy, | 211 | unsigned long nameopt, int default_op, int ext_copy, |
| 205 | ENGINE *e); | 212 | ENGINE *e); |
| 206 | static int certify_spkac(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509, | 213 | static int certify_spkac(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509, |
| 207 | const EVP_MD *dgst,STACK_OF(CONF_VALUE) *policy, | 214 | const EVP_MD *dgst,STACK_OF(CONF_VALUE) *policy, |
| 208 | CA_DB *db, BIGNUM *serial,char *subj, int email_dn, | 215 | CA_DB *db, BIGNUM *serial,char *subj,unsigned long chtype, int multirdn, int email_dn, |
| 209 | char *startdate, char *enddate, long days, char *ext_sect, | 216 | char *startdate, char *enddate, long days, char *ext_sect, |
| 210 | CONF *conf, int verbose, unsigned long certopt, | 217 | CONF *conf, int verbose, unsigned long certopt, |
| 211 | unsigned long nameopt, int default_op, int ext_copy); | 218 | unsigned long nameopt, int default_op, int ext_copy); |
| 212 | static int fix_data(int nid, int *type); | 219 | static int fix_data(int nid, int *type); |
| 213 | static void write_new_certificate(BIO *bp, X509 *x, int output_der, int notext); | 220 | static void write_new_certificate(BIO *bp, X509 *x, int output_der, int notext); |
| 214 | static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst, | 221 | static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst, |
| 215 | STACK_OF(CONF_VALUE) *policy, CA_DB *db, BIGNUM *serial,char *subj, | 222 | STACK_OF(CONF_VALUE) *policy, CA_DB *db, BIGNUM *serial,char *subj,unsigned long chtype, int multirdn, |
| 216 | int email_dn, char *startdate, char *enddate, long days, int batch, | 223 | int email_dn, char *startdate, char *enddate, long days, int batch, |
| 217 | int verbose, X509_REQ *req, char *ext_sect, CONF *conf, | 224 | int verbose, X509_REQ *req, char *ext_sect, CONF *conf, |
| 218 | unsigned long certopt, unsigned long nameopt, int default_op, | 225 | unsigned long certopt, unsigned long nameopt, int default_op, |
| 219 | int ext_copy); | 226 | int ext_copy, int selfsign); |
| 220 | static int do_revoke(X509 *x509, CA_DB *db, int ext, char *extval); | 227 | static int do_revoke(X509 *x509, CA_DB *db, int ext, char *extval); |
| 221 | static int get_certificate_status(const char *ser_status, CA_DB *db); | 228 | static int get_certificate_status(const char *ser_status, CA_DB *db); |
| 222 | static int do_updatedb(CA_DB *db); | 229 | static int do_updatedb(CA_DB *db); |
| 223 | static int check_time_format(char *str); | 230 | static int check_time_format(char *str); |
| 224 | char *make_revocation_str(int rev_type, char *rev_arg); | 231 | char *make_revocation_str(int rev_type, char *rev_arg); |
| 225 | int make_revoked(X509_REVOKED *rev, char *str); | 232 | int make_revoked(X509_REVOKED *rev, const char *str); |
| 226 | int old_entry_print(BIO *bp, ASN1_OBJECT *obj, ASN1_STRING *str); | 233 | int old_entry_print(BIO *bp, ASN1_OBJECT *obj, ASN1_STRING *str); |
| 227 | static CONF *conf=NULL; | 234 | static CONF *conf=NULL; |
| 228 | static CONF *extconf=NULL; | 235 | static CONF *extconf=NULL; |
| @@ -272,6 +279,8 @@ int MAIN(int argc, char **argv) | |||
| 272 | char *extensions=NULL; | 279 | char *extensions=NULL; |
| 273 | char *extfile=NULL; | 280 | char *extfile=NULL; |
| 274 | char *subj=NULL; | 281 | char *subj=NULL; |
| 282 | unsigned long chtype = MBSTRING_ASC; | ||
| 283 | int multirdn = 0; | ||
| 275 | char *tmp_email_dn=NULL; | 284 | char *tmp_email_dn=NULL; |
| 276 | char *crl_ext=NULL; | 285 | char *crl_ext=NULL; |
| 277 | int rev_type = REV_NONE; | 286 | int rev_type = REV_NONE; |
| @@ -286,7 +295,8 @@ int MAIN(int argc, char **argv) | |||
| 286 | unsigned long nameopt = 0, certopt = 0; | 295 | unsigned long nameopt = 0, certopt = 0; |
| 287 | int default_op = 1; | 296 | int default_op = 1; |
| 288 | int ext_copy = EXT_COPY_NONE; | 297 | int ext_copy = EXT_COPY_NONE; |
| 289 | X509 *x509=NULL; | 298 | int selfsign = 0; |
| 299 | X509 *x509=NULL, *x509p = NULL; | ||
| 290 | X509 *x=NULL; | 300 | X509 *x=NULL; |
| 291 | BIO *in=NULL,*out=NULL,*Sout=NULL,*Cout=NULL; | 301 | BIO *in=NULL,*out=NULL,*Sout=NULL,*Cout=NULL; |
| 292 | char *dbfile=NULL; | 302 | char *dbfile=NULL; |
| @@ -295,7 +305,8 @@ int MAIN(int argc, char **argv) | |||
| 295 | X509_REVOKED *r=NULL; | 305 | X509_REVOKED *r=NULL; |
| 296 | ASN1_TIME *tmptm; | 306 | ASN1_TIME *tmptm; |
| 297 | ASN1_INTEGER *tmpser; | 307 | ASN1_INTEGER *tmpser; |
| 298 | char **pp,*p,*f; | 308 | char *f; |
| 309 | const char *p, **pp; | ||
| 299 | int i,j; | 310 | int i,j; |
| 300 | const EVP_MD *dgst=NULL; | 311 | const EVP_MD *dgst=NULL; |
| 301 | STACK_OF(CONF_VALUE) *attribs=NULL; | 312 | STACK_OF(CONF_VALUE) *attribs=NULL; |
| @@ -350,6 +361,12 @@ EF_ALIGNMENT=0; | |||
| 350 | subj= *(++argv); | 361 | subj= *(++argv); |
| 351 | /* preserve=1; */ | 362 | /* preserve=1; */ |
| 352 | } | 363 | } |
| 364 | else if (strcmp(*argv,"-utf8") == 0) | ||
| 365 | chtype = MBSTRING_UTF8; | ||
| 366 | else if (strcmp(*argv,"-create_serial") == 0) | ||
| 367 | create_ser = 1; | ||
| 368 | else if (strcmp(*argv,"-multivalue-rdn") == 0) | ||
| 369 | multirdn=1; | ||
| 353 | else if (strcmp(*argv,"-startdate") == 0) | 370 | else if (strcmp(*argv,"-startdate") == 0) |
| 354 | { | 371 | { |
| 355 | if (--argc < 1) goto bad; | 372 | if (--argc < 1) goto bad; |
| @@ -400,6 +417,8 @@ EF_ALIGNMENT=0; | |||
| 400 | if (--argc < 1) goto bad; | 417 | if (--argc < 1) goto bad; |
| 401 | certfile= *(++argv); | 418 | certfile= *(++argv); |
| 402 | } | 419 | } |
| 420 | else if (strcmp(*argv,"-selfsign") == 0) | ||
| 421 | selfsign=1; | ||
| 403 | else if (strcmp(*argv,"-in") == 0) | 422 | else if (strcmp(*argv,"-in") == 0) |
| 404 | { | 423 | { |
| 405 | if (--argc < 1) goto bad; | 424 | if (--argc < 1) goto bad; |
| @@ -633,29 +652,31 @@ bad: | |||
| 633 | ERR_clear_error(); | 652 | ERR_clear_error(); |
| 634 | app_RAND_load_file(randfile, bio_err, 0); | 653 | app_RAND_load_file(randfile, bio_err, 0); |
| 635 | 654 | ||
| 655 | f = NCONF_get_string(conf, section, STRING_MASK); | ||
| 656 | if (!f) | ||
| 657 | ERR_clear_error(); | ||
| 658 | |||
| 659 | if(f && !ASN1_STRING_set_default_mask_asc(f)) { | ||
| 660 | BIO_printf(bio_err, "Invalid global string mask setting %s\n", f); | ||
| 661 | goto err; | ||
| 662 | } | ||
| 663 | |||
| 664 | if (chtype != MBSTRING_UTF8){ | ||
| 665 | f = NCONF_get_string(conf, section, UTF8_IN); | ||
| 666 | if (!f) | ||
| 667 | ERR_clear_error(); | ||
| 668 | else if (!strcmp(f, "yes")) | ||
| 669 | chtype = MBSTRING_UTF8; | ||
| 670 | } | ||
| 671 | |||
| 636 | db_attr.unique_subject = 1; | 672 | db_attr.unique_subject = 1; |
| 637 | p = NCONF_get_string(conf, section, "unique_subject"); | 673 | p = NCONF_get_string(conf, section, ENV_UNIQUE_SUBJECT); |
| 638 | if (p) | 674 | if (p) |
| 639 | { | 675 | { |
| 640 | #ifdef RL_DEBUG | 676 | #ifdef RL_DEBUG |
| 641 | BIO_printf(bio_err, "DEBUG: unique_subject = \"%s\"\n", p); | 677 | BIO_printf(bio_err, "DEBUG: unique_subject = \"%s\"\n", p); |
| 642 | #endif | 678 | #endif |
| 643 | switch(*p) | 679 | db_attr.unique_subject = parse_yesno(p,1); |
| 644 | { | ||
| 645 | case 'f': /* false */ | ||
| 646 | case 'F': /* FALSE */ | ||
| 647 | case 'n': /* no */ | ||
| 648 | case 'N': /* NO */ | ||
| 649 | db_attr.unique_subject = 0; | ||
| 650 | break; | ||
| 651 | case 't': /* true */ | ||
| 652 | case 'T': /* TRUE */ | ||
| 653 | case 'y': /* yes */ | ||
| 654 | case 'Y': /* YES */ | ||
| 655 | default: | ||
| 656 | db_attr.unique_subject = 1; | ||
| 657 | break; | ||
| 658 | } | ||
| 659 | } | 680 | } |
| 660 | else | 681 | else |
| 661 | ERR_clear_error(); | 682 | ERR_clear_error(); |
| @@ -699,7 +720,7 @@ bad: | |||
| 699 | } | 720 | } |
| 700 | 721 | ||
| 701 | /*****************************************************************/ | 722 | /*****************************************************************/ |
| 702 | /* we definitely need a public key, so let's get it */ | 723 | /* we definitely need a private key, so let's get it */ |
| 703 | 724 | ||
| 704 | if ((keyfile == NULL) && ((keyfile=NCONF_get_string(conf, | 725 | if ((keyfile == NULL) && ((keyfile=NCONF_get_string(conf, |
| 705 | section,ENV_PRIVATE_KEY)) == NULL)) | 726 | section,ENV_PRIVATE_KEY)) == NULL)) |
| @@ -727,22 +748,27 @@ bad: | |||
| 727 | 748 | ||
| 728 | /*****************************************************************/ | 749 | /*****************************************************************/ |
| 729 | /* we need a certificate */ | 750 | /* we need a certificate */ |
| 730 | if ((certfile == NULL) && ((certfile=NCONF_get_string(conf, | 751 | if (!selfsign || spkac_file || ss_cert_file || gencrl) |
| 731 | section,ENV_CERTIFICATE)) == NULL)) | ||
| 732 | { | 752 | { |
| 733 | lookup_fail(section,ENV_CERTIFICATE); | 753 | if ((certfile == NULL) |
| 734 | goto err; | 754 | && ((certfile=NCONF_get_string(conf, |
| 735 | } | 755 | section,ENV_CERTIFICATE)) == NULL)) |
| 736 | x509=load_cert(bio_err, certfile, FORMAT_PEM, NULL, e, | 756 | { |
| 737 | "CA certificate"); | 757 | lookup_fail(section,ENV_CERTIFICATE); |
| 738 | if (x509 == NULL) | 758 | goto err; |
| 739 | goto err; | 759 | } |
| 760 | x509=load_cert(bio_err, certfile, FORMAT_PEM, NULL, e, | ||
| 761 | "CA certificate"); | ||
| 762 | if (x509 == NULL) | ||
| 763 | goto err; | ||
| 740 | 764 | ||
| 741 | if (!X509_check_private_key(x509,pkey)) | 765 | if (!X509_check_private_key(x509,pkey)) |
| 742 | { | 766 | { |
| 743 | BIO_printf(bio_err,"CA certificate and CA private key do not match\n"); | 767 | BIO_printf(bio_err,"CA certificate and CA private key do not match\n"); |
| 744 | goto err; | 768 | goto err; |
| 769 | } | ||
| 745 | } | 770 | } |
| 771 | if (!selfsign) x509p = x509; | ||
| 746 | 772 | ||
| 747 | f=NCONF_get_string(conf,BASE_SECTION,ENV_PRESERVE); | 773 | f=NCONF_get_string(conf,BASE_SECTION,ENV_PRESERVE); |
| 748 | if (f == NULL) | 774 | if (f == NULL) |
| @@ -856,7 +882,7 @@ bad: | |||
| 856 | /* Lets check some fields */ | 882 | /* Lets check some fields */ |
| 857 | for (i=0; i<sk_num(db->db->data); i++) | 883 | for (i=0; i<sk_num(db->db->data); i++) |
| 858 | { | 884 | { |
| 859 | pp=(char **)sk_value(db->db->data,i); | 885 | pp=(const char **)sk_value(db->db->data,i); |
| 860 | if ((pp[DB_type][0] != DB_TYPE_REV) && | 886 | if ((pp[DB_type][0] != DB_TYPE_REV) && |
| 861 | (pp[DB_rev_date][0] != '\0')) | 887 | (pp[DB_rev_date][0] != '\0')) |
| 862 | { | 888 | { |
| @@ -869,7 +895,7 @@ bad: | |||
| 869 | BIO_printf(bio_err," in entry %d\n", i+1); | 895 | BIO_printf(bio_err," in entry %d\n", i+1); |
| 870 | goto err; | 896 | goto err; |
| 871 | } | 897 | } |
| 872 | if (!check_time_format(pp[DB_exp_date])) | 898 | if (!check_time_format((char *)pp[DB_exp_date])) |
| 873 | { | 899 | { |
| 874 | BIO_printf(bio_err,"entry %d: invalid expiry date\n",i+1); | 900 | BIO_printf(bio_err,"entry %d: invalid expiry date\n",i+1); |
| 875 | goto err; | 901 | goto err; |
| @@ -1132,7 +1158,7 @@ bad: | |||
| 1132 | { | 1158 | { |
| 1133 | total++; | 1159 | total++; |
| 1134 | j=certify_spkac(&x,spkac_file,pkey,x509,dgst,attribs,db, | 1160 | j=certify_spkac(&x,spkac_file,pkey,x509,dgst,attribs,db, |
| 1135 | serial,subj,email_dn,startdate,enddate,days,extensions, | 1161 | serial,subj,chtype,multirdn,email_dn,startdate,enddate,days,extensions, |
| 1136 | conf,verbose,certopt,nameopt,default_op,ext_copy); | 1162 | conf,verbose,certopt,nameopt,default_op,ext_copy); |
| 1137 | if (j < 0) goto err; | 1163 | if (j < 0) goto err; |
| 1138 | if (j > 0) | 1164 | if (j > 0) |
| @@ -1156,7 +1182,7 @@ bad: | |||
| 1156 | { | 1182 | { |
| 1157 | total++; | 1183 | total++; |
| 1158 | j=certify_cert(&x,ss_cert_file,pkey,x509,dgst,attribs, | 1184 | j=certify_cert(&x,ss_cert_file,pkey,x509,dgst,attribs, |
| 1159 | db,serial,subj,email_dn,startdate,enddate,days,batch, | 1185 | db,serial,subj,chtype,multirdn,email_dn,startdate,enddate,days,batch, |
| 1160 | extensions,conf,verbose, certopt, nameopt, | 1186 | extensions,conf,verbose, certopt, nameopt, |
| 1161 | default_op, ext_copy, e); | 1187 | default_op, ext_copy, e); |
| 1162 | if (j < 0) goto err; | 1188 | if (j < 0) goto err; |
| @@ -1175,10 +1201,10 @@ bad: | |||
| 1175 | if (infile != NULL) | 1201 | if (infile != NULL) |
| 1176 | { | 1202 | { |
| 1177 | total++; | 1203 | total++; |
| 1178 | j=certify(&x,infile,pkey,x509,dgst,attribs,db, | 1204 | j=certify(&x,infile,pkey,x509p,dgst,attribs,db, |
| 1179 | serial,subj,email_dn,startdate,enddate,days,batch, | 1205 | serial,subj,chtype,multirdn,email_dn,startdate,enddate,days,batch, |
| 1180 | extensions,conf,verbose, certopt, nameopt, | 1206 | extensions,conf,verbose, certopt, nameopt, |
| 1181 | default_op, ext_copy); | 1207 | default_op, ext_copy, selfsign); |
| 1182 | if (j < 0) goto err; | 1208 | if (j < 0) goto err; |
| 1183 | if (j > 0) | 1209 | if (j > 0) |
| 1184 | { | 1210 | { |
| @@ -1195,10 +1221,10 @@ bad: | |||
| 1195 | for (i=0; i<argc; i++) | 1221 | for (i=0; i<argc; i++) |
| 1196 | { | 1222 | { |
| 1197 | total++; | 1223 | total++; |
| 1198 | j=certify(&x,argv[i],pkey,x509,dgst,attribs,db, | 1224 | j=certify(&x,argv[i],pkey,x509p,dgst,attribs,db, |
| 1199 | serial,subj,email_dn,startdate,enddate,days,batch, | 1225 | serial,subj,chtype,multirdn,email_dn,startdate,enddate,days,batch, |
| 1200 | extensions,conf,verbose, certopt, nameopt, | 1226 | extensions,conf,verbose, certopt, nameopt, |
| 1201 | default_op, ext_copy); | 1227 | default_op, ext_copy, selfsign); |
| 1202 | if (j < 0) goto err; | 1228 | if (j < 0) goto err; |
| 1203 | if (j > 0) | 1229 | if (j > 0) |
| 1204 | { | 1230 | { |
| @@ -1249,7 +1275,7 @@ bad: | |||
| 1249 | x=sk_X509_value(cert_sk,i); | 1275 | x=sk_X509_value(cert_sk,i); |
| 1250 | 1276 | ||
| 1251 | j=x->cert_info->serialNumber->length; | 1277 | j=x->cert_info->serialNumber->length; |
| 1252 | p=(char *)x->cert_info->serialNumber->data; | 1278 | p=(const char *)x->cert_info->serialNumber->data; |
| 1253 | 1279 | ||
| 1254 | if(strlen(outdir) >= (size_t)(j ? BSIZE-j*2-6 : BSIZE-8)) | 1280 | if(strlen(outdir) >= (size_t)(j ? BSIZE-j*2-6 : BSIZE-8)) |
| 1255 | { | 1281 | { |
| @@ -1370,7 +1396,7 @@ bad: | |||
| 1370 | 1396 | ||
| 1371 | for (i=0; i<sk_num(db->db->data); i++) | 1397 | for (i=0; i<sk_num(db->db->data); i++) |
| 1372 | { | 1398 | { |
| 1373 | pp=(char **)sk_value(db->db->data,i); | 1399 | pp=(const char **)sk_value(db->db->data,i); |
| 1374 | if (pp[DB_type][0] == DB_TYPE_REV) | 1400 | if (pp[DB_type][0] == DB_TYPE_REV) |
| 1375 | { | 1401 | { |
| 1376 | if ((r=X509_REVOKED_new()) == NULL) goto err; | 1402 | if ((r=X509_REVOKED_new()) == NULL) goto err; |
| @@ -1399,6 +1425,11 @@ bad: | |||
| 1399 | #ifndef OPENSSL_NO_DSA | 1425 | #ifndef OPENSSL_NO_DSA |
| 1400 | if (pkey->type == EVP_PKEY_DSA) | 1426 | if (pkey->type == EVP_PKEY_DSA) |
| 1401 | dgst=EVP_dss1(); | 1427 | dgst=EVP_dss1(); |
| 1428 | else | ||
| 1429 | #endif | ||
| 1430 | #ifndef OPENSSL_NO_ECDSA | ||
| 1431 | if (pkey->type == EVP_PKEY_EC) | ||
| 1432 | dgst=EVP_ecdsa(); | ||
| 1402 | #endif | 1433 | #endif |
| 1403 | 1434 | ||
| 1404 | /* Add any extensions asked for */ | 1435 | /* Add any extensions asked for */ |
| @@ -1486,25 +1517,26 @@ err: | |||
| 1486 | BN_free(serial); | 1517 | BN_free(serial); |
| 1487 | free_index(db); | 1518 | free_index(db); |
| 1488 | EVP_PKEY_free(pkey); | 1519 | EVP_PKEY_free(pkey); |
| 1489 | X509_free(x509); | 1520 | if (x509) X509_free(x509); |
| 1490 | X509_CRL_free(crl); | 1521 | X509_CRL_free(crl); |
| 1491 | NCONF_free(conf); | 1522 | NCONF_free(conf); |
| 1523 | NCONF_free(extconf); | ||
| 1492 | OBJ_cleanup(); | 1524 | OBJ_cleanup(); |
| 1493 | apps_shutdown(); | 1525 | apps_shutdown(); |
| 1494 | OPENSSL_EXIT(ret); | 1526 | OPENSSL_EXIT(ret); |
| 1495 | } | 1527 | } |
| 1496 | 1528 | ||
| 1497 | static void lookup_fail(char *name, char *tag) | 1529 | static void lookup_fail(const char *name, const char *tag) |
| 1498 | { | 1530 | { |
| 1499 | BIO_printf(bio_err,"variable lookup failed for %s::%s\n",name,tag); | 1531 | BIO_printf(bio_err,"variable lookup failed for %s::%s\n",name,tag); |
| 1500 | } | 1532 | } |
| 1501 | 1533 | ||
| 1502 | static int certify(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509, | 1534 | static int certify(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509, |
| 1503 | const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy, CA_DB *db, | 1535 | const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy, CA_DB *db, |
| 1504 | BIGNUM *serial, char *subj, int email_dn, char *startdate, char *enddate, | 1536 | BIGNUM *serial, char *subj,unsigned long chtype, int multirdn, int email_dn, char *startdate, char *enddate, |
| 1505 | long days, int batch, char *ext_sect, CONF *lconf, int verbose, | 1537 | long days, int batch, char *ext_sect, CONF *lconf, int verbose, |
| 1506 | unsigned long certopt, unsigned long nameopt, int default_op, | 1538 | unsigned long certopt, unsigned long nameopt, int default_op, |
| 1507 | int ext_copy) | 1539 | int ext_copy, int selfsign) |
| 1508 | { | 1540 | { |
| 1509 | X509_REQ *req=NULL; | 1541 | X509_REQ *req=NULL; |
| 1510 | BIO *in=NULL; | 1542 | BIO *in=NULL; |
| @@ -1529,6 +1561,12 @@ static int certify(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509, | |||
| 1529 | 1561 | ||
| 1530 | BIO_printf(bio_err,"Check that the request matches the signature\n"); | 1562 | BIO_printf(bio_err,"Check that the request matches the signature\n"); |
| 1531 | 1563 | ||
| 1564 | if (selfsign && !X509_REQ_check_private_key(req,pkey)) | ||
| 1565 | { | ||
| 1566 | BIO_printf(bio_err,"Certificate request and CA private key do not match\n"); | ||
| 1567 | ok=0; | ||
| 1568 | goto err; | ||
| 1569 | } | ||
| 1532 | if ((pktmp=X509_REQ_get_pubkey(req)) == NULL) | 1570 | if ((pktmp=X509_REQ_get_pubkey(req)) == NULL) |
| 1533 | { | 1571 | { |
| 1534 | BIO_printf(bio_err,"error unpacking public key\n"); | 1572 | BIO_printf(bio_err,"error unpacking public key\n"); |
| @@ -1551,9 +1589,9 @@ static int certify(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509, | |||
| 1551 | else | 1589 | else |
| 1552 | BIO_printf(bio_err,"Signature ok\n"); | 1590 | BIO_printf(bio_err,"Signature ok\n"); |
| 1553 | 1591 | ||
| 1554 | ok=do_body(xret,pkey,x509,dgst,policy,db,serial,subj, email_dn, | 1592 | ok=do_body(xret,pkey,x509,dgst,policy,db,serial,subj,chtype,multirdn, email_dn, |
| 1555 | startdate,enddate,days,batch,verbose,req,ext_sect,lconf, | 1593 | startdate,enddate,days,batch,verbose,req,ext_sect,lconf, |
| 1556 | certopt, nameopt, default_op, ext_copy); | 1594 | certopt, nameopt, default_op, ext_copy, selfsign); |
| 1557 | 1595 | ||
| 1558 | err: | 1596 | err: |
| 1559 | if (req != NULL) X509_REQ_free(req); | 1597 | if (req != NULL) X509_REQ_free(req); |
| @@ -1563,7 +1601,7 @@ err: | |||
| 1563 | 1601 | ||
| 1564 | static int certify_cert(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509, | 1602 | static int certify_cert(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509, |
| 1565 | const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy, CA_DB *db, | 1603 | const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy, CA_DB *db, |
| 1566 | BIGNUM *serial, char *subj, int email_dn, char *startdate, char *enddate, | 1604 | BIGNUM *serial, char *subj, unsigned long chtype, int multirdn, int email_dn, char *startdate, char *enddate, |
| 1567 | long days, int batch, char *ext_sect, CONF *lconf, int verbose, | 1605 | long days, int batch, char *ext_sect, CONF *lconf, int verbose, |
| 1568 | unsigned long certopt, unsigned long nameopt, int default_op, | 1606 | unsigned long certopt, unsigned long nameopt, int default_op, |
| 1569 | int ext_copy, ENGINE *e) | 1607 | int ext_copy, ENGINE *e) |
| @@ -1605,9 +1643,9 @@ static int certify_cert(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509, | |||
| 1605 | if ((rreq=X509_to_X509_REQ(req,NULL,EVP_md5())) == NULL) | 1643 | if ((rreq=X509_to_X509_REQ(req,NULL,EVP_md5())) == NULL) |
| 1606 | goto err; | 1644 | goto err; |
| 1607 | 1645 | ||
| 1608 | ok=do_body(xret,pkey,x509,dgst,policy,db,serial,subj,email_dn,startdate,enddate, | 1646 | ok=do_body(xret,pkey,x509,dgst,policy,db,serial,subj,chtype,multirdn,email_dn,startdate,enddate, |
| 1609 | days,batch,verbose,rreq,ext_sect,lconf, certopt, nameopt, default_op, | 1647 | days,batch,verbose,rreq,ext_sect,lconf, certopt, nameopt, default_op, |
| 1610 | ext_copy); | 1648 | ext_copy, 0); |
| 1611 | 1649 | ||
| 1612 | err: | 1650 | err: |
| 1613 | if (rreq != NULL) X509_REQ_free(rreq); | 1651 | if (rreq != NULL) X509_REQ_free(rreq); |
| @@ -1617,10 +1655,11 @@ err: | |||
| 1617 | 1655 | ||
| 1618 | static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst, | 1656 | static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst, |
| 1619 | STACK_OF(CONF_VALUE) *policy, CA_DB *db, BIGNUM *serial, char *subj, | 1657 | STACK_OF(CONF_VALUE) *policy, CA_DB *db, BIGNUM *serial, char *subj, |
| 1658 | unsigned long chtype, int multirdn, | ||
| 1620 | int email_dn, char *startdate, char *enddate, long days, int batch, | 1659 | int email_dn, char *startdate, char *enddate, long days, int batch, |
| 1621 | int verbose, X509_REQ *req, char *ext_sect, CONF *lconf, | 1660 | int verbose, X509_REQ *req, char *ext_sect, CONF *lconf, |
| 1622 | unsigned long certopt, unsigned long nameopt, int default_op, | 1661 | unsigned long certopt, unsigned long nameopt, int default_op, |
| 1623 | int ext_copy) | 1662 | int ext_copy, int selfsign) |
| 1624 | { | 1663 | { |
| 1625 | X509_NAME *name=NULL,*CAname=NULL,*subject=NULL, *dn_subject=NULL; | 1664 | X509_NAME *name=NULL,*CAname=NULL,*subject=NULL, *dn_subject=NULL; |
| 1626 | ASN1_UTCTIME *tm,*tmptm; | 1665 | ASN1_UTCTIME *tm,*tmptm; |
| @@ -1632,7 +1671,7 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst, | |||
| 1632 | X509_NAME_ENTRY *tne,*push; | 1671 | X509_NAME_ENTRY *tne,*push; |
| 1633 | EVP_PKEY *pktmp; | 1672 | EVP_PKEY *pktmp; |
| 1634 | int ok= -1,i,j,last,nid; | 1673 | int ok= -1,i,j,last,nid; |
| 1635 | char *p; | 1674 | const char *p; |
| 1636 | CONF_VALUE *cv; | 1675 | CONF_VALUE *cv; |
| 1637 | char *row[DB_NUMBER],**rrow=NULL,**irow=NULL; | 1676 | char *row[DB_NUMBER],**rrow=NULL,**irow=NULL; |
| 1638 | char buf[25]; | 1677 | char buf[25]; |
| @@ -1649,7 +1688,7 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst, | |||
| 1649 | 1688 | ||
| 1650 | if (subj) | 1689 | if (subj) |
| 1651 | { | 1690 | { |
| 1652 | X509_NAME *n = do_subject(subj, MBSTRING_ASC); | 1691 | X509_NAME *n = parse_name(subj, chtype, multirdn); |
| 1653 | 1692 | ||
| 1654 | if (!n) | 1693 | if (!n) |
| 1655 | { | 1694 | { |
| @@ -1724,7 +1763,10 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst, | |||
| 1724 | } | 1763 | } |
| 1725 | 1764 | ||
| 1726 | /* take a copy of the issuer name before we mess with it. */ | 1765 | /* take a copy of the issuer name before we mess with it. */ |
| 1727 | CAname=X509_NAME_dup(x509->cert_info->subject); | 1766 | if (selfsign) |
| 1767 | CAname=X509_NAME_dup(name); | ||
| 1768 | else | ||
| 1769 | CAname=X509_NAME_dup(x509->cert_info->subject); | ||
| 1728 | if (CAname == NULL) goto err; | 1770 | if (CAname == NULL) goto err; |
| 1729 | str=str2=NULL; | 1771 | str=str2=NULL; |
| 1730 | 1772 | ||
| @@ -1936,8 +1978,16 @@ again2: | |||
| 1936 | 1978 | ||
| 1937 | if (BN_to_ASN1_INTEGER(serial,ci->serialNumber) == NULL) | 1979 | if (BN_to_ASN1_INTEGER(serial,ci->serialNumber) == NULL) |
| 1938 | goto err; | 1980 | goto err; |
| 1939 | if (!X509_set_issuer_name(ret,X509_get_subject_name(x509))) | 1981 | if (selfsign) |
| 1940 | goto err; | 1982 | { |
| 1983 | if (!X509_set_issuer_name(ret,subject)) | ||
| 1984 | goto err; | ||
| 1985 | } | ||
| 1986 | else | ||
| 1987 | { | ||
| 1988 | if (!X509_set_issuer_name(ret,X509_get_subject_name(x509))) | ||
| 1989 | goto err; | ||
| 1990 | } | ||
| 1941 | 1991 | ||
| 1942 | if (strcmp(startdate,"today") == 0) | 1992 | if (strcmp(startdate,"today") == 0) |
| 1943 | X509_gmtime_adj(X509_get_notBefore(ret),0); | 1993 | X509_gmtime_adj(X509_get_notBefore(ret),0); |
| @@ -1972,7 +2022,10 @@ again2: | |||
| 1972 | ci->extensions = NULL; | 2022 | ci->extensions = NULL; |
| 1973 | 2023 | ||
| 1974 | /* Initialize the context structure */ | 2024 | /* Initialize the context structure */ |
| 1975 | X509V3_set_ctx(&ctx, x509, ret, req, NULL, 0); | 2025 | if (selfsign) |
| 2026 | X509V3_set_ctx(&ctx, ret, ret, req, NULL, 0); | ||
| 2027 | else | ||
| 2028 | X509V3_set_ctx(&ctx, x509, ret, req, NULL, 0); | ||
| 1976 | 2029 | ||
| 1977 | if (extconf) | 2030 | if (extconf) |
| 1978 | { | 2031 | { |
| @@ -2039,7 +2092,7 @@ again2: | |||
| 2039 | 2092 | ||
| 2040 | BIO_printf(bio_err,"Certificate is to be certified until "); | 2093 | BIO_printf(bio_err,"Certificate is to be certified until "); |
| 2041 | ASN1_UTCTIME_print(bio_err,X509_get_notAfter(ret)); | 2094 | ASN1_UTCTIME_print(bio_err,X509_get_notAfter(ret)); |
| 2042 | if (days) BIO_printf(bio_err," (%d days)",days); | 2095 | if (days) BIO_printf(bio_err," (%ld days)",days); |
| 2043 | BIO_printf(bio_err, "\n"); | 2096 | BIO_printf(bio_err, "\n"); |
| 2044 | 2097 | ||
| 2045 | if (!batch) | 2098 | if (!batch) |
| @@ -2066,6 +2119,16 @@ again2: | |||
| 2066 | EVP_PKEY_copy_parameters(pktmp,pkey); | 2119 | EVP_PKEY_copy_parameters(pktmp,pkey); |
| 2067 | EVP_PKEY_free(pktmp); | 2120 | EVP_PKEY_free(pktmp); |
| 2068 | #endif | 2121 | #endif |
| 2122 | #ifndef OPENSSL_NO_ECDSA | ||
| 2123 | if (pkey->type == EVP_PKEY_EC) | ||
| 2124 | dgst = EVP_ecdsa(); | ||
| 2125 | pktmp = X509_get_pubkey(ret); | ||
| 2126 | if (EVP_PKEY_missing_parameters(pktmp) && | ||
| 2127 | !EVP_PKEY_missing_parameters(pkey)) | ||
| 2128 | EVP_PKEY_copy_parameters(pktmp, pkey); | ||
| 2129 | EVP_PKEY_free(pktmp); | ||
| 2130 | #endif | ||
| 2131 | |||
| 2069 | 2132 | ||
| 2070 | if (!X509_sign(ret,pkey,dgst)) | 2133 | if (!X509_sign(ret,pkey,dgst)) |
| 2071 | goto err; | 2134 | goto err; |
| @@ -2162,7 +2225,7 @@ static void write_new_certificate(BIO *bp, X509 *x, int output_der, int notext) | |||
| 2162 | 2225 | ||
| 2163 | static int certify_spkac(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509, | 2226 | static int certify_spkac(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509, |
| 2164 | const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy, CA_DB *db, | 2227 | const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy, CA_DB *db, |
| 2165 | BIGNUM *serial, char *subj, int email_dn, char *startdate, char *enddate, | 2228 | BIGNUM *serial, char *subj,unsigned long chtype, int multirdn, int email_dn, char *startdate, char *enddate, |
| 2166 | long days, char *ext_sect, CONF *lconf, int verbose, unsigned long certopt, | 2229 | long days, char *ext_sect, CONF *lconf, int verbose, unsigned long certopt, |
| 2167 | unsigned long nameopt, int default_op, int ext_copy) | 2230 | unsigned long nameopt, int default_op, int ext_copy) |
| 2168 | { | 2231 | { |
| @@ -2303,9 +2366,9 @@ static int certify_spkac(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509, | |||
| 2303 | 2366 | ||
| 2304 | X509_REQ_set_pubkey(req,pktmp); | 2367 | X509_REQ_set_pubkey(req,pktmp); |
| 2305 | EVP_PKEY_free(pktmp); | 2368 | EVP_PKEY_free(pktmp); |
| 2306 | ok=do_body(xret,pkey,x509,dgst,policy,db,serial,subj,email_dn,startdate,enddate, | 2369 | ok=do_body(xret,pkey,x509,dgst,policy,db,serial,subj,chtype,multirdn,email_dn,startdate,enddate, |
| 2307 | days,1,verbose,req,ext_sect,lconf, certopt, nameopt, default_op, | 2370 | days,1,verbose,req,ext_sect,lconf, certopt, nameopt, default_op, |
| 2308 | ext_copy); | 2371 | ext_copy, 0); |
| 2309 | err: | 2372 | err: |
| 2310 | if (req != NULL) X509_REQ_free(req); | 2373 | if (req != NULL) X509_REQ_free(req); |
| 2311 | if (parms != NULL) CONF_free(parms); | 2374 | if (parms != NULL) CONF_free(parms); |
| @@ -2616,7 +2679,7 @@ err: | |||
| 2616 | return (cnt); | 2679 | return (cnt); |
| 2617 | } | 2680 | } |
| 2618 | 2681 | ||
| 2619 | static char *crl_reasons[] = { | 2682 | static const char *crl_reasons[] = { |
| 2620 | /* CRL reason strings */ | 2683 | /* CRL reason strings */ |
| 2621 | "unspecified", | 2684 | "unspecified", |
| 2622 | "keyCompromise", | 2685 | "keyCompromise", |
| @@ -2644,7 +2707,8 @@ static char *crl_reasons[] = { | |||
| 2644 | 2707 | ||
| 2645 | char *make_revocation_str(int rev_type, char *rev_arg) | 2708 | char *make_revocation_str(int rev_type, char *rev_arg) |
| 2646 | { | 2709 | { |
| 2647 | char *reason = NULL, *other = NULL, *str; | 2710 | char *other = NULL, *str; |
| 2711 | const char *reason = NULL; | ||
| 2648 | ASN1_OBJECT *otmp; | 2712 | ASN1_OBJECT *otmp; |
| 2649 | ASN1_UTCTIME *revtm = NULL; | 2713 | ASN1_UTCTIME *revtm = NULL; |
| 2650 | int i; | 2714 | int i; |
| @@ -2738,7 +2802,7 @@ char *make_revocation_str(int rev_type, char *rev_arg) | |||
| 2738 | */ | 2802 | */ |
| 2739 | 2803 | ||
| 2740 | 2804 | ||
| 2741 | int make_revoked(X509_REVOKED *rev, char *str) | 2805 | int make_revoked(X509_REVOKED *rev, const char *str) |
| 2742 | { | 2806 | { |
| 2743 | char *tmp = NULL; | 2807 | char *tmp = NULL; |
| 2744 | int reason_code = -1; | 2808 | int reason_code = -1; |
| @@ -2792,129 +2856,6 @@ int make_revoked(X509_REVOKED *rev, char *str) | |||
| 2792 | return ret; | 2856 | return ret; |
| 2793 | } | 2857 | } |
| 2794 | 2858 | ||
| 2795 | /* | ||
| 2796 | * subject is expected to be in the format /type0=value0/type1=value1/type2=... | ||
| 2797 | * where characters may be escaped by \ | ||
| 2798 | */ | ||
| 2799 | X509_NAME *do_subject(char *subject, long chtype) | ||
| 2800 | { | ||
| 2801 | size_t buflen = strlen(subject)+1; /* to copy the types and values into. due to escaping, the copy can only become shorter */ | ||
| 2802 | char *buf = OPENSSL_malloc(buflen); | ||
| 2803 | size_t max_ne = buflen / 2 + 1; /* maximum number of name elements */ | ||
| 2804 | char **ne_types = OPENSSL_malloc(max_ne * sizeof (char *)); | ||
| 2805 | char **ne_values = OPENSSL_malloc(max_ne * sizeof (char *)); | ||
| 2806 | |||
| 2807 | char *sp = subject, *bp = buf; | ||
| 2808 | int i, ne_num = 0; | ||
| 2809 | |||
| 2810 | X509_NAME *n = NULL; | ||
| 2811 | int nid; | ||
| 2812 | |||
| 2813 | if (!buf || !ne_types || !ne_values) | ||
| 2814 | { | ||
| 2815 | BIO_printf(bio_err, "malloc error\n"); | ||
| 2816 | goto error; | ||
| 2817 | } | ||
| 2818 | |||
| 2819 | if (*subject != '/') | ||
| 2820 | { | ||
| 2821 | BIO_printf(bio_err, "Subject does not start with '/'.\n"); | ||
| 2822 | goto error; | ||
| 2823 | } | ||
| 2824 | sp++; /* skip leading / */ | ||
| 2825 | |||
| 2826 | while (*sp) | ||
| 2827 | { | ||
| 2828 | /* collect type */ | ||
| 2829 | ne_types[ne_num] = bp; | ||
| 2830 | while (*sp) | ||
| 2831 | { | ||
| 2832 | if (*sp == '\\') /* is there anything to escape in the type...? */ | ||
| 2833 | { | ||
| 2834 | if (*++sp) | ||
| 2835 | *bp++ = *sp++; | ||
| 2836 | else | ||
| 2837 | { | ||
| 2838 | BIO_printf(bio_err, "escape character at end of string\n"); | ||
| 2839 | goto error; | ||
| 2840 | } | ||
| 2841 | } | ||
| 2842 | else if (*sp == '=') | ||
| 2843 | { | ||
| 2844 | sp++; | ||
| 2845 | *bp++ = '\0'; | ||
| 2846 | break; | ||
| 2847 | } | ||
| 2848 | else | ||
| 2849 | *bp++ = *sp++; | ||
| 2850 | } | ||
| 2851 | if (!*sp) | ||
| 2852 | { | ||
| 2853 | BIO_printf(bio_err, "end of string encountered while processing type of subject name element #%d\n", ne_num); | ||
| 2854 | goto error; | ||
| 2855 | } | ||
| 2856 | ne_values[ne_num] = bp; | ||
| 2857 | while (*sp) | ||
| 2858 | { | ||
| 2859 | if (*sp == '\\') | ||
| 2860 | { | ||
| 2861 | if (*++sp) | ||
| 2862 | *bp++ = *sp++; | ||
| 2863 | else | ||
| 2864 | { | ||
| 2865 | BIO_printf(bio_err, "escape character at end of string\n"); | ||
| 2866 | goto error; | ||
| 2867 | } | ||
| 2868 | } | ||
| 2869 | else if (*sp == '/') | ||
| 2870 | { | ||
| 2871 | sp++; | ||
| 2872 | break; | ||
| 2873 | } | ||
| 2874 | else | ||
| 2875 | *bp++ = *sp++; | ||
| 2876 | } | ||
| 2877 | *bp++ = '\0'; | ||
| 2878 | ne_num++; | ||
| 2879 | } | ||
| 2880 | |||
| 2881 | if (!(n = X509_NAME_new())) | ||
| 2882 | goto error; | ||
| 2883 | |||
| 2884 | for (i = 0; i < ne_num; i++) | ||
| 2885 | { | ||
| 2886 | if ((nid=OBJ_txt2nid(ne_types[i])) == NID_undef) | ||
| 2887 | { | ||
| 2888 | BIO_printf(bio_err, "Subject Attribute %s has no known NID, skipped\n", ne_types[i]); | ||
| 2889 | continue; | ||
| 2890 | } | ||
| 2891 | |||
| 2892 | if (!*ne_values[i]) | ||
| 2893 | { | ||
| 2894 | BIO_printf(bio_err, "No value provided for Subject Attribute %s, skipped\n", ne_types[i]); | ||
| 2895 | continue; | ||
| 2896 | } | ||
| 2897 | |||
| 2898 | if (!X509_NAME_add_entry_by_NID(n, nid, chtype, (unsigned char*)ne_values[i], -1,-1,0)) | ||
| 2899 | goto error; | ||
| 2900 | } | ||
| 2901 | |||
| 2902 | OPENSSL_free(ne_values); | ||
| 2903 | OPENSSL_free(ne_types); | ||
| 2904 | OPENSSL_free(buf); | ||
| 2905 | return n; | ||
| 2906 | |||
| 2907 | error: | ||
| 2908 | X509_NAME_free(n); | ||
| 2909 | if (ne_values) | ||
| 2910 | OPENSSL_free(ne_values); | ||
| 2911 | if (ne_types) | ||
| 2912 | OPENSSL_free(ne_types); | ||
| 2913 | if (buf) | ||
| 2914 | OPENSSL_free(buf); | ||
| 2915 | return NULL; | ||
| 2916 | } | ||
| 2917 | |||
| 2918 | int old_entry_print(BIO *bp, ASN1_OBJECT *obj, ASN1_STRING *str) | 2859 | int old_entry_print(BIO *bp, ASN1_OBJECT *obj, ASN1_STRING *str) |
| 2919 | { | 2860 | { |
| 2920 | char buf[25],*pbuf, *p; | 2861 | char buf[25],*pbuf, *p; |
| @@ -2941,25 +2882,35 @@ int old_entry_print(BIO *bp, ASN1_OBJECT *obj, ASN1_STRING *str) | |||
| 2941 | p=(char *)str->data; | 2882 | p=(char *)str->data; |
| 2942 | for (j=str->length; j>0; j--) | 2883 | for (j=str->length; j>0; j--) |
| 2943 | { | 2884 | { |
| 2885 | #ifdef CHARSET_EBCDIC | ||
| 2886 | if ((*p >= 0x20) && (*p <= 0x7e)) | ||
| 2887 | BIO_printf(bp,"%c",os_toebcdic[*p]); | ||
| 2888 | #else | ||
| 2944 | if ((*p >= ' ') && (*p <= '~')) | 2889 | if ((*p >= ' ') && (*p <= '~')) |
| 2945 | BIO_printf(bp,"%c",*p); | 2890 | BIO_printf(bp,"%c",*p); |
| 2891 | #endif | ||
| 2946 | else if (*p & 0x80) | 2892 | else if (*p & 0x80) |
| 2947 | BIO_printf(bp,"\\0x%02X",*p); | 2893 | BIO_printf(bp,"\\0x%02X",*p); |
| 2948 | else if ((unsigned char)*p == 0xf7) | 2894 | else if ((unsigned char)*p == 0xf7) |
| 2949 | BIO_printf(bp,"^?"); | 2895 | BIO_printf(bp,"^?"); |
| 2896 | #ifdef CHARSET_EBCDIC | ||
| 2897 | else BIO_printf(bp,"^%c",os_toebcdic[*p+0x40]); | ||
| 2898 | #else | ||
| 2950 | else BIO_printf(bp,"^%c",*p+'@'); | 2899 | else BIO_printf(bp,"^%c",*p+'@'); |
| 2900 | #endif | ||
| 2951 | p++; | 2901 | p++; |
| 2952 | } | 2902 | } |
| 2953 | BIO_printf(bp,"'\n"); | 2903 | BIO_printf(bp,"'\n"); |
| 2954 | return 1; | 2904 | return 1; |
| 2955 | } | 2905 | } |
| 2956 | 2906 | ||
| 2957 | int unpack_revinfo(ASN1_TIME **prevtm, int *preason, ASN1_OBJECT **phold, ASN1_GENERALIZEDTIME **pinvtm, char *str) | 2907 | int unpack_revinfo(ASN1_TIME **prevtm, int *preason, ASN1_OBJECT **phold, ASN1_GENERALIZEDTIME **pinvtm, const char *str) |
| 2958 | { | 2908 | { |
| 2959 | char *tmp = NULL; | 2909 | char *tmp = NULL; |
| 2960 | char *rtime_str, *reason_str = NULL, *arg_str = NULL, *p; | 2910 | char *rtime_str, *reason_str = NULL, *arg_str = NULL, *p; |
| 2961 | int reason_code = -1; | 2911 | int reason_code = -1; |
| 2962 | int i, ret = 0; | 2912 | int ret = 0; |
| 2913 | unsigned int i; | ||
| 2963 | ASN1_OBJECT *hold = NULL; | 2914 | ASN1_OBJECT *hold = NULL; |
| 2964 | ASN1_GENERALIZEDTIME *comp_time = NULL; | 2915 | ASN1_GENERALIZEDTIME *comp_time = NULL; |
| 2965 | tmp = BUF_strdup(str); | 2916 | tmp = BUF_strdup(str); |
diff --git a/src/lib/libssl/src/apps/ciphers.c b/src/lib/libssl/src/apps/ciphers.c index 7c62fc5dc3..43f0ac594a 100644 --- a/src/lib/libssl/src/apps/ciphers.c +++ b/src/lib/libssl/src/apps/ciphers.c | |||
| @@ -69,7 +69,7 @@ | |||
| 69 | #undef PROG | 69 | #undef PROG |
| 70 | #define PROG ciphers_main | 70 | #define PROG ciphers_main |
| 71 | 71 | ||
| 72 | static char *ciphers_usage[]={ | 72 | static const char *ciphers_usage[]={ |
| 73 | "usage: ciphers args\n", | 73 | "usage: ciphers args\n", |
| 74 | " -v - verbose mode, a textual listing of the ciphers in SSLeay\n", | 74 | " -v - verbose mode, a textual listing of the ciphers in SSLeay\n", |
| 75 | " -ssl2 - SSL2 mode\n", | 75 | " -ssl2 - SSL2 mode\n", |
| @@ -84,7 +84,7 @@ int MAIN(int argc, char **argv) | |||
| 84 | { | 84 | { |
| 85 | int ret=1,i; | 85 | int ret=1,i; |
| 86 | int verbose=0; | 86 | int verbose=0; |
| 87 | char **pp; | 87 | const char **pp; |
| 88 | const char *p; | 88 | const char *p; |
| 89 | int badops=0; | 89 | int badops=0; |
| 90 | SSL_CTX *ctx=NULL; | 90 | SSL_CTX *ctx=NULL; |
diff --git a/src/lib/libssl/src/apps/crl.c b/src/lib/libssl/src/apps/crl.c index 878f65468e..a0040fba11 100644 --- a/src/lib/libssl/src/apps/crl.c +++ b/src/lib/libssl/src/apps/crl.c | |||
| @@ -72,7 +72,7 @@ | |||
| 72 | #undef POSTFIX | 72 | #undef POSTFIX |
| 73 | #define POSTFIX ".rvk" | 73 | #define POSTFIX ".rvk" |
| 74 | 74 | ||
| 75 | static char *crl_usage[]={ | 75 | static const char *crl_usage[]={ |
| 76 | "usage: crl args\n", | 76 | "usage: crl args\n", |
| 77 | "\n", | 77 | "\n", |
| 78 | " -inform arg - input format - default PEM (DER or PEM)\n", | 78 | " -inform arg - input format - default PEM (DER or PEM)\n", |
| @@ -108,14 +108,14 @@ int MAIN(int argc, char **argv) | |||
| 108 | char *infile=NULL,*outfile=NULL; | 108 | char *infile=NULL,*outfile=NULL; |
| 109 | int hash=0,issuer=0,lastupdate=0,nextupdate=0,noout=0,text=0; | 109 | int hash=0,issuer=0,lastupdate=0,nextupdate=0,noout=0,text=0; |
| 110 | int fingerprint = 0; | 110 | int fingerprint = 0; |
| 111 | char **pp; | 111 | const char **pp; |
| 112 | X509_STORE *store = NULL; | 112 | X509_STORE *store = NULL; |
| 113 | X509_STORE_CTX ctx; | 113 | X509_STORE_CTX ctx; |
| 114 | X509_LOOKUP *lookup = NULL; | 114 | X509_LOOKUP *lookup = NULL; |
| 115 | X509_OBJECT xobj; | 115 | X509_OBJECT xobj; |
| 116 | EVP_PKEY *pkey; | 116 | EVP_PKEY *pkey; |
| 117 | int do_ver = 0; | 117 | int do_ver = 0; |
| 118 | const EVP_MD *md_alg,*digest=EVP_md5(); | 118 | const EVP_MD *md_alg,*digest=EVP_sha1(); |
| 119 | 119 | ||
| 120 | apps_startup(); | 120 | apps_startup(); |
| 121 | 121 | ||
diff --git a/src/lib/libssl/src/apps/dgst.c b/src/lib/libssl/src/apps/dgst.c index 17fb87b77c..c5ecf93d1b 100644 --- a/src/lib/libssl/src/apps/dgst.c +++ b/src/lib/libssl/src/apps/dgst.c | |||
| @@ -74,11 +74,9 @@ | |||
| 74 | #undef PROG | 74 | #undef PROG |
| 75 | #define PROG dgst_main | 75 | #define PROG dgst_main |
| 76 | 76 | ||
| 77 | static HMAC_CTX hmac_ctx; | ||
| 78 | |||
| 79 | int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout, | 77 | int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout, |
| 80 | EVP_PKEY *key, unsigned char *sigin, int siglen, const char *title, | 78 | EVP_PKEY *key, unsigned char *sigin, int siglen, const char *title, |
| 81 | const char *file,BIO *bmd,const char *hmac_key, int non_fips_allow); | 79 | const char *file,BIO *bmd,const char *hmac_key); |
| 82 | 80 | ||
| 83 | int MAIN(int, char **); | 81 | int MAIN(int, char **); |
| 84 | 82 | ||
| @@ -108,7 +106,6 @@ int MAIN(int argc, char **argv) | |||
| 108 | char *engine=NULL; | 106 | char *engine=NULL; |
| 109 | #endif | 107 | #endif |
| 110 | char *hmac_key=NULL; | 108 | char *hmac_key=NULL; |
| 111 | int non_fips_allow = 0; | ||
| 112 | 109 | ||
| 113 | apps_startup(); | 110 | apps_startup(); |
| 114 | 111 | ||
| @@ -193,8 +190,8 @@ int MAIN(int argc, char **argv) | |||
| 193 | out_bin = 1; | 190 | out_bin = 1; |
| 194 | else if (strcmp(*argv,"-d") == 0) | 191 | else if (strcmp(*argv,"-d") == 0) |
| 195 | debug=1; | 192 | debug=1; |
| 196 | else if (strcmp(*argv,"-non-fips-allow") == 0) | 193 | else if (!strcmp(*argv,"-fips-fingerprint")) |
| 197 | non_fips_allow=1; | 194 | hmac_key = "etaonrishdlcupfm"; |
| 198 | else if (!strcmp(*argv,"-hmac")) | 195 | else if (!strcmp(*argv,"-hmac")) |
| 199 | { | 196 | { |
| 200 | if (--argc < 1) | 197 | if (--argc < 1) |
| @@ -232,30 +229,45 @@ int MAIN(int argc, char **argv) | |||
| 232 | BIO_printf(bio_err,"-keyform arg key file format (PEM or ENGINE)\n"); | 229 | BIO_printf(bio_err,"-keyform arg key file format (PEM or ENGINE)\n"); |
| 233 | BIO_printf(bio_err,"-signature file signature to verify\n"); | 230 | BIO_printf(bio_err,"-signature file signature to verify\n"); |
| 234 | BIO_printf(bio_err,"-binary output in binary form\n"); | 231 | BIO_printf(bio_err,"-binary output in binary form\n"); |
| 232 | BIO_printf(bio_err,"-hmac key create hashed MAC with key\n"); | ||
| 235 | #ifndef OPENSSL_NO_ENGINE | 233 | #ifndef OPENSSL_NO_ENGINE |
| 236 | BIO_printf(bio_err,"-engine e use engine e, possibly a hardware device.\n"); | 234 | BIO_printf(bio_err,"-engine e use engine e, possibly a hardware device.\n"); |
| 237 | #endif | 235 | #endif |
| 238 | 236 | ||
| 239 | BIO_printf(bio_err,"-%3s to use the %s message digest algorithm (default)\n", | 237 | BIO_printf(bio_err,"-%-14s to use the %s message digest algorithm (default)\n", |
| 240 | LN_md5,LN_md5); | 238 | LN_md5,LN_md5); |
| 241 | BIO_printf(bio_err,"-%3s to use the %s message digest algorithm\n", | 239 | BIO_printf(bio_err,"-%-14s to use the %s message digest algorithm\n", |
| 242 | LN_md4,LN_md4); | 240 | LN_md4,LN_md4); |
| 243 | BIO_printf(bio_err,"-%3s to use the %s message digest algorithm\n", | 241 | BIO_printf(bio_err,"-%-14s to use the %s message digest algorithm\n", |
| 244 | LN_md2,LN_md2); | 242 | LN_md2,LN_md2); |
| 245 | BIO_printf(bio_err,"-%3s to use the %s message digest algorithm\n", | 243 | #ifndef OPENSSL_NO_SHA |
| 244 | BIO_printf(bio_err,"-%-14s to use the %s message digest algorithm\n", | ||
| 246 | LN_sha1,LN_sha1); | 245 | LN_sha1,LN_sha1); |
| 247 | BIO_printf(bio_err,"-%3s to use the %s message digest algorithm\n", | 246 | BIO_printf(bio_err,"-%-14s to use the %s message digest algorithm\n", |
| 248 | LN_sha,LN_sha); | 247 | LN_sha,LN_sha); |
| 249 | BIO_printf(bio_err,"-%3s to use the %s message digest algorithm\n", | 248 | #ifndef OPENSSL_NO_SHA256 |
| 249 | BIO_printf(bio_err,"-%-14s to use the %s message digest algorithm\n", | ||
| 250 | LN_sha224,LN_sha224); | ||
| 251 | BIO_printf(bio_err,"-%-14s to use the %s message digest algorithm\n", | ||
| 252 | LN_sha256,LN_sha256); | ||
| 253 | #endif | ||
| 254 | #ifndef OPENSSL_NO_SHA512 | ||
| 255 | BIO_printf(bio_err,"-%-14s to use the %s message digest algorithm\n", | ||
| 256 | LN_sha384,LN_sha384); | ||
| 257 | BIO_printf(bio_err,"-%-14s to use the %s message digest algorithm\n", | ||
| 258 | LN_sha512,LN_sha512); | ||
| 259 | #endif | ||
| 260 | #endif | ||
| 261 | BIO_printf(bio_err,"-%-14s to use the %s message digest algorithm\n", | ||
| 250 | LN_mdc2,LN_mdc2); | 262 | LN_mdc2,LN_mdc2); |
| 251 | BIO_printf(bio_err,"-%3s to use the %s message digest algorithm\n", | 263 | BIO_printf(bio_err,"-%-14s to use the %s message digest algorithm\n", |
| 252 | LN_ripemd160,LN_ripemd160); | 264 | LN_ripemd160,LN_ripemd160); |
| 253 | err=1; | 265 | err=1; |
| 254 | goto end; | 266 | goto end; |
| 255 | } | 267 | } |
| 256 | 268 | ||
| 257 | #ifndef OPENSSL_NO_ENGINE | 269 | #ifndef OPENSSL_NO_ENGINE |
| 258 | e = setup_engine(bio_err, engine, 0); | 270 | e = setup_engine(bio_err, engine, 0); |
| 259 | #endif | 271 | #endif |
| 260 | 272 | ||
| 261 | in=BIO_new(BIO_s_file()); | 273 | in=BIO_new(BIO_s_file()); |
| @@ -264,7 +276,7 @@ int MAIN(int argc, char **argv) | |||
| 264 | { | 276 | { |
| 265 | BIO_set_callback(in,BIO_debug_callback); | 277 | BIO_set_callback(in,BIO_debug_callback); |
| 266 | /* needed for windows 3.1 */ | 278 | /* needed for windows 3.1 */ |
| 267 | BIO_set_callback_arg(in,bio_err); | 279 | BIO_set_callback_arg(in,(char *)bio_err); |
| 268 | } | 280 | } |
| 269 | 281 | ||
| 270 | if(!app_passwd(bio_err, passargin, NULL, &passin, NULL)) | 282 | if(!app_passwd(bio_err, passargin, NULL, &passin, NULL)) |
| @@ -344,19 +356,13 @@ int MAIN(int argc, char **argv) | |||
| 344 | goto end; | 356 | goto end; |
| 345 | } | 357 | } |
| 346 | } | 358 | } |
| 359 | |||
| 347 | 360 | ||
| 348 | if (non_fips_allow) | ||
| 349 | { | ||
| 350 | EVP_MD_CTX *md_ctx; | ||
| 351 | BIO_get_md_ctx(bmd,&md_ctx); | ||
| 352 | EVP_MD_CTX_set_flags(md_ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); | ||
| 353 | } | ||
| 354 | 361 | ||
| 355 | /* we use md as a filter, reading from 'in' */ | 362 | /* we use md as a filter, reading from 'in' */ |
| 356 | if (!BIO_set_md(bmd,md)) | 363 | if (!BIO_set_md(bmd,md)) |
| 357 | { | 364 | { |
| 358 | BIO_printf(bio_err, "Error setting digest %s\n", | 365 | BIO_printf(bio_err, "Error setting digest %s\n", pname); |
| 359 | EVP_MD_name(md)); | ||
| 360 | ERR_print_errors(bio_err); | 366 | ERR_print_errors(bio_err); |
| 361 | goto end; | 367 | goto end; |
| 362 | } | 368 | } |
| @@ -367,7 +373,7 @@ int MAIN(int argc, char **argv) | |||
| 367 | { | 373 | { |
| 368 | BIO_set_fp(in,stdin,BIO_NOCLOSE); | 374 | BIO_set_fp(in,stdin,BIO_NOCLOSE); |
| 369 | err=do_fp(out, buf,inp,separator, out_bin, sigkey, sigbuf, | 375 | err=do_fp(out, buf,inp,separator, out_bin, sigkey, sigbuf, |
| 370 | siglen,"","(stdin)",bmd,hmac_key, non_fips_allow); | 376 | siglen,"","(stdin)",bmd,hmac_key); |
| 371 | } | 377 | } |
| 372 | else | 378 | else |
| 373 | { | 379 | { |
| @@ -393,7 +399,7 @@ int MAIN(int argc, char **argv) | |||
| 393 | else | 399 | else |
| 394 | tmp=""; | 400 | tmp=""; |
| 395 | r=do_fp(out,buf,inp,separator,out_bin,sigkey,sigbuf, | 401 | r=do_fp(out,buf,inp,separator,out_bin,sigkey,sigbuf, |
| 396 | siglen,tmp,argv[i],bmd,hmac_key,non_fips_allow); | 402 | siglen,tmp,argv[i],bmd,hmac_key); |
| 397 | if(r) | 403 | if(r) |
| 398 | err=r; | 404 | err=r; |
| 399 | if(tofree) | 405 | if(tofree) |
| @@ -420,11 +426,12 @@ end: | |||
| 420 | 426 | ||
| 421 | int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout, | 427 | int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout, |
| 422 | EVP_PKEY *key, unsigned char *sigin, int siglen, const char *title, | 428 | EVP_PKEY *key, unsigned char *sigin, int siglen, const char *title, |
| 423 | const char *file,BIO *bmd,const char *hmac_key, int non_fips_allow) | 429 | const char *file,BIO *bmd,const char *hmac_key) |
| 424 | { | 430 | { |
| 425 | unsigned int len; | 431 | unsigned int len; |
| 426 | int i; | 432 | int i; |
| 427 | EVP_MD_CTX *md_ctx; | 433 | EVP_MD_CTX *md_ctx; |
| 434 | HMAC_CTX hmac_ctx; | ||
| 428 | 435 | ||
| 429 | if (hmac_key) | 436 | if (hmac_key) |
| 430 | { | 437 | { |
| @@ -432,9 +439,6 @@ int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout, | |||
| 432 | 439 | ||
| 433 | BIO_get_md(bmd,&md); | 440 | BIO_get_md(bmd,&md); |
| 434 | HMAC_CTX_init(&hmac_ctx); | 441 | HMAC_CTX_init(&hmac_ctx); |
| 435 | if (non_fips_allow) | ||
| 436 | HMAC_CTX_set_flags(&hmac_ctx, | ||
| 437 | EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); | ||
| 438 | HMAC_Init_ex(&hmac_ctx,hmac_key,strlen(hmac_key),md, NULL); | 442 | HMAC_Init_ex(&hmac_ctx,hmac_key,strlen(hmac_key),md, NULL); |
| 439 | BIO_get_md_ctx(bmd,&md_ctx); | 443 | BIO_get_md_ctx(bmd,&md_ctx); |
| 440 | BIO_set_md_ctx(bmd,&hmac_ctx.md_ctx); | 444 | BIO_set_md_ctx(bmd,&hmac_ctx.md_ctx); |
| @@ -493,7 +497,7 @@ int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout, | |||
| 493 | else | 497 | else |
| 494 | { | 498 | { |
| 495 | BIO_write(out,title,strlen(title)); | 499 | BIO_write(out,title,strlen(title)); |
| 496 | for (i=0; (unsigned int)i<len; i++) | 500 | for (i=0; i<(int)len; i++) |
| 497 | { | 501 | { |
| 498 | if (sep && (i != 0)) | 502 | if (sep && (i != 0)) |
| 499 | BIO_printf(out, ":"); | 503 | BIO_printf(out, ":"); |
diff --git a/src/lib/libssl/src/apps/dh.c b/src/lib/libssl/src/apps/dh.c index cd01fed139..c4d891e125 100644 --- a/src/lib/libssl/src/apps/dh.c +++ b/src/lib/libssl/src/apps/dh.c | |||
| @@ -57,6 +57,7 @@ | |||
| 57 | * [including the GNU Public Licence.] | 57 | * [including the GNU Public Licence.] |
| 58 | */ | 58 | */ |
| 59 | 59 | ||
| 60 | #include <openssl/opensslconf.h> /* for OPENSSL_NO_DH */ | ||
| 60 | #ifndef OPENSSL_NO_DH | 61 | #ifndef OPENSSL_NO_DH |
| 61 | #include <stdio.h> | 62 | #include <stdio.h> |
| 62 | #include <stdlib.h> | 63 | #include <stdlib.h> |
diff --git a/src/lib/libssl/src/apps/dhparam.c b/src/lib/libssl/src/apps/dhparam.c index 8fe3f18d7c..5725a20d07 100644 --- a/src/lib/libssl/src/apps/dhparam.c +++ b/src/lib/libssl/src/apps/dhparam.c | |||
| @@ -109,6 +109,7 @@ | |||
| 109 | * | 109 | * |
| 110 | */ | 110 | */ |
| 111 | 111 | ||
| 112 | #include <openssl/opensslconf.h> /* for OPENSSL_NO_DH */ | ||
| 112 | #ifndef OPENSSL_NO_DH | 113 | #ifndef OPENSSL_NO_DH |
| 113 | #include <stdio.h> | 114 | #include <stdio.h> |
| 114 | #include <stdlib.h> | 115 | #include <stdlib.h> |
| @@ -142,7 +143,7 @@ | |||
| 142 | * -C | 143 | * -C |
| 143 | */ | 144 | */ |
| 144 | 145 | ||
| 145 | static void MS_CALLBACK dh_cb(int p, int n, void *arg); | 146 | static int MS_CALLBACK dh_cb(int p, int n, BN_GENCB *cb); |
| 146 | 147 | ||
| 147 | int MAIN(int, char **); | 148 | int MAIN(int, char **); |
| 148 | 149 | ||
| @@ -294,6 +295,8 @@ bad: | |||
| 294 | 295 | ||
| 295 | if(num) { | 296 | if(num) { |
| 296 | 297 | ||
| 298 | BN_GENCB cb; | ||
| 299 | BN_GENCB_set(&cb, dh_cb, bio_err); | ||
| 297 | if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL) | 300 | if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL) |
| 298 | { | 301 | { |
| 299 | BIO_printf(bio_err,"warning, not much extra random data, consider using the -rand option\n"); | 302 | BIO_printf(bio_err,"warning, not much extra random data, consider using the -rand option\n"); |
| @@ -305,12 +308,13 @@ bad: | |||
| 305 | #ifndef OPENSSL_NO_DSA | 308 | #ifndef OPENSSL_NO_DSA |
| 306 | if (dsaparam) | 309 | if (dsaparam) |
| 307 | { | 310 | { |
| 308 | DSA *dsa; | 311 | DSA *dsa = DSA_new(); |
| 309 | 312 | ||
| 310 | BIO_printf(bio_err,"Generating DSA parameters, %d bit long prime\n",num); | 313 | BIO_printf(bio_err,"Generating DSA parameters, %d bit long prime\n",num); |
| 311 | dsa = DSA_generate_parameters(num, NULL, 0, NULL, NULL, dh_cb, bio_err); | 314 | if(!dsa || !DSA_generate_parameters_ex(dsa, num, |
| 312 | if (dsa == NULL) | 315 | NULL, 0, NULL, NULL, &cb)) |
| 313 | { | 316 | { |
| 317 | if(dsa) DSA_free(dsa); | ||
| 314 | ERR_print_errors(bio_err); | 318 | ERR_print_errors(bio_err); |
| 315 | goto end; | 319 | goto end; |
| 316 | } | 320 | } |
| @@ -326,12 +330,12 @@ bad: | |||
| 326 | else | 330 | else |
| 327 | #endif | 331 | #endif |
| 328 | { | 332 | { |
| 333 | dh = DH_new(); | ||
| 329 | BIO_printf(bio_err,"Generating DH parameters, %d bit long safe prime, generator %d\n",num,g); | 334 | BIO_printf(bio_err,"Generating DH parameters, %d bit long safe prime, generator %d\n",num,g); |
| 330 | BIO_printf(bio_err,"This is going to take a long time\n"); | 335 | BIO_printf(bio_err,"This is going to take a long time\n"); |
| 331 | dh=DH_generate_parameters(num,g,dh_cb,bio_err); | 336 | if(!dh || !DH_generate_parameters_ex(dh, num, g, &cb)) |
| 332 | |||
| 333 | if (dh == NULL) | ||
| 334 | { | 337 | { |
| 338 | if(dh) DH_free(dh); | ||
| 335 | ERR_print_errors(bio_err); | 339 | ERR_print_errors(bio_err); |
| 336 | goto end; | 340 | goto end; |
| 337 | } | 341 | } |
| @@ -534,7 +538,7 @@ end: | |||
| 534 | } | 538 | } |
| 535 | 539 | ||
| 536 | /* dh_cb is identical to dsa_cb in apps/dsaparam.c */ | 540 | /* dh_cb is identical to dsa_cb in apps/dsaparam.c */ |
| 537 | static void MS_CALLBACK dh_cb(int p, int n, void *arg) | 541 | static int MS_CALLBACK dh_cb(int p, int n, BN_GENCB *cb) |
| 538 | { | 542 | { |
| 539 | char c='*'; | 543 | char c='*'; |
| 540 | 544 | ||
| @@ -542,11 +546,12 @@ static void MS_CALLBACK dh_cb(int p, int n, void *arg) | |||
| 542 | if (p == 1) c='+'; | 546 | if (p == 1) c='+'; |
| 543 | if (p == 2) c='*'; | 547 | if (p == 2) c='*'; |
| 544 | if (p == 3) c='\n'; | 548 | if (p == 3) c='\n'; |
| 545 | BIO_write((BIO *)arg,&c,1); | 549 | BIO_write(cb->arg,&c,1); |
| 546 | (void)BIO_flush((BIO *)arg); | 550 | (void)BIO_flush(cb->arg); |
| 547 | #ifdef LINT | 551 | #ifdef LINT |
| 548 | p=n; | 552 | p=n; |
| 549 | #endif | 553 | #endif |
| 554 | return 1; | ||
| 550 | } | 555 | } |
| 551 | 556 | ||
| 552 | #endif | 557 | #endif |
diff --git a/src/lib/libssl/src/apps/dsa.c b/src/lib/libssl/src/apps/dsa.c index e9de3a3bdf..9e103037dd 100644 --- a/src/lib/libssl/src/apps/dsa.c +++ b/src/lib/libssl/src/apps/dsa.c | |||
| @@ -56,6 +56,7 @@ | |||
| 56 | * [including the GNU Public Licence.] | 56 | * [including the GNU Public Licence.] |
| 57 | */ | 57 | */ |
| 58 | 58 | ||
| 59 | #include <openssl/opensslconf.h> /* for OPENSSL_NO_DSA */ | ||
| 59 | #ifndef OPENSSL_NO_DSA | 60 | #ifndef OPENSSL_NO_DSA |
| 60 | #include <stdio.h> | 61 | #include <stdio.h> |
| 61 | #include <stdlib.h> | 62 | #include <stdlib.h> |
| @@ -68,6 +69,7 @@ | |||
| 68 | #include <openssl/evp.h> | 69 | #include <openssl/evp.h> |
| 69 | #include <openssl/x509.h> | 70 | #include <openssl/x509.h> |
| 70 | #include <openssl/pem.h> | 71 | #include <openssl/pem.h> |
| 72 | #include <openssl/bn.h> | ||
| 71 | 73 | ||
| 72 | #undef PROG | 74 | #undef PROG |
| 73 | #define PROG dsa_main | 75 | #define PROG dsa_main |
| @@ -82,6 +84,10 @@ | |||
| 82 | * -aes128 - encrypt output if PEM format | 84 | * -aes128 - encrypt output if PEM format |
| 83 | * -aes192 - encrypt output if PEM format | 85 | * -aes192 - encrypt output if PEM format |
| 84 | * -aes256 - encrypt output if PEM format | 86 | * -aes256 - encrypt output if PEM format |
| 87 | * -camellia128 - encrypt output if PEM format | ||
| 88 | * -camellia192 - encrypt output if PEM format | ||
| 89 | * -camellia256 - encrypt output if PEM format | ||
| 90 | * -seed - encrypt output if PEM format | ||
| 85 | * -text - print a text version | 91 | * -text - print a text version |
| 86 | * -modulus - print the DSA public key | 92 | * -modulus - print the DSA public key |
| 87 | */ | 93 | */ |
| @@ -210,6 +216,13 @@ bad: | |||
| 210 | BIO_printf(bio_err," -aes128, -aes192, -aes256\n"); | 216 | BIO_printf(bio_err," -aes128, -aes192, -aes256\n"); |
| 211 | BIO_printf(bio_err," encrypt PEM output with cbc aes\n"); | 217 | BIO_printf(bio_err," encrypt PEM output with cbc aes\n"); |
| 212 | #endif | 218 | #endif |
| 219 | #ifndef OPENSSL_NO_CAMELLIA | ||
| 220 | BIO_printf(bio_err," -camellia128, -camellia192, -camellia256\n"); | ||
| 221 | BIO_printf(bio_err," encrypt PEM output with cbc camellia\n"); | ||
| 222 | #endif | ||
| 223 | #ifndef OPENSSL_NO_SEED | ||
| 224 | BIO_printf(bio_err," -seed encrypt PEM output with cbc seed\n"); | ||
| 225 | #endif | ||
| 213 | BIO_printf(bio_err," -text print the key in text\n"); | 226 | BIO_printf(bio_err," -text print the key in text\n"); |
| 214 | BIO_printf(bio_err," -noout don't print key out\n"); | 227 | BIO_printf(bio_err," -noout don't print key out\n"); |
| 215 | BIO_printf(bio_err," -modulus print the DSA public value\n"); | 228 | BIO_printf(bio_err," -modulus print the DSA public value\n"); |
diff --git a/src/lib/libssl/src/apps/dsaparam.c b/src/lib/libssl/src/apps/dsaparam.c index 04861e8986..c301e81af1 100644 --- a/src/lib/libssl/src/apps/dsaparam.c +++ b/src/lib/libssl/src/apps/dsaparam.c | |||
| @@ -56,6 +56,13 @@ | |||
| 56 | * [including the GNU Public Licence.] | 56 | * [including the GNU Public Licence.] |
| 57 | */ | 57 | */ |
| 58 | 58 | ||
| 59 | #include <openssl/opensslconf.h> /* for OPENSSL_NO_DSA */ | ||
| 60 | /* Until the key-gen callbacks are modified to use newer prototypes, we allow | ||
| 61 | * deprecated functions for openssl-internal code */ | ||
| 62 | #ifdef OPENSSL_NO_DEPRECATED | ||
| 63 | #undef OPENSSL_NO_DEPRECATED | ||
| 64 | #endif | ||
| 65 | |||
| 59 | #ifndef OPENSSL_NO_DSA | 66 | #ifndef OPENSSL_NO_DSA |
| 60 | #include <assert.h> | 67 | #include <assert.h> |
| 61 | #include <stdio.h> | 68 | #include <stdio.h> |
| @@ -82,9 +89,23 @@ | |||
| 82 | * -C | 89 | * -C |
| 83 | * -noout | 90 | * -noout |
| 84 | * -genkey | 91 | * -genkey |
| 92 | * #ifdef GENCB_TEST | ||
| 93 | * -timebomb n - interrupt keygen after <n> seconds | ||
| 94 | * #endif | ||
| 85 | */ | 95 | */ |
| 86 | 96 | ||
| 87 | static void MS_CALLBACK dsa_cb(int p, int n, void *arg); | 97 | #ifdef GENCB_TEST |
| 98 | |||
| 99 | static int stop_keygen_flag = 0; | ||
| 100 | |||
| 101 | static void timebomb_sigalarm(int foo) | ||
| 102 | { | ||
| 103 | stop_keygen_flag = 1; | ||
| 104 | } | ||
| 105 | |||
| 106 | #endif | ||
| 107 | |||
| 108 | static int MS_CALLBACK dsa_cb(int p, int n, BN_GENCB *cb); | ||
| 88 | 109 | ||
| 89 | int MAIN(int, char **); | 110 | int MAIN(int, char **); |
| 90 | 111 | ||
| @@ -103,6 +124,9 @@ int MAIN(int argc, char **argv) | |||
| 103 | #ifndef OPENSSL_NO_ENGINE | 124 | #ifndef OPENSSL_NO_ENGINE |
| 104 | char *engine=NULL; | 125 | char *engine=NULL; |
| 105 | #endif | 126 | #endif |
| 127 | #ifdef GENCB_TEST | ||
| 128 | int timebomb=0; | ||
| 129 | #endif | ||
| 106 | 130 | ||
| 107 | apps_startup(); | 131 | apps_startup(); |
| 108 | 132 | ||
| @@ -150,6 +174,13 @@ int MAIN(int argc, char **argv) | |||
| 150 | engine = *(++argv); | 174 | engine = *(++argv); |
| 151 | } | 175 | } |
| 152 | #endif | 176 | #endif |
| 177 | #ifdef GENCB_TEST | ||
| 178 | else if(strcmp(*argv, "-timebomb") == 0) | ||
| 179 | { | ||
| 180 | if (--argc < 1) goto bad; | ||
| 181 | timebomb = atoi(*(++argv)); | ||
| 182 | } | ||
| 183 | #endif | ||
| 153 | else if (strcmp(*argv,"-text") == 0) | 184 | else if (strcmp(*argv,"-text") == 0) |
| 154 | text=1; | 185 | text=1; |
| 155 | else if (strcmp(*argv,"-C") == 0) | 186 | else if (strcmp(*argv,"-C") == 0) |
| @@ -200,6 +231,9 @@ bad: | |||
| 200 | #ifndef OPENSSL_NO_ENGINE | 231 | #ifndef OPENSSL_NO_ENGINE |
| 201 | BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n"); | 232 | BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n"); |
| 202 | #endif | 233 | #endif |
| 234 | #ifdef GENCB_TEST | ||
| 235 | BIO_printf(bio_err," -timebomb n interrupt keygen after <n> seconds\n"); | ||
| 236 | #endif | ||
| 203 | BIO_printf(bio_err," number number of bits to use for generating private key\n"); | 237 | BIO_printf(bio_err," number number of bits to use for generating private key\n"); |
| 204 | goto end; | 238 | goto end; |
| 205 | } | 239 | } |
| @@ -257,10 +291,47 @@ bad: | |||
| 257 | 291 | ||
| 258 | if (numbits > 0) | 292 | if (numbits > 0) |
| 259 | { | 293 | { |
| 294 | BN_GENCB cb; | ||
| 295 | BN_GENCB_set(&cb, dsa_cb, bio_err); | ||
| 260 | assert(need_rand); | 296 | assert(need_rand); |
| 297 | dsa = DSA_new(); | ||
| 298 | if(!dsa) | ||
| 299 | { | ||
| 300 | BIO_printf(bio_err,"Error allocating DSA object\n"); | ||
| 301 | goto end; | ||
| 302 | } | ||
| 261 | BIO_printf(bio_err,"Generating DSA parameters, %d bit long prime\n",num); | 303 | BIO_printf(bio_err,"Generating DSA parameters, %d bit long prime\n",num); |
| 262 | BIO_printf(bio_err,"This could take some time\n"); | 304 | BIO_printf(bio_err,"This could take some time\n"); |
| 263 | dsa=DSA_generate_parameters(num,NULL,0,NULL,NULL, dsa_cb,bio_err); | 305 | #ifdef GENCB_TEST |
| 306 | if(timebomb > 0) | ||
| 307 | { | ||
| 308 | struct sigaction act; | ||
| 309 | act.sa_handler = timebomb_sigalarm; | ||
| 310 | act.sa_flags = 0; | ||
| 311 | BIO_printf(bio_err,"(though I'll stop it if not done within %d secs)\n", | ||
| 312 | timebomb); | ||
| 313 | if(sigaction(SIGALRM, &act, NULL) != 0) | ||
| 314 | { | ||
| 315 | BIO_printf(bio_err,"Error, couldn't set SIGALRM handler\n"); | ||
| 316 | goto end; | ||
| 317 | } | ||
| 318 | alarm(timebomb); | ||
| 319 | } | ||
| 320 | #endif | ||
| 321 | if(!DSA_generate_parameters_ex(dsa,num,NULL,0,NULL,NULL, &cb)) | ||
| 322 | { | ||
| 323 | #ifdef GENCB_TEST | ||
| 324 | if(stop_keygen_flag) | ||
| 325 | { | ||
| 326 | BIO_printf(bio_err,"DSA key generation time-stopped\n"); | ||
| 327 | /* This is an asked-for behaviour! */ | ||
| 328 | ret = 0; | ||
| 329 | goto end; | ||
| 330 | } | ||
| 331 | #endif | ||
| 332 | BIO_printf(bio_err,"Error, DSA key generation failed\n"); | ||
| 333 | goto end; | ||
| 334 | } | ||
| 264 | } | 335 | } |
| 265 | else if (informat == FORMAT_ASN1) | 336 | else if (informat == FORMAT_ASN1) |
| 266 | dsa=d2i_DSAparams_bio(in,NULL); | 337 | dsa=d2i_DSAparams_bio(in,NULL); |
| @@ -385,7 +456,7 @@ end: | |||
| 385 | OPENSSL_EXIT(ret); | 456 | OPENSSL_EXIT(ret); |
| 386 | } | 457 | } |
| 387 | 458 | ||
| 388 | static void MS_CALLBACK dsa_cb(int p, int n, void *arg) | 459 | static int MS_CALLBACK dsa_cb(int p, int n, BN_GENCB *cb) |
| 389 | { | 460 | { |
| 390 | char c='*'; | 461 | char c='*'; |
| 391 | 462 | ||
| @@ -393,10 +464,15 @@ static void MS_CALLBACK dsa_cb(int p, int n, void *arg) | |||
| 393 | if (p == 1) c='+'; | 464 | if (p == 1) c='+'; |
| 394 | if (p == 2) c='*'; | 465 | if (p == 2) c='*'; |
| 395 | if (p == 3) c='\n'; | 466 | if (p == 3) c='\n'; |
| 396 | BIO_write(arg,&c,1); | 467 | BIO_write(cb->arg,&c,1); |
| 397 | (void)BIO_flush(arg); | 468 | (void)BIO_flush(cb->arg); |
| 398 | #ifdef LINT | 469 | #ifdef LINT |
| 399 | p=n; | 470 | p=n; |
| 400 | #endif | 471 | #endif |
| 472 | #ifdef GENCB_TEST | ||
| 473 | if(stop_keygen_flag) | ||
| 474 | return 0; | ||
| 475 | #endif | ||
| 476 | return 1; | ||
| 401 | } | 477 | } |
| 402 | #endif | 478 | #endif |
diff --git a/src/lib/libssl/src/apps/enc.c b/src/lib/libssl/src/apps/enc.c index 6f3161395e..a41ea800ac 100644 --- a/src/lib/libssl/src/apps/enc.c +++ b/src/lib/libssl/src/apps/enc.c | |||
| @@ -127,7 +127,6 @@ int MAIN(int argc, char **argv) | |||
| 127 | char *engine = NULL; | 127 | char *engine = NULL; |
| 128 | #endif | 128 | #endif |
| 129 | const EVP_MD *dgst=NULL; | 129 | const EVP_MD *dgst=NULL; |
| 130 | int non_fips_allow = 0; | ||
| 131 | 130 | ||
| 132 | apps_startup(); | 131 | apps_startup(); |
| 133 | 132 | ||
| @@ -262,8 +261,6 @@ int MAIN(int argc, char **argv) | |||
| 262 | if (--argc < 1) goto bad; | 261 | if (--argc < 1) goto bad; |
| 263 | md= *(++argv); | 262 | md= *(++argv); |
| 264 | } | 263 | } |
| 265 | else if (strcmp(*argv,"-non-fips-allow") == 0) | ||
| 266 | non_fips_allow = 1; | ||
| 267 | else if ((argv[0][0] == '-') && | 264 | else if ((argv[0][0] == '-') && |
| 268 | ((c=EVP_get_cipherbyname(&(argv[0][1]))) != NULL)) | 265 | ((c=EVP_get_cipherbyname(&(argv[0][1]))) != NULL)) |
| 269 | { | 266 | { |
| @@ -317,10 +314,7 @@ bad: | |||
| 317 | 314 | ||
| 318 | if (dgst == NULL) | 315 | if (dgst == NULL) |
| 319 | { | 316 | { |
| 320 | if (in_FIPS_mode) | 317 | dgst = EVP_md5(); |
| 321 | dgst = EVP_sha1(); | ||
| 322 | else | ||
| 323 | dgst = EVP_md5(); | ||
| 324 | } | 318 | } |
| 325 | 319 | ||
| 326 | if (bufsize != NULL) | 320 | if (bufsize != NULL) |
| @@ -346,7 +340,7 @@ bad: | |||
| 346 | } | 340 | } |
| 347 | 341 | ||
| 348 | /* It must be large enough for a base64 encoded line */ | 342 | /* It must be large enough for a base64 encoded line */ |
| 349 | if (n < 80) n=80; | 343 | if (base64 && n < 80) n=80; |
| 350 | 344 | ||
| 351 | bsize=(int)n; | 345 | bsize=(int)n; |
| 352 | if (verbose) BIO_printf(bio_err,"bufsize=%d\n",bsize); | 346 | if (verbose) BIO_printf(bio_err,"bufsize=%d\n",bsize); |
| @@ -371,12 +365,16 @@ bad: | |||
| 371 | { | 365 | { |
| 372 | BIO_set_callback(in,BIO_debug_callback); | 366 | BIO_set_callback(in,BIO_debug_callback); |
| 373 | BIO_set_callback(out,BIO_debug_callback); | 367 | BIO_set_callback(out,BIO_debug_callback); |
| 374 | BIO_set_callback_arg(in,bio_err); | 368 | BIO_set_callback_arg(in,(char *)bio_err); |
| 375 | BIO_set_callback_arg(out,bio_err); | 369 | BIO_set_callback_arg(out,(char *)bio_err); |
| 376 | } | 370 | } |
| 377 | 371 | ||
| 378 | if (inf == NULL) | 372 | if (inf == NULL) |
| 373 | { | ||
| 374 | if (bufsize != NULL) | ||
| 375 | setvbuf(stdin, (char *)NULL, _IONBF, 0); | ||
| 379 | BIO_set_fp(in,stdin,BIO_NOCLOSE); | 376 | BIO_set_fp(in,stdin,BIO_NOCLOSE); |
| 377 | } | ||
| 380 | else | 378 | else |
| 381 | { | 379 | { |
| 382 | if (BIO_read_filename(in,inf) <= 0) | 380 | if (BIO_read_filename(in,inf) <= 0) |
| @@ -427,6 +425,8 @@ bad: | |||
| 427 | if (outf == NULL) | 425 | if (outf == NULL) |
| 428 | { | 426 | { |
| 429 | BIO_set_fp(out,stdout,BIO_NOCLOSE); | 427 | BIO_set_fp(out,stdout,BIO_NOCLOSE); |
| 428 | if (bufsize != NULL) | ||
| 429 | setvbuf(stdout, (char *)NULL, _IONBF, 0); | ||
| 430 | #ifdef OPENSSL_SYS_VMS | 430 | #ifdef OPENSSL_SYS_VMS |
| 431 | { | 431 | { |
| 432 | BIO *tmpbio = BIO_new(BIO_f_linebuffer()); | 432 | BIO *tmpbio = BIO_new(BIO_f_linebuffer()); |
| @@ -453,7 +453,7 @@ bad: | |||
| 453 | if (debug) | 453 | if (debug) |
| 454 | { | 454 | { |
| 455 | BIO_set_callback(b64,BIO_debug_callback); | 455 | BIO_set_callback(b64,BIO_debug_callback); |
| 456 | BIO_set_callback_arg(b64,bio_err); | 456 | BIO_set_callback_arg(b64,(char *)bio_err); |
| 457 | } | 457 | } |
| 458 | if (olb64) | 458 | if (olb64) |
| 459 | BIO_set_flags(b64,BIO_FLAGS_BASE64_NO_NL); | 459 | BIO_set_flags(b64,BIO_FLAGS_BASE64_NO_NL); |
| @@ -552,19 +552,7 @@ bad: | |||
| 552 | if (!EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, enc)) | 552 | if (!EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, enc)) |
| 553 | { | 553 | { |
| 554 | BIO_printf(bio_err, "Error setting cipher %s\n", | 554 | BIO_printf(bio_err, "Error setting cipher %s\n", |
| 555 | EVP_CIPHER_name(cipher)); | 555 | EVP_CIPHER_name(cipher)); |
| 556 | ERR_print_errors(bio_err); | ||
| 557 | goto end; | ||
| 558 | } | ||
| 559 | |||
| 560 | if (non_fips_allow) | ||
| 561 | EVP_CIPHER_CTX_set_flags(ctx, | ||
| 562 | EVP_CIPH_FLAG_NON_FIPS_ALLOW); | ||
| 563 | |||
| 564 | if (!EVP_CipherInit_ex(ctx, NULL, NULL, key, iv, enc)) | ||
| 565 | { | ||
| 566 | BIO_printf(bio_err, "Error setting cipher %s\n", | ||
| 567 | EVP_CIPHER_name(cipher)); | ||
| 568 | ERR_print_errors(bio_err); | 556 | ERR_print_errors(bio_err); |
| 569 | goto end; | 557 | goto end; |
| 570 | } | 558 | } |
| @@ -575,7 +563,7 @@ bad: | |||
| 575 | if (!EVP_CipherInit_ex(ctx, NULL, NULL, key, iv, enc)) | 563 | if (!EVP_CipherInit_ex(ctx, NULL, NULL, key, iv, enc)) |
| 576 | { | 564 | { |
| 577 | BIO_printf(bio_err, "Error setting cipher %s\n", | 565 | BIO_printf(bio_err, "Error setting cipher %s\n", |
| 578 | EVP_CIPHER_name(cipher)); | 566 | EVP_CIPHER_name(cipher)); |
| 579 | ERR_print_errors(bio_err); | 567 | ERR_print_errors(bio_err); |
| 580 | goto end; | 568 | goto end; |
| 581 | } | 569 | } |
| @@ -583,7 +571,7 @@ bad: | |||
| 583 | if (debug) | 571 | if (debug) |
| 584 | { | 572 | { |
| 585 | BIO_set_callback(benc,BIO_debug_callback); | 573 | BIO_set_callback(benc,BIO_debug_callback); |
| 586 | BIO_set_callback_arg(benc,bio_err); | 574 | BIO_set_callback_arg(benc,(char *)bio_err); |
| 587 | } | 575 | } |
| 588 | 576 | ||
| 589 | if (printkey) | 577 | if (printkey) |
| @@ -591,7 +579,7 @@ bad: | |||
| 591 | if (!nosalt) | 579 | if (!nosalt) |
| 592 | { | 580 | { |
| 593 | printf("salt="); | 581 | printf("salt="); |
| 594 | for (i=0; i<sizeof salt; i++) | 582 | for (i=0; i<(int)sizeof(salt); i++) |
| 595 | printf("%02X",salt[i]); | 583 | printf("%02X",salt[i]); |
| 596 | printf("\n"); | 584 | printf("\n"); |
| 597 | } | 585 | } |
diff --git a/src/lib/libssl/src/apps/engine.c b/src/lib/libssl/src/apps/engine.c index e8a599f9e5..25c8617107 100644 --- a/src/lib/libssl/src/apps/engine.c +++ b/src/lib/libssl/src/apps/engine.c | |||
| @@ -72,14 +72,15 @@ | |||
| 72 | #undef PROG | 72 | #undef PROG |
| 73 | #define PROG engine_main | 73 | #define PROG engine_main |
| 74 | 74 | ||
| 75 | static char *engine_usage[]={ | 75 | static const char *engine_usage[]={ |
| 76 | "usage: engine opts [engine ...]\n", | 76 | "usage: engine opts [engine ...]\n", |
| 77 | " -v[v[v[v]]] - verbose mode, for each engine, list its 'control commands'\n", | 77 | " -v[v[v[v]]] - verbose mode, for each engine, list its 'control commands'\n", |
| 78 | " -vv will additionally display each command's description\n", | 78 | " -vv will additionally display each command's description\n", |
| 79 | " -vvv will also add the input flags for each command\n", | 79 | " -vvv will also add the input flags for each command\n", |
| 80 | " -vvvv will also show internal input flags\n", | 80 | " -vvvv will also show internal input flags\n", |
| 81 | " -c - for each engine, also list the capabilities\n", | 81 | " -c - for each engine, also list the capabilities\n", |
| 82 | " -t - for each engine, check that they are really available\n", | 82 | " -t[t] - for each engine, check that they are really available\n", |
| 83 | " -tt will display error trace for unavailable engines\n", | ||
| 83 | " -pre <cmd> - runs command 'cmd' against the ENGINE before any attempts\n", | 84 | " -pre <cmd> - runs command 'cmd' against the ENGINE before any attempts\n", |
| 84 | " to load it (if -t is used)\n", | 85 | " to load it (if -t is used)\n", |
| 85 | " -post <cmd> - runs command 'cmd' against the ENGINE after loading it\n", | 86 | " -post <cmd> - runs command 'cmd' against the ENGINE after loading it\n", |
| @@ -343,8 +344,8 @@ int MAIN(int, char **); | |||
| 343 | int MAIN(int argc, char **argv) | 344 | int MAIN(int argc, char **argv) |
| 344 | { | 345 | { |
| 345 | int ret=1,i; | 346 | int ret=1,i; |
| 346 | char **pp; | 347 | const char **pp; |
| 347 | int verbose=0, list_cap=0, test_avail=0; | 348 | int verbose=0, list_cap=0, test_avail=0, test_avail_noise = 0; |
| 348 | ENGINE *e; | 349 | ENGINE *e; |
| 349 | STACK *engines = sk_new_null(); | 350 | STACK *engines = sk_new_null(); |
| 350 | STACK *pre_cmds = sk_new_null(); | 351 | STACK *pre_cmds = sk_new_null(); |
| @@ -382,8 +383,14 @@ int MAIN(int argc, char **argv) | |||
| 382 | } | 383 | } |
| 383 | else if (strcmp(*argv,"-c") == 0) | 384 | else if (strcmp(*argv,"-c") == 0) |
| 384 | list_cap=1; | 385 | list_cap=1; |
| 385 | else if (strcmp(*argv,"-t") == 0) | 386 | else if (strncmp(*argv,"-t",2) == 0) |
| 387 | { | ||
| 386 | test_avail=1; | 388 | test_avail=1; |
| 389 | if(strspn(*argv + 1, "t") < strlen(*argv + 1)) | ||
| 390 | goto skip_arg_loop; | ||
| 391 | if((test_avail_noise = strlen(*argv + 1) - 1) > 1) | ||
| 392 | goto skip_arg_loop; | ||
| 393 | } | ||
| 387 | else if (strcmp(*argv,"-pre") == 0) | 394 | else if (strcmp(*argv,"-pre") == 0) |
| 388 | { | 395 | { |
| 389 | argc--; argv++; | 396 | argc--; argv++; |
| @@ -502,7 +509,8 @@ skip_digests: | |||
| 502 | else | 509 | else |
| 503 | { | 510 | { |
| 504 | BIO_printf(bio_out, "[ unavailable ]\n"); | 511 | BIO_printf(bio_out, "[ unavailable ]\n"); |
| 505 | ERR_print_errors_fp(stdout); | 512 | if(test_avail_noise) |
| 513 | ERR_print_errors_fp(stdout); | ||
| 506 | ERR_clear_error(); | 514 | ERR_clear_error(); |
| 507 | } | 515 | } |
| 508 | } | 516 | } |
| @@ -516,6 +524,7 @@ skip_digests: | |||
| 516 | 524 | ||
| 517 | ret=0; | 525 | ret=0; |
| 518 | end: | 526 | end: |
| 527 | |||
| 519 | ERR_print_errors(bio_err); | 528 | ERR_print_errors(bio_err); |
| 520 | sk_pop_free(engines, identity); | 529 | sk_pop_free(engines, identity); |
| 521 | sk_pop_free(pre_cmds, identity); | 530 | sk_pop_free(pre_cmds, identity); |
diff --git a/src/lib/libssl/src/apps/gendh.c b/src/lib/libssl/src/apps/gendh.c index a34a862caf..47497864b0 100644 --- a/src/lib/libssl/src/apps/gendh.c +++ b/src/lib/libssl/src/apps/gendh.c | |||
| @@ -57,6 +57,13 @@ | |||
| 57 | * [including the GNU Public Licence.] | 57 | * [including the GNU Public Licence.] |
| 58 | */ | 58 | */ |
| 59 | 59 | ||
| 60 | #include <openssl/opensslconf.h> | ||
| 61 | /* Until the key-gen callbacks are modified to use newer prototypes, we allow | ||
| 62 | * deprecated functions for openssl-internal code */ | ||
| 63 | #ifdef OPENSSL_NO_DEPRECATED | ||
| 64 | #undef OPENSSL_NO_DEPRECATED | ||
| 65 | #endif | ||
| 66 | |||
| 60 | #ifndef OPENSSL_NO_DH | 67 | #ifndef OPENSSL_NO_DH |
| 61 | #include <stdio.h> | 68 | #include <stdio.h> |
| 62 | #include <string.h> | 69 | #include <string.h> |
| @@ -75,12 +82,13 @@ | |||
| 75 | #undef PROG | 82 | #undef PROG |
| 76 | #define PROG gendh_main | 83 | #define PROG gendh_main |
| 77 | 84 | ||
| 78 | static void MS_CALLBACK dh_cb(int p, int n, void *arg); | 85 | static int MS_CALLBACK dh_cb(int p, int n, BN_GENCB *cb); |
| 79 | 86 | ||
| 80 | int MAIN(int, char **); | 87 | int MAIN(int, char **); |
| 81 | 88 | ||
| 82 | int MAIN(int argc, char **argv) | 89 | int MAIN(int argc, char **argv) |
| 83 | { | 90 | { |
| 91 | BN_GENCB cb; | ||
| 84 | #ifndef OPENSSL_NO_ENGINE | 92 | #ifndef OPENSSL_NO_ENGINE |
| 85 | ENGINE *e = NULL; | 93 | ENGINE *e = NULL; |
| 86 | #endif | 94 | #endif |
| @@ -96,6 +104,7 @@ int MAIN(int argc, char **argv) | |||
| 96 | 104 | ||
| 97 | apps_startup(); | 105 | apps_startup(); |
| 98 | 106 | ||
| 107 | BN_GENCB_set(&cb, dh_cb, bio_err); | ||
| 99 | if (bio_err == NULL) | 108 | if (bio_err == NULL) |
| 100 | if ((bio_err=BIO_new(BIO_s_file())) != NULL) | 109 | if ((bio_err=BIO_new(BIO_s_file())) != NULL) |
| 101 | BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT); | 110 | BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT); |
| @@ -193,10 +202,10 @@ bad: | |||
| 193 | 202 | ||
| 194 | BIO_printf(bio_err,"Generating DH parameters, %d bit long safe prime, generator %d\n",num,g); | 203 | BIO_printf(bio_err,"Generating DH parameters, %d bit long safe prime, generator %d\n",num,g); |
| 195 | BIO_printf(bio_err,"This is going to take a long time\n"); | 204 | BIO_printf(bio_err,"This is going to take a long time\n"); |
| 196 | dh=DH_generate_parameters(num,g,dh_cb,bio_err); | ||
| 197 | |||
| 198 | if (dh == NULL) goto end; | ||
| 199 | 205 | ||
| 206 | if(((dh = DH_new()) == NULL) || !DH_generate_parameters_ex(dh, num, g, &cb)) | ||
| 207 | goto end; | ||
| 208 | |||
| 200 | app_RAND_write_file(NULL, bio_err); | 209 | app_RAND_write_file(NULL, bio_err); |
| 201 | 210 | ||
| 202 | if (!PEM_write_bio_DHparams(out,dh)) | 211 | if (!PEM_write_bio_DHparams(out,dh)) |
| @@ -211,7 +220,7 @@ end: | |||
| 211 | OPENSSL_EXIT(ret); | 220 | OPENSSL_EXIT(ret); |
| 212 | } | 221 | } |
| 213 | 222 | ||
| 214 | static void MS_CALLBACK dh_cb(int p, int n, void *arg) | 223 | static int MS_CALLBACK dh_cb(int p, int n, BN_GENCB *cb) |
| 215 | { | 224 | { |
| 216 | char c='*'; | 225 | char c='*'; |
| 217 | 226 | ||
| @@ -219,10 +228,11 @@ static void MS_CALLBACK dh_cb(int p, int n, void *arg) | |||
| 219 | if (p == 1) c='+'; | 228 | if (p == 1) c='+'; |
| 220 | if (p == 2) c='*'; | 229 | if (p == 2) c='*'; |
| 221 | if (p == 3) c='\n'; | 230 | if (p == 3) c='\n'; |
| 222 | BIO_write((BIO *)arg,&c,1); | 231 | BIO_write(cb->arg,&c,1); |
| 223 | (void)BIO_flush((BIO *)arg); | 232 | (void)BIO_flush(cb->arg); |
| 224 | #ifdef LINT | 233 | #ifdef LINT |
| 225 | p=n; | 234 | p=n; |
| 226 | #endif | 235 | #endif |
| 236 | return 1; | ||
| 227 | } | 237 | } |
| 228 | #endif | 238 | #endif |
diff --git a/src/lib/libssl/src/apps/gendsa.c b/src/lib/libssl/src/apps/gendsa.c index 6d2ed06c81..8a296c66e5 100644 --- a/src/lib/libssl/src/apps/gendsa.c +++ b/src/lib/libssl/src/apps/gendsa.c | |||
| @@ -56,6 +56,7 @@ | |||
| 56 | * [including the GNU Public Licence.] | 56 | * [including the GNU Public Licence.] |
| 57 | */ | 57 | */ |
| 58 | 58 | ||
| 59 | #include <openssl/opensslconf.h> /* for OPENSSL_NO_DSA */ | ||
| 59 | #ifndef OPENSSL_NO_DSA | 60 | #ifndef OPENSSL_NO_DSA |
| 60 | #include <stdio.h> | 61 | #include <stdio.h> |
| 61 | #include <string.h> | 62 | #include <string.h> |
| @@ -139,6 +140,10 @@ int MAIN(int argc, char **argv) | |||
| 139 | else if (strcmp(*argv,"-idea") == 0) | 140 | else if (strcmp(*argv,"-idea") == 0) |
| 140 | enc=EVP_idea_cbc(); | 141 | enc=EVP_idea_cbc(); |
| 141 | #endif | 142 | #endif |
| 143 | #ifndef OPENSSL_NO_SEED | ||
| 144 | else if (strcmp(*argv,"-seed") == 0) | ||
| 145 | enc=EVP_seed_cbc(); | ||
| 146 | #endif | ||
| 142 | #ifndef OPENSSL_NO_AES | 147 | #ifndef OPENSSL_NO_AES |
| 143 | else if (strcmp(*argv,"-aes128") == 0) | 148 | else if (strcmp(*argv,"-aes128") == 0) |
| 144 | enc=EVP_aes_128_cbc(); | 149 | enc=EVP_aes_128_cbc(); |
| @@ -147,6 +152,14 @@ int MAIN(int argc, char **argv) | |||
| 147 | else if (strcmp(*argv,"-aes256") == 0) | 152 | else if (strcmp(*argv,"-aes256") == 0) |
| 148 | enc=EVP_aes_256_cbc(); | 153 | enc=EVP_aes_256_cbc(); |
| 149 | #endif | 154 | #endif |
| 155 | #ifndef OPENSSL_NO_CAMELLIA | ||
| 156 | else if (strcmp(*argv,"-camellia128") == 0) | ||
| 157 | enc=EVP_camellia_128_cbc(); | ||
| 158 | else if (strcmp(*argv,"-camellia192") == 0) | ||
| 159 | enc=EVP_camellia_192_cbc(); | ||
| 160 | else if (strcmp(*argv,"-camellia256") == 0) | ||
| 161 | enc=EVP_camellia_256_cbc(); | ||
| 162 | #endif | ||
| 150 | else if (**argv != '-' && dsaparams == NULL) | 163 | else if (**argv != '-' && dsaparams == NULL) |
| 151 | { | 164 | { |
| 152 | dsaparams = *argv; | 165 | dsaparams = *argv; |
| @@ -169,10 +182,18 @@ bad: | |||
| 169 | #ifndef OPENSSL_NO_IDEA | 182 | #ifndef OPENSSL_NO_IDEA |
| 170 | BIO_printf(bio_err," -idea - encrypt the generated key with IDEA in cbc mode\n"); | 183 | BIO_printf(bio_err," -idea - encrypt the generated key with IDEA in cbc mode\n"); |
| 171 | #endif | 184 | #endif |
| 185 | #ifndef OPENSSL_NO_SEED | ||
| 186 | BIO_printf(bio_err," -seed\n"); | ||
| 187 | BIO_printf(bio_err," encrypt PEM output with cbc seed\n"); | ||
| 188 | #endif | ||
| 172 | #ifndef OPENSSL_NO_AES | 189 | #ifndef OPENSSL_NO_AES |
| 173 | BIO_printf(bio_err," -aes128, -aes192, -aes256\n"); | 190 | BIO_printf(bio_err," -aes128, -aes192, -aes256\n"); |
| 174 | BIO_printf(bio_err," encrypt PEM output with cbc aes\n"); | 191 | BIO_printf(bio_err," encrypt PEM output with cbc aes\n"); |
| 175 | #endif | 192 | #endif |
| 193 | #ifndef OPENSSL_NO_CAMELLIA | ||
| 194 | BIO_printf(bio_err," -camellia128, -camellia192, -camellia256\n"); | ||
| 195 | BIO_printf(bio_err," encrypt PEM output with cbc camellia\n"); | ||
| 196 | #endif | ||
| 176 | #ifndef OPENSSL_NO_ENGINE | 197 | #ifndef OPENSSL_NO_ENGINE |
| 177 | BIO_printf(bio_err," -engine e - use engine e, possibly a hardware device.\n"); | 198 | BIO_printf(bio_err," -engine e - use engine e, possibly a hardware device.\n"); |
| 178 | #endif | 199 | #endif |
diff --git a/src/lib/libssl/src/apps/genrsa.c b/src/lib/libssl/src/apps/genrsa.c index 7dbd0923b6..1599bb7a69 100644 --- a/src/lib/libssl/src/apps/genrsa.c +++ b/src/lib/libssl/src/apps/genrsa.c | |||
| @@ -56,6 +56,13 @@ | |||
| 56 | * [including the GNU Public Licence.] | 56 | * [including the GNU Public Licence.] |
| 57 | */ | 57 | */ |
| 58 | 58 | ||
| 59 | #include <openssl/opensslconf.h> | ||
| 60 | /* Until the key-gen callbacks are modified to use newer prototypes, we allow | ||
| 61 | * deprecated functions for openssl-internal code */ | ||
| 62 | #ifdef OPENSSL_NO_DEPRECATED | ||
| 63 | #undef OPENSSL_NO_DEPRECATED | ||
| 64 | #endif | ||
| 65 | |||
| 59 | #ifndef OPENSSL_NO_RSA | 66 | #ifndef OPENSSL_NO_RSA |
| 60 | #include <stdio.h> | 67 | #include <stdio.h> |
| 61 | #include <string.h> | 68 | #include <string.h> |
| @@ -75,22 +82,19 @@ | |||
| 75 | #undef PROG | 82 | #undef PROG |
| 76 | #define PROG genrsa_main | 83 | #define PROG genrsa_main |
| 77 | 84 | ||
| 78 | static void MS_CALLBACK genrsa_cb(int p, int n, void *arg); | 85 | static int MS_CALLBACK genrsa_cb(int p, int n, BN_GENCB *cb); |
| 79 | 86 | ||
| 80 | int MAIN(int, char **); | 87 | int MAIN(int, char **); |
| 81 | 88 | ||
| 82 | int MAIN(int argc, char **argv) | 89 | int MAIN(int argc, char **argv) |
| 83 | { | 90 | { |
| 91 | BN_GENCB cb; | ||
| 84 | #ifndef OPENSSL_NO_ENGINE | 92 | #ifndef OPENSSL_NO_ENGINE |
| 85 | ENGINE *e = NULL; | 93 | ENGINE *e = NULL; |
| 86 | #endif | 94 | #endif |
| 87 | int ret=1; | 95 | int ret=1; |
| 88 | RSA *rsa=NULL; | ||
| 89 | int i,num=DEFBITS; | 96 | int i,num=DEFBITS; |
| 90 | long l; | 97 | long l; |
| 91 | #ifdef OPENSSL_FIPS | ||
| 92 | int use_x931 = 0; | ||
| 93 | #endif | ||
| 94 | const EVP_CIPHER *enc=NULL; | 98 | const EVP_CIPHER *enc=NULL; |
| 95 | unsigned long f4=RSA_F4; | 99 | unsigned long f4=RSA_F4; |
| 96 | char *outfile=NULL; | 100 | char *outfile=NULL; |
| @@ -100,8 +104,13 @@ int MAIN(int argc, char **argv) | |||
| 100 | #endif | 104 | #endif |
| 101 | char *inrand=NULL; | 105 | char *inrand=NULL; |
| 102 | BIO *out=NULL; | 106 | BIO *out=NULL; |
| 107 | BIGNUM *bn = BN_new(); | ||
| 108 | RSA *rsa = RSA_new(); | ||
| 109 | |||
| 110 | if(!bn || !rsa) goto err; | ||
| 103 | 111 | ||
| 104 | apps_startup(); | 112 | apps_startup(); |
| 113 | BN_GENCB_set(&cb, genrsa_cb, bio_err); | ||
| 105 | 114 | ||
| 106 | if (bio_err == NULL) | 115 | if (bio_err == NULL) |
| 107 | if ((bio_err=BIO_new(BIO_s_file())) != NULL) | 116 | if ((bio_err=BIO_new(BIO_s_file())) != NULL) |
| @@ -129,10 +138,6 @@ int MAIN(int argc, char **argv) | |||
| 129 | f4=3; | 138 | f4=3; |
| 130 | else if (strcmp(*argv,"-F4") == 0 || strcmp(*argv,"-f4") == 0) | 139 | else if (strcmp(*argv,"-F4") == 0 || strcmp(*argv,"-f4") == 0) |
| 131 | f4=RSA_F4; | 140 | f4=RSA_F4; |
| 132 | #ifdef OPENSSL_FIPS | ||
| 133 | else if (strcmp(*argv,"-x931") == 0) | ||
| 134 | use_x931 = 1; | ||
| 135 | #endif | ||
| 136 | #ifndef OPENSSL_NO_ENGINE | 141 | #ifndef OPENSSL_NO_ENGINE |
| 137 | else if (strcmp(*argv,"-engine") == 0) | 142 | else if (strcmp(*argv,"-engine") == 0) |
| 138 | { | 143 | { |
| @@ -155,6 +160,10 @@ int MAIN(int argc, char **argv) | |||
| 155 | else if (strcmp(*argv,"-idea") == 0) | 160 | else if (strcmp(*argv,"-idea") == 0) |
| 156 | enc=EVP_idea_cbc(); | 161 | enc=EVP_idea_cbc(); |
| 157 | #endif | 162 | #endif |
| 163 | #ifndef OPENSSL_NO_SEED | ||
| 164 | else if (strcmp(*argv,"-seed") == 0) | ||
| 165 | enc=EVP_seed_cbc(); | ||
| 166 | #endif | ||
| 158 | #ifndef OPENSSL_NO_AES | 167 | #ifndef OPENSSL_NO_AES |
| 159 | else if (strcmp(*argv,"-aes128") == 0) | 168 | else if (strcmp(*argv,"-aes128") == 0) |
| 160 | enc=EVP_aes_128_cbc(); | 169 | enc=EVP_aes_128_cbc(); |
| @@ -163,6 +172,14 @@ int MAIN(int argc, char **argv) | |||
| 163 | else if (strcmp(*argv,"-aes256") == 0) | 172 | else if (strcmp(*argv,"-aes256") == 0) |
| 164 | enc=EVP_aes_256_cbc(); | 173 | enc=EVP_aes_256_cbc(); |
| 165 | #endif | 174 | #endif |
| 175 | #ifndef OPENSSL_NO_CAMELLIA | ||
| 176 | else if (strcmp(*argv,"-camellia128") == 0) | ||
| 177 | enc=EVP_camellia_128_cbc(); | ||
| 178 | else if (strcmp(*argv,"-camellia192") == 0) | ||
| 179 | enc=EVP_camellia_192_cbc(); | ||
| 180 | else if (strcmp(*argv,"-camellia256") == 0) | ||
| 181 | enc=EVP_camellia_256_cbc(); | ||
| 182 | #endif | ||
| 166 | else if (strcmp(*argv,"-passout") == 0) | 183 | else if (strcmp(*argv,"-passout") == 0) |
| 167 | { | 184 | { |
| 168 | if (--argc < 1) goto bad; | 185 | if (--argc < 1) goto bad; |
| @@ -182,10 +199,18 @@ bad: | |||
| 182 | #ifndef OPENSSL_NO_IDEA | 199 | #ifndef OPENSSL_NO_IDEA |
| 183 | BIO_printf(bio_err," -idea encrypt the generated key with IDEA in cbc mode\n"); | 200 | BIO_printf(bio_err," -idea encrypt the generated key with IDEA in cbc mode\n"); |
| 184 | #endif | 201 | #endif |
| 202 | #ifndef OPENSSL_NO_SEED | ||
| 203 | BIO_printf(bio_err," -seed\n"); | ||
| 204 | BIO_printf(bio_err," encrypt PEM output with cbc seed\n"); | ||
| 205 | #endif | ||
| 185 | #ifndef OPENSSL_NO_AES | 206 | #ifndef OPENSSL_NO_AES |
| 186 | BIO_printf(bio_err," -aes128, -aes192, -aes256\n"); | 207 | BIO_printf(bio_err," -aes128, -aes192, -aes256\n"); |
| 187 | BIO_printf(bio_err," encrypt PEM output with cbc aes\n"); | 208 | BIO_printf(bio_err," encrypt PEM output with cbc aes\n"); |
| 188 | #endif | 209 | #endif |
| 210 | #ifndef OPENSSL_NO_CAMELLIA | ||
| 211 | BIO_printf(bio_err," -camellia128, -camellia192, -camellia256\n"); | ||
| 212 | BIO_printf(bio_err," encrypt PEM output with cbc camellia\n"); | ||
| 213 | #endif | ||
| 189 | BIO_printf(bio_err," -out file output the key to 'file\n"); | 214 | BIO_printf(bio_err," -out file output the key to 'file\n"); |
| 190 | BIO_printf(bio_err," -passout arg output file pass phrase source\n"); | 215 | BIO_printf(bio_err," -passout arg output file pass phrase source\n"); |
| 191 | BIO_printf(bio_err," -f4 use F4 (0x10001) for the E value\n"); | 216 | BIO_printf(bio_err," -f4 use F4 (0x10001) for the E value\n"); |
| @@ -240,28 +265,12 @@ bad: | |||
| 240 | 265 | ||
| 241 | BIO_printf(bio_err,"Generating RSA private key, %d bit long modulus\n", | 266 | BIO_printf(bio_err,"Generating RSA private key, %d bit long modulus\n", |
| 242 | num); | 267 | num); |
| 243 | #ifdef OPENSSL_FIPS | 268 | |
| 244 | if (use_x931) | 269 | if(!BN_set_word(bn, f4) || !RSA_generate_key_ex(rsa, num, bn, &cb)) |
| 245 | { | 270 | goto err; |
| 246 | BIGNUM *pubexp; | ||
| 247 | pubexp = BN_new(); | ||
| 248 | BN_set_word(pubexp, f4); | ||
| 249 | rsa = RSA_X931_generate_key(num, pubexp, genrsa_cb, bio_err); | ||
| 250 | BN_free(pubexp); | ||
| 251 | } | ||
| 252 | else | ||
| 253 | #endif | ||
| 254 | rsa=RSA_generate_key(num,f4,genrsa_cb,bio_err); | ||
| 255 | 271 | ||
| 256 | app_RAND_write_file(NULL, bio_err); | 272 | app_RAND_write_file(NULL, bio_err); |
| 257 | 273 | ||
| 258 | if (rsa == NULL) | ||
| 259 | { | ||
| 260 | BIO_printf(bio_err, "Key Generation error\n"); | ||
| 261 | |||
| 262 | goto err; | ||
| 263 | } | ||
| 264 | |||
| 265 | /* We need to do the following for when the base number size is < | 274 | /* We need to do the following for when the base number size is < |
| 266 | * long, esp windows 3.1 :-(. */ | 275 | * long, esp windows 3.1 :-(. */ |
| 267 | l=0L; | 276 | l=0L; |
| @@ -285,8 +294,9 @@ bad: | |||
| 285 | 294 | ||
| 286 | ret=0; | 295 | ret=0; |
| 287 | err: | 296 | err: |
| 288 | if (rsa != NULL) RSA_free(rsa); | 297 | if (bn) BN_free(bn); |
| 289 | if (out != NULL) BIO_free_all(out); | 298 | if (rsa) RSA_free(rsa); |
| 299 | if (out) BIO_free_all(out); | ||
| 290 | if(passout) OPENSSL_free(passout); | 300 | if(passout) OPENSSL_free(passout); |
| 291 | if (ret != 0) | 301 | if (ret != 0) |
| 292 | ERR_print_errors(bio_err); | 302 | ERR_print_errors(bio_err); |
| @@ -294,7 +304,7 @@ err: | |||
| 294 | OPENSSL_EXIT(ret); | 304 | OPENSSL_EXIT(ret); |
| 295 | } | 305 | } |
| 296 | 306 | ||
| 297 | static void MS_CALLBACK genrsa_cb(int p, int n, void *arg) | 307 | static int MS_CALLBACK genrsa_cb(int p, int n, BN_GENCB *cb) |
| 298 | { | 308 | { |
| 299 | char c='*'; | 309 | char c='*'; |
| 300 | 310 | ||
| @@ -302,11 +312,12 @@ static void MS_CALLBACK genrsa_cb(int p, int n, void *arg) | |||
| 302 | if (p == 1) c='+'; | 312 | if (p == 1) c='+'; |
| 303 | if (p == 2) c='*'; | 313 | if (p == 2) c='*'; |
| 304 | if (p == 3) c='\n'; | 314 | if (p == 3) c='\n'; |
| 305 | BIO_write((BIO *)arg,&c,1); | 315 | BIO_write(cb->arg,&c,1); |
| 306 | (void)BIO_flush((BIO *)arg); | 316 | (void)BIO_flush(cb->arg); |
| 307 | #ifdef LINT | 317 | #ifdef LINT |
| 308 | p=n; | 318 | p=n; |
| 309 | #endif | 319 | #endif |
| 320 | return 1; | ||
| 310 | } | 321 | } |
| 311 | #else /* !OPENSSL_NO_RSA */ | 322 | #else /* !OPENSSL_NO_RSA */ |
| 312 | 323 | ||
diff --git a/src/lib/libssl/src/apps/makeapps.com b/src/lib/libssl/src/apps/makeapps.com index 7b5ff90c62..826ab5bec6 100644 --- a/src/lib/libssl/src/apps/makeapps.com +++ b/src/lib/libssl/src/apps/makeapps.com | |||
| @@ -139,30 +139,13 @@ $! Define The Application Files. | |||
| 139 | $! | 139 | $! |
| 140 | $ LIB_FILES = "VERIFY;ASN1PARS;REQ;DGST;DH;DHPARAM;ENC;PASSWD;GENDH;ERRSTR;"+- | 140 | $ LIB_FILES = "VERIFY;ASN1PARS;REQ;DGST;DH;DHPARAM;ENC;PASSWD;GENDH;ERRSTR;"+- |
| 141 | "CA;PKCS7;CRL2P7;CRL;"+- | 141 | "CA;PKCS7;CRL2P7;CRL;"+- |
| 142 | "RSA;RSAUTL;DSA;DSAPARAM;"+- | 142 | "RSA;RSAUTL;DSA;DSAPARAM;EC;ECPARAM;"+- |
| 143 | "X509;GENRSA;GENDSA;S_SERVER;S_CLIENT;SPEED;"+- | 143 | "X509;GENRSA;GENDSA;S_SERVER;S_CLIENT;SPEED;"+- |
| 144 | "S_TIME;APPS;S_CB;S_SOCKET;APP_RAND;VERSION;SESS_ID;"+- | 144 | "S_TIME;APPS;S_CB;S_SOCKET;APP_RAND;VERSION;SESS_ID;"+- |
| 145 | "CIPHERS;NSEQ;PKCS12;PKCS8;SPKAC;SMIME;RAND;ENGINE;OCSP;PRIME" | 145 | "CIPHERS;NSEQ;PKCS12;PKCS8;SPKAC;SMIME;CMS;RAND;ENGINE;OCSP;PRIME" |
| 146 | $ APP_FILES := OPENSSL,'OBJ_DIR'VERIFY.OBJ,ASN1PARS.OBJ,REQ.OBJ,DGST.OBJ,DH.OBJ,DHPARAM.OBJ,ENC.OBJ,PASSWD.OBJ,GENDH.OBJ,ERRSTR.OBJ,- | ||
| 147 | CA.OBJ,PKCS7.OBJ,CRL2P7.OBJ,CRL.OBJ,- | ||
| 148 | RSA.OBJ,RSAUTL.OBJ,DSA.OBJ,DSAPARAM.OBJ,- | ||
| 149 | X509.OBJ,GENRSA.OBJ,GENDSA.OBJ,S_SERVER.OBJ,S_CLIENT.OBJ,SPEED.OBJ,- | ||
| 150 | S_TIME.OBJ,APPS.OBJ,S_CB.OBJ,S_SOCKET.OBJ,APP_RAND.OBJ,VERSION.OBJ,SESS_ID.OBJ,- | ||
| 151 | CIPHERS.OBJ,NSEQ.OBJ,PKCS12.OBJ,PKCS8.OBJ,SPKAC.OBJ,SMIME.OBJ,RAND.OBJ,ENGINE.OBJ,OCSP.OBJ,PRIME.OBJ | ||
| 152 | $ TCPIP_PROGRAMS = ",," | 146 | $ TCPIP_PROGRAMS = ",," |
| 153 | $ IF COMPILER .EQS. "VAXC" THEN - | 147 | $ IF COMPILER .EQS. "VAXC" THEN - |
| 154 | TCPIP_PROGRAMS = ",OPENSSL," | 148 | TCPIP_PROGRAMS = ",OPENSSL," |
| 155 | $!$ APP_FILES := VERIFY;ASN1PARS;REQ;DGST;DH;ENC;GENDH;ERRSTR;CA;- | ||
| 156 | $! PKCS7;CRL2P7;CRL;- | ||
| 157 | $! RSA;DSA;DSAPARAM;- | ||
| 158 | $! X509;GENRSA;GENDSA;- | ||
| 159 | $! S_SERVER,'OBJ_DIR'S_SOCKET.OBJ,'OBJ_DIR'S_CB.OBJ;- | ||
| 160 | $! S_CLIENT,'OBJ_DIR'S_SOCKET.OBJ,'OBJ_DIR'S_CB.OBJ;- | ||
| 161 | $! SPEED;- | ||
| 162 | $! S_TIME,'OBJ_DIR'S_CB.OBJ;VERSION;SESS_ID;CIPHERS;NSEQ | ||
| 163 | $!$ TCPIP_PROGRAMS = ",," | ||
| 164 | $!$ IF COMPILER .EQS. "VAXC" THEN - | ||
| 165 | $! TCPIP_PROGRAMS = ",S_SERVER,S_CLIENT,SESS_ID,CIPHERS,S_TIME," | ||
| 166 | $! | 149 | $! |
| 167 | $! Setup exceptional compilations | 150 | $! Setup exceptional compilations |
| 168 | $! | 151 | $! |
diff --git a/src/lib/libssl/src/apps/ocsp.c b/src/lib/libssl/src/apps/ocsp.c index 856b797b53..1001f3b25d 100644 --- a/src/lib/libssl/src/apps/ocsp.c +++ b/src/lib/libssl/src/apps/ocsp.c | |||
| @@ -56,14 +56,14 @@ | |||
| 56 | * | 56 | * |
| 57 | */ | 57 | */ |
| 58 | #ifndef OPENSSL_NO_OCSP | 58 | #ifndef OPENSSL_NO_OCSP |
| 59 | 59 | #define USE_SOCKETS | |
| 60 | #include <stdio.h> | 60 | #include <stdio.h> |
| 61 | #include <stdlib.h> | ||
| 61 | #include <string.h> | 62 | #include <string.h> |
| 62 | #include "apps.h" | 63 | #include "apps.h" /* needs to be included before the openssl headers! */ |
| 63 | #include <openssl/pem.h> | 64 | #include <openssl/e_os2.h> |
| 64 | #include <openssl/ocsp.h> | ||
| 65 | #include <openssl/err.h> | ||
| 66 | #include <openssl/ssl.h> | 65 | #include <openssl/ssl.h> |
| 66 | #include <openssl/err.h> | ||
| 67 | 67 | ||
| 68 | /* Maximum leeway in validity period: default 5 minutes */ | 68 | /* Maximum leeway in validity period: default 5 minutes */ |
| 69 | #define MAX_VALIDITY_PERIOD (5 * 60) | 69 | #define MAX_VALIDITY_PERIOD (5 * 60) |
| @@ -85,6 +85,8 @@ static char **lookup_serial(CA_DB *db, ASN1_INTEGER *ser); | |||
| 85 | static BIO *init_responder(char *port); | 85 | static BIO *init_responder(char *port); |
| 86 | static int do_responder(OCSP_REQUEST **preq, BIO **pcbio, BIO *acbio, char *port); | 86 | static int do_responder(OCSP_REQUEST **preq, BIO **pcbio, BIO *acbio, char *port); |
| 87 | static int send_ocsp_response(BIO *cbio, OCSP_RESPONSE *resp); | 87 | static int send_ocsp_response(BIO *cbio, OCSP_RESPONSE *resp); |
| 88 | static OCSP_RESPONSE *query_responder(BIO *err, BIO *cbio, char *path, | ||
| 89 | OCSP_REQUEST *req, int req_timeout); | ||
| 88 | 90 | ||
| 89 | #undef PROG | 91 | #undef PROG |
| 90 | #define PROG ocsp_main | 92 | #define PROG ocsp_main |
| @@ -111,11 +113,11 @@ int MAIN(int argc, char **argv) | |||
| 111 | BIO *acbio = NULL, *cbio = NULL; | 113 | BIO *acbio = NULL, *cbio = NULL; |
| 112 | BIO *derbio = NULL; | 114 | BIO *derbio = NULL; |
| 113 | BIO *out = NULL; | 115 | BIO *out = NULL; |
| 116 | int req_timeout = -1; | ||
| 114 | int req_text = 0, resp_text = 0; | 117 | int req_text = 0, resp_text = 0; |
| 115 | long nsec = MAX_VALIDITY_PERIOD, maxage = -1; | 118 | long nsec = MAX_VALIDITY_PERIOD, maxage = -1; |
| 116 | char *CAfile = NULL, *CApath = NULL; | 119 | char *CAfile = NULL, *CApath = NULL; |
| 117 | X509_STORE *store = NULL; | 120 | X509_STORE *store = NULL; |
| 118 | SSL_CTX *ctx = NULL; | ||
| 119 | STACK_OF(X509) *sign_other = NULL, *verify_other = NULL, *rother = NULL; | 121 | STACK_OF(X509) *sign_other = NULL, *verify_other = NULL, *rother = NULL; |
| 120 | char *sign_certfile = NULL, *verify_certfile = NULL, *rcertfile = NULL; | 122 | char *sign_certfile = NULL, *verify_certfile = NULL, *rcertfile = NULL; |
| 121 | unsigned long sign_flags = 0, verify_flags = 0, rflags = 0; | 123 | unsigned long sign_flags = 0, verify_flags = 0, rflags = 0; |
| @@ -138,6 +140,7 @@ int MAIN(int argc, char **argv) | |||
| 138 | if (!load_config(bio_err, NULL)) | 140 | if (!load_config(bio_err, NULL)) |
| 139 | goto end; | 141 | goto end; |
| 140 | SSL_load_error_strings(); | 142 | SSL_load_error_strings(); |
| 143 | OpenSSL_add_ssl_algorithms(); | ||
| 141 | args = argv + 1; | 144 | args = argv + 1; |
| 142 | reqnames = sk_new_null(); | 145 | reqnames = sk_new_null(); |
| 143 | ids = sk_OCSP_CERTID_new_null(); | 146 | ids = sk_OCSP_CERTID_new_null(); |
| @@ -152,6 +155,22 @@ int MAIN(int argc, char **argv) | |||
| 152 | } | 155 | } |
| 153 | else badarg = 1; | 156 | else badarg = 1; |
| 154 | } | 157 | } |
| 158 | else if (!strcmp(*args, "-timeout")) | ||
| 159 | { | ||
| 160 | if (args[1]) | ||
| 161 | { | ||
| 162 | args++; | ||
| 163 | req_timeout = atol(*args); | ||
| 164 | if (req_timeout < 0) | ||
| 165 | { | ||
| 166 | BIO_printf(bio_err, | ||
| 167 | "Illegal timeout value %s\n", | ||
| 168 | *args); | ||
| 169 | badarg = 1; | ||
| 170 | } | ||
| 171 | } | ||
| 172 | else badarg = 1; | ||
| 173 | } | ||
| 155 | else if (!strcmp(*args, "-url")) | 174 | else if (!strcmp(*args, "-url")) |
| 156 | { | 175 | { |
| 157 | if (args[1]) | 176 | if (args[1]) |
| @@ -701,47 +720,14 @@ int MAIN(int argc, char **argv) | |||
| 701 | else if (host) | 720 | else if (host) |
| 702 | { | 721 | { |
| 703 | #ifndef OPENSSL_NO_SOCK | 722 | #ifndef OPENSSL_NO_SOCK |
| 704 | cbio = BIO_new_connect(host); | 723 | resp = process_responder(bio_err, req, host, path, |
| 724 | port, use_ssl, req_timeout); | ||
| 725 | if (!resp) | ||
| 726 | goto end; | ||
| 705 | #else | 727 | #else |
| 706 | BIO_printf(bio_err, "Error creating connect BIO - sockets not supported.\n"); | 728 | BIO_printf(bio_err, "Error creating connect BIO - sockets not supported.\n"); |
| 707 | goto end; | 729 | goto end; |
| 708 | #endif | 730 | #endif |
| 709 | if (!cbio) | ||
| 710 | { | ||
| 711 | BIO_printf(bio_err, "Error creating connect BIO\n"); | ||
| 712 | goto end; | ||
| 713 | } | ||
| 714 | if (port) BIO_set_conn_port(cbio, port); | ||
| 715 | if (use_ssl == 1) | ||
| 716 | { | ||
| 717 | BIO *sbio; | ||
| 718 | #if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3) | ||
| 719 | ctx = SSL_CTX_new(SSLv23_client_method()); | ||
| 720 | #elif !defined(OPENSSL_NO_SSL3) | ||
| 721 | ctx = SSL_CTX_new(SSLv3_client_method()); | ||
| 722 | #elif !defined(OPENSSL_NO_SSL2) | ||
| 723 | ctx = SSL_CTX_new(SSLv2_client_method()); | ||
| 724 | #else | ||
| 725 | BIO_printf(bio_err, "SSL is disabled\n"); | ||
| 726 | goto end; | ||
| 727 | #endif | ||
| 728 | SSL_CTX_set_mode(ctx, SSL_MODE_AUTO_RETRY); | ||
| 729 | sbio = BIO_new_ssl(ctx, 1); | ||
| 730 | cbio = BIO_push(sbio, cbio); | ||
| 731 | } | ||
| 732 | if (BIO_do_connect(cbio) <= 0) | ||
| 733 | { | ||
| 734 | BIO_printf(bio_err, "Error connecting BIO\n"); | ||
| 735 | goto end; | ||
| 736 | } | ||
| 737 | resp = OCSP_sendreq_bio(cbio, path, req); | ||
| 738 | BIO_free_all(cbio); | ||
| 739 | cbio = NULL; | ||
| 740 | if (!resp) | ||
| 741 | { | ||
| 742 | BIO_printf(bio_err, "Error querying OCSP responsder\n"); | ||
| 743 | goto end; | ||
| 744 | } | ||
| 745 | } | 731 | } |
| 746 | else if (respin) | 732 | else if (respin) |
| 747 | { | 733 | { |
| @@ -784,7 +770,7 @@ int MAIN(int argc, char **argv) | |||
| 784 | 770 | ||
| 785 | if (i != OCSP_RESPONSE_STATUS_SUCCESSFUL) | 771 | if (i != OCSP_RESPONSE_STATUS_SUCCESSFUL) |
| 786 | { | 772 | { |
| 787 | BIO_printf(out, "Responder Error: %s (%ld)\n", | 773 | BIO_printf(out, "Responder Error: %s (%d)\n", |
| 788 | OCSP_response_status_str(i), i); | 774 | OCSP_response_status_str(i), i); |
| 789 | if (ignore_err) | 775 | if (ignore_err) |
| 790 | goto redo_accept; | 776 | goto redo_accept; |
| @@ -850,7 +836,7 @@ int MAIN(int argc, char **argv) | |||
| 850 | 836 | ||
| 851 | if(i <= 0) | 837 | if(i <= 0) |
| 852 | { | 838 | { |
| 853 | BIO_printf(bio_err, "Response Verify Failure\n", i); | 839 | BIO_printf(bio_err, "Response Verify Failure\n"); |
| 854 | ERR_print_errors(bio_err); | 840 | ERR_print_errors(bio_err); |
| 855 | } | 841 | } |
| 856 | else | 842 | else |
| @@ -890,7 +876,6 @@ end: | |||
| 890 | OPENSSL_free(host); | 876 | OPENSSL_free(host); |
| 891 | OPENSSL_free(port); | 877 | OPENSSL_free(port); |
| 892 | OPENSSL_free(path); | 878 | OPENSSL_free(path); |
| 893 | SSL_CTX_free(ctx); | ||
| 894 | } | 879 | } |
| 895 | 880 | ||
| 896 | OPENSSL_EXIT(ret); | 881 | OPENSSL_EXIT(ret); |
| @@ -1114,6 +1099,7 @@ static char **lookup_serial(CA_DB *db, ASN1_INTEGER *ser) | |||
| 1114 | char *itmp, *row[DB_NUMBER],**rrow; | 1099 | char *itmp, *row[DB_NUMBER],**rrow; |
| 1115 | for (i = 0; i < DB_NUMBER; i++) row[i] = NULL; | 1100 | for (i = 0; i < DB_NUMBER; i++) row[i] = NULL; |
| 1116 | bn = ASN1_INTEGER_to_BN(ser,NULL); | 1101 | bn = ASN1_INTEGER_to_BN(ser,NULL); |
| 1102 | OPENSSL_assert(bn); /* FIXME: should report an error at this point and abort */ | ||
| 1117 | if (BN_is_zero(bn)) | 1103 | if (BN_is_zero(bn)) |
| 1118 | itmp = BUF_strdup("00"); | 1104 | itmp = BUF_strdup("00"); |
| 1119 | else | 1105 | else |
| @@ -1220,8 +1206,141 @@ static int send_ocsp_response(BIO *cbio, OCSP_RESPONSE *resp) | |||
| 1220 | return 0; | 1206 | return 0; |
| 1221 | BIO_printf(cbio, http_resp, i2d_OCSP_RESPONSE(resp, NULL)); | 1207 | BIO_printf(cbio, http_resp, i2d_OCSP_RESPONSE(resp, NULL)); |
| 1222 | i2d_OCSP_RESPONSE_bio(cbio, resp); | 1208 | i2d_OCSP_RESPONSE_bio(cbio, resp); |
| 1223 | BIO_flush(cbio); | 1209 | (void)BIO_flush(cbio); |
| 1224 | return 1; | 1210 | return 1; |
| 1225 | } | 1211 | } |
| 1226 | 1212 | ||
| 1213 | static OCSP_RESPONSE *query_responder(BIO *err, BIO *cbio, char *path, | ||
| 1214 | OCSP_REQUEST *req, int req_timeout) | ||
| 1215 | { | ||
| 1216 | int fd; | ||
| 1217 | int rv; | ||
| 1218 | OCSP_REQ_CTX *ctx = NULL; | ||
| 1219 | OCSP_RESPONSE *rsp = NULL; | ||
| 1220 | fd_set confds; | ||
| 1221 | struct timeval tv; | ||
| 1222 | |||
| 1223 | if (req_timeout != -1) | ||
| 1224 | BIO_set_nbio(cbio, 1); | ||
| 1225 | |||
| 1226 | rv = BIO_do_connect(cbio); | ||
| 1227 | |||
| 1228 | if ((rv <= 0) && ((req_timeout == -1) || !BIO_should_retry(cbio))) | ||
| 1229 | { | ||
| 1230 | BIO_puts(err, "Error connecting BIO\n"); | ||
| 1231 | return NULL; | ||
| 1232 | } | ||
| 1233 | |||
| 1234 | if (req_timeout == -1) | ||
| 1235 | return OCSP_sendreq_bio(cbio, path, req); | ||
| 1236 | |||
| 1237 | if (BIO_get_fd(cbio, &fd) <= 0) | ||
| 1238 | { | ||
| 1239 | BIO_puts(err, "Can't get connection fd\n"); | ||
| 1240 | goto err; | ||
| 1241 | } | ||
| 1242 | |||
| 1243 | if (rv <= 0) | ||
| 1244 | { | ||
| 1245 | FD_ZERO(&confds); | ||
| 1246 | openssl_fdset(fd, &confds); | ||
| 1247 | tv.tv_usec = 0; | ||
| 1248 | tv.tv_sec = req_timeout; | ||
| 1249 | rv = select(fd + 1, NULL, (void *)&confds, NULL, &tv); | ||
| 1250 | if (rv == 0) | ||
| 1251 | { | ||
| 1252 | BIO_puts(err, "Timeout on connect\n"); | ||
| 1253 | return NULL; | ||
| 1254 | } | ||
| 1255 | } | ||
| 1256 | |||
| 1257 | |||
| 1258 | ctx = OCSP_sendreq_new(cbio, path, req, -1); | ||
| 1259 | if (!ctx) | ||
| 1260 | return NULL; | ||
| 1261 | |||
| 1262 | for (;;) | ||
| 1263 | { | ||
| 1264 | rv = OCSP_sendreq_nbio(&rsp, ctx); | ||
| 1265 | if (rv != -1) | ||
| 1266 | break; | ||
| 1267 | FD_ZERO(&confds); | ||
| 1268 | openssl_fdset(fd, &confds); | ||
| 1269 | tv.tv_usec = 0; | ||
| 1270 | tv.tv_sec = req_timeout; | ||
| 1271 | if (BIO_should_read(cbio)) | ||
| 1272 | rv = select(fd + 1, (void *)&confds, NULL, NULL, &tv); | ||
| 1273 | else if (BIO_should_write(cbio)) | ||
| 1274 | rv = select(fd + 1, NULL, (void *)&confds, NULL, &tv); | ||
| 1275 | else | ||
| 1276 | { | ||
| 1277 | BIO_puts(err, "Unexpected retry condition\n"); | ||
| 1278 | goto err; | ||
| 1279 | } | ||
| 1280 | if (rv == 0) | ||
| 1281 | { | ||
| 1282 | BIO_puts(err, "Timeout on request\n"); | ||
| 1283 | break; | ||
| 1284 | } | ||
| 1285 | if (rv == -1) | ||
| 1286 | { | ||
| 1287 | BIO_puts(err, "Select error\n"); | ||
| 1288 | break; | ||
| 1289 | } | ||
| 1290 | |||
| 1291 | } | ||
| 1292 | err: | ||
| 1293 | if (ctx) | ||
| 1294 | OCSP_REQ_CTX_free(ctx); | ||
| 1295 | |||
| 1296 | return rsp; | ||
| 1297 | } | ||
| 1298 | |||
| 1299 | OCSP_RESPONSE *process_responder(BIO *err, OCSP_REQUEST *req, | ||
| 1300 | char *host, char *path, char *port, int use_ssl, | ||
| 1301 | int req_timeout) | ||
| 1302 | { | ||
| 1303 | BIO *cbio = NULL; | ||
| 1304 | SSL_CTX *ctx = NULL; | ||
| 1305 | OCSP_RESPONSE *resp = NULL; | ||
| 1306 | cbio = BIO_new_connect(host); | ||
| 1307 | if (!cbio) | ||
| 1308 | { | ||
| 1309 | BIO_printf(err, "Error creating connect BIO\n"); | ||
| 1310 | goto end; | ||
| 1311 | } | ||
| 1312 | if (port) BIO_set_conn_port(cbio, port); | ||
| 1313 | if (use_ssl == 1) | ||
| 1314 | { | ||
| 1315 | BIO *sbio; | ||
| 1316 | #if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3) | ||
| 1317 | ctx = SSL_CTX_new(SSLv23_client_method()); | ||
| 1318 | #elif !defined(OPENSSL_NO_SSL3) | ||
| 1319 | ctx = SSL_CTX_new(SSLv3_client_method()); | ||
| 1320 | #elif !defined(OPENSSL_NO_SSL2) | ||
| 1321 | ctx = SSL_CTX_new(SSLv2_client_method()); | ||
| 1322 | #else | ||
| 1323 | BIO_printf(err, "SSL is disabled\n"); | ||
| 1324 | goto end; | ||
| 1325 | #endif | ||
| 1326 | if (ctx == NULL) | ||
| 1327 | { | ||
| 1328 | BIO_printf(err, "Error creating SSL context.\n"); | ||
| 1329 | goto end; | ||
| 1330 | } | ||
| 1331 | SSL_CTX_set_mode(ctx, SSL_MODE_AUTO_RETRY); | ||
| 1332 | sbio = BIO_new_ssl(ctx, 1); | ||
| 1333 | cbio = BIO_push(sbio, cbio); | ||
| 1334 | } | ||
| 1335 | resp = query_responder(err, cbio, path, req, req_timeout); | ||
| 1336 | if (!resp) | ||
| 1337 | BIO_printf(bio_err, "Error querying OCSP responsder\n"); | ||
| 1338 | end: | ||
| 1339 | if (ctx) | ||
| 1340 | SSL_CTX_free(ctx); | ||
| 1341 | if (cbio) | ||
| 1342 | BIO_free_all(cbio); | ||
| 1343 | return resp; | ||
| 1344 | } | ||
| 1345 | |||
| 1227 | #endif | 1346 | #endif |
diff --git a/src/lib/libssl/src/apps/openssl-vms.cnf b/src/lib/libssl/src/apps/openssl-vms.cnf index 878467ce98..fae82b0d53 100644 --- a/src/lib/libssl/src/apps/openssl-vms.cnf +++ b/src/lib/libssl/src/apps/openssl-vms.cnf | |||
| @@ -44,8 +44,8 @@ new_certs_dir = $dir.newcerts] # default place for new certs. | |||
| 44 | 44 | ||
| 45 | certificate = $dir]cacert.pem # The CA certificate | 45 | certificate = $dir]cacert.pem # The CA certificate |
| 46 | serial = $dir]serial. # The current serial number | 46 | serial = $dir]serial. # The current serial number |
| 47 | #crlnumber = $dir]crlnumber. # the current crl number must be | 47 | crlnumber = $dir]crlnumber. # the current crl number |
| 48 | # commented out to leave a V1 CRL | 48 | # must be commented out to leave a V1 CRL |
| 49 | crl = $dir]crl.pem # The current CRL | 49 | crl = $dir]crl.pem # The current CRL |
| 50 | private_key = $dir.private]cakey.pem# The private key | 50 | private_key = $dir.private]cakey.pem# The private key |
| 51 | RANDFILE = $dir.private].rand # private random number file | 51 | RANDFILE = $dir.private].rand # private random number file |
| @@ -67,7 +67,7 @@ cert_opt = ca_default # Certificate field options | |||
| 67 | 67 | ||
| 68 | default_days = 365 # how long to certify for | 68 | default_days = 365 # how long to certify for |
| 69 | default_crl_days= 30 # how long before next CRL | 69 | default_crl_days= 30 # how long before next CRL |
| 70 | default_md = md5 # which md to use. | 70 | default_md = sha1 # which md to use. |
| 71 | preserve = no # keep passed DN ordering | 71 | preserve = no # keep passed DN ordering |
| 72 | 72 | ||
| 73 | # A few difference way of specifying how similar the request should look | 73 | # A few difference way of specifying how similar the request should look |
| @@ -188,7 +188,7 @@ nsComment = "OpenSSL Generated Certificate" | |||
| 188 | 188 | ||
| 189 | # PKIX recommendations harmless if included in all certificates. | 189 | # PKIX recommendations harmless if included in all certificates. |
| 190 | subjectKeyIdentifier=hash | 190 | subjectKeyIdentifier=hash |
| 191 | authorityKeyIdentifier=keyid,issuer:always | 191 | authorityKeyIdentifier=keyid,issuer |
| 192 | 192 | ||
| 193 | # This stuff is for subjectAltName and issuerAltname. | 193 | # This stuff is for subjectAltName and issuerAltname. |
| 194 | # Import the email address. | 194 | # Import the email address. |
diff --git a/src/lib/libssl/src/apps/openssl.c b/src/lib/libssl/src/apps/openssl.c index cb6ee740e7..47aee5b712 100644 --- a/src/lib/libssl/src/apps/openssl.c +++ b/src/lib/libssl/src/apps/openssl.c | |||
| @@ -56,7 +56,7 @@ | |||
| 56 | * [including the GNU Public Licence.] | 56 | * [including the GNU Public Licence.] |
| 57 | */ | 57 | */ |
| 58 | /* ==================================================================== | 58 | /* ==================================================================== |
| 59 | * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. | 59 | * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. |
| 60 | * | 60 | * |
| 61 | * Redistribution and use in source and binary forms, with or without | 61 | * Redistribution and use in source and binary forms, with or without |
| 62 | * modification, are permitted provided that the following conditions | 62 | * modification, are permitted provided that the following conditions |
| @@ -129,7 +129,6 @@ | |||
| 129 | #include "progs.h" | 129 | #include "progs.h" |
| 130 | #include "s_apps.h" | 130 | #include "s_apps.h" |
| 131 | #include <openssl/err.h> | 131 | #include <openssl/err.h> |
| 132 | #include <openssl/fips.h> | ||
| 133 | 132 | ||
| 134 | /* The LHASH callbacks ("hash" & "cmp") have been replaced by functions with the | 133 | /* The LHASH callbacks ("hash" & "cmp") have been replaced by functions with the |
| 135 | * base prototypes (we cast each variable inside the function to the required | 134 | * base prototypes (we cast each variable inside the function to the required |
| @@ -148,7 +147,6 @@ char *default_config_file=NULL; | |||
| 148 | #ifdef MONOLITH | 147 | #ifdef MONOLITH |
| 149 | CONF *config=NULL; | 148 | CONF *config=NULL; |
| 150 | BIO *bio_err=NULL; | 149 | BIO *bio_err=NULL; |
| 151 | int in_FIPS_mode=0; | ||
| 152 | #endif | 150 | #endif |
| 153 | 151 | ||
| 154 | 152 | ||
| @@ -222,29 +220,18 @@ int main(int Argc, char *Argv[]) | |||
| 222 | #define PROG_NAME_SIZE 39 | 220 | #define PROG_NAME_SIZE 39 |
| 223 | char pname[PROG_NAME_SIZE+1]; | 221 | char pname[PROG_NAME_SIZE+1]; |
| 224 | FUNCTION f,*fp; | 222 | FUNCTION f,*fp; |
| 225 | MS_STATIC char *prompt,buf[1024]; | 223 | MS_STATIC const char *prompt; |
| 224 | MS_STATIC char buf[1024]; | ||
| 226 | char *to_free=NULL; | 225 | char *to_free=NULL; |
| 227 | int n,i,ret=0; | 226 | int n,i,ret=0; |
| 228 | int argc; | 227 | int argc; |
| 229 | char **argv,*p; | 228 | char **argv,*p; |
| 230 | LHASH *prog=NULL; | 229 | LHASH *prog=NULL; |
| 231 | long errline; | 230 | long errline; |
| 232 | 231 | ||
| 233 | arg.data=NULL; | 232 | arg.data=NULL; |
| 234 | arg.count=0; | 233 | arg.count=0; |
| 235 | 234 | ||
| 236 | in_FIPS_mode = 0; | ||
| 237 | |||
| 238 | #ifdef OPENSSL_FIPS | ||
| 239 | if(getenv("OPENSSL_FIPS")) { | ||
| 240 | if (!FIPS_mode_set(1)) { | ||
| 241 | ERR_load_crypto_strings(); | ||
| 242 | ERR_print_errors(BIO_new_fp(stderr,BIO_NOCLOSE)); | ||
| 243 | EXIT(1); | ||
| 244 | } | ||
| 245 | in_FIPS_mode = 1; | ||
| 246 | } | ||
| 247 | #endif | ||
| 248 | if (bio_err == NULL) | 235 | if (bio_err == NULL) |
| 249 | if ((bio_err=BIO_new(BIO_s_file())) != NULL) | 236 | if ((bio_err=BIO_new(BIO_s_file())) != NULL) |
| 250 | BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT); | 237 | BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT); |
| @@ -458,7 +445,11 @@ static int do_cmd(LHASH *prog, int argc, char *argv[]) | |||
| 458 | for (fp=functions; fp->name != NULL; fp++) | 445 | for (fp=functions; fp->name != NULL; fp++) |
| 459 | { | 446 | { |
| 460 | nl=0; | 447 | nl=0; |
| 448 | #ifdef OPENSSL_NO_CAMELLIA | ||
| 461 | if (((i++) % 5) == 0) | 449 | if (((i++) % 5) == 0) |
| 450 | #else | ||
| 451 | if (((i++) % 4) == 0) | ||
| 452 | #endif | ||
| 462 | { | 453 | { |
| 463 | BIO_printf(bio_err,"\n"); | 454 | BIO_printf(bio_err,"\n"); |
| 464 | nl=1; | 455 | nl=1; |
| @@ -479,7 +470,11 @@ static int do_cmd(LHASH *prog, int argc, char *argv[]) | |||
| 479 | BIO_printf(bio_err,"\nCipher commands (see the `enc' command for more details)\n"); | 470 | BIO_printf(bio_err,"\nCipher commands (see the `enc' command for more details)\n"); |
| 480 | } | 471 | } |
| 481 | } | 472 | } |
| 473 | #ifdef OPENSSL_NO_CAMELLIA | ||
| 482 | BIO_printf(bio_err,"%-15s",fp->name); | 474 | BIO_printf(bio_err,"%-15s",fp->name); |
| 475 | #else | ||
| 476 | BIO_printf(bio_err,"%-18s",fp->name); | ||
| 477 | #endif | ||
| 483 | } | 478 | } |
| 484 | BIO_printf(bio_err,"\n\n"); | 479 | BIO_printf(bio_err,"\n\n"); |
| 485 | ret=0; | 480 | ret=0; |
| @@ -502,7 +497,7 @@ static LHASH *prog_init(void) | |||
| 502 | { | 497 | { |
| 503 | LHASH *ret; | 498 | LHASH *ret; |
| 504 | FUNCTION *f; | 499 | FUNCTION *f; |
| 505 | int i; | 500 | size_t i; |
| 506 | 501 | ||
| 507 | /* Purely so it looks nice when the user hits ? */ | 502 | /* Purely so it looks nice when the user hits ? */ |
| 508 | for(i=0,f=functions ; f->name != NULL ; ++f,++i) | 503 | for(i=0,f=functions ; f->name != NULL ; ++f,++i) |
| @@ -520,12 +515,12 @@ static LHASH *prog_init(void) | |||
| 520 | /* static int MS_CALLBACK cmp(FUNCTION *a, FUNCTION *b) */ | 515 | /* static int MS_CALLBACK cmp(FUNCTION *a, FUNCTION *b) */ |
| 521 | static int MS_CALLBACK cmp(const void *a_void, const void *b_void) | 516 | static int MS_CALLBACK cmp(const void *a_void, const void *b_void) |
| 522 | { | 517 | { |
| 523 | return(strncmp(((FUNCTION *)a_void)->name, | 518 | return(strncmp(((const FUNCTION *)a_void)->name, |
| 524 | ((FUNCTION *)b_void)->name,8)); | 519 | ((const FUNCTION *)b_void)->name,8)); |
| 525 | } | 520 | } |
| 526 | 521 | ||
| 527 | /* static unsigned long MS_CALLBACK hash(FUNCTION *a) */ | 522 | /* static unsigned long MS_CALLBACK hash(FUNCTION *a) */ |
| 528 | static unsigned long MS_CALLBACK hash(const void *a_void) | 523 | static unsigned long MS_CALLBACK hash(const void *a_void) |
| 529 | { | 524 | { |
| 530 | return(lh_strhash(((FUNCTION *)a_void)->name)); | 525 | return(lh_strhash(((const FUNCTION *)a_void)->name)); |
| 531 | } | 526 | } |
diff --git a/src/lib/libssl/src/apps/openssl.cnf b/src/lib/libssl/src/apps/openssl.cnf index 4c1d595b0a..9e59020c17 100644 --- a/src/lib/libssl/src/apps/openssl.cnf +++ b/src/lib/libssl/src/apps/openssl.cnf | |||
| @@ -44,8 +44,8 @@ new_certs_dir = $dir/newcerts # default place for new certs. | |||
| 44 | 44 | ||
| 45 | certificate = $dir/cacert.pem # The CA certificate | 45 | certificate = $dir/cacert.pem # The CA certificate |
| 46 | serial = $dir/serial # The current serial number | 46 | serial = $dir/serial # The current serial number |
| 47 | #crlnumber = $dir/crlnumber # the current crl number must be | 47 | crlnumber = $dir/crlnumber # the current crl number |
| 48 | # commented out to leave a V1 CRL | 48 | # must be commented out to leave a V1 CRL |
| 49 | crl = $dir/crl.pem # The current CRL | 49 | crl = $dir/crl.pem # The current CRL |
| 50 | private_key = $dir/private/cakey.pem# The private key | 50 | private_key = $dir/private/cakey.pem# The private key |
| 51 | RANDFILE = $dir/private/.rand # private random number file | 51 | RANDFILE = $dir/private/.rand # private random number file |
| @@ -67,7 +67,7 @@ cert_opt = ca_default # Certificate field options | |||
| 67 | 67 | ||
| 68 | default_days = 365 # how long to certify for | 68 | default_days = 365 # how long to certify for |
| 69 | default_crl_days= 30 # how long before next CRL | 69 | default_crl_days= 30 # how long before next CRL |
| 70 | default_md = md5 # which md to use. | 70 | default_md = sha1 # which md to use. |
| 71 | preserve = no # keep passed DN ordering | 71 | preserve = no # keep passed DN ordering |
| 72 | 72 | ||
| 73 | # A few difference way of specifying how similar the request should look | 73 | # A few difference way of specifying how similar the request should look |
| @@ -188,7 +188,7 @@ nsComment = "OpenSSL Generated Certificate" | |||
| 188 | 188 | ||
| 189 | # PKIX recommendations harmless if included in all certificates. | 189 | # PKIX recommendations harmless if included in all certificates. |
| 190 | subjectKeyIdentifier=hash | 190 | subjectKeyIdentifier=hash |
| 191 | authorityKeyIdentifier=keyid,issuer:always | 191 | authorityKeyIdentifier=keyid,issuer |
| 192 | 192 | ||
| 193 | # This stuff is for subjectAltName and issuerAltname. | 193 | # This stuff is for subjectAltName and issuerAltname. |
| 194 | # Import the email address. | 194 | # Import the email address. |
diff --git a/src/lib/libssl/src/apps/passwd.c b/src/lib/libssl/src/apps/passwd.c index d78716d1b5..473fe46cbd 100644 --- a/src/lib/libssl/src/apps/passwd.c +++ b/src/lib/libssl/src/apps/passwd.c | |||
| @@ -312,7 +312,8 @@ static char *md5crypt(const char *passwd, const char *magic, const char *salt) | |||
| 312 | static char out_buf[6 + 9 + 24 + 2]; /* "$apr1$..salt..$.......md5hash..........\0" */ | 312 | static char out_buf[6 + 9 + 24 + 2]; /* "$apr1$..salt..$.......md5hash..........\0" */ |
| 313 | unsigned char buf[MD5_DIGEST_LENGTH]; | 313 | unsigned char buf[MD5_DIGEST_LENGTH]; |
| 314 | char *salt_out; | 314 | char *salt_out; |
| 315 | int n, i; | 315 | int n; |
| 316 | unsigned int i; | ||
| 316 | EVP_MD_CTX md,md2; | 317 | EVP_MD_CTX md,md2; |
| 317 | size_t passwd_len, salt_len; | 318 | size_t passwd_len, salt_len; |
| 318 | 319 | ||
| @@ -358,13 +359,13 @@ static char *md5crypt(const char *passwd, const char *magic, const char *salt) | |||
| 358 | for (i = 0; i < 1000; i++) | 359 | for (i = 0; i < 1000; i++) |
| 359 | { | 360 | { |
| 360 | EVP_DigestInit_ex(&md2,EVP_md5(), NULL); | 361 | EVP_DigestInit_ex(&md2,EVP_md5(), NULL); |
| 361 | EVP_DigestUpdate(&md2, (i & 1) ? (unsigned char *) passwd : buf, | 362 | EVP_DigestUpdate(&md2, (i & 1) ? (unsigned const char *) passwd : buf, |
| 362 | (i & 1) ? passwd_len : sizeof buf); | 363 | (i & 1) ? passwd_len : sizeof buf); |
| 363 | if (i % 3) | 364 | if (i % 3) |
| 364 | EVP_DigestUpdate(&md2, salt_out, salt_len); | 365 | EVP_DigestUpdate(&md2, salt_out, salt_len); |
| 365 | if (i % 7) | 366 | if (i % 7) |
| 366 | EVP_DigestUpdate(&md2, passwd, passwd_len); | 367 | EVP_DigestUpdate(&md2, passwd, passwd_len); |
| 367 | EVP_DigestUpdate(&md2, (i & 1) ? buf : (unsigned char *) passwd, | 368 | EVP_DigestUpdate(&md2, (i & 1) ? buf : (unsigned const char *) passwd, |
| 368 | (i & 1) ? sizeof buf : passwd_len); | 369 | (i & 1) ? sizeof buf : passwd_len); |
| 369 | EVP_DigestFinal_ex(&md2, buf, NULL); | 370 | EVP_DigestFinal_ex(&md2, buf, NULL); |
| 370 | } | 371 | } |
| @@ -473,7 +474,8 @@ static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p, | |||
| 473 | if ((strlen(passwd) > pw_maxlen)) | 474 | if ((strlen(passwd) > pw_maxlen)) |
| 474 | { | 475 | { |
| 475 | if (!quiet) | 476 | if (!quiet) |
| 476 | BIO_printf(bio_err, "Warning: truncating password to %u characters\n", pw_maxlen); | 477 | /* XXX: really we should know how to print a size_t, not cast it */ |
| 478 | BIO_printf(bio_err, "Warning: truncating password to %u characters\n", (unsigned)pw_maxlen); | ||
| 477 | passwd[pw_maxlen] = 0; | 479 | passwd[pw_maxlen] = 0; |
| 478 | } | 480 | } |
| 479 | assert(strlen(passwd) <= pw_maxlen); | 481 | assert(strlen(passwd) <= pw_maxlen); |
diff --git a/src/lib/libssl/src/apps/pkcs12.c b/src/lib/libssl/src/apps/pkcs12.c index c961e6b57b..7c71b1a88f 100644 --- a/src/lib/libssl/src/apps/pkcs12.c +++ b/src/lib/libssl/src/apps/pkcs12.c | |||
| @@ -1,11 +1,9 @@ | |||
| 1 | /* pkcs12.c */ | 1 | /* pkcs12.c */ |
| 2 | #if !defined(OPENSSL_NO_DES) && !defined(OPENSSL_NO_SHA1) | ||
| 3 | |||
| 4 | /* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL | 2 | /* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL |
| 5 | * project 1999. | 3 | * project. |
| 6 | */ | 4 | */ |
| 7 | /* ==================================================================== | 5 | /* ==================================================================== |
| 8 | * Copyright (c) 1999 The OpenSSL Project. All rights reserved. | 6 | * Copyright (c) 1999-2006 The OpenSSL Project. All rights reserved. |
| 9 | * | 7 | * |
| 10 | * Redistribution and use in source and binary forms, with or without | 8 | * Redistribution and use in source and binary forms, with or without |
| 11 | * modification, are permitted provided that the following conditions | 9 | * modification, are permitted provided that the following conditions |
| @@ -58,6 +56,9 @@ | |||
| 58 | * | 56 | * |
| 59 | */ | 57 | */ |
| 60 | 58 | ||
| 59 | #include <openssl/opensslconf.h> | ||
| 60 | #if !defined(OPENSSL_NO_DES) && !defined(OPENSSL_NO_SHA1) | ||
| 61 | |||
| 61 | #include <stdio.h> | 62 | #include <stdio.h> |
| 62 | #include <stdlib.h> | 63 | #include <stdlib.h> |
| 63 | #include <string.h> | 64 | #include <string.h> |
| @@ -83,7 +84,7 @@ int dump_certs_keys_p12(BIO *out, PKCS12 *p12, char *pass, int passlen, int opti | |||
| 83 | int dump_certs_pkeys_bags(BIO *out, STACK_OF(PKCS12_SAFEBAG) *bags, char *pass, | 84 | int dump_certs_pkeys_bags(BIO *out, STACK_OF(PKCS12_SAFEBAG) *bags, char *pass, |
| 84 | int passlen, int options, char *pempass); | 85 | int passlen, int options, char *pempass); |
| 85 | int dump_certs_pkeys_bag(BIO *out, PKCS12_SAFEBAG *bags, char *pass, int passlen, int options, char *pempass); | 86 | int dump_certs_pkeys_bag(BIO *out, PKCS12_SAFEBAG *bags, char *pass, int passlen, int options, char *pempass); |
| 86 | int print_attribs(BIO *out, STACK_OF(X509_ATTRIBUTE) *attrlst, char *name); | 87 | int print_attribs(BIO *out, STACK_OF(X509_ATTRIBUTE) *attrlst,const char *name); |
| 87 | void hex_prin(BIO *out, unsigned char *buf, int len); | 88 | void hex_prin(BIO *out, unsigned char *buf, int len); |
| 88 | int alg_print(BIO *x, X509_ALGOR *alg); | 89 | int alg_print(BIO *x, X509_ALGOR *alg); |
| 89 | int cert_load(BIO *in, STACK_OF(X509) *sk); | 90 | int cert_load(BIO *in, STACK_OF(X509) *sk); |
| @@ -109,7 +110,7 @@ int MAIN(int argc, char **argv) | |||
| 109 | int maciter = PKCS12_DEFAULT_ITER; | 110 | int maciter = PKCS12_DEFAULT_ITER; |
| 110 | int twopass = 0; | 111 | int twopass = 0; |
| 111 | int keytype = 0; | 112 | int keytype = 0; |
| 112 | int cert_pbe; | 113 | int cert_pbe = NID_pbe_WithSHA1And40BitRC2_CBC; |
| 113 | int key_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC; | 114 | int key_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC; |
| 114 | int ret = 1; | 115 | int ret = 1; |
| 115 | int macver = 1; | 116 | int macver = 1; |
| @@ -126,13 +127,6 @@ int MAIN(int argc, char **argv) | |||
| 126 | 127 | ||
| 127 | apps_startup(); | 128 | apps_startup(); |
| 128 | 129 | ||
| 129 | #ifdef OPENSSL_FIPS | ||
| 130 | if (FIPS_mode()) | ||
| 131 | cert_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC; | ||
| 132 | else | ||
| 133 | #endif | ||
| 134 | cert_pbe = NID_pbe_WithSHA1And40BitRC2_CBC; | ||
| 135 | |||
| 136 | enc = EVP_des_ede3_cbc(); | 130 | enc = EVP_des_ede3_cbc(); |
| 137 | if (bio_err == NULL ) bio_err = BIO_new_fp (stderr, BIO_NOCLOSE); | 131 | if (bio_err == NULL ) bio_err = BIO_new_fp (stderr, BIO_NOCLOSE); |
| 138 | 132 | ||
| @@ -159,25 +153,38 @@ int MAIN(int argc, char **argv) | |||
| 159 | cert_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC; | 153 | cert_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC; |
| 160 | else if (!strcmp (*args, "-export")) export_cert = 1; | 154 | else if (!strcmp (*args, "-export")) export_cert = 1; |
| 161 | else if (!strcmp (*args, "-des")) enc=EVP_des_cbc(); | 155 | else if (!strcmp (*args, "-des")) enc=EVP_des_cbc(); |
| 156 | else if (!strcmp (*args, "-des3")) enc = EVP_des_ede3_cbc(); | ||
| 162 | #ifndef OPENSSL_NO_IDEA | 157 | #ifndef OPENSSL_NO_IDEA |
| 163 | else if (!strcmp (*args, "-idea")) enc=EVP_idea_cbc(); | 158 | else if (!strcmp (*args, "-idea")) enc=EVP_idea_cbc(); |
| 164 | #endif | 159 | #endif |
| 165 | else if (!strcmp (*args, "-des3")) enc = EVP_des_ede3_cbc(); | 160 | #ifndef OPENSSL_NO_SEED |
| 161 | else if (!strcmp(*args, "-seed")) enc=EVP_seed_cbc(); | ||
| 162 | #endif | ||
| 166 | #ifndef OPENSSL_NO_AES | 163 | #ifndef OPENSSL_NO_AES |
| 167 | else if (!strcmp(*args,"-aes128")) enc=EVP_aes_128_cbc(); | 164 | else if (!strcmp(*args,"-aes128")) enc=EVP_aes_128_cbc(); |
| 168 | else if (!strcmp(*args,"-aes192")) enc=EVP_aes_192_cbc(); | 165 | else if (!strcmp(*args,"-aes192")) enc=EVP_aes_192_cbc(); |
| 169 | else if (!strcmp(*args,"-aes256")) enc=EVP_aes_256_cbc(); | 166 | else if (!strcmp(*args,"-aes256")) enc=EVP_aes_256_cbc(); |
| 170 | #endif | 167 | #endif |
| 168 | #ifndef OPENSSL_NO_CAMELLIA | ||
| 169 | else if (!strcmp(*args,"-camellia128")) enc=EVP_camellia_128_cbc(); | ||
| 170 | else if (!strcmp(*args,"-camellia192")) enc=EVP_camellia_192_cbc(); | ||
| 171 | else if (!strcmp(*args,"-camellia256")) enc=EVP_camellia_256_cbc(); | ||
| 172 | #endif | ||
| 171 | else if (!strcmp (*args, "-noiter")) iter = 1; | 173 | else if (!strcmp (*args, "-noiter")) iter = 1; |
| 172 | else if (!strcmp (*args, "-maciter")) | 174 | else if (!strcmp (*args, "-maciter")) |
| 173 | maciter = PKCS12_DEFAULT_ITER; | 175 | maciter = PKCS12_DEFAULT_ITER; |
| 174 | else if (!strcmp (*args, "-nomaciter")) | 176 | else if (!strcmp (*args, "-nomaciter")) |
| 175 | maciter = 1; | 177 | maciter = 1; |
| 178 | else if (!strcmp (*args, "-nomac")) | ||
| 179 | maciter = -1; | ||
| 176 | else if (!strcmp (*args, "-nodes")) enc=NULL; | 180 | else if (!strcmp (*args, "-nodes")) enc=NULL; |
| 177 | else if (!strcmp (*args, "-certpbe")) { | 181 | else if (!strcmp (*args, "-certpbe")) { |
| 178 | if (args[1]) { | 182 | if (args[1]) { |
| 179 | args++; | 183 | args++; |
| 180 | cert_pbe=OBJ_txt2nid(*args); | 184 | if (!strcmp(*args, "NONE")) |
| 185 | cert_pbe = -1; | ||
| 186 | else | ||
| 187 | cert_pbe=OBJ_txt2nid(*args); | ||
| 181 | if(cert_pbe == NID_undef) { | 188 | if(cert_pbe == NID_undef) { |
| 182 | BIO_printf(bio_err, | 189 | BIO_printf(bio_err, |
| 183 | "Unknown PBE algorithm %s\n", *args); | 190 | "Unknown PBE algorithm %s\n", *args); |
| @@ -187,7 +194,10 @@ int MAIN(int argc, char **argv) | |||
| 187 | } else if (!strcmp (*args, "-keypbe")) { | 194 | } else if (!strcmp (*args, "-keypbe")) { |
| 188 | if (args[1]) { | 195 | if (args[1]) { |
| 189 | args++; | 196 | args++; |
| 190 | key_pbe=OBJ_txt2nid(*args); | 197 | if (!strcmp(*args, "NONE")) |
| 198 | key_pbe = -1; | ||
| 199 | else | ||
| 200 | key_pbe=OBJ_txt2nid(*args); | ||
| 191 | if(key_pbe == NID_undef) { | 201 | if(key_pbe == NID_undef) { |
| 192 | BIO_printf(bio_err, | 202 | BIO_printf(bio_err, |
| 193 | "Unknown PBE algorithm %s\n", *args); | 203 | "Unknown PBE algorithm %s\n", *args); |
| @@ -299,10 +309,17 @@ int MAIN(int argc, char **argv) | |||
| 299 | #ifndef OPENSSL_NO_IDEA | 309 | #ifndef OPENSSL_NO_IDEA |
| 300 | BIO_printf (bio_err, "-idea encrypt private keys with idea\n"); | 310 | BIO_printf (bio_err, "-idea encrypt private keys with idea\n"); |
| 301 | #endif | 311 | #endif |
| 312 | #ifndef OPENSSL_NO_SEED | ||
| 313 | BIO_printf (bio_err, "-seed encrypt private keys with seed\n"); | ||
| 314 | #endif | ||
| 302 | #ifndef OPENSSL_NO_AES | 315 | #ifndef OPENSSL_NO_AES |
| 303 | BIO_printf (bio_err, "-aes128, -aes192, -aes256\n"); | 316 | BIO_printf (bio_err, "-aes128, -aes192, -aes256\n"); |
| 304 | BIO_printf (bio_err, " encrypt PEM output with cbc aes\n"); | 317 | BIO_printf (bio_err, " encrypt PEM output with cbc aes\n"); |
| 305 | #endif | 318 | #endif |
| 319 | #ifndef OPENSSL_NO_CAMELLIA | ||
| 320 | BIO_printf (bio_err, "-camellia128, -camellia192, -camellia256\n"); | ||
| 321 | BIO_printf (bio_err, " encrypt PEM output with cbc camellia\n"); | ||
| 322 | #endif | ||
| 306 | BIO_printf (bio_err, "-nodes don't encrypt private keys\n"); | 323 | BIO_printf (bio_err, "-nodes don't encrypt private keys\n"); |
| 307 | BIO_printf (bio_err, "-noiter don't use encryption iteration\n"); | 324 | BIO_printf (bio_err, "-noiter don't use encryption iteration\n"); |
| 308 | BIO_printf (bio_err, "-maciter use MAC iteration\n"); | 325 | BIO_printf (bio_err, "-maciter use MAC iteration\n"); |
| @@ -372,24 +389,6 @@ int MAIN(int argc, char **argv) | |||
| 372 | goto end; | 389 | goto end; |
| 373 | } | 390 | } |
| 374 | 391 | ||
| 375 | #if 0 | ||
| 376 | if (certfile) { | ||
| 377 | if(!(certsin = BIO_new_file(certfile, "r"))) { | ||
| 378 | BIO_printf(bio_err, "Can't open certificate file %s\n", certfile); | ||
| 379 | perror (certfile); | ||
| 380 | goto end; | ||
| 381 | } | ||
| 382 | } | ||
| 383 | |||
| 384 | if (keyname) { | ||
| 385 | if(!(inkey = BIO_new_file(keyname, "r"))) { | ||
| 386 | BIO_printf(bio_err, "Can't key certificate file %s\n", keyname); | ||
| 387 | perror (keyname); | ||
| 388 | goto end; | ||
| 389 | } | ||
| 390 | } | ||
| 391 | #endif | ||
| 392 | |||
| 393 | #ifdef CRYPTO_MDEBUG | 392 | #ifdef CRYPTO_MDEBUG |
| 394 | CRYPTO_pop_info(); | 393 | CRYPTO_pop_info(); |
| 395 | CRYPTO_push_info("write files"); | 394 | CRYPTO_push_info("write files"); |
| @@ -426,27 +425,31 @@ int MAIN(int argc, char **argv) | |||
| 426 | 425 | ||
| 427 | if (export_cert) { | 426 | if (export_cert) { |
| 428 | EVP_PKEY *key = NULL; | 427 | EVP_PKEY *key = NULL; |
| 429 | STACK_OF(PKCS12_SAFEBAG) *bags = NULL; | 428 | X509 *ucert = NULL, *x = NULL; |
| 430 | STACK_OF(PKCS7) *safes = NULL; | ||
| 431 | PKCS12_SAFEBAG *bag = NULL; | ||
| 432 | PKCS8_PRIV_KEY_INFO *p8 = NULL; | ||
| 433 | PKCS7 *authsafe = NULL; | ||
| 434 | X509 *ucert = NULL; | ||
| 435 | STACK_OF(X509) *certs=NULL; | 429 | STACK_OF(X509) *certs=NULL; |
| 436 | char *catmp = NULL; | 430 | unsigned char *catmp = NULL; |
| 437 | int i; | 431 | int i; |
| 438 | unsigned char keyid[EVP_MAX_MD_SIZE]; | 432 | |
| 439 | unsigned int keyidlen = 0; | 433 | if ((options & (NOCERTS|NOKEYS)) == (NOCERTS|NOKEYS)) |
| 434 | { | ||
| 435 | BIO_printf(bio_err, "Nothing to do!\n"); | ||
| 436 | goto export_end; | ||
| 437 | } | ||
| 438 | |||
| 439 | if (options & NOCERTS) | ||
| 440 | chain = 0; | ||
| 440 | 441 | ||
| 441 | #ifdef CRYPTO_MDEBUG | 442 | #ifdef CRYPTO_MDEBUG |
| 442 | CRYPTO_push_info("process -export_cert"); | 443 | CRYPTO_push_info("process -export_cert"); |
| 443 | CRYPTO_push_info("reading private key"); | 444 | CRYPTO_push_info("reading private key"); |
| 444 | #endif | 445 | #endif |
| 445 | key = load_key(bio_err, keyname ? keyname : infile, FORMAT_PEM, 1, | 446 | if (!(options & NOKEYS)) |
| 446 | passin, e, "private key"); | 447 | { |
| 447 | if (!key) { | 448 | key = load_key(bio_err, keyname ? keyname : infile, |
| 448 | goto export_end; | 449 | FORMAT_PEM, 1, passin, e, "private key"); |
| 449 | } | 450 | if (!key) |
| 451 | goto export_end; | ||
| 452 | } | ||
| 450 | 453 | ||
| 451 | #ifdef CRYPTO_MDEBUG | 454 | #ifdef CRYPTO_MDEBUG |
| 452 | CRYPTO_pop_info(); | 455 | CRYPTO_pop_info(); |
| @@ -454,49 +457,61 @@ int MAIN(int argc, char **argv) | |||
| 454 | #endif | 457 | #endif |
| 455 | 458 | ||
| 456 | /* Load in all certs in input file */ | 459 | /* Load in all certs in input file */ |
| 457 | if(!(certs = load_certs(bio_err, infile, FORMAT_PEM, NULL, e, | 460 | if(!(options & NOCERTS)) |
| 458 | "certificates"))) { | 461 | { |
| 459 | goto export_end; | 462 | certs = load_certs(bio_err, infile, FORMAT_PEM, NULL, e, |
| 460 | } | 463 | "certificates"); |
| 464 | if (!certs) | ||
| 465 | goto export_end; | ||
| 461 | 466 | ||
| 462 | #ifdef CRYPTO_MDEBUG | 467 | if (key) |
| 463 | CRYPTO_pop_info(); | 468 | { |
| 464 | CRYPTO_push_info("reading certs from input 2"); | 469 | /* Look for matching private key */ |
| 465 | #endif | 470 | for(i = 0; i < sk_X509_num(certs); i++) |
| 471 | { | ||
| 472 | x = sk_X509_value(certs, i); | ||
| 473 | if(X509_check_private_key(x, key)) | ||
| 474 | { | ||
| 475 | ucert = x; | ||
| 476 | /* Zero keyid and alias */ | ||
| 477 | X509_keyid_set1(ucert, NULL, 0); | ||
| 478 | X509_alias_set1(ucert, NULL, 0); | ||
| 479 | /* Remove from list */ | ||
| 480 | (void)sk_X509_delete(certs, i); | ||
| 481 | break; | ||
| 482 | } | ||
| 483 | } | ||
| 484 | if (!ucert) | ||
| 485 | { | ||
| 486 | BIO_printf(bio_err, "No certificate matches private key\n"); | ||
| 487 | goto export_end; | ||
| 488 | } | ||
| 489 | } | ||
| 466 | 490 | ||
| 467 | for(i = 0; i < sk_X509_num(certs); i++) { | ||
| 468 | ucert = sk_X509_value(certs, i); | ||
| 469 | if(X509_check_private_key(ucert, key)) { | ||
| 470 | X509_digest(ucert, EVP_sha1(), keyid, &keyidlen); | ||
| 471 | break; | ||
| 472 | } | 491 | } |
| 473 | } | 492 | |
| 474 | if(!keyidlen) { | ||
| 475 | ucert = NULL; | ||
| 476 | BIO_printf(bio_err, "No certificate matches private key\n"); | ||
| 477 | goto export_end; | ||
| 478 | } | ||
| 479 | |||
| 480 | #ifdef CRYPTO_MDEBUG | 493 | #ifdef CRYPTO_MDEBUG |
| 481 | CRYPTO_pop_info(); | 494 | CRYPTO_pop_info(); |
| 482 | CRYPTO_push_info("reading certs from certfile"); | 495 | CRYPTO_push_info("reading certs from input 2"); |
| 483 | #endif | 496 | #endif |
| 484 | 497 | ||
| 485 | bags = sk_PKCS12_SAFEBAG_new_null (); | ||
| 486 | |||
| 487 | /* Add any more certificates asked for */ | 498 | /* Add any more certificates asked for */ |
| 488 | if (certfile) { | 499 | if(certfile) |
| 500 | { | ||
| 489 | STACK_OF(X509) *morecerts=NULL; | 501 | STACK_OF(X509) *morecerts=NULL; |
| 490 | if(!(morecerts = load_certs(bio_err, certfile, FORMAT_PEM, | 502 | if(!(morecerts = load_certs(bio_err, certfile, FORMAT_PEM, |
| 491 | NULL, e, | 503 | NULL, e, |
| 492 | "certificates from certfile"))) { | 504 | "certificates from certfile"))) |
| 493 | goto export_end; | 505 | goto export_end; |
| 494 | } | 506 | while(sk_X509_num(morecerts) > 0) |
| 495 | while(sk_X509_num(morecerts) > 0) { | ||
| 496 | sk_X509_push(certs, sk_X509_shift(morecerts)); | 507 | sk_X509_push(certs, sk_X509_shift(morecerts)); |
| 497 | } | ||
| 498 | sk_X509_free(morecerts); | 508 | sk_X509_free(morecerts); |
| 499 | } | 509 | } |
| 510 | |||
| 511 | #ifdef CRYPTO_MDEBUG | ||
| 512 | CRYPTO_pop_info(); | ||
| 513 | CRYPTO_push_info("reading certs from certfile"); | ||
| 514 | #endif | ||
| 500 | 515 | ||
| 501 | #ifdef CRYPTO_MDEBUG | 516 | #ifdef CRYPTO_MDEBUG |
| 502 | CRYPTO_pop_info(); | 517 | CRYPTO_pop_info(); |
| @@ -527,106 +542,64 @@ int MAIN(int argc, char **argv) | |||
| 527 | X509_free(sk_X509_value(chain2, 0)); | 542 | X509_free(sk_X509_value(chain2, 0)); |
| 528 | sk_X509_free(chain2); | 543 | sk_X509_free(chain2); |
| 529 | } else { | 544 | } else { |
| 530 | BIO_printf (bio_err, "Error %s getting chain.\n", | 545 | if (vret >= 0) |
| 546 | BIO_printf (bio_err, "Error %s getting chain.\n", | ||
| 531 | X509_verify_cert_error_string(vret)); | 547 | X509_verify_cert_error_string(vret)); |
| 548 | else | ||
| 549 | ERR_print_errors(bio_err); | ||
| 532 | goto export_end; | 550 | goto export_end; |
| 533 | } | 551 | } |
| 534 | } | 552 | } |
| 535 | 553 | ||
| 536 | #ifdef CRYPTO_MDEBUG | 554 | /* Add any CA names */ |
| 537 | CRYPTO_pop_info(); | ||
| 538 | CRYPTO_push_info("building bags"); | ||
| 539 | #endif | ||
| 540 | |||
| 541 | /* We now have loads of certificates: include them all */ | ||
| 542 | for(i = 0; i < sk_X509_num(certs); i++) { | ||
| 543 | X509 *cert = NULL; | ||
| 544 | cert = sk_X509_value(certs, i); | ||
| 545 | bag = PKCS12_x5092certbag(cert); | ||
| 546 | /* If it matches private key set id */ | ||
| 547 | if(cert == ucert) { | ||
| 548 | if(name) PKCS12_add_friendlyname(bag, name, -1); | ||
| 549 | PKCS12_add_localkeyid(bag, keyid, keyidlen); | ||
| 550 | } else if((catmp = sk_shift(canames))) | ||
| 551 | PKCS12_add_friendlyname(bag, catmp, -1); | ||
| 552 | sk_PKCS12_SAFEBAG_push(bags, bag); | ||
| 553 | } | ||
| 554 | sk_X509_pop_free(certs, X509_free); | ||
| 555 | certs = NULL; | ||
| 556 | |||
| 557 | #ifdef CRYPTO_MDEBUG | ||
| 558 | CRYPTO_pop_info(); | ||
| 559 | CRYPTO_push_info("encrypting bags"); | ||
| 560 | #endif | ||
| 561 | 555 | ||
| 562 | if(!noprompt && | 556 | for (i = 0; i < sk_num(canames); i++) |
| 563 | EVP_read_pw_string(pass, sizeof pass, "Enter Export Password:", 1)) { | 557 | { |
| 564 | BIO_printf (bio_err, "Can't read Password\n"); | 558 | catmp = (unsigned char *)sk_value(canames, i); |
| 565 | goto export_end; | 559 | X509_alias_set1(sk_X509_value(certs, i), catmp, -1); |
| 566 | } | 560 | } |
| 567 | if (!twopass) BUF_strlcpy(macpass, pass, sizeof macpass); | ||
| 568 | /* Turn certbags into encrypted authsafe */ | ||
| 569 | authsafe = PKCS12_pack_p7encdata(cert_pbe, cpass, -1, NULL, 0, | ||
| 570 | iter, bags); | ||
| 571 | sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free); | ||
| 572 | bags = NULL; | ||
| 573 | |||
| 574 | if (!authsafe) { | ||
| 575 | ERR_print_errors (bio_err); | ||
| 576 | goto export_end; | ||
| 577 | } | ||
| 578 | |||
| 579 | safes = sk_PKCS7_new_null (); | ||
| 580 | sk_PKCS7_push (safes, authsafe); | ||
| 581 | |||
| 582 | #ifdef CRYPTO_MDEBUG | ||
| 583 | CRYPTO_pop_info(); | ||
| 584 | CRYPTO_push_info("building shrouded key bag"); | ||
| 585 | #endif | ||
| 586 | 561 | ||
| 587 | /* Make a shrouded key bag */ | 562 | if (csp_name && key) |
| 588 | p8 = EVP_PKEY2PKCS8 (key); | 563 | EVP_PKEY_add1_attr_by_NID(key, NID_ms_csp_name, |
| 589 | if(keytype) PKCS8_add_keyusage(p8, keytype); | 564 | MBSTRING_ASC, (unsigned char *)csp_name, -1); |
| 590 | bag = PKCS12_MAKE_SHKEYBAG(key_pbe, cpass, -1, NULL, 0, iter, p8); | 565 | |
| 591 | PKCS8_PRIV_KEY_INFO_free(p8); | ||
| 592 | p8 = NULL; | ||
| 593 | if (name) PKCS12_add_friendlyname (bag, name, -1); | ||
| 594 | if(csp_name) PKCS12_add_CSPName_asc(bag, csp_name, -1); | ||
| 595 | PKCS12_add_localkeyid (bag, keyid, keyidlen); | ||
| 596 | bags = sk_PKCS12_SAFEBAG_new_null(); | ||
| 597 | sk_PKCS12_SAFEBAG_push (bags, bag); | ||
| 598 | 566 | ||
| 599 | #ifdef CRYPTO_MDEBUG | 567 | #ifdef CRYPTO_MDEBUG |
| 600 | CRYPTO_pop_info(); | 568 | CRYPTO_pop_info(); |
| 601 | CRYPTO_push_info("encrypting shrouded key bag"); | 569 | CRYPTO_push_info("reading password"); |
| 602 | #endif | 570 | #endif |
| 603 | 571 | ||
| 604 | /* Turn it into unencrypted safe bag */ | 572 | if(!noprompt && |
| 605 | authsafe = PKCS12_pack_p7data (bags); | 573 | EVP_read_pw_string(pass, sizeof pass, "Enter Export Password:", 1)) |
| 606 | sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free); | 574 | { |
| 607 | bags = NULL; | 575 | BIO_printf (bio_err, "Can't read Password\n"); |
| 608 | sk_PKCS7_push (safes, authsafe); | 576 | goto export_end; |
| 577 | } | ||
| 578 | if (!twopass) BUF_strlcpy(macpass, pass, sizeof macpass); | ||
| 609 | 579 | ||
| 610 | #ifdef CRYPTO_MDEBUG | 580 | #ifdef CRYPTO_MDEBUG |
| 611 | CRYPTO_pop_info(); | 581 | CRYPTO_pop_info(); |
| 612 | CRYPTO_push_info("building pkcs12"); | 582 | CRYPTO_push_info("creating PKCS#12 structure"); |
| 613 | #endif | 583 | #endif |
| 614 | 584 | ||
| 615 | p12 = PKCS12_init(NID_pkcs7_data); | 585 | p12 = PKCS12_create(cpass, name, key, ucert, certs, |
| 616 | 586 | key_pbe, cert_pbe, iter, -1, keytype); | |
| 617 | PKCS12_pack_authsafes(p12, safes); | ||
| 618 | 587 | ||
| 619 | sk_PKCS7_pop_free(safes, PKCS7_free); | 588 | if (!p12) |
| 620 | safes = NULL; | 589 | { |
| 590 | ERR_print_errors (bio_err); | ||
| 591 | goto export_end; | ||
| 592 | } | ||
| 621 | 593 | ||
| 622 | PKCS12_set_mac (p12, mpass, -1, NULL, 0, maciter, NULL); | 594 | if (maciter != -1) |
| 595 | PKCS12_set_mac(p12, mpass, -1, NULL, 0, maciter, NULL); | ||
| 623 | 596 | ||
| 624 | #ifdef CRYPTO_MDEBUG | 597 | #ifdef CRYPTO_MDEBUG |
| 625 | CRYPTO_pop_info(); | 598 | CRYPTO_pop_info(); |
| 626 | CRYPTO_push_info("writing pkcs12"); | 599 | CRYPTO_push_info("writing pkcs12"); |
| 627 | #endif | 600 | #endif |
| 628 | 601 | ||
| 629 | i2d_PKCS12_bio (out, p12); | 602 | i2d_PKCS12_bio(out, p12); |
| 630 | 603 | ||
| 631 | ret = 0; | 604 | ret = 0; |
| 632 | 605 | ||
| @@ -639,8 +612,7 @@ int MAIN(int argc, char **argv) | |||
| 639 | 612 | ||
| 640 | if (key) EVP_PKEY_free(key); | 613 | if (key) EVP_PKEY_free(key); |
| 641 | if (certs) sk_X509_pop_free(certs, X509_free); | 614 | if (certs) sk_X509_pop_free(certs, X509_free); |
| 642 | if (safes) sk_PKCS7_pop_free(safes, PKCS7_free); | 615 | if (ucert) X509_free(ucert); |
| 643 | if (bags) sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free); | ||
| 644 | 616 | ||
| 645 | #ifdef CRYPTO_MDEBUG | 617 | #ifdef CRYPTO_MDEBUG |
| 646 | CRYPTO_pop_info(); | 618 | CRYPTO_pop_info(); |
| @@ -848,7 +820,7 @@ int get_cert_chain (X509 *cert, X509_STORE *store, STACK_OF(X509) **chain) | |||
| 848 | { | 820 | { |
| 849 | X509_STORE_CTX store_ctx; | 821 | X509_STORE_CTX store_ctx; |
| 850 | STACK_OF(X509) *chn; | 822 | STACK_OF(X509) *chn; |
| 851 | int i; | 823 | int i = 0; |
| 852 | 824 | ||
| 853 | /* FIXME: Should really check the return status of X509_STORE_CTX_init | 825 | /* FIXME: Should really check the return status of X509_STORE_CTX_init |
| 854 | * for an error, but how that fits into the return value of this | 826 | * for an error, but how that fits into the return value of this |
| @@ -856,13 +828,17 @@ int get_cert_chain (X509 *cert, X509_STORE *store, STACK_OF(X509) **chain) | |||
| 856 | X509_STORE_CTX_init(&store_ctx, store, cert, NULL); | 828 | X509_STORE_CTX_init(&store_ctx, store, cert, NULL); |
| 857 | if (X509_verify_cert(&store_ctx) <= 0) { | 829 | if (X509_verify_cert(&store_ctx) <= 0) { |
| 858 | i = X509_STORE_CTX_get_error (&store_ctx); | 830 | i = X509_STORE_CTX_get_error (&store_ctx); |
| 831 | if (i == 0) | ||
| 832 | /* avoid returning 0 if X509_verify_cert() did not | ||
| 833 | * set an appropriate error value in the context */ | ||
| 834 | i = -1; | ||
| 835 | chn = NULL; | ||
| 859 | goto err; | 836 | goto err; |
| 860 | } | 837 | } else |
| 861 | chn = X509_STORE_CTX_get1_chain(&store_ctx); | 838 | chn = X509_STORE_CTX_get1_chain(&store_ctx); |
| 862 | i = 0; | ||
| 863 | *chain = chn; | ||
| 864 | err: | 839 | err: |
| 865 | X509_STORE_CTX_cleanup(&store_ctx); | 840 | X509_STORE_CTX_cleanup(&store_ctx); |
| 841 | *chain = chn; | ||
| 866 | 842 | ||
| 867 | return i; | 843 | return i; |
| 868 | } | 844 | } |
| @@ -870,13 +846,16 @@ err: | |||
| 870 | int alg_print (BIO *x, X509_ALGOR *alg) | 846 | int alg_print (BIO *x, X509_ALGOR *alg) |
| 871 | { | 847 | { |
| 872 | PBEPARAM *pbe; | 848 | PBEPARAM *pbe; |
| 873 | unsigned char *p; | 849 | const unsigned char *p; |
| 874 | p = alg->parameter->value.sequence->data; | 850 | p = alg->parameter->value.sequence->data; |
| 875 | pbe = d2i_PBEPARAM (NULL, &p, alg->parameter->value.sequence->length); | 851 | pbe = d2i_PBEPARAM(NULL, &p, alg->parameter->value.sequence->length); |
| 876 | BIO_printf (bio_err, "%s, Iteration %d\n", | 852 | if (!pbe) |
| 877 | OBJ_nid2ln(OBJ_obj2nid(alg->algorithm)), ASN1_INTEGER_get(pbe->iter)); | 853 | return 1; |
| 854 | BIO_printf (bio_err, "%s, Iteration %ld\n", | ||
| 855 | OBJ_nid2ln(OBJ_obj2nid(alg->algorithm)), | ||
| 856 | ASN1_INTEGER_get(pbe->iter)); | ||
| 878 | PBEPARAM_free (pbe); | 857 | PBEPARAM_free (pbe); |
| 879 | return 0; | 858 | return 1; |
| 880 | } | 859 | } |
| 881 | 860 | ||
| 882 | /* Load all certificates from a given file */ | 861 | /* Load all certificates from a given file */ |
| @@ -908,7 +887,7 @@ int cert_load(BIO *in, STACK_OF(X509) *sk) | |||
| 908 | 887 | ||
| 909 | /* Generalised attribute print: handle PKCS#8 and bag attributes */ | 888 | /* Generalised attribute print: handle PKCS#8 and bag attributes */ |
| 910 | 889 | ||
| 911 | int print_attribs (BIO *out, STACK_OF(X509_ATTRIBUTE) *attrlst, char *name) | 890 | int print_attribs (BIO *out, STACK_OF(X509_ATTRIBUTE) *attrlst,const char *name) |
| 912 | { | 891 | { |
| 913 | X509_ATTRIBUTE *attr; | 892 | X509_ATTRIBUTE *attr; |
| 914 | ASN1_TYPE *av; | 893 | ASN1_TYPE *av; |
diff --git a/src/lib/libssl/src/apps/progs.h b/src/lib/libssl/src/apps/progs.h index 0493257bde..aafd800bdf 100644 --- a/src/lib/libssl/src/apps/progs.h +++ b/src/lib/libssl/src/apps/progs.h | |||
| @@ -17,6 +17,8 @@ extern int rsa_main(int argc,char *argv[]); | |||
| 17 | extern int rsautl_main(int argc,char *argv[]); | 17 | extern int rsautl_main(int argc,char *argv[]); |
| 18 | extern int dsa_main(int argc,char *argv[]); | 18 | extern int dsa_main(int argc,char *argv[]); |
| 19 | extern int dsaparam_main(int argc,char *argv[]); | 19 | extern int dsaparam_main(int argc,char *argv[]); |
| 20 | extern int ec_main(int argc,char *argv[]); | ||
| 21 | extern int ecparam_main(int argc,char *argv[]); | ||
| 20 | extern int x509_main(int argc,char *argv[]); | 22 | extern int x509_main(int argc,char *argv[]); |
| 21 | extern int genrsa_main(int argc,char *argv[]); | 23 | extern int genrsa_main(int argc,char *argv[]); |
| 22 | extern int gendsa_main(int argc,char *argv[]); | 24 | extern int gendsa_main(int argc,char *argv[]); |
| @@ -26,6 +28,7 @@ extern int speed_main(int argc,char *argv[]); | |||
| 26 | extern int s_time_main(int argc,char *argv[]); | 28 | extern int s_time_main(int argc,char *argv[]); |
| 27 | extern int version_main(int argc,char *argv[]); | 29 | extern int version_main(int argc,char *argv[]); |
| 28 | extern int pkcs7_main(int argc,char *argv[]); | 30 | extern int pkcs7_main(int argc,char *argv[]); |
| 31 | extern int cms_main(int argc,char *argv[]); | ||
| 29 | extern int crl2pkcs7_main(int argc,char *argv[]); | 32 | extern int crl2pkcs7_main(int argc,char *argv[]); |
| 30 | extern int sess_id_main(int argc,char *argv[]); | 33 | extern int sess_id_main(int argc,char *argv[]); |
| 31 | extern int ciphers_main(int argc,char *argv[]); | 34 | extern int ciphers_main(int argc,char *argv[]); |
| @@ -35,11 +38,9 @@ extern int pkcs8_main(int argc,char *argv[]); | |||
| 35 | extern int spkac_main(int argc,char *argv[]); | 38 | extern int spkac_main(int argc,char *argv[]); |
| 36 | extern int smime_main(int argc,char *argv[]); | 39 | extern int smime_main(int argc,char *argv[]); |
| 37 | extern int rand_main(int argc,char *argv[]); | 40 | extern int rand_main(int argc,char *argv[]); |
| 38 | extern int prime_main(int argc,char *argv[]); | ||
| 39 | #ifndef OPENSSL_NO_ENGINE | ||
| 40 | extern int engine_main(int argc,char *argv[]); | 41 | extern int engine_main(int argc,char *argv[]); |
| 41 | #endif | ||
| 42 | extern int ocsp_main(int argc,char *argv[]); | 42 | extern int ocsp_main(int argc,char *argv[]); |
| 43 | extern int prime_main(int argc,char *argv[]); | ||
| 43 | 44 | ||
| 44 | #define FUNC_TYPE_GENERAL 1 | 45 | #define FUNC_TYPE_GENERAL 1 |
| 45 | #define FUNC_TYPE_MD 2 | 46 | #define FUNC_TYPE_MD 2 |
| @@ -47,8 +48,8 @@ extern int ocsp_main(int argc,char *argv[]); | |||
| 47 | 48 | ||
| 48 | typedef struct { | 49 | typedef struct { |
| 49 | int type; | 50 | int type; |
| 50 | char *name; | 51 | const char *name; |
| 51 | int (*func)(); | 52 | int (*func)(int argc,char *argv[]); |
| 52 | } FUNCTION; | 53 | } FUNCTION; |
| 53 | 54 | ||
| 54 | FUNCTION functions[] = { | 55 | FUNCTION functions[] = { |
| @@ -82,6 +83,12 @@ FUNCTION functions[] = { | |||
| 82 | #ifndef OPENSSL_NO_DSA | 83 | #ifndef OPENSSL_NO_DSA |
| 83 | {FUNC_TYPE_GENERAL,"dsaparam",dsaparam_main}, | 84 | {FUNC_TYPE_GENERAL,"dsaparam",dsaparam_main}, |
| 84 | #endif | 85 | #endif |
| 86 | #ifndef OPENSSL_NO_EC | ||
| 87 | {FUNC_TYPE_GENERAL,"ec",ec_main}, | ||
| 88 | #endif | ||
| 89 | #ifndef OPENSSL_NO_EC | ||
| 90 | {FUNC_TYPE_GENERAL,"ecparam",ecparam_main}, | ||
| 91 | #endif | ||
| 85 | {FUNC_TYPE_GENERAL,"x509",x509_main}, | 92 | {FUNC_TYPE_GENERAL,"x509",x509_main}, |
| 86 | #ifndef OPENSSL_NO_RSA | 93 | #ifndef OPENSSL_NO_RSA |
| 87 | {FUNC_TYPE_GENERAL,"genrsa",genrsa_main}, | 94 | {FUNC_TYPE_GENERAL,"genrsa",genrsa_main}, |
| @@ -103,6 +110,9 @@ FUNCTION functions[] = { | |||
| 103 | #endif | 110 | #endif |
| 104 | {FUNC_TYPE_GENERAL,"version",version_main}, | 111 | {FUNC_TYPE_GENERAL,"version",version_main}, |
| 105 | {FUNC_TYPE_GENERAL,"pkcs7",pkcs7_main}, | 112 | {FUNC_TYPE_GENERAL,"pkcs7",pkcs7_main}, |
| 113 | #ifndef OPENSSL_NO_CMS | ||
| 114 | {FUNC_TYPE_GENERAL,"cms",cms_main}, | ||
| 115 | #endif | ||
| 106 | {FUNC_TYPE_GENERAL,"crl2pkcs7",crl2pkcs7_main}, | 116 | {FUNC_TYPE_GENERAL,"crl2pkcs7",crl2pkcs7_main}, |
| 107 | {FUNC_TYPE_GENERAL,"sess_id",sess_id_main}, | 117 | {FUNC_TYPE_GENERAL,"sess_id",sess_id_main}, |
| 108 | #if !defined(OPENSSL_NO_SOCK) && !(defined(OPENSSL_NO_SSL2) && defined(OPENSSL_NO_SSL3)) | 118 | #if !defined(OPENSSL_NO_SOCK) && !(defined(OPENSSL_NO_SSL2) && defined(OPENSSL_NO_SSL3)) |
| @@ -116,11 +126,11 @@ FUNCTION functions[] = { | |||
| 116 | {FUNC_TYPE_GENERAL,"spkac",spkac_main}, | 126 | {FUNC_TYPE_GENERAL,"spkac",spkac_main}, |
| 117 | {FUNC_TYPE_GENERAL,"smime",smime_main}, | 127 | {FUNC_TYPE_GENERAL,"smime",smime_main}, |
| 118 | {FUNC_TYPE_GENERAL,"rand",rand_main}, | 128 | {FUNC_TYPE_GENERAL,"rand",rand_main}, |
| 119 | {FUNC_TYPE_GENERAL,"prime",prime_main}, | ||
| 120 | #ifndef OPENSSL_NO_ENGINE | 129 | #ifndef OPENSSL_NO_ENGINE |
| 121 | {FUNC_TYPE_GENERAL,"engine",engine_main}, | 130 | {FUNC_TYPE_GENERAL,"engine",engine_main}, |
| 122 | #endif | 131 | #endif |
| 123 | {FUNC_TYPE_GENERAL,"ocsp",ocsp_main}, | 132 | {FUNC_TYPE_GENERAL,"ocsp",ocsp_main}, |
| 133 | {FUNC_TYPE_GENERAL,"prime",prime_main}, | ||
| 124 | #ifndef OPENSSL_NO_MD2 | 134 | #ifndef OPENSSL_NO_MD2 |
| 125 | {FUNC_TYPE_MD,"md2",dgst_main}, | 135 | {FUNC_TYPE_MD,"md2",dgst_main}, |
| 126 | #endif | 136 | #endif |
| @@ -160,6 +170,24 @@ FUNCTION functions[] = { | |||
| 160 | #ifndef OPENSSL_NO_AES | 170 | #ifndef OPENSSL_NO_AES |
| 161 | {FUNC_TYPE_CIPHER,"aes-256-ecb",enc_main}, | 171 | {FUNC_TYPE_CIPHER,"aes-256-ecb",enc_main}, |
| 162 | #endif | 172 | #endif |
| 173 | #ifndef OPENSSL_NO_CAMELLIA | ||
| 174 | {FUNC_TYPE_CIPHER,"camellia-128-cbc",enc_main}, | ||
| 175 | #endif | ||
| 176 | #ifndef OPENSSL_NO_CAMELLIA | ||
| 177 | {FUNC_TYPE_CIPHER,"camellia-128-ecb",enc_main}, | ||
| 178 | #endif | ||
| 179 | #ifndef OPENSSL_NO_CAMELLIA | ||
| 180 | {FUNC_TYPE_CIPHER,"camellia-192-cbc",enc_main}, | ||
| 181 | #endif | ||
| 182 | #ifndef OPENSSL_NO_CAMELLIA | ||
| 183 | {FUNC_TYPE_CIPHER,"camellia-192-ecb",enc_main}, | ||
| 184 | #endif | ||
| 185 | #ifndef OPENSSL_NO_CAMELLIA | ||
| 186 | {FUNC_TYPE_CIPHER,"camellia-256-cbc",enc_main}, | ||
| 187 | #endif | ||
| 188 | #ifndef OPENSSL_NO_CAMELLIA | ||
| 189 | {FUNC_TYPE_CIPHER,"camellia-256-ecb",enc_main}, | ||
| 190 | #endif | ||
| 163 | {FUNC_TYPE_CIPHER,"base64",enc_main}, | 191 | {FUNC_TYPE_CIPHER,"base64",enc_main}, |
| 164 | #ifndef OPENSSL_NO_DES | 192 | #ifndef OPENSSL_NO_DES |
| 165 | {FUNC_TYPE_CIPHER,"des",enc_main}, | 193 | {FUNC_TYPE_CIPHER,"des",enc_main}, |
| @@ -173,6 +201,9 @@ FUNCTION functions[] = { | |||
| 173 | #ifndef OPENSSL_NO_IDEA | 201 | #ifndef OPENSSL_NO_IDEA |
| 174 | {FUNC_TYPE_CIPHER,"idea",enc_main}, | 202 | {FUNC_TYPE_CIPHER,"idea",enc_main}, |
| 175 | #endif | 203 | #endif |
| 204 | #ifndef OPENSSL_NO_SEED | ||
| 205 | {FUNC_TYPE_CIPHER,"seed",enc_main}, | ||
| 206 | #endif | ||
| 176 | #ifndef OPENSSL_NO_RC4 | 207 | #ifndef OPENSSL_NO_RC4 |
| 177 | {FUNC_TYPE_CIPHER,"rc4",enc_main}, | 208 | {FUNC_TYPE_CIPHER,"rc4",enc_main}, |
| 178 | #endif | 209 | #endif |
| @@ -239,6 +270,18 @@ FUNCTION functions[] = { | |||
| 239 | #ifndef OPENSSL_NO_IDEA | 270 | #ifndef OPENSSL_NO_IDEA |
| 240 | {FUNC_TYPE_CIPHER,"idea-ofb",enc_main}, | 271 | {FUNC_TYPE_CIPHER,"idea-ofb",enc_main}, |
| 241 | #endif | 272 | #endif |
| 273 | #ifndef OPENSSL_NO_SEED | ||
| 274 | {FUNC_TYPE_CIPHER,"seed-cbc",enc_main}, | ||
| 275 | #endif | ||
| 276 | #ifndef OPENSSL_NO_SEED | ||
| 277 | {FUNC_TYPE_CIPHER,"seed-ecb",enc_main}, | ||
| 278 | #endif | ||
| 279 | #ifndef OPENSSL_NO_SEED | ||
| 280 | {FUNC_TYPE_CIPHER,"seed-cfb",enc_main}, | ||
| 281 | #endif | ||
| 282 | #ifndef OPENSSL_NO_SEED | ||
| 283 | {FUNC_TYPE_CIPHER,"seed-ofb",enc_main}, | ||
| 284 | #endif | ||
| 242 | #ifndef OPENSSL_NO_RC2 | 285 | #ifndef OPENSSL_NO_RC2 |
| 243 | {FUNC_TYPE_CIPHER,"rc2-cbc",enc_main}, | 286 | {FUNC_TYPE_CIPHER,"rc2-cbc",enc_main}, |
| 244 | #endif | 287 | #endif |
diff --git a/src/lib/libssl/src/apps/progs.pl b/src/lib/libssl/src/apps/progs.pl index d6a40edb91..645432cfcc 100644 --- a/src/lib/libssl/src/apps/progs.pl +++ b/src/lib/libssl/src/apps/progs.pl | |||
| @@ -16,8 +16,8 @@ print <<'EOF'; | |||
| 16 | 16 | ||
| 17 | typedef struct { | 17 | typedef struct { |
| 18 | int type; | 18 | int type; |
| 19 | char *name; | 19 | const char *name; |
| 20 | int (*func)(); | 20 | int (*func)(int argc,char *argv[]); |
| 21 | } FUNCTION; | 21 | } FUNCTION; |
| 22 | 22 | ||
| 23 | FUNCTION functions[] = { | 23 | FUNCTION functions[] = { |
| @@ -29,14 +29,22 @@ foreach (@ARGV) | |||
| 29 | $str="\t{FUNC_TYPE_GENERAL,\"$_\",${_}_main},\n"; | 29 | $str="\t{FUNC_TYPE_GENERAL,\"$_\",${_}_main},\n"; |
| 30 | if (($_ =~ /^s_/) || ($_ =~ /^ciphers$/)) | 30 | if (($_ =~ /^s_/) || ($_ =~ /^ciphers$/)) |
| 31 | { print "#if !defined(OPENSSL_NO_SOCK) && !(defined(OPENSSL_NO_SSL2) && defined(OPENSSL_NO_SSL3))\n${str}#endif\n"; } | 31 | { print "#if !defined(OPENSSL_NO_SOCK) && !(defined(OPENSSL_NO_SSL2) && defined(OPENSSL_NO_SSL3))\n${str}#endif\n"; } |
| 32 | elsif ( ($_ =~ /^speed$/)) | ||
| 33 | { print "#ifndef OPENSSL_NO_SPEED\n${str}#endif\n"; } | ||
| 34 | elsif ( ($_ =~ /^engine$/)) | ||
| 35 | { print "#ifndef OPENSSL_NO_ENGINE\n${str}#endif\n"; } | ||
| 32 | elsif ( ($_ =~ /^rsa$/) || ($_ =~ /^genrsa$/) || ($_ =~ /^rsautl$/)) | 36 | elsif ( ($_ =~ /^rsa$/) || ($_ =~ /^genrsa$/) || ($_ =~ /^rsautl$/)) |
| 33 | { print "#ifndef OPENSSL_NO_RSA\n${str}#endif\n"; } | 37 | { print "#ifndef OPENSSL_NO_RSA\n${str}#endif\n"; } |
| 34 | elsif ( ($_ =~ /^dsa$/) || ($_ =~ /^gendsa$/) || ($_ =~ /^dsaparam$/)) | 38 | elsif ( ($_ =~ /^dsa$/) || ($_ =~ /^gendsa$/) || ($_ =~ /^dsaparam$/)) |
| 35 | { print "#ifndef OPENSSL_NO_DSA\n${str}#endif\n"; } | 39 | { print "#ifndef OPENSSL_NO_DSA\n${str}#endif\n"; } |
| 40 | elsif ( ($_ =~ /^ec$/) || ($_ =~ /^ecparam$/)) | ||
| 41 | { print "#ifndef OPENSSL_NO_EC\n${str}#endif\n";} | ||
| 36 | elsif ( ($_ =~ /^dh$/) || ($_ =~ /^gendh$/) || ($_ =~ /^dhparam$/)) | 42 | elsif ( ($_ =~ /^dh$/) || ($_ =~ /^gendh$/) || ($_ =~ /^dhparam$/)) |
| 37 | { print "#ifndef OPENSSL_NO_DH\n${str}#endif\n"; } | 43 | { print "#ifndef OPENSSL_NO_DH\n${str}#endif\n"; } |
| 38 | elsif ( ($_ =~ /^pkcs12$/)) | 44 | elsif ( ($_ =~ /^pkcs12$/)) |
| 39 | { print "#if !defined(OPENSSL_NO_DES) && !defined(OPENSSL_NO_SHA1)\n${str}#endif\n"; } | 45 | { print "#if !defined(OPENSSL_NO_DES) && !defined(OPENSSL_NO_SHA1)\n${str}#endif\n"; } |
| 46 | elsif ( ($_ =~ /^cms$/)) | ||
| 47 | { print "#ifndef OPENSSL_NO_CMS\n${str}#endif\n"; } | ||
| 40 | else | 48 | else |
| 41 | { print $str; } | 49 | { print $str; } |
| 42 | } | 50 | } |
| @@ -51,14 +59,18 @@ foreach ( | |||
| 51 | "aes-128-cbc", "aes-128-ecb", | 59 | "aes-128-cbc", "aes-128-ecb", |
| 52 | "aes-192-cbc", "aes-192-ecb", | 60 | "aes-192-cbc", "aes-192-ecb", |
| 53 | "aes-256-cbc", "aes-256-ecb", | 61 | "aes-256-cbc", "aes-256-ecb", |
| 62 | "camellia-128-cbc", "camellia-128-ecb", | ||
| 63 | "camellia-192-cbc", "camellia-192-ecb", | ||
| 64 | "camellia-256-cbc", "camellia-256-ecb", | ||
| 54 | "base64", | 65 | "base64", |
| 55 | "des", "des3", "desx", "idea", "rc4", "rc4-40", | 66 | "des", "des3", "desx", "idea", "seed", "rc4", "rc4-40", |
| 56 | "rc2", "bf", "cast", "rc5", | 67 | "rc2", "bf", "cast", "rc5", |
| 57 | "des-ecb", "des-ede", "des-ede3", | 68 | "des-ecb", "des-ede", "des-ede3", |
| 58 | "des-cbc", "des-ede-cbc","des-ede3-cbc", | 69 | "des-cbc", "des-ede-cbc","des-ede3-cbc", |
| 59 | "des-cfb", "des-ede-cfb","des-ede3-cfb", | 70 | "des-cfb", "des-ede-cfb","des-ede3-cfb", |
| 60 | "des-ofb", "des-ede-ofb","des-ede3-ofb", | 71 | "des-ofb", "des-ede-ofb","des-ede3-ofb", |
| 61 | "idea-cbc","idea-ecb", "idea-cfb", "idea-ofb", | 72 | "idea-cbc","idea-ecb", "idea-cfb", "idea-ofb", |
| 73 | "seed-cbc","seed-ecb", "seed-cfb", "seed-ofb", | ||
| 62 | "rc2-cbc", "rc2-ecb", "rc2-cfb","rc2-ofb", "rc2-64-cbc", "rc2-40-cbc", | 74 | "rc2-cbc", "rc2-ecb", "rc2-cfb","rc2-ofb", "rc2-64-cbc", "rc2-40-cbc", |
| 63 | "bf-cbc", "bf-ecb", "bf-cfb", "bf-ofb", | 75 | "bf-cbc", "bf-ecb", "bf-cfb", "bf-ofb", |
| 64 | "cast5-cbc","cast5-ecb", "cast5-cfb","cast5-ofb", | 76 | "cast5-cbc","cast5-ecb", "cast5-cfb","cast5-ofb", |
| @@ -69,7 +81,9 @@ foreach ( | |||
| 69 | $t=sprintf("\t{FUNC_TYPE_CIPHER,\"%s\",enc_main},\n",$_); | 81 | $t=sprintf("\t{FUNC_TYPE_CIPHER,\"%s\",enc_main},\n",$_); |
| 70 | if ($_ =~ /des/) { $t="#ifndef OPENSSL_NO_DES\n${t}#endif\n"; } | 82 | if ($_ =~ /des/) { $t="#ifndef OPENSSL_NO_DES\n${t}#endif\n"; } |
| 71 | elsif ($_ =~ /aes/) { $t="#ifndef OPENSSL_NO_AES\n${t}#endif\n"; } | 83 | elsif ($_ =~ /aes/) { $t="#ifndef OPENSSL_NO_AES\n${t}#endif\n"; } |
| 84 | elsif ($_ =~ /camellia/) { $t="#ifndef OPENSSL_NO_CAMELLIA\n${t}#endif\n"; } | ||
| 72 | elsif ($_ =~ /idea/) { $t="#ifndef OPENSSL_NO_IDEA\n${t}#endif\n"; } | 85 | elsif ($_ =~ /idea/) { $t="#ifndef OPENSSL_NO_IDEA\n${t}#endif\n"; } |
| 86 | elsif ($_ =~ /seed/) { $t="#ifndef OPENSSL_NO_SEED\n${t}#endif\n"; } | ||
| 73 | elsif ($_ =~ /rc4/) { $t="#ifndef OPENSSL_NO_RC4\n${t}#endif\n"; } | 87 | elsif ($_ =~ /rc4/) { $t="#ifndef OPENSSL_NO_RC4\n${t}#endif\n"; } |
| 74 | elsif ($_ =~ /rc2/) { $t="#ifndef OPENSSL_NO_RC2\n${t}#endif\n"; } | 88 | elsif ($_ =~ /rc2/) { $t="#ifndef OPENSSL_NO_RC2\n${t}#endif\n"; } |
| 75 | elsif ($_ =~ /bf/) { $t="#ifndef OPENSSL_NO_BF\n${t}#endif\n"; } | 89 | elsif ($_ =~ /bf/) { $t="#ifndef OPENSSL_NO_BF\n${t}#endif\n"; } |
diff --git a/src/lib/libssl/src/apps/rand.c b/src/lib/libssl/src/apps/rand.c index e23e84af82..fa35505c18 100644 --- a/src/lib/libssl/src/apps/rand.c +++ b/src/lib/libssl/src/apps/rand.c | |||
| @@ -218,7 +218,7 @@ int MAIN(int argc, char **argv) | |||
| 218 | int chunk; | 218 | int chunk; |
| 219 | 219 | ||
| 220 | chunk = num; | 220 | chunk = num; |
| 221 | if (chunk > sizeof buf) | 221 | if (chunk > (int)sizeof(buf)) |
| 222 | chunk = sizeof buf; | 222 | chunk = sizeof buf; |
| 223 | r = RAND_bytes(buf, chunk); | 223 | r = RAND_bytes(buf, chunk); |
| 224 | if (r <= 0) | 224 | if (r <= 0) |
| @@ -232,7 +232,7 @@ int MAIN(int argc, char **argv) | |||
| 232 | } | 232 | } |
| 233 | num -= chunk; | 233 | num -= chunk; |
| 234 | } | 234 | } |
| 235 | BIO_flush(out); | 235 | (void)BIO_flush(out); |
| 236 | 236 | ||
| 237 | app_RAND_write_file(NULL, bio_err); | 237 | app_RAND_write_file(NULL, bio_err); |
| 238 | ret = 0; | 238 | ret = 0; |
diff --git a/src/lib/libssl/src/apps/req.c b/src/lib/libssl/src/apps/req.c index eebe71b15e..5ed08960c1 100644 --- a/src/lib/libssl/src/apps/req.c +++ b/src/lib/libssl/src/apps/req.c | |||
| @@ -56,6 +56,12 @@ | |||
| 56 | * [including the GNU Public Licence.] | 56 | * [including the GNU Public Licence.] |
| 57 | */ | 57 | */ |
| 58 | 58 | ||
| 59 | /* Until the key-gen callbacks are modified to use newer prototypes, we allow | ||
| 60 | * deprecated functions for openssl-internal code */ | ||
| 61 | #ifdef OPENSSL_NO_DEPRECATED | ||
| 62 | #undef OPENSSL_NO_DEPRECATED | ||
| 63 | #endif | ||
| 64 | |||
| 59 | #include <stdio.h> | 65 | #include <stdio.h> |
| 60 | #include <stdlib.h> | 66 | #include <stdlib.h> |
| 61 | #include <time.h> | 67 | #include <time.h> |
| @@ -73,7 +79,13 @@ | |||
| 73 | #include <openssl/x509v3.h> | 79 | #include <openssl/x509v3.h> |
| 74 | #include <openssl/objects.h> | 80 | #include <openssl/objects.h> |
| 75 | #include <openssl/pem.h> | 81 | #include <openssl/pem.h> |
| 76 | #include "../crypto/cryptlib.h" | 82 | #include <openssl/bn.h> |
| 83 | #ifndef OPENSSL_NO_RSA | ||
| 84 | #include <openssl/rsa.h> | ||
| 85 | #endif | ||
| 86 | #ifndef OPENSSL_NO_DSA | ||
| 87 | #include <openssl/dsa.h> | ||
| 88 | #endif | ||
| 77 | 89 | ||
| 78 | #define SECTION "req" | 90 | #define SECTION "req" |
| 79 | 91 | ||
| @@ -113,9 +125,10 @@ | |||
| 113 | * require. This format is wrong | 125 | * require. This format is wrong |
| 114 | */ | 126 | */ |
| 115 | 127 | ||
| 116 | static int make_REQ(X509_REQ *req,EVP_PKEY *pkey,char *dn,int attribs, | 128 | static int make_REQ(X509_REQ *req,EVP_PKEY *pkey,char *dn,int mutlirdn, |
| 117 | unsigned long chtype); | 129 | int attribs,unsigned long chtype); |
| 118 | static int build_subject(X509_REQ *req, char *subj, unsigned long chtype); | 130 | static int build_subject(X509_REQ *req, char *subj, unsigned long chtype, |
| 131 | int multirdn); | ||
| 119 | static int prompt_info(X509_REQ *req, | 132 | static int prompt_info(X509_REQ *req, |
| 120 | STACK_OF(CONF_VALUE) *dn_sk, char *dn_sect, | 133 | STACK_OF(CONF_VALUE) *dn_sk, char *dn_sect, |
| 121 | STACK_OF(CONF_VALUE) *attr_sk, char *attr_sect, int attribs, | 134 | STACK_OF(CONF_VALUE) *attr_sk, char *attr_sect, int attribs, |
| @@ -123,16 +136,16 @@ static int prompt_info(X509_REQ *req, | |||
| 123 | static int auto_info(X509_REQ *req, STACK_OF(CONF_VALUE) *sk, | 136 | static int auto_info(X509_REQ *req, STACK_OF(CONF_VALUE) *sk, |
| 124 | STACK_OF(CONF_VALUE) *attr, int attribs, | 137 | STACK_OF(CONF_VALUE) *attr, int attribs, |
| 125 | unsigned long chtype); | 138 | unsigned long chtype); |
| 126 | static int add_attribute_object(X509_REQ *req, char *text, | 139 | static int add_attribute_object(X509_REQ *req, char *text, const char *def, |
| 127 | char *def, char *value, int nid, int n_min, | 140 | char *value, int nid, int n_min, |
| 128 | int n_max, unsigned long chtype); | 141 | int n_max, unsigned long chtype); |
| 129 | static int add_DN_object(X509_NAME *n, char *text, char *def, char *value, | 142 | static int add_DN_object(X509_NAME *n, char *text, const char *def, char *value, |
| 130 | int nid,int n_min,int n_max, unsigned long chtype); | 143 | int nid,int n_min,int n_max, unsigned long chtype, int mval); |
| 131 | #ifndef OPENSSL_NO_RSA | 144 | #ifndef OPENSSL_NO_RSA |
| 132 | static void MS_CALLBACK req_cb(int p,int n,void *arg); | 145 | static int MS_CALLBACK req_cb(int p, int n, BN_GENCB *cb); |
| 133 | #endif | 146 | #endif |
| 134 | static int req_check_len(int len,int n_min,int n_max); | 147 | static int req_check_len(int len,int n_min,int n_max); |
| 135 | static int check_end(char *str, char *end); | 148 | static int check_end(const char *str, const char *end); |
| 136 | #ifndef MONOLITH | 149 | #ifndef MONOLITH |
| 137 | static char *default_config_file=NULL; | 150 | static char *default_config_file=NULL; |
| 138 | #endif | 151 | #endif |
| @@ -142,6 +155,7 @@ static int batch=0; | |||
| 142 | #define TYPE_RSA 1 | 155 | #define TYPE_RSA 1 |
| 143 | #define TYPE_DSA 2 | 156 | #define TYPE_DSA 2 |
| 144 | #define TYPE_DH 3 | 157 | #define TYPE_DH 3 |
| 158 | #define TYPE_EC 4 | ||
| 145 | 159 | ||
| 146 | int MAIN(int, char **); | 160 | int MAIN(int, char **); |
| 147 | 161 | ||
| @@ -151,6 +165,9 @@ int MAIN(int argc, char **argv) | |||
| 151 | #ifndef OPENSSL_NO_DSA | 165 | #ifndef OPENSSL_NO_DSA |
| 152 | DSA *dsa_params=NULL; | 166 | DSA *dsa_params=NULL; |
| 153 | #endif | 167 | #endif |
| 168 | #ifndef OPENSSL_NO_ECDSA | ||
| 169 | EC_KEY *ec_params = NULL; | ||
| 170 | #endif | ||
| 154 | unsigned long nmflag = 0, reqflag = 0; | 171 | unsigned long nmflag = 0, reqflag = 0; |
| 155 | int ex=1,x509=0,days=30; | 172 | int ex=1,x509=0,days=30; |
| 156 | X509 *x509ss=NULL; | 173 | X509 *x509ss=NULL; |
| @@ -175,7 +192,8 @@ int MAIN(int argc, char **argv) | |||
| 175 | char *passin = NULL, *passout = NULL; | 192 | char *passin = NULL, *passout = NULL; |
| 176 | char *p; | 193 | char *p; |
| 177 | char *subj = NULL; | 194 | char *subj = NULL; |
| 178 | const EVP_MD *md_alg=NULL,*digest; | 195 | int multirdn = 0; |
| 196 | const EVP_MD *md_alg=NULL,*digest=EVP_sha1(); | ||
| 179 | unsigned long chtype = MBSTRING_ASC; | 197 | unsigned long chtype = MBSTRING_ASC; |
| 180 | #ifndef MONOLITH | 198 | #ifndef MONOLITH |
| 181 | char *to_free; | 199 | char *to_free; |
| @@ -197,13 +215,6 @@ int MAIN(int argc, char **argv) | |||
| 197 | informat=FORMAT_PEM; | 215 | informat=FORMAT_PEM; |
| 198 | outformat=FORMAT_PEM; | 216 | outformat=FORMAT_PEM; |
| 199 | 217 | ||
| 200 | #ifdef OPENSSL_FIPS | ||
| 201 | if (FIPS_mode()) | ||
| 202 | digest = EVP_sha1(); | ||
| 203 | else | ||
| 204 | #endif | ||
| 205 | digest = EVP_md5(); | ||
| 206 | |||
| 207 | prog=argv[0]; | 218 | prog=argv[0]; |
| 208 | argc--; | 219 | argc--; |
| 209 | argv++; | 220 | argv++; |
| @@ -329,11 +340,64 @@ int MAIN(int argc, char **argv) | |||
| 329 | } | 340 | } |
| 330 | } | 341 | } |
| 331 | BIO_free(in); | 342 | BIO_free(in); |
| 332 | newkey=BN_num_bits(dsa_params->p); | ||
| 333 | in=NULL; | 343 | in=NULL; |
| 344 | newkey=BN_num_bits(dsa_params->p); | ||
| 334 | } | 345 | } |
| 335 | else | 346 | else |
| 336 | #endif | 347 | #endif |
| 348 | #ifndef OPENSSL_NO_ECDSA | ||
| 349 | if (strncmp("ec:",p,3) == 0) | ||
| 350 | { | ||
| 351 | X509 *xtmp=NULL; | ||
| 352 | EVP_PKEY *dtmp; | ||
| 353 | EC_GROUP *group; | ||
| 354 | |||
| 355 | pkey_type=TYPE_EC; | ||
| 356 | p+=3; | ||
| 357 | if ((in=BIO_new_file(p,"r")) == NULL) | ||
| 358 | { | ||
| 359 | perror(p); | ||
| 360 | goto end; | ||
| 361 | } | ||
| 362 | if ((ec_params = EC_KEY_new()) == NULL) | ||
| 363 | goto end; | ||
| 364 | group = PEM_read_bio_ECPKParameters(in, NULL, NULL, NULL); | ||
| 365 | if (group == NULL) | ||
| 366 | { | ||
| 367 | EC_KEY_free(ec_params); | ||
| 368 | ERR_clear_error(); | ||
| 369 | (void)BIO_reset(in); | ||
| 370 | if ((xtmp=PEM_read_bio_X509(in,NULL,NULL,NULL)) == NULL) | ||
| 371 | { | ||
| 372 | BIO_printf(bio_err,"unable to load EC parameters from file\n"); | ||
| 373 | goto end; | ||
| 374 | } | ||
| 375 | |||
| 376 | if ((dtmp=X509_get_pubkey(xtmp))==NULL) | ||
| 377 | goto end; | ||
| 378 | if (dtmp->type == EVP_PKEY_EC) | ||
| 379 | ec_params = EC_KEY_dup(dtmp->pkey.ec); | ||
| 380 | EVP_PKEY_free(dtmp); | ||
| 381 | X509_free(xtmp); | ||
| 382 | if (ec_params == NULL) | ||
| 383 | { | ||
| 384 | BIO_printf(bio_err,"Certificate does not contain EC parameters\n"); | ||
| 385 | goto end; | ||
| 386 | } | ||
| 387 | } | ||
| 388 | else | ||
| 389 | { | ||
| 390 | if (EC_KEY_set_group(ec_params, group) == 0) | ||
| 391 | goto end; | ||
| 392 | EC_GROUP_free(group); | ||
| 393 | } | ||
| 394 | |||
| 395 | BIO_free(in); | ||
| 396 | in=NULL; | ||
| 397 | newkey = EC_GROUP_get_degree(EC_KEY_get0_group(ec_params)); | ||
| 398 | } | ||
| 399 | else | ||
| 400 | #endif | ||
| 337 | #ifndef OPENSSL_NO_DH | 401 | #ifndef OPENSSL_NO_DH |
| 338 | if (strncmp("dh:",p,4) == 0) | 402 | if (strncmp("dh:",p,4) == 0) |
| 339 | { | 403 | { |
| @@ -342,7 +406,9 @@ int MAIN(int argc, char **argv) | |||
| 342 | } | 406 | } |
| 343 | else | 407 | else |
| 344 | #endif | 408 | #endif |
| 345 | pkey_type=TYPE_RSA; | 409 | { |
| 410 | goto bad; | ||
| 411 | } | ||
| 346 | 412 | ||
| 347 | newreq=1; | 413 | newreq=1; |
| 348 | } | 414 | } |
| @@ -387,6 +453,8 @@ int MAIN(int argc, char **argv) | |||
| 387 | if (--argc < 1) goto bad; | 453 | if (--argc < 1) goto bad; |
| 388 | subj= *(++argv); | 454 | subj= *(++argv); |
| 389 | } | 455 | } |
| 456 | else if (strcmp(*argv,"-multivalue-rdn") == 0) | ||
| 457 | multirdn=1; | ||
| 390 | else if (strcmp(*argv,"-days") == 0) | 458 | else if (strcmp(*argv,"-days") == 0) |
| 391 | { | 459 | { |
| 392 | if (--argc < 1) goto bad; | 460 | if (--argc < 1) goto bad; |
| @@ -452,9 +520,13 @@ bad: | |||
| 452 | BIO_printf(bio_err," the random number generator\n"); | 520 | BIO_printf(bio_err," the random number generator\n"); |
| 453 | BIO_printf(bio_err," -newkey rsa:bits generate a new RSA key of 'bits' in size\n"); | 521 | BIO_printf(bio_err," -newkey rsa:bits generate a new RSA key of 'bits' in size\n"); |
| 454 | BIO_printf(bio_err," -newkey dsa:file generate a new DSA key, parameters taken from CA in 'file'\n"); | 522 | BIO_printf(bio_err," -newkey dsa:file generate a new DSA key, parameters taken from CA in 'file'\n"); |
| 523 | #ifndef OPENSSL_NO_ECDSA | ||
| 524 | BIO_printf(bio_err," -newkey ec:file generate a new EC key, parameters taken from CA in 'file'\n"); | ||
| 525 | #endif | ||
| 455 | BIO_printf(bio_err," -[digest] Digest to sign with (md5, sha1, md2, mdc2, md4)\n"); | 526 | BIO_printf(bio_err," -[digest] Digest to sign with (md5, sha1, md2, mdc2, md4)\n"); |
| 456 | BIO_printf(bio_err," -config file request template file.\n"); | 527 | BIO_printf(bio_err," -config file request template file.\n"); |
| 457 | BIO_printf(bio_err," -subj arg set or modify request subject\n"); | 528 | BIO_printf(bio_err," -subj arg set or modify request subject\n"); |
| 529 | BIO_printf(bio_err," -multivalue-rdn enable support for multivalued RDNs\n"); | ||
| 458 | BIO_printf(bio_err," -new new request.\n"); | 530 | BIO_printf(bio_err," -new new request.\n"); |
| 459 | BIO_printf(bio_err," -batch do not ask anything during request generation\n"); | 531 | BIO_printf(bio_err," -batch do not ask anything during request generation\n"); |
| 460 | BIO_printf(bio_err," -x509 output a x509 structure instead of a cert. req.\n"); | 532 | BIO_printf(bio_err," -x509 output a x509 structure instead of a cert. req.\n"); |
| @@ -647,7 +719,7 @@ bad: | |||
| 647 | message */ | 719 | message */ |
| 648 | goto end; | 720 | goto end; |
| 649 | } | 721 | } |
| 650 | if (EVP_PKEY_type(pkey->type) == EVP_PKEY_DSA) | 722 | else |
| 651 | { | 723 | { |
| 652 | char *randfile = NCONF_get_string(req_conf,SECTION,"RANDFILE"); | 724 | char *randfile = NCONF_get_string(req_conf,SECTION,"RANDFILE"); |
| 653 | if (randfile == NULL) | 725 | if (randfile == NULL) |
| @@ -658,6 +730,9 @@ bad: | |||
| 658 | 730 | ||
| 659 | if (newreq && (pkey == NULL)) | 731 | if (newreq && (pkey == NULL)) |
| 660 | { | 732 | { |
| 733 | #ifndef OPENSSL_NO_RSA | ||
| 734 | BN_GENCB cb; | ||
| 735 | #endif | ||
| 661 | char *randfile = NCONF_get_string(req_conf,SECTION,"RANDFILE"); | 736 | char *randfile = NCONF_get_string(req_conf,SECTION,"RANDFILE"); |
| 662 | if (randfile == NULL) | 737 | if (randfile == NULL) |
| 663 | ERR_clear_error(); | 738 | ERR_clear_error(); |
| @@ -671,24 +746,33 @@ bad: | |||
| 671 | newkey=DEFAULT_KEY_LENGTH; | 746 | newkey=DEFAULT_KEY_LENGTH; |
| 672 | } | 747 | } |
| 673 | 748 | ||
| 674 | if (newkey < MIN_KEY_LENGTH) | 749 | if (newkey < MIN_KEY_LENGTH && (pkey_type == TYPE_RSA || pkey_type == TYPE_DSA)) |
| 675 | { | 750 | { |
| 676 | BIO_printf(bio_err,"private key length is too short,\n"); | 751 | BIO_printf(bio_err,"private key length is too short,\n"); |
| 677 | BIO_printf(bio_err,"it needs to be at least %d bits, not %d\n",MIN_KEY_LENGTH,newkey); | 752 | BIO_printf(bio_err,"it needs to be at least %d bits, not %ld\n",MIN_KEY_LENGTH,newkey); |
| 678 | goto end; | 753 | goto end; |
| 679 | } | 754 | } |
| 680 | BIO_printf(bio_err,"Generating a %d bit %s private key\n", | 755 | BIO_printf(bio_err,"Generating a %ld bit %s private key\n", |
| 681 | newkey,(pkey_type == TYPE_RSA)?"RSA":"DSA"); | 756 | newkey,(pkey_type == TYPE_RSA)?"RSA": |
| 757 | (pkey_type == TYPE_DSA)?"DSA":"EC"); | ||
| 682 | 758 | ||
| 683 | if ((pkey=EVP_PKEY_new()) == NULL) goto end; | 759 | if ((pkey=EVP_PKEY_new()) == NULL) goto end; |
| 684 | 760 | ||
| 685 | #ifndef OPENSSL_NO_RSA | 761 | #ifndef OPENSSL_NO_RSA |
| 762 | BN_GENCB_set(&cb, req_cb, bio_err); | ||
| 686 | if (pkey_type == TYPE_RSA) | 763 | if (pkey_type == TYPE_RSA) |
| 687 | { | 764 | { |
| 688 | if (!EVP_PKEY_assign_RSA(pkey, | 765 | RSA *rsa = RSA_new(); |
| 689 | RSA_generate_key(newkey,0x10001, | 766 | BIGNUM *bn = BN_new(); |
| 690 | req_cb,bio_err))) | 767 | if(!bn || !rsa || !BN_set_word(bn, 0x10001) || |
| 768 | !RSA_generate_key_ex(rsa, newkey, bn, &cb) || | ||
| 769 | !EVP_PKEY_assign_RSA(pkey, rsa)) | ||
| 770 | { | ||
| 771 | if(bn) BN_free(bn); | ||
| 772 | if(rsa) RSA_free(rsa); | ||
| 691 | goto end; | 773 | goto end; |
| 774 | } | ||
| 775 | BN_free(bn); | ||
| 692 | } | 776 | } |
| 693 | else | 777 | else |
| 694 | #endif | 778 | #endif |
| @@ -700,6 +784,15 @@ bad: | |||
| 700 | dsa_params=NULL; | 784 | dsa_params=NULL; |
| 701 | } | 785 | } |
| 702 | #endif | 786 | #endif |
| 787 | #ifndef OPENSSL_NO_ECDSA | ||
| 788 | if (pkey_type == TYPE_EC) | ||
| 789 | { | ||
| 790 | if (!EC_KEY_generate_key(ec_params)) goto end; | ||
| 791 | if (!EVP_PKEY_assign_EC_KEY(pkey, ec_params)) | ||
| 792 | goto end; | ||
| 793 | ec_params = NULL; | ||
| 794 | } | ||
| 795 | #endif | ||
| 703 | 796 | ||
| 704 | app_RAND_write_file(randfile, bio_err); | 797 | app_RAND_write_file(randfile, bio_err); |
| 705 | 798 | ||
| @@ -806,6 +899,10 @@ loop: | |||
| 806 | if (pkey->type == EVP_PKEY_DSA) | 899 | if (pkey->type == EVP_PKEY_DSA) |
| 807 | digest=EVP_dss1(); | 900 | digest=EVP_dss1(); |
| 808 | #endif | 901 | #endif |
| 902 | #ifndef OPENSSL_NO_ECDSA | ||
| 903 | if (pkey->type == EVP_PKEY_EC) | ||
| 904 | digest=EVP_ecdsa(); | ||
| 905 | #endif | ||
| 809 | if (req == NULL) | 906 | if (req == NULL) |
| 810 | { | 907 | { |
| 811 | req=X509_REQ_new(); | 908 | req=X509_REQ_new(); |
| @@ -814,7 +911,7 @@ loop: | |||
| 814 | goto end; | 911 | goto end; |
| 815 | } | 912 | } |
| 816 | 913 | ||
| 817 | i=make_REQ(req,pkey,subj,!x509, chtype); | 914 | i=make_REQ(req,pkey,subj,multirdn,!x509, chtype); |
| 818 | subj=NULL; /* done processing '-subj' option */ | 915 | subj=NULL; /* done processing '-subj' option */ |
| 819 | if ((kludge > 0) && !sk_X509_ATTRIBUTE_num(req->req_info->attributes)) | 916 | if ((kludge > 0) && !sk_X509_ATTRIBUTE_num(req->req_info->attributes)) |
| 820 | { | 917 | { |
| @@ -909,7 +1006,7 @@ loop: | |||
| 909 | print_name(bio_err, "old subject=", X509_REQ_get_subject_name(req), nmflag); | 1006 | print_name(bio_err, "old subject=", X509_REQ_get_subject_name(req), nmflag); |
| 910 | } | 1007 | } |
| 911 | 1008 | ||
| 912 | if (build_subject(req, subj, chtype) == 0) | 1009 | if (build_subject(req, subj, chtype, multirdn) == 0) |
| 913 | { | 1010 | { |
| 914 | BIO_printf(bio_err, "ERROR: cannot modify subject\n"); | 1011 | BIO_printf(bio_err, "ERROR: cannot modify subject\n"); |
| 915 | ex=1; | 1012 | ex=1; |
| @@ -1093,12 +1190,15 @@ end: | |||
| 1093 | #ifndef OPENSSL_NO_DSA | 1190 | #ifndef OPENSSL_NO_DSA |
| 1094 | if (dsa_params != NULL) DSA_free(dsa_params); | 1191 | if (dsa_params != NULL) DSA_free(dsa_params); |
| 1095 | #endif | 1192 | #endif |
| 1193 | #ifndef OPENSSL_NO_ECDSA | ||
| 1194 | if (ec_params != NULL) EC_KEY_free(ec_params); | ||
| 1195 | #endif | ||
| 1096 | apps_shutdown(); | 1196 | apps_shutdown(); |
| 1097 | OPENSSL_EXIT(ex); | 1197 | OPENSSL_EXIT(ex); |
| 1098 | } | 1198 | } |
| 1099 | 1199 | ||
| 1100 | static int make_REQ(X509_REQ *req, EVP_PKEY *pkey, char *subj, int attribs, | 1200 | static int make_REQ(X509_REQ *req, EVP_PKEY *pkey, char *subj, int multirdn, |
| 1101 | unsigned long chtype) | 1201 | int attribs, unsigned long chtype) |
| 1102 | { | 1202 | { |
| 1103 | int ret=0,i; | 1203 | int ret=0,i; |
| 1104 | char no_prompt = 0; | 1204 | char no_prompt = 0; |
| @@ -1148,7 +1248,7 @@ static int make_REQ(X509_REQ *req, EVP_PKEY *pkey, char *subj, int attribs, | |||
| 1148 | else | 1248 | else |
| 1149 | { | 1249 | { |
| 1150 | if (subj) | 1250 | if (subj) |
| 1151 | i = build_subject(req, subj, chtype); | 1251 | i = build_subject(req, subj, chtype, multirdn); |
| 1152 | else | 1252 | else |
| 1153 | i = prompt_info(req, dn_sk, dn_sect, attr_sk, attr_sect, attribs, chtype); | 1253 | i = prompt_info(req, dn_sk, dn_sect, attr_sk, attr_sect, attribs, chtype); |
| 1154 | } | 1254 | } |
| @@ -1165,11 +1265,11 @@ err: | |||
| 1165 | * subject is expected to be in the format /type0=value0/type1=value1/type2=... | 1265 | * subject is expected to be in the format /type0=value0/type1=value1/type2=... |
| 1166 | * where characters may be escaped by \ | 1266 | * where characters may be escaped by \ |
| 1167 | */ | 1267 | */ |
| 1168 | static int build_subject(X509_REQ *req, char *subject, unsigned long chtype) | 1268 | static int build_subject(X509_REQ *req, char *subject, unsigned long chtype, int multirdn) |
| 1169 | { | 1269 | { |
| 1170 | X509_NAME *n; | 1270 | X509_NAME *n; |
| 1171 | 1271 | ||
| 1172 | if (!(n = do_subject(subject, chtype))) | 1272 | if (!(n = parse_name(subject, chtype, multirdn))) |
| 1173 | return 0; | 1273 | return 0; |
| 1174 | 1274 | ||
| 1175 | if (!X509_REQ_set_subject_name(req, n)) | 1275 | if (!X509_REQ_set_subject_name(req, n)) |
| @@ -1190,9 +1290,10 @@ static int prompt_info(X509_REQ *req, | |||
| 1190 | int i; | 1290 | int i; |
| 1191 | char *p,*q; | 1291 | char *p,*q; |
| 1192 | char buf[100]; | 1292 | char buf[100]; |
| 1193 | int nid; | 1293 | int nid, mval; |
| 1194 | long n_min,n_max; | 1294 | long n_min,n_max; |
| 1195 | char *type,*def,*value; | 1295 | char *type, *value; |
| 1296 | const char *def; | ||
| 1196 | CONF_VALUE *v; | 1297 | CONF_VALUE *v; |
| 1197 | X509_NAME *subj; | 1298 | X509_NAME *subj; |
| 1198 | subj = X509_REQ_get_subject_name(req); | 1299 | subj = X509_REQ_get_subject_name(req); |
| @@ -1233,10 +1334,17 @@ start: for (;;) | |||
| 1233 | if(*p) type = p; | 1334 | if(*p) type = p; |
| 1234 | break; | 1335 | break; |
| 1235 | } | 1336 | } |
| 1337 | if (*type == '+') | ||
| 1338 | { | ||
| 1339 | mval = -1; | ||
| 1340 | type++; | ||
| 1341 | } | ||
| 1342 | else | ||
| 1343 | mval = 0; | ||
| 1236 | /* If OBJ not recognised ignore it */ | 1344 | /* If OBJ not recognised ignore it */ |
| 1237 | if ((nid=OBJ_txt2nid(type)) == NID_undef) goto start; | 1345 | if ((nid=OBJ_txt2nid(type)) == NID_undef) goto start; |
| 1238 | if (BIO_snprintf(buf,sizeof buf,"%s_default",v->name) | 1346 | if (BIO_snprintf(buf,sizeof buf,"%s_default",v->name) |
| 1239 | >= sizeof buf) | 1347 | >= (int)sizeof(buf)) |
| 1240 | { | 1348 | { |
| 1241 | BIO_printf(bio_err,"Name '%s' too long\n",v->name); | 1349 | BIO_printf(bio_err,"Name '%s' too long\n",v->name); |
| 1242 | return 0; | 1350 | return 0; |
| @@ -1270,7 +1378,7 @@ start: for (;;) | |||
| 1270 | } | 1378 | } |
| 1271 | 1379 | ||
| 1272 | if (!add_DN_object(subj,v->value,def,value,nid, | 1380 | if (!add_DN_object(subj,v->value,def,value,nid, |
| 1273 | n_min,n_max, chtype)) | 1381 | n_min,n_max, chtype, mval)) |
| 1274 | return 0; | 1382 | return 0; |
| 1275 | } | 1383 | } |
| 1276 | if (X509_NAME_entry_count(subj) == 0) | 1384 | if (X509_NAME_entry_count(subj) == 0) |
| @@ -1301,7 +1409,7 @@ start2: for (;;) | |||
| 1301 | goto start2; | 1409 | goto start2; |
| 1302 | 1410 | ||
| 1303 | if (BIO_snprintf(buf,sizeof buf,"%s_default",type) | 1411 | if (BIO_snprintf(buf,sizeof buf,"%s_default",type) |
| 1304 | >= sizeof buf) | 1412 | >= (int)sizeof(buf)) |
| 1305 | { | 1413 | { |
| 1306 | BIO_printf(bio_err,"Name '%s' too long\n",v->name); | 1414 | BIO_printf(bio_err,"Name '%s' too long\n",v->name); |
| 1307 | return 0; | 1415 | return 0; |
| @@ -1360,6 +1468,7 @@ static int auto_info(X509_REQ *req, STACK_OF(CONF_VALUE) *dn_sk, | |||
| 1360 | 1468 | ||
| 1361 | for (i = 0; i < sk_CONF_VALUE_num(dn_sk); i++) | 1469 | for (i = 0; i < sk_CONF_VALUE_num(dn_sk); i++) |
| 1362 | { | 1470 | { |
| 1471 | int mval; | ||
| 1363 | v=sk_CONF_VALUE_value(dn_sk,i); | 1472 | v=sk_CONF_VALUE_value(dn_sk,i); |
| 1364 | p=q=NULL; | 1473 | p=q=NULL; |
| 1365 | type=v->name; | 1474 | type=v->name; |
| @@ -1376,8 +1485,19 @@ static int auto_info(X509_REQ *req, STACK_OF(CONF_VALUE) *dn_sk, | |||
| 1376 | if(*p) type = p; | 1485 | if(*p) type = p; |
| 1377 | break; | 1486 | break; |
| 1378 | } | 1487 | } |
| 1488 | #ifndef CHARSET_EBCDIC | ||
| 1489 | if (*p == '+') | ||
| 1490 | #else | ||
| 1491 | if (*p == os_toascii['+']) | ||
| 1492 | #endif | ||
| 1493 | { | ||
| 1494 | p++; | ||
| 1495 | mval = -1; | ||
| 1496 | } | ||
| 1497 | else | ||
| 1498 | mval = 0; | ||
| 1379 | if (!X509_NAME_add_entry_by_txt(subj,type, chtype, | 1499 | if (!X509_NAME_add_entry_by_txt(subj,type, chtype, |
| 1380 | (unsigned char *) v->value,-1,-1,0)) return 0; | 1500 | (unsigned char *) v->value,-1,-1,mval)) return 0; |
| 1381 | 1501 | ||
| 1382 | } | 1502 | } |
| 1383 | 1503 | ||
| @@ -1399,8 +1519,8 @@ static int auto_info(X509_REQ *req, STACK_OF(CONF_VALUE) *dn_sk, | |||
| 1399 | } | 1519 | } |
| 1400 | 1520 | ||
| 1401 | 1521 | ||
| 1402 | static int add_DN_object(X509_NAME *n, char *text, char *def, char *value, | 1522 | static int add_DN_object(X509_NAME *n, char *text, const char *def, char *value, |
| 1403 | int nid, int n_min, int n_max, unsigned long chtype) | 1523 | int nid, int n_min, int n_max, unsigned long chtype, int mval) |
| 1404 | { | 1524 | { |
| 1405 | int i,ret=0; | 1525 | int i,ret=0; |
| 1406 | MS_STATIC char buf[1024]; | 1526 | MS_STATIC char buf[1024]; |
| @@ -1449,14 +1569,14 @@ start: | |||
| 1449 | #endif | 1569 | #endif |
| 1450 | if(!req_check_len(i, n_min, n_max)) goto start; | 1570 | if(!req_check_len(i, n_min, n_max)) goto start; |
| 1451 | if (!X509_NAME_add_entry_by_NID(n,nid, chtype, | 1571 | if (!X509_NAME_add_entry_by_NID(n,nid, chtype, |
| 1452 | (unsigned char *) buf, -1,-1,0)) goto err; | 1572 | (unsigned char *) buf, -1,-1,mval)) goto err; |
| 1453 | ret=1; | 1573 | ret=1; |
| 1454 | err: | 1574 | err: |
| 1455 | return(ret); | 1575 | return(ret); |
| 1456 | } | 1576 | } |
| 1457 | 1577 | ||
| 1458 | static int add_attribute_object(X509_REQ *req, char *text, | 1578 | static int add_attribute_object(X509_REQ *req, char *text, const char *def, |
| 1459 | char *def, char *value, int nid, int n_min, | 1579 | char *value, int nid, int n_min, |
| 1460 | int n_max, unsigned long chtype) | 1580 | int n_max, unsigned long chtype) |
| 1461 | { | 1581 | { |
| 1462 | int i; | 1582 | int i; |
| @@ -1520,7 +1640,7 @@ err: | |||
| 1520 | } | 1640 | } |
| 1521 | 1641 | ||
| 1522 | #ifndef OPENSSL_NO_RSA | 1642 | #ifndef OPENSSL_NO_RSA |
| 1523 | static void MS_CALLBACK req_cb(int p, int n, void *arg) | 1643 | static int MS_CALLBACK req_cb(int p, int n, BN_GENCB *cb) |
| 1524 | { | 1644 | { |
| 1525 | char c='*'; | 1645 | char c='*'; |
| 1526 | 1646 | ||
| @@ -1528,11 +1648,12 @@ static void MS_CALLBACK req_cb(int p, int n, void *arg) | |||
| 1528 | if (p == 1) c='+'; | 1648 | if (p == 1) c='+'; |
| 1529 | if (p == 2) c='*'; | 1649 | if (p == 2) c='*'; |
| 1530 | if (p == 3) c='\n'; | 1650 | if (p == 3) c='\n'; |
| 1531 | BIO_write((BIO *)arg,&c,1); | 1651 | BIO_write(cb->arg,&c,1); |
| 1532 | (void)BIO_flush((BIO *)arg); | 1652 | (void)BIO_flush(cb->arg); |
| 1533 | #ifdef LINT | 1653 | #ifdef LINT |
| 1534 | p=n; | 1654 | p=n; |
| 1535 | #endif | 1655 | #endif |
| 1656 | return 1; | ||
| 1536 | } | 1657 | } |
| 1537 | #endif | 1658 | #endif |
| 1538 | 1659 | ||
| @@ -1552,10 +1673,10 @@ static int req_check_len(int len, int n_min, int n_max) | |||
| 1552 | } | 1673 | } |
| 1553 | 1674 | ||
| 1554 | /* Check if the end of a string matches 'end' */ | 1675 | /* Check if the end of a string matches 'end' */ |
| 1555 | static int check_end(char *str, char *end) | 1676 | static int check_end(const char *str, const char *end) |
| 1556 | { | 1677 | { |
| 1557 | int elen, slen; | 1678 | int elen, slen; |
| 1558 | char *tmp; | 1679 | const char *tmp; |
| 1559 | elen = strlen(end); | 1680 | elen = strlen(end); |
| 1560 | slen = strlen(str); | 1681 | slen = strlen(str); |
| 1561 | if(elen > slen) return 1; | 1682 | if(elen > slen) return 1; |
diff --git a/src/lib/libssl/src/apps/rsa.c b/src/lib/libssl/src/apps/rsa.c index 0acdb08b24..930f1f038a 100644 --- a/src/lib/libssl/src/apps/rsa.c +++ b/src/lib/libssl/src/apps/rsa.c | |||
| @@ -56,6 +56,7 @@ | |||
| 56 | * [including the GNU Public Licence.] | 56 | * [including the GNU Public Licence.] |
| 57 | */ | 57 | */ |
| 58 | 58 | ||
| 59 | #include <openssl/opensslconf.h> | ||
| 59 | #ifndef OPENSSL_NO_RSA | 60 | #ifndef OPENSSL_NO_RSA |
| 60 | #include <stdio.h> | 61 | #include <stdio.h> |
| 61 | #include <stdlib.h> | 62 | #include <stdlib.h> |
| @@ -68,6 +69,7 @@ | |||
| 68 | #include <openssl/evp.h> | 69 | #include <openssl/evp.h> |
| 69 | #include <openssl/x509.h> | 70 | #include <openssl/x509.h> |
| 70 | #include <openssl/pem.h> | 71 | #include <openssl/pem.h> |
| 72 | #include <openssl/bn.h> | ||
| 71 | 73 | ||
| 72 | #undef PROG | 74 | #undef PROG |
| 73 | #define PROG rsa_main | 75 | #define PROG rsa_main |
| @@ -79,9 +81,13 @@ | |||
| 79 | * -des - encrypt output if PEM format with DES in cbc mode | 81 | * -des - encrypt output if PEM format with DES in cbc mode |
| 80 | * -des3 - encrypt output if PEM format | 82 | * -des3 - encrypt output if PEM format |
| 81 | * -idea - encrypt output if PEM format | 83 | * -idea - encrypt output if PEM format |
| 84 | * -seed - encrypt output if PEM format | ||
| 82 | * -aes128 - encrypt output if PEM format | 85 | * -aes128 - encrypt output if PEM format |
| 83 | * -aes192 - encrypt output if PEM format | 86 | * -aes192 - encrypt output if PEM format |
| 84 | * -aes256 - encrypt output if PEM format | 87 | * -aes256 - encrypt output if PEM format |
| 88 | * -camellia128 - encrypt output if PEM format | ||
| 89 | * -camellia192 - encrypt output if PEM format | ||
| 90 | * -camellia256 - encrypt output if PEM format | ||
| 85 | * -text - print a text version | 91 | * -text - print a text version |
| 86 | * -modulus - print the RSA key modulus | 92 | * -modulus - print the RSA key modulus |
| 87 | * -check - verify key consistency | 93 | * -check - verify key consistency |
| @@ -206,10 +212,17 @@ bad: | |||
| 206 | #ifndef OPENSSL_NO_IDEA | 212 | #ifndef OPENSSL_NO_IDEA |
| 207 | BIO_printf(bio_err," -idea encrypt PEM output with cbc idea\n"); | 213 | BIO_printf(bio_err," -idea encrypt PEM output with cbc idea\n"); |
| 208 | #endif | 214 | #endif |
| 215 | #ifndef OPENSSL_NO_SEED | ||
| 216 | BIO_printf(bio_err," -seed encrypt PEM output with cbc seed\n"); | ||
| 217 | #endif | ||
| 209 | #ifndef OPENSSL_NO_AES | 218 | #ifndef OPENSSL_NO_AES |
| 210 | BIO_printf(bio_err," -aes128, -aes192, -aes256\n"); | 219 | BIO_printf(bio_err," -aes128, -aes192, -aes256\n"); |
| 211 | BIO_printf(bio_err," encrypt PEM output with cbc aes\n"); | 220 | BIO_printf(bio_err," encrypt PEM output with cbc aes\n"); |
| 212 | #endif | 221 | #endif |
| 222 | #ifndef OPENSSL_NO_CAMELLIA | ||
| 223 | BIO_printf(bio_err," -camellia128, -camellia192, -camellia256\n"); | ||
| 224 | BIO_printf(bio_err," encrypt PEM output with cbc camellia\n"); | ||
| 225 | #endif | ||
| 213 | BIO_printf(bio_err," -text print the key in text\n"); | 226 | BIO_printf(bio_err," -text print the key in text\n"); |
| 214 | BIO_printf(bio_err," -noout don't print key out\n"); | 227 | BIO_printf(bio_err," -noout don't print key out\n"); |
| 215 | BIO_printf(bio_err," -modulus print the RSA key modulus\n"); | 228 | BIO_printf(bio_err," -modulus print the RSA key modulus\n"); |
| @@ -307,7 +320,7 @@ bad: | |||
| 307 | BIO_printf(out,"RSA key ok\n"); | 320 | BIO_printf(out,"RSA key ok\n"); |
| 308 | else if (r == 0) | 321 | else if (r == 0) |
| 309 | { | 322 | { |
| 310 | long err; | 323 | unsigned long err; |
| 311 | 324 | ||
| 312 | while ((err = ERR_peek_error()) != 0 && | 325 | while ((err = ERR_peek_error()) != 0 && |
| 313 | ERR_GET_LIB(err) == ERR_LIB_RSA && | 326 | ERR_GET_LIB(err) == ERR_LIB_RSA && |
diff --git a/src/lib/libssl/src/apps/rsautl.c b/src/lib/libssl/src/apps/rsautl.c index bdfbe31c14..f3c458ed27 100644 --- a/src/lib/libssl/src/apps/rsautl.c +++ b/src/lib/libssl/src/apps/rsautl.c | |||
| @@ -3,7 +3,7 @@ | |||
| 3 | * project 2000. | 3 | * project 2000. |
| 4 | */ | 4 | */ |
| 5 | /* ==================================================================== | 5 | /* ==================================================================== |
| 6 | * Copyright (c) 2000-2005 The OpenSSL Project. All rights reserved. | 6 | * Copyright (c) 2000 The OpenSSL Project. All rights reserved. |
| 7 | * | 7 | * |
| 8 | * Redistribution and use in source and binary forms, with or without | 8 | * Redistribution and use in source and binary forms, with or without |
| 9 | * modification, are permitted provided that the following conditions | 9 | * modification, are permitted provided that the following conditions |
| @@ -56,12 +56,14 @@ | |||
| 56 | * | 56 | * |
| 57 | */ | 57 | */ |
| 58 | 58 | ||
| 59 | #include <openssl/opensslconf.h> | ||
| 59 | #ifndef OPENSSL_NO_RSA | 60 | #ifndef OPENSSL_NO_RSA |
| 60 | 61 | ||
| 61 | #include "apps.h" | 62 | #include "apps.h" |
| 62 | #include <string.h> | 63 | #include <string.h> |
| 63 | #include <openssl/err.h> | 64 | #include <openssl/err.h> |
| 64 | #include <openssl/pem.h> | 65 | #include <openssl/pem.h> |
| 66 | #include <openssl/rsa.h> | ||
| 65 | 67 | ||
| 66 | #define RSA_SIGN 1 | 68 | #define RSA_SIGN 1 |
| 67 | #define RSA_VERIFY 2 | 69 | #define RSA_VERIFY 2 |
| @@ -117,24 +119,36 @@ int MAIN(int argc, char **argv) | |||
| 117 | while(argc >= 1) | 119 | while(argc >= 1) |
| 118 | { | 120 | { |
| 119 | if (!strcmp(*argv,"-in")) { | 121 | if (!strcmp(*argv,"-in")) { |
| 120 | if (--argc < 1) badarg = 1; | 122 | if (--argc < 1) |
| 121 | infile= *(++argv); | 123 | badarg = 1; |
| 124 | else | ||
| 125 | infile= *(++argv); | ||
| 122 | } else if (!strcmp(*argv,"-out")) { | 126 | } else if (!strcmp(*argv,"-out")) { |
| 123 | if (--argc < 1) badarg = 1; | 127 | if (--argc < 1) |
| 124 | outfile= *(++argv); | 128 | badarg = 1; |
| 129 | else | ||
| 130 | outfile= *(++argv); | ||
| 125 | } else if(!strcmp(*argv, "-inkey")) { | 131 | } else if(!strcmp(*argv, "-inkey")) { |
| 126 | if (--argc < 1) badarg = 1; | 132 | if (--argc < 1) |
| 127 | keyfile = *(++argv); | 133 | badarg = 1; |
| 134 | else | ||
| 135 | keyfile = *(++argv); | ||
| 128 | } else if (!strcmp(*argv,"-passin")) { | 136 | } else if (!strcmp(*argv,"-passin")) { |
| 129 | if (--argc < 1) badarg = 1; | 137 | if (--argc < 1) |
| 130 | passargin= *(++argv); | 138 | badarg = 1; |
| 139 | else | ||
| 140 | passargin= *(++argv); | ||
| 131 | } else if (strcmp(*argv,"-keyform") == 0) { | 141 | } else if (strcmp(*argv,"-keyform") == 0) { |
| 132 | if (--argc < 1) badarg = 1; | 142 | if (--argc < 1) |
| 133 | keyform=str2fmt(*(++argv)); | 143 | badarg = 1; |
| 144 | else | ||
| 145 | keyform=str2fmt(*(++argv)); | ||
| 134 | #ifndef OPENSSL_NO_ENGINE | 146 | #ifndef OPENSSL_NO_ENGINE |
| 135 | } else if(!strcmp(*argv, "-engine")) { | 147 | } else if(!strcmp(*argv, "-engine")) { |
| 136 | if (--argc < 1) badarg = 1; | 148 | if (--argc < 1) |
| 137 | engine = *(++argv); | 149 | badarg = 1; |
| 150 | else | ||
| 151 | engine = *(++argv); | ||
| 138 | #endif | 152 | #endif |
| 139 | } else if(!strcmp(*argv, "-pubin")) { | 153 | } else if(!strcmp(*argv, "-pubin")) { |
| 140 | key_type = KEY_PUBKEY; | 154 | key_type = KEY_PUBKEY; |
diff --git a/src/lib/libssl/src/apps/s_apps.h b/src/lib/libssl/src/apps/s_apps.h index 48e7dbaddc..023faa8467 100644 --- a/src/lib/libssl/src/apps/s_apps.h +++ b/src/lib/libssl/src/apps/s_apps.h | |||
| @@ -108,8 +108,9 @@ | |||
| 108 | * Hudson (tjh@cryptsoft.com). | 108 | * Hudson (tjh@cryptsoft.com). |
| 109 | * | 109 | * |
| 110 | */ | 110 | */ |
| 111 | 111 | #if !defined(OPENSSL_SYS_NETWARE) /* conflicts with winsock2 stuff on netware */ | |
| 112 | #include <sys/types.h> | 112 | #include <sys/types.h> |
| 113 | #endif | ||
| 113 | #include <openssl/opensslconf.h> | 114 | #include <openssl/opensslconf.h> |
| 114 | 115 | ||
| 115 | #if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) | 116 | #if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) |
| @@ -147,22 +148,26 @@ typedef fd_mask fd_set; | |||
| 147 | #define PORT_STR "4433" | 148 | #define PORT_STR "4433" |
| 148 | #define PROTOCOL "tcp" | 149 | #define PROTOCOL "tcp" |
| 149 | 150 | ||
| 150 | int do_server(int port, int *ret, int (*cb) (), char *context); | 151 | int do_server(int port, int type, int *ret, int (*cb) (char *hostname, int s, unsigned char *context), unsigned char *context); |
| 151 | #ifdef HEADER_X509_H | 152 | #ifdef HEADER_X509_H |
| 152 | int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx); | 153 | int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx); |
| 153 | #endif | 154 | #endif |
| 154 | #ifdef HEADER_SSL_H | 155 | #ifdef HEADER_SSL_H |
| 155 | int set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file); | 156 | int set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file); |
| 157 | int set_cert_key_stuff(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key); | ||
| 156 | #endif | 158 | #endif |
| 157 | int init_client(int *sock, char *server, char *port, int af); | 159 | int init_client(int *sock, char *server, int port, int type, int af); |
| 158 | int should_retry(int i); | 160 | int should_retry(int i); |
| 159 | int extract_port(char *str, short *port_ptr); | 161 | int extract_port(char *str, short *port_ptr); |
| 160 | int extract_host_port(char *str,char **host_ptr,unsigned char *ip,char **p); | 162 | int extract_host_port(char *str,char **host_ptr,unsigned char *ip,char **p); |
| 161 | 163 | ||
| 162 | long MS_CALLBACK bio_dump_cb(BIO *bio, int cmd, const char *argp, | 164 | long MS_CALLBACK bio_dump_callback(BIO *bio, int cmd, const char *argp, |
| 163 | int argi, long argl, long ret); | 165 | int argi, long argl, long ret); |
| 164 | 166 | ||
| 165 | #ifdef HEADER_SSL_H | 167 | #ifdef HEADER_SSL_H |
| 166 | void MS_CALLBACK apps_ssl_info_callback(const SSL *s, int where, int ret); | 168 | void MS_CALLBACK apps_ssl_info_callback(const SSL *s, int where, int ret); |
| 167 | void MS_CALLBACK msg_cb(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg); | 169 | void MS_CALLBACK msg_cb(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg); |
| 170 | void MS_CALLBACK tlsext_cb(SSL *s, int client_server, int type, | ||
| 171 | unsigned char *data, int len, | ||
| 172 | void *arg); | ||
| 168 | #endif | 173 | #endif |
diff --git a/src/lib/libssl/src/apps/s_cb.c b/src/lib/libssl/src/apps/s_cb.c index 675527df1f..a512589e8c 100644 --- a/src/lib/libssl/src/apps/s_cb.c +++ b/src/lib/libssl/src/apps/s_cb.c | |||
| @@ -229,8 +229,36 @@ int set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file) | |||
| 229 | return(1); | 229 | return(1); |
| 230 | } | 230 | } |
| 231 | 231 | ||
| 232 | long MS_CALLBACK bio_dump_cb(BIO *bio, int cmd, const char *argp, int argi, | 232 | int set_cert_key_stuff(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key) |
| 233 | long argl, long ret) | 233 | { |
| 234 | if (cert == NULL) | ||
| 235 | return 1; | ||
| 236 | if (SSL_CTX_use_certificate(ctx,cert) <= 0) | ||
| 237 | { | ||
| 238 | BIO_printf(bio_err,"error setting certificate\n"); | ||
| 239 | ERR_print_errors(bio_err); | ||
| 240 | return 0; | ||
| 241 | } | ||
| 242 | if (SSL_CTX_use_PrivateKey(ctx,key) <= 0) | ||
| 243 | { | ||
| 244 | BIO_printf(bio_err,"error setting private key\n"); | ||
| 245 | ERR_print_errors(bio_err); | ||
| 246 | return 0; | ||
| 247 | } | ||
| 248 | |||
| 249 | |||
| 250 | /* Now we know that a key and cert have been set against | ||
| 251 | * the SSL context */ | ||
| 252 | if (!SSL_CTX_check_private_key(ctx)) | ||
| 253 | { | ||
| 254 | BIO_printf(bio_err,"Private key does not match the certificate public key\n"); | ||
| 255 | return 0; | ||
| 256 | } | ||
| 257 | return 1; | ||
| 258 | } | ||
| 259 | |||
| 260 | long MS_CALLBACK bio_dump_callback(BIO *bio, int cmd, const char *argp, | ||
| 261 | int argi, long argl, long ret) | ||
| 234 | { | 262 | { |
| 235 | BIO *out; | 263 | BIO *out; |
| 236 | 264 | ||
| @@ -239,15 +267,15 @@ long MS_CALLBACK bio_dump_cb(BIO *bio, int cmd, const char *argp, int argi, | |||
| 239 | 267 | ||
| 240 | if (cmd == (BIO_CB_READ|BIO_CB_RETURN)) | 268 | if (cmd == (BIO_CB_READ|BIO_CB_RETURN)) |
| 241 | { | 269 | { |
| 242 | BIO_printf(out,"read from %08X [%08lX] (%d bytes => %ld (0x%X))\n", | 270 | BIO_printf(out,"read from %p [%p] (%d bytes => %ld (0x%lX))\n", |
| 243 | bio,argp,argi,ret,ret); | 271 | (void *)bio,argp,argi,ret,ret); |
| 244 | BIO_dump(out,argp,(int)ret); | 272 | BIO_dump(out,argp,(int)ret); |
| 245 | return(ret); | 273 | return(ret); |
| 246 | } | 274 | } |
| 247 | else if (cmd == (BIO_CB_WRITE|BIO_CB_RETURN)) | 275 | else if (cmd == (BIO_CB_WRITE|BIO_CB_RETURN)) |
| 248 | { | 276 | { |
| 249 | BIO_printf(out,"write to %08X [%08lX] (%d bytes => %ld (0x%X))\n", | 277 | BIO_printf(out,"write to %p [%p] (%d bytes => %ld (0x%lX))\n", |
| 250 | bio,argp,argi,ret,ret); | 278 | (void *)bio,argp,argi,ret,ret); |
| 251 | BIO_dump(out,argp,(int)ret); | 279 | BIO_dump(out,argp,(int)ret); |
| 252 | } | 280 | } |
| 253 | return(ret); | 281 | return(ret); |
| @@ -255,7 +283,7 @@ long MS_CALLBACK bio_dump_cb(BIO *bio, int cmd, const char *argp, int argi, | |||
| 255 | 283 | ||
| 256 | void MS_CALLBACK apps_ssl_info_callback(const SSL *s, int where, int ret) | 284 | void MS_CALLBACK apps_ssl_info_callback(const SSL *s, int where, int ret) |
| 257 | { | 285 | { |
| 258 | char *str; | 286 | const char *str; |
| 259 | int w; | 287 | int w; |
| 260 | 288 | ||
| 261 | w=where& ~SSL_ST_MASK; | 289 | w=where& ~SSL_ST_MASK; |
| @@ -318,14 +346,14 @@ void MS_CALLBACK msg_cb(int write_p, int version, int content_type, const void * | |||
| 318 | 346 | ||
| 319 | if (len > 0) | 347 | if (len > 0) |
| 320 | { | 348 | { |
| 321 | switch (((unsigned char*)buf)[0]) | 349 | switch (((const unsigned char*)buf)[0]) |
| 322 | { | 350 | { |
| 323 | case 0: | 351 | case 0: |
| 324 | str_details1 = ", ERROR:"; | 352 | str_details1 = ", ERROR:"; |
| 325 | str_details2 = " ???"; | 353 | str_details2 = " ???"; |
| 326 | if (len >= 3) | 354 | if (len >= 3) |
| 327 | { | 355 | { |
| 328 | unsigned err = (((unsigned char*)buf)[1]<<8) + ((unsigned char*)buf)[2]; | 356 | unsigned err = (((const unsigned char*)buf)[1]<<8) + ((const unsigned char*)buf)[2]; |
| 329 | 357 | ||
| 330 | switch (err) | 358 | switch (err) |
| 331 | { | 359 | { |
| @@ -394,7 +422,7 @@ void MS_CALLBACK msg_cb(int write_p, int version, int content_type, const void * | |||
| 394 | 422 | ||
| 395 | if (len == 2) | 423 | if (len == 2) |
| 396 | { | 424 | { |
| 397 | switch (((unsigned char*)buf)[0]) | 425 | switch (((const unsigned char*)buf)[0]) |
| 398 | { | 426 | { |
| 399 | case 1: | 427 | case 1: |
| 400 | str_details1 = ", warning"; | 428 | str_details1 = ", warning"; |
| @@ -405,7 +433,7 @@ void MS_CALLBACK msg_cb(int write_p, int version, int content_type, const void * | |||
| 405 | } | 433 | } |
| 406 | 434 | ||
| 407 | str_details2 = " ???"; | 435 | str_details2 = " ???"; |
| 408 | switch (((unsigned char*)buf)[1]) | 436 | switch (((const unsigned char*)buf)[1]) |
| 409 | { | 437 | { |
| 410 | case 0: | 438 | case 0: |
| 411 | str_details2 = " close_notify"; | 439 | str_details2 = " close_notify"; |
| @@ -486,7 +514,7 @@ void MS_CALLBACK msg_cb(int write_p, int version, int content_type, const void * | |||
| 486 | 514 | ||
| 487 | if (len > 0) | 515 | if (len > 0) |
| 488 | { | 516 | { |
| 489 | switch (((unsigned char*)buf)[0]) | 517 | switch (((const unsigned char*)buf)[0]) |
| 490 | { | 518 | { |
| 491 | case 0: | 519 | case 0: |
| 492 | str_details1 = ", HelloRequest"; | 520 | str_details1 = ", HelloRequest"; |
| @@ -539,11 +567,70 @@ void MS_CALLBACK msg_cb(int write_p, int version, int content_type, const void * | |||
| 539 | { | 567 | { |
| 540 | if (i % 16 == 0 && i > 0) | 568 | if (i % 16 == 0 && i > 0) |
| 541 | BIO_printf(bio, "\n "); | 569 | BIO_printf(bio, "\n "); |
| 542 | BIO_printf(bio, " %02x", ((unsigned char*)buf)[i]); | 570 | BIO_printf(bio, " %02x", ((const unsigned char*)buf)[i]); |
| 543 | } | 571 | } |
| 544 | if (i < len) | 572 | if (i < len) |
| 545 | BIO_printf(bio, " ..."); | 573 | BIO_printf(bio, " ..."); |
| 546 | BIO_printf(bio, "\n"); | 574 | BIO_printf(bio, "\n"); |
| 547 | } | 575 | } |
| 548 | BIO_flush(bio); | 576 | (void)BIO_flush(bio); |
| 577 | } | ||
| 578 | |||
| 579 | void MS_CALLBACK tlsext_cb(SSL *s, int client_server, int type, | ||
| 580 | unsigned char *data, int len, | ||
| 581 | void *arg) | ||
| 582 | { | ||
| 583 | BIO *bio = arg; | ||
| 584 | char *extname; | ||
| 585 | |||
| 586 | switch(type) | ||
| 587 | { | ||
| 588 | case TLSEXT_TYPE_server_name: | ||
| 589 | extname = "server name"; | ||
| 590 | break; | ||
| 591 | |||
| 592 | case TLSEXT_TYPE_max_fragment_length: | ||
| 593 | extname = "max fragment length"; | ||
| 594 | break; | ||
| 595 | |||
| 596 | case TLSEXT_TYPE_client_certificate_url: | ||
| 597 | extname = "client certificate URL"; | ||
| 598 | break; | ||
| 599 | |||
| 600 | case TLSEXT_TYPE_trusted_ca_keys: | ||
| 601 | extname = "trusted CA keys"; | ||
| 602 | break; | ||
| 603 | |||
| 604 | case TLSEXT_TYPE_truncated_hmac: | ||
| 605 | extname = "truncated HMAC"; | ||
| 606 | break; | ||
| 607 | |||
| 608 | case TLSEXT_TYPE_status_request: | ||
| 609 | extname = "status request"; | ||
| 610 | break; | ||
| 611 | |||
| 612 | case TLSEXT_TYPE_elliptic_curves: | ||
| 613 | extname = "elliptic curves"; | ||
| 614 | break; | ||
| 615 | |||
| 616 | case TLSEXT_TYPE_ec_point_formats: | ||
| 617 | extname = "EC point formats"; | ||
| 618 | break; | ||
| 619 | |||
| 620 | case TLSEXT_TYPE_session_ticket: | ||
| 621 | extname = "server ticket"; | ||
| 622 | break; | ||
| 623 | |||
| 624 | |||
| 625 | default: | ||
| 626 | extname = "unknown"; | ||
| 627 | break; | ||
| 628 | |||
| 629 | } | ||
| 630 | |||
| 631 | BIO_printf(bio, "TLS %s extension \"%s\" (id=%d), len=%d\n", | ||
| 632 | client_server ? "server": "client", | ||
| 633 | extname, type, len); | ||
| 634 | BIO_dump(bio, (char *)data, len); | ||
| 635 | (void)BIO_flush(bio); | ||
| 549 | } | 636 | } |
diff --git a/src/lib/libssl/src/apps/s_client.c b/src/lib/libssl/src/apps/s_client.c index 78bc10d315..f01017ba48 100644 --- a/src/lib/libssl/src/apps/s_client.c +++ b/src/lib/libssl/src/apps/s_client.c | |||
| @@ -136,7 +136,9 @@ typedef unsigned int u_int; | |||
| 136 | #include <openssl/err.h> | 136 | #include <openssl/err.h> |
| 137 | #include <openssl/pem.h> | 137 | #include <openssl/pem.h> |
| 138 | #include <openssl/rand.h> | 138 | #include <openssl/rand.h> |
| 139 | #include <openssl/ocsp.h> | ||
| 139 | #include "s_apps.h" | 140 | #include "s_apps.h" |
| 141 | #include "timeouts.h" | ||
| 140 | 142 | ||
| 141 | #ifdef OPENSSL_SYS_WINCE | 143 | #ifdef OPENSSL_SYS_WINCE |
| 142 | /* Windows CE incorrectly defines fileno as returning void*, so to avoid problems below... */ | 144 | /* Windows CE incorrectly defines fileno as returning void*, so to avoid problems below... */ |
| @@ -172,11 +174,18 @@ static int c_nbio=0; | |||
| 172 | #endif | 174 | #endif |
| 173 | static int c_Pause=0; | 175 | static int c_Pause=0; |
| 174 | static int c_debug=0; | 176 | static int c_debug=0; |
| 177 | #ifndef OPENSSL_NO_TLSEXT | ||
| 178 | static int c_tlsextdebug=0; | ||
| 179 | static int c_status_req=0; | ||
| 180 | #endif | ||
| 175 | static int c_msg=0; | 181 | static int c_msg=0; |
| 176 | static int c_showcerts=0; | 182 | static int c_showcerts=0; |
| 177 | 183 | ||
| 178 | static void sc_usage(void); | 184 | static void sc_usage(void); |
| 179 | static void print_stuff(BIO *berr,SSL *con,int full); | 185 | static void print_stuff(BIO *berr,SSL *con,int full); |
| 186 | #ifndef OPENSSL_NO_TLSEXT | ||
| 187 | static int ocsp_resp_cb(SSL *s, void *arg); | ||
| 188 | #endif | ||
| 180 | static BIO *bio_c_out=NULL; | 189 | static BIO *bio_c_out=NULL; |
| 181 | static int c_quiet=0; | 190 | static int c_quiet=0; |
| 182 | static int c_ign_eof=0; | 191 | static int c_ign_eof=0; |
| @@ -191,10 +200,13 @@ static void sc_usage(void) | |||
| 191 | BIO_printf(bio_err," -port port - use -connect instead\n"); | 200 | BIO_printf(bio_err," -port port - use -connect instead\n"); |
| 192 | BIO_printf(bio_err," -connect host:port - who to connect to (default is %s:%s)\n",SSL_HOST_NAME,PORT_STR); | 201 | BIO_printf(bio_err," -connect host:port - who to connect to (default is %s:%s)\n",SSL_HOST_NAME,PORT_STR); |
| 193 | 202 | ||
| 194 | BIO_printf(bio_err," -verify arg - turn on peer certificate verification\n"); | 203 | BIO_printf(bio_err," -verify depth - turn on peer certificate verification\n"); |
| 195 | BIO_printf(bio_err," -cert arg - certificate file to use, PEM format assumed\n"); | 204 | BIO_printf(bio_err," -cert arg - certificate file to use, PEM format assumed\n"); |
| 196 | BIO_printf(bio_err," -key arg - Private key file to use, PEM format assumed, in cert file if\n"); | 205 | BIO_printf(bio_err," -certform arg - certificate format (PEM or DER) PEM default\n"); |
| 206 | BIO_printf(bio_err," -key arg - Private key file to use, in cert file if\n"); | ||
| 197 | BIO_printf(bio_err," not specified but cert file is.\n"); | 207 | BIO_printf(bio_err," not specified but cert file is.\n"); |
| 208 | BIO_printf(bio_err," -keyform arg - key format (PEM or DER) PEM default\n"); | ||
| 209 | BIO_printf(bio_err," -pass arg - private key file pass phrase source\n"); | ||
| 198 | BIO_printf(bio_err," -CApath arg - PEM format directory of CA's\n"); | 210 | BIO_printf(bio_err," -CApath arg - PEM format directory of CA's\n"); |
| 199 | BIO_printf(bio_err," -CAfile arg - PEM format file of CA's\n"); | 211 | BIO_printf(bio_err," -CAfile arg - PEM format file of CA's\n"); |
| 200 | BIO_printf(bio_err," -reconnect - Drop and re-make the connection with the same Session-ID\n"); | 212 | BIO_printf(bio_err," -reconnect - Drop and re-make the connection with the same Session-ID\n"); |
| @@ -216,6 +228,8 @@ static void sc_usage(void) | |||
| 216 | BIO_printf(bio_err," -ssl2 - just use SSLv2\n"); | 228 | BIO_printf(bio_err," -ssl2 - just use SSLv2\n"); |
| 217 | BIO_printf(bio_err," -ssl3 - just use SSLv3\n"); | 229 | BIO_printf(bio_err," -ssl3 - just use SSLv3\n"); |
| 218 | BIO_printf(bio_err," -tls1 - just use TLSv1\n"); | 230 | BIO_printf(bio_err," -tls1 - just use TLSv1\n"); |
| 231 | BIO_printf(bio_err," -dtls1 - just use DTLSv1\n"); | ||
| 232 | BIO_printf(bio_err," -mtu - set the MTU\n"); | ||
| 219 | BIO_printf(bio_err," -no_tls1/-no_ssl3/-no_ssl2 - turn off that protocol\n"); | 233 | BIO_printf(bio_err," -no_tls1/-no_ssl3/-no_ssl2 - turn off that protocol\n"); |
| 220 | BIO_printf(bio_err," -bugs - Switch on all SSL implementation bug workarounds\n"); | 234 | BIO_printf(bio_err," -bugs - Switch on all SSL implementation bug workarounds\n"); |
| 221 | BIO_printf(bio_err," -serverpref - Use server's cipher preferences (only SSLv2)\n"); | 235 | BIO_printf(bio_err," -serverpref - Use server's cipher preferences (only SSLv2)\n"); |
| @@ -224,13 +238,50 @@ static void sc_usage(void) | |||
| 224 | BIO_printf(bio_err," -starttls prot - use the STARTTLS command before starting TLS\n"); | 238 | BIO_printf(bio_err," -starttls prot - use the STARTTLS command before starting TLS\n"); |
| 225 | BIO_printf(bio_err," for those protocols that support it, where\n"); | 239 | BIO_printf(bio_err," for those protocols that support it, where\n"); |
| 226 | BIO_printf(bio_err," 'prot' defines which one to assume. Currently,\n"); | 240 | BIO_printf(bio_err," 'prot' defines which one to assume. Currently,\n"); |
| 227 | BIO_printf(bio_err," only \"smtp\" and \"pop3\" are supported.\n"); | 241 | BIO_printf(bio_err," only \"smtp\", \"pop3\", \"imap\", and \"ftp\" are supported.\n"); |
| 228 | #ifndef OPENSSL_NO_ENGINE | 242 | #ifndef OPENSSL_NO_ENGINE |
| 229 | BIO_printf(bio_err," -engine id - Initialise and use the specified engine\n"); | 243 | BIO_printf(bio_err," -engine id - Initialise and use the specified engine\n"); |
| 230 | #endif | 244 | #endif |
| 231 | BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR); | 245 | BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR); |
| 246 | BIO_printf(bio_err," -sess_out arg - file to write SSL session to\n"); | ||
| 247 | BIO_printf(bio_err," -sess_in arg - file to read SSL session from\n"); | ||
| 248 | #ifndef OPENSSL_NO_TLSEXT | ||
| 249 | BIO_printf(bio_err," -servername host - Set TLS extension servername in ClientHello\n"); | ||
| 250 | BIO_printf(bio_err," -tlsextdebug - hex dump of all TLS extensions received\n"); | ||
| 251 | BIO_printf(bio_err," -status - request certificate status from server\n"); | ||
| 252 | BIO_printf(bio_err," -no_ticket - disable use of RFC4507bis session tickets\n"); | ||
| 253 | #endif | ||
| 254 | } | ||
| 255 | |||
| 256 | #ifndef OPENSSL_NO_TLSEXT | ||
| 232 | 257 | ||
| 258 | /* This is a context that we pass to callbacks */ | ||
| 259 | typedef struct tlsextctx_st { | ||
| 260 | BIO * biodebug; | ||
| 261 | int ack; | ||
| 262 | } tlsextctx; | ||
| 263 | |||
| 264 | |||
| 265 | static int MS_CALLBACK ssl_servername_cb(SSL *s, int *ad, void *arg) | ||
| 266 | { | ||
| 267 | tlsextctx * p = (tlsextctx *) arg; | ||
| 268 | const char * hn= SSL_get_servername(s, TLSEXT_NAMETYPE_host_name); | ||
| 269 | if (SSL_get_servername_type(s) != -1) | ||
| 270 | p->ack = !SSL_session_reused(s) && hn != NULL; | ||
| 271 | else | ||
| 272 | BIO_printf(bio_err,"Can't use SSL_get_servername\n"); | ||
| 273 | |||
| 274 | return SSL_TLSEXT_ERR_OK; | ||
| 233 | } | 275 | } |
| 276 | #endif | ||
| 277 | enum | ||
| 278 | { | ||
| 279 | PROTO_OFF = 0, | ||
| 280 | PROTO_SMTP, | ||
| 281 | PROTO_POP3, | ||
| 282 | PROTO_IMAP, | ||
| 283 | PROTO_FTP | ||
| 284 | }; | ||
| 234 | 285 | ||
| 235 | int MAIN(int, char **); | 286 | int MAIN(int, char **); |
| 236 | 287 | ||
| @@ -243,31 +294,52 @@ int MAIN(int argc, char **argv) | |||
| 243 | char *cbuf=NULL,*sbuf=NULL,*mbuf=NULL; | 294 | char *cbuf=NULL,*sbuf=NULL,*mbuf=NULL; |
| 244 | int cbuf_len,cbuf_off; | 295 | int cbuf_len,cbuf_off; |
| 245 | int sbuf_len,sbuf_off; | 296 | int sbuf_len,sbuf_off; |
| 246 | int mbuf_len,mbuf_off; | 297 | int mbuf_len; |
| 247 | fd_set readfds,writefds; | 298 | fd_set readfds,writefds; |
| 248 | char *port=PORT_STR; | 299 | char *port=PORT_STR; |
| 249 | int full_log=1; | 300 | int full_log=1; |
| 250 | char *host=SSL_HOST_NAME; | 301 | char *host=SSL_HOST_NAME; |
| 251 | char *cert_file=NULL,*key_file=NULL; | 302 | char *cert_file=NULL,*key_file=NULL; |
| 303 | int cert_format = FORMAT_PEM, key_format = FORMAT_PEM; | ||
| 304 | char *passarg = NULL, *pass = NULL; | ||
| 305 | X509 *cert = NULL; | ||
| 306 | EVP_PKEY *key = NULL; | ||
| 252 | char *CApath=NULL,*CAfile=NULL,*cipher=NULL; | 307 | char *CApath=NULL,*CAfile=NULL,*cipher=NULL; |
| 253 | int reconnect=0,badop=0,verify=SSL_VERIFY_NONE,bugs=0; | 308 | int reconnect=0,badop=0,verify=SSL_VERIFY_NONE,bugs=0; |
| 254 | int crlf=0; | 309 | int crlf=0; |
| 255 | int write_tty,read_tty,write_ssl,read_ssl,tty_on,ssl_pending; | 310 | int write_tty,read_tty,write_ssl,read_ssl,tty_on,ssl_pending; |
| 256 | SSL_CTX *ctx=NULL; | 311 | SSL_CTX *ctx=NULL; |
| 257 | int ret=1,in_init=1,i,nbio_test=0; | 312 | int ret=1,in_init=1,i,nbio_test=0; |
| 258 | int starttls_proto = 0; | 313 | int starttls_proto = PROTO_OFF; |
| 259 | int prexit = 0, vflags = 0; | 314 | int prexit = 0, vflags = 0; |
| 260 | SSL_METHOD *meth=NULL; | 315 | SSL_METHOD *meth=NULL; |
| 316 | #ifdef sock_type | ||
| 317 | #undef sock_type | ||
| 318 | #endif | ||
| 319 | int sock_type=SOCK_STREAM; | ||
| 261 | BIO *sbio; | 320 | BIO *sbio; |
| 262 | char *inrand=NULL; | 321 | char *inrand=NULL; |
| 322 | int mbuf_len=0; | ||
| 263 | #ifndef OPENSSL_NO_ENGINE | 323 | #ifndef OPENSSL_NO_ENGINE |
| 264 | char *engine_id=NULL; | 324 | char *engine_id=NULL; |
| 265 | ENGINE *e=NULL; | 325 | ENGINE *e=NULL; |
| 266 | #endif | 326 | #endif |
| 267 | #if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) | 327 | #if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_NETWARE) |
| 268 | struct timeval tv; | 328 | struct timeval tv; |
| 269 | #endif | 329 | #endif |
| 270 | 330 | ||
| 331 | #ifndef OPENSSL_NO_TLSEXT | ||
| 332 | char *servername = NULL; | ||
| 333 | tlsextctx tlsextcbp = | ||
| 334 | {NULL,0}; | ||
| 335 | #endif | ||
| 336 | char *sess_in = NULL; | ||
| 337 | char *sess_out = NULL; | ||
| 338 | struct sockaddr peer; | ||
| 339 | int peerlen = sizeof(peer); | ||
| 340 | int enable_timeouts = 0 ; | ||
| 341 | long mtu = 0; | ||
| 342 | |||
| 271 | #if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3) | 343 | #if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3) |
| 272 | meth=SSLv23_client_method(); | 344 | meth=SSLv23_client_method(); |
| 273 | #elif !defined(OPENSSL_NO_SSL3) | 345 | #elif !defined(OPENSSL_NO_SSL3) |
| @@ -337,6 +409,21 @@ int MAIN(int argc, char **argv) | |||
| 337 | if (--argc < 1) goto bad; | 409 | if (--argc < 1) goto bad; |
| 338 | cert_file= *(++argv); | 410 | cert_file= *(++argv); |
| 339 | } | 411 | } |
| 412 | else if (strcmp(*argv,"-sess_out") == 0) | ||
| 413 | { | ||
| 414 | if (--argc < 1) goto bad; | ||
| 415 | sess_out = *(++argv); | ||
| 416 | } | ||
| 417 | else if (strcmp(*argv,"-sess_in") == 0) | ||
| 418 | { | ||
| 419 | if (--argc < 1) goto bad; | ||
| 420 | sess_in = *(++argv); | ||
| 421 | } | ||
| 422 | else if (strcmp(*argv,"-certform") == 0) | ||
| 423 | { | ||
| 424 | if (--argc < 1) goto bad; | ||
| 425 | cert_format = str2fmt(*(++argv)); | ||
| 426 | } | ||
| 340 | else if (strcmp(*argv,"-crl_check") == 0) | 427 | else if (strcmp(*argv,"-crl_check") == 0) |
| 341 | vflags |= X509_V_FLAG_CRL_CHECK; | 428 | vflags |= X509_V_FLAG_CRL_CHECK; |
| 342 | else if (strcmp(*argv,"-crl_check_all") == 0) | 429 | else if (strcmp(*argv,"-crl_check_all") == 0) |
| @@ -356,8 +443,14 @@ int MAIN(int argc, char **argv) | |||
| 356 | c_Pause=1; | 443 | c_Pause=1; |
| 357 | else if (strcmp(*argv,"-debug") == 0) | 444 | else if (strcmp(*argv,"-debug") == 0) |
| 358 | c_debug=1; | 445 | c_debug=1; |
| 446 | #ifndef OPENSSL_NO_TLSEXT | ||
| 447 | else if (strcmp(*argv,"-tlsextdebug") == 0) | ||
| 448 | c_tlsextdebug=1; | ||
| 449 | else if (strcmp(*argv,"-status") == 0) | ||
| 450 | c_status_req=1; | ||
| 451 | #endif | ||
| 359 | #ifdef WATT32 | 452 | #ifdef WATT32 |
| 360 | else if (strcmp(*argv,"-wdebug") == 0) | 453 | else if (strcmp(*argv,"-wdebug") == 0) |
| 361 | dbug_init(); | 454 | dbug_init(); |
| 362 | #endif | 455 | #endif |
| 363 | else if (strcmp(*argv,"-msg") == 0) | 456 | else if (strcmp(*argv,"-msg") == 0) |
| @@ -380,8 +473,32 @@ int MAIN(int argc, char **argv) | |||
| 380 | else if (strcmp(*argv,"-tls1") == 0) | 473 | else if (strcmp(*argv,"-tls1") == 0) |
| 381 | meth=TLSv1_client_method(); | 474 | meth=TLSv1_client_method(); |
| 382 | #endif | 475 | #endif |
| 476 | #ifndef OPENSSL_NO_DTLS1 | ||
| 477 | else if (strcmp(*argv,"-dtls1") == 0) | ||
| 478 | { | ||
| 479 | meth=DTLSv1_client_method(); | ||
| 480 | sock_type=SOCK_DGRAM; | ||
| 481 | } | ||
| 482 | else if (strcmp(*argv,"-timeout") == 0) | ||
| 483 | enable_timeouts=1; | ||
| 484 | else if (strcmp(*argv,"-mtu") == 0) | ||
| 485 | { | ||
| 486 | if (--argc < 1) goto bad; | ||
| 487 | mtu = atol(*(++argv)); | ||
| 488 | } | ||
| 489 | #endif | ||
| 383 | else if (strcmp(*argv,"-bugs") == 0) | 490 | else if (strcmp(*argv,"-bugs") == 0) |
| 384 | bugs=1; | 491 | bugs=1; |
| 492 | else if (strcmp(*argv,"-keyform") == 0) | ||
| 493 | { | ||
| 494 | if (--argc < 1) goto bad; | ||
| 495 | key_format = str2fmt(*(++argv)); | ||
| 496 | } | ||
| 497 | else if (strcmp(*argv,"-pass") == 0) | ||
| 498 | { | ||
| 499 | if (--argc < 1) goto bad; | ||
| 500 | passarg = *(++argv); | ||
| 501 | } | ||
| 385 | else if (strcmp(*argv,"-key") == 0) | 502 | else if (strcmp(*argv,"-key") == 0) |
| 386 | { | 503 | { |
| 387 | if (--argc < 1) goto bad; | 504 | if (--argc < 1) goto bad; |
| @@ -407,6 +524,10 @@ int MAIN(int argc, char **argv) | |||
| 407 | off|=SSL_OP_NO_SSLv3; | 524 | off|=SSL_OP_NO_SSLv3; |
| 408 | else if (strcmp(*argv,"-no_ssl2") == 0) | 525 | else if (strcmp(*argv,"-no_ssl2") == 0) |
| 409 | off|=SSL_OP_NO_SSLv2; | 526 | off|=SSL_OP_NO_SSLv2; |
| 527 | #ifndef OPENSSL_NO_TLSEXT | ||
| 528 | else if (strcmp(*argv,"-no_ticket") == 0) | ||
| 529 | { off|=SSL_OP_NO_TICKET; } | ||
| 530 | #endif | ||
| 410 | else if (strcmp(*argv,"-serverpref") == 0) | 531 | else if (strcmp(*argv,"-serverpref") == 0) |
| 411 | off|=SSL_OP_CIPHER_SERVER_PREFERENCE; | 532 | off|=SSL_OP_CIPHER_SERVER_PREFERENCE; |
| 412 | else if (strcmp(*argv,"-cipher") == 0) | 533 | else if (strcmp(*argv,"-cipher") == 0) |
| @@ -423,9 +544,13 @@ int MAIN(int argc, char **argv) | |||
| 423 | if (--argc < 1) goto bad; | 544 | if (--argc < 1) goto bad; |
| 424 | ++argv; | 545 | ++argv; |
| 425 | if (strcmp(*argv,"smtp") == 0) | 546 | if (strcmp(*argv,"smtp") == 0) |
| 426 | starttls_proto = 1; | 547 | starttls_proto = PROTO_SMTP; |
| 427 | else if (strcmp(*argv,"pop3") == 0) | 548 | else if (strcmp(*argv,"pop3") == 0) |
| 428 | starttls_proto = 2; | 549 | starttls_proto = PROTO_POP3; |
| 550 | else if (strcmp(*argv,"imap") == 0) | ||
| 551 | starttls_proto = PROTO_IMAP; | ||
| 552 | else if (strcmp(*argv,"ftp") == 0) | ||
| 553 | starttls_proto = PROTO_FTP; | ||
| 429 | else | 554 | else |
| 430 | goto bad; | 555 | goto bad; |
| 431 | } | 556 | } |
| @@ -443,6 +568,14 @@ int MAIN(int argc, char **argv) | |||
| 443 | } | 568 | } |
| 444 | else if (strcmp(*argv,"-4") == 0) { af = AF_INET;} | 569 | else if (strcmp(*argv,"-4") == 0) { af = AF_INET;} |
| 445 | else if (strcmp(*argv,"-6") == 0) { af = AF_INET6;} | 570 | else if (strcmp(*argv,"-6") == 0) { af = AF_INET6;} |
| 571 | #ifndef OPENSSL_NO_TLSEXT | ||
| 572 | else if (strcmp(*argv,"-servername") == 0) | ||
| 573 | { | ||
| 574 | if (--argc < 1) goto bad; | ||
| 575 | servername= *(++argv); | ||
| 576 | /* meth=TLSv1_client_method(); */ | ||
| 577 | } | ||
| 578 | #endif | ||
| 446 | else | 579 | else |
| 447 | { | 580 | { |
| 448 | BIO_printf(bio_err,"unknown option %s\n",*argv); | 581 | BIO_printf(bio_err,"unknown option %s\n",*argv); |
| @@ -465,6 +598,42 @@ bad: | |||
| 465 | #ifndef OPENSSL_NO_ENGINE | 598 | #ifndef OPENSSL_NO_ENGINE |
| 466 | e = setup_engine(bio_err, engine_id, 1); | 599 | e = setup_engine(bio_err, engine_id, 1); |
| 467 | #endif | 600 | #endif |
| 601 | if (!app_passwd(bio_err, passarg, NULL, &pass, NULL)) | ||
| 602 | { | ||
| 603 | BIO_printf(bio_err, "Error getting password\n"); | ||
| 604 | goto end; | ||
| 605 | } | ||
| 606 | |||
| 607 | if (key_file == NULL) | ||
| 608 | key_file = cert_file; | ||
| 609 | |||
| 610 | |||
| 611 | if (key_file) | ||
| 612 | |||
| 613 | { | ||
| 614 | |||
| 615 | key = load_key(bio_err, key_file, key_format, 0, pass, e, | ||
| 616 | "client certificate private key file"); | ||
| 617 | if (!key) | ||
| 618 | { | ||
| 619 | ERR_print_errors(bio_err); | ||
| 620 | goto end; | ||
| 621 | } | ||
| 622 | |||
| 623 | } | ||
| 624 | |||
| 625 | if (cert_file) | ||
| 626 | |||
| 627 | { | ||
| 628 | cert = load_cert(bio_err,cert_file,cert_format, | ||
| 629 | NULL, e, "client certificate file"); | ||
| 630 | |||
| 631 | if (!cert) | ||
| 632 | { | ||
| 633 | ERR_print_errors(bio_err); | ||
| 634 | goto end; | ||
| 635 | } | ||
| 636 | } | ||
| 468 | 637 | ||
| 469 | if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL | 638 | if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL |
| 470 | && !RAND_status()) | 639 | && !RAND_status()) |
| @@ -499,6 +668,10 @@ bad: | |||
| 499 | SSL_CTX_set_options(ctx,SSL_OP_ALL|off); | 668 | SSL_CTX_set_options(ctx,SSL_OP_ALL|off); |
| 500 | else | 669 | else |
| 501 | SSL_CTX_set_options(ctx,off); | 670 | SSL_CTX_set_options(ctx,off); |
| 671 | /* DTLS: partial reads end up discarding unread UDP bytes :-( | ||
| 672 | * Setting read ahead solves this problem. | ||
| 673 | */ | ||
| 674 | if (sock_type == SOCK_DGRAM) SSL_CTX_set_read_ahead(ctx, 1); | ||
| 502 | 675 | ||
| 503 | if (state) SSL_CTX_set_info_callback(ctx,apps_ssl_info_callback); | 676 | if (state) SSL_CTX_set_info_callback(ctx,apps_ssl_info_callback); |
| 504 | if (cipher != NULL) | 677 | if (cipher != NULL) |
| @@ -513,7 +686,7 @@ bad: | |||
| 513 | #endif | 686 | #endif |
| 514 | 687 | ||
| 515 | SSL_CTX_set_verify(ctx,verify,verify_callback); | 688 | SSL_CTX_set_verify(ctx,verify,verify_callback); |
| 516 | if (!set_cert_stuff(ctx,cert_file,key_file)) | 689 | if (!set_cert_key_stuff(ctx,cert,key)) |
| 517 | goto end; | 690 | goto end; |
| 518 | 691 | ||
| 519 | if ((!SSL_CTX_load_verify_locations(ctx,CAfile,CApath)) || | 692 | if ((!SSL_CTX_load_verify_locations(ctx,CAfile,CApath)) || |
| @@ -526,8 +699,51 @@ bad: | |||
| 526 | 699 | ||
| 527 | store = SSL_CTX_get_cert_store(ctx); | 700 | store = SSL_CTX_get_cert_store(ctx); |
| 528 | X509_STORE_set_flags(store, vflags); | 701 | X509_STORE_set_flags(store, vflags); |
| 702 | #ifndef OPENSSL_NO_TLSEXT | ||
| 703 | if (servername != NULL) | ||
| 704 | { | ||
| 705 | tlsextcbp.biodebug = bio_err; | ||
| 706 | SSL_CTX_set_tlsext_servername_callback(ctx, ssl_servername_cb); | ||
| 707 | SSL_CTX_set_tlsext_servername_arg(ctx, &tlsextcbp); | ||
| 708 | } | ||
| 709 | #endif | ||
| 529 | 710 | ||
| 530 | con=SSL_new(ctx); | 711 | con=SSL_new(ctx); |
| 712 | if (sess_in) | ||
| 713 | { | ||
| 714 | SSL_SESSION *sess; | ||
| 715 | BIO *stmp = BIO_new_file(sess_in, "r"); | ||
| 716 | if (!stmp) | ||
| 717 | { | ||
| 718 | BIO_printf(bio_err, "Can't open session file %s\n", | ||
| 719 | sess_in); | ||
| 720 | ERR_print_errors(bio_err); | ||
| 721 | goto end; | ||
| 722 | } | ||
| 723 | sess = PEM_read_bio_SSL_SESSION(stmp, NULL, 0, NULL); | ||
| 724 | BIO_free(stmp); | ||
| 725 | if (!sess) | ||
| 726 | { | ||
| 727 | BIO_printf(bio_err, "Can't open session file %s\n", | ||
| 728 | sess_in); | ||
| 729 | ERR_print_errors(bio_err); | ||
| 730 | goto end; | ||
| 731 | } | ||
| 732 | SSL_set_session(con, sess); | ||
| 733 | SSL_SESSION_free(sess); | ||
| 734 | } | ||
| 735 | #ifndef OPENSSL_NO_TLSEXT | ||
| 736 | if (servername != NULL) | ||
| 737 | { | ||
| 738 | if (!SSL_set_tlsext_host_name(con,servername)) | ||
| 739 | { | ||
| 740 | BIO_printf(bio_err,"Unable to set TLS servername extension.\n"); | ||
| 741 | ERR_print_errors(bio_err); | ||
| 742 | goto end; | ||
| 743 | } | ||
| 744 | } | ||
| 745 | #endif | ||
| 746 | |||
| 531 | #ifndef OPENSSL_NO_KRB5 | 747 | #ifndef OPENSSL_NO_KRB5 |
| 532 | if (con && (con->kssl_ctx = kssl_ctx_new()) != NULL) | 748 | if (con && (con->kssl_ctx = kssl_ctx_new()) != NULL) |
| 533 | { | 749 | { |
| @@ -538,7 +754,7 @@ bad: | |||
| 538 | 754 | ||
| 539 | re_start: | 755 | re_start: |
| 540 | 756 | ||
| 541 | if (init_client(&s,host,port,af) == 0) | 757 | if (init_client(&s,host,port,sock_type,af) == 0) |
| 542 | { | 758 | { |
| 543 | BIO_printf(bio_err,"connect:errno=%d\n",get_last_socket_error()); | 759 | BIO_printf(bio_err,"connect:errno=%d\n",get_last_socket_error()); |
| 544 | SHUTDOWN(s); | 760 | SHUTDOWN(s); |
| @@ -559,7 +775,46 @@ re_start: | |||
| 559 | } | 775 | } |
| 560 | #endif | 776 | #endif |
| 561 | if (c_Pause & 0x01) con->debug=1; | 777 | if (c_Pause & 0x01) con->debug=1; |
| 562 | sbio=BIO_new_socket(s,BIO_NOCLOSE); | 778 | |
| 779 | if ( SSL_version(con) == DTLS1_VERSION) | ||
| 780 | { | ||
| 781 | struct timeval timeout; | ||
| 782 | |||
| 783 | sbio=BIO_new_dgram(s,BIO_NOCLOSE); | ||
| 784 | if (getsockname(s, &peer, (void *)&peerlen) < 0) | ||
| 785 | { | ||
| 786 | BIO_printf(bio_err, "getsockname:errno=%d\n", | ||
| 787 | get_last_socket_error()); | ||
| 788 | SHUTDOWN(s); | ||
| 789 | goto end; | ||
| 790 | } | ||
| 791 | |||
| 792 | (void)BIO_ctrl_set_connected(sbio, 1, &peer); | ||
| 793 | |||
| 794 | if ( enable_timeouts) | ||
| 795 | { | ||
| 796 | timeout.tv_sec = 0; | ||
| 797 | timeout.tv_usec = DGRAM_RCV_TIMEOUT; | ||
| 798 | BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_RECV_TIMEOUT, 0, &timeout); | ||
| 799 | |||
| 800 | timeout.tv_sec = 0; | ||
| 801 | timeout.tv_usec = DGRAM_SND_TIMEOUT; | ||
| 802 | BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_SEND_TIMEOUT, 0, &timeout); | ||
| 803 | } | ||
| 804 | |||
| 805 | if ( mtu > 0) | ||
| 806 | { | ||
| 807 | SSL_set_options(con, SSL_OP_NO_QUERY_MTU); | ||
| 808 | SSL_set_mtu(con, mtu); | ||
| 809 | } | ||
| 810 | else | ||
| 811 | /* want to do MTU discovery */ | ||
| 812 | BIO_ctrl(sbio, BIO_CTRL_DGRAM_MTU_DISCOVER, 0, NULL); | ||
| 813 | } | ||
| 814 | else | ||
| 815 | sbio=BIO_new_socket(s,BIO_NOCLOSE); | ||
| 816 | |||
| 817 | |||
| 563 | 818 | ||
| 564 | if (nbio_test) | 819 | if (nbio_test) |
| 565 | { | 820 | { |
| @@ -572,14 +827,38 @@ re_start: | |||
| 572 | if (c_debug) | 827 | if (c_debug) |
| 573 | { | 828 | { |
| 574 | con->debug=1; | 829 | con->debug=1; |
| 575 | BIO_set_callback(sbio,bio_dump_cb); | 830 | BIO_set_callback(sbio,bio_dump_callback); |
| 576 | BIO_set_callback_arg(sbio,bio_c_out); | 831 | BIO_set_callback_arg(sbio,(char *)bio_c_out); |
| 577 | } | 832 | } |
| 578 | if (c_msg) | 833 | if (c_msg) |
| 579 | { | 834 | { |
| 580 | SSL_set_msg_callback(con, msg_cb); | 835 | SSL_set_msg_callback(con, msg_cb); |
| 581 | SSL_set_msg_callback_arg(con, bio_c_out); | 836 | SSL_set_msg_callback_arg(con, bio_c_out); |
| 582 | } | 837 | } |
| 838 | #ifndef OPENSSL_NO_TLSEXT | ||
| 839 | if (c_tlsextdebug) | ||
| 840 | { | ||
| 841 | SSL_set_tlsext_debug_callback(con, tlsext_cb); | ||
| 842 | SSL_set_tlsext_debug_arg(con, bio_c_out); | ||
| 843 | } | ||
| 844 | if (c_status_req) | ||
| 845 | { | ||
| 846 | SSL_set_tlsext_status_type(con, TLSEXT_STATUSTYPE_ocsp); | ||
| 847 | SSL_CTX_set_tlsext_status_cb(ctx, ocsp_resp_cb); | ||
| 848 | SSL_CTX_set_tlsext_status_arg(ctx, bio_c_out); | ||
| 849 | #if 0 | ||
| 850 | { | ||
| 851 | STACK_OF(OCSP_RESPID) *ids = sk_OCSP_RESPID_new_null(); | ||
| 852 | OCSP_RESPID *id = OCSP_RESPID_new(); | ||
| 853 | id->value.byKey = ASN1_OCTET_STRING_new(); | ||
| 854 | id->type = V_OCSP_RESPID_KEY; | ||
| 855 | ASN1_STRING_set(id->value.byKey, "Hello World", -1); | ||
| 856 | sk_OCSP_RESPID_push(ids, id); | ||
| 857 | SSL_set_tlsext_status_ids(con, ids); | ||
| 858 | } | ||
| 859 | #endif | ||
| 860 | } | ||
| 861 | #endif | ||
| 583 | 862 | ||
| 584 | SSL_set_bio(con,sbio,sbio); | 863 | SSL_set_bio(con,sbio,sbio); |
| 585 | SSL_set_connect_state(con); | 864 | SSL_set_connect_state(con); |
| @@ -598,28 +877,47 @@ re_start: | |||
| 598 | sbuf_len=0; | 877 | sbuf_len=0; |
| 599 | sbuf_off=0; | 878 | sbuf_off=0; |
| 600 | mbuf_len=0; | 879 | mbuf_len=0; |
| 601 | mbuf_off=0; | ||
| 602 | 880 | ||
| 603 | /* This is an ugly hack that does a lot of assumptions */ | 881 | /* This is an ugly hack that does a lot of assumptions */ |
| 604 | if (starttls_proto == 1) | 882 | /* We do have to handle multi-line responses which may come |
| 883 | in a single packet or not. We therefore have to use | ||
| 884 | BIO_gets() which does need a buffering BIO. So during | ||
| 885 | the initial chitchat we do push a buffering BIO into the | ||
| 886 | chain that is removed again later on to not disturb the | ||
| 887 | rest of the s_client operation. */ | ||
| 888 | if (starttls_proto == PROTO_SMTP) | ||
| 605 | { | 889 | { |
| 606 | mbuf_off = mbuf_len = BIO_read(sbio,mbuf,BUFSIZZ); | 890 | int foundit=0; |
| 607 | if (mbuf_len == -1) | 891 | BIO *fbio = BIO_new(BIO_f_buffer()); |
| 892 | BIO_push(fbio, sbio); | ||
| 893 | /* wait for multi-line response to end from SMTP */ | ||
| 894 | do | ||
| 608 | { | 895 | { |
| 609 | BIO_printf(bio_err,"BIO_read failed\n"); | 896 | mbuf_len = BIO_gets(fbio,mbuf,BUFSIZZ); |
| 610 | goto end; | ||
| 611 | } | 897 | } |
| 612 | BIO_printf(sbio,"EHLO some.host.name\r\n"); | 898 | while (mbuf_len>3 && mbuf[3]=='-'); |
| 613 | mbuf_len = BIO_read(sbio,mbuf + mbuf_off,BUFSIZZ - mbuf_off); | 899 | /* STARTTLS command requires EHLO... */ |
| 614 | if (mbuf_len == -1) | 900 | BIO_printf(fbio,"EHLO openssl.client.net\r\n"); |
| 901 | (void)BIO_flush(fbio); | ||
| 902 | /* wait for multi-line response to end EHLO SMTP response */ | ||
| 903 | do | ||
| 615 | { | 904 | { |
| 616 | BIO_printf(bio_err,"BIO_read failed\n"); | 905 | mbuf_len = BIO_gets(fbio,mbuf,BUFSIZZ); |
| 617 | goto end; | 906 | if (strstr(mbuf,"STARTTLS")) |
| 907 | foundit=1; | ||
| 618 | } | 908 | } |
| 909 | while (mbuf_len>3 && mbuf[3]=='-'); | ||
| 910 | (void)BIO_flush(fbio); | ||
| 911 | BIO_pop(fbio); | ||
| 912 | BIO_free(fbio); | ||
| 913 | if (!foundit) | ||
| 914 | BIO_printf(bio_err, | ||
| 915 | "didn't found starttls in server response," | ||
| 916 | " try anyway...\n"); | ||
| 619 | BIO_printf(sbio,"STARTTLS\r\n"); | 917 | BIO_printf(sbio,"STARTTLS\r\n"); |
| 620 | BIO_read(sbio,sbuf,BUFSIZZ); | 918 | BIO_read(sbio,sbuf,BUFSIZZ); |
| 621 | } | 919 | } |
| 622 | if (starttls_proto == 2) | 920 | else if (starttls_proto == PROTO_POP3) |
| 623 | { | 921 | { |
| 624 | mbuf_len = BIO_read(sbio,mbuf,BUFSIZZ); | 922 | mbuf_len = BIO_read(sbio,mbuf,BUFSIZZ); |
| 625 | if (mbuf_len == -1) | 923 | if (mbuf_len == -1) |
| @@ -630,8 +928,49 @@ re_start: | |||
| 630 | BIO_printf(sbio,"STLS\r\n"); | 928 | BIO_printf(sbio,"STLS\r\n"); |
| 631 | BIO_read(sbio,sbuf,BUFSIZZ); | 929 | BIO_read(sbio,sbuf,BUFSIZZ); |
| 632 | } | 930 | } |
| 633 | 931 | else if (starttls_proto == PROTO_IMAP) | |
| 634 | mbuf[mbuf_off + mbuf_len] = '\0'; | 932 | { |
| 933 | int foundit=0; | ||
| 934 | BIO *fbio = BIO_new(BIO_f_buffer()); | ||
| 935 | BIO_push(fbio, sbio); | ||
| 936 | BIO_gets(fbio,mbuf,BUFSIZZ); | ||
| 937 | /* STARTTLS command requires CAPABILITY... */ | ||
| 938 | BIO_printf(fbio,". CAPABILITY\r\n"); | ||
| 939 | (void)BIO_flush(fbio); | ||
| 940 | /* wait for multi-line CAPABILITY response */ | ||
| 941 | do | ||
| 942 | { | ||
| 943 | mbuf_len = BIO_gets(fbio,mbuf,BUFSIZZ); | ||
| 944 | if (strstr(mbuf,"STARTTLS")) | ||
| 945 | foundit=1; | ||
| 946 | } | ||
| 947 | while (mbuf_len>3 && mbuf[0]!='.'); | ||
| 948 | (void)BIO_flush(fbio); | ||
| 949 | BIO_pop(fbio); | ||
| 950 | BIO_free(fbio); | ||
| 951 | if (!foundit) | ||
| 952 | BIO_printf(bio_err, | ||
| 953 | "didn't found STARTTLS in server response," | ||
| 954 | " try anyway...\n"); | ||
| 955 | BIO_printf(sbio,". STARTTLS\r\n"); | ||
| 956 | BIO_read(sbio,sbuf,BUFSIZZ); | ||
| 957 | } | ||
| 958 | else if (starttls_proto == PROTO_FTP) | ||
| 959 | { | ||
| 960 | BIO *fbio = BIO_new(BIO_f_buffer()); | ||
| 961 | BIO_push(fbio, sbio); | ||
| 962 | /* wait for multi-line response to end from FTP */ | ||
| 963 | do | ||
| 964 | { | ||
| 965 | mbuf_len = BIO_gets(fbio,mbuf,BUFSIZZ); | ||
| 966 | } | ||
| 967 | while (mbuf_len>3 && mbuf[3]=='-'); | ||
| 968 | (void)BIO_flush(fbio); | ||
| 969 | BIO_pop(fbio); | ||
| 970 | BIO_free(fbio); | ||
| 971 | BIO_printf(sbio,"AUTH TLS\r\n"); | ||
| 972 | BIO_read(sbio,sbuf,BUFSIZZ); | ||
| 973 | } | ||
| 635 | 974 | ||
| 636 | for (;;) | 975 | for (;;) |
| 637 | { | 976 | { |
| @@ -649,6 +988,17 @@ re_start: | |||
| 649 | if (in_init) | 988 | if (in_init) |
| 650 | { | 989 | { |
| 651 | in_init=0; | 990 | in_init=0; |
| 991 | if (sess_out) | ||
| 992 | { | ||
| 993 | BIO *stmp = BIO_new_file(sess_out, "w"); | ||
| 994 | if (stmp) | ||
| 995 | { | ||
| 996 | PEM_write_bio_SSL_SESSION(stmp, SSL_get_session(con)); | ||
| 997 | BIO_free(stmp); | ||
| 998 | } | ||
| 999 | else | ||
| 1000 | BIO_printf(bio_err, "Error writing session file %s\n", sess_out); | ||
| 1001 | } | ||
| 652 | print_stuff(bio_c_out,con,full_log); | 1002 | print_stuff(bio_c_out,con,full_log); |
| 653 | if (full_log > 0) full_log--; | 1003 | if (full_log > 0) full_log--; |
| 654 | 1004 | ||
| @@ -656,7 +1006,7 @@ re_start: | |||
| 656 | { | 1006 | { |
| 657 | BIO_printf(bio_err,"%s",mbuf); | 1007 | BIO_printf(bio_err,"%s",mbuf); |
| 658 | /* We don't need to know any more */ | 1008 | /* We don't need to know any more */ |
| 659 | starttls_proto = 0; | 1009 | starttls_proto = PROTO_OFF; |
| 660 | } | 1010 | } |
| 661 | 1011 | ||
| 662 | if (reconnect) | 1012 | if (reconnect) |
| @@ -675,7 +1025,7 @@ re_start: | |||
| 675 | 1025 | ||
| 676 | if (!ssl_pending) | 1026 | if (!ssl_pending) |
| 677 | { | 1027 | { |
| 678 | #if !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_MSDOS) | 1028 | #if !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_NETWARE) |
| 679 | if (tty_on) | 1029 | if (tty_on) |
| 680 | { | 1030 | { |
| 681 | if (read_tty) FD_SET(fileno(stdin),&readfds); | 1031 | if (read_tty) FD_SET(fileno(stdin),&readfds); |
| @@ -725,6 +1075,16 @@ re_start: | |||
| 725 | } else i=select(width,(void *)&readfds,(void *)&writefds, | 1075 | } else i=select(width,(void *)&readfds,(void *)&writefds, |
| 726 | NULL,NULL); | 1076 | NULL,NULL); |
| 727 | } | 1077 | } |
| 1078 | #elif defined(OPENSSL_SYS_NETWARE) | ||
| 1079 | if(!write_tty) { | ||
| 1080 | if(read_tty) { | ||
| 1081 | tv.tv_sec = 1; | ||
| 1082 | tv.tv_usec = 0; | ||
| 1083 | i=select(width,(void *)&readfds,(void *)&writefds, | ||
| 1084 | NULL,&tv); | ||
| 1085 | } else i=select(width,(void *)&readfds,(void *)&writefds, | ||
| 1086 | NULL,NULL); | ||
| 1087 | } | ||
| 728 | #else | 1088 | #else |
| 729 | i=select(width,(void *)&readfds,(void *)&writefds, | 1089 | i=select(width,(void *)&readfds,(void *)&writefds, |
| 730 | NULL,NULL); | 1090 | NULL,NULL); |
| @@ -805,7 +1165,7 @@ re_start: | |||
| 805 | goto shut; | 1165 | goto shut; |
| 806 | } | 1166 | } |
| 807 | } | 1167 | } |
| 808 | #if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) | 1168 | #if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_NETWARE) |
| 809 | /* Assume Windows/DOS can always write */ | 1169 | /* Assume Windows/DOS can always write */ |
| 810 | else if (!ssl_pending && write_tty) | 1170 | else if (!ssl_pending && write_tty) |
| 811 | #else | 1171 | #else |
| @@ -892,6 +1252,8 @@ printf("read=%d pending=%d peek=%d\n",k,SSL_pending(con),SSL_peek(con,zbuf,10240 | |||
| 892 | #else | 1252 | #else |
| 893 | else if ((_kbhit()) || (WAIT_OBJECT_0 == WaitForSingleObject(GetStdHandle(STD_INPUT_HANDLE), 0))) | 1253 | else if ((_kbhit()) || (WAIT_OBJECT_0 == WaitForSingleObject(GetStdHandle(STD_INPUT_HANDLE), 0))) |
| 894 | #endif | 1254 | #endif |
| 1255 | #elif defined (OPENSSL_SYS_NETWARE) | ||
| 1256 | else if (_kbhit()) | ||
| 895 | #else | 1257 | #else |
| 896 | else if (FD_ISSET(fileno(stdin),&readfds)) | 1258 | else if (FD_ISSET(fileno(stdin),&readfds)) |
| 897 | #endif | 1259 | #endif |
| @@ -955,6 +1317,12 @@ end: | |||
| 955 | if (con != NULL) SSL_free(con); | 1317 | if (con != NULL) SSL_free(con); |
| 956 | if (con2 != NULL) SSL_free(con2); | 1318 | if (con2 != NULL) SSL_free(con2); |
| 957 | if (ctx != NULL) SSL_CTX_free(ctx); | 1319 | if (ctx != NULL) SSL_CTX_free(ctx); |
| 1320 | if (cert) | ||
| 1321 | X509_free(cert); | ||
| 1322 | if (key) | ||
| 1323 | EVP_PKEY_free(key); | ||
| 1324 | if (pass) | ||
| 1325 | OPENSSL_free(pass); | ||
| 958 | if (cbuf != NULL) { OPENSSL_cleanse(cbuf,BUFSIZZ); OPENSSL_free(cbuf); } | 1326 | if (cbuf != NULL) { OPENSSL_cleanse(cbuf,BUFSIZZ); OPENSSL_free(cbuf); } |
| 959 | if (sbuf != NULL) { OPENSSL_cleanse(sbuf,BUFSIZZ); OPENSSL_free(sbuf); } | 1327 | if (sbuf != NULL) { OPENSSL_cleanse(sbuf,BUFSIZZ); OPENSSL_free(sbuf); } |
| 960 | if (mbuf != NULL) { OPENSSL_cleanse(mbuf,BUFSIZZ); OPENSSL_free(mbuf); } | 1328 | if (mbuf != NULL) { OPENSSL_cleanse(mbuf,BUFSIZZ); OPENSSL_free(mbuf); } |
| @@ -972,13 +1340,16 @@ static void print_stuff(BIO *bio, SSL *s, int full) | |||
| 972 | { | 1340 | { |
| 973 | X509 *peer=NULL; | 1341 | X509 *peer=NULL; |
| 974 | char *p; | 1342 | char *p; |
| 975 | static char *space=" "; | 1343 | static const char *space=" "; |
| 976 | char buf[BUFSIZ]; | 1344 | char buf[BUFSIZ]; |
| 977 | STACK_OF(X509) *sk; | 1345 | STACK_OF(X509) *sk; |
| 978 | STACK_OF(X509_NAME) *sk2; | 1346 | STACK_OF(X509_NAME) *sk2; |
| 979 | SSL_CIPHER *c; | 1347 | SSL_CIPHER *c; |
| 980 | X509_NAME *xn; | 1348 | X509_NAME *xn; |
| 981 | int j,i; | 1349 | int j,i; |
| 1350 | #ifndef OPENSSL_NO_COMP | ||
| 1351 | const COMP_METHOD *comp, *expansion; | ||
| 1352 | #endif | ||
| 982 | 1353 | ||
| 983 | if (full) | 1354 | if (full) |
| 984 | { | 1355 | { |
| @@ -1081,11 +1452,47 @@ static void print_stuff(BIO *bio, SSL *s, int full) | |||
| 1081 | EVP_PKEY_bits(pktmp)); | 1452 | EVP_PKEY_bits(pktmp)); |
| 1082 | EVP_PKEY_free(pktmp); | 1453 | EVP_PKEY_free(pktmp); |
| 1083 | } | 1454 | } |
| 1455 | #ifndef OPENSSL_NO_COMP | ||
| 1456 | comp=SSL_get_current_compression(s); | ||
| 1457 | expansion=SSL_get_current_expansion(s); | ||
| 1458 | BIO_printf(bio,"Compression: %s\n", | ||
| 1459 | comp ? SSL_COMP_get_name(comp) : "NONE"); | ||
| 1460 | BIO_printf(bio,"Expansion: %s\n", | ||
| 1461 | expansion ? SSL_COMP_get_name(expansion) : "NONE"); | ||
| 1462 | #endif | ||
| 1084 | SSL_SESSION_print(bio,SSL_get_session(s)); | 1463 | SSL_SESSION_print(bio,SSL_get_session(s)); |
| 1085 | BIO_printf(bio,"---\n"); | 1464 | BIO_printf(bio,"---\n"); |
| 1086 | if (peer != NULL) | 1465 | if (peer != NULL) |
| 1087 | X509_free(peer); | 1466 | X509_free(peer); |
| 1088 | /* flush, or debugging output gets mixed with http response */ | 1467 | /* flush, or debugging output gets mixed with http response */ |
| 1089 | BIO_flush(bio); | 1468 | (void)BIO_flush(bio); |
| 1090 | } | 1469 | } |
| 1091 | 1470 | ||
| 1471 | #ifndef OPENSSL_NO_TLSEXT | ||
| 1472 | |||
| 1473 | static int ocsp_resp_cb(SSL *s, void *arg) | ||
| 1474 | { | ||
| 1475 | const unsigned char *p; | ||
| 1476 | int len; | ||
| 1477 | OCSP_RESPONSE *rsp; | ||
| 1478 | len = SSL_get_tlsext_status_ocsp_resp(s, &p); | ||
| 1479 | BIO_puts(arg, "OCSP response: "); | ||
| 1480 | if (!p) | ||
| 1481 | { | ||
| 1482 | BIO_puts(arg, "no response sent\n"); | ||
| 1483 | return 1; | ||
| 1484 | } | ||
| 1485 | rsp = d2i_OCSP_RESPONSE(NULL, &p, len); | ||
| 1486 | if (!rsp) | ||
| 1487 | { | ||
| 1488 | BIO_puts(arg, "response parse error\n"); | ||
| 1489 | BIO_dump_indent(arg, (char *)p, len, 4); | ||
| 1490 | return 0; | ||
| 1491 | } | ||
| 1492 | BIO_puts(arg, "\n======================================\n"); | ||
| 1493 | OCSP_RESPONSE_print(arg, rsp, 0); | ||
| 1494 | BIO_puts(arg, "======================================\n"); | ||
| 1495 | OCSP_RESPONSE_free(rsp); | ||
| 1496 | return 1; | ||
| 1497 | } | ||
| 1498 | #endif /* ndef OPENSSL_NO_TLSEXT */ | ||
diff --git a/src/lib/libssl/src/apps/s_server.c b/src/lib/libssl/src/apps/s_server.c index ff4ab6ef28..7919c437c6 100644 --- a/src/lib/libssl/src/apps/s_server.c +++ b/src/lib/libssl/src/apps/s_server.c | |||
| @@ -108,18 +108,33 @@ | |||
| 108 | * Hudson (tjh@cryptsoft.com). | 108 | * Hudson (tjh@cryptsoft.com). |
| 109 | * | 109 | * |
| 110 | */ | 110 | */ |
| 111 | /* ==================================================================== | ||
| 112 | * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. | ||
| 113 | * ECC cipher suite support in OpenSSL originally developed by | ||
| 114 | * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. | ||
| 115 | */ | ||
| 116 | |||
| 117 | /* Until the key-gen callbacks are modified to use newer prototypes, we allow | ||
| 118 | * deprecated functions for openssl-internal code */ | ||
| 119 | #ifdef OPENSSL_NO_DEPRECATED | ||
| 120 | #undef OPENSSL_NO_DEPRECATED | ||
| 121 | #endif | ||
| 111 | 122 | ||
| 112 | #include <assert.h> | 123 | #include <assert.h> |
| 113 | #include <stdio.h> | 124 | #include <stdio.h> |
| 114 | #include <stdlib.h> | 125 | #include <stdlib.h> |
| 115 | #include <string.h> | 126 | #include <string.h> |
| 116 | #include <sys/types.h> | 127 | |
| 117 | #include <sys/stat.h> | 128 | #include <sys/stat.h> |
| 118 | #include <openssl/e_os2.h> | 129 | #include <openssl/e_os2.h> |
| 119 | #ifdef OPENSSL_NO_STDIO | 130 | #ifdef OPENSSL_NO_STDIO |
| 120 | #define APPS_WIN16 | 131 | #define APPS_WIN16 |
| 121 | #endif | 132 | #endif |
| 122 | 133 | ||
| 134 | #if !defined(OPENSSL_SYS_NETWARE) /* conflicts with winsock2 stuff on netware */ | ||
| 135 | #include <sys/types.h> | ||
| 136 | #endif | ||
| 137 | |||
| 123 | /* With IPv6, it looks like Digital has mixed up the proper order of | 138 | /* With IPv6, it looks like Digital has mixed up the proper order of |
| 124 | recursive header file inclusion, resulting in the compiler complaining | 139 | recursive header file inclusion, resulting in the compiler complaining |
| 125 | that u_int isn't defined, but only if _POSIX_C_SOURCE is defined, which | 140 | that u_int isn't defined, but only if _POSIX_C_SOURCE is defined, which |
| @@ -138,7 +153,15 @@ typedef unsigned int u_int; | |||
| 138 | #include <openssl/x509.h> | 153 | #include <openssl/x509.h> |
| 139 | #include <openssl/ssl.h> | 154 | #include <openssl/ssl.h> |
| 140 | #include <openssl/rand.h> | 155 | #include <openssl/rand.h> |
| 156 | #include <openssl/ocsp.h> | ||
| 157 | #ifndef OPENSSL_NO_DH | ||
| 158 | #include <openssl/dh.h> | ||
| 159 | #endif | ||
| 160 | #ifndef OPENSSL_NO_RSA | ||
| 161 | #include <openssl/rsa.h> | ||
| 162 | #endif | ||
| 141 | #include "s_apps.h" | 163 | #include "s_apps.h" |
| 164 | #include "timeouts.h" | ||
| 142 | 165 | ||
| 143 | #ifdef OPENSSL_SYS_WINCE | 166 | #ifdef OPENSSL_SYS_WINCE |
| 144 | /* Windows CE incorrectly defines fileno as returning void*, so to avoid problems below... */ | 167 | /* Windows CE incorrectly defines fileno as returning void*, so to avoid problems below... */ |
| @@ -165,9 +188,10 @@ static void print_stats(BIO *bp,SSL_CTX *ctx); | |||
| 165 | static int generate_session_id(const SSL *ssl, unsigned char *id, | 188 | static int generate_session_id(const SSL *ssl, unsigned char *id, |
| 166 | unsigned int *id_len); | 189 | unsigned int *id_len); |
| 167 | #ifndef OPENSSL_NO_DH | 190 | #ifndef OPENSSL_NO_DH |
| 168 | static DH *load_dh_param(char *dhfile); | 191 | static DH *load_dh_param(const char *dhfile); |
| 169 | static DH *get_dh512(void); | 192 | static DH *get_dh512(void); |
| 170 | #endif | 193 | #endif |
| 194 | |||
| 171 | #ifdef MONOLITH | 195 | #ifdef MONOLITH |
| 172 | static void s_server_init(void); | 196 | static void s_server_init(void); |
| 173 | #endif | 197 | #endif |
| @@ -206,6 +230,7 @@ static DH *get_dh512(void) | |||
| 206 | } | 230 | } |
| 207 | #endif | 231 | #endif |
| 208 | 232 | ||
| 233 | |||
| 209 | /* static int load_CA(SSL_CTX *ctx, char *file);*/ | 234 | /* static int load_CA(SSL_CTX *ctx, char *file);*/ |
| 210 | 235 | ||
| 211 | #undef BUFSIZZ | 236 | #undef BUFSIZZ |
| @@ -214,6 +239,9 @@ static int bufsize=BUFSIZZ; | |||
| 214 | static int accept_socket= -1; | 239 | static int accept_socket= -1; |
| 215 | 240 | ||
| 216 | #define TEST_CERT "server.pem" | 241 | #define TEST_CERT "server.pem" |
| 242 | #ifndef OPENSSL_NO_TLSEXT | ||
| 243 | #define TEST_CERT2 "server2.pem" | ||
| 244 | #endif | ||
| 217 | #undef PROG | 245 | #undef PROG |
| 218 | #define PROG s_server_main | 246 | #define PROG s_server_main |
| 219 | 247 | ||
| @@ -222,7 +250,10 @@ extern int verify_depth; | |||
| 222 | static char *cipher=NULL; | 250 | static char *cipher=NULL; |
| 223 | static int s_server_verify=SSL_VERIFY_NONE; | 251 | static int s_server_verify=SSL_VERIFY_NONE; |
| 224 | static int s_server_session_id_context = 1; /* anything will do */ | 252 | static int s_server_session_id_context = 1; /* anything will do */ |
| 225 | static char *s_cert_file=TEST_CERT,*s_key_file=NULL; | 253 | static const char *s_cert_file=TEST_CERT,*s_key_file=NULL; |
| 254 | #ifndef OPENSSL_NO_TLSEXT | ||
| 255 | static const char *s_cert_file2=TEST_CERT2,*s_key_file2=NULL; | ||
| 256 | #endif | ||
| 226 | static char *s_dcert_file=NULL,*s_dkey_file=NULL; | 257 | static char *s_dcert_file=NULL,*s_dkey_file=NULL; |
| 227 | #ifdef FIONBIO | 258 | #ifdef FIONBIO |
| 228 | static int s_nbio=0; | 259 | static int s_nbio=0; |
| @@ -230,10 +261,18 @@ static int s_nbio=0; | |||
| 230 | static int s_nbio_test=0; | 261 | static int s_nbio_test=0; |
| 231 | int s_crlf=0; | 262 | int s_crlf=0; |
| 232 | static SSL_CTX *ctx=NULL; | 263 | static SSL_CTX *ctx=NULL; |
| 264 | #ifndef OPENSSL_NO_TLSEXT | ||
| 265 | static SSL_CTX *ctx2=NULL; | ||
| 266 | #endif | ||
| 233 | static int www=0; | 267 | static int www=0; |
| 234 | 268 | ||
| 235 | static BIO *bio_s_out=NULL; | 269 | static BIO *bio_s_out=NULL; |
| 236 | static int s_debug=0; | 270 | static int s_debug=0; |
| 271 | #ifndef OPENSSL_NO_TLSEXT | ||
| 272 | static int s_tlsextdebug=0; | ||
| 273 | static int s_tlsextstatus=0; | ||
| 274 | static int cert_status_cb(SSL *s, void *arg); | ||
| 275 | #endif | ||
| 237 | static int s_msg=0; | 276 | static int s_msg=0; |
| 238 | static int s_quiet=0; | 277 | static int s_quiet=0; |
| 239 | 278 | ||
| @@ -243,6 +282,14 @@ static char *engine_id=NULL; | |||
| 243 | #endif | 282 | #endif |
| 244 | static const char *session_id_prefix=NULL; | 283 | static const char *session_id_prefix=NULL; |
| 245 | 284 | ||
| 285 | static int enable_timeouts = 0; | ||
| 286 | #ifdef mtu | ||
| 287 | #undef mtu | ||
| 288 | #endif | ||
| 289 | static long mtu; | ||
| 290 | static int cert_chain = 0; | ||
| 291 | |||
| 292 | |||
| 246 | #ifdef MONOLITH | 293 | #ifdef MONOLITH |
| 247 | static void s_server_init(void) | 294 | static void s_server_init(void) |
| 248 | { | 295 | { |
| @@ -253,6 +300,11 @@ static void s_server_init(void) | |||
| 253 | s_dkey_file=NULL; | 300 | s_dkey_file=NULL; |
| 254 | s_cert_file=TEST_CERT; | 301 | s_cert_file=TEST_CERT; |
| 255 | s_key_file=NULL; | 302 | s_key_file=NULL; |
| 303 | #ifndef OPENSSL_NO_TLSEXT | ||
| 304 | s_cert_file2=TEST_CERT2; | ||
| 305 | s_key_file2=NULL; | ||
| 306 | ctx2=NULL; | ||
| 307 | #endif | ||
| 256 | #ifdef FIONBIO | 308 | #ifdef FIONBIO |
| 257 | s_nbio=0; | 309 | s_nbio=0; |
| 258 | #endif | 310 | #endif |
| @@ -279,14 +331,30 @@ static void sv_usage(void) | |||
| 279 | BIO_printf(bio_err," -context arg - set session ID context\n"); | 331 | BIO_printf(bio_err," -context arg - set session ID context\n"); |
| 280 | BIO_printf(bio_err," -verify arg - turn on peer certificate verification\n"); | 332 | BIO_printf(bio_err," -verify arg - turn on peer certificate verification\n"); |
| 281 | BIO_printf(bio_err," -Verify arg - turn on peer certificate verification, must have a cert.\n"); | 333 | BIO_printf(bio_err," -Verify arg - turn on peer certificate verification, must have a cert.\n"); |
| 282 | BIO_printf(bio_err," -cert arg - certificate file to use, PEM format assumed\n"); | 334 | BIO_printf(bio_err," -cert arg - certificate file to use\n"); |
| 283 | BIO_printf(bio_err," (default is %s)\n",TEST_CERT); | 335 | BIO_printf(bio_err," (default is %s)\n",TEST_CERT); |
| 284 | BIO_printf(bio_err," -key arg - Private Key file to use, PEM format assumed, in cert file if\n"); | 336 | BIO_printf(bio_err," -crl_check - check the peer certificate has not been revoked by its CA.\n" \ |
| 337 | " The CRL(s) are appended to the certificate file\n"); | ||
| 338 | BIO_printf(bio_err," -crl_check_all - check the peer certificate has not been revoked by its CA\n" \ | ||
| 339 | " or any other CRL in the CA chain. CRL(s) are appened to the\n" \ | ||
| 340 | " the certificate file.\n"); | ||
| 341 | BIO_printf(bio_err," -certform arg - certificate format (PEM or DER) PEM default\n"); | ||
| 342 | BIO_printf(bio_err," -key arg - Private Key file to use, in cert file if\n"); | ||
| 285 | BIO_printf(bio_err," not specified (default is %s)\n",TEST_CERT); | 343 | BIO_printf(bio_err," not specified (default is %s)\n",TEST_CERT); |
| 344 | BIO_printf(bio_err," -keyform arg - key format (PEM, DER or ENGINE) PEM default\n"); | ||
| 345 | BIO_printf(bio_err," -pass arg - private key file pass phrase source\n"); | ||
| 286 | BIO_printf(bio_err," -dcert arg - second certificate file to use (usually for DSA)\n"); | 346 | BIO_printf(bio_err," -dcert arg - second certificate file to use (usually for DSA)\n"); |
| 347 | BIO_printf(bio_err," -dcertform x - second certificate format (PEM or DER) PEM default\n"); | ||
| 287 | BIO_printf(bio_err," -dkey arg - second private key file to use (usually for DSA)\n"); | 348 | BIO_printf(bio_err," -dkey arg - second private key file to use (usually for DSA)\n"); |
| 349 | BIO_printf(bio_err," -dkeyform arg - second key format (PEM, DER or ENGINE) PEM default\n"); | ||
| 350 | BIO_printf(bio_err," -dpass arg - second private key file pass phrase source\n"); | ||
| 288 | BIO_printf(bio_err," -dhparam arg - DH parameter file to use, in cert file if not specified\n"); | 351 | BIO_printf(bio_err," -dhparam arg - DH parameter file to use, in cert file if not specified\n"); |
| 289 | BIO_printf(bio_err," or a default set of parameters is used\n"); | 352 | BIO_printf(bio_err," or a default set of parameters is used\n"); |
| 353 | #ifndef OPENSSL_NO_ECDH | ||
| 354 | BIO_printf(bio_err," -named_curve arg - Elliptic curve name to use for ephemeral ECDH keys.\n" \ | ||
| 355 | " Use \"openssl ecparam -list_curves\" for all names\n" \ | ||
| 356 | " (default is sect163r2).\n"); | ||
| 357 | #endif | ||
| 290 | #ifdef FIONBIO | 358 | #ifdef FIONBIO |
| 291 | BIO_printf(bio_err," -nbio - Run with non-blocking IO\n"); | 359 | BIO_printf(bio_err," -nbio - Run with non-blocking IO\n"); |
| 292 | #endif | 360 | #endif |
| @@ -305,12 +373,19 @@ static void sv_usage(void) | |||
| 305 | BIO_printf(bio_err," -ssl2 - Just talk SSLv2\n"); | 373 | BIO_printf(bio_err," -ssl2 - Just talk SSLv2\n"); |
| 306 | BIO_printf(bio_err," -ssl3 - Just talk SSLv3\n"); | 374 | BIO_printf(bio_err," -ssl3 - Just talk SSLv3\n"); |
| 307 | BIO_printf(bio_err," -tls1 - Just talk TLSv1\n"); | 375 | BIO_printf(bio_err," -tls1 - Just talk TLSv1\n"); |
| 376 | BIO_printf(bio_err," -dtls1 - Just talk DTLSv1\n"); | ||
| 377 | BIO_printf(bio_err," -timeout - Enable timeouts\n"); | ||
| 378 | BIO_printf(bio_err," -mtu - Set MTU\n"); | ||
| 379 | BIO_printf(bio_err," -chain - Read a certificate chain\n"); | ||
| 308 | BIO_printf(bio_err," -no_ssl2 - Just disable SSLv2\n"); | 380 | BIO_printf(bio_err," -no_ssl2 - Just disable SSLv2\n"); |
| 309 | BIO_printf(bio_err," -no_ssl3 - Just disable SSLv3\n"); | 381 | BIO_printf(bio_err," -no_ssl3 - Just disable SSLv3\n"); |
| 310 | BIO_printf(bio_err," -no_tls1 - Just disable TLSv1\n"); | 382 | BIO_printf(bio_err," -no_tls1 - Just disable TLSv1\n"); |
| 311 | #ifndef OPENSSL_NO_DH | 383 | #ifndef OPENSSL_NO_DH |
| 312 | BIO_printf(bio_err," -no_dhe - Disable ephemeral DH\n"); | 384 | BIO_printf(bio_err," -no_dhe - Disable ephemeral DH\n"); |
| 313 | #endif | 385 | #endif |
| 386 | #ifndef OPENSSL_NO_ECDH | ||
| 387 | BIO_printf(bio_err," -no_ecdhe - Disable ephemeral ECDH\n"); | ||
| 388 | #endif | ||
| 314 | BIO_printf(bio_err," -bugs - Turn on SSL bug compatibility\n"); | 389 | BIO_printf(bio_err," -bugs - Turn on SSL bug compatibility\n"); |
| 315 | BIO_printf(bio_err," -www - Respond to a 'GET /' with a status page\n"); | 390 | BIO_printf(bio_err," -www - Respond to a 'GET /' with a status page\n"); |
| 316 | BIO_printf(bio_err," -WWW - Respond to a 'GET /<path> HTTP/1.0' with file ./<path>\n"); | 391 | BIO_printf(bio_err," -WWW - Respond to a 'GET /<path> HTTP/1.0' with file ./<path>\n"); |
| @@ -321,6 +396,16 @@ static void sv_usage(void) | |||
| 321 | #endif | 396 | #endif |
| 322 | BIO_printf(bio_err," -id_prefix arg - Generate SSL/TLS session IDs prefixed by 'arg'\n"); | 397 | BIO_printf(bio_err," -id_prefix arg - Generate SSL/TLS session IDs prefixed by 'arg'\n"); |
| 323 | BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR); | 398 | BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR); |
| 399 | #ifndef OPENSSL_NO_TLSEXT | ||
| 400 | BIO_printf(bio_err," -servername host - servername for HostName TLS extension\n"); | ||
| 401 | BIO_printf(bio_err," -servername_fatal - on mismatch send fatal alert (default warning alert)\n"); | ||
| 402 | BIO_printf(bio_err," -cert2 arg - certificate file to use for servername\n"); | ||
| 403 | BIO_printf(bio_err," (default is %s)\n",TEST_CERT2); | ||
| 404 | BIO_printf(bio_err," -key2 arg - Private Key file to use for servername, in cert file if\n"); | ||
| 405 | BIO_printf(bio_err," not specified (default is %s)\n",TEST_CERT2); | ||
| 406 | BIO_printf(bio_err," -tlsextdebug - hex dump of all TLS extensions received\n"); | ||
| 407 | BIO_printf(bio_err," -no_ticket - disable use of RFC4507bis session tickets\n"); | ||
| 408 | #endif | ||
| 324 | } | 409 | } |
| 325 | 410 | ||
| 326 | static int local_argc=0; | 411 | static int local_argc=0; |
| @@ -476,6 +561,185 @@ static int ebcdic_puts(BIO *bp, const char *str) | |||
| 476 | } | 561 | } |
| 477 | #endif | 562 | #endif |
| 478 | 563 | ||
| 564 | #ifndef OPENSSL_NO_TLSEXT | ||
| 565 | |||
| 566 | /* This is a context that we pass to callbacks */ | ||
| 567 | typedef struct tlsextctx_st { | ||
| 568 | char * servername; | ||
| 569 | BIO * biodebug; | ||
| 570 | int extension_error; | ||
| 571 | } tlsextctx; | ||
| 572 | |||
| 573 | |||
| 574 | static int MS_CALLBACK ssl_servername_cb(SSL *s, int *ad, void *arg) | ||
| 575 | { | ||
| 576 | tlsextctx * p = (tlsextctx *) arg; | ||
| 577 | const char * servername = SSL_get_servername(s, TLSEXT_NAMETYPE_host_name); | ||
| 578 | if (servername && p->biodebug) | ||
| 579 | BIO_printf(p->biodebug,"Hostname in TLS extension: \"%s\"\n",servername); | ||
| 580 | |||
| 581 | if (!p->servername) | ||
| 582 | return SSL_TLSEXT_ERR_NOACK; | ||
| 583 | |||
| 584 | if (servername) | ||
| 585 | { | ||
| 586 | if (strcmp(servername,p->servername)) | ||
| 587 | return p->extension_error; | ||
| 588 | if (ctx2) | ||
| 589 | { | ||
| 590 | BIO_printf(p->biodebug,"Swiching server context.\n"); | ||
| 591 | SSL_set_SSL_CTX(s,ctx2); | ||
| 592 | } | ||
| 593 | } | ||
| 594 | return SSL_TLSEXT_ERR_OK; | ||
| 595 | } | ||
| 596 | |||
| 597 | /* Structure passed to cert status callback */ | ||
| 598 | |||
| 599 | typedef struct tlsextstatusctx_st { | ||
| 600 | /* Default responder to use */ | ||
| 601 | char *host, *path, *port; | ||
| 602 | int use_ssl; | ||
| 603 | int timeout; | ||
| 604 | BIO *err; | ||
| 605 | int verbose; | ||
| 606 | } tlsextstatusctx; | ||
| 607 | |||
| 608 | static tlsextstatusctx tlscstatp = {NULL, NULL, NULL, 0, -1, NULL, 0}; | ||
| 609 | |||
| 610 | /* Certificate Status callback. This is called when a client includes a | ||
| 611 | * certificate status request extension. | ||
| 612 | * | ||
| 613 | * This is a simplified version. It examines certificates each time and | ||
| 614 | * makes one OCSP responder query for each request. | ||
| 615 | * | ||
| 616 | * A full version would store details such as the OCSP certificate IDs and | ||
| 617 | * minimise the number of OCSP responses by caching them until they were | ||
| 618 | * considered "expired". | ||
| 619 | */ | ||
| 620 | |||
| 621 | static int cert_status_cb(SSL *s, void *arg) | ||
| 622 | { | ||
| 623 | tlsextstatusctx *srctx = arg; | ||
| 624 | BIO *err = srctx->err; | ||
| 625 | char *host, *port, *path; | ||
| 626 | int use_ssl; | ||
| 627 | unsigned char *rspder = NULL; | ||
| 628 | int rspderlen; | ||
| 629 | STACK *aia = NULL; | ||
| 630 | X509 *x = NULL; | ||
| 631 | X509_STORE_CTX inctx; | ||
| 632 | X509_OBJECT obj; | ||
| 633 | OCSP_REQUEST *req = NULL; | ||
| 634 | OCSP_RESPONSE *resp = NULL; | ||
| 635 | OCSP_CERTID *id = NULL; | ||
| 636 | STACK_OF(X509_EXTENSION) *exts; | ||
| 637 | int ret = SSL_TLSEXT_ERR_NOACK; | ||
| 638 | int i; | ||
| 639 | #if 0 | ||
| 640 | STACK_OF(OCSP_RESPID) *ids; | ||
| 641 | SSL_get_tlsext_status_ids(s, &ids); | ||
| 642 | BIO_printf(err, "cert_status: received %d ids\n", sk_OCSP_RESPID_num(ids)); | ||
| 643 | #endif | ||
| 644 | if (srctx->verbose) | ||
| 645 | BIO_puts(err, "cert_status: callback called\n"); | ||
| 646 | /* Build up OCSP query from server certificate */ | ||
| 647 | x = SSL_get_certificate(s); | ||
| 648 | aia = X509_get1_ocsp(x); | ||
| 649 | if (aia) | ||
| 650 | { | ||
| 651 | if (!OCSP_parse_url(sk_value(aia, 0), | ||
| 652 | &host, &port, &path, &use_ssl)) | ||
| 653 | { | ||
| 654 | BIO_puts(err, "cert_status: can't parse AIA URL\n"); | ||
| 655 | goto err; | ||
| 656 | } | ||
| 657 | if (srctx->verbose) | ||
| 658 | BIO_printf(err, "cert_status: AIA URL: %s\n", | ||
| 659 | sk_value(aia, 0)); | ||
| 660 | } | ||
| 661 | else | ||
| 662 | { | ||
| 663 | if (!srctx->host) | ||
| 664 | { | ||
| 665 | BIO_puts(srctx->err, "cert_status: no AIA and no default responder URL\n"); | ||
| 666 | goto done; | ||
| 667 | } | ||
| 668 | host = srctx->host; | ||
| 669 | path = srctx->path; | ||
| 670 | port = srctx->port; | ||
| 671 | use_ssl = srctx->use_ssl; | ||
| 672 | } | ||
| 673 | |||
| 674 | if (!X509_STORE_CTX_init(&inctx, | ||
| 675 | SSL_CTX_get_cert_store(SSL_get_SSL_CTX(s)), | ||
| 676 | NULL, NULL)) | ||
| 677 | goto err; | ||
| 678 | if (X509_STORE_get_by_subject(&inctx,X509_LU_X509, | ||
| 679 | X509_get_issuer_name(x),&obj) <= 0) | ||
| 680 | { | ||
| 681 | BIO_puts(err, "cert_status: Can't retrieve issuer certificate.\n"); | ||
| 682 | X509_STORE_CTX_cleanup(&inctx); | ||
| 683 | goto done; | ||
| 684 | } | ||
| 685 | req = OCSP_REQUEST_new(); | ||
| 686 | if (!req) | ||
| 687 | goto err; | ||
| 688 | id = OCSP_cert_to_id(NULL, x, obj.data.x509); | ||
| 689 | X509_free(obj.data.x509); | ||
| 690 | X509_STORE_CTX_cleanup(&inctx); | ||
| 691 | if (!id) | ||
| 692 | goto err; | ||
| 693 | if (!OCSP_request_add0_id(req, id)) | ||
| 694 | goto err; | ||
| 695 | id = NULL; | ||
| 696 | /* Add any extensions to the request */ | ||
| 697 | SSL_get_tlsext_status_exts(s, &exts); | ||
| 698 | for (i = 0; i < sk_X509_EXTENSION_num(exts); i++) | ||
| 699 | { | ||
| 700 | X509_EXTENSION *ext = sk_X509_EXTENSION_value(exts, i); | ||
| 701 | if (!OCSP_REQUEST_add_ext(req, ext, -1)) | ||
| 702 | goto err; | ||
| 703 | } | ||
| 704 | resp = process_responder(err, req, host, path, port, use_ssl, | ||
| 705 | srctx->timeout); | ||
| 706 | if (!resp) | ||
| 707 | { | ||
| 708 | BIO_puts(err, "cert_status: error querying responder\n"); | ||
| 709 | goto done; | ||
| 710 | } | ||
| 711 | rspderlen = i2d_OCSP_RESPONSE(resp, &rspder); | ||
| 712 | if (rspderlen <= 0) | ||
| 713 | goto err; | ||
| 714 | SSL_set_tlsext_status_ocsp_resp(s, rspder, rspderlen); | ||
| 715 | if (srctx->verbose) | ||
| 716 | { | ||
| 717 | BIO_puts(err, "cert_status: ocsp response sent:\n"); | ||
| 718 | OCSP_RESPONSE_print(err, resp, 2); | ||
| 719 | } | ||
| 720 | ret = SSL_TLSEXT_ERR_OK; | ||
| 721 | done: | ||
| 722 | if (ret != SSL_TLSEXT_ERR_OK) | ||
| 723 | ERR_print_errors(err); | ||
| 724 | if (aia) | ||
| 725 | { | ||
| 726 | OPENSSL_free(host); | ||
| 727 | OPENSSL_free(path); | ||
| 728 | OPENSSL_free(port); | ||
| 729 | X509_email_free(aia); | ||
| 730 | } | ||
| 731 | if (id) | ||
| 732 | OCSP_CERTID_free(id); | ||
| 733 | if (req) | ||
| 734 | OCSP_REQUEST_free(req); | ||
| 735 | if (resp) | ||
| 736 | OCSP_RESPONSE_free(resp); | ||
| 737 | return ret; | ||
| 738 | err: | ||
| 739 | ret = SSL_TLSEXT_ERR_ALERT_FATAL; | ||
| 740 | goto done; | ||
| 741 | } | ||
| 742 | #endif | ||
| 479 | int MAIN(int, char **); | 743 | int MAIN(int, char **); |
| 480 | 744 | ||
| 481 | int MAIN(int argc, char *argv[]) | 745 | int MAIN(int argc, char *argv[]) |
| @@ -484,18 +748,36 @@ int MAIN(int argc, char *argv[]) | |||
| 484 | int vflags = 0; | 748 | int vflags = 0; |
| 485 | short port=PORT; | 749 | short port=PORT; |
| 486 | char *CApath=NULL,*CAfile=NULL; | 750 | char *CApath=NULL,*CAfile=NULL; |
| 487 | char *context = NULL; | 751 | unsigned char *context = NULL; |
| 488 | char *dhfile = NULL; | 752 | char *dhfile = NULL; |
| 753 | #ifndef OPENSSL_NO_ECDH | ||
| 754 | char *named_curve = NULL; | ||
| 755 | #endif | ||
| 489 | int badop=0,bugs=0; | 756 | int badop=0,bugs=0; |
| 490 | int ret=1; | 757 | int ret=1; |
| 491 | int off=0; | 758 | int off=0; |
| 492 | int no_tmp_rsa=0,no_dhe=0,nocert=0; | 759 | int no_tmp_rsa=0,no_dhe=0,no_ecdhe=0,nocert=0; |
| 493 | int state=0; | 760 | int state=0; |
| 494 | SSL_METHOD *meth=NULL; | 761 | SSL_METHOD *meth=NULL; |
| 762 | int socket_type=SOCK_STREAM; | ||
| 495 | #ifndef OPENSSL_NO_ENGINE | 763 | #ifndef OPENSSL_NO_ENGINE |
| 496 | ENGINE *e=NULL; | 764 | ENGINE *e=NULL; |
| 497 | #endif | 765 | #endif |
| 498 | char *inrand=NULL; | 766 | char *inrand=NULL; |
| 767 | int s_cert_format = FORMAT_PEM, s_key_format = FORMAT_PEM; | ||
| 768 | char *passarg = NULL, *pass = NULL; | ||
| 769 | char *dpassarg = NULL, *dpass = NULL; | ||
| 770 | int s_dcert_format = FORMAT_PEM, s_dkey_format = FORMAT_PEM; | ||
| 771 | X509 *s_cert = NULL, *s_dcert = NULL; | ||
| 772 | EVP_PKEY *s_key = NULL, *s_dkey = NULL; | ||
| 773 | #ifndef OPENSSL_NO_TLSEXT | ||
| 774 | EVP_PKEY *s_key2 = NULL; | ||
| 775 | X509 *s_cert2 = NULL; | ||
| 776 | #endif | ||
| 777 | |||
| 778 | #ifndef OPENSSL_NO_TLSEXT | ||
| 779 | tlsextctx tlsextcbp = {NULL, NULL, SSL_TLSEXT_ERR_ALERT_WARNING}; | ||
| 780 | #endif | ||
| 499 | 781 | ||
| 500 | #if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3) | 782 | #if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3) |
| 501 | meth=SSLv23_server_method(); | 783 | meth=SSLv23_server_method(); |
| @@ -555,28 +837,65 @@ int MAIN(int argc, char *argv[]) | |||
| 555 | else if (strcmp(*argv,"-context") == 0) | 837 | else if (strcmp(*argv,"-context") == 0) |
| 556 | { | 838 | { |
| 557 | if (--argc < 1) goto bad; | 839 | if (--argc < 1) goto bad; |
| 558 | context= *(++argv); | 840 | context= (unsigned char *)*(++argv); |
| 559 | } | 841 | } |
| 560 | else if (strcmp(*argv,"-cert") == 0) | 842 | else if (strcmp(*argv,"-cert") == 0) |
| 561 | { | 843 | { |
| 562 | if (--argc < 1) goto bad; | 844 | if (--argc < 1) goto bad; |
| 563 | s_cert_file= *(++argv); | 845 | s_cert_file= *(++argv); |
| 564 | } | 846 | } |
| 847 | else if (strcmp(*argv,"-certform") == 0) | ||
| 848 | { | ||
| 849 | if (--argc < 1) goto bad; | ||
| 850 | s_cert_format = str2fmt(*(++argv)); | ||
| 851 | } | ||
| 565 | else if (strcmp(*argv,"-key") == 0) | 852 | else if (strcmp(*argv,"-key") == 0) |
| 566 | { | 853 | { |
| 567 | if (--argc < 1) goto bad; | 854 | if (--argc < 1) goto bad; |
| 568 | s_key_file= *(++argv); | 855 | s_key_file= *(++argv); |
| 569 | } | 856 | } |
| 857 | else if (strcmp(*argv,"-keyform") == 0) | ||
| 858 | { | ||
| 859 | if (--argc < 1) goto bad; | ||
| 860 | s_key_format = str2fmt(*(++argv)); | ||
| 861 | } | ||
| 862 | else if (strcmp(*argv,"-pass") == 0) | ||
| 863 | { | ||
| 864 | if (--argc < 1) goto bad; | ||
| 865 | passarg = *(++argv); | ||
| 866 | } | ||
| 570 | else if (strcmp(*argv,"-dhparam") == 0) | 867 | else if (strcmp(*argv,"-dhparam") == 0) |
| 571 | { | 868 | { |
| 572 | if (--argc < 1) goto bad; | 869 | if (--argc < 1) goto bad; |
| 573 | dhfile = *(++argv); | 870 | dhfile = *(++argv); |
| 574 | } | 871 | } |
| 872 | #ifndef OPENSSL_NO_ECDH | ||
| 873 | else if (strcmp(*argv,"-named_curve") == 0) | ||
| 874 | { | ||
| 875 | if (--argc < 1) goto bad; | ||
| 876 | named_curve = *(++argv); | ||
| 877 | } | ||
| 878 | #endif | ||
| 879 | else if (strcmp(*argv,"-dcertform") == 0) | ||
| 880 | { | ||
| 881 | if (--argc < 1) goto bad; | ||
| 882 | s_dcert_format = str2fmt(*(++argv)); | ||
| 883 | } | ||
| 575 | else if (strcmp(*argv,"-dcert") == 0) | 884 | else if (strcmp(*argv,"-dcert") == 0) |
| 576 | { | 885 | { |
| 577 | if (--argc < 1) goto bad; | 886 | if (--argc < 1) goto bad; |
| 578 | s_dcert_file= *(++argv); | 887 | s_dcert_file= *(++argv); |
| 579 | } | 888 | } |
| 889 | else if (strcmp(*argv,"-dkeyform") == 0) | ||
| 890 | { | ||
| 891 | if (--argc < 1) goto bad; | ||
| 892 | s_dkey_format = str2fmt(*(++argv)); | ||
| 893 | } | ||
| 894 | else if (strcmp(*argv,"-dpass") == 0) | ||
| 895 | { | ||
| 896 | if (--argc < 1) goto bad; | ||
| 897 | dpassarg = *(++argv); | ||
| 898 | } | ||
| 580 | else if (strcmp(*argv,"-dkey") == 0) | 899 | else if (strcmp(*argv,"-dkey") == 0) |
| 581 | { | 900 | { |
| 582 | if (--argc < 1) goto bad; | 901 | if (--argc < 1) goto bad; |
| @@ -595,7 +914,7 @@ int MAIN(int argc, char *argv[]) | |||
| 595 | { | 914 | { |
| 596 | vflags |= X509_V_FLAG_CRL_CHECK; | 915 | vflags |= X509_V_FLAG_CRL_CHECK; |
| 597 | } | 916 | } |
| 598 | else if (strcmp(*argv,"-crl_check") == 0) | 917 | else if (strcmp(*argv,"-crl_check_all") == 0) |
| 599 | { | 918 | { |
| 600 | vflags |= X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL; | 919 | vflags |= X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL; |
| 601 | } | 920 | } |
| @@ -624,6 +943,37 @@ int MAIN(int argc, char *argv[]) | |||
| 624 | } | 943 | } |
| 625 | else if (strcmp(*argv,"-debug") == 0) | 944 | else if (strcmp(*argv,"-debug") == 0) |
| 626 | { s_debug=1; } | 945 | { s_debug=1; } |
| 946 | #ifndef OPENSSL_NO_TLSEXT | ||
| 947 | else if (strcmp(*argv,"-tlsextdebug") == 0) | ||
| 948 | s_tlsextdebug=1; | ||
| 949 | else if (strcmp(*argv,"-status") == 0) | ||
| 950 | s_tlsextstatus=1; | ||
| 951 | else if (strcmp(*argv,"-status_verbose") == 0) | ||
| 952 | { | ||
| 953 | s_tlsextstatus=1; | ||
| 954 | tlscstatp.verbose = 1; | ||
| 955 | } | ||
| 956 | else if (!strcmp(*argv, "-status_timeout")) | ||
| 957 | { | ||
| 958 | s_tlsextstatus=1; | ||
| 959 | if (--argc < 1) goto bad; | ||
| 960 | tlscstatp.timeout = atoi(*(++argv)); | ||
| 961 | } | ||
| 962 | else if (!strcmp(*argv, "-status_url")) | ||
| 963 | { | ||
| 964 | s_tlsextstatus=1; | ||
| 965 | if (--argc < 1) goto bad; | ||
| 966 | if (!OCSP_parse_url(*(++argv), | ||
| 967 | &tlscstatp.host, | ||
| 968 | &tlscstatp.port, | ||
| 969 | &tlscstatp.path, | ||
| 970 | &tlscstatp.use_ssl)) | ||
| 971 | { | ||
| 972 | BIO_printf(bio_err, "Error parsing URL\n"); | ||
| 973 | goto bad; | ||
| 974 | } | ||
| 975 | } | ||
| 976 | #endif | ||
| 627 | else if (strcmp(*argv,"-msg") == 0) | 977 | else if (strcmp(*argv,"-msg") == 0) |
| 628 | { s_msg=1; } | 978 | { s_msg=1; } |
| 629 | else if (strcmp(*argv,"-hack") == 0) | 979 | else if (strcmp(*argv,"-hack") == 0) |
| @@ -640,6 +990,8 @@ int MAIN(int argc, char *argv[]) | |||
| 640 | { no_tmp_rsa=1; } | 990 | { no_tmp_rsa=1; } |
| 641 | else if (strcmp(*argv,"-no_dhe") == 0) | 991 | else if (strcmp(*argv,"-no_dhe") == 0) |
| 642 | { no_dhe=1; } | 992 | { no_dhe=1; } |
| 993 | else if (strcmp(*argv,"-no_ecdhe") == 0) | ||
| 994 | { no_ecdhe=1; } | ||
| 643 | else if (strcmp(*argv,"-www") == 0) | 995 | else if (strcmp(*argv,"-www") == 0) |
| 644 | { www=1; } | 996 | { www=1; } |
| 645 | else if (strcmp(*argv,"-WWW") == 0) | 997 | else if (strcmp(*argv,"-WWW") == 0) |
| @@ -652,6 +1004,10 @@ int MAIN(int argc, char *argv[]) | |||
| 652 | { off|=SSL_OP_NO_SSLv3; } | 1004 | { off|=SSL_OP_NO_SSLv3; } |
| 653 | else if (strcmp(*argv,"-no_tls1") == 0) | 1005 | else if (strcmp(*argv,"-no_tls1") == 0) |
| 654 | { off|=SSL_OP_NO_TLSv1; } | 1006 | { off|=SSL_OP_NO_TLSv1; } |
| 1007 | #ifndef OPENSSL_NO_TLSEXT | ||
| 1008 | else if (strcmp(*argv,"-no_ticket") == 0) | ||
| 1009 | { off|=SSL_OP_NO_TICKET; } | ||
| 1010 | #endif | ||
| 655 | #ifndef OPENSSL_NO_SSL2 | 1011 | #ifndef OPENSSL_NO_SSL2 |
| 656 | else if (strcmp(*argv,"-ssl2") == 0) | 1012 | else if (strcmp(*argv,"-ssl2") == 0) |
| 657 | { meth=SSLv2_server_method(); } | 1013 | { meth=SSLv2_server_method(); } |
| @@ -664,6 +1020,22 @@ int MAIN(int argc, char *argv[]) | |||
| 664 | else if (strcmp(*argv,"-tls1") == 0) | 1020 | else if (strcmp(*argv,"-tls1") == 0) |
| 665 | { meth=TLSv1_server_method(); } | 1021 | { meth=TLSv1_server_method(); } |
| 666 | #endif | 1022 | #endif |
| 1023 | #ifndef OPENSSL_NO_DTLS1 | ||
| 1024 | else if (strcmp(*argv,"-dtls1") == 0) | ||
| 1025 | { | ||
| 1026 | meth=DTLSv1_server_method(); | ||
| 1027 | socket_type = SOCK_DGRAM; | ||
| 1028 | } | ||
| 1029 | else if (strcmp(*argv,"-timeout") == 0) | ||
| 1030 | enable_timeouts = 1; | ||
| 1031 | else if (strcmp(*argv,"-mtu") == 0) | ||
| 1032 | { | ||
| 1033 | if (--argc < 1) goto bad; | ||
| 1034 | mtu = atol(*(++argv)); | ||
| 1035 | } | ||
| 1036 | else if (strcmp(*argv, "-chain") == 0) | ||
| 1037 | cert_chain = 1; | ||
| 1038 | #endif | ||
| 667 | else if (strcmp(*argv, "-id_prefix") == 0) | 1039 | else if (strcmp(*argv, "-id_prefix") == 0) |
| 668 | { | 1040 | { |
| 669 | if (--argc < 1) goto bad; | 1041 | if (--argc < 1) goto bad; |
| @@ -681,6 +1053,25 @@ int MAIN(int argc, char *argv[]) | |||
| 681 | if (--argc < 1) goto bad; | 1053 | if (--argc < 1) goto bad; |
| 682 | inrand= *(++argv); | 1054 | inrand= *(++argv); |
| 683 | } | 1055 | } |
| 1056 | #ifndef OPENSSL_NO_TLSEXT | ||
| 1057 | else if (strcmp(*argv,"-servername") == 0) | ||
| 1058 | { | ||
| 1059 | if (--argc < 1) goto bad; | ||
| 1060 | tlsextcbp.servername= *(++argv); | ||
| 1061 | } | ||
| 1062 | else if (strcmp(*argv,"-servername_fatal") == 0) | ||
| 1063 | { tlsextcbp.extension_error = SSL_TLSEXT_ERR_ALERT_FATAL; } | ||
| 1064 | else if (strcmp(*argv,"-cert2") == 0) | ||
| 1065 | { | ||
| 1066 | if (--argc < 1) goto bad; | ||
| 1067 | s_cert_file2= *(++argv); | ||
| 1068 | } | ||
| 1069 | else if (strcmp(*argv,"-key2") == 0) | ||
| 1070 | { | ||
| 1071 | if (--argc < 1) goto bad; | ||
| 1072 | s_key_file2= *(++argv); | ||
| 1073 | } | ||
| 1074 | #endif | ||
| 684 | else | 1075 | else |
| 685 | { | 1076 | { |
| 686 | BIO_printf(bio_err,"unknown option %s\n",*argv); | 1077 | BIO_printf(bio_err,"unknown option %s\n",*argv); |
| @@ -704,6 +1095,87 @@ bad: | |||
| 704 | e = setup_engine(bio_err, engine_id, 1); | 1095 | e = setup_engine(bio_err, engine_id, 1); |
| 705 | #endif | 1096 | #endif |
| 706 | 1097 | ||
| 1098 | if (!app_passwd(bio_err, passarg, dpassarg, &pass, &dpass)) | ||
| 1099 | { | ||
| 1100 | BIO_printf(bio_err, "Error getting password\n"); | ||
| 1101 | goto end; | ||
| 1102 | } | ||
| 1103 | |||
| 1104 | |||
| 1105 | if (s_key_file == NULL) | ||
| 1106 | s_key_file = s_cert_file; | ||
| 1107 | #ifndef OPENSSL_NO_TLSEXT | ||
| 1108 | if (s_key_file2 == NULL) | ||
| 1109 | s_key_file2 = s_cert_file2; | ||
| 1110 | #endif | ||
| 1111 | |||
| 1112 | if (nocert == 0) | ||
| 1113 | { | ||
| 1114 | s_key = load_key(bio_err, s_key_file, s_key_format, 0, pass, e, | ||
| 1115 | "server certificate private key file"); | ||
| 1116 | if (!s_key) | ||
| 1117 | { | ||
| 1118 | ERR_print_errors(bio_err); | ||
| 1119 | goto end; | ||
| 1120 | } | ||
| 1121 | |||
| 1122 | s_cert = load_cert(bio_err,s_cert_file,s_cert_format, | ||
| 1123 | NULL, e, "server certificate file"); | ||
| 1124 | |||
| 1125 | if (!s_cert) | ||
| 1126 | { | ||
| 1127 | ERR_print_errors(bio_err); | ||
| 1128 | goto end; | ||
| 1129 | } | ||
| 1130 | |||
| 1131 | #ifndef OPENSSL_NO_TLSEXT | ||
| 1132 | if (tlsextcbp.servername) | ||
| 1133 | { | ||
| 1134 | s_key2 = load_key(bio_err, s_key_file2, s_key_format, 0, pass, e, | ||
| 1135 | "second server certificate private key file"); | ||
| 1136 | if (!s_key2) | ||
| 1137 | { | ||
| 1138 | ERR_print_errors(bio_err); | ||
| 1139 | goto end; | ||
| 1140 | } | ||
| 1141 | |||
| 1142 | s_cert2 = load_cert(bio_err,s_cert_file2,s_cert_format, | ||
| 1143 | NULL, e, "second server certificate file"); | ||
| 1144 | |||
| 1145 | if (!s_cert2) | ||
| 1146 | { | ||
| 1147 | ERR_print_errors(bio_err); | ||
| 1148 | goto end; | ||
| 1149 | } | ||
| 1150 | } | ||
| 1151 | #endif | ||
| 1152 | } | ||
| 1153 | if (s_dcert_file) | ||
| 1154 | { | ||
| 1155 | |||
| 1156 | if (s_dkey_file == NULL) | ||
| 1157 | s_dkey_file = s_dcert_file; | ||
| 1158 | |||
| 1159 | s_dkey = load_key(bio_err, s_dkey_file, s_dkey_format, | ||
| 1160 | 0, dpass, e, | ||
| 1161 | "second certificate private key file"); | ||
| 1162 | if (!s_dkey) | ||
| 1163 | { | ||
| 1164 | ERR_print_errors(bio_err); | ||
| 1165 | goto end; | ||
| 1166 | } | ||
| 1167 | |||
| 1168 | s_dcert = load_cert(bio_err,s_dcert_file,s_dcert_format, | ||
| 1169 | NULL, e, "second server certificate file"); | ||
| 1170 | |||
| 1171 | if (!s_dcert) | ||
| 1172 | { | ||
| 1173 | ERR_print_errors(bio_err); | ||
| 1174 | goto end; | ||
| 1175 | } | ||
| 1176 | |||
| 1177 | } | ||
| 1178 | |||
| 707 | if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL | 1179 | if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL |
| 708 | && !RAND_status()) | 1180 | && !RAND_status()) |
| 709 | { | 1181 | { |
| @@ -726,7 +1198,7 @@ bad: | |||
| 726 | } | 1198 | } |
| 727 | } | 1199 | } |
| 728 | 1200 | ||
| 729 | #if !defined(OPENSSL_NO_RSA) || !defined(OPENSSL_NO_DSA) | 1201 | #if !defined(OPENSSL_NO_RSA) || !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_ECDSA) |
| 730 | if (nocert) | 1202 | if (nocert) |
| 731 | #endif | 1203 | #endif |
| 732 | { | 1204 | { |
| @@ -734,6 +1206,10 @@ bad: | |||
| 734 | s_key_file=NULL; | 1206 | s_key_file=NULL; |
| 735 | s_dcert_file=NULL; | 1207 | s_dcert_file=NULL; |
| 736 | s_dkey_file=NULL; | 1208 | s_dkey_file=NULL; |
| 1209 | #ifndef OPENSSL_NO_TLSEXT | ||
| 1210 | s_cert_file2=NULL; | ||
| 1211 | s_key_file2=NULL; | ||
| 1212 | #endif | ||
| 737 | } | 1213 | } |
| 738 | 1214 | ||
| 739 | ctx=SSL_CTX_new(meth); | 1215 | ctx=SSL_CTX_new(meth); |
| @@ -762,6 +1238,10 @@ bad: | |||
| 762 | if (bugs) SSL_CTX_set_options(ctx,SSL_OP_ALL); | 1238 | if (bugs) SSL_CTX_set_options(ctx,SSL_OP_ALL); |
| 763 | if (hack) SSL_CTX_set_options(ctx,SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG); | 1239 | if (hack) SSL_CTX_set_options(ctx,SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG); |
| 764 | SSL_CTX_set_options(ctx,off); | 1240 | SSL_CTX_set_options(ctx,off); |
| 1241 | /* DTLS: partial reads end up discarding unread UDP bytes :-( | ||
| 1242 | * Setting read ahead solves this problem. | ||
| 1243 | */ | ||
| 1244 | if (socket_type == SOCK_DGRAM) SSL_CTX_set_read_ahead(ctx, 1); | ||
| 765 | 1245 | ||
| 766 | if (state) SSL_CTX_set_info_callback(ctx,apps_ssl_info_callback); | 1246 | if (state) SSL_CTX_set_info_callback(ctx,apps_ssl_info_callback); |
| 767 | 1247 | ||
| @@ -788,6 +1268,62 @@ bad: | |||
| 788 | } | 1268 | } |
| 789 | store = SSL_CTX_get_cert_store(ctx); | 1269 | store = SSL_CTX_get_cert_store(ctx); |
| 790 | X509_STORE_set_flags(store, vflags); | 1270 | X509_STORE_set_flags(store, vflags); |
| 1271 | #ifndef OPENSSL_NO_TLSEXT | ||
| 1272 | if (s_cert2) | ||
| 1273 | { | ||
| 1274 | ctx2=SSL_CTX_new(meth); | ||
| 1275 | if (ctx2 == NULL) | ||
| 1276 | { | ||
| 1277 | ERR_print_errors(bio_err); | ||
| 1278 | goto end; | ||
| 1279 | } | ||
| 1280 | } | ||
| 1281 | |||
| 1282 | if (ctx2) | ||
| 1283 | { | ||
| 1284 | BIO_printf(bio_s_out,"Setting secondary ctx parameters\n"); | ||
| 1285 | |||
| 1286 | if (session_id_prefix) | ||
| 1287 | { | ||
| 1288 | if(strlen(session_id_prefix) >= 32) | ||
| 1289 | BIO_printf(bio_err, | ||
| 1290 | "warning: id_prefix is too long, only one new session will be possible\n"); | ||
| 1291 | else if(strlen(session_id_prefix) >= 16) | ||
| 1292 | BIO_printf(bio_err, | ||
| 1293 | "warning: id_prefix is too long if you use SSLv2\n"); | ||
| 1294 | if(!SSL_CTX_set_generate_session_id(ctx2, generate_session_id)) | ||
| 1295 | { | ||
| 1296 | BIO_printf(bio_err,"error setting 'id_prefix'\n"); | ||
| 1297 | ERR_print_errors(bio_err); | ||
| 1298 | goto end; | ||
| 1299 | } | ||
| 1300 | BIO_printf(bio_err,"id_prefix '%s' set.\n", session_id_prefix); | ||
| 1301 | } | ||
| 1302 | SSL_CTX_set_quiet_shutdown(ctx2,1); | ||
| 1303 | if (bugs) SSL_CTX_set_options(ctx2,SSL_OP_ALL); | ||
| 1304 | if (hack) SSL_CTX_set_options(ctx2,SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG); | ||
| 1305 | SSL_CTX_set_options(ctx2,off); | ||
| 1306 | |||
| 1307 | /* DTLS: partial reads end up discarding unread UDP bytes :-( | ||
| 1308 | * Setting read ahead solves this problem. | ||
| 1309 | */ | ||
| 1310 | if (socket_type == SOCK_DGRAM) SSL_CTX_set_read_ahead(ctx2, 1); | ||
| 1311 | |||
| 1312 | |||
| 1313 | if (state) SSL_CTX_set_info_callback(ctx2,apps_ssl_info_callback); | ||
| 1314 | |||
| 1315 | SSL_CTX_sess_set_cache_size(ctx2,128); | ||
| 1316 | |||
| 1317 | if ((!SSL_CTX_load_verify_locations(ctx2,CAfile,CApath)) || | ||
| 1318 | (!SSL_CTX_set_default_verify_paths(ctx2))) | ||
| 1319 | { | ||
| 1320 | ERR_print_errors(bio_err); | ||
| 1321 | } | ||
| 1322 | store = SSL_CTX_get_cert_store(ctx2); | ||
| 1323 | X509_STORE_set_flags(store, vflags); | ||
| 1324 | } | ||
| 1325 | #endif | ||
| 1326 | |||
| 791 | 1327 | ||
| 792 | #ifndef OPENSSL_NO_DH | 1328 | #ifndef OPENSSL_NO_DH |
| 793 | if (!no_dhe) | 1329 | if (!no_dhe) |
| @@ -811,22 +1347,99 @@ bad: | |||
| 811 | (void)BIO_flush(bio_s_out); | 1347 | (void)BIO_flush(bio_s_out); |
| 812 | 1348 | ||
| 813 | SSL_CTX_set_tmp_dh(ctx,dh); | 1349 | SSL_CTX_set_tmp_dh(ctx,dh); |
| 1350 | #ifndef OPENSSL_NO_TLSEXT | ||
| 1351 | if (ctx2) | ||
| 1352 | { | ||
| 1353 | if (!dhfile) | ||
| 1354 | { | ||
| 1355 | DH *dh2=load_dh_param(s_cert_file2); | ||
| 1356 | if (dh2 != NULL) | ||
| 1357 | { | ||
| 1358 | BIO_printf(bio_s_out,"Setting temp DH parameters\n"); | ||
| 1359 | (void)BIO_flush(bio_s_out); | ||
| 1360 | |||
| 1361 | DH_free(dh); | ||
| 1362 | dh = dh2; | ||
| 1363 | } | ||
| 1364 | } | ||
| 1365 | SSL_CTX_set_tmp_dh(ctx2,dh); | ||
| 1366 | } | ||
| 1367 | #endif | ||
| 814 | DH_free(dh); | 1368 | DH_free(dh); |
| 815 | } | 1369 | } |
| 816 | #endif | 1370 | #endif |
| 1371 | |||
| 1372 | #ifndef OPENSSL_NO_ECDH | ||
| 1373 | if (!no_ecdhe) | ||
| 1374 | { | ||
| 1375 | EC_KEY *ecdh=NULL; | ||
| 1376 | |||
| 1377 | if (named_curve) | ||
| 1378 | { | ||
| 1379 | int nid = OBJ_sn2nid(named_curve); | ||
| 1380 | |||
| 1381 | if (nid == 0) | ||
| 1382 | { | ||
| 1383 | BIO_printf(bio_err, "unknown curve name (%s)\n", | ||
| 1384 | named_curve); | ||
| 1385 | goto end; | ||
| 1386 | } | ||
| 1387 | ecdh = EC_KEY_new_by_curve_name(nid); | ||
| 1388 | if (ecdh == NULL) | ||
| 1389 | { | ||
| 1390 | BIO_printf(bio_err, "unable to create curve (%s)\n", | ||
| 1391 | named_curve); | ||
| 1392 | goto end; | ||
| 1393 | } | ||
| 1394 | } | ||
| 1395 | |||
| 1396 | if (ecdh != NULL) | ||
| 1397 | { | ||
| 1398 | BIO_printf(bio_s_out,"Setting temp ECDH parameters\n"); | ||
| 1399 | } | ||
| 1400 | else | ||
| 1401 | { | ||
| 1402 | BIO_printf(bio_s_out,"Using default temp ECDH parameters\n"); | ||
| 1403 | ecdh = EC_KEY_new_by_curve_name(NID_sect163r2); | ||
| 1404 | if (ecdh == NULL) | ||
| 1405 | { | ||
| 1406 | BIO_printf(bio_err, "unable to create curve (sect163r2)\n"); | ||
| 1407 | goto end; | ||
| 1408 | } | ||
| 1409 | } | ||
| 1410 | (void)BIO_flush(bio_s_out); | ||
| 1411 | |||
| 1412 | SSL_CTX_set_tmp_ecdh(ctx,ecdh); | ||
| 1413 | #ifndef OPENSSL_NO_TLSEXT | ||
| 1414 | if (ctx2) | ||
| 1415 | SSL_CTX_set_tmp_ecdh(ctx2,ecdh); | ||
| 1416 | #endif | ||
| 1417 | EC_KEY_free(ecdh); | ||
| 1418 | } | ||
| 1419 | #endif | ||
| 817 | 1420 | ||
| 818 | if (!set_cert_stuff(ctx,s_cert_file,s_key_file)) | 1421 | if (!set_cert_key_stuff(ctx,s_cert,s_key)) |
| 819 | goto end; | 1422 | goto end; |
| 820 | if (s_dcert_file != NULL) | 1423 | #ifndef OPENSSL_NO_TLSEXT |
| 1424 | if (ctx2 && !set_cert_key_stuff(ctx2,s_cert2,s_key2)) | ||
| 1425 | goto end; | ||
| 1426 | #endif | ||
| 1427 | if (s_dcert != NULL) | ||
| 821 | { | 1428 | { |
| 822 | if (!set_cert_stuff(ctx,s_dcert_file,s_dkey_file)) | 1429 | if (!set_cert_key_stuff(ctx,s_dcert,s_dkey)) |
| 823 | goto end; | 1430 | goto end; |
| 824 | } | 1431 | } |
| 825 | 1432 | ||
| 826 | #ifndef OPENSSL_NO_RSA | 1433 | #ifndef OPENSSL_NO_RSA |
| 827 | #if 1 | 1434 | #if 1 |
| 828 | if (!no_tmp_rsa) | 1435 | if (!no_tmp_rsa) |
| 1436 | { | ||
| 829 | SSL_CTX_set_tmp_rsa_callback(ctx,tmp_rsa_cb); | 1437 | SSL_CTX_set_tmp_rsa_callback(ctx,tmp_rsa_cb); |
| 1438 | #ifndef OPENSSL_NO_TLSEXT | ||
| 1439 | if (ctx2) | ||
| 1440 | SSL_CTX_set_tmp_rsa_callback(ctx2,tmp_rsa_cb); | ||
| 1441 | #endif | ||
| 1442 | } | ||
| 830 | #else | 1443 | #else |
| 831 | if (!no_tmp_rsa && SSL_CTX_need_tmp_RSA(ctx)) | 1444 | if (!no_tmp_rsa && SSL_CTX_need_tmp_RSA(ctx)) |
| 832 | { | 1445 | { |
| @@ -842,6 +1455,16 @@ bad: | |||
| 842 | ERR_print_errors(bio_err); | 1455 | ERR_print_errors(bio_err); |
| 843 | goto end; | 1456 | goto end; |
| 844 | } | 1457 | } |
| 1458 | #ifndef OPENSSL_NO_TLSEXT | ||
| 1459 | if (ctx2) | ||
| 1460 | { | ||
| 1461 | if (!SSL_CTX_set_tmp_rsa(ctx2,rsa)) | ||
| 1462 | { | ||
| 1463 | ERR_print_errors(bio_err); | ||
| 1464 | goto end; | ||
| 1465 | } | ||
| 1466 | } | ||
| 1467 | #endif | ||
| 845 | RSA_free(rsa); | 1468 | RSA_free(rsa); |
| 846 | BIO_printf(bio_s_out,"\n"); | 1469 | BIO_printf(bio_s_out,"\n"); |
| 847 | } | 1470 | } |
| @@ -853,26 +1476,72 @@ bad: | |||
| 853 | BIO_printf(bio_err,"error setting cipher list\n"); | 1476 | BIO_printf(bio_err,"error setting cipher list\n"); |
| 854 | ERR_print_errors(bio_err); | 1477 | ERR_print_errors(bio_err); |
| 855 | goto end; | 1478 | goto end; |
| 1479 | #ifndef OPENSSL_NO_TLSEXT | ||
| 1480 | if (ctx2 && !SSL_CTX_set_cipher_list(ctx2,cipher)) | ||
| 1481 | { | ||
| 1482 | BIO_printf(bio_err,"error setting cipher list\n"); | ||
| 1483 | ERR_print_errors(bio_err); | ||
| 1484 | goto end; | ||
| 1485 | } | ||
| 1486 | #endif | ||
| 856 | } | 1487 | } |
| 857 | SSL_CTX_set_verify(ctx,s_server_verify,verify_callback); | 1488 | SSL_CTX_set_verify(ctx,s_server_verify,verify_callback); |
| 858 | SSL_CTX_set_session_id_context(ctx,(void*)&s_server_session_id_context, | 1489 | SSL_CTX_set_session_id_context(ctx,(void*)&s_server_session_id_context, |
| 859 | sizeof s_server_session_id_context); | 1490 | sizeof s_server_session_id_context); |
| 860 | 1491 | ||
| 1492 | #ifndef OPENSSL_NO_TLSEXT | ||
| 1493 | if (ctx2) | ||
| 1494 | { | ||
| 1495 | SSL_CTX_set_verify(ctx2,s_server_verify,verify_callback); | ||
| 1496 | SSL_CTX_set_session_id_context(ctx2,(void*)&s_server_session_id_context, | ||
| 1497 | sizeof s_server_session_id_context); | ||
| 1498 | |||
| 1499 | tlsextcbp.biodebug = bio_s_out; | ||
| 1500 | SSL_CTX_set_tlsext_servername_callback(ctx2, ssl_servername_cb); | ||
| 1501 | SSL_CTX_set_tlsext_servername_arg(ctx2, &tlsextcbp); | ||
| 1502 | SSL_CTX_set_tlsext_servername_callback(ctx, ssl_servername_cb); | ||
| 1503 | SSL_CTX_set_tlsext_servername_arg(ctx, &tlsextcbp); | ||
| 1504 | } | ||
| 1505 | #endif | ||
| 861 | if (CAfile != NULL) | 1506 | if (CAfile != NULL) |
| 862 | SSL_CTX_set_client_CA_list(ctx,SSL_load_client_CA_file(CAfile)); | 1507 | { |
| 863 | 1508 | SSL_CTX_set_client_CA_list(ctx,SSL_load_client_CA_file(CAfile)); | |
| 1509 | #ifndef OPENSSL_NO_TLSEXT | ||
| 1510 | if (ctx2) | ||
| 1511 | SSL_CTX_set_client_CA_list(ctx2,SSL_load_client_CA_file(CAfile)); | ||
| 1512 | #endif | ||
| 1513 | } | ||
| 864 | BIO_printf(bio_s_out,"ACCEPT\n"); | 1514 | BIO_printf(bio_s_out,"ACCEPT\n"); |
| 865 | if (www) | 1515 | if (www) |
| 866 | do_server(port,&accept_socket,www_body, context); | 1516 | do_server(port,socket_type,&accept_socket,www_body, context); |
| 867 | else | 1517 | else |
| 868 | do_server(port,&accept_socket,sv_body, context); | 1518 | do_server(port,socket_type,&accept_socket,sv_body, context); |
| 869 | print_stats(bio_s_out,ctx); | 1519 | print_stats(bio_s_out,ctx); |
| 870 | ret=0; | 1520 | ret=0; |
| 871 | end: | 1521 | end: |
| 872 | if (ctx != NULL) SSL_CTX_free(ctx); | 1522 | if (ctx != NULL) SSL_CTX_free(ctx); |
| 1523 | if (s_cert) | ||
| 1524 | X509_free(s_cert); | ||
| 1525 | if (s_dcert) | ||
| 1526 | X509_free(s_dcert); | ||
| 1527 | if (s_key) | ||
| 1528 | EVP_PKEY_free(s_key); | ||
| 1529 | if (s_dkey) | ||
| 1530 | EVP_PKEY_free(s_dkey); | ||
| 1531 | if (pass) | ||
| 1532 | OPENSSL_free(pass); | ||
| 1533 | if (dpass) | ||
| 1534 | OPENSSL_free(dpass); | ||
| 1535 | #ifndef OPENSSL_NO_TLSEXT | ||
| 1536 | if (ctx2 != NULL) SSL_CTX_free(ctx2); | ||
| 1537 | if (s_cert2) | ||
| 1538 | X509_free(s_cert2); | ||
| 1539 | if (s_key2) | ||
| 1540 | EVP_PKEY_free(s_key2); | ||
| 1541 | #endif | ||
| 873 | if (bio_s_out != NULL) | 1542 | if (bio_s_out != NULL) |
| 874 | { | 1543 | { |
| 875 | BIO_free(bio_s_out); | 1544 | BIO_free(bio_s_out); |
| 876 | bio_s_out=NULL; | 1545 | bio_s_out=NULL; |
| 877 | } | 1546 | } |
| 878 | apps_shutdown(); | 1547 | apps_shutdown(); |
| @@ -883,23 +1552,23 @@ static void print_stats(BIO *bio, SSL_CTX *ssl_ctx) | |||
| 883 | { | 1552 | { |
| 884 | BIO_printf(bio,"%4ld items in the session cache\n", | 1553 | BIO_printf(bio,"%4ld items in the session cache\n", |
| 885 | SSL_CTX_sess_number(ssl_ctx)); | 1554 | SSL_CTX_sess_number(ssl_ctx)); |
| 886 | BIO_printf(bio,"%4d client connects (SSL_connect())\n", | 1555 | BIO_printf(bio,"%4ld client connects (SSL_connect())\n", |
| 887 | SSL_CTX_sess_connect(ssl_ctx)); | 1556 | SSL_CTX_sess_connect(ssl_ctx)); |
| 888 | BIO_printf(bio,"%4d client renegotiates (SSL_connect())\n", | 1557 | BIO_printf(bio,"%4ld client renegotiates (SSL_connect())\n", |
| 889 | SSL_CTX_sess_connect_renegotiate(ssl_ctx)); | 1558 | SSL_CTX_sess_connect_renegotiate(ssl_ctx)); |
| 890 | BIO_printf(bio,"%4d client connects that finished\n", | 1559 | BIO_printf(bio,"%4ld client connects that finished\n", |
| 891 | SSL_CTX_sess_connect_good(ssl_ctx)); | 1560 | SSL_CTX_sess_connect_good(ssl_ctx)); |
| 892 | BIO_printf(bio,"%4d server accepts (SSL_accept())\n", | 1561 | BIO_printf(bio,"%4ld server accepts (SSL_accept())\n", |
| 893 | SSL_CTX_sess_accept(ssl_ctx)); | 1562 | SSL_CTX_sess_accept(ssl_ctx)); |
| 894 | BIO_printf(bio,"%4d server renegotiates (SSL_accept())\n", | 1563 | BIO_printf(bio,"%4ld server renegotiates (SSL_accept())\n", |
| 895 | SSL_CTX_sess_accept_renegotiate(ssl_ctx)); | 1564 | SSL_CTX_sess_accept_renegotiate(ssl_ctx)); |
| 896 | BIO_printf(bio,"%4d server accepts that finished\n", | 1565 | BIO_printf(bio,"%4ld server accepts that finished\n", |
| 897 | SSL_CTX_sess_accept_good(ssl_ctx)); | 1566 | SSL_CTX_sess_accept_good(ssl_ctx)); |
| 898 | BIO_printf(bio,"%4d session cache hits\n",SSL_CTX_sess_hits(ssl_ctx)); | 1567 | BIO_printf(bio,"%4ld session cache hits\n",SSL_CTX_sess_hits(ssl_ctx)); |
| 899 | BIO_printf(bio,"%4d session cache misses\n",SSL_CTX_sess_misses(ssl_ctx)); | 1568 | BIO_printf(bio,"%4ld session cache misses\n",SSL_CTX_sess_misses(ssl_ctx)); |
| 900 | BIO_printf(bio,"%4d session cache timeouts\n",SSL_CTX_sess_timeouts(ssl_ctx)); | 1569 | BIO_printf(bio,"%4ld session cache timeouts\n",SSL_CTX_sess_timeouts(ssl_ctx)); |
| 901 | BIO_printf(bio,"%4d callback cache hits\n",SSL_CTX_sess_cb_hits(ssl_ctx)); | 1570 | BIO_printf(bio,"%4ld callback cache hits\n",SSL_CTX_sess_cb_hits(ssl_ctx)); |
| 902 | BIO_printf(bio,"%4d cache full overflows (%d allowed)\n", | 1571 | BIO_printf(bio,"%4ld cache full overflows (%ld allowed)\n", |
| 903 | SSL_CTX_sess_cache_full(ssl_ctx), | 1572 | SSL_CTX_sess_cache_full(ssl_ctx), |
| 904 | SSL_CTX_sess_get_cache_size(ssl_ctx)); | 1573 | SSL_CTX_sess_get_cache_size(ssl_ctx)); |
| 905 | } | 1574 | } |
| @@ -913,7 +1582,7 @@ static int sv_body(char *hostname, int s, unsigned char *context) | |||
| 913 | unsigned long l; | 1582 | unsigned long l; |
| 914 | SSL *con=NULL; | 1583 | SSL *con=NULL; |
| 915 | BIO *sbio; | 1584 | BIO *sbio; |
| 916 | #if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) | 1585 | #if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_NETWARE) |
| 917 | struct timeval tv; | 1586 | struct timeval tv; |
| 918 | #endif | 1587 | #endif |
| 919 | 1588 | ||
| @@ -936,6 +1605,19 @@ static int sv_body(char *hostname, int s, unsigned char *context) | |||
| 936 | 1605 | ||
| 937 | if (con == NULL) { | 1606 | if (con == NULL) { |
| 938 | con=SSL_new(ctx); | 1607 | con=SSL_new(ctx); |
| 1608 | #ifndef OPENSSL_NO_TLSEXT | ||
| 1609 | if (s_tlsextdebug) | ||
| 1610 | { | ||
| 1611 | SSL_set_tlsext_debug_callback(con, tlsext_cb); | ||
| 1612 | SSL_set_tlsext_debug_arg(con, bio_s_out); | ||
| 1613 | } | ||
| 1614 | if (s_tlsextstatus) | ||
| 1615 | { | ||
| 1616 | SSL_CTX_set_tlsext_status_cb(ctx, cert_status_cb); | ||
| 1617 | tlscstatp.err = bio_err; | ||
| 1618 | SSL_CTX_set_tlsext_status_arg(ctx, &tlscstatp); | ||
| 1619 | } | ||
| 1620 | #endif | ||
| 939 | #ifndef OPENSSL_NO_KRB5 | 1621 | #ifndef OPENSSL_NO_KRB5 |
| 940 | if ((con->kssl_ctx = kssl_ctx_new()) != NULL) | 1622 | if ((con->kssl_ctx = kssl_ctx_new()) != NULL) |
| 941 | { | 1623 | { |
| @@ -951,7 +1633,39 @@ static int sv_body(char *hostname, int s, unsigned char *context) | |||
| 951 | } | 1633 | } |
| 952 | SSL_clear(con); | 1634 | SSL_clear(con); |
| 953 | 1635 | ||
| 954 | sbio=BIO_new_socket(s,BIO_NOCLOSE); | 1636 | if (SSL_version(con) == DTLS1_VERSION) |
| 1637 | { | ||
| 1638 | struct timeval timeout; | ||
| 1639 | |||
| 1640 | sbio=BIO_new_dgram(s,BIO_NOCLOSE); | ||
| 1641 | |||
| 1642 | if ( enable_timeouts) | ||
| 1643 | { | ||
| 1644 | timeout.tv_sec = 0; | ||
| 1645 | timeout.tv_usec = DGRAM_RCV_TIMEOUT; | ||
| 1646 | BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_RECV_TIMEOUT, 0, &timeout); | ||
| 1647 | |||
| 1648 | timeout.tv_sec = 0; | ||
| 1649 | timeout.tv_usec = DGRAM_SND_TIMEOUT; | ||
| 1650 | BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_SEND_TIMEOUT, 0, &timeout); | ||
| 1651 | } | ||
| 1652 | |||
| 1653 | |||
| 1654 | if ( mtu > 0) | ||
| 1655 | { | ||
| 1656 | SSL_set_options(con, SSL_OP_NO_QUERY_MTU); | ||
| 1657 | SSL_set_mtu(con, mtu); | ||
| 1658 | } | ||
| 1659 | else | ||
| 1660 | /* want to do MTU discovery */ | ||
| 1661 | BIO_ctrl(sbio, BIO_CTRL_DGRAM_MTU_DISCOVER, 0, NULL); | ||
| 1662 | |||
| 1663 | /* turn on cookie exchange */ | ||
| 1664 | SSL_set_options(con, SSL_OP_COOKIE_EXCHANGE); | ||
| 1665 | } | ||
| 1666 | else | ||
| 1667 | sbio=BIO_new_socket(s,BIO_NOCLOSE); | ||
| 1668 | |||
| 955 | if (s_nbio_test) | 1669 | if (s_nbio_test) |
| 956 | { | 1670 | { |
| 957 | BIO *test; | 1671 | BIO *test; |
| @@ -966,14 +1680,21 @@ static int sv_body(char *hostname, int s, unsigned char *context) | |||
| 966 | if (s_debug) | 1680 | if (s_debug) |
| 967 | { | 1681 | { |
| 968 | con->debug=1; | 1682 | con->debug=1; |
| 969 | BIO_set_callback(SSL_get_rbio(con),bio_dump_cb); | 1683 | BIO_set_callback(SSL_get_rbio(con),bio_dump_callback); |
| 970 | BIO_set_callback_arg(SSL_get_rbio(con),bio_s_out); | 1684 | BIO_set_callback_arg(SSL_get_rbio(con),(char *)bio_s_out); |
| 971 | } | 1685 | } |
| 972 | if (s_msg) | 1686 | if (s_msg) |
| 973 | { | 1687 | { |
| 974 | SSL_set_msg_callback(con, msg_cb); | 1688 | SSL_set_msg_callback(con, msg_cb); |
| 975 | SSL_set_msg_callback_arg(con, bio_s_out); | 1689 | SSL_set_msg_callback_arg(con, bio_s_out); |
| 976 | } | 1690 | } |
| 1691 | #ifndef OPENSSL_NO_TLSEXT | ||
| 1692 | if (s_tlsextdebug) | ||
| 1693 | { | ||
| 1694 | SSL_set_tlsext_debug_callback(con, tlsext_cb); | ||
| 1695 | SSL_set_tlsext_debug_arg(con, bio_s_out); | ||
| 1696 | } | ||
| 1697 | #endif | ||
| 977 | 1698 | ||
| 978 | width=s+1; | 1699 | width=s+1; |
| 979 | for (;;) | 1700 | for (;;) |
| @@ -987,7 +1708,7 @@ static int sv_body(char *hostname, int s, unsigned char *context) | |||
| 987 | if (!read_from_sslcon) | 1708 | if (!read_from_sslcon) |
| 988 | { | 1709 | { |
| 989 | FD_ZERO(&readfds); | 1710 | FD_ZERO(&readfds); |
| 990 | #if !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_MSDOS) | 1711 | #if !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_NETWARE) |
| 991 | FD_SET(fileno(stdin),&readfds); | 1712 | FD_SET(fileno(stdin),&readfds); |
| 992 | #endif | 1713 | #endif |
| 993 | FD_SET(s,&readfds); | 1714 | FD_SET(s,&readfds); |
| @@ -997,7 +1718,7 @@ static int sv_body(char *hostname, int s, unsigned char *context) | |||
| 997 | * the compiler: if you do have a cast then you can either | 1718 | * the compiler: if you do have a cast then you can either |
| 998 | * go for (int *) or (void *). | 1719 | * go for (int *) or (void *). |
| 999 | */ | 1720 | */ |
| 1000 | #if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) | 1721 | #if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_NETWARE) |
| 1001 | /* Under DOS (non-djgpp) and Windows we can't select on stdin: only | 1722 | /* Under DOS (non-djgpp) and Windows we can't select on stdin: only |
| 1002 | * on sockets. As a workaround we timeout the select every | 1723 | * on sockets. As a workaround we timeout the select every |
| 1003 | * second and check for any keypress. In a proper Windows | 1724 | * second and check for any keypress. In a proper Windows |
| @@ -1057,7 +1778,8 @@ static int sv_body(char *hostname, int s, unsigned char *context) | |||
| 1057 | if ((i <= 0) || (buf[0] == 'q')) | 1778 | if ((i <= 0) || (buf[0] == 'q')) |
| 1058 | { | 1779 | { |
| 1059 | BIO_printf(bio_s_out,"DONE\n"); | 1780 | BIO_printf(bio_s_out,"DONE\n"); |
| 1060 | SHUTDOWN(s); | 1781 | if (SSL_version(con) != DTLS1_VERSION) |
| 1782 | SHUTDOWN(s); | ||
| 1061 | /* close_accept_socket(); | 1783 | /* close_accept_socket(); |
| 1062 | ret= -11;*/ | 1784 | ret= -11;*/ |
| 1063 | goto err; | 1785 | goto err; |
| @@ -1086,7 +1808,7 @@ static int sv_body(char *hostname, int s, unsigned char *context) | |||
| 1086 | } | 1808 | } |
| 1087 | if (buf[0] == 'P') | 1809 | if (buf[0] == 'P') |
| 1088 | { | 1810 | { |
| 1089 | static char *str="Lets print some clear text\n"; | 1811 | static const char *str="Lets print some clear text\n"; |
| 1090 | BIO_write(SSL_get_wbio(con),str,strlen(str)); | 1812 | BIO_write(SSL_get_wbio(con),str,strlen(str)); |
| 1091 | } | 1813 | } |
| 1092 | if (buf[0] == 'S') | 1814 | if (buf[0] == 'S') |
| @@ -1270,7 +1992,7 @@ static int init_ssl_connection(SSL *con) | |||
| 1270 | } | 1992 | } |
| 1271 | 1993 | ||
| 1272 | #ifndef OPENSSL_NO_DH | 1994 | #ifndef OPENSSL_NO_DH |
| 1273 | static DH *load_dh_param(char *dhfile) | 1995 | static DH *load_dh_param(const char *dhfile) |
| 1274 | { | 1996 | { |
| 1275 | DH *ret=NULL; | 1997 | DH *ret=NULL; |
| 1276 | BIO *bio; | 1998 | BIO *bio; |
| @@ -1338,6 +2060,13 @@ static int www_body(char *hostname, int s, unsigned char *context) | |||
| 1338 | if (!BIO_set_write_buffer_size(io,bufsize)) goto err; | 2060 | if (!BIO_set_write_buffer_size(io,bufsize)) goto err; |
| 1339 | 2061 | ||
| 1340 | if ((con=SSL_new(ctx)) == NULL) goto err; | 2062 | if ((con=SSL_new(ctx)) == NULL) goto err; |
| 2063 | #ifndef OPENSSL_NO_TLSEXT | ||
| 2064 | if (s_tlsextdebug) | ||
| 2065 | { | ||
| 2066 | SSL_set_tlsext_debug_callback(con, tlsext_cb); | ||
| 2067 | SSL_set_tlsext_debug_arg(con, bio_s_out); | ||
| 2068 | } | ||
| 2069 | #endif | ||
| 1341 | #ifndef OPENSSL_NO_KRB5 | 2070 | #ifndef OPENSSL_NO_KRB5 |
| 1342 | if ((con->kssl_ctx = kssl_ctx_new()) != NULL) | 2071 | if ((con->kssl_ctx = kssl_ctx_new()) != NULL) |
| 1343 | { | 2072 | { |
| @@ -1369,8 +2098,8 @@ static int www_body(char *hostname, int s, unsigned char *context) | |||
| 1369 | if (s_debug) | 2098 | if (s_debug) |
| 1370 | { | 2099 | { |
| 1371 | con->debug=1; | 2100 | con->debug=1; |
| 1372 | BIO_set_callback(SSL_get_rbio(con),bio_dump_cb); | 2101 | BIO_set_callback(SSL_get_rbio(con),bio_dump_callback); |
| 1373 | BIO_set_callback_arg(SSL_get_rbio(con),bio_s_out); | 2102 | BIO_set_callback_arg(SSL_get_rbio(con),(char *)bio_s_out); |
| 1374 | } | 2103 | } |
| 1375 | if (s_msg) | 2104 | if (s_msg) |
| 1376 | { | 2105 | { |
| @@ -1417,7 +2146,9 @@ static int www_body(char *hostname, int s, unsigned char *context) | |||
| 1417 | else | 2146 | else |
| 1418 | { | 2147 | { |
| 1419 | BIO_printf(bio_s_out,"read R BLOCK\n"); | 2148 | BIO_printf(bio_s_out,"read R BLOCK\n"); |
| 1420 | #if !defined(OPENSSL_SYS_MSDOS) && !defined(__DJGPP__) | 2149 | #if defined(OPENSSL_SYS_NETWARE) |
| 2150 | delay(1000); | ||
| 2151 | #elif !defined(OPENSSL_SYS_MSDOS) && !defined(__DJGPP__) | ||
| 1421 | sleep(1); | 2152 | sleep(1); |
| 1422 | #endif | 2153 | #endif |
| 1423 | continue; | 2154 | continue; |
| @@ -1436,7 +2167,7 @@ static int www_body(char *hostname, int s, unsigned char *context) | |||
| 1436 | char *p; | 2167 | char *p; |
| 1437 | X509 *peer; | 2168 | X509 *peer; |
| 1438 | STACK_OF(SSL_CIPHER) *sk; | 2169 | STACK_OF(SSL_CIPHER) *sk; |
| 1439 | static char *space=" "; | 2170 | static const char *space=" "; |
| 1440 | 2171 | ||
| 1441 | BIO_puts(io,"HTTP/1.0 200 ok\r\nContent-type: text/html\r\n\r\n"); | 2172 | BIO_puts(io,"HTTP/1.0 200 ok\r\nContent-type: text/html\r\n\r\n"); |
| 1442 | BIO_puts(io,"<HTML><BODY BGCOLOR=\"#ffffff\">\n"); | 2173 | BIO_puts(io,"<HTML><BODY BGCOLOR=\"#ffffff\">\n"); |
| @@ -1516,7 +2247,7 @@ static int www_body(char *hostname, int s, unsigned char *context) | |||
| 1516 | { | 2247 | { |
| 1517 | BIO *file; | 2248 | BIO *file; |
| 1518 | char *p,*e; | 2249 | char *p,*e; |
| 1519 | static char *text="HTTP/1.0 200 ok\r\nContent-type: text/plain\r\n\r\n"; | 2250 | static const char *text="HTTP/1.0 200 ok\r\nContent-type: text/plain\r\n\r\n"; |
| 1520 | 2251 | ||
| 1521 | /* skip the '/' */ | 2252 | /* skip the '/' */ |
| 1522 | p= &(buf[5]); | 2253 | p= &(buf[5]); |
| @@ -1692,21 +2423,30 @@ err: | |||
| 1692 | #ifndef OPENSSL_NO_RSA | 2423 | #ifndef OPENSSL_NO_RSA |
| 1693 | static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int is_export, int keylength) | 2424 | static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int is_export, int keylength) |
| 1694 | { | 2425 | { |
| 2426 | BIGNUM *bn = NULL; | ||
| 1695 | static RSA *rsa_tmp=NULL; | 2427 | static RSA *rsa_tmp=NULL; |
| 1696 | 2428 | ||
| 1697 | if (rsa_tmp == NULL) | 2429 | if (!rsa_tmp && ((bn = BN_new()) == NULL)) |
| 2430 | BIO_printf(bio_err,"Allocation error in generating RSA key\n"); | ||
| 2431 | if (!rsa_tmp && bn) | ||
| 1698 | { | 2432 | { |
| 1699 | if (!s_quiet) | 2433 | if (!s_quiet) |
| 1700 | { | 2434 | { |
| 1701 | BIO_printf(bio_err,"Generating temp (%d bit) RSA key...",keylength); | 2435 | BIO_printf(bio_err,"Generating temp (%d bit) RSA key...",keylength); |
| 1702 | (void)BIO_flush(bio_err); | 2436 | (void)BIO_flush(bio_err); |
| 1703 | } | 2437 | } |
| 1704 | rsa_tmp=RSA_generate_key(keylength,RSA_F4,NULL,NULL); | 2438 | if(!BN_set_word(bn, RSA_F4) || ((rsa_tmp = RSA_new()) == NULL) || |
| 2439 | !RSA_generate_key_ex(rsa_tmp, keylength, bn, NULL)) | ||
| 2440 | { | ||
| 2441 | if(rsa_tmp) RSA_free(rsa_tmp); | ||
| 2442 | rsa_tmp = NULL; | ||
| 2443 | } | ||
| 1705 | if (!s_quiet) | 2444 | if (!s_quiet) |
| 1706 | { | 2445 | { |
| 1707 | BIO_printf(bio_err,"\n"); | 2446 | BIO_printf(bio_err,"\n"); |
| 1708 | (void)BIO_flush(bio_err); | 2447 | (void)BIO_flush(bio_err); |
| 1709 | } | 2448 | } |
| 2449 | BN_free(bn); | ||
| 1710 | } | 2450 | } |
| 1711 | return(rsa_tmp); | 2451 | return(rsa_tmp); |
| 1712 | } | 2452 | } |
diff --git a/src/lib/libssl/src/apps/s_socket.c b/src/lib/libssl/src/apps/s_socket.c index d9fad2d1d7..981650bddd 100644 --- a/src/lib/libssl/src/apps/s_socket.c +++ b/src/lib/libssl/src/apps/s_socket.c | |||
| @@ -62,8 +62,6 @@ | |||
| 62 | #include <errno.h> | 62 | #include <errno.h> |
| 63 | #include <signal.h> | 63 | #include <signal.h> |
| 64 | 64 | ||
| 65 | #include <openssl/e_os2.h> | ||
| 66 | |||
| 67 | /* With IPv6, it looks like Digital has mixed up the proper order of | 65 | /* With IPv6, it looks like Digital has mixed up the proper order of |
| 68 | recursive header file inclusion, resulting in the compiler complaining | 66 | recursive header file inclusion, resulting in the compiler complaining |
| 69 | that u_int isn't defined, but only if _POSIX_C_SOURCE is defined, which | 67 | that u_int isn't defined, but only if _POSIX_C_SOURCE is defined, which |
| @@ -81,13 +79,25 @@ typedef unsigned int u_int; | |||
| 81 | #include "s_apps.h" | 79 | #include "s_apps.h" |
| 82 | #include <openssl/ssl.h> | 80 | #include <openssl/ssl.h> |
| 83 | 81 | ||
| 82 | #ifdef FLAT_INC | ||
| 83 | #include "e_os.h" | ||
| 84 | #else | ||
| 85 | #include "../e_os.h" | ||
| 86 | #endif | ||
| 87 | |||
| 88 | #ifndef OPENSSL_NO_SOCK | ||
| 89 | |||
| 90 | #if defined(OPENSSL_SYS_NETWARE) && defined(NETWARE_BSDSOCK) | ||
| 91 | #include "netdb.h" | ||
| 92 | #endif | ||
| 93 | |||
| 84 | static struct hostent *GetHostByName(char *name); | 94 | static struct hostent *GetHostByName(char *name); |
| 85 | #ifdef OPENSSL_SYS_WINDOWS | 95 | #if defined(OPENSSL_SYS_WINDOWS) || (defined(OPENSSL_SYS_NETWARE) && !defined(NETWARE_BSDSOCK)) |
| 86 | static void ssl_sock_cleanup(void); | 96 | static void ssl_sock_cleanup(void); |
| 87 | #endif | 97 | #endif |
| 88 | static int ssl_sock_init(void); | 98 | static int ssl_sock_init(void); |
| 89 | static int init_server(int *sock, int port); | 99 | static int init_server(int *sock, int port, int type); |
| 90 | static int init_server_long(int *sock, int port,char *ip); | 100 | static int init_server_long(int *sock, int port,char *ip, int type); |
| 91 | static int do_accept(int acc_sock, int *sock, char **host); | 101 | static int do_accept(int acc_sock, int *sock, char **host); |
| 92 | 102 | ||
| 93 | #ifdef OPENSSL_SYS_WIN16 | 103 | #ifdef OPENSSL_SYS_WIN16 |
| @@ -96,6 +106,10 @@ static int do_accept(int acc_sock, int *sock, char **host); | |||
| 96 | #define SOCKET_PROTOCOL IPPROTO_TCP | 106 | #define SOCKET_PROTOCOL IPPROTO_TCP |
| 97 | #endif | 107 | #endif |
| 98 | 108 | ||
| 109 | #if defined(OPENSSL_SYS_NETWARE) && !defined(NETWARE_BSDSOCK) | ||
| 110 | static int wsa_init_done=0; | ||
| 111 | #endif | ||
| 112 | |||
| 99 | #ifdef OPENSSL_SYS_WINDOWS | 113 | #ifdef OPENSSL_SYS_WINDOWS |
| 100 | static struct WSAData wsa_state; | 114 | static struct WSAData wsa_state; |
| 101 | static int wsa_init_done=0; | 115 | static int wsa_init_done=0; |
| @@ -144,6 +158,15 @@ static void ssl_sock_cleanup(void) | |||
| 144 | WSACleanup(); | 158 | WSACleanup(); |
| 145 | } | 159 | } |
| 146 | } | 160 | } |
| 161 | #elif defined(OPENSSL_SYS_NETWARE) && !defined(NETWARE_BSDSOCK) | ||
| 162 | static void sock_cleanup(void) | ||
| 163 | { | ||
| 164 | if (wsa_init_done) | ||
| 165 | { | ||
| 166 | wsa_init_done=0; | ||
| 167 | WSACleanup(); | ||
| 168 | } | ||
| 169 | } | ||
| 147 | #endif | 170 | #endif |
| 148 | 171 | ||
| 149 | static int ssl_sock_init(void) | 172 | static int ssl_sock_init(void) |
| @@ -178,20 +201,43 @@ static int ssl_sock_init(void) | |||
| 178 | SetWindowLong(topWnd,GWL_WNDPROC,(LONG)lpTopHookProc); | 201 | SetWindowLong(topWnd,GWL_WNDPROC,(LONG)lpTopHookProc); |
| 179 | #endif /* OPENSSL_SYS_WIN16 */ | 202 | #endif /* OPENSSL_SYS_WIN16 */ |
| 180 | } | 203 | } |
| 204 | #elif defined(OPENSSL_SYS_NETWARE) && !defined(NETWARE_BSDSOCK) | ||
| 205 | WORD wVerReq; | ||
| 206 | WSADATA wsaData; | ||
| 207 | int err; | ||
| 208 | |||
| 209 | if (!wsa_init_done) | ||
| 210 | { | ||
| 211 | |||
| 212 | # ifdef SIGINT | ||
| 213 | signal(SIGINT,(void (*)(int))sock_cleanup); | ||
| 214 | # endif | ||
| 215 | |||
| 216 | wsa_init_done=1; | ||
| 217 | wVerReq = MAKEWORD( 2, 0 ); | ||
| 218 | err = WSAStartup(wVerReq,&wsaData); | ||
| 219 | if (err != 0) | ||
| 220 | { | ||
| 221 | BIO_printf(bio_err,"unable to start WINSOCK2, error code=%d\n",err); | ||
| 222 | return(0); | ||
| 223 | } | ||
| 224 | } | ||
| 181 | #endif /* OPENSSL_SYS_WINDOWS */ | 225 | #endif /* OPENSSL_SYS_WINDOWS */ |
| 182 | return(1); | 226 | return(1); |
| 183 | } | 227 | } |
| 184 | 228 | ||
| 185 | int init_client(int *sock, char *host, char *port, int af) | 229 | int init_client(int *sock, char *host, int port, int type, int af) |
| 186 | { | 230 | { |
| 187 | struct addrinfo hints, *ai_top, *ai; | 231 | struct addrinfo hints, *ai_top, *ai; |
| 188 | int i, s; | 232 | int i, s; |
| 233 | char port_s[NI_MAXSERV]; | ||
| 189 | 234 | ||
| 190 | memset(&hints, '\0', sizeof(hints)); | 235 | memset(&hints, '\0', sizeof(hints)); |
| 191 | hints.ai_family = af; | 236 | hints.ai_family = af; |
| 192 | hints.ai_socktype = SOCK_STREAM; | 237 | hints.ai_socktype = type; |
| 193 | 238 | ||
| 194 | if ((i = getaddrinfo(host, port, &hints, &ai_top)) != 0 || | 239 | snprintf(port_s, sizeof(port_s), "%d", port); |
| 240 | if ((i = getaddrinfo(host, port_s, &hints, &ai_top)) != 0 || | ||
| 195 | ai_top == NULL || ai_top->ai_addr == NULL) | 241 | ai_top == NULL || ai_top->ai_addr == NULL) |
| 196 | { | 242 | { |
| 197 | BIO_printf(bio_err,"getaddrinfo: %s\n", gai_strerror(i)); | 243 | BIO_printf(bio_err,"getaddrinfo: %s\n", gai_strerror(i)); |
| @@ -203,9 +249,12 @@ int init_client(int *sock, char *host, char *port, int af) | |||
| 203 | s=socket(ai->ai_addr->sa_family, SOCK_STREAM, SOCKET_PROTOCOL); | 249 | s=socket(ai->ai_addr->sa_family, SOCK_STREAM, SOCKET_PROTOCOL); |
| 204 | if (s == INVALID_SOCKET) { continue; } | 250 | if (s == INVALID_SOCKET) { continue; } |
| 205 | #ifndef OPENSSL_SYS_MPE | 251 | #ifndef OPENSSL_SYS_MPE |
| 252 | if (type == SOCK_STREAM) | ||
| 253 | { | ||
| 206 | i=0; | 254 | i=0; |
| 207 | i=setsockopt(s,SOL_SOCKET,SO_KEEPALIVE,(char *)&i,sizeof(i)); | 255 | i=setsockopt(s,SOL_SOCKET,SO_KEEPALIVE,(char *)&i,sizeof(i)); |
| 208 | if (i == -1) { close(s); continue; } | 256 | if (i < 0) { perror("keepalive"); return(0); } |
| 257 | } | ||
| 209 | #endif | 258 | #endif |
| 210 | if ((i = connect(s, ai->ai_addr, ai->ai_addr->sa_len)) == 0) | 259 | if ((i = connect(s, ai->ai_addr, ai->ai_addr->sa_len)) == 0) |
| 211 | { *sock=s; freeaddrinfo(ai_top); return (1);} | 260 | { *sock=s; freeaddrinfo(ai_top); return (1);} |
| @@ -219,30 +268,36 @@ int init_client(int *sock, char *host, char *port, int af) | |||
| 219 | return(0); | 268 | return(0); |
| 220 | } | 269 | } |
| 221 | 270 | ||
| 222 | int do_server(int port, int *ret, int (*cb)(), char *context) | 271 | int do_server(int port, int type, int *ret, int (*cb)(char *hostname, int s, unsigned char *context), unsigned char *context) |
| 223 | { | 272 | { |
| 224 | int sock; | 273 | int sock; |
| 225 | char *name; | 274 | char *name = NULL; |
| 226 | int accept_socket; | 275 | int accept_socket; |
| 227 | int i; | 276 | int i; |
| 228 | 277 | ||
| 229 | if (!init_server(&accept_socket,port)) return(0); | 278 | if (!init_server(&accept_socket,port,type)) return(0); |
| 230 | 279 | ||
| 231 | if (ret != NULL) | 280 | if (ret != NULL) |
| 232 | { | 281 | { |
| 233 | *ret=accept_socket; | 282 | *ret=accept_socket; |
| 234 | /* return(1);*/ | 283 | /* return(1);*/ |
| 235 | } | 284 | } |
| 236 | for (;;) | 285 | for (;;) |
| 237 | { | 286 | { |
| 238 | if (do_accept(accept_socket,&sock,&name) == 0) | 287 | if (type==SOCK_STREAM) |
| 239 | { | 288 | { |
| 240 | SHUTDOWN(accept_socket); | 289 | if (do_accept(accept_socket,&sock,&name) == 0) |
| 241 | return(0); | 290 | { |
| 291 | SHUTDOWN(accept_socket); | ||
| 292 | return(0); | ||
| 293 | } | ||
| 242 | } | 294 | } |
| 295 | else | ||
| 296 | sock = accept_socket; | ||
| 243 | i=(*cb)(name,sock, context); | 297 | i=(*cb)(name,sock, context); |
| 244 | if (name != NULL) OPENSSL_free(name); | 298 | if (name != NULL) OPENSSL_free(name); |
| 245 | SHUTDOWN2(sock); | 299 | if (type==SOCK_STREAM) |
| 300 | SHUTDOWN2(sock); | ||
| 246 | if (i < 0) | 301 | if (i < 0) |
| 247 | { | 302 | { |
| 248 | SHUTDOWN2(accept_socket); | 303 | SHUTDOWN2(accept_socket); |
| @@ -251,7 +306,7 @@ int do_server(int port, int *ret, int (*cb)(), char *context) | |||
| 251 | } | 306 | } |
| 252 | } | 307 | } |
| 253 | 308 | ||
| 254 | static int init_server_long(int *sock, int port, char *ip) | 309 | static int init_server_long(int *sock, int port, char *ip, int type) |
| 255 | { | 310 | { |
| 256 | int ret=0; | 311 | int ret=0; |
| 257 | struct sockaddr_in server; | 312 | struct sockaddr_in server; |
| @@ -271,7 +326,11 @@ static int init_server_long(int *sock, int port, char *ip) | |||
| 271 | #else | 326 | #else |
| 272 | memcpy(&server.sin_addr,ip,4); | 327 | memcpy(&server.sin_addr,ip,4); |
| 273 | #endif | 328 | #endif |
| 274 | s=socket(AF_INET,SOCK_STREAM,SOCKET_PROTOCOL); | 329 | |
| 330 | if (type == SOCK_STREAM) | ||
| 331 | s=socket(AF_INET,SOCK_STREAM,SOCKET_PROTOCOL); | ||
| 332 | else /* type == SOCK_DGRAM */ | ||
| 333 | s=socket(AF_INET, SOCK_DGRAM,IPPROTO_UDP); | ||
| 275 | 334 | ||
| 276 | if (s == INVALID_SOCKET) goto err; | 335 | if (s == INVALID_SOCKET) goto err; |
| 277 | #if defined SOL_SOCKET && defined SO_REUSEADDR | 336 | #if defined SOL_SOCKET && defined SO_REUSEADDR |
| @@ -289,7 +348,7 @@ static int init_server_long(int *sock, int port, char *ip) | |||
| 289 | goto err; | 348 | goto err; |
| 290 | } | 349 | } |
| 291 | /* Make it 128 for linux */ | 350 | /* Make it 128 for linux */ |
| 292 | if (listen(s,128) == -1) goto err; | 351 | if (type==SOCK_STREAM && listen(s,128) == -1) goto err; |
| 293 | i=0; | 352 | i=0; |
| 294 | *sock=s; | 353 | *sock=s; |
| 295 | ret=1; | 354 | ret=1; |
| @@ -301,9 +360,9 @@ err: | |||
| 301 | return(ret); | 360 | return(ret); |
| 302 | } | 361 | } |
| 303 | 362 | ||
| 304 | static int init_server(int *sock, int port) | 363 | static int init_server(int *sock, int port, int type) |
| 305 | { | 364 | { |
| 306 | return(init_server_long(sock, port, NULL)); | 365 | return(init_server_long(sock, port, NULL, type)); |
| 307 | } | 366 | } |
| 308 | 367 | ||
| 309 | static int do_accept(int acc_sock, int *sock, char **host) | 368 | static int do_accept(int acc_sock, int *sock, char **host) |
| @@ -330,7 +389,7 @@ redoit: | |||
| 330 | ret=accept(acc_sock,(struct sockaddr *)&from,(void *)&len); | 389 | ret=accept(acc_sock,(struct sockaddr *)&from,(void *)&len); |
| 331 | if (ret == INVALID_SOCKET) | 390 | if (ret == INVALID_SOCKET) |
| 332 | { | 391 | { |
| 333 | #ifdef OPENSSL_SYS_WINDOWS | 392 | #if defined(OPENSSL_SYS_WINDOWS) || (defined(OPENSSL_SYS_NETWARE) && !defined(NETWARE_BSDSOCK)) |
| 334 | i=WSAGetLastError(); | 393 | i=WSAGetLastError(); |
| 335 | BIO_printf(bio_err,"accept error %d\n",i); | 394 | BIO_printf(bio_err,"accept error %d\n",i); |
| 336 | #else | 395 | #else |
| @@ -495,3 +554,5 @@ static struct hostent *GetHostByName(char *name) | |||
| 495 | return(ret); | 554 | return(ret); |
| 496 | } | 555 | } |
| 497 | } | 556 | } |
| 557 | |||
| 558 | #endif | ||
diff --git a/src/lib/libssl/src/apps/s_time.c b/src/lib/libssl/src/apps/s_time.c index 7d47057465..904945e1a8 100644 --- a/src/lib/libssl/src/apps/s_time.c +++ b/src/lib/libssl/src/apps/s_time.c | |||
| @@ -85,7 +85,7 @@ | |||
| 85 | #include OPENSSL_UNISTD | 85 | #include OPENSSL_UNISTD |
| 86 | #endif | 86 | #endif |
| 87 | 87 | ||
| 88 | #if !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_VXWORKS) && (!defined(OPENSSL_SYS_VMS) || defined(__DECC)) | 88 | #if !defined(OPENSSL_SYS_NETWARE) && !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_VXWORKS) && (!defined(OPENSSL_SYS_VMS) || defined(__DECC)) |
| 89 | #define TIMES | 89 | #define TIMES |
| 90 | #endif | 90 | #endif |
| 91 | 91 | ||
| @@ -105,7 +105,7 @@ | |||
| 105 | #undef TIMES | 105 | #undef TIMES |
| 106 | #endif | 106 | #endif |
| 107 | 107 | ||
| 108 | #if !defined(TIMES) && !defined(OPENSSL_SYS_VXWORKS) | 108 | #if !defined(TIMES) && !defined(OPENSSL_SYS_VXWORKS) && !defined(OPENSSL_SYS_NETWARE) |
| 109 | #include <sys/timeb.h> | 109 | #include <sys/timeb.h> |
| 110 | #endif | 110 | #endif |
| 111 | 111 | ||
| @@ -384,6 +384,20 @@ static double tm_Time_F(int s) | |||
| 384 | ret=((double)(tend.tms_utime-tstart.tms_utime))/HZ; | 384 | ret=((double)(tend.tms_utime-tstart.tms_utime))/HZ; |
| 385 | return((ret == 0.0)?1e-6:ret); | 385 | return((ret == 0.0)?1e-6:ret); |
| 386 | } | 386 | } |
| 387 | #elif defined(OPENSSL_SYS_NETWARE) | ||
| 388 | static clock_t tstart,tend; | ||
| 389 | |||
| 390 | if (s == START) | ||
| 391 | { | ||
| 392 | tstart=clock(); | ||
| 393 | return(0); | ||
| 394 | } | ||
| 395 | else | ||
| 396 | { | ||
| 397 | tend=clock(); | ||
| 398 | ret=(double)((double)(tend)-(double)(tstart)); | ||
| 399 | return((ret < 0.001)?0.001:ret); | ||
| 400 | } | ||
| 387 | #elif defined(OPENSSL_SYS_VXWORKS) | 401 | #elif defined(OPENSSL_SYS_VXWORKS) |
| 388 | { | 402 | { |
| 389 | static unsigned long tick_start, tick_end; | 403 | static unsigned long tick_start, tick_end; |
diff --git a/src/lib/libssl/src/apps/sess_id.c b/src/lib/libssl/src/apps/sess_id.c index d91d84d220..b99179f276 100644 --- a/src/lib/libssl/src/apps/sess_id.c +++ b/src/lib/libssl/src/apps/sess_id.c | |||
| @@ -69,7 +69,7 @@ | |||
| 69 | #undef PROG | 69 | #undef PROG |
| 70 | #define PROG sess_id_main | 70 | #define PROG sess_id_main |
| 71 | 71 | ||
| 72 | static char *sess_id_usage[]={ | 72 | static const char *sess_id_usage[]={ |
| 73 | "usage: sess_id args\n", | 73 | "usage: sess_id args\n", |
| 74 | "\n", | 74 | "\n", |
| 75 | " -inform arg - input format - default PEM (DER or PEM)\n", | 75 | " -inform arg - input format - default PEM (DER or PEM)\n", |
| @@ -95,7 +95,7 @@ int MAIN(int argc, char **argv) | |||
| 95 | int informat,outformat; | 95 | int informat,outformat; |
| 96 | char *infile=NULL,*outfile=NULL,*context=NULL; | 96 | char *infile=NULL,*outfile=NULL,*context=NULL; |
| 97 | int cert=0,noout=0,text=0; | 97 | int cert=0,noout=0,text=0; |
| 98 | char **pp; | 98 | const char **pp; |
| 99 | 99 | ||
| 100 | apps_startup(); | 100 | apps_startup(); |
| 101 | 101 | ||
| @@ -241,7 +241,7 @@ bad: | |||
| 241 | if (!noout && !cert) | 241 | if (!noout && !cert) |
| 242 | { | 242 | { |
| 243 | if (outformat == FORMAT_ASN1) | 243 | if (outformat == FORMAT_ASN1) |
| 244 | i=(int)i2d_SSL_SESSION_bio(out,x); | 244 | i=i2d_SSL_SESSION_bio(out,x); |
| 245 | else if (outformat == FORMAT_PEM) | 245 | else if (outformat == FORMAT_PEM) |
| 246 | i=PEM_write_bio_SSL_SESSION(out,x); | 246 | i=PEM_write_bio_SSL_SESSION(out,x); |
| 247 | else { | 247 | else { |
diff --git a/src/lib/libssl/src/apps/smime.c b/src/lib/libssl/src/apps/smime.c index 51bc893ffa..ce8a1cbecb 100644 --- a/src/lib/libssl/src/apps/smime.c +++ b/src/lib/libssl/src/apps/smime.c | |||
| @@ -1,9 +1,9 @@ | |||
| 1 | /* smime.c */ | 1 | /* smime.c */ |
| 2 | /* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL | 2 | /* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL |
| 3 | * project 1999. | 3 | * project. |
| 4 | */ | 4 | */ |
| 5 | /* ==================================================================== | 5 | /* ==================================================================== |
| 6 | * Copyright (c) 1999 The OpenSSL Project. All rights reserved. | 6 | * Copyright (c) 1999-2004 The OpenSSL Project. All rights reserved. |
| 7 | * | 7 | * |
| 8 | * Redistribution and use in source and binary forms, with or without | 8 | * Redistribution and use in source and binary forms, with or without |
| 9 | * modification, are permitted provided that the following conditions | 9 | * modification, are permitted provided that the following conditions |
| @@ -64,10 +64,13 @@ | |||
| 64 | #include <openssl/crypto.h> | 64 | #include <openssl/crypto.h> |
| 65 | #include <openssl/pem.h> | 65 | #include <openssl/pem.h> |
| 66 | #include <openssl/err.h> | 66 | #include <openssl/err.h> |
| 67 | #include <openssl/x509_vfy.h> | ||
| 68 | #include <openssl/x509v3.h> | ||
| 67 | 69 | ||
| 68 | #undef PROG | 70 | #undef PROG |
| 69 | #define PROG smime_main | 71 | #define PROG smime_main |
| 70 | static int save_certs(char *signerfile, STACK_OF(X509) *signers); | 72 | static int save_certs(char *signerfile, STACK_OF(X509) *signers); |
| 73 | static int smime_cb(int ok, X509_STORE_CTX *ctx); | ||
| 71 | 74 | ||
| 72 | #define SMIME_OP 0x10 | 75 | #define SMIME_OP 0x10 |
| 73 | #define SMIME_ENCRYPT (1 | SMIME_OP) | 76 | #define SMIME_ENCRYPT (1 | SMIME_OP) |
| @@ -79,12 +82,12 @@ static int save_certs(char *signerfile, STACK_OF(X509) *signers); | |||
| 79 | int MAIN(int, char **); | 82 | int MAIN(int, char **); |
| 80 | 83 | ||
| 81 | int MAIN(int argc, char **argv) | 84 | int MAIN(int argc, char **argv) |
| 82 | { | 85 | { |
| 83 | ENGINE *e = NULL; | 86 | ENGINE *e = NULL; |
| 84 | int operation = 0; | 87 | int operation = 0; |
| 85 | int ret = 0; | 88 | int ret = 0; |
| 86 | char **args; | 89 | char **args; |
| 87 | char *inmode = "r", *outmode = "w"; | 90 | const char *inmode = "r", *outmode = "w"; |
| 88 | char *infile = NULL, *outfile = NULL; | 91 | char *infile = NULL, *outfile = NULL; |
| 89 | char *signerfile = NULL, *recipfile = NULL; | 92 | char *signerfile = NULL, *recipfile = NULL; |
| 90 | char *certfile = NULL, *keyfile = NULL, *contfile=NULL; | 93 | char *certfile = NULL, *keyfile = NULL, *contfile=NULL; |
| @@ -96,7 +99,7 @@ int MAIN(int argc, char **argv) | |||
| 96 | STACK_OF(X509) *encerts = NULL, *other = NULL; | 99 | STACK_OF(X509) *encerts = NULL, *other = NULL; |
| 97 | BIO *in = NULL, *out = NULL, *indata = NULL; | 100 | BIO *in = NULL, *out = NULL, *indata = NULL; |
| 98 | int badarg = 0; | 101 | int badarg = 0; |
| 99 | int flags = PKCS7_DETACHED, store_flags = 0; | 102 | int flags = PKCS7_DETACHED; |
| 100 | char *to = NULL, *from = NULL, *subject = NULL; | 103 | char *to = NULL, *from = NULL, *subject = NULL; |
| 101 | char *CAfile = NULL, *CApath = NULL; | 104 | char *CAfile = NULL, *CApath = NULL; |
| 102 | char *passargin = NULL, *passin = NULL; | 105 | char *passargin = NULL, *passin = NULL; |
| @@ -108,30 +111,44 @@ int MAIN(int argc, char **argv) | |||
| 108 | char *engine=NULL; | 111 | char *engine=NULL; |
| 109 | #endif | 112 | #endif |
| 110 | 113 | ||
| 114 | X509_VERIFY_PARAM *vpm = NULL; | ||
| 115 | |||
| 111 | args = argv + 1; | 116 | args = argv + 1; |
| 112 | ret = 1; | 117 | ret = 1; |
| 113 | 118 | ||
| 114 | apps_startup(); | 119 | apps_startup(); |
| 115 | 120 | ||
| 116 | if (bio_err == NULL) | 121 | if (bio_err == NULL) |
| 122 | { | ||
| 117 | if ((bio_err = BIO_new(BIO_s_file())) != NULL) | 123 | if ((bio_err = BIO_new(BIO_s_file())) != NULL) |
| 118 | BIO_set_fp(bio_err, stderr, BIO_NOCLOSE|BIO_FP_TEXT); | 124 | BIO_set_fp(bio_err, stderr, BIO_NOCLOSE|BIO_FP_TEXT); |
| 125 | } | ||
| 119 | 126 | ||
| 120 | if (!load_config(bio_err, NULL)) | 127 | if (!load_config(bio_err, NULL)) |
| 121 | goto end; | 128 | goto end; |
| 122 | 129 | ||
| 123 | while (!badarg && *args && *args[0] == '-') { | 130 | while (!badarg && *args && *args[0] == '-') |
| 124 | if (!strcmp (*args, "-encrypt")) operation = SMIME_ENCRYPT; | 131 | { |
| 125 | else if (!strcmp (*args, "-decrypt")) operation = SMIME_DECRYPT; | 132 | if (!strcmp (*args, "-encrypt")) |
| 126 | else if (!strcmp (*args, "-sign")) operation = SMIME_SIGN; | 133 | operation = SMIME_ENCRYPT; |
| 127 | else if (!strcmp (*args, "-verify")) operation = SMIME_VERIFY; | 134 | else if (!strcmp (*args, "-decrypt")) |
| 128 | else if (!strcmp (*args, "-pk7out")) operation = SMIME_PK7OUT; | 135 | operation = SMIME_DECRYPT; |
| 136 | else if (!strcmp (*args, "-sign")) | ||
| 137 | operation = SMIME_SIGN; | ||
| 138 | else if (!strcmp (*args, "-verify")) | ||
| 139 | operation = SMIME_VERIFY; | ||
| 140 | else if (!strcmp (*args, "-pk7out")) | ||
| 141 | operation = SMIME_PK7OUT; | ||
| 129 | #ifndef OPENSSL_NO_DES | 142 | #ifndef OPENSSL_NO_DES |
| 130 | else if (!strcmp (*args, "-des3")) | 143 | else if (!strcmp (*args, "-des3")) |
| 131 | cipher = EVP_des_ede3_cbc(); | 144 | cipher = EVP_des_ede3_cbc(); |
| 132 | else if (!strcmp (*args, "-des")) | 145 | else if (!strcmp (*args, "-des")) |
| 133 | cipher = EVP_des_cbc(); | 146 | cipher = EVP_des_cbc(); |
| 134 | #endif | 147 | #endif |
| 148 | #ifndef OPENSSL_NO_SEED | ||
| 149 | else if (!strcmp (*args, "-seed")) | ||
| 150 | cipher = EVP_seed_cbc(); | ||
| 151 | #endif | ||
| 135 | #ifndef OPENSSL_NO_RC2 | 152 | #ifndef OPENSSL_NO_RC2 |
| 136 | else if (!strcmp (*args, "-rc2-40")) | 153 | else if (!strcmp (*args, "-rc2-40")) |
| 137 | cipher = EVP_rc2_40_cbc(); | 154 | cipher = EVP_rc2_40_cbc(); |
| @@ -148,6 +165,14 @@ int MAIN(int argc, char **argv) | |||
| 148 | else if (!strcmp(*args,"-aes256")) | 165 | else if (!strcmp(*args,"-aes256")) |
| 149 | cipher = EVP_aes_256_cbc(); | 166 | cipher = EVP_aes_256_cbc(); |
| 150 | #endif | 167 | #endif |
| 168 | #ifndef OPENSSL_NO_CAMELLIA | ||
| 169 | else if (!strcmp(*args,"-camellia128")) | ||
| 170 | cipher = EVP_camellia_128_cbc(); | ||
| 171 | else if (!strcmp(*args,"-camellia192")) | ||
| 172 | cipher = EVP_camellia_192_cbc(); | ||
| 173 | else if (!strcmp(*args,"-camellia256")) | ||
| 174 | cipher = EVP_camellia_256_cbc(); | ||
| 175 | #endif | ||
| 151 | else if (!strcmp (*args, "-text")) | 176 | else if (!strcmp (*args, "-text")) |
| 152 | flags |= PKCS7_TEXT; | 177 | flags |= PKCS7_TEXT; |
| 153 | else if (!strcmp (*args, "-nointern")) | 178 | else if (!strcmp (*args, "-nointern")) |
| @@ -172,127 +197,225 @@ int MAIN(int argc, char **argv) | |||
| 172 | flags |= PKCS7_NOOLDMIMETYPE; | 197 | flags |= PKCS7_NOOLDMIMETYPE; |
| 173 | else if (!strcmp (*args, "-crlfeol")) | 198 | else if (!strcmp (*args, "-crlfeol")) |
| 174 | flags |= PKCS7_CRLFEOL; | 199 | flags |= PKCS7_CRLFEOL; |
| 175 | else if (!strcmp (*args, "-crl_check")) | 200 | else if (!strcmp(*args,"-rand")) |
| 176 | store_flags |= X509_V_FLAG_CRL_CHECK; | 201 | { |
| 177 | else if (!strcmp (*args, "-crl_check_all")) | 202 | if (args[1]) |
| 178 | store_flags |= X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL; | 203 | { |
| 179 | else if (!strcmp(*args,"-rand")) { | ||
| 180 | if (args[1]) { | ||
| 181 | args++; | 204 | args++; |
| 182 | inrand = *args; | 205 | inrand = *args; |
| 183 | } else badarg = 1; | 206 | } |
| 207 | else | ||
| 208 | badarg = 1; | ||
| 184 | need_rand = 1; | 209 | need_rand = 1; |
| 210 | } | ||
| 185 | #ifndef OPENSSL_NO_ENGINE | 211 | #ifndef OPENSSL_NO_ENGINE |
| 186 | } else if (!strcmp(*args,"-engine")) { | 212 | else if (!strcmp(*args,"-engine")) |
| 187 | if (args[1]) { | 213 | { |
| 214 | if (args[1]) | ||
| 215 | { | ||
| 188 | args++; | 216 | args++; |
| 189 | engine = *args; | 217 | engine = *args; |
| 190 | } else badarg = 1; | 218 | } |
| 219 | else badarg = 1; | ||
| 220 | } | ||
| 191 | #endif | 221 | #endif |
| 192 | } else if (!strcmp(*args,"-passin")) { | 222 | else if (!strcmp(*args,"-passin")) |
| 193 | if (args[1]) { | 223 | { |
| 224 | if (args[1]) | ||
| 225 | { | ||
| 194 | args++; | 226 | args++; |
| 195 | passargin = *args; | 227 | passargin = *args; |
| 196 | } else badarg = 1; | 228 | } |
| 197 | } else if (!strcmp (*args, "-to")) { | 229 | else |
| 198 | if (args[1]) { | 230 | badarg = 1; |
| 231 | } | ||
| 232 | else if (!strcmp (*args, "-to")) | ||
| 233 | { | ||
| 234 | if (args[1]) | ||
| 235 | { | ||
| 199 | args++; | 236 | args++; |
| 200 | to = *args; | 237 | to = *args; |
| 201 | } else badarg = 1; | 238 | } |
| 202 | } else if (!strcmp (*args, "-from")) { | 239 | else |
| 203 | if (args[1]) { | 240 | badarg = 1; |
| 241 | } | ||
| 242 | else if (!strcmp (*args, "-from")) | ||
| 243 | { | ||
| 244 | if (args[1]) | ||
| 245 | { | ||
| 204 | args++; | 246 | args++; |
| 205 | from = *args; | 247 | from = *args; |
| 206 | } else badarg = 1; | 248 | } |
| 207 | } else if (!strcmp (*args, "-subject")) { | 249 | else badarg = 1; |
| 208 | if (args[1]) { | 250 | } |
| 251 | else if (!strcmp (*args, "-subject")) | ||
| 252 | { | ||
| 253 | if (args[1]) | ||
| 254 | { | ||
| 209 | args++; | 255 | args++; |
| 210 | subject = *args; | 256 | subject = *args; |
| 211 | } else badarg = 1; | 257 | } |
| 212 | } else if (!strcmp (*args, "-signer")) { | 258 | else |
| 213 | if (args[1]) { | 259 | badarg = 1; |
| 260 | } | ||
| 261 | else if (!strcmp (*args, "-signer")) | ||
| 262 | { | ||
| 263 | if (args[1]) | ||
| 264 | { | ||
| 214 | args++; | 265 | args++; |
| 215 | signerfile = *args; | 266 | signerfile = *args; |
| 216 | } else badarg = 1; | 267 | } |
| 217 | } else if (!strcmp (*args, "-recip")) { | 268 | else |
| 218 | if (args[1]) { | 269 | badarg = 1; |
| 270 | } | ||
| 271 | else if (!strcmp (*args, "-recip")) | ||
| 272 | { | ||
| 273 | if (args[1]) | ||
| 274 | { | ||
| 219 | args++; | 275 | args++; |
| 220 | recipfile = *args; | 276 | recipfile = *args; |
| 221 | } else badarg = 1; | 277 | } |
| 222 | } else if (!strcmp (*args, "-inkey")) { | 278 | else badarg = 1; |
| 223 | if (args[1]) { | 279 | } |
| 280 | else if (!strcmp (*args, "-inkey")) | ||
| 281 | { | ||
| 282 | if (args[1]) | ||
| 283 | { | ||
| 224 | args++; | 284 | args++; |
| 225 | keyfile = *args; | 285 | keyfile = *args; |
| 226 | } else badarg = 1; | 286 | } |
| 227 | } else if (!strcmp (*args, "-keyform")) { | 287 | else |
| 228 | if (args[1]) { | 288 | badarg = 1; |
| 289 | } | ||
| 290 | else if (!strcmp (*args, "-keyform")) | ||
| 291 | { | ||
| 292 | if (args[1]) | ||
| 293 | { | ||
| 229 | args++; | 294 | args++; |
| 230 | keyform = str2fmt(*args); | 295 | keyform = str2fmt(*args); |
| 231 | } else badarg = 1; | 296 | } |
| 232 | } else if (!strcmp (*args, "-certfile")) { | 297 | else |
| 233 | if (args[1]) { | 298 | badarg = 1; |
| 299 | } | ||
| 300 | else if (!strcmp (*args, "-certfile")) | ||
| 301 | { | ||
| 302 | if (args[1]) | ||
| 303 | { | ||
| 234 | args++; | 304 | args++; |
| 235 | certfile = *args; | 305 | certfile = *args; |
| 236 | } else badarg = 1; | 306 | } |
| 237 | } else if (!strcmp (*args, "-CAfile")) { | 307 | else |
| 238 | if (args[1]) { | 308 | badarg = 1; |
| 309 | } | ||
| 310 | else if (!strcmp (*args, "-CAfile")) | ||
| 311 | { | ||
| 312 | if (args[1]) | ||
| 313 | { | ||
| 239 | args++; | 314 | args++; |
| 240 | CAfile = *args; | 315 | CAfile = *args; |
| 241 | } else badarg = 1; | 316 | } |
| 242 | } else if (!strcmp (*args, "-CApath")) { | 317 | else |
| 243 | if (args[1]) { | 318 | badarg = 1; |
| 319 | } | ||
| 320 | else if (!strcmp (*args, "-CApath")) | ||
| 321 | { | ||
| 322 | if (args[1]) | ||
| 323 | { | ||
| 244 | args++; | 324 | args++; |
| 245 | CApath = *args; | 325 | CApath = *args; |
| 246 | } else badarg = 1; | 326 | } |
| 247 | } else if (!strcmp (*args, "-in")) { | 327 | else |
| 248 | if (args[1]) { | 328 | badarg = 1; |
| 329 | } | ||
| 330 | else if (!strcmp (*args, "-in")) | ||
| 331 | { | ||
| 332 | if (args[1]) | ||
| 333 | { | ||
| 249 | args++; | 334 | args++; |
| 250 | infile = *args; | 335 | infile = *args; |
| 251 | } else badarg = 1; | 336 | } |
| 252 | } else if (!strcmp (*args, "-inform")) { | 337 | else |
| 253 | if (args[1]) { | 338 | badarg = 1; |
| 339 | } | ||
| 340 | else if (!strcmp (*args, "-inform")) | ||
| 341 | { | ||
| 342 | if (args[1]) | ||
| 343 | { | ||
| 254 | args++; | 344 | args++; |
| 255 | informat = str2fmt(*args); | 345 | informat = str2fmt(*args); |
| 256 | } else badarg = 1; | 346 | } |
| 257 | } else if (!strcmp (*args, "-outform")) { | 347 | else |
| 258 | if (args[1]) { | 348 | badarg = 1; |
| 349 | } | ||
| 350 | else if (!strcmp (*args, "-outform")) | ||
| 351 | { | ||
| 352 | if (args[1]) | ||
| 353 | { | ||
| 259 | args++; | 354 | args++; |
| 260 | outformat = str2fmt(*args); | 355 | outformat = str2fmt(*args); |
| 261 | } else badarg = 1; | 356 | } |
| 262 | } else if (!strcmp (*args, "-out")) { | 357 | else |
| 263 | if (args[1]) { | 358 | badarg = 1; |
| 359 | } | ||
| 360 | else if (!strcmp (*args, "-out")) | ||
| 361 | { | ||
| 362 | if (args[1]) | ||
| 363 | { | ||
| 264 | args++; | 364 | args++; |
| 265 | outfile = *args; | 365 | outfile = *args; |
| 266 | } else badarg = 1; | 366 | } |
| 267 | } else if (!strcmp (*args, "-content")) { | 367 | else |
| 268 | if (args[1]) { | 368 | badarg = 1; |
| 369 | } | ||
| 370 | else if (!strcmp (*args, "-content")) | ||
| 371 | { | ||
| 372 | if (args[1]) | ||
| 373 | { | ||
| 269 | args++; | 374 | args++; |
| 270 | contfile = *args; | 375 | contfile = *args; |
| 271 | } else badarg = 1; | 376 | } |
| 272 | } else badarg = 1; | 377 | else |
| 378 | badarg = 1; | ||
| 379 | } | ||
| 380 | else if (args_verify(&args, NULL, &badarg, bio_err, &vpm)) | ||
| 381 | continue; | ||
| 382 | else | ||
| 383 | badarg = 1; | ||
| 273 | args++; | 384 | args++; |
| 274 | } | 385 | } |
| 275 | 386 | ||
| 276 | if(operation == SMIME_SIGN) { | 387 | |
| 277 | if(!signerfile) { | 388 | if (operation == SMIME_SIGN) |
| 389 | { | ||
| 390 | if (!signerfile) | ||
| 391 | { | ||
| 278 | BIO_printf(bio_err, "No signer certificate specified\n"); | 392 | BIO_printf(bio_err, "No signer certificate specified\n"); |
| 279 | badarg = 1; | 393 | badarg = 1; |
| 280 | } | 394 | } |
| 281 | need_rand = 1; | 395 | need_rand = 1; |
| 282 | } else if(operation == SMIME_DECRYPT) { | 396 | } |
| 283 | if(!recipfile) { | 397 | else if (operation == SMIME_DECRYPT) |
| 284 | BIO_printf(bio_err, "No recipient certificate and key specified\n"); | 398 | { |
| 399 | if (!recipfile && !keyfile) | ||
| 400 | { | ||
| 401 | BIO_printf(bio_err, "No recipient certificate or key specified\n"); | ||
| 285 | badarg = 1; | 402 | badarg = 1; |
| 403 | } | ||
| 286 | } | 404 | } |
| 287 | } else if(operation == SMIME_ENCRYPT) { | 405 | else if (operation == SMIME_ENCRYPT) |
| 288 | if(!*args) { | 406 | { |
| 407 | if (!*args) | ||
| 408 | { | ||
| 289 | BIO_printf(bio_err, "No recipient(s) certificate(s) specified\n"); | 409 | BIO_printf(bio_err, "No recipient(s) certificate(s) specified\n"); |
| 290 | badarg = 1; | 410 | badarg = 1; |
| 291 | } | 411 | } |
| 292 | need_rand = 1; | 412 | need_rand = 1; |
| 293 | } else if(!operation) badarg = 1; | 413 | } |
| 414 | else if (!operation) | ||
| 415 | badarg = 1; | ||
| 294 | 416 | ||
| 295 | if (badarg) { | 417 | if (badarg) |
| 418 | { | ||
| 296 | BIO_printf (bio_err, "Usage smime [options] cert.pem ...\n"); | 419 | BIO_printf (bio_err, "Usage smime [options] cert.pem ...\n"); |
| 297 | BIO_printf (bio_err, "where options are\n"); | 420 | BIO_printf (bio_err, "where options are\n"); |
| 298 | BIO_printf (bio_err, "-encrypt encrypt message\n"); | 421 | BIO_printf (bio_err, "-encrypt encrypt message\n"); |
| @@ -304,6 +427,9 @@ int MAIN(int argc, char **argv) | |||
| 304 | BIO_printf (bio_err, "-des3 encrypt with triple DES\n"); | 427 | BIO_printf (bio_err, "-des3 encrypt with triple DES\n"); |
| 305 | BIO_printf (bio_err, "-des encrypt with DES\n"); | 428 | BIO_printf (bio_err, "-des encrypt with DES\n"); |
| 306 | #endif | 429 | #endif |
| 430 | #ifndef OPENSSL_NO_SEED | ||
| 431 | BIO_printf (bio_err, "-seed encrypt with SEED\n"); | ||
| 432 | #endif | ||
| 307 | #ifndef OPENSSL_NO_RC2 | 433 | #ifndef OPENSSL_NO_RC2 |
| 308 | BIO_printf (bio_err, "-rc2-40 encrypt with RC2-40 (default)\n"); | 434 | BIO_printf (bio_err, "-rc2-40 encrypt with RC2-40 (default)\n"); |
| 309 | BIO_printf (bio_err, "-rc2-64 encrypt with RC2-64\n"); | 435 | BIO_printf (bio_err, "-rc2-64 encrypt with RC2-64\n"); |
| @@ -313,6 +439,10 @@ int MAIN(int argc, char **argv) | |||
| 313 | BIO_printf (bio_err, "-aes128, -aes192, -aes256\n"); | 439 | BIO_printf (bio_err, "-aes128, -aes192, -aes256\n"); |
| 314 | BIO_printf (bio_err, " encrypt PEM output with cbc aes\n"); | 440 | BIO_printf (bio_err, " encrypt PEM output with cbc aes\n"); |
| 315 | #endif | 441 | #endif |
| 442 | #ifndef OPENSSL_NO_CAMELLIA | ||
| 443 | BIO_printf (bio_err, "-camellia128, -camellia192, -camellia256\n"); | ||
| 444 | BIO_printf (bio_err, " encrypt PEM output with cbc camellia\n"); | ||
| 445 | #endif | ||
| 316 | BIO_printf (bio_err, "-nointern don't search certificates in message for signer\n"); | 446 | BIO_printf (bio_err, "-nointern don't search certificates in message for signer\n"); |
| 317 | BIO_printf (bio_err, "-nosigs don't verify message signature\n"); | 447 | BIO_printf (bio_err, "-nosigs don't verify message signature\n"); |
| 318 | BIO_printf (bio_err, "-noverify don't verify signers certificate\n"); | 448 | BIO_printf (bio_err, "-noverify don't verify signers certificate\n"); |
| @@ -347,121 +477,155 @@ int MAIN(int argc, char **argv) | |||
| 347 | BIO_printf(bio_err, " the random number generator\n"); | 477 | BIO_printf(bio_err, " the random number generator\n"); |
| 348 | BIO_printf (bio_err, "cert.pem recipient certificate(s) for encryption\n"); | 478 | BIO_printf (bio_err, "cert.pem recipient certificate(s) for encryption\n"); |
| 349 | goto end; | 479 | goto end; |
| 350 | } | 480 | } |
| 351 | 481 | ||
| 352 | #ifndef OPENSSL_NO_ENGINE | 482 | #ifndef OPENSSL_NO_ENGINE |
| 353 | e = setup_engine(bio_err, engine, 0); | 483 | e = setup_engine(bio_err, engine, 0); |
| 354 | #endif | 484 | #endif |
| 355 | 485 | ||
| 356 | if(!app_passwd(bio_err, passargin, NULL, &passin, NULL)) { | 486 | if (!app_passwd(bio_err, passargin, NULL, &passin, NULL)) |
| 487 | { | ||
| 357 | BIO_printf(bio_err, "Error getting password\n"); | 488 | BIO_printf(bio_err, "Error getting password\n"); |
| 358 | goto end; | 489 | goto end; |
| 359 | } | 490 | } |
| 360 | 491 | ||
| 361 | if (need_rand) { | 492 | if (need_rand) |
| 493 | { | ||
| 362 | app_RAND_load_file(NULL, bio_err, (inrand != NULL)); | 494 | app_RAND_load_file(NULL, bio_err, (inrand != NULL)); |
| 363 | if (inrand != NULL) | 495 | if (inrand != NULL) |
| 364 | BIO_printf(bio_err,"%ld semi-random bytes loaded\n", | 496 | BIO_printf(bio_err,"%ld semi-random bytes loaded\n", |
| 365 | app_RAND_load_files(inrand)); | 497 | app_RAND_load_files(inrand)); |
| 366 | } | 498 | } |
| 367 | 499 | ||
| 368 | ret = 2; | 500 | ret = 2; |
| 369 | 501 | ||
| 370 | if(operation != SMIME_SIGN) flags &= ~PKCS7_DETACHED; | 502 | if (operation != SMIME_SIGN) |
| 503 | flags &= ~PKCS7_DETACHED; | ||
| 371 | 504 | ||
| 372 | if(operation & SMIME_OP) { | 505 | if (operation & SMIME_OP) |
| 373 | if(flags & PKCS7_BINARY) inmode = "rb"; | 506 | { |
| 374 | if(outformat == FORMAT_ASN1) outmode = "wb"; | 507 | if (flags & PKCS7_BINARY) |
| 375 | } else { | 508 | inmode = "rb"; |
| 376 | if(flags & PKCS7_BINARY) outmode = "wb"; | 509 | if (outformat == FORMAT_ASN1) |
| 377 | if(informat == FORMAT_ASN1) inmode = "rb"; | 510 | outmode = "wb"; |
| 378 | } | 511 | } |
| 512 | else | ||
| 513 | { | ||
| 514 | if (flags & PKCS7_BINARY) | ||
| 515 | outmode = "wb"; | ||
| 516 | if (informat == FORMAT_ASN1) | ||
| 517 | inmode = "rb"; | ||
| 518 | } | ||
| 379 | 519 | ||
| 380 | if(operation == SMIME_ENCRYPT) { | 520 | if (operation == SMIME_ENCRYPT) |
| 381 | if (!cipher) { | 521 | { |
| 522 | if (!cipher) | ||
| 523 | { | ||
| 382 | #ifndef OPENSSL_NO_RC2 | 524 | #ifndef OPENSSL_NO_RC2 |
| 383 | cipher = EVP_rc2_40_cbc(); | 525 | cipher = EVP_rc2_40_cbc(); |
| 384 | #else | 526 | #else |
| 385 | BIO_printf(bio_err, "No cipher selected\n"); | 527 | BIO_printf(bio_err, "No cipher selected\n"); |
| 386 | goto end; | 528 | goto end; |
| 387 | #endif | 529 | #endif |
| 388 | } | 530 | } |
| 389 | encerts = sk_X509_new_null(); | 531 | encerts = sk_X509_new_null(); |
| 390 | while (*args) { | 532 | while (*args) |
| 391 | if(!(cert = load_cert(bio_err,*args,FORMAT_PEM, | 533 | { |
| 392 | NULL, e, "recipient certificate file"))) { | 534 | if (!(cert = load_cert(bio_err,*args,FORMAT_PEM, |
| 535 | NULL, e, "recipient certificate file"))) | ||
| 536 | { | ||
| 393 | #if 0 /* An appropriate message is already printed */ | 537 | #if 0 /* An appropriate message is already printed */ |
| 394 | BIO_printf(bio_err, "Can't read recipient certificate file %s\n", *args); | 538 | BIO_printf(bio_err, "Can't read recipient certificate file %s\n", *args); |
| 395 | #endif | 539 | #endif |
| 396 | goto end; | 540 | goto end; |
| 397 | } | 541 | } |
| 398 | sk_X509_push(encerts, cert); | 542 | sk_X509_push(encerts, cert); |
| 399 | cert = NULL; | 543 | cert = NULL; |
| 400 | args++; | 544 | args++; |
| 545 | } | ||
| 401 | } | 546 | } |
| 402 | } | ||
| 403 | 547 | ||
| 404 | if(signerfile && (operation == SMIME_SIGN)) { | 548 | if (signerfile && (operation == SMIME_SIGN)) |
| 405 | if(!(signer = load_cert(bio_err,signerfile,FORMAT_PEM, NULL, | 549 | { |
| 406 | e, "signer certificate"))) { | 550 | if (!(signer = load_cert(bio_err,signerfile,FORMAT_PEM, NULL, |
| 551 | e, "signer certificate"))) | ||
| 552 | { | ||
| 407 | #if 0 /* An appropri message has already been printed */ | 553 | #if 0 /* An appropri message has already been printed */ |
| 408 | BIO_printf(bio_err, "Can't read signer certificate file %s\n", signerfile); | 554 | BIO_printf(bio_err, "Can't read signer certificate file %s\n", signerfile); |
| 409 | #endif | 555 | #endif |
| 410 | goto end; | 556 | goto end; |
| 557 | } | ||
| 411 | } | 558 | } |
| 412 | } | ||
| 413 | 559 | ||
| 414 | if(certfile) { | 560 | if (certfile) |
| 415 | if(!(other = load_certs(bio_err,certfile,FORMAT_PEM, NULL, | 561 | { |
| 416 | e, "certificate file"))) { | 562 | if (!(other = load_certs(bio_err,certfile,FORMAT_PEM, NULL, |
| 563 | e, "certificate file"))) | ||
| 564 | { | ||
| 417 | #if 0 /* An appropriate message has already been printed */ | 565 | #if 0 /* An appropriate message has already been printed */ |
| 418 | BIO_printf(bio_err, "Can't read certificate file %s\n", certfile); | 566 | BIO_printf(bio_err, "Can't read certificate file %s\n", certfile); |
| 419 | #endif | 567 | #endif |
| 420 | ERR_print_errors(bio_err); | 568 | ERR_print_errors(bio_err); |
| 421 | goto end; | 569 | goto end; |
| 570 | } | ||
| 422 | } | 571 | } |
| 423 | } | ||
| 424 | 572 | ||
| 425 | if(recipfile && (operation == SMIME_DECRYPT)) { | 573 | if (recipfile && (operation == SMIME_DECRYPT)) |
| 426 | if(!(recip = load_cert(bio_err,recipfile,FORMAT_PEM,NULL, | 574 | { |
| 427 | e, "recipient certificate file"))) { | 575 | if (!(recip = load_cert(bio_err,recipfile,FORMAT_PEM,NULL, |
| 576 | e, "recipient certificate file"))) | ||
| 577 | { | ||
| 428 | #if 0 /* An appropriate message has alrady been printed */ | 578 | #if 0 /* An appropriate message has alrady been printed */ |
| 429 | BIO_printf(bio_err, "Can't read recipient certificate file %s\n", recipfile); | 579 | BIO_printf(bio_err, "Can't read recipient certificate file %s\n", recipfile); |
| 430 | #endif | 580 | #endif |
| 431 | ERR_print_errors(bio_err); | 581 | ERR_print_errors(bio_err); |
| 432 | goto end; | 582 | goto end; |
| 583 | } | ||
| 433 | } | 584 | } |
| 434 | } | ||
| 435 | 585 | ||
| 436 | if(operation == SMIME_DECRYPT) { | 586 | if (operation == SMIME_DECRYPT) |
| 437 | if(!keyfile) keyfile = recipfile; | 587 | { |
| 438 | } else if(operation == SMIME_SIGN) { | 588 | if (!keyfile) |
| 439 | if(!keyfile) keyfile = signerfile; | 589 | keyfile = recipfile; |
| 440 | } else keyfile = NULL; | 590 | } |
| 591 | else if (operation == SMIME_SIGN) | ||
| 592 | { | ||
| 593 | if (!keyfile) | ||
| 594 | keyfile = signerfile; | ||
| 595 | } | ||
| 596 | else keyfile = NULL; | ||
| 441 | 597 | ||
| 442 | if(keyfile) { | 598 | if (keyfile) |
| 599 | { | ||
| 443 | key = load_key(bio_err, keyfile, keyform, 0, passin, e, | 600 | key = load_key(bio_err, keyfile, keyform, 0, passin, e, |
| 444 | "signing key file"); | 601 | "signing key file"); |
| 445 | if (!key) { | 602 | if (!key) |
| 446 | goto end; | 603 | goto end; |
| 447 | } | 604 | } |
| 448 | } | ||
| 449 | 605 | ||
| 450 | if (infile) { | 606 | if (infile) |
| 451 | if (!(in = BIO_new_file(infile, inmode))) { | 607 | { |
| 608 | if (!(in = BIO_new_file(infile, inmode))) | ||
| 609 | { | ||
| 452 | BIO_printf (bio_err, | 610 | BIO_printf (bio_err, |
| 453 | "Can't open input file %s\n", infile); | 611 | "Can't open input file %s\n", infile); |
| 454 | goto end; | 612 | goto end; |
| 613 | } | ||
| 455 | } | 614 | } |
| 456 | } else in = BIO_new_fp(stdin, BIO_NOCLOSE); | 615 | else |
| 616 | in = BIO_new_fp(stdin, BIO_NOCLOSE); | ||
| 457 | 617 | ||
| 458 | if (outfile) { | 618 | if (outfile) |
| 459 | if (!(out = BIO_new_file(outfile, outmode))) { | 619 | { |
| 620 | if (!(out = BIO_new_file(outfile, outmode))) | ||
| 621 | { | ||
| 460 | BIO_printf (bio_err, | 622 | BIO_printf (bio_err, |
| 461 | "Can't open output file %s\n", outfile); | 623 | "Can't open output file %s\n", outfile); |
| 462 | goto end; | 624 | goto end; |
| 625 | } | ||
| 463 | } | 626 | } |
| 464 | } else { | 627 | else |
| 628 | { | ||
| 465 | out = BIO_new_fp(stdout, BIO_NOCLOSE); | 629 | out = BIO_new_fp(stdout, BIO_NOCLOSE); |
| 466 | #ifdef OPENSSL_SYS_VMS | 630 | #ifdef OPENSSL_SYS_VMS |
| 467 | { | 631 | { |
| @@ -469,100 +633,127 @@ int MAIN(int argc, char **argv) | |||
| 469 | out = BIO_push(tmpbio, out); | 633 | out = BIO_push(tmpbio, out); |
| 470 | } | 634 | } |
| 471 | #endif | 635 | #endif |
| 472 | } | 636 | } |
| 473 | 637 | ||
| 474 | if(operation == SMIME_VERIFY) { | 638 | if (operation == SMIME_VERIFY) |
| 475 | if(!(store = setup_verify(bio_err, CAfile, CApath))) goto end; | 639 | { |
| 476 | X509_STORE_set_flags(store, store_flags); | 640 | if (!(store = setup_verify(bio_err, CAfile, CApath))) |
| 477 | } | 641 | goto end; |
| 642 | X509_STORE_set_verify_cb_func(store, smime_cb); | ||
| 643 | if (vpm) | ||
| 644 | X509_STORE_set1_param(store, vpm); | ||
| 645 | } | ||
| 478 | 646 | ||
| 479 | 647 | ||
| 480 | ret = 3; | 648 | ret = 3; |
| 481 | 649 | ||
| 482 | if(operation == SMIME_ENCRYPT) { | 650 | if (operation == SMIME_ENCRYPT) |
| 483 | p7 = PKCS7_encrypt(encerts, in, cipher, flags); | 651 | p7 = PKCS7_encrypt(encerts, in, cipher, flags); |
| 484 | } else if(operation == SMIME_SIGN) { | 652 | else if (operation == SMIME_SIGN) |
| 653 | { | ||
| 654 | /* If detached data and SMIME output enable partial | ||
| 655 | * signing. | ||
| 656 | */ | ||
| 657 | if ((flags & PKCS7_DETACHED) && (outformat == FORMAT_SMIME)) | ||
| 658 | flags |= PKCS7_STREAM; | ||
| 485 | p7 = PKCS7_sign(signer, key, other, in, flags); | 659 | p7 = PKCS7_sign(signer, key, other, in, flags); |
| 486 | if (BIO_reset(in) != 0 && (flags & PKCS7_DETACHED)) { | ||
| 487 | BIO_printf(bio_err, "Can't rewind input file\n"); | ||
| 488 | goto end; | ||
| 489 | } | 660 | } |
| 490 | } else { | 661 | else |
| 491 | if(informat == FORMAT_SMIME) | 662 | { |
| 663 | if (informat == FORMAT_SMIME) | ||
| 492 | p7 = SMIME_read_PKCS7(in, &indata); | 664 | p7 = SMIME_read_PKCS7(in, &indata); |
| 493 | else if(informat == FORMAT_PEM) | 665 | else if (informat == FORMAT_PEM) |
| 494 | p7 = PEM_read_bio_PKCS7(in, NULL, NULL, NULL); | 666 | p7 = PEM_read_bio_PKCS7(in, NULL, NULL, NULL); |
| 495 | else if(informat == FORMAT_ASN1) | 667 | else if (informat == FORMAT_ASN1) |
| 496 | p7 = d2i_PKCS7_bio(in, NULL); | 668 | p7 = d2i_PKCS7_bio(in, NULL); |
| 497 | else { | 669 | else |
| 670 | { | ||
| 498 | BIO_printf(bio_err, "Bad input format for PKCS#7 file\n"); | 671 | BIO_printf(bio_err, "Bad input format for PKCS#7 file\n"); |
| 499 | goto end; | 672 | goto end; |
| 500 | } | 673 | } |
| 501 | 674 | ||
| 502 | if(!p7) { | 675 | if (!p7) |
| 676 | { | ||
| 503 | BIO_printf(bio_err, "Error reading S/MIME message\n"); | 677 | BIO_printf(bio_err, "Error reading S/MIME message\n"); |
| 504 | goto end; | 678 | goto end; |
| 505 | } | 679 | } |
| 506 | if(contfile) { | 680 | if (contfile) |
| 681 | { | ||
| 507 | BIO_free(indata); | 682 | BIO_free(indata); |
| 508 | if(!(indata = BIO_new_file(contfile, "rb"))) { | 683 | if (!(indata = BIO_new_file(contfile, "rb"))) |
| 684 | { | ||
| 509 | BIO_printf(bio_err, "Can't read content file %s\n", contfile); | 685 | BIO_printf(bio_err, "Can't read content file %s\n", contfile); |
| 510 | goto end; | 686 | goto end; |
| 687 | } | ||
| 511 | } | 688 | } |
| 512 | } | 689 | } |
| 513 | } | ||
| 514 | 690 | ||
| 515 | if(!p7) { | 691 | if (!p7) |
| 692 | { | ||
| 516 | BIO_printf(bio_err, "Error creating PKCS#7 structure\n"); | 693 | BIO_printf(bio_err, "Error creating PKCS#7 structure\n"); |
| 517 | goto end; | 694 | goto end; |
| 518 | } | 695 | } |
| 519 | 696 | ||
| 520 | ret = 4; | 697 | ret = 4; |
| 521 | if(operation == SMIME_DECRYPT) { | 698 | if (operation == SMIME_DECRYPT) |
| 522 | if(!PKCS7_decrypt(p7, key, recip, out, flags)) { | 699 | { |
| 700 | if (!PKCS7_decrypt(p7, key, recip, out, flags)) | ||
| 701 | { | ||
| 523 | BIO_printf(bio_err, "Error decrypting PKCS#7 structure\n"); | 702 | BIO_printf(bio_err, "Error decrypting PKCS#7 structure\n"); |
| 524 | goto end; | 703 | goto end; |
| 704 | } | ||
| 525 | } | 705 | } |
| 526 | } else if(operation == SMIME_VERIFY) { | 706 | else if (operation == SMIME_VERIFY) |
| 707 | { | ||
| 527 | STACK_OF(X509) *signers; | 708 | STACK_OF(X509) *signers; |
| 528 | if(PKCS7_verify(p7, other, store, indata, out, flags)) { | 709 | if (PKCS7_verify(p7, other, store, indata, out, flags)) |
| 529 | BIO_printf(bio_err, "Verification successful\n"); | 710 | BIO_printf(bio_err, "Verification successful\n"); |
| 530 | } else { | 711 | else |
| 712 | { | ||
| 531 | BIO_printf(bio_err, "Verification failure\n"); | 713 | BIO_printf(bio_err, "Verification failure\n"); |
| 532 | goto end; | 714 | goto end; |
| 533 | } | 715 | } |
| 534 | signers = PKCS7_get0_signers(p7, other, flags); | 716 | signers = PKCS7_get0_signers(p7, other, flags); |
| 535 | if(!save_certs(signerfile, signers)) { | 717 | if (!save_certs(signerfile, signers)) |
| 718 | { | ||
| 536 | BIO_printf(bio_err, "Error writing signers to %s\n", | 719 | BIO_printf(bio_err, "Error writing signers to %s\n", |
| 537 | signerfile); | 720 | signerfile); |
| 538 | ret = 5; | 721 | ret = 5; |
| 539 | goto end; | 722 | goto end; |
| 540 | } | 723 | } |
| 541 | sk_X509_free(signers); | 724 | sk_X509_free(signers); |
| 542 | } else if(operation == SMIME_PK7OUT) { | 725 | } |
| 726 | else if (operation == SMIME_PK7OUT) | ||
| 543 | PEM_write_bio_PKCS7(out, p7); | 727 | PEM_write_bio_PKCS7(out, p7); |
| 544 | } else { | 728 | else |
| 545 | if(to) BIO_printf(out, "To: %s\n", to); | 729 | { |
| 546 | if(from) BIO_printf(out, "From: %s\n", from); | 730 | if (to) |
| 547 | if(subject) BIO_printf(out, "Subject: %s\n", subject); | 731 | BIO_printf(out, "To: %s\n", to); |
| 548 | if(outformat == FORMAT_SMIME) | 732 | if (from) |
| 733 | BIO_printf(out, "From: %s\n", from); | ||
| 734 | if (subject) | ||
| 735 | BIO_printf(out, "Subject: %s\n", subject); | ||
| 736 | if (outformat == FORMAT_SMIME) | ||
| 549 | SMIME_write_PKCS7(out, p7, in, flags); | 737 | SMIME_write_PKCS7(out, p7, in, flags); |
| 550 | else if(outformat == FORMAT_PEM) | 738 | else if (outformat == FORMAT_PEM) |
| 551 | PEM_write_bio_PKCS7(out,p7); | 739 | PEM_write_bio_PKCS7(out,p7); |
| 552 | else if(outformat == FORMAT_ASN1) | 740 | else if (outformat == FORMAT_ASN1) |
| 553 | i2d_PKCS7_bio(out,p7); | 741 | i2d_PKCS7_bio(out,p7); |
| 554 | else { | 742 | else |
| 743 | { | ||
| 555 | BIO_printf(bio_err, "Bad output format for PKCS#7 file\n"); | 744 | BIO_printf(bio_err, "Bad output format for PKCS#7 file\n"); |
| 556 | goto end; | 745 | goto end; |
| 746 | } | ||
| 557 | } | 747 | } |
| 558 | } | ||
| 559 | ret = 0; | 748 | ret = 0; |
| 560 | end: | 749 | end: |
| 561 | if (need_rand) | 750 | if (need_rand) |
| 562 | app_RAND_write_file(NULL, bio_err); | 751 | app_RAND_write_file(NULL, bio_err); |
| 563 | if(ret) ERR_print_errors(bio_err); | 752 | if (ret) ERR_print_errors(bio_err); |
| 564 | sk_X509_pop_free(encerts, X509_free); | 753 | sk_X509_pop_free(encerts, X509_free); |
| 565 | sk_X509_pop_free(other, X509_free); | 754 | sk_X509_pop_free(other, X509_free); |
| 755 | if (vpm) | ||
| 756 | X509_VERIFY_PARAM_free(vpm); | ||
| 566 | X509_STORE_free(store); | 757 | X509_STORE_free(store); |
| 567 | X509_free(cert); | 758 | X509_free(cert); |
| 568 | X509_free(recip); | 759 | X509_free(recip); |
| @@ -572,20 +763,39 @@ end: | |||
| 572 | BIO_free(in); | 763 | BIO_free(in); |
| 573 | BIO_free(indata); | 764 | BIO_free(indata); |
| 574 | BIO_free_all(out); | 765 | BIO_free_all(out); |
| 575 | if(passin) OPENSSL_free(passin); | 766 | if (passin) OPENSSL_free(passin); |
| 576 | return (ret); | 767 | return (ret); |
| 577 | } | 768 | } |
| 578 | 769 | ||
| 579 | static int save_certs(char *signerfile, STACK_OF(X509) *signers) | 770 | static int save_certs(char *signerfile, STACK_OF(X509) *signers) |
| 580 | { | 771 | { |
| 581 | int i; | 772 | int i; |
| 582 | BIO *tmp; | 773 | BIO *tmp; |
| 583 | if(!signerfile) return 1; | 774 | if (!signerfile) |
| 775 | return 1; | ||
| 584 | tmp = BIO_new_file(signerfile, "w"); | 776 | tmp = BIO_new_file(signerfile, "w"); |
| 585 | if(!tmp) return 0; | 777 | if (!tmp) return 0; |
| 586 | for(i = 0; i < sk_X509_num(signers); i++) | 778 | for(i = 0; i < sk_X509_num(signers); i++) |
| 587 | PEM_write_bio_X509(tmp, sk_X509_value(signers, i)); | 779 | PEM_write_bio_X509(tmp, sk_X509_value(signers, i)); |
| 588 | BIO_free(tmp); | 780 | BIO_free(tmp); |
| 589 | return 1; | 781 | return 1; |
| 590 | } | 782 | } |
| 591 | 783 | ||
| 784 | |||
| 785 | /* Minimal callback just to output policy info (if any) */ | ||
| 786 | |||
| 787 | static int smime_cb(int ok, X509_STORE_CTX *ctx) | ||
| 788 | { | ||
| 789 | int error; | ||
| 790 | |||
| 791 | error = X509_STORE_CTX_get_error(ctx); | ||
| 792 | |||
| 793 | if ((error != X509_V_ERR_NO_EXPLICIT_POLICY) | ||
| 794 | && ((error != X509_V_OK) || (ok != 2))) | ||
| 795 | return ok; | ||
| 796 | |||
| 797 | policies_print(NULL, ctx); | ||
| 798 | |||
| 799 | return ok; | ||
| 800 | |||
| 801 | } | ||
diff --git a/src/lib/libssl/src/apps/speed.c b/src/lib/libssl/src/apps/speed.c index 2fc327c375..8a1974f5fe 100644 --- a/src/lib/libssl/src/apps/speed.c +++ b/src/lib/libssl/src/apps/speed.c | |||
| @@ -55,6 +55,19 @@ | |||
| 55 | * copied and put under another distribution licence | 55 | * copied and put under another distribution licence |
| 56 | * [including the GNU Public Licence.] | 56 | * [including the GNU Public Licence.] |
| 57 | */ | 57 | */ |
| 58 | /* ==================================================================== | ||
| 59 | * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. | ||
| 60 | * | ||
| 61 | * Portions of the attached software ("Contribution") are developed by | ||
| 62 | * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project. | ||
| 63 | * | ||
| 64 | * The Contribution is licensed pursuant to the OpenSSL open source | ||
| 65 | * license provided above. | ||
| 66 | * | ||
| 67 | * The ECDH and ECDSA speed test software is originally written by | ||
| 68 | * Sumit Gupta of Sun Microsystems Laboratories. | ||
| 69 | * | ||
| 70 | */ | ||
| 58 | 71 | ||
| 59 | /* most of this code has been pilfered from my libdes speed.c program */ | 72 | /* most of this code has been pilfered from my libdes speed.c program */ |
| 60 | 73 | ||
| @@ -64,6 +77,8 @@ | |||
| 64 | #define SECONDS 3 | 77 | #define SECONDS 3 |
| 65 | #define RSA_SECONDS 10 | 78 | #define RSA_SECONDS 10 |
| 66 | #define DSA_SECONDS 10 | 79 | #define DSA_SECONDS 10 |
| 80 | #define ECDSA_SECONDS 10 | ||
| 81 | #define ECDH_SECONDS 10 | ||
| 67 | 82 | ||
| 68 | /* 11-Sep-92 Andrew Daviel Support for Silicon Graphics IRIX added */ | 83 | /* 11-Sep-92 Andrew Daviel Support for Silicon Graphics IRIX added */ |
| 69 | /* 06-Apr-92 Luke Brennan Support for VMS and add extra signal calls */ | 84 | /* 06-Apr-92 Luke Brennan Support for VMS and add extra signal calls */ |
| @@ -73,7 +88,7 @@ | |||
| 73 | 88 | ||
| 74 | #include <stdio.h> | 89 | #include <stdio.h> |
| 75 | #include <stdlib.h> | 90 | #include <stdlib.h> |
| 76 | #include <signal.h> | 91 | |
| 77 | #include <string.h> | 92 | #include <string.h> |
| 78 | #include <math.h> | 93 | #include <math.h> |
| 79 | #include "apps.h" | 94 | #include "apps.h" |
| @@ -89,6 +104,10 @@ | |||
| 89 | #include OPENSSL_UNISTD | 104 | #include OPENSSL_UNISTD |
| 90 | #endif | 105 | #endif |
| 91 | 106 | ||
| 107 | #ifndef OPENSSL_SYS_NETWARE | ||
| 108 | #include <signal.h> | ||
| 109 | #endif | ||
| 110 | |||
| 92 | #if defined(__FreeBSD__) || defined(__NetBSD__) || defined(__OpenBSD__) || defined(OPENSSL_SYS_MACOSX) | 111 | #if defined(__FreeBSD__) || defined(__NetBSD__) || defined(__OpenBSD__) || defined(OPENSSL_SYS_MACOSX) |
| 93 | # define USE_TOD | 112 | # define USE_TOD |
| 94 | #elif !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_VXWORKS) && (!defined(OPENSSL_SYS_VMS) || defined(__DECC)) | 113 | #elif !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_VXWORKS) && (!defined(OPENSSL_SYS_VMS) || defined(__DECC)) |
| @@ -98,6 +117,12 @@ | |||
| 98 | # define TIMEB | 117 | # define TIMEB |
| 99 | #endif | 118 | #endif |
| 100 | 119 | ||
| 120 | #if defined(OPENSSL_SYS_NETWARE) | ||
| 121 | #undef TIMES | ||
| 122 | #undef TIMEB | ||
| 123 | #include <time.h> | ||
| 124 | #endif | ||
| 125 | |||
| 101 | #ifndef _IRIX | 126 | #ifndef _IRIX |
| 102 | # include <time.h> | 127 | # include <time.h> |
| 103 | #endif | 128 | #endif |
| @@ -122,7 +147,7 @@ | |||
| 122 | #include <sys/timeb.h> | 147 | #include <sys/timeb.h> |
| 123 | #endif | 148 | #endif |
| 124 | 149 | ||
| 125 | #if !defined(TIMES) && !defined(TIMEB) && !defined(USE_TOD) && !defined(OPENSSL_SYS_VXWORKS) | 150 | #if !defined(TIMES) && !defined(TIMEB) && !defined(USE_TOD) && !defined(OPENSSL_SYS_VXWORKS) && !defined(OPENSSL_SYS_NETWARE) |
| 126 | #error "It seems neither struct tms nor struct timeb is supported in this platform!" | 151 | #error "It seems neither struct tms nor struct timeb is supported in this platform!" |
| 127 | #endif | 152 | #endif |
| 128 | 153 | ||
| @@ -132,12 +157,16 @@ | |||
| 132 | #include <sys/param.h> | 157 | #include <sys/param.h> |
| 133 | #endif | 158 | #endif |
| 134 | 159 | ||
| 160 | #include <openssl/bn.h> | ||
| 135 | #ifndef OPENSSL_NO_DES | 161 | #ifndef OPENSSL_NO_DES |
| 136 | #include <openssl/des.h> | 162 | #include <openssl/des.h> |
| 137 | #endif | 163 | #endif |
| 138 | #ifndef OPENSSL_NO_AES | 164 | #ifndef OPENSSL_NO_AES |
| 139 | #include <openssl/aes.h> | 165 | #include <openssl/aes.h> |
| 140 | #endif | 166 | #endif |
| 167 | #ifndef OPENSSL_NO_CAMELLIA | ||
| 168 | #include <openssl/camellia.h> | ||
| 169 | #endif | ||
| 141 | #ifndef OPENSSL_NO_MD2 | 170 | #ifndef OPENSSL_NO_MD2 |
| 142 | #include <openssl/md2.h> | 171 | #include <openssl/md2.h> |
| 143 | #endif | 172 | #endif |
| @@ -172,6 +201,9 @@ | |||
| 172 | #ifndef OPENSSL_NO_IDEA | 201 | #ifndef OPENSSL_NO_IDEA |
| 173 | #include <openssl/idea.h> | 202 | #include <openssl/idea.h> |
| 174 | #endif | 203 | #endif |
| 204 | #ifndef OPENSSL_NO_SEED | ||
| 205 | #include <openssl/seed.h> | ||
| 206 | #endif | ||
| 175 | #ifndef OPENSSL_NO_BF | 207 | #ifndef OPENSSL_NO_BF |
| 176 | #include <openssl/blowfish.h> | 208 | #include <openssl/blowfish.h> |
| 177 | #endif | 209 | #endif |
| @@ -184,14 +216,31 @@ | |||
| 184 | #endif | 216 | #endif |
| 185 | #include <openssl/x509.h> | 217 | #include <openssl/x509.h> |
| 186 | #ifndef OPENSSL_NO_DSA | 218 | #ifndef OPENSSL_NO_DSA |
| 219 | #include <openssl/dsa.h> | ||
| 187 | #include "./testdsa.h" | 220 | #include "./testdsa.h" |
| 188 | #endif | 221 | #endif |
| 222 | #ifndef OPENSSL_NO_ECDSA | ||
| 223 | #include <openssl/ecdsa.h> | ||
| 224 | #endif | ||
| 225 | #ifndef OPENSSL_NO_ECDH | ||
| 226 | #include <openssl/ecdh.h> | ||
| 227 | #endif | ||
| 228 | |||
| 229 | /* | ||
| 230 | * The following "HZ" timing stuff should be sync'd up with the code in | ||
| 231 | * crypto/tmdiff.[ch]. That appears to try to do the same job, though I think | ||
| 232 | * this code is more up to date than libcrypto's so there may be features to | ||
| 233 | * migrate over first. This is used in two places further down AFAICS. | ||
| 234 | * The point is that nothing in openssl actually *uses* that tmdiff stuff, so | ||
| 235 | * either speed.c should be using it or it should go because it's obviously not | ||
| 236 | * useful enough. Anyone want to do a janitorial job on this? | ||
| 237 | */ | ||
| 189 | 238 | ||
| 190 | /* The following if from times(3) man page. It may need to be changed */ | 239 | /* The following if from times(3) man page. It may need to be changed */ |
| 191 | #ifndef HZ | 240 | #ifndef HZ |
| 192 | # if defined(_SC_CLK_TCK) \ | 241 | # if defined(_SC_CLK_TCK) \ |
| 193 | && (!defined(OPENSSL_SYS_VMS) || __CTRL_VER >= 70000000) | 242 | && (!defined(OPENSSL_SYS_VMS) || __CTRL_VER >= 70000000) |
| 194 | # define HZ ((double)sysconf(_SC_CLK_TCK)) | 243 | # define HZ sysconf(_SC_CLK_TCK) |
| 195 | # else | 244 | # else |
| 196 | # ifndef CLK_TCK | 245 | # ifndef CLK_TCK |
| 197 | # ifndef _BSD_CLK_TCK_ /* FreeBSD hack */ | 246 | # ifndef _BSD_CLK_TCK_ /* FreeBSD hack */ |
| @@ -205,7 +254,7 @@ | |||
| 205 | # endif | 254 | # endif |
| 206 | #endif | 255 | #endif |
| 207 | 256 | ||
| 208 | #if !defined(OPENSSL_SYS_VMS) && !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_MACINTOSH_CLASSIC) && !defined(OPENSSL_SYS_OS2) | 257 | #if !defined(OPENSSL_SYS_VMS) && !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_MACINTOSH_CLASSIC) && !defined(OPENSSL_SYS_OS2) && !defined(OPENSSL_SYS_NETWARE) |
| 209 | # define HAVE_FORK 1 | 258 | # define HAVE_FORK 1 |
| 210 | #endif | 259 | #endif |
| 211 | 260 | ||
| @@ -219,25 +268,44 @@ static int usertime=1; | |||
| 219 | 268 | ||
| 220 | static double Time_F(int s); | 269 | static double Time_F(int s); |
| 221 | static void print_message(const char *s,long num,int length); | 270 | static void print_message(const char *s,long num,int length); |
| 222 | static void pkey_print_message(char *str,char *str2,long num,int bits,int sec); | 271 | static void pkey_print_message(const char *str, const char *str2, |
| 272 | long num, int bits, int sec); | ||
| 223 | static void print_result(int alg,int run_no,int count,double time_used); | 273 | static void print_result(int alg,int run_no,int count,double time_used); |
| 224 | #ifdef HAVE_FORK | 274 | #ifdef HAVE_FORK |
| 225 | static int do_multi(int multi); | 275 | static int do_multi(int multi); |
| 226 | #endif | 276 | #endif |
| 227 | 277 | ||
| 228 | #define ALGOR_NUM 19 | 278 | #define ALGOR_NUM 28 |
| 229 | #define SIZE_NUM 5 | 279 | #define SIZE_NUM 5 |
| 230 | #define RSA_NUM 4 | 280 | #define RSA_NUM 4 |
| 231 | #define DSA_NUM 3 | 281 | #define DSA_NUM 3 |
| 282 | |||
| 283 | #define EC_NUM 16 | ||
| 284 | #define MAX_ECDH_SIZE 256 | ||
| 285 | |||
| 232 | static const char *names[ALGOR_NUM]={ | 286 | static const char *names[ALGOR_NUM]={ |
| 233 | "md2","mdc2","md4","md5","hmac(md5)","sha1","rmd160","rc4", | 287 | "md2","mdc2","md4","md5","hmac(md5)","sha1","rmd160","rc4", |
| 234 | "des cbc","des ede3","idea cbc", | 288 | "des cbc","des ede3","idea cbc","seed cbc", |
| 235 | "rc2 cbc","rc5-32/12 cbc","blowfish cbc","cast cbc", | 289 | "rc2 cbc","rc5-32/12 cbc","blowfish cbc","cast cbc", |
| 236 | "aes-128 cbc","aes-192 cbc","aes-256 cbc"}; | 290 | "aes-128 cbc","aes-192 cbc","aes-256 cbc", |
| 291 | "camellia-128 cbc","camellia-192 cbc","camellia-256 cbc", | ||
| 292 | "evp","sha256","sha512", | ||
| 293 | "aes-128 ige","aes-192 ige","aes-256 ige"}; | ||
| 237 | static double results[ALGOR_NUM][SIZE_NUM]; | 294 | static double results[ALGOR_NUM][SIZE_NUM]; |
| 238 | static int lengths[SIZE_NUM]={16,64,256,1024,8*1024}; | 295 | static int lengths[SIZE_NUM]={16,64,256,1024,8*1024}; |
| 239 | static double rsa_results[RSA_NUM][2]; | 296 | static double rsa_results[RSA_NUM][2]; |
| 240 | static double dsa_results[DSA_NUM][2]; | 297 | static double dsa_results[DSA_NUM][2]; |
| 298 | #ifndef OPENSSL_NO_ECDSA | ||
| 299 | static double ecdsa_results[EC_NUM][2]; | ||
| 300 | #endif | ||
| 301 | #ifndef OPENSSL_NO_ECDH | ||
| 302 | static double ecdh_results[EC_NUM][1]; | ||
| 303 | #endif | ||
| 304 | |||
| 305 | #if defined(OPENSSL_NO_DSA) && !(defined(OPENSSL_NO_ECDSA) && defined(OPENSSL_NO_ECDH)) | ||
| 306 | static const char rnd_seed[] = "string to make the random number generator think it has entropy"; | ||
| 307 | static int rnd_fake = 0; | ||
| 308 | #endif | ||
| 241 | 309 | ||
| 242 | #ifdef SIGALRM | 310 | #ifdef SIGALRM |
| 243 | #if defined(__STDC__) || defined(sgi) || defined(_AIX) | 311 | #if defined(__STDC__) || defined(sgi) || defined(_AIX) |
| @@ -260,13 +328,39 @@ static SIGRETTYPE sig_done(int sig) | |||
| 260 | #define START 0 | 328 | #define START 0 |
| 261 | #define STOP 1 | 329 | #define STOP 1 |
| 262 | 330 | ||
| 331 | #if defined(OPENSSL_SYS_NETWARE) | ||
| 332 | |||
| 333 | /* for NetWare the best we can do is use clock() which returns the | ||
| 334 | * time, in hundredths of a second, since the NLM began executing | ||
| 335 | */ | ||
| 336 | static double Time_F(int s) | ||
| 337 | { | ||
| 338 | double ret; | ||
| 339 | |||
| 340 | static clock_t tstart,tend; | ||
| 341 | |||
| 342 | if (s == START) | ||
| 343 | { | ||
| 344 | tstart=clock(); | ||
| 345 | return(0); | ||
| 346 | } | ||
| 347 | else | ||
| 348 | { | ||
| 349 | tend=clock(); | ||
| 350 | ret=(double)((double)(tend)-(double)(tstart)); | ||
| 351 | return((ret < 0.001)?0.001:ret); | ||
| 352 | } | ||
| 353 | } | ||
| 354 | |||
| 355 | #else | ||
| 356 | |||
| 263 | static double Time_F(int s) | 357 | static double Time_F(int s) |
| 264 | { | 358 | { |
| 265 | double ret; | 359 | double ret; |
| 266 | 360 | ||
| 267 | #ifdef USE_TOD | 361 | #ifdef USE_TOD |
| 268 | if(usertime) | 362 | if(usertime) |
| 269 | { | 363 | { |
| 270 | static struct rusage tstart,tend; | 364 | static struct rusage tstart,tend; |
| 271 | 365 | ||
| 272 | getrusage_used = 1; | 366 | getrusage_used = 1; |
| @@ -321,7 +415,8 @@ static double Time_F(int s) | |||
| 321 | else | 415 | else |
| 322 | { | 416 | { |
| 323 | times(&tend); | 417 | times(&tend); |
| 324 | ret=((double)(tend.tms_utime-tstart.tms_utime))/HZ; | 418 | ret = HZ; |
| 419 | ret=(double)(tend.tms_utime-tstart.tms_utime) / ret; | ||
| 325 | return((ret < 1e-3)?1e-3:ret); | 420 | return((ret < 1e-3)?1e-3:ret); |
| 326 | } | 421 | } |
| 327 | } | 422 | } |
| @@ -367,6 +462,25 @@ static double Time_F(int s) | |||
| 367 | # endif | 462 | # endif |
| 368 | #endif | 463 | #endif |
| 369 | } | 464 | } |
| 465 | #endif /* if defined(OPENSSL_SYS_NETWARE) */ | ||
| 466 | |||
| 467 | |||
| 468 | #ifndef OPENSSL_NO_ECDH | ||
| 469 | static const int KDF1_SHA1_len = 20; | ||
| 470 | static void *KDF1_SHA1(const void *in, size_t inlen, void *out, size_t *outlen) | ||
| 471 | { | ||
| 472 | #ifndef OPENSSL_NO_SHA | ||
| 473 | if (*outlen < SHA_DIGEST_LENGTH) | ||
| 474 | return NULL; | ||
| 475 | else | ||
| 476 | *outlen = SHA_DIGEST_LENGTH; | ||
| 477 | return SHA1(in, inlen, out); | ||
| 478 | #else | ||
| 479 | return NULL; | ||
| 480 | #endif /* OPENSSL_NO_SHA */ | ||
| 481 | } | ||
| 482 | #endif /* OPENSSL_NO_ECDH */ | ||
| 483 | |||
| 370 | 484 | ||
| 371 | int MAIN(int, char **); | 485 | int MAIN(int, char **); |
| 372 | 486 | ||
| @@ -401,6 +515,12 @@ int MAIN(int argc, char **argv) | |||
| 401 | #endif | 515 | #endif |
| 402 | #ifndef OPENSSL_NO_SHA | 516 | #ifndef OPENSSL_NO_SHA |
| 403 | unsigned char sha[SHA_DIGEST_LENGTH]; | 517 | unsigned char sha[SHA_DIGEST_LENGTH]; |
| 518 | #ifndef OPENSSL_NO_SHA256 | ||
| 519 | unsigned char sha256[SHA256_DIGEST_LENGTH]; | ||
| 520 | #endif | ||
| 521 | #ifndef OPENSSL_NO_SHA512 | ||
| 522 | unsigned char sha512[SHA512_DIGEST_LENGTH]; | ||
| 523 | #endif | ||
| 404 | #endif | 524 | #endif |
| 405 | #ifndef OPENSSL_NO_RIPEMD | 525 | #ifndef OPENSSL_NO_RIPEMD |
| 406 | unsigned char rmd160[RIPEMD160_DIGEST_LENGTH]; | 526 | unsigned char rmd160[RIPEMD160_DIGEST_LENGTH]; |
| @@ -417,6 +537,9 @@ int MAIN(int argc, char **argv) | |||
| 417 | #ifndef OPENSSL_NO_IDEA | 537 | #ifndef OPENSSL_NO_IDEA |
| 418 | IDEA_KEY_SCHEDULE idea_ks; | 538 | IDEA_KEY_SCHEDULE idea_ks; |
| 419 | #endif | 539 | #endif |
| 540 | #ifndef OPENSSL_NO_SEED | ||
| 541 | SEED_KEY_SCHEDULE seed_ks; | ||
| 542 | #endif | ||
| 420 | #ifndef OPENSSL_NO_BF | 543 | #ifndef OPENSSL_NO_BF |
| 421 | BF_KEY bf_ks; | 544 | BF_KEY bf_ks; |
| 422 | #endif | 545 | #endif |
| @@ -426,6 +549,7 @@ int MAIN(int argc, char **argv) | |||
| 426 | static const unsigned char key16[16]= | 549 | static const unsigned char key16[16]= |
| 427 | {0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0, | 550 | {0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0, |
| 428 | 0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12}; | 551 | 0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12}; |
| 552 | #ifndef OPENSSL_NO_AES | ||
| 429 | static const unsigned char key24[24]= | 553 | static const unsigned char key24[24]= |
| 430 | {0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0, | 554 | {0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0, |
| 431 | 0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12, | 555 | 0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12, |
| @@ -435,13 +559,25 @@ int MAIN(int argc, char **argv) | |||
| 435 | 0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12, | 559 | 0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12, |
| 436 | 0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12,0x34, | 560 | 0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12,0x34, |
| 437 | 0x78,0x9a,0xbc,0xde,0xf0,0x12,0x34,0x56}; | 561 | 0x78,0x9a,0xbc,0xde,0xf0,0x12,0x34,0x56}; |
| 562 | #endif | ||
| 563 | #ifndef OPENSSL_NO_CAMELLIA | ||
| 564 | static const unsigned char ckey24[24]= | ||
| 565 | {0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0, | ||
| 566 | 0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12, | ||
| 567 | 0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12,0x34}; | ||
| 568 | static const unsigned char ckey32[32]= | ||
| 569 | {0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0, | ||
| 570 | 0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12, | ||
| 571 | 0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12,0x34, | ||
| 572 | 0x78,0x9a,0xbc,0xde,0xf0,0x12,0x34,0x56}; | ||
| 573 | #endif | ||
| 438 | #ifndef OPENSSL_NO_AES | 574 | #ifndef OPENSSL_NO_AES |
| 439 | #define MAX_BLOCK_SIZE 128 | 575 | #define MAX_BLOCK_SIZE 128 |
| 440 | #else | 576 | #else |
| 441 | #define MAX_BLOCK_SIZE 64 | 577 | #define MAX_BLOCK_SIZE 64 |
| 442 | #endif | 578 | #endif |
| 443 | unsigned char DES_iv[8]; | 579 | unsigned char DES_iv[8]; |
| 444 | unsigned char iv[MAX_BLOCK_SIZE/8]; | 580 | unsigned char iv[2*MAX_BLOCK_SIZE/8]; |
| 445 | #ifndef OPENSSL_NO_DES | 581 | #ifndef OPENSSL_NO_DES |
| 446 | DES_cblock *buf_as_des_cblock = NULL; | 582 | DES_cblock *buf_as_des_cblock = NULL; |
| 447 | static DES_cblock key ={0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0}; | 583 | static DES_cblock key ={0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0}; |
| @@ -454,6 +590,9 @@ int MAIN(int argc, char **argv) | |||
| 454 | #ifndef OPENSSL_NO_AES | 590 | #ifndef OPENSSL_NO_AES |
| 455 | AES_KEY aes_ks1, aes_ks2, aes_ks3; | 591 | AES_KEY aes_ks1, aes_ks2, aes_ks3; |
| 456 | #endif | 592 | #endif |
| 593 | #ifndef OPENSSL_NO_CAMELLIA | ||
| 594 | CAMELLIA_KEY camellia_ks1, camellia_ks2, camellia_ks3; | ||
| 595 | #endif | ||
| 457 | #define D_MD2 0 | 596 | #define D_MD2 0 |
| 458 | #define D_MDC2 1 | 597 | #define D_MDC2 1 |
| 459 | #define D_MD4 2 | 598 | #define D_MD4 2 |
| @@ -465,14 +604,23 @@ int MAIN(int argc, char **argv) | |||
| 465 | #define D_CBC_DES 8 | 604 | #define D_CBC_DES 8 |
| 466 | #define D_EDE3_DES 9 | 605 | #define D_EDE3_DES 9 |
| 467 | #define D_CBC_IDEA 10 | 606 | #define D_CBC_IDEA 10 |
| 468 | #define D_CBC_RC2 11 | 607 | #define D_CBC_SEED 11 |
| 469 | #define D_CBC_RC5 12 | 608 | #define D_CBC_RC2 12 |
| 470 | #define D_CBC_BF 13 | 609 | #define D_CBC_RC5 13 |
| 471 | #define D_CBC_CAST 14 | 610 | #define D_CBC_BF 14 |
| 472 | #define D_CBC_128_AES 15 | 611 | #define D_CBC_CAST 15 |
| 473 | #define D_CBC_192_AES 16 | 612 | #define D_CBC_128_AES 16 |
| 474 | #define D_CBC_256_AES 17 | 613 | #define D_CBC_192_AES 17 |
| 475 | #define D_EVP 18 | 614 | #define D_CBC_256_AES 18 |
| 615 | #define D_CBC_128_CML 19 | ||
| 616 | #define D_CBC_192_CML 20 | ||
| 617 | #define D_CBC_256_CML 21 | ||
| 618 | #define D_EVP 22 | ||
| 619 | #define D_SHA256 23 | ||
| 620 | #define D_SHA512 24 | ||
| 621 | #define D_IGE_128_AES 25 | ||
| 622 | #define D_IGE_192_AES 26 | ||
| 623 | #define D_IGE_256_AES 27 | ||
| 476 | double d=0.0; | 624 | double d=0.0; |
| 477 | long c[ALGOR_NUM][SIZE_NUM]; | 625 | long c[ALGOR_NUM][SIZE_NUM]; |
| 478 | #define R_DSA_512 0 | 626 | #define R_DSA_512 0 |
| @@ -482,6 +630,24 @@ int MAIN(int argc, char **argv) | |||
| 482 | #define R_RSA_1024 1 | 630 | #define R_RSA_1024 1 |
| 483 | #define R_RSA_2048 2 | 631 | #define R_RSA_2048 2 |
| 484 | #define R_RSA_4096 3 | 632 | #define R_RSA_4096 3 |
| 633 | |||
| 634 | #define R_EC_P160 0 | ||
| 635 | #define R_EC_P192 1 | ||
| 636 | #define R_EC_P224 2 | ||
| 637 | #define R_EC_P256 3 | ||
| 638 | #define R_EC_P384 4 | ||
| 639 | #define R_EC_P521 5 | ||
| 640 | #define R_EC_K163 6 | ||
| 641 | #define R_EC_K233 7 | ||
| 642 | #define R_EC_K283 8 | ||
| 643 | #define R_EC_K409 9 | ||
| 644 | #define R_EC_K571 10 | ||
| 645 | #define R_EC_B163 11 | ||
| 646 | #define R_EC_B233 12 | ||
| 647 | #define R_EC_B283 13 | ||
| 648 | #define R_EC_B409 14 | ||
| 649 | #define R_EC_B571 15 | ||
| 650 | |||
| 485 | #ifndef OPENSSL_NO_RSA | 651 | #ifndef OPENSSL_NO_RSA |
| 486 | RSA *rsa_key[RSA_NUM]; | 652 | RSA *rsa_key[RSA_NUM]; |
| 487 | long rsa_c[RSA_NUM][2]; | 653 | long rsa_c[RSA_NUM][2]; |
| @@ -497,8 +663,87 @@ int MAIN(int argc, char **argv) | |||
| 497 | long dsa_c[DSA_NUM][2]; | 663 | long dsa_c[DSA_NUM][2]; |
| 498 | static unsigned int dsa_bits[DSA_NUM]={512,1024,2048}; | 664 | static unsigned int dsa_bits[DSA_NUM]={512,1024,2048}; |
| 499 | #endif | 665 | #endif |
| 666 | #ifndef OPENSSL_NO_EC | ||
| 667 | /* We only test over the following curves as they are representative, | ||
| 668 | * To add tests over more curves, simply add the curve NID | ||
| 669 | * and curve name to the following arrays and increase the | ||
| 670 | * EC_NUM value accordingly. | ||
| 671 | */ | ||
| 672 | static unsigned int test_curves[EC_NUM] = | ||
| 673 | { | ||
| 674 | /* Prime Curves */ | ||
| 675 | NID_secp160r1, | ||
| 676 | NID_X9_62_prime192v1, | ||
| 677 | NID_secp224r1, | ||
| 678 | NID_X9_62_prime256v1, | ||
| 679 | NID_secp384r1, | ||
| 680 | NID_secp521r1, | ||
| 681 | /* Binary Curves */ | ||
| 682 | NID_sect163k1, | ||
| 683 | NID_sect233k1, | ||
| 684 | NID_sect283k1, | ||
| 685 | NID_sect409k1, | ||
| 686 | NID_sect571k1, | ||
| 687 | NID_sect163r2, | ||
| 688 | NID_sect233r1, | ||
| 689 | NID_sect283r1, | ||
| 690 | NID_sect409r1, | ||
| 691 | NID_sect571r1 | ||
| 692 | }; | ||
| 693 | static const char * test_curves_names[EC_NUM] = | ||
| 694 | { | ||
| 695 | /* Prime Curves */ | ||
| 696 | "secp160r1", | ||
| 697 | "nistp192", | ||
| 698 | "nistp224", | ||
| 699 | "nistp256", | ||
| 700 | "nistp384", | ||
| 701 | "nistp521", | ||
| 702 | /* Binary Curves */ | ||
| 703 | "nistk163", | ||
| 704 | "nistk233", | ||
| 705 | "nistk283", | ||
| 706 | "nistk409", | ||
| 707 | "nistk571", | ||
| 708 | "nistb163", | ||
| 709 | "nistb233", | ||
| 710 | "nistb283", | ||
| 711 | "nistb409", | ||
| 712 | "nistb571" | ||
| 713 | }; | ||
| 714 | static int test_curves_bits[EC_NUM] = | ||
| 715 | { | ||
| 716 | 160, 192, 224, 256, 384, 521, | ||
| 717 | 163, 233, 283, 409, 571, | ||
| 718 | 163, 233, 283, 409, 571 | ||
| 719 | }; | ||
| 720 | |||
| 721 | #endif | ||
| 722 | |||
| 723 | #ifndef OPENSSL_NO_ECDSA | ||
| 724 | unsigned char ecdsasig[256]; | ||
| 725 | unsigned int ecdsasiglen; | ||
| 726 | EC_KEY *ecdsa[EC_NUM]; | ||
| 727 | long ecdsa_c[EC_NUM][2]; | ||
| 728 | #endif | ||
| 729 | |||
| 730 | #ifndef OPENSSL_NO_ECDH | ||
| 731 | EC_KEY *ecdh_a[EC_NUM], *ecdh_b[EC_NUM]; | ||
| 732 | unsigned char secret_a[MAX_ECDH_SIZE], secret_b[MAX_ECDH_SIZE]; | ||
| 733 | int secret_size_a, secret_size_b; | ||
| 734 | int ecdh_checks = 0; | ||
| 735 | int secret_idx = 0; | ||
| 736 | long ecdh_c[EC_NUM][2]; | ||
| 737 | #endif | ||
| 738 | |||
| 500 | int rsa_doit[RSA_NUM]; | 739 | int rsa_doit[RSA_NUM]; |
| 501 | int dsa_doit[DSA_NUM]; | 740 | int dsa_doit[DSA_NUM]; |
| 741 | #ifndef OPENSSL_NO_ECDSA | ||
| 742 | int ecdsa_doit[EC_NUM]; | ||
| 743 | #endif | ||
| 744 | #ifndef OPENSSL_NO_ECDH | ||
| 745 | int ecdh_doit[EC_NUM]; | ||
| 746 | #endif | ||
| 502 | int doit[ALGOR_NUM]; | 747 | int doit[ALGOR_NUM]; |
| 503 | int pr_header=0; | 748 | int pr_header=0; |
| 504 | const EVP_CIPHER *evp_cipher=NULL; | 749 | const EVP_CIPHER *evp_cipher=NULL; |
| @@ -517,6 +762,17 @@ int MAIN(int argc, char **argv) | |||
| 517 | #ifndef OPENSSL_NO_DSA | 762 | #ifndef OPENSSL_NO_DSA |
| 518 | memset(dsa_key,0,sizeof(dsa_key)); | 763 | memset(dsa_key,0,sizeof(dsa_key)); |
| 519 | #endif | 764 | #endif |
| 765 | #ifndef OPENSSL_NO_ECDSA | ||
| 766 | for (i=0; i<EC_NUM; i++) ecdsa[i] = NULL; | ||
| 767 | #endif | ||
| 768 | #ifndef OPENSSL_NO_ECDH | ||
| 769 | for (i=0; i<EC_NUM; i++) | ||
| 770 | { | ||
| 771 | ecdh_a[i] = NULL; | ||
| 772 | ecdh_b[i] = NULL; | ||
| 773 | } | ||
| 774 | #endif | ||
| 775 | |||
| 520 | 776 | ||
| 521 | if (bio_err == NULL) | 777 | if (bio_err == NULL) |
| 522 | if ((bio_err=BIO_new(BIO_s_file())) != NULL) | 778 | if ((bio_err=BIO_new(BIO_s_file())) != NULL) |
| @@ -555,6 +811,15 @@ int MAIN(int argc, char **argv) | |||
| 555 | rsa_doit[i]=0; | 811 | rsa_doit[i]=0; |
| 556 | for (i=0; i<DSA_NUM; i++) | 812 | for (i=0; i<DSA_NUM; i++) |
| 557 | dsa_doit[i]=0; | 813 | dsa_doit[i]=0; |
| 814 | #ifndef OPENSSL_NO_ECDSA | ||
| 815 | for (i=0; i<EC_NUM; i++) | ||
| 816 | ecdsa_doit[i]=0; | ||
| 817 | #endif | ||
| 818 | #ifndef OPENSSL_NO_ECDH | ||
| 819 | for (i=0; i<EC_NUM; i++) | ||
| 820 | ecdh_doit[i]=0; | ||
| 821 | #endif | ||
| 822 | |||
| 558 | 823 | ||
| 559 | j=0; | 824 | j=0; |
| 560 | argc--; | 825 | argc--; |
| @@ -662,9 +927,19 @@ int MAIN(int argc, char **argv) | |||
| 662 | #ifndef OPENSSL_NO_SHA | 927 | #ifndef OPENSSL_NO_SHA |
| 663 | if (strcmp(*argv,"sha1") == 0) doit[D_SHA1]=1; | 928 | if (strcmp(*argv,"sha1") == 0) doit[D_SHA1]=1; |
| 664 | else | 929 | else |
| 665 | if (strcmp(*argv,"sha") == 0) doit[D_SHA1]=1; | 930 | if (strcmp(*argv,"sha") == 0) doit[D_SHA1]=1, |
| 931 | doit[D_SHA256]=1, | ||
| 932 | doit[D_SHA512]=1; | ||
| 933 | else | ||
| 934 | #ifndef OPENSSL_NO_SHA256 | ||
| 935 | if (strcmp(*argv,"sha256") == 0) doit[D_SHA256]=1; | ||
| 666 | else | 936 | else |
| 667 | #endif | 937 | #endif |
| 938 | #ifndef OPENSSL_NO_SHA512 | ||
| 939 | if (strcmp(*argv,"sha512") == 0) doit[D_SHA512]=1; | ||
| 940 | else | ||
| 941 | #endif | ||
| 942 | #endif | ||
| 668 | #ifndef OPENSSL_NO_RIPEMD | 943 | #ifndef OPENSSL_NO_RIPEMD |
| 669 | if (strcmp(*argv,"ripemd") == 0) doit[D_RMD160]=1; | 944 | if (strcmp(*argv,"ripemd") == 0) doit[D_RMD160]=1; |
| 670 | else | 945 | else |
| @@ -686,6 +961,15 @@ int MAIN(int argc, char **argv) | |||
| 686 | if (strcmp(*argv,"aes-128-cbc") == 0) doit[D_CBC_128_AES]=1; | 961 | if (strcmp(*argv,"aes-128-cbc") == 0) doit[D_CBC_128_AES]=1; |
| 687 | else if (strcmp(*argv,"aes-192-cbc") == 0) doit[D_CBC_192_AES]=1; | 962 | else if (strcmp(*argv,"aes-192-cbc") == 0) doit[D_CBC_192_AES]=1; |
| 688 | else if (strcmp(*argv,"aes-256-cbc") == 0) doit[D_CBC_256_AES]=1; | 963 | else if (strcmp(*argv,"aes-256-cbc") == 0) doit[D_CBC_256_AES]=1; |
| 964 | else if (strcmp(*argv,"aes-128-ige") == 0) doit[D_IGE_128_AES]=1; | ||
| 965 | else if (strcmp(*argv,"aes-192-ige") == 0) doit[D_IGE_192_AES]=1; | ||
| 966 | else if (strcmp(*argv,"aes-256-ige") == 0) doit[D_IGE_256_AES]=1; | ||
| 967 | else | ||
| 968 | #endif | ||
| 969 | #ifndef OPENSSL_NO_CAMELLIA | ||
| 970 | if (strcmp(*argv,"camellia-128-cbc") == 0) doit[D_CBC_128_CML]=1; | ||
| 971 | else if (strcmp(*argv,"camellia-192-cbc") == 0) doit[D_CBC_192_CML]=1; | ||
| 972 | else if (strcmp(*argv,"camellia-256-cbc") == 0) doit[D_CBC_256_CML]=1; | ||
| 689 | else | 973 | else |
| 690 | #endif | 974 | #endif |
| 691 | #ifndef OPENSSL_NO_RSA | 975 | #ifndef OPENSSL_NO_RSA |
| @@ -729,6 +1013,11 @@ int MAIN(int argc, char **argv) | |||
| 729 | else if (strcmp(*argv,"idea") == 0) doit[D_CBC_IDEA]=1; | 1013 | else if (strcmp(*argv,"idea") == 0) doit[D_CBC_IDEA]=1; |
| 730 | else | 1014 | else |
| 731 | #endif | 1015 | #endif |
| 1016 | #ifndef OPENSSL_NO_SEED | ||
| 1017 | if (strcmp(*argv,"seed-cbc") == 0) doit[D_CBC_SEED]=1; | ||
| 1018 | else if (strcmp(*argv,"seed") == 0) doit[D_CBC_SEED]=1; | ||
| 1019 | else | ||
| 1020 | #endif | ||
| 732 | #ifndef OPENSSL_NO_BF | 1021 | #ifndef OPENSSL_NO_BF |
| 733 | if (strcmp(*argv,"bf-cbc") == 0) doit[D_CBC_BF]=1; | 1022 | if (strcmp(*argv,"bf-cbc") == 0) doit[D_CBC_BF]=1; |
| 734 | else if (strcmp(*argv,"blowfish") == 0) doit[D_CBC_BF]=1; | 1023 | else if (strcmp(*argv,"blowfish") == 0) doit[D_CBC_BF]=1; |
| @@ -758,6 +1047,15 @@ int MAIN(int argc, char **argv) | |||
| 758 | } | 1047 | } |
| 759 | else | 1048 | else |
| 760 | #endif | 1049 | #endif |
| 1050 | #ifndef OPENSSL_NO_CAMELLIA | ||
| 1051 | if (strcmp(*argv,"camellia") == 0) | ||
| 1052 | { | ||
| 1053 | doit[D_CBC_128_CML]=1; | ||
| 1054 | doit[D_CBC_192_CML]=1; | ||
| 1055 | doit[D_CBC_256_CML]=1; | ||
| 1056 | } | ||
| 1057 | else | ||
| 1058 | #endif | ||
| 761 | #ifndef OPENSSL_NO_RSA | 1059 | #ifndef OPENSSL_NO_RSA |
| 762 | if (strcmp(*argv,"rsa") == 0) | 1060 | if (strcmp(*argv,"rsa") == 0) |
| 763 | { | 1061 | { |
| @@ -777,6 +1075,54 @@ int MAIN(int argc, char **argv) | |||
| 777 | } | 1075 | } |
| 778 | else | 1076 | else |
| 779 | #endif | 1077 | #endif |
| 1078 | #ifndef OPENSSL_NO_ECDSA | ||
| 1079 | if (strcmp(*argv,"ecdsap160") == 0) ecdsa_doit[R_EC_P160]=2; | ||
| 1080 | else if (strcmp(*argv,"ecdsap192") == 0) ecdsa_doit[R_EC_P192]=2; | ||
| 1081 | else if (strcmp(*argv,"ecdsap224") == 0) ecdsa_doit[R_EC_P224]=2; | ||
| 1082 | else if (strcmp(*argv,"ecdsap256") == 0) ecdsa_doit[R_EC_P256]=2; | ||
| 1083 | else if (strcmp(*argv,"ecdsap384") == 0) ecdsa_doit[R_EC_P384]=2; | ||
| 1084 | else if (strcmp(*argv,"ecdsap521") == 0) ecdsa_doit[R_EC_P521]=2; | ||
| 1085 | else if (strcmp(*argv,"ecdsak163") == 0) ecdsa_doit[R_EC_K163]=2; | ||
| 1086 | else if (strcmp(*argv,"ecdsak233") == 0) ecdsa_doit[R_EC_K233]=2; | ||
| 1087 | else if (strcmp(*argv,"ecdsak283") == 0) ecdsa_doit[R_EC_K283]=2; | ||
| 1088 | else if (strcmp(*argv,"ecdsak409") == 0) ecdsa_doit[R_EC_K409]=2; | ||
| 1089 | else if (strcmp(*argv,"ecdsak571") == 0) ecdsa_doit[R_EC_K571]=2; | ||
| 1090 | else if (strcmp(*argv,"ecdsab163") == 0) ecdsa_doit[R_EC_B163]=2; | ||
| 1091 | else if (strcmp(*argv,"ecdsab233") == 0) ecdsa_doit[R_EC_B233]=2; | ||
| 1092 | else if (strcmp(*argv,"ecdsab283") == 0) ecdsa_doit[R_EC_B283]=2; | ||
| 1093 | else if (strcmp(*argv,"ecdsab409") == 0) ecdsa_doit[R_EC_B409]=2; | ||
| 1094 | else if (strcmp(*argv,"ecdsab571") == 0) ecdsa_doit[R_EC_B571]=2; | ||
| 1095 | else if (strcmp(*argv,"ecdsa") == 0) | ||
| 1096 | { | ||
| 1097 | for (i=0; i < EC_NUM; i++) | ||
| 1098 | ecdsa_doit[i]=1; | ||
| 1099 | } | ||
| 1100 | else | ||
| 1101 | #endif | ||
| 1102 | #ifndef OPENSSL_NO_ECDH | ||
| 1103 | if (strcmp(*argv,"ecdhp160") == 0) ecdh_doit[R_EC_P160]=2; | ||
| 1104 | else if (strcmp(*argv,"ecdhp192") == 0) ecdh_doit[R_EC_P192]=2; | ||
| 1105 | else if (strcmp(*argv,"ecdhp224") == 0) ecdh_doit[R_EC_P224]=2; | ||
| 1106 | else if (strcmp(*argv,"ecdhp256") == 0) ecdh_doit[R_EC_P256]=2; | ||
| 1107 | else if (strcmp(*argv,"ecdhp384") == 0) ecdh_doit[R_EC_P384]=2; | ||
| 1108 | else if (strcmp(*argv,"ecdhp521") == 0) ecdh_doit[R_EC_P521]=2; | ||
| 1109 | else if (strcmp(*argv,"ecdhk163") == 0) ecdh_doit[R_EC_K163]=2; | ||
| 1110 | else if (strcmp(*argv,"ecdhk233") == 0) ecdh_doit[R_EC_K233]=2; | ||
| 1111 | else if (strcmp(*argv,"ecdhk283") == 0) ecdh_doit[R_EC_K283]=2; | ||
| 1112 | else if (strcmp(*argv,"ecdhk409") == 0) ecdh_doit[R_EC_K409]=2; | ||
| 1113 | else if (strcmp(*argv,"ecdhk571") == 0) ecdh_doit[R_EC_K571]=2; | ||
| 1114 | else if (strcmp(*argv,"ecdhb163") == 0) ecdh_doit[R_EC_B163]=2; | ||
| 1115 | else if (strcmp(*argv,"ecdhb233") == 0) ecdh_doit[R_EC_B233]=2; | ||
| 1116 | else if (strcmp(*argv,"ecdhb283") == 0) ecdh_doit[R_EC_B283]=2; | ||
| 1117 | else if (strcmp(*argv,"ecdhb409") == 0) ecdh_doit[R_EC_B409]=2; | ||
| 1118 | else if (strcmp(*argv,"ecdhb571") == 0) ecdh_doit[R_EC_B571]=2; | ||
| 1119 | else if (strcmp(*argv,"ecdh") == 0) | ||
| 1120 | { | ||
| 1121 | for (i=0; i < EC_NUM; i++) | ||
| 1122 | ecdh_doit[i]=1; | ||
| 1123 | } | ||
| 1124 | else | ||
| 1125 | #endif | ||
| 780 | { | 1126 | { |
| 781 | BIO_printf(bio_err,"Error: bad option or value\n"); | 1127 | BIO_printf(bio_err,"Error: bad option or value\n"); |
| 782 | BIO_printf(bio_err,"\n"); | 1128 | BIO_printf(bio_err,"\n"); |
| @@ -799,6 +1145,12 @@ int MAIN(int argc, char **argv) | |||
| 799 | #ifndef OPENSSL_NO_SHA1 | 1145 | #ifndef OPENSSL_NO_SHA1 |
| 800 | BIO_printf(bio_err,"sha1 "); | 1146 | BIO_printf(bio_err,"sha1 "); |
| 801 | #endif | 1147 | #endif |
| 1148 | #ifndef OPENSSL_NO_SHA256 | ||
| 1149 | BIO_printf(bio_err,"sha256 "); | ||
| 1150 | #endif | ||
| 1151 | #ifndef OPENSSL_NO_SHA512 | ||
| 1152 | BIO_printf(bio_err,"sha512 "); | ||
| 1153 | #endif | ||
| 802 | #ifndef OPENSSL_NO_RIPEMD160 | 1154 | #ifndef OPENSSL_NO_RIPEMD160 |
| 803 | BIO_printf(bio_err,"rmd160"); | 1155 | BIO_printf(bio_err,"rmd160"); |
| 804 | #endif | 1156 | #endif |
| @@ -811,6 +1163,9 @@ int MAIN(int argc, char **argv) | |||
| 811 | #ifndef OPENSSL_NO_IDEA | 1163 | #ifndef OPENSSL_NO_IDEA |
| 812 | BIO_printf(bio_err,"idea-cbc "); | 1164 | BIO_printf(bio_err,"idea-cbc "); |
| 813 | #endif | 1165 | #endif |
| 1166 | #ifndef OPENSSL_NO_SEED | ||
| 1167 | BIO_printf(bio_err,"seed-cbc "); | ||
| 1168 | #endif | ||
| 814 | #ifndef OPENSSL_NO_RC2 | 1169 | #ifndef OPENSSL_NO_RC2 |
| 815 | BIO_printf(bio_err,"rc2-cbc "); | 1170 | BIO_printf(bio_err,"rc2-cbc "); |
| 816 | #endif | 1171 | #endif |
| @@ -820,7 +1175,7 @@ int MAIN(int argc, char **argv) | |||
| 820 | #ifndef OPENSSL_NO_BF | 1175 | #ifndef OPENSSL_NO_BF |
| 821 | BIO_printf(bio_err,"bf-cbc"); | 1176 | BIO_printf(bio_err,"bf-cbc"); |
| 822 | #endif | 1177 | #endif |
| 823 | #if !defined(OPENSSL_NO_IDEA) || !defined(OPENSSL_NO_RC2) || \ | 1178 | #if !defined(OPENSSL_NO_IDEA) || !defined(OPENSSL_NO_SEED) || !defined(OPENSSL_NO_RC2) || \ |
| 824 | !defined(OPENSSL_NO_BF) || !defined(OPENSSL_NO_RC5) | 1179 | !defined(OPENSSL_NO_BF) || !defined(OPENSSL_NO_RC5) |
| 825 | BIO_printf(bio_err,"\n"); | 1180 | BIO_printf(bio_err,"\n"); |
| 826 | #endif | 1181 | #endif |
| @@ -829,6 +1184,11 @@ int MAIN(int argc, char **argv) | |||
| 829 | #endif | 1184 | #endif |
| 830 | #ifndef OPENSSL_NO_AES | 1185 | #ifndef OPENSSL_NO_AES |
| 831 | BIO_printf(bio_err,"aes-128-cbc aes-192-cbc aes-256-cbc "); | 1186 | BIO_printf(bio_err,"aes-128-cbc aes-192-cbc aes-256-cbc "); |
| 1187 | BIO_printf(bio_err,"aes-128-ige aes-192-ige aes-256-ige "); | ||
| 1188 | #endif | ||
| 1189 | #ifndef OPENSSL_NO_CAMELLIA | ||
| 1190 | BIO_printf(bio_err,"\n"); | ||
| 1191 | BIO_printf(bio_err,"camellia-128-cbc camellia-192-cbc camellia-256-cbc "); | ||
| 832 | #endif | 1192 | #endif |
| 833 | #ifndef OPENSSL_NO_RC4 | 1193 | #ifndef OPENSSL_NO_RC4 |
| 834 | BIO_printf(bio_err,"rc4"); | 1194 | BIO_printf(bio_err,"rc4"); |
| @@ -842,10 +1202,25 @@ int MAIN(int argc, char **argv) | |||
| 842 | #ifndef OPENSSL_NO_DSA | 1202 | #ifndef OPENSSL_NO_DSA |
| 843 | BIO_printf(bio_err,"dsa512 dsa1024 dsa2048\n"); | 1203 | BIO_printf(bio_err,"dsa512 dsa1024 dsa2048\n"); |
| 844 | #endif | 1204 | #endif |
| 1205 | #ifndef OPENSSL_NO_ECDSA | ||
| 1206 | BIO_printf(bio_err,"ecdsap160 ecdsap192 ecdsap224 ecdsap256 ecdsap384 ecdsap521\n"); | ||
| 1207 | BIO_printf(bio_err,"ecdsak163 ecdsak233 ecdsak283 ecdsak409 ecdsak571\n"); | ||
| 1208 | BIO_printf(bio_err,"ecdsab163 ecdsab233 ecdsab283 ecdsab409 ecdsab571\n"); | ||
| 1209 | BIO_printf(bio_err,"ecdsa\n"); | ||
| 1210 | #endif | ||
| 1211 | #ifndef OPENSSL_NO_ECDH | ||
| 1212 | BIO_printf(bio_err,"ecdhp160 ecdhp192 ecdhp224 ecdhp256 ecdhp384 ecdhp521\n"); | ||
| 1213 | BIO_printf(bio_err,"ecdhk163 ecdhk233 ecdhk283 ecdhk409 ecdhk571\n"); | ||
| 1214 | BIO_printf(bio_err,"ecdhb163 ecdhb233 ecdhb283 ecdhb409 ecdhb571\n"); | ||
| 1215 | BIO_printf(bio_err,"ecdh\n"); | ||
| 1216 | #endif | ||
| 845 | 1217 | ||
| 846 | #ifndef OPENSSL_NO_IDEA | 1218 | #ifndef OPENSSL_NO_IDEA |
| 847 | BIO_printf(bio_err,"idea "); | 1219 | BIO_printf(bio_err,"idea "); |
| 848 | #endif | 1220 | #endif |
| 1221 | #ifndef OPENSSL_NO_SEED | ||
| 1222 | BIO_printf(bio_err,"seed "); | ||
| 1223 | #endif | ||
| 849 | #ifndef OPENSSL_NO_RC2 | 1224 | #ifndef OPENSSL_NO_RC2 |
| 850 | BIO_printf(bio_err,"rc2 "); | 1225 | BIO_printf(bio_err,"rc2 "); |
| 851 | #endif | 1226 | #endif |
| @@ -855,15 +1230,19 @@ int MAIN(int argc, char **argv) | |||
| 855 | #ifndef OPENSSL_NO_AES | 1230 | #ifndef OPENSSL_NO_AES |
| 856 | BIO_printf(bio_err,"aes "); | 1231 | BIO_printf(bio_err,"aes "); |
| 857 | #endif | 1232 | #endif |
| 1233 | #ifndef OPENSSL_NO_CAMELLIA | ||
| 1234 | BIO_printf(bio_err,"camellia "); | ||
| 1235 | #endif | ||
| 858 | #ifndef OPENSSL_NO_RSA | 1236 | #ifndef OPENSSL_NO_RSA |
| 859 | BIO_printf(bio_err,"rsa "); | 1237 | BIO_printf(bio_err,"rsa "); |
| 860 | #endif | 1238 | #endif |
| 861 | #ifndef OPENSSL_NO_BF | 1239 | #ifndef OPENSSL_NO_BF |
| 862 | BIO_printf(bio_err,"blowfish"); | 1240 | BIO_printf(bio_err,"blowfish"); |
| 863 | #endif | 1241 | #endif |
| 864 | #if !defined(OPENSSL_NO_IDEA) || !defined(OPENSSL_NO_RC2) || \ | 1242 | #if !defined(OPENSSL_NO_IDEA) || !defined(OPENSSL_NO_SEED) || \ |
| 865 | !defined(OPENSSL_NO_DES) || !defined(OPENSSL_NO_RSA) || \ | 1243 | !defined(OPENSSL_NO_RC2) || !defined(OPENSSL_NO_DES) || \ |
| 866 | !defined(OPENSSL_NO_BF) || !defined(OPENSSL_NO_AES) | 1244 | !defined(OPENSSL_NO_RSA) || !defined(OPENSSL_NO_BF) || \ |
| 1245 | !defined(OPENSSL_NO_AES) || !defined(OPENSSL_NO_CAMELLIA) | ||
| 867 | BIO_printf(bio_err,"\n"); | 1246 | BIO_printf(bio_err,"\n"); |
| 868 | #endif | 1247 | #endif |
| 869 | 1248 | ||
| @@ -957,9 +1336,17 @@ int MAIN(int argc, char **argv) | |||
| 957 | AES_set_encrypt_key(key24,192,&aes_ks2); | 1336 | AES_set_encrypt_key(key24,192,&aes_ks2); |
| 958 | AES_set_encrypt_key(key32,256,&aes_ks3); | 1337 | AES_set_encrypt_key(key32,256,&aes_ks3); |
| 959 | #endif | 1338 | #endif |
| 1339 | #ifndef OPENSSL_NO_CAMELLIA | ||
| 1340 | Camellia_set_key(key16,128,&camellia_ks1); | ||
| 1341 | Camellia_set_key(ckey24,192,&camellia_ks2); | ||
| 1342 | Camellia_set_key(ckey32,256,&camellia_ks3); | ||
| 1343 | #endif | ||
| 960 | #ifndef OPENSSL_NO_IDEA | 1344 | #ifndef OPENSSL_NO_IDEA |
| 961 | idea_set_encrypt_key(key16,&idea_ks); | 1345 | idea_set_encrypt_key(key16,&idea_ks); |
| 962 | #endif | 1346 | #endif |
| 1347 | #ifndef OPENSSL_NO_SEED | ||
| 1348 | SEED_set_key(key16,&seed_ks); | ||
| 1349 | #endif | ||
| 963 | #ifndef OPENSSL_NO_RC4 | 1350 | #ifndef OPENSSL_NO_RC4 |
| 964 | RC4_set_key(&rc4_ks,16,key16); | 1351 | RC4_set_key(&rc4_ks,16,key16); |
| 965 | #endif | 1352 | #endif |
| @@ -983,10 +1370,10 @@ int MAIN(int argc, char **argv) | |||
| 983 | BIO_printf(bio_err,"First we calculate the approximate speed ...\n"); | 1370 | BIO_printf(bio_err,"First we calculate the approximate speed ...\n"); |
| 984 | count=10; | 1371 | count=10; |
| 985 | do { | 1372 | do { |
| 986 | long i; | 1373 | long it; |
| 987 | count*=2; | 1374 | count*=2; |
| 988 | Time_F(START); | 1375 | Time_F(START); |
| 989 | for (i=count; i; i--) | 1376 | for (it=count; it; it--) |
| 990 | DES_ecb_encrypt(buf_as_des_cblock,buf_as_des_cblock, | 1377 | DES_ecb_encrypt(buf_as_des_cblock,buf_as_des_cblock, |
| 991 | &sch,DES_ENCRYPT); | 1378 | &sch,DES_ENCRYPT); |
| 992 | d=Time_F(STOP); | 1379 | d=Time_F(STOP); |
| @@ -1003,6 +1390,7 @@ int MAIN(int argc, char **argv) | |||
| 1003 | c[D_CBC_DES][0]=count; | 1390 | c[D_CBC_DES][0]=count; |
| 1004 | c[D_EDE3_DES][0]=count/3; | 1391 | c[D_EDE3_DES][0]=count/3; |
| 1005 | c[D_CBC_IDEA][0]=count; | 1392 | c[D_CBC_IDEA][0]=count; |
| 1393 | c[D_CBC_SEED][0]=count; | ||
| 1006 | c[D_CBC_RC2][0]=count; | 1394 | c[D_CBC_RC2][0]=count; |
| 1007 | c[D_CBC_RC5][0]=count; | 1395 | c[D_CBC_RC5][0]=count; |
| 1008 | c[D_CBC_BF][0]=count; | 1396 | c[D_CBC_BF][0]=count; |
| @@ -1010,6 +1398,14 @@ int MAIN(int argc, char **argv) | |||
| 1010 | c[D_CBC_128_AES][0]=count; | 1398 | c[D_CBC_128_AES][0]=count; |
| 1011 | c[D_CBC_192_AES][0]=count; | 1399 | c[D_CBC_192_AES][0]=count; |
| 1012 | c[D_CBC_256_AES][0]=count; | 1400 | c[D_CBC_256_AES][0]=count; |
| 1401 | c[D_CBC_128_CML][0]=count; | ||
| 1402 | c[D_CBC_192_CML][0]=count; | ||
| 1403 | c[D_CBC_256_CML][0]=count; | ||
| 1404 | c[D_SHA256][0]=count; | ||
| 1405 | c[D_SHA512][0]=count; | ||
| 1406 | c[D_IGE_128_AES][0]=count; | ||
| 1407 | c[D_IGE_192_AES][0]=count; | ||
| 1408 | c[D_IGE_256_AES][0]=count; | ||
| 1013 | 1409 | ||
| 1014 | for (i=1; i<SIZE_NUM; i++) | 1410 | for (i=1; i<SIZE_NUM; i++) |
| 1015 | { | 1411 | { |
| @@ -1020,6 +1416,8 @@ int MAIN(int argc, char **argv) | |||
| 1020 | c[D_HMAC][i]=c[D_HMAC][0]*4*lengths[0]/lengths[i]; | 1416 | c[D_HMAC][i]=c[D_HMAC][0]*4*lengths[0]/lengths[i]; |
| 1021 | c[D_SHA1][i]=c[D_SHA1][0]*4*lengths[0]/lengths[i]; | 1417 | c[D_SHA1][i]=c[D_SHA1][0]*4*lengths[0]/lengths[i]; |
| 1022 | c[D_RMD160][i]=c[D_RMD160][0]*4*lengths[0]/lengths[i]; | 1418 | c[D_RMD160][i]=c[D_RMD160][0]*4*lengths[0]/lengths[i]; |
| 1419 | c[D_SHA256][i]=c[D_SHA256][0]*4*lengths[0]/lengths[i]; | ||
| 1420 | c[D_SHA512][i]=c[D_SHA512][0]*4*lengths[0]/lengths[i]; | ||
| 1023 | } | 1421 | } |
| 1024 | for (i=1; i<SIZE_NUM; i++) | 1422 | for (i=1; i<SIZE_NUM; i++) |
| 1025 | { | 1423 | { |
| @@ -1031,6 +1429,7 @@ int MAIN(int argc, char **argv) | |||
| 1031 | c[D_CBC_DES][i]=c[D_CBC_DES][i-1]*l0/l1; | 1429 | c[D_CBC_DES][i]=c[D_CBC_DES][i-1]*l0/l1; |
| 1032 | c[D_EDE3_DES][i]=c[D_EDE3_DES][i-1]*l0/l1; | 1430 | c[D_EDE3_DES][i]=c[D_EDE3_DES][i-1]*l0/l1; |
| 1033 | c[D_CBC_IDEA][i]=c[D_CBC_IDEA][i-1]*l0/l1; | 1431 | c[D_CBC_IDEA][i]=c[D_CBC_IDEA][i-1]*l0/l1; |
| 1432 | c[D_CBC_SEED][i]=c[D_CBC_SEED][i-1]*l0/l1; | ||
| 1034 | c[D_CBC_RC2][i]=c[D_CBC_RC2][i-1]*l0/l1; | 1433 | c[D_CBC_RC2][i]=c[D_CBC_RC2][i-1]*l0/l1; |
| 1035 | c[D_CBC_RC5][i]=c[D_CBC_RC5][i-1]*l0/l1; | 1434 | c[D_CBC_RC5][i]=c[D_CBC_RC5][i-1]*l0/l1; |
| 1036 | c[D_CBC_BF][i]=c[D_CBC_BF][i-1]*l0/l1; | 1435 | c[D_CBC_BF][i]=c[D_CBC_BF][i-1]*l0/l1; |
| @@ -1038,6 +1437,12 @@ int MAIN(int argc, char **argv) | |||
| 1038 | c[D_CBC_128_AES][i]=c[D_CBC_128_AES][i-1]*l0/l1; | 1437 | c[D_CBC_128_AES][i]=c[D_CBC_128_AES][i-1]*l0/l1; |
| 1039 | c[D_CBC_192_AES][i]=c[D_CBC_192_AES][i-1]*l0/l1; | 1438 | c[D_CBC_192_AES][i]=c[D_CBC_192_AES][i-1]*l0/l1; |
| 1040 | c[D_CBC_256_AES][i]=c[D_CBC_256_AES][i-1]*l0/l1; | 1439 | c[D_CBC_256_AES][i]=c[D_CBC_256_AES][i-1]*l0/l1; |
| 1440 | c[D_CBC_128_CML][i]=c[D_CBC_128_CML][i-1]*l0/l1; | ||
| 1441 | c[D_CBC_192_CML][i]=c[D_CBC_192_CML][i-1]*l0/l1; | ||
| 1442 | c[D_CBC_256_CML][i]=c[D_CBC_256_CML][i-1]*l0/l1; | ||
| 1443 | c[D_IGE_128_AES][i]=c[D_IGE_128_AES][i-1]*l0/l1; | ||
| 1444 | c[D_IGE_192_AES][i]=c[D_IGE_192_AES][i-1]*l0/l1; | ||
| 1445 | c[D_IGE_256_AES][i]=c[D_IGE_256_AES][i-1]*l0/l1; | ||
| 1041 | } | 1446 | } |
| 1042 | #ifndef OPENSSL_NO_RSA | 1447 | #ifndef OPENSSL_NO_RSA |
| 1043 | rsa_c[R_RSA_512][0]=count/2000; | 1448 | rsa_c[R_RSA_512][0]=count/2000; |
| @@ -1079,6 +1484,114 @@ int MAIN(int argc, char **argv) | |||
| 1079 | } | 1484 | } |
| 1080 | #endif | 1485 | #endif |
| 1081 | 1486 | ||
| 1487 | #ifndef OPENSSL_NO_ECDSA | ||
| 1488 | ecdsa_c[R_EC_P160][0]=count/1000; | ||
| 1489 | ecdsa_c[R_EC_P160][1]=count/1000/2; | ||
| 1490 | for (i=R_EC_P192; i<=R_EC_P521; i++) | ||
| 1491 | { | ||
| 1492 | ecdsa_c[i][0]=ecdsa_c[i-1][0]/2; | ||
| 1493 | ecdsa_c[i][1]=ecdsa_c[i-1][1]/2; | ||
| 1494 | if ((ecdsa_doit[i] <= 1) && (ecdsa_c[i][0] == 0)) | ||
| 1495 | ecdsa_doit[i]=0; | ||
| 1496 | else | ||
| 1497 | { | ||
| 1498 | if (ecdsa_c[i] == 0) | ||
| 1499 | { | ||
| 1500 | ecdsa_c[i][0]=1; | ||
| 1501 | ecdsa_c[i][1]=1; | ||
| 1502 | } | ||
| 1503 | } | ||
| 1504 | } | ||
| 1505 | ecdsa_c[R_EC_K163][0]=count/1000; | ||
| 1506 | ecdsa_c[R_EC_K163][1]=count/1000/2; | ||
| 1507 | for (i=R_EC_K233; i<=R_EC_K571; i++) | ||
| 1508 | { | ||
| 1509 | ecdsa_c[i][0]=ecdsa_c[i-1][0]/2; | ||
| 1510 | ecdsa_c[i][1]=ecdsa_c[i-1][1]/2; | ||
| 1511 | if ((ecdsa_doit[i] <= 1) && (ecdsa_c[i][0] == 0)) | ||
| 1512 | ecdsa_doit[i]=0; | ||
| 1513 | else | ||
| 1514 | { | ||
| 1515 | if (ecdsa_c[i] == 0) | ||
| 1516 | { | ||
| 1517 | ecdsa_c[i][0]=1; | ||
| 1518 | ecdsa_c[i][1]=1; | ||
| 1519 | } | ||
| 1520 | } | ||
| 1521 | } | ||
| 1522 | ecdsa_c[R_EC_B163][0]=count/1000; | ||
| 1523 | ecdsa_c[R_EC_B163][1]=count/1000/2; | ||
| 1524 | for (i=R_EC_B233; i<=R_EC_B571; i++) | ||
| 1525 | { | ||
| 1526 | ecdsa_c[i][0]=ecdsa_c[i-1][0]/2; | ||
| 1527 | ecdsa_c[i][1]=ecdsa_c[i-1][1]/2; | ||
| 1528 | if ((ecdsa_doit[i] <= 1) && (ecdsa_c[i][0] == 0)) | ||
| 1529 | ecdsa_doit[i]=0; | ||
| 1530 | else | ||
| 1531 | { | ||
| 1532 | if (ecdsa_c[i] == 0) | ||
| 1533 | { | ||
| 1534 | ecdsa_c[i][0]=1; | ||
| 1535 | ecdsa_c[i][1]=1; | ||
| 1536 | } | ||
| 1537 | } | ||
| 1538 | } | ||
| 1539 | #endif | ||
| 1540 | |||
| 1541 | #ifndef OPENSSL_NO_ECDH | ||
| 1542 | ecdh_c[R_EC_P160][0]=count/1000; | ||
| 1543 | ecdh_c[R_EC_P160][1]=count/1000; | ||
| 1544 | for (i=R_EC_P192; i<=R_EC_P521; i++) | ||
| 1545 | { | ||
| 1546 | ecdh_c[i][0]=ecdh_c[i-1][0]/2; | ||
| 1547 | ecdh_c[i][1]=ecdh_c[i-1][1]/2; | ||
| 1548 | if ((ecdh_doit[i] <= 1) && (ecdh_c[i][0] == 0)) | ||
| 1549 | ecdh_doit[i]=0; | ||
| 1550 | else | ||
| 1551 | { | ||
| 1552 | if (ecdh_c[i] == 0) | ||
| 1553 | { | ||
| 1554 | ecdh_c[i][0]=1; | ||
| 1555 | ecdh_c[i][1]=1; | ||
| 1556 | } | ||
| 1557 | } | ||
| 1558 | } | ||
| 1559 | ecdh_c[R_EC_K163][0]=count/1000; | ||
| 1560 | ecdh_c[R_EC_K163][1]=count/1000; | ||
| 1561 | for (i=R_EC_K233; i<=R_EC_K571; i++) | ||
| 1562 | { | ||
| 1563 | ecdh_c[i][0]=ecdh_c[i-1][0]/2; | ||
| 1564 | ecdh_c[i][1]=ecdh_c[i-1][1]/2; | ||
| 1565 | if ((ecdh_doit[i] <= 1) && (ecdh_c[i][0] == 0)) | ||
| 1566 | ecdh_doit[i]=0; | ||
| 1567 | else | ||
| 1568 | { | ||
| 1569 | if (ecdh_c[i] == 0) | ||
| 1570 | { | ||
| 1571 | ecdh_c[i][0]=1; | ||
| 1572 | ecdh_c[i][1]=1; | ||
| 1573 | } | ||
| 1574 | } | ||
| 1575 | } | ||
| 1576 | ecdh_c[R_EC_B163][0]=count/1000; | ||
| 1577 | ecdh_c[R_EC_B163][1]=count/1000; | ||
| 1578 | for (i=R_EC_B233; i<=R_EC_B571; i++) | ||
| 1579 | { | ||
| 1580 | ecdh_c[i][0]=ecdh_c[i-1][0]/2; | ||
| 1581 | ecdh_c[i][1]=ecdh_c[i-1][1]/2; | ||
| 1582 | if ((ecdh_doit[i] <= 1) && (ecdh_c[i][0] == 0)) | ||
| 1583 | ecdh_doit[i]=0; | ||
| 1584 | else | ||
| 1585 | { | ||
| 1586 | if (ecdh_c[i] == 0) | ||
| 1587 | { | ||
| 1588 | ecdh_c[i][0]=1; | ||
| 1589 | ecdh_c[i][1]=1; | ||
| 1590 | } | ||
| 1591 | } | ||
| 1592 | } | ||
| 1593 | #endif | ||
| 1594 | |||
| 1082 | #define COND(d) (count < (d)) | 1595 | #define COND(d) (count < (d)) |
| 1083 | #define COUNT(d) (d) | 1596 | #define COUNT(d) (d) |
| 1084 | #else | 1597 | #else |
| @@ -1188,6 +1701,37 @@ int MAIN(int argc, char **argv) | |||
| 1188 | print_result(D_SHA1,j,count,d); | 1701 | print_result(D_SHA1,j,count,d); |
| 1189 | } | 1702 | } |
| 1190 | } | 1703 | } |
| 1704 | |||
| 1705 | #ifndef OPENSSL_NO_SHA256 | ||
| 1706 | if (doit[D_SHA256]) | ||
| 1707 | { | ||
| 1708 | for (j=0; j<SIZE_NUM; j++) | ||
| 1709 | { | ||
| 1710 | print_message(names[D_SHA256],c[D_SHA256][j],lengths[j]); | ||
| 1711 | Time_F(START); | ||
| 1712 | for (count=0,run=1; COND(c[D_SHA256][j]); count++) | ||
| 1713 | SHA256(buf,lengths[j],sha256); | ||
| 1714 | d=Time_F(STOP); | ||
| 1715 | print_result(D_SHA256,j,count,d); | ||
| 1716 | } | ||
| 1717 | } | ||
| 1718 | #endif | ||
| 1719 | |||
| 1720 | #ifndef OPENSSL_NO_SHA512 | ||
| 1721 | if (doit[D_SHA512]) | ||
| 1722 | { | ||
| 1723 | for (j=0; j<SIZE_NUM; j++) | ||
| 1724 | { | ||
| 1725 | print_message(names[D_SHA512],c[D_SHA512][j],lengths[j]); | ||
| 1726 | Time_F(START); | ||
| 1727 | for (count=0,run=1; COND(c[D_SHA512][j]); count++) | ||
| 1728 | SHA512(buf,lengths[j],sha512); | ||
| 1729 | d=Time_F(STOP); | ||
| 1730 | print_result(D_SHA512,j,count,d); | ||
| 1731 | } | ||
| 1732 | } | ||
| 1733 | #endif | ||
| 1734 | |||
| 1191 | #endif | 1735 | #endif |
| 1192 | #ifndef OPENSSL_NO_RIPEMD | 1736 | #ifndef OPENSSL_NO_RIPEMD |
| 1193 | if (doit[D_RMD160]) | 1737 | if (doit[D_RMD160]) |
| @@ -1292,6 +1836,93 @@ int MAIN(int argc, char **argv) | |||
| 1292 | } | 1836 | } |
| 1293 | } | 1837 | } |
| 1294 | 1838 | ||
| 1839 | if (doit[D_IGE_128_AES]) | ||
| 1840 | { | ||
| 1841 | for (j=0; j<SIZE_NUM; j++) | ||
| 1842 | { | ||
| 1843 | print_message(names[D_IGE_128_AES],c[D_IGE_128_AES][j],lengths[j]); | ||
| 1844 | Time_F(START); | ||
| 1845 | for (count=0,run=1; COND(c[D_IGE_128_AES][j]); count++) | ||
| 1846 | AES_ige_encrypt(buf,buf2, | ||
| 1847 | (unsigned long)lengths[j],&aes_ks1, | ||
| 1848 | iv,AES_ENCRYPT); | ||
| 1849 | d=Time_F(STOP); | ||
| 1850 | print_result(D_IGE_128_AES,j,count,d); | ||
| 1851 | } | ||
| 1852 | } | ||
| 1853 | if (doit[D_IGE_192_AES]) | ||
| 1854 | { | ||
| 1855 | for (j=0; j<SIZE_NUM; j++) | ||
| 1856 | { | ||
| 1857 | print_message(names[D_IGE_192_AES],c[D_IGE_192_AES][j],lengths[j]); | ||
| 1858 | Time_F(START); | ||
| 1859 | for (count=0,run=1; COND(c[D_IGE_192_AES][j]); count++) | ||
| 1860 | AES_ige_encrypt(buf,buf2, | ||
| 1861 | (unsigned long)lengths[j],&aes_ks2, | ||
| 1862 | iv,AES_ENCRYPT); | ||
| 1863 | d=Time_F(STOP); | ||
| 1864 | print_result(D_IGE_192_AES,j,count,d); | ||
| 1865 | } | ||
| 1866 | } | ||
| 1867 | if (doit[D_IGE_256_AES]) | ||
| 1868 | { | ||
| 1869 | for (j=0; j<SIZE_NUM; j++) | ||
| 1870 | { | ||
| 1871 | print_message(names[D_IGE_256_AES],c[D_IGE_256_AES][j],lengths[j]); | ||
| 1872 | Time_F(START); | ||
| 1873 | for (count=0,run=1; COND(c[D_IGE_256_AES][j]); count++) | ||
| 1874 | AES_ige_encrypt(buf,buf2, | ||
| 1875 | (unsigned long)lengths[j],&aes_ks3, | ||
| 1876 | iv,AES_ENCRYPT); | ||
| 1877 | d=Time_F(STOP); | ||
| 1878 | print_result(D_IGE_256_AES,j,count,d); | ||
| 1879 | } | ||
| 1880 | } | ||
| 1881 | #endif | ||
| 1882 | #ifndef OPENSSL_NO_CAMELLIA | ||
| 1883 | if (doit[D_CBC_128_CML]) | ||
| 1884 | { | ||
| 1885 | for (j=0; j<SIZE_NUM; j++) | ||
| 1886 | { | ||
| 1887 | print_message(names[D_CBC_128_CML],c[D_CBC_128_CML][j],lengths[j]); | ||
| 1888 | Time_F(START); | ||
| 1889 | for (count=0,run=1; COND(c[D_CBC_128_CML][j]); count++) | ||
| 1890 | Camellia_cbc_encrypt(buf,buf, | ||
| 1891 | (unsigned long)lengths[j],&camellia_ks1, | ||
| 1892 | iv,CAMELLIA_ENCRYPT); | ||
| 1893 | d=Time_F(STOP); | ||
| 1894 | print_result(D_CBC_128_CML,j,count,d); | ||
| 1895 | } | ||
| 1896 | } | ||
| 1897 | if (doit[D_CBC_192_CML]) | ||
| 1898 | { | ||
| 1899 | for (j=0; j<SIZE_NUM; j++) | ||
| 1900 | { | ||
| 1901 | print_message(names[D_CBC_192_CML],c[D_CBC_192_CML][j],lengths[j]); | ||
| 1902 | Time_F(START); | ||
| 1903 | for (count=0,run=1; COND(c[D_CBC_192_CML][j]); count++) | ||
| 1904 | Camellia_cbc_encrypt(buf,buf, | ||
| 1905 | (unsigned long)lengths[j],&camellia_ks2, | ||
| 1906 | iv,CAMELLIA_ENCRYPT); | ||
| 1907 | d=Time_F(STOP); | ||
| 1908 | print_result(D_CBC_192_CML,j,count,d); | ||
| 1909 | } | ||
| 1910 | } | ||
| 1911 | if (doit[D_CBC_256_CML]) | ||
| 1912 | { | ||
| 1913 | for (j=0; j<SIZE_NUM; j++) | ||
| 1914 | { | ||
| 1915 | print_message(names[D_CBC_256_CML],c[D_CBC_256_CML][j],lengths[j]); | ||
| 1916 | Time_F(START); | ||
| 1917 | for (count=0,run=1; COND(c[D_CBC_256_CML][j]); count++) | ||
| 1918 | Camellia_cbc_encrypt(buf,buf, | ||
| 1919 | (unsigned long)lengths[j],&camellia_ks3, | ||
| 1920 | iv,CAMELLIA_ENCRYPT); | ||
| 1921 | d=Time_F(STOP); | ||
| 1922 | print_result(D_CBC_256_CML,j,count,d); | ||
| 1923 | } | ||
| 1924 | } | ||
| 1925 | |||
| 1295 | #endif | 1926 | #endif |
| 1296 | #ifndef OPENSSL_NO_IDEA | 1927 | #ifndef OPENSSL_NO_IDEA |
| 1297 | if (doit[D_CBC_IDEA]) | 1928 | if (doit[D_CBC_IDEA]) |
| @@ -1309,6 +1940,21 @@ int MAIN(int argc, char **argv) | |||
| 1309 | } | 1940 | } |
| 1310 | } | 1941 | } |
| 1311 | #endif | 1942 | #endif |
| 1943 | #ifndef OPENSSL_NO_SEED | ||
| 1944 | if (doit[D_CBC_SEED]) | ||
| 1945 | { | ||
| 1946 | for (j=0; j<SIZE_NUM; j++) | ||
| 1947 | { | ||
| 1948 | print_message(names[D_CBC_SEED],c[D_CBC_SEED][j],lengths[j]); | ||
| 1949 | Time_F(START); | ||
| 1950 | for (count=0,run=1; COND(c[D_CBC_SEED][j]); count++) | ||
| 1951 | SEED_cbc_encrypt(buf,buf, | ||
| 1952 | (unsigned long)lengths[j],&seed_ks,iv,1); | ||
| 1953 | d=Time_F(STOP); | ||
| 1954 | print_result(D_CBC_SEED,j,count,d); | ||
| 1955 | } | ||
| 1956 | } | ||
| 1957 | #endif | ||
| 1312 | #ifndef OPENSSL_NO_RC2 | 1958 | #ifndef OPENSSL_NO_RC2 |
| 1313 | if (doit[D_CBC_RC2]) | 1959 | if (doit[D_CBC_RC2]) |
| 1314 | { | 1960 | { |
| @@ -1605,6 +2251,217 @@ int MAIN(int argc, char **argv) | |||
| 1605 | } | 2251 | } |
| 1606 | if (rnd_fake) RAND_cleanup(); | 2252 | if (rnd_fake) RAND_cleanup(); |
| 1607 | #endif | 2253 | #endif |
| 2254 | |||
| 2255 | #ifndef OPENSSL_NO_ECDSA | ||
| 2256 | if (RAND_status() != 1) | ||
| 2257 | { | ||
| 2258 | RAND_seed(rnd_seed, sizeof rnd_seed); | ||
| 2259 | rnd_fake = 1; | ||
| 2260 | } | ||
| 2261 | for (j=0; j<EC_NUM; j++) | ||
| 2262 | { | ||
| 2263 | int ret; | ||
| 2264 | |||
| 2265 | if (!ecdsa_doit[j]) continue; /* Ignore Curve */ | ||
| 2266 | ecdsa[j] = EC_KEY_new_by_curve_name(test_curves[j]); | ||
| 2267 | if (ecdsa[j] == NULL) | ||
| 2268 | { | ||
| 2269 | BIO_printf(bio_err,"ECDSA failure.\n"); | ||
| 2270 | ERR_print_errors(bio_err); | ||
| 2271 | rsa_count=1; | ||
| 2272 | } | ||
| 2273 | else | ||
| 2274 | { | ||
| 2275 | #if 1 | ||
| 2276 | EC_KEY_precompute_mult(ecdsa[j], NULL); | ||
| 2277 | #endif | ||
| 2278 | /* Perform ECDSA signature test */ | ||
| 2279 | EC_KEY_generate_key(ecdsa[j]); | ||
| 2280 | ret = ECDSA_sign(0, buf, 20, ecdsasig, | ||
| 2281 | &ecdsasiglen, ecdsa[j]); | ||
| 2282 | if (ret == 0) | ||
| 2283 | { | ||
| 2284 | BIO_printf(bio_err,"ECDSA sign failure. No ECDSA sign will be done.\n"); | ||
| 2285 | ERR_print_errors(bio_err); | ||
| 2286 | rsa_count=1; | ||
| 2287 | } | ||
| 2288 | else | ||
| 2289 | { | ||
| 2290 | pkey_print_message("sign","ecdsa", | ||
| 2291 | ecdsa_c[j][0], | ||
| 2292 | test_curves_bits[j], | ||
| 2293 | ECDSA_SECONDS); | ||
| 2294 | |||
| 2295 | Time_F(START); | ||
| 2296 | for (count=0,run=1; COND(ecdsa_c[j][0]); | ||
| 2297 | count++) | ||
| 2298 | { | ||
| 2299 | ret=ECDSA_sign(0, buf, 20, | ||
| 2300 | ecdsasig, &ecdsasiglen, | ||
| 2301 | ecdsa[j]); | ||
| 2302 | if (ret == 0) | ||
| 2303 | { | ||
| 2304 | BIO_printf(bio_err, "ECDSA sign failure\n"); | ||
| 2305 | ERR_print_errors(bio_err); | ||
| 2306 | count=1; | ||
| 2307 | break; | ||
| 2308 | } | ||
| 2309 | } | ||
| 2310 | d=Time_F(STOP); | ||
| 2311 | |||
| 2312 | BIO_printf(bio_err, mr ? "+R5:%ld:%d:%.2f\n" : | ||
| 2313 | "%ld %d bit ECDSA signs in %.2fs \n", | ||
| 2314 | count, test_curves_bits[j], d); | ||
| 2315 | ecdsa_results[j][0]=d/(double)count; | ||
| 2316 | rsa_count=count; | ||
| 2317 | } | ||
| 2318 | |||
| 2319 | /* Perform ECDSA verification test */ | ||
| 2320 | ret=ECDSA_verify(0, buf, 20, ecdsasig, | ||
| 2321 | ecdsasiglen, ecdsa[j]); | ||
| 2322 | if (ret != 1) | ||
| 2323 | { | ||
| 2324 | BIO_printf(bio_err,"ECDSA verify failure. No ECDSA verify will be done.\n"); | ||
| 2325 | ERR_print_errors(bio_err); | ||
| 2326 | ecdsa_doit[j] = 0; | ||
| 2327 | } | ||
| 2328 | else | ||
| 2329 | { | ||
| 2330 | pkey_print_message("verify","ecdsa", | ||
| 2331 | ecdsa_c[j][1], | ||
| 2332 | test_curves_bits[j], | ||
| 2333 | ECDSA_SECONDS); | ||
| 2334 | Time_F(START); | ||
| 2335 | for (count=0,run=1; COND(ecdsa_c[j][1]); count++) | ||
| 2336 | { | ||
| 2337 | ret=ECDSA_verify(0, buf, 20, ecdsasig, ecdsasiglen, ecdsa[j]); | ||
| 2338 | if (ret != 1) | ||
| 2339 | { | ||
| 2340 | BIO_printf(bio_err, "ECDSA verify failure\n"); | ||
| 2341 | ERR_print_errors(bio_err); | ||
| 2342 | count=1; | ||
| 2343 | break; | ||
| 2344 | } | ||
| 2345 | } | ||
| 2346 | d=Time_F(STOP); | ||
| 2347 | BIO_printf(bio_err, mr? "+R6:%ld:%d:%.2f\n" | ||
| 2348 | : "%ld %d bit ECDSA verify in %.2fs\n", | ||
| 2349 | count, test_curves_bits[j], d); | ||
| 2350 | ecdsa_results[j][1]=d/(double)count; | ||
| 2351 | } | ||
| 2352 | |||
| 2353 | if (rsa_count <= 1) | ||
| 2354 | { | ||
| 2355 | /* if longer than 10s, don't do any more */ | ||
| 2356 | for (j++; j<EC_NUM; j++) | ||
| 2357 | ecdsa_doit[j]=0; | ||
| 2358 | } | ||
| 2359 | } | ||
| 2360 | } | ||
| 2361 | if (rnd_fake) RAND_cleanup(); | ||
| 2362 | #endif | ||
| 2363 | |||
| 2364 | #ifndef OPENSSL_NO_ECDH | ||
| 2365 | if (RAND_status() != 1) | ||
| 2366 | { | ||
| 2367 | RAND_seed(rnd_seed, sizeof rnd_seed); | ||
| 2368 | rnd_fake = 1; | ||
| 2369 | } | ||
| 2370 | for (j=0; j<EC_NUM; j++) | ||
| 2371 | { | ||
| 2372 | if (!ecdh_doit[j]) continue; | ||
| 2373 | ecdh_a[j] = EC_KEY_new_by_curve_name(test_curves[j]); | ||
| 2374 | ecdh_b[j] = EC_KEY_new_by_curve_name(test_curves[j]); | ||
| 2375 | if ((ecdh_a[j] == NULL) || (ecdh_b[j] == NULL)) | ||
| 2376 | { | ||
| 2377 | BIO_printf(bio_err,"ECDH failure.\n"); | ||
| 2378 | ERR_print_errors(bio_err); | ||
| 2379 | rsa_count=1; | ||
| 2380 | } | ||
| 2381 | else | ||
| 2382 | { | ||
| 2383 | /* generate two ECDH key pairs */ | ||
| 2384 | if (!EC_KEY_generate_key(ecdh_a[j]) || | ||
| 2385 | !EC_KEY_generate_key(ecdh_b[j])) | ||
| 2386 | { | ||
| 2387 | BIO_printf(bio_err,"ECDH key generation failure.\n"); | ||
| 2388 | ERR_print_errors(bio_err); | ||
| 2389 | rsa_count=1; | ||
| 2390 | } | ||
| 2391 | else | ||
| 2392 | { | ||
| 2393 | /* If field size is not more than 24 octets, then use SHA-1 hash of result; | ||
| 2394 | * otherwise, use result (see section 4.8 of draft-ietf-tls-ecc-03.txt). | ||
| 2395 | */ | ||
| 2396 | int field_size, outlen; | ||
| 2397 | void *(*kdf)(const void *in, size_t inlen, void *out, size_t *xoutlen); | ||
| 2398 | field_size = EC_GROUP_get_degree(EC_KEY_get0_group(ecdh_a[j])); | ||
| 2399 | if (field_size <= 24 * 8) | ||
| 2400 | { | ||
| 2401 | outlen = KDF1_SHA1_len; | ||
| 2402 | kdf = KDF1_SHA1; | ||
| 2403 | } | ||
| 2404 | else | ||
| 2405 | { | ||
| 2406 | outlen = (field_size+7)/8; | ||
| 2407 | kdf = NULL; | ||
| 2408 | } | ||
| 2409 | secret_size_a = ECDH_compute_key(secret_a, outlen, | ||
| 2410 | EC_KEY_get0_public_key(ecdh_b[j]), | ||
| 2411 | ecdh_a[j], kdf); | ||
| 2412 | secret_size_b = ECDH_compute_key(secret_b, outlen, | ||
| 2413 | EC_KEY_get0_public_key(ecdh_a[j]), | ||
| 2414 | ecdh_b[j], kdf); | ||
| 2415 | if (secret_size_a != secret_size_b) | ||
| 2416 | ecdh_checks = 0; | ||
| 2417 | else | ||
| 2418 | ecdh_checks = 1; | ||
| 2419 | |||
| 2420 | for (secret_idx = 0; | ||
| 2421 | (secret_idx < secret_size_a) | ||
| 2422 | && (ecdh_checks == 1); | ||
| 2423 | secret_idx++) | ||
| 2424 | { | ||
| 2425 | if (secret_a[secret_idx] != secret_b[secret_idx]) | ||
| 2426 | ecdh_checks = 0; | ||
| 2427 | } | ||
| 2428 | |||
| 2429 | if (ecdh_checks == 0) | ||
| 2430 | { | ||
| 2431 | BIO_printf(bio_err,"ECDH computations don't match.\n"); | ||
| 2432 | ERR_print_errors(bio_err); | ||
| 2433 | rsa_count=1; | ||
| 2434 | } | ||
| 2435 | |||
| 2436 | pkey_print_message("","ecdh", | ||
| 2437 | ecdh_c[j][0], | ||
| 2438 | test_curves_bits[j], | ||
| 2439 | ECDH_SECONDS); | ||
| 2440 | Time_F(START); | ||
| 2441 | for (count=0,run=1; COND(ecdh_c[j][0]); count++) | ||
| 2442 | { | ||
| 2443 | ECDH_compute_key(secret_a, outlen, | ||
| 2444 | EC_KEY_get0_public_key(ecdh_b[j]), | ||
| 2445 | ecdh_a[j], kdf); | ||
| 2446 | } | ||
| 2447 | d=Time_F(STOP); | ||
| 2448 | BIO_printf(bio_err, mr ? "+R7:%ld:%d:%.2f\n" :"%ld %d-bit ECDH ops in %.2fs\n", | ||
| 2449 | count, test_curves_bits[j], d); | ||
| 2450 | ecdh_results[j][0]=d/(double)count; | ||
| 2451 | rsa_count=count; | ||
| 2452 | } | ||
| 2453 | } | ||
| 2454 | |||
| 2455 | |||
| 2456 | if (rsa_count <= 1) | ||
| 2457 | { | ||
| 2458 | /* if longer than 10s, don't do any more */ | ||
| 2459 | for (j++; j<EC_NUM; j++) | ||
| 2460 | ecdh_doit[j]=0; | ||
| 2461 | } | ||
| 2462 | } | ||
| 2463 | if (rnd_fake) RAND_cleanup(); | ||
| 2464 | #endif | ||
| 1608 | #ifdef HAVE_FORK | 2465 | #ifdef HAVE_FORK |
| 1609 | show_res: | 2466 | show_res: |
| 1610 | #endif | 2467 | #endif |
| @@ -1645,7 +2502,10 @@ show_res: | |||
| 1645 | #endif | 2502 | #endif |
| 1646 | #ifdef HZ | 2503 | #ifdef HZ |
| 1647 | #define as_string(s) (#s) | 2504 | #define as_string(s) (#s) |
| 1648 | printf("HZ=%g", (double)HZ); | 2505 | { |
| 2506 | double dbl = HZ; | ||
| 2507 | printf("HZ=%g", dbl); | ||
| 2508 | } | ||
| 1649 | # ifdef _SC_CLK_TCK | 2509 | # ifdef _SC_CLK_TCK |
| 1650 | printf(" [sysconf value]"); | 2510 | printf(" [sysconf value]"); |
| 1651 | # endif | 2511 | # endif |
| @@ -1730,7 +2590,57 @@ show_res: | |||
| 1730 | 1.0/dsa_results[k][0],1.0/dsa_results[k][1]); | 2590 | 1.0/dsa_results[k][0],1.0/dsa_results[k][1]); |
| 1731 | } | 2591 | } |
| 1732 | #endif | 2592 | #endif |
| 2593 | #ifndef OPENSSL_NO_ECDSA | ||
| 2594 | j=1; | ||
| 2595 | for (k=0; k<EC_NUM; k++) | ||
| 2596 | { | ||
| 2597 | if (!ecdsa_doit[k]) continue; | ||
| 2598 | if (j && !mr) | ||
| 2599 | { | ||
| 2600 | printf("%30ssign verify sign/s verify/s\n"," "); | ||
| 2601 | j=0; | ||
| 2602 | } | ||
| 2603 | |||
| 2604 | if (mr) | ||
| 2605 | fprintf(stdout,"+F4:%u:%u:%f:%f\n", | ||
| 2606 | k, test_curves_bits[k], | ||
| 2607 | ecdsa_results[k][0],ecdsa_results[k][1]); | ||
| 2608 | else | ||
| 2609 | fprintf(stdout, | ||
| 2610 | "%4u bit ecdsa (%s) %8.4fs %8.4fs %8.1f %8.1f\n", | ||
| 2611 | test_curves_bits[k], | ||
| 2612 | test_curves_names[k], | ||
| 2613 | ecdsa_results[k][0],ecdsa_results[k][1], | ||
| 2614 | 1.0/ecdsa_results[k][0],1.0/ecdsa_results[k][1]); | ||
| 2615 | } | ||
| 2616 | #endif | ||
| 2617 | |||
| 2618 | |||
| 2619 | #ifndef OPENSSL_NO_ECDH | ||
| 2620 | j=1; | ||
| 2621 | for (k=0; k<EC_NUM; k++) | ||
| 2622 | { | ||
| 2623 | if (!ecdh_doit[k]) continue; | ||
| 2624 | if (j && !mr) | ||
| 2625 | { | ||
| 2626 | printf("%30sop op/s\n"," "); | ||
| 2627 | j=0; | ||
| 2628 | } | ||
| 2629 | if (mr) | ||
| 2630 | fprintf(stdout,"+F5:%u:%u:%f:%f\n", | ||
| 2631 | k, test_curves_bits[k], | ||
| 2632 | ecdh_results[k][0], 1.0/ecdh_results[k][0]); | ||
| 2633 | |||
| 2634 | else | ||
| 2635 | fprintf(stdout,"%4u bit ecdh (%s) %8.4fs %8.1f\n", | ||
| 2636 | test_curves_bits[k], | ||
| 2637 | test_curves_names[k], | ||
| 2638 | ecdh_results[k][0], 1.0/ecdh_results[k][0]); | ||
| 2639 | } | ||
| 2640 | #endif | ||
| 2641 | |||
| 1733 | mret=0; | 2642 | mret=0; |
| 2643 | |||
| 1734 | end: | 2644 | end: |
| 1735 | ERR_print_errors(bio_err); | 2645 | ERR_print_errors(bio_err); |
| 1736 | if (buf != NULL) OPENSSL_free(buf); | 2646 | if (buf != NULL) OPENSSL_free(buf); |
| @@ -1745,6 +2655,22 @@ end: | |||
| 1745 | if (dsa_key[i] != NULL) | 2655 | if (dsa_key[i] != NULL) |
| 1746 | DSA_free(dsa_key[i]); | 2656 | DSA_free(dsa_key[i]); |
| 1747 | #endif | 2657 | #endif |
| 2658 | |||
| 2659 | #ifndef OPENSSL_NO_ECDSA | ||
| 2660 | for (i=0; i<EC_NUM; i++) | ||
| 2661 | if (ecdsa[i] != NULL) | ||
| 2662 | EC_KEY_free(ecdsa[i]); | ||
| 2663 | #endif | ||
| 2664 | #ifndef OPENSSL_NO_ECDH | ||
| 2665 | for (i=0; i<EC_NUM; i++) | ||
| 2666 | { | ||
| 2667 | if (ecdh_a[i] != NULL) | ||
| 2668 | EC_KEY_free(ecdh_a[i]); | ||
| 2669 | if (ecdh_b[i] != NULL) | ||
| 2670 | EC_KEY_free(ecdh_b[i]); | ||
| 2671 | } | ||
| 2672 | #endif | ||
| 2673 | |||
| 1748 | apps_shutdown(); | 2674 | apps_shutdown(); |
| 1749 | OPENSSL_EXIT(mret); | 2675 | OPENSSL_EXIT(mret); |
| 1750 | } | 2676 | } |
| @@ -1766,8 +2692,8 @@ static void print_message(const char *s, long num, int length) | |||
| 1766 | #endif | 2692 | #endif |
| 1767 | } | 2693 | } |
| 1768 | 2694 | ||
| 1769 | static void pkey_print_message(char *str, char *str2, long num, int bits, | 2695 | static void pkey_print_message(const char *str, const char *str2, long num, |
| 1770 | int tm) | 2696 | int bits, int tm) |
| 1771 | { | 2697 | { |
| 1772 | #ifdef SIGALRM | 2698 | #ifdef SIGALRM |
| 1773 | BIO_printf(bio_err,mr ? "+DTP:%d:%s:%s:%d\n" | 2699 | BIO_printf(bio_err,mr ? "+DTP:%d:%s:%s:%d\n" |
| @@ -1786,11 +2712,12 @@ static void pkey_print_message(char *str, char *str2, long num, int bits, | |||
| 1786 | 2712 | ||
| 1787 | static void print_result(int alg,int run_no,int count,double time_used) | 2713 | static void print_result(int alg,int run_no,int count,double time_used) |
| 1788 | { | 2714 | { |
| 1789 | BIO_printf(bio_err,mr ? "+R:%ld:%s:%f\n" | 2715 | BIO_printf(bio_err,mr ? "+R:%d:%s:%f\n" |
| 1790 | : "%ld %s's in %.2fs\n",count,names[alg],time_used); | 2716 | : "%d %s's in %.2fs\n",count,names[alg],time_used); |
| 1791 | results[alg][run_no]=((double)count)/time_used*lengths[run_no]; | 2717 | results[alg][run_no]=((double)count)/time_used*lengths[run_no]; |
| 1792 | } | 2718 | } |
| 1793 | 2719 | ||
| 2720 | #ifdef HAVE_FORK | ||
| 1794 | static char *sstrsep(char **string, const char *delim) | 2721 | static char *sstrsep(char **string, const char *delim) |
| 1795 | { | 2722 | { |
| 1796 | char isdelim[256]; | 2723 | char isdelim[256]; |
| @@ -1822,7 +2749,6 @@ static char *sstrsep(char **string, const char *delim) | |||
| 1822 | return token; | 2749 | return token; |
| 1823 | } | 2750 | } |
| 1824 | 2751 | ||
| 1825 | #ifdef HAVE_FORK | ||
| 1826 | static int do_multi(int multi) | 2752 | static int do_multi(int multi) |
| 1827 | { | 2753 | { |
| 1828 | int n; | 2754 | int n; |
| @@ -1946,6 +2872,49 @@ static int do_multi(int multi) | |||
| 1946 | else | 2872 | else |
| 1947 | dsa_results[k][1]=d; | 2873 | dsa_results[k][1]=d; |
| 1948 | } | 2874 | } |
| 2875 | #ifndef OPENSSL_NO_ECDSA | ||
| 2876 | else if(!strncmp(buf,"+F4:",4)) | ||
| 2877 | { | ||
| 2878 | int k; | ||
| 2879 | double d; | ||
| 2880 | |||
| 2881 | p=buf+4; | ||
| 2882 | k=atoi(sstrsep(&p,sep)); | ||
| 2883 | sstrsep(&p,sep); | ||
| 2884 | |||
| 2885 | d=atof(sstrsep(&p,sep)); | ||
| 2886 | if(n) | ||
| 2887 | ecdsa_results[k][0]=1/(1/ecdsa_results[k][0]+1/d); | ||
| 2888 | else | ||
| 2889 | ecdsa_results[k][0]=d; | ||
| 2890 | |||
| 2891 | d=atof(sstrsep(&p,sep)); | ||
| 2892 | if(n) | ||
| 2893 | ecdsa_results[k][1]=1/(1/ecdsa_results[k][1]+1/d); | ||
| 2894 | else | ||
| 2895 | ecdsa_results[k][1]=d; | ||
| 2896 | } | ||
| 2897 | #endif | ||
| 2898 | |||
| 2899 | #ifndef OPENSSL_NO_ECDH | ||
| 2900 | else if(!strncmp(buf,"+F5:",4)) | ||
| 2901 | { | ||
| 2902 | int k; | ||
| 2903 | double d; | ||
| 2904 | |||
| 2905 | p=buf+4; | ||
| 2906 | k=atoi(sstrsep(&p,sep)); | ||
| 2907 | sstrsep(&p,sep); | ||
| 2908 | |||
| 2909 | d=atof(sstrsep(&p,sep)); | ||
| 2910 | if(n) | ||
| 2911 | ecdh_results[k][0]=1/(1/ecdh_results[k][0]+1/d); | ||
| 2912 | else | ||
| 2913 | ecdh_results[k][0]=d; | ||
| 2914 | |||
| 2915 | } | ||
| 2916 | #endif | ||
| 2917 | |||
| 1949 | else if(!strncmp(buf,"+H:",3)) | 2918 | else if(!strncmp(buf,"+H:",3)) |
| 1950 | { | 2919 | { |
| 1951 | } | 2920 | } |
diff --git a/src/lib/libssl/src/apps/spkac.c b/src/lib/libssl/src/apps/spkac.c index 47ee53f1ee..0191d0a783 100644 --- a/src/lib/libssl/src/apps/spkac.c +++ b/src/lib/libssl/src/apps/spkac.c | |||
| @@ -87,7 +87,8 @@ int MAIN(int argc, char **argv) | |||
| 87 | int verify=0,noout=0,pubkey=0; | 87 | int verify=0,noout=0,pubkey=0; |
| 88 | char *infile = NULL,*outfile = NULL,*prog; | 88 | char *infile = NULL,*outfile = NULL,*prog; |
| 89 | char *passargin = NULL, *passin = NULL; | 89 | char *passargin = NULL, *passin = NULL; |
| 90 | char *spkac = "SPKAC", *spksect = "default", *spkstr = NULL; | 90 | const char *spkac = "SPKAC", *spksect = "default"; |
| 91 | char *spkstr = NULL; | ||
| 91 | char *challenge = NULL, *keyfile = NULL; | 92 | char *challenge = NULL, *keyfile = NULL; |
| 92 | CONF *conf = NULL; | 93 | CONF *conf = NULL; |
| 93 | NETSCAPE_SPKI *spki = NULL; | 94 | NETSCAPE_SPKI *spki = NULL; |
| @@ -200,7 +201,7 @@ bad: | |||
| 200 | } | 201 | } |
| 201 | spki = NETSCAPE_SPKI_new(); | 202 | spki = NETSCAPE_SPKI_new(); |
| 202 | if(challenge) ASN1_STRING_set(spki->spkac->challenge, | 203 | if(challenge) ASN1_STRING_set(spki->spkac->challenge, |
| 203 | challenge, strlen(challenge)); | 204 | challenge, (int)strlen(challenge)); |
| 204 | NETSCAPE_SPKI_set_pubkey(spki, pkey); | 205 | NETSCAPE_SPKI_set_pubkey(spki, pkey); |
| 205 | NETSCAPE_SPKI_sign(spki, pkey, EVP_md5()); | 206 | NETSCAPE_SPKI_sign(spki, pkey, EVP_md5()); |
| 206 | spkstr = NETSCAPE_SPKI_b64_encode(spki); | 207 | spkstr = NETSCAPE_SPKI_b64_encode(spki); |
diff --git a/src/lib/libssl/src/apps/verify.c b/src/lib/libssl/src/apps/verify.c index d73280cdd0..9ff32cb068 100644 --- a/src/lib/libssl/src/apps/verify.c +++ b/src/lib/libssl/src/apps/verify.c | |||
| @@ -79,13 +79,14 @@ int MAIN(int, char **); | |||
| 79 | int MAIN(int argc, char **argv) | 79 | int MAIN(int argc, char **argv) |
| 80 | { | 80 | { |
| 81 | ENGINE *e = NULL; | 81 | ENGINE *e = NULL; |
| 82 | int i,ret=1; | 82 | int i,ret=1, badarg = 0; |
| 83 | int purpose = -1; | 83 | int purpose = -1; |
| 84 | char *CApath=NULL,*CAfile=NULL; | 84 | char *CApath=NULL,*CAfile=NULL; |
| 85 | char *untfile = NULL, *trustfile = NULL; | 85 | char *untfile = NULL, *trustfile = NULL; |
| 86 | STACK_OF(X509) *untrusted = NULL, *trusted = NULL; | 86 | STACK_OF(X509) *untrusted = NULL, *trusted = NULL; |
| 87 | X509_STORE *cert_ctx=NULL; | 87 | X509_STORE *cert_ctx=NULL; |
| 88 | X509_LOOKUP *lookup=NULL; | 88 | X509_LOOKUP *lookup=NULL; |
| 89 | X509_VERIFY_PARAM *vpm = NULL; | ||
| 89 | #ifndef OPENSSL_NO_ENGINE | 90 | #ifndef OPENSSL_NO_ENGINE |
| 90 | char *engine=NULL; | 91 | char *engine=NULL; |
| 91 | #endif | 92 | #endif |
| @@ -121,18 +122,12 @@ int MAIN(int argc, char **argv) | |||
| 121 | if (argc-- < 1) goto end; | 122 | if (argc-- < 1) goto end; |
| 122 | CAfile= *(++argv); | 123 | CAfile= *(++argv); |
| 123 | } | 124 | } |
| 124 | else if (strcmp(*argv,"-purpose") == 0) | 125 | else if (args_verify(&argv, &argc, &badarg, bio_err, |
| 126 | &vpm)) | ||
| 125 | { | 127 | { |
| 126 | X509_PURPOSE *xptmp; | 128 | if (badarg) |
| 127 | if (argc-- < 1) goto end; | ||
| 128 | i = X509_PURPOSE_get_by_sname(*(++argv)); | ||
| 129 | if(i < 0) | ||
| 130 | { | ||
| 131 | BIO_printf(bio_err, "unrecognized purpose\n"); | ||
| 132 | goto end; | 129 | goto end; |
| 133 | } | 130 | continue; |
| 134 | xptmp = X509_PURPOSE_get0(i); | ||
| 135 | purpose = X509_PURPOSE_get_id(xptmp); | ||
| 136 | } | 131 | } |
| 137 | else if (strcmp(*argv,"-untrusted") == 0) | 132 | else if (strcmp(*argv,"-untrusted") == 0) |
| 138 | { | 133 | { |
| @@ -153,14 +148,6 @@ int MAIN(int argc, char **argv) | |||
| 153 | #endif | 148 | #endif |
| 154 | else if (strcmp(*argv,"-help") == 0) | 149 | else if (strcmp(*argv,"-help") == 0) |
| 155 | goto end; | 150 | goto end; |
| 156 | else if (strcmp(*argv,"-ignore_critical") == 0) | ||
| 157 | vflags |= X509_V_FLAG_IGNORE_CRITICAL; | ||
| 158 | else if (strcmp(*argv,"-issuer_checks") == 0) | ||
| 159 | vflags |= X509_V_FLAG_CB_ISSUER_CHECK; | ||
| 160 | else if (strcmp(*argv,"-crl_check") == 0) | ||
| 161 | vflags |= X509_V_FLAG_CRL_CHECK; | ||
| 162 | else if (strcmp(*argv,"-crl_check_all") == 0) | ||
| 163 | vflags |= X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL; | ||
| 164 | else if (strcmp(*argv,"-verbose") == 0) | 151 | else if (strcmp(*argv,"-verbose") == 0) |
| 165 | v_verbose=1; | 152 | v_verbose=1; |
| 166 | else if (argv[0][0] == '-') | 153 | else if (argv[0][0] == '-') |
| @@ -178,6 +165,9 @@ int MAIN(int argc, char **argv) | |||
| 178 | e = setup_engine(bio_err, engine, 0); | 165 | e = setup_engine(bio_err, engine, 0); |
| 179 | #endif | 166 | #endif |
| 180 | 167 | ||
| 168 | if (vpm) | ||
| 169 | X509_STORE_set1_param(cert_ctx, vpm); | ||
| 170 | |||
| 181 | lookup=X509_STORE_add_lookup(cert_ctx,X509_LOOKUP_file()); | 171 | lookup=X509_STORE_add_lookup(cert_ctx,X509_LOOKUP_file()); |
| 182 | if (lookup == NULL) abort(); | 172 | if (lookup == NULL) abort(); |
| 183 | if (CAfile) { | 173 | if (CAfile) { |
| @@ -238,6 +228,7 @@ end: | |||
| 238 | X509_PURPOSE_get0_name(ptmp)); | 228 | X509_PURPOSE_get0_name(ptmp)); |
| 239 | } | 229 | } |
| 240 | } | 230 | } |
| 231 | if (vpm) X509_VERIFY_PARAM_free(vpm); | ||
| 241 | if (cert_ctx != NULL) X509_STORE_free(cert_ctx); | 232 | if (cert_ctx != NULL) X509_STORE_free(cert_ctx); |
| 242 | sk_X509_pop_free(untrusted, X509_free); | 233 | sk_X509_pop_free(untrusted, X509_free); |
| 243 | sk_X509_pop_free(trusted, X509_free); | 234 | sk_X509_pop_free(trusted, X509_free); |
| @@ -339,10 +330,13 @@ static int MS_CALLBACK cb(int ok, X509_STORE_CTX *ctx) | |||
| 339 | 330 | ||
| 340 | if (!ok) | 331 | if (!ok) |
| 341 | { | 332 | { |
| 342 | X509_NAME_oneline( | 333 | if (ctx->current_cert) |
| 334 | { | ||
| 335 | X509_NAME_oneline( | ||
| 343 | X509_get_subject_name(ctx->current_cert),buf, | 336 | X509_get_subject_name(ctx->current_cert),buf, |
| 344 | sizeof buf); | 337 | sizeof buf); |
| 345 | printf("%s\n",buf); | 338 | printf("%s\n",buf); |
| 339 | } | ||
| 346 | printf("error %d at %d depth lookup:%s\n",ctx->error, | 340 | printf("error %d at %d depth lookup:%s\n",ctx->error, |
| 347 | ctx->error_depth, | 341 | ctx->error_depth, |
| 348 | X509_verify_cert_error_string(ctx->error)); | 342 | X509_verify_cert_error_string(ctx->error)); |
| @@ -361,7 +355,14 @@ static int MS_CALLBACK cb(int ok, X509_STORE_CTX *ctx) | |||
| 361 | if (ctx->error == X509_V_ERR_CRL_HAS_EXPIRED) ok=1; | 355 | if (ctx->error == X509_V_ERR_CRL_HAS_EXPIRED) ok=1; |
| 362 | if (ctx->error == X509_V_ERR_CRL_NOT_YET_VALID) ok=1; | 356 | if (ctx->error == X509_V_ERR_CRL_NOT_YET_VALID) ok=1; |
| 363 | if (ctx->error == X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION) ok=1; | 357 | if (ctx->error == X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION) ok=1; |
| 358 | |||
| 359 | if (ctx->error == X509_V_ERR_NO_EXPLICIT_POLICY) | ||
| 360 | policies_print(NULL, ctx); | ||
| 361 | return ok; | ||
| 362 | |||
| 364 | } | 363 | } |
| 364 | if ((ctx->error == X509_V_OK) && (ok == 2)) | ||
| 365 | policies_print(NULL, ctx); | ||
| 365 | if (!v_verbose) | 366 | if (!v_verbose) |
| 366 | ERR_clear_error(); | 367 | ERR_clear_error(); |
| 367 | return(ok); | 368 | return(ok); |
diff --git a/src/lib/libssl/src/apps/version.c b/src/lib/libssl/src/apps/version.c index 0843b67565..69ef3e1bad 100644 --- a/src/lib/libssl/src/apps/version.c +++ b/src/lib/libssl/src/apps/version.c | |||
| @@ -115,6 +115,7 @@ | |||
| 115 | #include "apps.h" | 115 | #include "apps.h" |
| 116 | #include <openssl/evp.h> | 116 | #include <openssl/evp.h> |
| 117 | #include <openssl/crypto.h> | 117 | #include <openssl/crypto.h> |
| 118 | #include <openssl/bn.h> | ||
| 118 | #ifndef OPENSSL_NO_MD2 | 119 | #ifndef OPENSSL_NO_MD2 |
| 119 | # include <openssl/md2.h> | 120 | # include <openssl/md2.h> |
| 120 | #endif | 121 | #endif |
| @@ -172,7 +173,19 @@ int MAIN(int argc, char **argv) | |||
| 172 | } | 173 | } |
| 173 | } | 174 | } |
| 174 | 175 | ||
| 175 | if (version) printf("%s\n",SSLeay_version(SSLEAY_VERSION)); | 176 | if (version) |
| 177 | { | ||
| 178 | if (SSLeay() == SSLEAY_VERSION_NUMBER) | ||
| 179 | { | ||
| 180 | printf("%s\n",SSLeay_version(SSLEAY_VERSION)); | ||
| 181 | } | ||
| 182 | else | ||
| 183 | { | ||
| 184 | printf("%s (Library: %s)\n", | ||
| 185 | OPENSSL_VERSION_TEXT, | ||
| 186 | SSLeay_version(SSLEAY_VERSION)); | ||
| 187 | } | ||
| 188 | } | ||
| 176 | if (date) printf("%s\n",SSLeay_version(SSLEAY_BUILT_ON)); | 189 | if (date) printf("%s\n",SSLeay_version(SSLEAY_BUILT_ON)); |
| 177 | if (platform) printf("%s\n",SSLeay_version(SSLEAY_PLATFORM)); | 190 | if (platform) printf("%s\n",SSLeay_version(SSLEAY_PLATFORM)); |
| 178 | if (options) | 191 | if (options) |
diff --git a/src/lib/libssl/src/apps/x509.c b/src/lib/libssl/src/apps/x509.c index e7115cac67..f6938356f8 100644 --- a/src/lib/libssl/src/apps/x509.c +++ b/src/lib/libssl/src/apps/x509.c | |||
| @@ -73,6 +73,12 @@ | |||
| 73 | #include <openssl/x509v3.h> | 73 | #include <openssl/x509v3.h> |
| 74 | #include <openssl/objects.h> | 74 | #include <openssl/objects.h> |
| 75 | #include <openssl/pem.h> | 75 | #include <openssl/pem.h> |
| 76 | #ifndef OPENSSL_NO_RSA | ||
| 77 | #include <openssl/rsa.h> | ||
| 78 | #endif | ||
| 79 | #ifndef OPENSSL_NO_DSA | ||
| 80 | #include <openssl/dsa.h> | ||
| 81 | #endif | ||
| 76 | 82 | ||
| 77 | #undef PROG | 83 | #undef PROG |
| 78 | #define PROG x509_main | 84 | #define PROG x509_main |
| @@ -81,7 +87,7 @@ | |||
| 81 | #define POSTFIX ".srl" | 87 | #define POSTFIX ".srl" |
| 82 | #define DEF_DAYS 30 | 88 | #define DEF_DAYS 30 |
| 83 | 89 | ||
| 84 | static char *x509_usage[]={ | 90 | static const char *x509_usage[]={ |
| 85 | "usage: x509 args\n", | 91 | "usage: x509 args\n", |
| 86 | " -inform arg - input format - default PEM (one of DER, NET or PEM)\n", | 92 | " -inform arg - input format - default PEM (one of DER, NET or PEM)\n", |
| 87 | " -outform arg - output format - default PEM (one of DER, NET or PEM)\n", | 93 | " -outform arg - output format - default PEM (one of DER, NET or PEM)\n", |
| @@ -92,7 +98,9 @@ static char *x509_usage[]={ | |||
| 92 | " -out arg - output file - default stdout\n", | 98 | " -out arg - output file - default stdout\n", |
| 93 | " -passin arg - private key password source\n", | 99 | " -passin arg - private key password source\n", |
| 94 | " -serial - print serial number value\n", | 100 | " -serial - print serial number value\n", |
| 95 | " -hash - print hash value\n", | 101 | " -subject_hash - print subject hash value\n", |
| 102 | " -issuer_hash - print issuer hash value\n", | ||
| 103 | " -hash - synonym for -subject_hash\n", | ||
| 96 | " -subject - print subject DN\n", | 104 | " -subject - print subject DN\n", |
| 97 | " -issuer - print issuer DN\n", | 105 | " -issuer - print issuer DN\n", |
| 98 | " -email - print email address(es)\n", | 106 | " -email - print email address(es)\n", |
| @@ -106,6 +114,7 @@ static char *x509_usage[]={ | |||
| 106 | " -alias - output certificate alias\n", | 114 | " -alias - output certificate alias\n", |
| 107 | " -noout - no certificate output\n", | 115 | " -noout - no certificate output\n", |
| 108 | " -ocspid - print OCSP hash values for the subject name and public key\n", | 116 | " -ocspid - print OCSP hash values for the subject name and public key\n", |
| 117 | " -ocspurl - print OCSP Responder URL(s)\n", | ||
| 109 | " -trustout - output a \"trusted\" certificate\n", | 118 | " -trustout - output a \"trusted\" certificate\n", |
| 110 | " -clrtrust - clear all trusted purposes\n", | 119 | " -clrtrust - clear all trusted purposes\n", |
| 111 | " -clrreject - clear all rejected purposes\n", | 120 | " -clrreject - clear all rejected purposes\n", |
| @@ -167,19 +176,21 @@ int MAIN(int argc, char **argv) | |||
| 167 | char *infile=NULL,*outfile=NULL,*keyfile=NULL,*CAfile=NULL; | 176 | char *infile=NULL,*outfile=NULL,*keyfile=NULL,*CAfile=NULL; |
| 168 | char *CAkeyfile=NULL,*CAserial=NULL; | 177 | char *CAkeyfile=NULL,*CAserial=NULL; |
| 169 | char *alias=NULL; | 178 | char *alias=NULL; |
| 170 | int text=0,serial=0,hash=0,subject=0,issuer=0,startdate=0,enddate=0; | 179 | int text=0,serial=0,subject=0,issuer=0,startdate=0,enddate=0; |
| 171 | int next_serial=0,ocspid=0; | 180 | int next_serial=0; |
| 181 | int subject_hash=0,issuer_hash=0,ocspid=0; | ||
| 172 | int noout=0,sign_flag=0,CA_flag=0,CA_createserial=0,email=0; | 182 | int noout=0,sign_flag=0,CA_flag=0,CA_createserial=0,email=0; |
| 183 | int ocsp_uri=0; | ||
| 173 | int trustout=0,clrtrust=0,clrreject=0,aliasout=0,clrext=0; | 184 | int trustout=0,clrtrust=0,clrreject=0,aliasout=0,clrext=0; |
| 174 | int C=0; | 185 | int C=0; |
| 175 | int x509req=0,days=DEF_DAYS,modulus=0,pubkey=0; | 186 | int x509req=0,days=DEF_DAYS,modulus=0,pubkey=0; |
| 176 | int pprint = 0; | 187 | int pprint = 0; |
| 177 | char **pp; | 188 | const char **pp; |
| 178 | X509_STORE *ctx=NULL; | 189 | X509_STORE *ctx=NULL; |
| 179 | X509_REQ *rq=NULL; | 190 | X509_REQ *rq=NULL; |
| 180 | int fingerprint=0; | 191 | int fingerprint=0; |
| 181 | char buf[256]; | 192 | char buf[256]; |
| 182 | const EVP_MD *md_alg,*digest; | 193 | const EVP_MD *md_alg,*digest=EVP_sha1(); |
| 183 | CONF *extconf = NULL; | 194 | CONF *extconf = NULL; |
| 184 | char *extsect = NULL, *extfile = NULL, *passin = NULL, *passargin = NULL; | 195 | char *extsect = NULL, *extfile = NULL, *passin = NULL, *passargin = NULL; |
| 185 | int need_rand = 0; | 196 | int need_rand = 0; |
| @@ -216,13 +227,6 @@ int MAIN(int argc, char **argv) | |||
| 216 | if (ctx == NULL) goto end; | 227 | if (ctx == NULL) goto end; |
| 217 | X509_STORE_set_verify_cb_func(ctx,callb); | 228 | X509_STORE_set_verify_cb_func(ctx,callb); |
| 218 | 229 | ||
| 219 | #ifdef OPENSSL_FIPS | ||
| 220 | if (FIPS_mode()) | ||
| 221 | digest = EVP_sha1(); | ||
| 222 | else | ||
| 223 | #endif | ||
| 224 | digest = EVP_md5(); | ||
| 225 | |||
| 226 | argc--; | 230 | argc--; |
| 227 | argv++; | 231 | argv++; |
| 228 | num=0; | 232 | num=0; |
| @@ -376,6 +380,8 @@ int MAIN(int argc, char **argv) | |||
| 376 | C= ++num; | 380 | C= ++num; |
| 377 | else if (strcmp(*argv,"-email") == 0) | 381 | else if (strcmp(*argv,"-email") == 0) |
| 378 | email= ++num; | 382 | email= ++num; |
| 383 | else if (strcmp(*argv,"-ocsp_uri") == 0) | ||
| 384 | ocsp_uri= ++num; | ||
| 379 | else if (strcmp(*argv,"-serial") == 0) | 385 | else if (strcmp(*argv,"-serial") == 0) |
| 380 | serial= ++num; | 386 | serial= ++num; |
| 381 | else if (strcmp(*argv,"-next_serial") == 0) | 387 | else if (strcmp(*argv,"-next_serial") == 0) |
| @@ -388,8 +394,11 @@ int MAIN(int argc, char **argv) | |||
| 388 | x509req= ++num; | 394 | x509req= ++num; |
| 389 | else if (strcmp(*argv,"-text") == 0) | 395 | else if (strcmp(*argv,"-text") == 0) |
| 390 | text= ++num; | 396 | text= ++num; |
| 391 | else if (strcmp(*argv,"-hash") == 0) | 397 | else if (strcmp(*argv,"-hash") == 0 |
| 392 | hash= ++num; | 398 | || strcmp(*argv,"-subject_hash") == 0) |
| 399 | subject_hash= ++num; | ||
| 400 | else if (strcmp(*argv,"-issuer_hash") == 0) | ||
| 401 | issuer_hash= ++num; | ||
| 393 | else if (strcmp(*argv,"-subject") == 0) | 402 | else if (strcmp(*argv,"-subject") == 0) |
| 394 | subject= ++num; | 403 | subject= ++num; |
| 395 | else if (strcmp(*argv,"-issuer") == 0) | 404 | else if (strcmp(*argv,"-issuer") == 0) |
| @@ -704,7 +713,8 @@ bad: | |||
| 704 | else if (serial == i) | 713 | else if (serial == i) |
| 705 | { | 714 | { |
| 706 | BIO_printf(STDout,"serial="); | 715 | BIO_printf(STDout,"serial="); |
| 707 | i2a_ASN1_INTEGER(STDout,x->cert_info->serialNumber); | 716 | i2a_ASN1_INTEGER(STDout, |
| 717 | X509_get_serialNumber(x)); | ||
| 708 | BIO_printf(STDout,"\n"); | 718 | BIO_printf(STDout,"\n"); |
| 709 | } | 719 | } |
| 710 | else if (next_serial == i) | 720 | else if (next_serial == i) |
| @@ -725,11 +735,14 @@ bad: | |||
| 725 | ASN1_INTEGER_free(ser); | 735 | ASN1_INTEGER_free(ser); |
| 726 | BIO_puts(out, "\n"); | 736 | BIO_puts(out, "\n"); |
| 727 | } | 737 | } |
| 728 | else if (email == i) | 738 | else if ((email == i) || (ocsp_uri == i)) |
| 729 | { | 739 | { |
| 730 | int j; | 740 | int j; |
| 731 | STACK *emlst; | 741 | STACK *emlst; |
| 732 | emlst = X509_get1_email(x); | 742 | if (email == i) |
| 743 | emlst = X509_get1_email(x); | ||
| 744 | else | ||
| 745 | emlst = X509_get1_ocsp(x); | ||
| 733 | for (j = 0; j < sk_num(emlst); j++) | 746 | for (j = 0; j < sk_num(emlst); j++) |
| 734 | BIO_printf(STDout, "%s\n", sk_value(emlst, j)); | 747 | BIO_printf(STDout, "%s\n", sk_value(emlst, j)); |
| 735 | X509_email_free(emlst); | 748 | X509_email_free(emlst); |
| @@ -741,10 +754,14 @@ bad: | |||
| 741 | if (alstr) BIO_printf(STDout,"%s\n", alstr); | 754 | if (alstr) BIO_printf(STDout,"%s\n", alstr); |
| 742 | else BIO_puts(STDout,"<No Alias>\n"); | 755 | else BIO_puts(STDout,"<No Alias>\n"); |
| 743 | } | 756 | } |
| 744 | else if (hash == i) | 757 | else if (subject_hash == i) |
| 745 | { | 758 | { |
| 746 | BIO_printf(STDout,"%08lx\n",X509_subject_name_hash(x)); | 759 | BIO_printf(STDout,"%08lx\n",X509_subject_name_hash(x)); |
| 747 | } | 760 | } |
| 761 | else if (issuer_hash == i) | ||
| 762 | { | ||
| 763 | BIO_printf(STDout,"%08lx\n",X509_issuer_name_hash(x)); | ||
| 764 | } | ||
| 748 | else if (pprint == i) | 765 | else if (pprint == i) |
| 749 | { | 766 | { |
| 750 | X509_PURPOSE *ptmp; | 767 | X509_PURPOSE *ptmp; |
| @@ -906,6 +923,10 @@ bad: | |||
| 906 | if (Upkey->type == EVP_PKEY_DSA) | 923 | if (Upkey->type == EVP_PKEY_DSA) |
| 907 | digest=EVP_dss1(); | 924 | digest=EVP_dss1(); |
| 908 | #endif | 925 | #endif |
| 926 | #ifndef OPENSSL_NO_ECDSA | ||
| 927 | if (Upkey->type == EVP_PKEY_EC) | ||
| 928 | digest=EVP_ecdsa(); | ||
| 929 | #endif | ||
| 909 | 930 | ||
| 910 | assert(need_rand); | 931 | assert(need_rand); |
| 911 | if (!sign(x,Upkey,days,clrext,digest, | 932 | if (!sign(x,Upkey,days,clrext,digest, |
| @@ -926,6 +947,10 @@ bad: | |||
| 926 | if (CApkey->type == EVP_PKEY_DSA) | 947 | if (CApkey->type == EVP_PKEY_DSA) |
| 927 | digest=EVP_dss1(); | 948 | digest=EVP_dss1(); |
| 928 | #endif | 949 | #endif |
| 950 | #ifndef OPENSSL_NO_ECDSA | ||
| 951 | if (CApkey->type == EVP_PKEY_EC) | ||
| 952 | digest = EVP_ecdsa(); | ||
| 953 | #endif | ||
| 929 | 954 | ||
| 930 | assert(need_rand); | 955 | assert(need_rand); |
| 931 | if (!x509_certify(ctx,CAfile,digest,x,xca, | 956 | if (!x509_certify(ctx,CAfile,digest,x,xca, |
| @@ -957,6 +982,10 @@ bad: | |||
| 957 | if (pk->type == EVP_PKEY_DSA) | 982 | if (pk->type == EVP_PKEY_DSA) |
| 958 | digest=EVP_dss1(); | 983 | digest=EVP_dss1(); |
| 959 | #endif | 984 | #endif |
| 985 | #ifndef OPENSSL_NO_ECDSA | ||
| 986 | if (pk->type == EVP_PKEY_EC) | ||
| 987 | digest=EVP_ecdsa(); | ||
| 988 | #endif | ||
| 960 | 989 | ||
| 961 | rq=X509_to_X509_REQ(x,pk,digest); | 990 | rq=X509_to_X509_REQ(x,pk,digest); |
| 962 | EVP_PKEY_free(pk); | 991 | EVP_PKEY_free(pk); |
| @@ -1020,8 +1049,7 @@ bad: | |||
| 1020 | ah.data=(char *)x; | 1049 | ah.data=(char *)x; |
| 1021 | ah.meth=X509_asn1_meth(); | 1050 | ah.meth=X509_asn1_meth(); |
| 1022 | 1051 | ||
| 1023 | /* no macro for this one yet */ | 1052 | i=ASN1_i2d_bio_of(ASN1_HEADER,i2d_ASN1_HEADER,out,&ah); |
| 1024 | i=ASN1_i2d_bio(i2d_ASN1_HEADER,out,(unsigned char *)&ah); | ||
| 1025 | } | 1053 | } |
| 1026 | else { | 1054 | else { |
| 1027 | BIO_printf(bio_err,"bad output format specified for outfile\n"); | 1055 | BIO_printf(bio_err,"bad output format specified for outfile\n"); |
diff --git a/src/lib/libssl/src/config b/src/lib/libssl/src/config index c2f504f59e..dde9275b76 100644 --- a/src/lib/libssl/src/config +++ b/src/lib/libssl/src/config | |||
| @@ -54,22 +54,6 @@ SYSTEM=`(uname -s) 2>/dev/null` || SYSTEM="unknown" | |||
| 54 | VERSION=`(uname -v) 2>/dev/null` || VERSION="unknown" | 54 | VERSION=`(uname -v) 2>/dev/null` || VERSION="unknown" |
| 55 | 55 | ||
| 56 | 56 | ||
| 57 | |||
| 58 | |||
| 59 | |||
| 60 | # Check for VC++ presence first. | ||
| 61 | # | ||
| 62 | #if [ "x$MSVCDIR" != "x" -o "x$VCINSTALLDIR" != "x" ]; then | ||
| 63 | # perl Configure VC-WIN32 $* | ||
| 64 | # cmd /c ms\\do_masm.bat | ||
| 65 | # perl util/mk1mf.pl VC-WIN32-GMAKE >mak.tmp | ||
| 66 | # rm Makefile | ||
| 67 | # mv mak.tmp Makefile | ||
| 68 | # echo "Configured for VC++ using GNU make" | ||
| 69 | # exit 0 | ||
| 70 | #fi | ||
| 71 | # | ||
| 72 | |||
| 73 | # Now test for ISC and SCO, since it is has a braindamaged uname. | 57 | # Now test for ISC and SCO, since it is has a braindamaged uname. |
| 74 | # | 58 | # |
| 75 | # We need to work around FreeBSD 1.1.5.1 | 59 | # We need to work around FreeBSD 1.1.5.1 |
| @@ -98,9 +82,9 @@ if [ "x$XREL" != "x" ]; then | |||
| 98 | esac | 82 | esac |
| 99 | ;; | 83 | ;; |
| 100 | 4.2) | 84 | 4.2) |
| 101 | echo "i386-whatever-unixware1"; exit 0 | 85 | echo "whatever-whatever-unixware1"; exit 0 |
| 102 | ;; | 86 | ;; |
| 103 | 5) | 87 | 5*) |
| 104 | case "x${VERSION}" in | 88 | case "x${VERSION}" in |
| 105 | # We hardcode i586 in place of ${MACHINE} for the | 89 | # We hardcode i586 in place of ${MACHINE} for the |
| 106 | # following reason. The catch is that even though Pentium | 90 | # following reason. The catch is that even though Pentium |
| @@ -109,8 +93,7 @@ if [ "x$XREL" != "x" ]; then | |||
| 109 | # with i386 is that it makes ./config pass 386 to | 93 | # with i386 is that it makes ./config pass 386 to |
| 110 | # ./Configure, which in turn makes make generate | 94 | # ./Configure, which in turn makes make generate |
| 111 | # inefficient SHA-1 (for this moment) code. | 95 | # inefficient SHA-1 (for this moment) code. |
| 112 | x7*) echo "i586-sco-unixware7"; exit 0 ;; | 96 | x[678]*) echo "i586-sco-unixware7"; exit 0 ;; |
| 113 | x8*) echo "i586-unkn-OpenUNIX${VERSION}"; exit 0 ;; | ||
| 114 | esac | 97 | esac |
| 115 | ;; | 98 | ;; |
| 116 | esac | 99 | esac |
| @@ -354,11 +337,7 @@ case "${SYSTEM}:${RELEASE}:${VERSION}:${MACHINE}" in | |||
| 354 | ;; | 337 | ;; |
| 355 | 338 | ||
| 356 | MINGW*) | 339 | MINGW*) |
| 357 | echo "${MACHINE}-whatever-mingw"; echo 0; | 340 | echo "${MACHINE}-whatever-mingw"; exit 0; |
| 358 | # Save fipslib path so VC++ build can find it | ||
| 359 | (cd /usr/local/ssl/lib ; pwd -W ) > util/fipslib_path.txt | ||
| 360 | # Extract _chkstk.o so VC++ can use it, to avoid __alloca link error | ||
| 361 | (cd ms ; ar x `gcc -print-libgcc-file-name` _chkstk.o) | ||
| 362 | ;; | 341 | ;; |
| 363 | CYGWIN*) | 342 | CYGWIN*) |
| 364 | case "$RELEASE" in | 343 | case "$RELEASE" in |
| @@ -472,8 +451,6 @@ if [ "$SYSTEM" = "SunOS" ]; then | |||
| 472 | echo " patch #107357-01 or later applied." | 451 | echo " patch #107357-01 or later applied." |
| 473 | sleep 5 | 452 | sleep 5 |
| 474 | fi | 453 | fi |
| 475 | elif [ "$CC" = "cc" -a $CCVER -gt 0 ]; then | ||
| 476 | CC=sc3 | ||
| 477 | fi | 454 | fi |
| 478 | fi | 455 | fi |
| 479 | 456 | ||
| @@ -539,36 +516,23 @@ case "$GUESSOS" in | |||
| 539 | #fi | 516 | #fi |
| 540 | OUT="irix-mips3-$CC" | 517 | OUT="irix-mips3-$CC" |
| 541 | ;; | 518 | ;; |
| 519 | ppc-apple-rhapsody) OUT="rhapsody-ppc-cc" ;; | ||
| 520 | ppc-apple-darwin*) OUT="darwin-ppc-cc" ;; | ||
| 521 | i386-apple-darwin*) OUT="darwin-i386-cc" ;; | ||
| 542 | alpha-*-linux2) | 522 | alpha-*-linux2) |
| 543 | ISA=`awk '/cpu model/{print$4}' /proc/cpuinfo` | 523 | ISA=`awk '/cpu model/{print$4;exit(0);}' /proc/cpuinfo` |
| 544 | case ${ISA:-generic} in | 524 | case ${ISA:-generic} in |
| 545 | *[67]) OUT="linux-alpha+bwx-$CC" ;; | 525 | *[678]) OUT="linux-alpha+bwx-$CC" ;; |
| 546 | *) OUT="linux-alpha-$CC" ;; | 526 | *) OUT="linux-alpha-$CC" ;; |
| 547 | esac | 527 | esac |
| 548 | if [ "$CC" = "gcc" ]; then | 528 | if [ "$CC" = "gcc" ]; then |
| 549 | case ${ISA:-generic} in | 529 | case ${ISA:-generic} in |
| 550 | EV5|EV45) options="$options -mcpu=ev5";; | 530 | EV5|EV45) options="$options -mcpu=ev5";; |
| 551 | EV56|PCA56) options="$options -mcpu=ev56";; | 531 | EV56|PCA56) options="$options -mcpu=ev56";; |
| 552 | EV6|EV67|PCA57) options="$options -mcpu=ev6";; | 532 | *) options="$options -mcpu=ev6";; |
| 553 | esac | 533 | esac |
| 554 | fi | 534 | fi |
| 555 | ;; | 535 | ;; |
| 556 | mips-*-linux?) | ||
| 557 | cat >dummy.c <<EOF | ||
| 558 | #include <stdio.h> /* for printf() prototype */ | ||
| 559 | int main (argc, argv) int argc; char *argv[]; { | ||
| 560 | #ifdef __MIPSEB__ | ||
| 561 | printf ("linux-%s\n", argv[1]); | ||
| 562 | #endif | ||
| 563 | #ifdef __MIPSEL__ | ||
| 564 | printf ("linux-%sel\n", argv[1]); | ||
| 565 | #endif | ||
| 566 | return 0; | ||
| 567 | } | ||
| 568 | EOF | ||
| 569 | ${CC} -o dummy dummy.c && OUT=`./dummy ${MACHINE}` | ||
| 570 | rm dummy dummy.c | ||
| 571 | ;; | ||
| 572 | ppc64-*-linux2) | 536 | ppc64-*-linux2) |
| 573 | echo "WARNING! If you wish to build 64-bit library, then you have to" | 537 | echo "WARNING! If you wish to build 64-bit library, then you have to" |
| 574 | echo " invoke './Configure linux-ppc64' *manually*." | 538 | echo " invoke './Configure linux-ppc64' *manually*." |
| @@ -579,11 +543,7 @@ EOF | |||
| 579 | OUT="linux-ppc" | 543 | OUT="linux-ppc" |
| 580 | ;; | 544 | ;; |
| 581 | ppc-*-linux2) OUT="linux-ppc" ;; | 545 | ppc-*-linux2) OUT="linux-ppc" ;; |
| 582 | m68k-*-linux*) OUT="linux-m68k" ;; | ||
| 583 | ia64-*-linux?) OUT="linux-ia64" ;; | 546 | ia64-*-linux?) OUT="linux-ia64" ;; |
| 584 | ppc-apple-rhapsody) OUT="rhapsody-ppc-cc" ;; | ||
| 585 | ppc-apple-darwin*) OUT="darwin-ppc-cc" ;; | ||
| 586 | i386-apple-darwin*) OUT="darwin-i386-cc" ;; | ||
| 587 | sparc64-*-linux2) | 547 | sparc64-*-linux2) |
| 588 | echo "WARNING! If you *know* that your GNU C supports 64-bit/V9 ABI" | 548 | echo "WARNING! If you *know* that your GNU C supports 64-bit/V9 ABI" |
| 589 | echo " and wish to build 64-bit library, then you have to" | 549 | echo " and wish to build 64-bit library, then you have to" |
| @@ -594,16 +554,18 @@ EOF | |||
| 594 | fi | 554 | fi |
| 595 | OUT="linux-sparcv9" ;; | 555 | OUT="linux-sparcv9" ;; |
| 596 | sparc-*-linux2) | 556 | sparc-*-linux2) |
| 597 | KARCH=`awk '/^type/{print$3}' /proc/cpuinfo` | 557 | KARCH=`awk '/^type/{print$3;exit(0);}' /proc/cpuinfo` |
| 598 | case ${KARCH:-sun4} in | 558 | case ${KARCH:-sun4} in |
| 599 | sun4u*) OUT="linux-sparcv9" ;; | 559 | sun4u*) OUT="linux-sparcv9" ;; |
| 600 | sun4m) OUT="linux-sparcv8" ;; | 560 | sun4m) OUT="linux-sparcv8" ;; |
| 601 | sun4d) OUT="linux-sparcv8" ;; | 561 | sun4d) OUT="linux-sparcv8" ;; |
| 602 | *) OUT="linux-sparcv7" ;; | 562 | *) OUT="linux-generic32"; options="$options -DB_ENDIAN" ;; |
| 603 | esac ;; | 563 | esac ;; |
| 604 | parisc-*-linux2) | 564 | parisc*-*-linux2) |
| 605 | CPUARCH=`awk '/cpu family/{print substr($5,1,3)}' /proc/cpuinfo` | 565 | # 64-bit builds under parisc64 linux are not supported and |
| 606 | CPUSCHEDULE=`awk '/^cpu.[ ]: PA/{print substr($3,3)}' /proc/cpuinfo` | 566 | # compiler is expected to generate 32-bit objects... |
| 567 | CPUARCH=`awk '/cpu family/{print substr($5,1,3); exit(0);}' /proc/cpuinfo` | ||
| 568 | CPUSCHEDULE=`awk '/^cpu.[ ]*: PA/{print substr($3,3); exit(0);}' /proc/cpuinfo` | ||
| 607 | 569 | ||
| 608 | # ??TODO ?? Model transformations | 570 | # ??TODO ?? Model transformations |
| 609 | # 0. CPU Architecture for the 1.1 processor has letter suffixes. We strip that off | 571 | # 0. CPU Architecture for the 1.1 processor has letter suffixes. We strip that off |
| @@ -616,31 +578,34 @@ EOF | |||
| 616 | # PA8500 -> 8000 (2.0) | 578 | # PA8500 -> 8000 (2.0) |
| 617 | # PA8600 -> 8000 (2.0) | 579 | # PA8600 -> 8000 (2.0) |
| 618 | 580 | ||
| 619 | CPUSCHEDULE=`echo $CPUSCHEDULE|sed -e 's/7300LC/7100LC/' -e 's/8?00/8000/'` | 581 | CPUSCHEDULE=`echo $CPUSCHEDULE|sed -e 's/7300LC/7100LC/' -e 's/8.00/8000/'` |
| 620 | # Finish Model transformations | 582 | # Finish Model transformations |
| 621 | 583 | ||
| 622 | options="$options -mschedule=$CPUSCHEDULE -march=$CPUARCH" | 584 | options="$options -DB_ENDIAN -mschedule=$CPUSCHEDULE -march=$CPUARCH" |
| 623 | OUT="linux-parisc" ;; | 585 | OUT="linux-generic32" ;; |
| 624 | arm*b-*-linux2) OUT="linux-elf-arm"; options="$options -DB_ENDIAN" ;; | 586 | arm*b-*-linux2) OUT="linux-generic32"; options="$options -DB_ENDIAN" ;; |
| 625 | arm*l-*-linux2) OUT="linux-elf-arm"; options="$options -DL_ENDIAN" ;; | 587 | arm*l-*-linux2) OUT="linux-generic32"; options="$options -DL_ENDIAN" ;; |
| 626 | arm*-*-linux2) OUT="linux-elf-arm" ;; | 588 | sh*b-*-linux2) OUT="linux-generic32"; options="$options -DB_ENDIAN" ;; |
| 627 | s390-*-linux2) OUT="linux-s390" ;; | 589 | sh*-*-linux2) OUT="linux-generic32"; options="$options -DL_ENDIAN" ;; |
| 628 | s390x-*-linux?) OUT="linux-s390x" ;; | 590 | m68k*-*-linux2) OUT="linux-generic32"; options="$options -DB_ENDIAN" ;; |
| 591 | s390-*-linux2) OUT="linux-generic32"; options="$options -DB_ENDIAN -DNO_ASM" ;; | ||
| 592 | s390x-*-linux2) OUT="linux-generic64"; options="$options -DB_ENDIAN" ;; | ||
| 629 | x86_64-*-linux?) OUT="linux-x86_64" ;; | 593 | x86_64-*-linux?) OUT="linux-x86_64" ;; |
| 630 | *-*-linux2) OUT="linux-elf" | 594 | *86-*-linux2) OUT="linux-elf" |
| 631 | if [ "$GCCVER" -gt 28 ]; then | 595 | if [ "$GCCVER" -gt 28 ]; then |
| 632 | if grep '^model.*Pentium' /proc/cpuinfo >/dev/null ; then | 596 | if grep '^model.*Pentium' /proc/cpuinfo >/dev/null ; then |
| 633 | OUT="linux-pentium" | 597 | options="$options -march=pentium" |
| 634 | fi | 598 | fi |
| 635 | if grep '^model.*Pentium Pro' /proc/cpuinfo >/dev/null ; then | 599 | if grep '^model.*Pentium Pro' /proc/cpuinfo >/dev/null ; then |
| 636 | OUT="linux-ppro" | 600 | options="$options -march=pentiumpro" |
| 637 | fi | 601 | fi |
| 638 | if grep '^model.*K6' /proc/cpuinfo >/dev/null ; then | 602 | if grep '^model.*K6' /proc/cpuinfo >/dev/null ; then |
| 639 | OUT="linux-k6" | 603 | options="$options -march=k6" |
| 640 | fi | 604 | fi |
| 641 | fi ;; | 605 | fi ;; |
| 642 | *-*-linux1) OUT="linux-aout" ;; | 606 | *-*-linux1) OUT="linux-aout" ;; |
| 643 | sun4u*-*-solaris2) | 607 | *-*-linux2) OUT="linux-generic32" ;; |
| 608 | sun4[uv]*-*-solaris2) | ||
| 644 | OUT="solaris-sparcv9-$CC" | 609 | OUT="solaris-sparcv9-$CC" |
| 645 | ISA64=`(isalist) 2>/dev/null | grep sparcv9` | 610 | ISA64=`(isalist) 2>/dev/null | grep sparcv9` |
| 646 | if [ "$ISA64" != "" ]; then | 611 | if [ "$ISA64" != "" ]; then |
| @@ -683,48 +648,43 @@ EOF | |||
| 683 | OUT="solaris64-x86_64-$CC" | 648 | OUT="solaris64-x86_64-$CC" |
| 684 | else | 649 | else |
| 685 | OUT="solaris-x86-$CC" | 650 | OUT="solaris-x86-$CC" |
| 651 | if [ `uname -r | sed -e 's/5\.//'` -lt 10 ]; then | ||
| 652 | options="$options no-sse2" | ||
| 653 | fi | ||
| 686 | fi | 654 | fi |
| 687 | ;; | 655 | ;; |
| 688 | *-*-sunos4) OUT="sunos-$CC" ;; | 656 | *-*-sunos4) OUT="sunos-$CC" ;; |
| 689 | alpha*-*-freebsd*) OUT="FreeBSD-alpha" ;; | 657 | |
| 690 | sparc64-*-freebsd*) OUT="FreeBSD-sparc64" ;; | 658 | *86*-*-bsdi4) OUT="BSD-x86-elf"; options="$options no-sse2 -ldl" ;; |
| 691 | ia64-*-freebsd*) OUT="FreeBSD-ia64" ;; | 659 | alpha*-*-*bsd*) OUT="BSD-generic64"; options="$options -DL_ENDIAN" ;; |
| 692 | *-freebsd[3-9]*) OUT="FreeBSD-elf" ;; | 660 | powerpc64-*-*bsd*) OUT="BSD-generic64"; options="$options -DB_ENDIAN" ;; |
| 693 | *-freebsd[1-2]*) OUT="FreeBSD" ;; | 661 | sparc64-*-*bsd*) OUT="BSD-sparc64" ;; |
| 694 | *86*-*-netbsd) OUT="NetBSD-x86" ;; | 662 | ia64-*-*bsd*) OUT="BSD-ia64" ;; |
| 695 | sun3*-*-netbsd) OUT="NetBSD-m68" ;; | 663 | amd64-*-*bsd*) OUT="BSD-x86_64" ;; |
| 696 | *-*-netbsd) OUT="NetBSD-sparc" ;; | 664 | *86*-*-*bsd*) # mimic ld behaviour when it's looking for libc... |
| 697 | alpha*-*-openbsd) OUT="OpenBSD-alpha" ;; | 665 | if [ -L /usr/lib/libc.so ]; then # [Free|Net]BSD |
| 698 | *86*-*-openbsd) OUT="OpenBSD-i386" ;; | 666 | libc=/usr/lib/libc.so |
| 699 | m68k*-*-openbsd) OUT="OpenBSD-m68k" ;; | 667 | else # OpenBSD |
| 700 | m88k*-*-openbsd) OUT="OpenBSD-m88k" ;; | 668 | # ld searches for highest libc.so.* and so do we |
| 701 | mips*-*-openbsd) OUT="OpenBSD-mips" ;; | 669 | libc=`(ls /usr/lib/libc.so.* | tail -1) 2>/dev/null` |
| 702 | pmax*-*-openbsd) OUT="OpenBSD-mips" ;; | 670 | fi |
| 703 | powerpc*-*-openbsd) OUT="OpenBSD-powerpc" ;; | 671 | case "`(file -L $libc) 2>/dev/null`" in |
| 704 | sparc64*-*-openbsd) OUT="OpenBSD-sparc64" ;; | 672 | *ELF*) OUT="BSD-x86-elf" ;; |
| 705 | sparc*-*-openbsd) OUT="OpenBSD-sparc" ;; | 673 | *) OUT="BSD-x86"; options="$options no-sse2" ;; |
| 706 | vax*-*-openbsd) OUT="OpenBSD-vax" ;; | 674 | esac ;; |
| 707 | hppa*-*-openbsd) OUT="OpenBSD-hppa" ;; | 675 | *-*-*bsd*) OUT="BSD-generic32" ;; |
| 708 | *-*-openbsd) OUT="OpenBSD" ;; | 676 | |
| 709 | *86*-*-bsdi4) OUT="bsdi-elf-gcc" ;; | 677 | *-*-osf) OUT="osf1-alpha-cc" ;; |
| 710 | *-*-osf) OUT="alphaold-cc" ;; | 678 | *-*-tru64) OUT="tru64-alpha-cc" ;; |
| 711 | *-*-tru64) OUT="alpha-cc" ;; | 679 | *-*-[Uu]nix[Ww]are7) |
| 712 | *-*-OpenUNIX*) | ||
| 713 | if [ "$CC" = "gcc" ]; then | 680 | if [ "$CC" = "gcc" ]; then |
| 714 | OUT="OpenUNIX-8-gcc" | 681 | OUT="unixware-7-gcc" ; options="$options no-sse2" |
| 715 | else | 682 | else |
| 716 | OUT="OpenUNIX-8" | 683 | OUT="unixware-7" ; options="$options no-sse2 -D__i386__" |
| 717 | fi | 684 | fi |
| 718 | ;; | 685 | ;; |
| 719 | *-*-unixware7) OUT="unixware-7" ;; | 686 | *-*-[Uu]nix[Ww]are20*) OUT="unixware-2.0"; options="$options no-sse2 no-sha512" ;; |
| 720 | *-*-UnixWare7) OUT="unixware-7" ;; | 687 | *-*-[Uu]nix[Ww]are21*) OUT="unixware-2.1"; options="$options no-sse2 no-sha512" ;; |
| 721 | *-*-Unixware7) OUT="unixware-7" ;; | ||
| 722 | *-*-unixware20*) OUT="unixware-2.0" ;; | ||
| 723 | *-*-unixware21*) OUT="unixware-2.1" ;; | ||
| 724 | *-*-UnixWare20*) OUT="unixware-2.0" ;; | ||
| 725 | *-*-UnixWare21*) OUT="unixware-2.1" ;; | ||
| 726 | *-*-Unixware20*) OUT="unixware-2.0" ;; | ||
| 727 | *-*-Unixware21*) OUT="unixware-2.1" ;; | ||
| 728 | *-*-vos) | 688 | *-*-vos) |
| 729 | options="$options no-threads no-shared no-asm no-dso" | 689 | options="$options no-threads no-shared no-asm no-dso" |
| 730 | EXE=".pm" | 690 | EXE=".pm" |
| @@ -733,15 +693,8 @@ EOF | |||
| 733 | RM*-siemens-sysv4) OUT="ReliantUNIX" ;; | 693 | RM*-siemens-sysv4) OUT="ReliantUNIX" ;; |
| 734 | *-siemens-sysv4) OUT="SINIX" ;; | 694 | *-siemens-sysv4) OUT="SINIX" ;; |
| 735 | *-hpux1*) | 695 | *-hpux1*) |
| 736 | if [ $CC = "gcc" ]; | 696 | if [ $CC = "gcc" -a $GCC_BITS = "64" ]; then |
| 737 | then | ||
| 738 | if [ $GCC_BITS = "64" ]; then | ||
| 739 | OUT="hpux64-parisc2-gcc" | 697 | OUT="hpux64-parisc2-gcc" |
| 740 | else | ||
| 741 | OUT="hpux-parisc-gcc" | ||
| 742 | fi | ||
| 743 | else | ||
| 744 | OUT="hpux-parisc-$CC" | ||
| 745 | fi | 698 | fi |
| 746 | KERNEL_BITS=`(getconf KERNEL_BITS) 2>/dev/null` | 699 | KERNEL_BITS=`(getconf KERNEL_BITS) 2>/dev/null` |
| 747 | KERNEL_BITS=${KERNEL_BITS:-32} | 700 | KERNEL_BITS=${KERNEL_BITS:-32} |
| @@ -758,9 +711,7 @@ EOF | |||
| 758 | fi | 711 | fi |
| 759 | OUT="hpux64-ia64-cc" | 712 | OUT="hpux64-ia64-cc" |
| 760 | elif [ $CPU_VERSION -ge 532 ]; then # PA-RISC 2.x CPU | 713 | elif [ $CPU_VERSION -ge 532 ]; then # PA-RISC 2.x CPU |
| 761 | if [ "$CC" = "cc" ]; then | 714 | OUT=${OUT:-"hpux-parisc2-${CC}"} |
| 762 | OUT="hpux-parisc2-cc" # can't we have hpux-parisc2-gcc? | ||
| 763 | fi | ||
| 764 | if [ $KERNEL_BITS -eq 64 -a "$CC" = "cc" ]; then | 715 | if [ $KERNEL_BITS -eq 64 -a "$CC" = "cc" ]; then |
| 765 | echo "WARNING! If you wish to build 64-bit library then you have to" | 716 | echo "WARNING! If you wish to build 64-bit library then you have to" |
| 766 | echo " invoke './Configure hpux64-parisc2-cc' *manually*." | 717 | echo " invoke './Configure hpux64-parisc2-cc' *manually*." |
| @@ -770,9 +721,9 @@ EOF | |||
| 770 | fi | 721 | fi |
| 771 | fi | 722 | fi |
| 772 | elif [ $CPU_VERSION -ge 528 ]; then # PA-RISC 1.1+ CPU | 723 | elif [ $CPU_VERSION -ge 528 ]; then # PA-RISC 1.1+ CPU |
| 773 | : | 724 | OUT="hpux-parisc-${CC}" |
| 774 | elif [ $CPU_VERSION -ge 523 ]; then # PA-RISC 1.0 CPU | 725 | elif [ $CPU_VERSION -ge 523 ]; then # PA-RISC 1.0 CPU |
| 775 | : | 726 | OUT="hpux-parisc-${CC}" |
| 776 | else # Motorola(?) CPU | 727 | else # Motorola(?) CPU |
| 777 | OUT="hpux-$CC" | 728 | OUT="hpux-$CC" |
| 778 | fi | 729 | fi |
| @@ -798,6 +749,11 @@ EOF | |||
| 798 | fi | 749 | fi |
| 799 | fi | 750 | fi |
| 800 | fi | 751 | fi |
| 752 | if (lsattr -E -O -l `lsdev -c processor|awk '{print$1;exit}'` | grep -i powerpc) >/dev/null 2>&1; then | ||
| 753 | : # this applies even to Power3 and later, as they return PowerPC_POWER[345] | ||
| 754 | else | ||
| 755 | options="$options no-asm" | ||
| 756 | fi | ||
| 801 | ;; | 757 | ;; |
| 802 | # these are all covered by the catchall below | 758 | # these are all covered by the catchall below |
| 803 | # *-dgux) OUT="dgux" ;; | 759 | # *-dgux) OUT="dgux" ;; |
| @@ -822,12 +778,13 @@ esac | |||
| 822 | # options="$options -DATALLA" | 778 | # options="$options -DATALLA" |
| 823 | #fi | 779 | #fi |
| 824 | 780 | ||
| 825 | # gcc < 2.8 does not support -mcpu=ultrasparc | 781 | # gcc < 2.8 does not support -march=ultrasparc |
| 826 | if [ "$OUT" = solaris-sparcv9-gcc -a $GCCVER -lt 28 ] | 782 | if [ "$OUT" = solaris-sparcv9-gcc -a $GCCVER -lt 28 ] |
| 827 | then | 783 | then |
| 828 | echo "WARNING! Do consider upgrading to gcc-2.8 or later." | 784 | echo "WARNING! Falling down to 'solaris-sparcv8-gcc'." |
| 785 | echo " Upgrade to gcc-2.8 or later." | ||
| 829 | sleep 5 | 786 | sleep 5 |
| 830 | OUT=solaris-sparcv9-gcc27 | 787 | OUT=solaris-sparcv8-gcc |
| 831 | fi | 788 | fi |
| 832 | if [ "$OUT" = "linux-sparcv9" -a $GCCVER -lt 28 ] | 789 | if [ "$OUT" = "linux-sparcv9" -a $GCCVER -lt 28 ] |
| 833 | then | 790 | then |
| @@ -841,7 +798,7 @@ case "$GUESSOS" in | |||
| 841 | i386-*) options="$options 386" ;; | 798 | i386-*) options="$options 386" ;; |
| 842 | esac | 799 | esac |
| 843 | 800 | ||
| 844 | for i in bf cast des dh dsa ec hmac idea md2 md5 mdc2 rc2 rc4 rc5 aes ripemd rsa sha | 801 | for i in aes bf camellia cast des dh dsa ec hmac idea md2 md5 mdc2 rc2 rc4 rc5 ripemd rsa seed sha |
| 845 | do | 802 | do |
| 846 | if [ ! -d crypto/$i ] | 803 | if [ ! -d crypto/$i ] |
| 847 | then | 804 | then |
diff --git a/src/lib/libssl/src/crypto/aes/aes.h b/src/lib/libssl/src/crypto/aes/aes.h index 8a3ea0b883..baf0222d49 100644 --- a/src/lib/libssl/src/crypto/aes/aes.h +++ b/src/lib/libssl/src/crypto/aes/aes.h | |||
| @@ -52,7 +52,7 @@ | |||
| 52 | #ifndef HEADER_AES_H | 52 | #ifndef HEADER_AES_H |
| 53 | #define HEADER_AES_H | 53 | #define HEADER_AES_H |
| 54 | 54 | ||
| 55 | #include <openssl/e_os2.h> | 55 | #include <openssl/opensslconf.h> |
| 56 | 56 | ||
| 57 | #ifdef OPENSSL_NO_AES | 57 | #ifdef OPENSSL_NO_AES |
| 58 | #error AES is disabled. | 58 | #error AES is disabled. |
| @@ -66,17 +66,17 @@ | |||
| 66 | #define AES_MAXNR 14 | 66 | #define AES_MAXNR 14 |
| 67 | #define AES_BLOCK_SIZE 16 | 67 | #define AES_BLOCK_SIZE 16 |
| 68 | 68 | ||
| 69 | #if defined(OPENSSL_FIPS) | ||
| 70 | #define FIPS_AES_SIZE_T int | ||
| 71 | #endif | ||
| 72 | |||
| 73 | #ifdef __cplusplus | 69 | #ifdef __cplusplus |
| 74 | extern "C" { | 70 | extern "C" { |
| 75 | #endif | 71 | #endif |
| 76 | 72 | ||
| 77 | /* This should be a hidden type, but EVP requires that the size be known */ | 73 | /* This should be a hidden type, but EVP requires that the size be known */ |
| 78 | struct aes_key_st { | 74 | struct aes_key_st { |
| 75 | #ifdef AES_LONG | ||
| 79 | unsigned long rd_key[4 *(AES_MAXNR + 1)]; | 76 | unsigned long rd_key[4 *(AES_MAXNR + 1)]; |
| 77 | #else | ||
| 78 | unsigned int rd_key[4 *(AES_MAXNR + 1)]; | ||
| 79 | #endif | ||
| 80 | int rounds; | 80 | int rounds; |
| 81 | }; | 81 | }; |
| 82 | typedef struct aes_key_st AES_KEY; | 82 | typedef struct aes_key_st AES_KEY; |
| @@ -119,6 +119,23 @@ void AES_ctr128_encrypt(const unsigned char *in, unsigned char *out, | |||
| 119 | unsigned char ecount_buf[AES_BLOCK_SIZE], | 119 | unsigned char ecount_buf[AES_BLOCK_SIZE], |
| 120 | unsigned int *num); | 120 | unsigned int *num); |
| 121 | 121 | ||
| 122 | /* For IGE, see also http://www.links.org/files/openssl-ige.pdf */ | ||
| 123 | /* NB: the IV is _two_ blocks long */ | ||
| 124 | void AES_ige_encrypt(const unsigned char *in, unsigned char *out, | ||
| 125 | const unsigned long length, const AES_KEY *key, | ||
| 126 | unsigned char *ivec, const int enc); | ||
| 127 | /* NB: the IV is _four_ blocks long */ | ||
| 128 | void AES_bi_ige_encrypt(const unsigned char *in, unsigned char *out, | ||
| 129 | const unsigned long length, const AES_KEY *key, | ||
| 130 | const AES_KEY *key2, const unsigned char *ivec, | ||
| 131 | const int enc); | ||
| 132 | |||
| 133 | int AES_wrap_key(AES_KEY *key, const unsigned char *iv, | ||
| 134 | unsigned char *out, | ||
| 135 | const unsigned char *in, unsigned int inlen); | ||
| 136 | int AES_unwrap_key(AES_KEY *key, const unsigned char *iv, | ||
| 137 | unsigned char *out, | ||
| 138 | const unsigned char *in, unsigned int inlen); | ||
| 122 | 139 | ||
| 123 | #ifdef __cplusplus | 140 | #ifdef __cplusplus |
| 124 | } | 141 | } |
diff --git a/src/lib/libssl/src/crypto/aes/aes_cbc.c b/src/lib/libssl/src/crypto/aes/aes_cbc.c index 373864cd4b..d2ba6bcdb4 100644 --- a/src/lib/libssl/src/crypto/aes/aes_cbc.c +++ b/src/lib/libssl/src/crypto/aes/aes_cbc.c | |||
| @@ -59,7 +59,6 @@ | |||
| 59 | #include <openssl/aes.h> | 59 | #include <openssl/aes.h> |
| 60 | #include "aes_locl.h" | 60 | #include "aes_locl.h" |
| 61 | 61 | ||
| 62 | #if !defined(OPENSSL_FIPS_AES_ASM) | ||
| 63 | void AES_cbc_encrypt(const unsigned char *in, unsigned char *out, | 62 | void AES_cbc_encrypt(const unsigned char *in, unsigned char *out, |
| 64 | const unsigned long length, const AES_KEY *key, | 63 | const unsigned long length, const AES_KEY *key, |
| 65 | unsigned char *ivec, const int enc) { | 64 | unsigned char *ivec, const int enc) { |
| @@ -130,4 +129,3 @@ void AES_cbc_encrypt(const unsigned char *in, unsigned char *out, | |||
| 130 | } | 129 | } |
| 131 | } | 130 | } |
| 132 | } | 131 | } |
| 133 | #endif | ||
diff --git a/src/lib/libssl/src/crypto/aes/aes_core.c b/src/lib/libssl/src/crypto/aes/aes_core.c index ed566a8123..3a80e18b0a 100644 --- a/src/lib/libssl/src/crypto/aes/aes_core.c +++ b/src/lib/libssl/src/crypto/aes/aes_core.c | |||
| @@ -37,23 +37,19 @@ | |||
| 37 | 37 | ||
| 38 | #include <stdlib.h> | 38 | #include <stdlib.h> |
| 39 | #include <openssl/aes.h> | 39 | #include <openssl/aes.h> |
| 40 | #include <openssl/fips.h> | ||
| 41 | #include "aes_locl.h" | 40 | #include "aes_locl.h" |
| 42 | 41 | ||
| 43 | #ifndef OPENSSL_FIPS | ||
| 44 | |||
| 45 | /* | 42 | /* |
| 46 | Te0[x] = S [x].[02, 01, 01, 03]; | 43 | Te0[x] = S [x].[02, 01, 01, 03]; |
| 47 | Te1[x] = S [x].[03, 02, 01, 01]; | 44 | Te1[x] = S [x].[03, 02, 01, 01]; |
| 48 | Te2[x] = S [x].[01, 03, 02, 01]; | 45 | Te2[x] = S [x].[01, 03, 02, 01]; |
| 49 | Te3[x] = S [x].[01, 01, 03, 02]; | 46 | Te3[x] = S [x].[01, 01, 03, 02]; |
| 50 | Te4[x] = S [x].[01, 01, 01, 01]; | ||
| 51 | 47 | ||
| 52 | Td0[x] = Si[x].[0e, 09, 0d, 0b]; | 48 | Td0[x] = Si[x].[0e, 09, 0d, 0b]; |
| 53 | Td1[x] = Si[x].[0b, 0e, 09, 0d]; | 49 | Td1[x] = Si[x].[0b, 0e, 09, 0d]; |
| 54 | Td2[x] = Si[x].[0d, 0b, 0e, 09]; | 50 | Td2[x] = Si[x].[0d, 0b, 0e, 09]; |
| 55 | Td3[x] = Si[x].[09, 0d, 0b, 0e]; | 51 | Td3[x] = Si[x].[09, 0d, 0b, 0e]; |
| 56 | Td4[x] = Si[x].[01, 01, 01, 01]; | 52 | Td4[x] = Si[x].[01]; |
| 57 | */ | 53 | */ |
| 58 | 54 | ||
| 59 | static const u32 Te0[256] = { | 55 | static const u32 Te0[256] = { |
| @@ -255,7 +251,6 @@ static const u32 Te2[256] = { | |||
| 255 | 0xb0cb7bb0U, 0x54fca854U, 0xbbd66dbbU, 0x163a2c16U, | 251 | 0xb0cb7bb0U, 0x54fca854U, 0xbbd66dbbU, 0x163a2c16U, |
| 256 | }; | 252 | }; |
| 257 | static const u32 Te3[256] = { | 253 | static const u32 Te3[256] = { |
| 258 | |||
| 259 | 0x6363a5c6U, 0x7c7c84f8U, 0x777799eeU, 0x7b7b8df6U, | 254 | 0x6363a5c6U, 0x7c7c84f8U, 0x777799eeU, 0x7b7b8df6U, |
| 260 | 0xf2f20dffU, 0x6b6bbdd6U, 0x6f6fb1deU, 0xc5c55491U, | 255 | 0xf2f20dffU, 0x6b6bbdd6U, 0x6f6fb1deU, 0xc5c55491U, |
| 261 | 0x30305060U, 0x01010302U, 0x6767a9ceU, 0x2b2b7d56U, | 256 | 0x30305060U, 0x01010302U, 0x6767a9ceU, 0x2b2b7d56U, |
| @@ -321,72 +316,7 @@ static const u32 Te3[256] = { | |||
| 321 | 0x4141c382U, 0x9999b029U, 0x2d2d775aU, 0x0f0f111eU, | 316 | 0x4141c382U, 0x9999b029U, 0x2d2d775aU, 0x0f0f111eU, |
| 322 | 0xb0b0cb7bU, 0x5454fca8U, 0xbbbbd66dU, 0x16163a2cU, | 317 | 0xb0b0cb7bU, 0x5454fca8U, 0xbbbbd66dU, 0x16163a2cU, |
| 323 | }; | 318 | }; |
| 324 | static const u32 Te4[256] = { | 319 | |
| 325 | 0x63636363U, 0x7c7c7c7cU, 0x77777777U, 0x7b7b7b7bU, | ||
| 326 | 0xf2f2f2f2U, 0x6b6b6b6bU, 0x6f6f6f6fU, 0xc5c5c5c5U, | ||
| 327 | 0x30303030U, 0x01010101U, 0x67676767U, 0x2b2b2b2bU, | ||
| 328 | 0xfefefefeU, 0xd7d7d7d7U, 0xababababU, 0x76767676U, | ||
| 329 | 0xcacacacaU, 0x82828282U, 0xc9c9c9c9U, 0x7d7d7d7dU, | ||
| 330 | 0xfafafafaU, 0x59595959U, 0x47474747U, 0xf0f0f0f0U, | ||
| 331 | 0xadadadadU, 0xd4d4d4d4U, 0xa2a2a2a2U, 0xafafafafU, | ||
| 332 | 0x9c9c9c9cU, 0xa4a4a4a4U, 0x72727272U, 0xc0c0c0c0U, | ||
| 333 | 0xb7b7b7b7U, 0xfdfdfdfdU, 0x93939393U, 0x26262626U, | ||
| 334 | 0x36363636U, 0x3f3f3f3fU, 0xf7f7f7f7U, 0xccccccccU, | ||
| 335 | 0x34343434U, 0xa5a5a5a5U, 0xe5e5e5e5U, 0xf1f1f1f1U, | ||
| 336 | 0x71717171U, 0xd8d8d8d8U, 0x31313131U, 0x15151515U, | ||
| 337 | 0x04040404U, 0xc7c7c7c7U, 0x23232323U, 0xc3c3c3c3U, | ||
| 338 | 0x18181818U, 0x96969696U, 0x05050505U, 0x9a9a9a9aU, | ||
| 339 | 0x07070707U, 0x12121212U, 0x80808080U, 0xe2e2e2e2U, | ||
| 340 | 0xebebebebU, 0x27272727U, 0xb2b2b2b2U, 0x75757575U, | ||
| 341 | 0x09090909U, 0x83838383U, 0x2c2c2c2cU, 0x1a1a1a1aU, | ||
| 342 | 0x1b1b1b1bU, 0x6e6e6e6eU, 0x5a5a5a5aU, 0xa0a0a0a0U, | ||
| 343 | 0x52525252U, 0x3b3b3b3bU, 0xd6d6d6d6U, 0xb3b3b3b3U, | ||
| 344 | 0x29292929U, 0xe3e3e3e3U, 0x2f2f2f2fU, 0x84848484U, | ||
| 345 | 0x53535353U, 0xd1d1d1d1U, 0x00000000U, 0xededededU, | ||
| 346 | 0x20202020U, 0xfcfcfcfcU, 0xb1b1b1b1U, 0x5b5b5b5bU, | ||
| 347 | 0x6a6a6a6aU, 0xcbcbcbcbU, 0xbebebebeU, 0x39393939U, | ||
| 348 | 0x4a4a4a4aU, 0x4c4c4c4cU, 0x58585858U, 0xcfcfcfcfU, | ||
| 349 | 0xd0d0d0d0U, 0xefefefefU, 0xaaaaaaaaU, 0xfbfbfbfbU, | ||
| 350 | 0x43434343U, 0x4d4d4d4dU, 0x33333333U, 0x85858585U, | ||
| 351 | 0x45454545U, 0xf9f9f9f9U, 0x02020202U, 0x7f7f7f7fU, | ||
| 352 | 0x50505050U, 0x3c3c3c3cU, 0x9f9f9f9fU, 0xa8a8a8a8U, | ||
| 353 | 0x51515151U, 0xa3a3a3a3U, 0x40404040U, 0x8f8f8f8fU, | ||
| 354 | 0x92929292U, 0x9d9d9d9dU, 0x38383838U, 0xf5f5f5f5U, | ||
| 355 | 0xbcbcbcbcU, 0xb6b6b6b6U, 0xdadadadaU, 0x21212121U, | ||
| 356 | 0x10101010U, 0xffffffffU, 0xf3f3f3f3U, 0xd2d2d2d2U, | ||
| 357 | 0xcdcdcdcdU, 0x0c0c0c0cU, 0x13131313U, 0xececececU, | ||
| 358 | 0x5f5f5f5fU, 0x97979797U, 0x44444444U, 0x17171717U, | ||
| 359 | 0xc4c4c4c4U, 0xa7a7a7a7U, 0x7e7e7e7eU, 0x3d3d3d3dU, | ||
| 360 | 0x64646464U, 0x5d5d5d5dU, 0x19191919U, 0x73737373U, | ||
| 361 | 0x60606060U, 0x81818181U, 0x4f4f4f4fU, 0xdcdcdcdcU, | ||
| 362 | 0x22222222U, 0x2a2a2a2aU, 0x90909090U, 0x88888888U, | ||
| 363 | 0x46464646U, 0xeeeeeeeeU, 0xb8b8b8b8U, 0x14141414U, | ||
| 364 | 0xdedededeU, 0x5e5e5e5eU, 0x0b0b0b0bU, 0xdbdbdbdbU, | ||
| 365 | 0xe0e0e0e0U, 0x32323232U, 0x3a3a3a3aU, 0x0a0a0a0aU, | ||
| 366 | 0x49494949U, 0x06060606U, 0x24242424U, 0x5c5c5c5cU, | ||
| 367 | 0xc2c2c2c2U, 0xd3d3d3d3U, 0xacacacacU, 0x62626262U, | ||
| 368 | 0x91919191U, 0x95959595U, 0xe4e4e4e4U, 0x79797979U, | ||
| 369 | 0xe7e7e7e7U, 0xc8c8c8c8U, 0x37373737U, 0x6d6d6d6dU, | ||
| 370 | 0x8d8d8d8dU, 0xd5d5d5d5U, 0x4e4e4e4eU, 0xa9a9a9a9U, | ||
| 371 | 0x6c6c6c6cU, 0x56565656U, 0xf4f4f4f4U, 0xeaeaeaeaU, | ||
| 372 | 0x65656565U, 0x7a7a7a7aU, 0xaeaeaeaeU, 0x08080808U, | ||
| 373 | 0xbabababaU, 0x78787878U, 0x25252525U, 0x2e2e2e2eU, | ||
| 374 | 0x1c1c1c1cU, 0xa6a6a6a6U, 0xb4b4b4b4U, 0xc6c6c6c6U, | ||
| 375 | 0xe8e8e8e8U, 0xddddddddU, 0x74747474U, 0x1f1f1f1fU, | ||
| 376 | 0x4b4b4b4bU, 0xbdbdbdbdU, 0x8b8b8b8bU, 0x8a8a8a8aU, | ||
| 377 | 0x70707070U, 0x3e3e3e3eU, 0xb5b5b5b5U, 0x66666666U, | ||
| 378 | 0x48484848U, 0x03030303U, 0xf6f6f6f6U, 0x0e0e0e0eU, | ||
| 379 | 0x61616161U, 0x35353535U, 0x57575757U, 0xb9b9b9b9U, | ||
| 380 | 0x86868686U, 0xc1c1c1c1U, 0x1d1d1d1dU, 0x9e9e9e9eU, | ||
| 381 | 0xe1e1e1e1U, 0xf8f8f8f8U, 0x98989898U, 0x11111111U, | ||
| 382 | 0x69696969U, 0xd9d9d9d9U, 0x8e8e8e8eU, 0x94949494U, | ||
| 383 | 0x9b9b9b9bU, 0x1e1e1e1eU, 0x87878787U, 0xe9e9e9e9U, | ||
| 384 | 0xcecececeU, 0x55555555U, 0x28282828U, 0xdfdfdfdfU, | ||
| 385 | 0x8c8c8c8cU, 0xa1a1a1a1U, 0x89898989U, 0x0d0d0d0dU, | ||
| 386 | 0xbfbfbfbfU, 0xe6e6e6e6U, 0x42424242U, 0x68686868U, | ||
| 387 | 0x41414141U, 0x99999999U, 0x2d2d2d2dU, 0x0f0f0f0fU, | ||
| 388 | 0xb0b0b0b0U, 0x54545454U, 0xbbbbbbbbU, 0x16161616U, | ||
| 389 | }; | ||
| 390 | static const u32 Td0[256] = { | 320 | static const u32 Td0[256] = { |
| 391 | 0x51f4a750U, 0x7e416553U, 0x1a17a4c3U, 0x3a275e96U, | 321 | 0x51f4a750U, 0x7e416553U, 0x1a17a4c3U, 0x3a275e96U, |
| 392 | 0x3bab6bcbU, 0x1f9d45f1U, 0xacfa58abU, 0x4be30393U, | 322 | 0x3bab6bcbU, 0x1f9d45f1U, 0xacfa58abU, 0x4be30393U, |
| @@ -540,7 +470,6 @@ static const u32 Td2[256] = { | |||
| 540 | 0xf4cd65daU, 0xbed50605U, 0x621fd134U, 0xfe8ac4a6U, | 470 | 0xf4cd65daU, 0xbed50605U, 0x621fd134U, 0xfe8ac4a6U, |
| 541 | 0x539d342eU, 0x55a0a2f3U, 0xe132058aU, 0xeb75a4f6U, | 471 | 0x539d342eU, 0x55a0a2f3U, 0xe132058aU, 0xeb75a4f6U, |
| 542 | 0xec390b83U, 0xefaa4060U, 0x9f065e71U, 0x1051bd6eU, | 472 | 0xec390b83U, 0xefaa4060U, 0x9f065e71U, 0x1051bd6eU, |
| 543 | |||
| 544 | 0x8af93e21U, 0x063d96ddU, 0x05aedd3eU, 0xbd464de6U, | 473 | 0x8af93e21U, 0x063d96ddU, 0x05aedd3eU, 0xbd464de6U, |
| 545 | 0x8db59154U, 0x5d0571c4U, 0xd46f0406U, 0x15ff6050U, | 474 | 0x8db59154U, 0x5d0571c4U, 0xd46f0406U, 0x15ff6050U, |
| 546 | 0xfb241998U, 0xe997d6bdU, 0x43cc8940U, 0x9e7767d9U, | 475 | 0xfb241998U, 0xe997d6bdU, 0x43cc8940U, 0x9e7767d9U, |
| @@ -652,71 +581,39 @@ static const u32 Td3[256] = { | |||
| 652 | 0xa8017139U, 0x0cb3de08U, 0xb4e49cd8U, 0x56c19064U, | 581 | 0xa8017139U, 0x0cb3de08U, 0xb4e49cd8U, 0x56c19064U, |
| 653 | 0xcb84617bU, 0x32b670d5U, 0x6c5c7448U, 0xb85742d0U, | 582 | 0xcb84617bU, 0x32b670d5U, 0x6c5c7448U, 0xb85742d0U, |
| 654 | }; | 583 | }; |
| 655 | static const u32 Td4[256] = { | 584 | static const u8 Td4[256] = { |
| 656 | 0x52525252U, 0x09090909U, 0x6a6a6a6aU, 0xd5d5d5d5U, | 585 | 0x52U, 0x09U, 0x6aU, 0xd5U, 0x30U, 0x36U, 0xa5U, 0x38U, |
| 657 | 0x30303030U, 0x36363636U, 0xa5a5a5a5U, 0x38383838U, | 586 | 0xbfU, 0x40U, 0xa3U, 0x9eU, 0x81U, 0xf3U, 0xd7U, 0xfbU, |
| 658 | 0xbfbfbfbfU, 0x40404040U, 0xa3a3a3a3U, 0x9e9e9e9eU, | 587 | 0x7cU, 0xe3U, 0x39U, 0x82U, 0x9bU, 0x2fU, 0xffU, 0x87U, |
| 659 | 0x81818181U, 0xf3f3f3f3U, 0xd7d7d7d7U, 0xfbfbfbfbU, | 588 | 0x34U, 0x8eU, 0x43U, 0x44U, 0xc4U, 0xdeU, 0xe9U, 0xcbU, |
| 660 | 0x7c7c7c7cU, 0xe3e3e3e3U, 0x39393939U, 0x82828282U, | 589 | 0x54U, 0x7bU, 0x94U, 0x32U, 0xa6U, 0xc2U, 0x23U, 0x3dU, |
| 661 | 0x9b9b9b9bU, 0x2f2f2f2fU, 0xffffffffU, 0x87878787U, | 590 | 0xeeU, 0x4cU, 0x95U, 0x0bU, 0x42U, 0xfaU, 0xc3U, 0x4eU, |
| 662 | 0x34343434U, 0x8e8e8e8eU, 0x43434343U, 0x44444444U, | 591 | 0x08U, 0x2eU, 0xa1U, 0x66U, 0x28U, 0xd9U, 0x24U, 0xb2U, |
| 663 | 0xc4c4c4c4U, 0xdedededeU, 0xe9e9e9e9U, 0xcbcbcbcbU, | 592 | 0x76U, 0x5bU, 0xa2U, 0x49U, 0x6dU, 0x8bU, 0xd1U, 0x25U, |
| 664 | 0x54545454U, 0x7b7b7b7bU, 0x94949494U, 0x32323232U, | 593 | 0x72U, 0xf8U, 0xf6U, 0x64U, 0x86U, 0x68U, 0x98U, 0x16U, |
| 665 | 0xa6a6a6a6U, 0xc2c2c2c2U, 0x23232323U, 0x3d3d3d3dU, | 594 | 0xd4U, 0xa4U, 0x5cU, 0xccU, 0x5dU, 0x65U, 0xb6U, 0x92U, |
| 666 | 0xeeeeeeeeU, 0x4c4c4c4cU, 0x95959595U, 0x0b0b0b0bU, | 595 | 0x6cU, 0x70U, 0x48U, 0x50U, 0xfdU, 0xedU, 0xb9U, 0xdaU, |
| 667 | 0x42424242U, 0xfafafafaU, 0xc3c3c3c3U, 0x4e4e4e4eU, | 596 | 0x5eU, 0x15U, 0x46U, 0x57U, 0xa7U, 0x8dU, 0x9dU, 0x84U, |
| 668 | 0x08080808U, 0x2e2e2e2eU, 0xa1a1a1a1U, 0x66666666U, | 597 | 0x90U, 0xd8U, 0xabU, 0x00U, 0x8cU, 0xbcU, 0xd3U, 0x0aU, |
| 669 | 0x28282828U, 0xd9d9d9d9U, 0x24242424U, 0xb2b2b2b2U, | 598 | 0xf7U, 0xe4U, 0x58U, 0x05U, 0xb8U, 0xb3U, 0x45U, 0x06U, |
| 670 | 0x76767676U, 0x5b5b5b5bU, 0xa2a2a2a2U, 0x49494949U, | 599 | 0xd0U, 0x2cU, 0x1eU, 0x8fU, 0xcaU, 0x3fU, 0x0fU, 0x02U, |
| 671 | 0x6d6d6d6dU, 0x8b8b8b8bU, 0xd1d1d1d1U, 0x25252525U, | 600 | 0xc1U, 0xafU, 0xbdU, 0x03U, 0x01U, 0x13U, 0x8aU, 0x6bU, |
| 672 | 0x72727272U, 0xf8f8f8f8U, 0xf6f6f6f6U, 0x64646464U, | 601 | 0x3aU, 0x91U, 0x11U, 0x41U, 0x4fU, 0x67U, 0xdcU, 0xeaU, |
| 673 | 0x86868686U, 0x68686868U, 0x98989898U, 0x16161616U, | 602 | 0x97U, 0xf2U, 0xcfU, 0xceU, 0xf0U, 0xb4U, 0xe6U, 0x73U, |
| 674 | 0xd4d4d4d4U, 0xa4a4a4a4U, 0x5c5c5c5cU, 0xccccccccU, | 603 | 0x96U, 0xacU, 0x74U, 0x22U, 0xe7U, 0xadU, 0x35U, 0x85U, |
| 675 | 0x5d5d5d5dU, 0x65656565U, 0xb6b6b6b6U, 0x92929292U, | 604 | 0xe2U, 0xf9U, 0x37U, 0xe8U, 0x1cU, 0x75U, 0xdfU, 0x6eU, |
| 676 | 0x6c6c6c6cU, 0x70707070U, 0x48484848U, 0x50505050U, | 605 | 0x47U, 0xf1U, 0x1aU, 0x71U, 0x1dU, 0x29U, 0xc5U, 0x89U, |
| 677 | 0xfdfdfdfdU, 0xededededU, 0xb9b9b9b9U, 0xdadadadaU, | 606 | 0x6fU, 0xb7U, 0x62U, 0x0eU, 0xaaU, 0x18U, 0xbeU, 0x1bU, |
| 678 | 0x5e5e5e5eU, 0x15151515U, 0x46464646U, 0x57575757U, | 607 | 0xfcU, 0x56U, 0x3eU, 0x4bU, 0xc6U, 0xd2U, 0x79U, 0x20U, |
| 679 | 0xa7a7a7a7U, 0x8d8d8d8dU, 0x9d9d9d9dU, 0x84848484U, | 608 | 0x9aU, 0xdbU, 0xc0U, 0xfeU, 0x78U, 0xcdU, 0x5aU, 0xf4U, |
| 680 | 0x90909090U, 0xd8d8d8d8U, 0xababababU, 0x00000000U, | 609 | 0x1fU, 0xddU, 0xa8U, 0x33U, 0x88U, 0x07U, 0xc7U, 0x31U, |
| 681 | 0x8c8c8c8cU, 0xbcbcbcbcU, 0xd3d3d3d3U, 0x0a0a0a0aU, | 610 | 0xb1U, 0x12U, 0x10U, 0x59U, 0x27U, 0x80U, 0xecU, 0x5fU, |
| 682 | 0xf7f7f7f7U, 0xe4e4e4e4U, 0x58585858U, 0x05050505U, | 611 | 0x60U, 0x51U, 0x7fU, 0xa9U, 0x19U, 0xb5U, 0x4aU, 0x0dU, |
| 683 | 0xb8b8b8b8U, 0xb3b3b3b3U, 0x45454545U, 0x06060606U, | 612 | 0x2dU, 0xe5U, 0x7aU, 0x9fU, 0x93U, 0xc9U, 0x9cU, 0xefU, |
| 684 | 0xd0d0d0d0U, 0x2c2c2c2cU, 0x1e1e1e1eU, 0x8f8f8f8fU, | 613 | 0xa0U, 0xe0U, 0x3bU, 0x4dU, 0xaeU, 0x2aU, 0xf5U, 0xb0U, |
| 685 | 0xcacacacaU, 0x3f3f3f3fU, 0x0f0f0f0fU, 0x02020202U, | 614 | 0xc8U, 0xebU, 0xbbU, 0x3cU, 0x83U, 0x53U, 0x99U, 0x61U, |
| 686 | 0xc1c1c1c1U, 0xafafafafU, 0xbdbdbdbdU, 0x03030303U, | 615 | 0x17U, 0x2bU, 0x04U, 0x7eU, 0xbaU, 0x77U, 0xd6U, 0x26U, |
| 687 | 0x01010101U, 0x13131313U, 0x8a8a8a8aU, 0x6b6b6b6bU, | 616 | 0xe1U, 0x69U, 0x14U, 0x63U, 0x55U, 0x21U, 0x0cU, 0x7dU, |
| 688 | 0x3a3a3a3aU, 0x91919191U, 0x11111111U, 0x41414141U, | ||
| 689 | 0x4f4f4f4fU, 0x67676767U, 0xdcdcdcdcU, 0xeaeaeaeaU, | ||
| 690 | 0x97979797U, 0xf2f2f2f2U, 0xcfcfcfcfU, 0xcecececeU, | ||
| 691 | 0xf0f0f0f0U, 0xb4b4b4b4U, 0xe6e6e6e6U, 0x73737373U, | ||
| 692 | 0x96969696U, 0xacacacacU, 0x74747474U, 0x22222222U, | ||
| 693 | 0xe7e7e7e7U, 0xadadadadU, 0x35353535U, 0x85858585U, | ||
| 694 | 0xe2e2e2e2U, 0xf9f9f9f9U, 0x37373737U, 0xe8e8e8e8U, | ||
| 695 | 0x1c1c1c1cU, 0x75757575U, 0xdfdfdfdfU, 0x6e6e6e6eU, | ||
| 696 | 0x47474747U, 0xf1f1f1f1U, 0x1a1a1a1aU, 0x71717171U, | ||
| 697 | 0x1d1d1d1dU, 0x29292929U, 0xc5c5c5c5U, 0x89898989U, | ||
| 698 | 0x6f6f6f6fU, 0xb7b7b7b7U, 0x62626262U, 0x0e0e0e0eU, | ||
| 699 | 0xaaaaaaaaU, 0x18181818U, 0xbebebebeU, 0x1b1b1b1bU, | ||
| 700 | 0xfcfcfcfcU, 0x56565656U, 0x3e3e3e3eU, 0x4b4b4b4bU, | ||
| 701 | 0xc6c6c6c6U, 0xd2d2d2d2U, 0x79797979U, 0x20202020U, | ||
| 702 | 0x9a9a9a9aU, 0xdbdbdbdbU, 0xc0c0c0c0U, 0xfefefefeU, | ||
| 703 | 0x78787878U, 0xcdcdcdcdU, 0x5a5a5a5aU, 0xf4f4f4f4U, | ||
| 704 | 0x1f1f1f1fU, 0xddddddddU, 0xa8a8a8a8U, 0x33333333U, | ||
| 705 | 0x88888888U, 0x07070707U, 0xc7c7c7c7U, 0x31313131U, | ||
| 706 | 0xb1b1b1b1U, 0x12121212U, 0x10101010U, 0x59595959U, | ||
| 707 | 0x27272727U, 0x80808080U, 0xececececU, 0x5f5f5f5fU, | ||
| 708 | 0x60606060U, 0x51515151U, 0x7f7f7f7fU, 0xa9a9a9a9U, | ||
| 709 | 0x19191919U, 0xb5b5b5b5U, 0x4a4a4a4aU, 0x0d0d0d0dU, | ||
| 710 | 0x2d2d2d2dU, 0xe5e5e5e5U, 0x7a7a7a7aU, 0x9f9f9f9fU, | ||
| 711 | 0x93939393U, 0xc9c9c9c9U, 0x9c9c9c9cU, 0xefefefefU, | ||
| 712 | 0xa0a0a0a0U, 0xe0e0e0e0U, 0x3b3b3b3bU, 0x4d4d4d4dU, | ||
| 713 | 0xaeaeaeaeU, 0x2a2a2a2aU, 0xf5f5f5f5U, 0xb0b0b0b0U, | ||
| 714 | 0xc8c8c8c8U, 0xebebebebU, 0xbbbbbbbbU, 0x3c3c3c3cU, | ||
| 715 | 0x83838383U, 0x53535353U, 0x99999999U, 0x61616161U, | ||
| 716 | 0x17171717U, 0x2b2b2b2bU, 0x04040404U, 0x7e7e7e7eU, | ||
| 717 | 0xbabababaU, 0x77777777U, 0xd6d6d6d6U, 0x26262626U, | ||
| 718 | 0xe1e1e1e1U, 0x69696969U, 0x14141414U, 0x63636363U, | ||
| 719 | 0x55555555U, 0x21212121U, 0x0c0c0c0cU, 0x7d7d7d7dU, | ||
| 720 | }; | 617 | }; |
| 721 | static const u32 rcon[] = { | 618 | static const u32 rcon[] = { |
| 722 | 0x01000000, 0x02000000, 0x04000000, 0x08000000, | 619 | 0x01000000, 0x02000000, 0x04000000, 0x08000000, |
| @@ -756,10 +653,10 @@ int AES_set_encrypt_key(const unsigned char *userKey, const int bits, | |||
| 756 | while (1) { | 653 | while (1) { |
| 757 | temp = rk[3]; | 654 | temp = rk[3]; |
| 758 | rk[4] = rk[0] ^ | 655 | rk[4] = rk[0] ^ |
| 759 | (Te4[(temp >> 16) & 0xff] & 0xff000000) ^ | 656 | (Te2[(temp >> 16) & 0xff] & 0xff000000) ^ |
| 760 | (Te4[(temp >> 8) & 0xff] & 0x00ff0000) ^ | 657 | (Te3[(temp >> 8) & 0xff] & 0x00ff0000) ^ |
| 761 | (Te4[(temp ) & 0xff] & 0x0000ff00) ^ | 658 | (Te0[(temp ) & 0xff] & 0x0000ff00) ^ |
| 762 | (Te4[(temp >> 24) ] & 0x000000ff) ^ | 659 | (Te1[(temp >> 24) ] & 0x000000ff) ^ |
| 763 | rcon[i]; | 660 | rcon[i]; |
| 764 | rk[5] = rk[1] ^ rk[4]; | 661 | rk[5] = rk[1] ^ rk[4]; |
| 765 | rk[6] = rk[2] ^ rk[5]; | 662 | rk[6] = rk[2] ^ rk[5]; |
| @@ -776,10 +673,10 @@ int AES_set_encrypt_key(const unsigned char *userKey, const int bits, | |||
| 776 | while (1) { | 673 | while (1) { |
| 777 | temp = rk[ 5]; | 674 | temp = rk[ 5]; |
| 778 | rk[ 6] = rk[ 0] ^ | 675 | rk[ 6] = rk[ 0] ^ |
| 779 | (Te4[(temp >> 16) & 0xff] & 0xff000000) ^ | 676 | (Te2[(temp >> 16) & 0xff] & 0xff000000) ^ |
| 780 | (Te4[(temp >> 8) & 0xff] & 0x00ff0000) ^ | 677 | (Te3[(temp >> 8) & 0xff] & 0x00ff0000) ^ |
| 781 | (Te4[(temp ) & 0xff] & 0x0000ff00) ^ | 678 | (Te0[(temp ) & 0xff] & 0x0000ff00) ^ |
| 782 | (Te4[(temp >> 24) ] & 0x000000ff) ^ | 679 | (Te1[(temp >> 24) ] & 0x000000ff) ^ |
| 783 | rcon[i]; | 680 | rcon[i]; |
| 784 | rk[ 7] = rk[ 1] ^ rk[ 6]; | 681 | rk[ 7] = rk[ 1] ^ rk[ 6]; |
| 785 | rk[ 8] = rk[ 2] ^ rk[ 7]; | 682 | rk[ 8] = rk[ 2] ^ rk[ 7]; |
| @@ -798,10 +695,10 @@ int AES_set_encrypt_key(const unsigned char *userKey, const int bits, | |||
| 798 | while (1) { | 695 | while (1) { |
| 799 | temp = rk[ 7]; | 696 | temp = rk[ 7]; |
| 800 | rk[ 8] = rk[ 0] ^ | 697 | rk[ 8] = rk[ 0] ^ |
| 801 | (Te4[(temp >> 16) & 0xff] & 0xff000000) ^ | 698 | (Te2[(temp >> 16) & 0xff] & 0xff000000) ^ |
| 802 | (Te4[(temp >> 8) & 0xff] & 0x00ff0000) ^ | 699 | (Te3[(temp >> 8) & 0xff] & 0x00ff0000) ^ |
| 803 | (Te4[(temp ) & 0xff] & 0x0000ff00) ^ | 700 | (Te0[(temp ) & 0xff] & 0x0000ff00) ^ |
| 804 | (Te4[(temp >> 24) ] & 0x000000ff) ^ | 701 | (Te1[(temp >> 24) ] & 0x000000ff) ^ |
| 805 | rcon[i]; | 702 | rcon[i]; |
| 806 | rk[ 9] = rk[ 1] ^ rk[ 8]; | 703 | rk[ 9] = rk[ 1] ^ rk[ 8]; |
| 807 | rk[10] = rk[ 2] ^ rk[ 9]; | 704 | rk[10] = rk[ 2] ^ rk[ 9]; |
| @@ -811,10 +708,10 @@ int AES_set_encrypt_key(const unsigned char *userKey, const int bits, | |||
| 811 | } | 708 | } |
| 812 | temp = rk[11]; | 709 | temp = rk[11]; |
| 813 | rk[12] = rk[ 4] ^ | 710 | rk[12] = rk[ 4] ^ |
| 814 | (Te4[(temp >> 24) ] & 0xff000000) ^ | 711 | (Te2[(temp >> 24) ] & 0xff000000) ^ |
| 815 | (Te4[(temp >> 16) & 0xff] & 0x00ff0000) ^ | 712 | (Te3[(temp >> 16) & 0xff] & 0x00ff0000) ^ |
| 816 | (Te4[(temp >> 8) & 0xff] & 0x0000ff00) ^ | 713 | (Te0[(temp >> 8) & 0xff] & 0x0000ff00) ^ |
| 817 | (Te4[(temp ) & 0xff] & 0x000000ff); | 714 | (Te1[(temp ) & 0xff] & 0x000000ff); |
| 818 | rk[13] = rk[ 5] ^ rk[12]; | 715 | rk[13] = rk[ 5] ^ rk[12]; |
| 819 | rk[14] = rk[ 6] ^ rk[13]; | 716 | rk[14] = rk[ 6] ^ rk[13]; |
| 820 | rk[15] = rk[ 7] ^ rk[14]; | 717 | rk[15] = rk[ 7] ^ rk[14]; |
| @@ -853,29 +750,30 @@ int AES_set_decrypt_key(const unsigned char *userKey, const int bits, | |||
| 853 | for (i = 1; i < (key->rounds); i++) { | 750 | for (i = 1; i < (key->rounds); i++) { |
| 854 | rk += 4; | 751 | rk += 4; |
| 855 | rk[0] = | 752 | rk[0] = |
| 856 | Td0[Te4[(rk[0] >> 24) ] & 0xff] ^ | 753 | Td0[Te1[(rk[0] >> 24) ] & 0xff] ^ |
| 857 | Td1[Te4[(rk[0] >> 16) & 0xff] & 0xff] ^ | 754 | Td1[Te1[(rk[0] >> 16) & 0xff] & 0xff] ^ |
| 858 | Td2[Te4[(rk[0] >> 8) & 0xff] & 0xff] ^ | 755 | Td2[Te1[(rk[0] >> 8) & 0xff] & 0xff] ^ |
| 859 | Td3[Te4[(rk[0] ) & 0xff] & 0xff]; | 756 | Td3[Te1[(rk[0] ) & 0xff] & 0xff]; |
| 860 | rk[1] = | 757 | rk[1] = |
| 861 | Td0[Te4[(rk[1] >> 24) ] & 0xff] ^ | 758 | Td0[Te1[(rk[1] >> 24) ] & 0xff] ^ |
| 862 | Td1[Te4[(rk[1] >> 16) & 0xff] & 0xff] ^ | 759 | Td1[Te1[(rk[1] >> 16) & 0xff] & 0xff] ^ |
| 863 | Td2[Te4[(rk[1] >> 8) & 0xff] & 0xff] ^ | 760 | Td2[Te1[(rk[1] >> 8) & 0xff] & 0xff] ^ |
| 864 | Td3[Te4[(rk[1] ) & 0xff] & 0xff]; | 761 | Td3[Te1[(rk[1] ) & 0xff] & 0xff]; |
| 865 | rk[2] = | 762 | rk[2] = |
| 866 | Td0[Te4[(rk[2] >> 24) ] & 0xff] ^ | 763 | Td0[Te1[(rk[2] >> 24) ] & 0xff] ^ |
| 867 | Td1[Te4[(rk[2] >> 16) & 0xff] & 0xff] ^ | 764 | Td1[Te1[(rk[2] >> 16) & 0xff] & 0xff] ^ |
| 868 | Td2[Te4[(rk[2] >> 8) & 0xff] & 0xff] ^ | 765 | Td2[Te1[(rk[2] >> 8) & 0xff] & 0xff] ^ |
| 869 | Td3[Te4[(rk[2] ) & 0xff] & 0xff]; | 766 | Td3[Te1[(rk[2] ) & 0xff] & 0xff]; |
| 870 | rk[3] = | 767 | rk[3] = |
| 871 | Td0[Te4[(rk[3] >> 24) ] & 0xff] ^ | 768 | Td0[Te1[(rk[3] >> 24) ] & 0xff] ^ |
| 872 | Td1[Te4[(rk[3] >> 16) & 0xff] & 0xff] ^ | 769 | Td1[Te1[(rk[3] >> 16) & 0xff] & 0xff] ^ |
| 873 | Td2[Te4[(rk[3] >> 8) & 0xff] & 0xff] ^ | 770 | Td2[Te1[(rk[3] >> 8) & 0xff] & 0xff] ^ |
| 874 | Td3[Te4[(rk[3] ) & 0xff] & 0xff]; | 771 | Td3[Te1[(rk[3] ) & 0xff] & 0xff]; |
| 875 | } | 772 | } |
| 876 | return 0; | 773 | return 0; |
| 877 | } | 774 | } |
| 878 | 775 | ||
| 776 | #ifndef AES_ASM | ||
| 879 | /* | 777 | /* |
| 880 | * Encrypt a single block | 778 | * Encrypt a single block |
| 881 | * in and out can overlap | 779 | * in and out can overlap |
| @@ -1038,31 +936,31 @@ void AES_encrypt(const unsigned char *in, unsigned char *out, | |||
| 1038 | * map cipher state to byte array block: | 936 | * map cipher state to byte array block: |
| 1039 | */ | 937 | */ |
| 1040 | s0 = | 938 | s0 = |
| 1041 | (Te4[(t0 >> 24) ] & 0xff000000) ^ | 939 | (Te2[(t0 >> 24) ] & 0xff000000) ^ |
| 1042 | (Te4[(t1 >> 16) & 0xff] & 0x00ff0000) ^ | 940 | (Te3[(t1 >> 16) & 0xff] & 0x00ff0000) ^ |
| 1043 | (Te4[(t2 >> 8) & 0xff] & 0x0000ff00) ^ | 941 | (Te0[(t2 >> 8) & 0xff] & 0x0000ff00) ^ |
| 1044 | (Te4[(t3 ) & 0xff] & 0x000000ff) ^ | 942 | (Te1[(t3 ) & 0xff] & 0x000000ff) ^ |
| 1045 | rk[0]; | 943 | rk[0]; |
| 1046 | PUTU32(out , s0); | 944 | PUTU32(out , s0); |
| 1047 | s1 = | 945 | s1 = |
| 1048 | (Te4[(t1 >> 24) ] & 0xff000000) ^ | 946 | (Te2[(t1 >> 24) ] & 0xff000000) ^ |
| 1049 | (Te4[(t2 >> 16) & 0xff] & 0x00ff0000) ^ | 947 | (Te3[(t2 >> 16) & 0xff] & 0x00ff0000) ^ |
| 1050 | (Te4[(t3 >> 8) & 0xff] & 0x0000ff00) ^ | 948 | (Te0[(t3 >> 8) & 0xff] & 0x0000ff00) ^ |
| 1051 | (Te4[(t0 ) & 0xff] & 0x000000ff) ^ | 949 | (Te1[(t0 ) & 0xff] & 0x000000ff) ^ |
| 1052 | rk[1]; | 950 | rk[1]; |
| 1053 | PUTU32(out + 4, s1); | 951 | PUTU32(out + 4, s1); |
| 1054 | s2 = | 952 | s2 = |
| 1055 | (Te4[(t2 >> 24) ] & 0xff000000) ^ | 953 | (Te2[(t2 >> 24) ] & 0xff000000) ^ |
| 1056 | (Te4[(t3 >> 16) & 0xff] & 0x00ff0000) ^ | 954 | (Te3[(t3 >> 16) & 0xff] & 0x00ff0000) ^ |
| 1057 | (Te4[(t0 >> 8) & 0xff] & 0x0000ff00) ^ | 955 | (Te0[(t0 >> 8) & 0xff] & 0x0000ff00) ^ |
| 1058 | (Te4[(t1 ) & 0xff] & 0x000000ff) ^ | 956 | (Te1[(t1 ) & 0xff] & 0x000000ff) ^ |
| 1059 | rk[2]; | 957 | rk[2]; |
| 1060 | PUTU32(out + 8, s2); | 958 | PUTU32(out + 8, s2); |
| 1061 | s3 = | 959 | s3 = |
| 1062 | (Te4[(t3 >> 24) ] & 0xff000000) ^ | 960 | (Te2[(t3 >> 24) ] & 0xff000000) ^ |
| 1063 | (Te4[(t0 >> 16) & 0xff] & 0x00ff0000) ^ | 961 | (Te3[(t0 >> 16) & 0xff] & 0x00ff0000) ^ |
| 1064 | (Te4[(t1 >> 8) & 0xff] & 0x0000ff00) ^ | 962 | (Te0[(t1 >> 8) & 0xff] & 0x0000ff00) ^ |
| 1065 | (Te4[(t2 ) & 0xff] & 0x000000ff) ^ | 963 | (Te1[(t2 ) & 0xff] & 0x000000ff) ^ |
| 1066 | rk[3]; | 964 | rk[3]; |
| 1067 | PUTU32(out + 12, s3); | 965 | PUTU32(out + 12, s3); |
| 1068 | } | 966 | } |
| @@ -1229,33 +1127,33 @@ void AES_decrypt(const unsigned char *in, unsigned char *out, | |||
| 1229 | * map cipher state to byte array block: | 1127 | * map cipher state to byte array block: |
| 1230 | */ | 1128 | */ |
| 1231 | s0 = | 1129 | s0 = |
| 1232 | (Td4[(t0 >> 24) ] & 0xff000000) ^ | 1130 | (Td4[(t0 >> 24) ] << 24) ^ |
| 1233 | (Td4[(t3 >> 16) & 0xff] & 0x00ff0000) ^ | 1131 | (Td4[(t3 >> 16) & 0xff] << 16) ^ |
| 1234 | (Td4[(t2 >> 8) & 0xff] & 0x0000ff00) ^ | 1132 | (Td4[(t2 >> 8) & 0xff] << 8) ^ |
| 1235 | (Td4[(t1 ) & 0xff] & 0x000000ff) ^ | 1133 | (Td4[(t1 ) & 0xff]) ^ |
| 1236 | rk[0]; | 1134 | rk[0]; |
| 1237 | PUTU32(out , s0); | 1135 | PUTU32(out , s0); |
| 1238 | s1 = | 1136 | s1 = |
| 1239 | (Td4[(t1 >> 24) ] & 0xff000000) ^ | 1137 | (Td4[(t1 >> 24) ] << 24) ^ |
| 1240 | (Td4[(t0 >> 16) & 0xff] & 0x00ff0000) ^ | 1138 | (Td4[(t0 >> 16) & 0xff] << 16) ^ |
| 1241 | (Td4[(t3 >> 8) & 0xff] & 0x0000ff00) ^ | 1139 | (Td4[(t3 >> 8) & 0xff] << 8) ^ |
| 1242 | (Td4[(t2 ) & 0xff] & 0x000000ff) ^ | 1140 | (Td4[(t2 ) & 0xff]) ^ |
| 1243 | rk[1]; | 1141 | rk[1]; |
| 1244 | PUTU32(out + 4, s1); | 1142 | PUTU32(out + 4, s1); |
| 1245 | s2 = | 1143 | s2 = |
| 1246 | (Td4[(t2 >> 24) ] & 0xff000000) ^ | 1144 | (Td4[(t2 >> 24) ] << 24) ^ |
| 1247 | (Td4[(t1 >> 16) & 0xff] & 0x00ff0000) ^ | 1145 | (Td4[(t1 >> 16) & 0xff] << 16) ^ |
| 1248 | (Td4[(t0 >> 8) & 0xff] & 0x0000ff00) ^ | 1146 | (Td4[(t0 >> 8) & 0xff] << 8) ^ |
| 1249 | (Td4[(t3 ) & 0xff] & 0x000000ff) ^ | 1147 | (Td4[(t3 ) & 0xff]) ^ |
| 1250 | rk[2]; | 1148 | rk[2]; |
| 1251 | PUTU32(out + 8, s2); | 1149 | PUTU32(out + 8, s2); |
| 1252 | s3 = | 1150 | s3 = |
| 1253 | (Td4[(t3 >> 24) ] & 0xff000000) ^ | 1151 | (Td4[(t3 >> 24) ] << 24) ^ |
| 1254 | (Td4[(t2 >> 16) & 0xff] & 0x00ff0000) ^ | 1152 | (Td4[(t2 >> 16) & 0xff] << 16) ^ |
| 1255 | (Td4[(t1 >> 8) & 0xff] & 0x0000ff00) ^ | 1153 | (Td4[(t1 >> 8) & 0xff] << 8) ^ |
| 1256 | (Td4[(t0 ) & 0xff] & 0x000000ff) ^ | 1154 | (Td4[(t0 ) & 0xff]) ^ |
| 1257 | rk[3]; | 1155 | rk[3]; |
| 1258 | PUTU32(out + 12, s3); | 1156 | PUTU32(out + 12, s3); |
| 1259 | } | 1157 | } |
| 1260 | 1158 | ||
| 1261 | #endif /* ndef OPENSSL_FIPS */ | 1159 | #endif /* AES_ASM */ |
diff --git a/src/lib/libssl/src/crypto/aes/aes_locl.h b/src/lib/libssl/src/crypto/aes/aes_locl.h index 4184729e34..054b442d41 100644 --- a/src/lib/libssl/src/crypto/aes/aes_locl.h +++ b/src/lib/libssl/src/crypto/aes/aes_locl.h | |||
| @@ -62,7 +62,7 @@ | |||
| 62 | #include <stdlib.h> | 62 | #include <stdlib.h> |
| 63 | #include <string.h> | 63 | #include <string.h> |
| 64 | 64 | ||
| 65 | #if defined(_MSC_VER) && !defined(_M_IA64) && !defined(OPENSSL_SYS_WINCE) | 65 | #if defined(_MSC_VER) && (defined(_M_IX86) || defined(_M_AMD64) || defined(_M_X64)) |
| 66 | # define SWAP(x) (_lrotl(x, 8) & 0x00ff00ff | _lrotr(x, 8) & 0xff00ff00) | 66 | # define SWAP(x) (_lrotl(x, 8) & 0x00ff00ff | _lrotr(x, 8) & 0xff00ff00) |
| 67 | # define GETU32(p) SWAP(*((u32 *)(p))) | 67 | # define GETU32(p) SWAP(*((u32 *)(p))) |
| 68 | # define PUTU32(ct, st) { *((u32 *)(ct)) = SWAP((st)); } | 68 | # define PUTU32(ct, st) { *((u32 *)(ct)) = SWAP((st)); } |
| @@ -71,7 +71,11 @@ | |||
| 71 | # define PUTU32(ct, st) { (ct)[0] = (u8)((st) >> 24); (ct)[1] = (u8)((st) >> 16); (ct)[2] = (u8)((st) >> 8); (ct)[3] = (u8)(st); } | 71 | # define PUTU32(ct, st) { (ct)[0] = (u8)((st) >> 24); (ct)[1] = (u8)((st) >> 16); (ct)[2] = (u8)((st) >> 8); (ct)[3] = (u8)(st); } |
| 72 | #endif | 72 | #endif |
| 73 | 73 | ||
| 74 | #ifdef AES_LONG | ||
| 74 | typedef unsigned long u32; | 75 | typedef unsigned long u32; |
| 76 | #else | ||
| 77 | typedef unsigned int u32; | ||
| 78 | #endif | ||
| 75 | typedef unsigned short u16; | 79 | typedef unsigned short u16; |
| 76 | typedef unsigned char u8; | 80 | typedef unsigned char u8; |
| 77 | 81 | ||
diff --git a/src/lib/libssl/src/crypto/aes/aes_misc.c b/src/lib/libssl/src/crypto/aes/aes_misc.c index 090def25d5..4fead1b4c7 100644 --- a/src/lib/libssl/src/crypto/aes/aes_misc.c +++ b/src/lib/libssl/src/crypto/aes/aes_misc.c | |||
| @@ -53,7 +53,7 @@ | |||
| 53 | #include <openssl/aes.h> | 53 | #include <openssl/aes.h> |
| 54 | #include "aes_locl.h" | 54 | #include "aes_locl.h" |
| 55 | 55 | ||
| 56 | const char *AES_version="AES" OPENSSL_VERSION_PTEXT; | 56 | const char AES_version[]="AES" OPENSSL_VERSION_PTEXT; |
| 57 | 57 | ||
| 58 | const char *AES_options(void) { | 58 | const char *AES_options(void) { |
| 59 | #ifdef FULL_UNROLL | 59 | #ifdef FULL_UNROLL |
diff --git a/src/lib/libssl/src/crypto/aes/asm/aes-586.pl b/src/lib/libssl/src/crypto/aes/asm/aes-586.pl index 688fda21ff..89fa261794 100644 --- a/src/lib/libssl/src/crypto/aes/asm/aes-586.pl +++ b/src/lib/libssl/src/crypto/aes/asm/aes-586.pl | |||
| @@ -6,7 +6,7 @@ | |||
| 6 | # forms are granted according to the OpenSSL license. | 6 | # forms are granted according to the OpenSSL license. |
| 7 | # ==================================================================== | 7 | # ==================================================================== |
| 8 | # | 8 | # |
| 9 | # Version 2.0. | 9 | # Version 3.6. |
| 10 | # | 10 | # |
| 11 | # You might fail to appreciate this module performance from the first | 11 | # You might fail to appreciate this module performance from the first |
| 12 | # try. If compared to "vanilla" linux-ia32-icc target, i.e. considered | 12 | # try. If compared to "vanilla" linux-ia32-icc target, i.e. considered |
| @@ -46,43 +46,68 @@ | |||
| 46 | # Instruction Level Parallelism, and it indeed resulted in up to 15% | 46 | # Instruction Level Parallelism, and it indeed resulted in up to 15% |
| 47 | # better performance on most recent µ-archs... | 47 | # better performance on most recent µ-archs... |
| 48 | # | 48 | # |
| 49 | # Current ECB performance numbers for 128-bit key in cycles per byte | 49 | # Third version adds AES_cbc_encrypt implementation, which resulted in |
| 50 | # [measure commonly used by AES benchmarkers] are: | 50 | # up to 40% performance imrovement of CBC benchmark results. 40% was |
| 51 | # observed on P4 core, where "overall" imrovement coefficient, i.e. if | ||
| 52 | # compared to PIC generated by GCC and in CBC mode, was observed to be | ||
| 53 | # as large as 4x:-) CBC performance is virtually identical to ECB now | ||
| 54 | # and on some platforms even better, e.g. 17.6 "small" cycles/byte on | ||
| 55 | # Opteron, because certain function prologues and epilogues are | ||
| 56 | # effectively taken out of the loop... | ||
| 51 | # | 57 | # |
| 52 | # small footprint fully unrolled | 58 | # Version 3.2 implements compressed tables and prefetch of these tables |
| 53 | # P4[-3] 23[24] 22[23] | 59 | # in CBC[!] mode. Former means that 3/4 of table references are now |
| 54 | # AMD K8 19 18 | 60 | # misaligned, which unfortunately has negative impact on elder IA-32 |
| 55 | # PIII 26(*) 23 | 61 | # implementations, Pentium suffered 30% penalty, PIII - 10%. |
| 56 | # Pentium 63(*) 52 | 62 | # |
| 63 | # Version 3.3 avoids L1 cache aliasing between stack frame and | ||
| 64 | # S-boxes, and 3.4 - L1 cache aliasing even between key schedule. The | ||
| 65 | # latter is achieved by copying the key schedule to controlled place in | ||
| 66 | # stack. This unfortunately has rather strong impact on small block CBC | ||
| 67 | # performance, ~2x deterioration on 16-byte block if compared to 3.3. | ||
| 68 | # | ||
| 69 | # Version 3.5 checks if there is L1 cache aliasing between user-supplied | ||
| 70 | # key schedule and S-boxes and abstains from copying the former if | ||
| 71 | # there is no. This allows end-user to consciously retain small block | ||
| 72 | # performance by aligning key schedule in specific manner. | ||
| 57 | # | 73 | # |
| 58 | # (*) Performance difference between small footprint code and fully | 74 | # Version 3.6 compresses Td4 to 256 bytes and prefetches it in ECB. |
| 59 | # unrolled in more commonly used CBC mode is not as big, 7% for | 75 | # |
| 60 | # PIII and 15% for Pentium, which I consider tolerable. | 76 | # Current ECB performance numbers for 128-bit key in CPU cycles per |
| 77 | # processed byte [measure commonly used by AES benchmarkers] are: | ||
| 78 | # | ||
| 79 | # small footprint fully unrolled | ||
| 80 | # P4 24 22 | ||
| 81 | # AMD K8 20 19 | ||
| 82 | # PIII 25 23 | ||
| 83 | # Pentium 81 78 | ||
| 61 | 84 | ||
| 62 | push(@INC,"perlasm","../../perlasm"); | 85 | push(@INC,"perlasm","../../perlasm"); |
| 63 | require "x86asm.pl"; | 86 | require "x86asm.pl"; |
| 64 | 87 | ||
| 65 | &asm_init($ARGV[0],"aes-586.pl",$ARGV[$#ARGV] eq "386"); | 88 | &asm_init($ARGV[0],"aes-586.pl",$ARGV[$#ARGV] eq "386"); |
| 66 | 89 | ||
| 67 | $small_footprint=1; # $small_footprint=1 code is ~5% slower [on | ||
| 68 | # recent µ-archs], but ~5 times smaller! | ||
| 69 | # I favor compact code, because it minimizes | ||
| 70 | # cache contention... | ||
| 71 | $vertical_spin=0; # shift "verticaly" defaults to 0, because of | ||
| 72 | # its proof-of-concept status, see below... | ||
| 73 | |||
| 74 | $s0="eax"; | 90 | $s0="eax"; |
| 75 | $s1="ebx"; | 91 | $s1="ebx"; |
| 76 | $s2="ecx"; | 92 | $s2="ecx"; |
| 77 | $s3="edx"; | 93 | $s3="edx"; |
| 78 | $key="esi"; | 94 | $key="edi"; |
| 79 | $acc="edi"; | 95 | $acc="esi"; |
| 96 | |||
| 97 | $compromise=0; # $compromise=128 abstains from copying key | ||
| 98 | # schedule to stack when encrypting inputs | ||
| 99 | # shorter than 128 bytes at the cost of | ||
| 100 | # risksing aliasing with S-boxes. In return | ||
| 101 | # you get way better, up to +70%, small block | ||
| 102 | # performance. | ||
| 103 | $small_footprint=1; # $small_footprint=1 code is ~5% slower [on | ||
| 104 | # recent µ-archs], but ~5 times smaller! | ||
| 105 | # I favor compact code to minimize cache | ||
| 106 | # contention and in hope to "collect" 5% back | ||
| 107 | # in real-life applications... | ||
| 108 | $vertical_spin=0; # shift "verticaly" defaults to 0, because of | ||
| 109 | # its proof-of-concept status... | ||
| 80 | 110 | ||
| 81 | if ($vertical_spin) { | ||
| 82 | # I need high parts of volatile registers to be accessible... | ||
| 83 | $s1="esi"; $key="ebx"; | ||
| 84 | $s2="edi"; $acc="ecx"; | ||
| 85 | } | ||
| 86 | # Note that there is no decvert(), as well as last encryption round is | 111 | # Note that there is no decvert(), as well as last encryption round is |
| 87 | # performed with "horizontal" shifts. This is because this "vertical" | 112 | # performed with "horizontal" shifts. This is because this "vertical" |
| 88 | # implementation [one which groups shifts on a given $s[i] to form a | 113 | # implementation [one which groups shifts on a given $s[i] to form a |
| @@ -98,55 +123,55 @@ sub encvert() | |||
| 98 | my $v0 = $acc, $v1 = $key; | 123 | my $v0 = $acc, $v1 = $key; |
| 99 | 124 | ||
| 100 | &mov ($v0,$s[3]); # copy s3 | 125 | &mov ($v0,$s[3]); # copy s3 |
| 101 | &mov (&DWP(0,"esp"),$s[2]); # save s2 | 126 | &mov (&DWP(4,"esp"),$s[2]); # save s2 |
| 102 | &mov ($v1,$s[0]); # copy s0 | 127 | &mov ($v1,$s[0]); # copy s0 |
| 103 | &mov (&DWP(4,"esp"),$s[1]); # save s1 | 128 | &mov (&DWP(8,"esp"),$s[1]); # save s1 |
| 104 | 129 | ||
| 105 | &movz ($s[2],&HB($s[0])); | 130 | &movz ($s[2],&HB($s[0])); |
| 106 | &and ($s[0],0xFF); | 131 | &and ($s[0],0xFF); |
| 107 | &mov ($s[0],&DWP(1024*0,$te,$s[0],4)); # s0>>0 | 132 | &mov ($s[0],&DWP(0,$te,$s[0],8)); # s0>>0 |
| 108 | &shr ($v1,16); | 133 | &shr ($v1,16); |
| 109 | &mov ($s[3],&DWP(1024*1,$te,$s[2],4)); # s0>>8 | 134 | &mov ($s[3],&DWP(3,$te,$s[2],8)); # s0>>8 |
| 110 | &movz ($s[1],&HB($v1)); | 135 | &movz ($s[1],&HB($v1)); |
| 111 | &and ($v1,0xFF); | 136 | &and ($v1,0xFF); |
| 112 | &mov ($s[2],&DWP(1024*2,$te,$v1,4)); # s0>>16 | 137 | &mov ($s[2],&DWP(2,$te,$v1,8)); # s0>>16 |
| 113 | &mov ($v1,$v0); | 138 | &mov ($v1,$v0); |
| 114 | &mov ($s[1],&DWP(1024*3,$te,$s[1],4)); # s0>>24 | 139 | &mov ($s[1],&DWP(1,$te,$s[1],8)); # s0>>24 |
| 115 | 140 | ||
| 116 | &and ($v0,0xFF); | 141 | &and ($v0,0xFF); |
| 117 | &xor ($s[3],&DWP(1024*0,$te,$v0,4)); # s3>>0 | 142 | &xor ($s[3],&DWP(0,$te,$v0,8)); # s3>>0 |
| 118 | &movz ($v0,&HB($v1)); | 143 | &movz ($v0,&HB($v1)); |
| 119 | &shr ($v1,16); | 144 | &shr ($v1,16); |
| 120 | &xor ($s[2],&DWP(1024*1,$te,$v0,4)); # s3>>8 | 145 | &xor ($s[2],&DWP(3,$te,$v0,8)); # s3>>8 |
| 121 | &movz ($v0,&HB($v1)); | 146 | &movz ($v0,&HB($v1)); |
| 122 | &and ($v1,0xFF); | 147 | &and ($v1,0xFF); |
| 123 | &xor ($s[1],&DWP(1024*2,$te,$v1,4)); # s3>>16 | 148 | &xor ($s[1],&DWP(2,$te,$v1,8)); # s3>>16 |
| 124 | &mov ($v1,&DWP(0,"esp")); # restore s2 | 149 | &mov ($v1,&DWP(4,"esp")); # restore s2 |
| 125 | &xor ($s[0],&DWP(1024*3,$te,$v0,4)); # s3>>24 | 150 | &xor ($s[0],&DWP(1,$te,$v0,8)); # s3>>24 |
| 126 | 151 | ||
| 127 | &mov ($v0,$v1); | 152 | &mov ($v0,$v1); |
| 128 | &and ($v1,0xFF); | 153 | &and ($v1,0xFF); |
| 129 | &xor ($s[2],&DWP(1024*0,$te,$v1,4)); # s2>>0 | 154 | &xor ($s[2],&DWP(0,$te,$v1,8)); # s2>>0 |
| 130 | &movz ($v1,&HB($v0)); | 155 | &movz ($v1,&HB($v0)); |
| 131 | &shr ($v0,16); | 156 | &shr ($v0,16); |
| 132 | &xor ($s[1],&DWP(1024*1,$te,$v1,4)); # s2>>8 | 157 | &xor ($s[1],&DWP(3,$te,$v1,8)); # s2>>8 |
| 133 | &movz ($v1,&HB($v0)); | 158 | &movz ($v1,&HB($v0)); |
| 134 | &and ($v0,0xFF); | 159 | &and ($v0,0xFF); |
| 135 | &xor ($s[0],&DWP(1024*2,$te,$v0,4)); # s2>>16 | 160 | &xor ($s[0],&DWP(2,$te,$v0,8)); # s2>>16 |
| 136 | &mov ($v0,&DWP(4,"esp")); # restore s1 | 161 | &mov ($v0,&DWP(8,"esp")); # restore s1 |
| 137 | &xor ($s[3],&DWP(1024*3,$te,$v1,4)); # s2>>24 | 162 | &xor ($s[3],&DWP(1,$te,$v1,8)); # s2>>24 |
| 138 | 163 | ||
| 139 | &mov ($v1,$v0); | 164 | &mov ($v1,$v0); |
| 140 | &and ($v0,0xFF); | 165 | &and ($v0,0xFF); |
| 141 | &xor ($s[1],&DWP(1024*0,$te,$v0,4)); # s1>>0 | 166 | &xor ($s[1],&DWP(0,$te,$v0,8)); # s1>>0 |
| 142 | &movz ($v0,&HB($v1)); | 167 | &movz ($v0,&HB($v1)); |
| 143 | &shr ($v1,16); | 168 | &shr ($v1,16); |
| 144 | &xor ($s[0],&DWP(1024*1,$te,$v0,4)); # s1>>8 | 169 | &xor ($s[0],&DWP(3,$te,$v0,8)); # s1>>8 |
| 145 | &movz ($v0,&HB($v1)); | 170 | &movz ($v0,&HB($v1)); |
| 146 | &and ($v1,0xFF); | 171 | &and ($v1,0xFF); |
| 147 | &xor ($s[3],&DWP(1024*2,$te,$v1,4)); # s1>>16 | 172 | &xor ($s[3],&DWP(2,$te,$v1,8)); # s1>>16 |
| 148 | &mov ($key,&DWP(12,"esp")); # reincarnate v1 as key | 173 | &mov ($key,&DWP(12,"esp")); # reincarnate v1 as key |
| 149 | &xor ($s[2],&DWP(1024*3,$te,$v0,4)); # s1>>24 | 174 | &xor ($s[2],&DWP(1,$te,$v0,8)); # s1>>24 |
| 150 | } | 175 | } |
| 151 | 176 | ||
| 152 | sub encstep() | 177 | sub encstep() |
| @@ -160,25 +185,25 @@ sub encstep() | |||
| 160 | &and ($out,0xFF); } | 185 | &and ($out,0xFF); } |
| 161 | if ($i==1) { &shr ($s[0],16); }#%ebx[1] | 186 | if ($i==1) { &shr ($s[0],16); }#%ebx[1] |
| 162 | if ($i==2) { &shr ($s[0],24); }#%ecx[2] | 187 | if ($i==2) { &shr ($s[0],24); }#%ecx[2] |
| 163 | &mov ($out,&DWP(1024*0,$te,$out,4)); | 188 | &mov ($out,&DWP(0,$te,$out,8)); |
| 164 | 189 | ||
| 165 | if ($i==3) { $tmp=$s[1]; }##%eax | 190 | if ($i==3) { $tmp=$s[1]; }##%eax |
| 166 | &movz ($tmp,&HB($s[1])); | 191 | &movz ($tmp,&HB($s[1])); |
| 167 | &xor ($out,&DWP(1024*1,$te,$tmp,4)); | 192 | &xor ($out,&DWP(3,$te,$tmp,8)); |
| 168 | 193 | ||
| 169 | if ($i==3) { $tmp=$s[2]; &mov ($s[1],&DWP(0,"esp")); }##%ebx | 194 | if ($i==3) { $tmp=$s[2]; &mov ($s[1],&DWP(4,"esp")); }##%ebx |
| 170 | else { &mov ($tmp,$s[2]); | 195 | else { &mov ($tmp,$s[2]); |
| 171 | &shr ($tmp,16); } | 196 | &shr ($tmp,16); } |
| 172 | if ($i==2) { &and ($s[1],0xFF); }#%edx[2] | 197 | if ($i==2) { &and ($s[1],0xFF); }#%edx[2] |
| 173 | &and ($tmp,0xFF); | 198 | &and ($tmp,0xFF); |
| 174 | &xor ($out,&DWP(1024*2,$te,$tmp,4)); | 199 | &xor ($out,&DWP(2,$te,$tmp,8)); |
| 175 | 200 | ||
| 176 | if ($i==3) { $tmp=$s[3]; &mov ($s[2],&DWP(4,"esp")); }##%ecx | 201 | if ($i==3) { $tmp=$s[3]; &mov ($s[2],&DWP(8,"esp")); }##%ecx |
| 177 | elsif($i==2){ &movz ($tmp,&HB($s[3])); }#%ebx[2] | 202 | elsif($i==2){ &movz ($tmp,&HB($s[3])); }#%ebx[2] |
| 178 | else { &mov ($tmp,$s[3]); | 203 | else { &mov ($tmp,$s[3]); |
| 179 | &shr ($tmp,24) } | 204 | &shr ($tmp,24) } |
| 180 | &xor ($out,&DWP(1024*3,$te,$tmp,4)); | 205 | &xor ($out,&DWP(1,$te,$tmp,8)); |
| 181 | if ($i<2) { &mov (&DWP(4*$i,"esp"),$out); } | 206 | if ($i<2) { &mov (&DWP(4+4*$i,"esp"),$out); } |
| 182 | if ($i==3) { &mov ($s[3],$acc); } | 207 | if ($i==3) { &mov ($s[3],$acc); } |
| 183 | &comment(); | 208 | &comment(); |
| 184 | } | 209 | } |
| @@ -193,60 +218,49 @@ sub enclast() | |||
| 193 | &and ($out,0xFF); | 218 | &and ($out,0xFF); |
| 194 | if ($i==1) { &shr ($s[0],16); }#%ebx[1] | 219 | if ($i==1) { &shr ($s[0],16); }#%ebx[1] |
| 195 | if ($i==2) { &shr ($s[0],24); }#%ecx[2] | 220 | if ($i==2) { &shr ($s[0],24); }#%ecx[2] |
| 196 | &mov ($out,&DWP(1024*0,$te,$out,4)); | 221 | &mov ($out,&DWP(2,$te,$out,8)); |
| 197 | &and ($out,0x000000ff); | 222 | &and ($out,0x000000ff); |
| 198 | 223 | ||
| 199 | if ($i==3) { $tmp=$s[1]; }##%eax | 224 | if ($i==3) { $tmp=$s[1]; }##%eax |
| 200 | &movz ($tmp,&HB($s[1])); | 225 | &movz ($tmp,&HB($s[1])); |
| 201 | &mov ($tmp,&DWP(0,$te,$tmp,4)); | 226 | &mov ($tmp,&DWP(0,$te,$tmp,8)); |
| 202 | &and ($tmp,0x0000ff00); | 227 | &and ($tmp,0x0000ff00); |
| 203 | &xor ($out,$tmp); | 228 | &xor ($out,$tmp); |
| 204 | 229 | ||
| 205 | if ($i==3) { $tmp=$s[2]; &mov ($s[1],&DWP(0,"esp")); }##%ebx | 230 | if ($i==3) { $tmp=$s[2]; &mov ($s[1],&DWP(4,"esp")); }##%ebx |
| 206 | else { mov ($tmp,$s[2]); | 231 | else { mov ($tmp,$s[2]); |
| 207 | &shr ($tmp,16); } | 232 | &shr ($tmp,16); } |
| 208 | if ($i==2) { &and ($s[1],0xFF); }#%edx[2] | 233 | if ($i==2) { &and ($s[1],0xFF); }#%edx[2] |
| 209 | &and ($tmp,0xFF); | 234 | &and ($tmp,0xFF); |
| 210 | &mov ($tmp,&DWP(0,$te,$tmp,4)); | 235 | &mov ($tmp,&DWP(0,$te,$tmp,8)); |
| 211 | &and ($tmp,0x00ff0000); | 236 | &and ($tmp,0x00ff0000); |
| 212 | &xor ($out,$tmp); | 237 | &xor ($out,$tmp); |
| 213 | 238 | ||
| 214 | if ($i==3) { $tmp=$s[3]; &mov ($s[2],&DWP(4,"esp")); }##%ecx | 239 | if ($i==3) { $tmp=$s[3]; &mov ($s[2],&DWP(8,"esp")); }##%ecx |
| 215 | elsif($i==2){ &movz ($tmp,&HB($s[3])); }#%ebx[2] | 240 | elsif($i==2){ &movz ($tmp,&HB($s[3])); }#%ebx[2] |
| 216 | else { &mov ($tmp,$s[3]); | 241 | else { &mov ($tmp,$s[3]); |
| 217 | &shr ($tmp,24); } | 242 | &shr ($tmp,24); } |
| 218 | &mov ($tmp,&DWP(0,$te,$tmp,4)); | 243 | &mov ($tmp,&DWP(2,$te,$tmp,8)); |
| 219 | &and ($tmp,0xff000000); | 244 | &and ($tmp,0xff000000); |
| 220 | &xor ($out,$tmp); | 245 | &xor ($out,$tmp); |
| 221 | if ($i<2) { &mov (&DWP(4*$i,"esp"),$out); } | 246 | if ($i<2) { &mov (&DWP(4+4*$i,"esp"),$out); } |
| 222 | if ($i==3) { &mov ($s[3],$acc); } | 247 | if ($i==3) { &mov ($s[3],$acc); } |
| 223 | } | 248 | } |
| 224 | 249 | ||
| 225 | # void AES_encrypt (const void *inp,void *out,const AES_KEY *key); | 250 | sub _data_word() { my $i; while(defined($i=shift)) { &data_word($i,$i); } } |
| 226 | &public_label("AES_Te"); | ||
| 227 | &function_begin("AES_encrypt"); | ||
| 228 | &mov ($acc,&wparam(0)); # load inp | ||
| 229 | &mov ($key,&wparam(2)); # load key | ||
| 230 | |||
| 231 | &call (&label("pic_point")); # make it PIC! | ||
| 232 | &set_label("pic_point"); | ||
| 233 | &blindpop("ebp"); | ||
| 234 | &lea ("ebp",&DWP(&label("AES_Te")."-".&label("pic_point"),"ebp")); | ||
| 235 | 251 | ||
| 236 | # allocate aligned stack frame | 252 | &public_label("AES_Te"); |
| 237 | &mov ($s0,"esp"); | 253 | &function_begin_B("_x86_AES_encrypt"); |
| 238 | &sub ("esp",20); | 254 | if ($vertical_spin) { |
| 239 | &and ("esp",-16); | 255 | # I need high parts of volatile registers to be accessible... |
| 256 | &exch ($s1="edi",$key="ebx"); | ||
| 257 | &mov ($s2="esi",$acc="ecx"); | ||
| 258 | } | ||
| 240 | 259 | ||
| 260 | # note that caller is expected to allocate stack frame for me! | ||
| 241 | &mov (&DWP(12,"esp"),$key); # save key | 261 | &mov (&DWP(12,"esp"),$key); # save key |
| 242 | &mov (&DWP(16,"esp"),$s0); # save %esp | ||
| 243 | 262 | ||
| 244 | &mov ($s0,&DWP(0,$acc)); # load input data | 263 | &xor ($s0,&DWP(0,$key)); # xor with key |
| 245 | &mov ($s1,&DWP(4,$acc)); | ||
| 246 | &mov ($s2,&DWP(8,$acc)); | ||
| 247 | &mov ($s3,&DWP(12,$acc)); | ||
| 248 | |||
| 249 | &xor ($s0,&DWP(0,$key)); | ||
| 250 | &xor ($s1,&DWP(4,$key)); | 264 | &xor ($s1,&DWP(4,$key)); |
| 251 | &xor ($s2,&DWP(8,$key)); | 265 | &xor ($s2,&DWP(8,$key)); |
| 252 | &xor ($s3,&DWP(12,$key)); | 266 | &xor ($s3,&DWP(12,$key)); |
| @@ -256,7 +270,7 @@ sub enclast() | |||
| 256 | if ($small_footprint) { | 270 | if ($small_footprint) { |
| 257 | &lea ($acc,&DWP(-2,$acc,$acc)); | 271 | &lea ($acc,&DWP(-2,$acc,$acc)); |
| 258 | &lea ($acc,&DWP(0,$key,$acc,8)); | 272 | &lea ($acc,&DWP(0,$key,$acc,8)); |
| 259 | &mov (&DWP(8,"esp"),$acc); # end of key schedule | 273 | &mov (&DWP(16,"esp"),$acc); # end of key schedule |
| 260 | &align (4); | 274 | &align (4); |
| 261 | &set_label("loop"); | 275 | &set_label("loop"); |
| 262 | if ($vertical_spin) { | 276 | if ($vertical_spin) { |
| @@ -267,12 +281,12 @@ sub enclast() | |||
| 267 | &encstep(2,"ebp",$s2,$s3,$s0,$s1); | 281 | &encstep(2,"ebp",$s2,$s3,$s0,$s1); |
| 268 | &encstep(3,"ebp",$s3,$s0,$s1,$s2); | 282 | &encstep(3,"ebp",$s3,$s0,$s1,$s2); |
| 269 | } | 283 | } |
| 270 | &add ($key,16); # advance rd_key | 284 | &add ($key,16); # advance rd_key |
| 271 | &xor ($s0,&DWP(0,$key)); | 285 | &xor ($s0,&DWP(0,$key)); |
| 272 | &xor ($s1,&DWP(4,$key)); | 286 | &xor ($s1,&DWP(4,$key)); |
| 273 | &xor ($s2,&DWP(8,$key)); | 287 | &xor ($s2,&DWP(8,$key)); |
| 274 | &xor ($s3,&DWP(12,$key)); | 288 | &xor ($s3,&DWP(12,$key)); |
| 275 | &cmp ($key,&DWP(8,"esp")); | 289 | &cmp ($key,&DWP(16,"esp")); |
| 276 | &mov (&DWP(12,"esp"),$key); | 290 | &mov (&DWP(12,"esp"),$key); |
| 277 | &jb (&label("loop")); | 291 | &jb (&label("loop")); |
| 278 | } | 292 | } |
| @@ -298,7 +312,7 @@ sub enclast() | |||
| 298 | &xor ($s3,&DWP(16*$i+12,$key)); | 312 | &xor ($s3,&DWP(16*$i+12,$key)); |
| 299 | } | 313 | } |
| 300 | &add ($key,32); | 314 | &add ($key,32); |
| 301 | &mov (&DWP(12,"esp"),$key); # advance rd_key | 315 | &mov (&DWP(12,"esp"),$key); # advance rd_key |
| 302 | &set_label("12rounds"); | 316 | &set_label("12rounds"); |
| 303 | for ($i=1;$i<3;$i++) { | 317 | for ($i=1;$i<3;$i++) { |
| 304 | if ($vertical_spin) { | 318 | if ($vertical_spin) { |
| @@ -315,7 +329,7 @@ sub enclast() | |||
| 315 | &xor ($s3,&DWP(16*$i+12,$key)); | 329 | &xor ($s3,&DWP(16*$i+12,$key)); |
| 316 | } | 330 | } |
| 317 | &add ($key,32); | 331 | &add ($key,32); |
| 318 | &mov (&DWP(12,"esp"),$key); # advance rd_key | 332 | &mov (&DWP(12,"esp"),$key); # advance rd_key |
| 319 | &set_label("10rounds"); | 333 | &set_label("10rounds"); |
| 320 | for ($i=1;$i<10;$i++) { | 334 | for ($i=1;$i<10;$i++) { |
| 321 | if ($vertical_spin) { | 335 | if ($vertical_spin) { |
| @@ -333,375 +347,129 @@ sub enclast() | |||
| 333 | } | 347 | } |
| 334 | } | 348 | } |
| 335 | 349 | ||
| 336 | &add ("ebp",4*1024); # skip to Te4 | ||
| 337 | if ($vertical_spin) { | 350 | if ($vertical_spin) { |
| 338 | # "reincarnate" some registers for "horizontal" spin... | 351 | # "reincarnate" some registers for "horizontal" spin... |
| 339 | &mov ($s1="ebx",$key="esi"); | 352 | &mov ($s1="ebx",$key="edi"); |
| 340 | &mov ($s2="ecx",$acc="edi"); | 353 | &mov ($s2="ecx",$acc="esi"); |
| 341 | } | 354 | } |
| 342 | &enclast(0,"ebp",$s0,$s1,$s2,$s3); | 355 | &enclast(0,"ebp",$s0,$s1,$s2,$s3); |
| 343 | &enclast(1,"ebp",$s1,$s2,$s3,$s0); | 356 | &enclast(1,"ebp",$s1,$s2,$s3,$s0); |
| 344 | &enclast(2,"ebp",$s2,$s3,$s0,$s1); | 357 | &enclast(2,"ebp",$s2,$s3,$s0,$s1); |
| 345 | &enclast(3,"ebp",$s3,$s0,$s1,$s2); | 358 | &enclast(3,"ebp",$s3,$s0,$s1,$s2); |
| 346 | 359 | ||
| 347 | &mov ("esp",&DWP(16,"esp")); # restore %esp | ||
| 348 | &add ($key,$small_footprint?16:160); | 360 | &add ($key,$small_footprint?16:160); |
| 349 | &xor ($s0,&DWP(0,$key)); | 361 | &xor ($s0,&DWP(0,$key)); |
| 350 | &xor ($s1,&DWP(4,$key)); | 362 | &xor ($s1,&DWP(4,$key)); |
| 351 | &xor ($s2,&DWP(8,$key)); | 363 | &xor ($s2,&DWP(8,$key)); |
| 352 | &xor ($s3,&DWP(12,$key)); | 364 | &xor ($s3,&DWP(12,$key)); |
| 353 | 365 | ||
| 354 | &mov ($acc,&wparam(1)); # load out | ||
| 355 | &mov (&DWP(0,$acc),$s0); # write output data | ||
| 356 | &mov (&DWP(4,$acc),$s1); | ||
| 357 | &mov (&DWP(8,$acc),$s2); | ||
| 358 | &mov (&DWP(12,$acc),$s3); | ||
| 359 | |||
| 360 | &pop ("edi"); | ||
| 361 | &pop ("esi"); | ||
| 362 | &pop ("ebx"); | ||
| 363 | &pop ("ebp"); | ||
| 364 | &ret (); | 366 | &ret (); |
| 365 | 367 | ||
| 366 | &set_label("AES_Te",64); # Yes! I keep it in the code segment! | 368 | &set_label("AES_Te",64); # Yes! I keep it in the code segment! |
| 367 | &data_word(0xa56363c6, 0x847c7cf8, 0x997777ee, 0x8d7b7bf6); | 369 | &_data_word(0xa56363c6, 0x847c7cf8, 0x997777ee, 0x8d7b7bf6); |
| 368 | &data_word(0x0df2f2ff, 0xbd6b6bd6, 0xb16f6fde, 0x54c5c591); | 370 | &_data_word(0x0df2f2ff, 0xbd6b6bd6, 0xb16f6fde, 0x54c5c591); |
| 369 | &data_word(0x50303060, 0x03010102, 0xa96767ce, 0x7d2b2b56); | 371 | &_data_word(0x50303060, 0x03010102, 0xa96767ce, 0x7d2b2b56); |
| 370 | &data_word(0x19fefee7, 0x62d7d7b5, 0xe6abab4d, 0x9a7676ec); | 372 | &_data_word(0x19fefee7, 0x62d7d7b5, 0xe6abab4d, 0x9a7676ec); |
| 371 | &data_word(0x45caca8f, 0x9d82821f, 0x40c9c989, 0x877d7dfa); | 373 | &_data_word(0x45caca8f, 0x9d82821f, 0x40c9c989, 0x877d7dfa); |
| 372 | &data_word(0x15fafaef, 0xeb5959b2, 0xc947478e, 0x0bf0f0fb); | 374 | &_data_word(0x15fafaef, 0xeb5959b2, 0xc947478e, 0x0bf0f0fb); |
| 373 | &data_word(0xecadad41, 0x67d4d4b3, 0xfda2a25f, 0xeaafaf45); | 375 | &_data_word(0xecadad41, 0x67d4d4b3, 0xfda2a25f, 0xeaafaf45); |
| 374 | &data_word(0xbf9c9c23, 0xf7a4a453, 0x967272e4, 0x5bc0c09b); | 376 | &_data_word(0xbf9c9c23, 0xf7a4a453, 0x967272e4, 0x5bc0c09b); |
| 375 | &data_word(0xc2b7b775, 0x1cfdfde1, 0xae93933d, 0x6a26264c); | 377 | &_data_word(0xc2b7b775, 0x1cfdfde1, 0xae93933d, 0x6a26264c); |
| 376 | &data_word(0x5a36366c, 0x413f3f7e, 0x02f7f7f5, 0x4fcccc83); | 378 | &_data_word(0x5a36366c, 0x413f3f7e, 0x02f7f7f5, 0x4fcccc83); |
| 377 | &data_word(0x5c343468, 0xf4a5a551, 0x34e5e5d1, 0x08f1f1f9); | 379 | &_data_word(0x5c343468, 0xf4a5a551, 0x34e5e5d1, 0x08f1f1f9); |
| 378 | &data_word(0x937171e2, 0x73d8d8ab, 0x53313162, 0x3f15152a); | 380 | &_data_word(0x937171e2, 0x73d8d8ab, 0x53313162, 0x3f15152a); |
| 379 | &data_word(0x0c040408, 0x52c7c795, 0x65232346, 0x5ec3c39d); | 381 | &_data_word(0x0c040408, 0x52c7c795, 0x65232346, 0x5ec3c39d); |
| 380 | &data_word(0x28181830, 0xa1969637, 0x0f05050a, 0xb59a9a2f); | 382 | &_data_word(0x28181830, 0xa1969637, 0x0f05050a, 0xb59a9a2f); |
| 381 | &data_word(0x0907070e, 0x36121224, 0x9b80801b, 0x3de2e2df); | 383 | &_data_word(0x0907070e, 0x36121224, 0x9b80801b, 0x3de2e2df); |
| 382 | &data_word(0x26ebebcd, 0x6927274e, 0xcdb2b27f, 0x9f7575ea); | 384 | &_data_word(0x26ebebcd, 0x6927274e, 0xcdb2b27f, 0x9f7575ea); |
| 383 | &data_word(0x1b090912, 0x9e83831d, 0x742c2c58, 0x2e1a1a34); | 385 | &_data_word(0x1b090912, 0x9e83831d, 0x742c2c58, 0x2e1a1a34); |
| 384 | &data_word(0x2d1b1b36, 0xb26e6edc, 0xee5a5ab4, 0xfba0a05b); | 386 | &_data_word(0x2d1b1b36, 0xb26e6edc, 0xee5a5ab4, 0xfba0a05b); |
| 385 | &data_word(0xf65252a4, 0x4d3b3b76, 0x61d6d6b7, 0xceb3b37d); | 387 | &_data_word(0xf65252a4, 0x4d3b3b76, 0x61d6d6b7, 0xceb3b37d); |
| 386 | &data_word(0x7b292952, 0x3ee3e3dd, 0x712f2f5e, 0x97848413); | 388 | &_data_word(0x7b292952, 0x3ee3e3dd, 0x712f2f5e, 0x97848413); |
| 387 | &data_word(0xf55353a6, 0x68d1d1b9, 0x00000000, 0x2cededc1); | 389 | &_data_word(0xf55353a6, 0x68d1d1b9, 0x00000000, 0x2cededc1); |
| 388 | &data_word(0x60202040, 0x1ffcfce3, 0xc8b1b179, 0xed5b5bb6); | 390 | &_data_word(0x60202040, 0x1ffcfce3, 0xc8b1b179, 0xed5b5bb6); |
| 389 | &data_word(0xbe6a6ad4, 0x46cbcb8d, 0xd9bebe67, 0x4b393972); | 391 | &_data_word(0xbe6a6ad4, 0x46cbcb8d, 0xd9bebe67, 0x4b393972); |
| 390 | &data_word(0xde4a4a94, 0xd44c4c98, 0xe85858b0, 0x4acfcf85); | 392 | &_data_word(0xde4a4a94, 0xd44c4c98, 0xe85858b0, 0x4acfcf85); |
| 391 | &data_word(0x6bd0d0bb, 0x2aefefc5, 0xe5aaaa4f, 0x16fbfbed); | 393 | &_data_word(0x6bd0d0bb, 0x2aefefc5, 0xe5aaaa4f, 0x16fbfbed); |
| 392 | &data_word(0xc5434386, 0xd74d4d9a, 0x55333366, 0x94858511); | 394 | &_data_word(0xc5434386, 0xd74d4d9a, 0x55333366, 0x94858511); |
| 393 | &data_word(0xcf45458a, 0x10f9f9e9, 0x06020204, 0x817f7ffe); | 395 | &_data_word(0xcf45458a, 0x10f9f9e9, 0x06020204, 0x817f7ffe); |
| 394 | &data_word(0xf05050a0, 0x443c3c78, 0xba9f9f25, 0xe3a8a84b); | 396 | &_data_word(0xf05050a0, 0x443c3c78, 0xba9f9f25, 0xe3a8a84b); |
| 395 | &data_word(0xf35151a2, 0xfea3a35d, 0xc0404080, 0x8a8f8f05); | 397 | &_data_word(0xf35151a2, 0xfea3a35d, 0xc0404080, 0x8a8f8f05); |
| 396 | &data_word(0xad92923f, 0xbc9d9d21, 0x48383870, 0x04f5f5f1); | 398 | &_data_word(0xad92923f, 0xbc9d9d21, 0x48383870, 0x04f5f5f1); |
| 397 | &data_word(0xdfbcbc63, 0xc1b6b677, 0x75dadaaf, 0x63212142); | 399 | &_data_word(0xdfbcbc63, 0xc1b6b677, 0x75dadaaf, 0x63212142); |
| 398 | &data_word(0x30101020, 0x1affffe5, 0x0ef3f3fd, 0x6dd2d2bf); | 400 | &_data_word(0x30101020, 0x1affffe5, 0x0ef3f3fd, 0x6dd2d2bf); |
| 399 | &data_word(0x4ccdcd81, 0x140c0c18, 0x35131326, 0x2fececc3); | 401 | &_data_word(0x4ccdcd81, 0x140c0c18, 0x35131326, 0x2fececc3); |
| 400 | &data_word(0xe15f5fbe, 0xa2979735, 0xcc444488, 0x3917172e); | 402 | &_data_word(0xe15f5fbe, 0xa2979735, 0xcc444488, 0x3917172e); |
| 401 | &data_word(0x57c4c493, 0xf2a7a755, 0x827e7efc, 0x473d3d7a); | 403 | &_data_word(0x57c4c493, 0xf2a7a755, 0x827e7efc, 0x473d3d7a); |
| 402 | &data_word(0xac6464c8, 0xe75d5dba, 0x2b191932, 0x957373e6); | 404 | &_data_word(0xac6464c8, 0xe75d5dba, 0x2b191932, 0x957373e6); |
| 403 | &data_word(0xa06060c0, 0x98818119, 0xd14f4f9e, 0x7fdcdca3); | 405 | &_data_word(0xa06060c0, 0x98818119, 0xd14f4f9e, 0x7fdcdca3); |
| 404 | &data_word(0x66222244, 0x7e2a2a54, 0xab90903b, 0x8388880b); | 406 | &_data_word(0x66222244, 0x7e2a2a54, 0xab90903b, 0x8388880b); |
| 405 | &data_word(0xca46468c, 0x29eeeec7, 0xd3b8b86b, 0x3c141428); | 407 | &_data_word(0xca46468c, 0x29eeeec7, 0xd3b8b86b, 0x3c141428); |
| 406 | &data_word(0x79dedea7, 0xe25e5ebc, 0x1d0b0b16, 0x76dbdbad); | 408 | &_data_word(0x79dedea7, 0xe25e5ebc, 0x1d0b0b16, 0x76dbdbad); |
| 407 | &data_word(0x3be0e0db, 0x56323264, 0x4e3a3a74, 0x1e0a0a14); | 409 | &_data_word(0x3be0e0db, 0x56323264, 0x4e3a3a74, 0x1e0a0a14); |
| 408 | &data_word(0xdb494992, 0x0a06060c, 0x6c242448, 0xe45c5cb8); | 410 | &_data_word(0xdb494992, 0x0a06060c, 0x6c242448, 0xe45c5cb8); |
| 409 | &data_word(0x5dc2c29f, 0x6ed3d3bd, 0xefacac43, 0xa66262c4); | 411 | &_data_word(0x5dc2c29f, 0x6ed3d3bd, 0xefacac43, 0xa66262c4); |
| 410 | &data_word(0xa8919139, 0xa4959531, 0x37e4e4d3, 0x8b7979f2); | 412 | &_data_word(0xa8919139, 0xa4959531, 0x37e4e4d3, 0x8b7979f2); |
| 411 | &data_word(0x32e7e7d5, 0x43c8c88b, 0x5937376e, 0xb76d6dda); | 413 | &_data_word(0x32e7e7d5, 0x43c8c88b, 0x5937376e, 0xb76d6dda); |
| 412 | &data_word(0x8c8d8d01, 0x64d5d5b1, 0xd24e4e9c, 0xe0a9a949); | 414 | &_data_word(0x8c8d8d01, 0x64d5d5b1, 0xd24e4e9c, 0xe0a9a949); |
| 413 | &data_word(0xb46c6cd8, 0xfa5656ac, 0x07f4f4f3, 0x25eaeacf); | 415 | &_data_word(0xb46c6cd8, 0xfa5656ac, 0x07f4f4f3, 0x25eaeacf); |
| 414 | &data_word(0xaf6565ca, 0x8e7a7af4, 0xe9aeae47, 0x18080810); | 416 | &_data_word(0xaf6565ca, 0x8e7a7af4, 0xe9aeae47, 0x18080810); |
| 415 | &data_word(0xd5baba6f, 0x887878f0, 0x6f25254a, 0x722e2e5c); | 417 | &_data_word(0xd5baba6f, 0x887878f0, 0x6f25254a, 0x722e2e5c); |
| 416 | &data_word(0x241c1c38, 0xf1a6a657, 0xc7b4b473, 0x51c6c697); | 418 | &_data_word(0x241c1c38, 0xf1a6a657, 0xc7b4b473, 0x51c6c697); |
| 417 | &data_word(0x23e8e8cb, 0x7cdddda1, 0x9c7474e8, 0x211f1f3e); | 419 | &_data_word(0x23e8e8cb, 0x7cdddda1, 0x9c7474e8, 0x211f1f3e); |
| 418 | &data_word(0xdd4b4b96, 0xdcbdbd61, 0x868b8b0d, 0x858a8a0f); | 420 | &_data_word(0xdd4b4b96, 0xdcbdbd61, 0x868b8b0d, 0x858a8a0f); |
| 419 | &data_word(0x907070e0, 0x423e3e7c, 0xc4b5b571, 0xaa6666cc); | 421 | &_data_word(0x907070e0, 0x423e3e7c, 0xc4b5b571, 0xaa6666cc); |
| 420 | &data_word(0xd8484890, 0x05030306, 0x01f6f6f7, 0x120e0e1c); | 422 | &_data_word(0xd8484890, 0x05030306, 0x01f6f6f7, 0x120e0e1c); |
| 421 | &data_word(0xa36161c2, 0x5f35356a, 0xf95757ae, 0xd0b9b969); | 423 | &_data_word(0xa36161c2, 0x5f35356a, 0xf95757ae, 0xd0b9b969); |
| 422 | &data_word(0x91868617, 0x58c1c199, 0x271d1d3a, 0xb99e9e27); | 424 | &_data_word(0x91868617, 0x58c1c199, 0x271d1d3a, 0xb99e9e27); |
| 423 | &data_word(0x38e1e1d9, 0x13f8f8eb, 0xb398982b, 0x33111122); | 425 | &_data_word(0x38e1e1d9, 0x13f8f8eb, 0xb398982b, 0x33111122); |
| 424 | &data_word(0xbb6969d2, 0x70d9d9a9, 0x898e8e07, 0xa7949433); | 426 | &_data_word(0xbb6969d2, 0x70d9d9a9, 0x898e8e07, 0xa7949433); |
| 425 | &data_word(0xb69b9b2d, 0x221e1e3c, 0x92878715, 0x20e9e9c9); | 427 | &_data_word(0xb69b9b2d, 0x221e1e3c, 0x92878715, 0x20e9e9c9); |
| 426 | &data_word(0x49cece87, 0xff5555aa, 0x78282850, 0x7adfdfa5); | 428 | &_data_word(0x49cece87, 0xff5555aa, 0x78282850, 0x7adfdfa5); |
| 427 | &data_word(0x8f8c8c03, 0xf8a1a159, 0x80898909, 0x170d0d1a); | 429 | &_data_word(0x8f8c8c03, 0xf8a1a159, 0x80898909, 0x170d0d1a); |
| 428 | &data_word(0xdabfbf65, 0x31e6e6d7, 0xc6424284, 0xb86868d0); | 430 | &_data_word(0xdabfbf65, 0x31e6e6d7, 0xc6424284, 0xb86868d0); |
| 429 | &data_word(0xc3414182, 0xb0999929, 0x772d2d5a, 0x110f0f1e); | 431 | &_data_word(0xc3414182, 0xb0999929, 0x772d2d5a, 0x110f0f1e); |
| 430 | &data_word(0xcbb0b07b, 0xfc5454a8, 0xd6bbbb6d, 0x3a16162c); | 432 | &_data_word(0xcbb0b07b, 0xfc5454a8, 0xd6bbbb6d, 0x3a16162c); |
| 431 | #Te1: | ||
| 432 | &data_word(0x6363c6a5, 0x7c7cf884, 0x7777ee99, 0x7b7bf68d); | ||
| 433 | &data_word(0xf2f2ff0d, 0x6b6bd6bd, 0x6f6fdeb1, 0xc5c59154); | ||
| 434 | &data_word(0x30306050, 0x01010203, 0x6767cea9, 0x2b2b567d); | ||
| 435 | &data_word(0xfefee719, 0xd7d7b562, 0xabab4de6, 0x7676ec9a); | ||
| 436 | &data_word(0xcaca8f45, 0x82821f9d, 0xc9c98940, 0x7d7dfa87); | ||
| 437 | &data_word(0xfafaef15, 0x5959b2eb, 0x47478ec9, 0xf0f0fb0b); | ||
| 438 | &data_word(0xadad41ec, 0xd4d4b367, 0xa2a25ffd, 0xafaf45ea); | ||
| 439 | &data_word(0x9c9c23bf, 0xa4a453f7, 0x7272e496, 0xc0c09b5b); | ||
| 440 | &data_word(0xb7b775c2, 0xfdfde11c, 0x93933dae, 0x26264c6a); | ||
| 441 | &data_word(0x36366c5a, 0x3f3f7e41, 0xf7f7f502, 0xcccc834f); | ||
| 442 | &data_word(0x3434685c, 0xa5a551f4, 0xe5e5d134, 0xf1f1f908); | ||
| 443 | &data_word(0x7171e293, 0xd8d8ab73, 0x31316253, 0x15152a3f); | ||
| 444 | &data_word(0x0404080c, 0xc7c79552, 0x23234665, 0xc3c39d5e); | ||
| 445 | &data_word(0x18183028, 0x969637a1, 0x05050a0f, 0x9a9a2fb5); | ||
| 446 | &data_word(0x07070e09, 0x12122436, 0x80801b9b, 0xe2e2df3d); | ||
| 447 | &data_word(0xebebcd26, 0x27274e69, 0xb2b27fcd, 0x7575ea9f); | ||
| 448 | &data_word(0x0909121b, 0x83831d9e, 0x2c2c5874, 0x1a1a342e); | ||
| 449 | &data_word(0x1b1b362d, 0x6e6edcb2, 0x5a5ab4ee, 0xa0a05bfb); | ||
| 450 | &data_word(0x5252a4f6, 0x3b3b764d, 0xd6d6b761, 0xb3b37dce); | ||
| 451 | &data_word(0x2929527b, 0xe3e3dd3e, 0x2f2f5e71, 0x84841397); | ||
| 452 | &data_word(0x5353a6f5, 0xd1d1b968, 0x00000000, 0xededc12c); | ||
| 453 | &data_word(0x20204060, 0xfcfce31f, 0xb1b179c8, 0x5b5bb6ed); | ||
| 454 | &data_word(0x6a6ad4be, 0xcbcb8d46, 0xbebe67d9, 0x3939724b); | ||
| 455 | &data_word(0x4a4a94de, 0x4c4c98d4, 0x5858b0e8, 0xcfcf854a); | ||
| 456 | &data_word(0xd0d0bb6b, 0xefefc52a, 0xaaaa4fe5, 0xfbfbed16); | ||
| 457 | &data_word(0x434386c5, 0x4d4d9ad7, 0x33336655, 0x85851194); | ||
| 458 | &data_word(0x45458acf, 0xf9f9e910, 0x02020406, 0x7f7ffe81); | ||
| 459 | &data_word(0x5050a0f0, 0x3c3c7844, 0x9f9f25ba, 0xa8a84be3); | ||
| 460 | &data_word(0x5151a2f3, 0xa3a35dfe, 0x404080c0, 0x8f8f058a); | ||
| 461 | &data_word(0x92923fad, 0x9d9d21bc, 0x38387048, 0xf5f5f104); | ||
| 462 | &data_word(0xbcbc63df, 0xb6b677c1, 0xdadaaf75, 0x21214263); | ||
| 463 | &data_word(0x10102030, 0xffffe51a, 0xf3f3fd0e, 0xd2d2bf6d); | ||
| 464 | &data_word(0xcdcd814c, 0x0c0c1814, 0x13132635, 0xececc32f); | ||
| 465 | &data_word(0x5f5fbee1, 0x979735a2, 0x444488cc, 0x17172e39); | ||
| 466 | &data_word(0xc4c49357, 0xa7a755f2, 0x7e7efc82, 0x3d3d7a47); | ||
| 467 | &data_word(0x6464c8ac, 0x5d5dbae7, 0x1919322b, 0x7373e695); | ||
| 468 | &data_word(0x6060c0a0, 0x81811998, 0x4f4f9ed1, 0xdcdca37f); | ||
| 469 | &data_word(0x22224466, 0x2a2a547e, 0x90903bab, 0x88880b83); | ||
| 470 | &data_word(0x46468cca, 0xeeeec729, 0xb8b86bd3, 0x1414283c); | ||
| 471 | &data_word(0xdedea779, 0x5e5ebce2, 0x0b0b161d, 0xdbdbad76); | ||
| 472 | &data_word(0xe0e0db3b, 0x32326456, 0x3a3a744e, 0x0a0a141e); | ||
| 473 | &data_word(0x494992db, 0x06060c0a, 0x2424486c, 0x5c5cb8e4); | ||
| 474 | &data_word(0xc2c29f5d, 0xd3d3bd6e, 0xacac43ef, 0x6262c4a6); | ||
| 475 | &data_word(0x919139a8, 0x959531a4, 0xe4e4d337, 0x7979f28b); | ||
| 476 | &data_word(0xe7e7d532, 0xc8c88b43, 0x37376e59, 0x6d6ddab7); | ||
| 477 | &data_word(0x8d8d018c, 0xd5d5b164, 0x4e4e9cd2, 0xa9a949e0); | ||
| 478 | &data_word(0x6c6cd8b4, 0x5656acfa, 0xf4f4f307, 0xeaeacf25); | ||
| 479 | &data_word(0x6565caaf, 0x7a7af48e, 0xaeae47e9, 0x08081018); | ||
| 480 | &data_word(0xbaba6fd5, 0x7878f088, 0x25254a6f, 0x2e2e5c72); | ||
| 481 | &data_word(0x1c1c3824, 0xa6a657f1, 0xb4b473c7, 0xc6c69751); | ||
| 482 | &data_word(0xe8e8cb23, 0xdddda17c, 0x7474e89c, 0x1f1f3e21); | ||
| 483 | &data_word(0x4b4b96dd, 0xbdbd61dc, 0x8b8b0d86, 0x8a8a0f85); | ||
| 484 | &data_word(0x7070e090, 0x3e3e7c42, 0xb5b571c4, 0x6666ccaa); | ||
| 485 | &data_word(0x484890d8, 0x03030605, 0xf6f6f701, 0x0e0e1c12); | ||
| 486 | &data_word(0x6161c2a3, 0x35356a5f, 0x5757aef9, 0xb9b969d0); | ||
| 487 | &data_word(0x86861791, 0xc1c19958, 0x1d1d3a27, 0x9e9e27b9); | ||
| 488 | &data_word(0xe1e1d938, 0xf8f8eb13, 0x98982bb3, 0x11112233); | ||
| 489 | &data_word(0x6969d2bb, 0xd9d9a970, 0x8e8e0789, 0x949433a7); | ||
| 490 | &data_word(0x9b9b2db6, 0x1e1e3c22, 0x87871592, 0xe9e9c920); | ||
| 491 | &data_word(0xcece8749, 0x5555aaff, 0x28285078, 0xdfdfa57a); | ||
| 492 | &data_word(0x8c8c038f, 0xa1a159f8, 0x89890980, 0x0d0d1a17); | ||
| 493 | &data_word(0xbfbf65da, 0xe6e6d731, 0x424284c6, 0x6868d0b8); | ||
| 494 | &data_word(0x414182c3, 0x999929b0, 0x2d2d5a77, 0x0f0f1e11); | ||
| 495 | &data_word(0xb0b07bcb, 0x5454a8fc, 0xbbbb6dd6, 0x16162c3a); | ||
| 496 | #Te2: | ||
| 497 | &data_word(0x63c6a563, 0x7cf8847c, 0x77ee9977, 0x7bf68d7b); | ||
| 498 | &data_word(0xf2ff0df2, 0x6bd6bd6b, 0x6fdeb16f, 0xc59154c5); | ||
| 499 | &data_word(0x30605030, 0x01020301, 0x67cea967, 0x2b567d2b); | ||
| 500 | &data_word(0xfee719fe, 0xd7b562d7, 0xab4de6ab, 0x76ec9a76); | ||
| 501 | &data_word(0xca8f45ca, 0x821f9d82, 0xc98940c9, 0x7dfa877d); | ||
| 502 | &data_word(0xfaef15fa, 0x59b2eb59, 0x478ec947, 0xf0fb0bf0); | ||
| 503 | &data_word(0xad41ecad, 0xd4b367d4, 0xa25ffda2, 0xaf45eaaf); | ||
| 504 | &data_word(0x9c23bf9c, 0xa453f7a4, 0x72e49672, 0xc09b5bc0); | ||
| 505 | &data_word(0xb775c2b7, 0xfde11cfd, 0x933dae93, 0x264c6a26); | ||
| 506 | &data_word(0x366c5a36, 0x3f7e413f, 0xf7f502f7, 0xcc834fcc); | ||
| 507 | &data_word(0x34685c34, 0xa551f4a5, 0xe5d134e5, 0xf1f908f1); | ||
| 508 | &data_word(0x71e29371, 0xd8ab73d8, 0x31625331, 0x152a3f15); | ||
| 509 | &data_word(0x04080c04, 0xc79552c7, 0x23466523, 0xc39d5ec3); | ||
| 510 | &data_word(0x18302818, 0x9637a196, 0x050a0f05, 0x9a2fb59a); | ||
| 511 | &data_word(0x070e0907, 0x12243612, 0x801b9b80, 0xe2df3de2); | ||
| 512 | &data_word(0xebcd26eb, 0x274e6927, 0xb27fcdb2, 0x75ea9f75); | ||
| 513 | &data_word(0x09121b09, 0x831d9e83, 0x2c58742c, 0x1a342e1a); | ||
| 514 | &data_word(0x1b362d1b, 0x6edcb26e, 0x5ab4ee5a, 0xa05bfba0); | ||
| 515 | &data_word(0x52a4f652, 0x3b764d3b, 0xd6b761d6, 0xb37dceb3); | ||
| 516 | &data_word(0x29527b29, 0xe3dd3ee3, 0x2f5e712f, 0x84139784); | ||
| 517 | &data_word(0x53a6f553, 0xd1b968d1, 0x00000000, 0xedc12ced); | ||
| 518 | &data_word(0x20406020, 0xfce31ffc, 0xb179c8b1, 0x5bb6ed5b); | ||
| 519 | &data_word(0x6ad4be6a, 0xcb8d46cb, 0xbe67d9be, 0x39724b39); | ||
| 520 | &data_word(0x4a94de4a, 0x4c98d44c, 0x58b0e858, 0xcf854acf); | ||
| 521 | &data_word(0xd0bb6bd0, 0xefc52aef, 0xaa4fe5aa, 0xfbed16fb); | ||
| 522 | &data_word(0x4386c543, 0x4d9ad74d, 0x33665533, 0x85119485); | ||
| 523 | &data_word(0x458acf45, 0xf9e910f9, 0x02040602, 0x7ffe817f); | ||
| 524 | &data_word(0x50a0f050, 0x3c78443c, 0x9f25ba9f, 0xa84be3a8); | ||
| 525 | &data_word(0x51a2f351, 0xa35dfea3, 0x4080c040, 0x8f058a8f); | ||
| 526 | &data_word(0x923fad92, 0x9d21bc9d, 0x38704838, 0xf5f104f5); | ||
| 527 | &data_word(0xbc63dfbc, 0xb677c1b6, 0xdaaf75da, 0x21426321); | ||
| 528 | &data_word(0x10203010, 0xffe51aff, 0xf3fd0ef3, 0xd2bf6dd2); | ||
| 529 | &data_word(0xcd814ccd, 0x0c18140c, 0x13263513, 0xecc32fec); | ||
| 530 | &data_word(0x5fbee15f, 0x9735a297, 0x4488cc44, 0x172e3917); | ||
| 531 | &data_word(0xc49357c4, 0xa755f2a7, 0x7efc827e, 0x3d7a473d); | ||
| 532 | &data_word(0x64c8ac64, 0x5dbae75d, 0x19322b19, 0x73e69573); | ||
| 533 | &data_word(0x60c0a060, 0x81199881, 0x4f9ed14f, 0xdca37fdc); | ||
| 534 | &data_word(0x22446622, 0x2a547e2a, 0x903bab90, 0x880b8388); | ||
| 535 | &data_word(0x468cca46, 0xeec729ee, 0xb86bd3b8, 0x14283c14); | ||
| 536 | &data_word(0xdea779de, 0x5ebce25e, 0x0b161d0b, 0xdbad76db); | ||
| 537 | &data_word(0xe0db3be0, 0x32645632, 0x3a744e3a, 0x0a141e0a); | ||
| 538 | &data_word(0x4992db49, 0x060c0a06, 0x24486c24, 0x5cb8e45c); | ||
| 539 | &data_word(0xc29f5dc2, 0xd3bd6ed3, 0xac43efac, 0x62c4a662); | ||
| 540 | &data_word(0x9139a891, 0x9531a495, 0xe4d337e4, 0x79f28b79); | ||
| 541 | &data_word(0xe7d532e7, 0xc88b43c8, 0x376e5937, 0x6ddab76d); | ||
| 542 | &data_word(0x8d018c8d, 0xd5b164d5, 0x4e9cd24e, 0xa949e0a9); | ||
| 543 | &data_word(0x6cd8b46c, 0x56acfa56, 0xf4f307f4, 0xeacf25ea); | ||
| 544 | &data_word(0x65caaf65, 0x7af48e7a, 0xae47e9ae, 0x08101808); | ||
| 545 | &data_word(0xba6fd5ba, 0x78f08878, 0x254a6f25, 0x2e5c722e); | ||
| 546 | &data_word(0x1c38241c, 0xa657f1a6, 0xb473c7b4, 0xc69751c6); | ||
| 547 | &data_word(0xe8cb23e8, 0xdda17cdd, 0x74e89c74, 0x1f3e211f); | ||
| 548 | &data_word(0x4b96dd4b, 0xbd61dcbd, 0x8b0d868b, 0x8a0f858a); | ||
| 549 | &data_word(0x70e09070, 0x3e7c423e, 0xb571c4b5, 0x66ccaa66); | ||
| 550 | &data_word(0x4890d848, 0x03060503, 0xf6f701f6, 0x0e1c120e); | ||
| 551 | &data_word(0x61c2a361, 0x356a5f35, 0x57aef957, 0xb969d0b9); | ||
| 552 | &data_word(0x86179186, 0xc19958c1, 0x1d3a271d, 0x9e27b99e); | ||
| 553 | &data_word(0xe1d938e1, 0xf8eb13f8, 0x982bb398, 0x11223311); | ||
| 554 | &data_word(0x69d2bb69, 0xd9a970d9, 0x8e07898e, 0x9433a794); | ||
| 555 | &data_word(0x9b2db69b, 0x1e3c221e, 0x87159287, 0xe9c920e9); | ||
| 556 | &data_word(0xce8749ce, 0x55aaff55, 0x28507828, 0xdfa57adf); | ||
| 557 | &data_word(0x8c038f8c, 0xa159f8a1, 0x89098089, 0x0d1a170d); | ||
| 558 | &data_word(0xbf65dabf, 0xe6d731e6, 0x4284c642, 0x68d0b868); | ||
| 559 | &data_word(0x4182c341, 0x9929b099, 0x2d5a772d, 0x0f1e110f); | ||
| 560 | &data_word(0xb07bcbb0, 0x54a8fc54, 0xbb6dd6bb, 0x162c3a16); | ||
| 561 | #Te3: | ||
| 562 | &data_word(0xc6a56363, 0xf8847c7c, 0xee997777, 0xf68d7b7b); | ||
| 563 | &data_word(0xff0df2f2, 0xd6bd6b6b, 0xdeb16f6f, 0x9154c5c5); | ||
| 564 | &data_word(0x60503030, 0x02030101, 0xcea96767, 0x567d2b2b); | ||
| 565 | &data_word(0xe719fefe, 0xb562d7d7, 0x4de6abab, 0xec9a7676); | ||
| 566 | &data_word(0x8f45caca, 0x1f9d8282, 0x8940c9c9, 0xfa877d7d); | ||
| 567 | &data_word(0xef15fafa, 0xb2eb5959, 0x8ec94747, 0xfb0bf0f0); | ||
| 568 | &data_word(0x41ecadad, 0xb367d4d4, 0x5ffda2a2, 0x45eaafaf); | ||
| 569 | &data_word(0x23bf9c9c, 0x53f7a4a4, 0xe4967272, 0x9b5bc0c0); | ||
| 570 | &data_word(0x75c2b7b7, 0xe11cfdfd, 0x3dae9393, 0x4c6a2626); | ||
| 571 | &data_word(0x6c5a3636, 0x7e413f3f, 0xf502f7f7, 0x834fcccc); | ||
| 572 | &data_word(0x685c3434, 0x51f4a5a5, 0xd134e5e5, 0xf908f1f1); | ||
| 573 | &data_word(0xe2937171, 0xab73d8d8, 0x62533131, 0x2a3f1515); | ||
| 574 | &data_word(0x080c0404, 0x9552c7c7, 0x46652323, 0x9d5ec3c3); | ||
| 575 | &data_word(0x30281818, 0x37a19696, 0x0a0f0505, 0x2fb59a9a); | ||
| 576 | &data_word(0x0e090707, 0x24361212, 0x1b9b8080, 0xdf3de2e2); | ||
| 577 | &data_word(0xcd26ebeb, 0x4e692727, 0x7fcdb2b2, 0xea9f7575); | ||
| 578 | &data_word(0x121b0909, 0x1d9e8383, 0x58742c2c, 0x342e1a1a); | ||
| 579 | &data_word(0x362d1b1b, 0xdcb26e6e, 0xb4ee5a5a, 0x5bfba0a0); | ||
| 580 | &data_word(0xa4f65252, 0x764d3b3b, 0xb761d6d6, 0x7dceb3b3); | ||
| 581 | &data_word(0x527b2929, 0xdd3ee3e3, 0x5e712f2f, 0x13978484); | ||
| 582 | &data_word(0xa6f55353, 0xb968d1d1, 0x00000000, 0xc12ceded); | ||
| 583 | &data_word(0x40602020, 0xe31ffcfc, 0x79c8b1b1, 0xb6ed5b5b); | ||
| 584 | &data_word(0xd4be6a6a, 0x8d46cbcb, 0x67d9bebe, 0x724b3939); | ||
| 585 | &data_word(0x94de4a4a, 0x98d44c4c, 0xb0e85858, 0x854acfcf); | ||
| 586 | &data_word(0xbb6bd0d0, 0xc52aefef, 0x4fe5aaaa, 0xed16fbfb); | ||
| 587 | &data_word(0x86c54343, 0x9ad74d4d, 0x66553333, 0x11948585); | ||
| 588 | &data_word(0x8acf4545, 0xe910f9f9, 0x04060202, 0xfe817f7f); | ||
| 589 | &data_word(0xa0f05050, 0x78443c3c, 0x25ba9f9f, 0x4be3a8a8); | ||
| 590 | &data_word(0xa2f35151, 0x5dfea3a3, 0x80c04040, 0x058a8f8f); | ||
| 591 | &data_word(0x3fad9292, 0x21bc9d9d, 0x70483838, 0xf104f5f5); | ||
| 592 | &data_word(0x63dfbcbc, 0x77c1b6b6, 0xaf75dada, 0x42632121); | ||
| 593 | &data_word(0x20301010, 0xe51affff, 0xfd0ef3f3, 0xbf6dd2d2); | ||
| 594 | &data_word(0x814ccdcd, 0x18140c0c, 0x26351313, 0xc32fecec); | ||
| 595 | &data_word(0xbee15f5f, 0x35a29797, 0x88cc4444, 0x2e391717); | ||
| 596 | &data_word(0x9357c4c4, 0x55f2a7a7, 0xfc827e7e, 0x7a473d3d); | ||
| 597 | &data_word(0xc8ac6464, 0xbae75d5d, 0x322b1919, 0xe6957373); | ||
| 598 | &data_word(0xc0a06060, 0x19988181, 0x9ed14f4f, 0xa37fdcdc); | ||
| 599 | &data_word(0x44662222, 0x547e2a2a, 0x3bab9090, 0x0b838888); | ||
| 600 | &data_word(0x8cca4646, 0xc729eeee, 0x6bd3b8b8, 0x283c1414); | ||
| 601 | &data_word(0xa779dede, 0xbce25e5e, 0x161d0b0b, 0xad76dbdb); | ||
| 602 | &data_word(0xdb3be0e0, 0x64563232, 0x744e3a3a, 0x141e0a0a); | ||
| 603 | &data_word(0x92db4949, 0x0c0a0606, 0x486c2424, 0xb8e45c5c); | ||
| 604 | &data_word(0x9f5dc2c2, 0xbd6ed3d3, 0x43efacac, 0xc4a66262); | ||
| 605 | &data_word(0x39a89191, 0x31a49595, 0xd337e4e4, 0xf28b7979); | ||
| 606 | &data_word(0xd532e7e7, 0x8b43c8c8, 0x6e593737, 0xdab76d6d); | ||
| 607 | &data_word(0x018c8d8d, 0xb164d5d5, 0x9cd24e4e, 0x49e0a9a9); | ||
| 608 | &data_word(0xd8b46c6c, 0xacfa5656, 0xf307f4f4, 0xcf25eaea); | ||
| 609 | &data_word(0xcaaf6565, 0xf48e7a7a, 0x47e9aeae, 0x10180808); | ||
| 610 | &data_word(0x6fd5baba, 0xf0887878, 0x4a6f2525, 0x5c722e2e); | ||
| 611 | &data_word(0x38241c1c, 0x57f1a6a6, 0x73c7b4b4, 0x9751c6c6); | ||
| 612 | &data_word(0xcb23e8e8, 0xa17cdddd, 0xe89c7474, 0x3e211f1f); | ||
| 613 | &data_word(0x96dd4b4b, 0x61dcbdbd, 0x0d868b8b, 0x0f858a8a); | ||
| 614 | &data_word(0xe0907070, 0x7c423e3e, 0x71c4b5b5, 0xccaa6666); | ||
| 615 | &data_word(0x90d84848, 0x06050303, 0xf701f6f6, 0x1c120e0e); | ||
| 616 | &data_word(0xc2a36161, 0x6a5f3535, 0xaef95757, 0x69d0b9b9); | ||
| 617 | &data_word(0x17918686, 0x9958c1c1, 0x3a271d1d, 0x27b99e9e); | ||
| 618 | &data_word(0xd938e1e1, 0xeb13f8f8, 0x2bb39898, 0x22331111); | ||
| 619 | &data_word(0xd2bb6969, 0xa970d9d9, 0x07898e8e, 0x33a79494); | ||
| 620 | &data_word(0x2db69b9b, 0x3c221e1e, 0x15928787, 0xc920e9e9); | ||
| 621 | &data_word(0x8749cece, 0xaaff5555, 0x50782828, 0xa57adfdf); | ||
| 622 | &data_word(0x038f8c8c, 0x59f8a1a1, 0x09808989, 0x1a170d0d); | ||
| 623 | &data_word(0x65dabfbf, 0xd731e6e6, 0x84c64242, 0xd0b86868); | ||
| 624 | &data_word(0x82c34141, 0x29b09999, 0x5a772d2d, 0x1e110f0f); | ||
| 625 | &data_word(0x7bcbb0b0, 0xa8fc5454, 0x6dd6bbbb, 0x2c3a1616); | ||
| 626 | #Te4: | ||
| 627 | &data_word(0x63636363, 0x7c7c7c7c, 0x77777777, 0x7b7b7b7b); | ||
| 628 | &data_word(0xf2f2f2f2, 0x6b6b6b6b, 0x6f6f6f6f, 0xc5c5c5c5); | ||
| 629 | &data_word(0x30303030, 0x01010101, 0x67676767, 0x2b2b2b2b); | ||
| 630 | &data_word(0xfefefefe, 0xd7d7d7d7, 0xabababab, 0x76767676); | ||
| 631 | &data_word(0xcacacaca, 0x82828282, 0xc9c9c9c9, 0x7d7d7d7d); | ||
| 632 | &data_word(0xfafafafa, 0x59595959, 0x47474747, 0xf0f0f0f0); | ||
| 633 | &data_word(0xadadadad, 0xd4d4d4d4, 0xa2a2a2a2, 0xafafafaf); | ||
| 634 | &data_word(0x9c9c9c9c, 0xa4a4a4a4, 0x72727272, 0xc0c0c0c0); | ||
| 635 | &data_word(0xb7b7b7b7, 0xfdfdfdfd, 0x93939393, 0x26262626); | ||
| 636 | &data_word(0x36363636, 0x3f3f3f3f, 0xf7f7f7f7, 0xcccccccc); | ||
| 637 | &data_word(0x34343434, 0xa5a5a5a5, 0xe5e5e5e5, 0xf1f1f1f1); | ||
| 638 | &data_word(0x71717171, 0xd8d8d8d8, 0x31313131, 0x15151515); | ||
| 639 | &data_word(0x04040404, 0xc7c7c7c7, 0x23232323, 0xc3c3c3c3); | ||
| 640 | &data_word(0x18181818, 0x96969696, 0x05050505, 0x9a9a9a9a); | ||
| 641 | &data_word(0x07070707, 0x12121212, 0x80808080, 0xe2e2e2e2); | ||
| 642 | &data_word(0xebebebeb, 0x27272727, 0xb2b2b2b2, 0x75757575); | ||
| 643 | &data_word(0x09090909, 0x83838383, 0x2c2c2c2c, 0x1a1a1a1a); | ||
| 644 | &data_word(0x1b1b1b1b, 0x6e6e6e6e, 0x5a5a5a5a, 0xa0a0a0a0); | ||
| 645 | &data_word(0x52525252, 0x3b3b3b3b, 0xd6d6d6d6, 0xb3b3b3b3); | ||
| 646 | &data_word(0x29292929, 0xe3e3e3e3, 0x2f2f2f2f, 0x84848484); | ||
| 647 | &data_word(0x53535353, 0xd1d1d1d1, 0x00000000, 0xedededed); | ||
| 648 | &data_word(0x20202020, 0xfcfcfcfc, 0xb1b1b1b1, 0x5b5b5b5b); | ||
| 649 | &data_word(0x6a6a6a6a, 0xcbcbcbcb, 0xbebebebe, 0x39393939); | ||
| 650 | &data_word(0x4a4a4a4a, 0x4c4c4c4c, 0x58585858, 0xcfcfcfcf); | ||
| 651 | &data_word(0xd0d0d0d0, 0xefefefef, 0xaaaaaaaa, 0xfbfbfbfb); | ||
| 652 | &data_word(0x43434343, 0x4d4d4d4d, 0x33333333, 0x85858585); | ||
| 653 | &data_word(0x45454545, 0xf9f9f9f9, 0x02020202, 0x7f7f7f7f); | ||
| 654 | &data_word(0x50505050, 0x3c3c3c3c, 0x9f9f9f9f, 0xa8a8a8a8); | ||
| 655 | &data_word(0x51515151, 0xa3a3a3a3, 0x40404040, 0x8f8f8f8f); | ||
| 656 | &data_word(0x92929292, 0x9d9d9d9d, 0x38383838, 0xf5f5f5f5); | ||
| 657 | &data_word(0xbcbcbcbc, 0xb6b6b6b6, 0xdadadada, 0x21212121); | ||
| 658 | &data_word(0x10101010, 0xffffffff, 0xf3f3f3f3, 0xd2d2d2d2); | ||
| 659 | &data_word(0xcdcdcdcd, 0x0c0c0c0c, 0x13131313, 0xecececec); | ||
| 660 | &data_word(0x5f5f5f5f, 0x97979797, 0x44444444, 0x17171717); | ||
| 661 | &data_word(0xc4c4c4c4, 0xa7a7a7a7, 0x7e7e7e7e, 0x3d3d3d3d); | ||
| 662 | &data_word(0x64646464, 0x5d5d5d5d, 0x19191919, 0x73737373); | ||
| 663 | &data_word(0x60606060, 0x81818181, 0x4f4f4f4f, 0xdcdcdcdc); | ||
| 664 | &data_word(0x22222222, 0x2a2a2a2a, 0x90909090, 0x88888888); | ||
| 665 | &data_word(0x46464646, 0xeeeeeeee, 0xb8b8b8b8, 0x14141414); | ||
| 666 | &data_word(0xdededede, 0x5e5e5e5e, 0x0b0b0b0b, 0xdbdbdbdb); | ||
| 667 | &data_word(0xe0e0e0e0, 0x32323232, 0x3a3a3a3a, 0x0a0a0a0a); | ||
| 668 | &data_word(0x49494949, 0x06060606, 0x24242424, 0x5c5c5c5c); | ||
| 669 | &data_word(0xc2c2c2c2, 0xd3d3d3d3, 0xacacacac, 0x62626262); | ||
| 670 | &data_word(0x91919191, 0x95959595, 0xe4e4e4e4, 0x79797979); | ||
| 671 | &data_word(0xe7e7e7e7, 0xc8c8c8c8, 0x37373737, 0x6d6d6d6d); | ||
| 672 | &data_word(0x8d8d8d8d, 0xd5d5d5d5, 0x4e4e4e4e, 0xa9a9a9a9); | ||
| 673 | &data_word(0x6c6c6c6c, 0x56565656, 0xf4f4f4f4, 0xeaeaeaea); | ||
| 674 | &data_word(0x65656565, 0x7a7a7a7a, 0xaeaeaeae, 0x08080808); | ||
| 675 | &data_word(0xbabababa, 0x78787878, 0x25252525, 0x2e2e2e2e); | ||
| 676 | &data_word(0x1c1c1c1c, 0xa6a6a6a6, 0xb4b4b4b4, 0xc6c6c6c6); | ||
| 677 | &data_word(0xe8e8e8e8, 0xdddddddd, 0x74747474, 0x1f1f1f1f); | ||
| 678 | &data_word(0x4b4b4b4b, 0xbdbdbdbd, 0x8b8b8b8b, 0x8a8a8a8a); | ||
| 679 | &data_word(0x70707070, 0x3e3e3e3e, 0xb5b5b5b5, 0x66666666); | ||
| 680 | &data_word(0x48484848, 0x03030303, 0xf6f6f6f6, 0x0e0e0e0e); | ||
| 681 | &data_word(0x61616161, 0x35353535, 0x57575757, 0xb9b9b9b9); | ||
| 682 | &data_word(0x86868686, 0xc1c1c1c1, 0x1d1d1d1d, 0x9e9e9e9e); | ||
| 683 | &data_word(0xe1e1e1e1, 0xf8f8f8f8, 0x98989898, 0x11111111); | ||
| 684 | &data_word(0x69696969, 0xd9d9d9d9, 0x8e8e8e8e, 0x94949494); | ||
| 685 | &data_word(0x9b9b9b9b, 0x1e1e1e1e, 0x87878787, 0xe9e9e9e9); | ||
| 686 | &data_word(0xcececece, 0x55555555, 0x28282828, 0xdfdfdfdf); | ||
| 687 | &data_word(0x8c8c8c8c, 0xa1a1a1a1, 0x89898989, 0x0d0d0d0d); | ||
| 688 | &data_word(0xbfbfbfbf, 0xe6e6e6e6, 0x42424242, 0x68686868); | ||
| 689 | &data_word(0x41414141, 0x99999999, 0x2d2d2d2d, 0x0f0f0f0f); | ||
| 690 | &data_word(0xb0b0b0b0, 0x54545454, 0xbbbbbbbb, 0x16161616); | ||
| 691 | #rcon: | 433 | #rcon: |
| 692 | &data_word(0x00000001, 0x00000002, 0x00000004, 0x00000008); | 434 | &data_word(0x00000001, 0x00000002, 0x00000004, 0x00000008); |
| 693 | &data_word(0x00000010, 0x00000020, 0x00000040, 0x00000080); | 435 | &data_word(0x00000010, 0x00000020, 0x00000040, 0x00000080); |
| 694 | &data_word(0x0000001b, 0x00000036); | 436 | &data_word(0x0000001b, 0x00000036, 0, 0, 0, 0, 0, 0); |
| 695 | &function_end_B("AES_encrypt"); | 437 | &function_end_B("_x86_AES_encrypt"); |
| 696 | 438 | ||
| 697 | #------------------------------------------------------------------# | 439 | # void AES_encrypt (const void *inp,void *out,const AES_KEY *key); |
| 440 | &public_label("AES_Te"); | ||
| 441 | &function_begin("AES_encrypt"); | ||
| 442 | &mov ($acc,&wparam(0)); # load inp | ||
| 443 | &mov ($key,&wparam(2)); # load key | ||
| 698 | 444 | ||
| 699 | $s0="eax"; | 445 | &mov ($s0,"esp"); |
| 700 | $s1="ebx"; | 446 | &sub ("esp",24); |
| 701 | $s2="ecx"; | 447 | &and ("esp",-64); |
| 702 | $s3="edx"; | 448 | &add ("esp",4); |
| 703 | $key="edi"; | 449 | &mov (&DWP(16,"esp"),$s0); |
| 704 | $acc="esi"; | 450 | |
| 451 | &call (&label("pic_point")); # make it PIC! | ||
| 452 | &set_label("pic_point"); | ||
| 453 | &blindpop("ebp"); | ||
| 454 | &lea ("ebp",&DWP(&label("AES_Te")."-".&label("pic_point"),"ebp")); | ||
| 455 | |||
| 456 | &mov ($s0,&DWP(0,$acc)); # load input data | ||
| 457 | &mov ($s1,&DWP(4,$acc)); | ||
| 458 | &mov ($s2,&DWP(8,$acc)); | ||
| 459 | &mov ($s3,&DWP(12,$acc)); | ||
| 460 | |||
| 461 | &call ("_x86_AES_encrypt"); | ||
| 462 | |||
| 463 | &mov ("esp",&DWP(16,"esp")); | ||
| 464 | |||
| 465 | &mov ($acc,&wparam(1)); # load out | ||
| 466 | &mov (&DWP(0,$acc),$s0); # write output data | ||
| 467 | &mov (&DWP(4,$acc),$s1); | ||
| 468 | &mov (&DWP(8,$acc),$s2); | ||
| 469 | &mov (&DWP(12,$acc),$s3); | ||
| 470 | &function_end("AES_encrypt"); | ||
| 471 | |||
| 472 | #------------------------------------------------------------------# | ||
| 705 | 473 | ||
| 706 | sub decstep() | 474 | sub decstep() |
| 707 | { my ($i,$td,@s) = @_; | 475 | { my ($i,$td,@s) = @_; |
| @@ -715,24 +483,24 @@ sub decstep() | |||
| 715 | if($i==3) { &mov ($key,&DWP(12,"esp")); } | 483 | if($i==3) { &mov ($key,&DWP(12,"esp")); } |
| 716 | else { &mov ($out,$s[0]); } | 484 | else { &mov ($out,$s[0]); } |
| 717 | &and ($out,0xFF); | 485 | &and ($out,0xFF); |
| 718 | &mov ($out,&DWP(1024*0,$td,$out,4)); | 486 | &mov ($out,&DWP(0,$td,$out,8)); |
| 719 | 487 | ||
| 720 | if ($i==3) { $tmp=$s[1]; } | 488 | if ($i==3) { $tmp=$s[1]; } |
| 721 | &movz ($tmp,&HB($s[1])); | 489 | &movz ($tmp,&HB($s[1])); |
| 722 | &xor ($out,&DWP(1024*1,$td,$tmp,4)); | 490 | &xor ($out,&DWP(3,$td,$tmp,8)); |
| 723 | 491 | ||
| 724 | if ($i==3) { $tmp=$s[2]; &mov ($s[1],$acc); } | 492 | if ($i==3) { $tmp=$s[2]; &mov ($s[1],$acc); } |
| 725 | else { &mov ($tmp,$s[2]); } | 493 | else { &mov ($tmp,$s[2]); } |
| 726 | &shr ($tmp,16); | 494 | &shr ($tmp,16); |
| 727 | &and ($tmp,0xFF); | 495 | &and ($tmp,0xFF); |
| 728 | &xor ($out,&DWP(1024*2,$td,$tmp,4)); | 496 | &xor ($out,&DWP(2,$td,$tmp,8)); |
| 729 | 497 | ||
| 730 | if ($i==3) { $tmp=$s[3]; &mov ($s[2],&DWP(4,"esp")); } | 498 | if ($i==3) { $tmp=$s[3]; &mov ($s[2],&DWP(8,"esp")); } |
| 731 | else { &mov ($tmp,$s[3]); } | 499 | else { &mov ($tmp,$s[3]); } |
| 732 | &shr ($tmp,24); | 500 | &shr ($tmp,24); |
| 733 | &xor ($out,&DWP(1024*3,$td,$tmp,4)); | 501 | &xor ($out,&DWP(1,$td,$tmp,8)); |
| 734 | if ($i<2) { &mov (&DWP(4*$i,"esp"),$out); } | 502 | if ($i<2) { &mov (&DWP(4+4*$i,"esp"),$out); } |
| 735 | if ($i==3) { &mov ($s[3],&DWP(0,"esp")); } | 503 | if ($i==3) { &mov ($s[3],&DWP(4,"esp")); } |
| 736 | &comment(); | 504 | &comment(); |
| 737 | } | 505 | } |
| 738 | 506 | ||
| @@ -744,58 +512,38 @@ sub declast() | |||
| 744 | if($i==3) { &mov ($key,&DWP(12,"esp")); } | 512 | if($i==3) { &mov ($key,&DWP(12,"esp")); } |
| 745 | else { &mov ($out,$s[0]); } | 513 | else { &mov ($out,$s[0]); } |
| 746 | &and ($out,0xFF); | 514 | &and ($out,0xFF); |
| 747 | &mov ($out,&DWP(0,$td,$out,4)); | 515 | &movz ($out,&BP(2048,$td,$out,1)); |
| 748 | &and ($out,0x000000ff); | ||
| 749 | 516 | ||
| 750 | if ($i==3) { $tmp=$s[1]; } | 517 | if ($i==3) { $tmp=$s[1]; } |
| 751 | &movz ($tmp,&HB($s[1])); | 518 | &movz ($tmp,&HB($s[1])); |
| 752 | &mov ($tmp,&DWP(0,$td,$tmp,4)); | 519 | &movz ($tmp,&BP(2048,$td,$tmp,1)); |
| 753 | &and ($tmp,0x0000ff00); | 520 | &shl ($tmp,8); |
| 754 | &xor ($out,$tmp); | 521 | &xor ($out,$tmp); |
| 755 | 522 | ||
| 756 | if ($i==3) { $tmp=$s[2]; &mov ($s[1],$acc); } | 523 | if ($i==3) { $tmp=$s[2]; &mov ($s[1],$acc); } |
| 757 | else { mov ($tmp,$s[2]); } | 524 | else { mov ($tmp,$s[2]); } |
| 758 | &shr ($tmp,16); | 525 | &shr ($tmp,16); |
| 759 | &and ($tmp,0xFF); | 526 | &and ($tmp,0xFF); |
| 760 | &mov ($tmp,&DWP(0,$td,$tmp,4)); | 527 | &movz ($tmp,&BP(2048,$td,$tmp,1)); |
| 761 | &and ($tmp,0x00ff0000); | 528 | &shl ($tmp,16); |
| 762 | &xor ($out,$tmp); | 529 | &xor ($out,$tmp); |
| 763 | 530 | ||
| 764 | if ($i==3) { $tmp=$s[3]; &mov ($s[2],&DWP(4,"esp")); } | 531 | if ($i==3) { $tmp=$s[3]; &mov ($s[2],&DWP(8,"esp")); } |
| 765 | else { &mov ($tmp,$s[3]); } | 532 | else { &mov ($tmp,$s[3]); } |
| 766 | &shr ($tmp,24); | 533 | &shr ($tmp,24); |
| 767 | &mov ($tmp,&DWP(0,$td,$tmp,4)); | 534 | &movz ($tmp,&BP(2048,$td,$tmp,1)); |
| 768 | &and ($tmp,0xff000000); | 535 | &shl ($tmp,24); |
| 769 | &xor ($out,$tmp); | 536 | &xor ($out,$tmp); |
| 770 | if ($i<2) { &mov (&DWP(4*$i,"esp"),$out); } | 537 | if ($i<2) { &mov (&DWP(4+4*$i,"esp"),$out); } |
| 771 | if ($i==3) { &mov ($s[3],&DWP(0,"esp")); } | 538 | if ($i==3) { &mov ($s[3],&DWP(4,"esp")); } |
| 772 | } | 539 | } |
| 773 | 540 | ||
| 774 | # void AES_decrypt (const void *inp,void *out,const AES_KEY *key); | ||
| 775 | &public_label("AES_Td"); | 541 | &public_label("AES_Td"); |
| 776 | &function_begin("AES_decrypt"); | 542 | &function_begin_B("_x86_AES_decrypt"); |
| 777 | &mov ($acc,&wparam(0)); # load inp | 543 | # note that caller is expected to allocate stack frame for me! |
| 778 | &mov ($key,&wparam(2)); # load key | ||
| 779 | |||
| 780 | &call (&label("pic_point")); # make it PIC! | ||
| 781 | &set_label("pic_point"); | ||
| 782 | &blindpop("ebp"); | ||
| 783 | &lea ("ebp",&DWP(&label("AES_Td")."-".&label("pic_point"),"ebp")); | ||
| 784 | |||
| 785 | # allocate aligned stack frame | ||
| 786 | &mov ($s0,"esp"); | ||
| 787 | &sub ("esp",20); | ||
| 788 | &and ("esp",-16); | ||
| 789 | |||
| 790 | &mov (&DWP(12,"esp"),$key); # save key | 544 | &mov (&DWP(12,"esp"),$key); # save key |
| 791 | &mov (&DWP(16,"esp"),$s0); # save %esp | ||
| 792 | |||
| 793 | &mov ($s0,&DWP(0,$acc)); # load input data | ||
| 794 | &mov ($s1,&DWP(4,$acc)); | ||
| 795 | &mov ($s2,&DWP(8,$acc)); | ||
| 796 | &mov ($s3,&DWP(12,$acc)); | ||
| 797 | 545 | ||
| 798 | &xor ($s0,&DWP(0,$key)); | 546 | &xor ($s0,&DWP(0,$key)); # xor with key |
| 799 | &xor ($s1,&DWP(4,$key)); | 547 | &xor ($s1,&DWP(4,$key)); |
| 800 | &xor ($s2,&DWP(8,$key)); | 548 | &xor ($s2,&DWP(8,$key)); |
| 801 | &xor ($s3,&DWP(12,$key)); | 549 | &xor ($s3,&DWP(12,$key)); |
| @@ -805,19 +553,19 @@ sub declast() | |||
| 805 | if ($small_footprint) { | 553 | if ($small_footprint) { |
| 806 | &lea ($acc,&DWP(-2,$acc,$acc)); | 554 | &lea ($acc,&DWP(-2,$acc,$acc)); |
| 807 | &lea ($acc,&DWP(0,$key,$acc,8)); | 555 | &lea ($acc,&DWP(0,$key,$acc,8)); |
| 808 | &mov (&DWP(8,"esp"),$acc); # end of key schedule | 556 | &mov (&DWP(16,"esp"),$acc); # end of key schedule |
| 809 | &align (4); | 557 | &align (4); |
| 810 | &set_label("loop"); | 558 | &set_label("loop"); |
| 811 | &decstep(0,"ebp",$s0,$s3,$s2,$s1); | 559 | &decstep(0,"ebp",$s0,$s3,$s2,$s1); |
| 812 | &decstep(1,"ebp",$s1,$s0,$s3,$s2); | 560 | &decstep(1,"ebp",$s1,$s0,$s3,$s2); |
| 813 | &decstep(2,"ebp",$s2,$s1,$s0,$s3); | 561 | &decstep(2,"ebp",$s2,$s1,$s0,$s3); |
| 814 | &decstep(3,"ebp",$s3,$s2,$s1,$s0); | 562 | &decstep(3,"ebp",$s3,$s2,$s1,$s0); |
| 815 | &add ($key,16); # advance rd_key | 563 | &add ($key,16); # advance rd_key |
| 816 | &xor ($s0,&DWP(0,$key)); | 564 | &xor ($s0,&DWP(0,$key)); |
| 817 | &xor ($s1,&DWP(4,$key)); | 565 | &xor ($s1,&DWP(4,$key)); |
| 818 | &xor ($s2,&DWP(8,$key)); | 566 | &xor ($s2,&DWP(8,$key)); |
| 819 | &xor ($s3,&DWP(12,$key)); | 567 | &xor ($s3,&DWP(12,$key)); |
| 820 | &cmp ($key,&DWP(8,"esp")); | 568 | &cmp ($key,&DWP(16,"esp")); |
| 821 | &mov (&DWP(12,"esp"),$key); | 569 | &mov (&DWP(12,"esp"),$key); |
| 822 | &jb (&label("loop")); | 570 | &jb (&label("loop")); |
| 823 | } | 571 | } |
| @@ -839,7 +587,7 @@ sub declast() | |||
| 839 | &xor ($s3,&DWP(16*$i+12,$key)); | 587 | &xor ($s3,&DWP(16*$i+12,$key)); |
| 840 | } | 588 | } |
| 841 | &add ($key,32); | 589 | &add ($key,32); |
| 842 | &mov (&DWP(12,"esp"),$key); # advance rd_key | 590 | &mov (&DWP(12,"esp"),$key); # advance rd_key |
| 843 | &set_label("12rounds"); | 591 | &set_label("12rounds"); |
| 844 | for ($i=1;$i<3;$i++) { | 592 | for ($i=1;$i<3;$i++) { |
| 845 | &decstep(0,"ebp",$s0,$s3,$s2,$s1); | 593 | &decstep(0,"ebp",$s0,$s3,$s2,$s1); |
| @@ -852,7 +600,7 @@ sub declast() | |||
| 852 | &xor ($s3,&DWP(16*$i+12,$key)); | 600 | &xor ($s3,&DWP(16*$i+12,$key)); |
| 853 | } | 601 | } |
| 854 | &add ($key,32); | 602 | &add ($key,32); |
| 855 | &mov (&DWP(12,"esp"),$key); # advance rd_key | 603 | &mov (&DWP(12,"esp"),$key); # advance rd_key |
| 856 | &set_label("10rounds"); | 604 | &set_label("10rounds"); |
| 857 | for ($i=1;$i<10;$i++) { | 605 | for ($i=1;$i<10;$i++) { |
| 858 | &decstep(0,"ebp",$s0,$s3,$s2,$s1); | 606 | &decstep(0,"ebp",$s0,$s3,$s2,$s1); |
| @@ -866,382 +614,627 @@ sub declast() | |||
| 866 | } | 614 | } |
| 867 | } | 615 | } |
| 868 | 616 | ||
| 869 | &add ("ebp",4*1024); # skip to Te4 | ||
| 870 | &declast(0,"ebp",$s0,$s3,$s2,$s1); | 617 | &declast(0,"ebp",$s0,$s3,$s2,$s1); |
| 871 | &declast(1,"ebp",$s1,$s0,$s3,$s2); | 618 | &declast(1,"ebp",$s1,$s0,$s3,$s2); |
| 872 | &declast(2,"ebp",$s2,$s1,$s0,$s3); | 619 | &declast(2,"ebp",$s2,$s1,$s0,$s3); |
| 873 | &declast(3,"ebp",$s3,$s2,$s1,$s0); | 620 | &declast(3,"ebp",$s3,$s2,$s1,$s0); |
| 874 | 621 | ||
| 875 | &mov ("esp",&DWP(16,"esp")); # restore %esp | ||
| 876 | &add ($key,$small_footprint?16:160); | 622 | &add ($key,$small_footprint?16:160); |
| 877 | &xor ($s0,&DWP(0,$key)); | 623 | &xor ($s0,&DWP(0,$key)); |
| 878 | &xor ($s1,&DWP(4,$key)); | 624 | &xor ($s1,&DWP(4,$key)); |
| 879 | &xor ($s2,&DWP(8,$key)); | 625 | &xor ($s2,&DWP(8,$key)); |
| 880 | &xor ($s3,&DWP(12,$key)); | 626 | &xor ($s3,&DWP(12,$key)); |
| 881 | 627 | ||
| 882 | &mov ($key,&wparam(1)); # load out | 628 | &ret (); |
| 883 | &mov (&DWP(0,$key),$s0); # write output data | 629 | |
| 630 | &set_label("AES_Td",64); # Yes! I keep it in the code segment! | ||
| 631 | &_data_word(0x50a7f451, 0x5365417e, 0xc3a4171a, 0x965e273a); | ||
| 632 | &_data_word(0xcb6bab3b, 0xf1459d1f, 0xab58faac, 0x9303e34b); | ||
| 633 | &_data_word(0x55fa3020, 0xf66d76ad, 0x9176cc88, 0x254c02f5); | ||
| 634 | &_data_word(0xfcd7e54f, 0xd7cb2ac5, 0x80443526, 0x8fa362b5); | ||
| 635 | &_data_word(0x495ab1de, 0x671bba25, 0x980eea45, 0xe1c0fe5d); | ||
| 636 | &_data_word(0x02752fc3, 0x12f04c81, 0xa397468d, 0xc6f9d36b); | ||
| 637 | &_data_word(0xe75f8f03, 0x959c9215, 0xeb7a6dbf, 0xda595295); | ||
| 638 | &_data_word(0x2d83bed4, 0xd3217458, 0x2969e049, 0x44c8c98e); | ||
| 639 | &_data_word(0x6a89c275, 0x78798ef4, 0x6b3e5899, 0xdd71b927); | ||
| 640 | &_data_word(0xb64fe1be, 0x17ad88f0, 0x66ac20c9, 0xb43ace7d); | ||
| 641 | &_data_word(0x184adf63, 0x82311ae5, 0x60335197, 0x457f5362); | ||
| 642 | &_data_word(0xe07764b1, 0x84ae6bbb, 0x1ca081fe, 0x942b08f9); | ||
| 643 | &_data_word(0x58684870, 0x19fd458f, 0x876cde94, 0xb7f87b52); | ||
| 644 | &_data_word(0x23d373ab, 0xe2024b72, 0x578f1fe3, 0x2aab5566); | ||
| 645 | &_data_word(0x0728ebb2, 0x03c2b52f, 0x9a7bc586, 0xa50837d3); | ||
| 646 | &_data_word(0xf2872830, 0xb2a5bf23, 0xba6a0302, 0x5c8216ed); | ||
| 647 | &_data_word(0x2b1ccf8a, 0x92b479a7, 0xf0f207f3, 0xa1e2694e); | ||
| 648 | &_data_word(0xcdf4da65, 0xd5be0506, 0x1f6234d1, 0x8afea6c4); | ||
| 649 | &_data_word(0x9d532e34, 0xa055f3a2, 0x32e18a05, 0x75ebf6a4); | ||
| 650 | &_data_word(0x39ec830b, 0xaaef6040, 0x069f715e, 0x51106ebd); | ||
| 651 | &_data_word(0xf98a213e, 0x3d06dd96, 0xae053edd, 0x46bde64d); | ||
| 652 | &_data_word(0xb58d5491, 0x055dc471, 0x6fd40604, 0xff155060); | ||
| 653 | &_data_word(0x24fb9819, 0x97e9bdd6, 0xcc434089, 0x779ed967); | ||
| 654 | &_data_word(0xbd42e8b0, 0x888b8907, 0x385b19e7, 0xdbeec879); | ||
| 655 | &_data_word(0x470a7ca1, 0xe90f427c, 0xc91e84f8, 0x00000000); | ||
| 656 | &_data_word(0x83868009, 0x48ed2b32, 0xac70111e, 0x4e725a6c); | ||
| 657 | &_data_word(0xfbff0efd, 0x5638850f, 0x1ed5ae3d, 0x27392d36); | ||
| 658 | &_data_word(0x64d90f0a, 0x21a65c68, 0xd1545b9b, 0x3a2e3624); | ||
| 659 | &_data_word(0xb1670a0c, 0x0fe75793, 0xd296eeb4, 0x9e919b1b); | ||
| 660 | &_data_word(0x4fc5c080, 0xa220dc61, 0x694b775a, 0x161a121c); | ||
| 661 | &_data_word(0x0aba93e2, 0xe52aa0c0, 0x43e0223c, 0x1d171b12); | ||
| 662 | &_data_word(0x0b0d090e, 0xadc78bf2, 0xb9a8b62d, 0xc8a91e14); | ||
| 663 | &_data_word(0x8519f157, 0x4c0775af, 0xbbdd99ee, 0xfd607fa3); | ||
| 664 | &_data_word(0x9f2601f7, 0xbcf5725c, 0xc53b6644, 0x347efb5b); | ||
| 665 | &_data_word(0x7629438b, 0xdcc623cb, 0x68fcedb6, 0x63f1e4b8); | ||
| 666 | &_data_word(0xcadc31d7, 0x10856342, 0x40229713, 0x2011c684); | ||
| 667 | &_data_word(0x7d244a85, 0xf83dbbd2, 0x1132f9ae, 0x6da129c7); | ||
| 668 | &_data_word(0x4b2f9e1d, 0xf330b2dc, 0xec52860d, 0xd0e3c177); | ||
| 669 | &_data_word(0x6c16b32b, 0x99b970a9, 0xfa489411, 0x2264e947); | ||
| 670 | &_data_word(0xc48cfca8, 0x1a3ff0a0, 0xd82c7d56, 0xef903322); | ||
| 671 | &_data_word(0xc74e4987, 0xc1d138d9, 0xfea2ca8c, 0x360bd498); | ||
| 672 | &_data_word(0xcf81f5a6, 0x28de7aa5, 0x268eb7da, 0xa4bfad3f); | ||
| 673 | &_data_word(0xe49d3a2c, 0x0d927850, 0x9bcc5f6a, 0x62467e54); | ||
| 674 | &_data_word(0xc2138df6, 0xe8b8d890, 0x5ef7392e, 0xf5afc382); | ||
| 675 | &_data_word(0xbe805d9f, 0x7c93d069, 0xa92dd56f, 0xb31225cf); | ||
| 676 | &_data_word(0x3b99acc8, 0xa77d1810, 0x6e639ce8, 0x7bbb3bdb); | ||
| 677 | &_data_word(0x097826cd, 0xf418596e, 0x01b79aec, 0xa89a4f83); | ||
| 678 | &_data_word(0x656e95e6, 0x7ee6ffaa, 0x08cfbc21, 0xe6e815ef); | ||
| 679 | &_data_word(0xd99be7ba, 0xce366f4a, 0xd4099fea, 0xd67cb029); | ||
| 680 | &_data_word(0xafb2a431, 0x31233f2a, 0x3094a5c6, 0xc066a235); | ||
| 681 | &_data_word(0x37bc4e74, 0xa6ca82fc, 0xb0d090e0, 0x15d8a733); | ||
| 682 | &_data_word(0x4a9804f1, 0xf7daec41, 0x0e50cd7f, 0x2ff69117); | ||
| 683 | &_data_word(0x8dd64d76, 0x4db0ef43, 0x544daacc, 0xdf0496e4); | ||
| 684 | &_data_word(0xe3b5d19e, 0x1b886a4c, 0xb81f2cc1, 0x7f516546); | ||
| 685 | &_data_word(0x04ea5e9d, 0x5d358c01, 0x737487fa, 0x2e410bfb); | ||
| 686 | &_data_word(0x5a1d67b3, 0x52d2db92, 0x335610e9, 0x1347d66d); | ||
| 687 | &_data_word(0x8c61d79a, 0x7a0ca137, 0x8e14f859, 0x893c13eb); | ||
| 688 | &_data_word(0xee27a9ce, 0x35c961b7, 0xede51ce1, 0x3cb1477a); | ||
| 689 | &_data_word(0x59dfd29c, 0x3f73f255, 0x79ce1418, 0xbf37c773); | ||
| 690 | &_data_word(0xeacdf753, 0x5baafd5f, 0x146f3ddf, 0x86db4478); | ||
| 691 | &_data_word(0x81f3afca, 0x3ec468b9, 0x2c342438, 0x5f40a3c2); | ||
| 692 | &_data_word(0x72c31d16, 0x0c25e2bc, 0x8b493c28, 0x41950dff); | ||
| 693 | &_data_word(0x7101a839, 0xdeb30c08, 0x9ce4b4d8, 0x90c15664); | ||
| 694 | &_data_word(0x6184cb7b, 0x70b632d5, 0x745c6c48, 0x4257b8d0); | ||
| 695 | #Td4: | ||
| 696 | &data_byte(0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38); | ||
| 697 | &data_byte(0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb); | ||
| 698 | &data_byte(0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87); | ||
| 699 | &data_byte(0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb); | ||
| 700 | &data_byte(0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d); | ||
| 701 | &data_byte(0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e); | ||
| 702 | &data_byte(0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2); | ||
| 703 | &data_byte(0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25); | ||
| 704 | &data_byte(0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16); | ||
| 705 | &data_byte(0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92); | ||
| 706 | &data_byte(0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda); | ||
| 707 | &data_byte(0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84); | ||
| 708 | &data_byte(0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a); | ||
| 709 | &data_byte(0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06); | ||
| 710 | &data_byte(0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02); | ||
| 711 | &data_byte(0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b); | ||
| 712 | &data_byte(0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea); | ||
| 713 | &data_byte(0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73); | ||
| 714 | &data_byte(0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85); | ||
| 715 | &data_byte(0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e); | ||
| 716 | &data_byte(0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89); | ||
| 717 | &data_byte(0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b); | ||
| 718 | &data_byte(0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20); | ||
| 719 | &data_byte(0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4); | ||
| 720 | &data_byte(0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31); | ||
| 721 | &data_byte(0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f); | ||
| 722 | &data_byte(0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d); | ||
| 723 | &data_byte(0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef); | ||
| 724 | &data_byte(0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0); | ||
| 725 | &data_byte(0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61); | ||
| 726 | &data_byte(0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26); | ||
| 727 | &data_byte(0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d); | ||
| 728 | &function_end_B("_x86_AES_decrypt"); | ||
| 729 | |||
| 730 | # void AES_decrypt (const void *inp,void *out,const AES_KEY *key); | ||
| 731 | &public_label("AES_Td"); | ||
| 732 | &function_begin("AES_decrypt"); | ||
| 733 | &mov ($acc,&wparam(0)); # load inp | ||
| 734 | &mov ($key,&wparam(2)); # load key | ||
| 735 | |||
| 736 | &mov ($s0,"esp"); | ||
| 737 | &sub ("esp",24); | ||
| 738 | &and ("esp",-64); | ||
| 739 | &add ("esp",4); | ||
| 740 | &mov (&DWP(16,"esp"),$s0); | ||
| 741 | |||
| 742 | &call (&label("pic_point")); # make it PIC! | ||
| 743 | &set_label("pic_point"); | ||
| 744 | &blindpop("ebp"); | ||
| 745 | &lea ("ebp",&DWP(&label("AES_Td")."-".&label("pic_point"),"ebp")); | ||
| 746 | |||
| 747 | # prefetch Td4 | ||
| 748 | &lea ("ebp",&DWP(2048+128,"ebp")); | ||
| 749 | &mov ($s0,&DWP(0-128,"ebp")); | ||
| 750 | &mov ($s1,&DWP(32-128,"ebp")); | ||
| 751 | &mov ($s2,&DWP(64-128,"ebp")); | ||
| 752 | &mov ($s3,&DWP(96-128,"ebp")); | ||
| 753 | &mov ($s0,&DWP(128-128,"ebp")); | ||
| 754 | &mov ($s1,&DWP(160-128,"ebp")); | ||
| 755 | &mov ($s2,&DWP(192-128,"ebp")); | ||
| 756 | &mov ($s3,&DWP(224-128,"ebp")); | ||
| 757 | &lea ("ebp",&DWP(-2048-128,"ebp")); | ||
| 758 | |||
| 759 | &mov ($s0,&DWP(0,$acc)); # load input data | ||
| 760 | &mov ($s1,&DWP(4,$acc)); | ||
| 761 | &mov ($s2,&DWP(8,$acc)); | ||
| 762 | &mov ($s3,&DWP(12,$acc)); | ||
| 763 | |||
| 764 | &call ("_x86_AES_decrypt"); | ||
| 765 | |||
| 766 | &mov ("esp",&DWP(16,"esp")); | ||
| 767 | |||
| 768 | &mov ($acc,&wparam(1)); # load out | ||
| 769 | &mov (&DWP(0,$acc),$s0); # write output data | ||
| 770 | &mov (&DWP(4,$acc),$s1); | ||
| 771 | &mov (&DWP(8,$acc),$s2); | ||
| 772 | &mov (&DWP(12,$acc),$s3); | ||
| 773 | &function_end("AES_decrypt"); | ||
| 774 | |||
| 775 | # void AES_cbc_encrypt (const void char *inp, unsigned char *out, | ||
| 776 | # size_t length, const AES_KEY *key, | ||
| 777 | # unsigned char *ivp,const int enc); | ||
| 778 | { | ||
| 779 | # stack frame layout | ||
| 780 | # -4(%esp) 0(%esp) return address | ||
| 781 | # 0(%esp) 4(%esp) tmp1 | ||
| 782 | # 4(%esp) 8(%esp) tmp2 | ||
| 783 | # 8(%esp) 12(%esp) key | ||
| 784 | # 12(%esp) 16(%esp) end of key schedule | ||
| 785 | my $_esp=&DWP(16,"esp"); #saved %esp | ||
| 786 | my $_inp=&DWP(20,"esp"); #copy of wparam(0) | ||
| 787 | my $_out=&DWP(24,"esp"); #copy of wparam(1) | ||
| 788 | my $_len=&DWP(28,"esp"); #copy of wparam(2) | ||
| 789 | my $_key=&DWP(32,"esp"); #copy of wparam(3) | ||
| 790 | my $_ivp=&DWP(36,"esp"); #copy of wparam(4) | ||
| 791 | my $_tmp=&DWP(40,"esp"); #volatile variable | ||
| 792 | my $ivec=&DWP(44,"esp"); #ivec[16] | ||
| 793 | my $aes_key=&DWP(60,"esp"); #copy of aes_key | ||
| 794 | my $mark=&DWP(60+240,"esp"); #copy of aes_key->rounds | ||
| 795 | |||
| 796 | &public_label("AES_Te"); | ||
| 797 | &public_label("AES_Td"); | ||
| 798 | &function_begin("AES_cbc_encrypt"); | ||
| 799 | &mov ($s2 eq "ecx"? $s2 : "",&wparam(2)); # load len | ||
| 800 | &cmp ($s2,0); | ||
| 801 | &je (&label("enc_out")); | ||
| 802 | |||
| 803 | &call (&label("pic_point")); # make it PIC! | ||
| 804 | &set_label("pic_point"); | ||
| 805 | &blindpop("ebp"); | ||
| 806 | |||
| 807 | &pushf (); | ||
| 808 | &cld (); | ||
| 809 | |||
| 810 | &cmp (&wparam(5),0); | ||
| 811 | &je (&label("DECRYPT")); | ||
| 812 | |||
| 813 | &lea ("ebp",&DWP(&label("AES_Te")."-".&label("pic_point"),"ebp")); | ||
| 814 | |||
| 815 | # allocate aligned stack frame... | ||
| 816 | &lea ($key,&DWP(-64-244,"esp")); | ||
| 817 | &and ($key,-64); | ||
| 818 | |||
| 819 | # ... and make sure it doesn't alias with AES_Te modulo 4096 | ||
| 820 | &mov ($s0,"ebp"); | ||
| 821 | &lea ($s1,&DWP(2048,"ebp")); | ||
| 822 | &mov ($s3,$key); | ||
| 823 | &and ($s0,0xfff); # s = %ebp&0xfff | ||
| 824 | &and ($s1,0xfff); # e = (%ebp+2048)&0xfff | ||
| 825 | &and ($s3,0xfff); # p = %esp&0xfff | ||
| 826 | |||
| 827 | &cmp ($s3,$s1); # if (p>=e) %esp =- (p-e); | ||
| 828 | &jb (&label("te_break_out")); | ||
| 829 | &sub ($s3,$s1); | ||
| 830 | &sub ($key,$s3); | ||
| 831 | &jmp (&label("te_ok")); | ||
| 832 | &set_label("te_break_out"); # else %esp -= (p-s)&0xfff + framesz; | ||
| 833 | &sub ($s3,$s0); | ||
| 834 | &and ($s3,0xfff); | ||
| 835 | &add ($s3,64+256); | ||
| 836 | &sub ($key,$s3); | ||
| 837 | &align (4); | ||
| 838 | &set_label("te_ok"); | ||
| 839 | |||
| 840 | &mov ($s0,&wparam(0)); # load inp | ||
| 841 | &mov ($s1,&wparam(1)); # load out | ||
| 842 | &mov ($s3,&wparam(3)); # load key | ||
| 843 | &mov ($acc,&wparam(4)); # load ivp | ||
| 844 | |||
| 845 | &exch ("esp",$key); | ||
| 846 | &add ("esp",4); # reserve for return address! | ||
| 847 | &mov ($_esp,$key); # save %esp | ||
| 848 | |||
| 849 | &mov ($_inp,$s0); # save copy of inp | ||
| 850 | &mov ($_out,$s1); # save copy of out | ||
| 851 | &mov ($_len,$s2); # save copy of len | ||
| 852 | &mov ($_key,$s3); # save copy of key | ||
| 853 | &mov ($_ivp,$acc); # save copy of ivp | ||
| 854 | |||
| 855 | &mov ($mark,0); # copy of aes_key->rounds = 0; | ||
| 856 | if ($compromise) { | ||
| 857 | &cmp ($s2,$compromise); | ||
| 858 | &jb (&label("skip_ecopy")); | ||
| 859 | } | ||
| 860 | # do we copy key schedule to stack? | ||
| 861 | &mov ($s1 eq "ebx" ? $s1 : "",$s3); | ||
| 862 | &mov ($s2 eq "ecx" ? $s2 : "",244/4); | ||
| 863 | &sub ($s1,"ebp"); | ||
| 864 | &mov ("esi",$s3); | ||
| 865 | &and ($s1,0xfff); | ||
| 866 | &lea ("edi",$aes_key); | ||
| 867 | &cmp ($s1,2048); | ||
| 868 | &jb (&label("do_ecopy")); | ||
| 869 | &cmp ($s1,4096-244); | ||
| 870 | &jb (&label("skip_ecopy")); | ||
| 871 | &align (4); | ||
| 872 | &set_label("do_ecopy"); | ||
| 873 | &mov ($_key,"edi"); | ||
| 874 | &data_word(0xA5F3F689); # rep movsd | ||
| 875 | &set_label("skip_ecopy"); | ||
| 876 | |||
| 877 | &mov ($acc,$s0); | ||
| 878 | &mov ($key,16); | ||
| 879 | &align (4); | ||
| 880 | &set_label("prefetch_te"); | ||
| 881 | &mov ($s0,&DWP(0,"ebp")); | ||
| 882 | &mov ($s1,&DWP(32,"ebp")); | ||
| 883 | &mov ($s2,&DWP(64,"ebp")); | ||
| 884 | &mov ($s3,&DWP(96,"ebp")); | ||
| 885 | &lea ("ebp",&DWP(128,"ebp")); | ||
| 886 | &dec ($key); | ||
| 887 | &jnz (&label("prefetch_te")); | ||
| 888 | &sub ("ebp",2048); | ||
| 889 | |||
| 890 | &mov ($s2,$_len); | ||
| 891 | &mov ($key,$_ivp); | ||
| 892 | &test ($s2,0xFFFFFFF0); | ||
| 893 | &jz (&label("enc_tail")); # short input... | ||
| 894 | |||
| 895 | &mov ($s0,&DWP(0,$key)); # load iv | ||
| 896 | &mov ($s1,&DWP(4,$key)); | ||
| 897 | |||
| 898 | &align (4); | ||
| 899 | &set_label("enc_loop"); | ||
| 900 | &mov ($s2,&DWP(8,$key)); | ||
| 901 | &mov ($s3,&DWP(12,$key)); | ||
| 902 | |||
| 903 | &xor ($s0,&DWP(0,$acc)); # xor input data | ||
| 904 | &xor ($s1,&DWP(4,$acc)); | ||
| 905 | &xor ($s2,&DWP(8,$acc)); | ||
| 906 | &xor ($s3,&DWP(12,$acc)); | ||
| 907 | |||
| 908 | &mov ($key,$_key); # load key | ||
| 909 | &call ("_x86_AES_encrypt"); | ||
| 910 | |||
| 911 | &mov ($acc,$_inp); # load inp | ||
| 912 | &mov ($key,$_out); # load out | ||
| 913 | |||
| 914 | &mov (&DWP(0,$key),$s0); # save output data | ||
| 915 | &mov (&DWP(4,$key),$s1); | ||
| 916 | &mov (&DWP(8,$key),$s2); | ||
| 917 | &mov (&DWP(12,$key),$s3); | ||
| 918 | |||
| 919 | &mov ($s2,$_len); # load len | ||
| 920 | |||
| 921 | &lea ($acc,&DWP(16,$acc)); | ||
| 922 | &mov ($_inp,$acc); # save inp | ||
| 923 | |||
| 924 | &lea ($s3,&DWP(16,$key)); | ||
| 925 | &mov ($_out,$s3); # save out | ||
| 926 | |||
| 927 | &sub ($s2,16); | ||
| 928 | &test ($s2,0xFFFFFFF0); | ||
| 929 | &mov ($_len,$s2); # save len | ||
| 930 | &jnz (&label("enc_loop")); | ||
| 931 | &test ($s2,15); | ||
| 932 | &jnz (&label("enc_tail")); | ||
| 933 | &mov ($acc,$_ivp); # load ivp | ||
| 934 | &mov ($s2,&DWP(8,$key)); # restore last dwords | ||
| 935 | &mov ($s3,&DWP(12,$key)); | ||
| 936 | &mov (&DWP(0,$acc),$s0); # save ivec | ||
| 937 | &mov (&DWP(4,$acc),$s1); | ||
| 938 | &mov (&DWP(8,$acc),$s2); | ||
| 939 | &mov (&DWP(12,$acc),$s3); | ||
| 940 | |||
| 941 | &cmp ($mark,0); # was the key schedule copied? | ||
| 942 | &mov ("edi",$_key); | ||
| 943 | &je (&label("skip_ezero")); | ||
| 944 | # zero copy of key schedule | ||
| 945 | &mov ("ecx",240/4); | ||
| 946 | &xor ("eax","eax"); | ||
| 947 | &align (4); | ||
| 948 | &data_word(0xABF3F689); # rep stosd | ||
| 949 | &set_label("skip_ezero") | ||
| 950 | &mov ("esp",$_esp); | ||
| 951 | &popf (); | ||
| 952 | &set_label("enc_out"); | ||
| 953 | &function_end_A(); | ||
| 954 | &pushf (); # kludge, never executed | ||
| 955 | |||
| 956 | &align (4); | ||
| 957 | &set_label("enc_tail"); | ||
| 958 | &push ($key eq "edi" ? $key : ""); # push ivp | ||
| 959 | &mov ($key,$_out); # load out | ||
| 960 | &mov ($s1,16); | ||
| 961 | &sub ($s1,$s2); | ||
| 962 | &cmp ($key,$acc); # compare with inp | ||
| 963 | &je (&label("enc_in_place")); | ||
| 964 | &align (4); | ||
| 965 | &data_word(0xA4F3F689); # rep movsb # copy input | ||
| 966 | &jmp (&label("enc_skip_in_place")); | ||
| 967 | &set_label("enc_in_place"); | ||
| 968 | &lea ($key,&DWP(0,$key,$s2)); | ||
| 969 | &set_label("enc_skip_in_place"); | ||
| 970 | &mov ($s2,$s1); | ||
| 971 | &xor ($s0,$s0); | ||
| 972 | &align (4); | ||
| 973 | &data_word(0xAAF3F689); # rep stosb # zero tail | ||
| 974 | &pop ($key); # pop ivp | ||
| 975 | |||
| 976 | &mov ($acc,$_out); # output as input | ||
| 977 | &mov ($s0,&DWP(0,$key)); | ||
| 978 | &mov ($s1,&DWP(4,$key)); | ||
| 979 | &mov ($_len,16); # len=16 | ||
| 980 | &jmp (&label("enc_loop")); # one more spin... | ||
| 981 | |||
| 982 | #----------------------------- DECRYPT -----------------------------# | ||
| 983 | &align (4); | ||
| 984 | &set_label("DECRYPT"); | ||
| 985 | &lea ("ebp",&DWP(&label("AES_Td")."-".&label("pic_point"),"ebp")); | ||
| 986 | |||
| 987 | # allocate aligned stack frame... | ||
| 988 | &lea ($key,&DWP(-64-244,"esp")); | ||
| 989 | &and ($key,-64); | ||
| 990 | |||
| 991 | # ... and make sure it doesn't alias with AES_Td modulo 4096 | ||
| 992 | &mov ($s0,"ebp"); | ||
| 993 | &lea ($s1,&DWP(2048+256,"ebp")); | ||
| 994 | &mov ($s3,$key); | ||
| 995 | &and ($s0,0xfff); # s = %ebp&0xfff | ||
| 996 | &and ($s1,0xfff); # e = (%ebp+2048+256)&0xfff | ||
| 997 | &and ($s3,0xfff); # p = %esp&0xfff | ||
| 998 | |||
| 999 | &cmp ($s3,$s1); # if (p>=e) %esp =- (p-e); | ||
| 1000 | &jb (&label("td_break_out")); | ||
| 1001 | &sub ($s3,$s1); | ||
| 1002 | &sub ($key,$s3); | ||
| 1003 | &jmp (&label("td_ok")); | ||
| 1004 | &set_label("td_break_out"); # else %esp -= (p-s)&0xfff + framesz; | ||
| 1005 | &sub ($s3,$s0); | ||
| 1006 | &and ($s3,0xfff); | ||
| 1007 | &add ($s3,64+256); | ||
| 1008 | &sub ($key,$s3); | ||
| 1009 | &align (4); | ||
| 1010 | &set_label("td_ok"); | ||
| 1011 | |||
| 1012 | &mov ($s0,&wparam(0)); # load inp | ||
| 1013 | &mov ($s1,&wparam(1)); # load out | ||
| 1014 | &mov ($s3,&wparam(3)); # load key | ||
| 1015 | &mov ($acc,&wparam(4)); # load ivp | ||
| 1016 | |||
| 1017 | &exch ("esp",$key); | ||
| 1018 | &add ("esp",4); # reserve for return address! | ||
| 1019 | &mov ($_esp,$key); # save %esp | ||
| 1020 | |||
| 1021 | &mov ($_inp,$s0); # save copy of inp | ||
| 1022 | &mov ($_out,$s1); # save copy of out | ||
| 1023 | &mov ($_len,$s2); # save copy of len | ||
| 1024 | &mov ($_key,$s3); # save copy of key | ||
| 1025 | &mov ($_ivp,$acc); # save copy of ivp | ||
| 1026 | |||
| 1027 | &mov ($mark,0); # copy of aes_key->rounds = 0; | ||
| 1028 | if ($compromise) { | ||
| 1029 | &cmp ($s2,$compromise); | ||
| 1030 | &jb (&label("skip_dcopy")); | ||
| 1031 | } | ||
| 1032 | # do we copy key schedule to stack? | ||
| 1033 | &mov ($s1 eq "ebx" ? $s1 : "",$s3); | ||
| 1034 | &mov ($s2 eq "ecx" ? $s2 : "",244/4); | ||
| 1035 | &sub ($s1,"ebp"); | ||
| 1036 | &mov ("esi",$s3); | ||
| 1037 | &and ($s1,0xfff); | ||
| 1038 | &lea ("edi",$aes_key); | ||
| 1039 | &cmp ($s1,2048+256); | ||
| 1040 | &jb (&label("do_dcopy")); | ||
| 1041 | &cmp ($s1,4096-244); | ||
| 1042 | &jb (&label("skip_dcopy")); | ||
| 1043 | &align (4); | ||
| 1044 | &set_label("do_dcopy"); | ||
| 1045 | &mov ($_key,"edi"); | ||
| 1046 | &data_word(0xA5F3F689); # rep movsd | ||
| 1047 | &set_label("skip_dcopy"); | ||
| 1048 | |||
| 1049 | &mov ($acc,$s0); | ||
| 1050 | &mov ($key,18); | ||
| 1051 | &align (4); | ||
| 1052 | &set_label("prefetch_td"); | ||
| 1053 | &mov ($s0,&DWP(0,"ebp")); | ||
| 1054 | &mov ($s1,&DWP(32,"ebp")); | ||
| 1055 | &mov ($s2,&DWP(64,"ebp")); | ||
| 1056 | &mov ($s3,&DWP(96,"ebp")); | ||
| 1057 | &lea ("ebp",&DWP(128,"ebp")); | ||
| 1058 | &dec ($key); | ||
| 1059 | &jnz (&label("prefetch_td")); | ||
| 1060 | &sub ("ebp",2048+256); | ||
| 1061 | |||
| 1062 | &cmp ($acc,$_out); | ||
| 1063 | &je (&label("dec_in_place")); # in-place processing... | ||
| 1064 | |||
| 1065 | &mov ($key,$_ivp); # load ivp | ||
| 1066 | &mov ($_tmp,$key); | ||
| 1067 | |||
| 1068 | &align (4); | ||
| 1069 | &set_label("dec_loop"); | ||
| 1070 | &mov ($s0,&DWP(0,$acc)); # read input | ||
| 1071 | &mov ($s1,&DWP(4,$acc)); | ||
| 1072 | &mov ($s2,&DWP(8,$acc)); | ||
| 1073 | &mov ($s3,&DWP(12,$acc)); | ||
| 1074 | |||
| 1075 | &mov ($key,$_key); # load key | ||
| 1076 | &call ("_x86_AES_decrypt"); | ||
| 1077 | |||
| 1078 | &mov ($key,$_tmp); # load ivp | ||
| 1079 | &mov ($acc,$_len); # load len | ||
| 1080 | &xor ($s0,&DWP(0,$key)); # xor iv | ||
| 1081 | &xor ($s1,&DWP(4,$key)); | ||
| 1082 | &xor ($s2,&DWP(8,$key)); | ||
| 1083 | &xor ($s3,&DWP(12,$key)); | ||
| 1084 | |||
| 1085 | &sub ($acc,16); | ||
| 1086 | &jc (&label("dec_partial")); | ||
| 1087 | &mov ($_len,$acc); # save len | ||
| 1088 | &mov ($acc,$_inp); # load inp | ||
| 1089 | &mov ($key,$_out); # load out | ||
| 1090 | |||
| 1091 | &mov (&DWP(0,$key),$s0); # write output | ||
| 1092 | &mov (&DWP(4,$key),$s1); | ||
| 1093 | &mov (&DWP(8,$key),$s2); | ||
| 1094 | &mov (&DWP(12,$key),$s3); | ||
| 1095 | |||
| 1096 | &mov ($_tmp,$acc); # save ivp | ||
| 1097 | &lea ($acc,&DWP(16,$acc)); | ||
| 1098 | &mov ($_inp,$acc); # save inp | ||
| 1099 | |||
| 1100 | &lea ($key,&DWP(16,$key)); | ||
| 1101 | &mov ($_out,$key); # save out | ||
| 1102 | |||
| 1103 | &jnz (&label("dec_loop")); | ||
| 1104 | &mov ($key,$_tmp); # load temp ivp | ||
| 1105 | &set_label("dec_end"); | ||
| 1106 | &mov ($acc,$_ivp); # load user ivp | ||
| 1107 | &mov ($s0,&DWP(0,$key)); # load iv | ||
| 1108 | &mov ($s1,&DWP(4,$key)); | ||
| 1109 | &mov ($s2,&DWP(8,$key)); | ||
| 1110 | &mov ($s3,&DWP(12,$key)); | ||
| 1111 | &mov (&DWP(0,$acc),$s0); # copy back to user | ||
| 1112 | &mov (&DWP(4,$acc),$s1); | ||
| 1113 | &mov (&DWP(8,$acc),$s2); | ||
| 1114 | &mov (&DWP(12,$acc),$s3); | ||
| 1115 | &jmp (&label("dec_out")); | ||
| 1116 | |||
| 1117 | &align (4); | ||
| 1118 | &set_label("dec_partial"); | ||
| 1119 | &lea ($key,$ivec); | ||
| 1120 | &mov (&DWP(0,$key),$s0); # dump output to stack | ||
| 884 | &mov (&DWP(4,$key),$s1); | 1121 | &mov (&DWP(4,$key),$s1); |
| 885 | &mov (&DWP(8,$key),$s2); | 1122 | &mov (&DWP(8,$key),$s2); |
| 886 | &mov (&DWP(12,$key),$s3); | 1123 | &mov (&DWP(12,$key),$s3); |
| 1124 | &lea ($s2 eq "ecx" ? $s2 : "",&DWP(16,$acc)); | ||
| 1125 | &mov ($acc eq "esi" ? $acc : "",$key); | ||
| 1126 | &mov ($key eq "edi" ? $key : "",$_out); # load out | ||
| 1127 | &data_word(0xA4F3F689); # rep movsb # copy output | ||
| 1128 | &mov ($key,$_inp); # use inp as temp ivp | ||
| 1129 | &jmp (&label("dec_end")); | ||
| 1130 | |||
| 1131 | &align (4); | ||
| 1132 | &set_label("dec_in_place"); | ||
| 1133 | &set_label("dec_in_place_loop"); | ||
| 1134 | &lea ($key,$ivec); | ||
| 1135 | &mov ($s0,&DWP(0,$acc)); # read input | ||
| 1136 | &mov ($s1,&DWP(4,$acc)); | ||
| 1137 | &mov ($s2,&DWP(8,$acc)); | ||
| 1138 | &mov ($s3,&DWP(12,$acc)); | ||
| 1139 | |||
| 1140 | &mov (&DWP(0,$key),$s0); # copy to temp | ||
| 1141 | &mov (&DWP(4,$key),$s1); | ||
| 1142 | &mov (&DWP(8,$key),$s2); | ||
| 1143 | &mov (&DWP(12,$key),$s3); | ||
| 1144 | |||
| 1145 | &mov ($key,$_key); # load key | ||
| 1146 | &call ("_x86_AES_decrypt"); | ||
| 1147 | |||
| 1148 | &mov ($key,$_ivp); # load ivp | ||
| 1149 | &mov ($acc,$_out); # load out | ||
| 1150 | &xor ($s0,&DWP(0,$key)); # xor iv | ||
| 1151 | &xor ($s1,&DWP(4,$key)); | ||
| 1152 | &xor ($s2,&DWP(8,$key)); | ||
| 1153 | &xor ($s3,&DWP(12,$key)); | ||
| 887 | 1154 | ||
| 888 | &pop ("edi"); | 1155 | &mov (&DWP(0,$acc),$s0); # write output |
| 889 | &pop ("esi"); | 1156 | &mov (&DWP(4,$acc),$s1); |
| 890 | &pop ("ebx"); | 1157 | &mov (&DWP(8,$acc),$s2); |
| 891 | &pop ("ebp"); | 1158 | &mov (&DWP(12,$acc),$s3); |
| 892 | &ret (); | 1159 | |
| 1160 | &lea ($acc,&DWP(16,$acc)); | ||
| 1161 | &mov ($_out,$acc); # save out | ||
| 1162 | |||
| 1163 | &lea ($acc,$ivec); | ||
| 1164 | &mov ($s0,&DWP(0,$acc)); # read temp | ||
| 1165 | &mov ($s1,&DWP(4,$acc)); | ||
| 1166 | &mov ($s2,&DWP(8,$acc)); | ||
| 1167 | &mov ($s3,&DWP(12,$acc)); | ||
| 1168 | |||
| 1169 | &mov (&DWP(0,$key),$s0); # copy iv | ||
| 1170 | &mov (&DWP(4,$key),$s1); | ||
| 1171 | &mov (&DWP(8,$key),$s2); | ||
| 1172 | &mov (&DWP(12,$key),$s3); | ||
| 1173 | |||
| 1174 | &mov ($acc,$_inp); # load inp | ||
| 1175 | |||
| 1176 | &lea ($acc,&DWP(16,$acc)); | ||
| 1177 | &mov ($_inp,$acc); # save inp | ||
| 1178 | |||
| 1179 | &mov ($s2,$_len); # load len | ||
| 1180 | &sub ($s2,16); | ||
| 1181 | &jc (&label("dec_in_place_partial")); | ||
| 1182 | &mov ($_len,$s2); # save len | ||
| 1183 | &jnz (&label("dec_in_place_loop")); | ||
| 1184 | &jmp (&label("dec_out")); | ||
| 1185 | |||
| 1186 | &align (4); | ||
| 1187 | &set_label("dec_in_place_partial"); | ||
| 1188 | # one can argue if this is actually required... | ||
| 1189 | &mov ($key eq "edi" ? $key : "",$_out); | ||
| 1190 | &lea ($acc eq "esi" ? $acc : "",$ivec); | ||
| 1191 | &lea ($key,&DWP(0,$key,$s2)); | ||
| 1192 | &lea ($acc,&DWP(16,$acc,$s2)); | ||
| 1193 | &neg ($s2 eq "ecx" ? $s2 : ""); | ||
| 1194 | &data_word(0xA4F3F689); # rep movsb # restore tail | ||
| 1195 | |||
| 1196 | &align (4); | ||
| 1197 | &set_label("dec_out"); | ||
| 1198 | &cmp ($mark,0); # was the key schedule copied? | ||
| 1199 | &mov ("edi",$_key); | ||
| 1200 | &je (&label("skip_dzero")); | ||
| 1201 | # zero copy of key schedule | ||
| 1202 | &mov ("ecx",240/4); | ||
| 1203 | &xor ("eax","eax"); | ||
| 1204 | &align (4); | ||
| 1205 | &data_word(0xABF3F689); # rep stosd | ||
| 1206 | &set_label("skip_dzero") | ||
| 1207 | &mov ("esp",$_esp); | ||
| 1208 | &popf (); | ||
| 1209 | &function_end("AES_cbc_encrypt"); | ||
| 1210 | } | ||
| 893 | 1211 | ||
| 894 | &set_label("AES_Td",64); # Yes! I keep it in the code segment! | 1212 | #------------------------------------------------------------------# |
| 895 | &data_word(0x50a7f451, 0x5365417e, 0xc3a4171a, 0x965e273a); | ||
| 896 | &data_word(0xcb6bab3b, 0xf1459d1f, 0xab58faac, 0x9303e34b); | ||
| 897 | &data_word(0x55fa3020, 0xf66d76ad, 0x9176cc88, 0x254c02f5); | ||
| 898 | &data_word(0xfcd7e54f, 0xd7cb2ac5, 0x80443526, 0x8fa362b5); | ||
| 899 | &data_word(0x495ab1de, 0x671bba25, 0x980eea45, 0xe1c0fe5d); | ||
| 900 | &data_word(0x02752fc3, 0x12f04c81, 0xa397468d, 0xc6f9d36b); | ||
| 901 | &data_word(0xe75f8f03, 0x959c9215, 0xeb7a6dbf, 0xda595295); | ||
| 902 | &data_word(0x2d83bed4, 0xd3217458, 0x2969e049, 0x44c8c98e); | ||
| 903 | &data_word(0x6a89c275, 0x78798ef4, 0x6b3e5899, 0xdd71b927); | ||
| 904 | &data_word(0xb64fe1be, 0x17ad88f0, 0x66ac20c9, 0xb43ace7d); | ||
| 905 | &data_word(0x184adf63, 0x82311ae5, 0x60335197, 0x457f5362); | ||
| 906 | &data_word(0xe07764b1, 0x84ae6bbb, 0x1ca081fe, 0x942b08f9); | ||
| 907 | &data_word(0x58684870, 0x19fd458f, 0x876cde94, 0xb7f87b52); | ||
| 908 | &data_word(0x23d373ab, 0xe2024b72, 0x578f1fe3, 0x2aab5566); | ||
| 909 | &data_word(0x0728ebb2, 0x03c2b52f, 0x9a7bc586, 0xa50837d3); | ||
| 910 | &data_word(0xf2872830, 0xb2a5bf23, 0xba6a0302, 0x5c8216ed); | ||
| 911 | &data_word(0x2b1ccf8a, 0x92b479a7, 0xf0f207f3, 0xa1e2694e); | ||
| 912 | &data_word(0xcdf4da65, 0xd5be0506, 0x1f6234d1, 0x8afea6c4); | ||
| 913 | &data_word(0x9d532e34, 0xa055f3a2, 0x32e18a05, 0x75ebf6a4); | ||
| 914 | &data_word(0x39ec830b, 0xaaef6040, 0x069f715e, 0x51106ebd); | ||
| 915 | &data_word(0xf98a213e, 0x3d06dd96, 0xae053edd, 0x46bde64d); | ||
| 916 | &data_word(0xb58d5491, 0x055dc471, 0x6fd40604, 0xff155060); | ||
| 917 | &data_word(0x24fb9819, 0x97e9bdd6, 0xcc434089, 0x779ed967); | ||
| 918 | &data_word(0xbd42e8b0, 0x888b8907, 0x385b19e7, 0xdbeec879); | ||
| 919 | &data_word(0x470a7ca1, 0xe90f427c, 0xc91e84f8, 0x00000000); | ||
| 920 | &data_word(0x83868009, 0x48ed2b32, 0xac70111e, 0x4e725a6c); | ||
| 921 | &data_word(0xfbff0efd, 0x5638850f, 0x1ed5ae3d, 0x27392d36); | ||
| 922 | &data_word(0x64d90f0a, 0x21a65c68, 0xd1545b9b, 0x3a2e3624); | ||
| 923 | &data_word(0xb1670a0c, 0x0fe75793, 0xd296eeb4, 0x9e919b1b); | ||
| 924 | &data_word(0x4fc5c080, 0xa220dc61, 0x694b775a, 0x161a121c); | ||
| 925 | &data_word(0x0aba93e2, 0xe52aa0c0, 0x43e0223c, 0x1d171b12); | ||
| 926 | &data_word(0x0b0d090e, 0xadc78bf2, 0xb9a8b62d, 0xc8a91e14); | ||
| 927 | &data_word(0x8519f157, 0x4c0775af, 0xbbdd99ee, 0xfd607fa3); | ||
| 928 | &data_word(0x9f2601f7, 0xbcf5725c, 0xc53b6644, 0x347efb5b); | ||
| 929 | &data_word(0x7629438b, 0xdcc623cb, 0x68fcedb6, 0x63f1e4b8); | ||
| 930 | &data_word(0xcadc31d7, 0x10856342, 0x40229713, 0x2011c684); | ||
| 931 | &data_word(0x7d244a85, 0xf83dbbd2, 0x1132f9ae, 0x6da129c7); | ||
| 932 | &data_word(0x4b2f9e1d, 0xf330b2dc, 0xec52860d, 0xd0e3c177); | ||
| 933 | &data_word(0x6c16b32b, 0x99b970a9, 0xfa489411, 0x2264e947); | ||
| 934 | &data_word(0xc48cfca8, 0x1a3ff0a0, 0xd82c7d56, 0xef903322); | ||
| 935 | &data_word(0xc74e4987, 0xc1d138d9, 0xfea2ca8c, 0x360bd498); | ||
| 936 | &data_word(0xcf81f5a6, 0x28de7aa5, 0x268eb7da, 0xa4bfad3f); | ||
| 937 | &data_word(0xe49d3a2c, 0x0d927850, 0x9bcc5f6a, 0x62467e54); | ||
| 938 | &data_word(0xc2138df6, 0xe8b8d890, 0x5ef7392e, 0xf5afc382); | ||
| 939 | &data_word(0xbe805d9f, 0x7c93d069, 0xa92dd56f, 0xb31225cf); | ||
| 940 | &data_word(0x3b99acc8, 0xa77d1810, 0x6e639ce8, 0x7bbb3bdb); | ||
| 941 | &data_word(0x097826cd, 0xf418596e, 0x01b79aec, 0xa89a4f83); | ||
| 942 | &data_word(0x656e95e6, 0x7ee6ffaa, 0x08cfbc21, 0xe6e815ef); | ||
| 943 | &data_word(0xd99be7ba, 0xce366f4a, 0xd4099fea, 0xd67cb029); | ||
| 944 | &data_word(0xafb2a431, 0x31233f2a, 0x3094a5c6, 0xc066a235); | ||
| 945 | &data_word(0x37bc4e74, 0xa6ca82fc, 0xb0d090e0, 0x15d8a733); | ||
| 946 | &data_word(0x4a9804f1, 0xf7daec41, 0x0e50cd7f, 0x2ff69117); | ||
| 947 | &data_word(0x8dd64d76, 0x4db0ef43, 0x544daacc, 0xdf0496e4); | ||
| 948 | &data_word(0xe3b5d19e, 0x1b886a4c, 0xb81f2cc1, 0x7f516546); | ||
| 949 | &data_word(0x04ea5e9d, 0x5d358c01, 0x737487fa, 0x2e410bfb); | ||
| 950 | &data_word(0x5a1d67b3, 0x52d2db92, 0x335610e9, 0x1347d66d); | ||
| 951 | &data_word(0x8c61d79a, 0x7a0ca137, 0x8e14f859, 0x893c13eb); | ||
| 952 | &data_word(0xee27a9ce, 0x35c961b7, 0xede51ce1, 0x3cb1477a); | ||
| 953 | &data_word(0x59dfd29c, 0x3f73f255, 0x79ce1418, 0xbf37c773); | ||
| 954 | &data_word(0xeacdf753, 0x5baafd5f, 0x146f3ddf, 0x86db4478); | ||
| 955 | &data_word(0x81f3afca, 0x3ec468b9, 0x2c342438, 0x5f40a3c2); | ||
| 956 | &data_word(0x72c31d16, 0x0c25e2bc, 0x8b493c28, 0x41950dff); | ||
| 957 | &data_word(0x7101a839, 0xdeb30c08, 0x9ce4b4d8, 0x90c15664); | ||
| 958 | &data_word(0x6184cb7b, 0x70b632d5, 0x745c6c48, 0x4257b8d0); | ||
| 959 | #Td1: | ||
| 960 | &data_word(0xa7f45150, 0x65417e53, 0xa4171ac3, 0x5e273a96); | ||
| 961 | &data_word(0x6bab3bcb, 0x459d1ff1, 0x58faacab, 0x03e34b93); | ||
| 962 | &data_word(0xfa302055, 0x6d76adf6, 0x76cc8891, 0x4c02f525); | ||
| 963 | &data_word(0xd7e54ffc, 0xcb2ac5d7, 0x44352680, 0xa362b58f); | ||
| 964 | &data_word(0x5ab1de49, 0x1bba2567, 0x0eea4598, 0xc0fe5de1); | ||
| 965 | &data_word(0x752fc302, 0xf04c8112, 0x97468da3, 0xf9d36bc6); | ||
| 966 | &data_word(0x5f8f03e7, 0x9c921595, 0x7a6dbfeb, 0x595295da); | ||
| 967 | &data_word(0x83bed42d, 0x217458d3, 0x69e04929, 0xc8c98e44); | ||
| 968 | &data_word(0x89c2756a, 0x798ef478, 0x3e58996b, 0x71b927dd); | ||
| 969 | &data_word(0x4fe1beb6, 0xad88f017, 0xac20c966, 0x3ace7db4); | ||
| 970 | &data_word(0x4adf6318, 0x311ae582, 0x33519760, 0x7f536245); | ||
| 971 | &data_word(0x7764b1e0, 0xae6bbb84, 0xa081fe1c, 0x2b08f994); | ||
| 972 | &data_word(0x68487058, 0xfd458f19, 0x6cde9487, 0xf87b52b7); | ||
| 973 | &data_word(0xd373ab23, 0x024b72e2, 0x8f1fe357, 0xab55662a); | ||
| 974 | &data_word(0x28ebb207, 0xc2b52f03, 0x7bc5869a, 0x0837d3a5); | ||
| 975 | &data_word(0x872830f2, 0xa5bf23b2, 0x6a0302ba, 0x8216ed5c); | ||
| 976 | &data_word(0x1ccf8a2b, 0xb479a792, 0xf207f3f0, 0xe2694ea1); | ||
| 977 | &data_word(0xf4da65cd, 0xbe0506d5, 0x6234d11f, 0xfea6c48a); | ||
| 978 | &data_word(0x532e349d, 0x55f3a2a0, 0xe18a0532, 0xebf6a475); | ||
| 979 | &data_word(0xec830b39, 0xef6040aa, 0x9f715e06, 0x106ebd51); | ||
| 980 | &data_word(0x8a213ef9, 0x06dd963d, 0x053eddae, 0xbde64d46); | ||
| 981 | &data_word(0x8d5491b5, 0x5dc47105, 0xd406046f, 0x155060ff); | ||
| 982 | &data_word(0xfb981924, 0xe9bdd697, 0x434089cc, 0x9ed96777); | ||
| 983 | &data_word(0x42e8b0bd, 0x8b890788, 0x5b19e738, 0xeec879db); | ||
| 984 | &data_word(0x0a7ca147, 0x0f427ce9, 0x1e84f8c9, 0x00000000); | ||
| 985 | &data_word(0x86800983, 0xed2b3248, 0x70111eac, 0x725a6c4e); | ||
| 986 | &data_word(0xff0efdfb, 0x38850f56, 0xd5ae3d1e, 0x392d3627); | ||
| 987 | &data_word(0xd90f0a64, 0xa65c6821, 0x545b9bd1, 0x2e36243a); | ||
| 988 | &data_word(0x670a0cb1, 0xe757930f, 0x96eeb4d2, 0x919b1b9e); | ||
| 989 | &data_word(0xc5c0804f, 0x20dc61a2, 0x4b775a69, 0x1a121c16); | ||
| 990 | &data_word(0xba93e20a, 0x2aa0c0e5, 0xe0223c43, 0x171b121d); | ||
| 991 | &data_word(0x0d090e0b, 0xc78bf2ad, 0xa8b62db9, 0xa91e14c8); | ||
| 992 | &data_word(0x19f15785, 0x0775af4c, 0xdd99eebb, 0x607fa3fd); | ||
| 993 | &data_word(0x2601f79f, 0xf5725cbc, 0x3b6644c5, 0x7efb5b34); | ||
| 994 | &data_word(0x29438b76, 0xc623cbdc, 0xfcedb668, 0xf1e4b863); | ||
| 995 | &data_word(0xdc31d7ca, 0x85634210, 0x22971340, 0x11c68420); | ||
| 996 | &data_word(0x244a857d, 0x3dbbd2f8, 0x32f9ae11, 0xa129c76d); | ||
| 997 | &data_word(0x2f9e1d4b, 0x30b2dcf3, 0x52860dec, 0xe3c177d0); | ||
| 998 | &data_word(0x16b32b6c, 0xb970a999, 0x489411fa, 0x64e94722); | ||
| 999 | &data_word(0x8cfca8c4, 0x3ff0a01a, 0x2c7d56d8, 0x903322ef); | ||
| 1000 | &data_word(0x4e4987c7, 0xd138d9c1, 0xa2ca8cfe, 0x0bd49836); | ||
| 1001 | &data_word(0x81f5a6cf, 0xde7aa528, 0x8eb7da26, 0xbfad3fa4); | ||
| 1002 | &data_word(0x9d3a2ce4, 0x9278500d, 0xcc5f6a9b, 0x467e5462); | ||
| 1003 | &data_word(0x138df6c2, 0xb8d890e8, 0xf7392e5e, 0xafc382f5); | ||
| 1004 | &data_word(0x805d9fbe, 0x93d0697c, 0x2dd56fa9, 0x1225cfb3); | ||
| 1005 | &data_word(0x99acc83b, 0x7d1810a7, 0x639ce86e, 0xbb3bdb7b); | ||
| 1006 | &data_word(0x7826cd09, 0x18596ef4, 0xb79aec01, 0x9a4f83a8); | ||
| 1007 | &data_word(0x6e95e665, 0xe6ffaa7e, 0xcfbc2108, 0xe815efe6); | ||
| 1008 | &data_word(0x9be7bad9, 0x366f4ace, 0x099fead4, 0x7cb029d6); | ||
| 1009 | &data_word(0xb2a431af, 0x233f2a31, 0x94a5c630, 0x66a235c0); | ||
| 1010 | &data_word(0xbc4e7437, 0xca82fca6, 0xd090e0b0, 0xd8a73315); | ||
| 1011 | &data_word(0x9804f14a, 0xdaec41f7, 0x50cd7f0e, 0xf691172f); | ||
| 1012 | &data_word(0xd64d768d, 0xb0ef434d, 0x4daacc54, 0x0496e4df); | ||
| 1013 | &data_word(0xb5d19ee3, 0x886a4c1b, 0x1f2cc1b8, 0x5165467f); | ||
| 1014 | &data_word(0xea5e9d04, 0x358c015d, 0x7487fa73, 0x410bfb2e); | ||
| 1015 | &data_word(0x1d67b35a, 0xd2db9252, 0x5610e933, 0x47d66d13); | ||
| 1016 | &data_word(0x61d79a8c, 0x0ca1377a, 0x14f8598e, 0x3c13eb89); | ||
| 1017 | &data_word(0x27a9ceee, 0xc961b735, 0xe51ce1ed, 0xb1477a3c); | ||
| 1018 | &data_word(0xdfd29c59, 0x73f2553f, 0xce141879, 0x37c773bf); | ||
| 1019 | &data_word(0xcdf753ea, 0xaafd5f5b, 0x6f3ddf14, 0xdb447886); | ||
| 1020 | &data_word(0xf3afca81, 0xc468b93e, 0x3424382c, 0x40a3c25f); | ||
| 1021 | &data_word(0xc31d1672, 0x25e2bc0c, 0x493c288b, 0x950dff41); | ||
| 1022 | &data_word(0x01a83971, 0xb30c08de, 0xe4b4d89c, 0xc1566490); | ||
| 1023 | &data_word(0x84cb7b61, 0xb632d570, 0x5c6c4874, 0x57b8d042); | ||
| 1024 | #Td2: | ||
| 1025 | &data_word(0xf45150a7, 0x417e5365, 0x171ac3a4, 0x273a965e); | ||
| 1026 | &data_word(0xab3bcb6b, 0x9d1ff145, 0xfaacab58, 0xe34b9303); | ||
| 1027 | &data_word(0x302055fa, 0x76adf66d, 0xcc889176, 0x02f5254c); | ||
| 1028 | &data_word(0xe54ffcd7, 0x2ac5d7cb, 0x35268044, 0x62b58fa3); | ||
| 1029 | &data_word(0xb1de495a, 0xba25671b, 0xea45980e, 0xfe5de1c0); | ||
| 1030 | &data_word(0x2fc30275, 0x4c8112f0, 0x468da397, 0xd36bc6f9); | ||
| 1031 | &data_word(0x8f03e75f, 0x9215959c, 0x6dbfeb7a, 0x5295da59); | ||
| 1032 | &data_word(0xbed42d83, 0x7458d321, 0xe0492969, 0xc98e44c8); | ||
| 1033 | &data_word(0xc2756a89, 0x8ef47879, 0x58996b3e, 0xb927dd71); | ||
| 1034 | &data_word(0xe1beb64f, 0x88f017ad, 0x20c966ac, 0xce7db43a); | ||
| 1035 | &data_word(0xdf63184a, 0x1ae58231, 0x51976033, 0x5362457f); | ||
| 1036 | &data_word(0x64b1e077, 0x6bbb84ae, 0x81fe1ca0, 0x08f9942b); | ||
| 1037 | &data_word(0x48705868, 0x458f19fd, 0xde94876c, 0x7b52b7f8); | ||
| 1038 | &data_word(0x73ab23d3, 0x4b72e202, 0x1fe3578f, 0x55662aab); | ||
| 1039 | &data_word(0xebb20728, 0xb52f03c2, 0xc5869a7b, 0x37d3a508); | ||
| 1040 | &data_word(0x2830f287, 0xbf23b2a5, 0x0302ba6a, 0x16ed5c82); | ||
| 1041 | &data_word(0xcf8a2b1c, 0x79a792b4, 0x07f3f0f2, 0x694ea1e2); | ||
| 1042 | &data_word(0xda65cdf4, 0x0506d5be, 0x34d11f62, 0xa6c48afe); | ||
| 1043 | &data_word(0x2e349d53, 0xf3a2a055, 0x8a0532e1, 0xf6a475eb); | ||
| 1044 | &data_word(0x830b39ec, 0x6040aaef, 0x715e069f, 0x6ebd5110); | ||
| 1045 | &data_word(0x213ef98a, 0xdd963d06, 0x3eddae05, 0xe64d46bd); | ||
| 1046 | &data_word(0x5491b58d, 0xc471055d, 0x06046fd4, 0x5060ff15); | ||
| 1047 | &data_word(0x981924fb, 0xbdd697e9, 0x4089cc43, 0xd967779e); | ||
| 1048 | &data_word(0xe8b0bd42, 0x8907888b, 0x19e7385b, 0xc879dbee); | ||
| 1049 | &data_word(0x7ca1470a, 0x427ce90f, 0x84f8c91e, 0x00000000); | ||
| 1050 | &data_word(0x80098386, 0x2b3248ed, 0x111eac70, 0x5a6c4e72); | ||
| 1051 | &data_word(0x0efdfbff, 0x850f5638, 0xae3d1ed5, 0x2d362739); | ||
| 1052 | &data_word(0x0f0a64d9, 0x5c6821a6, 0x5b9bd154, 0x36243a2e); | ||
| 1053 | &data_word(0x0a0cb167, 0x57930fe7, 0xeeb4d296, 0x9b1b9e91); | ||
| 1054 | &data_word(0xc0804fc5, 0xdc61a220, 0x775a694b, 0x121c161a); | ||
| 1055 | &data_word(0x93e20aba, 0xa0c0e52a, 0x223c43e0, 0x1b121d17); | ||
| 1056 | &data_word(0x090e0b0d, 0x8bf2adc7, 0xb62db9a8, 0x1e14c8a9); | ||
| 1057 | &data_word(0xf1578519, 0x75af4c07, 0x99eebbdd, 0x7fa3fd60); | ||
| 1058 | &data_word(0x01f79f26, 0x725cbcf5, 0x6644c53b, 0xfb5b347e); | ||
| 1059 | &data_word(0x438b7629, 0x23cbdcc6, 0xedb668fc, 0xe4b863f1); | ||
| 1060 | &data_word(0x31d7cadc, 0x63421085, 0x97134022, 0xc6842011); | ||
| 1061 | &data_word(0x4a857d24, 0xbbd2f83d, 0xf9ae1132, 0x29c76da1); | ||
| 1062 | &data_word(0x9e1d4b2f, 0xb2dcf330, 0x860dec52, 0xc177d0e3); | ||
| 1063 | &data_word(0xb32b6c16, 0x70a999b9, 0x9411fa48, 0xe9472264); | ||
| 1064 | &data_word(0xfca8c48c, 0xf0a01a3f, 0x7d56d82c, 0x3322ef90); | ||
| 1065 | &data_word(0x4987c74e, 0x38d9c1d1, 0xca8cfea2, 0xd498360b); | ||
| 1066 | &data_word(0xf5a6cf81, 0x7aa528de, 0xb7da268e, 0xad3fa4bf); | ||
| 1067 | &data_word(0x3a2ce49d, 0x78500d92, 0x5f6a9bcc, 0x7e546246); | ||
| 1068 | &data_word(0x8df6c213, 0xd890e8b8, 0x392e5ef7, 0xc382f5af); | ||
| 1069 | &data_word(0x5d9fbe80, 0xd0697c93, 0xd56fa92d, 0x25cfb312); | ||
| 1070 | &data_word(0xacc83b99, 0x1810a77d, 0x9ce86e63, 0x3bdb7bbb); | ||
| 1071 | &data_word(0x26cd0978, 0x596ef418, 0x9aec01b7, 0x4f83a89a); | ||
| 1072 | &data_word(0x95e6656e, 0xffaa7ee6, 0xbc2108cf, 0x15efe6e8); | ||
| 1073 | &data_word(0xe7bad99b, 0x6f4ace36, 0x9fead409, 0xb029d67c); | ||
| 1074 | &data_word(0xa431afb2, 0x3f2a3123, 0xa5c63094, 0xa235c066); | ||
| 1075 | &data_word(0x4e7437bc, 0x82fca6ca, 0x90e0b0d0, 0xa73315d8); | ||
| 1076 | &data_word(0x04f14a98, 0xec41f7da, 0xcd7f0e50, 0x91172ff6); | ||
| 1077 | &data_word(0x4d768dd6, 0xef434db0, 0xaacc544d, 0x96e4df04); | ||
| 1078 | &data_word(0xd19ee3b5, 0x6a4c1b88, 0x2cc1b81f, 0x65467f51); | ||
| 1079 | &data_word(0x5e9d04ea, 0x8c015d35, 0x87fa7374, 0x0bfb2e41); | ||
| 1080 | &data_word(0x67b35a1d, 0xdb9252d2, 0x10e93356, 0xd66d1347); | ||
| 1081 | &data_word(0xd79a8c61, 0xa1377a0c, 0xf8598e14, 0x13eb893c); | ||
| 1082 | &data_word(0xa9ceee27, 0x61b735c9, 0x1ce1ede5, 0x477a3cb1); | ||
| 1083 | &data_word(0xd29c59df, 0xf2553f73, 0x141879ce, 0xc773bf37); | ||
| 1084 | &data_word(0xf753eacd, 0xfd5f5baa, 0x3ddf146f, 0x447886db); | ||
| 1085 | &data_word(0xafca81f3, 0x68b93ec4, 0x24382c34, 0xa3c25f40); | ||
| 1086 | &data_word(0x1d1672c3, 0xe2bc0c25, 0x3c288b49, 0x0dff4195); | ||
| 1087 | &data_word(0xa8397101, 0x0c08deb3, 0xb4d89ce4, 0x566490c1); | ||
| 1088 | &data_word(0xcb7b6184, 0x32d570b6, 0x6c48745c, 0xb8d04257); | ||
| 1089 | #Td3: | ||
| 1090 | &data_word(0x5150a7f4, 0x7e536541, 0x1ac3a417, 0x3a965e27); | ||
| 1091 | &data_word(0x3bcb6bab, 0x1ff1459d, 0xacab58fa, 0x4b9303e3); | ||
| 1092 | &data_word(0x2055fa30, 0xadf66d76, 0x889176cc, 0xf5254c02); | ||
| 1093 | &data_word(0x4ffcd7e5, 0xc5d7cb2a, 0x26804435, 0xb58fa362); | ||
| 1094 | &data_word(0xde495ab1, 0x25671bba, 0x45980eea, 0x5de1c0fe); | ||
| 1095 | &data_word(0xc302752f, 0x8112f04c, 0x8da39746, 0x6bc6f9d3); | ||
| 1096 | &data_word(0x03e75f8f, 0x15959c92, 0xbfeb7a6d, 0x95da5952); | ||
| 1097 | &data_word(0xd42d83be, 0x58d32174, 0x492969e0, 0x8e44c8c9); | ||
| 1098 | &data_word(0x756a89c2, 0xf478798e, 0x996b3e58, 0x27dd71b9); | ||
| 1099 | &data_word(0xbeb64fe1, 0xf017ad88, 0xc966ac20, 0x7db43ace); | ||
| 1100 | &data_word(0x63184adf, 0xe582311a, 0x97603351, 0x62457f53); | ||
| 1101 | &data_word(0xb1e07764, 0xbb84ae6b, 0xfe1ca081, 0xf9942b08); | ||
| 1102 | &data_word(0x70586848, 0x8f19fd45, 0x94876cde, 0x52b7f87b); | ||
| 1103 | &data_word(0xab23d373, 0x72e2024b, 0xe3578f1f, 0x662aab55); | ||
| 1104 | &data_word(0xb20728eb, 0x2f03c2b5, 0x869a7bc5, 0xd3a50837); | ||
| 1105 | &data_word(0x30f28728, 0x23b2a5bf, 0x02ba6a03, 0xed5c8216); | ||
| 1106 | &data_word(0x8a2b1ccf, 0xa792b479, 0xf3f0f207, 0x4ea1e269); | ||
| 1107 | &data_word(0x65cdf4da, 0x06d5be05, 0xd11f6234, 0xc48afea6); | ||
| 1108 | &data_word(0x349d532e, 0xa2a055f3, 0x0532e18a, 0xa475ebf6); | ||
| 1109 | &data_word(0x0b39ec83, 0x40aaef60, 0x5e069f71, 0xbd51106e); | ||
| 1110 | &data_word(0x3ef98a21, 0x963d06dd, 0xddae053e, 0x4d46bde6); | ||
| 1111 | &data_word(0x91b58d54, 0x71055dc4, 0x046fd406, 0x60ff1550); | ||
| 1112 | &data_word(0x1924fb98, 0xd697e9bd, 0x89cc4340, 0x67779ed9); | ||
| 1113 | &data_word(0xb0bd42e8, 0x07888b89, 0xe7385b19, 0x79dbeec8); | ||
| 1114 | &data_word(0xa1470a7c, 0x7ce90f42, 0xf8c91e84, 0x00000000); | ||
| 1115 | &data_word(0x09838680, 0x3248ed2b, 0x1eac7011, 0x6c4e725a); | ||
| 1116 | &data_word(0xfdfbff0e, 0x0f563885, 0x3d1ed5ae, 0x3627392d); | ||
| 1117 | &data_word(0x0a64d90f, 0x6821a65c, 0x9bd1545b, 0x243a2e36); | ||
| 1118 | &data_word(0x0cb1670a, 0x930fe757, 0xb4d296ee, 0x1b9e919b); | ||
| 1119 | &data_word(0x804fc5c0, 0x61a220dc, 0x5a694b77, 0x1c161a12); | ||
| 1120 | &data_word(0xe20aba93, 0xc0e52aa0, 0x3c43e022, 0x121d171b); | ||
| 1121 | &data_word(0x0e0b0d09, 0xf2adc78b, 0x2db9a8b6, 0x14c8a91e); | ||
| 1122 | &data_word(0x578519f1, 0xaf4c0775, 0xeebbdd99, 0xa3fd607f); | ||
| 1123 | &data_word(0xf79f2601, 0x5cbcf572, 0x44c53b66, 0x5b347efb); | ||
| 1124 | &data_word(0x8b762943, 0xcbdcc623, 0xb668fced, 0xb863f1e4); | ||
| 1125 | &data_word(0xd7cadc31, 0x42108563, 0x13402297, 0x842011c6); | ||
| 1126 | &data_word(0x857d244a, 0xd2f83dbb, 0xae1132f9, 0xc76da129); | ||
| 1127 | &data_word(0x1d4b2f9e, 0xdcf330b2, 0x0dec5286, 0x77d0e3c1); | ||
| 1128 | &data_word(0x2b6c16b3, 0xa999b970, 0x11fa4894, 0x472264e9); | ||
| 1129 | &data_word(0xa8c48cfc, 0xa01a3ff0, 0x56d82c7d, 0x22ef9033); | ||
| 1130 | &data_word(0x87c74e49, 0xd9c1d138, 0x8cfea2ca, 0x98360bd4); | ||
| 1131 | &data_word(0xa6cf81f5, 0xa528de7a, 0xda268eb7, 0x3fa4bfad); | ||
| 1132 | &data_word(0x2ce49d3a, 0x500d9278, 0x6a9bcc5f, 0x5462467e); | ||
| 1133 | &data_word(0xf6c2138d, 0x90e8b8d8, 0x2e5ef739, 0x82f5afc3); | ||
| 1134 | &data_word(0x9fbe805d, 0x697c93d0, 0x6fa92dd5, 0xcfb31225); | ||
| 1135 | &data_word(0xc83b99ac, 0x10a77d18, 0xe86e639c, 0xdb7bbb3b); | ||
| 1136 | &data_word(0xcd097826, 0x6ef41859, 0xec01b79a, 0x83a89a4f); | ||
| 1137 | &data_word(0xe6656e95, 0xaa7ee6ff, 0x2108cfbc, 0xefe6e815); | ||
| 1138 | &data_word(0xbad99be7, 0x4ace366f, 0xead4099f, 0x29d67cb0); | ||
| 1139 | &data_word(0x31afb2a4, 0x2a31233f, 0xc63094a5, 0x35c066a2); | ||
| 1140 | &data_word(0x7437bc4e, 0xfca6ca82, 0xe0b0d090, 0x3315d8a7); | ||
| 1141 | &data_word(0xf14a9804, 0x41f7daec, 0x7f0e50cd, 0x172ff691); | ||
| 1142 | &data_word(0x768dd64d, 0x434db0ef, 0xcc544daa, 0xe4df0496); | ||
| 1143 | &data_word(0x9ee3b5d1, 0x4c1b886a, 0xc1b81f2c, 0x467f5165); | ||
| 1144 | &data_word(0x9d04ea5e, 0x015d358c, 0xfa737487, 0xfb2e410b); | ||
| 1145 | &data_word(0xb35a1d67, 0x9252d2db, 0xe9335610, 0x6d1347d6); | ||
| 1146 | &data_word(0x9a8c61d7, 0x377a0ca1, 0x598e14f8, 0xeb893c13); | ||
| 1147 | &data_word(0xceee27a9, 0xb735c961, 0xe1ede51c, 0x7a3cb147); | ||
| 1148 | &data_word(0x9c59dfd2, 0x553f73f2, 0x1879ce14, 0x73bf37c7); | ||
| 1149 | &data_word(0x53eacdf7, 0x5f5baafd, 0xdf146f3d, 0x7886db44); | ||
| 1150 | &data_word(0xca81f3af, 0xb93ec468, 0x382c3424, 0xc25f40a3); | ||
| 1151 | &data_word(0x1672c31d, 0xbc0c25e2, 0x288b493c, 0xff41950d); | ||
| 1152 | &data_word(0x397101a8, 0x08deb30c, 0xd89ce4b4, 0x6490c156); | ||
| 1153 | &data_word(0x7b6184cb, 0xd570b632, 0x48745c6c, 0xd04257b8); | ||
| 1154 | #Td4: | ||
| 1155 | &data_word(0x52525252, 0x09090909, 0x6a6a6a6a, 0xd5d5d5d5); | ||
| 1156 | &data_word(0x30303030, 0x36363636, 0xa5a5a5a5, 0x38383838); | ||
| 1157 | &data_word(0xbfbfbfbf, 0x40404040, 0xa3a3a3a3, 0x9e9e9e9e); | ||
| 1158 | &data_word(0x81818181, 0xf3f3f3f3, 0xd7d7d7d7, 0xfbfbfbfb); | ||
| 1159 | &data_word(0x7c7c7c7c, 0xe3e3e3e3, 0x39393939, 0x82828282); | ||
| 1160 | &data_word(0x9b9b9b9b, 0x2f2f2f2f, 0xffffffff, 0x87878787); | ||
| 1161 | &data_word(0x34343434, 0x8e8e8e8e, 0x43434343, 0x44444444); | ||
| 1162 | &data_word(0xc4c4c4c4, 0xdededede, 0xe9e9e9e9, 0xcbcbcbcb); | ||
| 1163 | &data_word(0x54545454, 0x7b7b7b7b, 0x94949494, 0x32323232); | ||
| 1164 | &data_word(0xa6a6a6a6, 0xc2c2c2c2, 0x23232323, 0x3d3d3d3d); | ||
| 1165 | &data_word(0xeeeeeeee, 0x4c4c4c4c, 0x95959595, 0x0b0b0b0b); | ||
| 1166 | &data_word(0x42424242, 0xfafafafa, 0xc3c3c3c3, 0x4e4e4e4e); | ||
| 1167 | &data_word(0x08080808, 0x2e2e2e2e, 0xa1a1a1a1, 0x66666666); | ||
| 1168 | &data_word(0x28282828, 0xd9d9d9d9, 0x24242424, 0xb2b2b2b2); | ||
| 1169 | &data_word(0x76767676, 0x5b5b5b5b, 0xa2a2a2a2, 0x49494949); | ||
| 1170 | &data_word(0x6d6d6d6d, 0x8b8b8b8b, 0xd1d1d1d1, 0x25252525); | ||
| 1171 | &data_word(0x72727272, 0xf8f8f8f8, 0xf6f6f6f6, 0x64646464); | ||
| 1172 | &data_word(0x86868686, 0x68686868, 0x98989898, 0x16161616); | ||
| 1173 | &data_word(0xd4d4d4d4, 0xa4a4a4a4, 0x5c5c5c5c, 0xcccccccc); | ||
| 1174 | &data_word(0x5d5d5d5d, 0x65656565, 0xb6b6b6b6, 0x92929292); | ||
| 1175 | &data_word(0x6c6c6c6c, 0x70707070, 0x48484848, 0x50505050); | ||
| 1176 | &data_word(0xfdfdfdfd, 0xedededed, 0xb9b9b9b9, 0xdadadada); | ||
| 1177 | &data_word(0x5e5e5e5e, 0x15151515, 0x46464646, 0x57575757); | ||
| 1178 | &data_word(0xa7a7a7a7, 0x8d8d8d8d, 0x9d9d9d9d, 0x84848484); | ||
| 1179 | &data_word(0x90909090, 0xd8d8d8d8, 0xabababab, 0x00000000); | ||
| 1180 | &data_word(0x8c8c8c8c, 0xbcbcbcbc, 0xd3d3d3d3, 0x0a0a0a0a); | ||
| 1181 | &data_word(0xf7f7f7f7, 0xe4e4e4e4, 0x58585858, 0x05050505); | ||
| 1182 | &data_word(0xb8b8b8b8, 0xb3b3b3b3, 0x45454545, 0x06060606); | ||
| 1183 | &data_word(0xd0d0d0d0, 0x2c2c2c2c, 0x1e1e1e1e, 0x8f8f8f8f); | ||
| 1184 | &data_word(0xcacacaca, 0x3f3f3f3f, 0x0f0f0f0f, 0x02020202); | ||
| 1185 | &data_word(0xc1c1c1c1, 0xafafafaf, 0xbdbdbdbd, 0x03030303); | ||
| 1186 | &data_word(0x01010101, 0x13131313, 0x8a8a8a8a, 0x6b6b6b6b); | ||
| 1187 | &data_word(0x3a3a3a3a, 0x91919191, 0x11111111, 0x41414141); | ||
| 1188 | &data_word(0x4f4f4f4f, 0x67676767, 0xdcdcdcdc, 0xeaeaeaea); | ||
| 1189 | &data_word(0x97979797, 0xf2f2f2f2, 0xcfcfcfcf, 0xcececece); | ||
| 1190 | &data_word(0xf0f0f0f0, 0xb4b4b4b4, 0xe6e6e6e6, 0x73737373); | ||
| 1191 | &data_word(0x96969696, 0xacacacac, 0x74747474, 0x22222222); | ||
| 1192 | &data_word(0xe7e7e7e7, 0xadadadad, 0x35353535, 0x85858585); | ||
| 1193 | &data_word(0xe2e2e2e2, 0xf9f9f9f9, 0x37373737, 0xe8e8e8e8); | ||
| 1194 | &data_word(0x1c1c1c1c, 0x75757575, 0xdfdfdfdf, 0x6e6e6e6e); | ||
| 1195 | &data_word(0x47474747, 0xf1f1f1f1, 0x1a1a1a1a, 0x71717171); | ||
| 1196 | &data_word(0x1d1d1d1d, 0x29292929, 0xc5c5c5c5, 0x89898989); | ||
| 1197 | &data_word(0x6f6f6f6f, 0xb7b7b7b7, 0x62626262, 0x0e0e0e0e); | ||
| 1198 | &data_word(0xaaaaaaaa, 0x18181818, 0xbebebebe, 0x1b1b1b1b); | ||
| 1199 | &data_word(0xfcfcfcfc, 0x56565656, 0x3e3e3e3e, 0x4b4b4b4b); | ||
| 1200 | &data_word(0xc6c6c6c6, 0xd2d2d2d2, 0x79797979, 0x20202020); | ||
| 1201 | &data_word(0x9a9a9a9a, 0xdbdbdbdb, 0xc0c0c0c0, 0xfefefefe); | ||
| 1202 | &data_word(0x78787878, 0xcdcdcdcd, 0x5a5a5a5a, 0xf4f4f4f4); | ||
| 1203 | &data_word(0x1f1f1f1f, 0xdddddddd, 0xa8a8a8a8, 0x33333333); | ||
| 1204 | &data_word(0x88888888, 0x07070707, 0xc7c7c7c7, 0x31313131); | ||
| 1205 | &data_word(0xb1b1b1b1, 0x12121212, 0x10101010, 0x59595959); | ||
| 1206 | &data_word(0x27272727, 0x80808080, 0xecececec, 0x5f5f5f5f); | ||
| 1207 | &data_word(0x60606060, 0x51515151, 0x7f7f7f7f, 0xa9a9a9a9); | ||
| 1208 | &data_word(0x19191919, 0xb5b5b5b5, 0x4a4a4a4a, 0x0d0d0d0d); | ||
| 1209 | &data_word(0x2d2d2d2d, 0xe5e5e5e5, 0x7a7a7a7a, 0x9f9f9f9f); | ||
| 1210 | &data_word(0x93939393, 0xc9c9c9c9, 0x9c9c9c9c, 0xefefefef); | ||
| 1211 | &data_word(0xa0a0a0a0, 0xe0e0e0e0, 0x3b3b3b3b, 0x4d4d4d4d); | ||
| 1212 | &data_word(0xaeaeaeae, 0x2a2a2a2a, 0xf5f5f5f5, 0xb0b0b0b0); | ||
| 1213 | &data_word(0xc8c8c8c8, 0xebebebeb, 0xbbbbbbbb, 0x3c3c3c3c); | ||
| 1214 | &data_word(0x83838383, 0x53535353, 0x99999999, 0x61616161); | ||
| 1215 | &data_word(0x17171717, 0x2b2b2b2b, 0x04040404, 0x7e7e7e7e); | ||
| 1216 | &data_word(0xbabababa, 0x77777777, 0xd6d6d6d6, 0x26262626); | ||
| 1217 | &data_word(0xe1e1e1e1, 0x69696969, 0x14141414, 0x63636363); | ||
| 1218 | &data_word(0x55555555, 0x21212121, 0x0c0c0c0c, 0x7d7d7d7d); | ||
| 1219 | &function_end_B("AES_decrypt"); | ||
| 1220 | 1213 | ||
| 1221 | sub enckey() | 1214 | sub enckey() |
| 1222 | { | 1215 | { |
| 1223 | &movz ("esi",&LB("edx")); # rk[i]>>0 | 1216 | &movz ("esi",&LB("edx")); # rk[i]>>0 |
| 1224 | &mov ("ebx",&DWP(0,"ebp","esi",4)); | 1217 | &mov ("ebx",&DWP(2,"ebp","esi",8)); |
| 1225 | &movz ("esi",&HB("edx")); # rk[i]>>8 | 1218 | &movz ("esi",&HB("edx")); # rk[i]>>8 |
| 1226 | &and ("ebx",0xFF000000); | 1219 | &and ("ebx",0xFF000000); |
| 1227 | &xor ("eax","ebx"); | 1220 | &xor ("eax","ebx"); |
| 1228 | 1221 | ||
| 1229 | &mov ("ebx",&DWP(0,"ebp","esi",4)); | 1222 | &mov ("ebx",&DWP(2,"ebp","esi",8)); |
| 1230 | &shr ("edx",16); | 1223 | &shr ("edx",16); |
| 1231 | &and ("ebx",0x000000FF); | 1224 | &and ("ebx",0x000000FF); |
| 1232 | &movz ("esi",&LB("edx")); # rk[i]>>16 | 1225 | &movz ("esi",&LB("edx")); # rk[i]>>16 |
| 1233 | &xor ("eax","ebx"); | 1226 | &xor ("eax","ebx"); |
| 1234 | 1227 | ||
| 1235 | &mov ("ebx",&DWP(0,"ebp","esi",4)); | 1228 | &mov ("ebx",&DWP(0,"ebp","esi",8)); |
| 1236 | &movz ("esi",&HB("edx")); # rk[i]>>24 | 1229 | &movz ("esi",&HB("edx")); # rk[i]>>24 |
| 1237 | &and ("ebx",0x0000FF00); | 1230 | &and ("ebx",0x0000FF00); |
| 1238 | &xor ("eax","ebx"); | 1231 | &xor ("eax","ebx"); |
| 1239 | 1232 | ||
| 1240 | &mov ("ebx",&DWP(0,"ebp","esi",4)); | 1233 | &mov ("ebx",&DWP(0,"ebp","esi",8)); |
| 1241 | &and ("ebx",0x00FF0000); | 1234 | &and ("ebx",0x00FF0000); |
| 1242 | &xor ("eax","ebx"); | 1235 | &xor ("eax","ebx"); |
| 1243 | 1236 | ||
| 1244 | &xor ("eax",&DWP(1024,"ebp","ecx",4)); # rcon | 1237 | &xor ("eax",&DWP(2048,"ebp","ecx",4)); # rcon |
| 1245 | } | 1238 | } |
| 1246 | 1239 | ||
| 1247 | # int AES_set_encrypt_key(const unsigned char *userKey, const int bits, | 1240 | # int AES_set_encrypt_key(const unsigned char *userKey, const int bits, |
| @@ -1260,7 +1253,6 @@ sub enckey() | |||
| 1260 | &set_label("pic_point"); | 1253 | &set_label("pic_point"); |
| 1261 | &blindpop("ebp"); | 1254 | &blindpop("ebp"); |
| 1262 | &lea ("ebp",&DWP(&label("AES_Te")."-".&label("pic_point"),"ebp")); | 1255 | &lea ("ebp",&DWP(&label("AES_Te")."-".&label("pic_point"),"ebp")); |
| 1263 | &add ("ebp",1024*4); # skip to Te4 | ||
| 1264 | 1256 | ||
| 1265 | &mov ("ecx",&wparam(1)); # number of bits in key | 1257 | &mov ("ecx",&wparam(1)); # number of bits in key |
| 1266 | &cmp ("ecx",128); | 1258 | &cmp ("ecx",128); |
| @@ -1401,23 +1393,23 @@ sub enckey() | |||
| 1401 | &mov ("edx","eax"); | 1393 | &mov ("edx","eax"); |
| 1402 | &mov ("eax",&DWP(16,"edi")); # rk[4] | 1394 | &mov ("eax",&DWP(16,"edi")); # rk[4] |
| 1403 | &movz ("esi",&LB("edx")); # rk[11]>>0 | 1395 | &movz ("esi",&LB("edx")); # rk[11]>>0 |
| 1404 | &mov ("ebx",&DWP(0,"ebp","esi",4)); | 1396 | &mov ("ebx",&DWP(2,"ebp","esi",8)); |
| 1405 | &movz ("esi",&HB("edx")); # rk[11]>>8 | 1397 | &movz ("esi",&HB("edx")); # rk[11]>>8 |
| 1406 | &and ("ebx",0x000000FF); | 1398 | &and ("ebx",0x000000FF); |
| 1407 | &xor ("eax","ebx"); | 1399 | &xor ("eax","ebx"); |
| 1408 | 1400 | ||
| 1409 | &mov ("ebx",&DWP(0,"ebp","esi",4)); | 1401 | &mov ("ebx",&DWP(0,"ebp","esi",8)); |
| 1410 | &shr ("edx",16); | 1402 | &shr ("edx",16); |
| 1411 | &and ("ebx",0x0000FF00); | 1403 | &and ("ebx",0x0000FF00); |
| 1412 | &movz ("esi",&LB("edx")); # rk[11]>>16 | 1404 | &movz ("esi",&LB("edx")); # rk[11]>>16 |
| 1413 | &xor ("eax","ebx"); | 1405 | &xor ("eax","ebx"); |
| 1414 | 1406 | ||
| 1415 | &mov ("ebx",&DWP(0,"ebp","esi",4)); | 1407 | &mov ("ebx",&DWP(0,"ebp","esi",8)); |
| 1416 | &movz ("esi",&HB("edx")); # rk[11]>>24 | 1408 | &movz ("esi",&HB("edx")); # rk[11]>>24 |
| 1417 | &and ("ebx",0x00FF0000); | 1409 | &and ("ebx",0x00FF0000); |
| 1418 | &xor ("eax","ebx"); | 1410 | &xor ("eax","ebx"); |
| 1419 | 1411 | ||
| 1420 | &mov ("ebx",&DWP(0,"ebp","esi",4)); | 1412 | &mov ("ebx",&DWP(2,"ebp","esi",8)); |
| 1421 | &and ("ebx",0xFF000000); | 1413 | &and ("ebx",0xFF000000); |
| 1422 | &xor ("eax","ebx"); | 1414 | &xor ("eax","ebx"); |
| 1423 | 1415 | ||
| @@ -1443,23 +1435,23 @@ sub enckey() | |||
| 1443 | &function_end("AES_set_encrypt_key"); | 1435 | &function_end("AES_set_encrypt_key"); |
| 1444 | 1436 | ||
| 1445 | sub deckey() | 1437 | sub deckey() |
| 1446 | { my ($i,$ptr,$te4,$td) = @_; | 1438 | { my ($i,$ptr,$te,$td) = @_; |
| 1447 | 1439 | ||
| 1448 | &mov ("eax",&DWP($i,$ptr)); | 1440 | &mov ("eax",&DWP($i,$ptr)); |
| 1449 | &mov ("edx","eax"); | 1441 | &mov ("edx","eax"); |
| 1450 | &movz ("ebx",&HB("eax")); | 1442 | &movz ("ebx",&HB("eax")); |
| 1451 | &shr ("edx",16); | 1443 | &shr ("edx",16); |
| 1452 | &and ("eax",0xFF); | 1444 | &and ("eax",0xFF); |
| 1453 | &movz ("eax",&BP(0,$te4,"eax",4)); | 1445 | &movz ("eax",&BP(2,$te,"eax",8)); |
| 1454 | &movz ("ebx",&BP(0,$te4,"ebx",4)); | 1446 | &movz ("ebx",&BP(2,$te,"ebx",8)); |
| 1455 | &mov ("eax",&DWP(1024*0,$td,"eax",4)); | 1447 | &mov ("eax",&DWP(0,$td,"eax",8)); |
| 1456 | &xor ("eax",&DWP(1024*1,$td,"ebx",4)); | 1448 | &xor ("eax",&DWP(3,$td,"ebx",8)); |
| 1457 | &movz ("ebx",&HB("edx")); | 1449 | &movz ("ebx",&HB("edx")); |
| 1458 | &and ("edx",0xFF); | 1450 | &and ("edx",0xFF); |
| 1459 | &movz ("edx",&BP(0,$te4,"edx",4)); | 1451 | &movz ("edx",&BP(2,$te,"edx",8)); |
| 1460 | &movz ("ebx",&BP(0,$te4,"ebx",4)); | 1452 | &movz ("ebx",&BP(2,$te,"ebx",8)); |
| 1461 | &xor ("eax",&DWP(1024*2,$td,"edx",4)); | 1453 | &xor ("eax",&DWP(2,$td,"edx",8)); |
| 1462 | &xor ("eax",&DWP(1024*3,$td,"ebx",4)); | 1454 | &xor ("eax",&DWP(1,$td,"ebx",8)); |
| 1463 | &mov (&DWP($i,$ptr),"eax"); | 1455 | &mov (&DWP($i,$ptr),"eax"); |
| 1464 | } | 1456 | } |
| 1465 | 1457 | ||
| @@ -1520,7 +1512,6 @@ sub deckey() | |||
| 1520 | blindpop("ebp"); | 1512 | blindpop("ebp"); |
| 1521 | &lea ("edi",&DWP(&label("AES_Td")."-".&label("pic_point"),"ebp")); | 1513 | &lea ("edi",&DWP(&label("AES_Td")."-".&label("pic_point"),"ebp")); |
| 1522 | &lea ("ebp",&DWP(&label("AES_Te")."-".&label("pic_point"),"ebp")); | 1514 | &lea ("ebp",&DWP(&label("AES_Te")."-".&label("pic_point"),"ebp")); |
| 1523 | &add ("ebp",1024*4); # skip to Te4 | ||
| 1524 | 1515 | ||
| 1525 | &mov ("esi",&wparam(2)); | 1516 | &mov ("esi",&wparam(2)); |
| 1526 | &mov ("ecx",&DWP(240,"esi")); # pull number of rounds | 1517 | &mov ("ecx",&DWP(240,"esi")); # pull number of rounds |
diff --git a/src/lib/libssl/src/crypto/asn1/a_bitstr.c b/src/lib/libssl/src/crypto/asn1/a_bitstr.c index b81bf4fc81..0fb9ce0c2a 100644 --- a/src/lib/libssl/src/crypto/asn1/a_bitstr.c +++ b/src/lib/libssl/src/crypto/asn1/a_bitstr.c | |||
| @@ -113,11 +113,12 @@ int i2c_ASN1_BIT_STRING(ASN1_BIT_STRING *a, unsigned char **pp) | |||
| 113 | return(ret); | 113 | return(ret); |
| 114 | } | 114 | } |
| 115 | 115 | ||
| 116 | ASN1_BIT_STRING *c2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a, unsigned char **pp, | 116 | ASN1_BIT_STRING *c2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a, |
| 117 | long len) | 117 | const unsigned char **pp, long len) |
| 118 | { | 118 | { |
| 119 | ASN1_BIT_STRING *ret=NULL; | 119 | ASN1_BIT_STRING *ret=NULL; |
| 120 | unsigned char *p,*s; | 120 | const unsigned char *p; |
| 121 | unsigned char *s; | ||
| 121 | int i; | 122 | int i; |
| 122 | 123 | ||
| 123 | if (len < 1) | 124 | if (len < 1) |
| @@ -164,7 +165,7 @@ ASN1_BIT_STRING *c2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a, unsigned char **pp, | |||
| 164 | *pp=p; | 165 | *pp=p; |
| 165 | return(ret); | 166 | return(ret); |
| 166 | err: | 167 | err: |
| 167 | ASN1err(ASN1_F_D2I_ASN1_BIT_STRING,i); | 168 | ASN1err(ASN1_F_C2I_ASN1_BIT_STRING,i); |
| 168 | if ((ret != NULL) && ((a == NULL) || (*a != ret))) | 169 | if ((ret != NULL) && ((a == NULL) || (*a != ret))) |
| 169 | M_ASN1_BIT_STRING_free(ret); | 170 | M_ASN1_BIT_STRING_free(ret); |
| 170 | return(NULL); | 171 | return(NULL); |
| @@ -182,9 +183,11 @@ int ASN1_BIT_STRING_set_bit(ASN1_BIT_STRING *a, int n, int value) | |||
| 182 | iv= ~v; | 183 | iv= ~v; |
| 183 | if (!value) v=0; | 184 | if (!value) v=0; |
| 184 | 185 | ||
| 186 | if (a == NULL) | ||
| 187 | return 0; | ||
| 188 | |||
| 185 | a->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07); /* clear, set on write */ | 189 | a->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07); /* clear, set on write */ |
| 186 | 190 | ||
| 187 | if (a == NULL) return(0); | ||
| 188 | if ((a->length < (w+1)) || (a->data == NULL)) | 191 | if ((a->length < (w+1)) || (a->data == NULL)) |
| 189 | { | 192 | { |
| 190 | if (!value) return(1); /* Don't need to set */ | 193 | if (!value) return(1); /* Don't need to set */ |
diff --git a/src/lib/libssl/src/crypto/asn1/a_bool.c b/src/lib/libssl/src/crypto/asn1/a_bool.c index 24333ea4d5..331acdf053 100644 --- a/src/lib/libssl/src/crypto/asn1/a_bool.c +++ b/src/lib/libssl/src/crypto/asn1/a_bool.c | |||
| @@ -75,10 +75,10 @@ int i2d_ASN1_BOOLEAN(int a, unsigned char **pp) | |||
| 75 | return(r); | 75 | return(r); |
| 76 | } | 76 | } |
| 77 | 77 | ||
| 78 | int d2i_ASN1_BOOLEAN(int *a, unsigned char **pp, long length) | 78 | int d2i_ASN1_BOOLEAN(int *a, const unsigned char **pp, long length) |
| 79 | { | 79 | { |
| 80 | int ret= -1; | 80 | int ret= -1; |
| 81 | unsigned char *p; | 81 | const unsigned char *p; |
| 82 | long len; | 82 | long len; |
| 83 | int inf,tag,xclass; | 83 | int inf,tag,xclass; |
| 84 | int i=0; | 84 | int i=0; |
diff --git a/src/lib/libssl/src/crypto/asn1/a_bytes.c b/src/lib/libssl/src/crypto/asn1/a_bytes.c index 2407f7c87a..92d630cdba 100644 --- a/src/lib/libssl/src/crypto/asn1/a_bytes.c +++ b/src/lib/libssl/src/crypto/asn1/a_bytes.c | |||
| @@ -60,14 +60,15 @@ | |||
| 60 | #include "cryptlib.h" | 60 | #include "cryptlib.h" |
| 61 | #include <openssl/asn1.h> | 61 | #include <openssl/asn1.h> |
| 62 | 62 | ||
| 63 | static int asn1_collate_primitive(ASN1_STRING *a, ASN1_CTX *c); | 63 | static int asn1_collate_primitive(ASN1_STRING *a, ASN1_const_CTX *c); |
| 64 | /* type is a 'bitmap' of acceptable string types. | 64 | /* type is a 'bitmap' of acceptable string types. |
| 65 | */ | 65 | */ |
| 66 | ASN1_STRING *d2i_ASN1_type_bytes(ASN1_STRING **a, unsigned char **pp, | 66 | ASN1_STRING *d2i_ASN1_type_bytes(ASN1_STRING **a, const unsigned char **pp, |
| 67 | long length, int type) | 67 | long length, int type) |
| 68 | { | 68 | { |
| 69 | ASN1_STRING *ret=NULL; | 69 | ASN1_STRING *ret=NULL; |
| 70 | unsigned char *p,*s; | 70 | const unsigned char *p; |
| 71 | unsigned char *s; | ||
| 71 | long len; | 72 | long len; |
| 72 | int inf,tag,xclass; | 73 | int inf,tag,xclass; |
| 73 | int i=0; | 74 | int i=0; |
| @@ -153,11 +154,12 @@ int i2d_ASN1_bytes(ASN1_STRING *a, unsigned char **pp, int tag, int xclass) | |||
| 153 | return(r); | 154 | return(r); |
| 154 | } | 155 | } |
| 155 | 156 | ||
| 156 | ASN1_STRING *d2i_ASN1_bytes(ASN1_STRING **a, unsigned char **pp, long length, | 157 | ASN1_STRING *d2i_ASN1_bytes(ASN1_STRING **a, const unsigned char **pp, |
| 157 | int Ptag, int Pclass) | 158 | long length, int Ptag, int Pclass) |
| 158 | { | 159 | { |
| 159 | ASN1_STRING *ret=NULL; | 160 | ASN1_STRING *ret=NULL; |
| 160 | unsigned char *p,*s; | 161 | const unsigned char *p; |
| 162 | unsigned char *s; | ||
| 161 | long len; | 163 | long len; |
| 162 | int inf,tag,xclass; | 164 | int inf,tag,xclass; |
| 163 | int i=0; | 165 | int i=0; |
| @@ -185,7 +187,7 @@ ASN1_STRING *d2i_ASN1_bytes(ASN1_STRING **a, unsigned char **pp, long length, | |||
| 185 | 187 | ||
| 186 | if (inf & V_ASN1_CONSTRUCTED) | 188 | if (inf & V_ASN1_CONSTRUCTED) |
| 187 | { | 189 | { |
| 188 | ASN1_CTX c; | 190 | ASN1_const_CTX c; |
| 189 | 191 | ||
| 190 | c.pp=pp; | 192 | c.pp=pp; |
| 191 | c.p=p; | 193 | c.p=p; |
| @@ -247,7 +249,7 @@ err: | |||
| 247 | * them into the one structure that is then returned */ | 249 | * them into the one structure that is then returned */ |
| 248 | /* There have been a few bug fixes for this function from | 250 | /* There have been a few bug fixes for this function from |
| 249 | * Paul Keogh <paul.keogh@sse.ie>, many thanks to him */ | 251 | * Paul Keogh <paul.keogh@sse.ie>, many thanks to him */ |
| 250 | static int asn1_collate_primitive(ASN1_STRING *a, ASN1_CTX *c) | 252 | static int asn1_collate_primitive(ASN1_STRING *a, ASN1_const_CTX *c) |
| 251 | { | 253 | { |
| 252 | ASN1_STRING *os=NULL; | 254 | ASN1_STRING *os=NULL; |
| 253 | BUF_MEM b; | 255 | BUF_MEM b; |
| @@ -268,7 +270,7 @@ static int asn1_collate_primitive(ASN1_STRING *a, ASN1_CTX *c) | |||
| 268 | { | 270 | { |
| 269 | if (c->inf & 1) | 271 | if (c->inf & 1) |
| 270 | { | 272 | { |
| 271 | c->eos=ASN1_check_infinite_end(&c->p, | 273 | c->eos=ASN1_const_check_infinite_end(&c->p, |
| 272 | (long)(c->max-c->p)); | 274 | (long)(c->max-c->p)); |
| 273 | if (c->eos) break; | 275 | if (c->eos) break; |
| 274 | } | 276 | } |
| @@ -296,7 +298,7 @@ static int asn1_collate_primitive(ASN1_STRING *a, ASN1_CTX *c) | |||
| 296 | num+=os->length; | 298 | num+=os->length; |
| 297 | } | 299 | } |
| 298 | 300 | ||
| 299 | if (!asn1_Finish(c)) goto err; | 301 | if (!asn1_const_Finish(c)) goto err; |
| 300 | 302 | ||
| 301 | a->length=num; | 303 | a->length=num; |
| 302 | if (a->data != NULL) OPENSSL_free(a->data); | 304 | if (a->data != NULL) OPENSSL_free(a->data); |
diff --git a/src/lib/libssl/src/crypto/asn1/a_d2i_fp.c b/src/lib/libssl/src/crypto/asn1/a_d2i_fp.c index b67b75e7c2..ece40bc4c0 100644 --- a/src/lib/libssl/src/crypto/asn1/a_d2i_fp.c +++ b/src/lib/libssl/src/crypto/asn1/a_d2i_fp.c | |||
| @@ -66,11 +66,10 @@ static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb); | |||
| 66 | #ifndef NO_OLD_ASN1 | 66 | #ifndef NO_OLD_ASN1 |
| 67 | #ifndef OPENSSL_NO_FP_API | 67 | #ifndef OPENSSL_NO_FP_API |
| 68 | 68 | ||
| 69 | char *ASN1_d2i_fp(char *(*xnew)(), char *(*d2i)(), FILE *in, | 69 | void *ASN1_d2i_fp(void *(*xnew)(void), d2i_of_void *d2i, FILE *in, void **x) |
| 70 | unsigned char **x) | ||
| 71 | { | 70 | { |
| 72 | BIO *b; | 71 | BIO *b; |
| 73 | char *ret; | 72 | void *ret; |
| 74 | 73 | ||
| 75 | if ((b=BIO_new(BIO_s_file())) == NULL) | 74 | if ((b=BIO_new(BIO_s_file())) == NULL) |
| 76 | { | 75 | { |
| @@ -84,12 +83,11 @@ char *ASN1_d2i_fp(char *(*xnew)(), char *(*d2i)(), FILE *in, | |||
| 84 | } | 83 | } |
| 85 | #endif | 84 | #endif |
| 86 | 85 | ||
| 87 | char *ASN1_d2i_bio(char *(*xnew)(), char *(*d2i)(), BIO *in, | 86 | void *ASN1_d2i_bio(void *(*xnew)(void), d2i_of_void *d2i, BIO *in, void **x) |
| 88 | unsigned char **x) | ||
| 89 | { | 87 | { |
| 90 | BUF_MEM *b = NULL; | 88 | BUF_MEM *b = NULL; |
| 91 | unsigned char *p; | 89 | const unsigned char *p; |
| 92 | char *ret=NULL; | 90 | void *ret=NULL; |
| 93 | int len; | 91 | int len; |
| 94 | 92 | ||
| 95 | len = asn1_d2i_read_bio(in, &b); | 93 | len = asn1_d2i_read_bio(in, &b); |
| @@ -107,14 +105,14 @@ err: | |||
| 107 | void *ASN1_item_d2i_bio(const ASN1_ITEM *it, BIO *in, void *x) | 105 | void *ASN1_item_d2i_bio(const ASN1_ITEM *it, BIO *in, void *x) |
| 108 | { | 106 | { |
| 109 | BUF_MEM *b = NULL; | 107 | BUF_MEM *b = NULL; |
| 110 | unsigned char *p; | 108 | const unsigned char *p; |
| 111 | void *ret=NULL; | 109 | void *ret=NULL; |
| 112 | int len; | 110 | int len; |
| 113 | 111 | ||
| 114 | len = asn1_d2i_read_bio(in, &b); | 112 | len = asn1_d2i_read_bio(in, &b); |
| 115 | if(len < 0) goto err; | 113 | if(len < 0) goto err; |
| 116 | 114 | ||
| 117 | p=(unsigned char *)b->data; | 115 | p=(const unsigned char *)b->data; |
| 118 | ret=ASN1_item_d2i(x,&p,len, it); | 116 | ret=ASN1_item_d2i(x,&p,len, it); |
| 119 | err: | 117 | err: |
| 120 | if (b != NULL) BUF_MEM_free(b); | 118 | if (b != NULL) BUF_MEM_free(b); |
| @@ -129,7 +127,7 @@ void *ASN1_item_d2i_fp(const ASN1_ITEM *it, FILE *in, void *x) | |||
| 129 | 127 | ||
| 130 | if ((b=BIO_new(BIO_s_file())) == NULL) | 128 | if ((b=BIO_new(BIO_s_file())) == NULL) |
| 131 | { | 129 | { |
| 132 | ASN1err(ASN1_F_ASN1_D2I_FP,ERR_R_BUF_LIB); | 130 | ASN1err(ASN1_F_ASN1_ITEM_D2I_FP,ERR_R_BUF_LIB); |
| 133 | return(NULL); | 131 | return(NULL); |
| 134 | } | 132 | } |
| 135 | BIO_set_fp(b,in,BIO_NOCLOSE); | 133 | BIO_set_fp(b,in,BIO_NOCLOSE); |
| @@ -146,7 +144,7 @@ static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb) | |||
| 146 | unsigned char *p; | 144 | unsigned char *p; |
| 147 | int i; | 145 | int i; |
| 148 | int ret=-1; | 146 | int ret=-1; |
| 149 | ASN1_CTX c; | 147 | ASN1_const_CTX c; |
| 150 | int want=HEADER_SIZE; | 148 | int want=HEADER_SIZE; |
| 151 | int eos=0; | 149 | int eos=0; |
| 152 | #if defined(__GNUC__) && defined(__ia64) | 150 | #if defined(__GNUC__) && defined(__ia64) |
| @@ -160,7 +158,7 @@ static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb) | |||
| 160 | b=BUF_MEM_new(); | 158 | b=BUF_MEM_new(); |
| 161 | if (b == NULL) | 159 | if (b == NULL) |
| 162 | { | 160 | { |
| 163 | ASN1err(ASN1_F_ASN1_D2I_BIO,ERR_R_MALLOC_FAILURE); | 161 | ASN1err(ASN1_F_ASN1_D2I_READ_BIO,ERR_R_MALLOC_FAILURE); |
| 164 | return -1; | 162 | return -1; |
| 165 | } | 163 | } |
| 166 | 164 | ||
| @@ -173,13 +171,13 @@ static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb) | |||
| 173 | 171 | ||
| 174 | if (!BUF_MEM_grow_clean(b,len+want)) | 172 | if (!BUF_MEM_grow_clean(b,len+want)) |
| 175 | { | 173 | { |
| 176 | ASN1err(ASN1_F_ASN1_D2I_BIO,ERR_R_MALLOC_FAILURE); | 174 | ASN1err(ASN1_F_ASN1_D2I_READ_BIO,ERR_R_MALLOC_FAILURE); |
| 177 | goto err; | 175 | goto err; |
| 178 | } | 176 | } |
| 179 | i=BIO_read(in,&(b->data[len]),want); | 177 | i=BIO_read(in,&(b->data[len]),want); |
| 180 | if ((i < 0) && ((len-off) == 0)) | 178 | if ((i < 0) && ((len-off) == 0)) |
| 181 | { | 179 | { |
| 182 | ASN1err(ASN1_F_ASN1_D2I_BIO,ASN1_R_NOT_ENOUGH_DATA); | 180 | ASN1err(ASN1_F_ASN1_D2I_READ_BIO,ASN1_R_NOT_ENOUGH_DATA); |
| 183 | goto err; | 181 | goto err; |
| 184 | } | 182 | } |
| 185 | if (i > 0) | 183 | if (i > 0) |
| @@ -199,7 +197,7 @@ static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb) | |||
| 199 | if (e != ASN1_R_TOO_LONG) | 197 | if (e != ASN1_R_TOO_LONG) |
| 200 | goto err; | 198 | goto err; |
| 201 | else | 199 | else |
| 202 | ERR_get_error(); /* clear error */ | 200 | ERR_clear_error(); /* clear error */ |
| 203 | } | 201 | } |
| 204 | i=c.p-p;/* header length */ | 202 | i=c.p-p;/* header length */ |
| 205 | off+=i; /* end of data */ | 203 | off+=i; /* end of data */ |
| @@ -228,7 +226,7 @@ static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb) | |||
| 228 | want-=(len-off); | 226 | want-=(len-off); |
| 229 | if (!BUF_MEM_grow_clean(b,len+want)) | 227 | if (!BUF_MEM_grow_clean(b,len+want)) |
| 230 | { | 228 | { |
| 231 | ASN1err(ASN1_F_ASN1_D2I_BIO,ERR_R_MALLOC_FAILURE); | 229 | ASN1err(ASN1_F_ASN1_D2I_READ_BIO,ERR_R_MALLOC_FAILURE); |
| 232 | goto err; | 230 | goto err; |
| 233 | } | 231 | } |
| 234 | while (want > 0) | 232 | while (want > 0) |
| @@ -236,7 +234,7 @@ static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb) | |||
| 236 | i=BIO_read(in,&(b->data[len]),want); | 234 | i=BIO_read(in,&(b->data[len]),want); |
| 237 | if (i <= 0) | 235 | if (i <= 0) |
| 238 | { | 236 | { |
| 239 | ASN1err(ASN1_F_ASN1_D2I_BIO, | 237 | ASN1err(ASN1_F_ASN1_D2I_READ_BIO, |
| 240 | ASN1_R_NOT_ENOUGH_DATA); | 238 | ASN1_R_NOT_ENOUGH_DATA); |
| 241 | goto err; | 239 | goto err; |
| 242 | } | 240 | } |
diff --git a/src/lib/libssl/src/crypto/asn1/a_digest.c b/src/lib/libssl/src/crypto/asn1/a_digest.c index 7182e9fa5d..d00d9e22b1 100644 --- a/src/lib/libssl/src/crypto/asn1/a_digest.c +++ b/src/lib/libssl/src/crypto/asn1/a_digest.c | |||
| @@ -72,7 +72,7 @@ | |||
| 72 | 72 | ||
| 73 | #ifndef NO_ASN1_OLD | 73 | #ifndef NO_ASN1_OLD |
| 74 | 74 | ||
| 75 | int ASN1_digest(int (*i2d)(), const EVP_MD *type, char *data, | 75 | int ASN1_digest(i2d_of_void *i2d, const EVP_MD *type, char *data, |
| 76 | unsigned char *md, unsigned int *len) | 76 | unsigned char *md, unsigned int *len) |
| 77 | { | 77 | { |
| 78 | int i; | 78 | int i; |
diff --git a/src/lib/libssl/src/crypto/asn1/a_dup.c b/src/lib/libssl/src/crypto/asn1/a_dup.c index 58a017884c..199d50f521 100644 --- a/src/lib/libssl/src/crypto/asn1/a_dup.c +++ b/src/lib/libssl/src/crypto/asn1/a_dup.c | |||
| @@ -62,22 +62,23 @@ | |||
| 62 | 62 | ||
| 63 | #ifndef NO_OLD_ASN1 | 63 | #ifndef NO_OLD_ASN1 |
| 64 | 64 | ||
| 65 | char *ASN1_dup(int (*i2d)(), char *(*d2i)(), char *x) | 65 | void *ASN1_dup(i2d_of_void *i2d, d2i_of_void *d2i, char *x) |
| 66 | { | 66 | { |
| 67 | unsigned char *b,*p; | 67 | unsigned char *b,*p; |
| 68 | long i; | 68 | const unsigned char *p2; |
| 69 | int i; | ||
| 69 | char *ret; | 70 | char *ret; |
| 70 | 71 | ||
| 71 | if (x == NULL) return(NULL); | 72 | if (x == NULL) return(NULL); |
| 72 | 73 | ||
| 73 | i=(long)i2d(x,NULL); | 74 | i=i2d(x,NULL); |
| 74 | b=(unsigned char *)OPENSSL_malloc((unsigned int)i+10); | 75 | b=OPENSSL_malloc(i+10); |
| 75 | if (b == NULL) | 76 | if (b == NULL) |
| 76 | { ASN1err(ASN1_F_ASN1_DUP,ERR_R_MALLOC_FAILURE); return(NULL); } | 77 | { ASN1err(ASN1_F_ASN1_DUP,ERR_R_MALLOC_FAILURE); return(NULL); } |
| 77 | p= b; | 78 | p= b; |
| 78 | i=i2d(x,&p); | 79 | i=i2d(x,&p); |
| 79 | p= b; | 80 | p2= b; |
| 80 | ret=d2i(NULL,&p,i); | 81 | ret=d2i(NULL,&p2,i); |
| 81 | OPENSSL_free(b); | 82 | OPENSSL_free(b); |
| 82 | return(ret); | 83 | return(ret); |
| 83 | } | 84 | } |
| @@ -91,7 +92,8 @@ char *ASN1_dup(int (*i2d)(), char *(*d2i)(), char *x) | |||
| 91 | 92 | ||
| 92 | void *ASN1_item_dup(const ASN1_ITEM *it, void *x) | 93 | void *ASN1_item_dup(const ASN1_ITEM *it, void *x) |
| 93 | { | 94 | { |
| 94 | unsigned char *b = NULL, *p; | 95 | unsigned char *b = NULL; |
| 96 | const unsigned char *p; | ||
| 95 | long i; | 97 | long i; |
| 96 | void *ret; | 98 | void *ret; |
| 97 | 99 | ||
| @@ -99,7 +101,7 @@ void *ASN1_item_dup(const ASN1_ITEM *it, void *x) | |||
| 99 | 101 | ||
| 100 | i=ASN1_item_i2d(x,&b,it); | 102 | i=ASN1_item_i2d(x,&b,it); |
| 101 | if (b == NULL) | 103 | if (b == NULL) |
| 102 | { ASN1err(ASN1_F_ASN1_DUP,ERR_R_MALLOC_FAILURE); return(NULL); } | 104 | { ASN1err(ASN1_F_ASN1_ITEM_DUP,ERR_R_MALLOC_FAILURE); return(NULL); } |
| 103 | p= b; | 105 | p= b; |
| 104 | ret=ASN1_item_d2i(NULL,&p,i, it); | 106 | ret=ASN1_item_d2i(NULL,&p,i, it); |
| 105 | OPENSSL_free(b); | 107 | OPENSSL_free(b); |
diff --git a/src/lib/libssl/src/crypto/asn1/a_enum.c b/src/lib/libssl/src/crypto/asn1/a_enum.c index 03ede68d1c..fe9aa13b9c 100644 --- a/src/lib/libssl/src/crypto/asn1/a_enum.c +++ b/src/lib/libssl/src/crypto/asn1/a_enum.c | |||
| @@ -59,6 +59,7 @@ | |||
| 59 | #include <stdio.h> | 59 | #include <stdio.h> |
| 60 | #include "cryptlib.h" | 60 | #include "cryptlib.h" |
| 61 | #include <openssl/asn1.h> | 61 | #include <openssl/asn1.h> |
| 62 | #include <openssl/bn.h> | ||
| 62 | 63 | ||
| 63 | /* | 64 | /* |
| 64 | * Code for ENUMERATED type: identical to INTEGER apart from a different tag. | 65 | * Code for ENUMERATED type: identical to INTEGER apart from a different tag. |
| @@ -67,12 +68,13 @@ | |||
| 67 | 68 | ||
| 68 | int ASN1_ENUMERATED_set(ASN1_ENUMERATED *a, long v) | 69 | int ASN1_ENUMERATED_set(ASN1_ENUMERATED *a, long v) |
| 69 | { | 70 | { |
| 70 | int i,j,k; | 71 | int j,k; |
| 72 | unsigned int i; | ||
| 71 | unsigned char buf[sizeof(long)+1]; | 73 | unsigned char buf[sizeof(long)+1]; |
| 72 | long d; | 74 | long d; |
| 73 | 75 | ||
| 74 | a->type=V_ASN1_ENUMERATED; | 76 | a->type=V_ASN1_ENUMERATED; |
| 75 | if (a->length < (sizeof(long)+1)) | 77 | if (a->length < (int)(sizeof(long)+1)) |
| 76 | { | 78 | { |
| 77 | if (a->data != NULL) | 79 | if (a->data != NULL) |
| 78 | OPENSSL_free(a->data); | 80 | OPENSSL_free(a->data); |
| @@ -116,7 +118,7 @@ long ASN1_ENUMERATED_get(ASN1_ENUMERATED *a) | |||
| 116 | else if (i != V_ASN1_ENUMERATED) | 118 | else if (i != V_ASN1_ENUMERATED) |
| 117 | return -1; | 119 | return -1; |
| 118 | 120 | ||
| 119 | if (a->length > sizeof(long)) | 121 | if (a->length > (int)sizeof(long)) |
| 120 | { | 122 | { |
| 121 | /* hmm... a bit ugly */ | 123 | /* hmm... a bit ugly */ |
| 122 | return(0xffffffffL); | 124 | return(0xffffffffL); |
| @@ -147,7 +149,7 @@ ASN1_ENUMERATED *BN_to_ASN1_ENUMERATED(BIGNUM *bn, ASN1_ENUMERATED *ai) | |||
| 147 | ASN1err(ASN1_F_BN_TO_ASN1_ENUMERATED,ERR_R_NESTED_ASN1_ERROR); | 149 | ASN1err(ASN1_F_BN_TO_ASN1_ENUMERATED,ERR_R_NESTED_ASN1_ERROR); |
| 148 | goto err; | 150 | goto err; |
| 149 | } | 151 | } |
| 150 | if(bn->neg) ret->type = V_ASN1_NEG_ENUMERATED; | 152 | if(BN_is_negative(bn)) ret->type = V_ASN1_NEG_ENUMERATED; |
| 151 | else ret->type=V_ASN1_ENUMERATED; | 153 | else ret->type=V_ASN1_ENUMERATED; |
| 152 | j=BN_num_bits(bn); | 154 | j=BN_num_bits(bn); |
| 153 | len=((j == 0)?0:((j/8)+1)); | 155 | len=((j == 0)?0:((j/8)+1)); |
| @@ -175,6 +177,6 @@ BIGNUM *ASN1_ENUMERATED_to_BN(ASN1_ENUMERATED *ai, BIGNUM *bn) | |||
| 175 | 177 | ||
| 176 | if ((ret=BN_bin2bn(ai->data,ai->length,bn)) == NULL) | 178 | if ((ret=BN_bin2bn(ai->data,ai->length,bn)) == NULL) |
| 177 | ASN1err(ASN1_F_ASN1_ENUMERATED_TO_BN,ASN1_R_BN_LIB); | 179 | ASN1err(ASN1_F_ASN1_ENUMERATED_TO_BN,ASN1_R_BN_LIB); |
| 178 | else if(ai->type == V_ASN1_NEG_ENUMERATED) ret->neg = 1; | 180 | else if(ai->type == V_ASN1_NEG_ENUMERATED) BN_set_negative(ret,1); |
| 179 | return(ret); | 181 | return(ret); |
| 180 | } | 182 | } |
diff --git a/src/lib/libssl/src/crypto/asn1/a_gentm.c b/src/lib/libssl/src/crypto/asn1/a_gentm.c index 0dfd576211..def79062a5 100644 --- a/src/lib/libssl/src/crypto/asn1/a_gentm.c +++ b/src/lib/libssl/src/crypto/asn1/a_gentm.c | |||
| @@ -181,7 +181,7 @@ err: | |||
| 181 | return(0); | 181 | return(0); |
| 182 | } | 182 | } |
| 183 | 183 | ||
| 184 | int ASN1_GENERALIZEDTIME_set_string(ASN1_GENERALIZEDTIME *s, char *str) | 184 | int ASN1_GENERALIZEDTIME_set_string(ASN1_GENERALIZEDTIME *s, const char *str) |
| 185 | { | 185 | { |
| 186 | ASN1_GENERALIZEDTIME t; | 186 | ASN1_GENERALIZEDTIME t; |
| 187 | 187 | ||
diff --git a/src/lib/libssl/src/crypto/asn1/a_hdr.c b/src/lib/libssl/src/crypto/asn1/a_hdr.c index b1aad81f77..d1c2a7b9e3 100644 --- a/src/lib/libssl/src/crypto/asn1/a_hdr.c +++ b/src/lib/libssl/src/crypto/asn1/a_hdr.c | |||
| @@ -76,17 +76,17 @@ int i2d_ASN1_HEADER(ASN1_HEADER *a, unsigned char **pp) | |||
| 76 | M_ASN1_I2D_finish(); | 76 | M_ASN1_I2D_finish(); |
| 77 | } | 77 | } |
| 78 | 78 | ||
| 79 | ASN1_HEADER *d2i_ASN1_HEADER(ASN1_HEADER **a, unsigned char **pp, | 79 | ASN1_HEADER *d2i_ASN1_HEADER(ASN1_HEADER **a, const unsigned char **pp, |
| 80 | long length) | 80 | long length) |
| 81 | { | 81 | { |
| 82 | M_ASN1_D2I_vars(a,ASN1_HEADER *,ASN1_HEADER_new); | 82 | M_ASN1_D2I_vars(a,ASN1_HEADER *,ASN1_HEADER_new); |
| 83 | 83 | ||
| 84 | M_ASN1_D2I_Init(); | 84 | M_ASN1_D2I_Init(); |
| 85 | M_ASN1_D2I_start_sequence(); | 85 | M_ASN1_D2I_start_sequence(); |
| 86 | M_ASN1_D2I_get(ret->header,d2i_ASN1_OCTET_STRING); | 86 | M_ASN1_D2I_get_x(ASN1_OCTET_STRING,ret->header,d2i_ASN1_OCTET_STRING); |
| 87 | if (ret->meth != NULL) | 87 | if (ret->meth != NULL) |
| 88 | { | 88 | { |
| 89 | M_ASN1_D2I_get(ret->data,ret->meth->d2i); | 89 | M_ASN1_D2I_get_x(void,ret->data,ret->meth->d2i); |
| 90 | } | 90 | } |
| 91 | else | 91 | else |
| 92 | { | 92 | { |
diff --git a/src/lib/libssl/src/crypto/asn1/a_i2d_fp.c b/src/lib/libssl/src/crypto/asn1/a_i2d_fp.c index f4f1b73ebe..a3ad76d356 100644 --- a/src/lib/libssl/src/crypto/asn1/a_i2d_fp.c +++ b/src/lib/libssl/src/crypto/asn1/a_i2d_fp.c | |||
| @@ -64,7 +64,7 @@ | |||
| 64 | #ifndef NO_OLD_ASN1 | 64 | #ifndef NO_OLD_ASN1 |
| 65 | 65 | ||
| 66 | #ifndef OPENSSL_NO_FP_API | 66 | #ifndef OPENSSL_NO_FP_API |
| 67 | int ASN1_i2d_fp(int (*i2d)(), FILE *out, unsigned char *x) | 67 | int ASN1_i2d_fp(i2d_of_void *i2d, FILE *out, void *x) |
| 68 | { | 68 | { |
| 69 | BIO *b; | 69 | BIO *b; |
| 70 | int ret; | 70 | int ret; |
| @@ -81,7 +81,7 @@ int ASN1_i2d_fp(int (*i2d)(), FILE *out, unsigned char *x) | |||
| 81 | } | 81 | } |
| 82 | #endif | 82 | #endif |
| 83 | 83 | ||
| 84 | int ASN1_i2d_bio(int (*i2d)(), BIO *out, unsigned char *x) | 84 | int ASN1_i2d_bio(i2d_of_void *i2d, BIO *out, unsigned char *x) |
| 85 | { | 85 | { |
| 86 | char *b; | 86 | char *b; |
| 87 | unsigned char *p; | 87 | unsigned char *p; |
| @@ -124,7 +124,7 @@ int ASN1_item_i2d_fp(const ASN1_ITEM *it, FILE *out, void *x) | |||
| 124 | 124 | ||
| 125 | if ((b=BIO_new(BIO_s_file())) == NULL) | 125 | if ((b=BIO_new(BIO_s_file())) == NULL) |
| 126 | { | 126 | { |
| 127 | ASN1err(ASN1_F_ASN1_I2D_FP,ERR_R_BUF_LIB); | 127 | ASN1err(ASN1_F_ASN1_ITEM_I2D_FP,ERR_R_BUF_LIB); |
| 128 | return(0); | 128 | return(0); |
| 129 | } | 129 | } |
| 130 | BIO_set_fp(b,out,BIO_NOCLOSE); | 130 | BIO_set_fp(b,out,BIO_NOCLOSE); |
| @@ -142,7 +142,7 @@ int ASN1_item_i2d_bio(const ASN1_ITEM *it, BIO *out, void *x) | |||
| 142 | n = ASN1_item_i2d(x, &b, it); | 142 | n = ASN1_item_i2d(x, &b, it); |
| 143 | if (b == NULL) | 143 | if (b == NULL) |
| 144 | { | 144 | { |
| 145 | ASN1err(ASN1_F_ASN1_I2D_BIO,ERR_R_MALLOC_FAILURE); | 145 | ASN1err(ASN1_F_ASN1_ITEM_I2D_BIO,ERR_R_MALLOC_FAILURE); |
| 146 | return(0); | 146 | return(0); |
| 147 | } | 147 | } |
| 148 | 148 | ||
diff --git a/src/lib/libssl/src/crypto/asn1/a_int.c b/src/lib/libssl/src/crypto/asn1/a_int.c index 21cc64bb23..f8d198efb1 100644 --- a/src/lib/libssl/src/crypto/asn1/a_int.c +++ b/src/lib/libssl/src/crypto/asn1/a_int.c | |||
| @@ -59,6 +59,7 @@ | |||
| 59 | #include <stdio.h> | 59 | #include <stdio.h> |
| 60 | #include "cryptlib.h" | 60 | #include "cryptlib.h" |
| 61 | #include <openssl/asn1.h> | 61 | #include <openssl/asn1.h> |
| 62 | #include <openssl/bn.h> | ||
| 62 | 63 | ||
| 63 | ASN1_INTEGER *ASN1_INTEGER_dup(ASN1_INTEGER *x) | 64 | ASN1_INTEGER *ASN1_INTEGER_dup(ASN1_INTEGER *x) |
| 64 | { return M_ASN1_INTEGER_dup(x);} | 65 | { return M_ASN1_INTEGER_dup(x);} |
| @@ -174,11 +175,12 @@ int i2c_ASN1_INTEGER(ASN1_INTEGER *a, unsigned char **pp) | |||
| 174 | 175 | ||
| 175 | /* Convert just ASN1 INTEGER content octets to ASN1_INTEGER structure */ | 176 | /* Convert just ASN1 INTEGER content octets to ASN1_INTEGER structure */ |
| 176 | 177 | ||
| 177 | ASN1_INTEGER *c2i_ASN1_INTEGER(ASN1_INTEGER **a, unsigned char **pp, | 178 | ASN1_INTEGER *c2i_ASN1_INTEGER(ASN1_INTEGER **a, const unsigned char **pp, |
| 178 | long len) | 179 | long len) |
| 179 | { | 180 | { |
| 180 | ASN1_INTEGER *ret=NULL; | 181 | ASN1_INTEGER *ret=NULL; |
| 181 | unsigned char *p,*to,*s, *pend; | 182 | const unsigned char *p, *pend; |
| 183 | unsigned char *to,*s; | ||
| 182 | int i; | 184 | int i; |
| 183 | 185 | ||
| 184 | if ((a == NULL) || ((*a) == NULL)) | 186 | if ((a == NULL) || ((*a) == NULL)) |
| @@ -254,7 +256,7 @@ ASN1_INTEGER *c2i_ASN1_INTEGER(ASN1_INTEGER **a, unsigned char **pp, | |||
| 254 | *pp=pend; | 256 | *pp=pend; |
| 255 | return(ret); | 257 | return(ret); |
| 256 | err: | 258 | err: |
| 257 | ASN1err(ASN1_F_D2I_ASN1_INTEGER,i); | 259 | ASN1err(ASN1_F_C2I_ASN1_INTEGER,i); |
| 258 | if ((ret != NULL) && ((a == NULL) || (*a != ret))) | 260 | if ((ret != NULL) && ((a == NULL) || (*a != ret))) |
| 259 | M_ASN1_INTEGER_free(ret); | 261 | M_ASN1_INTEGER_free(ret); |
| 260 | return(NULL); | 262 | return(NULL); |
| @@ -266,11 +268,12 @@ err: | |||
| 266 | * with its MSB set as negative (it doesn't add a padding zero). | 268 | * with its MSB set as negative (it doesn't add a padding zero). |
| 267 | */ | 269 | */ |
| 268 | 270 | ||
| 269 | ASN1_INTEGER *d2i_ASN1_UINTEGER(ASN1_INTEGER **a, unsigned char **pp, | 271 | ASN1_INTEGER *d2i_ASN1_UINTEGER(ASN1_INTEGER **a, const unsigned char **pp, |
| 270 | long length) | 272 | long length) |
| 271 | { | 273 | { |
| 272 | ASN1_INTEGER *ret=NULL; | 274 | ASN1_INTEGER *ret=NULL; |
| 273 | unsigned char *p,*to,*s; | 275 | const unsigned char *p; |
| 276 | unsigned char *to,*s; | ||
| 274 | long len; | 277 | long len; |
| 275 | int inf,tag,xclass; | 278 | int inf,tag,xclass; |
| 276 | int i; | 279 | int i; |
| @@ -332,12 +335,13 @@ err: | |||
| 332 | 335 | ||
| 333 | int ASN1_INTEGER_set(ASN1_INTEGER *a, long v) | 336 | int ASN1_INTEGER_set(ASN1_INTEGER *a, long v) |
| 334 | { | 337 | { |
| 335 | int i,j,k; | 338 | int j,k; |
| 339 | unsigned int i; | ||
| 336 | unsigned char buf[sizeof(long)+1]; | 340 | unsigned char buf[sizeof(long)+1]; |
| 337 | long d; | 341 | long d; |
| 338 | 342 | ||
| 339 | a->type=V_ASN1_INTEGER; | 343 | a->type=V_ASN1_INTEGER; |
| 340 | if (a->length < (sizeof(long)+1)) | 344 | if (a->length < (int)(sizeof(long)+1)) |
| 341 | { | 345 | { |
| 342 | if (a->data != NULL) | 346 | if (a->data != NULL) |
| 343 | OPENSSL_free(a->data); | 347 | OPENSSL_free(a->data); |
| @@ -381,7 +385,7 @@ long ASN1_INTEGER_get(ASN1_INTEGER *a) | |||
| 381 | else if (i != V_ASN1_INTEGER) | 385 | else if (i != V_ASN1_INTEGER) |
| 382 | return -1; | 386 | return -1; |
| 383 | 387 | ||
| 384 | if (a->length > sizeof(long)) | 388 | if (a->length > (int)sizeof(long)) |
| 385 | { | 389 | { |
| 386 | /* hmm... a bit ugly */ | 390 | /* hmm... a bit ugly */ |
| 387 | return(0xffffffffL); | 391 | return(0xffffffffL); |
| @@ -412,7 +416,8 @@ ASN1_INTEGER *BN_to_ASN1_INTEGER(BIGNUM *bn, ASN1_INTEGER *ai) | |||
| 412 | ASN1err(ASN1_F_BN_TO_ASN1_INTEGER,ERR_R_NESTED_ASN1_ERROR); | 416 | ASN1err(ASN1_F_BN_TO_ASN1_INTEGER,ERR_R_NESTED_ASN1_ERROR); |
| 413 | goto err; | 417 | goto err; |
| 414 | } | 418 | } |
| 415 | if(bn->neg) ret->type = V_ASN1_NEG_INTEGER; | 419 | if (BN_is_negative(bn)) |
| 420 | ret->type = V_ASN1_NEG_INTEGER; | ||
| 416 | else ret->type=V_ASN1_INTEGER; | 421 | else ret->type=V_ASN1_INTEGER; |
| 417 | j=BN_num_bits(bn); | 422 | j=BN_num_bits(bn); |
| 418 | len=((j == 0)?0:((j/8)+1)); | 423 | len=((j == 0)?0:((j/8)+1)); |
| @@ -445,7 +450,8 @@ BIGNUM *ASN1_INTEGER_to_BN(ASN1_INTEGER *ai, BIGNUM *bn) | |||
| 445 | 450 | ||
| 446 | if ((ret=BN_bin2bn(ai->data,ai->length,bn)) == NULL) | 451 | if ((ret=BN_bin2bn(ai->data,ai->length,bn)) == NULL) |
| 447 | ASN1err(ASN1_F_ASN1_INTEGER_TO_BN,ASN1_R_BN_LIB); | 452 | ASN1err(ASN1_F_ASN1_INTEGER_TO_BN,ASN1_R_BN_LIB); |
| 448 | else if(ai->type == V_ASN1_NEG_INTEGER) ret->neg = 1; | 453 | else if(ai->type == V_ASN1_NEG_INTEGER) |
| 454 | BN_set_negative(ret, 1); | ||
| 449 | return(ret); | 455 | return(ret); |
| 450 | } | 456 | } |
| 451 | 457 | ||
diff --git a/src/lib/libssl/src/crypto/asn1/a_mbstr.c b/src/lib/libssl/src/crypto/asn1/a_mbstr.c index 208b3ec395..2d4800a22a 100644 --- a/src/lib/libssl/src/crypto/asn1/a_mbstr.c +++ b/src/lib/libssl/src/crypto/asn1/a_mbstr.c | |||
| @@ -107,7 +107,7 @@ int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len, | |||
| 107 | 107 | ||
| 108 | case MBSTRING_BMP: | 108 | case MBSTRING_BMP: |
| 109 | if(len & 1) { | 109 | if(len & 1) { |
| 110 | ASN1err(ASN1_F_ASN1_MBSTRING_COPY, | 110 | ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, |
| 111 | ASN1_R_INVALID_BMPSTRING_LENGTH); | 111 | ASN1_R_INVALID_BMPSTRING_LENGTH); |
| 112 | return -1; | 112 | return -1; |
| 113 | } | 113 | } |
| @@ -116,7 +116,7 @@ int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len, | |||
| 116 | 116 | ||
| 117 | case MBSTRING_UNIV: | 117 | case MBSTRING_UNIV: |
| 118 | if(len & 3) { | 118 | if(len & 3) { |
| 119 | ASN1err(ASN1_F_ASN1_MBSTRING_COPY, | 119 | ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, |
| 120 | ASN1_R_INVALID_UNIVERSALSTRING_LENGTH); | 120 | ASN1_R_INVALID_UNIVERSALSTRING_LENGTH); |
| 121 | return -1; | 121 | return -1; |
| 122 | } | 122 | } |
| @@ -128,7 +128,7 @@ int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len, | |||
| 128 | /* This counts the characters and does utf8 syntax checking */ | 128 | /* This counts the characters and does utf8 syntax checking */ |
| 129 | ret = traverse_string(in, len, MBSTRING_UTF8, in_utf8, &nchar); | 129 | ret = traverse_string(in, len, MBSTRING_UTF8, in_utf8, &nchar); |
| 130 | if(ret < 0) { | 130 | if(ret < 0) { |
| 131 | ASN1err(ASN1_F_ASN1_MBSTRING_COPY, | 131 | ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, |
| 132 | ASN1_R_INVALID_UTF8STRING); | 132 | ASN1_R_INVALID_UTF8STRING); |
| 133 | return -1; | 133 | return -1; |
| 134 | } | 134 | } |
| @@ -139,19 +139,19 @@ int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len, | |||
| 139 | break; | 139 | break; |
| 140 | 140 | ||
| 141 | default: | 141 | default: |
| 142 | ASN1err(ASN1_F_ASN1_MBSTRING_COPY, ASN1_R_UNKNOWN_FORMAT); | 142 | ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ASN1_R_UNKNOWN_FORMAT); |
| 143 | return -1; | 143 | return -1; |
| 144 | } | 144 | } |
| 145 | 145 | ||
| 146 | if((minsize > 0) && (nchar < minsize)) { | 146 | if((minsize > 0) && (nchar < minsize)) { |
| 147 | ASN1err(ASN1_F_ASN1_MBSTRING_COPY, ASN1_R_STRING_TOO_SHORT); | 147 | ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ASN1_R_STRING_TOO_SHORT); |
| 148 | BIO_snprintf(strbuf, sizeof strbuf, "%ld", minsize); | 148 | BIO_snprintf(strbuf, sizeof strbuf, "%ld", minsize); |
| 149 | ERR_add_error_data(2, "minsize=", strbuf); | 149 | ERR_add_error_data(2, "minsize=", strbuf); |
| 150 | return -1; | 150 | return -1; |
| 151 | } | 151 | } |
| 152 | 152 | ||
| 153 | if((maxsize > 0) && (nchar > maxsize)) { | 153 | if((maxsize > 0) && (nchar > maxsize)) { |
| 154 | ASN1err(ASN1_F_ASN1_MBSTRING_COPY, ASN1_R_STRING_TOO_LONG); | 154 | ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ASN1_R_STRING_TOO_LONG); |
| 155 | BIO_snprintf(strbuf, sizeof strbuf, "%ld", maxsize); | 155 | BIO_snprintf(strbuf, sizeof strbuf, "%ld", maxsize); |
| 156 | ERR_add_error_data(2, "maxsize=", strbuf); | 156 | ERR_add_error_data(2, "maxsize=", strbuf); |
| 157 | return -1; | 157 | return -1; |
| @@ -159,7 +159,7 @@ int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len, | |||
| 159 | 159 | ||
| 160 | /* Now work out minimal type (if any) */ | 160 | /* Now work out minimal type (if any) */ |
| 161 | if(traverse_string(in, len, inform, type_str, &mask) < 0) { | 161 | if(traverse_string(in, len, inform, type_str, &mask) < 0) { |
| 162 | ASN1err(ASN1_F_ASN1_MBSTRING_COPY, ASN1_R_ILLEGAL_CHARACTERS); | 162 | ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ASN1_R_ILLEGAL_CHARACTERS); |
| 163 | return -1; | 163 | return -1; |
| 164 | } | 164 | } |
| 165 | 165 | ||
| @@ -193,7 +193,7 @@ int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len, | |||
| 193 | free_out = 1; | 193 | free_out = 1; |
| 194 | dest = ASN1_STRING_type_new(str_type); | 194 | dest = ASN1_STRING_type_new(str_type); |
| 195 | if(!dest) { | 195 | if(!dest) { |
| 196 | ASN1err(ASN1_F_ASN1_MBSTRING_COPY, | 196 | ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, |
| 197 | ERR_R_MALLOC_FAILURE); | 197 | ERR_R_MALLOC_FAILURE); |
| 198 | return -1; | 198 | return -1; |
| 199 | } | 199 | } |
| @@ -202,7 +202,7 @@ int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len, | |||
| 202 | /* If both the same type just copy across */ | 202 | /* If both the same type just copy across */ |
| 203 | if(inform == outform) { | 203 | if(inform == outform) { |
| 204 | if(!ASN1_STRING_set(dest, in, len)) { | 204 | if(!ASN1_STRING_set(dest, in, len)) { |
| 205 | ASN1err(ASN1_F_ASN1_MBSTRING_COPY,ERR_R_MALLOC_FAILURE); | 205 | ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY,ERR_R_MALLOC_FAILURE); |
| 206 | return -1; | 206 | return -1; |
| 207 | } | 207 | } |
| 208 | return str_type; | 208 | return str_type; |
| @@ -233,7 +233,7 @@ int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len, | |||
| 233 | } | 233 | } |
| 234 | if(!(p = OPENSSL_malloc(outlen + 1))) { | 234 | if(!(p = OPENSSL_malloc(outlen + 1))) { |
| 235 | if(free_out) ASN1_STRING_free(dest); | 235 | if(free_out) ASN1_STRING_free(dest); |
| 236 | ASN1err(ASN1_F_ASN1_MBSTRING_COPY,ERR_R_MALLOC_FAILURE); | 236 | ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY,ERR_R_MALLOC_FAILURE); |
| 237 | return -1; | 237 | return -1; |
| 238 | } | 238 | } |
| 239 | dest->length = outlen; | 239 | dest->length = outlen; |
diff --git a/src/lib/libssl/src/crypto/asn1/a_meth.c b/src/lib/libssl/src/crypto/asn1/a_meth.c index 63158e9cab..50bea917e3 100644 --- a/src/lib/libssl/src/crypto/asn1/a_meth.c +++ b/src/lib/libssl/src/crypto/asn1/a_meth.c | |||
| @@ -62,16 +62,16 @@ | |||
| 62 | #include <openssl/asn1.h> | 62 | #include <openssl/asn1.h> |
| 63 | 63 | ||
| 64 | static ASN1_METHOD ia5string_meth={ | 64 | static ASN1_METHOD ia5string_meth={ |
| 65 | (int (*)()) i2d_ASN1_IA5STRING, | 65 | (I2D_OF(void)) i2d_ASN1_IA5STRING, |
| 66 | (char *(*)()) d2i_ASN1_IA5STRING, | 66 | (D2I_OF(void)) d2i_ASN1_IA5STRING, |
| 67 | (char *(*)()) ASN1_STRING_new, | 67 | (void *(*)(void))ASN1_STRING_new, |
| 68 | (void (*)()) ASN1_STRING_free}; | 68 | (void (*)(void *))ASN1_STRING_free}; |
| 69 | 69 | ||
| 70 | static ASN1_METHOD bit_string_meth={ | 70 | static ASN1_METHOD bit_string_meth={ |
| 71 | (int (*)()) i2d_ASN1_BIT_STRING, | 71 | (I2D_OF(void)) i2d_ASN1_BIT_STRING, |
| 72 | (char *(*)()) d2i_ASN1_BIT_STRING, | 72 | (D2I_OF(void)) d2i_ASN1_BIT_STRING, |
| 73 | (char *(*)()) ASN1_STRING_new, | 73 | (void *(*)(void))ASN1_STRING_new, |
| 74 | (void (*)()) ASN1_STRING_free}; | 74 | (void (*)(void *))ASN1_STRING_free}; |
| 75 | 75 | ||
| 76 | ASN1_METHOD *ASN1_IA5STRING_asn1_meth(void) | 76 | ASN1_METHOD *ASN1_IA5STRING_asn1_meth(void) |
| 77 | { | 77 | { |
diff --git a/src/lib/libssl/src/crypto/asn1/a_object.c b/src/lib/libssl/src/crypto/asn1/a_object.c index 0a8e6c287c..dc980421d0 100644 --- a/src/lib/libssl/src/crypto/asn1/a_object.c +++ b/src/lib/libssl/src/crypto/asn1/a_object.c | |||
| @@ -57,10 +57,12 @@ | |||
| 57 | */ | 57 | */ |
| 58 | 58 | ||
| 59 | #include <stdio.h> | 59 | #include <stdio.h> |
| 60 | #include <limits.h> | ||
| 60 | #include "cryptlib.h" | 61 | #include "cryptlib.h" |
| 61 | #include <openssl/buffer.h> | 62 | #include <openssl/buffer.h> |
| 62 | #include <openssl/asn1.h> | 63 | #include <openssl/asn1.h> |
| 63 | #include <openssl/objects.h> | 64 | #include <openssl/objects.h> |
| 65 | #include <openssl/bn.h> | ||
| 64 | 66 | ||
| 65 | int i2d_ASN1_OBJECT(ASN1_OBJECT *a, unsigned char **pp) | 67 | int i2d_ASN1_OBJECT(ASN1_OBJECT *a, unsigned char **pp) |
| 66 | { | 68 | { |
| @@ -83,10 +85,12 @@ int i2d_ASN1_OBJECT(ASN1_OBJECT *a, unsigned char **pp) | |||
| 83 | 85 | ||
| 84 | int a2d_ASN1_OBJECT(unsigned char *out, int olen, const char *buf, int num) | 86 | int a2d_ASN1_OBJECT(unsigned char *out, int olen, const char *buf, int num) |
| 85 | { | 87 | { |
| 86 | int i,first,len=0,c; | 88 | int i,first,len=0,c, use_bn; |
| 87 | char tmp[24]; | 89 | char ftmp[24], *tmp = ftmp; |
| 90 | int tmpsize = sizeof ftmp; | ||
| 88 | const char *p; | 91 | const char *p; |
| 89 | unsigned long l; | 92 | unsigned long l; |
| 93 | BIGNUM *bl = NULL; | ||
| 90 | 94 | ||
| 91 | if (num == 0) | 95 | if (num == 0) |
| 92 | return(0); | 96 | return(0); |
| @@ -98,7 +102,7 @@ int a2d_ASN1_OBJECT(unsigned char *out, int olen, const char *buf, int num) | |||
| 98 | num--; | 102 | num--; |
| 99 | if ((c >= '0') && (c <= '2')) | 103 | if ((c >= '0') && (c <= '2')) |
| 100 | { | 104 | { |
| 101 | first=(c-'0')*40; | 105 | first= c-'0'; |
| 102 | } | 106 | } |
| 103 | else | 107 | else |
| 104 | { | 108 | { |
| @@ -122,6 +126,7 @@ int a2d_ASN1_OBJECT(unsigned char *out, int olen, const char *buf, int num) | |||
| 122 | goto err; | 126 | goto err; |
| 123 | } | 127 | } |
| 124 | l=0; | 128 | l=0; |
| 129 | use_bn = 0; | ||
| 125 | for (;;) | 130 | for (;;) |
| 126 | { | 131 | { |
| 127 | if (num <= 0) break; | 132 | if (num <= 0) break; |
| @@ -134,7 +139,22 @@ int a2d_ASN1_OBJECT(unsigned char *out, int olen, const char *buf, int num) | |||
| 134 | ASN1err(ASN1_F_A2D_ASN1_OBJECT,ASN1_R_INVALID_DIGIT); | 139 | ASN1err(ASN1_F_A2D_ASN1_OBJECT,ASN1_R_INVALID_DIGIT); |
| 135 | goto err; | 140 | goto err; |
| 136 | } | 141 | } |
| 137 | l=l*10L+(long)(c-'0'); | 142 | if (!use_bn && l > (ULONG_MAX / 10L)) |
| 143 | { | ||
| 144 | use_bn = 1; | ||
| 145 | if (!bl) | ||
| 146 | bl = BN_new(); | ||
| 147 | if (!bl || !BN_set_word(bl, l)) | ||
| 148 | goto err; | ||
| 149 | } | ||
| 150 | if (use_bn) | ||
| 151 | { | ||
| 152 | if (!BN_mul_word(bl, 10L) | ||
| 153 | || !BN_add_word(bl, c-'0')) | ||
| 154 | goto err; | ||
| 155 | } | ||
| 156 | else | ||
| 157 | l=l*10L+(long)(c-'0'); | ||
| 138 | } | 158 | } |
| 139 | if (len == 0) | 159 | if (len == 0) |
| 140 | { | 160 | { |
| @@ -143,14 +163,42 @@ int a2d_ASN1_OBJECT(unsigned char *out, int olen, const char *buf, int num) | |||
| 143 | ASN1err(ASN1_F_A2D_ASN1_OBJECT,ASN1_R_SECOND_NUMBER_TOO_LARGE); | 163 | ASN1err(ASN1_F_A2D_ASN1_OBJECT,ASN1_R_SECOND_NUMBER_TOO_LARGE); |
| 144 | goto err; | 164 | goto err; |
| 145 | } | 165 | } |
| 146 | l+=(long)first; | 166 | if (use_bn) |
| 167 | { | ||
| 168 | if (!BN_add_word(bl, first * 40)) | ||
| 169 | goto err; | ||
| 170 | } | ||
| 171 | else | ||
| 172 | l+=(long)first*40; | ||
| 147 | } | 173 | } |
| 148 | i=0; | 174 | i=0; |
| 149 | for (;;) | 175 | if (use_bn) |
| 176 | { | ||
| 177 | int blsize; | ||
| 178 | blsize = BN_num_bits(bl); | ||
| 179 | blsize = (blsize + 6)/7; | ||
| 180 | if (blsize > tmpsize) | ||
| 181 | { | ||
| 182 | if (tmp != ftmp) | ||
| 183 | OPENSSL_free(tmp); | ||
| 184 | tmpsize = blsize + 32; | ||
| 185 | tmp = OPENSSL_malloc(tmpsize); | ||
| 186 | if (!tmp) | ||
| 187 | goto err; | ||
| 188 | } | ||
| 189 | while(blsize--) | ||
| 190 | tmp[i++] = (unsigned char)BN_div_word(bl, 0x80L); | ||
| 191 | } | ||
| 192 | else | ||
| 150 | { | 193 | { |
| 151 | tmp[i++]=(unsigned char)l&0x7f; | 194 | |
| 152 | l>>=7L; | 195 | for (;;) |
| 153 | if (l == 0L) break; | 196 | { |
| 197 | tmp[i++]=(unsigned char)l&0x7f; | ||
| 198 | l>>=7L; | ||
| 199 | if (l == 0L) break; | ||
| 200 | } | ||
| 201 | |||
| 154 | } | 202 | } |
| 155 | if (out != NULL) | 203 | if (out != NULL) |
| 156 | { | 204 | { |
| @@ -166,8 +214,16 @@ int a2d_ASN1_OBJECT(unsigned char *out, int olen, const char *buf, int num) | |||
| 166 | else | 214 | else |
| 167 | len+=i; | 215 | len+=i; |
| 168 | } | 216 | } |
| 217 | if (tmp != ftmp) | ||
| 218 | OPENSSL_free(tmp); | ||
| 219 | if (bl) | ||
| 220 | BN_free(bl); | ||
| 169 | return(len); | 221 | return(len); |
| 170 | err: | 222 | err: |
| 223 | if (tmp != ftmp) | ||
| 224 | OPENSSL_free(tmp); | ||
| 225 | if (bl) | ||
| 226 | BN_free(bl); | ||
| 171 | return(0); | 227 | return(0); |
| 172 | } | 228 | } |
| 173 | 229 | ||
| @@ -178,21 +234,31 @@ int i2t_ASN1_OBJECT(char *buf, int buf_len, ASN1_OBJECT *a) | |||
| 178 | 234 | ||
| 179 | int i2a_ASN1_OBJECT(BIO *bp, ASN1_OBJECT *a) | 235 | int i2a_ASN1_OBJECT(BIO *bp, ASN1_OBJECT *a) |
| 180 | { | 236 | { |
| 181 | char buf[80]; | 237 | char buf[80], *p = buf; |
| 182 | int i; | 238 | int i; |
| 183 | 239 | ||
| 184 | if ((a == NULL) || (a->data == NULL)) | 240 | if ((a == NULL) || (a->data == NULL)) |
| 185 | return(BIO_write(bp,"NULL",4)); | 241 | return(BIO_write(bp,"NULL",4)); |
| 186 | i=i2t_ASN1_OBJECT(buf,sizeof buf,a); | 242 | i=i2t_ASN1_OBJECT(buf,sizeof buf,a); |
| 187 | if (i > sizeof buf) i=sizeof buf; | 243 | if (i > (int)(sizeof(buf) - 1)) |
| 188 | BIO_write(bp,buf,i); | 244 | { |
| 245 | p = OPENSSL_malloc(i + 1); | ||
| 246 | if (!p) | ||
| 247 | return -1; | ||
| 248 | i2t_ASN1_OBJECT(p,i + 1,a); | ||
| 249 | } | ||
| 250 | if (i <= 0) | ||
| 251 | return BIO_write(bp, "<INVALID>", 9); | ||
| 252 | BIO_write(bp,p,i); | ||
| 253 | if (p != buf) | ||
| 254 | OPENSSL_free(p); | ||
| 189 | return(i); | 255 | return(i); |
| 190 | } | 256 | } |
| 191 | 257 | ||
| 192 | ASN1_OBJECT *d2i_ASN1_OBJECT(ASN1_OBJECT **a, unsigned char **pp, | 258 | ASN1_OBJECT *d2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp, |
| 193 | long length) | 259 | long length) |
| 194 | { | 260 | { |
| 195 | unsigned char *p; | 261 | const unsigned char *p; |
| 196 | long len; | 262 | long len; |
| 197 | int tag,xclass; | 263 | int tag,xclass; |
| 198 | int inf,i; | 264 | int inf,i; |
| @@ -219,11 +285,11 @@ err: | |||
| 219 | ASN1_OBJECT_free(ret); | 285 | ASN1_OBJECT_free(ret); |
| 220 | return(NULL); | 286 | return(NULL); |
| 221 | } | 287 | } |
| 222 | ASN1_OBJECT *c2i_ASN1_OBJECT(ASN1_OBJECT **a, unsigned char **pp, | 288 | ASN1_OBJECT *c2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp, |
| 223 | long len) | 289 | long len) |
| 224 | { | 290 | { |
| 225 | ASN1_OBJECT *ret=NULL; | 291 | ASN1_OBJECT *ret=NULL; |
| 226 | unsigned char *p; | 292 | const unsigned char *p; |
| 227 | int i; | 293 | int i; |
| 228 | 294 | ||
| 229 | /* only the ASN1_OBJECTs from the 'table' will have values | 295 | /* only the ASN1_OBJECTs from the 'table' will have values |
| @@ -255,7 +321,7 @@ ASN1_OBJECT *c2i_ASN1_OBJECT(ASN1_OBJECT **a, unsigned char **pp, | |||
| 255 | *pp=p; | 321 | *pp=p; |
| 256 | return(ret); | 322 | return(ret); |
| 257 | err: | 323 | err: |
| 258 | ASN1err(ASN1_F_D2I_ASN1_OBJECT,i); | 324 | ASN1err(ASN1_F_C2I_ASN1_OBJECT,i); |
| 259 | if ((ret != NULL) && ((a == NULL) || (*a != ret))) | 325 | if ((ret != NULL) && ((a == NULL) || (*a != ret))) |
| 260 | ASN1_OBJECT_free(ret); | 326 | ASN1_OBJECT_free(ret); |
| 261 | return(NULL); | 327 | return(NULL); |
diff --git a/src/lib/libssl/src/crypto/asn1/a_octet.c b/src/lib/libssl/src/crypto/asn1/a_octet.c index 9690bae0f1..24fd0f8e5a 100644 --- a/src/lib/libssl/src/crypto/asn1/a_octet.c +++ b/src/lib/libssl/src/crypto/asn1/a_octet.c | |||
| @@ -66,6 +66,6 @@ ASN1_OCTET_STRING *ASN1_OCTET_STRING_dup(ASN1_OCTET_STRING *x) | |||
| 66 | int ASN1_OCTET_STRING_cmp(ASN1_OCTET_STRING *a, ASN1_OCTET_STRING *b) | 66 | int ASN1_OCTET_STRING_cmp(ASN1_OCTET_STRING *a, ASN1_OCTET_STRING *b) |
| 67 | { return M_ASN1_OCTET_STRING_cmp(a, b); } | 67 | { return M_ASN1_OCTET_STRING_cmp(a, b); } |
| 68 | 68 | ||
| 69 | int ASN1_OCTET_STRING_set(ASN1_OCTET_STRING *x, unsigned char *d, int len) | 69 | int ASN1_OCTET_STRING_set(ASN1_OCTET_STRING *x, const unsigned char *d, int len) |
| 70 | { return M_ASN1_OCTET_STRING_set(x, d, len); } | 70 | { return M_ASN1_OCTET_STRING_set(x, d, len); } |
| 71 | 71 | ||
diff --git a/src/lib/libssl/src/crypto/asn1/a_set.c b/src/lib/libssl/src/crypto/asn1/a_set.c index e24061c545..958558c204 100644 --- a/src/lib/libssl/src/crypto/asn1/a_set.c +++ b/src/lib/libssl/src/crypto/asn1/a_set.c | |||
| @@ -85,8 +85,8 @@ static int SetBlobCmp(const void *elem1, const void *elem2 ) | |||
| 85 | } | 85 | } |
| 86 | 86 | ||
| 87 | /* int is_set: if TRUE, then sort the contents (i.e. it isn't a SEQUENCE) */ | 87 | /* int is_set: if TRUE, then sort the contents (i.e. it isn't a SEQUENCE) */ |
| 88 | int i2d_ASN1_SET(STACK *a, unsigned char **pp, int (*func)(), int ex_tag, | 88 | int i2d_ASN1_SET(STACK *a, unsigned char **pp, i2d_of_void *i2d, int ex_tag, |
| 89 | int ex_class, int is_set) | 89 | int ex_class, int is_set) |
| 90 | { | 90 | { |
| 91 | int ret=0,r; | 91 | int ret=0,r; |
| 92 | int i; | 92 | int i; |
| @@ -97,7 +97,7 @@ int i2d_ASN1_SET(STACK *a, unsigned char **pp, int (*func)(), int ex_tag, | |||
| 97 | 97 | ||
| 98 | if (a == NULL) return(0); | 98 | if (a == NULL) return(0); |
| 99 | for (i=sk_num(a)-1; i>=0; i--) | 99 | for (i=sk_num(a)-1; i>=0; i--) |
| 100 | ret+=func(sk_value(a,i),NULL); | 100 | ret+=i2d(sk_value(a,i),NULL); |
| 101 | r=ASN1_object_size(1,ret,ex_tag); | 101 | r=ASN1_object_size(1,ret,ex_tag); |
| 102 | if (pp == NULL) return(r); | 102 | if (pp == NULL) return(r); |
| 103 | 103 | ||
| @@ -111,7 +111,7 @@ int i2d_ASN1_SET(STACK *a, unsigned char **pp, int (*func)(), int ex_tag, | |||
| 111 | if(!is_set || (sk_num(a) < 2)) | 111 | if(!is_set || (sk_num(a) < 2)) |
| 112 | { | 112 | { |
| 113 | for (i=0; i<sk_num(a); i++) | 113 | for (i=0; i<sk_num(a); i++) |
| 114 | func(sk_value(a,i),&p); | 114 | i2d(sk_value(a,i),&p); |
| 115 | 115 | ||
| 116 | *pp=p; | 116 | *pp=p; |
| 117 | return(r); | 117 | return(r); |
| @@ -129,7 +129,7 @@ int i2d_ASN1_SET(STACK *a, unsigned char **pp, int (*func)(), int ex_tag, | |||
| 129 | for (i=0; i<sk_num(a); i++) | 129 | for (i=0; i<sk_num(a); i++) |
| 130 | { | 130 | { |
| 131 | rgSetBlob[i].pbData = p; /* catch each set encode blob */ | 131 | rgSetBlob[i].pbData = p; /* catch each set encode blob */ |
| 132 | func(sk_value(a,i),&p); | 132 | i2d(sk_value(a,i),&p); |
| 133 | rgSetBlob[i].cbData = p - rgSetBlob[i].pbData; /* Length of this | 133 | rgSetBlob[i].cbData = p - rgSetBlob[i].pbData; /* Length of this |
| 134 | SetBlob | 134 | SetBlob |
| 135 | */ | 135 | */ |
| @@ -162,10 +162,11 @@ SetBlob | |||
| 162 | return(r); | 162 | return(r); |
| 163 | } | 163 | } |
| 164 | 164 | ||
| 165 | STACK *d2i_ASN1_SET(STACK **a, unsigned char **pp, long length, | 165 | STACK *d2i_ASN1_SET(STACK **a, const unsigned char **pp, long length, |
| 166 | char *(*func)(), void (*free_func)(void *), int ex_tag, int ex_class) | 166 | d2i_of_void *d2i, void (*free_func)(void *), int ex_tag, |
| 167 | int ex_class) | ||
| 167 | { | 168 | { |
| 168 | ASN1_CTX c; | 169 | ASN1_const_CTX c; |
| 169 | STACK *ret=NULL; | 170 | STACK *ret=NULL; |
| 170 | 171 | ||
| 171 | if ((a == NULL) || ((*a) == NULL)) | 172 | if ((a == NULL) || ((*a) == NULL)) |
| @@ -210,7 +211,9 @@ STACK *d2i_ASN1_SET(STACK **a, unsigned char **pp, long length, | |||
| 210 | char *s; | 211 | char *s; |
| 211 | 212 | ||
| 212 | if (M_ASN1_D2I_end_sequence()) break; | 213 | if (M_ASN1_D2I_end_sequence()) break; |
| 213 | if ((s=func(NULL,&c.p,c.slen,c.max-c.p)) == NULL) | 214 | /* XXX: This was called with 4 arguments, incorrectly, it seems |
| 215 | if ((s=func(NULL,&c.p,c.slen,c.max-c.p)) == NULL) */ | ||
| 216 | if ((s=d2i(NULL,&c.p,c.slen)) == NULL) | ||
| 214 | { | 217 | { |
| 215 | ASN1err(ASN1_F_D2I_ASN1_SET,ASN1_R_ERROR_PARSING_SET_ELEMENT); | 218 | ASN1err(ASN1_F_D2I_ASN1_SET,ASN1_R_ERROR_PARSING_SET_ELEMENT); |
| 216 | asn1_add_error(*pp,(int)(c.q- *pp)); | 219 | asn1_add_error(*pp,(int)(c.q- *pp)); |
diff --git a/src/lib/libssl/src/crypto/asn1/a_sign.c b/src/lib/libssl/src/crypto/asn1/a_sign.c index 52ce7e3974..1081950518 100644 --- a/src/lib/libssl/src/crypto/asn1/a_sign.c +++ b/src/lib/libssl/src/crypto/asn1/a_sign.c | |||
| @@ -56,7 +56,7 @@ | |||
| 56 | * [including the GNU Public Licence.] | 56 | * [including the GNU Public Licence.] |
| 57 | */ | 57 | */ |
| 58 | /* ==================================================================== | 58 | /* ==================================================================== |
| 59 | * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. | 59 | * Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved. |
| 60 | * | 60 | * |
| 61 | * Redistribution and use in source and binary forms, with or without | 61 | * Redistribution and use in source and binary forms, with or without |
| 62 | * modification, are permitted provided that the following conditions | 62 | * modification, are permitted provided that the following conditions |
| @@ -126,9 +126,9 @@ | |||
| 126 | 126 | ||
| 127 | #ifndef NO_ASN1_OLD | 127 | #ifndef NO_ASN1_OLD |
| 128 | 128 | ||
| 129 | int ASN1_sign(int (*i2d)(), X509_ALGOR *algor1, X509_ALGOR *algor2, | 129 | int ASN1_sign(i2d_of_void *i2d, X509_ALGOR *algor1, X509_ALGOR *algor2, |
| 130 | ASN1_BIT_STRING *signature, char *data, EVP_PKEY *pkey, | 130 | ASN1_BIT_STRING *signature, char *data, EVP_PKEY *pkey, |
| 131 | const EVP_MD *type) | 131 | const EVP_MD *type) |
| 132 | { | 132 | { |
| 133 | EVP_MD_CTX ctx; | 133 | EVP_MD_CTX ctx; |
| 134 | unsigned char *p,*buf_in=NULL,*buf_out=NULL; | 134 | unsigned char *p,*buf_in=NULL,*buf_out=NULL; |
| @@ -229,10 +229,11 @@ int ASN1_item_sign(const ASN1_ITEM *it, X509_ALGOR *algor1, X509_ALGOR *algor2, | |||
| 229 | else | 229 | else |
| 230 | a=algor2; | 230 | a=algor2; |
| 231 | if (a == NULL) continue; | 231 | if (a == NULL) continue; |
| 232 | if (type->pkey_type == NID_dsaWithSHA1) | 232 | if (type->pkey_type == NID_dsaWithSHA1 || |
| 233 | type->pkey_type == NID_ecdsa_with_SHA1) | ||
| 233 | { | 234 | { |
| 234 | /* special case: RFC 2459 tells us to omit 'parameters' | 235 | /* special case: RFC 3279 tells us to omit 'parameters' |
| 235 | * with id-dsa-with-sha1 */ | 236 | * with id-dsa-with-sha1 and ecdsa-with-SHA1 */ |
| 236 | ASN1_TYPE_free(a->parameter); | 237 | ASN1_TYPE_free(a->parameter); |
| 237 | a->parameter = NULL; | 238 | a->parameter = NULL; |
| 238 | } | 239 | } |
| @@ -247,12 +248,12 @@ int ASN1_item_sign(const ASN1_ITEM *it, X509_ALGOR *algor1, X509_ALGOR *algor2, | |||
| 247 | a->algorithm=OBJ_nid2obj(type->pkey_type); | 248 | a->algorithm=OBJ_nid2obj(type->pkey_type); |
| 248 | if (a->algorithm == NULL) | 249 | if (a->algorithm == NULL) |
| 249 | { | 250 | { |
| 250 | ASN1err(ASN1_F_ASN1_SIGN,ASN1_R_UNKNOWN_OBJECT_TYPE); | 251 | ASN1err(ASN1_F_ASN1_ITEM_SIGN,ASN1_R_UNKNOWN_OBJECT_TYPE); |
| 251 | goto err; | 252 | goto err; |
| 252 | } | 253 | } |
| 253 | if (a->algorithm->length == 0) | 254 | if (a->algorithm->length == 0) |
| 254 | { | 255 | { |
| 255 | ASN1err(ASN1_F_ASN1_SIGN,ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD); | 256 | ASN1err(ASN1_F_ASN1_ITEM_SIGN,ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD); |
| 256 | goto err; | 257 | goto err; |
| 257 | } | 258 | } |
| 258 | } | 259 | } |
| @@ -262,7 +263,7 @@ int ASN1_item_sign(const ASN1_ITEM *it, X509_ALGOR *algor1, X509_ALGOR *algor2, | |||
| 262 | if ((buf_in == NULL) || (buf_out == NULL)) | 263 | if ((buf_in == NULL) || (buf_out == NULL)) |
| 263 | { | 264 | { |
| 264 | outl=0; | 265 | outl=0; |
| 265 | ASN1err(ASN1_F_ASN1_SIGN,ERR_R_MALLOC_FAILURE); | 266 | ASN1err(ASN1_F_ASN1_ITEM_SIGN,ERR_R_MALLOC_FAILURE); |
| 266 | goto err; | 267 | goto err; |
| 267 | } | 268 | } |
| 268 | 269 | ||
| @@ -272,7 +273,7 @@ int ASN1_item_sign(const ASN1_ITEM *it, X509_ALGOR *algor1, X509_ALGOR *algor2, | |||
| 272 | (unsigned int *)&outl,pkey)) | 273 | (unsigned int *)&outl,pkey)) |
| 273 | { | 274 | { |
| 274 | outl=0; | 275 | outl=0; |
| 275 | ASN1err(ASN1_F_ASN1_SIGN,ERR_R_EVP_LIB); | 276 | ASN1err(ASN1_F_ASN1_ITEM_SIGN,ERR_R_EVP_LIB); |
| 276 | goto err; | 277 | goto err; |
| 277 | } | 278 | } |
| 278 | if (signature->data != NULL) OPENSSL_free(signature->data); | 279 | if (signature->data != NULL) OPENSSL_free(signature->data); |
diff --git a/src/lib/libssl/src/crypto/asn1/a_strex.c b/src/lib/libssl/src/crypto/asn1/a_strex.c index a07122ba47..c2dbb6f9a5 100644 --- a/src/lib/libssl/src/crypto/asn1/a_strex.c +++ b/src/lib/libssl/src/crypto/asn1/a_strex.c | |||
| @@ -3,7 +3,7 @@ | |||
| 3 | * project 2000. | 3 | * project 2000. |
| 4 | */ | 4 | */ |
| 5 | /* ==================================================================== | 5 | /* ==================================================================== |
| 6 | * Copyright (c) 2000-2004 The OpenSSL Project. All rights reserved. | 6 | * Copyright (c) 2000 The OpenSSL Project. All rights reserved. |
| 7 | * | 7 | * |
| 8 | * Redistribution and use in source and binary forms, with or without | 8 | * Redistribution and use in source and binary forms, with or without |
| 9 | * modification, are permitted provided that the following conditions | 9 | * modification, are permitted provided that the following conditions |
| @@ -58,12 +58,12 @@ | |||
| 58 | 58 | ||
| 59 | #include <stdio.h> | 59 | #include <stdio.h> |
| 60 | #include <string.h> | 60 | #include <string.h> |
| 61 | #include "cryptlib.h" | ||
| 61 | #include <openssl/crypto.h> | 62 | #include <openssl/crypto.h> |
| 62 | #include <openssl/x509.h> | 63 | #include <openssl/x509.h> |
| 63 | #include <openssl/asn1.h> | 64 | #include <openssl/asn1.h> |
| 64 | 65 | ||
| 65 | #include "charmap.h" | 66 | #include "charmap.h" |
| 66 | #include "cryptlib.h" | ||
| 67 | 67 | ||
| 68 | /* ASN1_STRING_print_ex() and X509_NAME_print_ex(). | 68 | /* ASN1_STRING_print_ex() and X509_NAME_print_ex(). |
| 69 | * Enhanced string and name printing routines handling | 69 | * Enhanced string and name printing routines handling |
| @@ -170,7 +170,7 @@ static int do_buf(unsigned char *buf, int buflen, | |||
| 170 | q = buf + buflen; | 170 | q = buf + buflen; |
| 171 | outlen = 0; | 171 | outlen = 0; |
| 172 | while(p != q) { | 172 | while(p != q) { |
| 173 | if(p == buf) orflags = CHARTYPE_FIRST_ESC_2253; | 173 | if(p == buf && flags & ASN1_STRFLGS_ESC_2253) orflags = CHARTYPE_FIRST_ESC_2253; |
| 174 | else orflags = 0; | 174 | else orflags = 0; |
| 175 | switch(type & BUF_TYPE_WIDTH_MASK) { | 175 | switch(type & BUF_TYPE_WIDTH_MASK) { |
| 176 | case 4: | 176 | case 4: |
| @@ -194,8 +194,10 @@ static int do_buf(unsigned char *buf, int buflen, | |||
| 194 | if(i < 0) return -1; /* Invalid UTF8String */ | 194 | if(i < 0) return -1; /* Invalid UTF8String */ |
| 195 | p += i; | 195 | p += i; |
| 196 | break; | 196 | break; |
| 197 | default: | ||
| 198 | return -1; /* invalid width */ | ||
| 197 | } | 199 | } |
| 198 | if (p == q) orflags = CHARTYPE_LAST_ESC_2253; | 200 | if (p == q && flags & ASN1_STRFLGS_ESC_2253) orflags = CHARTYPE_LAST_ESC_2253; |
| 199 | if(type & BUF_TYPE_CONVUTF8) { | 201 | if(type & BUF_TYPE_CONVUTF8) { |
| 200 | unsigned char utfbuf[6]; | 202 | unsigned char utfbuf[6]; |
| 201 | int utflen; | 203 | int utflen; |
| @@ -223,7 +225,7 @@ static int do_buf(unsigned char *buf, int buflen, | |||
| 223 | 225 | ||
| 224 | static int do_hex_dump(char_io *io_ch, void *arg, unsigned char *buf, int buflen) | 226 | static int do_hex_dump(char_io *io_ch, void *arg, unsigned char *buf, int buflen) |
| 225 | { | 227 | { |
| 226 | const static char hexdig[] = "0123456789ABCDEF"; | 228 | static const char hexdig[] = "0123456789ABCDEF"; |
| 227 | unsigned char *p, *q; | 229 | unsigned char *p, *q; |
| 228 | char hextmp[2]; | 230 | char hextmp[2]; |
| 229 | if(arg) { | 231 | if(arg) { |
| @@ -279,7 +281,7 @@ static int do_dump(unsigned long lflags, char_io *io_ch, void *arg, ASN1_STRING | |||
| 279 | * otherwise it is the number of bytes per character | 281 | * otherwise it is the number of bytes per character |
| 280 | */ | 282 | */ |
| 281 | 283 | ||
| 282 | const static signed char tag2nbyte[] = { | 284 | static const signed char tag2nbyte[] = { |
| 283 | -1, -1, -1, -1, -1, /* 0-4 */ | 285 | -1, -1, -1, -1, -1, /* 0-4 */ |
| 284 | -1, -1, -1, -1, -1, /* 5-9 */ | 286 | -1, -1, -1, -1, -1, /* 5-9 */ |
| 285 | -1, -1, 0, -1, /* 10-13 */ | 287 | -1, -1, 0, -1, /* 10-13 */ |
| @@ -356,12 +358,13 @@ static int do_print_ex(char_io *io_ch, void *arg, unsigned long lflags, ASN1_STR | |||
| 356 | } | 358 | } |
| 357 | 359 | ||
| 358 | len = do_buf(str->data, str->length, type, flags, "es, io_ch, NULL); | 360 | len = do_buf(str->data, str->length, type, flags, "es, io_ch, NULL); |
| 359 | if(outlen < 0) return -1; | 361 | if(len < 0) return -1; |
| 360 | outlen += len; | 362 | outlen += len; |
| 361 | if(quotes) outlen += 2; | 363 | if(quotes) outlen += 2; |
| 362 | if(!arg) return outlen; | 364 | if(!arg) return outlen; |
| 363 | if(quotes && !io_ch(arg, "\"", 1)) return -1; | 365 | if(quotes && !io_ch(arg, "\"", 1)) return -1; |
| 364 | do_buf(str->data, str->length, type, flags, NULL, io_ch, arg); | 366 | if(do_buf(str->data, str->length, type, flags, NULL, io_ch, arg) < 0) |
| 367 | return -1; | ||
| 365 | if(quotes && !io_ch(arg, "\"", 1)) return -1; | 368 | if(quotes && !io_ch(arg, "\"", 1)) return -1; |
| 366 | return outlen; | 369 | return outlen; |
| 367 | } | 370 | } |
| @@ -513,7 +516,7 @@ int X509_NAME_print_ex(BIO *out, X509_NAME *nm, int indent, unsigned long flags) | |||
| 513 | return do_name_ex(send_bio_chars, out, nm, indent, flags); | 516 | return do_name_ex(send_bio_chars, out, nm, indent, flags); |
| 514 | } | 517 | } |
| 515 | 518 | ||
| 516 | 519 | #ifndef OPENSSL_NO_FP_API | |
| 517 | int X509_NAME_print_ex_fp(FILE *fp, X509_NAME *nm, int indent, unsigned long flags) | 520 | int X509_NAME_print_ex_fp(FILE *fp, X509_NAME *nm, int indent, unsigned long flags) |
| 518 | { | 521 | { |
| 519 | if(flags == XN_FLAG_COMPAT) | 522 | if(flags == XN_FLAG_COMPAT) |
| @@ -528,17 +531,19 @@ int X509_NAME_print_ex_fp(FILE *fp, X509_NAME *nm, int indent, unsigned long fla | |||
| 528 | } | 531 | } |
| 529 | return do_name_ex(send_fp_chars, fp, nm, indent, flags); | 532 | return do_name_ex(send_fp_chars, fp, nm, indent, flags); |
| 530 | } | 533 | } |
| 534 | #endif | ||
| 531 | 535 | ||
| 532 | int ASN1_STRING_print_ex(BIO *out, ASN1_STRING *str, unsigned long flags) | 536 | int ASN1_STRING_print_ex(BIO *out, ASN1_STRING *str, unsigned long flags) |
| 533 | { | 537 | { |
| 534 | return do_print_ex(send_bio_chars, out, flags, str); | 538 | return do_print_ex(send_bio_chars, out, flags, str); |
| 535 | } | 539 | } |
| 536 | 540 | ||
| 537 | 541 | #ifndef OPENSSL_NO_FP_API | |
| 538 | int ASN1_STRING_print_ex_fp(FILE *fp, ASN1_STRING *str, unsigned long flags) | 542 | int ASN1_STRING_print_ex_fp(FILE *fp, ASN1_STRING *str, unsigned long flags) |
| 539 | { | 543 | { |
| 540 | return do_print_ex(send_fp_chars, fp, flags, str); | 544 | return do_print_ex(send_fp_chars, fp, flags, str); |
| 541 | } | 545 | } |
| 546 | #endif | ||
| 542 | 547 | ||
| 543 | /* Utility function: convert any string type to UTF8, returns number of bytes | 548 | /* Utility function: convert any string type to UTF8, returns number of bytes |
| 544 | * in output string or a negative error code | 549 | * in output string or a negative error code |
| @@ -553,12 +558,7 @@ int ASN1_STRING_to_UTF8(unsigned char **out, ASN1_STRING *in) | |||
| 553 | if((type < 0) || (type > 30)) return -1; | 558 | if((type < 0) || (type > 30)) return -1; |
| 554 | mbflag = tag2nbyte[type]; | 559 | mbflag = tag2nbyte[type]; |
| 555 | if(mbflag == -1) return -1; | 560 | if(mbflag == -1) return -1; |
| 556 | if (mbflag == 0) | 561 | mbflag |= MBSTRING_FLAG; |
| 557 | mbflag = MBSTRING_UTF8; | ||
| 558 | else if (mbflag == 4) | ||
| 559 | mbflag = MBSTRING_UNIV; | ||
| 560 | else | ||
| 561 | mbflag |= MBSTRING_FLAG; | ||
| 562 | stmp.data = NULL; | 562 | stmp.data = NULL; |
| 563 | ret = ASN1_mbstring_copy(&str, in->data, in->length, mbflag, B_ASN1_UTF8STRING); | 563 | ret = ASN1_mbstring_copy(&str, in->data, in->length, mbflag, B_ASN1_UTF8STRING); |
| 564 | if(ret < 0) return ret; | 564 | if(ret < 0) return ret; |
diff --git a/src/lib/libssl/src/crypto/asn1/a_type.c b/src/lib/libssl/src/crypto/asn1/a_type.c index 2292d49b93..36beceacdb 100644 --- a/src/lib/libssl/src/crypto/asn1/a_type.c +++ b/src/lib/libssl/src/crypto/asn1/a_type.c | |||
| @@ -57,8 +57,9 @@ | |||
| 57 | */ | 57 | */ |
| 58 | 58 | ||
| 59 | #include <stdio.h> | 59 | #include <stdio.h> |
| 60 | #include <openssl/asn1t.h> | ||
| 61 | #include "cryptlib.h" | 60 | #include "cryptlib.h" |
| 61 | #include <openssl/asn1t.h> | ||
| 62 | #include <openssl/objects.h> | ||
| 62 | 63 | ||
| 63 | int ASN1_TYPE_get(ASN1_TYPE *a) | 64 | int ASN1_TYPE_get(ASN1_TYPE *a) |
| 64 | { | 65 | { |
| @@ -79,6 +80,31 @@ void ASN1_TYPE_set(ASN1_TYPE *a, int type, void *value) | |||
| 79 | a->value.ptr=value; | 80 | a->value.ptr=value; |
| 80 | } | 81 | } |
| 81 | 82 | ||
| 83 | int ASN1_TYPE_set1(ASN1_TYPE *a, int type, const void *value) | ||
| 84 | { | ||
| 85 | if (!value || (type == V_ASN1_BOOLEAN)) | ||
| 86 | { | ||
| 87 | void *p = (void *)value; | ||
| 88 | ASN1_TYPE_set(a, type, p); | ||
| 89 | } | ||
| 90 | else if (type == V_ASN1_OBJECT) | ||
| 91 | { | ||
| 92 | ASN1_OBJECT *odup; | ||
| 93 | odup = OBJ_dup(value); | ||
| 94 | if (!odup) | ||
| 95 | return 0; | ||
| 96 | ASN1_TYPE_set(a, type, odup); | ||
| 97 | } | ||
| 98 | else | ||
| 99 | { | ||
| 100 | ASN1_STRING *sdup; | ||
| 101 | sdup = ASN1_STRING_dup((ASN1_STRING *)value); | ||
| 102 | if (!sdup) | ||
| 103 | return 0; | ||
| 104 | ASN1_TYPE_set(a, type, sdup); | ||
| 105 | } | ||
| 106 | return 1; | ||
| 107 | } | ||
| 82 | 108 | ||
| 83 | IMPLEMENT_STACK_OF(ASN1_TYPE) | 109 | IMPLEMENT_STACK_OF(ASN1_TYPE) |
| 84 | IMPLEMENT_ASN1_SET_OF(ASN1_TYPE) | 110 | IMPLEMENT_ASN1_SET_OF(ASN1_TYPE) |
diff --git a/src/lib/libssl/src/crypto/asn1/a_utctm.c b/src/lib/libssl/src/crypto/asn1/a_utctm.c index 7b25fed331..d31c028193 100644 --- a/src/lib/libssl/src/crypto/asn1/a_utctm.c +++ b/src/lib/libssl/src/crypto/asn1/a_utctm.c | |||
| @@ -162,7 +162,7 @@ err: | |||
| 162 | return(0); | 162 | return(0); |
| 163 | } | 163 | } |
| 164 | 164 | ||
| 165 | int ASN1_UTCTIME_set_string(ASN1_UTCTIME *s, char *str) | 165 | int ASN1_UTCTIME_set_string(ASN1_UTCTIME *s, const char *str) |
| 166 | { | 166 | { |
| 167 | ASN1_UTCTIME t; | 167 | ASN1_UTCTIME t; |
| 168 | 168 | ||
diff --git a/src/lib/libssl/src/crypto/asn1/a_verify.c b/src/lib/libssl/src/crypto/asn1/a_verify.c index 18ef0acf00..fdce6e4380 100644 --- a/src/lib/libssl/src/crypto/asn1/a_verify.c +++ b/src/lib/libssl/src/crypto/asn1/a_verify.c | |||
| @@ -73,8 +73,8 @@ | |||
| 73 | 73 | ||
| 74 | #ifndef NO_ASN1_OLD | 74 | #ifndef NO_ASN1_OLD |
| 75 | 75 | ||
| 76 | int ASN1_verify(int (*i2d)(), X509_ALGOR *a, ASN1_BIT_STRING *signature, | 76 | int ASN1_verify(i2d_of_void *i2d, X509_ALGOR *a, ASN1_BIT_STRING *signature, |
| 77 | char *data, EVP_PKEY *pkey) | 77 | char *data, EVP_PKEY *pkey) |
| 78 | { | 78 | { |
| 79 | EVP_MD_CTX ctx; | 79 | EVP_MD_CTX ctx; |
| 80 | const EVP_MD *type; | 80 | const EVP_MD *type; |
| @@ -138,13 +138,13 @@ int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, ASN1_BIT_STRING *signat | |||
| 138 | type=EVP_get_digestbyname(OBJ_nid2sn(i)); | 138 | type=EVP_get_digestbyname(OBJ_nid2sn(i)); |
| 139 | if (type == NULL) | 139 | if (type == NULL) |
| 140 | { | 140 | { |
| 141 | ASN1err(ASN1_F_ASN1_VERIFY,ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM); | 141 | ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM); |
| 142 | goto err; | 142 | goto err; |
| 143 | } | 143 | } |
| 144 | 144 | ||
| 145 | if (!EVP_VerifyInit_ex(&ctx,type, NULL)) | 145 | if (!EVP_VerifyInit_ex(&ctx,type, NULL)) |
| 146 | { | 146 | { |
| 147 | ASN1err(ASN1_F_ASN1_VERIFY,ERR_R_EVP_LIB); | 147 | ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ERR_R_EVP_LIB); |
| 148 | ret=0; | 148 | ret=0; |
| 149 | goto err; | 149 | goto err; |
| 150 | } | 150 | } |
| @@ -153,7 +153,7 @@ int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, ASN1_BIT_STRING *signat | |||
| 153 | 153 | ||
| 154 | if (buf_in == NULL) | 154 | if (buf_in == NULL) |
| 155 | { | 155 | { |
| 156 | ASN1err(ASN1_F_ASN1_VERIFY,ERR_R_MALLOC_FAILURE); | 156 | ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ERR_R_MALLOC_FAILURE); |
| 157 | goto err; | 157 | goto err; |
| 158 | } | 158 | } |
| 159 | 159 | ||
| @@ -165,7 +165,7 @@ int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, ASN1_BIT_STRING *signat | |||
| 165 | if (EVP_VerifyFinal(&ctx,(unsigned char *)signature->data, | 165 | if (EVP_VerifyFinal(&ctx,(unsigned char *)signature->data, |
| 166 | (unsigned int)signature->length,pkey) <= 0) | 166 | (unsigned int)signature->length,pkey) <= 0) |
| 167 | { | 167 | { |
| 168 | ASN1err(ASN1_F_ASN1_VERIFY,ERR_R_EVP_LIB); | 168 | ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ERR_R_EVP_LIB); |
| 169 | ret=0; | 169 | ret=0; |
| 170 | goto err; | 170 | goto err; |
| 171 | } | 171 | } |
diff --git a/src/lib/libssl/src/crypto/asn1/asn1.h b/src/lib/libssl/src/crypto/asn1/asn1.h index 0184b475a7..424cd348bb 100644 --- a/src/lib/libssl/src/crypto/asn1/asn1.h +++ b/src/lib/libssl/src/crypto/asn1/asn1.h | |||
| @@ -60,17 +60,19 @@ | |||
| 60 | #define HEADER_ASN1_H | 60 | #define HEADER_ASN1_H |
| 61 | 61 | ||
| 62 | #include <time.h> | 62 | #include <time.h> |
| 63 | #include <openssl/e_os2.h> | ||
| 63 | #ifndef OPENSSL_NO_BIO | 64 | #ifndef OPENSSL_NO_BIO |
| 64 | #include <openssl/bio.h> | 65 | #include <openssl/bio.h> |
| 65 | #endif | 66 | #endif |
| 66 | #include <openssl/e_os2.h> | ||
| 67 | #include <openssl/bn.h> | ||
| 68 | #include <openssl/stack.h> | 67 | #include <openssl/stack.h> |
| 69 | #include <openssl/safestack.h> | 68 | #include <openssl/safestack.h> |
| 70 | 69 | ||
| 71 | #include <openssl/symhacks.h> | 70 | #include <openssl/symhacks.h> |
| 72 | 71 | ||
| 73 | #include <openssl/ossl_typ.h> | 72 | #include <openssl/ossl_typ.h> |
| 73 | #ifndef OPENSSL_NO_DEPRECATED | ||
| 74 | #include <openssl/bn.h> | ||
| 75 | #endif | ||
| 74 | 76 | ||
| 75 | #ifdef OPENSSL_BUILD_SHLIBCRYPTO | 77 | #ifdef OPENSSL_BUILD_SHLIBCRYPTO |
| 76 | # undef OPENSSL_EXTERN | 78 | # undef OPENSSL_EXTERN |
| @@ -147,19 +149,29 @@ extern "C" { | |||
| 147 | #define B_ASN1_UTF8STRING 0x2000 | 149 | #define B_ASN1_UTF8STRING 0x2000 |
| 148 | #define B_ASN1_UTCTIME 0x4000 | 150 | #define B_ASN1_UTCTIME 0x4000 |
| 149 | #define B_ASN1_GENERALIZEDTIME 0x8000 | 151 | #define B_ASN1_GENERALIZEDTIME 0x8000 |
| 152 | #define B_ASN1_SEQUENCE 0x10000 | ||
| 150 | 153 | ||
| 151 | /* For use with ASN1_mbstring_copy() */ | 154 | /* For use with ASN1_mbstring_copy() */ |
| 152 | #define MBSTRING_FLAG 0x1000 | 155 | #define MBSTRING_FLAG 0x1000 |
| 156 | #define MBSTRING_UTF8 (MBSTRING_FLAG) | ||
| 153 | #define MBSTRING_ASC (MBSTRING_FLAG|1) | 157 | #define MBSTRING_ASC (MBSTRING_FLAG|1) |
| 154 | #define MBSTRING_BMP (MBSTRING_FLAG|2) | 158 | #define MBSTRING_BMP (MBSTRING_FLAG|2) |
| 155 | #define MBSTRING_UNIV (MBSTRING_FLAG|3) | 159 | #define MBSTRING_UNIV (MBSTRING_FLAG|4) |
| 156 | #define MBSTRING_UTF8 (MBSTRING_FLAG|4) | 160 | |
| 161 | #define SMIME_OLDMIME 0x400 | ||
| 162 | #define SMIME_CRLFEOL 0x800 | ||
| 163 | #define SMIME_STREAM 0x1000 | ||
| 157 | 164 | ||
| 158 | struct X509_algor_st; | 165 | struct X509_algor_st; |
| 166 | DECLARE_STACK_OF(X509_ALGOR) | ||
| 159 | 167 | ||
| 160 | #define DECLARE_ASN1_SET_OF(type) /* filled in by mkstack.pl */ | 168 | #define DECLARE_ASN1_SET_OF(type) /* filled in by mkstack.pl */ |
| 161 | #define IMPLEMENT_ASN1_SET_OF(type) /* nothing, no longer needed */ | 169 | #define IMPLEMENT_ASN1_SET_OF(type) /* nothing, no longer needed */ |
| 162 | 170 | ||
| 171 | /* We MUST make sure that, except for constness, asn1_ctx_st and | ||
| 172 | asn1_const_ctx are exactly the same. Fortunately, as soon as | ||
| 173 | the old ASN1 parsing macros are gone, we can throw this away | ||
| 174 | as well... */ | ||
| 163 | typedef struct asn1_ctx_st | 175 | typedef struct asn1_ctx_st |
| 164 | { | 176 | { |
| 165 | unsigned char *p;/* work char pointer */ | 177 | unsigned char *p;/* work char pointer */ |
| @@ -175,6 +187,21 @@ typedef struct asn1_ctx_st | |||
| 175 | int line; /* used in error processing */ | 187 | int line; /* used in error processing */ |
| 176 | } ASN1_CTX; | 188 | } ASN1_CTX; |
| 177 | 189 | ||
| 190 | typedef struct asn1_const_ctx_st | ||
| 191 | { | ||
| 192 | const unsigned char *p;/* work char pointer */ | ||
| 193 | int eos; /* end of sequence read for indefinite encoding */ | ||
| 194 | int error; /* error code to use when returning an error */ | ||
| 195 | int inf; /* constructed if 0x20, indefinite is 0x21 */ | ||
| 196 | int tag; /* tag from last 'get object' */ | ||
| 197 | int xclass; /* class from last 'get object' */ | ||
| 198 | long slen; /* length of last 'get object' */ | ||
| 199 | const unsigned char *max; /* largest value of p allowed */ | ||
| 200 | const unsigned char *q;/* temporary variable */ | ||
| 201 | const unsigned char **pp;/* variable */ | ||
| 202 | int line; /* used in error processing */ | ||
| 203 | } ASN1_const_CTX; | ||
| 204 | |||
| 178 | /* These are used internally in the ASN1_OBJECT to keep track of | 205 | /* These are used internally in the ASN1_OBJECT to keep track of |
| 179 | * whether the names and data need to be free()ed */ | 206 | * whether the names and data need to be free()ed */ |
| 180 | #define ASN1_OBJECT_FLAG_DYNAMIC 0x01 /* internal use */ | 207 | #define ASN1_OBJECT_FLAG_DYNAMIC 0x01 /* internal use */ |
| @@ -191,6 +218,18 @@ typedef struct asn1_object_st | |||
| 191 | } ASN1_OBJECT; | 218 | } ASN1_OBJECT; |
| 192 | 219 | ||
| 193 | #define ASN1_STRING_FLAG_BITS_LEFT 0x08 /* Set if 0x07 has bits left value */ | 220 | #define ASN1_STRING_FLAG_BITS_LEFT 0x08 /* Set if 0x07 has bits left value */ |
| 221 | /* This indicates that the ASN1_STRING is not a real value but just a place | ||
| 222 | * holder for the location where indefinite length constructed data should | ||
| 223 | * be inserted in the memory buffer | ||
| 224 | */ | ||
| 225 | #define ASN1_STRING_FLAG_NDEF 0x010 | ||
| 226 | |||
| 227 | /* This flag is used by the CMS code to indicate that a string is not | ||
| 228 | * complete and is a place holder for content when it had all been | ||
| 229 | * accessed. The flag will be reset when content has been written to it. | ||
| 230 | */ | ||
| 231 | #define ASN1_STRING_FLAG_CONT 0x020 | ||
| 232 | |||
| 194 | /* This is the base type that holds just about everything :-) */ | 233 | /* This is the base type that holds just about everything :-) */ |
| 195 | typedef struct asn1_string_st | 234 | typedef struct asn1_string_st |
| 196 | { | 235 | { |
| @@ -259,18 +298,19 @@ typedef struct ASN1_VALUE_st ASN1_VALUE; | |||
| 259 | 298 | ||
| 260 | #define DECLARE_ASN1_FUNCTIONS(type) DECLARE_ASN1_FUNCTIONS_name(type, type) | 299 | #define DECLARE_ASN1_FUNCTIONS(type) DECLARE_ASN1_FUNCTIONS_name(type, type) |
| 261 | 300 | ||
| 301 | #define DECLARE_ASN1_ALLOC_FUNCTIONS(type) \ | ||
| 302 | DECLARE_ASN1_ALLOC_FUNCTIONS_name(type, type) | ||
| 303 | |||
| 262 | #define DECLARE_ASN1_FUNCTIONS_name(type, name) \ | 304 | #define DECLARE_ASN1_FUNCTIONS_name(type, name) \ |
| 263 | type *name##_new(void); \ | 305 | DECLARE_ASN1_ALLOC_FUNCTIONS_name(type, name) \ |
| 264 | void name##_free(type *a); \ | ||
| 265 | DECLARE_ASN1_ENCODE_FUNCTIONS(type, name, name) | 306 | DECLARE_ASN1_ENCODE_FUNCTIONS(type, name, name) |
| 266 | 307 | ||
| 267 | #define DECLARE_ASN1_FUNCTIONS_fname(type, itname, name) \ | 308 | #define DECLARE_ASN1_FUNCTIONS_fname(type, itname, name) \ |
| 268 | type *name##_new(void); \ | 309 | DECLARE_ASN1_ALLOC_FUNCTIONS_name(type, name) \ |
| 269 | void name##_free(type *a); \ | ||
| 270 | DECLARE_ASN1_ENCODE_FUNCTIONS(type, itname, name) | 310 | DECLARE_ASN1_ENCODE_FUNCTIONS(type, itname, name) |
| 271 | 311 | ||
| 272 | #define DECLARE_ASN1_ENCODE_FUNCTIONS(type, itname, name) \ | 312 | #define DECLARE_ASN1_ENCODE_FUNCTIONS(type, itname, name) \ |
| 273 | type *d2i_##name(type **a, unsigned char **in, long len); \ | 313 | type *d2i_##name(type **a, const unsigned char **in, long len); \ |
| 274 | int i2d_##name(type *a, unsigned char **out); \ | 314 | int i2d_##name(type *a, unsigned char **out); \ |
| 275 | DECLARE_ASN1_ITEM(itname) | 315 | DECLARE_ASN1_ITEM(itname) |
| 276 | 316 | ||
| @@ -279,10 +319,37 @@ typedef struct ASN1_VALUE_st ASN1_VALUE; | |||
| 279 | int i2d_##name(const type *a, unsigned char **out); \ | 319 | int i2d_##name(const type *a, unsigned char **out); \ |
| 280 | DECLARE_ASN1_ITEM(name) | 320 | DECLARE_ASN1_ITEM(name) |
| 281 | 321 | ||
| 322 | #define DECLARE_ASN1_NDEF_FUNCTION(name) \ | ||
| 323 | int i2d_##name##_NDEF(name *a, unsigned char **out); | ||
| 324 | |||
| 282 | #define DECLARE_ASN1_FUNCTIONS_const(name) \ | 325 | #define DECLARE_ASN1_FUNCTIONS_const(name) \ |
| 283 | name *name##_new(void); \ | 326 | DECLARE_ASN1_ALLOC_FUNCTIONS(name) \ |
| 284 | void name##_free(name *a); | 327 | DECLARE_ASN1_ENCODE_FUNCTIONS_const(name, name) |
| 285 | 328 | ||
| 329 | #define DECLARE_ASN1_ALLOC_FUNCTIONS_name(type, name) \ | ||
| 330 | type *name##_new(void); \ | ||
| 331 | void name##_free(type *a); | ||
| 332 | |||
| 333 | #define D2I_OF(type) type *(*)(type **,const unsigned char **,long) | ||
| 334 | #define I2D_OF(type) int (*)(type *,unsigned char **) | ||
| 335 | #define I2D_OF_const(type) int (*)(const type *,unsigned char **) | ||
| 336 | |||
| 337 | #define CHECKED_D2I_OF(type, d2i) \ | ||
| 338 | ((d2i_of_void*) (1 ? d2i : ((D2I_OF(type))0))) | ||
| 339 | #define CHECKED_I2D_OF(type, i2d) \ | ||
| 340 | ((i2d_of_void*) (1 ? i2d : ((I2D_OF(type))0))) | ||
| 341 | #define CHECKED_NEW_OF(type, xnew) \ | ||
| 342 | ((void *(*)(void)) (1 ? xnew : ((type *(*)(void))0))) | ||
| 343 | #define CHECKED_PTR_OF(type, p) \ | ||
| 344 | ((void*) (1 ? p : (type*)0)) | ||
| 345 | #define CHECKED_PPTR_OF(type, p) \ | ||
| 346 | ((void**) (1 ? p : (type**)0)) | ||
| 347 | |||
| 348 | #define TYPEDEF_D2I_OF(type) typedef type *d2i_of_##type(type **,const unsigned char **,long) | ||
| 349 | #define TYPEDEF_I2D_OF(type) typedef int i2d_of_##type(type *,unsigned char **) | ||
| 350 | #define TYPEDEF_D2I2D_OF(type) TYPEDEF_D2I_OF(type); TYPEDEF_I2D_OF(type) | ||
| 351 | |||
| 352 | TYPEDEF_D2I2D_OF(void); | ||
| 286 | 353 | ||
| 287 | /* The following macros and typedefs allow an ASN1_ITEM | 354 | /* The following macros and typedefs allow an ASN1_ITEM |
| 288 | * to be embedded in a structure and referenced. Since | 355 | * to be embedded in a structure and referenced. Since |
| @@ -467,6 +534,7 @@ typedef struct asn1_type_st | |||
| 467 | * contain the set or sequence bytes */ | 534 | * contain the set or sequence bytes */ |
| 468 | ASN1_STRING * set; | 535 | ASN1_STRING * set; |
| 469 | ASN1_STRING * sequence; | 536 | ASN1_STRING * sequence; |
| 537 | ASN1_VALUE * asn1_value; | ||
| 470 | } value; | 538 | } value; |
| 471 | } ASN1_TYPE; | 539 | } ASN1_TYPE; |
| 472 | 540 | ||
| @@ -475,17 +543,17 @@ DECLARE_ASN1_SET_OF(ASN1_TYPE) | |||
| 475 | 543 | ||
| 476 | typedef struct asn1_method_st | 544 | typedef struct asn1_method_st |
| 477 | { | 545 | { |
| 478 | int (*i2d)(); | 546 | i2d_of_void *i2d; |
| 479 | char *(*d2i)(); | 547 | d2i_of_void *d2i; |
| 480 | char *(*create)(); | 548 | void *(*create)(void); |
| 481 | void (*destroy)(); | 549 | void (*destroy)(void *); |
| 482 | } ASN1_METHOD; | 550 | } ASN1_METHOD; |
| 483 | 551 | ||
| 484 | /* This is used when parsing some Netscape objects */ | 552 | /* This is used when parsing some Netscape objects */ |
| 485 | typedef struct asn1_header_st | 553 | typedef struct asn1_header_st |
| 486 | { | 554 | { |
| 487 | ASN1_OCTET_STRING *header; | 555 | ASN1_OCTET_STRING *header; |
| 488 | char *data; | 556 | void *data; |
| 489 | ASN1_METHOD *meth; | 557 | ASN1_METHOD *meth; |
| 490 | } ASN1_HEADER; | 558 | } ASN1_HEADER; |
| 491 | 559 | ||
| @@ -551,6 +619,7 @@ typedef struct BIT_STRING_BITNAME_st { | |||
| 551 | B_ASN1_UNIVERSALSTRING|\ | 619 | B_ASN1_UNIVERSALSTRING|\ |
| 552 | B_ASN1_BMPSTRING|\ | 620 | B_ASN1_BMPSTRING|\ |
| 553 | B_ASN1_UTF8STRING|\ | 621 | B_ASN1_UTF8STRING|\ |
| 622 | B_ASN1_SEQUENCE|\ | ||
| 554 | B_ASN1_UNKNOWN | 623 | B_ASN1_UNKNOWN |
| 555 | 624 | ||
| 556 | #define B_ASN1_DIRECTORYSTRING \ | 625 | #define B_ASN1_DIRECTORYSTRING \ |
| @@ -696,13 +765,14 @@ DECLARE_ASN1_FUNCTIONS_fname(ASN1_TYPE, ASN1_ANY, ASN1_TYPE) | |||
| 696 | 765 | ||
| 697 | int ASN1_TYPE_get(ASN1_TYPE *a); | 766 | int ASN1_TYPE_get(ASN1_TYPE *a); |
| 698 | void ASN1_TYPE_set(ASN1_TYPE *a, int type, void *value); | 767 | void ASN1_TYPE_set(ASN1_TYPE *a, int type, void *value); |
| 768 | int ASN1_TYPE_set1(ASN1_TYPE *a, int type, const void *value); | ||
| 699 | 769 | ||
| 700 | ASN1_OBJECT * ASN1_OBJECT_new(void ); | 770 | ASN1_OBJECT * ASN1_OBJECT_new(void ); |
| 701 | void ASN1_OBJECT_free(ASN1_OBJECT *a); | 771 | void ASN1_OBJECT_free(ASN1_OBJECT *a); |
| 702 | int i2d_ASN1_OBJECT(ASN1_OBJECT *a,unsigned char **pp); | 772 | int i2d_ASN1_OBJECT(ASN1_OBJECT *a,unsigned char **pp); |
| 703 | ASN1_OBJECT * c2i_ASN1_OBJECT(ASN1_OBJECT **a,unsigned char **pp, | 773 | ASN1_OBJECT * c2i_ASN1_OBJECT(ASN1_OBJECT **a,const unsigned char **pp, |
| 704 | long length); | 774 | long length); |
| 705 | ASN1_OBJECT * d2i_ASN1_OBJECT(ASN1_OBJECT **a,unsigned char **pp, | 775 | ASN1_OBJECT * d2i_ASN1_OBJECT(ASN1_OBJECT **a,const unsigned char **pp, |
| 706 | long length); | 776 | long length); |
| 707 | 777 | ||
| 708 | DECLARE_ASN1_ITEM(ASN1_OBJECT) | 778 | DECLARE_ASN1_ITEM(ASN1_OBJECT) |
| @@ -718,6 +788,7 @@ int ASN1_STRING_cmp(ASN1_STRING *a, ASN1_STRING *b); | |||
| 718 | /* Since this is used to store all sorts of things, via macros, for now, make | 788 | /* Since this is used to store all sorts of things, via macros, for now, make |
| 719 | its data void * */ | 789 | its data void * */ |
| 720 | int ASN1_STRING_set(ASN1_STRING *str, const void *data, int len); | 790 | int ASN1_STRING_set(ASN1_STRING *str, const void *data, int len); |
| 791 | void ASN1_STRING_set0(ASN1_STRING *str, void *data, int len); | ||
| 721 | int ASN1_STRING_length(ASN1_STRING *x); | 792 | int ASN1_STRING_length(ASN1_STRING *x); |
| 722 | void ASN1_STRING_length_set(ASN1_STRING *x, int n); | 793 | void ASN1_STRING_length_set(ASN1_STRING *x, int n); |
| 723 | int ASN1_STRING_type(ASN1_STRING *x); | 794 | int ASN1_STRING_type(ASN1_STRING *x); |
| @@ -725,7 +796,7 @@ unsigned char * ASN1_STRING_data(ASN1_STRING *x); | |||
| 725 | 796 | ||
| 726 | DECLARE_ASN1_FUNCTIONS(ASN1_BIT_STRING) | 797 | DECLARE_ASN1_FUNCTIONS(ASN1_BIT_STRING) |
| 727 | int i2c_ASN1_BIT_STRING(ASN1_BIT_STRING *a,unsigned char **pp); | 798 | int i2c_ASN1_BIT_STRING(ASN1_BIT_STRING *a,unsigned char **pp); |
| 728 | ASN1_BIT_STRING *c2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a,unsigned char **pp, | 799 | ASN1_BIT_STRING *c2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a,const unsigned char **pp, |
| 729 | long length); | 800 | long length); |
| 730 | int ASN1_BIT_STRING_set(ASN1_BIT_STRING *a, unsigned char *d, | 801 | int ASN1_BIT_STRING_set(ASN1_BIT_STRING *a, unsigned char *d, |
| 731 | int length ); | 802 | int length ); |
| @@ -741,13 +812,13 @@ int ASN1_BIT_STRING_set_asc(ASN1_BIT_STRING *bs, char *name, int value, | |||
| 741 | BIT_STRING_BITNAME *tbl); | 812 | BIT_STRING_BITNAME *tbl); |
| 742 | 813 | ||
| 743 | int i2d_ASN1_BOOLEAN(int a,unsigned char **pp); | 814 | int i2d_ASN1_BOOLEAN(int a,unsigned char **pp); |
| 744 | int d2i_ASN1_BOOLEAN(int *a,unsigned char **pp,long length); | 815 | int d2i_ASN1_BOOLEAN(int *a,const unsigned char **pp,long length); |
| 745 | 816 | ||
| 746 | DECLARE_ASN1_FUNCTIONS(ASN1_INTEGER) | 817 | DECLARE_ASN1_FUNCTIONS(ASN1_INTEGER) |
| 747 | int i2c_ASN1_INTEGER(ASN1_INTEGER *a,unsigned char **pp); | 818 | int i2c_ASN1_INTEGER(ASN1_INTEGER *a,unsigned char **pp); |
| 748 | ASN1_INTEGER *c2i_ASN1_INTEGER(ASN1_INTEGER **a,unsigned char **pp, | 819 | ASN1_INTEGER *c2i_ASN1_INTEGER(ASN1_INTEGER **a,const unsigned char **pp, |
| 749 | long length); | 820 | long length); |
| 750 | ASN1_INTEGER *d2i_ASN1_UINTEGER(ASN1_INTEGER **a,unsigned char **pp, | 821 | ASN1_INTEGER *d2i_ASN1_UINTEGER(ASN1_INTEGER **a,const unsigned char **pp, |
| 751 | long length); | 822 | long length); |
| 752 | ASN1_INTEGER * ASN1_INTEGER_dup(ASN1_INTEGER *x); | 823 | ASN1_INTEGER * ASN1_INTEGER_dup(ASN1_INTEGER *x); |
| 753 | int ASN1_INTEGER_cmp(ASN1_INTEGER *x, ASN1_INTEGER *y); | 824 | int ASN1_INTEGER_cmp(ASN1_INTEGER *x, ASN1_INTEGER *y); |
| @@ -756,7 +827,7 @@ DECLARE_ASN1_FUNCTIONS(ASN1_ENUMERATED) | |||
| 756 | 827 | ||
| 757 | int ASN1_UTCTIME_check(ASN1_UTCTIME *a); | 828 | int ASN1_UTCTIME_check(ASN1_UTCTIME *a); |
| 758 | ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s,time_t t); | 829 | ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s,time_t t); |
| 759 | int ASN1_UTCTIME_set_string(ASN1_UTCTIME *s, char *str); | 830 | int ASN1_UTCTIME_set_string(ASN1_UTCTIME *s, const char *str); |
| 760 | int ASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *s, time_t t); | 831 | int ASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *s, time_t t); |
| 761 | #if 0 | 832 | #if 0 |
| 762 | time_t ASN1_UTCTIME_get(const ASN1_UTCTIME *s); | 833 | time_t ASN1_UTCTIME_get(const ASN1_UTCTIME *s); |
| @@ -764,12 +835,12 @@ time_t ASN1_UTCTIME_get(const ASN1_UTCTIME *s); | |||
| 764 | 835 | ||
| 765 | int ASN1_GENERALIZEDTIME_check(ASN1_GENERALIZEDTIME *a); | 836 | int ASN1_GENERALIZEDTIME_check(ASN1_GENERALIZEDTIME *a); |
| 766 | ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_set(ASN1_GENERALIZEDTIME *s,time_t t); | 837 | ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_set(ASN1_GENERALIZEDTIME *s,time_t t); |
| 767 | int ASN1_GENERALIZEDTIME_set_string(ASN1_GENERALIZEDTIME *s, char *str); | 838 | int ASN1_GENERALIZEDTIME_set_string(ASN1_GENERALIZEDTIME *s, const char *str); |
| 768 | 839 | ||
| 769 | DECLARE_ASN1_FUNCTIONS(ASN1_OCTET_STRING) | 840 | DECLARE_ASN1_FUNCTIONS(ASN1_OCTET_STRING) |
| 770 | ASN1_OCTET_STRING * ASN1_OCTET_STRING_dup(ASN1_OCTET_STRING *a); | 841 | ASN1_OCTET_STRING * ASN1_OCTET_STRING_dup(ASN1_OCTET_STRING *a); |
| 771 | int ASN1_OCTET_STRING_cmp(ASN1_OCTET_STRING *a, ASN1_OCTET_STRING *b); | 842 | int ASN1_OCTET_STRING_cmp(ASN1_OCTET_STRING *a, ASN1_OCTET_STRING *b); |
| 772 | int ASN1_OCTET_STRING_set(ASN1_OCTET_STRING *str, unsigned char *data, int len); | 843 | int ASN1_OCTET_STRING_set(ASN1_OCTET_STRING *str, const unsigned char *data, int len); |
| 773 | 844 | ||
| 774 | DECLARE_ASN1_FUNCTIONS(ASN1_VISIBLESTRING) | 845 | DECLARE_ASN1_FUNCTIONS(ASN1_VISIBLESTRING) |
| 775 | DECLARE_ASN1_FUNCTIONS(ASN1_UNIVERSALSTRING) | 846 | DECLARE_ASN1_FUNCTIONS(ASN1_UNIVERSALSTRING) |
| @@ -792,15 +863,17 @@ DECLARE_ASN1_FUNCTIONS(ASN1_UTCTIME) | |||
| 792 | DECLARE_ASN1_FUNCTIONS(ASN1_GENERALIZEDTIME) | 863 | DECLARE_ASN1_FUNCTIONS(ASN1_GENERALIZEDTIME) |
| 793 | DECLARE_ASN1_FUNCTIONS(ASN1_TIME) | 864 | DECLARE_ASN1_FUNCTIONS(ASN1_TIME) |
| 794 | 865 | ||
| 866 | DECLARE_ASN1_ITEM(ASN1_OCTET_STRING_NDEF) | ||
| 867 | |||
| 795 | ASN1_TIME *ASN1_TIME_set(ASN1_TIME *s,time_t t); | 868 | ASN1_TIME *ASN1_TIME_set(ASN1_TIME *s,time_t t); |
| 796 | int ASN1_TIME_check(ASN1_TIME *t); | 869 | int ASN1_TIME_check(ASN1_TIME *t); |
| 797 | ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(ASN1_TIME *t, ASN1_GENERALIZEDTIME **out); | 870 | ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(ASN1_TIME *t, ASN1_GENERALIZEDTIME **out); |
| 798 | 871 | ||
| 799 | int i2d_ASN1_SET(STACK *a, unsigned char **pp, | 872 | int i2d_ASN1_SET(STACK *a, unsigned char **pp, |
| 800 | int (*func)(), int ex_tag, int ex_class, int is_set); | 873 | i2d_of_void *i2d, int ex_tag, int ex_class, int is_set); |
| 801 | STACK * d2i_ASN1_SET(STACK **a, unsigned char **pp, long length, | 874 | STACK * d2i_ASN1_SET(STACK **a, const unsigned char **pp, long length, |
| 802 | char *(*func)(), void (*free_func)(void *), | 875 | d2i_of_void *d2i, void (*free_func)(void *), |
| 803 | int ex_tag, int ex_class); | 876 | int ex_tag, int ex_class); |
| 804 | 877 | ||
| 805 | #ifndef OPENSSL_NO_BIO | 878 | #ifndef OPENSSL_NO_BIO |
| 806 | int i2a_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *a); | 879 | int i2a_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *a); |
| @@ -832,33 +905,70 @@ BIGNUM *ASN1_ENUMERATED_to_BN(ASN1_ENUMERATED *ai,BIGNUM *bn); | |||
| 832 | int ASN1_PRINTABLE_type(const unsigned char *s, int max); | 905 | int ASN1_PRINTABLE_type(const unsigned char *s, int max); |
| 833 | 906 | ||
| 834 | int i2d_ASN1_bytes(ASN1_STRING *a, unsigned char **pp, int tag, int xclass); | 907 | int i2d_ASN1_bytes(ASN1_STRING *a, unsigned char **pp, int tag, int xclass); |
| 835 | ASN1_STRING *d2i_ASN1_bytes(ASN1_STRING **a, unsigned char **pp, | 908 | ASN1_STRING *d2i_ASN1_bytes(ASN1_STRING **a, const unsigned char **pp, |
| 836 | long length, int Ptag, int Pclass); | 909 | long length, int Ptag, int Pclass); |
| 837 | unsigned long ASN1_tag2bit(int tag); | 910 | unsigned long ASN1_tag2bit(int tag); |
| 838 | /* type is one or more of the B_ASN1_ values. */ | 911 | /* type is one or more of the B_ASN1_ values. */ |
| 839 | ASN1_STRING *d2i_ASN1_type_bytes(ASN1_STRING **a,unsigned char **pp, | 912 | ASN1_STRING *d2i_ASN1_type_bytes(ASN1_STRING **a,const unsigned char **pp, |
| 840 | long length,int type); | 913 | long length,int type); |
| 841 | 914 | ||
| 842 | /* PARSING */ | 915 | /* PARSING */ |
| 843 | int asn1_Finish(ASN1_CTX *c); | 916 | int asn1_Finish(ASN1_CTX *c); |
| 917 | int asn1_const_Finish(ASN1_const_CTX *c); | ||
| 844 | 918 | ||
| 845 | /* SPECIALS */ | 919 | /* SPECIALS */ |
| 846 | int ASN1_get_object(unsigned char **pp, long *plength, int *ptag, | 920 | int ASN1_get_object(const unsigned char **pp, long *plength, int *ptag, |
| 847 | int *pclass, long omax); | 921 | int *pclass, long omax); |
| 848 | int ASN1_check_infinite_end(unsigned char **p,long len); | 922 | int ASN1_check_infinite_end(unsigned char **p,long len); |
| 923 | int ASN1_const_check_infinite_end(const unsigned char **p,long len); | ||
| 849 | void ASN1_put_object(unsigned char **pp, int constructed, int length, | 924 | void ASN1_put_object(unsigned char **pp, int constructed, int length, |
| 850 | int tag, int xclass); | 925 | int tag, int xclass); |
| 926 | int ASN1_put_eoc(unsigned char **pp); | ||
| 851 | int ASN1_object_size(int constructed, int length, int tag); | 927 | int ASN1_object_size(int constructed, int length, int tag); |
| 852 | 928 | ||
| 853 | /* Used to implement other functions */ | 929 | /* Used to implement other functions */ |
| 854 | char *ASN1_dup(int (*i2d)(),char *(*d2i)(),char *x); | 930 | void *ASN1_dup(i2d_of_void *i2d, d2i_of_void *d2i, char *x); |
| 931 | |||
| 932 | #define ASN1_dup_of(type,i2d,d2i,x) \ | ||
| 933 | ((type*)ASN1_dup(CHECKED_I2D_OF(type, i2d), \ | ||
| 934 | CHECKED_D2I_OF(type, d2i), \ | ||
| 935 | CHECKED_PTR_OF(type, x))) | ||
| 936 | |||
| 937 | #define ASN1_dup_of_const(type,i2d,d2i,x) \ | ||
| 938 | ((type*)ASN1_dup(CHECKED_I2D_OF(const type, i2d), \ | ||
| 939 | CHECKED_D2I_OF(type, d2i), \ | ||
| 940 | CHECKED_PTR_OF(const type, x))) | ||
| 855 | 941 | ||
| 856 | void *ASN1_item_dup(const ASN1_ITEM *it, void *x); | 942 | void *ASN1_item_dup(const ASN1_ITEM *it, void *x); |
| 857 | 943 | ||
| 944 | /* ASN1 alloc/free macros for when a type is only used internally */ | ||
| 945 | |||
| 946 | #define M_ASN1_new_of(type) (type *)ASN1_item_new(ASN1_ITEM_rptr(type)) | ||
| 947 | #define M_ASN1_free_of(x, type) \ | ||
| 948 | ASN1_item_free(CHECKED_PTR_OF(type, x), ASN1_ITEM_rptr(type)) | ||
| 949 | |||
| 858 | #ifndef OPENSSL_NO_FP_API | 950 | #ifndef OPENSSL_NO_FP_API |
| 859 | char *ASN1_d2i_fp(char *(*xnew)(),char *(*d2i)(),FILE *fp,unsigned char **x); | 951 | void *ASN1_d2i_fp(void *(*xnew)(void), d2i_of_void *d2i, FILE *in, void **x); |
| 952 | |||
| 953 | #define ASN1_d2i_fp_of(type,xnew,d2i,in,x) \ | ||
| 954 | ((type*)ASN1_d2i_fp(CHECKED_NEW_OF(type, xnew), \ | ||
| 955 | CHECKED_D2I_OF(type, d2i), \ | ||
| 956 | in, \ | ||
| 957 | CHECKED_PPTR_OF(type, x))) | ||
| 958 | |||
| 860 | void *ASN1_item_d2i_fp(const ASN1_ITEM *it, FILE *in, void *x); | 959 | void *ASN1_item_d2i_fp(const ASN1_ITEM *it, FILE *in, void *x); |
| 861 | int ASN1_i2d_fp(int (*i2d)(),FILE *out,unsigned char *x); | 960 | int ASN1_i2d_fp(i2d_of_void *i2d,FILE *out,void *x); |
| 961 | |||
| 962 | #define ASN1_i2d_fp_of(type,i2d,out,x) \ | ||
| 963 | (ASN1_i2d_fp(CHECKED_I2D_OF(type, i2d), \ | ||
| 964 | out, \ | ||
| 965 | CHECKED_PTR_OF(type, x))) | ||
| 966 | |||
| 967 | #define ASN1_i2d_fp_of_const(type,i2d,out,x) \ | ||
| 968 | (ASN1_i2d_fp(CHECKED_I2D_OF(const type, i2d), \ | ||
| 969 | out, \ | ||
| 970 | CHECKED_PTR_OF(const type, x))) | ||
| 971 | |||
| 862 | int ASN1_item_i2d_fp(const ASN1_ITEM *it, FILE *out, void *x); | 972 | int ASN1_item_i2d_fp(const ASN1_ITEM *it, FILE *out, void *x); |
| 863 | int ASN1_STRING_print_ex_fp(FILE *fp, ASN1_STRING *str, unsigned long flags); | 973 | int ASN1_STRING_print_ex_fp(FILE *fp, ASN1_STRING *str, unsigned long flags); |
| 864 | #endif | 974 | #endif |
| @@ -866,23 +976,41 @@ int ASN1_STRING_print_ex_fp(FILE *fp, ASN1_STRING *str, unsigned long flags); | |||
| 866 | int ASN1_STRING_to_UTF8(unsigned char **out, ASN1_STRING *in); | 976 | int ASN1_STRING_to_UTF8(unsigned char **out, ASN1_STRING *in); |
| 867 | 977 | ||
| 868 | #ifndef OPENSSL_NO_BIO | 978 | #ifndef OPENSSL_NO_BIO |
| 869 | char *ASN1_d2i_bio(char *(*xnew)(),char *(*d2i)(),BIO *bp,unsigned char **x); | 979 | void *ASN1_d2i_bio(void *(*xnew)(void), d2i_of_void *d2i, BIO *in, void **x); |
| 980 | |||
| 981 | #define ASN1_d2i_bio_of(type,xnew,d2i,in,x) \ | ||
| 982 | ((type*)ASN1_d2i_bio( CHECKED_NEW_OF(type, xnew), \ | ||
| 983 | CHECKED_D2I_OF(type, d2i), \ | ||
| 984 | in, \ | ||
| 985 | CHECKED_PPTR_OF(type, x))) | ||
| 986 | |||
| 870 | void *ASN1_item_d2i_bio(const ASN1_ITEM *it, BIO *in, void *x); | 987 | void *ASN1_item_d2i_bio(const ASN1_ITEM *it, BIO *in, void *x); |
| 871 | int ASN1_i2d_bio(int (*i2d)(),BIO *out,unsigned char *x); | 988 | int ASN1_i2d_bio(i2d_of_void *i2d,BIO *out, unsigned char *x); |
| 989 | |||
| 990 | #define ASN1_i2d_bio_of(type,i2d,out,x) \ | ||
| 991 | (ASN1_i2d_bio(CHECKED_I2D_OF(type, i2d), \ | ||
| 992 | out, \ | ||
| 993 | CHECKED_PTR_OF(type, x))) | ||
| 994 | |||
| 995 | #define ASN1_i2d_bio_of_const(type,i2d,out,x) \ | ||
| 996 | (ASN1_i2d_bio(CHECKED_I2D_OF(const type, i2d), \ | ||
| 997 | out, \ | ||
| 998 | CHECKED_PTR_OF(const type, x))) | ||
| 999 | |||
| 872 | int ASN1_item_i2d_bio(const ASN1_ITEM *it, BIO *out, void *x); | 1000 | int ASN1_item_i2d_bio(const ASN1_ITEM *it, BIO *out, void *x); |
| 873 | int ASN1_UTCTIME_print(BIO *fp,ASN1_UTCTIME *a); | 1001 | int ASN1_UTCTIME_print(BIO *fp,ASN1_UTCTIME *a); |
| 874 | int ASN1_GENERALIZEDTIME_print(BIO *fp,ASN1_GENERALIZEDTIME *a); | 1002 | int ASN1_GENERALIZEDTIME_print(BIO *fp,ASN1_GENERALIZEDTIME *a); |
| 875 | int ASN1_TIME_print(BIO *fp,ASN1_TIME *a); | 1003 | int ASN1_TIME_print(BIO *fp,ASN1_TIME *a); |
| 876 | int ASN1_STRING_print(BIO *bp,ASN1_STRING *v); | 1004 | int ASN1_STRING_print(BIO *bp,ASN1_STRING *v); |
| 877 | int ASN1_STRING_print_ex(BIO *out, ASN1_STRING *str, unsigned long flags); | 1005 | int ASN1_STRING_print_ex(BIO *out, ASN1_STRING *str, unsigned long flags); |
| 878 | int ASN1_parse(BIO *bp,unsigned char *pp,long len,int indent); | 1006 | int ASN1_parse(BIO *bp,const unsigned char *pp,long len,int indent); |
| 879 | int ASN1_parse_dump(BIO *bp,unsigned char *pp,long len,int indent,int dump); | 1007 | int ASN1_parse_dump(BIO *bp,const unsigned char *pp,long len,int indent,int dump); |
| 880 | #endif | 1008 | #endif |
| 881 | const char *ASN1_tag2str(int tag); | 1009 | const char *ASN1_tag2str(int tag); |
| 882 | 1010 | ||
| 883 | /* Used to load and write netscape format cert/key */ | 1011 | /* Used to load and write netscape format cert/key */ |
| 884 | int i2d_ASN1_HEADER(ASN1_HEADER *a,unsigned char **pp); | 1012 | int i2d_ASN1_HEADER(ASN1_HEADER *a,unsigned char **pp); |
| 885 | ASN1_HEADER *d2i_ASN1_HEADER(ASN1_HEADER **a,unsigned char **pp, long length); | 1013 | ASN1_HEADER *d2i_ASN1_HEADER(ASN1_HEADER **a,const unsigned char **pp, long length); |
| 886 | ASN1_HEADER *ASN1_HEADER_new(void ); | 1014 | ASN1_HEADER *ASN1_HEADER_new(void ); |
| 887 | void ASN1_HEADER_free(ASN1_HEADER *a); | 1015 | void ASN1_HEADER_free(ASN1_HEADER *a); |
| 888 | 1016 | ||
| @@ -903,13 +1031,20 @@ int ASN1_TYPE_set_int_octetstring(ASN1_TYPE *a, long num, | |||
| 903 | int ASN1_TYPE_get_int_octetstring(ASN1_TYPE *a,long *num, | 1031 | int ASN1_TYPE_get_int_octetstring(ASN1_TYPE *a,long *num, |
| 904 | unsigned char *data, int max_len); | 1032 | unsigned char *data, int max_len); |
| 905 | 1033 | ||
| 906 | STACK *ASN1_seq_unpack(unsigned char *buf, int len, char *(*d2i)(), | 1034 | STACK *ASN1_seq_unpack(const unsigned char *buf, int len, |
| 907 | void (*free_func)(void *) ); | 1035 | d2i_of_void *d2i, void (*free_func)(void *)); |
| 908 | unsigned char *ASN1_seq_pack(STACK *safes, int (*i2d)(), unsigned char **buf, | 1036 | unsigned char *ASN1_seq_pack(STACK *safes, i2d_of_void *i2d, |
| 909 | int *len ); | 1037 | unsigned char **buf, int *len ); |
| 910 | void *ASN1_unpack_string(ASN1_STRING *oct, char *(*d2i)()); | 1038 | void *ASN1_unpack_string(ASN1_STRING *oct, d2i_of_void *d2i); |
| 911 | void *ASN1_item_unpack(ASN1_STRING *oct, const ASN1_ITEM *it); | 1039 | void *ASN1_item_unpack(ASN1_STRING *oct, const ASN1_ITEM *it); |
| 912 | ASN1_STRING *ASN1_pack_string(void *obj, int (*i2d)(), ASN1_OCTET_STRING **oct); | 1040 | ASN1_STRING *ASN1_pack_string(void *obj, i2d_of_void *i2d, |
| 1041 | ASN1_OCTET_STRING **oct); | ||
| 1042 | |||
| 1043 | #define ASN1_pack_string_of(type,obj,i2d,oct) \ | ||
| 1044 | (ASN1_pack_string(CHECKED_PTR_OF(type, obj), \ | ||
| 1045 | CHECKED_I2D_OF(type, i2d), \ | ||
| 1046 | oct)) | ||
| 1047 | |||
| 913 | ASN1_STRING *ASN1_item_pack(void *obj, const ASN1_ITEM *it, ASN1_OCTET_STRING **oct); | 1048 | ASN1_STRING *ASN1_item_pack(void *obj, const ASN1_ITEM *it, ASN1_OCTET_STRING **oct); |
| 914 | 1049 | ||
| 915 | void ASN1_STRING_set_default_mask(unsigned long mask); | 1050 | void ASN1_STRING_set_default_mask(unsigned long mask); |
| @@ -932,11 +1067,25 @@ void ASN1_STRING_TABLE_cleanup(void); | |||
| 932 | /* Old API compatible functions */ | 1067 | /* Old API compatible functions */ |
| 933 | ASN1_VALUE *ASN1_item_new(const ASN1_ITEM *it); | 1068 | ASN1_VALUE *ASN1_item_new(const ASN1_ITEM *it); |
| 934 | void ASN1_item_free(ASN1_VALUE *val, const ASN1_ITEM *it); | 1069 | void ASN1_item_free(ASN1_VALUE *val, const ASN1_ITEM *it); |
| 935 | ASN1_VALUE * ASN1_item_d2i(ASN1_VALUE **val, unsigned char **in, long len, const ASN1_ITEM *it); | 1070 | ASN1_VALUE * ASN1_item_d2i(ASN1_VALUE **val, const unsigned char **in, long len, const ASN1_ITEM *it); |
| 936 | int ASN1_item_i2d(ASN1_VALUE *val, unsigned char **out, const ASN1_ITEM *it); | 1071 | int ASN1_item_i2d(ASN1_VALUE *val, unsigned char **out, const ASN1_ITEM *it); |
| 1072 | int ASN1_item_ndef_i2d(ASN1_VALUE *val, unsigned char **out, const ASN1_ITEM *it); | ||
| 937 | 1073 | ||
| 938 | void ASN1_add_oid_module(void); | 1074 | void ASN1_add_oid_module(void); |
| 939 | 1075 | ||
| 1076 | ASN1_TYPE *ASN1_generate_nconf(char *str, CONF *nconf); | ||
| 1077 | ASN1_TYPE *ASN1_generate_v3(char *str, X509V3_CTX *cnf); | ||
| 1078 | |||
| 1079 | typedef int asn1_output_data_fn(BIO *out, BIO *data, ASN1_VALUE *val, int flags, | ||
| 1080 | const ASN1_ITEM *it); | ||
| 1081 | |||
| 1082 | int int_smime_write_ASN1(BIO *bio, ASN1_VALUE *val, BIO *data, int flags, | ||
| 1083 | int ctype_nid, int econt_nid, | ||
| 1084 | STACK_OF(X509_ALGOR) *mdalgs, | ||
| 1085 | asn1_output_data_fn *data_fn, | ||
| 1086 | const ASN1_ITEM *it); | ||
| 1087 | ASN1_VALUE *SMIME_read_ASN1(BIO *bio, BIO **bcont, const ASN1_ITEM *it); | ||
| 1088 | |||
| 940 | /* BEGIN ERROR CODES */ | 1089 | /* BEGIN ERROR CODES */ |
| 941 | /* The following lines are auto generated by the script mkerr.pl. Any changes | 1090 | /* The following lines are auto generated by the script mkerr.pl. Any changes |
| 942 | * made after this point may be overwritten when the script is next run. | 1091 | * made after this point may be overwritten when the script is next run. |
| @@ -950,49 +1099,70 @@ void ERR_load_ASN1_strings(void); | |||
| 950 | #define ASN1_F_A2I_ASN1_ENUMERATED 101 | 1099 | #define ASN1_F_A2I_ASN1_ENUMERATED 101 |
| 951 | #define ASN1_F_A2I_ASN1_INTEGER 102 | 1100 | #define ASN1_F_A2I_ASN1_INTEGER 102 |
| 952 | #define ASN1_F_A2I_ASN1_STRING 103 | 1101 | #define ASN1_F_A2I_ASN1_STRING 103 |
| 953 | #define ASN1_F_ASN1_BIT_STRING_SET_BIT 176 | 1102 | #define ASN1_F_APPEND_EXP 176 |
| 1103 | #define ASN1_F_ASN1_BIT_STRING_SET_BIT 183 | ||
| 1104 | #define ASN1_F_ASN1_CB 177 | ||
| 954 | #define ASN1_F_ASN1_CHECK_TLEN 104 | 1105 | #define ASN1_F_ASN1_CHECK_TLEN 104 |
| 955 | #define ASN1_F_ASN1_COLLATE_PRIMITIVE 105 | 1106 | #define ASN1_F_ASN1_COLLATE_PRIMITIVE 105 |
| 956 | #define ASN1_F_ASN1_COLLECT 106 | 1107 | #define ASN1_F_ASN1_COLLECT 106 |
| 957 | #define ASN1_F_ASN1_D2I_BIO 107 | ||
| 958 | #define ASN1_F_ASN1_D2I_EX_PRIMITIVE 108 | 1108 | #define ASN1_F_ASN1_D2I_EX_PRIMITIVE 108 |
| 959 | #define ASN1_F_ASN1_D2I_FP 109 | 1109 | #define ASN1_F_ASN1_D2I_FP 109 |
| 960 | #define ASN1_F_ASN1_DIGEST 177 | 1110 | #define ASN1_F_ASN1_D2I_READ_BIO 107 |
| 1111 | #define ASN1_F_ASN1_DIGEST 184 | ||
| 961 | #define ASN1_F_ASN1_DO_ADB 110 | 1112 | #define ASN1_F_ASN1_DO_ADB 110 |
| 962 | #define ASN1_F_ASN1_DUP 111 | 1113 | #define ASN1_F_ASN1_DUP 111 |
| 963 | #define ASN1_F_ASN1_ENUMERATED_SET 112 | 1114 | #define ASN1_F_ASN1_ENUMERATED_SET 112 |
| 964 | #define ASN1_F_ASN1_ENUMERATED_TO_BN 113 | 1115 | #define ASN1_F_ASN1_ENUMERATED_TO_BN 113 |
| 965 | #define ASN1_F_ASN1_FIND_END 182 | 1116 | #define ASN1_F_ASN1_EX_C2I 204 |
| 966 | #define ASN1_F_ASN1_GENERALIZEDTIME_SET 178 | 1117 | #define ASN1_F_ASN1_FIND_END 190 |
| 1118 | #define ASN1_F_ASN1_GENERALIZEDTIME_SET 185 | ||
| 1119 | #define ASN1_F_ASN1_GENERATE_V3 178 | ||
| 967 | #define ASN1_F_ASN1_GET_OBJECT 114 | 1120 | #define ASN1_F_ASN1_GET_OBJECT 114 |
| 968 | #define ASN1_F_ASN1_HEADER_NEW 115 | 1121 | #define ASN1_F_ASN1_HEADER_NEW 115 |
| 969 | #define ASN1_F_ASN1_I2D_BIO 116 | 1122 | #define ASN1_F_ASN1_I2D_BIO 116 |
| 970 | #define ASN1_F_ASN1_I2D_FP 117 | 1123 | #define ASN1_F_ASN1_I2D_FP 117 |
| 971 | #define ASN1_F_ASN1_INTEGER_SET 118 | 1124 | #define ASN1_F_ASN1_INTEGER_SET 118 |
| 972 | #define ASN1_F_ASN1_INTEGER_TO_BN 119 | 1125 | #define ASN1_F_ASN1_INTEGER_TO_BN 119 |
| 1126 | #define ASN1_F_ASN1_ITEM_D2I_FP 206 | ||
| 1127 | #define ASN1_F_ASN1_ITEM_DUP 191 | ||
| 1128 | #define ASN1_F_ASN1_ITEM_EX_COMBINE_NEW 121 | ||
| 973 | #define ASN1_F_ASN1_ITEM_EX_D2I 120 | 1129 | #define ASN1_F_ASN1_ITEM_EX_D2I 120 |
| 974 | #define ASN1_F_ASN1_ITEM_NEW 121 | 1130 | #define ASN1_F_ASN1_ITEM_I2D_BIO 192 |
| 975 | #define ASN1_F_ASN1_MBSTRING_COPY 122 | 1131 | #define ASN1_F_ASN1_ITEM_I2D_FP 193 |
| 1132 | #define ASN1_F_ASN1_ITEM_PACK 198 | ||
| 1133 | #define ASN1_F_ASN1_ITEM_SIGN 195 | ||
| 1134 | #define ASN1_F_ASN1_ITEM_UNPACK 199 | ||
| 1135 | #define ASN1_F_ASN1_ITEM_VERIFY 197 | ||
| 1136 | #define ASN1_F_ASN1_MBSTRING_NCOPY 122 | ||
| 976 | #define ASN1_F_ASN1_OBJECT_NEW 123 | 1137 | #define ASN1_F_ASN1_OBJECT_NEW 123 |
| 1138 | #define ASN1_F_ASN1_OUTPUT_DATA 207 | ||
| 977 | #define ASN1_F_ASN1_PACK_STRING 124 | 1139 | #define ASN1_F_ASN1_PACK_STRING 124 |
| 978 | #define ASN1_F_ASN1_PBE_SET 125 | 1140 | #define ASN1_F_ASN1_PCTX_NEW 205 |
| 1141 | #define ASN1_F_ASN1_PKCS5_PBE_SET 125 | ||
| 979 | #define ASN1_F_ASN1_SEQ_PACK 126 | 1142 | #define ASN1_F_ASN1_SEQ_PACK 126 |
| 980 | #define ASN1_F_ASN1_SEQ_UNPACK 127 | 1143 | #define ASN1_F_ASN1_SEQ_UNPACK 127 |
| 981 | #define ASN1_F_ASN1_SIGN 128 | 1144 | #define ASN1_F_ASN1_SIGN 128 |
| 982 | #define ASN1_F_ASN1_STRING_SET 179 | 1145 | #define ASN1_F_ASN1_STR2TYPE 179 |
| 1146 | #define ASN1_F_ASN1_STRING_SET 186 | ||
| 983 | #define ASN1_F_ASN1_STRING_TABLE_ADD 129 | 1147 | #define ASN1_F_ASN1_STRING_TABLE_ADD 129 |
| 984 | #define ASN1_F_ASN1_STRING_TYPE_NEW 130 | 1148 | #define ASN1_F_ASN1_STRING_TYPE_NEW 130 |
| 985 | #define ASN1_F_ASN1_TEMPLATE_D2I 131 | ||
| 986 | #define ASN1_F_ASN1_TEMPLATE_EX_D2I 132 | 1149 | #define ASN1_F_ASN1_TEMPLATE_EX_D2I 132 |
| 987 | #define ASN1_F_ASN1_TEMPLATE_NEW 133 | 1150 | #define ASN1_F_ASN1_TEMPLATE_NEW 133 |
| 1151 | #define ASN1_F_ASN1_TEMPLATE_NOEXP_D2I 131 | ||
| 988 | #define ASN1_F_ASN1_TIME_SET 175 | 1152 | #define ASN1_F_ASN1_TIME_SET 175 |
| 989 | #define ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING 134 | 1153 | #define ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING 134 |
| 990 | #define ASN1_F_ASN1_TYPE_GET_OCTETSTRING 135 | 1154 | #define ASN1_F_ASN1_TYPE_GET_OCTETSTRING 135 |
| 991 | #define ASN1_F_ASN1_UNPACK_STRING 136 | 1155 | #define ASN1_F_ASN1_UNPACK_STRING 136 |
| 992 | #define ASN1_F_ASN1_UTCTIME_SET 180 | 1156 | #define ASN1_F_ASN1_UTCTIME_SET 187 |
| 993 | #define ASN1_F_ASN1_VERIFY 137 | 1157 | #define ASN1_F_ASN1_VERIFY 137 |
| 1158 | #define ASN1_F_B64_READ_ASN1 208 | ||
| 1159 | #define ASN1_F_B64_WRITE_ASN1 209 | ||
| 1160 | #define ASN1_F_BITSTR_CB 180 | ||
| 994 | #define ASN1_F_BN_TO_ASN1_ENUMERATED 138 | 1161 | #define ASN1_F_BN_TO_ASN1_ENUMERATED 138 |
| 995 | #define ASN1_F_BN_TO_ASN1_INTEGER 139 | 1162 | #define ASN1_F_BN_TO_ASN1_INTEGER 139 |
| 1163 | #define ASN1_F_C2I_ASN1_BIT_STRING 189 | ||
| 1164 | #define ASN1_F_C2I_ASN1_INTEGER 194 | ||
| 1165 | #define ASN1_F_C2I_ASN1_OBJECT 196 | ||
| 996 | #define ASN1_F_COLLECT_DATA 140 | 1166 | #define ASN1_F_COLLECT_DATA 140 |
| 997 | #define ASN1_F_D2I_ASN1_BIT_STRING 141 | 1167 | #define ASN1_F_D2I_ASN1_BIT_STRING 141 |
| 998 | #define ASN1_F_D2I_ASN1_BOOLEAN 142 | 1168 | #define ASN1_F_D2I_ASN1_BOOLEAN 142 |
| @@ -1009,29 +1179,39 @@ void ERR_load_ASN1_strings(void); | |||
| 1009 | #define ASN1_F_D2I_NETSCAPE_RSA_2 153 | 1179 | #define ASN1_F_D2I_NETSCAPE_RSA_2 153 |
| 1010 | #define ASN1_F_D2I_PRIVATEKEY 154 | 1180 | #define ASN1_F_D2I_PRIVATEKEY 154 |
| 1011 | #define ASN1_F_D2I_PUBLICKEY 155 | 1181 | #define ASN1_F_D2I_PUBLICKEY 155 |
| 1182 | #define ASN1_F_D2I_RSA_NET 200 | ||
| 1183 | #define ASN1_F_D2I_RSA_NET_2 201 | ||
| 1012 | #define ASN1_F_D2I_X509 156 | 1184 | #define ASN1_F_D2I_X509 156 |
| 1013 | #define ASN1_F_D2I_X509_CINF 157 | 1185 | #define ASN1_F_D2I_X509_CINF 157 |
| 1014 | #define ASN1_F_D2I_X509_NAME 158 | ||
| 1015 | #define ASN1_F_D2I_X509_PKEY 159 | 1186 | #define ASN1_F_D2I_X509_PKEY 159 |
| 1016 | #define ASN1_F_I2D_ASN1_SET 181 | 1187 | #define ASN1_F_I2D_ASN1_SET 188 |
| 1017 | #define ASN1_F_I2D_ASN1_TIME 160 | 1188 | #define ASN1_F_I2D_ASN1_TIME 160 |
| 1018 | #define ASN1_F_I2D_DSA_PUBKEY 161 | 1189 | #define ASN1_F_I2D_DSA_PUBKEY 161 |
| 1019 | #define ASN1_F_I2D_NETSCAPE_RSA 162 | 1190 | #define ASN1_F_I2D_EC_PUBKEY 181 |
| 1020 | #define ASN1_F_I2D_PRIVATEKEY 163 | 1191 | #define ASN1_F_I2D_PRIVATEKEY 163 |
| 1021 | #define ASN1_F_I2D_PUBLICKEY 164 | 1192 | #define ASN1_F_I2D_PUBLICKEY 164 |
| 1193 | #define ASN1_F_I2D_RSA_NET 162 | ||
| 1022 | #define ASN1_F_I2D_RSA_PUBKEY 165 | 1194 | #define ASN1_F_I2D_RSA_PUBKEY 165 |
| 1023 | #define ASN1_F_LONG_C2I 166 | 1195 | #define ASN1_F_LONG_C2I 166 |
| 1024 | #define ASN1_F_OID_MODULE_INIT 174 | 1196 | #define ASN1_F_OID_MODULE_INIT 174 |
| 1197 | #define ASN1_F_PARSE_TAGGING 182 | ||
| 1025 | #define ASN1_F_PKCS5_PBE2_SET 167 | 1198 | #define ASN1_F_PKCS5_PBE2_SET 167 |
| 1199 | #define ASN1_F_PKCS5_PBE_SET 202 | ||
| 1200 | #define ASN1_F_SMIME_READ_ASN1 210 | ||
| 1201 | #define ASN1_F_SMIME_TEXT 211 | ||
| 1026 | #define ASN1_F_X509_CINF_NEW 168 | 1202 | #define ASN1_F_X509_CINF_NEW 168 |
| 1027 | #define ASN1_F_X509_CRL_ADD0_REVOKED 169 | 1203 | #define ASN1_F_X509_CRL_ADD0_REVOKED 169 |
| 1028 | #define ASN1_F_X509_INFO_NEW 170 | 1204 | #define ASN1_F_X509_INFO_NEW 170 |
| 1029 | #define ASN1_F_X509_NAME_NEW 171 | 1205 | #define ASN1_F_X509_NAME_ENCODE 203 |
| 1206 | #define ASN1_F_X509_NAME_EX_D2I 158 | ||
| 1207 | #define ASN1_F_X509_NAME_EX_NEW 171 | ||
| 1030 | #define ASN1_F_X509_NEW 172 | 1208 | #define ASN1_F_X509_NEW 172 |
| 1031 | #define ASN1_F_X509_PKEY_NEW 173 | 1209 | #define ASN1_F_X509_PKEY_NEW 173 |
| 1032 | 1210 | ||
| 1033 | /* Reason codes. */ | 1211 | /* Reason codes. */ |
| 1034 | #define ASN1_R_ADDING_OBJECT 171 | 1212 | #define ASN1_R_ADDING_OBJECT 171 |
| 1213 | #define ASN1_R_ASN1_PARSE_ERROR 198 | ||
| 1214 | #define ASN1_R_ASN1_SIG_PARSE_ERROR 199 | ||
| 1035 | #define ASN1_R_AUX_ERROR 100 | 1215 | #define ASN1_R_AUX_ERROR 100 |
| 1036 | #define ASN1_R_BAD_CLASS 101 | 1216 | #define ASN1_R_BAD_CLASS 101 |
| 1037 | #define ASN1_R_BAD_OBJECT_HEADER 102 | 1217 | #define ASN1_R_BAD_OBJECT_HEADER 102 |
| @@ -1044,6 +1224,7 @@ void ERR_load_ASN1_strings(void); | |||
| 1044 | #define ASN1_R_DATA_IS_WRONG 109 | 1224 | #define ASN1_R_DATA_IS_WRONG 109 |
| 1045 | #define ASN1_R_DECODE_ERROR 110 | 1225 | #define ASN1_R_DECODE_ERROR 110 |
| 1046 | #define ASN1_R_DECODING_ERROR 111 | 1226 | #define ASN1_R_DECODING_ERROR 111 |
| 1227 | #define ASN1_R_DEPTH_EXCEEDED 174 | ||
| 1047 | #define ASN1_R_ENCODE_ERROR 112 | 1228 | #define ASN1_R_ENCODE_ERROR 112 |
| 1048 | #define ASN1_R_ERROR_GETTING_TIME 173 | 1229 | #define ASN1_R_ERROR_GETTING_TIME 173 |
| 1049 | #define ASN1_R_ERROR_LOADING_SECTION 172 | 1230 | #define ASN1_R_ERROR_LOADING_SECTION 172 |
| @@ -1058,39 +1239,68 @@ void ERR_load_ASN1_strings(void); | |||
| 1058 | #define ASN1_R_FIELD_MISSING 121 | 1239 | #define ASN1_R_FIELD_MISSING 121 |
| 1059 | #define ASN1_R_FIRST_NUM_TOO_LARGE 122 | 1240 | #define ASN1_R_FIRST_NUM_TOO_LARGE 122 |
| 1060 | #define ASN1_R_HEADER_TOO_LONG 123 | 1241 | #define ASN1_R_HEADER_TOO_LONG 123 |
| 1242 | #define ASN1_R_ILLEGAL_BITSTRING_FORMAT 175 | ||
| 1243 | #define ASN1_R_ILLEGAL_BOOLEAN 176 | ||
| 1061 | #define ASN1_R_ILLEGAL_CHARACTERS 124 | 1244 | #define ASN1_R_ILLEGAL_CHARACTERS 124 |
| 1245 | #define ASN1_R_ILLEGAL_FORMAT 177 | ||
| 1246 | #define ASN1_R_ILLEGAL_HEX 178 | ||
| 1247 | #define ASN1_R_ILLEGAL_IMPLICIT_TAG 179 | ||
| 1248 | #define ASN1_R_ILLEGAL_INTEGER 180 | ||
| 1249 | #define ASN1_R_ILLEGAL_NESTED_TAGGING 181 | ||
| 1062 | #define ASN1_R_ILLEGAL_NULL 125 | 1250 | #define ASN1_R_ILLEGAL_NULL 125 |
| 1251 | #define ASN1_R_ILLEGAL_NULL_VALUE 182 | ||
| 1252 | #define ASN1_R_ILLEGAL_OBJECT 183 | ||
| 1063 | #define ASN1_R_ILLEGAL_OPTIONAL_ANY 126 | 1253 | #define ASN1_R_ILLEGAL_OPTIONAL_ANY 126 |
| 1064 | #define ASN1_R_ILLEGAL_OPTIONS_ON_ITEM_TEMPLATE 170 | 1254 | #define ASN1_R_ILLEGAL_OPTIONS_ON_ITEM_TEMPLATE 170 |
| 1065 | #define ASN1_R_ILLEGAL_TAGGED_ANY 127 | 1255 | #define ASN1_R_ILLEGAL_TAGGED_ANY 127 |
| 1256 | #define ASN1_R_ILLEGAL_TIME_VALUE 184 | ||
| 1257 | #define ASN1_R_INTEGER_NOT_ASCII_FORMAT 185 | ||
| 1066 | #define ASN1_R_INTEGER_TOO_LARGE_FOR_LONG 128 | 1258 | #define ASN1_R_INTEGER_TOO_LARGE_FOR_LONG 128 |
| 1067 | #define ASN1_R_INVALID_BMPSTRING_LENGTH 129 | 1259 | #define ASN1_R_INVALID_BMPSTRING_LENGTH 129 |
| 1068 | #define ASN1_R_INVALID_DIGIT 130 | 1260 | #define ASN1_R_INVALID_DIGIT 130 |
| 1261 | #define ASN1_R_INVALID_MIME_TYPE 200 | ||
| 1262 | #define ASN1_R_INVALID_MODIFIER 186 | ||
| 1263 | #define ASN1_R_INVALID_NUMBER 187 | ||
| 1069 | #define ASN1_R_INVALID_SEPARATOR 131 | 1264 | #define ASN1_R_INVALID_SEPARATOR 131 |
| 1070 | #define ASN1_R_INVALID_TIME_FORMAT 132 | 1265 | #define ASN1_R_INVALID_TIME_FORMAT 132 |
| 1071 | #define ASN1_R_INVALID_UNIVERSALSTRING_LENGTH 133 | 1266 | #define ASN1_R_INVALID_UNIVERSALSTRING_LENGTH 133 |
| 1072 | #define ASN1_R_INVALID_UTF8STRING 134 | 1267 | #define ASN1_R_INVALID_UTF8STRING 134 |
| 1073 | #define ASN1_R_IV_TOO_LARGE 135 | 1268 | #define ASN1_R_IV_TOO_LARGE 135 |
| 1074 | #define ASN1_R_LENGTH_ERROR 136 | 1269 | #define ASN1_R_LENGTH_ERROR 136 |
| 1270 | #define ASN1_R_LIST_ERROR 188 | ||
| 1271 | #define ASN1_R_MIME_NO_CONTENT_TYPE 201 | ||
| 1272 | #define ASN1_R_MIME_PARSE_ERROR 202 | ||
| 1273 | #define ASN1_R_MIME_SIG_PARSE_ERROR 203 | ||
| 1075 | #define ASN1_R_MISSING_EOC 137 | 1274 | #define ASN1_R_MISSING_EOC 137 |
| 1076 | #define ASN1_R_MISSING_SECOND_NUMBER 138 | 1275 | #define ASN1_R_MISSING_SECOND_NUMBER 138 |
| 1276 | #define ASN1_R_MISSING_VALUE 189 | ||
| 1077 | #define ASN1_R_MSTRING_NOT_UNIVERSAL 139 | 1277 | #define ASN1_R_MSTRING_NOT_UNIVERSAL 139 |
| 1078 | #define ASN1_R_MSTRING_WRONG_TAG 140 | 1278 | #define ASN1_R_MSTRING_WRONG_TAG 140 |
| 1079 | #define ASN1_R_NESTED_ASN1_STRING 174 | 1279 | #define ASN1_R_NESTED_ASN1_STRING 197 |
| 1080 | #define ASN1_R_NON_HEX_CHARACTERS 141 | 1280 | #define ASN1_R_NON_HEX_CHARACTERS 141 |
| 1281 | #define ASN1_R_NOT_ASCII_FORMAT 190 | ||
| 1081 | #define ASN1_R_NOT_ENOUGH_DATA 142 | 1282 | #define ASN1_R_NOT_ENOUGH_DATA 142 |
| 1283 | #define ASN1_R_NO_CONTENT_TYPE 204 | ||
| 1082 | #define ASN1_R_NO_MATCHING_CHOICE_TYPE 143 | 1284 | #define ASN1_R_NO_MATCHING_CHOICE_TYPE 143 |
| 1285 | #define ASN1_R_NO_MULTIPART_BODY_FAILURE 205 | ||
| 1286 | #define ASN1_R_NO_MULTIPART_BOUNDARY 206 | ||
| 1287 | #define ASN1_R_NO_SIG_CONTENT_TYPE 207 | ||
| 1083 | #define ASN1_R_NULL_IS_WRONG_LENGTH 144 | 1288 | #define ASN1_R_NULL_IS_WRONG_LENGTH 144 |
| 1289 | #define ASN1_R_OBJECT_NOT_ASCII_FORMAT 191 | ||
| 1084 | #define ASN1_R_ODD_NUMBER_OF_CHARS 145 | 1290 | #define ASN1_R_ODD_NUMBER_OF_CHARS 145 |
| 1085 | #define ASN1_R_PRIVATE_KEY_HEADER_MISSING 146 | 1291 | #define ASN1_R_PRIVATE_KEY_HEADER_MISSING 146 |
| 1086 | #define ASN1_R_SECOND_NUMBER_TOO_LARGE 147 | 1292 | #define ASN1_R_SECOND_NUMBER_TOO_LARGE 147 |
| 1087 | #define ASN1_R_SEQUENCE_LENGTH_MISMATCH 148 | 1293 | #define ASN1_R_SEQUENCE_LENGTH_MISMATCH 148 |
| 1088 | #define ASN1_R_SEQUENCE_NOT_CONSTRUCTED 149 | 1294 | #define ASN1_R_SEQUENCE_NOT_CONSTRUCTED 149 |
| 1295 | #define ASN1_R_SEQUENCE_OR_SET_NEEDS_CONFIG 192 | ||
| 1089 | #define ASN1_R_SHORT_LINE 150 | 1296 | #define ASN1_R_SHORT_LINE 150 |
| 1297 | #define ASN1_R_SIG_INVALID_MIME_TYPE 208 | ||
| 1298 | #define ASN1_R_STREAMING_NOT_SUPPORTED 209 | ||
| 1090 | #define ASN1_R_STRING_TOO_LONG 151 | 1299 | #define ASN1_R_STRING_TOO_LONG 151 |
| 1091 | #define ASN1_R_STRING_TOO_SHORT 152 | 1300 | #define ASN1_R_STRING_TOO_SHORT 152 |
| 1092 | #define ASN1_R_TAG_VALUE_TOO_HIGH 153 | 1301 | #define ASN1_R_TAG_VALUE_TOO_HIGH 153 |
| 1093 | #define ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD 154 | 1302 | #define ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD 154 |
| 1303 | #define ASN1_R_TIME_NOT_ASCII_FORMAT 193 | ||
| 1094 | #define ASN1_R_TOO_LONG 155 | 1304 | #define ASN1_R_TOO_LONG 155 |
| 1095 | #define ASN1_R_TYPE_NOT_CONSTRUCTED 156 | 1305 | #define ASN1_R_TYPE_NOT_CONSTRUCTED 156 |
| 1096 | #define ASN1_R_UNABLE_TO_DECODE_RSA_KEY 157 | 1306 | #define ASN1_R_UNABLE_TO_DECODE_RSA_KEY 157 |
| @@ -1100,10 +1310,13 @@ void ERR_load_ASN1_strings(void); | |||
| 1100 | #define ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM 161 | 1310 | #define ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM 161 |
| 1101 | #define ASN1_R_UNKNOWN_OBJECT_TYPE 162 | 1311 | #define ASN1_R_UNKNOWN_OBJECT_TYPE 162 |
| 1102 | #define ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE 163 | 1312 | #define ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE 163 |
| 1313 | #define ASN1_R_UNKNOWN_TAG 194 | ||
| 1314 | #define ASN1_R_UNKOWN_FORMAT 195 | ||
| 1103 | #define ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE 164 | 1315 | #define ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE 164 |
| 1104 | #define ASN1_R_UNSUPPORTED_CIPHER 165 | 1316 | #define ASN1_R_UNSUPPORTED_CIPHER 165 |
| 1105 | #define ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM 166 | 1317 | #define ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM 166 |
| 1106 | #define ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE 167 | 1318 | #define ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE 167 |
| 1319 | #define ASN1_R_UNSUPPORTED_TYPE 196 | ||
| 1107 | #define ASN1_R_WRONG_TAG 168 | 1320 | #define ASN1_R_WRONG_TAG 168 |
| 1108 | #define ASN1_R_WRONG_TYPE 169 | 1321 | #define ASN1_R_WRONG_TYPE 169 |
| 1109 | 1322 | ||
diff --git a/src/lib/libssl/src/crypto/asn1/asn1_err.c b/src/lib/libssl/src/crypto/asn1/asn1_err.c index 315d0a0807..f8a3e2e6cd 100644 --- a/src/lib/libssl/src/crypto/asn1/asn1_err.c +++ b/src/lib/libssl/src/crypto/asn1/asn1_err.c | |||
| @@ -1,6 +1,6 @@ | |||
| 1 | /* crypto/asn1/asn1_err.c */ | 1 | /* crypto/asn1/asn1_err.c */ |
| 2 | /* ==================================================================== | 2 | /* ==================================================================== |
| 3 | * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved. | 3 | * Copyright (c) 1999-2008 The OpenSSL Project. All rights reserved. |
| 4 | * | 4 | * |
| 5 | * Redistribution and use in source and binary forms, with or without | 5 | * Redistribution and use in source and binary forms, with or without |
| 6 | * modification, are permitted provided that the following conditions | 6 | * modification, are permitted provided that the following conditions |
| @@ -74,49 +74,70 @@ static ERR_STRING_DATA ASN1_str_functs[]= | |||
| 74 | {ERR_FUNC(ASN1_F_A2I_ASN1_ENUMERATED), "a2i_ASN1_ENUMERATED"}, | 74 | {ERR_FUNC(ASN1_F_A2I_ASN1_ENUMERATED), "a2i_ASN1_ENUMERATED"}, |
| 75 | {ERR_FUNC(ASN1_F_A2I_ASN1_INTEGER), "a2i_ASN1_INTEGER"}, | 75 | {ERR_FUNC(ASN1_F_A2I_ASN1_INTEGER), "a2i_ASN1_INTEGER"}, |
| 76 | {ERR_FUNC(ASN1_F_A2I_ASN1_STRING), "a2i_ASN1_STRING"}, | 76 | {ERR_FUNC(ASN1_F_A2I_ASN1_STRING), "a2i_ASN1_STRING"}, |
| 77 | {ERR_FUNC(ASN1_F_APPEND_EXP), "APPEND_EXP"}, | ||
| 77 | {ERR_FUNC(ASN1_F_ASN1_BIT_STRING_SET_BIT), "ASN1_BIT_STRING_set_bit"}, | 78 | {ERR_FUNC(ASN1_F_ASN1_BIT_STRING_SET_BIT), "ASN1_BIT_STRING_set_bit"}, |
| 79 | {ERR_FUNC(ASN1_F_ASN1_CB), "ASN1_CB"}, | ||
| 78 | {ERR_FUNC(ASN1_F_ASN1_CHECK_TLEN), "ASN1_CHECK_TLEN"}, | 80 | {ERR_FUNC(ASN1_F_ASN1_CHECK_TLEN), "ASN1_CHECK_TLEN"}, |
| 79 | {ERR_FUNC(ASN1_F_ASN1_COLLATE_PRIMITIVE), "ASN1_COLLATE_PRIMITIVE"}, | 81 | {ERR_FUNC(ASN1_F_ASN1_COLLATE_PRIMITIVE), "ASN1_COLLATE_PRIMITIVE"}, |
| 80 | {ERR_FUNC(ASN1_F_ASN1_COLLECT), "ASN1_COLLECT"}, | 82 | {ERR_FUNC(ASN1_F_ASN1_COLLECT), "ASN1_COLLECT"}, |
| 81 | {ERR_FUNC(ASN1_F_ASN1_D2I_BIO), "ASN1_d2i_bio"}, | ||
| 82 | {ERR_FUNC(ASN1_F_ASN1_D2I_EX_PRIMITIVE), "ASN1_D2I_EX_PRIMITIVE"}, | 83 | {ERR_FUNC(ASN1_F_ASN1_D2I_EX_PRIMITIVE), "ASN1_D2I_EX_PRIMITIVE"}, |
| 83 | {ERR_FUNC(ASN1_F_ASN1_D2I_FP), "ASN1_d2i_fp"}, | 84 | {ERR_FUNC(ASN1_F_ASN1_D2I_FP), "ASN1_d2i_fp"}, |
| 85 | {ERR_FUNC(ASN1_F_ASN1_D2I_READ_BIO), "ASN1_D2I_READ_BIO"}, | ||
| 84 | {ERR_FUNC(ASN1_F_ASN1_DIGEST), "ASN1_digest"}, | 86 | {ERR_FUNC(ASN1_F_ASN1_DIGEST), "ASN1_digest"}, |
| 85 | {ERR_FUNC(ASN1_F_ASN1_DO_ADB), "ASN1_DO_ADB"}, | 87 | {ERR_FUNC(ASN1_F_ASN1_DO_ADB), "ASN1_DO_ADB"}, |
| 86 | {ERR_FUNC(ASN1_F_ASN1_DUP), "ASN1_dup"}, | 88 | {ERR_FUNC(ASN1_F_ASN1_DUP), "ASN1_dup"}, |
| 87 | {ERR_FUNC(ASN1_F_ASN1_ENUMERATED_SET), "ASN1_ENUMERATED_set"}, | 89 | {ERR_FUNC(ASN1_F_ASN1_ENUMERATED_SET), "ASN1_ENUMERATED_set"}, |
| 88 | {ERR_FUNC(ASN1_F_ASN1_ENUMERATED_TO_BN), "ASN1_ENUMERATED_to_BN"}, | 90 | {ERR_FUNC(ASN1_F_ASN1_ENUMERATED_TO_BN), "ASN1_ENUMERATED_to_BN"}, |
| 91 | {ERR_FUNC(ASN1_F_ASN1_EX_C2I), "ASN1_EX_C2I"}, | ||
| 89 | {ERR_FUNC(ASN1_F_ASN1_FIND_END), "ASN1_FIND_END"}, | 92 | {ERR_FUNC(ASN1_F_ASN1_FIND_END), "ASN1_FIND_END"}, |
| 90 | {ERR_FUNC(ASN1_F_ASN1_GENERALIZEDTIME_SET), "ASN1_GENERALIZEDTIME_set"}, | 93 | {ERR_FUNC(ASN1_F_ASN1_GENERALIZEDTIME_SET), "ASN1_GENERALIZEDTIME_set"}, |
| 94 | {ERR_FUNC(ASN1_F_ASN1_GENERATE_V3), "ASN1_generate_v3"}, | ||
| 91 | {ERR_FUNC(ASN1_F_ASN1_GET_OBJECT), "ASN1_get_object"}, | 95 | {ERR_FUNC(ASN1_F_ASN1_GET_OBJECT), "ASN1_get_object"}, |
| 92 | {ERR_FUNC(ASN1_F_ASN1_HEADER_NEW), "ASN1_HEADER_new"}, | 96 | {ERR_FUNC(ASN1_F_ASN1_HEADER_NEW), "ASN1_HEADER_new"}, |
| 93 | {ERR_FUNC(ASN1_F_ASN1_I2D_BIO), "ASN1_i2d_bio"}, | 97 | {ERR_FUNC(ASN1_F_ASN1_I2D_BIO), "ASN1_i2d_bio"}, |
| 94 | {ERR_FUNC(ASN1_F_ASN1_I2D_FP), "ASN1_i2d_fp"}, | 98 | {ERR_FUNC(ASN1_F_ASN1_I2D_FP), "ASN1_i2d_fp"}, |
| 95 | {ERR_FUNC(ASN1_F_ASN1_INTEGER_SET), "ASN1_INTEGER_set"}, | 99 | {ERR_FUNC(ASN1_F_ASN1_INTEGER_SET), "ASN1_INTEGER_set"}, |
| 96 | {ERR_FUNC(ASN1_F_ASN1_INTEGER_TO_BN), "ASN1_INTEGER_to_BN"}, | 100 | {ERR_FUNC(ASN1_F_ASN1_INTEGER_TO_BN), "ASN1_INTEGER_to_BN"}, |
| 101 | {ERR_FUNC(ASN1_F_ASN1_ITEM_D2I_FP), "ASN1_item_d2i_fp"}, | ||
| 102 | {ERR_FUNC(ASN1_F_ASN1_ITEM_DUP), "ASN1_item_dup"}, | ||
| 103 | {ERR_FUNC(ASN1_F_ASN1_ITEM_EX_COMBINE_NEW), "ASN1_ITEM_EX_COMBINE_NEW"}, | ||
| 97 | {ERR_FUNC(ASN1_F_ASN1_ITEM_EX_D2I), "ASN1_ITEM_EX_D2I"}, | 104 | {ERR_FUNC(ASN1_F_ASN1_ITEM_EX_D2I), "ASN1_ITEM_EX_D2I"}, |
| 98 | {ERR_FUNC(ASN1_F_ASN1_ITEM_NEW), "ASN1_item_new"}, | 105 | {ERR_FUNC(ASN1_F_ASN1_ITEM_I2D_BIO), "ASN1_item_i2d_bio"}, |
| 99 | {ERR_FUNC(ASN1_F_ASN1_MBSTRING_COPY), "ASN1_mbstring_copy"}, | 106 | {ERR_FUNC(ASN1_F_ASN1_ITEM_I2D_FP), "ASN1_item_i2d_fp"}, |
| 107 | {ERR_FUNC(ASN1_F_ASN1_ITEM_PACK), "ASN1_item_pack"}, | ||
| 108 | {ERR_FUNC(ASN1_F_ASN1_ITEM_SIGN), "ASN1_item_sign"}, | ||
| 109 | {ERR_FUNC(ASN1_F_ASN1_ITEM_UNPACK), "ASN1_item_unpack"}, | ||
| 110 | {ERR_FUNC(ASN1_F_ASN1_ITEM_VERIFY), "ASN1_item_verify"}, | ||
| 111 | {ERR_FUNC(ASN1_F_ASN1_MBSTRING_NCOPY), "ASN1_mbstring_ncopy"}, | ||
| 100 | {ERR_FUNC(ASN1_F_ASN1_OBJECT_NEW), "ASN1_OBJECT_new"}, | 112 | {ERR_FUNC(ASN1_F_ASN1_OBJECT_NEW), "ASN1_OBJECT_new"}, |
| 113 | {ERR_FUNC(ASN1_F_ASN1_OUTPUT_DATA), "ASN1_OUTPUT_DATA"}, | ||
| 101 | {ERR_FUNC(ASN1_F_ASN1_PACK_STRING), "ASN1_pack_string"}, | 114 | {ERR_FUNC(ASN1_F_ASN1_PACK_STRING), "ASN1_pack_string"}, |
| 102 | {ERR_FUNC(ASN1_F_ASN1_PBE_SET), "ASN1_PBE_SET"}, | 115 | {ERR_FUNC(ASN1_F_ASN1_PCTX_NEW), "ASN1_PCTX_NEW"}, |
| 116 | {ERR_FUNC(ASN1_F_ASN1_PKCS5_PBE_SET), "ASN1_PKCS5_PBE_SET"}, | ||
| 103 | {ERR_FUNC(ASN1_F_ASN1_SEQ_PACK), "ASN1_seq_pack"}, | 117 | {ERR_FUNC(ASN1_F_ASN1_SEQ_PACK), "ASN1_seq_pack"}, |
| 104 | {ERR_FUNC(ASN1_F_ASN1_SEQ_UNPACK), "ASN1_seq_unpack"}, | 118 | {ERR_FUNC(ASN1_F_ASN1_SEQ_UNPACK), "ASN1_seq_unpack"}, |
| 105 | {ERR_FUNC(ASN1_F_ASN1_SIGN), "ASN1_sign"}, | 119 | {ERR_FUNC(ASN1_F_ASN1_SIGN), "ASN1_sign"}, |
| 120 | {ERR_FUNC(ASN1_F_ASN1_STR2TYPE), "ASN1_STR2TYPE"}, | ||
| 106 | {ERR_FUNC(ASN1_F_ASN1_STRING_SET), "ASN1_STRING_set"}, | 121 | {ERR_FUNC(ASN1_F_ASN1_STRING_SET), "ASN1_STRING_set"}, |
| 107 | {ERR_FUNC(ASN1_F_ASN1_STRING_TABLE_ADD), "ASN1_STRING_TABLE_add"}, | 122 | {ERR_FUNC(ASN1_F_ASN1_STRING_TABLE_ADD), "ASN1_STRING_TABLE_add"}, |
| 108 | {ERR_FUNC(ASN1_F_ASN1_STRING_TYPE_NEW), "ASN1_STRING_type_new"}, | 123 | {ERR_FUNC(ASN1_F_ASN1_STRING_TYPE_NEW), "ASN1_STRING_type_new"}, |
| 109 | {ERR_FUNC(ASN1_F_ASN1_TEMPLATE_D2I), "ASN1_TEMPLATE_D2I"}, | ||
| 110 | {ERR_FUNC(ASN1_F_ASN1_TEMPLATE_EX_D2I), "ASN1_TEMPLATE_EX_D2I"}, | 124 | {ERR_FUNC(ASN1_F_ASN1_TEMPLATE_EX_D2I), "ASN1_TEMPLATE_EX_D2I"}, |
| 111 | {ERR_FUNC(ASN1_F_ASN1_TEMPLATE_NEW), "ASN1_TEMPLATE_NEW"}, | 125 | {ERR_FUNC(ASN1_F_ASN1_TEMPLATE_NEW), "ASN1_TEMPLATE_NEW"}, |
| 126 | {ERR_FUNC(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I), "ASN1_TEMPLATE_NOEXP_D2I"}, | ||
| 112 | {ERR_FUNC(ASN1_F_ASN1_TIME_SET), "ASN1_TIME_set"}, | 127 | {ERR_FUNC(ASN1_F_ASN1_TIME_SET), "ASN1_TIME_set"}, |
| 113 | {ERR_FUNC(ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING), "ASN1_TYPE_get_int_octetstring"}, | 128 | {ERR_FUNC(ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING), "ASN1_TYPE_get_int_octetstring"}, |
| 114 | {ERR_FUNC(ASN1_F_ASN1_TYPE_GET_OCTETSTRING), "ASN1_TYPE_get_octetstring"}, | 129 | {ERR_FUNC(ASN1_F_ASN1_TYPE_GET_OCTETSTRING), "ASN1_TYPE_get_octetstring"}, |
| 115 | {ERR_FUNC(ASN1_F_ASN1_UNPACK_STRING), "ASN1_unpack_string"}, | 130 | {ERR_FUNC(ASN1_F_ASN1_UNPACK_STRING), "ASN1_unpack_string"}, |
| 116 | {ERR_FUNC(ASN1_F_ASN1_UTCTIME_SET), "ASN1_UTCTIME_set"}, | 131 | {ERR_FUNC(ASN1_F_ASN1_UTCTIME_SET), "ASN1_UTCTIME_set"}, |
| 117 | {ERR_FUNC(ASN1_F_ASN1_VERIFY), "ASN1_verify"}, | 132 | {ERR_FUNC(ASN1_F_ASN1_VERIFY), "ASN1_verify"}, |
| 133 | {ERR_FUNC(ASN1_F_B64_READ_ASN1), "B64_READ_ASN1"}, | ||
| 134 | {ERR_FUNC(ASN1_F_B64_WRITE_ASN1), "B64_WRITE_ASN1"}, | ||
| 135 | {ERR_FUNC(ASN1_F_BITSTR_CB), "BITSTR_CB"}, | ||
| 118 | {ERR_FUNC(ASN1_F_BN_TO_ASN1_ENUMERATED), "BN_to_ASN1_ENUMERATED"}, | 136 | {ERR_FUNC(ASN1_F_BN_TO_ASN1_ENUMERATED), "BN_to_ASN1_ENUMERATED"}, |
| 119 | {ERR_FUNC(ASN1_F_BN_TO_ASN1_INTEGER), "BN_to_ASN1_INTEGER"}, | 137 | {ERR_FUNC(ASN1_F_BN_TO_ASN1_INTEGER), "BN_to_ASN1_INTEGER"}, |
| 138 | {ERR_FUNC(ASN1_F_C2I_ASN1_BIT_STRING), "c2i_ASN1_BIT_STRING"}, | ||
| 139 | {ERR_FUNC(ASN1_F_C2I_ASN1_INTEGER), "c2i_ASN1_INTEGER"}, | ||
| 140 | {ERR_FUNC(ASN1_F_C2I_ASN1_OBJECT), "c2i_ASN1_OBJECT"}, | ||
| 120 | {ERR_FUNC(ASN1_F_COLLECT_DATA), "COLLECT_DATA"}, | 141 | {ERR_FUNC(ASN1_F_COLLECT_DATA), "COLLECT_DATA"}, |
| 121 | {ERR_FUNC(ASN1_F_D2I_ASN1_BIT_STRING), "D2I_ASN1_BIT_STRING"}, | 142 | {ERR_FUNC(ASN1_F_D2I_ASN1_BIT_STRING), "D2I_ASN1_BIT_STRING"}, |
| 122 | {ERR_FUNC(ASN1_F_D2I_ASN1_BOOLEAN), "d2i_ASN1_BOOLEAN"}, | 143 | {ERR_FUNC(ASN1_F_D2I_ASN1_BOOLEAN), "d2i_ASN1_BOOLEAN"}, |
| @@ -133,24 +154,32 @@ static ERR_STRING_DATA ASN1_str_functs[]= | |||
| 133 | {ERR_FUNC(ASN1_F_D2I_NETSCAPE_RSA_2), "D2I_NETSCAPE_RSA_2"}, | 154 | {ERR_FUNC(ASN1_F_D2I_NETSCAPE_RSA_2), "D2I_NETSCAPE_RSA_2"}, |
| 134 | {ERR_FUNC(ASN1_F_D2I_PRIVATEKEY), "d2i_PrivateKey"}, | 155 | {ERR_FUNC(ASN1_F_D2I_PRIVATEKEY), "d2i_PrivateKey"}, |
| 135 | {ERR_FUNC(ASN1_F_D2I_PUBLICKEY), "d2i_PublicKey"}, | 156 | {ERR_FUNC(ASN1_F_D2I_PUBLICKEY), "d2i_PublicKey"}, |
| 157 | {ERR_FUNC(ASN1_F_D2I_RSA_NET), "d2i_RSA_NET"}, | ||
| 158 | {ERR_FUNC(ASN1_F_D2I_RSA_NET_2), "D2I_RSA_NET_2"}, | ||
| 136 | {ERR_FUNC(ASN1_F_D2I_X509), "D2I_X509"}, | 159 | {ERR_FUNC(ASN1_F_D2I_X509), "D2I_X509"}, |
| 137 | {ERR_FUNC(ASN1_F_D2I_X509_CINF), "D2I_X509_CINF"}, | 160 | {ERR_FUNC(ASN1_F_D2I_X509_CINF), "D2I_X509_CINF"}, |
| 138 | {ERR_FUNC(ASN1_F_D2I_X509_NAME), "D2I_X509_NAME"}, | ||
| 139 | {ERR_FUNC(ASN1_F_D2I_X509_PKEY), "d2i_X509_PKEY"}, | 161 | {ERR_FUNC(ASN1_F_D2I_X509_PKEY), "d2i_X509_PKEY"}, |
| 140 | {ERR_FUNC(ASN1_F_I2D_ASN1_SET), "i2d_ASN1_SET"}, | 162 | {ERR_FUNC(ASN1_F_I2D_ASN1_SET), "i2d_ASN1_SET"}, |
| 141 | {ERR_FUNC(ASN1_F_I2D_ASN1_TIME), "I2D_ASN1_TIME"}, | 163 | {ERR_FUNC(ASN1_F_I2D_ASN1_TIME), "I2D_ASN1_TIME"}, |
| 142 | {ERR_FUNC(ASN1_F_I2D_DSA_PUBKEY), "i2d_DSA_PUBKEY"}, | 164 | {ERR_FUNC(ASN1_F_I2D_DSA_PUBKEY), "i2d_DSA_PUBKEY"}, |
| 143 | {ERR_FUNC(ASN1_F_I2D_NETSCAPE_RSA), "i2d_Netscape_RSA"}, | 165 | {ERR_FUNC(ASN1_F_I2D_EC_PUBKEY), "i2d_EC_PUBKEY"}, |
| 144 | {ERR_FUNC(ASN1_F_I2D_PRIVATEKEY), "i2d_PrivateKey"}, | 166 | {ERR_FUNC(ASN1_F_I2D_PRIVATEKEY), "i2d_PrivateKey"}, |
| 145 | {ERR_FUNC(ASN1_F_I2D_PUBLICKEY), "i2d_PublicKey"}, | 167 | {ERR_FUNC(ASN1_F_I2D_PUBLICKEY), "i2d_PublicKey"}, |
| 168 | {ERR_FUNC(ASN1_F_I2D_RSA_NET), "i2d_RSA_NET"}, | ||
| 146 | {ERR_FUNC(ASN1_F_I2D_RSA_PUBKEY), "i2d_RSA_PUBKEY"}, | 169 | {ERR_FUNC(ASN1_F_I2D_RSA_PUBKEY), "i2d_RSA_PUBKEY"}, |
| 147 | {ERR_FUNC(ASN1_F_LONG_C2I), "LONG_C2I"}, | 170 | {ERR_FUNC(ASN1_F_LONG_C2I), "LONG_C2I"}, |
| 148 | {ERR_FUNC(ASN1_F_OID_MODULE_INIT), "OID_MODULE_INIT"}, | 171 | {ERR_FUNC(ASN1_F_OID_MODULE_INIT), "OID_MODULE_INIT"}, |
| 172 | {ERR_FUNC(ASN1_F_PARSE_TAGGING), "PARSE_TAGGING"}, | ||
| 149 | {ERR_FUNC(ASN1_F_PKCS5_PBE2_SET), "PKCS5_pbe2_set"}, | 173 | {ERR_FUNC(ASN1_F_PKCS5_PBE2_SET), "PKCS5_pbe2_set"}, |
| 174 | {ERR_FUNC(ASN1_F_PKCS5_PBE_SET), "PKCS5_pbe_set"}, | ||
| 175 | {ERR_FUNC(ASN1_F_SMIME_READ_ASN1), "SMIME_read_ASN1"}, | ||
| 176 | {ERR_FUNC(ASN1_F_SMIME_TEXT), "SMIME_text"}, | ||
| 150 | {ERR_FUNC(ASN1_F_X509_CINF_NEW), "X509_CINF_NEW"}, | 177 | {ERR_FUNC(ASN1_F_X509_CINF_NEW), "X509_CINF_NEW"}, |
| 151 | {ERR_FUNC(ASN1_F_X509_CRL_ADD0_REVOKED), "X509_CRL_add0_revoked"}, | 178 | {ERR_FUNC(ASN1_F_X509_CRL_ADD0_REVOKED), "X509_CRL_add0_revoked"}, |
| 152 | {ERR_FUNC(ASN1_F_X509_INFO_NEW), "X509_INFO_new"}, | 179 | {ERR_FUNC(ASN1_F_X509_INFO_NEW), "X509_INFO_new"}, |
| 153 | {ERR_FUNC(ASN1_F_X509_NAME_NEW), "X509_NAME_NEW"}, | 180 | {ERR_FUNC(ASN1_F_X509_NAME_ENCODE), "X509_NAME_ENCODE"}, |
| 181 | {ERR_FUNC(ASN1_F_X509_NAME_EX_D2I), "X509_NAME_EX_D2I"}, | ||
| 182 | {ERR_FUNC(ASN1_F_X509_NAME_EX_NEW), "X509_NAME_EX_NEW"}, | ||
| 154 | {ERR_FUNC(ASN1_F_X509_NEW), "X509_NEW"}, | 183 | {ERR_FUNC(ASN1_F_X509_NEW), "X509_NEW"}, |
| 155 | {ERR_FUNC(ASN1_F_X509_PKEY_NEW), "X509_PKEY_new"}, | 184 | {ERR_FUNC(ASN1_F_X509_PKEY_NEW), "X509_PKEY_new"}, |
| 156 | {0,NULL} | 185 | {0,NULL} |
| @@ -159,6 +188,8 @@ static ERR_STRING_DATA ASN1_str_functs[]= | |||
| 159 | static ERR_STRING_DATA ASN1_str_reasons[]= | 188 | static ERR_STRING_DATA ASN1_str_reasons[]= |
| 160 | { | 189 | { |
| 161 | {ERR_REASON(ASN1_R_ADDING_OBJECT) ,"adding object"}, | 190 | {ERR_REASON(ASN1_R_ADDING_OBJECT) ,"adding object"}, |
| 191 | {ERR_REASON(ASN1_R_ASN1_PARSE_ERROR) ,"asn1 parse error"}, | ||
| 192 | {ERR_REASON(ASN1_R_ASN1_SIG_PARSE_ERROR) ,"asn1 sig parse error"}, | ||
| 162 | {ERR_REASON(ASN1_R_AUX_ERROR) ,"aux error"}, | 193 | {ERR_REASON(ASN1_R_AUX_ERROR) ,"aux error"}, |
| 163 | {ERR_REASON(ASN1_R_BAD_CLASS) ,"bad class"}, | 194 | {ERR_REASON(ASN1_R_BAD_CLASS) ,"bad class"}, |
| 164 | {ERR_REASON(ASN1_R_BAD_OBJECT_HEADER) ,"bad object header"}, | 195 | {ERR_REASON(ASN1_R_BAD_OBJECT_HEADER) ,"bad object header"}, |
| @@ -171,6 +202,7 @@ static ERR_STRING_DATA ASN1_str_reasons[]= | |||
| 171 | {ERR_REASON(ASN1_R_DATA_IS_WRONG) ,"data is wrong"}, | 202 | {ERR_REASON(ASN1_R_DATA_IS_WRONG) ,"data is wrong"}, |
| 172 | {ERR_REASON(ASN1_R_DECODE_ERROR) ,"decode error"}, | 203 | {ERR_REASON(ASN1_R_DECODE_ERROR) ,"decode error"}, |
| 173 | {ERR_REASON(ASN1_R_DECODING_ERROR) ,"decoding error"}, | 204 | {ERR_REASON(ASN1_R_DECODING_ERROR) ,"decoding error"}, |
| 205 | {ERR_REASON(ASN1_R_DEPTH_EXCEEDED) ,"depth exceeded"}, | ||
| 174 | {ERR_REASON(ASN1_R_ENCODE_ERROR) ,"encode error"}, | 206 | {ERR_REASON(ASN1_R_ENCODE_ERROR) ,"encode error"}, |
| 175 | {ERR_REASON(ASN1_R_ERROR_GETTING_TIME) ,"error getting time"}, | 207 | {ERR_REASON(ASN1_R_ERROR_GETTING_TIME) ,"error getting time"}, |
| 176 | {ERR_REASON(ASN1_R_ERROR_LOADING_SECTION),"error loading section"}, | 208 | {ERR_REASON(ASN1_R_ERROR_LOADING_SECTION),"error loading section"}, |
| @@ -185,39 +217,68 @@ static ERR_STRING_DATA ASN1_str_reasons[]= | |||
| 185 | {ERR_REASON(ASN1_R_FIELD_MISSING) ,"field missing"}, | 217 | {ERR_REASON(ASN1_R_FIELD_MISSING) ,"field missing"}, |
| 186 | {ERR_REASON(ASN1_R_FIRST_NUM_TOO_LARGE) ,"first num too large"}, | 218 | {ERR_REASON(ASN1_R_FIRST_NUM_TOO_LARGE) ,"first num too large"}, |
| 187 | {ERR_REASON(ASN1_R_HEADER_TOO_LONG) ,"header too long"}, | 219 | {ERR_REASON(ASN1_R_HEADER_TOO_LONG) ,"header too long"}, |
| 220 | {ERR_REASON(ASN1_R_ILLEGAL_BITSTRING_FORMAT),"illegal bitstring format"}, | ||
| 221 | {ERR_REASON(ASN1_R_ILLEGAL_BOOLEAN) ,"illegal boolean"}, | ||
| 188 | {ERR_REASON(ASN1_R_ILLEGAL_CHARACTERS) ,"illegal characters"}, | 222 | {ERR_REASON(ASN1_R_ILLEGAL_CHARACTERS) ,"illegal characters"}, |
| 223 | {ERR_REASON(ASN1_R_ILLEGAL_FORMAT) ,"illegal format"}, | ||
| 224 | {ERR_REASON(ASN1_R_ILLEGAL_HEX) ,"illegal hex"}, | ||
| 225 | {ERR_REASON(ASN1_R_ILLEGAL_IMPLICIT_TAG) ,"illegal implicit tag"}, | ||
| 226 | {ERR_REASON(ASN1_R_ILLEGAL_INTEGER) ,"illegal integer"}, | ||
| 227 | {ERR_REASON(ASN1_R_ILLEGAL_NESTED_TAGGING),"illegal nested tagging"}, | ||
| 189 | {ERR_REASON(ASN1_R_ILLEGAL_NULL) ,"illegal null"}, | 228 | {ERR_REASON(ASN1_R_ILLEGAL_NULL) ,"illegal null"}, |
| 229 | {ERR_REASON(ASN1_R_ILLEGAL_NULL_VALUE) ,"illegal null value"}, | ||
| 230 | {ERR_REASON(ASN1_R_ILLEGAL_OBJECT) ,"illegal object"}, | ||
| 190 | {ERR_REASON(ASN1_R_ILLEGAL_OPTIONAL_ANY) ,"illegal optional any"}, | 231 | {ERR_REASON(ASN1_R_ILLEGAL_OPTIONAL_ANY) ,"illegal optional any"}, |
| 191 | {ERR_REASON(ASN1_R_ILLEGAL_OPTIONS_ON_ITEM_TEMPLATE),"illegal options on item template"}, | 232 | {ERR_REASON(ASN1_R_ILLEGAL_OPTIONS_ON_ITEM_TEMPLATE),"illegal options on item template"}, |
| 192 | {ERR_REASON(ASN1_R_ILLEGAL_TAGGED_ANY) ,"illegal tagged any"}, | 233 | {ERR_REASON(ASN1_R_ILLEGAL_TAGGED_ANY) ,"illegal tagged any"}, |
| 234 | {ERR_REASON(ASN1_R_ILLEGAL_TIME_VALUE) ,"illegal time value"}, | ||
| 235 | {ERR_REASON(ASN1_R_INTEGER_NOT_ASCII_FORMAT),"integer not ascii format"}, | ||
| 193 | {ERR_REASON(ASN1_R_INTEGER_TOO_LARGE_FOR_LONG),"integer too large for long"}, | 236 | {ERR_REASON(ASN1_R_INTEGER_TOO_LARGE_FOR_LONG),"integer too large for long"}, |
| 194 | {ERR_REASON(ASN1_R_INVALID_BMPSTRING_LENGTH),"invalid bmpstring length"}, | 237 | {ERR_REASON(ASN1_R_INVALID_BMPSTRING_LENGTH),"invalid bmpstring length"}, |
| 195 | {ERR_REASON(ASN1_R_INVALID_DIGIT) ,"invalid digit"}, | 238 | {ERR_REASON(ASN1_R_INVALID_DIGIT) ,"invalid digit"}, |
| 239 | {ERR_REASON(ASN1_R_INVALID_MIME_TYPE) ,"invalid mime type"}, | ||
| 240 | {ERR_REASON(ASN1_R_INVALID_MODIFIER) ,"invalid modifier"}, | ||
| 241 | {ERR_REASON(ASN1_R_INVALID_NUMBER) ,"invalid number"}, | ||
| 196 | {ERR_REASON(ASN1_R_INVALID_SEPARATOR) ,"invalid separator"}, | 242 | {ERR_REASON(ASN1_R_INVALID_SEPARATOR) ,"invalid separator"}, |
| 197 | {ERR_REASON(ASN1_R_INVALID_TIME_FORMAT) ,"invalid time format"}, | 243 | {ERR_REASON(ASN1_R_INVALID_TIME_FORMAT) ,"invalid time format"}, |
| 198 | {ERR_REASON(ASN1_R_INVALID_UNIVERSALSTRING_LENGTH),"invalid universalstring length"}, | 244 | {ERR_REASON(ASN1_R_INVALID_UNIVERSALSTRING_LENGTH),"invalid universalstring length"}, |
| 199 | {ERR_REASON(ASN1_R_INVALID_UTF8STRING) ,"invalid utf8string"}, | 245 | {ERR_REASON(ASN1_R_INVALID_UTF8STRING) ,"invalid utf8string"}, |
| 200 | {ERR_REASON(ASN1_R_IV_TOO_LARGE) ,"iv too large"}, | 246 | {ERR_REASON(ASN1_R_IV_TOO_LARGE) ,"iv too large"}, |
| 201 | {ERR_REASON(ASN1_R_LENGTH_ERROR) ,"length error"}, | 247 | {ERR_REASON(ASN1_R_LENGTH_ERROR) ,"length error"}, |
| 248 | {ERR_REASON(ASN1_R_LIST_ERROR) ,"list error"}, | ||
| 249 | {ERR_REASON(ASN1_R_MIME_NO_CONTENT_TYPE) ,"mime no content type"}, | ||
| 250 | {ERR_REASON(ASN1_R_MIME_PARSE_ERROR) ,"mime parse error"}, | ||
| 251 | {ERR_REASON(ASN1_R_MIME_SIG_PARSE_ERROR) ,"mime sig parse error"}, | ||
| 202 | {ERR_REASON(ASN1_R_MISSING_EOC) ,"missing eoc"}, | 252 | {ERR_REASON(ASN1_R_MISSING_EOC) ,"missing eoc"}, |
| 203 | {ERR_REASON(ASN1_R_MISSING_SECOND_NUMBER),"missing second number"}, | 253 | {ERR_REASON(ASN1_R_MISSING_SECOND_NUMBER),"missing second number"}, |
| 254 | {ERR_REASON(ASN1_R_MISSING_VALUE) ,"missing value"}, | ||
| 204 | {ERR_REASON(ASN1_R_MSTRING_NOT_UNIVERSAL),"mstring not universal"}, | 255 | {ERR_REASON(ASN1_R_MSTRING_NOT_UNIVERSAL),"mstring not universal"}, |
| 205 | {ERR_REASON(ASN1_R_MSTRING_WRONG_TAG) ,"mstring wrong tag"}, | 256 | {ERR_REASON(ASN1_R_MSTRING_WRONG_TAG) ,"mstring wrong tag"}, |
| 206 | {ERR_REASON(ASN1_R_NESTED_ASN1_STRING) ,"nested asn1 string"}, | 257 | {ERR_REASON(ASN1_R_NESTED_ASN1_STRING) ,"nested asn1 string"}, |
| 207 | {ERR_REASON(ASN1_R_NON_HEX_CHARACTERS) ,"non hex characters"}, | 258 | {ERR_REASON(ASN1_R_NON_HEX_CHARACTERS) ,"non hex characters"}, |
| 259 | {ERR_REASON(ASN1_R_NOT_ASCII_FORMAT) ,"not ascii format"}, | ||
| 208 | {ERR_REASON(ASN1_R_NOT_ENOUGH_DATA) ,"not enough data"}, | 260 | {ERR_REASON(ASN1_R_NOT_ENOUGH_DATA) ,"not enough data"}, |
| 261 | {ERR_REASON(ASN1_R_NO_CONTENT_TYPE) ,"no content type"}, | ||
| 209 | {ERR_REASON(ASN1_R_NO_MATCHING_CHOICE_TYPE),"no matching choice type"}, | 262 | {ERR_REASON(ASN1_R_NO_MATCHING_CHOICE_TYPE),"no matching choice type"}, |
| 263 | {ERR_REASON(ASN1_R_NO_MULTIPART_BODY_FAILURE),"no multipart body failure"}, | ||
| 264 | {ERR_REASON(ASN1_R_NO_MULTIPART_BOUNDARY),"no multipart boundary"}, | ||
| 265 | {ERR_REASON(ASN1_R_NO_SIG_CONTENT_TYPE) ,"no sig content type"}, | ||
| 210 | {ERR_REASON(ASN1_R_NULL_IS_WRONG_LENGTH) ,"null is wrong length"}, | 266 | {ERR_REASON(ASN1_R_NULL_IS_WRONG_LENGTH) ,"null is wrong length"}, |
| 267 | {ERR_REASON(ASN1_R_OBJECT_NOT_ASCII_FORMAT),"object not ascii format"}, | ||
| 211 | {ERR_REASON(ASN1_R_ODD_NUMBER_OF_CHARS) ,"odd number of chars"}, | 268 | {ERR_REASON(ASN1_R_ODD_NUMBER_OF_CHARS) ,"odd number of chars"}, |
| 212 | {ERR_REASON(ASN1_R_PRIVATE_KEY_HEADER_MISSING),"private key header missing"}, | 269 | {ERR_REASON(ASN1_R_PRIVATE_KEY_HEADER_MISSING),"private key header missing"}, |
| 213 | {ERR_REASON(ASN1_R_SECOND_NUMBER_TOO_LARGE),"second number too large"}, | 270 | {ERR_REASON(ASN1_R_SECOND_NUMBER_TOO_LARGE),"second number too large"}, |
| 214 | {ERR_REASON(ASN1_R_SEQUENCE_LENGTH_MISMATCH),"sequence length mismatch"}, | 271 | {ERR_REASON(ASN1_R_SEQUENCE_LENGTH_MISMATCH),"sequence length mismatch"}, |
| 215 | {ERR_REASON(ASN1_R_SEQUENCE_NOT_CONSTRUCTED),"sequence not constructed"}, | 272 | {ERR_REASON(ASN1_R_SEQUENCE_NOT_CONSTRUCTED),"sequence not constructed"}, |
| 273 | {ERR_REASON(ASN1_R_SEQUENCE_OR_SET_NEEDS_CONFIG),"sequence or set needs config"}, | ||
| 216 | {ERR_REASON(ASN1_R_SHORT_LINE) ,"short line"}, | 274 | {ERR_REASON(ASN1_R_SHORT_LINE) ,"short line"}, |
| 275 | {ERR_REASON(ASN1_R_SIG_INVALID_MIME_TYPE),"sig invalid mime type"}, | ||
| 276 | {ERR_REASON(ASN1_R_STREAMING_NOT_SUPPORTED),"streaming not supported"}, | ||
| 217 | {ERR_REASON(ASN1_R_STRING_TOO_LONG) ,"string too long"}, | 277 | {ERR_REASON(ASN1_R_STRING_TOO_LONG) ,"string too long"}, |
| 218 | {ERR_REASON(ASN1_R_STRING_TOO_SHORT) ,"string too short"}, | 278 | {ERR_REASON(ASN1_R_STRING_TOO_SHORT) ,"string too short"}, |
| 219 | {ERR_REASON(ASN1_R_TAG_VALUE_TOO_HIGH) ,"tag value too high"}, | 279 | {ERR_REASON(ASN1_R_TAG_VALUE_TOO_HIGH) ,"tag value too high"}, |
| 220 | {ERR_REASON(ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD),"the asn1 object identifier is not known for this md"}, | 280 | {ERR_REASON(ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD),"the asn1 object identifier is not known for this md"}, |
| 281 | {ERR_REASON(ASN1_R_TIME_NOT_ASCII_FORMAT),"time not ascii format"}, | ||
| 221 | {ERR_REASON(ASN1_R_TOO_LONG) ,"too long"}, | 282 | {ERR_REASON(ASN1_R_TOO_LONG) ,"too long"}, |
| 222 | {ERR_REASON(ASN1_R_TYPE_NOT_CONSTRUCTED) ,"type not constructed"}, | 283 | {ERR_REASON(ASN1_R_TYPE_NOT_CONSTRUCTED) ,"type not constructed"}, |
| 223 | {ERR_REASON(ASN1_R_UNABLE_TO_DECODE_RSA_KEY),"unable to decode rsa key"}, | 284 | {ERR_REASON(ASN1_R_UNABLE_TO_DECODE_RSA_KEY),"unable to decode rsa key"}, |
| @@ -227,10 +288,13 @@ static ERR_STRING_DATA ASN1_str_reasons[]= | |||
| 227 | {ERR_REASON(ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM),"unknown message digest algorithm"}, | 288 | {ERR_REASON(ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM),"unknown message digest algorithm"}, |
| 228 | {ERR_REASON(ASN1_R_UNKNOWN_OBJECT_TYPE) ,"unknown object type"}, | 289 | {ERR_REASON(ASN1_R_UNKNOWN_OBJECT_TYPE) ,"unknown object type"}, |
| 229 | {ERR_REASON(ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE),"unknown public key type"}, | 290 | {ERR_REASON(ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE),"unknown public key type"}, |
| 291 | {ERR_REASON(ASN1_R_UNKNOWN_TAG) ,"unknown tag"}, | ||
| 292 | {ERR_REASON(ASN1_R_UNKOWN_FORMAT) ,"unkown format"}, | ||
| 230 | {ERR_REASON(ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE),"unsupported any defined by type"}, | 293 | {ERR_REASON(ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE),"unsupported any defined by type"}, |
| 231 | {ERR_REASON(ASN1_R_UNSUPPORTED_CIPHER) ,"unsupported cipher"}, | 294 | {ERR_REASON(ASN1_R_UNSUPPORTED_CIPHER) ,"unsupported cipher"}, |
| 232 | {ERR_REASON(ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM),"unsupported encryption algorithm"}, | 295 | {ERR_REASON(ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM),"unsupported encryption algorithm"}, |
| 233 | {ERR_REASON(ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE),"unsupported public key type"}, | 296 | {ERR_REASON(ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE),"unsupported public key type"}, |
| 297 | {ERR_REASON(ASN1_R_UNSUPPORTED_TYPE) ,"unsupported type"}, | ||
| 234 | {ERR_REASON(ASN1_R_WRONG_TAG) ,"wrong tag"}, | 298 | {ERR_REASON(ASN1_R_WRONG_TAG) ,"wrong tag"}, |
| 235 | {ERR_REASON(ASN1_R_WRONG_TYPE) ,"wrong type"}, | 299 | {ERR_REASON(ASN1_R_WRONG_TYPE) ,"wrong type"}, |
| 236 | {0,NULL} | 300 | {0,NULL} |
| @@ -240,15 +304,12 @@ static ERR_STRING_DATA ASN1_str_reasons[]= | |||
| 240 | 304 | ||
| 241 | void ERR_load_ASN1_strings(void) | 305 | void ERR_load_ASN1_strings(void) |
| 242 | { | 306 | { |
| 243 | static int init=1; | 307 | #ifndef OPENSSL_NO_ERR |
| 244 | 308 | ||
| 245 | if (init) | 309 | if (ERR_func_error_string(ASN1_str_functs[0].error) == NULL) |
| 246 | { | 310 | { |
| 247 | init=0; | ||
| 248 | #ifndef OPENSSL_NO_ERR | ||
| 249 | ERR_load_strings(0,ASN1_str_functs); | 311 | ERR_load_strings(0,ASN1_str_functs); |
| 250 | ERR_load_strings(0,ASN1_str_reasons); | 312 | ERR_load_strings(0,ASN1_str_reasons); |
| 251 | #endif | ||
| 252 | |||
| 253 | } | 313 | } |
| 314 | #endif | ||
| 254 | } | 315 | } |
diff --git a/src/lib/libssl/src/crypto/asn1/asn1_lib.c b/src/lib/libssl/src/crypto/asn1/asn1_lib.c index 97b9b35f4b..5af559ef8d 100644 --- a/src/lib/libssl/src/crypto/asn1/asn1_lib.c +++ b/src/lib/libssl/src/crypto/asn1/asn1_lib.c | |||
| @@ -62,11 +62,11 @@ | |||
| 62 | #include <openssl/asn1.h> | 62 | #include <openssl/asn1.h> |
| 63 | #include <openssl/asn1_mac.h> | 63 | #include <openssl/asn1_mac.h> |
| 64 | 64 | ||
| 65 | static int asn1_get_length(unsigned char **pp,int *inf,long *rl,int max); | 65 | static int asn1_get_length(const unsigned char **pp,int *inf,long *rl,int max); |
| 66 | static void asn1_put_length(unsigned char **pp, int length); | 66 | static void asn1_put_length(unsigned char **pp, int length); |
| 67 | const char *ASN1_version="ASN.1" OPENSSL_VERSION_PTEXT; | 67 | const char ASN1_version[]="ASN.1" OPENSSL_VERSION_PTEXT; |
| 68 | 68 | ||
| 69 | int ASN1_check_infinite_end(unsigned char **p, long len) | 69 | static int _asn1_check_infinite_end(const unsigned char **p, long len) |
| 70 | { | 70 | { |
| 71 | /* If there is 0 or 1 byte left, the length check should pick | 71 | /* If there is 0 or 1 byte left, the length check should pick |
| 72 | * things up */ | 72 | * things up */ |
| @@ -80,13 +80,23 @@ int ASN1_check_infinite_end(unsigned char **p, long len) | |||
| 80 | return(0); | 80 | return(0); |
| 81 | } | 81 | } |
| 82 | 82 | ||
| 83 | int ASN1_check_infinite_end(unsigned char **p, long len) | ||
| 84 | { | ||
| 85 | return _asn1_check_infinite_end((const unsigned char **)p, len); | ||
| 86 | } | ||
| 83 | 87 | ||
| 84 | int ASN1_get_object(unsigned char **pp, long *plength, int *ptag, int *pclass, | 88 | int ASN1_const_check_infinite_end(const unsigned char **p, long len) |
| 85 | long omax) | 89 | { |
| 90 | return _asn1_check_infinite_end(p, len); | ||
| 91 | } | ||
| 92 | |||
| 93 | |||
| 94 | int ASN1_get_object(const unsigned char **pp, long *plength, int *ptag, | ||
| 95 | int *pclass, long omax) | ||
| 86 | { | 96 | { |
| 87 | int i,ret; | 97 | int i,ret; |
| 88 | long l; | 98 | long l; |
| 89 | unsigned char *p= *pp; | 99 | const unsigned char *p= *pp; |
| 90 | int tag,xclass,inf; | 100 | int tag,xclass,inf; |
| 91 | long max=omax; | 101 | long max=omax; |
| 92 | 102 | ||
| @@ -141,11 +151,11 @@ err: | |||
| 141 | return(0x80); | 151 | return(0x80); |
| 142 | } | 152 | } |
| 143 | 153 | ||
| 144 | static int asn1_get_length(unsigned char **pp, int *inf, long *rl, int max) | 154 | static int asn1_get_length(const unsigned char **pp, int *inf, long *rl, int max) |
| 145 | { | 155 | { |
| 146 | unsigned char *p= *pp; | 156 | const unsigned char *p= *pp; |
| 147 | unsigned long ret=0; | 157 | unsigned long ret=0; |
| 148 | int i; | 158 | unsigned int i; |
| 149 | 159 | ||
| 150 | if (max-- < 1) return(0); | 160 | if (max-- < 1) return(0); |
| 151 | if (*p == 0x80) | 161 | if (*p == 0x80) |
| @@ -205,13 +215,22 @@ void ASN1_put_object(unsigned char **pp, int constructed, int length, int tag, | |||
| 205 | } | 215 | } |
| 206 | p += ttag; | 216 | p += ttag; |
| 207 | } | 217 | } |
| 208 | if ((constructed == 2) && (length == 0)) | 218 | if (constructed == 2) |
| 209 | *(p++)=0x80; /* der_put_length would output 0 instead */ | 219 | *(p++)=0x80; |
| 210 | else | 220 | else |
| 211 | asn1_put_length(&p,length); | 221 | asn1_put_length(&p,length); |
| 212 | *pp=p; | 222 | *pp=p; |
| 213 | } | 223 | } |
| 214 | 224 | ||
| 225 | int ASN1_put_eoc(unsigned char **pp) | ||
| 226 | { | ||
| 227 | unsigned char *p = *pp; | ||
| 228 | *p++ = 0; | ||
| 229 | *p++ = 0; | ||
| 230 | *pp = p; | ||
| 231 | return 2; | ||
| 232 | } | ||
| 233 | |||
| 215 | static void asn1_put_length(unsigned char **pp, int length) | 234 | static void asn1_put_length(unsigned char **pp, int length) |
| 216 | { | 235 | { |
| 217 | unsigned char *p= *pp; | 236 | unsigned char *p= *pp; |
| @@ -249,8 +268,8 @@ int ASN1_object_size(int constructed, int length, int tag) | |||
| 249 | ret++; | 268 | ret++; |
| 250 | } | 269 | } |
| 251 | } | 270 | } |
| 252 | if ((length == 0) && (constructed == 2)) | 271 | if (constructed == 2) |
| 253 | ret+=2; | 272 | return ret + 3; |
| 254 | ret++; | 273 | ret++; |
| 255 | if (length > 127) | 274 | if (length > 127) |
| 256 | { | 275 | { |
| @@ -263,11 +282,11 @@ int ASN1_object_size(int constructed, int length, int tag) | |||
| 263 | return(ret); | 282 | return(ret); |
| 264 | } | 283 | } |
| 265 | 284 | ||
| 266 | int asn1_Finish(ASN1_CTX *c) | 285 | static int _asn1_Finish(ASN1_const_CTX *c) |
| 267 | { | 286 | { |
| 268 | if ((c->inf == (1|V_ASN1_CONSTRUCTED)) && (!c->eos)) | 287 | if ((c->inf == (1|V_ASN1_CONSTRUCTED)) && (!c->eos)) |
| 269 | { | 288 | { |
| 270 | if (!ASN1_check_infinite_end(&c->p,c->slen)) | 289 | if (!ASN1_const_check_infinite_end(&c->p,c->slen)) |
| 271 | { | 290 | { |
| 272 | c->error=ERR_R_MISSING_ASN1_EOS; | 291 | c->error=ERR_R_MISSING_ASN1_EOS; |
| 273 | return(0); | 292 | return(0); |
| @@ -282,9 +301,19 @@ int asn1_Finish(ASN1_CTX *c) | |||
| 282 | return(1); | 301 | return(1); |
| 283 | } | 302 | } |
| 284 | 303 | ||
| 285 | int asn1_GetSequence(ASN1_CTX *c, long *length) | 304 | int asn1_Finish(ASN1_CTX *c) |
| 305 | { | ||
| 306 | return _asn1_Finish((ASN1_const_CTX *)c); | ||
| 307 | } | ||
| 308 | |||
| 309 | int asn1_const_Finish(ASN1_const_CTX *c) | ||
| 286 | { | 310 | { |
| 287 | unsigned char *q; | 311 | return _asn1_Finish(c); |
| 312 | } | ||
| 313 | |||
| 314 | int asn1_GetSequence(ASN1_const_CTX *c, long *length) | ||
| 315 | { | ||
| 316 | const unsigned char *q; | ||
| 288 | 317 | ||
| 289 | q=c->p; | 318 | q=c->p; |
| 290 | c->inf=ASN1_get_object(&(c->p),&(c->slen),&(c->tag),&(c->xclass), | 319 | c->inf=ASN1_get_object(&(c->p),&(c->slen),&(c->tag),&(c->xclass), |
| @@ -364,6 +393,14 @@ int ASN1_STRING_set(ASN1_STRING *str, const void *_data, int len) | |||
| 364 | return(1); | 393 | return(1); |
| 365 | } | 394 | } |
| 366 | 395 | ||
| 396 | void ASN1_STRING_set0(ASN1_STRING *str, void *data, int len) | ||
| 397 | { | ||
| 398 | if (str->data) | ||
| 399 | OPENSSL_free(str->data); | ||
| 400 | str->data = data; | ||
| 401 | str->length = len; | ||
| 402 | } | ||
| 403 | |||
| 367 | ASN1_STRING *ASN1_STRING_new(void) | 404 | ASN1_STRING *ASN1_STRING_new(void) |
| 368 | { | 405 | { |
| 369 | return(ASN1_STRING_type_new(V_ASN1_OCTET_STRING)); | 406 | return(ASN1_STRING_type_new(V_ASN1_OCTET_STRING)); |
| @@ -411,7 +448,7 @@ int ASN1_STRING_cmp(ASN1_STRING *a, ASN1_STRING *b) | |||
| 411 | return(i); | 448 | return(i); |
| 412 | } | 449 | } |
| 413 | 450 | ||
| 414 | void asn1_add_error(unsigned char *address, int offset) | 451 | void asn1_add_error(const unsigned char *address, int offset) |
| 415 | { | 452 | { |
| 416 | char buf1[DECIMAL_SIZE(address)+1],buf2[DECIMAL_SIZE(offset)+1]; | 453 | char buf1[DECIMAL_SIZE(address)+1],buf2[DECIMAL_SIZE(offset)+1]; |
| 417 | 454 | ||
diff --git a/src/lib/libssl/src/crypto/asn1/asn1_mac.h b/src/lib/libssl/src/crypto/asn1/asn1_mac.h index a48649ceeb..d958ca60d9 100644 --- a/src/lib/libssl/src/crypto/asn1/asn1_mac.h +++ b/src/lib/libssl/src/crypto/asn1/asn1_mac.h | |||
| @@ -73,11 +73,11 @@ extern "C" { | |||
| 73 | ERR_PUT_error(ASN1_MAC_ERR_LIB,(f),(r),__FILE__,(line)) | 73 | ERR_PUT_error(ASN1_MAC_ERR_LIB,(f),(r),__FILE__,(line)) |
| 74 | 74 | ||
| 75 | #define M_ASN1_D2I_vars(a,type,func) \ | 75 | #define M_ASN1_D2I_vars(a,type,func) \ |
| 76 | ASN1_CTX c; \ | 76 | ASN1_const_CTX c; \ |
| 77 | type ret=NULL; \ | 77 | type ret=NULL; \ |
| 78 | \ | 78 | \ |
| 79 | c.pp=(unsigned char **)pp; \ | 79 | c.pp=(const unsigned char **)pp; \ |
| 80 | c.q= *(unsigned char **)pp; \ | 80 | c.q= *(const unsigned char **)pp; \ |
| 81 | c.error=ERR_R_NESTED_ASN1_ERROR; \ | 81 | c.error=ERR_R_NESTED_ASN1_ERROR; \ |
| 82 | if ((a == NULL) || ((*a) == NULL)) \ | 82 | if ((a == NULL) || ((*a) == NULL)) \ |
| 83 | { if ((ret=(type)func()) == NULL) \ | 83 | { if ((ret=(type)func()) == NULL) \ |
| @@ -85,13 +85,13 @@ extern "C" { | |||
| 85 | else ret=(*a); | 85 | else ret=(*a); |
| 86 | 86 | ||
| 87 | #define M_ASN1_D2I_Init() \ | 87 | #define M_ASN1_D2I_Init() \ |
| 88 | c.p= *(unsigned char **)pp; \ | 88 | c.p= *(const unsigned char **)pp; \ |
| 89 | c.max=(length == 0)?0:(c.p+length); | 89 | c.max=(length == 0)?0:(c.p+length); |
| 90 | 90 | ||
| 91 | #define M_ASN1_D2I_Finish_2(a) \ | 91 | #define M_ASN1_D2I_Finish_2(a) \ |
| 92 | if (!asn1_Finish(&c)) \ | 92 | if (!asn1_const_Finish(&c)) \ |
| 93 | { c.line=__LINE__; goto err; } \ | 93 | { c.line=__LINE__; goto err; } \ |
| 94 | *(unsigned char **)pp=c.p; \ | 94 | *(const unsigned char **)pp=c.p; \ |
| 95 | if (a != NULL) (*a)=ret; \ | 95 | if (a != NULL) (*a)=ret; \ |
| 96 | return(ret); | 96 | return(ret); |
| 97 | 97 | ||
| @@ -99,7 +99,7 @@ extern "C" { | |||
| 99 | M_ASN1_D2I_Finish_2(a); \ | 99 | M_ASN1_D2I_Finish_2(a); \ |
| 100 | err:\ | 100 | err:\ |
| 101 | ASN1_MAC_H_err((e),c.error,c.line); \ | 101 | ASN1_MAC_H_err((e),c.error,c.line); \ |
| 102 | asn1_add_error(*(unsigned char **)pp,(int)(c.q- *pp)); \ | 102 | asn1_add_error(*(const unsigned char **)pp,(int)(c.q- *pp)); \ |
| 103 | if ((ret != NULL) && ((a == NULL) || (*a != ret))) func(ret); \ | 103 | if ((ret != NULL) && ((a == NULL) || (*a != ret))) func(ret); \ |
| 104 | return(NULL) | 104 | return(NULL) |
| 105 | 105 | ||
| @@ -123,15 +123,22 @@ err:\ | |||
| 123 | 123 | ||
| 124 | #define M_ASN1_D2I_end_sequence() \ | 124 | #define M_ASN1_D2I_end_sequence() \ |
| 125 | (((c.inf&1) == 0)?(c.slen <= 0): \ | 125 | (((c.inf&1) == 0)?(c.slen <= 0): \ |
| 126 | (c.eos=ASN1_check_infinite_end(&c.p,c.slen))) | 126 | (c.eos=ASN1_const_check_infinite_end(&c.p,c.slen))) |
| 127 | 127 | ||
| 128 | /* Don't use this with d2i_ASN1_BOOLEAN() */ | 128 | /* Don't use this with d2i_ASN1_BOOLEAN() */ |
| 129 | #define M_ASN1_D2I_get(b,func) \ | 129 | #define M_ASN1_D2I_get(b, func) \ |
| 130 | c.q=c.p; \ | 130 | c.q=c.p; \ |
| 131 | if (func(&(b),&c.p,c.slen) == NULL) \ | 131 | if (func(&(b),&c.p,c.slen) == NULL) \ |
| 132 | {c.line=__LINE__; goto err; } \ | 132 | {c.line=__LINE__; goto err; } \ |
| 133 | c.slen-=(c.p-c.q); | 133 | c.slen-=(c.p-c.q); |
| 134 | 134 | ||
| 135 | /* Don't use this with d2i_ASN1_BOOLEAN() */ | ||
| 136 | #define M_ASN1_D2I_get_x(type,b,func) \ | ||
| 137 | c.q=c.p; \ | ||
| 138 | if (((D2I_OF(type))func)(&(b),&c.p,c.slen) == NULL) \ | ||
| 139 | {c.line=__LINE__; goto err; } \ | ||
| 140 | c.slen-=(c.p-c.q); | ||
| 141 | |||
| 135 | /* use this instead () */ | 142 | /* use this instead () */ |
| 136 | #define M_ASN1_D2I_get_int(b,func) \ | 143 | #define M_ASN1_D2I_get_int(b,func) \ |
| 137 | c.q=c.p; \ | 144 | c.q=c.p; \ |
| @@ -278,7 +285,7 @@ err:\ | |||
| 278 | { c.line=__LINE__; goto err; } \ | 285 | { c.line=__LINE__; goto err; } \ |
| 279 | if (Tinf == (V_ASN1_CONSTRUCTED+1)) { \ | 286 | if (Tinf == (V_ASN1_CONSTRUCTED+1)) { \ |
| 280 | Tlen = c.slen - (c.p - c.q); \ | 287 | Tlen = c.slen - (c.p - c.q); \ |
| 281 | if(!ASN1_check_infinite_end(&c.p, Tlen)) \ | 288 | if(!ASN1_const_check_infinite_end(&c.p, Tlen)) \ |
| 282 | { c.error=ERR_R_MISSING_ASN1_EOS; \ | 289 | { c.error=ERR_R_MISSING_ASN1_EOS; \ |
| 283 | c.line=__LINE__; goto err; } \ | 290 | c.line=__LINE__; goto err; } \ |
| 284 | }\ | 291 | }\ |
| @@ -353,8 +360,12 @@ err:\ | |||
| 353 | return(NULL) | 360 | return(NULL) |
| 354 | 361 | ||
| 355 | 362 | ||
| 356 | #define M_ASN1_next (*c.p) | 363 | /* BIG UGLY WARNING! This is so damn ugly I wanna puke. Unfortunately, |
| 357 | #define M_ASN1_next_prev (*c.q) | 364 | some macros that use ASN1_const_CTX still insist on writing in the input |
| 365 | stream. ARGH! ARGH! ARGH! Let's get rid of this macro package. | ||
| 366 | Please? -- Richard Levitte */ | ||
| 367 | #define M_ASN1_next (*((unsigned char *)(c.p))) | ||
| 368 | #define M_ASN1_next_prev (*((unsigned char *)(c.q))) | ||
| 358 | 369 | ||
| 359 | /*************************************************/ | 370 | /*************************************************/ |
| 360 | 371 | ||
| @@ -551,8 +562,8 @@ err:\ | |||
| 551 | #define M_ASN1_I2D_finish() *pp=p; \ | 562 | #define M_ASN1_I2D_finish() *pp=p; \ |
| 552 | return(r); | 563 | return(r); |
| 553 | 564 | ||
| 554 | int asn1_GetSequence(ASN1_CTX *c, long *length); | 565 | int asn1_GetSequence(ASN1_const_CTX *c, long *length); |
| 555 | void asn1_add_error(unsigned char *address,int offset); | 566 | void asn1_add_error(const unsigned char *address,int offset); |
| 556 | #ifdef __cplusplus | 567 | #ifdef __cplusplus |
| 557 | } | 568 | } |
| 558 | #endif | 569 | #endif |
diff --git a/src/lib/libssl/src/crypto/asn1/asn1_par.c b/src/lib/libssl/src/crypto/asn1/asn1_par.c index 676d434f03..501b62a4b1 100644 --- a/src/lib/libssl/src/crypto/asn1/asn1_par.c +++ b/src/lib/libssl/src/crypto/asn1/asn1_par.c | |||
| @@ -64,7 +64,7 @@ | |||
| 64 | 64 | ||
| 65 | static int asn1_print_info(BIO *bp, int tag, int xclass,int constructed, | 65 | static int asn1_print_info(BIO *bp, int tag, int xclass,int constructed, |
| 66 | int indent); | 66 | int indent); |
| 67 | static int asn1_parse2(BIO *bp, unsigned char **pp, long length, | 67 | static int asn1_parse2(BIO *bp, const unsigned char **pp, long length, |
| 68 | int offset, int depth, int indent, int dump); | 68 | int offset, int depth, int indent, int dump); |
| 69 | static int asn1_print_info(BIO *bp, int tag, int xclass, int constructed, | 69 | static int asn1_print_info(BIO *bp, int tag, int xclass, int constructed, |
| 70 | int indent) | 70 | int indent) |
| @@ -88,7 +88,10 @@ static int asn1_print_info(BIO *bp, int tag, int xclass, int constructed, | |||
| 88 | BIO_snprintf(str,sizeof str,"cont [ %d ]",tag); | 88 | BIO_snprintf(str,sizeof str,"cont [ %d ]",tag); |
| 89 | else if ((xclass & V_ASN1_APPLICATION) == V_ASN1_APPLICATION) | 89 | else if ((xclass & V_ASN1_APPLICATION) == V_ASN1_APPLICATION) |
| 90 | BIO_snprintf(str,sizeof str,"appl [ %d ]",tag); | 90 | BIO_snprintf(str,sizeof str,"appl [ %d ]",tag); |
| 91 | else p = ASN1_tag2str(tag); | 91 | else if (tag > 30) |
| 92 | BIO_snprintf(str,sizeof str,"<ASN1 %d>",tag); | ||
| 93 | else | ||
| 94 | p = ASN1_tag2str(tag); | ||
| 92 | 95 | ||
| 93 | if (p2 != NULL) | 96 | if (p2 != NULL) |
| 94 | { | 97 | { |
| @@ -103,20 +106,20 @@ err: | |||
| 103 | return(0); | 106 | return(0); |
| 104 | } | 107 | } |
| 105 | 108 | ||
| 106 | int ASN1_parse(BIO *bp, unsigned char *pp, long len, int indent) | 109 | int ASN1_parse(BIO *bp, const unsigned char *pp, long len, int indent) |
| 107 | { | 110 | { |
| 108 | return(asn1_parse2(bp,&pp,len,0,0,indent,0)); | 111 | return(asn1_parse2(bp,&pp,len,0,0,indent,0)); |
| 109 | } | 112 | } |
| 110 | 113 | ||
| 111 | int ASN1_parse_dump(BIO *bp, unsigned char *pp, long len, int indent, int dump) | 114 | int ASN1_parse_dump(BIO *bp, const unsigned char *pp, long len, int indent, int dump) |
| 112 | { | 115 | { |
| 113 | return(asn1_parse2(bp,&pp,len,0,0,indent,dump)); | 116 | return(asn1_parse2(bp,&pp,len,0,0,indent,dump)); |
| 114 | } | 117 | } |
| 115 | 118 | ||
| 116 | static int asn1_parse2(BIO *bp, unsigned char **pp, long length, int offset, | 119 | static int asn1_parse2(BIO *bp, const unsigned char **pp, long length, int offset, |
| 117 | int depth, int indent, int dump) | 120 | int depth, int indent, int dump) |
| 118 | { | 121 | { |
| 119 | unsigned char *p,*ep,*tot,*op,*opp; | 122 | const unsigned char *p,*ep,*tot,*op,*opp; |
| 120 | long len; | 123 | long len; |
| 121 | int tag,xclass,ret=0; | 124 | int tag,xclass,ret=0; |
| 122 | int nl,hl,j,r; | 125 | int nl,hl,j,r; |
| @@ -215,7 +218,7 @@ static int asn1_parse2(BIO *bp, unsigned char **pp, long length, int offset, | |||
| 215 | { | 218 | { |
| 216 | if (BIO_write(bp,":",1) <= 0) goto end; | 219 | if (BIO_write(bp,":",1) <= 0) goto end; |
| 217 | if ((len > 0) && | 220 | if ((len > 0) && |
| 218 | BIO_write(bp,(char *)p,(int)len) | 221 | BIO_write(bp,(const char *)p,(int)len) |
| 219 | != (int)len) | 222 | != (int)len) |
| 220 | goto end; | 223 | goto end; |
| 221 | } | 224 | } |
| @@ -256,9 +259,11 @@ static int asn1_parse2(BIO *bp, unsigned char **pp, long length, int offset, | |||
| 256 | 259 | ||
| 257 | opp=op; | 260 | opp=op; |
| 258 | os=d2i_ASN1_OCTET_STRING(NULL,&opp,len+hl); | 261 | os=d2i_ASN1_OCTET_STRING(NULL,&opp,len+hl); |
| 259 | if (os != NULL) | 262 | if (os != NULL && os->length > 0) |
| 260 | { | 263 | { |
| 261 | opp=os->data; | 264 | opp = os->data; |
| 265 | /* testing whether the octet string is | ||
| 266 | * printable */ | ||
| 262 | for (i=0; i<os->length; i++) | 267 | for (i=0; i<os->length; i++) |
| 263 | { | 268 | { |
| 264 | if (( (opp[i] < ' ') && | 269 | if (( (opp[i] < ' ') && |
| @@ -271,28 +276,47 @@ static int asn1_parse2(BIO *bp, unsigned char **pp, long length, int offset, | |||
| 271 | break; | 276 | break; |
| 272 | } | 277 | } |
| 273 | } | 278 | } |
| 274 | if (printable && (os->length > 0)) | 279 | if (printable) |
| 280 | /* printable string */ | ||
| 275 | { | 281 | { |
| 276 | if (BIO_write(bp,":",1) <= 0) | 282 | if (BIO_write(bp,":",1) <= 0) |
| 277 | goto end; | 283 | goto end; |
| 278 | if (BIO_write(bp,(char *)opp, | 284 | if (BIO_write(bp,(const char *)opp, |
| 279 | os->length) <= 0) | 285 | os->length) <= 0) |
| 280 | goto end; | 286 | goto end; |
| 281 | } | 287 | } |
| 282 | if (!printable && (os->length > 0) | 288 | else if (!dump) |
| 283 | && dump) | 289 | /* not printable => print octet string |
| 290 | * as hex dump */ | ||
| 291 | { | ||
| 292 | if (BIO_write(bp,"[HEX DUMP]:",11) <= 0) | ||
| 293 | goto end; | ||
| 294 | for (i=0; i<os->length; i++) | ||
| 295 | { | ||
| 296 | if (BIO_printf(bp,"%02X" | ||
| 297 | , opp[i]) <= 0) | ||
| 298 | goto end; | ||
| 299 | } | ||
| 300 | } | ||
| 301 | else | ||
| 302 | /* print the normal dump */ | ||
| 284 | { | 303 | { |
| 285 | if (!nl) | 304 | if (!nl) |
| 286 | { | 305 | { |
| 287 | if (BIO_write(bp,"\n",1) <= 0) | 306 | if (BIO_write(bp,"\n",1) <= 0) |
| 288 | goto end; | 307 | goto end; |
| 289 | } | 308 | } |
| 290 | if (BIO_dump_indent(bp,(char *)opp, | 309 | if (BIO_dump_indent(bp, |
| 291 | ((dump == -1 || dump > os->length)?os->length:dump), | 310 | (const char *)opp, |
| 311 | ((dump == -1 || dump > | ||
| 312 | os->length)?os->length:dump), | ||
| 292 | dump_indent) <= 0) | 313 | dump_indent) <= 0) |
| 293 | goto end; | 314 | goto end; |
| 294 | nl=1; | 315 | nl=1; |
| 295 | } | 316 | } |
| 317 | } | ||
| 318 | if (os != NULL) | ||
| 319 | { | ||
| 296 | M_ASN1_OCTET_STRING_free(os); | 320 | M_ASN1_OCTET_STRING_free(os); |
| 297 | os=NULL; | 321 | os=NULL; |
| 298 | } | 322 | } |
| @@ -368,7 +392,7 @@ static int asn1_parse2(BIO *bp, unsigned char **pp, long length, int offset, | |||
| 368 | if (BIO_write(bp,"\n",1) <= 0) | 392 | if (BIO_write(bp,"\n",1) <= 0) |
| 369 | goto end; | 393 | goto end; |
| 370 | } | 394 | } |
| 371 | if (BIO_dump_indent(bp,(char *)p, | 395 | if (BIO_dump_indent(bp,(const char *)p, |
| 372 | ((dump == -1 || dump > len)?len:dump), | 396 | ((dump == -1 || dump > len)?len:dump), |
| 373 | dump_indent) <= 0) | 397 | dump_indent) <= 0) |
| 374 | goto end; | 398 | goto end; |
| @@ -398,7 +422,7 @@ end: | |||
| 398 | 422 | ||
| 399 | const char *ASN1_tag2str(int tag) | 423 | const char *ASN1_tag2str(int tag) |
| 400 | { | 424 | { |
| 401 | const static char *tag2str[] = { | 425 | static const char *tag2str[] = { |
| 402 | "EOC", "BOOLEAN", "INTEGER", "BIT STRING", "OCTET STRING", /* 0-4 */ | 426 | "EOC", "BOOLEAN", "INTEGER", "BIT STRING", "OCTET STRING", /* 0-4 */ |
| 403 | "NULL", "OBJECT", "OBJECT DESCRIPTOR", "EXTERNAL", "REAL", /* 5-9 */ | 427 | "NULL", "OBJECT", "OBJECT DESCRIPTOR", "EXTERNAL", "REAL", /* 5-9 */ |
| 404 | "ENUMERATED", "<ASN1 11>", "UTF8STRING", "<ASN1 13>", /* 10-13 */ | 428 | "ENUMERATED", "<ASN1 11>", "UTF8STRING", "<ASN1 13>", /* 10-13 */ |
diff --git a/src/lib/libssl/src/crypto/asn1/asn1t.h b/src/lib/libssl/src/crypto/asn1/asn1t.h index ed372f8554..bf315e65ed 100644 --- a/src/lib/libssl/src/crypto/asn1/asn1t.h +++ b/src/lib/libssl/src/crypto/asn1/asn1t.h | |||
| @@ -99,7 +99,7 @@ extern "C" { | |||
| 99 | #define ASN1_ITEM_start(itname) \ | 99 | #define ASN1_ITEM_start(itname) \ |
| 100 | const ASN1_ITEM * itname##_it(void) \ | 100 | const ASN1_ITEM * itname##_it(void) \ |
| 101 | { \ | 101 | { \ |
| 102 | static const ASN1_ITEM local_it = { \ | 102 | static const ASN1_ITEM local_it = { |
| 103 | 103 | ||
| 104 | #define ASN1_ITEM_end(itname) \ | 104 | #define ASN1_ITEM_end(itname) \ |
| 105 | }; \ | 105 | }; \ |
| @@ -112,7 +112,7 @@ extern "C" { | |||
| 112 | /* Macros to aid ASN1 template writing */ | 112 | /* Macros to aid ASN1 template writing */ |
| 113 | 113 | ||
| 114 | #define ASN1_ITEM_TEMPLATE(tname) \ | 114 | #define ASN1_ITEM_TEMPLATE(tname) \ |
| 115 | const static ASN1_TEMPLATE tname##_item_tt | 115 | static const ASN1_TEMPLATE tname##_item_tt |
| 116 | 116 | ||
| 117 | #define ASN1_ITEM_TEMPLATE_END(tname) \ | 117 | #define ASN1_ITEM_TEMPLATE_END(tname) \ |
| 118 | ;\ | 118 | ;\ |
| @@ -150,7 +150,7 @@ extern "C" { | |||
| 150 | */ | 150 | */ |
| 151 | 151 | ||
| 152 | #define ASN1_SEQUENCE(tname) \ | 152 | #define ASN1_SEQUENCE(tname) \ |
| 153 | const static ASN1_TEMPLATE tname##_seq_tt[] | 153 | static const ASN1_TEMPLATE tname##_seq_tt[] |
| 154 | 154 | ||
| 155 | #define ASN1_SEQUENCE_END(stname) ASN1_SEQUENCE_END_name(stname, stname) | 155 | #define ASN1_SEQUENCE_END(stname) ASN1_SEQUENCE_END_name(stname, stname) |
| 156 | 156 | ||
| @@ -166,22 +166,40 @@ extern "C" { | |||
| 166 | #stname \ | 166 | #stname \ |
| 167 | ASN1_ITEM_end(tname) | 167 | ASN1_ITEM_end(tname) |
| 168 | 168 | ||
| 169 | #define ASN1_NDEF_SEQUENCE(tname) \ | ||
| 170 | ASN1_SEQUENCE(tname) | ||
| 171 | |||
| 172 | #define ASN1_NDEF_SEQUENCE_cb(tname, cb) \ | ||
| 173 | ASN1_SEQUENCE_cb(tname, cb) | ||
| 174 | |||
| 169 | #define ASN1_SEQUENCE_cb(tname, cb) \ | 175 | #define ASN1_SEQUENCE_cb(tname, cb) \ |
| 170 | const static ASN1_AUX tname##_aux = {NULL, 0, 0, 0, cb, 0}; \ | 176 | static const ASN1_AUX tname##_aux = {NULL, 0, 0, 0, cb, 0}; \ |
| 171 | ASN1_SEQUENCE(tname) | 177 | ASN1_SEQUENCE(tname) |
| 172 | 178 | ||
| 173 | #define ASN1_BROKEN_SEQUENCE(tname) \ | 179 | #define ASN1_BROKEN_SEQUENCE(tname) \ |
| 174 | const static ASN1_AUX tname##_aux = {NULL, ASN1_AFLG_BROKEN, 0, 0, 0, 0}; \ | 180 | static const ASN1_AUX tname##_aux = {NULL, ASN1_AFLG_BROKEN, 0, 0, 0, 0}; \ |
| 175 | ASN1_SEQUENCE(tname) | 181 | ASN1_SEQUENCE(tname) |
| 176 | 182 | ||
| 177 | #define ASN1_SEQUENCE_ref(tname, cb, lck) \ | 183 | #define ASN1_SEQUENCE_ref(tname, cb, lck) \ |
| 178 | const static ASN1_AUX tname##_aux = {NULL, ASN1_AFLG_REFCOUNT, offsetof(tname, references), lck, cb, 0}; \ | 184 | static const ASN1_AUX tname##_aux = {NULL, ASN1_AFLG_REFCOUNT, offsetof(tname, references), lck, cb, 0}; \ |
| 179 | ASN1_SEQUENCE(tname) | 185 | ASN1_SEQUENCE(tname) |
| 180 | 186 | ||
| 181 | #define ASN1_SEQUENCE_enc(tname, enc, cb) \ | 187 | #define ASN1_SEQUENCE_enc(tname, enc, cb) \ |
| 182 | const static ASN1_AUX tname##_aux = {NULL, ASN1_AFLG_ENCODING, 0, 0, cb, offsetof(tname, enc)}; \ | 188 | static const ASN1_AUX tname##_aux = {NULL, ASN1_AFLG_ENCODING, 0, 0, cb, offsetof(tname, enc)}; \ |
| 183 | ASN1_SEQUENCE(tname) | 189 | ASN1_SEQUENCE(tname) |
| 184 | 190 | ||
| 191 | #define ASN1_NDEF_SEQUENCE_END(tname) \ | ||
| 192 | ;\ | ||
| 193 | ASN1_ITEM_start(tname) \ | ||
| 194 | ASN1_ITYPE_NDEF_SEQUENCE,\ | ||
| 195 | V_ASN1_SEQUENCE,\ | ||
| 196 | tname##_seq_tt,\ | ||
| 197 | sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\ | ||
| 198 | NULL,\ | ||
| 199 | sizeof(tname),\ | ||
| 200 | #tname \ | ||
| 201 | ASN1_ITEM_end(tname) | ||
| 202 | |||
| 185 | #define ASN1_BROKEN_SEQUENCE_END(stname) ASN1_SEQUENCE_END_ref(stname, stname) | 203 | #define ASN1_BROKEN_SEQUENCE_END(stname) ASN1_SEQUENCE_END_ref(stname, stname) |
| 186 | 204 | ||
| 187 | #define ASN1_SEQUENCE_END_enc(stname, tname) ASN1_SEQUENCE_END_ref(stname, tname) | 205 | #define ASN1_SEQUENCE_END_enc(stname, tname) ASN1_SEQUENCE_END_ref(stname, tname) |
| @@ -224,10 +242,10 @@ extern "C" { | |||
| 224 | */ | 242 | */ |
| 225 | 243 | ||
| 226 | #define ASN1_CHOICE(tname) \ | 244 | #define ASN1_CHOICE(tname) \ |
| 227 | const static ASN1_TEMPLATE tname##_ch_tt[] | 245 | static const ASN1_TEMPLATE tname##_ch_tt[] |
| 228 | 246 | ||
| 229 | #define ASN1_CHOICE_cb(tname, cb) \ | 247 | #define ASN1_CHOICE_cb(tname, cb) \ |
| 230 | const static ASN1_AUX tname##_aux = {NULL, 0, 0, 0, cb, 0}; \ | 248 | static const ASN1_AUX tname##_aux = {NULL, 0, 0, 0, cb, 0}; \ |
| 231 | ASN1_CHOICE(tname) | 249 | ASN1_CHOICE(tname) |
| 232 | 250 | ||
| 233 | #define ASN1_CHOICE_END(stname) ASN1_CHOICE_END_name(stname, stname) | 251 | #define ASN1_CHOICE_END(stname) ASN1_CHOICE_END_name(stname, stname) |
| @@ -353,16 +371,24 @@ extern "C" { | |||
| 353 | #define ASN1_EXP_SEQUENCE_OF_OPT(stname, field, type, tag) \ | 371 | #define ASN1_EXP_SEQUENCE_OF_OPT(stname, field, type, tag) \ |
| 354 | ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_SEQUENCE_OF|ASN1_TFLG_OPTIONAL) | 372 | ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_SEQUENCE_OF|ASN1_TFLG_OPTIONAL) |
| 355 | 373 | ||
| 374 | /* EXPLICIT using indefinite length constructed form */ | ||
| 375 | #define ASN1_NDEF_EXP(stname, field, type, tag) \ | ||
| 376 | ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_NDEF) | ||
| 377 | |||
| 378 | /* EXPLICIT OPTIONAL using indefinite length constructed form */ | ||
| 379 | #define ASN1_NDEF_EXP_OPT(stname, field, type, tag) \ | ||
| 380 | ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_OPTIONAL|ASN1_TFLG_NDEF) | ||
| 381 | |||
| 356 | /* Macros for the ASN1_ADB structure */ | 382 | /* Macros for the ASN1_ADB structure */ |
| 357 | 383 | ||
| 358 | #define ASN1_ADB(name) \ | 384 | #define ASN1_ADB(name) \ |
| 359 | const static ASN1_ADB_TABLE name##_adbtbl[] | 385 | static const ASN1_ADB_TABLE name##_adbtbl[] |
| 360 | 386 | ||
| 361 | #ifndef OPENSSL_EXPORT_VAR_AS_FUNCTION | 387 | #ifndef OPENSSL_EXPORT_VAR_AS_FUNCTION |
| 362 | 388 | ||
| 363 | #define ASN1_ADB_END(name, flags, field, app_table, def, none) \ | 389 | #define ASN1_ADB_END(name, flags, field, app_table, def, none) \ |
| 364 | ;\ | 390 | ;\ |
| 365 | const static ASN1_ADB name##_adb = {\ | 391 | static const ASN1_ADB name##_adb = {\ |
| 366 | flags,\ | 392 | flags,\ |
| 367 | offsetof(name, field),\ | 393 | offsetof(name, field),\ |
| 368 | app_table,\ | 394 | app_table,\ |
| @@ -376,9 +402,9 @@ extern "C" { | |||
| 376 | 402 | ||
| 377 | #define ASN1_ADB_END(name, flags, field, app_table, def, none) \ | 403 | #define ASN1_ADB_END(name, flags, field, app_table, def, none) \ |
| 378 | ;\ | 404 | ;\ |
| 379 | const static ASN1_ITEM *name##_adb(void) \ | 405 | static const ASN1_ITEM *name##_adb(void) \ |
| 380 | { \ | 406 | { \ |
| 381 | const static ASN1_ADB internal_adb = \ | 407 | static const ASN1_ADB internal_adb = \ |
| 382 | {\ | 408 | {\ |
| 383 | flags,\ | 409 | flags,\ |
| 384 | offsetof(name, field),\ | 410 | offsetof(name, field),\ |
| @@ -397,7 +423,7 @@ extern "C" { | |||
| 397 | #define ADB_ENTRY(val, template) {val, template} | 423 | #define ADB_ENTRY(val, template) {val, template} |
| 398 | 424 | ||
| 399 | #define ASN1_ADB_TEMPLATE(name) \ | 425 | #define ASN1_ADB_TEMPLATE(name) \ |
| 400 | const static ASN1_TEMPLATE name##_tt | 426 | static const ASN1_TEMPLATE name##_tt |
| 401 | 427 | ||
| 402 | /* This is the ASN1 template structure that defines | 428 | /* This is the ASN1 template structure that defines |
| 403 | * a wrapper round the actual type. It determines the | 429 | * a wrapper round the actual type. It determines the |
| @@ -410,7 +436,7 @@ unsigned long flags; /* Various flags */ | |||
| 410 | long tag; /* tag, not used if no tagging */ | 436 | long tag; /* tag, not used if no tagging */ |
| 411 | unsigned long offset; /* Offset of this field in structure */ | 437 | unsigned long offset; /* Offset of this field in structure */ |
| 412 | #ifndef NO_ASN1_FIELD_NAMES | 438 | #ifndef NO_ASN1_FIELD_NAMES |
| 413 | char *field_name; /* Field name */ | 439 | const char *field_name; /* Field name */ |
| 414 | #endif | 440 | #endif |
| 415 | ASN1_ITEM_EXP *item; /* Relevant ASN1_ITEM or ASN1_ADB */ | 441 | ASN1_ITEM_EXP *item; /* Relevant ASN1_ITEM or ASN1_ADB */ |
| 416 | }; | 442 | }; |
| @@ -518,6 +544,13 @@ struct ASN1_ADB_TABLE_st { | |||
| 518 | 544 | ||
| 519 | #define ASN1_TFLG_COMBINE (0x1<<10) | 545 | #define ASN1_TFLG_COMBINE (0x1<<10) |
| 520 | 546 | ||
| 547 | /* This flag when present in a SEQUENCE OF, SET OF | ||
| 548 | * or EXPLICIT causes indefinite length constructed | ||
| 549 | * encoding to be used if required. | ||
| 550 | */ | ||
| 551 | |||
| 552 | #define ASN1_TFLG_NDEF (0x1<<11) | ||
| 553 | |||
| 521 | /* This is the actual ASN1 item itself */ | 554 | /* This is the actual ASN1 item itself */ |
| 522 | 555 | ||
| 523 | struct ASN1_ITEM_st { | 556 | struct ASN1_ITEM_st { |
| @@ -570,19 +603,25 @@ const char *sname; /* Structure name */ | |||
| 570 | * has a special meaning, it is used as a mask | 603 | * has a special meaning, it is used as a mask |
| 571 | * of acceptable types using the B_ASN1 constants. | 604 | * of acceptable types using the B_ASN1 constants. |
| 572 | * | 605 | * |
| 606 | * NDEF_SEQUENCE is the same as SEQUENCE except | ||
| 607 | * that it will use indefinite length constructed | ||
| 608 | * encoding if requested. | ||
| 609 | * | ||
| 573 | */ | 610 | */ |
| 574 | 611 | ||
| 575 | #define ASN1_ITYPE_PRIMITIVE 0x0 | 612 | #define ASN1_ITYPE_PRIMITIVE 0x0 |
| 613 | |||
| 614 | #define ASN1_ITYPE_SEQUENCE 0x1 | ||
| 576 | 615 | ||
| 577 | #define ASN1_ITYPE_SEQUENCE 0x1 | 616 | #define ASN1_ITYPE_CHOICE 0x2 |
| 578 | 617 | ||
| 579 | #define ASN1_ITYPE_CHOICE 0x2 | 618 | #define ASN1_ITYPE_COMPAT 0x3 |
| 580 | 619 | ||
| 581 | #define ASN1_ITYPE_COMPAT 0x3 | 620 | #define ASN1_ITYPE_EXTERN 0x4 |
| 582 | 621 | ||
| 583 | #define ASN1_ITYPE_EXTERN 0x4 | 622 | #define ASN1_ITYPE_MSTRING 0x5 |
| 584 | 623 | ||
| 585 | #define ASN1_ITYPE_MSTRING 0x5 | 624 | #define ASN1_ITYPE_NDEF_SEQUENCE 0x6 |
| 586 | 625 | ||
| 587 | /* Cache for ASN1 tag and length, so we | 626 | /* Cache for ASN1 tag and length, so we |
| 588 | * don't keep re-reading it for things | 627 | * don't keep re-reading it for things |
| @@ -602,10 +641,10 @@ struct ASN1_TLC_st{ | |||
| 602 | 641 | ||
| 603 | typedef ASN1_VALUE * ASN1_new_func(void); | 642 | typedef ASN1_VALUE * ASN1_new_func(void); |
| 604 | typedef void ASN1_free_func(ASN1_VALUE *a); | 643 | typedef void ASN1_free_func(ASN1_VALUE *a); |
| 605 | typedef ASN1_VALUE * ASN1_d2i_func(ASN1_VALUE **a, unsigned char ** in, long length); | 644 | typedef ASN1_VALUE * ASN1_d2i_func(ASN1_VALUE **a, const unsigned char ** in, long length); |
| 606 | typedef int ASN1_i2d_func(ASN1_VALUE * a, unsigned char **in); | 645 | typedef int ASN1_i2d_func(ASN1_VALUE * a, unsigned char **in); |
| 607 | 646 | ||
| 608 | typedef int ASN1_ex_d2i(ASN1_VALUE **pval, unsigned char **in, long len, const ASN1_ITEM *it, | 647 | typedef int ASN1_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, const ASN1_ITEM *it, |
| 609 | int tag, int aclass, char opt, ASN1_TLC *ctx); | 648 | int tag, int aclass, char opt, ASN1_TLC *ctx); |
| 610 | 649 | ||
| 611 | typedef int ASN1_ex_i2d(ASN1_VALUE **pval, unsigned char **out, const ASN1_ITEM *it, int tag, int aclass); | 650 | typedef int ASN1_ex_i2d(ASN1_VALUE **pval, unsigned char **out, const ASN1_ITEM *it, int tag, int aclass); |
| @@ -613,7 +652,7 @@ typedef int ASN1_ex_new_func(ASN1_VALUE **pval, const ASN1_ITEM *it); | |||
| 613 | typedef void ASN1_ex_free_func(ASN1_VALUE **pval, const ASN1_ITEM *it); | 652 | typedef void ASN1_ex_free_func(ASN1_VALUE **pval, const ASN1_ITEM *it); |
| 614 | 653 | ||
| 615 | typedef int ASN1_primitive_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, const ASN1_ITEM *it); | 654 | typedef int ASN1_primitive_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, const ASN1_ITEM *it); |
| 616 | typedef int ASN1_primitive_c2i(ASN1_VALUE **pval, unsigned char *cont, int len, int utype, char *free_cont, const ASN1_ITEM *it); | 655 | typedef int ASN1_primitive_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, int utype, char *free_cont, const ASN1_ITEM *it); |
| 617 | 656 | ||
| 618 | typedef struct ASN1_COMPAT_FUNCS_st { | 657 | typedef struct ASN1_COMPAT_FUNCS_st { |
| 619 | ASN1_new_func *asn1_new; | 658 | ASN1_new_func *asn1_new; |
| @@ -743,6 +782,9 @@ typedef struct ASN1_AUX_st { | |||
| 743 | #define IMPLEMENT_ASN1_FUNCTIONS_ENCODE_name(stname, itname) \ | 782 | #define IMPLEMENT_ASN1_FUNCTIONS_ENCODE_name(stname, itname) \ |
| 744 | IMPLEMENT_ASN1_FUNCTIONS_ENCODE_fname(stname, itname, itname) | 783 | IMPLEMENT_ASN1_FUNCTIONS_ENCODE_fname(stname, itname, itname) |
| 745 | 784 | ||
| 785 | #define IMPLEMENT_ASN1_ALLOC_FUNCTIONS(stname) \ | ||
| 786 | IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(stname, stname, stname) | ||
| 787 | |||
| 746 | #define IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(stname, itname, fname) \ | 788 | #define IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(stname, itname, fname) \ |
| 747 | stname *fname##_new(void) \ | 789 | stname *fname##_new(void) \ |
| 748 | { \ | 790 | { \ |
| @@ -758,7 +800,7 @@ typedef struct ASN1_AUX_st { | |||
| 758 | IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(stname, itname, fname) | 800 | IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(stname, itname, fname) |
| 759 | 801 | ||
| 760 | #define IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(stname, itname, fname) \ | 802 | #define IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(stname, itname, fname) \ |
| 761 | stname *d2i_##fname(stname **a, unsigned char **in, long len) \ | 803 | stname *d2i_##fname(stname **a, const unsigned char **in, long len) \ |
| 762 | { \ | 804 | { \ |
| 763 | return (stname *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, ASN1_ITEM_rptr(itname));\ | 805 | return (stname *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, ASN1_ITEM_rptr(itname));\ |
| 764 | } \ | 806 | } \ |
| @@ -767,13 +809,19 @@ typedef struct ASN1_AUX_st { | |||
| 767 | return ASN1_item_i2d((ASN1_VALUE *)a, out, ASN1_ITEM_rptr(itname));\ | 809 | return ASN1_item_i2d((ASN1_VALUE *)a, out, ASN1_ITEM_rptr(itname));\ |
| 768 | } | 810 | } |
| 769 | 811 | ||
| 812 | #define IMPLEMENT_ASN1_NDEF_FUNCTION(stname) \ | ||
| 813 | int i2d_##stname##_NDEF(stname *a, unsigned char **out) \ | ||
| 814 | { \ | ||
| 815 | return ASN1_item_ndef_i2d((ASN1_VALUE *)a, out, ASN1_ITEM_rptr(stname));\ | ||
| 816 | } | ||
| 817 | |||
| 770 | /* This includes evil casts to remove const: they will go away when full | 818 | /* This includes evil casts to remove const: they will go away when full |
| 771 | * ASN1 constification is done. | 819 | * ASN1 constification is done. |
| 772 | */ | 820 | */ |
| 773 | #define IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(stname, itname, fname) \ | 821 | #define IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(stname, itname, fname) \ |
| 774 | stname *d2i_##fname(stname **a, const unsigned char **in, long len) \ | 822 | stname *d2i_##fname(stname **a, const unsigned char **in, long len) \ |
| 775 | { \ | 823 | { \ |
| 776 | return (stname *)ASN1_item_d2i((ASN1_VALUE **)a, (unsigned char **)in, len, ASN1_ITEM_rptr(itname));\ | 824 | return (stname *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, ASN1_ITEM_rptr(itname));\ |
| 777 | } \ | 825 | } \ |
| 778 | int i2d_##fname(const stname *a, unsigned char **out) \ | 826 | int i2d_##fname(const stname *a, unsigned char **out) \ |
| 779 | { \ | 827 | { \ |
| @@ -798,7 +846,6 @@ typedef struct ASN1_AUX_st { | |||
| 798 | DECLARE_ASN1_ITEM(ASN1_BOOLEAN) | 846 | DECLARE_ASN1_ITEM(ASN1_BOOLEAN) |
| 799 | DECLARE_ASN1_ITEM(ASN1_TBOOLEAN) | 847 | DECLARE_ASN1_ITEM(ASN1_TBOOLEAN) |
| 800 | DECLARE_ASN1_ITEM(ASN1_FBOOLEAN) | 848 | DECLARE_ASN1_ITEM(ASN1_FBOOLEAN) |
| 801 | DECLARE_ASN1_ITEM(ASN1_ANY) | ||
| 802 | DECLARE_ASN1_ITEM(ASN1_SEQUENCE) | 849 | DECLARE_ASN1_ITEM(ASN1_SEQUENCE) |
| 803 | DECLARE_ASN1_ITEM(CBIGNUM) | 850 | DECLARE_ASN1_ITEM(CBIGNUM) |
| 804 | DECLARE_ASN1_ITEM(BIGNUM) | 851 | DECLARE_ASN1_ITEM(BIGNUM) |
| @@ -815,8 +862,8 @@ int ASN1_template_new(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt); | |||
| 815 | int ASN1_primitive_new(ASN1_VALUE **pval, const ASN1_ITEM *it); | 862 | int ASN1_primitive_new(ASN1_VALUE **pval, const ASN1_ITEM *it); |
| 816 | 863 | ||
| 817 | void ASN1_template_free(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt); | 864 | void ASN1_template_free(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt); |
| 818 | int ASN1_template_d2i(ASN1_VALUE **pval, unsigned char **in, long len, const ASN1_TEMPLATE *tt); | 865 | int ASN1_template_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, const ASN1_TEMPLATE *tt); |
| 819 | int ASN1_item_ex_d2i(ASN1_VALUE **pval, unsigned char **in, long len, const ASN1_ITEM *it, | 866 | int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, const ASN1_ITEM *it, |
| 820 | int tag, int aclass, char opt, ASN1_TLC *ctx); | 867 | int tag, int aclass, char opt, ASN1_TLC *ctx); |
| 821 | 868 | ||
| 822 | int ASN1_item_ex_i2d(ASN1_VALUE **pval, unsigned char **out, const ASN1_ITEM *it, int tag, int aclass); | 869 | int ASN1_item_ex_i2d(ASN1_VALUE **pval, unsigned char **out, const ASN1_ITEM *it, int tag, int aclass); |
| @@ -824,7 +871,7 @@ int ASN1_template_i2d(ASN1_VALUE **pval, unsigned char **out, const ASN1_TEMPLAT | |||
| 824 | void ASN1_primitive_free(ASN1_VALUE **pval, const ASN1_ITEM *it); | 871 | void ASN1_primitive_free(ASN1_VALUE **pval, const ASN1_ITEM *it); |
| 825 | 872 | ||
| 826 | int asn1_ex_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, const ASN1_ITEM *it); | 873 | int asn1_ex_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, const ASN1_ITEM *it); |
| 827 | int asn1_ex_c2i(ASN1_VALUE **pval, unsigned char *cont, int len, int utype, char *free_cont, const ASN1_ITEM *it); | 874 | int asn1_ex_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, int utype, char *free_cont, const ASN1_ITEM *it); |
| 828 | 875 | ||
| 829 | int asn1_get_choice_selector(ASN1_VALUE **pval, const ASN1_ITEM *it); | 876 | int asn1_get_choice_selector(ASN1_VALUE **pval, const ASN1_ITEM *it); |
| 830 | int asn1_set_choice_selector(ASN1_VALUE **pval, int value, const ASN1_ITEM *it); | 877 | int asn1_set_choice_selector(ASN1_VALUE **pval, int value, const ASN1_ITEM *it); |
| @@ -838,7 +885,7 @@ int asn1_do_lock(ASN1_VALUE **pval, int op, const ASN1_ITEM *it); | |||
| 838 | void asn1_enc_init(ASN1_VALUE **pval, const ASN1_ITEM *it); | 885 | void asn1_enc_init(ASN1_VALUE **pval, const ASN1_ITEM *it); |
| 839 | void asn1_enc_free(ASN1_VALUE **pval, const ASN1_ITEM *it); | 886 | void asn1_enc_free(ASN1_VALUE **pval, const ASN1_ITEM *it); |
| 840 | int asn1_enc_restore(int *len, unsigned char **out, ASN1_VALUE **pval, const ASN1_ITEM *it); | 887 | int asn1_enc_restore(int *len, unsigned char **out, ASN1_VALUE **pval, const ASN1_ITEM *it); |
| 841 | int asn1_enc_save(ASN1_VALUE **pval, unsigned char *in, int inlen, const ASN1_ITEM *it); | 888 | int asn1_enc_save(ASN1_VALUE **pval, const unsigned char *in, int inlen, const ASN1_ITEM *it); |
| 842 | 889 | ||
| 843 | #ifdef __cplusplus | 890 | #ifdef __cplusplus |
| 844 | } | 891 | } |
diff --git a/src/lib/libssl/src/crypto/asn1/asn_moid.c b/src/lib/libssl/src/crypto/asn1/asn_moid.c index edb44c988f..9132350f10 100644 --- a/src/lib/libssl/src/crypto/asn1/asn_moid.c +++ b/src/lib/libssl/src/crypto/asn1/asn_moid.c | |||
| @@ -3,7 +3,7 @@ | |||
| 3 | * project 2001. | 3 | * project 2001. |
| 4 | */ | 4 | */ |
| 5 | /* ==================================================================== | 5 | /* ==================================================================== |
| 6 | * Copyright (c) 2001 The OpenSSL Project. All rights reserved. | 6 | * Copyright (c) 2001-2004 The OpenSSL Project. All rights reserved. |
| 7 | * | 7 | * |
| 8 | * Redistribution and use in source and binary forms, with or without | 8 | * Redistribution and use in source and binary forms, with or without |
| 9 | * modification, are permitted provided that the following conditions | 9 | * modification, are permitted provided that the following conditions |
| @@ -57,6 +57,7 @@ | |||
| 57 | */ | 57 | */ |
| 58 | 58 | ||
| 59 | #include <stdio.h> | 59 | #include <stdio.h> |
| 60 | #include <ctype.h> | ||
| 60 | #include <openssl/crypto.h> | 61 | #include <openssl/crypto.h> |
| 61 | #include "cryptlib.h" | 62 | #include "cryptlib.h" |
| 62 | #include <openssl/conf.h> | 63 | #include <openssl/conf.h> |
| @@ -65,6 +66,8 @@ | |||
| 65 | 66 | ||
| 66 | /* Simple ASN1 OID module: add all objects in a given section */ | 67 | /* Simple ASN1 OID module: add all objects in a given section */ |
| 67 | 68 | ||
| 69 | static int do_create(char *value, char *name); | ||
| 70 | |||
| 68 | static int oid_module_init(CONF_IMODULE *md, const CONF *cnf) | 71 | static int oid_module_init(CONF_IMODULE *md, const CONF *cnf) |
| 69 | { | 72 | { |
| 70 | int i; | 73 | int i; |
| @@ -80,7 +83,7 @@ static int oid_module_init(CONF_IMODULE *md, const CONF *cnf) | |||
| 80 | for(i = 0; i < sk_CONF_VALUE_num(sktmp); i++) | 83 | for(i = 0; i < sk_CONF_VALUE_num(sktmp); i++) |
| 81 | { | 84 | { |
| 82 | oval = sk_CONF_VALUE_value(sktmp, i); | 85 | oval = sk_CONF_VALUE_value(sktmp, i); |
| 83 | if(OBJ_create(oval->value, oval->name, oval->name) == NID_undef) | 86 | if(!do_create(oval->value, oval->name)) |
| 84 | { | 87 | { |
| 85 | ASN1err(ASN1_F_OID_MODULE_INIT, ASN1_R_ADDING_OBJECT); | 88 | ASN1err(ASN1_F_OID_MODULE_INIT, ASN1_R_ADDING_OBJECT); |
| 86 | return 0; | 89 | return 0; |
| @@ -98,3 +101,60 @@ void ASN1_add_oid_module(void) | |||
| 98 | { | 101 | { |
| 99 | CONF_module_add("oid_section", oid_module_init, oid_module_finish); | 102 | CONF_module_add("oid_section", oid_module_init, oid_module_finish); |
| 100 | } | 103 | } |
| 104 | |||
| 105 | /* Create an OID based on a name value pair. Accept two formats. | ||
| 106 | * shortname = 1.2.3.4 | ||
| 107 | * shortname = some long name, 1.2.3.4 | ||
| 108 | */ | ||
| 109 | |||
| 110 | |||
| 111 | static int do_create(char *value, char *name) | ||
| 112 | { | ||
| 113 | int nid; | ||
| 114 | ASN1_OBJECT *oid; | ||
| 115 | char *ln, *ostr, *p, *lntmp; | ||
| 116 | p = strrchr(value, ','); | ||
| 117 | if (!p) | ||
| 118 | { | ||
| 119 | ln = name; | ||
| 120 | ostr = value; | ||
| 121 | } | ||
| 122 | else | ||
| 123 | { | ||
| 124 | ln = NULL; | ||
| 125 | ostr = p + 1; | ||
| 126 | if (!*ostr) | ||
| 127 | return 0; | ||
| 128 | while(isspace((unsigned char)*ostr)) ostr++; | ||
| 129 | } | ||
| 130 | |||
| 131 | nid = OBJ_create(ostr, name, ln); | ||
| 132 | |||
| 133 | if (nid == NID_undef) | ||
| 134 | return 0; | ||
| 135 | |||
| 136 | if (p) | ||
| 137 | { | ||
| 138 | ln = value; | ||
| 139 | while(isspace((unsigned char)*ln)) ln++; | ||
| 140 | p--; | ||
| 141 | while(isspace((unsigned char)*p)) | ||
| 142 | { | ||
| 143 | if (p == ln) | ||
| 144 | return 0; | ||
| 145 | p--; | ||
| 146 | } | ||
| 147 | p++; | ||
| 148 | lntmp = OPENSSL_malloc((p - ln) + 1); | ||
| 149 | if (lntmp == NULL) | ||
| 150 | return 0; | ||
| 151 | memcpy(lntmp, ln, p - ln); | ||
| 152 | lntmp[p - ln] = 0; | ||
| 153 | oid = OBJ_nid2obj(nid); | ||
| 154 | oid->ln = lntmp; | ||
| 155 | } | ||
| 156 | |||
| 157 | return 1; | ||
| 158 | } | ||
| 159 | |||
| 160 | |||
diff --git a/src/lib/libssl/src/crypto/asn1/asn_pack.c b/src/lib/libssl/src/crypto/asn1/asn_pack.c index e6051db2dc..e8b671b7b5 100644 --- a/src/lib/libssl/src/crypto/asn1/asn_pack.c +++ b/src/lib/libssl/src/crypto/asn1/asn_pack.c | |||
| @@ -66,11 +66,11 @@ | |||
| 66 | 66 | ||
| 67 | /* Turn an ASN1 encoded SEQUENCE OF into a STACK of structures */ | 67 | /* Turn an ASN1 encoded SEQUENCE OF into a STACK of structures */ |
| 68 | 68 | ||
| 69 | STACK *ASN1_seq_unpack(unsigned char *buf, int len, char *(*d2i)(), | 69 | STACK *ASN1_seq_unpack(const unsigned char *buf, int len, |
| 70 | void (*free_func)(void *)) | 70 | d2i_of_void *d2i,void (*free_func)(void *)) |
| 71 | { | 71 | { |
| 72 | STACK *sk; | 72 | STACK *sk; |
| 73 | unsigned char *pbuf; | 73 | const unsigned char *pbuf; |
| 74 | pbuf = buf; | 74 | pbuf = buf; |
| 75 | if (!(sk = d2i_ASN1_SET(NULL, &pbuf, len, d2i, free_func, | 75 | if (!(sk = d2i_ASN1_SET(NULL, &pbuf, len, d2i, free_func, |
| 76 | V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL))) | 76 | V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL))) |
| @@ -82,8 +82,8 @@ STACK *ASN1_seq_unpack(unsigned char *buf, int len, char *(*d2i)(), | |||
| 82 | * OPENSSL_malloc'ed buffer | 82 | * OPENSSL_malloc'ed buffer |
| 83 | */ | 83 | */ |
| 84 | 84 | ||
| 85 | unsigned char *ASN1_seq_pack(STACK *safes, int (*i2d)(), unsigned char **buf, | 85 | unsigned char *ASN1_seq_pack(STACK *safes, i2d_of_void *i2d, |
| 86 | int *len) | 86 | unsigned char **buf, int *len) |
| 87 | { | 87 | { |
| 88 | int safelen; | 88 | int safelen; |
| 89 | unsigned char *safe, *p; | 89 | unsigned char *safe, *p; |
| @@ -106,9 +106,9 @@ unsigned char *ASN1_seq_pack(STACK *safes, int (*i2d)(), unsigned char **buf, | |||
| 106 | 106 | ||
| 107 | /* Extract an ASN1 object from an ASN1_STRING */ | 107 | /* Extract an ASN1 object from an ASN1_STRING */ |
| 108 | 108 | ||
| 109 | void *ASN1_unpack_string (ASN1_STRING *oct, char *(*d2i)()) | 109 | void *ASN1_unpack_string(ASN1_STRING *oct, d2i_of_void *d2i) |
| 110 | { | 110 | { |
| 111 | unsigned char *p; | 111 | const unsigned char *p; |
| 112 | char *ret; | 112 | char *ret; |
| 113 | 113 | ||
| 114 | p = oct->data; | 114 | p = oct->data; |
| @@ -119,7 +119,7 @@ void *ASN1_unpack_string (ASN1_STRING *oct, char *(*d2i)()) | |||
| 119 | 119 | ||
| 120 | /* Pack an ASN1 object into an ASN1_STRING */ | 120 | /* Pack an ASN1 object into an ASN1_STRING */ |
| 121 | 121 | ||
| 122 | ASN1_STRING *ASN1_pack_string(void *obj, int (*i2d)(), ASN1_STRING **oct) | 122 | ASN1_STRING *ASN1_pack_string(void *obj, i2d_of_void *i2d, ASN1_STRING **oct) |
| 123 | { | 123 | { |
| 124 | unsigned char *p; | 124 | unsigned char *p; |
| 125 | ASN1_STRING *octmp; | 125 | ASN1_STRING *octmp; |
| @@ -155,7 +155,7 @@ ASN1_STRING *ASN1_item_pack(void *obj, const ASN1_ITEM *it, ASN1_STRING **oct) | |||
| 155 | 155 | ||
| 156 | if (!oct || !*oct) { | 156 | if (!oct || !*oct) { |
| 157 | if (!(octmp = ASN1_STRING_new ())) { | 157 | if (!(octmp = ASN1_STRING_new ())) { |
| 158 | ASN1err(ASN1_F_ASN1_PACK_STRING,ERR_R_MALLOC_FAILURE); | 158 | ASN1err(ASN1_F_ASN1_ITEM_PACK,ERR_R_MALLOC_FAILURE); |
| 159 | return NULL; | 159 | return NULL; |
| 160 | } | 160 | } |
| 161 | if (oct) *oct = octmp; | 161 | if (oct) *oct = octmp; |
| @@ -167,11 +167,11 @@ ASN1_STRING *ASN1_item_pack(void *obj, const ASN1_ITEM *it, ASN1_STRING **oct) | |||
| 167 | } | 167 | } |
| 168 | 168 | ||
| 169 | if (!(octmp->length = ASN1_item_i2d(obj, &octmp->data, it))) { | 169 | if (!(octmp->length = ASN1_item_i2d(obj, &octmp->data, it))) { |
| 170 | ASN1err(ASN1_F_ASN1_PACK_STRING,ASN1_R_ENCODE_ERROR); | 170 | ASN1err(ASN1_F_ASN1_ITEM_PACK,ASN1_R_ENCODE_ERROR); |
| 171 | return NULL; | 171 | return NULL; |
| 172 | } | 172 | } |
| 173 | if (!octmp->data) { | 173 | if (!octmp->data) { |
| 174 | ASN1err(ASN1_F_ASN1_PACK_STRING,ERR_R_MALLOC_FAILURE); | 174 | ASN1err(ASN1_F_ASN1_ITEM_PACK,ERR_R_MALLOC_FAILURE); |
| 175 | return NULL; | 175 | return NULL; |
| 176 | } | 176 | } |
| 177 | return octmp; | 177 | return octmp; |
| @@ -181,11 +181,11 @@ ASN1_STRING *ASN1_item_pack(void *obj, const ASN1_ITEM *it, ASN1_STRING **oct) | |||
| 181 | 181 | ||
| 182 | void *ASN1_item_unpack(ASN1_STRING *oct, const ASN1_ITEM *it) | 182 | void *ASN1_item_unpack(ASN1_STRING *oct, const ASN1_ITEM *it) |
| 183 | { | 183 | { |
| 184 | unsigned char *p; | 184 | const unsigned char *p; |
| 185 | void *ret; | 185 | void *ret; |
| 186 | 186 | ||
| 187 | p = oct->data; | 187 | p = oct->data; |
| 188 | if(!(ret = ASN1_item_d2i(NULL, &p, oct->length, it))) | 188 | if(!(ret = ASN1_item_d2i(NULL, &p, oct->length, it))) |
| 189 | ASN1err(ASN1_F_ASN1_UNPACK_STRING,ASN1_R_DECODE_ERROR); | 189 | ASN1err(ASN1_F_ASN1_ITEM_UNPACK,ASN1_R_DECODE_ERROR); |
| 190 | return ret; | 190 | return ret; |
| 191 | } | 191 | } |
diff --git a/src/lib/libssl/src/crypto/asn1/d2i_pr.c b/src/lib/libssl/src/crypto/asn1/d2i_pr.c index 2e7d96af90..207ccda5ac 100644 --- a/src/lib/libssl/src/crypto/asn1/d2i_pr.c +++ b/src/lib/libssl/src/crypto/asn1/d2i_pr.c | |||
| @@ -68,8 +68,11 @@ | |||
| 68 | #ifndef OPENSSL_NO_DSA | 68 | #ifndef OPENSSL_NO_DSA |
| 69 | #include <openssl/dsa.h> | 69 | #include <openssl/dsa.h> |
| 70 | #endif | 70 | #endif |
| 71 | #ifndef OPENSSL_NO_EC | ||
| 72 | #include <openssl/ec.h> | ||
| 73 | #endif | ||
| 71 | 74 | ||
| 72 | EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **a, unsigned char **pp, | 75 | EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **a, const unsigned char **pp, |
| 73 | long length) | 76 | long length) |
| 74 | { | 77 | { |
| 75 | EVP_PKEY *ret; | 78 | EVP_PKEY *ret; |
| @@ -108,6 +111,16 @@ EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **a, unsigned char **pp, | |||
| 108 | } | 111 | } |
| 109 | break; | 112 | break; |
| 110 | #endif | 113 | #endif |
| 114 | #ifndef OPENSSL_NO_EC | ||
| 115 | case EVP_PKEY_EC: | ||
| 116 | if ((ret->pkey.ec = d2i_ECPrivateKey(NULL, | ||
| 117 | (const unsigned char **)pp, length)) == NULL) | ||
| 118 | { | ||
| 119 | ASN1err(ASN1_F_D2I_PRIVATEKEY, ERR_R_ASN1_LIB); | ||
| 120 | goto err; | ||
| 121 | } | ||
| 122 | break; | ||
| 123 | #endif | ||
| 111 | default: | 124 | default: |
| 112 | ASN1err(ASN1_F_D2I_PRIVATEKEY,ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE); | 125 | ASN1err(ASN1_F_D2I_PRIVATEKEY,ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE); |
| 113 | goto err; | 126 | goto err; |
| @@ -122,11 +135,11 @@ err: | |||
| 122 | 135 | ||
| 123 | /* This works like d2i_PrivateKey() except it automatically works out the type */ | 136 | /* This works like d2i_PrivateKey() except it automatically works out the type */ |
| 124 | 137 | ||
| 125 | EVP_PKEY *d2i_AutoPrivateKey(EVP_PKEY **a, unsigned char **pp, | 138 | EVP_PKEY *d2i_AutoPrivateKey(EVP_PKEY **a, const unsigned char **pp, |
| 126 | long length) | 139 | long length) |
| 127 | { | 140 | { |
| 128 | STACK_OF(ASN1_TYPE) *inkey; | 141 | STACK_OF(ASN1_TYPE) *inkey; |
| 129 | unsigned char *p; | 142 | const unsigned char *p; |
| 130 | int keytype; | 143 | int keytype; |
| 131 | p = *pp; | 144 | p = *pp; |
| 132 | /* Dirty trick: read in the ASN1 data into a STACK_OF(ASN1_TYPE): | 145 | /* Dirty trick: read in the ASN1 data into a STACK_OF(ASN1_TYPE): |
| @@ -138,7 +151,10 @@ EVP_PKEY *d2i_AutoPrivateKey(EVP_PKEY **a, unsigned char **pp, | |||
| 138 | /* Since we only need to discern "traditional format" RSA and DSA | 151 | /* Since we only need to discern "traditional format" RSA and DSA |
| 139 | * keys we can just count the elements. | 152 | * keys we can just count the elements. |
| 140 | */ | 153 | */ |
| 141 | if(sk_ASN1_TYPE_num(inkey) == 6) keytype = EVP_PKEY_DSA; | 154 | if(sk_ASN1_TYPE_num(inkey) == 6) |
| 155 | keytype = EVP_PKEY_DSA; | ||
| 156 | else if (sk_ASN1_TYPE_num(inkey) == 4) | ||
| 157 | keytype = EVP_PKEY_EC; | ||
| 142 | else keytype = EVP_PKEY_RSA; | 158 | else keytype = EVP_PKEY_RSA; |
| 143 | sk_ASN1_TYPE_pop_free(inkey, ASN1_TYPE_free); | 159 | sk_ASN1_TYPE_pop_free(inkey, ASN1_TYPE_free); |
| 144 | return d2i_PrivateKey(keytype, a, pp, length); | 160 | return d2i_PrivateKey(keytype, a, pp, length); |
diff --git a/src/lib/libssl/src/crypto/asn1/d2i_pu.c b/src/lib/libssl/src/crypto/asn1/d2i_pu.c index 71f2eb361b..3694f51a8c 100644 --- a/src/lib/libssl/src/crypto/asn1/d2i_pu.c +++ b/src/lib/libssl/src/crypto/asn1/d2i_pu.c | |||
| @@ -68,8 +68,11 @@ | |||
| 68 | #ifndef OPENSSL_NO_DSA | 68 | #ifndef OPENSSL_NO_DSA |
| 69 | #include <openssl/dsa.h> | 69 | #include <openssl/dsa.h> |
| 70 | #endif | 70 | #endif |
| 71 | #ifndef OPENSSL_NO_EC | ||
| 72 | #include <openssl/ec.h> | ||
| 73 | #endif | ||
| 71 | 74 | ||
| 72 | EVP_PKEY *d2i_PublicKey(int type, EVP_PKEY **a, unsigned char **pp, | 75 | EVP_PKEY *d2i_PublicKey(int type, EVP_PKEY **a, const unsigned char **pp, |
| 73 | long length) | 76 | long length) |
| 74 | { | 77 | { |
| 75 | EVP_PKEY *ret; | 78 | EVP_PKEY *ret; |
| @@ -100,14 +103,24 @@ EVP_PKEY *d2i_PublicKey(int type, EVP_PKEY **a, unsigned char **pp, | |||
| 100 | #endif | 103 | #endif |
| 101 | #ifndef OPENSSL_NO_DSA | 104 | #ifndef OPENSSL_NO_DSA |
| 102 | case EVP_PKEY_DSA: | 105 | case EVP_PKEY_DSA: |
| 103 | if ((ret->pkey.dsa=d2i_DSAPublicKey(NULL, | 106 | if (!d2i_DSAPublicKey(&(ret->pkey.dsa), |
| 104 | (const unsigned char **)pp,length)) == NULL) /* TMP UGLY CAST */ | 107 | (const unsigned char **)pp,length)) /* TMP UGLY CAST */ |
| 105 | { | 108 | { |
| 106 | ASN1err(ASN1_F_D2I_PUBLICKEY,ERR_R_ASN1_LIB); | 109 | ASN1err(ASN1_F_D2I_PUBLICKEY,ERR_R_ASN1_LIB); |
| 107 | goto err; | 110 | goto err; |
| 108 | } | 111 | } |
| 109 | break; | 112 | break; |
| 110 | #endif | 113 | #endif |
| 114 | #ifndef OPENSSL_NO_EC | ||
| 115 | case EVP_PKEY_EC: | ||
| 116 | if (!o2i_ECPublicKey(&(ret->pkey.ec), | ||
| 117 | (const unsigned char **)pp, length)) | ||
| 118 | { | ||
| 119 | ASN1err(ASN1_F_D2I_PUBLICKEY, ERR_R_ASN1_LIB); | ||
| 120 | goto err; | ||
| 121 | } | ||
| 122 | break; | ||
| 123 | #endif | ||
| 111 | default: | 124 | default: |
| 112 | ASN1err(ASN1_F_D2I_PUBLICKEY,ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE); | 125 | ASN1err(ASN1_F_D2I_PUBLICKEY,ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE); |
| 113 | goto err; | 126 | goto err; |
diff --git a/src/lib/libssl/src/crypto/asn1/evp_asn1.c b/src/lib/libssl/src/crypto/asn1/evp_asn1.c index f92ce6cb5d..f3d9804860 100644 --- a/src/lib/libssl/src/crypto/asn1/evp_asn1.c +++ b/src/lib/libssl/src/crypto/asn1/evp_asn1.c | |||
| @@ -141,9 +141,9 @@ int ASN1_TYPE_get_int_octetstring(ASN1_TYPE *a, long *num, unsigned char *data, | |||
| 141 | int ret= -1,n; | 141 | int ret= -1,n; |
| 142 | ASN1_INTEGER *ai=NULL; | 142 | ASN1_INTEGER *ai=NULL; |
| 143 | ASN1_OCTET_STRING *os=NULL; | 143 | ASN1_OCTET_STRING *os=NULL; |
| 144 | unsigned char *p; | 144 | const unsigned char *p; |
| 145 | long length; | 145 | long length; |
| 146 | ASN1_CTX c; | 146 | ASN1_const_CTX c; |
| 147 | 147 | ||
| 148 | if ((a->type != V_ASN1_SEQUENCE) || (a->value.sequence == NULL)) | 148 | if ((a->type != V_ASN1_SEQUENCE) || (a->value.sequence == NULL)) |
| 149 | { | 149 | { |
diff --git a/src/lib/libssl/src/crypto/asn1/i2d_pr.c b/src/lib/libssl/src/crypto/asn1/i2d_pr.c index 1e951ae01d..0be52c5b76 100644 --- a/src/lib/libssl/src/crypto/asn1/i2d_pr.c +++ b/src/lib/libssl/src/crypto/asn1/i2d_pr.c | |||
| @@ -67,6 +67,9 @@ | |||
| 67 | #ifndef OPENSSL_NO_DSA | 67 | #ifndef OPENSSL_NO_DSA |
| 68 | #include <openssl/dsa.h> | 68 | #include <openssl/dsa.h> |
| 69 | #endif | 69 | #endif |
| 70 | #ifndef OPENSSL_NO_EC | ||
| 71 | #include <openssl/ec.h> | ||
| 72 | #endif | ||
| 70 | 73 | ||
| 71 | int i2d_PrivateKey(EVP_PKEY *a, unsigned char **pp) | 74 | int i2d_PrivateKey(EVP_PKEY *a, unsigned char **pp) |
| 72 | { | 75 | { |
| @@ -83,6 +86,12 @@ int i2d_PrivateKey(EVP_PKEY *a, unsigned char **pp) | |||
| 83 | return(i2d_DSAPrivateKey(a->pkey.dsa,pp)); | 86 | return(i2d_DSAPrivateKey(a->pkey.dsa,pp)); |
| 84 | } | 87 | } |
| 85 | #endif | 88 | #endif |
| 89 | #ifndef OPENSSL_NO_EC | ||
| 90 | if (a->type == EVP_PKEY_EC) | ||
| 91 | { | ||
| 92 | return(i2d_ECPrivateKey(a->pkey.ec, pp)); | ||
| 93 | } | ||
| 94 | #endif | ||
| 86 | 95 | ||
| 87 | ASN1err(ASN1_F_I2D_PRIVATEKEY,ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE); | 96 | ASN1err(ASN1_F_I2D_PRIVATEKEY,ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE); |
| 88 | return(-1); | 97 | return(-1); |
diff --git a/src/lib/libssl/src/crypto/asn1/i2d_pu.c b/src/lib/libssl/src/crypto/asn1/i2d_pu.c index 013d19bbf4..34286dbd35 100644 --- a/src/lib/libssl/src/crypto/asn1/i2d_pu.c +++ b/src/lib/libssl/src/crypto/asn1/i2d_pu.c | |||
| @@ -67,6 +67,9 @@ | |||
| 67 | #ifndef OPENSSL_NO_DSA | 67 | #ifndef OPENSSL_NO_DSA |
| 68 | #include <openssl/dsa.h> | 68 | #include <openssl/dsa.h> |
| 69 | #endif | 69 | #endif |
| 70 | #ifndef OPENSSL_NO_EC | ||
| 71 | #include <openssl/ec.h> | ||
| 72 | #endif | ||
| 70 | 73 | ||
| 71 | int i2d_PublicKey(EVP_PKEY *a, unsigned char **pp) | 74 | int i2d_PublicKey(EVP_PKEY *a, unsigned char **pp) |
| 72 | { | 75 | { |
| @@ -80,6 +83,10 @@ int i2d_PublicKey(EVP_PKEY *a, unsigned char **pp) | |||
| 80 | case EVP_PKEY_DSA: | 83 | case EVP_PKEY_DSA: |
| 81 | return(i2d_DSAPublicKey(a->pkey.dsa,pp)); | 84 | return(i2d_DSAPublicKey(a->pkey.dsa,pp)); |
| 82 | #endif | 85 | #endif |
| 86 | #ifndef OPENSSL_NO_EC | ||
| 87 | case EVP_PKEY_EC: | ||
| 88 | return(i2o_ECPublicKey(a->pkey.ec, pp)); | ||
| 89 | #endif | ||
| 83 | default: | 90 | default: |
| 84 | ASN1err(ASN1_F_I2D_PUBLICKEY,ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE); | 91 | ASN1err(ASN1_F_I2D_PUBLICKEY,ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE); |
| 85 | return(-1); | 92 | return(-1); |
diff --git a/src/lib/libssl/src/crypto/asn1/n_pkey.c b/src/lib/libssl/src/crypto/asn1/n_pkey.c index 766b51c538..60bc437938 100644 --- a/src/lib/libssl/src/crypto/asn1/n_pkey.c +++ b/src/lib/libssl/src/crypto/asn1/n_pkey.c | |||
| @@ -56,9 +56,9 @@ | |||
| 56 | * [including the GNU Public Licence.] | 56 | * [including the GNU Public Licence.] |
| 57 | */ | 57 | */ |
| 58 | 58 | ||
| 59 | #ifndef OPENSSL_NO_RSA | ||
| 60 | #include <stdio.h> | 59 | #include <stdio.h> |
| 61 | #include "cryptlib.h" | 60 | #include "cryptlib.h" |
| 61 | #ifndef OPENSSL_NO_RSA | ||
| 62 | #include <openssl/rsa.h> | 62 | #include <openssl/rsa.h> |
| 63 | #include <openssl/objects.h> | 63 | #include <openssl/objects.h> |
| 64 | #include <openssl/asn1t.h> | 64 | #include <openssl/asn1t.h> |
| @@ -107,14 +107,20 @@ DECLARE_ASN1_ENCODE_FUNCTIONS_const(NETSCAPE_PKEY,NETSCAPE_PKEY) | |||
| 107 | IMPLEMENT_ASN1_FUNCTIONS_const(NETSCAPE_PKEY) | 107 | IMPLEMENT_ASN1_FUNCTIONS_const(NETSCAPE_PKEY) |
| 108 | 108 | ||
| 109 | static RSA *d2i_RSA_NET_2(RSA **a, ASN1_OCTET_STRING *os, | 109 | static RSA *d2i_RSA_NET_2(RSA **a, ASN1_OCTET_STRING *os, |
| 110 | int (*cb)(), int sgckey); | 110 | int (*cb)(char *buf, int len, const char *prompt, |
| 111 | int verify), | ||
| 112 | int sgckey); | ||
| 111 | 113 | ||
| 112 | int i2d_Netscape_RSA(const RSA *a, unsigned char **pp, int (*cb)()) | 114 | int i2d_Netscape_RSA(const RSA *a, unsigned char **pp, |
| 115 | int (*cb)(char *buf, int len, const char *prompt, | ||
| 116 | int verify)) | ||
| 113 | { | 117 | { |
| 114 | return i2d_RSA_NET(a, pp, cb, 0); | 118 | return i2d_RSA_NET(a, pp, cb, 0); |
| 115 | } | 119 | } |
| 116 | 120 | ||
| 117 | int i2d_RSA_NET(const RSA *a, unsigned char **pp, int (*cb)(), int sgckey) | 121 | int i2d_RSA_NET(const RSA *a, unsigned char **pp, |
| 122 | int (*cb)(char *buf, int len, const char *prompt, int verify), | ||
| 123 | int sgckey) | ||
| 118 | { | 124 | { |
| 119 | int i, j, ret = 0; | 125 | int i, j, ret = 0; |
| 120 | int rsalen, pkeylen, olen; | 126 | int rsalen, pkeylen, olen; |
| @@ -164,7 +170,7 @@ int i2d_RSA_NET(const RSA *a, unsigned char **pp, int (*cb)(), int sgckey) | |||
| 164 | /* Since its RC4 encrypted length is actual length */ | 170 | /* Since its RC4 encrypted length is actual length */ |
| 165 | if ((zz=(unsigned char *)OPENSSL_malloc(rsalen)) == NULL) | 171 | if ((zz=(unsigned char *)OPENSSL_malloc(rsalen)) == NULL) |
| 166 | { | 172 | { |
| 167 | ASN1err(ASN1_F_I2D_NETSCAPE_RSA,ERR_R_MALLOC_FAILURE); | 173 | ASN1err(ASN1_F_I2D_RSA_NET,ERR_R_MALLOC_FAILURE); |
| 168 | goto err; | 174 | goto err; |
| 169 | } | 175 | } |
| 170 | 176 | ||
| @@ -174,13 +180,13 @@ int i2d_RSA_NET(const RSA *a, unsigned char **pp, int (*cb)(), int sgckey) | |||
| 174 | 180 | ||
| 175 | if ((zz=OPENSSL_malloc(pkeylen)) == NULL) | 181 | if ((zz=OPENSSL_malloc(pkeylen)) == NULL) |
| 176 | { | 182 | { |
| 177 | ASN1err(ASN1_F_I2D_NETSCAPE_RSA,ERR_R_MALLOC_FAILURE); | 183 | ASN1err(ASN1_F_I2D_RSA_NET,ERR_R_MALLOC_FAILURE); |
| 178 | goto err; | 184 | goto err; |
| 179 | } | 185 | } |
| 180 | 186 | ||
| 181 | if (!ASN1_STRING_set(enckey->os, "private-key", -1)) | 187 | if (!ASN1_STRING_set(enckey->os, "private-key", -1)) |
| 182 | { | 188 | { |
| 183 | ASN1err(ASN1_F_I2D_NETSCAPE_RSA,ERR_R_MALLOC_FAILURE); | 189 | ASN1err(ASN1_F_I2D_RSA_NET,ERR_R_MALLOC_FAILURE); |
| 184 | goto err; | 190 | goto err; |
| 185 | } | 191 | } |
| 186 | enckey->enckey->digest->data = zz; | 192 | enckey->enckey->digest->data = zz; |
| @@ -191,10 +197,10 @@ int i2d_RSA_NET(const RSA *a, unsigned char **pp, int (*cb)(), int sgckey) | |||
| 191 | 197 | ||
| 192 | if (cb == NULL) | 198 | if (cb == NULL) |
| 193 | cb=EVP_read_pw_string; | 199 | cb=EVP_read_pw_string; |
| 194 | i=cb(buf,256,"Enter Private Key password:",1); | 200 | i=cb((char *)buf,256,"Enter Private Key password:",1); |
| 195 | if (i != 0) | 201 | if (i != 0) |
| 196 | { | 202 | { |
| 197 | ASN1err(ASN1_F_I2D_NETSCAPE_RSA,ASN1_R_BAD_PASSWORD_READ); | 203 | ASN1err(ASN1_F_I2D_RSA_NET,ASN1_R_BAD_PASSWORD_READ); |
| 198 | goto err; | 204 | goto err; |
| 199 | } | 205 | } |
| 200 | i = strlen((char *)buf); | 206 | i = strlen((char *)buf); |
| @@ -224,12 +230,16 @@ err: | |||
| 224 | } | 230 | } |
| 225 | 231 | ||
| 226 | 232 | ||
| 227 | RSA *d2i_Netscape_RSA(RSA **a, const unsigned char **pp, long length, int (*cb)()) | 233 | RSA *d2i_Netscape_RSA(RSA **a, const unsigned char **pp, long length, |
| 234 | int (*cb)(char *buf, int len, const char *prompt, | ||
| 235 | int verify)) | ||
| 228 | { | 236 | { |
| 229 | return d2i_RSA_NET(a, pp, length, cb, 0); | 237 | return d2i_RSA_NET(a, pp, length, cb, 0); |
| 230 | } | 238 | } |
| 231 | 239 | ||
| 232 | RSA *d2i_RSA_NET(RSA **a, const unsigned char **pp, long length, int (*cb)(), int sgckey) | 240 | RSA *d2i_RSA_NET(RSA **a, const unsigned char **pp, long length, |
| 241 | int (*cb)(char *buf, int len, const char *prompt, int verify), | ||
| 242 | int sgckey) | ||
| 233 | { | 243 | { |
| 234 | RSA *ret=NULL; | 244 | RSA *ret=NULL; |
| 235 | const unsigned char *p, *kp; | 245 | const unsigned char *p, *kp; |
| @@ -239,20 +249,20 @@ RSA *d2i_RSA_NET(RSA **a, const unsigned char **pp, long length, int (*cb)(), in | |||
| 239 | 249 | ||
| 240 | enckey = d2i_NETSCAPE_ENCRYPTED_PKEY(NULL, &p, length); | 250 | enckey = d2i_NETSCAPE_ENCRYPTED_PKEY(NULL, &p, length); |
| 241 | if(!enckey) { | 251 | if(!enckey) { |
| 242 | ASN1err(ASN1_F_D2I_NETSCAPE_RSA,ASN1_R_DECODING_ERROR); | 252 | ASN1err(ASN1_F_D2I_RSA_NET,ASN1_R_DECODING_ERROR); |
| 243 | return NULL; | 253 | return NULL; |
| 244 | } | 254 | } |
| 245 | 255 | ||
| 246 | if ((enckey->os->length != 11) || (strncmp("private-key", | 256 | if ((enckey->os->length != 11) || (strncmp("private-key", |
| 247 | (char *)enckey->os->data,11) != 0)) | 257 | (char *)enckey->os->data,11) != 0)) |
| 248 | { | 258 | { |
| 249 | ASN1err(ASN1_F_D2I_NETSCAPE_RSA,ASN1_R_PRIVATE_KEY_HEADER_MISSING); | 259 | ASN1err(ASN1_F_D2I_RSA_NET,ASN1_R_PRIVATE_KEY_HEADER_MISSING); |
| 250 | NETSCAPE_ENCRYPTED_PKEY_free(enckey); | 260 | NETSCAPE_ENCRYPTED_PKEY_free(enckey); |
| 251 | return NULL; | 261 | return NULL; |
| 252 | } | 262 | } |
| 253 | if (OBJ_obj2nid(enckey->enckey->algor->algorithm) != NID_rc4) | 263 | if (OBJ_obj2nid(enckey->enckey->algor->algorithm) != NID_rc4) |
| 254 | { | 264 | { |
| 255 | ASN1err(ASN1_F_D2I_NETSCAPE_RSA_2,ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM); | 265 | ASN1err(ASN1_F_D2I_RSA_NET,ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM); |
| 256 | goto err; | 266 | goto err; |
| 257 | } | 267 | } |
| 258 | kp = enckey->enckey->digest->data; | 268 | kp = enckey->enckey->digest->data; |
| @@ -269,7 +279,8 @@ RSA *d2i_RSA_NET(RSA **a, const unsigned char **pp, long length, int (*cb)(), in | |||
| 269 | } | 279 | } |
| 270 | 280 | ||
| 271 | static RSA *d2i_RSA_NET_2(RSA **a, ASN1_OCTET_STRING *os, | 281 | static RSA *d2i_RSA_NET_2(RSA **a, ASN1_OCTET_STRING *os, |
| 272 | int (*cb)(), int sgckey) | 282 | int (*cb)(char *buf, int len, const char *prompt, |
| 283 | int verify), int sgckey) | ||
| 273 | { | 284 | { |
| 274 | NETSCAPE_PKEY *pkey=NULL; | 285 | NETSCAPE_PKEY *pkey=NULL; |
| 275 | RSA *ret=NULL; | 286 | RSA *ret=NULL; |
| @@ -279,10 +290,10 @@ static RSA *d2i_RSA_NET_2(RSA **a, ASN1_OCTET_STRING *os, | |||
| 279 | unsigned char key[EVP_MAX_KEY_LENGTH]; | 290 | unsigned char key[EVP_MAX_KEY_LENGTH]; |
| 280 | EVP_CIPHER_CTX ctx; | 291 | EVP_CIPHER_CTX ctx; |
| 281 | 292 | ||
| 282 | i=cb(buf,256,"Enter Private Key password:",0); | 293 | i=cb((char *)buf,256,"Enter Private Key password:",0); |
| 283 | if (i != 0) | 294 | if (i != 0) |
| 284 | { | 295 | { |
| 285 | ASN1err(ASN1_F_D2I_NETSCAPE_RSA_2,ASN1_R_BAD_PASSWORD_READ); | 296 | ASN1err(ASN1_F_D2I_RSA_NET_2,ASN1_R_BAD_PASSWORD_READ); |
| 286 | goto err; | 297 | goto err; |
| 287 | } | 298 | } |
| 288 | 299 | ||
| @@ -307,14 +318,14 @@ static RSA *d2i_RSA_NET_2(RSA **a, ASN1_OCTET_STRING *os, | |||
| 307 | 318 | ||
| 308 | if ((pkey=d2i_NETSCAPE_PKEY(NULL,&zz,os->length)) == NULL) | 319 | if ((pkey=d2i_NETSCAPE_PKEY(NULL,&zz,os->length)) == NULL) |
| 309 | { | 320 | { |
| 310 | ASN1err(ASN1_F_D2I_NETSCAPE_RSA_2,ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY); | 321 | ASN1err(ASN1_F_D2I_RSA_NET_2,ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY); |
| 311 | goto err; | 322 | goto err; |
| 312 | } | 323 | } |
| 313 | 324 | ||
| 314 | zz=pkey->private_key->data; | 325 | zz=pkey->private_key->data; |
| 315 | if ((ret=d2i_RSAPrivateKey(a,&zz,pkey->private_key->length)) == NULL) | 326 | if ((ret=d2i_RSAPrivateKey(a,&zz,pkey->private_key->length)) == NULL) |
| 316 | { | 327 | { |
| 317 | ASN1err(ASN1_F_D2I_NETSCAPE_RSA_2,ASN1_R_UNABLE_TO_DECODE_RSA_KEY); | 328 | ASN1err(ASN1_F_D2I_RSA_NET_2,ASN1_R_UNABLE_TO_DECODE_RSA_KEY); |
| 318 | goto err; | 329 | goto err; |
| 319 | } | 330 | } |
| 320 | err: | 331 | err: |
diff --git a/src/lib/libssl/src/crypto/asn1/p5_pbe.c b/src/lib/libssl/src/crypto/asn1/p5_pbe.c index ec788267e0..da91170094 100644 --- a/src/lib/libssl/src/crypto/asn1/p5_pbe.c +++ b/src/lib/libssl/src/crypto/asn1/p5_pbe.c | |||
| @@ -82,17 +82,17 @@ X509_ALGOR *PKCS5_pbe_set(int alg, int iter, unsigned char *salt, | |||
| 82 | ASN1_TYPE *astype=NULL; | 82 | ASN1_TYPE *astype=NULL; |
| 83 | 83 | ||
| 84 | if (!(pbe = PBEPARAM_new ())) { | 84 | if (!(pbe = PBEPARAM_new ())) { |
| 85 | ASN1err(ASN1_F_ASN1_PBE_SET,ERR_R_MALLOC_FAILURE); | 85 | ASN1err(ASN1_F_PKCS5_PBE_SET,ERR_R_MALLOC_FAILURE); |
| 86 | goto err; | 86 | goto err; |
| 87 | } | 87 | } |
| 88 | if(iter <= 0) iter = PKCS5_DEFAULT_ITER; | 88 | if(iter <= 0) iter = PKCS5_DEFAULT_ITER; |
| 89 | if (!ASN1_INTEGER_set(pbe->iter, iter)) { | 89 | if (!ASN1_INTEGER_set(pbe->iter, iter)) { |
| 90 | ASN1err(ASN1_F_ASN1_PBE_SET,ERR_R_MALLOC_FAILURE); | 90 | ASN1err(ASN1_F_PKCS5_PBE_SET,ERR_R_MALLOC_FAILURE); |
| 91 | goto err; | 91 | goto err; |
| 92 | } | 92 | } |
| 93 | if (!saltlen) saltlen = PKCS5_SALT_LEN; | 93 | if (!saltlen) saltlen = PKCS5_SALT_LEN; |
| 94 | if (!(pbe->salt->data = OPENSSL_malloc (saltlen))) { | 94 | if (!(pbe->salt->data = OPENSSL_malloc (saltlen))) { |
| 95 | ASN1err(ASN1_F_ASN1_PBE_SET,ERR_R_MALLOC_FAILURE); | 95 | ASN1err(ASN1_F_PKCS5_PBE_SET,ERR_R_MALLOC_FAILURE); |
| 96 | goto err; | 96 | goto err; |
| 97 | } | 97 | } |
| 98 | pbe->salt->length = saltlen; | 98 | pbe->salt->length = saltlen; |
| @@ -101,13 +101,14 @@ X509_ALGOR *PKCS5_pbe_set(int alg, int iter, unsigned char *salt, | |||
| 101 | goto err; | 101 | goto err; |
| 102 | 102 | ||
| 103 | if (!(astype = ASN1_TYPE_new())) { | 103 | if (!(astype = ASN1_TYPE_new())) { |
| 104 | ASN1err(ASN1_F_ASN1_PBE_SET,ERR_R_MALLOC_FAILURE); | 104 | ASN1err(ASN1_F_PKCS5_PBE_SET,ERR_R_MALLOC_FAILURE); |
| 105 | goto err; | 105 | goto err; |
| 106 | } | 106 | } |
| 107 | 107 | ||
| 108 | astype->type = V_ASN1_SEQUENCE; | 108 | astype->type = V_ASN1_SEQUENCE; |
| 109 | if(!ASN1_pack_string(pbe, i2d_PBEPARAM, &astype->value.sequence)) { | 109 | if(!ASN1_pack_string_of(PBEPARAM, pbe, i2d_PBEPARAM, |
| 110 | ASN1err(ASN1_F_ASN1_PBE_SET,ERR_R_MALLOC_FAILURE); | 110 | &astype->value.sequence)) { |
| 111 | ASN1err(ASN1_F_PKCS5_PBE_SET,ERR_R_MALLOC_FAILURE); | ||
| 111 | goto err; | 112 | goto err; |
| 112 | } | 113 | } |
| 113 | PBEPARAM_free (pbe); | 114 | PBEPARAM_free (pbe); |
| @@ -115,7 +116,7 @@ X509_ALGOR *PKCS5_pbe_set(int alg, int iter, unsigned char *salt, | |||
| 115 | 116 | ||
| 116 | al = OBJ_nid2obj(alg); /* never need to free al */ | 117 | al = OBJ_nid2obj(alg); /* never need to free al */ |
| 117 | if (!(algor = X509_ALGOR_new())) { | 118 | if (!(algor = X509_ALGOR_new())) { |
| 118 | ASN1err(ASN1_F_ASN1_PBE_SET,ERR_R_MALLOC_FAILURE); | 119 | ASN1err(ASN1_F_PKCS5_PBE_SET,ERR_R_MALLOC_FAILURE); |
| 119 | goto err; | 120 | goto err; |
| 120 | } | 121 | } |
| 121 | ASN1_OBJECT_free(algor->algorithm); | 122 | ASN1_OBJECT_free(algor->algorithm); |
diff --git a/src/lib/libssl/src/crypto/asn1/p5_pbev2.c b/src/lib/libssl/src/crypto/asn1/p5_pbev2.c index e0dc0ec4ee..c834a38ddf 100644 --- a/src/lib/libssl/src/crypto/asn1/p5_pbev2.c +++ b/src/lib/libssl/src/crypto/asn1/p5_pbev2.c | |||
| @@ -115,7 +115,7 @@ X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter, | |||
| 115 | /* Create random IV */ | 115 | /* Create random IV */ |
| 116 | if (EVP_CIPHER_iv_length(cipher) && | 116 | if (EVP_CIPHER_iv_length(cipher) && |
| 117 | RAND_pseudo_bytes(iv, EVP_CIPHER_iv_length(cipher)) < 0) | 117 | RAND_pseudo_bytes(iv, EVP_CIPHER_iv_length(cipher)) < 0) |
| 118 | goto err; | 118 | goto err; |
| 119 | 119 | ||
| 120 | EVP_CIPHER_CTX_init(&ctx); | 120 | EVP_CIPHER_CTX_init(&ctx); |
| 121 | 121 | ||
| @@ -164,7 +164,7 @@ X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter, | |||
| 164 | 164 | ||
| 165 | if(!(pbe2->keyfunc->parameter = ASN1_TYPE_new())) goto merr; | 165 | if(!(pbe2->keyfunc->parameter = ASN1_TYPE_new())) goto merr; |
| 166 | 166 | ||
| 167 | if(!ASN1_pack_string(kdf, i2d_PBKDF2PARAM, | 167 | if(!ASN1_pack_string_of(PBKDF2PARAM, kdf, i2d_PBKDF2PARAM, |
| 168 | &pbe2->keyfunc->parameter->value.sequence)) goto merr; | 168 | &pbe2->keyfunc->parameter->value.sequence)) goto merr; |
| 169 | pbe2->keyfunc->parameter->type = V_ASN1_SEQUENCE; | 169 | pbe2->keyfunc->parameter->type = V_ASN1_SEQUENCE; |
| 170 | 170 | ||
| @@ -180,7 +180,7 @@ X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter, | |||
| 180 | 180 | ||
| 181 | /* Encode PBE2PARAM into parameter */ | 181 | /* Encode PBE2PARAM into parameter */ |
| 182 | 182 | ||
| 183 | if(!ASN1_pack_string(pbe2, i2d_PBE2PARAM, | 183 | if(!ASN1_pack_string_of(PBE2PARAM, pbe2, i2d_PBE2PARAM, |
| 184 | &ret->parameter->value.sequence)) goto merr; | 184 | &ret->parameter->value.sequence)) goto merr; |
| 185 | ret->parameter->type = V_ASN1_SEQUENCE; | 185 | ret->parameter->type = V_ASN1_SEQUENCE; |
| 186 | 186 | ||
diff --git a/src/lib/libssl/src/crypto/asn1/t_crl.c b/src/lib/libssl/src/crypto/asn1/t_crl.c index 757c148df8..929b3e5904 100644 --- a/src/lib/libssl/src/crypto/asn1/t_crl.c +++ b/src/lib/libssl/src/crypto/asn1/t_crl.c | |||
| @@ -72,7 +72,7 @@ int X509_CRL_print_fp(FILE *fp, X509_CRL *x) | |||
| 72 | 72 | ||
| 73 | if ((b=BIO_new(BIO_s_file())) == NULL) | 73 | if ((b=BIO_new(BIO_s_file())) == NULL) |
| 74 | { | 74 | { |
| 75 | X509err(X509_F_X509_PRINT_FP,ERR_R_BUF_LIB); | 75 | X509err(X509_F_X509_CRL_PRINT_FP,ERR_R_BUF_LIB); |
| 76 | return(0); | 76 | return(0); |
| 77 | } | 77 | } |
| 78 | BIO_set_fp(b,fp,BIO_NOCLOSE); | 78 | BIO_set_fp(b,fp,BIO_NOCLOSE); |
| @@ -121,7 +121,7 @@ int X509_CRL_print(BIO *out, X509_CRL *x) | |||
| 121 | r = sk_X509_REVOKED_value(rev, i); | 121 | r = sk_X509_REVOKED_value(rev, i); |
| 122 | BIO_printf(out," Serial Number: "); | 122 | BIO_printf(out," Serial Number: "); |
| 123 | i2a_ASN1_INTEGER(out,r->serialNumber); | 123 | i2a_ASN1_INTEGER(out,r->serialNumber); |
| 124 | BIO_printf(out,"\n Revocation Date: ",""); | 124 | BIO_printf(out,"\n Revocation Date: "); |
| 125 | ASN1_TIME_print(out,r->revocationDate); | 125 | ASN1_TIME_print(out,r->revocationDate); |
| 126 | BIO_printf(out,"\n"); | 126 | BIO_printf(out,"\n"); |
| 127 | X509V3_extensions_print(out, "CRL entry extensions", | 127 | X509V3_extensions_print(out, "CRL entry extensions", |
diff --git a/src/lib/libssl/src/crypto/asn1/t_pkey.c b/src/lib/libssl/src/crypto/asn1/t_pkey.c index d15006e654..afb95d6712 100644 --- a/src/lib/libssl/src/crypto/asn1/t_pkey.c +++ b/src/lib/libssl/src/crypto/asn1/t_pkey.c | |||
| @@ -55,9 +55,15 @@ | |||
| 55 | * copied and put under another distribution licence | 55 | * copied and put under another distribution licence |
| 56 | * [including the GNU Public Licence.] | 56 | * [including the GNU Public Licence.] |
| 57 | */ | 57 | */ |
| 58 | /* ==================================================================== | ||
| 59 | * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. | ||
| 60 | * Binary polynomial ECC support in OpenSSL originally developed by | ||
| 61 | * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. | ||
| 62 | */ | ||
| 58 | 63 | ||
| 59 | #include <stdio.h> | 64 | #include <stdio.h> |
| 60 | #include "cryptlib.h" | 65 | #include "cryptlib.h" |
| 66 | #include <openssl/objects.h> | ||
| 61 | #include <openssl/buffer.h> | 67 | #include <openssl/buffer.h> |
| 62 | #include <openssl/bn.h> | 68 | #include <openssl/bn.h> |
| 63 | #ifndef OPENSSL_NO_RSA | 69 | #ifndef OPENSSL_NO_RSA |
| @@ -69,26 +75,33 @@ | |||
| 69 | #ifndef OPENSSL_NO_DSA | 75 | #ifndef OPENSSL_NO_DSA |
| 70 | #include <openssl/dsa.h> | 76 | #include <openssl/dsa.h> |
| 71 | #endif | 77 | #endif |
| 78 | #ifndef OPENSSL_NO_EC | ||
| 79 | #include <openssl/ec.h> | ||
| 80 | #endif | ||
| 72 | 81 | ||
| 73 | static int print(BIO *fp,const char *str,BIGNUM *num, | 82 | static int print(BIO *fp,const char *str, const BIGNUM *num, |
| 74 | unsigned char *buf,int off); | 83 | unsigned char *buf,int off); |
| 84 | #ifndef OPENSSL_NO_EC | ||
| 85 | static int print_bin(BIO *fp, const char *str, const unsigned char *num, | ||
| 86 | size_t len, int off); | ||
| 87 | #endif | ||
| 75 | #ifndef OPENSSL_NO_RSA | 88 | #ifndef OPENSSL_NO_RSA |
| 76 | #ifndef OPENSSL_NO_FP_API | 89 | #ifndef OPENSSL_NO_FP_API |
| 77 | int RSA_print_fp(FILE *fp, const RSA *x, int off) | 90 | int RSA_print_fp(FILE *fp, const RSA *x, int off) |
| 78 | { | 91 | { |
| 79 | BIO *b; | 92 | BIO *b; |
| 80 | int ret; | 93 | int ret; |
| 81 | 94 | ||
| 82 | if ((b=BIO_new(BIO_s_file())) == NULL) | 95 | if ((b=BIO_new(BIO_s_file())) == NULL) |
| 83 | { | 96 | { |
| 84 | RSAerr(RSA_F_RSA_PRINT_FP,ERR_R_BUF_LIB); | 97 | RSAerr(RSA_F_RSA_PRINT_FP,ERR_R_BUF_LIB); |
| 85 | return(0); | 98 | return(0); |
| 86 | } | 99 | } |
| 87 | BIO_set_fp(b,fp,BIO_NOCLOSE); | 100 | BIO_set_fp(b,fp,BIO_NOCLOSE); |
| 88 | ret=RSA_print(b,x,off); | 101 | ret=RSA_print(b,x,off); |
| 89 | BIO_free(b); | 102 | BIO_free(b); |
| 90 | return(ret); | 103 | return(ret); |
| 91 | } | 104 | } |
| 92 | #endif | 105 | #endif |
| 93 | 106 | ||
| 94 | int RSA_print(BIO *bp, const RSA *x, int off) | 107 | int RSA_print(BIO *bp, const RSA *x, int off) |
| @@ -96,7 +109,7 @@ int RSA_print(BIO *bp, const RSA *x, int off) | |||
| 96 | char str[128]; | 109 | char str[128]; |
| 97 | const char *s; | 110 | const char *s; |
| 98 | unsigned char *m=NULL; | 111 | unsigned char *m=NULL; |
| 99 | int ret=0; | 112 | int ret=0, mod_len = 0; |
| 100 | size_t buf_len=0, i; | 113 | size_t buf_len=0, i; |
| 101 | 114 | ||
| 102 | if (x->n) | 115 | if (x->n) |
| @@ -130,27 +143,37 @@ int RSA_print(BIO *bp, const RSA *x, int off) | |||
| 130 | goto err; | 143 | goto err; |
| 131 | } | 144 | } |
| 132 | 145 | ||
| 146 | if (x->n != NULL) | ||
| 147 | mod_len = BN_num_bits(x->n); | ||
| 148 | |||
| 133 | if (x->d != NULL) | 149 | if (x->d != NULL) |
| 134 | { | 150 | { |
| 135 | if(!BIO_indent(bp,off,128)) | 151 | if(!BIO_indent(bp,off,128)) |
| 136 | goto err; | 152 | goto err; |
| 137 | if (BIO_printf(bp,"Private-Key: (%d bit)\n",BN_num_bits(x->n)) | 153 | if (BIO_printf(bp,"Private-Key: (%d bit)\n", mod_len) |
| 138 | <= 0) goto err; | 154 | <= 0) goto err; |
| 139 | } | 155 | } |
| 140 | 156 | ||
| 141 | if (x->d == NULL) | 157 | if (x->d == NULL) |
| 142 | BIO_snprintf(str,sizeof str,"Modulus (%d bit):",BN_num_bits(x->n)); | 158 | BIO_snprintf(str,sizeof str,"Modulus (%d bit):", mod_len); |
| 143 | else | 159 | else |
| 144 | BUF_strlcpy(str,"modulus:",sizeof str); | 160 | BUF_strlcpy(str,"modulus:",sizeof str); |
| 145 | if (!print(bp,str,x->n,m,off)) goto err; | 161 | if (!print(bp,str,x->n,m,off)) goto err; |
| 146 | s=(x->d == NULL)?"Exponent:":"publicExponent:"; | 162 | s=(x->d == NULL)?"Exponent:":"publicExponent:"; |
| 147 | if (!print(bp,s,x->e,m,off)) goto err; | 163 | if ((x->e != NULL) && !print(bp,s,x->e,m,off)) |
| 148 | if (!print(bp,"privateExponent:",x->d,m,off)) goto err; | 164 | goto err; |
| 149 | if (!print(bp,"prime1:",x->p,m,off)) goto err; | 165 | if ((x->d != NULL) && !print(bp,"privateExponent:",x->d,m,off)) |
| 150 | if (!print(bp,"prime2:",x->q,m,off)) goto err; | 166 | goto err; |
| 151 | if (!print(bp,"exponent1:",x->dmp1,m,off)) goto err; | 167 | if ((x->p != NULL) && !print(bp,"prime1:",x->p,m,off)) |
| 152 | if (!print(bp,"exponent2:",x->dmq1,m,off)) goto err; | 168 | goto err; |
| 153 | if (!print(bp,"coefficient:",x->iqmp,m,off)) goto err; | 169 | if ((x->q != NULL) && !print(bp,"prime2:",x->q,m,off)) |
| 170 | goto err; | ||
| 171 | if ((x->dmp1 != NULL) && !print(bp,"exponent1:",x->dmp1,m,off)) | ||
| 172 | goto err; | ||
| 173 | if ((x->dmq1 != NULL) && !print(bp,"exponent2:",x->dmq1,m,off)) | ||
| 174 | goto err; | ||
| 175 | if ((x->iqmp != NULL) && !print(bp,"coefficient:",x->iqmp,m,off)) | ||
| 176 | goto err; | ||
| 154 | ret=1; | 177 | ret=1; |
| 155 | err: | 178 | err: |
| 156 | if (m != NULL) OPENSSL_free(m); | 179 | if (m != NULL) OPENSSL_free(m); |
| @@ -185,6 +208,11 @@ int DSA_print(BIO *bp, const DSA *x, int off) | |||
| 185 | 208 | ||
| 186 | if (x->p) | 209 | if (x->p) |
| 187 | buf_len = (size_t)BN_num_bytes(x->p); | 210 | buf_len = (size_t)BN_num_bytes(x->p); |
| 211 | else | ||
| 212 | { | ||
| 213 | DSAerr(DSA_F_DSA_PRINT,DSA_R_MISSING_PARAMETERS); | ||
| 214 | goto err; | ||
| 215 | } | ||
| 188 | if (x->q) | 216 | if (x->q) |
| 189 | if (buf_len < (i = (size_t)BN_num_bytes(x->q))) | 217 | if (buf_len < (i = (size_t)BN_num_bytes(x->q))) |
| 190 | buf_len = i; | 218 | buf_len = i; |
| @@ -227,16 +255,334 @@ err: | |||
| 227 | } | 255 | } |
| 228 | #endif /* !OPENSSL_NO_DSA */ | 256 | #endif /* !OPENSSL_NO_DSA */ |
| 229 | 257 | ||
| 230 | static int print(BIO *bp, const char *number, BIGNUM *num, unsigned char *buf, | 258 | #ifndef OPENSSL_NO_EC |
| 259 | #ifndef OPENSSL_NO_FP_API | ||
| 260 | int ECPKParameters_print_fp(FILE *fp, const EC_GROUP *x, int off) | ||
| 261 | { | ||
| 262 | BIO *b; | ||
| 263 | int ret; | ||
| 264 | |||
| 265 | if ((b=BIO_new(BIO_s_file())) == NULL) | ||
| 266 | { | ||
| 267 | ECerr(EC_F_ECPKPARAMETERS_PRINT_FP,ERR_R_BUF_LIB); | ||
| 268 | return(0); | ||
| 269 | } | ||
| 270 | BIO_set_fp(b, fp, BIO_NOCLOSE); | ||
| 271 | ret = ECPKParameters_print(b, x, off); | ||
| 272 | BIO_free(b); | ||
| 273 | return(ret); | ||
| 274 | } | ||
| 275 | |||
| 276 | int EC_KEY_print_fp(FILE *fp, const EC_KEY *x, int off) | ||
| 277 | { | ||
| 278 | BIO *b; | ||
| 279 | int ret; | ||
| 280 | |||
| 281 | if ((b=BIO_new(BIO_s_file())) == NULL) | ||
| 282 | { | ||
| 283 | ECerr(EC_F_EC_KEY_PRINT_FP, ERR_R_BIO_LIB); | ||
| 284 | return(0); | ||
| 285 | } | ||
| 286 | BIO_set_fp(b, fp, BIO_NOCLOSE); | ||
| 287 | ret = EC_KEY_print(b, x, off); | ||
| 288 | BIO_free(b); | ||
| 289 | return(ret); | ||
| 290 | } | ||
| 291 | #endif | ||
| 292 | |||
| 293 | int ECPKParameters_print(BIO *bp, const EC_GROUP *x, int off) | ||
| 294 | { | ||
| 295 | unsigned char *buffer=NULL; | ||
| 296 | size_t buf_len=0, i; | ||
| 297 | int ret=0, reason=ERR_R_BIO_LIB; | ||
| 298 | BN_CTX *ctx=NULL; | ||
| 299 | const EC_POINT *point=NULL; | ||
| 300 | BIGNUM *p=NULL, *a=NULL, *b=NULL, *gen=NULL, | ||
| 301 | *order=NULL, *cofactor=NULL; | ||
| 302 | const unsigned char *seed; | ||
| 303 | size_t seed_len=0; | ||
| 304 | |||
| 305 | static const char *gen_compressed = "Generator (compressed):"; | ||
| 306 | static const char *gen_uncompressed = "Generator (uncompressed):"; | ||
| 307 | static const char *gen_hybrid = "Generator (hybrid):"; | ||
| 308 | |||
| 309 | if (!x) | ||
| 310 | { | ||
| 311 | reason = ERR_R_PASSED_NULL_PARAMETER; | ||
| 312 | goto err; | ||
| 313 | } | ||
| 314 | |||
| 315 | if (EC_GROUP_get_asn1_flag(x)) | ||
| 316 | { | ||
| 317 | /* the curve parameter are given by an asn1 OID */ | ||
| 318 | int nid; | ||
| 319 | |||
| 320 | if (!BIO_indent(bp, off, 128)) | ||
| 321 | goto err; | ||
| 322 | |||
| 323 | nid = EC_GROUP_get_curve_name(x); | ||
| 324 | if (nid == 0) | ||
| 325 | goto err; | ||
| 326 | |||
| 327 | if (BIO_printf(bp, "ASN1 OID: %s", OBJ_nid2sn(nid)) <= 0) | ||
| 328 | goto err; | ||
| 329 | if (BIO_printf(bp, "\n") <= 0) | ||
| 330 | goto err; | ||
| 331 | } | ||
| 332 | else | ||
| 333 | { | ||
| 334 | /* explicit parameters */ | ||
| 335 | int is_char_two = 0; | ||
| 336 | point_conversion_form_t form; | ||
| 337 | int tmp_nid = EC_METHOD_get_field_type(EC_GROUP_method_of(x)); | ||
| 338 | |||
| 339 | if (tmp_nid == NID_X9_62_characteristic_two_field) | ||
| 340 | is_char_two = 1; | ||
| 341 | |||
| 342 | if ((p = BN_new()) == NULL || (a = BN_new()) == NULL || | ||
| 343 | (b = BN_new()) == NULL || (order = BN_new()) == NULL || | ||
| 344 | (cofactor = BN_new()) == NULL) | ||
| 345 | { | ||
| 346 | reason = ERR_R_MALLOC_FAILURE; | ||
| 347 | goto err; | ||
| 348 | } | ||
| 349 | |||
| 350 | if (is_char_two) | ||
| 351 | { | ||
| 352 | if (!EC_GROUP_get_curve_GF2m(x, p, a, b, ctx)) | ||
| 353 | { | ||
| 354 | reason = ERR_R_EC_LIB; | ||
| 355 | goto err; | ||
| 356 | } | ||
| 357 | } | ||
| 358 | else /* prime field */ | ||
| 359 | { | ||
| 360 | if (!EC_GROUP_get_curve_GFp(x, p, a, b, ctx)) | ||
| 361 | { | ||
| 362 | reason = ERR_R_EC_LIB; | ||
| 363 | goto err; | ||
| 364 | } | ||
| 365 | } | ||
| 366 | |||
| 367 | if ((point = EC_GROUP_get0_generator(x)) == NULL) | ||
| 368 | { | ||
| 369 | reason = ERR_R_EC_LIB; | ||
| 370 | goto err; | ||
| 371 | } | ||
| 372 | if (!EC_GROUP_get_order(x, order, NULL) || | ||
| 373 | !EC_GROUP_get_cofactor(x, cofactor, NULL)) | ||
| 374 | { | ||
| 375 | reason = ERR_R_EC_LIB; | ||
| 376 | goto err; | ||
| 377 | } | ||
| 378 | |||
| 379 | form = EC_GROUP_get_point_conversion_form(x); | ||
| 380 | |||
| 381 | if ((gen = EC_POINT_point2bn(x, point, | ||
| 382 | form, NULL, ctx)) == NULL) | ||
| 383 | { | ||
| 384 | reason = ERR_R_EC_LIB; | ||
| 385 | goto err; | ||
| 386 | } | ||
| 387 | |||
| 388 | buf_len = (size_t)BN_num_bytes(p); | ||
| 389 | if (buf_len < (i = (size_t)BN_num_bytes(a))) | ||
| 390 | buf_len = i; | ||
| 391 | if (buf_len < (i = (size_t)BN_num_bytes(b))) | ||
| 392 | buf_len = i; | ||
| 393 | if (buf_len < (i = (size_t)BN_num_bytes(gen))) | ||
| 394 | buf_len = i; | ||
| 395 | if (buf_len < (i = (size_t)BN_num_bytes(order))) | ||
| 396 | buf_len = i; | ||
| 397 | if (buf_len < (i = (size_t)BN_num_bytes(cofactor))) | ||
| 398 | buf_len = i; | ||
| 399 | |||
| 400 | if ((seed = EC_GROUP_get0_seed(x)) != NULL) | ||
| 401 | seed_len = EC_GROUP_get_seed_len(x); | ||
| 402 | |||
| 403 | buf_len += 10; | ||
| 404 | if ((buffer = OPENSSL_malloc(buf_len)) == NULL) | ||
| 405 | { | ||
| 406 | reason = ERR_R_MALLOC_FAILURE; | ||
| 407 | goto err; | ||
| 408 | } | ||
| 409 | |||
| 410 | if (!BIO_indent(bp, off, 128)) | ||
| 411 | goto err; | ||
| 412 | |||
| 413 | /* print the 'short name' of the field type */ | ||
| 414 | if (BIO_printf(bp, "Field Type: %s\n", OBJ_nid2sn(tmp_nid)) | ||
| 415 | <= 0) | ||
| 416 | goto err; | ||
| 417 | |||
| 418 | if (is_char_two) | ||
| 419 | { | ||
| 420 | /* print the 'short name' of the base type OID */ | ||
| 421 | int basis_type = EC_GROUP_get_basis_type(x); | ||
| 422 | if (basis_type == 0) | ||
| 423 | goto err; | ||
| 424 | |||
| 425 | if (!BIO_indent(bp, off, 128)) | ||
| 426 | goto err; | ||
| 427 | |||
| 428 | if (BIO_printf(bp, "Basis Type: %s\n", | ||
| 429 | OBJ_nid2sn(basis_type)) <= 0) | ||
| 430 | goto err; | ||
| 431 | |||
| 432 | /* print the polynomial */ | ||
| 433 | if ((p != NULL) && !print(bp, "Polynomial:", p, buffer, | ||
| 434 | off)) | ||
| 435 | goto err; | ||
| 436 | } | ||
| 437 | else | ||
| 438 | { | ||
| 439 | if ((p != NULL) && !print(bp, "Prime:", p, buffer,off)) | ||
| 440 | goto err; | ||
| 441 | } | ||
| 442 | if ((a != NULL) && !print(bp, "A: ", a, buffer, off)) | ||
| 443 | goto err; | ||
| 444 | if ((b != NULL) && !print(bp, "B: ", b, buffer, off)) | ||
| 445 | goto err; | ||
| 446 | if (form == POINT_CONVERSION_COMPRESSED) | ||
| 447 | { | ||
| 448 | if ((gen != NULL) && !print(bp, gen_compressed, gen, | ||
| 449 | buffer, off)) | ||
| 450 | goto err; | ||
| 451 | } | ||
| 452 | else if (form == POINT_CONVERSION_UNCOMPRESSED) | ||
| 453 | { | ||
| 454 | if ((gen != NULL) && !print(bp, gen_uncompressed, gen, | ||
| 455 | buffer, off)) | ||
| 456 | goto err; | ||
| 457 | } | ||
| 458 | else /* form == POINT_CONVERSION_HYBRID */ | ||
| 459 | { | ||
| 460 | if ((gen != NULL) && !print(bp, gen_hybrid, gen, | ||
| 461 | buffer, off)) | ||
| 462 | goto err; | ||
| 463 | } | ||
| 464 | if ((order != NULL) && !print(bp, "Order: ", order, | ||
| 465 | buffer, off)) goto err; | ||
| 466 | if ((cofactor != NULL) && !print(bp, "Cofactor: ", cofactor, | ||
| 467 | buffer, off)) goto err; | ||
| 468 | if (seed && !print_bin(bp, "Seed:", seed, seed_len, off)) | ||
| 469 | goto err; | ||
| 470 | } | ||
| 471 | ret=1; | ||
| 472 | err: | ||
| 473 | if (!ret) | ||
| 474 | ECerr(EC_F_ECPKPARAMETERS_PRINT, reason); | ||
| 475 | if (p) | ||
| 476 | BN_free(p); | ||
| 477 | if (a) | ||
| 478 | BN_free(a); | ||
| 479 | if (b) | ||
| 480 | BN_free(b); | ||
| 481 | if (gen) | ||
| 482 | BN_free(gen); | ||
| 483 | if (order) | ||
| 484 | BN_free(order); | ||
| 485 | if (cofactor) | ||
| 486 | BN_free(cofactor); | ||
| 487 | if (ctx) | ||
| 488 | BN_CTX_free(ctx); | ||
| 489 | if (buffer != NULL) | ||
| 490 | OPENSSL_free(buffer); | ||
| 491 | return(ret); | ||
| 492 | } | ||
| 493 | |||
| 494 | int EC_KEY_print(BIO *bp, const EC_KEY *x, int off) | ||
| 495 | { | ||
| 496 | unsigned char *buffer=NULL; | ||
| 497 | size_t buf_len=0, i; | ||
| 498 | int ret=0, reason=ERR_R_BIO_LIB; | ||
| 499 | BIGNUM *pub_key=NULL, *order=NULL; | ||
| 500 | BN_CTX *ctx=NULL; | ||
| 501 | const EC_GROUP *group; | ||
| 502 | const EC_POINT *public_key; | ||
| 503 | const BIGNUM *priv_key; | ||
| 504 | |||
| 505 | if (x == NULL || (group = EC_KEY_get0_group(x)) == NULL) | ||
| 506 | { | ||
| 507 | reason = ERR_R_PASSED_NULL_PARAMETER; | ||
| 508 | goto err; | ||
| 509 | } | ||
| 510 | |||
| 511 | public_key = EC_KEY_get0_public_key(x); | ||
| 512 | if ((pub_key = EC_POINT_point2bn(group, public_key, | ||
| 513 | EC_KEY_get_conv_form(x), NULL, ctx)) == NULL) | ||
| 514 | { | ||
| 515 | reason = ERR_R_EC_LIB; | ||
| 516 | goto err; | ||
| 517 | } | ||
| 518 | |||
| 519 | buf_len = (size_t)BN_num_bytes(pub_key); | ||
| 520 | priv_key = EC_KEY_get0_private_key(x); | ||
| 521 | if (priv_key != NULL) | ||
| 522 | { | ||
| 523 | if ((i = (size_t)BN_num_bytes(priv_key)) > buf_len) | ||
| 524 | buf_len = i; | ||
| 525 | } | ||
| 526 | |||
| 527 | buf_len += 10; | ||
| 528 | if ((buffer = OPENSSL_malloc(buf_len)) == NULL) | ||
| 529 | { | ||
| 530 | reason = ERR_R_MALLOC_FAILURE; | ||
| 531 | goto err; | ||
| 532 | } | ||
| 533 | |||
| 534 | if (priv_key != NULL) | ||
| 535 | { | ||
| 536 | if (!BIO_indent(bp, off, 128)) | ||
| 537 | goto err; | ||
| 538 | if ((order = BN_new()) == NULL) | ||
| 539 | goto err; | ||
| 540 | if (!EC_GROUP_get_order(group, order, NULL)) | ||
| 541 | goto err; | ||
| 542 | if (BIO_printf(bp, "Private-Key: (%d bit)\n", | ||
| 543 | BN_num_bits(order)) <= 0) goto err; | ||
| 544 | } | ||
| 545 | |||
| 546 | if ((priv_key != NULL) && !print(bp, "priv:", priv_key, | ||
| 547 | buffer, off)) | ||
| 548 | goto err; | ||
| 549 | if ((pub_key != NULL) && !print(bp, "pub: ", pub_key, | ||
| 550 | buffer, off)) | ||
| 551 | goto err; | ||
| 552 | if (!ECPKParameters_print(bp, group, off)) | ||
| 553 | goto err; | ||
| 554 | ret=1; | ||
| 555 | err: | ||
| 556 | if (!ret) | ||
| 557 | ECerr(EC_F_EC_KEY_PRINT, reason); | ||
| 558 | if (pub_key) | ||
| 559 | BN_free(pub_key); | ||
| 560 | if (order) | ||
| 561 | BN_free(order); | ||
| 562 | if (ctx) | ||
| 563 | BN_CTX_free(ctx); | ||
| 564 | if (buffer != NULL) | ||
| 565 | OPENSSL_free(buffer); | ||
| 566 | return(ret); | ||
| 567 | } | ||
| 568 | #endif /* OPENSSL_NO_EC */ | ||
| 569 | |||
| 570 | static int print(BIO *bp, const char *number, const BIGNUM *num, unsigned char *buf, | ||
| 231 | int off) | 571 | int off) |
| 232 | { | 572 | { |
| 233 | int n,i; | 573 | int n,i; |
| 234 | const char *neg; | 574 | const char *neg; |
| 235 | 575 | ||
| 236 | if (num == NULL) return(1); | 576 | if (num == NULL) return(1); |
| 237 | neg=(num->neg)?"-":""; | 577 | neg = (BN_is_negative(num))?"-":""; |
| 238 | if(!BIO_indent(bp,off,128)) | 578 | if(!BIO_indent(bp,off,128)) |
| 239 | return 0; | 579 | return 0; |
| 580 | if (BN_is_zero(num)) | ||
| 581 | { | ||
| 582 | if (BIO_printf(bp, "%s 0\n", number) <= 0) | ||
| 583 | return 0; | ||
| 584 | return 1; | ||
| 585 | } | ||
| 240 | 586 | ||
| 241 | if (BN_num_bytes(num) <= BN_BYTES) | 587 | if (BN_num_bytes(num) <= BN_BYTES) |
| 242 | { | 588 | { |
| @@ -272,23 +618,63 @@ static int print(BIO *bp, const char *number, BIGNUM *num, unsigned char *buf, | |||
| 272 | return(1); | 618 | return(1); |
| 273 | } | 619 | } |
| 274 | 620 | ||
| 621 | #ifndef OPENSSL_NO_EC | ||
| 622 | static int print_bin(BIO *fp, const char *name, const unsigned char *buf, | ||
| 623 | size_t len, int off) | ||
| 624 | { | ||
| 625 | size_t i; | ||
| 626 | char str[128]; | ||
| 627 | |||
| 628 | if (buf == NULL) | ||
| 629 | return 1; | ||
| 630 | if (off) | ||
| 631 | { | ||
| 632 | if (off > 128) | ||
| 633 | off=128; | ||
| 634 | memset(str,' ',off); | ||
| 635 | if (BIO_write(fp, str, off) <= 0) | ||
| 636 | return 0; | ||
| 637 | } | ||
| 638 | |||
| 639 | if (BIO_printf(fp,"%s", name) <= 0) | ||
| 640 | return 0; | ||
| 641 | |||
| 642 | for (i=0; i<len; i++) | ||
| 643 | { | ||
| 644 | if ((i%15) == 0) | ||
| 645 | { | ||
| 646 | str[0]='\n'; | ||
| 647 | memset(&(str[1]),' ',off+4); | ||
| 648 | if (BIO_write(fp, str, off+1+4) <= 0) | ||
| 649 | return 0; | ||
| 650 | } | ||
| 651 | if (BIO_printf(fp,"%02x%s",buf[i],((i+1) == len)?"":":") <= 0) | ||
| 652 | return 0; | ||
| 653 | } | ||
| 654 | if (BIO_write(fp,"\n",1) <= 0) | ||
| 655 | return 0; | ||
| 656 | |||
| 657 | return 1; | ||
| 658 | } | ||
| 659 | #endif | ||
| 660 | |||
| 275 | #ifndef OPENSSL_NO_DH | 661 | #ifndef OPENSSL_NO_DH |
| 276 | #ifndef OPENSSL_NO_FP_API | 662 | #ifndef OPENSSL_NO_FP_API |
| 277 | int DHparams_print_fp(FILE *fp, const DH *x) | 663 | int DHparams_print_fp(FILE *fp, const DH *x) |
| 278 | { | 664 | { |
| 279 | BIO *b; | 665 | BIO *b; |
| 280 | int ret; | 666 | int ret; |
| 281 | 667 | ||
| 282 | if ((b=BIO_new(BIO_s_file())) == NULL) | 668 | if ((b=BIO_new(BIO_s_file())) == NULL) |
| 283 | { | 669 | { |
| 284 | DHerr(DH_F_DHPARAMS_PRINT_FP,ERR_R_BUF_LIB); | 670 | DHerr(DH_F_DHPARAMS_PRINT_FP,ERR_R_BUF_LIB); |
| 285 | return(0); | 671 | return(0); |
| 286 | } | 672 | } |
| 287 | BIO_set_fp(b,fp,BIO_NOCLOSE); | 673 | BIO_set_fp(b,fp,BIO_NOCLOSE); |
| 288 | ret=DHparams_print(b, x); | 674 | ret=DHparams_print(b, x); |
| 289 | BIO_free(b); | 675 | BIO_free(b); |
| 290 | return(ret); | 676 | return(ret); |
| 291 | } | 677 | } |
| 292 | #endif | 678 | #endif |
| 293 | 679 | ||
| 294 | int DHparams_print(BIO *bp, const DH *x) | 680 | int DHparams_print(BIO *bp, const DH *x) |
| @@ -299,6 +685,11 @@ int DHparams_print(BIO *bp, const DH *x) | |||
| 299 | 685 | ||
| 300 | if (x->p) | 686 | if (x->p) |
| 301 | buf_len = (size_t)BN_num_bytes(x->p); | 687 | buf_len = (size_t)BN_num_bytes(x->p); |
| 688 | else | ||
| 689 | { | ||
| 690 | reason = ERR_R_PASSED_NULL_PARAMETER; | ||
| 691 | goto err; | ||
| 692 | } | ||
| 302 | if (x->g) | 693 | if (x->g) |
| 303 | if (buf_len < (i = (size_t)BN_num_bytes(x->g))) | 694 | if (buf_len < (i = (size_t)BN_num_bytes(x->g))) |
| 304 | buf_len = i; | 695 | buf_len = i; |
| @@ -333,30 +724,35 @@ err: | |||
| 333 | #ifndef OPENSSL_NO_DSA | 724 | #ifndef OPENSSL_NO_DSA |
| 334 | #ifndef OPENSSL_NO_FP_API | 725 | #ifndef OPENSSL_NO_FP_API |
| 335 | int DSAparams_print_fp(FILE *fp, const DSA *x) | 726 | int DSAparams_print_fp(FILE *fp, const DSA *x) |
| 336 | { | 727 | { |
| 337 | BIO *b; | 728 | BIO *b; |
| 338 | int ret; | 729 | int ret; |
| 339 | 730 | ||
| 340 | if ((b=BIO_new(BIO_s_file())) == NULL) | 731 | if ((b=BIO_new(BIO_s_file())) == NULL) |
| 341 | { | 732 | { |
| 342 | DSAerr(DSA_F_DSAPARAMS_PRINT_FP,ERR_R_BUF_LIB); | 733 | DSAerr(DSA_F_DSAPARAMS_PRINT_FP,ERR_R_BUF_LIB); |
| 343 | return(0); | 734 | return(0); |
| 344 | } | 735 | } |
| 345 | BIO_set_fp(b,fp,BIO_NOCLOSE); | 736 | BIO_set_fp(b,fp,BIO_NOCLOSE); |
| 346 | ret=DSAparams_print(b, x); | 737 | ret=DSAparams_print(b, x); |
| 347 | BIO_free(b); | 738 | BIO_free(b); |
| 348 | return(ret); | 739 | return(ret); |
| 349 | } | 740 | } |
| 350 | #endif | 741 | #endif |
| 351 | 742 | ||
| 352 | int DSAparams_print(BIO *bp, const DSA *x) | 743 | int DSAparams_print(BIO *bp, const DSA *x) |
| 353 | { | 744 | { |
| 354 | unsigned char *m=NULL; | 745 | unsigned char *m=NULL; |
| 355 | int reason=ERR_R_BUF_LIB,ret=0; | 746 | int ret=0; |
| 356 | size_t buf_len=0,i; | 747 | size_t buf_len=0,i; |
| 357 | 748 | ||
| 358 | if (x->p) | 749 | if (x->p) |
| 359 | buf_len = (size_t)BN_num_bytes(x->p); | 750 | buf_len = (size_t)BN_num_bytes(x->p); |
| 751 | else | ||
| 752 | { | ||
| 753 | DSAerr(DSA_F_DSAPARAMS_PRINT,DSA_R_MISSING_PARAMETERS); | ||
| 754 | goto err; | ||
| 755 | } | ||
| 360 | if (x->q) | 756 | if (x->q) |
| 361 | if (buf_len < (i = (size_t)BN_num_bytes(x->q))) | 757 | if (buf_len < (i = (size_t)BN_num_bytes(x->q))) |
| 362 | buf_len = i; | 758 | buf_len = i; |
| @@ -366,7 +762,7 @@ int DSAparams_print(BIO *bp, const DSA *x) | |||
| 366 | m=(unsigned char *)OPENSSL_malloc(buf_len+10); | 762 | m=(unsigned char *)OPENSSL_malloc(buf_len+10); |
| 367 | if (m == NULL) | 763 | if (m == NULL) |
| 368 | { | 764 | { |
| 369 | reason=ERR_R_MALLOC_FAILURE; | 765 | DSAerr(DSA_F_DSAPARAMS_PRINT,ERR_R_MALLOC_FAILURE); |
| 370 | goto err; | 766 | goto err; |
| 371 | } | 767 | } |
| 372 | 768 | ||
| @@ -374,14 +770,70 @@ int DSAparams_print(BIO *bp, const DSA *x) | |||
| 374 | BN_num_bits(x->p)) <= 0) | 770 | BN_num_bits(x->p)) <= 0) |
| 375 | goto err; | 771 | goto err; |
| 376 | if (!print(bp,"p:",x->p,m,4)) goto err; | 772 | if (!print(bp,"p:",x->p,m,4)) goto err; |
| 377 | if (!print(bp,"q:",x->q,m,4)) goto err; | 773 | if ((x->q != NULL) && !print(bp,"q:",x->q,m,4)) goto err; |
| 378 | if (!print(bp,"g:",x->g,m,4)) goto err; | 774 | if ((x->g != NULL) && !print(bp,"g:",x->g,m,4)) goto err; |
| 379 | ret=1; | 775 | ret=1; |
| 380 | err: | 776 | err: |
| 381 | if (m != NULL) OPENSSL_free(m); | 777 | if (m != NULL) OPENSSL_free(m); |
| 382 | DSAerr(DSA_F_DSAPARAMS_PRINT,reason); | ||
| 383 | return(ret); | 778 | return(ret); |
| 384 | } | 779 | } |
| 385 | 780 | ||
| 386 | #endif /* !OPENSSL_NO_DSA */ | 781 | #endif /* !OPENSSL_NO_DSA */ |
| 387 | 782 | ||
| 783 | #ifndef OPENSSL_NO_EC | ||
| 784 | #ifndef OPENSSL_NO_FP_API | ||
| 785 | int ECParameters_print_fp(FILE *fp, const EC_KEY *x) | ||
| 786 | { | ||
| 787 | BIO *b; | ||
| 788 | int ret; | ||
| 789 | |||
| 790 | if ((b=BIO_new(BIO_s_file())) == NULL) | ||
| 791 | { | ||
| 792 | ECerr(EC_F_ECPARAMETERS_PRINT_FP, ERR_R_BIO_LIB); | ||
| 793 | return(0); | ||
| 794 | } | ||
| 795 | BIO_set_fp(b, fp, BIO_NOCLOSE); | ||
| 796 | ret = ECParameters_print(b, x); | ||
| 797 | BIO_free(b); | ||
| 798 | return(ret); | ||
| 799 | } | ||
| 800 | #endif | ||
| 801 | |||
| 802 | int ECParameters_print(BIO *bp, const EC_KEY *x) | ||
| 803 | { | ||
| 804 | int reason=ERR_R_EC_LIB, ret=0; | ||
| 805 | BIGNUM *order=NULL; | ||
| 806 | const EC_GROUP *group; | ||
| 807 | |||
| 808 | if (x == NULL || (group = EC_KEY_get0_group(x)) == NULL) | ||
| 809 | { | ||
| 810 | reason = ERR_R_PASSED_NULL_PARAMETER;; | ||
| 811 | goto err; | ||
| 812 | } | ||
| 813 | |||
| 814 | if ((order = BN_new()) == NULL) | ||
| 815 | { | ||
| 816 | reason = ERR_R_MALLOC_FAILURE; | ||
| 817 | goto err; | ||
| 818 | } | ||
| 819 | |||
| 820 | if (!EC_GROUP_get_order(group, order, NULL)) | ||
| 821 | { | ||
| 822 | reason = ERR_R_EC_LIB; | ||
| 823 | goto err; | ||
| 824 | } | ||
| 825 | |||
| 826 | if (BIO_printf(bp, "ECDSA-Parameters: (%d bit)\n", | ||
| 827 | BN_num_bits(order)) <= 0) | ||
| 828 | goto err; | ||
| 829 | if (!ECPKParameters_print(bp, group, 4)) | ||
| 830 | goto err; | ||
| 831 | ret=1; | ||
| 832 | err: | ||
| 833 | if (order) | ||
| 834 | BN_free(order); | ||
| 835 | ECerr(EC_F_ECPARAMETERS_PRINT, reason); | ||
| 836 | return(ret); | ||
| 837 | } | ||
| 838 | |||
| 839 | #endif | ||
diff --git a/src/lib/libssl/src/crypto/asn1/t_req.c b/src/lib/libssl/src/crypto/asn1/t_req.c index 740cee80c0..5557e06584 100644 --- a/src/lib/libssl/src/crypto/asn1/t_req.c +++ b/src/lib/libssl/src/crypto/asn1/t_req.c | |||
| @@ -63,6 +63,12 @@ | |||
| 63 | #include <openssl/objects.h> | 63 | #include <openssl/objects.h> |
| 64 | #include <openssl/x509.h> | 64 | #include <openssl/x509.h> |
| 65 | #include <openssl/x509v3.h> | 65 | #include <openssl/x509v3.h> |
| 66 | #ifndef OPENSSL_NO_RSA | ||
| 67 | #include <openssl/rsa.h> | ||
| 68 | #endif | ||
| 69 | #ifndef OPENSSL_NO_DSA | ||
| 70 | #include <openssl/dsa.h> | ||
| 71 | #endif | ||
| 66 | 72 | ||
| 67 | #ifndef OPENSSL_NO_FP_API | 73 | #ifndef OPENSSL_NO_FP_API |
| 68 | int X509_REQ_print_fp(FILE *fp, X509_REQ *x) | 74 | int X509_REQ_print_fp(FILE *fp, X509_REQ *x) |
| @@ -160,6 +166,14 @@ int X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflags, unsigned long | |||
| 160 | } | 166 | } |
| 161 | else | 167 | else |
| 162 | #endif | 168 | #endif |
| 169 | #ifndef OPENSSL_NO_EC | ||
| 170 | if (pkey->type == EVP_PKEY_EC) | ||
| 171 | { | ||
| 172 | BIO_printf(bp, "%12sEC Public Key: \n",""); | ||
| 173 | EC_KEY_print(bp, pkey->pkey.ec, 16); | ||
| 174 | } | ||
| 175 | else | ||
| 176 | #endif | ||
| 163 | BIO_printf(bp,"%12sUnknown Public Key:\n",""); | 177 | BIO_printf(bp,"%12sUnknown Public Key:\n",""); |
| 164 | 178 | ||
| 165 | EVP_PKEY_free(pkey); | 179 | EVP_PKEY_free(pkey); |
| @@ -230,7 +244,7 @@ get_next: | |||
| 230 | } | 244 | } |
| 231 | } | 245 | } |
| 232 | } | 246 | } |
| 233 | if(!(cflag & X509_FLAG_NO_ATTRIBUTES)) | 247 | if(!(cflag & X509_FLAG_NO_EXTENSIONS)) |
| 234 | { | 248 | { |
| 235 | exts = X509_REQ_get_extensions(x); | 249 | exts = X509_REQ_get_extensions(x); |
| 236 | if(exts) | 250 | if(exts) |
| @@ -246,9 +260,9 @@ get_next: | |||
| 246 | obj=X509_EXTENSION_get_object(ex); | 260 | obj=X509_EXTENSION_get_object(ex); |
| 247 | i2a_ASN1_OBJECT(bp,obj); | 261 | i2a_ASN1_OBJECT(bp,obj); |
| 248 | j=X509_EXTENSION_get_critical(ex); | 262 | j=X509_EXTENSION_get_critical(ex); |
| 249 | if (BIO_printf(bp,": %s\n",j?"critical":"","") <= 0) | 263 | if (BIO_printf(bp,": %s\n",j?"critical":"") <= 0) |
| 250 | goto err; | 264 | goto err; |
| 251 | if(!X509V3_EXT_print(bp, ex, 0, 16)) | 265 | if(!X509V3_EXT_print(bp, ex, cflag, 16)) |
| 252 | { | 266 | { |
| 253 | BIO_printf(bp, "%16s", ""); | 267 | BIO_printf(bp, "%16s", ""); |
| 254 | M_ASN1_OCTET_STRING_print(bp,ex->value); | 268 | M_ASN1_OCTET_STRING_print(bp,ex->value); |
| @@ -266,7 +280,7 @@ get_next: | |||
| 266 | 280 | ||
| 267 | return(1); | 281 | return(1); |
| 268 | err: | 282 | err: |
| 269 | X509err(X509_F_X509_REQ_PRINT,ERR_R_BUF_LIB); | 283 | X509err(X509_F_X509_REQ_PRINT_EX,ERR_R_BUF_LIB); |
| 270 | return(0); | 284 | return(0); |
| 271 | } | 285 | } |
| 272 | 286 | ||
diff --git a/src/lib/libssl/src/crypto/asn1/t_spki.c b/src/lib/libssl/src/crypto/asn1/t_spki.c index 5abfbc815e..c2a5797dd8 100644 --- a/src/lib/libssl/src/crypto/asn1/t_spki.c +++ b/src/lib/libssl/src/crypto/asn1/t_spki.c | |||
| @@ -60,6 +60,13 @@ | |||
| 60 | #include "cryptlib.h" | 60 | #include "cryptlib.h" |
| 61 | #include <openssl/x509.h> | 61 | #include <openssl/x509.h> |
| 62 | #include <openssl/asn1.h> | 62 | #include <openssl/asn1.h> |
| 63 | #ifndef OPENSSL_NO_RSA | ||
| 64 | #include <openssl/rsa.h> | ||
| 65 | #endif | ||
| 66 | #ifndef OPENSSL_NO_DSA | ||
| 67 | #include <openssl/dsa.h> | ||
| 68 | #endif | ||
| 69 | #include <openssl/bn.h> | ||
| 63 | 70 | ||
| 64 | /* Print out an SPKI */ | 71 | /* Print out an SPKI */ |
| 65 | 72 | ||
| @@ -93,6 +100,15 @@ int NETSCAPE_SPKI_print(BIO *out, NETSCAPE_SPKI *spki) | |||
| 93 | } | 100 | } |
| 94 | else | 101 | else |
| 95 | #endif | 102 | #endif |
| 103 | #ifndef OPENSSL_NO_EC | ||
| 104 | if (pkey->type == EVP_PKEY_EC) | ||
| 105 | { | ||
| 106 | BIO_printf(out, " EC Public Key:\n"); | ||
| 107 | EC_KEY_print(out, pkey->pkey.ec,2); | ||
| 108 | } | ||
| 109 | else | ||
| 110 | #endif | ||
| 111 | |||
| 96 | BIO_printf(out," Unknown Public Key:\n"); | 112 | BIO_printf(out," Unknown Public Key:\n"); |
| 97 | EVP_PKEY_free(pkey); | 113 | EVP_PKEY_free(pkey); |
| 98 | } | 114 | } |
diff --git a/src/lib/libssl/src/crypto/asn1/t_x509.c b/src/lib/libssl/src/crypto/asn1/t_x509.c index 30f68561b7..26d3361722 100644 --- a/src/lib/libssl/src/crypto/asn1/t_x509.c +++ b/src/lib/libssl/src/crypto/asn1/t_x509.c | |||
| @@ -66,6 +66,9 @@ | |||
| 66 | #ifndef OPENSSL_NO_DSA | 66 | #ifndef OPENSSL_NO_DSA |
| 67 | #include <openssl/dsa.h> | 67 | #include <openssl/dsa.h> |
| 68 | #endif | 68 | #endif |
| 69 | #ifndef OPENSSL_NO_EC | ||
| 70 | #include <openssl/ec.h> | ||
| 71 | #endif | ||
| 69 | #include <openssl/objects.h> | 72 | #include <openssl/objects.h> |
| 70 | #include <openssl/x509.h> | 73 | #include <openssl/x509.h> |
| 71 | #include <openssl/x509v3.h> | 74 | #include <openssl/x509v3.h> |
| @@ -83,7 +86,7 @@ int X509_print_ex_fp(FILE *fp, X509 *x, unsigned long nmflag, unsigned long cfla | |||
| 83 | 86 | ||
| 84 | if ((b=BIO_new(BIO_s_file())) == NULL) | 87 | if ((b=BIO_new(BIO_s_file())) == NULL) |
| 85 | { | 88 | { |
| 86 | X509err(X509_F_X509_PRINT_FP,ERR_R_BUF_LIB); | 89 | X509err(X509_F_X509_PRINT_EX_FP,ERR_R_BUF_LIB); |
| 87 | return(0); | 90 | return(0); |
| 88 | } | 91 | } |
| 89 | BIO_set_fp(b,fp,BIO_NOCLOSE); | 92 | BIO_set_fp(b,fp,BIO_NOCLOSE); |
| @@ -229,6 +232,14 @@ int X509_print_ex(BIO *bp, X509 *x, unsigned long nmflags, unsigned long cflag) | |||
| 229 | } | 232 | } |
| 230 | else | 233 | else |
| 231 | #endif | 234 | #endif |
| 235 | #ifndef OPENSSL_NO_EC | ||
| 236 | if (pkey->type == EVP_PKEY_EC) | ||
| 237 | { | ||
| 238 | BIO_printf(bp, "%12sEC Public Key:\n",""); | ||
| 239 | EC_KEY_print(bp, pkey->pkey.ec, 16); | ||
| 240 | } | ||
| 241 | else | ||
| 242 | #endif | ||
| 232 | BIO_printf(bp,"%12sUnknown Public Key:\n",""); | 243 | BIO_printf(bp,"%12sUnknown Public Key:\n",""); |
| 233 | 244 | ||
| 234 | EVP_PKEY_free(pkey); | 245 | EVP_PKEY_free(pkey); |
| @@ -434,19 +445,18 @@ err: | |||
| 434 | int X509_NAME_print(BIO *bp, X509_NAME *name, int obase) | 445 | int X509_NAME_print(BIO *bp, X509_NAME *name, int obase) |
| 435 | { | 446 | { |
| 436 | char *s,*c,*b; | 447 | char *s,*c,*b; |
| 437 | int ret=0,l,ll,i,first=1; | 448 | int ret=0,l,i; |
| 438 | 449 | ||
| 439 | ll=80-2-obase; | 450 | l=80-2-obase; |
| 440 | 451 | ||
| 441 | b=s=X509_NAME_oneline(name,NULL,0); | 452 | b=X509_NAME_oneline(name,NULL,0); |
| 442 | if (!*s) | 453 | if (!*b) |
| 443 | { | 454 | { |
| 444 | OPENSSL_free(b); | 455 | OPENSSL_free(b); |
| 445 | return 1; | 456 | return 1; |
| 446 | } | 457 | } |
| 447 | s++; /* skip the first slash */ | 458 | s=b+1; /* skip the first slash */ |
| 448 | 459 | ||
| 449 | l=ll; | ||
| 450 | c=s; | 460 | c=s; |
| 451 | for (;;) | 461 | for (;;) |
| 452 | { | 462 | { |
| @@ -468,20 +478,9 @@ int X509_NAME_print(BIO *bp, X509_NAME *name, int obase) | |||
| 468 | (*s == '\0')) | 478 | (*s == '\0')) |
| 469 | #endif | 479 | #endif |
| 470 | { | 480 | { |
| 471 | if ((l <= 0) && !first) | ||
| 472 | { | ||
| 473 | first=0; | ||
| 474 | if (BIO_write(bp,"\n",1) != 1) goto err; | ||
| 475 | for (i=0; i<obase; i++) | ||
| 476 | { | ||
| 477 | if (BIO_write(bp," ",1) != 1) goto err; | ||
| 478 | } | ||
| 479 | l=ll; | ||
| 480 | } | ||
| 481 | i=s-c; | 481 | i=s-c; |
| 482 | if (BIO_write(bp,c,i) != i) goto err; | 482 | if (BIO_write(bp,c,i) != i) goto err; |
| 483 | c+=i; | 483 | c=s+1; /* skip following slash */ |
| 484 | c++; | ||
| 485 | if (*s != '\0') | 484 | if (*s != '\0') |
| 486 | { | 485 | { |
| 487 | if (BIO_write(bp,", ",2) != 2) goto err; | 486 | if (BIO_write(bp,", ",2) != 2) goto err; |
diff --git a/src/lib/libssl/src/crypto/asn1/tasn_dec.c b/src/lib/libssl/src/crypto/asn1/tasn_dec.c index b7e916ef36..0ee406231e 100644 --- a/src/lib/libssl/src/crypto/asn1/tasn_dec.c +++ b/src/lib/libssl/src/crypto/asn1/tasn_dec.c | |||
| @@ -3,7 +3,7 @@ | |||
| 3 | * project 2000. | 3 | * project 2000. |
| 4 | */ | 4 | */ |
| 5 | /* ==================================================================== | 5 | /* ==================================================================== |
| 6 | * Copyright (c) 2000 The OpenSSL Project. All rights reserved. | 6 | * Copyright (c) 2000-2005 The OpenSSL Project. All rights reserved. |
| 7 | * | 7 | * |
| 8 | * Redistribution and use in source and binary forms, with or without | 8 | * Redistribution and use in source and binary forms, with or without |
| 9 | * modification, are permitted provided that the following conditions | 9 | * modification, are permitted provided that the following conditions |
| @@ -65,24 +65,40 @@ | |||
| 65 | #include <openssl/buffer.h> | 65 | #include <openssl/buffer.h> |
| 66 | #include <openssl/err.h> | 66 | #include <openssl/err.h> |
| 67 | 67 | ||
| 68 | static int asn1_check_eoc(unsigned char **in, long len); | 68 | static int asn1_check_eoc(const unsigned char **in, long len); |
| 69 | static int asn1_find_end(unsigned char **in, long len, char inf); | 69 | static int asn1_find_end(const unsigned char **in, long len, char inf); |
| 70 | static int asn1_collect(BUF_MEM *buf, unsigned char **in, long len, char inf, int tag, int aclass); | 70 | |
| 71 | static int collect_data(BUF_MEM *buf, unsigned char **p, long plen); | 71 | static int asn1_collect(BUF_MEM *buf, const unsigned char **in, long len, |
| 72 | static int asn1_check_tlen(long *olen, int *otag, unsigned char *oclass, char *inf, char *cst, | 72 | char inf, int tag, int aclass); |
| 73 | unsigned char **in, long len, int exptag, int expclass, char opt, ASN1_TLC *ctx); | 73 | |
| 74 | static int asn1_template_ex_d2i(ASN1_VALUE **pval, unsigned char **in, long len, const ASN1_TEMPLATE *tt, char opt, ASN1_TLC *ctx); | 74 | static int collect_data(BUF_MEM *buf, const unsigned char **p, long plen); |
| 75 | static int asn1_template_noexp_d2i(ASN1_VALUE **val, unsigned char **in, long len, const ASN1_TEMPLATE *tt, char opt, ASN1_TLC *ctx); | 75 | |
| 76 | static int asn1_d2i_ex_primitive(ASN1_VALUE **pval, unsigned char **in, long len, | 76 | static int asn1_check_tlen(long *olen, int *otag, unsigned char *oclass, |
| 77 | const ASN1_ITEM *it, int tag, int aclass, char opt, ASN1_TLC *ctx); | 77 | char *inf, char *cst, |
| 78 | const unsigned char **in, long len, | ||
| 79 | int exptag, int expclass, char opt, | ||
| 80 | ASN1_TLC *ctx); | ||
| 81 | |||
| 82 | static int asn1_template_ex_d2i(ASN1_VALUE **pval, | ||
| 83 | const unsigned char **in, long len, | ||
| 84 | const ASN1_TEMPLATE *tt, char opt, | ||
| 85 | ASN1_TLC *ctx); | ||
| 86 | static int asn1_template_noexp_d2i(ASN1_VALUE **val, | ||
| 87 | const unsigned char **in, long len, | ||
| 88 | const ASN1_TEMPLATE *tt, char opt, | ||
| 89 | ASN1_TLC *ctx); | ||
| 90 | static int asn1_d2i_ex_primitive(ASN1_VALUE **pval, | ||
| 91 | const unsigned char **in, long len, | ||
| 92 | const ASN1_ITEM *it, | ||
| 93 | int tag, int aclass, char opt, ASN1_TLC *ctx); | ||
| 78 | 94 | ||
| 79 | /* Table to convert tags to bit values, used for MSTRING type */ | 95 | /* Table to convert tags to bit values, used for MSTRING type */ |
| 80 | static unsigned long tag2bit[32]={ | 96 | static const unsigned long tag2bit[32] = { |
| 81 | 0, 0, 0, B_ASN1_BIT_STRING, /* tags 0 - 3 */ | 97 | 0, 0, 0, B_ASN1_BIT_STRING, /* tags 0 - 3 */ |
| 82 | B_ASN1_OCTET_STRING, 0, 0, B_ASN1_UNKNOWN,/* tags 4- 7 */ | 98 | B_ASN1_OCTET_STRING, 0, 0, B_ASN1_UNKNOWN,/* tags 4- 7 */ |
| 83 | B_ASN1_UNKNOWN, B_ASN1_UNKNOWN, B_ASN1_UNKNOWN, B_ASN1_UNKNOWN,/* tags 8-11 */ | 99 | B_ASN1_UNKNOWN, B_ASN1_UNKNOWN, B_ASN1_UNKNOWN, B_ASN1_UNKNOWN,/* tags 8-11 */ |
| 84 | B_ASN1_UTF8STRING,B_ASN1_UNKNOWN,B_ASN1_UNKNOWN,B_ASN1_UNKNOWN,/* tags 12-15 */ | 100 | B_ASN1_UTF8STRING,B_ASN1_UNKNOWN,B_ASN1_UNKNOWN,B_ASN1_UNKNOWN,/* tags 12-15 */ |
| 85 | 0, 0, B_ASN1_NUMERICSTRING,B_ASN1_PRINTABLESTRING, /* tags 16-19 */ | 101 | B_ASN1_SEQUENCE,0,B_ASN1_NUMERICSTRING,B_ASN1_PRINTABLESTRING, /* tags 16-19 */ |
| 86 | B_ASN1_T61STRING,B_ASN1_VIDEOTEXSTRING,B_ASN1_IA5STRING, /* tags 20-22 */ | 102 | B_ASN1_T61STRING,B_ASN1_VIDEOTEXSTRING,B_ASN1_IA5STRING, /* tags 20-22 */ |
| 87 | B_ASN1_UTCTIME, B_ASN1_GENERALIZEDTIME, /* tags 23-24 */ | 103 | B_ASN1_UTCTIME, B_ASN1_GENERALIZEDTIME, /* tags 23-24 */ |
| 88 | B_ASN1_GRAPHICSTRING,B_ASN1_ISO64STRING,B_ASN1_GENERALSTRING, /* tags 25-27 */ | 104 | B_ASN1_GRAPHICSTRING,B_ASN1_ISO64STRING,B_ASN1_GENERALSTRING, /* tags 25-27 */ |
| @@ -90,14 +106,14 @@ B_ASN1_UNIVERSALSTRING,B_ASN1_UNKNOWN,B_ASN1_BMPSTRING,B_ASN1_UNKNOWN, /* tags 2 | |||
| 90 | }; | 106 | }; |
| 91 | 107 | ||
| 92 | unsigned long ASN1_tag2bit(int tag) | 108 | unsigned long ASN1_tag2bit(int tag) |
| 93 | { | 109 | { |
| 94 | if((tag < 0) || (tag > 30)) return 0; | 110 | if ((tag < 0) || (tag > 30)) return 0; |
| 95 | return tag2bit[tag]; | 111 | return tag2bit[tag]; |
| 96 | } | 112 | } |
| 97 | 113 | ||
| 98 | /* Macro to initialize and invalidate the cache */ | 114 | /* Macro to initialize and invalidate the cache */ |
| 99 | 115 | ||
| 100 | #define asn1_tlc_clear(c) if(c) (c)->valid = 0 | 116 | #define asn1_tlc_clear(c) if (c) (c)->valid = 0 |
| 101 | 117 | ||
| 102 | /* Decode an ASN1 item, this currently behaves just | 118 | /* Decode an ASN1 item, this currently behaves just |
| 103 | * like a standard 'd2i' function. 'in' points to | 119 | * like a standard 'd2i' function. 'in' points to |
| @@ -107,113 +123,147 @@ unsigned long ASN1_tag2bit(int tag) | |||
| 107 | * case. | 123 | * case. |
| 108 | */ | 124 | */ |
| 109 | 125 | ||
| 110 | ASN1_VALUE *ASN1_item_d2i(ASN1_VALUE **pval, unsigned char **in, long len, const ASN1_ITEM *it) | 126 | ASN1_VALUE *ASN1_item_d2i(ASN1_VALUE **pval, |
| 111 | { | 127 | const unsigned char **in, long len, const ASN1_ITEM *it) |
| 128 | { | ||
| 112 | ASN1_TLC c; | 129 | ASN1_TLC c; |
| 113 | ASN1_VALUE *ptmpval = NULL; | 130 | ASN1_VALUE *ptmpval = NULL; |
| 114 | if(!pval) pval = &ptmpval; | 131 | if (!pval) |
| 115 | asn1_tlc_clear(&c); | 132 | pval = &ptmpval; |
| 116 | if(ASN1_item_ex_d2i(pval, in, len, it, -1, 0, 0, &c) > 0) | 133 | c.valid = 0; |
| 134 | if (ASN1_item_ex_d2i(pval, in, len, it, -1, 0, 0, &c) > 0) | ||
| 117 | return *pval; | 135 | return *pval; |
| 118 | return NULL; | 136 | return NULL; |
| 119 | } | 137 | } |
| 120 | 138 | ||
| 121 | int ASN1_template_d2i(ASN1_VALUE **pval, unsigned char **in, long len, const ASN1_TEMPLATE *tt) | 139 | int ASN1_template_d2i(ASN1_VALUE **pval, |
| 122 | { | 140 | const unsigned char **in, long len, const ASN1_TEMPLATE *tt) |
| 141 | { | ||
| 123 | ASN1_TLC c; | 142 | ASN1_TLC c; |
| 124 | asn1_tlc_clear(&c); | 143 | c.valid = 0; |
| 125 | return asn1_template_ex_d2i(pval, in, len, tt, 0, &c); | 144 | return asn1_template_ex_d2i(pval, in, len, tt, 0, &c); |
| 126 | } | 145 | } |
| 127 | 146 | ||
| 128 | 147 | ||
| 129 | /* Decode an item, taking care of IMPLICIT tagging, if any. | 148 | /* Decode an item, taking care of IMPLICIT tagging, if any. |
| 130 | * If 'opt' set and tag mismatch return -1 to handle OPTIONAL | 149 | * If 'opt' set and tag mismatch return -1 to handle OPTIONAL |
| 131 | */ | 150 | */ |
| 132 | 151 | ||
| 133 | int ASN1_item_ex_d2i(ASN1_VALUE **pval, unsigned char **in, long len, const ASN1_ITEM *it, | 152 | int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, |
| 134 | int tag, int aclass, char opt, ASN1_TLC *ctx) | 153 | const ASN1_ITEM *it, |
| 135 | { | 154 | int tag, int aclass, char opt, ASN1_TLC *ctx) |
| 155 | { | ||
| 136 | const ASN1_TEMPLATE *tt, *errtt = NULL; | 156 | const ASN1_TEMPLATE *tt, *errtt = NULL; |
| 137 | const ASN1_COMPAT_FUNCS *cf; | 157 | const ASN1_COMPAT_FUNCS *cf; |
| 138 | const ASN1_EXTERN_FUNCS *ef; | 158 | const ASN1_EXTERN_FUNCS *ef; |
| 139 | const ASN1_AUX *aux = it->funcs; | 159 | const ASN1_AUX *aux = it->funcs; |
| 140 | ASN1_aux_cb *asn1_cb; | 160 | ASN1_aux_cb *asn1_cb; |
| 141 | unsigned char *p, *q, imphack = 0, oclass; | 161 | const unsigned char *p = NULL, *q; |
| 162 | unsigned char *wp=NULL; /* BIG FAT WARNING! BREAKS CONST WHERE USED */ | ||
| 163 | unsigned char imphack = 0, oclass; | ||
| 142 | char seq_eoc, seq_nolen, cst, isopt; | 164 | char seq_eoc, seq_nolen, cst, isopt; |
| 143 | long tmplen; | 165 | long tmplen; |
| 144 | int i; | 166 | int i; |
| 145 | int otag; | 167 | int otag; |
| 146 | int ret = 0; | 168 | int ret = 0; |
| 147 | ASN1_VALUE *pchval, **pchptr, *ptmpval; | 169 | ASN1_VALUE *pchval, **pchptr, *ptmpval; |
| 148 | if(!pval) return 0; | 170 | if (!pval) |
| 149 | if(aux && aux->asn1_cb) asn1_cb = aux->asn1_cb; | 171 | return 0; |
| 172 | if (aux && aux->asn1_cb) | ||
| 173 | asn1_cb = aux->asn1_cb; | ||
| 150 | else asn1_cb = 0; | 174 | else asn1_cb = 0; |
| 151 | 175 | ||
| 152 | switch(it->itype) { | 176 | switch(it->itype) |
| 153 | 177 | { | |
| 154 | case ASN1_ITYPE_PRIMITIVE: | 178 | case ASN1_ITYPE_PRIMITIVE: |
| 155 | if(it->templates) { | 179 | if (it->templates) |
| 156 | /* tagging or OPTIONAL is currently illegal on an item template | 180 | { |
| 157 | * because the flags can't get passed down. In practice this isn't | 181 | /* tagging or OPTIONAL is currently illegal on an item |
| 158 | * a problem: we include the relevant flags from the item template | 182 | * template because the flags can't get passed down. |
| 159 | * in the template itself. | 183 | * In practice this isn't a problem: we include the |
| 184 | * relevant flags from the item template in the | ||
| 185 | * template itself. | ||
| 160 | */ | 186 | */ |
| 161 | if ((tag != -1) || opt) { | 187 | if ((tag != -1) || opt) |
| 162 | ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_ILLEGAL_OPTIONS_ON_ITEM_TEMPLATE); | 188 | { |
| 189 | ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, | ||
| 190 | ASN1_R_ILLEGAL_OPTIONS_ON_ITEM_TEMPLATE); | ||
| 163 | goto err; | 191 | goto err; |
| 164 | } | 192 | } |
| 165 | return asn1_template_ex_d2i(pval, in, len, it->templates, opt, ctx); | 193 | return asn1_template_ex_d2i(pval, in, len, |
| 194 | it->templates, opt, ctx); | ||
| 166 | } | 195 | } |
| 167 | return asn1_d2i_ex_primitive(pval, in, len, it, tag, aclass, opt, ctx); | 196 | return asn1_d2i_ex_primitive(pval, in, len, it, |
| 197 | tag, aclass, opt, ctx); | ||
| 168 | break; | 198 | break; |
| 169 | 199 | ||
| 170 | case ASN1_ITYPE_MSTRING: | 200 | case ASN1_ITYPE_MSTRING: |
| 171 | p = *in; | 201 | p = *in; |
| 172 | /* Just read in tag and class */ | 202 | /* Just read in tag and class */ |
| 173 | ret = asn1_check_tlen(NULL, &otag, &oclass, NULL, NULL, &p, len, -1, 0, 1, ctx); | 203 | ret = asn1_check_tlen(NULL, &otag, &oclass, NULL, NULL, |
| 174 | if(!ret) { | 204 | &p, len, -1, 0, 1, ctx); |
| 175 | ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ERR_R_NESTED_ASN1_ERROR); | 205 | if (!ret) |
| 206 | { | ||
| 207 | ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, | ||
| 208 | ERR_R_NESTED_ASN1_ERROR); | ||
| 176 | goto err; | 209 | goto err; |
| 177 | } | 210 | } |
| 211 | |||
| 178 | /* Must be UNIVERSAL class */ | 212 | /* Must be UNIVERSAL class */ |
| 179 | if(oclass != V_ASN1_UNIVERSAL) { | 213 | if (oclass != V_ASN1_UNIVERSAL) |
| 214 | { | ||
| 180 | /* If OPTIONAL, assume this is OK */ | 215 | /* If OPTIONAL, assume this is OK */ |
| 181 | if(opt) return -1; | 216 | if (opt) return -1; |
| 182 | ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_MSTRING_NOT_UNIVERSAL); | 217 | ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, |
| 218 | ASN1_R_MSTRING_NOT_UNIVERSAL); | ||
| 183 | goto err; | 219 | goto err; |
| 184 | } | 220 | } |
| 185 | /* Check tag matches bit map */ | 221 | /* Check tag matches bit map */ |
| 186 | if(!(ASN1_tag2bit(otag) & it->utype)) { | 222 | if (!(ASN1_tag2bit(otag) & it->utype)) |
| 223 | { | ||
| 187 | /* If OPTIONAL, assume this is OK */ | 224 | /* If OPTIONAL, assume this is OK */ |
| 188 | if(opt) return -1; | 225 | if (opt) |
| 189 | ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_MSTRING_WRONG_TAG); | 226 | return -1; |
| 227 | ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, | ||
| 228 | ASN1_R_MSTRING_WRONG_TAG); | ||
| 190 | goto err; | 229 | goto err; |
| 191 | } | 230 | } |
| 192 | return asn1_d2i_ex_primitive(pval, in, len, it, otag, 0, 0, ctx); | 231 | return asn1_d2i_ex_primitive(pval, in, len, |
| 232 | it, otag, 0, 0, ctx); | ||
| 193 | 233 | ||
| 194 | case ASN1_ITYPE_EXTERN: | 234 | case ASN1_ITYPE_EXTERN: |
| 195 | /* Use new style d2i */ | 235 | /* Use new style d2i */ |
| 196 | ef = it->funcs; | 236 | ef = it->funcs; |
| 197 | return ef->asn1_ex_d2i(pval, in, len, it, tag, aclass, opt, ctx); | 237 | return ef->asn1_ex_d2i(pval, in, len, |
| 238 | it, tag, aclass, opt, ctx); | ||
| 198 | 239 | ||
| 199 | case ASN1_ITYPE_COMPAT: | 240 | case ASN1_ITYPE_COMPAT: |
| 200 | /* we must resort to old style evil hackery */ | 241 | /* we must resort to old style evil hackery */ |
| 201 | cf = it->funcs; | 242 | cf = it->funcs; |
| 202 | 243 | ||
| 203 | /* If OPTIONAL see if it is there */ | 244 | /* If OPTIONAL see if it is there */ |
| 204 | if(opt) { | 245 | if (opt) |
| 246 | { | ||
| 205 | int exptag; | 247 | int exptag; |
| 206 | p = *in; | 248 | p = *in; |
| 207 | if(tag == -1) exptag = it->utype; | 249 | if (tag == -1) |
| 250 | exptag = it->utype; | ||
| 208 | else exptag = tag; | 251 | else exptag = tag; |
| 209 | /* Don't care about anything other than presence of expected tag */ | 252 | /* Don't care about anything other than presence |
| 210 | ret = asn1_check_tlen(NULL, NULL, NULL, NULL, NULL, &p, len, exptag, aclass, 1, ctx); | 253 | * of expected tag */ |
| 211 | if(!ret) { | 254 | |
| 212 | ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ERR_R_NESTED_ASN1_ERROR); | 255 | ret = asn1_check_tlen(NULL, NULL, NULL, NULL, NULL, |
| 256 | &p, len, exptag, aclass, 1, ctx); | ||
| 257 | if (!ret) | ||
| 258 | { | ||
| 259 | ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, | ||
| 260 | ERR_R_NESTED_ASN1_ERROR); | ||
| 213 | goto err; | 261 | goto err; |
| 262 | } | ||
| 263 | if (ret == -1) | ||
| 264 | return -1; | ||
| 214 | } | 265 | } |
| 215 | if(ret == -1) return -1; | 266 | |
| 216 | } | ||
| 217 | /* This is the old style evil hack IMPLICIT handling: | 267 | /* This is the old style evil hack IMPLICIT handling: |
| 218 | * since the underlying code is expecting a tag and | 268 | * since the underlying code is expecting a tag and |
| 219 | * class other than the one present we change the | 269 | * class other than the one present we change the |
| @@ -229,245 +279,332 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, unsigned char **in, long len, const ASN1 | |||
| 229 | * buffer. | 279 | * buffer. |
| 230 | */ | 280 | */ |
| 231 | 281 | ||
| 232 | if(tag != -1) { | 282 | if (tag != -1) |
| 233 | p = *in; | 283 | { |
| 234 | imphack = *p; | 284 | wp = *(unsigned char **)in; |
| 235 | *p = (unsigned char)((*p & V_ASN1_CONSTRUCTED) | it->utype); | 285 | imphack = *wp; |
| 236 | } | 286 | if (p == NULL) |
| 287 | { | ||
| 288 | ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, | ||
| 289 | ERR_R_NESTED_ASN1_ERROR); | ||
| 290 | goto err; | ||
| 291 | } | ||
| 292 | *wp = (unsigned char)((*p & V_ASN1_CONSTRUCTED) | ||
| 293 | | it->utype); | ||
| 294 | } | ||
| 237 | 295 | ||
| 238 | ptmpval = cf->asn1_d2i(pval, in, len); | 296 | ptmpval = cf->asn1_d2i(pval, in, len); |
| 239 | 297 | ||
| 240 | if(tag != -1) *p = imphack; | 298 | if (tag != -1) |
| 299 | *wp = imphack; | ||
| 300 | |||
| 301 | if (ptmpval) | ||
| 302 | return 1; | ||
| 241 | 303 | ||
| 242 | if(ptmpval) return 1; | ||
| 243 | ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ERR_R_NESTED_ASN1_ERROR); | 304 | ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ERR_R_NESTED_ASN1_ERROR); |
| 244 | goto err; | 305 | goto err; |
| 245 | 306 | ||
| 246 | 307 | ||
| 247 | case ASN1_ITYPE_CHOICE: | 308 | case ASN1_ITYPE_CHOICE: |
| 248 | if(asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE, pval, it)) | 309 | if (asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE, pval, it)) |
| 249 | goto auxerr; | 310 | goto auxerr; |
| 250 | 311 | ||
| 251 | /* Allocate structure */ | 312 | /* Allocate structure */ |
| 252 | if(!*pval) { | 313 | if (!*pval && !ASN1_item_ex_new(pval, it)) |
| 253 | if(!ASN1_item_ex_new(pval, it)) { | 314 | { |
| 254 | ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ERR_R_NESTED_ASN1_ERROR); | 315 | ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, |
| 255 | goto err; | 316 | ERR_R_NESTED_ASN1_ERROR); |
| 317 | goto err; | ||
| 256 | } | 318 | } |
| 257 | } | ||
| 258 | /* CHOICE type, try each possibility in turn */ | 319 | /* CHOICE type, try each possibility in turn */ |
| 259 | pchval = NULL; | 320 | pchval = NULL; |
| 260 | p = *in; | 321 | p = *in; |
| 261 | for(i = 0, tt=it->templates; i < it->tcount; i++, tt++) { | 322 | for (i = 0, tt=it->templates; i < it->tcount; i++, tt++) |
| 323 | { | ||
| 262 | pchptr = asn1_get_field_ptr(pval, tt); | 324 | pchptr = asn1_get_field_ptr(pval, tt); |
| 263 | /* We mark field as OPTIONAL so its absence | 325 | /* We mark field as OPTIONAL so its absence |
| 264 | * can be recognised. | 326 | * can be recognised. |
| 265 | */ | 327 | */ |
| 266 | ret = asn1_template_ex_d2i(pchptr, &p, len, tt, 1, ctx); | 328 | ret = asn1_template_ex_d2i(pchptr, &p, len, tt, 1, ctx); |
| 267 | /* If field not present, try the next one */ | 329 | /* If field not present, try the next one */ |
| 268 | if(ret == -1) continue; | 330 | if (ret == -1) |
| 331 | continue; | ||
| 269 | /* If positive return, read OK, break loop */ | 332 | /* If positive return, read OK, break loop */ |
| 270 | if(ret > 0) break; | 333 | if (ret > 0) |
| 334 | break; | ||
| 271 | /* Otherwise must be an ASN1 parsing error */ | 335 | /* Otherwise must be an ASN1 parsing error */ |
| 272 | errtt = tt; | 336 | errtt = tt; |
| 273 | ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ERR_R_NESTED_ASN1_ERROR); | 337 | ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, |
| 338 | ERR_R_NESTED_ASN1_ERROR); | ||
| 274 | goto err; | 339 | goto err; |
| 275 | } | 340 | } |
| 341 | |||
| 276 | /* Did we fall off the end without reading anything? */ | 342 | /* Did we fall off the end without reading anything? */ |
| 277 | if(i == it->tcount) { | 343 | if (i == it->tcount) |
| 344 | { | ||
| 278 | /* If OPTIONAL, this is OK */ | 345 | /* If OPTIONAL, this is OK */ |
| 279 | if(opt) { | 346 | if (opt) |
| 347 | { | ||
| 280 | /* Free and zero it */ | 348 | /* Free and zero it */ |
| 281 | ASN1_item_ex_free(pval, it); | 349 | ASN1_item_ex_free(pval, it); |
| 282 | return -1; | 350 | return -1; |
| 283 | } | 351 | } |
| 284 | ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_NO_MATCHING_CHOICE_TYPE); | 352 | ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, |
| 353 | ASN1_R_NO_MATCHING_CHOICE_TYPE); | ||
| 285 | goto err; | 354 | goto err; |
| 286 | } | 355 | } |
| 356 | |||
| 287 | asn1_set_choice_selector(pval, i, it); | 357 | asn1_set_choice_selector(pval, i, it); |
| 288 | *in = p; | 358 | *in = p; |
| 289 | if(asn1_cb && !asn1_cb(ASN1_OP_D2I_POST, pval, it)) | 359 | if (asn1_cb && !asn1_cb(ASN1_OP_D2I_POST, pval, it)) |
| 290 | goto auxerr; | 360 | goto auxerr; |
| 291 | return 1; | 361 | return 1; |
| 292 | 362 | ||
| 363 | case ASN1_ITYPE_NDEF_SEQUENCE: | ||
| 293 | case ASN1_ITYPE_SEQUENCE: | 364 | case ASN1_ITYPE_SEQUENCE: |
| 294 | p = *in; | 365 | p = *in; |
| 295 | tmplen = len; | 366 | tmplen = len; |
| 296 | 367 | ||
| 297 | /* If no IMPLICIT tagging set to SEQUENCE, UNIVERSAL */ | 368 | /* If no IMPLICIT tagging set to SEQUENCE, UNIVERSAL */ |
| 298 | if(tag == -1) { | 369 | if (tag == -1) |
| 370 | { | ||
| 299 | tag = V_ASN1_SEQUENCE; | 371 | tag = V_ASN1_SEQUENCE; |
| 300 | aclass = V_ASN1_UNIVERSAL; | 372 | aclass = V_ASN1_UNIVERSAL; |
| 301 | } | 373 | } |
| 302 | /* Get SEQUENCE length and update len, p */ | 374 | /* Get SEQUENCE length and update len, p */ |
| 303 | ret = asn1_check_tlen(&len, NULL, NULL, &seq_eoc, &cst, &p, len, tag, aclass, opt, ctx); | 375 | ret = asn1_check_tlen(&len, NULL, NULL, &seq_eoc, &cst, |
| 304 | if(!ret) { | 376 | &p, len, tag, aclass, opt, ctx); |
| 305 | ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ERR_R_NESTED_ASN1_ERROR); | 377 | if (!ret) |
| 378 | { | ||
| 379 | ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, | ||
| 380 | ERR_R_NESTED_ASN1_ERROR); | ||
| 306 | goto err; | 381 | goto err; |
| 307 | } else if(ret == -1) return -1; | 382 | } |
| 308 | if(aux && (aux->flags & ASN1_AFLG_BROKEN)) { | 383 | else if (ret == -1) |
| 384 | return -1; | ||
| 385 | if (aux && (aux->flags & ASN1_AFLG_BROKEN)) | ||
| 386 | { | ||
| 309 | len = tmplen - (p - *in); | 387 | len = tmplen - (p - *in); |
| 310 | seq_nolen = 1; | 388 | seq_nolen = 1; |
| 311 | } else seq_nolen = seq_eoc; /* If indefinite we don't do a length check */ | 389 | } |
| 312 | if(!cst) { | 390 | /* If indefinite we don't do a length check */ |
| 313 | ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_SEQUENCE_NOT_CONSTRUCTED); | 391 | else seq_nolen = seq_eoc; |
| 392 | if (!cst) | ||
| 393 | { | ||
| 394 | ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, | ||
| 395 | ASN1_R_SEQUENCE_NOT_CONSTRUCTED); | ||
| 314 | goto err; | 396 | goto err; |
| 315 | } | 397 | } |
| 316 | 398 | ||
| 317 | if(!*pval) { | 399 | if (!*pval && !ASN1_item_ex_new(pval, it)) |
| 318 | if(!ASN1_item_ex_new(pval, it)) { | 400 | { |
| 319 | ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ERR_R_NESTED_ASN1_ERROR); | 401 | ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, |
| 320 | goto err; | 402 | ERR_R_NESTED_ASN1_ERROR); |
| 403 | goto err; | ||
| 321 | } | 404 | } |
| 322 | } | 405 | |
| 323 | if(asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE, pval, it)) | 406 | if (asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE, pval, it)) |
| 324 | goto auxerr; | 407 | goto auxerr; |
| 325 | 408 | ||
| 326 | /* Get each field entry */ | 409 | /* Get each field entry */ |
| 327 | for(i = 0, tt = it->templates; i < it->tcount; i++, tt++) { | 410 | for (i = 0, tt = it->templates; i < it->tcount; i++, tt++) |
| 411 | { | ||
| 328 | const ASN1_TEMPLATE *seqtt; | 412 | const ASN1_TEMPLATE *seqtt; |
| 329 | ASN1_VALUE **pseqval; | 413 | ASN1_VALUE **pseqval; |
| 330 | seqtt = asn1_do_adb(pval, tt, 1); | 414 | seqtt = asn1_do_adb(pval, tt, 1); |
| 331 | if(!seqtt) goto err; | 415 | if (!seqtt) |
| 416 | goto err; | ||
| 332 | pseqval = asn1_get_field_ptr(pval, seqtt); | 417 | pseqval = asn1_get_field_ptr(pval, seqtt); |
| 333 | /* Have we ran out of data? */ | 418 | /* Have we ran out of data? */ |
| 334 | if(!len) break; | 419 | if (!len) |
| 420 | break; | ||
| 335 | q = p; | 421 | q = p; |
| 336 | if(asn1_check_eoc(&p, len)) { | 422 | if (asn1_check_eoc(&p, len)) |
| 337 | if(!seq_eoc) { | 423 | { |
| 338 | ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_UNEXPECTED_EOC); | 424 | if (!seq_eoc) |
| 425 | { | ||
| 426 | ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, | ||
| 427 | ASN1_R_UNEXPECTED_EOC); | ||
| 339 | goto err; | 428 | goto err; |
| 340 | } | 429 | } |
| 341 | len -= p - q; | 430 | len -= p - q; |
| 342 | seq_eoc = 0; | 431 | seq_eoc = 0; |
| 343 | q = p; | 432 | q = p; |
| 344 | break; | 433 | break; |
| 345 | } | 434 | } |
| 346 | /* This determines the OPTIONAL flag value. The field cannot | 435 | /* This determines the OPTIONAL flag value. The field |
| 347 | * be omitted if it is the last of a SEQUENCE and there is | 436 | * cannot be omitted if it is the last of a SEQUENCE |
| 348 | * still data to be read. This isn't strictly necessary but | 437 | * and there is still data to be read. This isn't |
| 349 | * it increases efficiency in some cases. | 438 | * strictly necessary but it increases efficiency in |
| 439 | * some cases. | ||
| 350 | */ | 440 | */ |
| 351 | if(i == (it->tcount - 1)) isopt = 0; | 441 | if (i == (it->tcount - 1)) |
| 442 | isopt = 0; | ||
| 352 | else isopt = (char)(seqtt->flags & ASN1_TFLG_OPTIONAL); | 443 | else isopt = (char)(seqtt->flags & ASN1_TFLG_OPTIONAL); |
| 353 | /* attempt to read in field, allowing each to be OPTIONAL */ | 444 | /* attempt to read in field, allowing each to be |
| 354 | ret = asn1_template_ex_d2i(pseqval, &p, len, seqtt, isopt, ctx); | 445 | * OPTIONAL */ |
| 355 | if(!ret) { | 446 | |
| 447 | ret = asn1_template_ex_d2i(pseqval, &p, len, | ||
| 448 | seqtt, isopt, ctx); | ||
| 449 | if (!ret) | ||
| 450 | { | ||
| 356 | errtt = seqtt; | 451 | errtt = seqtt; |
| 357 | goto err; | 452 | goto err; |
| 358 | } else if(ret == -1) { | 453 | } |
| 359 | /* OPTIONAL component absent. Free and zero the field | 454 | else if (ret == -1) |
| 455 | { | ||
| 456 | /* OPTIONAL component absent. | ||
| 457 | * Free and zero the field. | ||
| 360 | */ | 458 | */ |
| 361 | ASN1_template_free(pseqval, seqtt); | 459 | ASN1_template_free(pseqval, seqtt); |
| 362 | continue; | 460 | continue; |
| 363 | } | 461 | } |
| 364 | /* Update length */ | 462 | /* Update length */ |
| 365 | len -= p - q; | 463 | len -= p - q; |
| 366 | } | 464 | } |
| 465 | |||
| 367 | /* Check for EOC if expecting one */ | 466 | /* Check for EOC if expecting one */ |
| 368 | if(seq_eoc && !asn1_check_eoc(&p, len)) { | 467 | if (seq_eoc && !asn1_check_eoc(&p, len)) |
| 468 | { | ||
| 369 | ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_MISSING_EOC); | 469 | ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_MISSING_EOC); |
| 370 | goto err; | 470 | goto err; |
| 371 | } | 471 | } |
| 372 | /* Check all data read */ | 472 | /* Check all data read */ |
| 373 | if(!seq_nolen && len) { | 473 | if (!seq_nolen && len) |
| 374 | ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_SEQUENCE_LENGTH_MISMATCH); | 474 | { |
| 475 | ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, | ||
| 476 | ASN1_R_SEQUENCE_LENGTH_MISMATCH); | ||
| 375 | goto err; | 477 | goto err; |
| 376 | } | 478 | } |
| 377 | 479 | ||
| 378 | /* If we get here we've got no more data in the SEQUENCE, | 480 | /* If we get here we've got no more data in the SEQUENCE, |
| 379 | * however we may not have read all fields so check all | 481 | * however we may not have read all fields so check all |
| 380 | * remaining are OPTIONAL and clear any that are. | 482 | * remaining are OPTIONAL and clear any that are. |
| 381 | */ | 483 | */ |
| 382 | for(; i < it->tcount; tt++, i++) { | 484 | for (; i < it->tcount; tt++, i++) |
| 485 | { | ||
| 383 | const ASN1_TEMPLATE *seqtt; | 486 | const ASN1_TEMPLATE *seqtt; |
| 384 | seqtt = asn1_do_adb(pval, tt, 1); | 487 | seqtt = asn1_do_adb(pval, tt, 1); |
| 385 | if(!seqtt) goto err; | 488 | if (!seqtt) |
| 386 | if(seqtt->flags & ASN1_TFLG_OPTIONAL) { | 489 | goto err; |
| 490 | if (seqtt->flags & ASN1_TFLG_OPTIONAL) | ||
| 491 | { | ||
| 387 | ASN1_VALUE **pseqval; | 492 | ASN1_VALUE **pseqval; |
| 388 | pseqval = asn1_get_field_ptr(pval, seqtt); | 493 | pseqval = asn1_get_field_ptr(pval, seqtt); |
| 389 | ASN1_template_free(pseqval, seqtt); | 494 | ASN1_template_free(pseqval, seqtt); |
| 390 | } else { | 495 | } |
| 496 | else | ||
| 497 | { | ||
| 391 | errtt = seqtt; | 498 | errtt = seqtt; |
| 392 | ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_FIELD_MISSING); | 499 | ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, |
| 500 | ASN1_R_FIELD_MISSING); | ||
| 393 | goto err; | 501 | goto err; |
| 502 | } | ||
| 394 | } | 503 | } |
| 395 | } | ||
| 396 | /* Save encoding */ | 504 | /* Save encoding */ |
| 397 | if(!asn1_enc_save(pval, *in, p - *in, it)) goto auxerr; | 505 | if (!asn1_enc_save(pval, *in, p - *in, it)) |
| 506 | goto auxerr; | ||
| 398 | *in = p; | 507 | *in = p; |
| 399 | if(asn1_cb && !asn1_cb(ASN1_OP_D2I_POST, pval, it)) | 508 | if (asn1_cb && !asn1_cb(ASN1_OP_D2I_POST, pval, it)) |
| 400 | goto auxerr; | 509 | goto auxerr; |
| 401 | return 1; | 510 | return 1; |
| 402 | 511 | ||
| 403 | default: | 512 | default: |
| 404 | return 0; | 513 | return 0; |
| 405 | } | 514 | } |
| 406 | auxerr: | 515 | auxerr: |
| 407 | ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_AUX_ERROR); | 516 | ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_AUX_ERROR); |
| 408 | err: | 517 | err: |
| 409 | ASN1_item_ex_free(pval, it); | 518 | ASN1_item_ex_free(pval, it); |
| 410 | if(errtt) ERR_add_error_data(4, "Field=", errtt->field_name, ", Type=", it->sname); | 519 | if (errtt) |
| 411 | else ERR_add_error_data(2, "Type=", it->sname); | 520 | ERR_add_error_data(4, "Field=", errtt->field_name, |
| 521 | ", Type=", it->sname); | ||
| 522 | else | ||
| 523 | ERR_add_error_data(2, "Type=", it->sname); | ||
| 412 | return 0; | 524 | return 0; |
| 413 | } | 525 | } |
| 414 | 526 | ||
| 415 | /* Templates are handled with two separate functions. One handles any EXPLICIT tag and the other handles the | 527 | /* Templates are handled with two separate functions. |
| 416 | * rest. | 528 | * One handles any EXPLICIT tag and the other handles the rest. |
| 417 | */ | 529 | */ |
| 418 | 530 | ||
| 419 | static int asn1_template_ex_d2i(ASN1_VALUE **val, unsigned char **in, long inlen, const ASN1_TEMPLATE *tt, char opt, ASN1_TLC *ctx) | 531 | static int asn1_template_ex_d2i(ASN1_VALUE **val, |
| 420 | { | 532 | const unsigned char **in, long inlen, |
| 533 | const ASN1_TEMPLATE *tt, char opt, | ||
| 534 | ASN1_TLC *ctx) | ||
| 535 | { | ||
| 421 | int flags, aclass; | 536 | int flags, aclass; |
| 422 | int ret; | 537 | int ret; |
| 423 | long len; | 538 | long len; |
| 424 | unsigned char *p, *q; | 539 | const unsigned char *p, *q; |
| 425 | char exp_eoc; | 540 | char exp_eoc; |
| 426 | if(!val) return 0; | 541 | if (!val) |
| 542 | return 0; | ||
| 427 | flags = tt->flags; | 543 | flags = tt->flags; |
| 428 | aclass = flags & ASN1_TFLG_TAG_CLASS; | 544 | aclass = flags & ASN1_TFLG_TAG_CLASS; |
| 429 | 545 | ||
| 430 | p = *in; | 546 | p = *in; |
| 431 | 547 | ||
| 432 | /* Check if EXPLICIT tag expected */ | 548 | /* Check if EXPLICIT tag expected */ |
| 433 | if(flags & ASN1_TFLG_EXPTAG) { | 549 | if (flags & ASN1_TFLG_EXPTAG) |
| 550 | { | ||
| 434 | char cst; | 551 | char cst; |
| 435 | /* Need to work out amount of data available to the inner content and where it | 552 | /* Need to work out amount of data available to the inner |
| 436 | * starts: so read in EXPLICIT header to get the info. | 553 | * content and where it starts: so read in EXPLICIT header to |
| 554 | * get the info. | ||
| 437 | */ | 555 | */ |
| 438 | ret = asn1_check_tlen(&len, NULL, NULL, &exp_eoc, &cst, &p, inlen, tt->tag, aclass, opt, ctx); | 556 | ret = asn1_check_tlen(&len, NULL, NULL, &exp_eoc, &cst, |
| 557 | &p, inlen, tt->tag, aclass, opt, ctx); | ||
| 439 | q = p; | 558 | q = p; |
| 440 | if(!ret) { | 559 | if (!ret) |
| 441 | ASN1err(ASN1_F_ASN1_TEMPLATE_EX_D2I, ERR_R_NESTED_ASN1_ERROR); | 560 | { |
| 561 | ASN1err(ASN1_F_ASN1_TEMPLATE_EX_D2I, | ||
| 562 | ERR_R_NESTED_ASN1_ERROR); | ||
| 442 | return 0; | 563 | return 0; |
| 443 | } else if(ret == -1) return -1; | 564 | } |
| 444 | if(!cst) { | 565 | else if (ret == -1) |
| 445 | ASN1err(ASN1_F_ASN1_TEMPLATE_EX_D2I, ASN1_R_EXPLICIT_TAG_NOT_CONSTRUCTED); | 566 | return -1; |
| 567 | if (!cst) | ||
| 568 | { | ||
| 569 | ASN1err(ASN1_F_ASN1_TEMPLATE_EX_D2I, | ||
| 570 | ASN1_R_EXPLICIT_TAG_NOT_CONSTRUCTED); | ||
| 446 | return 0; | 571 | return 0; |
| 447 | } | 572 | } |
| 448 | /* We've found the field so it can't be OPTIONAL now */ | 573 | /* We've found the field so it can't be OPTIONAL now */ |
| 449 | ret = asn1_template_noexp_d2i(val, &p, len, tt, 0, ctx); | 574 | ret = asn1_template_noexp_d2i(val, &p, len, tt, 0, ctx); |
| 450 | if(!ret) { | 575 | if (!ret) |
| 451 | ASN1err(ASN1_F_ASN1_TEMPLATE_EX_D2I, ERR_R_NESTED_ASN1_ERROR); | 576 | { |
| 577 | ASN1err(ASN1_F_ASN1_TEMPLATE_EX_D2I, | ||
| 578 | ERR_R_NESTED_ASN1_ERROR); | ||
| 452 | return 0; | 579 | return 0; |
| 453 | } | 580 | } |
| 454 | /* We read the field in OK so update length */ | 581 | /* We read the field in OK so update length */ |
| 455 | len -= p - q; | 582 | len -= p - q; |
| 456 | if(exp_eoc) { | 583 | if (exp_eoc) |
| 584 | { | ||
| 457 | /* If NDEF we must have an EOC here */ | 585 | /* If NDEF we must have an EOC here */ |
| 458 | if(!asn1_check_eoc(&p, len)) { | 586 | if (!asn1_check_eoc(&p, len)) |
| 459 | ASN1err(ASN1_F_ASN1_TEMPLATE_D2I, ASN1_R_MISSING_EOC); | 587 | { |
| 588 | ASN1err(ASN1_F_ASN1_TEMPLATE_EX_D2I, | ||
| 589 | ASN1_R_MISSING_EOC); | ||
| 460 | goto err; | 590 | goto err; |
| 591 | } | ||
| 461 | } | 592 | } |
| 462 | } else { | 593 | else |
| 463 | /* Otherwise we must hit the EXPLICIT tag end or its an error */ | 594 | { |
| 464 | if(len) { | 595 | /* Otherwise we must hit the EXPLICIT tag end or its |
| 465 | ASN1err(ASN1_F_ASN1_TEMPLATE_D2I, ASN1_R_EXPLICIT_LENGTH_MISMATCH); | 596 | * an error */ |
| 597 | if (len) | ||
| 598 | { | ||
| 599 | ASN1err(ASN1_F_ASN1_TEMPLATE_EX_D2I, | ||
| 600 | ASN1_R_EXPLICIT_LENGTH_MISMATCH); | ||
| 466 | goto err; | 601 | goto err; |
| 602 | } | ||
| 467 | } | 603 | } |
| 468 | } | 604 | } |
| 469 | } else | 605 | else |
| 470 | return asn1_template_noexp_d2i(val, in, inlen, tt, opt, ctx); | 606 | return asn1_template_noexp_d2i(val, in, inlen, |
| 607 | tt, opt, ctx); | ||
| 471 | 608 | ||
| 472 | *in = p; | 609 | *in = p; |
| 473 | return 1; | 610 | return 1; |
| @@ -476,98 +613,145 @@ static int asn1_template_ex_d2i(ASN1_VALUE **val, unsigned char **in, long inlen | |||
| 476 | ASN1_template_free(val, tt); | 613 | ASN1_template_free(val, tt); |
| 477 | *val = NULL; | 614 | *val = NULL; |
| 478 | return 0; | 615 | return 0; |
| 479 | } | 616 | } |
| 480 | 617 | ||
| 481 | static int asn1_template_noexp_d2i(ASN1_VALUE **val, unsigned char **in, long len, const ASN1_TEMPLATE *tt, char opt, ASN1_TLC *ctx) | 618 | static int asn1_template_noexp_d2i(ASN1_VALUE **val, |
| 482 | { | 619 | const unsigned char **in, long len, |
| 620 | const ASN1_TEMPLATE *tt, char opt, | ||
| 621 | ASN1_TLC *ctx) | ||
| 622 | { | ||
| 483 | int flags, aclass; | 623 | int flags, aclass; |
| 484 | int ret; | 624 | int ret; |
| 485 | unsigned char *p, *q; | 625 | const unsigned char *p, *q; |
| 486 | if(!val) return 0; | 626 | if (!val) |
| 627 | return 0; | ||
| 487 | flags = tt->flags; | 628 | flags = tt->flags; |
| 488 | aclass = flags & ASN1_TFLG_TAG_CLASS; | 629 | aclass = flags & ASN1_TFLG_TAG_CLASS; |
| 489 | 630 | ||
| 490 | p = *in; | 631 | p = *in; |
| 491 | q = p; | 632 | q = p; |
| 492 | 633 | ||
| 493 | if(flags & ASN1_TFLG_SK_MASK) { | 634 | if (flags & ASN1_TFLG_SK_MASK) |
| 635 | { | ||
| 494 | /* SET OF, SEQUENCE OF */ | 636 | /* SET OF, SEQUENCE OF */ |
| 495 | int sktag, skaclass; | 637 | int sktag, skaclass; |
| 496 | char sk_eoc; | 638 | char sk_eoc; |
| 497 | /* First work out expected inner tag value */ | 639 | /* First work out expected inner tag value */ |
| 498 | if(flags & ASN1_TFLG_IMPTAG) { | 640 | if (flags & ASN1_TFLG_IMPTAG) |
| 641 | { | ||
| 499 | sktag = tt->tag; | 642 | sktag = tt->tag; |
| 500 | skaclass = aclass; | 643 | skaclass = aclass; |
| 501 | } else { | 644 | } |
| 645 | else | ||
| 646 | { | ||
| 502 | skaclass = V_ASN1_UNIVERSAL; | 647 | skaclass = V_ASN1_UNIVERSAL; |
| 503 | if(flags & ASN1_TFLG_SET_OF) sktag = V_ASN1_SET; | 648 | if (flags & ASN1_TFLG_SET_OF) |
| 504 | else sktag = V_ASN1_SEQUENCE; | 649 | sktag = V_ASN1_SET; |
| 505 | } | 650 | else |
| 651 | sktag = V_ASN1_SEQUENCE; | ||
| 652 | } | ||
| 506 | /* Get the tag */ | 653 | /* Get the tag */ |
| 507 | ret = asn1_check_tlen(&len, NULL, NULL, &sk_eoc, NULL, &p, len, sktag, skaclass, opt, ctx); | 654 | ret = asn1_check_tlen(&len, NULL, NULL, &sk_eoc, NULL, |
| 508 | if(!ret) { | 655 | &p, len, sktag, skaclass, opt, ctx); |
| 509 | ASN1err(ASN1_F_ASN1_TEMPLATE_EX_D2I, ERR_R_NESTED_ASN1_ERROR); | 656 | if (!ret) |
| 657 | { | ||
| 658 | ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, | ||
| 659 | ERR_R_NESTED_ASN1_ERROR); | ||
| 510 | return 0; | 660 | return 0; |
| 511 | } else if(ret == -1) return -1; | 661 | } |
| 512 | if(!*val) *val = (ASN1_VALUE *)sk_new_null(); | 662 | else if (ret == -1) |
| 513 | else { | 663 | return -1; |
| 664 | if (!*val) | ||
| 665 | *val = (ASN1_VALUE *)sk_new_null(); | ||
| 666 | else | ||
| 667 | { | ||
| 514 | /* We've got a valid STACK: free up any items present */ | 668 | /* We've got a valid STACK: free up any items present */ |
| 515 | STACK *sktmp = (STACK *)*val; | 669 | STACK *sktmp = (STACK *)*val; |
| 516 | ASN1_VALUE *vtmp; | 670 | ASN1_VALUE *vtmp; |
| 517 | while(sk_num(sktmp) > 0) { | 671 | while(sk_num(sktmp) > 0) |
| 672 | { | ||
| 518 | vtmp = (ASN1_VALUE *)sk_pop(sktmp); | 673 | vtmp = (ASN1_VALUE *)sk_pop(sktmp); |
| 519 | ASN1_item_ex_free(&vtmp, ASN1_ITEM_ptr(tt->item)); | 674 | ASN1_item_ex_free(&vtmp, |
| 675 | ASN1_ITEM_ptr(tt->item)); | ||
| 676 | } | ||
| 520 | } | 677 | } |
| 521 | } | ||
| 522 | 678 | ||
| 523 | if(!*val) { | 679 | if (!*val) |
| 524 | ASN1err(ASN1_F_ASN1_TEMPLATE_EX_D2I, ERR_R_MALLOC_FAILURE); | 680 | { |
| 681 | ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, | ||
| 682 | ERR_R_MALLOC_FAILURE); | ||
| 525 | goto err; | 683 | goto err; |
| 526 | } | 684 | } |
| 685 | |||
| 527 | /* Read as many items as we can */ | 686 | /* Read as many items as we can */ |
| 528 | while(len > 0) { | 687 | while(len > 0) |
| 688 | { | ||
| 529 | ASN1_VALUE *skfield; | 689 | ASN1_VALUE *skfield; |
| 530 | q = p; | 690 | q = p; |
| 531 | /* See if EOC found */ | 691 | /* See if EOC found */ |
| 532 | if(asn1_check_eoc(&p, len)) { | 692 | if (asn1_check_eoc(&p, len)) |
| 533 | if(!sk_eoc) { | 693 | { |
| 534 | ASN1err(ASN1_F_ASN1_TEMPLATE_D2I, ASN1_R_UNEXPECTED_EOC); | 694 | if (!sk_eoc) |
| 695 | { | ||
| 696 | ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, | ||
| 697 | ASN1_R_UNEXPECTED_EOC); | ||
| 535 | goto err; | 698 | goto err; |
| 536 | } | 699 | } |
| 537 | len -= p - q; | 700 | len -= p - q; |
| 538 | sk_eoc = 0; | 701 | sk_eoc = 0; |
| 539 | break; | 702 | break; |
| 540 | } | 703 | } |
| 541 | skfield = NULL; | 704 | skfield = NULL; |
| 542 | if(!ASN1_item_ex_d2i(&skfield, &p, len, ASN1_ITEM_ptr(tt->item), -1, 0, 0, ctx)) { | 705 | if (!ASN1_item_ex_d2i(&skfield, &p, len, |
| 543 | ASN1err(ASN1_F_ASN1_TEMPLATE_D2I, ERR_R_NESTED_ASN1_ERROR); | 706 | ASN1_ITEM_ptr(tt->item), |
| 707 | -1, 0, 0, ctx)) | ||
| 708 | { | ||
| 709 | ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, | ||
| 710 | ERR_R_NESTED_ASN1_ERROR); | ||
| 544 | goto err; | 711 | goto err; |
| 545 | } | 712 | } |
| 546 | len -= p - q; | 713 | len -= p - q; |
| 547 | if(!sk_push((STACK *)*val, (char *)skfield)) { | 714 | if (!sk_push((STACK *)*val, (char *)skfield)) |
| 548 | ASN1err(ASN1_F_ASN1_TEMPLATE_D2I, ERR_R_MALLOC_FAILURE); | 715 | { |
| 716 | ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, | ||
| 717 | ERR_R_MALLOC_FAILURE); | ||
| 549 | goto err; | 718 | goto err; |
| 719 | } | ||
| 550 | } | 720 | } |
| 551 | } | 721 | if (sk_eoc) |
| 552 | if(sk_eoc) { | 722 | { |
| 553 | ASN1err(ASN1_F_ASN1_TEMPLATE_D2I, ASN1_R_MISSING_EOC); | 723 | ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, ASN1_R_MISSING_EOC); |
| 554 | goto err; | 724 | goto err; |
| 725 | } | ||
| 555 | } | 726 | } |
| 556 | } else if(flags & ASN1_TFLG_IMPTAG) { | 727 | else if (flags & ASN1_TFLG_IMPTAG) |
| 728 | { | ||
| 557 | /* IMPLICIT tagging */ | 729 | /* IMPLICIT tagging */ |
| 558 | ret = ASN1_item_ex_d2i(val, &p, len, ASN1_ITEM_ptr(tt->item), tt->tag, aclass, opt, ctx); | 730 | ret = ASN1_item_ex_d2i(val, &p, len, |
| 559 | if(!ret) { | 731 | ASN1_ITEM_ptr(tt->item), tt->tag, aclass, opt, ctx); |
| 560 | ASN1err(ASN1_F_ASN1_TEMPLATE_D2I, ERR_R_NESTED_ASN1_ERROR); | 732 | if (!ret) |
| 733 | { | ||
| 734 | ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, | ||
| 735 | ERR_R_NESTED_ASN1_ERROR); | ||
| 561 | goto err; | 736 | goto err; |
| 562 | } else if(ret == -1) return -1; | 737 | } |
| 563 | } else { | 738 | else if (ret == -1) |
| 739 | return -1; | ||
| 740 | } | ||
| 741 | else | ||
| 742 | { | ||
| 564 | /* Nothing special */ | 743 | /* Nothing special */ |
| 565 | ret = ASN1_item_ex_d2i(val, &p, len, ASN1_ITEM_ptr(tt->item), -1, 0, opt, ctx); | 744 | ret = ASN1_item_ex_d2i(val, &p, len, ASN1_ITEM_ptr(tt->item), |
| 566 | if(!ret) { | 745 | -1, 0, opt, ctx); |
| 567 | ASN1err(ASN1_F_ASN1_TEMPLATE_D2I, ERR_R_NESTED_ASN1_ERROR); | 746 | if (!ret) |
| 747 | { | ||
| 748 | ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, | ||
| 749 | ERR_R_NESTED_ASN1_ERROR); | ||
| 568 | goto err; | 750 | goto err; |
| 569 | } else if(ret == -1) return -1; | 751 | } |
| 570 | } | 752 | else if (ret == -1) |
| 753 | return -1; | ||
| 754 | } | ||
| 571 | 755 | ||
| 572 | *in = p; | 756 | *in = p; |
| 573 | return 1; | 757 | return 1; |
| @@ -576,85 +760,115 @@ static int asn1_template_noexp_d2i(ASN1_VALUE **val, unsigned char **in, long le | |||
| 576 | ASN1_template_free(val, tt); | 760 | ASN1_template_free(val, tt); |
| 577 | *val = NULL; | 761 | *val = NULL; |
| 578 | return 0; | 762 | return 0; |
| 579 | } | 763 | } |
| 580 | 764 | ||
| 581 | static int asn1_d2i_ex_primitive(ASN1_VALUE **pval, unsigned char **in, long inlen, | 765 | static int asn1_d2i_ex_primitive(ASN1_VALUE **pval, |
| 582 | const ASN1_ITEM *it, | 766 | const unsigned char **in, long inlen, |
| 583 | int tag, int aclass, char opt, ASN1_TLC *ctx) | 767 | const ASN1_ITEM *it, |
| 584 | { | 768 | int tag, int aclass, char opt, ASN1_TLC *ctx) |
| 769 | { | ||
| 585 | int ret = 0, utype; | 770 | int ret = 0, utype; |
| 586 | long plen; | 771 | long plen; |
| 587 | char cst, inf, free_cont = 0; | 772 | char cst, inf, free_cont = 0; |
| 588 | unsigned char *p; | 773 | const unsigned char *p; |
| 589 | BUF_MEM buf; | 774 | BUF_MEM buf; |
| 590 | unsigned char *cont = NULL; | 775 | const unsigned char *cont = NULL; |
| 591 | long len; | 776 | long len; |
| 592 | if(!pval) { | 777 | if (!pval) |
| 778 | { | ||
| 593 | ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ASN1_R_ILLEGAL_NULL); | 779 | ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ASN1_R_ILLEGAL_NULL); |
| 594 | return 0; /* Should never happen */ | 780 | return 0; /* Should never happen */ |
| 595 | } | 781 | } |
| 596 | 782 | ||
| 597 | if(it->itype == ASN1_ITYPE_MSTRING) { | 783 | if (it->itype == ASN1_ITYPE_MSTRING) |
| 784 | { | ||
| 598 | utype = tag; | 785 | utype = tag; |
| 599 | tag = -1; | 786 | tag = -1; |
| 600 | } else utype = it->utype; | 787 | } |
| 788 | else | ||
| 789 | utype = it->utype; | ||
| 601 | 790 | ||
| 602 | if(utype == V_ASN1_ANY) { | 791 | if (utype == V_ASN1_ANY) |
| 792 | { | ||
| 603 | /* If type is ANY need to figure out type from tag */ | 793 | /* If type is ANY need to figure out type from tag */ |
| 604 | unsigned char oclass; | 794 | unsigned char oclass; |
| 605 | if(tag >= 0) { | 795 | if (tag >= 0) |
| 606 | ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ASN1_R_ILLEGAL_TAGGED_ANY); | 796 | { |
| 797 | ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, | ||
| 798 | ASN1_R_ILLEGAL_TAGGED_ANY); | ||
| 607 | return 0; | 799 | return 0; |
| 608 | } | 800 | } |
| 609 | if(opt) { | 801 | if (opt) |
| 610 | ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ASN1_R_ILLEGAL_OPTIONAL_ANY); | 802 | { |
| 803 | ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, | ||
| 804 | ASN1_R_ILLEGAL_OPTIONAL_ANY); | ||
| 611 | return 0; | 805 | return 0; |
| 612 | } | 806 | } |
| 613 | p = *in; | 807 | p = *in; |
| 614 | ret = asn1_check_tlen(NULL, &utype, &oclass, NULL, NULL, &p, inlen, -1, 0, 0, ctx); | 808 | ret = asn1_check_tlen(NULL, &utype, &oclass, NULL, NULL, |
| 615 | if(!ret) { | 809 | &p, inlen, -1, 0, 0, ctx); |
| 616 | ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ERR_R_NESTED_ASN1_ERROR); | 810 | if (!ret) |
| 811 | { | ||
| 812 | ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, | ||
| 813 | ERR_R_NESTED_ASN1_ERROR); | ||
| 617 | return 0; | 814 | return 0; |
| 815 | } | ||
| 816 | if (oclass != V_ASN1_UNIVERSAL) | ||
| 817 | utype = V_ASN1_OTHER; | ||
| 618 | } | 818 | } |
| 619 | if(oclass != V_ASN1_UNIVERSAL) utype = V_ASN1_OTHER; | 819 | if (tag == -1) |
| 620 | } | 820 | { |
| 621 | if(tag == -1) { | ||
| 622 | tag = utype; | 821 | tag = utype; |
| 623 | aclass = V_ASN1_UNIVERSAL; | 822 | aclass = V_ASN1_UNIVERSAL; |
| 624 | } | 823 | } |
| 625 | p = *in; | 824 | p = *in; |
| 626 | /* Check header */ | 825 | /* Check header */ |
| 627 | ret = asn1_check_tlen(&plen, NULL, NULL, &inf, &cst, &p, inlen, tag, aclass, opt, ctx); | 826 | ret = asn1_check_tlen(&plen, NULL, NULL, &inf, &cst, |
| 628 | if(!ret) { | 827 | &p, inlen, tag, aclass, opt, ctx); |
| 828 | if (!ret) | ||
| 829 | { | ||
| 629 | ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ERR_R_NESTED_ASN1_ERROR); | 830 | ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ERR_R_NESTED_ASN1_ERROR); |
| 630 | return 0; | 831 | return 0; |
| 631 | } else if(ret == -1) return -1; | 832 | } |
| 632 | 833 | else if (ret == -1) | |
| 633 | ret = 0; | 834 | return -1; |
| 835 | ret = 0; | ||
| 634 | /* SEQUENCE, SET and "OTHER" are left in encoded form */ | 836 | /* SEQUENCE, SET and "OTHER" are left in encoded form */ |
| 635 | if((utype == V_ASN1_SEQUENCE) || (utype == V_ASN1_SET) || (utype == V_ASN1_OTHER)) { | 837 | if ((utype == V_ASN1_SEQUENCE) |
| 636 | /* Clear context cache for type OTHER because the auto clear when | 838 | || (utype == V_ASN1_SET) || (utype == V_ASN1_OTHER)) |
| 637 | * we have a exact match wont work | 839 | { |
| 840 | /* Clear context cache for type OTHER because the auto clear | ||
| 841 | * when we have a exact match wont work | ||
| 638 | */ | 842 | */ |
| 639 | if(utype == V_ASN1_OTHER) { | 843 | if (utype == V_ASN1_OTHER) |
| 844 | { | ||
| 640 | asn1_tlc_clear(ctx); | 845 | asn1_tlc_clear(ctx); |
| 846 | } | ||
| 641 | /* SEQUENCE and SET must be constructed */ | 847 | /* SEQUENCE and SET must be constructed */ |
| 642 | } else if(!cst) { | 848 | else if (!cst) |
| 643 | ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ASN1_R_TYPE_NOT_CONSTRUCTED); | 849 | { |
| 850 | ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, | ||
| 851 | ASN1_R_TYPE_NOT_CONSTRUCTED); | ||
| 644 | return 0; | 852 | return 0; |
| 645 | } | 853 | } |
| 646 | 854 | ||
| 647 | cont = *in; | 855 | cont = *in; |
| 648 | /* If indefinite length constructed find the real end */ | 856 | /* If indefinite length constructed find the real end */ |
| 649 | if(inf) { | 857 | if (inf) |
| 650 | if(!asn1_find_end(&p, plen, inf)) goto err; | 858 | { |
| 859 | if (!asn1_find_end(&p, plen, inf)) | ||
| 860 | goto err; | ||
| 651 | len = p - cont; | 861 | len = p - cont; |
| 652 | } else { | 862 | } |
| 863 | else | ||
| 864 | { | ||
| 653 | len = p - cont + plen; | 865 | len = p - cont + plen; |
| 654 | p += plen; | 866 | p += plen; |
| 655 | buf.data = NULL; | 867 | buf.data = NULL; |
| 868 | } | ||
| 656 | } | 869 | } |
| 657 | } else if(cst) { | 870 | else if (cst) |
| 871 | { | ||
| 658 | buf.length = 0; | 872 | buf.length = 0; |
| 659 | buf.max = 0; | 873 | buf.max = 0; |
| 660 | buf.data = NULL; | 874 | buf.data = NULL; |
| @@ -664,36 +878,46 @@ static int asn1_d2i_ex_primitive(ASN1_VALUE **pval, unsigned char **in, long inl | |||
| 664 | * internally irrespective of the type. So instead just check | 878 | * internally irrespective of the type. So instead just check |
| 665 | * for UNIVERSAL class and ignore the tag. | 879 | * for UNIVERSAL class and ignore the tag. |
| 666 | */ | 880 | */ |
| 667 | if(!asn1_collect(&buf, &p, plen, inf, -1, V_ASN1_UNIVERSAL)) goto err; | 881 | if (!asn1_collect(&buf, &p, plen, inf, -1, V_ASN1_UNIVERSAL)) |
| 882 | { | ||
| 883 | free_cont = 1; | ||
| 884 | goto err; | ||
| 885 | } | ||
| 668 | len = buf.length; | 886 | len = buf.length; |
| 669 | /* Append a final null to string */ | 887 | /* Append a final null to string */ |
| 670 | if(!BUF_MEM_grow_clean(&buf, len + 1)) { | 888 | if (!BUF_MEM_grow_clean(&buf, len + 1)) |
| 671 | ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ERR_R_MALLOC_FAILURE); | 889 | { |
| 890 | ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, | ||
| 891 | ERR_R_MALLOC_FAILURE); | ||
| 672 | return 0; | 892 | return 0; |
| 673 | } | 893 | } |
| 674 | buf.data[len] = 0; | 894 | buf.data[len] = 0; |
| 675 | cont = (unsigned char *)buf.data; | 895 | cont = (const unsigned char *)buf.data; |
| 676 | free_cont = 1; | 896 | free_cont = 1; |
| 677 | } else { | 897 | } |
| 898 | else | ||
| 899 | { | ||
| 678 | cont = p; | 900 | cont = p; |
| 679 | len = plen; | 901 | len = plen; |
| 680 | p += plen; | 902 | p += plen; |
| 681 | } | 903 | } |
| 682 | 904 | ||
| 683 | /* We now have content length and type: translate into a structure */ | 905 | /* We now have content length and type: translate into a structure */ |
| 684 | if(!asn1_ex_c2i(pval, cont, len, utype, &free_cont, it)) goto err; | 906 | if (!asn1_ex_c2i(pval, cont, len, utype, &free_cont, it)) |
| 907 | goto err; | ||
| 685 | 908 | ||
| 686 | *in = p; | 909 | *in = p; |
| 687 | ret = 1; | 910 | ret = 1; |
| 688 | err: | 911 | err: |
| 689 | if(free_cont && buf.data) OPENSSL_free(buf.data); | 912 | if (free_cont && buf.data) OPENSSL_free(buf.data); |
| 690 | return ret; | 913 | return ret; |
| 691 | } | 914 | } |
| 692 | 915 | ||
| 693 | /* Translate ASN1 content octets into a structure */ | 916 | /* Translate ASN1 content octets into a structure */ |
| 694 | 917 | ||
| 695 | int asn1_ex_c2i(ASN1_VALUE **pval, unsigned char *cont, int len, int utype, char *free_cont, const ASN1_ITEM *it) | 918 | int asn1_ex_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, |
| 696 | { | 919 | int utype, char *free_cont, const ASN1_ITEM *it) |
| 920 | { | ||
| 697 | ASN1_VALUE **opval = NULL; | 921 | ASN1_VALUE **opval = NULL; |
| 698 | ASN1_STRING *stmp; | 922 | ASN1_STRING *stmp; |
| 699 | ASN1_TYPE *typ = NULL; | 923 | ASN1_TYPE *typ = NULL; |
| @@ -701,43 +925,62 @@ int asn1_ex_c2i(ASN1_VALUE **pval, unsigned char *cont, int len, int utype, char | |||
| 701 | const ASN1_PRIMITIVE_FUNCS *pf; | 925 | const ASN1_PRIMITIVE_FUNCS *pf; |
| 702 | ASN1_INTEGER **tint; | 926 | ASN1_INTEGER **tint; |
| 703 | pf = it->funcs; | 927 | pf = it->funcs; |
| 704 | if(pf && pf->prim_c2i) return pf->prim_c2i(pval, cont, len, utype, free_cont, it); | 928 | |
| 929 | if (pf && pf->prim_c2i) | ||
| 930 | return pf->prim_c2i(pval, cont, len, utype, free_cont, it); | ||
| 705 | /* If ANY type clear type and set pointer to internal value */ | 931 | /* If ANY type clear type and set pointer to internal value */ |
| 706 | if(it->utype == V_ASN1_ANY) { | 932 | if (it->utype == V_ASN1_ANY) |
| 707 | if(!*pval) { | 933 | { |
| 934 | if (!*pval) | ||
| 935 | { | ||
| 708 | typ = ASN1_TYPE_new(); | 936 | typ = ASN1_TYPE_new(); |
| 937 | if (typ == NULL) | ||
| 938 | goto err; | ||
| 709 | *pval = (ASN1_VALUE *)typ; | 939 | *pval = (ASN1_VALUE *)typ; |
| 710 | } else typ = (ASN1_TYPE *)*pval; | 940 | } |
| 711 | if(utype != typ->type) ASN1_TYPE_set(typ, utype, NULL); | 941 | else |
| 942 | typ = (ASN1_TYPE *)*pval; | ||
| 943 | |||
| 944 | if (utype != typ->type) | ||
| 945 | ASN1_TYPE_set(typ, utype, NULL); | ||
| 712 | opval = pval; | 946 | opval = pval; |
| 713 | pval = (ASN1_VALUE **)&typ->value.ptr; | 947 | pval = &typ->value.asn1_value; |
| 714 | } | 948 | } |
| 715 | switch(utype) { | 949 | switch(utype) |
| 950 | { | ||
| 716 | case V_ASN1_OBJECT: | 951 | case V_ASN1_OBJECT: |
| 717 | if(!c2i_ASN1_OBJECT((ASN1_OBJECT **)pval, &cont, len)) goto err; | 952 | if (!c2i_ASN1_OBJECT((ASN1_OBJECT **)pval, &cont, len)) |
| 953 | goto err; | ||
| 718 | break; | 954 | break; |
| 719 | 955 | ||
| 720 | case V_ASN1_NULL: | 956 | case V_ASN1_NULL: |
| 721 | if(len) { | 957 | if (len) |
| 722 | ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ASN1_R_NULL_IS_WRONG_LENGTH); | 958 | { |
| 959 | ASN1err(ASN1_F_ASN1_EX_C2I, | ||
| 960 | ASN1_R_NULL_IS_WRONG_LENGTH); | ||
| 723 | goto err; | 961 | goto err; |
| 724 | } | 962 | } |
| 725 | *pval = (ASN1_VALUE *)1; | 963 | *pval = (ASN1_VALUE *)1; |
| 726 | break; | 964 | break; |
| 727 | 965 | ||
| 728 | case V_ASN1_BOOLEAN: | 966 | case V_ASN1_BOOLEAN: |
| 729 | if(len != 1) { | 967 | if (len != 1) |
| 730 | ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ASN1_R_BOOLEAN_IS_WRONG_LENGTH); | 968 | { |
| 969 | ASN1err(ASN1_F_ASN1_EX_C2I, | ||
| 970 | ASN1_R_BOOLEAN_IS_WRONG_LENGTH); | ||
| 731 | goto err; | 971 | goto err; |
| 732 | } else { | 972 | } |
| 973 | else | ||
| 974 | { | ||
| 733 | ASN1_BOOLEAN *tbool; | 975 | ASN1_BOOLEAN *tbool; |
| 734 | tbool = (ASN1_BOOLEAN *)pval; | 976 | tbool = (ASN1_BOOLEAN *)pval; |
| 735 | *tbool = *cont; | 977 | *tbool = *cont; |
| 736 | } | 978 | } |
| 737 | break; | 979 | break; |
| 738 | 980 | ||
| 739 | case V_ASN1_BIT_STRING: | 981 | case V_ASN1_BIT_STRING: |
| 740 | if(!c2i_ASN1_BIT_STRING((ASN1_BIT_STRING **)pval, &cont, len)) goto err; | 982 | if (!c2i_ASN1_BIT_STRING((ASN1_BIT_STRING **)pval, &cont, len)) |
| 983 | goto err; | ||
| 741 | break; | 984 | break; |
| 742 | 985 | ||
| 743 | case V_ASN1_INTEGER: | 986 | case V_ASN1_INTEGER: |
| @@ -745,7 +988,8 @@ int asn1_ex_c2i(ASN1_VALUE **pval, unsigned char *cont, int len, int utype, char | |||
| 745 | case V_ASN1_ENUMERATED: | 988 | case V_ASN1_ENUMERATED: |
| 746 | case V_ASN1_NEG_ENUMERATED: | 989 | case V_ASN1_NEG_ENUMERATED: |
| 747 | tint = (ASN1_INTEGER **)pval; | 990 | tint = (ASN1_INTEGER **)pval; |
| 748 | if(!c2i_ASN1_INTEGER(tint, &cont, len)) goto err; | 991 | if (!c2i_ASN1_INTEGER(tint, &cont, len)) |
| 992 | goto err; | ||
| 749 | /* Fixup type to match the expected form */ | 993 | /* Fixup type to match the expected form */ |
| 750 | (*tint)->type = utype | ((*tint)->type & V_ASN1_NEG); | 994 | (*tint)->type = utype | ((*tint)->type & V_ASN1_NEG); |
| 751 | break; | 995 | break; |
| @@ -769,46 +1013,59 @@ int asn1_ex_c2i(ASN1_VALUE **pval, unsigned char *cont, int len, int utype, char | |||
| 769 | case V_ASN1_SEQUENCE: | 1013 | case V_ASN1_SEQUENCE: |
| 770 | default: | 1014 | default: |
| 771 | /* All based on ASN1_STRING and handled the same */ | 1015 | /* All based on ASN1_STRING and handled the same */ |
| 772 | if(!*pval) { | 1016 | if (!*pval) |
| 1017 | { | ||
| 773 | stmp = ASN1_STRING_type_new(utype); | 1018 | stmp = ASN1_STRING_type_new(utype); |
| 774 | if(!stmp) { | 1019 | if (!stmp) |
| 775 | ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ERR_R_MALLOC_FAILURE); | 1020 | { |
| 1021 | ASN1err(ASN1_F_ASN1_EX_C2I, | ||
| 1022 | ERR_R_MALLOC_FAILURE); | ||
| 776 | goto err; | 1023 | goto err; |
| 777 | } | 1024 | } |
| 778 | *pval = (ASN1_VALUE *)stmp; | 1025 | *pval = (ASN1_VALUE *)stmp; |
| 779 | } else { | 1026 | } |
| 1027 | else | ||
| 1028 | { | ||
| 780 | stmp = (ASN1_STRING *)*pval; | 1029 | stmp = (ASN1_STRING *)*pval; |
| 781 | stmp->type = utype; | 1030 | stmp->type = utype; |
| 782 | } | 1031 | } |
| 783 | /* If we've already allocated a buffer use it */ | 1032 | /* If we've already allocated a buffer use it */ |
| 784 | if(*free_cont) { | 1033 | if (*free_cont) |
| 785 | if(stmp->data) OPENSSL_free(stmp->data); | 1034 | { |
| 786 | stmp->data = cont; | 1035 | if (stmp->data) |
| 1036 | OPENSSL_free(stmp->data); | ||
| 1037 | stmp->data = (unsigned char *)cont; /* UGLY CAST! RL */ | ||
| 787 | stmp->length = len; | 1038 | stmp->length = len; |
| 788 | *free_cont = 0; | 1039 | *free_cont = 0; |
| 789 | } else { | 1040 | } |
| 790 | if(!ASN1_STRING_set(stmp, cont, len)) { | 1041 | else |
| 791 | ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ERR_R_MALLOC_FAILURE); | 1042 | { |
| 1043 | if (!ASN1_STRING_set(stmp, cont, len)) | ||
| 1044 | { | ||
| 1045 | ASN1err(ASN1_F_ASN1_EX_C2I, | ||
| 1046 | ERR_R_MALLOC_FAILURE); | ||
| 792 | ASN1_STRING_free(stmp); | 1047 | ASN1_STRING_free(stmp); |
| 793 | *pval = NULL; | 1048 | *pval = NULL; |
| 794 | goto err; | 1049 | goto err; |
| 1050 | } | ||
| 795 | } | 1051 | } |
| 796 | } | ||
| 797 | break; | 1052 | break; |
| 798 | } | 1053 | } |
| 799 | /* If ASN1_ANY and NULL type fix up value */ | 1054 | /* If ASN1_ANY and NULL type fix up value */ |
| 800 | if(typ && utype==V_ASN1_NULL) typ->value.ptr = NULL; | 1055 | if (typ && (utype == V_ASN1_NULL)) |
| 1056 | typ->value.ptr = NULL; | ||
| 801 | 1057 | ||
| 802 | ret = 1; | 1058 | ret = 1; |
| 803 | err: | 1059 | err: |
| 804 | if(!ret) | 1060 | if (!ret) |
| 805 | { | 1061 | { |
| 806 | ASN1_TYPE_free(typ); | 1062 | ASN1_TYPE_free(typ); |
| 807 | if (opval) | 1063 | if (opval) |
| 808 | *opval = NULL; | 1064 | *opval = NULL; |
| 809 | } | 1065 | } |
| 810 | return ret; | 1066 | return ret; |
| 811 | } | 1067 | } |
| 1068 | |||
| 812 | 1069 | ||
| 813 | /* This function finds the end of an ASN1 structure when passed its maximum | 1070 | /* This function finds the end of an ASN1 structure when passed its maximum |
| 814 | * length, whether it is indefinite length and a pointer to the content. | 1071 | * length, whether it is indefinite length and a pointer to the content. |
| @@ -816,11 +1073,11 @@ int asn1_ex_c2i(ASN1_VALUE **pval, unsigned char *cont, int len, int utype, char | |||
| 816 | * recurse on each indefinite length header. | 1073 | * recurse on each indefinite length header. |
| 817 | */ | 1074 | */ |
| 818 | 1075 | ||
| 819 | static int asn1_find_end(unsigned char **in, long len, char inf) | 1076 | static int asn1_find_end(const unsigned char **in, long len, char inf) |
| 820 | { | 1077 | { |
| 821 | int expected_eoc; | 1078 | int expected_eoc; |
| 822 | long plen; | 1079 | long plen; |
| 823 | unsigned char *p = *in, *q; | 1080 | const unsigned char *p = *in, *q; |
| 824 | /* If not indefinite length constructed just add length */ | 1081 | /* If not indefinite length constructed just add length */ |
| 825 | if (inf == 0) | 1082 | if (inf == 0) |
| 826 | { | 1083 | { |
| @@ -830,7 +1087,7 @@ static int asn1_find_end(unsigned char **in, long len, char inf) | |||
| 830 | expected_eoc = 1; | 1087 | expected_eoc = 1; |
| 831 | /* Indefinite length constructed form. Find the end when enough EOCs | 1088 | /* Indefinite length constructed form. Find the end when enough EOCs |
| 832 | * are found. If more indefinite length constructed headers | 1089 | * are found. If more indefinite length constructed headers |
| 833 | * are encountered increment the expected eoc count otherwise justi | 1090 | * are encountered increment the expected eoc count otherwise just |
| 834 | * skip to the end of the data. | 1091 | * skip to the end of the data. |
| 835 | */ | 1092 | */ |
| 836 | while (len > 0) | 1093 | while (len > 0) |
| @@ -865,38 +1122,55 @@ static int asn1_find_end(unsigned char **in, long len, char inf) | |||
| 865 | *in = p; | 1122 | *in = p; |
| 866 | return 1; | 1123 | return 1; |
| 867 | } | 1124 | } |
| 868 | |||
| 869 | /* This function collects the asn1 data from a constructred string | 1125 | /* This function collects the asn1 data from a constructred string |
| 870 | * type into a buffer. The values of 'in' and 'len' should refer | 1126 | * type into a buffer. The values of 'in' and 'len' should refer |
| 871 | * to the contents of the constructed type and 'inf' should be set | 1127 | * to the contents of the constructed type and 'inf' should be set |
| 872 | * if it is indefinite length. | 1128 | * if it is indefinite length. |
| 873 | */ | 1129 | */ |
| 874 | 1130 | ||
| 875 | static int asn1_collect(BUF_MEM *buf, unsigned char **in, long len, char inf, int tag, int aclass) | 1131 | static int asn1_collect(BUF_MEM *buf, const unsigned char **in, long len, |
| 876 | { | 1132 | char inf, int tag, int aclass) |
| 877 | unsigned char *p, *q; | 1133 | { |
| 1134 | const unsigned char *p, *q; | ||
| 878 | long plen; | 1135 | long plen; |
| 879 | char cst, ininf; | 1136 | char cst, ininf; |
| 880 | p = *in; | 1137 | p = *in; |
| 881 | inf &= 1; | 1138 | inf &= 1; |
| 882 | while(len > 0) { | 1139 | /* If no buffer and not indefinite length constructed just pass over |
| 1140 | * the encoded data */ | ||
| 1141 | if (!buf && !inf) | ||
| 1142 | { | ||
| 1143 | *in += len; | ||
| 1144 | return 1; | ||
| 1145 | } | ||
| 1146 | while(len > 0) | ||
| 1147 | { | ||
| 883 | q = p; | 1148 | q = p; |
| 884 | /* Check for EOC */ | 1149 | /* Check for EOC */ |
| 885 | if(asn1_check_eoc(&p, len)) { | 1150 | if (asn1_check_eoc(&p, len)) |
| 886 | /* EOC is illegal outside indefinite length constructed form */ | 1151 | { |
| 887 | if(!inf) { | 1152 | /* EOC is illegal outside indefinite length |
| 888 | ASN1err(ASN1_F_ASN1_COLLECT, ASN1_R_UNEXPECTED_EOC); | 1153 | * constructed form */ |
| 1154 | if (!inf) | ||
| 1155 | { | ||
| 1156 | ASN1err(ASN1_F_ASN1_COLLECT, | ||
| 1157 | ASN1_R_UNEXPECTED_EOC); | ||
| 889 | return 0; | 1158 | return 0; |
| 890 | } | 1159 | } |
| 891 | inf = 0; | 1160 | inf = 0; |
| 892 | break; | 1161 | break; |
| 893 | } | 1162 | } |
| 894 | if(!asn1_check_tlen(&plen, NULL, NULL, &ininf, &cst, &p, len, tag, aclass, 0, NULL)) { | 1163 | |
| 1164 | if (!asn1_check_tlen(&plen, NULL, NULL, &ininf, &cst, &p, | ||
| 1165 | len, tag, aclass, 0, NULL)) | ||
| 1166 | { | ||
| 895 | ASN1err(ASN1_F_ASN1_COLLECT, ERR_R_NESTED_ASN1_ERROR); | 1167 | ASN1err(ASN1_F_ASN1_COLLECT, ERR_R_NESTED_ASN1_ERROR); |
| 896 | return 0; | 1168 | return 0; |
| 897 | } | 1169 | } |
| 1170 | |||
| 898 | /* If indefinite length constructed update max length */ | 1171 | /* If indefinite length constructed update max length */ |
| 899 | if(cst) { | 1172 | if (cst) |
| 1173 | { | ||
| 900 | #ifdef OPENSSL_ALLOW_NESTED_ASN1_STRINGS | 1174 | #ifdef OPENSSL_ALLOW_NESTED_ASN1_STRINGS |
| 901 | if (!asn1_collect(buf, &p, plen, ininf, tag, aclass)) | 1175 | if (!asn1_collect(buf, &p, plen, ininf, tag, aclass)) |
| 902 | return 0; | 1176 | return 0; |
| @@ -904,47 +1178,51 @@ static int asn1_collect(BUF_MEM *buf, unsigned char **in, long len, char inf, in | |||
| 904 | ASN1err(ASN1_F_ASN1_COLLECT, ASN1_R_NESTED_ASN1_STRING); | 1178 | ASN1err(ASN1_F_ASN1_COLLECT, ASN1_R_NESTED_ASN1_STRING); |
| 905 | return 0; | 1179 | return 0; |
| 906 | #endif | 1180 | #endif |
| 907 | } else { | 1181 | } |
| 908 | if(plen && !collect_data(buf, &p, plen)) return 0; | 1182 | else if (plen && !collect_data(buf, &p, plen)) |
| 909 | } | 1183 | return 0; |
| 910 | len -= p - q; | 1184 | len -= p - q; |
| 911 | } | 1185 | } |
| 912 | if(inf) { | 1186 | if (inf) |
| 1187 | { | ||
| 913 | ASN1err(ASN1_F_ASN1_COLLECT, ASN1_R_MISSING_EOC); | 1188 | ASN1err(ASN1_F_ASN1_COLLECT, ASN1_R_MISSING_EOC); |
| 914 | return 0; | 1189 | return 0; |
| 915 | } | 1190 | } |
| 916 | *in = p; | 1191 | *in = p; |
| 917 | return 1; | 1192 | return 1; |
| 918 | } | 1193 | } |
| 919 | 1194 | ||
| 920 | static int collect_data(BUF_MEM *buf, unsigned char **p, long plen) | 1195 | static int collect_data(BUF_MEM *buf, const unsigned char **p, long plen) |
| 921 | { | 1196 | { |
| 922 | int len; | 1197 | int len; |
| 923 | if(buf) { | 1198 | if (buf) |
| 924 | len = buf->length; | 1199 | { |
| 925 | if(!BUF_MEM_grow_clean(buf, len + plen)) { | 1200 | len = buf->length; |
| 926 | ASN1err(ASN1_F_COLLECT_DATA, ERR_R_MALLOC_FAILURE); | 1201 | if (!BUF_MEM_grow_clean(buf, len + plen)) |
| 927 | return 0; | 1202 | { |
| 1203 | ASN1err(ASN1_F_COLLECT_DATA, ERR_R_MALLOC_FAILURE); | ||
| 1204 | return 0; | ||
| 928 | } | 1205 | } |
| 929 | memcpy(buf->data + len, *p, plen); | 1206 | memcpy(buf->data + len, *p, plen); |
| 930 | } | 1207 | } |
| 931 | *p += plen; | 1208 | *p += plen; |
| 932 | return 1; | 1209 | return 1; |
| 933 | } | 1210 | } |
| 934 | 1211 | ||
| 935 | /* Check for ASN1 EOC and swallow it if found */ | 1212 | /* Check for ASN1 EOC and swallow it if found */ |
| 936 | 1213 | ||
| 937 | static int asn1_check_eoc(unsigned char **in, long len) | 1214 | static int asn1_check_eoc(const unsigned char **in, long len) |
| 938 | { | 1215 | { |
| 939 | unsigned char *p; | 1216 | const unsigned char *p; |
| 940 | if(len < 2) return 0; | 1217 | if (len < 2) return 0; |
| 941 | p = *in; | 1218 | p = *in; |
| 942 | if(!p[0] && !p[1]) { | 1219 | if (!p[0] && !p[1]) |
| 1220 | { | ||
| 943 | *in += 2; | 1221 | *in += 2; |
| 944 | return 1; | 1222 | return 1; |
| 945 | } | 1223 | } |
| 946 | return 0; | 1224 | return 0; |
| 947 | } | 1225 | } |
| 948 | 1226 | ||
| 949 | /* Check an ASN1 tag and length: a bit like ASN1_get_object | 1227 | /* Check an ASN1 tag and length: a bit like ASN1_get_object |
| 950 | * but it sets the length for indefinite length constructed | 1228 | * but it sets the length for indefinite length constructed |
| @@ -953,25 +1231,32 @@ static int asn1_check_eoc(unsigned char **in, long len) | |||
| 953 | * header length just read. | 1231 | * header length just read. |
| 954 | */ | 1232 | */ |
| 955 | 1233 | ||
| 956 | static int asn1_check_tlen(long *olen, int *otag, unsigned char *oclass, char *inf, char *cst, | 1234 | static int asn1_check_tlen(long *olen, int *otag, unsigned char *oclass, |
| 957 | unsigned char **in, long len, int exptag, int expclass, char opt, ASN1_TLC *ctx) | 1235 | char *inf, char *cst, |
| 958 | { | 1236 | const unsigned char **in, long len, |
| 1237 | int exptag, int expclass, char opt, | ||
| 1238 | ASN1_TLC *ctx) | ||
| 1239 | { | ||
| 959 | int i; | 1240 | int i; |
| 960 | int ptag, pclass; | 1241 | int ptag, pclass; |
| 961 | long plen; | 1242 | long plen; |
| 962 | unsigned char *p, *q; | 1243 | const unsigned char *p, *q; |
| 963 | p = *in; | 1244 | p = *in; |
| 964 | q = p; | 1245 | q = p; |
| 965 | 1246 | ||
| 966 | if(ctx && ctx->valid) { | 1247 | if (ctx && ctx->valid) |
| 1248 | { | ||
| 967 | i = ctx->ret; | 1249 | i = ctx->ret; |
| 968 | plen = ctx->plen; | 1250 | plen = ctx->plen; |
| 969 | pclass = ctx->pclass; | 1251 | pclass = ctx->pclass; |
| 970 | ptag = ctx->ptag; | 1252 | ptag = ctx->ptag; |
| 971 | p += ctx->hdrlen; | 1253 | p += ctx->hdrlen; |
| 972 | } else { | 1254 | } |
| 1255 | else | ||
| 1256 | { | ||
| 973 | i = ASN1_get_object(&p, &plen, &ptag, &pclass, len); | 1257 | i = ASN1_get_object(&p, &plen, &ptag, &pclass, len); |
| 974 | if(ctx) { | 1258 | if (ctx) |
| 1259 | { | ||
| 975 | ctx->ret = i; | 1260 | ctx->ret = i; |
| 976 | ctx->plen = plen; | 1261 | ctx->plen = plen; |
| 977 | ctx->pclass = pclass; | 1262 | ctx->pclass = pclass; |
| @@ -981,43 +1266,57 @@ static int asn1_check_tlen(long *olen, int *otag, unsigned char *oclass, char *i | |||
| 981 | /* If definite length, and no error, length + | 1266 | /* If definite length, and no error, length + |
| 982 | * header can't exceed total amount of data available. | 1267 | * header can't exceed total amount of data available. |
| 983 | */ | 1268 | */ |
| 984 | if(!(i & 0x81) && ((plen + ctx->hdrlen) > len)) { | 1269 | if (!(i & 0x81) && ((plen + ctx->hdrlen) > len)) |
| 985 | ASN1err(ASN1_F_ASN1_CHECK_TLEN, ASN1_R_TOO_LONG); | 1270 | { |
| 1271 | ASN1err(ASN1_F_ASN1_CHECK_TLEN, | ||
| 1272 | ASN1_R_TOO_LONG); | ||
| 986 | asn1_tlc_clear(ctx); | 1273 | asn1_tlc_clear(ctx); |
| 987 | return 0; | 1274 | return 0; |
| 1275 | } | ||
| 988 | } | 1276 | } |
| 989 | } | 1277 | } |
| 990 | } | ||
| 991 | 1278 | ||
| 992 | if(i & 0x80) { | 1279 | if (i & 0x80) |
| 1280 | { | ||
| 993 | ASN1err(ASN1_F_ASN1_CHECK_TLEN, ASN1_R_BAD_OBJECT_HEADER); | 1281 | ASN1err(ASN1_F_ASN1_CHECK_TLEN, ASN1_R_BAD_OBJECT_HEADER); |
| 994 | asn1_tlc_clear(ctx); | 1282 | asn1_tlc_clear(ctx); |
| 995 | return 0; | 1283 | return 0; |
| 996 | } | 1284 | } |
| 997 | if(exptag >= 0) { | 1285 | if (exptag >= 0) |
| 998 | if((exptag != ptag) || (expclass != pclass)) { | 1286 | { |
| 999 | /* If type is OPTIONAL, not an error, but indicate missing | 1287 | if ((exptag != ptag) || (expclass != pclass)) |
| 1000 | * type. | 1288 | { |
| 1289 | /* If type is OPTIONAL, not an error: | ||
| 1290 | * indicate missing type. | ||
| 1001 | */ | 1291 | */ |
| 1002 | if(opt) return -1; | 1292 | if (opt) return -1; |
| 1003 | asn1_tlc_clear(ctx); | 1293 | asn1_tlc_clear(ctx); |
| 1004 | ASN1err(ASN1_F_ASN1_CHECK_TLEN, ASN1_R_WRONG_TAG); | 1294 | ASN1err(ASN1_F_ASN1_CHECK_TLEN, ASN1_R_WRONG_TAG); |
| 1005 | return 0; | 1295 | return 0; |
| 1006 | } | 1296 | } |
| 1007 | /* We have a tag and class match, so assume we are going to do something with it */ | 1297 | /* We have a tag and class match: |
| 1298 | * assume we are going to do something with it */ | ||
| 1008 | asn1_tlc_clear(ctx); | 1299 | asn1_tlc_clear(ctx); |
| 1009 | } | 1300 | } |
| 1301 | |||
| 1302 | if (i & 1) | ||
| 1303 | plen = len - (p - q); | ||
| 1010 | 1304 | ||
| 1011 | if(i & 1) plen = len - (p - q); | 1305 | if (inf) |
| 1306 | *inf = i & 1; | ||
| 1012 | 1307 | ||
| 1013 | if(inf) *inf = i & 1; | 1308 | if (cst) |
| 1309 | *cst = i & V_ASN1_CONSTRUCTED; | ||
| 1014 | 1310 | ||
| 1015 | if(cst) *cst = i & V_ASN1_CONSTRUCTED; | 1311 | if (olen) |
| 1312 | *olen = plen; | ||
| 1016 | 1313 | ||
| 1017 | if(olen) *olen = plen; | 1314 | if (oclass) |
| 1018 | if(oclass) *oclass = pclass; | 1315 | *oclass = pclass; |
| 1019 | if(otag) *otag = ptag; | 1316 | |
| 1317 | if (otag) | ||
| 1318 | *otag = ptag; | ||
| 1020 | 1319 | ||
| 1021 | *in = p; | 1320 | *in = p; |
| 1022 | return 1; | 1321 | return 1; |
| 1023 | } | 1322 | } |
diff --git a/src/lib/libssl/src/crypto/asn1/tasn_enc.c b/src/lib/libssl/src/crypto/asn1/tasn_enc.c index c675c3c832..be19b36acd 100644 --- a/src/lib/libssl/src/crypto/asn1/tasn_enc.c +++ b/src/lib/libssl/src/crypto/asn1/tasn_enc.c | |||
| @@ -3,7 +3,7 @@ | |||
| 3 | * project 2000. | 3 | * project 2000. |
| 4 | */ | 4 | */ |
| 5 | /* ==================================================================== | 5 | /* ==================================================================== |
| 6 | * Copyright (c) 2000 The OpenSSL Project. All rights reserved. | 6 | * Copyright (c) 2000-2004 The OpenSSL Project. All rights reserved. |
| 7 | * | 7 | * |
| 8 | * Redistribution and use in source and binary forms, with or without | 8 | * Redistribution and use in source and binary forms, with or without |
| 9 | * modification, are permitted provided that the following conditions | 9 | * modification, are permitted provided that the following conditions |
| @@ -59,88 +59,119 @@ | |||
| 59 | 59 | ||
| 60 | #include <stddef.h> | 60 | #include <stddef.h> |
| 61 | #include <string.h> | 61 | #include <string.h> |
| 62 | #include "cryptlib.h" | ||
| 62 | #include <openssl/asn1.h> | 63 | #include <openssl/asn1.h> |
| 63 | #include <openssl/asn1t.h> | 64 | #include <openssl/asn1t.h> |
| 64 | #include <openssl/objects.h> | 65 | #include <openssl/objects.h> |
| 65 | 66 | ||
| 66 | static int asn1_i2d_ex_primitive(ASN1_VALUE **pval, unsigned char **out, const ASN1_ITEM *it, int tag, int aclass); | 67 | static int asn1_i2d_ex_primitive(ASN1_VALUE **pval, unsigned char **out, |
| 67 | static int asn1_set_seq_out(STACK_OF(ASN1_VALUE) *seq, unsigned char **out, int skcontlen, const ASN1_ITEM *item, int isset); | 68 | const ASN1_ITEM *it, |
| 69 | int tag, int aclass); | ||
| 70 | static int asn1_set_seq_out(STACK_OF(ASN1_VALUE) *sk, unsigned char **out, | ||
| 71 | int skcontlen, const ASN1_ITEM *item, | ||
| 72 | int do_sort, int iclass); | ||
| 73 | static int asn1_template_ex_i2d(ASN1_VALUE **pval, unsigned char **out, | ||
| 74 | const ASN1_TEMPLATE *tt, | ||
| 75 | int tag, int aclass); | ||
| 76 | static int asn1_item_flags_i2d(ASN1_VALUE *val, unsigned char **out, | ||
| 77 | const ASN1_ITEM *it, int flags); | ||
| 78 | |||
| 79 | /* Top level i2d equivalents: the 'ndef' variant instructs the encoder | ||
| 80 | * to use indefinite length constructed encoding, where appropriate | ||
| 81 | */ | ||
| 82 | |||
| 83 | int ASN1_item_ndef_i2d(ASN1_VALUE *val, unsigned char **out, | ||
| 84 | const ASN1_ITEM *it) | ||
| 85 | { | ||
| 86 | return asn1_item_flags_i2d(val, out, it, ASN1_TFLG_NDEF); | ||
| 87 | } | ||
| 88 | |||
| 89 | int ASN1_item_i2d(ASN1_VALUE *val, unsigned char **out, const ASN1_ITEM *it) | ||
| 90 | { | ||
| 91 | return asn1_item_flags_i2d(val, out, it, 0); | ||
| 92 | } | ||
| 68 | 93 | ||
| 69 | /* Encode an ASN1 item, this is compatible with the | 94 | /* Encode an ASN1 item, this is use by the |
| 70 | * standard 'i2d' function. 'out' points to | 95 | * standard 'i2d' function. 'out' points to |
| 71 | * a buffer to output the data to, in future we will | 96 | * a buffer to output the data to. |
| 72 | * have more advanced versions that can output data | ||
| 73 | * a piece at a time and this will simply be a special | ||
| 74 | * case. | ||
| 75 | * | 97 | * |
| 76 | * The new i2d has one additional feature. If the output | 98 | * The new i2d has one additional feature. If the output |
| 77 | * buffer is NULL (i.e. *out == NULL) then a buffer is | 99 | * buffer is NULL (i.e. *out == NULL) then a buffer is |
| 78 | * allocated and populated with the encoding. | 100 | * allocated and populated with the encoding. |
| 79 | */ | 101 | */ |
| 80 | 102 | ||
| 81 | 103 | static int asn1_item_flags_i2d(ASN1_VALUE *val, unsigned char **out, | |
| 82 | int ASN1_item_i2d(ASN1_VALUE *val, unsigned char **out, const ASN1_ITEM *it) | 104 | const ASN1_ITEM *it, int flags) |
| 83 | { | 105 | { |
| 84 | if(out && !*out) { | 106 | if (out && !*out) |
| 107 | { | ||
| 85 | unsigned char *p, *buf; | 108 | unsigned char *p, *buf; |
| 86 | int len; | 109 | int len; |
| 87 | len = ASN1_item_ex_i2d(&val, NULL, it, -1, 0); | 110 | len = ASN1_item_ex_i2d(&val, NULL, it, -1, flags); |
| 88 | if(len <= 0) return len; | 111 | if (len <= 0) |
| 112 | return len; | ||
| 89 | buf = OPENSSL_malloc(len); | 113 | buf = OPENSSL_malloc(len); |
| 90 | if(!buf) return -1; | 114 | if (!buf) |
| 115 | return -1; | ||
| 91 | p = buf; | 116 | p = buf; |
| 92 | ASN1_item_ex_i2d(&val, &p, it, -1, 0); | 117 | ASN1_item_ex_i2d(&val, &p, it, -1, flags); |
| 93 | *out = buf; | 118 | *out = buf; |
| 94 | return len; | 119 | return len; |
| 120 | } | ||
| 121 | |||
| 122 | return ASN1_item_ex_i2d(&val, out, it, -1, flags); | ||
| 95 | } | 123 | } |
| 96 | |||
| 97 | return ASN1_item_ex_i2d(&val, out, it, -1, 0); | ||
| 98 | } | ||
| 99 | 124 | ||
| 100 | /* Encode an item, taking care of IMPLICIT tagging (if any). | 125 | /* Encode an item, taking care of IMPLICIT tagging (if any). |
| 101 | * This function performs the normal item handling: it can be | 126 | * This function performs the normal item handling: it can be |
| 102 | * used in external types. | 127 | * used in external types. |
| 103 | */ | 128 | */ |
| 104 | 129 | ||
| 105 | int ASN1_item_ex_i2d(ASN1_VALUE **pval, unsigned char **out, const ASN1_ITEM *it, int tag, int aclass) | 130 | int ASN1_item_ex_i2d(ASN1_VALUE **pval, unsigned char **out, |
| 106 | { | 131 | const ASN1_ITEM *it, int tag, int aclass) |
| 132 | { | ||
| 107 | const ASN1_TEMPLATE *tt = NULL; | 133 | const ASN1_TEMPLATE *tt = NULL; |
| 108 | unsigned char *p = NULL; | 134 | unsigned char *p = NULL; |
| 109 | int i, seqcontlen, seqlen; | 135 | int i, seqcontlen, seqlen, ndef = 1; |
| 110 | ASN1_STRING *strtmp; | ||
| 111 | const ASN1_COMPAT_FUNCS *cf; | 136 | const ASN1_COMPAT_FUNCS *cf; |
| 112 | const ASN1_EXTERN_FUNCS *ef; | 137 | const ASN1_EXTERN_FUNCS *ef; |
| 113 | const ASN1_AUX *aux = it->funcs; | 138 | const ASN1_AUX *aux = it->funcs; |
| 114 | ASN1_aux_cb *asn1_cb; | 139 | ASN1_aux_cb *asn1_cb = 0; |
| 115 | if((it->itype != ASN1_ITYPE_PRIMITIVE) && !*pval) return 0; | 140 | |
| 116 | if(aux && aux->asn1_cb) asn1_cb = aux->asn1_cb; | 141 | if ((it->itype != ASN1_ITYPE_PRIMITIVE) && !*pval) |
| 117 | else asn1_cb = 0; | 142 | return 0; |
| 118 | 143 | ||
| 119 | switch(it->itype) { | 144 | if (aux && aux->asn1_cb) |
| 145 | asn1_cb = aux->asn1_cb; | ||
| 146 | |||
| 147 | switch(it->itype) | ||
| 148 | { | ||
| 120 | 149 | ||
| 121 | case ASN1_ITYPE_PRIMITIVE: | 150 | case ASN1_ITYPE_PRIMITIVE: |
| 122 | if(it->templates) | 151 | if (it->templates) |
| 123 | return ASN1_template_i2d(pval, out, it->templates); | 152 | return asn1_template_ex_i2d(pval, out, it->templates, |
| 153 | tag, aclass); | ||
| 124 | return asn1_i2d_ex_primitive(pval, out, it, tag, aclass); | 154 | return asn1_i2d_ex_primitive(pval, out, it, tag, aclass); |
| 125 | break; | 155 | break; |
| 126 | 156 | ||
| 127 | case ASN1_ITYPE_MSTRING: | 157 | case ASN1_ITYPE_MSTRING: |
| 128 | strtmp = (ASN1_STRING *)*pval; | 158 | return asn1_i2d_ex_primitive(pval, out, it, -1, aclass); |
| 129 | return asn1_i2d_ex_primitive(pval, out, it, -1, 0); | ||
| 130 | 159 | ||
| 131 | case ASN1_ITYPE_CHOICE: | 160 | case ASN1_ITYPE_CHOICE: |
| 132 | if(asn1_cb && !asn1_cb(ASN1_OP_I2D_PRE, pval, it)) | 161 | if (asn1_cb && !asn1_cb(ASN1_OP_I2D_PRE, pval, it)) |
| 133 | return 0; | 162 | return 0; |
| 134 | i = asn1_get_choice_selector(pval, it); | 163 | i = asn1_get_choice_selector(pval, it); |
| 135 | if((i >= 0) && (i < it->tcount)) { | 164 | if ((i >= 0) && (i < it->tcount)) |
| 165 | { | ||
| 136 | ASN1_VALUE **pchval; | 166 | ASN1_VALUE **pchval; |
| 137 | const ASN1_TEMPLATE *chtt; | 167 | const ASN1_TEMPLATE *chtt; |
| 138 | chtt = it->templates + i; | 168 | chtt = it->templates + i; |
| 139 | pchval = asn1_get_field_ptr(pval, chtt); | 169 | pchval = asn1_get_field_ptr(pval, chtt); |
| 140 | return ASN1_template_i2d(pchval, out, chtt); | 170 | return asn1_template_ex_i2d(pchval, out, chtt, |
| 141 | } | 171 | -1, aclass); |
| 172 | } | ||
| 142 | /* Fixme: error condition if selector out of range */ | 173 | /* Fixme: error condition if selector out of range */ |
| 143 | if(asn1_cb && !asn1_cb(ASN1_OP_I2D_POST, pval, it)) | 174 | if (asn1_cb && !asn1_cb(ASN1_OP_I2D_POST, pval, it)) |
| 144 | return 0; | 175 | return 0; |
| 145 | break; | 176 | break; |
| 146 | 177 | ||
| @@ -152,136 +183,236 @@ int ASN1_item_ex_i2d(ASN1_VALUE **pval, unsigned char **out, const ASN1_ITEM *it | |||
| 152 | case ASN1_ITYPE_COMPAT: | 183 | case ASN1_ITYPE_COMPAT: |
| 153 | /* old style hackery... */ | 184 | /* old style hackery... */ |
| 154 | cf = it->funcs; | 185 | cf = it->funcs; |
| 155 | if(out) p = *out; | 186 | if (out) |
| 187 | p = *out; | ||
| 156 | i = cf->asn1_i2d(*pval, out); | 188 | i = cf->asn1_i2d(*pval, out); |
| 157 | /* Fixup for IMPLICIT tag: note this messes up for tags > 30, | 189 | /* Fixup for IMPLICIT tag: note this messes up for tags > 30, |
| 158 | * but so did the old code. Tags > 30 are very rare anyway. | 190 | * but so did the old code. Tags > 30 are very rare anyway. |
| 159 | */ | 191 | */ |
| 160 | if(out && (tag != -1)) | 192 | if (out && (tag != -1)) |
| 161 | *p = aclass | tag | (*p & V_ASN1_CONSTRUCTED); | 193 | *p = aclass | tag | (*p & V_ASN1_CONSTRUCTED); |
| 162 | return i; | 194 | return i; |
| 163 | 195 | ||
| 196 | case ASN1_ITYPE_NDEF_SEQUENCE: | ||
| 197 | /* Use indefinite length constructed if requested */ | ||
| 198 | if (aclass & ASN1_TFLG_NDEF) ndef = 2; | ||
| 199 | /* fall through */ | ||
| 200 | |||
| 164 | case ASN1_ITYPE_SEQUENCE: | 201 | case ASN1_ITYPE_SEQUENCE: |
| 165 | i = asn1_enc_restore(&seqcontlen, out, pval, it); | 202 | i = asn1_enc_restore(&seqcontlen, out, pval, it); |
| 166 | /* An error occurred */ | 203 | /* An error occurred */ |
| 167 | if(i < 0) return 0; | 204 | if (i < 0) |
| 205 | return 0; | ||
| 168 | /* We have a valid cached encoding... */ | 206 | /* We have a valid cached encoding... */ |
| 169 | if(i > 0) return seqcontlen; | 207 | if (i > 0) |
| 208 | return seqcontlen; | ||
| 170 | /* Otherwise carry on */ | 209 | /* Otherwise carry on */ |
| 171 | seqcontlen = 0; | 210 | seqcontlen = 0; |
| 172 | /* If no IMPLICIT tagging set to SEQUENCE, UNIVERSAL */ | 211 | /* If no IMPLICIT tagging set to SEQUENCE, UNIVERSAL */ |
| 173 | if(tag == -1) { | 212 | if (tag == -1) |
| 213 | { | ||
| 174 | tag = V_ASN1_SEQUENCE; | 214 | tag = V_ASN1_SEQUENCE; |
| 175 | aclass = V_ASN1_UNIVERSAL; | 215 | /* Retain any other flags in aclass */ |
| 176 | } | 216 | aclass = (aclass & ~ASN1_TFLG_TAG_CLASS) |
| 177 | if(asn1_cb && !asn1_cb(ASN1_OP_I2D_PRE, pval, it)) | 217 | | V_ASN1_UNIVERSAL; |
| 218 | } | ||
| 219 | if (asn1_cb && !asn1_cb(ASN1_OP_I2D_PRE, pval, it)) | ||
| 178 | return 0; | 220 | return 0; |
| 179 | /* First work out sequence content length */ | 221 | /* First work out sequence content length */ |
| 180 | for(i = 0, tt = it->templates; i < it->tcount; tt++, i++) { | 222 | for (i = 0, tt = it->templates; i < it->tcount; tt++, i++) |
| 223 | { | ||
| 181 | const ASN1_TEMPLATE *seqtt; | 224 | const ASN1_TEMPLATE *seqtt; |
| 182 | ASN1_VALUE **pseqval; | 225 | ASN1_VALUE **pseqval; |
| 183 | seqtt = asn1_do_adb(pval, tt, 1); | 226 | seqtt = asn1_do_adb(pval, tt, 1); |
| 184 | if(!seqtt) return 0; | 227 | if (!seqtt) |
| 228 | return 0; | ||
| 185 | pseqval = asn1_get_field_ptr(pval, seqtt); | 229 | pseqval = asn1_get_field_ptr(pval, seqtt); |
| 186 | /* FIXME: check for errors in enhanced version */ | 230 | /* FIXME: check for errors in enhanced version */ |
| 187 | /* FIXME: special handling of indefinite length encoding */ | 231 | seqcontlen += asn1_template_ex_i2d(pseqval, NULL, seqtt, |
| 188 | seqcontlen += ASN1_template_i2d(pseqval, NULL, seqtt); | 232 | -1, aclass); |
| 189 | } | 233 | } |
| 190 | seqlen = ASN1_object_size(1, seqcontlen, tag); | 234 | |
| 191 | if(!out) return seqlen; | 235 | seqlen = ASN1_object_size(ndef, seqcontlen, tag); |
| 236 | if (!out) | ||
| 237 | return seqlen; | ||
| 192 | /* Output SEQUENCE header */ | 238 | /* Output SEQUENCE header */ |
| 193 | ASN1_put_object(out, 1, seqcontlen, tag, aclass); | 239 | ASN1_put_object(out, ndef, seqcontlen, tag, aclass); |
| 194 | for(i = 0, tt = it->templates; i < it->tcount; tt++, i++) { | 240 | for (i = 0, tt = it->templates; i < it->tcount; tt++, i++) |
| 241 | { | ||
| 195 | const ASN1_TEMPLATE *seqtt; | 242 | const ASN1_TEMPLATE *seqtt; |
| 196 | ASN1_VALUE **pseqval; | 243 | ASN1_VALUE **pseqval; |
| 197 | seqtt = asn1_do_adb(pval, tt, 1); | 244 | seqtt = asn1_do_adb(pval, tt, 1); |
| 198 | if(!seqtt) return 0; | 245 | if (!seqtt) |
| 246 | return 0; | ||
| 199 | pseqval = asn1_get_field_ptr(pval, seqtt); | 247 | pseqval = asn1_get_field_ptr(pval, seqtt); |
| 200 | /* FIXME: check for errors in enhanced version */ | 248 | /* FIXME: check for errors in enhanced version */ |
| 201 | ASN1_template_i2d(pseqval, out, seqtt); | 249 | asn1_template_ex_i2d(pseqval, out, seqtt, -1, aclass); |
| 202 | } | 250 | } |
| 203 | if(asn1_cb && !asn1_cb(ASN1_OP_I2D_POST, pval, it)) | 251 | if (ndef == 2) |
| 252 | ASN1_put_eoc(out); | ||
| 253 | if (asn1_cb && !asn1_cb(ASN1_OP_I2D_POST, pval, it)) | ||
| 204 | return 0; | 254 | return 0; |
| 205 | return seqlen; | 255 | return seqlen; |
| 206 | 256 | ||
| 207 | default: | 257 | default: |
| 208 | return 0; | 258 | return 0; |
| 209 | } | 259 | |
| 260 | } | ||
| 210 | return 0; | 261 | return 0; |
| 211 | } | 262 | } |
| 212 | 263 | ||
| 213 | int ASN1_template_i2d(ASN1_VALUE **pval, unsigned char **out, const ASN1_TEMPLATE *tt) | 264 | int ASN1_template_i2d(ASN1_VALUE **pval, unsigned char **out, |
| 214 | { | 265 | const ASN1_TEMPLATE *tt) |
| 215 | int i, ret, flags, aclass; | 266 | { |
| 267 | return asn1_template_ex_i2d(pval, out, tt, -1, 0); | ||
| 268 | } | ||
| 269 | |||
| 270 | static int asn1_template_ex_i2d(ASN1_VALUE **pval, unsigned char **out, | ||
| 271 | const ASN1_TEMPLATE *tt, int tag, int iclass) | ||
| 272 | { | ||
| 273 | int i, ret, flags, ttag, tclass, ndef; | ||
| 216 | flags = tt->flags; | 274 | flags = tt->flags; |
| 217 | aclass = flags & ASN1_TFLG_TAG_CLASS; | 275 | /* Work out tag and class to use: tagging may come |
| 218 | if(flags & ASN1_TFLG_SK_MASK) { | 276 | * either from the template or the arguments, not both |
| 277 | * because this would create ambiguity. Additionally | ||
| 278 | * the iclass argument may contain some additional flags | ||
| 279 | * which should be noted and passed down to other levels. | ||
| 280 | */ | ||
| 281 | if (flags & ASN1_TFLG_TAG_MASK) | ||
| 282 | { | ||
| 283 | /* Error if argument and template tagging */ | ||
| 284 | if (tag != -1) | ||
| 285 | /* FIXME: error code here */ | ||
| 286 | return -1; | ||
| 287 | /* Get tagging from template */ | ||
| 288 | ttag = tt->tag; | ||
| 289 | tclass = flags & ASN1_TFLG_TAG_CLASS; | ||
| 290 | } | ||
| 291 | else if (tag != -1) | ||
| 292 | { | ||
| 293 | /* No template tagging, get from arguments */ | ||
| 294 | ttag = tag; | ||
| 295 | tclass = iclass & ASN1_TFLG_TAG_CLASS; | ||
| 296 | } | ||
| 297 | else | ||
| 298 | { | ||
| 299 | ttag = -1; | ||
| 300 | tclass = 0; | ||
| 301 | } | ||
| 302 | /* | ||
| 303 | * Remove any class mask from iflag. | ||
| 304 | */ | ||
| 305 | iclass &= ~ASN1_TFLG_TAG_CLASS; | ||
| 306 | |||
| 307 | /* At this point 'ttag' contains the outer tag to use, | ||
| 308 | * 'tclass' is the class and iclass is any flags passed | ||
| 309 | * to this function. | ||
| 310 | */ | ||
| 311 | |||
| 312 | /* if template and arguments require ndef, use it */ | ||
| 313 | if ((flags & ASN1_TFLG_NDEF) && (iclass & ASN1_TFLG_NDEF)) | ||
| 314 | ndef = 2; | ||
| 315 | else ndef = 1; | ||
| 316 | |||
| 317 | if (flags & ASN1_TFLG_SK_MASK) | ||
| 318 | { | ||
| 219 | /* SET OF, SEQUENCE OF */ | 319 | /* SET OF, SEQUENCE OF */ |
| 220 | STACK_OF(ASN1_VALUE) *sk = (STACK_OF(ASN1_VALUE) *)*pval; | 320 | STACK_OF(ASN1_VALUE) *sk = (STACK_OF(ASN1_VALUE) *)*pval; |
| 221 | int isset, sktag, skaclass; | 321 | int isset, sktag, skaclass; |
| 222 | int skcontlen, sklen; | 322 | int skcontlen, sklen; |
| 223 | ASN1_VALUE *skitem; | 323 | ASN1_VALUE *skitem; |
| 224 | if(!*pval) return 0; | 324 | |
| 225 | if(flags & ASN1_TFLG_SET_OF) { | 325 | if (!*pval) |
| 326 | return 0; | ||
| 327 | |||
| 328 | if (flags & ASN1_TFLG_SET_OF) | ||
| 329 | { | ||
| 226 | isset = 1; | 330 | isset = 1; |
| 227 | /* 2 means we reorder */ | 331 | /* 2 means we reorder */ |
| 228 | if(flags & ASN1_TFLG_SEQUENCE_OF) isset = 2; | 332 | if (flags & ASN1_TFLG_SEQUENCE_OF) |
| 229 | } else isset = 0; | 333 | isset = 2; |
| 230 | /* First work out inner tag value */ | 334 | } |
| 231 | if(flags & ASN1_TFLG_IMPTAG) { | 335 | else isset = 0; |
| 232 | sktag = tt->tag; | 336 | |
| 233 | skaclass = aclass; | 337 | /* Work out inner tag value: if EXPLICIT |
| 234 | } else { | 338 | * or no tagging use underlying type. |
| 339 | */ | ||
| 340 | if ((ttag != -1) && !(flags & ASN1_TFLG_EXPTAG)) | ||
| 341 | { | ||
| 342 | sktag = ttag; | ||
| 343 | skaclass = tclass; | ||
| 344 | } | ||
| 345 | else | ||
| 346 | { | ||
| 235 | skaclass = V_ASN1_UNIVERSAL; | 347 | skaclass = V_ASN1_UNIVERSAL; |
| 236 | if(isset) sktag = V_ASN1_SET; | 348 | if (isset) |
| 349 | sktag = V_ASN1_SET; | ||
| 237 | else sktag = V_ASN1_SEQUENCE; | 350 | else sktag = V_ASN1_SEQUENCE; |
| 238 | } | 351 | } |
| 239 | /* Now work out length of items */ | 352 | |
| 353 | /* Determine total length of items */ | ||
| 240 | skcontlen = 0; | 354 | skcontlen = 0; |
| 241 | for(i = 0; i < sk_ASN1_VALUE_num(sk); i++) { | 355 | for (i = 0; i < sk_ASN1_VALUE_num(sk); i++) |
| 356 | { | ||
| 242 | skitem = sk_ASN1_VALUE_value(sk, i); | 357 | skitem = sk_ASN1_VALUE_value(sk, i); |
| 243 | skcontlen += ASN1_item_ex_i2d(&skitem, NULL, ASN1_ITEM_ptr(tt->item), -1, 0); | 358 | skcontlen += ASN1_item_ex_i2d(&skitem, NULL, |
| 244 | } | 359 | ASN1_ITEM_ptr(tt->item), |
| 245 | sklen = ASN1_object_size(1, skcontlen, sktag); | 360 | -1, iclass); |
| 361 | } | ||
| 362 | sklen = ASN1_object_size(ndef, skcontlen, sktag); | ||
| 246 | /* If EXPLICIT need length of surrounding tag */ | 363 | /* If EXPLICIT need length of surrounding tag */ |
| 247 | if(flags & ASN1_TFLG_EXPTAG) | 364 | if (flags & ASN1_TFLG_EXPTAG) |
| 248 | ret = ASN1_object_size(1, sklen, tt->tag); | 365 | ret = ASN1_object_size(ndef, sklen, ttag); |
| 249 | else ret = sklen; | 366 | else ret = sklen; |
| 250 | 367 | ||
| 251 | if(!out) return ret; | 368 | if (!out) |
| 369 | return ret; | ||
| 252 | 370 | ||
| 253 | /* Now encode this lot... */ | 371 | /* Now encode this lot... */ |
| 254 | /* EXPLICIT tag */ | 372 | /* EXPLICIT tag */ |
| 255 | if(flags & ASN1_TFLG_EXPTAG) | 373 | if (flags & ASN1_TFLG_EXPTAG) |
| 256 | ASN1_put_object(out, 1, sklen, tt->tag, aclass); | 374 | ASN1_put_object(out, ndef, sklen, ttag, tclass); |
| 257 | /* SET or SEQUENCE and IMPLICIT tag */ | 375 | /* SET or SEQUENCE and IMPLICIT tag */ |
| 258 | ASN1_put_object(out, 1, skcontlen, sktag, skaclass); | 376 | ASN1_put_object(out, ndef, skcontlen, sktag, skaclass); |
| 259 | /* And finally the stuff itself */ | 377 | /* And the stuff itself */ |
| 260 | asn1_set_seq_out(sk, out, skcontlen, ASN1_ITEM_ptr(tt->item), isset); | 378 | asn1_set_seq_out(sk, out, skcontlen, ASN1_ITEM_ptr(tt->item), |
| 379 | isset, iclass); | ||
| 380 | if (ndef == 2) | ||
| 381 | { | ||
| 382 | ASN1_put_eoc(out); | ||
| 383 | if (flags & ASN1_TFLG_EXPTAG) | ||
| 384 | ASN1_put_eoc(out); | ||
| 385 | } | ||
| 261 | 386 | ||
| 262 | return ret; | 387 | return ret; |
| 263 | } | 388 | } |
| 264 | 389 | ||
| 265 | if(flags & ASN1_TFLG_EXPTAG) { | 390 | if (flags & ASN1_TFLG_EXPTAG) |
| 391 | { | ||
| 266 | /* EXPLICIT tagging */ | 392 | /* EXPLICIT tagging */ |
| 267 | /* Find length of tagged item */ | 393 | /* Find length of tagged item */ |
| 268 | i = ASN1_item_ex_i2d(pval, NULL, ASN1_ITEM_ptr(tt->item), -1, 0); | 394 | i = ASN1_item_ex_i2d(pval, NULL, ASN1_ITEM_ptr(tt->item), |
| 269 | if(!i) return 0; | 395 | -1, iclass); |
| 396 | if (!i) | ||
| 397 | return 0; | ||
| 270 | /* Find length of EXPLICIT tag */ | 398 | /* Find length of EXPLICIT tag */ |
| 271 | ret = ASN1_object_size(1, i, tt->tag); | 399 | ret = ASN1_object_size(ndef, i, ttag); |
| 272 | if(out) { | 400 | if (out) |
| 401 | { | ||
| 273 | /* Output tag and item */ | 402 | /* Output tag and item */ |
| 274 | ASN1_put_object(out, 1, i, tt->tag, aclass); | 403 | ASN1_put_object(out, ndef, i, ttag, tclass); |
| 275 | ASN1_item_ex_i2d(pval, out, ASN1_ITEM_ptr(tt->item), -1, 0); | 404 | ASN1_item_ex_i2d(pval, out, ASN1_ITEM_ptr(tt->item), |
| 276 | } | 405 | -1, iclass); |
| 406 | if (ndef == 2) | ||
| 407 | ASN1_put_eoc(out); | ||
| 408 | } | ||
| 277 | return ret; | 409 | return ret; |
| 278 | } | 410 | } |
| 279 | if(flags & ASN1_TFLG_IMPTAG) { | 411 | |
| 280 | /* IMPLICIT tagging */ | 412 | /* Either normal or IMPLICIT tagging: combine class and flags */ |
| 281 | return ASN1_item_ex_i2d(pval, out, ASN1_ITEM_ptr(tt->item), tt->tag, aclass); | 413 | return ASN1_item_ex_i2d(pval, out, ASN1_ITEM_ptr(tt->item), |
| 282 | } | 414 | ttag, tclass | iclass); |
| 283 | /* Nothing special: treat as normal */ | 415 | |
| 284 | return ASN1_item_ex_i2d(pval, out, ASN1_ITEM_ptr(tt->item), -1, 0); | ||
| 285 | } | 416 | } |
| 286 | 417 | ||
| 287 | /* Temporary structure used to hold DER encoding of items for SET OF */ | 418 | /* Temporary structure used to hold DER encoding of items for SET OF */ |
| @@ -293,72 +424,90 @@ typedef struct { | |||
| 293 | } DER_ENC; | 424 | } DER_ENC; |
| 294 | 425 | ||
| 295 | static int der_cmp(const void *a, const void *b) | 426 | static int der_cmp(const void *a, const void *b) |
| 296 | { | 427 | { |
| 297 | const DER_ENC *d1 = a, *d2 = b; | 428 | const DER_ENC *d1 = a, *d2 = b; |
| 298 | int cmplen, i; | 429 | int cmplen, i; |
| 299 | cmplen = (d1->length < d2->length) ? d1->length : d2->length; | 430 | cmplen = (d1->length < d2->length) ? d1->length : d2->length; |
| 300 | i = memcmp(d1->data, d2->data, cmplen); | 431 | i = memcmp(d1->data, d2->data, cmplen); |
| 301 | if(i) return i; | 432 | if (i) |
| 433 | return i; | ||
| 302 | return d1->length - d2->length; | 434 | return d1->length - d2->length; |
| 303 | } | 435 | } |
| 304 | 436 | ||
| 305 | /* Output the content octets of SET OF or SEQUENCE OF */ | 437 | /* Output the content octets of SET OF or SEQUENCE OF */ |
| 306 | 438 | ||
| 307 | static int asn1_set_seq_out(STACK_OF(ASN1_VALUE) *sk, unsigned char **out, int skcontlen, const ASN1_ITEM *item, int do_sort) | 439 | static int asn1_set_seq_out(STACK_OF(ASN1_VALUE) *sk, unsigned char **out, |
| 308 | { | 440 | int skcontlen, const ASN1_ITEM *item, |
| 441 | int do_sort, int iclass) | ||
| 442 | { | ||
| 309 | int i; | 443 | int i; |
| 310 | ASN1_VALUE *skitem; | 444 | ASN1_VALUE *skitem; |
| 311 | unsigned char *tmpdat = NULL, *p = NULL; | 445 | unsigned char *tmpdat = NULL, *p = NULL; |
| 312 | DER_ENC *derlst = NULL, *tder; | 446 | DER_ENC *derlst = NULL, *tder; |
| 313 | if(do_sort) { | 447 | if (do_sort) |
| 448 | { | ||
| 314 | /* Don't need to sort less than 2 items */ | 449 | /* Don't need to sort less than 2 items */ |
| 315 | if(sk_ASN1_VALUE_num(sk) < 2) do_sort = 0; | 450 | if (sk_ASN1_VALUE_num(sk) < 2) |
| 316 | else { | 451 | do_sort = 0; |
| 317 | derlst = OPENSSL_malloc(sk_ASN1_VALUE_num(sk) * sizeof(*derlst)); | 452 | else |
| 453 | { | ||
| 454 | derlst = OPENSSL_malloc(sk_ASN1_VALUE_num(sk) | ||
| 455 | * sizeof(*derlst)); | ||
| 318 | tmpdat = OPENSSL_malloc(skcontlen); | 456 | tmpdat = OPENSSL_malloc(skcontlen); |
| 319 | if(!derlst || !tmpdat) return 0; | 457 | if (!derlst || !tmpdat) |
| 458 | return 0; | ||
| 459 | } | ||
| 320 | } | 460 | } |
| 321 | } | ||
| 322 | /* If not sorting just output each item */ | 461 | /* If not sorting just output each item */ |
| 323 | if(!do_sort) { | 462 | if (!do_sort) |
| 324 | for(i = 0; i < sk_ASN1_VALUE_num(sk); i++) { | 463 | { |
| 464 | for (i = 0; i < sk_ASN1_VALUE_num(sk); i++) | ||
| 465 | { | ||
| 325 | skitem = sk_ASN1_VALUE_value(sk, i); | 466 | skitem = sk_ASN1_VALUE_value(sk, i); |
| 326 | ASN1_item_i2d(skitem, out, item); | 467 | ASN1_item_ex_i2d(&skitem, out, item, -1, iclass); |
| 327 | } | 468 | } |
| 328 | return 1; | 469 | return 1; |
| 329 | } | 470 | } |
| 330 | p = tmpdat; | 471 | p = tmpdat; |
| 472 | |||
| 331 | /* Doing sort: build up a list of each member's DER encoding */ | 473 | /* Doing sort: build up a list of each member's DER encoding */ |
| 332 | for(i = 0, tder = derlst; i < sk_ASN1_VALUE_num(sk); i++, tder++) { | 474 | for (i = 0, tder = derlst; i < sk_ASN1_VALUE_num(sk); i++, tder++) |
| 475 | { | ||
| 333 | skitem = sk_ASN1_VALUE_value(sk, i); | 476 | skitem = sk_ASN1_VALUE_value(sk, i); |
| 334 | tder->data = p; | 477 | tder->data = p; |
| 335 | tder->length = ASN1_item_i2d(skitem, &p, item); | 478 | tder->length = ASN1_item_ex_i2d(&skitem, &p, item, -1, iclass); |
| 336 | tder->field = skitem; | 479 | tder->field = skitem; |
| 337 | } | 480 | } |
| 481 | |||
| 338 | /* Now sort them */ | 482 | /* Now sort them */ |
| 339 | qsort(derlst, sk_ASN1_VALUE_num(sk), sizeof(*derlst), der_cmp); | 483 | qsort(derlst, sk_ASN1_VALUE_num(sk), sizeof(*derlst), der_cmp); |
| 340 | /* Output sorted DER encoding */ | 484 | /* Output sorted DER encoding */ |
| 341 | p = *out; | 485 | p = *out; |
| 342 | for(i = 0, tder = derlst; i < sk_ASN1_VALUE_num(sk); i++, tder++) { | 486 | for (i = 0, tder = derlst; i < sk_ASN1_VALUE_num(sk); i++, tder++) |
| 487 | { | ||
| 343 | memcpy(p, tder->data, tder->length); | 488 | memcpy(p, tder->data, tder->length); |
| 344 | p += tder->length; | 489 | p += tder->length; |
| 345 | } | 490 | } |
| 346 | *out = p; | 491 | *out = p; |
| 347 | /* If do_sort is 2 then reorder the STACK */ | 492 | /* If do_sort is 2 then reorder the STACK */ |
| 348 | if(do_sort == 2) { | 493 | if (do_sort == 2) |
| 349 | for(i = 0, tder = derlst; i < sk_ASN1_VALUE_num(sk); i++, tder++) | 494 | { |
| 350 | sk_ASN1_VALUE_set(sk, i, tder->field); | 495 | for (i = 0, tder = derlst; i < sk_ASN1_VALUE_num(sk); |
| 351 | } | 496 | i++, tder++) |
| 497 | (void)sk_ASN1_VALUE_set(sk, i, tder->field); | ||
| 498 | } | ||
| 352 | OPENSSL_free(derlst); | 499 | OPENSSL_free(derlst); |
| 353 | OPENSSL_free(tmpdat); | 500 | OPENSSL_free(tmpdat); |
| 354 | return 1; | 501 | return 1; |
| 355 | } | 502 | } |
| 356 | 503 | ||
| 357 | static int asn1_i2d_ex_primitive(ASN1_VALUE **pval, unsigned char **out, const ASN1_ITEM *it, int tag, int aclass) | 504 | static int asn1_i2d_ex_primitive(ASN1_VALUE **pval, unsigned char **out, |
| 358 | { | 505 | const ASN1_ITEM *it, int tag, int aclass) |
| 506 | { | ||
| 359 | int len; | 507 | int len; |
| 360 | int utype; | 508 | int utype; |
| 361 | int usetag; | 509 | int usetag; |
| 510 | int ndef = 0; | ||
| 362 | 511 | ||
| 363 | utype = it->utype; | 512 | utype = it->utype; |
| 364 | 513 | ||
| @@ -374,33 +523,48 @@ static int asn1_i2d_ex_primitive(ASN1_VALUE **pval, unsigned char **out, const A | |||
| 374 | * because the call to asn1_ex_i2c() could change | 523 | * because the call to asn1_ex_i2c() could change |
| 375 | * utype. | 524 | * utype. |
| 376 | */ | 525 | */ |
| 377 | if((utype == V_ASN1_SEQUENCE) || (utype == V_ASN1_SET) || | 526 | if ((utype == V_ASN1_SEQUENCE) || (utype == V_ASN1_SET) || |
| 378 | (utype == V_ASN1_OTHER)) | 527 | (utype == V_ASN1_OTHER)) |
| 379 | usetag = 0; | 528 | usetag = 0; |
| 380 | else usetag = 1; | 529 | else usetag = 1; |
| 381 | 530 | ||
| 382 | /* -1 means omit type */ | 531 | /* -1 means omit type */ |
| 383 | 532 | ||
| 384 | if(len == -1) return 0; | 533 | if (len == -1) |
| 534 | return 0; | ||
| 535 | |||
| 536 | /* -2 return is special meaning use ndef */ | ||
| 537 | if (len == -2) | ||
| 538 | { | ||
| 539 | ndef = 2; | ||
| 540 | len = 0; | ||
| 541 | } | ||
| 385 | 542 | ||
| 386 | /* If not implicitly tagged get tag from underlying type */ | 543 | /* If not implicitly tagged get tag from underlying type */ |
| 387 | if(tag == -1) tag = utype; | 544 | if (tag == -1) tag = utype; |
| 388 | 545 | ||
| 389 | /* Output tag+length followed by content octets */ | 546 | /* Output tag+length followed by content octets */ |
| 390 | if(out) { | 547 | if (out) |
| 391 | if(usetag) ASN1_put_object(out, 0, len, tag, aclass); | 548 | { |
| 549 | if (usetag) | ||
| 550 | ASN1_put_object(out, ndef, len, tag, aclass); | ||
| 392 | asn1_ex_i2c(pval, *out, &utype, it); | 551 | asn1_ex_i2c(pval, *out, &utype, it); |
| 393 | *out += len; | 552 | if (ndef) |
| 394 | } | 553 | ASN1_put_eoc(out); |
| 554 | else | ||
| 555 | *out += len; | ||
| 556 | } | ||
| 395 | 557 | ||
| 396 | if(usetag) return ASN1_object_size(0, len, tag); | 558 | if (usetag) |
| 559 | return ASN1_object_size(ndef, len, tag); | ||
| 397 | return len; | 560 | return len; |
| 398 | } | 561 | } |
| 399 | 562 | ||
| 400 | /* Produce content octets from a structure */ | 563 | /* Produce content octets from a structure */ |
| 401 | 564 | ||
| 402 | int asn1_ex_i2c(ASN1_VALUE **pval, unsigned char *cout, int *putype, const ASN1_ITEM *it) | 565 | int asn1_ex_i2c(ASN1_VALUE **pval, unsigned char *cout, int *putype, |
| 403 | { | 566 | const ASN1_ITEM *it) |
| 567 | { | ||
| 404 | ASN1_BOOLEAN *tbool = NULL; | 568 | ASN1_BOOLEAN *tbool = NULL; |
| 405 | ASN1_STRING *strtmp; | 569 | ASN1_STRING *strtmp; |
| 406 | ASN1_OBJECT *otmp; | 570 | ASN1_OBJECT *otmp; |
| @@ -409,28 +573,36 @@ int asn1_ex_i2c(ASN1_VALUE **pval, unsigned char *cout, int *putype, const ASN1_ | |||
| 409 | int len; | 573 | int len; |
| 410 | const ASN1_PRIMITIVE_FUNCS *pf; | 574 | const ASN1_PRIMITIVE_FUNCS *pf; |
| 411 | pf = it->funcs; | 575 | pf = it->funcs; |
| 412 | if(pf && pf->prim_i2c) return pf->prim_i2c(pval, cout, putype, it); | 576 | if (pf && pf->prim_i2c) |
| 577 | return pf->prim_i2c(pval, cout, putype, it); | ||
| 413 | 578 | ||
| 414 | /* Should type be omitted? */ | 579 | /* Should type be omitted? */ |
| 415 | if((it->itype != ASN1_ITYPE_PRIMITIVE) || (it->utype != V_ASN1_BOOLEAN)) { | 580 | if ((it->itype != ASN1_ITYPE_PRIMITIVE) |
| 416 | if(!*pval) return -1; | 581 | || (it->utype != V_ASN1_BOOLEAN)) |
| 417 | } | 582 | { |
| 583 | if (!*pval) return -1; | ||
| 584 | } | ||
| 418 | 585 | ||
| 419 | if(it->itype == ASN1_ITYPE_MSTRING) { | 586 | if (it->itype == ASN1_ITYPE_MSTRING) |
| 587 | { | ||
| 420 | /* If MSTRING type set the underlying type */ | 588 | /* If MSTRING type set the underlying type */ |
| 421 | strtmp = (ASN1_STRING *)*pval; | 589 | strtmp = (ASN1_STRING *)*pval; |
| 422 | utype = strtmp->type; | 590 | utype = strtmp->type; |
| 423 | *putype = utype; | 591 | *putype = utype; |
| 424 | } else if(it->utype == V_ASN1_ANY) { | 592 | } |
| 593 | else if (it->utype == V_ASN1_ANY) | ||
| 594 | { | ||
| 425 | /* If ANY set type and pointer to value */ | 595 | /* If ANY set type and pointer to value */ |
| 426 | ASN1_TYPE *typ; | 596 | ASN1_TYPE *typ; |
| 427 | typ = (ASN1_TYPE *)*pval; | 597 | typ = (ASN1_TYPE *)*pval; |
| 428 | utype = typ->type; | 598 | utype = typ->type; |
| 429 | *putype = utype; | 599 | *putype = utype; |
| 430 | pval = (ASN1_VALUE **)&typ->value.ptr; | 600 | pval = &typ->value.asn1_value; |
| 431 | } else utype = *putype; | 601 | } |
| 602 | else utype = *putype; | ||
| 432 | 603 | ||
| 433 | switch(utype) { | 604 | switch(utype) |
| 605 | { | ||
| 434 | case V_ASN1_OBJECT: | 606 | case V_ASN1_OBJECT: |
| 435 | otmp = (ASN1_OBJECT *)*pval; | 607 | otmp = (ASN1_OBJECT *)*pval; |
| 436 | cont = otmp->data; | 608 | cont = otmp->data; |
| @@ -444,12 +616,15 @@ int asn1_ex_i2c(ASN1_VALUE **pval, unsigned char *cout, int *putype, const ASN1_ | |||
| 444 | 616 | ||
| 445 | case V_ASN1_BOOLEAN: | 617 | case V_ASN1_BOOLEAN: |
| 446 | tbool = (ASN1_BOOLEAN *)pval; | 618 | tbool = (ASN1_BOOLEAN *)pval; |
| 447 | if(*tbool == -1) return -1; | 619 | if (*tbool == -1) |
| 620 | return -1; | ||
| 448 | if (it->utype != V_ASN1_ANY) | 621 | if (it->utype != V_ASN1_ANY) |
| 449 | { | 622 | { |
| 450 | /* Default handling if value == size field then omit */ | 623 | /* Default handling if value == size field then omit */ |
| 451 | if(*tbool && (it->size > 0)) return -1; | 624 | if (*tbool && (it->size > 0)) |
| 452 | if(!*tbool && !it->size) return -1; | 625 | return -1; |
| 626 | if (!*tbool && !it->size) | ||
| 627 | return -1; | ||
| 453 | } | 628 | } |
| 454 | c = (unsigned char)*tbool; | 629 | c = (unsigned char)*tbool; |
| 455 | cont = &c; | 630 | cont = &c; |
| @@ -457,7 +632,8 @@ int asn1_ex_i2c(ASN1_VALUE **pval, unsigned char *cout, int *putype, const ASN1_ | |||
| 457 | break; | 632 | break; |
| 458 | 633 | ||
| 459 | case V_ASN1_BIT_STRING: | 634 | case V_ASN1_BIT_STRING: |
| 460 | return i2c_ASN1_BIT_STRING((ASN1_BIT_STRING *)*pval, cout ? &cout : NULL); | 635 | return i2c_ASN1_BIT_STRING((ASN1_BIT_STRING *)*pval, |
| 636 | cout ? &cout : NULL); | ||
| 461 | break; | 637 | break; |
| 462 | 638 | ||
| 463 | case V_ASN1_INTEGER: | 639 | case V_ASN1_INTEGER: |
| @@ -467,7 +643,8 @@ int asn1_ex_i2c(ASN1_VALUE **pval, unsigned char *cout, int *putype, const ASN1_ | |||
| 467 | /* These are all have the same content format | 643 | /* These are all have the same content format |
| 468 | * as ASN1_INTEGER | 644 | * as ASN1_INTEGER |
| 469 | */ | 645 | */ |
| 470 | return i2c_ASN1_INTEGER((ASN1_INTEGER *)*pval, cout ? &cout : NULL); | 646 | return i2c_ASN1_INTEGER((ASN1_INTEGER *)*pval, |
| 647 | cout ? &cout : NULL); | ||
| 471 | break; | 648 | break; |
| 472 | 649 | ||
| 473 | case V_ASN1_OCTET_STRING: | 650 | case V_ASN1_OCTET_STRING: |
| @@ -489,12 +666,25 @@ int asn1_ex_i2c(ASN1_VALUE **pval, unsigned char *cout, int *putype, const ASN1_ | |||
| 489 | default: | 666 | default: |
| 490 | /* All based on ASN1_STRING and handled the same */ | 667 | /* All based on ASN1_STRING and handled the same */ |
| 491 | strtmp = (ASN1_STRING *)*pval; | 668 | strtmp = (ASN1_STRING *)*pval; |
| 669 | /* Special handling for NDEF */ | ||
| 670 | if ((it->size == ASN1_TFLG_NDEF) | ||
| 671 | && (strtmp->flags & ASN1_STRING_FLAG_NDEF)) | ||
| 672 | { | ||
| 673 | if (cout) | ||
| 674 | { | ||
| 675 | strtmp->data = cout; | ||
| 676 | strtmp->length = 0; | ||
| 677 | } | ||
| 678 | /* Special return code */ | ||
| 679 | return -2; | ||
| 680 | } | ||
| 492 | cont = strtmp->data; | 681 | cont = strtmp->data; |
| 493 | len = strtmp->length; | 682 | len = strtmp->length; |
| 494 | 683 | ||
| 495 | break; | 684 | break; |
| 496 | 685 | ||
| 497 | } | 686 | } |
| 498 | if(cout && len) memcpy(cout, cont, len); | 687 | if (cout && len) |
| 688 | memcpy(cout, cont, len); | ||
| 499 | return len; | 689 | return len; |
| 500 | } | 690 | } |
diff --git a/src/lib/libssl/src/crypto/asn1/tasn_fre.c b/src/lib/libssl/src/crypto/asn1/tasn_fre.c index 2dd844159e..bb7c1e2af4 100644 --- a/src/lib/libssl/src/crypto/asn1/tasn_fre.c +++ b/src/lib/libssl/src/crypto/asn1/tasn_fre.c | |||
| @@ -67,33 +67,40 @@ static void asn1_item_combine_free(ASN1_VALUE **pval, const ASN1_ITEM *it, int c | |||
| 67 | /* Free up an ASN1 structure */ | 67 | /* Free up an ASN1 structure */ |
| 68 | 68 | ||
| 69 | void ASN1_item_free(ASN1_VALUE *val, const ASN1_ITEM *it) | 69 | void ASN1_item_free(ASN1_VALUE *val, const ASN1_ITEM *it) |
| 70 | { | 70 | { |
| 71 | asn1_item_combine_free(&val, it, 0); | 71 | asn1_item_combine_free(&val, it, 0); |
| 72 | } | 72 | } |
| 73 | 73 | ||
| 74 | void ASN1_item_ex_free(ASN1_VALUE **pval, const ASN1_ITEM *it) | 74 | void ASN1_item_ex_free(ASN1_VALUE **pval, const ASN1_ITEM *it) |
| 75 | { | 75 | { |
| 76 | asn1_item_combine_free(pval, it, 0); | 76 | asn1_item_combine_free(pval, it, 0); |
| 77 | } | 77 | } |
| 78 | 78 | ||
| 79 | static void asn1_item_combine_free(ASN1_VALUE **pval, const ASN1_ITEM *it, int combine) | 79 | static void asn1_item_combine_free(ASN1_VALUE **pval, const ASN1_ITEM *it, int combine) |
| 80 | { | 80 | { |
| 81 | const ASN1_TEMPLATE *tt = NULL, *seqtt; | 81 | const ASN1_TEMPLATE *tt = NULL, *seqtt; |
| 82 | const ASN1_EXTERN_FUNCS *ef; | 82 | const ASN1_EXTERN_FUNCS *ef; |
| 83 | const ASN1_COMPAT_FUNCS *cf; | 83 | const ASN1_COMPAT_FUNCS *cf; |
| 84 | const ASN1_AUX *aux = it->funcs; | 84 | const ASN1_AUX *aux = it->funcs; |
| 85 | ASN1_aux_cb *asn1_cb; | 85 | ASN1_aux_cb *asn1_cb; |
| 86 | int i; | 86 | int i; |
| 87 | if(!pval) return; | 87 | if (!pval) |
| 88 | if((it->itype != ASN1_ITYPE_PRIMITIVE) && !*pval) return; | 88 | return; |
| 89 | if(aux && aux->asn1_cb) asn1_cb = aux->asn1_cb; | 89 | if ((it->itype != ASN1_ITYPE_PRIMITIVE) && !*pval) |
| 90 | else asn1_cb = 0; | 90 | return; |
| 91 | if (aux && aux->asn1_cb) | ||
| 92 | asn1_cb = aux->asn1_cb; | ||
| 93 | else | ||
| 94 | asn1_cb = 0; | ||
| 91 | 95 | ||
| 92 | switch(it->itype) { | 96 | switch(it->itype) |
| 97 | { | ||
| 93 | 98 | ||
| 94 | case ASN1_ITYPE_PRIMITIVE: | 99 | case ASN1_ITYPE_PRIMITIVE: |
| 95 | if(it->templates) ASN1_template_free(pval, it->templates); | 100 | if (it->templates) |
| 96 | else ASN1_primitive_free(pval, it); | 101 | ASN1_template_free(pval, it->templates); |
| 102 | else | ||
| 103 | ASN1_primitive_free(pval, it); | ||
| 97 | break; | 104 | break; |
| 98 | 105 | ||
| 99 | case ASN1_ITYPE_MSTRING: | 106 | case ASN1_ITYPE_MSTRING: |
| @@ -101,41 +108,51 @@ static void asn1_item_combine_free(ASN1_VALUE **pval, const ASN1_ITEM *it, int c | |||
| 101 | break; | 108 | break; |
| 102 | 109 | ||
| 103 | case ASN1_ITYPE_CHOICE: | 110 | case ASN1_ITYPE_CHOICE: |
| 104 | if(asn1_cb) { | 111 | if (asn1_cb) |
| 112 | { | ||
| 105 | i = asn1_cb(ASN1_OP_FREE_PRE, pval, it); | 113 | i = asn1_cb(ASN1_OP_FREE_PRE, pval, it); |
| 106 | if(i == 2) return; | 114 | if (i == 2) |
| 107 | } | 115 | return; |
| 116 | } | ||
| 108 | i = asn1_get_choice_selector(pval, it); | 117 | i = asn1_get_choice_selector(pval, it); |
| 109 | if(asn1_cb) asn1_cb(ASN1_OP_FREE_PRE, pval, it); | 118 | if ((i >= 0) && (i < it->tcount)) |
| 110 | if((i >= 0) && (i < it->tcount)) { | 119 | { |
| 111 | ASN1_VALUE **pchval; | 120 | ASN1_VALUE **pchval; |
| 112 | tt = it->templates + i; | 121 | tt = it->templates + i; |
| 113 | pchval = asn1_get_field_ptr(pval, tt); | 122 | pchval = asn1_get_field_ptr(pval, tt); |
| 114 | ASN1_template_free(pchval, tt); | 123 | ASN1_template_free(pchval, tt); |
| 115 | } | 124 | } |
| 116 | if(asn1_cb) asn1_cb(ASN1_OP_FREE_POST, pval, it); | 125 | if (asn1_cb) |
| 117 | if(!combine) { | 126 | asn1_cb(ASN1_OP_FREE_POST, pval, it); |
| 127 | if (!combine) | ||
| 128 | { | ||
| 118 | OPENSSL_free(*pval); | 129 | OPENSSL_free(*pval); |
| 119 | *pval = NULL; | 130 | *pval = NULL; |
| 120 | } | 131 | } |
| 121 | break; | 132 | break; |
| 122 | 133 | ||
| 123 | case ASN1_ITYPE_COMPAT: | 134 | case ASN1_ITYPE_COMPAT: |
| 124 | cf = it->funcs; | 135 | cf = it->funcs; |
| 125 | if(cf && cf->asn1_free) cf->asn1_free(*pval); | 136 | if (cf && cf->asn1_free) |
| 137 | cf->asn1_free(*pval); | ||
| 126 | break; | 138 | break; |
| 127 | 139 | ||
| 128 | case ASN1_ITYPE_EXTERN: | 140 | case ASN1_ITYPE_EXTERN: |
| 129 | ef = it->funcs; | 141 | ef = it->funcs; |
| 130 | if(ef && ef->asn1_ex_free) ef->asn1_ex_free(pval, it); | 142 | if (ef && ef->asn1_ex_free) |
| 143 | ef->asn1_ex_free(pval, it); | ||
| 131 | break; | 144 | break; |
| 132 | 145 | ||
| 146 | case ASN1_ITYPE_NDEF_SEQUENCE: | ||
| 133 | case ASN1_ITYPE_SEQUENCE: | 147 | case ASN1_ITYPE_SEQUENCE: |
| 134 | if(asn1_do_lock(pval, -1, it) > 0) return; | 148 | if (asn1_do_lock(pval, -1, it) > 0) |
| 135 | if(asn1_cb) { | 149 | return; |
| 150 | if (asn1_cb) | ||
| 151 | { | ||
| 136 | i = asn1_cb(ASN1_OP_FREE_PRE, pval, it); | 152 | i = asn1_cb(ASN1_OP_FREE_PRE, pval, it); |
| 137 | if(i == 2) return; | 153 | if (i == 2) |
| 138 | } | 154 | return; |
| 155 | } | ||
| 139 | asn1_enc_free(pval, it); | 156 | asn1_enc_free(pval, it); |
| 140 | /* If we free up as normal we will invalidate any | 157 | /* If we free up as normal we will invalidate any |
| 141 | * ANY DEFINED BY field and we wont be able to | 158 | * ANY DEFINED BY field and we wont be able to |
| @@ -143,64 +160,84 @@ static void asn1_item_combine_free(ASN1_VALUE **pval, const ASN1_ITEM *it, int c | |||
| 143 | * free up in reverse order. | 160 | * free up in reverse order. |
| 144 | */ | 161 | */ |
| 145 | tt = it->templates + it->tcount - 1; | 162 | tt = it->templates + it->tcount - 1; |
| 146 | for(i = 0; i < it->tcount; tt--, i++) { | 163 | for (i = 0; i < it->tcount; tt--, i++) |
| 164 | { | ||
| 147 | ASN1_VALUE **pseqval; | 165 | ASN1_VALUE **pseqval; |
| 148 | seqtt = asn1_do_adb(pval, tt, 0); | 166 | seqtt = asn1_do_adb(pval, tt, 0); |
| 149 | if(!seqtt) continue; | 167 | if (!seqtt) |
| 168 | continue; | ||
| 150 | pseqval = asn1_get_field_ptr(pval, seqtt); | 169 | pseqval = asn1_get_field_ptr(pval, seqtt); |
| 151 | ASN1_template_free(pseqval, seqtt); | 170 | ASN1_template_free(pseqval, seqtt); |
| 152 | } | 171 | } |
| 153 | if(asn1_cb) asn1_cb(ASN1_OP_FREE_POST, pval, it); | 172 | if (asn1_cb) |
| 154 | if(!combine) { | 173 | asn1_cb(ASN1_OP_FREE_POST, pval, it); |
| 174 | if (!combine) | ||
| 175 | { | ||
| 155 | OPENSSL_free(*pval); | 176 | OPENSSL_free(*pval); |
| 156 | *pval = NULL; | 177 | *pval = NULL; |
| 157 | } | 178 | } |
| 158 | break; | 179 | break; |
| 180 | } | ||
| 159 | } | 181 | } |
| 160 | } | ||
| 161 | 182 | ||
| 162 | void ASN1_template_free(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt) | 183 | void ASN1_template_free(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt) |
| 163 | { | 184 | { |
| 164 | int i; | 185 | int i; |
| 165 | if(tt->flags & ASN1_TFLG_SK_MASK) { | 186 | if (tt->flags & ASN1_TFLG_SK_MASK) |
| 187 | { | ||
| 166 | STACK_OF(ASN1_VALUE) *sk = (STACK_OF(ASN1_VALUE) *)*pval; | 188 | STACK_OF(ASN1_VALUE) *sk = (STACK_OF(ASN1_VALUE) *)*pval; |
| 167 | for(i = 0; i < sk_ASN1_VALUE_num(sk); i++) { | 189 | for (i = 0; i < sk_ASN1_VALUE_num(sk); i++) |
| 190 | { | ||
| 168 | ASN1_VALUE *vtmp; | 191 | ASN1_VALUE *vtmp; |
| 169 | vtmp = sk_ASN1_VALUE_value(sk, i); | 192 | vtmp = sk_ASN1_VALUE_value(sk, i); |
| 170 | asn1_item_combine_free(&vtmp, ASN1_ITEM_ptr(tt->item), 0); | 193 | asn1_item_combine_free(&vtmp, ASN1_ITEM_ptr(tt->item), |
| 171 | } | 194 | 0); |
| 195 | } | ||
| 172 | sk_ASN1_VALUE_free(sk); | 196 | sk_ASN1_VALUE_free(sk); |
| 173 | *pval = NULL; | 197 | *pval = NULL; |
| 174 | } else asn1_item_combine_free(pval, ASN1_ITEM_ptr(tt->item), | 198 | } |
| 199 | else | ||
| 200 | asn1_item_combine_free(pval, ASN1_ITEM_ptr(tt->item), | ||
| 175 | tt->flags & ASN1_TFLG_COMBINE); | 201 | tt->flags & ASN1_TFLG_COMBINE); |
| 176 | } | 202 | } |
| 177 | 203 | ||
| 178 | void ASN1_primitive_free(ASN1_VALUE **pval, const ASN1_ITEM *it) | 204 | void ASN1_primitive_free(ASN1_VALUE **pval, const ASN1_ITEM *it) |
| 179 | { | 205 | { |
| 180 | int utype; | 206 | int utype; |
| 181 | if(it) { | 207 | if (it) |
| 208 | { | ||
| 182 | const ASN1_PRIMITIVE_FUNCS *pf; | 209 | const ASN1_PRIMITIVE_FUNCS *pf; |
| 183 | pf = it->funcs; | 210 | pf = it->funcs; |
| 184 | if(pf && pf->prim_free) { | 211 | if (pf && pf->prim_free) |
| 212 | { | ||
| 185 | pf->prim_free(pval, it); | 213 | pf->prim_free(pval, it); |
| 186 | return; | 214 | return; |
| 215 | } | ||
| 187 | } | 216 | } |
| 188 | } | ||
| 189 | /* Special case: if 'it' is NULL free contents of ASN1_TYPE */ | 217 | /* Special case: if 'it' is NULL free contents of ASN1_TYPE */ |
| 190 | if(!it) { | 218 | if (!it) |
| 219 | { | ||
| 191 | ASN1_TYPE *typ = (ASN1_TYPE *)*pval; | 220 | ASN1_TYPE *typ = (ASN1_TYPE *)*pval; |
| 192 | utype = typ->type; | 221 | utype = typ->type; |
| 193 | pval = (ASN1_VALUE **)&typ->value.ptr; | 222 | pval = &typ->value.asn1_value; |
| 194 | if(!*pval) return; | 223 | if (!*pval) |
| 195 | } else if(it->itype == ASN1_ITYPE_MSTRING) { | 224 | return; |
| 225 | } | ||
| 226 | else if (it->itype == ASN1_ITYPE_MSTRING) | ||
| 227 | { | ||
| 196 | utype = -1; | 228 | utype = -1; |
| 197 | if(!*pval) return; | 229 | if (!*pval) |
| 198 | } else { | 230 | return; |
| 231 | } | ||
| 232 | else | ||
| 233 | { | ||
| 199 | utype = it->utype; | 234 | utype = it->utype; |
| 200 | if((utype != V_ASN1_BOOLEAN) && !*pval) return; | 235 | if ((utype != V_ASN1_BOOLEAN) && !*pval) |
| 201 | } | 236 | return; |
| 237 | } | ||
| 202 | 238 | ||
| 203 | switch(utype) { | 239 | switch(utype) |
| 240 | { | ||
| 204 | case V_ASN1_OBJECT: | 241 | case V_ASN1_OBJECT: |
| 205 | ASN1_OBJECT_free((ASN1_OBJECT *)*pval); | 242 | ASN1_OBJECT_free((ASN1_OBJECT *)*pval); |
| 206 | break; | 243 | break; |
| @@ -224,6 +261,6 @@ void ASN1_primitive_free(ASN1_VALUE **pval, const ASN1_ITEM *it) | |||
| 224 | ASN1_STRING_free((ASN1_STRING *)*pval); | 261 | ASN1_STRING_free((ASN1_STRING *)*pval); |
| 225 | *pval = NULL; | 262 | *pval = NULL; |
| 226 | break; | 263 | break; |
| 227 | } | 264 | } |
| 228 | *pval = NULL; | 265 | *pval = NULL; |
| 229 | } | 266 | } |
diff --git a/src/lib/libssl/src/crypto/asn1/tasn_new.c b/src/lib/libssl/src/crypto/asn1/tasn_new.c index a0e3db574f..531dad365c 100644 --- a/src/lib/libssl/src/crypto/asn1/tasn_new.c +++ b/src/lib/libssl/src/crypto/asn1/tasn_new.c | |||
| @@ -3,7 +3,7 @@ | |||
| 3 | * project 2000. | 3 | * project 2000. |
| 4 | */ | 4 | */ |
| 5 | /* ==================================================================== | 5 | /* ==================================================================== |
| 6 | * Copyright (c) 2000 The OpenSSL Project. All rights reserved. | 6 | * Copyright (c) 2000-2004 The OpenSSL Project. All rights reserved. |
| 7 | * | 7 | * |
| 8 | * Redistribution and use in source and binary forms, with or without | 8 | * Redistribution and use in source and binary forms, with or without |
| 9 | * modification, are permitted provided that the following conditions | 9 | * modification, are permitted provided that the following conditions |
| @@ -64,27 +64,30 @@ | |||
| 64 | #include <openssl/asn1t.h> | 64 | #include <openssl/asn1t.h> |
| 65 | #include <string.h> | 65 | #include <string.h> |
| 66 | 66 | ||
| 67 | static int asn1_item_ex_combine_new(ASN1_VALUE **pval, const ASN1_ITEM *it, int combine); | 67 | static int asn1_item_ex_combine_new(ASN1_VALUE **pval, const ASN1_ITEM *it, |
| 68 | int combine); | ||
| 68 | static void asn1_item_clear(ASN1_VALUE **pval, const ASN1_ITEM *it); | 69 | static void asn1_item_clear(ASN1_VALUE **pval, const ASN1_ITEM *it); |
| 69 | static void asn1_template_clear(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt); | 70 | static void asn1_template_clear(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt); |
| 70 | void asn1_primitive_clear(ASN1_VALUE **pval, const ASN1_ITEM *it); | 71 | void asn1_primitive_clear(ASN1_VALUE **pval, const ASN1_ITEM *it); |
| 71 | 72 | ||
| 72 | ASN1_VALUE *ASN1_item_new(const ASN1_ITEM *it) | 73 | ASN1_VALUE *ASN1_item_new(const ASN1_ITEM *it) |
| 73 | { | 74 | { |
| 74 | ASN1_VALUE *ret = NULL; | 75 | ASN1_VALUE *ret = NULL; |
| 75 | if(ASN1_item_ex_new(&ret, it) > 0) return ret; | 76 | if (ASN1_item_ex_new(&ret, it) > 0) |
| 77 | return ret; | ||
| 76 | return NULL; | 78 | return NULL; |
| 77 | } | 79 | } |
| 78 | 80 | ||
| 79 | /* Allocate an ASN1 structure */ | 81 | /* Allocate an ASN1 structure */ |
| 80 | 82 | ||
| 81 | int ASN1_item_ex_new(ASN1_VALUE **pval, const ASN1_ITEM *it) | 83 | int ASN1_item_ex_new(ASN1_VALUE **pval, const ASN1_ITEM *it) |
| 82 | { | 84 | { |
| 83 | return asn1_item_ex_combine_new(pval, it, 0); | 85 | return asn1_item_ex_combine_new(pval, it, 0); |
| 84 | } | 86 | } |
| 85 | 87 | ||
| 86 | static int asn1_item_ex_combine_new(ASN1_VALUE **pval, const ASN1_ITEM *it, int combine) | 88 | static int asn1_item_ex_combine_new(ASN1_VALUE **pval, const ASN1_ITEM *it, |
| 87 | { | 89 | int combine) |
| 90 | { | ||
| 88 | const ASN1_TEMPLATE *tt = NULL; | 91 | const ASN1_TEMPLATE *tt = NULL; |
| 89 | const ASN1_COMPAT_FUNCS *cf; | 92 | const ASN1_COMPAT_FUNCS *cf; |
| 90 | const ASN1_EXTERN_FUNCS *ef; | 93 | const ASN1_EXTERN_FUNCS *ef; |
| @@ -92,133 +95,155 @@ static int asn1_item_ex_combine_new(ASN1_VALUE **pval, const ASN1_ITEM *it, int | |||
| 92 | ASN1_aux_cb *asn1_cb; | 95 | ASN1_aux_cb *asn1_cb; |
| 93 | ASN1_VALUE **pseqval; | 96 | ASN1_VALUE **pseqval; |
| 94 | int i; | 97 | int i; |
| 95 | if(aux && aux->asn1_cb) asn1_cb = aux->asn1_cb; | 98 | if (aux && aux->asn1_cb) |
| 96 | else asn1_cb = 0; | 99 | asn1_cb = aux->asn1_cb; |
| 100 | else | ||
| 101 | asn1_cb = 0; | ||
| 97 | 102 | ||
| 98 | if(!combine) *pval = NULL; | 103 | if (!combine) *pval = NULL; |
| 99 | 104 | ||
| 100 | #ifdef CRYPTO_MDEBUG | 105 | #ifdef CRYPTO_MDEBUG |
| 101 | if(it->sname) CRYPTO_push_info(it->sname); | 106 | if (it->sname) |
| 107 | CRYPTO_push_info(it->sname); | ||
| 102 | #endif | 108 | #endif |
| 103 | 109 | ||
| 104 | switch(it->itype) { | 110 | switch(it->itype) |
| 111 | { | ||
| 105 | 112 | ||
| 106 | case ASN1_ITYPE_EXTERN: | 113 | case ASN1_ITYPE_EXTERN: |
| 107 | ef = it->funcs; | 114 | ef = it->funcs; |
| 108 | if(ef && ef->asn1_ex_new) { | 115 | if (ef && ef->asn1_ex_new) |
| 109 | if(!ef->asn1_ex_new(pval, it)) | 116 | { |
| 117 | if (!ef->asn1_ex_new(pval, it)) | ||
| 110 | goto memerr; | 118 | goto memerr; |
| 111 | } | 119 | } |
| 112 | break; | 120 | break; |
| 113 | 121 | ||
| 114 | case ASN1_ITYPE_COMPAT: | 122 | case ASN1_ITYPE_COMPAT: |
| 115 | cf = it->funcs; | 123 | cf = it->funcs; |
| 116 | if(cf && cf->asn1_new) { | 124 | if (cf && cf->asn1_new) { |
| 117 | *pval = cf->asn1_new(); | 125 | *pval = cf->asn1_new(); |
| 118 | if(!*pval) goto memerr; | 126 | if (!*pval) |
| 127 | goto memerr; | ||
| 119 | } | 128 | } |
| 120 | break; | 129 | break; |
| 121 | 130 | ||
| 122 | case ASN1_ITYPE_PRIMITIVE: | 131 | case ASN1_ITYPE_PRIMITIVE: |
| 123 | if(it->templates) { | 132 | if (it->templates) |
| 124 | if(!ASN1_template_new(pval, it->templates)) | 133 | { |
| 134 | if (!ASN1_template_new(pval, it->templates)) | ||
| 125 | goto memerr; | 135 | goto memerr; |
| 126 | } else { | 136 | } |
| 127 | if(!ASN1_primitive_new(pval, it)) | 137 | else if (!ASN1_primitive_new(pval, it)) |
| 128 | goto memerr; | 138 | goto memerr; |
| 129 | } | ||
| 130 | break; | 139 | break; |
| 131 | 140 | ||
| 132 | case ASN1_ITYPE_MSTRING: | 141 | case ASN1_ITYPE_MSTRING: |
| 133 | if(!ASN1_primitive_new(pval, it)) | 142 | if (!ASN1_primitive_new(pval, it)) |
| 134 | goto memerr; | 143 | goto memerr; |
| 135 | break; | 144 | break; |
| 136 | 145 | ||
| 137 | case ASN1_ITYPE_CHOICE: | 146 | case ASN1_ITYPE_CHOICE: |
| 138 | if(asn1_cb) { | 147 | if (asn1_cb) |
| 148 | { | ||
| 139 | i = asn1_cb(ASN1_OP_NEW_PRE, pval, it); | 149 | i = asn1_cb(ASN1_OP_NEW_PRE, pval, it); |
| 140 | if(!i) goto auxerr; | 150 | if (!i) |
| 141 | if(i==2) { | 151 | goto auxerr; |
| 152 | if (i==2) | ||
| 153 | { | ||
| 142 | #ifdef CRYPTO_MDEBUG | 154 | #ifdef CRYPTO_MDEBUG |
| 143 | if(it->sname) CRYPTO_pop_info(); | 155 | if (it->sname) |
| 156 | CRYPTO_pop_info(); | ||
| 144 | #endif | 157 | #endif |
| 145 | return 1; | 158 | return 1; |
| 159 | } | ||
| 146 | } | 160 | } |
| 147 | } | 161 | if (!combine) |
| 148 | if(!combine) { | 162 | { |
| 149 | *pval = OPENSSL_malloc(it->size); | 163 | *pval = OPENSSL_malloc(it->size); |
| 150 | if(!*pval) goto memerr; | 164 | if (!*pval) |
| 165 | goto memerr; | ||
| 151 | memset(*pval, 0, it->size); | 166 | memset(*pval, 0, it->size); |
| 152 | } | 167 | } |
| 153 | asn1_set_choice_selector(pval, -1, it); | 168 | asn1_set_choice_selector(pval, -1, it); |
| 154 | if(asn1_cb && !asn1_cb(ASN1_OP_NEW_POST, pval, it)) | 169 | if (asn1_cb && !asn1_cb(ASN1_OP_NEW_POST, pval, it)) |
| 155 | goto auxerr; | 170 | goto auxerr; |
| 156 | break; | 171 | break; |
| 157 | 172 | ||
| 173 | case ASN1_ITYPE_NDEF_SEQUENCE: | ||
| 158 | case ASN1_ITYPE_SEQUENCE: | 174 | case ASN1_ITYPE_SEQUENCE: |
| 159 | if(asn1_cb) { | 175 | if (asn1_cb) |
| 176 | { | ||
| 160 | i = asn1_cb(ASN1_OP_NEW_PRE, pval, it); | 177 | i = asn1_cb(ASN1_OP_NEW_PRE, pval, it); |
| 161 | if(!i) goto auxerr; | 178 | if (!i) |
| 162 | if(i==2) { | 179 | goto auxerr; |
| 180 | if (i==2) | ||
| 181 | { | ||
| 163 | #ifdef CRYPTO_MDEBUG | 182 | #ifdef CRYPTO_MDEBUG |
| 164 | if(it->sname) CRYPTO_pop_info(); | 183 | if (it->sname) |
| 184 | CRYPTO_pop_info(); | ||
| 165 | #endif | 185 | #endif |
| 166 | return 1; | 186 | return 1; |
| 187 | } | ||
| 167 | } | 188 | } |
| 168 | } | 189 | if (!combine) |
| 169 | if(!combine) { | 190 | { |
| 170 | *pval = OPENSSL_malloc(it->size); | 191 | *pval = OPENSSL_malloc(it->size); |
| 171 | if(!*pval) goto memerr; | 192 | if (!*pval) |
| 193 | goto memerr; | ||
| 172 | memset(*pval, 0, it->size); | 194 | memset(*pval, 0, it->size); |
| 173 | asn1_do_lock(pval, 0, it); | 195 | asn1_do_lock(pval, 0, it); |
| 174 | asn1_enc_init(pval, it); | 196 | asn1_enc_init(pval, it); |
| 175 | } | 197 | } |
| 176 | for(i = 0, tt = it->templates; i < it->tcount; tt++, i++) { | 198 | for (i = 0, tt = it->templates; i < it->tcount; tt++, i++) |
| 199 | { | ||
| 177 | pseqval = asn1_get_field_ptr(pval, tt); | 200 | pseqval = asn1_get_field_ptr(pval, tt); |
| 178 | if(!ASN1_template_new(pseqval, tt)) goto memerr; | 201 | if (!ASN1_template_new(pseqval, tt)) |
| 179 | } | 202 | goto memerr; |
| 180 | if(asn1_cb && !asn1_cb(ASN1_OP_NEW_POST, pval, it)) | 203 | } |
| 204 | if (asn1_cb && !asn1_cb(ASN1_OP_NEW_POST, pval, it)) | ||
| 181 | goto auxerr; | 205 | goto auxerr; |
| 182 | break; | 206 | break; |
| 183 | } | 207 | } |
| 184 | #ifdef CRYPTO_MDEBUG | 208 | #ifdef CRYPTO_MDEBUG |
| 185 | if(it->sname) CRYPTO_pop_info(); | 209 | if (it->sname) CRYPTO_pop_info(); |
| 186 | #endif | 210 | #endif |
| 187 | return 1; | 211 | return 1; |
| 188 | 212 | ||
| 189 | memerr: | 213 | memerr: |
| 190 | ASN1err(ASN1_F_ASN1_ITEM_NEW, ERR_R_MALLOC_FAILURE); | 214 | ASN1err(ASN1_F_ASN1_ITEM_EX_COMBINE_NEW, ERR_R_MALLOC_FAILURE); |
| 191 | #ifdef CRYPTO_MDEBUG | 215 | #ifdef CRYPTO_MDEBUG |
| 192 | if(it->sname) CRYPTO_pop_info(); | 216 | if (it->sname) CRYPTO_pop_info(); |
| 193 | #endif | 217 | #endif |
| 194 | return 0; | 218 | return 0; |
| 195 | 219 | ||
| 196 | auxerr: | 220 | auxerr: |
| 197 | ASN1err(ASN1_F_ASN1_ITEM_NEW, ASN1_R_AUX_ERROR); | 221 | ASN1err(ASN1_F_ASN1_ITEM_EX_COMBINE_NEW, ASN1_R_AUX_ERROR); |
| 198 | ASN1_item_ex_free(pval, it); | 222 | ASN1_item_ex_free(pval, it); |
| 199 | #ifdef CRYPTO_MDEBUG | 223 | #ifdef CRYPTO_MDEBUG |
| 200 | if(it->sname) CRYPTO_pop_info(); | 224 | if (it->sname) CRYPTO_pop_info(); |
| 201 | #endif | 225 | #endif |
| 202 | return 0; | 226 | return 0; |
| 203 | 227 | ||
| 204 | } | 228 | } |
| 205 | 229 | ||
| 206 | static void asn1_item_clear(ASN1_VALUE **pval, const ASN1_ITEM *it) | 230 | static void asn1_item_clear(ASN1_VALUE **pval, const ASN1_ITEM *it) |
| 207 | { | 231 | { |
| 208 | const ASN1_EXTERN_FUNCS *ef; | 232 | const ASN1_EXTERN_FUNCS *ef; |
| 209 | 233 | ||
| 210 | switch(it->itype) { | 234 | switch(it->itype) |
| 235 | { | ||
| 211 | 236 | ||
| 212 | case ASN1_ITYPE_EXTERN: | 237 | case ASN1_ITYPE_EXTERN: |
| 213 | ef = it->funcs; | 238 | ef = it->funcs; |
| 214 | if(ef && ef->asn1_ex_clear) | 239 | if (ef && ef->asn1_ex_clear) |
| 215 | ef->asn1_ex_clear(pval, it); | 240 | ef->asn1_ex_clear(pval, it); |
| 216 | else *pval = NULL; | 241 | else *pval = NULL; |
| 217 | break; | 242 | break; |
| 218 | 243 | ||
| 219 | 244 | ||
| 220 | case ASN1_ITYPE_PRIMITIVE: | 245 | case ASN1_ITYPE_PRIMITIVE: |
| 221 | if(it->templates) | 246 | if (it->templates) |
| 222 | asn1_template_clear(pval, it->templates); | 247 | asn1_template_clear(pval, it->templates); |
| 223 | else | 248 | else |
| 224 | asn1_primitive_clear(pval, it); | 249 | asn1_primitive_clear(pval, it); |
| @@ -231,75 +256,90 @@ static void asn1_item_clear(ASN1_VALUE **pval, const ASN1_ITEM *it) | |||
| 231 | case ASN1_ITYPE_COMPAT: | 256 | case ASN1_ITYPE_COMPAT: |
| 232 | case ASN1_ITYPE_CHOICE: | 257 | case ASN1_ITYPE_CHOICE: |
| 233 | case ASN1_ITYPE_SEQUENCE: | 258 | case ASN1_ITYPE_SEQUENCE: |
| 259 | case ASN1_ITYPE_NDEF_SEQUENCE: | ||
| 234 | *pval = NULL; | 260 | *pval = NULL; |
| 235 | break; | 261 | break; |
| 262 | } | ||
| 236 | } | 263 | } |
| 237 | } | ||
| 238 | 264 | ||
| 239 | 265 | ||
| 240 | int ASN1_template_new(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt) | 266 | int ASN1_template_new(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt) |
| 241 | { | 267 | { |
| 242 | const ASN1_ITEM *it = ASN1_ITEM_ptr(tt->item); | 268 | const ASN1_ITEM *it = ASN1_ITEM_ptr(tt->item); |
| 243 | int ret; | 269 | int ret; |
| 244 | if(tt->flags & ASN1_TFLG_OPTIONAL) { | 270 | if (tt->flags & ASN1_TFLG_OPTIONAL) |
| 271 | { | ||
| 245 | asn1_template_clear(pval, tt); | 272 | asn1_template_clear(pval, tt); |
| 246 | return 1; | 273 | return 1; |
| 247 | } | 274 | } |
| 248 | /* If ANY DEFINED BY nothing to do */ | 275 | /* If ANY DEFINED BY nothing to do */ |
| 249 | 276 | ||
| 250 | if(tt->flags & ASN1_TFLG_ADB_MASK) { | 277 | if (tt->flags & ASN1_TFLG_ADB_MASK) |
| 278 | { | ||
| 251 | *pval = NULL; | 279 | *pval = NULL; |
| 252 | return 1; | 280 | return 1; |
| 253 | } | 281 | } |
| 254 | #ifdef CRYPTO_MDEBUG | 282 | #ifdef CRYPTO_MDEBUG |
| 255 | if(tt->field_name) CRYPTO_push_info(tt->field_name); | 283 | if (tt->field_name) |
| 284 | CRYPTO_push_info(tt->field_name); | ||
| 256 | #endif | 285 | #endif |
| 257 | /* If SET OF or SEQUENCE OF, its a STACK */ | 286 | /* If SET OF or SEQUENCE OF, its a STACK */ |
| 258 | if(tt->flags & ASN1_TFLG_SK_MASK) { | 287 | if (tt->flags & ASN1_TFLG_SK_MASK) |
| 288 | { | ||
| 259 | STACK_OF(ASN1_VALUE) *skval; | 289 | STACK_OF(ASN1_VALUE) *skval; |
| 260 | skval = sk_ASN1_VALUE_new_null(); | 290 | skval = sk_ASN1_VALUE_new_null(); |
| 261 | if(!skval) { | 291 | if (!skval) |
| 292 | { | ||
| 262 | ASN1err(ASN1_F_ASN1_TEMPLATE_NEW, ERR_R_MALLOC_FAILURE); | 293 | ASN1err(ASN1_F_ASN1_TEMPLATE_NEW, ERR_R_MALLOC_FAILURE); |
| 263 | ret = 0; | 294 | ret = 0; |
| 264 | goto done; | 295 | goto done; |
| 265 | } | 296 | } |
| 266 | *pval = (ASN1_VALUE *)skval; | 297 | *pval = (ASN1_VALUE *)skval; |
| 267 | ret = 1; | 298 | ret = 1; |
| 268 | goto done; | 299 | goto done; |
| 269 | } | 300 | } |
| 270 | /* Otherwise pass it back to the item routine */ | 301 | /* Otherwise pass it back to the item routine */ |
| 271 | ret = asn1_item_ex_combine_new(pval, it, tt->flags & ASN1_TFLG_COMBINE); | 302 | ret = asn1_item_ex_combine_new(pval, it, tt->flags & ASN1_TFLG_COMBINE); |
| 272 | done: | 303 | done: |
| 273 | #ifdef CRYPTO_MDEBUG | 304 | #ifdef CRYPTO_MDEBUG |
| 274 | if(it->sname) CRYPTO_pop_info(); | 305 | if (it->sname) |
| 306 | CRYPTO_pop_info(); | ||
| 275 | #endif | 307 | #endif |
| 276 | return ret; | 308 | return ret; |
| 277 | } | 309 | } |
| 278 | 310 | ||
| 279 | static void asn1_template_clear(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt) | 311 | static void asn1_template_clear(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt) |
| 280 | { | 312 | { |
| 281 | /* If ADB or STACK just NULL the field */ | 313 | /* If ADB or STACK just NULL the field */ |
| 282 | if(tt->flags & (ASN1_TFLG_ADB_MASK|ASN1_TFLG_SK_MASK)) | 314 | if (tt->flags & (ASN1_TFLG_ADB_MASK|ASN1_TFLG_SK_MASK)) |
| 283 | *pval = NULL; | 315 | *pval = NULL; |
| 284 | else | 316 | else |
| 285 | asn1_item_clear(pval, ASN1_ITEM_ptr(tt->item)); | 317 | asn1_item_clear(pval, ASN1_ITEM_ptr(tt->item)); |
| 286 | } | 318 | } |
| 287 | 319 | ||
| 288 | 320 | ||
| 289 | /* NB: could probably combine most of the real XXX_new() behaviour and junk all the old | 321 | /* NB: could probably combine most of the real XXX_new() behaviour and junk |
| 290 | * functions. | 322 | * all the old functions. |
| 291 | */ | 323 | */ |
| 292 | 324 | ||
| 293 | int ASN1_primitive_new(ASN1_VALUE **pval, const ASN1_ITEM *it) | 325 | int ASN1_primitive_new(ASN1_VALUE **pval, const ASN1_ITEM *it) |
| 294 | { | 326 | { |
| 295 | ASN1_TYPE *typ; | 327 | ASN1_TYPE *typ; |
| 296 | int utype; | 328 | int utype; |
| 297 | const ASN1_PRIMITIVE_FUNCS *pf; | 329 | |
| 298 | pf = it->funcs; | 330 | if (it && it->funcs) |
| 299 | if(pf && pf->prim_new) return pf->prim_new(pval, it); | 331 | { |
| 300 | if(!it || (it->itype == ASN1_ITYPE_MSTRING)) utype = -1; | 332 | const ASN1_PRIMITIVE_FUNCS *pf = it->funcs; |
| 301 | else utype = it->utype; | 333 | if (pf->prim_new) |
| 302 | switch(utype) { | 334 | return pf->prim_new(pval, it); |
| 335 | } | ||
| 336 | |||
| 337 | if (!it || (it->itype == ASN1_ITYPE_MSTRING)) | ||
| 338 | utype = -1; | ||
| 339 | else | ||
| 340 | utype = it->utype; | ||
| 341 | switch(utype) | ||
| 342 | { | ||
| 303 | case V_ASN1_OBJECT: | 343 | case V_ASN1_OBJECT: |
| 304 | *pval = (ASN1_VALUE *)OBJ_nid2obj(NID_undef); | 344 | *pval = (ASN1_VALUE *)OBJ_nid2obj(NID_undef); |
| 305 | return 1; | 345 | return 1; |
| @@ -317,7 +357,8 @@ int ASN1_primitive_new(ASN1_VALUE **pval, const ASN1_ITEM *it) | |||
| 317 | 357 | ||
| 318 | case V_ASN1_ANY: | 358 | case V_ASN1_ANY: |
| 319 | typ = OPENSSL_malloc(sizeof(ASN1_TYPE)); | 359 | typ = OPENSSL_malloc(sizeof(ASN1_TYPE)); |
| 320 | if(!typ) return 0; | 360 | if (!typ) |
| 361 | return 0; | ||
| 321 | typ->value.ptr = NULL; | 362 | typ->value.ptr = NULL; |
| 322 | typ->type = -1; | 363 | typ->type = -1; |
| 323 | *pval = (ASN1_VALUE *)typ; | 364 | *pval = (ASN1_VALUE *)typ; |
| @@ -326,26 +367,29 @@ int ASN1_primitive_new(ASN1_VALUE **pval, const ASN1_ITEM *it) | |||
| 326 | default: | 367 | default: |
| 327 | *pval = (ASN1_VALUE *)ASN1_STRING_type_new(utype); | 368 | *pval = (ASN1_VALUE *)ASN1_STRING_type_new(utype); |
| 328 | break; | 369 | break; |
| 329 | } | 370 | } |
| 330 | if(*pval) return 1; | 371 | if (*pval) |
| 372 | return 1; | ||
| 331 | return 0; | 373 | return 0; |
| 332 | } | 374 | } |
| 333 | 375 | ||
| 334 | void asn1_primitive_clear(ASN1_VALUE **pval, const ASN1_ITEM *it) | 376 | void asn1_primitive_clear(ASN1_VALUE **pval, const ASN1_ITEM *it) |
| 335 | { | 377 | { |
| 336 | int utype; | 378 | int utype; |
| 337 | const ASN1_PRIMITIVE_FUNCS *pf; | 379 | if (it && it->funcs) |
| 338 | pf = it->funcs; | 380 | { |
| 339 | if(pf) { | 381 | const ASN1_PRIMITIVE_FUNCS *pf = it->funcs; |
| 340 | if(pf->prim_clear) | 382 | if (pf->prim_clear) |
| 341 | pf->prim_clear(pval, it); | 383 | pf->prim_clear(pval, it); |
| 342 | else | 384 | else |
| 343 | *pval = NULL; | 385 | *pval = NULL; |
| 344 | return; | 386 | return; |
| 345 | } | 387 | } |
| 346 | if(!it || (it->itype == ASN1_ITYPE_MSTRING)) utype = -1; | 388 | if (!it || (it->itype == ASN1_ITYPE_MSTRING)) |
| 347 | else utype = it->utype; | 389 | utype = -1; |
| 348 | if(utype == V_ASN1_BOOLEAN) | 390 | else |
| 391 | utype = it->utype; | ||
| 392 | if (utype == V_ASN1_BOOLEAN) | ||
| 349 | *(ASN1_BOOLEAN *)pval = it->size; | 393 | *(ASN1_BOOLEAN *)pval = it->size; |
| 350 | else *pval = NULL; | 394 | else *pval = NULL; |
| 351 | } | 395 | } |
diff --git a/src/lib/libssl/src/crypto/asn1/tasn_typ.c b/src/lib/libssl/src/crypto/asn1/tasn_typ.c index 804d2eeba2..6f17f1bec7 100644 --- a/src/lib/libssl/src/crypto/asn1/tasn_typ.c +++ b/src/lib/libssl/src/crypto/asn1/tasn_typ.c | |||
| @@ -131,3 +131,7 @@ IMPLEMENT_ASN1_FUNCTIONS_name(ASN1_STRING, DIRECTORYSTRING) | |||
| 131 | IMPLEMENT_ASN1_TYPE_ex(ASN1_BOOLEAN, ASN1_BOOLEAN, -1) | 131 | IMPLEMENT_ASN1_TYPE_ex(ASN1_BOOLEAN, ASN1_BOOLEAN, -1) |
| 132 | IMPLEMENT_ASN1_TYPE_ex(ASN1_TBOOLEAN, ASN1_BOOLEAN, 1) | 132 | IMPLEMENT_ASN1_TYPE_ex(ASN1_TBOOLEAN, ASN1_BOOLEAN, 1) |
| 133 | IMPLEMENT_ASN1_TYPE_ex(ASN1_FBOOLEAN, ASN1_BOOLEAN, 0) | 133 | IMPLEMENT_ASN1_TYPE_ex(ASN1_FBOOLEAN, ASN1_BOOLEAN, 0) |
| 134 | |||
| 135 | /* Special, OCTET STRING with indefinite length constructed support */ | ||
| 136 | |||
| 137 | IMPLEMENT_ASN1_TYPE_ex(ASN1_OCTET_STRING_NDEF, ASN1_OCTET_STRING, ASN1_TFLG_NDEF) | ||
diff --git a/src/lib/libssl/src/crypto/asn1/tasn_utl.c b/src/lib/libssl/src/crypto/asn1/tasn_utl.c index 8996ce8c13..34d520b180 100644 --- a/src/lib/libssl/src/crypto/asn1/tasn_utl.c +++ b/src/lib/libssl/src/crypto/asn1/tasn_utl.c | |||
| @@ -3,7 +3,7 @@ | |||
| 3 | * project 2000. | 3 | * project 2000. |
| 4 | */ | 4 | */ |
| 5 | /* ==================================================================== | 5 | /* ==================================================================== |
| 6 | * Copyright (c) 2000 The OpenSSL Project. All rights reserved. | 6 | * Copyright (c) 2000-2004 The OpenSSL Project. All rights reserved. |
| 7 | * | 7 | * |
| 8 | * Redistribution and use in source and binary forms, with or without | 8 | * Redistribution and use in source and binary forms, with or without |
| 9 | * modification, are permitted provided that the following conditions | 9 | * modification, are permitted provided that the following conditions |
| @@ -74,23 +74,23 @@ | |||
| 74 | */ | 74 | */ |
| 75 | 75 | ||
| 76 | int asn1_get_choice_selector(ASN1_VALUE **pval, const ASN1_ITEM *it) | 76 | int asn1_get_choice_selector(ASN1_VALUE **pval, const ASN1_ITEM *it) |
| 77 | { | 77 | { |
| 78 | int *sel = offset2ptr(*pval, it->utype); | 78 | int *sel = offset2ptr(*pval, it->utype); |
| 79 | return *sel; | 79 | return *sel; |
| 80 | } | 80 | } |
| 81 | 81 | ||
| 82 | /* Given an ASN1_ITEM CHOICE type set | 82 | /* Given an ASN1_ITEM CHOICE type set |
| 83 | * the selector value, return old value. | 83 | * the selector value, return old value. |
| 84 | */ | 84 | */ |
| 85 | 85 | ||
| 86 | int asn1_set_choice_selector(ASN1_VALUE **pval, int value, const ASN1_ITEM *it) | 86 | int asn1_set_choice_selector(ASN1_VALUE **pval, int value, const ASN1_ITEM *it) |
| 87 | { | 87 | { |
| 88 | int *sel, ret; | 88 | int *sel, ret; |
| 89 | sel = offset2ptr(*pval, it->utype); | 89 | sel = offset2ptr(*pval, it->utype); |
| 90 | ret = *sel; | 90 | ret = *sel; |
| 91 | *sel = value; | 91 | *sel = value; |
| 92 | return ret; | 92 | return ret; |
| 93 | } | 93 | } |
| 94 | 94 | ||
| 95 | /* Do reference counting. The value 'op' decides what to do. | 95 | /* Do reference counting. The value 'op' decides what to do. |
| 96 | * if it is +1 then the count is incremented. If op is 0 count is | 96 | * if it is +1 then the count is incremented. If op is 0 count is |
| @@ -99,114 +99,134 @@ int asn1_set_choice_selector(ASN1_VALUE **pval, int value, const ASN1_ITEM *it) | |||
| 99 | */ | 99 | */ |
| 100 | 100 | ||
| 101 | int asn1_do_lock(ASN1_VALUE **pval, int op, const ASN1_ITEM *it) | 101 | int asn1_do_lock(ASN1_VALUE **pval, int op, const ASN1_ITEM *it) |
| 102 | { | 102 | { |
| 103 | const ASN1_AUX *aux; | 103 | const ASN1_AUX *aux; |
| 104 | int *lck, ret; | 104 | int *lck, ret; |
| 105 | if(it->itype != ASN1_ITYPE_SEQUENCE) return 0; | 105 | if ((it->itype != ASN1_ITYPE_SEQUENCE) |
| 106 | && (it->itype != ASN1_ITYPE_NDEF_SEQUENCE)) | ||
| 107 | return 0; | ||
| 106 | aux = it->funcs; | 108 | aux = it->funcs; |
| 107 | if(!aux || !(aux->flags & ASN1_AFLG_REFCOUNT)) return 0; | 109 | if (!aux || !(aux->flags & ASN1_AFLG_REFCOUNT)) |
| 110 | return 0; | ||
| 108 | lck = offset2ptr(*pval, aux->ref_offset); | 111 | lck = offset2ptr(*pval, aux->ref_offset); |
| 109 | if(op == 0) { | 112 | if (op == 0) |
| 113 | { | ||
| 110 | *lck = 1; | 114 | *lck = 1; |
| 111 | return 1; | 115 | return 1; |
| 112 | } | 116 | } |
| 113 | ret = CRYPTO_add(lck, op, aux->ref_lock); | 117 | ret = CRYPTO_add(lck, op, aux->ref_lock); |
| 114 | #ifdef REF_PRINT | 118 | #ifdef REF_PRINT |
| 115 | fprintf(stderr, "%s: Reference Count: %d\n", it->sname, *lck); | 119 | fprintf(stderr, "%s: Reference Count: %d\n", it->sname, *lck); |
| 116 | #endif | 120 | #endif |
| 117 | #ifdef REF_CHECK | 121 | #ifdef REF_CHECK |
| 118 | if(ret < 0) | 122 | if (ret < 0) |
| 119 | fprintf(stderr, "%s, bad reference count\n", it->sname); | 123 | fprintf(stderr, "%s, bad reference count\n", it->sname); |
| 120 | #endif | 124 | #endif |
| 121 | return ret; | 125 | return ret; |
| 122 | } | 126 | } |
| 123 | 127 | ||
| 124 | static ASN1_ENCODING *asn1_get_enc_ptr(ASN1_VALUE **pval, const ASN1_ITEM *it) | 128 | static ASN1_ENCODING *asn1_get_enc_ptr(ASN1_VALUE **pval, const ASN1_ITEM *it) |
| 125 | { | 129 | { |
| 126 | const ASN1_AUX *aux; | 130 | const ASN1_AUX *aux; |
| 127 | if(!pval || !*pval) return NULL; | 131 | if (!pval || !*pval) |
| 132 | return NULL; | ||
| 128 | aux = it->funcs; | 133 | aux = it->funcs; |
| 129 | if(!aux || !(aux->flags & ASN1_AFLG_ENCODING)) return NULL; | 134 | if (!aux || !(aux->flags & ASN1_AFLG_ENCODING)) |
| 135 | return NULL; | ||
| 130 | return offset2ptr(*pval, aux->enc_offset); | 136 | return offset2ptr(*pval, aux->enc_offset); |
| 131 | } | 137 | } |
| 132 | 138 | ||
| 133 | void asn1_enc_init(ASN1_VALUE **pval, const ASN1_ITEM *it) | 139 | void asn1_enc_init(ASN1_VALUE **pval, const ASN1_ITEM *it) |
| 134 | { | 140 | { |
| 135 | ASN1_ENCODING *enc; | 141 | ASN1_ENCODING *enc; |
| 136 | enc = asn1_get_enc_ptr(pval, it); | 142 | enc = asn1_get_enc_ptr(pval, it); |
| 137 | if(enc) { | 143 | if (enc) |
| 144 | { | ||
| 138 | enc->enc = NULL; | 145 | enc->enc = NULL; |
| 139 | enc->len = 0; | 146 | enc->len = 0; |
| 140 | enc->modified = 1; | 147 | enc->modified = 1; |
| 148 | } | ||
| 141 | } | 149 | } |
| 142 | } | ||
| 143 | 150 | ||
| 144 | void asn1_enc_free(ASN1_VALUE **pval, const ASN1_ITEM *it) | 151 | void asn1_enc_free(ASN1_VALUE **pval, const ASN1_ITEM *it) |
| 145 | { | 152 | { |
| 146 | ASN1_ENCODING *enc; | 153 | ASN1_ENCODING *enc; |
| 147 | enc = asn1_get_enc_ptr(pval, it); | 154 | enc = asn1_get_enc_ptr(pval, it); |
| 148 | if(enc) { | 155 | if (enc) |
| 149 | if(enc->enc) OPENSSL_free(enc->enc); | 156 | { |
| 157 | if (enc->enc) | ||
| 158 | OPENSSL_free(enc->enc); | ||
| 150 | enc->enc = NULL; | 159 | enc->enc = NULL; |
| 151 | enc->len = 0; | 160 | enc->len = 0; |
| 152 | enc->modified = 1; | 161 | enc->modified = 1; |
| 162 | } | ||
| 153 | } | 163 | } |
| 154 | } | ||
| 155 | 164 | ||
| 156 | int asn1_enc_save(ASN1_VALUE **pval, unsigned char *in, int inlen, const ASN1_ITEM *it) | 165 | int asn1_enc_save(ASN1_VALUE **pval, const unsigned char *in, int inlen, |
| 157 | { | 166 | const ASN1_ITEM *it) |
| 167 | { | ||
| 158 | ASN1_ENCODING *enc; | 168 | ASN1_ENCODING *enc; |
| 159 | enc = asn1_get_enc_ptr(pval, it); | 169 | enc = asn1_get_enc_ptr(pval, it); |
| 160 | if(!enc) return 1; | 170 | if (!enc) |
| 171 | return 1; | ||
| 161 | 172 | ||
| 162 | if(enc->enc) OPENSSL_free(enc->enc); | 173 | if (enc->enc) |
| 174 | OPENSSL_free(enc->enc); | ||
| 163 | enc->enc = OPENSSL_malloc(inlen); | 175 | enc->enc = OPENSSL_malloc(inlen); |
| 164 | if(!enc->enc) return 0; | 176 | if (!enc->enc) |
| 177 | return 0; | ||
| 165 | memcpy(enc->enc, in, inlen); | 178 | memcpy(enc->enc, in, inlen); |
| 166 | enc->len = inlen; | 179 | enc->len = inlen; |
| 167 | enc->modified = 0; | 180 | enc->modified = 0; |
| 168 | 181 | ||
| 169 | return 1; | 182 | return 1; |
| 170 | } | 183 | } |
| 171 | 184 | ||
| 172 | int asn1_enc_restore(int *len, unsigned char **out, ASN1_VALUE **pval, const ASN1_ITEM *it) | 185 | int asn1_enc_restore(int *len, unsigned char **out, ASN1_VALUE **pval, |
| 173 | { | 186 | const ASN1_ITEM *it) |
| 187 | { | ||
| 174 | ASN1_ENCODING *enc; | 188 | ASN1_ENCODING *enc; |
| 175 | enc = asn1_get_enc_ptr(pval, it); | 189 | enc = asn1_get_enc_ptr(pval, it); |
| 176 | if(!enc || enc->modified) return 0; | 190 | if (!enc || enc->modified) |
| 177 | if(out) { | 191 | return 0; |
| 192 | if (out) | ||
| 193 | { | ||
| 178 | memcpy(*out, enc->enc, enc->len); | 194 | memcpy(*out, enc->enc, enc->len); |
| 179 | *out += enc->len; | 195 | *out += enc->len; |
| 180 | } | 196 | } |
| 181 | if(len) *len = enc->len; | 197 | if (len) |
| 198 | *len = enc->len; | ||
| 182 | return 1; | 199 | return 1; |
| 183 | } | 200 | } |
| 184 | 201 | ||
| 185 | /* Given an ASN1_TEMPLATE get a pointer to a field */ | 202 | /* Given an ASN1_TEMPLATE get a pointer to a field */ |
| 186 | ASN1_VALUE ** asn1_get_field_ptr(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt) | 203 | ASN1_VALUE ** asn1_get_field_ptr(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt) |
| 187 | { | 204 | { |
| 188 | ASN1_VALUE **pvaltmp; | 205 | ASN1_VALUE **pvaltmp; |
| 189 | if(tt->flags & ASN1_TFLG_COMBINE) return pval; | 206 | if (tt->flags & ASN1_TFLG_COMBINE) |
| 207 | return pval; | ||
| 190 | pvaltmp = offset2ptr(*pval, tt->offset); | 208 | pvaltmp = offset2ptr(*pval, tt->offset); |
| 191 | /* NOTE for BOOLEAN types the field is just a plain | 209 | /* NOTE for BOOLEAN types the field is just a plain |
| 192 | * int so we can't return int **, so settle for | 210 | * int so we can't return int **, so settle for |
| 193 | * (int *). | 211 | * (int *). |
| 194 | */ | 212 | */ |
| 195 | return pvaltmp; | 213 | return pvaltmp; |
| 196 | } | 214 | } |
| 197 | 215 | ||
| 198 | /* Handle ANY DEFINED BY template, find the selector, look up | 216 | /* Handle ANY DEFINED BY template, find the selector, look up |
| 199 | * the relevant ASN1_TEMPLATE in the table and return it. | 217 | * the relevant ASN1_TEMPLATE in the table and return it. |
| 200 | */ | 218 | */ |
| 201 | 219 | ||
| 202 | const ASN1_TEMPLATE *asn1_do_adb(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt, int nullerr) | 220 | const ASN1_TEMPLATE *asn1_do_adb(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt, |
| 203 | { | 221 | int nullerr) |
| 222 | { | ||
| 204 | const ASN1_ADB *adb; | 223 | const ASN1_ADB *adb; |
| 205 | const ASN1_ADB_TABLE *atbl; | 224 | const ASN1_ADB_TABLE *atbl; |
| 206 | long selector; | 225 | long selector; |
| 207 | ASN1_VALUE **sfld; | 226 | ASN1_VALUE **sfld; |
| 208 | int i; | 227 | int i; |
| 209 | if(!(tt->flags & ASN1_TFLG_ADB_MASK)) return tt; | 228 | if (!(tt->flags & ASN1_TFLG_ADB_MASK)) |
| 229 | return tt; | ||
| 210 | 230 | ||
| 211 | /* Else ANY DEFINED BY ... get the table */ | 231 | /* Else ANY DEFINED BY ... get the table */ |
| 212 | adb = ASN1_ADB_ptr(tt->item); | 232 | adb = ASN1_ADB_ptr(tt->item); |
| @@ -215,16 +235,18 @@ const ASN1_TEMPLATE *asn1_do_adb(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt, int | |||
| 215 | sfld = offset2ptr(*pval, adb->offset); | 235 | sfld = offset2ptr(*pval, adb->offset); |
| 216 | 236 | ||
| 217 | /* Check if NULL */ | 237 | /* Check if NULL */ |
| 218 | if(!sfld) { | 238 | if (!sfld) |
| 219 | if(!adb->null_tt) goto err; | 239 | { |
| 240 | if (!adb->null_tt) | ||
| 241 | goto err; | ||
| 220 | return adb->null_tt; | 242 | return adb->null_tt; |
| 221 | } | 243 | } |
| 222 | 244 | ||
| 223 | /* Convert type to a long: | 245 | /* Convert type to a long: |
| 224 | * NB: don't check for NID_undef here because it | 246 | * NB: don't check for NID_undef here because it |
| 225 | * might be a legitimate value in the table | 247 | * might be a legitimate value in the table |
| 226 | */ | 248 | */ |
| 227 | if(tt->flags & ASN1_TFLG_ADB_OID) | 249 | if (tt->flags & ASN1_TFLG_ADB_OID) |
| 228 | selector = OBJ_obj2nid((ASN1_OBJECT *)*sfld); | 250 | selector = OBJ_obj2nid((ASN1_OBJECT *)*sfld); |
| 229 | else | 251 | else |
| 230 | selector = ASN1_INTEGER_get((ASN1_INTEGER *)*sfld); | 252 | selector = ASN1_INTEGER_get((ASN1_INTEGER *)*sfld); |
| @@ -237,17 +259,21 @@ const ASN1_TEMPLATE *asn1_do_adb(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt, int | |||
| 237 | * linear search. | 259 | * linear search. |
| 238 | */ | 260 | */ |
| 239 | 261 | ||
| 240 | for(atbl = adb->tbl, i = 0; i < adb->tblcount; i++, atbl++) | 262 | for (atbl = adb->tbl, i = 0; i < adb->tblcount; i++, atbl++) |
| 241 | if(atbl->value == selector) return &atbl->tt; | 263 | if (atbl->value == selector) |
| 264 | return &atbl->tt; | ||
| 242 | 265 | ||
| 243 | /* FIXME: need to search application table too */ | 266 | /* FIXME: need to search application table too */ |
| 244 | 267 | ||
| 245 | /* No match, return default type */ | 268 | /* No match, return default type */ |
| 246 | if(!adb->default_tt) goto err; | 269 | if (!adb->default_tt) |
| 270 | goto err; | ||
| 247 | return adb->default_tt; | 271 | return adb->default_tt; |
| 248 | 272 | ||
| 249 | err: | 273 | err: |
| 250 | /* FIXME: should log the value or OID of unsupported type */ | 274 | /* FIXME: should log the value or OID of unsupported type */ |
| 251 | if(nullerr) ASN1err(ASN1_F_ASN1_DO_ADB, ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE); | 275 | if (nullerr) |
| 276 | ASN1err(ASN1_F_ASN1_DO_ADB, | ||
| 277 | ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE); | ||
| 252 | return NULL; | 278 | return NULL; |
| 253 | } | 279 | } |
diff --git a/src/lib/libssl/src/crypto/asn1/x_algor.c b/src/lib/libssl/src/crypto/asn1/x_algor.c index 00b9ea54a1..33533aba86 100644 --- a/src/lib/libssl/src/crypto/asn1/x_algor.c +++ b/src/lib/libssl/src/crypto/asn1/x_algor.c | |||
| @@ -66,8 +66,65 @@ ASN1_SEQUENCE(X509_ALGOR) = { | |||
| 66 | ASN1_OPT(X509_ALGOR, parameter, ASN1_ANY) | 66 | ASN1_OPT(X509_ALGOR, parameter, ASN1_ANY) |
| 67 | } ASN1_SEQUENCE_END(X509_ALGOR) | 67 | } ASN1_SEQUENCE_END(X509_ALGOR) |
| 68 | 68 | ||
| 69 | ASN1_ITEM_TEMPLATE(X509_ALGORS) = | ||
| 70 | ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, algorithms, X509_ALGOR) | ||
| 71 | ASN1_ITEM_TEMPLATE_END(X509_ALGORS) | ||
| 72 | |||
| 69 | IMPLEMENT_ASN1_FUNCTIONS(X509_ALGOR) | 73 | IMPLEMENT_ASN1_FUNCTIONS(X509_ALGOR) |
| 74 | IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(X509_ALGORS, X509_ALGORS, X509_ALGORS) | ||
| 70 | IMPLEMENT_ASN1_DUP_FUNCTION(X509_ALGOR) | 75 | IMPLEMENT_ASN1_DUP_FUNCTION(X509_ALGOR) |
| 71 | 76 | ||
| 72 | IMPLEMENT_STACK_OF(X509_ALGOR) | 77 | IMPLEMENT_STACK_OF(X509_ALGOR) |
| 73 | IMPLEMENT_ASN1_SET_OF(X509_ALGOR) | 78 | IMPLEMENT_ASN1_SET_OF(X509_ALGOR) |
| 79 | |||
| 80 | int X509_ALGOR_set0(X509_ALGOR *alg, ASN1_OBJECT *aobj, int ptype, void *pval) | ||
| 81 | { | ||
| 82 | if (!alg) | ||
| 83 | return 0; | ||
| 84 | if (ptype != V_ASN1_UNDEF) | ||
| 85 | { | ||
| 86 | if (alg->parameter == NULL) | ||
| 87 | alg->parameter = ASN1_TYPE_new(); | ||
| 88 | if (alg->parameter == NULL) | ||
| 89 | return 0; | ||
| 90 | } | ||
| 91 | if (alg) | ||
| 92 | { | ||
| 93 | if (alg->algorithm) | ||
| 94 | ASN1_OBJECT_free(alg->algorithm); | ||
| 95 | alg->algorithm = aobj; | ||
| 96 | } | ||
| 97 | if (ptype == 0) | ||
| 98 | return 1; | ||
| 99 | if (ptype == V_ASN1_UNDEF) | ||
| 100 | { | ||
| 101 | if (alg->parameter) | ||
| 102 | { | ||
| 103 | ASN1_TYPE_free(alg->parameter); | ||
| 104 | alg->parameter = NULL; | ||
| 105 | } | ||
| 106 | } | ||
| 107 | else | ||
| 108 | ASN1_TYPE_set(alg->parameter, ptype, pval); | ||
| 109 | return 1; | ||
| 110 | } | ||
| 111 | |||
| 112 | void X509_ALGOR_get0(ASN1_OBJECT **paobj, int *pptype, void **ppval, | ||
| 113 | X509_ALGOR *algor) | ||
| 114 | { | ||
| 115 | if (paobj) | ||
| 116 | *paobj = algor->algorithm; | ||
| 117 | if (pptype) | ||
| 118 | { | ||
| 119 | if (algor->parameter == NULL) | ||
| 120 | { | ||
| 121 | *pptype = V_ASN1_UNDEF; | ||
| 122 | return; | ||
| 123 | } | ||
| 124 | else | ||
| 125 | *pptype = algor->parameter->type; | ||
| 126 | if (ppval) | ||
| 127 | *ppval = algor->parameter->value.ptr; | ||
| 128 | } | ||
| 129 | } | ||
| 130 | |||
diff --git a/src/lib/libssl/src/crypto/asn1/x_bignum.c b/src/lib/libssl/src/crypto/asn1/x_bignum.c index 848c7a0877..869c05d931 100644 --- a/src/lib/libssl/src/crypto/asn1/x_bignum.c +++ b/src/lib/libssl/src/crypto/asn1/x_bignum.c | |||
| @@ -59,6 +59,7 @@ | |||
| 59 | #include <stdio.h> | 59 | #include <stdio.h> |
| 60 | #include "cryptlib.h" | 60 | #include "cryptlib.h" |
| 61 | #include <openssl/asn1t.h> | 61 | #include <openssl/asn1t.h> |
| 62 | #include <openssl/bn.h> | ||
| 62 | 63 | ||
| 63 | /* Custom primitive type for BIGNUM handling. This reads in an ASN1_INTEGER as a | 64 | /* Custom primitive type for BIGNUM handling. This reads in an ASN1_INTEGER as a |
| 64 | * BIGNUM directly. Currently it ignores the sign which isn't a problem since all | 65 | * BIGNUM directly. Currently it ignores the sign which isn't a problem since all |
| @@ -72,7 +73,7 @@ static int bn_new(ASN1_VALUE **pval, const ASN1_ITEM *it); | |||
| 72 | static void bn_free(ASN1_VALUE **pval, const ASN1_ITEM *it); | 73 | static void bn_free(ASN1_VALUE **pval, const ASN1_ITEM *it); |
| 73 | 74 | ||
| 74 | static int bn_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, const ASN1_ITEM *it); | 75 | static int bn_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, const ASN1_ITEM *it); |
| 75 | static int bn_c2i(ASN1_VALUE **pval, unsigned char *cont, int len, int utype, char *free_cont, const ASN1_ITEM *it); | 76 | static int bn_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, int utype, char *free_cont, const ASN1_ITEM *it); |
| 76 | 77 | ||
| 77 | static ASN1_PRIMITIVE_FUNCS bignum_pf = { | 78 | static ASN1_PRIMITIVE_FUNCS bignum_pf = { |
| 78 | NULL, 0, | 79 | NULL, 0, |
| @@ -122,7 +123,8 @@ static int bn_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, const ASN | |||
| 122 | return pad + BN_num_bytes(bn); | 123 | return pad + BN_num_bytes(bn); |
| 123 | } | 124 | } |
| 124 | 125 | ||
| 125 | static int bn_c2i(ASN1_VALUE **pval, unsigned char *cont, int len, int utype, char *free_cont, const ASN1_ITEM *it) | 126 | static int bn_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, |
| 127 | int utype, char *free_cont, const ASN1_ITEM *it) | ||
| 126 | { | 128 | { |
| 127 | BIGNUM *bn; | 129 | BIGNUM *bn; |
| 128 | if(!*pval) bn_new(pval, it); | 130 | if(!*pval) bn_new(pval, it); |
diff --git a/src/lib/libssl/src/crypto/asn1/x_crl.c b/src/lib/libssl/src/crypto/asn1/x_crl.c index b99f8fc522..70d56a67f2 100644 --- a/src/lib/libssl/src/crypto/asn1/x_crl.c +++ b/src/lib/libssl/src/crypto/asn1/x_crl.c | |||
| @@ -84,7 +84,7 @@ static int crl_inf_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it) | |||
| 84 | * would affect the output of X509_CRL_print(). | 84 | * would affect the output of X509_CRL_print(). |
| 85 | */ | 85 | */ |
| 86 | case ASN1_OP_D2I_POST: | 86 | case ASN1_OP_D2I_POST: |
| 87 | sk_X509_REVOKED_set_cmp_func(a->revoked,X509_REVOKED_cmp); | 87 | (void)sk_X509_REVOKED_set_cmp_func(a->revoked,X509_REVOKED_cmp); |
| 88 | break; | 88 | break; |
| 89 | } | 89 | } |
| 90 | return 1; | 90 | return 1; |
diff --git a/src/lib/libssl/src/crypto/asn1/x_exten.c b/src/lib/libssl/src/crypto/asn1/x_exten.c index 702421b6c8..1732e66712 100644 --- a/src/lib/libssl/src/crypto/asn1/x_exten.c +++ b/src/lib/libssl/src/crypto/asn1/x_exten.c | |||
| @@ -67,5 +67,10 @@ ASN1_SEQUENCE(X509_EXTENSION) = { | |||
| 67 | ASN1_SIMPLE(X509_EXTENSION, value, ASN1_OCTET_STRING) | 67 | ASN1_SIMPLE(X509_EXTENSION, value, ASN1_OCTET_STRING) |
| 68 | } ASN1_SEQUENCE_END(X509_EXTENSION) | 68 | } ASN1_SEQUENCE_END(X509_EXTENSION) |
| 69 | 69 | ||
| 70 | ASN1_ITEM_TEMPLATE(X509_EXTENSIONS) = | ||
| 71 | ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, Extension, X509_EXTENSION) | ||
| 72 | ASN1_ITEM_TEMPLATE_END(X509_EXTENSIONS) | ||
| 73 | |||
| 70 | IMPLEMENT_ASN1_FUNCTIONS(X509_EXTENSION) | 74 | IMPLEMENT_ASN1_FUNCTIONS(X509_EXTENSION) |
| 75 | IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(X509_EXTENSIONS, X509_EXTENSIONS, X509_EXTENSIONS) | ||
| 71 | IMPLEMENT_ASN1_DUP_FUNCTION(X509_EXTENSION) | 76 | IMPLEMENT_ASN1_DUP_FUNCTION(X509_EXTENSION) |
diff --git a/src/lib/libssl/src/crypto/asn1/x_long.c b/src/lib/libssl/src/crypto/asn1/x_long.c index c5f25956cb..0db233cb95 100644 --- a/src/lib/libssl/src/crypto/asn1/x_long.c +++ b/src/lib/libssl/src/crypto/asn1/x_long.c | |||
| @@ -59,6 +59,7 @@ | |||
| 59 | #include <stdio.h> | 59 | #include <stdio.h> |
| 60 | #include "cryptlib.h" | 60 | #include "cryptlib.h" |
| 61 | #include <openssl/asn1t.h> | 61 | #include <openssl/asn1t.h> |
| 62 | #include <openssl/bn.h> | ||
| 62 | 63 | ||
| 63 | /* Custom primitive type for long handling. This converts between an ASN1_INTEGER | 64 | /* Custom primitive type for long handling. This converts between an ASN1_INTEGER |
| 64 | * and a long directly. | 65 | * and a long directly. |
| @@ -69,7 +70,7 @@ static int long_new(ASN1_VALUE **pval, const ASN1_ITEM *it); | |||
| 69 | static void long_free(ASN1_VALUE **pval, const ASN1_ITEM *it); | 70 | static void long_free(ASN1_VALUE **pval, const ASN1_ITEM *it); |
| 70 | 71 | ||
| 71 | static int long_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, const ASN1_ITEM *it); | 72 | static int long_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, const ASN1_ITEM *it); |
| 72 | static int long_c2i(ASN1_VALUE **pval, unsigned char *cont, int len, int utype, char *free_cont, const ASN1_ITEM *it); | 73 | static int long_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, int utype, char *free_cont, const ASN1_ITEM *it); |
| 73 | 74 | ||
| 74 | static ASN1_PRIMITIVE_FUNCS long_pf = { | 75 | static ASN1_PRIMITIVE_FUNCS long_pf = { |
| 75 | NULL, 0, | 76 | NULL, 0, |
| @@ -136,13 +137,14 @@ static int long_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, const A | |||
| 136 | return clen + pad; | 137 | return clen + pad; |
| 137 | } | 138 | } |
| 138 | 139 | ||
| 139 | static int long_c2i(ASN1_VALUE **pval, unsigned char *cont, int len, int utype, char *free_cont, const ASN1_ITEM *it) | 140 | static int long_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, |
| 141 | int utype, char *free_cont, const ASN1_ITEM *it) | ||
| 140 | { | 142 | { |
| 141 | int neg, i; | 143 | int neg, i; |
| 142 | long ltmp; | 144 | long ltmp; |
| 143 | unsigned long utmp = 0; | 145 | unsigned long utmp = 0; |
| 144 | char *cp = (char *)pval; | 146 | char *cp = (char *)pval; |
| 145 | if(len > sizeof(long)) { | 147 | if(len > (int)sizeof(long)) { |
| 146 | ASN1err(ASN1_F_LONG_C2I, ASN1_R_INTEGER_TOO_LARGE_FOR_LONG); | 148 | ASN1err(ASN1_F_LONG_C2I, ASN1_R_INTEGER_TOO_LARGE_FOR_LONG); |
| 147 | return 0; | 149 | return 0; |
| 148 | } | 150 | } |
diff --git a/src/lib/libssl/src/crypto/asn1/x_name.c b/src/lib/libssl/src/crypto/asn1/x_name.c index 31f3377b64..04380abc3f 100644 --- a/src/lib/libssl/src/crypto/asn1/x_name.c +++ b/src/lib/libssl/src/crypto/asn1/x_name.c | |||
| @@ -61,7 +61,7 @@ | |||
| 61 | #include <openssl/asn1t.h> | 61 | #include <openssl/asn1t.h> |
| 62 | #include <openssl/x509.h> | 62 | #include <openssl/x509.h> |
| 63 | 63 | ||
| 64 | static int x509_name_ex_d2i(ASN1_VALUE **val, unsigned char **in, long len, const ASN1_ITEM *it, | 64 | static int x509_name_ex_d2i(ASN1_VALUE **val, const unsigned char **in, long len, const ASN1_ITEM *it, |
| 65 | int tag, int aclass, char opt, ASN1_TLC *ctx); | 65 | int tag, int aclass, char opt, ASN1_TLC *ctx); |
| 66 | 66 | ||
| 67 | static int x509_name_ex_i2d(ASN1_VALUE **val, unsigned char **out, const ASN1_ITEM *it, int tag, int aclass); | 67 | static int x509_name_ex_i2d(ASN1_VALUE **val, unsigned char **out, const ASN1_ITEM *it, int tag, int aclass); |
| @@ -123,7 +123,7 @@ static int x509_name_ex_new(ASN1_VALUE **val, const ASN1_ITEM *it) | |||
| 123 | return 1; | 123 | return 1; |
| 124 | 124 | ||
| 125 | memerr: | 125 | memerr: |
| 126 | ASN1err(ASN1_F_X509_NAME_NEW, ERR_R_MALLOC_FAILURE); | 126 | ASN1err(ASN1_F_X509_NAME_EX_NEW, ERR_R_MALLOC_FAILURE); |
| 127 | if (ret) | 127 | if (ret) |
| 128 | { | 128 | { |
| 129 | if (ret->entries) | 129 | if (ret->entries) |
| @@ -156,48 +156,48 @@ static void sk_internal_free(void *a) | |||
| 156 | sk_free(a); | 156 | sk_free(a); |
| 157 | } | 157 | } |
| 158 | 158 | ||
| 159 | static int x509_name_ex_d2i(ASN1_VALUE **val, unsigned char **in, long len, const ASN1_ITEM *it, | 159 | static int x509_name_ex_d2i(ASN1_VALUE **val, const unsigned char **in, long len, const ASN1_ITEM *it, |
| 160 | int tag, int aclass, char opt, ASN1_TLC *ctx) | 160 | int tag, int aclass, char opt, ASN1_TLC *ctx) |
| 161 | { | 161 | { |
| 162 | unsigned char *p = *in, *q; | 162 | const unsigned char *p = *in, *q; |
| 163 | STACK *intname = NULL, **intname_pp = &intname; | 163 | union { STACK *s; ASN1_VALUE *a; } intname = {NULL}; |
| 164 | union { X509_NAME *x; ASN1_VALUE *a; } nm = {NULL}; | ||
| 164 | int i, j, ret; | 165 | int i, j, ret; |
| 165 | X509_NAME *nm = NULL, **nm_pp = &nm; | ||
| 166 | STACK_OF(X509_NAME_ENTRY) *entries; | 166 | STACK_OF(X509_NAME_ENTRY) *entries; |
| 167 | X509_NAME_ENTRY *entry; | 167 | X509_NAME_ENTRY *entry; |
| 168 | q = p; | 168 | q = p; |
| 169 | 169 | ||
| 170 | /* Get internal representation of Name */ | 170 | /* Get internal representation of Name */ |
| 171 | ret = ASN1_item_ex_d2i((ASN1_VALUE **)intname_pp, | 171 | ret = ASN1_item_ex_d2i(&intname.a, |
| 172 | &p, len, ASN1_ITEM_rptr(X509_NAME_INTERNAL), | 172 | &p, len, ASN1_ITEM_rptr(X509_NAME_INTERNAL), |
| 173 | tag, aclass, opt, ctx); | 173 | tag, aclass, opt, ctx); |
| 174 | 174 | ||
| 175 | if(ret <= 0) return ret; | 175 | if(ret <= 0) return ret; |
| 176 | 176 | ||
| 177 | if(*val) x509_name_ex_free(val, NULL); | 177 | if(*val) x509_name_ex_free(val, NULL); |
| 178 | if(!x509_name_ex_new((ASN1_VALUE **)nm_pp, NULL)) goto err; | 178 | if(!x509_name_ex_new(&nm.a, NULL)) goto err; |
| 179 | /* We've decoded it: now cache encoding */ | 179 | /* We've decoded it: now cache encoding */ |
| 180 | if(!BUF_MEM_grow(nm->bytes, p - q)) goto err; | 180 | if(!BUF_MEM_grow(nm.x->bytes, p - q)) goto err; |
| 181 | memcpy(nm->bytes->data, q, p - q); | 181 | memcpy(nm.x->bytes->data, q, p - q); |
| 182 | 182 | ||
| 183 | /* Convert internal representation to X509_NAME structure */ | 183 | /* Convert internal representation to X509_NAME structure */ |
| 184 | for(i = 0; i < sk_num(intname); i++) { | 184 | for(i = 0; i < sk_num(intname.s); i++) { |
| 185 | entries = (STACK_OF(X509_NAME_ENTRY) *)sk_value(intname, i); | 185 | entries = (STACK_OF(X509_NAME_ENTRY) *)sk_value(intname.s, i); |
| 186 | for(j = 0; j < sk_X509_NAME_ENTRY_num(entries); j++) { | 186 | for(j = 0; j < sk_X509_NAME_ENTRY_num(entries); j++) { |
| 187 | entry = sk_X509_NAME_ENTRY_value(entries, j); | 187 | entry = sk_X509_NAME_ENTRY_value(entries, j); |
| 188 | entry->set = i; | 188 | entry->set = i; |
| 189 | if(!sk_X509_NAME_ENTRY_push(nm->entries, entry)) | 189 | if(!sk_X509_NAME_ENTRY_push(nm.x->entries, entry)) |
| 190 | goto err; | 190 | goto err; |
| 191 | } | 191 | } |
| 192 | sk_X509_NAME_ENTRY_free(entries); | 192 | sk_X509_NAME_ENTRY_free(entries); |
| 193 | } | 193 | } |
| 194 | sk_free(intname); | 194 | sk_free(intname.s); |
| 195 | nm->modified = 0; | 195 | nm.x->modified = 0; |
| 196 | *val = (ASN1_VALUE *)nm; | 196 | *val = nm.a; |
| 197 | *in = p; | 197 | *in = p; |
| 198 | return ret; | 198 | return ret; |
| 199 | err: | 199 | err: |
| 200 | ASN1err(ASN1_F_D2I_X509_NAME, ERR_R_NESTED_ASN1_ERROR); | 200 | ASN1err(ASN1_F_X509_NAME_EX_D2I, ERR_R_NESTED_ASN1_ERROR); |
| 201 | return 0; | 201 | return 0; |
| 202 | } | 202 | } |
| 203 | 203 | ||
| @@ -219,36 +219,36 @@ static int x509_name_ex_i2d(ASN1_VALUE **val, unsigned char **out, const ASN1_IT | |||
| 219 | 219 | ||
| 220 | static int x509_name_encode(X509_NAME *a) | 220 | static int x509_name_encode(X509_NAME *a) |
| 221 | { | 221 | { |
| 222 | STACK *intname = NULL, **intname_pp = &intname; | 222 | union { STACK *s; ASN1_VALUE *a; } intname = {NULL}; |
| 223 | int len; | 223 | int len; |
| 224 | unsigned char *p; | 224 | unsigned char *p; |
| 225 | STACK_OF(X509_NAME_ENTRY) *entries = NULL; | 225 | STACK_OF(X509_NAME_ENTRY) *entries = NULL; |
| 226 | X509_NAME_ENTRY *entry; | 226 | X509_NAME_ENTRY *entry; |
| 227 | int i, set = -1; | 227 | int i, set = -1; |
| 228 | intname = sk_new_null(); | 228 | intname.s = sk_new_null(); |
| 229 | if(!intname) goto memerr; | 229 | if(!intname.s) goto memerr; |
| 230 | for(i = 0; i < sk_X509_NAME_ENTRY_num(a->entries); i++) { | 230 | for(i = 0; i < sk_X509_NAME_ENTRY_num(a->entries); i++) { |
| 231 | entry = sk_X509_NAME_ENTRY_value(a->entries, i); | 231 | entry = sk_X509_NAME_ENTRY_value(a->entries, i); |
| 232 | if(entry->set != set) { | 232 | if(entry->set != set) { |
| 233 | entries = sk_X509_NAME_ENTRY_new_null(); | 233 | entries = sk_X509_NAME_ENTRY_new_null(); |
| 234 | if(!entries) goto memerr; | 234 | if(!entries) goto memerr; |
| 235 | if(!sk_push(intname, (char *)entries)) goto memerr; | 235 | if(!sk_push(intname.s, (char *)entries)) goto memerr; |
| 236 | set = entry->set; | 236 | set = entry->set; |
| 237 | } | 237 | } |
| 238 | if(!sk_X509_NAME_ENTRY_push(entries, entry)) goto memerr; | 238 | if(!sk_X509_NAME_ENTRY_push(entries, entry)) goto memerr; |
| 239 | } | 239 | } |
| 240 | len = ASN1_item_ex_i2d((ASN1_VALUE **)intname_pp, NULL, | 240 | len = ASN1_item_ex_i2d(&intname.a, NULL, |
| 241 | ASN1_ITEM_rptr(X509_NAME_INTERNAL), -1, -1); | 241 | ASN1_ITEM_rptr(X509_NAME_INTERNAL), -1, -1); |
| 242 | if (!BUF_MEM_grow(a->bytes,len)) goto memerr; | 242 | if (!BUF_MEM_grow(a->bytes,len)) goto memerr; |
| 243 | p=(unsigned char *)a->bytes->data; | 243 | p=(unsigned char *)a->bytes->data; |
| 244 | ASN1_item_ex_i2d((ASN1_VALUE **)intname_pp, | 244 | ASN1_item_ex_i2d(&intname.a, |
| 245 | &p, ASN1_ITEM_rptr(X509_NAME_INTERNAL), -1, -1); | 245 | &p, ASN1_ITEM_rptr(X509_NAME_INTERNAL), -1, -1); |
| 246 | sk_pop_free(intname, sk_internal_free); | 246 | sk_pop_free(intname.s, sk_internal_free); |
| 247 | a->modified = 0; | 247 | a->modified = 0; |
| 248 | return len; | 248 | return len; |
| 249 | memerr: | 249 | memerr: |
| 250 | sk_pop_free(intname, sk_internal_free); | 250 | sk_pop_free(intname.s, sk_internal_free); |
| 251 | ASN1err(ASN1_F_D2I_X509_NAME, ERR_R_MALLOC_FAILURE); | 251 | ASN1err(ASN1_F_X509_NAME_ENCODE, ERR_R_MALLOC_FAILURE); |
| 252 | return -1; | 252 | return -1; |
| 253 | } | 253 | } |
| 254 | 254 | ||
diff --git a/src/lib/libssl/src/crypto/asn1/x_pkey.c b/src/lib/libssl/src/crypto/asn1/x_pkey.c index f1c6221ac3..8453618426 100644 --- a/src/lib/libssl/src/crypto/asn1/x_pkey.c +++ b/src/lib/libssl/src/crypto/asn1/x_pkey.c | |||
| @@ -69,15 +69,15 @@ int i2d_X509_PKEY(X509_PKEY *a, unsigned char **pp) | |||
| 69 | return(0); | 69 | return(0); |
| 70 | } | 70 | } |
| 71 | 71 | ||
| 72 | X509_PKEY *d2i_X509_PKEY(X509_PKEY **a, unsigned char **pp, long length) | 72 | X509_PKEY *d2i_X509_PKEY(X509_PKEY **a, const unsigned char **pp, long length) |
| 73 | { | 73 | { |
| 74 | int i; | 74 | int i; |
| 75 | M_ASN1_D2I_vars(a,X509_PKEY *,X509_PKEY_new); | 75 | M_ASN1_D2I_vars(a,X509_PKEY *,X509_PKEY_new); |
| 76 | 76 | ||
| 77 | M_ASN1_D2I_Init(); | 77 | M_ASN1_D2I_Init(); |
| 78 | M_ASN1_D2I_start_sequence(); | 78 | M_ASN1_D2I_start_sequence(); |
| 79 | M_ASN1_D2I_get(ret->enc_algor,d2i_X509_ALGOR); | 79 | M_ASN1_D2I_get_x(X509_ALGOR,ret->enc_algor,d2i_X509_ALGOR); |
| 80 | M_ASN1_D2I_get(ret->enc_pkey,d2i_ASN1_OCTET_STRING); | 80 | M_ASN1_D2I_get_x(ASN1_OCTET_STRING,ret->enc_pkey,d2i_ASN1_OCTET_STRING); |
| 81 | 81 | ||
| 82 | ret->cipher.cipher=EVP_get_cipherbyname( | 82 | ret->cipher.cipher=EVP_get_cipherbyname( |
| 83 | OBJ_nid2ln(OBJ_obj2nid(ret->enc_algor->algorithm))); | 83 | OBJ_nid2ln(OBJ_obj2nid(ret->enc_algor->algorithm))); |
diff --git a/src/lib/libssl/src/crypto/asn1/x_pubkey.c b/src/lib/libssl/src/crypto/asn1/x_pubkey.c index 7d6d71af88..91c2756116 100644 --- a/src/lib/libssl/src/crypto/asn1/x_pubkey.c +++ b/src/lib/libssl/src/crypto/asn1/x_pubkey.c | |||
| @@ -60,16 +60,23 @@ | |||
| 60 | #include "cryptlib.h" | 60 | #include "cryptlib.h" |
| 61 | #include <openssl/asn1t.h> | 61 | #include <openssl/asn1t.h> |
| 62 | #include <openssl/x509.h> | 62 | #include <openssl/x509.h> |
| 63 | #ifndef OPENSSL_NO_RSA | ||
| 64 | #include <openssl/rsa.h> | ||
| 65 | #endif | ||
| 66 | #ifndef OPENSSL_NO_DSA | ||
| 67 | #include <openssl/dsa.h> | ||
| 68 | #endif | ||
| 63 | 69 | ||
| 64 | /* Minor tweak to operation: free up EVP_PKEY */ | 70 | /* Minor tweak to operation: free up EVP_PKEY */ |
| 65 | static int pubkey_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it) | 71 | static int pubkey_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it) |
| 66 | { | 72 | { |
| 67 | if(operation == ASN1_OP_FREE_POST) { | 73 | if (operation == ASN1_OP_FREE_POST) |
| 74 | { | ||
| 68 | X509_PUBKEY *pubkey = (X509_PUBKEY *)*pval; | 75 | X509_PUBKEY *pubkey = (X509_PUBKEY *)*pval; |
| 69 | EVP_PKEY_free(pubkey->pkey); | 76 | EVP_PKEY_free(pubkey->pkey); |
| 70 | } | 77 | } |
| 71 | return 1; | 78 | return 1; |
| 72 | } | 79 | } |
| 73 | 80 | ||
| 74 | ASN1_SEQUENCE_cb(X509_PUBKEY, pubkey_cb) = { | 81 | ASN1_SEQUENCE_cb(X509_PUBKEY, pubkey_cb) = { |
| 75 | ASN1_SIMPLE(X509_PUBKEY, algor, X509_ALGOR), | 82 | ASN1_SIMPLE(X509_PUBKEY, algor, X509_ALGOR), |
| @@ -111,13 +118,12 @@ int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey) | |||
| 111 | a->parameter->type=V_ASN1_NULL; | 118 | a->parameter->type=V_ASN1_NULL; |
| 112 | } | 119 | } |
| 113 | } | 120 | } |
| 114 | else | ||
| 115 | #ifndef OPENSSL_NO_DSA | 121 | #ifndef OPENSSL_NO_DSA |
| 116 | if (pkey->type == EVP_PKEY_DSA) | 122 | else if (pkey->type == EVP_PKEY_DSA) |
| 117 | { | 123 | { |
| 118 | unsigned char *pp; | 124 | unsigned char *pp; |
| 119 | DSA *dsa; | 125 | DSA *dsa; |
| 120 | 126 | ||
| 121 | dsa=pkey->pkey.dsa; | 127 | dsa=pkey->pkey.dsa; |
| 122 | dsa->write_params=0; | 128 | dsa->write_params=0; |
| 123 | ASN1_TYPE_free(a->parameter); | 129 | ASN1_TYPE_free(a->parameter); |
| @@ -151,8 +157,64 @@ int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey) | |||
| 151 | } | 157 | } |
| 152 | OPENSSL_free(p); | 158 | OPENSSL_free(p); |
| 153 | } | 159 | } |
| 154 | else | ||
| 155 | #endif | 160 | #endif |
| 161 | #ifndef OPENSSL_NO_EC | ||
| 162 | else if (pkey->type == EVP_PKEY_EC) | ||
| 163 | { | ||
| 164 | int nid=0; | ||
| 165 | unsigned char *pp; | ||
| 166 | EC_KEY *ec_key; | ||
| 167 | const EC_GROUP *group; | ||
| 168 | |||
| 169 | ec_key = pkey->pkey.ec; | ||
| 170 | ASN1_TYPE_free(a->parameter); | ||
| 171 | |||
| 172 | if ((a->parameter = ASN1_TYPE_new()) == NULL) | ||
| 173 | { | ||
| 174 | X509err(X509_F_X509_PUBKEY_SET, ERR_R_ASN1_LIB); | ||
| 175 | goto err; | ||
| 176 | } | ||
| 177 | |||
| 178 | group = EC_KEY_get0_group(ec_key); | ||
| 179 | if (EC_GROUP_get_asn1_flag(group) | ||
| 180 | && (nid = EC_GROUP_get_curve_name(group))) | ||
| 181 | { | ||
| 182 | /* just set the OID */ | ||
| 183 | a->parameter->type = V_ASN1_OBJECT; | ||
| 184 | a->parameter->value.object = OBJ_nid2obj(nid); | ||
| 185 | } | ||
| 186 | else /* explicit parameters */ | ||
| 187 | { | ||
| 188 | if ((i = i2d_ECParameters(ec_key, NULL)) == 0) | ||
| 189 | { | ||
| 190 | X509err(X509_F_X509_PUBKEY_SET, ERR_R_EC_LIB); | ||
| 191 | goto err; | ||
| 192 | } | ||
| 193 | if ((p = (unsigned char *) OPENSSL_malloc(i)) == NULL) | ||
| 194 | { | ||
| 195 | X509err(X509_F_X509_PUBKEY_SET, ERR_R_MALLOC_FAILURE); | ||
| 196 | goto err; | ||
| 197 | } | ||
| 198 | pp = p; | ||
| 199 | if (!i2d_ECParameters(ec_key, &pp)) | ||
| 200 | { | ||
| 201 | X509err(X509_F_X509_PUBKEY_SET, ERR_R_EC_LIB); | ||
| 202 | OPENSSL_free(p); | ||
| 203 | goto err; | ||
| 204 | } | ||
| 205 | a->parameter->type = V_ASN1_SEQUENCE; | ||
| 206 | if ((a->parameter->value.sequence = ASN1_STRING_new()) == NULL) | ||
| 207 | { | ||
| 208 | X509err(X509_F_X509_PUBKEY_SET, ERR_R_ASN1_LIB); | ||
| 209 | OPENSSL_free(p); | ||
| 210 | goto err; | ||
| 211 | } | ||
| 212 | ASN1_STRING_set(a->parameter->value.sequence, p, i); | ||
| 213 | OPENSSL_free(p); | ||
| 214 | } | ||
| 215 | } | ||
| 216 | #endif | ||
| 217 | else if (1) | ||
| 156 | { | 218 | { |
| 157 | X509err(X509_F_X509_PUBKEY_SET,X509_R_UNSUPPORTED_ALGORITHM); | 219 | X509err(X509_F_X509_PUBKEY_SET,X509_R_UNSUPPORTED_ALGORITHM); |
| 158 | goto err; | 220 | goto err; |
| @@ -171,7 +233,7 @@ int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey) | |||
| 171 | X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAILURE); | 233 | X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAILURE); |
| 172 | goto err; | 234 | goto err; |
| 173 | } | 235 | } |
| 174 | /* Set number of unused bits to zero */ | 236 | /* Set number of unused bits to zero */ |
| 175 | pk->public_key->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07); | 237 | pk->public_key->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07); |
| 176 | pk->public_key->flags|=ASN1_STRING_FLAG_BITS_LEFT; | 238 | pk->public_key->flags|=ASN1_STRING_FLAG_BITS_LEFT; |
| 177 | 239 | ||
| @@ -198,8 +260,8 @@ EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key) | |||
| 198 | EVP_PKEY *ret=NULL; | 260 | EVP_PKEY *ret=NULL; |
| 199 | long j; | 261 | long j; |
| 200 | int type; | 262 | int type; |
| 201 | unsigned char *p; | 263 | const unsigned char *p; |
| 202 | #ifndef OPENSSL_NO_DSA | 264 | #if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_ECDSA) |
| 203 | const unsigned char *cp; | 265 | const unsigned char *cp; |
| 204 | X509_ALGOR *a; | 266 | X509_ALGOR *a; |
| 205 | #endif | 267 | #endif |
| @@ -207,40 +269,106 @@ EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key) | |||
| 207 | if (key == NULL) goto err; | 269 | if (key == NULL) goto err; |
| 208 | 270 | ||
| 209 | if (key->pkey != NULL) | 271 | if (key->pkey != NULL) |
| 210 | { | 272 | { |
| 211 | CRYPTO_add(&key->pkey->references,1,CRYPTO_LOCK_EVP_PKEY); | 273 | CRYPTO_add(&key->pkey->references, 1, CRYPTO_LOCK_EVP_PKEY); |
| 212 | return(key->pkey); | 274 | return(key->pkey); |
| 213 | } | 275 | } |
| 214 | 276 | ||
| 215 | if (key->public_key == NULL) goto err; | 277 | if (key->public_key == NULL) goto err; |
| 216 | 278 | ||
| 217 | type=OBJ_obj2nid(key->algor->algorithm); | 279 | type=OBJ_obj2nid(key->algor->algorithm); |
| 218 | p=key->public_key->data; | 280 | if ((ret = EVP_PKEY_new()) == NULL) |
| 219 | j=key->public_key->length; | ||
| 220 | if ((ret=d2i_PublicKey(type,NULL,&p,(long)j)) == NULL) | ||
| 221 | { | 281 | { |
| 222 | X509err(X509_F_X509_PUBKEY_GET,X509_R_ERR_ASN1_LIB); | 282 | X509err(X509_F_X509_PUBKEY_GET, ERR_R_MALLOC_FAILURE); |
| 223 | goto err; | 283 | goto err; |
| 224 | } | 284 | } |
| 225 | ret->save_parameters=0; | 285 | ret->type = EVP_PKEY_type(type); |
| 226 | 286 | ||
| 227 | #ifndef OPENSSL_NO_DSA | 287 | /* the parameters must be extracted before the public key (ECDSA!) */ |
| 288 | |||
| 289 | #if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_ECDSA) | ||
| 228 | a=key->algor; | 290 | a=key->algor; |
| 229 | if (ret->type == EVP_PKEY_DSA) | 291 | #endif |
| 292 | |||
| 293 | if (0) | ||
| 294 | ; | ||
| 295 | #ifndef OPENSSL_NO_DSA | ||
| 296 | else if (ret->type == EVP_PKEY_DSA) | ||
| 230 | { | 297 | { |
| 231 | if (a->parameter && (a->parameter->type == V_ASN1_SEQUENCE)) | 298 | if (a->parameter && (a->parameter->type == V_ASN1_SEQUENCE)) |
| 232 | { | 299 | { |
| 300 | if ((ret->pkey.dsa = DSA_new()) == NULL) | ||
| 301 | { | ||
| 302 | X509err(X509_F_X509_PUBKEY_GET, ERR_R_MALLOC_FAILURE); | ||
| 303 | goto err; | ||
| 304 | } | ||
| 233 | ret->pkey.dsa->write_params=0; | 305 | ret->pkey.dsa->write_params=0; |
| 234 | cp=p=a->parameter->value.sequence->data; | 306 | cp=p=a->parameter->value.sequence->data; |
| 235 | j=a->parameter->value.sequence->length; | 307 | j=a->parameter->value.sequence->length; |
| 236 | if (!d2i_DSAparams(&ret->pkey.dsa,&cp,(long)j)) | 308 | if (!d2i_DSAparams(&ret->pkey.dsa, &cp, (long)j)) |
| 237 | goto err; | 309 | goto err; |
| 238 | } | 310 | } |
| 239 | ret->save_parameters=1; | 311 | ret->save_parameters=1; |
| 240 | } | 312 | } |
| 241 | #endif | 313 | #endif |
| 242 | key->pkey=ret; | 314 | #ifndef OPENSSL_NO_EC |
| 243 | CRYPTO_add(&ret->references,1,CRYPTO_LOCK_EVP_PKEY); | 315 | else if (ret->type == EVP_PKEY_EC) |
| 316 | { | ||
| 317 | if (a->parameter && (a->parameter->type == V_ASN1_SEQUENCE)) | ||
| 318 | { | ||
| 319 | /* type == V_ASN1_SEQUENCE => we have explicit parameters | ||
| 320 | * (e.g. parameters in the X9_62_EC_PARAMETERS-structure ) | ||
| 321 | */ | ||
| 322 | if ((ret->pkey.ec= EC_KEY_new()) == NULL) | ||
| 323 | { | ||
| 324 | X509err(X509_F_X509_PUBKEY_GET, | ||
| 325 | ERR_R_MALLOC_FAILURE); | ||
| 326 | goto err; | ||
| 327 | } | ||
| 328 | cp = p = a->parameter->value.sequence->data; | ||
| 329 | j = a->parameter->value.sequence->length; | ||
| 330 | if (!d2i_ECParameters(&ret->pkey.ec, &cp, (long)j)) | ||
| 331 | { | ||
| 332 | X509err(X509_F_X509_PUBKEY_GET, ERR_R_EC_LIB); | ||
| 333 | goto err; | ||
| 334 | } | ||
| 335 | } | ||
| 336 | else if (a->parameter && (a->parameter->type == V_ASN1_OBJECT)) | ||
| 337 | { | ||
| 338 | /* type == V_ASN1_OBJECT => the parameters are given | ||
| 339 | * by an asn1 OID | ||
| 340 | */ | ||
| 341 | EC_KEY *ec_key; | ||
| 342 | EC_GROUP *group; | ||
| 343 | |||
| 344 | if (ret->pkey.ec == NULL) | ||
| 345 | ret->pkey.ec = EC_KEY_new(); | ||
| 346 | ec_key = ret->pkey.ec; | ||
| 347 | if (ec_key == NULL) | ||
| 348 | goto err; | ||
| 349 | group = EC_GROUP_new_by_curve_name(OBJ_obj2nid(a->parameter->value.object)); | ||
| 350 | if (group == NULL) | ||
| 351 | goto err; | ||
| 352 | EC_GROUP_set_asn1_flag(group, OPENSSL_EC_NAMED_CURVE); | ||
| 353 | if (EC_KEY_set_group(ec_key, group) == 0) | ||
| 354 | goto err; | ||
| 355 | EC_GROUP_free(group); | ||
| 356 | } | ||
| 357 | /* the case implicitlyCA is currently not implemented */ | ||
| 358 | ret->save_parameters = 1; | ||
| 359 | } | ||
| 360 | #endif | ||
| 361 | |||
| 362 | p=key->public_key->data; | ||
| 363 | j=key->public_key->length; | ||
| 364 | if (!d2i_PublicKey(type, &ret, &p, (long)j)) | ||
| 365 | { | ||
| 366 | X509err(X509_F_X509_PUBKEY_GET, X509_R_ERR_ASN1_LIB); | ||
| 367 | goto err; | ||
| 368 | } | ||
| 369 | |||
| 370 | key->pkey = ret; | ||
| 371 | CRYPTO_add(&ret->references, 1, CRYPTO_LOCK_EVP_PKEY); | ||
| 244 | return(ret); | 372 | return(ret); |
| 245 | err: | 373 | err: |
| 246 | if (ret != NULL) | 374 | if (ret != NULL) |
| @@ -252,9 +380,9 @@ err: | |||
| 252 | * and encode or decode as X509_PUBKEY | 380 | * and encode or decode as X509_PUBKEY |
| 253 | */ | 381 | */ |
| 254 | 382 | ||
| 255 | EVP_PKEY *d2i_PUBKEY(EVP_PKEY **a, unsigned char **pp, | 383 | EVP_PKEY *d2i_PUBKEY(EVP_PKEY **a, const unsigned char **pp, |
| 256 | long length) | 384 | long length) |
| 257 | { | 385 | { |
| 258 | X509_PUBKEY *xpk; | 386 | X509_PUBKEY *xpk; |
| 259 | EVP_PKEY *pktmp; | 387 | EVP_PKEY *pktmp; |
| 260 | xpk = d2i_X509_PUBKEY(NULL, pp, length); | 388 | xpk = d2i_X509_PUBKEY(NULL, pp, length); |
| @@ -262,15 +390,16 @@ EVP_PKEY *d2i_PUBKEY(EVP_PKEY **a, unsigned char **pp, | |||
| 262 | pktmp = X509_PUBKEY_get(xpk); | 390 | pktmp = X509_PUBKEY_get(xpk); |
| 263 | X509_PUBKEY_free(xpk); | 391 | X509_PUBKEY_free(xpk); |
| 264 | if(!pktmp) return NULL; | 392 | if(!pktmp) return NULL; |
| 265 | if(a) { | 393 | if(a) |
| 394 | { | ||
| 266 | EVP_PKEY_free(*a); | 395 | EVP_PKEY_free(*a); |
| 267 | *a = pktmp; | 396 | *a = pktmp; |
| 268 | } | 397 | } |
| 269 | return pktmp; | 398 | return pktmp; |
| 270 | } | 399 | } |
| 271 | 400 | ||
| 272 | int i2d_PUBKEY(EVP_PKEY *a, unsigned char **pp) | 401 | int i2d_PUBKEY(EVP_PKEY *a, unsigned char **pp) |
| 273 | { | 402 | { |
| 274 | X509_PUBKEY *xpk=NULL; | 403 | X509_PUBKEY *xpk=NULL; |
| 275 | int ret; | 404 | int ret; |
| 276 | if(!a) return 0; | 405 | if(!a) return 0; |
| @@ -278,83 +407,125 @@ int i2d_PUBKEY(EVP_PKEY *a, unsigned char **pp) | |||
| 278 | ret = i2d_X509_PUBKEY(xpk, pp); | 407 | ret = i2d_X509_PUBKEY(xpk, pp); |
| 279 | X509_PUBKEY_free(xpk); | 408 | X509_PUBKEY_free(xpk); |
| 280 | return ret; | 409 | return ret; |
| 281 | } | 410 | } |
| 282 | 411 | ||
| 283 | /* The following are equivalents but which return RSA and DSA | 412 | /* The following are equivalents but which return RSA and DSA |
| 284 | * keys | 413 | * keys |
| 285 | */ | 414 | */ |
| 286 | #ifndef OPENSSL_NO_RSA | 415 | #ifndef OPENSSL_NO_RSA |
| 287 | RSA *d2i_RSA_PUBKEY(RSA **a, unsigned char **pp, | 416 | RSA *d2i_RSA_PUBKEY(RSA **a, const unsigned char **pp, |
| 288 | long length) | 417 | long length) |
| 289 | { | 418 | { |
| 290 | EVP_PKEY *pkey; | 419 | EVP_PKEY *pkey; |
| 291 | RSA *key; | 420 | RSA *key; |
| 292 | unsigned char *q; | 421 | const unsigned char *q; |
| 293 | q = *pp; | 422 | q = *pp; |
| 294 | pkey = d2i_PUBKEY(NULL, &q, length); | 423 | pkey = d2i_PUBKEY(NULL, &q, length); |
| 295 | if(!pkey) return NULL; | 424 | if (!pkey) return NULL; |
| 296 | key = EVP_PKEY_get1_RSA(pkey); | 425 | key = EVP_PKEY_get1_RSA(pkey); |
| 297 | EVP_PKEY_free(pkey); | 426 | EVP_PKEY_free(pkey); |
| 298 | if(!key) return NULL; | 427 | if (!key) return NULL; |
| 299 | *pp = q; | 428 | *pp = q; |
| 300 | if(a) { | 429 | if (a) |
| 430 | { | ||
| 301 | RSA_free(*a); | 431 | RSA_free(*a); |
| 302 | *a = key; | 432 | *a = key; |
| 303 | } | 433 | } |
| 304 | return key; | 434 | return key; |
| 305 | } | 435 | } |
| 306 | 436 | ||
| 307 | int i2d_RSA_PUBKEY(RSA *a, unsigned char **pp) | 437 | int i2d_RSA_PUBKEY(RSA *a, unsigned char **pp) |
| 308 | { | 438 | { |
| 309 | EVP_PKEY *pktmp; | 439 | EVP_PKEY *pktmp; |
| 310 | int ret; | 440 | int ret; |
| 311 | if(!a) return 0; | 441 | if (!a) return 0; |
| 312 | pktmp = EVP_PKEY_new(); | 442 | pktmp = EVP_PKEY_new(); |
| 313 | if(!pktmp) { | 443 | if (!pktmp) |
| 444 | { | ||
| 314 | ASN1err(ASN1_F_I2D_RSA_PUBKEY, ERR_R_MALLOC_FAILURE); | 445 | ASN1err(ASN1_F_I2D_RSA_PUBKEY, ERR_R_MALLOC_FAILURE); |
| 315 | return 0; | 446 | return 0; |
| 316 | } | 447 | } |
| 317 | EVP_PKEY_set1_RSA(pktmp, a); | 448 | EVP_PKEY_set1_RSA(pktmp, a); |
| 318 | ret = i2d_PUBKEY(pktmp, pp); | 449 | ret = i2d_PUBKEY(pktmp, pp); |
| 319 | EVP_PKEY_free(pktmp); | 450 | EVP_PKEY_free(pktmp); |
| 320 | return ret; | 451 | return ret; |
| 321 | } | 452 | } |
| 322 | #endif | 453 | #endif |
| 323 | 454 | ||
| 324 | #ifndef OPENSSL_NO_DSA | 455 | #ifndef OPENSSL_NO_DSA |
| 325 | DSA *d2i_DSA_PUBKEY(DSA **a, unsigned char **pp, | 456 | DSA *d2i_DSA_PUBKEY(DSA **a, const unsigned char **pp, |
| 326 | long length) | 457 | long length) |
| 327 | { | 458 | { |
| 328 | EVP_PKEY *pkey; | 459 | EVP_PKEY *pkey; |
| 329 | DSA *key; | 460 | DSA *key; |
| 330 | unsigned char *q; | 461 | const unsigned char *q; |
| 331 | q = *pp; | 462 | q = *pp; |
| 332 | pkey = d2i_PUBKEY(NULL, &q, length); | 463 | pkey = d2i_PUBKEY(NULL, &q, length); |
| 333 | if(!pkey) return NULL; | 464 | if (!pkey) return NULL; |
| 334 | key = EVP_PKEY_get1_DSA(pkey); | 465 | key = EVP_PKEY_get1_DSA(pkey); |
| 335 | EVP_PKEY_free(pkey); | 466 | EVP_PKEY_free(pkey); |
| 336 | if(!key) return NULL; | 467 | if (!key) return NULL; |
| 337 | *pp = q; | 468 | *pp = q; |
| 338 | if(a) { | 469 | if (a) |
| 470 | { | ||
| 339 | DSA_free(*a); | 471 | DSA_free(*a); |
| 340 | *a = key; | 472 | *a = key; |
| 341 | } | 473 | } |
| 342 | return key; | 474 | return key; |
| 343 | } | 475 | } |
| 344 | 476 | ||
| 345 | int i2d_DSA_PUBKEY(DSA *a, unsigned char **pp) | 477 | int i2d_DSA_PUBKEY(DSA *a, unsigned char **pp) |
| 346 | { | 478 | { |
| 347 | EVP_PKEY *pktmp; | 479 | EVP_PKEY *pktmp; |
| 348 | int ret; | 480 | int ret; |
| 349 | if(!a) return 0; | 481 | if(!a) return 0; |
| 350 | pktmp = EVP_PKEY_new(); | 482 | pktmp = EVP_PKEY_new(); |
| 351 | if(!pktmp) { | 483 | if(!pktmp) |
| 484 | { | ||
| 352 | ASN1err(ASN1_F_I2D_DSA_PUBKEY, ERR_R_MALLOC_FAILURE); | 485 | ASN1err(ASN1_F_I2D_DSA_PUBKEY, ERR_R_MALLOC_FAILURE); |
| 353 | return 0; | 486 | return 0; |
| 354 | } | 487 | } |
| 355 | EVP_PKEY_set1_DSA(pktmp, a); | 488 | EVP_PKEY_set1_DSA(pktmp, a); |
| 356 | ret = i2d_PUBKEY(pktmp, pp); | 489 | ret = i2d_PUBKEY(pktmp, pp); |
| 357 | EVP_PKEY_free(pktmp); | 490 | EVP_PKEY_free(pktmp); |
| 358 | return ret; | 491 | return ret; |
| 359 | } | 492 | } |
| 493 | #endif | ||
| 494 | |||
| 495 | #ifndef OPENSSL_NO_EC | ||
| 496 | EC_KEY *d2i_EC_PUBKEY(EC_KEY **a, const unsigned char **pp, long length) | ||
| 497 | { | ||
| 498 | EVP_PKEY *pkey; | ||
| 499 | EC_KEY *key; | ||
| 500 | const unsigned char *q; | ||
| 501 | q = *pp; | ||
| 502 | pkey = d2i_PUBKEY(NULL, &q, length); | ||
| 503 | if (!pkey) return(NULL); | ||
| 504 | key = EVP_PKEY_get1_EC_KEY(pkey); | ||
| 505 | EVP_PKEY_free(pkey); | ||
| 506 | if (!key) return(NULL); | ||
| 507 | *pp = q; | ||
| 508 | if (a) | ||
| 509 | { | ||
| 510 | EC_KEY_free(*a); | ||
| 511 | *a = key; | ||
| 512 | } | ||
| 513 | return(key); | ||
| 514 | } | ||
| 515 | |||
| 516 | int i2d_EC_PUBKEY(EC_KEY *a, unsigned char **pp) | ||
| 517 | { | ||
| 518 | EVP_PKEY *pktmp; | ||
| 519 | int ret; | ||
| 520 | if (!a) return(0); | ||
| 521 | if ((pktmp = EVP_PKEY_new()) == NULL) | ||
| 522 | { | ||
| 523 | ASN1err(ASN1_F_I2D_EC_PUBKEY, ERR_R_MALLOC_FAILURE); | ||
| 524 | return(0); | ||
| 525 | } | ||
| 526 | EVP_PKEY_set1_EC_KEY(pktmp, a); | ||
| 527 | ret = i2d_PUBKEY(pktmp, pp); | ||
| 528 | EVP_PKEY_free(pktmp); | ||
| 529 | return(ret); | ||
| 530 | } | ||
| 360 | #endif | 531 | #endif |
diff --git a/src/lib/libssl/src/crypto/asn1/x_req.c b/src/lib/libssl/src/crypto/asn1/x_req.c index b3f18ebc12..59ca8ce329 100644 --- a/src/lib/libssl/src/crypto/asn1/x_req.c +++ b/src/lib/libssl/src/crypto/asn1/x_req.c | |||
| @@ -102,7 +102,7 @@ ASN1_SEQUENCE_enc(X509_REQ_INFO, enc, rinf_cb) = { | |||
| 102 | 102 | ||
| 103 | IMPLEMENT_ASN1_FUNCTIONS(X509_REQ_INFO) | 103 | IMPLEMENT_ASN1_FUNCTIONS(X509_REQ_INFO) |
| 104 | 104 | ||
| 105 | ASN1_SEQUENCE_ref(X509_REQ, 0, CRYPTO_LOCK_X509_INFO) = { | 105 | ASN1_SEQUENCE_ref(X509_REQ, 0, CRYPTO_LOCK_X509_REQ) = { |
| 106 | ASN1_SIMPLE(X509_REQ, req_info, X509_REQ_INFO), | 106 | ASN1_SIMPLE(X509_REQ, req_info, X509_REQ_INFO), |
| 107 | ASN1_SIMPLE(X509_REQ, sig_alg, X509_ALGOR), | 107 | ASN1_SIMPLE(X509_REQ, sig_alg, X509_ALGOR), |
| 108 | ASN1_SIMPLE(X509_REQ, signature, ASN1_BIT_STRING) | 108 | ASN1_SIMPLE(X509_REQ, signature, ASN1_BIT_STRING) |
diff --git a/src/lib/libssl/src/crypto/asn1/x_x509.c b/src/lib/libssl/src/crypto/asn1/x_x509.c index b50167ce43..e118696625 100644 --- a/src/lib/libssl/src/crypto/asn1/x_x509.c +++ b/src/lib/libssl/src/crypto/asn1/x_x509.c | |||
| @@ -79,6 +79,8 @@ ASN1_SEQUENCE(X509_CINF) = { | |||
| 79 | IMPLEMENT_ASN1_FUNCTIONS(X509_CINF) | 79 | IMPLEMENT_ASN1_FUNCTIONS(X509_CINF) |
| 80 | /* X509 top level structure needs a bit of customisation */ | 80 | /* X509 top level structure needs a bit of customisation */ |
| 81 | 81 | ||
| 82 | extern void policy_cache_free(X509_POLICY_CACHE *cache); | ||
| 83 | |||
| 82 | static int x509_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it) | 84 | static int x509_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it) |
| 83 | { | 85 | { |
| 84 | X509 *ret = (X509 *)*pval; | 86 | X509 *ret = (X509 *)*pval; |
| @@ -92,6 +94,10 @@ static int x509_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it) | |||
| 92 | ret->ex_pathlen = -1; | 94 | ret->ex_pathlen = -1; |
| 93 | ret->skid = NULL; | 95 | ret->skid = NULL; |
| 94 | ret->akid = NULL; | 96 | ret->akid = NULL; |
| 97 | #ifndef OPENSSL_NO_RFC3779 | ||
| 98 | ret->rfc3779_addr = NULL; | ||
| 99 | ret->rfc3779_asid = NULL; | ||
| 100 | #endif | ||
| 95 | ret->aux = NULL; | 101 | ret->aux = NULL; |
| 96 | CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509, ret, &ret->ex_data); | 102 | CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509, ret, &ret->ex_data); |
| 97 | break; | 103 | break; |
| @@ -106,6 +112,11 @@ static int x509_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it) | |||
| 106 | X509_CERT_AUX_free(ret->aux); | 112 | X509_CERT_AUX_free(ret->aux); |
| 107 | ASN1_OCTET_STRING_free(ret->skid); | 113 | ASN1_OCTET_STRING_free(ret->skid); |
| 108 | AUTHORITY_KEYID_free(ret->akid); | 114 | AUTHORITY_KEYID_free(ret->akid); |
| 115 | policy_cache_free(ret->policy_cache); | ||
| 116 | #ifndef OPENSSL_NO_RFC3779 | ||
| 117 | sk_IPAddressFamily_pop_free(ret->rfc3779_addr, IPAddressFamily_free); | ||
| 118 | ASIdentifiers_free(ret->rfc3779_asid); | ||
| 119 | #endif | ||
| 109 | 120 | ||
| 110 | if (ret->name != NULL) OPENSSL_free(ret->name); | 121 | if (ret->name != NULL) OPENSSL_free(ret->name); |
| 111 | break; | 122 | break; |
| @@ -125,11 +136,13 @@ ASN1_SEQUENCE_ref(X509, x509_cb, CRYPTO_LOCK_X509) = { | |||
| 125 | IMPLEMENT_ASN1_FUNCTIONS(X509) | 136 | IMPLEMENT_ASN1_FUNCTIONS(X509) |
| 126 | IMPLEMENT_ASN1_DUP_FUNCTION(X509) | 137 | IMPLEMENT_ASN1_DUP_FUNCTION(X509) |
| 127 | 138 | ||
| 128 | static ASN1_METHOD meth={ | 139 | static ASN1_METHOD meth= |
| 129 | (int (*)()) i2d_X509, | 140 | { |
| 130 | (char *(*)())d2i_X509, | 141 | (I2D_OF(void)) i2d_X509, |
| 131 | (char *(*)())X509_new, | 142 | (D2I_OF(void)) d2i_X509, |
| 132 | (void (*)()) X509_free}; | 143 | (void *(*)(void))X509_new, |
| 144 | (void (*)(void *)) X509_free | ||
| 145 | }; | ||
| 133 | 146 | ||
| 134 | ASN1_METHOD *X509_asn1_meth(void) | 147 | ASN1_METHOD *X509_asn1_meth(void) |
| 135 | { | 148 | { |
| @@ -161,9 +174,9 @@ void *X509_get_ex_data(X509 *r, int idx) | |||
| 161 | * | 174 | * |
| 162 | */ | 175 | */ |
| 163 | 176 | ||
| 164 | X509 *d2i_X509_AUX(X509 **a, unsigned char **pp, long length) | 177 | X509 *d2i_X509_AUX(X509 **a, const unsigned char **pp, long length) |
| 165 | { | 178 | { |
| 166 | unsigned char *q; | 179 | const unsigned char *q; |
| 167 | X509 *ret; | 180 | X509 *ret; |
| 168 | /* Save start position */ | 181 | /* Save start position */ |
| 169 | q = *pp; | 182 | q = *pp; |
diff --git a/src/lib/libssl/src/crypto/asn1/x_x509a.c b/src/lib/libssl/src/crypto/asn1/x_x509a.c index f244768b7e..13db5fd03f 100644 --- a/src/lib/libssl/src/crypto/asn1/x_x509a.c +++ b/src/lib/libssl/src/crypto/asn1/x_x509a.c | |||
| @@ -91,6 +91,14 @@ static X509_CERT_AUX *aux_get(X509 *x) | |||
| 91 | int X509_alias_set1(X509 *x, unsigned char *name, int len) | 91 | int X509_alias_set1(X509 *x, unsigned char *name, int len) |
| 92 | { | 92 | { |
| 93 | X509_CERT_AUX *aux; | 93 | X509_CERT_AUX *aux; |
| 94 | if (!name) | ||
| 95 | { | ||
| 96 | if (!x || !x->aux || !x->aux->alias) | ||
| 97 | return 1; | ||
| 98 | ASN1_UTF8STRING_free(x->aux->alias); | ||
| 99 | x->aux->alias = NULL; | ||
| 100 | return 1; | ||
| 101 | } | ||
| 94 | if(!(aux = aux_get(x))) return 0; | 102 | if(!(aux = aux_get(x))) return 0; |
| 95 | if(!aux->alias && !(aux->alias = ASN1_UTF8STRING_new())) return 0; | 103 | if(!aux->alias && !(aux->alias = ASN1_UTF8STRING_new())) return 0; |
| 96 | return ASN1_STRING_set(aux->alias, name, len); | 104 | return ASN1_STRING_set(aux->alias, name, len); |
| @@ -99,6 +107,14 @@ int X509_alias_set1(X509 *x, unsigned char *name, int len) | |||
| 99 | int X509_keyid_set1(X509 *x, unsigned char *id, int len) | 107 | int X509_keyid_set1(X509 *x, unsigned char *id, int len) |
| 100 | { | 108 | { |
| 101 | X509_CERT_AUX *aux; | 109 | X509_CERT_AUX *aux; |
| 110 | if (!id) | ||
| 111 | { | ||
| 112 | if (!x || !x->aux || !x->aux->keyid) | ||
| 113 | return 1; | ||
| 114 | ASN1_OCTET_STRING_free(x->aux->keyid); | ||
| 115 | x->aux->keyid = NULL; | ||
| 116 | return 1; | ||
| 117 | } | ||
| 102 | if(!(aux = aux_get(x))) return 0; | 118 | if(!(aux = aux_get(x))) return 0; |
| 103 | if(!aux->keyid && !(aux->keyid = ASN1_OCTET_STRING_new())) return 0; | 119 | if(!aux->keyid && !(aux->keyid = ASN1_OCTET_STRING_new())) return 0; |
| 104 | return ASN1_STRING_set(aux->keyid, id, len); | 120 | return ASN1_STRING_set(aux->keyid, id, len); |
| @@ -111,6 +127,13 @@ unsigned char *X509_alias_get0(X509 *x, int *len) | |||
| 111 | return x->aux->alias->data; | 127 | return x->aux->alias->data; |
| 112 | } | 128 | } |
| 113 | 129 | ||
| 130 | unsigned char *X509_keyid_get0(X509 *x, int *len) | ||
| 131 | { | ||
| 132 | if(!x->aux || !x->aux->keyid) return NULL; | ||
| 133 | if(len) *len = x->aux->keyid->length; | ||
| 134 | return x->aux->keyid->data; | ||
| 135 | } | ||
| 136 | |||
| 114 | int X509_add1_trust_object(X509 *x, ASN1_OBJECT *obj) | 137 | int X509_add1_trust_object(X509 *x, ASN1_OBJECT *obj) |
| 115 | { | 138 | { |
| 116 | X509_CERT_AUX *aux; | 139 | X509_CERT_AUX *aux; |
| @@ -149,3 +172,9 @@ void X509_reject_clear(X509 *x) | |||
| 149 | } | 172 | } |
| 150 | } | 173 | } |
| 151 | 174 | ||
| 175 | ASN1_SEQUENCE(X509_CERT_PAIR) = { | ||
| 176 | ASN1_EXP_OPT(X509_CERT_PAIR, forward, X509, 0), | ||
| 177 | ASN1_EXP_OPT(X509_CERT_PAIR, reverse, X509, 1) | ||
| 178 | } ASN1_SEQUENCE_END(X509_CERT_PAIR) | ||
| 179 | |||
| 180 | IMPLEMENT_ASN1_FUNCTIONS(X509_CERT_PAIR) | ||
diff --git a/src/lib/libssl/src/crypto/bf/bf_ecb.c b/src/lib/libssl/src/crypto/bf/bf_ecb.c index 341991636f..1607cefa32 100644 --- a/src/lib/libssl/src/crypto/bf/bf_ecb.c +++ b/src/lib/libssl/src/crypto/bf/bf_ecb.c | |||
| @@ -65,7 +65,7 @@ | |||
| 65 | * CAMBRIDGE SECURITY WORKSHOP, CAMBRIDGE, U.K., DECEMBER 9-11, 1993) | 65 | * CAMBRIDGE SECURITY WORKSHOP, CAMBRIDGE, U.K., DECEMBER 9-11, 1993) |
| 66 | */ | 66 | */ |
| 67 | 67 | ||
| 68 | const char *BF_version="Blowfish" OPENSSL_VERSION_PTEXT; | 68 | const char BF_version[]="Blowfish" OPENSSL_VERSION_PTEXT; |
| 69 | 69 | ||
| 70 | const char *BF_options(void) | 70 | const char *BF_options(void) |
| 71 | { | 71 | { |
diff --git a/src/lib/libssl/src/crypto/bf/bf_enc.c b/src/lib/libssl/src/crypto/bf/bf_enc.c index b380acf959..2d21d09f42 100644 --- a/src/lib/libssl/src/crypto/bf/bf_enc.c +++ b/src/lib/libssl/src/crypto/bf/bf_enc.c | |||
| @@ -73,7 +73,7 @@ void BF_encrypt(BF_LONG *data, const BF_KEY *key) | |||
| 73 | { | 73 | { |
| 74 | #ifndef BF_PTR2 | 74 | #ifndef BF_PTR2 |
| 75 | register BF_LONG l,r; | 75 | register BF_LONG l,r; |
| 76 | const register BF_LONG *p,*s; | 76 | register const BF_LONG *p,*s; |
| 77 | 77 | ||
| 78 | p=key->P; | 78 | p=key->P; |
| 79 | s= &(key->S[0]); | 79 | s= &(key->S[0]); |
| @@ -150,7 +150,7 @@ void BF_decrypt(BF_LONG *data, const BF_KEY *key) | |||
| 150 | { | 150 | { |
| 151 | #ifndef BF_PTR2 | 151 | #ifndef BF_PTR2 |
| 152 | register BF_LONG l,r; | 152 | register BF_LONG l,r; |
| 153 | const register BF_LONG *p,*s; | 153 | register const BF_LONG *p,*s; |
| 154 | 154 | ||
| 155 | p=key->P; | 155 | p=key->P; |
| 156 | s= &(key->S[0]); | 156 | s= &(key->S[0]); |
diff --git a/src/lib/libssl/src/crypto/bf/bf_opts.c b/src/lib/libssl/src/crypto/bf/bf_opts.c index 171dada2ca..1721bb99b4 100644 --- a/src/lib/libssl/src/crypto/bf/bf_opts.c +++ b/src/lib/libssl/src/crypto/bf/bf_opts.c | |||
| @@ -69,7 +69,10 @@ | |||
| 69 | #include OPENSSL_UNISTD_IO | 69 | #include OPENSSL_UNISTD_IO |
| 70 | OPENSSL_DECLARE_EXIT | 70 | OPENSSL_DECLARE_EXIT |
| 71 | 71 | ||
| 72 | #ifndef OPENSSL_SYS_NETWARE | ||
| 72 | #include <signal.h> | 73 | #include <signal.h> |
| 74 | #endif | ||
| 75 | |||
| 73 | #ifndef _IRIX | 76 | #ifndef _IRIX |
| 74 | #include <time.h> | 77 | #include <time.h> |
| 75 | #endif | 78 | #endif |
diff --git a/src/lib/libssl/src/crypto/bf/bf_skey.c b/src/lib/libssl/src/crypto/bf/bf_skey.c index 1931aba83f..3673cdee6e 100644 --- a/src/lib/libssl/src/crypto/bf/bf_skey.c +++ b/src/lib/libssl/src/crypto/bf/bf_skey.c | |||
| @@ -58,13 +58,11 @@ | |||
| 58 | 58 | ||
| 59 | #include <stdio.h> | 59 | #include <stdio.h> |
| 60 | #include <string.h> | 60 | #include <string.h> |
| 61 | #include <openssl/crypto.h> | ||
| 62 | #include <openssl/blowfish.h> | 61 | #include <openssl/blowfish.h> |
| 63 | #include <openssl/fips.h> | ||
| 64 | #include "bf_locl.h" | 62 | #include "bf_locl.h" |
| 65 | #include "bf_pi.h" | 63 | #include "bf_pi.h" |
| 66 | 64 | ||
| 67 | FIPS_NON_FIPS_VCIPHER_Init(BF) | 65 | void BF_set_key(BF_KEY *key, int len, const unsigned char *data) |
| 68 | { | 66 | { |
| 69 | int i; | 67 | int i; |
| 70 | BF_LONG *p,ri,in[2]; | 68 | BF_LONG *p,ri,in[2]; |
diff --git a/src/lib/libssl/src/crypto/bf/bfspeed.c b/src/lib/libssl/src/crypto/bf/bfspeed.c index f346af64f3..c41ef3b403 100644 --- a/src/lib/libssl/src/crypto/bf/bfspeed.c +++ b/src/lib/libssl/src/crypto/bf/bfspeed.c | |||
| @@ -69,7 +69,10 @@ | |||
| 69 | #include OPENSSL_UNISTD_IO | 69 | #include OPENSSL_UNISTD_IO |
| 70 | OPENSSL_DECLARE_EXIT | 70 | OPENSSL_DECLARE_EXIT |
| 71 | 71 | ||
| 72 | #ifndef OPENSSL_SYS_NETWARE | ||
| 72 | #include <signal.h> | 73 | #include <signal.h> |
| 74 | #endif | ||
| 75 | |||
| 73 | #ifndef _IRIX | 76 | #ifndef _IRIX |
| 74 | #include <time.h> | 77 | #include <time.h> |
| 75 | #endif | 78 | #endif |
diff --git a/src/lib/libssl/src/crypto/bf/bftest.c b/src/lib/libssl/src/crypto/bf/bftest.c index 24d526b14b..97e6634d37 100644 --- a/src/lib/libssl/src/crypto/bf/bftest.c +++ b/src/lib/libssl/src/crypto/bf/bftest.c | |||
| @@ -62,6 +62,7 @@ | |||
| 62 | #include <stdio.h> | 62 | #include <stdio.h> |
| 63 | #include <string.h> | 63 | #include <string.h> |
| 64 | #include <stdlib.h> | 64 | #include <stdlib.h> |
| 65 | #include <openssl/opensslconf.h> /* To see if OPENSSL_NO_BF is defined */ | ||
| 65 | 66 | ||
| 66 | #include "../e_os.h" | 67 | #include "../e_os.h" |
| 67 | 68 | ||
| @@ -277,6 +278,9 @@ int main(int argc, char *argv[]) | |||
| 277 | else | 278 | else |
| 278 | ret=test(); | 279 | ret=test(); |
| 279 | 280 | ||
| 281 | #ifdef OPENSSL_SYS_NETWARE | ||
| 282 | if (ret) printf("ERROR: %d\n", ret); | ||
| 283 | #endif | ||
| 280 | EXIT(ret); | 284 | EXIT(ret); |
| 281 | return(0); | 285 | return(0); |
| 282 | } | 286 | } |
diff --git a/src/lib/libssl/src/crypto/bf/blowfish.h b/src/lib/libssl/src/crypto/bf/blowfish.h index b4d8774961..cd49e85ab2 100644 --- a/src/lib/libssl/src/crypto/bf/blowfish.h +++ b/src/lib/libssl/src/crypto/bf/blowfish.h | |||
| @@ -104,10 +104,7 @@ typedef struct bf_key_st | |||
| 104 | BF_LONG S[4*256]; | 104 | BF_LONG S[4*256]; |
| 105 | } BF_KEY; | 105 | } BF_KEY; |
| 106 | 106 | ||
| 107 | 107 | ||
| 108 | #ifdef OPENSSL_FIPS | ||
| 109 | void private_BF_set_key(BF_KEY *key, int len, const unsigned char *data); | ||
| 110 | #endif | ||
| 111 | void BF_set_key(BF_KEY *key, int len, const unsigned char *data); | 108 | void BF_set_key(BF_KEY *key, int len, const unsigned char *data); |
| 112 | 109 | ||
| 113 | void BF_encrypt(BF_LONG *data,const BF_KEY *key); | 110 | void BF_encrypt(BF_LONG *data,const BF_KEY *key); |
diff --git a/src/lib/libssl/src/crypto/bio/b_dump.c b/src/lib/libssl/src/crypto/bio/b_dump.c index f671e722fa..c80ecc4295 100644 --- a/src/lib/libssl/src/crypto/bio/b_dump.c +++ b/src/lib/libssl/src/crypto/bio/b_dump.c | |||
| @@ -62,30 +62,32 @@ | |||
| 62 | 62 | ||
| 63 | #include <stdio.h> | 63 | #include <stdio.h> |
| 64 | #include "cryptlib.h" | 64 | #include "cryptlib.h" |
| 65 | #include <openssl/bio.h> | 65 | #include "bio_lcl.h" |
| 66 | 66 | ||
| 67 | #define TRUNCATE | 67 | #define TRUNCATE |
| 68 | #define DUMP_WIDTH 16 | 68 | #define DUMP_WIDTH 16 |
| 69 | #define DUMP_WIDTH_LESS_INDENT(i) (DUMP_WIDTH-((i-(i>6?6:i)+3)/4)) | 69 | #define DUMP_WIDTH_LESS_INDENT(i) (DUMP_WIDTH-((i-(i>6?6:i)+3)/4)) |
| 70 | 70 | ||
| 71 | int BIO_dump(BIO *bio, const char *s, int len) | 71 | int BIO_dump_cb(int (*cb)(const void *data, size_t len, void *u), |
| 72 | void *u, const char *s, int len) | ||
| 72 | { | 73 | { |
| 73 | return BIO_dump_indent(bio, s, len, 0); | 74 | return BIO_dump_indent_cb(cb, u, s, len, 0); |
| 74 | } | 75 | } |
| 75 | 76 | ||
| 76 | int BIO_dump_indent(BIO *bio, const char *s, int len, int indent) | 77 | int BIO_dump_indent_cb(int (*cb)(const void *data, size_t len, void *u), |
| 78 | void *u, const char *s, int len, int indent) | ||
| 77 | { | 79 | { |
| 78 | int ret=0; | 80 | int ret=0; |
| 79 | char buf[288+1],tmp[20],str[128+1]; | 81 | char buf[288+1],tmp[20],str[128+1]; |
| 80 | int i,j,rows,trunc; | 82 | int i,j,rows,trc; |
| 81 | unsigned char ch; | 83 | unsigned char ch; |
| 82 | int dump_width; | 84 | int dump_width; |
| 83 | 85 | ||
| 84 | trunc=0; | 86 | trc=0; |
| 85 | 87 | ||
| 86 | #ifdef TRUNCATE | 88 | #ifdef TRUNCATE |
| 87 | for(; (len > 0) && ((s[len-1] == ' ') || (s[len-1] == '\0')); len--) | 89 | for(; (len > 0) && ((s[len-1] == ' ') || (s[len-1] == '\0')); len--) |
| 88 | trunc++; | 90 | trc++; |
| 89 | #endif | 91 | #endif |
| 90 | 92 | ||
| 91 | if (indent < 0) | 93 | if (indent < 0) |
| @@ -96,7 +98,7 @@ int BIO_dump_indent(BIO *bio, const char *s, int len, int indent) | |||
| 96 | memset(str,' ',indent); | 98 | memset(str,' ',indent); |
| 97 | } | 99 | } |
| 98 | str[indent]='\0'; | 100 | str[indent]='\0'; |
| 99 | 101 | ||
| 100 | dump_width=DUMP_WIDTH_LESS_INDENT(indent); | 102 | dump_width=DUMP_WIDTH_LESS_INDENT(indent); |
| 101 | rows=(len/dump_width); | 103 | rows=(len/dump_width); |
| 102 | if ((rows*dump_width)<len) | 104 | if ((rows*dump_width)<len) |
| @@ -117,7 +119,7 @@ int BIO_dump_indent(BIO *bio, const char *s, int len, int indent) | |||
| 117 | { | 119 | { |
| 118 | ch=((unsigned char)*(s+i*dump_width+j)) & 0xff; | 120 | ch=((unsigned char)*(s+i*dump_width+j)) & 0xff; |
| 119 | BIO_snprintf(tmp,sizeof tmp,"%02x%c",ch, | 121 | BIO_snprintf(tmp,sizeof tmp,"%02x%c",ch, |
| 120 | j==7?'-':' '); | 122 | j==7?'-':' '); |
| 121 | BUF_strlcat(buf,tmp,sizeof buf); | 123 | BUF_strlcat(buf,tmp,sizeof buf); |
| 122 | } | 124 | } |
| 123 | } | 125 | } |
| @@ -129,28 +131,57 @@ int BIO_dump_indent(BIO *bio, const char *s, int len, int indent) | |||
| 129 | ch=((unsigned char)*(s+i*dump_width+j)) & 0xff; | 131 | ch=((unsigned char)*(s+i*dump_width+j)) & 0xff; |
| 130 | #ifndef CHARSET_EBCDIC | 132 | #ifndef CHARSET_EBCDIC |
| 131 | BIO_snprintf(tmp,sizeof tmp,"%c", | 133 | BIO_snprintf(tmp,sizeof tmp,"%c", |
| 132 | ((ch>=' ')&&(ch<='~'))?ch:'.'); | 134 | ((ch>=' ')&&(ch<='~'))?ch:'.'); |
| 133 | #else | 135 | #else |
| 134 | BIO_snprintf(tmp,sizeof tmp,"%c", | 136 | BIO_snprintf(tmp,sizeof tmp,"%c", |
| 135 | ((ch>=os_toascii[' '])&&(ch<=os_toascii['~'])) | 137 | ((ch>=os_toascii[' '])&&(ch<=os_toascii['~'])) |
| 136 | ? os_toebcdic[ch] | 138 | ? os_toebcdic[ch] |
| 137 | : '.'); | 139 | : '.'); |
| 138 | #endif | 140 | #endif |
| 139 | BUF_strlcat(buf,tmp,sizeof buf); | 141 | BUF_strlcat(buf,tmp,sizeof buf); |
| 140 | } | 142 | } |
| 141 | BUF_strlcat(buf,"\n",sizeof buf); | 143 | BUF_strlcat(buf,"\n",sizeof buf); |
| 142 | /* if this is the last call then update the ddt_dump thing so that | 144 | /* if this is the last call then update the ddt_dump thing so |
| 143 | * we will move the selection point in the debug window | 145 | * that we will move the selection point in the debug window |
| 144 | */ | 146 | */ |
| 145 | ret+=BIO_write(bio,(char *)buf,strlen(buf)); | 147 | ret+=cb((void *)buf,strlen(buf),u); |
| 146 | } | 148 | } |
| 147 | #ifdef TRUNCATE | 149 | #ifdef TRUNCATE |
| 148 | if (trunc > 0) | 150 | if (trc > 0) |
| 149 | { | 151 | { |
| 150 | BIO_snprintf(buf,sizeof buf,"%s%04x - <SPACES/NULS>\n",str, | 152 | BIO_snprintf(buf,sizeof buf,"%s%04x - <SPACES/NULS>\n",str, |
| 151 | len+trunc); | 153 | len+trc); |
| 152 | ret+=BIO_write(bio,(char *)buf,strlen(buf)); | 154 | ret+=cb((void *)buf,strlen(buf),u); |
| 153 | } | 155 | } |
| 154 | #endif | 156 | #endif |
| 155 | return(ret); | 157 | return(ret); |
| 156 | } | 158 | } |
| 159 | |||
| 160 | #ifndef OPENSSL_NO_FP_API | ||
| 161 | static int write_fp(const void *data, size_t len, void *fp) | ||
| 162 | { | ||
| 163 | return UP_fwrite(data, len, 1, fp); | ||
| 164 | } | ||
| 165 | int BIO_dump_fp(FILE *fp, const char *s, int len) | ||
| 166 | { | ||
| 167 | return BIO_dump_cb(write_fp, fp, s, len); | ||
| 168 | } | ||
| 169 | int BIO_dump_indent_fp(FILE *fp, const char *s, int len, int indent) | ||
| 170 | { | ||
| 171 | return BIO_dump_indent_cb(write_fp, fp, s, len, indent); | ||
| 172 | } | ||
| 173 | #endif | ||
| 174 | |||
| 175 | static int write_bio(const void *data, size_t len, void *bp) | ||
| 176 | { | ||
| 177 | return BIO_write((BIO *)bp, (const char *)data, len); | ||
| 178 | } | ||
| 179 | int BIO_dump(BIO *bp, const char *s, int len) | ||
| 180 | { | ||
| 181 | return BIO_dump_cb(write_bio, bp, s, len); | ||
| 182 | } | ||
| 183 | int BIO_dump_indent(BIO *bp, const char *s, int len, int indent) | ||
| 184 | { | ||
| 185 | return BIO_dump_indent_cb(write_bio, bp, s, len, indent); | ||
| 186 | } | ||
| 187 | |||
diff --git a/src/lib/libssl/src/crypto/bio/b_print.c b/src/lib/libssl/src/crypto/bio/b_print.c index f2bd91d5a0..2fffcfc025 100644 --- a/src/lib/libssl/src/crypto/bio/b_print.c +++ b/src/lib/libssl/src/crypto/bio/b_print.c | |||
| @@ -79,7 +79,7 @@ | |||
| 79 | #include <openssl/bn.h> /* To get BN_LLONG properly defined */ | 79 | #include <openssl/bn.h> /* To get BN_LLONG properly defined */ |
| 80 | #include <openssl/bio.h> | 80 | #include <openssl/bio.h> |
| 81 | 81 | ||
| 82 | #ifdef BN_LLONG | 82 | #if defined(BN_LLONG) || defined(SIXTY_FOUR_BIT) |
| 83 | # ifndef HAVE_LONG_LONG | 83 | # ifndef HAVE_LONG_LONG |
| 84 | # define HAVE_LONG_LONG 1 | 84 | # define HAVE_LONG_LONG 1 |
| 85 | # endif | 85 | # endif |
| @@ -117,7 +117,7 @@ | |||
| 117 | 117 | ||
| 118 | #if HAVE_LONG_LONG | 118 | #if HAVE_LONG_LONG |
| 119 | # if defined(OPENSSL_SYS_WIN32) && !defined(__GNUC__) | 119 | # if defined(OPENSSL_SYS_WIN32) && !defined(__GNUC__) |
| 120 | # define LLONG _int64 | 120 | # define LLONG __int64 |
| 121 | # else | 121 | # else |
| 122 | # define LLONG long long | 122 | # define LLONG long long |
| 123 | # endif | 123 | # endif |
| @@ -482,7 +482,7 @@ fmtint( | |||
| 482 | int flags) | 482 | int flags) |
| 483 | { | 483 | { |
| 484 | int signvalue = 0; | 484 | int signvalue = 0; |
| 485 | char *prefix = ""; | 485 | const char *prefix = ""; |
| 486 | unsigned LLONG uvalue; | 486 | unsigned LLONG uvalue; |
| 487 | char convert[DECIMAL_SIZE(value)+3]; | 487 | char convert[DECIMAL_SIZE(value)+3]; |
| 488 | int place = 0; | 488 | int place = 0; |
| @@ -513,8 +513,8 @@ fmtint( | |||
| 513 | (caps ? "0123456789ABCDEF" : "0123456789abcdef") | 513 | (caps ? "0123456789ABCDEF" : "0123456789abcdef") |
| 514 | [uvalue % (unsigned) base]; | 514 | [uvalue % (unsigned) base]; |
| 515 | uvalue = (uvalue / (unsigned) base); | 515 | uvalue = (uvalue / (unsigned) base); |
| 516 | } while (uvalue && (place < sizeof convert)); | 516 | } while (uvalue && (place < (int)sizeof(convert))); |
| 517 | if (place == sizeof convert) | 517 | if (place == sizeof(convert)) |
| 518 | place--; | 518 | place--; |
| 519 | convert[place] = 0; | 519 | convert[place] = 0; |
| 520 | 520 | ||
| @@ -619,6 +619,7 @@ fmtfp( | |||
| 619 | int caps = 0; | 619 | int caps = 0; |
| 620 | long intpart; | 620 | long intpart; |
| 621 | long fracpart; | 621 | long fracpart; |
| 622 | long max10; | ||
| 622 | 623 | ||
| 623 | if (max < 0) | 624 | if (max < 0) |
| 624 | max = 6; | 625 | max = 6; |
| @@ -639,11 +640,12 @@ fmtfp( | |||
| 639 | 640 | ||
| 640 | /* we "cheat" by converting the fractional part to integer by | 641 | /* we "cheat" by converting the fractional part to integer by |
| 641 | multiplying by a factor of 10 */ | 642 | multiplying by a factor of 10 */ |
| 642 | fracpart = roundv((pow_10(max)) * (ufvalue - intpart)); | 643 | max10 = roundv(pow_10(max)); |
| 644 | fracpart = roundv(pow_10(max) * (ufvalue - intpart)); | ||
| 643 | 645 | ||
| 644 | if (fracpart >= (long)pow_10(max)) { | 646 | if (fracpart >= max10) { |
| 645 | intpart++; | 647 | intpart++; |
| 646 | fracpart -= (long)pow_10(max); | 648 | fracpart -= max10; |
| 647 | } | 649 | } |
| 648 | 650 | ||
| 649 | /* convert integer part */ | 651 | /* convert integer part */ |
| @@ -652,7 +654,7 @@ fmtfp( | |||
| 652 | (caps ? "0123456789ABCDEF" | 654 | (caps ? "0123456789ABCDEF" |
| 653 | : "0123456789abcdef")[intpart % 10]; | 655 | : "0123456789abcdef")[intpart % 10]; |
| 654 | intpart = (intpart / 10); | 656 | intpart = (intpart / 10); |
| 655 | } while (intpart && (iplace < sizeof iconvert)); | 657 | } while (intpart && (iplace < (int)sizeof(iconvert))); |
| 656 | if (iplace == sizeof iconvert) | 658 | if (iplace == sizeof iconvert) |
| 657 | iplace--; | 659 | iplace--; |
| 658 | iconvert[iplace] = 0; | 660 | iconvert[iplace] = 0; |
diff --git a/src/lib/libssl/src/crypto/bio/b_sock.c b/src/lib/libssl/src/crypto/bio/b_sock.c index c851298d1e..ead477d8a2 100644 --- a/src/lib/libssl/src/crypto/bio/b_sock.c +++ b/src/lib/libssl/src/crypto/bio/b_sock.c | |||
| @@ -56,14 +56,21 @@ | |||
| 56 | * [including the GNU Public Licence.] | 56 | * [including the GNU Public Licence.] |
| 57 | */ | 57 | */ |
| 58 | 58 | ||
| 59 | #ifndef OPENSSL_NO_SOCK | ||
| 60 | |||
| 61 | #include <stdio.h> | 59 | #include <stdio.h> |
| 62 | #include <stdlib.h> | 60 | #include <stdlib.h> |
| 63 | #include <errno.h> | 61 | #include <errno.h> |
| 64 | #define USE_SOCKETS | 62 | #define USE_SOCKETS |
| 65 | #include "cryptlib.h" | 63 | #include "cryptlib.h" |
| 66 | #include <openssl/bio.h> | 64 | #include <openssl/bio.h> |
| 65 | #if defined(OPENSSL_SYS_NETWARE) && defined(NETWARE_BSDSOCK) | ||
| 66 | #include <netdb.h> | ||
| 67 | #if defined(NETWARE_CLIB) | ||
| 68 | #include <sys/ioctl.h> | ||
| 69 | NETDB_DEFINE_CONTEXT | ||
| 70 | #endif | ||
| 71 | #endif | ||
| 72 | |||
| 73 | #ifndef OPENSSL_NO_SOCK | ||
| 67 | 74 | ||
| 68 | #ifdef OPENSSL_SYS_WIN16 | 75 | #ifdef OPENSSL_SYS_WIN16 |
| 69 | #define SOCKET_PROTOCOL 0 /* more microsoft stupidity */ | 76 | #define SOCKET_PROTOCOL 0 /* more microsoft stupidity */ |
| @@ -79,7 +86,7 @@ | |||
| 79 | #define MAX_LISTEN 32 | 86 | #define MAX_LISTEN 32 |
| 80 | #endif | 87 | #endif |
| 81 | 88 | ||
| 82 | #ifdef OPENSSL_SYS_WINDOWS | 89 | #if defined(OPENSSL_SYS_WINDOWS) || (defined(OPENSSL_SYS_NETWARE) && !defined(NETWARE_BSDSOCK)) |
| 83 | static int wsa_init_done=0; | 90 | static int wsa_init_done=0; |
| 84 | #endif | 91 | #endif |
| 85 | 92 | ||
| @@ -175,11 +182,11 @@ int BIO_get_port(const char *str, unsigned short *port_ptr) | |||
| 175 | /* Note: under VMS with SOCKETSHR, it seems like the first | 182 | /* Note: under VMS with SOCKETSHR, it seems like the first |
| 176 | * parameter is 'char *', instead of 'const char *' | 183 | * parameter is 'char *', instead of 'const char *' |
| 177 | */ | 184 | */ |
| 178 | s=getservbyname( | ||
| 179 | #ifndef CONST_STRICT | 185 | #ifndef CONST_STRICT |
| 180 | (char *) | 186 | s=getservbyname((char *)str,"tcp"); |
| 187 | #else | ||
| 188 | s=getservbyname(str,"tcp"); | ||
| 181 | #endif | 189 | #endif |
| 182 | str,"tcp"); | ||
| 183 | if(s != NULL) | 190 | if(s != NULL) |
| 184 | *port_ptr=ntohs((unsigned short)s->s_port); | 191 | *port_ptr=ntohs((unsigned short)s->s_port); |
| 185 | CRYPTO_w_unlock(CRYPTO_LOCK_GETSERVBYNAME); | 192 | CRYPTO_w_unlock(CRYPTO_LOCK_GETSERVBYNAME); |
| @@ -357,7 +364,11 @@ struct hostent *BIO_gethostbyname(const char *name) | |||
| 357 | #if 1 | 364 | #if 1 |
| 358 | /* Caching gethostbyname() results forever is wrong, | 365 | /* Caching gethostbyname() results forever is wrong, |
| 359 | * so we have to let the true gethostbyname() worry about this */ | 366 | * so we have to let the true gethostbyname() worry about this */ |
| 367 | #if (defined(NETWARE_BSDSOCK) && !defined(__NOVELL_LIBC__)) | ||
| 368 | return gethostbyname((char*)name); | ||
| 369 | #else | ||
| 360 | return gethostbyname(name); | 370 | return gethostbyname(name); |
| 371 | #endif | ||
| 361 | #else | 372 | #else |
| 362 | struct hostent *ret; | 373 | struct hostent *ret; |
| 363 | int i,lowi=0,j; | 374 | int i,lowi=0,j; |
| @@ -397,11 +408,11 @@ struct hostent *BIO_gethostbyname(const char *name) | |||
| 397 | /* Note: under VMS with SOCKETSHR, it seems like the first | 408 | /* Note: under VMS with SOCKETSHR, it seems like the first |
| 398 | * parameter is 'char *', instead of 'const char *' | 409 | * parameter is 'char *', instead of 'const char *' |
| 399 | */ | 410 | */ |
| 400 | ret=gethostbyname( | ||
| 401 | # ifndef CONST_STRICT | 411 | # ifndef CONST_STRICT |
| 402 | (char *) | 412 | ret=gethostbyname((char *)name); |
| 413 | # else | ||
| 414 | ret=gethostbyname(name); | ||
| 403 | # endif | 415 | # endif |
| 404 | name); | ||
| 405 | 416 | ||
| 406 | if (ret == NULL) | 417 | if (ret == NULL) |
| 407 | goto end; | 418 | goto end; |
| @@ -453,9 +464,6 @@ int BIO_sock_init(void) | |||
| 453 | { | 464 | { |
| 454 | int err; | 465 | int err; |
| 455 | 466 | ||
| 456 | #ifdef SIGINT | ||
| 457 | signal(SIGINT,(void (*)(int))BIO_sock_cleanup); | ||
| 458 | #endif | ||
| 459 | wsa_init_done=1; | 467 | wsa_init_done=1; |
| 460 | memset(&wsa_state,0,sizeof(wsa_state)); | 468 | memset(&wsa_state,0,sizeof(wsa_state)); |
| 461 | if (WSAStartup(0x0101,&wsa_state)!=0) | 469 | if (WSAStartup(0x0101,&wsa_state)!=0) |
| @@ -473,6 +481,26 @@ int BIO_sock_init(void) | |||
| 473 | if (sock_init()) | 481 | if (sock_init()) |
| 474 | return (-1); | 482 | return (-1); |
| 475 | #endif | 483 | #endif |
| 484 | |||
| 485 | #if defined(OPENSSL_SYS_NETWARE) && !defined(NETWARE_BSDSOCK) | ||
| 486 | WORD wVerReq; | ||
| 487 | WSADATA wsaData; | ||
| 488 | int err; | ||
| 489 | |||
| 490 | if (!wsa_init_done) | ||
| 491 | { | ||
| 492 | wsa_init_done=1; | ||
| 493 | wVerReq = MAKEWORD( 2, 0 ); | ||
| 494 | err = WSAStartup(wVerReq,&wsaData); | ||
| 495 | if (err != 0) | ||
| 496 | { | ||
| 497 | SYSerr(SYS_F_WSASTARTUP,err); | ||
| 498 | BIOerr(BIO_F_BIO_SOCK_INIT,BIO_R_WSASTARTUP); | ||
| 499 | return(-1); | ||
| 500 | } | ||
| 501 | } | ||
| 502 | #endif | ||
| 503 | |||
| 476 | return(1); | 504 | return(1); |
| 477 | } | 505 | } |
| 478 | 506 | ||
| @@ -483,10 +511,16 @@ void BIO_sock_cleanup(void) | |||
| 483 | { | 511 | { |
| 484 | wsa_init_done=0; | 512 | wsa_init_done=0; |
| 485 | #ifndef OPENSSL_SYS_WINCE | 513 | #ifndef OPENSSL_SYS_WINCE |
| 486 | WSACancelBlockingCall(); | 514 | WSACancelBlockingCall(); /* Winsock 1.1 specific */ |
| 487 | #endif | 515 | #endif |
| 488 | WSACleanup(); | 516 | WSACleanup(); |
| 489 | } | 517 | } |
| 518 | #elif defined(OPENSSL_SYS_NETWARE) && !defined(NETWARE_BSDSOCK) | ||
| 519 | if (wsa_init_done) | ||
| 520 | { | ||
| 521 | wsa_init_done=0; | ||
| 522 | WSACleanup(); | ||
| 523 | } | ||
| 490 | #endif | 524 | #endif |
| 491 | } | 525 | } |
| 492 | 526 | ||
diff --git a/src/lib/libssl/src/crypto/bio/bf_nbio.c b/src/lib/libssl/src/crypto/bio/bf_nbio.c index 1ce2bfacc0..c72a23c2e1 100644 --- a/src/lib/libssl/src/crypto/bio/bf_nbio.c +++ b/src/lib/libssl/src/crypto/bio/bf_nbio.c | |||
| @@ -127,7 +127,7 @@ static int nbiof_read(BIO *b, char *out, int outl) | |||
| 127 | { | 127 | { |
| 128 | NBIO_TEST *nt; | 128 | NBIO_TEST *nt; |
| 129 | int ret=0; | 129 | int ret=0; |
| 130 | #if 0 | 130 | #if 1 |
| 131 | int num; | 131 | int num; |
| 132 | unsigned char n; | 132 | unsigned char n; |
| 133 | #endif | 133 | #endif |
| @@ -137,7 +137,7 @@ static int nbiof_read(BIO *b, char *out, int outl) | |||
| 137 | nt=(NBIO_TEST *)b->ptr; | 137 | nt=(NBIO_TEST *)b->ptr; |
| 138 | 138 | ||
| 139 | BIO_clear_retry_flags(b); | 139 | BIO_clear_retry_flags(b); |
| 140 | #if 0 | 140 | #if 1 |
| 141 | RAND_pseudo_bytes(&n,1); | 141 | RAND_pseudo_bytes(&n,1); |
| 142 | num=(n&0x07); | 142 | num=(n&0x07); |
| 143 | 143 | ||
diff --git a/src/lib/libssl/src/crypto/bio/bio.h b/src/lib/libssl/src/crypto/bio/bio.h index 2eb703830f..cecb6a7207 100644 --- a/src/lib/libssl/src/crypto/bio/bio.h +++ b/src/lib/libssl/src/crypto/bio/bio.h | |||
| @@ -59,13 +59,14 @@ | |||
| 59 | #ifndef HEADER_BIO_H | 59 | #ifndef HEADER_BIO_H |
| 60 | #define HEADER_BIO_H | 60 | #define HEADER_BIO_H |
| 61 | 61 | ||
| 62 | #include <openssl/e_os2.h> | ||
| 63 | |||
| 62 | #ifndef OPENSSL_NO_FP_API | 64 | #ifndef OPENSSL_NO_FP_API |
| 63 | # include <stdio.h> | 65 | # include <stdio.h> |
| 64 | #endif | 66 | #endif |
| 65 | #include <stdarg.h> | 67 | #include <stdarg.h> |
| 66 | 68 | ||
| 67 | #include <openssl/crypto.h> | 69 | #include <openssl/crypto.h> |
| 68 | #include <openssl/e_os2.h> | ||
| 69 | 70 | ||
| 70 | #ifdef __cplusplus | 71 | #ifdef __cplusplus |
| 71 | extern "C" { | 72 | extern "C" { |
| @@ -93,6 +94,8 @@ extern "C" { | |||
| 93 | #define BIO_TYPE_BER (18|0x0200) /* BER -> bin filter */ | 94 | #define BIO_TYPE_BER (18|0x0200) /* BER -> bin filter */ |
| 94 | #define BIO_TYPE_BIO (19|0x0400) /* (half a) BIO pair */ | 95 | #define BIO_TYPE_BIO (19|0x0400) /* (half a) BIO pair */ |
| 95 | #define BIO_TYPE_LINEBUFFER (20|0x0200) /* filter */ | 96 | #define BIO_TYPE_LINEBUFFER (20|0x0200) /* filter */ |
| 97 | #define BIO_TYPE_DGRAM (21|0x0400|0x0100) | ||
| 98 | #define BIO_TYPE_COMP (23|0x0200) /* filter */ | ||
| 96 | 99 | ||
| 97 | #define BIO_TYPE_DESCRIPTOR 0x0100 /* socket, fd, connect or accept */ | 100 | #define BIO_TYPE_DESCRIPTOR 0x0100 /* socket, fd, connect or accept */ |
| 98 | #define BIO_TYPE_FILTER 0x0200 | 101 | #define BIO_TYPE_FILTER 0x0200 |
| @@ -124,6 +127,38 @@ extern "C" { | |||
| 124 | 127 | ||
| 125 | #define BIO_CTRL_SET_FILENAME 30 /* BIO_s_file special */ | 128 | #define BIO_CTRL_SET_FILENAME 30 /* BIO_s_file special */ |
| 126 | 129 | ||
| 130 | /* dgram BIO stuff */ | ||
| 131 | #define BIO_CTRL_DGRAM_CONNECT 31 /* BIO dgram special */ | ||
| 132 | #define BIO_CTRL_DGRAM_SET_CONNECTED 32 /* allow for an externally | ||
| 133 | * connected socket to be | ||
| 134 | * passed in */ | ||
| 135 | #define BIO_CTRL_DGRAM_SET_RECV_TIMEOUT 33 /* setsockopt, essentially */ | ||
| 136 | #define BIO_CTRL_DGRAM_GET_RECV_TIMEOUT 34 /* getsockopt, essentially */ | ||
| 137 | #define BIO_CTRL_DGRAM_SET_SEND_TIMEOUT 35 /* setsockopt, essentially */ | ||
| 138 | #define BIO_CTRL_DGRAM_GET_SEND_TIMEOUT 36 /* getsockopt, essentially */ | ||
| 139 | |||
| 140 | #define BIO_CTRL_DGRAM_GET_RECV_TIMER_EXP 37 /* flag whether the last */ | ||
| 141 | #define BIO_CTRL_DGRAM_GET_SEND_TIMER_EXP 38 /* I/O operation tiemd out */ | ||
| 142 | |||
| 143 | /* #ifdef IP_MTU_DISCOVER */ | ||
| 144 | #define BIO_CTRL_DGRAM_MTU_DISCOVER 39 /* set DF bit on egress packets */ | ||
| 145 | /* #endif */ | ||
| 146 | |||
| 147 | #define BIO_CTRL_DGRAM_QUERY_MTU 40 /* as kernel for current MTU */ | ||
| 148 | #define BIO_CTRL_DGRAM_GET_MTU 41 /* get cached value for MTU */ | ||
| 149 | #define BIO_CTRL_DGRAM_SET_MTU 42 /* set cached value for | ||
| 150 | * MTU. want to use this | ||
| 151 | * if asking the kernel | ||
| 152 | * fails */ | ||
| 153 | |||
| 154 | #define BIO_CTRL_DGRAM_MTU_EXCEEDED 43 /* check whether the MTU | ||
| 155 | * was exceed in the | ||
| 156 | * previous write | ||
| 157 | * operation */ | ||
| 158 | |||
| 159 | #define BIO_CTRL_DGRAM_SET_PEER 44 /* Destination for the data */ | ||
| 160 | |||
| 161 | |||
| 127 | /* modifiers */ | 162 | /* modifiers */ |
| 128 | #define BIO_FP_READ 0x02 | 163 | #define BIO_FP_READ 0x02 |
| 129 | #define BIO_FP_WRITE 0x04 | 164 | #define BIO_FP_WRITE 0x04 |
| @@ -135,6 +170,11 @@ extern "C" { | |||
| 135 | #define BIO_FLAGS_IO_SPECIAL 0x04 | 170 | #define BIO_FLAGS_IO_SPECIAL 0x04 |
| 136 | #define BIO_FLAGS_RWS (BIO_FLAGS_READ|BIO_FLAGS_WRITE|BIO_FLAGS_IO_SPECIAL) | 171 | #define BIO_FLAGS_RWS (BIO_FLAGS_READ|BIO_FLAGS_WRITE|BIO_FLAGS_IO_SPECIAL) |
| 137 | #define BIO_FLAGS_SHOULD_RETRY 0x08 | 172 | #define BIO_FLAGS_SHOULD_RETRY 0x08 |
| 173 | #ifndef BIO_FLAGS_UPLINK | ||
| 174 | /* "UPLINK" flag denotes file descriptors provided by application. | ||
| 175 | It defaults to 0, as most platforms don't require UPLINK interface. */ | ||
| 176 | #define BIO_FLAGS_UPLINK 0 | ||
| 177 | #endif | ||
| 138 | 178 | ||
| 139 | /* Used in BIO_gethostbyname() */ | 179 | /* Used in BIO_gethostbyname() */ |
| 140 | #define BIO_GHBN_CTRL_HITS 1 | 180 | #define BIO_GHBN_CTRL_HITS 1 |
| @@ -157,28 +197,32 @@ extern "C" { | |||
| 157 | */ | 197 | */ |
| 158 | #define BIO_FLAGS_MEM_RDONLY 0x200 | 198 | #define BIO_FLAGS_MEM_RDONLY 0x200 |
| 159 | 199 | ||
| 160 | #define BIO_set_flags(b,f) ((b)->flags|=(f)) | 200 | typedef struct bio_st BIO; |
| 161 | #define BIO_get_flags(b) ((b)->flags) | 201 | |
| 202 | void BIO_set_flags(BIO *b, int flags); | ||
| 203 | int BIO_test_flags(const BIO *b, int flags); | ||
| 204 | void BIO_clear_flags(BIO *b, int flags); | ||
| 205 | |||
| 206 | #define BIO_get_flags(b) BIO_test_flags(b, ~(0x0)) | ||
| 162 | #define BIO_set_retry_special(b) \ | 207 | #define BIO_set_retry_special(b) \ |
| 163 | ((b)->flags|=(BIO_FLAGS_IO_SPECIAL|BIO_FLAGS_SHOULD_RETRY)) | 208 | BIO_set_flags(b, (BIO_FLAGS_IO_SPECIAL|BIO_FLAGS_SHOULD_RETRY)) |
| 164 | #define BIO_set_retry_read(b) \ | 209 | #define BIO_set_retry_read(b) \ |
| 165 | ((b)->flags|=(BIO_FLAGS_READ|BIO_FLAGS_SHOULD_RETRY)) | 210 | BIO_set_flags(b, (BIO_FLAGS_READ|BIO_FLAGS_SHOULD_RETRY)) |
| 166 | #define BIO_set_retry_write(b) \ | 211 | #define BIO_set_retry_write(b) \ |
| 167 | ((b)->flags|=(BIO_FLAGS_WRITE|BIO_FLAGS_SHOULD_RETRY)) | 212 | BIO_set_flags(b, (BIO_FLAGS_WRITE|BIO_FLAGS_SHOULD_RETRY)) |
| 168 | 213 | ||
| 169 | /* These are normally used internally in BIOs */ | 214 | /* These are normally used internally in BIOs */ |
| 170 | #define BIO_clear_flags(b,f) ((b)->flags&= ~(f)) | ||
| 171 | #define BIO_clear_retry_flags(b) \ | 215 | #define BIO_clear_retry_flags(b) \ |
| 172 | ((b)->flags&= ~(BIO_FLAGS_RWS|BIO_FLAGS_SHOULD_RETRY)) | 216 | BIO_clear_flags(b, (BIO_FLAGS_RWS|BIO_FLAGS_SHOULD_RETRY)) |
| 173 | #define BIO_get_retry_flags(b) \ | 217 | #define BIO_get_retry_flags(b) \ |
| 174 | ((b)->flags&(BIO_FLAGS_RWS|BIO_FLAGS_SHOULD_RETRY)) | 218 | BIO_test_flags(b, (BIO_FLAGS_RWS|BIO_FLAGS_SHOULD_RETRY)) |
| 175 | 219 | ||
| 176 | /* These should be used by the application to tell why we should retry */ | 220 | /* These should be used by the application to tell why we should retry */ |
| 177 | #define BIO_should_read(a) ((a)->flags & BIO_FLAGS_READ) | 221 | #define BIO_should_read(a) BIO_test_flags(a, BIO_FLAGS_READ) |
| 178 | #define BIO_should_write(a) ((a)->flags & BIO_FLAGS_WRITE) | 222 | #define BIO_should_write(a) BIO_test_flags(a, BIO_FLAGS_WRITE) |
| 179 | #define BIO_should_io_special(a) ((a)->flags & BIO_FLAGS_IO_SPECIAL) | 223 | #define BIO_should_io_special(a) BIO_test_flags(a, BIO_FLAGS_IO_SPECIAL) |
| 180 | #define BIO_retry_type(a) ((a)->flags & BIO_FLAGS_RWS) | 224 | #define BIO_retry_type(a) BIO_test_flags(a, BIO_FLAGS_RWS) |
| 181 | #define BIO_should_retry(a) ((a)->flags & BIO_FLAGS_SHOULD_RETRY) | 225 | #define BIO_should_retry(a) BIO_test_flags(a, BIO_FLAGS_SHOULD_RETRY) |
| 182 | 226 | ||
| 183 | /* The next three are used in conjunction with the | 227 | /* The next three are used in conjunction with the |
| 184 | * BIO_should_io_special() condition. After this returns true, | 228 | * BIO_should_io_special() condition. After this returns true, |
| @@ -207,14 +251,14 @@ extern "C" { | |||
| 207 | #define BIO_cb_pre(a) (!((a)&BIO_CB_RETURN)) | 251 | #define BIO_cb_pre(a) (!((a)&BIO_CB_RETURN)) |
| 208 | #define BIO_cb_post(a) ((a)&BIO_CB_RETURN) | 252 | #define BIO_cb_post(a) ((a)&BIO_CB_RETURN) |
| 209 | 253 | ||
| 210 | #define BIO_set_callback(b,cb) ((b)->callback=(cb)) | 254 | long (*BIO_get_callback(const BIO *b)) (struct bio_st *,int,const char *,int, long,long); |
| 211 | #define BIO_set_callback_arg(b,arg) ((b)->cb_arg=(char *)(arg)) | 255 | void BIO_set_callback(BIO *b, |
| 212 | #define BIO_get_callback_arg(b) ((b)->cb_arg) | 256 | long (*callback)(struct bio_st *,int,const char *,int, long,long)); |
| 213 | #define BIO_get_callback(b) ((b)->callback) | 257 | char *BIO_get_callback_arg(const BIO *b); |
| 214 | #define BIO_method_name(b) ((b)->method->name) | 258 | void BIO_set_callback_arg(BIO *b, char *arg); |
| 215 | #define BIO_method_type(b) ((b)->method->type) | ||
| 216 | 259 | ||
| 217 | typedef struct bio_st BIO; | 260 | const char * BIO_method_name(const BIO *b); |
| 261 | int BIO_method_type(const BIO *b); | ||
| 218 | 262 | ||
| 219 | typedef void bio_info_cb(struct bio_st *, int, const char *, int, long, long); | 263 | typedef void bio_info_cb(struct bio_st *, int, const char *, int, long, long); |
| 220 | 264 | ||
| @@ -488,6 +532,18 @@ size_t BIO_ctrl_get_write_guarantee(BIO *b); | |||
| 488 | size_t BIO_ctrl_get_read_request(BIO *b); | 532 | size_t BIO_ctrl_get_read_request(BIO *b); |
| 489 | int BIO_ctrl_reset_read_request(BIO *b); | 533 | int BIO_ctrl_reset_read_request(BIO *b); |
| 490 | 534 | ||
| 535 | /* ctrl macros for dgram */ | ||
| 536 | #define BIO_ctrl_dgram_connect(b,peer) \ | ||
| 537 | (int)BIO_ctrl(b,BIO_CTRL_DGRAM_CONNECT,0, (char *)peer) | ||
| 538 | #define BIO_ctrl_set_connected(b, state, peer) \ | ||
| 539 | (int)BIO_ctrl(b, BIO_CTRL_DGRAM_SET_CONNECTED, state, (char *)peer) | ||
| 540 | #define BIO_dgram_recv_timedout(b) \ | ||
| 541 | (int)BIO_ctrl(b, BIO_CTRL_DGRAM_GET_RECV_TIMER_EXP, 0, NULL) | ||
| 542 | #define BIO_dgram_send_timedout(b) \ | ||
| 543 | (int)BIO_ctrl(b, BIO_CTRL_DGRAM_GET_SEND_TIMER_EXP, 0, NULL) | ||
| 544 | #define BIO_dgram_set_peer(b,peer) \ | ||
| 545 | (int)BIO_ctrl(b, BIO_CTRL_DGRAM_SET_PEER, 0, (char *)peer) | ||
| 546 | |||
| 491 | /* These two aren't currently implemented */ | 547 | /* These two aren't currently implemented */ |
| 492 | /* int BIO_get_ex_num(BIO *bio); */ | 548 | /* int BIO_get_ex_num(BIO *bio); */ |
| 493 | /* void BIO_set_ex_free_func(BIO *bio,int idx,void (*cb)()); */ | 549 | /* void BIO_set_ex_free_func(BIO *bio,int idx,void (*cb)()); */ |
| @@ -567,15 +623,28 @@ BIO_METHOD *BIO_f_buffer(void); | |||
| 567 | BIO_METHOD *BIO_f_linebuffer(void); | 623 | BIO_METHOD *BIO_f_linebuffer(void); |
| 568 | #endif | 624 | #endif |
| 569 | BIO_METHOD *BIO_f_nbio_test(void); | 625 | BIO_METHOD *BIO_f_nbio_test(void); |
| 626 | #ifndef OPENSSL_NO_DGRAM | ||
| 627 | BIO_METHOD *BIO_s_datagram(void); | ||
| 628 | #endif | ||
| 629 | |||
| 570 | /* BIO_METHOD *BIO_f_ber(void); */ | 630 | /* BIO_METHOD *BIO_f_ber(void); */ |
| 571 | 631 | ||
| 572 | int BIO_sock_should_retry(int i); | 632 | int BIO_sock_should_retry(int i); |
| 573 | int BIO_sock_non_fatal_error(int error); | 633 | int BIO_sock_non_fatal_error(int error); |
| 634 | int BIO_dgram_non_fatal_error(int error); | ||
| 635 | |||
| 574 | int BIO_fd_should_retry(int i); | 636 | int BIO_fd_should_retry(int i); |
| 575 | int BIO_fd_non_fatal_error(int error); | 637 | int BIO_fd_non_fatal_error(int error); |
| 638 | int BIO_dump_cb(int (*cb)(const void *data, size_t len, void *u), | ||
| 639 | void *u, const char *s, int len); | ||
| 640 | int BIO_dump_indent_cb(int (*cb)(const void *data, size_t len, void *u), | ||
| 641 | void *u, const char *s, int len, int indent); | ||
| 576 | int BIO_dump(BIO *b,const char *bytes,int len); | 642 | int BIO_dump(BIO *b,const char *bytes,int len); |
| 577 | int BIO_dump_indent(BIO *b,const char *bytes,int len,int indent); | 643 | int BIO_dump_indent(BIO *b,const char *bytes,int len,int indent); |
| 578 | 644 | #ifndef OPENSSL_NO_FP_API | |
| 645 | int BIO_dump_fp(FILE *fp, const char *s, int len); | ||
| 646 | int BIO_dump_indent_fp(FILE *fp, const char *s, int len, int indent); | ||
| 647 | #endif | ||
| 579 | struct hostent *BIO_gethostbyname(const char *name); | 648 | struct hostent *BIO_gethostbyname(const char *name); |
| 580 | /* We might want a thread-safe interface too: | 649 | /* We might want a thread-safe interface too: |
| 581 | * struct hostent *BIO_gethostbyname_r(const char *name, | 650 | * struct hostent *BIO_gethostbyname_r(const char *name, |
| @@ -597,6 +666,7 @@ void BIO_sock_cleanup(void); | |||
| 597 | int BIO_set_tcp_ndelay(int sock,int turn_on); | 666 | int BIO_set_tcp_ndelay(int sock,int turn_on); |
| 598 | 667 | ||
| 599 | BIO *BIO_new_socket(int sock, int close_flag); | 668 | BIO *BIO_new_socket(int sock, int close_flag); |
| 669 | BIO *BIO_new_dgram(int fd, int close_flag); | ||
| 600 | BIO *BIO_new_fd(int fd, int close_flag); | 670 | BIO *BIO_new_fd(int fd, int close_flag); |
| 601 | BIO *BIO_new_connect(char *host_port); | 671 | BIO *BIO_new_connect(char *host_port); |
| 602 | BIO *BIO_new_accept(char *host_port); | 672 | BIO *BIO_new_accept(char *host_port); |
| @@ -612,10 +682,20 @@ void BIO_copy_next_retry(BIO *b); | |||
| 612 | 682 | ||
| 613 | /*long BIO_ghbn_ctrl(int cmd,int iarg,char *parg);*/ | 683 | /*long BIO_ghbn_ctrl(int cmd,int iarg,char *parg);*/ |
| 614 | 684 | ||
| 615 | int BIO_printf(BIO *bio, const char *format, ...); | 685 | #ifdef __GNUC__ |
| 616 | int BIO_vprintf(BIO *bio, const char *format, va_list args); | 686 | # define __bio_h__attr__ __attribute__ |
| 617 | int BIO_snprintf(char *buf, size_t n, const char *format, ...); | 687 | #else |
| 618 | int BIO_vsnprintf(char *buf, size_t n, const char *format, va_list args); | 688 | # define __bio_h__attr__(x) |
| 689 | #endif | ||
| 690 | int BIO_printf(BIO *bio, const char *format, ...) | ||
| 691 | __bio_h__attr__((__format__(__printf__,2,3))); | ||
| 692 | int BIO_vprintf(BIO *bio, const char *format, va_list args) | ||
| 693 | __bio_h__attr__((__format__(__printf__,2,0))); | ||
| 694 | int BIO_snprintf(char *buf, size_t n, const char *format, ...) | ||
| 695 | __bio_h__attr__((__format__(__printf__,3,4))); | ||
| 696 | int BIO_vsnprintf(char *buf, size_t n, const char *format, va_list args) | ||
| 697 | __bio_h__attr__((__format__(__printf__,3,0))); | ||
| 698 | #undef __bio_h__attr__ | ||
| 619 | 699 | ||
| 620 | /* BEGIN ERROR CODES */ | 700 | /* BEGIN ERROR CODES */ |
| 621 | /* The following lines are auto generated by the script mkerr.pl. Any changes | 701 | /* The following lines are auto generated by the script mkerr.pl. Any changes |
| @@ -629,6 +709,7 @@ void ERR_load_BIO_strings(void); | |||
| 629 | #define BIO_F_ACPT_STATE 100 | 709 | #define BIO_F_ACPT_STATE 100 |
| 630 | #define BIO_F_BIO_ACCEPT 101 | 710 | #define BIO_F_BIO_ACCEPT 101 |
| 631 | #define BIO_F_BIO_BER_GET_HEADER 102 | 711 | #define BIO_F_BIO_BER_GET_HEADER 102 |
| 712 | #define BIO_F_BIO_CALLBACK_CTRL 131 | ||
| 632 | #define BIO_F_BIO_CTRL 103 | 713 | #define BIO_F_BIO_CTRL 103 |
| 633 | #define BIO_F_BIO_GETHOSTBYNAME 120 | 714 | #define BIO_F_BIO_GETHOSTBYNAME 120 |
| 634 | #define BIO_F_BIO_GETS 104 | 715 | #define BIO_F_BIO_GETS 104 |
diff --git a/src/lib/libssl/src/crypto/bio/bio_err.c b/src/lib/libssl/src/crypto/bio/bio_err.c index 8859a58ae4..6603f1c74d 100644 --- a/src/lib/libssl/src/crypto/bio/bio_err.c +++ b/src/lib/libssl/src/crypto/bio/bio_err.c | |||
| @@ -73,6 +73,7 @@ static ERR_STRING_DATA BIO_str_functs[]= | |||
| 73 | {ERR_FUNC(BIO_F_ACPT_STATE), "ACPT_STATE"}, | 73 | {ERR_FUNC(BIO_F_ACPT_STATE), "ACPT_STATE"}, |
| 74 | {ERR_FUNC(BIO_F_BIO_ACCEPT), "BIO_accept"}, | 74 | {ERR_FUNC(BIO_F_BIO_ACCEPT), "BIO_accept"}, |
| 75 | {ERR_FUNC(BIO_F_BIO_BER_GET_HEADER), "BIO_BER_GET_HEADER"}, | 75 | {ERR_FUNC(BIO_F_BIO_BER_GET_HEADER), "BIO_BER_GET_HEADER"}, |
| 76 | {ERR_FUNC(BIO_F_BIO_CALLBACK_CTRL), "BIO_callback_ctrl"}, | ||
| 76 | {ERR_FUNC(BIO_F_BIO_CTRL), "BIO_ctrl"}, | 77 | {ERR_FUNC(BIO_F_BIO_CTRL), "BIO_ctrl"}, |
| 77 | {ERR_FUNC(BIO_F_BIO_GETHOSTBYNAME), "BIO_gethostbyname"}, | 78 | {ERR_FUNC(BIO_F_BIO_GETHOSTBYNAME), "BIO_gethostbyname"}, |
| 78 | {ERR_FUNC(BIO_F_BIO_GETS), "BIO_gets"}, | 79 | {ERR_FUNC(BIO_F_BIO_GETS), "BIO_gets"}, |
| @@ -142,15 +143,12 @@ static ERR_STRING_DATA BIO_str_reasons[]= | |||
| 142 | 143 | ||
| 143 | void ERR_load_BIO_strings(void) | 144 | void ERR_load_BIO_strings(void) |
| 144 | { | 145 | { |
| 145 | static int init=1; | 146 | #ifndef OPENSSL_NO_ERR |
| 146 | 147 | ||
| 147 | if (init) | 148 | if (ERR_func_error_string(BIO_str_functs[0].error) == NULL) |
| 148 | { | 149 | { |
| 149 | init=0; | ||
| 150 | #ifndef OPENSSL_NO_ERR | ||
| 151 | ERR_load_strings(0,BIO_str_functs); | 150 | ERR_load_strings(0,BIO_str_functs); |
| 152 | ERR_load_strings(0,BIO_str_reasons); | 151 | ERR_load_strings(0,BIO_str_reasons); |
| 153 | #endif | ||
| 154 | |||
| 155 | } | 152 | } |
| 153 | #endif | ||
| 156 | } | 154 | } |
diff --git a/src/lib/libssl/src/crypto/bio/bio_lib.c b/src/lib/libssl/src/crypto/bio/bio_lib.c index 692c8fb5c6..3f52ae953c 100644 --- a/src/lib/libssl/src/crypto/bio/bio_lib.c +++ b/src/lib/libssl/src/crypto/bio/bio_lib.c | |||
| @@ -141,10 +141,56 @@ int BIO_free(BIO *a) | |||
| 141 | void BIO_vfree(BIO *a) | 141 | void BIO_vfree(BIO *a) |
| 142 | { BIO_free(a); } | 142 | { BIO_free(a); } |
| 143 | 143 | ||
| 144 | void BIO_clear_flags(BIO *b, int flags) | ||
| 145 | { | ||
| 146 | b->flags &= ~flags; | ||
| 147 | } | ||
| 148 | |||
| 149 | int BIO_test_flags(const BIO *b, int flags) | ||
| 150 | { | ||
| 151 | return (b->flags & flags); | ||
| 152 | } | ||
| 153 | |||
| 154 | void BIO_set_flags(BIO *b, int flags) | ||
| 155 | { | ||
| 156 | b->flags |= flags; | ||
| 157 | } | ||
| 158 | |||
| 159 | long (*BIO_get_callback(const BIO *b))(struct bio_st *,int,const char *,int, long,long) | ||
| 160 | { | ||
| 161 | return b->callback; | ||
| 162 | } | ||
| 163 | |||
| 164 | void BIO_set_callback(BIO *b, long (*cb)(struct bio_st *,int,const char *,int, long,long)) | ||
| 165 | { | ||
| 166 | b->callback = cb; | ||
| 167 | } | ||
| 168 | |||
| 169 | void BIO_set_callback_arg(BIO *b, char *arg) | ||
| 170 | { | ||
| 171 | b->cb_arg = arg; | ||
| 172 | } | ||
| 173 | |||
| 174 | char * BIO_get_callback_arg(const BIO *b) | ||
| 175 | { | ||
| 176 | return b->cb_arg; | ||
| 177 | } | ||
| 178 | |||
| 179 | const char * BIO_method_name(const BIO *b) | ||
| 180 | { | ||
| 181 | return b->method->name; | ||
| 182 | } | ||
| 183 | |||
| 184 | int BIO_method_type(const BIO *b) | ||
| 185 | { | ||
| 186 | return b->method->type; | ||
| 187 | } | ||
| 188 | |||
| 189 | |||
| 144 | int BIO_read(BIO *b, void *out, int outl) | 190 | int BIO_read(BIO *b, void *out, int outl) |
| 145 | { | 191 | { |
| 146 | int i; | 192 | int i; |
| 147 | long (*cb)(); | 193 | long (*cb)(BIO *,int,const char *,int,long,long); |
| 148 | 194 | ||
| 149 | if ((b == NULL) || (b->method == NULL) || (b->method->bread == NULL)) | 195 | if ((b == NULL) || (b->method == NULL) || (b->method->bread == NULL)) |
| 150 | { | 196 | { |
| @@ -176,7 +222,7 @@ int BIO_read(BIO *b, void *out, int outl) | |||
| 176 | int BIO_write(BIO *b, const void *in, int inl) | 222 | int BIO_write(BIO *b, const void *in, int inl) |
| 177 | { | 223 | { |
| 178 | int i; | 224 | int i; |
| 179 | long (*cb)(); | 225 | long (*cb)(BIO *,int,const char *,int,long,long); |
| 180 | 226 | ||
| 181 | if (b == NULL) | 227 | if (b == NULL) |
| 182 | return(0); | 228 | return(0); |
| @@ -211,7 +257,7 @@ int BIO_write(BIO *b, const void *in, int inl) | |||
| 211 | int BIO_puts(BIO *b, const char *in) | 257 | int BIO_puts(BIO *b, const char *in) |
| 212 | { | 258 | { |
| 213 | int i; | 259 | int i; |
| 214 | long (*cb)(); | 260 | long (*cb)(BIO *,int,const char *,int,long,long); |
| 215 | 261 | ||
| 216 | if ((b == NULL) || (b->method == NULL) || (b->method->bputs == NULL)) | 262 | if ((b == NULL) || (b->method == NULL) || (b->method->bputs == NULL)) |
| 217 | { | 263 | { |
| @@ -244,7 +290,7 @@ int BIO_puts(BIO *b, const char *in) | |||
| 244 | int BIO_gets(BIO *b, char *in, int inl) | 290 | int BIO_gets(BIO *b, char *in, int inl) |
| 245 | { | 291 | { |
| 246 | int i; | 292 | int i; |
| 247 | long (*cb)(); | 293 | long (*cb)(BIO *,int,const char *,int,long,long); |
| 248 | 294 | ||
| 249 | if ((b == NULL) || (b->method == NULL) || (b->method->bgets == NULL)) | 295 | if ((b == NULL) || (b->method == NULL) || (b->method->bgets == NULL)) |
| 250 | { | 296 | { |
| @@ -305,7 +351,7 @@ char *BIO_ptr_ctrl(BIO *b, int cmd, long larg) | |||
| 305 | long BIO_ctrl(BIO *b, int cmd, long larg, void *parg) | 351 | long BIO_ctrl(BIO *b, int cmd, long larg, void *parg) |
| 306 | { | 352 | { |
| 307 | long ret; | 353 | long ret; |
| 308 | long (*cb)(); | 354 | long (*cb)(BIO *,int,const char *,int,long,long); |
| 309 | 355 | ||
| 310 | if (b == NULL) return(0); | 356 | if (b == NULL) return(0); |
| 311 | 357 | ||
| @@ -332,13 +378,13 @@ long BIO_ctrl(BIO *b, int cmd, long larg, void *parg) | |||
| 332 | long BIO_callback_ctrl(BIO *b, int cmd, void (*fp)(struct bio_st *, int, const char *, int, long, long)) | 378 | long BIO_callback_ctrl(BIO *b, int cmd, void (*fp)(struct bio_st *, int, const char *, int, long, long)) |
| 333 | { | 379 | { |
| 334 | long ret; | 380 | long ret; |
| 335 | long (*cb)(); | 381 | long (*cb)(BIO *,int,const char *,int,long,long); |
| 336 | 382 | ||
| 337 | if (b == NULL) return(0); | 383 | if (b == NULL) return(0); |
| 338 | 384 | ||
| 339 | if ((b->method == NULL) || (b->method->callback_ctrl == NULL)) | 385 | if ((b->method == NULL) || (b->method->callback_ctrl == NULL)) |
| 340 | { | 386 | { |
| 341 | BIOerr(BIO_F_BIO_CTRL,BIO_R_UNSUPPORTED_METHOD); | 387 | BIOerr(BIO_F_BIO_CALLBACK_CTRL,BIO_R_UNSUPPORTED_METHOD); |
| 342 | return(-2); | 388 | return(-2); |
| 343 | } | 389 | } |
| 344 | 390 | ||
diff --git a/src/lib/libssl/src/crypto/bio/bss_acpt.c b/src/lib/libssl/src/crypto/bio/bss_acpt.c index 8ea1db158b..d090b7272f 100644 --- a/src/lib/libssl/src/crypto/bio/bss_acpt.c +++ b/src/lib/libssl/src/crypto/bio/bss_acpt.c | |||
| @@ -56,14 +56,14 @@ | |||
| 56 | * [including the GNU Public Licence.] | 56 | * [including the GNU Public Licence.] |
| 57 | */ | 57 | */ |
| 58 | 58 | ||
| 59 | #ifndef OPENSSL_NO_SOCK | ||
| 60 | |||
| 61 | #include <stdio.h> | 59 | #include <stdio.h> |
| 62 | #include <errno.h> | 60 | #include <errno.h> |
| 63 | #define USE_SOCKETS | 61 | #define USE_SOCKETS |
| 64 | #include "cryptlib.h" | 62 | #include "cryptlib.h" |
| 65 | #include <openssl/bio.h> | 63 | #include <openssl/bio.h> |
| 66 | 64 | ||
| 65 | #ifndef OPENSSL_NO_SOCK | ||
| 66 | |||
| 67 | #ifdef OPENSSL_SYS_WIN16 | 67 | #ifdef OPENSSL_SYS_WIN16 |
| 68 | #define SOCKET_PROTOCOL 0 /* more microsoft stupidity */ | 68 | #define SOCKET_PROTOCOL 0 /* more microsoft stupidity */ |
| 69 | #else | 69 | #else |
diff --git a/src/lib/libssl/src/crypto/bio/bss_conn.c b/src/lib/libssl/src/crypto/bio/bss_conn.c index 216780ed5e..c14727855b 100644 --- a/src/lib/libssl/src/crypto/bio/bss_conn.c +++ b/src/lib/libssl/src/crypto/bio/bss_conn.c | |||
| @@ -56,14 +56,14 @@ | |||
| 56 | * [including the GNU Public Licence.] | 56 | * [including the GNU Public Licence.] |
| 57 | */ | 57 | */ |
| 58 | 58 | ||
| 59 | #ifndef OPENSSL_NO_SOCK | ||
| 60 | |||
| 61 | #include <stdio.h> | 59 | #include <stdio.h> |
| 62 | #include <errno.h> | 60 | #include <errno.h> |
| 63 | #define USE_SOCKETS | 61 | #define USE_SOCKETS |
| 64 | #include "cryptlib.h" | 62 | #include "cryptlib.h" |
| 65 | #include <openssl/bio.h> | 63 | #include <openssl/bio.h> |
| 66 | 64 | ||
| 65 | #ifndef OPENSSL_NO_SOCK | ||
| 66 | |||
| 67 | #ifdef OPENSSL_SYS_WIN16 | 67 | #ifdef OPENSSL_SYS_WIN16 |
| 68 | #define SOCKET_PROTOCOL 0 /* more microsoft stupidity */ | 68 | #define SOCKET_PROTOCOL 0 /* more microsoft stupidity */ |
| 69 | #else | 69 | #else |
| @@ -130,7 +130,7 @@ static int conn_state(BIO *b, BIO_CONNECT *c) | |||
| 130 | int ret= -1,i; | 130 | int ret= -1,i; |
| 131 | unsigned long l; | 131 | unsigned long l; |
| 132 | char *p,*q; | 132 | char *p,*q; |
| 133 | int (*cb)()=NULL; | 133 | int (*cb)(const BIO *,int,int)=NULL; |
| 134 | 134 | ||
| 135 | if (c->info_callback != NULL) | 135 | if (c->info_callback != NULL) |
| 136 | cb=c->info_callback; | 136 | cb=c->info_callback; |
| @@ -590,9 +590,9 @@ static long conn_ctrl(BIO *b, int cmd, long num, void *ptr) | |||
| 590 | break; | 590 | break; |
| 591 | case BIO_CTRL_GET_CALLBACK: | 591 | case BIO_CTRL_GET_CALLBACK: |
| 592 | { | 592 | { |
| 593 | int (**fptr)(); | 593 | int (**fptr)(const BIO *bio,int state,int xret); |
| 594 | 594 | ||
| 595 | fptr=(int (**)())ptr; | 595 | fptr=(int (**)(const BIO *bio,int state,int xret))ptr; |
| 596 | *fptr=data->info_callback; | 596 | *fptr=data->info_callback; |
| 597 | } | 597 | } |
| 598 | break; | 598 | break; |
diff --git a/src/lib/libssl/src/crypto/bio/bss_fd.c b/src/lib/libssl/src/crypto/bio/bss_fd.c index 5e3e187de6..4c229bf641 100644 --- a/src/lib/libssl/src/crypto/bio/bss_fd.c +++ b/src/lib/libssl/src/crypto/bio/bss_fd.c | |||
| @@ -60,7 +60,19 @@ | |||
| 60 | #include <errno.h> | 60 | #include <errno.h> |
| 61 | #define USE_SOCKETS | 61 | #define USE_SOCKETS |
| 62 | #include "cryptlib.h" | 62 | #include "cryptlib.h" |
| 63 | #include <openssl/bio.h> | 63 | /* |
| 64 | * As for unconditional usage of "UPLINK" interface in this module. | ||
| 65 | * Trouble is that unlike Unix file descriptors [which are indexes | ||
| 66 | * in kernel-side per-process table], corresponding descriptors on | ||
| 67 | * platforms which require "UPLINK" interface seem to be indexes | ||
| 68 | * in a user-land, non-global table. Well, in fact they are indexes | ||
| 69 | * in stdio _iob[], and recall that _iob[] was the very reason why | ||
| 70 | * "UPLINK" interface was introduced in first place. But one way on | ||
| 71 | * another. Neither libcrypto or libssl use this BIO meaning that | ||
| 72 | * file descriptors can only be provided by application. Therefore | ||
| 73 | * "UPLINK" calls are due... | ||
| 74 | */ | ||
| 75 | #include "bio_lcl.h" | ||
| 64 | 76 | ||
| 65 | static int fd_write(BIO *h, const char *buf, int num); | 77 | static int fd_write(BIO *h, const char *buf, int num); |
| 66 | static int fd_read(BIO *h, char *buf, int size); | 78 | static int fd_read(BIO *h, char *buf, int size); |
| @@ -100,9 +112,9 @@ BIO *BIO_new_fd(int fd,int close_flag) | |||
| 100 | static int fd_new(BIO *bi) | 112 | static int fd_new(BIO *bi) |
| 101 | { | 113 | { |
| 102 | bi->init=0; | 114 | bi->init=0; |
| 103 | bi->num=0; | 115 | bi->num=-1; |
| 104 | bi->ptr=NULL; | 116 | bi->ptr=NULL; |
| 105 | bi->flags=0; | 117 | bi->flags=BIO_FLAGS_UPLINK; /* essentially redundant */ |
| 106 | return(1); | 118 | return(1); |
| 107 | } | 119 | } |
| 108 | 120 | ||
| @@ -113,10 +125,10 @@ static int fd_free(BIO *a) | |||
| 113 | { | 125 | { |
| 114 | if (a->init) | 126 | if (a->init) |
| 115 | { | 127 | { |
| 116 | close(a->num); | 128 | UP_close(a->num); |
| 117 | } | 129 | } |
| 118 | a->init=0; | 130 | a->init=0; |
| 119 | a->flags=0; | 131 | a->flags=BIO_FLAGS_UPLINK; |
| 120 | } | 132 | } |
| 121 | return(1); | 133 | return(1); |
| 122 | } | 134 | } |
| @@ -128,7 +140,7 @@ static int fd_read(BIO *b, char *out,int outl) | |||
| 128 | if (out != NULL) | 140 | if (out != NULL) |
| 129 | { | 141 | { |
| 130 | clear_sys_error(); | 142 | clear_sys_error(); |
| 131 | ret=read(b->num,out,outl); | 143 | ret=UP_read(b->num,out,outl); |
| 132 | BIO_clear_retry_flags(b); | 144 | BIO_clear_retry_flags(b); |
| 133 | if (ret <= 0) | 145 | if (ret <= 0) |
| 134 | { | 146 | { |
| @@ -143,7 +155,7 @@ static int fd_write(BIO *b, const char *in, int inl) | |||
| 143 | { | 155 | { |
| 144 | int ret; | 156 | int ret; |
| 145 | clear_sys_error(); | 157 | clear_sys_error(); |
| 146 | ret=write(b->num,in,inl); | 158 | ret=UP_write(b->num,in,inl); |
| 147 | BIO_clear_retry_flags(b); | 159 | BIO_clear_retry_flags(b); |
| 148 | if (ret <= 0) | 160 | if (ret <= 0) |
| 149 | { | 161 | { |
| @@ -163,11 +175,11 @@ static long fd_ctrl(BIO *b, int cmd, long num, void *ptr) | |||
| 163 | case BIO_CTRL_RESET: | 175 | case BIO_CTRL_RESET: |
| 164 | num=0; | 176 | num=0; |
| 165 | case BIO_C_FILE_SEEK: | 177 | case BIO_C_FILE_SEEK: |
| 166 | ret=(long)lseek(b->num,num,0); | 178 | ret=(long)UP_lseek(b->num,num,0); |
| 167 | break; | 179 | break; |
| 168 | case BIO_C_FILE_TELL: | 180 | case BIO_C_FILE_TELL: |
| 169 | case BIO_CTRL_INFO: | 181 | case BIO_CTRL_INFO: |
| 170 | ret=(long)lseek(b->num,0,1); | 182 | ret=(long)UP_lseek(b->num,0,1); |
| 171 | break; | 183 | break; |
| 172 | case BIO_C_SET_FD: | 184 | case BIO_C_SET_FD: |
| 173 | fd_free(b); | 185 | fd_free(b); |
diff --git a/src/lib/libssl/src/crypto/bio/bss_file.c b/src/lib/libssl/src/crypto/bio/bss_file.c index 58fade9f29..0c8c8115fa 100644 --- a/src/lib/libssl/src/crypto/bio/bss_file.c +++ b/src/lib/libssl/src/crypto/bio/bss_file.c | |||
| @@ -65,12 +65,34 @@ | |||
| 65 | #ifndef HEADER_BSS_FILE_C | 65 | #ifndef HEADER_BSS_FILE_C |
| 66 | #define HEADER_BSS_FILE_C | 66 | #define HEADER_BSS_FILE_C |
| 67 | 67 | ||
| 68 | #if defined(__linux) || defined(__sun) || defined(__hpux) | ||
| 69 | /* Following definition aliases fopen to fopen64 on above mentioned | ||
| 70 | * platforms. This makes it possible to open and sequentially access | ||
| 71 | * files larger than 2GB from 32-bit application. It does not allow to | ||
| 72 | * traverse them beyond 2GB with fseek/ftell, but on the other hand *no* | ||
| 73 | * 32-bit platform permits that, not with fseek/ftell. Not to mention | ||
| 74 | * that breaking 2GB limit for seeking would require surgery to *our* | ||
| 75 | * API. But sequential access suffices for practical cases when you | ||
| 76 | * can run into large files, such as fingerprinting, so we can let API | ||
| 77 | * alone. For reference, the list of 32-bit platforms which allow for | ||
| 78 | * sequential access of large files without extra "magic" comprise *BSD, | ||
| 79 | * Darwin, IRIX... | ||
| 80 | */ | ||
| 81 | #ifndef _FILE_OFFSET_BITS | ||
| 82 | #define _FILE_OFFSET_BITS 64 | ||
| 83 | #endif | ||
| 84 | #endif | ||
| 85 | |||
| 68 | #include <stdio.h> | 86 | #include <stdio.h> |
| 69 | #include <errno.h> | 87 | #include <errno.h> |
| 70 | #include "cryptlib.h" | 88 | #include "cryptlib.h" |
| 71 | #include <openssl/bio.h> | 89 | #include "bio_lcl.h" |
| 72 | #include <openssl/err.h> | 90 | #include <openssl/err.h> |
| 73 | 91 | ||
| 92 | #if defined(OPENSSL_SYS_NETWARE) && defined(NETWARE_CLIB) | ||
| 93 | #include <nwfileio.h> | ||
| 94 | #endif | ||
| 95 | |||
| 74 | #if !defined(OPENSSL_NO_STDIO) | 96 | #if !defined(OPENSSL_NO_STDIO) |
| 75 | 97 | ||
| 76 | static int MS_CALLBACK file_write(BIO *h, const char *buf, int num); | 98 | static int MS_CALLBACK file_write(BIO *h, const char *buf, int num); |
| @@ -110,8 +132,12 @@ BIO *BIO_new_file(const char *filename, const char *mode) | |||
| 110 | return(NULL); | 132 | return(NULL); |
| 111 | } | 133 | } |
| 112 | if ((ret=BIO_new(BIO_s_file_internal())) == NULL) | 134 | if ((ret=BIO_new(BIO_s_file_internal())) == NULL) |
| 135 | { | ||
| 136 | fclose(file); | ||
| 113 | return(NULL); | 137 | return(NULL); |
| 138 | } | ||
| 114 | 139 | ||
| 140 | BIO_clear_flags(ret,BIO_FLAGS_UPLINK); /* we did fopen -> we disengage UPLINK */ | ||
| 115 | BIO_set_fp(ret,file,BIO_CLOSE); | 141 | BIO_set_fp(ret,file,BIO_CLOSE); |
| 116 | return(ret); | 142 | return(ret); |
| 117 | } | 143 | } |
| @@ -123,6 +149,7 @@ BIO *BIO_new_fp(FILE *stream, int close_flag) | |||
| 123 | if ((ret=BIO_new(BIO_s_file())) == NULL) | 149 | if ((ret=BIO_new(BIO_s_file())) == NULL) |
| 124 | return(NULL); | 150 | return(NULL); |
| 125 | 151 | ||
| 152 | BIO_set_flags(ret,BIO_FLAGS_UPLINK); /* redundant, left for documentation puposes */ | ||
| 126 | BIO_set_fp(ret,stream,close_flag); | 153 | BIO_set_fp(ret,stream,close_flag); |
| 127 | return(ret); | 154 | return(ret); |
| 128 | } | 155 | } |
| @@ -137,6 +164,7 @@ static int MS_CALLBACK file_new(BIO *bi) | |||
| 137 | bi->init=0; | 164 | bi->init=0; |
| 138 | bi->num=0; | 165 | bi->num=0; |
| 139 | bi->ptr=NULL; | 166 | bi->ptr=NULL; |
| 167 | bi->flags=BIO_FLAGS_UPLINK; /* default to UPLINK */ | ||
| 140 | return(1); | 168 | return(1); |
| 141 | } | 169 | } |
| 142 | 170 | ||
| @@ -147,8 +175,12 @@ static int MS_CALLBACK file_free(BIO *a) | |||
| 147 | { | 175 | { |
| 148 | if ((a->init) && (a->ptr != NULL)) | 176 | if ((a->init) && (a->ptr != NULL)) |
| 149 | { | 177 | { |
| 150 | fclose((FILE *)a->ptr); | 178 | if (a->flags&BIO_FLAGS_UPLINK) |
| 179 | UP_fclose (a->ptr); | ||
| 180 | else | ||
| 181 | fclose (a->ptr); | ||
| 151 | a->ptr=NULL; | 182 | a->ptr=NULL; |
| 183 | a->flags=BIO_FLAGS_UPLINK; | ||
| 152 | } | 184 | } |
| 153 | a->init=0; | 185 | a->init=0; |
| 154 | } | 186 | } |
| @@ -161,8 +193,11 @@ static int MS_CALLBACK file_read(BIO *b, char *out, int outl) | |||
| 161 | 193 | ||
| 162 | if (b->init && (out != NULL)) | 194 | if (b->init && (out != NULL)) |
| 163 | { | 195 | { |
| 164 | ret=fread(out,1,(int)outl,(FILE *)b->ptr); | 196 | if (b->flags&BIO_FLAGS_UPLINK) |
| 165 | if(ret == 0 && ferror((FILE *)b->ptr)) | 197 | ret=UP_fread(out,1,(int)outl,b->ptr); |
| 198 | else | ||
| 199 | ret=fread(out,1,(int)outl,(FILE *)b->ptr); | ||
| 200 | if(ret == 0 && (b->flags&BIO_FLAGS_UPLINK)?UP_ferror((FILE *)b->ptr):ferror((FILE *)b->ptr)) | ||
| 166 | { | 201 | { |
| 167 | SYSerr(SYS_F_FREAD,get_last_sys_error()); | 202 | SYSerr(SYS_F_FREAD,get_last_sys_error()); |
| 168 | BIOerr(BIO_F_FILE_READ,ERR_R_SYS_LIB); | 203 | BIOerr(BIO_F_FILE_READ,ERR_R_SYS_LIB); |
| @@ -178,7 +213,11 @@ static int MS_CALLBACK file_write(BIO *b, const char *in, int inl) | |||
| 178 | 213 | ||
| 179 | if (b->init && (in != NULL)) | 214 | if (b->init && (in != NULL)) |
| 180 | { | 215 | { |
| 181 | if (fwrite(in,(int)inl,1,(FILE *)b->ptr)) | 216 | if (b->flags&BIO_FLAGS_UPLINK) |
| 217 | ret=UP_fwrite(in,(int)inl,1,b->ptr); | ||
| 218 | else | ||
| 219 | ret=fwrite(in,(int)inl,1,(FILE *)b->ptr); | ||
| 220 | if (ret) | ||
| 182 | ret=inl; | 221 | ret=inl; |
| 183 | /* ret=fwrite(in,1,(int)inl,(FILE *)b->ptr); */ | 222 | /* ret=fwrite(in,1,(int)inl,(FILE *)b->ptr); */ |
| 184 | /* according to Tim Hudson <tjh@cryptsoft.com>, the commented | 223 | /* according to Tim Hudson <tjh@cryptsoft.com>, the commented |
| @@ -199,20 +238,45 @@ static long MS_CALLBACK file_ctrl(BIO *b, int cmd, long num, void *ptr) | |||
| 199 | { | 238 | { |
| 200 | case BIO_C_FILE_SEEK: | 239 | case BIO_C_FILE_SEEK: |
| 201 | case BIO_CTRL_RESET: | 240 | case BIO_CTRL_RESET: |
| 202 | ret=(long)fseek(fp,num,SEEK_SET); | 241 | if (b->flags&BIO_FLAGS_UPLINK) |
| 242 | ret=(long)UP_fseek(b->ptr,num,0); | ||
| 243 | else | ||
| 244 | ret=(long)fseek(fp,num,SEEK_SET); | ||
| 203 | break; | 245 | break; |
| 204 | case BIO_CTRL_EOF: | 246 | case BIO_CTRL_EOF: |
| 205 | ret=(long)feof(fp); | 247 | if (b->flags&BIO_FLAGS_UPLINK) |
| 248 | ret=(long)UP_feof(fp); | ||
| 249 | else | ||
| 250 | ret=(long)feof(fp); | ||
| 206 | break; | 251 | break; |
| 207 | case BIO_C_FILE_TELL: | 252 | case BIO_C_FILE_TELL: |
| 208 | case BIO_CTRL_INFO: | 253 | case BIO_CTRL_INFO: |
| 209 | ret=ftell(fp); | 254 | if (b->flags&BIO_FLAGS_UPLINK) |
| 255 | ret=UP_ftell(b->ptr); | ||
| 256 | else | ||
| 257 | ret=ftell(fp); | ||
| 210 | break; | 258 | break; |
| 211 | case BIO_C_SET_FILE_PTR: | 259 | case BIO_C_SET_FILE_PTR: |
| 212 | file_free(b); | 260 | file_free(b); |
| 213 | b->shutdown=(int)num&BIO_CLOSE; | 261 | b->shutdown=(int)num&BIO_CLOSE; |
| 214 | b->ptr=(char *)ptr; | 262 | b->ptr=ptr; |
| 215 | b->init=1; | 263 | b->init=1; |
| 264 | #if BIO_FLAGS_UPLINK!=0 | ||
| 265 | #if defined(__MINGW32__) && defined(__MSVCRT__) && !defined(_IOB_ENTRIES) | ||
| 266 | #define _IOB_ENTRIES 20 | ||
| 267 | #endif | ||
| 268 | #if defined(_IOB_ENTRIES) | ||
| 269 | /* Safety net to catch purely internal BIO_set_fp calls */ | ||
| 270 | if ((size_t)ptr >= (size_t)stdin && | ||
| 271 | (size_t)ptr < (size_t)(stdin+_IOB_ENTRIES)) | ||
| 272 | BIO_clear_flags(b,BIO_FLAGS_UPLINK); | ||
| 273 | #endif | ||
| 274 | #endif | ||
| 275 | #ifdef UP_fsetmode | ||
| 276 | if (b->flags&BIO_FLAGS_UPLINK) | ||
| 277 | UP_fsetmode(b->ptr,num&BIO_FP_TEXT?'t':'b'); | ||
| 278 | else | ||
| 279 | #endif | ||
| 216 | { | 280 | { |
| 217 | #if defined(OPENSSL_SYS_WINDOWS) | 281 | #if defined(OPENSSL_SYS_WINDOWS) |
| 218 | int fd = fileno((FILE*)ptr); | 282 | int fd = fileno((FILE*)ptr); |
| @@ -220,6 +284,14 @@ static long MS_CALLBACK file_ctrl(BIO *b, int cmd, long num, void *ptr) | |||
| 220 | _setmode(fd,_O_TEXT); | 284 | _setmode(fd,_O_TEXT); |
| 221 | else | 285 | else |
| 222 | _setmode(fd,_O_BINARY); | 286 | _setmode(fd,_O_BINARY); |
| 287 | #elif defined(OPENSSL_SYS_NETWARE) && defined(NETWARE_CLIB) | ||
| 288 | int fd = fileno((FILE*)ptr); | ||
| 289 | /* Under CLib there are differences in file modes | ||
| 290 | */ | ||
| 291 | if (num & BIO_FP_TEXT) | ||
| 292 | setmode(fd,O_TEXT); | ||
| 293 | else | ||
| 294 | setmode(fd,O_BINARY); | ||
| 223 | #elif defined(OPENSSL_SYS_MSDOS) | 295 | #elif defined(OPENSSL_SYS_MSDOS) |
| 224 | int fd = fileno((FILE*)ptr); | 296 | int fd = fileno((FILE*)ptr); |
| 225 | /* Set correct text/binary mode */ | 297 | /* Set correct text/binary mode */ |
| @@ -272,6 +344,12 @@ static long MS_CALLBACK file_ctrl(BIO *b, int cmd, long num, void *ptr) | |||
| 272 | else | 344 | else |
| 273 | strcat(p,"t"); | 345 | strcat(p,"t"); |
| 274 | #endif | 346 | #endif |
| 347 | #if defined(OPENSSL_SYS_NETWARE) | ||
| 348 | if (!(num & BIO_FP_TEXT)) | ||
| 349 | strcat(p,"b"); | ||
| 350 | else | ||
| 351 | strcat(p,"t"); | ||
| 352 | #endif | ||
| 275 | fp=fopen(ptr,p); | 353 | fp=fopen(ptr,p); |
| 276 | if (fp == NULL) | 354 | if (fp == NULL) |
| 277 | { | 355 | { |
| @@ -281,8 +359,9 @@ static long MS_CALLBACK file_ctrl(BIO *b, int cmd, long num, void *ptr) | |||
| 281 | ret=0; | 359 | ret=0; |
| 282 | break; | 360 | break; |
| 283 | } | 361 | } |
| 284 | b->ptr=(char *)fp; | 362 | b->ptr=fp; |
| 285 | b->init=1; | 363 | b->init=1; |
| 364 | BIO_clear_flags(b,BIO_FLAGS_UPLINK); /* we did fopen -> we disengage UPLINK */ | ||
| 286 | break; | 365 | break; |
| 287 | case BIO_C_GET_FILE_PTR: | 366 | case BIO_C_GET_FILE_PTR: |
| 288 | /* the ptr parameter is actually a FILE ** in this case. */ | 367 | /* the ptr parameter is actually a FILE ** in this case. */ |
| @@ -299,7 +378,10 @@ static long MS_CALLBACK file_ctrl(BIO *b, int cmd, long num, void *ptr) | |||
| 299 | b->shutdown=(int)num; | 378 | b->shutdown=(int)num; |
| 300 | break; | 379 | break; |
| 301 | case BIO_CTRL_FLUSH: | 380 | case BIO_CTRL_FLUSH: |
| 302 | fflush((FILE *)b->ptr); | 381 | if (b->flags&BIO_FLAGS_UPLINK) |
| 382 | UP_fflush(b->ptr); | ||
| 383 | else | ||
| 384 | fflush((FILE *)b->ptr); | ||
| 303 | break; | 385 | break; |
| 304 | case BIO_CTRL_DUP: | 386 | case BIO_CTRL_DUP: |
| 305 | ret=1; | 387 | ret=1; |
| @@ -321,7 +403,10 @@ static int MS_CALLBACK file_gets(BIO *bp, char *buf, int size) | |||
| 321 | int ret=0; | 403 | int ret=0; |
| 322 | 404 | ||
| 323 | buf[0]='\0'; | 405 | buf[0]='\0'; |
| 324 | fgets(buf,size,(FILE *)bp->ptr); | 406 | if (bp->flags&BIO_FLAGS_UPLINK) |
| 407 | UP_fgets(buf,size,bp->ptr); | ||
| 408 | else | ||
| 409 | fgets(buf,size,(FILE *)bp->ptr); | ||
| 325 | if (buf[0] != '\0') | 410 | if (buf[0] != '\0') |
| 326 | ret=strlen(buf); | 411 | ret=strlen(buf); |
| 327 | return(ret); | 412 | return(ret); |
diff --git a/src/lib/libssl/src/crypto/bio/bss_log.c b/src/lib/libssl/src/crypto/bio/bss_log.c index 1eb678cac0..6360dbc820 100644 --- a/src/lib/libssl/src/crypto/bio/bss_log.c +++ b/src/lib/libssl/src/crypto/bio/bss_log.c | |||
| @@ -78,6 +78,8 @@ | |||
| 78 | # include <starlet.h> | 78 | # include <starlet.h> |
| 79 | #elif defined(__ultrix) | 79 | #elif defined(__ultrix) |
| 80 | # include <sys/syslog.h> | 80 | # include <sys/syslog.h> |
| 81 | #elif defined(OPENSSL_SYS_NETWARE) | ||
| 82 | # define NO_SYSLOG | ||
| 81 | #elif (!defined(MSDOS) || defined(WATT32)) && !defined(OPENSSL_SYS_VXWORKS) && !defined(NO_SYSLOG) | 83 | #elif (!defined(MSDOS) || defined(WATT32)) && !defined(OPENSSL_SYS_VXWORKS) && !defined(NO_SYSLOG) |
| 82 | # include <syslog.h> | 84 | # include <syslog.h> |
| 83 | #endif | 85 | #endif |
diff --git a/src/lib/libssl/src/crypto/bio/bss_sock.c b/src/lib/libssl/src/crypto/bio/bss_sock.c index 2c1c405ec7..472dd75821 100644 --- a/src/lib/libssl/src/crypto/bio/bss_sock.c +++ b/src/lib/libssl/src/crypto/bio/bss_sock.c | |||
| @@ -56,8 +56,6 @@ | |||
| 56 | * [including the GNU Public Licence.] | 56 | * [including the GNU Public Licence.] |
| 57 | */ | 57 | */ |
| 58 | 58 | ||
| 59 | #ifndef OPENSSL_NO_SOCK | ||
| 60 | |||
| 61 | #include <stdio.h> | 59 | #include <stdio.h> |
| 62 | #include <errno.h> | 60 | #include <errno.h> |
| 63 | #define USE_SOCKETS | 61 | #define USE_SOCKETS |
| @@ -248,7 +246,7 @@ int BIO_sock_non_fatal_error(int err) | |||
| 248 | { | 246 | { |
| 249 | switch (err) | 247 | switch (err) |
| 250 | { | 248 | { |
| 251 | #if defined(OPENSSL_SYS_WINDOWS) | 249 | #if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_NETWARE) |
| 252 | # if defined(WSAEWOULDBLOCK) | 250 | # if defined(WSAEWOULDBLOCK) |
| 253 | case WSAEWOULDBLOCK: | 251 | case WSAEWOULDBLOCK: |
| 254 | # endif | 252 | # endif |
| @@ -279,7 +277,7 @@ int BIO_sock_non_fatal_error(int err) | |||
| 279 | #endif | 277 | #endif |
| 280 | 278 | ||
| 281 | #ifdef EAGAIN | 279 | #ifdef EAGAIN |
| 282 | #if EWOULDBLOCK != EAGAIN | 280 | # if EWOULDBLOCK != EAGAIN |
| 283 | case EAGAIN: | 281 | case EAGAIN: |
| 284 | # endif | 282 | # endif |
| 285 | #endif | 283 | #endif |
| @@ -302,4 +300,3 @@ int BIO_sock_non_fatal_error(int err) | |||
| 302 | } | 300 | } |
| 303 | return(0); | 301 | return(0); |
| 304 | } | 302 | } |
| 305 | #endif | ||
diff --git a/src/lib/libssl/src/crypto/bn/asm/bn-586.pl b/src/lib/libssl/src/crypto/bn/asm/bn-586.pl index c4de4a2bee..26c2685a72 100644 --- a/src/lib/libssl/src/crypto/bn/asm/bn-586.pl +++ b/src/lib/libssl/src/crypto/bn/asm/bn-586.pl | |||
| @@ -5,13 +5,18 @@ require "x86asm.pl"; | |||
| 5 | 5 | ||
| 6 | &asm_init($ARGV[0],$0); | 6 | &asm_init($ARGV[0],$0); |
| 7 | 7 | ||
| 8 | $sse2=0; | ||
| 9 | for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); } | ||
| 10 | |||
| 11 | &external_label("OPENSSL_ia32cap_P") if ($sse2); | ||
| 12 | |||
| 8 | &bn_mul_add_words("bn_mul_add_words"); | 13 | &bn_mul_add_words("bn_mul_add_words"); |
| 9 | &bn_mul_words("bn_mul_words"); | 14 | &bn_mul_words("bn_mul_words"); |
| 10 | &bn_sqr_words("bn_sqr_words"); | 15 | &bn_sqr_words("bn_sqr_words"); |
| 11 | &bn_div_words("bn_div_words"); | 16 | &bn_div_words("bn_div_words"); |
| 12 | &bn_add_words("bn_add_words"); | 17 | &bn_add_words("bn_add_words"); |
| 13 | &bn_sub_words("bn_sub_words"); | 18 | &bn_sub_words("bn_sub_words"); |
| 14 | #&bn_sub_part_words("bn_sub_part_words"); | 19 | &bn_sub_part_words("bn_sub_part_words"); |
| 15 | 20 | ||
| 16 | &asm_finish(); | 21 | &asm_finish(); |
| 17 | 22 | ||
| @@ -19,7 +24,7 @@ sub bn_mul_add_words | |||
| 19 | { | 24 | { |
| 20 | local($name)=@_; | 25 | local($name)=@_; |
| 21 | 26 | ||
| 22 | &function_begin($name,""); | 27 | &function_begin($name,$sse2?"EXTRN\t_OPENSSL_ia32cap_P:DWORD":""); |
| 23 | 28 | ||
| 24 | &comment(""); | 29 | &comment(""); |
| 25 | $Low="eax"; | 30 | $Low="eax"; |
| @@ -42,6 +47,83 @@ sub bn_mul_add_words | |||
| 42 | 47 | ||
| 43 | &jz(&label("maw_finish")); | 48 | &jz(&label("maw_finish")); |
| 44 | 49 | ||
| 50 | if ($sse2) { | ||
| 51 | &picmeup("eax","OPENSSL_ia32cap_P"); | ||
| 52 | &bt(&DWP(0,"eax"),26); | ||
| 53 | &jnc(&label("maw_loop")); | ||
| 54 | |||
| 55 | &movd("mm0",$w); # mm0 = w | ||
| 56 | &pxor("mm1","mm1"); # mm1 = carry_in | ||
| 57 | |||
| 58 | &set_label("maw_sse2_loop",0); | ||
| 59 | &movd("mm3",&DWP(0,$r,"",0)); # mm3 = r[0] | ||
| 60 | &paddq("mm1","mm3"); # mm1 = carry_in + r[0] | ||
| 61 | &movd("mm2",&DWP(0,$a,"",0)); # mm2 = a[0] | ||
| 62 | &pmuludq("mm2","mm0"); # mm2 = w*a[0] | ||
| 63 | &movd("mm4",&DWP(4,$a,"",0)); # mm4 = a[1] | ||
| 64 | &pmuludq("mm4","mm0"); # mm4 = w*a[1] | ||
| 65 | &movd("mm6",&DWP(8,$a,"",0)); # mm6 = a[2] | ||
| 66 | &pmuludq("mm6","mm0"); # mm6 = w*a[2] | ||
| 67 | &movd("mm7",&DWP(12,$a,"",0)); # mm7 = a[3] | ||
| 68 | &pmuludq("mm7","mm0"); # mm7 = w*a[3] | ||
| 69 | &paddq("mm1","mm2"); # mm1 = carry_in + r[0] + w*a[0] | ||
| 70 | &movd("mm3",&DWP(4,$r,"",0)); # mm3 = r[1] | ||
| 71 | &paddq("mm3","mm4"); # mm3 = r[1] + w*a[1] | ||
| 72 | &movd("mm5",&DWP(8,$r,"",0)); # mm5 = r[2] | ||
| 73 | &paddq("mm5","mm6"); # mm5 = r[2] + w*a[2] | ||
| 74 | &movd("mm4",&DWP(12,$r,"",0)); # mm4 = r[3] | ||
| 75 | &paddq("mm7","mm4"); # mm7 = r[3] + w*a[3] | ||
| 76 | &movd(&DWP(0,$r,"",0),"mm1"); | ||
| 77 | &movd("mm2",&DWP(16,$a,"",0)); # mm2 = a[4] | ||
| 78 | &pmuludq("mm2","mm0"); # mm2 = w*a[4] | ||
| 79 | &psrlq("mm1",32); # mm1 = carry0 | ||
| 80 | &movd("mm4",&DWP(20,$a,"",0)); # mm4 = a[5] | ||
| 81 | &pmuludq("mm4","mm0"); # mm4 = w*a[5] | ||
| 82 | &paddq("mm1","mm3"); # mm1 = carry0 + r[1] + w*a[1] | ||
| 83 | &movd("mm6",&DWP(24,$a,"",0)); # mm6 = a[6] | ||
| 84 | &pmuludq("mm6","mm0"); # mm6 = w*a[6] | ||
| 85 | &movd(&DWP(4,$r,"",0),"mm1"); | ||
| 86 | &psrlq("mm1",32); # mm1 = carry1 | ||
| 87 | &movd("mm3",&DWP(28,$a,"",0)); # mm3 = a[7] | ||
| 88 | &add($a,32); | ||
| 89 | &pmuludq("mm3","mm0"); # mm3 = w*a[7] | ||
| 90 | &paddq("mm1","mm5"); # mm1 = carry1 + r[2] + w*a[2] | ||
| 91 | &movd("mm5",&DWP(16,$r,"",0)); # mm5 = r[4] | ||
| 92 | &paddq("mm2","mm5"); # mm2 = r[4] + w*a[4] | ||
| 93 | &movd(&DWP(8,$r,"",0),"mm1"); | ||
| 94 | &psrlq("mm1",32); # mm1 = carry2 | ||
| 95 | &paddq("mm1","mm7"); # mm1 = carry2 + r[3] + w*a[3] | ||
| 96 | &movd("mm5",&DWP(20,$r,"",0)); # mm5 = r[5] | ||
| 97 | &paddq("mm4","mm5"); # mm4 = r[5] + w*a[5] | ||
| 98 | &movd(&DWP(12,$r,"",0),"mm1"); | ||
| 99 | &psrlq("mm1",32); # mm1 = carry3 | ||
| 100 | &paddq("mm1","mm2"); # mm1 = carry3 + r[4] + w*a[4] | ||
| 101 | &movd("mm5",&DWP(24,$r,"",0)); # mm5 = r[6] | ||
| 102 | &paddq("mm6","mm5"); # mm6 = r[6] + w*a[6] | ||
| 103 | &movd(&DWP(16,$r,"",0),"mm1"); | ||
| 104 | &psrlq("mm1",32); # mm1 = carry4 | ||
| 105 | &paddq("mm1","mm4"); # mm1 = carry4 + r[5] + w*a[5] | ||
| 106 | &movd("mm5",&DWP(28,$r,"",0)); # mm5 = r[7] | ||
| 107 | &paddq("mm3","mm5"); # mm3 = r[7] + w*a[7] | ||
| 108 | &movd(&DWP(20,$r,"",0),"mm1"); | ||
| 109 | &psrlq("mm1",32); # mm1 = carry5 | ||
| 110 | &paddq("mm1","mm6"); # mm1 = carry5 + r[6] + w*a[6] | ||
| 111 | &movd(&DWP(24,$r,"",0),"mm1"); | ||
| 112 | &psrlq("mm1",32); # mm1 = carry6 | ||
| 113 | &paddq("mm1","mm3"); # mm1 = carry6 + r[7] + w*a[7] | ||
| 114 | &movd(&DWP(28,$r,"",0),"mm1"); | ||
| 115 | &add($r,32); | ||
| 116 | &psrlq("mm1",32); # mm1 = carry_out | ||
| 117 | |||
| 118 | &sub("ecx",8); | ||
| 119 | &jnz(&label("maw_sse2_loop")); | ||
| 120 | |||
| 121 | &movd($c,"mm1"); # c = carry_out | ||
| 122 | &emms(); | ||
| 123 | |||
| 124 | &jmp(&label("maw_finish")); | ||
| 125 | } | ||
| 126 | |||
| 45 | &set_label("maw_loop",0); | 127 | &set_label("maw_loop",0); |
| 46 | 128 | ||
| 47 | &mov(&swtmp(0),"ecx"); # | 129 | &mov(&swtmp(0),"ecx"); # |
diff --git a/src/lib/libssl/src/crypto/bn/asm/ia64.S b/src/lib/libssl/src/crypto/bn/asm/ia64.S index 7b82b820e6..951abc53ea 100644 --- a/src/lib/libssl/src/crypto/bn/asm/ia64.S +++ b/src/lib/libssl/src/crypto/bn/asm/ia64.S | |||
| @@ -171,21 +171,21 @@ | |||
| 171 | .skip 32 // makes the loop body aligned at 64-byte boundary | 171 | .skip 32 // makes the loop body aligned at 64-byte boundary |
| 172 | bn_add_words: | 172 | bn_add_words: |
| 173 | .prologue | 173 | .prologue |
| 174 | .fframe 0 | ||
| 175 | .save ar.pfs,r2 | 174 | .save ar.pfs,r2 |
| 176 | { .mii; alloc r2=ar.pfs,4,12,0,16 | 175 | { .mii; alloc r2=ar.pfs,4,12,0,16 |
| 177 | cmp4.le p6,p0=r35,r0 };; | 176 | cmp4.le p6,p0=r35,r0 };; |
| 178 | { .mfb; mov r8=r0 // return value | 177 | { .mfb; mov r8=r0 // return value |
| 179 | (p6) br.ret.spnt.many b0 };; | 178 | (p6) br.ret.spnt.many b0 };; |
| 180 | 179 | ||
| 181 | .save ar.lc,r3 | ||
| 182 | { .mib; sub r10=r35,r0,1 | 180 | { .mib; sub r10=r35,r0,1 |
| 181 | .save ar.lc,r3 | ||
| 183 | mov r3=ar.lc | 182 | mov r3=ar.lc |
| 184 | brp.loop.imp .L_bn_add_words_ctop,.L_bn_add_words_cend-16 | 183 | brp.loop.imp .L_bn_add_words_ctop,.L_bn_add_words_cend-16 |
| 185 | } | 184 | } |
| 186 | .body | ||
| 187 | { .mib; ADDP r14=0,r32 // rp | 185 | { .mib; ADDP r14=0,r32 // rp |
| 186 | .save pr,r9 | ||
| 188 | mov r9=pr };; | 187 | mov r9=pr };; |
| 188 | .body | ||
| 189 | { .mii; ADDP r15=0,r33 // ap | 189 | { .mii; ADDP r15=0,r33 // ap |
| 190 | mov ar.lc=r10 | 190 | mov ar.lc=r10 |
| 191 | mov ar.ec=6 } | 191 | mov ar.ec=6 } |
| @@ -224,21 +224,21 @@ bn_add_words: | |||
| 224 | .skip 32 // makes the loop body aligned at 64-byte boundary | 224 | .skip 32 // makes the loop body aligned at 64-byte boundary |
| 225 | bn_sub_words: | 225 | bn_sub_words: |
| 226 | .prologue | 226 | .prologue |
| 227 | .fframe 0 | ||
| 228 | .save ar.pfs,r2 | 227 | .save ar.pfs,r2 |
| 229 | { .mii; alloc r2=ar.pfs,4,12,0,16 | 228 | { .mii; alloc r2=ar.pfs,4,12,0,16 |
| 230 | cmp4.le p6,p0=r35,r0 };; | 229 | cmp4.le p6,p0=r35,r0 };; |
| 231 | { .mfb; mov r8=r0 // return value | 230 | { .mfb; mov r8=r0 // return value |
| 232 | (p6) br.ret.spnt.many b0 };; | 231 | (p6) br.ret.spnt.many b0 };; |
| 233 | 232 | ||
| 234 | .save ar.lc,r3 | ||
| 235 | { .mib; sub r10=r35,r0,1 | 233 | { .mib; sub r10=r35,r0,1 |
| 234 | .save ar.lc,r3 | ||
| 236 | mov r3=ar.lc | 235 | mov r3=ar.lc |
| 237 | brp.loop.imp .L_bn_sub_words_ctop,.L_bn_sub_words_cend-16 | 236 | brp.loop.imp .L_bn_sub_words_ctop,.L_bn_sub_words_cend-16 |
| 238 | } | 237 | } |
| 239 | .body | ||
| 240 | { .mib; ADDP r14=0,r32 // rp | 238 | { .mib; ADDP r14=0,r32 // rp |
| 239 | .save pr,r9 | ||
| 241 | mov r9=pr };; | 240 | mov r9=pr };; |
| 241 | .body | ||
| 242 | { .mii; ADDP r15=0,r33 // ap | 242 | { .mii; ADDP r15=0,r33 // ap |
| 243 | mov ar.lc=r10 | 243 | mov ar.lc=r10 |
| 244 | mov ar.ec=6 } | 244 | mov ar.ec=6 } |
| @@ -283,7 +283,6 @@ bn_sub_words: | |||
| 283 | .skip 32 // makes the loop body aligned at 64-byte boundary | 283 | .skip 32 // makes the loop body aligned at 64-byte boundary |
| 284 | bn_mul_words: | 284 | bn_mul_words: |
| 285 | .prologue | 285 | .prologue |
| 286 | .fframe 0 | ||
| 287 | .save ar.pfs,r2 | 286 | .save ar.pfs,r2 |
| 288 | #ifdef XMA_TEMPTATION | 287 | #ifdef XMA_TEMPTATION |
| 289 | { .mfi; alloc r2=ar.pfs,4,0,0,0 };; | 288 | { .mfi; alloc r2=ar.pfs,4,0,0,0 };; |
| @@ -294,9 +293,10 @@ bn_mul_words: | |||
| 294 | cmp4.le p6,p0=r34,r0 | 293 | cmp4.le p6,p0=r34,r0 |
| 295 | (p6) br.ret.spnt.many b0 };; | 294 | (p6) br.ret.spnt.many b0 };; |
| 296 | 295 | ||
| 297 | .save ar.lc,r3 | ||
| 298 | { .mii; sub r10=r34,r0,1 | 296 | { .mii; sub r10=r34,r0,1 |
| 297 | .save ar.lc,r3 | ||
| 299 | mov r3=ar.lc | 298 | mov r3=ar.lc |
| 299 | .save pr,r9 | ||
| 300 | mov r9=pr };; | 300 | mov r9=pr };; |
| 301 | 301 | ||
| 302 | .body | 302 | .body |
| @@ -397,22 +397,21 @@ bn_mul_words: | |||
| 397 | .skip 48 // makes the loop body aligned at 64-byte boundary | 397 | .skip 48 // makes the loop body aligned at 64-byte boundary |
| 398 | bn_mul_add_words: | 398 | bn_mul_add_words: |
| 399 | .prologue | 399 | .prologue |
| 400 | .fframe 0 | ||
| 401 | .save ar.pfs,r2 | 400 | .save ar.pfs,r2 |
| 402 | .save ar.lc,r3 | ||
| 403 | .save pr,r9 | ||
| 404 | { .mmi; alloc r2=ar.pfs,4,4,0,8 | 401 | { .mmi; alloc r2=ar.pfs,4,4,0,8 |
| 405 | cmp4.le p6,p0=r34,r0 | 402 | cmp4.le p6,p0=r34,r0 |
| 403 | .save ar.lc,r3 | ||
| 406 | mov r3=ar.lc };; | 404 | mov r3=ar.lc };; |
| 407 | { .mib; mov r8=r0 // return value | 405 | { .mib; mov r8=r0 // return value |
| 408 | sub r10=r34,r0,1 | 406 | sub r10=r34,r0,1 |
| 409 | (p6) br.ret.spnt.many b0 };; | 407 | (p6) br.ret.spnt.many b0 };; |
| 410 | 408 | ||
| 411 | .body | ||
| 412 | { .mib; setf.sig f8=r35 // w | 409 | { .mib; setf.sig f8=r35 // w |
| 410 | .save pr,r9 | ||
| 413 | mov r9=pr | 411 | mov r9=pr |
| 414 | brp.loop.imp .L_bn_mul_add_words_ctop,.L_bn_mul_add_words_cend-16 | 412 | brp.loop.imp .L_bn_mul_add_words_ctop,.L_bn_mul_add_words_cend-16 |
| 415 | } | 413 | } |
| 414 | .body | ||
| 416 | { .mmi; ADDP r14=0,r32 // rp | 415 | { .mmi; ADDP r14=0,r32 // rp |
| 417 | ADDP r15=0,r33 // ap | 416 | ADDP r15=0,r33 // ap |
| 418 | mov ar.lc=r10 } | 417 | mov ar.lc=r10 } |
| @@ -466,7 +465,6 @@ bn_mul_add_words: | |||
| 466 | .skip 32 // makes the loop body aligned at 64-byte boundary | 465 | .skip 32 // makes the loop body aligned at 64-byte boundary |
| 467 | bn_sqr_words: | 466 | bn_sqr_words: |
| 468 | .prologue | 467 | .prologue |
| 469 | .fframe 0 | ||
| 470 | .save ar.pfs,r2 | 468 | .save ar.pfs,r2 |
| 471 | { .mii; alloc r2=ar.pfs,3,0,0,0 | 469 | { .mii; alloc r2=ar.pfs,3,0,0,0 |
| 472 | sxt4 r34=r34 };; | 470 | sxt4 r34=r34 };; |
| @@ -476,9 +474,10 @@ bn_sqr_words: | |||
| 476 | nop.f 0x0 | 474 | nop.f 0x0 |
| 477 | (p6) br.ret.spnt.many b0 };; | 475 | (p6) br.ret.spnt.many b0 };; |
| 478 | 476 | ||
| 479 | .save ar.lc,r3 | ||
| 480 | { .mii; sub r10=r34,r0,1 | 477 | { .mii; sub r10=r34,r0,1 |
| 478 | .save ar.lc,r3 | ||
| 481 | mov r3=ar.lc | 479 | mov r3=ar.lc |
| 480 | .save pr,r9 | ||
| 482 | mov r9=pr };; | 481 | mov r9=pr };; |
| 483 | 482 | ||
| 484 | .body | 483 | .body |
| @@ -545,7 +544,6 @@ bn_sqr_words: | |||
| 545 | .align 64 | 544 | .align 64 |
| 546 | bn_sqr_comba8: | 545 | bn_sqr_comba8: |
| 547 | .prologue | 546 | .prologue |
| 548 | .fframe 0 | ||
| 549 | .save ar.pfs,r2 | 547 | .save ar.pfs,r2 |
| 550 | #if defined(_HPUX_SOURCE) && !defined(_LP64) | 548 | #if defined(_HPUX_SOURCE) && !defined(_LP64) |
| 551 | { .mii; alloc r2=ar.pfs,2,1,0,0 | 549 | { .mii; alloc r2=ar.pfs,2,1,0,0 |
| @@ -617,7 +615,6 @@ bn_sqr_comba8: | |||
| 617 | .align 64 | 615 | .align 64 |
| 618 | bn_mul_comba8: | 616 | bn_mul_comba8: |
| 619 | .prologue | 617 | .prologue |
| 620 | .fframe 0 | ||
| 621 | .save ar.pfs,r2 | 618 | .save ar.pfs,r2 |
| 622 | #if defined(_HPUX_SOURCE) && !defined(_LP64) | 619 | #if defined(_HPUX_SOURCE) && !defined(_LP64) |
| 623 | { .mii; alloc r2=ar.pfs,3,0,0,0 | 620 | { .mii; alloc r2=ar.pfs,3,0,0,0 |
| @@ -1175,7 +1172,6 @@ bn_mul_comba8: | |||
| 1175 | .align 64 | 1172 | .align 64 |
| 1176 | bn_sqr_comba4: | 1173 | bn_sqr_comba4: |
| 1177 | .prologue | 1174 | .prologue |
| 1178 | .fframe 0 | ||
| 1179 | .save ar.pfs,r2 | 1175 | .save ar.pfs,r2 |
| 1180 | #if defined(_HPUX_SOURCE) && !defined(_LP64) | 1176 | #if defined(_HPUX_SOURCE) && !defined(_LP64) |
| 1181 | { .mii; alloc r2=ar.pfs,2,1,0,0 | 1177 | { .mii; alloc r2=ar.pfs,2,1,0,0 |
| @@ -1208,7 +1204,6 @@ bn_sqr_comba4: | |||
| 1208 | .align 64 | 1204 | .align 64 |
| 1209 | bn_mul_comba4: | 1205 | bn_mul_comba4: |
| 1210 | .prologue | 1206 | .prologue |
| 1211 | .fframe 0 | ||
| 1212 | .save ar.pfs,r2 | 1207 | .save ar.pfs,r2 |
| 1213 | #if defined(_HPUX_SOURCE) && !defined(_LP64) | 1208 | #if defined(_HPUX_SOURCE) && !defined(_LP64) |
| 1214 | { .mii; alloc r2=ar.pfs,3,0,0,0 | 1209 | { .mii; alloc r2=ar.pfs,3,0,0,0 |
| @@ -1411,11 +1406,11 @@ equ=p24 | |||
| 1411 | .align 64 | 1406 | .align 64 |
| 1412 | bn_div_words: | 1407 | bn_div_words: |
| 1413 | .prologue | 1408 | .prologue |
| 1414 | .fframe 0 | ||
| 1415 | .save ar.pfs,r2 | 1409 | .save ar.pfs,r2 |
| 1416 | .save b0,r3 | ||
| 1417 | { .mii; alloc r2=ar.pfs,3,5,0,8 | 1410 | { .mii; alloc r2=ar.pfs,3,5,0,8 |
| 1411 | .save b0,r3 | ||
| 1418 | mov r3=b0 | 1412 | mov r3=b0 |
| 1413 | .save pr,r10 | ||
| 1419 | mov r10=pr };; | 1414 | mov r10=pr };; |
| 1420 | { .mmb; cmp.eq p6,p0=r34,r0 | 1415 | { .mmb; cmp.eq p6,p0=r34,r0 |
| 1421 | mov r8=-1 | 1416 | mov r8=-1 |
diff --git a/src/lib/libssl/src/crypto/bn/bn.h b/src/lib/libssl/src/crypto/bn/bn.h index 1251521c54..6d754d5547 100644 --- a/src/lib/libssl/src/crypto/bn/bn.h +++ b/src/lib/libssl/src/crypto/bn/bn.h | |||
| @@ -55,6 +55,19 @@ | |||
| 55 | * copied and put under another distribution licence | 55 | * copied and put under another distribution licence |
| 56 | * [including the GNU Public Licence.] | 56 | * [including the GNU Public Licence.] |
| 57 | */ | 57 | */ |
| 58 | /* ==================================================================== | ||
| 59 | * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. | ||
| 60 | * | ||
| 61 | * Portions of the attached software ("Contribution") are developed by | ||
| 62 | * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project. | ||
| 63 | * | ||
| 64 | * The Contribution is licensed pursuant to the Eric Young open source | ||
| 65 | * license provided above. | ||
| 66 | * | ||
| 67 | * The binary polynomial arithmetic software is originally written by | ||
| 68 | * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories. | ||
| 69 | * | ||
| 70 | */ | ||
| 58 | 71 | ||
| 59 | #ifndef HEADER_BN_H | 72 | #ifndef HEADER_BN_H |
| 60 | #define HEADER_BN_H | 73 | #define HEADER_BN_H |
| @@ -63,14 +76,23 @@ | |||
| 63 | #ifndef OPENSSL_NO_FP_API | 76 | #ifndef OPENSSL_NO_FP_API |
| 64 | #include <stdio.h> /* FILE */ | 77 | #include <stdio.h> /* FILE */ |
| 65 | #endif | 78 | #endif |
| 79 | #include <openssl/ossl_typ.h> | ||
| 66 | 80 | ||
| 67 | #ifdef __cplusplus | 81 | #ifdef __cplusplus |
| 68 | extern "C" { | 82 | extern "C" { |
| 69 | #endif | 83 | #endif |
| 70 | 84 | ||
| 71 | #ifdef OPENSSL_SYS_VMS | 85 | /* These preprocessor symbols control various aspects of the bignum headers and |
| 72 | #undef BN_LLONG /* experimental, so far... */ | 86 | * library code. They're not defined by any "normal" configuration, as they are |
| 73 | #endif | 87 | * intended for development and testing purposes. NB: defining all three can be |
| 88 | * useful for debugging application code as well as openssl itself. | ||
| 89 | * | ||
| 90 | * BN_DEBUG - turn on various debugging alterations to the bignum code | ||
| 91 | * BN_DEBUG_RAND - uses random poisoning of unused words to trip up | ||
| 92 | * mismanagement of bignum internals. You must also define BN_DEBUG. | ||
| 93 | */ | ||
| 94 | /* #define BN_DEBUG */ | ||
| 95 | /* #define BN_DEBUG_RAND */ | ||
| 74 | 96 | ||
| 75 | #define BN_MUL_COMBA | 97 | #define BN_MUL_COMBA |
| 76 | #define BN_SQR_COMBA | 98 | #define BN_SQR_COMBA |
| @@ -143,10 +165,12 @@ extern "C" { | |||
| 143 | #endif | 165 | #endif |
| 144 | 166 | ||
| 145 | #ifdef THIRTY_TWO_BIT | 167 | #ifdef THIRTY_TWO_BIT |
| 146 | #if defined(OPENSSL_SYS_WIN32) && !defined(__GNUC__) | 168 | #ifdef BN_LLONG |
| 147 | #define BN_ULLONG unsigned _int64 | 169 | # if defined(OPENSSL_SYS_WIN32) && !defined(__GNUC__) |
| 148 | #else | 170 | # define BN_ULLONG unsigned __int64 |
| 149 | #define BN_ULLONG unsigned long long | 171 | # else |
| 172 | # define BN_ULLONG unsigned long long | ||
| 173 | # endif | ||
| 150 | #endif | 174 | #endif |
| 151 | #define BN_ULONG unsigned long | 175 | #define BN_ULONG unsigned long |
| 152 | #define BN_LONG long | 176 | #define BN_LONG long |
| @@ -219,15 +243,23 @@ extern "C" { | |||
| 219 | 243 | ||
| 220 | #define BN_DEFAULT_BITS 1280 | 244 | #define BN_DEFAULT_BITS 1280 |
| 221 | 245 | ||
| 222 | #ifdef BIGNUM | ||
| 223 | #undef BIGNUM | ||
| 224 | #endif | ||
| 225 | |||
| 226 | #define BN_FLG_MALLOCED 0x01 | 246 | #define BN_FLG_MALLOCED 0x01 |
| 227 | #define BN_FLG_STATIC_DATA 0x02 | 247 | #define BN_FLG_STATIC_DATA 0x02 |
| 228 | #define BN_FLG_EXP_CONSTTIME 0x04 /* avoid leaking exponent information through timings | 248 | #define BN_FLG_CONSTTIME 0x04 /* avoid leaking exponent information through timing, |
| 229 | * (BN_mod_exp_mont() will call BN_mod_exp_mont_consttime) */ | 249 | * BN_mod_exp_mont() will call BN_mod_exp_mont_consttime, |
| 250 | * BN_div() will call BN_div_no_branch, | ||
| 251 | * BN_mod_inverse() will call BN_mod_inverse_no_branch. | ||
| 252 | */ | ||
| 253 | |||
| 254 | #ifndef OPENSSL_NO_DEPRECATED | ||
| 255 | #define BN_FLG_EXP_CONSTTIME BN_FLG_CONSTTIME /* deprecated name for the flag */ | ||
| 256 | /* avoid leaking exponent information through timings | ||
| 257 | * (BN_mod_exp_mont() will call BN_mod_exp_mont_consttime) */ | ||
| 258 | #endif | ||
| 259 | |||
| 260 | #ifndef OPENSSL_NO_DEPRECATED | ||
| 230 | #define BN_FLG_FREE 0x8000 /* used for debuging */ | 261 | #define BN_FLG_FREE 0x8000 /* used for debuging */ |
| 262 | #endif | ||
| 231 | #define BN_set_flags(b,n) ((b)->flags|=(n)) | 263 | #define BN_set_flags(b,n) ((b)->flags|=(n)) |
| 232 | #define BN_get_flags(b,n) ((b)->flags&(n)) | 264 | #define BN_get_flags(b,n) ((b)->flags&(n)) |
| 233 | 265 | ||
| @@ -242,7 +274,18 @@ extern "C" { | |||
| 242 | | BN_FLG_STATIC_DATA \ | 274 | | BN_FLG_STATIC_DATA \ |
| 243 | | (n))) | 275 | | (n))) |
| 244 | 276 | ||
| 245 | typedef struct bignum_st | 277 | /* Already declared in ossl_typ.h */ |
| 278 | #if 0 | ||
| 279 | typedef struct bignum_st BIGNUM; | ||
| 280 | /* Used for temp variables (declaration hidden in bn_lcl.h) */ | ||
| 281 | typedef struct bignum_ctx BN_CTX; | ||
| 282 | typedef struct bn_blinding_st BN_BLINDING; | ||
| 283 | typedef struct bn_mont_ctx_st BN_MONT_CTX; | ||
| 284 | typedef struct bn_recp_ctx_st BN_RECP_CTX; | ||
| 285 | typedef struct bn_gencb_st BN_GENCB; | ||
| 286 | #endif | ||
| 287 | |||
| 288 | struct bignum_st | ||
| 246 | { | 289 | { |
| 247 | BN_ULONG *d; /* Pointer to an array of 'BN_BITS2' bit chunks. */ | 290 | BN_ULONG *d; /* Pointer to an array of 'BN_BITS2' bit chunks. */ |
| 248 | int top; /* Index of last used d +1. */ | 291 | int top; /* Index of last used d +1. */ |
| @@ -250,44 +293,64 @@ typedef struct bignum_st | |||
| 250 | int dmax; /* Size of the d array. */ | 293 | int dmax; /* Size of the d array. */ |
| 251 | int neg; /* one if the number is negative */ | 294 | int neg; /* one if the number is negative */ |
| 252 | int flags; | 295 | int flags; |
| 253 | } BIGNUM; | 296 | }; |
| 254 | |||
| 255 | /* Used for temp variables (declaration hidden in bn_lcl.h) */ | ||
| 256 | typedef struct bignum_ctx BN_CTX; | ||
| 257 | |||
| 258 | typedef struct bn_blinding_st | ||
| 259 | { | ||
| 260 | int init; | ||
| 261 | BIGNUM *A; | ||
| 262 | BIGNUM *Ai; | ||
| 263 | BIGNUM *mod; /* just a reference */ | ||
| 264 | unsigned long thread_id; /* added in OpenSSL 0.9.6j and 0.9.7b; | ||
| 265 | * used only by crypto/rsa/rsa_eay.c, rsa_lib.c */ | ||
| 266 | } BN_BLINDING; | ||
| 267 | 297 | ||
| 268 | /* Used for montgomery multiplication */ | 298 | /* Used for montgomery multiplication */ |
| 269 | typedef struct bn_mont_ctx_st | 299 | struct bn_mont_ctx_st |
| 270 | { | 300 | { |
| 271 | int ri; /* number of bits in R */ | 301 | int ri; /* number of bits in R */ |
| 272 | BIGNUM RR; /* used to convert to montgomery form */ | 302 | BIGNUM RR; /* used to convert to montgomery form */ |
| 273 | BIGNUM N; /* The modulus */ | 303 | BIGNUM N; /* The modulus */ |
| 274 | BIGNUM Ni; /* R*(1/R mod N) - N*Ni = 1 | 304 | BIGNUM Ni; /* R*(1/R mod N) - N*Ni = 1 |
| 275 | * (Ni is only stored for bignum algorithm) */ | 305 | * (Ni is only stored for bignum algorithm) */ |
| 306 | #if 0 | ||
| 307 | /* OpenSSL 0.9.9 preview: */ | ||
| 308 | BN_ULONG n0[2];/* least significant word(s) of Ni */ | ||
| 309 | #else | ||
| 276 | BN_ULONG n0; /* least significant word of Ni */ | 310 | BN_ULONG n0; /* least significant word of Ni */ |
| 311 | #endif | ||
| 277 | int flags; | 312 | int flags; |
| 278 | } BN_MONT_CTX; | 313 | }; |
| 279 | 314 | ||
| 280 | /* Used for reciprocal division/mod functions | 315 | /* Used for reciprocal division/mod functions |
| 281 | * It cannot be shared between threads | 316 | * It cannot be shared between threads |
| 282 | */ | 317 | */ |
| 283 | typedef struct bn_recp_ctx_st | 318 | struct bn_recp_ctx_st |
| 284 | { | 319 | { |
| 285 | BIGNUM N; /* the divisor */ | 320 | BIGNUM N; /* the divisor */ |
| 286 | BIGNUM Nr; /* the reciprocal */ | 321 | BIGNUM Nr; /* the reciprocal */ |
| 287 | int num_bits; | 322 | int num_bits; |
| 288 | int shift; | 323 | int shift; |
| 289 | int flags; | 324 | int flags; |
| 290 | } BN_RECP_CTX; | 325 | }; |
| 326 | |||
| 327 | /* Used for slow "generation" functions. */ | ||
| 328 | struct bn_gencb_st | ||
| 329 | { | ||
| 330 | unsigned int ver; /* To handle binary (in)compatibility */ | ||
| 331 | void *arg; /* callback-specific data */ | ||
| 332 | union | ||
| 333 | { | ||
| 334 | /* if(ver==1) - handles old style callbacks */ | ||
| 335 | void (*cb_1)(int, int, void *); | ||
| 336 | /* if(ver==2) - new callback style */ | ||
| 337 | int (*cb_2)(int, int, BN_GENCB *); | ||
| 338 | } cb; | ||
| 339 | }; | ||
| 340 | /* Wrapper function to make using BN_GENCB easier, */ | ||
| 341 | int BN_GENCB_call(BN_GENCB *cb, int a, int b); | ||
| 342 | /* Macro to populate a BN_GENCB structure with an "old"-style callback */ | ||
| 343 | #define BN_GENCB_set_old(gencb, callback, cb_arg) { \ | ||
| 344 | BN_GENCB *tmp_gencb = (gencb); \ | ||
| 345 | tmp_gencb->ver = 1; \ | ||
| 346 | tmp_gencb->arg = (cb_arg); \ | ||
| 347 | tmp_gencb->cb.cb_1 = (callback); } | ||
| 348 | /* Macro to populate a BN_GENCB structure with a "new"-style callback */ | ||
| 349 | #define BN_GENCB_set(gencb, callback, cb_arg) { \ | ||
| 350 | BN_GENCB *tmp_gencb = (gencb); \ | ||
| 351 | tmp_gencb->ver = 2; \ | ||
| 352 | tmp_gencb->arg = (cb_arg); \ | ||
| 353 | tmp_gencb->cb.cb_2 = (callback); } | ||
| 291 | 354 | ||
| 292 | #define BN_prime_checks 0 /* default: select number of iterations | 355 | #define BN_prime_checks 0 /* default: select number of iterations |
| 293 | based on the size of the number */ | 356 | based on the size of the number */ |
| @@ -312,24 +375,33 @@ typedef struct bn_recp_ctx_st | |||
| 312 | 375 | ||
| 313 | #define BN_num_bytes(a) ((BN_num_bits(a)+7)/8) | 376 | #define BN_num_bytes(a) ((BN_num_bits(a)+7)/8) |
| 314 | 377 | ||
| 315 | /* Note that BN_abs_is_word does not work reliably for w == 0 */ | 378 | /* Note that BN_abs_is_word didn't work reliably for w == 0 until 0.9.8 */ |
| 316 | #define BN_abs_is_word(a,w) (((a)->top == 1) && ((a)->d[0] == (BN_ULONG)(w))) | 379 | #define BN_abs_is_word(a,w) ((((a)->top == 1) && ((a)->d[0] == (BN_ULONG)(w))) || \ |
| 317 | #define BN_is_zero(a) (((a)->top == 0) || BN_abs_is_word(a,0)) | 380 | (((w) == 0) && ((a)->top == 0))) |
| 381 | #define BN_is_zero(a) ((a)->top == 0) | ||
| 318 | #define BN_is_one(a) (BN_abs_is_word((a),1) && !(a)->neg) | 382 | #define BN_is_one(a) (BN_abs_is_word((a),1) && !(a)->neg) |
| 319 | #define BN_is_word(a,w) ((w) ? BN_abs_is_word((a),(w)) && !(a)->neg : \ | 383 | #define BN_is_word(a,w) (BN_abs_is_word((a),(w)) && (!(w) || !(a)->neg)) |
| 320 | BN_is_zero((a))) | ||
| 321 | #define BN_is_odd(a) (((a)->top > 0) && ((a)->d[0] & 1)) | 384 | #define BN_is_odd(a) (((a)->top > 0) && ((a)->d[0] & 1)) |
| 322 | 385 | ||
| 323 | #define BN_one(a) (BN_set_word((a),1)) | 386 | #define BN_one(a) (BN_set_word((a),1)) |
| 387 | #define BN_zero_ex(a) \ | ||
| 388 | do { \ | ||
| 389 | BIGNUM *_tmp_bn = (a); \ | ||
| 390 | _tmp_bn->top = 0; \ | ||
| 391 | _tmp_bn->neg = 0; \ | ||
| 392 | } while(0) | ||
| 393 | #ifdef OPENSSL_NO_DEPRECATED | ||
| 394 | #define BN_zero(a) BN_zero_ex(a) | ||
| 395 | #else | ||
| 324 | #define BN_zero(a) (BN_set_word((a),0)) | 396 | #define BN_zero(a) (BN_set_word((a),0)) |
| 325 | 397 | #endif | |
| 326 | /*#define BN_ascii2bn(a) BN_hex2bn(a) */ | ||
| 327 | /*#define BN_bn2ascii(a) BN_bn2hex(a) */ | ||
| 328 | 398 | ||
| 329 | const BIGNUM *BN_value_one(void); | 399 | const BIGNUM *BN_value_one(void); |
| 330 | char * BN_options(void); | 400 | char * BN_options(void); |
| 331 | BN_CTX *BN_CTX_new(void); | 401 | BN_CTX *BN_CTX_new(void); |
| 402 | #ifndef OPENSSL_NO_DEPRECATED | ||
| 332 | void BN_CTX_init(BN_CTX *c); | 403 | void BN_CTX_init(BN_CTX *c); |
| 404 | #endif | ||
| 333 | void BN_CTX_free(BN_CTX *c); | 405 | void BN_CTX_free(BN_CTX *c); |
| 334 | void BN_CTX_start(BN_CTX *ctx); | 406 | void BN_CTX_start(BN_CTX *ctx); |
| 335 | BIGNUM *BN_CTX_get(BN_CTX *ctx); | 407 | BIGNUM *BN_CTX_get(BN_CTX *ctx); |
| @@ -355,6 +427,16 @@ int BN_uadd(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); | |||
| 355 | int BN_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); | 427 | int BN_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); |
| 356 | int BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx); | 428 | int BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx); |
| 357 | int BN_sqr(BIGNUM *r, const BIGNUM *a,BN_CTX *ctx); | 429 | int BN_sqr(BIGNUM *r, const BIGNUM *a,BN_CTX *ctx); |
| 430 | /** BN_set_negative sets sign of a BIGNUM | ||
| 431 | * \param b pointer to the BIGNUM object | ||
| 432 | * \param n 0 if the BIGNUM b should be positive and a value != 0 otherwise | ||
| 433 | */ | ||
| 434 | void BN_set_negative(BIGNUM *b, int n); | ||
| 435 | /** BN_is_negative returns 1 if the BIGNUM is negative | ||
| 436 | * \param a pointer to the BIGNUM object | ||
| 437 | * \return 1 if a < 0 and 0 otherwise | ||
| 438 | */ | ||
| 439 | #define BN_is_negative(a) ((a)->neg != 0) | ||
| 358 | 440 | ||
| 359 | int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, const BIGNUM *d, | 441 | int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, const BIGNUM *d, |
| 360 | BN_CTX *ctx); | 442 | BN_CTX *ctx); |
| @@ -428,6 +510,9 @@ BIGNUM *BN_mod_inverse(BIGNUM *ret, | |||
| 428 | const BIGNUM *a, const BIGNUM *n,BN_CTX *ctx); | 510 | const BIGNUM *a, const BIGNUM *n,BN_CTX *ctx); |
| 429 | BIGNUM *BN_mod_sqrt(BIGNUM *ret, | 511 | BIGNUM *BN_mod_sqrt(BIGNUM *ret, |
| 430 | const BIGNUM *a, const BIGNUM *n,BN_CTX *ctx); | 512 | const BIGNUM *a, const BIGNUM *n,BN_CTX *ctx); |
| 513 | |||
| 514 | /* Deprecated versions */ | ||
| 515 | #ifndef OPENSSL_NO_DEPRECATED | ||
| 431 | BIGNUM *BN_generate_prime(BIGNUM *ret,int bits,int safe, | 516 | BIGNUM *BN_generate_prime(BIGNUM *ret,int bits,int safe, |
| 432 | const BIGNUM *add, const BIGNUM *rem, | 517 | const BIGNUM *add, const BIGNUM *rem, |
| 433 | void (*callback)(int,int,void *),void *cb_arg); | 518 | void (*callback)(int,int,void *),void *cb_arg); |
| @@ -437,19 +522,14 @@ int BN_is_prime(const BIGNUM *p,int nchecks, | |||
| 437 | int BN_is_prime_fasttest(const BIGNUM *p,int nchecks, | 522 | int BN_is_prime_fasttest(const BIGNUM *p,int nchecks, |
| 438 | void (*callback)(int,int,void *),BN_CTX *ctx,void *cb_arg, | 523 | void (*callback)(int,int,void *),BN_CTX *ctx,void *cb_arg, |
| 439 | int do_trial_division); | 524 | int do_trial_division); |
| 525 | #endif /* !defined(OPENSSL_NO_DEPRECATED) */ | ||
| 440 | 526 | ||
| 441 | #ifdef OPENSSL_FIPS | 527 | /* Newer versions */ |
| 442 | int BN_X931_derive_prime(BIGNUM *p, BIGNUM *p1, BIGNUM *p2, | 528 | int BN_generate_prime_ex(BIGNUM *ret,int bits,int safe, const BIGNUM *add, |
| 443 | void (*cb)(int, int, void *), void *cb_arg, | 529 | const BIGNUM *rem, BN_GENCB *cb); |
| 444 | const BIGNUM *Xp, const BIGNUM *Xp1, const BIGNUM *Xp2, | 530 | int BN_is_prime_ex(const BIGNUM *p,int nchecks, BN_CTX *ctx, BN_GENCB *cb); |
| 445 | const BIGNUM *e, BN_CTX *ctx); | 531 | int BN_is_prime_fasttest_ex(const BIGNUM *p,int nchecks, BN_CTX *ctx, |
| 446 | int BN_X931_generate_Xpq(BIGNUM *Xp, BIGNUM *Xq, int nbits, BN_CTX *ctx); | 532 | int do_trial_division, BN_GENCB *cb); |
| 447 | int BN_X931_generate_prime(BIGNUM *p, BIGNUM *p1, BIGNUM *p2, | ||
| 448 | BIGNUM *Xp1, BIGNUM *Xp2, | ||
| 449 | const BIGNUM *Xp, | ||
| 450 | const BIGNUM *e, BN_CTX *ctx, | ||
| 451 | void (*cb)(int, int, void *), void *cb_arg); | ||
| 452 | #endif | ||
| 453 | 533 | ||
| 454 | BN_MONT_CTX *BN_MONT_CTX_new(void ); | 534 | BN_MONT_CTX *BN_MONT_CTX_new(void ); |
| 455 | void BN_MONT_CTX_init(BN_MONT_CTX *ctx); | 535 | void BN_MONT_CTX_init(BN_MONT_CTX *ctx); |
| @@ -465,14 +545,31 @@ BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to,BN_MONT_CTX *from); | |||
| 465 | BN_MONT_CTX *BN_MONT_CTX_set_locked(BN_MONT_CTX **pmont, int lock, | 545 | BN_MONT_CTX *BN_MONT_CTX_set_locked(BN_MONT_CTX **pmont, int lock, |
| 466 | const BIGNUM *mod, BN_CTX *ctx); | 546 | const BIGNUM *mod, BN_CTX *ctx); |
| 467 | 547 | ||
| 468 | BN_BLINDING *BN_BLINDING_new(BIGNUM *A,BIGNUM *Ai,BIGNUM *mod); | 548 | /* BN_BLINDING flags */ |
| 549 | #define BN_BLINDING_NO_UPDATE 0x00000001 | ||
| 550 | #define BN_BLINDING_NO_RECREATE 0x00000002 | ||
| 551 | |||
| 552 | BN_BLINDING *BN_BLINDING_new(const BIGNUM *A, const BIGNUM *Ai, /* const */ BIGNUM *mod); | ||
| 469 | void BN_BLINDING_free(BN_BLINDING *b); | 553 | void BN_BLINDING_free(BN_BLINDING *b); |
| 470 | int BN_BLINDING_update(BN_BLINDING *b,BN_CTX *ctx); | 554 | int BN_BLINDING_update(BN_BLINDING *b,BN_CTX *ctx); |
| 471 | int BN_BLINDING_convert(BIGNUM *n, BN_BLINDING *r, BN_CTX *ctx); | 555 | int BN_BLINDING_convert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx); |
| 472 | int BN_BLINDING_invert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx); | 556 | int BN_BLINDING_invert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx); |
| 473 | 557 | int BN_BLINDING_convert_ex(BIGNUM *n, BIGNUM *r, BN_BLINDING *b, BN_CTX *); | |
| 558 | int BN_BLINDING_invert_ex(BIGNUM *n, const BIGNUM *r, BN_BLINDING *b, BN_CTX *); | ||
| 559 | unsigned long BN_BLINDING_get_thread_id(const BN_BLINDING *); | ||
| 560 | void BN_BLINDING_set_thread_id(BN_BLINDING *, unsigned long); | ||
| 561 | unsigned long BN_BLINDING_get_flags(const BN_BLINDING *); | ||
| 562 | void BN_BLINDING_set_flags(BN_BLINDING *, unsigned long); | ||
| 563 | BN_BLINDING *BN_BLINDING_create_param(BN_BLINDING *b, | ||
| 564 | const BIGNUM *e, /* const */ BIGNUM *m, BN_CTX *ctx, | ||
| 565 | int (*bn_mod_exp)(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, | ||
| 566 | const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx), | ||
| 567 | BN_MONT_CTX *m_ctx); | ||
| 568 | |||
| 569 | #ifndef OPENSSL_NO_DEPRECATED | ||
| 474 | void BN_set_params(int mul,int high,int low,int mont); | 570 | void BN_set_params(int mul,int high,int low,int mont); |
| 475 | int BN_get_params(int which); /* 0, mul, 1 high, 2 low, 3 mont */ | 571 | int BN_get_params(int which); /* 0, mul, 1 high, 2 low, 3 mont */ |
| 572 | #endif | ||
| 476 | 573 | ||
| 477 | void BN_RECP_CTX_init(BN_RECP_CTX *recp); | 574 | void BN_RECP_CTX_init(BN_RECP_CTX *recp); |
| 478 | BN_RECP_CTX *BN_RECP_CTX_new(void); | 575 | BN_RECP_CTX *BN_RECP_CTX_new(void); |
| @@ -485,15 +582,162 @@ int BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, | |||
| 485 | int BN_div_recp(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, | 582 | int BN_div_recp(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, |
| 486 | BN_RECP_CTX *recp, BN_CTX *ctx); | 583 | BN_RECP_CTX *recp, BN_CTX *ctx); |
| 487 | 584 | ||
| 585 | /* Functions for arithmetic over binary polynomials represented by BIGNUMs. | ||
| 586 | * | ||
| 587 | * The BIGNUM::neg property of BIGNUMs representing binary polynomials is | ||
| 588 | * ignored. | ||
| 589 | * | ||
| 590 | * Note that input arguments are not const so that their bit arrays can | ||
| 591 | * be expanded to the appropriate size if needed. | ||
| 592 | */ | ||
| 593 | |||
| 594 | int BN_GF2m_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); /*r = a + b*/ | ||
| 595 | #define BN_GF2m_sub(r, a, b) BN_GF2m_add(r, a, b) | ||
| 596 | int BN_GF2m_mod(BIGNUM *r, const BIGNUM *a, const BIGNUM *p); /*r=a mod p*/ | ||
| 597 | int BN_GF2m_mod_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, | ||
| 598 | const BIGNUM *p, BN_CTX *ctx); /* r = (a * b) mod p */ | ||
| 599 | int BN_GF2m_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, | ||
| 600 | BN_CTX *ctx); /* r = (a * a) mod p */ | ||
| 601 | int BN_GF2m_mod_inv(BIGNUM *r, const BIGNUM *b, const BIGNUM *p, | ||
| 602 | BN_CTX *ctx); /* r = (1 / b) mod p */ | ||
| 603 | int BN_GF2m_mod_div(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, | ||
| 604 | const BIGNUM *p, BN_CTX *ctx); /* r = (a / b) mod p */ | ||
| 605 | int BN_GF2m_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, | ||
| 606 | const BIGNUM *p, BN_CTX *ctx); /* r = (a ^ b) mod p */ | ||
| 607 | int BN_GF2m_mod_sqrt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, | ||
| 608 | BN_CTX *ctx); /* r = sqrt(a) mod p */ | ||
| 609 | int BN_GF2m_mod_solve_quad(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, | ||
| 610 | BN_CTX *ctx); /* r^2 + r = a mod p */ | ||
| 611 | #define BN_GF2m_cmp(a, b) BN_ucmp((a), (b)) | ||
| 612 | /* Some functions allow for representation of the irreducible polynomials | ||
| 613 | * as an unsigned int[], say p. The irreducible f(t) is then of the form: | ||
| 614 | * t^p[0] + t^p[1] + ... + t^p[k] | ||
| 615 | * where m = p[0] > p[1] > ... > p[k] = 0. | ||
| 616 | */ | ||
| 617 | int BN_GF2m_mod_arr(BIGNUM *r, const BIGNUM *a, const unsigned int p[]); | ||
| 618 | /* r = a mod p */ | ||
| 619 | int BN_GF2m_mod_mul_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, | ||
| 620 | const unsigned int p[], BN_CTX *ctx); /* r = (a * b) mod p */ | ||
| 621 | int BN_GF2m_mod_sqr_arr(BIGNUM *r, const BIGNUM *a, const unsigned int p[], | ||
| 622 | BN_CTX *ctx); /* r = (a * a) mod p */ | ||
| 623 | int BN_GF2m_mod_inv_arr(BIGNUM *r, const BIGNUM *b, const unsigned int p[], | ||
| 624 | BN_CTX *ctx); /* r = (1 / b) mod p */ | ||
| 625 | int BN_GF2m_mod_div_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, | ||
| 626 | const unsigned int p[], BN_CTX *ctx); /* r = (a / b) mod p */ | ||
| 627 | int BN_GF2m_mod_exp_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, | ||
| 628 | const unsigned int p[], BN_CTX *ctx); /* r = (a ^ b) mod p */ | ||
| 629 | int BN_GF2m_mod_sqrt_arr(BIGNUM *r, const BIGNUM *a, | ||
| 630 | const unsigned int p[], BN_CTX *ctx); /* r = sqrt(a) mod p */ | ||
| 631 | int BN_GF2m_mod_solve_quad_arr(BIGNUM *r, const BIGNUM *a, | ||
| 632 | const unsigned int p[], BN_CTX *ctx); /* r^2 + r = a mod p */ | ||
| 633 | int BN_GF2m_poly2arr(const BIGNUM *a, unsigned int p[], int max); | ||
| 634 | int BN_GF2m_arr2poly(const unsigned int p[], BIGNUM *a); | ||
| 635 | |||
| 636 | /* faster mod functions for the 'NIST primes' | ||
| 637 | * 0 <= a < p^2 */ | ||
| 638 | int BN_nist_mod_192(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx); | ||
| 639 | int BN_nist_mod_224(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx); | ||
| 640 | int BN_nist_mod_256(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx); | ||
| 641 | int BN_nist_mod_384(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx); | ||
| 642 | int BN_nist_mod_521(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx); | ||
| 643 | |||
| 644 | const BIGNUM *BN_get0_nist_prime_192(void); | ||
| 645 | const BIGNUM *BN_get0_nist_prime_224(void); | ||
| 646 | const BIGNUM *BN_get0_nist_prime_256(void); | ||
| 647 | const BIGNUM *BN_get0_nist_prime_384(void); | ||
| 648 | const BIGNUM *BN_get0_nist_prime_521(void); | ||
| 649 | |||
| 488 | /* library internal functions */ | 650 | /* library internal functions */ |
| 489 | 651 | ||
| 490 | #define bn_expand(a,bits) ((((((bits+BN_BITS2-1))/BN_BITS2)) <= (a)->dmax)?\ | 652 | #define bn_expand(a,bits) ((((((bits+BN_BITS2-1))/BN_BITS2)) <= (a)->dmax)?\ |
| 491 | (a):bn_expand2((a),(bits)/BN_BITS2+1)) | 653 | (a):bn_expand2((a),(bits+BN_BITS2-1)/BN_BITS2)) |
| 492 | #define bn_wexpand(a,words) (((words) <= (a)->dmax)?(a):bn_expand2((a),(words))) | 654 | #define bn_wexpand(a,words) (((words) <= (a)->dmax)?(a):bn_expand2((a),(words))) |
| 493 | BIGNUM *bn_expand2(BIGNUM *a, int words); | 655 | BIGNUM *bn_expand2(BIGNUM *a, int words); |
| 494 | BIGNUM *bn_dup_expand(const BIGNUM *a, int words); | 656 | #ifndef OPENSSL_NO_DEPRECATED |
| 657 | BIGNUM *bn_dup_expand(const BIGNUM *a, int words); /* unused */ | ||
| 658 | #endif | ||
| 659 | |||
| 660 | /* Bignum consistency macros | ||
| 661 | * There is one "API" macro, bn_fix_top(), for stripping leading zeroes from | ||
| 662 | * bignum data after direct manipulations on the data. There is also an | ||
| 663 | * "internal" macro, bn_check_top(), for verifying that there are no leading | ||
| 664 | * zeroes. Unfortunately, some auditing is required due to the fact that | ||
| 665 | * bn_fix_top() has become an overabused duct-tape because bignum data is | ||
| 666 | * occasionally passed around in an inconsistent state. So the following | ||
| 667 | * changes have been made to sort this out; | ||
| 668 | * - bn_fix_top()s implementation has been moved to bn_correct_top() | ||
| 669 | * - if BN_DEBUG isn't defined, bn_fix_top() maps to bn_correct_top(), and | ||
| 670 | * bn_check_top() is as before. | ||
| 671 | * - if BN_DEBUG *is* defined; | ||
| 672 | * - bn_check_top() tries to pollute unused words even if the bignum 'top' is | ||
| 673 | * consistent. (ed: only if BN_DEBUG_RAND is defined) | ||
| 674 | * - bn_fix_top() maps to bn_check_top() rather than "fixing" anything. | ||
| 675 | * The idea is to have debug builds flag up inconsistent bignums when they | ||
| 676 | * occur. If that occurs in a bn_fix_top(), we examine the code in question; if | ||
| 677 | * the use of bn_fix_top() was appropriate (ie. it follows directly after code | ||
| 678 | * that manipulates the bignum) it is converted to bn_correct_top(), and if it | ||
| 679 | * was not appropriate, we convert it permanently to bn_check_top() and track | ||
| 680 | * down the cause of the bug. Eventually, no internal code should be using the | ||
| 681 | * bn_fix_top() macro. External applications and libraries should try this with | ||
| 682 | * their own code too, both in terms of building against the openssl headers | ||
| 683 | * with BN_DEBUG defined *and* linking with a version of OpenSSL built with it | ||
| 684 | * defined. This not only improves external code, it provides more test | ||
| 685 | * coverage for openssl's own code. | ||
| 686 | */ | ||
| 687 | |||
| 688 | #ifdef BN_DEBUG | ||
| 495 | 689 | ||
| 496 | #define bn_fix_top(a) \ | 690 | /* We only need assert() when debugging */ |
| 691 | #include <assert.h> | ||
| 692 | |||
| 693 | #ifdef BN_DEBUG_RAND | ||
| 694 | /* To avoid "make update" cvs wars due to BN_DEBUG, use some tricks */ | ||
| 695 | #ifndef RAND_pseudo_bytes | ||
| 696 | int RAND_pseudo_bytes(unsigned char *buf,int num); | ||
| 697 | #define BN_DEBUG_TRIX | ||
| 698 | #endif | ||
| 699 | #define bn_pollute(a) \ | ||
| 700 | do { \ | ||
| 701 | const BIGNUM *_bnum1 = (a); \ | ||
| 702 | if(_bnum1->top < _bnum1->dmax) { \ | ||
| 703 | unsigned char _tmp_char; \ | ||
| 704 | /* We cast away const without the compiler knowing, any \ | ||
| 705 | * *genuinely* constant variables that aren't mutable \ | ||
| 706 | * wouldn't be constructed with top!=dmax. */ \ | ||
| 707 | BN_ULONG *_not_const; \ | ||
| 708 | memcpy(&_not_const, &_bnum1->d, sizeof(BN_ULONG*)); \ | ||
| 709 | RAND_pseudo_bytes(&_tmp_char, 1); \ | ||
| 710 | memset((unsigned char *)(_not_const + _bnum1->top), _tmp_char, \ | ||
| 711 | (_bnum1->dmax - _bnum1->top) * sizeof(BN_ULONG)); \ | ||
| 712 | } \ | ||
| 713 | } while(0) | ||
| 714 | #ifdef BN_DEBUG_TRIX | ||
| 715 | #undef RAND_pseudo_bytes | ||
| 716 | #endif | ||
| 717 | #else | ||
| 718 | #define bn_pollute(a) | ||
| 719 | #endif | ||
| 720 | #define bn_check_top(a) \ | ||
| 721 | do { \ | ||
| 722 | const BIGNUM *_bnum2 = (a); \ | ||
| 723 | if (_bnum2 != NULL) { \ | ||
| 724 | assert((_bnum2->top == 0) || \ | ||
| 725 | (_bnum2->d[_bnum2->top - 1] != 0)); \ | ||
| 726 | bn_pollute(_bnum2); \ | ||
| 727 | } \ | ||
| 728 | } while(0) | ||
| 729 | |||
| 730 | #define bn_fix_top(a) bn_check_top(a) | ||
| 731 | |||
| 732 | #else /* !BN_DEBUG */ | ||
| 733 | |||
| 734 | #define bn_pollute(a) | ||
| 735 | #define bn_check_top(a) | ||
| 736 | #define bn_fix_top(a) bn_correct_top(a) | ||
| 737 | |||
| 738 | #endif | ||
| 739 | |||
| 740 | #define bn_correct_top(a) \ | ||
| 497 | { \ | 741 | { \ |
| 498 | BN_ULONG *ftl; \ | 742 | BN_ULONG *ftl; \ |
| 499 | if ((a)->top > 0) \ | 743 | if ((a)->top > 0) \ |
| @@ -501,6 +745,7 @@ BIGNUM *bn_dup_expand(const BIGNUM *a, int words); | |||
| 501 | for (ftl= &((a)->d[(a)->top-1]); (a)->top > 0; (a)->top--) \ | 745 | for (ftl= &((a)->d[(a)->top-1]); (a)->top > 0; (a)->top--) \ |
| 502 | if (*(ftl--)) break; \ | 746 | if (*(ftl--)) break; \ |
| 503 | } \ | 747 | } \ |
| 748 | bn_pollute(a); \ | ||
| 504 | } | 749 | } |
| 505 | 750 | ||
| 506 | BN_ULONG bn_mul_add_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w); | 751 | BN_ULONG bn_mul_add_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w); |
| @@ -510,15 +755,17 @@ BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d); | |||
| 510 | BN_ULONG bn_add_words(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,int num); | 755 | BN_ULONG bn_add_words(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,int num); |
| 511 | BN_ULONG bn_sub_words(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,int num); | 756 | BN_ULONG bn_sub_words(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,int num); |
| 512 | 757 | ||
| 513 | #ifdef BN_DEBUG | 758 | /* Primes from RFC 2409 */ |
| 514 | void bn_dump1(FILE *o, const char *a, const BN_ULONG *b,int n); | 759 | BIGNUM *get_rfc2409_prime_768(BIGNUM *bn); |
| 515 | # define bn_print(a) {fprintf(stderr, #a "="); BN_print_fp(stderr,a); \ | 760 | BIGNUM *get_rfc2409_prime_1024(BIGNUM *bn); |
| 516 | fprintf(stderr,"\n");} | 761 | |
| 517 | # define bn_dump(a,n) bn_dump1(stderr,#a,a,n); | 762 | /* Primes from RFC 3526 */ |
| 518 | #else | 763 | BIGNUM *get_rfc3526_prime_1536(BIGNUM *bn); |
| 519 | # define bn_print(a) | 764 | BIGNUM *get_rfc3526_prime_2048(BIGNUM *bn); |
| 520 | # define bn_dump(a,b) | 765 | BIGNUM *get_rfc3526_prime_3072(BIGNUM *bn); |
| 521 | #endif | 766 | BIGNUM *get_rfc3526_prime_4096(BIGNUM *bn); |
| 767 | BIGNUM *get_rfc3526_prime_6144(BIGNUM *bn); | ||
| 768 | BIGNUM *get_rfc3526_prime_8192(BIGNUM *bn); | ||
| 522 | 769 | ||
| 523 | int BN_bntest_rand(BIGNUM *rnd, int bits, int top,int bottom); | 770 | int BN_bntest_rand(BIGNUM *rnd, int bits, int top,int bottom); |
| 524 | 771 | ||
| @@ -531,18 +778,30 @@ void ERR_load_BN_strings(void); | |||
| 531 | /* Error codes for the BN functions. */ | 778 | /* Error codes for the BN functions. */ |
| 532 | 779 | ||
| 533 | /* Function codes. */ | 780 | /* Function codes. */ |
| 534 | #define BN_F_BN_BLINDING_CONVERT 100 | 781 | #define BN_F_BNRAND 127 |
| 535 | #define BN_F_BN_BLINDING_INVERT 101 | 782 | #define BN_F_BN_BLINDING_CONVERT_EX 100 |
| 783 | #define BN_F_BN_BLINDING_CREATE_PARAM 128 | ||
| 784 | #define BN_F_BN_BLINDING_INVERT_EX 101 | ||
| 536 | #define BN_F_BN_BLINDING_NEW 102 | 785 | #define BN_F_BN_BLINDING_NEW 102 |
| 537 | #define BN_F_BN_BLINDING_UPDATE 103 | 786 | #define BN_F_BN_BLINDING_UPDATE 103 |
| 538 | #define BN_F_BN_BN2DEC 104 | 787 | #define BN_F_BN_BN2DEC 104 |
| 539 | #define BN_F_BN_BN2HEX 105 | 788 | #define BN_F_BN_BN2HEX 105 |
| 540 | #define BN_F_BN_CTX_GET 116 | 789 | #define BN_F_BN_CTX_GET 116 |
| 541 | #define BN_F_BN_CTX_NEW 106 | 790 | #define BN_F_BN_CTX_NEW 106 |
| 791 | #define BN_F_BN_CTX_START 129 | ||
| 542 | #define BN_F_BN_DIV 107 | 792 | #define BN_F_BN_DIV 107 |
| 793 | #define BN_F_BN_DIV_NO_BRANCH 138 | ||
| 794 | #define BN_F_BN_DIV_RECP 130 | ||
| 543 | #define BN_F_BN_EXP 123 | 795 | #define BN_F_BN_EXP 123 |
| 544 | #define BN_F_BN_EXPAND2 108 | 796 | #define BN_F_BN_EXPAND2 108 |
| 545 | #define BN_F_BN_EXPAND_INTERNAL 120 | 797 | #define BN_F_BN_EXPAND_INTERNAL 120 |
| 798 | #define BN_F_BN_GF2M_MOD 131 | ||
| 799 | #define BN_F_BN_GF2M_MOD_EXP 132 | ||
| 800 | #define BN_F_BN_GF2M_MOD_MUL 133 | ||
| 801 | #define BN_F_BN_GF2M_MOD_SOLVE_QUAD 134 | ||
| 802 | #define BN_F_BN_GF2M_MOD_SOLVE_QUAD_ARR 135 | ||
| 803 | #define BN_F_BN_GF2M_MOD_SQR 136 | ||
| 804 | #define BN_F_BN_GF2M_MOD_SQRT 137 | ||
| 546 | #define BN_F_BN_MOD_EXP2_MONT 118 | 805 | #define BN_F_BN_MOD_EXP2_MONT 118 |
| 547 | #define BN_F_BN_MOD_EXP_MONT 109 | 806 | #define BN_F_BN_MOD_EXP_MONT 109 |
| 548 | #define BN_F_BN_MOD_EXP_MONT_CONSTTIME 124 | 807 | #define BN_F_BN_MOD_EXP_MONT_CONSTTIME 124 |
| @@ -550,6 +809,7 @@ void ERR_load_BN_strings(void); | |||
| 550 | #define BN_F_BN_MOD_EXP_RECP 125 | 809 | #define BN_F_BN_MOD_EXP_RECP 125 |
| 551 | #define BN_F_BN_MOD_EXP_SIMPLE 126 | 810 | #define BN_F_BN_MOD_EXP_SIMPLE 126 |
| 552 | #define BN_F_BN_MOD_INVERSE 110 | 811 | #define BN_F_BN_MOD_INVERSE 110 |
| 812 | #define BN_F_BN_MOD_INVERSE_NO_BRANCH 139 | ||
| 553 | #define BN_F_BN_MOD_LSHIFT_QUICK 119 | 813 | #define BN_F_BN_MOD_LSHIFT_QUICK 119 |
| 554 | #define BN_F_BN_MOD_MUL_RECIPROCAL 111 | 814 | #define BN_F_BN_MOD_MUL_RECIPROCAL 111 |
| 555 | #define BN_F_BN_MOD_SQRT 121 | 815 | #define BN_F_BN_MOD_SQRT 121 |
| @@ -573,6 +833,7 @@ void ERR_load_BN_strings(void); | |||
| 573 | #define BN_R_NOT_A_SQUARE 111 | 833 | #define BN_R_NOT_A_SQUARE 111 |
| 574 | #define BN_R_NOT_INITIALIZED 107 | 834 | #define BN_R_NOT_INITIALIZED 107 |
| 575 | #define BN_R_NO_INVERSE 108 | 835 | #define BN_R_NO_INVERSE 108 |
| 836 | #define BN_R_NO_SOLUTION 116 | ||
| 576 | #define BN_R_P_IS_NOT_PRIME 112 | 837 | #define BN_R_P_IS_NOT_PRIME 112 |
| 577 | #define BN_R_TOO_MANY_ITERATIONS 113 | 838 | #define BN_R_TOO_MANY_ITERATIONS 113 |
| 578 | #define BN_R_TOO_MANY_TEMPORARY_VARIABLES 109 | 839 | #define BN_R_TOO_MANY_TEMPORARY_VARIABLES 109 |
diff --git a/src/lib/libssl/src/crypto/bn/bn_add.c b/src/lib/libssl/src/crypto/bn/bn_add.c index 6cba07e9f6..9405163706 100644 --- a/src/lib/libssl/src/crypto/bn/bn_add.c +++ b/src/lib/libssl/src/crypto/bn/bn_add.c | |||
| @@ -64,7 +64,7 @@ | |||
| 64 | int BN_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b) | 64 | int BN_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b) |
| 65 | { | 65 | { |
| 66 | const BIGNUM *tmp; | 66 | const BIGNUM *tmp; |
| 67 | int a_neg = a->neg; | 67 | int a_neg = a->neg, ret; |
| 68 | 68 | ||
| 69 | bn_check_top(a); | 69 | bn_check_top(a); |
| 70 | bn_check_top(b); | 70 | bn_check_top(b); |
| @@ -95,20 +95,17 @@ int BN_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b) | |||
| 95 | return(1); | 95 | return(1); |
| 96 | } | 96 | } |
| 97 | 97 | ||
| 98 | if (!BN_uadd(r,a,b)) return(0); | 98 | ret = BN_uadd(r,a,b); |
| 99 | if (a_neg) /* both are neg */ | 99 | r->neg = a_neg; |
| 100 | r->neg=1; | 100 | bn_check_top(r); |
| 101 | else | 101 | return ret; |
| 102 | r->neg=0; | ||
| 103 | return(1); | ||
| 104 | } | 102 | } |
| 105 | 103 | ||
| 106 | /* unsigned add of b to a, r must be large enough */ | 104 | /* unsigned add of b to a */ |
| 107 | int BN_uadd(BIGNUM *r, const BIGNUM *a, const BIGNUM *b) | 105 | int BN_uadd(BIGNUM *r, const BIGNUM *a, const BIGNUM *b) |
| 108 | { | 106 | { |
| 109 | register int i; | 107 | int max,min,dif; |
| 110 | int max,min; | 108 | BN_ULONG *ap,*bp,*rp,carry,t1,t2; |
| 111 | BN_ULONG *ap,*bp,*rp,carry,t1; | ||
| 112 | const BIGNUM *tmp; | 109 | const BIGNUM *tmp; |
| 113 | 110 | ||
| 114 | bn_check_top(a); | 111 | bn_check_top(a); |
| @@ -116,11 +113,12 @@ int BN_uadd(BIGNUM *r, const BIGNUM *a, const BIGNUM *b) | |||
| 116 | 113 | ||
| 117 | if (a->top < b->top) | 114 | if (a->top < b->top) |
| 118 | { tmp=a; a=b; b=tmp; } | 115 | { tmp=a; a=b; b=tmp; } |
| 119 | max=a->top; | 116 | max = a->top; |
| 120 | min=b->top; | 117 | min = b->top; |
| 118 | dif = max - min; | ||
| 121 | 119 | ||
| 122 | if (bn_wexpand(r,max+1) == NULL) | 120 | if (bn_wexpand(r,max+1) == NULL) |
| 123 | return(0); | 121 | return 0; |
| 124 | 122 | ||
| 125 | r->top=max; | 123 | r->top=max; |
| 126 | 124 | ||
| @@ -128,46 +126,46 @@ int BN_uadd(BIGNUM *r, const BIGNUM *a, const BIGNUM *b) | |||
| 128 | ap=a->d; | 126 | ap=a->d; |
| 129 | bp=b->d; | 127 | bp=b->d; |
| 130 | rp=r->d; | 128 | rp=r->d; |
| 131 | carry=0; | ||
| 132 | 129 | ||
| 133 | carry=bn_add_words(rp,ap,bp,min); | 130 | carry=bn_add_words(rp,ap,bp,min); |
| 134 | rp+=min; | 131 | rp+=min; |
| 135 | ap+=min; | 132 | ap+=min; |
| 136 | bp+=min; | 133 | bp+=min; |
| 137 | i=min; | ||
| 138 | 134 | ||
| 139 | if (carry) | 135 | if (carry) |
| 140 | { | 136 | { |
| 141 | while (i < max) | 137 | while (dif) |
| 142 | { | 138 | { |
| 143 | i++; | 139 | dif--; |
| 144 | t1= *(ap++); | 140 | t1 = *(ap++); |
| 145 | if ((*(rp++)=(t1+1)&BN_MASK2) >= t1) | 141 | t2 = (t1+1) & BN_MASK2; |
| 142 | *(rp++) = t2; | ||
| 143 | if (t2) | ||
| 146 | { | 144 | { |
| 147 | carry=0; | 145 | carry=0; |
| 148 | break; | 146 | break; |
| 149 | } | 147 | } |
| 150 | } | 148 | } |
| 151 | if ((i >= max) && carry) | 149 | if (carry) |
| 152 | { | 150 | { |
| 153 | *(rp++)=1; | 151 | /* carry != 0 => dif == 0 */ |
| 152 | *rp = 1; | ||
| 154 | r->top++; | 153 | r->top++; |
| 155 | } | 154 | } |
| 156 | } | 155 | } |
| 157 | if (rp != ap) | 156 | if (dif && rp != ap) |
| 158 | { | 157 | while (dif--) |
| 159 | for (; i<max; i++) | 158 | /* copy remaining words if ap != rp */ |
| 160 | *(rp++)= *(ap++); | 159 | *(rp++) = *(ap++); |
| 161 | } | ||
| 162 | /* memcpy(rp,ap,sizeof(*ap)*(max-i));*/ | ||
| 163 | r->neg = 0; | 160 | r->neg = 0; |
| 164 | return(1); | 161 | bn_check_top(r); |
| 162 | return 1; | ||
| 165 | } | 163 | } |
| 166 | 164 | ||
| 167 | /* unsigned subtraction of b from a, a must be larger than b. */ | 165 | /* unsigned subtraction of b from a, a must be larger than b. */ |
| 168 | int BN_usub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b) | 166 | int BN_usub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b) |
| 169 | { | 167 | { |
| 170 | int max,min; | 168 | int max,min,dif; |
| 171 | register BN_ULONG t1,t2,*ap,*bp,*rp; | 169 | register BN_ULONG t1,t2,*ap,*bp,*rp; |
| 172 | int i,carry; | 170 | int i,carry; |
| 173 | #if defined(IRIX_CC_BUG) && !defined(LINT) | 171 | #if defined(IRIX_CC_BUG) && !defined(LINT) |
| @@ -177,14 +175,16 @@ int BN_usub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b) | |||
| 177 | bn_check_top(a); | 175 | bn_check_top(a); |
| 178 | bn_check_top(b); | 176 | bn_check_top(b); |
| 179 | 177 | ||
| 180 | if (a->top < b->top) /* hmm... should not be happening */ | 178 | max = a->top; |
| 179 | min = b->top; | ||
| 180 | dif = max - min; | ||
| 181 | |||
| 182 | if (dif < 0) /* hmm... should not be happening */ | ||
| 181 | { | 183 | { |
| 182 | BNerr(BN_F_BN_USUB,BN_R_ARG2_LT_ARG3); | 184 | BNerr(BN_F_BN_USUB,BN_R_ARG2_LT_ARG3); |
| 183 | return(0); | 185 | return(0); |
| 184 | } | 186 | } |
| 185 | 187 | ||
| 186 | max=a->top; | ||
| 187 | min=b->top; | ||
| 188 | if (bn_wexpand(r,max) == NULL) return(0); | 188 | if (bn_wexpand(r,max) == NULL) return(0); |
| 189 | 189 | ||
| 190 | ap=a->d; | 190 | ap=a->d; |
| @@ -193,7 +193,7 @@ int BN_usub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b) | |||
| 193 | 193 | ||
| 194 | #if 1 | 194 | #if 1 |
| 195 | carry=0; | 195 | carry=0; |
| 196 | for (i=0; i<min; i++) | 196 | for (i = min; i != 0; i--) |
| 197 | { | 197 | { |
| 198 | t1= *(ap++); | 198 | t1= *(ap++); |
| 199 | t2= *(bp++); | 199 | t2= *(bp++); |
| @@ -217,17 +217,20 @@ int BN_usub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b) | |||
| 217 | ap+=min; | 217 | ap+=min; |
| 218 | bp+=min; | 218 | bp+=min; |
| 219 | rp+=min; | 219 | rp+=min; |
| 220 | i=min; | ||
| 221 | #endif | 220 | #endif |
| 222 | if (carry) /* subtracted */ | 221 | if (carry) /* subtracted */ |
| 223 | { | 222 | { |
| 224 | while (i < max) | 223 | if (!dif) |
| 224 | /* error: a < b */ | ||
| 225 | return 0; | ||
| 226 | while (dif) | ||
| 225 | { | 227 | { |
| 226 | i++; | 228 | dif--; |
| 227 | t1= *(ap++); | 229 | t1 = *(ap++); |
| 228 | t2=(t1-1)&BN_MASK2; | 230 | t2 = (t1-1)&BN_MASK2; |
| 229 | *(rp++)=t2; | 231 | *(rp++) = t2; |
| 230 | if (t1 > t2) break; | 232 | if (t1) |
| 233 | break; | ||
| 231 | } | 234 | } |
| 232 | } | 235 | } |
| 233 | #if 0 | 236 | #if 0 |
| @@ -237,13 +240,13 @@ int BN_usub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b) | |||
| 237 | { | 240 | { |
| 238 | for (;;) | 241 | for (;;) |
| 239 | { | 242 | { |
| 240 | if (i++ >= max) break; | 243 | if (!dif--) break; |
| 241 | rp[0]=ap[0]; | 244 | rp[0]=ap[0]; |
| 242 | if (i++ >= max) break; | 245 | if (!dif--) break; |
| 243 | rp[1]=ap[1]; | 246 | rp[1]=ap[1]; |
| 244 | if (i++ >= max) break; | 247 | if (!dif--) break; |
| 245 | rp[2]=ap[2]; | 248 | rp[2]=ap[2]; |
| 246 | if (i++ >= max) break; | 249 | if (!dif--) break; |
| 247 | rp[3]=ap[3]; | 250 | rp[3]=ap[3]; |
| 248 | rp+=4; | 251 | rp+=4; |
| 249 | ap+=4; | 252 | ap+=4; |
| @@ -253,7 +256,7 @@ int BN_usub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b) | |||
| 253 | 256 | ||
| 254 | r->top=max; | 257 | r->top=max; |
| 255 | r->neg=0; | 258 | r->neg=0; |
| 256 | bn_fix_top(r); | 259 | bn_correct_top(r); |
| 257 | return(1); | 260 | return(1); |
| 258 | } | 261 | } |
| 259 | 262 | ||
| @@ -304,6 +307,7 @@ int BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b) | |||
| 304 | if (!BN_usub(r,a,b)) return(0); | 307 | if (!BN_usub(r,a,b)) return(0); |
| 305 | r->neg=0; | 308 | r->neg=0; |
| 306 | } | 309 | } |
| 310 | bn_check_top(r); | ||
| 307 | return(1); | 311 | return(1); |
| 308 | } | 312 | } |
| 309 | 313 | ||
diff --git a/src/lib/libssl/src/crypto/bn/bn_asm.c b/src/lib/libssl/src/crypto/bn/bn_asm.c index 19978085b2..99bc2de491 100644 --- a/src/lib/libssl/src/crypto/bn/bn_asm.c +++ b/src/lib/libssl/src/crypto/bn/bn_asm.c | |||
| @@ -459,6 +459,34 @@ BN_ULONG bn_sub_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b, int n) | |||
| 459 | #define sqr_add_c2(a,i,j,c0,c1,c2) \ | 459 | #define sqr_add_c2(a,i,j,c0,c1,c2) \ |
| 460 | mul_add_c2((a)[i],(a)[j],c0,c1,c2) | 460 | mul_add_c2((a)[i],(a)[j],c0,c1,c2) |
| 461 | 461 | ||
| 462 | #elif defined(BN_UMULT_LOHI) | ||
| 463 | |||
| 464 | #define mul_add_c(a,b,c0,c1,c2) { \ | ||
| 465 | BN_ULONG ta=(a),tb=(b); \ | ||
| 466 | BN_UMULT_LOHI(t1,t2,ta,tb); \ | ||
| 467 | c0 += t1; t2 += (c0<t1)?1:0; \ | ||
| 468 | c1 += t2; c2 += (c1<t2)?1:0; \ | ||
| 469 | } | ||
| 470 | |||
| 471 | #define mul_add_c2(a,b,c0,c1,c2) { \ | ||
| 472 | BN_ULONG ta=(a),tb=(b),t0; \ | ||
| 473 | BN_UMULT_LOHI(t0,t1,ta,tb); \ | ||
| 474 | t2 = t1+t1; c2 += (t2<t1)?1:0; \ | ||
| 475 | t1 = t0+t0; t2 += (t1<t0)?1:0; \ | ||
| 476 | c0 += t1; t2 += (c0<t1)?1:0; \ | ||
| 477 | c1 += t2; c2 += (c1<t2)?1:0; \ | ||
| 478 | } | ||
| 479 | |||
| 480 | #define sqr_add_c(a,i,c0,c1,c2) { \ | ||
| 481 | BN_ULONG ta=(a)[i]; \ | ||
| 482 | BN_UMULT_LOHI(t1,t2,ta,ta); \ | ||
| 483 | c0 += t1; t2 += (c0<t1)?1:0; \ | ||
| 484 | c1 += t2; c2 += (c1<t2)?1:0; \ | ||
| 485 | } | ||
| 486 | |||
| 487 | #define sqr_add_c2(a,i,j,c0,c1,c2) \ | ||
| 488 | mul_add_c2((a)[i],(a)[j],c0,c1,c2) | ||
| 489 | |||
| 462 | #elif defined(BN_UMULT_HIGH) | 490 | #elif defined(BN_UMULT_HIGH) |
| 463 | 491 | ||
| 464 | #define mul_add_c(a,b,c0,c1,c2) { \ | 492 | #define mul_add_c(a,b,c0,c1,c2) { \ |
diff --git a/src/lib/libssl/src/crypto/bn/bn_blind.c b/src/lib/libssl/src/crypto/bn/bn_blind.c index 2d287e6d1b..c11fb4ccc2 100644 --- a/src/lib/libssl/src/crypto/bn/bn_blind.c +++ b/src/lib/libssl/src/crypto/bn/bn_blind.c | |||
| @@ -1,4 +1,57 @@ | |||
| 1 | /* crypto/bn/bn_blind.c */ | 1 | /* crypto/bn/bn_blind.c */ |
| 2 | /* ==================================================================== | ||
| 3 | * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved. | ||
| 4 | * | ||
| 5 | * Redistribution and use in source and binary forms, with or without | ||
| 6 | * modification, are permitted provided that the following conditions | ||
| 7 | * are met: | ||
| 8 | * | ||
| 9 | * 1. Redistributions of source code must retain the above copyright | ||
| 10 | * notice, this list of conditions and the following disclaimer. | ||
| 11 | * | ||
| 12 | * 2. Redistributions in binary form must reproduce the above copyright | ||
| 13 | * notice, this list of conditions and the following disclaimer in | ||
| 14 | * the documentation and/or other materials provided with the | ||
| 15 | * distribution. | ||
| 16 | * | ||
| 17 | * 3. All advertising materials mentioning features or use of this | ||
| 18 | * software must display the following acknowledgment: | ||
| 19 | * "This product includes software developed by the OpenSSL Project | ||
| 20 | * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" | ||
| 21 | * | ||
| 22 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | ||
| 23 | * endorse or promote products derived from this software without | ||
| 24 | * prior written permission. For written permission, please contact | ||
| 25 | * openssl-core@openssl.org. | ||
| 26 | * | ||
| 27 | * 5. Products derived from this software may not be called "OpenSSL" | ||
| 28 | * nor may "OpenSSL" appear in their names without prior written | ||
| 29 | * permission of the OpenSSL Project. | ||
| 30 | * | ||
| 31 | * 6. Redistributions of any form whatsoever must retain the following | ||
| 32 | * acknowledgment: | ||
| 33 | * "This product includes software developed by the OpenSSL Project | ||
| 34 | * for use in the OpenSSL Toolkit (http://www.openssl.org/)" | ||
| 35 | * | ||
| 36 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | ||
| 37 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
| 38 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | ||
| 39 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | ||
| 40 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | ||
| 41 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
| 42 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | ||
| 43 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
| 44 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | ||
| 45 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | ||
| 46 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | ||
| 47 | * OF THE POSSIBILITY OF SUCH DAMAGE. | ||
| 48 | * ==================================================================== | ||
| 49 | * | ||
| 50 | * This product includes cryptographic software written by Eric Young | ||
| 51 | * (eay@cryptsoft.com). This product includes software written by Tim | ||
| 52 | * Hudson (tjh@cryptsoft.com). | ||
| 53 | * | ||
| 54 | */ | ||
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 55 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 56 | * All rights reserved. |
| 4 | * | 57 | * |
| @@ -60,11 +113,28 @@ | |||
| 60 | #include "cryptlib.h" | 113 | #include "cryptlib.h" |
| 61 | #include "bn_lcl.h" | 114 | #include "bn_lcl.h" |
| 62 | 115 | ||
| 63 | BN_BLINDING *BN_BLINDING_new(BIGNUM *A, BIGNUM *Ai, BIGNUM *mod) | 116 | #define BN_BLINDING_COUNTER 32 |
| 117 | |||
| 118 | struct bn_blinding_st | ||
| 119 | { | ||
| 120 | BIGNUM *A; | ||
| 121 | BIGNUM *Ai; | ||
| 122 | BIGNUM *e; | ||
| 123 | BIGNUM *mod; /* just a reference */ | ||
| 124 | unsigned long thread_id; /* added in OpenSSL 0.9.6j and 0.9.7b; | ||
| 125 | * used only by crypto/rsa/rsa_eay.c, rsa_lib.c */ | ||
| 126 | unsigned int counter; | ||
| 127 | unsigned long flags; | ||
| 128 | BN_MONT_CTX *m_ctx; | ||
| 129 | int (*bn_mod_exp)(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, | ||
| 130 | const BIGNUM *m, BN_CTX *ctx, | ||
| 131 | BN_MONT_CTX *m_ctx); | ||
| 132 | }; | ||
| 133 | |||
| 134 | BN_BLINDING *BN_BLINDING_new(const BIGNUM *A, const BIGNUM *Ai, /* const */ BIGNUM *mod) | ||
| 64 | { | 135 | { |
| 65 | BN_BLINDING *ret=NULL; | 136 | BN_BLINDING *ret=NULL; |
| 66 | 137 | ||
| 67 | bn_check_top(Ai); | ||
| 68 | bn_check_top(mod); | 138 | bn_check_top(mod); |
| 69 | 139 | ||
| 70 | if ((ret=(BN_BLINDING *)OPENSSL_malloc(sizeof(BN_BLINDING))) == NULL) | 140 | if ((ret=(BN_BLINDING *)OPENSSL_malloc(sizeof(BN_BLINDING))) == NULL) |
| @@ -73,11 +143,21 @@ BN_BLINDING *BN_BLINDING_new(BIGNUM *A, BIGNUM *Ai, BIGNUM *mod) | |||
| 73 | return(NULL); | 143 | return(NULL); |
| 74 | } | 144 | } |
| 75 | memset(ret,0,sizeof(BN_BLINDING)); | 145 | memset(ret,0,sizeof(BN_BLINDING)); |
| 76 | if ((ret->A=BN_new()) == NULL) goto err; | 146 | if (A != NULL) |
| 77 | if ((ret->Ai=BN_new()) == NULL) goto err; | 147 | { |
| 78 | if (!BN_copy(ret->A,A)) goto err; | 148 | if ((ret->A = BN_dup(A)) == NULL) goto err; |
| 79 | if (!BN_copy(ret->Ai,Ai)) goto err; | 149 | } |
| 80 | ret->mod=mod; | 150 | if (Ai != NULL) |
| 151 | { | ||
| 152 | if ((ret->Ai = BN_dup(Ai)) == NULL) goto err; | ||
| 153 | } | ||
| 154 | |||
| 155 | /* save a copy of mod in the BN_BLINDING structure */ | ||
| 156 | if ((ret->mod = BN_dup(mod)) == NULL) goto err; | ||
| 157 | if (BN_get_flags(mod, BN_FLG_CONSTTIME) != 0) | ||
| 158 | BN_set_flags(ret->mod, BN_FLG_CONSTTIME); | ||
| 159 | |||
| 160 | ret->counter = BN_BLINDING_COUNTER; | ||
| 81 | return(ret); | 161 | return(ret); |
| 82 | err: | 162 | err: |
| 83 | if (ret != NULL) BN_BLINDING_free(ret); | 163 | if (ret != NULL) BN_BLINDING_free(ret); |
| @@ -91,6 +171,8 @@ void BN_BLINDING_free(BN_BLINDING *r) | |||
| 91 | 171 | ||
| 92 | if (r->A != NULL) BN_free(r->A ); | 172 | if (r->A != NULL) BN_free(r->A ); |
| 93 | if (r->Ai != NULL) BN_free(r->Ai); | 173 | if (r->Ai != NULL) BN_free(r->Ai); |
| 174 | if (r->e != NULL) BN_free(r->e ); | ||
| 175 | if (r->mod != NULL) BN_free(r->mod); | ||
| 94 | OPENSSL_free(r); | 176 | OPENSSL_free(r); |
| 95 | } | 177 | } |
| 96 | 178 | ||
| @@ -103,42 +185,181 @@ int BN_BLINDING_update(BN_BLINDING *b, BN_CTX *ctx) | |||
| 103 | BNerr(BN_F_BN_BLINDING_UPDATE,BN_R_NOT_INITIALIZED); | 185 | BNerr(BN_F_BN_BLINDING_UPDATE,BN_R_NOT_INITIALIZED); |
| 104 | goto err; | 186 | goto err; |
| 105 | } | 187 | } |
| 106 | 188 | ||
| 107 | if (!BN_mod_mul(b->A,b->A,b->A,b->mod,ctx)) goto err; | 189 | if (--(b->counter) == 0 && b->e != NULL && |
| 108 | if (!BN_mod_mul(b->Ai,b->Ai,b->Ai,b->mod,ctx)) goto err; | 190 | !(b->flags & BN_BLINDING_NO_RECREATE)) |
| 191 | { | ||
| 192 | /* re-create blinding parameters */ | ||
| 193 | if (!BN_BLINDING_create_param(b, NULL, NULL, ctx, NULL, NULL)) | ||
| 194 | goto err; | ||
| 195 | } | ||
| 196 | else if (!(b->flags & BN_BLINDING_NO_UPDATE)) | ||
| 197 | { | ||
| 198 | if (!BN_mod_mul(b->A,b->A,b->A,b->mod,ctx)) goto err; | ||
| 199 | if (!BN_mod_mul(b->Ai,b->Ai,b->Ai,b->mod,ctx)) goto err; | ||
| 200 | } | ||
| 109 | 201 | ||
| 110 | ret=1; | 202 | ret=1; |
| 111 | err: | 203 | err: |
| 204 | if (b->counter == 0) | ||
| 205 | b->counter = BN_BLINDING_COUNTER; | ||
| 112 | return(ret); | 206 | return(ret); |
| 113 | } | 207 | } |
| 114 | 208 | ||
| 115 | int BN_BLINDING_convert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx) | 209 | int BN_BLINDING_convert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx) |
| 116 | { | 210 | { |
| 211 | return BN_BLINDING_convert_ex(n, NULL, b, ctx); | ||
| 212 | } | ||
| 213 | |||
| 214 | int BN_BLINDING_convert_ex(BIGNUM *n, BIGNUM *r, BN_BLINDING *b, BN_CTX *ctx) | ||
| 215 | { | ||
| 216 | int ret = 1; | ||
| 217 | |||
| 117 | bn_check_top(n); | 218 | bn_check_top(n); |
| 118 | 219 | ||
| 119 | if ((b->A == NULL) || (b->Ai == NULL)) | 220 | if ((b->A == NULL) || (b->Ai == NULL)) |
| 120 | { | 221 | { |
| 121 | BNerr(BN_F_BN_BLINDING_CONVERT,BN_R_NOT_INITIALIZED); | 222 | BNerr(BN_F_BN_BLINDING_CONVERT_EX,BN_R_NOT_INITIALIZED); |
| 122 | return(0); | 223 | return(0); |
| 123 | } | 224 | } |
| 124 | return(BN_mod_mul(n,n,b->A,b->mod,ctx)); | 225 | |
| 226 | if (r != NULL) | ||
| 227 | { | ||
| 228 | if (!BN_copy(r, b->Ai)) ret=0; | ||
| 229 | } | ||
| 230 | |||
| 231 | if (!BN_mod_mul(n,n,b->A,b->mod,ctx)) ret=0; | ||
| 232 | |||
| 233 | return ret; | ||
| 125 | } | 234 | } |
| 126 | 235 | ||
| 127 | int BN_BLINDING_invert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx) | 236 | int BN_BLINDING_invert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx) |
| 128 | { | 237 | { |
| 238 | return BN_BLINDING_invert_ex(n, NULL, b, ctx); | ||
| 239 | } | ||
| 240 | |||
| 241 | int BN_BLINDING_invert_ex(BIGNUM *n, const BIGNUM *r, BN_BLINDING *b, BN_CTX *ctx) | ||
| 242 | { | ||
| 129 | int ret; | 243 | int ret; |
| 130 | 244 | ||
| 131 | bn_check_top(n); | 245 | bn_check_top(n); |
| 132 | if ((b->A == NULL) || (b->Ai == NULL)) | 246 | if ((b->A == NULL) || (b->Ai == NULL)) |
| 133 | { | 247 | { |
| 134 | BNerr(BN_F_BN_BLINDING_INVERT,BN_R_NOT_INITIALIZED); | 248 | BNerr(BN_F_BN_BLINDING_INVERT_EX,BN_R_NOT_INITIALIZED); |
| 135 | return(0); | 249 | return(0); |
| 136 | } | 250 | } |
| 137 | if ((ret=BN_mod_mul(n,n,b->Ai,b->mod,ctx)) >= 0) | 251 | |
| 252 | if (r != NULL) | ||
| 253 | ret = BN_mod_mul(n, n, r, b->mod, ctx); | ||
| 254 | else | ||
| 255 | ret = BN_mod_mul(n, n, b->Ai, b->mod, ctx); | ||
| 256 | |||
| 257 | if (ret >= 0) | ||
| 138 | { | 258 | { |
| 139 | if (!BN_BLINDING_update(b,ctx)) | 259 | if (!BN_BLINDING_update(b,ctx)) |
| 140 | return(0); | 260 | return(0); |
| 141 | } | 261 | } |
| 262 | bn_check_top(n); | ||
| 142 | return(ret); | 263 | return(ret); |
| 143 | } | 264 | } |
| 144 | 265 | ||
| 266 | unsigned long BN_BLINDING_get_thread_id(const BN_BLINDING *b) | ||
| 267 | { | ||
| 268 | return b->thread_id; | ||
| 269 | } | ||
| 270 | |||
| 271 | void BN_BLINDING_set_thread_id(BN_BLINDING *b, unsigned long n) | ||
| 272 | { | ||
| 273 | b->thread_id = n; | ||
| 274 | } | ||
| 275 | |||
| 276 | unsigned long BN_BLINDING_get_flags(const BN_BLINDING *b) | ||
| 277 | { | ||
| 278 | return b->flags; | ||
| 279 | } | ||
| 280 | |||
| 281 | void BN_BLINDING_set_flags(BN_BLINDING *b, unsigned long flags) | ||
| 282 | { | ||
| 283 | b->flags = flags; | ||
| 284 | } | ||
| 285 | |||
| 286 | BN_BLINDING *BN_BLINDING_create_param(BN_BLINDING *b, | ||
| 287 | const BIGNUM *e, /* const */ BIGNUM *m, BN_CTX *ctx, | ||
| 288 | int (*bn_mod_exp)(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, | ||
| 289 | const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx), | ||
| 290 | BN_MONT_CTX *m_ctx) | ||
| 291 | { | ||
| 292 | int retry_counter = 32; | ||
| 293 | BN_BLINDING *ret = NULL; | ||
| 294 | |||
| 295 | if (b == NULL) | ||
| 296 | ret = BN_BLINDING_new(NULL, NULL, m); | ||
| 297 | else | ||
| 298 | ret = b; | ||
| 299 | |||
| 300 | if (ret == NULL) | ||
| 301 | goto err; | ||
| 302 | |||
| 303 | if (ret->A == NULL && (ret->A = BN_new()) == NULL) | ||
| 304 | goto err; | ||
| 305 | if (ret->Ai == NULL && (ret->Ai = BN_new()) == NULL) | ||
| 306 | goto err; | ||
| 307 | |||
| 308 | if (e != NULL) | ||
| 309 | { | ||
| 310 | if (ret->e != NULL) | ||
| 311 | BN_free(ret->e); | ||
| 312 | ret->e = BN_dup(e); | ||
| 313 | } | ||
| 314 | if (ret->e == NULL) | ||
| 315 | goto err; | ||
| 316 | |||
| 317 | if (bn_mod_exp != NULL) | ||
| 318 | ret->bn_mod_exp = bn_mod_exp; | ||
| 319 | if (m_ctx != NULL) | ||
| 320 | ret->m_ctx = m_ctx; | ||
| 321 | |||
| 322 | do { | ||
| 323 | if (!BN_rand_range(ret->A, ret->mod)) goto err; | ||
| 324 | if (BN_mod_inverse(ret->Ai, ret->A, ret->mod, ctx) == NULL) | ||
| 325 | { | ||
| 326 | /* this should almost never happen for good RSA keys */ | ||
| 327 | unsigned long error = ERR_peek_last_error(); | ||
| 328 | if (ERR_GET_REASON(error) == BN_R_NO_INVERSE) | ||
| 329 | { | ||
| 330 | if (retry_counter-- == 0) | ||
| 331 | { | ||
| 332 | BNerr(BN_F_BN_BLINDING_CREATE_PARAM, | ||
| 333 | BN_R_TOO_MANY_ITERATIONS); | ||
| 334 | goto err; | ||
| 335 | } | ||
| 336 | ERR_clear_error(); | ||
| 337 | } | ||
| 338 | else | ||
| 339 | goto err; | ||
| 340 | } | ||
| 341 | else | ||
| 342 | break; | ||
| 343 | } while (1); | ||
| 344 | |||
| 345 | if (ret->bn_mod_exp != NULL && ret->m_ctx != NULL) | ||
| 346 | { | ||
| 347 | if (!ret->bn_mod_exp(ret->A, ret->A, ret->e, ret->mod, ctx, ret->m_ctx)) | ||
| 348 | goto err; | ||
| 349 | } | ||
| 350 | else | ||
| 351 | { | ||
| 352 | if (!BN_mod_exp(ret->A, ret->A, ret->e, ret->mod, ctx)) | ||
| 353 | goto err; | ||
| 354 | } | ||
| 355 | |||
| 356 | return ret; | ||
| 357 | err: | ||
| 358 | if (b == NULL && ret != NULL) | ||
| 359 | { | ||
| 360 | BN_BLINDING_free(ret); | ||
| 361 | ret = NULL; | ||
| 362 | } | ||
| 363 | |||
| 364 | return ret; | ||
| 365 | } | ||
diff --git a/src/lib/libssl/src/crypto/bn/bn_ctx.c b/src/lib/libssl/src/crypto/bn/bn_ctx.c index 7daf19eb84..b3452f1a91 100644 --- a/src/lib/libssl/src/crypto/bn/bn_ctx.c +++ b/src/lib/libssl/src/crypto/bn/bn_ctx.c | |||
| @@ -1,7 +1,7 @@ | |||
| 1 | /* crypto/bn/bn_ctx.c */ | 1 | /* crypto/bn/bn_ctx.c */ |
| 2 | /* Written by Ulf Moeller for the OpenSSL project. */ | 2 | /* Written by Ulf Moeller for the OpenSSL project. */ |
| 3 | /* ==================================================================== | 3 | /* ==================================================================== |
| 4 | * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved. | 4 | * Copyright (c) 1998-2004 The OpenSSL Project. All rights reserved. |
| 5 | * | 5 | * |
| 6 | * Redistribution and use in source and binary forms, with or without | 6 | * Redistribution and use in source and binary forms, with or without |
| 7 | * modification, are permitted provided that the following conditions | 7 | * modification, are permitted provided that the following conditions |
| @@ -54,9 +54,10 @@ | |||
| 54 | * | 54 | * |
| 55 | */ | 55 | */ |
| 56 | 56 | ||
| 57 | #ifndef BN_CTX_DEBUG | 57 | #if !defined(BN_CTX_DEBUG) && !defined(BN_DEBUG) |
| 58 | # undef NDEBUG /* avoid conflicting definitions */ | 58 | #ifndef NDEBUG |
| 59 | # define NDEBUG | 59 | #define NDEBUG |
| 60 | #endif | ||
| 60 | #endif | 61 | #endif |
| 61 | 62 | ||
| 62 | #include <stdio.h> | 63 | #include <stdio.h> |
| @@ -65,91 +66,389 @@ | |||
| 65 | #include "cryptlib.h" | 66 | #include "cryptlib.h" |
| 66 | #include "bn_lcl.h" | 67 | #include "bn_lcl.h" |
| 67 | 68 | ||
| 69 | /* TODO list | ||
| 70 | * | ||
| 71 | * 1. Check a bunch of "(words+1)" type hacks in various bignum functions and | ||
| 72 | * check they can be safely removed. | ||
| 73 | * - Check +1 and other ugliness in BN_from_montgomery() | ||
| 74 | * | ||
| 75 | * 2. Consider allowing a BN_new_ex() that, at least, lets you specify an | ||
| 76 | * appropriate 'block' size that will be honoured by bn_expand_internal() to | ||
| 77 | * prevent piddly little reallocations. OTOH, profiling bignum expansions in | ||
| 78 | * BN_CTX doesn't show this to be a big issue. | ||
| 79 | */ | ||
| 80 | |||
| 81 | /* How many bignums are in each "pool item"; */ | ||
| 82 | #define BN_CTX_POOL_SIZE 16 | ||
| 83 | /* The stack frame info is resizing, set a first-time expansion size; */ | ||
| 84 | #define BN_CTX_START_FRAMES 32 | ||
| 68 | 85 | ||
| 69 | BN_CTX *BN_CTX_new(void) | 86 | /***********/ |
| 87 | /* BN_POOL */ | ||
| 88 | /***********/ | ||
| 89 | |||
| 90 | /* A bundle of bignums that can be linked with other bundles */ | ||
| 91 | typedef struct bignum_pool_item | ||
| 92 | { | ||
| 93 | /* The bignum values */ | ||
| 94 | BIGNUM vals[BN_CTX_POOL_SIZE]; | ||
| 95 | /* Linked-list admin */ | ||
| 96 | struct bignum_pool_item *prev, *next; | ||
| 97 | } BN_POOL_ITEM; | ||
| 98 | /* A linked-list of bignums grouped in bundles */ | ||
| 99 | typedef struct bignum_pool | ||
| 100 | { | ||
| 101 | /* Linked-list admin */ | ||
| 102 | BN_POOL_ITEM *head, *current, *tail; | ||
| 103 | /* Stack depth and allocation size */ | ||
| 104 | unsigned used, size; | ||
| 105 | } BN_POOL; | ||
| 106 | static void BN_POOL_init(BN_POOL *); | ||
| 107 | static void BN_POOL_finish(BN_POOL *); | ||
| 108 | #ifndef OPENSSL_NO_DEPRECATED | ||
| 109 | static void BN_POOL_reset(BN_POOL *); | ||
| 110 | #endif | ||
| 111 | static BIGNUM * BN_POOL_get(BN_POOL *); | ||
| 112 | static void BN_POOL_release(BN_POOL *, unsigned int); | ||
| 113 | |||
| 114 | /************/ | ||
| 115 | /* BN_STACK */ | ||
| 116 | /************/ | ||
| 117 | |||
| 118 | /* A wrapper to manage the "stack frames" */ | ||
| 119 | typedef struct bignum_ctx_stack | ||
| 70 | { | 120 | { |
| 71 | BN_CTX *ret; | 121 | /* Array of indexes into the bignum stack */ |
| 122 | unsigned int *indexes; | ||
| 123 | /* Number of stack frames, and the size of the allocated array */ | ||
| 124 | unsigned int depth, size; | ||
| 125 | } BN_STACK; | ||
| 126 | static void BN_STACK_init(BN_STACK *); | ||
| 127 | static void BN_STACK_finish(BN_STACK *); | ||
| 128 | #ifndef OPENSSL_NO_DEPRECATED | ||
| 129 | static void BN_STACK_reset(BN_STACK *); | ||
| 130 | #endif | ||
| 131 | static int BN_STACK_push(BN_STACK *, unsigned int); | ||
| 132 | static unsigned int BN_STACK_pop(BN_STACK *); | ||
| 133 | |||
| 134 | /**********/ | ||
| 135 | /* BN_CTX */ | ||
| 136 | /**********/ | ||
| 137 | |||
| 138 | /* The opaque BN_CTX type */ | ||
| 139 | struct bignum_ctx | ||
| 140 | { | ||
| 141 | /* The bignum bundles */ | ||
| 142 | BN_POOL pool; | ||
| 143 | /* The "stack frames", if you will */ | ||
| 144 | BN_STACK stack; | ||
| 145 | /* The number of bignums currently assigned */ | ||
| 146 | unsigned int used; | ||
| 147 | /* Depth of stack overflow */ | ||
| 148 | int err_stack; | ||
| 149 | /* Block "gets" until an "end" (compatibility behaviour) */ | ||
| 150 | int too_many; | ||
| 151 | }; | ||
| 72 | 152 | ||
| 73 | ret=(BN_CTX *)OPENSSL_malloc(sizeof(BN_CTX)); | 153 | /* Enable this to find BN_CTX bugs */ |
| 74 | if (ret == NULL) | 154 | #ifdef BN_CTX_DEBUG |
| 155 | static const char *ctxdbg_cur = NULL; | ||
| 156 | static void ctxdbg(BN_CTX *ctx) | ||
| 157 | { | ||
| 158 | unsigned int bnidx = 0, fpidx = 0; | ||
| 159 | BN_POOL_ITEM *item = ctx->pool.head; | ||
| 160 | BN_STACK *stack = &ctx->stack; | ||
| 161 | fprintf(stderr,"(%08x): ", (unsigned int)ctx); | ||
| 162 | while(bnidx < ctx->used) | ||
| 75 | { | 163 | { |
| 76 | BNerr(BN_F_BN_CTX_NEW,ERR_R_MALLOC_FAILURE); | 164 | fprintf(stderr,"%02x ", item->vals[bnidx++ % BN_CTX_POOL_SIZE].dmax); |
| 77 | return(NULL); | 165 | if(!(bnidx % BN_CTX_POOL_SIZE)) |
| 166 | item = item->next; | ||
| 78 | } | 167 | } |
| 79 | 168 | fprintf(stderr,"\n"); | |
| 80 | BN_CTX_init(ret); | 169 | bnidx = 0; |
| 81 | ret->flags=BN_FLG_MALLOCED; | 170 | fprintf(stderr," : "); |
| 82 | return(ret); | 171 | while(fpidx < stack->depth) |
| 172 | { | ||
| 173 | while(bnidx++ < stack->indexes[fpidx]) | ||
| 174 | fprintf(stderr," "); | ||
| 175 | fprintf(stderr,"^^ "); | ||
| 176 | bnidx++; | ||
| 177 | fpidx++; | ||
| 178 | } | ||
| 179 | fprintf(stderr,"\n"); | ||
| 83 | } | 180 | } |
| 181 | #define CTXDBG_ENTRY(str, ctx) do { \ | ||
| 182 | ctxdbg_cur = (str); \ | ||
| 183 | fprintf(stderr,"Starting %s\n", ctxdbg_cur); \ | ||
| 184 | ctxdbg(ctx); \ | ||
| 185 | } while(0) | ||
| 186 | #define CTXDBG_EXIT(ctx) do { \ | ||
| 187 | fprintf(stderr,"Ending %s\n", ctxdbg_cur); \ | ||
| 188 | ctxdbg(ctx); \ | ||
| 189 | } while(0) | ||
| 190 | #define CTXDBG_RET(ctx,ret) | ||
| 191 | #else | ||
| 192 | #define CTXDBG_ENTRY(str, ctx) | ||
| 193 | #define CTXDBG_EXIT(ctx) | ||
| 194 | #define CTXDBG_RET(ctx,ret) | ||
| 195 | #endif | ||
| 84 | 196 | ||
| 197 | /* This function is an evil legacy and should not be used. This implementation | ||
| 198 | * is WYSIWYG, though I've done my best. */ | ||
| 199 | #ifndef OPENSSL_NO_DEPRECATED | ||
| 85 | void BN_CTX_init(BN_CTX *ctx) | 200 | void BN_CTX_init(BN_CTX *ctx) |
| 86 | { | 201 | { |
| 87 | #if 0 /* explicit version */ | 202 | /* Assume the caller obtained the context via BN_CTX_new() and so is |
| 88 | int i; | 203 | * trying to reset it for use. Nothing else makes sense, least of all |
| 89 | ctx->tos = 0; | 204 | * binary compatibility from a time when they could declare a static |
| 90 | ctx->flags = 0; | 205 | * variable. */ |
| 91 | ctx->depth = 0; | 206 | BN_POOL_reset(&ctx->pool); |
| 207 | BN_STACK_reset(&ctx->stack); | ||
| 208 | ctx->used = 0; | ||
| 209 | ctx->err_stack = 0; | ||
| 92 | ctx->too_many = 0; | 210 | ctx->too_many = 0; |
| 93 | for (i = 0; i < BN_CTX_NUM; i++) | 211 | } |
| 94 | BN_init(&(ctx->bn[i])); | ||
| 95 | #else | ||
| 96 | memset(ctx, 0, sizeof *ctx); | ||
| 97 | #endif | 212 | #endif |
| 213 | |||
| 214 | BN_CTX *BN_CTX_new(void) | ||
| 215 | { | ||
| 216 | BN_CTX *ret = OPENSSL_malloc(sizeof(BN_CTX)); | ||
| 217 | if(!ret) | ||
| 218 | { | ||
| 219 | BNerr(BN_F_BN_CTX_NEW,ERR_R_MALLOC_FAILURE); | ||
| 220 | return NULL; | ||
| 221 | } | ||
| 222 | /* Initialise the structure */ | ||
| 223 | BN_POOL_init(&ret->pool); | ||
| 224 | BN_STACK_init(&ret->stack); | ||
| 225 | ret->used = 0; | ||
| 226 | ret->err_stack = 0; | ||
| 227 | ret->too_many = 0; | ||
| 228 | return ret; | ||
| 98 | } | 229 | } |
| 99 | 230 | ||
| 100 | void BN_CTX_free(BN_CTX *ctx) | 231 | void BN_CTX_free(BN_CTX *ctx) |
| 101 | { | 232 | { |
| 102 | int i; | 233 | if (ctx == NULL) |
| 103 | 234 | return; | |
| 104 | if (ctx == NULL) return; | 235 | #ifdef BN_CTX_DEBUG |
| 105 | assert(ctx->depth == 0); | 236 | { |
| 106 | 237 | BN_POOL_ITEM *pool = ctx->pool.head; | |
| 107 | for (i=0; i < BN_CTX_NUM; i++) | 238 | fprintf(stderr,"BN_CTX_free, stack-size=%d, pool-bignums=%d\n", |
| 108 | BN_clear_free(&(ctx->bn[i])); | 239 | ctx->stack.size, ctx->pool.size); |
| 109 | if (ctx->flags & BN_FLG_MALLOCED) | 240 | fprintf(stderr,"dmaxs: "); |
| 110 | OPENSSL_free(ctx); | 241 | while(pool) { |
| 242 | unsigned loop = 0; | ||
| 243 | while(loop < BN_CTX_POOL_SIZE) | ||
| 244 | fprintf(stderr,"%02x ", pool->vals[loop++].dmax); | ||
| 245 | pool = pool->next; | ||
| 246 | } | ||
| 247 | fprintf(stderr,"\n"); | ||
| 248 | } | ||
| 249 | #endif | ||
| 250 | BN_STACK_finish(&ctx->stack); | ||
| 251 | BN_POOL_finish(&ctx->pool); | ||
| 252 | OPENSSL_free(ctx); | ||
| 111 | } | 253 | } |
| 112 | 254 | ||
| 113 | void BN_CTX_start(BN_CTX *ctx) | 255 | void BN_CTX_start(BN_CTX *ctx) |
| 114 | { | 256 | { |
| 115 | if (ctx->depth < BN_CTX_NUM_POS) | 257 | CTXDBG_ENTRY("BN_CTX_start", ctx); |
| 116 | ctx->pos[ctx->depth] = ctx->tos; | 258 | /* If we're already overflowing ... */ |
| 117 | ctx->depth++; | 259 | if(ctx->err_stack || ctx->too_many) |
| 260 | ctx->err_stack++; | ||
| 261 | /* (Try to) get a new frame pointer */ | ||
| 262 | else if(!BN_STACK_push(&ctx->stack, ctx->used)) | ||
| 263 | { | ||
| 264 | BNerr(BN_F_BN_CTX_START,BN_R_TOO_MANY_TEMPORARY_VARIABLES); | ||
| 265 | ctx->err_stack++; | ||
| 266 | } | ||
| 267 | CTXDBG_EXIT(ctx); | ||
| 118 | } | 268 | } |
| 119 | 269 | ||
| 270 | void BN_CTX_end(BN_CTX *ctx) | ||
| 271 | { | ||
| 272 | CTXDBG_ENTRY("BN_CTX_end", ctx); | ||
| 273 | if(ctx->err_stack) | ||
| 274 | ctx->err_stack--; | ||
| 275 | else | ||
| 276 | { | ||
| 277 | unsigned int fp = BN_STACK_pop(&ctx->stack); | ||
| 278 | /* Does this stack frame have anything to release? */ | ||
| 279 | if(fp < ctx->used) | ||
| 280 | BN_POOL_release(&ctx->pool, ctx->used - fp); | ||
| 281 | ctx->used = fp; | ||
| 282 | /* Unjam "too_many" in case "get" had failed */ | ||
| 283 | ctx->too_many = 0; | ||
| 284 | } | ||
| 285 | CTXDBG_EXIT(ctx); | ||
| 286 | } | ||
| 120 | 287 | ||
| 121 | BIGNUM *BN_CTX_get(BN_CTX *ctx) | 288 | BIGNUM *BN_CTX_get(BN_CTX *ctx) |
| 122 | { | 289 | { |
| 123 | /* Note: If BN_CTX_get is ever changed to allocate BIGNUMs dynamically, | 290 | BIGNUM *ret; |
| 124 | * make sure that if BN_CTX_get fails once it will return NULL again | 291 | CTXDBG_ENTRY("BN_CTX_get", ctx); |
| 125 | * until BN_CTX_end is called. (This is so that callers have to check | 292 | if(ctx->err_stack || ctx->too_many) return NULL; |
| 126 | * only the last return value.) | 293 | if((ret = BN_POOL_get(&ctx->pool)) == NULL) |
| 127 | */ | 294 | { |
| 128 | if (ctx->depth > BN_CTX_NUM_POS || ctx->tos >= BN_CTX_NUM) | 295 | /* Setting too_many prevents repeated "get" attempts from |
| 296 | * cluttering the error stack. */ | ||
| 297 | ctx->too_many = 1; | ||
| 298 | BNerr(BN_F_BN_CTX_GET,BN_R_TOO_MANY_TEMPORARY_VARIABLES); | ||
| 299 | return NULL; | ||
| 300 | } | ||
| 301 | /* OK, make sure the returned bignum is "zero" */ | ||
| 302 | BN_zero(ret); | ||
| 303 | ctx->used++; | ||
| 304 | CTXDBG_RET(ctx, ret); | ||
| 305 | return ret; | ||
| 306 | } | ||
| 307 | |||
| 308 | /************/ | ||
| 309 | /* BN_STACK */ | ||
| 310 | /************/ | ||
| 311 | |||
| 312 | static void BN_STACK_init(BN_STACK *st) | ||
| 313 | { | ||
| 314 | st->indexes = NULL; | ||
| 315 | st->depth = st->size = 0; | ||
| 316 | } | ||
| 317 | |||
| 318 | static void BN_STACK_finish(BN_STACK *st) | ||
| 319 | { | ||
| 320 | if(st->size) OPENSSL_free(st->indexes); | ||
| 321 | } | ||
| 322 | |||
| 323 | #ifndef OPENSSL_NO_DEPRECATED | ||
| 324 | static void BN_STACK_reset(BN_STACK *st) | ||
| 325 | { | ||
| 326 | st->depth = 0; | ||
| 327 | } | ||
| 328 | #endif | ||
| 329 | |||
| 330 | static int BN_STACK_push(BN_STACK *st, unsigned int idx) | ||
| 331 | { | ||
| 332 | if(st->depth == st->size) | ||
| 333 | /* Need to expand */ | ||
| 334 | { | ||
| 335 | unsigned int newsize = (st->size ? | ||
| 336 | (st->size * 3 / 2) : BN_CTX_START_FRAMES); | ||
| 337 | unsigned int *newitems = OPENSSL_malloc(newsize * | ||
| 338 | sizeof(unsigned int)); | ||
| 339 | if(!newitems) return 0; | ||
| 340 | if(st->depth) | ||
| 341 | memcpy(newitems, st->indexes, st->depth * | ||
| 342 | sizeof(unsigned int)); | ||
| 343 | if(st->size) OPENSSL_free(st->indexes); | ||
| 344 | st->indexes = newitems; | ||
| 345 | st->size = newsize; | ||
| 346 | } | ||
| 347 | st->indexes[(st->depth)++] = idx; | ||
| 348 | return 1; | ||
| 349 | } | ||
| 350 | |||
| 351 | static unsigned int BN_STACK_pop(BN_STACK *st) | ||
| 352 | { | ||
| 353 | return st->indexes[--(st->depth)]; | ||
| 354 | } | ||
| 355 | |||
| 356 | /***********/ | ||
| 357 | /* BN_POOL */ | ||
| 358 | /***********/ | ||
| 359 | |||
| 360 | static void BN_POOL_init(BN_POOL *p) | ||
| 361 | { | ||
| 362 | p->head = p->current = p->tail = NULL; | ||
| 363 | p->used = p->size = 0; | ||
| 364 | } | ||
| 365 | |||
| 366 | static void BN_POOL_finish(BN_POOL *p) | ||
| 367 | { | ||
| 368 | while(p->head) | ||
| 129 | { | 369 | { |
| 130 | if (!ctx->too_many) | 370 | unsigned int loop = 0; |
| 371 | BIGNUM *bn = p->head->vals; | ||
| 372 | while(loop++ < BN_CTX_POOL_SIZE) | ||
| 131 | { | 373 | { |
| 132 | BNerr(BN_F_BN_CTX_GET,BN_R_TOO_MANY_TEMPORARY_VARIABLES); | 374 | if(bn->d) BN_clear_free(bn); |
| 133 | /* disable error code until BN_CTX_end is called: */ | 375 | bn++; |
| 134 | ctx->too_many = 1; | ||
| 135 | } | 376 | } |
| 136 | return NULL; | 377 | p->current = p->head->next; |
| 378 | OPENSSL_free(p->head); | ||
| 379 | p->head = p->current; | ||
| 137 | } | 380 | } |
| 138 | return (&(ctx->bn[ctx->tos++])); | ||
| 139 | } | 381 | } |
| 140 | 382 | ||
| 141 | void BN_CTX_end(BN_CTX *ctx) | 383 | #ifndef OPENSSL_NO_DEPRECATED |
| 384 | static void BN_POOL_reset(BN_POOL *p) | ||
| 142 | { | 385 | { |
| 143 | if (ctx == NULL) return; | 386 | BN_POOL_ITEM *item = p->head; |
| 144 | assert(ctx->depth > 0); | 387 | while(item) |
| 145 | if (ctx->depth == 0) | 388 | { |
| 146 | /* should never happen, but we can tolerate it if not in | 389 | unsigned int loop = 0; |
| 147 | * debug mode (could be a 'goto err' in the calling function | 390 | BIGNUM *bn = item->vals; |
| 148 | * before BN_CTX_start was reached) */ | 391 | while(loop++ < BN_CTX_POOL_SIZE) |
| 149 | BN_CTX_start(ctx); | 392 | { |
| 393 | if(bn->d) BN_clear(bn); | ||
| 394 | bn++; | ||
| 395 | } | ||
| 396 | item = item->next; | ||
| 397 | } | ||
| 398 | p->current = p->head; | ||
| 399 | p->used = 0; | ||
| 400 | } | ||
| 401 | #endif | ||
| 150 | 402 | ||
| 151 | ctx->too_many = 0; | 403 | static BIGNUM *BN_POOL_get(BN_POOL *p) |
| 152 | ctx->depth--; | 404 | { |
| 153 | if (ctx->depth < BN_CTX_NUM_POS) | 405 | if(p->used == p->size) |
| 154 | ctx->tos = ctx->pos[ctx->depth]; | 406 | { |
| 407 | BIGNUM *bn; | ||
| 408 | unsigned int loop = 0; | ||
| 409 | BN_POOL_ITEM *item = OPENSSL_malloc(sizeof(BN_POOL_ITEM)); | ||
| 410 | if(!item) return NULL; | ||
| 411 | /* Initialise the structure */ | ||
| 412 | bn = item->vals; | ||
| 413 | while(loop++ < BN_CTX_POOL_SIZE) | ||
| 414 | BN_init(bn++); | ||
| 415 | item->prev = p->tail; | ||
| 416 | item->next = NULL; | ||
| 417 | /* Link it in */ | ||
| 418 | if(!p->head) | ||
| 419 | p->head = p->current = p->tail = item; | ||
| 420 | else | ||
| 421 | { | ||
| 422 | p->tail->next = item; | ||
| 423 | p->tail = item; | ||
| 424 | p->current = item; | ||
| 425 | } | ||
| 426 | p->size += BN_CTX_POOL_SIZE; | ||
| 427 | p->used++; | ||
| 428 | /* Return the first bignum from the new pool */ | ||
| 429 | return item->vals; | ||
| 430 | } | ||
| 431 | if(!p->used) | ||
| 432 | p->current = p->head; | ||
| 433 | else if((p->used % BN_CTX_POOL_SIZE) == 0) | ||
| 434 | p->current = p->current->next; | ||
| 435 | return p->current->vals + ((p->used++) % BN_CTX_POOL_SIZE); | ||
| 436 | } | ||
| 437 | |||
| 438 | static void BN_POOL_release(BN_POOL *p, unsigned int num) | ||
| 439 | { | ||
| 440 | unsigned int offset = (p->used - 1) % BN_CTX_POOL_SIZE; | ||
| 441 | p->used -= num; | ||
| 442 | while(num--) | ||
| 443 | { | ||
| 444 | bn_check_top(p->current->vals + offset); | ||
| 445 | if(!offset) | ||
| 446 | { | ||
| 447 | offset = BN_CTX_POOL_SIZE - 1; | ||
| 448 | p->current = p->current->prev; | ||
| 449 | } | ||
| 450 | else | ||
| 451 | offset--; | ||
| 452 | } | ||
| 155 | } | 453 | } |
| 454 | |||
diff --git a/src/lib/libssl/src/crypto/bn/bn_div.c b/src/lib/libssl/src/crypto/bn/bn_div.c index 580d1201bc..8655eb118e 100644 --- a/src/lib/libssl/src/crypto/bn/bn_div.c +++ b/src/lib/libssl/src/crypto/bn/bn_div.c | |||
| @@ -169,22 +169,31 @@ int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, const BIGNUM *d, | |||
| 169 | #endif /* OPENSSL_NO_ASM */ | 169 | #endif /* OPENSSL_NO_ASM */ |
| 170 | 170 | ||
| 171 | 171 | ||
| 172 | /* BN_div computes dv := num / divisor, rounding towards zero, and sets up | 172 | /* BN_div[_no_branch] computes dv := num / divisor, rounding towards |
| 173 | * rm such that dv*divisor + rm = num holds. | 173 | * zero, and sets up rm such that dv*divisor + rm = num holds. |
| 174 | * Thus: | 174 | * Thus: |
| 175 | * dv->neg == num->neg ^ divisor->neg (unless the result is zero) | 175 | * dv->neg == num->neg ^ divisor->neg (unless the result is zero) |
| 176 | * rm->neg == num->neg (unless the remainder is zero) | 176 | * rm->neg == num->neg (unless the remainder is zero) |
| 177 | * If 'dv' or 'rm' is NULL, the respective value is not returned. | 177 | * If 'dv' or 'rm' is NULL, the respective value is not returned. |
| 178 | */ | 178 | */ |
| 179 | static int BN_div_no_branch(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, | ||
| 180 | const BIGNUM *divisor, BN_CTX *ctx); | ||
| 179 | int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor, | 181 | int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor, |
| 180 | BN_CTX *ctx) | 182 | BN_CTX *ctx) |
| 181 | { | 183 | { |
| 182 | int norm_shift,i,j,loop; | 184 | int norm_shift,i,loop; |
| 183 | BIGNUM *tmp,wnum,*snum,*sdiv,*res; | 185 | BIGNUM *tmp,wnum,*snum,*sdiv,*res; |
| 184 | BN_ULONG *resp,*wnump; | 186 | BN_ULONG *resp,*wnump; |
| 185 | BN_ULONG d0,d1; | 187 | BN_ULONG d0,d1; |
| 186 | int num_n,div_n; | 188 | int num_n,div_n; |
| 187 | 189 | ||
| 190 | if ((BN_get_flags(num, BN_FLG_CONSTTIME) != 0) || (BN_get_flags(divisor, BN_FLG_CONSTTIME) != 0)) | ||
| 191 | { | ||
| 192 | return BN_div_no_branch(dv, rm, num, divisor, ctx); | ||
| 193 | } | ||
| 194 | |||
| 195 | bn_check_top(dv); | ||
| 196 | bn_check_top(rm); | ||
| 188 | bn_check_top(num); | 197 | bn_check_top(num); |
| 189 | bn_check_top(divisor); | 198 | bn_check_top(divisor); |
| 190 | 199 | ||
| @@ -210,7 +219,6 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor, | |||
| 210 | res=BN_CTX_get(ctx); | 219 | res=BN_CTX_get(ctx); |
| 211 | else res=dv; | 220 | else res=dv; |
| 212 | if (sdiv == NULL || res == NULL) goto err; | 221 | if (sdiv == NULL || res == NULL) goto err; |
| 213 | tmp->neg=0; | ||
| 214 | 222 | ||
| 215 | /* First we normalise the numbers */ | 223 | /* First we normalise the numbers */ |
| 216 | norm_shift=BN_BITS2-((BN_num_bits(divisor))%BN_BITS2); | 224 | norm_shift=BN_BITS2-((BN_num_bits(divisor))%BN_BITS2); |
| @@ -222,17 +230,17 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor, | |||
| 222 | div_n=sdiv->top; | 230 | div_n=sdiv->top; |
| 223 | num_n=snum->top; | 231 | num_n=snum->top; |
| 224 | loop=num_n-div_n; | 232 | loop=num_n-div_n; |
| 225 | |||
| 226 | /* Lets setup a 'window' into snum | 233 | /* Lets setup a 'window' into snum |
| 227 | * This is the part that corresponds to the current | 234 | * This is the part that corresponds to the current |
| 228 | * 'area' being divided */ | 235 | * 'area' being divided */ |
| 229 | BN_init(&wnum); | 236 | wnum.neg = 0; |
| 230 | wnum.d= &(snum->d[loop]); | 237 | wnum.d = &(snum->d[loop]); |
| 231 | wnum.top= div_n; | 238 | wnum.top = div_n; |
| 232 | wnum.dmax= snum->dmax+1; /* a bit of a lie */ | 239 | /* only needed when BN_ucmp messes up the values between top and max */ |
| 240 | wnum.dmax = snum->dmax - loop; /* so we don't step out of bounds */ | ||
| 233 | 241 | ||
| 234 | /* Get the top 2 words of sdiv */ | 242 | /* Get the top 2 words of sdiv */ |
| 235 | /* i=sdiv->top; */ | 243 | /* div_n=sdiv->top; */ |
| 236 | d0=sdiv->d[div_n-1]; | 244 | d0=sdiv->d[div_n-1]; |
| 237 | d1=(div_n == 1)?0:sdiv->d[div_n-2]; | 245 | d1=(div_n == 1)?0:sdiv->d[div_n-2]; |
| 238 | 246 | ||
| @@ -250,19 +258,28 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor, | |||
| 250 | 258 | ||
| 251 | if (BN_ucmp(&wnum,sdiv) >= 0) | 259 | if (BN_ucmp(&wnum,sdiv) >= 0) |
| 252 | { | 260 | { |
| 253 | if (!BN_usub(&wnum,&wnum,sdiv)) goto err; | 261 | /* If BN_DEBUG_RAND is defined BN_ucmp changes (via |
| 262 | * bn_pollute) the const bignum arguments => | ||
| 263 | * clean the values between top and max again */ | ||
| 264 | bn_clear_top2max(&wnum); | ||
| 265 | bn_sub_words(wnum.d, wnum.d, sdiv->d, div_n); | ||
| 254 | *resp=1; | 266 | *resp=1; |
| 255 | res->d[res->top-1]=1; | ||
| 256 | } | 267 | } |
| 257 | else | 268 | else |
| 258 | res->top--; | 269 | res->top--; |
| 270 | /* if res->top == 0 then clear the neg value otherwise decrease | ||
| 271 | * the resp pointer */ | ||
| 259 | if (res->top == 0) | 272 | if (res->top == 0) |
| 260 | res->neg = 0; | 273 | res->neg = 0; |
| 261 | resp--; | 274 | else |
| 275 | resp--; | ||
| 262 | 276 | ||
| 263 | for (i=0; i<loop-1; i++) | 277 | for (i=0; i<loop-1; i++, wnump--, resp--) |
| 264 | { | 278 | { |
| 265 | BN_ULONG q,l0; | 279 | BN_ULONG q,l0; |
| 280 | /* the first part of the loop uses the top two words of | ||
| 281 | * snum and sdiv to calculate a BN_ULONG q such that | ||
| 282 | * | wnum - sdiv * q | < sdiv */ | ||
| 266 | #if defined(BN_DIV3W) && !defined(OPENSSL_NO_ASM) | 283 | #if defined(BN_DIV3W) && !defined(OPENSSL_NO_ASM) |
| 267 | BN_ULONG bn_div_3_words(BN_ULONG*,BN_ULONG,BN_ULONG); | 284 | BN_ULONG bn_div_3_words(BN_ULONG*,BN_ULONG,BN_ULONG); |
| 268 | q=bn_div_3_words(wnump,d1,d0); | 285 | q=bn_div_3_words(wnump,d1,d0); |
| @@ -346,27 +363,252 @@ X) -> 0x%08X\n", | |||
| 346 | #endif /* !BN_DIV3W */ | 363 | #endif /* !BN_DIV3W */ |
| 347 | 364 | ||
| 348 | l0=bn_mul_words(tmp->d,sdiv->d,div_n,q); | 365 | l0=bn_mul_words(tmp->d,sdiv->d,div_n,q); |
| 349 | wnum.d--; wnum.top++; | ||
| 350 | tmp->d[div_n]=l0; | 366 | tmp->d[div_n]=l0; |
| 351 | for (j=div_n+1; j>0; j--) | 367 | wnum.d--; |
| 352 | if (tmp->d[j-1]) break; | 368 | /* ingore top values of the bignums just sub the two |
| 353 | tmp->top=j; | 369 | * BN_ULONG arrays with bn_sub_words */ |
| 370 | if (bn_sub_words(wnum.d, wnum.d, tmp->d, div_n+1)) | ||
| 371 | { | ||
| 372 | /* Note: As we have considered only the leading | ||
| 373 | * two BN_ULONGs in the calculation of q, sdiv * q | ||
| 374 | * might be greater than wnum (but then (q-1) * sdiv | ||
| 375 | * is less or equal than wnum) | ||
| 376 | */ | ||
| 377 | q--; | ||
| 378 | if (bn_add_words(wnum.d, wnum.d, sdiv->d, div_n)) | ||
| 379 | /* we can't have an overflow here (assuming | ||
| 380 | * that q != 0, but if q == 0 then tmp is | ||
| 381 | * zero anyway) */ | ||
| 382 | (*wnump)++; | ||
| 383 | } | ||
| 384 | /* store part of the result */ | ||
| 385 | *resp = q; | ||
| 386 | } | ||
| 387 | bn_correct_top(snum); | ||
| 388 | if (rm != NULL) | ||
| 389 | { | ||
| 390 | /* Keep a copy of the neg flag in num because if rm==num | ||
| 391 | * BN_rshift() will overwrite it. | ||
| 392 | */ | ||
| 393 | int neg = num->neg; | ||
| 394 | BN_rshift(rm,snum,norm_shift); | ||
| 395 | if (!BN_is_zero(rm)) | ||
| 396 | rm->neg = neg; | ||
| 397 | bn_check_top(rm); | ||
| 398 | } | ||
| 399 | BN_CTX_end(ctx); | ||
| 400 | return(1); | ||
| 401 | err: | ||
| 402 | bn_check_top(rm); | ||
| 403 | BN_CTX_end(ctx); | ||
| 404 | return(0); | ||
| 405 | } | ||
| 406 | |||
| 407 | |||
| 408 | /* BN_div_no_branch is a special version of BN_div. It does not contain | ||
| 409 | * branches that may leak sensitive information. | ||
| 410 | */ | ||
| 411 | static int BN_div_no_branch(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, | ||
| 412 | const BIGNUM *divisor, BN_CTX *ctx) | ||
| 413 | { | ||
| 414 | int norm_shift,i,loop; | ||
| 415 | BIGNUM *tmp,wnum,*snum,*sdiv,*res; | ||
| 416 | BN_ULONG *resp,*wnump; | ||
| 417 | BN_ULONG d0,d1; | ||
| 418 | int num_n,div_n; | ||
| 419 | |||
| 420 | bn_check_top(dv); | ||
| 421 | bn_check_top(rm); | ||
| 422 | bn_check_top(num); | ||
| 423 | bn_check_top(divisor); | ||
| 424 | |||
| 425 | if (BN_is_zero(divisor)) | ||
| 426 | { | ||
| 427 | BNerr(BN_F_BN_DIV_NO_BRANCH,BN_R_DIV_BY_ZERO); | ||
| 428 | return(0); | ||
| 429 | } | ||
| 430 | |||
| 431 | BN_CTX_start(ctx); | ||
| 432 | tmp=BN_CTX_get(ctx); | ||
| 433 | snum=BN_CTX_get(ctx); | ||
| 434 | sdiv=BN_CTX_get(ctx); | ||
| 435 | if (dv == NULL) | ||
| 436 | res=BN_CTX_get(ctx); | ||
| 437 | else res=dv; | ||
| 438 | if (sdiv == NULL || res == NULL) goto err; | ||
| 439 | |||
| 440 | /* First we normalise the numbers */ | ||
| 441 | norm_shift=BN_BITS2-((BN_num_bits(divisor))%BN_BITS2); | ||
| 442 | if (!(BN_lshift(sdiv,divisor,norm_shift))) goto err; | ||
| 443 | sdiv->neg=0; | ||
| 444 | norm_shift+=BN_BITS2; | ||
| 445 | if (!(BN_lshift(snum,num,norm_shift))) goto err; | ||
| 446 | snum->neg=0; | ||
| 447 | |||
| 448 | /* Since we don't know whether snum is larger than sdiv, | ||
| 449 | * we pad snum with enough zeroes without changing its | ||
| 450 | * value. | ||
| 451 | */ | ||
| 452 | if (snum->top <= sdiv->top+1) | ||
| 453 | { | ||
| 454 | if (bn_wexpand(snum, sdiv->top + 2) == NULL) goto err; | ||
| 455 | for (i = snum->top; i < sdiv->top + 2; i++) snum->d[i] = 0; | ||
| 456 | snum->top = sdiv->top + 2; | ||
| 457 | } | ||
| 458 | else | ||
| 459 | { | ||
| 460 | if (bn_wexpand(snum, snum->top + 1) == NULL) goto err; | ||
| 461 | snum->d[snum->top] = 0; | ||
| 462 | snum->top ++; | ||
| 463 | } | ||
| 464 | |||
| 465 | div_n=sdiv->top; | ||
| 466 | num_n=snum->top; | ||
| 467 | loop=num_n-div_n; | ||
| 468 | /* Lets setup a 'window' into snum | ||
| 469 | * This is the part that corresponds to the current | ||
| 470 | * 'area' being divided */ | ||
| 471 | wnum.neg = 0; | ||
| 472 | wnum.d = &(snum->d[loop]); | ||
| 473 | wnum.top = div_n; | ||
| 474 | /* only needed when BN_ucmp messes up the values between top and max */ | ||
| 475 | wnum.dmax = snum->dmax - loop; /* so we don't step out of bounds */ | ||
| 476 | |||
| 477 | /* Get the top 2 words of sdiv */ | ||
| 478 | /* div_n=sdiv->top; */ | ||
| 479 | d0=sdiv->d[div_n-1]; | ||
| 480 | d1=(div_n == 1)?0:sdiv->d[div_n-2]; | ||
| 481 | |||
| 482 | /* pointer to the 'top' of snum */ | ||
| 483 | wnump= &(snum->d[num_n-1]); | ||
| 484 | |||
| 485 | /* Setup to 'res' */ | ||
| 486 | res->neg= (num->neg^divisor->neg); | ||
| 487 | if (!bn_wexpand(res,(loop+1))) goto err; | ||
| 488 | res->top=loop-1; | ||
| 489 | resp= &(res->d[loop-1]); | ||
| 490 | |||
| 491 | /* space for temp */ | ||
| 492 | if (!bn_wexpand(tmp,(div_n+1))) goto err; | ||
| 493 | |||
| 494 | /* if res->top == 0 then clear the neg value otherwise decrease | ||
| 495 | * the resp pointer */ | ||
| 496 | if (res->top == 0) | ||
| 497 | res->neg = 0; | ||
| 498 | else | ||
| 499 | resp--; | ||
| 500 | |||
| 501 | for (i=0; i<loop-1; i++, wnump--, resp--) | ||
| 502 | { | ||
| 503 | BN_ULONG q,l0; | ||
| 504 | /* the first part of the loop uses the top two words of | ||
| 505 | * snum and sdiv to calculate a BN_ULONG q such that | ||
| 506 | * | wnum - sdiv * q | < sdiv */ | ||
| 507 | #if defined(BN_DIV3W) && !defined(OPENSSL_NO_ASM) | ||
| 508 | BN_ULONG bn_div_3_words(BN_ULONG*,BN_ULONG,BN_ULONG); | ||
| 509 | q=bn_div_3_words(wnump,d1,d0); | ||
| 510 | #else | ||
| 511 | BN_ULONG n0,n1,rem=0; | ||
| 512 | |||
| 513 | n0=wnump[0]; | ||
| 514 | n1=wnump[-1]; | ||
| 515 | if (n0 == d0) | ||
| 516 | q=BN_MASK2; | ||
| 517 | else /* n0 < d0 */ | ||
| 518 | { | ||
| 519 | #ifdef BN_LLONG | ||
| 520 | BN_ULLONG t2; | ||
| 521 | |||
| 522 | #if defined(BN_LLONG) && defined(BN_DIV2W) && !defined(bn_div_words) | ||
| 523 | q=(BN_ULONG)(((((BN_ULLONG)n0)<<BN_BITS2)|n1)/d0); | ||
| 524 | #else | ||
| 525 | q=bn_div_words(n0,n1,d0); | ||
| 526 | #ifdef BN_DEBUG_LEVITTE | ||
| 527 | fprintf(stderr,"DEBUG: bn_div_words(0x%08X,0x%08X,0x%08\ | ||
| 528 | X) -> 0x%08X\n", | ||
| 529 | n0, n1, d0, q); | ||
| 530 | #endif | ||
| 531 | #endif | ||
| 532 | |||
| 533 | #ifndef REMAINDER_IS_ALREADY_CALCULATED | ||
| 534 | /* | ||
| 535 | * rem doesn't have to be BN_ULLONG. The least we | ||
| 536 | * know it's less that d0, isn't it? | ||
| 537 | */ | ||
| 538 | rem=(n1-q*d0)&BN_MASK2; | ||
| 539 | #endif | ||
| 540 | t2=(BN_ULLONG)d1*q; | ||
| 541 | |||
| 542 | for (;;) | ||
| 543 | { | ||
| 544 | if (t2 <= ((((BN_ULLONG)rem)<<BN_BITS2)|wnump[-2])) | ||
| 545 | break; | ||
| 546 | q--; | ||
| 547 | rem += d0; | ||
| 548 | if (rem < d0) break; /* don't let rem overflow */ | ||
| 549 | t2 -= d1; | ||
| 550 | } | ||
| 551 | #else /* !BN_LLONG */ | ||
| 552 | BN_ULONG t2l,t2h,ql,qh; | ||
| 553 | |||
| 554 | q=bn_div_words(n0,n1,d0); | ||
| 555 | #ifdef BN_DEBUG_LEVITTE | ||
| 556 | fprintf(stderr,"DEBUG: bn_div_words(0x%08X,0x%08X,0x%08\ | ||
| 557 | X) -> 0x%08X\n", | ||
| 558 | n0, n1, d0, q); | ||
| 559 | #endif | ||
| 560 | #ifndef REMAINDER_IS_ALREADY_CALCULATED | ||
| 561 | rem=(n1-q*d0)&BN_MASK2; | ||
| 562 | #endif | ||
| 354 | 563 | ||
| 355 | j=wnum.top; | 564 | #if defined(BN_UMULT_LOHI) |
| 356 | if (!BN_sub(&wnum,&wnum,tmp)) goto err; | 565 | BN_UMULT_LOHI(t2l,t2h,d1,q); |
| 566 | #elif defined(BN_UMULT_HIGH) | ||
| 567 | t2l = d1 * q; | ||
| 568 | t2h = BN_UMULT_HIGH(d1,q); | ||
| 569 | #else | ||
| 570 | t2l=LBITS(d1); t2h=HBITS(d1); | ||
| 571 | ql =LBITS(q); qh =HBITS(q); | ||
| 572 | mul64(t2l,t2h,ql,qh); /* t2=(BN_ULLONG)d1*q; */ | ||
| 573 | #endif | ||
| 357 | 574 | ||
| 358 | snum->top=snum->top+wnum.top-j; | 575 | for (;;) |
| 576 | { | ||
| 577 | if ((t2h < rem) || | ||
| 578 | ((t2h == rem) && (t2l <= wnump[-2]))) | ||
| 579 | break; | ||
| 580 | q--; | ||
| 581 | rem += d0; | ||
| 582 | if (rem < d0) break; /* don't let rem overflow */ | ||
| 583 | if (t2l < d1) t2h--; t2l -= d1; | ||
| 584 | } | ||
| 585 | #endif /* !BN_LLONG */ | ||
| 586 | } | ||
| 587 | #endif /* !BN_DIV3W */ | ||
| 359 | 588 | ||
| 360 | if (wnum.neg) | 589 | l0=bn_mul_words(tmp->d,sdiv->d,div_n,q); |
| 590 | tmp->d[div_n]=l0; | ||
| 591 | wnum.d--; | ||
| 592 | /* ingore top values of the bignums just sub the two | ||
| 593 | * BN_ULONG arrays with bn_sub_words */ | ||
| 594 | if (bn_sub_words(wnum.d, wnum.d, tmp->d, div_n+1)) | ||
| 361 | { | 595 | { |
| 596 | /* Note: As we have considered only the leading | ||
| 597 | * two BN_ULONGs in the calculation of q, sdiv * q | ||
| 598 | * might be greater than wnum (but then (q-1) * sdiv | ||
| 599 | * is less or equal than wnum) | ||
| 600 | */ | ||
| 362 | q--; | 601 | q--; |
| 363 | j=wnum.top; | 602 | if (bn_add_words(wnum.d, wnum.d, sdiv->d, div_n)) |
| 364 | if (!BN_add(&wnum,&wnum,sdiv)) goto err; | 603 | /* we can't have an overflow here (assuming |
| 365 | snum->top+=wnum.top-j; | 604 | * that q != 0, but if q == 0 then tmp is |
| 605 | * zero anyway) */ | ||
| 606 | (*wnump)++; | ||
| 366 | } | 607 | } |
| 367 | *(resp--)=q; | 608 | /* store part of the result */ |
| 368 | wnump--; | 609 | *resp = q; |
| 369 | } | 610 | } |
| 611 | bn_correct_top(snum); | ||
| 370 | if (rm != NULL) | 612 | if (rm != NULL) |
| 371 | { | 613 | { |
| 372 | /* Keep a copy of the neg flag in num because if rm==num | 614 | /* Keep a copy of the neg flag in num because if rm==num |
| @@ -376,10 +618,13 @@ X) -> 0x%08X\n", | |||
| 376 | BN_rshift(rm,snum,norm_shift); | 618 | BN_rshift(rm,snum,norm_shift); |
| 377 | if (!BN_is_zero(rm)) | 619 | if (!BN_is_zero(rm)) |
| 378 | rm->neg = neg; | 620 | rm->neg = neg; |
| 621 | bn_check_top(rm); | ||
| 379 | } | 622 | } |
| 623 | bn_correct_top(res); | ||
| 380 | BN_CTX_end(ctx); | 624 | BN_CTX_end(ctx); |
| 381 | return(1); | 625 | return(1); |
| 382 | err: | 626 | err: |
| 627 | bn_check_top(rm); | ||
| 383 | BN_CTX_end(ctx); | 628 | BN_CTX_end(ctx); |
| 384 | return(0); | 629 | return(0); |
| 385 | } | 630 | } |
diff --git a/src/lib/libssl/src/crypto/bn/bn_err.c b/src/lib/libssl/src/crypto/bn/bn_err.c index 5dfac00c88..cfe2eb94a0 100644 --- a/src/lib/libssl/src/crypto/bn/bn_err.c +++ b/src/lib/libssl/src/crypto/bn/bn_err.c | |||
| @@ -1,6 +1,6 @@ | |||
| 1 | /* crypto/bn/bn_err.c */ | 1 | /* crypto/bn/bn_err.c */ |
| 2 | /* ==================================================================== | 2 | /* ==================================================================== |
| 3 | * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved. | 3 | * Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved. |
| 4 | * | 4 | * |
| 5 | * Redistribution and use in source and binary forms, with or without | 5 | * Redistribution and use in source and binary forms, with or without |
| 6 | * modification, are permitted provided that the following conditions | 6 | * modification, are permitted provided that the following conditions |
| @@ -70,18 +70,30 @@ | |||
| 70 | 70 | ||
| 71 | static ERR_STRING_DATA BN_str_functs[]= | 71 | static ERR_STRING_DATA BN_str_functs[]= |
| 72 | { | 72 | { |
| 73 | {ERR_FUNC(BN_F_BN_BLINDING_CONVERT), "BN_BLINDING_convert"}, | 73 | {ERR_FUNC(BN_F_BNRAND), "BNRAND"}, |
| 74 | {ERR_FUNC(BN_F_BN_BLINDING_INVERT), "BN_BLINDING_invert"}, | 74 | {ERR_FUNC(BN_F_BN_BLINDING_CONVERT_EX), "BN_BLINDING_convert_ex"}, |
| 75 | {ERR_FUNC(BN_F_BN_BLINDING_CREATE_PARAM), "BN_BLINDING_create_param"}, | ||
| 76 | {ERR_FUNC(BN_F_BN_BLINDING_INVERT_EX), "BN_BLINDING_invert_ex"}, | ||
| 75 | {ERR_FUNC(BN_F_BN_BLINDING_NEW), "BN_BLINDING_new"}, | 77 | {ERR_FUNC(BN_F_BN_BLINDING_NEW), "BN_BLINDING_new"}, |
| 76 | {ERR_FUNC(BN_F_BN_BLINDING_UPDATE), "BN_BLINDING_update"}, | 78 | {ERR_FUNC(BN_F_BN_BLINDING_UPDATE), "BN_BLINDING_update"}, |
| 77 | {ERR_FUNC(BN_F_BN_BN2DEC), "BN_bn2dec"}, | 79 | {ERR_FUNC(BN_F_BN_BN2DEC), "BN_bn2dec"}, |
| 78 | {ERR_FUNC(BN_F_BN_BN2HEX), "BN_bn2hex"}, | 80 | {ERR_FUNC(BN_F_BN_BN2HEX), "BN_bn2hex"}, |
| 79 | {ERR_FUNC(BN_F_BN_CTX_GET), "BN_CTX_get"}, | 81 | {ERR_FUNC(BN_F_BN_CTX_GET), "BN_CTX_get"}, |
| 80 | {ERR_FUNC(BN_F_BN_CTX_NEW), "BN_CTX_new"}, | 82 | {ERR_FUNC(BN_F_BN_CTX_NEW), "BN_CTX_new"}, |
| 83 | {ERR_FUNC(BN_F_BN_CTX_START), "BN_CTX_start"}, | ||
| 81 | {ERR_FUNC(BN_F_BN_DIV), "BN_div"}, | 84 | {ERR_FUNC(BN_F_BN_DIV), "BN_div"}, |
| 85 | {ERR_FUNC(BN_F_BN_DIV_NO_BRANCH), "BN_div_no_branch"}, | ||
| 86 | {ERR_FUNC(BN_F_BN_DIV_RECP), "BN_div_recp"}, | ||
| 82 | {ERR_FUNC(BN_F_BN_EXP), "BN_exp"}, | 87 | {ERR_FUNC(BN_F_BN_EXP), "BN_exp"}, |
| 83 | {ERR_FUNC(BN_F_BN_EXPAND2), "bn_expand2"}, | 88 | {ERR_FUNC(BN_F_BN_EXPAND2), "bn_expand2"}, |
| 84 | {ERR_FUNC(BN_F_BN_EXPAND_INTERNAL), "BN_EXPAND_INTERNAL"}, | 89 | {ERR_FUNC(BN_F_BN_EXPAND_INTERNAL), "BN_EXPAND_INTERNAL"}, |
| 90 | {ERR_FUNC(BN_F_BN_GF2M_MOD), "BN_GF2m_mod"}, | ||
| 91 | {ERR_FUNC(BN_F_BN_GF2M_MOD_EXP), "BN_GF2m_mod_exp"}, | ||
| 92 | {ERR_FUNC(BN_F_BN_GF2M_MOD_MUL), "BN_GF2m_mod_mul"}, | ||
| 93 | {ERR_FUNC(BN_F_BN_GF2M_MOD_SOLVE_QUAD), "BN_GF2m_mod_solve_quad"}, | ||
| 94 | {ERR_FUNC(BN_F_BN_GF2M_MOD_SOLVE_QUAD_ARR), "BN_GF2m_mod_solve_quad_arr"}, | ||
| 95 | {ERR_FUNC(BN_F_BN_GF2M_MOD_SQR), "BN_GF2m_mod_sqr"}, | ||
| 96 | {ERR_FUNC(BN_F_BN_GF2M_MOD_SQRT), "BN_GF2m_mod_sqrt"}, | ||
| 85 | {ERR_FUNC(BN_F_BN_MOD_EXP2_MONT), "BN_mod_exp2_mont"}, | 97 | {ERR_FUNC(BN_F_BN_MOD_EXP2_MONT), "BN_mod_exp2_mont"}, |
| 86 | {ERR_FUNC(BN_F_BN_MOD_EXP_MONT), "BN_mod_exp_mont"}, | 98 | {ERR_FUNC(BN_F_BN_MOD_EXP_MONT), "BN_mod_exp_mont"}, |
| 87 | {ERR_FUNC(BN_F_BN_MOD_EXP_MONT_CONSTTIME), "BN_mod_exp_mont_consttime"}, | 99 | {ERR_FUNC(BN_F_BN_MOD_EXP_MONT_CONSTTIME), "BN_mod_exp_mont_consttime"}, |
| @@ -89,6 +101,7 @@ static ERR_STRING_DATA BN_str_functs[]= | |||
| 89 | {ERR_FUNC(BN_F_BN_MOD_EXP_RECP), "BN_mod_exp_recp"}, | 101 | {ERR_FUNC(BN_F_BN_MOD_EXP_RECP), "BN_mod_exp_recp"}, |
| 90 | {ERR_FUNC(BN_F_BN_MOD_EXP_SIMPLE), "BN_mod_exp_simple"}, | 102 | {ERR_FUNC(BN_F_BN_MOD_EXP_SIMPLE), "BN_mod_exp_simple"}, |
| 91 | {ERR_FUNC(BN_F_BN_MOD_INVERSE), "BN_mod_inverse"}, | 103 | {ERR_FUNC(BN_F_BN_MOD_INVERSE), "BN_mod_inverse"}, |
| 104 | {ERR_FUNC(BN_F_BN_MOD_INVERSE_NO_BRANCH), "BN_mod_inverse_no_branch"}, | ||
| 92 | {ERR_FUNC(BN_F_BN_MOD_LSHIFT_QUICK), "BN_mod_lshift_quick"}, | 105 | {ERR_FUNC(BN_F_BN_MOD_LSHIFT_QUICK), "BN_mod_lshift_quick"}, |
| 93 | {ERR_FUNC(BN_F_BN_MOD_MUL_RECIPROCAL), "BN_mod_mul_reciprocal"}, | 106 | {ERR_FUNC(BN_F_BN_MOD_MUL_RECIPROCAL), "BN_mod_mul_reciprocal"}, |
| 94 | {ERR_FUNC(BN_F_BN_MOD_SQRT), "BN_mod_sqrt"}, | 107 | {ERR_FUNC(BN_F_BN_MOD_SQRT), "BN_mod_sqrt"}, |
| @@ -115,6 +128,7 @@ static ERR_STRING_DATA BN_str_reasons[]= | |||
| 115 | {ERR_REASON(BN_R_NOT_A_SQUARE) ,"not a square"}, | 128 | {ERR_REASON(BN_R_NOT_A_SQUARE) ,"not a square"}, |
| 116 | {ERR_REASON(BN_R_NOT_INITIALIZED) ,"not initialized"}, | 129 | {ERR_REASON(BN_R_NOT_INITIALIZED) ,"not initialized"}, |
| 117 | {ERR_REASON(BN_R_NO_INVERSE) ,"no inverse"}, | 130 | {ERR_REASON(BN_R_NO_INVERSE) ,"no inverse"}, |
| 131 | {ERR_REASON(BN_R_NO_SOLUTION) ,"no solution"}, | ||
| 118 | {ERR_REASON(BN_R_P_IS_NOT_PRIME) ,"p is not prime"}, | 132 | {ERR_REASON(BN_R_P_IS_NOT_PRIME) ,"p is not prime"}, |
| 119 | {ERR_REASON(BN_R_TOO_MANY_ITERATIONS) ,"too many iterations"}, | 133 | {ERR_REASON(BN_R_TOO_MANY_ITERATIONS) ,"too many iterations"}, |
| 120 | {ERR_REASON(BN_R_TOO_MANY_TEMPORARY_VARIABLES),"too many temporary variables"}, | 134 | {ERR_REASON(BN_R_TOO_MANY_TEMPORARY_VARIABLES),"too many temporary variables"}, |
| @@ -125,15 +139,12 @@ static ERR_STRING_DATA BN_str_reasons[]= | |||
| 125 | 139 | ||
| 126 | void ERR_load_BN_strings(void) | 140 | void ERR_load_BN_strings(void) |
| 127 | { | 141 | { |
| 128 | static int init=1; | 142 | #ifndef OPENSSL_NO_ERR |
| 129 | 143 | ||
| 130 | if (init) | 144 | if (ERR_func_error_string(BN_str_functs[0].error) == NULL) |
| 131 | { | 145 | { |
| 132 | init=0; | ||
| 133 | #ifndef OPENSSL_NO_ERR | ||
| 134 | ERR_load_strings(0,BN_str_functs); | 146 | ERR_load_strings(0,BN_str_functs); |
| 135 | ERR_load_strings(0,BN_str_reasons); | 147 | ERR_load_strings(0,BN_str_reasons); |
| 136 | #endif | ||
| 137 | |||
| 138 | } | 148 | } |
| 149 | #endif | ||
| 139 | } | 150 | } |
diff --git a/src/lib/libssl/src/crypto/bn/bn_exp.c b/src/lib/libssl/src/crypto/bn/bn_exp.c index 9e1e88abe8..70a33f0d93 100644 --- a/src/lib/libssl/src/crypto/bn/bn_exp.c +++ b/src/lib/libssl/src/crypto/bn/bn_exp.c | |||
| @@ -122,9 +122,9 @@ int BN_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) | |||
| 122 | int i,bits,ret=0; | 122 | int i,bits,ret=0; |
| 123 | BIGNUM *v,*rr; | 123 | BIGNUM *v,*rr; |
| 124 | 124 | ||
| 125 | if (BN_get_flags(p, BN_FLG_EXP_CONSTTIME) != 0) | 125 | if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0) |
| 126 | { | 126 | { |
| 127 | /* BN_FLG_EXP_CONSTTIME only supported by BN_mod_exp_mont() */ | 127 | /* BN_FLG_CONSTTIME only supported by BN_mod_exp_mont() */ |
| 128 | BNerr(BN_F_BN_EXP,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); | 128 | BNerr(BN_F_BN_EXP,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); |
| 129 | return -1; | 129 | return -1; |
| 130 | } | 130 | } |
| @@ -155,6 +155,7 @@ int BN_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) | |||
| 155 | err: | 155 | err: |
| 156 | if (r != rr) BN_copy(r,rr); | 156 | if (r != rr) BN_copy(r,rr); |
| 157 | BN_CTX_end(ctx); | 157 | BN_CTX_end(ctx); |
| 158 | bn_check_top(r); | ||
| 158 | return(ret); | 159 | return(ret); |
| 159 | } | 160 | } |
| 160 | 161 | ||
| @@ -212,7 +213,7 @@ int BN_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, | |||
| 212 | if (BN_is_odd(m)) | 213 | if (BN_is_odd(m)) |
| 213 | { | 214 | { |
| 214 | # ifdef MONT_EXP_WORD | 215 | # ifdef MONT_EXP_WORD |
| 215 | if (a->top == 1 && !a->neg && (BN_get_flags(p, BN_FLG_EXP_CONSTTIME) == 0)) | 216 | if (a->top == 1 && !a->neg && (BN_get_flags(p, BN_FLG_CONSTTIME) == 0)) |
| 216 | { | 217 | { |
| 217 | BN_ULONG A = a->d[0]; | 218 | BN_ULONG A = a->d[0]; |
| 218 | ret=BN_mod_exp_mont_word(r,A,p,m,ctx,NULL); | 219 | ret=BN_mod_exp_mont_word(r,A,p,m,ctx,NULL); |
| @@ -229,6 +230,7 @@ int BN_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, | |||
| 229 | { ret=BN_mod_exp_simple(r,a,p,m,ctx); } | 230 | { ret=BN_mod_exp_simple(r,a,p,m,ctx); } |
| 230 | #endif | 231 | #endif |
| 231 | 232 | ||
| 233 | bn_check_top(r); | ||
| 232 | return(ret); | 234 | return(ret); |
| 233 | } | 235 | } |
| 234 | 236 | ||
| @@ -237,14 +239,15 @@ int BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, | |||
| 237 | const BIGNUM *m, BN_CTX *ctx) | 239 | const BIGNUM *m, BN_CTX *ctx) |
| 238 | { | 240 | { |
| 239 | int i,j,bits,ret=0,wstart,wend,window,wvalue; | 241 | int i,j,bits,ret=0,wstart,wend,window,wvalue; |
| 240 | int start=1,ts=0; | 242 | int start=1; |
| 241 | BIGNUM *aa; | 243 | BIGNUM *aa; |
| 242 | BIGNUM val[TABLE_SIZE]; | 244 | /* Table of variables obtained from 'ctx' */ |
| 245 | BIGNUM *val[TABLE_SIZE]; | ||
| 243 | BN_RECP_CTX recp; | 246 | BN_RECP_CTX recp; |
| 244 | 247 | ||
| 245 | if (BN_get_flags(p, BN_FLG_EXP_CONSTTIME) != 0) | 248 | if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0) |
| 246 | { | 249 | { |
| 247 | /* BN_FLG_EXP_CONSTTIME only supported by BN_mod_exp_mont() */ | 250 | /* BN_FLG_CONSTTIME only supported by BN_mod_exp_mont() */ |
| 248 | BNerr(BN_F_BN_MOD_EXP_RECP,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); | 251 | BNerr(BN_F_BN_MOD_EXP_RECP,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); |
| 249 | return -1; | 252 | return -1; |
| 250 | } | 253 | } |
| @@ -258,7 +261,9 @@ int BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, | |||
| 258 | } | 261 | } |
| 259 | 262 | ||
| 260 | BN_CTX_start(ctx); | 263 | BN_CTX_start(ctx); |
| 261 | if ((aa = BN_CTX_get(ctx)) == NULL) goto err; | 264 | aa = BN_CTX_get(ctx); |
| 265 | val[0] = BN_CTX_get(ctx); | ||
| 266 | if(!aa || !val[0]) goto err; | ||
| 262 | 267 | ||
| 263 | BN_RECP_CTX_init(&recp); | 268 | BN_RECP_CTX_init(&recp); |
| 264 | if (m->neg) | 269 | if (m->neg) |
| @@ -273,29 +278,27 @@ int BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, | |||
| 273 | if (BN_RECP_CTX_set(&recp,m,ctx) <= 0) goto err; | 278 | if (BN_RECP_CTX_set(&recp,m,ctx) <= 0) goto err; |
| 274 | } | 279 | } |
| 275 | 280 | ||
| 276 | BN_init(&(val[0])); | 281 | if (!BN_nnmod(val[0],a,m,ctx)) goto err; /* 1 */ |
| 277 | ts=1; | 282 | if (BN_is_zero(val[0])) |
| 278 | |||
| 279 | if (!BN_nnmod(&(val[0]),a,m,ctx)) goto err; /* 1 */ | ||
| 280 | if (BN_is_zero(&(val[0]))) | ||
| 281 | { | 283 | { |
| 282 | ret = BN_zero(r); | 284 | BN_zero(r); |
| 285 | ret = 1; | ||
| 283 | goto err; | 286 | goto err; |
| 284 | } | 287 | } |
| 285 | 288 | ||
| 286 | window = BN_window_bits_for_exponent_size(bits); | 289 | window = BN_window_bits_for_exponent_size(bits); |
| 287 | if (window > 1) | 290 | if (window > 1) |
| 288 | { | 291 | { |
| 289 | if (!BN_mod_mul_reciprocal(aa,&(val[0]),&(val[0]),&recp,ctx)) | 292 | if (!BN_mod_mul_reciprocal(aa,val[0],val[0],&recp,ctx)) |
| 290 | goto err; /* 2 */ | 293 | goto err; /* 2 */ |
| 291 | j=1<<(window-1); | 294 | j=1<<(window-1); |
| 292 | for (i=1; i<j; i++) | 295 | for (i=1; i<j; i++) |
| 293 | { | 296 | { |
| 294 | BN_init(&val[i]); | 297 | if(((val[i] = BN_CTX_get(ctx)) == NULL) || |
| 295 | if (!BN_mod_mul_reciprocal(&(val[i]),&(val[i-1]),aa,&recp,ctx)) | 298 | !BN_mod_mul_reciprocal(val[i],val[i-1], |
| 299 | aa,&recp,ctx)) | ||
| 296 | goto err; | 300 | goto err; |
| 297 | } | 301 | } |
| 298 | ts=i; | ||
| 299 | } | 302 | } |
| 300 | 303 | ||
| 301 | start=1; /* This is used to avoid multiplication etc | 304 | start=1; /* This is used to avoid multiplication etc |
| @@ -347,7 +350,7 @@ int BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, | |||
| 347 | } | 350 | } |
| 348 | 351 | ||
| 349 | /* wvalue will be an odd number < 2^window */ | 352 | /* wvalue will be an odd number < 2^window */ |
| 350 | if (!BN_mod_mul_reciprocal(r,r,&(val[wvalue>>1]),&recp,ctx)) | 353 | if (!BN_mod_mul_reciprocal(r,r,val[wvalue>>1],&recp,ctx)) |
| 351 | goto err; | 354 | goto err; |
| 352 | 355 | ||
| 353 | /* move the 'window' down further */ | 356 | /* move the 'window' down further */ |
| @@ -359,9 +362,8 @@ int BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, | |||
| 359 | ret=1; | 362 | ret=1; |
| 360 | err: | 363 | err: |
| 361 | BN_CTX_end(ctx); | 364 | BN_CTX_end(ctx); |
| 362 | for (i=0; i<ts; i++) | ||
| 363 | BN_clear_free(&(val[i])); | ||
| 364 | BN_RECP_CTX_free(&recp); | 365 | BN_RECP_CTX_free(&recp); |
| 366 | bn_check_top(r); | ||
| 365 | return(ret); | 367 | return(ret); |
| 366 | } | 368 | } |
| 367 | 369 | ||
| @@ -370,13 +372,14 @@ int BN_mod_exp_mont(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, | |||
| 370 | const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont) | 372 | const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont) |
| 371 | { | 373 | { |
| 372 | int i,j,bits,ret=0,wstart,wend,window,wvalue; | 374 | int i,j,bits,ret=0,wstart,wend,window,wvalue; |
| 373 | int start=1,ts=0; | 375 | int start=1; |
| 374 | BIGNUM *d,*r; | 376 | BIGNUM *d,*r; |
| 375 | const BIGNUM *aa; | 377 | const BIGNUM *aa; |
| 376 | BIGNUM val[TABLE_SIZE]; | 378 | /* Table of variables obtained from 'ctx' */ |
| 379 | BIGNUM *val[TABLE_SIZE]; | ||
| 377 | BN_MONT_CTX *mont=NULL; | 380 | BN_MONT_CTX *mont=NULL; |
| 378 | 381 | ||
| 379 | if (BN_get_flags(p, BN_FLG_EXP_CONSTTIME) != 0) | 382 | if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0) |
| 380 | { | 383 | { |
| 381 | return BN_mod_exp_mont_consttime(rr, a, p, m, ctx, in_mont); | 384 | return BN_mod_exp_mont_consttime(rr, a, p, m, ctx, in_mont); |
| 382 | } | 385 | } |
| @@ -385,7 +388,7 @@ int BN_mod_exp_mont(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, | |||
| 385 | bn_check_top(p); | 388 | bn_check_top(p); |
| 386 | bn_check_top(m); | 389 | bn_check_top(m); |
| 387 | 390 | ||
| 388 | if (!(m->d[0] & 1)) | 391 | if (!BN_is_odd(m)) |
| 389 | { | 392 | { |
| 390 | BNerr(BN_F_BN_MOD_EXP_MONT,BN_R_CALLED_WITH_EVEN_MODULUS); | 393 | BNerr(BN_F_BN_MOD_EXP_MONT,BN_R_CALLED_WITH_EVEN_MODULUS); |
| 391 | return(0); | 394 | return(0); |
| @@ -400,7 +403,8 @@ int BN_mod_exp_mont(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, | |||
| 400 | BN_CTX_start(ctx); | 403 | BN_CTX_start(ctx); |
| 401 | d = BN_CTX_get(ctx); | 404 | d = BN_CTX_get(ctx); |
| 402 | r = BN_CTX_get(ctx); | 405 | r = BN_CTX_get(ctx); |
| 403 | if (d == NULL || r == NULL) goto err; | 406 | val[0] = BN_CTX_get(ctx); |
| 407 | if (!d || !r || !val[0]) goto err; | ||
| 404 | 408 | ||
| 405 | /* If this is not done, things will break in the montgomery | 409 | /* If this is not done, things will break in the montgomery |
| 406 | * part */ | 410 | * part */ |
| @@ -413,35 +417,34 @@ int BN_mod_exp_mont(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, | |||
| 413 | if (!BN_MONT_CTX_set(mont,m,ctx)) goto err; | 417 | if (!BN_MONT_CTX_set(mont,m,ctx)) goto err; |
| 414 | } | 418 | } |
| 415 | 419 | ||
| 416 | BN_init(&val[0]); | ||
| 417 | ts=1; | ||
| 418 | if (a->neg || BN_ucmp(a,m) >= 0) | 420 | if (a->neg || BN_ucmp(a,m) >= 0) |
| 419 | { | 421 | { |
| 420 | if (!BN_nnmod(&(val[0]),a,m,ctx)) | 422 | if (!BN_nnmod(val[0],a,m,ctx)) |
| 421 | goto err; | 423 | goto err; |
| 422 | aa= &(val[0]); | 424 | aa= val[0]; |
| 423 | } | 425 | } |
| 424 | else | 426 | else |
| 425 | aa=a; | 427 | aa=a; |
| 426 | if (BN_is_zero(aa)) | 428 | if (BN_is_zero(aa)) |
| 427 | { | 429 | { |
| 428 | ret = BN_zero(rr); | 430 | BN_zero(rr); |
| 431 | ret = 1; | ||
| 429 | goto err; | 432 | goto err; |
| 430 | } | 433 | } |
| 431 | if (!BN_to_montgomery(&(val[0]),aa,mont,ctx)) goto err; /* 1 */ | 434 | if (!BN_to_montgomery(val[0],aa,mont,ctx)) goto err; /* 1 */ |
| 432 | 435 | ||
| 433 | window = BN_window_bits_for_exponent_size(bits); | 436 | window = BN_window_bits_for_exponent_size(bits); |
| 434 | if (window > 1) | 437 | if (window > 1) |
| 435 | { | 438 | { |
| 436 | if (!BN_mod_mul_montgomery(d,&(val[0]),&(val[0]),mont,ctx)) goto err; /* 2 */ | 439 | if (!BN_mod_mul_montgomery(d,val[0],val[0],mont,ctx)) goto err; /* 2 */ |
| 437 | j=1<<(window-1); | 440 | j=1<<(window-1); |
| 438 | for (i=1; i<j; i++) | 441 | for (i=1; i<j; i++) |
| 439 | { | 442 | { |
| 440 | BN_init(&(val[i])); | 443 | if(((val[i] = BN_CTX_get(ctx)) == NULL) || |
| 441 | if (!BN_mod_mul_montgomery(&(val[i]),&(val[i-1]),d,mont,ctx)) | 444 | !BN_mod_mul_montgomery(val[i],val[i-1], |
| 445 | d,mont,ctx)) | ||
| 442 | goto err; | 446 | goto err; |
| 443 | } | 447 | } |
| 444 | ts=i; | ||
| 445 | } | 448 | } |
| 446 | 449 | ||
| 447 | start=1; /* This is used to avoid multiplication etc | 450 | start=1; /* This is used to avoid multiplication etc |
| @@ -494,7 +497,7 @@ int BN_mod_exp_mont(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, | |||
| 494 | } | 497 | } |
| 495 | 498 | ||
| 496 | /* wvalue will be an odd number < 2^window */ | 499 | /* wvalue will be an odd number < 2^window */ |
| 497 | if (!BN_mod_mul_montgomery(r,r,&(val[wvalue>>1]),mont,ctx)) | 500 | if (!BN_mod_mul_montgomery(r,r,val[wvalue>>1],mont,ctx)) |
| 498 | goto err; | 501 | goto err; |
| 499 | 502 | ||
| 500 | /* move the 'window' down further */ | 503 | /* move the 'window' down further */ |
| @@ -508,8 +511,7 @@ int BN_mod_exp_mont(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, | |||
| 508 | err: | 511 | err: |
| 509 | if ((in_mont == NULL) && (mont != NULL)) BN_MONT_CTX_free(mont); | 512 | if ((in_mont == NULL) && (mont != NULL)) BN_MONT_CTX_free(mont); |
| 510 | BN_CTX_end(ctx); | 513 | BN_CTX_end(ctx); |
| 511 | for (i=0; i<ts; i++) | 514 | bn_check_top(rr); |
| 512 | BN_clear_free(&(val[i])); | ||
| 513 | return(ret); | 515 | return(ret); |
| 514 | } | 516 | } |
| 515 | 517 | ||
| @@ -535,7 +537,7 @@ static int MOD_EXP_CTIME_COPY_TO_PREBUF(BIGNUM *b, int top, unsigned char *buf, | |||
| 535 | buf[j] = ((unsigned char*)b->d)[i]; | 537 | buf[j] = ((unsigned char*)b->d)[i]; |
| 536 | } | 538 | } |
| 537 | 539 | ||
| 538 | bn_fix_top(b); | 540 | bn_correct_top(b); |
| 539 | return 1; | 541 | return 1; |
| 540 | } | 542 | } |
| 541 | 543 | ||
| @@ -552,7 +554,7 @@ static int MOD_EXP_CTIME_COPY_FROM_PREBUF(BIGNUM *b, int top, unsigned char *buf | |||
| 552 | } | 554 | } |
| 553 | 555 | ||
| 554 | b->top = top; | 556 | b->top = top; |
| 555 | bn_fix_top(b); | 557 | bn_correct_top(b); |
| 556 | return 1; | 558 | return 1; |
| 557 | } | 559 | } |
| 558 | 560 | ||
| @@ -743,9 +745,9 @@ int BN_mod_exp_mont_word(BIGNUM *rr, BN_ULONG a, const BIGNUM *p, | |||
| 743 | #define BN_TO_MONTGOMERY_WORD(r, w, mont) \ | 745 | #define BN_TO_MONTGOMERY_WORD(r, w, mont) \ |
| 744 | (BN_set_word(r, (w)) && BN_to_montgomery(r, r, (mont), ctx)) | 746 | (BN_set_word(r, (w)) && BN_to_montgomery(r, r, (mont), ctx)) |
| 745 | 747 | ||
| 746 | if (BN_get_flags(p, BN_FLG_EXP_CONSTTIME) != 0) | 748 | if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0) |
| 747 | { | 749 | { |
| 748 | /* BN_FLG_EXP_CONSTTIME only supported by BN_mod_exp_mont() */ | 750 | /* BN_FLG_CONSTTIME only supported by BN_mod_exp_mont() */ |
| 749 | BNerr(BN_F_BN_MOD_EXP_MONT_WORD,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); | 751 | BNerr(BN_F_BN_MOD_EXP_MONT_WORD,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); |
| 750 | return -1; | 752 | return -1; |
| 751 | } | 753 | } |
| @@ -753,7 +755,7 @@ int BN_mod_exp_mont_word(BIGNUM *rr, BN_ULONG a, const BIGNUM *p, | |||
| 753 | bn_check_top(p); | 755 | bn_check_top(p); |
| 754 | bn_check_top(m); | 756 | bn_check_top(m); |
| 755 | 757 | ||
| 756 | if (m->top == 0 || !(m->d[0] & 1)) | 758 | if (!BN_is_odd(m)) |
| 757 | { | 759 | { |
| 758 | BNerr(BN_F_BN_MOD_EXP_MONT_WORD,BN_R_CALLED_WITH_EVEN_MODULUS); | 760 | BNerr(BN_F_BN_MOD_EXP_MONT_WORD,BN_R_CALLED_WITH_EVEN_MODULUS); |
| 759 | return(0); | 761 | return(0); |
| @@ -769,7 +771,8 @@ int BN_mod_exp_mont_word(BIGNUM *rr, BN_ULONG a, const BIGNUM *p, | |||
| 769 | } | 771 | } |
| 770 | if (a == 0) | 772 | if (a == 0) |
| 771 | { | 773 | { |
| 772 | ret = BN_zero(rr); | 774 | BN_zero(rr); |
| 775 | ret = 1; | ||
| 773 | return ret; | 776 | return ret; |
| 774 | } | 777 | } |
| 775 | 778 | ||
| @@ -863,23 +866,24 @@ int BN_mod_exp_mont_word(BIGNUM *rr, BN_ULONG a, const BIGNUM *p, | |||
| 863 | err: | 866 | err: |
| 864 | if ((in_mont == NULL) && (mont != NULL)) BN_MONT_CTX_free(mont); | 867 | if ((in_mont == NULL) && (mont != NULL)) BN_MONT_CTX_free(mont); |
| 865 | BN_CTX_end(ctx); | 868 | BN_CTX_end(ctx); |
| 869 | bn_check_top(rr); | ||
| 866 | return(ret); | 870 | return(ret); |
| 867 | } | 871 | } |
| 868 | 872 | ||
| 869 | 873 | ||
| 870 | /* The old fallback, simple version :-) */ | 874 | /* The old fallback, simple version :-) */ |
| 871 | int BN_mod_exp_simple(BIGNUM *r, | 875 | int BN_mod_exp_simple(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, |
| 872 | const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, | 876 | const BIGNUM *m, BN_CTX *ctx) |
| 873 | BN_CTX *ctx) | ||
| 874 | { | 877 | { |
| 875 | int i,j,bits,ret=0,wstart,wend,window,wvalue,ts=0; | 878 | int i,j,bits,ret=0,wstart,wend,window,wvalue; |
| 876 | int start=1; | 879 | int start=1; |
| 877 | BIGNUM *d; | 880 | BIGNUM *d; |
| 878 | BIGNUM val[TABLE_SIZE]; | 881 | /* Table of variables obtained from 'ctx' */ |
| 882 | BIGNUM *val[TABLE_SIZE]; | ||
| 879 | 883 | ||
| 880 | if (BN_get_flags(p, BN_FLG_EXP_CONSTTIME) != 0) | 884 | if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0) |
| 881 | { | 885 | { |
| 882 | /* BN_FLG_EXP_CONSTTIME only supported by BN_mod_exp_mont() */ | 886 | /* BN_FLG_CONSTTIME only supported by BN_mod_exp_mont() */ |
| 883 | BNerr(BN_F_BN_MOD_EXP_SIMPLE,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); | 887 | BNerr(BN_F_BN_MOD_EXP_SIMPLE,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); |
| 884 | return -1; | 888 | return -1; |
| 885 | } | 889 | } |
| @@ -893,30 +897,30 @@ int BN_mod_exp_simple(BIGNUM *r, | |||
| 893 | } | 897 | } |
| 894 | 898 | ||
| 895 | BN_CTX_start(ctx); | 899 | BN_CTX_start(ctx); |
| 896 | if ((d = BN_CTX_get(ctx)) == NULL) goto err; | 900 | d = BN_CTX_get(ctx); |
| 901 | val[0] = BN_CTX_get(ctx); | ||
| 902 | if(!d || !val[0]) goto err; | ||
| 897 | 903 | ||
| 898 | BN_init(&(val[0])); | 904 | if (!BN_nnmod(val[0],a,m,ctx)) goto err; /* 1 */ |
| 899 | ts=1; | 905 | if (BN_is_zero(val[0])) |
| 900 | if (!BN_nnmod(&(val[0]),a,m,ctx)) goto err; /* 1 */ | ||
| 901 | if (BN_is_zero(&(val[0]))) | ||
| 902 | { | 906 | { |
| 903 | ret = BN_zero(r); | 907 | BN_zero(r); |
| 908 | ret = 1; | ||
| 904 | goto err; | 909 | goto err; |
| 905 | } | 910 | } |
| 906 | 911 | ||
| 907 | window = BN_window_bits_for_exponent_size(bits); | 912 | window = BN_window_bits_for_exponent_size(bits); |
| 908 | if (window > 1) | 913 | if (window > 1) |
| 909 | { | 914 | { |
| 910 | if (!BN_mod_mul(d,&(val[0]),&(val[0]),m,ctx)) | 915 | if (!BN_mod_mul(d,val[0],val[0],m,ctx)) |
| 911 | goto err; /* 2 */ | 916 | goto err; /* 2 */ |
| 912 | j=1<<(window-1); | 917 | j=1<<(window-1); |
| 913 | for (i=1; i<j; i++) | 918 | for (i=1; i<j; i++) |
| 914 | { | 919 | { |
| 915 | BN_init(&(val[i])); | 920 | if(((val[i] = BN_CTX_get(ctx)) == NULL) || |
| 916 | if (!BN_mod_mul(&(val[i]),&(val[i-1]),d,m,ctx)) | 921 | !BN_mod_mul(val[i],val[i-1],d,m,ctx)) |
| 917 | goto err; | 922 | goto err; |
| 918 | } | 923 | } |
| 919 | ts=i; | ||
| 920 | } | 924 | } |
| 921 | 925 | ||
| 922 | start=1; /* This is used to avoid multiplication etc | 926 | start=1; /* This is used to avoid multiplication etc |
| @@ -968,7 +972,7 @@ int BN_mod_exp_simple(BIGNUM *r, | |||
| 968 | } | 972 | } |
| 969 | 973 | ||
| 970 | /* wvalue will be an odd number < 2^window */ | 974 | /* wvalue will be an odd number < 2^window */ |
| 971 | if (!BN_mod_mul(r,r,&(val[wvalue>>1]),m,ctx)) | 975 | if (!BN_mod_mul(r,r,val[wvalue>>1],m,ctx)) |
| 972 | goto err; | 976 | goto err; |
| 973 | 977 | ||
| 974 | /* move the 'window' down further */ | 978 | /* move the 'window' down further */ |
| @@ -980,8 +984,7 @@ int BN_mod_exp_simple(BIGNUM *r, | |||
| 980 | ret=1; | 984 | ret=1; |
| 981 | err: | 985 | err: |
| 982 | BN_CTX_end(ctx); | 986 | BN_CTX_end(ctx); |
| 983 | for (i=0; i<ts; i++) | 987 | bn_check_top(r); |
| 984 | BN_clear_free(&(val[i])); | ||
| 985 | return(ret); | 988 | return(ret); |
| 986 | } | 989 | } |
| 987 | 990 | ||
diff --git a/src/lib/libssl/src/crypto/bn/bn_exp2.c b/src/lib/libssl/src/crypto/bn/bn_exp2.c index 73ccd58a83..b3f43cec8c 100644 --- a/src/lib/libssl/src/crypto/bn/bn_exp2.c +++ b/src/lib/libssl/src/crypto/bn/bn_exp2.c | |||
| @@ -120,10 +120,11 @@ int BN_mod_exp2_mont(BIGNUM *rr, const BIGNUM *a1, const BIGNUM *p1, | |||
| 120 | BN_CTX *ctx, BN_MONT_CTX *in_mont) | 120 | BN_CTX *ctx, BN_MONT_CTX *in_mont) |
| 121 | { | 121 | { |
| 122 | int i,j,bits,b,bits1,bits2,ret=0,wpos1,wpos2,window1,window2,wvalue1,wvalue2; | 122 | int i,j,bits,b,bits1,bits2,ret=0,wpos1,wpos2,window1,window2,wvalue1,wvalue2; |
| 123 | int r_is_one=1,ts1=0,ts2=0; | 123 | int r_is_one=1; |
| 124 | BIGNUM *d,*r; | 124 | BIGNUM *d,*r; |
| 125 | const BIGNUM *a_mod_m; | 125 | const BIGNUM *a_mod_m; |
| 126 | BIGNUM val1[TABLE_SIZE], val2[TABLE_SIZE]; | 126 | /* Tables of variables obtained from 'ctx' */ |
| 127 | BIGNUM *val1[TABLE_SIZE], *val2[TABLE_SIZE]; | ||
| 127 | BN_MONT_CTX *mont=NULL; | 128 | BN_MONT_CTX *mont=NULL; |
| 128 | 129 | ||
| 129 | bn_check_top(a1); | 130 | bn_check_top(a1); |
| @@ -150,7 +151,9 @@ int BN_mod_exp2_mont(BIGNUM *rr, const BIGNUM *a1, const BIGNUM *p1, | |||
| 150 | BN_CTX_start(ctx); | 151 | BN_CTX_start(ctx); |
| 151 | d = BN_CTX_get(ctx); | 152 | d = BN_CTX_get(ctx); |
| 152 | r = BN_CTX_get(ctx); | 153 | r = BN_CTX_get(ctx); |
| 153 | if (d == NULL || r == NULL) goto err; | 154 | val1[0] = BN_CTX_get(ctx); |
| 155 | val2[0] = BN_CTX_get(ctx); | ||
| 156 | if(!d || !r || !val1[0] || !val2[0]) goto err; | ||
| 154 | 157 | ||
| 155 | if (in_mont != NULL) | 158 | if (in_mont != NULL) |
| 156 | mont=in_mont; | 159 | mont=in_mont; |
| @@ -166,69 +169,67 @@ int BN_mod_exp2_mont(BIGNUM *rr, const BIGNUM *a1, const BIGNUM *p1, | |||
| 166 | /* | 169 | /* |
| 167 | * Build table for a1: val1[i] := a1^(2*i + 1) mod m for i = 0 .. 2^(window1-1) | 170 | * Build table for a1: val1[i] := a1^(2*i + 1) mod m for i = 0 .. 2^(window1-1) |
| 168 | */ | 171 | */ |
| 169 | BN_init(&val1[0]); | ||
| 170 | ts1=1; | ||
| 171 | if (a1->neg || BN_ucmp(a1,m) >= 0) | 172 | if (a1->neg || BN_ucmp(a1,m) >= 0) |
| 172 | { | 173 | { |
| 173 | if (!BN_mod(&(val1[0]),a1,m,ctx)) | 174 | if (!BN_mod(val1[0],a1,m,ctx)) |
| 174 | goto err; | 175 | goto err; |
| 175 | a_mod_m = &(val1[0]); | 176 | a_mod_m = val1[0]; |
| 176 | } | 177 | } |
| 177 | else | 178 | else |
| 178 | a_mod_m = a1; | 179 | a_mod_m = a1; |
| 179 | if (BN_is_zero(a_mod_m)) | 180 | if (BN_is_zero(a_mod_m)) |
| 180 | { | 181 | { |
| 181 | ret = BN_zero(rr); | 182 | BN_zero(rr); |
| 183 | ret = 1; | ||
| 182 | goto err; | 184 | goto err; |
| 183 | } | 185 | } |
| 184 | 186 | ||
| 185 | if (!BN_to_montgomery(&(val1[0]),a_mod_m,mont,ctx)) goto err; | 187 | if (!BN_to_montgomery(val1[0],a_mod_m,mont,ctx)) goto err; |
| 186 | if (window1 > 1) | 188 | if (window1 > 1) |
| 187 | { | 189 | { |
| 188 | if (!BN_mod_mul_montgomery(d,&(val1[0]),&(val1[0]),mont,ctx)) goto err; | 190 | if (!BN_mod_mul_montgomery(d,val1[0],val1[0],mont,ctx)) goto err; |
| 189 | 191 | ||
| 190 | j=1<<(window1-1); | 192 | j=1<<(window1-1); |
| 191 | for (i=1; i<j; i++) | 193 | for (i=1; i<j; i++) |
| 192 | { | 194 | { |
| 193 | BN_init(&(val1[i])); | 195 | if(((val1[i] = BN_CTX_get(ctx)) == NULL) || |
| 194 | if (!BN_mod_mul_montgomery(&(val1[i]),&(val1[i-1]),d,mont,ctx)) | 196 | !BN_mod_mul_montgomery(val1[i],val1[i-1], |
| 197 | d,mont,ctx)) | ||
| 195 | goto err; | 198 | goto err; |
| 196 | } | 199 | } |
| 197 | ts1=i; | ||
| 198 | } | 200 | } |
| 199 | 201 | ||
| 200 | 202 | ||
| 201 | /* | 203 | /* |
| 202 | * Build table for a2: val2[i] := a2^(2*i + 1) mod m for i = 0 .. 2^(window2-1) | 204 | * Build table for a2: val2[i] := a2^(2*i + 1) mod m for i = 0 .. 2^(window2-1) |
| 203 | */ | 205 | */ |
| 204 | BN_init(&val2[0]); | ||
| 205 | ts2=1; | ||
| 206 | if (a2->neg || BN_ucmp(a2,m) >= 0) | 206 | if (a2->neg || BN_ucmp(a2,m) >= 0) |
| 207 | { | 207 | { |
| 208 | if (!BN_mod(&(val2[0]),a2,m,ctx)) | 208 | if (!BN_mod(val2[0],a2,m,ctx)) |
| 209 | goto err; | 209 | goto err; |
| 210 | a_mod_m = &(val2[0]); | 210 | a_mod_m = val2[0]; |
| 211 | } | 211 | } |
| 212 | else | 212 | else |
| 213 | a_mod_m = a2; | 213 | a_mod_m = a2; |
| 214 | if (BN_is_zero(a_mod_m)) | 214 | if (BN_is_zero(a_mod_m)) |
| 215 | { | 215 | { |
| 216 | ret = BN_zero(rr); | 216 | BN_zero(rr); |
| 217 | ret = 1; | ||
| 217 | goto err; | 218 | goto err; |
| 218 | } | 219 | } |
| 219 | if (!BN_to_montgomery(&(val2[0]),a_mod_m,mont,ctx)) goto err; | 220 | if (!BN_to_montgomery(val2[0],a_mod_m,mont,ctx)) goto err; |
| 220 | if (window2 > 1) | 221 | if (window2 > 1) |
| 221 | { | 222 | { |
| 222 | if (!BN_mod_mul_montgomery(d,&(val2[0]),&(val2[0]),mont,ctx)) goto err; | 223 | if (!BN_mod_mul_montgomery(d,val2[0],val2[0],mont,ctx)) goto err; |
| 223 | 224 | ||
| 224 | j=1<<(window2-1); | 225 | j=1<<(window2-1); |
| 225 | for (i=1; i<j; i++) | 226 | for (i=1; i<j; i++) |
| 226 | { | 227 | { |
| 227 | BN_init(&(val2[i])); | 228 | if(((val2[i] = BN_CTX_get(ctx)) == NULL) || |
| 228 | if (!BN_mod_mul_montgomery(&(val2[i]),&(val2[i-1]),d,mont,ctx)) | 229 | !BN_mod_mul_montgomery(val2[i],val2[i-1], |
| 230 | d,mont,ctx)) | ||
| 229 | goto err; | 231 | goto err; |
| 230 | } | 232 | } |
| 231 | ts2=i; | ||
| 232 | } | 233 | } |
| 233 | 234 | ||
| 234 | 235 | ||
| @@ -285,7 +286,7 @@ int BN_mod_exp2_mont(BIGNUM *rr, const BIGNUM *a1, const BIGNUM *p1, | |||
| 285 | if (wvalue1 && b == wpos1) | 286 | if (wvalue1 && b == wpos1) |
| 286 | { | 287 | { |
| 287 | /* wvalue1 is odd and < 2^window1 */ | 288 | /* wvalue1 is odd and < 2^window1 */ |
| 288 | if (!BN_mod_mul_montgomery(r,r,&(val1[wvalue1>>1]),mont,ctx)) | 289 | if (!BN_mod_mul_montgomery(r,r,val1[wvalue1>>1],mont,ctx)) |
| 289 | goto err; | 290 | goto err; |
| 290 | wvalue1 = 0; | 291 | wvalue1 = 0; |
| 291 | r_is_one = 0; | 292 | r_is_one = 0; |
| @@ -294,7 +295,7 @@ int BN_mod_exp2_mont(BIGNUM *rr, const BIGNUM *a1, const BIGNUM *p1, | |||
| 294 | if (wvalue2 && b == wpos2) | 295 | if (wvalue2 && b == wpos2) |
| 295 | { | 296 | { |
| 296 | /* wvalue2 is odd and < 2^window2 */ | 297 | /* wvalue2 is odd and < 2^window2 */ |
| 297 | if (!BN_mod_mul_montgomery(r,r,&(val2[wvalue2>>1]),mont,ctx)) | 298 | if (!BN_mod_mul_montgomery(r,r,val2[wvalue2>>1],mont,ctx)) |
| 298 | goto err; | 299 | goto err; |
| 299 | wvalue2 = 0; | 300 | wvalue2 = 0; |
| 300 | r_is_one = 0; | 301 | r_is_one = 0; |
| @@ -305,9 +306,6 @@ int BN_mod_exp2_mont(BIGNUM *rr, const BIGNUM *a1, const BIGNUM *p1, | |||
| 305 | err: | 306 | err: |
| 306 | if ((in_mont == NULL) && (mont != NULL)) BN_MONT_CTX_free(mont); | 307 | if ((in_mont == NULL) && (mont != NULL)) BN_MONT_CTX_free(mont); |
| 307 | BN_CTX_end(ctx); | 308 | BN_CTX_end(ctx); |
| 308 | for (i=0; i<ts1; i++) | 309 | bn_check_top(rr); |
| 309 | BN_clear_free(&(val1[i])); | ||
| 310 | for (i=0; i<ts2; i++) | ||
| 311 | BN_clear_free(&(val2[i])); | ||
| 312 | return(ret); | 310 | return(ret); |
| 313 | } | 311 | } |
diff --git a/src/lib/libssl/src/crypto/bn/bn_gcd.c b/src/lib/libssl/src/crypto/bn/bn_gcd.c index 7649f63fd2..4a352119ba 100644 --- a/src/lib/libssl/src/crypto/bn/bn_gcd.c +++ b/src/lib/libssl/src/crypto/bn/bn_gcd.c | |||
| @@ -140,6 +140,7 @@ int BN_gcd(BIGNUM *r, const BIGNUM *in_a, const BIGNUM *in_b, BN_CTX *ctx) | |||
| 140 | ret=1; | 140 | ret=1; |
| 141 | err: | 141 | err: |
| 142 | BN_CTX_end(ctx); | 142 | BN_CTX_end(ctx); |
| 143 | bn_check_top(r); | ||
| 143 | return(ret); | 144 | return(ret); |
| 144 | } | 145 | } |
| 145 | 146 | ||
| @@ -194,6 +195,7 @@ static BIGNUM *euclid(BIGNUM *a, BIGNUM *b) | |||
| 194 | { | 195 | { |
| 195 | if (!BN_lshift(a,a,shifts)) goto err; | 196 | if (!BN_lshift(a,a,shifts)) goto err; |
| 196 | } | 197 | } |
| 198 | bn_check_top(a); | ||
| 197 | return(a); | 199 | return(a); |
| 198 | err: | 200 | err: |
| 199 | return(NULL); | 201 | return(NULL); |
| @@ -201,6 +203,8 @@ err: | |||
| 201 | 203 | ||
| 202 | 204 | ||
| 203 | /* solves ax == 1 (mod n) */ | 205 | /* solves ax == 1 (mod n) */ |
| 206 | static BIGNUM *BN_mod_inverse_no_branch(BIGNUM *in, | ||
| 207 | const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx); | ||
| 204 | BIGNUM *BN_mod_inverse(BIGNUM *in, | 208 | BIGNUM *BN_mod_inverse(BIGNUM *in, |
| 205 | const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx) | 209 | const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx) |
| 206 | { | 210 | { |
| @@ -208,6 +212,11 @@ BIGNUM *BN_mod_inverse(BIGNUM *in, | |||
| 208 | BIGNUM *ret=NULL; | 212 | BIGNUM *ret=NULL; |
| 209 | int sign; | 213 | int sign; |
| 210 | 214 | ||
| 215 | if ((BN_get_flags(a, BN_FLG_CONSTTIME) != 0) || (BN_get_flags(n, BN_FLG_CONSTTIME) != 0)) | ||
| 216 | { | ||
| 217 | return BN_mod_inverse_no_branch(in, a, n, ctx); | ||
| 218 | } | ||
| 219 | |||
| 211 | bn_check_top(a); | 220 | bn_check_top(a); |
| 212 | bn_check_top(n); | 221 | bn_check_top(n); |
| 213 | 222 | ||
| @@ -486,5 +495,160 @@ BIGNUM *BN_mod_inverse(BIGNUM *in, | |||
| 486 | err: | 495 | err: |
| 487 | if ((ret == NULL) && (in == NULL)) BN_free(R); | 496 | if ((ret == NULL) && (in == NULL)) BN_free(R); |
| 488 | BN_CTX_end(ctx); | 497 | BN_CTX_end(ctx); |
| 498 | bn_check_top(ret); | ||
| 499 | return(ret); | ||
| 500 | } | ||
| 501 | |||
| 502 | |||
| 503 | /* BN_mod_inverse_no_branch is a special version of BN_mod_inverse. | ||
| 504 | * It does not contain branches that may leak sensitive information. | ||
| 505 | */ | ||
| 506 | static BIGNUM *BN_mod_inverse_no_branch(BIGNUM *in, | ||
| 507 | const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx) | ||
| 508 | { | ||
| 509 | BIGNUM *A,*B,*X,*Y,*M,*D,*T,*R=NULL; | ||
| 510 | BIGNUM local_A, local_B; | ||
| 511 | BIGNUM *pA, *pB; | ||
| 512 | BIGNUM *ret=NULL; | ||
| 513 | int sign; | ||
| 514 | |||
| 515 | bn_check_top(a); | ||
| 516 | bn_check_top(n); | ||
| 517 | |||
| 518 | BN_CTX_start(ctx); | ||
| 519 | A = BN_CTX_get(ctx); | ||
| 520 | B = BN_CTX_get(ctx); | ||
| 521 | X = BN_CTX_get(ctx); | ||
| 522 | D = BN_CTX_get(ctx); | ||
| 523 | M = BN_CTX_get(ctx); | ||
| 524 | Y = BN_CTX_get(ctx); | ||
| 525 | T = BN_CTX_get(ctx); | ||
| 526 | if (T == NULL) goto err; | ||
| 527 | |||
| 528 | if (in == NULL) | ||
| 529 | R=BN_new(); | ||
| 530 | else | ||
| 531 | R=in; | ||
| 532 | if (R == NULL) goto err; | ||
| 533 | |||
| 534 | BN_one(X); | ||
| 535 | BN_zero(Y); | ||
| 536 | if (BN_copy(B,a) == NULL) goto err; | ||
| 537 | if (BN_copy(A,n) == NULL) goto err; | ||
| 538 | A->neg = 0; | ||
| 539 | |||
| 540 | if (B->neg || (BN_ucmp(B, A) >= 0)) | ||
| 541 | { | ||
| 542 | /* Turn BN_FLG_CONSTTIME flag on, so that when BN_div is invoked, | ||
| 543 | * BN_div_no_branch will be called eventually. | ||
| 544 | */ | ||
| 545 | pB = &local_B; | ||
| 546 | BN_with_flags(pB, B, BN_FLG_CONSTTIME); | ||
| 547 | if (!BN_nnmod(B, pB, A, ctx)) goto err; | ||
| 548 | } | ||
| 549 | sign = -1; | ||
| 550 | /* From B = a mod |n|, A = |n| it follows that | ||
| 551 | * | ||
| 552 | * 0 <= B < A, | ||
| 553 | * -sign*X*a == B (mod |n|), | ||
| 554 | * sign*Y*a == A (mod |n|). | ||
| 555 | */ | ||
| 556 | |||
| 557 | while (!BN_is_zero(B)) | ||
| 558 | { | ||
| 559 | BIGNUM *tmp; | ||
| 560 | |||
| 561 | /* | ||
| 562 | * 0 < B < A, | ||
| 563 | * (*) -sign*X*a == B (mod |n|), | ||
| 564 | * sign*Y*a == A (mod |n|) | ||
| 565 | */ | ||
| 566 | |||
| 567 | /* Turn BN_FLG_CONSTTIME flag on, so that when BN_div is invoked, | ||
| 568 | * BN_div_no_branch will be called eventually. | ||
| 569 | */ | ||
| 570 | pA = &local_A; | ||
| 571 | BN_with_flags(pA, A, BN_FLG_CONSTTIME); | ||
| 572 | |||
| 573 | /* (D, M) := (A/B, A%B) ... */ | ||
| 574 | if (!BN_div(D,M,pA,B,ctx)) goto err; | ||
| 575 | |||
| 576 | /* Now | ||
| 577 | * A = D*B + M; | ||
| 578 | * thus we have | ||
| 579 | * (**) sign*Y*a == D*B + M (mod |n|). | ||
| 580 | */ | ||
| 581 | |||
| 582 | tmp=A; /* keep the BIGNUM object, the value does not matter */ | ||
| 583 | |||
| 584 | /* (A, B) := (B, A mod B) ... */ | ||
| 585 | A=B; | ||
| 586 | B=M; | ||
| 587 | /* ... so we have 0 <= B < A again */ | ||
| 588 | |||
| 589 | /* Since the former M is now B and the former B is now A, | ||
| 590 | * (**) translates into | ||
| 591 | * sign*Y*a == D*A + B (mod |n|), | ||
| 592 | * i.e. | ||
| 593 | * sign*Y*a - D*A == B (mod |n|). | ||
| 594 | * Similarly, (*) translates into | ||
| 595 | * -sign*X*a == A (mod |n|). | ||
| 596 | * | ||
| 597 | * Thus, | ||
| 598 | * sign*Y*a + D*sign*X*a == B (mod |n|), | ||
| 599 | * i.e. | ||
| 600 | * sign*(Y + D*X)*a == B (mod |n|). | ||
| 601 | * | ||
| 602 | * So if we set (X, Y, sign) := (Y + D*X, X, -sign), we arrive back at | ||
| 603 | * -sign*X*a == B (mod |n|), | ||
| 604 | * sign*Y*a == A (mod |n|). | ||
| 605 | * Note that X and Y stay non-negative all the time. | ||
| 606 | */ | ||
| 607 | |||
| 608 | if (!BN_mul(tmp,D,X,ctx)) goto err; | ||
| 609 | if (!BN_add(tmp,tmp,Y)) goto err; | ||
| 610 | |||
| 611 | M=Y; /* keep the BIGNUM object, the value does not matter */ | ||
| 612 | Y=X; | ||
| 613 | X=tmp; | ||
| 614 | sign = -sign; | ||
| 615 | } | ||
| 616 | |||
| 617 | /* | ||
| 618 | * The while loop (Euclid's algorithm) ends when | ||
| 619 | * A == gcd(a,n); | ||
| 620 | * we have | ||
| 621 | * sign*Y*a == A (mod |n|), | ||
| 622 | * where Y is non-negative. | ||
| 623 | */ | ||
| 624 | |||
| 625 | if (sign < 0) | ||
| 626 | { | ||
| 627 | if (!BN_sub(Y,n,Y)) goto err; | ||
| 628 | } | ||
| 629 | /* Now Y*a == A (mod |n|). */ | ||
| 630 | |||
| 631 | if (BN_is_one(A)) | ||
| 632 | { | ||
| 633 | /* Y*a == 1 (mod |n|) */ | ||
| 634 | if (!Y->neg && BN_ucmp(Y,n) < 0) | ||
| 635 | { | ||
| 636 | if (!BN_copy(R,Y)) goto err; | ||
| 637 | } | ||
| 638 | else | ||
| 639 | { | ||
| 640 | if (!BN_nnmod(R,Y,n,ctx)) goto err; | ||
| 641 | } | ||
| 642 | } | ||
| 643 | else | ||
| 644 | { | ||
| 645 | BNerr(BN_F_BN_MOD_INVERSE_NO_BRANCH,BN_R_NO_INVERSE); | ||
| 646 | goto err; | ||
| 647 | } | ||
| 648 | ret=R; | ||
| 649 | err: | ||
| 650 | if ((ret == NULL) && (in == NULL)) BN_free(R); | ||
| 651 | BN_CTX_end(ctx); | ||
| 652 | bn_check_top(ret); | ||
| 489 | return(ret); | 653 | return(ret); |
| 490 | } | 654 | } |
diff --git a/src/lib/libssl/src/crypto/bn/bn_kron.c b/src/lib/libssl/src/crypto/bn/bn_kron.c index 49f75594ae..740359b752 100644 --- a/src/lib/libssl/src/crypto/bn/bn_kron.c +++ b/src/lib/libssl/src/crypto/bn/bn_kron.c | |||
| @@ -53,9 +53,9 @@ | |||
| 53 | * | 53 | * |
| 54 | */ | 54 | */ |
| 55 | 55 | ||
| 56 | #include "cryptlib.h" | ||
| 56 | #include "bn_lcl.h" | 57 | #include "bn_lcl.h" |
| 57 | 58 | ||
| 58 | |||
| 59 | /* least significant word */ | 59 | /* least significant word */ |
| 60 | #define BN_lsw(n) (((n)->top == 0) ? (BN_ULONG) 0 : (n)->d[0]) | 60 | #define BN_lsw(n) (((n)->top == 0) ? (BN_ULONG) 0 : (n)->d[0]) |
| 61 | 61 | ||
| @@ -74,6 +74,9 @@ int BN_kronecker(const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) | |||
| 74 | */ | 74 | */ |
| 75 | static const int tab[8] = {0, 1, 0, -1, 0, -1, 0, 1}; | 75 | static const int tab[8] = {0, 1, 0, -1, 0, -1, 0, 1}; |
| 76 | 76 | ||
| 77 | bn_check_top(a); | ||
| 78 | bn_check_top(b); | ||
| 79 | |||
| 77 | BN_CTX_start(ctx); | 80 | BN_CTX_start(ctx); |
| 78 | A = BN_CTX_get(ctx); | 81 | A = BN_CTX_get(ctx); |
| 79 | B = BN_CTX_get(ctx); | 82 | B = BN_CTX_get(ctx); |
| @@ -172,8 +175,7 @@ int BN_kronecker(const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) | |||
| 172 | tmp = A; A = B; B = tmp; | 175 | tmp = A; A = B; B = tmp; |
| 173 | tmp->neg = 0; | 176 | tmp->neg = 0; |
| 174 | } | 177 | } |
| 175 | 178 | end: | |
| 176 | end: | ||
| 177 | BN_CTX_end(ctx); | 179 | BN_CTX_end(ctx); |
| 178 | if (err) | 180 | if (err) |
| 179 | return -2; | 181 | return -2; |
diff --git a/src/lib/libssl/src/crypto/bn/bn_lcl.h b/src/lib/libssl/src/crypto/bn/bn_lcl.h index a84998f2bd..27ac4397a1 100644 --- a/src/lib/libssl/src/crypto/bn/bn_lcl.h +++ b/src/lib/libssl/src/crypto/bn/bn_lcl.h | |||
| @@ -119,20 +119,6 @@ extern "C" { | |||
| 119 | #endif | 119 | #endif |
| 120 | 120 | ||
| 121 | 121 | ||
| 122 | /* Used for temp variables */ | ||
| 123 | #define BN_CTX_NUM 32 | ||
| 124 | #define BN_CTX_NUM_POS 12 | ||
| 125 | struct bignum_ctx | ||
| 126 | { | ||
| 127 | int tos; | ||
| 128 | BIGNUM bn[BN_CTX_NUM]; | ||
| 129 | int flags; | ||
| 130 | int depth; | ||
| 131 | int pos[BN_CTX_NUM_POS]; | ||
| 132 | int too_many; | ||
| 133 | } /* BN_CTX */; | ||
| 134 | |||
| 135 | |||
| 136 | /* | 122 | /* |
| 137 | * BN_window_bits_for_exponent_size -- macro for sliding window mod_exp functions | 123 | * BN_window_bits_for_exponent_size -- macro for sliding window mod_exp functions |
| 138 | * | 124 | * |
| @@ -284,6 +270,15 @@ struct bignum_ctx | |||
| 284 | : "a"(a),"g"(b) \ | 270 | : "a"(a),"g"(b) \ |
| 285 | : "cc"); | 271 | : "cc"); |
| 286 | # endif | 272 | # endif |
| 273 | # elif (defined(_M_AMD64) || defined(_M_X64)) && defined(SIXTY_FOUR_BIT) | ||
| 274 | # if defined(_MSC_VER) && _MSC_VER>=1400 | ||
| 275 | unsigned __int64 __umulh (unsigned __int64 a,unsigned __int64 b); | ||
| 276 | unsigned __int64 _umul128 (unsigned __int64 a,unsigned __int64 b, | ||
| 277 | unsigned __int64 *h); | ||
| 278 | # pragma intrinsic(__umulh,_umul128) | ||
| 279 | # define BN_UMULT_HIGH(a,b) __umulh((a),(b)) | ||
| 280 | # define BN_UMULT_LOHI(low,high,a,b) ((low)=_umul128((a),(b),&(high))) | ||
| 281 | # endif | ||
| 287 | # endif /* cpu */ | 282 | # endif /* cpu */ |
| 288 | #endif /* OPENSSL_NO_ASM */ | 283 | #endif /* OPENSSL_NO_ASM */ |
| 289 | 284 | ||
| @@ -293,44 +288,17 @@ struct bignum_ctx | |||
| 293 | #define Lw(t) (((BN_ULONG)(t))&BN_MASK2) | 288 | #define Lw(t) (((BN_ULONG)(t))&BN_MASK2) |
| 294 | #define Hw(t) (((BN_ULONG)((t)>>BN_BITS2))&BN_MASK2) | 289 | #define Hw(t) (((BN_ULONG)((t)>>BN_BITS2))&BN_MASK2) |
| 295 | 290 | ||
| 296 | /* This is used for internal error checking and is not normally used */ | 291 | #ifdef BN_DEBUG_RAND |
| 297 | #ifdef BN_DEBUG | 292 | #define bn_clear_top2max(a) \ |
| 298 | # include <assert.h> | ||
| 299 | # define bn_check_top(a) assert ((a)->top >= 0 && (a)->top <= (a)->dmax); | ||
| 300 | #else | ||
| 301 | # define bn_check_top(a) | ||
| 302 | #endif | ||
| 303 | |||
| 304 | /* This macro is to add extra stuff for development checking */ | ||
| 305 | #ifdef BN_DEBUG | ||
| 306 | #define bn_set_max(r) ((r)->max=(r)->top,BN_set_flags((r),BN_FLG_STATIC_DATA)) | ||
| 307 | #else | ||
| 308 | #define bn_set_max(r) | ||
| 309 | #endif | ||
| 310 | |||
| 311 | /* These macros are used to 'take' a section of a bignum for read only use */ | ||
| 312 | #define bn_set_low(r,a,n) \ | ||
| 313 | { \ | ||
| 314 | (r)->top=((a)->top > (n))?(n):(a)->top; \ | ||
| 315 | (r)->d=(a)->d; \ | ||
| 316 | (r)->neg=(a)->neg; \ | ||
| 317 | (r)->flags|=BN_FLG_STATIC_DATA; \ | ||
| 318 | bn_set_max(r); \ | ||
| 319 | } | ||
| 320 | |||
| 321 | #define bn_set_high(r,a,n) \ | ||
| 322 | { \ | 293 | { \ |
| 323 | if ((a)->top > (n)) \ | 294 | int ind = (a)->dmax - (a)->top; \ |
| 324 | { \ | 295 | BN_ULONG *ftl = &(a)->d[(a)->top-1]; \ |
| 325 | (r)->top=(a)->top-n; \ | 296 | for (; ind != 0; ind--) \ |
| 326 | (r)->d= &((a)->d[n]); \ | 297 | *(++ftl) = 0x0; \ |
| 327 | } \ | ||
| 328 | else \ | ||
| 329 | (r)->top=0; \ | ||
| 330 | (r)->neg=(a)->neg; \ | ||
| 331 | (r)->flags|=BN_FLG_STATIC_DATA; \ | ||
| 332 | bn_set_max(r); \ | ||
| 333 | } | 298 | } |
| 299 | #else | ||
| 300 | #define bn_clear_top2max(a) | ||
| 301 | #endif | ||
| 334 | 302 | ||
| 335 | #ifdef BN_LLONG | 303 | #ifdef BN_LLONG |
| 336 | #define mul_add(r,a,w,c) { \ | 304 | #define mul_add(r,a,w,c) { \ |
| @@ -354,6 +322,33 @@ struct bignum_ctx | |||
| 354 | (r1)=Hw(t); \ | 322 | (r1)=Hw(t); \ |
| 355 | } | 323 | } |
| 356 | 324 | ||
| 325 | #elif defined(BN_UMULT_LOHI) | ||
| 326 | #define mul_add(r,a,w,c) { \ | ||
| 327 | BN_ULONG high,low,ret,tmp=(a); \ | ||
| 328 | ret = (r); \ | ||
| 329 | BN_UMULT_LOHI(low,high,w,tmp); \ | ||
| 330 | ret += (c); \ | ||
| 331 | (c) = (ret<(c))?1:0; \ | ||
| 332 | (c) += high; \ | ||
| 333 | ret += low; \ | ||
| 334 | (c) += (ret<low)?1:0; \ | ||
| 335 | (r) = ret; \ | ||
| 336 | } | ||
| 337 | |||
| 338 | #define mul(r,a,w,c) { \ | ||
| 339 | BN_ULONG high,low,ret,ta=(a); \ | ||
| 340 | BN_UMULT_LOHI(low,high,w,ta); \ | ||
| 341 | ret = low + (c); \ | ||
| 342 | (c) = high; \ | ||
| 343 | (c) += (ret<low)?1:0; \ | ||
| 344 | (r) = ret; \ | ||
| 345 | } | ||
| 346 | |||
| 347 | #define sqr(r0,r1,a) { \ | ||
| 348 | BN_ULONG tmp=(a); \ | ||
| 349 | BN_UMULT_LOHI(r0,r1,tmp,tmp); \ | ||
| 350 | } | ||
| 351 | |||
| 357 | #elif defined(BN_UMULT_HIGH) | 352 | #elif defined(BN_UMULT_HIGH) |
| 358 | #define mul_add(r,a,w,c) { \ | 353 | #define mul_add(r,a,w,c) { \ |
| 359 | BN_ULONG high,low,ret,tmp=(a); \ | 354 | BN_ULONG high,low,ret,tmp=(a); \ |
| @@ -472,18 +467,21 @@ void bn_sqr_comba4(BN_ULONG *r,const BN_ULONG *a); | |||
| 472 | int bn_cmp_words(const BN_ULONG *a,const BN_ULONG *b,int n); | 467 | int bn_cmp_words(const BN_ULONG *a,const BN_ULONG *b,int n); |
| 473 | int bn_cmp_part_words(const BN_ULONG *a, const BN_ULONG *b, | 468 | int bn_cmp_part_words(const BN_ULONG *a, const BN_ULONG *b, |
| 474 | int cl, int dl); | 469 | int cl, int dl); |
| 475 | #ifdef BN_RECURSION | 470 | void bn_mul_recursive(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b,int n2, |
| 476 | void bn_mul_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2, | 471 | int dna,int dnb,BN_ULONG *t); |
| 477 | BN_ULONG *t); | 472 | void bn_mul_part_recursive(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b, |
| 478 | void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int tn, | 473 | int n,int tna,int tnb,BN_ULONG *t); |
| 479 | int n, BN_ULONG *t); | 474 | void bn_sqr_recursive(BN_ULONG *r,const BN_ULONG *a, int n2, BN_ULONG *t); |
| 475 | void bn_mul_low_normal(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b, int n); | ||
| 480 | void bn_mul_low_recursive(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b,int n2, | 476 | void bn_mul_low_recursive(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b,int n2, |
| 481 | BN_ULONG *t); | 477 | BN_ULONG *t); |
| 482 | void bn_mul_high(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b,BN_ULONG *l,int n2, | 478 | void bn_mul_high(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b,BN_ULONG *l,int n2, |
| 483 | BN_ULONG *t); | 479 | BN_ULONG *t); |
| 484 | void bn_sqr_recursive(BN_ULONG *r,const BN_ULONG *a, int n2, BN_ULONG *t); | 480 | BN_ULONG bn_add_part_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b, |
| 485 | #endif | 481 | int cl, int dl); |
| 486 | void bn_mul_low_normal(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b, int n); | 482 | BN_ULONG bn_sub_part_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b, |
| 483 | int cl, int dl); | ||
| 484 | int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, const BN_ULONG *np,const BN_ULONG *n0, int num); | ||
| 487 | 485 | ||
| 488 | #ifdef __cplusplus | 486 | #ifdef __cplusplus |
| 489 | } | 487 | } |
diff --git a/src/lib/libssl/src/crypto/bn/bn_lib.c b/src/lib/libssl/src/crypto/bn/bn_lib.c index e1660450bc..2649b8c538 100644 --- a/src/lib/libssl/src/crypto/bn/bn_lib.c +++ b/src/lib/libssl/src/crypto/bn/bn_lib.c | |||
| @@ -67,8 +67,10 @@ | |||
| 67 | #include "cryptlib.h" | 67 | #include "cryptlib.h" |
| 68 | #include "bn_lcl.h" | 68 | #include "bn_lcl.h" |
| 69 | 69 | ||
| 70 | const char *BN_version="Big Number" OPENSSL_VERSION_PTEXT; | 70 | const char BN_version[]="Big Number" OPENSSL_VERSION_PTEXT; |
| 71 | 71 | ||
| 72 | /* This stuff appears to be completely unused, so is deprecated */ | ||
| 73 | #ifndef OPENSSL_NO_DEPRECATED | ||
| 72 | /* For a 32 bit machine | 74 | /* For a 32 bit machine |
| 73 | * 2 - 4 == 128 | 75 | * 2 - 4 == 128 |
| 74 | * 3 - 8 == 256 | 76 | * 3 - 8 == 256 |
| @@ -91,28 +93,28 @@ void BN_set_params(int mult, int high, int low, int mont) | |||
| 91 | { | 93 | { |
| 92 | if (mult >= 0) | 94 | if (mult >= 0) |
| 93 | { | 95 | { |
| 94 | if (mult > (sizeof(int)*8)-1) | 96 | if (mult > (int)(sizeof(int)*8)-1) |
| 95 | mult=sizeof(int)*8-1; | 97 | mult=sizeof(int)*8-1; |
| 96 | bn_limit_bits=mult; | 98 | bn_limit_bits=mult; |
| 97 | bn_limit_num=1<<mult; | 99 | bn_limit_num=1<<mult; |
| 98 | } | 100 | } |
| 99 | if (high >= 0) | 101 | if (high >= 0) |
| 100 | { | 102 | { |
| 101 | if (high > (sizeof(int)*8)-1) | 103 | if (high > (int)(sizeof(int)*8)-1) |
| 102 | high=sizeof(int)*8-1; | 104 | high=sizeof(int)*8-1; |
| 103 | bn_limit_bits_high=high; | 105 | bn_limit_bits_high=high; |
| 104 | bn_limit_num_high=1<<high; | 106 | bn_limit_num_high=1<<high; |
| 105 | } | 107 | } |
| 106 | if (low >= 0) | 108 | if (low >= 0) |
| 107 | { | 109 | { |
| 108 | if (low > (sizeof(int)*8)-1) | 110 | if (low > (int)(sizeof(int)*8)-1) |
| 109 | low=sizeof(int)*8-1; | 111 | low=sizeof(int)*8-1; |
| 110 | bn_limit_bits_low=low; | 112 | bn_limit_bits_low=low; |
| 111 | bn_limit_num_low=1<<low; | 113 | bn_limit_num_low=1<<low; |
| 112 | } | 114 | } |
| 113 | if (mont >= 0) | 115 | if (mont >= 0) |
| 114 | { | 116 | { |
| 115 | if (mont > (sizeof(int)*8)-1) | 117 | if (mont > (int)(sizeof(int)*8)-1) |
| 116 | mont=sizeof(int)*8-1; | 118 | mont=sizeof(int)*8-1; |
| 117 | bn_limit_bits_mont=mont; | 119 | bn_limit_bits_mont=mont; |
| 118 | bn_limit_num_mont=1<<mont; | 120 | bn_limit_num_mont=1<<mont; |
| @@ -127,11 +129,12 @@ int BN_get_params(int which) | |||
| 127 | else if (which == 3) return(bn_limit_bits_mont); | 129 | else if (which == 3) return(bn_limit_bits_mont); |
| 128 | else return(0); | 130 | else return(0); |
| 129 | } | 131 | } |
| 132 | #endif | ||
| 130 | 133 | ||
| 131 | const BIGNUM *BN_value_one(void) | 134 | const BIGNUM *BN_value_one(void) |
| 132 | { | 135 | { |
| 133 | static BN_ULONG data_one=1L; | 136 | static BN_ULONG data_one=1L; |
| 134 | static BIGNUM const_one={&data_one,1,1,0}; | 137 | static BIGNUM const_one={&data_one,1,1,0,BN_FLG_STATIC_DATA}; |
| 135 | 138 | ||
| 136 | return(&const_one); | 139 | return(&const_one); |
| 137 | } | 140 | } |
| @@ -244,16 +247,11 @@ int BN_num_bits_word(BN_ULONG l) | |||
| 244 | 247 | ||
| 245 | int BN_num_bits(const BIGNUM *a) | 248 | int BN_num_bits(const BIGNUM *a) |
| 246 | { | 249 | { |
| 247 | BN_ULONG l; | 250 | int i = a->top - 1; |
| 248 | int i; | ||
| 249 | |||
| 250 | bn_check_top(a); | 251 | bn_check_top(a); |
| 251 | 252 | ||
| 252 | if (a->top == 0) return(0); | 253 | if (BN_is_zero(a)) return 0; |
| 253 | l=a->d[a->top-1]; | 254 | return ((i*BN_BITS2) + BN_num_bits_word(a->d[i])); |
| 254 | assert(l != 0); | ||
| 255 | i=(a->top-1)*BN_BITS2; | ||
| 256 | return(i+BN_num_bits_word(l)); | ||
| 257 | } | 255 | } |
| 258 | 256 | ||
| 259 | void BN_clear_free(BIGNUM *a) | 257 | void BN_clear_free(BIGNUM *a) |
| @@ -261,6 +259,7 @@ void BN_clear_free(BIGNUM *a) | |||
| 261 | int i; | 259 | int i; |
| 262 | 260 | ||
| 263 | if (a == NULL) return; | 261 | if (a == NULL) return; |
| 262 | bn_check_top(a); | ||
| 264 | if (a->d != NULL) | 263 | if (a->d != NULL) |
| 265 | { | 264 | { |
| 266 | OPENSSL_cleanse(a->d,a->dmax*sizeof(a->d[0])); | 265 | OPENSSL_cleanse(a->d,a->dmax*sizeof(a->d[0])); |
| @@ -276,16 +275,24 @@ void BN_clear_free(BIGNUM *a) | |||
| 276 | void BN_free(BIGNUM *a) | 275 | void BN_free(BIGNUM *a) |
| 277 | { | 276 | { |
| 278 | if (a == NULL) return; | 277 | if (a == NULL) return; |
| 278 | bn_check_top(a); | ||
| 279 | if ((a->d != NULL) && !(BN_get_flags(a,BN_FLG_STATIC_DATA))) | 279 | if ((a->d != NULL) && !(BN_get_flags(a,BN_FLG_STATIC_DATA))) |
| 280 | OPENSSL_free(a->d); | 280 | OPENSSL_free(a->d); |
| 281 | a->flags|=BN_FLG_FREE; /* REMOVE? */ | ||
| 282 | if (a->flags & BN_FLG_MALLOCED) | 281 | if (a->flags & BN_FLG_MALLOCED) |
| 283 | OPENSSL_free(a); | 282 | OPENSSL_free(a); |
| 283 | else | ||
| 284 | { | ||
| 285 | #ifndef OPENSSL_NO_DEPRECATED | ||
| 286 | a->flags|=BN_FLG_FREE; | ||
| 287 | #endif | ||
| 288 | a->d = NULL; | ||
| 289 | } | ||
| 284 | } | 290 | } |
| 285 | 291 | ||
| 286 | void BN_init(BIGNUM *a) | 292 | void BN_init(BIGNUM *a) |
| 287 | { | 293 | { |
| 288 | memset(a,0,sizeof(BIGNUM)); | 294 | memset(a,0,sizeof(BIGNUM)); |
| 295 | bn_check_top(a); | ||
| 289 | } | 296 | } |
| 290 | 297 | ||
| 291 | BIGNUM *BN_new(void) | 298 | BIGNUM *BN_new(void) |
| @@ -302,6 +309,7 @@ BIGNUM *BN_new(void) | |||
| 302 | ret->neg=0; | 309 | ret->neg=0; |
| 303 | ret->dmax=0; | 310 | ret->dmax=0; |
| 304 | ret->d=NULL; | 311 | ret->d=NULL; |
| 312 | bn_check_top(ret); | ||
| 305 | return(ret); | 313 | return(ret); |
| 306 | } | 314 | } |
| 307 | 315 | ||
| @@ -313,19 +321,19 @@ static BN_ULONG *bn_expand_internal(const BIGNUM *b, int words) | |||
| 313 | const BN_ULONG *B; | 321 | const BN_ULONG *B; |
| 314 | int i; | 322 | int i; |
| 315 | 323 | ||
| 324 | bn_check_top(b); | ||
| 325 | |||
| 316 | if (words > (INT_MAX/(4*BN_BITS2))) | 326 | if (words > (INT_MAX/(4*BN_BITS2))) |
| 317 | { | 327 | { |
| 318 | BNerr(BN_F_BN_EXPAND_INTERNAL,BN_R_BIGNUM_TOO_LONG); | 328 | BNerr(BN_F_BN_EXPAND_INTERNAL,BN_R_BIGNUM_TOO_LONG); |
| 319 | return NULL; | 329 | return NULL; |
| 320 | } | 330 | } |
| 321 | |||
| 322 | bn_check_top(b); | ||
| 323 | if (BN_get_flags(b,BN_FLG_STATIC_DATA)) | 331 | if (BN_get_flags(b,BN_FLG_STATIC_DATA)) |
| 324 | { | 332 | { |
| 325 | BNerr(BN_F_BN_EXPAND_INTERNAL,BN_R_EXPAND_ON_STATIC_BIGNUM_DATA); | 333 | BNerr(BN_F_BN_EXPAND_INTERNAL,BN_R_EXPAND_ON_STATIC_BIGNUM_DATA); |
| 326 | return(NULL); | 334 | return(NULL); |
| 327 | } | 335 | } |
| 328 | a=A=(BN_ULONG *)OPENSSL_malloc(sizeof(BN_ULONG)*(words+1)); | 336 | a=A=(BN_ULONG *)OPENSSL_malloc(sizeof(BN_ULONG)*words); |
| 329 | if (A == NULL) | 337 | if (A == NULL) |
| 330 | { | 338 | { |
| 331 | BNerr(BN_F_BN_EXPAND_INTERNAL,ERR_R_MALLOC_FAILURE); | 339 | BNerr(BN_F_BN_EXPAND_INTERNAL,ERR_R_MALLOC_FAILURE); |
| @@ -363,19 +371,8 @@ static BN_ULONG *bn_expand_internal(const BIGNUM *b, int words) | |||
| 363 | } | 371 | } |
| 364 | } | 372 | } |
| 365 | 373 | ||
| 366 | /* Now need to zero any data between b->top and b->max */ | ||
| 367 | /* XXX Why? */ | ||
| 368 | |||
| 369 | A= &(a[b->top]); | ||
| 370 | for (i=(words - b->top)>>3; i>0; i--,A+=8) | ||
| 371 | { | ||
| 372 | A[0]=0; A[1]=0; A[2]=0; A[3]=0; | ||
| 373 | A[4]=0; A[5]=0; A[6]=0; A[7]=0; | ||
| 374 | } | ||
| 375 | for (i=(words - b->top)&7; i>0; i--,A++) | ||
| 376 | A[0]=0; | ||
| 377 | #else | 374 | #else |
| 378 | memset(A,0,sizeof(BN_ULONG)*(words+1)); | 375 | memset(A,0,sizeof(BN_ULONG)*words); |
| 379 | memcpy(A,b->d,sizeof(b->d[0])*b->top); | 376 | memcpy(A,b->d,sizeof(b->d[0])*b->top); |
| 380 | #endif | 377 | #endif |
| 381 | 378 | ||
| @@ -393,16 +390,19 @@ static BN_ULONG *bn_expand_internal(const BIGNUM *b, int words) | |||
| 393 | * while bn_dup_expand() makes sure allocation is made only once. | 390 | * while bn_dup_expand() makes sure allocation is made only once. |
| 394 | */ | 391 | */ |
| 395 | 392 | ||
| 393 | #ifndef OPENSSL_NO_DEPRECATED | ||
| 396 | BIGNUM *bn_dup_expand(const BIGNUM *b, int words) | 394 | BIGNUM *bn_dup_expand(const BIGNUM *b, int words) |
| 397 | { | 395 | { |
| 398 | BIGNUM *r = NULL; | 396 | BIGNUM *r = NULL; |
| 399 | 397 | ||
| 398 | bn_check_top(b); | ||
| 399 | |||
| 400 | /* This function does not work if | 400 | /* This function does not work if |
| 401 | * words <= b->dmax && top < words | 401 | * words <= b->dmax && top < words |
| 402 | * because BN_dup() does not preserve 'dmax'! | 402 | * because BN_dup() does not preserve 'dmax'! |
| 403 | * (But bn_dup_expand() is not used anywhere yet.) | 403 | * (But bn_dup_expand() is not used anywhere yet.) |
| 404 | */ | 404 | */ |
| 405 | 405 | ||
| 406 | if (words > b->dmax) | 406 | if (words > b->dmax) |
| 407 | { | 407 | { |
| 408 | BN_ULONG *a = bn_expand_internal(b, words); | 408 | BN_ULONG *a = bn_expand_internal(b, words); |
| @@ -431,48 +431,67 @@ BIGNUM *bn_dup_expand(const BIGNUM *b, int words) | |||
| 431 | r = BN_dup(b); | 431 | r = BN_dup(b); |
| 432 | } | 432 | } |
| 433 | 433 | ||
| 434 | bn_check_top(r); | ||
| 434 | return r; | 435 | return r; |
| 435 | } | 436 | } |
| 437 | #endif | ||
| 436 | 438 | ||
| 437 | /* This is an internal function that should not be used in applications. | 439 | /* This is an internal function that should not be used in applications. |
| 438 | * It ensures that 'b' has enough room for a 'words' word number number. | 440 | * It ensures that 'b' has enough room for a 'words' word number |
| 441 | * and initialises any unused part of b->d with leading zeros. | ||
| 439 | * It is mostly used by the various BIGNUM routines. If there is an error, | 442 | * It is mostly used by the various BIGNUM routines. If there is an error, |
| 440 | * NULL is returned. If not, 'b' is returned. */ | 443 | * NULL is returned. If not, 'b' is returned. */ |
| 441 | 444 | ||
| 442 | BIGNUM *bn_expand2(BIGNUM *b, int words) | 445 | BIGNUM *bn_expand2(BIGNUM *b, int words) |
| 443 | { | 446 | { |
| 447 | bn_check_top(b); | ||
| 448 | |||
| 444 | if (words > b->dmax) | 449 | if (words > b->dmax) |
| 445 | { | 450 | { |
| 446 | BN_ULONG *a = bn_expand_internal(b, words); | 451 | BN_ULONG *a = bn_expand_internal(b, words); |
| 452 | if(!a) return NULL; | ||
| 453 | if(b->d) OPENSSL_free(b->d); | ||
| 454 | b->d=a; | ||
| 455 | b->dmax=words; | ||
| 456 | } | ||
| 447 | 457 | ||
| 448 | if (a) | 458 | /* None of this should be necessary because of what b->top means! */ |
| 459 | #if 0 | ||
| 460 | /* NB: bn_wexpand() calls this only if the BIGNUM really has to grow */ | ||
| 461 | if (b->top < b->dmax) | ||
| 462 | { | ||
| 463 | int i; | ||
| 464 | BN_ULONG *A = &(b->d[b->top]); | ||
| 465 | for (i=(b->dmax - b->top)>>3; i>0; i--,A+=8) | ||
| 449 | { | 466 | { |
| 450 | if (b->d) | 467 | A[0]=0; A[1]=0; A[2]=0; A[3]=0; |
| 451 | OPENSSL_free(b->d); | 468 | A[4]=0; A[5]=0; A[6]=0; A[7]=0; |
| 452 | b->d=a; | ||
| 453 | b->dmax=words; | ||
| 454 | } | 469 | } |
| 455 | else | 470 | for (i=(b->dmax - b->top)&7; i>0; i--,A++) |
| 456 | b = NULL; | 471 | A[0]=0; |
| 472 | assert(A == &(b->d[b->dmax])); | ||
| 457 | } | 473 | } |
| 474 | #endif | ||
| 475 | bn_check_top(b); | ||
| 458 | return b; | 476 | return b; |
| 459 | } | 477 | } |
| 460 | 478 | ||
| 461 | BIGNUM *BN_dup(const BIGNUM *a) | 479 | BIGNUM *BN_dup(const BIGNUM *a) |
| 462 | { | 480 | { |
| 463 | BIGNUM *r, *t; | 481 | BIGNUM *t; |
| 464 | 482 | ||
| 465 | if (a == NULL) return NULL; | 483 | if (a == NULL) return NULL; |
| 466 | |||
| 467 | bn_check_top(a); | 484 | bn_check_top(a); |
| 468 | 485 | ||
| 469 | t = BN_new(); | 486 | t = BN_new(); |
| 470 | if (t == NULL) return(NULL); | 487 | if (t == NULL) return NULL; |
| 471 | r = BN_copy(t, a); | 488 | if(!BN_copy(t, a)) |
| 472 | /* now r == t || r == NULL */ | 489 | { |
| 473 | if (r == NULL) | ||
| 474 | BN_free(t); | 490 | BN_free(t); |
| 475 | return r; | 491 | return NULL; |
| 492 | } | ||
| 493 | bn_check_top(t); | ||
| 494 | return t; | ||
| 476 | } | 495 | } |
| 477 | 496 | ||
| 478 | BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b) | 497 | BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b) |
| @@ -506,11 +525,9 @@ BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b) | |||
| 506 | memcpy(a->d,b->d,sizeof(b->d[0])*b->top); | 525 | memcpy(a->d,b->d,sizeof(b->d[0])*b->top); |
| 507 | #endif | 526 | #endif |
| 508 | 527 | ||
| 509 | /* memset(&(a->d[b->top]),0,sizeof(a->d[0])*(a->max-b->top));*/ | ||
| 510 | a->top=b->top; | 528 | a->top=b->top; |
| 511 | if ((a->top == 0) && (a->d != NULL)) | ||
| 512 | a->d[0]=0; | ||
| 513 | a->neg=b->neg; | 529 | a->neg=b->neg; |
| 530 | bn_check_top(a); | ||
| 514 | return(a); | 531 | return(a); |
| 515 | } | 532 | } |
| 516 | 533 | ||
| @@ -520,6 +537,9 @@ void BN_swap(BIGNUM *a, BIGNUM *b) | |||
| 520 | BN_ULONG *tmp_d; | 537 | BN_ULONG *tmp_d; |
| 521 | int tmp_top, tmp_dmax, tmp_neg; | 538 | int tmp_top, tmp_dmax, tmp_neg; |
| 522 | 539 | ||
| 540 | bn_check_top(a); | ||
| 541 | bn_check_top(b); | ||
| 542 | |||
| 523 | flags_old_a = a->flags; | 543 | flags_old_a = a->flags; |
| 524 | flags_old_b = b->flags; | 544 | flags_old_b = b->flags; |
| 525 | 545 | ||
| @@ -540,11 +560,13 @@ void BN_swap(BIGNUM *a, BIGNUM *b) | |||
| 540 | 560 | ||
| 541 | a->flags = (flags_old_a & BN_FLG_MALLOCED) | (flags_old_b & BN_FLG_STATIC_DATA); | 561 | a->flags = (flags_old_a & BN_FLG_MALLOCED) | (flags_old_b & BN_FLG_STATIC_DATA); |
| 542 | b->flags = (flags_old_b & BN_FLG_MALLOCED) | (flags_old_a & BN_FLG_STATIC_DATA); | 562 | b->flags = (flags_old_b & BN_FLG_MALLOCED) | (flags_old_a & BN_FLG_STATIC_DATA); |
| 563 | bn_check_top(a); | ||
| 564 | bn_check_top(b); | ||
| 543 | } | 565 | } |
| 544 | 566 | ||
| 545 | |||
| 546 | void BN_clear(BIGNUM *a) | 567 | void BN_clear(BIGNUM *a) |
| 547 | { | 568 | { |
| 569 | bn_check_top(a); | ||
| 548 | if (a->d != NULL) | 570 | if (a->d != NULL) |
| 549 | memset(a->d,0,a->dmax*sizeof(a->d[0])); | 571 | memset(a->d,0,a->dmax*sizeof(a->d[0])); |
| 550 | a->top=0; | 572 | a->top=0; |
| @@ -553,49 +575,22 @@ void BN_clear(BIGNUM *a) | |||
| 553 | 575 | ||
| 554 | BN_ULONG BN_get_word(const BIGNUM *a) | 576 | BN_ULONG BN_get_word(const BIGNUM *a) |
| 555 | { | 577 | { |
| 556 | int i,n; | 578 | if (a->top > 1) |
| 557 | BN_ULONG ret=0; | 579 | return BN_MASK2; |
| 558 | 580 | else if (a->top == 1) | |
| 559 | n=BN_num_bytes(a); | 581 | return a->d[0]; |
| 560 | if (n > sizeof(BN_ULONG)) | 582 | /* a->top == 0 */ |
| 561 | return(BN_MASK2); | 583 | return 0; |
| 562 | for (i=a->top-1; i>=0; i--) | ||
| 563 | { | ||
| 564 | #ifndef SIXTY_FOUR_BIT /* the data item > unsigned long */ | ||
| 565 | ret<<=BN_BITS4; /* stops the compiler complaining */ | ||
| 566 | ret<<=BN_BITS4; | ||
| 567 | #else | ||
| 568 | ret=0; | ||
| 569 | #endif | ||
| 570 | ret|=a->d[i]; | ||
| 571 | } | ||
| 572 | return(ret); | ||
| 573 | } | 584 | } |
| 574 | 585 | ||
| 575 | int BN_set_word(BIGNUM *a, BN_ULONG w) | 586 | int BN_set_word(BIGNUM *a, BN_ULONG w) |
| 576 | { | 587 | { |
| 577 | int i,n; | 588 | bn_check_top(a); |
| 578 | if (bn_expand(a,sizeof(BN_ULONG)*8) == NULL) return(0); | 589 | if (bn_expand(a,(int)sizeof(BN_ULONG)*8) == NULL) return(0); |
| 579 | 590 | a->neg = 0; | |
| 580 | n=sizeof(BN_ULONG)/BN_BYTES; | 591 | a->d[0] = w; |
| 581 | a->neg=0; | 592 | a->top = (w ? 1 : 0); |
| 582 | a->top=0; | 593 | bn_check_top(a); |
| 583 | a->d[0]=(BN_ULONG)w&BN_MASK2; | ||
| 584 | if (a->d[0] != 0) a->top=1; | ||
| 585 | for (i=1; i<n; i++) | ||
| 586 | { | ||
| 587 | /* the following is done instead of | ||
| 588 | * w>>=BN_BITS2 so compilers don't complain | ||
| 589 | * on builds where sizeof(long) == BN_TYPES */ | ||
| 590 | #ifndef SIXTY_FOUR_BIT /* the data item > unsigned long */ | ||
| 591 | w>>=BN_BITS4; | ||
| 592 | w>>=BN_BITS4; | ||
| 593 | #else | ||
| 594 | w=0; | ||
| 595 | #endif | ||
| 596 | a->d[i]=(BN_ULONG)w&BN_MASK2; | ||
| 597 | if (a->d[i] != 0) a->top=i+1; | ||
| 598 | } | ||
| 599 | return(1); | 594 | return(1); |
| 600 | } | 595 | } |
| 601 | 596 | ||
| @@ -604,9 +599,12 @@ BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret) | |||
| 604 | unsigned int i,m; | 599 | unsigned int i,m; |
| 605 | unsigned int n; | 600 | unsigned int n; |
| 606 | BN_ULONG l; | 601 | BN_ULONG l; |
| 602 | BIGNUM *bn = NULL; | ||
| 607 | 603 | ||
| 608 | if (ret == NULL) ret=BN_new(); | 604 | if (ret == NULL) |
| 605 | ret = bn = BN_new(); | ||
| 609 | if (ret == NULL) return(NULL); | 606 | if (ret == NULL) return(NULL); |
| 607 | bn_check_top(ret); | ||
| 610 | l=0; | 608 | l=0; |
| 611 | n=len; | 609 | n=len; |
| 612 | if (n == 0) | 610 | if (n == 0) |
| @@ -614,13 +612,16 @@ BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret) | |||
| 614 | ret->top=0; | 612 | ret->top=0; |
| 615 | return(ret); | 613 | return(ret); |
| 616 | } | 614 | } |
| 617 | if (bn_expand(ret,(int)(n+2)*8) == NULL) | ||
| 618 | return(NULL); | ||
| 619 | i=((n-1)/BN_BYTES)+1; | 615 | i=((n-1)/BN_BYTES)+1; |
| 620 | m=((n-1)%(BN_BYTES)); | 616 | m=((n-1)%(BN_BYTES)); |
| 617 | if (bn_wexpand(ret, (int)i) == NULL) | ||
| 618 | { | ||
| 619 | if (bn) BN_free(bn); | ||
| 620 | return NULL; | ||
| 621 | } | ||
| 621 | ret->top=i; | 622 | ret->top=i; |
| 622 | ret->neg=0; | 623 | ret->neg=0; |
| 623 | while (n-- > 0) | 624 | while (n--) |
| 624 | { | 625 | { |
| 625 | l=(l<<8L)| *(s++); | 626 | l=(l<<8L)| *(s++); |
| 626 | if (m-- == 0) | 627 | if (m-- == 0) |
| @@ -632,7 +633,7 @@ BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret) | |||
| 632 | } | 633 | } |
| 633 | /* need to call this due to clear byte at top if avoiding | 634 | /* need to call this due to clear byte at top if avoiding |
| 634 | * having the top bit set (-ve number) */ | 635 | * having the top bit set (-ve number) */ |
| 635 | bn_fix_top(ret); | 636 | bn_correct_top(ret); |
| 636 | return(ret); | 637 | return(ret); |
| 637 | } | 638 | } |
| 638 | 639 | ||
| @@ -642,8 +643,9 @@ int BN_bn2bin(const BIGNUM *a, unsigned char *to) | |||
| 642 | int n,i; | 643 | int n,i; |
| 643 | BN_ULONG l; | 644 | BN_ULONG l; |
| 644 | 645 | ||
| 646 | bn_check_top(a); | ||
| 645 | n=i=BN_num_bytes(a); | 647 | n=i=BN_num_bytes(a); |
| 646 | while (i-- > 0) | 648 | while (i--) |
| 647 | { | 649 | { |
| 648 | l=a->d[i/BN_BYTES]; | 650 | l=a->d[i/BN_BYTES]; |
| 649 | *(to++)=(unsigned char)(l>>(8*(i%BN_BYTES)))&0xff; | 651 | *(to++)=(unsigned char)(l>>(8*(i%BN_BYTES)))&0xff; |
| @@ -668,7 +670,7 @@ int BN_ucmp(const BIGNUM *a, const BIGNUM *b) | |||
| 668 | t1= ap[i]; | 670 | t1= ap[i]; |
| 669 | t2= bp[i]; | 671 | t2= bp[i]; |
| 670 | if (t1 != t2) | 672 | if (t1 != t2) |
| 671 | return(t1 > t2?1:-1); | 673 | return((t1 > t2) ? 1 : -1); |
| 672 | } | 674 | } |
| 673 | return(0); | 675 | return(0); |
| 674 | } | 676 | } |
| @@ -718,6 +720,9 @@ int BN_set_bit(BIGNUM *a, int n) | |||
| 718 | { | 720 | { |
| 719 | int i,j,k; | 721 | int i,j,k; |
| 720 | 722 | ||
| 723 | if (n < 0) | ||
| 724 | return 0; | ||
| 725 | |||
| 721 | i=n/BN_BITS2; | 726 | i=n/BN_BITS2; |
| 722 | j=n%BN_BITS2; | 727 | j=n%BN_BITS2; |
| 723 | if (a->top <= i) | 728 | if (a->top <= i) |
| @@ -729,6 +734,7 @@ int BN_set_bit(BIGNUM *a, int n) | |||
| 729 | } | 734 | } |
| 730 | 735 | ||
| 731 | a->d[i]|=(((BN_ULONG)1)<<j); | 736 | a->d[i]|=(((BN_ULONG)1)<<j); |
| 737 | bn_check_top(a); | ||
| 732 | return(1); | 738 | return(1); |
| 733 | } | 739 | } |
| 734 | 740 | ||
| @@ -736,12 +742,15 @@ int BN_clear_bit(BIGNUM *a, int n) | |||
| 736 | { | 742 | { |
| 737 | int i,j; | 743 | int i,j; |
| 738 | 744 | ||
| 745 | bn_check_top(a); | ||
| 746 | if (n < 0) return 0; | ||
| 747 | |||
| 739 | i=n/BN_BITS2; | 748 | i=n/BN_BITS2; |
| 740 | j=n%BN_BITS2; | 749 | j=n%BN_BITS2; |
| 741 | if (a->top <= i) return(0); | 750 | if (a->top <= i) return(0); |
| 742 | 751 | ||
| 743 | a->d[i]&=(~(((BN_ULONG)1)<<j)); | 752 | a->d[i]&=(~(((BN_ULONG)1)<<j)); |
| 744 | bn_fix_top(a); | 753 | bn_correct_top(a); |
| 745 | return(1); | 754 | return(1); |
| 746 | } | 755 | } |
| 747 | 756 | ||
| @@ -749,20 +758,24 @@ int BN_is_bit_set(const BIGNUM *a, int n) | |||
| 749 | { | 758 | { |
| 750 | int i,j; | 759 | int i,j; |
| 751 | 760 | ||
| 752 | if (n < 0) return(0); | 761 | bn_check_top(a); |
| 762 | if (n < 0) return 0; | ||
| 753 | i=n/BN_BITS2; | 763 | i=n/BN_BITS2; |
| 754 | j=n%BN_BITS2; | 764 | j=n%BN_BITS2; |
| 755 | if (a->top <= i) return(0); | 765 | if (a->top <= i) return 0; |
| 756 | return((a->d[i]&(((BN_ULONG)1)<<j))?1:0); | 766 | return(((a->d[i])>>j)&((BN_ULONG)1)); |
| 757 | } | 767 | } |
| 758 | 768 | ||
| 759 | int BN_mask_bits(BIGNUM *a, int n) | 769 | int BN_mask_bits(BIGNUM *a, int n) |
| 760 | { | 770 | { |
| 761 | int b,w; | 771 | int b,w; |
| 762 | 772 | ||
| 773 | bn_check_top(a); | ||
| 774 | if (n < 0) return 0; | ||
| 775 | |||
| 763 | w=n/BN_BITS2; | 776 | w=n/BN_BITS2; |
| 764 | b=n%BN_BITS2; | 777 | b=n%BN_BITS2; |
| 765 | if (w >= a->top) return(0); | 778 | if (w >= a->top) return 0; |
| 766 | if (b == 0) | 779 | if (b == 0) |
| 767 | a->top=w; | 780 | a->top=w; |
| 768 | else | 781 | else |
| @@ -770,10 +783,18 @@ int BN_mask_bits(BIGNUM *a, int n) | |||
| 770 | a->top=w+1; | 783 | a->top=w+1; |
| 771 | a->d[w]&= ~(BN_MASK2<<b); | 784 | a->d[w]&= ~(BN_MASK2<<b); |
| 772 | } | 785 | } |
| 773 | bn_fix_top(a); | 786 | bn_correct_top(a); |
| 774 | return(1); | 787 | return(1); |
| 775 | } | 788 | } |
| 776 | 789 | ||
| 790 | void BN_set_negative(BIGNUM *a, int b) | ||
| 791 | { | ||
| 792 | if (b && !BN_is_zero(a)) | ||
| 793 | a->neg = 1; | ||
| 794 | else | ||
| 795 | a->neg = 0; | ||
| 796 | } | ||
| 797 | |||
| 777 | int bn_cmp_words(const BN_ULONG *a, const BN_ULONG *b, int n) | 798 | int bn_cmp_words(const BN_ULONG *a, const BN_ULONG *b, int n) |
| 778 | { | 799 | { |
| 779 | int i; | 800 | int i; |
diff --git a/src/lib/libssl/src/crypto/bn/bn_mod.c b/src/lib/libssl/src/crypto/bn/bn_mod.c index 5cf82480d7..77d6ddb91a 100644 --- a/src/lib/libssl/src/crypto/bn/bn_mod.c +++ b/src/lib/libssl/src/crypto/bn/bn_mod.c | |||
| @@ -149,7 +149,7 @@ int BN_mod_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, BN_ | |||
| 149 | * and less than m */ | 149 | * and less than m */ |
| 150 | int BN_mod_add_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m) | 150 | int BN_mod_add_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m) |
| 151 | { | 151 | { |
| 152 | if (!BN_add(r, a, b)) return 0; | 152 | if (!BN_uadd(r, a, b)) return 0; |
| 153 | if (BN_ucmp(r, m) >= 0) | 153 | if (BN_ucmp(r, m) >= 0) |
| 154 | return BN_usub(r, r, m); | 154 | return BN_usub(r, r, m); |
| 155 | return 1; | 155 | return 1; |
| @@ -192,6 +192,7 @@ int BN_mod_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, | |||
| 192 | else | 192 | else |
| 193 | { if (!BN_mul(t,a,b,ctx)) goto err; } | 193 | { if (!BN_mul(t,a,b,ctx)) goto err; } |
| 194 | if (!BN_nnmod(r,t,m,ctx)) goto err; | 194 | if (!BN_nnmod(r,t,m,ctx)) goto err; |
| 195 | bn_check_top(r); | ||
| 195 | ret=1; | 196 | ret=1; |
| 196 | err: | 197 | err: |
| 197 | BN_CTX_end(ctx); | 198 | BN_CTX_end(ctx); |
| @@ -210,6 +211,7 @@ int BN_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx) | |||
| 210 | int BN_mod_lshift1(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx) | 211 | int BN_mod_lshift1(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx) |
| 211 | { | 212 | { |
| 212 | if (!BN_lshift1(r, a)) return 0; | 213 | if (!BN_lshift1(r, a)) return 0; |
| 214 | bn_check_top(r); | ||
| 213 | return BN_nnmod(r, r, m, ctx); | 215 | return BN_nnmod(r, r, m, ctx); |
| 214 | } | 216 | } |
| 215 | 217 | ||
| @@ -219,6 +221,7 @@ int BN_mod_lshift1(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx) | |||
| 219 | int BN_mod_lshift1_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *m) | 221 | int BN_mod_lshift1_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *m) |
| 220 | { | 222 | { |
| 221 | if (!BN_lshift1(r, a)) return 0; | 223 | if (!BN_lshift1(r, a)) return 0; |
| 224 | bn_check_top(r); | ||
| 222 | if (BN_cmp(r, m) >= 0) | 225 | if (BN_cmp(r, m) >= 0) |
| 223 | return BN_sub(r, r, m); | 226 | return BN_sub(r, r, m); |
| 224 | return 1; | 227 | return 1; |
| @@ -240,6 +243,7 @@ int BN_mod_lshift(BIGNUM *r, const BIGNUM *a, int n, const BIGNUM *m, BN_CTX *ct | |||
| 240 | } | 243 | } |
| 241 | 244 | ||
| 242 | ret = BN_mod_lshift_quick(r, r, n, (abs_m ? abs_m : m)); | 245 | ret = BN_mod_lshift_quick(r, r, n, (abs_m ? abs_m : m)); |
| 246 | bn_check_top(r); | ||
| 243 | 247 | ||
| 244 | if (abs_m) | 248 | if (abs_m) |
| 245 | BN_free(abs_m); | 249 | BN_free(abs_m); |
| @@ -291,6 +295,7 @@ int BN_mod_lshift_quick(BIGNUM *r, const BIGNUM *a, int n, const BIGNUM *m) | |||
| 291 | if (!BN_sub(r, r, m)) return 0; | 295 | if (!BN_sub(r, r, m)) return 0; |
| 292 | } | 296 | } |
| 293 | } | 297 | } |
| 298 | bn_check_top(r); | ||
| 294 | 299 | ||
| 295 | return 1; | 300 | return 1; |
| 296 | } | 301 | } |
diff --git a/src/lib/libssl/src/crypto/bn/bn_mont.c b/src/lib/libssl/src/crypto/bn/bn_mont.c index 726d5f2b1b..4799b152dd 100644 --- a/src/lib/libssl/src/crypto/bn/bn_mont.c +++ b/src/lib/libssl/src/crypto/bn/bn_mont.c | |||
| @@ -55,6 +55,59 @@ | |||
| 55 | * copied and put under another distribution licence | 55 | * copied and put under another distribution licence |
| 56 | * [including the GNU Public Licence.] | 56 | * [including the GNU Public Licence.] |
| 57 | */ | 57 | */ |
| 58 | /* ==================================================================== | ||
| 59 | * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. | ||
| 60 | * | ||
| 61 | * Redistribution and use in source and binary forms, with or without | ||
| 62 | * modification, are permitted provided that the following conditions | ||
| 63 | * are met: | ||
| 64 | * | ||
| 65 | * 1. Redistributions of source code must retain the above copyright | ||
| 66 | * notice, this list of conditions and the following disclaimer. | ||
| 67 | * | ||
| 68 | * 2. Redistributions in binary form must reproduce the above copyright | ||
| 69 | * notice, this list of conditions and the following disclaimer in | ||
| 70 | * the documentation and/or other materials provided with the | ||
| 71 | * distribution. | ||
| 72 | * | ||
| 73 | * 3. All advertising materials mentioning features or use of this | ||
| 74 | * software must display the following acknowledgment: | ||
| 75 | * "This product includes software developed by the OpenSSL Project | ||
| 76 | * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" | ||
| 77 | * | ||
| 78 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | ||
| 79 | * endorse or promote products derived from this software without | ||
| 80 | * prior written permission. For written permission, please contact | ||
| 81 | * openssl-core@openssl.org. | ||
| 82 | * | ||
| 83 | * 5. Products derived from this software may not be called "OpenSSL" | ||
| 84 | * nor may "OpenSSL" appear in their names without prior written | ||
| 85 | * permission of the OpenSSL Project. | ||
| 86 | * | ||
| 87 | * 6. Redistributions of any form whatsoever must retain the following | ||
| 88 | * acknowledgment: | ||
| 89 | * "This product includes software developed by the OpenSSL Project | ||
| 90 | * for use in the OpenSSL Toolkit (http://www.openssl.org/)" | ||
| 91 | * | ||
| 92 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | ||
| 93 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
| 94 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | ||
| 95 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | ||
| 96 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | ||
| 97 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
| 98 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | ||
| 99 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
| 100 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | ||
| 101 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | ||
| 102 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | ||
| 103 | * OF THE POSSIBILITY OF SUCH DAMAGE. | ||
| 104 | * ==================================================================== | ||
| 105 | * | ||
| 106 | * This product includes cryptographic software written by Eric Young | ||
| 107 | * (eay@cryptsoft.com). This product includes software written by Tim | ||
| 108 | * Hudson (tjh@cryptsoft.com). | ||
| 109 | * | ||
| 110 | */ | ||
| 58 | 111 | ||
| 59 | /* | 112 | /* |
| 60 | * Details about Montgomery multiplication algorithms can be found at | 113 | * Details about Montgomery multiplication algorithms can be found at |
| @@ -69,11 +122,50 @@ | |||
| 69 | 122 | ||
| 70 | #define MONT_WORD /* use the faster word-based algorithm */ | 123 | #define MONT_WORD /* use the faster word-based algorithm */ |
| 71 | 124 | ||
| 125 | #if defined(MONT_WORD) && defined(OPENSSL_BN_ASM_MONT) && (BN_BITS2<=32) | ||
| 126 | /* This condition means we have a specific non-default build: | ||
| 127 | * In the 0.9.8 branch, OPENSSL_BN_ASM_MONT is normally not set for any | ||
| 128 | * BN_BITS2<=32 platform; an explicit "enable-montasm" is required. | ||
| 129 | * I.e., if we are here, the user intentionally deviates from the | ||
| 130 | * normal stable build to get better Montgomery performance from | ||
| 131 | * the 0.9.9-dev backport. | ||
| 132 | * | ||
| 133 | * In this case only, we also enable BN_from_montgomery_word() | ||
| 134 | * (another non-stable feature from 0.9.9-dev). | ||
| 135 | */ | ||
| 136 | #define MONT_FROM_WORD___NON_DEFAULT_0_9_8_BUILD | ||
| 137 | #endif | ||
| 138 | |||
| 139 | #ifdef MONT_FROM_WORD___NON_DEFAULT_0_9_8_BUILD | ||
| 140 | static int BN_from_montgomery_word(BIGNUM *ret, BIGNUM *r, BN_MONT_CTX *mont); | ||
| 141 | #endif | ||
| 142 | |||
| 143 | |||
| 144 | |||
| 72 | int BN_mod_mul_montgomery(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, | 145 | int BN_mod_mul_montgomery(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, |
| 73 | BN_MONT_CTX *mont, BN_CTX *ctx) | 146 | BN_MONT_CTX *mont, BN_CTX *ctx) |
| 74 | { | 147 | { |
| 75 | BIGNUM *tmp; | 148 | BIGNUM *tmp; |
| 76 | int ret=0; | 149 | int ret=0; |
| 150 | #if defined(OPENSSL_BN_ASM_MONT) && defined(MONT_WORD) | ||
| 151 | int num = mont->N.top; | ||
| 152 | |||
| 153 | if (num>1 && a->top==num && b->top==num) | ||
| 154 | { | ||
| 155 | if (bn_wexpand(r,num) == NULL) return(0); | ||
| 156 | #if 0 /* for OpenSSL 0.9.9 mont->n0 */ | ||
| 157 | if (bn_mul_mont(r->d,a->d,b->d,mont->N.d,mont->n0,num)) | ||
| 158 | #else | ||
| 159 | if (bn_mul_mont(r->d,a->d,b->d,mont->N.d,&mont->n0,num)) | ||
| 160 | #endif | ||
| 161 | { | ||
| 162 | r->neg = a->neg^b->neg; | ||
| 163 | r->top = num; | ||
| 164 | bn_correct_top(r); | ||
| 165 | return(1); | ||
| 166 | } | ||
| 167 | } | ||
| 168 | #endif | ||
| 77 | 169 | ||
| 78 | BN_CTX_start(ctx); | 170 | BN_CTX_start(ctx); |
| 79 | tmp = BN_CTX_get(ctx); | 171 | tmp = BN_CTX_get(ctx); |
| @@ -89,13 +181,162 @@ int BN_mod_mul_montgomery(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, | |||
| 89 | if (!BN_mul(tmp,a,b,ctx)) goto err; | 181 | if (!BN_mul(tmp,a,b,ctx)) goto err; |
| 90 | } | 182 | } |
| 91 | /* reduce from aRR to aR */ | 183 | /* reduce from aRR to aR */ |
| 184 | #ifdef MONT_FROM_WORD___NON_DEFAULT_0_9_8_BUILD | ||
| 185 | if (!BN_from_montgomery_word(r,tmp,mont)) goto err; | ||
| 186 | #else | ||
| 92 | if (!BN_from_montgomery(r,tmp,mont,ctx)) goto err; | 187 | if (!BN_from_montgomery(r,tmp,mont,ctx)) goto err; |
| 188 | #endif | ||
| 189 | bn_check_top(r); | ||
| 93 | ret=1; | 190 | ret=1; |
| 94 | err: | 191 | err: |
| 95 | BN_CTX_end(ctx); | 192 | BN_CTX_end(ctx); |
| 96 | return(ret); | 193 | return(ret); |
| 97 | } | 194 | } |
| 98 | 195 | ||
| 196 | #ifdef MONT_FROM_WORD___NON_DEFAULT_0_9_8_BUILD | ||
| 197 | static int BN_from_montgomery_word(BIGNUM *ret, BIGNUM *r, BN_MONT_CTX *mont) | ||
| 198 | { | ||
| 199 | BIGNUM *n; | ||
| 200 | BN_ULONG *ap,*np,*rp,n0,v,*nrp; | ||
| 201 | int al,nl,max,i,x,ri; | ||
| 202 | |||
| 203 | n= &(mont->N); | ||
| 204 | /* mont->ri is the size of mont->N in bits (rounded up | ||
| 205 | to the word size) */ | ||
| 206 | al=ri=mont->ri/BN_BITS2; | ||
| 207 | |||
| 208 | nl=n->top; | ||
| 209 | if ((al == 0) || (nl == 0)) { ret->top=0; return(1); } | ||
| 210 | |||
| 211 | max=(nl+al+1); /* allow for overflow (no?) XXX */ | ||
| 212 | if (bn_wexpand(r,max) == NULL) return(0); | ||
| 213 | |||
| 214 | r->neg^=n->neg; | ||
| 215 | np=n->d; | ||
| 216 | rp=r->d; | ||
| 217 | nrp= &(r->d[nl]); | ||
| 218 | |||
| 219 | /* clear the top words of T */ | ||
| 220 | for (i=r->top; i<max; i++) /* memset? XXX */ | ||
| 221 | r->d[i]=0; | ||
| 222 | |||
| 223 | r->top=max; | ||
| 224 | #if 0 /* for OpenSSL 0.9.9 mont->n0 */ | ||
| 225 | n0=mont->n0[0]; | ||
| 226 | #else | ||
| 227 | n0=mont->n0; | ||
| 228 | #endif | ||
| 229 | |||
| 230 | #ifdef BN_COUNT | ||
| 231 | fprintf(stderr,"word BN_from_montgomery_word %d * %d\n",nl,nl); | ||
| 232 | #endif | ||
| 233 | for (i=0; i<nl; i++) | ||
| 234 | { | ||
| 235 | #ifdef __TANDEM | ||
| 236 | { | ||
| 237 | long long t1; | ||
| 238 | long long t2; | ||
| 239 | long long t3; | ||
| 240 | t1 = rp[0] * (n0 & 0177777); | ||
| 241 | t2 = 037777600000l; | ||
| 242 | t2 = n0 & t2; | ||
| 243 | t3 = rp[0] & 0177777; | ||
| 244 | t2 = (t3 * t2) & BN_MASK2; | ||
| 245 | t1 = t1 + t2; | ||
| 246 | v=bn_mul_add_words(rp,np,nl,(BN_ULONG) t1); | ||
| 247 | } | ||
| 248 | #else | ||
| 249 | v=bn_mul_add_words(rp,np,nl,(rp[0]*n0)&BN_MASK2); | ||
| 250 | #endif | ||
| 251 | nrp++; | ||
| 252 | rp++; | ||
| 253 | if (((nrp[-1]+=v)&BN_MASK2) >= v) | ||
| 254 | continue; | ||
| 255 | else | ||
| 256 | { | ||
| 257 | if (((++nrp[0])&BN_MASK2) != 0) continue; | ||
| 258 | if (((++nrp[1])&BN_MASK2) != 0) continue; | ||
| 259 | for (x=2; (((++nrp[x])&BN_MASK2) == 0); x++) ; | ||
| 260 | } | ||
| 261 | } | ||
| 262 | bn_correct_top(r); | ||
| 263 | |||
| 264 | /* mont->ri will be a multiple of the word size and below code | ||
| 265 | * is kind of BN_rshift(ret,r,mont->ri) equivalent */ | ||
| 266 | if (r->top <= ri) | ||
| 267 | { | ||
| 268 | ret->top=0; | ||
| 269 | return(1); | ||
| 270 | } | ||
| 271 | al=r->top-ri; | ||
| 272 | |||
| 273 | if (bn_wexpand(ret,ri) == NULL) return(0); | ||
| 274 | x=0-(((al-ri)>>(sizeof(al)*8-1))&1); | ||
| 275 | ret->top=x=(ri&~x)|(al&x); /* min(ri,al) */ | ||
| 276 | ret->neg=r->neg; | ||
| 277 | |||
| 278 | rp=ret->d; | ||
| 279 | ap=&(r->d[ri]); | ||
| 280 | |||
| 281 | { | ||
| 282 | size_t m1,m2; | ||
| 283 | |||
| 284 | v=bn_sub_words(rp,ap,np,ri); | ||
| 285 | /* this ----------------^^ works even in al<ri case | ||
| 286 | * thanks to zealous zeroing of top of the vector in the | ||
| 287 | * beginning. */ | ||
| 288 | |||
| 289 | /* if (al==ri && !v) || al>ri) nrp=rp; else nrp=ap; */ | ||
| 290 | /* in other words if subtraction result is real, then | ||
| 291 | * trick unconditional memcpy below to perform in-place | ||
| 292 | * "refresh" instead of actual copy. */ | ||
| 293 | m1=0-(size_t)(((al-ri)>>(sizeof(al)*8-1))&1); /* al<ri */ | ||
| 294 | m2=0-(size_t)(((ri-al)>>(sizeof(al)*8-1))&1); /* al>ri */ | ||
| 295 | m1|=m2; /* (al!=ri) */ | ||
| 296 | m1|=(0-(size_t)v); /* (al!=ri || v) */ | ||
| 297 | m1&=~m2; /* (al!=ri || v) && !al>ri */ | ||
| 298 | nrp=(BN_ULONG *)(((size_t)rp&~m1)|((size_t)ap&m1)); | ||
| 299 | } | ||
| 300 | |||
| 301 | /* 'i<ri' is chosen to eliminate dependency on input data, even | ||
| 302 | * though it results in redundant copy in al<ri case. */ | ||
| 303 | for (i=0,ri-=4; i<ri; i+=4) | ||
| 304 | { | ||
| 305 | BN_ULONG t1,t2,t3,t4; | ||
| 306 | |||
| 307 | t1=nrp[i+0]; | ||
| 308 | t2=nrp[i+1]; | ||
| 309 | t3=nrp[i+2]; ap[i+0]=0; | ||
| 310 | t4=nrp[i+3]; ap[i+1]=0; | ||
| 311 | rp[i+0]=t1; ap[i+2]=0; | ||
| 312 | rp[i+1]=t2; ap[i+3]=0; | ||
| 313 | rp[i+2]=t3; | ||
| 314 | rp[i+3]=t4; | ||
| 315 | } | ||
| 316 | for (ri+=4; i<ri; i++) | ||
| 317 | rp[i]=nrp[i], ap[i]=0; | ||
| 318 | bn_correct_top(r); | ||
| 319 | bn_correct_top(ret); | ||
| 320 | bn_check_top(ret); | ||
| 321 | |||
| 322 | return(1); | ||
| 323 | } | ||
| 324 | |||
| 325 | int BN_from_montgomery(BIGNUM *ret, const BIGNUM *a, BN_MONT_CTX *mont, | ||
| 326 | BN_CTX *ctx) | ||
| 327 | { | ||
| 328 | int retn=0; | ||
| 329 | BIGNUM *t; | ||
| 330 | |||
| 331 | BN_CTX_start(ctx); | ||
| 332 | if ((t = BN_CTX_get(ctx)) && BN_copy(t,a)) | ||
| 333 | retn = BN_from_montgomery_word(ret,t,mont); | ||
| 334 | BN_CTX_end(ctx); | ||
| 335 | return retn; | ||
| 336 | } | ||
| 337 | |||
| 338 | #else /* !MONT_FROM_WORD___NON_DEFAULT_0_9_8_BUILD */ | ||
| 339 | |||
| 99 | int BN_from_montgomery(BIGNUM *ret, const BIGNUM *a, BN_MONT_CTX *mont, | 340 | int BN_from_montgomery(BIGNUM *ret, const BIGNUM *a, BN_MONT_CTX *mont, |
| 100 | BN_CTX *ctx) | 341 | BN_CTX *ctx) |
| 101 | { | 342 | { |
| @@ -171,7 +412,7 @@ int BN_from_montgomery(BIGNUM *ret, const BIGNUM *a, BN_MONT_CTX *mont, | |||
| 171 | for (x=2; (((++nrp[x])&BN_MASK2) == 0); x++) ; | 412 | for (x=2; (((++nrp[x])&BN_MASK2) == 0); x++) ; |
| 172 | } | 413 | } |
| 173 | } | 414 | } |
| 174 | bn_fix_top(r); | 415 | bn_correct_top(r); |
| 175 | 416 | ||
| 176 | /* mont->ri will be a multiple of the word size and below code | 417 | /* mont->ri will be a multiple of the word size and below code |
| 177 | * is kind of BN_rshift(ret,r,mont->ri) equivalent */ | 418 | * is kind of BN_rshift(ret,r,mont->ri) equivalent */ |
| @@ -230,6 +471,8 @@ int BN_from_montgomery(BIGNUM *ret, const BIGNUM *a, BN_MONT_CTX *mont, | |||
| 230 | } | 471 | } |
| 231 | for (ri+=4; i<ri; i++) | 472 | for (ri+=4; i<ri; i++) |
| 232 | rp[i]=nrp[i], ap[i]=0; | 473 | rp[i]=nrp[i], ap[i]=0; |
| 474 | bn_correct_top(r); | ||
| 475 | bn_correct_top(ret); | ||
| 233 | # else | 476 | # else |
| 234 | if (bn_wexpand(ret,al) == NULL) goto err; | 477 | if (bn_wexpand(ret,al) == NULL) goto err; |
| 235 | ret->top=al; | 478 | ret->top=al; |
| @@ -281,10 +524,12 @@ int BN_from_montgomery(BIGNUM *ret, const BIGNUM *a, BN_MONT_CTX *mont, | |||
| 281 | } | 524 | } |
| 282 | #endif | 525 | #endif |
| 283 | retn=1; | 526 | retn=1; |
| 527 | bn_check_top(ret); | ||
| 284 | err: | 528 | err: |
| 285 | BN_CTX_end(ctx); | 529 | BN_CTX_end(ctx); |
| 286 | return(retn); | 530 | return(retn); |
| 287 | } | 531 | } |
| 532 | #endif /* MONT_FROM_WORD___NON_DEFAULT_0_9_8_BUILD */ | ||
| 288 | 533 | ||
| 289 | BN_MONT_CTX *BN_MONT_CTX_new(void) | 534 | BN_MONT_CTX *BN_MONT_CTX_new(void) |
| 290 | { | 535 | { |
| @@ -304,6 +549,11 @@ void BN_MONT_CTX_init(BN_MONT_CTX *ctx) | |||
| 304 | BN_init(&(ctx->RR)); | 549 | BN_init(&(ctx->RR)); |
| 305 | BN_init(&(ctx->N)); | 550 | BN_init(&(ctx->N)); |
| 306 | BN_init(&(ctx->Ni)); | 551 | BN_init(&(ctx->Ni)); |
| 552 | #if 0 /* for OpenSSL 0.9.9 mont->n0 */ | ||
| 553 | ctx->n0[0] = ctx->n0[1] = 0; | ||
| 554 | #else | ||
| 555 | ctx->n0 = 0; | ||
| 556 | #endif | ||
| 307 | ctx->flags=0; | 557 | ctx->flags=0; |
| 308 | } | 558 | } |
| 309 | 559 | ||
| @@ -321,9 +571,11 @@ void BN_MONT_CTX_free(BN_MONT_CTX *mont) | |||
| 321 | 571 | ||
| 322 | int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx) | 572 | int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx) |
| 323 | { | 573 | { |
| 324 | BIGNUM Ri,*R; | 574 | int ret = 0; |
| 575 | BIGNUM *Ri,*R; | ||
| 325 | 576 | ||
| 326 | BN_init(&Ri); | 577 | BN_CTX_start(ctx); |
| 578 | if((Ri = BN_CTX_get(ctx)) == NULL) goto err; | ||
| 327 | R= &(mont->RR); /* grab RR as a temp */ | 579 | R= &(mont->RR); /* grab RR as a temp */ |
| 328 | if (!BN_copy(&(mont->N),mod)) goto err; /* Set N */ | 580 | if (!BN_copy(&(mont->N),mod)) goto err; /* Set N */ |
| 329 | mont->N.neg = 0; | 581 | mont->N.neg = 0; |
| @@ -334,57 +586,99 @@ int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx) | |||
| 334 | BN_ULONG buf[2]; | 586 | BN_ULONG buf[2]; |
| 335 | 587 | ||
| 336 | mont->ri=(BN_num_bits(mod)+(BN_BITS2-1))/BN_BITS2*BN_BITS2; | 588 | mont->ri=(BN_num_bits(mod)+(BN_BITS2-1))/BN_BITS2*BN_BITS2; |
| 337 | if (!(BN_zero(R))) goto err; | 589 | BN_zero(R); |
| 590 | #if 0 /* for OpenSSL 0.9.9 mont->n0, would be "#if defined(OPENSSL_BN_ASM_MONT) && (BN_BITS2<=32)", | ||
| 591 | only certain BN_BITS2<=32 platforms actually need this */ | ||
| 592 | if (!(BN_set_bit(R,2*BN_BITS2))) goto err; /* R */ | ||
| 593 | #else | ||
| 338 | if (!(BN_set_bit(R,BN_BITS2))) goto err; /* R */ | 594 | if (!(BN_set_bit(R,BN_BITS2))) goto err; /* R */ |
| 595 | #endif | ||
| 339 | 596 | ||
| 340 | buf[0]=mod->d[0]; /* tmod = N mod word size */ | 597 | buf[0]=mod->d[0]; /* tmod = N mod word size */ |
| 341 | buf[1]=0; | 598 | buf[1]=0; |
| 599 | |||
| 600 | BN_init(&tmod); | ||
| 342 | tmod.d=buf; | 601 | tmod.d=buf; |
| 343 | tmod.top=1; | 602 | tmod.top = buf[0] != 0 ? 1 : 0; |
| 344 | tmod.dmax=2; | 603 | tmod.dmax=2; |
| 345 | tmod.neg=0; | 604 | tmod.neg=0; |
| 605 | |||
| 606 | #if 0 /* for OpenSSL 0.9.9 mont->n0, would be "#if defined(OPENSSL_BN_ASM_MONT) && (BN_BITS2<=32)"; | ||
| 607 | only certain BN_BITS2<=32 platforms actually need this */ | ||
| 608 | tmod.top=0; | ||
| 609 | if ((buf[0] = mod->d[0])) tmod.top=1; | ||
| 610 | if ((buf[1] = mod->top>1 ? mod->d[1] : 0)) tmod.top=2; | ||
| 611 | |||
| 612 | if ((BN_mod_inverse(Ri,R,&tmod,ctx)) == NULL) | ||
| 613 | goto err; | ||
| 614 | if (!BN_lshift(Ri,Ri,2*BN_BITS2)) goto err; /* R*Ri */ | ||
| 615 | if (!BN_is_zero(Ri)) | ||
| 616 | { | ||
| 617 | if (!BN_sub_word(Ri,1)) goto err; | ||
| 618 | } | ||
| 619 | else /* if N mod word size == 1 */ | ||
| 620 | { | ||
| 621 | if (bn_expand(Ri,(int)sizeof(BN_ULONG)*2) == NULL) | ||
| 622 | goto err; | ||
| 623 | /* Ri-- (mod double word size) */ | ||
| 624 | Ri->neg=0; | ||
| 625 | Ri->d[0]=BN_MASK2; | ||
| 626 | Ri->d[1]=BN_MASK2; | ||
| 627 | Ri->top=2; | ||
| 628 | } | ||
| 629 | if (!BN_div(Ri,NULL,Ri,&tmod,ctx)) goto err; | ||
| 630 | /* Ni = (R*Ri-1)/N, | ||
| 631 | * keep only couple of least significant words: */ | ||
| 632 | mont->n0[0] = (Ri->top > 0) ? Ri->d[0] : 0; | ||
| 633 | mont->n0[1] = (Ri->top > 1) ? Ri->d[1] : 0; | ||
| 634 | #else | ||
| 346 | /* Ri = R^-1 mod N*/ | 635 | /* Ri = R^-1 mod N*/ |
| 347 | if ((BN_mod_inverse(&Ri,R,&tmod,ctx)) == NULL) | 636 | if ((BN_mod_inverse(Ri,R,&tmod,ctx)) == NULL) |
| 348 | goto err; | 637 | goto err; |
| 349 | if (!BN_lshift(&Ri,&Ri,BN_BITS2)) goto err; /* R*Ri */ | 638 | if (!BN_lshift(Ri,Ri,BN_BITS2)) goto err; /* R*Ri */ |
| 350 | if (!BN_is_zero(&Ri)) | 639 | if (!BN_is_zero(Ri)) |
| 351 | { | 640 | { |
| 352 | if (!BN_sub_word(&Ri,1)) goto err; | 641 | if (!BN_sub_word(Ri,1)) goto err; |
| 353 | } | 642 | } |
| 354 | else /* if N mod word size == 1 */ | 643 | else /* if N mod word size == 1 */ |
| 355 | { | 644 | { |
| 356 | if (!BN_set_word(&Ri,BN_MASK2)) goto err; /* Ri-- (mod word size) */ | 645 | if (!BN_set_word(Ri,BN_MASK2)) goto err; /* Ri-- (mod word size) */ |
| 357 | } | 646 | } |
| 358 | if (!BN_div(&Ri,NULL,&Ri,&tmod,ctx)) goto err; | 647 | if (!BN_div(Ri,NULL,Ri,&tmod,ctx)) goto err; |
| 359 | /* Ni = (R*Ri-1)/N, | 648 | /* Ni = (R*Ri-1)/N, |
| 360 | * keep only least significant word: */ | 649 | * keep only least significant word: */ |
| 361 | mont->n0 = (Ri.top > 0) ? Ri.d[0] : 0; | 650 | # if 0 /* for OpenSSL 0.9.9 mont->n0 */ |
| 362 | BN_free(&Ri); | 651 | mont->n0[0] = (Ri->top > 0) ? Ri->d[0] : 0; |
| 652 | mont->n0[1] = 0; | ||
| 653 | # else | ||
| 654 | mont->n0 = (Ri->top > 0) ? Ri->d[0] : 0; | ||
| 655 | # endif | ||
| 656 | #endif | ||
| 363 | } | 657 | } |
| 364 | #else /* !MONT_WORD */ | 658 | #else /* !MONT_WORD */ |
| 365 | { /* bignum version */ | 659 | { /* bignum version */ |
| 366 | mont->ri=BN_num_bits(&mont->N); | 660 | mont->ri=BN_num_bits(&mont->N); |
| 367 | if (!BN_zero(R)) goto err; | 661 | BN_zero(R); |
| 368 | if (!BN_set_bit(R,mont->ri)) goto err; /* R = 2^ri */ | 662 | if (!BN_set_bit(R,mont->ri)) goto err; /* R = 2^ri */ |
| 369 | /* Ri = R^-1 mod N*/ | 663 | /* Ri = R^-1 mod N*/ |
| 370 | if ((BN_mod_inverse(&Ri,R,&mont->N,ctx)) == NULL) | 664 | if ((BN_mod_inverse(Ri,R,&mont->N,ctx)) == NULL) |
| 371 | goto err; | 665 | goto err; |
| 372 | if (!BN_lshift(&Ri,&Ri,mont->ri)) goto err; /* R*Ri */ | 666 | if (!BN_lshift(Ri,Ri,mont->ri)) goto err; /* R*Ri */ |
| 373 | if (!BN_sub_word(&Ri,1)) goto err; | 667 | if (!BN_sub_word(Ri,1)) goto err; |
| 374 | /* Ni = (R*Ri-1) / N */ | 668 | /* Ni = (R*Ri-1) / N */ |
| 375 | if (!BN_div(&(mont->Ni),NULL,&Ri,&mont->N,ctx)) goto err; | 669 | if (!BN_div(&(mont->Ni),NULL,Ri,&mont->N,ctx)) goto err; |
| 376 | BN_free(&Ri); | ||
| 377 | } | 670 | } |
| 378 | #endif | 671 | #endif |
| 379 | 672 | ||
| 380 | /* setup RR for conversions */ | 673 | /* setup RR for conversions */ |
| 381 | if (!BN_zero(&(mont->RR))) goto err; | 674 | BN_zero(&(mont->RR)); |
| 382 | if (!BN_set_bit(&(mont->RR),mont->ri*2)) goto err; | 675 | if (!BN_set_bit(&(mont->RR),mont->ri*2)) goto err; |
| 383 | if (!BN_mod(&(mont->RR),&(mont->RR),&(mont->N),ctx)) goto err; | 676 | if (!BN_mod(&(mont->RR),&(mont->RR),&(mont->N),ctx)) goto err; |
| 384 | 677 | ||
| 385 | return(1); | 678 | ret = 1; |
| 386 | err: | 679 | err: |
| 387 | return(0); | 680 | BN_CTX_end(ctx); |
| 681 | return ret; | ||
| 388 | } | 682 | } |
| 389 | 683 | ||
| 390 | BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to, BN_MONT_CTX *from) | 684 | BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to, BN_MONT_CTX *from) |
| @@ -395,27 +689,44 @@ BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to, BN_MONT_CTX *from) | |||
| 395 | if (!BN_copy(&(to->N),&(from->N))) return NULL; | 689 | if (!BN_copy(&(to->N),&(from->N))) return NULL; |
| 396 | if (!BN_copy(&(to->Ni),&(from->Ni))) return NULL; | 690 | if (!BN_copy(&(to->Ni),&(from->Ni))) return NULL; |
| 397 | to->ri=from->ri; | 691 | to->ri=from->ri; |
| 692 | #if 0 /* for OpenSSL 0.9.9 mont->n0 */ | ||
| 693 | to->n0[0]=from->n0[0]; | ||
| 694 | to->n0[1]=from->n0[1]; | ||
| 695 | #else | ||
| 398 | to->n0=from->n0; | 696 | to->n0=from->n0; |
| 697 | #endif | ||
| 399 | return(to); | 698 | return(to); |
| 400 | } | 699 | } |
| 401 | 700 | ||
| 402 | BN_MONT_CTX *BN_MONT_CTX_set_locked(BN_MONT_CTX **pmont, int lock, | 701 | BN_MONT_CTX *BN_MONT_CTX_set_locked(BN_MONT_CTX **pmont, int lock, |
| 403 | const BIGNUM *mod, BN_CTX *ctx) | 702 | const BIGNUM *mod, BN_CTX *ctx) |
| 404 | { | 703 | { |
| 405 | if (*pmont) | 704 | int got_write_lock = 0; |
| 406 | return *pmont; | 705 | BN_MONT_CTX *ret; |
| 407 | CRYPTO_w_lock(lock); | 706 | |
| 707 | CRYPTO_r_lock(lock); | ||
| 408 | if (!*pmont) | 708 | if (!*pmont) |
| 409 | { | 709 | { |
| 410 | *pmont = BN_MONT_CTX_new(); | 710 | CRYPTO_r_unlock(lock); |
| 411 | if (*pmont && !BN_MONT_CTX_set(*pmont, mod, ctx)) | 711 | CRYPTO_w_lock(lock); |
| 712 | got_write_lock = 1; | ||
| 713 | |||
| 714 | if (!*pmont) | ||
| 412 | { | 715 | { |
| 413 | BN_MONT_CTX_free(*pmont); | 716 | ret = BN_MONT_CTX_new(); |
| 414 | *pmont = NULL; | 717 | if (ret && !BN_MONT_CTX_set(ret, mod, ctx)) |
| 718 | BN_MONT_CTX_free(ret); | ||
| 719 | else | ||
| 720 | *pmont = ret; | ||
| 415 | } | 721 | } |
| 416 | } | 722 | } |
| 417 | CRYPTO_w_unlock(lock); | 723 | |
| 418 | return *pmont; | 724 | ret = *pmont; |
| 419 | } | 725 | |
| 726 | if (got_write_lock) | ||
| 727 | CRYPTO_w_unlock(lock); | ||
| 728 | else | ||
| 729 | CRYPTO_r_unlock(lock); | ||
| 420 | 730 | ||
| 421 | 731 | return ret; | |
| 732 | } | ||
diff --git a/src/lib/libssl/src/crypto/bn/bn_mpi.c b/src/lib/libssl/src/crypto/bn/bn_mpi.c index 05fa9d1e9a..a054d21aed 100644 --- a/src/lib/libssl/src/crypto/bn/bn_mpi.c +++ b/src/lib/libssl/src/crypto/bn/bn_mpi.c | |||
| @@ -124,6 +124,7 @@ BIGNUM *BN_mpi2bn(const unsigned char *d, int n, BIGNUM *a) | |||
| 124 | { | 124 | { |
| 125 | BN_clear_bit(a,BN_num_bits(a)-1); | 125 | BN_clear_bit(a,BN_num_bits(a)-1); |
| 126 | } | 126 | } |
| 127 | bn_check_top(a); | ||
| 127 | return(a); | 128 | return(a); |
| 128 | } | 129 | } |
| 129 | 130 | ||
diff --git a/src/lib/libssl/src/crypto/bn/bn_mul.c b/src/lib/libssl/src/crypto/bn/bn_mul.c index 3ae3822bc2..b848c8cc60 100644 --- a/src/lib/libssl/src/crypto/bn/bn_mul.c +++ b/src/lib/libssl/src/crypto/bn/bn_mul.c | |||
| @@ -56,10 +56,325 @@ | |||
| 56 | * [including the GNU Public Licence.] | 56 | * [including the GNU Public Licence.] |
| 57 | */ | 57 | */ |
| 58 | 58 | ||
| 59 | #ifndef BN_DEBUG | ||
| 60 | # undef NDEBUG /* avoid conflicting definitions */ | ||
| 61 | # define NDEBUG | ||
| 62 | #endif | ||
| 63 | |||
| 59 | #include <stdio.h> | 64 | #include <stdio.h> |
| 65 | #include <assert.h> | ||
| 60 | #include "cryptlib.h" | 66 | #include "cryptlib.h" |
| 61 | #include "bn_lcl.h" | 67 | #include "bn_lcl.h" |
| 62 | 68 | ||
| 69 | #if defined(OPENSSL_NO_ASM) || !defined(OPENSSL_BN_ASM_PART_WORDS) | ||
| 70 | /* Here follows specialised variants of bn_add_words() and | ||
| 71 | bn_sub_words(). They have the property performing operations on | ||
| 72 | arrays of different sizes. The sizes of those arrays is expressed through | ||
| 73 | cl, which is the common length ( basicall, min(len(a),len(b)) ), and dl, | ||
| 74 | which is the delta between the two lengths, calculated as len(a)-len(b). | ||
| 75 | All lengths are the number of BN_ULONGs... For the operations that require | ||
| 76 | a result array as parameter, it must have the length cl+abs(dl). | ||
| 77 | These functions should probably end up in bn_asm.c as soon as there are | ||
| 78 | assembler counterparts for the systems that use assembler files. */ | ||
| 79 | |||
| 80 | BN_ULONG bn_sub_part_words(BN_ULONG *r, | ||
| 81 | const BN_ULONG *a, const BN_ULONG *b, | ||
| 82 | int cl, int dl) | ||
| 83 | { | ||
| 84 | BN_ULONG c, t; | ||
| 85 | |||
| 86 | assert(cl >= 0); | ||
| 87 | c = bn_sub_words(r, a, b, cl); | ||
| 88 | |||
| 89 | if (dl == 0) | ||
| 90 | return c; | ||
| 91 | |||
| 92 | r += cl; | ||
| 93 | a += cl; | ||
| 94 | b += cl; | ||
| 95 | |||
| 96 | if (dl < 0) | ||
| 97 | { | ||
| 98 | #ifdef BN_COUNT | ||
| 99 | fprintf(stderr, " bn_sub_part_words %d + %d (dl < 0, c = %d)\n", cl, dl, c); | ||
| 100 | #endif | ||
| 101 | for (;;) | ||
| 102 | { | ||
| 103 | t = b[0]; | ||
| 104 | r[0] = (0-t-c)&BN_MASK2; | ||
| 105 | if (t != 0) c=1; | ||
| 106 | if (++dl >= 0) break; | ||
| 107 | |||
| 108 | t = b[1]; | ||
| 109 | r[1] = (0-t-c)&BN_MASK2; | ||
| 110 | if (t != 0) c=1; | ||
| 111 | if (++dl >= 0) break; | ||
| 112 | |||
| 113 | t = b[2]; | ||
| 114 | r[2] = (0-t-c)&BN_MASK2; | ||
| 115 | if (t != 0) c=1; | ||
| 116 | if (++dl >= 0) break; | ||
| 117 | |||
| 118 | t = b[3]; | ||
| 119 | r[3] = (0-t-c)&BN_MASK2; | ||
| 120 | if (t != 0) c=1; | ||
| 121 | if (++dl >= 0) break; | ||
| 122 | |||
| 123 | b += 4; | ||
| 124 | r += 4; | ||
| 125 | } | ||
| 126 | } | ||
| 127 | else | ||
| 128 | { | ||
| 129 | int save_dl = dl; | ||
| 130 | #ifdef BN_COUNT | ||
| 131 | fprintf(stderr, " bn_sub_part_words %d + %d (dl > 0, c = %d)\n", cl, dl, c); | ||
| 132 | #endif | ||
| 133 | while(c) | ||
| 134 | { | ||
| 135 | t = a[0]; | ||
| 136 | r[0] = (t-c)&BN_MASK2; | ||
| 137 | if (t != 0) c=0; | ||
| 138 | if (--dl <= 0) break; | ||
| 139 | |||
| 140 | t = a[1]; | ||
| 141 | r[1] = (t-c)&BN_MASK2; | ||
| 142 | if (t != 0) c=0; | ||
| 143 | if (--dl <= 0) break; | ||
| 144 | |||
| 145 | t = a[2]; | ||
| 146 | r[2] = (t-c)&BN_MASK2; | ||
| 147 | if (t != 0) c=0; | ||
| 148 | if (--dl <= 0) break; | ||
| 149 | |||
| 150 | t = a[3]; | ||
| 151 | r[3] = (t-c)&BN_MASK2; | ||
| 152 | if (t != 0) c=0; | ||
| 153 | if (--dl <= 0) break; | ||
| 154 | |||
| 155 | save_dl = dl; | ||
| 156 | a += 4; | ||
| 157 | r += 4; | ||
| 158 | } | ||
| 159 | if (dl > 0) | ||
| 160 | { | ||
| 161 | #ifdef BN_COUNT | ||
| 162 | fprintf(stderr, " bn_sub_part_words %d + %d (dl > 0, c == 0)\n", cl, dl); | ||
| 163 | #endif | ||
| 164 | if (save_dl > dl) | ||
| 165 | { | ||
| 166 | switch (save_dl - dl) | ||
| 167 | { | ||
| 168 | case 1: | ||
| 169 | r[1] = a[1]; | ||
| 170 | if (--dl <= 0) break; | ||
| 171 | case 2: | ||
| 172 | r[2] = a[2]; | ||
| 173 | if (--dl <= 0) break; | ||
| 174 | case 3: | ||
| 175 | r[3] = a[3]; | ||
| 176 | if (--dl <= 0) break; | ||
| 177 | } | ||
| 178 | a += 4; | ||
| 179 | r += 4; | ||
| 180 | } | ||
| 181 | } | ||
| 182 | if (dl > 0) | ||
| 183 | { | ||
| 184 | #ifdef BN_COUNT | ||
| 185 | fprintf(stderr, " bn_sub_part_words %d + %d (dl > 0, copy)\n", cl, dl); | ||
| 186 | #endif | ||
| 187 | for(;;) | ||
| 188 | { | ||
| 189 | r[0] = a[0]; | ||
| 190 | if (--dl <= 0) break; | ||
| 191 | r[1] = a[1]; | ||
| 192 | if (--dl <= 0) break; | ||
| 193 | r[2] = a[2]; | ||
| 194 | if (--dl <= 0) break; | ||
| 195 | r[3] = a[3]; | ||
| 196 | if (--dl <= 0) break; | ||
| 197 | |||
| 198 | a += 4; | ||
| 199 | r += 4; | ||
| 200 | } | ||
| 201 | } | ||
| 202 | } | ||
| 203 | return c; | ||
| 204 | } | ||
| 205 | #endif | ||
| 206 | |||
| 207 | BN_ULONG bn_add_part_words(BN_ULONG *r, | ||
| 208 | const BN_ULONG *a, const BN_ULONG *b, | ||
| 209 | int cl, int dl) | ||
| 210 | { | ||
| 211 | BN_ULONG c, l, t; | ||
| 212 | |||
| 213 | assert(cl >= 0); | ||
| 214 | c = bn_add_words(r, a, b, cl); | ||
| 215 | |||
| 216 | if (dl == 0) | ||
| 217 | return c; | ||
| 218 | |||
| 219 | r += cl; | ||
| 220 | a += cl; | ||
| 221 | b += cl; | ||
| 222 | |||
| 223 | if (dl < 0) | ||
| 224 | { | ||
| 225 | int save_dl = dl; | ||
| 226 | #ifdef BN_COUNT | ||
| 227 | fprintf(stderr, " bn_add_part_words %d + %d (dl < 0, c = %d)\n", cl, dl, c); | ||
| 228 | #endif | ||
| 229 | while (c) | ||
| 230 | { | ||
| 231 | l=(c+b[0])&BN_MASK2; | ||
| 232 | c=(l < c); | ||
| 233 | r[0]=l; | ||
| 234 | if (++dl >= 0) break; | ||
| 235 | |||
| 236 | l=(c+b[1])&BN_MASK2; | ||
| 237 | c=(l < c); | ||
| 238 | r[1]=l; | ||
| 239 | if (++dl >= 0) break; | ||
| 240 | |||
| 241 | l=(c+b[2])&BN_MASK2; | ||
| 242 | c=(l < c); | ||
| 243 | r[2]=l; | ||
| 244 | if (++dl >= 0) break; | ||
| 245 | |||
| 246 | l=(c+b[3])&BN_MASK2; | ||
| 247 | c=(l < c); | ||
| 248 | r[3]=l; | ||
| 249 | if (++dl >= 0) break; | ||
| 250 | |||
| 251 | save_dl = dl; | ||
| 252 | b+=4; | ||
| 253 | r+=4; | ||
| 254 | } | ||
| 255 | if (dl < 0) | ||
| 256 | { | ||
| 257 | #ifdef BN_COUNT | ||
| 258 | fprintf(stderr, " bn_add_part_words %d + %d (dl < 0, c == 0)\n", cl, dl); | ||
| 259 | #endif | ||
| 260 | if (save_dl < dl) | ||
| 261 | { | ||
| 262 | switch (dl - save_dl) | ||
| 263 | { | ||
| 264 | case 1: | ||
| 265 | r[1] = b[1]; | ||
| 266 | if (++dl >= 0) break; | ||
| 267 | case 2: | ||
| 268 | r[2] = b[2]; | ||
| 269 | if (++dl >= 0) break; | ||
| 270 | case 3: | ||
| 271 | r[3] = b[3]; | ||
| 272 | if (++dl >= 0) break; | ||
| 273 | } | ||
| 274 | b += 4; | ||
| 275 | r += 4; | ||
| 276 | } | ||
| 277 | } | ||
| 278 | if (dl < 0) | ||
| 279 | { | ||
| 280 | #ifdef BN_COUNT | ||
| 281 | fprintf(stderr, " bn_add_part_words %d + %d (dl < 0, copy)\n", cl, dl); | ||
| 282 | #endif | ||
| 283 | for(;;) | ||
| 284 | { | ||
| 285 | r[0] = b[0]; | ||
| 286 | if (++dl >= 0) break; | ||
| 287 | r[1] = b[1]; | ||
| 288 | if (++dl >= 0) break; | ||
| 289 | r[2] = b[2]; | ||
| 290 | if (++dl >= 0) break; | ||
| 291 | r[3] = b[3]; | ||
| 292 | if (++dl >= 0) break; | ||
| 293 | |||
| 294 | b += 4; | ||
| 295 | r += 4; | ||
| 296 | } | ||
| 297 | } | ||
| 298 | } | ||
| 299 | else | ||
| 300 | { | ||
| 301 | int save_dl = dl; | ||
| 302 | #ifdef BN_COUNT | ||
| 303 | fprintf(stderr, " bn_add_part_words %d + %d (dl > 0)\n", cl, dl); | ||
| 304 | #endif | ||
| 305 | while (c) | ||
| 306 | { | ||
| 307 | t=(a[0]+c)&BN_MASK2; | ||
| 308 | c=(t < c); | ||
| 309 | r[0]=t; | ||
| 310 | if (--dl <= 0) break; | ||
| 311 | |||
| 312 | t=(a[1]+c)&BN_MASK2; | ||
| 313 | c=(t < c); | ||
| 314 | r[1]=t; | ||
| 315 | if (--dl <= 0) break; | ||
| 316 | |||
| 317 | t=(a[2]+c)&BN_MASK2; | ||
| 318 | c=(t < c); | ||
| 319 | r[2]=t; | ||
| 320 | if (--dl <= 0) break; | ||
| 321 | |||
| 322 | t=(a[3]+c)&BN_MASK2; | ||
| 323 | c=(t < c); | ||
| 324 | r[3]=t; | ||
| 325 | if (--dl <= 0) break; | ||
| 326 | |||
| 327 | save_dl = dl; | ||
| 328 | a+=4; | ||
| 329 | r+=4; | ||
| 330 | } | ||
| 331 | #ifdef BN_COUNT | ||
| 332 | fprintf(stderr, " bn_add_part_words %d + %d (dl > 0, c == 0)\n", cl, dl); | ||
| 333 | #endif | ||
| 334 | if (dl > 0) | ||
| 335 | { | ||
| 336 | if (save_dl > dl) | ||
| 337 | { | ||
| 338 | switch (save_dl - dl) | ||
| 339 | { | ||
| 340 | case 1: | ||
| 341 | r[1] = a[1]; | ||
| 342 | if (--dl <= 0) break; | ||
| 343 | case 2: | ||
| 344 | r[2] = a[2]; | ||
| 345 | if (--dl <= 0) break; | ||
| 346 | case 3: | ||
| 347 | r[3] = a[3]; | ||
| 348 | if (--dl <= 0) break; | ||
| 349 | } | ||
| 350 | a += 4; | ||
| 351 | r += 4; | ||
| 352 | } | ||
| 353 | } | ||
| 354 | if (dl > 0) | ||
| 355 | { | ||
| 356 | #ifdef BN_COUNT | ||
| 357 | fprintf(stderr, " bn_add_part_words %d + %d (dl > 0, copy)\n", cl, dl); | ||
| 358 | #endif | ||
| 359 | for(;;) | ||
| 360 | { | ||
| 361 | r[0] = a[0]; | ||
| 362 | if (--dl <= 0) break; | ||
| 363 | r[1] = a[1]; | ||
| 364 | if (--dl <= 0) break; | ||
| 365 | r[2] = a[2]; | ||
| 366 | if (--dl <= 0) break; | ||
| 367 | r[3] = a[3]; | ||
| 368 | if (--dl <= 0) break; | ||
| 369 | |||
| 370 | a += 4; | ||
| 371 | r += 4; | ||
| 372 | } | ||
| 373 | } | ||
| 374 | } | ||
| 375 | return c; | ||
| 376 | } | ||
| 377 | |||
| 63 | #ifdef BN_RECURSION | 378 | #ifdef BN_RECURSION |
| 64 | /* Karatsuba recursive multiplication algorithm | 379 | /* Karatsuba recursive multiplication algorithm |
| 65 | * (cf. Knuth, The Art of Computer Programming, Vol. 2) */ | 380 | * (cf. Knuth, The Art of Computer Programming, Vol. 2) */ |
| @@ -74,15 +389,17 @@ | |||
| 74 | * a[0]*b[0]+a[1]*b[1]+(a[0]-a[1])*(b[1]-b[0]) | 389 | * a[0]*b[0]+a[1]*b[1]+(a[0]-a[1])*(b[1]-b[0]) |
| 75 | * a[1]*b[1] | 390 | * a[1]*b[1] |
| 76 | */ | 391 | */ |
| 392 | /* dnX may not be positive, but n2/2+dnX has to be */ | ||
| 77 | void bn_mul_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2, | 393 | void bn_mul_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2, |
| 78 | BN_ULONG *t) | 394 | int dna, int dnb, BN_ULONG *t) |
| 79 | { | 395 | { |
| 80 | int n=n2/2,c1,c2; | 396 | int n=n2/2,c1,c2; |
| 397 | int tna=n+dna, tnb=n+dnb; | ||
| 81 | unsigned int neg,zero; | 398 | unsigned int neg,zero; |
| 82 | BN_ULONG ln,lo,*p; | 399 | BN_ULONG ln,lo,*p; |
| 83 | 400 | ||
| 84 | # ifdef BN_COUNT | 401 | # ifdef BN_COUNT |
| 85 | printf(" bn_mul_recursive %d * %d\n",n2,n2); | 402 | fprintf(stderr," bn_mul_recursive %d%+d * %d%+d\n",n2,dna,n2,dnb); |
| 86 | # endif | 403 | # endif |
| 87 | # ifdef BN_MUL_COMBA | 404 | # ifdef BN_MUL_COMBA |
| 88 | # if 0 | 405 | # if 0 |
| @@ -92,34 +409,40 @@ void bn_mul_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2, | |||
| 92 | return; | 409 | return; |
| 93 | } | 410 | } |
| 94 | # endif | 411 | # endif |
| 95 | if (n2 == 8) | 412 | /* Only call bn_mul_comba 8 if n2 == 8 and the |
| 413 | * two arrays are complete [steve] | ||
| 414 | */ | ||
| 415 | if (n2 == 8 && dna == 0 && dnb == 0) | ||
| 96 | { | 416 | { |
| 97 | bn_mul_comba8(r,a,b); | 417 | bn_mul_comba8(r,a,b); |
| 98 | return; | 418 | return; |
| 99 | } | 419 | } |
| 100 | # endif /* BN_MUL_COMBA */ | 420 | # endif /* BN_MUL_COMBA */ |
| 421 | /* Else do normal multiply */ | ||
| 101 | if (n2 < BN_MUL_RECURSIVE_SIZE_NORMAL) | 422 | if (n2 < BN_MUL_RECURSIVE_SIZE_NORMAL) |
| 102 | { | 423 | { |
| 103 | /* This should not happen */ | 424 | bn_mul_normal(r,a,n2+dna,b,n2+dnb); |
| 104 | bn_mul_normal(r,a,n2,b,n2); | 425 | if ((dna + dnb) < 0) |
| 426 | memset(&r[2*n2 + dna + dnb], 0, | ||
| 427 | sizeof(BN_ULONG) * -(dna + dnb)); | ||
| 105 | return; | 428 | return; |
| 106 | } | 429 | } |
| 107 | /* r=(a[0]-a[1])*(b[1]-b[0]) */ | 430 | /* r=(a[0]-a[1])*(b[1]-b[0]) */ |
| 108 | c1=bn_cmp_words(a,&(a[n]),n); | 431 | c1=bn_cmp_part_words(a,&(a[n]),tna,n-tna); |
| 109 | c2=bn_cmp_words(&(b[n]),b,n); | 432 | c2=bn_cmp_part_words(&(b[n]),b,tnb,tnb-n); |
| 110 | zero=neg=0; | 433 | zero=neg=0; |
| 111 | switch (c1*3+c2) | 434 | switch (c1*3+c2) |
| 112 | { | 435 | { |
| 113 | case -4: | 436 | case -4: |
| 114 | bn_sub_words(t, &(a[n]),a, n); /* - */ | 437 | bn_sub_part_words(t, &(a[n]),a, tna,tna-n); /* - */ |
| 115 | bn_sub_words(&(t[n]),b, &(b[n]),n); /* - */ | 438 | bn_sub_part_words(&(t[n]),b, &(b[n]),tnb,n-tnb); /* - */ |
| 116 | break; | 439 | break; |
| 117 | case -3: | 440 | case -3: |
| 118 | zero=1; | 441 | zero=1; |
| 119 | break; | 442 | break; |
| 120 | case -2: | 443 | case -2: |
| 121 | bn_sub_words(t, &(a[n]),a, n); /* - */ | 444 | bn_sub_part_words(t, &(a[n]),a, tna,tna-n); /* - */ |
| 122 | bn_sub_words(&(t[n]),&(b[n]),b, n); /* + */ | 445 | bn_sub_part_words(&(t[n]),&(b[n]),b, tnb,tnb-n); /* + */ |
| 123 | neg=1; | 446 | neg=1; |
| 124 | break; | 447 | break; |
| 125 | case -1: | 448 | case -1: |
| @@ -128,21 +451,22 @@ void bn_mul_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2, | |||
| 128 | zero=1; | 451 | zero=1; |
| 129 | break; | 452 | break; |
| 130 | case 2: | 453 | case 2: |
| 131 | bn_sub_words(t, a, &(a[n]),n); /* + */ | 454 | bn_sub_part_words(t, a, &(a[n]),tna,n-tna); /* + */ |
| 132 | bn_sub_words(&(t[n]),b, &(b[n]),n); /* - */ | 455 | bn_sub_part_words(&(t[n]),b, &(b[n]),tnb,n-tnb); /* - */ |
| 133 | neg=1; | 456 | neg=1; |
| 134 | break; | 457 | break; |
| 135 | case 3: | 458 | case 3: |
| 136 | zero=1; | 459 | zero=1; |
| 137 | break; | 460 | break; |
| 138 | case 4: | 461 | case 4: |
| 139 | bn_sub_words(t, a, &(a[n]),n); | 462 | bn_sub_part_words(t, a, &(a[n]),tna,n-tna); |
| 140 | bn_sub_words(&(t[n]),&(b[n]),b, n); | 463 | bn_sub_part_words(&(t[n]),&(b[n]),b, tnb,tnb-n); |
| 141 | break; | 464 | break; |
| 142 | } | 465 | } |
| 143 | 466 | ||
| 144 | # ifdef BN_MUL_COMBA | 467 | # ifdef BN_MUL_COMBA |
| 145 | if (n == 4) | 468 | if (n == 4 && dna == 0 && dnb == 0) /* XXX: bn_mul_comba4 could take |
| 469 | extra args to do this well */ | ||
| 146 | { | 470 | { |
| 147 | if (!zero) | 471 | if (!zero) |
| 148 | bn_mul_comba4(&(t[n2]),t,&(t[n])); | 472 | bn_mul_comba4(&(t[n2]),t,&(t[n])); |
| @@ -152,7 +476,9 @@ void bn_mul_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2, | |||
| 152 | bn_mul_comba4(r,a,b); | 476 | bn_mul_comba4(r,a,b); |
| 153 | bn_mul_comba4(&(r[n2]),&(a[n]),&(b[n])); | 477 | bn_mul_comba4(&(r[n2]),&(a[n]),&(b[n])); |
| 154 | } | 478 | } |
| 155 | else if (n == 8) | 479 | else if (n == 8 && dna == 0 && dnb == 0) /* XXX: bn_mul_comba8 could |
| 480 | take extra args to do this | ||
| 481 | well */ | ||
| 156 | { | 482 | { |
| 157 | if (!zero) | 483 | if (!zero) |
| 158 | bn_mul_comba8(&(t[n2]),t,&(t[n])); | 484 | bn_mul_comba8(&(t[n2]),t,&(t[n])); |
| @@ -167,11 +493,11 @@ void bn_mul_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2, | |||
| 167 | { | 493 | { |
| 168 | p= &(t[n2*2]); | 494 | p= &(t[n2*2]); |
| 169 | if (!zero) | 495 | if (!zero) |
| 170 | bn_mul_recursive(&(t[n2]),t,&(t[n]),n,p); | 496 | bn_mul_recursive(&(t[n2]),t,&(t[n]),n,0,0,p); |
| 171 | else | 497 | else |
| 172 | memset(&(t[n2]),0,n2*sizeof(BN_ULONG)); | 498 | memset(&(t[n2]),0,n2*sizeof(BN_ULONG)); |
| 173 | bn_mul_recursive(r,a,b,n,p); | 499 | bn_mul_recursive(r,a,b,n,0,0,p); |
| 174 | bn_mul_recursive(&(r[n2]),&(a[n]),&(b[n]),n,p); | 500 | bn_mul_recursive(&(r[n2]),&(a[n]),&(b[n]),n,dna,dnb,p); |
| 175 | } | 501 | } |
| 176 | 502 | ||
| 177 | /* t[32] holds (a[0]-a[1])*(b[1]-b[0]), c1 is the sign | 503 | /* t[32] holds (a[0]-a[1])*(b[1]-b[0]), c1 is the sign |
| @@ -220,39 +546,40 @@ void bn_mul_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2, | |||
| 220 | 546 | ||
| 221 | /* n+tn is the word length | 547 | /* n+tn is the word length |
| 222 | * t needs to be n*4 is size, as does r */ | 548 | * t needs to be n*4 is size, as does r */ |
| 223 | void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int tn, | 549 | /* tnX may not be negative but less than n */ |
| 224 | int n, BN_ULONG *t) | 550 | void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n, |
| 551 | int tna, int tnb, BN_ULONG *t) | ||
| 225 | { | 552 | { |
| 226 | int i,j,n2=n*2; | 553 | int i,j,n2=n*2; |
| 227 | int c1,c2,neg,zero; | 554 | int c1,c2,neg,zero; |
| 228 | BN_ULONG ln,lo,*p; | 555 | BN_ULONG ln,lo,*p; |
| 229 | 556 | ||
| 230 | # ifdef BN_COUNT | 557 | # ifdef BN_COUNT |
| 231 | printf(" bn_mul_part_recursive %d * %d\n",tn+n,tn+n); | 558 | fprintf(stderr," bn_mul_part_recursive (%d%+d) * (%d%+d)\n", |
| 559 | n, tna, n, tnb); | ||
| 232 | # endif | 560 | # endif |
| 233 | if (n < 8) | 561 | if (n < 8) |
| 234 | { | 562 | { |
| 235 | i=tn+n; | 563 | bn_mul_normal(r,a,n+tna,b,n+tnb); |
| 236 | bn_mul_normal(r,a,i,b,i); | ||
| 237 | return; | 564 | return; |
| 238 | } | 565 | } |
| 239 | 566 | ||
| 240 | /* r=(a[0]-a[1])*(b[1]-b[0]) */ | 567 | /* r=(a[0]-a[1])*(b[1]-b[0]) */ |
| 241 | c1=bn_cmp_words(a,&(a[n]),n); | 568 | c1=bn_cmp_part_words(a,&(a[n]),tna,n-tna); |
| 242 | c2=bn_cmp_words(&(b[n]),b,n); | 569 | c2=bn_cmp_part_words(&(b[n]),b,tnb,tnb-n); |
| 243 | zero=neg=0; | 570 | zero=neg=0; |
| 244 | switch (c1*3+c2) | 571 | switch (c1*3+c2) |
| 245 | { | 572 | { |
| 246 | case -4: | 573 | case -4: |
| 247 | bn_sub_words(t, &(a[n]),a, n); /* - */ | 574 | bn_sub_part_words(t, &(a[n]),a, tna,tna-n); /* - */ |
| 248 | bn_sub_words(&(t[n]),b, &(b[n]),n); /* - */ | 575 | bn_sub_part_words(&(t[n]),b, &(b[n]),tnb,n-tnb); /* - */ |
| 249 | break; | 576 | break; |
| 250 | case -3: | 577 | case -3: |
| 251 | zero=1; | 578 | zero=1; |
| 252 | /* break; */ | 579 | /* break; */ |
| 253 | case -2: | 580 | case -2: |
| 254 | bn_sub_words(t, &(a[n]),a, n); /* - */ | 581 | bn_sub_part_words(t, &(a[n]),a, tna,tna-n); /* - */ |
| 255 | bn_sub_words(&(t[n]),&(b[n]),b, n); /* + */ | 582 | bn_sub_part_words(&(t[n]),&(b[n]),b, tnb,tnb-n); /* + */ |
| 256 | neg=1; | 583 | neg=1; |
| 257 | break; | 584 | break; |
| 258 | case -1: | 585 | case -1: |
| @@ -261,16 +588,16 @@ void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int tn, | |||
| 261 | zero=1; | 588 | zero=1; |
| 262 | /* break; */ | 589 | /* break; */ |
| 263 | case 2: | 590 | case 2: |
| 264 | bn_sub_words(t, a, &(a[n]),n); /* + */ | 591 | bn_sub_part_words(t, a, &(a[n]),tna,n-tna); /* + */ |
| 265 | bn_sub_words(&(t[n]),b, &(b[n]),n); /* - */ | 592 | bn_sub_part_words(&(t[n]),b, &(b[n]),tnb,n-tnb); /* - */ |
| 266 | neg=1; | 593 | neg=1; |
| 267 | break; | 594 | break; |
| 268 | case 3: | 595 | case 3: |
| 269 | zero=1; | 596 | zero=1; |
| 270 | /* break; */ | 597 | /* break; */ |
| 271 | case 4: | 598 | case 4: |
| 272 | bn_sub_words(t, a, &(a[n]),n); | 599 | bn_sub_part_words(t, a, &(a[n]),tna,n-tna); |
| 273 | bn_sub_words(&(t[n]),&(b[n]),b, n); | 600 | bn_sub_part_words(&(t[n]),&(b[n]),b, tnb,tnb-n); |
| 274 | break; | 601 | break; |
| 275 | } | 602 | } |
| 276 | /* The zero case isn't yet implemented here. The speedup | 603 | /* The zero case isn't yet implemented here. The speedup |
| @@ -289,54 +616,62 @@ void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int tn, | |||
| 289 | { | 616 | { |
| 290 | bn_mul_comba8(&(t[n2]),t,&(t[n])); | 617 | bn_mul_comba8(&(t[n2]),t,&(t[n])); |
| 291 | bn_mul_comba8(r,a,b); | 618 | bn_mul_comba8(r,a,b); |
| 292 | bn_mul_normal(&(r[n2]),&(a[n]),tn,&(b[n]),tn); | 619 | bn_mul_normal(&(r[n2]),&(a[n]),tna,&(b[n]),tnb); |
| 293 | memset(&(r[n2+tn*2]),0,sizeof(BN_ULONG)*(n2-tn*2)); | 620 | memset(&(r[n2+tna+tnb]),0,sizeof(BN_ULONG)*(n2-tna-tnb)); |
| 294 | } | 621 | } |
| 295 | else | 622 | else |
| 296 | { | 623 | { |
| 297 | p= &(t[n2*2]); | 624 | p= &(t[n2*2]); |
| 298 | bn_mul_recursive(&(t[n2]),t,&(t[n]),n,p); | 625 | bn_mul_recursive(&(t[n2]),t,&(t[n]),n,0,0,p); |
| 299 | bn_mul_recursive(r,a,b,n,p); | 626 | bn_mul_recursive(r,a,b,n,0,0,p); |
| 300 | i=n/2; | 627 | i=n/2; |
| 301 | /* If there is only a bottom half to the number, | 628 | /* If there is only a bottom half to the number, |
| 302 | * just do it */ | 629 | * just do it */ |
| 303 | j=tn-i; | 630 | if (tna > tnb) |
| 631 | j = tna - i; | ||
| 632 | else | ||
| 633 | j = tnb - i; | ||
| 304 | if (j == 0) | 634 | if (j == 0) |
| 305 | { | 635 | { |
| 306 | bn_mul_recursive(&(r[n2]),&(a[n]),&(b[n]),i,p); | 636 | bn_mul_recursive(&(r[n2]),&(a[n]),&(b[n]), |
| 637 | i,tna-i,tnb-i,p); | ||
| 307 | memset(&(r[n2+i*2]),0,sizeof(BN_ULONG)*(n2-i*2)); | 638 | memset(&(r[n2+i*2]),0,sizeof(BN_ULONG)*(n2-i*2)); |
| 308 | } | 639 | } |
| 309 | else if (j > 0) /* eg, n == 16, i == 8 and tn == 11 */ | 640 | else if (j > 0) /* eg, n == 16, i == 8 and tn == 11 */ |
| 310 | { | 641 | { |
| 311 | bn_mul_part_recursive(&(r[n2]),&(a[n]),&(b[n]), | 642 | bn_mul_part_recursive(&(r[n2]),&(a[n]),&(b[n]), |
| 312 | j,i,p); | 643 | i,tna-i,tnb-i,p); |
| 313 | memset(&(r[n2+tn*2]),0, | 644 | memset(&(r[n2+tna+tnb]),0, |
| 314 | sizeof(BN_ULONG)*(n2-tn*2)); | 645 | sizeof(BN_ULONG)*(n2-tna-tnb)); |
| 315 | } | 646 | } |
| 316 | else /* (j < 0) eg, n == 16, i == 8 and tn == 5 */ | 647 | else /* (j < 0) eg, n == 16, i == 8 and tn == 5 */ |
| 317 | { | 648 | { |
| 318 | memset(&(r[n2]),0,sizeof(BN_ULONG)*n2); | 649 | memset(&(r[n2]),0,sizeof(BN_ULONG)*n2); |
| 319 | if (tn < BN_MUL_RECURSIVE_SIZE_NORMAL) | 650 | if (tna < BN_MUL_RECURSIVE_SIZE_NORMAL |
| 651 | && tnb < BN_MUL_RECURSIVE_SIZE_NORMAL) | ||
| 320 | { | 652 | { |
| 321 | bn_mul_normal(&(r[n2]),&(a[n]),tn,&(b[n]),tn); | 653 | bn_mul_normal(&(r[n2]),&(a[n]),tna,&(b[n]),tnb); |
| 322 | } | 654 | } |
| 323 | else | 655 | else |
| 324 | { | 656 | { |
| 325 | for (;;) | 657 | for (;;) |
| 326 | { | 658 | { |
| 327 | i/=2; | 659 | i/=2; |
| 328 | if (i < tn) | 660 | /* these simplified conditions work |
| 661 | * exclusively because difference | ||
| 662 | * between tna and tnb is 1 or 0 */ | ||
| 663 | if (i < tna || i < tnb) | ||
| 329 | { | 664 | { |
| 330 | bn_mul_part_recursive(&(r[n2]), | 665 | bn_mul_part_recursive(&(r[n2]), |
| 331 | &(a[n]),&(b[n]), | 666 | &(a[n]),&(b[n]), |
| 332 | tn-i,i,p); | 667 | i,tna-i,tnb-i,p); |
| 333 | break; | 668 | break; |
| 334 | } | 669 | } |
| 335 | else if (i == tn) | 670 | else if (i == tna || i == tnb) |
| 336 | { | 671 | { |
| 337 | bn_mul_recursive(&(r[n2]), | 672 | bn_mul_recursive(&(r[n2]), |
| 338 | &(a[n]),&(b[n]), | 673 | &(a[n]),&(b[n]), |
| 339 | i,p); | 674 | i,tna-i,tnb-i,p); |
| 340 | break; | 675 | break; |
| 341 | } | 676 | } |
| 342 | } | 677 | } |
| @@ -397,10 +732,10 @@ void bn_mul_low_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2, | |||
| 397 | int n=n2/2; | 732 | int n=n2/2; |
| 398 | 733 | ||
| 399 | # ifdef BN_COUNT | 734 | # ifdef BN_COUNT |
| 400 | printf(" bn_mul_low_recursive %d * %d\n",n2,n2); | 735 | fprintf(stderr," bn_mul_low_recursive %d * %d\n",n2,n2); |
| 401 | # endif | 736 | # endif |
| 402 | 737 | ||
| 403 | bn_mul_recursive(r,a,b,n,&(t[0])); | 738 | bn_mul_recursive(r,a,b,n,0,0,&(t[0])); |
| 404 | if (n >= BN_MUL_LOW_RECURSIVE_SIZE_NORMAL) | 739 | if (n >= BN_MUL_LOW_RECURSIVE_SIZE_NORMAL) |
| 405 | { | 740 | { |
| 406 | bn_mul_low_recursive(&(t[0]),&(a[0]),&(b[n]),n,&(t[n2])); | 741 | bn_mul_low_recursive(&(t[0]),&(a[0]),&(b[n]),n,&(t[n2])); |
| @@ -431,7 +766,7 @@ void bn_mul_high(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, BN_ULONG *l, int n2, | |||
| 431 | BN_ULONG ll,lc,*lp,*mp; | 766 | BN_ULONG ll,lc,*lp,*mp; |
| 432 | 767 | ||
| 433 | # ifdef BN_COUNT | 768 | # ifdef BN_COUNT |
| 434 | printf(" bn_mul_high %d * %d\n",n2,n2); | 769 | fprintf(stderr," bn_mul_high %d * %d\n",n2,n2); |
| 435 | # endif | 770 | # endif |
| 436 | n=n2/2; | 771 | n=n2/2; |
| 437 | 772 | ||
| @@ -484,8 +819,8 @@ void bn_mul_high(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, BN_ULONG *l, int n2, | |||
| 484 | else | 819 | else |
| 485 | # endif | 820 | # endif |
| 486 | { | 821 | { |
| 487 | bn_mul_recursive(&(t[0]),&(r[0]),&(r[n]),n,&(t[n2])); | 822 | bn_mul_recursive(&(t[0]),&(r[0]),&(r[n]),n,0,0,&(t[n2])); |
| 488 | bn_mul_recursive(r,&(a[n]),&(b[n]),n,&(t[n2])); | 823 | bn_mul_recursive(r,&(a[n]),&(b[n]),n,0,0,&(t[n2])); |
| 489 | } | 824 | } |
| 490 | 825 | ||
| 491 | /* s0 == low(al*bl) | 826 | /* s0 == low(al*bl) |
| @@ -610,19 +945,19 @@ void bn_mul_high(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, BN_ULONG *l, int n2, | |||
| 610 | 945 | ||
| 611 | int BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) | 946 | int BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) |
| 612 | { | 947 | { |
| 948 | int ret=0; | ||
| 613 | int top,al,bl; | 949 | int top,al,bl; |
| 614 | BIGNUM *rr; | 950 | BIGNUM *rr; |
| 615 | int ret = 0; | ||
| 616 | #if defined(BN_MUL_COMBA) || defined(BN_RECURSION) | 951 | #if defined(BN_MUL_COMBA) || defined(BN_RECURSION) |
| 617 | int i; | 952 | int i; |
| 618 | #endif | 953 | #endif |
| 619 | #ifdef BN_RECURSION | 954 | #ifdef BN_RECURSION |
| 620 | BIGNUM *t; | 955 | BIGNUM *t=NULL; |
| 621 | int j,k; | 956 | int j=0,k; |
| 622 | #endif | 957 | #endif |
| 623 | 958 | ||
| 624 | #ifdef BN_COUNT | 959 | #ifdef BN_COUNT |
| 625 | printf("BN_mul %d * %d\n",a->top,b->top); | 960 | fprintf(stderr,"BN_mul %d * %d\n",a->top,b->top); |
| 626 | #endif | 961 | #endif |
| 627 | 962 | ||
| 628 | bn_check_top(a); | 963 | bn_check_top(a); |
| @@ -634,7 +969,7 @@ int BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) | |||
| 634 | 969 | ||
| 635 | if ((al == 0) || (bl == 0)) | 970 | if ((al == 0) || (bl == 0)) |
| 636 | { | 971 | { |
| 637 | if (!BN_zero(r)) goto err; | 972 | BN_zero(r); |
| 638 | return(1); | 973 | return(1); |
| 639 | } | 974 | } |
| 640 | top=al+bl; | 975 | top=al+bl; |
| @@ -675,21 +1010,55 @@ int BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) | |||
| 675 | #ifdef BN_RECURSION | 1010 | #ifdef BN_RECURSION |
| 676 | if ((al >= BN_MULL_SIZE_NORMAL) && (bl >= BN_MULL_SIZE_NORMAL)) | 1011 | if ((al >= BN_MULL_SIZE_NORMAL) && (bl >= BN_MULL_SIZE_NORMAL)) |
| 677 | { | 1012 | { |
| 678 | if (i == 1 && !BN_get_flags(b,BN_FLG_STATIC_DATA) && bl<b->dmax) | 1013 | if (i >= -1 && i <= 1) |
| 679 | { | 1014 | { |
| 680 | #if 0 /* tribute to const-ification, bl<b->dmax above covers for this */ | 1015 | int sav_j =0; |
| 681 | if (bn_wexpand(b,al) == NULL) goto err; | 1016 | /* Find out the power of two lower or equal |
| 682 | #endif | 1017 | to the longest of the two numbers */ |
| 683 | b->d[bl]=0; | 1018 | if (i >= 0) |
| 1019 | { | ||
| 1020 | j = BN_num_bits_word((BN_ULONG)al); | ||
| 1021 | } | ||
| 1022 | if (i == -1) | ||
| 1023 | { | ||
| 1024 | j = BN_num_bits_word((BN_ULONG)bl); | ||
| 1025 | } | ||
| 1026 | sav_j = j; | ||
| 1027 | j = 1<<(j-1); | ||
| 1028 | assert(j <= al || j <= bl); | ||
| 1029 | k = j+j; | ||
| 1030 | t = BN_CTX_get(ctx); | ||
| 1031 | if (al > j || bl > j) | ||
| 1032 | { | ||
| 1033 | bn_wexpand(t,k*4); | ||
| 1034 | bn_wexpand(rr,k*4); | ||
| 1035 | bn_mul_part_recursive(rr->d,a->d,b->d, | ||
| 1036 | j,al-j,bl-j,t->d); | ||
| 1037 | } | ||
| 1038 | else /* al <= j || bl <= j */ | ||
| 1039 | { | ||
| 1040 | bn_wexpand(t,k*2); | ||
| 1041 | bn_wexpand(rr,k*2); | ||
| 1042 | bn_mul_recursive(rr->d,a->d,b->d, | ||
| 1043 | j,al-j,bl-j,t->d); | ||
| 1044 | } | ||
| 1045 | rr->top=top; | ||
| 1046 | goto end; | ||
| 1047 | } | ||
| 1048 | #if 0 | ||
| 1049 | if (i == 1 && !BN_get_flags(b,BN_FLG_STATIC_DATA)) | ||
| 1050 | { | ||
| 1051 | BIGNUM *tmp_bn = (BIGNUM *)b; | ||
| 1052 | if (bn_wexpand(tmp_bn,al) == NULL) goto err; | ||
| 1053 | tmp_bn->d[bl]=0; | ||
| 684 | bl++; | 1054 | bl++; |
| 685 | i--; | 1055 | i--; |
| 686 | } | 1056 | } |
| 687 | else if (i == -1 && !BN_get_flags(a,BN_FLG_STATIC_DATA) && al<a->dmax) | 1057 | else if (i == -1 && !BN_get_flags(a,BN_FLG_STATIC_DATA)) |
| 688 | { | 1058 | { |
| 689 | #if 0 /* tribute to const-ification, al<a->dmax above covers for this */ | 1059 | BIGNUM *tmp_bn = (BIGNUM *)a; |
| 690 | if (bn_wexpand(a,bl) == NULL) goto err; | 1060 | if (bn_wexpand(tmp_bn,bl) == NULL) goto err; |
| 691 | #endif | 1061 | tmp_bn->d[al]=0; |
| 692 | a->d[al]=0; | ||
| 693 | al++; | 1062 | al++; |
| 694 | i++; | 1063 | i++; |
| 695 | } | 1064 | } |
| @@ -706,26 +1075,17 @@ int BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) | |||
| 706 | if (bn_wexpand(t,k*2) == NULL) goto err; | 1075 | if (bn_wexpand(t,k*2) == NULL) goto err; |
| 707 | if (bn_wexpand(rr,k*2) == NULL) goto err; | 1076 | if (bn_wexpand(rr,k*2) == NULL) goto err; |
| 708 | bn_mul_recursive(rr->d,a->d,b->d,al,t->d); | 1077 | bn_mul_recursive(rr->d,a->d,b->d,al,t->d); |
| 709 | rr->top=top; | ||
| 710 | goto end; | ||
| 711 | } | 1078 | } |
| 712 | #if 0 /* tribute to const-ification, rsa/dsa performance is not affected */ | ||
| 713 | else | 1079 | else |
| 714 | { | 1080 | { |
| 715 | if (bn_wexpand(a,k) == NULL ) goto err; | 1081 | if (bn_wexpand(t,k*4) == NULL) goto err; |
| 716 | if (bn_wexpand(b,k) == NULL ) goto err; | 1082 | if (bn_wexpand(rr,k*4) == NULL) goto err; |
| 717 | if (bn_wexpand(t,k*4) == NULL ) goto err; | ||
| 718 | if (bn_wexpand(rr,k*4) == NULL ) goto err; | ||
| 719 | for (i=a->top; i<k; i++) | ||
| 720 | a->d[i]=0; | ||
| 721 | for (i=b->top; i<k; i++) | ||
| 722 | b->d[i]=0; | ||
| 723 | bn_mul_part_recursive(rr->d,a->d,b->d,al-j,j,t->d); | 1083 | bn_mul_part_recursive(rr->d,a->d,b->d,al-j,j,t->d); |
| 724 | } | 1084 | } |
| 725 | rr->top=top; | 1085 | rr->top=top; |
| 726 | goto end; | 1086 | goto end; |
| 727 | #endif | ||
| 728 | } | 1087 | } |
| 1088 | #endif | ||
| 729 | } | 1089 | } |
| 730 | #endif /* BN_RECURSION */ | 1090 | #endif /* BN_RECURSION */ |
| 731 | if (bn_wexpand(rr,top) == NULL) goto err; | 1091 | if (bn_wexpand(rr,top) == NULL) goto err; |
| @@ -735,10 +1095,11 @@ int BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) | |||
| 735 | #if defined(BN_MUL_COMBA) || defined(BN_RECURSION) | 1095 | #if defined(BN_MUL_COMBA) || defined(BN_RECURSION) |
| 736 | end: | 1096 | end: |
| 737 | #endif | 1097 | #endif |
| 738 | bn_fix_top(rr); | 1098 | bn_correct_top(rr); |
| 739 | if (r != rr) BN_copy(r,rr); | 1099 | if (r != rr) BN_copy(r,rr); |
| 740 | ret=1; | 1100 | ret=1; |
| 741 | err: | 1101 | err: |
| 1102 | bn_check_top(r); | ||
| 742 | BN_CTX_end(ctx); | 1103 | BN_CTX_end(ctx); |
| 743 | return(ret); | 1104 | return(ret); |
| 744 | } | 1105 | } |
| @@ -748,7 +1109,7 @@ void bn_mul_normal(BN_ULONG *r, BN_ULONG *a, int na, BN_ULONG *b, int nb) | |||
| 748 | BN_ULONG *rr; | 1109 | BN_ULONG *rr; |
| 749 | 1110 | ||
| 750 | #ifdef BN_COUNT | 1111 | #ifdef BN_COUNT |
| 751 | printf(" bn_mul_normal %d * %d\n",na,nb); | 1112 | fprintf(stderr," bn_mul_normal %d * %d\n",na,nb); |
| 752 | #endif | 1113 | #endif |
| 753 | 1114 | ||
| 754 | if (na < nb) | 1115 | if (na < nb) |
| @@ -761,7 +1122,13 @@ void bn_mul_normal(BN_ULONG *r, BN_ULONG *a, int na, BN_ULONG *b, int nb) | |||
| 761 | 1122 | ||
| 762 | } | 1123 | } |
| 763 | rr= &(r[na]); | 1124 | rr= &(r[na]); |
| 764 | rr[0]=bn_mul_words(r,a,na,b[0]); | 1125 | if (nb <= 0) |
| 1126 | { | ||
| 1127 | (void)bn_mul_words(r,a,na,0); | ||
| 1128 | return; | ||
| 1129 | } | ||
| 1130 | else | ||
| 1131 | rr[0]=bn_mul_words(r,a,na,b[0]); | ||
| 765 | 1132 | ||
| 766 | for (;;) | 1133 | for (;;) |
| 767 | { | 1134 | { |
| @@ -782,7 +1149,7 @@ void bn_mul_normal(BN_ULONG *r, BN_ULONG *a, int na, BN_ULONG *b, int nb) | |||
| 782 | void bn_mul_low_normal(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n) | 1149 | void bn_mul_low_normal(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n) |
| 783 | { | 1150 | { |
| 784 | #ifdef BN_COUNT | 1151 | #ifdef BN_COUNT |
| 785 | printf(" bn_mul_low_normal %d * %d\n",n,n); | 1152 | fprintf(stderr," bn_mul_low_normal %d * %d\n",n,n); |
| 786 | #endif | 1153 | #endif |
| 787 | bn_mul_words(r,a,n,b[0]); | 1154 | bn_mul_words(r,a,n,b[0]); |
| 788 | 1155 | ||
diff --git a/src/lib/libssl/src/crypto/bn/bn_prime.c b/src/lib/libssl/src/crypto/bn/bn_prime.c index f422172f16..7b25979dd1 100644 --- a/src/lib/libssl/src/crypto/bn/bn_prime.c +++ b/src/lib/libssl/src/crypto/bn/bn_prime.c | |||
| @@ -115,6 +115,11 @@ | |||
| 115 | #include "bn_lcl.h" | 115 | #include "bn_lcl.h" |
| 116 | #include <openssl/rand.h> | 116 | #include <openssl/rand.h> |
| 117 | 117 | ||
| 118 | /* NB: these functions have been "upgraded", the deprecated versions (which are | ||
| 119 | * compatibility wrappers using these functions) are in bn_depr.c. | ||
| 120 | * - Geoff | ||
| 121 | */ | ||
| 122 | |||
| 118 | /* The quick sieve algorithm approach to weeding out primes is | 123 | /* The quick sieve algorithm approach to weeding out primes is |
| 119 | * Philip Zimmermann's, as implemented in PGP. I have had a read of | 124 | * Philip Zimmermann's, as implemented in PGP. I have had a read of |
| 120 | * his comments and implemented my own version. | 125 | * his comments and implemented my own version. |
| @@ -129,51 +134,69 @@ static int probable_prime_dh(BIGNUM *rnd, int bits, | |||
| 129 | static int probable_prime_dh_safe(BIGNUM *rnd, int bits, | 134 | static int probable_prime_dh_safe(BIGNUM *rnd, int bits, |
| 130 | const BIGNUM *add, const BIGNUM *rem, BN_CTX *ctx); | 135 | const BIGNUM *add, const BIGNUM *rem, BN_CTX *ctx); |
| 131 | 136 | ||
| 132 | BIGNUM *BN_generate_prime(BIGNUM *ret, int bits, int safe, | 137 | int BN_GENCB_call(BN_GENCB *cb, int a, int b) |
| 133 | const BIGNUM *add, const BIGNUM *rem, | 138 | { |
| 134 | void (*callback)(int,int,void *), void *cb_arg) | 139 | /* No callback means continue */ |
| 140 | if(!cb) return 1; | ||
| 141 | switch(cb->ver) | ||
| 142 | { | ||
| 143 | case 1: | ||
| 144 | /* Deprecated-style callbacks */ | ||
| 145 | if(!cb->cb.cb_1) | ||
| 146 | return 1; | ||
| 147 | cb->cb.cb_1(a, b, cb->arg); | ||
| 148 | return 1; | ||
| 149 | case 2: | ||
| 150 | /* New-style callbacks */ | ||
| 151 | return cb->cb.cb_2(a, b, cb); | ||
| 152 | default: | ||
| 153 | break; | ||
| 154 | } | ||
| 155 | /* Unrecognised callback type */ | ||
| 156 | return 0; | ||
| 157 | } | ||
| 158 | |||
| 159 | int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe, | ||
| 160 | const BIGNUM *add, const BIGNUM *rem, BN_GENCB *cb) | ||
| 135 | { | 161 | { |
| 136 | BIGNUM *rnd=NULL; | 162 | BIGNUM *t; |
| 137 | BIGNUM t; | ||
| 138 | int found=0; | 163 | int found=0; |
| 139 | int i,j,c1=0; | 164 | int i,j,c1=0; |
| 140 | BN_CTX *ctx; | 165 | BN_CTX *ctx; |
| 141 | int checks = BN_prime_checks_for_size(bits); | 166 | int checks = BN_prime_checks_for_size(bits); |
| 142 | 167 | ||
| 143 | BN_init(&t); | ||
| 144 | ctx=BN_CTX_new(); | 168 | ctx=BN_CTX_new(); |
| 145 | if (ctx == NULL) goto err; | 169 | if (ctx == NULL) goto err; |
| 146 | if (ret == NULL) | 170 | BN_CTX_start(ctx); |
| 147 | { | 171 | t = BN_CTX_get(ctx); |
| 148 | if ((rnd=BN_new()) == NULL) goto err; | 172 | if(!t) goto err; |
| 149 | } | ||
| 150 | else | ||
| 151 | rnd=ret; | ||
| 152 | loop: | 173 | loop: |
| 153 | /* make a random number and set the top and bottom bits */ | 174 | /* make a random number and set the top and bottom bits */ |
| 154 | if (add == NULL) | 175 | if (add == NULL) |
| 155 | { | 176 | { |
| 156 | if (!probable_prime(rnd,bits)) goto err; | 177 | if (!probable_prime(ret,bits)) goto err; |
| 157 | } | 178 | } |
| 158 | else | 179 | else |
| 159 | { | 180 | { |
| 160 | if (safe) | 181 | if (safe) |
| 161 | { | 182 | { |
| 162 | if (!probable_prime_dh_safe(rnd,bits,add,rem,ctx)) | 183 | if (!probable_prime_dh_safe(ret,bits,add,rem,ctx)) |
| 163 | goto err; | 184 | goto err; |
| 164 | } | 185 | } |
| 165 | else | 186 | else |
| 166 | { | 187 | { |
| 167 | if (!probable_prime_dh(rnd,bits,add,rem,ctx)) | 188 | if (!probable_prime_dh(ret,bits,add,rem,ctx)) |
| 168 | goto err; | 189 | goto err; |
| 169 | } | 190 | } |
| 170 | } | 191 | } |
| 171 | /* if (BN_mod_word(rnd,(BN_ULONG)3) == 1) goto loop; */ | 192 | /* if (BN_mod_word(ret,(BN_ULONG)3) == 1) goto loop; */ |
| 172 | if (callback != NULL) callback(0,c1++,cb_arg); | 193 | if(!BN_GENCB_call(cb, 0, c1++)) |
| 194 | /* aborted */ | ||
| 195 | goto err; | ||
| 173 | 196 | ||
| 174 | if (!safe) | 197 | if (!safe) |
| 175 | { | 198 | { |
| 176 | i=BN_is_prime_fasttest(rnd,checks,callback,ctx,cb_arg,0); | 199 | i=BN_is_prime_fasttest_ex(ret,checks,ctx,0,cb); |
| 177 | if (i == -1) goto err; | 200 | if (i == -1) goto err; |
| 178 | if (i == 0) goto loop; | 201 | if (i == 0) goto loop; |
| 179 | } | 202 | } |
| @@ -183,41 +206,42 @@ loop: | |||
| 183 | * check that (p-1)/2 is prime. | 206 | * check that (p-1)/2 is prime. |
| 184 | * Since a prime is odd, We just | 207 | * Since a prime is odd, We just |
| 185 | * need to divide by 2 */ | 208 | * need to divide by 2 */ |
| 186 | if (!BN_rshift1(&t,rnd)) goto err; | 209 | if (!BN_rshift1(t,ret)) goto err; |
| 187 | 210 | ||
| 188 | for (i=0; i<checks; i++) | 211 | for (i=0; i<checks; i++) |
| 189 | { | 212 | { |
| 190 | j=BN_is_prime_fasttest(rnd,1,callback,ctx,cb_arg,0); | 213 | j=BN_is_prime_fasttest_ex(ret,1,ctx,0,cb); |
| 191 | if (j == -1) goto err; | 214 | if (j == -1) goto err; |
| 192 | if (j == 0) goto loop; | 215 | if (j == 0) goto loop; |
| 193 | 216 | ||
| 194 | j=BN_is_prime_fasttest(&t,1,callback,ctx,cb_arg,0); | 217 | j=BN_is_prime_fasttest_ex(t,1,ctx,0,cb); |
| 195 | if (j == -1) goto err; | 218 | if (j == -1) goto err; |
| 196 | if (j == 0) goto loop; | 219 | if (j == 0) goto loop; |
| 197 | 220 | ||
| 198 | if (callback != NULL) callback(2,c1-1,cb_arg); | 221 | if(!BN_GENCB_call(cb, 2, c1-1)) |
| 222 | goto err; | ||
| 199 | /* We have a safe prime test pass */ | 223 | /* We have a safe prime test pass */ |
| 200 | } | 224 | } |
| 201 | } | 225 | } |
| 202 | /* we have a prime :-) */ | 226 | /* we have a prime :-) */ |
| 203 | found = 1; | 227 | found = 1; |
| 204 | err: | 228 | err: |
| 205 | if (!found && (ret == NULL) && (rnd != NULL)) BN_free(rnd); | 229 | if (ctx != NULL) |
| 206 | BN_free(&t); | 230 | { |
| 207 | if (ctx != NULL) BN_CTX_free(ctx); | 231 | BN_CTX_end(ctx); |
| 208 | return(found ? rnd : NULL); | 232 | BN_CTX_free(ctx); |
| 233 | } | ||
| 234 | bn_check_top(ret); | ||
| 235 | return found; | ||
| 209 | } | 236 | } |
| 210 | 237 | ||
| 211 | int BN_is_prime(const BIGNUM *a, int checks, void (*callback)(int,int,void *), | 238 | int BN_is_prime_ex(const BIGNUM *a, int checks, BN_CTX *ctx_passed, BN_GENCB *cb) |
| 212 | BN_CTX *ctx_passed, void *cb_arg) | ||
| 213 | { | 239 | { |
| 214 | return BN_is_prime_fasttest(a, checks, callback, ctx_passed, cb_arg, 0); | 240 | return BN_is_prime_fasttest_ex(a, checks, ctx_passed, 0, cb); |
| 215 | } | 241 | } |
| 216 | 242 | ||
| 217 | int BN_is_prime_fasttest(const BIGNUM *a, int checks, | 243 | int BN_is_prime_fasttest_ex(const BIGNUM *a, int checks, BN_CTX *ctx_passed, |
| 218 | void (*callback)(int,int,void *), | 244 | int do_trial_division, BN_GENCB *cb) |
| 219 | BN_CTX *ctx_passed, void *cb_arg, | ||
| 220 | int do_trial_division) | ||
| 221 | { | 245 | { |
| 222 | int i, j, ret = -1; | 246 | int i, j, ret = -1; |
| 223 | int k; | 247 | int k; |
| @@ -236,13 +260,13 @@ int BN_is_prime_fasttest(const BIGNUM *a, int checks, | |||
| 236 | if (!BN_is_odd(a)) | 260 | if (!BN_is_odd(a)) |
| 237 | /* a is even => a is prime if and only if a == 2 */ | 261 | /* a is even => a is prime if and only if a == 2 */ |
| 238 | return BN_is_word(a, 2); | 262 | return BN_is_word(a, 2); |
| 239 | |||
| 240 | if (do_trial_division) | 263 | if (do_trial_division) |
| 241 | { | 264 | { |
| 242 | for (i = 1; i < NUMPRIMES; i++) | 265 | for (i = 1; i < NUMPRIMES; i++) |
| 243 | if (BN_mod_word(a, primes[i]) == 0) | 266 | if (BN_mod_word(a, primes[i]) == 0) |
| 244 | return 0; | 267 | return 0; |
| 245 | if (callback != NULL) callback(1, -1, cb_arg); | 268 | if(!BN_GENCB_call(cb, 1, -1)) |
| 269 | goto err; | ||
| 246 | } | 270 | } |
| 247 | 271 | ||
| 248 | if (ctx_passed != NULL) | 272 | if (ctx_passed != NULL) |
| @@ -308,7 +332,8 @@ int BN_is_prime_fasttest(const BIGNUM *a, int checks, | |||
| 308 | ret=0; | 332 | ret=0; |
| 309 | goto err; | 333 | goto err; |
| 310 | } | 334 | } |
| 311 | if (callback != NULL) callback(1,i,cb_arg); | 335 | if(!BN_GENCB_call(cb, 1, i)) |
| 336 | goto err; | ||
| 312 | } | 337 | } |
| 313 | ret=1; | 338 | ret=1; |
| 314 | err: | 339 | err: |
| @@ -345,20 +370,22 @@ static int witness(BIGNUM *w, const BIGNUM *a, const BIGNUM *a1, | |||
| 345 | } | 370 | } |
| 346 | /* If we get here, 'w' is the (a-1)/2-th power of the original 'w', | 371 | /* If we get here, 'w' is the (a-1)/2-th power of the original 'w', |
| 347 | * and it is neither -1 nor +1 -- so 'a' cannot be prime */ | 372 | * and it is neither -1 nor +1 -- so 'a' cannot be prime */ |
| 373 | bn_check_top(w); | ||
| 348 | return 1; | 374 | return 1; |
| 349 | } | 375 | } |
| 350 | 376 | ||
| 351 | static int probable_prime(BIGNUM *rnd, int bits) | 377 | static int probable_prime(BIGNUM *rnd, int bits) |
| 352 | { | 378 | { |
| 353 | int i; | 379 | int i; |
| 354 | BN_ULONG mods[NUMPRIMES]; | 380 | prime_t mods[NUMPRIMES]; |
| 355 | BN_ULONG delta,d; | 381 | BN_ULONG delta,maxdelta; |
| 356 | 382 | ||
| 357 | again: | 383 | again: |
| 358 | if (!BN_rand(rnd,bits,1,1)) return(0); | 384 | if (!BN_rand(rnd,bits,1,1)) return(0); |
| 359 | /* we now have a random number 'rand' to test. */ | 385 | /* we now have a random number 'rand' to test. */ |
| 360 | for (i=1; i<NUMPRIMES; i++) | 386 | for (i=1; i<NUMPRIMES; i++) |
| 361 | mods[i]=BN_mod_word(rnd,(BN_ULONG)primes[i]); | 387 | mods[i]=(prime_t)BN_mod_word(rnd,(BN_ULONG)primes[i]); |
| 388 | maxdelta=BN_MASK2 - primes[NUMPRIMES-1]; | ||
| 362 | delta=0; | 389 | delta=0; |
| 363 | loop: for (i=1; i<NUMPRIMES; i++) | 390 | loop: for (i=1; i<NUMPRIMES; i++) |
| 364 | { | 391 | { |
| @@ -366,16 +393,13 @@ again: | |||
| 366 | * that gcd(rnd-1,primes) == 1 (except for 2) */ | 393 | * that gcd(rnd-1,primes) == 1 (except for 2) */ |
| 367 | if (((mods[i]+delta)%primes[i]) <= 1) | 394 | if (((mods[i]+delta)%primes[i]) <= 1) |
| 368 | { | 395 | { |
| 369 | d=delta; | ||
| 370 | delta+=2; | 396 | delta+=2; |
| 371 | /* perhaps need to check for overflow of | 397 | if (delta > maxdelta) goto again; |
| 372 | * delta (but delta can be up to 2^32) | ||
| 373 | * 21-May-98 eay - added overflow check */ | ||
| 374 | if (delta < d) goto again; | ||
| 375 | goto loop; | 398 | goto loop; |
| 376 | } | 399 | } |
| 377 | } | 400 | } |
| 378 | if (!BN_add_word(rnd,delta)) return(0); | 401 | if (!BN_add_word(rnd,delta)) return(0); |
| 402 | bn_check_top(rnd); | ||
| 379 | return(1); | 403 | return(1); |
| 380 | } | 404 | } |
| 381 | 405 | ||
| @@ -413,6 +437,7 @@ static int probable_prime_dh(BIGNUM *rnd, int bits, | |||
| 413 | ret=1; | 437 | ret=1; |
| 414 | err: | 438 | err: |
| 415 | BN_CTX_end(ctx); | 439 | BN_CTX_end(ctx); |
| 440 | bn_check_top(rnd); | ||
| 416 | return(ret); | 441 | return(ret); |
| 417 | } | 442 | } |
| 418 | 443 | ||
| @@ -464,5 +489,6 @@ static int probable_prime_dh_safe(BIGNUM *p, int bits, const BIGNUM *padd, | |||
| 464 | ret=1; | 489 | ret=1; |
| 465 | err: | 490 | err: |
| 466 | BN_CTX_end(ctx); | 491 | BN_CTX_end(ctx); |
| 492 | bn_check_top(p); | ||
| 467 | return(ret); | 493 | return(ret); |
| 468 | } | 494 | } |
diff --git a/src/lib/libssl/src/crypto/bn/bn_prime.h b/src/lib/libssl/src/crypto/bn/bn_prime.h index b7cf9a9bfe..51d2194feb 100644 --- a/src/lib/libssl/src/crypto/bn/bn_prime.h +++ b/src/lib/libssl/src/crypto/bn/bn_prime.h | |||
| @@ -58,10 +58,12 @@ | |||
| 58 | 58 | ||
| 59 | #ifndef EIGHT_BIT | 59 | #ifndef EIGHT_BIT |
| 60 | #define NUMPRIMES 2048 | 60 | #define NUMPRIMES 2048 |
| 61 | typedef unsigned short prime_t; | ||
| 61 | #else | 62 | #else |
| 62 | #define NUMPRIMES 54 | 63 | #define NUMPRIMES 54 |
| 64 | typedef unsigned char prime_t; | ||
| 63 | #endif | 65 | #endif |
| 64 | static const unsigned int primes[NUMPRIMES]= | 66 | static const prime_t primes[NUMPRIMES]= |
| 65 | { | 67 | { |
| 66 | 2, 3, 5, 7, 11, 13, 17, 19, | 68 | 2, 3, 5, 7, 11, 13, 17, 19, |
| 67 | 23, 29, 31, 37, 41, 43, 47, 53, | 69 | 23, 29, 31, 37, 41, 43, 47, 53, |
diff --git a/src/lib/libssl/src/crypto/bn/bn_prime.pl b/src/lib/libssl/src/crypto/bn/bn_prime.pl index 9fc3765486..3fafb6f3e9 100644 --- a/src/lib/libssl/src/crypto/bn/bn_prime.pl +++ b/src/lib/libssl/src/crypto/bn/bn_prime.pl | |||
| @@ -11,7 +11,7 @@ loop: while ($#primes < $num-1) | |||
| 11 | $p+=2; | 11 | $p+=2; |
| 12 | $s=int(sqrt($p)); | 12 | $s=int(sqrt($p)); |
| 13 | 13 | ||
| 14 | for ($i=0; $primes[$i]<=$s; $i++) | 14 | for ($i=0; defined($primes[$i]) && $primes[$i]<=$s; $i++) |
| 15 | { | 15 | { |
| 16 | next loop if (($p%$primes[$i]) == 0); | 16 | next loop if (($p%$primes[$i]) == 0); |
| 17 | } | 17 | } |
| @@ -101,10 +101,12 @@ for ($i=0; $i <= $#primes; $i++) | |||
| 101 | 101 | ||
| 102 | printf "#ifndef EIGHT_BIT\n"; | 102 | printf "#ifndef EIGHT_BIT\n"; |
| 103 | printf "#define NUMPRIMES %d\n",$num; | 103 | printf "#define NUMPRIMES %d\n",$num; |
| 104 | printf "typedef unsigned short prime_t;\n"; | ||
| 104 | printf "#else\n"; | 105 | printf "#else\n"; |
| 105 | printf "#define NUMPRIMES %d\n",$eight; | 106 | printf "#define NUMPRIMES %d\n",$eight; |
| 107 | printf "typedef unsigned char prime_t;\n"; | ||
| 106 | printf "#endif\n"; | 108 | printf "#endif\n"; |
| 107 | print "static const unsigned int primes[NUMPRIMES]=\n\t{\n\t"; | 109 | print "static const prime_t primes[NUMPRIMES]=\n\t{\n\t"; |
| 108 | $init=0; | 110 | $init=0; |
| 109 | for ($i=0; $i <= $#primes; $i++) | 111 | for ($i=0; $i <= $#primes; $i++) |
| 110 | { | 112 | { |
diff --git a/src/lib/libssl/src/crypto/bn/bn_print.c b/src/lib/libssl/src/crypto/bn/bn_print.c index acba7ed7ee..810dde34e1 100644 --- a/src/lib/libssl/src/crypto/bn/bn_print.c +++ b/src/lib/libssl/src/crypto/bn/bn_print.c | |||
| @@ -62,7 +62,7 @@ | |||
| 62 | #include <openssl/buffer.h> | 62 | #include <openssl/buffer.h> |
| 63 | #include "bn_lcl.h" | 63 | #include "bn_lcl.h" |
| 64 | 64 | ||
| 65 | static const char *Hex="0123456789ABCDEF"; | 65 | static const char Hex[]="0123456789ABCDEF"; |
| 66 | 66 | ||
| 67 | /* Must 'OPENSSL_free' the returned data */ | 67 | /* Must 'OPENSSL_free' the returned data */ |
| 68 | char *BN_bn2hex(const BIGNUM *a) | 68 | char *BN_bn2hex(const BIGNUM *a) |
| @@ -102,14 +102,19 @@ err: | |||
| 102 | /* Must 'OPENSSL_free' the returned data */ | 102 | /* Must 'OPENSSL_free' the returned data */ |
| 103 | char *BN_bn2dec(const BIGNUM *a) | 103 | char *BN_bn2dec(const BIGNUM *a) |
| 104 | { | 104 | { |
| 105 | int i=0,num; | 105 | int i=0,num, ok = 0; |
| 106 | char *buf=NULL; | 106 | char *buf=NULL; |
| 107 | char *p; | 107 | char *p; |
| 108 | BIGNUM *t=NULL; | 108 | BIGNUM *t=NULL; |
| 109 | BN_ULONG *bn_data=NULL,*lp; | 109 | BN_ULONG *bn_data=NULL,*lp; |
| 110 | 110 | ||
| 111 | /* get an upper bound for the length of the decimal integer | ||
| 112 | * num <= (BN_num_bits(a) + 1) * log(2) | ||
| 113 | * <= 3 * BN_num_bits(a) * 0.1001 + log(2) + 1 (rounding error) | ||
| 114 | * <= BN_num_bits(a)/10 + BN_num_bits/1000 + 1 + 1 | ||
| 115 | */ | ||
| 111 | i=BN_num_bits(a)*3; | 116 | i=BN_num_bits(a)*3; |
| 112 | num=(i/10+i/1000+3)+1; | 117 | num=(i/10+i/1000+1)+1; |
| 113 | bn_data=(BN_ULONG *)OPENSSL_malloc((num/BN_DEC_NUM+1)*sizeof(BN_ULONG)); | 118 | bn_data=(BN_ULONG *)OPENSSL_malloc((num/BN_DEC_NUM+1)*sizeof(BN_ULONG)); |
| 114 | buf=(char *)OPENSSL_malloc(num+3); | 119 | buf=(char *)OPENSSL_malloc(num+3); |
| 115 | if ((buf == NULL) || (bn_data == NULL)) | 120 | if ((buf == NULL) || (bn_data == NULL)) |
| @@ -122,7 +127,6 @@ char *BN_bn2dec(const BIGNUM *a) | |||
| 122 | #define BUF_REMAIN (num+3 - (size_t)(p - buf)) | 127 | #define BUF_REMAIN (num+3 - (size_t)(p - buf)) |
| 123 | p=buf; | 128 | p=buf; |
| 124 | lp=bn_data; | 129 | lp=bn_data; |
| 125 | if (t->neg) *(p++)='-'; | ||
| 126 | if (BN_is_zero(t)) | 130 | if (BN_is_zero(t)) |
| 127 | { | 131 | { |
| 128 | *(p++)='0'; | 132 | *(p++)='0'; |
| @@ -130,6 +134,9 @@ char *BN_bn2dec(const BIGNUM *a) | |||
| 130 | } | 134 | } |
| 131 | else | 135 | else |
| 132 | { | 136 | { |
| 137 | if (BN_is_negative(t)) | ||
| 138 | *p++ = '-'; | ||
| 139 | |||
| 133 | i=0; | 140 | i=0; |
| 134 | while (!BN_is_zero(t)) | 141 | while (!BN_is_zero(t)) |
| 135 | { | 142 | { |
| @@ -149,9 +156,16 @@ char *BN_bn2dec(const BIGNUM *a) | |||
| 149 | while (*p) p++; | 156 | while (*p) p++; |
| 150 | } | 157 | } |
| 151 | } | 158 | } |
| 159 | ok = 1; | ||
| 152 | err: | 160 | err: |
| 153 | if (bn_data != NULL) OPENSSL_free(bn_data); | 161 | if (bn_data != NULL) OPENSSL_free(bn_data); |
| 154 | if (t != NULL) BN_free(t); | 162 | if (t != NULL) BN_free(t); |
| 163 | if (!ok && buf) | ||
| 164 | { | ||
| 165 | OPENSSL_free(buf); | ||
| 166 | buf = NULL; | ||
| 167 | } | ||
| 168 | |||
| 155 | return(buf); | 169 | return(buf); |
| 156 | } | 170 | } |
| 157 | 171 | ||
| @@ -211,10 +225,11 @@ int BN_hex2bn(BIGNUM **bn, const char *a) | |||
| 211 | j-=(BN_BYTES*2); | 225 | j-=(BN_BYTES*2); |
| 212 | } | 226 | } |
| 213 | ret->top=h; | 227 | ret->top=h; |
| 214 | bn_fix_top(ret); | 228 | bn_correct_top(ret); |
| 215 | ret->neg=neg; | 229 | ret->neg=neg; |
| 216 | 230 | ||
| 217 | *bn=ret; | 231 | *bn=ret; |
| 232 | bn_check_top(ret); | ||
| 218 | return(num); | 233 | return(num); |
| 219 | err: | 234 | err: |
| 220 | if (*bn == NULL) BN_free(ret); | 235 | if (*bn == NULL) BN_free(ret); |
| @@ -270,8 +285,9 @@ int BN_dec2bn(BIGNUM **bn, const char *a) | |||
| 270 | } | 285 | } |
| 271 | ret->neg=neg; | 286 | ret->neg=neg; |
| 272 | 287 | ||
| 273 | bn_fix_top(ret); | 288 | bn_correct_top(ret); |
| 274 | *bn=ret; | 289 | *bn=ret; |
| 290 | bn_check_top(ret); | ||
| 275 | return(num); | 291 | return(num); |
| 276 | err: | 292 | err: |
| 277 | if (*bn == NULL) BN_free(ret); | 293 | if (*bn == NULL) BN_free(ret); |
| @@ -300,7 +316,7 @@ int BN_print(BIO *bp, const BIGNUM *a) | |||
| 300 | int ret=0; | 316 | int ret=0; |
| 301 | 317 | ||
| 302 | if ((a->neg) && (BIO_write(bp,"-",1) != 1)) goto end; | 318 | if ((a->neg) && (BIO_write(bp,"-",1) != 1)) goto end; |
| 303 | if ((BN_is_zero(a)) && (BIO_write(bp,"0",1) != 1)) goto end; | 319 | if (BN_is_zero(a) && (BIO_write(bp,"0",1) != 1)) goto end; |
| 304 | for (i=a->top-1; i >=0; i--) | 320 | for (i=a->top-1; i >=0; i--) |
| 305 | { | 321 | { |
| 306 | for (j=BN_BITS2-4; j >= 0; j-=4) | 322 | for (j=BN_BITS2-4; j >= 0; j-=4) |
| @@ -320,14 +336,3 @@ end: | |||
| 320 | return(ret); | 336 | return(ret); |
| 321 | } | 337 | } |
| 322 | #endif | 338 | #endif |
| 323 | |||
| 324 | #ifdef BN_DEBUG | ||
| 325 | void bn_dump1(FILE *o, const char *a, const BN_ULONG *b,int n) | ||
| 326 | { | ||
| 327 | int i; | ||
| 328 | fprintf(o, "%s=", a); | ||
| 329 | for (i=n-1;i>=0;i--) | ||
| 330 | fprintf(o, "%08lX", b[i]); /* assumes 32-bit BN_ULONG */ | ||
| 331 | fprintf(o, "\n"); | ||
| 332 | } | ||
| 333 | #endif | ||
diff --git a/src/lib/libssl/src/crypto/bn/bn_rand.c b/src/lib/libssl/src/crypto/bn/bn_rand.c index 893c9d2af9..f51830b12b 100644 --- a/src/lib/libssl/src/crypto/bn/bn_rand.c +++ b/src/lib/libssl/src/crypto/bn/bn_rand.c | |||
| @@ -134,13 +134,13 @@ static int bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom) | |||
| 134 | buf=(unsigned char *)OPENSSL_malloc(bytes); | 134 | buf=(unsigned char *)OPENSSL_malloc(bytes); |
| 135 | if (buf == NULL) | 135 | if (buf == NULL) |
| 136 | { | 136 | { |
| 137 | BNerr(BN_F_BN_RAND,ERR_R_MALLOC_FAILURE); | 137 | BNerr(BN_F_BNRAND,ERR_R_MALLOC_FAILURE); |
| 138 | goto err; | 138 | goto err; |
| 139 | } | 139 | } |
| 140 | 140 | ||
| 141 | /* make a random number and set the top and bottom bits */ | 141 | /* make a random number and set the top and bottom bits */ |
| 142 | time(&tim); | 142 | time(&tim); |
| 143 | RAND_add(&tim,sizeof(tim),0); | 143 | RAND_add(&tim,sizeof(tim),0.0); |
| 144 | 144 | ||
| 145 | if (pseudorand) | 145 | if (pseudorand) |
| 146 | { | 146 | { |
| @@ -204,6 +204,7 @@ err: | |||
| 204 | OPENSSL_cleanse(buf,bytes); | 204 | OPENSSL_cleanse(buf,bytes); |
| 205 | OPENSSL_free(buf); | 205 | OPENSSL_free(buf); |
| 206 | } | 206 | } |
| 207 | bn_check_top(rnd); | ||
| 207 | return(ret); | 208 | return(ret); |
| 208 | } | 209 | } |
| 209 | 210 | ||
| @@ -230,6 +231,7 @@ static int bn_rand_range(int pseudo, BIGNUM *r, BIGNUM *range) | |||
| 230 | { | 231 | { |
| 231 | int (*bn_rand)(BIGNUM *, int, int, int) = pseudo ? BN_pseudo_rand : BN_rand; | 232 | int (*bn_rand)(BIGNUM *, int, int, int) = pseudo ? BN_pseudo_rand : BN_rand; |
| 232 | int n; | 233 | int n; |
| 234 | int count = 100; | ||
| 233 | 235 | ||
| 234 | if (range->neg || BN_is_zero(range)) | 236 | if (range->neg || BN_is_zero(range)) |
| 235 | { | 237 | { |
| @@ -242,9 +244,7 @@ static int bn_rand_range(int pseudo, BIGNUM *r, BIGNUM *range) | |||
| 242 | /* BN_is_bit_set(range, n - 1) always holds */ | 244 | /* BN_is_bit_set(range, n - 1) always holds */ |
| 243 | 245 | ||
| 244 | if (n == 1) | 246 | if (n == 1) |
| 245 | { | 247 | BN_zero(r); |
| 246 | if (!BN_zero(r)) return 0; | ||
| 247 | } | ||
| 248 | else if (!BN_is_bit_set(range, n - 2) && !BN_is_bit_set(range, n - 3)) | 248 | else if (!BN_is_bit_set(range, n - 2) && !BN_is_bit_set(range, n - 3)) |
| 249 | { | 249 | { |
| 250 | /* range = 100..._2, | 250 | /* range = 100..._2, |
| @@ -263,6 +263,13 @@ static int bn_rand_range(int pseudo, BIGNUM *r, BIGNUM *range) | |||
| 263 | if (BN_cmp(r, range) >= 0) | 263 | if (BN_cmp(r, range) >= 0) |
| 264 | if (!BN_sub(r, r, range)) return 0; | 264 | if (!BN_sub(r, r, range)) return 0; |
| 265 | } | 265 | } |
| 266 | |||
| 267 | if (!--count) | ||
| 268 | { | ||
| 269 | BNerr(BN_F_BN_RAND_RANGE, BN_R_TOO_MANY_ITERATIONS); | ||
| 270 | return 0; | ||
| 271 | } | ||
| 272 | |||
| 266 | } | 273 | } |
| 267 | while (BN_cmp(r, range) >= 0); | 274 | while (BN_cmp(r, range) >= 0); |
| 268 | } | 275 | } |
| @@ -272,10 +279,17 @@ static int bn_rand_range(int pseudo, BIGNUM *r, BIGNUM *range) | |||
| 272 | { | 279 | { |
| 273 | /* range = 11..._2 or range = 101..._2 */ | 280 | /* range = 11..._2 or range = 101..._2 */ |
| 274 | if (!bn_rand(r, n, -1, 0)) return 0; | 281 | if (!bn_rand(r, n, -1, 0)) return 0; |
| 282 | |||
| 283 | if (!--count) | ||
| 284 | { | ||
| 285 | BNerr(BN_F_BN_RAND_RANGE, BN_R_TOO_MANY_ITERATIONS); | ||
| 286 | return 0; | ||
| 287 | } | ||
| 275 | } | 288 | } |
| 276 | while (BN_cmp(r, range) >= 0); | 289 | while (BN_cmp(r, range) >= 0); |
| 277 | } | 290 | } |
| 278 | 291 | ||
| 292 | bn_check_top(r); | ||
| 279 | return 1; | 293 | return 1; |
| 280 | } | 294 | } |
| 281 | 295 | ||
diff --git a/src/lib/libssl/src/crypto/bn/bn_recp.c b/src/lib/libssl/src/crypto/bn/bn_recp.c index ef5fdd4708..2e8efb8dae 100644 --- a/src/lib/libssl/src/crypto/bn/bn_recp.c +++ b/src/lib/libssl/src/crypto/bn/bn_recp.c | |||
| @@ -94,7 +94,7 @@ void BN_RECP_CTX_free(BN_RECP_CTX *recp) | |||
| 94 | int BN_RECP_CTX_set(BN_RECP_CTX *recp, const BIGNUM *d, BN_CTX *ctx) | 94 | int BN_RECP_CTX_set(BN_RECP_CTX *recp, const BIGNUM *d, BN_CTX *ctx) |
| 95 | { | 95 | { |
| 96 | if (!BN_copy(&(recp->N),d)) return 0; | 96 | if (!BN_copy(&(recp->N),d)) return 0; |
| 97 | if (!BN_zero(&(recp->Nr))) return 0; | 97 | BN_zero(&(recp->Nr)); |
| 98 | recp->num_bits=BN_num_bits(d); | 98 | recp->num_bits=BN_num_bits(d); |
| 99 | recp->shift=0; | 99 | recp->shift=0; |
| 100 | return(1); | 100 | return(1); |
| @@ -123,6 +123,7 @@ int BN_mod_mul_reciprocal(BIGNUM *r, const BIGNUM *x, const BIGNUM *y, | |||
| 123 | ret = BN_div_recp(NULL,r,ca,recp,ctx); | 123 | ret = BN_div_recp(NULL,r,ca,recp,ctx); |
| 124 | err: | 124 | err: |
| 125 | BN_CTX_end(ctx); | 125 | BN_CTX_end(ctx); |
| 126 | bn_check_top(r); | ||
| 126 | return(ret); | 127 | return(ret); |
| 127 | } | 128 | } |
| 128 | 129 | ||
| @@ -147,7 +148,7 @@ int BN_div_recp(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, | |||
| 147 | 148 | ||
| 148 | if (BN_ucmp(m,&(recp->N)) < 0) | 149 | if (BN_ucmp(m,&(recp->N)) < 0) |
| 149 | { | 150 | { |
| 150 | if (!BN_zero(d)) return 0; | 151 | BN_zero(d); |
| 151 | if (!BN_copy(r,m)) return 0; | 152 | if (!BN_copy(r,m)) return 0; |
| 152 | BN_CTX_end(ctx); | 153 | BN_CTX_end(ctx); |
| 153 | return(1); | 154 | return(1); |
| @@ -190,7 +191,7 @@ int BN_div_recp(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, | |||
| 190 | { | 191 | { |
| 191 | if (j++ > 2) | 192 | if (j++ > 2) |
| 192 | { | 193 | { |
| 193 | BNerr(BN_F_BN_MOD_MUL_RECIPROCAL,BN_R_BAD_RECIPROCAL); | 194 | BNerr(BN_F_BN_DIV_RECP,BN_R_BAD_RECIPROCAL); |
| 194 | goto err; | 195 | goto err; |
| 195 | } | 196 | } |
| 196 | if (!BN_usub(r,r,&(recp->N))) goto err; | 197 | if (!BN_usub(r,r,&(recp->N))) goto err; |
| @@ -203,6 +204,8 @@ int BN_div_recp(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, | |||
| 203 | ret=1; | 204 | ret=1; |
| 204 | err: | 205 | err: |
| 205 | BN_CTX_end(ctx); | 206 | BN_CTX_end(ctx); |
| 207 | bn_check_top(dv); | ||
| 208 | bn_check_top(rem); | ||
| 206 | return(ret); | 209 | return(ret); |
| 207 | } | 210 | } |
| 208 | 211 | ||
| @@ -214,17 +217,18 @@ err: | |||
| 214 | int BN_reciprocal(BIGNUM *r, const BIGNUM *m, int len, BN_CTX *ctx) | 217 | int BN_reciprocal(BIGNUM *r, const BIGNUM *m, int len, BN_CTX *ctx) |
| 215 | { | 218 | { |
| 216 | int ret= -1; | 219 | int ret= -1; |
| 217 | BIGNUM t; | 220 | BIGNUM *t; |
| 218 | 221 | ||
| 219 | BN_init(&t); | 222 | BN_CTX_start(ctx); |
| 223 | if((t = BN_CTX_get(ctx)) == NULL) goto err; | ||
| 220 | 224 | ||
| 221 | if (!BN_zero(&t)) goto err; | 225 | if (!BN_set_bit(t,len)) goto err; |
| 222 | if (!BN_set_bit(&t,len)) goto err; | ||
| 223 | 226 | ||
| 224 | if (!BN_div(r,NULL,&t,m,ctx)) goto err; | 227 | if (!BN_div(r,NULL,t,m,ctx)) goto err; |
| 225 | 228 | ||
| 226 | ret=len; | 229 | ret=len; |
| 227 | err: | 230 | err: |
| 228 | BN_free(&t); | 231 | bn_check_top(r); |
| 232 | BN_CTX_end(ctx); | ||
| 229 | return(ret); | 233 | return(ret); |
| 230 | } | 234 | } |
diff --git a/src/lib/libssl/src/crypto/bn/bn_shift.c b/src/lib/libssl/src/crypto/bn/bn_shift.c index 70f785ea18..de9312dce2 100644 --- a/src/lib/libssl/src/crypto/bn/bn_shift.c +++ b/src/lib/libssl/src/crypto/bn/bn_shift.c | |||
| @@ -65,6 +65,9 @@ int BN_lshift1(BIGNUM *r, const BIGNUM *a) | |||
| 65 | register BN_ULONG *ap,*rp,t,c; | 65 | register BN_ULONG *ap,*rp,t,c; |
| 66 | int i; | 66 | int i; |
| 67 | 67 | ||
| 68 | bn_check_top(r); | ||
| 69 | bn_check_top(a); | ||
| 70 | |||
| 68 | if (r != a) | 71 | if (r != a) |
| 69 | { | 72 | { |
| 70 | r->neg=a->neg; | 73 | r->neg=a->neg; |
| @@ -89,6 +92,7 @@ int BN_lshift1(BIGNUM *r, const BIGNUM *a) | |||
| 89 | *rp=1; | 92 | *rp=1; |
| 90 | r->top++; | 93 | r->top++; |
| 91 | } | 94 | } |
| 95 | bn_check_top(r); | ||
| 92 | return(1); | 96 | return(1); |
| 93 | } | 97 | } |
| 94 | 98 | ||
| @@ -97,6 +101,9 @@ int BN_rshift1(BIGNUM *r, const BIGNUM *a) | |||
| 97 | BN_ULONG *ap,*rp,t,c; | 101 | BN_ULONG *ap,*rp,t,c; |
| 98 | int i; | 102 | int i; |
| 99 | 103 | ||
| 104 | bn_check_top(r); | ||
| 105 | bn_check_top(a); | ||
| 106 | |||
| 100 | if (BN_is_zero(a)) | 107 | if (BN_is_zero(a)) |
| 101 | { | 108 | { |
| 102 | BN_zero(r); | 109 | BN_zero(r); |
| @@ -117,7 +124,8 @@ int BN_rshift1(BIGNUM *r, const BIGNUM *a) | |||
| 117 | rp[i]=((t>>1)&BN_MASK2)|c; | 124 | rp[i]=((t>>1)&BN_MASK2)|c; |
| 118 | c=(t&1)?BN_TBIT:0; | 125 | c=(t&1)?BN_TBIT:0; |
| 119 | } | 126 | } |
| 120 | bn_fix_top(r); | 127 | bn_correct_top(r); |
| 128 | bn_check_top(r); | ||
| 121 | return(1); | 129 | return(1); |
| 122 | } | 130 | } |
| 123 | 131 | ||
| @@ -127,6 +135,9 @@ int BN_lshift(BIGNUM *r, const BIGNUM *a, int n) | |||
| 127 | BN_ULONG *t,*f; | 135 | BN_ULONG *t,*f; |
| 128 | BN_ULONG l; | 136 | BN_ULONG l; |
| 129 | 137 | ||
| 138 | bn_check_top(r); | ||
| 139 | bn_check_top(a); | ||
| 140 | |||
| 130 | r->neg=a->neg; | 141 | r->neg=a->neg; |
| 131 | nw=n/BN_BITS2; | 142 | nw=n/BN_BITS2; |
| 132 | if (bn_wexpand(r,a->top+nw+1) == NULL) return(0); | 143 | if (bn_wexpand(r,a->top+nw+1) == NULL) return(0); |
| @@ -149,7 +160,8 @@ int BN_lshift(BIGNUM *r, const BIGNUM *a, int n) | |||
| 149 | /* for (i=0; i<nw; i++) | 160 | /* for (i=0; i<nw; i++) |
| 150 | t[i]=0;*/ | 161 | t[i]=0;*/ |
| 151 | r->top=a->top+nw+1; | 162 | r->top=a->top+nw+1; |
| 152 | bn_fix_top(r); | 163 | bn_correct_top(r); |
| 164 | bn_check_top(r); | ||
| 153 | return(1); | 165 | return(1); |
| 154 | } | 166 | } |
| 155 | 167 | ||
| @@ -159,6 +171,9 @@ int BN_rshift(BIGNUM *r, const BIGNUM *a, int n) | |||
| 159 | BN_ULONG *t,*f; | 171 | BN_ULONG *t,*f; |
| 160 | BN_ULONG l,tmp; | 172 | BN_ULONG l,tmp; |
| 161 | 173 | ||
| 174 | bn_check_top(r); | ||
| 175 | bn_check_top(a); | ||
| 176 | |||
| 162 | nw=n/BN_BITS2; | 177 | nw=n/BN_BITS2; |
| 163 | rb=n%BN_BITS2; | 178 | rb=n%BN_BITS2; |
| 164 | lb=BN_BITS2-rb; | 179 | lb=BN_BITS2-rb; |
| @@ -185,13 +200,13 @@ int BN_rshift(BIGNUM *r, const BIGNUM *a, int n) | |||
| 185 | 200 | ||
| 186 | if (rb == 0) | 201 | if (rb == 0) |
| 187 | { | 202 | { |
| 188 | for (i=j+1; i > 0; i--) | 203 | for (i=j; i != 0; i--) |
| 189 | *(t++)= *(f++); | 204 | *(t++)= *(f++); |
| 190 | } | 205 | } |
| 191 | else | 206 | else |
| 192 | { | 207 | { |
| 193 | l= *(f++); | 208 | l= *(f++); |
| 194 | for (i=1; i<j; i++) | 209 | for (i=j-1; i != 0; i--) |
| 195 | { | 210 | { |
| 196 | tmp =(l>>rb)&BN_MASK2; | 211 | tmp =(l>>rb)&BN_MASK2; |
| 197 | l= *(f++); | 212 | l= *(f++); |
| @@ -199,7 +214,7 @@ int BN_rshift(BIGNUM *r, const BIGNUM *a, int n) | |||
| 199 | } | 214 | } |
| 200 | *(t++) =(l>>rb)&BN_MASK2; | 215 | *(t++) =(l>>rb)&BN_MASK2; |
| 201 | } | 216 | } |
| 202 | *t=0; | 217 | bn_correct_top(r); |
| 203 | bn_fix_top(r); | 218 | bn_check_top(r); |
| 204 | return(1); | 219 | return(1); |
| 205 | } | 220 | } |
diff --git a/src/lib/libssl/src/crypto/bn/bn_sqr.c b/src/lib/libssl/src/crypto/bn/bn_sqr.c index c1d0cca438..270d0cd348 100644 --- a/src/lib/libssl/src/crypto/bn/bn_sqr.c +++ b/src/lib/libssl/src/crypto/bn/bn_sqr.c | |||
| @@ -77,16 +77,16 @@ int BN_sqr(BIGNUM *r, const BIGNUM *a, BN_CTX *ctx) | |||
| 77 | if (al <= 0) | 77 | if (al <= 0) |
| 78 | { | 78 | { |
| 79 | r->top=0; | 79 | r->top=0; |
| 80 | return(1); | 80 | return 1; |
| 81 | } | 81 | } |
| 82 | 82 | ||
| 83 | BN_CTX_start(ctx); | 83 | BN_CTX_start(ctx); |
| 84 | rr=(a != r) ? r : BN_CTX_get(ctx); | 84 | rr=(a != r) ? r : BN_CTX_get(ctx); |
| 85 | tmp=BN_CTX_get(ctx); | 85 | tmp=BN_CTX_get(ctx); |
| 86 | if (tmp == NULL) goto err; | 86 | if (!rr || !tmp) goto err; |
| 87 | 87 | ||
| 88 | max=(al+al); | 88 | max = 2 * al; /* Non-zero (from above) */ |
| 89 | if (bn_wexpand(rr,max+1) == NULL) goto err; | 89 | if (bn_wexpand(rr,max) == NULL) goto err; |
| 90 | 90 | ||
| 91 | if (al == 4) | 91 | if (al == 4) |
| 92 | { | 92 | { |
| @@ -138,12 +138,18 @@ int BN_sqr(BIGNUM *r, const BIGNUM *a, BN_CTX *ctx) | |||
| 138 | #endif | 138 | #endif |
| 139 | } | 139 | } |
| 140 | 140 | ||
| 141 | rr->top=max; | ||
| 142 | rr->neg=0; | 141 | rr->neg=0; |
| 143 | if ((max > 0) && (rr->d[max-1] == 0)) rr->top--; | 142 | /* If the most-significant half of the top word of 'a' is zero, then |
| 143 | * the square of 'a' will max-1 words. */ | ||
| 144 | if(a->d[al - 1] == (a->d[al - 1] & BN_MASK2l)) | ||
| 145 | rr->top = max - 1; | ||
| 146 | else | ||
| 147 | rr->top = max; | ||
| 144 | if (rr != r) BN_copy(r,rr); | 148 | if (rr != r) BN_copy(r,rr); |
| 145 | ret = 1; | 149 | ret = 1; |
| 146 | err: | 150 | err: |
| 151 | bn_check_top(rr); | ||
| 152 | bn_check_top(tmp); | ||
| 147 | BN_CTX_end(ctx); | 153 | BN_CTX_end(ctx); |
| 148 | return(ret); | 154 | return(ret); |
| 149 | } | 155 | } |
diff --git a/src/lib/libssl/src/crypto/bn/bn_sqrt.c b/src/lib/libssl/src/crypto/bn/bn_sqrt.c index e2a1105dc8..6beaf9e5e5 100644 --- a/src/lib/libssl/src/crypto/bn/bn_sqrt.c +++ b/src/lib/libssl/src/crypto/bn/bn_sqrt.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* crypto/bn/bn_mod.c */ | 1 | /* crypto/bn/bn_sqrt.c */ |
| 2 | /* Written by Lenka Fibikova <fibikova@exp-math.uni-essen.de> | 2 | /* Written by Lenka Fibikova <fibikova@exp-math.uni-essen.de> |
| 3 | * and Bodo Moeller for the OpenSSL project. */ | 3 | * and Bodo Moeller for the OpenSSL project. */ |
| 4 | /* ==================================================================== | 4 | /* ==================================================================== |
| @@ -65,14 +65,12 @@ BIGNUM *BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) | |||
| 65 | * using the Tonelli/Shanks algorithm (cf. Henri Cohen, "A Course | 65 | * using the Tonelli/Shanks algorithm (cf. Henri Cohen, "A Course |
| 66 | * in Algebraic Computational Number Theory", algorithm 1.5.1). | 66 | * in Algebraic Computational Number Theory", algorithm 1.5.1). |
| 67 | * 'p' must be prime! | 67 | * 'p' must be prime! |
| 68 | * If 'a' is not a square, this is not necessarily detected by | ||
| 69 | * the algorithms; a bogus result must be expected in this case. | ||
| 70 | */ | 68 | */ |
| 71 | { | 69 | { |
| 72 | BIGNUM *ret = in; | 70 | BIGNUM *ret = in; |
| 73 | int err = 1; | 71 | int err = 1; |
| 74 | int r; | 72 | int r; |
| 75 | BIGNUM *b, *q, *t, *x, *y; | 73 | BIGNUM *A, *b, *q, *t, *x, *y; |
| 76 | int e, i, j; | 74 | int e, i, j; |
| 77 | 75 | ||
| 78 | if (!BN_is_odd(p) || BN_abs_is_word(p, 1)) | 76 | if (!BN_is_odd(p) || BN_abs_is_word(p, 1)) |
| @@ -85,9 +83,11 @@ BIGNUM *BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) | |||
| 85 | goto end; | 83 | goto end; |
| 86 | if (!BN_set_word(ret, BN_is_bit_set(a, 0))) | 84 | if (!BN_set_word(ret, BN_is_bit_set(a, 0))) |
| 87 | { | 85 | { |
| 88 | BN_free(ret); | 86 | if (ret != in) |
| 87 | BN_free(ret); | ||
| 89 | return NULL; | 88 | return NULL; |
| 90 | } | 89 | } |
| 90 | bn_check_top(ret); | ||
| 91 | return ret; | 91 | return ret; |
| 92 | } | 92 | } |
| 93 | 93 | ||
| @@ -103,23 +103,16 @@ BIGNUM *BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) | |||
| 103 | goto end; | 103 | goto end; |
| 104 | if (!BN_set_word(ret, BN_is_one(a))) | 104 | if (!BN_set_word(ret, BN_is_one(a))) |
| 105 | { | 105 | { |
| 106 | BN_free(ret); | 106 | if (ret != in) |
| 107 | BN_free(ret); | ||
| 107 | return NULL; | 108 | return NULL; |
| 108 | } | 109 | } |
| 110 | bn_check_top(ret); | ||
| 109 | return ret; | 111 | return ret; |
| 110 | } | 112 | } |
| 111 | 113 | ||
| 112 | #if 0 /* if BN_mod_sqrt is used with correct input, this just wastes time */ | ||
| 113 | r = BN_kronecker(a, p, ctx); | ||
| 114 | if (r < -1) return NULL; | ||
| 115 | if (r == -1) | ||
| 116 | { | ||
| 117 | BNerr(BN_F_BN_MOD_SQRT, BN_R_NOT_A_SQUARE); | ||
| 118 | return(NULL); | ||
| 119 | } | ||
| 120 | #endif | ||
| 121 | |||
| 122 | BN_CTX_start(ctx); | 114 | BN_CTX_start(ctx); |
| 115 | A = BN_CTX_get(ctx); | ||
| 123 | b = BN_CTX_get(ctx); | 116 | b = BN_CTX_get(ctx); |
| 124 | q = BN_CTX_get(ctx); | 117 | q = BN_CTX_get(ctx); |
| 125 | t = BN_CTX_get(ctx); | 118 | t = BN_CTX_get(ctx); |
| @@ -131,6 +124,9 @@ BIGNUM *BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) | |||
| 131 | ret = BN_new(); | 124 | ret = BN_new(); |
| 132 | if (ret == NULL) goto end; | 125 | if (ret == NULL) goto end; |
| 133 | 126 | ||
| 127 | /* A = a mod p */ | ||
| 128 | if (!BN_nnmod(A, a, p, ctx)) goto end; | ||
| 129 | |||
| 134 | /* now write |p| - 1 as 2^e*q where q is odd */ | 130 | /* now write |p| - 1 as 2^e*q where q is odd */ |
| 135 | e = 1; | 131 | e = 1; |
| 136 | while (!BN_is_bit_set(p, e)) | 132 | while (!BN_is_bit_set(p, e)) |
| @@ -149,9 +145,9 @@ BIGNUM *BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) | |||
| 149 | if (!BN_rshift(q, p, 2)) goto end; | 145 | if (!BN_rshift(q, p, 2)) goto end; |
| 150 | q->neg = 0; | 146 | q->neg = 0; |
| 151 | if (!BN_add_word(q, 1)) goto end; | 147 | if (!BN_add_word(q, 1)) goto end; |
| 152 | if (!BN_mod_exp(ret, a, q, p, ctx)) goto end; | 148 | if (!BN_mod_exp(ret, A, q, p, ctx)) goto end; |
| 153 | err = 0; | 149 | err = 0; |
| 154 | goto end; | 150 | goto vrfy; |
| 155 | } | 151 | } |
| 156 | 152 | ||
| 157 | if (e == 2) | 153 | if (e == 2) |
| @@ -182,15 +178,8 @@ BIGNUM *BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) | |||
| 182 | * November 1992.) | 178 | * November 1992.) |
| 183 | */ | 179 | */ |
| 184 | 180 | ||
| 185 | /* make sure that a is reduced modulo p */ | ||
| 186 | if (a->neg || BN_ucmp(a, p) >= 0) | ||
| 187 | { | ||
| 188 | if (!BN_nnmod(x, a, p, ctx)) goto end; | ||
| 189 | a = x; /* use x as temporary variable */ | ||
| 190 | } | ||
| 191 | |||
| 192 | /* t := 2*a */ | 181 | /* t := 2*a */ |
| 193 | if (!BN_mod_lshift1_quick(t, a, p)) goto end; | 182 | if (!BN_mod_lshift1_quick(t, A, p)) goto end; |
| 194 | 183 | ||
| 195 | /* b := (2*a)^((|p|-5)/8) */ | 184 | /* b := (2*a)^((|p|-5)/8) */ |
| 196 | if (!BN_rshift(q, p, 3)) goto end; | 185 | if (!BN_rshift(q, p, 3)) goto end; |
| @@ -205,12 +194,12 @@ BIGNUM *BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) | |||
| 205 | if (!BN_sub_word(t, 1)) goto end; | 194 | if (!BN_sub_word(t, 1)) goto end; |
| 206 | 195 | ||
| 207 | /* x = a*b*t */ | 196 | /* x = a*b*t */ |
| 208 | if (!BN_mod_mul(x, a, b, p, ctx)) goto end; | 197 | if (!BN_mod_mul(x, A, b, p, ctx)) goto end; |
| 209 | if (!BN_mod_mul(x, x, t, p, ctx)) goto end; | 198 | if (!BN_mod_mul(x, x, t, p, ctx)) goto end; |
| 210 | 199 | ||
| 211 | if (!BN_copy(ret, x)) goto end; | 200 | if (!BN_copy(ret, x)) goto end; |
| 212 | err = 0; | 201 | err = 0; |
| 213 | goto end; | 202 | goto vrfy; |
| 214 | } | 203 | } |
| 215 | 204 | ||
| 216 | /* e > 2, so we really have to use the Tonelli/Shanks algorithm. | 205 | /* e > 2, so we really have to use the Tonelli/Shanks algorithm. |
| @@ -297,11 +286,11 @@ BIGNUM *BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) | |||
| 297 | /* x := a^((q-1)/2) */ | 286 | /* x := a^((q-1)/2) */ |
| 298 | if (BN_is_zero(t)) /* special case: p = 2^e + 1 */ | 287 | if (BN_is_zero(t)) /* special case: p = 2^e + 1 */ |
| 299 | { | 288 | { |
| 300 | if (!BN_nnmod(t, a, p, ctx)) goto end; | 289 | if (!BN_nnmod(t, A, p, ctx)) goto end; |
| 301 | if (BN_is_zero(t)) | 290 | if (BN_is_zero(t)) |
| 302 | { | 291 | { |
| 303 | /* special case: a == 0 (mod p) */ | 292 | /* special case: a == 0 (mod p) */ |
| 304 | if (!BN_zero(ret)) goto end; | 293 | BN_zero(ret); |
| 305 | err = 0; | 294 | err = 0; |
| 306 | goto end; | 295 | goto end; |
| 307 | } | 296 | } |
| @@ -310,11 +299,11 @@ BIGNUM *BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) | |||
| 310 | } | 299 | } |
| 311 | else | 300 | else |
| 312 | { | 301 | { |
| 313 | if (!BN_mod_exp(x, a, t, p, ctx)) goto end; | 302 | if (!BN_mod_exp(x, A, t, p, ctx)) goto end; |
| 314 | if (BN_is_zero(x)) | 303 | if (BN_is_zero(x)) |
| 315 | { | 304 | { |
| 316 | /* special case: a == 0 (mod p) */ | 305 | /* special case: a == 0 (mod p) */ |
| 317 | if (!BN_zero(ret)) goto end; | 306 | BN_zero(ret); |
| 318 | err = 0; | 307 | err = 0; |
| 319 | goto end; | 308 | goto end; |
| 320 | } | 309 | } |
| @@ -322,10 +311,10 @@ BIGNUM *BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) | |||
| 322 | 311 | ||
| 323 | /* b := a*x^2 (= a^q) */ | 312 | /* b := a*x^2 (= a^q) */ |
| 324 | if (!BN_mod_sqr(b, x, p, ctx)) goto end; | 313 | if (!BN_mod_sqr(b, x, p, ctx)) goto end; |
| 325 | if (!BN_mod_mul(b, b, a, p, ctx)) goto end; | 314 | if (!BN_mod_mul(b, b, A, p, ctx)) goto end; |
| 326 | 315 | ||
| 327 | /* x := a*x (= a^((q+1)/2)) */ | 316 | /* x := a*x (= a^((q+1)/2)) */ |
| 328 | if (!BN_mod_mul(x, x, a, p, ctx)) goto end; | 317 | if (!BN_mod_mul(x, x, A, p, ctx)) goto end; |
| 329 | 318 | ||
| 330 | while (1) | 319 | while (1) |
| 331 | { | 320 | { |
| @@ -342,7 +331,7 @@ BIGNUM *BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) | |||
| 342 | { | 331 | { |
| 343 | if (!BN_copy(ret, x)) goto end; | 332 | if (!BN_copy(ret, x)) goto end; |
| 344 | err = 0; | 333 | err = 0; |
| 345 | goto end; | 334 | goto vrfy; |
| 346 | } | 335 | } |
| 347 | 336 | ||
| 348 | 337 | ||
| @@ -373,6 +362,22 @@ BIGNUM *BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) | |||
| 373 | e = i; | 362 | e = i; |
| 374 | } | 363 | } |
| 375 | 364 | ||
| 365 | vrfy: | ||
| 366 | if (!err) | ||
| 367 | { | ||
| 368 | /* verify the result -- the input might have been not a square | ||
| 369 | * (test added in 0.9.8) */ | ||
| 370 | |||
| 371 | if (!BN_mod_sqr(x, ret, p, ctx)) | ||
| 372 | err = 1; | ||
| 373 | |||
| 374 | if (!err && 0 != BN_cmp(x, A)) | ||
| 375 | { | ||
| 376 | BNerr(BN_F_BN_MOD_SQRT, BN_R_NOT_A_SQUARE); | ||
| 377 | err = 1; | ||
| 378 | } | ||
| 379 | } | ||
| 380 | |||
| 376 | end: | 381 | end: |
| 377 | if (err) | 382 | if (err) |
| 378 | { | 383 | { |
| @@ -383,5 +388,6 @@ BIGNUM *BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) | |||
| 383 | ret = NULL; | 388 | ret = NULL; |
| 384 | } | 389 | } |
| 385 | BN_CTX_end(ctx); | 390 | BN_CTX_end(ctx); |
| 391 | bn_check_top(ret); | ||
| 386 | return ret; | 392 | return ret; |
| 387 | } | 393 | } |
diff --git a/src/lib/libssl/src/crypto/bn/bn_word.c b/src/lib/libssl/src/crypto/bn/bn_word.c index de610ce54c..ee7b87c45c 100644 --- a/src/lib/libssl/src/crypto/bn/bn_word.c +++ b/src/lib/libssl/src/crypto/bn/bn_word.c | |||
| @@ -69,6 +69,10 @@ BN_ULONG BN_mod_word(const BIGNUM *a, BN_ULONG w) | |||
| 69 | #endif | 69 | #endif |
| 70 | int i; | 70 | int i; |
| 71 | 71 | ||
| 72 | if (w == 0) | ||
| 73 | return (BN_ULONG)-1; | ||
| 74 | |||
| 75 | bn_check_top(a); | ||
| 72 | w&=BN_MASK2; | 76 | w&=BN_MASK2; |
| 73 | for (i=a->top-1; i>=0; i--) | 77 | for (i=a->top-1; i>=0; i--) |
| 74 | { | 78 | { |
| @@ -85,12 +89,24 @@ BN_ULONG BN_mod_word(const BIGNUM *a, BN_ULONG w) | |||
| 85 | 89 | ||
| 86 | BN_ULONG BN_div_word(BIGNUM *a, BN_ULONG w) | 90 | BN_ULONG BN_div_word(BIGNUM *a, BN_ULONG w) |
| 87 | { | 91 | { |
| 88 | BN_ULONG ret; | 92 | BN_ULONG ret = 0; |
| 89 | int i; | 93 | int i, j; |
| 94 | |||
| 95 | bn_check_top(a); | ||
| 96 | w &= BN_MASK2; | ||
| 97 | |||
| 98 | if (!w) | ||
| 99 | /* actually this an error (division by zero) */ | ||
| 100 | return (BN_ULONG)-1; | ||
| 101 | if (a->top == 0) | ||
| 102 | return 0; | ||
| 103 | |||
| 104 | /* normalize input (so bn_div_words doesn't complain) */ | ||
| 105 | j = BN_BITS2 - BN_num_bits_word(w); | ||
| 106 | w <<= j; | ||
| 107 | if (!BN_lshift(a, a, j)) | ||
| 108 | return (BN_ULONG)-1; | ||
| 90 | 109 | ||
| 91 | if (a->top == 0) return(0); | ||
| 92 | ret=0; | ||
| 93 | w&=BN_MASK2; | ||
| 94 | for (i=a->top-1; i>=0; i--) | 110 | for (i=a->top-1; i>=0; i--) |
| 95 | { | 111 | { |
| 96 | BN_ULONG l,d; | 112 | BN_ULONG l,d; |
| @@ -102,6 +118,8 @@ BN_ULONG BN_div_word(BIGNUM *a, BN_ULONG w) | |||
| 102 | } | 118 | } |
| 103 | if ((a->top > 0) && (a->d[a->top-1] == 0)) | 119 | if ((a->top > 0) && (a->d[a->top-1] == 0)) |
| 104 | a->top--; | 120 | a->top--; |
| 121 | ret >>= j; | ||
| 122 | bn_check_top(a); | ||
| 105 | return(ret); | 123 | return(ret); |
| 106 | } | 124 | } |
| 107 | 125 | ||
| @@ -110,9 +128,14 @@ int BN_add_word(BIGNUM *a, BN_ULONG w) | |||
| 110 | BN_ULONG l; | 128 | BN_ULONG l; |
| 111 | int i; | 129 | int i; |
| 112 | 130 | ||
| 113 | if ((w & BN_MASK2) == 0) | 131 | bn_check_top(a); |
| 114 | return(1); | 132 | w &= BN_MASK2; |
| 115 | 133 | ||
| 134 | /* degenerate case: w is zero */ | ||
| 135 | if (!w) return 1; | ||
| 136 | /* degenerate case: a is zero */ | ||
| 137 | if(BN_is_zero(a)) return BN_set_word(a, w); | ||
| 138 | /* handle 'a' when negative */ | ||
| 116 | if (a->neg) | 139 | if (a->neg) |
| 117 | { | 140 | { |
| 118 | a->neg=0; | 141 | a->neg=0; |
| @@ -121,15 +144,17 @@ int BN_add_word(BIGNUM *a, BN_ULONG w) | |||
| 121 | a->neg=!(a->neg); | 144 | a->neg=!(a->neg); |
| 122 | return(i); | 145 | return(i); |
| 123 | } | 146 | } |
| 124 | w&=BN_MASK2; | 147 | /* Only expand (and risk failing) if it's possibly necessary */ |
| 125 | if (bn_wexpand(a,a->top+1) == NULL) return(0); | 148 | if (((BN_ULONG)(a->d[a->top - 1] + 1) == 0) && |
| 149 | (bn_wexpand(a,a->top+1) == NULL)) | ||
| 150 | return(0); | ||
| 126 | i=0; | 151 | i=0; |
| 127 | for (;;) | 152 | for (;;) |
| 128 | { | 153 | { |
| 129 | if (i >= a->top) | 154 | if (i >= a->top) |
| 130 | l=w; | 155 | l=w; |
| 131 | else | 156 | else |
| 132 | l=(a->d[i]+(BN_ULONG)w)&BN_MASK2; | 157 | l=(a->d[i]+w)&BN_MASK2; |
| 133 | a->d[i]=l; | 158 | a->d[i]=l; |
| 134 | if (w > l) | 159 | if (w > l) |
| 135 | w=1; | 160 | w=1; |
| @@ -139,6 +164,7 @@ int BN_add_word(BIGNUM *a, BN_ULONG w) | |||
| 139 | } | 164 | } |
| 140 | if (i >= a->top) | 165 | if (i >= a->top) |
| 141 | a->top++; | 166 | a->top++; |
| 167 | bn_check_top(a); | ||
| 142 | return(1); | 168 | return(1); |
| 143 | } | 169 | } |
| 144 | 170 | ||
| @@ -146,10 +172,21 @@ int BN_sub_word(BIGNUM *a, BN_ULONG w) | |||
| 146 | { | 172 | { |
| 147 | int i; | 173 | int i; |
| 148 | 174 | ||
| 149 | if ((w & BN_MASK2) == 0) | 175 | bn_check_top(a); |
| 150 | return(1); | 176 | w &= BN_MASK2; |
| 151 | 177 | ||
| 152 | if (BN_is_zero(a) || a->neg) | 178 | /* degenerate case: w is zero */ |
| 179 | if (!w) return 1; | ||
| 180 | /* degenerate case: a is zero */ | ||
| 181 | if(BN_is_zero(a)) | ||
| 182 | { | ||
| 183 | i = BN_set_word(a,w); | ||
| 184 | if (i != 0) | ||
| 185 | BN_set_negative(a, 1); | ||
| 186 | return i; | ||
| 187 | } | ||
| 188 | /* handle 'a' when negative */ | ||
| 189 | if (a->neg) | ||
| 153 | { | 190 | { |
| 154 | a->neg=0; | 191 | a->neg=0; |
| 155 | i=BN_add_word(a,w); | 192 | i=BN_add_word(a,w); |
| @@ -157,7 +194,6 @@ int BN_sub_word(BIGNUM *a, BN_ULONG w) | |||
| 157 | return(i); | 194 | return(i); |
| 158 | } | 195 | } |
| 159 | 196 | ||
| 160 | w&=BN_MASK2; | ||
| 161 | if ((a->top == 1) && (a->d[0] < w)) | 197 | if ((a->top == 1) && (a->d[0] < w)) |
| 162 | { | 198 | { |
| 163 | a->d[0]=w-a->d[0]; | 199 | a->d[0]=w-a->d[0]; |
| @@ -181,6 +217,7 @@ int BN_sub_word(BIGNUM *a, BN_ULONG w) | |||
| 181 | } | 217 | } |
| 182 | if ((a->d[i] == 0) && (i == (a->top-1))) | 218 | if ((a->d[i] == 0) && (i == (a->top-1))) |
| 183 | a->top--; | 219 | a->top--; |
| 220 | bn_check_top(a); | ||
| 184 | return(1); | 221 | return(1); |
| 185 | } | 222 | } |
| 186 | 223 | ||
| @@ -188,6 +225,7 @@ int BN_mul_word(BIGNUM *a, BN_ULONG w) | |||
| 188 | { | 225 | { |
| 189 | BN_ULONG ll; | 226 | BN_ULONG ll; |
| 190 | 227 | ||
| 228 | bn_check_top(a); | ||
| 191 | w&=BN_MASK2; | 229 | w&=BN_MASK2; |
| 192 | if (a->top) | 230 | if (a->top) |
| 193 | { | 231 | { |
| @@ -203,6 +241,7 @@ int BN_mul_word(BIGNUM *a, BN_ULONG w) | |||
| 203 | } | 241 | } |
| 204 | } | 242 | } |
| 205 | } | 243 | } |
| 244 | bn_check_top(a); | ||
| 206 | return(1); | 245 | return(1); |
| 207 | } | 246 | } |
| 208 | 247 | ||
diff --git a/src/lib/libssl/src/crypto/bn/bntest.c b/src/lib/libssl/src/crypto/bn/bntest.c index 792a75ff4f..cf190380f5 100644 --- a/src/lib/libssl/src/crypto/bn/bntest.c +++ b/src/lib/libssl/src/crypto/bn/bntest.c | |||
| @@ -55,6 +55,25 @@ | |||
| 55 | * copied and put under another distribution licence | 55 | * copied and put under another distribution licence |
| 56 | * [including the GNU Public Licence.] | 56 | * [including the GNU Public Licence.] |
| 57 | */ | 57 | */ |
| 58 | /* ==================================================================== | ||
| 59 | * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. | ||
| 60 | * | ||
| 61 | * Portions of the attached software ("Contribution") are developed by | ||
| 62 | * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project. | ||
| 63 | * | ||
| 64 | * The Contribution is licensed pursuant to the Eric Young open source | ||
| 65 | * license provided above. | ||
| 66 | * | ||
| 67 | * The binary polynomial arithmetic software is originally written by | ||
| 68 | * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories. | ||
| 69 | * | ||
| 70 | */ | ||
| 71 | |||
| 72 | /* Until the key-gen callbacks are modified to use newer prototypes, we allow | ||
| 73 | * deprecated functions for openssl-internal code */ | ||
| 74 | #ifdef OPENSSL_NO_DEPRECATED | ||
| 75 | #undef OPENSSL_NO_DEPRECATED | ||
| 76 | #endif | ||
| 58 | 77 | ||
| 59 | #include <stdio.h> | 78 | #include <stdio.h> |
| 60 | #include <stdlib.h> | 79 | #include <stdlib.h> |
| @@ -79,6 +98,7 @@ int test_lshift(BIO *bp,BN_CTX *ctx,BIGNUM *a_); | |||
| 79 | int test_rshift1(BIO *bp); | 98 | int test_rshift1(BIO *bp); |
| 80 | int test_rshift(BIO *bp,BN_CTX *ctx); | 99 | int test_rshift(BIO *bp,BN_CTX *ctx); |
| 81 | int test_div(BIO *bp,BN_CTX *ctx); | 100 | int test_div(BIO *bp,BN_CTX *ctx); |
| 101 | int test_div_word(BIO *bp); | ||
| 82 | int test_div_recp(BIO *bp,BN_CTX *ctx); | 102 | int test_div_recp(BIO *bp,BN_CTX *ctx); |
| 83 | int test_mul(BIO *bp); | 103 | int test_mul(BIO *bp); |
| 84 | int test_sqr(BIO *bp,BN_CTX *ctx); | 104 | int test_sqr(BIO *bp,BN_CTX *ctx); |
| @@ -88,6 +108,15 @@ int test_mod_mul(BIO *bp,BN_CTX *ctx); | |||
| 88 | int test_mod_exp(BIO *bp,BN_CTX *ctx); | 108 | int test_mod_exp(BIO *bp,BN_CTX *ctx); |
| 89 | int test_mod_exp_mont_consttime(BIO *bp,BN_CTX *ctx); | 109 | int test_mod_exp_mont_consttime(BIO *bp,BN_CTX *ctx); |
| 90 | int test_exp(BIO *bp,BN_CTX *ctx); | 110 | int test_exp(BIO *bp,BN_CTX *ctx); |
| 111 | int test_gf2m_add(BIO *bp); | ||
| 112 | int test_gf2m_mod(BIO *bp); | ||
| 113 | int test_gf2m_mod_mul(BIO *bp,BN_CTX *ctx); | ||
| 114 | int test_gf2m_mod_sqr(BIO *bp,BN_CTX *ctx); | ||
| 115 | int test_gf2m_mod_inv(BIO *bp,BN_CTX *ctx); | ||
| 116 | int test_gf2m_mod_div(BIO *bp,BN_CTX *ctx); | ||
| 117 | int test_gf2m_mod_exp(BIO *bp,BN_CTX *ctx); | ||
| 118 | int test_gf2m_mod_sqrt(BIO *bp,BN_CTX *ctx); | ||
| 119 | int test_gf2m_mod_solve_quad(BIO *bp,BN_CTX *ctx); | ||
| 91 | int test_kron(BIO *bp,BN_CTX *ctx); | 120 | int test_kron(BIO *bp,BN_CTX *ctx); |
| 92 | int test_sqrt(BIO *bp,BN_CTX *ctx); | 121 | int test_sqrt(BIO *bp,BN_CTX *ctx); |
| 93 | int rand_neg(void); | 122 | int rand_neg(void); |
| @@ -155,80 +184,120 @@ int main(int argc, char *argv[]) | |||
| 155 | 184 | ||
| 156 | message(out,"BN_add"); | 185 | message(out,"BN_add"); |
| 157 | if (!test_add(out)) goto err; | 186 | if (!test_add(out)) goto err; |
| 158 | BIO_flush(out); | 187 | (void)BIO_flush(out); |
| 159 | 188 | ||
| 160 | message(out,"BN_sub"); | 189 | message(out,"BN_sub"); |
| 161 | if (!test_sub(out)) goto err; | 190 | if (!test_sub(out)) goto err; |
| 162 | BIO_flush(out); | 191 | (void)BIO_flush(out); |
| 163 | 192 | ||
| 164 | message(out,"BN_lshift1"); | 193 | message(out,"BN_lshift1"); |
| 165 | if (!test_lshift1(out)) goto err; | 194 | if (!test_lshift1(out)) goto err; |
| 166 | BIO_flush(out); | 195 | (void)BIO_flush(out); |
| 167 | 196 | ||
| 168 | message(out,"BN_lshift (fixed)"); | 197 | message(out,"BN_lshift (fixed)"); |
| 169 | if (!test_lshift(out,ctx,BN_bin2bn(lst,sizeof(lst)-1,NULL))) | 198 | if (!test_lshift(out,ctx,BN_bin2bn(lst,sizeof(lst)-1,NULL))) |
| 170 | goto err; | 199 | goto err; |
| 171 | BIO_flush(out); | 200 | (void)BIO_flush(out); |
| 172 | 201 | ||
| 173 | message(out,"BN_lshift"); | 202 | message(out,"BN_lshift"); |
| 174 | if (!test_lshift(out,ctx,NULL)) goto err; | 203 | if (!test_lshift(out,ctx,NULL)) goto err; |
| 175 | BIO_flush(out); | 204 | (void)BIO_flush(out); |
| 176 | 205 | ||
| 177 | message(out,"BN_rshift1"); | 206 | message(out,"BN_rshift1"); |
| 178 | if (!test_rshift1(out)) goto err; | 207 | if (!test_rshift1(out)) goto err; |
| 179 | BIO_flush(out); | 208 | (void)BIO_flush(out); |
| 180 | 209 | ||
| 181 | message(out,"BN_rshift"); | 210 | message(out,"BN_rshift"); |
| 182 | if (!test_rshift(out,ctx)) goto err; | 211 | if (!test_rshift(out,ctx)) goto err; |
| 183 | BIO_flush(out); | 212 | (void)BIO_flush(out); |
| 184 | 213 | ||
| 185 | message(out,"BN_sqr"); | 214 | message(out,"BN_sqr"); |
| 186 | if (!test_sqr(out,ctx)) goto err; | 215 | if (!test_sqr(out,ctx)) goto err; |
| 187 | BIO_flush(out); | 216 | (void)BIO_flush(out); |
| 188 | 217 | ||
| 189 | message(out,"BN_mul"); | 218 | message(out,"BN_mul"); |
| 190 | if (!test_mul(out)) goto err; | 219 | if (!test_mul(out)) goto err; |
| 191 | BIO_flush(out); | 220 | (void)BIO_flush(out); |
| 192 | 221 | ||
| 193 | message(out,"BN_div"); | 222 | message(out,"BN_div"); |
| 194 | if (!test_div(out,ctx)) goto err; | 223 | if (!test_div(out,ctx)) goto err; |
| 195 | BIO_flush(out); | 224 | (void)BIO_flush(out); |
| 225 | |||
| 226 | message(out,"BN_div_word"); | ||
| 227 | if (!test_div_word(out)) goto err; | ||
| 228 | (void)BIO_flush(out); | ||
| 196 | 229 | ||
| 197 | message(out,"BN_div_recp"); | 230 | message(out,"BN_div_recp"); |
| 198 | if (!test_div_recp(out,ctx)) goto err; | 231 | if (!test_div_recp(out,ctx)) goto err; |
| 199 | BIO_flush(out); | 232 | (void)BIO_flush(out); |
| 200 | 233 | ||
| 201 | message(out,"BN_mod"); | 234 | message(out,"BN_mod"); |
| 202 | if (!test_mod(out,ctx)) goto err; | 235 | if (!test_mod(out,ctx)) goto err; |
| 203 | BIO_flush(out); | 236 | (void)BIO_flush(out); |
| 204 | 237 | ||
| 205 | message(out,"BN_mod_mul"); | 238 | message(out,"BN_mod_mul"); |
| 206 | if (!test_mod_mul(out,ctx)) goto err; | 239 | if (!test_mod_mul(out,ctx)) goto err; |
| 207 | BIO_flush(out); | 240 | (void)BIO_flush(out); |
| 208 | 241 | ||
| 209 | message(out,"BN_mont"); | 242 | message(out,"BN_mont"); |
| 210 | if (!test_mont(out,ctx)) goto err; | 243 | if (!test_mont(out,ctx)) goto err; |
| 211 | BIO_flush(out); | 244 | (void)BIO_flush(out); |
| 212 | 245 | ||
| 213 | message(out,"BN_mod_exp"); | 246 | message(out,"BN_mod_exp"); |
| 214 | if (!test_mod_exp(out,ctx)) goto err; | 247 | if (!test_mod_exp(out,ctx)) goto err; |
| 215 | BIO_flush(out); | 248 | (void)BIO_flush(out); |
| 216 | 249 | ||
| 217 | message(out,"BN_mod_exp_mont_consttime"); | 250 | message(out,"BN_mod_exp_mont_consttime"); |
| 218 | if (!test_mod_exp_mont_consttime(out,ctx)) goto err; | 251 | if (!test_mod_exp_mont_consttime(out,ctx)) goto err; |
| 219 | BIO_flush(out); | 252 | (void)BIO_flush(out); |
| 220 | 253 | ||
| 221 | message(out,"BN_exp"); | 254 | message(out,"BN_exp"); |
| 222 | if (!test_exp(out,ctx)) goto err; | 255 | if (!test_exp(out,ctx)) goto err; |
| 223 | BIO_flush(out); | 256 | (void)BIO_flush(out); |
| 224 | 257 | ||
| 225 | message(out,"BN_kronecker"); | 258 | message(out,"BN_kronecker"); |
| 226 | if (!test_kron(out,ctx)) goto err; | 259 | if (!test_kron(out,ctx)) goto err; |
| 227 | BIO_flush(out); | 260 | (void)BIO_flush(out); |
| 228 | 261 | ||
| 229 | message(out,"BN_mod_sqrt"); | 262 | message(out,"BN_mod_sqrt"); |
| 230 | if (!test_sqrt(out,ctx)) goto err; | 263 | if (!test_sqrt(out,ctx)) goto err; |
| 231 | BIO_flush(out); | 264 | (void)BIO_flush(out); |
| 265 | |||
| 266 | message(out,"BN_GF2m_add"); | ||
| 267 | if (!test_gf2m_add(out)) goto err; | ||
| 268 | (void)BIO_flush(out); | ||
| 269 | |||
| 270 | message(out,"BN_GF2m_mod"); | ||
| 271 | if (!test_gf2m_mod(out)) goto err; | ||
| 272 | (void)BIO_flush(out); | ||
| 273 | |||
| 274 | message(out,"BN_GF2m_mod_mul"); | ||
| 275 | if (!test_gf2m_mod_mul(out,ctx)) goto err; | ||
| 276 | (void)BIO_flush(out); | ||
| 277 | |||
| 278 | message(out,"BN_GF2m_mod_sqr"); | ||
| 279 | if (!test_gf2m_mod_sqr(out,ctx)) goto err; | ||
| 280 | (void)BIO_flush(out); | ||
| 281 | |||
| 282 | message(out,"BN_GF2m_mod_inv"); | ||
| 283 | if (!test_gf2m_mod_inv(out,ctx)) goto err; | ||
| 284 | (void)BIO_flush(out); | ||
| 285 | |||
| 286 | message(out,"BN_GF2m_mod_div"); | ||
| 287 | if (!test_gf2m_mod_div(out,ctx)) goto err; | ||
| 288 | (void)BIO_flush(out); | ||
| 289 | |||
| 290 | message(out,"BN_GF2m_mod_exp"); | ||
| 291 | if (!test_gf2m_mod_exp(out,ctx)) goto err; | ||
| 292 | (void)BIO_flush(out); | ||
| 293 | |||
| 294 | message(out,"BN_GF2m_mod_sqrt"); | ||
| 295 | if (!test_gf2m_mod_sqrt(out,ctx)) goto err; | ||
| 296 | (void)BIO_flush(out); | ||
| 297 | |||
| 298 | message(out,"BN_GF2m_mod_solve_quad"); | ||
| 299 | if (!test_gf2m_mod_solve_quad(out,ctx)) goto err; | ||
| 300 | (void)BIO_flush(out); | ||
| 232 | 301 | ||
| 233 | BN_CTX_free(ctx); | 302 | BN_CTX_free(ctx); |
| 234 | BIO_free(out); | 303 | BIO_free(out); |
| @@ -237,8 +306,8 @@ int main(int argc, char *argv[]) | |||
| 237 | EXIT(0); | 306 | EXIT(0); |
| 238 | err: | 307 | err: |
| 239 | BIO_puts(out,"1\n"); /* make sure the Perl script fed by bc notices | 308 | BIO_puts(out,"1\n"); /* make sure the Perl script fed by bc notices |
| 240 | * the failure, see test_bn in test/Makefile */ | 309 | * the failure, see test_bn in test/Makefile.ssl*/ |
| 241 | BIO_flush(out); | 310 | (void)BIO_flush(out); |
| 242 | ERR_load_crypto_strings(); | 311 | ERR_load_crypto_strings(); |
| 243 | ERR_print_errors_fp(stderr); | 312 | ERR_print_errors_fp(stderr); |
| 244 | EXIT(1); | 313 | EXIT(1); |
| @@ -404,6 +473,78 @@ int test_div(BIO *bp, BN_CTX *ctx) | |||
| 404 | return(1); | 473 | return(1); |
| 405 | } | 474 | } |
| 406 | 475 | ||
| 476 | static void print_word(BIO *bp,BN_ULONG w) | ||
| 477 | { | ||
| 478 | #ifdef SIXTY_FOUR_BIT | ||
| 479 | if (sizeof(w) > sizeof(unsigned long)) | ||
| 480 | { | ||
| 481 | unsigned long h=(unsigned long)(w>>32), | ||
| 482 | l=(unsigned long)(w); | ||
| 483 | |||
| 484 | if (h) BIO_printf(bp,"%lX%08lX",h,l); | ||
| 485 | else BIO_printf(bp,"%lX",l); | ||
| 486 | return; | ||
| 487 | } | ||
| 488 | #endif | ||
| 489 | BIO_printf(bp,"%lX",w); | ||
| 490 | } | ||
| 491 | |||
| 492 | int test_div_word(BIO *bp) | ||
| 493 | { | ||
| 494 | BIGNUM a,b; | ||
| 495 | BN_ULONG r,s; | ||
| 496 | int i; | ||
| 497 | |||
| 498 | BN_init(&a); | ||
| 499 | BN_init(&b); | ||
| 500 | |||
| 501 | for (i=0; i<num0; i++) | ||
| 502 | { | ||
| 503 | do { | ||
| 504 | BN_bntest_rand(&a,512,-1,0); | ||
| 505 | BN_bntest_rand(&b,BN_BITS2,-1,0); | ||
| 506 | s = b.d[0]; | ||
| 507 | } while (!s); | ||
| 508 | |||
| 509 | BN_copy(&b, &a); | ||
| 510 | r = BN_div_word(&b, s); | ||
| 511 | |||
| 512 | if (bp != NULL) | ||
| 513 | { | ||
| 514 | if (!results) | ||
| 515 | { | ||
| 516 | BN_print(bp,&a); | ||
| 517 | BIO_puts(bp," / "); | ||
| 518 | print_word(bp,s); | ||
| 519 | BIO_puts(bp," - "); | ||
| 520 | } | ||
| 521 | BN_print(bp,&b); | ||
| 522 | BIO_puts(bp,"\n"); | ||
| 523 | |||
| 524 | if (!results) | ||
| 525 | { | ||
| 526 | BN_print(bp,&a); | ||
| 527 | BIO_puts(bp," % "); | ||
| 528 | print_word(bp,s); | ||
| 529 | BIO_puts(bp," - "); | ||
| 530 | } | ||
| 531 | print_word(bp,r); | ||
| 532 | BIO_puts(bp,"\n"); | ||
| 533 | } | ||
| 534 | BN_mul_word(&b,s); | ||
| 535 | BN_add_word(&b,r); | ||
| 536 | BN_sub(&b,&a,&b); | ||
| 537 | if(!BN_is_zero(&b)) | ||
| 538 | { | ||
| 539 | fprintf(stderr,"Division (word) test failed!\n"); | ||
| 540 | return 0; | ||
| 541 | } | ||
| 542 | } | ||
| 543 | BN_free(&a); | ||
| 544 | BN_free(&b); | ||
| 545 | return(1); | ||
| 546 | } | ||
| 547 | |||
| 407 | int test_div_recp(BIO *bp, BN_CTX *ctx) | 548 | int test_div_recp(BIO *bp, BN_CTX *ctx) |
| 408 | { | 549 | { |
| 409 | BIGNUM a,b,c,d,e; | 550 | BIGNUM a,b,c,d,e; |
| @@ -919,7 +1060,582 @@ int test_exp(BIO *bp, BN_CTX *ctx) | |||
| 919 | return(1); | 1060 | return(1); |
| 920 | } | 1061 | } |
| 921 | 1062 | ||
| 922 | static void genprime_cb(int p, int n, void *arg) | 1063 | int test_gf2m_add(BIO *bp) |
| 1064 | { | ||
| 1065 | BIGNUM a,b,c; | ||
| 1066 | int i, ret = 0; | ||
| 1067 | |||
| 1068 | BN_init(&a); | ||
| 1069 | BN_init(&b); | ||
| 1070 | BN_init(&c); | ||
| 1071 | |||
| 1072 | for (i=0; i<num0; i++) | ||
| 1073 | { | ||
| 1074 | BN_rand(&a,512,0,0); | ||
| 1075 | BN_copy(&b, BN_value_one()); | ||
| 1076 | a.neg=rand_neg(); | ||
| 1077 | b.neg=rand_neg(); | ||
| 1078 | BN_GF2m_add(&c,&a,&b); | ||
| 1079 | #if 0 /* make test uses ouput in bc but bc can't handle GF(2^m) arithmetic */ | ||
| 1080 | if (bp != NULL) | ||
| 1081 | { | ||
| 1082 | if (!results) | ||
| 1083 | { | ||
| 1084 | BN_print(bp,&a); | ||
| 1085 | BIO_puts(bp," ^ "); | ||
| 1086 | BN_print(bp,&b); | ||
| 1087 | BIO_puts(bp," = "); | ||
| 1088 | } | ||
| 1089 | BN_print(bp,&c); | ||
| 1090 | BIO_puts(bp,"\n"); | ||
| 1091 | } | ||
| 1092 | #endif | ||
| 1093 | /* Test that two added values have the correct parity. */ | ||
| 1094 | if((BN_is_odd(&a) && BN_is_odd(&c)) || (!BN_is_odd(&a) && !BN_is_odd(&c))) | ||
| 1095 | { | ||
| 1096 | fprintf(stderr,"GF(2^m) addition test (a) failed!\n"); | ||
| 1097 | goto err; | ||
| 1098 | } | ||
| 1099 | BN_GF2m_add(&c,&c,&c); | ||
| 1100 | /* Test that c + c = 0. */ | ||
| 1101 | if(!BN_is_zero(&c)) | ||
| 1102 | { | ||
| 1103 | fprintf(stderr,"GF(2^m) addition test (b) failed!\n"); | ||
| 1104 | goto err; | ||
| 1105 | } | ||
| 1106 | } | ||
| 1107 | ret = 1; | ||
| 1108 | err: | ||
| 1109 | BN_free(&a); | ||
| 1110 | BN_free(&b); | ||
| 1111 | BN_free(&c); | ||
| 1112 | return ret; | ||
| 1113 | } | ||
| 1114 | |||
| 1115 | int test_gf2m_mod(BIO *bp) | ||
| 1116 | { | ||
| 1117 | BIGNUM *a,*b[2],*c,*d,*e; | ||
| 1118 | int i, j, ret = 0; | ||
| 1119 | unsigned int p0[] = {163,7,6,3,0}; | ||
| 1120 | unsigned int p1[] = {193,15,0}; | ||
| 1121 | |||
| 1122 | a=BN_new(); | ||
| 1123 | b[0]=BN_new(); | ||
| 1124 | b[1]=BN_new(); | ||
| 1125 | c=BN_new(); | ||
| 1126 | d=BN_new(); | ||
| 1127 | e=BN_new(); | ||
| 1128 | |||
| 1129 | BN_GF2m_arr2poly(p0, b[0]); | ||
| 1130 | BN_GF2m_arr2poly(p1, b[1]); | ||
| 1131 | |||
| 1132 | for (i=0; i<num0; i++) | ||
| 1133 | { | ||
| 1134 | BN_bntest_rand(a, 1024, 0, 0); | ||
| 1135 | for (j=0; j < 2; j++) | ||
| 1136 | { | ||
| 1137 | BN_GF2m_mod(c, a, b[j]); | ||
| 1138 | #if 0 /* make test uses ouput in bc but bc can't handle GF(2^m) arithmetic */ | ||
| 1139 | if (bp != NULL) | ||
| 1140 | { | ||
| 1141 | if (!results) | ||
| 1142 | { | ||
| 1143 | BN_print(bp,a); | ||
| 1144 | BIO_puts(bp," % "); | ||
| 1145 | BN_print(bp,b[j]); | ||
| 1146 | BIO_puts(bp," - "); | ||
| 1147 | BN_print(bp,c); | ||
| 1148 | BIO_puts(bp,"\n"); | ||
| 1149 | } | ||
| 1150 | } | ||
| 1151 | #endif | ||
| 1152 | BN_GF2m_add(d, a, c); | ||
| 1153 | BN_GF2m_mod(e, d, b[j]); | ||
| 1154 | /* Test that a + (a mod p) mod p == 0. */ | ||
| 1155 | if(!BN_is_zero(e)) | ||
| 1156 | { | ||
| 1157 | fprintf(stderr,"GF(2^m) modulo test failed!\n"); | ||
| 1158 | goto err; | ||
| 1159 | } | ||
| 1160 | } | ||
| 1161 | } | ||
| 1162 | ret = 1; | ||
| 1163 | err: | ||
| 1164 | BN_free(a); | ||
| 1165 | BN_free(b[0]); | ||
| 1166 | BN_free(b[1]); | ||
| 1167 | BN_free(c); | ||
| 1168 | BN_free(d); | ||
| 1169 | BN_free(e); | ||
| 1170 | return ret; | ||
| 1171 | } | ||
| 1172 | |||
| 1173 | int test_gf2m_mod_mul(BIO *bp,BN_CTX *ctx) | ||
| 1174 | { | ||
| 1175 | BIGNUM *a,*b[2],*c,*d,*e,*f,*g,*h; | ||
| 1176 | int i, j, ret = 0; | ||
| 1177 | unsigned int p0[] = {163,7,6,3,0}; | ||
| 1178 | unsigned int p1[] = {193,15,0}; | ||
| 1179 | |||
| 1180 | a=BN_new(); | ||
| 1181 | b[0]=BN_new(); | ||
| 1182 | b[1]=BN_new(); | ||
| 1183 | c=BN_new(); | ||
| 1184 | d=BN_new(); | ||
| 1185 | e=BN_new(); | ||
| 1186 | f=BN_new(); | ||
| 1187 | g=BN_new(); | ||
| 1188 | h=BN_new(); | ||
| 1189 | |||
| 1190 | BN_GF2m_arr2poly(p0, b[0]); | ||
| 1191 | BN_GF2m_arr2poly(p1, b[1]); | ||
| 1192 | |||
| 1193 | for (i=0; i<num0; i++) | ||
| 1194 | { | ||
| 1195 | BN_bntest_rand(a, 1024, 0, 0); | ||
| 1196 | BN_bntest_rand(c, 1024, 0, 0); | ||
| 1197 | BN_bntest_rand(d, 1024, 0, 0); | ||
| 1198 | for (j=0; j < 2; j++) | ||
| 1199 | { | ||
| 1200 | BN_GF2m_mod_mul(e, a, c, b[j], ctx); | ||
| 1201 | #if 0 /* make test uses ouput in bc but bc can't handle GF(2^m) arithmetic */ | ||
| 1202 | if (bp != NULL) | ||
| 1203 | { | ||
| 1204 | if (!results) | ||
| 1205 | { | ||
| 1206 | BN_print(bp,a); | ||
| 1207 | BIO_puts(bp," * "); | ||
| 1208 | BN_print(bp,c); | ||
| 1209 | BIO_puts(bp," % "); | ||
| 1210 | BN_print(bp,b[j]); | ||
| 1211 | BIO_puts(bp," - "); | ||
| 1212 | BN_print(bp,e); | ||
| 1213 | BIO_puts(bp,"\n"); | ||
| 1214 | } | ||
| 1215 | } | ||
| 1216 | #endif | ||
| 1217 | BN_GF2m_add(f, a, d); | ||
| 1218 | BN_GF2m_mod_mul(g, f, c, b[j], ctx); | ||
| 1219 | BN_GF2m_mod_mul(h, d, c, b[j], ctx); | ||
| 1220 | BN_GF2m_add(f, e, g); | ||
| 1221 | BN_GF2m_add(f, f, h); | ||
| 1222 | /* Test that (a+d)*c = a*c + d*c. */ | ||
| 1223 | if(!BN_is_zero(f)) | ||
| 1224 | { | ||
| 1225 | fprintf(stderr,"GF(2^m) modular multiplication test failed!\n"); | ||
| 1226 | goto err; | ||
| 1227 | } | ||
| 1228 | } | ||
| 1229 | } | ||
| 1230 | ret = 1; | ||
| 1231 | err: | ||
| 1232 | BN_free(a); | ||
| 1233 | BN_free(b[0]); | ||
| 1234 | BN_free(b[1]); | ||
| 1235 | BN_free(c); | ||
| 1236 | BN_free(d); | ||
| 1237 | BN_free(e); | ||
| 1238 | BN_free(f); | ||
| 1239 | BN_free(g); | ||
| 1240 | BN_free(h); | ||
| 1241 | return ret; | ||
| 1242 | } | ||
| 1243 | |||
| 1244 | int test_gf2m_mod_sqr(BIO *bp,BN_CTX *ctx) | ||
| 1245 | { | ||
| 1246 | BIGNUM *a,*b[2],*c,*d; | ||
| 1247 | int i, j, ret = 0; | ||
| 1248 | unsigned int p0[] = {163,7,6,3,0}; | ||
| 1249 | unsigned int p1[] = {193,15,0}; | ||
| 1250 | |||
| 1251 | a=BN_new(); | ||
| 1252 | b[0]=BN_new(); | ||
| 1253 | b[1]=BN_new(); | ||
| 1254 | c=BN_new(); | ||
| 1255 | d=BN_new(); | ||
| 1256 | |||
| 1257 | BN_GF2m_arr2poly(p0, b[0]); | ||
| 1258 | BN_GF2m_arr2poly(p1, b[1]); | ||
| 1259 | |||
| 1260 | for (i=0; i<num0; i++) | ||
| 1261 | { | ||
| 1262 | BN_bntest_rand(a, 1024, 0, 0); | ||
| 1263 | for (j=0; j < 2; j++) | ||
| 1264 | { | ||
| 1265 | BN_GF2m_mod_sqr(c, a, b[j], ctx); | ||
| 1266 | BN_copy(d, a); | ||
| 1267 | BN_GF2m_mod_mul(d, a, d, b[j], ctx); | ||
| 1268 | #if 0 /* make test uses ouput in bc but bc can't handle GF(2^m) arithmetic */ | ||
| 1269 | if (bp != NULL) | ||
| 1270 | { | ||
| 1271 | if (!results) | ||
| 1272 | { | ||
| 1273 | BN_print(bp,a); | ||
| 1274 | BIO_puts(bp," ^ 2 % "); | ||
| 1275 | BN_print(bp,b[j]); | ||
| 1276 | BIO_puts(bp, " = "); | ||
| 1277 | BN_print(bp,c); | ||
| 1278 | BIO_puts(bp,"; a * a = "); | ||
| 1279 | BN_print(bp,d); | ||
| 1280 | BIO_puts(bp,"\n"); | ||
| 1281 | } | ||
| 1282 | } | ||
| 1283 | #endif | ||
| 1284 | BN_GF2m_add(d, c, d); | ||
| 1285 | /* Test that a*a = a^2. */ | ||
| 1286 | if(!BN_is_zero(d)) | ||
| 1287 | { | ||
| 1288 | fprintf(stderr,"GF(2^m) modular squaring test failed!\n"); | ||
| 1289 | goto err; | ||
| 1290 | } | ||
| 1291 | } | ||
| 1292 | } | ||
| 1293 | ret = 1; | ||
| 1294 | err: | ||
| 1295 | BN_free(a); | ||
| 1296 | BN_free(b[0]); | ||
| 1297 | BN_free(b[1]); | ||
| 1298 | BN_free(c); | ||
| 1299 | BN_free(d); | ||
| 1300 | return ret; | ||
| 1301 | } | ||
| 1302 | |||
| 1303 | int test_gf2m_mod_inv(BIO *bp,BN_CTX *ctx) | ||
| 1304 | { | ||
| 1305 | BIGNUM *a,*b[2],*c,*d; | ||
| 1306 | int i, j, ret = 0; | ||
| 1307 | unsigned int p0[] = {163,7,6,3,0}; | ||
| 1308 | unsigned int p1[] = {193,15,0}; | ||
| 1309 | |||
| 1310 | a=BN_new(); | ||
| 1311 | b[0]=BN_new(); | ||
| 1312 | b[1]=BN_new(); | ||
| 1313 | c=BN_new(); | ||
| 1314 | d=BN_new(); | ||
| 1315 | |||
| 1316 | BN_GF2m_arr2poly(p0, b[0]); | ||
| 1317 | BN_GF2m_arr2poly(p1, b[1]); | ||
| 1318 | |||
| 1319 | for (i=0; i<num0; i++) | ||
| 1320 | { | ||
| 1321 | BN_bntest_rand(a, 512, 0, 0); | ||
| 1322 | for (j=0; j < 2; j++) | ||
| 1323 | { | ||
| 1324 | BN_GF2m_mod_inv(c, a, b[j], ctx); | ||
| 1325 | BN_GF2m_mod_mul(d, a, c, b[j], ctx); | ||
| 1326 | #if 0 /* make test uses ouput in bc but bc can't handle GF(2^m) arithmetic */ | ||
| 1327 | if (bp != NULL) | ||
| 1328 | { | ||
| 1329 | if (!results) | ||
| 1330 | { | ||
| 1331 | BN_print(bp,a); | ||
| 1332 | BIO_puts(bp, " * "); | ||
| 1333 | BN_print(bp,c); | ||
| 1334 | BIO_puts(bp," - 1 % "); | ||
| 1335 | BN_print(bp,b[j]); | ||
| 1336 | BIO_puts(bp,"\n"); | ||
| 1337 | } | ||
| 1338 | } | ||
| 1339 | #endif | ||
| 1340 | /* Test that ((1/a)*a) = 1. */ | ||
| 1341 | if(!BN_is_one(d)) | ||
| 1342 | { | ||
| 1343 | fprintf(stderr,"GF(2^m) modular inversion test failed!\n"); | ||
| 1344 | goto err; | ||
| 1345 | } | ||
| 1346 | } | ||
| 1347 | } | ||
| 1348 | ret = 1; | ||
| 1349 | err: | ||
| 1350 | BN_free(a); | ||
| 1351 | BN_free(b[0]); | ||
| 1352 | BN_free(b[1]); | ||
| 1353 | BN_free(c); | ||
| 1354 | BN_free(d); | ||
| 1355 | return ret; | ||
| 1356 | } | ||
| 1357 | |||
| 1358 | int test_gf2m_mod_div(BIO *bp,BN_CTX *ctx) | ||
| 1359 | { | ||
| 1360 | BIGNUM *a,*b[2],*c,*d,*e,*f; | ||
| 1361 | int i, j, ret = 0; | ||
| 1362 | unsigned int p0[] = {163,7,6,3,0}; | ||
| 1363 | unsigned int p1[] = {193,15,0}; | ||
| 1364 | |||
| 1365 | a=BN_new(); | ||
| 1366 | b[0]=BN_new(); | ||
| 1367 | b[1]=BN_new(); | ||
| 1368 | c=BN_new(); | ||
| 1369 | d=BN_new(); | ||
| 1370 | e=BN_new(); | ||
| 1371 | f=BN_new(); | ||
| 1372 | |||
| 1373 | BN_GF2m_arr2poly(p0, b[0]); | ||
| 1374 | BN_GF2m_arr2poly(p1, b[1]); | ||
| 1375 | |||
| 1376 | for (i=0; i<num0; i++) | ||
| 1377 | { | ||
| 1378 | BN_bntest_rand(a, 512, 0, 0); | ||
| 1379 | BN_bntest_rand(c, 512, 0, 0); | ||
| 1380 | for (j=0; j < 2; j++) | ||
| 1381 | { | ||
| 1382 | BN_GF2m_mod_div(d, a, c, b[j], ctx); | ||
| 1383 | BN_GF2m_mod_mul(e, d, c, b[j], ctx); | ||
| 1384 | BN_GF2m_mod_div(f, a, e, b[j], ctx); | ||
| 1385 | #if 0 /* make test uses ouput in bc but bc can't handle GF(2^m) arithmetic */ | ||
| 1386 | if (bp != NULL) | ||
| 1387 | { | ||
| 1388 | if (!results) | ||
| 1389 | { | ||
| 1390 | BN_print(bp,a); | ||
| 1391 | BIO_puts(bp, " = "); | ||
| 1392 | BN_print(bp,c); | ||
| 1393 | BIO_puts(bp," * "); | ||
| 1394 | BN_print(bp,d); | ||
| 1395 | BIO_puts(bp, " % "); | ||
| 1396 | BN_print(bp,b[j]); | ||
| 1397 | BIO_puts(bp,"\n"); | ||
| 1398 | } | ||
| 1399 | } | ||
| 1400 | #endif | ||
| 1401 | /* Test that ((a/c)*c)/a = 1. */ | ||
| 1402 | if(!BN_is_one(f)) | ||
| 1403 | { | ||
| 1404 | fprintf(stderr,"GF(2^m) modular division test failed!\n"); | ||
| 1405 | goto err; | ||
| 1406 | } | ||
| 1407 | } | ||
| 1408 | } | ||
| 1409 | ret = 1; | ||
| 1410 | err: | ||
| 1411 | BN_free(a); | ||
| 1412 | BN_free(b[0]); | ||
| 1413 | BN_free(b[1]); | ||
| 1414 | BN_free(c); | ||
| 1415 | BN_free(d); | ||
| 1416 | BN_free(e); | ||
| 1417 | BN_free(f); | ||
| 1418 | return ret; | ||
| 1419 | } | ||
| 1420 | |||
| 1421 | int test_gf2m_mod_exp(BIO *bp,BN_CTX *ctx) | ||
| 1422 | { | ||
| 1423 | BIGNUM *a,*b[2],*c,*d,*e,*f; | ||
| 1424 | int i, j, ret = 0; | ||
| 1425 | unsigned int p0[] = {163,7,6,3,0}; | ||
| 1426 | unsigned int p1[] = {193,15,0}; | ||
| 1427 | |||
| 1428 | a=BN_new(); | ||
| 1429 | b[0]=BN_new(); | ||
| 1430 | b[1]=BN_new(); | ||
| 1431 | c=BN_new(); | ||
| 1432 | d=BN_new(); | ||
| 1433 | e=BN_new(); | ||
| 1434 | f=BN_new(); | ||
| 1435 | |||
| 1436 | BN_GF2m_arr2poly(p0, b[0]); | ||
| 1437 | BN_GF2m_arr2poly(p1, b[1]); | ||
| 1438 | |||
| 1439 | for (i=0; i<num0; i++) | ||
| 1440 | { | ||
| 1441 | BN_bntest_rand(a, 512, 0, 0); | ||
| 1442 | BN_bntest_rand(c, 512, 0, 0); | ||
| 1443 | BN_bntest_rand(d, 512, 0, 0); | ||
| 1444 | for (j=0; j < 2; j++) | ||
| 1445 | { | ||
| 1446 | BN_GF2m_mod_exp(e, a, c, b[j], ctx); | ||
| 1447 | BN_GF2m_mod_exp(f, a, d, b[j], ctx); | ||
| 1448 | BN_GF2m_mod_mul(e, e, f, b[j], ctx); | ||
| 1449 | BN_add(f, c, d); | ||
| 1450 | BN_GF2m_mod_exp(f, a, f, b[j], ctx); | ||
| 1451 | #if 0 /* make test uses ouput in bc but bc can't handle GF(2^m) arithmetic */ | ||
| 1452 | if (bp != NULL) | ||
| 1453 | { | ||
| 1454 | if (!results) | ||
| 1455 | { | ||
| 1456 | BN_print(bp,a); | ||
| 1457 | BIO_puts(bp, " ^ ("); | ||
| 1458 | BN_print(bp,c); | ||
| 1459 | BIO_puts(bp," + "); | ||
| 1460 | BN_print(bp,d); | ||
| 1461 | BIO_puts(bp, ") = "); | ||
| 1462 | BN_print(bp,e); | ||
| 1463 | BIO_puts(bp, "; - "); | ||
| 1464 | BN_print(bp,f); | ||
| 1465 | BIO_puts(bp, " % "); | ||
| 1466 | BN_print(bp,b[j]); | ||
| 1467 | BIO_puts(bp,"\n"); | ||
| 1468 | } | ||
| 1469 | } | ||
| 1470 | #endif | ||
| 1471 | BN_GF2m_add(f, e, f); | ||
| 1472 | /* Test that a^(c+d)=a^c*a^d. */ | ||
| 1473 | if(!BN_is_zero(f)) | ||
| 1474 | { | ||
| 1475 | fprintf(stderr,"GF(2^m) modular exponentiation test failed!\n"); | ||
| 1476 | goto err; | ||
| 1477 | } | ||
| 1478 | } | ||
| 1479 | } | ||
| 1480 | ret = 1; | ||
| 1481 | err: | ||
| 1482 | BN_free(a); | ||
| 1483 | BN_free(b[0]); | ||
| 1484 | BN_free(b[1]); | ||
| 1485 | BN_free(c); | ||
| 1486 | BN_free(d); | ||
| 1487 | BN_free(e); | ||
| 1488 | BN_free(f); | ||
| 1489 | return ret; | ||
| 1490 | } | ||
| 1491 | |||
| 1492 | int test_gf2m_mod_sqrt(BIO *bp,BN_CTX *ctx) | ||
| 1493 | { | ||
| 1494 | BIGNUM *a,*b[2],*c,*d,*e,*f; | ||
| 1495 | int i, j, ret = 0; | ||
| 1496 | unsigned int p0[] = {163,7,6,3,0}; | ||
| 1497 | unsigned int p1[] = {193,15,0}; | ||
| 1498 | |||
| 1499 | a=BN_new(); | ||
| 1500 | b[0]=BN_new(); | ||
| 1501 | b[1]=BN_new(); | ||
| 1502 | c=BN_new(); | ||
| 1503 | d=BN_new(); | ||
| 1504 | e=BN_new(); | ||
| 1505 | f=BN_new(); | ||
| 1506 | |||
| 1507 | BN_GF2m_arr2poly(p0, b[0]); | ||
| 1508 | BN_GF2m_arr2poly(p1, b[1]); | ||
| 1509 | |||
| 1510 | for (i=0; i<num0; i++) | ||
| 1511 | { | ||
| 1512 | BN_bntest_rand(a, 512, 0, 0); | ||
| 1513 | for (j=0; j < 2; j++) | ||
| 1514 | { | ||
| 1515 | BN_GF2m_mod(c, a, b[j]); | ||
| 1516 | BN_GF2m_mod_sqrt(d, a, b[j], ctx); | ||
| 1517 | BN_GF2m_mod_sqr(e, d, b[j], ctx); | ||
| 1518 | #if 0 /* make test uses ouput in bc but bc can't handle GF(2^m) arithmetic */ | ||
| 1519 | if (bp != NULL) | ||
| 1520 | { | ||
| 1521 | if (!results) | ||
| 1522 | { | ||
| 1523 | BN_print(bp,d); | ||
| 1524 | BIO_puts(bp, " ^ 2 - "); | ||
| 1525 | BN_print(bp,a); | ||
| 1526 | BIO_puts(bp,"\n"); | ||
| 1527 | } | ||
| 1528 | } | ||
| 1529 | #endif | ||
| 1530 | BN_GF2m_add(f, c, e); | ||
| 1531 | /* Test that d^2 = a, where d = sqrt(a). */ | ||
| 1532 | if(!BN_is_zero(f)) | ||
| 1533 | { | ||
| 1534 | fprintf(stderr,"GF(2^m) modular square root test failed!\n"); | ||
| 1535 | goto err; | ||
| 1536 | } | ||
| 1537 | } | ||
| 1538 | } | ||
| 1539 | ret = 1; | ||
| 1540 | err: | ||
| 1541 | BN_free(a); | ||
| 1542 | BN_free(b[0]); | ||
| 1543 | BN_free(b[1]); | ||
| 1544 | BN_free(c); | ||
| 1545 | BN_free(d); | ||
| 1546 | BN_free(e); | ||
| 1547 | BN_free(f); | ||
| 1548 | return ret; | ||
| 1549 | } | ||
| 1550 | |||
| 1551 | int test_gf2m_mod_solve_quad(BIO *bp,BN_CTX *ctx) | ||
| 1552 | { | ||
| 1553 | BIGNUM *a,*b[2],*c,*d,*e; | ||
| 1554 | int i, j, s = 0, t, ret = 0; | ||
| 1555 | unsigned int p0[] = {163,7,6,3,0}; | ||
| 1556 | unsigned int p1[] = {193,15,0}; | ||
| 1557 | |||
| 1558 | a=BN_new(); | ||
| 1559 | b[0]=BN_new(); | ||
| 1560 | b[1]=BN_new(); | ||
| 1561 | c=BN_new(); | ||
| 1562 | d=BN_new(); | ||
| 1563 | e=BN_new(); | ||
| 1564 | |||
| 1565 | BN_GF2m_arr2poly(p0, b[0]); | ||
| 1566 | BN_GF2m_arr2poly(p1, b[1]); | ||
| 1567 | |||
| 1568 | for (i=0; i<num0; i++) | ||
| 1569 | { | ||
| 1570 | BN_bntest_rand(a, 512, 0, 0); | ||
| 1571 | for (j=0; j < 2; j++) | ||
| 1572 | { | ||
| 1573 | t = BN_GF2m_mod_solve_quad(c, a, b[j], ctx); | ||
| 1574 | if (t) | ||
| 1575 | { | ||
| 1576 | s++; | ||
| 1577 | BN_GF2m_mod_sqr(d, c, b[j], ctx); | ||
| 1578 | BN_GF2m_add(d, c, d); | ||
| 1579 | BN_GF2m_mod(e, a, b[j]); | ||
| 1580 | #if 0 /* make test uses ouput in bc but bc can't handle GF(2^m) arithmetic */ | ||
| 1581 | if (bp != NULL) | ||
| 1582 | { | ||
| 1583 | if (!results) | ||
| 1584 | { | ||
| 1585 | BN_print(bp,c); | ||
| 1586 | BIO_puts(bp, " is root of z^2 + z = "); | ||
| 1587 | BN_print(bp,a); | ||
| 1588 | BIO_puts(bp, " % "); | ||
| 1589 | BN_print(bp,b[j]); | ||
| 1590 | BIO_puts(bp, "\n"); | ||
| 1591 | } | ||
| 1592 | } | ||
| 1593 | #endif | ||
| 1594 | BN_GF2m_add(e, e, d); | ||
| 1595 | /* Test that solution of quadratic c satisfies c^2 + c = a. */ | ||
| 1596 | if(!BN_is_zero(e)) | ||
| 1597 | { | ||
| 1598 | fprintf(stderr,"GF(2^m) modular solve quadratic test failed!\n"); | ||
| 1599 | goto err; | ||
| 1600 | } | ||
| 1601 | |||
| 1602 | } | ||
| 1603 | else | ||
| 1604 | { | ||
| 1605 | #if 0 /* make test uses ouput in bc but bc can't handle GF(2^m) arithmetic */ | ||
| 1606 | if (bp != NULL) | ||
| 1607 | { | ||
| 1608 | if (!results) | ||
| 1609 | { | ||
| 1610 | BIO_puts(bp, "There are no roots of z^2 + z = "); | ||
| 1611 | BN_print(bp,a); | ||
| 1612 | BIO_puts(bp, " % "); | ||
| 1613 | BN_print(bp,b[j]); | ||
| 1614 | BIO_puts(bp, "\n"); | ||
| 1615 | } | ||
| 1616 | } | ||
| 1617 | #endif | ||
| 1618 | } | ||
| 1619 | } | ||
| 1620 | } | ||
| 1621 | if (s == 0) | ||
| 1622 | { | ||
| 1623 | fprintf(stderr,"All %i tests of GF(2^m) modular solve quadratic resulted in no roots;\n", num0); | ||
| 1624 | fprintf(stderr,"this is very unlikely and probably indicates an error.\n"); | ||
| 1625 | goto err; | ||
| 1626 | } | ||
| 1627 | ret = 1; | ||
| 1628 | err: | ||
| 1629 | BN_free(a); | ||
| 1630 | BN_free(b[0]); | ||
| 1631 | BN_free(b[1]); | ||
| 1632 | BN_free(c); | ||
| 1633 | BN_free(d); | ||
| 1634 | BN_free(e); | ||
| 1635 | return ret; | ||
| 1636 | } | ||
| 1637 | |||
| 1638 | static int genprime_cb(int p, int n, BN_GENCB *arg) | ||
| 923 | { | 1639 | { |
| 924 | char c='*'; | 1640 | char c='*'; |
| 925 | 1641 | ||
| @@ -929,12 +1645,12 @@ static void genprime_cb(int p, int n, void *arg) | |||
| 929 | if (p == 3) c='\n'; | 1645 | if (p == 3) c='\n'; |
| 930 | putc(c, stderr); | 1646 | putc(c, stderr); |
| 931 | fflush(stderr); | 1647 | fflush(stderr); |
| 932 | (void)n; | 1648 | return 1; |
| 933 | (void)arg; | ||
| 934 | } | 1649 | } |
| 935 | 1650 | ||
| 936 | int test_kron(BIO *bp, BN_CTX *ctx) | 1651 | int test_kron(BIO *bp, BN_CTX *ctx) |
| 937 | { | 1652 | { |
| 1653 | BN_GENCB cb; | ||
| 938 | BIGNUM *a,*b,*r,*t; | 1654 | BIGNUM *a,*b,*r,*t; |
| 939 | int i; | 1655 | int i; |
| 940 | int legendre, kronecker; | 1656 | int legendre, kronecker; |
| @@ -945,6 +1661,8 @@ int test_kron(BIO *bp, BN_CTX *ctx) | |||
| 945 | r = BN_new(); | 1661 | r = BN_new(); |
| 946 | t = BN_new(); | 1662 | t = BN_new(); |
| 947 | if (a == NULL || b == NULL || r == NULL || t == NULL) goto err; | 1663 | if (a == NULL || b == NULL || r == NULL || t == NULL) goto err; |
| 1664 | |||
| 1665 | BN_GENCB_set(&cb, genprime_cb, NULL); | ||
| 948 | 1666 | ||
| 949 | /* We test BN_kronecker(a, b, ctx) just for b odd (Jacobi symbol). | 1667 | /* We test BN_kronecker(a, b, ctx) just for b odd (Jacobi symbol). |
| 950 | * In this case we know that if b is prime, then BN_kronecker(a, b, ctx) | 1668 | * In this case we know that if b is prime, then BN_kronecker(a, b, ctx) |
| @@ -955,7 +1673,7 @@ int test_kron(BIO *bp, BN_CTX *ctx) | |||
| 955 | * don't want to test whether b is prime but whether BN_kronecker | 1673 | * don't want to test whether b is prime but whether BN_kronecker |
| 956 | * works.) */ | 1674 | * works.) */ |
| 957 | 1675 | ||
| 958 | if (!BN_generate_prime(b, 512, 0, NULL, NULL, genprime_cb, NULL)) goto err; | 1676 | if (!BN_generate_prime_ex(b, 512, 0, NULL, NULL, &cb)) goto err; |
| 959 | b->neg = rand_neg(); | 1677 | b->neg = rand_neg(); |
| 960 | putc('\n', stderr); | 1678 | putc('\n', stderr); |
| 961 | 1679 | ||
| @@ -1023,6 +1741,7 @@ int test_kron(BIO *bp, BN_CTX *ctx) | |||
| 1023 | 1741 | ||
| 1024 | int test_sqrt(BIO *bp, BN_CTX *ctx) | 1742 | int test_sqrt(BIO *bp, BN_CTX *ctx) |
| 1025 | { | 1743 | { |
| 1744 | BN_GENCB cb; | ||
| 1026 | BIGNUM *a,*p,*r; | 1745 | BIGNUM *a,*p,*r; |
| 1027 | int i, j; | 1746 | int i, j; |
| 1028 | int ret = 0; | 1747 | int ret = 0; |
| @@ -1031,7 +1750,9 @@ int test_sqrt(BIO *bp, BN_CTX *ctx) | |||
| 1031 | p = BN_new(); | 1750 | p = BN_new(); |
| 1032 | r = BN_new(); | 1751 | r = BN_new(); |
| 1033 | if (a == NULL || p == NULL || r == NULL) goto err; | 1752 | if (a == NULL || p == NULL || r == NULL) goto err; |
| 1034 | 1753 | ||
| 1754 | BN_GENCB_set(&cb, genprime_cb, NULL); | ||
| 1755 | |||
| 1035 | for (i = 0; i < 16; i++) | 1756 | for (i = 0; i < 16; i++) |
| 1036 | { | 1757 | { |
| 1037 | if (i < 8) | 1758 | if (i < 8) |
| @@ -1045,7 +1766,7 @@ int test_sqrt(BIO *bp, BN_CTX *ctx) | |||
| 1045 | if (!BN_set_word(a, 32)) goto err; | 1766 | if (!BN_set_word(a, 32)) goto err; |
| 1046 | if (!BN_set_word(r, 2*i + 1)) goto err; | 1767 | if (!BN_set_word(r, 2*i + 1)) goto err; |
| 1047 | 1768 | ||
| 1048 | if (!BN_generate_prime(p, 256, 0, a, r, genprime_cb, NULL)) goto err; | 1769 | if (!BN_generate_prime_ex(p, 256, 0, a, r, &cb)) goto err; |
| 1049 | putc('\n', stderr); | 1770 | putc('\n', stderr); |
| 1050 | } | 1771 | } |
| 1051 | p->neg = rand_neg(); | 1772 | p->neg = rand_neg(); |
diff --git a/src/lib/libssl/src/crypto/bn/exptest.c b/src/lib/libssl/src/crypto/bn/exptest.c index 28aaac2ac1..f598a07cf5 100644 --- a/src/lib/libssl/src/crypto/bn/exptest.c +++ b/src/lib/libssl/src/crypto/bn/exptest.c | |||
| @@ -195,6 +195,9 @@ int main(int argc, char *argv[]) | |||
| 195 | err: | 195 | err: |
| 196 | ERR_load_crypto_strings(); | 196 | ERR_load_crypto_strings(); |
| 197 | ERR_print_errors(out); | 197 | ERR_print_errors(out); |
| 198 | #ifdef OPENSSL_SYS_NETWARE | ||
| 199 | printf("ERROR\n"); | ||
| 200 | #endif | ||
| 198 | EXIT(1); | 201 | EXIT(1); |
| 199 | return(1); | 202 | return(1); |
| 200 | } | 203 | } |
diff --git a/src/lib/libssl/src/crypto/buffer/buf_err.c b/src/lib/libssl/src/crypto/buffer/buf_err.c index 1fc32a6861..3e25bbe879 100644 --- a/src/lib/libssl/src/crypto/buffer/buf_err.c +++ b/src/lib/libssl/src/crypto/buffer/buf_err.c | |||
| @@ -70,9 +70,12 @@ | |||
| 70 | 70 | ||
| 71 | static ERR_STRING_DATA BUF_str_functs[]= | 71 | static ERR_STRING_DATA BUF_str_functs[]= |
| 72 | { | 72 | { |
| 73 | {ERR_FUNC(BUF_F_BUF_MEMDUP), "BUF_memdup"}, | ||
| 73 | {ERR_FUNC(BUF_F_BUF_MEM_GROW), "BUF_MEM_grow"}, | 74 | {ERR_FUNC(BUF_F_BUF_MEM_GROW), "BUF_MEM_grow"}, |
| 75 | {ERR_FUNC(BUF_F_BUF_MEM_GROW_CLEAN), "BUF_MEM_grow_clean"}, | ||
| 74 | {ERR_FUNC(BUF_F_BUF_MEM_NEW), "BUF_MEM_new"}, | 76 | {ERR_FUNC(BUF_F_BUF_MEM_NEW), "BUF_MEM_new"}, |
| 75 | {ERR_FUNC(BUF_F_BUF_STRDUP), "BUF_strdup"}, | 77 | {ERR_FUNC(BUF_F_BUF_STRDUP), "BUF_strdup"}, |
| 78 | {ERR_FUNC(BUF_F_BUF_STRNDUP), "BUF_strndup"}, | ||
| 76 | {0,NULL} | 79 | {0,NULL} |
| 77 | }; | 80 | }; |
| 78 | 81 | ||
| @@ -85,15 +88,12 @@ static ERR_STRING_DATA BUF_str_reasons[]= | |||
| 85 | 88 | ||
| 86 | void ERR_load_BUF_strings(void) | 89 | void ERR_load_BUF_strings(void) |
| 87 | { | 90 | { |
| 88 | static int init=1; | 91 | #ifndef OPENSSL_NO_ERR |
| 89 | 92 | ||
| 90 | if (init) | 93 | if (ERR_func_error_string(BUF_str_functs[0].error) == NULL) |
| 91 | { | 94 | { |
| 92 | init=0; | ||
| 93 | #ifndef OPENSSL_NO_ERR | ||
| 94 | ERR_load_strings(0,BUF_str_functs); | 95 | ERR_load_strings(0,BUF_str_functs); |
| 95 | ERR_load_strings(0,BUF_str_reasons); | 96 | ERR_load_strings(0,BUF_str_reasons); |
| 96 | #endif | ||
| 97 | |||
| 98 | } | 97 | } |
| 98 | #endif | ||
| 99 | } | 99 | } |
diff --git a/src/lib/libssl/src/crypto/buffer/buffer.c b/src/lib/libssl/src/crypto/buffer/buffer.c index d96487e7db..3bf03c7eff 100644 --- a/src/lib/libssl/src/crypto/buffer/buffer.c +++ b/src/lib/libssl/src/crypto/buffer/buffer.c | |||
| @@ -149,7 +149,7 @@ int BUF_MEM_grow_clean(BUF_MEM *str, int len) | |||
| 149 | ret=OPENSSL_realloc_clean(str->data,str->max,n); | 149 | ret=OPENSSL_realloc_clean(str->data,str->max,n); |
| 150 | if (ret == NULL) | 150 | if (ret == NULL) |
| 151 | { | 151 | { |
| 152 | BUFerr(BUF_F_BUF_MEM_GROW,ERR_R_MALLOC_FAILURE); | 152 | BUFerr(BUF_F_BUF_MEM_GROW_CLEAN,ERR_R_MALLOC_FAILURE); |
| 153 | len=0; | 153 | len=0; |
| 154 | } | 154 | } |
| 155 | else | 155 | else |
| @@ -164,22 +164,41 @@ int BUF_MEM_grow_clean(BUF_MEM *str, int len) | |||
| 164 | 164 | ||
| 165 | char *BUF_strdup(const char *str) | 165 | char *BUF_strdup(const char *str) |
| 166 | { | 166 | { |
| 167 | if (str == NULL) return(NULL); | ||
| 168 | return BUF_strndup(str, strlen(str)); | ||
| 169 | } | ||
| 170 | |||
| 171 | char *BUF_strndup(const char *str, size_t siz) | ||
| 172 | { | ||
| 167 | char *ret; | 173 | char *ret; |
| 168 | int n; | ||
| 169 | 174 | ||
| 170 | if (str == NULL) return(NULL); | 175 | if (str == NULL) return(NULL); |
| 171 | 176 | ||
| 172 | n=strlen(str); | 177 | ret=OPENSSL_malloc(siz+1); |
| 173 | ret=OPENSSL_malloc(n+1); | ||
| 174 | if (ret == NULL) | 178 | if (ret == NULL) |
| 175 | { | 179 | { |
| 176 | BUFerr(BUF_F_BUF_STRDUP,ERR_R_MALLOC_FAILURE); | 180 | BUFerr(BUF_F_BUF_STRNDUP,ERR_R_MALLOC_FAILURE); |
| 177 | return(NULL); | 181 | return(NULL); |
| 178 | } | 182 | } |
| 179 | memcpy(ret,str,n+1); | 183 | BUF_strlcpy(ret,str,siz+1); |
| 180 | return(ret); | 184 | return(ret); |
| 181 | } | 185 | } |
| 182 | 186 | ||
| 187 | void *BUF_memdup(const void *data, size_t siz) | ||
| 188 | { | ||
| 189 | void *ret; | ||
| 190 | |||
| 191 | if (data == NULL) return(NULL); | ||
| 192 | |||
| 193 | ret=OPENSSL_malloc(siz); | ||
| 194 | if (ret == NULL) | ||
| 195 | { | ||
| 196 | BUFerr(BUF_F_BUF_MEMDUP,ERR_R_MALLOC_FAILURE); | ||
| 197 | return(NULL); | ||
| 198 | } | ||
| 199 | return memcpy(ret, data, siz); | ||
| 200 | } | ||
| 201 | |||
| 183 | size_t BUF_strlcpy(char *dst, const char *src, size_t size) | 202 | size_t BUF_strlcpy(char *dst, const char *src, size_t size) |
| 184 | { | 203 | { |
| 185 | size_t l = 0; | 204 | size_t l = 0; |
diff --git a/src/lib/libssl/src/crypto/buffer/buffer.h b/src/lib/libssl/src/crypto/buffer/buffer.h index 465dc34f3f..1db9607450 100644 --- a/src/lib/libssl/src/crypto/buffer/buffer.h +++ b/src/lib/libssl/src/crypto/buffer/buffer.h | |||
| @@ -59,25 +59,35 @@ | |||
| 59 | #ifndef HEADER_BUFFER_H | 59 | #ifndef HEADER_BUFFER_H |
| 60 | #define HEADER_BUFFER_H | 60 | #define HEADER_BUFFER_H |
| 61 | 61 | ||
| 62 | #include <openssl/ossl_typ.h> | ||
| 63 | |||
| 62 | #ifdef __cplusplus | 64 | #ifdef __cplusplus |
| 63 | extern "C" { | 65 | extern "C" { |
| 64 | #endif | 66 | #endif |
| 65 | 67 | ||
| 66 | #include <stddef.h> | 68 | #include <stddef.h> |
| 69 | |||
| 70 | #if !defined(NO_SYS_TYPES_H) | ||
| 67 | #include <sys/types.h> | 71 | #include <sys/types.h> |
| 72 | #endif | ||
| 73 | |||
| 74 | /* Already declared in ossl_typ.h */ | ||
| 75 | /* typedef struct buf_mem_st BUF_MEM; */ | ||
| 68 | 76 | ||
| 69 | typedef struct buf_mem_st | 77 | struct buf_mem_st |
| 70 | { | 78 | { |
| 71 | int length; /* current number of bytes */ | 79 | int length; /* current number of bytes */ |
| 72 | char *data; | 80 | char *data; |
| 73 | int max; /* size of buffer */ | 81 | int max; /* size of buffer */ |
| 74 | } BUF_MEM; | 82 | }; |
| 75 | 83 | ||
| 76 | BUF_MEM *BUF_MEM_new(void); | 84 | BUF_MEM *BUF_MEM_new(void); |
| 77 | void BUF_MEM_free(BUF_MEM *a); | 85 | void BUF_MEM_free(BUF_MEM *a); |
| 78 | int BUF_MEM_grow(BUF_MEM *str, int len); | 86 | int BUF_MEM_grow(BUF_MEM *str, int len); |
| 79 | int BUF_MEM_grow_clean(BUF_MEM *str, int len); | 87 | int BUF_MEM_grow_clean(BUF_MEM *str, int len); |
| 80 | char * BUF_strdup(const char *str); | 88 | char * BUF_strdup(const char *str); |
| 89 | char * BUF_strndup(const char *str, size_t siz); | ||
| 90 | void * BUF_memdup(const void *data, size_t siz); | ||
| 81 | 91 | ||
| 82 | /* safe string functions */ | 92 | /* safe string functions */ |
| 83 | size_t BUF_strlcpy(char *dst,const char *src,size_t siz); | 93 | size_t BUF_strlcpy(char *dst,const char *src,size_t siz); |
| @@ -93,9 +103,12 @@ void ERR_load_BUF_strings(void); | |||
| 93 | /* Error codes for the BUF functions. */ | 103 | /* Error codes for the BUF functions. */ |
| 94 | 104 | ||
| 95 | /* Function codes. */ | 105 | /* Function codes. */ |
| 106 | #define BUF_F_BUF_MEMDUP 103 | ||
| 96 | #define BUF_F_BUF_MEM_GROW 100 | 107 | #define BUF_F_BUF_MEM_GROW 100 |
| 108 | #define BUF_F_BUF_MEM_GROW_CLEAN 105 | ||
| 97 | #define BUF_F_BUF_MEM_NEW 101 | 109 | #define BUF_F_BUF_MEM_NEW 101 |
| 98 | #define BUF_F_BUF_STRDUP 102 | 110 | #define BUF_F_BUF_STRDUP 102 |
| 111 | #define BUF_F_BUF_STRNDUP 104 | ||
| 99 | 112 | ||
| 100 | /* Reason codes. */ | 113 | /* Reason codes. */ |
| 101 | 114 | ||
diff --git a/src/lib/libssl/src/crypto/cast/c_ecb.c b/src/lib/libssl/src/crypto/cast/c_ecb.c index 0b3da9ad87..f2dc606226 100644 --- a/src/lib/libssl/src/crypto/cast/c_ecb.c +++ b/src/lib/libssl/src/crypto/cast/c_ecb.c | |||
| @@ -60,7 +60,7 @@ | |||
| 60 | #include "cast_lcl.h" | 60 | #include "cast_lcl.h" |
| 61 | #include <openssl/opensslv.h> | 61 | #include <openssl/opensslv.h> |
| 62 | 62 | ||
| 63 | const char *CAST_version="CAST" OPENSSL_VERSION_PTEXT; | 63 | const char CAST_version[]="CAST" OPENSSL_VERSION_PTEXT; |
| 64 | 64 | ||
| 65 | void CAST_ecb_encrypt(const unsigned char *in, unsigned char *out, | 65 | void CAST_ecb_encrypt(const unsigned char *in, unsigned char *out, |
| 66 | CAST_KEY *ks, int enc) | 66 | CAST_KEY *ks, int enc) |
diff --git a/src/lib/libssl/src/crypto/cast/c_skey.c b/src/lib/libssl/src/crypto/cast/c_skey.c index db9b7573e0..76e40005c9 100644 --- a/src/lib/libssl/src/crypto/cast/c_skey.c +++ b/src/lib/libssl/src/crypto/cast/c_skey.c | |||
| @@ -56,10 +56,7 @@ | |||
| 56 | * [including the GNU Public Licence.] | 56 | * [including the GNU Public Licence.] |
| 57 | */ | 57 | */ |
| 58 | 58 | ||
| 59 | #include <openssl/crypto.h> | ||
| 60 | #include <openssl/fips.h> | ||
| 61 | #include <openssl/cast.h> | 59 | #include <openssl/cast.h> |
| 62 | |||
| 63 | #include "cast_lcl.h" | 60 | #include "cast_lcl.h" |
| 64 | #include "cast_s.h" | 61 | #include "cast_s.h" |
| 65 | 62 | ||
| @@ -75,7 +72,7 @@ | |||
| 75 | #define S6 CAST_S_table6 | 72 | #define S6 CAST_S_table6 |
| 76 | #define S7 CAST_S_table7 | 73 | #define S7 CAST_S_table7 |
| 77 | 74 | ||
| 78 | FIPS_NON_FIPS_VCIPHER_Init(CAST) | 75 | void CAST_set_key(CAST_KEY *key, int len, const unsigned char *data) |
| 79 | { | 76 | { |
| 80 | CAST_LONG x[16]; | 77 | CAST_LONG x[16]; |
| 81 | CAST_LONG z[16]; | 78 | CAST_LONG z[16]; |
diff --git a/src/lib/libssl/src/crypto/cast/cast.h b/src/lib/libssl/src/crypto/cast/cast.h index 9e300178d9..90b45b950a 100644 --- a/src/lib/libssl/src/crypto/cast/cast.h +++ b/src/lib/libssl/src/crypto/cast/cast.h | |||
| @@ -63,6 +63,8 @@ | |||
| 63 | extern "C" { | 63 | extern "C" { |
| 64 | #endif | 64 | #endif |
| 65 | 65 | ||
| 66 | #include <openssl/opensslconf.h> | ||
| 67 | |||
| 66 | #ifdef OPENSSL_NO_CAST | 68 | #ifdef OPENSSL_NO_CAST |
| 67 | #error CAST is disabled. | 69 | #error CAST is disabled. |
| 68 | #endif | 70 | #endif |
| @@ -81,10 +83,7 @@ typedef struct cast_key_st | |||
| 81 | int short_key; /* Use reduced rounds for short key */ | 83 | int short_key; /* Use reduced rounds for short key */ |
| 82 | } CAST_KEY; | 84 | } CAST_KEY; |
| 83 | 85 | ||
| 84 | 86 | ||
| 85 | #ifdef OPENSSL_FIPS | ||
| 86 | void private_CAST_set_key(CAST_KEY *key, int len, const unsigned char *data); | ||
| 87 | #endif | ||
| 88 | void CAST_set_key(CAST_KEY *key, int len, const unsigned char *data); | 87 | void CAST_set_key(CAST_KEY *key, int len, const unsigned char *data); |
| 89 | void CAST_ecb_encrypt(const unsigned char *in,unsigned char *out,CAST_KEY *key, | 88 | void CAST_ecb_encrypt(const unsigned char *in,unsigned char *out,CAST_KEY *key, |
| 90 | int enc); | 89 | int enc); |
diff --git a/src/lib/libssl/src/crypto/cast/cast_spd.c b/src/lib/libssl/src/crypto/cast/cast_spd.c index 76abf50d98..d650af475c 100644 --- a/src/lib/libssl/src/crypto/cast/cast_spd.c +++ b/src/lib/libssl/src/crypto/cast/cast_spd.c | |||
| @@ -69,7 +69,10 @@ | |||
| 69 | #include OPENSSL_UNISTD_IO | 69 | #include OPENSSL_UNISTD_IO |
| 70 | OPENSSL_DECLARE_EXIT | 70 | OPENSSL_DECLARE_EXIT |
| 71 | 71 | ||
| 72 | #ifndef OPENSSL_SYS_NETWARE | ||
| 72 | #include <signal.h> | 73 | #include <signal.h> |
| 74 | #endif | ||
| 75 | |||
| 73 | #ifndef _IRIX | 76 | #ifndef _IRIX |
| 74 | #include <time.h> | 77 | #include <time.h> |
| 75 | #endif | 78 | #endif |
diff --git a/src/lib/libssl/src/crypto/cast/castopts.c b/src/lib/libssl/src/crypto/cast/castopts.c index 1b858d153b..33b2c7b06f 100644 --- a/src/lib/libssl/src/crypto/cast/castopts.c +++ b/src/lib/libssl/src/crypto/cast/castopts.c | |||
| @@ -69,7 +69,10 @@ | |||
| 69 | #include OPENSSL_UNISTD_IO | 69 | #include OPENSSL_UNISTD_IO |
| 70 | OPENSSL_DECLARE_EXIT | 70 | OPENSSL_DECLARE_EXIT |
| 71 | 71 | ||
| 72 | #ifndef OPENSSL_SYS_NETWARE | ||
| 72 | #include <signal.h> | 73 | #include <signal.h> |
| 74 | #endif | ||
| 75 | |||
| 73 | #ifndef _IRIX | 76 | #ifndef _IRIX |
| 74 | #include <time.h> | 77 | #include <time.h> |
| 75 | #endif | 78 | #endif |
diff --git a/src/lib/libssl/src/crypto/cast/casttest.c b/src/lib/libssl/src/crypto/cast/casttest.c index 83e5a16c73..0d020d6975 100644 --- a/src/lib/libssl/src/crypto/cast/casttest.c +++ b/src/lib/libssl/src/crypto/cast/casttest.c | |||
| @@ -59,6 +59,7 @@ | |||
| 59 | #include <stdio.h> | 59 | #include <stdio.h> |
| 60 | #include <string.h> | 60 | #include <string.h> |
| 61 | #include <stdlib.h> | 61 | #include <stdlib.h> |
| 62 | #include <openssl/opensslconf.h> /* To see if OPENSSL_NO_CAST is defined */ | ||
| 62 | 63 | ||
| 63 | #include "../e_os.h" | 64 | #include "../e_os.h" |
| 64 | 65 | ||
diff --git a/src/lib/libssl/src/crypto/comp/c_zlib.c b/src/lib/libssl/src/crypto/comp/c_zlib.c index 5fcb521ffb..0f34597e70 100644 --- a/src/lib/libssl/src/crypto/comp/c_zlib.c +++ b/src/lib/libssl/src/crypto/comp/c_zlib.c | |||
| @@ -24,6 +24,32 @@ static COMP_METHOD zlib_method_nozlib={ | |||
| 24 | 24 | ||
| 25 | #include <zlib.h> | 25 | #include <zlib.h> |
| 26 | 26 | ||
| 27 | static int zlib_stateful_init(COMP_CTX *ctx); | ||
| 28 | static void zlib_stateful_finish(COMP_CTX *ctx); | ||
| 29 | static int zlib_stateful_compress_block(COMP_CTX *ctx, unsigned char *out, | ||
| 30 | unsigned int olen, unsigned char *in, unsigned int ilen); | ||
| 31 | static int zlib_stateful_expand_block(COMP_CTX *ctx, unsigned char *out, | ||
| 32 | unsigned int olen, unsigned char *in, unsigned int ilen); | ||
| 33 | |||
| 34 | |||
| 35 | /* memory allocations functions for zlib intialization */ | ||
| 36 | static void* zlib_zalloc(void* opaque, unsigned int no, unsigned int size) | ||
| 37 | { | ||
| 38 | void *p; | ||
| 39 | |||
| 40 | p=OPENSSL_malloc(no*size); | ||
| 41 | if (p) | ||
| 42 | memset(p, 0, no*size); | ||
| 43 | return p; | ||
| 44 | } | ||
| 45 | |||
| 46 | |||
| 47 | static void zlib_zfree(void* opaque, void* address) | ||
| 48 | { | ||
| 49 | OPENSSL_free(address); | ||
| 50 | } | ||
| 51 | |||
| 52 | #if 0 | ||
| 27 | static int zlib_compress_block(COMP_CTX *ctx, unsigned char *out, | 53 | static int zlib_compress_block(COMP_CTX *ctx, unsigned char *out, |
| 28 | unsigned int olen, unsigned char *in, unsigned int ilen); | 54 | unsigned int olen, unsigned char *in, unsigned int ilen); |
| 29 | static int zlib_expand_block(COMP_CTX *ctx, unsigned char *out, | 55 | static int zlib_expand_block(COMP_CTX *ctx, unsigned char *out, |
| @@ -32,7 +58,7 @@ static int zlib_expand_block(COMP_CTX *ctx, unsigned char *out, | |||
| 32 | static int zz_uncompress(Bytef *dest, uLongf *destLen, const Bytef *source, | 58 | static int zz_uncompress(Bytef *dest, uLongf *destLen, const Bytef *source, |
| 33 | uLong sourceLen); | 59 | uLong sourceLen); |
| 34 | 60 | ||
| 35 | static COMP_METHOD zlib_method={ | 61 | static COMP_METHOD zlib_stateless_method={ |
| 36 | NID_zlib_compression, | 62 | NID_zlib_compression, |
| 37 | LN_zlib_compression, | 63 | LN_zlib_compression, |
| 38 | NULL, | 64 | NULL, |
| @@ -42,12 +68,24 @@ static COMP_METHOD zlib_method={ | |||
| 42 | NULL, | 68 | NULL, |
| 43 | NULL, | 69 | NULL, |
| 44 | }; | 70 | }; |
| 71 | #endif | ||
| 72 | |||
| 73 | static COMP_METHOD zlib_stateful_method={ | ||
| 74 | NID_zlib_compression, | ||
| 75 | LN_zlib_compression, | ||
| 76 | zlib_stateful_init, | ||
| 77 | zlib_stateful_finish, | ||
| 78 | zlib_stateful_compress_block, | ||
| 79 | zlib_stateful_expand_block, | ||
| 80 | NULL, | ||
| 81 | NULL, | ||
| 82 | }; | ||
| 45 | 83 | ||
| 46 | /* | 84 | /* |
| 47 | * When OpenSSL is built on Windows, we do not want to require that | 85 | * When OpenSSL is built on Windows, we do not want to require that |
| 48 | * the ZLIB.DLL be available in order for the OpenSSL DLLs to | 86 | * the ZLIB.DLL be available in order for the OpenSSL DLLs to |
| 49 | * work. Therefore, all ZLIB routines are loaded at run time | 87 | * work. Therefore, all ZLIB routines are loaded at run time |
| 50 | * and we do not link to a .LIB file. | 88 | * and we do not link to a .LIB file when ZLIB_SHARED is set. |
| 51 | */ | 89 | */ |
| 52 | #if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) | 90 | #if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) |
| 53 | # include <windows.h> | 91 | # include <windows.h> |
| @@ -63,10 +101,19 @@ typedef int (*inflateEnd_ft)(z_streamp strm); | |||
| 63 | typedef int (*inflate_ft)(z_streamp strm, int flush); | 101 | typedef int (*inflate_ft)(z_streamp strm, int flush); |
| 64 | typedef int (*inflateInit__ft)(z_streamp strm, | 102 | typedef int (*inflateInit__ft)(z_streamp strm, |
| 65 | const char * version, int stream_size); | 103 | const char * version, int stream_size); |
| 104 | typedef int (*deflateEnd_ft)(z_streamp strm); | ||
| 105 | typedef int (*deflate_ft)(z_streamp strm, int flush); | ||
| 106 | typedef int (*deflateInit__ft)(z_streamp strm, int level, | ||
| 107 | const char * version, int stream_size); | ||
| 108 | typedef const char * (*zError__ft)(int err); | ||
| 66 | static compress_ft p_compress=NULL; | 109 | static compress_ft p_compress=NULL; |
| 67 | static inflateEnd_ft p_inflateEnd=NULL; | 110 | static inflateEnd_ft p_inflateEnd=NULL; |
| 68 | static inflate_ft p_inflate=NULL; | 111 | static inflate_ft p_inflate=NULL; |
| 69 | static inflateInit__ft p_inflateInit_=NULL; | 112 | static inflateInit__ft p_inflateInit_=NULL; |
| 113 | static deflateEnd_ft p_deflateEnd=NULL; | ||
| 114 | static deflate_ft p_deflate=NULL; | ||
| 115 | static deflateInit__ft p_deflateInit_=NULL; | ||
| 116 | static zError__ft p_zError=NULL; | ||
| 70 | 117 | ||
| 71 | static int zlib_loaded = 0; /* only attempt to init func pts once */ | 118 | static int zlib_loaded = 0; /* only attempt to init func pts once */ |
| 72 | static DSO *zlib_dso = NULL; | 119 | static DSO *zlib_dso = NULL; |
| @@ -75,10 +122,133 @@ static DSO *zlib_dso = NULL; | |||
| 75 | #define inflateEnd p_inflateEnd | 122 | #define inflateEnd p_inflateEnd |
| 76 | #define inflate p_inflate | 123 | #define inflate p_inflate |
| 77 | #define inflateInit_ p_inflateInit_ | 124 | #define inflateInit_ p_inflateInit_ |
| 125 | #define deflateEnd p_deflateEnd | ||
| 126 | #define deflate p_deflate | ||
| 127 | #define deflateInit_ p_deflateInit_ | ||
| 128 | #define zError p_zError | ||
| 78 | #endif /* ZLIB_SHARED */ | 129 | #endif /* ZLIB_SHARED */ |
| 79 | 130 | ||
| 131 | struct zlib_state | ||
| 132 | { | ||
| 133 | z_stream istream; | ||
| 134 | z_stream ostream; | ||
| 135 | }; | ||
| 136 | |||
| 137 | static int zlib_stateful_ex_idx = -1; | ||
| 138 | |||
| 139 | static void zlib_stateful_free_ex_data(void *obj, void *item, | ||
| 140 | CRYPTO_EX_DATA *ad, int ind,long argl, void *argp) | ||
| 141 | { | ||
| 142 | struct zlib_state *state = (struct zlib_state *)item; | ||
| 143 | inflateEnd(&state->istream); | ||
| 144 | deflateEnd(&state->ostream); | ||
| 145 | OPENSSL_free(state); | ||
| 146 | } | ||
| 147 | |||
| 148 | static int zlib_stateful_init(COMP_CTX *ctx) | ||
| 149 | { | ||
| 150 | int err; | ||
| 151 | struct zlib_state *state = | ||
| 152 | (struct zlib_state *)OPENSSL_malloc(sizeof(struct zlib_state)); | ||
| 153 | |||
| 154 | if (state == NULL) | ||
| 155 | goto err; | ||
| 156 | |||
| 157 | state->istream.zalloc = zlib_zalloc; | ||
| 158 | state->istream.zfree = zlib_zfree; | ||
| 159 | state->istream.opaque = Z_NULL; | ||
| 160 | state->istream.next_in = Z_NULL; | ||
| 161 | state->istream.next_out = Z_NULL; | ||
| 162 | state->istream.avail_in = 0; | ||
| 163 | state->istream.avail_out = 0; | ||
| 164 | err = inflateInit_(&state->istream, | ||
| 165 | ZLIB_VERSION, sizeof(z_stream)); | ||
| 166 | if (err != Z_OK) | ||
| 167 | goto err; | ||
| 168 | |||
| 169 | state->ostream.zalloc = zlib_zalloc; | ||
| 170 | state->ostream.zfree = zlib_zfree; | ||
| 171 | state->ostream.opaque = Z_NULL; | ||
| 172 | state->ostream.next_in = Z_NULL; | ||
| 173 | state->ostream.next_out = Z_NULL; | ||
| 174 | state->ostream.avail_in = 0; | ||
| 175 | state->ostream.avail_out = 0; | ||
| 176 | err = deflateInit_(&state->ostream,Z_DEFAULT_COMPRESSION, | ||
| 177 | ZLIB_VERSION, sizeof(z_stream)); | ||
| 178 | if (err != Z_OK) | ||
| 179 | goto err; | ||
| 180 | |||
| 181 | CRYPTO_new_ex_data(CRYPTO_EX_INDEX_COMP,ctx,&ctx->ex_data); | ||
| 182 | CRYPTO_set_ex_data(&ctx->ex_data,zlib_stateful_ex_idx,state); | ||
| 183 | return 1; | ||
| 184 | err: | ||
| 185 | if (state) OPENSSL_free(state); | ||
| 186 | return 0; | ||
| 187 | } | ||
| 188 | |||
| 189 | static void zlib_stateful_finish(COMP_CTX *ctx) | ||
| 190 | { | ||
| 191 | CRYPTO_free_ex_data(CRYPTO_EX_INDEX_COMP,ctx,&ctx->ex_data); | ||
| 192 | } | ||
| 193 | |||
| 194 | static int zlib_stateful_compress_block(COMP_CTX *ctx, unsigned char *out, | ||
| 195 | unsigned int olen, unsigned char *in, unsigned int ilen) | ||
| 196 | { | ||
| 197 | int err = Z_OK; | ||
| 198 | struct zlib_state *state = | ||
| 199 | (struct zlib_state *)CRYPTO_get_ex_data(&ctx->ex_data, | ||
| 200 | zlib_stateful_ex_idx); | ||
| 201 | |||
| 202 | if (state == NULL) | ||
| 203 | return -1; | ||
| 204 | |||
| 205 | state->ostream.next_in = in; | ||
| 206 | state->ostream.avail_in = ilen; | ||
| 207 | state->ostream.next_out = out; | ||
| 208 | state->ostream.avail_out = olen; | ||
| 209 | if (ilen > 0) | ||
| 210 | err = deflate(&state->ostream, Z_SYNC_FLUSH); | ||
| 211 | if (err != Z_OK) | ||
| 212 | return -1; | ||
| 213 | #ifdef DEBUG_ZLIB | ||
| 214 | fprintf(stderr,"compress(%4d)->%4d %s\n", | ||
| 215 | ilen,olen - state->ostream.avail_out, | ||
| 216 | (ilen != olen - state->ostream.avail_out)?"zlib":"clear"); | ||
| 217 | #endif | ||
| 218 | return olen - state->ostream.avail_out; | ||
| 219 | } | ||
| 220 | |||
| 221 | static int zlib_stateful_expand_block(COMP_CTX *ctx, unsigned char *out, | ||
| 222 | unsigned int olen, unsigned char *in, unsigned int ilen) | ||
| 223 | { | ||
| 224 | int err = Z_OK; | ||
| 225 | |||
| 226 | struct zlib_state *state = | ||
| 227 | (struct zlib_state *)CRYPTO_get_ex_data(&ctx->ex_data, | ||
| 228 | zlib_stateful_ex_idx); | ||
| 229 | |||
| 230 | if (state == NULL) | ||
| 231 | return 0; | ||
| 232 | |||
| 233 | state->istream.next_in = in; | ||
| 234 | state->istream.avail_in = ilen; | ||
| 235 | state->istream.next_out = out; | ||
| 236 | state->istream.avail_out = olen; | ||
| 237 | if (ilen > 0) | ||
| 238 | err = inflate(&state->istream, Z_SYNC_FLUSH); | ||
| 239 | if (err != Z_OK) | ||
| 240 | return -1; | ||
| 241 | #ifdef DEBUG_ZLIB | ||
| 242 | fprintf(stderr,"expand(%4d)->%4d %s\n", | ||
| 243 | ilen,olen - state->istream.avail_out, | ||
| 244 | (ilen != olen - state->istream.avail_out)?"zlib":"clear"); | ||
| 245 | #endif | ||
| 246 | return olen - state->istream.avail_out; | ||
| 247 | } | ||
| 248 | |||
| 249 | #if 0 | ||
| 80 | static int zlib_compress_block(COMP_CTX *ctx, unsigned char *out, | 250 | static int zlib_compress_block(COMP_CTX *ctx, unsigned char *out, |
| 81 | unsigned int olen, unsigned char *in, unsigned int ilen) | 251 | unsigned int olen, unsigned char *in, unsigned int ilen) |
| 82 | { | 252 | { |
| 83 | unsigned long l; | 253 | unsigned long l; |
| 84 | int i; | 254 | int i; |
| @@ -111,7 +281,7 @@ static int zlib_compress_block(COMP_CTX *ctx, unsigned char *out, | |||
| 111 | } | 281 | } |
| 112 | 282 | ||
| 113 | static int zlib_expand_block(COMP_CTX *ctx, unsigned char *out, | 283 | static int zlib_expand_block(COMP_CTX *ctx, unsigned char *out, |
| 114 | unsigned int olen, unsigned char *in, unsigned int ilen) | 284 | unsigned int olen, unsigned char *in, unsigned int ilen) |
| 115 | { | 285 | { |
| 116 | unsigned long l; | 286 | unsigned long l; |
| 117 | int i; | 287 | int i; |
| @@ -153,7 +323,8 @@ static int zz_uncompress (Bytef *dest, uLongf *destLen, const Bytef *source, | |||
| 153 | stream.zalloc = (alloc_func)0; | 323 | stream.zalloc = (alloc_func)0; |
| 154 | stream.zfree = (free_func)0; | 324 | stream.zfree = (free_func)0; |
| 155 | 325 | ||
| 156 | err = inflateInit(&stream); | 326 | err = inflateInit_(&stream, |
| 327 | ZLIB_VERSION, sizeof(z_stream)); | ||
| 157 | if (err != Z_OK) return err; | 328 | if (err != Z_OK) return err; |
| 158 | 329 | ||
| 159 | err = inflate(&stream, Z_FINISH); | 330 | err = inflate(&stream, Z_FINISH); |
| @@ -166,6 +337,7 @@ static int zz_uncompress (Bytef *dest, uLongf *destLen, const Bytef *source, | |||
| 166 | err = inflateEnd(&stream); | 337 | err = inflateEnd(&stream); |
| 167 | return err; | 338 | return err; |
| 168 | } | 339 | } |
| 340 | #endif | ||
| 169 | 341 | ||
| 170 | #endif | 342 | #endif |
| 171 | 343 | ||
| @@ -195,9 +367,22 @@ COMP_METHOD *COMP_zlib(void) | |||
| 195 | p_inflateInit_ | 367 | p_inflateInit_ |
| 196 | = (inflateInit__ft) DSO_bind_func(zlib_dso, | 368 | = (inflateInit__ft) DSO_bind_func(zlib_dso, |
| 197 | "inflateInit_"); | 369 | "inflateInit_"); |
| 370 | p_deflateEnd | ||
| 371 | = (deflateEnd_ft) DSO_bind_func(zlib_dso, | ||
| 372 | "deflateEnd"); | ||
| 373 | p_deflate | ||
| 374 | = (deflate_ft) DSO_bind_func(zlib_dso, | ||
| 375 | "deflate"); | ||
| 376 | p_deflateInit_ | ||
| 377 | = (deflateInit__ft) DSO_bind_func(zlib_dso, | ||
| 378 | "deflateInit_"); | ||
| 379 | p_zError | ||
| 380 | = (zError__ft) DSO_bind_func(zlib_dso, | ||
| 381 | "zError"); | ||
| 198 | 382 | ||
| 199 | if (p_compress && p_inflateEnd && p_inflate | 383 | if (p_compress && p_inflateEnd && p_inflate |
| 200 | && p_inflateInit_) | 384 | && p_inflateInit_ && p_deflateEnd |
| 385 | && p_deflate && p_deflateInit_ && p_zError) | ||
| 201 | zlib_loaded++; | 386 | zlib_loaded++; |
| 202 | } | 387 | } |
| 203 | } | 388 | } |
| @@ -207,9 +392,410 @@ COMP_METHOD *COMP_zlib(void) | |||
| 207 | if (zlib_loaded) | 392 | if (zlib_loaded) |
| 208 | #endif | 393 | #endif |
| 209 | #if defined(ZLIB) || defined(ZLIB_SHARED) | 394 | #if defined(ZLIB) || defined(ZLIB_SHARED) |
| 210 | meth = &zlib_method; | 395 | { |
| 396 | /* init zlib_stateful_ex_idx here so that in a multi-process | ||
| 397 | * application it's enough to intialize openssl before forking | ||
| 398 | * (idx will be inherited in all the children) */ | ||
| 399 | if (zlib_stateful_ex_idx == -1) | ||
| 400 | { | ||
| 401 | CRYPTO_w_lock(CRYPTO_LOCK_COMP); | ||
| 402 | if (zlib_stateful_ex_idx == -1) | ||
| 403 | zlib_stateful_ex_idx = | ||
| 404 | CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_COMP, | ||
| 405 | 0,NULL,NULL,NULL,zlib_stateful_free_ex_data); | ||
| 406 | CRYPTO_w_unlock(CRYPTO_LOCK_COMP); | ||
| 407 | if (zlib_stateful_ex_idx == -1) | ||
| 408 | goto err; | ||
| 409 | } | ||
| 410 | |||
| 411 | meth = &zlib_stateful_method; | ||
| 412 | } | ||
| 413 | err: | ||
| 211 | #endif | 414 | #endif |
| 212 | 415 | ||
| 213 | return(meth); | 416 | return(meth); |
| 214 | } | 417 | } |
| 215 | 418 | ||
| 419 | void COMP_zlib_cleanup(void) | ||
| 420 | { | ||
| 421 | #ifdef ZLIB_SHARED | ||
| 422 | if (zlib_dso) | ||
| 423 | DSO_free(zlib_dso); | ||
| 424 | #endif | ||
| 425 | } | ||
| 426 | |||
| 427 | #ifdef ZLIB | ||
| 428 | |||
| 429 | /* Zlib based compression/decompression filter BIO */ | ||
| 430 | |||
| 431 | typedef struct | ||
| 432 | { | ||
| 433 | unsigned char *ibuf; /* Input buffer */ | ||
| 434 | int ibufsize; /* Buffer size */ | ||
| 435 | z_stream zin; /* Input decompress context */ | ||
| 436 | unsigned char *obuf; /* Output buffer */ | ||
| 437 | int obufsize; /* Output buffer size */ | ||
| 438 | unsigned char *optr; /* Position in output buffer */ | ||
| 439 | int ocount; /* Amount of data in output buffer */ | ||
| 440 | int odone; /* deflate EOF */ | ||
| 441 | int comp_level; /* Compression level to use */ | ||
| 442 | z_stream zout; /* Output compression context */ | ||
| 443 | } BIO_ZLIB_CTX; | ||
| 444 | |||
| 445 | #define ZLIB_DEFAULT_BUFSIZE 1024 | ||
| 446 | |||
| 447 | static int bio_zlib_new(BIO *bi); | ||
| 448 | static int bio_zlib_free(BIO *bi); | ||
| 449 | static int bio_zlib_read(BIO *b, char *out, int outl); | ||
| 450 | static int bio_zlib_write(BIO *b, const char *in, int inl); | ||
| 451 | static long bio_zlib_ctrl(BIO *b, int cmd, long num, void *ptr); | ||
| 452 | static long bio_zlib_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp); | ||
| 453 | |||
| 454 | static BIO_METHOD bio_meth_zlib = | ||
| 455 | { | ||
| 456 | BIO_TYPE_COMP, | ||
| 457 | "zlib", | ||
| 458 | bio_zlib_write, | ||
| 459 | bio_zlib_read, | ||
| 460 | NULL, | ||
| 461 | NULL, | ||
| 462 | bio_zlib_ctrl, | ||
| 463 | bio_zlib_new, | ||
| 464 | bio_zlib_free, | ||
| 465 | bio_zlib_callback_ctrl | ||
| 466 | }; | ||
| 467 | |||
| 468 | BIO_METHOD *BIO_f_zlib(void) | ||
| 469 | { | ||
| 470 | return &bio_meth_zlib; | ||
| 471 | } | ||
| 472 | |||
| 473 | |||
| 474 | static int bio_zlib_new(BIO *bi) | ||
| 475 | { | ||
| 476 | BIO_ZLIB_CTX *ctx; | ||
| 477 | #ifdef ZLIB_SHARED | ||
| 478 | (void)COMP_zlib(); | ||
| 479 | if (!zlib_loaded) | ||
| 480 | { | ||
| 481 | COMPerr(COMP_F_BIO_ZLIB_NEW, COMP_R_ZLIB_NOT_SUPPORTED); | ||
| 482 | return 0; | ||
| 483 | } | ||
| 484 | #endif | ||
| 485 | ctx = OPENSSL_malloc(sizeof(BIO_ZLIB_CTX)); | ||
| 486 | if(!ctx) | ||
| 487 | { | ||
| 488 | COMPerr(COMP_F_BIO_ZLIB_NEW, ERR_R_MALLOC_FAILURE); | ||
| 489 | return 0; | ||
| 490 | } | ||
| 491 | ctx->ibuf = NULL; | ||
| 492 | ctx->obuf = NULL; | ||
| 493 | ctx->ibufsize = ZLIB_DEFAULT_BUFSIZE; | ||
| 494 | ctx->obufsize = ZLIB_DEFAULT_BUFSIZE; | ||
| 495 | ctx->zin.zalloc = Z_NULL; | ||
| 496 | ctx->zin.zfree = Z_NULL; | ||
| 497 | ctx->zin.next_in = NULL; | ||
| 498 | ctx->zin.avail_in = 0; | ||
| 499 | ctx->zin.next_out = NULL; | ||
| 500 | ctx->zin.avail_out = 0; | ||
| 501 | ctx->zout.zalloc = Z_NULL; | ||
| 502 | ctx->zout.zfree = Z_NULL; | ||
| 503 | ctx->zout.next_in = NULL; | ||
| 504 | ctx->zout.avail_in = 0; | ||
| 505 | ctx->zout.next_out = NULL; | ||
| 506 | ctx->zout.avail_out = 0; | ||
| 507 | ctx->odone = 0; | ||
| 508 | ctx->comp_level = Z_DEFAULT_COMPRESSION; | ||
| 509 | bi->init = 1; | ||
| 510 | bi->ptr = (char *)ctx; | ||
| 511 | bi->flags = 0; | ||
| 512 | return 1; | ||
| 513 | } | ||
| 514 | |||
| 515 | static int bio_zlib_free(BIO *bi) | ||
| 516 | { | ||
| 517 | BIO_ZLIB_CTX *ctx; | ||
| 518 | if(!bi) return 0; | ||
| 519 | ctx = (BIO_ZLIB_CTX *)bi->ptr; | ||
| 520 | if(ctx->ibuf) | ||
| 521 | { | ||
| 522 | /* Destroy decompress context */ | ||
| 523 | inflateEnd(&ctx->zin); | ||
| 524 | OPENSSL_free(ctx->ibuf); | ||
| 525 | } | ||
| 526 | if(ctx->obuf) | ||
| 527 | { | ||
| 528 | /* Destroy compress context */ | ||
| 529 | deflateEnd(&ctx->zout); | ||
| 530 | OPENSSL_free(ctx->obuf); | ||
| 531 | } | ||
| 532 | OPENSSL_free(ctx); | ||
| 533 | bi->ptr = NULL; | ||
| 534 | bi->init = 0; | ||
| 535 | bi->flags = 0; | ||
| 536 | return 1; | ||
| 537 | } | ||
| 538 | |||
| 539 | static int bio_zlib_read(BIO *b, char *out, int outl) | ||
| 540 | { | ||
| 541 | BIO_ZLIB_CTX *ctx; | ||
| 542 | int ret; | ||
| 543 | z_stream *zin; | ||
| 544 | if(!out || !outl) return 0; | ||
| 545 | ctx = (BIO_ZLIB_CTX *)b->ptr; | ||
| 546 | zin = &ctx->zin; | ||
| 547 | BIO_clear_retry_flags(b); | ||
| 548 | if(!ctx->ibuf) | ||
| 549 | { | ||
| 550 | ctx->ibuf = OPENSSL_malloc(ctx->ibufsize); | ||
| 551 | if(!ctx->ibuf) | ||
| 552 | { | ||
| 553 | COMPerr(COMP_F_BIO_ZLIB_READ, ERR_R_MALLOC_FAILURE); | ||
| 554 | return 0; | ||
| 555 | } | ||
| 556 | inflateInit(zin); | ||
| 557 | zin->next_in = ctx->ibuf; | ||
| 558 | zin->avail_in = 0; | ||
| 559 | } | ||
| 560 | |||
| 561 | /* Copy output data directly to supplied buffer */ | ||
| 562 | zin->next_out = (unsigned char *)out; | ||
| 563 | zin->avail_out = (unsigned int)outl; | ||
| 564 | for(;;) | ||
| 565 | { | ||
| 566 | /* Decompress while data available */ | ||
| 567 | while(zin->avail_in) | ||
| 568 | { | ||
| 569 | ret = inflate(zin, 0); | ||
| 570 | if((ret != Z_OK) && (ret != Z_STREAM_END)) | ||
| 571 | { | ||
| 572 | COMPerr(COMP_F_BIO_ZLIB_READ, | ||
| 573 | COMP_R_ZLIB_INFLATE_ERROR); | ||
| 574 | ERR_add_error_data(2, "zlib error:", | ||
| 575 | zError(ret)); | ||
| 576 | return 0; | ||
| 577 | } | ||
| 578 | /* If EOF or we've read everything then return */ | ||
| 579 | if((ret == Z_STREAM_END) || !zin->avail_out) | ||
| 580 | return outl - zin->avail_out; | ||
| 581 | } | ||
| 582 | |||
| 583 | /* No data in input buffer try to read some in, | ||
| 584 | * if an error then return the total data read. | ||
| 585 | */ | ||
| 586 | ret = BIO_read(b->next_bio, ctx->ibuf, ctx->ibufsize); | ||
| 587 | if(ret <= 0) | ||
| 588 | { | ||
| 589 | /* Total data read */ | ||
| 590 | int tot = outl - zin->avail_out; | ||
| 591 | BIO_copy_next_retry(b); | ||
| 592 | if(ret < 0) return (tot > 0) ? tot : ret; | ||
| 593 | return tot; | ||
| 594 | } | ||
| 595 | zin->avail_in = ret; | ||
| 596 | zin->next_in = ctx->ibuf; | ||
| 597 | } | ||
| 598 | } | ||
| 599 | |||
| 600 | static int bio_zlib_write(BIO *b, const char *in, int inl) | ||
| 601 | { | ||
| 602 | BIO_ZLIB_CTX *ctx; | ||
| 603 | int ret; | ||
| 604 | z_stream *zout; | ||
| 605 | if(!in || !inl) return 0; | ||
| 606 | ctx = (BIO_ZLIB_CTX *)b->ptr; | ||
| 607 | if(ctx->odone) return 0; | ||
| 608 | zout = &ctx->zout; | ||
| 609 | BIO_clear_retry_flags(b); | ||
| 610 | if(!ctx->obuf) | ||
| 611 | { | ||
| 612 | ctx->obuf = OPENSSL_malloc(ctx->obufsize); | ||
| 613 | /* Need error here */ | ||
| 614 | if(!ctx->obuf) | ||
| 615 | { | ||
| 616 | COMPerr(COMP_F_BIO_ZLIB_WRITE, ERR_R_MALLOC_FAILURE); | ||
| 617 | return 0; | ||
| 618 | } | ||
| 619 | ctx->optr = ctx->obuf; | ||
| 620 | ctx->ocount = 0; | ||
| 621 | deflateInit(zout, ctx->comp_level); | ||
| 622 | zout->next_out = ctx->obuf; | ||
| 623 | zout->avail_out = ctx->obufsize; | ||
| 624 | } | ||
| 625 | /* Obtain input data directly from supplied buffer */ | ||
| 626 | zout->next_in = (void *)in; | ||
| 627 | zout->avail_in = inl; | ||
| 628 | for(;;) | ||
| 629 | { | ||
| 630 | /* If data in output buffer write it first */ | ||
| 631 | while(ctx->ocount) { | ||
| 632 | ret = BIO_write(b->next_bio, ctx->optr, ctx->ocount); | ||
| 633 | if(ret <= 0) | ||
| 634 | { | ||
| 635 | /* Total data written */ | ||
| 636 | int tot = inl - zout->avail_in; | ||
| 637 | BIO_copy_next_retry(b); | ||
| 638 | if(ret < 0) return (tot > 0) ? tot : ret; | ||
| 639 | return tot; | ||
| 640 | } | ||
| 641 | ctx->optr += ret; | ||
| 642 | ctx->ocount -= ret; | ||
| 643 | } | ||
| 644 | |||
| 645 | /* Have we consumed all supplied data? */ | ||
| 646 | if(!zout->avail_in) | ||
| 647 | return inl; | ||
| 648 | |||
| 649 | /* Compress some more */ | ||
| 650 | |||
| 651 | /* Reset buffer */ | ||
| 652 | ctx->optr = ctx->obuf; | ||
| 653 | zout->next_out = ctx->obuf; | ||
| 654 | zout->avail_out = ctx->obufsize; | ||
| 655 | /* Compress some more */ | ||
| 656 | ret = deflate(zout, 0); | ||
| 657 | if(ret != Z_OK) | ||
| 658 | { | ||
| 659 | COMPerr(COMP_F_BIO_ZLIB_WRITE, | ||
| 660 | COMP_R_ZLIB_DEFLATE_ERROR); | ||
| 661 | ERR_add_error_data(2, "zlib error:", zError(ret)); | ||
| 662 | return 0; | ||
| 663 | } | ||
| 664 | ctx->ocount = ctx->obufsize - zout->avail_out; | ||
| 665 | } | ||
| 666 | } | ||
| 667 | |||
| 668 | static int bio_zlib_flush(BIO *b) | ||
| 669 | { | ||
| 670 | BIO_ZLIB_CTX *ctx; | ||
| 671 | int ret; | ||
| 672 | z_stream *zout; | ||
| 673 | ctx = (BIO_ZLIB_CTX *)b->ptr; | ||
| 674 | /* If no data written or already flush show success */ | ||
| 675 | if(!ctx->obuf || (ctx->odone && !ctx->ocount)) return 1; | ||
| 676 | zout = &ctx->zout; | ||
| 677 | BIO_clear_retry_flags(b); | ||
| 678 | /* No more input data */ | ||
| 679 | zout->next_in = NULL; | ||
| 680 | zout->avail_in = 0; | ||
| 681 | for(;;) | ||
| 682 | { | ||
| 683 | /* If data in output buffer write it first */ | ||
| 684 | while(ctx->ocount) | ||
| 685 | { | ||
| 686 | ret = BIO_write(b->next_bio, ctx->optr, ctx->ocount); | ||
| 687 | if(ret <= 0) | ||
| 688 | { | ||
| 689 | BIO_copy_next_retry(b); | ||
| 690 | return ret; | ||
| 691 | } | ||
| 692 | ctx->optr += ret; | ||
| 693 | ctx->ocount -= ret; | ||
| 694 | } | ||
| 695 | if(ctx->odone) return 1; | ||
| 696 | |||
| 697 | /* Compress some more */ | ||
| 698 | |||
| 699 | /* Reset buffer */ | ||
| 700 | ctx->optr = ctx->obuf; | ||
| 701 | zout->next_out = ctx->obuf; | ||
| 702 | zout->avail_out = ctx->obufsize; | ||
| 703 | /* Compress some more */ | ||
| 704 | ret = deflate(zout, Z_FINISH); | ||
| 705 | if(ret == Z_STREAM_END) ctx->odone = 1; | ||
| 706 | else if(ret != Z_OK) | ||
| 707 | { | ||
| 708 | COMPerr(COMP_F_BIO_ZLIB_FLUSH, | ||
| 709 | COMP_R_ZLIB_DEFLATE_ERROR); | ||
| 710 | ERR_add_error_data(2, "zlib error:", zError(ret)); | ||
| 711 | return 0; | ||
| 712 | } | ||
| 713 | ctx->ocount = ctx->obufsize - zout->avail_out; | ||
| 714 | } | ||
| 715 | } | ||
| 716 | |||
| 717 | static long bio_zlib_ctrl(BIO *b, int cmd, long num, void *ptr) | ||
| 718 | { | ||
| 719 | BIO_ZLIB_CTX *ctx; | ||
| 720 | int ret, *ip; | ||
| 721 | int ibs, obs; | ||
| 722 | if(!b->next_bio) return 0; | ||
| 723 | ctx = (BIO_ZLIB_CTX *)b->ptr; | ||
| 724 | switch (cmd) | ||
| 725 | { | ||
| 726 | |||
| 727 | case BIO_CTRL_RESET: | ||
| 728 | ctx->ocount = 0; | ||
| 729 | ctx->odone = 0; | ||
| 730 | break; | ||
| 731 | |||
| 732 | case BIO_CTRL_FLUSH: | ||
| 733 | ret = bio_zlib_flush(b); | ||
| 734 | if (ret > 0) | ||
| 735 | ret = BIO_flush(b->next_bio); | ||
| 736 | break; | ||
| 737 | |||
| 738 | case BIO_C_SET_BUFF_SIZE: | ||
| 739 | ibs = -1; | ||
| 740 | obs = -1; | ||
| 741 | if (ptr != NULL) | ||
| 742 | { | ||
| 743 | ip = ptr; | ||
| 744 | if (*ip == 0) | ||
| 745 | ibs = (int) num; | ||
| 746 | else | ||
| 747 | obs = (int) num; | ||
| 748 | } | ||
| 749 | else | ||
| 750 | { | ||
| 751 | ibs = (int)num; | ||
| 752 | obs = ibs; | ||
| 753 | } | ||
| 754 | |||
| 755 | if (ibs != -1) | ||
| 756 | { | ||
| 757 | if (ctx->ibuf) | ||
| 758 | { | ||
| 759 | OPENSSL_free(ctx->ibuf); | ||
| 760 | ctx->ibuf = NULL; | ||
| 761 | } | ||
| 762 | ctx->ibufsize = ibs; | ||
| 763 | } | ||
| 764 | |||
| 765 | if (obs != -1) | ||
| 766 | { | ||
| 767 | if (ctx->obuf) | ||
| 768 | { | ||
| 769 | OPENSSL_free(ctx->obuf); | ||
| 770 | ctx->obuf = NULL; | ||
| 771 | } | ||
| 772 | ctx->obufsize = obs; | ||
| 773 | } | ||
| 774 | |||
| 775 | break; | ||
| 776 | |||
| 777 | case BIO_C_DO_STATE_MACHINE: | ||
| 778 | BIO_clear_retry_flags(b); | ||
| 779 | ret = BIO_ctrl(b->next_bio, cmd, num, ptr); | ||
| 780 | BIO_copy_next_retry(b); | ||
| 781 | break; | ||
| 782 | |||
| 783 | default: | ||
| 784 | ret = BIO_ctrl(b->next_bio, cmd, num, ptr); | ||
| 785 | break; | ||
| 786 | |||
| 787 | } | ||
| 788 | |||
| 789 | return ret; | ||
| 790 | } | ||
| 791 | |||
| 792 | |||
| 793 | static long bio_zlib_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp) | ||
| 794 | { | ||
| 795 | if(!b->next_bio) | ||
| 796 | return 0; | ||
| 797 | return | ||
| 798 | BIO_callback_ctrl(b->next_bio, cmd, fp); | ||
| 799 | } | ||
| 800 | |||
| 801 | #endif | ||
diff --git a/src/lib/libssl/src/crypto/comp/comp.h b/src/lib/libssl/src/crypto/comp/comp.h index ab48b78ae9..4b405c7d49 100644 --- a/src/lib/libssl/src/crypto/comp/comp.h +++ b/src/lib/libssl/src/crypto/comp/comp.h | |||
| @@ -8,19 +8,26 @@ | |||
| 8 | extern "C" { | 8 | extern "C" { |
| 9 | #endif | 9 | #endif |
| 10 | 10 | ||
| 11 | typedef struct comp_ctx_st COMP_CTX; | ||
| 12 | |||
| 11 | typedef struct comp_method_st | 13 | typedef struct comp_method_st |
| 12 | { | 14 | { |
| 13 | int type; /* NID for compression library */ | 15 | int type; /* NID for compression library */ |
| 14 | const char *name; /* A text string to identify the library */ | 16 | const char *name; /* A text string to identify the library */ |
| 15 | int (*init)(); | 17 | int (*init)(COMP_CTX *ctx); |
| 16 | void (*finish)(); | 18 | void (*finish)(COMP_CTX *ctx); |
| 17 | int (*compress)(); | 19 | int (*compress)(COMP_CTX *ctx, |
| 18 | int (*expand)(); | 20 | unsigned char *out, unsigned int olen, |
| 19 | long (*ctrl)(); | 21 | unsigned char *in, unsigned int ilen); |
| 20 | long (*callback_ctrl)(); | 22 | int (*expand)(COMP_CTX *ctx, |
| 23 | unsigned char *out, unsigned int olen, | ||
| 24 | unsigned char *in, unsigned int ilen); | ||
| 25 | /* The following two do NOTHING, but are kept for backward compatibility */ | ||
| 26 | long (*ctrl)(void); | ||
| 27 | long (*callback_ctrl)(void); | ||
| 21 | } COMP_METHOD; | 28 | } COMP_METHOD; |
| 22 | 29 | ||
| 23 | typedef struct comp_ctx_st | 30 | struct comp_ctx_st |
| 24 | { | 31 | { |
| 25 | COMP_METHOD *meth; | 32 | COMP_METHOD *meth; |
| 26 | unsigned long compress_in; | 33 | unsigned long compress_in; |
| @@ -29,7 +36,7 @@ typedef struct comp_ctx_st | |||
| 29 | unsigned long expand_out; | 36 | unsigned long expand_out; |
| 30 | 37 | ||
| 31 | CRYPTO_EX_DATA ex_data; | 38 | CRYPTO_EX_DATA ex_data; |
| 32 | } COMP_CTX; | 39 | }; |
| 33 | 40 | ||
| 34 | 41 | ||
| 35 | COMP_CTX *COMP_CTX_new(COMP_METHOD *meth); | 42 | COMP_CTX *COMP_CTX_new(COMP_METHOD *meth); |
| @@ -40,6 +47,13 @@ int COMP_expand_block(COMP_CTX *ctx, unsigned char *out, int olen, | |||
| 40 | unsigned char *in, int ilen); | 47 | unsigned char *in, int ilen); |
| 41 | COMP_METHOD *COMP_rle(void ); | 48 | COMP_METHOD *COMP_rle(void ); |
| 42 | COMP_METHOD *COMP_zlib(void ); | 49 | COMP_METHOD *COMP_zlib(void ); |
| 50 | void COMP_zlib_cleanup(void); | ||
| 51 | |||
| 52 | #ifdef HEADER_BIO_H | ||
| 53 | #ifdef ZLIB | ||
| 54 | BIO_METHOD *BIO_f_zlib(void); | ||
| 55 | #endif | ||
| 56 | #endif | ||
| 43 | 57 | ||
| 44 | /* BEGIN ERROR CODES */ | 58 | /* BEGIN ERROR CODES */ |
| 45 | /* The following lines are auto generated by the script mkerr.pl. Any changes | 59 | /* The following lines are auto generated by the script mkerr.pl. Any changes |
| @@ -50,8 +64,15 @@ void ERR_load_COMP_strings(void); | |||
| 50 | /* Error codes for the COMP functions. */ | 64 | /* Error codes for the COMP functions. */ |
| 51 | 65 | ||
| 52 | /* Function codes. */ | 66 | /* Function codes. */ |
| 67 | #define COMP_F_BIO_ZLIB_FLUSH 99 | ||
| 68 | #define COMP_F_BIO_ZLIB_NEW 100 | ||
| 69 | #define COMP_F_BIO_ZLIB_READ 101 | ||
| 70 | #define COMP_F_BIO_ZLIB_WRITE 102 | ||
| 53 | 71 | ||
| 54 | /* Reason codes. */ | 72 | /* Reason codes. */ |
| 73 | #define COMP_R_ZLIB_DEFLATE_ERROR 99 | ||
| 74 | #define COMP_R_ZLIB_INFLATE_ERROR 100 | ||
| 75 | #define COMP_R_ZLIB_NOT_SUPPORTED 101 | ||
| 55 | 76 | ||
| 56 | #ifdef __cplusplus | 77 | #ifdef __cplusplus |
| 57 | } | 78 | } |
diff --git a/src/lib/libssl/src/crypto/comp/comp_err.c b/src/lib/libssl/src/crypto/comp/comp_err.c index 1652b8c2c4..187d68b725 100644 --- a/src/lib/libssl/src/crypto/comp/comp_err.c +++ b/src/lib/libssl/src/crypto/comp/comp_err.c | |||
| @@ -1,6 +1,6 @@ | |||
| 1 | /* crypto/comp/comp_err.c */ | 1 | /* crypto/comp/comp_err.c */ |
| 2 | /* ==================================================================== | 2 | /* ==================================================================== |
| 3 | * Copyright (c) 1999 The OpenSSL Project. All rights reserved. | 3 | * Copyright (c) 1999-2008 The OpenSSL Project. All rights reserved. |
| 4 | * | 4 | * |
| 5 | * Redistribution and use in source and binary forms, with or without | 5 | * Redistribution and use in source and binary forms, with or without |
| 6 | * modification, are permitted provided that the following conditions | 6 | * modification, are permitted provided that the following conditions |
| @@ -64,13 +64,24 @@ | |||
| 64 | 64 | ||
| 65 | /* BEGIN ERROR CODES */ | 65 | /* BEGIN ERROR CODES */ |
| 66 | #ifndef OPENSSL_NO_ERR | 66 | #ifndef OPENSSL_NO_ERR |
| 67 | |||
| 68 | #define ERR_FUNC(func) ERR_PACK(ERR_LIB_COMP,func,0) | ||
| 69 | #define ERR_REASON(reason) ERR_PACK(ERR_LIB_COMP,0,reason) | ||
| 70 | |||
| 67 | static ERR_STRING_DATA COMP_str_functs[]= | 71 | static ERR_STRING_DATA COMP_str_functs[]= |
| 68 | { | 72 | { |
| 73 | {ERR_FUNC(COMP_F_BIO_ZLIB_FLUSH), "BIO_ZLIB_FLUSH"}, | ||
| 74 | {ERR_FUNC(COMP_F_BIO_ZLIB_NEW), "BIO_ZLIB_NEW"}, | ||
| 75 | {ERR_FUNC(COMP_F_BIO_ZLIB_READ), "BIO_ZLIB_READ"}, | ||
| 76 | {ERR_FUNC(COMP_F_BIO_ZLIB_WRITE), "BIO_ZLIB_WRITE"}, | ||
| 69 | {0,NULL} | 77 | {0,NULL} |
| 70 | }; | 78 | }; |
| 71 | 79 | ||
| 72 | static ERR_STRING_DATA COMP_str_reasons[]= | 80 | static ERR_STRING_DATA COMP_str_reasons[]= |
| 73 | { | 81 | { |
| 82 | {ERR_REASON(COMP_R_ZLIB_DEFLATE_ERROR) ,"zlib deflate error"}, | ||
| 83 | {ERR_REASON(COMP_R_ZLIB_INFLATE_ERROR) ,"zlib inflate error"}, | ||
| 84 | {ERR_REASON(COMP_R_ZLIB_NOT_SUPPORTED) ,"zlib not supported"}, | ||
| 74 | {0,NULL} | 85 | {0,NULL} |
| 75 | }; | 86 | }; |
| 76 | 87 | ||
| @@ -78,15 +89,12 @@ static ERR_STRING_DATA COMP_str_reasons[]= | |||
| 78 | 89 | ||
| 79 | void ERR_load_COMP_strings(void) | 90 | void ERR_load_COMP_strings(void) |
| 80 | { | 91 | { |
| 81 | static int init=1; | ||
| 82 | |||
| 83 | if (init) | ||
| 84 | { | ||
| 85 | init=0; | ||
| 86 | #ifndef OPENSSL_NO_ERR | 92 | #ifndef OPENSSL_NO_ERR |
| 87 | ERR_load_strings(ERR_LIB_COMP,COMP_str_functs); | ||
| 88 | ERR_load_strings(ERR_LIB_COMP,COMP_str_reasons); | ||
| 89 | #endif | ||
| 90 | 93 | ||
| 94 | if (ERR_func_error_string(COMP_str_functs[0].error) == NULL) | ||
| 95 | { | ||
| 96 | ERR_load_strings(0,COMP_str_functs); | ||
| 97 | ERR_load_strings(0,COMP_str_reasons); | ||
| 91 | } | 98 | } |
| 99 | #endif | ||
| 92 | } | 100 | } |
diff --git a/src/lib/libssl/src/crypto/comp/comp_lib.c b/src/lib/libssl/src/crypto/comp/comp_lib.c index beb98ce8cc..b60ae371e8 100644 --- a/src/lib/libssl/src/crypto/comp/comp_lib.c +++ b/src/lib/libssl/src/crypto/comp/comp_lib.c | |||
| @@ -20,17 +20,11 @@ COMP_CTX *COMP_CTX_new(COMP_METHOD *meth) | |||
| 20 | OPENSSL_free(ret); | 20 | OPENSSL_free(ret); |
| 21 | ret=NULL; | 21 | ret=NULL; |
| 22 | } | 22 | } |
| 23 | #if 0 | ||
| 24 | else | ||
| 25 | CRYPTO_new_ex_data(rsa_meth,(char *)ret,&ret->ex_data); | ||
| 26 | #endif | ||
| 27 | return(ret); | 23 | return(ret); |
| 28 | } | 24 | } |
| 29 | 25 | ||
| 30 | void COMP_CTX_free(COMP_CTX *ctx) | 26 | void COMP_CTX_free(COMP_CTX *ctx) |
| 31 | { | 27 | { |
| 32 | /* CRYPTO_free_ex_data(rsa_meth,(char *)ctx,&ctx->ex_data); */ | ||
| 33 | |||
| 34 | if(ctx == NULL) | 28 | if(ctx == NULL) |
| 35 | return; | 29 | return; |
| 36 | 30 | ||
diff --git a/src/lib/libssl/src/crypto/conf/conf.h b/src/lib/libssl/src/crypto/conf/conf.h index f4671442ab..8aa06bc5ec 100644 --- a/src/lib/libssl/src/crypto/conf/conf.h +++ b/src/lib/libssl/src/crypto/conf/conf.h | |||
| @@ -65,6 +65,8 @@ | |||
| 65 | #include <openssl/safestack.h> | 65 | #include <openssl/safestack.h> |
| 66 | #include <openssl/e_os2.h> | 66 | #include <openssl/e_os2.h> |
| 67 | 67 | ||
| 68 | #include <openssl/ossl_typ.h> | ||
| 69 | |||
| 68 | #ifdef __cplusplus | 70 | #ifdef __cplusplus |
| 69 | extern "C" { | 71 | extern "C" { |
| 70 | #endif | 72 | #endif |
| @@ -81,7 +83,6 @@ DECLARE_STACK_OF(CONF_MODULE) | |||
| 81 | DECLARE_STACK_OF(CONF_IMODULE) | 83 | DECLARE_STACK_OF(CONF_IMODULE) |
| 82 | 84 | ||
| 83 | struct conf_st; | 85 | struct conf_st; |
| 84 | typedef struct conf_st CONF; | ||
| 85 | struct conf_method_st; | 86 | struct conf_method_st; |
| 86 | typedef struct conf_method_st CONF_METHOD; | 87 | typedef struct conf_method_st CONF_METHOD; |
| 87 | 88 | ||
| @@ -113,6 +114,7 @@ typedef void conf_finish_func(CONF_IMODULE *md); | |||
| 113 | #define CONF_MFLAGS_SILENT 0x4 | 114 | #define CONF_MFLAGS_SILENT 0x4 |
| 114 | #define CONF_MFLAGS_NO_DSO 0x8 | 115 | #define CONF_MFLAGS_NO_DSO 0x8 |
| 115 | #define CONF_MFLAGS_IGNORE_MISSING_FILE 0x10 | 116 | #define CONF_MFLAGS_IGNORE_MISSING_FILE 0x10 |
| 117 | #define CONF_MFLAGS_DEFAULT_SECTION 0x20 | ||
| 116 | 118 | ||
| 117 | int CONF_set_default_method(CONF_METHOD *meth); | 119 | int CONF_set_default_method(CONF_METHOD *meth); |
| 118 | void CONF_set_nconf(CONF *conf,LHASH *hash); | 120 | void CONF_set_nconf(CONF *conf,LHASH *hash); |
| @@ -212,6 +214,8 @@ void ERR_load_CONF_strings(void); | |||
| 212 | #define CONF_F_CONF_LOAD_BIO 102 | 214 | #define CONF_F_CONF_LOAD_BIO 102 |
| 213 | #define CONF_F_CONF_LOAD_FP 103 | 215 | #define CONF_F_CONF_LOAD_FP 103 |
| 214 | #define CONF_F_CONF_MODULES_LOAD 116 | 216 | #define CONF_F_CONF_MODULES_LOAD 116 |
| 217 | #define CONF_F_DEF_LOAD 120 | ||
| 218 | #define CONF_F_DEF_LOAD_BIO 121 | ||
| 215 | #define CONF_F_MODULE_INIT 115 | 219 | #define CONF_F_MODULE_INIT 115 |
| 216 | #define CONF_F_MODULE_LOAD_DSO 117 | 220 | #define CONF_F_MODULE_LOAD_DSO 117 |
| 217 | #define CONF_F_MODULE_RUN 118 | 221 | #define CONF_F_MODULE_RUN 118 |
diff --git a/src/lib/libssl/src/crypto/conf/conf_api.c b/src/lib/libssl/src/crypto/conf/conf_api.c index 0032baa711..909d72b4b8 100644 --- a/src/lib/libssl/src/crypto/conf/conf_api.c +++ b/src/lib/libssl/src/crypto/conf/conf_api.c | |||
| @@ -121,7 +121,7 @@ int _CONF_add_string(CONF *conf, CONF_VALUE *section, CONF_VALUE *value) | |||
| 121 | v = (CONF_VALUE *)lh_insert(conf->data, value); | 121 | v = (CONF_VALUE *)lh_insert(conf->data, value); |
| 122 | if (v != NULL) | 122 | if (v != NULL) |
| 123 | { | 123 | { |
| 124 | sk_CONF_VALUE_delete_ptr(ts,v); | 124 | (void)sk_CONF_VALUE_delete_ptr(ts,v); |
| 125 | OPENSSL_free(v->name); | 125 | OPENSSL_free(v->name); |
| 126 | OPENSSL_free(v->value); | 126 | OPENSSL_free(v->value); |
| 127 | OPENSSL_free(v); | 127 | OPENSSL_free(v); |
diff --git a/src/lib/libssl/src/crypto/conf/conf_def.c b/src/lib/libssl/src/crypto/conf/conf_def.c index 2464f8ed90..d8bce8732a 100644 --- a/src/lib/libssl/src/crypto/conf/conf_def.c +++ b/src/lib/libssl/src/crypto/conf/conf_def.c | |||
| @@ -60,6 +60,7 @@ | |||
| 60 | 60 | ||
| 61 | #include <stdio.h> | 61 | #include <stdio.h> |
| 62 | #include <string.h> | 62 | #include <string.h> |
| 63 | #include "cryptlib.h" | ||
| 63 | #include <openssl/stack.h> | 64 | #include <openssl/stack.h> |
| 64 | #include <openssl/lhash.h> | 65 | #include <openssl/lhash.h> |
| 65 | #include <openssl/conf.h> | 66 | #include <openssl/conf.h> |
| @@ -67,7 +68,6 @@ | |||
| 67 | #include "conf_def.h" | 68 | #include "conf_def.h" |
| 68 | #include <openssl/buffer.h> | 69 | #include <openssl/buffer.h> |
| 69 | #include <openssl/err.h> | 70 | #include <openssl/err.h> |
| 70 | #include "cryptlib.h" | ||
| 71 | 71 | ||
| 72 | static char *eat_ws(CONF *conf, char *p); | 72 | static char *eat_ws(CONF *conf, char *p); |
| 73 | static char *eat_alpha_numeric(CONF *conf, char *p); | 73 | static char *eat_alpha_numeric(CONF *conf, char *p); |
| @@ -88,7 +88,7 @@ static int def_dump(const CONF *conf, BIO *bp); | |||
| 88 | static int def_is_number(const CONF *conf, char c); | 88 | static int def_is_number(const CONF *conf, char c); |
| 89 | static int def_to_int(const CONF *conf, char c); | 89 | static int def_to_int(const CONF *conf, char c); |
| 90 | 90 | ||
| 91 | const char *CONF_def_version="CONF_def" OPENSSL_VERSION_PTEXT; | 91 | const char CONF_def_version[]="CONF_def" OPENSSL_VERSION_PTEXT; |
| 92 | 92 | ||
| 93 | static CONF_METHOD default_method = { | 93 | static CONF_METHOD default_method = { |
| 94 | "OpenSSL default", | 94 | "OpenSSL default", |
| @@ -194,9 +194,9 @@ static int def_load(CONF *conf, const char *name, long *line) | |||
| 194 | if (in == NULL) | 194 | if (in == NULL) |
| 195 | { | 195 | { |
| 196 | if (ERR_GET_REASON(ERR_peek_last_error()) == BIO_R_NO_SUCH_FILE) | 196 | if (ERR_GET_REASON(ERR_peek_last_error()) == BIO_R_NO_SUCH_FILE) |
| 197 | CONFerr(CONF_F_CONF_LOAD,CONF_R_NO_SUCH_FILE); | 197 | CONFerr(CONF_F_DEF_LOAD,CONF_R_NO_SUCH_FILE); |
| 198 | else | 198 | else |
| 199 | CONFerr(CONF_F_CONF_LOAD,ERR_R_SYS_LIB); | 199 | CONFerr(CONF_F_DEF_LOAD,ERR_R_SYS_LIB); |
| 200 | return 0; | 200 | return 0; |
| 201 | } | 201 | } |
| 202 | 202 | ||
| @@ -225,28 +225,28 @@ static int def_load_bio(CONF *conf, BIO *in, long *line) | |||
| 225 | 225 | ||
| 226 | if ((buff=BUF_MEM_new()) == NULL) | 226 | if ((buff=BUF_MEM_new()) == NULL) |
| 227 | { | 227 | { |
| 228 | CONFerr(CONF_F_CONF_LOAD_BIO,ERR_R_BUF_LIB); | 228 | CONFerr(CONF_F_DEF_LOAD_BIO,ERR_R_BUF_LIB); |
| 229 | goto err; | 229 | goto err; |
| 230 | } | 230 | } |
| 231 | 231 | ||
| 232 | section=(char *)OPENSSL_malloc(10); | 232 | section=(char *)OPENSSL_malloc(10); |
| 233 | if (section == NULL) | 233 | if (section == NULL) |
| 234 | { | 234 | { |
| 235 | CONFerr(CONF_F_CONF_LOAD_BIO,ERR_R_MALLOC_FAILURE); | 235 | CONFerr(CONF_F_DEF_LOAD_BIO,ERR_R_MALLOC_FAILURE); |
| 236 | goto err; | 236 | goto err; |
| 237 | } | 237 | } |
| 238 | BUF_strlcpy(section,"default",10); | 238 | BUF_strlcpy(section,"default",10); |
| 239 | 239 | ||
| 240 | if (_CONF_new_data(conf) == 0) | 240 | if (_CONF_new_data(conf) == 0) |
| 241 | { | 241 | { |
| 242 | CONFerr(CONF_F_CONF_LOAD_BIO,ERR_R_MALLOC_FAILURE); | 242 | CONFerr(CONF_F_DEF_LOAD_BIO,ERR_R_MALLOC_FAILURE); |
| 243 | goto err; | 243 | goto err; |
| 244 | } | 244 | } |
| 245 | 245 | ||
| 246 | sv=_CONF_new_section(conf,section); | 246 | sv=_CONF_new_section(conf,section); |
| 247 | if (sv == NULL) | 247 | if (sv == NULL) |
| 248 | { | 248 | { |
| 249 | CONFerr(CONF_F_CONF_LOAD_BIO, | 249 | CONFerr(CONF_F_DEF_LOAD_BIO, |
| 250 | CONF_R_UNABLE_TO_CREATE_NEW_SECTION); | 250 | CONF_R_UNABLE_TO_CREATE_NEW_SECTION); |
| 251 | goto err; | 251 | goto err; |
| 252 | } | 252 | } |
| @@ -258,7 +258,7 @@ static int def_load_bio(CONF *conf, BIO *in, long *line) | |||
| 258 | { | 258 | { |
| 259 | if (!BUF_MEM_grow(buff,bufnum+CONFBUFSIZE)) | 259 | if (!BUF_MEM_grow(buff,bufnum+CONFBUFSIZE)) |
| 260 | { | 260 | { |
| 261 | CONFerr(CONF_F_CONF_LOAD_BIO,ERR_R_BUF_LIB); | 261 | CONFerr(CONF_F_DEF_LOAD_BIO,ERR_R_BUF_LIB); |
| 262 | goto err; | 262 | goto err; |
| 263 | } | 263 | } |
| 264 | p= &(buff->data[bufnum]); | 264 | p= &(buff->data[bufnum]); |
| @@ -329,7 +329,7 @@ again: | |||
| 329 | ss=p; | 329 | ss=p; |
| 330 | goto again; | 330 | goto again; |
| 331 | } | 331 | } |
| 332 | CONFerr(CONF_F_CONF_LOAD_BIO, | 332 | CONFerr(CONF_F_DEF_LOAD_BIO, |
| 333 | CONF_R_MISSING_CLOSE_SQUARE_BRACKET); | 333 | CONF_R_MISSING_CLOSE_SQUARE_BRACKET); |
| 334 | goto err; | 334 | goto err; |
| 335 | } | 335 | } |
| @@ -339,7 +339,7 @@ again: | |||
| 339 | sv=_CONF_new_section(conf,section); | 339 | sv=_CONF_new_section(conf,section); |
| 340 | if (sv == NULL) | 340 | if (sv == NULL) |
| 341 | { | 341 | { |
| 342 | CONFerr(CONF_F_CONF_LOAD_BIO, | 342 | CONFerr(CONF_F_DEF_LOAD_BIO, |
| 343 | CONF_R_UNABLE_TO_CREATE_NEW_SECTION); | 343 | CONF_R_UNABLE_TO_CREATE_NEW_SECTION); |
| 344 | goto err; | 344 | goto err; |
| 345 | } | 345 | } |
| @@ -362,7 +362,7 @@ again: | |||
| 362 | p=eat_ws(conf, end); | 362 | p=eat_ws(conf, end); |
| 363 | if (*p != '=') | 363 | if (*p != '=') |
| 364 | { | 364 | { |
| 365 | CONFerr(CONF_F_CONF_LOAD_BIO, | 365 | CONFerr(CONF_F_DEF_LOAD_BIO, |
| 366 | CONF_R_MISSING_EQUAL_SIGN); | 366 | CONF_R_MISSING_EQUAL_SIGN); |
| 367 | goto err; | 367 | goto err; |
| 368 | } | 368 | } |
| @@ -379,7 +379,7 @@ again: | |||
| 379 | 379 | ||
| 380 | if (!(v=(CONF_VALUE *)OPENSSL_malloc(sizeof(CONF_VALUE)))) | 380 | if (!(v=(CONF_VALUE *)OPENSSL_malloc(sizeof(CONF_VALUE)))) |
| 381 | { | 381 | { |
| 382 | CONFerr(CONF_F_CONF_LOAD_BIO, | 382 | CONFerr(CONF_F_DEF_LOAD_BIO, |
| 383 | ERR_R_MALLOC_FAILURE); | 383 | ERR_R_MALLOC_FAILURE); |
| 384 | goto err; | 384 | goto err; |
| 385 | } | 385 | } |
| @@ -388,7 +388,7 @@ again: | |||
| 388 | v->value=NULL; | 388 | v->value=NULL; |
| 389 | if (v->name == NULL) | 389 | if (v->name == NULL) |
| 390 | { | 390 | { |
| 391 | CONFerr(CONF_F_CONF_LOAD_BIO, | 391 | CONFerr(CONF_F_DEF_LOAD_BIO, |
| 392 | ERR_R_MALLOC_FAILURE); | 392 | ERR_R_MALLOC_FAILURE); |
| 393 | goto err; | 393 | goto err; |
| 394 | } | 394 | } |
| @@ -402,7 +402,7 @@ again: | |||
| 402 | tv=_CONF_new_section(conf,psection); | 402 | tv=_CONF_new_section(conf,psection); |
| 403 | if (tv == NULL) | 403 | if (tv == NULL) |
| 404 | { | 404 | { |
| 405 | CONFerr(CONF_F_CONF_LOAD_BIO, | 405 | CONFerr(CONF_F_DEF_LOAD_BIO, |
| 406 | CONF_R_UNABLE_TO_CREATE_NEW_SECTION); | 406 | CONF_R_UNABLE_TO_CREATE_NEW_SECTION); |
| 407 | goto err; | 407 | goto err; |
| 408 | } | 408 | } |
| @@ -416,7 +416,7 @@ again: | |||
| 416 | #if 1 | 416 | #if 1 |
| 417 | if (_CONF_add_string(conf, tv, v) == 0) | 417 | if (_CONF_add_string(conf, tv, v) == 0) |
| 418 | { | 418 | { |
| 419 | CONFerr(CONF_F_CONF_LOAD_BIO, | 419 | CONFerr(CONF_F_DEF_LOAD_BIO, |
| 420 | ERR_R_MALLOC_FAILURE); | 420 | ERR_R_MALLOC_FAILURE); |
| 421 | goto err; | 421 | goto err; |
| 422 | } | 422 | } |
| @@ -424,7 +424,7 @@ again: | |||
| 424 | v->section=tv->section; | 424 | v->section=tv->section; |
| 425 | if (!sk_CONF_VALUE_push(ts,v)) | 425 | if (!sk_CONF_VALUE_push(ts,v)) |
| 426 | { | 426 | { |
| 427 | CONFerr(CONF_F_CONF_LOAD_BIO, | 427 | CONFerr(CONF_F_DEF_LOAD_BIO, |
| 428 | ERR_R_MALLOC_FAILURE); | 428 | ERR_R_MALLOC_FAILURE); |
| 429 | goto err; | 429 | goto err; |
| 430 | } | 430 | } |
| @@ -629,7 +629,7 @@ static int str_copy(CONF *conf, char *section, char **pto, char *from) | |||
| 629 | CONFerr(CONF_F_STR_COPY,CONF_R_VARIABLE_HAS_NO_VALUE); | 629 | CONFerr(CONF_F_STR_COPY,CONF_R_VARIABLE_HAS_NO_VALUE); |
| 630 | goto err; | 630 | goto err; |
| 631 | } | 631 | } |
| 632 | BUF_MEM_grow_clean(buf,(strlen(p)+len-(e-from))); | 632 | BUF_MEM_grow_clean(buf,(strlen(p)+buf->length-(e-from))); |
| 633 | while (*p) | 633 | while (*p) |
| 634 | buf->data[to++]= *(p++); | 634 | buf->data[to++]= *(p++); |
| 635 | 635 | ||
diff --git a/src/lib/libssl/src/crypto/conf/conf_err.c b/src/lib/libssl/src/crypto/conf/conf_err.c index f5e2ca4bf0..a16a5e0bd4 100644 --- a/src/lib/libssl/src/crypto/conf/conf_err.c +++ b/src/lib/libssl/src/crypto/conf/conf_err.c | |||
| @@ -75,6 +75,8 @@ static ERR_STRING_DATA CONF_str_functs[]= | |||
| 75 | {ERR_FUNC(CONF_F_CONF_LOAD_BIO), "CONF_load_bio"}, | 75 | {ERR_FUNC(CONF_F_CONF_LOAD_BIO), "CONF_load_bio"}, |
| 76 | {ERR_FUNC(CONF_F_CONF_LOAD_FP), "CONF_load_fp"}, | 76 | {ERR_FUNC(CONF_F_CONF_LOAD_FP), "CONF_load_fp"}, |
| 77 | {ERR_FUNC(CONF_F_CONF_MODULES_LOAD), "CONF_modules_load"}, | 77 | {ERR_FUNC(CONF_F_CONF_MODULES_LOAD), "CONF_modules_load"}, |
| 78 | {ERR_FUNC(CONF_F_DEF_LOAD), "DEF_LOAD"}, | ||
| 79 | {ERR_FUNC(CONF_F_DEF_LOAD_BIO), "DEF_LOAD_BIO"}, | ||
| 78 | {ERR_FUNC(CONF_F_MODULE_INIT), "MODULE_INIT"}, | 80 | {ERR_FUNC(CONF_F_MODULE_INIT), "MODULE_INIT"}, |
| 79 | {ERR_FUNC(CONF_F_MODULE_LOAD_DSO), "MODULE_LOAD_DSO"}, | 81 | {ERR_FUNC(CONF_F_MODULE_LOAD_DSO), "MODULE_LOAD_DSO"}, |
| 80 | {ERR_FUNC(CONF_F_MODULE_RUN), "MODULE_RUN"}, | 82 | {ERR_FUNC(CONF_F_MODULE_RUN), "MODULE_RUN"}, |
| @@ -116,15 +118,12 @@ static ERR_STRING_DATA CONF_str_reasons[]= | |||
| 116 | 118 | ||
| 117 | void ERR_load_CONF_strings(void) | 119 | void ERR_load_CONF_strings(void) |
| 118 | { | 120 | { |
| 119 | static int init=1; | 121 | #ifndef OPENSSL_NO_ERR |
| 120 | 122 | ||
| 121 | if (init) | 123 | if (ERR_func_error_string(CONF_str_functs[0].error) == NULL) |
| 122 | { | 124 | { |
| 123 | init=0; | ||
| 124 | #ifndef OPENSSL_NO_ERR | ||
| 125 | ERR_load_strings(0,CONF_str_functs); | 125 | ERR_load_strings(0,CONF_str_functs); |
| 126 | ERR_load_strings(0,CONF_str_reasons); | 126 | ERR_load_strings(0,CONF_str_reasons); |
| 127 | #endif | ||
| 128 | |||
| 129 | } | 127 | } |
| 128 | #endif | ||
| 130 | } | 129 | } |
diff --git a/src/lib/libssl/src/crypto/conf/conf_lib.c b/src/lib/libssl/src/crypto/conf/conf_lib.c index 6a3cf109dd..2a3399d269 100644 --- a/src/lib/libssl/src/crypto/conf/conf_lib.c +++ b/src/lib/libssl/src/crypto/conf/conf_lib.c | |||
| @@ -63,7 +63,7 @@ | |||
| 63 | #include <openssl/conf_api.h> | 63 | #include <openssl/conf_api.h> |
| 64 | #include <openssl/lhash.h> | 64 | #include <openssl/lhash.h> |
| 65 | 65 | ||
| 66 | const char *CONF_version="CONF" OPENSSL_VERSION_PTEXT; | 66 | const char CONF_version[]="CONF" OPENSSL_VERSION_PTEXT; |
| 67 | 67 | ||
| 68 | static CONF_METHOD *default_CONF_method=NULL; | 68 | static CONF_METHOD *default_CONF_method=NULL; |
| 69 | 69 | ||
| @@ -184,7 +184,7 @@ long CONF_get_number(LHASH *conf,const char *group,const char *name) | |||
| 184 | if (status == 0) | 184 | if (status == 0) |
| 185 | { | 185 | { |
| 186 | /* This function does not believe in errors... */ | 186 | /* This function does not believe in errors... */ |
| 187 | ERR_get_error(); | 187 | ERR_clear_error(); |
| 188 | } | 188 | } |
| 189 | return result; | 189 | return result; |
| 190 | } | 190 | } |
diff --git a/src/lib/libssl/src/crypto/conf/conf_mod.c b/src/lib/libssl/src/crypto/conf/conf_mod.c index 812e60dc70..58b23ba992 100644 --- a/src/lib/libssl/src/crypto/conf/conf_mod.c +++ b/src/lib/libssl/src/crypto/conf/conf_mod.c | |||
| @@ -126,17 +126,18 @@ int CONF_modules_load(const CONF *cnf, const char *appname, | |||
| 126 | { | 126 | { |
| 127 | STACK_OF(CONF_VALUE) *values; | 127 | STACK_OF(CONF_VALUE) *values; |
| 128 | CONF_VALUE *vl; | 128 | CONF_VALUE *vl; |
| 129 | char *vsection; | 129 | char *vsection = NULL; |
| 130 | 130 | ||
| 131 | int ret, i; | 131 | int ret, i; |
| 132 | 132 | ||
| 133 | if (!cnf) | 133 | if (!cnf) |
| 134 | return 1; | 134 | return 1; |
| 135 | 135 | ||
| 136 | if (appname == NULL) | 136 | if (appname) |
| 137 | appname = "openssl_conf"; | 137 | vsection = NCONF_get_string(cnf, NULL, appname); |
| 138 | 138 | ||
| 139 | vsection = NCONF_get_string(cnf, NULL, appname); | 139 | if (!appname || (!vsection && (flags & CONF_MFLAGS_DEFAULT_SECTION))) |
| 140 | vsection = NCONF_get_string(cnf, NULL, "openssl_conf"); | ||
| 140 | 141 | ||
| 141 | if (!vsection) | 142 | if (!vsection) |
| 142 | { | 143 | { |
| @@ -231,7 +232,7 @@ static int module_run(const CONF *cnf, char *name, char *value, | |||
| 231 | if (!(flags & CONF_MFLAGS_SILENT)) | 232 | if (!(flags & CONF_MFLAGS_SILENT)) |
| 232 | { | 233 | { |
| 233 | char rcode[DECIMAL_SIZE(ret)+1]; | 234 | char rcode[DECIMAL_SIZE(ret)+1]; |
| 234 | CONFerr(CONF_F_CONF_MODULES_LOAD, CONF_R_MODULE_INITIALIZATION_ERROR); | 235 | CONFerr(CONF_F_MODULE_RUN, CONF_R_MODULE_INITIALIZATION_ERROR); |
| 235 | BIO_snprintf(rcode, sizeof rcode, "%-8d", ret); | 236 | BIO_snprintf(rcode, sizeof rcode, "%-8d", ret); |
| 236 | ERR_add_error_data(6, "module=", name, ", value=", value, ", retcode=", rcode); | 237 | ERR_add_error_data(6, "module=", name, ", value=", value, ", retcode=", rcode); |
| 237 | } | 238 | } |
| @@ -254,7 +255,7 @@ static CONF_MODULE *module_load_dso(const CONF *cnf, char *name, char *value, | |||
| 254 | path = NCONF_get_string(cnf, value, "path"); | 255 | path = NCONF_get_string(cnf, value, "path"); |
| 255 | if (!path) | 256 | if (!path) |
| 256 | { | 257 | { |
| 257 | ERR_get_error(); | 258 | ERR_clear_error(); |
| 258 | path = name; | 259 | path = name; |
| 259 | } | 260 | } |
| 260 | dso = DSO_load(NULL, path, NULL, 0); | 261 | dso = DSO_load(NULL, path, NULL, 0); |
| @@ -431,7 +432,7 @@ void CONF_modules_unload(int all) | |||
| 431 | if (((md->links > 0) || !md->dso) && !all) | 432 | if (((md->links > 0) || !md->dso) && !all) |
| 432 | continue; | 433 | continue; |
| 433 | /* Since we're working in reverse this is OK */ | 434 | /* Since we're working in reverse this is OK */ |
| 434 | sk_CONF_MODULE_delete(supported_modules, i); | 435 | (void)sk_CONF_MODULE_delete(supported_modules, i); |
| 435 | module_free(md); | 436 | module_free(md); |
| 436 | } | 437 | } |
| 437 | if (sk_CONF_MODULE_num(supported_modules) == 0) | 438 | if (sk_CONF_MODULE_num(supported_modules) == 0) |
diff --git a/src/lib/libssl/src/crypto/conf/conf_sap.c b/src/lib/libssl/src/crypto/conf/conf_sap.c index e15c2e5546..9c53bac1a8 100644 --- a/src/lib/libssl/src/crypto/conf/conf_sap.c +++ b/src/lib/libssl/src/crypto/conf/conf_sap.c | |||
| @@ -88,8 +88,8 @@ void OPENSSL_config(const char *config_name) | |||
| 88 | 88 | ||
| 89 | 89 | ||
| 90 | ERR_clear_error(); | 90 | ERR_clear_error(); |
| 91 | if (CONF_modules_load_file(NULL, NULL, | 91 | if (CONF_modules_load_file(NULL, config_name, |
| 92 | CONF_MFLAGS_IGNORE_MISSING_FILE) <= 0) | 92 | CONF_MFLAGS_DEFAULT_SECTION|CONF_MFLAGS_IGNORE_MISSING_FILE) <= 0) |
| 93 | { | 93 | { |
| 94 | BIO *bio_err; | 94 | BIO *bio_err; |
| 95 | ERR_load_crypto_strings(); | 95 | ERR_load_crypto_strings(); |
diff --git a/src/lib/libssl/src/crypto/cpt_err.c b/src/lib/libssl/src/crypto/cpt_err.c index 06a6109cce..9fd41fff8c 100644 --- a/src/lib/libssl/src/crypto/cpt_err.c +++ b/src/lib/libssl/src/crypto/cpt_err.c | |||
| @@ -92,15 +92,12 @@ static ERR_STRING_DATA CRYPTO_str_reasons[]= | |||
| 92 | 92 | ||
| 93 | void ERR_load_CRYPTO_strings(void) | 93 | void ERR_load_CRYPTO_strings(void) |
| 94 | { | 94 | { |
| 95 | static int init=1; | 95 | #ifndef OPENSSL_NO_ERR |
| 96 | 96 | ||
| 97 | if (init) | 97 | if (ERR_func_error_string(CRYPTO_str_functs[0].error) == NULL) |
| 98 | { | 98 | { |
| 99 | init=0; | ||
| 100 | #ifndef OPENSSL_NO_ERR | ||
| 101 | ERR_load_strings(0,CRYPTO_str_functs); | 99 | ERR_load_strings(0,CRYPTO_str_functs); |
| 102 | ERR_load_strings(0,CRYPTO_str_reasons); | 100 | ERR_load_strings(0,CRYPTO_str_reasons); |
| 103 | #endif | ||
| 104 | |||
| 105 | } | 101 | } |
| 102 | #endif | ||
| 106 | } | 103 | } |
diff --git a/src/lib/libssl/src/crypto/cryptlib.c b/src/lib/libssl/src/crypto/cryptlib.c index e63bbe8dba..8c68623828 100644 --- a/src/lib/libssl/src/crypto/cryptlib.c +++ b/src/lib/libssl/src/crypto/cryptlib.c | |||
| @@ -1,4 +1,57 @@ | |||
| 1 | /* crypto/cryptlib.c */ | 1 | /* crypto/cryptlib.c */ |
| 2 | /* ==================================================================== | ||
| 3 | * Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved. | ||
| 4 | * | ||
| 5 | * Redistribution and use in source and binary forms, with or without | ||
| 6 | * modification, are permitted provided that the following conditions | ||
| 7 | * are met: | ||
| 8 | * | ||
| 9 | * 1. Redistributions of source code must retain the above copyright | ||
| 10 | * notice, this list of conditions and the following disclaimer. | ||
| 11 | * | ||
| 12 | * 2. Redistributions in binary form must reproduce the above copyright | ||
| 13 | * notice, this list of conditions and the following disclaimer in | ||
| 14 | * the documentation and/or other materials provided with the | ||
| 15 | * distribution. | ||
| 16 | * | ||
| 17 | * 3. All advertising materials mentioning features or use of this | ||
| 18 | * software must display the following acknowledgment: | ||
| 19 | * "This product includes software developed by the OpenSSL Project | ||
| 20 | * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" | ||
| 21 | * | ||
| 22 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | ||
| 23 | * endorse or promote products derived from this software without | ||
| 24 | * prior written permission. For written permission, please contact | ||
| 25 | * openssl-core@openssl.org. | ||
| 26 | * | ||
| 27 | * 5. Products derived from this software may not be called "OpenSSL" | ||
| 28 | * nor may "OpenSSL" appear in their names without prior written | ||
| 29 | * permission of the OpenSSL Project. | ||
| 30 | * | ||
| 31 | * 6. Redistributions of any form whatsoever must retain the following | ||
| 32 | * acknowledgment: | ||
| 33 | * "This product includes software developed by the OpenSSL Project | ||
| 34 | * for use in the OpenSSL Toolkit (http://www.openssl.org/)" | ||
| 35 | * | ||
| 36 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | ||
| 37 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
| 38 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | ||
| 39 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | ||
| 40 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | ||
| 41 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
| 42 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | ||
| 43 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
| 44 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | ||
| 45 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | ||
| 46 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | ||
| 47 | * OF THE POSSIBILITY OF SUCH DAMAGE. | ||
| 48 | * ==================================================================== | ||
| 49 | * | ||
| 50 | * This product includes cryptographic software written by Eric Young | ||
| 51 | * (eay@cryptsoft.com). This product includes software written by Tim | ||
| 52 | * Hudson (tjh@cryptsoft.com). | ||
| 53 | * | ||
| 54 | */ | ||
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 55 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 56 | * All rights reserved. |
| 4 | * | 57 | * |
| @@ -55,11 +108,13 @@ | |||
| 55 | * copied and put under another distribution licence | 108 | * copied and put under another distribution licence |
| 56 | * [including the GNU Public Licence.] | 109 | * [including the GNU Public Licence.] |
| 57 | */ | 110 | */ |
| 111 | /* ==================================================================== | ||
| 112 | * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. | ||
| 113 | * ECDH support in OpenSSL originally developed by | ||
| 114 | * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. | ||
| 115 | */ | ||
| 58 | 116 | ||
| 59 | #include <stdio.h> | ||
| 60 | #include <string.h> | ||
| 61 | #include "cryptlib.h" | 117 | #include "cryptlib.h" |
| 62 | #include <openssl/crypto.h> | ||
| 63 | #include <openssl/safestack.h> | 118 | #include <openssl/safestack.h> |
| 64 | 119 | ||
| 65 | #if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WIN16) | 120 | #if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WIN16) |
| @@ -70,7 +125,7 @@ DECLARE_STACK_OF(CRYPTO_dynlock) | |||
| 70 | IMPLEMENT_STACK_OF(CRYPTO_dynlock) | 125 | IMPLEMENT_STACK_OF(CRYPTO_dynlock) |
| 71 | 126 | ||
| 72 | /* real #defines in crypto.h, keep these upto date */ | 127 | /* real #defines in crypto.h, keep these upto date */ |
| 73 | static const char* lock_names[CRYPTO_NUM_LOCKS] = | 128 | static const char* const lock_names[CRYPTO_NUM_LOCKS] = |
| 74 | { | 129 | { |
| 75 | "<<ERROR>>", | 130 | "<<ERROR>>", |
| 76 | "err", | 131 | "err", |
| @@ -104,10 +159,14 @@ static const char* lock_names[CRYPTO_NUM_LOCKS] = | |||
| 104 | "dynlock", | 159 | "dynlock", |
| 105 | "engine", | 160 | "engine", |
| 106 | "ui", | 161 | "ui", |
| 107 | "hwcrhk", /* This is a HACK which will disappear in 0.9.8 */ | 162 | "ecdsa", |
| 108 | "fips", | 163 | "ec", |
| 109 | "fips2", | 164 | "ecdh", |
| 110 | #if CRYPTO_NUM_LOCKS != 35 | 165 | "bn", |
| 166 | "ec_pre_comp", | ||
| 167 | "store", | ||
| 168 | "comp", | ||
| 169 | #if CRYPTO_NUM_LOCKS != 39 | ||
| 111 | # error "Inconsistency between crypto.h and cryptlib.c" | 170 | # error "Inconsistency between crypto.h and cryptlib.c" |
| 112 | #endif | 171 | #endif |
| 113 | }; | 172 | }; |
| @@ -218,7 +277,7 @@ int CRYPTO_get_new_dynlockid(void) | |||
| 218 | else | 277 | else |
| 219 | /* If we found a place with a NULL pointer, put our pointer | 278 | /* If we found a place with a NULL pointer, put our pointer |
| 220 | in it. */ | 279 | in it. */ |
| 221 | sk_CRYPTO_dynlock_set(dyn_locks,i,pointer); | 280 | (void)sk_CRYPTO_dynlock_set(dyn_locks,i,pointer); |
| 222 | CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK); | 281 | CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK); |
| 223 | 282 | ||
| 224 | if (i == -1) | 283 | if (i == -1) |
| @@ -260,7 +319,7 @@ void CRYPTO_destroy_dynlockid(int i) | |||
| 260 | #endif | 319 | #endif |
| 261 | if (pointer->references <= 0) | 320 | if (pointer->references <= 0) |
| 262 | { | 321 | { |
| 263 | sk_CRYPTO_dynlock_set(dyn_locks, i, NULL); | 322 | (void)sk_CRYPTO_dynlock_set(dyn_locks, i, NULL); |
| 264 | } | 323 | } |
| 265 | else | 324 | else |
| 266 | pointer = NULL; | 325 | pointer = NULL; |
| @@ -480,9 +539,48 @@ const char *CRYPTO_get_lock_name(int type) | |||
| 480 | return(sk_value(app_locks,type-CRYPTO_NUM_LOCKS)); | 539 | return(sk_value(app_locks,type-CRYPTO_NUM_LOCKS)); |
| 481 | } | 540 | } |
| 482 | 541 | ||
| 483 | int OPENSSL_NONPIC_relocated=0; | 542 | #if defined(__i386) || defined(__i386__) || defined(_M_IX86) || \ |
| 543 | defined(__INTEL__) || \ | ||
| 544 | defined(__x86_64) || defined(__x86_64__) || defined(_M_AMD64) | ||
| 545 | |||
| 546 | unsigned long OPENSSL_ia32cap_P=0; | ||
| 547 | unsigned long *OPENSSL_ia32cap_loc(void) { return &OPENSSL_ia32cap_P; } | ||
| 548 | |||
| 549 | #if defined(OPENSSL_CPUID_OBJ) && !defined(OPENSSL_NO_ASM) && !defined(I386_ONLY) | ||
| 550 | #define OPENSSL_CPUID_SETUP | ||
| 551 | void OPENSSL_cpuid_setup(void) | ||
| 552 | { static int trigger=0; | ||
| 553 | unsigned long OPENSSL_ia32_cpuid(void); | ||
| 554 | char *env; | ||
| 484 | 555 | ||
| 485 | #if defined(_WIN32) && defined(_WINDLL) | 556 | if (trigger) return; |
| 557 | |||
| 558 | trigger=1; | ||
| 559 | if ((env=getenv("OPENSSL_ia32cap"))) | ||
| 560 | OPENSSL_ia32cap_P = strtoul(env,NULL,0)|(1<<10); | ||
| 561 | else | ||
| 562 | OPENSSL_ia32cap_P = OPENSSL_ia32_cpuid()|(1<<10); | ||
| 563 | /* | ||
| 564 | * |(1<<10) sets a reserved bit to signal that variable | ||
| 565 | * was initialized already... This is to avoid interference | ||
| 566 | * with cpuid snippets in ELF .init segment. | ||
| 567 | */ | ||
| 568 | } | ||
| 569 | #endif | ||
| 570 | |||
| 571 | #else | ||
| 572 | unsigned long *OPENSSL_ia32cap_loc(void) { return NULL; } | ||
| 573 | #endif | ||
| 574 | int OPENSSL_NONPIC_relocated = 0; | ||
| 575 | #if !defined(OPENSSL_CPUID_SETUP) | ||
| 576 | void OPENSSL_cpuid_setup(void) {} | ||
| 577 | #endif | ||
| 578 | |||
| 579 | #if (defined(_WIN32) || defined(__CYGWIN__)) && defined(_WINDLL) | ||
| 580 | #ifdef __CYGWIN__ | ||
| 581 | /* pick DLL_[PROCESS|THREAD]_[ATTACH|DETACH] definitions */ | ||
| 582 | #include <windows.h> | ||
| 583 | #endif | ||
| 486 | 584 | ||
| 487 | /* All we really need to do is remove the 'error' state when a thread | 585 | /* All we really need to do is remove the 'error' state when a thread |
| 488 | * detaches */ | 586 | * detaches */ |
| @@ -493,6 +591,7 @@ BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD fdwReason, | |||
| 493 | switch(fdwReason) | 591 | switch(fdwReason) |
| 494 | { | 592 | { |
| 495 | case DLL_PROCESS_ATTACH: | 593 | case DLL_PROCESS_ATTACH: |
| 594 | OPENSSL_cpuid_setup(); | ||
| 496 | #if defined(_WIN32_WINNT) | 595 | #if defined(_WIN32_WINNT) |
| 497 | { | 596 | { |
| 498 | IMAGE_DOS_HEADER *dos_header = (IMAGE_DOS_HEADER *)hinstDLL; | 597 | IMAGE_DOS_HEADER *dos_header = (IMAGE_DOS_HEADER *)hinstDLL; |
| @@ -521,11 +620,11 @@ BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD fdwReason, | |||
| 521 | } | 620 | } |
| 522 | #endif | 621 | #endif |
| 523 | 622 | ||
| 524 | #if defined(_WIN32) | 623 | #if defined(_WIN32) && !defined(__CYGWIN__) |
| 525 | #include <tchar.h> | 624 | #include <tchar.h> |
| 526 | 625 | ||
| 527 | #if defined(_WIN32_WINNT) && _WIN32_WINNT>=0x0333 | 626 | #if defined(_WIN32_WINNT) && _WIN32_WINNT>=0x0333 |
| 528 | static int IsService(void) | 627 | int OPENSSL_isservice(void) |
| 529 | { HWINSTA h; | 628 | { HWINSTA h; |
| 530 | DWORD len; | 629 | DWORD len; |
| 531 | WCHAR *name; | 630 | WCHAR *name; |
| @@ -562,12 +661,15 @@ static int IsService(void) | |||
| 562 | #endif | 661 | #endif |
| 563 | else return 0; | 662 | else return 0; |
| 564 | } | 663 | } |
| 664 | #else | ||
| 665 | int OPENSSL_isservice(void) { return 0; } | ||
| 565 | #endif | 666 | #endif |
| 566 | 667 | ||
| 567 | void OPENSSL_showfatal (const char *fmta,...) | 668 | void OPENSSL_showfatal (const char *fmta,...) |
| 568 | { va_list ap; | 669 | { va_list ap; |
| 569 | TCHAR buf[256]; | 670 | TCHAR buf[256]; |
| 570 | const TCHAR *fmt; | 671 | const TCHAR *fmt; |
| 672 | #ifdef STD_ERROR_HANDLE /* what a dirty trick! */ | ||
| 571 | HANDLE h; | 673 | HANDLE h; |
| 572 | 674 | ||
| 573 | if ((h=GetStdHandle(STD_ERROR_HANDLE)) != NULL && | 675 | if ((h=GetStdHandle(STD_ERROR_HANDLE)) != NULL && |
| @@ -578,6 +680,7 @@ void OPENSSL_showfatal (const char *fmta,...) | |||
| 578 | va_end (ap); | 680 | va_end (ap); |
| 579 | return; | 681 | return; |
| 580 | } | 682 | } |
| 683 | #endif | ||
| 581 | 684 | ||
| 582 | if (sizeof(TCHAR)==sizeof(char)) | 685 | if (sizeof(TCHAR)==sizeof(char)) |
| 583 | fmt=(const TCHAR *)fmta; | 686 | fmt=(const TCHAR *)fmta; |
| @@ -623,7 +726,7 @@ void OPENSSL_showfatal (const char *fmta,...) | |||
| 623 | 726 | ||
| 624 | #if defined(_WIN32_WINNT) && _WIN32_WINNT>=0x0333 | 727 | #if defined(_WIN32_WINNT) && _WIN32_WINNT>=0x0333 |
| 625 | /* this -------------v--- guards NT-specific calls */ | 728 | /* this -------------v--- guards NT-specific calls */ |
| 626 | if (GetVersion() < 0x80000000 && IsService()) | 729 | if (GetVersion() < 0x80000000 && OPENSSL_isservice()) |
| 627 | { HANDLE h = RegisterEventSource(0,_T("OPENSSL")); | 730 | { HANDLE h = RegisterEventSource(0,_T("OPENSSL")); |
| 628 | const TCHAR *pmsg=buf; | 731 | const TCHAR *pmsg=buf; |
| 629 | ReportEvent(h,EVENTLOG_ERROR_TYPE,0,0,0,1,0,&pmsg,0); | 732 | ReportEvent(h,EVENTLOG_ERROR_TYPE,0,0,0,1,0,&pmsg,0); |
| @@ -631,21 +734,7 @@ void OPENSSL_showfatal (const char *fmta,...) | |||
| 631 | } | 734 | } |
| 632 | else | 735 | else |
| 633 | #endif | 736 | #endif |
| 634 | { MSGBOXPARAMS m; | 737 | MessageBox (NULL,buf,_T("OpenSSL: FATAL"),MB_OK|MB_ICONSTOP); |
| 635 | |||
| 636 | m.cbSize = sizeof(m); | ||
| 637 | m.hwndOwner = NULL; | ||
| 638 | m.lpszCaption = _T("OpenSSL: FATAL"); | ||
| 639 | m.dwStyle = MB_OK; | ||
| 640 | m.hInstance = NULL; | ||
| 641 | m.lpszIcon = IDI_ERROR; | ||
| 642 | m.dwContextHelpId = 0; | ||
| 643 | m.lpfnMsgBoxCallback = NULL; | ||
| 644 | m.dwLanguageId = MAKELANGID(LANG_ENGLISH,SUBLANG_ENGLISH_US); | ||
| 645 | m.lpszText = buf; | ||
| 646 | |||
| 647 | MessageBoxIndirect (&m); | ||
| 648 | } | ||
| 649 | } | 738 | } |
| 650 | #else | 739 | #else |
| 651 | void OPENSSL_showfatal (const char *fmta,...) | 740 | void OPENSSL_showfatal (const char *fmta,...) |
| @@ -655,6 +744,7 @@ void OPENSSL_showfatal (const char *fmta,...) | |||
| 655 | vfprintf (stderr,fmta,ap); | 744 | vfprintf (stderr,fmta,ap); |
| 656 | va_end (ap); | 745 | va_end (ap); |
| 657 | } | 746 | } |
| 747 | int OPENSSL_isservice (void) { return 0; } | ||
| 658 | #endif | 748 | #endif |
| 659 | 749 | ||
| 660 | void OpenSSLDie(const char *file,int line,const char *assertion) | 750 | void OpenSSLDie(const char *file,int line,const char *assertion) |
| @@ -666,79 +756,3 @@ void OpenSSLDie(const char *file,int line,const char *assertion) | |||
| 666 | } | 756 | } |
| 667 | 757 | ||
| 668 | void *OPENSSL_stderr(void) { return stderr; } | 758 | void *OPENSSL_stderr(void) { return stderr; } |
| 669 | |||
| 670 | #ifdef OPENSSL_FIPS | ||
| 671 | |||
| 672 | void fips_w_lock(void) { CRYPTO_w_lock(CRYPTO_LOCK_FIPS); } | ||
| 673 | void fips_w_unlock(void) { CRYPTO_w_unlock(CRYPTO_LOCK_FIPS); } | ||
| 674 | void fips_r_lock(void) { CRYPTO_r_lock(CRYPTO_LOCK_FIPS); } | ||
| 675 | void fips_r_unlock(void) { CRYPTO_r_unlock(CRYPTO_LOCK_FIPS); } | ||
| 676 | |||
| 677 | static int fips_started = 0; | ||
| 678 | static unsigned long fips_thread = 0; | ||
| 679 | |||
| 680 | void fips_set_started(void) | ||
| 681 | { | ||
| 682 | fips_started = 1; | ||
| 683 | } | ||
| 684 | |||
| 685 | int fips_is_started(void) | ||
| 686 | { | ||
| 687 | return fips_started; | ||
| 688 | } | ||
| 689 | |||
| 690 | int fips_is_owning_thread(void) | ||
| 691 | { | ||
| 692 | int ret = 0; | ||
| 693 | |||
| 694 | if (fips_is_started()) | ||
| 695 | { | ||
| 696 | CRYPTO_r_lock(CRYPTO_LOCK_FIPS2); | ||
| 697 | if (fips_thread != 0 && fips_thread == CRYPTO_thread_id()) | ||
| 698 | ret = 1; | ||
| 699 | CRYPTO_r_unlock(CRYPTO_LOCK_FIPS2); | ||
| 700 | } | ||
| 701 | return ret; | ||
| 702 | } | ||
| 703 | |||
| 704 | int fips_set_owning_thread(void) | ||
| 705 | { | ||
| 706 | int ret = 0; | ||
| 707 | |||
| 708 | if (fips_is_started()) | ||
| 709 | { | ||
| 710 | CRYPTO_w_lock(CRYPTO_LOCK_FIPS2); | ||
| 711 | if (fips_thread == 0) | ||
| 712 | { | ||
| 713 | fips_thread = CRYPTO_thread_id(); | ||
| 714 | ret = 1; | ||
| 715 | } | ||
| 716 | CRYPTO_w_unlock(CRYPTO_LOCK_FIPS2); | ||
| 717 | } | ||
| 718 | return ret; | ||
| 719 | } | ||
| 720 | |||
| 721 | int fips_clear_owning_thread(void) | ||
| 722 | { | ||
| 723 | int ret = 0; | ||
| 724 | |||
| 725 | if (fips_is_started()) | ||
| 726 | { | ||
| 727 | CRYPTO_w_lock(CRYPTO_LOCK_FIPS2); | ||
| 728 | if (fips_thread == CRYPTO_thread_id()) | ||
| 729 | { | ||
| 730 | fips_thread = 0; | ||
| 731 | ret = 1; | ||
| 732 | } | ||
| 733 | CRYPTO_w_unlock(CRYPTO_LOCK_FIPS2); | ||
| 734 | } | ||
| 735 | return ret; | ||
| 736 | } | ||
| 737 | |||
| 738 | unsigned char *fips_signature_witness(void) | ||
| 739 | { | ||
| 740 | extern unsigned char FIPS_signature[]; | ||
| 741 | return FIPS_signature; | ||
| 742 | } | ||
| 743 | #endif /* OPENSSL_FIPS */ | ||
| 744 | |||
diff --git a/src/lib/libssl/src/crypto/cryptlib.h b/src/lib/libssl/src/crypto/cryptlib.h index 6f59e08ca6..5ceaa964b5 100644 --- a/src/lib/libssl/src/crypto/cryptlib.h +++ b/src/lib/libssl/src/crypto/cryptlib.h | |||
| @@ -64,6 +64,11 @@ | |||
| 64 | 64 | ||
| 65 | #include "e_os.h" | 65 | #include "e_os.h" |
| 66 | 66 | ||
| 67 | #ifdef OPENSSL_USE_APPLINK | ||
| 68 | #define BIO_FLAGS_UPLINK 0x8000 | ||
| 69 | #include "ms/uplink.h" | ||
| 70 | #endif | ||
| 71 | |||
| 67 | #include <openssl/crypto.h> | 72 | #include <openssl/crypto.h> |
| 68 | #include <openssl/buffer.h> | 73 | #include <openssl/buffer.h> |
| 69 | #include <openssl/bio.h> | 74 | #include <openssl/bio.h> |
| @@ -93,9 +98,12 @@ extern "C" { | |||
| 93 | #define DECIMAL_SIZE(type) ((sizeof(type)*8+2)/3+1) | 98 | #define DECIMAL_SIZE(type) ((sizeof(type)*8+2)/3+1) |
| 94 | #define HEX_SIZE(type) (sizeof(type)*2) | 99 | #define HEX_SIZE(type) (sizeof(type)*2) |
| 95 | 100 | ||
| 101 | void OPENSSL_cpuid_setup(void); | ||
| 102 | extern unsigned long OPENSSL_ia32cap_P; | ||
| 96 | void OPENSSL_showfatal(const char *,...); | 103 | void OPENSSL_showfatal(const char *,...); |
| 97 | void *OPENSSL_stderr(void); | 104 | void *OPENSSL_stderr(void); |
| 98 | extern int OPENSSL_NONPIC_relocated; | 105 | extern int OPENSSL_NONPIC_relocated; |
| 106 | int OPENSSL_isservice(void); | ||
| 99 | 107 | ||
| 100 | #ifdef __cplusplus | 108 | #ifdef __cplusplus |
| 101 | } | 109 | } |
diff --git a/src/lib/libssl/src/crypto/crypto-lib.com b/src/lib/libssl/src/crypto/crypto-lib.com index 427c321f25..8898f30c1f 100644 --- a/src/lib/libssl/src/crypto/crypto-lib.com +++ b/src/lib/libssl/src/crypto/crypto-lib.com | |||
| @@ -75,12 +75,15 @@ $ ENDIF | |||
| 75 | $! | 75 | $! |
| 76 | $! Define The Different Encryption Types. | 76 | $! Define The Different Encryption Types. |
| 77 | $! | 77 | $! |
| 78 | $ ENCRYPT_TYPES = "Basic,MD2,MD4,MD5,SHA,MDC2,HMAC,RIPEMD,"+ - | 78 | $ ENCRYPT_TYPES = "Basic,"+ - |
| 79 | "DES,RC2,RC4,RC5,IDEA,BF,CAST,"+ - | 79 | "OBJECTS,"+ - |
| 80 | "BN,EC,RSA,DSA,DH,DSO,ENGINE,AES,"+ - | 80 | "MD2,MD4,MD5,SHA,MDC2,HMAC,RIPEMD,"+ - |
| 81 | "BUFFER,BIO,STACK,LHASH,RAND,ERR,OBJECTS,"+ - | 81 | "DES,RC2,RC4,RC5,IDEA,BF,CAST,CAMELLIA,SEED,"+ - |
| 82 | "BN,EC,RSA,DSA,ECDSA,DH,ECDH,DSO,ENGINE,AES,"+ - | ||
| 83 | "BUFFER,BIO,STACK,LHASH,RAND,ERR,"+ - | ||
| 82 | "EVP,EVP_2,ASN1,ASN1_2,PEM,X509,X509V3,"+ - | 84 | "EVP,EVP_2,ASN1,ASN1_2,PEM,X509,X509V3,"+ - |
| 83 | "CONF,TXT_DB,PKCS7,PKCS12,COMP,OCSP,UI,KRB5" | 85 | "CONF,TXT_DB,PKCS7,PKCS12,COMP,OCSP,UI,KRB5,"+ - |
| 86 | "STORE,CMS,PQUEUE" | ||
| 84 | $! | 87 | $! |
| 85 | $! Check To Make Sure We Have Valid Command Line Parameters. | 88 | $! Check To Make Sure We Have Valid Command Line Parameters. |
| 86 | $! | 89 | $! |
| @@ -158,11 +161,11 @@ $! | |||
| 158 | $ APPS_DES = "DES/DES,CBC3_ENC" | 161 | $ APPS_DES = "DES/DES,CBC3_ENC" |
| 159 | $ APPS_PKCS7 = "ENC/ENC;DEC/DEC;SIGN/SIGN;VERIFY/VERIFY,EXAMPLE" | 162 | $ APPS_PKCS7 = "ENC/ENC;DEC/DEC;SIGN/SIGN;VERIFY/VERIFY,EXAMPLE" |
| 160 | $ | 163 | $ |
| 161 | $ LIB_ = "cryptlib,mem,mem_clr,mem_dbg,cversion,ex_data,tmdiff,cpt_err,ebcdic,uid,o_time,o_str" | 164 | $ LIB_ = "cryptlib,mem,mem_clr,mem_dbg,cversion,ex_data,tmdiff,cpt_err,ebcdic,uid,o_time,o_str,o_dir" |
| 162 | $ LIB_MD2 = "md2_dgst,md2_one" | 165 | $ LIB_MD2 = "md2_dgst,md2_one" |
| 163 | $ LIB_MD4 = "md4_dgst,md4_one" | 166 | $ LIB_MD4 = "md4_dgst,md4_one" |
| 164 | $ LIB_MD5 = "md5_dgst,md5_one" | 167 | $ LIB_MD5 = "md5_dgst,md5_one" |
| 165 | $ LIB_SHA = "sha_dgst,sha1dgst,sha_one,sha1_one" | 168 | $ LIB_SHA = "sha_dgst,sha1dgst,sha_one,sha1_one,sha256,sha512" |
| 166 | $ LIB_MDC2 = "mdc2dgst,mdc2_one" | 169 | $ LIB_MDC2 = "mdc2dgst,mdc2_one" |
| 167 | $ LIB_HMAC = "hmac" | 170 | $ LIB_HMAC = "hmac" |
| 168 | $ LIB_RIPEMD = "rmd_dgst,rmd_one" | 171 | $ LIB_RIPEMD = "rmd_dgst,rmd_one" |
| @@ -179,34 +182,43 @@ $ LIB_RC5 = "rc5_skey,rc5_ecb,rc5_enc,rc5cfb64,rc5ofb64" | |||
| 179 | $ LIB_IDEA = "i_cbc,i_cfb64,i_ofb64,i_ecb,i_skey" | 182 | $ LIB_IDEA = "i_cbc,i_cfb64,i_ofb64,i_ecb,i_skey" |
| 180 | $ LIB_BF = "bf_skey,bf_ecb,bf_enc,bf_cfb64,bf_ofb64" | 183 | $ LIB_BF = "bf_skey,bf_ecb,bf_enc,bf_cfb64,bf_ofb64" |
| 181 | $ LIB_CAST = "c_skey,c_ecb,c_enc,c_cfb64,c_ofb64" | 184 | $ LIB_CAST = "c_skey,c_ecb,c_enc,c_cfb64,c_ofb64" |
| 185 | $ LIB_CAMELLIA = "camellia,cmll_misc,cmll_ecb,cmll_cbc,cmll_ofb,"+ - | ||
| 186 | "cmll_cfb,cmll_ctr" | ||
| 187 | $ LIB_SEED = "seed,seed_cbc,seed_ecb,seed_cfb,seed_ofb" | ||
| 182 | $ LIB_BN_ASM = "[.asm]vms.mar,vms-helper" | 188 | $ LIB_BN_ASM = "[.asm]vms.mar,vms-helper" |
| 183 | $ IF F$TRNLNM("OPENSSL_NO_ASM").OR.ARCH.EQS."AXP" THEN LIB_BN_ASM = "bn_asm" | 189 | $ IF F$TRNLNM("OPENSSL_NO_ASM").OR.ARCH.EQS."AXP" THEN LIB_BN_ASM = "bn_asm" |
| 184 | $ LIB_BN = "bn_add,bn_div,bn_exp,bn_lib,bn_ctx,bn_mul,bn_mod,"+ - | 190 | $ LIB_BN = "bn_add,bn_div,bn_exp,bn_lib,bn_ctx,bn_mul,bn_mod,"+ - |
| 185 | "bn_print,bn_rand,bn_shift,bn_word,bn_blind,"+ - | 191 | "bn_print,bn_rand,bn_shift,bn_word,bn_blind,"+ - |
| 186 | "bn_kron,bn_sqrt,bn_gcd,bn_prime,bn_err,bn_sqr,"+LIB_BN_ASM+","+ - | 192 | "bn_kron,bn_sqrt,bn_gcd,bn_prime,bn_err,bn_sqr,"+LIB_BN_ASM+","+ - |
| 187 | "bn_recp,bn_mont,bn_mpi,bn_exp2,bn_x931p" | 193 | "bn_recp,bn_mont,bn_mpi,bn_exp2,bn_gf2m,bn_nist,"+ - |
| 194 | "bn_depr,bn_const" | ||
| 195 | $ LIB_EC = "ec_lib,ecp_smpl,ecp_mont,ecp_nist,ec_cvt,ec_mult,"+ - | ||
| 196 | "ec_err,ec_curve,ec_check,ec_print,ec_asn1,ec_key,"+ - | ||
| 197 | "ec2_smpl,ec2_mult" | ||
| 188 | $ LIB_RSA = "rsa_eay,rsa_gen,rsa_lib,rsa_sign,rsa_saos,rsa_err,"+ - | 198 | $ LIB_RSA = "rsa_eay,rsa_gen,rsa_lib,rsa_sign,rsa_saos,rsa_err,"+ - |
| 189 | "rsa_pk1,rsa_ssl,rsa_none,rsa_oaep,rsa_chk,rsa_null,"+ - | 199 | "rsa_pk1,rsa_ssl,rsa_none,rsa_oaep,rsa_chk,rsa_null,"+ - |
| 190 | "rsa_pss,rsa_x931,rsa_asn1" | 200 | "rsa_pss,rsa_x931,rsa_asn1,rsa_depr" |
| 191 | $ LIB_EC = "ec_lib,ecp_smpl,ecp_mont,ecp_recp,ecp_nist,ec_cvt,ec_mult,"+ - | 201 | $ LIB_DSA = "dsa_gen,dsa_key,dsa_lib,dsa_asn1,dsa_vrf,dsa_sign,"+ - |
| 192 | "ec_err" | 202 | "dsa_err,dsa_ossl,dsa_depr" |
| 193 | $ LIB_DSA = "dsa_gen,dsa_key,dsa_lib,dsa_asn1,dsa_vrf,dsa_sign,dsa_err,dsa_ossl" | 203 | $ LIB_ECDSA = "ecs_lib,ecs_asn1,ecs_ossl,ecs_sign,ecs_vrf,ecs_err" |
| 194 | $ LIB_DH = "dh_asn1,dh_gen,dh_key,dh_lib,dh_check,dh_err" | 204 | $ LIB_DH = "dh_asn1,dh_gen,dh_key,dh_lib,dh_check,dh_err,dh_depr" |
| 205 | $ LIB_ECDH = "ech_lib,ech_ossl,ech_key,ech_err" | ||
| 195 | $ LIB_DSO = "dso_dl,dso_dlfcn,dso_err,dso_lib,dso_null,"+ - | 206 | $ LIB_DSO = "dso_dl,dso_dlfcn,dso_err,dso_lib,dso_null,"+ - |
| 196 | "dso_openssl,dso_win32,dso_vms" | 207 | "dso_openssl,dso_win32,dso_vms" |
| 197 | $ LIB_ENGINE = "eng_err,eng_lib,eng_list,eng_init,eng_ctrl,"+ - | 208 | $ LIB_ENGINE = "eng_err,eng_lib,eng_list,eng_init,eng_ctrl,"+ - |
| 198 | "eng_table,eng_pkey,eng_fat,eng_all,"+ - | 209 | "eng_table,eng_pkey,eng_fat,eng_all,"+ - |
| 199 | "tb_rsa,tb_dsa,tb_dh,tb_rand,tb_cipher,tb_digest,"+ - | 210 | "tb_rsa,tb_dsa,tb_ecdsa,tb_dh,tb_ecdh,tb_rand,tb_store,"+ - |
| 200 | "eng_openssl,eng_dyn,eng_cnf,"+ - | 211 | "tb_cipher,tb_digest,"+ - |
| 201 | "hw_atalla,hw_cswift,hw_ncipher,hw_nuron,hw_ubsec,"+ - | 212 | "eng_openssl,eng_dyn,eng_cnf,eng_cryptodev,eng_padlock" |
| 202 | "hw_cryptodev,hw_aep,hw_sureware,hw_4758_cca" | 213 | $ LIB_AES = "aes_core,aes_misc,aes_ecb,aes_cbc,aes_cfb,aes_ofb,"+ - |
| 203 | $ LIB_AES = "aes_core,aes_misc,aes_ecb,aes_cbc,aes_cfb,aes_ofb,aes_ctr" | 214 | "aes_ctr,aes_ige,aes_wrap" |
| 204 | $ LIB_BUFFER = "buffer,buf_err" | 215 | $ LIB_BUFFER = "buffer,buf_err" |
| 205 | $ LIB_BIO = "bio_lib,bio_cb,bio_err,"+ - | 216 | $ LIB_BIO = "bio_lib,bio_cb,bio_err,"+ - |
| 206 | "bss_mem,bss_null,bss_fd,"+ - | 217 | "bss_mem,bss_null,bss_fd,"+ - |
| 207 | "bss_file,bss_sock,bss_conn,"+ - | 218 | "bss_file,bss_sock,bss_conn,"+ - |
| 208 | "bf_null,bf_buff,b_print,b_dump,"+ - | 219 | "bf_null,bf_buff,b_print,b_dump,"+ - |
| 209 | "b_sock,bss_acpt,bf_nbio,bss_rtcp,bss_bio,bss_log,"+ - | 220 | "b_sock,bss_acpt,bf_nbio,bss_rtcp,bss_bio,bss_log,"+ - |
| 221 | "bss_dgram,"+ - | ||
| 210 | "bf_lbuf" | 222 | "bf_lbuf" |
| 211 | $ LIB_STACK = "stack" | 223 | $ LIB_STACK = "stack" |
| 212 | $ LIB_LHASH = "lhash,lh_stats" | 224 | $ LIB_LHASH = "lhash,lh_stats" |
| @@ -215,11 +227,11 @@ $ LIB_RAND = "md_rand,randfile,rand_lib,rand_err,rand_egd,"+ - | |||
| 215 | $ LIB_ERR = "err,err_all,err_prn" | 227 | $ LIB_ERR = "err,err_all,err_prn" |
| 216 | $ LIB_OBJECTS = "o_names,obj_dat,obj_lib,obj_err" | 228 | $ LIB_OBJECTS = "o_names,obj_dat,obj_lib,obj_err" |
| 217 | $ LIB_EVP = "encode,digest,evp_enc,evp_key,evp_acnf,"+ - | 229 | $ LIB_EVP = "encode,digest,evp_enc,evp_key,evp_acnf,"+ - |
| 218 | "e_des,e_bf,e_idea,e_des3,"+ - | 230 | "e_des,e_bf,e_idea,e_des3,e_camellia,e_seed,"+ - |
| 219 | "e_rc4,e_aes,names,"+ - | 231 | "e_rc4,e_aes,names,"+ - |
| 220 | "e_xcbc_d,e_rc2,e_cast,e_rc5" | 232 | "e_xcbc_d,e_rc2,e_cast,e_rc5" |
| 221 | $ LIB_EVP_2 = "m_null,m_md2,m_md4,m_md5,m_sha,m_sha1," + - | 233 | $ LIB_EVP_2 = "m_null,m_md2,m_md4,m_md5,m_sha,m_sha1," + - |
| 222 | "m_dss,m_dss1,m_mdc2,m_ripemd,"+ - | 234 | "m_dss,m_dss1,m_mdc2,m_ripemd,m_ecdsa,"+ - |
| 223 | "p_open,p_seal,p_sign,p_verify,p_lib,p_enc,p_dec,"+ - | 235 | "p_open,p_seal,p_sign,p_verify,p_lib,p_enc,p_dec,"+ - |
| 224 | "bio_md,bio_b64,bio_enc,evp_err,e_null,"+ - | 236 | "bio_md,bio_b64,bio_enc,evp_err,e_null,"+ - |
| 225 | "c_all,c_allc,c_alld,evp_lib,bio_ok,"+- | 237 | "c_all,c_allc,c_alld,evp_lib,bio_ok,"+- |
| @@ -233,8 +245,8 @@ $ LIB_ASN1 = "a_object,a_bitstr,a_utctm,a_gentm,a_time,a_int,a_octet,"+ - | |||
| 233 | $ LIB_ASN1_2 = "t_req,t_x509,t_x509a,t_crl,t_pkey,t_spki,t_bitst,"+ - | 245 | $ LIB_ASN1_2 = "t_req,t_x509,t_x509a,t_crl,t_pkey,t_spki,t_bitst,"+ - |
| 234 | "tasn_new,tasn_fre,tasn_enc,tasn_dec,tasn_utl,tasn_typ,"+ - | 246 | "tasn_new,tasn_fre,tasn_enc,tasn_dec,tasn_utl,tasn_typ,"+ - |
| 235 | "f_int,f_string,n_pkey,"+ - | 247 | "f_int,f_string,n_pkey,"+ - |
| 236 | "f_enum,a_hdr,x_pkey,a_bool,x_exten,"+ - | 248 | "f_enum,a_hdr,x_pkey,a_bool,x_exten,asn_mime,"+ - |
| 237 | "asn1_par,asn1_lib,asn1_err,a_meth,a_bytes,a_strnid,"+ - | 249 | "asn1_gen,asn1_par,asn1_lib,asn1_err,a_meth,a_bytes,a_strnid,"+ - |
| 238 | "evp_asn1,asn_pack,p5_pbe,p5_pbev2,p8_pkey,asn_moid" | 250 | "evp_asn1,asn_pack,p5_pbe,p5_pbev2,p8_pkey,asn_moid" |
| 239 | $ LIB_PEM = "pem_sign,pem_seal,pem_info,pem_lib,pem_all,pem_err,"+ - | 251 | $ LIB_PEM = "pem_sign,pem_seal,pem_info,pem_lib,pem_all,pem_err,"+ - |
| 240 | "pem_x509,pem_xaux,pem_oth,pem_pk8,pem_pkey" | 252 | "pem_x509,pem_xaux,pem_oth,pem_pk8,pem_pkey" |
| @@ -243,11 +255,13 @@ $ LIB_X509 = "x509_def,x509_d2,x509_r2x,x509_cmp,"+ - | |||
| 243 | "x509_set,x509cset,x509rset,x509_err,"+ - | 255 | "x509_set,x509cset,x509rset,x509_err,"+ - |
| 244 | "x509name,x509_v3,x509_ext,x509_att,"+ - | 256 | "x509name,x509_v3,x509_ext,x509_att,"+ - |
| 245 | "x509type,x509_lu,x_all,x509_txt,"+ - | 257 | "x509type,x509_lu,x_all,x509_txt,"+ - |
| 246 | "x509_trs,by_file,by_dir" | 258 | "x509_trs,by_file,by_dir,x509_vpm" |
| 247 | $ LIB_X509V3 = "v3_bcons,v3_bitst,v3_conf,v3_extku,v3_ia5,v3_lib,"+ - | 259 | $ LIB_X509V3 = "v3_bcons,v3_bitst,v3_conf,v3_extku,v3_ia5,v3_lib,"+ - |
| 248 | "v3_prn,v3_utl,v3err,v3_genn,v3_alt,v3_skey,v3_akey,v3_pku,"+ - | 260 | "v3_prn,v3_utl,v3err,v3_genn,v3_alt,v3_skey,v3_akey,v3_pku,"+ - |
| 249 | "v3_int,v3_enum,v3_sxnet,v3_cpols,v3_crld,v3_purp,v3_info,"+ - | 261 | "v3_int,v3_enum,v3_sxnet,v3_cpols,v3_crld,v3_purp,v3_info,"+ - |
| 250 | "v3_ocsp,v3_akeya,v3_pcia,v3_pci" | 262 | "v3_ocsp,v3_akeya,v3_pmaps,v3_pcons,v3_ncons,v3_pcia,v3_pci,"+ - |
| 263 | "pcy_cache,pcy_node,pcy_data,pcy_map,pcy_tree,pcy_lib,"+ - | ||
| 264 | "v3_asid,v3_addr" | ||
| 251 | $ LIB_CONF = "conf_err,conf_lib,conf_api,conf_def,conf_mod,conf_mall,conf_sap" | 265 | $ LIB_CONF = "conf_err,conf_lib,conf_api,conf_def,conf_mod,conf_mall,conf_sap" |
| 252 | $ LIB_TXT_DB = "txt_db" | 266 | $ LIB_TXT_DB = "txt_db" |
| 253 | $ LIB_PKCS7 = "pk7_asn1,pk7_lib,pkcs7err,pk7_doit,pk7_smime,pk7_attr,"+ - | 267 | $ LIB_PKCS7 = "pk7_asn1,pk7_lib,pkcs7err,pk7_doit,pk7_smime,pk7_attr,"+ - |
| @@ -262,13 +276,17 @@ $ LIB_OCSP = "ocsp_asn,ocsp_ext,ocsp_ht,ocsp_lib,ocsp_cl,"+ - | |||
| 262 | $ LIB_UI_COMPAT = ",ui_compat" | 276 | $ LIB_UI_COMPAT = ",ui_compat" |
| 263 | $ LIB_UI = "ui_err,ui_lib,ui_openssl,ui_util"+LIB_UI_COMPAT | 277 | $ LIB_UI = "ui_err,ui_lib,ui_openssl,ui_util"+LIB_UI_COMPAT |
| 264 | $ LIB_KRB5 = "krb5_asn" | 278 | $ LIB_KRB5 = "krb5_asn" |
| 279 | $ LIB_STORE = "str_err,str_lib,str_meth,str_mem" | ||
| 280 | $ LIB_CMS = "cms_lib,cms_asn1,cms_att,cms_io,cms_smime,cms_err,"+ - | ||
| 281 | "cms_sd,cms_dd,cms_cd,cms_env,cms_enc,cms_ess" | ||
| 282 | $ LIB_PQUEUE = "pqueue" | ||
| 265 | $! | 283 | $! |
| 266 | $! Setup exceptional compilations | 284 | $! Setup exceptional compilations |
| 267 | $! | 285 | $! |
| 268 | $ ! Add definitions for no threads on OpenVMS 7.1 and higher | 286 | $ ! Add definitions for no threads on OpenVMS 7.1 and higher |
| 269 | $ COMPILEWITH_CC3 = ",bss_rtcp," | 287 | $ COMPILEWITH_CC3 = ",bss_rtcp," |
| 270 | $ ! Disable the DOLLARID warning | 288 | $ ! Disable the DOLLARID warning |
| 271 | $ COMPILEWITH_CC4 = ",a_utctm,bss_log,o_time," | 289 | $ COMPILEWITH_CC4 = ",a_utctm,bss_log,o_time,o_dir" |
| 272 | $ ! Disable disjoint optimization | 290 | $ ! Disable disjoint optimization |
| 273 | $ COMPILEWITH_CC5 = ",md2_dgst,md4_dgst,md5_dgst,mdc2dgst," + - | 291 | $ COMPILEWITH_CC5 = ",md2_dgst,md4_dgst,md5_dgst,mdc2dgst," + - |
| 274 | "sha_dgst,sha1dgst,rmd_dgst,bf_enc," | 292 | "sha_dgst,sha1dgst,rmd_dgst,bf_enc," |
diff --git a/src/lib/libssl/src/crypto/crypto.h b/src/lib/libssl/src/crypto/crypto.h index 22fd939e65..d2b5ffe332 100644 --- a/src/lib/libssl/src/crypto/crypto.h +++ b/src/lib/libssl/src/crypto/crypto.h | |||
| @@ -1,4 +1,57 @@ | |||
| 1 | /* crypto/crypto.h */ | 1 | /* crypto/crypto.h */ |
| 2 | /* ==================================================================== | ||
| 3 | * Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved. | ||
| 4 | * | ||
| 5 | * Redistribution and use in source and binary forms, with or without | ||
| 6 | * modification, are permitted provided that the following conditions | ||
| 7 | * are met: | ||
| 8 | * | ||
| 9 | * 1. Redistributions of source code must retain the above copyright | ||
| 10 | * notice, this list of conditions and the following disclaimer. | ||
| 11 | * | ||
| 12 | * 2. Redistributions in binary form must reproduce the above copyright | ||
| 13 | * notice, this list of conditions and the following disclaimer in | ||
| 14 | * the documentation and/or other materials provided with the | ||
| 15 | * distribution. | ||
| 16 | * | ||
| 17 | * 3. All advertising materials mentioning features or use of this | ||
| 18 | * software must display the following acknowledgment: | ||
| 19 | * "This product includes software developed by the OpenSSL Project | ||
| 20 | * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" | ||
| 21 | * | ||
| 22 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | ||
| 23 | * endorse or promote products derived from this software without | ||
| 24 | * prior written permission. For written permission, please contact | ||
| 25 | * openssl-core@openssl.org. | ||
| 26 | * | ||
| 27 | * 5. Products derived from this software may not be called "OpenSSL" | ||
| 28 | * nor may "OpenSSL" appear in their names without prior written | ||
| 29 | * permission of the OpenSSL Project. | ||
| 30 | * | ||
| 31 | * 6. Redistributions of any form whatsoever must retain the following | ||
| 32 | * acknowledgment: | ||
| 33 | * "This product includes software developed by the OpenSSL Project | ||
| 34 | * for use in the OpenSSL Toolkit (http://www.openssl.org/)" | ||
| 35 | * | ||
| 36 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | ||
| 37 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
| 38 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | ||
| 39 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | ||
| 40 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | ||
| 41 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
| 42 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | ||
| 43 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
| 44 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | ||
| 45 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | ||
| 46 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | ||
| 47 | * OF THE POSSIBILITY OF SUCH DAMAGE. | ||
| 48 | * ==================================================================== | ||
| 49 | * | ||
| 50 | * This product includes cryptographic software written by Eric Young | ||
| 51 | * (eay@cryptsoft.com). This product includes software written by Tim | ||
| 52 | * Hudson (tjh@cryptsoft.com). | ||
| 53 | * | ||
| 54 | */ | ||
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 55 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 56 | * All rights reserved. |
| 4 | * | 57 | * |
| @@ -55,12 +108,19 @@ | |||
| 55 | * copied and put under another distribution licence | 108 | * copied and put under another distribution licence |
| 56 | * [including the GNU Public Licence.] | 109 | * [including the GNU Public Licence.] |
| 57 | */ | 110 | */ |
| 111 | /* ==================================================================== | ||
| 112 | * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. | ||
| 113 | * ECDH support in OpenSSL originally developed by | ||
| 114 | * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. | ||
| 115 | */ | ||
| 58 | 116 | ||
| 59 | #ifndef HEADER_CRYPTO_H | 117 | #ifndef HEADER_CRYPTO_H |
| 60 | #define HEADER_CRYPTO_H | 118 | #define HEADER_CRYPTO_H |
| 61 | 119 | ||
| 62 | #include <stdlib.h> | 120 | #include <stdlib.h> |
| 63 | 121 | ||
| 122 | #include <openssl/e_os2.h> | ||
| 123 | |||
| 64 | #ifndef OPENSSL_NO_FP_API | 124 | #ifndef OPENSSL_NO_FP_API |
| 65 | #include <stdio.h> | 125 | #include <stdio.h> |
| 66 | #endif | 126 | #endif |
| @@ -68,6 +128,7 @@ | |||
| 68 | #include <openssl/stack.h> | 128 | #include <openssl/stack.h> |
| 69 | #include <openssl/safestack.h> | 129 | #include <openssl/safestack.h> |
| 70 | #include <openssl/opensslv.h> | 130 | #include <openssl/opensslv.h> |
| 131 | #include <openssl/ossl_typ.h> | ||
| 71 | 132 | ||
| 72 | #ifdef CHARSET_EBCDIC | 133 | #ifdef CHARSET_EBCDIC |
| 73 | #include <openssl/ebcdic.h> | 134 | #include <openssl/ebcdic.h> |
| @@ -92,15 +153,39 @@ extern "C" { | |||
| 92 | #define SSLEAY_PLATFORM 4 | 153 | #define SSLEAY_PLATFORM 4 |
| 93 | #define SSLEAY_DIR 5 | 154 | #define SSLEAY_DIR 5 |
| 94 | 155 | ||
| 156 | /* Already declared in ossl_typ.h */ | ||
| 157 | #if 0 | ||
| 158 | typedef struct crypto_ex_data_st CRYPTO_EX_DATA; | ||
| 159 | /* Called when a new object is created */ | ||
| 160 | typedef int CRYPTO_EX_new(void *parent, void *ptr, CRYPTO_EX_DATA *ad, | ||
| 161 | int idx, long argl, void *argp); | ||
| 162 | /* Called when an object is free()ed */ | ||
| 163 | typedef void CRYPTO_EX_free(void *parent, void *ptr, CRYPTO_EX_DATA *ad, | ||
| 164 | int idx, long argl, void *argp); | ||
| 165 | /* Called when we need to dup an object */ | ||
| 166 | typedef int CRYPTO_EX_dup(CRYPTO_EX_DATA *to, CRYPTO_EX_DATA *from, void *from_d, | ||
| 167 | int idx, long argl, void *argp); | ||
| 168 | #endif | ||
| 169 | |||
| 170 | /* A generic structure to pass assorted data in a expandable way */ | ||
| 171 | typedef struct openssl_item_st | ||
| 172 | { | ||
| 173 | int code; | ||
| 174 | void *value; /* Not used for flag attributes */ | ||
| 175 | size_t value_size; /* Max size of value for output, length for input */ | ||
| 176 | size_t *value_length; /* Returned length of value for output */ | ||
| 177 | } OPENSSL_ITEM; | ||
| 178 | |||
| 179 | |||
| 95 | /* When changing the CRYPTO_LOCK_* list, be sure to maintin the text lock | 180 | /* When changing the CRYPTO_LOCK_* list, be sure to maintin the text lock |
| 96 | * names in cryptlib.c | 181 | * names in cryptlib.c |
| 97 | */ | 182 | */ |
| 98 | 183 | ||
| 99 | #define CRYPTO_LOCK_ERR 1 | 184 | #define CRYPTO_LOCK_ERR 1 |
| 100 | #define CRYPTO_LOCK_EX_DATA 2 | 185 | #define CRYPTO_LOCK_EX_DATA 2 |
| 101 | #define CRYPTO_LOCK_X509 3 | 186 | #define CRYPTO_LOCK_X509 3 |
| 102 | #define CRYPTO_LOCK_X509_INFO 4 | 187 | #define CRYPTO_LOCK_X509_INFO 4 |
| 103 | #define CRYPTO_LOCK_X509_PKEY 5 | 188 | #define CRYPTO_LOCK_X509_PKEY 5 |
| 104 | #define CRYPTO_LOCK_X509_CRL 6 | 189 | #define CRYPTO_LOCK_X509_CRL 6 |
| 105 | #define CRYPTO_LOCK_X509_REQ 7 | 190 | #define CRYPTO_LOCK_X509_REQ 7 |
| 106 | #define CRYPTO_LOCK_DSA 8 | 191 | #define CRYPTO_LOCK_DSA 8 |
| @@ -127,10 +212,14 @@ extern "C" { | |||
| 127 | #define CRYPTO_LOCK_DYNLOCK 29 | 212 | #define CRYPTO_LOCK_DYNLOCK 29 |
| 128 | #define CRYPTO_LOCK_ENGINE 30 | 213 | #define CRYPTO_LOCK_ENGINE 30 |
| 129 | #define CRYPTO_LOCK_UI 31 | 214 | #define CRYPTO_LOCK_UI 31 |
| 130 | #define CRYPTO_LOCK_HWCRHK 32 /* This is a HACK which will disappear in 0.9.8 */ | 215 | #define CRYPTO_LOCK_ECDSA 32 |
| 131 | #define CRYPTO_LOCK_FIPS 33 | 216 | #define CRYPTO_LOCK_EC 33 |
| 132 | #define CRYPTO_LOCK_FIPS2 34 | 217 | #define CRYPTO_LOCK_ECDH 34 |
| 133 | #define CRYPTO_NUM_LOCKS 35 | 218 | #define CRYPTO_LOCK_BN 35 |
| 219 | #define CRYPTO_LOCK_EC_PRE_COMP 36 | ||
| 220 | #define CRYPTO_LOCK_STORE 37 | ||
| 221 | #define CRYPTO_LOCK_COMP 38 | ||
| 222 | #define CRYPTO_NUM_LOCKS 39 | ||
| 134 | 223 | ||
| 135 | #define CRYPTO_LOCK 1 | 224 | #define CRYPTO_LOCK 1 |
| 136 | #define CRYPTO_UNLOCK 2 | 225 | #define CRYPTO_UNLOCK 2 |
| @@ -191,21 +280,11 @@ typedef struct | |||
| 191 | /* predec of the BIO type */ | 280 | /* predec of the BIO type */ |
| 192 | typedef struct bio_st BIO_dummy; | 281 | typedef struct bio_st BIO_dummy; |
| 193 | 282 | ||
| 194 | typedef struct crypto_ex_data_st | 283 | struct crypto_ex_data_st |
| 195 | { | 284 | { |
| 196 | STACK *sk; | 285 | STACK *sk; |
| 197 | int dummy; /* gcc is screwing up this data structure :-( */ | 286 | int dummy; /* gcc is screwing up this data structure :-( */ |
| 198 | } CRYPTO_EX_DATA; | 287 | }; |
| 199 | |||
| 200 | /* Called when a new object is created */ | ||
| 201 | typedef int CRYPTO_EX_new(void *parent, void *ptr, CRYPTO_EX_DATA *ad, | ||
| 202 | int idx, long argl, void *argp); | ||
| 203 | /* Called when an object is free()ed */ | ||
| 204 | typedef void CRYPTO_EX_free(void *parent, void *ptr, CRYPTO_EX_DATA *ad, | ||
| 205 | int idx, long argl, void *argp); | ||
| 206 | /* Called when we need to dup an object */ | ||
| 207 | typedef int CRYPTO_EX_dup(CRYPTO_EX_DATA *to, CRYPTO_EX_DATA *from, void *from_d, | ||
| 208 | int idx, long argl, void *argp); | ||
| 209 | 288 | ||
| 210 | /* This stuff is basically class callback functions | 289 | /* This stuff is basically class callback functions |
| 211 | * The current classes are SSL_CTX, SSL, SSL_SESSION, and a few more */ | 290 | * The current classes are SSL_CTX, SSL, SSL_SESSION, and a few more */ |
| @@ -237,6 +316,10 @@ DECLARE_STACK_OF(CRYPTO_EX_DATA_FUNCS) | |||
| 237 | #define CRYPTO_EX_INDEX_ENGINE 9 | 316 | #define CRYPTO_EX_INDEX_ENGINE 9 |
| 238 | #define CRYPTO_EX_INDEX_X509 10 | 317 | #define CRYPTO_EX_INDEX_X509 10 |
| 239 | #define CRYPTO_EX_INDEX_UI 11 | 318 | #define CRYPTO_EX_INDEX_UI 11 |
| 319 | #define CRYPTO_EX_INDEX_ECDSA 12 | ||
| 320 | #define CRYPTO_EX_INDEX_ECDH 13 | ||
| 321 | #define CRYPTO_EX_INDEX_COMP 14 | ||
| 322 | #define CRYPTO_EX_INDEX_STORE 15 | ||
| 240 | 323 | ||
| 241 | /* Dynamically assigned indexes start from this value (don't use directly, use | 324 | /* Dynamically assigned indexes start from this value (don't use directly, use |
| 242 | * via CRYPTO_ex_data_new_class). */ | 325 | * via CRYPTO_ex_data_new_class). */ |
| @@ -434,61 +517,10 @@ void CRYPTO_mem_leaks_cb(CRYPTO_MEM_LEAK_CB *cb); | |||
| 434 | 517 | ||
| 435 | /* die if we have to */ | 518 | /* die if we have to */ |
| 436 | void OpenSSLDie(const char *file,int line,const char *assertion); | 519 | void OpenSSLDie(const char *file,int line,const char *assertion); |
| 437 | #define OPENSSL_assert(e) (void)((e) ? 0 : (OpenSSLDie(__FILE__, __LINE__, #e),1)) | 520 | #define OPENSSL_assert(e) (void)((e) ? 0 : (OpenSSLDie(__FILE__, __LINE__, #e),1)) |
| 438 | |||
| 439 | #ifdef OPENSSL_FIPS | ||
| 440 | #define FIPS_ERROR_IGNORED(alg) OpenSSLDie(__FILE__, __LINE__, \ | ||
| 441 | alg " previous FIPS forbidden algorithm error ignored"); | ||
| 442 | |||
| 443 | #define FIPS_BAD_ABORT(alg) OpenSSLDie(__FILE__, __LINE__, \ | ||
| 444 | #alg " Algorithm forbidden in FIPS mode"); | ||
| 445 | |||
| 446 | #ifdef OPENSSL_FIPS_STRICT | ||
| 447 | #define FIPS_BAD_ALGORITHM(alg) FIPS_BAD_ABORT(alg) | ||
| 448 | #else | ||
| 449 | #define FIPS_BAD_ALGORITHM(alg) \ | ||
| 450 | { \ | ||
| 451 | FIPSerr(FIPS_F_HASH_FINAL,FIPS_R_NON_FIPS_METHOD); \ | ||
| 452 | ERR_add_error_data(2, "Algorithm=", #alg); \ | ||
| 453 | return 0; \ | ||
| 454 | } | ||
| 455 | #endif | ||
| 456 | |||
| 457 | /* Low level digest API blocking macro */ | ||
| 458 | |||
| 459 | #define FIPS_NON_FIPS_MD_Init(alg) \ | ||
| 460 | int alg##_Init(alg##_CTX *c) \ | ||
| 461 | { \ | ||
| 462 | if (FIPS_mode()) \ | ||
| 463 | FIPS_BAD_ALGORITHM(alg) \ | ||
| 464 | return private_##alg##_Init(c); \ | ||
| 465 | } \ | ||
| 466 | int private_##alg##_Init(alg##_CTX *c) | ||
| 467 | |||
| 468 | /* For ciphers the API often varies from cipher to cipher and each needs to | ||
| 469 | * be treated as a special case. Variable key length ciphers (Blowfish, RC4, | ||
| 470 | * CAST) however are very similar and can use a blocking macro. | ||
| 471 | */ | ||
| 472 | |||
| 473 | #define FIPS_NON_FIPS_VCIPHER_Init(alg) \ | ||
| 474 | void alg##_set_key(alg##_KEY *key, int len, const unsigned char *data) \ | ||
| 475 | { \ | ||
| 476 | if (FIPS_mode()) \ | ||
| 477 | FIPS_BAD_ABORT(alg) \ | ||
| 478 | private_##alg##_set_key(key, len, data); \ | ||
| 479 | } \ | ||
| 480 | void private_##alg##_set_key(alg##_KEY *key, int len, \ | ||
| 481 | const unsigned char *data) | ||
| 482 | |||
| 483 | #else | ||
| 484 | |||
| 485 | #define FIPS_NON_FIPS_VCIPHER_Init(alg) \ | ||
| 486 | void alg##_set_key(alg##_KEY *key, int len, const unsigned char *data) | ||
| 487 | |||
| 488 | #define FIPS_NON_FIPS_MD_Init(alg) \ | ||
| 489 | int alg##_Init(alg##_CTX *c) | ||
| 490 | 521 | ||
| 491 | #endif /* def OPENSSL_FIPS */ | 522 | unsigned long *OPENSSL_ia32cap_loc(void); |
| 523 | #define OPENSSL_ia32cap (*(OPENSSL_ia32cap_loc())) | ||
| 492 | 524 | ||
| 493 | /* BEGIN ERROR CODES */ | 525 | /* BEGIN ERROR CODES */ |
| 494 | /* The following lines are auto generated by the script mkerr.pl. Any changes | 526 | /* The following lines are auto generated by the script mkerr.pl. Any changes |
diff --git a/src/lib/libssl/src/crypto/cversion.c b/src/lib/libssl/src/crypto/cversion.c index beeeb14013..ea9f25fd16 100644 --- a/src/lib/libssl/src/crypto/cversion.c +++ b/src/lib/libssl/src/crypto/cversion.c | |||
| @@ -56,10 +56,7 @@ | |||
| 56 | * [including the GNU Public Licence.] | 56 | * [including the GNU Public Licence.] |
| 57 | */ | 57 | */ |
| 58 | 58 | ||
| 59 | #include <stdio.h> | ||
| 60 | #include <string.h> | ||
| 61 | #include "cryptlib.h" | 59 | #include "cryptlib.h" |
| 62 | #include <openssl/crypto.h> | ||
| 63 | 60 | ||
| 64 | #ifndef NO_WINDOWS_BRAINDEATH | 61 | #ifndef NO_WINDOWS_BRAINDEATH |
| 65 | #include "buildinf.h" | 62 | #include "buildinf.h" |
diff --git a/src/lib/libssl/src/crypto/des/cfb64ede.c b/src/lib/libssl/src/crypto/des/cfb64ede.c index f3c6018528..de34ecceb9 100644 --- a/src/lib/libssl/src/crypto/des/cfb64ede.c +++ b/src/lib/libssl/src/crypto/des/cfb64ede.c | |||
| @@ -152,8 +152,8 @@ void DES_ede3_cfb_encrypt(const unsigned char *in,unsigned char *out, | |||
| 152 | DES_cblock *ivec,int enc) | 152 | DES_cblock *ivec,int enc) |
| 153 | { | 153 | { |
| 154 | register DES_LONG d0,d1,v0,v1; | 154 | register DES_LONG d0,d1,v0,v1; |
| 155 | register long l=length; | 155 | register unsigned long l=length,n=((unsigned int)numbits+7)/8; |
| 156 | register int num=numbits,n=(numbits+7)/8,i; | 156 | register int num=numbits,i; |
| 157 | DES_LONG ti[2]; | 157 | DES_LONG ti[2]; |
| 158 | unsigned char *iv; | 158 | unsigned char *iv; |
| 159 | unsigned char ovec[16]; | 159 | unsigned char ovec[16]; |
diff --git a/src/lib/libssl/src/crypto/des/cfb_enc.c b/src/lib/libssl/src/crypto/des/cfb_enc.c index 03cabb223c..720f29a28e 100644 --- a/src/lib/libssl/src/crypto/des/cfb_enc.c +++ b/src/lib/libssl/src/crypto/des/cfb_enc.c | |||
| @@ -58,6 +58,7 @@ | |||
| 58 | 58 | ||
| 59 | #include "e_os.h" | 59 | #include "e_os.h" |
| 60 | #include "des_locl.h" | 60 | #include "des_locl.h" |
| 61 | #include <assert.h> | ||
| 61 | 62 | ||
| 62 | /* The input and output are loaded in multiples of 8 bits. | 63 | /* The input and output are loaded in multiples of 8 bits. |
| 63 | * What this means is that if you hame numbits=12 and length=2 | 64 | * What this means is that if you hame numbits=12 and length=2 |
| @@ -72,19 +73,29 @@ void DES_cfb_encrypt(const unsigned char *in, unsigned char *out, int numbits, | |||
| 72 | int enc) | 73 | int enc) |
| 73 | { | 74 | { |
| 74 | register DES_LONG d0,d1,v0,v1; | 75 | register DES_LONG d0,d1,v0,v1; |
| 75 | register unsigned long l=length,n=(numbits+7)/8; | 76 | register unsigned long l=length; |
| 76 | register int num=numbits,i; | 77 | register int num=numbits/8,n=(numbits+7)/8,i,rem=numbits%8; |
| 77 | DES_LONG ti[2]; | 78 | DES_LONG ti[2]; |
| 78 | unsigned char *iv; | 79 | unsigned char *iv; |
| 80 | #ifndef L_ENDIAN | ||
| 79 | unsigned char ovec[16]; | 81 | unsigned char ovec[16]; |
| 82 | #else | ||
| 83 | unsigned int sh[4]; | ||
| 84 | unsigned char *ovec=(unsigned char *)sh; | ||
| 80 | 85 | ||
| 81 | if (num > 64) return; | 86 | /* I kind of count that compiler optimizes away this assertioni,*/ |
| 87 | assert (sizeof(sh[0])==4); /* as this holds true for all, */ | ||
| 88 | /* but 16-bit platforms... */ | ||
| 89 | |||
| 90 | #endif | ||
| 91 | |||
| 92 | if (numbits<=0 || numbits > 64) return; | ||
| 82 | iv = &(*ivec)[0]; | 93 | iv = &(*ivec)[0]; |
| 83 | c2l(iv,v0); | 94 | c2l(iv,v0); |
| 84 | c2l(iv,v1); | 95 | c2l(iv,v1); |
| 85 | if (enc) | 96 | if (enc) |
| 86 | { | 97 | { |
| 87 | while (l >= n) | 98 | while (l >= (unsigned long)n) |
| 88 | { | 99 | { |
| 89 | l-=n; | 100 | l-=n; |
| 90 | ti[0]=v0; | 101 | ti[0]=v0; |
| @@ -98,35 +109,40 @@ void DES_cfb_encrypt(const unsigned char *in, unsigned char *out, int numbits, | |||
| 98 | out+=n; | 109 | out+=n; |
| 99 | /* 30-08-94 - eay - changed because l>>32 and | 110 | /* 30-08-94 - eay - changed because l>>32 and |
| 100 | * l<<32 are bad under gcc :-( */ | 111 | * l<<32 are bad under gcc :-( */ |
| 101 | if (num == 32) | 112 | if (numbits == 32) |
| 102 | { v0=v1; v1=d0; } | 113 | { v0=v1; v1=d0; } |
| 103 | else if (num == 64) | 114 | else if (numbits == 64) |
| 104 | { v0=d0; v1=d1; } | 115 | { v0=d0; v1=d1; } |
| 105 | else | 116 | else |
| 106 | { | 117 | { |
| 118 | #ifndef L_ENDIAN | ||
| 107 | iv=&ovec[0]; | 119 | iv=&ovec[0]; |
| 108 | l2c(v0,iv); | 120 | l2c(v0,iv); |
| 109 | l2c(v1,iv); | 121 | l2c(v1,iv); |
| 110 | l2c(d0,iv); | 122 | l2c(d0,iv); |
| 111 | l2c(d1,iv); | 123 | l2c(d1,iv); |
| 112 | /* shift ovec left most of the bits... */ | 124 | #else |
| 113 | memmove(ovec,ovec+num/8,8+(num%8 ? 1 : 0)); | 125 | sh[0]=v0, sh[1]=v1, sh[2]=d0, sh[3]=d1; |
| 114 | /* now the remaining bits */ | 126 | #endif |
| 115 | if(num%8 != 0) | 127 | if (rem==0) |
| 128 | memmove(ovec,ovec+num,8); | ||
| 129 | else | ||
| 116 | for(i=0 ; i < 8 ; ++i) | 130 | for(i=0 ; i < 8 ; ++i) |
| 117 | { | 131 | ovec[i]=ovec[i+num]<<rem | |
| 118 | ovec[i]<<=num%8; | 132 | ovec[i+num+1]>>(8-rem); |
| 119 | ovec[i]|=ovec[i+1]>>(8-num%8); | 133 | #ifdef L_ENDIAN |
| 120 | } | 134 | v0=sh[0], v1=sh[1]; |
| 135 | #else | ||
| 121 | iv=&ovec[0]; | 136 | iv=&ovec[0]; |
| 122 | c2l(iv,v0); | 137 | c2l(iv,v0); |
| 123 | c2l(iv,v1); | 138 | c2l(iv,v1); |
| 139 | #endif | ||
| 124 | } | 140 | } |
| 125 | } | 141 | } |
| 126 | } | 142 | } |
| 127 | else | 143 | else |
| 128 | { | 144 | { |
| 129 | while (l >= n) | 145 | while (l >= (unsigned long)n) |
| 130 | { | 146 | { |
| 131 | l-=n; | 147 | l-=n; |
| 132 | ti[0]=v0; | 148 | ti[0]=v0; |
| @@ -136,29 +152,34 @@ void DES_cfb_encrypt(const unsigned char *in, unsigned char *out, int numbits, | |||
| 136 | in+=n; | 152 | in+=n; |
| 137 | /* 30-08-94 - eay - changed because l>>32 and | 153 | /* 30-08-94 - eay - changed because l>>32 and |
| 138 | * l<<32 are bad under gcc :-( */ | 154 | * l<<32 are bad under gcc :-( */ |
| 139 | if (num == 32) | 155 | if (numbits == 32) |
| 140 | { v0=v1; v1=d0; } | 156 | { v0=v1; v1=d0; } |
| 141 | else if (num == 64) | 157 | else if (numbits == 64) |
| 142 | { v0=d0; v1=d1; } | 158 | { v0=d0; v1=d1; } |
| 143 | else | 159 | else |
| 144 | { | 160 | { |
| 161 | #ifndef L_ENDIAN | ||
| 145 | iv=&ovec[0]; | 162 | iv=&ovec[0]; |
| 146 | l2c(v0,iv); | 163 | l2c(v0,iv); |
| 147 | l2c(v1,iv); | 164 | l2c(v1,iv); |
| 148 | l2c(d0,iv); | 165 | l2c(d0,iv); |
| 149 | l2c(d1,iv); | 166 | l2c(d1,iv); |
| 150 | /* shift ovec left most of the bits... */ | 167 | #else |
| 151 | memmove(ovec,ovec+num/8,8+(num%8 ? 1 : 0)); | 168 | sh[0]=v0, sh[1]=v1, sh[2]=d0, sh[3]=d1; |
| 152 | /* now the remaining bits */ | 169 | #endif |
| 153 | if(num%8 != 0) | 170 | if (rem==0) |
| 171 | memmove(ovec,ovec+num,8); | ||
| 172 | else | ||
| 154 | for(i=0 ; i < 8 ; ++i) | 173 | for(i=0 ; i < 8 ; ++i) |
| 155 | { | 174 | ovec[i]=ovec[i+num]<<rem | |
| 156 | ovec[i]<<=num%8; | 175 | ovec[i+num+1]>>(8-rem); |
| 157 | ovec[i]|=ovec[i+1]>>(8-num%8); | 176 | #ifdef L_ENDIAN |
| 158 | } | 177 | v0=sh[0], v1=sh[1]; |
| 178 | #else | ||
| 159 | iv=&ovec[0]; | 179 | iv=&ovec[0]; |
| 160 | c2l(iv,v0); | 180 | c2l(iv,v0); |
| 161 | c2l(iv,v1); | 181 | c2l(iv,v1); |
| 182 | #endif | ||
| 162 | } | 183 | } |
| 163 | d0^=ti[0]; | 184 | d0^=ti[0]; |
| 164 | d1^=ti[1]; | 185 | d1^=ti[1]; |
diff --git a/src/lib/libssl/src/crypto/des/des.h b/src/lib/libssl/src/crypto/des/des.h index 81bd874edd..7318593699 100644 --- a/src/lib/libssl/src/crypto/des/des.h +++ b/src/lib/libssl/src/crypto/des/des.h | |||
| @@ -59,13 +59,13 @@ | |||
| 59 | #ifndef HEADER_DES_H | 59 | #ifndef HEADER_DES_H |
| 60 | #define HEADER_DES_H | 60 | #define HEADER_DES_H |
| 61 | 61 | ||
| 62 | #include <openssl/e_os2.h> /* OPENSSL_EXTERN, OPENSSL_NO_DES, | ||
| 63 | DES_LONG (via openssl/opensslconf.h */ | ||
| 64 | |||
| 62 | #ifdef OPENSSL_NO_DES | 65 | #ifdef OPENSSL_NO_DES |
| 63 | #error DES is disabled. | 66 | #error DES is disabled. |
| 64 | #endif | 67 | #endif |
| 65 | 68 | ||
| 66 | #include <openssl/opensslconf.h> /* DES_LONG */ | ||
| 67 | #include <openssl/e_os2.h> /* OPENSSL_EXTERN */ | ||
| 68 | |||
| 69 | #ifdef OPENSSL_BUILD_SHLIBCRYPTO | 69 | #ifdef OPENSSL_BUILD_SHLIBCRYPTO |
| 70 | # undef OPENSSL_EXTERN | 70 | # undef OPENSSL_EXTERN |
| 71 | # define OPENSSL_EXTERN OPENSSL_EXPORT | 71 | # define OPENSSL_EXTERN OPENSSL_EXPORT |
| @@ -130,7 +130,7 @@ OPENSSL_DECLARE_GLOBAL(int,DES_rw_mode); /* defaults to DES_PCBC_MODE */ | |||
| 130 | #define DES_rw_mode OPENSSL_GLOBAL_REF(DES_rw_mode) | 130 | #define DES_rw_mode OPENSSL_GLOBAL_REF(DES_rw_mode) |
| 131 | 131 | ||
| 132 | const char *DES_options(void); | 132 | const char *DES_options(void); |
| 133 | void DES_ecb3_encrypt(const unsigned char *input, unsigned char *output, | 133 | void DES_ecb3_encrypt(const_DES_cblock *input, DES_cblock *output, |
| 134 | DES_key_schedule *ks1,DES_key_schedule *ks2, | 134 | DES_key_schedule *ks1,DES_key_schedule *ks2, |
| 135 | DES_key_schedule *ks3, int enc); | 135 | DES_key_schedule *ks3, int enc); |
| 136 | DES_LONG DES_cbc_cksum(const unsigned char *input,DES_cblock *output, | 136 | DES_LONG DES_cbc_cksum(const unsigned char *input,DES_cblock *output, |
| @@ -197,9 +197,10 @@ void DES_ede3_ofb64_encrypt(const unsigned char *in,unsigned char *out, | |||
| 197 | long length,DES_key_schedule *ks1, | 197 | long length,DES_key_schedule *ks1, |
| 198 | DES_key_schedule *ks2,DES_key_schedule *ks3, | 198 | DES_key_schedule *ks2,DES_key_schedule *ks3, |
| 199 | DES_cblock *ivec,int *num); | 199 | DES_cblock *ivec,int *num); |
| 200 | 200 | #if 0 | |
| 201 | void DES_xwhite_in2out(const_DES_cblock *DES_key,const_DES_cblock *in_white, | 201 | void DES_xwhite_in2out(const_DES_cblock *DES_key,const_DES_cblock *in_white, |
| 202 | DES_cblock *out_white); | 202 | DES_cblock *out_white); |
| 203 | #endif | ||
| 203 | 204 | ||
| 204 | int DES_enc_read(int fd,void *buf,int len,DES_key_schedule *sched, | 205 | int DES_enc_read(int fd,void *buf,int len,DES_key_schedule *sched, |
| 205 | DES_cblock *iv); | 206 | DES_cblock *iv); |
diff --git a/src/lib/libssl/src/crypto/des/des_enc.c b/src/lib/libssl/src/crypto/des/des_enc.c index 6a49ec4a55..53705b9f5b 100644 --- a/src/lib/libssl/src/crypto/des/des_enc.c +++ b/src/lib/libssl/src/crypto/des/des_enc.c | |||
| @@ -58,9 +58,6 @@ | |||
| 58 | 58 | ||
| 59 | #include "des_locl.h" | 59 | #include "des_locl.h" |
| 60 | 60 | ||
| 61 | #ifndef OPENSSL_FIPS | ||
| 62 | #ifndef OPENBSD_DES_ASM | ||
| 63 | |||
| 64 | void DES_encrypt1(DES_LONG *data, DES_key_schedule *ks, int enc) | 61 | void DES_encrypt1(DES_LONG *data, DES_key_schedule *ks, int enc) |
| 65 | { | 62 | { |
| 66 | register DES_LONG l,r,t,u; | 63 | register DES_LONG l,r,t,u; |
| @@ -291,12 +288,8 @@ void DES_decrypt3(DES_LONG *data, DES_key_schedule *ks1, | |||
| 291 | data[1]=r; | 288 | data[1]=r; |
| 292 | } | 289 | } |
| 293 | 290 | ||
| 294 | #endif /* ndef OPENSSL_FIPS */ | ||
| 295 | |||
| 296 | #ifndef DES_DEFAULT_OPTIONS | 291 | #ifndef DES_DEFAULT_OPTIONS |
| 297 | 292 | ||
| 298 | #if !defined(OPENSSL_FIPS_DES_ASM) | ||
| 299 | |||
| 300 | #undef CBC_ENC_C__DONT_UPDATE_IV | 293 | #undef CBC_ENC_C__DONT_UPDATE_IV |
| 301 | #include "ncbc_enc.c" /* DES_ncbc_encrypt */ | 294 | #include "ncbc_enc.c" /* DES_ncbc_encrypt */ |
| 302 | 295 | ||
| @@ -412,6 +405,4 @@ void DES_ede3_cbc_encrypt(const unsigned char *input, unsigned char *output, | |||
| 412 | tin[0]=tin[1]=0; | 405 | tin[0]=tin[1]=0; |
| 413 | } | 406 | } |
| 414 | 407 | ||
| 415 | #endif /* !defined(OPENSSL_FIPS_DES_ASM) */ | ||
| 416 | |||
| 417 | #endif /* DES_DEFAULT_OPTIONS */ | 408 | #endif /* DES_DEFAULT_OPTIONS */ |
diff --git a/src/lib/libssl/src/crypto/des/des_locl.h b/src/lib/libssl/src/crypto/des/des_locl.h index 8f04b18c50..4b9ecff233 100644 --- a/src/lib/libssl/src/crypto/des/des_locl.h +++ b/src/lib/libssl/src/crypto/des/des_locl.h | |||
| @@ -160,7 +160,7 @@ | |||
| 160 | } \ | 160 | } \ |
| 161 | } | 161 | } |
| 162 | 162 | ||
| 163 | #if defined(OPENSSL_SYS_WIN32) && defined(_MSC_VER) | 163 | #if (defined(OPENSSL_SYS_WIN32) && defined(_MSC_VER)) || defined(__ICC) |
| 164 | #define ROTATE(a,n) (_lrotr(a,n)) | 164 | #define ROTATE(a,n) (_lrotr(a,n)) |
| 165 | #elif defined(__GNUC__) && __GNUC__>=2 && !defined(__STRICT_ANSI__) && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) && !defined(PEDANTIC) | 165 | #elif defined(__GNUC__) && __GNUC__>=2 && !defined(__STRICT_ANSI__) && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) && !defined(PEDANTIC) |
| 166 | # if defined(__i386) || defined(__i386__) || defined(__x86_64) || defined(__x86_64__) | 166 | # if defined(__i386) || defined(__i386__) || defined(__x86_64) || defined(__x86_64__) |
diff --git a/src/lib/libssl/src/crypto/des/des_old.c b/src/lib/libssl/src/crypto/des/des_old.c index 88e9802aad..7c33ed7a93 100644 --- a/src/lib/libssl/src/crypto/des/des_old.c +++ b/src/lib/libssl/src/crypto/des/des_old.c | |||
| @@ -84,7 +84,7 @@ void _ossl_old_des_ecb3_encrypt(_ossl_old_des_cblock *input,_ossl_old_des_cblock | |||
| 84 | des_key_schedule ks1,des_key_schedule ks2, | 84 | des_key_schedule ks1,des_key_schedule ks2, |
| 85 | des_key_schedule ks3, int enc) | 85 | des_key_schedule ks3, int enc) |
| 86 | { | 86 | { |
| 87 | DES_ecb3_encrypt((const unsigned char *)input, (unsigned char *)output, | 87 | DES_ecb3_encrypt((const_DES_cblock *)input, output, |
| 88 | (DES_key_schedule *)ks1, (DES_key_schedule *)ks2, | 88 | (DES_key_schedule *)ks1, (DES_key_schedule *)ks2, |
| 89 | (DES_key_schedule *)ks3, enc); | 89 | (DES_key_schedule *)ks3, enc); |
| 90 | } | 90 | } |
| @@ -169,11 +169,13 @@ void _ossl_old_des_ede3_ofb64_encrypt(unsigned char *in, unsigned char *out, | |||
| 169 | (DES_key_schedule *)ks3, ivec, num); | 169 | (DES_key_schedule *)ks3, ivec, num); |
| 170 | } | 170 | } |
| 171 | 171 | ||
| 172 | #if 0 /* broken code, preserved just in case anyone specifically looks for this */ | ||
| 172 | void _ossl_old_des_xwhite_in2out(_ossl_old_des_cblock (*des_key), _ossl_old_des_cblock (*in_white), | 173 | void _ossl_old_des_xwhite_in2out(_ossl_old_des_cblock (*des_key), _ossl_old_des_cblock (*in_white), |
| 173 | _ossl_old_des_cblock (*out_white)) | 174 | _ossl_old_des_cblock (*out_white)) |
| 174 | { | 175 | { |
| 175 | DES_xwhite_in2out(des_key, in_white, out_white); | 176 | DES_xwhite_in2out(des_key, in_white, out_white); |
| 176 | } | 177 | } |
| 178 | #endif | ||
| 177 | 179 | ||
| 178 | int _ossl_old_des_enc_read(int fd,char *buf,int len,des_key_schedule sched, | 180 | int _ossl_old_des_enc_read(int fd,char *buf,int len,des_key_schedule sched, |
| 179 | _ossl_old_des_cblock *iv) | 181 | _ossl_old_des_cblock *iv) |
diff --git a/src/lib/libssl/src/crypto/des/des_old.h b/src/lib/libssl/src/crypto/des/des_old.h index 1d8bf65101..8665ba4e7e 100644 --- a/src/lib/libssl/src/crypto/des/des_old.h +++ b/src/lib/libssl/src/crypto/des/des_old.h | |||
| @@ -91,6 +91,8 @@ | |||
| 91 | #ifndef HEADER_DES_OLD_H | 91 | #ifndef HEADER_DES_OLD_H |
| 92 | #define HEADER_DES_OLD_H | 92 | #define HEADER_DES_OLD_H |
| 93 | 93 | ||
| 94 | #include <openssl/e_os2.h> /* OPENSSL_EXTERN, OPENSSL_NO_DES, DES_LONG */ | ||
| 95 | |||
| 94 | #ifdef OPENSSL_NO_DES | 96 | #ifdef OPENSSL_NO_DES |
| 95 | #error DES is disabled. | 97 | #error DES is disabled. |
| 96 | #endif | 98 | #endif |
| @@ -103,8 +105,6 @@ | |||
| 103 | #error <openssl/des_old.h> replaces <kerberos/des.h>. | 105 | #error <openssl/des_old.h> replaces <kerberos/des.h>. |
| 104 | #endif | 106 | #endif |
| 105 | 107 | ||
| 106 | #include <openssl/opensslconf.h> /* DES_LONG */ | ||
| 107 | #include <openssl/e_os2.h> /* OPENSSL_EXTERN */ | ||
| 108 | #include <openssl/symhacks.h> | 108 | #include <openssl/symhacks.h> |
| 109 | 109 | ||
| 110 | #ifdef OPENSSL_BUILD_SHLIBCRYPTO | 110 | #ifdef OPENSSL_BUILD_SHLIBCRYPTO |
| @@ -116,6 +116,10 @@ | |||
| 116 | extern "C" { | 116 | extern "C" { |
| 117 | #endif | 117 | #endif |
| 118 | 118 | ||
| 119 | #ifdef _ | ||
| 120 | #undef _ | ||
| 121 | #endif | ||
| 122 | |||
| 119 | typedef unsigned char _ossl_old_des_cblock[8]; | 123 | typedef unsigned char _ossl_old_des_cblock[8]; |
| 120 | typedef struct _ossl_old_des_ks_struct | 124 | typedef struct _ossl_old_des_ks_struct |
| 121 | { | 125 | { |
| @@ -171,9 +175,9 @@ typedef struct _ossl_old_des_ks_struct | |||
| 171 | DES_enc_write((f),(b),(l),&(k),(iv)) | 175 | DES_enc_write((f),(b),(l),&(k),(iv)) |
| 172 | #define des_fcrypt(b,s,r)\ | 176 | #define des_fcrypt(b,s,r)\ |
| 173 | DES_fcrypt((b),(s),(r)) | 177 | DES_fcrypt((b),(s),(r)) |
| 178 | #if 0 | ||
| 174 | #define des_crypt(b,s)\ | 179 | #define des_crypt(b,s)\ |
| 175 | DES_crypt((b),(s)) | 180 | DES_crypt((b),(s)) |
| 176 | #if 0 | ||
| 177 | #if !defined(PERL5) && !defined(__FreeBSD__) && !defined(NeXT) && !defined(__OpenBSD__) | 181 | #if !defined(PERL5) && !defined(__FreeBSD__) && !defined(NeXT) && !defined(__OpenBSD__) |
| 178 | #define crypt(b,s)\ | 182 | #define crypt(b,s)\ |
| 179 | DES_crypt((b),(s)) | 183 | DES_crypt((b),(s)) |
| @@ -360,9 +364,10 @@ void _ossl_old_des_ede3_cfb64_encrypt(unsigned char *in, unsigned char *out, | |||
| 360 | void _ossl_old_des_ede3_ofb64_encrypt(unsigned char *in, unsigned char *out, | 364 | void _ossl_old_des_ede3_ofb64_encrypt(unsigned char *in, unsigned char *out, |
| 361 | long length, _ossl_old_des_key_schedule ks1, _ossl_old_des_key_schedule ks2, | 365 | long length, _ossl_old_des_key_schedule ks1, _ossl_old_des_key_schedule ks2, |
| 362 | _ossl_old_des_key_schedule ks3, _ossl_old_des_cblock *ivec, int *num); | 366 | _ossl_old_des_key_schedule ks3, _ossl_old_des_cblock *ivec, int *num); |
| 363 | 367 | #if 0 | |
| 364 | void _ossl_old_des_xwhite_in2out(_ossl_old_des_cblock (*des_key), _ossl_old_des_cblock (*in_white), | 368 | void _ossl_old_des_xwhite_in2out(_ossl_old_des_cblock (*des_key), _ossl_old_des_cblock (*in_white), |
| 365 | _ossl_old_des_cblock (*out_white)); | 369 | _ossl_old_des_cblock (*out_white)); |
| 370 | #endif | ||
| 366 | 371 | ||
| 367 | int _ossl_old_des_enc_read(int fd,char *buf,int len,_ossl_old_des_key_schedule sched, | 372 | int _ossl_old_des_enc_read(int fd,char *buf,int len,_ossl_old_des_key_schedule sched, |
| 368 | _ossl_old_des_cblock *iv); | 373 | _ossl_old_des_cblock *iv); |
diff --git a/src/lib/libssl/src/crypto/des/des_opts.c b/src/lib/libssl/src/crypto/des/des_opts.c index 79278b920e..2df82962c5 100644 --- a/src/lib/libssl/src/crypto/des/des_opts.c +++ b/src/lib/libssl/src/crypto/des/des_opts.c | |||
| @@ -71,7 +71,11 @@ | |||
| 71 | #include <io.h> | 71 | #include <io.h> |
| 72 | extern void exit(); | 72 | extern void exit(); |
| 73 | #endif | 73 | #endif |
| 74 | |||
| 75 | #ifndef OPENSSL_SYS_NETWARE | ||
| 74 | #include <signal.h> | 76 | #include <signal.h> |
| 77 | #endif | ||
| 78 | |||
| 75 | #ifndef _IRIX | 79 | #ifndef _IRIX |
| 76 | #include <time.h> | 80 | #include <time.h> |
| 77 | #endif | 81 | #endif |
diff --git a/src/lib/libssl/src/crypto/des/des_ver.h b/src/lib/libssl/src/crypto/des/des_ver.h index 379bbadda2..d1ada258a6 100644 --- a/src/lib/libssl/src/crypto/des/des_ver.h +++ b/src/lib/libssl/src/crypto/des/des_ver.h | |||
| @@ -67,5 +67,5 @@ | |||
| 67 | #define DES_version OSSL_DES_version | 67 | #define DES_version OSSL_DES_version |
| 68 | #define libdes_version OSSL_libdes_version | 68 | #define libdes_version OSSL_libdes_version |
| 69 | 69 | ||
| 70 | OPENSSL_EXTERN const char *OSSL_DES_version; /* SSLeay version string */ | 70 | OPENSSL_EXTERN const char OSSL_DES_version[]; /* SSLeay version string */ |
| 71 | OPENSSL_EXTERN const char *OSSL_libdes_version; /* old libdes version string */ | 71 | OPENSSL_EXTERN const char OSSL_libdes_version[]; /* old libdes version string */ |
diff --git a/src/lib/libssl/src/crypto/des/destest.c b/src/lib/libssl/src/crypto/des/destest.c index e3e9d77f14..64b92a34fe 100644 --- a/src/lib/libssl/src/crypto/des/destest.c +++ b/src/lib/libssl/src/crypto/des/destest.c | |||
| @@ -84,7 +84,7 @@ int main(int argc, char *argv[]) | |||
| 84 | #else | 84 | #else |
| 85 | #include <openssl/des.h> | 85 | #include <openssl/des.h> |
| 86 | 86 | ||
| 87 | #define crypt(c,s) (des_crypt((c),(s))) | 87 | #define crypt(c,s) (DES_crypt((c),(s))) |
| 88 | 88 | ||
| 89 | /* tisk tisk - the test keys don't all have odd parity :-( */ | 89 | /* tisk tisk - the test keys don't all have odd parity :-( */ |
| 90 | /* test data */ | 90 | /* test data */ |
| @@ -333,7 +333,8 @@ static int cfb64_test(unsigned char *cfb_cipher); | |||
| 333 | static int ede_cfb64_test(unsigned char *cfb_cipher); | 333 | static int ede_cfb64_test(unsigned char *cfb_cipher); |
| 334 | int main(int argc, char *argv[]) | 334 | int main(int argc, char *argv[]) |
| 335 | { | 335 | { |
| 336 | int i,j,err=0; | 336 | int j,err=0; |
| 337 | unsigned int i; | ||
| 337 | des_cblock in,out,outin,iv3,iv2; | 338 | des_cblock in,out,outin,iv3,iv2; |
| 338 | des_key_schedule ks,ks2,ks3; | 339 | des_key_schedule ks,ks2,ks3; |
| 339 | unsigned char cbc_in[40]; | 340 | unsigned char cbc_in[40]; |
| @@ -391,7 +392,7 @@ int main(int argc, char *argv[]) | |||
| 391 | DES_ede3_cbcm_encrypt(cbc_out,cbc_in,i,&ks,&ks2,&ks3,&iv3,&iv2,DES_DECRYPT); | 392 | DES_ede3_cbcm_encrypt(cbc_out,cbc_in,i,&ks,&ks2,&ks3,&iv3,&iv2,DES_DECRYPT); |
| 392 | if (memcmp(cbc_in,cbc_data,strlen((char *)cbc_data)+1) != 0) | 393 | if (memcmp(cbc_in,cbc_data,strlen((char *)cbc_data)+1) != 0) |
| 393 | { | 394 | { |
| 394 | int n; | 395 | unsigned int n; |
| 395 | 396 | ||
| 396 | printf("des_ede3_cbcm_encrypt decrypt error\n"); | 397 | printf("des_ede3_cbcm_encrypt decrypt error\n"); |
| 397 | for(n=0 ; n < i ; ++n) | 398 | for(n=0 ; n < i ; ++n) |
| @@ -439,8 +440,8 @@ int main(int argc, char *argv[]) | |||
| 439 | memcpy(in,plain_data[i],8); | 440 | memcpy(in,plain_data[i],8); |
| 440 | memset(out,0,8); | 441 | memset(out,0,8); |
| 441 | memset(outin,0,8); | 442 | memset(outin,0,8); |
| 442 | des_ecb2_encrypt(in,out,ks,ks2,DES_ENCRYPT); | 443 | des_ecb2_encrypt(&in,&out,ks,ks2,DES_ENCRYPT); |
| 443 | des_ecb2_encrypt(out,outin,ks,ks2,DES_DECRYPT); | 444 | des_ecb2_encrypt(&out,&outin,ks,ks2,DES_DECRYPT); |
| 444 | 445 | ||
| 445 | if (memcmp(out,cipher_ecb2[i],8) != 0) | 446 | if (memcmp(out,cipher_ecb2[i],8) != 0) |
| 446 | { | 447 | { |
| @@ -540,7 +541,7 @@ int main(int argc, char *argv[]) | |||
| 540 | if (memcmp(cbc_out,cbc3_ok, | 541 | if (memcmp(cbc_out,cbc3_ok, |
| 541 | (unsigned int)(strlen((char *)cbc_data)+1+7)/8*8) != 0) | 542 | (unsigned int)(strlen((char *)cbc_data)+1+7)/8*8) != 0) |
| 542 | { | 543 | { |
| 543 | int n; | 544 | unsigned int n; |
| 544 | 545 | ||
| 545 | printf("des_ede3_cbc_encrypt encrypt error\n"); | 546 | printf("des_ede3_cbc_encrypt encrypt error\n"); |
| 546 | for(n=0 ; n < i ; ++n) | 547 | for(n=0 ; n < i ; ++n) |
| @@ -556,7 +557,7 @@ int main(int argc, char *argv[]) | |||
| 556 | des_ede3_cbc_encrypt(cbc_out,cbc_in,i,ks,ks2,ks3,&iv3,DES_DECRYPT); | 557 | des_ede3_cbc_encrypt(cbc_out,cbc_in,i,ks,ks2,ks3,&iv3,DES_DECRYPT); |
| 557 | if (memcmp(cbc_in,cbc_data,strlen((char *)cbc_data)+1) != 0) | 558 | if (memcmp(cbc_in,cbc_data,strlen((char *)cbc_data)+1) != 0) |
| 558 | { | 559 | { |
| 559 | int n; | 560 | unsigned int n; |
| 560 | 561 | ||
| 561 | printf("des_ede3_cbc_encrypt decrypt error\n"); | 562 | printf("des_ede3_cbc_encrypt decrypt error\n"); |
| 562 | for(n=0 ; n < i ; ++n) | 563 | for(n=0 ; n < i ; ++n) |
| @@ -820,6 +821,9 @@ plain[8+4], plain[8+5], plain[8+6], plain[8+7]); | |||
| 820 | printf("fast crypt error, %s should be yA1Rp/1hZXIJk\n",str); | 821 | printf("fast crypt error, %s should be yA1Rp/1hZXIJk\n",str); |
| 821 | err=1; | 822 | err=1; |
| 822 | } | 823 | } |
| 824 | #ifdef OPENSSL_SYS_NETWARE | ||
| 825 | if (err) printf("ERROR: %d\n", err); | ||
| 826 | #endif | ||
| 823 | printf("\n"); | 827 | printf("\n"); |
| 824 | return(err); | 828 | return(err); |
| 825 | } | 829 | } |
diff --git a/src/lib/libssl/src/crypto/des/ecb3_enc.c b/src/lib/libssl/src/crypto/des/ecb3_enc.c index fa0c9c4d4f..c3437bc606 100644 --- a/src/lib/libssl/src/crypto/des/ecb3_enc.c +++ b/src/lib/libssl/src/crypto/des/ecb3_enc.c | |||
| @@ -58,13 +58,15 @@ | |||
| 58 | 58 | ||
| 59 | #include "des_locl.h" | 59 | #include "des_locl.h" |
| 60 | 60 | ||
| 61 | void DES_ecb3_encrypt(const unsigned char *in, unsigned char *out, | 61 | void DES_ecb3_encrypt(const_DES_cblock *input, DES_cblock *output, |
| 62 | DES_key_schedule *ks1, DES_key_schedule *ks2, | 62 | DES_key_schedule *ks1, DES_key_schedule *ks2, |
| 63 | DES_key_schedule *ks3, | 63 | DES_key_schedule *ks3, |
| 64 | int enc) | 64 | int enc) |
| 65 | { | 65 | { |
| 66 | register DES_LONG l0,l1; | 66 | register DES_LONG l0,l1; |
| 67 | DES_LONG ll[2]; | 67 | DES_LONG ll[2]; |
| 68 | const unsigned char *in = &(*input)[0]; | ||
| 69 | unsigned char *out = &(*output)[0]; | ||
| 68 | 70 | ||
| 69 | c2l(in,l0); | 71 | c2l(in,l0); |
| 70 | c2l(in,l1); | 72 | c2l(in,l1); |
diff --git a/src/lib/libssl/src/crypto/des/ecb_enc.c b/src/lib/libssl/src/crypto/des/ecb_enc.c index 784aa5ba23..00d5b91e8c 100644 --- a/src/lib/libssl/src/crypto/des/ecb_enc.c +++ b/src/lib/libssl/src/crypto/des/ecb_enc.c | |||
| @@ -62,8 +62,8 @@ | |||
| 62 | #include <openssl/opensslv.h> | 62 | #include <openssl/opensslv.h> |
| 63 | #include <openssl/bio.h> | 63 | #include <openssl/bio.h> |
| 64 | 64 | ||
| 65 | OPENSSL_GLOBAL const char *libdes_version="libdes" OPENSSL_VERSION_PTEXT; | 65 | OPENSSL_GLOBAL const char libdes_version[]="libdes" OPENSSL_VERSION_PTEXT; |
| 66 | OPENSSL_GLOBAL const char *DES_version="DES" OPENSSL_VERSION_PTEXT; | 66 | OPENSSL_GLOBAL const char DES_version[]="DES" OPENSSL_VERSION_PTEXT; |
| 67 | 67 | ||
| 68 | const char *DES_options(void) | 68 | const char *DES_options(void) |
| 69 | { | 69 | { |
diff --git a/src/lib/libssl/src/crypto/des/ede_cbcm_enc.c b/src/lib/libssl/src/crypto/des/ede_cbcm_enc.c index fa45aa272b..adfcb75cf3 100644 --- a/src/lib/libssl/src/crypto/des/ede_cbcm_enc.c +++ b/src/lib/libssl/src/crypto/des/ede_cbcm_enc.c | |||
| @@ -68,6 +68,8 @@ http://www.cs.technion.ac.il/users/wwwb/cgi-bin/tr-get.cgi/1998/CS/CS0928.ps.gz | |||
| 68 | 68 | ||
| 69 | */ | 69 | */ |
| 70 | 70 | ||
| 71 | #include <openssl/opensslconf.h> /* To see if OPENSSL_NO_DESCBCM is defined */ | ||
| 72 | |||
| 71 | #ifndef OPENSSL_NO_DESCBCM | 73 | #ifndef OPENSSL_NO_DESCBCM |
| 72 | #include "des_locl.h" | 74 | #include "des_locl.h" |
| 73 | 75 | ||
diff --git a/src/lib/libssl/src/crypto/des/fcrypt.c b/src/lib/libssl/src/crypto/des/fcrypt.c index 2758c32656..ccbdff250f 100644 --- a/src/lib/libssl/src/crypto/des/fcrypt.c +++ b/src/lib/libssl/src/crypto/des/fcrypt.c | |||
| @@ -58,9 +58,6 @@ static unsigned const char cov_2char[64]={ | |||
| 58 | 0x73,0x74,0x75,0x76,0x77,0x78,0x79,0x7A | 58 | 0x73,0x74,0x75,0x76,0x77,0x78,0x79,0x7A |
| 59 | }; | 59 | }; |
| 60 | 60 | ||
| 61 | void fcrypt_body(DES_LONG *out,DES_key_schedule *ks, | ||
| 62 | DES_LONG Eswap0, DES_LONG Eswap1); | ||
| 63 | |||
| 64 | char *DES_crypt(const char *buf, const char *salt) | 61 | char *DES_crypt(const char *buf, const char *salt) |
| 65 | { | 62 | { |
| 66 | static char buff[14]; | 63 | static char buff[14]; |
diff --git a/src/lib/libssl/src/crypto/des/read2pwd.c b/src/lib/libssl/src/crypto/des/read2pwd.c index 3a63c4016c..ee6969f76e 100644 --- a/src/lib/libssl/src/crypto/des/read2pwd.c +++ b/src/lib/libssl/src/crypto/des/read2pwd.c | |||
| @@ -112,6 +112,7 @@ | |||
| 112 | #include <string.h> | 112 | #include <string.h> |
| 113 | #include <openssl/des.h> | 113 | #include <openssl/des.h> |
| 114 | #include <openssl/ui.h> | 114 | #include <openssl/ui.h> |
| 115 | #include <openssl/crypto.h> | ||
| 115 | 116 | ||
| 116 | int DES_read_password(DES_cblock *key, const char *prompt, int verify) | 117 | int DES_read_password(DES_cblock *key, const char *prompt, int verify) |
| 117 | { | 118 | { |
diff --git a/src/lib/libssl/src/crypto/des/set_key.c b/src/lib/libssl/src/crypto/des/set_key.c index 8881d46a7a..a43ef3c881 100644 --- a/src/lib/libssl/src/crypto/des/set_key.c +++ b/src/lib/libssl/src/crypto/des/set_key.c | |||
| @@ -65,8 +65,6 @@ | |||
| 65 | */ | 65 | */ |
| 66 | #include "des_locl.h" | 66 | #include "des_locl.h" |
| 67 | 67 | ||
| 68 | #ifndef OPENSSL_FIPS | ||
| 69 | |||
| 70 | OPENSSL_IMPLEMENT_GLOBAL(int,DES_check_key); /* defaults to false */ | 68 | OPENSSL_IMPLEMENT_GLOBAL(int,DES_check_key); /* defaults to false */ |
| 71 | 69 | ||
| 72 | static const unsigned char odd_parity[256]={ | 70 | static const unsigned char odd_parity[256]={ |
| @@ -89,7 +87,7 @@ static const unsigned char odd_parity[256]={ | |||
| 89 | 87 | ||
| 90 | void DES_set_odd_parity(DES_cblock *key) | 88 | void DES_set_odd_parity(DES_cblock *key) |
| 91 | { | 89 | { |
| 92 | int i; | 90 | unsigned int i; |
| 93 | 91 | ||
| 94 | for (i=0; i<DES_KEY_SZ; i++) | 92 | for (i=0; i<DES_KEY_SZ; i++) |
| 95 | (*key)[i]=odd_parity[(*key)[i]]; | 93 | (*key)[i]=odd_parity[(*key)[i]]; |
| @@ -97,7 +95,7 @@ void DES_set_odd_parity(DES_cblock *key) | |||
| 97 | 95 | ||
| 98 | int DES_check_key_parity(const_DES_cblock *key) | 96 | int DES_check_key_parity(const_DES_cblock *key) |
| 99 | { | 97 | { |
| 100 | int i; | 98 | unsigned int i; |
| 101 | 99 | ||
| 102 | for (i=0; i<DES_KEY_SZ; i++) | 100 | for (i=0; i<DES_KEY_SZ; i++) |
| 103 | { | 101 | { |
| @@ -117,7 +115,7 @@ int DES_check_key_parity(const_DES_cblock *key) | |||
| 117 | * (and actual cblock values). | 115 | * (and actual cblock values). |
| 118 | */ | 116 | */ |
| 119 | #define NUM_WEAK_KEY 16 | 117 | #define NUM_WEAK_KEY 16 |
| 120 | static DES_cblock weak_keys[NUM_WEAK_KEY]={ | 118 | static const DES_cblock weak_keys[NUM_WEAK_KEY]={ |
| 121 | /* weak keys */ | 119 | /* weak keys */ |
| 122 | {0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01}, | 120 | {0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01}, |
| 123 | {0xFE,0xFE,0xFE,0xFE,0xFE,0xFE,0xFE,0xFE}, | 121 | {0xFE,0xFE,0xFE,0xFE,0xFE,0xFE,0xFE,0xFE}, |
| @@ -407,5 +405,3 @@ void des_fixup_key_parity(des_cblock *key) | |||
| 407 | des_set_odd_parity(key); | 405 | des_set_odd_parity(key); |
| 408 | } | 406 | } |
| 409 | */ | 407 | */ |
| 410 | |||
| 411 | #endif /* ndef OPENSSL_FIPS */ | ||
diff --git a/src/lib/libssl/src/crypto/des/speed.c b/src/lib/libssl/src/crypto/des/speed.c index 48fc1d49fc..1616f4b7c9 100644 --- a/src/lib/libssl/src/crypto/des/speed.c +++ b/src/lib/libssl/src/crypto/des/speed.c | |||
| @@ -69,7 +69,11 @@ | |||
| 69 | #include OPENSSL_UNISTD_IO | 69 | #include OPENSSL_UNISTD_IO |
| 70 | OPENSSL_DECLARE_EXIT | 70 | OPENSSL_DECLARE_EXIT |
| 71 | 71 | ||
| 72 | #ifndef OPENSSL_SYS_NETWARE | ||
| 72 | #include <signal.h> | 73 | #include <signal.h> |
| 74 | #define crypt(c,s) (des_crypt((c),(s))) | ||
| 75 | #endif | ||
| 76 | |||
| 73 | #ifndef _IRIX | 77 | #ifndef _IRIX |
| 74 | #include <time.h> | 78 | #include <time.h> |
| 75 | #endif | 79 | #endif |
diff --git a/src/lib/libssl/src/crypto/des/str2key.c b/src/lib/libssl/src/crypto/des/str2key.c index 0373db469c..9c2054bda6 100644 --- a/src/lib/libssl/src/crypto/des/str2key.c +++ b/src/lib/libssl/src/crypto/des/str2key.c | |||
| @@ -57,6 +57,7 @@ | |||
| 57 | */ | 57 | */ |
| 58 | 58 | ||
| 59 | #include "des_locl.h" | 59 | #include "des_locl.h" |
| 60 | #include <openssl/crypto.h> | ||
| 60 | 61 | ||
| 61 | void DES_string_to_key(const char *str, DES_cblock *key) | 62 | void DES_string_to_key(const char *str, DES_cblock *key) |
| 62 | { | 63 | { |
diff --git a/src/lib/libssl/src/crypto/des/xcbc_enc.c b/src/lib/libssl/src/crypto/des/xcbc_enc.c index 47246eb466..dc0c761b71 100644 --- a/src/lib/libssl/src/crypto/des/xcbc_enc.c +++ b/src/lib/libssl/src/crypto/des/xcbc_enc.c | |||
| @@ -60,6 +60,7 @@ | |||
| 60 | 60 | ||
| 61 | /* RSA's DESX */ | 61 | /* RSA's DESX */ |
| 62 | 62 | ||
| 63 | #if 0 /* broken code, preserved just in case anyone specifically looks for this */ | ||
| 63 | static unsigned char desx_white_in2out[256]={ | 64 | static unsigned char desx_white_in2out[256]={ |
| 64 | 0xBD,0x56,0xEA,0xF2,0xA2,0xF1,0xAC,0x2A,0xB0,0x93,0xD1,0x9C,0x1B,0x33,0xFD,0xD0, | 65 | 0xBD,0x56,0xEA,0xF2,0xA2,0xF1,0xAC,0x2A,0xB0,0x93,0xD1,0x9C,0x1B,0x33,0xFD,0xD0, |
| 65 | 0x30,0x04,0xB6,0xDC,0x7D,0xDF,0x32,0x4B,0xF7,0xCB,0x45,0x9B,0x31,0xBB,0x21,0x5A, | 66 | 0x30,0x04,0xB6,0xDC,0x7D,0xDF,0x32,0x4B,0xF7,0xCB,0x45,0x9B,0x31,0xBB,0x21,0x5A, |
| @@ -98,7 +99,7 @@ void DES_xwhite_in2out(const_DES_cblock *des_key, const_DES_cblock *in_white, | |||
| 98 | } | 99 | } |
| 99 | 100 | ||
| 100 | out0=out[0]; | 101 | out0=out[0]; |
| 101 | out1=out[i]; | 102 | out1=out[i]; /* BUG: out-of-bounds read */ |
| 102 | for (i=0; i<8; i++) | 103 | for (i=0; i<8; i++) |
| 103 | { | 104 | { |
| 104 | out[i]=in[i]^desx_white_in2out[out0^out1]; | 105 | out[i]=in[i]^desx_white_in2out[out0^out1]; |
| @@ -106,6 +107,7 @@ void DES_xwhite_in2out(const_DES_cblock *des_key, const_DES_cblock *in_white, | |||
| 106 | out1=(int)out[i&0x07]; | 107 | out1=(int)out[i&0x07]; |
| 107 | } | 108 | } |
| 108 | } | 109 | } |
| 110 | #endif | ||
| 109 | 111 | ||
| 110 | void DES_xcbc_encrypt(const unsigned char *in, unsigned char *out, | 112 | void DES_xcbc_encrypt(const unsigned char *in, unsigned char *out, |
| 111 | long length, DES_key_schedule *schedule, | 113 | long length, DES_key_schedule *schedule, |
diff --git a/src/lib/libssl/src/crypto/dh/dh.h b/src/lib/libssl/src/crypto/dh/dh.h index 582b34329f..0afabc7dd3 100644 --- a/src/lib/libssl/src/crypto/dh/dh.h +++ b/src/lib/libssl/src/crypto/dh/dh.h | |||
| @@ -59,6 +59,8 @@ | |||
| 59 | #ifndef HEADER_DH_H | 59 | #ifndef HEADER_DH_H |
| 60 | #define HEADER_DH_H | 60 | #define HEADER_DH_H |
| 61 | 61 | ||
| 62 | #include <openssl/e_os2.h> | ||
| 63 | |||
| 62 | #ifdef OPENSSL_NO_DH | 64 | #ifdef OPENSSL_NO_DH |
| 63 | #error DH is disabled. | 65 | #error DH is disabled. |
| 64 | #endif | 66 | #endif |
| @@ -66,11 +68,14 @@ | |||
| 66 | #ifndef OPENSSL_NO_BIO | 68 | #ifndef OPENSSL_NO_BIO |
| 67 | #include <openssl/bio.h> | 69 | #include <openssl/bio.h> |
| 68 | #endif | 70 | #endif |
| 69 | #include <openssl/bn.h> | ||
| 70 | #include <openssl/crypto.h> | ||
| 71 | #include <openssl/ossl_typ.h> | 71 | #include <openssl/ossl_typ.h> |
| 72 | #ifndef OPENSSL_NO_DEPRECATED | ||
| 73 | #include <openssl/bn.h> | ||
| 74 | #endif | ||
| 72 | 75 | ||
| 73 | #define OPENSSL_DH_MAX_MODULUS_BITS 10000 | 76 | #ifndef OPENSSL_DH_MAX_MODULUS_BITS |
| 77 | # define OPENSSL_DH_MAX_MODULUS_BITS 10000 | ||
| 78 | #endif | ||
| 74 | 79 | ||
| 75 | #define DH_FLAG_CACHE_MONT_P 0x01 | 80 | #define DH_FLAG_CACHE_MONT_P 0x01 |
| 76 | #define DH_FLAG_NO_EXP_CONSTTIME 0x02 /* new with 0.9.7h; the built-in DH | 81 | #define DH_FLAG_NO_EXP_CONSTTIME 0x02 /* new with 0.9.7h; the built-in DH |
| @@ -85,9 +90,12 @@ | |||
| 85 | extern "C" { | 90 | extern "C" { |
| 86 | #endif | 91 | #endif |
| 87 | 92 | ||
| 88 | typedef struct dh_st DH; | 93 | /* Already defined in ossl_typ.h */ |
| 94 | /* typedef struct dh_st DH; */ | ||
| 95 | /* typedef struct dh_method DH_METHOD; */ | ||
| 89 | 96 | ||
| 90 | typedef struct dh_method { | 97 | struct dh_method |
| 98 | { | ||
| 91 | const char *name; | 99 | const char *name; |
| 92 | /* Methods here */ | 100 | /* Methods here */ |
| 93 | int (*generate_key)(DH *dh); | 101 | int (*generate_key)(DH *dh); |
| @@ -100,7 +108,9 @@ typedef struct dh_method { | |||
| 100 | int (*finish)(DH *dh); | 108 | int (*finish)(DH *dh); |
| 101 | int flags; | 109 | int flags; |
| 102 | char *app_data; | 110 | char *app_data; |
| 103 | } DH_METHOD; | 111 | /* If this is non-NULL, it will be used to generate parameters */ |
| 112 | int (*generate_params)(DH *dh, int prime_len, int generator, BN_GENCB *cb); | ||
| 113 | }; | ||
| 104 | 114 | ||
| 105 | struct dh_st | 115 | struct dh_st |
| 106 | { | 116 | { |
| @@ -115,7 +125,7 @@ struct dh_st | |||
| 115 | BIGNUM *priv_key; /* x */ | 125 | BIGNUM *priv_key; /* x */ |
| 116 | 126 | ||
| 117 | int flags; | 127 | int flags; |
| 118 | char *method_mont_p; | 128 | BN_MONT_CTX *method_mont_p; |
| 119 | /* Place holders if we want to do X9.42 DH */ | 129 | /* Place holders if we want to do X9.42 DH */ |
| 120 | BIGNUM *q; | 130 | BIGNUM *q; |
| 121 | BIGNUM *j; | 131 | BIGNUM *j; |
| @@ -147,21 +157,13 @@ struct dh_st | |||
| 147 | this for backward compatibility: */ | 157 | this for backward compatibility: */ |
| 148 | #define DH_CHECK_P_NOT_STRONG_PRIME DH_CHECK_P_NOT_SAFE_PRIME | 158 | #define DH_CHECK_P_NOT_STRONG_PRIME DH_CHECK_P_NOT_SAFE_PRIME |
| 149 | 159 | ||
| 150 | #define DHparams_dup(x) (DH *)ASN1_dup((int (*)())i2d_DHparams, \ | 160 | #define DHparams_dup(x) ASN1_dup_of_const(DH,i2d_DHparams,d2i_DHparams,x) |
| 151 | (char *(*)())d2i_DHparams,(char *)(x)) | ||
| 152 | #define d2i_DHparams_fp(fp,x) (DH *)ASN1_d2i_fp((char *(*)())DH_new, \ | 161 | #define d2i_DHparams_fp(fp,x) (DH *)ASN1_d2i_fp((char *(*)())DH_new, \ |
| 153 | (char *(*)())d2i_DHparams,(fp),(unsigned char **)(x)) | 162 | (char *(*)())d2i_DHparams,(fp),(unsigned char **)(x)) |
| 154 | #define i2d_DHparams_fp(fp,x) ASN1_i2d_fp(i2d_DHparams,(fp), \ | 163 | #define i2d_DHparams_fp(fp,x) ASN1_i2d_fp(i2d_DHparams,(fp), \ |
| 155 | (unsigned char *)(x)) | 164 | (unsigned char *)(x)) |
| 156 | #define d2i_DHparams_bio(bp,x) (DH *)ASN1_d2i_bio((char *(*)())DH_new, \ | 165 | #define d2i_DHparams_bio(bp,x) ASN1_d2i_bio_of(DH,DH_new,d2i_DHparams,bp,x) |
| 157 | (char *(*)())d2i_DHparams,(bp),(unsigned char **)(x)) | 166 | #define i2d_DHparams_bio(bp,x) ASN1_i2d_bio_of_const(DH,i2d_DHparams,bp,x) |
| 158 | #ifdef __cplusplus | ||
| 159 | #define i2d_DHparams_bio(bp,x) ASN1_i2d_bio((int (*)())i2d_DHparams,(bp), \ | ||
| 160 | (unsigned char *)(x)) | ||
| 161 | #else | ||
| 162 | #define i2d_DHparams_bio(bp,x) ASN1_i2d_bio(i2d_DHparams,(bp), \ | ||
| 163 | (unsigned char *)(x)) | ||
| 164 | #endif | ||
| 165 | 167 | ||
| 166 | const DH_METHOD *DH_OpenSSL(void); | 168 | const DH_METHOD *DH_OpenSSL(void); |
| 167 | 169 | ||
| @@ -178,8 +180,16 @@ int DH_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, | |||
| 178 | CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); | 180 | CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); |
| 179 | int DH_set_ex_data(DH *d, int idx, void *arg); | 181 | int DH_set_ex_data(DH *d, int idx, void *arg); |
| 180 | void *DH_get_ex_data(DH *d, int idx); | 182 | void *DH_get_ex_data(DH *d, int idx); |
| 183 | |||
| 184 | /* Deprecated version */ | ||
| 185 | #ifndef OPENSSL_NO_DEPRECATED | ||
| 181 | DH * DH_generate_parameters(int prime_len,int generator, | 186 | DH * DH_generate_parameters(int prime_len,int generator, |
| 182 | void (*callback)(int,int,void *),void *cb_arg); | 187 | void (*callback)(int,int,void *),void *cb_arg); |
| 188 | #endif /* !defined(OPENSSL_NO_DEPRECATED) */ | ||
| 189 | |||
| 190 | /* New version */ | ||
| 191 | int DH_generate_parameters_ex(DH *dh, int prime_len,int generator, BN_GENCB *cb); | ||
| 192 | |||
| 183 | int DH_check(const DH *dh,int *codes); | 193 | int DH_check(const DH *dh,int *codes); |
| 184 | int DH_check_pub_key(const DH *dh,const BIGNUM *pub_key, int *codes); | 194 | int DH_check_pub_key(const DH *dh,const BIGNUM *pub_key, int *codes); |
| 185 | int DH_generate_key(DH *dh); | 195 | int DH_generate_key(DH *dh); |
| @@ -204,15 +214,18 @@ void ERR_load_DH_strings(void); | |||
| 204 | /* Error codes for the DH functions. */ | 214 | /* Error codes for the DH functions. */ |
| 205 | 215 | ||
| 206 | /* Function codes. */ | 216 | /* Function codes. */ |
| 217 | #define DH_F_COMPUTE_KEY 102 | ||
| 207 | #define DH_F_DHPARAMS_PRINT 100 | 218 | #define DH_F_DHPARAMS_PRINT 100 |
| 208 | #define DH_F_DHPARAMS_PRINT_FP 101 | 219 | #define DH_F_DHPARAMS_PRINT_FP 101 |
| 209 | #define DH_F_DH_COMPUTE_KEY 102 | 220 | #define DH_F_DH_BUILTIN_GENPARAMS 106 |
| 210 | #define DH_F_DH_GENERATE_KEY 103 | ||
| 211 | #define DH_F_DH_GENERATE_PARAMETERS 104 | ||
| 212 | #define DH_F_DH_NEW_METHOD 105 | 221 | #define DH_F_DH_NEW_METHOD 105 |
| 222 | #define DH_F_GENERATE_KEY 103 | ||
| 223 | #define DH_F_GENERATE_PARAMETERS 104 | ||
| 213 | 224 | ||
| 214 | /* Reason codes. */ | 225 | /* Reason codes. */ |
| 215 | #define DH_R_BAD_GENERATOR 101 | 226 | #define DH_R_BAD_GENERATOR 101 |
| 227 | #define DH_R_INVALID_PUBKEY 102 | ||
| 228 | #define DH_R_MODULUS_TOO_LARGE 103 | ||
| 216 | #define DH_R_NO_PRIVATE_VALUE 100 | 229 | #define DH_R_NO_PRIVATE_VALUE 100 |
| 217 | #define DH_R_INVALID_PUBKEY 102 | 230 | #define DH_R_INVALID_PUBKEY 102 |
| 218 | #define DH_R_MODULUS_TOO_LARGE 103 | 231 | #define DH_R_MODULUS_TOO_LARGE 103 |
diff --git a/src/lib/libssl/src/crypto/dh/dh_check.c b/src/lib/libssl/src/crypto/dh/dh_check.c index 17debff62d..b846913004 100644 --- a/src/lib/libssl/src/crypto/dh/dh_check.c +++ b/src/lib/libssl/src/crypto/dh/dh_check.c | |||
| @@ -62,7 +62,7 @@ | |||
| 62 | #include <openssl/dh.h> | 62 | #include <openssl/dh.h> |
| 63 | 63 | ||
| 64 | /* Check that p is a safe prime and | 64 | /* Check that p is a safe prime and |
| 65 | * if g is 2, 3 or 5, check that is is a suitable generator | 65 | * if g is 2, 3 or 5, check that it is a suitable generator |
| 66 | * where | 66 | * where |
| 67 | * for 2, p mod 24 == 11 | 67 | * for 2, p mod 24 == 11 |
| 68 | * for 3, p mod 12 == 5 | 68 | * for 3, p mod 12 == 5 |
| @@ -70,8 +70,6 @@ | |||
| 70 | * should hold. | 70 | * should hold. |
| 71 | */ | 71 | */ |
| 72 | 72 | ||
| 73 | #ifndef OPENSSL_FIPS | ||
| 74 | |||
| 75 | int DH_check(const DH *dh, int *ret) | 73 | int DH_check(const DH *dh, int *ret) |
| 76 | { | 74 | { |
| 77 | int ok=0; | 75 | int ok=0; |
| @@ -106,12 +104,12 @@ int DH_check(const DH *dh, int *ret) | |||
| 106 | else | 104 | else |
| 107 | *ret|=DH_UNABLE_TO_CHECK_GENERATOR; | 105 | *ret|=DH_UNABLE_TO_CHECK_GENERATOR; |
| 108 | 106 | ||
| 109 | if (!BN_is_prime(dh->p,BN_prime_checks,NULL,ctx,NULL)) | 107 | if (!BN_is_prime_ex(dh->p,BN_prime_checks,ctx,NULL)) |
| 110 | *ret|=DH_CHECK_P_NOT_PRIME; | 108 | *ret|=DH_CHECK_P_NOT_PRIME; |
| 111 | else | 109 | else |
| 112 | { | 110 | { |
| 113 | if (!BN_rshift1(q,dh->p)) goto err; | 111 | if (!BN_rshift1(q,dh->p)) goto err; |
| 114 | if (!BN_is_prime(q,BN_prime_checks,NULL,ctx,NULL)) | 112 | if (!BN_is_prime_ex(q,BN_prime_checks,ctx,NULL)) |
| 115 | *ret|=DH_CHECK_P_NOT_SAFE_PRIME; | 113 | *ret|=DH_CHECK_P_NOT_SAFE_PRIME; |
| 116 | } | 114 | } |
| 117 | ok=1; | 115 | ok=1; |
| @@ -142,5 +140,3 @@ err: | |||
| 142 | if (q != NULL) BN_free(q); | 140 | if (q != NULL) BN_free(q); |
| 143 | return(ok); | 141 | return(ok); |
| 144 | } | 142 | } |
| 145 | |||
| 146 | #endif | ||
diff --git a/src/lib/libssl/src/crypto/dh/dh_err.c b/src/lib/libssl/src/crypto/dh/dh_err.c index 611067ef4a..b2361c7389 100644 --- a/src/lib/libssl/src/crypto/dh/dh_err.c +++ b/src/lib/libssl/src/crypto/dh/dh_err.c | |||
| @@ -70,18 +70,21 @@ | |||
| 70 | 70 | ||
| 71 | static ERR_STRING_DATA DH_str_functs[]= | 71 | static ERR_STRING_DATA DH_str_functs[]= |
| 72 | { | 72 | { |
| 73 | {ERR_FUNC(DH_F_COMPUTE_KEY), "COMPUTE_KEY"}, | ||
| 73 | {ERR_FUNC(DH_F_DHPARAMS_PRINT), "DHparams_print"}, | 74 | {ERR_FUNC(DH_F_DHPARAMS_PRINT), "DHparams_print"}, |
| 74 | {ERR_FUNC(DH_F_DHPARAMS_PRINT_FP), "DHparams_print_fp"}, | 75 | {ERR_FUNC(DH_F_DHPARAMS_PRINT_FP), "DHparams_print_fp"}, |
| 75 | {ERR_FUNC(DH_F_DH_COMPUTE_KEY), "DH_compute_key"}, | 76 | {ERR_FUNC(DH_F_DH_BUILTIN_GENPARAMS), "DH_BUILTIN_GENPARAMS"}, |
| 76 | {ERR_FUNC(DH_F_DH_GENERATE_KEY), "DH_generate_key"}, | ||
| 77 | {ERR_FUNC(DH_F_DH_GENERATE_PARAMETERS), "DH_generate_parameters"}, | ||
| 78 | {ERR_FUNC(DH_F_DH_NEW_METHOD), "DH_new_method"}, | 77 | {ERR_FUNC(DH_F_DH_NEW_METHOD), "DH_new_method"}, |
| 78 | {ERR_FUNC(DH_F_GENERATE_KEY), "GENERATE_KEY"}, | ||
| 79 | {ERR_FUNC(DH_F_GENERATE_PARAMETERS), "GENERATE_PARAMETERS"}, | ||
| 79 | {0,NULL} | 80 | {0,NULL} |
| 80 | }; | 81 | }; |
| 81 | 82 | ||
| 82 | static ERR_STRING_DATA DH_str_reasons[]= | 83 | static ERR_STRING_DATA DH_str_reasons[]= |
| 83 | { | 84 | { |
| 84 | {ERR_REASON(DH_R_BAD_GENERATOR) ,"bad generator"}, | 85 | {ERR_REASON(DH_R_BAD_GENERATOR) ,"bad generator"}, |
| 86 | {ERR_REASON(DH_R_INVALID_PUBKEY) ,"invalid public key"}, | ||
| 87 | {ERR_REASON(DH_R_MODULUS_TOO_LARGE) ,"modulus too large"}, | ||
| 85 | {ERR_REASON(DH_R_NO_PRIVATE_VALUE) ,"no private value"}, | 88 | {ERR_REASON(DH_R_NO_PRIVATE_VALUE) ,"no private value"}, |
| 86 | {ERR_REASON(DH_R_INVALID_PUBKEY) ,"invalid public key"}, | 89 | {ERR_REASON(DH_R_INVALID_PUBKEY) ,"invalid public key"}, |
| 87 | {ERR_REASON(DH_R_MODULUS_TOO_LARGE) ,"modulus too large"}, | 90 | {ERR_REASON(DH_R_MODULUS_TOO_LARGE) ,"modulus too large"}, |
| @@ -92,15 +95,12 @@ static ERR_STRING_DATA DH_str_reasons[]= | |||
| 92 | 95 | ||
| 93 | void ERR_load_DH_strings(void) | 96 | void ERR_load_DH_strings(void) |
| 94 | { | 97 | { |
| 95 | static int init=1; | 98 | #ifndef OPENSSL_NO_ERR |
| 96 | 99 | ||
| 97 | if (init) | 100 | if (ERR_func_error_string(DH_str_functs[0].error) == NULL) |
| 98 | { | 101 | { |
| 99 | init=0; | ||
| 100 | #ifndef OPENSSL_NO_ERR | ||
| 101 | ERR_load_strings(0,DH_str_functs); | 102 | ERR_load_strings(0,DH_str_functs); |
| 102 | ERR_load_strings(0,DH_str_reasons); | 103 | ERR_load_strings(0,DH_str_reasons); |
| 103 | #endif | ||
| 104 | |||
| 105 | } | 104 | } |
| 105 | #endif | ||
| 106 | } | 106 | } |
diff --git a/src/lib/libssl/src/crypto/dh/dh_gen.c b/src/lib/libssl/src/crypto/dh/dh_gen.c index 23777f5a16..cfd5b11868 100644 --- a/src/lib/libssl/src/crypto/dh/dh_gen.c +++ b/src/lib/libssl/src/crypto/dh/dh_gen.c | |||
| @@ -56,11 +56,25 @@ | |||
| 56 | * [including the GNU Public Licence.] | 56 | * [including the GNU Public Licence.] |
| 57 | */ | 57 | */ |
| 58 | 58 | ||
| 59 | /* NB: These functions have been upgraded - the previous prototypes are in | ||
| 60 | * dh_depr.c as wrappers to these ones. | ||
| 61 | * - Geoff | ||
| 62 | */ | ||
| 63 | |||
| 59 | #include <stdio.h> | 64 | #include <stdio.h> |
| 60 | #include "cryptlib.h" | 65 | #include "cryptlib.h" |
| 61 | #include <openssl/bn.h> | 66 | #include <openssl/bn.h> |
| 62 | #include <openssl/dh.h> | 67 | #include <openssl/dh.h> |
| 63 | 68 | ||
| 69 | static int dh_builtin_genparams(DH *ret, int prime_len, int generator, BN_GENCB *cb); | ||
| 70 | |||
| 71 | int DH_generate_parameters_ex(DH *ret, int prime_len, int generator, BN_GENCB *cb) | ||
| 72 | { | ||
| 73 | if(ret->meth->generate_params) | ||
| 74 | return ret->meth->generate_params(ret, prime_len, generator, cb); | ||
| 75 | return dh_builtin_genparams(ret, prime_len, generator, cb); | ||
| 76 | } | ||
| 77 | |||
| 64 | /* We generate DH parameters as follows | 78 | /* We generate DH parameters as follows |
| 65 | * find a prime q which is prime_len/2 bits long. | 79 | * find a prime q which is prime_len/2 bits long. |
| 66 | * p=(2*q)+1 or (p-1)/2 = q | 80 | * p=(2*q)+1 or (p-1)/2 = q |
| @@ -86,29 +100,26 @@ | |||
| 86 | * It's just as OK (and in some sense better) to use a generator of the | 100 | * It's just as OK (and in some sense better) to use a generator of the |
| 87 | * order-q subgroup. | 101 | * order-q subgroup. |
| 88 | */ | 102 | */ |
| 89 | 103 | static int dh_builtin_genparams(DH *ret, int prime_len, int generator, BN_GENCB *cb) | |
| 90 | #ifndef OPENSSL_FIPS | ||
| 91 | |||
| 92 | DH *DH_generate_parameters(int prime_len, int generator, | ||
| 93 | void (*callback)(int,int,void *), void *cb_arg) | ||
| 94 | { | 104 | { |
| 95 | BIGNUM *p=NULL,*t1,*t2; | 105 | BIGNUM *t1,*t2; |
| 96 | DH *ret=NULL; | ||
| 97 | int g,ok= -1; | 106 | int g,ok= -1; |
| 98 | BN_CTX *ctx=NULL; | 107 | BN_CTX *ctx=NULL; |
| 99 | 108 | ||
| 100 | ret=DH_new(); | ||
| 101 | if (ret == NULL) goto err; | ||
| 102 | ctx=BN_CTX_new(); | 109 | ctx=BN_CTX_new(); |
| 103 | if (ctx == NULL) goto err; | 110 | if (ctx == NULL) goto err; |
| 104 | BN_CTX_start(ctx); | 111 | BN_CTX_start(ctx); |
| 105 | t1 = BN_CTX_get(ctx); | 112 | t1 = BN_CTX_get(ctx); |
| 106 | t2 = BN_CTX_get(ctx); | 113 | t2 = BN_CTX_get(ctx); |
| 107 | if (t1 == NULL || t2 == NULL) goto err; | 114 | if (t1 == NULL || t2 == NULL) goto err; |
| 115 | |||
| 116 | /* Make sure 'ret' has the necessary elements */ | ||
| 117 | if(!ret->p && ((ret->p = BN_new()) == NULL)) goto err; | ||
| 118 | if(!ret->g && ((ret->g = BN_new()) == NULL)) goto err; | ||
| 108 | 119 | ||
| 109 | if (generator <= 1) | 120 | if (generator <= 1) |
| 110 | { | 121 | { |
| 111 | DHerr(DH_F_DH_GENERATE_PARAMETERS, DH_R_BAD_GENERATOR); | 122 | DHerr(DH_F_DH_BUILTIN_GENPARAMS, DH_R_BAD_GENERATOR); |
| 112 | goto err; | 123 | goto err; |
| 113 | } | 124 | } |
| 114 | if (generator == DH_GENERATOR_2) | 125 | if (generator == DH_GENERATOR_2) |
| @@ -144,18 +155,14 @@ DH *DH_generate_parameters(int prime_len, int generator, | |||
| 144 | g=generator; | 155 | g=generator; |
| 145 | } | 156 | } |
| 146 | 157 | ||
| 147 | p=BN_generate_prime(NULL,prime_len,1,t1,t2,callback,cb_arg); | 158 | if(!BN_generate_prime_ex(ret->p,prime_len,1,t1,t2,cb)) goto err; |
| 148 | if (p == NULL) goto err; | 159 | if(!BN_GENCB_call(cb, 3, 0)) goto err; |
| 149 | if (callback != NULL) callback(3,0,cb_arg); | ||
| 150 | ret->p=p; | ||
| 151 | ret->g=BN_new(); | ||
| 152 | if (ret->g == NULL) goto err; | ||
| 153 | if (!BN_set_word(ret->g,g)) goto err; | 160 | if (!BN_set_word(ret->g,g)) goto err; |
| 154 | ok=1; | 161 | ok=1; |
| 155 | err: | 162 | err: |
| 156 | if (ok == -1) | 163 | if (ok == -1) |
| 157 | { | 164 | { |
| 158 | DHerr(DH_F_DH_GENERATE_PARAMETERS,ERR_R_BN_LIB); | 165 | DHerr(DH_F_DH_BUILTIN_GENPARAMS,ERR_R_BN_LIB); |
| 159 | ok=0; | 166 | ok=0; |
| 160 | } | 167 | } |
| 161 | 168 | ||
| @@ -164,12 +171,5 @@ err: | |||
| 164 | BN_CTX_end(ctx); | 171 | BN_CTX_end(ctx); |
| 165 | BN_CTX_free(ctx); | 172 | BN_CTX_free(ctx); |
| 166 | } | 173 | } |
| 167 | if (!ok && (ret != NULL)) | 174 | return ok; |
| 168 | { | ||
| 169 | DH_free(ret); | ||
| 170 | ret=NULL; | ||
| 171 | } | ||
| 172 | return(ret); | ||
| 173 | } | 175 | } |
| 174 | |||
| 175 | #endif | ||
diff --git a/src/lib/libssl/src/crypto/dh/dh_key.c b/src/lib/libssl/src/crypto/dh/dh_key.c index 74de589204..e7db440342 100644 --- a/src/lib/libssl/src/crypto/dh/dh_key.c +++ b/src/lib/libssl/src/crypto/dh/dh_key.c | |||
| @@ -62,8 +62,6 @@ | |||
| 62 | #include <openssl/rand.h> | 62 | #include <openssl/rand.h> |
| 63 | #include <openssl/dh.h> | 63 | #include <openssl/dh.h> |
| 64 | 64 | ||
| 65 | #ifndef OPENSSL_FIPS | ||
| 66 | |||
| 67 | static int generate_key(DH *dh); | 65 | static int generate_key(DH *dh); |
| 68 | static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh); | 66 | static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh); |
| 69 | static int dh_bn_mod_exp(const DH *dh, BIGNUM *r, | 67 | static int dh_bn_mod_exp(const DH *dh, BIGNUM *r, |
| @@ -91,6 +89,7 @@ dh_bn_mod_exp, | |||
| 91 | dh_init, | 89 | dh_init, |
| 92 | dh_finish, | 90 | dh_finish, |
| 93 | 0, | 91 | 0, |
| 92 | NULL, | ||
| 94 | NULL | 93 | NULL |
| 95 | }; | 94 | }; |
| 96 | 95 | ||
| @@ -131,8 +130,7 @@ static int generate_key(DH *dh) | |||
| 131 | 130 | ||
| 132 | if (dh->flags & DH_FLAG_CACHE_MONT_P) | 131 | if (dh->flags & DH_FLAG_CACHE_MONT_P) |
| 133 | { | 132 | { |
| 134 | mont = BN_MONT_CTX_set_locked( | 133 | mont = BN_MONT_CTX_set_locked(&dh->method_mont_p, |
| 135 | (BN_MONT_CTX **)&dh->method_mont_p, | ||
| 136 | CRYPTO_LOCK_DH, dh->p, ctx); | 134 | CRYPTO_LOCK_DH, dh->p, ctx); |
| 137 | if (!mont) | 135 | if (!mont) |
| 138 | goto err; | 136 | goto err; |
| @@ -152,7 +150,7 @@ static int generate_key(DH *dh) | |||
| 152 | { | 150 | { |
| 153 | BN_init(&local_prk); | 151 | BN_init(&local_prk); |
| 154 | prk = &local_prk; | 152 | prk = &local_prk; |
| 155 | BN_with_flags(prk, priv_key, BN_FLG_EXP_CONSTTIME); | 153 | BN_with_flags(prk, priv_key, BN_FLG_CONSTTIME); |
| 156 | } | 154 | } |
| 157 | else | 155 | else |
| 158 | prk = priv_key; | 156 | prk = priv_key; |
| @@ -165,7 +163,7 @@ static int generate_key(DH *dh) | |||
| 165 | ok=1; | 163 | ok=1; |
| 166 | err: | 164 | err: |
| 167 | if (ok != 1) | 165 | if (ok != 1) |
| 168 | DHerr(DH_F_DH_GENERATE_KEY,ERR_R_BN_LIB); | 166 | DHerr(DH_F_GENERATE_KEY,ERR_R_BN_LIB); |
| 169 | 167 | ||
| 170 | if ((pub_key != NULL) && (dh->pub_key == NULL)) BN_free(pub_key); | 168 | if ((pub_key != NULL) && (dh->pub_key == NULL)) BN_free(pub_key); |
| 171 | if ((priv_key != NULL) && (dh->priv_key == NULL)) BN_free(priv_key); | 169 | if ((priv_key != NULL) && (dh->priv_key == NULL)) BN_free(priv_key); |
| @@ -175,16 +173,16 @@ err: | |||
| 175 | 173 | ||
| 176 | static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh) | 174 | static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh) |
| 177 | { | 175 | { |
| 178 | BN_CTX *ctx; | 176 | BN_CTX *ctx=NULL; |
| 179 | BN_MONT_CTX *mont=NULL; | 177 | BN_MONT_CTX *mont=NULL; |
| 180 | BIGNUM *tmp; | 178 | BIGNUM *tmp; |
| 181 | int ret= -1; | 179 | int ret= -1; |
| 182 | int check_result; | 180 | int check_result; |
| 183 | 181 | ||
| 184 | if (BN_num_bits(dh->p) > OPENSSL_DH_MAX_MODULUS_BITS) | 182 | if (BN_num_bits(dh->p) > OPENSSL_DH_MAX_MODULUS_BITS) |
| 185 | { | 183 | { |
| 186 | DHerr(DH_F_DH_COMPUTE_KEY,DH_R_MODULUS_TOO_LARGE); | 184 | DHerr(DH_F_COMPUTE_KEY,DH_R_MODULUS_TOO_LARGE); |
| 187 | return -1; | 185 | goto err; |
| 188 | } | 186 | } |
| 189 | 187 | ||
| 190 | ctx = BN_CTX_new(); | 188 | ctx = BN_CTX_new(); |
| @@ -194,31 +192,32 @@ static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh) | |||
| 194 | 192 | ||
| 195 | if (dh->priv_key == NULL) | 193 | if (dh->priv_key == NULL) |
| 196 | { | 194 | { |
| 197 | DHerr(DH_F_DH_COMPUTE_KEY,DH_R_NO_PRIVATE_VALUE); | 195 | DHerr(DH_F_COMPUTE_KEY,DH_R_NO_PRIVATE_VALUE); |
| 198 | goto err; | 196 | goto err; |
| 199 | } | 197 | } |
| 200 | 198 | ||
| 201 | if (dh->flags & DH_FLAG_CACHE_MONT_P) | 199 | if (dh->flags & DH_FLAG_CACHE_MONT_P) |
| 202 | { | 200 | { |
| 203 | mont = BN_MONT_CTX_set_locked( | 201 | mont = BN_MONT_CTX_set_locked(&dh->method_mont_p, |
| 204 | (BN_MONT_CTX **)&dh->method_mont_p, | ||
| 205 | CRYPTO_LOCK_DH, dh->p, ctx); | 202 | CRYPTO_LOCK_DH, dh->p, ctx); |
| 206 | if ((dh->flags & DH_FLAG_NO_EXP_CONSTTIME) == 0) | 203 | if ((dh->flags & DH_FLAG_NO_EXP_CONSTTIME) == 0) |
| 207 | { | 204 | { |
| 208 | /* XXX */ | 205 | /* XXX */ |
| 209 | BN_set_flags(dh->priv_key, BN_FLG_EXP_CONSTTIME); | 206 | BN_set_flags(dh->priv_key, BN_FLG_CONSTTIME); |
| 210 | } | 207 | } |
| 211 | if (!mont) | 208 | if (!mont) |
| 212 | goto err; | 209 | goto err; |
| 213 | } | 210 | } |
| 214 | if (!DH_check_pub_key(dh, pub_key, &check_result) || check_result) | 211 | |
| 212 | if (!DH_check_pub_key(dh, pub_key, &check_result) || check_result) | ||
| 215 | { | 213 | { |
| 216 | DHerr(DH_F_DH_COMPUTE_KEY,DH_R_INVALID_PUBKEY); | 214 | DHerr(DH_F_COMPUTE_KEY,DH_R_INVALID_PUBKEY); |
| 217 | goto err; | 215 | goto err; |
| 218 | } | 216 | } |
| 217 | |||
| 219 | if (!dh->meth->bn_mod_exp(dh, tmp, pub_key, dh->priv_key,dh->p,ctx,mont)) | 218 | if (!dh->meth->bn_mod_exp(dh, tmp, pub_key, dh->priv_key,dh->p,ctx,mont)) |
| 220 | { | 219 | { |
| 221 | DHerr(DH_F_DH_COMPUTE_KEY,ERR_R_BN_LIB); | 220 | DHerr(DH_F_COMPUTE_KEY,ERR_R_BN_LIB); |
| 222 | goto err; | 221 | goto err; |
| 223 | } | 222 | } |
| 224 | 223 | ||
| @@ -259,8 +258,6 @@ static int dh_init(DH *dh) | |||
| 259 | static int dh_finish(DH *dh) | 258 | static int dh_finish(DH *dh) |
| 260 | { | 259 | { |
| 261 | if(dh->method_mont_p) | 260 | if(dh->method_mont_p) |
| 262 | BN_MONT_CTX_free((BN_MONT_CTX *)dh->method_mont_p); | 261 | BN_MONT_CTX_free(dh->method_mont_p); |
| 263 | return(1); | 262 | return(1); |
| 264 | } | 263 | } |
| 265 | |||
| 266 | #endif | ||
diff --git a/src/lib/libssl/src/crypto/dh/dh_lib.c b/src/lib/libssl/src/crypto/dh/dh_lib.c index 09965ee2ea..7aef080e7a 100644 --- a/src/lib/libssl/src/crypto/dh/dh_lib.c +++ b/src/lib/libssl/src/crypto/dh/dh_lib.c | |||
| @@ -64,7 +64,7 @@ | |||
| 64 | #include <openssl/engine.h> | 64 | #include <openssl/engine.h> |
| 65 | #endif | 65 | #endif |
| 66 | 66 | ||
| 67 | const char *DH_version="Diffie-Hellman" OPENSSL_VERSION_PTEXT; | 67 | const char DH_version[]="Diffie-Hellman" OPENSSL_VERSION_PTEXT; |
| 68 | 68 | ||
| 69 | static const DH_METHOD *default_DH_method = NULL; | 69 | static const DH_METHOD *default_DH_method = NULL; |
| 70 | 70 | ||
diff --git a/src/lib/libssl/src/crypto/dh/dhtest.c b/src/lib/libssl/src/crypto/dh/dhtest.c index b76dede771..882f5c310a 100644 --- a/src/lib/libssl/src/crypto/dh/dhtest.c +++ b/src/lib/libssl/src/crypto/dh/dhtest.c | |||
| @@ -56,6 +56,12 @@ | |||
| 56 | * [including the GNU Public Licence.] | 56 | * [including the GNU Public Licence.] |
| 57 | */ | 57 | */ |
| 58 | 58 | ||
| 59 | /* Until the key-gen callbacks are modified to use newer prototypes, we allow | ||
| 60 | * deprecated functions for openssl-internal code */ | ||
| 61 | #ifdef OPENSSL_NO_DEPRECATED | ||
| 62 | #undef OPENSSL_NO_DEPRECATED | ||
| 63 | #endif | ||
| 64 | |||
| 59 | #include <stdio.h> | 65 | #include <stdio.h> |
| 60 | #include <stdlib.h> | 66 | #include <stdlib.h> |
| 61 | #include <string.h> | 67 | #include <string.h> |
| @@ -83,12 +89,13 @@ int main(int argc, char *argv[]) | |||
| 83 | #define MS_CALLBACK | 89 | #define MS_CALLBACK |
| 84 | #endif | 90 | #endif |
| 85 | 91 | ||
| 86 | static void MS_CALLBACK cb(int p, int n, void *arg); | 92 | static int MS_CALLBACK cb(int p, int n, BN_GENCB *arg); |
| 87 | 93 | ||
| 88 | static const char rnd_seed[] = "string to make the random number generator think it has entropy"; | 94 | static const char rnd_seed[] = "string to make the random number generator think it has entropy"; |
| 89 | 95 | ||
| 90 | int main(int argc, char *argv[]) | 96 | int main(int argc, char *argv[]) |
| 91 | { | 97 | { |
| 98 | BN_GENCB _cb; | ||
| 92 | DH *a; | 99 | DH *a; |
| 93 | DH *b=NULL; | 100 | DH *b=NULL; |
| 94 | char buf[12]; | 101 | char buf[12]; |
| @@ -110,8 +117,10 @@ int main(int argc, char *argv[]) | |||
| 110 | if (out == NULL) EXIT(1); | 117 | if (out == NULL) EXIT(1); |
| 111 | BIO_set_fp(out,stdout,BIO_NOCLOSE); | 118 | BIO_set_fp(out,stdout,BIO_NOCLOSE); |
| 112 | 119 | ||
| 113 | a=DH_generate_parameters(64,DH_GENERATOR_5,cb,out); | 120 | BN_GENCB_set(&_cb, &cb, out); |
| 114 | if (a == NULL) goto err; | 121 | if(((a = DH_new()) == NULL) || !DH_generate_parameters_ex(a, 64, |
| 122 | DH_GENERATOR_5, &_cb)) | ||
| 123 | goto err; | ||
| 115 | 124 | ||
| 116 | if (!DH_check(a, &i)) goto err; | 125 | if (!DH_check(a, &i)) goto err; |
| 117 | if (i & DH_CHECK_P_NOT_PRIME) | 126 | if (i & DH_CHECK_P_NOT_PRIME) |
| @@ -192,14 +201,14 @@ err: | |||
| 192 | if(b != NULL) DH_free(b); | 201 | if(b != NULL) DH_free(b); |
| 193 | if(a != NULL) DH_free(a); | 202 | if(a != NULL) DH_free(a); |
| 194 | BIO_free(out); | 203 | BIO_free(out); |
| 195 | CRYPTO_cleanup_all_ex_data(); | 204 | #ifdef OPENSSL_SYS_NETWARE |
| 196 | ERR_remove_state(0); | 205 | if (ret) printf("ERROR: %d\n", ret); |
| 197 | CRYPTO_mem_leaks_fp(stderr); | 206 | #endif |
| 198 | EXIT(ret); | 207 | EXIT(ret); |
| 199 | return(ret); | 208 | return(ret); |
| 200 | } | 209 | } |
| 201 | 210 | ||
| 202 | static void MS_CALLBACK cb(int p, int n, void *arg) | 211 | static int MS_CALLBACK cb(int p, int n, BN_GENCB *arg) |
| 203 | { | 212 | { |
| 204 | char c='*'; | 213 | char c='*'; |
| 205 | 214 | ||
| @@ -207,10 +216,11 @@ static void MS_CALLBACK cb(int p, int n, void *arg) | |||
| 207 | if (p == 1) c='+'; | 216 | if (p == 1) c='+'; |
| 208 | if (p == 2) c='*'; | 217 | if (p == 2) c='*'; |
| 209 | if (p == 3) c='\n'; | 218 | if (p == 3) c='\n'; |
| 210 | BIO_write((BIO *)arg,&c,1); | 219 | BIO_write(arg->arg,&c,1); |
| 211 | (void)BIO_flush((BIO *)arg); | 220 | (void)BIO_flush(arg->arg); |
| 212 | #ifdef LINT | 221 | #ifdef LINT |
| 213 | p=n; | 222 | p=n; |
| 214 | #endif | 223 | #endif |
| 224 | return 1; | ||
| 215 | } | 225 | } |
| 216 | #endif | 226 | #endif |
diff --git a/src/lib/libssl/src/crypto/dsa/dsa.h b/src/lib/libssl/src/crypto/dsa/dsa.h index aa0669eb7a..c079154625 100644 --- a/src/lib/libssl/src/crypto/dsa/dsa.h +++ b/src/lib/libssl/src/crypto/dsa/dsa.h | |||
| @@ -65,6 +65,8 @@ | |||
| 65 | #ifndef HEADER_DSA_H | 65 | #ifndef HEADER_DSA_H |
| 66 | #define HEADER_DSA_H | 66 | #define HEADER_DSA_H |
| 67 | 67 | ||
| 68 | #include <openssl/e_os2.h> | ||
| 69 | |||
| 68 | #ifdef OPENSSL_NO_DSA | 70 | #ifdef OPENSSL_NO_DSA |
| 69 | #error DSA is disabled. | 71 | #error DSA is disabled. |
| 70 | #endif | 72 | #endif |
| @@ -72,12 +74,19 @@ | |||
| 72 | #ifndef OPENSSL_NO_BIO | 74 | #ifndef OPENSSL_NO_BIO |
| 73 | #include <openssl/bio.h> | 75 | #include <openssl/bio.h> |
| 74 | #endif | 76 | #endif |
| 75 | #include <openssl/bn.h> | ||
| 76 | #include <openssl/crypto.h> | 77 | #include <openssl/crypto.h> |
| 77 | #include <openssl/ossl_typ.h> | 78 | #include <openssl/ossl_typ.h> |
| 79 | |||
| 80 | #ifndef OPENSSL_NO_DEPRECATED | ||
| 81 | #include <openssl/bn.h> | ||
| 78 | #ifndef OPENSSL_NO_DH | 82 | #ifndef OPENSSL_NO_DH |
| 79 | # include <openssl/dh.h> | 83 | # include <openssl/dh.h> |
| 80 | #endif | 84 | #endif |
| 85 | #endif | ||
| 86 | |||
| 87 | #ifndef OPENSSL_DSA_MAX_MODULUS_BITS | ||
| 88 | # define OPENSSL_DSA_MAX_MODULUS_BITS 10000 | ||
| 89 | #endif | ||
| 81 | 90 | ||
| 82 | #define OPENSSL_DSA_MAX_MODULUS_BITS 3072 | 91 | #define OPENSSL_DSA_MAX_MODULUS_BITS 3072 |
| 83 | 92 | ||
| @@ -90,22 +99,13 @@ | |||
| 90 | * be used for all exponents. | 99 | * be used for all exponents. |
| 91 | */ | 100 | */ |
| 92 | 101 | ||
| 93 | /* If this flag is set external DSA_METHOD callbacks are allowed in FIPS mode | ||
| 94 | * it is then the applications responsibility to ensure the external method | ||
| 95 | * is compliant. | ||
| 96 | */ | ||
| 97 | |||
| 98 | #define DSA_FLAG_FIPS_EXTERNAL_METHOD_ALLOW 0x04 | ||
| 99 | |||
| 100 | #if defined(OPENSSL_FIPS) | ||
| 101 | #define FIPS_DSA_SIZE_T int | ||
| 102 | #endif | ||
| 103 | |||
| 104 | #ifdef __cplusplus | 102 | #ifdef __cplusplus |
| 105 | extern "C" { | 103 | extern "C" { |
| 106 | #endif | 104 | #endif |
| 107 | 105 | ||
| 108 | typedef struct dsa_st DSA; | 106 | /* Already defined in ossl_typ.h */ |
| 107 | /* typedef struct dsa_st DSA; */ | ||
| 108 | /* typedef struct dsa_method DSA_METHOD; */ | ||
| 109 | 109 | ||
| 110 | typedef struct DSA_SIG_st | 110 | typedef struct DSA_SIG_st |
| 111 | { | 111 | { |
| @@ -113,7 +113,8 @@ typedef struct DSA_SIG_st | |||
| 113 | BIGNUM *s; | 113 | BIGNUM *s; |
| 114 | } DSA_SIG; | 114 | } DSA_SIG; |
| 115 | 115 | ||
| 116 | typedef struct dsa_method { | 116 | struct dsa_method |
| 117 | { | ||
| 117 | const char *name; | 118 | const char *name; |
| 118 | DSA_SIG * (*dsa_do_sign)(const unsigned char *dgst, int dlen, DSA *dsa); | 119 | DSA_SIG * (*dsa_do_sign)(const unsigned char *dgst, int dlen, DSA *dsa); |
| 119 | int (*dsa_sign_setup)(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, | 120 | int (*dsa_sign_setup)(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, |
| @@ -130,7 +131,14 @@ typedef struct dsa_method { | |||
| 130 | int (*finish)(DSA *dsa); | 131 | int (*finish)(DSA *dsa); |
| 131 | int flags; | 132 | int flags; |
| 132 | char *app_data; | 133 | char *app_data; |
| 133 | } DSA_METHOD; | 134 | /* If this is non-NULL, it is used to generate DSA parameters */ |
| 135 | int (*dsa_paramgen)(DSA *dsa, int bits, | ||
| 136 | unsigned char *seed, int seed_len, | ||
| 137 | int *counter_ret, unsigned long *h_ret, | ||
| 138 | BN_GENCB *cb); | ||
| 139 | /* If this is non-NULL, it is used to generate DSA keys */ | ||
| 140 | int (*dsa_keygen)(DSA *dsa); | ||
| 141 | }; | ||
| 134 | 142 | ||
| 135 | struct dsa_st | 143 | struct dsa_st |
| 136 | { | 144 | { |
| @@ -151,7 +159,7 @@ struct dsa_st | |||
| 151 | 159 | ||
| 152 | int flags; | 160 | int flags; |
| 153 | /* Normally used to cache montgomery values */ | 161 | /* Normally used to cache montgomery values */ |
| 154 | char *method_mont_p; | 162 | BN_MONT_CTX *method_mont_p; |
| 155 | int references; | 163 | int references; |
| 156 | CRYPTO_EX_DATA ex_data; | 164 | CRYPTO_EX_DATA ex_data; |
| 157 | const DSA_METHOD *meth; | 165 | const DSA_METHOD *meth; |
| @@ -159,16 +167,13 @@ struct dsa_st | |||
| 159 | ENGINE *engine; | 167 | ENGINE *engine; |
| 160 | }; | 168 | }; |
| 161 | 169 | ||
| 162 | #define DSAparams_dup(x) (DSA *)ASN1_dup((int (*)())i2d_DSAparams, \ | 170 | #define DSAparams_dup(x) ASN1_dup_of_const(DSA,i2d_DSAparams,d2i_DSAparams,x) |
| 163 | (char *(*)())d2i_DSAparams,(char *)(x)) | ||
| 164 | #define d2i_DSAparams_fp(fp,x) (DSA *)ASN1_d2i_fp((char *(*)())DSA_new, \ | 171 | #define d2i_DSAparams_fp(fp,x) (DSA *)ASN1_d2i_fp((char *(*)())DSA_new, \ |
| 165 | (char *(*)())d2i_DSAparams,(fp),(unsigned char **)(x)) | 172 | (char *(*)())d2i_DSAparams,(fp),(unsigned char **)(x)) |
| 166 | #define i2d_DSAparams_fp(fp,x) ASN1_i2d_fp(i2d_DSAparams,(fp), \ | 173 | #define i2d_DSAparams_fp(fp,x) ASN1_i2d_fp(i2d_DSAparams,(fp), \ |
| 167 | (unsigned char *)(x)) | 174 | (unsigned char *)(x)) |
| 168 | #define d2i_DSAparams_bio(bp,x) (DSA *)ASN1_d2i_bio((char *(*)())DSA_new, \ | 175 | #define d2i_DSAparams_bio(bp,x) ASN1_d2i_bio_of(DSA,DSA_new,d2i_DSAparams,bp,x) |
| 169 | (char *(*)())d2i_DSAparams,(bp),(unsigned char **)(x)) | 176 | #define i2d_DSAparams_bio(bp,x) ASN1_i2d_bio_of_const(DSA,i2d_DSAparams,bp,x) |
| 170 | #define i2d_DSAparams_bio(bp,x) ASN1_i2d_bio(i2d_DSAparams,(bp), \ | ||
| 171 | (unsigned char *)(x)) | ||
| 172 | 177 | ||
| 173 | 178 | ||
| 174 | DSA_SIG * DSA_SIG_new(void); | 179 | DSA_SIG * DSA_SIG_new(void); |
| @@ -206,10 +211,20 @@ void *DSA_get_ex_data(DSA *d, int idx); | |||
| 206 | DSA * d2i_DSAPublicKey(DSA **a, const unsigned char **pp, long length); | 211 | DSA * d2i_DSAPublicKey(DSA **a, const unsigned char **pp, long length); |
| 207 | DSA * d2i_DSAPrivateKey(DSA **a, const unsigned char **pp, long length); | 212 | DSA * d2i_DSAPrivateKey(DSA **a, const unsigned char **pp, long length); |
| 208 | DSA * d2i_DSAparams(DSA **a, const unsigned char **pp, long length); | 213 | DSA * d2i_DSAparams(DSA **a, const unsigned char **pp, long length); |
| 214 | |||
| 215 | /* Deprecated version */ | ||
| 216 | #ifndef OPENSSL_NO_DEPRECATED | ||
| 209 | DSA * DSA_generate_parameters(int bits, | 217 | DSA * DSA_generate_parameters(int bits, |
| 210 | unsigned char *seed,int seed_len, | 218 | unsigned char *seed,int seed_len, |
| 211 | int *counter_ret, unsigned long *h_ret,void | 219 | int *counter_ret, unsigned long *h_ret,void |
| 212 | (*callback)(int, int, void *),void *cb_arg); | 220 | (*callback)(int, int, void *),void *cb_arg); |
| 221 | #endif /* !defined(OPENSSL_NO_DEPRECATED) */ | ||
| 222 | |||
| 223 | /* New version */ | ||
| 224 | int DSA_generate_parameters_ex(DSA *dsa, int bits, | ||
| 225 | unsigned char *seed,int seed_len, | ||
| 226 | int *counter_ret, unsigned long *h_ret, BN_GENCB *cb); | ||
| 227 | |||
| 213 | int DSA_generate_key(DSA *a); | 228 | int DSA_generate_key(DSA *a); |
| 214 | int i2d_DSAPublicKey(const DSA *a, unsigned char **pp); | 229 | int i2d_DSAPublicKey(const DSA *a, unsigned char **pp); |
| 215 | int i2d_DSAPrivateKey(const DSA *a, unsigned char **pp); | 230 | int i2d_DSAPrivateKey(const DSA *a, unsigned char **pp); |
diff --git a/src/lib/libssl/src/crypto/dsa/dsa_err.c b/src/lib/libssl/src/crypto/dsa/dsa_err.c index d7fac69154..768711994b 100644 --- a/src/lib/libssl/src/crypto/dsa/dsa_err.c +++ b/src/lib/libssl/src/crypto/dsa/dsa_err.c | |||
| @@ -100,15 +100,12 @@ static ERR_STRING_DATA DSA_str_reasons[]= | |||
| 100 | 100 | ||
| 101 | void ERR_load_DSA_strings(void) | 101 | void ERR_load_DSA_strings(void) |
| 102 | { | 102 | { |
| 103 | static int init=1; | 103 | #ifndef OPENSSL_NO_ERR |
| 104 | 104 | ||
| 105 | if (init) | 105 | if (ERR_func_error_string(DSA_str_functs[0].error) == NULL) |
| 106 | { | 106 | { |
| 107 | init=0; | ||
| 108 | #ifndef OPENSSL_NO_ERR | ||
| 109 | ERR_load_strings(0,DSA_str_functs); | 107 | ERR_load_strings(0,DSA_str_functs); |
| 110 | ERR_load_strings(0,DSA_str_reasons); | 108 | ERR_load_strings(0,DSA_str_reasons); |
| 111 | #endif | ||
| 112 | |||
| 113 | } | 109 | } |
| 110 | #endif | ||
| 114 | } | 111 | } |
diff --git a/src/lib/libssl/src/crypto/dsa/dsa_gen.c b/src/lib/libssl/src/crypto/dsa/dsa_gen.c index e40afeea51..ca0b86a6cf 100644 --- a/src/lib/libssl/src/crypto/dsa/dsa_gen.c +++ b/src/lib/libssl/src/crypto/dsa/dsa_gen.c | |||
| @@ -69,6 +69,8 @@ | |||
| 69 | #define HASH EVP_sha1() | 69 | #define HASH EVP_sha1() |
| 70 | #endif | 70 | #endif |
| 71 | 71 | ||
| 72 | #include <openssl/opensslconf.h> /* To see if OPENSSL_NO_SHA is defined */ | ||
| 73 | |||
| 72 | #ifndef OPENSSL_NO_SHA | 74 | #ifndef OPENSSL_NO_SHA |
| 73 | 75 | ||
| 74 | #include <stdio.h> | 76 | #include <stdio.h> |
| @@ -80,12 +82,24 @@ | |||
| 80 | #include <openssl/rand.h> | 82 | #include <openssl/rand.h> |
| 81 | #include <openssl/sha.h> | 83 | #include <openssl/sha.h> |
| 82 | 84 | ||
| 83 | #ifndef OPENSSL_FIPS | 85 | static int dsa_builtin_paramgen(DSA *ret, int bits, |
| 84 | DSA *DSA_generate_parameters(int bits, | 86 | unsigned char *seed_in, int seed_len, |
| 87 | int *counter_ret, unsigned long *h_ret, BN_GENCB *cb); | ||
| 88 | |||
| 89 | int DSA_generate_parameters_ex(DSA *ret, int bits, | ||
| 90 | unsigned char *seed_in, int seed_len, | ||
| 91 | int *counter_ret, unsigned long *h_ret, BN_GENCB *cb) | ||
| 92 | { | ||
| 93 | if(ret->meth->dsa_paramgen) | ||
| 94 | return ret->meth->dsa_paramgen(ret, bits, seed_in, seed_len, | ||
| 95 | counter_ret, h_ret, cb); | ||
| 96 | return dsa_builtin_paramgen(ret, bits, seed_in, seed_len, | ||
| 97 | counter_ret, h_ret, cb); | ||
| 98 | } | ||
| 99 | |||
| 100 | static int dsa_builtin_paramgen(DSA *ret, int bits, | ||
| 85 | unsigned char *seed_in, int seed_len, | 101 | unsigned char *seed_in, int seed_len, |
| 86 | int *counter_ret, unsigned long *h_ret, | 102 | int *counter_ret, unsigned long *h_ret, BN_GENCB *cb) |
| 87 | void (*callback)(int, int, void *), | ||
| 88 | void *cb_arg) | ||
| 89 | { | 103 | { |
| 90 | int ok=0; | 104 | int ok=0; |
| 91 | unsigned char seed[SHA_DIGEST_LENGTH]; | 105 | unsigned char seed[SHA_DIGEST_LENGTH]; |
| @@ -97,40 +111,43 @@ DSA *DSA_generate_parameters(int bits, | |||
| 97 | int k,n=0,i,b,m=0; | 111 | int k,n=0,i,b,m=0; |
| 98 | int counter=0; | 112 | int counter=0; |
| 99 | int r=0; | 113 | int r=0; |
| 100 | BN_CTX *ctx=NULL,*ctx2=NULL,*ctx3=NULL; | 114 | BN_CTX *ctx=NULL; |
| 101 | unsigned int h=2; | 115 | unsigned int h=2; |
| 102 | DSA *ret=NULL; | ||
| 103 | 116 | ||
| 104 | if (bits < 512) bits=512; | 117 | if (bits < 512) bits=512; |
| 105 | bits=(bits+63)/64*64; | 118 | bits=(bits+63)/64*64; |
| 106 | 119 | ||
| 107 | if (seed_len < 20) | 120 | /* NB: seed_len == 0 is special case: copy generated seed to |
| 121 | * seed_in if it is not NULL. | ||
| 122 | */ | ||
| 123 | if (seed_len && (seed_len < 20)) | ||
| 108 | seed_in = NULL; /* seed buffer too small -- ignore */ | 124 | seed_in = NULL; /* seed buffer too small -- ignore */ |
| 109 | if (seed_len > 20) | 125 | if (seed_len > 20) |
| 110 | seed_len = 20; /* App. 2.2 of FIPS PUB 186 allows larger SEED, | 126 | seed_len = 20; /* App. 2.2 of FIPS PUB 186 allows larger SEED, |
| 111 | * but our internal buffers are restricted to 160 bits*/ | 127 | * but our internal buffers are restricted to 160 bits*/ |
| 112 | if ((seed_in != NULL) && (seed_len == 20)) | 128 | if ((seed_in != NULL) && (seed_len == 20)) |
| 129 | { | ||
| 113 | memcpy(seed,seed_in,seed_len); | 130 | memcpy(seed,seed_in,seed_len); |
| 131 | /* set seed_in to NULL to avoid it being copied back */ | ||
| 132 | seed_in = NULL; | ||
| 133 | } | ||
| 114 | 134 | ||
| 115 | if ((ctx=BN_CTX_new()) == NULL) goto err; | 135 | if ((ctx=BN_CTX_new()) == NULL) goto err; |
| 116 | if ((ctx2=BN_CTX_new()) == NULL) goto err; | ||
| 117 | if ((ctx3=BN_CTX_new()) == NULL) goto err; | ||
| 118 | if ((ret=DSA_new()) == NULL) goto err; | ||
| 119 | 136 | ||
| 120 | if ((mont=BN_MONT_CTX_new()) == NULL) goto err; | 137 | if ((mont=BN_MONT_CTX_new()) == NULL) goto err; |
| 121 | 138 | ||
| 122 | BN_CTX_start(ctx2); | 139 | BN_CTX_start(ctx); |
| 123 | r0 = BN_CTX_get(ctx2); | 140 | r0 = BN_CTX_get(ctx); |
| 124 | g = BN_CTX_get(ctx2); | 141 | g = BN_CTX_get(ctx); |
| 125 | W = BN_CTX_get(ctx2); | 142 | W = BN_CTX_get(ctx); |
| 126 | q = BN_CTX_get(ctx2); | 143 | q = BN_CTX_get(ctx); |
| 127 | X = BN_CTX_get(ctx2); | 144 | X = BN_CTX_get(ctx); |
| 128 | c = BN_CTX_get(ctx2); | 145 | c = BN_CTX_get(ctx); |
| 129 | p = BN_CTX_get(ctx2); | 146 | p = BN_CTX_get(ctx); |
| 130 | test = BN_CTX_get(ctx2); | 147 | test = BN_CTX_get(ctx); |
| 131 | if (test == NULL) goto err; | ||
| 132 | 148 | ||
| 133 | if (!BN_lshift(test,BN_value_one(),bits-1)) goto err; | 149 | if (!BN_lshift(test,BN_value_one(),bits-1)) |
| 150 | goto err; | ||
| 134 | 151 | ||
| 135 | for (;;) | 152 | for (;;) |
| 136 | { | 153 | { |
| @@ -139,7 +156,8 @@ DSA *DSA_generate_parameters(int bits, | |||
| 139 | int seed_is_random; | 156 | int seed_is_random; |
| 140 | 157 | ||
| 141 | /* step 1 */ | 158 | /* step 1 */ |
| 142 | if (callback != NULL) callback(0,m++,cb_arg); | 159 | if(!BN_GENCB_call(cb, 0, m++)) |
| 160 | goto err; | ||
| 143 | 161 | ||
| 144 | if (!seed_len) | 162 | if (!seed_len) |
| 145 | { | 163 | { |
| @@ -172,7 +190,8 @@ DSA *DSA_generate_parameters(int bits, | |||
| 172 | if (!BN_bin2bn(md,SHA_DIGEST_LENGTH,q)) goto err; | 190 | if (!BN_bin2bn(md,SHA_DIGEST_LENGTH,q)) goto err; |
| 173 | 191 | ||
| 174 | /* step 4 */ | 192 | /* step 4 */ |
| 175 | r = BN_is_prime_fasttest(q, DSS_prime_checks, callback, ctx3, cb_arg, seed_is_random); | 193 | r = BN_is_prime_fasttest_ex(q, DSS_prime_checks, ctx, |
| 194 | seed_is_random, cb); | ||
| 176 | if (r > 0) | 195 | if (r > 0) |
| 177 | break; | 196 | break; |
| 178 | if (r != 0) | 197 | if (r != 0) |
| @@ -182,8 +201,8 @@ DSA *DSA_generate_parameters(int bits, | |||
| 182 | /* step 5 */ | 201 | /* step 5 */ |
| 183 | } | 202 | } |
| 184 | 203 | ||
| 185 | if (callback != NULL) callback(2,0,cb_arg); | 204 | if(!BN_GENCB_call(cb, 2, 0)) goto err; |
| 186 | if (callback != NULL) callback(3,0,cb_arg); | 205 | if(!BN_GENCB_call(cb, 3, 0)) goto err; |
| 187 | 206 | ||
| 188 | /* step 6 */ | 207 | /* step 6 */ |
| 189 | counter=0; | 208 | counter=0; |
| @@ -194,11 +213,11 @@ DSA *DSA_generate_parameters(int bits, | |||
| 194 | 213 | ||
| 195 | for (;;) | 214 | for (;;) |
| 196 | { | 215 | { |
| 197 | if (callback != NULL && counter != 0) | 216 | if ((counter != 0) && !BN_GENCB_call(cb, 0, counter)) |
| 198 | callback(0,counter,cb_arg); | 217 | goto err; |
| 199 | 218 | ||
| 200 | /* step 7 */ | 219 | /* step 7 */ |
| 201 | if (!BN_zero(W)) goto err; | 220 | BN_zero(W); |
| 202 | /* now 'buf' contains "SEED + offset - 1" */ | 221 | /* now 'buf' contains "SEED + offset - 1" */ |
| 203 | for (k=0; k<=n; k++) | 222 | for (k=0; k<=n; k++) |
| 204 | { | 223 | { |
| @@ -233,7 +252,8 @@ DSA *DSA_generate_parameters(int bits, | |||
| 233 | if (BN_cmp(p,test) >= 0) | 252 | if (BN_cmp(p,test) >= 0) |
| 234 | { | 253 | { |
| 235 | /* step 11 */ | 254 | /* step 11 */ |
| 236 | r = BN_is_prime_fasttest(p, DSS_prime_checks, callback, ctx3, cb_arg, 1); | 255 | r = BN_is_prime_fasttest_ex(p, DSS_prime_checks, |
| 256 | ctx, 1, cb); | ||
| 237 | if (r > 0) | 257 | if (r > 0) |
| 238 | goto end; /* found it */ | 258 | goto end; /* found it */ |
| 239 | if (r != 0) | 259 | if (r != 0) |
| @@ -249,7 +269,8 @@ DSA *DSA_generate_parameters(int bits, | |||
| 249 | } | 269 | } |
| 250 | } | 270 | } |
| 251 | end: | 271 | end: |
| 252 | if (callback != NULL) callback(2,1,cb_arg); | 272 | if(!BN_GENCB_call(cb, 2, 1)) |
| 273 | goto err; | ||
| 253 | 274 | ||
| 254 | /* We now need to generate g */ | 275 | /* We now need to generate g */ |
| 255 | /* Set r0=(p-1)/q */ | 276 | /* Set r0=(p-1)/q */ |
| @@ -268,16 +289,16 @@ end: | |||
| 268 | h++; | 289 | h++; |
| 269 | } | 290 | } |
| 270 | 291 | ||
| 271 | if (callback != NULL) callback(3,1,cb_arg); | 292 | if(!BN_GENCB_call(cb, 3, 1)) |
| 293 | goto err; | ||
| 272 | 294 | ||
| 273 | ok=1; | 295 | ok=1; |
| 274 | err: | 296 | err: |
| 275 | if (!ok) | 297 | if (ok) |
| 276 | { | ||
| 277 | if (ret != NULL) DSA_free(ret); | ||
| 278 | } | ||
| 279 | else | ||
| 280 | { | 298 | { |
| 299 | if(ret->p) BN_free(ret->p); | ||
| 300 | if(ret->q) BN_free(ret->q); | ||
| 301 | if(ret->g) BN_free(ret->g); | ||
| 281 | ret->p=BN_dup(p); | 302 | ret->p=BN_dup(p); |
| 282 | ret->q=BN_dup(q); | 303 | ret->q=BN_dup(q); |
| 283 | ret->g=BN_dup(g); | 304 | ret->g=BN_dup(g); |
| @@ -286,20 +307,16 @@ err: | |||
| 286 | ok=0; | 307 | ok=0; |
| 287 | goto err; | 308 | goto err; |
| 288 | } | 309 | } |
| 289 | if ((m > 1) && (seed_in != NULL)) memcpy(seed_in,seed,20); | 310 | if (seed_in != NULL) memcpy(seed_in,seed,20); |
| 290 | if (counter_ret != NULL) *counter_ret=counter; | 311 | if (counter_ret != NULL) *counter_ret=counter; |
| 291 | if (h_ret != NULL) *h_ret=h; | 312 | if (h_ret != NULL) *h_ret=h; |
| 292 | } | 313 | } |
| 293 | if (ctx != NULL) BN_CTX_free(ctx); | 314 | if(ctx) |
| 294 | if (ctx2 != NULL) | ||
| 295 | { | 315 | { |
| 296 | BN_CTX_end(ctx2); | 316 | BN_CTX_end(ctx); |
| 297 | BN_CTX_free(ctx2); | 317 | BN_CTX_free(ctx); |
| 298 | } | 318 | } |
| 299 | if (ctx3 != NULL) BN_CTX_free(ctx3); | ||
| 300 | if (mont != NULL) BN_MONT_CTX_free(mont); | 319 | if (mont != NULL) BN_MONT_CTX_free(mont); |
| 301 | return(ok?ret:NULL); | 320 | return ok; |
| 302 | } | 321 | } |
| 303 | #endif /* ndef OPENSSL_FIPS */ | 322 | #endif |
| 304 | #endif /* ndef OPENSSL_NO_SHA */ | ||
| 305 | |||
diff --git a/src/lib/libssl/src/crypto/dsa/dsa_key.c b/src/lib/libssl/src/crypto/dsa/dsa_key.c index 980b6dc2d3..c4aa86bc6d 100644 --- a/src/lib/libssl/src/crypto/dsa/dsa_key.c +++ b/src/lib/libssl/src/crypto/dsa/dsa_key.c | |||
| @@ -56,17 +56,25 @@ | |||
| 56 | * [including the GNU Public Licence.] | 56 | * [including the GNU Public Licence.] |
| 57 | */ | 57 | */ |
| 58 | 58 | ||
| 59 | #ifndef OPENSSL_NO_SHA | ||
| 60 | #include <stdio.h> | 59 | #include <stdio.h> |
| 61 | #include <time.h> | 60 | #include <time.h> |
| 62 | #include "cryptlib.h" | 61 | #include "cryptlib.h" |
| 62 | #ifndef OPENSSL_NO_SHA | ||
| 63 | #include <openssl/bn.h> | 63 | #include <openssl/bn.h> |
| 64 | #include <openssl/dsa.h> | 64 | #include <openssl/dsa.h> |
| 65 | #include <openssl/rand.h> | 65 | #include <openssl/rand.h> |
| 66 | 66 | ||
| 67 | #ifndef OPENSSL_FIPS | 67 | static int dsa_builtin_keygen(DSA *dsa); |
| 68 | |||
| 68 | int DSA_generate_key(DSA *dsa) | 69 | int DSA_generate_key(DSA *dsa) |
| 69 | { | 70 | { |
| 71 | if(dsa->meth->dsa_keygen) | ||
| 72 | return dsa->meth->dsa_keygen(dsa); | ||
| 73 | return dsa_builtin_keygen(dsa); | ||
| 74 | } | ||
| 75 | |||
| 76 | static int dsa_builtin_keygen(DSA *dsa) | ||
| 77 | { | ||
| 70 | int ok=0; | 78 | int ok=0; |
| 71 | BN_CTX *ctx=NULL; | 79 | BN_CTX *ctx=NULL; |
| 72 | BIGNUM *pub_key=NULL,*priv_key=NULL; | 80 | BIGNUM *pub_key=NULL,*priv_key=NULL; |
| @@ -99,7 +107,7 @@ int DSA_generate_key(DSA *dsa) | |||
| 99 | { | 107 | { |
| 100 | BN_init(&local_prk); | 108 | BN_init(&local_prk); |
| 101 | prk = &local_prk; | 109 | prk = &local_prk; |
| 102 | BN_with_flags(prk, priv_key, BN_FLG_EXP_CONSTTIME); | 110 | BN_with_flags(prk, priv_key, BN_FLG_CONSTTIME); |
| 103 | } | 111 | } |
| 104 | else | 112 | else |
| 105 | prk = priv_key; | 113 | prk = priv_key; |
| @@ -118,4 +126,3 @@ err: | |||
| 118 | return(ok); | 126 | return(ok); |
| 119 | } | 127 | } |
| 120 | #endif | 128 | #endif |
| 121 | #endif | ||
diff --git a/src/lib/libssl/src/crypto/dsa/dsa_lib.c b/src/lib/libssl/src/crypto/dsa/dsa_lib.c index 4171af24c6..e9b75902db 100644 --- a/src/lib/libssl/src/crypto/dsa/dsa_lib.c +++ b/src/lib/libssl/src/crypto/dsa/dsa_lib.c | |||
| @@ -66,8 +66,11 @@ | |||
| 66 | #ifndef OPENSSL_NO_ENGINE | 66 | #ifndef OPENSSL_NO_ENGINE |
| 67 | #include <openssl/engine.h> | 67 | #include <openssl/engine.h> |
| 68 | #endif | 68 | #endif |
| 69 | #ifndef OPENSSL_NO_DH | ||
| 70 | #include <openssl/dh.h> | ||
| 71 | #endif | ||
| 69 | 72 | ||
| 70 | const char *DSA_version="DSA" OPENSSL_VERSION_PTEXT; | 73 | const char DSA_version[]="DSA" OPENSSL_VERSION_PTEXT; |
| 71 | 74 | ||
| 72 | static const DSA_METHOD *default_DSA_method = NULL; | 75 | static const DSA_METHOD *default_DSA_method = NULL; |
| 73 | 76 | ||
diff --git a/src/lib/libssl/src/crypto/dsa/dsa_ossl.c b/src/lib/libssl/src/crypto/dsa/dsa_ossl.c index 5de5fc7e91..75ff7cc4af 100644 --- a/src/lib/libssl/src/crypto/dsa/dsa_ossl.c +++ b/src/lib/libssl/src/crypto/dsa/dsa_ossl.c | |||
| @@ -65,33 +65,63 @@ | |||
| 65 | #include <openssl/rand.h> | 65 | #include <openssl/rand.h> |
| 66 | #include <openssl/asn1.h> | 66 | #include <openssl/asn1.h> |
| 67 | 67 | ||
| 68 | #ifndef OPENSSL_FIPS | ||
| 69 | static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa); | 68 | static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa); |
| 70 | static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp); | 69 | static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp); |
| 71 | static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig, | 70 | static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig, |
| 72 | DSA *dsa); | 71 | DSA *dsa); |
| 73 | static int dsa_init(DSA *dsa); | 72 | static int dsa_init(DSA *dsa); |
| 74 | static int dsa_finish(DSA *dsa); | 73 | static int dsa_finish(DSA *dsa); |
| 75 | static int dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1, BIGNUM *p1, | ||
| 76 | BIGNUM *a2, BIGNUM *p2, BIGNUM *m, BN_CTX *ctx, | ||
| 77 | BN_MONT_CTX *in_mont); | ||
| 78 | static int dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p, | ||
| 79 | const BIGNUM *m, BN_CTX *ctx, | ||
| 80 | BN_MONT_CTX *m_ctx); | ||
| 81 | 74 | ||
| 82 | static DSA_METHOD openssl_dsa_meth = { | 75 | static DSA_METHOD openssl_dsa_meth = { |
| 83 | "OpenSSL DSA method", | 76 | "OpenSSL DSA method", |
| 84 | dsa_do_sign, | 77 | dsa_do_sign, |
| 85 | dsa_sign_setup, | 78 | dsa_sign_setup, |
| 86 | dsa_do_verify, | 79 | dsa_do_verify, |
| 87 | dsa_mod_exp, | 80 | NULL, /* dsa_mod_exp, */ |
| 88 | dsa_bn_mod_exp, | 81 | NULL, /* dsa_bn_mod_exp, */ |
| 89 | dsa_init, | 82 | dsa_init, |
| 90 | dsa_finish, | 83 | dsa_finish, |
| 91 | 0, | 84 | 0, |
| 85 | NULL, | ||
| 86 | NULL, | ||
| 92 | NULL | 87 | NULL |
| 93 | }; | 88 | }; |
| 94 | 89 | ||
| 90 | /* These macro wrappers replace attempts to use the dsa_mod_exp() and | ||
| 91 | * bn_mod_exp() handlers in the DSA_METHOD structure. We avoid the problem of | ||
| 92 | * having a the macro work as an expression by bundling an "err_instr". So; | ||
| 93 | * | ||
| 94 | * if (!dsa->meth->bn_mod_exp(dsa, r,dsa->g,&k,dsa->p,ctx, | ||
| 95 | * dsa->method_mont_p)) goto err; | ||
| 96 | * | ||
| 97 | * can be replaced by; | ||
| 98 | * | ||
| 99 | * DSA_BN_MOD_EXP(goto err, dsa, r, dsa->g, &k, dsa->p, ctx, | ||
| 100 | * dsa->method_mont_p); | ||
| 101 | */ | ||
| 102 | |||
| 103 | #define DSA_MOD_EXP(err_instr,dsa,rr,a1,p1,a2,p2,m,ctx,in_mont) \ | ||
| 104 | do { \ | ||
| 105 | int _tmp_res53; \ | ||
| 106 | if((dsa)->meth->dsa_mod_exp) \ | ||
| 107 | _tmp_res53 = (dsa)->meth->dsa_mod_exp((dsa), (rr), (a1), (p1), \ | ||
| 108 | (a2), (p2), (m), (ctx), (in_mont)); \ | ||
| 109 | else \ | ||
| 110 | _tmp_res53 = BN_mod_exp2_mont((rr), (a1), (p1), (a2), (p2), \ | ||
| 111 | (m), (ctx), (in_mont)); \ | ||
| 112 | if(!_tmp_res53) err_instr; \ | ||
| 113 | } while(0) | ||
| 114 | #define DSA_BN_MOD_EXP(err_instr,dsa,r,a,p,m,ctx,m_ctx) \ | ||
| 115 | do { \ | ||
| 116 | int _tmp_res53; \ | ||
| 117 | if((dsa)->meth->bn_mod_exp) \ | ||
| 118 | _tmp_res53 = (dsa)->meth->bn_mod_exp((dsa), (r), (a), (p), \ | ||
| 119 | (m), (ctx), (m_ctx)); \ | ||
| 120 | else \ | ||
| 121 | _tmp_res53 = BN_mod_exp_mont((r), (a), (p), (m), (ctx), (m_ctx)); \ | ||
| 122 | if(!_tmp_res53) err_instr; \ | ||
| 123 | } while(0) | ||
| 124 | |||
| 95 | const DSA_METHOD *DSA_OpenSSL(void) | 125 | const DSA_METHOD *DSA_OpenSSL(void) |
| 96 | { | 126 | { |
| 97 | return &openssl_dsa_meth; | 127 | return &openssl_dsa_meth; |
| @@ -199,12 +229,12 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp) | |||
| 199 | while (BN_is_zero(&k)); | 229 | while (BN_is_zero(&k)); |
| 200 | if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0) | 230 | if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0) |
| 201 | { | 231 | { |
| 202 | BN_set_flags(&k, BN_FLG_EXP_CONSTTIME); | 232 | BN_set_flags(&k, BN_FLG_CONSTTIME); |
| 203 | } | 233 | } |
| 204 | 234 | ||
| 205 | if (dsa->flags & DSA_FLAG_CACHE_MONT_P) | 235 | if (dsa->flags & DSA_FLAG_CACHE_MONT_P) |
| 206 | { | 236 | { |
| 207 | if (!BN_MONT_CTX_set_locked((BN_MONT_CTX **)&dsa->method_mont_p, | 237 | if (!BN_MONT_CTX_set_locked(&dsa->method_mont_p, |
| 208 | CRYPTO_LOCK_DSA, | 238 | CRYPTO_LOCK_DSA, |
| 209 | dsa->p, ctx)) | 239 | dsa->p, ctx)) |
| 210 | goto err; | 240 | goto err; |
| @@ -234,8 +264,8 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp) | |||
| 234 | { | 264 | { |
| 235 | K = &k; | 265 | K = &k; |
| 236 | } | 266 | } |
| 237 | if (!dsa->meth->bn_mod_exp(dsa, r,dsa->g,K,dsa->p,ctx, | 267 | DSA_BN_MOD_EXP(goto err, dsa, r, dsa->g, K, dsa->p, ctx, |
| 238 | (BN_MONT_CTX *)dsa->method_mont_p)) goto err; | 268 | dsa->method_mont_p); |
| 239 | if (!BN_mod(r,r,dsa->q,ctx)) goto err; | 269 | if (!BN_mod(r,r,dsa->q,ctx)) goto err; |
| 240 | 270 | ||
| 241 | /* Compute part of 's = inv(k) (m + xr) mod q' */ | 271 | /* Compute part of 's = inv(k) (m + xr) mod q' */ |
| @@ -292,12 +322,14 @@ static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig, | |||
| 292 | 322 | ||
| 293 | if ((ctx=BN_CTX_new()) == NULL) goto err; | 323 | if ((ctx=BN_CTX_new()) == NULL) goto err; |
| 294 | 324 | ||
| 295 | if (BN_is_zero(sig->r) || sig->r->neg || BN_ucmp(sig->r, dsa->q) >= 0) | 325 | if (BN_is_zero(sig->r) || BN_is_negative(sig->r) || |
| 326 | BN_ucmp(sig->r, dsa->q) >= 0) | ||
| 296 | { | 327 | { |
| 297 | ret = 0; | 328 | ret = 0; |
| 298 | goto err; | 329 | goto err; |
| 299 | } | 330 | } |
| 300 | if (BN_is_zero(sig->s) || sig->s->neg || BN_ucmp(sig->s, dsa->q) >= 0) | 331 | if (BN_is_zero(sig->s) || BN_is_negative(sig->s) || |
| 332 | BN_ucmp(sig->s, dsa->q) >= 0) | ||
| 301 | { | 333 | { |
| 302 | ret = 0; | 334 | ret = 0; |
| 303 | goto err; | 335 | goto err; |
| @@ -319,43 +351,25 @@ static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig, | |||
| 319 | 351 | ||
| 320 | if (dsa->flags & DSA_FLAG_CACHE_MONT_P) | 352 | if (dsa->flags & DSA_FLAG_CACHE_MONT_P) |
| 321 | { | 353 | { |
| 322 | mont = BN_MONT_CTX_set_locked( | 354 | mont = BN_MONT_CTX_set_locked(&dsa->method_mont_p, |
| 323 | (BN_MONT_CTX **)&dsa->method_mont_p, | ||
| 324 | CRYPTO_LOCK_DSA, dsa->p, ctx); | 355 | CRYPTO_LOCK_DSA, dsa->p, ctx); |
| 325 | if (!mont) | 356 | if (!mont) |
| 326 | goto err; | 357 | goto err; |
| 327 | } | 358 | } |
| 328 | 359 | ||
| 329 | #if 0 | 360 | |
| 330 | { | 361 | DSA_MOD_EXP(goto err, dsa, &t1, dsa->g, &u1, dsa->pub_key, &u2, dsa->p, ctx, mont); |
| 331 | BIGNUM t2; | ||
| 332 | |||
| 333 | BN_init(&t2); | ||
| 334 | /* v = ( g^u1 * y^u2 mod p ) mod q */ | ||
| 335 | /* let t1 = g ^ u1 mod p */ | ||
| 336 | if (!BN_mod_exp_mont(&t1,dsa->g,&u1,dsa->p,ctx,mont)) goto err; | ||
| 337 | /* let t2 = y ^ u2 mod p */ | ||
| 338 | if (!BN_mod_exp_mont(&t2,dsa->pub_key,&u2,dsa->p,ctx,mont)) goto err; | ||
| 339 | /* let u1 = t1 * t2 mod p */ | ||
| 340 | if (!BN_mod_mul(&u1,&t1,&t2,dsa->p,ctx)) goto err_bn; | ||
| 341 | BN_free(&t2); | ||
| 342 | } | ||
| 343 | /* let u1 = u1 mod q */ | ||
| 344 | if (!BN_mod(&u1,&u1,dsa->q,ctx)) goto err; | ||
| 345 | #else | ||
| 346 | { | ||
| 347 | if (!dsa->meth->dsa_mod_exp(dsa, &t1,dsa->g,&u1,dsa->pub_key,&u2, | ||
| 348 | dsa->p,ctx,mont)) goto err; | ||
| 349 | /* BN_copy(&u1,&t1); */ | 362 | /* BN_copy(&u1,&t1); */ |
| 350 | /* let u1 = u1 mod q */ | 363 | /* let u1 = u1 mod q */ |
| 351 | if (!BN_mod(&u1,&t1,dsa->q,ctx)) goto err; | 364 | if (!BN_mod(&u1,&t1,dsa->q,ctx)) goto err; |
| 352 | } | 365 | |
| 353 | #endif | ||
| 354 | /* V is now in u1. If the signature is correct, it will be | 366 | /* V is now in u1. If the signature is correct, it will be |
| 355 | * equal to R. */ | 367 | * equal to R. */ |
| 356 | ret=(BN_ucmp(&u1, sig->r) == 0); | 368 | ret=(BN_ucmp(&u1, sig->r) == 0); |
| 357 | 369 | ||
| 358 | err: | 370 | err: |
| 371 | /* XXX: surely this is wrong - if ret is 0, it just didn't verify; | ||
| 372 | there is no error in BN. Test should be ret == -1 (Ben) */ | ||
| 359 | if (ret != 1) DSAerr(DSA_F_DSA_DO_VERIFY,ERR_R_BN_LIB); | 373 | if (ret != 1) DSAerr(DSA_F_DSA_DO_VERIFY,ERR_R_BN_LIB); |
| 360 | if (ctx != NULL) BN_CTX_free(ctx); | 374 | if (ctx != NULL) BN_CTX_free(ctx); |
| 361 | BN_free(&u1); | 375 | BN_free(&u1); |
| @@ -373,21 +387,7 @@ static int dsa_init(DSA *dsa) | |||
| 373 | static int dsa_finish(DSA *dsa) | 387 | static int dsa_finish(DSA *dsa) |
| 374 | { | 388 | { |
| 375 | if(dsa->method_mont_p) | 389 | if(dsa->method_mont_p) |
| 376 | BN_MONT_CTX_free((BN_MONT_CTX *)dsa->method_mont_p); | 390 | BN_MONT_CTX_free(dsa->method_mont_p); |
| 377 | return(1); | 391 | return(1); |
| 378 | } | 392 | } |
| 379 | 393 | ||
| 380 | static int dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1, BIGNUM *p1, | ||
| 381 | BIGNUM *a2, BIGNUM *p2, BIGNUM *m, BN_CTX *ctx, | ||
| 382 | BN_MONT_CTX *in_mont) | ||
| 383 | { | ||
| 384 | return BN_mod_exp2_mont(rr, a1, p1, a2, p2, m, ctx, in_mont); | ||
| 385 | } | ||
| 386 | |||
| 387 | static int dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p, | ||
| 388 | const BIGNUM *m, BN_CTX *ctx, | ||
| 389 | BN_MONT_CTX *m_ctx) | ||
| 390 | { | ||
| 391 | return BN_mod_exp_mont(r, a, p, m, ctx, m_ctx); | ||
| 392 | } | ||
| 393 | #endif | ||
diff --git a/src/lib/libssl/src/crypto/dsa/dsa_sign.c b/src/lib/libssl/src/crypto/dsa/dsa_sign.c index 37c65efb20..89205026f0 100644 --- a/src/lib/libssl/src/crypto/dsa/dsa_sign.c +++ b/src/lib/libssl/src/crypto/dsa/dsa_sign.c | |||
| @@ -64,18 +64,9 @@ | |||
| 64 | #include <openssl/dsa.h> | 64 | #include <openssl/dsa.h> |
| 65 | #include <openssl/rand.h> | 65 | #include <openssl/rand.h> |
| 66 | #include <openssl/asn1.h> | 66 | #include <openssl/asn1.h> |
| 67 | #ifndef OPENSSL_NO_ENGINE | ||
| 68 | #include <openssl/engine.h> | ||
| 69 | #endif | ||
| 70 | #include <openssl/fips.h> | ||
| 71 | 67 | ||
| 72 | DSA_SIG * DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa) | 68 | DSA_SIG * DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa) |
| 73 | { | 69 | { |
| 74 | #ifdef OPENSSL_FIPS | ||
| 75 | if(FIPS_mode() && !(dsa->flags & DSA_FLAG_FIPS_EXTERNAL_METHOD_ALLOW) | ||
| 76 | && !FIPS_dsa_check(dsa)) | ||
| 77 | return NULL; | ||
| 78 | #endif | ||
| 79 | return dsa->meth->dsa_do_sign(dgst, dlen, dsa); | 70 | return dsa->meth->dsa_do_sign(dgst, dlen, dsa); |
| 80 | } | 71 | } |
| 81 | 72 | ||
| @@ -96,11 +87,6 @@ int DSA_sign(int type, const unsigned char *dgst, int dlen, unsigned char *sig, | |||
| 96 | 87 | ||
| 97 | int DSA_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp) | 88 | int DSA_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp) |
| 98 | { | 89 | { |
| 99 | #ifdef OPENSSL_FIPS | ||
| 100 | if(FIPS_mode() && !(dsa->flags & DSA_FLAG_FIPS_EXTERNAL_METHOD_ALLOW) | ||
| 101 | && !FIPS_dsa_check(dsa)) | ||
| 102 | return 0; | ||
| 103 | #endif | ||
| 104 | return dsa->meth->dsa_sign_setup(dsa, ctx_in, kinvp, rp); | 90 | return dsa->meth->dsa_sign_setup(dsa, ctx_in, kinvp, rp); |
| 105 | } | 91 | } |
| 106 | 92 | ||
diff --git a/src/lib/libssl/src/crypto/dsa/dsa_vrf.c b/src/lib/libssl/src/crypto/dsa/dsa_vrf.c index c9784bed48..c4aeddd056 100644 --- a/src/lib/libssl/src/crypto/dsa/dsa_vrf.c +++ b/src/lib/libssl/src/crypto/dsa/dsa_vrf.c | |||
| @@ -65,19 +65,10 @@ | |||
| 65 | #include <openssl/rand.h> | 65 | #include <openssl/rand.h> |
| 66 | #include <openssl/asn1.h> | 66 | #include <openssl/asn1.h> |
| 67 | #include <openssl/asn1_mac.h> | 67 | #include <openssl/asn1_mac.h> |
| 68 | #ifndef OPENSSL_NO_ENGINE | ||
| 69 | #include <openssl/engine.h> | ||
| 70 | #endif | ||
| 71 | #include <openssl/fips.h> | ||
| 72 | 68 | ||
| 73 | int DSA_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig, | 69 | int DSA_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig, |
| 74 | DSA *dsa) | 70 | DSA *dsa) |
| 75 | { | 71 | { |
| 76 | #ifdef OPENSSL_FIPS | ||
| 77 | if(FIPS_mode() && !(dsa->flags & DSA_FLAG_FIPS_EXTERNAL_METHOD_ALLOW) | ||
| 78 | && !FIPS_dsa_check(dsa)) | ||
| 79 | return -1; | ||
| 80 | #endif | ||
| 81 | return dsa->meth->dsa_do_verify(dgst, dgst_len, sig, dsa); | 72 | return dsa->meth->dsa_do_verify(dgst, dgst_len, sig, dsa); |
| 82 | } | 73 | } |
| 83 | 74 | ||
diff --git a/src/lib/libssl/src/crypto/dsa/dsatest.c b/src/lib/libssl/src/crypto/dsa/dsatest.c index 55a3756aff..912317bb44 100644 --- a/src/lib/libssl/src/crypto/dsa/dsatest.c +++ b/src/lib/libssl/src/crypto/dsa/dsatest.c | |||
| @@ -56,6 +56,12 @@ | |||
| 56 | * [including the GNU Public Licence.] | 56 | * [including the GNU Public Licence.] |
| 57 | */ | 57 | */ |
| 58 | 58 | ||
| 59 | /* Until the key-gen callbacks are modified to use newer prototypes, we allow | ||
| 60 | * deprecated functions for openssl-internal code */ | ||
| 61 | #ifdef OPENSSL_NO_DEPRECATED | ||
| 62 | #undef OPENSSL_NO_DEPRECATED | ||
| 63 | #endif | ||
| 64 | |||
| 59 | #include <stdio.h> | 65 | #include <stdio.h> |
| 60 | #include <stdlib.h> | 66 | #include <stdlib.h> |
| 61 | #include <string.h> | 67 | #include <string.h> |
| @@ -68,6 +74,7 @@ | |||
| 68 | #include <openssl/rand.h> | 74 | #include <openssl/rand.h> |
| 69 | #include <openssl/bio.h> | 75 | #include <openssl/bio.h> |
| 70 | #include <openssl/err.h> | 76 | #include <openssl/err.h> |
| 77 | #include <openssl/bn.h> | ||
| 71 | 78 | ||
| 72 | #ifdef OPENSSL_NO_DSA | 79 | #ifdef OPENSSL_NO_DSA |
| 73 | int main(int argc, char *argv[]) | 80 | int main(int argc, char *argv[]) |
| @@ -84,7 +91,7 @@ int main(int argc, char *argv[]) | |||
| 84 | #define MS_CALLBACK | 91 | #define MS_CALLBACK |
| 85 | #endif | 92 | #endif |
| 86 | 93 | ||
| 87 | static void MS_CALLBACK dsa_cb(int p, int n, void *arg); | 94 | static int MS_CALLBACK dsa_cb(int p, int n, BN_GENCB *arg); |
| 88 | 95 | ||
| 89 | /* seed, out_p, out_q, out_g are taken from the updated Appendix 5 to | 96 | /* seed, out_p, out_q, out_g are taken from the updated Appendix 5 to |
| 90 | * FIPS PUB 186 and also appear in Appendix 5 to FIPS PIB 186-1 */ | 97 | * FIPS PUB 186 and also appear in Appendix 5 to FIPS PIB 186-1 */ |
| @@ -129,6 +136,7 @@ static BIO *bio_err=NULL; | |||
| 129 | 136 | ||
| 130 | int main(int argc, char **argv) | 137 | int main(int argc, char **argv) |
| 131 | { | 138 | { |
| 139 | BN_GENCB cb; | ||
| 132 | DSA *dsa=NULL; | 140 | DSA *dsa=NULL; |
| 133 | int counter,ret=0,i,j; | 141 | int counter,ret=0,i,j; |
| 134 | unsigned char buf[256]; | 142 | unsigned char buf[256]; |
| @@ -148,7 +156,10 @@ int main(int argc, char **argv) | |||
| 148 | 156 | ||
| 149 | BIO_printf(bio_err,"test generation of DSA parameters\n"); | 157 | BIO_printf(bio_err,"test generation of DSA parameters\n"); |
| 150 | 158 | ||
| 151 | dsa=DSA_generate_parameters(512,seed,20,&counter,&h,dsa_cb,bio_err); | 159 | BN_GENCB_set(&cb, dsa_cb, bio_err); |
| 160 | if(((dsa = DSA_new()) == NULL) || !DSA_generate_parameters_ex(dsa, 512, | ||
| 161 | seed, 20, &counter, &h, &cb)) | ||
| 162 | goto end; | ||
| 152 | 163 | ||
| 153 | BIO_printf(bio_err,"seed\n"); | 164 | BIO_printf(bio_err,"seed\n"); |
| 154 | for (i=0; i<20; i+=4) | 165 | for (i=0; i<20; i+=4) |
| @@ -156,7 +167,7 @@ int main(int argc, char **argv) | |||
| 156 | BIO_printf(bio_err,"%02X%02X%02X%02X ", | 167 | BIO_printf(bio_err,"%02X%02X%02X%02X ", |
| 157 | seed[i],seed[i+1],seed[i+2],seed[i+3]); | 168 | seed[i],seed[i+1],seed[i+2],seed[i+3]); |
| 158 | } | 169 | } |
| 159 | BIO_printf(bio_err,"\ncounter=%d h=%d\n",counter,h); | 170 | BIO_printf(bio_err,"\ncounter=%d h=%ld\n",counter,h); |
| 160 | 171 | ||
| 161 | if (dsa == NULL) goto end; | 172 | if (dsa == NULL) goto end; |
| 162 | DSA_print(bio_err,dsa,0); | 173 | DSA_print(bio_err,dsa,0); |
| @@ -220,17 +231,14 @@ end: | |||
| 220 | BIO_free(bio_err); | 231 | BIO_free(bio_err); |
| 221 | bio_err = NULL; | 232 | bio_err = NULL; |
| 222 | } | 233 | } |
| 234 | #ifdef OPENSSL_SYS_NETWARE | ||
| 235 | if (!ret) printf("ERROR\n"); | ||
| 236 | #endif | ||
| 223 | EXIT(!ret); | 237 | EXIT(!ret); |
| 224 | return(0); | 238 | return(0); |
| 225 | } | 239 | } |
| 226 | 240 | ||
| 227 | static int cb_exit(int ec) | 241 | static int MS_CALLBACK dsa_cb(int p, int n, BN_GENCB *arg) |
| 228 | { | ||
| 229 | EXIT(ec); | ||
| 230 | return(0); /* To keep some compilers quiet */ | ||
| 231 | } | ||
| 232 | |||
| 233 | static void MS_CALLBACK dsa_cb(int p, int n, void *arg) | ||
| 234 | { | 242 | { |
| 235 | char c='*'; | 243 | char c='*'; |
| 236 | static int ok=0,num=0; | 244 | static int ok=0,num=0; |
| @@ -239,13 +247,14 @@ static void MS_CALLBACK dsa_cb(int p, int n, void *arg) | |||
| 239 | if (p == 1) c='+'; | 247 | if (p == 1) c='+'; |
| 240 | if (p == 2) { c='*'; ok++; } | 248 | if (p == 2) { c='*'; ok++; } |
| 241 | if (p == 3) c='\n'; | 249 | if (p == 3) c='\n'; |
| 242 | BIO_write(arg,&c,1); | 250 | BIO_write(arg->arg,&c,1); |
| 243 | (void)BIO_flush(arg); | 251 | (void)BIO_flush(arg->arg); |
| 244 | 252 | ||
| 245 | if (!ok && (p == 0) && (num > 1)) | 253 | if (!ok && (p == 0) && (num > 1)) |
| 246 | { | 254 | { |
| 247 | BIO_printf((BIO *)arg,"error in dsatest\n"); | 255 | BIO_printf((BIO *)arg,"error in dsatest\n"); |
| 248 | cb_exit(1); | 256 | return 0; |
| 249 | } | 257 | } |
| 258 | return 1; | ||
| 250 | } | 259 | } |
| 251 | #endif | 260 | #endif |
diff --git a/src/lib/libssl/src/crypto/dso/dso.h b/src/lib/libssl/src/crypto/dso/dso.h index aa721f7feb..3e51913a72 100644 --- a/src/lib/libssl/src/crypto/dso/dso.h +++ b/src/lib/libssl/src/crypto/dso/dso.h | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* dso.h */ | 1 | /* dso.h -*- mode:C; c-file-style: "eay" -*- */ |
| 2 | /* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL | 2 | /* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL |
| 3 | * project 2000. | 3 | * project 2000. |
| 4 | */ | 4 | */ |
| @@ -95,6 +95,13 @@ extern "C" { | |||
| 95 | */ | 95 | */ |
| 96 | #define DSO_FLAG_UPCASE_SYMBOL 0x10 | 96 | #define DSO_FLAG_UPCASE_SYMBOL 0x10 |
| 97 | 97 | ||
| 98 | /* This flag loads the library with public symbols. | ||
| 99 | * Meaning: The exported symbols of this library are public | ||
| 100 | * to all libraries loaded after this library. | ||
| 101 | * At the moment only implemented in unix. | ||
| 102 | */ | ||
| 103 | #define DSO_FLAG_GLOBAL_SYMBOLS 0x20 | ||
| 104 | |||
| 98 | 105 | ||
| 99 | typedef void (*DSO_FUNC_TYPE)(void); | 106 | typedef void (*DSO_FUNC_TYPE)(void); |
| 100 | 107 | ||
| @@ -107,6 +114,22 @@ typedef struct dso_st DSO; | |||
| 107 | * condition) or a newly allocated string containing the transformed form that | 114 | * condition) or a newly allocated string containing the transformed form that |
| 108 | * the caller will need to free with OPENSSL_free() when done. */ | 115 | * the caller will need to free with OPENSSL_free() when done. */ |
| 109 | typedef char* (*DSO_NAME_CONVERTER_FUNC)(DSO *, const char *); | 116 | typedef char* (*DSO_NAME_CONVERTER_FUNC)(DSO *, const char *); |
| 117 | /* The function prototype used for method functions (or caller-provided | ||
| 118 | * callbacks) that merge two file specifications. They are passed a | ||
| 119 | * DSO structure pointer (or NULL if they are to be used independantly of | ||
| 120 | * a DSO object) and two file specifications to merge. They should | ||
| 121 | * either return NULL (if there is an error condition) or a newly allocated | ||
| 122 | * string containing the result of merging that the caller will need | ||
| 123 | * to free with OPENSSL_free() when done. | ||
| 124 | * Here, merging means that bits and pieces are taken from each of the | ||
| 125 | * file specifications and added together in whatever fashion that is | ||
| 126 | * sensible for the DSO method in question. The only rule that really | ||
| 127 | * applies is that if the two specification contain pieces of the same | ||
| 128 | * type, the copy from the first string takes priority. One could see | ||
| 129 | * it as the first specification is the one given by the user and the | ||
| 130 | * second being a bunch of defaults to add on if they're missing in the | ||
| 131 | * first. */ | ||
| 132 | typedef char* (*DSO_MERGER_FUNC)(DSO *, const char *, const char *); | ||
| 110 | 133 | ||
| 111 | typedef struct dso_meth_st | 134 | typedef struct dso_meth_st |
| 112 | { | 135 | { |
| @@ -140,6 +163,9 @@ typedef struct dso_meth_st | |||
| 140 | /* The default DSO_METHOD-specific function for converting filenames to | 163 | /* The default DSO_METHOD-specific function for converting filenames to |
| 141 | * a canonical native form. */ | 164 | * a canonical native form. */ |
| 142 | DSO_NAME_CONVERTER_FUNC dso_name_converter; | 165 | DSO_NAME_CONVERTER_FUNC dso_name_converter; |
| 166 | /* The default DSO_METHOD-specific function for converting filenames to | ||
| 167 | * a canonical native form. */ | ||
| 168 | DSO_MERGER_FUNC dso_merger; | ||
| 143 | 169 | ||
| 144 | /* [De]Initialisation handlers. */ | 170 | /* [De]Initialisation handlers. */ |
| 145 | int (*init)(DSO *dso); | 171 | int (*init)(DSO *dso); |
| @@ -164,9 +190,13 @@ struct dso_st | |||
| 164 | * don't touch meth_data! */ | 190 | * don't touch meth_data! */ |
| 165 | CRYPTO_EX_DATA ex_data; | 191 | CRYPTO_EX_DATA ex_data; |
| 166 | /* If this callback function pointer is set to non-NULL, then it will | 192 | /* If this callback function pointer is set to non-NULL, then it will |
| 167 | * be used on DSO_load() in place of meth->dso_name_converter. NB: This | 193 | * be used in DSO_load() in place of meth->dso_name_converter. NB: This |
| 168 | * should normally set using DSO_set_name_converter(). */ | 194 | * should normally set using DSO_set_name_converter(). */ |
| 169 | DSO_NAME_CONVERTER_FUNC name_converter; | 195 | DSO_NAME_CONVERTER_FUNC name_converter; |
| 196 | /* If this callback function pointer is set to non-NULL, then it will | ||
| 197 | * be used in DSO_load() in place of meth->dso_merger. NB: This | ||
| 198 | * should normally set using DSO_set_merger(). */ | ||
| 199 | DSO_MERGER_FUNC merger; | ||
| 170 | /* This is populated with (a copy of) the platform-independant | 200 | /* This is populated with (a copy of) the platform-independant |
| 171 | * filename used for this DSO. */ | 201 | * filename used for this DSO. */ |
| 172 | char *filename; | 202 | char *filename; |
| @@ -209,6 +239,11 @@ int DSO_set_filename(DSO *dso, const char *filename); | |||
| 209 | * caller-created DSO_METHODs can do the same thing. A non-NULL return value | 239 | * caller-created DSO_METHODs can do the same thing. A non-NULL return value |
| 210 | * will need to be OPENSSL_free()'d. */ | 240 | * will need to be OPENSSL_free()'d. */ |
| 211 | char *DSO_convert_filename(DSO *dso, const char *filename); | 241 | char *DSO_convert_filename(DSO *dso, const char *filename); |
| 242 | /* This function will invoke the DSO's merger callback to merge two file | ||
| 243 | * specifications, or if the callback isn't set it will instead use the | ||
| 244 | * DSO_METHOD's merger. A non-NULL return value will need to be | ||
| 245 | * OPENSSL_free()'d. */ | ||
| 246 | char *DSO_merge(DSO *dso, const char *filespec1, const char *filespec2); | ||
| 212 | /* If the DSO is currently loaded, this returns the filename that it was loaded | 247 | /* If the DSO is currently loaded, this returns the filename that it was loaded |
| 213 | * under, otherwise it returns NULL. So it is also useful as a test as to | 248 | * under, otherwise it returns NULL. So it is also useful as a test as to |
| 214 | * whether the DSO is currently loaded. NB: This will not necessarily return | 249 | * whether the DSO is currently loaded. NB: This will not necessarily return |
| @@ -273,11 +308,13 @@ void ERR_load_DSO_strings(void); | |||
| 273 | #define DSO_F_DLFCN_BIND_FUNC 100 | 308 | #define DSO_F_DLFCN_BIND_FUNC 100 |
| 274 | #define DSO_F_DLFCN_BIND_VAR 101 | 309 | #define DSO_F_DLFCN_BIND_VAR 101 |
| 275 | #define DSO_F_DLFCN_LOAD 102 | 310 | #define DSO_F_DLFCN_LOAD 102 |
| 311 | #define DSO_F_DLFCN_MERGER 130 | ||
| 276 | #define DSO_F_DLFCN_NAME_CONVERTER 123 | 312 | #define DSO_F_DLFCN_NAME_CONVERTER 123 |
| 277 | #define DSO_F_DLFCN_UNLOAD 103 | 313 | #define DSO_F_DLFCN_UNLOAD 103 |
| 278 | #define DSO_F_DL_BIND_FUNC 104 | 314 | #define DSO_F_DL_BIND_FUNC 104 |
| 279 | #define DSO_F_DL_BIND_VAR 105 | 315 | #define DSO_F_DL_BIND_VAR 105 |
| 280 | #define DSO_F_DL_LOAD 106 | 316 | #define DSO_F_DL_LOAD 106 |
| 317 | #define DSO_F_DL_MERGER 131 | ||
| 281 | #define DSO_F_DL_NAME_CONVERTER 124 | 318 | #define DSO_F_DL_NAME_CONVERTER 124 |
| 282 | #define DSO_F_DL_UNLOAD 107 | 319 | #define DSO_F_DL_UNLOAD 107 |
| 283 | #define DSO_F_DSO_BIND_FUNC 108 | 320 | #define DSO_F_DSO_BIND_FUNC 108 |
| @@ -288,27 +325,36 @@ void ERR_load_DSO_strings(void); | |||
| 288 | #define DSO_F_DSO_GET_FILENAME 127 | 325 | #define DSO_F_DSO_GET_FILENAME 127 |
| 289 | #define DSO_F_DSO_GET_LOADED_FILENAME 128 | 326 | #define DSO_F_DSO_GET_LOADED_FILENAME 128 |
| 290 | #define DSO_F_DSO_LOAD 112 | 327 | #define DSO_F_DSO_LOAD 112 |
| 328 | #define DSO_F_DSO_MERGE 132 | ||
| 291 | #define DSO_F_DSO_NEW_METHOD 113 | 329 | #define DSO_F_DSO_NEW_METHOD 113 |
| 292 | #define DSO_F_DSO_SET_FILENAME 129 | 330 | #define DSO_F_DSO_SET_FILENAME 129 |
| 293 | #define DSO_F_DSO_SET_NAME_CONVERTER 122 | 331 | #define DSO_F_DSO_SET_NAME_CONVERTER 122 |
| 294 | #define DSO_F_DSO_UP_REF 114 | 332 | #define DSO_F_DSO_UP_REF 114 |
| 295 | #define DSO_F_VMS_BIND_VAR 115 | 333 | #define DSO_F_VMS_BIND_SYM 115 |
| 296 | #define DSO_F_VMS_LOAD 116 | 334 | #define DSO_F_VMS_LOAD 116 |
| 335 | #define DSO_F_VMS_MERGER 133 | ||
| 297 | #define DSO_F_VMS_UNLOAD 117 | 336 | #define DSO_F_VMS_UNLOAD 117 |
| 298 | #define DSO_F_WIN32_BIND_FUNC 118 | 337 | #define DSO_F_WIN32_BIND_FUNC 118 |
| 299 | #define DSO_F_WIN32_BIND_VAR 119 | 338 | #define DSO_F_WIN32_BIND_VAR 119 |
| 339 | #define DSO_F_WIN32_JOINER 135 | ||
| 300 | #define DSO_F_WIN32_LOAD 120 | 340 | #define DSO_F_WIN32_LOAD 120 |
| 341 | #define DSO_F_WIN32_MERGER 134 | ||
| 301 | #define DSO_F_WIN32_NAME_CONVERTER 125 | 342 | #define DSO_F_WIN32_NAME_CONVERTER 125 |
| 343 | #define DSO_F_WIN32_SPLITTER 136 | ||
| 302 | #define DSO_F_WIN32_UNLOAD 121 | 344 | #define DSO_F_WIN32_UNLOAD 121 |
| 303 | 345 | ||
| 304 | /* Reason codes. */ | 346 | /* Reason codes. */ |
| 305 | #define DSO_R_CTRL_FAILED 100 | 347 | #define DSO_R_CTRL_FAILED 100 |
| 306 | #define DSO_R_DSO_ALREADY_LOADED 110 | 348 | #define DSO_R_DSO_ALREADY_LOADED 110 |
| 349 | #define DSO_R_EMPTY_FILE_STRUCTURE 113 | ||
| 350 | #define DSO_R_FAILURE 114 | ||
| 307 | #define DSO_R_FILENAME_TOO_BIG 101 | 351 | #define DSO_R_FILENAME_TOO_BIG 101 |
| 308 | #define DSO_R_FINISH_FAILED 102 | 352 | #define DSO_R_FINISH_FAILED 102 |
| 353 | #define DSO_R_INCORRECT_FILE_SYNTAX 115 | ||
| 309 | #define DSO_R_LOAD_FAILED 103 | 354 | #define DSO_R_LOAD_FAILED 103 |
| 310 | #define DSO_R_NAME_TRANSLATION_FAILED 109 | 355 | #define DSO_R_NAME_TRANSLATION_FAILED 109 |
| 311 | #define DSO_R_NO_FILENAME 111 | 356 | #define DSO_R_NO_FILENAME 111 |
| 357 | #define DSO_R_NO_FILE_SPECIFICATION 116 | ||
| 312 | #define DSO_R_NULL_HANDLE 104 | 358 | #define DSO_R_NULL_HANDLE 104 |
| 313 | #define DSO_R_SET_FILENAME_FAILED 112 | 359 | #define DSO_R_SET_FILENAME_FAILED 112 |
| 314 | #define DSO_R_STACK_ERROR 105 | 360 | #define DSO_R_STACK_ERROR 105 |
diff --git a/src/lib/libssl/src/crypto/dso/dso_dl.c b/src/lib/libssl/src/crypto/dso/dso_dl.c index f7b4dfc0c3..417abb6ea9 100644 --- a/src/lib/libssl/src/crypto/dso/dso_dl.c +++ b/src/lib/libssl/src/crypto/dso/dso_dl.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* dso_dl.c */ | 1 | /* dso_dl.c -*- mode:C; c-file-style: "eay" -*- */ |
| 2 | /* Written by Richard Levitte (richard@levitte.org) for the OpenSSL | 2 | /* Written by Richard Levitte (richard@levitte.org) for the OpenSSL |
| 3 | * project 2000. | 3 | * project 2000. |
| 4 | */ | 4 | */ |
| @@ -84,6 +84,7 @@ static int dl_finish(DSO *dso); | |||
| 84 | static int dl_ctrl(DSO *dso, int cmd, long larg, void *parg); | 84 | static int dl_ctrl(DSO *dso, int cmd, long larg, void *parg); |
| 85 | #endif | 85 | #endif |
| 86 | static char *dl_name_converter(DSO *dso, const char *filename); | 86 | static char *dl_name_converter(DSO *dso, const char *filename); |
| 87 | static char *dl_merger(DSO *dso, const char *filespec1, const char *filespec2); | ||
| 87 | 88 | ||
| 88 | static DSO_METHOD dso_meth_dl = { | 89 | static DSO_METHOD dso_meth_dl = { |
| 89 | "OpenSSL 'dl' shared library method", | 90 | "OpenSSL 'dl' shared library method", |
| @@ -98,6 +99,7 @@ static DSO_METHOD dso_meth_dl = { | |||
| 98 | #endif | 99 | #endif |
| 99 | NULL, /* ctrl */ | 100 | NULL, /* ctrl */ |
| 100 | dl_name_converter, | 101 | dl_name_converter, |
| 102 | dl_merger, | ||
| 101 | NULL, /* init */ | 103 | NULL, /* init */ |
| 102 | NULL /* finish */ | 104 | NULL /* finish */ |
| 103 | }; | 105 | }; |
| @@ -239,6 +241,72 @@ static DSO_FUNC_TYPE dl_bind_func(DSO *dso, const char *symname) | |||
| 239 | return((DSO_FUNC_TYPE)sym); | 241 | return((DSO_FUNC_TYPE)sym); |
| 240 | } | 242 | } |
| 241 | 243 | ||
| 244 | static char *dl_merger(DSO *dso, const char *filespec1, const char *filespec2) | ||
| 245 | { | ||
| 246 | char *merged; | ||
| 247 | |||
| 248 | if(!filespec1 && !filespec2) | ||
| 249 | { | ||
| 250 | DSOerr(DSO_F_DL_MERGER, | ||
| 251 | ERR_R_PASSED_NULL_PARAMETER); | ||
| 252 | return(NULL); | ||
| 253 | } | ||
| 254 | /* If the first file specification is a rooted path, it rules. | ||
| 255 | same goes if the second file specification is missing. */ | ||
| 256 | if (!filespec2 || filespec1[0] == '/') | ||
| 257 | { | ||
| 258 | merged = OPENSSL_malloc(strlen(filespec1) + 1); | ||
| 259 | if(!merged) | ||
| 260 | { | ||
| 261 | DSOerr(DSO_F_DL_MERGER, | ||
| 262 | ERR_R_MALLOC_FAILURE); | ||
| 263 | return(NULL); | ||
| 264 | } | ||
| 265 | strcpy(merged, filespec1); | ||
| 266 | } | ||
| 267 | /* If the first file specification is missing, the second one rules. */ | ||
| 268 | else if (!filespec1) | ||
| 269 | { | ||
| 270 | merged = OPENSSL_malloc(strlen(filespec2) + 1); | ||
| 271 | if(!merged) | ||
| 272 | { | ||
| 273 | DSOerr(DSO_F_DL_MERGER, | ||
| 274 | ERR_R_MALLOC_FAILURE); | ||
| 275 | return(NULL); | ||
| 276 | } | ||
| 277 | strcpy(merged, filespec2); | ||
| 278 | } | ||
| 279 | else | ||
| 280 | /* This part isn't as trivial as it looks. It assumes that | ||
| 281 | the second file specification really is a directory, and | ||
| 282 | makes no checks whatsoever. Therefore, the result becomes | ||
| 283 | the concatenation of filespec2 followed by a slash followed | ||
| 284 | by filespec1. */ | ||
| 285 | { | ||
| 286 | int spec2len, len; | ||
| 287 | |||
| 288 | spec2len = (filespec2 ? strlen(filespec2) : 0); | ||
| 289 | len = spec2len + (filespec1 ? strlen(filespec1) : 0); | ||
| 290 | |||
| 291 | if(filespec2 && filespec2[spec2len - 1] == '/') | ||
| 292 | { | ||
| 293 | spec2len--; | ||
| 294 | len--; | ||
| 295 | } | ||
| 296 | merged = OPENSSL_malloc(len + 2); | ||
| 297 | if(!merged) | ||
| 298 | { | ||
| 299 | DSOerr(DSO_F_DL_MERGER, | ||
| 300 | ERR_R_MALLOC_FAILURE); | ||
| 301 | return(NULL); | ||
| 302 | } | ||
| 303 | strcpy(merged, filespec2); | ||
| 304 | merged[spec2len] = '/'; | ||
| 305 | strcpy(&merged[spec2len + 1], filespec1); | ||
| 306 | } | ||
| 307 | return(merged); | ||
| 308 | } | ||
| 309 | |||
| 242 | /* This function is identical to the one in dso_dlfcn.c, but as it is highly | 310 | /* This function is identical to the one in dso_dlfcn.c, but as it is highly |
| 243 | * unlikely that both the "dl" *and* "dlfcn" variants are being compiled at the | 311 | * unlikely that both the "dl" *and* "dlfcn" variants are being compiled at the |
| 244 | * same time, there's no great duplicating the code. Figuring out an elegant | 312 | * same time, there's no great duplicating the code. Figuring out an elegant |
| @@ -282,36 +350,4 @@ static char *dl_name_converter(DSO *dso, const char *filename) | |||
| 282 | return(translated); | 350 | return(translated); |
| 283 | } | 351 | } |
| 284 | 352 | ||
| 285 | #ifdef OPENSSL_FIPS | ||
| 286 | static void dl_ref_point(){} | ||
| 287 | |||
| 288 | int DSO_pathbyaddr(void *addr,char *path,int sz) | ||
| 289 | { | ||
| 290 | struct shl_descriptor inf; | ||
| 291 | int i,len; | ||
| 292 | |||
| 293 | if (addr == NULL) | ||
| 294 | { | ||
| 295 | union { void(*f)(); void *p; } t = { dl_ref_point }; | ||
| 296 | addr = t.p; | ||
| 297 | } | ||
| 298 | |||
| 299 | for (i=-1;shl_get_r(i,&inf)==0;i++) | ||
| 300 | { | ||
| 301 | if (((size_t)addr >= inf.tstart && (size_t)addr < inf.tend) || | ||
| 302 | ((size_t)addr >= inf.dstart && (size_t)addr < inf.dend)) | ||
| 303 | { | ||
| 304 | len = (int)strlen(inf.filename); | ||
| 305 | if (sz <= 0) return len+1; | ||
| 306 | if (len >= sz) len=sz-1; | ||
| 307 | memcpy(path,inf.filename,len); | ||
| 308 | path[len++] = 0; | ||
| 309 | return len; | ||
| 310 | } | ||
| 311 | } | ||
| 312 | |||
| 313 | return -1; | ||
| 314 | } | ||
| 315 | #endif | ||
| 316 | |||
| 317 | #endif /* DSO_DL */ | 353 | #endif /* DSO_DL */ |
diff --git a/src/lib/libssl/src/crypto/dso/dso_dlfcn.c b/src/lib/libssl/src/crypto/dso/dso_dlfcn.c index d48b4202f2..f734c1c6b7 100644 --- a/src/lib/libssl/src/crypto/dso/dso_dlfcn.c +++ b/src/lib/libssl/src/crypto/dso/dso_dlfcn.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* dso_dlfcn.c */ | 1 | /* dso_dlfcn.c -*- mode:C; c-file-style: "eay" -*- */ |
| 2 | /* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL | 2 | /* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL |
| 3 | * project 2000. | 3 | * project 2000. |
| 4 | */ | 4 | */ |
| @@ -56,10 +56,6 @@ | |||
| 56 | * | 56 | * |
| 57 | */ | 57 | */ |
| 58 | 58 | ||
| 59 | #ifdef __linux | ||
| 60 | #define _GNU_SOURCE | ||
| 61 | #endif | ||
| 62 | |||
| 63 | #include <stdio.h> | 59 | #include <stdio.h> |
| 64 | #include "cryptlib.h" | 60 | #include "cryptlib.h" |
| 65 | #include <openssl/dso.h> | 61 | #include <openssl/dso.h> |
| @@ -89,6 +85,8 @@ static int dlfcn_finish(DSO *dso); | |||
| 89 | static long dlfcn_ctrl(DSO *dso, int cmd, long larg, void *parg); | 85 | static long dlfcn_ctrl(DSO *dso, int cmd, long larg, void *parg); |
| 90 | #endif | 86 | #endif |
| 91 | static char *dlfcn_name_converter(DSO *dso, const char *filename); | 87 | static char *dlfcn_name_converter(DSO *dso, const char *filename); |
| 88 | static char *dlfcn_merger(DSO *dso, const char *filespec1, | ||
| 89 | const char *filespec2); | ||
| 92 | 90 | ||
| 93 | static DSO_METHOD dso_meth_dlfcn = { | 91 | static DSO_METHOD dso_meth_dlfcn = { |
| 94 | "OpenSSL 'dlfcn' shared library method", | 92 | "OpenSSL 'dlfcn' shared library method", |
| @@ -103,6 +101,7 @@ static DSO_METHOD dso_meth_dlfcn = { | |||
| 103 | #endif | 101 | #endif |
| 104 | NULL, /* ctrl */ | 102 | NULL, /* ctrl */ |
| 105 | dlfcn_name_converter, | 103 | dlfcn_name_converter, |
| 104 | dlfcn_merger, | ||
| 106 | NULL, /* init */ | 105 | NULL, /* init */ |
| 107 | NULL /* finish */ | 106 | NULL /* finish */ |
| 108 | }; | 107 | }; |
| @@ -145,13 +144,19 @@ static int dlfcn_load(DSO *dso) | |||
| 145 | void *ptr = NULL; | 144 | void *ptr = NULL; |
| 146 | /* See applicable comments in dso_dl.c */ | 145 | /* See applicable comments in dso_dl.c */ |
| 147 | char *filename = DSO_convert_filename(dso, NULL); | 146 | char *filename = DSO_convert_filename(dso, NULL); |
| 147 | int flags = DLOPEN_FLAG; | ||
| 148 | 148 | ||
| 149 | if(filename == NULL) | 149 | if(filename == NULL) |
| 150 | { | 150 | { |
| 151 | DSOerr(DSO_F_DLFCN_LOAD,DSO_R_NO_FILENAME); | 151 | DSOerr(DSO_F_DLFCN_LOAD,DSO_R_NO_FILENAME); |
| 152 | goto err; | 152 | goto err; |
| 153 | } | 153 | } |
| 154 | ptr = dlopen(filename, DLOPEN_FLAG); | 154 | |
| 155 | #ifdef RTLD_GLOBAL | ||
| 156 | if (dso->flags & DSO_FLAG_GLOBAL_SYMBOLS) | ||
| 157 | flags |= RTLD_GLOBAL; | ||
| 158 | #endif | ||
| 159 | ptr = dlopen(filename, flags); | ||
| 155 | if(ptr == NULL) | 160 | if(ptr == NULL) |
| 156 | { | 161 | { |
| 157 | DSOerr(DSO_F_DLFCN_LOAD,DSO_R_LOAD_FAILED); | 162 | DSOerr(DSO_F_DLFCN_LOAD,DSO_R_LOAD_FAILED); |
| @@ -250,7 +255,7 @@ static DSO_FUNC_TYPE dlfcn_bind_func(DSO *dso, const char *symname) | |||
| 250 | DSOerr(DSO_F_DLFCN_BIND_FUNC,DSO_R_NULL_HANDLE); | 255 | DSOerr(DSO_F_DLFCN_BIND_FUNC,DSO_R_NULL_HANDLE); |
| 251 | return(NULL); | 256 | return(NULL); |
| 252 | } | 257 | } |
| 253 | *(void**)(tsym) = dlsym(ptr, symname); | 258 | *(void **)(tsym) = dlsym(ptr, symname); |
| 254 | if(sym == NULL) | 259 | if(sym == NULL) |
| 255 | { | 260 | { |
| 256 | DSOerr(DSO_F_DLFCN_BIND_FUNC,DSO_R_SYM_FAILURE); | 261 | DSOerr(DSO_F_DLFCN_BIND_FUNC,DSO_R_SYM_FAILURE); |
| @@ -260,6 +265,73 @@ static DSO_FUNC_TYPE dlfcn_bind_func(DSO *dso, const char *symname) | |||
| 260 | return(sym); | 265 | return(sym); |
| 261 | } | 266 | } |
| 262 | 267 | ||
| 268 | static char *dlfcn_merger(DSO *dso, const char *filespec1, | ||
| 269 | const char *filespec2) | ||
| 270 | { | ||
| 271 | char *merged; | ||
| 272 | |||
| 273 | if(!filespec1 && !filespec2) | ||
| 274 | { | ||
| 275 | DSOerr(DSO_F_DLFCN_MERGER, | ||
| 276 | ERR_R_PASSED_NULL_PARAMETER); | ||
| 277 | return(NULL); | ||
| 278 | } | ||
| 279 | /* If the first file specification is a rooted path, it rules. | ||
| 280 | same goes if the second file specification is missing. */ | ||
| 281 | if (!filespec2 || filespec1[0] == '/') | ||
| 282 | { | ||
| 283 | merged = OPENSSL_malloc(strlen(filespec1) + 1); | ||
| 284 | if(!merged) | ||
| 285 | { | ||
| 286 | DSOerr(DSO_F_DLFCN_MERGER, | ||
| 287 | ERR_R_MALLOC_FAILURE); | ||
| 288 | return(NULL); | ||
| 289 | } | ||
| 290 | strcpy(merged, filespec1); | ||
| 291 | } | ||
| 292 | /* If the first file specification is missing, the second one rules. */ | ||
| 293 | else if (!filespec1) | ||
| 294 | { | ||
| 295 | merged = OPENSSL_malloc(strlen(filespec2) + 1); | ||
| 296 | if(!merged) | ||
| 297 | { | ||
| 298 | DSOerr(DSO_F_DLFCN_MERGER, | ||
| 299 | ERR_R_MALLOC_FAILURE); | ||
| 300 | return(NULL); | ||
| 301 | } | ||
| 302 | strcpy(merged, filespec2); | ||
| 303 | } | ||
| 304 | else | ||
| 305 | /* This part isn't as trivial as it looks. It assumes that | ||
| 306 | the second file specification really is a directory, and | ||
| 307 | makes no checks whatsoever. Therefore, the result becomes | ||
| 308 | the concatenation of filespec2 followed by a slash followed | ||
| 309 | by filespec1. */ | ||
| 310 | { | ||
| 311 | int spec2len, len; | ||
| 312 | |||
| 313 | spec2len = (filespec2 ? strlen(filespec2) : 0); | ||
| 314 | len = spec2len + (filespec1 ? strlen(filespec1) : 0); | ||
| 315 | |||
| 316 | if(filespec2 && filespec2[spec2len - 1] == '/') | ||
| 317 | { | ||
| 318 | spec2len--; | ||
| 319 | len--; | ||
| 320 | } | ||
| 321 | merged = OPENSSL_malloc(len + 2); | ||
| 322 | if(!merged) | ||
| 323 | { | ||
| 324 | DSOerr(DSO_F_DLFCN_MERGER, | ||
| 325 | ERR_R_MALLOC_FAILURE); | ||
| 326 | return(NULL); | ||
| 327 | } | ||
| 328 | strcpy(merged, filespec2); | ||
| 329 | merged[spec2len] = '/'; | ||
| 330 | strcpy(&merged[spec2len + 1], filespec1); | ||
| 331 | } | ||
| 332 | return(merged); | ||
| 333 | } | ||
| 334 | |||
| 263 | static char *dlfcn_name_converter(DSO *dso, const char *filename) | 335 | static char *dlfcn_name_converter(DSO *dso, const char *filename) |
| 264 | { | 336 | { |
| 265 | char *translated; | 337 | char *translated; |
| @@ -294,32 +366,4 @@ static char *dlfcn_name_converter(DSO *dso, const char *filename) | |||
| 294 | return(translated); | 366 | return(translated); |
| 295 | } | 367 | } |
| 296 | 368 | ||
| 297 | #ifdef OPENSSL_FIPS | ||
| 298 | static void dlfcn_ref_point(){} | ||
| 299 | |||
| 300 | int DSO_pathbyaddr(void *addr,char *path,int sz) | ||
| 301 | { | ||
| 302 | Dl_info dli; | ||
| 303 | int len; | ||
| 304 | |||
| 305 | if (addr == NULL) | ||
| 306 | { | ||
| 307 | union { void(*f)(void); void *p; } t = { dlfcn_ref_point }; | ||
| 308 | addr = t.p; | ||
| 309 | } | ||
| 310 | |||
| 311 | if (dladdr(addr,&dli)) | ||
| 312 | { | ||
| 313 | len = (int)strlen(dli.dli_fname); | ||
| 314 | if (sz <= 0) return len+1; | ||
| 315 | if (len >= sz) len=sz-1; | ||
| 316 | memcpy(path,dli.dli_fname,len); | ||
| 317 | path[len++]=0; | ||
| 318 | return len; | ||
| 319 | } | ||
| 320 | |||
| 321 | ERR_add_error_data(4, "dlfcn_pathbyaddr(): ", dlerror()); | ||
| 322 | return -1; | ||
| 323 | } | ||
| 324 | #endif | ||
| 325 | #endif /* DSO_DLFCN */ | 369 | #endif /* DSO_DLFCN */ |
diff --git a/src/lib/libssl/src/crypto/dso/dso_err.c b/src/lib/libssl/src/crypto/dso/dso_err.c index 581677cc36..a8b0a210de 100644 --- a/src/lib/libssl/src/crypto/dso/dso_err.c +++ b/src/lib/libssl/src/crypto/dso/dso_err.c | |||
| @@ -73,11 +73,13 @@ static ERR_STRING_DATA DSO_str_functs[]= | |||
| 73 | {ERR_FUNC(DSO_F_DLFCN_BIND_FUNC), "DLFCN_BIND_FUNC"}, | 73 | {ERR_FUNC(DSO_F_DLFCN_BIND_FUNC), "DLFCN_BIND_FUNC"}, |
| 74 | {ERR_FUNC(DSO_F_DLFCN_BIND_VAR), "DLFCN_BIND_VAR"}, | 74 | {ERR_FUNC(DSO_F_DLFCN_BIND_VAR), "DLFCN_BIND_VAR"}, |
| 75 | {ERR_FUNC(DSO_F_DLFCN_LOAD), "DLFCN_LOAD"}, | 75 | {ERR_FUNC(DSO_F_DLFCN_LOAD), "DLFCN_LOAD"}, |
| 76 | {ERR_FUNC(DSO_F_DLFCN_MERGER), "DLFCN_MERGER"}, | ||
| 76 | {ERR_FUNC(DSO_F_DLFCN_NAME_CONVERTER), "DLFCN_NAME_CONVERTER"}, | 77 | {ERR_FUNC(DSO_F_DLFCN_NAME_CONVERTER), "DLFCN_NAME_CONVERTER"}, |
| 77 | {ERR_FUNC(DSO_F_DLFCN_UNLOAD), "DLFCN_UNLOAD"}, | 78 | {ERR_FUNC(DSO_F_DLFCN_UNLOAD), "DLFCN_UNLOAD"}, |
| 78 | {ERR_FUNC(DSO_F_DL_BIND_FUNC), "DL_BIND_FUNC"}, | 79 | {ERR_FUNC(DSO_F_DL_BIND_FUNC), "DL_BIND_FUNC"}, |
| 79 | {ERR_FUNC(DSO_F_DL_BIND_VAR), "DL_BIND_VAR"}, | 80 | {ERR_FUNC(DSO_F_DL_BIND_VAR), "DL_BIND_VAR"}, |
| 80 | {ERR_FUNC(DSO_F_DL_LOAD), "DL_LOAD"}, | 81 | {ERR_FUNC(DSO_F_DL_LOAD), "DL_LOAD"}, |
| 82 | {ERR_FUNC(DSO_F_DL_MERGER), "DL_MERGER"}, | ||
| 81 | {ERR_FUNC(DSO_F_DL_NAME_CONVERTER), "DL_NAME_CONVERTER"}, | 83 | {ERR_FUNC(DSO_F_DL_NAME_CONVERTER), "DL_NAME_CONVERTER"}, |
| 82 | {ERR_FUNC(DSO_F_DL_UNLOAD), "DL_UNLOAD"}, | 84 | {ERR_FUNC(DSO_F_DL_UNLOAD), "DL_UNLOAD"}, |
| 83 | {ERR_FUNC(DSO_F_DSO_BIND_FUNC), "DSO_bind_func"}, | 85 | {ERR_FUNC(DSO_F_DSO_BIND_FUNC), "DSO_bind_func"}, |
| @@ -88,17 +90,22 @@ static ERR_STRING_DATA DSO_str_functs[]= | |||
| 88 | {ERR_FUNC(DSO_F_DSO_GET_FILENAME), "DSO_get_filename"}, | 90 | {ERR_FUNC(DSO_F_DSO_GET_FILENAME), "DSO_get_filename"}, |
| 89 | {ERR_FUNC(DSO_F_DSO_GET_LOADED_FILENAME), "DSO_get_loaded_filename"}, | 91 | {ERR_FUNC(DSO_F_DSO_GET_LOADED_FILENAME), "DSO_get_loaded_filename"}, |
| 90 | {ERR_FUNC(DSO_F_DSO_LOAD), "DSO_load"}, | 92 | {ERR_FUNC(DSO_F_DSO_LOAD), "DSO_load"}, |
| 93 | {ERR_FUNC(DSO_F_DSO_MERGE), "DSO_merge"}, | ||
| 91 | {ERR_FUNC(DSO_F_DSO_NEW_METHOD), "DSO_new_method"}, | 94 | {ERR_FUNC(DSO_F_DSO_NEW_METHOD), "DSO_new_method"}, |
| 92 | {ERR_FUNC(DSO_F_DSO_SET_FILENAME), "DSO_set_filename"}, | 95 | {ERR_FUNC(DSO_F_DSO_SET_FILENAME), "DSO_set_filename"}, |
| 93 | {ERR_FUNC(DSO_F_DSO_SET_NAME_CONVERTER), "DSO_set_name_converter"}, | 96 | {ERR_FUNC(DSO_F_DSO_SET_NAME_CONVERTER), "DSO_set_name_converter"}, |
| 94 | {ERR_FUNC(DSO_F_DSO_UP_REF), "DSO_up_ref"}, | 97 | {ERR_FUNC(DSO_F_DSO_UP_REF), "DSO_up_ref"}, |
| 95 | {ERR_FUNC(DSO_F_VMS_BIND_VAR), "VMS_BIND_VAR"}, | 98 | {ERR_FUNC(DSO_F_VMS_BIND_SYM), "VMS_BIND_SYM"}, |
| 96 | {ERR_FUNC(DSO_F_VMS_LOAD), "VMS_LOAD"}, | 99 | {ERR_FUNC(DSO_F_VMS_LOAD), "VMS_LOAD"}, |
| 100 | {ERR_FUNC(DSO_F_VMS_MERGER), "VMS_MERGER"}, | ||
| 97 | {ERR_FUNC(DSO_F_VMS_UNLOAD), "VMS_UNLOAD"}, | 101 | {ERR_FUNC(DSO_F_VMS_UNLOAD), "VMS_UNLOAD"}, |
| 98 | {ERR_FUNC(DSO_F_WIN32_BIND_FUNC), "WIN32_BIND_FUNC"}, | 102 | {ERR_FUNC(DSO_F_WIN32_BIND_FUNC), "WIN32_BIND_FUNC"}, |
| 99 | {ERR_FUNC(DSO_F_WIN32_BIND_VAR), "WIN32_BIND_VAR"}, | 103 | {ERR_FUNC(DSO_F_WIN32_BIND_VAR), "WIN32_BIND_VAR"}, |
| 104 | {ERR_FUNC(DSO_F_WIN32_JOINER), "WIN32_JOINER"}, | ||
| 100 | {ERR_FUNC(DSO_F_WIN32_LOAD), "WIN32_LOAD"}, | 105 | {ERR_FUNC(DSO_F_WIN32_LOAD), "WIN32_LOAD"}, |
| 106 | {ERR_FUNC(DSO_F_WIN32_MERGER), "WIN32_MERGER"}, | ||
| 101 | {ERR_FUNC(DSO_F_WIN32_NAME_CONVERTER), "WIN32_NAME_CONVERTER"}, | 107 | {ERR_FUNC(DSO_F_WIN32_NAME_CONVERTER), "WIN32_NAME_CONVERTER"}, |
| 108 | {ERR_FUNC(DSO_F_WIN32_SPLITTER), "WIN32_SPLITTER"}, | ||
| 102 | {ERR_FUNC(DSO_F_WIN32_UNLOAD), "WIN32_UNLOAD"}, | 109 | {ERR_FUNC(DSO_F_WIN32_UNLOAD), "WIN32_UNLOAD"}, |
| 103 | {0,NULL} | 110 | {0,NULL} |
| 104 | }; | 111 | }; |
| @@ -107,11 +114,15 @@ static ERR_STRING_DATA DSO_str_reasons[]= | |||
| 107 | { | 114 | { |
| 108 | {ERR_REASON(DSO_R_CTRL_FAILED) ,"control command failed"}, | 115 | {ERR_REASON(DSO_R_CTRL_FAILED) ,"control command failed"}, |
| 109 | {ERR_REASON(DSO_R_DSO_ALREADY_LOADED) ,"dso already loaded"}, | 116 | {ERR_REASON(DSO_R_DSO_ALREADY_LOADED) ,"dso already loaded"}, |
| 117 | {ERR_REASON(DSO_R_EMPTY_FILE_STRUCTURE) ,"empty file structure"}, | ||
| 118 | {ERR_REASON(DSO_R_FAILURE) ,"failure"}, | ||
| 110 | {ERR_REASON(DSO_R_FILENAME_TOO_BIG) ,"filename too big"}, | 119 | {ERR_REASON(DSO_R_FILENAME_TOO_BIG) ,"filename too big"}, |
| 111 | {ERR_REASON(DSO_R_FINISH_FAILED) ,"cleanup method function failed"}, | 120 | {ERR_REASON(DSO_R_FINISH_FAILED) ,"cleanup method function failed"}, |
| 121 | {ERR_REASON(DSO_R_INCORRECT_FILE_SYNTAX) ,"incorrect file syntax"}, | ||
| 112 | {ERR_REASON(DSO_R_LOAD_FAILED) ,"could not load the shared library"}, | 122 | {ERR_REASON(DSO_R_LOAD_FAILED) ,"could not load the shared library"}, |
| 113 | {ERR_REASON(DSO_R_NAME_TRANSLATION_FAILED),"name translation failed"}, | 123 | {ERR_REASON(DSO_R_NAME_TRANSLATION_FAILED),"name translation failed"}, |
| 114 | {ERR_REASON(DSO_R_NO_FILENAME) ,"no filename"}, | 124 | {ERR_REASON(DSO_R_NO_FILENAME) ,"no filename"}, |
| 125 | {ERR_REASON(DSO_R_NO_FILE_SPECIFICATION) ,"no file specification"}, | ||
| 115 | {ERR_REASON(DSO_R_NULL_HANDLE) ,"a null shared library handle was used"}, | 126 | {ERR_REASON(DSO_R_NULL_HANDLE) ,"a null shared library handle was used"}, |
| 116 | {ERR_REASON(DSO_R_SET_FILENAME_FAILED) ,"set filename failed"}, | 127 | {ERR_REASON(DSO_R_SET_FILENAME_FAILED) ,"set filename failed"}, |
| 117 | {ERR_REASON(DSO_R_STACK_ERROR) ,"the meth_data stack is corrupt"}, | 128 | {ERR_REASON(DSO_R_STACK_ERROR) ,"the meth_data stack is corrupt"}, |
| @@ -125,15 +136,12 @@ static ERR_STRING_DATA DSO_str_reasons[]= | |||
| 125 | 136 | ||
| 126 | void ERR_load_DSO_strings(void) | 137 | void ERR_load_DSO_strings(void) |
| 127 | { | 138 | { |
| 128 | static int init=1; | 139 | #ifndef OPENSSL_NO_ERR |
| 129 | 140 | ||
| 130 | if (init) | 141 | if (ERR_func_error_string(DSO_str_functs[0].error) == NULL) |
| 131 | { | 142 | { |
| 132 | init=0; | ||
| 133 | #ifndef OPENSSL_NO_ERR | ||
| 134 | ERR_load_strings(0,DSO_str_functs); | 143 | ERR_load_strings(0,DSO_str_functs); |
| 135 | ERR_load_strings(0,DSO_str_reasons); | 144 | ERR_load_strings(0,DSO_str_reasons); |
| 136 | #endif | ||
| 137 | |||
| 138 | } | 145 | } |
| 146 | #endif | ||
| 139 | } | 147 | } |
diff --git a/src/lib/libssl/src/crypto/dso/dso_lib.c b/src/lib/libssl/src/crypto/dso/dso_lib.c index 48d9fdb25e..49bdd71309 100644 --- a/src/lib/libssl/src/crypto/dso/dso_lib.c +++ b/src/lib/libssl/src/crypto/dso/dso_lib.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* dso_lib.c */ | 1 | /* dso_lib.c -*- mode:C; c-file-style: "eay" -*- */ |
| 2 | /* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL | 2 | /* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL |
| 3 | * project 2000. | 3 | * project 2000. |
| 4 | */ | 4 | */ |
| @@ -390,6 +390,33 @@ int DSO_set_filename(DSO *dso, const char *filename) | |||
| 390 | return(1); | 390 | return(1); |
| 391 | } | 391 | } |
| 392 | 392 | ||
| 393 | char *DSO_merge(DSO *dso, const char *filespec1, const char *filespec2) | ||
| 394 | { | ||
| 395 | char *result = NULL; | ||
| 396 | |||
| 397 | if(dso == NULL || filespec1 == NULL) | ||
| 398 | { | ||
| 399 | DSOerr(DSO_F_DSO_MERGE,ERR_R_PASSED_NULL_PARAMETER); | ||
| 400 | return(NULL); | ||
| 401 | } | ||
| 402 | if(filespec1 == NULL) | ||
| 403 | filespec1 = dso->filename; | ||
| 404 | if(filespec1 == NULL) | ||
| 405 | { | ||
| 406 | DSOerr(DSO_F_DSO_MERGE,DSO_R_NO_FILE_SPECIFICATION); | ||
| 407 | return(NULL); | ||
| 408 | } | ||
| 409 | if((dso->flags & DSO_FLAG_NO_NAME_TRANSLATION) == 0) | ||
| 410 | { | ||
| 411 | if(dso->merger != NULL) | ||
| 412 | result = dso->merger(dso, filespec1, filespec2); | ||
| 413 | else if(dso->meth->dso_merger != NULL) | ||
| 414 | result = dso->meth->dso_merger(dso, | ||
| 415 | filespec1, filespec2); | ||
| 416 | } | ||
| 417 | return(result); | ||
| 418 | } | ||
| 419 | |||
| 393 | char *DSO_convert_filename(DSO *dso, const char *filename) | 420 | char *DSO_convert_filename(DSO *dso, const char *filename) |
| 394 | { | 421 | { |
| 395 | char *result = NULL; | 422 | char *result = NULL; |
diff --git a/src/lib/libssl/src/crypto/dso/dso_null.c b/src/lib/libssl/src/crypto/dso/dso_null.c index fa13a7cb0f..4972984651 100644 --- a/src/lib/libssl/src/crypto/dso/dso_null.c +++ b/src/lib/libssl/src/crypto/dso/dso_null.c | |||
| @@ -75,6 +75,8 @@ static DSO_METHOD dso_meth_null = { | |||
| 75 | NULL, /* unbind_func */ | 75 | NULL, /* unbind_func */ |
| 76 | #endif | 76 | #endif |
| 77 | NULL, /* ctrl */ | 77 | NULL, /* ctrl */ |
| 78 | NULL, /* dso_name_converter */ | ||
| 79 | NULL, /* dso_merger */ | ||
| 78 | NULL, /* init */ | 80 | NULL, /* init */ |
| 79 | NULL /* finish */ | 81 | NULL /* finish */ |
| 80 | }; | 82 | }; |
diff --git a/src/lib/libssl/src/crypto/dso/dso_vms.c b/src/lib/libssl/src/crypto/dso/dso_vms.c index 1674619d17..2c434ee8a6 100644 --- a/src/lib/libssl/src/crypto/dso/dso_vms.c +++ b/src/lib/libssl/src/crypto/dso/dso_vms.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* dso_vms.c */ | 1 | /* dso_vms.c -*- mode:C; c-file-style: "eay" -*- */ |
| 2 | /* Written by Richard Levitte (richard@levitte.org) for the OpenSSL | 2 | /* Written by Richard Levitte (richard@levitte.org) for the OpenSSL |
| 3 | * project 2000. | 3 | * project 2000. |
| 4 | */ | 4 | */ |
| @@ -63,6 +63,7 @@ | |||
| 63 | #include <openssl/dso.h> | 63 | #include <openssl/dso.h> |
| 64 | #ifdef OPENSSL_SYS_VMS | 64 | #ifdef OPENSSL_SYS_VMS |
| 65 | #pragma message disable DOLLARID | 65 | #pragma message disable DOLLARID |
| 66 | #include <rms.h> | ||
| 66 | #include <lib$routines.h> | 67 | #include <lib$routines.h> |
| 67 | #include <stsdef.h> | 68 | #include <stsdef.h> |
| 68 | #include <descrip.h> | 69 | #include <descrip.h> |
| @@ -89,6 +90,8 @@ static int vms_finish(DSO *dso); | |||
| 89 | static long vms_ctrl(DSO *dso, int cmd, long larg, void *parg); | 90 | static long vms_ctrl(DSO *dso, int cmd, long larg, void *parg); |
| 90 | #endif | 91 | #endif |
| 91 | static char *vms_name_converter(DSO *dso, const char *filename); | 92 | static char *vms_name_converter(DSO *dso, const char *filename); |
| 93 | static char *vms_merger(DSO *dso, const char *filespec1, | ||
| 94 | const char *filespec2); | ||
| 92 | 95 | ||
| 93 | static DSO_METHOD dso_meth_vms = { | 96 | static DSO_METHOD dso_meth_vms = { |
| 94 | "OpenSSL 'VMS' shared library method", | 97 | "OpenSSL 'VMS' shared library method", |
| @@ -103,6 +106,7 @@ static DSO_METHOD dso_meth_vms = { | |||
| 103 | #endif | 106 | #endif |
| 104 | NULL, /* ctrl */ | 107 | NULL, /* ctrl */ |
| 105 | vms_name_converter, | 108 | vms_name_converter, |
| 109 | vms_merger, | ||
| 106 | NULL, /* init */ | 110 | NULL, /* init */ |
| 107 | NULL /* finish */ | 111 | NULL /* finish */ |
| 108 | }; | 112 | }; |
| @@ -140,7 +144,7 @@ static int vms_load(DSO *dso) | |||
| 140 | 144 | ||
| 141 | if(filename == NULL) | 145 | if(filename == NULL) |
| 142 | { | 146 | { |
| 143 | DSOerr(DSO_F_DLFCN_LOAD,DSO_R_NO_FILENAME); | 147 | DSOerr(DSO_F_VMS_LOAD,DSO_R_NO_FILENAME); |
| 144 | goto err; | 148 | goto err; |
| 145 | } | 149 | } |
| 146 | 150 | ||
| @@ -295,19 +299,19 @@ void vms_bind_sym(DSO *dso, const char *symname, void **sym) | |||
| 295 | 299 | ||
| 296 | if((dso == NULL) || (symname == NULL)) | 300 | if((dso == NULL) || (symname == NULL)) |
| 297 | { | 301 | { |
| 298 | DSOerr(DSO_F_VMS_BIND_VAR,ERR_R_PASSED_NULL_PARAMETER); | 302 | DSOerr(DSO_F_VMS_BIND_SYM,ERR_R_PASSED_NULL_PARAMETER); |
| 299 | return; | 303 | return; |
| 300 | } | 304 | } |
| 301 | if(sk_num(dso->meth_data) < 1) | 305 | if(sk_num(dso->meth_data) < 1) |
| 302 | { | 306 | { |
| 303 | DSOerr(DSO_F_VMS_BIND_VAR,DSO_R_STACK_ERROR); | 307 | DSOerr(DSO_F_VMS_BIND_SYM,DSO_R_STACK_ERROR); |
| 304 | return; | 308 | return; |
| 305 | } | 309 | } |
| 306 | ptr = (DSO_VMS_INTERNAL *)sk_value(dso->meth_data, | 310 | ptr = (DSO_VMS_INTERNAL *)sk_value(dso->meth_data, |
| 307 | sk_num(dso->meth_data) - 1); | 311 | sk_num(dso->meth_data) - 1); |
| 308 | if(ptr == NULL) | 312 | if(ptr == NULL) |
| 309 | { | 313 | { |
| 310 | DSOerr(DSO_F_VMS_BIND_VAR,DSO_R_NULL_HANDLE); | 314 | DSOerr(DSO_F_VMS_BIND_SYM,DSO_R_NULL_HANDLE); |
| 311 | return; | 315 | return; |
| 312 | } | 316 | } |
| 313 | 317 | ||
| @@ -336,7 +340,7 @@ void vms_bind_sym(DSO *dso, const char *symname, void **sym) | |||
| 336 | { | 340 | { |
| 337 | errstring[length] = '\0'; | 341 | errstring[length] = '\0'; |
| 338 | 342 | ||
| 339 | DSOerr(DSO_F_VMS_BIND_VAR,DSO_R_SYM_FAILURE); | 343 | DSOerr(DSO_F_VMS_BIND_SYM,DSO_R_SYM_FAILURE); |
| 340 | if (ptr->imagename_dsc.dsc$w_length) | 344 | if (ptr->imagename_dsc.dsc$w_length) |
| 341 | ERR_add_error_data(9, | 345 | ERR_add_error_data(9, |
| 342 | "Symbol ", symname, | 346 | "Symbol ", symname, |
| @@ -368,6 +372,127 @@ static DSO_FUNC_TYPE vms_bind_func(DSO *dso, const char *symname) | |||
| 368 | return sym; | 372 | return sym; |
| 369 | } | 373 | } |
| 370 | 374 | ||
| 375 | static char *vms_merger(DSO *dso, const char *filespec1, const char *filespec2) | ||
| 376 | { | ||
| 377 | int status; | ||
| 378 | int filespec1len, filespec2len; | ||
| 379 | struct FAB fab; | ||
| 380 | #ifdef NAML$C_MAXRSS | ||
| 381 | struct NAML nam; | ||
| 382 | char esa[NAML$C_MAXRSS]; | ||
| 383 | #else | ||
| 384 | struct NAM nam; | ||
| 385 | char esa[NAM$C_MAXRSS]; | ||
| 386 | #endif | ||
| 387 | char *merged; | ||
| 388 | |||
| 389 | if (!filespec1) filespec1 = ""; | ||
| 390 | if (!filespec2) filespec2 = ""; | ||
| 391 | filespec1len = strlen(filespec1); | ||
| 392 | filespec2len = strlen(filespec2); | ||
| 393 | |||
| 394 | fab = cc$rms_fab; | ||
| 395 | #ifdef NAML$C_MAXRSS | ||
| 396 | nam = cc$rms_naml; | ||
| 397 | #else | ||
| 398 | nam = cc$rms_nam; | ||
| 399 | #endif | ||
| 400 | |||
| 401 | fab.fab$l_fna = (char *)filespec1; | ||
| 402 | fab.fab$b_fns = filespec1len; | ||
| 403 | fab.fab$l_dna = (char *)filespec2; | ||
| 404 | fab.fab$b_dns = filespec2len; | ||
| 405 | #ifdef NAML$C_MAXRSS | ||
| 406 | if (filespec1len > NAM$C_MAXRSS) | ||
| 407 | { | ||
| 408 | fab.fab$l_fna = 0; | ||
| 409 | fab.fab$b_fns = 0; | ||
| 410 | nam.naml$l_long_filename = (char *)filespec1; | ||
| 411 | nam.naml$l_long_filename_size = filespec1len; | ||
| 412 | } | ||
| 413 | if (filespec2len > NAM$C_MAXRSS) | ||
| 414 | { | ||
| 415 | fab.fab$l_dna = 0; | ||
| 416 | fab.fab$b_dns = 0; | ||
| 417 | nam.naml$l_long_defname = (char *)filespec2; | ||
| 418 | nam.naml$l_long_defname_size = filespec2len; | ||
| 419 | } | ||
| 420 | nam.naml$l_esa = esa; | ||
| 421 | nam.naml$b_ess = NAM$C_MAXRSS; | ||
| 422 | nam.naml$l_long_expand = esa; | ||
| 423 | nam.naml$l_long_expand_alloc = sizeof(esa); | ||
| 424 | nam.naml$b_nop = NAM$M_SYNCHK | NAM$M_PWD; | ||
| 425 | nam.naml$v_no_short_upcase = 1; | ||
| 426 | fab.fab$l_naml = &nam; | ||
| 427 | #else | ||
| 428 | nam.nam$l_esa = esa; | ||
| 429 | nam.nam$b_ess = NAM$C_MAXRSS; | ||
| 430 | nam.nam$b_nop = NAM$M_SYNCHK | NAM$M_PWD; | ||
| 431 | fab.fab$l_nam = &nam; | ||
| 432 | #endif | ||
| 433 | |||
| 434 | status = sys$parse(&fab, 0, 0); | ||
| 435 | |||
| 436 | if(!$VMS_STATUS_SUCCESS(status)) | ||
| 437 | { | ||
| 438 | unsigned short length; | ||
| 439 | char errstring[257]; | ||
| 440 | struct dsc$descriptor_s errstring_dsc; | ||
| 441 | |||
| 442 | errstring_dsc.dsc$w_length = sizeof(errstring); | ||
| 443 | errstring_dsc.dsc$b_dtype = DSC$K_DTYPE_T; | ||
| 444 | errstring_dsc.dsc$b_class = DSC$K_CLASS_S; | ||
| 445 | errstring_dsc.dsc$a_pointer = errstring; | ||
| 446 | |||
| 447 | status = sys$getmsg(status, &length, &errstring_dsc, 1, 0); | ||
| 448 | |||
| 449 | if (!$VMS_STATUS_SUCCESS(status)) | ||
| 450 | lib$signal(status); /* This is really bad. Abort! */ | ||
| 451 | else | ||
| 452 | { | ||
| 453 | errstring[length] = '\0'; | ||
| 454 | |||
| 455 | DSOerr(DSO_F_VMS_MERGER,DSO_R_FAILURE); | ||
| 456 | ERR_add_error_data(7, | ||
| 457 | "filespec \"", filespec1, "\", ", | ||
| 458 | "defaults \"", filespec2, "\": ", | ||
| 459 | errstring); | ||
| 460 | } | ||
| 461 | return(NULL); | ||
| 462 | } | ||
| 463 | #ifdef NAML$C_MAXRSS | ||
| 464 | if (nam.naml$l_long_expand_size) | ||
| 465 | { | ||
| 466 | merged = OPENSSL_malloc(nam.naml$l_long_expand_size + 1); | ||
| 467 | if(!merged) | ||
| 468 | goto malloc_err; | ||
| 469 | strncpy(merged, nam.naml$l_long_expand, | ||
| 470 | nam.naml$l_long_expand_size); | ||
| 471 | merged[nam.naml$l_long_expand_size] = '\0'; | ||
| 472 | } | ||
| 473 | else | ||
| 474 | { | ||
| 475 | merged = OPENSSL_malloc(nam.naml$b_esl + 1); | ||
| 476 | if(!merged) | ||
| 477 | goto malloc_err; | ||
| 478 | strncpy(merged, nam.naml$l_esa, | ||
| 479 | nam.naml$b_esl); | ||
| 480 | merged[nam.naml$b_esl] = '\0'; | ||
| 481 | } | ||
| 482 | #else | ||
| 483 | merged = OPENSSL_malloc(nam.nam$b_esl + 1); | ||
| 484 | if(!merged) | ||
| 485 | goto malloc_err; | ||
| 486 | strncpy(merged, nam.nam$l_esa, | ||
| 487 | nam.nam$b_esl); | ||
| 488 | merged[nam.nam$b_esl] = '\0'; | ||
| 489 | #endif | ||
| 490 | return(merged); | ||
| 491 | malloc_err: | ||
| 492 | DSOerr(DSO_F_VMS_MERGER, | ||
| 493 | ERR_R_MALLOC_FAILURE); | ||
| 494 | } | ||
| 495 | |||
| 371 | static char *vms_name_converter(DSO *dso, const char *filename) | 496 | static char *vms_name_converter(DSO *dso, const char *filename) |
| 372 | { | 497 | { |
| 373 | int len = strlen(filename); | 498 | int len = strlen(filename); |
diff --git a/src/lib/libssl/src/crypto/dso/dso_win32.c b/src/lib/libssl/src/crypto/dso/dso_win32.c index cc4ac68696..fd3dd6a7fe 100644 --- a/src/lib/libssl/src/crypto/dso/dso_win32.c +++ b/src/lib/libssl/src/crypto/dso/dso_win32.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* dso_win32.c */ | 1 | /* dso_win32.c -*- mode:C; c-file-style: "eay" -*- */ |
| 2 | /* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL | 2 | /* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL |
| 3 | * project 2000. | 3 | * project 2000. |
| 4 | */ | 4 | */ |
| @@ -85,6 +85,26 @@ static FARPROC GetProcAddressA(HMODULE hModule,LPCSTR lpProcName) | |||
| 85 | # endif | 85 | # endif |
| 86 | # undef GetProcAddress | 86 | # undef GetProcAddress |
| 87 | # define GetProcAddress GetProcAddressA | 87 | # define GetProcAddress GetProcAddressA |
| 88 | |||
| 89 | static HINSTANCE LoadLibraryA(LPCSTR lpLibFileName) | ||
| 90 | { | ||
| 91 | WCHAR *fnamw; | ||
| 92 | size_t len_0=strlen(lpLibFileName)+1,i; | ||
| 93 | |||
| 94 | #ifdef _MSC_VER | ||
| 95 | fnamw = (WCHAR *)_alloca (len_0*sizeof(WCHAR)); | ||
| 96 | #else | ||
| 97 | fnamw = (WCHAR *)alloca (len_0*sizeof(WCHAR)); | ||
| 98 | #endif | ||
| 99 | if (fnamw == NULL) return NULL; | ||
| 100 | |||
| 101 | #if defined(_WIN32_WCE) && _WIN32_WCE>=101 | ||
| 102 | if (!MultiByteToWideChar(CP_ACP,0,lpLibFileName,len_0,fnamw,len_0)) | ||
| 103 | #endif | ||
| 104 | for (i=0;i<len_0;i++) fnamw[i]=(WCHAR)lpLibFileName[i]; | ||
| 105 | |||
| 106 | return LoadLibraryW(fnamw); | ||
| 107 | } | ||
| 88 | #endif | 108 | #endif |
| 89 | 109 | ||
| 90 | /* Part of the hack in "win32_load" ... */ | 110 | /* Part of the hack in "win32_load" ... */ |
| @@ -102,6 +122,10 @@ static int win32_finish(DSO *dso); | |||
| 102 | static long win32_ctrl(DSO *dso, int cmd, long larg, void *parg); | 122 | static long win32_ctrl(DSO *dso, int cmd, long larg, void *parg); |
| 103 | #endif | 123 | #endif |
| 104 | static char *win32_name_converter(DSO *dso, const char *filename); | 124 | static char *win32_name_converter(DSO *dso, const char *filename); |
| 125 | static char *win32_merger(DSO *dso, const char *filespec1, | ||
| 126 | const char *filespec2); | ||
| 127 | |||
| 128 | static const char *openssl_strnchr(const char *string, int c, size_t len); | ||
| 105 | 129 | ||
| 106 | static DSO_METHOD dso_meth_win32 = { | 130 | static DSO_METHOD dso_meth_win32 = { |
| 107 | "OpenSSL 'win32' shared library method", | 131 | "OpenSSL 'win32' shared library method", |
| @@ -116,6 +140,7 @@ static DSO_METHOD dso_meth_win32 = { | |||
| 116 | #endif | 140 | #endif |
| 117 | NULL, /* ctrl */ | 141 | NULL, /* ctrl */ |
| 118 | win32_name_converter, | 142 | win32_name_converter, |
| 143 | win32_merger, | ||
| 119 | NULL, /* init */ | 144 | NULL, /* init */ |
| 120 | NULL /* finish */ | 145 | NULL /* finish */ |
| 121 | }; | 146 | }; |
| @@ -267,6 +292,330 @@ static DSO_FUNC_TYPE win32_bind_func(DSO *dso, const char *symname) | |||
| 267 | return((DSO_FUNC_TYPE)sym); | 292 | return((DSO_FUNC_TYPE)sym); |
| 268 | } | 293 | } |
| 269 | 294 | ||
| 295 | struct file_st | ||
| 296 | { | ||
| 297 | const char *node; int nodelen; | ||
| 298 | const char *device; int devicelen; | ||
| 299 | const char *predir; int predirlen; | ||
| 300 | const char *dir; int dirlen; | ||
| 301 | const char *file; int filelen; | ||
| 302 | }; | ||
| 303 | |||
| 304 | static struct file_st *win32_splitter(DSO *dso, const char *filename, | ||
| 305 | int assume_last_is_dir) | ||
| 306 | { | ||
| 307 | struct file_st *result = NULL; | ||
| 308 | enum { IN_NODE, IN_DEVICE, IN_FILE } position; | ||
| 309 | const char *start = filename; | ||
| 310 | char last; | ||
| 311 | |||
| 312 | if (!filename) | ||
| 313 | { | ||
| 314 | DSOerr(DSO_F_WIN32_SPLITTER,DSO_R_NO_FILENAME); | ||
| 315 | /*goto err;*/ | ||
| 316 | return(NULL); | ||
| 317 | } | ||
| 318 | |||
| 319 | result = OPENSSL_malloc(sizeof(struct file_st)); | ||
| 320 | if(result == NULL) | ||
| 321 | { | ||
| 322 | DSOerr(DSO_F_WIN32_SPLITTER, | ||
| 323 | ERR_R_MALLOC_FAILURE); | ||
| 324 | return(NULL); | ||
| 325 | } | ||
| 326 | |||
| 327 | memset(result, 0, sizeof(struct file_st)); | ||
| 328 | position = IN_DEVICE; | ||
| 329 | |||
| 330 | if(filename[0] == '\\' && filename[1] == '\\' | ||
| 331 | || filename[0] == '/' && filename[1] == '/') | ||
| 332 | { | ||
| 333 | position = IN_NODE; | ||
| 334 | filename += 2; | ||
| 335 | start = filename; | ||
| 336 | result->node = start; | ||
| 337 | } | ||
| 338 | |||
| 339 | do | ||
| 340 | { | ||
| 341 | last = filename[0]; | ||
| 342 | switch(last) | ||
| 343 | { | ||
| 344 | case ':': | ||
| 345 | if(position != IN_DEVICE) | ||
| 346 | { | ||
| 347 | DSOerr(DSO_F_WIN32_SPLITTER, | ||
| 348 | DSO_R_INCORRECT_FILE_SYNTAX); | ||
| 349 | /*goto err;*/ | ||
| 350 | return(NULL); | ||
| 351 | } | ||
| 352 | result->device = start; | ||
| 353 | result->devicelen = filename - start; | ||
| 354 | position = IN_FILE; | ||
| 355 | start = ++filename; | ||
| 356 | result->dir = start; | ||
| 357 | break; | ||
| 358 | case '\\': | ||
| 359 | case '/': | ||
| 360 | if(position == IN_NODE) | ||
| 361 | { | ||
| 362 | result->nodelen = filename - start; | ||
| 363 | position = IN_FILE; | ||
| 364 | start = ++filename; | ||
| 365 | result->dir = start; | ||
| 366 | } | ||
| 367 | else if(position == IN_DEVICE) | ||
| 368 | { | ||
| 369 | position = IN_FILE; | ||
| 370 | filename++; | ||
| 371 | result->dir = start; | ||
| 372 | result->dirlen = filename - start; | ||
| 373 | start = filename; | ||
| 374 | } | ||
| 375 | else | ||
| 376 | { | ||
| 377 | filename++; | ||
| 378 | result->dirlen += filename - start; | ||
| 379 | start = filename; | ||
| 380 | } | ||
| 381 | break; | ||
| 382 | case '\0': | ||
| 383 | if(position == IN_NODE) | ||
| 384 | { | ||
| 385 | result->nodelen = filename - start; | ||
| 386 | } | ||
| 387 | else | ||
| 388 | { | ||
| 389 | if(filename - start > 0) | ||
| 390 | { | ||
| 391 | if (assume_last_is_dir) | ||
| 392 | { | ||
| 393 | if (position == IN_DEVICE) | ||
| 394 | { | ||
| 395 | result->dir = start; | ||
| 396 | result->dirlen = 0; | ||
| 397 | } | ||
| 398 | result->dirlen += | ||
| 399 | filename - start; | ||
| 400 | } | ||
| 401 | else | ||
| 402 | { | ||
| 403 | result->file = start; | ||
| 404 | result->filelen = | ||
| 405 | filename - start; | ||
| 406 | } | ||
| 407 | } | ||
| 408 | } | ||
| 409 | break; | ||
| 410 | default: | ||
| 411 | filename++; | ||
| 412 | break; | ||
| 413 | } | ||
| 414 | } | ||
| 415 | while(last); | ||
| 416 | |||
| 417 | if(!result->nodelen) result->node = NULL; | ||
| 418 | if(!result->devicelen) result->device = NULL; | ||
| 419 | if(!result->dirlen) result->dir = NULL; | ||
| 420 | if(!result->filelen) result->file = NULL; | ||
| 421 | |||
| 422 | return(result); | ||
| 423 | } | ||
| 424 | |||
| 425 | static char *win32_joiner(DSO *dso, const struct file_st *file_split) | ||
| 426 | { | ||
| 427 | int len = 0, offset = 0; | ||
| 428 | char *result = NULL; | ||
| 429 | const char *start; | ||
| 430 | |||
| 431 | if(!file_split) | ||
| 432 | { | ||
| 433 | DSOerr(DSO_F_WIN32_JOINER, | ||
| 434 | ERR_R_PASSED_NULL_PARAMETER); | ||
| 435 | return(NULL); | ||
| 436 | } | ||
| 437 | if(file_split->node) | ||
| 438 | { | ||
| 439 | len += 2 + file_split->nodelen; /* 2 for starting \\ */ | ||
| 440 | if(file_split->predir || file_split->dir || file_split->file) | ||
| 441 | len++; /* 1 for ending \ */ | ||
| 442 | } | ||
| 443 | else if(file_split->device) | ||
| 444 | { | ||
| 445 | len += file_split->devicelen + 1; /* 1 for ending : */ | ||
| 446 | } | ||
| 447 | len += file_split->predirlen; | ||
| 448 | if(file_split->predir && (file_split->dir || file_split->file)) | ||
| 449 | { | ||
| 450 | len++; /* 1 for ending \ */ | ||
| 451 | } | ||
| 452 | len += file_split->dirlen; | ||
| 453 | if(file_split->dir && file_split->file) | ||
| 454 | { | ||
| 455 | len++; /* 1 for ending \ */ | ||
| 456 | } | ||
| 457 | len += file_split->filelen; | ||
| 458 | |||
| 459 | if(!len) | ||
| 460 | { | ||
| 461 | DSOerr(DSO_F_WIN32_JOINER, DSO_R_EMPTY_FILE_STRUCTURE); | ||
| 462 | return(NULL); | ||
| 463 | } | ||
| 464 | |||
| 465 | result = OPENSSL_malloc(len + 1); | ||
| 466 | if (!result) | ||
| 467 | { | ||
| 468 | DSOerr(DSO_F_WIN32_JOINER, | ||
| 469 | ERR_R_MALLOC_FAILURE); | ||
| 470 | return(NULL); | ||
| 471 | } | ||
| 472 | |||
| 473 | if(file_split->node) | ||
| 474 | { | ||
| 475 | strcpy(&result[offset], "\\\\"); offset += 2; | ||
| 476 | strncpy(&result[offset], file_split->node, | ||
| 477 | file_split->nodelen); offset += file_split->nodelen; | ||
| 478 | if(file_split->predir || file_split->dir || file_split->file) | ||
| 479 | { | ||
| 480 | result[offset] = '\\'; offset++; | ||
| 481 | } | ||
| 482 | } | ||
| 483 | else if(file_split->device) | ||
| 484 | { | ||
| 485 | strncpy(&result[offset], file_split->device, | ||
| 486 | file_split->devicelen); offset += file_split->devicelen; | ||
| 487 | result[offset] = ':'; offset++; | ||
| 488 | } | ||
| 489 | start = file_split->predir; | ||
| 490 | while(file_split->predirlen > (start - file_split->predir)) | ||
| 491 | { | ||
| 492 | const char *end = openssl_strnchr(start, '/', | ||
| 493 | file_split->predirlen - (start - file_split->predir)); | ||
| 494 | if(!end) | ||
| 495 | end = start | ||
| 496 | + file_split->predirlen | ||
| 497 | - (start - file_split->predir); | ||
| 498 | strncpy(&result[offset], start, | ||
| 499 | end - start); offset += end - start; | ||
| 500 | result[offset] = '\\'; offset++; | ||
| 501 | start = end + 1; | ||
| 502 | } | ||
| 503 | #if 0 /* Not needed, since the directory converter above already appeneded | ||
| 504 | a backslash */ | ||
| 505 | if(file_split->predir && (file_split->dir || file_split->file)) | ||
| 506 | { | ||
| 507 | result[offset] = '\\'; offset++; | ||
| 508 | } | ||
| 509 | #endif | ||
| 510 | start = file_split->dir; | ||
| 511 | while(file_split->dirlen > (start - file_split->dir)) | ||
| 512 | { | ||
| 513 | const char *end = openssl_strnchr(start, '/', | ||
| 514 | file_split->dirlen - (start - file_split->dir)); | ||
| 515 | if(!end) | ||
| 516 | end = start | ||
| 517 | + file_split->dirlen | ||
| 518 | - (start - file_split->dir); | ||
| 519 | strncpy(&result[offset], start, | ||
| 520 | end - start); offset += end - start; | ||
| 521 | result[offset] = '\\'; offset++; | ||
| 522 | start = end + 1; | ||
| 523 | } | ||
| 524 | #if 0 /* Not needed, since the directory converter above already appeneded | ||
| 525 | a backslash */ | ||
| 526 | if(file_split->dir && file_split->file) | ||
| 527 | { | ||
| 528 | result[offset] = '\\'; offset++; | ||
| 529 | } | ||
| 530 | #endif | ||
| 531 | strncpy(&result[offset], file_split->file, | ||
| 532 | file_split->filelen); offset += file_split->filelen; | ||
| 533 | result[offset] = '\0'; | ||
| 534 | return(result); | ||
| 535 | } | ||
| 536 | |||
| 537 | static char *win32_merger(DSO *dso, const char *filespec1, const char *filespec2) | ||
| 538 | { | ||
| 539 | char *merged = NULL; | ||
| 540 | struct file_st *filespec1_split = NULL; | ||
| 541 | struct file_st *filespec2_split = NULL; | ||
| 542 | |||
| 543 | if(!filespec1 && !filespec2) | ||
| 544 | { | ||
| 545 | DSOerr(DSO_F_WIN32_MERGER, | ||
| 546 | ERR_R_PASSED_NULL_PARAMETER); | ||
| 547 | return(NULL); | ||
| 548 | } | ||
| 549 | if (!filespec2) | ||
| 550 | { | ||
| 551 | merged = OPENSSL_malloc(strlen(filespec1) + 1); | ||
| 552 | if(!merged) | ||
| 553 | { | ||
| 554 | DSOerr(DSO_F_WIN32_MERGER, | ||
| 555 | ERR_R_MALLOC_FAILURE); | ||
| 556 | return(NULL); | ||
| 557 | } | ||
| 558 | strcpy(merged, filespec1); | ||
| 559 | } | ||
| 560 | else if (!filespec1) | ||
| 561 | { | ||
| 562 | merged = OPENSSL_malloc(strlen(filespec2) + 1); | ||
| 563 | if(!merged) | ||
| 564 | { | ||
| 565 | DSOerr(DSO_F_WIN32_MERGER, | ||
| 566 | ERR_R_MALLOC_FAILURE); | ||
| 567 | return(NULL); | ||
| 568 | } | ||
| 569 | strcpy(merged, filespec2); | ||
| 570 | } | ||
| 571 | else | ||
| 572 | { | ||
| 573 | filespec1_split = win32_splitter(dso, filespec1, 0); | ||
| 574 | if (!filespec1_split) | ||
| 575 | { | ||
| 576 | DSOerr(DSO_F_WIN32_MERGER, | ||
| 577 | ERR_R_MALLOC_FAILURE); | ||
| 578 | return(NULL); | ||
| 579 | } | ||
| 580 | filespec2_split = win32_splitter(dso, filespec2, 1); | ||
| 581 | if (!filespec2_split) | ||
| 582 | { | ||
| 583 | DSOerr(DSO_F_WIN32_MERGER, | ||
| 584 | ERR_R_MALLOC_FAILURE); | ||
| 585 | OPENSSL_free(filespec1_split); | ||
| 586 | return(NULL); | ||
| 587 | } | ||
| 588 | |||
| 589 | /* Fill in into filespec1_split */ | ||
| 590 | if (!filespec1_split->node && !filespec1_split->device) | ||
| 591 | { | ||
| 592 | filespec1_split->node = filespec2_split->node; | ||
| 593 | filespec1_split->nodelen = filespec2_split->nodelen; | ||
| 594 | filespec1_split->device = filespec2_split->device; | ||
| 595 | filespec1_split->devicelen = filespec2_split->devicelen; | ||
| 596 | } | ||
| 597 | if (!filespec1_split->dir) | ||
| 598 | { | ||
| 599 | filespec1_split->dir = filespec2_split->dir; | ||
| 600 | filespec1_split->dirlen = filespec2_split->dirlen; | ||
| 601 | } | ||
| 602 | else if (filespec1_split->dir[0] != '\\' | ||
| 603 | && filespec1_split->dir[0] != '/') | ||
| 604 | { | ||
| 605 | filespec1_split->predir = filespec2_split->dir; | ||
| 606 | filespec1_split->predirlen = filespec2_split->dirlen; | ||
| 607 | } | ||
| 608 | if (!filespec1_split->file) | ||
| 609 | { | ||
| 610 | filespec1_split->file = filespec2_split->file; | ||
| 611 | filespec1_split->filelen = filespec2_split->filelen; | ||
| 612 | } | ||
| 613 | |||
| 614 | merged = win32_joiner(dso, filespec1_split); | ||
| 615 | } | ||
| 616 | return(merged); | ||
| 617 | } | ||
| 618 | |||
| 270 | static char *win32_name_converter(DSO *dso, const char *filename) | 619 | static char *win32_name_converter(DSO *dso, const char *filename) |
| 271 | { | 620 | { |
| 272 | char *translated; | 621 | char *translated; |
| @@ -295,4 +644,17 @@ static char *win32_name_converter(DSO *dso, const char *filename) | |||
| 295 | return(translated); | 644 | return(translated); |
| 296 | } | 645 | } |
| 297 | 646 | ||
| 647 | static const char *openssl_strnchr(const char *string, int c, size_t len) | ||
| 648 | { | ||
| 649 | size_t i; | ||
| 650 | const char *p; | ||
| 651 | for (i = 0, p = string; i < len && *p; i++, p++) | ||
| 652 | { | ||
| 653 | if (*p == c) | ||
| 654 | return p; | ||
| 655 | } | ||
| 656 | return NULL; | ||
| 657 | } | ||
| 658 | |||
| 659 | |||
| 298 | #endif /* OPENSSL_SYS_WIN32 */ | 660 | #endif /* OPENSSL_SYS_WIN32 */ |
diff --git a/src/lib/libssl/src/crypto/ebcdic.c b/src/lib/libssl/src/crypto/ebcdic.c index d1bece87f7..43e53bcaf7 100644 --- a/src/lib/libssl/src/crypto/ebcdic.c +++ b/src/lib/libssl/src/crypto/ebcdic.c | |||
| @@ -1,6 +1,14 @@ | |||
| 1 | /* crypto/ebcdic.c */ | 1 | /* crypto/ebcdic.c */ |
| 2 | 2 | ||
| 3 | #ifdef CHARSET_EBCDIC | 3 | #ifndef CHARSET_EBCDIC |
| 4 | |||
| 5 | #include <openssl/e_os2.h> | ||
| 6 | #if defined(PEDANTIC) || defined(__DECC) || defined(OPENSSL_SYS_MACOSX) | ||
| 7 | static void *dummy=&dummy; | ||
| 8 | #endif | ||
| 9 | |||
| 10 | #else /*CHARSET_EBCDIC*/ | ||
| 11 | |||
| 4 | #include "ebcdic.h" | 12 | #include "ebcdic.h" |
| 5 | /* Initial Port for Apache-1.3 by <Martin.Kraemer@Mch.SNI.De> | 13 | /* Initial Port for Apache-1.3 by <Martin.Kraemer@Mch.SNI.De> |
| 6 | * Adapted for OpenSSL-0.9.4 by <Martin.Kraemer@Mch.SNI.De> | 14 | * Adapted for OpenSSL-0.9.4 by <Martin.Kraemer@Mch.SNI.De> |
| @@ -210,9 +218,4 @@ ascii2ebcdic(void *dest, const void *srce, size_t count) | |||
| 210 | return dest; | 218 | return dest; |
| 211 | } | 219 | } |
| 212 | 220 | ||
| 213 | #else /*CHARSET_EBCDIC*/ | ||
| 214 | #include <openssl/e_os2.h> | ||
| 215 | #if defined(PEDANTIC) || defined(__DECC) || defined(OPENSSL_SYS_MACOSX) | ||
| 216 | static void *dummy=&dummy; | ||
| 217 | #endif | ||
| 218 | #endif | 221 | #endif |
diff --git a/src/lib/libssl/src/crypto/ec/ec.h b/src/lib/libssl/src/crypto/ec/ec.h index 6d6a9b7127..8bc2a235b1 100644 --- a/src/lib/libssl/src/crypto/ec/ec.h +++ b/src/lib/libssl/src/crypto/ec/ec.h | |||
| @@ -1,6 +1,9 @@ | |||
| 1 | /* crypto/ec/ec.h */ | 1 | /* crypto/ec/ec.h */ |
| 2 | /* | ||
| 3 | * Originally written by Bodo Moeller for the OpenSSL project. | ||
| 4 | */ | ||
| 2 | /* ==================================================================== | 5 | /* ==================================================================== |
| 3 | * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. | 6 | * Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved. |
| 4 | * | 7 | * |
| 5 | * Redistribution and use in source and binary forms, with or without | 8 | * Redistribution and use in source and binary forms, with or without |
| 6 | * modification, are permitted provided that the following conditions | 9 | * modification, are permitted provided that the following conditions |
| @@ -52,22 +55,48 @@ | |||
| 52 | * Hudson (tjh@cryptsoft.com). | 55 | * Hudson (tjh@cryptsoft.com). |
| 53 | * | 56 | * |
| 54 | */ | 57 | */ |
| 58 | /* ==================================================================== | ||
| 59 | * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. | ||
| 60 | * | ||
| 61 | * Portions of the attached software ("Contribution") are developed by | ||
| 62 | * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project. | ||
| 63 | * | ||
| 64 | * The Contribution is licensed pursuant to the OpenSSL open source | ||
| 65 | * license provided above. | ||
| 66 | * | ||
| 67 | * The elliptic curve binary polynomial software is originally written by | ||
| 68 | * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories. | ||
| 69 | * | ||
| 70 | */ | ||
| 55 | 71 | ||
| 56 | #ifndef HEADER_EC_H | 72 | #ifndef HEADER_EC_H |
| 57 | #define HEADER_EC_H | 73 | #define HEADER_EC_H |
| 58 | 74 | ||
| 75 | #include <openssl/opensslconf.h> | ||
| 76 | |||
| 59 | #ifdef OPENSSL_NO_EC | 77 | #ifdef OPENSSL_NO_EC |
| 60 | #error EC is disabled. | 78 | #error EC is disabled. |
| 61 | #endif | 79 | #endif |
| 62 | 80 | ||
| 63 | #include <openssl/bn.h> | 81 | #include <openssl/asn1.h> |
| 64 | #include <openssl/symhacks.h> | 82 | #include <openssl/symhacks.h> |
| 83 | #ifndef OPENSSL_NO_DEPRECATED | ||
| 84 | #include <openssl/bn.h> | ||
| 85 | #endif | ||
| 65 | 86 | ||
| 66 | #ifdef __cplusplus | 87 | #ifdef __cplusplus |
| 67 | extern "C" { | 88 | extern "C" { |
| 89 | #elif defined(__SUNPRO_C) | ||
| 90 | # if __SUNPRO_C >= 0x520 | ||
| 91 | # pragma error_messages (off,E_ARRAY_OF_INCOMPLETE_NONAME,E_ARRAY_OF_INCOMPLETE) | ||
| 92 | # endif | ||
| 68 | #endif | 93 | #endif |
| 69 | 94 | ||
| 70 | 95 | ||
| 96 | #ifndef OPENSSL_ECC_MAX_FIELD_BITS | ||
| 97 | # define OPENSSL_ECC_MAX_FIELD_BITS 661 | ||
| 98 | #endif | ||
| 99 | |||
| 71 | typedef enum { | 100 | typedef enum { |
| 72 | /* values as defined in X9.62 (ECDSA) and elsewhere */ | 101 | /* values as defined in X9.62 (ECDSA) and elsewhere */ |
| 73 | POINT_CONVERSION_COMPRESSED = 2, | 102 | POINT_CONVERSION_COMPRESSED = 2, |
| @@ -84,7 +113,8 @@ typedef struct ec_group_st | |||
| 84 | -- field definition | 113 | -- field definition |
| 85 | -- curve coefficients | 114 | -- curve coefficients |
| 86 | -- optional generator with associated information (order, cofactor) | 115 | -- optional generator with associated information (order, cofactor) |
| 87 | -- optional extra data (TODO: precomputed table for fast computation of multiples of generator) | 116 | -- optional extra data (precomputed table for fast computation of multiples of generator) |
| 117 | -- ASN1 stuff | ||
| 88 | */ | 118 | */ |
| 89 | EC_GROUP; | 119 | EC_GROUP; |
| 90 | 120 | ||
| @@ -96,40 +126,84 @@ typedef struct ec_point_st EC_POINT; | |||
| 96 | */ | 126 | */ |
| 97 | const EC_METHOD *EC_GFp_simple_method(void); | 127 | const EC_METHOD *EC_GFp_simple_method(void); |
| 98 | const EC_METHOD *EC_GFp_mont_method(void); | 128 | const EC_METHOD *EC_GFp_mont_method(void); |
| 99 | #if 0 | 129 | const EC_METHOD *EC_GFp_nist_method(void); |
| 100 | const EC_METHOD *EC_GFp_recp_method(void); /* TODO */ | 130 | |
| 101 | const EC_METHOD *EC_GFp_nist_method(void); /* TODO */ | 131 | /* EC_METHOD for curves over GF(2^m). |
| 102 | #endif | 132 | */ |
| 133 | const EC_METHOD *EC_GF2m_simple_method(void); | ||
| 103 | 134 | ||
| 104 | 135 | ||
| 105 | EC_GROUP *EC_GROUP_new(const EC_METHOD *); | 136 | EC_GROUP *EC_GROUP_new(const EC_METHOD *); |
| 106 | void EC_GROUP_free(EC_GROUP *); | 137 | void EC_GROUP_free(EC_GROUP *); |
| 107 | void EC_GROUP_clear_free(EC_GROUP *); | 138 | void EC_GROUP_clear_free(EC_GROUP *); |
| 108 | int EC_GROUP_copy(EC_GROUP *, const EC_GROUP *); | 139 | int EC_GROUP_copy(EC_GROUP *, const EC_GROUP *); |
| 140 | EC_GROUP *EC_GROUP_dup(const EC_GROUP *); | ||
| 109 | 141 | ||
| 110 | const EC_METHOD *EC_GROUP_method_of(const EC_GROUP *); | 142 | const EC_METHOD *EC_GROUP_method_of(const EC_GROUP *); |
| 111 | 143 | int EC_METHOD_get_field_type(const EC_METHOD *); | |
| 144 | |||
| 145 | int EC_GROUP_set_generator(EC_GROUP *, const EC_POINT *generator, const BIGNUM *order, const BIGNUM *cofactor); | ||
| 146 | const EC_POINT *EC_GROUP_get0_generator(const EC_GROUP *); | ||
| 147 | int EC_GROUP_get_order(const EC_GROUP *, BIGNUM *order, BN_CTX *); | ||
| 148 | int EC_GROUP_get_cofactor(const EC_GROUP *, BIGNUM *cofactor, BN_CTX *); | ||
| 149 | |||
| 150 | void EC_GROUP_set_curve_name(EC_GROUP *, int nid); | ||
| 151 | int EC_GROUP_get_curve_name(const EC_GROUP *); | ||
| 152 | |||
| 153 | void EC_GROUP_set_asn1_flag(EC_GROUP *, int flag); | ||
| 154 | int EC_GROUP_get_asn1_flag(const EC_GROUP *); | ||
| 155 | |||
| 156 | void EC_GROUP_set_point_conversion_form(EC_GROUP *, point_conversion_form_t); | ||
| 157 | point_conversion_form_t EC_GROUP_get_point_conversion_form(const EC_GROUP *); | ||
| 158 | |||
| 159 | unsigned char *EC_GROUP_get0_seed(const EC_GROUP *); | ||
| 160 | size_t EC_GROUP_get_seed_len(const EC_GROUP *); | ||
| 161 | size_t EC_GROUP_set_seed(EC_GROUP *, const unsigned char *, size_t len); | ||
| 112 | 162 | ||
| 113 | /* We don't have types for field specifications and field elements in general. | ||
| 114 | * Otherwise we could declare | ||
| 115 | * int EC_GROUP_set_curve(EC_GROUP *, .....); | ||
| 116 | */ | ||
| 117 | int EC_GROUP_set_curve_GFp(EC_GROUP *, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *); | 163 | int EC_GROUP_set_curve_GFp(EC_GROUP *, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *); |
| 118 | int EC_GROUP_get_curve_GFp(const EC_GROUP *, BIGNUM *p, BIGNUM *a, BIGNUM *b, BN_CTX *); | 164 | int EC_GROUP_get_curve_GFp(const EC_GROUP *, BIGNUM *p, BIGNUM *a, BIGNUM *b, BN_CTX *); |
| 165 | int EC_GROUP_set_curve_GF2m(EC_GROUP *, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *); | ||
| 166 | int EC_GROUP_get_curve_GF2m(const EC_GROUP *, BIGNUM *p, BIGNUM *a, BIGNUM *b, BN_CTX *); | ||
| 167 | |||
| 168 | /* returns the number of bits needed to represent a field element */ | ||
| 169 | int EC_GROUP_get_degree(const EC_GROUP *); | ||
| 170 | |||
| 171 | /* EC_GROUP_check() returns 1 if 'group' defines a valid group, 0 otherwise */ | ||
| 172 | int EC_GROUP_check(const EC_GROUP *group, BN_CTX *ctx); | ||
| 173 | /* EC_GROUP_check_discriminant() returns 1 if the discriminant of the | ||
| 174 | * elliptic curve is not zero, 0 otherwise */ | ||
| 175 | int EC_GROUP_check_discriminant(const EC_GROUP *, BN_CTX *); | ||
| 119 | 176 | ||
| 120 | /* EC_GROUP_new_GFp() calls EC_GROUP_new() and EC_GROUP_set_GFp() | 177 | /* EC_GROUP_cmp() returns 0 if both groups are equal and 1 otherwise */ |
| 178 | int EC_GROUP_cmp(const EC_GROUP *, const EC_GROUP *, BN_CTX *); | ||
| 179 | |||
| 180 | /* EC_GROUP_new_GF*() calls EC_GROUP_new() and EC_GROUP_set_GF*() | ||
| 121 | * after choosing an appropriate EC_METHOD */ | 181 | * after choosing an appropriate EC_METHOD */ |
| 122 | EC_GROUP *EC_GROUP_new_curve_GFp(const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *); | 182 | EC_GROUP *EC_GROUP_new_curve_GFp(const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *); |
| 183 | EC_GROUP *EC_GROUP_new_curve_GF2m(const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *); | ||
| 123 | 184 | ||
| 124 | int EC_GROUP_set_generator(EC_GROUP *, const EC_POINT *generator, const BIGNUM *order, const BIGNUM *cofactor); | 185 | /* EC_GROUP_new_by_curve_name() creates a EC_GROUP structure |
| 125 | EC_POINT *EC_GROUP_get0_generator(const EC_GROUP *); | 186 | * specified by a curve name (in form of a NID) */ |
| 126 | int EC_GROUP_get_order(const EC_GROUP *, BIGNUM *order, BN_CTX *); | 187 | EC_GROUP *EC_GROUP_new_by_curve_name(int nid); |
| 127 | int EC_GROUP_get_cofactor(const EC_GROUP *, BIGNUM *cofactor, BN_CTX *); | 188 | /* handling of internal curves */ |
| 189 | typedef struct { | ||
| 190 | int nid; | ||
| 191 | const char *comment; | ||
| 192 | } EC_builtin_curve; | ||
| 193 | /* EC_builtin_curves(EC_builtin_curve *r, size_t size) returns number | ||
| 194 | * of all available curves or zero if a error occurred. | ||
| 195 | * In case r ist not zero nitems EC_builtin_curve structures | ||
| 196 | * are filled with the data of the first nitems internal groups */ | ||
| 197 | size_t EC_get_builtin_curves(EC_builtin_curve *r, size_t nitems); | ||
| 198 | |||
| 199 | |||
| 200 | /* EC_POINT functions */ | ||
| 128 | 201 | ||
| 129 | EC_POINT *EC_POINT_new(const EC_GROUP *); | 202 | EC_POINT *EC_POINT_new(const EC_GROUP *); |
| 130 | void EC_POINT_free(EC_POINT *); | 203 | void EC_POINT_free(EC_POINT *); |
| 131 | void EC_POINT_clear_free(EC_POINT *); | 204 | void EC_POINT_clear_free(EC_POINT *); |
| 132 | int EC_POINT_copy(EC_POINT *, const EC_POINT *); | 205 | int EC_POINT_copy(EC_POINT *, const EC_POINT *); |
| 206 | EC_POINT *EC_POINT_dup(const EC_POINT *, const EC_GROUP *); | ||
| 133 | 207 | ||
| 134 | const EC_METHOD *EC_POINT_method_of(const EC_POINT *); | 208 | const EC_METHOD *EC_POINT_method_of(const EC_POINT *); |
| 135 | 209 | ||
| @@ -145,11 +219,28 @@ int EC_POINT_get_affine_coordinates_GFp(const EC_GROUP *, const EC_POINT *, | |||
| 145 | int EC_POINT_set_compressed_coordinates_GFp(const EC_GROUP *, EC_POINT *, | 219 | int EC_POINT_set_compressed_coordinates_GFp(const EC_GROUP *, EC_POINT *, |
| 146 | const BIGNUM *x, int y_bit, BN_CTX *); | 220 | const BIGNUM *x, int y_bit, BN_CTX *); |
| 147 | 221 | ||
| 222 | int EC_POINT_set_affine_coordinates_GF2m(const EC_GROUP *, EC_POINT *, | ||
| 223 | const BIGNUM *x, const BIGNUM *y, BN_CTX *); | ||
| 224 | int EC_POINT_get_affine_coordinates_GF2m(const EC_GROUP *, const EC_POINT *, | ||
| 225 | BIGNUM *x, BIGNUM *y, BN_CTX *); | ||
| 226 | int EC_POINT_set_compressed_coordinates_GF2m(const EC_GROUP *, EC_POINT *, | ||
| 227 | const BIGNUM *x, int y_bit, BN_CTX *); | ||
| 228 | |||
| 148 | size_t EC_POINT_point2oct(const EC_GROUP *, const EC_POINT *, point_conversion_form_t form, | 229 | size_t EC_POINT_point2oct(const EC_GROUP *, const EC_POINT *, point_conversion_form_t form, |
| 149 | unsigned char *buf, size_t len, BN_CTX *); | 230 | unsigned char *buf, size_t len, BN_CTX *); |
| 150 | int EC_POINT_oct2point(const EC_GROUP *, EC_POINT *, | 231 | int EC_POINT_oct2point(const EC_GROUP *, EC_POINT *, |
| 151 | const unsigned char *buf, size_t len, BN_CTX *); | 232 | const unsigned char *buf, size_t len, BN_CTX *); |
| 152 | 233 | ||
| 234 | /* other interfaces to point2oct/oct2point: */ | ||
| 235 | BIGNUM *EC_POINT_point2bn(const EC_GROUP *, const EC_POINT *, | ||
| 236 | point_conversion_form_t form, BIGNUM *, BN_CTX *); | ||
| 237 | EC_POINT *EC_POINT_bn2point(const EC_GROUP *, const BIGNUM *, | ||
| 238 | EC_POINT *, BN_CTX *); | ||
| 239 | char *EC_POINT_point2hex(const EC_GROUP *, const EC_POINT *, | ||
| 240 | point_conversion_form_t form, BN_CTX *); | ||
| 241 | EC_POINT *EC_POINT_hex2point(const EC_GROUP *, const char *, | ||
| 242 | EC_POINT *, BN_CTX *); | ||
| 243 | |||
| 153 | int EC_POINT_add(const EC_GROUP *, EC_POINT *r, const EC_POINT *a, const EC_POINT *b, BN_CTX *); | 244 | int EC_POINT_add(const EC_GROUP *, EC_POINT *r, const EC_POINT *a, const EC_POINT *b, BN_CTX *); |
| 154 | int EC_POINT_dbl(const EC_GROUP *, EC_POINT *r, const EC_POINT *a, BN_CTX *); | 245 | int EC_POINT_dbl(const EC_GROUP *, EC_POINT *r, const EC_POINT *a, BN_CTX *); |
| 155 | int EC_POINT_invert(const EC_GROUP *, EC_POINT *, BN_CTX *); | 246 | int EC_POINT_invert(const EC_GROUP *, EC_POINT *, BN_CTX *); |
| @@ -164,9 +255,112 @@ int EC_POINTs_make_affine(const EC_GROUP *, size_t num, EC_POINT *[], BN_CTX *); | |||
| 164 | 255 | ||
| 165 | int EC_POINTs_mul(const EC_GROUP *, EC_POINT *r, const BIGNUM *, size_t num, const EC_POINT *[], const BIGNUM *[], BN_CTX *); | 256 | int EC_POINTs_mul(const EC_GROUP *, EC_POINT *r, const BIGNUM *, size_t num, const EC_POINT *[], const BIGNUM *[], BN_CTX *); |
| 166 | int EC_POINT_mul(const EC_GROUP *, EC_POINT *r, const BIGNUM *, const EC_POINT *, const BIGNUM *, BN_CTX *); | 257 | int EC_POINT_mul(const EC_GROUP *, EC_POINT *r, const BIGNUM *, const EC_POINT *, const BIGNUM *, BN_CTX *); |
| 258 | |||
| 259 | /* EC_GROUP_precompute_mult() stores multiples of generator for faster point multiplication */ | ||
| 167 | int EC_GROUP_precompute_mult(EC_GROUP *, BN_CTX *); | 260 | int EC_GROUP_precompute_mult(EC_GROUP *, BN_CTX *); |
| 261 | /* EC_GROUP_have_precompute_mult() reports whether such precomputation has been done */ | ||
| 262 | int EC_GROUP_have_precompute_mult(const EC_GROUP *); | ||
| 263 | |||
| 264 | |||
| 168 | 265 | ||
| 266 | /* ASN1 stuff */ | ||
| 169 | 267 | ||
| 268 | /* EC_GROUP_get_basis_type() returns the NID of the basis type | ||
| 269 | * used to represent the field elements */ | ||
| 270 | int EC_GROUP_get_basis_type(const EC_GROUP *); | ||
| 271 | int EC_GROUP_get_trinomial_basis(const EC_GROUP *, unsigned int *k); | ||
| 272 | int EC_GROUP_get_pentanomial_basis(const EC_GROUP *, unsigned int *k1, | ||
| 273 | unsigned int *k2, unsigned int *k3); | ||
| 274 | |||
| 275 | #define OPENSSL_EC_NAMED_CURVE 0x001 | ||
| 276 | |||
| 277 | typedef struct ecpk_parameters_st ECPKPARAMETERS; | ||
| 278 | |||
| 279 | EC_GROUP *d2i_ECPKParameters(EC_GROUP **, const unsigned char **in, long len); | ||
| 280 | int i2d_ECPKParameters(const EC_GROUP *, unsigned char **out); | ||
| 281 | |||
| 282 | #define d2i_ECPKParameters_bio(bp,x) ASN1_d2i_bio_of(EC_GROUP,NULL,d2i_ECPKParameters,bp,x) | ||
| 283 | #define i2d_ECPKParameters_bio(bp,x) ASN1_i2d_bio_of_const(EC_GROUP,i2d_ECPKParameters,bp,x) | ||
| 284 | #define d2i_ECPKParameters_fp(fp,x) (EC_GROUP *)ASN1_d2i_fp(NULL, \ | ||
| 285 | (char *(*)())d2i_ECPKParameters,(fp),(unsigned char **)(x)) | ||
| 286 | #define i2d_ECPKParameters_fp(fp,x) ASN1_i2d_fp(i2d_ECPKParameters,(fp), \ | ||
| 287 | (unsigned char *)(x)) | ||
| 288 | |||
| 289 | #ifndef OPENSSL_NO_BIO | ||
| 290 | int ECPKParameters_print(BIO *bp, const EC_GROUP *x, int off); | ||
| 291 | #endif | ||
| 292 | #ifndef OPENSSL_NO_FP_API | ||
| 293 | int ECPKParameters_print_fp(FILE *fp, const EC_GROUP *x, int off); | ||
| 294 | #endif | ||
| 295 | |||
| 296 | /* the EC_KEY stuff */ | ||
| 297 | typedef struct ec_key_st EC_KEY; | ||
| 298 | |||
| 299 | /* some values for the encoding_flag */ | ||
| 300 | #define EC_PKEY_NO_PARAMETERS 0x001 | ||
| 301 | #define EC_PKEY_NO_PUBKEY 0x002 | ||
| 302 | |||
| 303 | EC_KEY *EC_KEY_new(void); | ||
| 304 | EC_KEY *EC_KEY_new_by_curve_name(int nid); | ||
| 305 | void EC_KEY_free(EC_KEY *); | ||
| 306 | EC_KEY *EC_KEY_copy(EC_KEY *, const EC_KEY *); | ||
| 307 | EC_KEY *EC_KEY_dup(const EC_KEY *); | ||
| 308 | |||
| 309 | int EC_KEY_up_ref(EC_KEY *); | ||
| 310 | |||
| 311 | const EC_GROUP *EC_KEY_get0_group(const EC_KEY *); | ||
| 312 | int EC_KEY_set_group(EC_KEY *, const EC_GROUP *); | ||
| 313 | const BIGNUM *EC_KEY_get0_private_key(const EC_KEY *); | ||
| 314 | int EC_KEY_set_private_key(EC_KEY *, const BIGNUM *); | ||
| 315 | const EC_POINT *EC_KEY_get0_public_key(const EC_KEY *); | ||
| 316 | int EC_KEY_set_public_key(EC_KEY *, const EC_POINT *); | ||
| 317 | unsigned EC_KEY_get_enc_flags(const EC_KEY *); | ||
| 318 | void EC_KEY_set_enc_flags(EC_KEY *, unsigned int); | ||
| 319 | point_conversion_form_t EC_KEY_get_conv_form(const EC_KEY *); | ||
| 320 | void EC_KEY_set_conv_form(EC_KEY *, point_conversion_form_t); | ||
| 321 | /* functions to set/get method specific data */ | ||
| 322 | void *EC_KEY_get_key_method_data(EC_KEY *, | ||
| 323 | void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *)); | ||
| 324 | void EC_KEY_insert_key_method_data(EC_KEY *, void *data, | ||
| 325 | void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *)); | ||
| 326 | /* wrapper functions for the underlying EC_GROUP object */ | ||
| 327 | void EC_KEY_set_asn1_flag(EC_KEY *, int); | ||
| 328 | int EC_KEY_precompute_mult(EC_KEY *, BN_CTX *ctx); | ||
| 329 | |||
| 330 | /* EC_KEY_generate_key() creates a ec private (public) key */ | ||
| 331 | int EC_KEY_generate_key(EC_KEY *); | ||
| 332 | /* EC_KEY_check_key() */ | ||
| 333 | int EC_KEY_check_key(const EC_KEY *); | ||
| 334 | |||
| 335 | /* de- and encoding functions for SEC1 ECPrivateKey */ | ||
| 336 | EC_KEY *d2i_ECPrivateKey(EC_KEY **a, const unsigned char **in, long len); | ||
| 337 | int i2d_ECPrivateKey(EC_KEY *a, unsigned char **out); | ||
| 338 | /* de- and encoding functions for EC parameters */ | ||
| 339 | EC_KEY *d2i_ECParameters(EC_KEY **a, const unsigned char **in, long len); | ||
| 340 | int i2d_ECParameters(EC_KEY *a, unsigned char **out); | ||
| 341 | /* de- and encoding functions for EC public key | ||
| 342 | * (octet string, not DER -- hence 'o2i' and 'i2o') */ | ||
| 343 | EC_KEY *o2i_ECPublicKey(EC_KEY **a, const unsigned char **in, long len); | ||
| 344 | int i2o_ECPublicKey(EC_KEY *a, unsigned char **out); | ||
| 345 | |||
| 346 | #ifndef OPENSSL_NO_BIO | ||
| 347 | int ECParameters_print(BIO *bp, const EC_KEY *x); | ||
| 348 | int EC_KEY_print(BIO *bp, const EC_KEY *x, int off); | ||
| 349 | #endif | ||
| 350 | #ifndef OPENSSL_NO_FP_API | ||
| 351 | int ECParameters_print_fp(FILE *fp, const EC_KEY *x); | ||
| 352 | int EC_KEY_print_fp(FILE *fp, const EC_KEY *x, int off); | ||
| 353 | #endif | ||
| 354 | |||
| 355 | #define ECParameters_dup(x) ASN1_dup_of(EC_KEY,i2d_ECParameters,d2i_ECParameters,x) | ||
| 356 | |||
| 357 | #ifndef __cplusplus | ||
| 358 | #if defined(__SUNPRO_C) | ||
| 359 | # if __SUNPRO_C >= 0x520 | ||
| 360 | # pragma error_messages (default,E_ARRAY_OF_INCOMPLETE_NONAME,E_ARRAY_OF_INCOMPLETE) | ||
| 361 | # endif | ||
| 362 | # endif | ||
| 363 | #endif | ||
| 170 | 364 | ||
| 171 | /* BEGIN ERROR CODES */ | 365 | /* BEGIN ERROR CODES */ |
| 172 | /* The following lines are auto generated by the script mkerr.pl. Any changes | 366 | /* The following lines are auto generated by the script mkerr.pl. Any changes |
| @@ -178,51 +372,124 @@ void ERR_load_EC_strings(void); | |||
| 178 | 372 | ||
| 179 | /* Function codes. */ | 373 | /* Function codes. */ |
| 180 | #define EC_F_COMPUTE_WNAF 143 | 374 | #define EC_F_COMPUTE_WNAF 143 |
| 375 | #define EC_F_D2I_ECPARAMETERS 144 | ||
| 376 | #define EC_F_D2I_ECPKPARAMETERS 145 | ||
| 377 | #define EC_F_D2I_ECPRIVATEKEY 146 | ||
| 378 | #define EC_F_ECPARAMETERS_PRINT 147 | ||
| 379 | #define EC_F_ECPARAMETERS_PRINT_FP 148 | ||
| 380 | #define EC_F_ECPKPARAMETERS_PRINT 149 | ||
| 381 | #define EC_F_ECPKPARAMETERS_PRINT_FP 150 | ||
| 382 | #define EC_F_ECP_NIST_MOD_192 203 | ||
| 383 | #define EC_F_ECP_NIST_MOD_224 204 | ||
| 384 | #define EC_F_ECP_NIST_MOD_256 205 | ||
| 385 | #define EC_F_ECP_NIST_MOD_521 206 | ||
| 386 | #define EC_F_EC_ASN1_GROUP2CURVE 153 | ||
| 387 | #define EC_F_EC_ASN1_GROUP2FIELDID 154 | ||
| 388 | #define EC_F_EC_ASN1_GROUP2PARAMETERS 155 | ||
| 389 | #define EC_F_EC_ASN1_GROUP2PKPARAMETERS 156 | ||
| 390 | #define EC_F_EC_ASN1_PARAMETERS2GROUP 157 | ||
| 391 | #define EC_F_EC_ASN1_PKPARAMETERS2GROUP 158 | ||
| 392 | #define EC_F_EC_EX_DATA_SET_DATA 211 | ||
| 393 | #define EC_F_EC_GF2M_MONTGOMERY_POINT_MULTIPLY 208 | ||
| 394 | #define EC_F_EC_GF2M_SIMPLE_GROUP_CHECK_DISCRIMINANT 159 | ||
| 395 | #define EC_F_EC_GF2M_SIMPLE_GROUP_SET_CURVE 195 | ||
| 396 | #define EC_F_EC_GF2M_SIMPLE_OCT2POINT 160 | ||
| 397 | #define EC_F_EC_GF2M_SIMPLE_POINT2OCT 161 | ||
| 398 | #define EC_F_EC_GF2M_SIMPLE_POINT_GET_AFFINE_COORDINATES 162 | ||
| 399 | #define EC_F_EC_GF2M_SIMPLE_POINT_SET_AFFINE_COORDINATES 163 | ||
| 400 | #define EC_F_EC_GF2M_SIMPLE_SET_COMPRESSED_COORDINATES 164 | ||
| 181 | #define EC_F_EC_GFP_MONT_FIELD_DECODE 133 | 401 | #define EC_F_EC_GFP_MONT_FIELD_DECODE 133 |
| 182 | #define EC_F_EC_GFP_MONT_FIELD_ENCODE 134 | 402 | #define EC_F_EC_GFP_MONT_FIELD_ENCODE 134 |
| 183 | #define EC_F_EC_GFP_MONT_FIELD_MUL 131 | 403 | #define EC_F_EC_GFP_MONT_FIELD_MUL 131 |
| 404 | #define EC_F_EC_GFP_MONT_FIELD_SET_TO_ONE 209 | ||
| 184 | #define EC_F_EC_GFP_MONT_FIELD_SQR 132 | 405 | #define EC_F_EC_GFP_MONT_FIELD_SQR 132 |
| 406 | #define EC_F_EC_GFP_MONT_GROUP_SET_CURVE 189 | ||
| 407 | #define EC_F_EC_GFP_MONT_GROUP_SET_CURVE_GFP 135 | ||
| 408 | #define EC_F_EC_GFP_NIST_FIELD_MUL 200 | ||
| 409 | #define EC_F_EC_GFP_NIST_FIELD_SQR 201 | ||
| 410 | #define EC_F_EC_GFP_NIST_GROUP_SET_CURVE 202 | ||
| 411 | #define EC_F_EC_GFP_SIMPLE_GROUP_CHECK_DISCRIMINANT 165 | ||
| 412 | #define EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE 166 | ||
| 185 | #define EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE_GFP 100 | 413 | #define EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE_GFP 100 |
| 186 | #define EC_F_EC_GFP_SIMPLE_GROUP_SET_GENERATOR 101 | 414 | #define EC_F_EC_GFP_SIMPLE_GROUP_SET_GENERATOR 101 |
| 187 | #define EC_F_EC_GFP_SIMPLE_MAKE_AFFINE 102 | 415 | #define EC_F_EC_GFP_SIMPLE_MAKE_AFFINE 102 |
| 188 | #define EC_F_EC_GFP_SIMPLE_OCT2POINT 103 | 416 | #define EC_F_EC_GFP_SIMPLE_OCT2POINT 103 |
| 189 | #define EC_F_EC_GFP_SIMPLE_POINT2OCT 104 | 417 | #define EC_F_EC_GFP_SIMPLE_POINT2OCT 104 |
| 190 | #define EC_F_EC_GFP_SIMPLE_POINTS_MAKE_AFFINE 137 | 418 | #define EC_F_EC_GFP_SIMPLE_POINTS_MAKE_AFFINE 137 |
| 419 | #define EC_F_EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES 167 | ||
| 191 | #define EC_F_EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES_GFP 105 | 420 | #define EC_F_EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES_GFP 105 |
| 421 | #define EC_F_EC_GFP_SIMPLE_POINT_SET_AFFINE_COORDINATES 168 | ||
| 192 | #define EC_F_EC_GFP_SIMPLE_POINT_SET_AFFINE_COORDINATES_GFP 128 | 422 | #define EC_F_EC_GFP_SIMPLE_POINT_SET_AFFINE_COORDINATES_GFP 128 |
| 423 | #define EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES 169 | ||
| 193 | #define EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES_GFP 129 | 424 | #define EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES_GFP 129 |
| 425 | #define EC_F_EC_GROUP_CHECK 170 | ||
| 426 | #define EC_F_EC_GROUP_CHECK_DISCRIMINANT 171 | ||
| 194 | #define EC_F_EC_GROUP_COPY 106 | 427 | #define EC_F_EC_GROUP_COPY 106 |
| 195 | #define EC_F_EC_GROUP_GET0_GENERATOR 139 | 428 | #define EC_F_EC_GROUP_GET0_GENERATOR 139 |
| 196 | #define EC_F_EC_GROUP_GET_COFACTOR 140 | 429 | #define EC_F_EC_GROUP_GET_COFACTOR 140 |
| 430 | #define EC_F_EC_GROUP_GET_CURVE_GF2M 172 | ||
| 197 | #define EC_F_EC_GROUP_GET_CURVE_GFP 130 | 431 | #define EC_F_EC_GROUP_GET_CURVE_GFP 130 |
| 432 | #define EC_F_EC_GROUP_GET_DEGREE 173 | ||
| 198 | #define EC_F_EC_GROUP_GET_ORDER 141 | 433 | #define EC_F_EC_GROUP_GET_ORDER 141 |
| 434 | #define EC_F_EC_GROUP_GET_PENTANOMIAL_BASIS 193 | ||
| 435 | #define EC_F_EC_GROUP_GET_TRINOMIAL_BASIS 194 | ||
| 199 | #define EC_F_EC_GROUP_NEW 108 | 436 | #define EC_F_EC_GROUP_NEW 108 |
| 437 | #define EC_F_EC_GROUP_NEW_BY_CURVE_NAME 174 | ||
| 438 | #define EC_F_EC_GROUP_NEW_FROM_DATA 175 | ||
| 200 | #define EC_F_EC_GROUP_PRECOMPUTE_MULT 142 | 439 | #define EC_F_EC_GROUP_PRECOMPUTE_MULT 142 |
| 440 | #define EC_F_EC_GROUP_SET_CURVE_GF2M 176 | ||
| 201 | #define EC_F_EC_GROUP_SET_CURVE_GFP 109 | 441 | #define EC_F_EC_GROUP_SET_CURVE_GFP 109 |
| 202 | #define EC_F_EC_GROUP_SET_EXTRA_DATA 110 | 442 | #define EC_F_EC_GROUP_SET_EXTRA_DATA 110 |
| 203 | #define EC_F_EC_GROUP_SET_GENERATOR 111 | 443 | #define EC_F_EC_GROUP_SET_GENERATOR 111 |
| 444 | #define EC_F_EC_KEY_CHECK_KEY 177 | ||
| 445 | #define EC_F_EC_KEY_COPY 178 | ||
| 446 | #define EC_F_EC_KEY_GENERATE_KEY 179 | ||
| 447 | #define EC_F_EC_KEY_NEW 182 | ||
| 448 | #define EC_F_EC_KEY_PRINT 180 | ||
| 449 | #define EC_F_EC_KEY_PRINT_FP 181 | ||
| 204 | #define EC_F_EC_POINTS_MAKE_AFFINE 136 | 450 | #define EC_F_EC_POINTS_MAKE_AFFINE 136 |
| 205 | #define EC_F_EC_POINTS_MUL 138 | 451 | #define EC_F_EC_POINTS_MUL 138 |
| 206 | #define EC_F_EC_POINT_ADD 112 | 452 | #define EC_F_EC_POINT_ADD 112 |
| 207 | #define EC_F_EC_POINT_CMP 113 | 453 | #define EC_F_EC_POINT_CMP 113 |
| 208 | #define EC_F_EC_POINT_COPY 114 | 454 | #define EC_F_EC_POINT_COPY 114 |
| 209 | #define EC_F_EC_POINT_DBL 115 | 455 | #define EC_F_EC_POINT_DBL 115 |
| 456 | #define EC_F_EC_POINT_GET_AFFINE_COORDINATES_GF2M 183 | ||
| 210 | #define EC_F_EC_POINT_GET_AFFINE_COORDINATES_GFP 116 | 457 | #define EC_F_EC_POINT_GET_AFFINE_COORDINATES_GFP 116 |
| 211 | #define EC_F_EC_POINT_GET_JPROJECTIVE_COORDINATES_GFP 117 | 458 | #define EC_F_EC_POINT_GET_JPROJECTIVE_COORDINATES_GFP 117 |
| 459 | #define EC_F_EC_POINT_INVERT 210 | ||
| 212 | #define EC_F_EC_POINT_IS_AT_INFINITY 118 | 460 | #define EC_F_EC_POINT_IS_AT_INFINITY 118 |
| 213 | #define EC_F_EC_POINT_IS_ON_CURVE 119 | 461 | #define EC_F_EC_POINT_IS_ON_CURVE 119 |
| 214 | #define EC_F_EC_POINT_MAKE_AFFINE 120 | 462 | #define EC_F_EC_POINT_MAKE_AFFINE 120 |
| 463 | #define EC_F_EC_POINT_MUL 184 | ||
| 215 | #define EC_F_EC_POINT_NEW 121 | 464 | #define EC_F_EC_POINT_NEW 121 |
| 216 | #define EC_F_EC_POINT_OCT2POINT 122 | 465 | #define EC_F_EC_POINT_OCT2POINT 122 |
| 217 | #define EC_F_EC_POINT_POINT2OCT 123 | 466 | #define EC_F_EC_POINT_POINT2OCT 123 |
| 467 | #define EC_F_EC_POINT_SET_AFFINE_COORDINATES_GF2M 185 | ||
| 218 | #define EC_F_EC_POINT_SET_AFFINE_COORDINATES_GFP 124 | 468 | #define EC_F_EC_POINT_SET_AFFINE_COORDINATES_GFP 124 |
| 469 | #define EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GF2M 186 | ||
| 219 | #define EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GFP 125 | 470 | #define EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GFP 125 |
| 220 | #define EC_F_EC_POINT_SET_JPROJECTIVE_COORDINATES_GFP 126 | 471 | #define EC_F_EC_POINT_SET_JPROJECTIVE_COORDINATES_GFP 126 |
| 221 | #define EC_F_EC_POINT_SET_TO_INFINITY 127 | 472 | #define EC_F_EC_POINT_SET_TO_INFINITY 127 |
| 222 | #define EC_F_GFP_MONT_GROUP_SET_CURVE_GFP 135 | 473 | #define EC_F_EC_PRE_COMP_DUP 207 |
| 474 | #define EC_F_EC_PRE_COMP_NEW 196 | ||
| 475 | #define EC_F_EC_WNAF_MUL 187 | ||
| 476 | #define EC_F_EC_WNAF_PRECOMPUTE_MULT 188 | ||
| 477 | #define EC_F_I2D_ECPARAMETERS 190 | ||
| 478 | #define EC_F_I2D_ECPKPARAMETERS 191 | ||
| 479 | #define EC_F_I2D_ECPRIVATEKEY 192 | ||
| 480 | #define EC_F_I2O_ECPUBLICKEY 151 | ||
| 481 | #define EC_F_O2I_ECPUBLICKEY 152 | ||
| 223 | 482 | ||
| 224 | /* Reason codes. */ | 483 | /* Reason codes. */ |
| 484 | #define EC_R_ASN1_ERROR 115 | ||
| 485 | #define EC_R_ASN1_UNKNOWN_FIELD 116 | ||
| 225 | #define EC_R_BUFFER_TOO_SMALL 100 | 486 | #define EC_R_BUFFER_TOO_SMALL 100 |
| 487 | #define EC_R_D2I_ECPKPARAMETERS_FAILURE 117 | ||
| 488 | #define EC_R_DISCRIMINANT_IS_ZERO 118 | ||
| 489 | #define EC_R_EC_GROUP_NEW_BY_NAME_FAILURE 119 | ||
| 490 | #define EC_R_FIELD_TOO_LARGE 138 | ||
| 491 | #define EC_R_GROUP2PKPARAMETERS_FAILURE 120 | ||
| 492 | #define EC_R_I2D_ECPKPARAMETERS_FAILURE 121 | ||
| 226 | #define EC_R_INCOMPATIBLE_OBJECTS 101 | 493 | #define EC_R_INCOMPATIBLE_OBJECTS 101 |
| 227 | #define EC_R_INVALID_ARGUMENT 112 | 494 | #define EC_R_INVALID_ARGUMENT 112 |
| 228 | #define EC_R_INVALID_COMPRESSED_POINT 110 | 495 | #define EC_R_INVALID_COMPRESSED_POINT 110 |
| @@ -230,12 +497,28 @@ void ERR_load_EC_strings(void); | |||
| 230 | #define EC_R_INVALID_ENCODING 102 | 497 | #define EC_R_INVALID_ENCODING 102 |
| 231 | #define EC_R_INVALID_FIELD 103 | 498 | #define EC_R_INVALID_FIELD 103 |
| 232 | #define EC_R_INVALID_FORM 104 | 499 | #define EC_R_INVALID_FORM 104 |
| 500 | #define EC_R_INVALID_GROUP_ORDER 122 | ||
| 501 | #define EC_R_INVALID_PENTANOMIAL_BASIS 132 | ||
| 502 | #define EC_R_INVALID_PRIVATE_KEY 123 | ||
| 503 | #define EC_R_INVALID_TRINOMIAL_BASIS 137 | ||
| 504 | #define EC_R_MISSING_PARAMETERS 124 | ||
| 505 | #define EC_R_MISSING_PRIVATE_KEY 125 | ||
| 506 | #define EC_R_NOT_A_NIST_PRIME 135 | ||
| 507 | #define EC_R_NOT_A_SUPPORTED_NIST_PRIME 136 | ||
| 508 | #define EC_R_NOT_IMPLEMENTED 126 | ||
| 233 | #define EC_R_NOT_INITIALIZED 111 | 509 | #define EC_R_NOT_INITIALIZED 111 |
| 510 | #define EC_R_NO_FIELD_MOD 133 | ||
| 511 | #define EC_R_PASSED_NULL_PARAMETER 134 | ||
| 512 | #define EC_R_PKPARAMETERS2GROUP_FAILURE 127 | ||
| 234 | #define EC_R_POINT_AT_INFINITY 106 | 513 | #define EC_R_POINT_AT_INFINITY 106 |
| 235 | #define EC_R_POINT_IS_NOT_ON_CURVE 107 | 514 | #define EC_R_POINT_IS_NOT_ON_CURVE 107 |
| 236 | #define EC_R_SLOT_FULL 108 | 515 | #define EC_R_SLOT_FULL 108 |
| 237 | #define EC_R_UNDEFINED_GENERATOR 113 | 516 | #define EC_R_UNDEFINED_GENERATOR 113 |
| 517 | #define EC_R_UNDEFINED_ORDER 128 | ||
| 518 | #define EC_R_UNKNOWN_GROUP 129 | ||
| 238 | #define EC_R_UNKNOWN_ORDER 114 | 519 | #define EC_R_UNKNOWN_ORDER 114 |
| 520 | #define EC_R_UNSUPPORTED_FIELD 131 | ||
| 521 | #define EC_R_WRONG_ORDER 130 | ||
| 239 | 522 | ||
| 240 | #ifdef __cplusplus | 523 | #ifdef __cplusplus |
| 241 | } | 524 | } |
diff --git a/src/lib/libssl/src/crypto/ec/ec_cvt.c b/src/lib/libssl/src/crypto/ec/ec_cvt.c index 45b0ec33a0..d45640bab9 100644 --- a/src/lib/libssl/src/crypto/ec/ec_cvt.c +++ b/src/lib/libssl/src/crypto/ec/ec_cvt.c | |||
| @@ -1,6 +1,9 @@ | |||
| 1 | /* crypto/ec/ec_cvt.c */ | 1 | /* crypto/ec/ec_cvt.c */ |
| 2 | /* | ||
| 3 | * Originally written by Bodo Moeller for the OpenSSL project. | ||
| 4 | */ | ||
| 2 | /* ==================================================================== | 5 | /* ==================================================================== |
| 3 | * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. | 6 | * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. |
| 4 | * | 7 | * |
| 5 | * Redistribution and use in source and binary forms, with or without | 8 | * Redistribution and use in source and binary forms, with or without |
| 6 | * modification, are permitted provided that the following conditions | 9 | * modification, are permitted provided that the following conditions |
| @@ -52,7 +55,21 @@ | |||
| 52 | * Hudson (tjh@cryptsoft.com). | 55 | * Hudson (tjh@cryptsoft.com). |
| 53 | * | 56 | * |
| 54 | */ | 57 | */ |
| 58 | /* ==================================================================== | ||
| 59 | * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. | ||
| 60 | * | ||
| 61 | * Portions of the attached software ("Contribution") are developed by | ||
| 62 | * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project. | ||
| 63 | * | ||
| 64 | * The Contribution is licensed pursuant to the OpenSSL open source | ||
| 65 | * license provided above. | ||
| 66 | * | ||
| 67 | * The elliptic curve binary polynomial software is originally written by | ||
| 68 | * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories. | ||
| 69 | * | ||
| 70 | */ | ||
| 55 | 71 | ||
| 72 | #include <openssl/err.h> | ||
| 56 | #include "ec_lcl.h" | 73 | #include "ec_lcl.h" |
| 57 | 74 | ||
| 58 | 75 | ||
| @@ -60,11 +77,8 @@ EC_GROUP *EC_GROUP_new_curve_GFp(const BIGNUM *p, const BIGNUM *a, const BIGNUM | |||
| 60 | { | 77 | { |
| 61 | const EC_METHOD *meth; | 78 | const EC_METHOD *meth; |
| 62 | EC_GROUP *ret; | 79 | EC_GROUP *ret; |
| 63 | 80 | ||
| 64 | /* Finally, this will use EC_GFp_nist_method if 'p' is a special | 81 | meth = EC_GFp_nist_method(); |
| 65 | * prime with optimized modular arithmetics (for NIST curves) | ||
| 66 | */ | ||
| 67 | meth = EC_GFp_mont_method(); | ||
| 68 | 82 | ||
| 69 | ret = EC_GROUP_new(meth); | 83 | ret = EC_GROUP_new(meth); |
| 70 | if (ret == NULL) | 84 | if (ret == NULL) |
| @@ -72,6 +86,56 @@ EC_GROUP *EC_GROUP_new_curve_GFp(const BIGNUM *p, const BIGNUM *a, const BIGNUM | |||
| 72 | 86 | ||
| 73 | if (!EC_GROUP_set_curve_GFp(ret, p, a, b, ctx)) | 87 | if (!EC_GROUP_set_curve_GFp(ret, p, a, b, ctx)) |
| 74 | { | 88 | { |
| 89 | unsigned long err; | ||
| 90 | |||
| 91 | err = ERR_peek_last_error(); | ||
| 92 | |||
| 93 | if (!(ERR_GET_LIB(err) == ERR_LIB_EC && | ||
| 94 | ((ERR_GET_REASON(err) == EC_R_NOT_A_NIST_PRIME) || | ||
| 95 | (ERR_GET_REASON(err) == EC_R_NOT_A_SUPPORTED_NIST_PRIME)))) | ||
| 96 | { | ||
| 97 | /* real error */ | ||
| 98 | |||
| 99 | EC_GROUP_clear_free(ret); | ||
| 100 | return NULL; | ||
| 101 | } | ||
| 102 | |||
| 103 | |||
| 104 | /* not an actual error, we just cannot use EC_GFp_nist_method */ | ||
| 105 | |||
| 106 | ERR_clear_error(); | ||
| 107 | |||
| 108 | EC_GROUP_clear_free(ret); | ||
| 109 | meth = EC_GFp_mont_method(); | ||
| 110 | |||
| 111 | ret = EC_GROUP_new(meth); | ||
| 112 | if (ret == NULL) | ||
| 113 | return NULL; | ||
| 114 | |||
| 115 | if (!EC_GROUP_set_curve_GFp(ret, p, a, b, ctx)) | ||
| 116 | { | ||
| 117 | EC_GROUP_clear_free(ret); | ||
| 118 | return NULL; | ||
| 119 | } | ||
| 120 | } | ||
| 121 | |||
| 122 | return ret; | ||
| 123 | } | ||
| 124 | |||
| 125 | |||
| 126 | EC_GROUP *EC_GROUP_new_curve_GF2m(const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) | ||
| 127 | { | ||
| 128 | const EC_METHOD *meth; | ||
| 129 | EC_GROUP *ret; | ||
| 130 | |||
| 131 | meth = EC_GF2m_simple_method(); | ||
| 132 | |||
| 133 | ret = EC_GROUP_new(meth); | ||
| 134 | if (ret == NULL) | ||
| 135 | return NULL; | ||
| 136 | |||
| 137 | if (!EC_GROUP_set_curve_GF2m(ret, p, a, b, ctx)) | ||
| 138 | { | ||
| 75 | EC_GROUP_clear_free(ret); | 139 | EC_GROUP_clear_free(ret); |
| 76 | return NULL; | 140 | return NULL; |
| 77 | } | 141 | } |
diff --git a/src/lib/libssl/src/crypto/ec/ec_err.c b/src/lib/libssl/src/crypto/ec/ec_err.c index 5b70f94382..d04c895560 100644 --- a/src/lib/libssl/src/crypto/ec/ec_err.c +++ b/src/lib/libssl/src/crypto/ec/ec_err.c | |||
| @@ -1,6 +1,6 @@ | |||
| 1 | /* crypto/ec/ec_err.c */ | 1 | /* crypto/ec/ec_err.c */ |
| 2 | /* ==================================================================== | 2 | /* ==================================================================== |
| 3 | * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved. | 3 | * Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved. |
| 4 | * | 4 | * |
| 5 | * Redistribution and use in source and binary forms, with or without | 5 | * Redistribution and use in source and binary forms, with or without |
| 6 | * modification, are permitted provided that the following conditions | 6 | * modification, are permitted provided that the following conditions |
| @@ -71,54 +71,127 @@ | |||
| 71 | static ERR_STRING_DATA EC_str_functs[]= | 71 | static ERR_STRING_DATA EC_str_functs[]= |
| 72 | { | 72 | { |
| 73 | {ERR_FUNC(EC_F_COMPUTE_WNAF), "COMPUTE_WNAF"}, | 73 | {ERR_FUNC(EC_F_COMPUTE_WNAF), "COMPUTE_WNAF"}, |
| 74 | {ERR_FUNC(EC_F_D2I_ECPARAMETERS), "d2i_ECParameters"}, | ||
| 75 | {ERR_FUNC(EC_F_D2I_ECPKPARAMETERS), "d2i_ECPKParameters"}, | ||
| 76 | {ERR_FUNC(EC_F_D2I_ECPRIVATEKEY), "d2i_ECPrivateKey"}, | ||
| 77 | {ERR_FUNC(EC_F_ECPARAMETERS_PRINT), "ECParameters_print"}, | ||
| 78 | {ERR_FUNC(EC_F_ECPARAMETERS_PRINT_FP), "ECParameters_print_fp"}, | ||
| 79 | {ERR_FUNC(EC_F_ECPKPARAMETERS_PRINT), "ECPKParameters_print"}, | ||
| 80 | {ERR_FUNC(EC_F_ECPKPARAMETERS_PRINT_FP), "ECPKParameters_print_fp"}, | ||
| 81 | {ERR_FUNC(EC_F_ECP_NIST_MOD_192), "ECP_NIST_MOD_192"}, | ||
| 82 | {ERR_FUNC(EC_F_ECP_NIST_MOD_224), "ECP_NIST_MOD_224"}, | ||
| 83 | {ERR_FUNC(EC_F_ECP_NIST_MOD_256), "ECP_NIST_MOD_256"}, | ||
| 84 | {ERR_FUNC(EC_F_ECP_NIST_MOD_521), "ECP_NIST_MOD_521"}, | ||
| 85 | {ERR_FUNC(EC_F_EC_ASN1_GROUP2CURVE), "EC_ASN1_GROUP2CURVE"}, | ||
| 86 | {ERR_FUNC(EC_F_EC_ASN1_GROUP2FIELDID), "EC_ASN1_GROUP2FIELDID"}, | ||
| 87 | {ERR_FUNC(EC_F_EC_ASN1_GROUP2PARAMETERS), "EC_ASN1_GROUP2PARAMETERS"}, | ||
| 88 | {ERR_FUNC(EC_F_EC_ASN1_GROUP2PKPARAMETERS), "EC_ASN1_GROUP2PKPARAMETERS"}, | ||
| 89 | {ERR_FUNC(EC_F_EC_ASN1_PARAMETERS2GROUP), "EC_ASN1_PARAMETERS2GROUP"}, | ||
| 90 | {ERR_FUNC(EC_F_EC_ASN1_PKPARAMETERS2GROUP), "EC_ASN1_PKPARAMETERS2GROUP"}, | ||
| 91 | {ERR_FUNC(EC_F_EC_EX_DATA_SET_DATA), "EC_EX_DATA_set_data"}, | ||
| 92 | {ERR_FUNC(EC_F_EC_GF2M_MONTGOMERY_POINT_MULTIPLY), "EC_GF2M_MONTGOMERY_POINT_MULTIPLY"}, | ||
| 93 | {ERR_FUNC(EC_F_EC_GF2M_SIMPLE_GROUP_CHECK_DISCRIMINANT), "ec_GF2m_simple_group_check_discriminant"}, | ||
| 94 | {ERR_FUNC(EC_F_EC_GF2M_SIMPLE_GROUP_SET_CURVE), "ec_GF2m_simple_group_set_curve"}, | ||
| 95 | {ERR_FUNC(EC_F_EC_GF2M_SIMPLE_OCT2POINT), "ec_GF2m_simple_oct2point"}, | ||
| 96 | {ERR_FUNC(EC_F_EC_GF2M_SIMPLE_POINT2OCT), "ec_GF2m_simple_point2oct"}, | ||
| 97 | {ERR_FUNC(EC_F_EC_GF2M_SIMPLE_POINT_GET_AFFINE_COORDINATES), "ec_GF2m_simple_point_get_affine_coordinates"}, | ||
| 98 | {ERR_FUNC(EC_F_EC_GF2M_SIMPLE_POINT_SET_AFFINE_COORDINATES), "ec_GF2m_simple_point_set_affine_coordinates"}, | ||
| 99 | {ERR_FUNC(EC_F_EC_GF2M_SIMPLE_SET_COMPRESSED_COORDINATES), "ec_GF2m_simple_set_compressed_coordinates"}, | ||
| 74 | {ERR_FUNC(EC_F_EC_GFP_MONT_FIELD_DECODE), "ec_GFp_mont_field_decode"}, | 100 | {ERR_FUNC(EC_F_EC_GFP_MONT_FIELD_DECODE), "ec_GFp_mont_field_decode"}, |
| 75 | {ERR_FUNC(EC_F_EC_GFP_MONT_FIELD_ENCODE), "ec_GFp_mont_field_encode"}, | 101 | {ERR_FUNC(EC_F_EC_GFP_MONT_FIELD_ENCODE), "ec_GFp_mont_field_encode"}, |
| 76 | {ERR_FUNC(EC_F_EC_GFP_MONT_FIELD_MUL), "ec_GFp_mont_field_mul"}, | 102 | {ERR_FUNC(EC_F_EC_GFP_MONT_FIELD_MUL), "ec_GFp_mont_field_mul"}, |
| 103 | {ERR_FUNC(EC_F_EC_GFP_MONT_FIELD_SET_TO_ONE), "ec_GFp_mont_field_set_to_one"}, | ||
| 77 | {ERR_FUNC(EC_F_EC_GFP_MONT_FIELD_SQR), "ec_GFp_mont_field_sqr"}, | 104 | {ERR_FUNC(EC_F_EC_GFP_MONT_FIELD_SQR), "ec_GFp_mont_field_sqr"}, |
| 78 | {ERR_FUNC(EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE_GFP), "ec_GFp_simple_group_set_curve_GFp"}, | 105 | {ERR_FUNC(EC_F_EC_GFP_MONT_GROUP_SET_CURVE), "ec_GFp_mont_group_set_curve"}, |
| 79 | {ERR_FUNC(EC_F_EC_GFP_SIMPLE_GROUP_SET_GENERATOR), "ec_GFp_simple_group_set_generator"}, | 106 | {ERR_FUNC(EC_F_EC_GFP_MONT_GROUP_SET_CURVE_GFP), "EC_GFP_MONT_GROUP_SET_CURVE_GFP"}, |
| 107 | {ERR_FUNC(EC_F_EC_GFP_NIST_FIELD_MUL), "ec_GFp_nist_field_mul"}, | ||
| 108 | {ERR_FUNC(EC_F_EC_GFP_NIST_FIELD_SQR), "ec_GFp_nist_field_sqr"}, | ||
| 109 | {ERR_FUNC(EC_F_EC_GFP_NIST_GROUP_SET_CURVE), "ec_GFp_nist_group_set_curve"}, | ||
| 110 | {ERR_FUNC(EC_F_EC_GFP_SIMPLE_GROUP_CHECK_DISCRIMINANT), "ec_GFp_simple_group_check_discriminant"}, | ||
| 111 | {ERR_FUNC(EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE), "ec_GFp_simple_group_set_curve"}, | ||
| 112 | {ERR_FUNC(EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE_GFP), "EC_GFP_SIMPLE_GROUP_SET_CURVE_GFP"}, | ||
| 113 | {ERR_FUNC(EC_F_EC_GFP_SIMPLE_GROUP_SET_GENERATOR), "EC_GFP_SIMPLE_GROUP_SET_GENERATOR"}, | ||
| 80 | {ERR_FUNC(EC_F_EC_GFP_SIMPLE_MAKE_AFFINE), "ec_GFp_simple_make_affine"}, | 114 | {ERR_FUNC(EC_F_EC_GFP_SIMPLE_MAKE_AFFINE), "ec_GFp_simple_make_affine"}, |
| 81 | {ERR_FUNC(EC_F_EC_GFP_SIMPLE_OCT2POINT), "ec_GFp_simple_oct2point"}, | 115 | {ERR_FUNC(EC_F_EC_GFP_SIMPLE_OCT2POINT), "ec_GFp_simple_oct2point"}, |
| 82 | {ERR_FUNC(EC_F_EC_GFP_SIMPLE_POINT2OCT), "ec_GFp_simple_point2oct"}, | 116 | {ERR_FUNC(EC_F_EC_GFP_SIMPLE_POINT2OCT), "ec_GFp_simple_point2oct"}, |
| 83 | {ERR_FUNC(EC_F_EC_GFP_SIMPLE_POINTS_MAKE_AFFINE), "ec_GFp_simple_points_make_affine"}, | 117 | {ERR_FUNC(EC_F_EC_GFP_SIMPLE_POINTS_MAKE_AFFINE), "ec_GFp_simple_points_make_affine"}, |
| 84 | {ERR_FUNC(EC_F_EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES_GFP), "ec_GFp_simple_point_get_affine_coordinates_GFp"}, | 118 | {ERR_FUNC(EC_F_EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES), "ec_GFp_simple_point_get_affine_coordinates"}, |
| 85 | {ERR_FUNC(EC_F_EC_GFP_SIMPLE_POINT_SET_AFFINE_COORDINATES_GFP), "ec_GFp_simple_point_set_affine_coordinates_GFp"}, | 119 | {ERR_FUNC(EC_F_EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES_GFP), "EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES_GFP"}, |
| 86 | {ERR_FUNC(EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES_GFP), "ec_GFp_simple_set_compressed_coordinates_GFp"}, | 120 | {ERR_FUNC(EC_F_EC_GFP_SIMPLE_POINT_SET_AFFINE_COORDINATES), "ec_GFp_simple_point_set_affine_coordinates"}, |
| 121 | {ERR_FUNC(EC_F_EC_GFP_SIMPLE_POINT_SET_AFFINE_COORDINATES_GFP), "EC_GFP_SIMPLE_POINT_SET_AFFINE_COORDINATES_GFP"}, | ||
| 122 | {ERR_FUNC(EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES), "ec_GFp_simple_set_compressed_coordinates"}, | ||
| 123 | {ERR_FUNC(EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES_GFP), "EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES_GFP"}, | ||
| 124 | {ERR_FUNC(EC_F_EC_GROUP_CHECK), "EC_GROUP_check"}, | ||
| 125 | {ERR_FUNC(EC_F_EC_GROUP_CHECK_DISCRIMINANT), "EC_GROUP_check_discriminant"}, | ||
| 87 | {ERR_FUNC(EC_F_EC_GROUP_COPY), "EC_GROUP_copy"}, | 126 | {ERR_FUNC(EC_F_EC_GROUP_COPY), "EC_GROUP_copy"}, |
| 88 | {ERR_FUNC(EC_F_EC_GROUP_GET0_GENERATOR), "EC_GROUP_get0_generator"}, | 127 | {ERR_FUNC(EC_F_EC_GROUP_GET0_GENERATOR), "EC_GROUP_get0_generator"}, |
| 89 | {ERR_FUNC(EC_F_EC_GROUP_GET_COFACTOR), "EC_GROUP_get_cofactor"}, | 128 | {ERR_FUNC(EC_F_EC_GROUP_GET_COFACTOR), "EC_GROUP_get_cofactor"}, |
| 129 | {ERR_FUNC(EC_F_EC_GROUP_GET_CURVE_GF2M), "EC_GROUP_get_curve_GF2m"}, | ||
| 90 | {ERR_FUNC(EC_F_EC_GROUP_GET_CURVE_GFP), "EC_GROUP_get_curve_GFp"}, | 130 | {ERR_FUNC(EC_F_EC_GROUP_GET_CURVE_GFP), "EC_GROUP_get_curve_GFp"}, |
| 131 | {ERR_FUNC(EC_F_EC_GROUP_GET_DEGREE), "EC_GROUP_get_degree"}, | ||
| 91 | {ERR_FUNC(EC_F_EC_GROUP_GET_ORDER), "EC_GROUP_get_order"}, | 132 | {ERR_FUNC(EC_F_EC_GROUP_GET_ORDER), "EC_GROUP_get_order"}, |
| 133 | {ERR_FUNC(EC_F_EC_GROUP_GET_PENTANOMIAL_BASIS), "EC_GROUP_get_pentanomial_basis"}, | ||
| 134 | {ERR_FUNC(EC_F_EC_GROUP_GET_TRINOMIAL_BASIS), "EC_GROUP_get_trinomial_basis"}, | ||
| 92 | {ERR_FUNC(EC_F_EC_GROUP_NEW), "EC_GROUP_new"}, | 135 | {ERR_FUNC(EC_F_EC_GROUP_NEW), "EC_GROUP_new"}, |
| 136 | {ERR_FUNC(EC_F_EC_GROUP_NEW_BY_CURVE_NAME), "EC_GROUP_new_by_curve_name"}, | ||
| 137 | {ERR_FUNC(EC_F_EC_GROUP_NEW_FROM_DATA), "EC_GROUP_NEW_FROM_DATA"}, | ||
| 93 | {ERR_FUNC(EC_F_EC_GROUP_PRECOMPUTE_MULT), "EC_GROUP_precompute_mult"}, | 138 | {ERR_FUNC(EC_F_EC_GROUP_PRECOMPUTE_MULT), "EC_GROUP_precompute_mult"}, |
| 139 | {ERR_FUNC(EC_F_EC_GROUP_SET_CURVE_GF2M), "EC_GROUP_set_curve_GF2m"}, | ||
| 94 | {ERR_FUNC(EC_F_EC_GROUP_SET_CURVE_GFP), "EC_GROUP_set_curve_GFp"}, | 140 | {ERR_FUNC(EC_F_EC_GROUP_SET_CURVE_GFP), "EC_GROUP_set_curve_GFp"}, |
| 95 | {ERR_FUNC(EC_F_EC_GROUP_SET_EXTRA_DATA), "EC_GROUP_set_extra_data"}, | 141 | {ERR_FUNC(EC_F_EC_GROUP_SET_EXTRA_DATA), "EC_GROUP_SET_EXTRA_DATA"}, |
| 96 | {ERR_FUNC(EC_F_EC_GROUP_SET_GENERATOR), "EC_GROUP_set_generator"}, | 142 | {ERR_FUNC(EC_F_EC_GROUP_SET_GENERATOR), "EC_GROUP_set_generator"}, |
| 143 | {ERR_FUNC(EC_F_EC_KEY_CHECK_KEY), "EC_KEY_check_key"}, | ||
| 144 | {ERR_FUNC(EC_F_EC_KEY_COPY), "EC_KEY_copy"}, | ||
| 145 | {ERR_FUNC(EC_F_EC_KEY_GENERATE_KEY), "EC_KEY_generate_key"}, | ||
| 146 | {ERR_FUNC(EC_F_EC_KEY_NEW), "EC_KEY_new"}, | ||
| 147 | {ERR_FUNC(EC_F_EC_KEY_PRINT), "EC_KEY_print"}, | ||
| 148 | {ERR_FUNC(EC_F_EC_KEY_PRINT_FP), "EC_KEY_print_fp"}, | ||
| 97 | {ERR_FUNC(EC_F_EC_POINTS_MAKE_AFFINE), "EC_POINTs_make_affine"}, | 149 | {ERR_FUNC(EC_F_EC_POINTS_MAKE_AFFINE), "EC_POINTs_make_affine"}, |
| 98 | {ERR_FUNC(EC_F_EC_POINTS_MUL), "EC_POINTs_mul"}, | 150 | {ERR_FUNC(EC_F_EC_POINTS_MUL), "EC_POINTs_mul"}, |
| 99 | {ERR_FUNC(EC_F_EC_POINT_ADD), "EC_POINT_add"}, | 151 | {ERR_FUNC(EC_F_EC_POINT_ADD), "EC_POINT_add"}, |
| 100 | {ERR_FUNC(EC_F_EC_POINT_CMP), "EC_POINT_cmp"}, | 152 | {ERR_FUNC(EC_F_EC_POINT_CMP), "EC_POINT_cmp"}, |
| 101 | {ERR_FUNC(EC_F_EC_POINT_COPY), "EC_POINT_copy"}, | 153 | {ERR_FUNC(EC_F_EC_POINT_COPY), "EC_POINT_copy"}, |
| 102 | {ERR_FUNC(EC_F_EC_POINT_DBL), "EC_POINT_dbl"}, | 154 | {ERR_FUNC(EC_F_EC_POINT_DBL), "EC_POINT_dbl"}, |
| 155 | {ERR_FUNC(EC_F_EC_POINT_GET_AFFINE_COORDINATES_GF2M), "EC_POINT_get_affine_coordinates_GF2m"}, | ||
| 103 | {ERR_FUNC(EC_F_EC_POINT_GET_AFFINE_COORDINATES_GFP), "EC_POINT_get_affine_coordinates_GFp"}, | 156 | {ERR_FUNC(EC_F_EC_POINT_GET_AFFINE_COORDINATES_GFP), "EC_POINT_get_affine_coordinates_GFp"}, |
| 104 | {ERR_FUNC(EC_F_EC_POINT_GET_JPROJECTIVE_COORDINATES_GFP), "EC_POINT_get_Jprojective_coordinates_GFp"}, | 157 | {ERR_FUNC(EC_F_EC_POINT_GET_JPROJECTIVE_COORDINATES_GFP), "EC_POINT_get_Jprojective_coordinates_GFp"}, |
| 158 | {ERR_FUNC(EC_F_EC_POINT_INVERT), "EC_POINT_invert"}, | ||
| 105 | {ERR_FUNC(EC_F_EC_POINT_IS_AT_INFINITY), "EC_POINT_is_at_infinity"}, | 159 | {ERR_FUNC(EC_F_EC_POINT_IS_AT_INFINITY), "EC_POINT_is_at_infinity"}, |
| 106 | {ERR_FUNC(EC_F_EC_POINT_IS_ON_CURVE), "EC_POINT_is_on_curve"}, | 160 | {ERR_FUNC(EC_F_EC_POINT_IS_ON_CURVE), "EC_POINT_is_on_curve"}, |
| 107 | {ERR_FUNC(EC_F_EC_POINT_MAKE_AFFINE), "EC_POINT_make_affine"}, | 161 | {ERR_FUNC(EC_F_EC_POINT_MAKE_AFFINE), "EC_POINT_make_affine"}, |
| 162 | {ERR_FUNC(EC_F_EC_POINT_MUL), "EC_POINT_mul"}, | ||
| 108 | {ERR_FUNC(EC_F_EC_POINT_NEW), "EC_POINT_new"}, | 163 | {ERR_FUNC(EC_F_EC_POINT_NEW), "EC_POINT_new"}, |
| 109 | {ERR_FUNC(EC_F_EC_POINT_OCT2POINT), "EC_POINT_oct2point"}, | 164 | {ERR_FUNC(EC_F_EC_POINT_OCT2POINT), "EC_POINT_oct2point"}, |
| 110 | {ERR_FUNC(EC_F_EC_POINT_POINT2OCT), "EC_POINT_point2oct"}, | 165 | {ERR_FUNC(EC_F_EC_POINT_POINT2OCT), "EC_POINT_point2oct"}, |
| 166 | {ERR_FUNC(EC_F_EC_POINT_SET_AFFINE_COORDINATES_GF2M), "EC_POINT_set_affine_coordinates_GF2m"}, | ||
| 111 | {ERR_FUNC(EC_F_EC_POINT_SET_AFFINE_COORDINATES_GFP), "EC_POINT_set_affine_coordinates_GFp"}, | 167 | {ERR_FUNC(EC_F_EC_POINT_SET_AFFINE_COORDINATES_GFP), "EC_POINT_set_affine_coordinates_GFp"}, |
| 168 | {ERR_FUNC(EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GF2M), "EC_POINT_set_compressed_coordinates_GF2m"}, | ||
| 112 | {ERR_FUNC(EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GFP), "EC_POINT_set_compressed_coordinates_GFp"}, | 169 | {ERR_FUNC(EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GFP), "EC_POINT_set_compressed_coordinates_GFp"}, |
| 113 | {ERR_FUNC(EC_F_EC_POINT_SET_JPROJECTIVE_COORDINATES_GFP), "EC_POINT_set_Jprojective_coordinates_GFp"}, | 170 | {ERR_FUNC(EC_F_EC_POINT_SET_JPROJECTIVE_COORDINATES_GFP), "EC_POINT_set_Jprojective_coordinates_GFp"}, |
| 114 | {ERR_FUNC(EC_F_EC_POINT_SET_TO_INFINITY), "EC_POINT_set_to_infinity"}, | 171 | {ERR_FUNC(EC_F_EC_POINT_SET_TO_INFINITY), "EC_POINT_set_to_infinity"}, |
| 115 | {ERR_FUNC(EC_F_GFP_MONT_GROUP_SET_CURVE_GFP), "GFP_MONT_GROUP_SET_CURVE_GFP"}, | 172 | {ERR_FUNC(EC_F_EC_PRE_COMP_DUP), "EC_PRE_COMP_DUP"}, |
| 173 | {ERR_FUNC(EC_F_EC_PRE_COMP_NEW), "EC_PRE_COMP_NEW"}, | ||
| 174 | {ERR_FUNC(EC_F_EC_WNAF_MUL), "ec_wNAF_mul"}, | ||
| 175 | {ERR_FUNC(EC_F_EC_WNAF_PRECOMPUTE_MULT), "ec_wNAF_precompute_mult"}, | ||
| 176 | {ERR_FUNC(EC_F_I2D_ECPARAMETERS), "i2d_ECParameters"}, | ||
| 177 | {ERR_FUNC(EC_F_I2D_ECPKPARAMETERS), "i2d_ECPKParameters"}, | ||
| 178 | {ERR_FUNC(EC_F_I2D_ECPRIVATEKEY), "i2d_ECPrivateKey"}, | ||
| 179 | {ERR_FUNC(EC_F_I2O_ECPUBLICKEY), "i2o_ECPublicKey"}, | ||
| 180 | {ERR_FUNC(EC_F_O2I_ECPUBLICKEY), "o2i_ECPublicKey"}, | ||
| 116 | {0,NULL} | 181 | {0,NULL} |
| 117 | }; | 182 | }; |
| 118 | 183 | ||
| 119 | static ERR_STRING_DATA EC_str_reasons[]= | 184 | static ERR_STRING_DATA EC_str_reasons[]= |
| 120 | { | 185 | { |
| 186 | {ERR_REASON(EC_R_ASN1_ERROR) ,"asn1 error"}, | ||
| 187 | {ERR_REASON(EC_R_ASN1_UNKNOWN_FIELD) ,"asn1 unknown field"}, | ||
| 121 | {ERR_REASON(EC_R_BUFFER_TOO_SMALL) ,"buffer too small"}, | 188 | {ERR_REASON(EC_R_BUFFER_TOO_SMALL) ,"buffer too small"}, |
| 189 | {ERR_REASON(EC_R_D2I_ECPKPARAMETERS_FAILURE),"d2i ecpkparameters failure"}, | ||
| 190 | {ERR_REASON(EC_R_DISCRIMINANT_IS_ZERO) ,"discriminant is zero"}, | ||
| 191 | {ERR_REASON(EC_R_EC_GROUP_NEW_BY_NAME_FAILURE),"ec group new by name failure"}, | ||
| 192 | {ERR_REASON(EC_R_FIELD_TOO_LARGE) ,"field too large"}, | ||
| 193 | {ERR_REASON(EC_R_GROUP2PKPARAMETERS_FAILURE),"group2pkparameters failure"}, | ||
| 194 | {ERR_REASON(EC_R_I2D_ECPKPARAMETERS_FAILURE),"i2d ecpkparameters failure"}, | ||
| 122 | {ERR_REASON(EC_R_INCOMPATIBLE_OBJECTS) ,"incompatible objects"}, | 195 | {ERR_REASON(EC_R_INCOMPATIBLE_OBJECTS) ,"incompatible objects"}, |
| 123 | {ERR_REASON(EC_R_INVALID_ARGUMENT) ,"invalid argument"}, | 196 | {ERR_REASON(EC_R_INVALID_ARGUMENT) ,"invalid argument"}, |
| 124 | {ERR_REASON(EC_R_INVALID_COMPRESSED_POINT),"invalid compressed point"}, | 197 | {ERR_REASON(EC_R_INVALID_COMPRESSED_POINT),"invalid compressed point"}, |
| @@ -126,12 +199,28 @@ static ERR_STRING_DATA EC_str_reasons[]= | |||
| 126 | {ERR_REASON(EC_R_INVALID_ENCODING) ,"invalid encoding"}, | 199 | {ERR_REASON(EC_R_INVALID_ENCODING) ,"invalid encoding"}, |
| 127 | {ERR_REASON(EC_R_INVALID_FIELD) ,"invalid field"}, | 200 | {ERR_REASON(EC_R_INVALID_FIELD) ,"invalid field"}, |
| 128 | {ERR_REASON(EC_R_INVALID_FORM) ,"invalid form"}, | 201 | {ERR_REASON(EC_R_INVALID_FORM) ,"invalid form"}, |
| 202 | {ERR_REASON(EC_R_INVALID_GROUP_ORDER) ,"invalid group order"}, | ||
| 203 | {ERR_REASON(EC_R_INVALID_PENTANOMIAL_BASIS),"invalid pentanomial basis"}, | ||
| 204 | {ERR_REASON(EC_R_INVALID_PRIVATE_KEY) ,"invalid private key"}, | ||
| 205 | {ERR_REASON(EC_R_INVALID_TRINOMIAL_BASIS),"invalid trinomial basis"}, | ||
| 206 | {ERR_REASON(EC_R_MISSING_PARAMETERS) ,"missing parameters"}, | ||
| 207 | {ERR_REASON(EC_R_MISSING_PRIVATE_KEY) ,"missing private key"}, | ||
| 208 | {ERR_REASON(EC_R_NOT_A_NIST_PRIME) ,"not a NIST prime"}, | ||
| 209 | {ERR_REASON(EC_R_NOT_A_SUPPORTED_NIST_PRIME),"not a supported NIST prime"}, | ||
| 210 | {ERR_REASON(EC_R_NOT_IMPLEMENTED) ,"not implemented"}, | ||
| 129 | {ERR_REASON(EC_R_NOT_INITIALIZED) ,"not initialized"}, | 211 | {ERR_REASON(EC_R_NOT_INITIALIZED) ,"not initialized"}, |
| 212 | {ERR_REASON(EC_R_NO_FIELD_MOD) ,"no field mod"}, | ||
| 213 | {ERR_REASON(EC_R_PASSED_NULL_PARAMETER) ,"passed null parameter"}, | ||
| 214 | {ERR_REASON(EC_R_PKPARAMETERS2GROUP_FAILURE),"pkparameters2group failure"}, | ||
| 130 | {ERR_REASON(EC_R_POINT_AT_INFINITY) ,"point at infinity"}, | 215 | {ERR_REASON(EC_R_POINT_AT_INFINITY) ,"point at infinity"}, |
| 131 | {ERR_REASON(EC_R_POINT_IS_NOT_ON_CURVE) ,"point is not on curve"}, | 216 | {ERR_REASON(EC_R_POINT_IS_NOT_ON_CURVE) ,"point is not on curve"}, |
| 132 | {ERR_REASON(EC_R_SLOT_FULL) ,"slot full"}, | 217 | {ERR_REASON(EC_R_SLOT_FULL) ,"slot full"}, |
| 133 | {ERR_REASON(EC_R_UNDEFINED_GENERATOR) ,"undefined generator"}, | 218 | {ERR_REASON(EC_R_UNDEFINED_GENERATOR) ,"undefined generator"}, |
| 219 | {ERR_REASON(EC_R_UNDEFINED_ORDER) ,"undefined order"}, | ||
| 220 | {ERR_REASON(EC_R_UNKNOWN_GROUP) ,"unknown group"}, | ||
| 134 | {ERR_REASON(EC_R_UNKNOWN_ORDER) ,"unknown order"}, | 221 | {ERR_REASON(EC_R_UNKNOWN_ORDER) ,"unknown order"}, |
| 222 | {ERR_REASON(EC_R_UNSUPPORTED_FIELD) ,"unsupported field"}, | ||
| 223 | {ERR_REASON(EC_R_WRONG_ORDER) ,"wrong order"}, | ||
| 135 | {0,NULL} | 224 | {0,NULL} |
| 136 | }; | 225 | }; |
| 137 | 226 | ||
| @@ -139,15 +228,12 @@ static ERR_STRING_DATA EC_str_reasons[]= | |||
| 139 | 228 | ||
| 140 | void ERR_load_EC_strings(void) | 229 | void ERR_load_EC_strings(void) |
| 141 | { | 230 | { |
| 142 | static int init=1; | 231 | #ifndef OPENSSL_NO_ERR |
| 143 | 232 | ||
| 144 | if (init) | 233 | if (ERR_func_error_string(EC_str_functs[0].error) == NULL) |
| 145 | { | 234 | { |
| 146 | init=0; | ||
| 147 | #ifndef OPENSSL_NO_ERR | ||
| 148 | ERR_load_strings(0,EC_str_functs); | 235 | ERR_load_strings(0,EC_str_functs); |
| 149 | ERR_load_strings(0,EC_str_reasons); | 236 | ERR_load_strings(0,EC_str_reasons); |
| 150 | #endif | ||
| 151 | |||
| 152 | } | 237 | } |
| 238 | #endif | ||
| 153 | } | 239 | } |
diff --git a/src/lib/libssl/src/crypto/ec/ec_lcl.h b/src/lib/libssl/src/crypto/ec/ec_lcl.h index cc4cf27755..fdd7aa2755 100644 --- a/src/lib/libssl/src/crypto/ec/ec_lcl.h +++ b/src/lib/libssl/src/crypto/ec/ec_lcl.h | |||
| @@ -1,6 +1,9 @@ | |||
| 1 | /* crypto/ec/ec_lcl.h */ | 1 | /* crypto/ec/ec_lcl.h */ |
| 2 | /* | ||
| 3 | * Originally written by Bodo Moeller for the OpenSSL project. | ||
| 4 | */ | ||
| 2 | /* ==================================================================== | 5 | /* ==================================================================== |
| 3 | * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. | 6 | * Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved. |
| 4 | * | 7 | * |
| 5 | * Redistribution and use in source and binary forms, with or without | 8 | * Redistribution and use in source and binary forms, with or without |
| 6 | * modification, are permitted provided that the following conditions | 9 | * modification, are permitted provided that the following conditions |
| @@ -52,35 +55,56 @@ | |||
| 52 | * Hudson (tjh@cryptsoft.com). | 55 | * Hudson (tjh@cryptsoft.com). |
| 53 | * | 56 | * |
| 54 | */ | 57 | */ |
| 58 | /* ==================================================================== | ||
| 59 | * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. | ||
| 60 | * | ||
| 61 | * Portions of the attached software ("Contribution") are developed by | ||
| 62 | * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project. | ||
| 63 | * | ||
| 64 | * The Contribution is licensed pursuant to the OpenSSL open source | ||
| 65 | * license provided above. | ||
| 66 | * | ||
| 67 | * The elliptic curve binary polynomial software is originally written by | ||
| 68 | * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories. | ||
| 69 | * | ||
| 70 | */ | ||
| 55 | 71 | ||
| 56 | 72 | ||
| 57 | #include <stdlib.h> | 73 | #include <stdlib.h> |
| 58 | 74 | ||
| 75 | #include <openssl/obj_mac.h> | ||
| 59 | #include <openssl/ec.h> | 76 | #include <openssl/ec.h> |
| 77 | #include <openssl/bn.h> | ||
| 60 | 78 | ||
| 79 | #if defined(__SUNPRO_C) | ||
| 80 | # if __SUNPRO_C >= 0x520 | ||
| 81 | # pragma error_messages (off,E_ARRAY_OF_INCOMPLETE_NONAME,E_ARRAY_OF_INCOMPLETE) | ||
| 82 | # endif | ||
| 83 | #endif | ||
| 61 | 84 | ||
| 62 | /* Structure details are not part of the exported interface, | 85 | /* Structure details are not part of the exported interface, |
| 63 | * so all this may change in future versions. */ | 86 | * so all this may change in future versions. */ |
| 64 | 87 | ||
| 65 | struct ec_method_st { | 88 | struct ec_method_st { |
| 89 | /* used by EC_METHOD_get_field_type: */ | ||
| 90 | int field_type; /* a NID */ | ||
| 91 | |||
| 66 | /* used by EC_GROUP_new, EC_GROUP_free, EC_GROUP_clear_free, EC_GROUP_copy: */ | 92 | /* used by EC_GROUP_new, EC_GROUP_free, EC_GROUP_clear_free, EC_GROUP_copy: */ |
| 67 | int (*group_init)(EC_GROUP *); | 93 | int (*group_init)(EC_GROUP *); |
| 68 | void (*group_finish)(EC_GROUP *); | 94 | void (*group_finish)(EC_GROUP *); |
| 69 | void (*group_clear_finish)(EC_GROUP *); | 95 | void (*group_clear_finish)(EC_GROUP *); |
| 70 | int (*group_copy)(EC_GROUP *, const EC_GROUP *); | 96 | int (*group_copy)(EC_GROUP *, const EC_GROUP *); |
| 71 | 97 | ||
| 72 | /* used by EC_GROUP_set_curve_GFp and EC_GROUP_get_curve_GFp: */ | 98 | /* used by EC_GROUP_set_curve_GFp, EC_GROUP_get_curve_GFp, */ |
| 73 | int (*group_set_curve_GFp)(EC_GROUP *, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *); | 99 | /* EC_GROUP_set_curve_GF2m, and EC_GROUP_get_curve_GF2m: */ |
| 74 | int (*group_get_curve_GFp)(const EC_GROUP *, BIGNUM *p, BIGNUM *a, BIGNUM *b, BN_CTX *); | 100 | int (*group_set_curve)(EC_GROUP *, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *); |
| 101 | int (*group_get_curve)(const EC_GROUP *, BIGNUM *p, BIGNUM *a, BIGNUM *b, BN_CTX *); | ||
| 75 | 102 | ||
| 76 | /* used by EC_GROUP_set_generator, EC_GROUP_get0_generator, | 103 | /* used by EC_GROUP_get_degree: */ |
| 77 | * EC_GROUP_get_order, EC_GROUP_get_cofactor: | 104 | int (*group_get_degree)(const EC_GROUP *); |
| 78 | */ | 105 | |
| 79 | int (*group_set_generator)(EC_GROUP *, const EC_POINT *generator, | 106 | /* used by EC_GROUP_check: */ |
| 80 | const BIGNUM *order, const BIGNUM *cofactor); | 107 | int (*group_check_discriminant)(const EC_GROUP *, BN_CTX *); |
| 81 | EC_POINT *(*group_get0_generator)(const EC_GROUP *); | ||
| 82 | int (*group_get_order)(const EC_GROUP *, BIGNUM *order, BN_CTX *); | ||
| 83 | int (*group_get_cofactor)(const EC_GROUP *, BIGNUM *cofactor, BN_CTX *); | ||
| 84 | 108 | ||
| 85 | /* used by EC_POINT_new, EC_POINT_free, EC_POINT_clear_free, EC_POINT_copy: */ | 109 | /* used by EC_POINT_new, EC_POINT_free, EC_POINT_clear_free, EC_POINT_copy: */ |
| 86 | int (*point_init)(EC_POINT *); | 110 | int (*point_init)(EC_POINT *); |
| @@ -89,20 +113,22 @@ struct ec_method_st { | |||
| 89 | int (*point_copy)(EC_POINT *, const EC_POINT *); | 113 | int (*point_copy)(EC_POINT *, const EC_POINT *); |
| 90 | 114 | ||
| 91 | /* used by EC_POINT_set_to_infinity, | 115 | /* used by EC_POINT_set_to_infinity, |
| 92 | * EC_POINT_set_Jprojective_coordinates_GFp, EC_POINT_get_Jprojective_coordinates_GFp, | 116 | * EC_POINT_set_Jprojective_coordinates_GFp, |
| 93 | * EC_POINT_set_affine_coordinates_GFp, EC_POINT_get_affine_coordinates_GFp, | 117 | * EC_POINT_get_Jprojective_coordinates_GFp, |
| 94 | * EC_POINT_set_compressed_coordinates_GFp: | 118 | * EC_POINT_set_affine_coordinates_GFp, ..._GF2m, |
| 119 | * EC_POINT_get_affine_coordinates_GFp, ..._GF2m, | ||
| 120 | * EC_POINT_set_compressed_coordinates_GFp, ..._GF2m: | ||
| 95 | */ | 121 | */ |
| 96 | int (*point_set_to_infinity)(const EC_GROUP *, EC_POINT *); | 122 | int (*point_set_to_infinity)(const EC_GROUP *, EC_POINT *); |
| 97 | int (*point_set_Jprojective_coordinates_GFp)(const EC_GROUP *, EC_POINT *, | 123 | int (*point_set_Jprojective_coordinates_GFp)(const EC_GROUP *, EC_POINT *, |
| 98 | const BIGNUM *x, const BIGNUM *y, const BIGNUM *z, BN_CTX *); | 124 | const BIGNUM *x, const BIGNUM *y, const BIGNUM *z, BN_CTX *); |
| 99 | int (*point_get_Jprojective_coordinates_GFp)(const EC_GROUP *, const EC_POINT *, | 125 | int (*point_get_Jprojective_coordinates_GFp)(const EC_GROUP *, const EC_POINT *, |
| 100 | BIGNUM *x, BIGNUM *y, BIGNUM *z, BN_CTX *); | 126 | BIGNUM *x, BIGNUM *y, BIGNUM *z, BN_CTX *); |
| 101 | int (*point_set_affine_coordinates_GFp)(const EC_GROUP *, EC_POINT *, | 127 | int (*point_set_affine_coordinates)(const EC_GROUP *, EC_POINT *, |
| 102 | const BIGNUM *x, const BIGNUM *y, BN_CTX *); | 128 | const BIGNUM *x, const BIGNUM *y, BN_CTX *); |
| 103 | int (*point_get_affine_coordinates_GFp)(const EC_GROUP *, const EC_POINT *, | 129 | int (*point_get_affine_coordinates)(const EC_GROUP *, const EC_POINT *, |
| 104 | BIGNUM *x, BIGNUM *y, BN_CTX *); | 130 | BIGNUM *x, BIGNUM *y, BN_CTX *); |
| 105 | int (*point_set_compressed_coordinates_GFp)(const EC_GROUP *, EC_POINT *, | 131 | int (*point_set_compressed_coordinates)(const EC_GROUP *, EC_POINT *, |
| 106 | const BIGNUM *x, int y_bit, BN_CTX *); | 132 | const BIGNUM *x, int y_bit, BN_CTX *); |
| 107 | 133 | ||
| 108 | /* used by EC_POINT_point2oct, EC_POINT_oct2point: */ | 134 | /* used by EC_POINT_point2oct, EC_POINT_oct2point: */ |
| @@ -125,34 +151,65 @@ struct ec_method_st { | |||
| 125 | int (*make_affine)(const EC_GROUP *, EC_POINT *, BN_CTX *); | 151 | int (*make_affine)(const EC_GROUP *, EC_POINT *, BN_CTX *); |
| 126 | int (*points_make_affine)(const EC_GROUP *, size_t num, EC_POINT *[], BN_CTX *); | 152 | int (*points_make_affine)(const EC_GROUP *, size_t num, EC_POINT *[], BN_CTX *); |
| 127 | 153 | ||
| 154 | /* used by EC_POINTs_mul, EC_POINT_mul, EC_POINT_precompute_mult, EC_POINT_have_precompute_mult | ||
| 155 | * (default implementations are used if the 'mul' pointer is 0): */ | ||
| 156 | int (*mul)(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, | ||
| 157 | size_t num, const EC_POINT *points[], const BIGNUM *scalars[], BN_CTX *); | ||
| 158 | int (*precompute_mult)(EC_GROUP *group, BN_CTX *); | ||
| 159 | int (*have_precompute_mult)(const EC_GROUP *group); | ||
| 160 | |||
| 128 | 161 | ||
| 129 | /* internal functions */ | 162 | /* internal functions */ |
| 130 | 163 | ||
| 131 | /* 'field_mul' and 'field_sqr' can be used by 'add' and 'dbl' so that | 164 | /* 'field_mul', 'field_sqr', and 'field_div' can be used by 'add' and 'dbl' so that |
| 132 | * the same implementations of point operations can be used with different | 165 | * the same implementations of point operations can be used with different |
| 133 | * optimized implementations of expensive field operations: */ | 166 | * optimized implementations of expensive field operations: */ |
| 134 | int (*field_mul)(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *); | 167 | int (*field_mul)(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *); |
| 135 | int (*field_sqr)(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, BN_CTX *); | 168 | int (*field_sqr)(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, BN_CTX *); |
| 169 | int (*field_div)(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *); | ||
| 136 | 170 | ||
| 137 | int (*field_encode)(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, BN_CTX *); /* e.g. to Montgomery */ | 171 | int (*field_encode)(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, BN_CTX *); /* e.g. to Montgomery */ |
| 138 | int (*field_decode)(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, BN_CTX *); /* e.g. from Montgomery */ | 172 | int (*field_decode)(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, BN_CTX *); /* e.g. from Montgomery */ |
| 139 | int (*field_set_to_one)(const EC_GROUP *, BIGNUM *r, BN_CTX *); | 173 | int (*field_set_to_one)(const EC_GROUP *, BIGNUM *r, BN_CTX *); |
| 140 | } /* EC_METHOD */; | 174 | } /* EC_METHOD */; |
| 141 | 175 | ||
| 176 | typedef struct ec_extra_data_st { | ||
| 177 | struct ec_extra_data_st *next; | ||
| 178 | void *data; | ||
| 179 | void *(*dup_func)(void *); | ||
| 180 | void (*free_func)(void *); | ||
| 181 | void (*clear_free_func)(void *); | ||
| 182 | } EC_EXTRA_DATA; /* used in EC_GROUP */ | ||
| 142 | 183 | ||
| 143 | struct ec_group_st { | 184 | struct ec_group_st { |
| 144 | const EC_METHOD *meth; | 185 | const EC_METHOD *meth; |
| 145 | 186 | ||
| 146 | void *extra_data; | 187 | EC_POINT *generator; /* optional */ |
| 147 | void *(*extra_data_dup_func)(void *); | 188 | BIGNUM order, cofactor; |
| 148 | void (*extra_data_free_func)(void *); | 189 | |
| 149 | void (*extra_data_clear_free_func)(void *); | 190 | int curve_name;/* optional NID for named curve */ |
| 191 | int asn1_flag; /* flag to control the asn1 encoding */ | ||
| 192 | point_conversion_form_t asn1_form; | ||
| 193 | |||
| 194 | unsigned char *seed; /* optional seed for parameters (appears in ASN1) */ | ||
| 195 | size_t seed_len; | ||
| 150 | 196 | ||
| 151 | /* All members except 'meth' and 'extra_data...' are handled by | 197 | EC_EXTRA_DATA *extra_data; /* linked list */ |
| 152 | * the method functions, even if they appear generic */ | 198 | |
| 199 | /* The following members are handled by the method functions, | ||
| 200 | * even if they appear generic */ | ||
| 153 | 201 | ||
| 154 | BIGNUM field; /* Field specification. | 202 | BIGNUM field; /* Field specification. |
| 155 | * For curves over GF(p), this is the modulus. */ | 203 | * For curves over GF(p), this is the modulus; |
| 204 | * for curves over GF(2^m), this is the | ||
| 205 | * irreducible polynomial defining the field. | ||
| 206 | */ | ||
| 207 | |||
| 208 | unsigned int poly[5]; /* Field specification for curves over GF(2^m). | ||
| 209 | * The irreducible f(t) is then of the form: | ||
| 210 | * t^poly[0] + t^poly[1] + ... + t^poly[k] | ||
| 211 | * where m = poly[0] > poly[1] > ... > poly[k] = 0. | ||
| 212 | */ | ||
| 156 | 213 | ||
| 157 | BIGNUM a, b; /* Curve coefficients. | 214 | BIGNUM a, b; /* Curve coefficients. |
| 158 | * (Here the assumption is that BIGNUMs can be used | 215 | * (Here the assumption is that BIGNUMs can be used |
| @@ -160,29 +217,49 @@ struct ec_group_st { | |||
| 160 | * For characteristic > 3, the curve is defined | 217 | * For characteristic > 3, the curve is defined |
| 161 | * by a Weierstrass equation of the form | 218 | * by a Weierstrass equation of the form |
| 162 | * y^2 = x^3 + a*x + b. | 219 | * y^2 = x^3 + a*x + b. |
| 220 | * For characteristic 2, the curve is defined by | ||
| 221 | * an equation of the form | ||
| 222 | * y^2 + x*y = x^3 + a*x^2 + b. | ||
| 163 | */ | 223 | */ |
| 164 | int a_is_minus3; /* enable optimized point arithmetics for special case */ | ||
| 165 | 224 | ||
| 166 | EC_POINT *generator; /* optional */ | 225 | int a_is_minus3; /* enable optimized point arithmetics for special case */ |
| 167 | BIGNUM order, cofactor; | ||
| 168 | 226 | ||
| 169 | void *field_data1; /* method-specific (e.g., Montgomery structure) */ | 227 | void *field_data1; /* method-specific (e.g., Montgomery structure) */ |
| 170 | void *field_data2; /* method-specific */ | 228 | void *field_data2; /* method-specific */ |
| 229 | int (*field_mod_func)(BIGNUM *, const BIGNUM *, const BIGNUM *, BN_CTX *); /* method-specific */ | ||
| 171 | } /* EC_GROUP */; | 230 | } /* EC_GROUP */; |
| 172 | 231 | ||
| 232 | struct ec_key_st { | ||
| 233 | int version; | ||
| 234 | |||
| 235 | EC_GROUP *group; | ||
| 236 | |||
| 237 | EC_POINT *pub_key; | ||
| 238 | BIGNUM *priv_key; | ||
| 239 | |||
| 240 | unsigned int enc_flag; | ||
| 241 | point_conversion_form_t conv_form; | ||
| 173 | 242 | ||
| 174 | /* Basically a 'mixin' for extra data, but available for EC_GROUPs only | 243 | int references; |
| 244 | |||
| 245 | EC_EXTRA_DATA *method_data; | ||
| 246 | } /* EC_KEY */; | ||
| 247 | |||
| 248 | /* Basically a 'mixin' for extra data, but available for EC_GROUPs/EC_KEYs only | ||
| 175 | * (with visibility limited to 'package' level for now). | 249 | * (with visibility limited to 'package' level for now). |
| 176 | * We use the function pointers as index for retrieval; this obviates | 250 | * We use the function pointers as index for retrieval; this obviates |
| 177 | * global ex_data-style index tables. | 251 | * global ex_data-style index tables. |
| 178 | * (Currently, we have one slot only, but is is possible to extend this | 252 | */ |
| 179 | * if necessary.) */ | 253 | int EC_EX_DATA_set_data(EC_EXTRA_DATA **, void *data, |
| 180 | int EC_GROUP_set_extra_data(EC_GROUP *, void *extra_data, void *(*extra_data_dup_func)(void *), | 254 | void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *)); |
| 181 | void (*extra_data_free_func)(void *), void (*extra_data_clear_free_func)(void *)); | 255 | void *EC_EX_DATA_get_data(const EC_EXTRA_DATA *, |
| 182 | void *EC_GROUP_get_extra_data(const EC_GROUP *, void *(*extra_data_dup_func)(void *), | 256 | void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *)); |
| 183 | void (*extra_data_free_func)(void *), void (*extra_data_clear_free_func)(void *)); | 257 | void EC_EX_DATA_free_data(EC_EXTRA_DATA **, |
| 184 | void EC_GROUP_free_extra_data(EC_GROUP *); | 258 | void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *)); |
| 185 | void EC_GROUP_clear_free_extra_data(EC_GROUP *); | 259 | void EC_EX_DATA_clear_free_data(EC_EXTRA_DATA **, |
| 260 | void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *)); | ||
| 261 | void EC_EX_DATA_free_all_data(EC_EXTRA_DATA **); | ||
| 262 | void EC_EX_DATA_clear_free_all_data(EC_EXTRA_DATA **); | ||
| 186 | 263 | ||
| 187 | 264 | ||
| 188 | 265 | ||
| @@ -201,18 +278,23 @@ struct ec_point_st { | |||
| 201 | 278 | ||
| 202 | 279 | ||
| 203 | 280 | ||
| 281 | /* method functions in ec_mult.c | ||
| 282 | * (ec_lib.c uses these as defaults if group->method->mul is 0) */ | ||
| 283 | int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, | ||
| 284 | size_t num, const EC_POINT *points[], const BIGNUM *scalars[], BN_CTX *); | ||
| 285 | int ec_wNAF_precompute_mult(EC_GROUP *group, BN_CTX *); | ||
| 286 | int ec_wNAF_have_precompute_mult(const EC_GROUP *group); | ||
| 287 | |||
| 288 | |||
| 204 | /* method functions in ecp_smpl.c */ | 289 | /* method functions in ecp_smpl.c */ |
| 205 | int ec_GFp_simple_group_init(EC_GROUP *); | 290 | int ec_GFp_simple_group_init(EC_GROUP *); |
| 206 | void ec_GFp_simple_group_finish(EC_GROUP *); | 291 | void ec_GFp_simple_group_finish(EC_GROUP *); |
| 207 | void ec_GFp_simple_group_clear_finish(EC_GROUP *); | 292 | void ec_GFp_simple_group_clear_finish(EC_GROUP *); |
| 208 | int ec_GFp_simple_group_copy(EC_GROUP *, const EC_GROUP *); | 293 | int ec_GFp_simple_group_copy(EC_GROUP *, const EC_GROUP *); |
| 209 | int ec_GFp_simple_group_set_curve_GFp(EC_GROUP *, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *); | 294 | int ec_GFp_simple_group_set_curve(EC_GROUP *, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *); |
| 210 | int ec_GFp_simple_group_get_curve_GFp(const EC_GROUP *, BIGNUM *p, BIGNUM *a, BIGNUM *b, BN_CTX *); | 295 | int ec_GFp_simple_group_get_curve(const EC_GROUP *, BIGNUM *p, BIGNUM *a, BIGNUM *b, BN_CTX *); |
| 211 | int ec_GFp_simple_group_set_generator(EC_GROUP *, const EC_POINT *generator, | 296 | int ec_GFp_simple_group_get_degree(const EC_GROUP *); |
| 212 | const BIGNUM *order, const BIGNUM *cofactor); | 297 | int ec_GFp_simple_group_check_discriminant(const EC_GROUP *, BN_CTX *); |
| 213 | EC_POINT *ec_GFp_simple_group_get0_generator(const EC_GROUP *); | ||
| 214 | int ec_GFp_simple_group_get_order(const EC_GROUP *, BIGNUM *order, BN_CTX *); | ||
| 215 | int ec_GFp_simple_group_get_cofactor(const EC_GROUP *, BIGNUM *cofactor, BN_CTX *); | ||
| 216 | int ec_GFp_simple_point_init(EC_POINT *); | 298 | int ec_GFp_simple_point_init(EC_POINT *); |
| 217 | void ec_GFp_simple_point_finish(EC_POINT *); | 299 | void ec_GFp_simple_point_finish(EC_POINT *); |
| 218 | void ec_GFp_simple_point_clear_finish(EC_POINT *); | 300 | void ec_GFp_simple_point_clear_finish(EC_POINT *); |
| @@ -222,11 +304,11 @@ int ec_GFp_simple_set_Jprojective_coordinates_GFp(const EC_GROUP *, EC_POINT *, | |||
| 222 | const BIGNUM *x, const BIGNUM *y, const BIGNUM *z, BN_CTX *); | 304 | const BIGNUM *x, const BIGNUM *y, const BIGNUM *z, BN_CTX *); |
| 223 | int ec_GFp_simple_get_Jprojective_coordinates_GFp(const EC_GROUP *, const EC_POINT *, | 305 | int ec_GFp_simple_get_Jprojective_coordinates_GFp(const EC_GROUP *, const EC_POINT *, |
| 224 | BIGNUM *x, BIGNUM *y, BIGNUM *z, BN_CTX *); | 306 | BIGNUM *x, BIGNUM *y, BIGNUM *z, BN_CTX *); |
| 225 | int ec_GFp_simple_point_set_affine_coordinates_GFp(const EC_GROUP *, EC_POINT *, | 307 | int ec_GFp_simple_point_set_affine_coordinates(const EC_GROUP *, EC_POINT *, |
| 226 | const BIGNUM *x, const BIGNUM *y, BN_CTX *); | 308 | const BIGNUM *x, const BIGNUM *y, BN_CTX *); |
| 227 | int ec_GFp_simple_point_get_affine_coordinates_GFp(const EC_GROUP *, const EC_POINT *, | 309 | int ec_GFp_simple_point_get_affine_coordinates(const EC_GROUP *, const EC_POINT *, |
| 228 | BIGNUM *x, BIGNUM *y, BN_CTX *); | 310 | BIGNUM *x, BIGNUM *y, BN_CTX *); |
| 229 | int ec_GFp_simple_set_compressed_coordinates_GFp(const EC_GROUP *, EC_POINT *, | 311 | int ec_GFp_simple_set_compressed_coordinates(const EC_GROUP *, EC_POINT *, |
| 230 | const BIGNUM *x, int y_bit, BN_CTX *); | 312 | const BIGNUM *x, int y_bit, BN_CTX *); |
| 231 | size_t ec_GFp_simple_point2oct(const EC_GROUP *, const EC_POINT *, point_conversion_form_t form, | 313 | size_t ec_GFp_simple_point2oct(const EC_GROUP *, const EC_POINT *, point_conversion_form_t form, |
| 232 | unsigned char *buf, size_t len, BN_CTX *); | 314 | unsigned char *buf, size_t len, BN_CTX *); |
| @@ -246,7 +328,7 @@ int ec_GFp_simple_field_sqr(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, BN_CTX | |||
| 246 | 328 | ||
| 247 | /* method functions in ecp_mont.c */ | 329 | /* method functions in ecp_mont.c */ |
| 248 | int ec_GFp_mont_group_init(EC_GROUP *); | 330 | int ec_GFp_mont_group_init(EC_GROUP *); |
| 249 | int ec_GFp_mont_group_set_curve_GFp(EC_GROUP *, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *); | 331 | int ec_GFp_mont_group_set_curve(EC_GROUP *, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *); |
| 250 | void ec_GFp_mont_group_finish(EC_GROUP *); | 332 | void ec_GFp_mont_group_finish(EC_GROUP *); |
| 251 | void ec_GFp_mont_group_clear_finish(EC_GROUP *); | 333 | void ec_GFp_mont_group_clear_finish(EC_GROUP *); |
| 252 | int ec_GFp_mont_group_copy(EC_GROUP *, const EC_GROUP *); | 334 | int ec_GFp_mont_group_copy(EC_GROUP *, const EC_GROUP *); |
| @@ -257,21 +339,52 @@ int ec_GFp_mont_field_decode(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, BN_CT | |||
| 257 | int ec_GFp_mont_field_set_to_one(const EC_GROUP *, BIGNUM *r, BN_CTX *); | 339 | int ec_GFp_mont_field_set_to_one(const EC_GROUP *, BIGNUM *r, BN_CTX *); |
| 258 | 340 | ||
| 259 | 341 | ||
| 260 | /* method functions in ecp_recp.c */ | ||
| 261 | int ec_GFp_recp_group_init(EC_GROUP *); | ||
| 262 | int ec_GFp_recp_group_set_curve_GFp(EC_GROUP *, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *); | ||
| 263 | void ec_GFp_recp_group_finish(EC_GROUP *); | ||
| 264 | void ec_GFp_recp_group_clear_finish(EC_GROUP *); | ||
| 265 | int ec_GFp_recp_group_copy(EC_GROUP *, const EC_GROUP *); | ||
| 266 | int ec_GFp_recp_field_mul(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *); | ||
| 267 | int ec_GFp_recp_field_sqr(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, BN_CTX *); | ||
| 268 | |||
| 269 | |||
| 270 | /* method functions in ecp_nist.c */ | 342 | /* method functions in ecp_nist.c */ |
| 271 | int ec_GFp_nist_group_init(EC_GROUP *); | 343 | int ec_GFp_nist_group_copy(EC_GROUP *dest, const EC_GROUP *src); |
| 272 | int ec_GFp_nist_group_set_curve_GFp(EC_GROUP *, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *); | 344 | int ec_GFp_nist_group_set_curve(EC_GROUP *, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *); |
| 273 | void ec_GFp_nist_group_finish(EC_GROUP *); | ||
| 274 | void ec_GFp_nist_group_clear_finish(EC_GROUP *); | ||
| 275 | int ec_GFp_nist_group_copy(EC_GROUP *, const EC_GROUP *); | ||
| 276 | int ec_GFp_nist_field_mul(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *); | 345 | int ec_GFp_nist_field_mul(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *); |
| 277 | int ec_GFp_nist_field_sqr(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, BN_CTX *); | 346 | int ec_GFp_nist_field_sqr(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, BN_CTX *); |
| 347 | |||
| 348 | |||
| 349 | /* method functions in ec2_smpl.c */ | ||
| 350 | int ec_GF2m_simple_group_init(EC_GROUP *); | ||
| 351 | void ec_GF2m_simple_group_finish(EC_GROUP *); | ||
| 352 | void ec_GF2m_simple_group_clear_finish(EC_GROUP *); | ||
| 353 | int ec_GF2m_simple_group_copy(EC_GROUP *, const EC_GROUP *); | ||
| 354 | int ec_GF2m_simple_group_set_curve(EC_GROUP *, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *); | ||
| 355 | int ec_GF2m_simple_group_get_curve(const EC_GROUP *, BIGNUM *p, BIGNUM *a, BIGNUM *b, BN_CTX *); | ||
| 356 | int ec_GF2m_simple_group_get_degree(const EC_GROUP *); | ||
| 357 | int ec_GF2m_simple_group_check_discriminant(const EC_GROUP *, BN_CTX *); | ||
| 358 | int ec_GF2m_simple_point_init(EC_POINT *); | ||
| 359 | void ec_GF2m_simple_point_finish(EC_POINT *); | ||
| 360 | void ec_GF2m_simple_point_clear_finish(EC_POINT *); | ||
| 361 | int ec_GF2m_simple_point_copy(EC_POINT *, const EC_POINT *); | ||
| 362 | int ec_GF2m_simple_point_set_to_infinity(const EC_GROUP *, EC_POINT *); | ||
| 363 | int ec_GF2m_simple_point_set_affine_coordinates(const EC_GROUP *, EC_POINT *, | ||
| 364 | const BIGNUM *x, const BIGNUM *y, BN_CTX *); | ||
| 365 | int ec_GF2m_simple_point_get_affine_coordinates(const EC_GROUP *, const EC_POINT *, | ||
| 366 | BIGNUM *x, BIGNUM *y, BN_CTX *); | ||
| 367 | int ec_GF2m_simple_set_compressed_coordinates(const EC_GROUP *, EC_POINT *, | ||
| 368 | const BIGNUM *x, int y_bit, BN_CTX *); | ||
| 369 | size_t ec_GF2m_simple_point2oct(const EC_GROUP *, const EC_POINT *, point_conversion_form_t form, | ||
| 370 | unsigned char *buf, size_t len, BN_CTX *); | ||
| 371 | int ec_GF2m_simple_oct2point(const EC_GROUP *, EC_POINT *, | ||
| 372 | const unsigned char *buf, size_t len, BN_CTX *); | ||
| 373 | int ec_GF2m_simple_add(const EC_GROUP *, EC_POINT *r, const EC_POINT *a, const EC_POINT *b, BN_CTX *); | ||
| 374 | int ec_GF2m_simple_dbl(const EC_GROUP *, EC_POINT *r, const EC_POINT *a, BN_CTX *); | ||
| 375 | int ec_GF2m_simple_invert(const EC_GROUP *, EC_POINT *, BN_CTX *); | ||
| 376 | int ec_GF2m_simple_is_at_infinity(const EC_GROUP *, const EC_POINT *); | ||
| 377 | int ec_GF2m_simple_is_on_curve(const EC_GROUP *, const EC_POINT *, BN_CTX *); | ||
| 378 | int ec_GF2m_simple_cmp(const EC_GROUP *, const EC_POINT *a, const EC_POINT *b, BN_CTX *); | ||
| 379 | int ec_GF2m_simple_make_affine(const EC_GROUP *, EC_POINT *, BN_CTX *); | ||
| 380 | int ec_GF2m_simple_points_make_affine(const EC_GROUP *, size_t num, EC_POINT *[], BN_CTX *); | ||
| 381 | int ec_GF2m_simple_field_mul(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *); | ||
| 382 | int ec_GF2m_simple_field_sqr(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, BN_CTX *); | ||
| 383 | int ec_GF2m_simple_field_div(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *); | ||
| 384 | |||
| 385 | |||
| 386 | /* method functions in ec2_mult.c */ | ||
| 387 | int ec_GF2m_simple_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, | ||
| 388 | size_t num, const EC_POINT *points[], const BIGNUM *scalars[], BN_CTX *); | ||
| 389 | int ec_GF2m_precompute_mult(EC_GROUP *group, BN_CTX *ctx); | ||
| 390 | int ec_GF2m_have_precompute_mult(const EC_GROUP *group); | ||
diff --git a/src/lib/libssl/src/crypto/ec/ec_lib.c b/src/lib/libssl/src/crypto/ec/ec_lib.c index deb522060f..5af84376c6 100644 --- a/src/lib/libssl/src/crypto/ec/ec_lib.c +++ b/src/lib/libssl/src/crypto/ec/ec_lib.c | |||
| @@ -1,6 +1,9 @@ | |||
| 1 | /* crypto/ec/ec_lib.c */ | 1 | /* crypto/ec/ec_lib.c */ |
| 2 | /* | ||
| 3 | * Originally written by Bodo Moeller for the OpenSSL project. | ||
| 4 | */ | ||
| 2 | /* ==================================================================== | 5 | /* ==================================================================== |
| 3 | * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. | 6 | * Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved. |
| 4 | * | 7 | * |
| 5 | * Redistribution and use in source and binary forms, with or without | 8 | * Redistribution and use in source and binary forms, with or without |
| 6 | * modification, are permitted provided that the following conditions | 9 | * modification, are permitted provided that the following conditions |
| @@ -52,6 +55,11 @@ | |||
| 52 | * Hudson (tjh@cryptsoft.com). | 55 | * Hudson (tjh@cryptsoft.com). |
| 53 | * | 56 | * |
| 54 | */ | 57 | */ |
| 58 | /* ==================================================================== | ||
| 59 | * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. | ||
| 60 | * Binary polynomial ECC support in OpenSSL originally developed by | ||
| 61 | * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. | ||
| 62 | */ | ||
| 55 | 63 | ||
| 56 | #include <string.h> | 64 | #include <string.h> |
| 57 | 65 | ||
| @@ -90,10 +98,18 @@ EC_GROUP *EC_GROUP_new(const EC_METHOD *meth) | |||
| 90 | ret->meth = meth; | 98 | ret->meth = meth; |
| 91 | 99 | ||
| 92 | ret->extra_data = NULL; | 100 | ret->extra_data = NULL; |
| 93 | ret->extra_data_dup_func = 0; | 101 | |
| 94 | ret->extra_data_free_func = 0; | 102 | ret->generator = NULL; |
| 95 | ret->extra_data_clear_free_func = 0; | 103 | BN_init(&ret->order); |
| 96 | 104 | BN_init(&ret->cofactor); | |
| 105 | |||
| 106 | ret->curve_name = 0; | ||
| 107 | ret->asn1_flag = 0; | ||
| 108 | ret->asn1_form = POINT_CONVERSION_UNCOMPRESSED; | ||
| 109 | |||
| 110 | ret->seed = NULL; | ||
| 111 | ret->seed_len = 0; | ||
| 112 | |||
| 97 | if (!meth->group_init(ret)) | 113 | if (!meth->group_init(ret)) |
| 98 | { | 114 | { |
| 99 | OPENSSL_free(ret); | 115 | OPENSSL_free(ret); |
| @@ -111,7 +127,15 @@ void EC_GROUP_free(EC_GROUP *group) | |||
| 111 | if (group->meth->group_finish != 0) | 127 | if (group->meth->group_finish != 0) |
| 112 | group->meth->group_finish(group); | 128 | group->meth->group_finish(group); |
| 113 | 129 | ||
| 114 | EC_GROUP_free_extra_data(group); | 130 | EC_EX_DATA_free_all_data(&group->extra_data); |
| 131 | |||
| 132 | if (group->generator != NULL) | ||
| 133 | EC_POINT_free(group->generator); | ||
| 134 | BN_free(&group->order); | ||
| 135 | BN_free(&group->cofactor); | ||
| 136 | |||
| 137 | if (group->seed) | ||
| 138 | OPENSSL_free(group->seed); | ||
| 115 | 139 | ||
| 116 | OPENSSL_free(group); | 140 | OPENSSL_free(group); |
| 117 | } | 141 | } |
| @@ -123,10 +147,21 @@ void EC_GROUP_clear_free(EC_GROUP *group) | |||
| 123 | 147 | ||
| 124 | if (group->meth->group_clear_finish != 0) | 148 | if (group->meth->group_clear_finish != 0) |
| 125 | group->meth->group_clear_finish(group); | 149 | group->meth->group_clear_finish(group); |
| 126 | else if (group->meth != NULL && group->meth->group_finish != 0) | 150 | else if (group->meth->group_finish != 0) |
| 127 | group->meth->group_finish(group); | 151 | group->meth->group_finish(group); |
| 128 | 152 | ||
| 129 | EC_GROUP_clear_free_extra_data(group); | 153 | EC_EX_DATA_clear_free_all_data(&group->extra_data); |
| 154 | |||
| 155 | if (group->generator != NULL) | ||
| 156 | EC_POINT_clear_free(group->generator); | ||
| 157 | BN_clear_free(&group->order); | ||
| 158 | BN_clear_free(&group->cofactor); | ||
| 159 | |||
| 160 | if (group->seed) | ||
| 161 | { | ||
| 162 | OPENSSL_cleanse(group->seed, group->seed_len); | ||
| 163 | OPENSSL_free(group->seed); | ||
| 164 | } | ||
| 130 | 165 | ||
| 131 | OPENSSL_cleanse(group, sizeof *group); | 166 | OPENSSL_cleanse(group, sizeof *group); |
| 132 | OPENSSL_free(group); | 167 | OPENSSL_free(group); |
| @@ -135,6 +170,8 @@ void EC_GROUP_clear_free(EC_GROUP *group) | |||
| 135 | 170 | ||
| 136 | int EC_GROUP_copy(EC_GROUP *dest, const EC_GROUP *src) | 171 | int EC_GROUP_copy(EC_GROUP *dest, const EC_GROUP *src) |
| 137 | { | 172 | { |
| 173 | EC_EXTRA_DATA *d; | ||
| 174 | |||
| 138 | if (dest->meth->group_copy == 0) | 175 | if (dest->meth->group_copy == 0) |
| 139 | { | 176 | { |
| 140 | ECerr(EC_F_EC_GROUP_COPY, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); | 177 | ECerr(EC_F_EC_GROUP_COPY, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); |
| @@ -148,161 +185,507 @@ int EC_GROUP_copy(EC_GROUP *dest, const EC_GROUP *src) | |||
| 148 | if (dest == src) | 185 | if (dest == src) |
| 149 | return 1; | 186 | return 1; |
| 150 | 187 | ||
| 151 | EC_GROUP_clear_free_extra_data(dest); | 188 | EC_EX_DATA_free_all_data(&dest->extra_data); |
| 152 | if (src->extra_data_dup_func) | 189 | |
| 190 | for (d = src->extra_data; d != NULL; d = d->next) | ||
| 153 | { | 191 | { |
| 154 | if (src->extra_data != NULL) | 192 | void *t = d->dup_func(d->data); |
| 193 | |||
| 194 | if (t == NULL) | ||
| 195 | return 0; | ||
| 196 | if (!EC_EX_DATA_set_data(&dest->extra_data, t, d->dup_func, d->free_func, d->clear_free_func)) | ||
| 197 | return 0; | ||
| 198 | } | ||
| 199 | |||
| 200 | if (src->generator != NULL) | ||
| 201 | { | ||
| 202 | if (dest->generator == NULL) | ||
| 203 | { | ||
| 204 | dest->generator = EC_POINT_new(dest); | ||
| 205 | if (dest->generator == NULL) return 0; | ||
| 206 | } | ||
| 207 | if (!EC_POINT_copy(dest->generator, src->generator)) return 0; | ||
| 208 | } | ||
| 209 | else | ||
| 210 | { | ||
| 211 | /* src->generator == NULL */ | ||
| 212 | if (dest->generator != NULL) | ||
| 155 | { | 213 | { |
| 156 | dest->extra_data = src->extra_data_dup_func(src->extra_data); | 214 | EC_POINT_clear_free(dest->generator); |
| 157 | if (dest->extra_data == NULL) | 215 | dest->generator = NULL; |
| 158 | return 0; | ||
| 159 | } | 216 | } |
| 217 | } | ||
| 218 | |||
| 219 | if (!BN_copy(&dest->order, &src->order)) return 0; | ||
| 220 | if (!BN_copy(&dest->cofactor, &src->cofactor)) return 0; | ||
| 160 | 221 | ||
| 161 | dest->extra_data_dup_func = src->extra_data_dup_func; | 222 | dest->curve_name = src->curve_name; |
| 162 | dest->extra_data_free_func = src->extra_data_free_func; | 223 | dest->asn1_flag = src->asn1_flag; |
| 163 | dest->extra_data_clear_free_func = src->extra_data_clear_free_func; | 224 | dest->asn1_form = src->asn1_form; |
| 225 | |||
| 226 | if (src->seed) | ||
| 227 | { | ||
| 228 | if (dest->seed) | ||
| 229 | OPENSSL_free(dest->seed); | ||
| 230 | dest->seed = OPENSSL_malloc(src->seed_len); | ||
| 231 | if (dest->seed == NULL) | ||
| 232 | return 0; | ||
| 233 | if (!memcpy(dest->seed, src->seed, src->seed_len)) | ||
| 234 | return 0; | ||
| 235 | dest->seed_len = src->seed_len; | ||
| 236 | } | ||
| 237 | else | ||
| 238 | { | ||
| 239 | if (dest->seed) | ||
| 240 | OPENSSL_free(dest->seed); | ||
| 241 | dest->seed = NULL; | ||
| 242 | dest->seed_len = 0; | ||
| 164 | } | 243 | } |
| 244 | |||
| 165 | 245 | ||
| 166 | return dest->meth->group_copy(dest, src); | 246 | return dest->meth->group_copy(dest, src); |
| 167 | } | 247 | } |
| 168 | 248 | ||
| 169 | 249 | ||
| 250 | EC_GROUP *EC_GROUP_dup(const EC_GROUP *a) | ||
| 251 | { | ||
| 252 | EC_GROUP *t = NULL; | ||
| 253 | int ok = 0; | ||
| 254 | |||
| 255 | if (a == NULL) return NULL; | ||
| 256 | |||
| 257 | if ((t = EC_GROUP_new(a->meth)) == NULL) return(NULL); | ||
| 258 | if (!EC_GROUP_copy(t, a)) goto err; | ||
| 259 | |||
| 260 | ok = 1; | ||
| 261 | |||
| 262 | err: | ||
| 263 | if (!ok) | ||
| 264 | { | ||
| 265 | if (t) EC_GROUP_free(t); | ||
| 266 | return NULL; | ||
| 267 | } | ||
| 268 | else return t; | ||
| 269 | } | ||
| 270 | |||
| 271 | |||
| 170 | const EC_METHOD *EC_GROUP_method_of(const EC_GROUP *group) | 272 | const EC_METHOD *EC_GROUP_method_of(const EC_GROUP *group) |
| 171 | { | 273 | { |
| 172 | return group->meth; | 274 | return group->meth; |
| 173 | } | 275 | } |
| 174 | 276 | ||
| 175 | 277 | ||
| 278 | int EC_METHOD_get_field_type(const EC_METHOD *meth) | ||
| 279 | { | ||
| 280 | return meth->field_type; | ||
| 281 | } | ||
| 282 | |||
| 283 | |||
| 284 | int EC_GROUP_set_generator(EC_GROUP *group, const EC_POINT *generator, const BIGNUM *order, const BIGNUM *cofactor) | ||
| 285 | { | ||
| 286 | if (generator == NULL) | ||
| 287 | { | ||
| 288 | ECerr(EC_F_EC_GROUP_SET_GENERATOR, ERR_R_PASSED_NULL_PARAMETER); | ||
| 289 | return 0 ; | ||
| 290 | } | ||
| 291 | |||
| 292 | if (group->generator == NULL) | ||
| 293 | { | ||
| 294 | group->generator = EC_POINT_new(group); | ||
| 295 | if (group->generator == NULL) return 0; | ||
| 296 | } | ||
| 297 | if (!EC_POINT_copy(group->generator, generator)) return 0; | ||
| 298 | |||
| 299 | if (order != NULL) | ||
| 300 | { if (!BN_copy(&group->order, order)) return 0; } | ||
| 301 | else | ||
| 302 | BN_zero(&group->order); | ||
| 303 | |||
| 304 | if (cofactor != NULL) | ||
| 305 | { if (!BN_copy(&group->cofactor, cofactor)) return 0; } | ||
| 306 | else | ||
| 307 | BN_zero(&group->cofactor); | ||
| 308 | |||
| 309 | return 1; | ||
| 310 | } | ||
| 311 | |||
| 312 | |||
| 313 | const EC_POINT *EC_GROUP_get0_generator(const EC_GROUP *group) | ||
| 314 | { | ||
| 315 | return group->generator; | ||
| 316 | } | ||
| 317 | |||
| 318 | |||
| 319 | int EC_GROUP_get_order(const EC_GROUP *group, BIGNUM *order, BN_CTX *ctx) | ||
| 320 | { | ||
| 321 | if (!BN_copy(order, &group->order)) | ||
| 322 | return 0; | ||
| 323 | |||
| 324 | return !BN_is_zero(order); | ||
| 325 | } | ||
| 326 | |||
| 327 | |||
| 328 | int EC_GROUP_get_cofactor(const EC_GROUP *group, BIGNUM *cofactor, BN_CTX *ctx) | ||
| 329 | { | ||
| 330 | if (!BN_copy(cofactor, &group->cofactor)) | ||
| 331 | return 0; | ||
| 332 | |||
| 333 | return !BN_is_zero(&group->cofactor); | ||
| 334 | } | ||
| 335 | |||
| 336 | |||
| 337 | void EC_GROUP_set_curve_name(EC_GROUP *group, int nid) | ||
| 338 | { | ||
| 339 | group->curve_name = nid; | ||
| 340 | } | ||
| 341 | |||
| 342 | |||
| 343 | int EC_GROUP_get_curve_name(const EC_GROUP *group) | ||
| 344 | { | ||
| 345 | return group->curve_name; | ||
| 346 | } | ||
| 347 | |||
| 348 | |||
| 349 | void EC_GROUP_set_asn1_flag(EC_GROUP *group, int flag) | ||
| 350 | { | ||
| 351 | group->asn1_flag = flag; | ||
| 352 | } | ||
| 353 | |||
| 354 | |||
| 355 | int EC_GROUP_get_asn1_flag(const EC_GROUP *group) | ||
| 356 | { | ||
| 357 | return group->asn1_flag; | ||
| 358 | } | ||
| 359 | |||
| 360 | |||
| 361 | void EC_GROUP_set_point_conversion_form(EC_GROUP *group, | ||
| 362 | point_conversion_form_t form) | ||
| 363 | { | ||
| 364 | group->asn1_form = form; | ||
| 365 | } | ||
| 366 | |||
| 367 | |||
| 368 | point_conversion_form_t EC_GROUP_get_point_conversion_form(const EC_GROUP *group) | ||
| 369 | { | ||
| 370 | return group->asn1_form; | ||
| 371 | } | ||
| 372 | |||
| 373 | |||
| 374 | size_t EC_GROUP_set_seed(EC_GROUP *group, const unsigned char *p, size_t len) | ||
| 375 | { | ||
| 376 | if (group->seed) | ||
| 377 | { | ||
| 378 | OPENSSL_free(group->seed); | ||
| 379 | group->seed = NULL; | ||
| 380 | group->seed_len = 0; | ||
| 381 | } | ||
| 382 | |||
| 383 | if (!len || !p) | ||
| 384 | return 1; | ||
| 385 | |||
| 386 | if ((group->seed = OPENSSL_malloc(len)) == NULL) | ||
| 387 | return 0; | ||
| 388 | memcpy(group->seed, p, len); | ||
| 389 | group->seed_len = len; | ||
| 390 | |||
| 391 | return len; | ||
| 392 | } | ||
| 393 | |||
| 394 | |||
| 395 | unsigned char *EC_GROUP_get0_seed(const EC_GROUP *group) | ||
| 396 | { | ||
| 397 | return group->seed; | ||
| 398 | } | ||
| 399 | |||
| 400 | |||
| 401 | size_t EC_GROUP_get_seed_len(const EC_GROUP *group) | ||
| 402 | { | ||
| 403 | return group->seed_len; | ||
| 404 | } | ||
| 405 | |||
| 406 | |||
| 176 | int EC_GROUP_set_curve_GFp(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) | 407 | int EC_GROUP_set_curve_GFp(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) |
| 177 | { | 408 | { |
| 178 | if (group->meth->group_set_curve_GFp == 0) | 409 | if (group->meth->group_set_curve == 0) |
| 179 | { | 410 | { |
| 180 | ECerr(EC_F_EC_GROUP_SET_CURVE_GFP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); | 411 | ECerr(EC_F_EC_GROUP_SET_CURVE_GFP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); |
| 181 | return 0; | 412 | return 0; |
| 182 | } | 413 | } |
| 183 | return group->meth->group_set_curve_GFp(group, p, a, b, ctx); | 414 | return group->meth->group_set_curve(group, p, a, b, ctx); |
| 184 | } | 415 | } |
| 185 | 416 | ||
| 186 | 417 | ||
| 187 | int EC_GROUP_get_curve_GFp(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, BIGNUM *b, BN_CTX *ctx) | 418 | int EC_GROUP_get_curve_GFp(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, BIGNUM *b, BN_CTX *ctx) |
| 188 | { | 419 | { |
| 189 | if (group->meth->group_get_curve_GFp == 0) | 420 | if (group->meth->group_get_curve == 0) |
| 190 | { | 421 | { |
| 191 | ECerr(EC_F_EC_GROUP_GET_CURVE_GFP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); | 422 | ECerr(EC_F_EC_GROUP_GET_CURVE_GFP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); |
| 192 | return 0; | 423 | return 0; |
| 193 | } | 424 | } |
| 194 | return group->meth->group_get_curve_GFp(group, p, a, b, ctx); | 425 | return group->meth->group_get_curve(group, p, a, b, ctx); |
| 195 | } | 426 | } |
| 196 | 427 | ||
| 197 | 428 | ||
| 198 | int EC_GROUP_set_generator(EC_GROUP *group, const EC_POINT *generator, const BIGNUM *order, const BIGNUM *cofactor) | 429 | int EC_GROUP_set_curve_GF2m(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) |
| 199 | { | 430 | { |
| 200 | if (group->meth->group_set_generator == 0) | 431 | if (group->meth->group_set_curve == 0) |
| 201 | { | 432 | { |
| 202 | ECerr(EC_F_EC_GROUP_SET_GENERATOR, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); | 433 | ECerr(EC_F_EC_GROUP_SET_CURVE_GF2M, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); |
| 203 | return 0; | 434 | return 0; |
| 204 | } | 435 | } |
| 205 | return group->meth->group_set_generator(group, generator, order, cofactor); | 436 | return group->meth->group_set_curve(group, p, a, b, ctx); |
| 206 | } | 437 | } |
| 207 | 438 | ||
| 208 | 439 | ||
| 209 | EC_POINT *EC_GROUP_get0_generator(const EC_GROUP *group) | 440 | int EC_GROUP_get_curve_GF2m(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, BIGNUM *b, BN_CTX *ctx) |
| 210 | { | 441 | { |
| 211 | if (group->meth->group_get0_generator == 0) | 442 | if (group->meth->group_get_curve == 0) |
| 212 | { | 443 | { |
| 213 | ECerr(EC_F_EC_GROUP_GET0_GENERATOR, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); | 444 | ECerr(EC_F_EC_GROUP_GET_CURVE_GF2M, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); |
| 214 | return 0; | 445 | return 0; |
| 215 | } | 446 | } |
| 216 | return group->meth->group_get0_generator(group); | 447 | return group->meth->group_get_curve(group, p, a, b, ctx); |
| 217 | } | 448 | } |
| 218 | 449 | ||
| 219 | 450 | ||
| 220 | int EC_GROUP_get_order(const EC_GROUP *group, BIGNUM *order, BN_CTX *ctx) | 451 | int EC_GROUP_get_degree(const EC_GROUP *group) |
| 221 | { | 452 | { |
| 222 | if (group->meth->group_get_order == 0) | 453 | if (group->meth->group_get_degree == 0) |
| 223 | { | 454 | { |
| 224 | ECerr(EC_F_EC_GROUP_GET_ORDER, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); | 455 | ECerr(EC_F_EC_GROUP_GET_DEGREE, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); |
| 225 | return 0; | 456 | return 0; |
| 226 | } | 457 | } |
| 227 | return group->meth->group_get_order(group, order, ctx); | 458 | return group->meth->group_get_degree(group); |
| 228 | } | 459 | } |
| 229 | 460 | ||
| 230 | 461 | ||
| 231 | int EC_GROUP_get_cofactor(const EC_GROUP *group, BIGNUM *cofactor, BN_CTX *ctx) | 462 | int EC_GROUP_check_discriminant(const EC_GROUP *group, BN_CTX *ctx) |
| 232 | { | 463 | { |
| 233 | if (group->meth->group_get_cofactor == 0) | 464 | if (group->meth->group_check_discriminant == 0) |
| 234 | { | 465 | { |
| 235 | ECerr(EC_F_EC_GROUP_GET_COFACTOR, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); | 466 | ECerr(EC_F_EC_GROUP_CHECK_DISCRIMINANT, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); |
| 236 | return 0; | 467 | return 0; |
| 237 | } | 468 | } |
| 238 | return group->meth->group_get_cofactor(group, cofactor, ctx); | 469 | return group->meth->group_check_discriminant(group, ctx); |
| 239 | } | 470 | } |
| 240 | 471 | ||
| 241 | 472 | ||
| 242 | /* this has 'package' visibility */ | 473 | int EC_GROUP_cmp(const EC_GROUP *a, const EC_GROUP *b, BN_CTX *ctx) |
| 243 | int EC_GROUP_set_extra_data(EC_GROUP *group, void *extra_data, void *(*extra_data_dup_func)(void *), | ||
| 244 | void (*extra_data_free_func)(void *), void (*extra_data_clear_free_func)(void *)) | ||
| 245 | { | 474 | { |
| 246 | if ((group->extra_data != NULL) | 475 | int r = 0; |
| 247 | || (group->extra_data_dup_func != 0) | 476 | BIGNUM *a1, *a2, *a3, *b1, *b2, *b3; |
| 248 | || (group->extra_data_free_func != 0) | 477 | BN_CTX *ctx_new = NULL; |
| 249 | || (group->extra_data_clear_free_func != 0)) | 478 | |
| 250 | { | 479 | /* compare the field types*/ |
| 251 | ECerr(EC_F_EC_GROUP_SET_EXTRA_DATA, EC_R_SLOT_FULL); | 480 | if (EC_METHOD_get_field_type(EC_GROUP_method_of(a)) != |
| 481 | EC_METHOD_get_field_type(EC_GROUP_method_of(b))) | ||
| 482 | return 1; | ||
| 483 | /* compare the curve name (if present) */ | ||
| 484 | if (EC_GROUP_get_curve_name(a) && EC_GROUP_get_curve_name(b) && | ||
| 485 | EC_GROUP_get_curve_name(a) == EC_GROUP_get_curve_name(b)) | ||
| 252 | return 0; | 486 | return 0; |
| 487 | |||
| 488 | if (!ctx) | ||
| 489 | ctx_new = ctx = BN_CTX_new(); | ||
| 490 | if (!ctx) | ||
| 491 | return -1; | ||
| 492 | |||
| 493 | BN_CTX_start(ctx); | ||
| 494 | a1 = BN_CTX_get(ctx); | ||
| 495 | a2 = BN_CTX_get(ctx); | ||
| 496 | a3 = BN_CTX_get(ctx); | ||
| 497 | b1 = BN_CTX_get(ctx); | ||
| 498 | b2 = BN_CTX_get(ctx); | ||
| 499 | b3 = BN_CTX_get(ctx); | ||
| 500 | if (!b3) | ||
| 501 | { | ||
| 502 | BN_CTX_end(ctx); | ||
| 503 | if (ctx_new) | ||
| 504 | BN_CTX_free(ctx); | ||
| 505 | return -1; | ||
| 253 | } | 506 | } |
| 254 | 507 | ||
| 255 | group->extra_data = extra_data; | 508 | /* XXX This approach assumes that the external representation |
| 256 | group->extra_data_dup_func = extra_data_dup_func; | 509 | * of curves over the same field type is the same. |
| 257 | group->extra_data_free_func = extra_data_free_func; | 510 | */ |
| 258 | group->extra_data_clear_free_func = extra_data_clear_free_func; | 511 | if (!a->meth->group_get_curve(a, a1, a2, a3, ctx) || |
| 259 | return 1; | 512 | !b->meth->group_get_curve(b, b1, b2, b3, ctx)) |
| 513 | r = 1; | ||
| 514 | |||
| 515 | if (r || BN_cmp(a1, b1) || BN_cmp(a2, b2) || BN_cmp(a3, b3)) | ||
| 516 | r = 1; | ||
| 517 | |||
| 518 | /* XXX EC_POINT_cmp() assumes that the methods are equal */ | ||
| 519 | if (r || EC_POINT_cmp(a, EC_GROUP_get0_generator(a), | ||
| 520 | EC_GROUP_get0_generator(b), ctx)) | ||
| 521 | r = 1; | ||
| 522 | |||
| 523 | if (!r) | ||
| 524 | { | ||
| 525 | /* compare the order and cofactor */ | ||
| 526 | if (!EC_GROUP_get_order(a, a1, ctx) || | ||
| 527 | !EC_GROUP_get_order(b, b1, ctx) || | ||
| 528 | !EC_GROUP_get_cofactor(a, a2, ctx) || | ||
| 529 | !EC_GROUP_get_cofactor(b, b2, ctx)) | ||
| 530 | { | ||
| 531 | BN_CTX_end(ctx); | ||
| 532 | if (ctx_new) | ||
| 533 | BN_CTX_free(ctx); | ||
| 534 | return -1; | ||
| 535 | } | ||
| 536 | if (BN_cmp(a1, b1) || BN_cmp(a2, b2)) | ||
| 537 | r = 1; | ||
| 538 | } | ||
| 539 | |||
| 540 | BN_CTX_end(ctx); | ||
| 541 | if (ctx_new) | ||
| 542 | BN_CTX_free(ctx); | ||
| 543 | |||
| 544 | return r; | ||
| 260 | } | 545 | } |
| 261 | 546 | ||
| 262 | 547 | ||
| 263 | /* this has 'package' visibility */ | 548 | /* this has 'package' visibility */ |
| 264 | void *EC_GROUP_get_extra_data(const EC_GROUP *group, void *(*extra_data_dup_func)(void *), | 549 | int EC_EX_DATA_set_data(EC_EXTRA_DATA **ex_data, void *data, |
| 265 | void (*extra_data_free_func)(void *), void (*extra_data_clear_free_func)(void *)) | 550 | void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *)) |
| 266 | { | 551 | { |
| 267 | if ((group->extra_data_dup_func != extra_data_dup_func) | 552 | EC_EXTRA_DATA *d; |
| 268 | || (group->extra_data_free_func != extra_data_free_func) | 553 | |
| 269 | || (group->extra_data_clear_free_func != extra_data_clear_free_func)) | 554 | if (ex_data == NULL) |
| 555 | return 0; | ||
| 556 | |||
| 557 | for (d = *ex_data; d != NULL; d = d->next) | ||
| 270 | { | 558 | { |
| 271 | #if 0 /* this was an error in 0.9.7, but that does not make a lot of sense */ | 559 | if (d->dup_func == dup_func && d->free_func == free_func && d->clear_free_func == clear_free_func) |
| 272 | ECerr(..._F_EC_GROUP_GET_EXTRA_DATA, ..._R_NO_SUCH_EXTRA_DATA); | 560 | { |
| 273 | #endif | 561 | ECerr(EC_F_EC_EX_DATA_SET_DATA, EC_R_SLOT_FULL); |
| 274 | return NULL; | 562 | return 0; |
| 563 | } | ||
| 275 | } | 564 | } |
| 276 | 565 | ||
| 277 | return group->extra_data; | 566 | if (data == NULL) |
| 567 | /* no explicit entry needed */ | ||
| 568 | return 1; | ||
| 569 | |||
| 570 | d = OPENSSL_malloc(sizeof *d); | ||
| 571 | if (d == NULL) | ||
| 572 | return 0; | ||
| 573 | |||
| 574 | d->data = data; | ||
| 575 | d->dup_func = dup_func; | ||
| 576 | d->free_func = free_func; | ||
| 577 | d->clear_free_func = clear_free_func; | ||
| 578 | |||
| 579 | d->next = *ex_data; | ||
| 580 | *ex_data = d; | ||
| 581 | |||
| 582 | return 1; | ||
| 278 | } | 583 | } |
| 279 | 584 | ||
| 585 | /* this has 'package' visibility */ | ||
| 586 | void *EC_EX_DATA_get_data(const EC_EXTRA_DATA *ex_data, | ||
| 587 | void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *)) | ||
| 588 | { | ||
| 589 | const EC_EXTRA_DATA *d; | ||
| 590 | |||
| 591 | for (d = ex_data; d != NULL; d = d->next) | ||
| 592 | { | ||
| 593 | if (d->dup_func == dup_func && d->free_func == free_func && d->clear_free_func == clear_free_func) | ||
| 594 | return d->data; | ||
| 595 | } | ||
| 596 | |||
| 597 | return NULL; | ||
| 598 | } | ||
| 280 | 599 | ||
| 281 | /* this has 'package' visibility */ | 600 | /* this has 'package' visibility */ |
| 282 | void EC_GROUP_free_extra_data(EC_GROUP *group) | 601 | void EC_EX_DATA_free_data(EC_EXTRA_DATA **ex_data, |
| 602 | void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *)) | ||
| 283 | { | 603 | { |
| 284 | if (group->extra_data_free_func) | 604 | EC_EXTRA_DATA **p; |
| 285 | group->extra_data_free_func(group->extra_data); | 605 | |
| 286 | group->extra_data = NULL; | 606 | if (ex_data == NULL) |
| 287 | group->extra_data_dup_func = 0; | 607 | return; |
| 288 | group->extra_data_free_func = 0; | 608 | |
| 289 | group->extra_data_clear_free_func = 0; | 609 | for (p = ex_data; *p != NULL; p = &((*p)->next)) |
| 610 | { | ||
| 611 | if ((*p)->dup_func == dup_func && (*p)->free_func == free_func && (*p)->clear_free_func == clear_free_func) | ||
| 612 | { | ||
| 613 | EC_EXTRA_DATA *next = (*p)->next; | ||
| 614 | |||
| 615 | (*p)->free_func((*p)->data); | ||
| 616 | OPENSSL_free(*p); | ||
| 617 | |||
| 618 | *p = next; | ||
| 619 | return; | ||
| 620 | } | ||
| 621 | } | ||
| 290 | } | 622 | } |
| 291 | 623 | ||
| 624 | /* this has 'package' visibility */ | ||
| 625 | void EC_EX_DATA_clear_free_data(EC_EXTRA_DATA **ex_data, | ||
| 626 | void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *)) | ||
| 627 | { | ||
| 628 | EC_EXTRA_DATA **p; | ||
| 629 | |||
| 630 | if (ex_data == NULL) | ||
| 631 | return; | ||
| 632 | |||
| 633 | for (p = ex_data; *p != NULL; p = &((*p)->next)) | ||
| 634 | { | ||
| 635 | if ((*p)->dup_func == dup_func && (*p)->free_func == free_func && (*p)->clear_free_func == clear_free_func) | ||
| 636 | { | ||
| 637 | EC_EXTRA_DATA *next = (*p)->next; | ||
| 638 | |||
| 639 | (*p)->clear_free_func((*p)->data); | ||
| 640 | OPENSSL_free(*p); | ||
| 641 | |||
| 642 | *p = next; | ||
| 643 | return; | ||
| 644 | } | ||
| 645 | } | ||
| 646 | } | ||
| 292 | 647 | ||
| 293 | /* this has 'package' visibility */ | 648 | /* this has 'package' visibility */ |
| 294 | void EC_GROUP_clear_free_extra_data(EC_GROUP *group) | 649 | void EC_EX_DATA_free_all_data(EC_EXTRA_DATA **ex_data) |
| 295 | { | 650 | { |
| 296 | if (group->extra_data_clear_free_func) | 651 | EC_EXTRA_DATA *d; |
| 297 | group->extra_data_clear_free_func(group->extra_data); | 652 | |
| 298 | else if (group->extra_data_free_func) | 653 | if (ex_data == NULL) |
| 299 | group->extra_data_free_func(group->extra_data); | 654 | return; |
| 300 | group->extra_data = NULL; | 655 | |
| 301 | group->extra_data_dup_func = 0; | 656 | d = *ex_data; |
| 302 | group->extra_data_free_func = 0; | 657 | while (d) |
| 303 | group->extra_data_clear_free_func = 0; | 658 | { |
| 659 | EC_EXTRA_DATA *next = d->next; | ||
| 660 | |||
| 661 | d->free_func(d->data); | ||
| 662 | OPENSSL_free(d); | ||
| 663 | |||
| 664 | d = next; | ||
| 665 | } | ||
| 666 | *ex_data = NULL; | ||
| 304 | } | 667 | } |
| 305 | 668 | ||
| 669 | /* this has 'package' visibility */ | ||
| 670 | void EC_EX_DATA_clear_free_all_data(EC_EXTRA_DATA **ex_data) | ||
| 671 | { | ||
| 672 | EC_EXTRA_DATA *d; | ||
| 673 | |||
| 674 | if (ex_data == NULL) | ||
| 675 | return; | ||
| 676 | |||
| 677 | d = *ex_data; | ||
| 678 | while (d) | ||
| 679 | { | ||
| 680 | EC_EXTRA_DATA *next = d->next; | ||
| 681 | |||
| 682 | d->clear_free_func(d->data); | ||
| 683 | OPENSSL_free(d); | ||
| 684 | |||
| 685 | d = next; | ||
| 686 | } | ||
| 687 | *ex_data = NULL; | ||
| 688 | } | ||
| 306 | 689 | ||
| 307 | 690 | ||
| 308 | /* functions for EC_POINT objects */ | 691 | /* functions for EC_POINT objects */ |
| @@ -382,6 +765,25 @@ int EC_POINT_copy(EC_POINT *dest, const EC_POINT *src) | |||
| 382 | } | 765 | } |
| 383 | 766 | ||
| 384 | 767 | ||
| 768 | EC_POINT *EC_POINT_dup(const EC_POINT *a, const EC_GROUP *group) | ||
| 769 | { | ||
| 770 | EC_POINT *t; | ||
| 771 | int r; | ||
| 772 | |||
| 773 | if (a == NULL) return NULL; | ||
| 774 | |||
| 775 | t = EC_POINT_new(group); | ||
| 776 | if (t == NULL) return(NULL); | ||
| 777 | r = EC_POINT_copy(t, a); | ||
| 778 | if (!r) | ||
| 779 | { | ||
| 780 | EC_POINT_free(t); | ||
| 781 | return NULL; | ||
| 782 | } | ||
| 783 | else return t; | ||
| 784 | } | ||
| 785 | |||
| 786 | |||
| 385 | const EC_METHOD *EC_POINT_method_of(const EC_POINT *point) | 787 | const EC_METHOD *EC_POINT_method_of(const EC_POINT *point) |
| 386 | { | 788 | { |
| 387 | return point->meth; | 789 | return point->meth; |
| @@ -441,7 +843,7 @@ int EC_POINT_get_Jprojective_coordinates_GFp(const EC_GROUP *group, const EC_POI | |||
| 441 | int EC_POINT_set_affine_coordinates_GFp(const EC_GROUP *group, EC_POINT *point, | 843 | int EC_POINT_set_affine_coordinates_GFp(const EC_GROUP *group, EC_POINT *point, |
| 442 | const BIGNUM *x, const BIGNUM *y, BN_CTX *ctx) | 844 | const BIGNUM *x, const BIGNUM *y, BN_CTX *ctx) |
| 443 | { | 845 | { |
| 444 | if (group->meth->point_set_affine_coordinates_GFp == 0) | 846 | if (group->meth->point_set_affine_coordinates == 0) |
| 445 | { | 847 | { |
| 446 | ECerr(EC_F_EC_POINT_SET_AFFINE_COORDINATES_GFP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); | 848 | ECerr(EC_F_EC_POINT_SET_AFFINE_COORDINATES_GFP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); |
| 447 | return 0; | 849 | return 0; |
| @@ -451,14 +853,31 @@ int EC_POINT_set_affine_coordinates_GFp(const EC_GROUP *group, EC_POINT *point, | |||
| 451 | ECerr(EC_F_EC_POINT_SET_AFFINE_COORDINATES_GFP, EC_R_INCOMPATIBLE_OBJECTS); | 853 | ECerr(EC_F_EC_POINT_SET_AFFINE_COORDINATES_GFP, EC_R_INCOMPATIBLE_OBJECTS); |
| 452 | return 0; | 854 | return 0; |
| 453 | } | 855 | } |
| 454 | return group->meth->point_set_affine_coordinates_GFp(group, point, x, y, ctx); | 856 | return group->meth->point_set_affine_coordinates(group, point, x, y, ctx); |
| 857 | } | ||
| 858 | |||
| 859 | |||
| 860 | int EC_POINT_set_affine_coordinates_GF2m(const EC_GROUP *group, EC_POINT *point, | ||
| 861 | const BIGNUM *x, const BIGNUM *y, BN_CTX *ctx) | ||
| 862 | { | ||
| 863 | if (group->meth->point_set_affine_coordinates == 0) | ||
| 864 | { | ||
| 865 | ECerr(EC_F_EC_POINT_SET_AFFINE_COORDINATES_GF2M, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); | ||
| 866 | return 0; | ||
| 867 | } | ||
| 868 | if (group->meth != point->meth) | ||
| 869 | { | ||
| 870 | ECerr(EC_F_EC_POINT_SET_AFFINE_COORDINATES_GF2M, EC_R_INCOMPATIBLE_OBJECTS); | ||
| 871 | return 0; | ||
| 872 | } | ||
| 873 | return group->meth->point_set_affine_coordinates(group, point, x, y, ctx); | ||
| 455 | } | 874 | } |
| 456 | 875 | ||
| 457 | 876 | ||
| 458 | int EC_POINT_get_affine_coordinates_GFp(const EC_GROUP *group, const EC_POINT *point, | 877 | int EC_POINT_get_affine_coordinates_GFp(const EC_GROUP *group, const EC_POINT *point, |
| 459 | BIGNUM *x, BIGNUM *y, BN_CTX *ctx) | 878 | BIGNUM *x, BIGNUM *y, BN_CTX *ctx) |
| 460 | { | 879 | { |
| 461 | if (group->meth->point_get_affine_coordinates_GFp == 0) | 880 | if (group->meth->point_get_affine_coordinates == 0) |
| 462 | { | 881 | { |
| 463 | ECerr(EC_F_EC_POINT_GET_AFFINE_COORDINATES_GFP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); | 882 | ECerr(EC_F_EC_POINT_GET_AFFINE_COORDINATES_GFP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); |
| 464 | return 0; | 883 | return 0; |
| @@ -468,14 +887,31 @@ int EC_POINT_get_affine_coordinates_GFp(const EC_GROUP *group, const EC_POINT *p | |||
| 468 | ECerr(EC_F_EC_POINT_GET_AFFINE_COORDINATES_GFP, EC_R_INCOMPATIBLE_OBJECTS); | 887 | ECerr(EC_F_EC_POINT_GET_AFFINE_COORDINATES_GFP, EC_R_INCOMPATIBLE_OBJECTS); |
| 469 | return 0; | 888 | return 0; |
| 470 | } | 889 | } |
| 471 | return group->meth->point_get_affine_coordinates_GFp(group, point, x, y, ctx); | 890 | return group->meth->point_get_affine_coordinates(group, point, x, y, ctx); |
| 891 | } | ||
| 892 | |||
| 893 | |||
| 894 | int EC_POINT_get_affine_coordinates_GF2m(const EC_GROUP *group, const EC_POINT *point, | ||
| 895 | BIGNUM *x, BIGNUM *y, BN_CTX *ctx) | ||
| 896 | { | ||
| 897 | if (group->meth->point_get_affine_coordinates == 0) | ||
| 898 | { | ||
| 899 | ECerr(EC_F_EC_POINT_GET_AFFINE_COORDINATES_GF2M, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); | ||
| 900 | return 0; | ||
| 901 | } | ||
| 902 | if (group->meth != point->meth) | ||
| 903 | { | ||
| 904 | ECerr(EC_F_EC_POINT_GET_AFFINE_COORDINATES_GF2M, EC_R_INCOMPATIBLE_OBJECTS); | ||
| 905 | return 0; | ||
| 906 | } | ||
| 907 | return group->meth->point_get_affine_coordinates(group, point, x, y, ctx); | ||
| 472 | } | 908 | } |
| 473 | 909 | ||
| 474 | 910 | ||
| 475 | int EC_POINT_set_compressed_coordinates_GFp(const EC_GROUP *group, EC_POINT *point, | 911 | int EC_POINT_set_compressed_coordinates_GFp(const EC_GROUP *group, EC_POINT *point, |
| 476 | const BIGNUM *x, int y_bit, BN_CTX *ctx) | 912 | const BIGNUM *x, int y_bit, BN_CTX *ctx) |
| 477 | { | 913 | { |
| 478 | if (group->meth->point_set_compressed_coordinates_GFp == 0) | 914 | if (group->meth->point_set_compressed_coordinates == 0) |
| 479 | { | 915 | { |
| 480 | ECerr(EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GFP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); | 916 | ECerr(EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GFP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); |
| 481 | return 0; | 917 | return 0; |
| @@ -485,7 +921,24 @@ int EC_POINT_set_compressed_coordinates_GFp(const EC_GROUP *group, EC_POINT *poi | |||
| 485 | ECerr(EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GFP, EC_R_INCOMPATIBLE_OBJECTS); | 921 | ECerr(EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GFP, EC_R_INCOMPATIBLE_OBJECTS); |
| 486 | return 0; | 922 | return 0; |
| 487 | } | 923 | } |
| 488 | return group->meth->point_set_compressed_coordinates_GFp(group, point, x, y_bit, ctx); | 924 | return group->meth->point_set_compressed_coordinates(group, point, x, y_bit, ctx); |
| 925 | } | ||
| 926 | |||
| 927 | |||
| 928 | int EC_POINT_set_compressed_coordinates_GF2m(const EC_GROUP *group, EC_POINT *point, | ||
| 929 | const BIGNUM *x, int y_bit, BN_CTX *ctx) | ||
| 930 | { | ||
| 931 | if (group->meth->point_set_compressed_coordinates == 0) | ||
| 932 | { | ||
| 933 | ECerr(EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GF2M, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); | ||
| 934 | return 0; | ||
| 935 | } | ||
| 936 | if (group->meth != point->meth) | ||
| 937 | { | ||
| 938 | ECerr(EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GF2M, EC_R_INCOMPATIBLE_OBJECTS); | ||
| 939 | return 0; | ||
| 940 | } | ||
| 941 | return group->meth->point_set_compressed_coordinates(group, point, x, y_bit, ctx); | ||
| 489 | } | 942 | } |
| 490 | 943 | ||
| 491 | 944 | ||
| @@ -559,12 +1012,12 @@ int EC_POINT_invert(const EC_GROUP *group, EC_POINT *a, BN_CTX *ctx) | |||
| 559 | { | 1012 | { |
| 560 | if (group->meth->dbl == 0) | 1013 | if (group->meth->dbl == 0) |
| 561 | { | 1014 | { |
| 562 | ECerr(EC_F_EC_POINT_DBL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); | 1015 | ECerr(EC_F_EC_POINT_INVERT, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); |
| 563 | return 0; | 1016 | return 0; |
| 564 | } | 1017 | } |
| 565 | if (group->meth != a->meth) | 1018 | if (group->meth != a->meth) |
| 566 | { | 1019 | { |
| 567 | ECerr(EC_F_EC_POINT_DBL, EC_R_INCOMPATIBLE_OBJECTS); | 1020 | ECerr(EC_F_EC_POINT_INVERT, EC_R_INCOMPATIBLE_OBJECTS); |
| 568 | return 0; | 1021 | return 0; |
| 569 | } | 1022 | } |
| 570 | return group->meth->invert(group, a, ctx); | 1023 | return group->meth->invert(group, a, ctx); |
| @@ -654,3 +1107,58 @@ int EC_POINTs_make_affine(const EC_GROUP *group, size_t num, EC_POINT *points[], | |||
| 654 | } | 1107 | } |
| 655 | return group->meth->points_make_affine(group, num, points, ctx); | 1108 | return group->meth->points_make_affine(group, num, points, ctx); |
| 656 | } | 1109 | } |
| 1110 | |||
| 1111 | |||
| 1112 | /* Functions for point multiplication. | ||
| 1113 | * | ||
| 1114 | * If group->meth->mul is 0, we use the wNAF-based implementations in ec_mult.c; | ||
| 1115 | * otherwise we dispatch through methods. | ||
| 1116 | */ | ||
| 1117 | |||
| 1118 | int EC_POINTs_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, | ||
| 1119 | size_t num, const EC_POINT *points[], const BIGNUM *scalars[], BN_CTX *ctx) | ||
| 1120 | { | ||
| 1121 | if (group->meth->mul == 0) | ||
| 1122 | /* use default */ | ||
| 1123 | return ec_wNAF_mul(group, r, scalar, num, points, scalars, ctx); | ||
| 1124 | |||
| 1125 | return group->meth->mul(group, r, scalar, num, points, scalars, ctx); | ||
| 1126 | } | ||
| 1127 | |||
| 1128 | int EC_POINT_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *g_scalar, | ||
| 1129 | const EC_POINT *point, const BIGNUM *p_scalar, BN_CTX *ctx) | ||
| 1130 | { | ||
| 1131 | /* just a convenient interface to EC_POINTs_mul() */ | ||
| 1132 | |||
| 1133 | const EC_POINT *points[1]; | ||
| 1134 | const BIGNUM *scalars[1]; | ||
| 1135 | |||
| 1136 | points[0] = point; | ||
| 1137 | scalars[0] = p_scalar; | ||
| 1138 | |||
| 1139 | return EC_POINTs_mul(group, r, g_scalar, (point != NULL && p_scalar != NULL), points, scalars, ctx); | ||
| 1140 | } | ||
| 1141 | |||
| 1142 | int EC_GROUP_precompute_mult(EC_GROUP *group, BN_CTX *ctx) | ||
| 1143 | { | ||
| 1144 | if (group->meth->mul == 0) | ||
| 1145 | /* use default */ | ||
| 1146 | return ec_wNAF_precompute_mult(group, ctx); | ||
| 1147 | |||
| 1148 | if (group->meth->precompute_mult != 0) | ||
| 1149 | return group->meth->precompute_mult(group, ctx); | ||
| 1150 | else | ||
| 1151 | return 1; /* nothing to do, so report success */ | ||
| 1152 | } | ||
| 1153 | |||
| 1154 | int EC_GROUP_have_precompute_mult(const EC_GROUP *group) | ||
| 1155 | { | ||
| 1156 | if (group->meth->mul == 0) | ||
| 1157 | /* use default */ | ||
| 1158 | return ec_wNAF_have_precompute_mult(group); | ||
| 1159 | |||
| 1160 | if (group->meth->have_precompute_mult != 0) | ||
| 1161 | return group->meth->have_precompute_mult(group); | ||
| 1162 | else | ||
| 1163 | return 0; /* cannot tell whether precomputation has been performed */ | ||
| 1164 | } | ||
diff --git a/src/lib/libssl/src/crypto/ec/ec_mult.c b/src/lib/libssl/src/crypto/ec/ec_mult.c index 16822a73cf..2ba173ef36 100644 --- a/src/lib/libssl/src/crypto/ec/ec_mult.c +++ b/src/lib/libssl/src/crypto/ec/ec_mult.c | |||
| @@ -1,6 +1,9 @@ | |||
| 1 | /* crypto/ec/ec_mult.c */ | 1 | /* crypto/ec/ec_mult.c */ |
| 2 | /* | ||
| 3 | * Originally written by Bodo Moeller and Nils Larsch for the OpenSSL project. | ||
| 4 | */ | ||
| 2 | /* ==================================================================== | 5 | /* ==================================================================== |
| 3 | * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. | 6 | * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved. |
| 4 | * | 7 | * |
| 5 | * Redistribution and use in source and binary forms, with or without | 8 | * Redistribution and use in source and binary forms, with or without |
| 6 | * modification, are permitted provided that the following conditions | 9 | * modification, are permitted provided that the following conditions |
| @@ -52,41 +55,161 @@ | |||
| 52 | * Hudson (tjh@cryptsoft.com). | 55 | * Hudson (tjh@cryptsoft.com). |
| 53 | * | 56 | * |
| 54 | */ | 57 | */ |
| 58 | /* ==================================================================== | ||
| 59 | * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. | ||
| 60 | * Portions of this software developed by SUN MICROSYSTEMS, INC., | ||
| 61 | * and contributed to the OpenSSL project. | ||
| 62 | */ | ||
| 63 | |||
| 64 | #include <string.h> | ||
| 55 | 65 | ||
| 56 | #include <openssl/err.h> | 66 | #include <openssl/err.h> |
| 57 | 67 | ||
| 58 | #include "ec_lcl.h" | 68 | #include "ec_lcl.h" |
| 59 | 69 | ||
| 60 | 70 | ||
| 61 | /* TODO: optional precomputation of multiples of the generator */ | 71 | /* |
| 72 | * This file implements the wNAF-based interleaving multi-exponentation method | ||
| 73 | * (<URL:http://www.informatik.tu-darmstadt.de/TI/Mitarbeiter/moeller.html#multiexp>); | ||
| 74 | * for multiplication with precomputation, we use wNAF splitting | ||
| 75 | * (<URL:http://www.informatik.tu-darmstadt.de/TI/Mitarbeiter/moeller.html#fastexp>). | ||
| 76 | */ | ||
| 62 | 77 | ||
| 63 | 78 | ||
| 64 | 79 | ||
| 65 | /* | 80 | |
| 66 | * wNAF-based interleaving multi-exponentation method | 81 | /* structure for precomputed multiples of the generator */ |
| 67 | * (<URL:http://www.informatik.tu-darmstadt.de/TI/Mitarbeiter/moeller.html#multiexp>) | 82 | typedef struct ec_pre_comp_st { |
| 68 | */ | 83 | const EC_GROUP *group; /* parent EC_GROUP object */ |
| 84 | size_t blocksize; /* block size for wNAF splitting */ | ||
| 85 | size_t numblocks; /* max. number of blocks for which we have precomputation */ | ||
| 86 | size_t w; /* window size */ | ||
| 87 | EC_POINT **points; /* array with pre-calculated multiples of generator: | ||
| 88 | * 'num' pointers to EC_POINT objects followed by a NULL */ | ||
| 89 | size_t num; /* numblocks * 2^(w-1) */ | ||
| 90 | int references; | ||
| 91 | } EC_PRE_COMP; | ||
| 92 | |||
| 93 | /* functions to manage EC_PRE_COMP within the EC_GROUP extra_data framework */ | ||
| 94 | static void *ec_pre_comp_dup(void *); | ||
| 95 | static void ec_pre_comp_free(void *); | ||
| 96 | static void ec_pre_comp_clear_free(void *); | ||
| 97 | |||
| 98 | static EC_PRE_COMP *ec_pre_comp_new(const EC_GROUP *group) | ||
| 99 | { | ||
| 100 | EC_PRE_COMP *ret = NULL; | ||
| 101 | |||
| 102 | if (!group) | ||
| 103 | return NULL; | ||
| 104 | |||
| 105 | ret = (EC_PRE_COMP *)OPENSSL_malloc(sizeof(EC_PRE_COMP)); | ||
| 106 | if (!ret) | ||
| 107 | { | ||
| 108 | ECerr(EC_F_EC_PRE_COMP_NEW, ERR_R_MALLOC_FAILURE); | ||
| 109 | return ret; | ||
| 110 | } | ||
| 111 | ret->group = group; | ||
| 112 | ret->blocksize = 8; /* default */ | ||
| 113 | ret->numblocks = 0; | ||
| 114 | ret->w = 4; /* default */ | ||
| 115 | ret->points = NULL; | ||
| 116 | ret->num = 0; | ||
| 117 | ret->references = 1; | ||
| 118 | return ret; | ||
| 119 | } | ||
| 120 | |||
| 121 | static void *ec_pre_comp_dup(void *src_) | ||
| 122 | { | ||
| 123 | EC_PRE_COMP *src = src_; | ||
| 124 | |||
| 125 | /* no need to actually copy, these objects never change! */ | ||
| 126 | |||
| 127 | CRYPTO_add(&src->references, 1, CRYPTO_LOCK_EC_PRE_COMP); | ||
| 128 | |||
| 129 | return src_; | ||
| 130 | } | ||
| 131 | |||
| 132 | static void ec_pre_comp_free(void *pre_) | ||
| 133 | { | ||
| 134 | int i; | ||
| 135 | EC_PRE_COMP *pre = pre_; | ||
| 136 | |||
| 137 | if (!pre) | ||
| 138 | return; | ||
| 139 | |||
| 140 | i = CRYPTO_add(&pre->references, -1, CRYPTO_LOCK_EC_PRE_COMP); | ||
| 141 | if (i > 0) | ||
| 142 | return; | ||
| 143 | |||
| 144 | if (pre->points) | ||
| 145 | { | ||
| 146 | EC_POINT **p; | ||
| 147 | |||
| 148 | for (p = pre->points; *p != NULL; p++) | ||
| 149 | EC_POINT_free(*p); | ||
| 150 | OPENSSL_free(pre->points); | ||
| 151 | } | ||
| 152 | OPENSSL_free(pre); | ||
| 153 | } | ||
| 154 | |||
| 155 | static void ec_pre_comp_clear_free(void *pre_) | ||
| 156 | { | ||
| 157 | int i; | ||
| 158 | EC_PRE_COMP *pre = pre_; | ||
| 159 | |||
| 160 | if (!pre) | ||
| 161 | return; | ||
| 162 | |||
| 163 | i = CRYPTO_add(&pre->references, -1, CRYPTO_LOCK_EC_PRE_COMP); | ||
| 164 | if (i > 0) | ||
| 165 | return; | ||
| 166 | |||
| 167 | if (pre->points) | ||
| 168 | { | ||
| 169 | EC_POINT **p; | ||
| 170 | |||
| 171 | for (p = pre->points; *p != NULL; p++) | ||
| 172 | EC_POINT_clear_free(*p); | ||
| 173 | OPENSSL_cleanse(pre->points, sizeof pre->points); | ||
| 174 | OPENSSL_free(pre->points); | ||
| 175 | } | ||
| 176 | OPENSSL_cleanse(pre, sizeof pre); | ||
| 177 | OPENSSL_free(pre); | ||
| 178 | } | ||
| 179 | |||
| 69 | 180 | ||
| 70 | 181 | ||
| 71 | /* Determine the width-(w+1) Non-Adjacent Form (wNAF) of 'scalar'. | 182 | |
| 183 | /* Determine the modified width-(w+1) Non-Adjacent Form (wNAF) of 'scalar'. | ||
| 72 | * This is an array r[] of values that are either zero or odd with an | 184 | * This is an array r[] of values that are either zero or odd with an |
| 73 | * absolute value less than 2^w satisfying | 185 | * absolute value less than 2^w satisfying |
| 74 | * scalar = \sum_j r[j]*2^j | 186 | * scalar = \sum_j r[j]*2^j |
| 75 | * where at most one of any w+1 consecutive digits is non-zero. | 187 | * where at most one of any w+1 consecutive digits is non-zero |
| 188 | * with the exception that the most significant digit may be only | ||
| 189 | * w-1 zeros away from that next non-zero digit. | ||
| 76 | */ | 190 | */ |
| 77 | static signed char *compute_wNAF(const BIGNUM *scalar, int w, size_t *ret_len, BN_CTX *ctx) | 191 | static signed char *compute_wNAF(const BIGNUM *scalar, int w, size_t *ret_len) |
| 78 | { | 192 | { |
| 79 | BIGNUM *c; | 193 | int window_val; |
| 80 | int ok = 0; | 194 | int ok = 0; |
| 81 | signed char *r = NULL; | 195 | signed char *r = NULL; |
| 82 | int sign = 1; | 196 | int sign = 1; |
| 83 | int bit, next_bit, mask; | 197 | int bit, next_bit, mask; |
| 84 | size_t len = 0, j; | 198 | size_t len = 0, j; |
| 85 | 199 | ||
| 86 | BN_CTX_start(ctx); | 200 | if (BN_is_zero(scalar)) |
| 87 | c = BN_CTX_get(ctx); | 201 | { |
| 88 | if (c == NULL) goto err; | 202 | r = OPENSSL_malloc(1); |
| 89 | 203 | if (!r) | |
| 204 | { | ||
| 205 | ECerr(EC_F_COMPUTE_WNAF, ERR_R_MALLOC_FAILURE); | ||
| 206 | goto err; | ||
| 207 | } | ||
| 208 | r[0] = 0; | ||
| 209 | *ret_len = 1; | ||
| 210 | return r; | ||
| 211 | } | ||
| 212 | |||
| 90 | if (w <= 0 || w > 7) /* 'signed char' can represent integers with absolute values less than 2^7 */ | 213 | if (w <= 0 || w > 7) /* 'signed char' can represent integers with absolute values less than 2^7 */ |
| 91 | { | 214 | { |
| 92 | ECerr(EC_F_COMPUTE_WNAF, ERR_R_INTERNAL_ERROR); | 215 | ECerr(EC_F_COMPUTE_WNAF, ERR_R_INTERNAL_ERROR); |
| @@ -96,60 +219,90 @@ static signed char *compute_wNAF(const BIGNUM *scalar, int w, size_t *ret_len, B | |||
| 96 | next_bit = bit << 1; /* at most 256 */ | 219 | next_bit = bit << 1; /* at most 256 */ |
| 97 | mask = next_bit - 1; /* at most 255 */ | 220 | mask = next_bit - 1; /* at most 255 */ |
| 98 | 221 | ||
| 99 | if (!BN_copy(c, scalar)) goto err; | 222 | if (BN_is_negative(scalar)) |
| 100 | if (c->neg) | ||
| 101 | { | 223 | { |
| 102 | sign = -1; | 224 | sign = -1; |
| 103 | c->neg = 0; | ||
| 104 | } | 225 | } |
| 105 | 226 | ||
| 106 | len = BN_num_bits(c) + 1; /* wNAF may be one digit longer than binary representation */ | 227 | len = BN_num_bits(scalar); |
| 107 | r = OPENSSL_malloc(len); | 228 | r = OPENSSL_malloc(len + 1); /* modified wNAF may be one digit longer than binary representation |
| 108 | if (r == NULL) goto err; | 229 | * (*ret_len will be set to the actual length, i.e. at most |
| 230 | * BN_num_bits(scalar) + 1) */ | ||
| 231 | if (r == NULL) | ||
| 232 | { | ||
| 233 | ECerr(EC_F_COMPUTE_WNAF, ERR_R_MALLOC_FAILURE); | ||
| 234 | goto err; | ||
| 235 | } | ||
| 109 | 236 | ||
| 237 | if (scalar->d == NULL || scalar->top == 0) | ||
| 238 | { | ||
| 239 | ECerr(EC_F_COMPUTE_WNAF, ERR_R_INTERNAL_ERROR); | ||
| 240 | goto err; | ||
| 241 | } | ||
| 242 | window_val = scalar->d[0] & mask; | ||
| 110 | j = 0; | 243 | j = 0; |
| 111 | while (!BN_is_zero(c)) | 244 | while ((window_val != 0) || (j + w + 1 < len)) /* if j+w+1 >= len, window_val will not increase */ |
| 112 | { | 245 | { |
| 113 | int u = 0; | 246 | int digit = 0; |
| 114 | 247 | ||
| 115 | if (BN_is_odd(c)) | 248 | /* 0 <= window_val <= 2^(w+1) */ |
| 249 | |||
| 250 | if (window_val & 1) | ||
| 116 | { | 251 | { |
| 117 | if (c->d == NULL || c->top == 0) | 252 | /* 0 < window_val < 2^(w+1) */ |
| 253 | |||
| 254 | if (window_val & bit) | ||
| 118 | { | 255 | { |
| 119 | ECerr(EC_F_COMPUTE_WNAF, ERR_R_INTERNAL_ERROR); | 256 | digit = window_val - next_bit; /* -2^w < digit < 0 */ |
| 120 | goto err; | 257 | |
| 258 | #if 1 /* modified wNAF */ | ||
| 259 | if (j + w + 1 >= len) | ||
| 260 | { | ||
| 261 | /* special case for generating modified wNAFs: | ||
| 262 | * no new bits will be added into window_val, | ||
| 263 | * so using a positive digit here will decrease | ||
| 264 | * the total length of the representation */ | ||
| 265 | |||
| 266 | digit = window_val & (mask >> 1); /* 0 < digit < 2^w */ | ||
| 267 | } | ||
| 268 | #endif | ||
| 121 | } | 269 | } |
| 122 | u = c->d[0] & mask; | 270 | else |
| 123 | if (u & bit) | ||
| 124 | { | 271 | { |
| 125 | u -= next_bit; | 272 | digit = window_val; /* 0 < digit < 2^w */ |
| 126 | /* u < 0 */ | ||
| 127 | if (!BN_add_word(c, -u)) goto err; | ||
| 128 | } | 273 | } |
| 129 | else | 274 | |
| 275 | if (digit <= -bit || digit >= bit || !(digit & 1)) | ||
| 130 | { | 276 | { |
| 131 | /* u > 0 */ | 277 | ECerr(EC_F_COMPUTE_WNAF, ERR_R_INTERNAL_ERROR); |
| 132 | if (!BN_sub_word(c, u)) goto err; | 278 | goto err; |
| 133 | } | 279 | } |
| 134 | 280 | ||
| 135 | if (u <= -bit || u >= bit || !(u & 1) || c->neg) | 281 | window_val -= digit; |
| 282 | |||
| 283 | /* now window_val is 0 or 2^(w+1) in standard wNAF generation; | ||
| 284 | * for modified window NAFs, it may also be 2^w | ||
| 285 | */ | ||
| 286 | if (window_val != 0 && window_val != next_bit && window_val != bit) | ||
| 136 | { | 287 | { |
| 137 | ECerr(EC_F_COMPUTE_WNAF, ERR_R_INTERNAL_ERROR); | 288 | ECerr(EC_F_COMPUTE_WNAF, ERR_R_INTERNAL_ERROR); |
| 138 | goto err; | 289 | goto err; |
| 139 | } | 290 | } |
| 140 | } | 291 | } |
| 141 | 292 | ||
| 142 | r[j++] = sign * u; | 293 | r[j++] = sign * digit; |
| 143 | 294 | ||
| 144 | if (BN_is_odd(c)) | 295 | window_val >>= 1; |
| 296 | window_val += bit * BN_is_bit_set(scalar, j + w); | ||
| 297 | |||
| 298 | if (window_val > next_bit) | ||
| 145 | { | 299 | { |
| 146 | ECerr(EC_F_COMPUTE_WNAF, ERR_R_INTERNAL_ERROR); | 300 | ECerr(EC_F_COMPUTE_WNAF, ERR_R_INTERNAL_ERROR); |
| 147 | goto err; | 301 | goto err; |
| 148 | } | 302 | } |
| 149 | if (!BN_rshift1(c, c)) goto err; | ||
| 150 | } | 303 | } |
| 151 | 304 | ||
| 152 | if (j > len) | 305 | if (j > len + 1) |
| 153 | { | 306 | { |
| 154 | ECerr(EC_F_COMPUTE_WNAF, ERR_R_INTERNAL_ERROR); | 307 | ECerr(EC_F_COMPUTE_WNAF, ERR_R_INTERNAL_ERROR); |
| 155 | goto err; | 308 | goto err; |
| @@ -158,7 +311,6 @@ static signed char *compute_wNAF(const BIGNUM *scalar, int w, size_t *ret_len, B | |||
| 158 | ok = 1; | 311 | ok = 1; |
| 159 | 312 | ||
| 160 | err: | 313 | err: |
| 161 | BN_CTX_end(ctx); | ||
| 162 | if (!ok) | 314 | if (!ok) |
| 163 | { | 315 | { |
| 164 | OPENSSL_free(r); | 316 | OPENSSL_free(r); |
| @@ -181,7 +333,7 @@ static signed char *compute_wNAF(const BIGNUM *scalar, int w, size_t *ret_len, B | |||
| 181 | (b) >= 300 ? 4 : \ | 333 | (b) >= 300 ? 4 : \ |
| 182 | (b) >= 70 ? 3 : \ | 334 | (b) >= 70 ? 3 : \ |
| 183 | (b) >= 20 ? 2 : \ | 335 | (b) >= 20 ? 2 : \ |
| 184 | 1)) | 336 | 1)) |
| 185 | 337 | ||
| 186 | /* Compute | 338 | /* Compute |
| 187 | * \sum scalars[i]*points[i], | 339 | * \sum scalars[i]*points[i], |
| @@ -189,13 +341,15 @@ static signed char *compute_wNAF(const BIGNUM *scalar, int w, size_t *ret_len, B | |||
| 189 | * scalar*generator | 341 | * scalar*generator |
| 190 | * in the addition if scalar != NULL | 342 | * in the addition if scalar != NULL |
| 191 | */ | 343 | */ |
| 192 | int EC_POINTs_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, | 344 | int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, |
| 193 | size_t num, const EC_POINT *points[], const BIGNUM *scalars[], BN_CTX *ctx) | 345 | size_t num, const EC_POINT *points[], const BIGNUM *scalars[], BN_CTX *ctx) |
| 194 | { | 346 | { |
| 195 | BN_CTX *new_ctx = NULL; | 347 | BN_CTX *new_ctx = NULL; |
| 196 | EC_POINT *generator = NULL; | 348 | const EC_POINT *generator = NULL; |
| 197 | EC_POINT *tmp = NULL; | 349 | EC_POINT *tmp = NULL; |
| 198 | size_t totalnum; | 350 | size_t totalnum; |
| 351 | size_t blocksize = 0, numblocks = 0; /* for wNAF splitting */ | ||
| 352 | size_t pre_points_per_block = 0; | ||
| 199 | size_t i, j; | 353 | size_t i, j; |
| 200 | int k; | 354 | int k; |
| 201 | int r_is_inverted = 0; | 355 | int r_is_inverted = 0; |
| @@ -207,12 +361,15 @@ int EC_POINTs_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, | |||
| 207 | size_t num_val; | 361 | size_t num_val; |
| 208 | EC_POINT **val = NULL; /* precomputation */ | 362 | EC_POINT **val = NULL; /* precomputation */ |
| 209 | EC_POINT **v; | 363 | EC_POINT **v; |
| 210 | EC_POINT ***val_sub = NULL; /* pointers to sub-arrays of 'val' */ | 364 | EC_POINT ***val_sub = NULL; /* pointers to sub-arrays of 'val' or 'pre_comp->points' */ |
| 365 | const EC_PRE_COMP *pre_comp = NULL; | ||
| 366 | int num_scalar = 0; /* flag: will be set to 1 if 'scalar' must be treated like other scalars, | ||
| 367 | * i.e. precomputation is not available */ | ||
| 211 | int ret = 0; | 368 | int ret = 0; |
| 212 | 369 | ||
| 213 | if (group->meth != r->meth) | 370 | if (group->meth != r->meth) |
| 214 | { | 371 | { |
| 215 | ECerr(EC_F_EC_POINTS_MUL, EC_R_INCOMPATIBLE_OBJECTS); | 372 | ECerr(EC_F_EC_WNAF_MUL, EC_R_INCOMPATIBLE_OBJECTS); |
| 216 | return 0; | 373 | return 0; |
| 217 | } | 374 | } |
| 218 | 375 | ||
| @@ -221,59 +378,226 @@ int EC_POINTs_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, | |||
| 221 | return EC_POINT_set_to_infinity(group, r); | 378 | return EC_POINT_set_to_infinity(group, r); |
| 222 | } | 379 | } |
| 223 | 380 | ||
| 224 | if (scalar != NULL) | 381 | for (i = 0; i < num; i++) |
| 225 | { | 382 | { |
| 226 | generator = EC_GROUP_get0_generator(group); | 383 | if (group->meth != points[i]->meth) |
| 227 | if (generator == NULL) | ||
| 228 | { | 384 | { |
| 229 | ECerr(EC_F_EC_POINTS_MUL, EC_R_UNDEFINED_GENERATOR); | 385 | ECerr(EC_F_EC_WNAF_MUL, EC_R_INCOMPATIBLE_OBJECTS); |
| 230 | return 0; | 386 | return 0; |
| 231 | } | 387 | } |
| 232 | } | 388 | } |
| 233 | 389 | ||
| 234 | for (i = 0; i < num; i++) | 390 | if (ctx == NULL) |
| 235 | { | 391 | { |
| 236 | if (group->meth != points[i]->meth) | 392 | ctx = new_ctx = BN_CTX_new(); |
| 393 | if (ctx == NULL) | ||
| 394 | goto err; | ||
| 395 | } | ||
| 396 | |||
| 397 | if (scalar != NULL) | ||
| 398 | { | ||
| 399 | generator = EC_GROUP_get0_generator(group); | ||
| 400 | if (generator == NULL) | ||
| 237 | { | 401 | { |
| 238 | ECerr(EC_F_EC_POINTS_MUL, EC_R_INCOMPATIBLE_OBJECTS); | 402 | ECerr(EC_F_EC_WNAF_MUL, EC_R_UNDEFINED_GENERATOR); |
| 239 | return 0; | 403 | goto err; |
| 240 | } | 404 | } |
| 241 | } | 405 | |
| 406 | /* look if we can use precomputed multiples of generator */ | ||
| 407 | |||
| 408 | pre_comp = EC_EX_DATA_get_data(group->extra_data, ec_pre_comp_dup, ec_pre_comp_free, ec_pre_comp_clear_free); | ||
| 409 | |||
| 410 | if (pre_comp && pre_comp->numblocks && (EC_POINT_cmp(group, generator, pre_comp->points[0], ctx) == 0)) | ||
| 411 | { | ||
| 412 | blocksize = pre_comp->blocksize; | ||
| 242 | 413 | ||
| 243 | totalnum = num + (scalar != NULL); | 414 | /* determine maximum number of blocks that wNAF splitting may yield |
| 415 | * (NB: maximum wNAF length is bit length plus one) */ | ||
| 416 | numblocks = (BN_num_bits(scalar) / blocksize) + 1; | ||
| 244 | 417 | ||
| 245 | wsize = OPENSSL_malloc(totalnum * sizeof wsize[0]); | 418 | /* we cannot use more blocks than we have precomputation for */ |
| 419 | if (numblocks > pre_comp->numblocks) | ||
| 420 | numblocks = pre_comp->numblocks; | ||
| 421 | |||
| 422 | pre_points_per_block = 1u << (pre_comp->w - 1); | ||
| 423 | |||
| 424 | /* check that pre_comp looks sane */ | ||
| 425 | if (pre_comp->num != (pre_comp->numblocks * pre_points_per_block)) | ||
| 426 | { | ||
| 427 | ECerr(EC_F_EC_WNAF_MUL, ERR_R_INTERNAL_ERROR); | ||
| 428 | goto err; | ||
| 429 | } | ||
| 430 | } | ||
| 431 | else | ||
| 432 | { | ||
| 433 | /* can't use precomputation */ | ||
| 434 | pre_comp = NULL; | ||
| 435 | numblocks = 1; | ||
| 436 | num_scalar = 1; /* treat 'scalar' like 'num'-th element of 'scalars' */ | ||
| 437 | } | ||
| 438 | } | ||
| 439 | |||
| 440 | totalnum = num + numblocks; | ||
| 441 | |||
| 442 | wsize = OPENSSL_malloc(totalnum * sizeof wsize[0]); | ||
| 246 | wNAF_len = OPENSSL_malloc(totalnum * sizeof wNAF_len[0]); | 443 | wNAF_len = OPENSSL_malloc(totalnum * sizeof wNAF_len[0]); |
| 247 | wNAF = OPENSSL_malloc((totalnum + 1) * sizeof wNAF[0]); | 444 | wNAF = OPENSSL_malloc((totalnum + 1) * sizeof wNAF[0]); /* includes space for pivot */ |
| 248 | if (wNAF != NULL) | 445 | val_sub = OPENSSL_malloc(totalnum * sizeof val_sub[0]); |
| 446 | |||
| 447 | if (!wsize || !wNAF_len || !wNAF || !val_sub) | ||
| 249 | { | 448 | { |
| 250 | wNAF[0] = NULL; /* preliminary pivot */ | 449 | ECerr(EC_F_EC_WNAF_MUL, ERR_R_MALLOC_FAILURE); |
| 450 | goto err; | ||
| 251 | } | 451 | } |
| 252 | if (wsize == NULL || wNAF_len == NULL || wNAF == NULL) goto err; | ||
| 253 | 452 | ||
| 254 | /* num_val := total number of points to precompute */ | 453 | wNAF[0] = NULL; /* preliminary pivot */ |
| 454 | |||
| 455 | /* num_val will be the total number of temporarily precomputed points */ | ||
| 255 | num_val = 0; | 456 | num_val = 0; |
| 256 | for (i = 0; i < totalnum; i++) | 457 | |
| 458 | for (i = 0; i < num + num_scalar; i++) | ||
| 257 | { | 459 | { |
| 258 | size_t bits; | 460 | size_t bits; |
| 259 | 461 | ||
| 260 | bits = i < num ? BN_num_bits(scalars[i]) : BN_num_bits(scalar); | 462 | bits = i < num ? BN_num_bits(scalars[i]) : BN_num_bits(scalar); |
| 261 | wsize[i] = EC_window_bits_for_scalar_size(bits); | 463 | wsize[i] = EC_window_bits_for_scalar_size(bits); |
| 262 | num_val += 1u << (wsize[i] - 1); | 464 | num_val += 1u << (wsize[i] - 1); |
| 465 | wNAF[i + 1] = NULL; /* make sure we always have a pivot */ | ||
| 466 | wNAF[i] = compute_wNAF((i < num ? scalars[i] : scalar), wsize[i], &wNAF_len[i]); | ||
| 467 | if (wNAF[i] == NULL) | ||
| 468 | goto err; | ||
| 469 | if (wNAF_len[i] > max_len) | ||
| 470 | max_len = wNAF_len[i]; | ||
| 471 | } | ||
| 472 | |||
| 473 | if (numblocks) | ||
| 474 | { | ||
| 475 | /* we go here iff scalar != NULL */ | ||
| 476 | |||
| 477 | if (pre_comp == NULL) | ||
| 478 | { | ||
| 479 | if (num_scalar != 1) | ||
| 480 | { | ||
| 481 | ECerr(EC_F_EC_WNAF_MUL, ERR_R_INTERNAL_ERROR); | ||
| 482 | goto err; | ||
| 483 | } | ||
| 484 | /* we have already generated a wNAF for 'scalar' */ | ||
| 485 | } | ||
| 486 | else | ||
| 487 | { | ||
| 488 | signed char *tmp_wNAF = NULL; | ||
| 489 | size_t tmp_len = 0; | ||
| 490 | |||
| 491 | if (num_scalar != 0) | ||
| 492 | { | ||
| 493 | ECerr(EC_F_EC_WNAF_MUL, ERR_R_INTERNAL_ERROR); | ||
| 494 | goto err; | ||
| 495 | } | ||
| 496 | |||
| 497 | /* use the window size for which we have precomputation */ | ||
| 498 | wsize[num] = pre_comp->w; | ||
| 499 | tmp_wNAF = compute_wNAF(scalar, wsize[num], &tmp_len); | ||
| 500 | if (!tmp_wNAF) | ||
| 501 | goto err; | ||
| 502 | |||
| 503 | if (tmp_len <= max_len) | ||
| 504 | { | ||
| 505 | /* One of the other wNAFs is at least as long | ||
| 506 | * as the wNAF belonging to the generator, | ||
| 507 | * so wNAF splitting will not buy us anything. */ | ||
| 508 | |||
| 509 | numblocks = 1; | ||
| 510 | totalnum = num + 1; /* don't use wNAF splitting */ | ||
| 511 | wNAF[num] = tmp_wNAF; | ||
| 512 | wNAF[num + 1] = NULL; | ||
| 513 | wNAF_len[num] = tmp_len; | ||
| 514 | if (tmp_len > max_len) | ||
| 515 | max_len = tmp_len; | ||
| 516 | /* pre_comp->points starts with the points that we need here: */ | ||
| 517 | val_sub[num] = pre_comp->points; | ||
| 518 | } | ||
| 519 | else | ||
| 520 | { | ||
| 521 | /* don't include tmp_wNAF directly into wNAF array | ||
| 522 | * - use wNAF splitting and include the blocks */ | ||
| 523 | |||
| 524 | signed char *pp; | ||
| 525 | EC_POINT **tmp_points; | ||
| 526 | |||
| 527 | if (tmp_len < numblocks * blocksize) | ||
| 528 | { | ||
| 529 | /* possibly we can do with fewer blocks than estimated */ | ||
| 530 | numblocks = (tmp_len + blocksize - 1) / blocksize; | ||
| 531 | if (numblocks > pre_comp->numblocks) | ||
| 532 | { | ||
| 533 | ECerr(EC_F_EC_WNAF_MUL, ERR_R_INTERNAL_ERROR); | ||
| 534 | goto err; | ||
| 535 | } | ||
| 536 | totalnum = num + numblocks; | ||
| 537 | } | ||
| 538 | |||
| 539 | /* split wNAF in 'numblocks' parts */ | ||
| 540 | pp = tmp_wNAF; | ||
| 541 | tmp_points = pre_comp->points; | ||
| 542 | |||
| 543 | for (i = num; i < totalnum; i++) | ||
| 544 | { | ||
| 545 | if (i < totalnum - 1) | ||
| 546 | { | ||
| 547 | wNAF_len[i] = blocksize; | ||
| 548 | if (tmp_len < blocksize) | ||
| 549 | { | ||
| 550 | ECerr(EC_F_EC_WNAF_MUL, ERR_R_INTERNAL_ERROR); | ||
| 551 | goto err; | ||
| 552 | } | ||
| 553 | tmp_len -= blocksize; | ||
| 554 | } | ||
| 555 | else | ||
| 556 | /* last block gets whatever is left | ||
| 557 | * (this could be more or less than 'blocksize'!) */ | ||
| 558 | wNAF_len[i] = tmp_len; | ||
| 559 | |||
| 560 | wNAF[i + 1] = NULL; | ||
| 561 | wNAF[i] = OPENSSL_malloc(wNAF_len[i]); | ||
| 562 | if (wNAF[i] == NULL) | ||
| 563 | { | ||
| 564 | ECerr(EC_F_EC_WNAF_MUL, ERR_R_MALLOC_FAILURE); | ||
| 565 | OPENSSL_free(tmp_wNAF); | ||
| 566 | goto err; | ||
| 567 | } | ||
| 568 | memcpy(wNAF[i], pp, wNAF_len[i]); | ||
| 569 | if (wNAF_len[i] > max_len) | ||
| 570 | max_len = wNAF_len[i]; | ||
| 571 | |||
| 572 | if (*tmp_points == NULL) | ||
| 573 | { | ||
| 574 | ECerr(EC_F_EC_WNAF_MUL, ERR_R_INTERNAL_ERROR); | ||
| 575 | OPENSSL_free(tmp_wNAF); | ||
| 576 | goto err; | ||
| 577 | } | ||
| 578 | val_sub[i] = tmp_points; | ||
| 579 | tmp_points += pre_points_per_block; | ||
| 580 | pp += blocksize; | ||
| 581 | } | ||
| 582 | OPENSSL_free(tmp_wNAF); | ||
| 583 | } | ||
| 584 | } | ||
| 263 | } | 585 | } |
| 264 | 586 | ||
| 265 | /* all precomputed points go into a single array 'val', | 587 | /* All points we precompute now go into a single array 'val'. |
| 266 | * 'val_sub[i]' is a pointer to the subarray for the i-th point */ | 588 | * 'val_sub[i]' is a pointer to the subarray for the i-th point, |
| 589 | * or to a subarray of 'pre_comp->points' if we already have precomputation. */ | ||
| 267 | val = OPENSSL_malloc((num_val + 1) * sizeof val[0]); | 590 | val = OPENSSL_malloc((num_val + 1) * sizeof val[0]); |
| 268 | if (val == NULL) goto err; | 591 | if (val == NULL) |
| 592 | { | ||
| 593 | ECerr(EC_F_EC_WNAF_MUL, ERR_R_MALLOC_FAILURE); | ||
| 594 | goto err; | ||
| 595 | } | ||
| 269 | val[num_val] = NULL; /* pivot element */ | 596 | val[num_val] = NULL; /* pivot element */ |
| 270 | 597 | ||
| 271 | val_sub = OPENSSL_malloc(totalnum * sizeof val_sub[0]); | ||
| 272 | if (val_sub == NULL) goto err; | ||
| 273 | |||
| 274 | /* allocate points for precomputation */ | 598 | /* allocate points for precomputation */ |
| 275 | v = val; | 599 | v = val; |
| 276 | for (i = 0; i < totalnum; i++) | 600 | for (i = 0; i < num + num_scalar; i++) |
| 277 | { | 601 | { |
| 278 | val_sub[i] = v; | 602 | val_sub[i] = v; |
| 279 | for (j = 0; j < (1u << (wsize[i] - 1)); j++) | 603 | for (j = 0; j < (1u << (wsize[i] - 1)); j++) |
| @@ -285,19 +609,12 @@ int EC_POINTs_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, | |||
| 285 | } | 609 | } |
| 286 | if (!(v == val + num_val)) | 610 | if (!(v == val + num_val)) |
| 287 | { | 611 | { |
| 288 | ECerr(EC_F_EC_POINTS_MUL, ERR_R_INTERNAL_ERROR); | 612 | ECerr(EC_F_EC_WNAF_MUL, ERR_R_INTERNAL_ERROR); |
| 289 | goto err; | 613 | goto err; |
| 290 | } | 614 | } |
| 291 | 615 | ||
| 292 | if (ctx == NULL) | 616 | if (!(tmp = EC_POINT_new(group))) |
| 293 | { | 617 | goto err; |
| 294 | ctx = new_ctx = BN_CTX_new(); | ||
| 295 | if (ctx == NULL) | ||
| 296 | goto err; | ||
| 297 | } | ||
| 298 | |||
| 299 | tmp = EC_POINT_new(group); | ||
| 300 | if (tmp == NULL) goto err; | ||
| 301 | 618 | ||
| 302 | /* prepare precomputed values: | 619 | /* prepare precomputed values: |
| 303 | * val_sub[i][0] := points[i] | 620 | * val_sub[i][0] := points[i] |
| @@ -305,7 +622,7 @@ int EC_POINTs_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, | |||
| 305 | * val_sub[i][2] := 5 * points[i] | 622 | * val_sub[i][2] := 5 * points[i] |
| 306 | * ... | 623 | * ... |
| 307 | */ | 624 | */ |
| 308 | for (i = 0; i < totalnum; i++) | 625 | for (i = 0; i < num + num_scalar; i++) |
| 309 | { | 626 | { |
| 310 | if (i < num) | 627 | if (i < num) |
| 311 | { | 628 | { |
| @@ -324,16 +641,11 @@ int EC_POINTs_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, | |||
| 324 | if (!EC_POINT_add(group, val_sub[i][j], val_sub[i][j - 1], tmp, ctx)) goto err; | 641 | if (!EC_POINT_add(group, val_sub[i][j], val_sub[i][j - 1], tmp, ctx)) goto err; |
| 325 | } | 642 | } |
| 326 | } | 643 | } |
| 327 | |||
| 328 | wNAF[i + 1] = NULL; /* make sure we always have a pivot */ | ||
| 329 | wNAF[i] = compute_wNAF((i < num ? scalars[i] : scalar), wsize[i], &wNAF_len[i], ctx); | ||
| 330 | if (wNAF[i] == NULL) goto err; | ||
| 331 | if (wNAF_len[i] > max_len) | ||
| 332 | max_len = wNAF_len[i]; | ||
| 333 | } | 644 | } |
| 334 | 645 | ||
| 335 | #if 1 /* optional; EC_window_bits_for_scalar_size assumes we do this step */ | 646 | #if 1 /* optional; EC_window_bits_for_scalar_size assumes we do this step */ |
| 336 | if (!EC_POINTs_make_affine(group, num_val, val, ctx)) goto err; | 647 | if (!EC_POINTs_make_affine(group, num_val, val, ctx)) |
| 648 | goto err; | ||
| 337 | #endif | 649 | #endif |
| 338 | 650 | ||
| 339 | r_is_at_infinity = 1; | 651 | r_is_at_infinity = 1; |
| @@ -429,57 +741,198 @@ int EC_POINTs_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, | |||
| 429 | } | 741 | } |
| 430 | 742 | ||
| 431 | 743 | ||
| 432 | int EC_POINT_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *g_scalar, const EC_POINT *point, const BIGNUM *p_scalar, BN_CTX *ctx) | 744 | /* ec_wNAF_precompute_mult() |
| 433 | { | 745 | * creates an EC_PRE_COMP object with preprecomputed multiples of the generator |
| 434 | const EC_POINT *points[1]; | 746 | * for use with wNAF splitting as implemented in ec_wNAF_mul(). |
| 435 | const BIGNUM *scalars[1]; | 747 | * |
| 436 | 748 | * 'pre_comp->points' is an array of multiples of the generator | |
| 437 | points[0] = point; | 749 | * of the following form: |
| 438 | scalars[0] = p_scalar; | 750 | * points[0] = generator; |
| 439 | 751 | * points[1] = 3 * generator; | |
| 440 | return EC_POINTs_mul(group, r, g_scalar, (point != NULL && p_scalar != NULL), points, scalars, ctx); | 752 | * ... |
| 441 | } | 753 | * points[2^(w-1)-1] = (2^(w-1)-1) * generator; |
| 442 | 754 | * points[2^(w-1)] = 2^blocksize * generator; | |
| 443 | 755 | * points[2^(w-1)+1] = 3 * 2^blocksize * generator; | |
| 444 | int EC_GROUP_precompute_mult(EC_GROUP *group, BN_CTX *ctx) | 756 | * ... |
| 757 | * points[2^(w-1)*(numblocks-1)-1] = (2^(w-1)) * 2^(blocksize*(numblocks-2)) * generator | ||
| 758 | * points[2^(w-1)*(numblocks-1)] = 2^(blocksize*(numblocks-1)) * generator | ||
| 759 | * ... | ||
| 760 | * points[2^(w-1)*numblocks-1] = (2^(w-1)) * 2^(blocksize*(numblocks-1)) * generator | ||
| 761 | * points[2^(w-1)*numblocks] = NULL | ||
| 762 | */ | ||
| 763 | int ec_wNAF_precompute_mult(EC_GROUP *group, BN_CTX *ctx) | ||
| 445 | { | 764 | { |
| 446 | const EC_POINT *generator; | 765 | const EC_POINT *generator; |
| 766 | EC_POINT *tmp_point = NULL, *base = NULL, **var; | ||
| 447 | BN_CTX *new_ctx = NULL; | 767 | BN_CTX *new_ctx = NULL; |
| 448 | BIGNUM *order; | 768 | BIGNUM *order; |
| 769 | size_t i, bits, w, pre_points_per_block, blocksize, numblocks, num; | ||
| 770 | EC_POINT **points = NULL; | ||
| 771 | EC_PRE_COMP *pre_comp; | ||
| 449 | int ret = 0; | 772 | int ret = 0; |
| 450 | 773 | ||
| 774 | /* if there is an old EC_PRE_COMP object, throw it away */ | ||
| 775 | EC_EX_DATA_free_data(&group->extra_data, ec_pre_comp_dup, ec_pre_comp_free, ec_pre_comp_clear_free); | ||
| 776 | |||
| 777 | if ((pre_comp = ec_pre_comp_new(group)) == NULL) | ||
| 778 | return 0; | ||
| 779 | |||
| 451 | generator = EC_GROUP_get0_generator(group); | 780 | generator = EC_GROUP_get0_generator(group); |
| 452 | if (generator == NULL) | 781 | if (generator == NULL) |
| 453 | { | 782 | { |
| 454 | ECerr(EC_F_EC_GROUP_PRECOMPUTE_MULT, EC_R_UNDEFINED_GENERATOR); | 783 | ECerr(EC_F_EC_WNAF_PRECOMPUTE_MULT, EC_R_UNDEFINED_GENERATOR); |
| 455 | return 0; | 784 | goto err; |
| 456 | } | 785 | } |
| 457 | 786 | ||
| 458 | if (ctx == NULL) | 787 | if (ctx == NULL) |
| 459 | { | 788 | { |
| 460 | ctx = new_ctx = BN_CTX_new(); | 789 | ctx = new_ctx = BN_CTX_new(); |
| 461 | if (ctx == NULL) | 790 | if (ctx == NULL) |
| 462 | return 0; | 791 | goto err; |
| 463 | } | 792 | } |
| 464 | 793 | ||
| 465 | BN_CTX_start(ctx); | 794 | BN_CTX_start(ctx); |
| 466 | order = BN_CTX_get(ctx); | 795 | order = BN_CTX_get(ctx); |
| 467 | if (order == NULL) goto err; | 796 | if (order == NULL) goto err; |
| 468 | 797 | ||
| 469 | if (!EC_GROUP_get_order(group, order, ctx)) return 0; | 798 | if (!EC_GROUP_get_order(group, order, ctx)) goto err; |
| 470 | if (BN_is_zero(order)) | 799 | if (BN_is_zero(order)) |
| 471 | { | 800 | { |
| 472 | ECerr(EC_F_EC_GROUP_PRECOMPUTE_MULT, EC_R_UNKNOWN_ORDER); | 801 | ECerr(EC_F_EC_WNAF_PRECOMPUTE_MULT, EC_R_UNKNOWN_ORDER); |
| 473 | goto err; | 802 | goto err; |
| 474 | } | 803 | } |
| 475 | 804 | ||
| 476 | /* TODO */ | 805 | bits = BN_num_bits(order); |
| 806 | /* The following parameters mean we precompute (approximately) | ||
| 807 | * one point per bit. | ||
| 808 | * | ||
| 809 | * TBD: The combination 8, 4 is perfect for 160 bits; for other | ||
| 810 | * bit lengths, other parameter combinations might provide better | ||
| 811 | * efficiency. | ||
| 812 | */ | ||
| 813 | blocksize = 8; | ||
| 814 | w = 4; | ||
| 815 | if (EC_window_bits_for_scalar_size(bits) > w) | ||
| 816 | { | ||
| 817 | /* let's not make the window too small ... */ | ||
| 818 | w = EC_window_bits_for_scalar_size(bits); | ||
| 819 | } | ||
| 820 | |||
| 821 | numblocks = (bits + blocksize - 1) / blocksize; /* max. number of blocks to use for wNAF splitting */ | ||
| 822 | |||
| 823 | pre_points_per_block = 1u << (w - 1); | ||
| 824 | num = pre_points_per_block * numblocks; /* number of points to compute and store */ | ||
| 477 | 825 | ||
| 478 | ret = 1; | 826 | points = OPENSSL_malloc(sizeof (EC_POINT*)*(num + 1)); |
| 827 | if (!points) | ||
| 828 | { | ||
| 829 | ECerr(EC_F_EC_WNAF_PRECOMPUTE_MULT, ERR_R_MALLOC_FAILURE); | ||
| 830 | goto err; | ||
| 831 | } | ||
| 832 | |||
| 833 | var = points; | ||
| 834 | var[num] = NULL; /* pivot */ | ||
| 835 | for (i = 0; i < num; i++) | ||
| 836 | { | ||
| 837 | if ((var[i] = EC_POINT_new(group)) == NULL) | ||
| 838 | { | ||
| 839 | ECerr(EC_F_EC_WNAF_PRECOMPUTE_MULT, ERR_R_MALLOC_FAILURE); | ||
| 840 | goto err; | ||
| 841 | } | ||
| 842 | } | ||
| 843 | |||
| 844 | if (!(tmp_point = EC_POINT_new(group)) || !(base = EC_POINT_new(group))) | ||
| 845 | { | ||
| 846 | ECerr(EC_F_EC_WNAF_PRECOMPUTE_MULT, ERR_R_MALLOC_FAILURE); | ||
| 847 | goto err; | ||
| 848 | } | ||
| 849 | |||
| 850 | if (!EC_POINT_copy(base, generator)) | ||
| 851 | goto err; | ||
| 852 | |||
| 853 | /* do the precomputation */ | ||
| 854 | for (i = 0; i < numblocks; i++) | ||
| 855 | { | ||
| 856 | size_t j; | ||
| 857 | |||
| 858 | if (!EC_POINT_dbl(group, tmp_point, base, ctx)) | ||
| 859 | goto err; | ||
| 860 | |||
| 861 | if (!EC_POINT_copy(*var++, base)) | ||
| 862 | goto err; | ||
| 863 | |||
| 864 | for (j = 1; j < pre_points_per_block; j++, var++) | ||
| 865 | { | ||
| 866 | /* calculate odd multiples of the current base point */ | ||
| 867 | if (!EC_POINT_add(group, *var, tmp_point, *(var - 1), ctx)) | ||
| 868 | goto err; | ||
| 869 | } | ||
| 870 | |||
| 871 | if (i < numblocks - 1) | ||
| 872 | { | ||
| 873 | /* get the next base (multiply current one by 2^blocksize) */ | ||
| 874 | size_t k; | ||
| 875 | |||
| 876 | if (blocksize <= 2) | ||
| 877 | { | ||
| 878 | ECerr(EC_F_EC_WNAF_PRECOMPUTE_MULT, ERR_R_INTERNAL_ERROR); | ||
| 879 | goto err; | ||
| 880 | } | ||
| 881 | |||
| 882 | if (!EC_POINT_dbl(group, base, tmp_point, ctx)) | ||
| 883 | goto err; | ||
| 884 | for (k = 2; k < blocksize; k++) | ||
| 885 | { | ||
| 886 | if (!EC_POINT_dbl(group,base,base,ctx)) | ||
| 887 | goto err; | ||
| 888 | } | ||
| 889 | } | ||
| 890 | } | ||
| 891 | |||
| 892 | if (!EC_POINTs_make_affine(group, num, points, ctx)) | ||
| 893 | goto err; | ||
| 479 | 894 | ||
| 895 | pre_comp->group = group; | ||
| 896 | pre_comp->blocksize = blocksize; | ||
| 897 | pre_comp->numblocks = numblocks; | ||
| 898 | pre_comp->w = w; | ||
| 899 | pre_comp->points = points; | ||
| 900 | points = NULL; | ||
| 901 | pre_comp->num = num; | ||
| 902 | |||
| 903 | if (!EC_EX_DATA_set_data(&group->extra_data, pre_comp, | ||
| 904 | ec_pre_comp_dup, ec_pre_comp_free, ec_pre_comp_clear_free)) | ||
| 905 | goto err; | ||
| 906 | pre_comp = NULL; | ||
| 907 | |||
| 908 | ret = 1; | ||
| 480 | err: | 909 | err: |
| 481 | BN_CTX_end(ctx); | 910 | if (ctx != NULL) |
| 911 | BN_CTX_end(ctx); | ||
| 482 | if (new_ctx != NULL) | 912 | if (new_ctx != NULL) |
| 483 | BN_CTX_free(new_ctx); | 913 | BN_CTX_free(new_ctx); |
| 914 | if (pre_comp) | ||
| 915 | ec_pre_comp_free(pre_comp); | ||
| 916 | if (points) | ||
| 917 | { | ||
| 918 | EC_POINT **p; | ||
| 919 | |||
| 920 | for (p = points; *p != NULL; p++) | ||
| 921 | EC_POINT_free(*p); | ||
| 922 | OPENSSL_free(points); | ||
| 923 | } | ||
| 924 | if (tmp_point) | ||
| 925 | EC_POINT_free(tmp_point); | ||
| 926 | if (base) | ||
| 927 | EC_POINT_free(base); | ||
| 484 | return ret; | 928 | return ret; |
| 485 | } | 929 | } |
| 930 | |||
| 931 | |||
| 932 | int ec_wNAF_have_precompute_mult(const EC_GROUP *group) | ||
| 933 | { | ||
| 934 | if (EC_EX_DATA_get_data(group->extra_data, ec_pre_comp_dup, ec_pre_comp_free, ec_pre_comp_clear_free) != NULL) | ||
| 935 | return 1; | ||
| 936 | else | ||
| 937 | return 0; | ||
| 938 | } | ||
diff --git a/src/lib/libssl/src/crypto/ec/ecp_mont.c b/src/lib/libssl/src/crypto/ec/ecp_mont.c index 7b30d4c38a..9fc4a466a5 100644 --- a/src/lib/libssl/src/crypto/ec/ecp_mont.c +++ b/src/lib/libssl/src/crypto/ec/ecp_mont.c | |||
| @@ -1,4 +1,7 @@ | |||
| 1 | /* crypto/ec/ecp_mont.c */ | 1 | /* crypto/ec/ecp_mont.c */ |
| 2 | /* | ||
| 3 | * Originally written by Bodo Moeller for the OpenSSL project. | ||
| 4 | */ | ||
| 2 | /* ==================================================================== | 5 | /* ==================================================================== |
| 3 | * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. | 6 | * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. |
| 4 | * | 7 | * |
| @@ -52,6 +55,11 @@ | |||
| 52 | * Hudson (tjh@cryptsoft.com). | 55 | * Hudson (tjh@cryptsoft.com). |
| 53 | * | 56 | * |
| 54 | */ | 57 | */ |
| 58 | /* ==================================================================== | ||
| 59 | * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. | ||
| 60 | * Portions of this software developed by SUN MICROSYSTEMS, INC., | ||
| 61 | * and contributed to the OpenSSL project. | ||
| 62 | */ | ||
| 55 | 63 | ||
| 56 | #include <openssl/err.h> | 64 | #include <openssl/err.h> |
| 57 | 65 | ||
| @@ -61,16 +69,15 @@ | |||
| 61 | const EC_METHOD *EC_GFp_mont_method(void) | 69 | const EC_METHOD *EC_GFp_mont_method(void) |
| 62 | { | 70 | { |
| 63 | static const EC_METHOD ret = { | 71 | static const EC_METHOD ret = { |
| 72 | NID_X9_62_prime_field, | ||
| 64 | ec_GFp_mont_group_init, | 73 | ec_GFp_mont_group_init, |
| 65 | ec_GFp_mont_group_finish, | 74 | ec_GFp_mont_group_finish, |
| 66 | ec_GFp_mont_group_clear_finish, | 75 | ec_GFp_mont_group_clear_finish, |
| 67 | ec_GFp_mont_group_copy, | 76 | ec_GFp_mont_group_copy, |
| 68 | ec_GFp_mont_group_set_curve_GFp, | 77 | ec_GFp_mont_group_set_curve, |
| 69 | ec_GFp_simple_group_get_curve_GFp, | 78 | ec_GFp_simple_group_get_curve, |
| 70 | ec_GFp_simple_group_set_generator, | 79 | ec_GFp_simple_group_get_degree, |
| 71 | ec_GFp_simple_group_get0_generator, | 80 | ec_GFp_simple_group_check_discriminant, |
| 72 | ec_GFp_simple_group_get_order, | ||
| 73 | ec_GFp_simple_group_get_cofactor, | ||
| 74 | ec_GFp_simple_point_init, | 81 | ec_GFp_simple_point_init, |
| 75 | ec_GFp_simple_point_finish, | 82 | ec_GFp_simple_point_finish, |
| 76 | ec_GFp_simple_point_clear_finish, | 83 | ec_GFp_simple_point_clear_finish, |
| @@ -78,9 +85,9 @@ const EC_METHOD *EC_GFp_mont_method(void) | |||
| 78 | ec_GFp_simple_point_set_to_infinity, | 85 | ec_GFp_simple_point_set_to_infinity, |
| 79 | ec_GFp_simple_set_Jprojective_coordinates_GFp, | 86 | ec_GFp_simple_set_Jprojective_coordinates_GFp, |
| 80 | ec_GFp_simple_get_Jprojective_coordinates_GFp, | 87 | ec_GFp_simple_get_Jprojective_coordinates_GFp, |
| 81 | ec_GFp_simple_point_set_affine_coordinates_GFp, | 88 | ec_GFp_simple_point_set_affine_coordinates, |
| 82 | ec_GFp_simple_point_get_affine_coordinates_GFp, | 89 | ec_GFp_simple_point_get_affine_coordinates, |
| 83 | ec_GFp_simple_set_compressed_coordinates_GFp, | 90 | ec_GFp_simple_set_compressed_coordinates, |
| 84 | ec_GFp_simple_point2oct, | 91 | ec_GFp_simple_point2oct, |
| 85 | ec_GFp_simple_oct2point, | 92 | ec_GFp_simple_oct2point, |
| 86 | ec_GFp_simple_add, | 93 | ec_GFp_simple_add, |
| @@ -91,8 +98,12 @@ const EC_METHOD *EC_GFp_mont_method(void) | |||
| 91 | ec_GFp_simple_cmp, | 98 | ec_GFp_simple_cmp, |
| 92 | ec_GFp_simple_make_affine, | 99 | ec_GFp_simple_make_affine, |
| 93 | ec_GFp_simple_points_make_affine, | 100 | ec_GFp_simple_points_make_affine, |
| 101 | 0 /* mul */, | ||
| 102 | 0 /* precompute_mult */, | ||
| 103 | 0 /* have_precompute_mult */, | ||
| 94 | ec_GFp_mont_field_mul, | 104 | ec_GFp_mont_field_mul, |
| 95 | ec_GFp_mont_field_sqr, | 105 | ec_GFp_mont_field_sqr, |
| 106 | 0 /* field_div */, | ||
| 96 | ec_GFp_mont_field_encode, | 107 | ec_GFp_mont_field_encode, |
| 97 | ec_GFp_mont_field_decode, | 108 | ec_GFp_mont_field_decode, |
| 98 | ec_GFp_mont_field_set_to_one }; | 109 | ec_GFp_mont_field_set_to_one }; |
| @@ -112,66 +123,6 @@ int ec_GFp_mont_group_init(EC_GROUP *group) | |||
| 112 | } | 123 | } |
| 113 | 124 | ||
| 114 | 125 | ||
| 115 | int ec_GFp_mont_group_set_curve_GFp(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) | ||
| 116 | { | ||
| 117 | BN_CTX *new_ctx = NULL; | ||
| 118 | BN_MONT_CTX *mont = NULL; | ||
| 119 | BIGNUM *one = NULL; | ||
| 120 | int ret = 0; | ||
| 121 | |||
| 122 | if (group->field_data1 != NULL) | ||
| 123 | { | ||
| 124 | BN_MONT_CTX_free(group->field_data1); | ||
| 125 | group->field_data1 = NULL; | ||
| 126 | } | ||
| 127 | if (group->field_data2 != NULL) | ||
| 128 | { | ||
| 129 | BN_free(group->field_data2); | ||
| 130 | group->field_data2 = NULL; | ||
| 131 | } | ||
| 132 | |||
| 133 | if (ctx == NULL) | ||
| 134 | { | ||
| 135 | ctx = new_ctx = BN_CTX_new(); | ||
| 136 | if (ctx == NULL) | ||
| 137 | return 0; | ||
| 138 | } | ||
| 139 | |||
| 140 | mont = BN_MONT_CTX_new(); | ||
| 141 | if (mont == NULL) goto err; | ||
| 142 | if (!BN_MONT_CTX_set(mont, p, ctx)) | ||
| 143 | { | ||
| 144 | ECerr(EC_F_GFP_MONT_GROUP_SET_CURVE_GFP, ERR_R_BN_LIB); | ||
| 145 | goto err; | ||
| 146 | } | ||
| 147 | one = BN_new(); | ||
| 148 | if (one == NULL) goto err; | ||
| 149 | if (!BN_to_montgomery(one, BN_value_one(), mont, ctx)) goto err; | ||
| 150 | |||
| 151 | group->field_data1 = mont; | ||
| 152 | mont = NULL; | ||
| 153 | group->field_data2 = one; | ||
| 154 | one = NULL; | ||
| 155 | |||
| 156 | ret = ec_GFp_simple_group_set_curve_GFp(group, p, a, b, ctx); | ||
| 157 | |||
| 158 | if (!ret) | ||
| 159 | { | ||
| 160 | BN_MONT_CTX_free(group->field_data1); | ||
| 161 | group->field_data1 = NULL; | ||
| 162 | BN_free(group->field_data2); | ||
| 163 | group->field_data2 = NULL; | ||
| 164 | } | ||
| 165 | |||
| 166 | err: | ||
| 167 | if (new_ctx != NULL) | ||
| 168 | BN_CTX_free(new_ctx); | ||
| 169 | if (mont != NULL) | ||
| 170 | BN_MONT_CTX_free(mont); | ||
| 171 | return ret; | ||
| 172 | } | ||
| 173 | |||
| 174 | |||
| 175 | void ec_GFp_mont_group_finish(EC_GROUP *group) | 126 | void ec_GFp_mont_group_finish(EC_GROUP *group) |
| 176 | { | 127 | { |
| 177 | if (group->field_data1 != NULL) | 128 | if (group->field_data1 != NULL) |
| @@ -243,6 +194,66 @@ int ec_GFp_mont_group_copy(EC_GROUP *dest, const EC_GROUP *src) | |||
| 243 | } | 194 | } |
| 244 | 195 | ||
| 245 | 196 | ||
| 197 | int ec_GFp_mont_group_set_curve(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) | ||
| 198 | { | ||
| 199 | BN_CTX *new_ctx = NULL; | ||
| 200 | BN_MONT_CTX *mont = NULL; | ||
| 201 | BIGNUM *one = NULL; | ||
| 202 | int ret = 0; | ||
| 203 | |||
| 204 | if (group->field_data1 != NULL) | ||
| 205 | { | ||
| 206 | BN_MONT_CTX_free(group->field_data1); | ||
| 207 | group->field_data1 = NULL; | ||
| 208 | } | ||
| 209 | if (group->field_data2 != NULL) | ||
| 210 | { | ||
| 211 | BN_free(group->field_data2); | ||
| 212 | group->field_data2 = NULL; | ||
| 213 | } | ||
| 214 | |||
| 215 | if (ctx == NULL) | ||
| 216 | { | ||
| 217 | ctx = new_ctx = BN_CTX_new(); | ||
| 218 | if (ctx == NULL) | ||
| 219 | return 0; | ||
| 220 | } | ||
| 221 | |||
| 222 | mont = BN_MONT_CTX_new(); | ||
| 223 | if (mont == NULL) goto err; | ||
| 224 | if (!BN_MONT_CTX_set(mont, p, ctx)) | ||
| 225 | { | ||
| 226 | ECerr(EC_F_EC_GFP_MONT_GROUP_SET_CURVE, ERR_R_BN_LIB); | ||
| 227 | goto err; | ||
| 228 | } | ||
| 229 | one = BN_new(); | ||
| 230 | if (one == NULL) goto err; | ||
| 231 | if (!BN_to_montgomery(one, BN_value_one(), mont, ctx)) goto err; | ||
| 232 | |||
| 233 | group->field_data1 = mont; | ||
| 234 | mont = NULL; | ||
| 235 | group->field_data2 = one; | ||
| 236 | one = NULL; | ||
| 237 | |||
| 238 | ret = ec_GFp_simple_group_set_curve(group, p, a, b, ctx); | ||
| 239 | |||
| 240 | if (!ret) | ||
| 241 | { | ||
| 242 | BN_MONT_CTX_free(group->field_data1); | ||
| 243 | group->field_data1 = NULL; | ||
| 244 | BN_free(group->field_data2); | ||
| 245 | group->field_data2 = NULL; | ||
| 246 | } | ||
| 247 | |||
| 248 | err: | ||
| 249 | if (new_ctx != NULL) | ||
| 250 | BN_CTX_free(new_ctx); | ||
| 251 | if (mont != NULL) | ||
| 252 | BN_MONT_CTX_free(mont); | ||
| 253 | return ret; | ||
| 254 | } | ||
| 255 | |||
| 256 | |||
| 246 | int ec_GFp_mont_field_mul(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) | 257 | int ec_GFp_mont_field_mul(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) |
| 247 | { | 258 | { |
| 248 | if (group->field_data1 == NULL) | 259 | if (group->field_data1 == NULL) |
| @@ -295,7 +306,7 @@ int ec_GFp_mont_field_set_to_one(const EC_GROUP *group, BIGNUM *r, BN_CTX *ctx) | |||
| 295 | { | 306 | { |
| 296 | if (group->field_data2 == NULL) | 307 | if (group->field_data2 == NULL) |
| 297 | { | 308 | { |
| 298 | ECerr(EC_F_EC_GFP_MONT_FIELD_DECODE, EC_R_NOT_INITIALIZED); | 309 | ECerr(EC_F_EC_GFP_MONT_FIELD_SET_TO_ONE, EC_R_NOT_INITIALIZED); |
| 299 | return 0; | 310 | return 0; |
| 300 | } | 311 | } |
| 301 | 312 | ||
diff --git a/src/lib/libssl/src/crypto/ec/ecp_nist.c b/src/lib/libssl/src/crypto/ec/ecp_nist.c index ed07748675..71893d5eab 100644 --- a/src/lib/libssl/src/crypto/ec/ecp_nist.c +++ b/src/lib/libssl/src/crypto/ec/ecp_nist.c | |||
| @@ -1,6 +1,9 @@ | |||
| 1 | /* crypto/ec/ecp_nist.c */ | 1 | /* crypto/ec/ecp_nist.c */ |
| 2 | /* | ||
| 3 | * Written by Nils Larsch for the OpenSSL project. | ||
| 4 | */ | ||
| 2 | /* ==================================================================== | 5 | /* ==================================================================== |
| 3 | * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. | 6 | * Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved. |
| 4 | * | 7 | * |
| 5 | * Redistribution and use in source and binary forms, with or without | 8 | * Redistribution and use in source and binary forms, with or without |
| 6 | * modification, are permitted provided that the following conditions | 9 | * modification, are permitted provided that the following conditions |
| @@ -52,23 +55,30 @@ | |||
| 52 | * Hudson (tjh@cryptsoft.com). | 55 | * Hudson (tjh@cryptsoft.com). |
| 53 | * | 56 | * |
| 54 | */ | 57 | */ |
| 58 | /* ==================================================================== | ||
| 59 | * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. | ||
| 60 | * Portions of this software developed by SUN MICROSYSTEMS, INC., | ||
| 61 | * and contributed to the OpenSSL project. | ||
| 62 | */ | ||
| 55 | 63 | ||
| 64 | #include <limits.h> | ||
| 65 | |||
| 66 | #include <openssl/err.h> | ||
| 67 | #include <openssl/obj_mac.h> | ||
| 56 | #include "ec_lcl.h" | 68 | #include "ec_lcl.h" |
| 57 | 69 | ||
| 58 | #if 0 | ||
| 59 | const EC_METHOD *EC_GFp_nist_method(void) | 70 | const EC_METHOD *EC_GFp_nist_method(void) |
| 60 | { | 71 | { |
| 61 | static const EC_METHOD ret = { | 72 | static const EC_METHOD ret = { |
| 62 | ec_GFp_nist_group_init, | 73 | NID_X9_62_prime_field, |
| 63 | ec_GFp_nist_group_finish, | 74 | ec_GFp_simple_group_init, |
| 64 | ec_GFp_nist_group_clear_finish, | 75 | ec_GFp_simple_group_finish, |
| 76 | ec_GFp_simple_group_clear_finish, | ||
| 65 | ec_GFp_nist_group_copy, | 77 | ec_GFp_nist_group_copy, |
| 66 | ec_GFp_nist_group_set_curve_GFp, | 78 | ec_GFp_nist_group_set_curve, |
| 67 | ec_GFp_simple_group_get_curve_GFp, | 79 | ec_GFp_simple_group_get_curve, |
| 68 | ec_GFp_simple_group_set_generator, | 80 | ec_GFp_simple_group_get_degree, |
| 69 | ec_GFp_simple_group_get0_generator, | 81 | ec_GFp_simple_group_check_discriminant, |
| 70 | ec_GFp_simple_group_get_order, | ||
| 71 | ec_GFp_simple_group_get_cofactor, | ||
| 72 | ec_GFp_simple_point_init, | 82 | ec_GFp_simple_point_init, |
| 73 | ec_GFp_simple_point_finish, | 83 | ec_GFp_simple_point_finish, |
| 74 | ec_GFp_simple_point_clear_finish, | 84 | ec_GFp_simple_point_clear_finish, |
| @@ -76,9 +86,9 @@ const EC_METHOD *EC_GFp_nist_method(void) | |||
| 76 | ec_GFp_simple_point_set_to_infinity, | 86 | ec_GFp_simple_point_set_to_infinity, |
| 77 | ec_GFp_simple_set_Jprojective_coordinates_GFp, | 87 | ec_GFp_simple_set_Jprojective_coordinates_GFp, |
| 78 | ec_GFp_simple_get_Jprojective_coordinates_GFp, | 88 | ec_GFp_simple_get_Jprojective_coordinates_GFp, |
| 79 | ec_GFp_simple_point_set_affine_coordinates_GFp, | 89 | ec_GFp_simple_point_set_affine_coordinates, |
| 80 | ec_GFp_simple_point_get_affine_coordinates_GFp, | 90 | ec_GFp_simple_point_get_affine_coordinates, |
| 81 | ec_GFp_simple_set_compressed_coordinates_GFp, | 91 | ec_GFp_simple_set_compressed_coordinates, |
| 82 | ec_GFp_simple_point2oct, | 92 | ec_GFp_simple_point2oct, |
| 83 | ec_GFp_simple_oct2point, | 93 | ec_GFp_simple_oct2point, |
| 84 | ec_GFp_simple_add, | 94 | ec_GFp_simple_add, |
| @@ -89,46 +99,138 @@ const EC_METHOD *EC_GFp_nist_method(void) | |||
| 89 | ec_GFp_simple_cmp, | 99 | ec_GFp_simple_cmp, |
| 90 | ec_GFp_simple_make_affine, | 100 | ec_GFp_simple_make_affine, |
| 91 | ec_GFp_simple_points_make_affine, | 101 | ec_GFp_simple_points_make_affine, |
| 102 | 0 /* mul */, | ||
| 103 | 0 /* precompute_mult */, | ||
| 104 | 0 /* have_precompute_mult */, | ||
| 92 | ec_GFp_nist_field_mul, | 105 | ec_GFp_nist_field_mul, |
| 93 | ec_GFp_nist_field_sqr, | 106 | ec_GFp_nist_field_sqr, |
| 107 | 0 /* field_div */, | ||
| 94 | 0 /* field_encode */, | 108 | 0 /* field_encode */, |
| 95 | 0 /* field_decode */, | 109 | 0 /* field_decode */, |
| 96 | 0 /* field_set_to_one */ }; | 110 | 0 /* field_set_to_one */ }; |
| 97 | 111 | ||
| 98 | return &ret; | 112 | return &ret; |
| 99 | } | 113 | } |
| 100 | #endif | ||
| 101 | 114 | ||
| 115 | #if BN_BITS2 == 64 | ||
| 116 | #define NO_32_BIT_TYPE | ||
| 117 | #endif | ||
| 102 | 118 | ||
| 103 | int ec_GFp_nist_group_init(EC_GROUP *group) | 119 | int ec_GFp_nist_group_copy(EC_GROUP *dest, const EC_GROUP *src) |
| 104 | { | 120 | { |
| 105 | int ok; | 121 | dest->field_mod_func = src->field_mod_func; |
| 106 | 122 | ||
| 107 | ok = ec_GFp_simple_group_init(group); | 123 | return ec_GFp_simple_group_copy(dest, src); |
| 108 | group->field_data1 = NULL; | ||
| 109 | return ok; | ||
| 110 | } | 124 | } |
| 111 | 125 | ||
| 112 | 126 | int ec_GFp_nist_group_set_curve(EC_GROUP *group, const BIGNUM *p, | |
| 113 | int ec_GFp_nist_group_set_curve_GFp(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx); | 127 | const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) |
| 114 | /* TODO */ | 128 | { |
| 115 | 129 | int ret = 0; | |
| 116 | 130 | BN_CTX *new_ctx = NULL; | |
| 117 | void ec_GFp_nist_group_finish(EC_GROUP *group); | 131 | BIGNUM *tmp_bn; |
| 118 | /* TODO */ | 132 | |
| 119 | 133 | if (ctx == NULL) | |
| 120 | 134 | if ((ctx = new_ctx = BN_CTX_new()) == NULL) return 0; | |
| 121 | void ec_GFp_nist_group_clear_finish(EC_GROUP *group); | 135 | |
| 122 | /* TODO */ | 136 | BN_CTX_start(ctx); |
| 123 | 137 | if ((tmp_bn = BN_CTX_get(ctx)) == NULL) goto err; | |
| 124 | 138 | ||
| 125 | int ec_GFp_nist_group_copy(EC_GROUP *dest, const EC_GROUP *src); | 139 | if (BN_ucmp(BN_get0_nist_prime_192(), p) == 0) |
| 126 | /* TODO */ | 140 | group->field_mod_func = BN_nist_mod_192; |
| 141 | else if (BN_ucmp(BN_get0_nist_prime_224(), p) == 0) | ||
| 142 | { | ||
| 143 | #ifndef NO_32_BIT_TYPE | ||
| 144 | group->field_mod_func = BN_nist_mod_224; | ||
| 145 | #else | ||
| 146 | ECerr(EC_F_EC_GFP_NIST_GROUP_SET_CURVE, EC_R_NOT_A_SUPPORTED_NIST_PRIME); | ||
| 147 | goto err; | ||
| 148 | #endif | ||
| 149 | } | ||
| 150 | else if (BN_ucmp(BN_get0_nist_prime_256(), p) == 0) | ||
| 151 | { | ||
| 152 | #ifndef NO_32_BIT_TYPE | ||
| 153 | group->field_mod_func = BN_nist_mod_256; | ||
| 154 | #else | ||
| 155 | ECerr(EC_F_EC_GFP_NIST_GROUP_SET_CURVE, EC_R_NOT_A_SUPPORTED_NIST_PRIME); | ||
| 156 | goto err; | ||
| 157 | #endif | ||
| 158 | } | ||
| 159 | else if (BN_ucmp(BN_get0_nist_prime_384(), p) == 0) | ||
| 160 | { | ||
| 161 | #ifndef NO_32_BIT_TYPE | ||
| 162 | group->field_mod_func = BN_nist_mod_384; | ||
| 163 | #else | ||
| 164 | ECerr(EC_F_EC_GFP_NIST_GROUP_SET_CURVE, EC_R_NOT_A_SUPPORTED_NIST_PRIME); | ||
| 165 | goto err; | ||
| 166 | #endif | ||
| 167 | } | ||
| 168 | else if (BN_ucmp(BN_get0_nist_prime_521(), p) == 0) | ||
| 169 | /* this one works in the NO_32_BIT_TYPE case */ | ||
| 170 | group->field_mod_func = BN_nist_mod_521; | ||
| 171 | else | ||
| 172 | { | ||
| 173 | ECerr(EC_F_EC_GFP_NIST_GROUP_SET_CURVE, EC_R_NOT_A_NIST_PRIME); | ||
| 174 | goto err; | ||
| 175 | } | ||
| 176 | |||
| 177 | ret = ec_GFp_simple_group_set_curve(group, p, a, b, ctx); | ||
| 178 | |||
| 179 | err: | ||
| 180 | BN_CTX_end(ctx); | ||
| 181 | if (new_ctx != NULL) | ||
| 182 | BN_CTX_free(new_ctx); | ||
| 183 | return ret; | ||
| 184 | } | ||
| 127 | 185 | ||
| 128 | 186 | ||
| 129 | int ec_GFp_nist_field_mul(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx); | 187 | int ec_GFp_nist_field_mul(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, |
| 130 | /* TODO */ | 188 | const BIGNUM *b, BN_CTX *ctx) |
| 189 | { | ||
| 190 | int ret=0; | ||
| 191 | BN_CTX *ctx_new=NULL; | ||
| 192 | |||
| 193 | if (!group || !r || !a || !b) | ||
| 194 | { | ||
| 195 | ECerr(EC_F_EC_GFP_NIST_FIELD_MUL, ERR_R_PASSED_NULL_PARAMETER); | ||
| 196 | goto err; | ||
| 197 | } | ||
| 198 | if (!ctx) | ||
| 199 | if ((ctx_new = ctx = BN_CTX_new()) == NULL) goto err; | ||
| 200 | |||
| 201 | if (!BN_mul(r, a, b, ctx)) goto err; | ||
| 202 | if (!group->field_mod_func(r, r, &group->field, ctx)) | ||
| 203 | goto err; | ||
| 204 | |||
| 205 | ret=1; | ||
| 206 | err: | ||
| 207 | if (ctx_new) | ||
| 208 | BN_CTX_free(ctx_new); | ||
| 209 | return ret; | ||
| 210 | } | ||
| 131 | 211 | ||
| 132 | 212 | ||
| 133 | int ec_GFp_nist_field_sqr(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, BN_CTX *ctx); | 213 | int ec_GFp_nist_field_sqr(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, |
| 134 | /* TODO */ | 214 | BN_CTX *ctx) |
| 215 | { | ||
| 216 | int ret=0; | ||
| 217 | BN_CTX *ctx_new=NULL; | ||
| 218 | |||
| 219 | if (!group || !r || !a) | ||
| 220 | { | ||
| 221 | ECerr(EC_F_EC_GFP_NIST_FIELD_SQR, EC_R_PASSED_NULL_PARAMETER); | ||
| 222 | goto err; | ||
| 223 | } | ||
| 224 | if (!ctx) | ||
| 225 | if ((ctx_new = ctx = BN_CTX_new()) == NULL) goto err; | ||
| 226 | |||
| 227 | if (!BN_sqr(r, a, ctx)) goto err; | ||
| 228 | if (!group->field_mod_func(r, r, &group->field, ctx)) | ||
| 229 | goto err; | ||
| 230 | |||
| 231 | ret=1; | ||
| 232 | err: | ||
| 233 | if (ctx_new) | ||
| 234 | BN_CTX_free(ctx_new); | ||
| 235 | return ret; | ||
| 236 | } | ||
diff --git a/src/lib/libssl/src/crypto/ec/ecp_smpl.c b/src/lib/libssl/src/crypto/ec/ecp_smpl.c index e9a51fb87a..4d26f8bdf6 100644 --- a/src/lib/libssl/src/crypto/ec/ecp_smpl.c +++ b/src/lib/libssl/src/crypto/ec/ecp_smpl.c | |||
| @@ -1,8 +1,10 @@ | |||
| 1 | /* crypto/ec/ecp_smpl.c */ | 1 | /* crypto/ec/ecp_smpl.c */ |
| 2 | /* Includes code written by Lenka Fibikova <fibikova@exp-math.uni-essen.de> | 2 | /* Includes code written by Lenka Fibikova <fibikova@exp-math.uni-essen.de> |
| 3 | * for the OpenSSL project. */ | 3 | * for the OpenSSL project. |
| 4 | * Includes code written by Bodo Moeller for the OpenSSL project. | ||
| 5 | */ | ||
| 4 | /* ==================================================================== | 6 | /* ==================================================================== |
| 5 | * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. | 7 | * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. |
| 6 | * | 8 | * |
| 7 | * Redistribution and use in source and binary forms, with or without | 9 | * Redistribution and use in source and binary forms, with or without |
| 8 | * modification, are permitted provided that the following conditions | 10 | * modification, are permitted provided that the following conditions |
| @@ -54,25 +56,29 @@ | |||
| 54 | * Hudson (tjh@cryptsoft.com). | 56 | * Hudson (tjh@cryptsoft.com). |
| 55 | * | 57 | * |
| 56 | */ | 58 | */ |
| 59 | /* ==================================================================== | ||
| 60 | * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. | ||
| 61 | * Portions of this software developed by SUN MICROSYSTEMS, INC., | ||
| 62 | * and contributed to the OpenSSL project. | ||
| 63 | */ | ||
| 57 | 64 | ||
| 58 | #include <openssl/err.h> | 65 | #include <openssl/err.h> |
| 66 | #include <openssl/symhacks.h> | ||
| 59 | 67 | ||
| 60 | #include "ec_lcl.h" | 68 | #include "ec_lcl.h" |
| 61 | 69 | ||
| 62 | |||
| 63 | const EC_METHOD *EC_GFp_simple_method(void) | 70 | const EC_METHOD *EC_GFp_simple_method(void) |
| 64 | { | 71 | { |
| 65 | static const EC_METHOD ret = { | 72 | static const EC_METHOD ret = { |
| 73 | NID_X9_62_prime_field, | ||
| 66 | ec_GFp_simple_group_init, | 74 | ec_GFp_simple_group_init, |
| 67 | ec_GFp_simple_group_finish, | 75 | ec_GFp_simple_group_finish, |
| 68 | ec_GFp_simple_group_clear_finish, | 76 | ec_GFp_simple_group_clear_finish, |
| 69 | ec_GFp_simple_group_copy, | 77 | ec_GFp_simple_group_copy, |
| 70 | ec_GFp_simple_group_set_curve_GFp, | 78 | ec_GFp_simple_group_set_curve, |
| 71 | ec_GFp_simple_group_get_curve_GFp, | 79 | ec_GFp_simple_group_get_curve, |
| 72 | ec_GFp_simple_group_set_generator, | 80 | ec_GFp_simple_group_get_degree, |
| 73 | ec_GFp_simple_group_get0_generator, | 81 | ec_GFp_simple_group_check_discriminant, |
| 74 | ec_GFp_simple_group_get_order, | ||
| 75 | ec_GFp_simple_group_get_cofactor, | ||
| 76 | ec_GFp_simple_point_init, | 82 | ec_GFp_simple_point_init, |
| 77 | ec_GFp_simple_point_finish, | 83 | ec_GFp_simple_point_finish, |
| 78 | ec_GFp_simple_point_clear_finish, | 84 | ec_GFp_simple_point_clear_finish, |
| @@ -80,9 +86,9 @@ const EC_METHOD *EC_GFp_simple_method(void) | |||
| 80 | ec_GFp_simple_point_set_to_infinity, | 86 | ec_GFp_simple_point_set_to_infinity, |
| 81 | ec_GFp_simple_set_Jprojective_coordinates_GFp, | 87 | ec_GFp_simple_set_Jprojective_coordinates_GFp, |
| 82 | ec_GFp_simple_get_Jprojective_coordinates_GFp, | 88 | ec_GFp_simple_get_Jprojective_coordinates_GFp, |
| 83 | ec_GFp_simple_point_set_affine_coordinates_GFp, | 89 | ec_GFp_simple_point_set_affine_coordinates, |
| 84 | ec_GFp_simple_point_get_affine_coordinates_GFp, | 90 | ec_GFp_simple_point_get_affine_coordinates, |
| 85 | ec_GFp_simple_set_compressed_coordinates_GFp, | 91 | ec_GFp_simple_set_compressed_coordinates, |
| 86 | ec_GFp_simple_point2oct, | 92 | ec_GFp_simple_point2oct, |
| 87 | ec_GFp_simple_oct2point, | 93 | ec_GFp_simple_oct2point, |
| 88 | ec_GFp_simple_add, | 94 | ec_GFp_simple_add, |
| @@ -93,8 +99,12 @@ const EC_METHOD *EC_GFp_simple_method(void) | |||
| 93 | ec_GFp_simple_cmp, | 99 | ec_GFp_simple_cmp, |
| 94 | ec_GFp_simple_make_affine, | 100 | ec_GFp_simple_make_affine, |
| 95 | ec_GFp_simple_points_make_affine, | 101 | ec_GFp_simple_points_make_affine, |
| 102 | 0 /* mul */, | ||
| 103 | 0 /* precompute_mult */, | ||
| 104 | 0 /* have_precompute_mult */, | ||
| 96 | ec_GFp_simple_field_mul, | 105 | ec_GFp_simple_field_mul, |
| 97 | ec_GFp_simple_field_sqr, | 106 | ec_GFp_simple_field_sqr, |
| 107 | 0 /* field_div */, | ||
| 98 | 0 /* field_encode */, | 108 | 0 /* field_encode */, |
| 99 | 0 /* field_decode */, | 109 | 0 /* field_decode */, |
| 100 | 0 /* field_set_to_one */ }; | 110 | 0 /* field_set_to_one */ }; |
| @@ -103,15 +113,26 @@ const EC_METHOD *EC_GFp_simple_method(void) | |||
| 103 | } | 113 | } |
| 104 | 114 | ||
| 105 | 115 | ||
| 116 | /* Most method functions in this file are designed to work with | ||
| 117 | * non-trivial representations of field elements if necessary | ||
| 118 | * (see ecp_mont.c): while standard modular addition and subtraction | ||
| 119 | * are used, the field_mul and field_sqr methods will be used for | ||
| 120 | * multiplication, and field_encode and field_decode (if defined) | ||
| 121 | * will be used for converting between representations. | ||
| 122 | |||
| 123 | * Functions ec_GFp_simple_points_make_affine() and | ||
| 124 | * ec_GFp_simple_point_get_affine_coordinates() specifically assume | ||
| 125 | * that if a non-trivial representation is used, it is a Montgomery | ||
| 126 | * representation (i.e. 'encoding' means multiplying by some factor R). | ||
| 127 | */ | ||
| 128 | |||
| 129 | |||
| 106 | int ec_GFp_simple_group_init(EC_GROUP *group) | 130 | int ec_GFp_simple_group_init(EC_GROUP *group) |
| 107 | { | 131 | { |
| 108 | BN_init(&group->field); | 132 | BN_init(&group->field); |
| 109 | BN_init(&group->a); | 133 | BN_init(&group->a); |
| 110 | BN_init(&group->b); | 134 | BN_init(&group->b); |
| 111 | group->a_is_minus3 = 0; | 135 | group->a_is_minus3 = 0; |
| 112 | group->generator = NULL; | ||
| 113 | BN_init(&group->order); | ||
| 114 | BN_init(&group->cofactor); | ||
| 115 | return 1; | 136 | return 1; |
| 116 | } | 137 | } |
| 117 | 138 | ||
| @@ -121,10 +142,6 @@ void ec_GFp_simple_group_finish(EC_GROUP *group) | |||
| 121 | BN_free(&group->field); | 142 | BN_free(&group->field); |
| 122 | BN_free(&group->a); | 143 | BN_free(&group->a); |
| 123 | BN_free(&group->b); | 144 | BN_free(&group->b); |
| 124 | if (group->generator != NULL) | ||
| 125 | EC_POINT_free(group->generator); | ||
| 126 | BN_free(&group->order); | ||
| 127 | BN_free(&group->cofactor); | ||
| 128 | } | 145 | } |
| 129 | 146 | ||
| 130 | 147 | ||
| @@ -133,13 +150,6 @@ void ec_GFp_simple_group_clear_finish(EC_GROUP *group) | |||
| 133 | BN_clear_free(&group->field); | 150 | BN_clear_free(&group->field); |
| 134 | BN_clear_free(&group->a); | 151 | BN_clear_free(&group->a); |
| 135 | BN_clear_free(&group->b); | 152 | BN_clear_free(&group->b); |
| 136 | if (group->generator != NULL) | ||
| 137 | { | ||
| 138 | EC_POINT_clear_free(group->generator); | ||
| 139 | group->generator = NULL; | ||
| 140 | } | ||
| 141 | BN_clear_free(&group->order); | ||
| 142 | BN_clear_free(&group->cofactor); | ||
| 143 | } | 153 | } |
| 144 | 154 | ||
| 145 | 155 | ||
| @@ -151,33 +161,11 @@ int ec_GFp_simple_group_copy(EC_GROUP *dest, const EC_GROUP *src) | |||
| 151 | 161 | ||
| 152 | dest->a_is_minus3 = src->a_is_minus3; | 162 | dest->a_is_minus3 = src->a_is_minus3; |
| 153 | 163 | ||
| 154 | if (src->generator != NULL) | ||
| 155 | { | ||
| 156 | if (dest->generator == NULL) | ||
| 157 | { | ||
| 158 | dest->generator = EC_POINT_new(dest); | ||
| 159 | if (dest->generator == NULL) return 0; | ||
| 160 | } | ||
| 161 | if (!EC_POINT_copy(dest->generator, src->generator)) return 0; | ||
| 162 | } | ||
| 163 | else | ||
| 164 | { | ||
| 165 | /* src->generator == NULL */ | ||
| 166 | if (dest->generator != NULL) | ||
| 167 | { | ||
| 168 | EC_POINT_clear_free(dest->generator); | ||
| 169 | dest->generator = NULL; | ||
| 170 | } | ||
| 171 | } | ||
| 172 | |||
| 173 | if (!BN_copy(&dest->order, &src->order)) return 0; | ||
| 174 | if (!BN_copy(&dest->cofactor, &src->cofactor)) return 0; | ||
| 175 | |||
| 176 | return 1; | 164 | return 1; |
| 177 | } | 165 | } |
| 178 | 166 | ||
| 179 | 167 | ||
| 180 | int ec_GFp_simple_group_set_curve_GFp(EC_GROUP *group, | 168 | int ec_GFp_simple_group_set_curve(EC_GROUP *group, |
| 181 | const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) | 169 | const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) |
| 182 | { | 170 | { |
| 183 | int ret = 0; | 171 | int ret = 0; |
| @@ -187,7 +175,7 @@ int ec_GFp_simple_group_set_curve_GFp(EC_GROUP *group, | |||
| 187 | /* p must be a prime > 3 */ | 175 | /* p must be a prime > 3 */ |
| 188 | if (BN_num_bits(p) <= 2 || !BN_is_odd(p)) | 176 | if (BN_num_bits(p) <= 2 || !BN_is_odd(p)) |
| 189 | { | 177 | { |
| 190 | ECerr(EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE_GFP, EC_R_INVALID_FIELD); | 178 | ECerr(EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE, EC_R_INVALID_FIELD); |
| 191 | return 0; | 179 | return 0; |
| 192 | } | 180 | } |
| 193 | 181 | ||
| @@ -204,7 +192,7 @@ int ec_GFp_simple_group_set_curve_GFp(EC_GROUP *group, | |||
| 204 | 192 | ||
| 205 | /* group->field */ | 193 | /* group->field */ |
| 206 | if (!BN_copy(&group->field, p)) goto err; | 194 | if (!BN_copy(&group->field, p)) goto err; |
| 207 | group->field.neg = 0; | 195 | BN_set_negative(&group->field, 0); |
| 208 | 196 | ||
| 209 | /* group->a */ | 197 | /* group->a */ |
| 210 | if (!BN_nnmod(tmp_a, a, p, ctx)) goto err; | 198 | if (!BN_nnmod(tmp_a, a, p, ctx)) goto err; |
| @@ -232,7 +220,7 @@ int ec_GFp_simple_group_set_curve_GFp(EC_GROUP *group, | |||
| 232 | } | 220 | } |
| 233 | 221 | ||
| 234 | 222 | ||
| 235 | int ec_GFp_simple_group_get_curve_GFp(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, BIGNUM *b, BN_CTX *ctx) | 223 | int ec_GFp_simple_group_get_curve(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, BIGNUM *b, BN_CTX *ctx) |
| 236 | { | 224 | { |
| 237 | int ret = 0; | 225 | int ret = 0; |
| 238 | BN_CTX *new_ctx = NULL; | 226 | BN_CTX *new_ctx = NULL; |
| @@ -283,58 +271,76 @@ int ec_GFp_simple_group_get_curve_GFp(const EC_GROUP *group, BIGNUM *p, BIGNUM * | |||
| 283 | } | 271 | } |
| 284 | 272 | ||
| 285 | 273 | ||
| 274 | int ec_GFp_simple_group_get_degree(const EC_GROUP *group) | ||
| 275 | { | ||
| 276 | return BN_num_bits(&group->field); | ||
| 277 | } | ||
| 278 | |||
| 286 | 279 | ||
| 287 | int ec_GFp_simple_group_set_generator(EC_GROUP *group, const EC_POINT *generator, | 280 | int ec_GFp_simple_group_check_discriminant(const EC_GROUP *group, BN_CTX *ctx) |
| 288 | const BIGNUM *order, const BIGNUM *cofactor) | ||
| 289 | { | 281 | { |
| 290 | if (generator == NULL) | 282 | int ret = 0; |
| 283 | BIGNUM *a,*b,*order,*tmp_1,*tmp_2; | ||
| 284 | const BIGNUM *p = &group->field; | ||
| 285 | BN_CTX *new_ctx = NULL; | ||
| 286 | |||
| 287 | if (ctx == NULL) | ||
| 291 | { | 288 | { |
| 292 | ECerr(EC_F_EC_GFP_SIMPLE_GROUP_SET_GENERATOR, ERR_R_PASSED_NULL_PARAMETER); | 289 | ctx = new_ctx = BN_CTX_new(); |
| 293 | return 0 ; | 290 | if (ctx == NULL) |
| 291 | { | ||
| 292 | ECerr(EC_F_EC_GFP_SIMPLE_GROUP_CHECK_DISCRIMINANT, ERR_R_MALLOC_FAILURE); | ||
| 293 | goto err; | ||
| 294 | } | ||
| 294 | } | 295 | } |
| 296 | BN_CTX_start(ctx); | ||
| 297 | a = BN_CTX_get(ctx); | ||
| 298 | b = BN_CTX_get(ctx); | ||
| 299 | tmp_1 = BN_CTX_get(ctx); | ||
| 300 | tmp_2 = BN_CTX_get(ctx); | ||
| 301 | order = BN_CTX_get(ctx); | ||
| 302 | if (order == NULL) goto err; | ||
| 295 | 303 | ||
| 296 | if (group->generator == NULL) | 304 | if (group->meth->field_decode) |
| 297 | { | 305 | { |
| 298 | group->generator = EC_POINT_new(group); | 306 | if (!group->meth->field_decode(group, a, &group->a, ctx)) goto err; |
| 299 | if (group->generator == NULL) return 0; | 307 | if (!group->meth->field_decode(group, b, &group->b, ctx)) goto err; |
| 300 | } | 308 | } |
| 301 | if (!EC_POINT_copy(group->generator, generator)) return 0; | ||
| 302 | |||
| 303 | if (order != NULL) | ||
| 304 | { if (!BN_copy(&group->order, order)) return 0; } | ||
| 305 | else | ||
| 306 | { if (!BN_zero(&group->order)) return 0; } | ||
| 307 | |||
| 308 | if (cofactor != NULL) | ||
| 309 | { if (!BN_copy(&group->cofactor, cofactor)) return 0; } | ||
| 310 | else | 309 | else |
| 311 | { if (!BN_zero(&group->cofactor)) return 0; } | 310 | { |
| 312 | 311 | if (!BN_copy(a, &group->a)) goto err; | |
| 313 | return 1; | 312 | if (!BN_copy(b, &group->b)) goto err; |
| 314 | } | 313 | } |
| 315 | 314 | ||
| 316 | 315 | /* check the discriminant: | |
| 317 | EC_POINT *ec_GFp_simple_group_get0_generator(const EC_GROUP *group) | 316 | * y^2 = x^3 + a*x + b is an elliptic curve <=> 4*a^3 + 27*b^2 != 0 (mod p) |
| 318 | { | 317 | * 0 =< a, b < p */ |
| 319 | return group->generator; | 318 | if (BN_is_zero(a)) |
| 320 | } | 319 | { |
| 321 | 320 | if (BN_is_zero(b)) goto err; | |
| 322 | 321 | } | |
| 323 | int ec_GFp_simple_group_get_order(const EC_GROUP *group, BIGNUM *order, BN_CTX *ctx) | 322 | else if (!BN_is_zero(b)) |
| 324 | { | 323 | { |
| 325 | if (!BN_copy(order, &group->order)) | 324 | if (!BN_mod_sqr(tmp_1, a, p, ctx)) goto err; |
| 326 | return 0; | 325 | if (!BN_mod_mul(tmp_2, tmp_1, a, p, ctx)) goto err; |
| 327 | 326 | if (!BN_lshift(tmp_1, tmp_2, 2)) goto err; | |
| 328 | return !BN_is_zero(&group->order); | 327 | /* tmp_1 = 4*a^3 */ |
| 329 | } | ||
| 330 | 328 | ||
| 329 | if (!BN_mod_sqr(tmp_2, b, p, ctx)) goto err; | ||
| 330 | if (!BN_mul_word(tmp_2, 27)) goto err; | ||
| 331 | /* tmp_2 = 27*b^2 */ | ||
| 331 | 332 | ||
| 332 | int ec_GFp_simple_group_get_cofactor(const EC_GROUP *group, BIGNUM *cofactor, BN_CTX *ctx) | 333 | if (!BN_mod_add(a, tmp_1, tmp_2, p, ctx)) goto err; |
| 333 | { | 334 | if (BN_is_zero(a)) goto err; |
| 334 | if (!BN_copy(cofactor, &group->cofactor)) | 335 | } |
| 335 | return 0; | 336 | ret = 1; |
| 336 | 337 | ||
| 337 | return !BN_is_zero(&group->cofactor); | 338 | err: |
| 339 | if (ctx != NULL) | ||
| 340 | BN_CTX_end(ctx); | ||
| 341 | if (new_ctx != NULL) | ||
| 342 | BN_CTX_free(new_ctx); | ||
| 343 | return ret; | ||
| 338 | } | 344 | } |
| 339 | 345 | ||
| 340 | 346 | ||
| @@ -380,7 +386,8 @@ int ec_GFp_simple_point_copy(EC_POINT *dest, const EC_POINT *src) | |||
| 380 | int ec_GFp_simple_point_set_to_infinity(const EC_GROUP *group, EC_POINT *point) | 386 | int ec_GFp_simple_point_set_to_infinity(const EC_GROUP *group, EC_POINT *point) |
| 381 | { | 387 | { |
| 382 | point->Z_is_one = 0; | 388 | point->Z_is_one = 0; |
| 383 | return (BN_zero(&point->Z)); | 389 | BN_zero(&point->Z); |
| 390 | return 1; | ||
| 384 | } | 391 | } |
| 385 | 392 | ||
| 386 | 393 | ||
| @@ -497,13 +504,13 @@ int ec_GFp_simple_get_Jprojective_coordinates_GFp(const EC_GROUP *group, const E | |||
| 497 | } | 504 | } |
| 498 | 505 | ||
| 499 | 506 | ||
| 500 | int ec_GFp_simple_point_set_affine_coordinates_GFp(const EC_GROUP *group, EC_POINT *point, | 507 | int ec_GFp_simple_point_set_affine_coordinates(const EC_GROUP *group, EC_POINT *point, |
| 501 | const BIGNUM *x, const BIGNUM *y, BN_CTX *ctx) | 508 | const BIGNUM *x, const BIGNUM *y, BN_CTX *ctx) |
| 502 | { | 509 | { |
| 503 | if (x == NULL || y == NULL) | 510 | if (x == NULL || y == NULL) |
| 504 | { | 511 | { |
| 505 | /* unlike for projective coordinates, we do not tolerate this */ | 512 | /* unlike for projective coordinates, we do not tolerate this */ |
| 506 | ECerr(EC_F_EC_GFP_SIMPLE_POINT_SET_AFFINE_COORDINATES_GFP, ERR_R_PASSED_NULL_PARAMETER); | 513 | ECerr(EC_F_EC_GFP_SIMPLE_POINT_SET_AFFINE_COORDINATES, ERR_R_PASSED_NULL_PARAMETER); |
| 507 | return 0; | 514 | return 0; |
| 508 | } | 515 | } |
| 509 | 516 | ||
| @@ -511,17 +518,17 @@ int ec_GFp_simple_point_set_affine_coordinates_GFp(const EC_GROUP *group, EC_POI | |||
| 511 | } | 518 | } |
| 512 | 519 | ||
| 513 | 520 | ||
| 514 | int ec_GFp_simple_point_get_affine_coordinates_GFp(const EC_GROUP *group, const EC_POINT *point, | 521 | int ec_GFp_simple_point_get_affine_coordinates(const EC_GROUP *group, const EC_POINT *point, |
| 515 | BIGNUM *x, BIGNUM *y, BN_CTX *ctx) | 522 | BIGNUM *x, BIGNUM *y, BN_CTX *ctx) |
| 516 | { | 523 | { |
| 517 | BN_CTX *new_ctx = NULL; | 524 | BN_CTX *new_ctx = NULL; |
| 518 | BIGNUM *X, *Y, *Z, *Z_1, *Z_2, *Z_3; | 525 | BIGNUM *Z, *Z_1, *Z_2, *Z_3; |
| 519 | const BIGNUM *X_, *Y_, *Z_; | 526 | const BIGNUM *Z_; |
| 520 | int ret = 0; | 527 | int ret = 0; |
| 521 | 528 | ||
| 522 | if (EC_POINT_is_at_infinity(group, point)) | 529 | if (EC_POINT_is_at_infinity(group, point)) |
| 523 | { | 530 | { |
| 524 | ECerr(EC_F_EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES_GFP, EC_R_POINT_AT_INFINITY); | 531 | ECerr(EC_F_EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES, EC_R_POINT_AT_INFINITY); |
| 525 | return 0; | 532 | return 0; |
| 526 | } | 533 | } |
| 527 | 534 | ||
| @@ -533,8 +540,6 @@ int ec_GFp_simple_point_get_affine_coordinates_GFp(const EC_GROUP *group, const | |||
| 533 | } | 540 | } |
| 534 | 541 | ||
| 535 | BN_CTX_start(ctx); | 542 | BN_CTX_start(ctx); |
| 536 | X = BN_CTX_get(ctx); | ||
| 537 | Y = BN_CTX_get(ctx); | ||
| 538 | Z = BN_CTX_get(ctx); | 543 | Z = BN_CTX_get(ctx); |
| 539 | Z_1 = BN_CTX_get(ctx); | 544 | Z_1 = BN_CTX_get(ctx); |
| 540 | Z_2 = BN_CTX_get(ctx); | 545 | Z_2 = BN_CTX_get(ctx); |
| @@ -545,34 +550,44 @@ int ec_GFp_simple_point_get_affine_coordinates_GFp(const EC_GROUP *group, const | |||
| 545 | 550 | ||
| 546 | if (group->meth->field_decode) | 551 | if (group->meth->field_decode) |
| 547 | { | 552 | { |
| 548 | if (!group->meth->field_decode(group, X, &point->X, ctx)) goto err; | ||
| 549 | if (!group->meth->field_decode(group, Y, &point->Y, ctx)) goto err; | ||
| 550 | if (!group->meth->field_decode(group, Z, &point->Z, ctx)) goto err; | 553 | if (!group->meth->field_decode(group, Z, &point->Z, ctx)) goto err; |
| 551 | X_ = X; Y_ = Y; Z_ = Z; | 554 | Z_ = Z; |
| 552 | } | 555 | } |
| 553 | else | 556 | else |
| 554 | { | 557 | { |
| 555 | X_ = &point->X; | ||
| 556 | Y_ = &point->Y; | ||
| 557 | Z_ = &point->Z; | 558 | Z_ = &point->Z; |
| 558 | } | 559 | } |
| 559 | 560 | ||
| 560 | if (BN_is_one(Z_)) | 561 | if (BN_is_one(Z_)) |
| 561 | { | 562 | { |
| 562 | if (x != NULL) | 563 | if (group->meth->field_decode) |
| 563 | { | 564 | { |
| 564 | if (!BN_copy(x, X_)) goto err; | 565 | if (x != NULL) |
| 566 | { | ||
| 567 | if (!group->meth->field_decode(group, x, &point->X, ctx)) goto err; | ||
| 568 | } | ||
| 569 | if (y != NULL) | ||
| 570 | { | ||
| 571 | if (!group->meth->field_decode(group, y, &point->Y, ctx)) goto err; | ||
| 572 | } | ||
| 565 | } | 573 | } |
| 566 | if (y != NULL) | 574 | else |
| 567 | { | 575 | { |
| 568 | if (!BN_copy(y, Y_)) goto err; | 576 | if (x != NULL) |
| 577 | { | ||
| 578 | if (!BN_copy(x, &point->X)) goto err; | ||
| 579 | } | ||
| 580 | if (y != NULL) | ||
| 581 | { | ||
| 582 | if (!BN_copy(y, &point->Y)) goto err; | ||
| 583 | } | ||
| 569 | } | 584 | } |
| 570 | } | 585 | } |
| 571 | else | 586 | else |
| 572 | { | 587 | { |
| 573 | if (!BN_mod_inverse(Z_1, Z_, &group->field, ctx)) | 588 | if (!BN_mod_inverse(Z_1, Z_, &group->field, ctx)) |
| 574 | { | 589 | { |
| 575 | ECerr(EC_F_EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES_GFP, ERR_R_BN_LIB); | 590 | ECerr(EC_F_EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES, ERR_R_BN_LIB); |
| 576 | goto err; | 591 | goto err; |
| 577 | } | 592 | } |
| 578 | 593 | ||
| @@ -588,15 +603,8 @@ int ec_GFp_simple_point_get_affine_coordinates_GFp(const EC_GROUP *group, const | |||
| 588 | 603 | ||
| 589 | if (x != NULL) | 604 | if (x != NULL) |
| 590 | { | 605 | { |
| 591 | if (group->meth->field_encode == 0) | 606 | /* in the Montgomery case, field_mul will cancel out Montgomery factor in X: */ |
| 592 | { | 607 | if (!group->meth->field_mul(group, x, &point->X, Z_2, ctx)) goto err; |
| 593 | /* field_mul works on standard representation */ | ||
| 594 | if (!group->meth->field_mul(group, x, X_, Z_2, ctx)) goto err; | ||
| 595 | } | ||
| 596 | else | ||
| 597 | { | ||
| 598 | if (!BN_mod_mul(x, X_, Z_2, &group->field, ctx)) goto err; | ||
| 599 | } | ||
| 600 | } | 608 | } |
| 601 | 609 | ||
| 602 | if (y != NULL) | 610 | if (y != NULL) |
| @@ -605,14 +613,14 @@ int ec_GFp_simple_point_get_affine_coordinates_GFp(const EC_GROUP *group, const | |||
| 605 | { | 613 | { |
| 606 | /* field_mul works on standard representation */ | 614 | /* field_mul works on standard representation */ |
| 607 | if (!group->meth->field_mul(group, Z_3, Z_2, Z_1, ctx)) goto err; | 615 | if (!group->meth->field_mul(group, Z_3, Z_2, Z_1, ctx)) goto err; |
| 608 | if (!group->meth->field_mul(group, y, Y_, Z_3, ctx)) goto err; | ||
| 609 | |||
| 610 | } | 616 | } |
| 611 | else | 617 | else |
| 612 | { | 618 | { |
| 613 | if (!BN_mod_mul(Z_3, Z_2, Z_1, &group->field, ctx)) goto err; | 619 | if (!BN_mod_mul(Z_3, Z_2, Z_1, &group->field, ctx)) goto err; |
| 614 | if (!BN_mod_mul(y, Y_, Z_3, &group->field, ctx)) goto err; | ||
| 615 | } | 620 | } |
| 621 | |||
| 622 | /* in the Montgomery case, field_mul will cancel out Montgomery factor in Y: */ | ||
| 623 | if (!group->meth->field_mul(group, y, &point->Y, Z_3, ctx)) goto err; | ||
| 616 | } | 624 | } |
| 617 | } | 625 | } |
| 618 | 626 | ||
| @@ -626,13 +634,16 @@ int ec_GFp_simple_point_get_affine_coordinates_GFp(const EC_GROUP *group, const | |||
| 626 | } | 634 | } |
| 627 | 635 | ||
| 628 | 636 | ||
| 629 | int ec_GFp_simple_set_compressed_coordinates_GFp(const EC_GROUP *group, EC_POINT *point, | 637 | int ec_GFp_simple_set_compressed_coordinates(const EC_GROUP *group, EC_POINT *point, |
| 630 | const BIGNUM *x_, int y_bit, BN_CTX *ctx) | 638 | const BIGNUM *x_, int y_bit, BN_CTX *ctx) |
| 631 | { | 639 | { |
| 632 | BN_CTX *new_ctx = NULL; | 640 | BN_CTX *new_ctx = NULL; |
| 633 | BIGNUM *tmp1, *tmp2, *x, *y; | 641 | BIGNUM *tmp1, *tmp2, *x, *y; |
| 634 | int ret = 0; | 642 | int ret = 0; |
| 635 | 643 | ||
| 644 | /* clear error queue*/ | ||
| 645 | ERR_clear_error(); | ||
| 646 | |||
| 636 | if (ctx == NULL) | 647 | if (ctx == NULL) |
| 637 | { | 648 | { |
| 638 | ctx = new_ctx = BN_CTX_new(); | 649 | ctx = new_ctx = BN_CTX_new(); |
| @@ -704,19 +715,17 @@ int ec_GFp_simple_set_compressed_coordinates_GFp(const EC_GROUP *group, EC_POINT | |||
| 704 | 715 | ||
| 705 | if (!BN_mod_sqrt(y, tmp1, &group->field, ctx)) | 716 | if (!BN_mod_sqrt(y, tmp1, &group->field, ctx)) |
| 706 | { | 717 | { |
| 707 | unsigned long err = ERR_peek_error(); | 718 | unsigned long err = ERR_peek_last_error(); |
| 708 | 719 | ||
| 709 | if (ERR_GET_LIB(err) == ERR_LIB_BN && ERR_GET_REASON(err) == BN_R_NOT_A_SQUARE) | 720 | if (ERR_GET_LIB(err) == ERR_LIB_BN && ERR_GET_REASON(err) == BN_R_NOT_A_SQUARE) |
| 710 | { | 721 | { |
| 711 | (void)ERR_get_error(); | 722 | ERR_clear_error(); |
| 712 | ECerr(EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES_GFP, EC_R_INVALID_COMPRESSED_POINT); | 723 | ECerr(EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES, EC_R_INVALID_COMPRESSED_POINT); |
| 713 | } | 724 | } |
| 714 | else | 725 | else |
| 715 | ECerr(EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES_GFP, ERR_R_BN_LIB); | 726 | ECerr(EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES, ERR_R_BN_LIB); |
| 716 | goto err; | 727 | goto err; |
| 717 | } | 728 | } |
| 718 | /* If tmp1 is not a square (i.e. there is no point on the curve with | ||
| 719 | * our x), then y now is a nonsense value too */ | ||
| 720 | 729 | ||
| 721 | if (y_bit != BN_is_odd(y)) | 730 | if (y_bit != BN_is_odd(y)) |
| 722 | { | 731 | { |
| @@ -728,16 +737,17 @@ int ec_GFp_simple_set_compressed_coordinates_GFp(const EC_GROUP *group, EC_POINT | |||
| 728 | if (kron == -2) goto err; | 737 | if (kron == -2) goto err; |
| 729 | 738 | ||
| 730 | if (kron == 1) | 739 | if (kron == 1) |
| 731 | ECerr(EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES_GFP, EC_R_INVALID_COMPRESSION_BIT); | 740 | ECerr(EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES, EC_R_INVALID_COMPRESSION_BIT); |
| 732 | else | 741 | else |
| 733 | ECerr(EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES_GFP, EC_R_INVALID_COMPRESSED_POINT); | 742 | /* BN_mod_sqrt() should have cought this error (not a square) */ |
| 743 | ECerr(EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES, EC_R_INVALID_COMPRESSED_POINT); | ||
| 734 | goto err; | 744 | goto err; |
| 735 | } | 745 | } |
| 736 | if (!BN_usub(y, &group->field, y)) goto err; | 746 | if (!BN_usub(y, &group->field, y)) goto err; |
| 737 | } | 747 | } |
| 738 | if (y_bit != BN_is_odd(y)) | 748 | if (y_bit != BN_is_odd(y)) |
| 739 | { | 749 | { |
| 740 | ECerr(EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES_GFP, ERR_R_INTERNAL_ERROR); | 750 | ECerr(EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES, ERR_R_INTERNAL_ERROR); |
| 741 | goto err; | 751 | goto err; |
| 742 | } | 752 | } |
| 743 | 753 | ||
| @@ -1088,7 +1098,7 @@ int ec_GFp_simple_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, con | |||
| 1088 | else | 1098 | else |
| 1089 | { | 1099 | { |
| 1090 | /* a is the inverse of b */ | 1100 | /* a is the inverse of b */ |
| 1091 | if (!BN_zero(&r->Z)) goto end; | 1101 | BN_zero(&r->Z); |
| 1092 | r->Z_is_one = 0; | 1102 | r->Z_is_one = 0; |
| 1093 | ret = 1; | 1103 | ret = 1; |
| 1094 | goto end; | 1104 | goto end; |
| @@ -1164,7 +1174,7 @@ int ec_GFp_simple_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, BN_ | |||
| 1164 | 1174 | ||
| 1165 | if (EC_POINT_is_at_infinity(group, a)) | 1175 | if (EC_POINT_is_at_infinity(group, a)) |
| 1166 | { | 1176 | { |
| 1167 | if (!BN_zero(&r->Z)) return 0; | 1177 | BN_zero(&r->Z); |
| 1168 | r->Z_is_one = 0; | 1178 | r->Z_is_one = 0; |
| 1169 | return 1; | 1179 | return 1; |
| 1170 | } | 1180 | } |
| @@ -1292,7 +1302,7 @@ int ec_GFp_simple_is_on_curve(const EC_GROUP *group, const EC_POINT *point, BN_C | |||
| 1292 | int (*field_sqr)(const EC_GROUP *, BIGNUM *, const BIGNUM *, BN_CTX *); | 1302 | int (*field_sqr)(const EC_GROUP *, BIGNUM *, const BIGNUM *, BN_CTX *); |
| 1293 | const BIGNUM *p; | 1303 | const BIGNUM *p; |
| 1294 | BN_CTX *new_ctx = NULL; | 1304 | BN_CTX *new_ctx = NULL; |
| 1295 | BIGNUM *rh, *tmp1, *tmp2, *Z4, *Z6; | 1305 | BIGNUM *rh, *tmp, *Z4, *Z6; |
| 1296 | int ret = -1; | 1306 | int ret = -1; |
| 1297 | 1307 | ||
| 1298 | if (EC_POINT_is_at_infinity(group, point)) | 1308 | if (EC_POINT_is_at_infinity(group, point)) |
| @@ -1311,8 +1321,7 @@ int ec_GFp_simple_is_on_curve(const EC_GROUP *group, const EC_POINT *point, BN_C | |||
| 1311 | 1321 | ||
| 1312 | BN_CTX_start(ctx); | 1322 | BN_CTX_start(ctx); |
| 1313 | rh = BN_CTX_get(ctx); | 1323 | rh = BN_CTX_get(ctx); |
| 1314 | tmp1 = BN_CTX_get(ctx); | 1324 | tmp = BN_CTX_get(ctx); |
| 1315 | tmp2 = BN_CTX_get(ctx); | ||
| 1316 | Z4 = BN_CTX_get(ctx); | 1325 | Z4 = BN_CTX_get(ctx); |
| 1317 | Z6 = BN_CTX_get(ctx); | 1326 | Z6 = BN_CTX_get(ctx); |
| 1318 | if (Z6 == NULL) goto err; | 1327 | if (Z6 == NULL) goto err; |
| @@ -1326,59 +1335,49 @@ int ec_GFp_simple_is_on_curve(const EC_GROUP *group, const EC_POINT *point, BN_C | |||
| 1326 | * To test this, we add up the right-hand side in 'rh'. | 1335 | * To test this, we add up the right-hand side in 'rh'. |
| 1327 | */ | 1336 | */ |
| 1328 | 1337 | ||
| 1329 | /* rh := X^3 */ | 1338 | /* rh := X^2 */ |
| 1330 | if (!field_sqr(group, rh, &point->X, ctx)) goto err; | 1339 | if (!field_sqr(group, rh, &point->X, ctx)) goto err; |
| 1331 | if (!field_mul(group, rh, rh, &point->X, ctx)) goto err; | ||
| 1332 | 1340 | ||
| 1333 | if (!point->Z_is_one) | 1341 | if (!point->Z_is_one) |
| 1334 | { | 1342 | { |
| 1335 | if (!field_sqr(group, tmp1, &point->Z, ctx)) goto err; | 1343 | if (!field_sqr(group, tmp, &point->Z, ctx)) goto err; |
| 1336 | if (!field_sqr(group, Z4, tmp1, ctx)) goto err; | 1344 | if (!field_sqr(group, Z4, tmp, ctx)) goto err; |
| 1337 | if (!field_mul(group, Z6, Z4, tmp1, ctx)) goto err; | 1345 | if (!field_mul(group, Z6, Z4, tmp, ctx)) goto err; |
| 1338 | 1346 | ||
| 1339 | /* rh := rh + a*X*Z^4 */ | 1347 | /* rh := (rh + a*Z^4)*X */ |
| 1340 | if (!field_mul(group, tmp1, &point->X, Z4, ctx)) goto err; | ||
| 1341 | if (group->a_is_minus3) | 1348 | if (group->a_is_minus3) |
| 1342 | { | 1349 | { |
| 1343 | if (!BN_mod_lshift1_quick(tmp2, tmp1, p)) goto err; | 1350 | if (!BN_mod_lshift1_quick(tmp, Z4, p)) goto err; |
| 1344 | if (!BN_mod_add_quick(tmp2, tmp2, tmp1, p)) goto err; | 1351 | if (!BN_mod_add_quick(tmp, tmp, Z4, p)) goto err; |
| 1345 | if (!BN_mod_sub_quick(rh, rh, tmp2, p)) goto err; | 1352 | if (!BN_mod_sub_quick(rh, rh, tmp, p)) goto err; |
| 1353 | if (!field_mul(group, rh, rh, &point->X, ctx)) goto err; | ||
| 1346 | } | 1354 | } |
| 1347 | else | 1355 | else |
| 1348 | { | 1356 | { |
| 1349 | if (!field_mul(group, tmp2, tmp1, &group->a, ctx)) goto err; | 1357 | if (!field_mul(group, tmp, Z4, &group->a, ctx)) goto err; |
| 1350 | if (!BN_mod_add_quick(rh, rh, tmp2, p)) goto err; | 1358 | if (!BN_mod_add_quick(rh, rh, tmp, p)) goto err; |
| 1359 | if (!field_mul(group, rh, rh, &point->X, ctx)) goto err; | ||
| 1351 | } | 1360 | } |
| 1352 | 1361 | ||
| 1353 | /* rh := rh + b*Z^6 */ | 1362 | /* rh := rh + b*Z^6 */ |
| 1354 | if (!field_mul(group, tmp1, &group->b, Z6, ctx)) goto err; | 1363 | if (!field_mul(group, tmp, &group->b, Z6, ctx)) goto err; |
| 1355 | if (!BN_mod_add_quick(rh, rh, tmp1, p)) goto err; | 1364 | if (!BN_mod_add_quick(rh, rh, tmp, p)) goto err; |
| 1356 | } | 1365 | } |
| 1357 | else | 1366 | else |
| 1358 | { | 1367 | { |
| 1359 | /* point->Z_is_one */ | 1368 | /* point->Z_is_one */ |
| 1360 | 1369 | ||
| 1361 | /* rh := rh + a*X */ | 1370 | /* rh := (rh + a)*X */ |
| 1362 | if (group->a_is_minus3) | 1371 | if (!BN_mod_add_quick(rh, rh, &group->a, p)) goto err; |
| 1363 | { | 1372 | if (!field_mul(group, rh, rh, &point->X, ctx)) goto err; |
| 1364 | if (!BN_mod_lshift1_quick(tmp2, &point->X, p)) goto err; | ||
| 1365 | if (!BN_mod_add_quick(tmp2, tmp2, &point->X, p)) goto err; | ||
| 1366 | if (!BN_mod_sub_quick(rh, rh, tmp2, p)) goto err; | ||
| 1367 | } | ||
| 1368 | else | ||
| 1369 | { | ||
| 1370 | if (!field_mul(group, tmp2, &point->X, &group->a, ctx)) goto err; | ||
| 1371 | if (!BN_mod_add_quick(rh, rh, tmp2, p)) goto err; | ||
| 1372 | } | ||
| 1373 | |||
| 1374 | /* rh := rh + b */ | 1373 | /* rh := rh + b */ |
| 1375 | if (!BN_mod_add_quick(rh, rh, &group->b, p)) goto err; | 1374 | if (!BN_mod_add_quick(rh, rh, &group->b, p)) goto err; |
| 1376 | } | 1375 | } |
| 1377 | 1376 | ||
| 1378 | /* 'lh' := Y^2 */ | 1377 | /* 'lh' := Y^2 */ |
| 1379 | if (!field_sqr(group, tmp1, &point->Y, ctx)) goto err; | 1378 | if (!field_sqr(group, tmp, &point->Y, ctx)) goto err; |
| 1380 | 1379 | ||
| 1381 | ret = (0 == BN_cmp(tmp1, rh)); | 1380 | ret = (0 == BN_ucmp(tmp, rh)); |
| 1382 | 1381 | ||
| 1383 | err: | 1382 | err: |
| 1384 | BN_CTX_end(ctx); | 1383 | BN_CTX_end(ctx); |
diff --git a/src/lib/libssl/src/crypto/ec/ectest.c b/src/lib/libssl/src/crypto/ec/ectest.c index fcf969f3cf..6148d553f9 100644 --- a/src/lib/libssl/src/crypto/ec/ectest.c +++ b/src/lib/libssl/src/crypto/ec/ectest.c | |||
| @@ -1,4 +1,7 @@ | |||
| 1 | /* crypto/ec/ectest.c */ | 1 | /* crypto/ec/ectest.c */ |
| 2 | /* | ||
| 3 | * Originally written by Bodo Moeller for the OpenSSL project. | ||
| 4 | */ | ||
| 2 | /* ==================================================================== | 5 | /* ==================================================================== |
| 3 | * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. | 6 | * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. |
| 4 | * | 7 | * |
| @@ -52,6 +55,19 @@ | |||
| 52 | * Hudson (tjh@cryptsoft.com). | 55 | * Hudson (tjh@cryptsoft.com). |
| 53 | * | 56 | * |
| 54 | */ | 57 | */ |
| 58 | /* ==================================================================== | ||
| 59 | * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. | ||
| 60 | * | ||
| 61 | * Portions of the attached software ("Contribution") are developed by | ||
| 62 | * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project. | ||
| 63 | * | ||
| 64 | * The Contribution is licensed pursuant to the OpenSSL open source | ||
| 65 | * license provided above. | ||
| 66 | * | ||
| 67 | * The elliptic curve binary polynomial software is originally written by | ||
| 68 | * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories. | ||
| 69 | * | ||
| 70 | */ | ||
| 55 | 71 | ||
| 56 | #include <stdio.h> | 72 | #include <stdio.h> |
| 57 | #include <stdlib.h> | 73 | #include <stdlib.h> |
| @@ -74,6 +90,15 @@ int main(int argc, char * argv[]) { puts("Elliptic curves are disabled."); retur | |||
| 74 | #include <openssl/engine.h> | 90 | #include <openssl/engine.h> |
| 75 | #endif | 91 | #endif |
| 76 | #include <openssl/err.h> | 92 | #include <openssl/err.h> |
| 93 | #include <openssl/obj_mac.h> | ||
| 94 | #include <openssl/objects.h> | ||
| 95 | #include <openssl/rand.h> | ||
| 96 | #include <openssl/bn.h> | ||
| 97 | |||
| 98 | #if defined(_MSC_VER) && defined(_MIPS_) && (_MSC_VER/100==12) | ||
| 99 | /* suppress "too big too optimize" warning */ | ||
| 100 | #pragma warning(disable:4959) | ||
| 101 | #endif | ||
| 77 | 102 | ||
| 78 | #define ABORT do { \ | 103 | #define ABORT do { \ |
| 79 | fflush(stdout); \ | 104 | fflush(stdout); \ |
| @@ -82,47 +107,59 @@ int main(int argc, char * argv[]) { puts("Elliptic curves are disabled."); retur | |||
| 82 | EXIT(1); \ | 107 | EXIT(1); \ |
| 83 | } while (0) | 108 | } while (0) |
| 84 | 109 | ||
| 110 | void prime_field_tests(void); | ||
| 111 | void char2_field_tests(void); | ||
| 112 | void internal_curve_test(void); | ||
| 113 | |||
| 114 | #define TIMING_BASE_PT 0 | ||
| 115 | #define TIMING_RAND_PT 1 | ||
| 116 | #define TIMING_SIMUL 2 | ||
| 117 | |||
| 85 | #if 0 | 118 | #if 0 |
| 86 | static void timings(EC_GROUP *group, int multi, BN_CTX *ctx) | 119 | static void timings(EC_GROUP *group, int type, BN_CTX *ctx) |
| 87 | { | 120 | { |
| 88 | clock_t clck; | 121 | clock_t clck; |
| 89 | int i, j; | 122 | int i, j; |
| 90 | BIGNUM *s, *s0; | 123 | BIGNUM *s; |
| 124 | BIGNUM *r[10], *r0[10]; | ||
| 91 | EC_POINT *P; | 125 | EC_POINT *P; |
| 92 | 126 | ||
| 93 | s = BN_new(); | 127 | s = BN_new(); |
| 94 | s0 = BN_new(); | 128 | if (s == NULL) ABORT; |
| 95 | if (s == NULL || s0 == NULL) ABORT; | ||
| 96 | 129 | ||
| 97 | if (!EC_GROUP_get_curve_GFp(group, s, NULL, NULL, ctx)) ABORT; | 130 | fprintf(stdout, "Timings for %d-bit field, ", EC_GROUP_get_degree(group)); |
| 98 | fprintf(stdout, "Timings for %d bit prime, ", (int)BN_num_bits(s)); | ||
| 99 | if (!EC_GROUP_get_order(group, s, ctx)) ABORT; | 131 | if (!EC_GROUP_get_order(group, s, ctx)) ABORT; |
| 100 | fprintf(stdout, "%d bit scalars ", (int)BN_num_bits(s)); | 132 | fprintf(stdout, "%d-bit scalars ", (int)BN_num_bits(s)); |
| 101 | fflush(stdout); | 133 | fflush(stdout); |
| 102 | 134 | ||
| 103 | P = EC_POINT_new(group); | 135 | P = EC_POINT_new(group); |
| 104 | if (P == NULL) ABORT; | 136 | if (P == NULL) ABORT; |
| 105 | EC_POINT_copy(P, EC_GROUP_get0_generator(group)); | 137 | EC_POINT_copy(P, EC_GROUP_get0_generator(group)); |
| 106 | 138 | ||
| 107 | clck = clock(); | ||
| 108 | for (i = 0; i < 10; i++) | 139 | for (i = 0; i < 10; i++) |
| 109 | { | 140 | { |
| 110 | if (!BN_pseudo_rand(s, BN_num_bits(s), 0, 0)) ABORT; | 141 | if ((r[i] = BN_new()) == NULL) ABORT; |
| 111 | if (multi) | 142 | if (!BN_pseudo_rand(r[i], BN_num_bits(s), 0, 0)) ABORT; |
| 143 | if (type != TIMING_BASE_PT) | ||
| 112 | { | 144 | { |
| 113 | if (!BN_pseudo_rand(s0, BN_num_bits(s), 0, 0)) ABORT; | 145 | if ((r0[i] = BN_new()) == NULL) ABORT; |
| 146 | if (!BN_pseudo_rand(r0[i], BN_num_bits(s), 0, 0)) ABORT; | ||
| 114 | } | 147 | } |
| 148 | } | ||
| 149 | |||
| 150 | clck = clock(); | ||
| 151 | for (i = 0; i < 10; i++) | ||
| 152 | { | ||
| 115 | for (j = 0; j < 10; j++) | 153 | for (j = 0; j < 10; j++) |
| 116 | { | 154 | { |
| 117 | if (!EC_POINT_mul(group, P, s, multi ? P : NULL, multi ? s0 : NULL, ctx)) ABORT; | 155 | if (!EC_POINT_mul(group, P, (type != TIMING_RAND_PT) ? r[i] : NULL, |
| 156 | (type != TIMING_BASE_PT) ? P : NULL, (type != TIMING_BASE_PT) ? r0[i] : NULL, ctx)) ABORT; | ||
| 118 | } | 157 | } |
| 119 | fprintf(stdout, "."); | ||
| 120 | fflush(stdout); | ||
| 121 | } | 158 | } |
| 122 | fprintf(stdout, "\n"); | ||
| 123 | |||
| 124 | clck = clock() - clck; | 159 | clck = clock() - clck; |
| 125 | 160 | ||
| 161 | fprintf(stdout, "\n"); | ||
| 162 | |||
| 126 | #ifdef CLOCKS_PER_SEC | 163 | #ifdef CLOCKS_PER_SEC |
| 127 | /* "To determine the time in seconds, the value returned | 164 | /* "To determine the time in seconds, the value returned |
| 128 | * by the clock function should be divided by the value | 165 | * by the clock function should be divided by the value |
| @@ -136,43 +173,40 @@ static void timings(EC_GROUP *group, int multi, BN_CTX *ctx) | |||
| 136 | # define CLOCKS_PER_SEC 1 | 173 | # define CLOCKS_PER_SEC 1 |
| 137 | #endif | 174 | #endif |
| 138 | 175 | ||
| 139 | fprintf(stdout, "%i %s in %.2f " UNIT "\n", i*j, | 176 | if (type == TIMING_BASE_PT) { |
| 140 | multi ? "s*P+t*Q operations" : "point multiplications", | 177 | fprintf(stdout, "%i %s in %.2f " UNIT "\n", i*j, |
| 141 | (double)clck/CLOCKS_PER_SEC); | 178 | "base point multiplications", (double)clck/CLOCKS_PER_SEC); |
| 179 | } else if (type == TIMING_RAND_PT) { | ||
| 180 | fprintf(stdout, "%i %s in %.2f " UNIT "\n", i*j, | ||
| 181 | "random point multiplications", (double)clck/CLOCKS_PER_SEC); | ||
| 182 | } else if (type == TIMING_SIMUL) { | ||
| 183 | fprintf(stdout, "%i %s in %.2f " UNIT "\n", i*j, | ||
| 184 | "s*P+t*Q operations", (double)clck/CLOCKS_PER_SEC); | ||
| 185 | } | ||
| 142 | fprintf(stdout, "average: %.4f " UNIT "\n", (double)clck/(CLOCKS_PER_SEC*i*j)); | 186 | fprintf(stdout, "average: %.4f " UNIT "\n", (double)clck/(CLOCKS_PER_SEC*i*j)); |
| 143 | 187 | ||
| 144 | EC_POINT_free(P); | 188 | EC_POINT_free(P); |
| 145 | BN_free(s); | 189 | BN_free(s); |
| 146 | BN_free(s0); | 190 | for (i = 0; i < 10; i++) |
| 191 | { | ||
| 192 | BN_free(r[i]); | ||
| 193 | if (type != TIMING_BASE_PT) BN_free(r0[i]); | ||
| 194 | } | ||
| 147 | } | 195 | } |
| 148 | #endif | 196 | #endif |
| 149 | 197 | ||
| 150 | int main(int argc, char *argv[]) | 198 | void prime_field_tests() |
| 151 | { | 199 | { |
| 152 | BN_CTX *ctx = NULL; | 200 | BN_CTX *ctx = NULL; |
| 153 | BIGNUM *p, *a, *b; | 201 | BIGNUM *p, *a, *b; |
| 154 | EC_GROUP *group; | 202 | EC_GROUP *group; |
| 155 | EC_GROUP *P_192 = NULL, *P_224 = NULL, *P_256 = NULL, *P_384 = NULL, *P_521 = NULL; | 203 | EC_GROUP *P_160 = NULL, *P_192 = NULL, *P_224 = NULL, *P_256 = NULL, *P_384 = NULL, *P_521 = NULL; |
| 156 | EC_POINT *P, *Q, *R; | 204 | EC_POINT *P, *Q, *R; |
| 157 | BIGNUM *x, *y, *z; | 205 | BIGNUM *x, *y, *z; |
| 158 | unsigned char buf[100]; | 206 | unsigned char buf[100]; |
| 159 | size_t i, len; | 207 | size_t i, len; |
| 160 | int k; | 208 | int k; |
| 161 | 209 | ||
| 162 | /* enable memory leak checking unless explicitly disabled */ | ||
| 163 | if (!((getenv("OPENSSL_DEBUG_MEMORY") != NULL) && (0 == strcmp(getenv("OPENSSL_DEBUG_MEMORY"), "off")))) | ||
| 164 | { | ||
| 165 | CRYPTO_malloc_debug_init(); | ||
| 166 | CRYPTO_set_mem_debug_options(V_CRYPTO_MDEBUG_ALL); | ||
| 167 | } | ||
| 168 | else | ||
| 169 | { | ||
| 170 | /* OPENSSL_DEBUG_MEMORY=off */ | ||
| 171 | CRYPTO_set_mem_debug_functions(0, 0, 0, 0, 0); | ||
| 172 | } | ||
| 173 | CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); | ||
| 174 | ERR_load_crypto_strings(); | ||
| 175 | |||
| 176 | #if 1 /* optional */ | 210 | #if 1 /* optional */ |
| 177 | ctx = BN_CTX_new(); | 211 | ctx = BN_CTX_new(); |
| 178 | if (!ctx) ABORT; | 212 | if (!ctx) ABORT; |
| @@ -317,10 +351,56 @@ int main(int argc, char *argv[]) | |||
| 317 | if (0 != EC_POINT_cmp(group, P, R, ctx)) ABORT; | 351 | if (0 != EC_POINT_cmp(group, P, R, ctx)) ABORT; |
| 318 | 352 | ||
| 319 | 353 | ||
| 354 | /* Curve secp160r1 (Certicom Research SEC 2 Version 1.0, section 2.4.2, 2000) | ||
| 355 | * -- not a NIST curve, but commonly used */ | ||
| 356 | |||
| 357 | if (!BN_hex2bn(&p, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFF")) ABORT; | ||
| 358 | if (1 != BN_is_prime_ex(p, BN_prime_checks, ctx, NULL)) ABORT; | ||
| 359 | if (!BN_hex2bn(&a, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFC")) ABORT; | ||
| 360 | if (!BN_hex2bn(&b, "1C97BEFC54BD7A8B65ACF89F81D4D4ADC565FA45")) ABORT; | ||
| 361 | if (!EC_GROUP_set_curve_GFp(group, p, a, b, ctx)) ABORT; | ||
| 362 | |||
| 363 | if (!BN_hex2bn(&x, "4A96B5688EF573284664698968C38BB913CBFC82")) ABORT; | ||
| 364 | if (!BN_hex2bn(&y, "23a628553168947d59dcc912042351377ac5fb32")) ABORT; | ||
| 365 | if (!EC_POINT_set_affine_coordinates_GFp(group, P, x, y, ctx)) ABORT; | ||
| 366 | if (!EC_POINT_is_on_curve(group, P, ctx)) ABORT; | ||
| 367 | if (!BN_hex2bn(&z, "0100000000000000000001F4C8F927AED3CA752257")) ABORT; | ||
| 368 | if (!EC_GROUP_set_generator(group, P, z, BN_value_one())) ABORT; | ||
| 369 | |||
| 370 | if (!EC_POINT_get_affine_coordinates_GFp(group, P, x, y, ctx)) ABORT; | ||
| 371 | fprintf(stdout, "\nSEC2 curve secp160r1 -- Generator:\n x = 0x"); | ||
| 372 | BN_print_fp(stdout, x); | ||
| 373 | fprintf(stdout, "\n y = 0x"); | ||
| 374 | BN_print_fp(stdout, y); | ||
| 375 | fprintf(stdout, "\n"); | ||
| 376 | /* G_y value taken from the standard: */ | ||
| 377 | if (!BN_hex2bn(&z, "23a628553168947d59dcc912042351377ac5fb32")) ABORT; | ||
| 378 | if (0 != BN_cmp(y, z)) ABORT; | ||
| 379 | |||
| 380 | fprintf(stdout, "verify degree ..."); | ||
| 381 | if (EC_GROUP_get_degree(group) != 160) ABORT; | ||
| 382 | fprintf(stdout, " ok\n"); | ||
| 383 | |||
| 384 | fprintf(stdout, "verify group order ..."); | ||
| 385 | fflush(stdout); | ||
| 386 | if (!EC_GROUP_get_order(group, z, ctx)) ABORT; | ||
| 387 | if (!EC_POINT_mul(group, Q, z, NULL, NULL, ctx)) ABORT; | ||
| 388 | if (!EC_POINT_is_at_infinity(group, Q)) ABORT; | ||
| 389 | fprintf(stdout, "."); | ||
| 390 | fflush(stdout); | ||
| 391 | if (!EC_GROUP_precompute_mult(group, ctx)) ABORT; | ||
| 392 | if (!EC_POINT_mul(group, Q, z, NULL, NULL, ctx)) ABORT; | ||
| 393 | if (!EC_POINT_is_at_infinity(group, Q)) ABORT; | ||
| 394 | fprintf(stdout, " ok\n"); | ||
| 395 | |||
| 396 | if (!(P_160 = EC_GROUP_new(EC_GROUP_method_of(group)))) ABORT; | ||
| 397 | if (!EC_GROUP_copy(P_160, group)) ABORT; | ||
| 398 | |||
| 399 | |||
| 320 | /* Curve P-192 (FIPS PUB 186-2, App. 6) */ | 400 | /* Curve P-192 (FIPS PUB 186-2, App. 6) */ |
| 321 | 401 | ||
| 322 | if (!BN_hex2bn(&p, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF")) ABORT; | 402 | if (!BN_hex2bn(&p, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF")) ABORT; |
| 323 | if (1 != BN_is_prime(p, BN_prime_checks, 0, ctx, NULL)) ABORT; | 403 | if (1 != BN_is_prime_ex(p, BN_prime_checks, ctx, NULL)) ABORT; |
| 324 | if (!BN_hex2bn(&a, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC")) ABORT; | 404 | if (!BN_hex2bn(&a, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC")) ABORT; |
| 325 | if (!BN_hex2bn(&b, "64210519E59C80E70FA7E9AB72243049FEB8DEECC146B9B1")) ABORT; | 405 | if (!BN_hex2bn(&b, "64210519E59C80E70FA7E9AB72243049FEB8DEECC146B9B1")) ABORT; |
| 326 | if (!EC_GROUP_set_curve_GFp(group, p, a, b, ctx)) ABORT; | 406 | if (!EC_GROUP_set_curve_GFp(group, p, a, b, ctx)) ABORT; |
| @@ -340,6 +420,10 @@ int main(int argc, char *argv[]) | |||
| 340 | /* G_y value taken from the standard: */ | 420 | /* G_y value taken from the standard: */ |
| 341 | if (!BN_hex2bn(&z, "07192B95FFC8DA78631011ED6B24CDD573F977A11E794811")) ABORT; | 421 | if (!BN_hex2bn(&z, "07192B95FFC8DA78631011ED6B24CDD573F977A11E794811")) ABORT; |
| 342 | if (0 != BN_cmp(y, z)) ABORT; | 422 | if (0 != BN_cmp(y, z)) ABORT; |
| 423 | |||
| 424 | fprintf(stdout, "verify degree ..."); | ||
| 425 | if (EC_GROUP_get_degree(group) != 192) ABORT; | ||
| 426 | fprintf(stdout, " ok\n"); | ||
| 343 | 427 | ||
| 344 | fprintf(stdout, "verify group order ..."); | 428 | fprintf(stdout, "verify group order ..."); |
| 345 | fflush(stdout); | 429 | fflush(stdout); |
| @@ -348,7 +432,9 @@ int main(int argc, char *argv[]) | |||
| 348 | if (!EC_POINT_is_at_infinity(group, Q)) ABORT; | 432 | if (!EC_POINT_is_at_infinity(group, Q)) ABORT; |
| 349 | fprintf(stdout, "."); | 433 | fprintf(stdout, "."); |
| 350 | fflush(stdout); | 434 | fflush(stdout); |
| 435 | #if 0 | ||
| 351 | if (!EC_GROUP_precompute_mult(group, ctx)) ABORT; | 436 | if (!EC_GROUP_precompute_mult(group, ctx)) ABORT; |
| 437 | #endif | ||
| 352 | if (!EC_POINT_mul(group, Q, z, NULL, NULL, ctx)) ABORT; | 438 | if (!EC_POINT_mul(group, Q, z, NULL, NULL, ctx)) ABORT; |
| 353 | if (!EC_POINT_is_at_infinity(group, Q)) ABORT; | 439 | if (!EC_POINT_is_at_infinity(group, Q)) ABORT; |
| 354 | fprintf(stdout, " ok\n"); | 440 | fprintf(stdout, " ok\n"); |
| @@ -360,7 +446,7 @@ int main(int argc, char *argv[]) | |||
| 360 | /* Curve P-224 (FIPS PUB 186-2, App. 6) */ | 446 | /* Curve P-224 (FIPS PUB 186-2, App. 6) */ |
| 361 | 447 | ||
| 362 | if (!BN_hex2bn(&p, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF000000000000000000000001")) ABORT; | 448 | if (!BN_hex2bn(&p, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF000000000000000000000001")) ABORT; |
| 363 | if (1 != BN_is_prime(p, BN_prime_checks, 0, ctx, NULL)) ABORT; | 449 | if (1 != BN_is_prime_ex(p, BN_prime_checks, ctx, NULL)) ABORT; |
| 364 | if (!BN_hex2bn(&a, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFE")) ABORT; | 450 | if (!BN_hex2bn(&a, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFE")) ABORT; |
| 365 | if (!BN_hex2bn(&b, "B4050A850C04B3ABF54132565044B0B7D7BFD8BA270B39432355FFB4")) ABORT; | 451 | if (!BN_hex2bn(&b, "B4050A850C04B3ABF54132565044B0B7D7BFD8BA270B39432355FFB4")) ABORT; |
| 366 | if (!EC_GROUP_set_curve_GFp(group, p, a, b, ctx)) ABORT; | 452 | if (!EC_GROUP_set_curve_GFp(group, p, a, b, ctx)) ABORT; |
| @@ -381,6 +467,10 @@ int main(int argc, char *argv[]) | |||
| 381 | if (!BN_hex2bn(&z, "BD376388B5F723FB4C22DFE6CD4375A05A07476444D5819985007E34")) ABORT; | 467 | if (!BN_hex2bn(&z, "BD376388B5F723FB4C22DFE6CD4375A05A07476444D5819985007E34")) ABORT; |
| 382 | if (0 != BN_cmp(y, z)) ABORT; | 468 | if (0 != BN_cmp(y, z)) ABORT; |
| 383 | 469 | ||
| 470 | fprintf(stdout, "verify degree ..."); | ||
| 471 | if (EC_GROUP_get_degree(group) != 224) ABORT; | ||
| 472 | fprintf(stdout, " ok\n"); | ||
| 473 | |||
| 384 | fprintf(stdout, "verify group order ..."); | 474 | fprintf(stdout, "verify group order ..."); |
| 385 | fflush(stdout); | 475 | fflush(stdout); |
| 386 | if (!EC_GROUP_get_order(group, z, ctx)) ABORT; | 476 | if (!EC_GROUP_get_order(group, z, ctx)) ABORT; |
| @@ -388,7 +478,9 @@ int main(int argc, char *argv[]) | |||
| 388 | if (!EC_POINT_is_at_infinity(group, Q)) ABORT; | 478 | if (!EC_POINT_is_at_infinity(group, Q)) ABORT; |
| 389 | fprintf(stdout, "."); | 479 | fprintf(stdout, "."); |
| 390 | fflush(stdout); | 480 | fflush(stdout); |
| 481 | #if 0 | ||
| 391 | if (!EC_GROUP_precompute_mult(group, ctx)) ABORT; | 482 | if (!EC_GROUP_precompute_mult(group, ctx)) ABORT; |
| 483 | #endif | ||
| 392 | if (!EC_POINT_mul(group, Q, z, NULL, NULL, ctx)) ABORT; | 484 | if (!EC_POINT_mul(group, Q, z, NULL, NULL, ctx)) ABORT; |
| 393 | if (!EC_POINT_is_at_infinity(group, Q)) ABORT; | 485 | if (!EC_POINT_is_at_infinity(group, Q)) ABORT; |
| 394 | fprintf(stdout, " ok\n"); | 486 | fprintf(stdout, " ok\n"); |
| @@ -400,7 +492,7 @@ int main(int argc, char *argv[]) | |||
| 400 | /* Curve P-256 (FIPS PUB 186-2, App. 6) */ | 492 | /* Curve P-256 (FIPS PUB 186-2, App. 6) */ |
| 401 | 493 | ||
| 402 | if (!BN_hex2bn(&p, "FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFF")) ABORT; | 494 | if (!BN_hex2bn(&p, "FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFF")) ABORT; |
| 403 | if (1 != BN_is_prime(p, BN_prime_checks, 0, ctx, NULL)) ABORT; | 495 | if (1 != BN_is_prime_ex(p, BN_prime_checks, ctx, NULL)) ABORT; |
| 404 | if (!BN_hex2bn(&a, "FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFC")) ABORT; | 496 | if (!BN_hex2bn(&a, "FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFC")) ABORT; |
| 405 | if (!BN_hex2bn(&b, "5AC635D8AA3A93E7B3EBBD55769886BC651D06B0CC53B0F63BCE3C3E27D2604B")) ABORT; | 497 | if (!BN_hex2bn(&b, "5AC635D8AA3A93E7B3EBBD55769886BC651D06B0CC53B0F63BCE3C3E27D2604B")) ABORT; |
| 406 | if (!EC_GROUP_set_curve_GFp(group, p, a, b, ctx)) ABORT; | 498 | if (!EC_GROUP_set_curve_GFp(group, p, a, b, ctx)) ABORT; |
| @@ -422,6 +514,10 @@ int main(int argc, char *argv[]) | |||
| 422 | if (!BN_hex2bn(&z, "4FE342E2FE1A7F9B8EE7EB4A7C0F9E162BCE33576B315ECECBB6406837BF51F5")) ABORT; | 514 | if (!BN_hex2bn(&z, "4FE342E2FE1A7F9B8EE7EB4A7C0F9E162BCE33576B315ECECBB6406837BF51F5")) ABORT; |
| 423 | if (0 != BN_cmp(y, z)) ABORT; | 515 | if (0 != BN_cmp(y, z)) ABORT; |
| 424 | 516 | ||
| 517 | fprintf(stdout, "verify degree ..."); | ||
| 518 | if (EC_GROUP_get_degree(group) != 256) ABORT; | ||
| 519 | fprintf(stdout, " ok\n"); | ||
| 520 | |||
| 425 | fprintf(stdout, "verify group order ..."); | 521 | fprintf(stdout, "verify group order ..."); |
| 426 | fflush(stdout); | 522 | fflush(stdout); |
| 427 | if (!EC_GROUP_get_order(group, z, ctx)) ABORT; | 523 | if (!EC_GROUP_get_order(group, z, ctx)) ABORT; |
| @@ -429,7 +525,9 @@ int main(int argc, char *argv[]) | |||
| 429 | if (!EC_POINT_is_at_infinity(group, Q)) ABORT; | 525 | if (!EC_POINT_is_at_infinity(group, Q)) ABORT; |
| 430 | fprintf(stdout, "."); | 526 | fprintf(stdout, "."); |
| 431 | fflush(stdout); | 527 | fflush(stdout); |
| 528 | #if 0 | ||
| 432 | if (!EC_GROUP_precompute_mult(group, ctx)) ABORT; | 529 | if (!EC_GROUP_precompute_mult(group, ctx)) ABORT; |
| 530 | #endif | ||
| 433 | if (!EC_POINT_mul(group, Q, z, NULL, NULL, ctx)) ABORT; | 531 | if (!EC_POINT_mul(group, Q, z, NULL, NULL, ctx)) ABORT; |
| 434 | if (!EC_POINT_is_at_infinity(group, Q)) ABORT; | 532 | if (!EC_POINT_is_at_infinity(group, Q)) ABORT; |
| 435 | fprintf(stdout, " ok\n"); | 533 | fprintf(stdout, " ok\n"); |
| @@ -442,7 +540,7 @@ int main(int argc, char *argv[]) | |||
| 442 | 540 | ||
| 443 | if (!BN_hex2bn(&p, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" | 541 | if (!BN_hex2bn(&p, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" |
| 444 | "FFFFFFFFFFFFFFFFFEFFFFFFFF0000000000000000FFFFFFFF")) ABORT; | 542 | "FFFFFFFFFFFFFFFFFEFFFFFFFF0000000000000000FFFFFFFF")) ABORT; |
| 445 | if (1 != BN_is_prime(p, BN_prime_checks, 0, ctx, NULL)) ABORT; | 543 | if (1 != BN_is_prime_ex(p, BN_prime_checks, ctx, NULL)) ABORT; |
| 446 | if (!BN_hex2bn(&a, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" | 544 | if (!BN_hex2bn(&a, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" |
| 447 | "FFFFFFFFFFFFFFFFFEFFFFFFFF0000000000000000FFFFFFFC")) ABORT; | 545 | "FFFFFFFFFFFFFFFFFEFFFFFFFF0000000000000000FFFFFFFC")) ABORT; |
| 448 | if (!BN_hex2bn(&b, "B3312FA7E23EE7E4988E056BE3F82D19181D9C6EFE8141" | 546 | if (!BN_hex2bn(&b, "B3312FA7E23EE7E4988E056BE3F82D19181D9C6EFE8141" |
| @@ -468,6 +566,10 @@ int main(int argc, char *argv[]) | |||
| 468 | "7CE9DA3113B5F0B8C00A60B1CE1D7E819D7A431D7C90EA0E5F")) ABORT; | 566 | "7CE9DA3113B5F0B8C00A60B1CE1D7E819D7A431D7C90EA0E5F")) ABORT; |
| 469 | if (0 != BN_cmp(y, z)) ABORT; | 567 | if (0 != BN_cmp(y, z)) ABORT; |
| 470 | 568 | ||
| 569 | fprintf(stdout, "verify degree ..."); | ||
| 570 | if (EC_GROUP_get_degree(group) != 384) ABORT; | ||
| 571 | fprintf(stdout, " ok\n"); | ||
| 572 | |||
| 471 | fprintf(stdout, "verify group order ..."); | 573 | fprintf(stdout, "verify group order ..."); |
| 472 | fflush(stdout); | 574 | fflush(stdout); |
| 473 | if (!EC_GROUP_get_order(group, z, ctx)) ABORT; | 575 | if (!EC_GROUP_get_order(group, z, ctx)) ABORT; |
| @@ -475,7 +577,9 @@ int main(int argc, char *argv[]) | |||
| 475 | if (!EC_POINT_is_at_infinity(group, Q)) ABORT; | 577 | if (!EC_POINT_is_at_infinity(group, Q)) ABORT; |
| 476 | fprintf(stdout, "."); | 578 | fprintf(stdout, "."); |
| 477 | fflush(stdout); | 579 | fflush(stdout); |
| 580 | #if 0 | ||
| 478 | if (!EC_GROUP_precompute_mult(group, ctx)) ABORT; | 581 | if (!EC_GROUP_precompute_mult(group, ctx)) ABORT; |
| 582 | #endif | ||
| 479 | if (!EC_POINT_mul(group, Q, z, NULL, NULL, ctx)) ABORT; | 583 | if (!EC_POINT_mul(group, Q, z, NULL, NULL, ctx)) ABORT; |
| 480 | if (!EC_POINT_is_at_infinity(group, Q)) ABORT; | 584 | if (!EC_POINT_is_at_infinity(group, Q)) ABORT; |
| 481 | fprintf(stdout, " ok\n"); | 585 | fprintf(stdout, " ok\n"); |
| @@ -489,7 +593,7 @@ int main(int argc, char *argv[]) | |||
| 489 | if (!BN_hex2bn(&p, "1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" | 593 | if (!BN_hex2bn(&p, "1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" |
| 490 | "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" | 594 | "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" |
| 491 | "FFFFFFFFFFFFFFFFFFFFFFFFFFFF")) ABORT; | 595 | "FFFFFFFFFFFFFFFFFFFFFFFFFFFF")) ABORT; |
| 492 | if (1 != BN_is_prime(p, BN_prime_checks, 0, ctx, NULL)) ABORT; | 596 | if (1 != BN_is_prime_ex(p, BN_prime_checks, ctx, NULL)) ABORT; |
| 493 | if (!BN_hex2bn(&a, "1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" | 597 | if (!BN_hex2bn(&a, "1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" |
| 494 | "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" | 598 | "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" |
| 495 | "FFFFFFFFFFFFFFFFFFFFFFFFFFFC")) ABORT; | 599 | "FFFFFFFFFFFFFFFFFFFFFFFFFFFC")) ABORT; |
| @@ -520,6 +624,10 @@ int main(int argc, char *argv[]) | |||
| 520 | "7086A272C24088BE94769FD16650")) ABORT; | 624 | "7086A272C24088BE94769FD16650")) ABORT; |
| 521 | if (0 != BN_cmp(y, z)) ABORT; | 625 | if (0 != BN_cmp(y, z)) ABORT; |
| 522 | 626 | ||
| 627 | fprintf(stdout, "verify degree ..."); | ||
| 628 | if (EC_GROUP_get_degree(group) != 521) ABORT; | ||
| 629 | fprintf(stdout, " ok\n"); | ||
| 630 | |||
| 523 | fprintf(stdout, "verify group order ..."); | 631 | fprintf(stdout, "verify group order ..."); |
| 524 | fflush(stdout); | 632 | fflush(stdout); |
| 525 | if (!EC_GROUP_get_order(group, z, ctx)) ABORT; | 633 | if (!EC_GROUP_get_order(group, z, ctx)) ABORT; |
| @@ -527,7 +635,9 @@ int main(int argc, char *argv[]) | |||
| 527 | if (!EC_POINT_is_at_infinity(group, Q)) ABORT; | 635 | if (!EC_POINT_is_at_infinity(group, Q)) ABORT; |
| 528 | fprintf(stdout, "."); | 636 | fprintf(stdout, "."); |
| 529 | fflush(stdout); | 637 | fflush(stdout); |
| 638 | #if 0 | ||
| 530 | if (!EC_GROUP_precompute_mult(group, ctx)) ABORT; | 639 | if (!EC_GROUP_precompute_mult(group, ctx)) ABORT; |
| 640 | #endif | ||
| 531 | if (!EC_POINT_mul(group, Q, z, NULL, NULL, ctx)) ABORT; | 641 | if (!EC_POINT_mul(group, Q, z, NULL, NULL, ctx)) ABORT; |
| 532 | if (!EC_POINT_is_at_infinity(group, Q)) ABORT; | 642 | if (!EC_POINT_is_at_infinity(group, Q)) ABORT; |
| 533 | fprintf(stdout, " ok\n"); | 643 | fprintf(stdout, " ok\n"); |
| @@ -549,13 +659,15 @@ int main(int argc, char *argv[]) | |||
| 549 | if (!EC_POINT_is_at_infinity(group, R)) ABORT; /* R = P + 2Q */ | 659 | if (!EC_POINT_is_at_infinity(group, R)) ABORT; /* R = P + 2Q */ |
| 550 | 660 | ||
| 551 | { | 661 | { |
| 552 | const EC_POINT *points[3]; | 662 | const EC_POINT *points[4]; |
| 553 | const BIGNUM *scalars[3]; | 663 | const BIGNUM *scalars[4]; |
| 664 | BIGNUM scalar3; | ||
| 554 | 665 | ||
| 555 | if (EC_POINT_is_at_infinity(group, Q)) ABORT; | 666 | if (EC_POINT_is_at_infinity(group, Q)) ABORT; |
| 556 | points[0] = Q; | 667 | points[0] = Q; |
| 557 | points[1] = Q; | 668 | points[1] = Q; |
| 558 | points[2] = Q; | 669 | points[2] = Q; |
| 670 | points[3] = Q; | ||
| 559 | 671 | ||
| 560 | if (!BN_add(y, z, BN_value_one())) ABORT; | 672 | if (!BN_add(y, z, BN_value_one())) ABORT; |
| 561 | if (BN_is_odd(y)) ABORT; | 673 | if (BN_is_odd(y)) ABORT; |
| @@ -577,7 +689,7 @@ int main(int argc, char *argv[]) | |||
| 577 | 689 | ||
| 578 | if (!BN_pseudo_rand(y, BN_num_bits(y), 0, 0)) ABORT; | 690 | if (!BN_pseudo_rand(y, BN_num_bits(y), 0, 0)) ABORT; |
| 579 | if (!BN_add(z, z, y)) ABORT; | 691 | if (!BN_add(z, z, y)) ABORT; |
| 580 | z->neg = 1; | 692 | BN_set_negative(z, 1); |
| 581 | scalars[0] = y; | 693 | scalars[0] = y; |
| 582 | scalars[1] = z; /* z = -(order + y) */ | 694 | scalars[1] = z; /* z = -(order + y) */ |
| 583 | 695 | ||
| @@ -589,29 +701,43 @@ int main(int argc, char *argv[]) | |||
| 589 | 701 | ||
| 590 | if (!BN_pseudo_rand(x, BN_num_bits(y) - 1, 0, 0)) ABORT; | 702 | if (!BN_pseudo_rand(x, BN_num_bits(y) - 1, 0, 0)) ABORT; |
| 591 | if (!BN_add(z, x, y)) ABORT; | 703 | if (!BN_add(z, x, y)) ABORT; |
| 592 | z->neg = 1; | 704 | BN_set_negative(z, 1); |
| 593 | scalars[0] = x; | 705 | scalars[0] = x; |
| 594 | scalars[1] = y; | 706 | scalars[1] = y; |
| 595 | scalars[2] = z; /* z = -(x+y) */ | 707 | scalars[2] = z; /* z = -(x+y) */ |
| 596 | 708 | ||
| 597 | if (!EC_POINTs_mul(group, P, NULL, 3, points, scalars, ctx)) ABORT; | 709 | BN_init(&scalar3); |
| 710 | BN_zero(&scalar3); | ||
| 711 | scalars[3] = &scalar3; | ||
| 712 | |||
| 713 | if (!EC_POINTs_mul(group, P, NULL, 4, points, scalars, ctx)) ABORT; | ||
| 598 | if (!EC_POINT_is_at_infinity(group, P)) ABORT; | 714 | if (!EC_POINT_is_at_infinity(group, P)) ABORT; |
| 599 | 715 | ||
| 600 | fprintf(stdout, " ok\n\n"); | 716 | fprintf(stdout, " ok\n\n"); |
| 717 | |||
| 718 | BN_free(&scalar3); | ||
| 601 | } | 719 | } |
| 602 | 720 | ||
| 603 | 721 | ||
| 604 | #if 0 | 722 | #if 0 |
| 605 | timings(P_192, 0, ctx); | 723 | timings(P_160, TIMING_BASE_PT, ctx); |
| 606 | timings(P_192, 1, ctx); | 724 | timings(P_160, TIMING_RAND_PT, ctx); |
| 607 | timings(P_224, 0, ctx); | 725 | timings(P_160, TIMING_SIMUL, ctx); |
| 608 | timings(P_224, 1, ctx); | 726 | timings(P_192, TIMING_BASE_PT, ctx); |
| 609 | timings(P_256, 0, ctx); | 727 | timings(P_192, TIMING_RAND_PT, ctx); |
| 610 | timings(P_256, 1, ctx); | 728 | timings(P_192, TIMING_SIMUL, ctx); |
| 611 | timings(P_384, 0, ctx); | 729 | timings(P_224, TIMING_BASE_PT, ctx); |
| 612 | timings(P_384, 1, ctx); | 730 | timings(P_224, TIMING_RAND_PT, ctx); |
| 613 | timings(P_521, 0, ctx); | 731 | timings(P_224, TIMING_SIMUL, ctx); |
| 614 | timings(P_521, 1, ctx); | 732 | timings(P_256, TIMING_BASE_PT, ctx); |
| 733 | timings(P_256, TIMING_RAND_PT, ctx); | ||
| 734 | timings(P_256, TIMING_SIMUL, ctx); | ||
| 735 | timings(P_384, TIMING_BASE_PT, ctx); | ||
| 736 | timings(P_384, TIMING_RAND_PT, ctx); | ||
| 737 | timings(P_384, TIMING_SIMUL, ctx); | ||
| 738 | timings(P_521, TIMING_BASE_PT, ctx); | ||
| 739 | timings(P_521, TIMING_RAND_PT, ctx); | ||
| 740 | timings(P_521, TIMING_SIMUL, ctx); | ||
| 615 | #endif | 741 | #endif |
| 616 | 742 | ||
| 617 | 743 | ||
| @@ -624,12 +750,587 @@ int main(int argc, char *argv[]) | |||
| 624 | EC_POINT_free(R); | 750 | EC_POINT_free(R); |
| 625 | BN_free(x); BN_free(y); BN_free(z); | 751 | BN_free(x); BN_free(y); BN_free(z); |
| 626 | 752 | ||
| 753 | if (P_160) EC_GROUP_free(P_160); | ||
| 627 | if (P_192) EC_GROUP_free(P_192); | 754 | if (P_192) EC_GROUP_free(P_192); |
| 628 | if (P_224) EC_GROUP_free(P_224); | 755 | if (P_224) EC_GROUP_free(P_224); |
| 629 | if (P_256) EC_GROUP_free(P_256); | 756 | if (P_256) EC_GROUP_free(P_256); |
| 630 | if (P_384) EC_GROUP_free(P_384); | 757 | if (P_384) EC_GROUP_free(P_384); |
| 631 | if (P_521) EC_GROUP_free(P_521); | 758 | if (P_521) EC_GROUP_free(P_521); |
| 632 | 759 | ||
| 760 | } | ||
| 761 | |||
| 762 | /* Change test based on whether binary point compression is enabled or not. */ | ||
| 763 | #ifdef OPENSSL_EC_BIN_PT_COMP | ||
| 764 | #define CHAR2_CURVE_TEST_INTERNAL(_name, _p, _a, _b, _x, _y, _y_bit, _order, _cof, _degree, _variable) \ | ||
| 765 | if (!BN_hex2bn(&x, _x)) ABORT; \ | ||
| 766 | if (!EC_POINT_set_compressed_coordinates_GF2m(group, P, x, _y_bit, ctx)) ABORT; \ | ||
| 767 | if (!EC_POINT_is_on_curve(group, P, ctx)) ABORT; \ | ||
| 768 | if (!BN_hex2bn(&z, _order)) ABORT; \ | ||
| 769 | if (!BN_hex2bn(&cof, _cof)) ABORT; \ | ||
| 770 | if (!EC_GROUP_set_generator(group, P, z, cof)) ABORT; \ | ||
| 771 | if (!EC_POINT_get_affine_coordinates_GF2m(group, P, x, y, ctx)) ABORT; \ | ||
| 772 | fprintf(stdout, "\n%s -- Generator:\n x = 0x", _name); \ | ||
| 773 | BN_print_fp(stdout, x); \ | ||
| 774 | fprintf(stdout, "\n y = 0x"); \ | ||
| 775 | BN_print_fp(stdout, y); \ | ||
| 776 | fprintf(stdout, "\n"); \ | ||
| 777 | /* G_y value taken from the standard: */ \ | ||
| 778 | if (!BN_hex2bn(&z, _y)) ABORT; \ | ||
| 779 | if (0 != BN_cmp(y, z)) ABORT; | ||
| 780 | #else | ||
| 781 | #define CHAR2_CURVE_TEST_INTERNAL(_name, _p, _a, _b, _x, _y, _y_bit, _order, _cof, _degree, _variable) \ | ||
| 782 | if (!BN_hex2bn(&x, _x)) ABORT; \ | ||
| 783 | if (!BN_hex2bn(&y, _y)) ABORT; \ | ||
| 784 | if (!EC_POINT_set_affine_coordinates_GF2m(group, P, x, y, ctx)) ABORT; \ | ||
| 785 | if (!EC_POINT_is_on_curve(group, P, ctx)) ABORT; \ | ||
| 786 | if (!BN_hex2bn(&z, _order)) ABORT; \ | ||
| 787 | if (!BN_hex2bn(&cof, _cof)) ABORT; \ | ||
| 788 | if (!EC_GROUP_set_generator(group, P, z, cof)) ABORT; \ | ||
| 789 | fprintf(stdout, "\n%s -- Generator:\n x = 0x", _name); \ | ||
| 790 | BN_print_fp(stdout, x); \ | ||
| 791 | fprintf(stdout, "\n y = 0x"); \ | ||
| 792 | BN_print_fp(stdout, y); \ | ||
| 793 | fprintf(stdout, "\n"); | ||
| 794 | #endif | ||
| 795 | |||
| 796 | #define CHAR2_CURVE_TEST(_name, _p, _a, _b, _x, _y, _y_bit, _order, _cof, _degree, _variable) \ | ||
| 797 | if (!BN_hex2bn(&p, _p)) ABORT; \ | ||
| 798 | if (!BN_hex2bn(&a, _a)) ABORT; \ | ||
| 799 | if (!BN_hex2bn(&b, _b)) ABORT; \ | ||
| 800 | if (!EC_GROUP_set_curve_GF2m(group, p, a, b, ctx)) ABORT; \ | ||
| 801 | CHAR2_CURVE_TEST_INTERNAL(_name, _p, _a, _b, _x, _y, _y_bit, _order, _cof, _degree, _variable) \ | ||
| 802 | fprintf(stdout, "verify degree ..."); \ | ||
| 803 | if (EC_GROUP_get_degree(group) != _degree) ABORT; \ | ||
| 804 | fprintf(stdout, " ok\n"); \ | ||
| 805 | fprintf(stdout, "verify group order ..."); \ | ||
| 806 | fflush(stdout); \ | ||
| 807 | if (!EC_GROUP_get_order(group, z, ctx)) ABORT; \ | ||
| 808 | if (!EC_POINT_mul(group, Q, z, NULL, NULL, ctx)) ABORT; \ | ||
| 809 | if (!EC_POINT_is_at_infinity(group, Q)) ABORT; \ | ||
| 810 | fprintf(stdout, "."); \ | ||
| 811 | fflush(stdout); \ | ||
| 812 | /* if (!EC_GROUP_precompute_mult(group, ctx)) ABORT; */ \ | ||
| 813 | if (!EC_POINT_mul(group, Q, z, NULL, NULL, ctx)) ABORT; \ | ||
| 814 | if (!EC_POINT_is_at_infinity(group, Q)) ABORT; \ | ||
| 815 | fprintf(stdout, " ok\n"); \ | ||
| 816 | if (!(_variable = EC_GROUP_new(EC_GROUP_method_of(group)))) ABORT; \ | ||
| 817 | if (!EC_GROUP_copy(_variable, group)) ABORT; | ||
| 818 | |||
| 819 | void char2_field_tests() | ||
| 820 | { | ||
| 821 | BN_CTX *ctx = NULL; | ||
| 822 | BIGNUM *p, *a, *b; | ||
| 823 | EC_GROUP *group; | ||
| 824 | EC_GROUP *C2_K163 = NULL, *C2_K233 = NULL, *C2_K283 = NULL, *C2_K409 = NULL, *C2_K571 = NULL; | ||
| 825 | EC_GROUP *C2_B163 = NULL, *C2_B233 = NULL, *C2_B283 = NULL, *C2_B409 = NULL, *C2_B571 = NULL; | ||
| 826 | EC_POINT *P, *Q, *R; | ||
| 827 | BIGNUM *x, *y, *z, *cof; | ||
| 828 | unsigned char buf[100]; | ||
| 829 | size_t i, len; | ||
| 830 | int k; | ||
| 831 | |||
| 832 | #if 1 /* optional */ | ||
| 833 | ctx = BN_CTX_new(); | ||
| 834 | if (!ctx) ABORT; | ||
| 835 | #endif | ||
| 836 | |||
| 837 | p = BN_new(); | ||
| 838 | a = BN_new(); | ||
| 839 | b = BN_new(); | ||
| 840 | if (!p || !a || !b) ABORT; | ||
| 841 | |||
| 842 | if (!BN_hex2bn(&p, "13")) ABORT; | ||
| 843 | if (!BN_hex2bn(&a, "3")) ABORT; | ||
| 844 | if (!BN_hex2bn(&b, "1")) ABORT; | ||
| 845 | |||
| 846 | group = EC_GROUP_new(EC_GF2m_simple_method()); /* applications should use EC_GROUP_new_curve_GF2m | ||
| 847 | * so that the library gets to choose the EC_METHOD */ | ||
| 848 | if (!group) ABORT; | ||
| 849 | if (!EC_GROUP_set_curve_GF2m(group, p, a, b, ctx)) ABORT; | ||
| 850 | |||
| 851 | { | ||
| 852 | EC_GROUP *tmp; | ||
| 853 | tmp = EC_GROUP_new(EC_GROUP_method_of(group)); | ||
| 854 | if (!tmp) ABORT; | ||
| 855 | if (!EC_GROUP_copy(tmp, group)) ABORT; | ||
| 856 | EC_GROUP_free(group); | ||
| 857 | group = tmp; | ||
| 858 | } | ||
| 859 | |||
| 860 | if (!EC_GROUP_get_curve_GF2m(group, p, a, b, ctx)) ABORT; | ||
| 861 | |||
| 862 | fprintf(stdout, "Curve defined by Weierstrass equation\n y^2 + x*y = x^3 + a*x^2 + b (mod 0x"); | ||
| 863 | BN_print_fp(stdout, p); | ||
| 864 | fprintf(stdout, ")\n a = 0x"); | ||
| 865 | BN_print_fp(stdout, a); | ||
| 866 | fprintf(stdout, "\n b = 0x"); | ||
| 867 | BN_print_fp(stdout, b); | ||
| 868 | fprintf(stdout, "\n(0x... means binary polynomial)\n"); | ||
| 869 | |||
| 870 | P = EC_POINT_new(group); | ||
| 871 | Q = EC_POINT_new(group); | ||
| 872 | R = EC_POINT_new(group); | ||
| 873 | if (!P || !Q || !R) ABORT; | ||
| 874 | |||
| 875 | if (!EC_POINT_set_to_infinity(group, P)) ABORT; | ||
| 876 | if (!EC_POINT_is_at_infinity(group, P)) ABORT; | ||
| 877 | |||
| 878 | buf[0] = 0; | ||
| 879 | if (!EC_POINT_oct2point(group, Q, buf, 1, ctx)) ABORT; | ||
| 880 | |||
| 881 | if (!EC_POINT_add(group, P, P, Q, ctx)) ABORT; | ||
| 882 | if (!EC_POINT_is_at_infinity(group, P)) ABORT; | ||
| 883 | |||
| 884 | x = BN_new(); | ||
| 885 | y = BN_new(); | ||
| 886 | z = BN_new(); | ||
| 887 | cof = BN_new(); | ||
| 888 | if (!x || !y || !z || !cof) ABORT; | ||
| 889 | |||
| 890 | if (!BN_hex2bn(&x, "6")) ABORT; | ||
| 891 | /* Change test based on whether binary point compression is enabled or not. */ | ||
| 892 | #ifdef OPENSSL_EC_BIN_PT_COMP | ||
| 893 | if (!EC_POINT_set_compressed_coordinates_GF2m(group, Q, x, 1, ctx)) ABORT; | ||
| 894 | #else | ||
| 895 | if (!BN_hex2bn(&y, "8")) ABORT; | ||
| 896 | if (!EC_POINT_set_affine_coordinates_GF2m(group, Q, x, y, ctx)) ABORT; | ||
| 897 | #endif | ||
| 898 | if (!EC_POINT_is_on_curve(group, Q, ctx)) | ||
| 899 | { | ||
| 900 | /* Change test based on whether binary point compression is enabled or not. */ | ||
| 901 | #ifdef OPENSSL_EC_BIN_PT_COMP | ||
| 902 | if (!EC_POINT_get_affine_coordinates_GF2m(group, Q, x, y, ctx)) ABORT; | ||
| 903 | #endif | ||
| 904 | fprintf(stderr, "Point is not on curve: x = 0x"); | ||
| 905 | BN_print_fp(stderr, x); | ||
| 906 | fprintf(stderr, ", y = 0x"); | ||
| 907 | BN_print_fp(stderr, y); | ||
| 908 | fprintf(stderr, "\n"); | ||
| 909 | ABORT; | ||
| 910 | } | ||
| 911 | |||
| 912 | fprintf(stdout, "A cyclic subgroup:\n"); | ||
| 913 | k = 100; | ||
| 914 | do | ||
| 915 | { | ||
| 916 | if (k-- == 0) ABORT; | ||
| 917 | |||
| 918 | if (EC_POINT_is_at_infinity(group, P)) | ||
| 919 | fprintf(stdout, " point at infinity\n"); | ||
| 920 | else | ||
| 921 | { | ||
| 922 | if (!EC_POINT_get_affine_coordinates_GF2m(group, P, x, y, ctx)) ABORT; | ||
| 923 | |||
| 924 | fprintf(stdout, " x = 0x"); | ||
| 925 | BN_print_fp(stdout, x); | ||
| 926 | fprintf(stdout, ", y = 0x"); | ||
| 927 | BN_print_fp(stdout, y); | ||
| 928 | fprintf(stdout, "\n"); | ||
| 929 | } | ||
| 930 | |||
| 931 | if (!EC_POINT_copy(R, P)) ABORT; | ||
| 932 | if (!EC_POINT_add(group, P, P, Q, ctx)) ABORT; | ||
| 933 | } | ||
| 934 | while (!EC_POINT_is_at_infinity(group, P)); | ||
| 935 | |||
| 936 | if (!EC_POINT_add(group, P, Q, R, ctx)) ABORT; | ||
| 937 | if (!EC_POINT_is_at_infinity(group, P)) ABORT; | ||
| 938 | |||
| 939 | /* Change test based on whether binary point compression is enabled or not. */ | ||
| 940 | #ifdef OPENSSL_EC_BIN_PT_COMP | ||
| 941 | len = EC_POINT_point2oct(group, Q, POINT_CONVERSION_COMPRESSED, buf, sizeof buf, ctx); | ||
| 942 | if (len == 0) ABORT; | ||
| 943 | if (!EC_POINT_oct2point(group, P, buf, len, ctx)) ABORT; | ||
| 944 | if (0 != EC_POINT_cmp(group, P, Q, ctx)) ABORT; | ||
| 945 | fprintf(stdout, "Generator as octet string, compressed form:\n "); | ||
| 946 | for (i = 0; i < len; i++) fprintf(stdout, "%02X", buf[i]); | ||
| 947 | #endif | ||
| 948 | |||
| 949 | len = EC_POINT_point2oct(group, Q, POINT_CONVERSION_UNCOMPRESSED, buf, sizeof buf, ctx); | ||
| 950 | if (len == 0) ABORT; | ||
| 951 | if (!EC_POINT_oct2point(group, P, buf, len, ctx)) ABORT; | ||
| 952 | if (0 != EC_POINT_cmp(group, P, Q, ctx)) ABORT; | ||
| 953 | fprintf(stdout, "\nGenerator as octet string, uncompressed form:\n "); | ||
| 954 | for (i = 0; i < len; i++) fprintf(stdout, "%02X", buf[i]); | ||
| 955 | |||
| 956 | /* Change test based on whether binary point compression is enabled or not. */ | ||
| 957 | #ifdef OPENSSL_EC_BIN_PT_COMP | ||
| 958 | len = EC_POINT_point2oct(group, Q, POINT_CONVERSION_HYBRID, buf, sizeof buf, ctx); | ||
| 959 | if (len == 0) ABORT; | ||
| 960 | if (!EC_POINT_oct2point(group, P, buf, len, ctx)) ABORT; | ||
| 961 | if (0 != EC_POINT_cmp(group, P, Q, ctx)) ABORT; | ||
| 962 | fprintf(stdout, "\nGenerator as octet string, hybrid form:\n "); | ||
| 963 | for (i = 0; i < len; i++) fprintf(stdout, "%02X", buf[i]); | ||
| 964 | #endif | ||
| 965 | |||
| 966 | fprintf(stdout, "\n"); | ||
| 967 | |||
| 968 | if (!EC_POINT_invert(group, P, ctx)) ABORT; | ||
| 969 | if (0 != EC_POINT_cmp(group, P, R, ctx)) ABORT; | ||
| 970 | |||
| 971 | |||
| 972 | /* Curve K-163 (FIPS PUB 186-2, App. 6) */ | ||
| 973 | CHAR2_CURVE_TEST | ||
| 974 | ( | ||
| 975 | "NIST curve K-163", | ||
| 976 | "0800000000000000000000000000000000000000C9", | ||
| 977 | "1", | ||
| 978 | "1", | ||
| 979 | "02FE13C0537BBC11ACAA07D793DE4E6D5E5C94EEE8", | ||
| 980 | "0289070FB05D38FF58321F2E800536D538CCDAA3D9", | ||
| 981 | 1, | ||
| 982 | "04000000000000000000020108A2E0CC0D99F8A5EF", | ||
| 983 | "2", | ||
| 984 | 163, | ||
| 985 | C2_K163 | ||
| 986 | ); | ||
| 987 | |||
| 988 | /* Curve B-163 (FIPS PUB 186-2, App. 6) */ | ||
| 989 | CHAR2_CURVE_TEST | ||
| 990 | ( | ||
| 991 | "NIST curve B-163", | ||
| 992 | "0800000000000000000000000000000000000000C9", | ||
| 993 | "1", | ||
| 994 | "020A601907B8C953CA1481EB10512F78744A3205FD", | ||
| 995 | "03F0EBA16286A2D57EA0991168D4994637E8343E36", | ||
| 996 | "00D51FBC6C71A0094FA2CDD545B11C5C0C797324F1", | ||
| 997 | 1, | ||
| 998 | "040000000000000000000292FE77E70C12A4234C33", | ||
| 999 | "2", | ||
| 1000 | 163, | ||
| 1001 | C2_B163 | ||
| 1002 | ); | ||
| 1003 | |||
| 1004 | /* Curve K-233 (FIPS PUB 186-2, App. 6) */ | ||
| 1005 | CHAR2_CURVE_TEST | ||
| 1006 | ( | ||
| 1007 | "NIST curve K-233", | ||
| 1008 | "020000000000000000000000000000000000000004000000000000000001", | ||
| 1009 | "0", | ||
| 1010 | "1", | ||
| 1011 | "017232BA853A7E731AF129F22FF4149563A419C26BF50A4C9D6EEFAD6126", | ||
| 1012 | "01DB537DECE819B7F70F555A67C427A8CD9BF18AEB9B56E0C11056FAE6A3", | ||
| 1013 | 0, | ||
| 1014 | "008000000000000000000000000000069D5BB915BCD46EFB1AD5F173ABDF", | ||
| 1015 | "4", | ||
| 1016 | 233, | ||
| 1017 | C2_K233 | ||
| 1018 | ); | ||
| 1019 | |||
| 1020 | /* Curve B-233 (FIPS PUB 186-2, App. 6) */ | ||
| 1021 | CHAR2_CURVE_TEST | ||
| 1022 | ( | ||
| 1023 | "NIST curve B-233", | ||
| 1024 | "020000000000000000000000000000000000000004000000000000000001", | ||
| 1025 | "000000000000000000000000000000000000000000000000000000000001", | ||
| 1026 | "0066647EDE6C332C7F8C0923BB58213B333B20E9CE4281FE115F7D8F90AD", | ||
| 1027 | "00FAC9DFCBAC8313BB2139F1BB755FEF65BC391F8B36F8F8EB7371FD558B", | ||
| 1028 | "01006A08A41903350678E58528BEBF8A0BEFF867A7CA36716F7E01F81052", | ||
| 1029 | 1, | ||
| 1030 | "01000000000000000000000000000013E974E72F8A6922031D2603CFE0D7", | ||
| 1031 | "2", | ||
| 1032 | 233, | ||
| 1033 | C2_B233 | ||
| 1034 | ); | ||
| 1035 | |||
| 1036 | /* Curve K-283 (FIPS PUB 186-2, App. 6) */ | ||
| 1037 | CHAR2_CURVE_TEST | ||
| 1038 | ( | ||
| 1039 | "NIST curve K-283", | ||
| 1040 | "0800000000000000000000000000000000000000000000000000000000000000000010A1", | ||
| 1041 | "0", | ||
| 1042 | "1", | ||
| 1043 | "0503213F78CA44883F1A3B8162F188E553CD265F23C1567A16876913B0C2AC2458492836", | ||
| 1044 | "01CCDA380F1C9E318D90F95D07E5426FE87E45C0E8184698E45962364E34116177DD2259", | ||
| 1045 | 0, | ||
| 1046 | "01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE9AE2ED07577265DFF7F94451E061E163C61", | ||
| 1047 | "4", | ||
| 1048 | 283, | ||
| 1049 | C2_K283 | ||
| 1050 | ); | ||
| 1051 | |||
| 1052 | /* Curve B-283 (FIPS PUB 186-2, App. 6) */ | ||
| 1053 | CHAR2_CURVE_TEST | ||
| 1054 | ( | ||
| 1055 | "NIST curve B-283", | ||
| 1056 | "0800000000000000000000000000000000000000000000000000000000000000000010A1", | ||
| 1057 | "000000000000000000000000000000000000000000000000000000000000000000000001", | ||
| 1058 | "027B680AC8B8596DA5A4AF8A19A0303FCA97FD7645309FA2A581485AF6263E313B79A2F5", | ||
| 1059 | "05F939258DB7DD90E1934F8C70B0DFEC2EED25B8557EAC9C80E2E198F8CDBECD86B12053", | ||
| 1060 | "03676854FE24141CB98FE6D4B20D02B4516FF702350EDDB0826779C813F0DF45BE8112F4", | ||
| 1061 | 1, | ||
| 1062 | "03FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEF90399660FC938A90165B042A7CEFADB307", | ||
| 1063 | "2", | ||
| 1064 | 283, | ||
| 1065 | C2_B283 | ||
| 1066 | ); | ||
| 1067 | |||
| 1068 | /* Curve K-409 (FIPS PUB 186-2, App. 6) */ | ||
| 1069 | CHAR2_CURVE_TEST | ||
| 1070 | ( | ||
| 1071 | "NIST curve K-409", | ||
| 1072 | "02000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000001", | ||
| 1073 | "0", | ||
| 1074 | "1", | ||
| 1075 | "0060F05F658F49C1AD3AB1890F7184210EFD0987E307C84C27ACCFB8F9F67CC2C460189EB5AAAA62EE222EB1B35540CFE9023746", | ||
| 1076 | "01E369050B7C4E42ACBA1DACBF04299C3460782F918EA427E6325165E9EA10E3DA5F6C42E9C55215AA9CA27A5863EC48D8E0286B", | ||
| 1077 | 1, | ||
| 1078 | "007FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE5F83B2D4EA20400EC4557D5ED3E3E7CA5B4B5C83B8E01E5FCF", | ||
| 1079 | "4", | ||
| 1080 | 409, | ||
| 1081 | C2_K409 | ||
| 1082 | ); | ||
| 1083 | |||
| 1084 | /* Curve B-409 (FIPS PUB 186-2, App. 6) */ | ||
| 1085 | CHAR2_CURVE_TEST | ||
| 1086 | ( | ||
| 1087 | "NIST curve B-409", | ||
| 1088 | "02000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000001", | ||
| 1089 | "00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001", | ||
| 1090 | "0021A5C2C8EE9FEB5C4B9A753B7B476B7FD6422EF1F3DD674761FA99D6AC27C8A9A197B272822F6CD57A55AA4F50AE317B13545F", | ||
| 1091 | "015D4860D088DDB3496B0C6064756260441CDE4AF1771D4DB01FFE5B34E59703DC255A868A1180515603AEAB60794E54BB7996A7", | ||
| 1092 | "0061B1CFAB6BE5F32BBFA78324ED106A7636B9C5A7BD198D0158AA4F5488D08F38514F1FDF4B4F40D2181B3681C364BA0273C706", | ||
| 1093 | 1, | ||
| 1094 | "010000000000000000000000000000000000000000000000000001E2AAD6A612F33307BE5FA47C3C9E052F838164CD37D9A21173", | ||
| 1095 | "2", | ||
| 1096 | 409, | ||
| 1097 | C2_B409 | ||
| 1098 | ); | ||
| 1099 | |||
| 1100 | /* Curve K-571 (FIPS PUB 186-2, App. 6) */ | ||
| 1101 | CHAR2_CURVE_TEST | ||
| 1102 | ( | ||
| 1103 | "NIST curve K-571", | ||
| 1104 | "80000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000425", | ||
| 1105 | "0", | ||
| 1106 | "1", | ||
| 1107 | "026EB7A859923FBC82189631F8103FE4AC9CA2970012D5D46024804801841CA44370958493B205E647DA304DB4CEB08CBBD1BA39494776FB988B47174DCA88C7E2945283A01C8972", | ||
| 1108 | "0349DC807F4FBF374F4AEADE3BCA95314DD58CEC9F307A54FFC61EFC006D8A2C9D4979C0AC44AEA74FBEBBB9F772AEDCB620B01A7BA7AF1B320430C8591984F601CD4C143EF1C7A3", | ||
| 1109 | 0, | ||
| 1110 | "020000000000000000000000000000000000000000000000000000000000000000000000131850E1F19A63E4B391A8DB917F4138B630D84BE5D639381E91DEB45CFE778F637C1001", | ||
| 1111 | "4", | ||
| 1112 | 571, | ||
| 1113 | C2_K571 | ||
| 1114 | ); | ||
| 1115 | |||
| 1116 | /* Curve B-571 (FIPS PUB 186-2, App. 6) */ | ||
| 1117 | CHAR2_CURVE_TEST | ||
| 1118 | ( | ||
| 1119 | "NIST curve B-571", | ||
| 1120 | "80000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000425", | ||
| 1121 | "000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001", | ||
| 1122 | "02F40E7E2221F295DE297117B7F3D62F5C6A97FFCB8CEFF1CD6BA8CE4A9A18AD84FFABBD8EFA59332BE7AD6756A66E294AFD185A78FF12AA520E4DE739BACA0C7FFEFF7F2955727A", | ||
| 1123 | "0303001D34B856296C16C0D40D3CD7750A93D1D2955FA80AA5F40FC8DB7B2ABDBDE53950F4C0D293CDD711A35B67FB1499AE60038614F1394ABFA3B4C850D927E1E7769C8EEC2D19", | ||
| 1124 | "037BF27342DA639B6DCCFFFEB73D69D78C6C27A6009CBBCA1980F8533921E8A684423E43BAB08A576291AF8F461BB2A8B3531D2F0485C19B16E2F1516E23DD3C1A4827AF1B8AC15B", | ||
| 1125 | 1, | ||
| 1126 | "03FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE661CE18FF55987308059B186823851EC7DD9CA1161DE93D5174D66E8382E9BB2FE84E47", | ||
| 1127 | "2", | ||
| 1128 | 571, | ||
| 1129 | C2_B571 | ||
| 1130 | ); | ||
| 1131 | |||
| 1132 | /* more tests using the last curve */ | ||
| 1133 | |||
| 1134 | if (!EC_POINT_copy(Q, P)) ABORT; | ||
| 1135 | if (EC_POINT_is_at_infinity(group, Q)) ABORT; | ||
| 1136 | if (!EC_POINT_dbl(group, P, P, ctx)) ABORT; | ||
| 1137 | if (!EC_POINT_is_on_curve(group, P, ctx)) ABORT; | ||
| 1138 | if (!EC_POINT_invert(group, Q, ctx)) ABORT; /* P = -2Q */ | ||
| 1139 | |||
| 1140 | if (!EC_POINT_add(group, R, P, Q, ctx)) ABORT; | ||
| 1141 | if (!EC_POINT_add(group, R, R, Q, ctx)) ABORT; | ||
| 1142 | if (!EC_POINT_is_at_infinity(group, R)) ABORT; /* R = P + 2Q */ | ||
| 1143 | |||
| 1144 | { | ||
| 1145 | const EC_POINT *points[3]; | ||
| 1146 | const BIGNUM *scalars[3]; | ||
| 1147 | |||
| 1148 | if (EC_POINT_is_at_infinity(group, Q)) ABORT; | ||
| 1149 | points[0] = Q; | ||
| 1150 | points[1] = Q; | ||
| 1151 | points[2] = Q; | ||
| 1152 | |||
| 1153 | if (!BN_add(y, z, BN_value_one())) ABORT; | ||
| 1154 | if (BN_is_odd(y)) ABORT; | ||
| 1155 | if (!BN_rshift1(y, y)) ABORT; | ||
| 1156 | scalars[0] = y; /* (group order + 1)/2, so y*Q + y*Q = Q */ | ||
| 1157 | scalars[1] = y; | ||
| 1158 | |||
| 1159 | fprintf(stdout, "combined multiplication ..."); | ||
| 1160 | fflush(stdout); | ||
| 1161 | |||
| 1162 | /* z is still the group order */ | ||
| 1163 | if (!EC_POINTs_mul(group, P, NULL, 2, points, scalars, ctx)) ABORT; | ||
| 1164 | if (!EC_POINTs_mul(group, R, z, 2, points, scalars, ctx)) ABORT; | ||
| 1165 | if (0 != EC_POINT_cmp(group, P, R, ctx)) ABORT; | ||
| 1166 | if (0 != EC_POINT_cmp(group, R, Q, ctx)) ABORT; | ||
| 1167 | |||
| 1168 | fprintf(stdout, "."); | ||
| 1169 | fflush(stdout); | ||
| 1170 | |||
| 1171 | if (!BN_pseudo_rand(y, BN_num_bits(y), 0, 0)) ABORT; | ||
| 1172 | if (!BN_add(z, z, y)) ABORT; | ||
| 1173 | BN_set_negative(z, 1); | ||
| 1174 | scalars[0] = y; | ||
| 1175 | scalars[1] = z; /* z = -(order + y) */ | ||
| 1176 | |||
| 1177 | if (!EC_POINTs_mul(group, P, NULL, 2, points, scalars, ctx)) ABORT; | ||
| 1178 | if (!EC_POINT_is_at_infinity(group, P)) ABORT; | ||
| 1179 | |||
| 1180 | fprintf(stdout, "."); | ||
| 1181 | fflush(stdout); | ||
| 1182 | |||
| 1183 | if (!BN_pseudo_rand(x, BN_num_bits(y) - 1, 0, 0)) ABORT; | ||
| 1184 | if (!BN_add(z, x, y)) ABORT; | ||
| 1185 | BN_set_negative(z, 1); | ||
| 1186 | scalars[0] = x; | ||
| 1187 | scalars[1] = y; | ||
| 1188 | scalars[2] = z; /* z = -(x+y) */ | ||
| 1189 | |||
| 1190 | if (!EC_POINTs_mul(group, P, NULL, 3, points, scalars, ctx)) ABORT; | ||
| 1191 | if (!EC_POINT_is_at_infinity(group, P)) ABORT; | ||
| 1192 | |||
| 1193 | fprintf(stdout, " ok\n\n"); | ||
| 1194 | } | ||
| 1195 | |||
| 1196 | |||
| 1197 | #if 0 | ||
| 1198 | timings(C2_K163, TIMING_BASE_PT, ctx); | ||
| 1199 | timings(C2_K163, TIMING_RAND_PT, ctx); | ||
| 1200 | timings(C2_K163, TIMING_SIMUL, ctx); | ||
| 1201 | timings(C2_B163, TIMING_BASE_PT, ctx); | ||
| 1202 | timings(C2_B163, TIMING_RAND_PT, ctx); | ||
| 1203 | timings(C2_B163, TIMING_SIMUL, ctx); | ||
| 1204 | timings(C2_K233, TIMING_BASE_PT, ctx); | ||
| 1205 | timings(C2_K233, TIMING_RAND_PT, ctx); | ||
| 1206 | timings(C2_K233, TIMING_SIMUL, ctx); | ||
| 1207 | timings(C2_B233, TIMING_BASE_PT, ctx); | ||
| 1208 | timings(C2_B233, TIMING_RAND_PT, ctx); | ||
| 1209 | timings(C2_B233, TIMING_SIMUL, ctx); | ||
| 1210 | timings(C2_K283, TIMING_BASE_PT, ctx); | ||
| 1211 | timings(C2_K283, TIMING_RAND_PT, ctx); | ||
| 1212 | timings(C2_K283, TIMING_SIMUL, ctx); | ||
| 1213 | timings(C2_B283, TIMING_BASE_PT, ctx); | ||
| 1214 | timings(C2_B283, TIMING_RAND_PT, ctx); | ||
| 1215 | timings(C2_B283, TIMING_SIMUL, ctx); | ||
| 1216 | timings(C2_K409, TIMING_BASE_PT, ctx); | ||
| 1217 | timings(C2_K409, TIMING_RAND_PT, ctx); | ||
| 1218 | timings(C2_K409, TIMING_SIMUL, ctx); | ||
| 1219 | timings(C2_B409, TIMING_BASE_PT, ctx); | ||
| 1220 | timings(C2_B409, TIMING_RAND_PT, ctx); | ||
| 1221 | timings(C2_B409, TIMING_SIMUL, ctx); | ||
| 1222 | timings(C2_K571, TIMING_BASE_PT, ctx); | ||
| 1223 | timings(C2_K571, TIMING_RAND_PT, ctx); | ||
| 1224 | timings(C2_K571, TIMING_SIMUL, ctx); | ||
| 1225 | timings(C2_B571, TIMING_BASE_PT, ctx); | ||
| 1226 | timings(C2_B571, TIMING_RAND_PT, ctx); | ||
| 1227 | timings(C2_B571, TIMING_SIMUL, ctx); | ||
| 1228 | #endif | ||
| 1229 | |||
| 1230 | |||
| 1231 | if (ctx) | ||
| 1232 | BN_CTX_free(ctx); | ||
| 1233 | BN_free(p); BN_free(a); BN_free(b); | ||
| 1234 | EC_GROUP_free(group); | ||
| 1235 | EC_POINT_free(P); | ||
| 1236 | EC_POINT_free(Q); | ||
| 1237 | EC_POINT_free(R); | ||
| 1238 | BN_free(x); BN_free(y); BN_free(z); BN_free(cof); | ||
| 1239 | |||
| 1240 | if (C2_K163) EC_GROUP_free(C2_K163); | ||
| 1241 | if (C2_B163) EC_GROUP_free(C2_B163); | ||
| 1242 | if (C2_K233) EC_GROUP_free(C2_K233); | ||
| 1243 | if (C2_B233) EC_GROUP_free(C2_B233); | ||
| 1244 | if (C2_K283) EC_GROUP_free(C2_K283); | ||
| 1245 | if (C2_B283) EC_GROUP_free(C2_B283); | ||
| 1246 | if (C2_K409) EC_GROUP_free(C2_K409); | ||
| 1247 | if (C2_B409) EC_GROUP_free(C2_B409); | ||
| 1248 | if (C2_K571) EC_GROUP_free(C2_K571); | ||
| 1249 | if (C2_B571) EC_GROUP_free(C2_B571); | ||
| 1250 | |||
| 1251 | } | ||
| 1252 | |||
| 1253 | void internal_curve_test(void) | ||
| 1254 | { | ||
| 1255 | EC_builtin_curve *curves = NULL; | ||
| 1256 | size_t crv_len = 0, n = 0; | ||
| 1257 | int ok = 1; | ||
| 1258 | |||
| 1259 | crv_len = EC_get_builtin_curves(NULL, 0); | ||
| 1260 | |||
| 1261 | curves = OPENSSL_malloc(sizeof(EC_builtin_curve) * crv_len); | ||
| 1262 | |||
| 1263 | if (curves == NULL) | ||
| 1264 | return; | ||
| 1265 | |||
| 1266 | if (!EC_get_builtin_curves(curves, crv_len)) | ||
| 1267 | { | ||
| 1268 | OPENSSL_free(curves); | ||
| 1269 | return; | ||
| 1270 | } | ||
| 1271 | |||
| 1272 | fprintf(stdout, "testing internal curves: "); | ||
| 1273 | |||
| 1274 | for (n = 0; n < crv_len; n++) | ||
| 1275 | { | ||
| 1276 | EC_GROUP *group = NULL; | ||
| 1277 | int nid = curves[n].nid; | ||
| 1278 | if ((group = EC_GROUP_new_by_curve_name(nid)) == NULL) | ||
| 1279 | { | ||
| 1280 | ok = 0; | ||
| 1281 | fprintf(stdout, "\nEC_GROUP_new_curve_name() failed with" | ||
| 1282 | " curve %s\n", OBJ_nid2sn(nid)); | ||
| 1283 | /* try next curve */ | ||
| 1284 | continue; | ||
| 1285 | } | ||
| 1286 | if (!EC_GROUP_check(group, NULL)) | ||
| 1287 | { | ||
| 1288 | ok = 0; | ||
| 1289 | fprintf(stdout, "\nEC_GROUP_check() failed with" | ||
| 1290 | " curve %s\n", OBJ_nid2sn(nid)); | ||
| 1291 | EC_GROUP_free(group); | ||
| 1292 | /* try the next curve */ | ||
| 1293 | continue; | ||
| 1294 | } | ||
| 1295 | fprintf(stdout, "."); | ||
| 1296 | fflush(stdout); | ||
| 1297 | EC_GROUP_free(group); | ||
| 1298 | } | ||
| 1299 | if (ok) | ||
| 1300 | fprintf(stdout, " ok\n"); | ||
| 1301 | else | ||
| 1302 | fprintf(stdout, " failed\n"); | ||
| 1303 | OPENSSL_free(curves); | ||
| 1304 | return; | ||
| 1305 | } | ||
| 1306 | |||
| 1307 | static const char rnd_seed[] = "string to make the random number generator think it has entropy"; | ||
| 1308 | |||
| 1309 | int main(int argc, char *argv[]) | ||
| 1310 | { | ||
| 1311 | |||
| 1312 | /* enable memory leak checking unless explicitly disabled */ | ||
| 1313 | if (!((getenv("OPENSSL_DEBUG_MEMORY") != NULL) && (0 == strcmp(getenv("OPENSSL_DEBUG_MEMORY"), "off")))) | ||
| 1314 | { | ||
| 1315 | CRYPTO_malloc_debug_init(); | ||
| 1316 | CRYPTO_set_mem_debug_options(V_CRYPTO_MDEBUG_ALL); | ||
| 1317 | } | ||
| 1318 | else | ||
| 1319 | { | ||
| 1320 | /* OPENSSL_DEBUG_MEMORY=off */ | ||
| 1321 | CRYPTO_set_mem_debug_functions(0, 0, 0, 0, 0); | ||
| 1322 | } | ||
| 1323 | CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); | ||
| 1324 | ERR_load_crypto_strings(); | ||
| 1325 | |||
| 1326 | RAND_seed(rnd_seed, sizeof rnd_seed); /* or BN_generate_prime may fail */ | ||
| 1327 | |||
| 1328 | prime_field_tests(); | ||
| 1329 | puts(""); | ||
| 1330 | char2_field_tests(); | ||
| 1331 | /* test the internal curves */ | ||
| 1332 | internal_curve_test(); | ||
| 1333 | |||
| 633 | #ifndef OPENSSL_NO_ENGINE | 1334 | #ifndef OPENSSL_NO_ENGINE |
| 634 | ENGINE_cleanup(); | 1335 | ENGINE_cleanup(); |
| 635 | #endif | 1336 | #endif |
diff --git a/src/lib/libssl/src/crypto/engine/eng_all.c b/src/lib/libssl/src/crypto/engine/eng_all.c index 0f6992a40d..8599046717 100644 --- a/src/lib/libssl/src/crypto/engine/eng_all.c +++ b/src/lib/libssl/src/crypto/engine/eng_all.c | |||
| @@ -56,8 +56,7 @@ | |||
| 56 | * | 56 | * |
| 57 | */ | 57 | */ |
| 58 | 58 | ||
| 59 | #include <openssl/err.h> | 59 | #include "cryptlib.h" |
| 60 | #include <openssl/engine.h> | ||
| 61 | #include "eng_int.h" | 60 | #include "eng_int.h" |
| 62 | 61 | ||
| 63 | void ENGINE_load_builtin_engines(void) | 62 | void ENGINE_load_builtin_engines(void) |
| @@ -69,32 +68,42 @@ void ENGINE_load_builtin_engines(void) | |||
| 69 | #if 0 | 68 | #if 0 |
| 70 | ENGINE_load_openssl(); | 69 | ENGINE_load_openssl(); |
| 71 | #endif | 70 | #endif |
| 71 | #if !defined(OPENSSL_NO_HW) && !defined(OPENSSL_NO_HW_PADLOCK) | ||
| 72 | ENGINE_load_padlock(); | ||
| 73 | #endif | ||
| 72 | ENGINE_load_dynamic(); | 74 | ENGINE_load_dynamic(); |
| 75 | #ifndef OPENSSL_NO_STATIC_ENGINE | ||
| 73 | #ifndef OPENSSL_NO_HW | 76 | #ifndef OPENSSL_NO_HW |
| 77 | #ifndef OPENSSL_NO_HW_4758_CCA | ||
| 78 | ENGINE_load_4758cca(); | ||
| 79 | #endif | ||
| 80 | #ifndef OPENSSL_NO_HW_AEP | ||
| 81 | ENGINE_load_aep(); | ||
| 82 | #endif | ||
| 83 | #ifndef OPENSSL_NO_HW_ATALLA | ||
| 84 | ENGINE_load_atalla(); | ||
| 85 | #endif | ||
| 74 | #ifndef OPENSSL_NO_HW_CSWIFT | 86 | #ifndef OPENSSL_NO_HW_CSWIFT |
| 75 | ENGINE_load_cswift(); | 87 | ENGINE_load_cswift(); |
| 76 | #endif | 88 | #endif |
| 77 | #ifndef OPENSSL_NO_HW_NCIPHER | 89 | #ifndef OPENSSL_NO_HW_NCIPHER |
| 78 | ENGINE_load_chil(); | 90 | ENGINE_load_chil(); |
| 79 | #endif | 91 | #endif |
| 80 | #ifndef OPENSSL_NO_HW_ATALLA | ||
| 81 | ENGINE_load_atalla(); | ||
| 82 | #endif | ||
| 83 | #ifndef OPENSSL_NO_HW_NURON | 92 | #ifndef OPENSSL_NO_HW_NURON |
| 84 | ENGINE_load_nuron(); | 93 | ENGINE_load_nuron(); |
| 85 | #endif | 94 | #endif |
| 95 | #ifndef OPENSSL_NO_HW_SUREWARE | ||
| 96 | ENGINE_load_sureware(); | ||
| 97 | #endif | ||
| 86 | #ifndef OPENSSL_NO_HW_UBSEC | 98 | #ifndef OPENSSL_NO_HW_UBSEC |
| 87 | ENGINE_load_ubsec(); | 99 | ENGINE_load_ubsec(); |
| 88 | #endif | 100 | #endif |
| 89 | #ifndef OPENSSL_NO_HW_AEP | ||
| 90 | ENGINE_load_aep(); | ||
| 91 | #endif | 101 | #endif |
| 92 | #ifndef OPENSSL_NO_HW_SUREWARE | 102 | #if !defined(OPENSSL_NO_GMP) && !defined(OPENSSL_NO_HW_GMP) |
| 93 | ENGINE_load_sureware(); | 103 | ENGINE_load_gmp(); |
| 94 | #endif | 104 | #endif |
| 95 | #ifndef OPENSSL_NO_HW_4758_CCA | ||
| 96 | ENGINE_load_4758cca(); | ||
| 97 | #endif | 105 | #endif |
| 106 | #ifndef OPENSSL_NO_HW | ||
| 98 | #if defined(__OpenBSD__) || defined(__FreeBSD__) | 107 | #if defined(__OpenBSD__) || defined(__FreeBSD__) |
| 99 | ENGINE_load_cryptodev(); | 108 | ENGINE_load_cryptodev(); |
| 100 | #endif | 109 | #endif |
diff --git a/src/lib/libssl/src/crypto/engine/eng_cnf.c b/src/lib/libssl/src/crypto/engine/eng_cnf.c index 4225760af1..a97e01e619 100644 --- a/src/lib/libssl/src/crypto/engine/eng_cnf.c +++ b/src/lib/libssl/src/crypto/engine/eng_cnf.c | |||
| @@ -56,11 +56,8 @@ | |||
| 56 | * | 56 | * |
| 57 | */ | 57 | */ |
| 58 | 58 | ||
| 59 | #include <stdio.h> | 59 | #include "eng_int.h" |
| 60 | #include <openssl/crypto.h> | ||
| 61 | #include "cryptlib.h" | ||
| 62 | #include <openssl/conf.h> | 60 | #include <openssl/conf.h> |
| 63 | #include <openssl/engine.h> | ||
| 64 | 61 | ||
| 65 | /* #define ENGINE_CONF_DEBUG */ | 62 | /* #define ENGINE_CONF_DEBUG */ |
| 66 | 63 | ||
| @@ -210,7 +207,7 @@ static int int_engine_module_init(CONF_IMODULE *md, const CONF *cnf) | |||
| 210 | 207 | ||
| 211 | if (!elist) | 208 | if (!elist) |
| 212 | { | 209 | { |
| 213 | ENGINEerr(ENGINE_F_ENGINE_MODULE_INIT, ENGINE_R_ENGINES_SECTION_ERROR); | 210 | ENGINEerr(ENGINE_F_INT_ENGINE_MODULE_INIT, ENGINE_R_ENGINES_SECTION_ERROR); |
| 214 | return 0; | 211 | return 0; |
| 215 | } | 212 | } |
| 216 | 213 | ||
diff --git a/src/lib/libssl/src/crypto/engine/eng_ctrl.c b/src/lib/libssl/src/crypto/engine/eng_ctrl.c index 412c73fb0f..95b6b455aa 100644 --- a/src/lib/libssl/src/crypto/engine/eng_ctrl.c +++ b/src/lib/libssl/src/crypto/engine/eng_ctrl.c | |||
| @@ -53,10 +53,7 @@ | |||
| 53 | * | 53 | * |
| 54 | */ | 54 | */ |
| 55 | 55 | ||
| 56 | #include <openssl/crypto.h> | ||
| 57 | #include "cryptlib.h" | ||
| 58 | #include "eng_int.h" | 56 | #include "eng_int.h" |
| 59 | #include <openssl/engine.h> | ||
| 60 | 57 | ||
| 61 | /* When querying a ENGINE-specific control command's 'description', this string | 58 | /* When querying a ENGINE-specific control command's 'description', this string |
| 62 | * is used if the ENGINE_CMD_DEFN has cmd_desc set to NULL. */ | 59 | * is used if the ENGINE_CMD_DEFN has cmd_desc set to NULL. */ |
| @@ -103,7 +100,8 @@ static int int_ctrl_cmd_by_num(const ENGINE_CMD_DEFN *defn, unsigned int num) | |||
| 103 | return -1; | 100 | return -1; |
| 104 | } | 101 | } |
| 105 | 102 | ||
| 106 | static int int_ctrl_helper(ENGINE *e, int cmd, long i, void *p, void (*f)()) | 103 | static int int_ctrl_helper(ENGINE *e, int cmd, long i, void *p, |
| 104 | void (*f)(void)) | ||
| 107 | { | 105 | { |
| 108 | int idx; | 106 | int idx; |
| 109 | char *s = (char *)p; | 107 | char *s = (char *)p; |
| @@ -181,7 +179,7 @@ static int int_ctrl_helper(ENGINE *e, int cmd, long i, void *p, void (*f)()) | |||
| 181 | return -1; | 179 | return -1; |
| 182 | } | 180 | } |
| 183 | 181 | ||
| 184 | int ENGINE_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)()) | 182 | int ENGINE_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void)) |
| 185 | { | 183 | { |
| 186 | int ctrl_exists, ref_exists; | 184 | int ctrl_exists, ref_exists; |
| 187 | if(e == NULL) | 185 | if(e == NULL) |
| @@ -251,13 +249,13 @@ int ENGINE_cmd_is_executable(ENGINE *e, int cmd) | |||
| 251 | } | 249 | } |
| 252 | 250 | ||
| 253 | int ENGINE_ctrl_cmd(ENGINE *e, const char *cmd_name, | 251 | int ENGINE_ctrl_cmd(ENGINE *e, const char *cmd_name, |
| 254 | long i, void *p, void (*f)(), int cmd_optional) | 252 | long i, void *p, void (*f)(void), int cmd_optional) |
| 255 | { | 253 | { |
| 256 | int num; | 254 | int num; |
| 257 | 255 | ||
| 258 | if((e == NULL) || (cmd_name == NULL)) | 256 | if((e == NULL) || (cmd_name == NULL)) |
| 259 | { | 257 | { |
| 260 | ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING, | 258 | ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD, |
| 261 | ERR_R_PASSED_NULL_PARAMETER); | 259 | ERR_R_PASSED_NULL_PARAMETER); |
| 262 | return 0; | 260 | return 0; |
| 263 | } | 261 | } |
diff --git a/src/lib/libssl/src/crypto/engine/eng_dyn.c b/src/lib/libssl/src/crypto/engine/eng_dyn.c index 4139a16e76..acb30c34d8 100644 --- a/src/lib/libssl/src/crypto/engine/eng_dyn.c +++ b/src/lib/libssl/src/crypto/engine/eng_dyn.c | |||
| @@ -57,11 +57,7 @@ | |||
| 57 | */ | 57 | */ |
| 58 | 58 | ||
| 59 | 59 | ||
| 60 | #include <stdio.h> | ||
| 61 | #include <openssl/crypto.h> | ||
| 62 | #include "cryptlib.h" | ||
| 63 | #include "eng_int.h" | 60 | #include "eng_int.h" |
| 64 | #include <openssl/engine.h> | ||
| 65 | #include <openssl/dso.h> | 61 | #include <openssl/dso.h> |
| 66 | 62 | ||
| 67 | /* Shared libraries implementing ENGINEs for use by the "dynamic" ENGINE loader | 63 | /* Shared libraries implementing ENGINEs for use by the "dynamic" ENGINE loader |
| @@ -70,7 +66,7 @@ | |||
| 70 | /* Our ENGINE handlers */ | 66 | /* Our ENGINE handlers */ |
| 71 | static int dynamic_init(ENGINE *e); | 67 | static int dynamic_init(ENGINE *e); |
| 72 | static int dynamic_finish(ENGINE *e); | 68 | static int dynamic_finish(ENGINE *e); |
| 73 | static int dynamic_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)()); | 69 | static int dynamic_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void)); |
| 74 | /* Predeclare our context type */ | 70 | /* Predeclare our context type */ |
| 75 | typedef struct st_dynamic_data_ctx dynamic_data_ctx; | 71 | typedef struct st_dynamic_data_ctx dynamic_data_ctx; |
| 76 | /* The implementation for the important control command */ | 72 | /* The implementation for the important control command */ |
| @@ -80,7 +76,9 @@ static int dynamic_load(ENGINE *e, dynamic_data_ctx *ctx); | |||
| 80 | #define DYNAMIC_CMD_NO_VCHECK (ENGINE_CMD_BASE + 1) | 76 | #define DYNAMIC_CMD_NO_VCHECK (ENGINE_CMD_BASE + 1) |
| 81 | #define DYNAMIC_CMD_ID (ENGINE_CMD_BASE + 2) | 77 | #define DYNAMIC_CMD_ID (ENGINE_CMD_BASE + 2) |
| 82 | #define DYNAMIC_CMD_LIST_ADD (ENGINE_CMD_BASE + 3) | 78 | #define DYNAMIC_CMD_LIST_ADD (ENGINE_CMD_BASE + 3) |
| 83 | #define DYNAMIC_CMD_LOAD (ENGINE_CMD_BASE + 4) | 79 | #define DYNAMIC_CMD_DIR_LOAD (ENGINE_CMD_BASE + 4) |
| 80 | #define DYNAMIC_CMD_DIR_ADD (ENGINE_CMD_BASE + 5) | ||
| 81 | #define DYNAMIC_CMD_LOAD (ENGINE_CMD_BASE + 6) | ||
| 84 | 82 | ||
| 85 | /* The constants used when creating the ENGINE */ | 83 | /* The constants used when creating the ENGINE */ |
| 86 | static const char *engine_dynamic_id = "dynamic"; | 84 | static const char *engine_dynamic_id = "dynamic"; |
| @@ -102,6 +100,14 @@ static const ENGINE_CMD_DEFN dynamic_cmd_defns[] = { | |||
| 102 | "LIST_ADD", | 100 | "LIST_ADD", |
| 103 | "Whether to add a loaded ENGINE to the internal list (0=no,1=yes,2=mandatory)", | 101 | "Whether to add a loaded ENGINE to the internal list (0=no,1=yes,2=mandatory)", |
| 104 | ENGINE_CMD_FLAG_NUMERIC}, | 102 | ENGINE_CMD_FLAG_NUMERIC}, |
| 103 | {DYNAMIC_CMD_DIR_LOAD, | ||
| 104 | "DIR_LOAD", | ||
| 105 | "Specifies whether to load from 'DIR_ADD' directories (0=no,1=yes,2=mandatory)", | ||
| 106 | ENGINE_CMD_FLAG_NUMERIC}, | ||
| 107 | {DYNAMIC_CMD_DIR_ADD, | ||
| 108 | "DIR_ADD", | ||
| 109 | "Adds a directory from which ENGINEs can be loaded", | ||
| 110 | ENGINE_CMD_FLAG_STRING}, | ||
| 105 | {DYNAMIC_CMD_LOAD, | 111 | {DYNAMIC_CMD_LOAD, |
| 106 | "LOAD", | 112 | "LOAD", |
| 107 | "Load up the ENGINE specified by other settings", | 113 | "Load up the ENGINE specified by other settings", |
| @@ -136,12 +142,18 @@ struct st_dynamic_data_ctx | |||
| 136 | const char *DYNAMIC_F1; | 142 | const char *DYNAMIC_F1; |
| 137 | /* The symbol name for the "initialise ENGINE structure" function */ | 143 | /* The symbol name for the "initialise ENGINE structure" function */ |
| 138 | const char *DYNAMIC_F2; | 144 | const char *DYNAMIC_F2; |
| 145 | /* Whether to never use 'dirs', use 'dirs' as a fallback, or only use | ||
| 146 | * 'dirs' for loading. Default is to use 'dirs' as a fallback. */ | ||
| 147 | int dir_load; | ||
| 148 | /* A stack of directories from which ENGINEs could be loaded */ | ||
| 149 | STACK *dirs; | ||
| 139 | }; | 150 | }; |
| 140 | 151 | ||
| 141 | /* This is the "ex_data" index we obtain and reserve for use with our context | 152 | /* This is the "ex_data" index we obtain and reserve for use with our context |
| 142 | * structure. */ | 153 | * structure. */ |
| 143 | static int dynamic_ex_data_idx = -1; | 154 | static int dynamic_ex_data_idx = -1; |
| 144 | 155 | ||
| 156 | static void int_free_str(void *s) { OPENSSL_free(s); } | ||
| 145 | /* Because our ex_data element may or may not get allocated depending on whether | 157 | /* Because our ex_data element may or may not get allocated depending on whether |
| 146 | * a "first-use" occurs before the ENGINE is freed, we have a memory leak | 158 | * a "first-use" occurs before the ENGINE is freed, we have a memory leak |
| 147 | * problem to solve. We can't declare a "new" handler for the ex_data as we | 159 | * problem to solve. We can't declare a "new" handler for the ex_data as we |
| @@ -161,6 +173,8 @@ static void dynamic_data_ctx_free_func(void *parent, void *ptr, | |||
| 161 | OPENSSL_free((void*)ctx->DYNAMIC_LIBNAME); | 173 | OPENSSL_free((void*)ctx->DYNAMIC_LIBNAME); |
| 162 | if(ctx->engine_id) | 174 | if(ctx->engine_id) |
| 163 | OPENSSL_free((void*)ctx->engine_id); | 175 | OPENSSL_free((void*)ctx->engine_id); |
| 176 | if(ctx->dirs) | ||
| 177 | sk_pop_free(ctx->dirs, int_free_str); | ||
| 164 | OPENSSL_free(ctx); | 178 | OPENSSL_free(ctx); |
| 165 | } | 179 | } |
| 166 | } | 180 | } |
| @@ -175,7 +189,7 @@ static int dynamic_set_data_ctx(ENGINE *e, dynamic_data_ctx **ctx) | |||
| 175 | c = OPENSSL_malloc(sizeof(dynamic_data_ctx)); | 189 | c = OPENSSL_malloc(sizeof(dynamic_data_ctx)); |
| 176 | if(!c) | 190 | if(!c) |
| 177 | { | 191 | { |
| 178 | ENGINEerr(ENGINE_F_SET_DATA_CTX,ERR_R_MALLOC_FAILURE); | 192 | ENGINEerr(ENGINE_F_DYNAMIC_SET_DATA_CTX,ERR_R_MALLOC_FAILURE); |
| 179 | return 0; | 193 | return 0; |
| 180 | } | 194 | } |
| 181 | memset(c, 0, sizeof(dynamic_data_ctx)); | 195 | memset(c, 0, sizeof(dynamic_data_ctx)); |
| @@ -188,6 +202,14 @@ static int dynamic_set_data_ctx(ENGINE *e, dynamic_data_ctx **ctx) | |||
| 188 | c->list_add_value = 0; | 202 | c->list_add_value = 0; |
| 189 | c->DYNAMIC_F1 = "v_check"; | 203 | c->DYNAMIC_F1 = "v_check"; |
| 190 | c->DYNAMIC_F2 = "bind_engine"; | 204 | c->DYNAMIC_F2 = "bind_engine"; |
| 205 | c->dir_load = 1; | ||
| 206 | c->dirs = sk_new_null(); | ||
| 207 | if(!c->dirs) | ||
| 208 | { | ||
| 209 | ENGINEerr(ENGINE_F_DYNAMIC_SET_DATA_CTX,ERR_R_MALLOC_FAILURE); | ||
| 210 | OPENSSL_free(c); | ||
| 211 | return 0; | ||
| 212 | } | ||
| 191 | CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); | 213 | CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); |
| 192 | if((*ctx = (dynamic_data_ctx *)ENGINE_get_ex_data(e, | 214 | if((*ctx = (dynamic_data_ctx *)ENGINE_get_ex_data(e, |
| 193 | dynamic_ex_data_idx)) == NULL) | 215 | dynamic_ex_data_idx)) == NULL) |
| @@ -290,7 +312,7 @@ static int dynamic_finish(ENGINE *e) | |||
| 290 | return 0; | 312 | return 0; |
| 291 | } | 313 | } |
| 292 | 314 | ||
| 293 | static int dynamic_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)()) | 315 | static int dynamic_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void)) |
| 294 | { | 316 | { |
| 295 | dynamic_data_ctx *ctx = dynamic_get_data_ctx(e); | 317 | dynamic_data_ctx *ctx = dynamic_get_data_ctx(e); |
| 296 | int initialised; | 318 | int initialised; |
| @@ -346,6 +368,34 @@ static int dynamic_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)()) | |||
| 346 | return 1; | 368 | return 1; |
| 347 | case DYNAMIC_CMD_LOAD: | 369 | case DYNAMIC_CMD_LOAD: |
| 348 | return dynamic_load(e, ctx); | 370 | return dynamic_load(e, ctx); |
| 371 | case DYNAMIC_CMD_DIR_LOAD: | ||
| 372 | if((i < 0) || (i > 2)) | ||
| 373 | { | ||
| 374 | ENGINEerr(ENGINE_F_DYNAMIC_CTRL, | ||
| 375 | ENGINE_R_INVALID_ARGUMENT); | ||
| 376 | return 0; | ||
| 377 | } | ||
| 378 | ctx->dir_load = (int)i; | ||
| 379 | return 1; | ||
| 380 | case DYNAMIC_CMD_DIR_ADD: | ||
| 381 | /* a NULL 'p' or a string of zero-length is the same thing */ | ||
| 382 | if(!p || (strlen((const char *)p) < 1)) | ||
| 383 | { | ||
| 384 | ENGINEerr(ENGINE_F_DYNAMIC_CTRL, | ||
| 385 | ENGINE_R_INVALID_ARGUMENT); | ||
| 386 | return 0; | ||
| 387 | } | ||
| 388 | { | ||
| 389 | char *tmp_str = BUF_strdup(p); | ||
| 390 | if(!tmp_str) | ||
| 391 | { | ||
| 392 | ENGINEerr(ENGINE_F_DYNAMIC_CTRL, | ||
| 393 | ERR_R_MALLOC_FAILURE); | ||
| 394 | return 0; | ||
| 395 | } | ||
| 396 | sk_insert(ctx->dirs, tmp_str, -1); | ||
| 397 | } | ||
| 398 | return 1; | ||
| 349 | default: | 399 | default: |
| 350 | break; | 400 | break; |
| 351 | } | 401 | } |
| @@ -353,16 +403,53 @@ static int dynamic_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)()) | |||
| 353 | return 0; | 403 | return 0; |
| 354 | } | 404 | } |
| 355 | 405 | ||
| 406 | static int int_load(dynamic_data_ctx *ctx) | ||
| 407 | { | ||
| 408 | int num, loop; | ||
| 409 | /* Unless told not to, try a direct load */ | ||
| 410 | if((ctx->dir_load != 2) && (DSO_load(ctx->dynamic_dso, | ||
| 411 | ctx->DYNAMIC_LIBNAME, NULL, 0)) != NULL) | ||
| 412 | return 1; | ||
| 413 | /* If we're not allowed to use 'dirs' or we have none, fail */ | ||
| 414 | if(!ctx->dir_load || ((num = sk_num(ctx->dirs)) < 1)) | ||
| 415 | return 0; | ||
| 416 | for(loop = 0; loop < num; loop++) | ||
| 417 | { | ||
| 418 | const char *s = sk_value(ctx->dirs, loop); | ||
| 419 | char *merge = DSO_merge(ctx->dynamic_dso, ctx->DYNAMIC_LIBNAME, s); | ||
| 420 | if(!merge) | ||
| 421 | return 0; | ||
| 422 | if(DSO_load(ctx->dynamic_dso, merge, NULL, 0)) | ||
| 423 | { | ||
| 424 | /* Found what we're looking for */ | ||
| 425 | OPENSSL_free(merge); | ||
| 426 | return 1; | ||
| 427 | } | ||
| 428 | OPENSSL_free(merge); | ||
| 429 | } | ||
| 430 | return 0; | ||
| 431 | } | ||
| 432 | |||
| 356 | static int dynamic_load(ENGINE *e, dynamic_data_ctx *ctx) | 433 | static int dynamic_load(ENGINE *e, dynamic_data_ctx *ctx) |
| 357 | { | 434 | { |
| 358 | ENGINE cpy; | 435 | ENGINE cpy; |
| 359 | dynamic_fns fns; | 436 | dynamic_fns fns; |
| 360 | 437 | ||
| 361 | if(!ctx->DYNAMIC_LIBNAME || ((ctx->dynamic_dso = DSO_load(NULL, | 438 | if(!ctx->dynamic_dso) |
| 362 | ctx->DYNAMIC_LIBNAME, NULL, 0)) == NULL)) | 439 | ctx->dynamic_dso = DSO_new(); |
| 440 | if(!ctx->DYNAMIC_LIBNAME) | ||
| 441 | { | ||
| 442 | if(!ctx->engine_id) | ||
| 443 | return 0; | ||
| 444 | ctx->DYNAMIC_LIBNAME = | ||
| 445 | DSO_convert_filename(ctx->dynamic_dso, ctx->engine_id); | ||
| 446 | } | ||
| 447 | if(!int_load(ctx)) | ||
| 363 | { | 448 | { |
| 364 | ENGINEerr(ENGINE_F_DYNAMIC_LOAD, | 449 | ENGINEerr(ENGINE_F_DYNAMIC_LOAD, |
| 365 | ENGINE_R_DSO_NOT_FOUND); | 450 | ENGINE_R_DSO_NOT_FOUND); |
| 451 | DSO_free(ctx->dynamic_dso); | ||
| 452 | ctx->dynamic_dso = NULL; | ||
| 366 | return 0; | 453 | return 0; |
| 367 | } | 454 | } |
| 368 | /* We have to find a bind function otherwise it'll always end badly */ | 455 | /* We have to find a bind function otherwise it'll always end badly */ |
| @@ -409,6 +496,7 @@ static int dynamic_load(ENGINE *e, dynamic_data_ctx *ctx) | |||
| 409 | * engine.h, much of this would be simplified if each area of code | 496 | * engine.h, much of this would be simplified if each area of code |
| 410 | * provided its own "summary" structure of all related callbacks. It | 497 | * provided its own "summary" structure of all related callbacks. It |
| 411 | * would also increase opaqueness. */ | 498 | * would also increase opaqueness. */ |
| 499 | fns.static_state = ENGINE_get_static_state(); | ||
| 412 | fns.err_fns = ERR_get_implementation(); | 500 | fns.err_fns = ERR_get_implementation(); |
| 413 | fns.ex_data_fns = CRYPTO_get_ex_data_implementation(); | 501 | fns.ex_data_fns = CRYPTO_get_ex_data_implementation(); |
| 414 | CRYPTO_get_mem_functions(&fns.mem_fns.malloc_cb, | 502 | CRYPTO_get_mem_functions(&fns.mem_fns.malloc_cb, |
diff --git a/src/lib/libssl/src/crypto/engine/eng_err.c b/src/lib/libssl/src/crypto/engine/eng_err.c index fdc0e7be0f..369f2e22d3 100644 --- a/src/lib/libssl/src/crypto/engine/eng_err.c +++ b/src/lib/libssl/src/crypto/engine/eng_err.c | |||
| @@ -73,6 +73,7 @@ static ERR_STRING_DATA ENGINE_str_functs[]= | |||
| 73 | {ERR_FUNC(ENGINE_F_DYNAMIC_CTRL), "DYNAMIC_CTRL"}, | 73 | {ERR_FUNC(ENGINE_F_DYNAMIC_CTRL), "DYNAMIC_CTRL"}, |
| 74 | {ERR_FUNC(ENGINE_F_DYNAMIC_GET_DATA_CTX), "DYNAMIC_GET_DATA_CTX"}, | 74 | {ERR_FUNC(ENGINE_F_DYNAMIC_GET_DATA_CTX), "DYNAMIC_GET_DATA_CTX"}, |
| 75 | {ERR_FUNC(ENGINE_F_DYNAMIC_LOAD), "DYNAMIC_LOAD"}, | 75 | {ERR_FUNC(ENGINE_F_DYNAMIC_LOAD), "DYNAMIC_LOAD"}, |
| 76 | {ERR_FUNC(ENGINE_F_DYNAMIC_SET_DATA_CTX), "DYNAMIC_SET_DATA_CTX"}, | ||
| 76 | {ERR_FUNC(ENGINE_F_ENGINE_ADD), "ENGINE_add"}, | 77 | {ERR_FUNC(ENGINE_F_ENGINE_ADD), "ENGINE_add"}, |
| 77 | {ERR_FUNC(ENGINE_F_ENGINE_BY_ID), "ENGINE_by_id"}, | 78 | {ERR_FUNC(ENGINE_F_ENGINE_BY_ID), "ENGINE_by_id"}, |
| 78 | {ERR_FUNC(ENGINE_F_ENGINE_CMD_IS_EXECUTABLE), "ENGINE_cmd_is_executable"}, | 79 | {ERR_FUNC(ENGINE_F_ENGINE_CMD_IS_EXECUTABLE), "ENGINE_cmd_is_executable"}, |
| @@ -80,7 +81,7 @@ static ERR_STRING_DATA ENGINE_str_functs[]= | |||
| 80 | {ERR_FUNC(ENGINE_F_ENGINE_CTRL_CMD), "ENGINE_ctrl_cmd"}, | 81 | {ERR_FUNC(ENGINE_F_ENGINE_CTRL_CMD), "ENGINE_ctrl_cmd"}, |
| 81 | {ERR_FUNC(ENGINE_F_ENGINE_CTRL_CMD_STRING), "ENGINE_ctrl_cmd_string"}, | 82 | {ERR_FUNC(ENGINE_F_ENGINE_CTRL_CMD_STRING), "ENGINE_ctrl_cmd_string"}, |
| 82 | {ERR_FUNC(ENGINE_F_ENGINE_FINISH), "ENGINE_finish"}, | 83 | {ERR_FUNC(ENGINE_F_ENGINE_FINISH), "ENGINE_finish"}, |
| 83 | {ERR_FUNC(ENGINE_F_ENGINE_FREE), "ENGINE_free"}, | 84 | {ERR_FUNC(ENGINE_F_ENGINE_FREE_UTIL), "ENGINE_FREE_UTIL"}, |
| 84 | {ERR_FUNC(ENGINE_F_ENGINE_GET_CIPHER), "ENGINE_get_cipher"}, | 85 | {ERR_FUNC(ENGINE_F_ENGINE_GET_CIPHER), "ENGINE_get_cipher"}, |
| 85 | {ERR_FUNC(ENGINE_F_ENGINE_GET_DEFAULT_TYPE), "ENGINE_GET_DEFAULT_TYPE"}, | 86 | {ERR_FUNC(ENGINE_F_ENGINE_GET_DEFAULT_TYPE), "ENGINE_GET_DEFAULT_TYPE"}, |
| 86 | {ERR_FUNC(ENGINE_F_ENGINE_GET_DIGEST), "ENGINE_get_digest"}, | 87 | {ERR_FUNC(ENGINE_F_ENGINE_GET_DIGEST), "ENGINE_get_digest"}, |
| @@ -91,7 +92,6 @@ static ERR_STRING_DATA ENGINE_str_functs[]= | |||
| 91 | {ERR_FUNC(ENGINE_F_ENGINE_LIST_REMOVE), "ENGINE_LIST_REMOVE"}, | 92 | {ERR_FUNC(ENGINE_F_ENGINE_LIST_REMOVE), "ENGINE_LIST_REMOVE"}, |
| 92 | {ERR_FUNC(ENGINE_F_ENGINE_LOAD_PRIVATE_KEY), "ENGINE_load_private_key"}, | 93 | {ERR_FUNC(ENGINE_F_ENGINE_LOAD_PRIVATE_KEY), "ENGINE_load_private_key"}, |
| 93 | {ERR_FUNC(ENGINE_F_ENGINE_LOAD_PUBLIC_KEY), "ENGINE_load_public_key"}, | 94 | {ERR_FUNC(ENGINE_F_ENGINE_LOAD_PUBLIC_KEY), "ENGINE_load_public_key"}, |
| 94 | {ERR_FUNC(ENGINE_F_ENGINE_MODULE_INIT), "ENGINE_MODULE_INIT"}, | ||
| 95 | {ERR_FUNC(ENGINE_F_ENGINE_NEW), "ENGINE_new"}, | 95 | {ERR_FUNC(ENGINE_F_ENGINE_NEW), "ENGINE_new"}, |
| 96 | {ERR_FUNC(ENGINE_F_ENGINE_REMOVE), "ENGINE_remove"}, | 96 | {ERR_FUNC(ENGINE_F_ENGINE_REMOVE), "ENGINE_remove"}, |
| 97 | {ERR_FUNC(ENGINE_F_ENGINE_SET_DEFAULT_STRING), "ENGINE_set_default_string"}, | 97 | {ERR_FUNC(ENGINE_F_ENGINE_SET_DEFAULT_STRING), "ENGINE_set_default_string"}, |
| @@ -100,11 +100,12 @@ static ERR_STRING_DATA ENGINE_str_functs[]= | |||
| 100 | {ERR_FUNC(ENGINE_F_ENGINE_SET_NAME), "ENGINE_set_name"}, | 100 | {ERR_FUNC(ENGINE_F_ENGINE_SET_NAME), "ENGINE_set_name"}, |
| 101 | {ERR_FUNC(ENGINE_F_ENGINE_TABLE_REGISTER), "ENGINE_TABLE_REGISTER"}, | 101 | {ERR_FUNC(ENGINE_F_ENGINE_TABLE_REGISTER), "ENGINE_TABLE_REGISTER"}, |
| 102 | {ERR_FUNC(ENGINE_F_ENGINE_UNLOAD_KEY), "ENGINE_UNLOAD_KEY"}, | 102 | {ERR_FUNC(ENGINE_F_ENGINE_UNLOAD_KEY), "ENGINE_UNLOAD_KEY"}, |
| 103 | {ERR_FUNC(ENGINE_F_ENGINE_UNLOCKED_FINISH), "ENGINE_UNLOCKED_FINISH"}, | ||
| 103 | {ERR_FUNC(ENGINE_F_ENGINE_UP_REF), "ENGINE_up_ref"}, | 104 | {ERR_FUNC(ENGINE_F_ENGINE_UP_REF), "ENGINE_up_ref"}, |
| 104 | {ERR_FUNC(ENGINE_F_INT_CTRL_HELPER), "INT_CTRL_HELPER"}, | 105 | {ERR_FUNC(ENGINE_F_INT_CTRL_HELPER), "INT_CTRL_HELPER"}, |
| 105 | {ERR_FUNC(ENGINE_F_INT_ENGINE_CONFIGURE), "INT_ENGINE_CONFIGURE"}, | 106 | {ERR_FUNC(ENGINE_F_INT_ENGINE_CONFIGURE), "INT_ENGINE_CONFIGURE"}, |
| 107 | {ERR_FUNC(ENGINE_F_INT_ENGINE_MODULE_INIT), "INT_ENGINE_MODULE_INIT"}, | ||
| 106 | {ERR_FUNC(ENGINE_F_LOG_MESSAGE), "LOG_MESSAGE"}, | 108 | {ERR_FUNC(ENGINE_F_LOG_MESSAGE), "LOG_MESSAGE"}, |
| 107 | {ERR_FUNC(ENGINE_F_SET_DATA_CTX), "SET_DATA_CTX"}, | ||
| 108 | {0,NULL} | 109 | {0,NULL} |
| 109 | }; | 110 | }; |
| 110 | 111 | ||
| @@ -156,15 +157,12 @@ static ERR_STRING_DATA ENGINE_str_reasons[]= | |||
| 156 | 157 | ||
| 157 | void ERR_load_ENGINE_strings(void) | 158 | void ERR_load_ENGINE_strings(void) |
| 158 | { | 159 | { |
| 159 | static int init=1; | 160 | #ifndef OPENSSL_NO_ERR |
| 160 | 161 | ||
| 161 | if (init) | 162 | if (ERR_func_error_string(ENGINE_str_functs[0].error) == NULL) |
| 162 | { | 163 | { |
| 163 | init=0; | ||
| 164 | #ifndef OPENSSL_NO_ERR | ||
| 165 | ERR_load_strings(0,ENGINE_str_functs); | 164 | ERR_load_strings(0,ENGINE_str_functs); |
| 166 | ERR_load_strings(0,ENGINE_str_reasons); | 165 | ERR_load_strings(0,ENGINE_str_reasons); |
| 167 | #endif | ||
| 168 | |||
| 169 | } | 166 | } |
| 167 | #endif | ||
| 170 | } | 168 | } |
diff --git a/src/lib/libssl/src/crypto/engine/eng_fat.c b/src/lib/libssl/src/crypto/engine/eng_fat.c index 7ccf7022ee..27c1662f62 100644 --- a/src/lib/libssl/src/crypto/engine/eng_fat.c +++ b/src/lib/libssl/src/crypto/engine/eng_fat.c | |||
| @@ -52,11 +52,13 @@ | |||
| 52 | * Hudson (tjh@cryptsoft.com). | 52 | * Hudson (tjh@cryptsoft.com). |
| 53 | * | 53 | * |
| 54 | */ | 54 | */ |
| 55 | /* ==================================================================== | ||
| 56 | * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. | ||
| 57 | * ECDH support in OpenSSL originally developed by | ||
| 58 | * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. | ||
| 59 | */ | ||
| 55 | 60 | ||
| 56 | #include <openssl/crypto.h> | ||
| 57 | #include "cryptlib.h" | ||
| 58 | #include "eng_int.h" | 61 | #include "eng_int.h" |
| 59 | #include <openssl/engine.h> | ||
| 60 | #include <openssl/conf.h> | 62 | #include <openssl/conf.h> |
| 61 | 63 | ||
| 62 | int ENGINE_set_default(ENGINE *e, unsigned int flags) | 64 | int ENGINE_set_default(ENGINE *e, unsigned int flags) |
| @@ -77,6 +79,14 @@ int ENGINE_set_default(ENGINE *e, unsigned int flags) | |||
| 77 | if((flags & ENGINE_METHOD_DH) && !ENGINE_set_default_DH(e)) | 79 | if((flags & ENGINE_METHOD_DH) && !ENGINE_set_default_DH(e)) |
| 78 | return 0; | 80 | return 0; |
| 79 | #endif | 81 | #endif |
| 82 | #ifndef OPENSSL_NO_ECDH | ||
| 83 | if((flags & ENGINE_METHOD_ECDH) && !ENGINE_set_default_ECDH(e)) | ||
| 84 | return 0; | ||
| 85 | #endif | ||
| 86 | #ifndef OPENSSL_NO_ECDSA | ||
| 87 | if((flags & ENGINE_METHOD_ECDSA) && !ENGINE_set_default_ECDSA(e)) | ||
| 88 | return 0; | ||
| 89 | #endif | ||
| 80 | if((flags & ENGINE_METHOD_RAND) && !ENGINE_set_default_RAND(e)) | 90 | if((flags & ENGINE_METHOD_RAND) && !ENGINE_set_default_RAND(e)) |
| 81 | return 0; | 91 | return 0; |
| 82 | return 1; | 92 | return 1; |
| @@ -93,6 +103,10 @@ static int int_def_cb(const char *alg, int len, void *arg) | |||
| 93 | *pflags |= ENGINE_METHOD_RSA; | 103 | *pflags |= ENGINE_METHOD_RSA; |
| 94 | else if (!strncmp(alg, "DSA", len)) | 104 | else if (!strncmp(alg, "DSA", len)) |
| 95 | *pflags |= ENGINE_METHOD_DSA; | 105 | *pflags |= ENGINE_METHOD_DSA; |
| 106 | else if (!strncmp(alg, "ECDH", len)) | ||
| 107 | *pflags |= ENGINE_METHOD_ECDH; | ||
| 108 | else if (!strncmp(alg, "ECDSA", len)) | ||
| 109 | *pflags |= ENGINE_METHOD_ECDSA; | ||
| 96 | else if (!strncmp(alg, "DH", len)) | 110 | else if (!strncmp(alg, "DH", len)) |
| 97 | *pflags |= ENGINE_METHOD_DH; | 111 | *pflags |= ENGINE_METHOD_DH; |
| 98 | else if (!strncmp(alg, "RAND", len)) | 112 | else if (!strncmp(alg, "RAND", len)) |
| @@ -133,6 +147,12 @@ int ENGINE_register_complete(ENGINE *e) | |||
| 133 | #ifndef OPENSSL_NO_DH | 147 | #ifndef OPENSSL_NO_DH |
| 134 | ENGINE_register_DH(e); | 148 | ENGINE_register_DH(e); |
| 135 | #endif | 149 | #endif |
| 150 | #ifndef OPENSSL_NO_ECDH | ||
| 151 | ENGINE_register_ECDH(e); | ||
| 152 | #endif | ||
| 153 | #ifndef OPENSSL_NO_ECDSA | ||
| 154 | ENGINE_register_ECDSA(e); | ||
| 155 | #endif | ||
| 136 | ENGINE_register_RAND(e); | 156 | ENGINE_register_RAND(e); |
| 137 | return 1; | 157 | return 1; |
| 138 | } | 158 | } |
diff --git a/src/lib/libssl/src/crypto/engine/eng_init.c b/src/lib/libssl/src/crypto/engine/eng_init.c index 170c1791b3..7633cf5f1d 100644 --- a/src/lib/libssl/src/crypto/engine/eng_init.c +++ b/src/lib/libssl/src/crypto/engine/eng_init.c | |||
| @@ -53,10 +53,7 @@ | |||
| 53 | * | 53 | * |
| 54 | */ | 54 | */ |
| 55 | 55 | ||
| 56 | #include <openssl/crypto.h> | ||
| 57 | #include "cryptlib.h" | ||
| 58 | #include "eng_int.h" | 56 | #include "eng_int.h" |
| 59 | #include <openssl/engine.h> | ||
| 60 | 57 | ||
| 61 | /* Initialise a engine type for use (or up its functional reference count | 58 | /* Initialise a engine type for use (or up its functional reference count |
| 62 | * if it's already in use). This version is only used internally. */ | 59 | * if it's already in use). This version is only used internally. */ |
| @@ -114,7 +111,7 @@ int engine_unlocked_finish(ENGINE *e, int unlock_for_handlers) | |||
| 114 | /* Release the structural reference too */ | 111 | /* Release the structural reference too */ |
| 115 | if(!engine_free_util(e, 0)) | 112 | if(!engine_free_util(e, 0)) |
| 116 | { | 113 | { |
| 117 | ENGINEerr(ENGINE_F_ENGINE_FINISH,ENGINE_R_FINISH_FAILED); | 114 | ENGINEerr(ENGINE_F_ENGINE_UNLOCKED_FINISH,ENGINE_R_FINISH_FAILED); |
| 118 | return 0; | 115 | return 0; |
| 119 | } | 116 | } |
| 120 | return to_return; | 117 | return to_return; |
diff --git a/src/lib/libssl/src/crypto/engine/eng_int.h b/src/lib/libssl/src/crypto/engine/eng_int.h index 38335f99cd..a5b1edebf4 100644 --- a/src/lib/libssl/src/crypto/engine/eng_int.h +++ b/src/lib/libssl/src/crypto/engine/eng_int.h | |||
| @@ -55,10 +55,16 @@ | |||
| 55 | * Hudson (tjh@cryptsoft.com). | 55 | * Hudson (tjh@cryptsoft.com). |
| 56 | * | 56 | * |
| 57 | */ | 57 | */ |
| 58 | /* ==================================================================== | ||
| 59 | * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. | ||
| 60 | * ECDH support in OpenSSL originally developed by | ||
| 61 | * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. | ||
| 62 | */ | ||
| 58 | 63 | ||
| 59 | #ifndef HEADER_ENGINE_INT_H | 64 | #ifndef HEADER_ENGINE_INT_H |
| 60 | #define HEADER_ENGINE_INT_H | 65 | #define HEADER_ENGINE_INT_H |
| 61 | 66 | ||
| 67 | #include "cryptlib.h" | ||
| 62 | /* Take public definitions from engine.h */ | 68 | /* Take public definitions from engine.h */ |
| 63 | #include <openssl/engine.h> | 69 | #include <openssl/engine.h> |
| 64 | 70 | ||
| @@ -146,7 +152,10 @@ struct engine_st | |||
| 146 | const RSA_METHOD *rsa_meth; | 152 | const RSA_METHOD *rsa_meth; |
| 147 | const DSA_METHOD *dsa_meth; | 153 | const DSA_METHOD *dsa_meth; |
| 148 | const DH_METHOD *dh_meth; | 154 | const DH_METHOD *dh_meth; |
| 155 | const ECDH_METHOD *ecdh_meth; | ||
| 156 | const ECDSA_METHOD *ecdsa_meth; | ||
| 149 | const RAND_METHOD *rand_meth; | 157 | const RAND_METHOD *rand_meth; |
| 158 | const STORE_METHOD *store_meth; | ||
| 150 | /* Cipher handling is via this callback */ | 159 | /* Cipher handling is via this callback */ |
| 151 | ENGINE_CIPHERS_PTR ciphers; | 160 | ENGINE_CIPHERS_PTR ciphers; |
| 152 | /* Digest handling is via this callback */ | 161 | /* Digest handling is via this callback */ |
diff --git a/src/lib/libssl/src/crypto/engine/eng_lib.c b/src/lib/libssl/src/crypto/engine/eng_lib.c index a66d0f08af..5815b867f4 100644 --- a/src/lib/libssl/src/crypto/engine/eng_lib.c +++ b/src/lib/libssl/src/crypto/engine/eng_lib.c | |||
| @@ -56,11 +56,8 @@ | |||
| 56 | * | 56 | * |
| 57 | */ | 57 | */ |
| 58 | 58 | ||
| 59 | #include <openssl/crypto.h> | ||
| 60 | #include "cryptlib.h" | ||
| 61 | #include "eng_int.h" | 59 | #include "eng_int.h" |
| 62 | #include <openssl/rand.h> /* FIXME: This shouldn't be needed */ | 60 | #include <openssl/rand.h> |
| 63 | #include <openssl/engine.h> | ||
| 64 | 61 | ||
| 65 | /* The "new"/"free" stuff first */ | 62 | /* The "new"/"free" stuff first */ |
| 66 | 63 | ||
| @@ -92,6 +89,7 @@ void engine_set_all_null(ENGINE *e) | |||
| 92 | e->dsa_meth = NULL; | 89 | e->dsa_meth = NULL; |
| 93 | e->dh_meth = NULL; | 90 | e->dh_meth = NULL; |
| 94 | e->rand_meth = NULL; | 91 | e->rand_meth = NULL; |
| 92 | e->store_meth = NULL; | ||
| 95 | e->ciphers = NULL; | 93 | e->ciphers = NULL; |
| 96 | e->digests = NULL; | 94 | e->digests = NULL; |
| 97 | e->destroy = NULL; | 95 | e->destroy = NULL; |
| @@ -110,7 +108,7 @@ int engine_free_util(ENGINE *e, int locked) | |||
| 110 | 108 | ||
| 111 | if(e == NULL) | 109 | if(e == NULL) |
| 112 | { | 110 | { |
| 113 | ENGINEerr(ENGINE_F_ENGINE_FREE, | 111 | ENGINEerr(ENGINE_F_ENGINE_FREE_UTIL, |
| 114 | ERR_R_PASSED_NULL_PARAMETER); | 112 | ERR_R_PASSED_NULL_PARAMETER); |
| 115 | return 0; | 113 | return 0; |
| 116 | } | 114 | } |
| @@ -319,3 +317,13 @@ const ENGINE_CMD_DEFN *ENGINE_get_cmd_defns(const ENGINE *e) | |||
| 319 | { | 317 | { |
| 320 | return e->cmd_defns; | 318 | return e->cmd_defns; |
| 321 | } | 319 | } |
| 320 | |||
| 321 | /* eng_lib.o is pretty much linked into anything that touches ENGINE already, so | ||
| 322 | * put the "static_state" hack here. */ | ||
| 323 | |||
| 324 | static int internal_static_hack = 0; | ||
| 325 | |||
| 326 | void *ENGINE_get_static_state(void) | ||
| 327 | { | ||
| 328 | return &internal_static_hack; | ||
| 329 | } | ||
diff --git a/src/lib/libssl/src/crypto/engine/eng_list.c b/src/lib/libssl/src/crypto/engine/eng_list.c index 1cc3217f4c..bd511944ba 100644 --- a/src/lib/libssl/src/crypto/engine/eng_list.c +++ b/src/lib/libssl/src/crypto/engine/eng_list.c | |||
| @@ -55,11 +55,13 @@ | |||
| 55 | * Hudson (tjh@cryptsoft.com). | 55 | * Hudson (tjh@cryptsoft.com). |
| 56 | * | 56 | * |
| 57 | */ | 57 | */ |
| 58 | /* ==================================================================== | ||
| 59 | * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. | ||
| 60 | * ECDH support in OpenSSL originally developed by | ||
| 61 | * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. | ||
| 62 | */ | ||
| 58 | 63 | ||
| 59 | #include <openssl/crypto.h> | ||
| 60 | #include "cryptlib.h" | ||
| 61 | #include "eng_int.h" | 64 | #include "eng_int.h" |
| 62 | #include <openssl/engine.h> | ||
| 63 | 65 | ||
| 64 | /* The linked-list of pointers to engine types. engine_list_head | 66 | /* The linked-list of pointers to engine types. engine_list_head |
| 65 | * incorporates an implicit structural reference but engine_list_tail | 67 | * incorporates an implicit structural reference but engine_list_tail |
| @@ -324,7 +326,14 @@ static void engine_cpy(ENGINE *dest, const ENGINE *src) | |||
| 324 | #ifndef OPENSSL_NO_DH | 326 | #ifndef OPENSSL_NO_DH |
| 325 | dest->dh_meth = src->dh_meth; | 327 | dest->dh_meth = src->dh_meth; |
| 326 | #endif | 328 | #endif |
| 329 | #ifndef OPENSSL_NO_ECDH | ||
| 330 | dest->ecdh_meth = src->ecdh_meth; | ||
| 331 | #endif | ||
| 332 | #ifndef OPENSSL_NO_ECDSA | ||
| 333 | dest->ecdsa_meth = src->ecdsa_meth; | ||
| 334 | #endif | ||
| 327 | dest->rand_meth = src->rand_meth; | 335 | dest->rand_meth = src->rand_meth; |
| 336 | dest->store_meth = src->store_meth; | ||
| 328 | dest->ciphers = src->ciphers; | 337 | dest->ciphers = src->ciphers; |
| 329 | dest->digests = src->digests; | 338 | dest->digests = src->digests; |
| 330 | dest->destroy = src->destroy; | 339 | dest->destroy = src->destroy; |
| @@ -340,6 +349,7 @@ static void engine_cpy(ENGINE *dest, const ENGINE *src) | |||
| 340 | ENGINE *ENGINE_by_id(const char *id) | 349 | ENGINE *ENGINE_by_id(const char *id) |
| 341 | { | 350 | { |
| 342 | ENGINE *iterator; | 351 | ENGINE *iterator; |
| 352 | char *load_dir = NULL; | ||
| 343 | if(id == NULL) | 353 | if(id == NULL) |
| 344 | { | 354 | { |
| 345 | ENGINEerr(ENGINE_F_ENGINE_BY_ID, | 355 | ENGINEerr(ENGINE_F_ENGINE_BY_ID, |
| @@ -373,6 +383,7 @@ ENGINE *ENGINE_by_id(const char *id) | |||
| 373 | } | 383 | } |
| 374 | } | 384 | } |
| 375 | CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); | 385 | CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); |
| 386 | #if 0 | ||
| 376 | if(iterator == NULL) | 387 | if(iterator == NULL) |
| 377 | { | 388 | { |
| 378 | ENGINEerr(ENGINE_F_ENGINE_BY_ID, | 389 | ENGINEerr(ENGINE_F_ENGINE_BY_ID, |
| @@ -380,6 +391,32 @@ ENGINE *ENGINE_by_id(const char *id) | |||
| 380 | ERR_add_error_data(2, "id=", id); | 391 | ERR_add_error_data(2, "id=", id); |
| 381 | } | 392 | } |
| 382 | return iterator; | 393 | return iterator; |
| 394 | #else | ||
| 395 | /* EEK! Experimental code starts */ | ||
| 396 | if(iterator) return iterator; | ||
| 397 | /* Prevent infinite recusrion if we're looking for the dynamic engine. */ | ||
| 398 | if (strcmp(id, "dynamic")) | ||
| 399 | { | ||
| 400 | #ifdef OPENSSL_SYS_VMS | ||
| 401 | if((load_dir = getenv("OPENSSL_ENGINES")) == 0) load_dir = "SSLROOT:[ENGINES]"; | ||
| 402 | #else | ||
| 403 | if((load_dir = getenv("OPENSSL_ENGINES")) == 0) load_dir = ENGINESDIR; | ||
| 404 | #endif | ||
| 405 | iterator = ENGINE_by_id("dynamic"); | ||
| 406 | if(!iterator || !ENGINE_ctrl_cmd_string(iterator, "ID", id, 0) || | ||
| 407 | !ENGINE_ctrl_cmd_string(iterator, "DIR_LOAD", "2", 0) || | ||
| 408 | !ENGINE_ctrl_cmd_string(iterator, "DIR_ADD", | ||
| 409 | load_dir, 0) || | ||
| 410 | !ENGINE_ctrl_cmd_string(iterator, "LOAD", NULL, 0)) | ||
| 411 | goto notfound; | ||
| 412 | return iterator; | ||
| 413 | } | ||
| 414 | notfound: | ||
| 415 | ENGINEerr(ENGINE_F_ENGINE_BY_ID,ENGINE_R_NO_SUCH_ENGINE); | ||
| 416 | ERR_add_error_data(2, "id=", id); | ||
| 417 | return NULL; | ||
| 418 | /* EEK! Experimental code ends */ | ||
| 419 | #endif | ||
| 383 | } | 420 | } |
| 384 | 421 | ||
| 385 | int ENGINE_up_ref(ENGINE *e) | 422 | int ENGINE_up_ref(ENGINE *e) |
diff --git a/src/lib/libssl/src/crypto/engine/eng_openssl.c b/src/lib/libssl/src/crypto/engine/eng_openssl.c index 54579eea2e..7c139ae2ef 100644 --- a/src/lib/libssl/src/crypto/engine/eng_openssl.c +++ b/src/lib/libssl/src/crypto/engine/eng_openssl.c | |||
| @@ -55,6 +55,11 @@ | |||
| 55 | * Hudson (tjh@cryptsoft.com). | 55 | * Hudson (tjh@cryptsoft.com). |
| 56 | * | 56 | * |
| 57 | */ | 57 | */ |
| 58 | /* ==================================================================== | ||
| 59 | * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. | ||
| 60 | * ECDH support in OpenSSL originally developed by | ||
| 61 | * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. | ||
| 62 | */ | ||
| 58 | 63 | ||
| 59 | 64 | ||
| 60 | #include <stdio.h> | 65 | #include <stdio.h> |
| @@ -64,6 +69,16 @@ | |||
| 64 | #include <openssl/dso.h> | 69 | #include <openssl/dso.h> |
| 65 | #include <openssl/pem.h> | 70 | #include <openssl/pem.h> |
| 66 | #include <openssl/evp.h> | 71 | #include <openssl/evp.h> |
| 72 | #include <openssl/rand.h> | ||
| 73 | #ifndef OPENSSL_NO_RSA | ||
| 74 | #include <openssl/rsa.h> | ||
| 75 | #endif | ||
| 76 | #ifndef OPENSSL_NO_DSA | ||
| 77 | #include <openssl/dsa.h> | ||
| 78 | #endif | ||
| 79 | #ifndef OPENSSL_NO_DH | ||
| 80 | #include <openssl/dh.h> | ||
| 81 | #endif | ||
| 67 | 82 | ||
| 68 | /* This testing gunk is implemented (and explained) lower down. It also assumes | 83 | /* This testing gunk is implemented (and explained) lower down. It also assumes |
| 69 | * the application explicitly calls "ENGINE_load_openssl()" because this is no | 84 | * the application explicitly calls "ENGINE_load_openssl()" because this is no |
| @@ -125,6 +140,12 @@ static int bind_helper(ENGINE *e) | |||
| 125 | #ifndef OPENSSL_NO_DSA | 140 | #ifndef OPENSSL_NO_DSA |
| 126 | || !ENGINE_set_DSA(e, DSA_get_default_method()) | 141 | || !ENGINE_set_DSA(e, DSA_get_default_method()) |
| 127 | #endif | 142 | #endif |
| 143 | #ifndef OPENSSL_NO_ECDH | ||
| 144 | || !ENGINE_set_ECDH(e, ECDH_OpenSSL()) | ||
| 145 | #endif | ||
| 146 | #ifndef OPENSSL_NO_ECDSA | ||
| 147 | || !ENGINE_set_ECDSA(e, ECDSA_OpenSSL()) | ||
| 148 | #endif | ||
| 128 | #ifndef OPENSSL_NO_DH | 149 | #ifndef OPENSSL_NO_DH |
| 129 | || !ENGINE_set_DH(e, DH_get_default_method()) | 150 | || !ENGINE_set_DH(e, DH_get_default_method()) |
| 130 | #endif | 151 | #endif |
| @@ -236,6 +257,7 @@ static const EVP_CIPHER test_r4_cipher= | |||
| 236 | sizeof(TEST_RC4_KEY), | 257 | sizeof(TEST_RC4_KEY), |
| 237 | NULL, | 258 | NULL, |
| 238 | NULL, | 259 | NULL, |
| 260 | NULL, | ||
| 239 | NULL | 261 | NULL |
| 240 | }; | 262 | }; |
| 241 | static const EVP_CIPHER test_r4_40_cipher= | 263 | static const EVP_CIPHER test_r4_40_cipher= |
| @@ -249,6 +271,7 @@ static const EVP_CIPHER test_r4_40_cipher= | |||
| 249 | sizeof(TEST_RC4_KEY), | 271 | sizeof(TEST_RC4_KEY), |
| 250 | NULL, | 272 | NULL, |
| 251 | NULL, | 273 | NULL, |
| 274 | NULL, | ||
| 252 | NULL | 275 | NULL |
| 253 | }; | 276 | }; |
| 254 | static int openssl_ciphers(ENGINE *e, const EVP_CIPHER **cipher, | 277 | static int openssl_ciphers(ENGINE *e, const EVP_CIPHER **cipher, |
| @@ -290,7 +313,7 @@ static int test_sha1_init(EVP_MD_CTX *ctx) | |||
| 290 | #endif | 313 | #endif |
| 291 | return SHA1_Init(ctx->md_data); | 314 | return SHA1_Init(ctx->md_data); |
| 292 | } | 315 | } |
| 293 | static int test_sha1_update(EVP_MD_CTX *ctx,const void *data,unsigned long count) | 316 | static int test_sha1_update(EVP_MD_CTX *ctx,const void *data,size_t count) |
| 294 | { | 317 | { |
| 295 | #ifdef TEST_ENG_OPENSSL_SHA_P_UPDATE | 318 | #ifdef TEST_ENG_OPENSSL_SHA_P_UPDATE |
| 296 | fprintf(stderr, "(TEST_ENG_OPENSSL_SHA) test_sha1_update() called\n"); | 319 | fprintf(stderr, "(TEST_ENG_OPENSSL_SHA) test_sha1_update() called\n"); |
diff --git a/src/lib/libssl/src/crypto/engine/eng_pkey.c b/src/lib/libssl/src/crypto/engine/eng_pkey.c index 8c69171511..bc8b21abec 100644 --- a/src/lib/libssl/src/crypto/engine/eng_pkey.c +++ b/src/lib/libssl/src/crypto/engine/eng_pkey.c | |||
| @@ -53,10 +53,7 @@ | |||
| 53 | * | 53 | * |
| 54 | */ | 54 | */ |
| 55 | 55 | ||
| 56 | #include <openssl/crypto.h> | ||
| 57 | #include "cryptlib.h" | ||
| 58 | #include "eng_int.h" | 56 | #include "eng_int.h" |
| 59 | #include <openssl/engine.h> | ||
| 60 | 57 | ||
| 61 | /* Basic get/set stuff */ | 58 | /* Basic get/set stuff */ |
| 62 | 59 | ||
diff --git a/src/lib/libssl/src/crypto/engine/eng_table.c b/src/lib/libssl/src/crypto/engine/eng_table.c index c69a84a8bf..8879a267d1 100644 --- a/src/lib/libssl/src/crypto/engine/eng_table.c +++ b/src/lib/libssl/src/crypto/engine/eng_table.c | |||
| @@ -52,49 +52,31 @@ | |||
| 52 | * | 52 | * |
| 53 | */ | 53 | */ |
| 54 | 54 | ||
| 55 | #include "cryptlib.h" | ||
| 55 | #include <openssl/evp.h> | 56 | #include <openssl/evp.h> |
| 56 | #include <openssl/engine.h> | 57 | #include <openssl/lhash.h> |
| 57 | #include "eng_int.h" | 58 | #include "eng_int.h" |
| 58 | 59 | ||
| 59 | /* This is the type of item in the 'implementation' table. Each 'nid' hashes to | ||
| 60 | * a (potentially NULL) ENGINE_PILE structure which contains a stack of ENGINE* | ||
| 61 | * pointers. These pointers aren't references, because they're inserted and | ||
| 62 | * removed during ENGINE creation and ENGINE destruction. They point to ENGINEs | ||
| 63 | * that *exist* (ie. have a structural reference count greater than zero) rather | ||
| 64 | * than ENGINEs that are *functional*. Each pointer in those stacks are to | ||
| 65 | * ENGINEs that implements the algorithm corresponding to each 'nid'. */ | ||
| 66 | |||
| 67 | /* The type of the items in the table */ | 60 | /* The type of the items in the table */ |
| 68 | typedef struct st_engine_pile | 61 | typedef struct st_engine_pile |
| 69 | { | 62 | { |
| 70 | /* The 'nid' of the algorithm/mode this ENGINE_PILE structure represents | 63 | /* The 'nid' of this algorithm/mode */ |
| 71 | * */ | ||
| 72 | int nid; | 64 | int nid; |
| 73 | /* A stack of ENGINE pointers for ENGINEs that support this | 65 | /* ENGINEs that implement this algorithm/mode. */ |
| 74 | * algorithm/mode. In the event that 'funct' is NULL, the first entry in | ||
| 75 | * this stack that initialises will be set as 'funct' and assumed as the | ||
| 76 | * default for operations of this type. */ | ||
| 77 | STACK_OF(ENGINE) *sk; | 66 | STACK_OF(ENGINE) *sk; |
| 78 | /* The default ENGINE to perform this algorithm/mode. */ | 67 | /* The default ENGINE to perform this algorithm/mode. */ |
| 79 | ENGINE *funct; | 68 | ENGINE *funct; |
| 80 | /* This value optimises engine_table_select(). If it is called it sets | 69 | /* Zero if 'sk' is newer than the cached 'funct', non-zero otherwise */ |
| 81 | * this value to 1. Any changes to this ENGINE_PILE resets it to zero. | ||
| 82 | * As such, no ENGINE_init() thrashing is done unless ENGINEs | ||
| 83 | * continually register (and/or unregister). */ | ||
| 84 | int uptodate; | 70 | int uptodate; |
| 85 | } ENGINE_PILE; | 71 | } ENGINE_PILE; |
| 86 | 72 | ||
| 87 | /* The type of the hash table of ENGINE_PILE structures such that each are | 73 | /* The type exposed in eng_int.h */ |
| 88 | * unique and keyed by the 'nid' value. */ | ||
| 89 | struct st_engine_table | 74 | struct st_engine_table |
| 90 | { | 75 | { |
| 91 | LHASH piles; | 76 | LHASH piles; |
| 92 | }; /* ENGINE_TABLE */ | 77 | }; /* ENGINE_TABLE */ |
| 93 | 78 | ||
| 94 | /* This value stores global options controlling behaviour of (mostly) the | 79 | /* Global flags (ENGINE_TABLE_FLAG_***). */ |
| 95 | * engine_table_select() function. It's a bitmask of flag values of the form | ||
| 96 | * ENGINE_TABLE_FLAG_*** (as defined in engine.h) and is controlled by the | ||
| 97 | * ENGINE_[get|set]_table_flags() function. */ | ||
| 98 | static unsigned int table_flags = 0; | 80 | static unsigned int table_flags = 0; |
| 99 | 81 | ||
| 100 | /* API function manipulating 'table_flags' */ | 82 | /* API function manipulating 'table_flags' */ |
| @@ -121,10 +103,8 @@ static IMPLEMENT_LHASH_COMP_FN(engine_pile_cmp, const ENGINE_PILE *) | |||
| 121 | static int int_table_check(ENGINE_TABLE **t, int create) | 103 | static int int_table_check(ENGINE_TABLE **t, int create) |
| 122 | { | 104 | { |
| 123 | LHASH *lh; | 105 | LHASH *lh; |
| 124 | if(*t) | 106 | if(*t) return 1; |
| 125 | return 1; | 107 | if(!create) return 0; |
| 126 | if(!create) | ||
| 127 | return 0; | ||
| 128 | if((lh = lh_new(LHASH_HASH_FN(engine_pile_hash), | 108 | if((lh = lh_new(LHASH_HASH_FN(engine_pile_hash), |
| 129 | LHASH_COMP_FN(engine_pile_cmp))) == NULL) | 109 | LHASH_COMP_FN(engine_pile_cmp))) == NULL) |
| 130 | return 0; | 110 | return 0; |
| @@ -154,8 +134,7 @@ int engine_table_register(ENGINE_TABLE **table, ENGINE_CLEANUP_CB *cleanup, | |||
| 154 | if(!fnd) | 134 | if(!fnd) |
| 155 | { | 135 | { |
| 156 | fnd = OPENSSL_malloc(sizeof(ENGINE_PILE)); | 136 | fnd = OPENSSL_malloc(sizeof(ENGINE_PILE)); |
| 157 | if(!fnd) | 137 | if(!fnd) goto end; |
| 158 | goto end; | ||
| 159 | fnd->uptodate = 1; | 138 | fnd->uptodate = 1; |
| 160 | fnd->nid = *nids; | 139 | fnd->nid = *nids; |
| 161 | fnd->sk = sk_ENGINE_new_null(); | 140 | fnd->sk = sk_ENGINE_new_null(); |
| @@ -164,11 +143,11 @@ int engine_table_register(ENGINE_TABLE **table, ENGINE_CLEANUP_CB *cleanup, | |||
| 164 | OPENSSL_free(fnd); | 143 | OPENSSL_free(fnd); |
| 165 | goto end; | 144 | goto end; |
| 166 | } | 145 | } |
| 167 | fnd->funct= NULL; | 146 | fnd->funct = NULL; |
| 168 | lh_insert(&(*table)->piles, fnd); | 147 | lh_insert(&(*table)->piles, fnd); |
| 169 | } | 148 | } |
| 170 | /* A registration shouldn't add duplciate entries */ | 149 | /* A registration shouldn't add duplciate entries */ |
| 171 | sk_ENGINE_delete_ptr(fnd->sk, e); | 150 | (void)sk_ENGINE_delete_ptr(fnd->sk, e); |
| 172 | /* if 'setdefault', this ENGINE goes to the head of the list */ | 151 | /* if 'setdefault', this ENGINE goes to the head of the list */ |
| 173 | if(!sk_ENGINE_push(fnd->sk, e)) | 152 | if(!sk_ENGINE_push(fnd->sk, e)) |
| 174 | goto end; | 153 | goto end; |
| @@ -185,6 +164,7 @@ int engine_table_register(ENGINE_TABLE **table, ENGINE_CLEANUP_CB *cleanup, | |||
| 185 | if(fnd->funct) | 164 | if(fnd->funct) |
| 186 | engine_unlocked_finish(fnd->funct, 0); | 165 | engine_unlocked_finish(fnd->funct, 0); |
| 187 | fnd->funct = e; | 166 | fnd->funct = e; |
| 167 | fnd->uptodate = 1; | ||
| 188 | } | 168 | } |
| 189 | nids++; | 169 | nids++; |
| 190 | } | 170 | } |
| @@ -199,8 +179,7 @@ static void int_unregister_cb(ENGINE_PILE *pile, ENGINE *e) | |||
| 199 | /* Iterate the 'c->sk' stack removing any occurance of 'e' */ | 179 | /* Iterate the 'c->sk' stack removing any occurance of 'e' */ |
| 200 | while((n = sk_ENGINE_find(pile->sk, e)) >= 0) | 180 | while((n = sk_ENGINE_find(pile->sk, e)) >= 0) |
| 201 | { | 181 | { |
| 202 | sk_ENGINE_delete(pile->sk, n); | 182 | (void)sk_ENGINE_delete(pile->sk, n); |
| 203 | /* "touch" this ENGINE_CIPHER */ | ||
| 204 | pile->uptodate = 0; | 183 | pile->uptodate = 0; |
| 205 | } | 184 | } |
| 206 | if(pile->funct == e) | 185 | if(pile->funct == e) |
| @@ -239,9 +218,7 @@ void engine_table_cleanup(ENGINE_TABLE **table) | |||
| 239 | CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); | 218 | CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); |
| 240 | } | 219 | } |
| 241 | 220 | ||
| 242 | /* Exposed API function to get a functional reference from the implementation | 221 | /* return a functional reference for a given 'nid' */ |
| 243 | * table (ie. try to get a functional reference from the tabled structural | ||
| 244 | * references) for a given cipher 'nid' */ | ||
| 245 | #ifndef ENGINE_TABLE_DEBUG | 222 | #ifndef ENGINE_TABLE_DEBUG |
| 246 | ENGINE *engine_table_select(ENGINE_TABLE **table, int nid) | 223 | ENGINE *engine_table_select(ENGINE_TABLE **table, int nid) |
| 247 | #else | 224 | #else |
| @@ -252,25 +229,21 @@ ENGINE *engine_table_select_tmp(ENGINE_TABLE **table, int nid, const char *f, in | |||
| 252 | ENGINE_PILE tmplate, *fnd=NULL; | 229 | ENGINE_PILE tmplate, *fnd=NULL; |
| 253 | int initres, loop = 0; | 230 | int initres, loop = 0; |
| 254 | 231 | ||
| 255 | /* If 'engine_ciphers' is NULL, then it's absolutely *sure* that no | ||
| 256 | * ENGINEs have registered any implementations! */ | ||
| 257 | if(!(*table)) | 232 | if(!(*table)) |
| 258 | { | 233 | { |
| 259 | #ifdef ENGINE_TABLE_DEBUG | 234 | #ifdef ENGINE_TABLE_DEBUG |
| 260 | fprintf(stderr, "engine_table_dbg: %s:%d, nid=%d, no " | 235 | fprintf(stderr, "engine_table_dbg: %s:%d, nid=%d, nothing " |
| 261 | "registered for anything!\n", f, l, nid); | 236 | "registered!\n", f, l, nid); |
| 262 | #endif | 237 | #endif |
| 263 | return NULL; | 238 | return NULL; |
| 264 | } | 239 | } |
| 265 | CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); | 240 | CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); |
| 266 | /* Check again inside the lock otherwise we could race against cleanup | 241 | /* Check again inside the lock otherwise we could race against cleanup |
| 267 | * operations. But don't worry about a fprintf(stderr). */ | 242 | * operations. But don't worry about a fprintf(stderr). */ |
| 268 | if(!int_table_check(table, 0)) | 243 | if(!int_table_check(table, 0)) goto end; |
| 269 | goto end; | ||
| 270 | tmplate.nid = nid; | 244 | tmplate.nid = nid; |
| 271 | fnd = lh_retrieve(&(*table)->piles, &tmplate); | 245 | fnd = lh_retrieve(&(*table)->piles, &tmplate); |
| 272 | if(!fnd) | 246 | if(!fnd) goto end; |
| 273 | goto end; | ||
| 274 | if(fnd->funct && engine_unlocked_init(fnd->funct)) | 247 | if(fnd->funct && engine_unlocked_init(fnd->funct)) |
| 275 | { | 248 | { |
| 276 | #ifdef ENGINE_TABLE_DEBUG | 249 | #ifdef ENGINE_TABLE_DEBUG |
| @@ -296,34 +269,19 @@ trynext: | |||
| 296 | #endif | 269 | #endif |
| 297 | goto end; | 270 | goto end; |
| 298 | } | 271 | } |
| 299 | #if 0 | 272 | /* Try to initialise the ENGINE? */ |
| 300 | /* Don't need to get a reference if we hold the lock. If the locking has | ||
| 301 | * to change in future, that would be different ... */ | ||
| 302 | ret->struct_ref++; engine_ref_debug(ret, 0, 1) | ||
| 303 | #endif | ||
| 304 | /* Try and initialise the ENGINE if it's already functional *or* if the | ||
| 305 | * ENGINE_TABLE_FLAG_NOINIT flag is not set. */ | ||
| 306 | if((ret->funct_ref > 0) || !(table_flags & ENGINE_TABLE_FLAG_NOINIT)) | 273 | if((ret->funct_ref > 0) || !(table_flags & ENGINE_TABLE_FLAG_NOINIT)) |
| 307 | initres = engine_unlocked_init(ret); | 274 | initres = engine_unlocked_init(ret); |
| 308 | else | 275 | else |
| 309 | initres = 0; | 276 | initres = 0; |
| 310 | #if 0 | ||
| 311 | /* Release the structural reference */ | ||
| 312 | ret->struct_ref--; engine_ref_debug(ret, 0, -1); | ||
| 313 | #endif | ||
| 314 | if(initres) | 277 | if(initres) |
| 315 | { | 278 | { |
| 316 | /* If we didn't have a default (functional reference) for this | 279 | /* Update 'funct' */ |
| 317 | * 'nid' (or we had one but for whatever reason we're now | ||
| 318 | * initialising a different one), use this opportunity to set | ||
| 319 | * 'funct'. */ | ||
| 320 | if((fnd->funct != ret) && engine_unlocked_init(ret)) | 280 | if((fnd->funct != ret) && engine_unlocked_init(ret)) |
| 321 | { | 281 | { |
| 322 | /* If there was a previous default we release it. */ | 282 | /* If there was a previous default we release it. */ |
| 323 | if(fnd->funct) | 283 | if(fnd->funct) |
| 324 | engine_unlocked_finish(fnd->funct, 0); | 284 | engine_unlocked_finish(fnd->funct, 0); |
| 325 | /* We got an extra functional reference for the | ||
| 326 | * per-'nid' default */ | ||
| 327 | fnd->funct = ret; | 285 | fnd->funct = ret; |
| 328 | #ifdef ENGINE_TABLE_DEBUG | 286 | #ifdef ENGINE_TABLE_DEBUG |
| 329 | fprintf(stderr, "engine_table_dbg: %s:%d, nid=%d, " | 287 | fprintf(stderr, "engine_table_dbg: %s:%d, nid=%d, " |
| @@ -338,13 +296,9 @@ trynext: | |||
| 338 | } | 296 | } |
| 339 | goto trynext; | 297 | goto trynext; |
| 340 | end: | 298 | end: |
| 341 | /* Whatever happened - we should "untouch" our uptodate file seeing as | 299 | /* If it failed, it is unlikely to succeed again until some future |
| 342 | * we have tried our best to find a functional reference for 'nid'. If | 300 | * registrations have taken place. In all cases, we cache. */ |
| 343 | * it failed, it is unlikely to succeed again until some future | 301 | if(fnd) fnd->uptodate = 1; |
| 344 | * registrations (or unregistrations) have taken place that affect that | ||
| 345 | * 'nid'. */ | ||
| 346 | if(fnd) | ||
| 347 | fnd->uptodate = 1; | ||
| 348 | #ifdef ENGINE_TABLE_DEBUG | 302 | #ifdef ENGINE_TABLE_DEBUG |
| 349 | if(ret) | 303 | if(ret) |
| 350 | fprintf(stderr, "engine_table_dbg: %s:%d, nid=%d, caching " | 304 | fprintf(stderr, "engine_table_dbg: %s:%d, nid=%d, caching " |
diff --git a/src/lib/libssl/src/crypto/engine/engine.h b/src/lib/libssl/src/crypto/engine/engine.h index 900f75ce8d..3ec59338ff 100644 --- a/src/lib/libssl/src/crypto/engine/engine.h +++ b/src/lib/libssl/src/crypto/engine/engine.h | |||
| @@ -3,7 +3,7 @@ | |||
| 3 | * project 2000. | 3 | * project 2000. |
| 4 | */ | 4 | */ |
| 5 | /* ==================================================================== | 5 | /* ==================================================================== |
| 6 | * Copyright (c) 1999-2001 The OpenSSL Project. All rights reserved. | 6 | * Copyright (c) 1999-2004 The OpenSSL Project. All rights reserved. |
| 7 | * | 7 | * |
| 8 | * Redistribution and use in source and binary forms, with or without | 8 | * Redistribution and use in source and binary forms, with or without |
| 9 | * modification, are permitted provided that the following conditions | 9 | * modification, are permitted provided that the following conditions |
| @@ -55,6 +55,11 @@ | |||
| 55 | * Hudson (tjh@cryptsoft.com). | 55 | * Hudson (tjh@cryptsoft.com). |
| 56 | * | 56 | * |
| 57 | */ | 57 | */ |
| 58 | /* ==================================================================== | ||
| 59 | * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. | ||
| 60 | * ECDH support in OpenSSL originally developed by | ||
| 61 | * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. | ||
| 62 | */ | ||
| 58 | 63 | ||
| 59 | #ifndef HEADER_ENGINE_H | 64 | #ifndef HEADER_ENGINE_H |
| 60 | #define HEADER_ENGINE_H | 65 | #define HEADER_ENGINE_H |
| @@ -65,7 +70,7 @@ | |||
| 65 | #error ENGINE is disabled. | 70 | #error ENGINE is disabled. |
| 66 | #endif | 71 | #endif |
| 67 | 72 | ||
| 68 | #include <openssl/ossl_typ.h> | 73 | #ifndef OPENSSL_NO_DEPRECATED |
| 69 | #include <openssl/bn.h> | 74 | #include <openssl/bn.h> |
| 70 | #ifndef OPENSSL_NO_RSA | 75 | #ifndef OPENSSL_NO_RSA |
| 71 | #include <openssl/rsa.h> | 76 | #include <openssl/rsa.h> |
| @@ -76,34 +81,36 @@ | |||
| 76 | #ifndef OPENSSL_NO_DH | 81 | #ifndef OPENSSL_NO_DH |
| 77 | #include <openssl/dh.h> | 82 | #include <openssl/dh.h> |
| 78 | #endif | 83 | #endif |
| 84 | #ifndef OPENSSL_NO_ECDH | ||
| 85 | #include <openssl/ecdh.h> | ||
| 86 | #endif | ||
| 87 | #ifndef OPENSSL_NO_ECDSA | ||
| 88 | #include <openssl/ecdsa.h> | ||
| 89 | #endif | ||
| 79 | #include <openssl/rand.h> | 90 | #include <openssl/rand.h> |
| 91 | #include <openssl/store.h> | ||
| 80 | #include <openssl/ui.h> | 92 | #include <openssl/ui.h> |
| 81 | #include <openssl/symhacks.h> | ||
| 82 | #include <openssl/err.h> | 93 | #include <openssl/err.h> |
| 94 | #endif | ||
| 95 | |||
| 96 | #include <openssl/ossl_typ.h> | ||
| 97 | #include <openssl/symhacks.h> | ||
| 83 | 98 | ||
| 84 | #ifdef __cplusplus | 99 | #ifdef __cplusplus |
| 85 | extern "C" { | 100 | extern "C" { |
| 86 | #endif | 101 | #endif |
| 87 | 102 | ||
| 88 | /* Fixups for missing algorithms */ | ||
| 89 | #ifdef OPENSSL_NO_RSA | ||
| 90 | typedef void RSA_METHOD; | ||
| 91 | #endif | ||
| 92 | #ifdef OPENSSL_NO_DSA | ||
| 93 | typedef void DSA_METHOD; | ||
| 94 | #endif | ||
| 95 | #ifdef OPENSSL_NO_DH | ||
| 96 | typedef void DH_METHOD; | ||
| 97 | #endif | ||
| 98 | |||
| 99 | /* These flags are used to control combinations of algorithm (methods) | 103 | /* These flags are used to control combinations of algorithm (methods) |
| 100 | * by bitwise "OR"ing. */ | 104 | * by bitwise "OR"ing. */ |
| 101 | #define ENGINE_METHOD_RSA (unsigned int)0x0001 | 105 | #define ENGINE_METHOD_RSA (unsigned int)0x0001 |
| 102 | #define ENGINE_METHOD_DSA (unsigned int)0x0002 | 106 | #define ENGINE_METHOD_DSA (unsigned int)0x0002 |
| 103 | #define ENGINE_METHOD_DH (unsigned int)0x0004 | 107 | #define ENGINE_METHOD_DH (unsigned int)0x0004 |
| 104 | #define ENGINE_METHOD_RAND (unsigned int)0x0008 | 108 | #define ENGINE_METHOD_RAND (unsigned int)0x0008 |
| 109 | #define ENGINE_METHOD_ECDH (unsigned int)0x0010 | ||
| 110 | #define ENGINE_METHOD_ECDSA (unsigned int)0x0020 | ||
| 105 | #define ENGINE_METHOD_CIPHERS (unsigned int)0x0040 | 111 | #define ENGINE_METHOD_CIPHERS (unsigned int)0x0040 |
| 106 | #define ENGINE_METHOD_DIGESTS (unsigned int)0x0080 | 112 | #define ENGINE_METHOD_DIGESTS (unsigned int)0x0080 |
| 113 | #define ENGINE_METHOD_STORE (unsigned int)0x0100 | ||
| 107 | /* Obvious all-or-nothing cases. */ | 114 | /* Obvious all-or-nothing cases. */ |
| 108 | #define ENGINE_METHOD_ALL (unsigned int)0xFFFF | 115 | #define ENGINE_METHOD_ALL (unsigned int)0xFFFF |
| 109 | #define ENGINE_METHOD_NONE (unsigned int)0x0000 | 116 | #define ENGINE_METHOD_NONE (unsigned int)0x0000 |
| @@ -173,9 +180,15 @@ typedef void DH_METHOD; | |||
| 173 | handles/connections etc. */ | 180 | handles/connections etc. */ |
| 174 | #define ENGINE_CTRL_SET_USER_INTERFACE 4 /* Alternative to callback */ | 181 | #define ENGINE_CTRL_SET_USER_INTERFACE 4 /* Alternative to callback */ |
| 175 | #define ENGINE_CTRL_SET_CALLBACK_DATA 5 /* User-specific data, used | 182 | #define ENGINE_CTRL_SET_CALLBACK_DATA 5 /* User-specific data, used |
| 176 | when calling the password | 183 | when calling the password |
| 177 | callback and the user | 184 | callback and the user |
| 178 | interface */ | 185 | interface */ |
| 186 | #define ENGINE_CTRL_LOAD_CONFIGURATION 6 /* Load a configuration, given | ||
| 187 | a string that represents a | ||
| 188 | file name or so */ | ||
| 189 | #define ENGINE_CTRL_LOAD_SECTION 7 /* Load data from a given | ||
| 190 | section in the already loaded | ||
| 191 | configuration */ | ||
| 179 | 192 | ||
| 180 | /* These control commands allow an application to deal with an arbitrary engine | 193 | /* These control commands allow an application to deal with an arbitrary engine |
| 181 | * in a dynamic way. Warn: Negative return values indicate errors FOR THESE | 194 | * in a dynamic way. Warn: Negative return values indicate errors FOR THESE |
| @@ -222,7 +235,7 @@ typedef void DH_METHOD; | |||
| 222 | 235 | ||
| 223 | /* ENGINE implementations should start the numbering of their own control | 236 | /* ENGINE implementations should start the numbering of their own control |
| 224 | * commands from this value. (ie. ENGINE_CMD_BASE, ENGINE_CMD_BASE + 1, etc). */ | 237 | * commands from this value. (ie. ENGINE_CMD_BASE, ENGINE_CMD_BASE + 1, etc). */ |
| 225 | #define ENGINE_CMD_BASE 200 | 238 | #define ENGINE_CMD_BASE 200 |
| 226 | 239 | ||
| 227 | /* NB: These 2 nCipher "chil" control commands are deprecated, and their | 240 | /* NB: These 2 nCipher "chil" control commands are deprecated, and their |
| 228 | * functionality is now available through ENGINE-specific control commands | 241 | * functionality is now available through ENGINE-specific control commands |
| @@ -257,11 +270,11 @@ typedef struct ENGINE_CMD_DEFN_st | |||
| 257 | } ENGINE_CMD_DEFN; | 270 | } ENGINE_CMD_DEFN; |
| 258 | 271 | ||
| 259 | /* Generic function pointer */ | 272 | /* Generic function pointer */ |
| 260 | typedef int (*ENGINE_GEN_FUNC_PTR)(); | 273 | typedef int (*ENGINE_GEN_FUNC_PTR)(void); |
| 261 | /* Generic function pointer taking no arguments */ | 274 | /* Generic function pointer taking no arguments */ |
| 262 | typedef int (*ENGINE_GEN_INT_FUNC_PTR)(ENGINE *); | 275 | typedef int (*ENGINE_GEN_INT_FUNC_PTR)(ENGINE *); |
| 263 | /* Specific control function pointer */ | 276 | /* Specific control function pointer */ |
| 264 | typedef int (*ENGINE_CTRL_FUNC_PTR)(ENGINE *, int, long, void *, void (*f)()); | 277 | typedef int (*ENGINE_CTRL_FUNC_PTR)(ENGINE *, int, long, void *, void (*f)(void)); |
| 265 | /* Generic load_key function pointer */ | 278 | /* Generic load_key function pointer */ |
| 266 | typedef EVP_PKEY * (*ENGINE_LOAD_KEY_PTR)(ENGINE *, const char *, | 279 | typedef EVP_PKEY * (*ENGINE_LOAD_KEY_PTR)(ENGINE *, const char *, |
| 267 | UI_METHOD *ui_method, void *callback_data); | 280 | UI_METHOD *ui_method, void *callback_data); |
| @@ -305,15 +318,21 @@ ENGINE *ENGINE_by_id(const char *id); | |||
| 305 | /* Add all the built-in engines. */ | 318 | /* Add all the built-in engines. */ |
| 306 | void ENGINE_load_openssl(void); | 319 | void ENGINE_load_openssl(void); |
| 307 | void ENGINE_load_dynamic(void); | 320 | void ENGINE_load_dynamic(void); |
| 308 | void ENGINE_load_cswift(void); | 321 | #ifndef OPENSSL_NO_STATIC_ENGINE |
| 309 | void ENGINE_load_chil(void); | 322 | void ENGINE_load_4758cca(void); |
| 323 | void ENGINE_load_aep(void); | ||
| 310 | void ENGINE_load_atalla(void); | 324 | void ENGINE_load_atalla(void); |
| 325 | void ENGINE_load_chil(void); | ||
| 326 | void ENGINE_load_cswift(void); | ||
| 327 | #ifndef OPENSSL_NO_GMP | ||
| 328 | void ENGINE_load_gmp(void); | ||
| 329 | #endif | ||
| 311 | void ENGINE_load_nuron(void); | 330 | void ENGINE_load_nuron(void); |
| 312 | void ENGINE_load_ubsec(void); | ||
| 313 | void ENGINE_load_aep(void); | ||
| 314 | void ENGINE_load_sureware(void); | 331 | void ENGINE_load_sureware(void); |
| 315 | void ENGINE_load_4758cca(void); | 332 | void ENGINE_load_ubsec(void); |
| 333 | #endif | ||
| 316 | void ENGINE_load_cryptodev(void); | 334 | void ENGINE_load_cryptodev(void); |
| 335 | void ENGINE_load_padlock(void); | ||
| 317 | void ENGINE_load_builtin_engines(void); | 336 | void ENGINE_load_builtin_engines(void); |
| 318 | 337 | ||
| 319 | /* Get and set global flags (ENGINE_TABLE_FLAG_***) for the implementation | 338 | /* Get and set global flags (ENGINE_TABLE_FLAG_***) for the implementation |
| @@ -337,6 +356,14 @@ int ENGINE_register_DSA(ENGINE *e); | |||
| 337 | void ENGINE_unregister_DSA(ENGINE *e); | 356 | void ENGINE_unregister_DSA(ENGINE *e); |
| 338 | void ENGINE_register_all_DSA(void); | 357 | void ENGINE_register_all_DSA(void); |
| 339 | 358 | ||
| 359 | int ENGINE_register_ECDH(ENGINE *e); | ||
| 360 | void ENGINE_unregister_ECDH(ENGINE *e); | ||
| 361 | void ENGINE_register_all_ECDH(void); | ||
| 362 | |||
| 363 | int ENGINE_register_ECDSA(ENGINE *e); | ||
| 364 | void ENGINE_unregister_ECDSA(ENGINE *e); | ||
| 365 | void ENGINE_register_all_ECDSA(void); | ||
| 366 | |||
| 340 | int ENGINE_register_DH(ENGINE *e); | 367 | int ENGINE_register_DH(ENGINE *e); |
| 341 | void ENGINE_unregister_DH(ENGINE *e); | 368 | void ENGINE_unregister_DH(ENGINE *e); |
| 342 | void ENGINE_register_all_DH(void); | 369 | void ENGINE_register_all_DH(void); |
| @@ -345,6 +372,10 @@ int ENGINE_register_RAND(ENGINE *e); | |||
| 345 | void ENGINE_unregister_RAND(ENGINE *e); | 372 | void ENGINE_unregister_RAND(ENGINE *e); |
| 346 | void ENGINE_register_all_RAND(void); | 373 | void ENGINE_register_all_RAND(void); |
| 347 | 374 | ||
| 375 | int ENGINE_register_STORE(ENGINE *e); | ||
| 376 | void ENGINE_unregister_STORE(ENGINE *e); | ||
| 377 | void ENGINE_register_all_STORE(void); | ||
| 378 | |||
| 348 | int ENGINE_register_ciphers(ENGINE *e); | 379 | int ENGINE_register_ciphers(ENGINE *e); |
| 349 | void ENGINE_unregister_ciphers(ENGINE *e); | 380 | void ENGINE_unregister_ciphers(ENGINE *e); |
| 350 | void ENGINE_register_all_ciphers(void); | 381 | void ENGINE_register_all_ciphers(void); |
| @@ -367,7 +398,7 @@ int ENGINE_register_all_complete(void); | |||
| 367 | * reference to an engine, but many control commands may require the engine be | 398 | * reference to an engine, but many control commands may require the engine be |
| 368 | * functional. The caller should be aware of trying commands that require an | 399 | * functional. The caller should be aware of trying commands that require an |
| 369 | * operational ENGINE, and only use functional references in such situations. */ | 400 | * operational ENGINE, and only use functional references in such situations. */ |
| 370 | int ENGINE_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)()); | 401 | int ENGINE_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void)); |
| 371 | 402 | ||
| 372 | /* This function tests if an ENGINE-specific command is usable as a "setting". | 403 | /* This function tests if an ENGINE-specific command is usable as a "setting". |
| 373 | * Eg. in an application's config file that gets processed through | 404 | * Eg. in an application's config file that gets processed through |
| @@ -380,7 +411,7 @@ int ENGINE_cmd_is_executable(ENGINE *e, int cmd); | |||
| 380 | * See the comment on ENGINE_ctrl_cmd_string() for an explanation on how to | 411 | * See the comment on ENGINE_ctrl_cmd_string() for an explanation on how to |
| 381 | * use the cmd_name and cmd_optional. */ | 412 | * use the cmd_name and cmd_optional. */ |
| 382 | int ENGINE_ctrl_cmd(ENGINE *e, const char *cmd_name, | 413 | int ENGINE_ctrl_cmd(ENGINE *e, const char *cmd_name, |
| 383 | long i, void *p, void (*f)(), int cmd_optional); | 414 | long i, void *p, void (*f)(void), int cmd_optional); |
| 384 | 415 | ||
| 385 | /* This function passes a command-name and argument to an ENGINE. The cmd_name | 416 | /* This function passes a command-name and argument to an ENGINE. The cmd_name |
| 386 | * is converted to a command number and the control command is called using | 417 | * is converted to a command number and the control command is called using |
| @@ -417,8 +448,11 @@ int ENGINE_set_id(ENGINE *e, const char *id); | |||
| 417 | int ENGINE_set_name(ENGINE *e, const char *name); | 448 | int ENGINE_set_name(ENGINE *e, const char *name); |
| 418 | int ENGINE_set_RSA(ENGINE *e, const RSA_METHOD *rsa_meth); | 449 | int ENGINE_set_RSA(ENGINE *e, const RSA_METHOD *rsa_meth); |
| 419 | int ENGINE_set_DSA(ENGINE *e, const DSA_METHOD *dsa_meth); | 450 | int ENGINE_set_DSA(ENGINE *e, const DSA_METHOD *dsa_meth); |
| 451 | int ENGINE_set_ECDH(ENGINE *e, const ECDH_METHOD *ecdh_meth); | ||
| 452 | int ENGINE_set_ECDSA(ENGINE *e, const ECDSA_METHOD *ecdsa_meth); | ||
| 420 | int ENGINE_set_DH(ENGINE *e, const DH_METHOD *dh_meth); | 453 | int ENGINE_set_DH(ENGINE *e, const DH_METHOD *dh_meth); |
| 421 | int ENGINE_set_RAND(ENGINE *e, const RAND_METHOD *rand_meth); | 454 | int ENGINE_set_RAND(ENGINE *e, const RAND_METHOD *rand_meth); |
| 455 | int ENGINE_set_STORE(ENGINE *e, const STORE_METHOD *store_meth); | ||
| 422 | int ENGINE_set_destroy_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR destroy_f); | 456 | int ENGINE_set_destroy_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR destroy_f); |
| 423 | int ENGINE_set_init_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR init_f); | 457 | int ENGINE_set_init_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR init_f); |
| 424 | int ENGINE_set_finish_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR finish_f); | 458 | int ENGINE_set_finish_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR finish_f); |
| @@ -429,11 +463,11 @@ int ENGINE_set_ciphers(ENGINE *e, ENGINE_CIPHERS_PTR f); | |||
| 429 | int ENGINE_set_digests(ENGINE *e, ENGINE_DIGESTS_PTR f); | 463 | int ENGINE_set_digests(ENGINE *e, ENGINE_DIGESTS_PTR f); |
| 430 | int ENGINE_set_flags(ENGINE *e, int flags); | 464 | int ENGINE_set_flags(ENGINE *e, int flags); |
| 431 | int ENGINE_set_cmd_defns(ENGINE *e, const ENGINE_CMD_DEFN *defns); | 465 | int ENGINE_set_cmd_defns(ENGINE *e, const ENGINE_CMD_DEFN *defns); |
| 432 | /* These functions (and the "get" function lower down) allow control over any | 466 | /* These functions allow control over any per-structure ENGINE data. */ |
| 433 | * per-structure ENGINE data. */ | ||
| 434 | int ENGINE_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, | 467 | int ENGINE_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, |
| 435 | CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); | 468 | CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); |
| 436 | int ENGINE_set_ex_data(ENGINE *e, int idx, void *arg); | 469 | int ENGINE_set_ex_data(ENGINE *e, int idx, void *arg); |
| 470 | void *ENGINE_get_ex_data(const ENGINE *e, int idx); | ||
| 437 | 471 | ||
| 438 | /* This function cleans up anything that needs it. Eg. the ENGINE_add() function | 472 | /* This function cleans up anything that needs it. Eg. the ENGINE_add() function |
| 439 | * automatically ensures the list cleanup function is registered to be called | 473 | * automatically ensures the list cleanup function is registered to be called |
| @@ -449,8 +483,11 @@ const char *ENGINE_get_id(const ENGINE *e); | |||
| 449 | const char *ENGINE_get_name(const ENGINE *e); | 483 | const char *ENGINE_get_name(const ENGINE *e); |
| 450 | const RSA_METHOD *ENGINE_get_RSA(const ENGINE *e); | 484 | const RSA_METHOD *ENGINE_get_RSA(const ENGINE *e); |
| 451 | const DSA_METHOD *ENGINE_get_DSA(const ENGINE *e); | 485 | const DSA_METHOD *ENGINE_get_DSA(const ENGINE *e); |
| 486 | const ECDH_METHOD *ENGINE_get_ECDH(const ENGINE *e); | ||
| 487 | const ECDSA_METHOD *ENGINE_get_ECDSA(const ENGINE *e); | ||
| 452 | const DH_METHOD *ENGINE_get_DH(const ENGINE *e); | 488 | const DH_METHOD *ENGINE_get_DH(const ENGINE *e); |
| 453 | const RAND_METHOD *ENGINE_get_RAND(const ENGINE *e); | 489 | const RAND_METHOD *ENGINE_get_RAND(const ENGINE *e); |
| 490 | const STORE_METHOD *ENGINE_get_STORE(const ENGINE *e); | ||
| 454 | ENGINE_GEN_INT_FUNC_PTR ENGINE_get_destroy_function(const ENGINE *e); | 491 | ENGINE_GEN_INT_FUNC_PTR ENGINE_get_destroy_function(const ENGINE *e); |
| 455 | ENGINE_GEN_INT_FUNC_PTR ENGINE_get_init_function(const ENGINE *e); | 492 | ENGINE_GEN_INT_FUNC_PTR ENGINE_get_init_function(const ENGINE *e); |
| 456 | ENGINE_GEN_INT_FUNC_PTR ENGINE_get_finish_function(const ENGINE *e); | 493 | ENGINE_GEN_INT_FUNC_PTR ENGINE_get_finish_function(const ENGINE *e); |
| @@ -463,7 +500,6 @@ const EVP_CIPHER *ENGINE_get_cipher(ENGINE *e, int nid); | |||
| 463 | const EVP_MD *ENGINE_get_digest(ENGINE *e, int nid); | 500 | const EVP_MD *ENGINE_get_digest(ENGINE *e, int nid); |
| 464 | const ENGINE_CMD_DEFN *ENGINE_get_cmd_defns(const ENGINE *e); | 501 | const ENGINE_CMD_DEFN *ENGINE_get_cmd_defns(const ENGINE *e); |
| 465 | int ENGINE_get_flags(const ENGINE *e); | 502 | int ENGINE_get_flags(const ENGINE *e); |
| 466 | void *ENGINE_get_ex_data(const ENGINE *e, int idx); | ||
| 467 | 503 | ||
| 468 | /* FUNCTIONAL functions. These functions deal with ENGINE structures | 504 | /* FUNCTIONAL functions. These functions deal with ENGINE structures |
| 469 | * that have (or will) be initialised for use. Broadly speaking, the | 505 | * that have (or will) be initialised for use. Broadly speaking, the |
| @@ -501,6 +537,8 @@ EVP_PKEY *ENGINE_load_public_key(ENGINE *e, const char *key_id, | |||
| 501 | ENGINE *ENGINE_get_default_RSA(void); | 537 | ENGINE *ENGINE_get_default_RSA(void); |
| 502 | /* Same for the other "methods" */ | 538 | /* Same for the other "methods" */ |
| 503 | ENGINE *ENGINE_get_default_DSA(void); | 539 | ENGINE *ENGINE_get_default_DSA(void); |
| 540 | ENGINE *ENGINE_get_default_ECDH(void); | ||
| 541 | ENGINE *ENGINE_get_default_ECDSA(void); | ||
| 504 | ENGINE *ENGINE_get_default_DH(void); | 542 | ENGINE *ENGINE_get_default_DH(void); |
| 505 | ENGINE *ENGINE_get_default_RAND(void); | 543 | ENGINE *ENGINE_get_default_RAND(void); |
| 506 | /* These functions can be used to get a functional reference to perform | 544 | /* These functions can be used to get a functional reference to perform |
| @@ -516,6 +554,8 @@ int ENGINE_set_default_RSA(ENGINE *e); | |||
| 516 | int ENGINE_set_default_string(ENGINE *e, const char *def_list); | 554 | int ENGINE_set_default_string(ENGINE *e, const char *def_list); |
| 517 | /* Same for the other "methods" */ | 555 | /* Same for the other "methods" */ |
| 518 | int ENGINE_set_default_DSA(ENGINE *e); | 556 | int ENGINE_set_default_DSA(ENGINE *e); |
| 557 | int ENGINE_set_default_ECDH(ENGINE *e); | ||
| 558 | int ENGINE_set_default_ECDSA(ENGINE *e); | ||
| 519 | int ENGINE_set_default_DH(ENGINE *e); | 559 | int ENGINE_set_default_DH(ENGINE *e); |
| 520 | int ENGINE_set_default_RAND(ENGINE *e); | 560 | int ENGINE_set_default_RAND(ENGINE *e); |
| 521 | int ENGINE_set_default_ciphers(ENGINE *e); | 561 | int ENGINE_set_default_ciphers(ENGINE *e); |
| @@ -538,17 +578,20 @@ void ENGINE_add_conf_module(void); | |||
| 538 | /**************************/ | 578 | /**************************/ |
| 539 | 579 | ||
| 540 | /* Binary/behaviour compatibility levels */ | 580 | /* Binary/behaviour compatibility levels */ |
| 541 | #define OSSL_DYNAMIC_VERSION (unsigned long)0x00010200 | 581 | #define OSSL_DYNAMIC_VERSION (unsigned long)0x00020000 |
| 542 | /* Binary versions older than this are too old for us (whether we're a loader or | 582 | /* Binary versions older than this are too old for us (whether we're a loader or |
| 543 | * a loadee) */ | 583 | * a loadee) */ |
| 544 | #define OSSL_DYNAMIC_OLDEST (unsigned long)0x00010200 | 584 | #define OSSL_DYNAMIC_OLDEST (unsigned long)0x00020000 |
| 545 | 585 | ||
| 546 | /* When compiling an ENGINE entirely as an external shared library, loadable by | 586 | /* When compiling an ENGINE entirely as an external shared library, loadable by |
| 547 | * the "dynamic" ENGINE, these types are needed. The 'dynamic_fns' structure | 587 | * the "dynamic" ENGINE, these types are needed. The 'dynamic_fns' structure |
| 548 | * type provides the calling application's (or library's) error functionality | 588 | * type provides the calling application's (or library's) error functionality |
| 549 | * and memory management function pointers to the loaded library. These should | 589 | * and memory management function pointers to the loaded library. These should |
| 550 | * be used/set in the loaded library code so that the loading application's | 590 | * be used/set in the loaded library code so that the loading application's |
| 551 | * 'state' will be used/changed in all operations. */ | 591 | * 'state' will be used/changed in all operations. The 'static_state' pointer |
| 592 | * allows the loaded library to know if it shares the same static data as the | ||
| 593 | * calling application (or library), and thus whether these callbacks need to be | ||
| 594 | * set or not. */ | ||
| 552 | typedef void *(*dyn_MEM_malloc_cb)(size_t); | 595 | typedef void *(*dyn_MEM_malloc_cb)(size_t); |
| 553 | typedef void *(*dyn_MEM_realloc_cb)(void *, size_t); | 596 | typedef void *(*dyn_MEM_realloc_cb)(void *, size_t); |
| 554 | typedef void (*dyn_MEM_free_cb)(void *); | 597 | typedef void (*dyn_MEM_free_cb)(void *); |
| @@ -576,6 +619,7 @@ typedef struct st_dynamic_LOCK_fns { | |||
| 576 | } dynamic_LOCK_fns; | 619 | } dynamic_LOCK_fns; |
| 577 | /* The top-level structure */ | 620 | /* The top-level structure */ |
| 578 | typedef struct st_dynamic_fns { | 621 | typedef struct st_dynamic_fns { |
| 622 | void *static_state; | ||
| 579 | const ERR_FNS *err_fns; | 623 | const ERR_FNS *err_fns; |
| 580 | const CRYPTO_EX_DATA_IMPL *ex_data_fns; | 624 | const CRYPTO_EX_DATA_IMPL *ex_data_fns; |
| 581 | dynamic_MEM_fns mem_fns; | 625 | dynamic_MEM_fns mem_fns; |
| @@ -593,7 +637,7 @@ typedef struct st_dynamic_fns { | |||
| 593 | * can be fully instantiated with IMPLEMENT_DYNAMIC_CHECK_FN(). */ | 637 | * can be fully instantiated with IMPLEMENT_DYNAMIC_CHECK_FN(). */ |
| 594 | typedef unsigned long (*dynamic_v_check_fn)(unsigned long ossl_version); | 638 | typedef unsigned long (*dynamic_v_check_fn)(unsigned long ossl_version); |
| 595 | #define IMPLEMENT_DYNAMIC_CHECK_FN() \ | 639 | #define IMPLEMENT_DYNAMIC_CHECK_FN() \ |
| 596 | unsigned long v_check(unsigned long v) { \ | 640 | OPENSSL_EXPORT unsigned long v_check(unsigned long v) { \ |
| 597 | if(v >= OSSL_DYNAMIC_OLDEST) return OSSL_DYNAMIC_VERSION; \ | 641 | if(v >= OSSL_DYNAMIC_OLDEST) return OSSL_DYNAMIC_VERSION; \ |
| 598 | return 0; } | 642 | return 0; } |
| 599 | 643 | ||
| @@ -615,24 +659,35 @@ typedef unsigned long (*dynamic_v_check_fn)(unsigned long ossl_version); | |||
| 615 | typedef int (*dynamic_bind_engine)(ENGINE *e, const char *id, | 659 | typedef int (*dynamic_bind_engine)(ENGINE *e, const char *id, |
| 616 | const dynamic_fns *fns); | 660 | const dynamic_fns *fns); |
| 617 | #define IMPLEMENT_DYNAMIC_BIND_FN(fn) \ | 661 | #define IMPLEMENT_DYNAMIC_BIND_FN(fn) \ |
| 662 | OPENSSL_EXPORT \ | ||
| 618 | int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns) { \ | 663 | int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns) { \ |
| 619 | if (ERR_get_implementation() != fns->err_fns) \ | 664 | if(ENGINE_get_static_state() == fns->static_state) goto skip_cbs; \ |
| 620 | { \ | 665 | if(!CRYPTO_set_mem_functions(fns->mem_fns.malloc_cb, \ |
| 621 | if(!CRYPTO_set_mem_functions(fns->mem_fns.malloc_cb, \ | 666 | fns->mem_fns.realloc_cb, fns->mem_fns.free_cb)) \ |
| 622 | fns->mem_fns.realloc_cb, fns->mem_fns.free_cb)) \ | 667 | return 0; \ |
| 623 | return 0; \ | 668 | CRYPTO_set_locking_callback(fns->lock_fns.lock_locking_cb); \ |
| 624 | CRYPTO_set_locking_callback(fns->lock_fns.lock_locking_cb); \ | 669 | CRYPTO_set_add_lock_callback(fns->lock_fns.lock_add_lock_cb); \ |
| 625 | CRYPTO_set_add_lock_callback(fns->lock_fns.lock_add_lock_cb); \ | 670 | CRYPTO_set_dynlock_create_callback(fns->lock_fns.dynlock_create_cb); \ |
| 626 | CRYPTO_set_dynlock_create_callback(fns->lock_fns.dynlock_create_cb); \ | 671 | CRYPTO_set_dynlock_lock_callback(fns->lock_fns.dynlock_lock_cb); \ |
| 627 | CRYPTO_set_dynlock_lock_callback(fns->lock_fns.dynlock_lock_cb); \ | 672 | CRYPTO_set_dynlock_destroy_callback(fns->lock_fns.dynlock_destroy_cb); \ |
| 628 | CRYPTO_set_dynlock_destroy_callback(fns->lock_fns.dynlock_destroy_cb); \ | 673 | if(!CRYPTO_set_ex_data_implementation(fns->ex_data_fns)) \ |
| 629 | if(!CRYPTO_set_ex_data_implementation(fns->ex_data_fns)) \ | 674 | return 0; \ |
| 630 | return 0; \ | 675 | if(!ERR_set_implementation(fns->err_fns)) return 0; \ |
| 631 | if(!ERR_set_implementation(fns->err_fns)) return 0; \ | 676 | skip_cbs: \ |
| 632 | } \ | ||
| 633 | if(!fn(e,id)) return 0; \ | 677 | if(!fn(e,id)) return 0; \ |
| 634 | return 1; } | 678 | return 1; } |
| 635 | 679 | ||
| 680 | /* If the loading application (or library) and the loaded ENGINE library share | ||
| 681 | * the same static data (eg. they're both dynamically linked to the same | ||
| 682 | * libcrypto.so) we need a way to avoid trying to set system callbacks - this | ||
| 683 | * would fail, and for the same reason that it's unnecessary to try. If the | ||
| 684 | * loaded ENGINE has (or gets from through the loader) its own copy of the | ||
| 685 | * libcrypto static data, we will need to set the callbacks. The easiest way to | ||
| 686 | * detect this is to have a function that returns a pointer to some static data | ||
| 687 | * and let the loading application and loaded ENGINE compare their respective | ||
| 688 | * values. */ | ||
| 689 | void *ENGINE_get_static_state(void); | ||
| 690 | |||
| 636 | #if defined(__OpenBSD__) || defined(__FreeBSD__) | 691 | #if defined(__OpenBSD__) || defined(__FreeBSD__) |
| 637 | void ENGINE_setup_bsd_cryptodev(void); | 692 | void ENGINE_setup_bsd_cryptodev(void); |
| 638 | #endif | 693 | #endif |
| @@ -649,6 +704,7 @@ void ERR_load_ENGINE_strings(void); | |||
| 649 | #define ENGINE_F_DYNAMIC_CTRL 180 | 704 | #define ENGINE_F_DYNAMIC_CTRL 180 |
| 650 | #define ENGINE_F_DYNAMIC_GET_DATA_CTX 181 | 705 | #define ENGINE_F_DYNAMIC_GET_DATA_CTX 181 |
| 651 | #define ENGINE_F_DYNAMIC_LOAD 182 | 706 | #define ENGINE_F_DYNAMIC_LOAD 182 |
| 707 | #define ENGINE_F_DYNAMIC_SET_DATA_CTX 183 | ||
| 652 | #define ENGINE_F_ENGINE_ADD 105 | 708 | #define ENGINE_F_ENGINE_ADD 105 |
| 653 | #define ENGINE_F_ENGINE_BY_ID 106 | 709 | #define ENGINE_F_ENGINE_BY_ID 106 |
| 654 | #define ENGINE_F_ENGINE_CMD_IS_EXECUTABLE 170 | 710 | #define ENGINE_F_ENGINE_CMD_IS_EXECUTABLE 170 |
| @@ -656,7 +712,7 @@ void ERR_load_ENGINE_strings(void); | |||
| 656 | #define ENGINE_F_ENGINE_CTRL_CMD 178 | 712 | #define ENGINE_F_ENGINE_CTRL_CMD 178 |
| 657 | #define ENGINE_F_ENGINE_CTRL_CMD_STRING 171 | 713 | #define ENGINE_F_ENGINE_CTRL_CMD_STRING 171 |
| 658 | #define ENGINE_F_ENGINE_FINISH 107 | 714 | #define ENGINE_F_ENGINE_FINISH 107 |
| 659 | #define ENGINE_F_ENGINE_FREE 108 | 715 | #define ENGINE_F_ENGINE_FREE_UTIL 108 |
| 660 | #define ENGINE_F_ENGINE_GET_CIPHER 185 | 716 | #define ENGINE_F_ENGINE_GET_CIPHER 185 |
| 661 | #define ENGINE_F_ENGINE_GET_DEFAULT_TYPE 177 | 717 | #define ENGINE_F_ENGINE_GET_DEFAULT_TYPE 177 |
| 662 | #define ENGINE_F_ENGINE_GET_DIGEST 186 | 718 | #define ENGINE_F_ENGINE_GET_DIGEST 186 |
| @@ -667,7 +723,6 @@ void ERR_load_ENGINE_strings(void); | |||
| 667 | #define ENGINE_F_ENGINE_LIST_REMOVE 121 | 723 | #define ENGINE_F_ENGINE_LIST_REMOVE 121 |
| 668 | #define ENGINE_F_ENGINE_LOAD_PRIVATE_KEY 150 | 724 | #define ENGINE_F_ENGINE_LOAD_PRIVATE_KEY 150 |
| 669 | #define ENGINE_F_ENGINE_LOAD_PUBLIC_KEY 151 | 725 | #define ENGINE_F_ENGINE_LOAD_PUBLIC_KEY 151 |
| 670 | #define ENGINE_F_ENGINE_MODULE_INIT 187 | ||
| 671 | #define ENGINE_F_ENGINE_NEW 122 | 726 | #define ENGINE_F_ENGINE_NEW 122 |
| 672 | #define ENGINE_F_ENGINE_REMOVE 123 | 727 | #define ENGINE_F_ENGINE_REMOVE 123 |
| 673 | #define ENGINE_F_ENGINE_SET_DEFAULT_STRING 189 | 728 | #define ENGINE_F_ENGINE_SET_DEFAULT_STRING 189 |
| @@ -676,11 +731,12 @@ void ERR_load_ENGINE_strings(void); | |||
| 676 | #define ENGINE_F_ENGINE_SET_NAME 130 | 731 | #define ENGINE_F_ENGINE_SET_NAME 130 |
| 677 | #define ENGINE_F_ENGINE_TABLE_REGISTER 184 | 732 | #define ENGINE_F_ENGINE_TABLE_REGISTER 184 |
| 678 | #define ENGINE_F_ENGINE_UNLOAD_KEY 152 | 733 | #define ENGINE_F_ENGINE_UNLOAD_KEY 152 |
| 734 | #define ENGINE_F_ENGINE_UNLOCKED_FINISH 191 | ||
| 679 | #define ENGINE_F_ENGINE_UP_REF 190 | 735 | #define ENGINE_F_ENGINE_UP_REF 190 |
| 680 | #define ENGINE_F_INT_CTRL_HELPER 172 | 736 | #define ENGINE_F_INT_CTRL_HELPER 172 |
| 681 | #define ENGINE_F_INT_ENGINE_CONFIGURE 188 | 737 | #define ENGINE_F_INT_ENGINE_CONFIGURE 188 |
| 738 | #define ENGINE_F_INT_ENGINE_MODULE_INIT 187 | ||
| 682 | #define ENGINE_F_LOG_MESSAGE 141 | 739 | #define ENGINE_F_LOG_MESSAGE 141 |
| 683 | #define ENGINE_F_SET_DATA_CTX 183 | ||
| 684 | 740 | ||
| 685 | /* Reason codes. */ | 741 | /* Reason codes. */ |
| 686 | #define ENGINE_R_ALREADY_LOADED 100 | 742 | #define ENGINE_R_ALREADY_LOADED 100 |
diff --git a/src/lib/libssl/src/crypto/engine/enginetest.c b/src/lib/libssl/src/crypto/engine/enginetest.c index c2d0297392..cf82f490db 100644 --- a/src/lib/libssl/src/crypto/engine/enginetest.c +++ b/src/lib/libssl/src/crypto/engine/enginetest.c | |||
| @@ -72,7 +72,7 @@ int main(int argc, char *argv[]) | |||
| 72 | #include <openssl/engine.h> | 72 | #include <openssl/engine.h> |
| 73 | #include <openssl/err.h> | 73 | #include <openssl/err.h> |
| 74 | 74 | ||
| 75 | static void display_engine_list() | 75 | static void display_engine_list(void) |
| 76 | { | 76 | { |
| 77 | ENGINE *h; | 77 | ENGINE *h; |
| 78 | int loop; | 78 | int loop; |
diff --git a/src/lib/libssl/src/crypto/engine/tb_cipher.c b/src/lib/libssl/src/crypto/engine/tb_cipher.c index 50b3cec1fa..177fc1fb73 100644 --- a/src/lib/libssl/src/crypto/engine/tb_cipher.c +++ b/src/lib/libssl/src/crypto/engine/tb_cipher.c | |||
| @@ -52,8 +52,6 @@ | |||
| 52 | * | 52 | * |
| 53 | */ | 53 | */ |
| 54 | 54 | ||
| 55 | #include <openssl/evp.h> | ||
| 56 | #include <openssl/engine.h> | ||
| 57 | #include "eng_int.h" | 55 | #include "eng_int.h" |
| 58 | 56 | ||
| 59 | /* If this symbol is defined then ENGINE_get_cipher_engine(), the function that | 57 | /* If this symbol is defined then ENGINE_get_cipher_engine(), the function that |
diff --git a/src/lib/libssl/src/crypto/engine/tb_dh.c b/src/lib/libssl/src/crypto/engine/tb_dh.c index e290e1702b..6e9d428761 100644 --- a/src/lib/libssl/src/crypto/engine/tb_dh.c +++ b/src/lib/libssl/src/crypto/engine/tb_dh.c | |||
| @@ -52,8 +52,6 @@ | |||
| 52 | * | 52 | * |
| 53 | */ | 53 | */ |
| 54 | 54 | ||
| 55 | #include <openssl/evp.h> | ||
| 56 | #include <openssl/engine.h> | ||
| 57 | #include "eng_int.h" | 55 | #include "eng_int.h" |
| 58 | 56 | ||
| 59 | /* If this symbol is defined then ENGINE_get_default_DH(), the function that is | 57 | /* If this symbol is defined then ENGINE_get_default_DH(), the function that is |
diff --git a/src/lib/libssl/src/crypto/engine/tb_digest.c b/src/lib/libssl/src/crypto/engine/tb_digest.c index e82d2a17c9..d3f4bb2747 100644 --- a/src/lib/libssl/src/crypto/engine/tb_digest.c +++ b/src/lib/libssl/src/crypto/engine/tb_digest.c | |||
| @@ -52,8 +52,6 @@ | |||
| 52 | * | 52 | * |
| 53 | */ | 53 | */ |
| 54 | 54 | ||
| 55 | #include <openssl/evp.h> | ||
| 56 | #include <openssl/engine.h> | ||
| 57 | #include "eng_int.h" | 55 | #include "eng_int.h" |
| 58 | 56 | ||
| 59 | /* If this symbol is defined then ENGINE_get_digest_engine(), the function that | 57 | /* If this symbol is defined then ENGINE_get_digest_engine(), the function that |
diff --git a/src/lib/libssl/src/crypto/engine/tb_dsa.c b/src/lib/libssl/src/crypto/engine/tb_dsa.c index 7efe181927..e4674f5f07 100644 --- a/src/lib/libssl/src/crypto/engine/tb_dsa.c +++ b/src/lib/libssl/src/crypto/engine/tb_dsa.c | |||
| @@ -52,8 +52,6 @@ | |||
| 52 | * | 52 | * |
| 53 | */ | 53 | */ |
| 54 | 54 | ||
| 55 | #include <openssl/evp.h> | ||
| 56 | #include <openssl/engine.h> | ||
| 57 | #include "eng_int.h" | 55 | #include "eng_int.h" |
| 58 | 56 | ||
| 59 | /* If this symbol is defined then ENGINE_get_default_DSA(), the function that is | 57 | /* If this symbol is defined then ENGINE_get_default_DSA(), the function that is |
diff --git a/src/lib/libssl/src/crypto/engine/tb_rand.c b/src/lib/libssl/src/crypto/engine/tb_rand.c index 69b67111bc..f36f67c0f6 100644 --- a/src/lib/libssl/src/crypto/engine/tb_rand.c +++ b/src/lib/libssl/src/crypto/engine/tb_rand.c | |||
| @@ -52,8 +52,6 @@ | |||
| 52 | * | 52 | * |
| 53 | */ | 53 | */ |
| 54 | 54 | ||
| 55 | #include <openssl/evp.h> | ||
| 56 | #include <openssl/engine.h> | ||
| 57 | #include "eng_int.h" | 55 | #include "eng_int.h" |
| 58 | 56 | ||
| 59 | /* If this symbol is defined then ENGINE_get_default_RAND(), the function that is | 57 | /* If this symbol is defined then ENGINE_get_default_RAND(), the function that is |
diff --git a/src/lib/libssl/src/crypto/engine/tb_rsa.c b/src/lib/libssl/src/crypto/engine/tb_rsa.c index fee4867f52..fbc707fd26 100644 --- a/src/lib/libssl/src/crypto/engine/tb_rsa.c +++ b/src/lib/libssl/src/crypto/engine/tb_rsa.c | |||
| @@ -52,8 +52,6 @@ | |||
| 52 | * | 52 | * |
| 53 | */ | 53 | */ |
| 54 | 54 | ||
| 55 | #include <openssl/evp.h> | ||
| 56 | #include <openssl/engine.h> | ||
| 57 | #include "eng_int.h" | 55 | #include "eng_int.h" |
| 58 | 56 | ||
| 59 | /* If this symbol is defined then ENGINE_get_default_RSA(), the function that is | 57 | /* If this symbol is defined then ENGINE_get_default_RSA(), the function that is |
diff --git a/src/lib/libssl/src/crypto/err/err.c b/src/lib/libssl/src/crypto/err/err.c index 53687d79ab..b6ff070e8f 100644 --- a/src/lib/libssl/src/crypto/err/err.c +++ b/src/lib/libssl/src/crypto/err/err.c | |||
| @@ -112,9 +112,9 @@ | |||
| 112 | #include <stdio.h> | 112 | #include <stdio.h> |
| 113 | #include <stdarg.h> | 113 | #include <stdarg.h> |
| 114 | #include <string.h> | 114 | #include <string.h> |
| 115 | #include "cryptlib.h" | ||
| 115 | #include <openssl/lhash.h> | 116 | #include <openssl/lhash.h> |
| 116 | #include <openssl/crypto.h> | 117 | #include <openssl/crypto.h> |
| 117 | #include "cryptlib.h" | ||
| 118 | #include <openssl/buffer.h> | 118 | #include <openssl/buffer.h> |
| 119 | #include <openssl/bio.h> | 119 | #include <openssl/bio.h> |
| 120 | #include <openssl/err.h> | 120 | #include <openssl/err.h> |
| @@ -149,7 +149,7 @@ static ERR_STRING_DATA ERR_str_libraries[]= | |||
| 149 | {ERR_PACK(ERR_LIB_DSO,0,0) ,"DSO support routines"}, | 149 | {ERR_PACK(ERR_LIB_DSO,0,0) ,"DSO support routines"}, |
| 150 | {ERR_PACK(ERR_LIB_ENGINE,0,0) ,"engine routines"}, | 150 | {ERR_PACK(ERR_LIB_ENGINE,0,0) ,"engine routines"}, |
| 151 | {ERR_PACK(ERR_LIB_OCSP,0,0) ,"OCSP routines"}, | 151 | {ERR_PACK(ERR_LIB_OCSP,0,0) ,"OCSP routines"}, |
| 152 | {ERR_PACK(ERR_LIB_FIPS,0,0) ,"FIPS routines"}, | 152 | {ERR_PACK(ERR_LIB_CMS,0,0) ,"CMS routines"}, |
| 153 | {0,NULL}, | 153 | {0,NULL}, |
| 154 | }; | 154 | }; |
| 155 | 155 | ||
| @@ -168,7 +168,6 @@ static ERR_STRING_DATA ERR_str_functs[]= | |||
| 168 | #endif | 168 | #endif |
| 169 | {ERR_PACK(0,SYS_F_OPENDIR,0), "opendir"}, | 169 | {ERR_PACK(0,SYS_F_OPENDIR,0), "opendir"}, |
| 170 | {ERR_PACK(0,SYS_F_FREAD,0), "fread"}, | 170 | {ERR_PACK(0,SYS_F_FREAD,0), "fread"}, |
| 171 | {ERR_PACK(0,SYS_F_GETADDRINFO,0), "getaddrinfo"}, | ||
| 172 | {0,NULL}, | 171 | {0,NULL}, |
| 173 | }; | 172 | }; |
| 174 | 173 | ||
| @@ -210,6 +209,7 @@ static ERR_STRING_DATA ERR_str_reasons[]= | |||
| 210 | {ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED ,"called a function you should not call"}, | 209 | {ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED ,"called a function you should not call"}, |
| 211 | {ERR_R_PASSED_NULL_PARAMETER ,"passed a null parameter"}, | 210 | {ERR_R_PASSED_NULL_PARAMETER ,"passed a null parameter"}, |
| 212 | {ERR_R_INTERNAL_ERROR ,"internal error"}, | 211 | {ERR_R_INTERNAL_ERROR ,"internal error"}, |
| 212 | {ERR_R_DISABLED ,"called a function that was disabled at compile-time"}, | ||
| 213 | 213 | ||
| 214 | {0,NULL}, | 214 | {0,NULL}, |
| 215 | }; | 215 | }; |
| @@ -542,16 +542,27 @@ static ERR_STRING_DATA SYS_str_reasons[NUM_SYS_STR_REASONS + 1]; | |||
| 542 | * will be returned for SYSerr(), which always gets an errno | 542 | * will be returned for SYSerr(), which always gets an errno |
| 543 | * value and never one of those 'standard' reason codes. */ | 543 | * value and never one of those 'standard' reason codes. */ |
| 544 | 544 | ||
| 545 | static void build_SYS_str_reasons() | 545 | static void build_SYS_str_reasons(void) |
| 546 | { | 546 | { |
| 547 | /* OPENSSL_malloc cannot be used here, use static storage instead */ | 547 | /* OPENSSL_malloc cannot be used here, use static storage instead */ |
| 548 | static char strerror_tab[NUM_SYS_STR_REASONS][LEN_SYS_STR_REASON]; | 548 | static char strerror_tab[NUM_SYS_STR_REASONS][LEN_SYS_STR_REASON]; |
| 549 | int i; | 549 | int i; |
| 550 | static int init = 1; | 550 | static int init = 1; |
| 551 | 551 | ||
| 552 | if (!init) return; | 552 | CRYPTO_r_lock(CRYPTO_LOCK_ERR); |
| 553 | 553 | if (!init) | |
| 554 | { | ||
| 555 | CRYPTO_r_unlock(CRYPTO_LOCK_ERR); | ||
| 556 | return; | ||
| 557 | } | ||
| 558 | |||
| 559 | CRYPTO_r_unlock(CRYPTO_LOCK_ERR); | ||
| 554 | CRYPTO_w_lock(CRYPTO_LOCK_ERR); | 560 | CRYPTO_w_lock(CRYPTO_LOCK_ERR); |
| 561 | if (!init) | ||
| 562 | { | ||
| 563 | CRYPTO_w_unlock(CRYPTO_LOCK_ERR); | ||
| 564 | return; | ||
| 565 | } | ||
| 555 | 566 | ||
| 556 | for (i = 1; i <= NUM_SYS_STR_REASONS; i++) | 567 | for (i = 1; i <= NUM_SYS_STR_REASONS; i++) |
| 557 | { | 568 | { |
| @@ -583,13 +594,24 @@ static void build_SYS_str_reasons() | |||
| 583 | #endif | 594 | #endif |
| 584 | 595 | ||
| 585 | #define err_clear_data(p,i) \ | 596 | #define err_clear_data(p,i) \ |
| 597 | do { \ | ||
| 586 | if (((p)->err_data[i] != NULL) && \ | 598 | if (((p)->err_data[i] != NULL) && \ |
| 587 | (p)->err_data_flags[i] & ERR_TXT_MALLOCED) \ | 599 | (p)->err_data_flags[i] & ERR_TXT_MALLOCED) \ |
| 588 | { \ | 600 | { \ |
| 589 | OPENSSL_free((p)->err_data[i]); \ | 601 | OPENSSL_free((p)->err_data[i]); \ |
| 590 | (p)->err_data[i]=NULL; \ | 602 | (p)->err_data[i]=NULL; \ |
| 591 | } \ | 603 | } \ |
| 592 | (p)->err_data_flags[i]=0; | 604 | (p)->err_data_flags[i]=0; \ |
| 605 | } while(0) | ||
| 606 | |||
| 607 | #define err_clear(p,i) \ | ||
| 608 | do { \ | ||
| 609 | (p)->err_flags[i]=0; \ | ||
| 610 | (p)->err_buffer[i]=0; \ | ||
| 611 | err_clear_data(p,i); \ | ||
| 612 | (p)->err_file[i]=NULL; \ | ||
| 613 | (p)->err_line[i]= -1; \ | ||
| 614 | } while(0) | ||
| 593 | 615 | ||
| 594 | static void ERR_STATE_free(ERR_STATE *s) | 616 | static void ERR_STATE_free(ERR_STATE *s) |
| 595 | { | 617 | { |
| @@ -682,6 +704,7 @@ void ERR_put_error(int lib, int func, int reason, const char *file, | |||
| 682 | es->top=(es->top+1)%ERR_NUM_ERRORS; | 704 | es->top=(es->top+1)%ERR_NUM_ERRORS; |
| 683 | if (es->top == es->bottom) | 705 | if (es->top == es->bottom) |
| 684 | es->bottom=(es->bottom+1)%ERR_NUM_ERRORS; | 706 | es->bottom=(es->bottom+1)%ERR_NUM_ERRORS; |
| 707 | es->err_flags[es->top]=0; | ||
| 685 | es->err_buffer[es->top]=ERR_PACK(lib,func,reason); | 708 | es->err_buffer[es->top]=ERR_PACK(lib,func,reason); |
| 686 | es->err_file[es->top]=file; | 709 | es->err_file[es->top]=file; |
| 687 | es->err_line[es->top]=line; | 710 | es->err_line[es->top]=line; |
| @@ -697,10 +720,7 @@ void ERR_clear_error(void) | |||
| 697 | 720 | ||
| 698 | for (i=0; i<ERR_NUM_ERRORS; i++) | 721 | for (i=0; i<ERR_NUM_ERRORS; i++) |
| 699 | { | 722 | { |
| 700 | es->err_buffer[i]=0; | 723 | err_clear(es,i); |
| 701 | err_clear_data(es,i); | ||
| 702 | es->err_file[i]=NULL; | ||
| 703 | es->err_line[i]= -1; | ||
| 704 | } | 724 | } |
| 705 | es->top=es->bottom=0; | 725 | es->top=es->bottom=0; |
| 706 | } | 726 | } |
| @@ -937,7 +957,7 @@ static unsigned long err_hash(const void *a_void) | |||
| 937 | { | 957 | { |
| 938 | unsigned long ret,l; | 958 | unsigned long ret,l; |
| 939 | 959 | ||
| 940 | l=((ERR_STRING_DATA *)a_void)->error; | 960 | l=((const ERR_STRING_DATA *)a_void)->error; |
| 941 | ret=l^ERR_GET_LIB(l)^ERR_GET_FUNC(l); | 961 | ret=l^ERR_GET_LIB(l)^ERR_GET_FUNC(l); |
| 942 | return(ret^ret%19*13); | 962 | return(ret^ret%19*13); |
| 943 | } | 963 | } |
| @@ -945,21 +965,21 @@ static unsigned long err_hash(const void *a_void) | |||
| 945 | /* static int err_cmp(ERR_STRING_DATA *a, ERR_STRING_DATA *b) */ | 965 | /* static int err_cmp(ERR_STRING_DATA *a, ERR_STRING_DATA *b) */ |
| 946 | static int err_cmp(const void *a_void, const void *b_void) | 966 | static int err_cmp(const void *a_void, const void *b_void) |
| 947 | { | 967 | { |
| 948 | return((int)(((ERR_STRING_DATA *)a_void)->error - | 968 | return((int)(((const ERR_STRING_DATA *)a_void)->error - |
| 949 | ((ERR_STRING_DATA *)b_void)->error)); | 969 | ((const ERR_STRING_DATA *)b_void)->error)); |
| 950 | } | 970 | } |
| 951 | 971 | ||
| 952 | /* static unsigned long pid_hash(ERR_STATE *a) */ | 972 | /* static unsigned long pid_hash(ERR_STATE *a) */ |
| 953 | static unsigned long pid_hash(const void *a_void) | 973 | static unsigned long pid_hash(const void *a_void) |
| 954 | { | 974 | { |
| 955 | return(((ERR_STATE *)a_void)->pid*13); | 975 | return(((const ERR_STATE *)a_void)->pid*13); |
| 956 | } | 976 | } |
| 957 | 977 | ||
| 958 | /* static int pid_cmp(ERR_STATE *a, ERR_STATE *b) */ | 978 | /* static int pid_cmp(ERR_STATE *a, ERR_STATE *b) */ |
| 959 | static int pid_cmp(const void *a_void, const void *b_void) | 979 | static int pid_cmp(const void *a_void, const void *b_void) |
| 960 | { | 980 | { |
| 961 | return((int)((long)((ERR_STATE *)a_void)->pid - | 981 | return((int)((long)((const ERR_STATE *)a_void)->pid - |
| 962 | (long)((ERR_STATE *)b_void)->pid)); | 982 | (long)((const ERR_STATE *)b_void)->pid)); |
| 963 | } | 983 | } |
| 964 | 984 | ||
| 965 | void ERR_remove_state(unsigned long pid) | 985 | void ERR_remove_state(unsigned long pid) |
| @@ -1069,7 +1089,7 @@ void ERR_add_error_data(int num, ...) | |||
| 1069 | else | 1089 | else |
| 1070 | str=p; | 1090 | str=p; |
| 1071 | } | 1091 | } |
| 1072 | BUF_strlcat(str,a,s+1); | 1092 | BUF_strlcat(str,a,(size_t)s+1); |
| 1073 | } | 1093 | } |
| 1074 | } | 1094 | } |
| 1075 | ERR_set_error_data(str,ERR_TXT_MALLOCED|ERR_TXT_STRING); | 1095 | ERR_set_error_data(str,ERR_TXT_MALLOCED|ERR_TXT_STRING); |
| @@ -1077,3 +1097,33 @@ void ERR_add_error_data(int num, ...) | |||
| 1077 | err: | 1097 | err: |
| 1078 | va_end(args); | 1098 | va_end(args); |
| 1079 | } | 1099 | } |
| 1100 | |||
| 1101 | int ERR_set_mark(void) | ||
| 1102 | { | ||
| 1103 | ERR_STATE *es; | ||
| 1104 | |||
| 1105 | es=ERR_get_state(); | ||
| 1106 | |||
| 1107 | if (es->bottom == es->top) return 0; | ||
| 1108 | es->err_flags[es->top]|=ERR_FLAG_MARK; | ||
| 1109 | return 1; | ||
| 1110 | } | ||
| 1111 | |||
| 1112 | int ERR_pop_to_mark(void) | ||
| 1113 | { | ||
| 1114 | ERR_STATE *es; | ||
| 1115 | |||
| 1116 | es=ERR_get_state(); | ||
| 1117 | |||
| 1118 | while(es->bottom != es->top | ||
| 1119 | && (es->err_flags[es->top] & ERR_FLAG_MARK) == 0) | ||
| 1120 | { | ||
| 1121 | err_clear(es,es->top); | ||
| 1122 | es->top-=1; | ||
| 1123 | if (es->top == -1) es->top=ERR_NUM_ERRORS-1; | ||
| 1124 | } | ||
| 1125 | |||
| 1126 | if (es->bottom == es->top) return 0; | ||
| 1127 | es->err_flags[es->top]&=~ERR_FLAG_MARK; | ||
| 1128 | return 1; | ||
| 1129 | } | ||
diff --git a/src/lib/libssl/src/crypto/err/err.h b/src/lib/libssl/src/crypto/err/err.h index 2efa18866a..bf28fce492 100644 --- a/src/lib/libssl/src/crypto/err/err.h +++ b/src/lib/libssl/src/crypto/err/err.h | |||
| @@ -59,11 +59,14 @@ | |||
| 59 | #ifndef HEADER_ERR_H | 59 | #ifndef HEADER_ERR_H |
| 60 | #define HEADER_ERR_H | 60 | #define HEADER_ERR_H |
| 61 | 61 | ||
| 62 | #include <openssl/e_os2.h> | ||
| 63 | |||
| 62 | #ifndef OPENSSL_NO_FP_API | 64 | #ifndef OPENSSL_NO_FP_API |
| 63 | #include <stdio.h> | 65 | #include <stdio.h> |
| 64 | #include <stdlib.h> | 66 | #include <stdlib.h> |
| 65 | #endif | 67 | #endif |
| 66 | 68 | ||
| 69 | #include <openssl/ossl_typ.h> | ||
| 67 | #ifndef OPENSSL_NO_BIO | 70 | #ifndef OPENSSL_NO_BIO |
| 68 | #include <openssl/bio.h> | 71 | #include <openssl/bio.h> |
| 69 | #endif | 72 | #endif |
| @@ -86,10 +89,13 @@ extern "C" { | |||
| 86 | #define ERR_TXT_MALLOCED 0x01 | 89 | #define ERR_TXT_MALLOCED 0x01 |
| 87 | #define ERR_TXT_STRING 0x02 | 90 | #define ERR_TXT_STRING 0x02 |
| 88 | 91 | ||
| 92 | #define ERR_FLAG_MARK 0x01 | ||
| 93 | |||
| 89 | #define ERR_NUM_ERRORS 16 | 94 | #define ERR_NUM_ERRORS 16 |
| 90 | typedef struct err_state_st | 95 | typedef struct err_state_st |
| 91 | { | 96 | { |
| 92 | unsigned long pid; | 97 | unsigned long pid; |
| 98 | int err_flags[ERR_NUM_ERRORS]; | ||
| 93 | unsigned long err_buffer[ERR_NUM_ERRORS]; | 99 | unsigned long err_buffer[ERR_NUM_ERRORS]; |
| 94 | char *err_data[ERR_NUM_ERRORS]; | 100 | char *err_data[ERR_NUM_ERRORS]; |
| 95 | int err_data_flags[ERR_NUM_ERRORS]; | 101 | int err_data_flags[ERR_NUM_ERRORS]; |
| @@ -131,7 +137,10 @@ typedef struct err_state_st | |||
| 131 | #define ERR_LIB_OCSP 39 | 137 | #define ERR_LIB_OCSP 39 |
| 132 | #define ERR_LIB_UI 40 | 138 | #define ERR_LIB_UI 40 |
| 133 | #define ERR_LIB_COMP 41 | 139 | #define ERR_LIB_COMP 41 |
| 134 | #define ERR_LIB_FIPS 42 | 140 | #define ERR_LIB_ECDSA 42 |
| 141 | #define ERR_LIB_ECDH 43 | ||
| 142 | #define ERR_LIB_STORE 44 | ||
| 143 | #define ERR_LIB_CMS 45 | ||
| 135 | 144 | ||
| 136 | #define ERR_LIB_USER 128 | 145 | #define ERR_LIB_USER 128 |
| 137 | 146 | ||
| @@ -160,7 +169,10 @@ typedef struct err_state_st | |||
| 160 | #define OCSPerr(f,r) ERR_PUT_error(ERR_LIB_OCSP,(f),(r),__FILE__,__LINE__) | 169 | #define OCSPerr(f,r) ERR_PUT_error(ERR_LIB_OCSP,(f),(r),__FILE__,__LINE__) |
| 161 | #define UIerr(f,r) ERR_PUT_error(ERR_LIB_UI,(f),(r),__FILE__,__LINE__) | 170 | #define UIerr(f,r) ERR_PUT_error(ERR_LIB_UI,(f),(r),__FILE__,__LINE__) |
| 162 | #define COMPerr(f,r) ERR_PUT_error(ERR_LIB_COMP,(f),(r),__FILE__,__LINE__) | 171 | #define COMPerr(f,r) ERR_PUT_error(ERR_LIB_COMP,(f),(r),__FILE__,__LINE__) |
| 163 | #define FIPSerr(f,r) ERR_PUT_error(ERR_LIB_FIPS,(f),(r),__FILE__,__LINE__) | 172 | #define ECDSAerr(f,r) ERR_PUT_error(ERR_LIB_ECDSA,(f),(r),__FILE__,__LINE__) |
| 173 | #define ECDHerr(f,r) ERR_PUT_error(ERR_LIB_ECDH,(f),(r),__FILE__,__LINE__) | ||
| 174 | #define STOREerr(f,r) ERR_PUT_error(ERR_LIB_STORE,(f),(r),__FILE__,__LINE__) | ||
| 175 | #define CMSerr(f,r) ERR_PUT_error(ERR_LIB_CMS,(f),(r),__FILE__,__LINE__) | ||
| 164 | 176 | ||
| 165 | /* Borland C seems too stupid to be able to shift and do longs in | 177 | /* Borland C seems too stupid to be able to shift and do longs in |
| 166 | * the pre-processor :-( */ | 178 | * the pre-processor :-( */ |
| @@ -185,7 +197,6 @@ typedef struct err_state_st | |||
| 185 | #define SYS_F_WSASTARTUP 9 /* Winsock stuff */ | 197 | #define SYS_F_WSASTARTUP 9 /* Winsock stuff */ |
| 186 | #define SYS_F_OPENDIR 10 | 198 | #define SYS_F_OPENDIR 10 |
| 187 | #define SYS_F_FREAD 11 | 199 | #define SYS_F_FREAD 11 |
| 188 | #define SYS_F_GETADDRINFO 12 | ||
| 189 | 200 | ||
| 190 | 201 | ||
| 191 | /* reasons */ | 202 | /* reasons */ |
| @@ -214,6 +225,9 @@ typedef struct err_state_st | |||
| 214 | #define ERR_R_OCSP_LIB ERR_LIB_OCSP /* 39 */ | 225 | #define ERR_R_OCSP_LIB ERR_LIB_OCSP /* 39 */ |
| 215 | #define ERR_R_UI_LIB ERR_LIB_UI /* 40 */ | 226 | #define ERR_R_UI_LIB ERR_LIB_UI /* 40 */ |
| 216 | #define ERR_R_COMP_LIB ERR_LIB_COMP /* 41 */ | 227 | #define ERR_R_COMP_LIB ERR_LIB_COMP /* 41 */ |
| 228 | #define ERR_R_ECDSA_LIB ERR_LIB_ECDSA /* 42 */ | ||
| 229 | #define ERR_R_ECDH_LIB ERR_LIB_ECDH /* 43 */ | ||
| 230 | #define ERR_R_STORE_LIB ERR_LIB_STORE /* 44 */ | ||
| 217 | 231 | ||
| 218 | #define ERR_R_NESTED_ASN1_ERROR 58 | 232 | #define ERR_R_NESTED_ASN1_ERROR 58 |
| 219 | #define ERR_R_BAD_ASN1_OBJECT_HEADER 59 | 233 | #define ERR_R_BAD_ASN1_OBJECT_HEADER 59 |
| @@ -228,6 +242,7 @@ typedef struct err_state_st | |||
| 228 | #define ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED (2|ERR_R_FATAL) | 242 | #define ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED (2|ERR_R_FATAL) |
| 229 | #define ERR_R_PASSED_NULL_PARAMETER (3|ERR_R_FATAL) | 243 | #define ERR_R_PASSED_NULL_PARAMETER (3|ERR_R_FATAL) |
| 230 | #define ERR_R_INTERNAL_ERROR (4|ERR_R_FATAL) | 244 | #define ERR_R_INTERNAL_ERROR (4|ERR_R_FATAL) |
| 245 | #define ERR_R_DISABLED (5|ERR_R_FATAL) | ||
| 231 | 246 | ||
| 232 | /* 99 is the maximum possible ERR_R_... code, higher values | 247 | /* 99 is the maximum possible ERR_R_... code, higher values |
| 233 | * are reserved for the individual libraries */ | 248 | * are reserved for the individual libraries */ |
| @@ -286,8 +301,11 @@ void ERR_release_err_state_table(LHASH **hash); | |||
| 286 | 301 | ||
| 287 | int ERR_get_next_error_library(void); | 302 | int ERR_get_next_error_library(void); |
| 288 | 303 | ||
| 289 | /* This opaque type encapsulates the low-level error-state functions */ | 304 | int ERR_set_mark(void); |
| 290 | typedef struct st_ERR_FNS ERR_FNS; | 305 | int ERR_pop_to_mark(void); |
| 306 | |||
| 307 | /* Already defined in ossl_typ.h */ | ||
| 308 | /* typedef struct st_ERR_FNS ERR_FNS; */ | ||
| 291 | /* An application can use this function and provide the return value to loaded | 309 | /* An application can use this function and provide the return value to loaded |
| 292 | * modules that should use the application's ERR state/functionality */ | 310 | * modules that should use the application's ERR state/functionality */ |
| 293 | const ERR_FNS *ERR_get_implementation(void); | 311 | const ERR_FNS *ERR_get_implementation(void); |
diff --git a/src/lib/libssl/src/crypto/err/err_all.c b/src/lib/libssl/src/crypto/err/err_all.c index 4dc9300892..5813060ce2 100644 --- a/src/lib/libssl/src/crypto/err/err_all.c +++ b/src/lib/libssl/src/crypto/err/err_all.c | |||
| @@ -73,6 +73,12 @@ | |||
| 73 | #ifndef OPENSSL_NO_DSA | 73 | #ifndef OPENSSL_NO_DSA |
| 74 | #include <openssl/dsa.h> | 74 | #include <openssl/dsa.h> |
| 75 | #endif | 75 | #endif |
| 76 | #ifndef OPENSSL_NO_ECDSA | ||
| 77 | #include <openssl/ecdsa.h> | ||
| 78 | #endif | ||
| 79 | #ifndef OPENSSL_NO_ECDH | ||
| 80 | #include <openssl/ecdh.h> | ||
| 81 | #endif | ||
| 76 | #include <openssl/evp.h> | 82 | #include <openssl/evp.h> |
| 77 | #include <openssl/objects.h> | 83 | #include <openssl/objects.h> |
| 78 | #include <openssl/pem2.h> | 84 | #include <openssl/pem2.h> |
| @@ -85,16 +91,15 @@ | |||
| 85 | #ifndef OPENSSL_NO_ENGINE | 91 | #ifndef OPENSSL_NO_ENGINE |
| 86 | #include <openssl/engine.h> | 92 | #include <openssl/engine.h> |
| 87 | #endif | 93 | #endif |
| 94 | #include <openssl/ui.h> | ||
| 88 | #include <openssl/ocsp.h> | 95 | #include <openssl/ocsp.h> |
| 89 | #include <openssl/err.h> | 96 | #include <openssl/err.h> |
| 90 | #include <openssl/fips.h> | 97 | #ifndef OPENSSL_NO_CMS |
| 98 | #include <openssl/cms.h> | ||
| 99 | #endif | ||
| 91 | 100 | ||
| 92 | void ERR_load_crypto_strings(void) | 101 | void ERR_load_crypto_strings(void) |
| 93 | { | 102 | { |
| 94 | static int done=0; | ||
| 95 | |||
| 96 | if (done) return; | ||
| 97 | done=1; | ||
| 98 | #ifndef OPENSSL_NO_ERR | 103 | #ifndef OPENSSL_NO_ERR |
| 99 | ERR_load_ERR_strings(); /* include error strings for SYSerr */ | 104 | ERR_load_ERR_strings(); /* include error strings for SYSerr */ |
| 100 | ERR_load_BN_strings(); | 105 | ERR_load_BN_strings(); |
| @@ -118,6 +123,12 @@ void ERR_load_crypto_strings(void) | |||
| 118 | #ifndef OPENSSL_NO_EC | 123 | #ifndef OPENSSL_NO_EC |
| 119 | ERR_load_EC_strings(); | 124 | ERR_load_EC_strings(); |
| 120 | #endif | 125 | #endif |
| 126 | #ifndef OPENSSL_NO_ECDSA | ||
| 127 | ERR_load_ECDSA_strings(); | ||
| 128 | #endif | ||
| 129 | #ifndef OPENSSL_NO_ECDH | ||
| 130 | ERR_load_ECDH_strings(); | ||
| 131 | #endif | ||
| 121 | /* skip ERR_load_SSL_strings() because it is not in this library */ | 132 | /* skip ERR_load_SSL_strings() because it is not in this library */ |
| 122 | ERR_load_BIO_strings(); | 133 | ERR_load_BIO_strings(); |
| 123 | ERR_load_PKCS7_strings(); | 134 | ERR_load_PKCS7_strings(); |
| @@ -130,8 +141,8 @@ void ERR_load_crypto_strings(void) | |||
| 130 | #endif | 141 | #endif |
| 131 | ERR_load_OCSP_strings(); | 142 | ERR_load_OCSP_strings(); |
| 132 | ERR_load_UI_strings(); | 143 | ERR_load_UI_strings(); |
| 144 | #ifndef OPENSSL_NO_CMS | ||
| 145 | ERR_load_CMS_strings(); | ||
| 133 | #endif | 146 | #endif |
| 134 | #ifdef OPENSSL_FIPS | ||
| 135 | ERR_load_FIPS_strings(); | ||
| 136 | #endif | 147 | #endif |
| 137 | } | 148 | } |
diff --git a/src/lib/libssl/src/crypto/err/err_prn.c b/src/lib/libssl/src/crypto/err/err_prn.c index 81e34bd6ce..2224a901e5 100644 --- a/src/lib/libssl/src/crypto/err/err_prn.c +++ b/src/lib/libssl/src/crypto/err/err_prn.c | |||
| @@ -57,9 +57,9 @@ | |||
| 57 | */ | 57 | */ |
| 58 | 58 | ||
| 59 | #include <stdio.h> | 59 | #include <stdio.h> |
| 60 | #include "cryptlib.h" | ||
| 60 | #include <openssl/lhash.h> | 61 | #include <openssl/lhash.h> |
| 61 | #include <openssl/crypto.h> | 62 | #include <openssl/crypto.h> |
| 62 | #include "cryptlib.h" | ||
| 63 | #include <openssl/buffer.h> | 63 | #include <openssl/buffer.h> |
| 64 | #include <openssl/err.h> | 64 | #include <openssl/err.h> |
| 65 | 65 | ||
| @@ -86,7 +86,12 @@ void ERR_print_errors_cb(int (*cb)(const char *str, size_t len, void *u), | |||
| 86 | #ifndef OPENSSL_NO_FP_API | 86 | #ifndef OPENSSL_NO_FP_API |
| 87 | static int print_fp(const char *str, size_t len, void *fp) | 87 | static int print_fp(const char *str, size_t len, void *fp) |
| 88 | { | 88 | { |
| 89 | return fprintf((FILE *)fp, "%s", str); | 89 | BIO bio; |
| 90 | |||
| 91 | BIO_set(&bio,BIO_s_file()); | ||
| 92 | BIO_set_fp(&bio,fp,BIO_NOCLOSE); | ||
| 93 | |||
| 94 | return BIO_printf(&bio, "%s", str); | ||
| 90 | } | 95 | } |
| 91 | void ERR_print_errors_fp(FILE *fp) | 96 | void ERR_print_errors_fp(FILE *fp) |
| 92 | { | 97 | { |
diff --git a/src/lib/libssl/src/crypto/err/openssl.ec b/src/lib/libssl/src/crypto/err/openssl.ec index f8cd6937e7..1938f081ac 100644 --- a/src/lib/libssl/src/crypto/err/openssl.ec +++ b/src/lib/libssl/src/crypto/err/openssl.ec | |||
| @@ -27,11 +27,16 @@ L DSO crypto/dso/dso.h crypto/dso/dso_err.c | |||
| 27 | L ENGINE crypto/engine/engine.h crypto/engine/eng_err.c | 27 | L ENGINE crypto/engine/engine.h crypto/engine/eng_err.c |
| 28 | L OCSP crypto/ocsp/ocsp.h crypto/ocsp/ocsp_err.c | 28 | L OCSP crypto/ocsp/ocsp.h crypto/ocsp/ocsp_err.c |
| 29 | L UI crypto/ui/ui.h crypto/ui/ui_err.c | 29 | L UI crypto/ui/ui.h crypto/ui/ui_err.c |
| 30 | L FIPS fips-1.0/fips.h fips-1.0/fips_err.h | 30 | L COMP crypto/comp/comp.h crypto/comp/comp_err.c |
| 31 | L ECDSA crypto/ecdsa/ecdsa.h crypto/ecdsa/ecs_err.c | ||
| 32 | L ECDH crypto/ecdh/ecdh.h crypto/ecdh/ech_err.c | ||
| 33 | L STORE crypto/store/store.h crypto/store/str_err.c | ||
| 34 | L CMS crypto/cms/cms.h crypto/cms/cms_err.c | ||
| 31 | 35 | ||
| 32 | # additional header files to be scanned for function names | 36 | # additional header files to be scanned for function names |
| 33 | L NONE crypto/x509/x509_vfy.h NONE | 37 | L NONE crypto/x509/x509_vfy.h NONE |
| 34 | L NONE crypto/ec/ec_lcl.h NONE | 38 | L NONE crypto/ec/ec_lcl.h NONE |
| 39 | L NONE crypto/cms/cms_lcl.h NONE | ||
| 35 | 40 | ||
| 36 | 41 | ||
| 37 | F RSAREF_F_RSA_BN2BIN | 42 | F RSAREF_F_RSA_BN2BIN |
diff --git a/src/lib/libssl/src/crypto/evp/bio_b64.c b/src/lib/libssl/src/crypto/evp/bio_b64.c index 33349c2f98..fa5cbc7eb1 100644 --- a/src/lib/libssl/src/crypto/evp/bio_b64.c +++ b/src/lib/libssl/src/crypto/evp/bio_b64.c | |||
| @@ -165,7 +165,7 @@ static int b64_read(BIO *b, char *out, int outl) | |||
| 165 | { | 165 | { |
| 166 | i=ctx->buf_len-ctx->buf_off; | 166 | i=ctx->buf_len-ctx->buf_off; |
| 167 | if (i > outl) i=outl; | 167 | if (i > outl) i=outl; |
| 168 | OPENSSL_assert(ctx->buf_off+i < sizeof ctx->buf); | 168 | OPENSSL_assert(ctx->buf_off+i < (int)sizeof(ctx->buf)); |
| 169 | memcpy(out,&(ctx->buf[ctx->buf_off]),i); | 169 | memcpy(out,&(ctx->buf[ctx->buf_off]),i); |
| 170 | ret=i; | 170 | ret=i; |
| 171 | out+=i; | 171 | out+=i; |
diff --git a/src/lib/libssl/src/crypto/evp/bio_enc.c b/src/lib/libssl/src/crypto/evp/bio_enc.c index b8cda1a9f0..f6ac94c6e1 100644 --- a/src/lib/libssl/src/crypto/evp/bio_enc.c +++ b/src/lib/libssl/src/crypto/evp/bio_enc.c | |||
| @@ -405,8 +405,8 @@ EVP_CIPHER_ctx *c; | |||
| 405 | } | 405 | } |
| 406 | */ | 406 | */ |
| 407 | 407 | ||
| 408 | void BIO_set_cipher(BIO *b, const EVP_CIPHER *c, unsigned char *k, | 408 | void BIO_set_cipher(BIO *b, const EVP_CIPHER *c, const unsigned char *k, |
| 409 | unsigned char *i, int e) | 409 | const unsigned char *i, int e) |
| 410 | { | 410 | { |
| 411 | BIO_ENC_CTX *ctx; | 411 | BIO_ENC_CTX *ctx; |
| 412 | 412 | ||
diff --git a/src/lib/libssl/src/crypto/evp/bio_md.c b/src/lib/libssl/src/crypto/evp/bio_md.c index f4aa41ac4b..d648ac6da6 100644 --- a/src/lib/libssl/src/crypto/evp/bio_md.c +++ b/src/lib/libssl/src/crypto/evp/bio_md.c | |||
| @@ -153,7 +153,7 @@ static int md_write(BIO *b, const char *in, int inl) | |||
| 153 | { | 153 | { |
| 154 | if (ret > 0) | 154 | if (ret > 0) |
| 155 | { | 155 | { |
| 156 | EVP_DigestUpdate(ctx,(unsigned char *)in, | 156 | EVP_DigestUpdate(ctx,(const unsigned char *)in, |
| 157 | (unsigned int)ret); | 157 | (unsigned int)ret); |
| 158 | } | 158 | } |
| 159 | } | 159 | } |
| @@ -192,8 +192,13 @@ static long md_ctrl(BIO *b, int cmd, long num, void *ptr) | |||
| 192 | ret=0; | 192 | ret=0; |
| 193 | break; | 193 | break; |
| 194 | case BIO_C_GET_MD_CTX: | 194 | case BIO_C_GET_MD_CTX: |
| 195 | pctx=ptr; | 195 | if (b->init) |
| 196 | *pctx=ctx; | 196 | { |
| 197 | pctx=ptr; | ||
| 198 | *pctx=ctx; | ||
| 199 | } | ||
| 200 | else | ||
| 201 | ret=0; | ||
| 197 | break; | 202 | break; |
| 198 | case BIO_C_SET_MD_CTX: | 203 | case BIO_C_SET_MD_CTX: |
| 199 | if (b->init) | 204 | if (b->init) |
diff --git a/src/lib/libssl/src/crypto/evp/bio_ok.c b/src/lib/libssl/src/crypto/evp/bio_ok.c index 4e3f10141b..98bc1ab409 100644 --- a/src/lib/libssl/src/crypto/evp/bio_ok.c +++ b/src/lib/libssl/src/crypto/evp/bio_ok.c | |||
| @@ -119,6 +119,7 @@ | |||
| 119 | 119 | ||
| 120 | #include <stdio.h> | 120 | #include <stdio.h> |
| 121 | #include <errno.h> | 121 | #include <errno.h> |
| 122 | #include <assert.h> | ||
| 122 | #include "cryptlib.h" | 123 | #include "cryptlib.h" |
| 123 | #include <openssl/buffer.h> | 124 | #include <openssl/buffer.h> |
| 124 | #include <openssl/bio.h> | 125 | #include <openssl/bio.h> |
| @@ -141,22 +142,12 @@ static void block_in(BIO* b); | |||
| 141 | #define IOBS (OK_BLOCK_SIZE+ OK_BLOCK_BLOCK+ 3*EVP_MAX_MD_SIZE) | 142 | #define IOBS (OK_BLOCK_SIZE+ OK_BLOCK_BLOCK+ 3*EVP_MAX_MD_SIZE) |
| 142 | #define WELLKNOWN "The quick brown fox jumped over the lazy dog's back." | 143 | #define WELLKNOWN "The quick brown fox jumped over the lazy dog's back." |
| 143 | 144 | ||
| 144 | #ifndef L_ENDIAN | ||
| 145 | #define swapem(x) \ | ||
| 146 | ((unsigned long int)((((unsigned long int)(x) & 0x000000ffU) << 24) | \ | ||
| 147 | (((unsigned long int)(x) & 0x0000ff00U) << 8) | \ | ||
| 148 | (((unsigned long int)(x) & 0x00ff0000U) >> 8) | \ | ||
| 149 | (((unsigned long int)(x) & 0xff000000U) >> 24))) | ||
| 150 | #else | ||
| 151 | #define swapem(x) (x) | ||
| 152 | #endif | ||
| 153 | |||
| 154 | typedef struct ok_struct | 145 | typedef struct ok_struct |
| 155 | { | 146 | { |
| 156 | int buf_len; | 147 | size_t buf_len; |
| 157 | int buf_off; | 148 | size_t buf_off; |
| 158 | int buf_len_save; | 149 | size_t buf_len_save; |
| 159 | int buf_off_save; | 150 | size_t buf_off_save; |
| 160 | int cont; /* <= 0 when finished */ | 151 | int cont; /* <= 0 when finished */ |
| 161 | int finished; | 152 | int finished; |
| 162 | EVP_MD_CTX md; | 153 | EVP_MD_CTX md; |
| @@ -295,6 +286,8 @@ static int ok_write(BIO *b, const char *in, int inl) | |||
| 295 | int ret=0,n,i; | 286 | int ret=0,n,i; |
| 296 | BIO_OK_CTX *ctx; | 287 | BIO_OK_CTX *ctx; |
| 297 | 288 | ||
| 289 | if (inl <= 0) return inl; | ||
| 290 | |||
| 298 | ctx=(BIO_OK_CTX *)b->ptr; | 291 | ctx=(BIO_OK_CTX *)b->ptr; |
| 299 | ret=inl; | 292 | ret=inl; |
| 300 | 293 | ||
| @@ -330,7 +323,7 @@ static int ok_write(BIO *b, const char *in, int inl) | |||
| 330 | if ((in == NULL) || (inl <= 0)) return(0); | 323 | if ((in == NULL) || (inl <= 0)) return(0); |
| 331 | 324 | ||
| 332 | n= (inl+ ctx->buf_len > OK_BLOCK_SIZE+ OK_BLOCK_BLOCK) ? | 325 | n= (inl+ ctx->buf_len > OK_BLOCK_SIZE+ OK_BLOCK_BLOCK) ? |
| 333 | OK_BLOCK_SIZE+ OK_BLOCK_BLOCK- ctx->buf_len : inl; | 326 | (int)(OK_BLOCK_SIZE+OK_BLOCK_BLOCK-ctx->buf_len) : inl; |
| 334 | 327 | ||
| 335 | memcpy((unsigned char *)(&(ctx->buf[ctx->buf_len])),(unsigned char *)in,n); | 328 | memcpy((unsigned char *)(&(ctx->buf[ctx->buf_len])),(unsigned char *)in,n); |
| 336 | ctx->buf_len+= n; | 329 | ctx->buf_len+= n; |
| @@ -448,16 +441,18 @@ static long ok_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp) | |||
| 448 | return(ret); | 441 | return(ret); |
| 449 | } | 442 | } |
| 450 | 443 | ||
| 451 | static void longswap(void *_ptr, int len) | 444 | static void longswap(void *_ptr, size_t len) |
| 452 | { | 445 | { const union { long one; char little; } is_endian = {1}; |
| 453 | #ifndef L_ENDIAN | ||
| 454 | int i; | ||
| 455 | char *ptr=_ptr; | ||
| 456 | 446 | ||
| 457 | for(i= 0;i < len;i+= 4){ | 447 | if (is_endian.little) { |
| 458 | *((unsigned long *)&(ptr[i]))= swapem(*((unsigned long *)&(ptr[i]))); | 448 | size_t i; |
| 449 | unsigned char *p=_ptr,c; | ||
| 450 | |||
| 451 | for(i= 0;i < len;i+= 4) { | ||
| 452 | c=p[0],p[0]=p[3],p[3]=c; | ||
| 453 | c=p[1],p[1]=p[2],p[2]=c; | ||
| 454 | } | ||
| 459 | } | 455 | } |
| 460 | #endif | ||
| 461 | } | 456 | } |
| 462 | 457 | ||
| 463 | static void sig_out(BIO* b) | 458 | static void sig_out(BIO* b) |
| @@ -496,7 +491,7 @@ static void sig_in(BIO* b) | |||
| 496 | ctx=b->ptr; | 491 | ctx=b->ptr; |
| 497 | md=&ctx->md; | 492 | md=&ctx->md; |
| 498 | 493 | ||
| 499 | if(ctx->buf_len- ctx->buf_off < 2* md->digest->md_size) return; | 494 | if((int)(ctx->buf_len-ctx->buf_off) < 2*md->digest->md_size) return; |
| 500 | 495 | ||
| 501 | EVP_DigestInit_ex(md, md->digest, NULL); | 496 | EVP_DigestInit_ex(md, md->digest, NULL); |
| 502 | memcpy(md->md_data, &(ctx->buf[ctx->buf_off]), md->digest->md_size); | 497 | memcpy(md->md_data, &(ctx->buf[ctx->buf_off]), md->digest->md_size); |
| @@ -533,9 +528,10 @@ static void block_out(BIO* b) | |||
| 533 | md=&ctx->md; | 528 | md=&ctx->md; |
| 534 | 529 | ||
| 535 | tl= ctx->buf_len- OK_BLOCK_BLOCK; | 530 | tl= ctx->buf_len- OK_BLOCK_BLOCK; |
| 536 | tl= swapem(tl); | 531 | ctx->buf[0]=(unsigned char)(tl>>24); |
| 537 | memcpy(ctx->buf, &tl, OK_BLOCK_BLOCK); | 532 | ctx->buf[1]=(unsigned char)(tl>>16); |
| 538 | tl= swapem(tl); | 533 | ctx->buf[2]=(unsigned char)(tl>>8); |
| 534 | ctx->buf[3]=(unsigned char)(tl); | ||
| 539 | EVP_DigestUpdate(md, (unsigned char*) &(ctx->buf[OK_BLOCK_BLOCK]), tl); | 535 | EVP_DigestUpdate(md, (unsigned char*) &(ctx->buf[OK_BLOCK_BLOCK]), tl); |
| 540 | EVP_DigestFinal_ex(md, &(ctx->buf[ctx->buf_len]), NULL); | 536 | EVP_DigestFinal_ex(md, &(ctx->buf[ctx->buf_len]), NULL); |
| 541 | ctx->buf_len+= md->digest->md_size; | 537 | ctx->buf_len+= md->digest->md_size; |
| @@ -546,14 +542,18 @@ static void block_in(BIO* b) | |||
| 546 | { | 542 | { |
| 547 | BIO_OK_CTX *ctx; | 543 | BIO_OK_CTX *ctx; |
| 548 | EVP_MD_CTX *md; | 544 | EVP_MD_CTX *md; |
| 549 | long tl= 0; | 545 | unsigned long tl= 0; |
| 550 | unsigned char tmp[EVP_MAX_MD_SIZE]; | 546 | unsigned char tmp[EVP_MAX_MD_SIZE]; |
| 551 | 547 | ||
| 552 | ctx=b->ptr; | 548 | ctx=b->ptr; |
| 553 | md=&ctx->md; | 549 | md=&ctx->md; |
| 554 | 550 | ||
| 555 | memcpy(&tl, ctx->buf, OK_BLOCK_BLOCK); | 551 | assert(sizeof(tl)>=OK_BLOCK_BLOCK); /* always true */ |
| 556 | tl= swapem(tl); | 552 | tl =ctx->buf[0]; tl<<=8; |
| 553 | tl|=ctx->buf[1]; tl<<=8; | ||
| 554 | tl|=ctx->buf[2]; tl<<=8; | ||
| 555 | tl|=ctx->buf[3]; | ||
| 556 | |||
| 557 | if (ctx->buf_len < tl+ OK_BLOCK_BLOCK+ md->digest->md_size) return; | 557 | if (ctx->buf_len < tl+ OK_BLOCK_BLOCK+ md->digest->md_size) return; |
| 558 | 558 | ||
| 559 | EVP_DigestUpdate(md, (unsigned char*) &(ctx->buf[OK_BLOCK_BLOCK]), tl); | 559 | EVP_DigestUpdate(md, (unsigned char*) &(ctx->buf[OK_BLOCK_BLOCK]), tl); |
diff --git a/src/lib/libssl/src/crypto/evp/c_all.c b/src/lib/libssl/src/crypto/evp/c_all.c index fa60a73ead..a5da52e62d 100644 --- a/src/lib/libssl/src/crypto/evp/c_all.c +++ b/src/lib/libssl/src/crypto/evp/c_all.c | |||
| @@ -74,6 +74,12 @@ void OpenSSL_add_all_algorithms(void) | |||
| 74 | 74 | ||
| 75 | void OPENSSL_add_all_algorithms_noconf(void) | 75 | void OPENSSL_add_all_algorithms_noconf(void) |
| 76 | { | 76 | { |
| 77 | /* | ||
| 78 | * For the moment OPENSSL_cpuid_setup does something | ||
| 79 | * only on IA-32, but we reserve the option for all | ||
| 80 | * platforms... | ||
| 81 | */ | ||
| 82 | OPENSSL_cpuid_setup(); | ||
| 77 | OpenSSL_add_all_ciphers(); | 83 | OpenSSL_add_all_ciphers(); |
| 78 | OpenSSL_add_all_digests(); | 84 | OpenSSL_add_all_digests(); |
| 79 | #ifndef OPENSSL_NO_ENGINE | 85 | #ifndef OPENSSL_NO_ENGINE |
diff --git a/src/lib/libssl/src/crypto/evp/c_allc.c b/src/lib/libssl/src/crypto/evp/c_allc.c index fc96812365..7054d8125d 100644 --- a/src/lib/libssl/src/crypto/evp/c_allc.c +++ b/src/lib/libssl/src/crypto/evp/c_allc.c | |||
| @@ -107,6 +107,15 @@ void OpenSSL_add_all_ciphers(void) | |||
| 107 | EVP_add_cipher_alias(SN_idea_cbc,"idea"); | 107 | EVP_add_cipher_alias(SN_idea_cbc,"idea"); |
| 108 | #endif | 108 | #endif |
| 109 | 109 | ||
| 110 | #ifndef OPENSSL_NO_SEED | ||
| 111 | EVP_add_cipher(EVP_seed_ecb()); | ||
| 112 | EVP_add_cipher(EVP_seed_cfb()); | ||
| 113 | EVP_add_cipher(EVP_seed_ofb()); | ||
| 114 | EVP_add_cipher(EVP_seed_cbc()); | ||
| 115 | EVP_add_cipher_alias(SN_seed_cbc,"SEED"); | ||
| 116 | EVP_add_cipher_alias(SN_seed_cbc,"seed"); | ||
| 117 | #endif | ||
| 118 | |||
| 110 | #ifndef OPENSSL_NO_RC2 | 119 | #ifndef OPENSSL_NO_RC2 |
| 111 | EVP_add_cipher(EVP_rc2_ecb()); | 120 | EVP_add_cipher(EVP_rc2_ecb()); |
| 112 | EVP_add_cipher(EVP_rc2_cfb()); | 121 | EVP_add_cipher(EVP_rc2_cfb()); |
| @@ -183,6 +192,34 @@ void OpenSSL_add_all_ciphers(void) | |||
| 183 | EVP_add_cipher_alias(SN_aes_256_cbc,"AES256"); | 192 | EVP_add_cipher_alias(SN_aes_256_cbc,"AES256"); |
| 184 | EVP_add_cipher_alias(SN_aes_256_cbc,"aes256"); | 193 | EVP_add_cipher_alias(SN_aes_256_cbc,"aes256"); |
| 185 | #endif | 194 | #endif |
| 195 | |||
| 196 | #ifndef OPENSSL_NO_CAMELLIA | ||
| 197 | EVP_add_cipher(EVP_camellia_128_ecb()); | ||
| 198 | EVP_add_cipher(EVP_camellia_128_cbc()); | ||
| 199 | EVP_add_cipher(EVP_camellia_128_cfb()); | ||
| 200 | EVP_add_cipher(EVP_camellia_128_cfb1()); | ||
| 201 | EVP_add_cipher(EVP_camellia_128_cfb8()); | ||
| 202 | EVP_add_cipher(EVP_camellia_128_ofb()); | ||
| 203 | EVP_add_cipher_alias(SN_camellia_128_cbc,"CAMELLIA128"); | ||
| 204 | EVP_add_cipher_alias(SN_camellia_128_cbc,"camellia128"); | ||
| 205 | EVP_add_cipher(EVP_camellia_192_ecb()); | ||
| 206 | EVP_add_cipher(EVP_camellia_192_cbc()); | ||
| 207 | EVP_add_cipher(EVP_camellia_192_cfb()); | ||
| 208 | EVP_add_cipher(EVP_camellia_192_cfb1()); | ||
| 209 | EVP_add_cipher(EVP_camellia_192_cfb8()); | ||
| 210 | EVP_add_cipher(EVP_camellia_192_ofb()); | ||
| 211 | EVP_add_cipher_alias(SN_camellia_192_cbc,"CAMELLIA192"); | ||
| 212 | EVP_add_cipher_alias(SN_camellia_192_cbc,"camellia192"); | ||
| 213 | EVP_add_cipher(EVP_camellia_256_ecb()); | ||
| 214 | EVP_add_cipher(EVP_camellia_256_cbc()); | ||
| 215 | EVP_add_cipher(EVP_camellia_256_cfb()); | ||
| 216 | EVP_add_cipher(EVP_camellia_256_cfb1()); | ||
| 217 | EVP_add_cipher(EVP_camellia_256_cfb8()); | ||
| 218 | EVP_add_cipher(EVP_camellia_256_ofb()); | ||
| 219 | EVP_add_cipher_alias(SN_camellia_256_cbc,"CAMELLIA256"); | ||
| 220 | EVP_add_cipher_alias(SN_camellia_256_cbc,"camellia256"); | ||
| 221 | #endif | ||
| 222 | |||
| 186 | PKCS12_PBE_add(); | 223 | PKCS12_PBE_add(); |
| 187 | PKCS5_PBE_add(); | 224 | PKCS5_PBE_add(); |
| 188 | } | 225 | } |
diff --git a/src/lib/libssl/src/crypto/evp/c_alld.c b/src/lib/libssl/src/crypto/evp/c_alld.c index 929ea56a3e..d270b0ee03 100644 --- a/src/lib/libssl/src/crypto/evp/c_alld.c +++ b/src/lib/libssl/src/crypto/evp/c_alld.c | |||
| @@ -91,6 +91,9 @@ void OpenSSL_add_all_digests(void) | |||
| 91 | EVP_add_digest_alias(SN_dsaWithSHA1,"DSS1"); | 91 | EVP_add_digest_alias(SN_dsaWithSHA1,"DSS1"); |
| 92 | EVP_add_digest_alias(SN_dsaWithSHA1,"dss1"); | 92 | EVP_add_digest_alias(SN_dsaWithSHA1,"dss1"); |
| 93 | #endif | 93 | #endif |
| 94 | #ifndef OPENSSL_NO_ECDSA | ||
| 95 | EVP_add_digest(EVP_ecdsa()); | ||
| 96 | #endif | ||
| 94 | #endif | 97 | #endif |
| 95 | #if !defined(OPENSSL_NO_MDC2) && !defined(OPENSSL_NO_DES) | 98 | #if !defined(OPENSSL_NO_MDC2) && !defined(OPENSSL_NO_DES) |
| 96 | EVP_add_digest(EVP_mdc2()); | 99 | EVP_add_digest(EVP_mdc2()); |
| @@ -100,7 +103,6 @@ void OpenSSL_add_all_digests(void) | |||
| 100 | EVP_add_digest_alias(SN_ripemd160,"ripemd"); | 103 | EVP_add_digest_alias(SN_ripemd160,"ripemd"); |
| 101 | EVP_add_digest_alias(SN_ripemd160,"rmd160"); | 104 | EVP_add_digest_alias(SN_ripemd160,"rmd160"); |
| 102 | #endif | 105 | #endif |
| 103 | #ifdef OPENSSL_FIPS | ||
| 104 | #ifndef OPENSSL_NO_SHA256 | 106 | #ifndef OPENSSL_NO_SHA256 |
| 105 | EVP_add_digest(EVP_sha224()); | 107 | EVP_add_digest(EVP_sha224()); |
| 106 | EVP_add_digest(EVP_sha256()); | 108 | EVP_add_digest(EVP_sha256()); |
| @@ -109,5 +111,4 @@ void OpenSSL_add_all_digests(void) | |||
| 109 | EVP_add_digest(EVP_sha384()); | 111 | EVP_add_digest(EVP_sha384()); |
| 110 | EVP_add_digest(EVP_sha512()); | 112 | EVP_add_digest(EVP_sha512()); |
| 111 | #endif | 113 | #endif |
| 112 | #endif | ||
| 113 | } | 114 | } |
diff --git a/src/lib/libssl/src/crypto/evp/digest.c b/src/lib/libssl/src/crypto/evp/digest.c index f21c63842c..762e6d3450 100644 --- a/src/lib/libssl/src/crypto/evp/digest.c +++ b/src/lib/libssl/src/crypto/evp/digest.c | |||
| @@ -137,39 +137,6 @@ int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type) | |||
| 137 | return EVP_DigestInit_ex(ctx, type, NULL); | 137 | return EVP_DigestInit_ex(ctx, type, NULL); |
| 138 | } | 138 | } |
| 139 | 139 | ||
| 140 | #ifdef OPENSSL_FIPS | ||
| 141 | |||
| 142 | /* The purpose of these is to trap programs that attempt to use non FIPS | ||
| 143 | * algorithms in FIPS mode and ignore the errors. | ||
| 144 | */ | ||
| 145 | |||
| 146 | static int bad_init(EVP_MD_CTX *ctx) | ||
| 147 | { FIPS_ERROR_IGNORED("Digest init"); return 0;} | ||
| 148 | |||
| 149 | static int bad_update(EVP_MD_CTX *ctx,const void *data,unsigned long count) | ||
| 150 | { FIPS_ERROR_IGNORED("Digest update"); return 0;} | ||
| 151 | |||
| 152 | static int bad_final(EVP_MD_CTX *ctx,unsigned char *md) | ||
| 153 | { FIPS_ERROR_IGNORED("Digest Final"); return 0;} | ||
| 154 | |||
| 155 | static const EVP_MD bad_md = | ||
| 156 | { | ||
| 157 | 0, | ||
| 158 | 0, | ||
| 159 | 0, | ||
| 160 | 0, | ||
| 161 | bad_init, | ||
| 162 | bad_update, | ||
| 163 | bad_final, | ||
| 164 | NULL, | ||
| 165 | NULL, | ||
| 166 | NULL, | ||
| 167 | 0, | ||
| 168 | {0,0,0,0}, | ||
| 169 | }; | ||
| 170 | |||
| 171 | #endif | ||
| 172 | |||
| 173 | int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl) | 140 | int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl) |
| 174 | { | 141 | { |
| 175 | EVP_MD_CTX_clear_flags(ctx,EVP_MD_CTX_FLAG_CLEANED); | 142 | EVP_MD_CTX_clear_flags(ctx,EVP_MD_CTX_FLAG_CLEANED); |
| @@ -192,7 +159,7 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl) | |||
| 192 | { | 159 | { |
| 193 | if (!ENGINE_init(impl)) | 160 | if (!ENGINE_init(impl)) |
| 194 | { | 161 | { |
| 195 | EVPerr(EVP_F_EVP_DIGESTINIT, EVP_R_INITIALIZATION_ERROR); | 162 | EVPerr(EVP_F_EVP_DIGESTINIT_EX,EVP_R_INITIALIZATION_ERROR); |
| 196 | return 0; | 163 | return 0; |
| 197 | } | 164 | } |
| 198 | } | 165 | } |
| @@ -206,7 +173,7 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl) | |||
| 206 | if(!d) | 173 | if(!d) |
| 207 | { | 174 | { |
| 208 | /* Same comment from evp_enc.c */ | 175 | /* Same comment from evp_enc.c */ |
| 209 | EVPerr(EVP_F_EVP_DIGESTINIT, EVP_R_INITIALIZATION_ERROR); | 176 | EVPerr(EVP_F_EVP_DIGESTINIT_EX,EVP_R_INITIALIZATION_ERROR); |
| 210 | return 0; | 177 | return 0; |
| 211 | } | 178 | } |
| 212 | /* We'll use the ENGINE's private digest definition */ | 179 | /* We'll use the ENGINE's private digest definition */ |
| @@ -222,24 +189,12 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl) | |||
| 222 | else | 189 | else |
| 223 | if(!ctx->digest) | 190 | if(!ctx->digest) |
| 224 | { | 191 | { |
| 225 | EVPerr(EVP_F_EVP_DIGESTINIT, EVP_R_NO_DIGEST_SET); | 192 | EVPerr(EVP_F_EVP_DIGESTINIT_EX,EVP_R_NO_DIGEST_SET); |
| 226 | return 0; | 193 | return 0; |
| 227 | } | 194 | } |
| 228 | #endif | 195 | #endif |
| 229 | if (ctx->digest != type) | 196 | if (ctx->digest != type) |
| 230 | { | 197 | { |
| 231 | #ifdef OPENSSL_FIPS | ||
| 232 | if (FIPS_mode()) | ||
| 233 | { | ||
| 234 | if (!(type->flags & EVP_MD_FLAG_FIPS) | ||
| 235 | && !(ctx->flags & EVP_MD_CTX_FLAG_NON_FIPS_ALLOW)) | ||
| 236 | { | ||
| 237 | EVPerr(EVP_F_EVP_DIGESTINIT, EVP_R_DISABLED_FOR_FIPS); | ||
| 238 | ctx->digest = &bad_md; | ||
| 239 | return 0; | ||
| 240 | } | ||
| 241 | } | ||
| 242 | #endif | ||
| 243 | if (ctx->digest && ctx->digest->ctx_size) | 198 | if (ctx->digest && ctx->digest->ctx_size) |
| 244 | OPENSSL_free(ctx->md_data); | 199 | OPENSSL_free(ctx->md_data); |
| 245 | ctx->digest=type; | 200 | ctx->digest=type; |
| @@ -253,9 +208,9 @@ skip_to_init: | |||
| 253 | } | 208 | } |
| 254 | 209 | ||
| 255 | int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *data, | 210 | int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *data, |
| 256 | unsigned int count) | 211 | size_t count) |
| 257 | { | 212 | { |
| 258 | return ctx->digest->update(ctx,data,(unsigned long)count); | 213 | return ctx->digest->update(ctx,data,count); |
| 259 | } | 214 | } |
| 260 | 215 | ||
| 261 | /* The caller can assume that this removes any secret data from the context */ | 216 | /* The caller can assume that this removes any secret data from the context */ |
| @@ -296,14 +251,14 @@ int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in) | |||
| 296 | unsigned char *tmp_buf; | 251 | unsigned char *tmp_buf; |
| 297 | if ((in == NULL) || (in->digest == NULL)) | 252 | if ((in == NULL) || (in->digest == NULL)) |
| 298 | { | 253 | { |
| 299 | EVPerr(EVP_F_EVP_MD_CTX_COPY,EVP_R_INPUT_NOT_INITIALIZED); | 254 | EVPerr(EVP_F_EVP_MD_CTX_COPY_EX,EVP_R_INPUT_NOT_INITIALIZED); |
| 300 | return 0; | 255 | return 0; |
| 301 | } | 256 | } |
| 302 | #ifndef OPENSSL_NO_ENGINE | 257 | #ifndef OPENSSL_NO_ENGINE |
| 303 | /* Make sure it's safe to copy a digest context using an ENGINE */ | 258 | /* Make sure it's safe to copy a digest context using an ENGINE */ |
| 304 | if (in->engine && !ENGINE_init(in->engine)) | 259 | if (in->engine && !ENGINE_init(in->engine)) |
| 305 | { | 260 | { |
| 306 | EVPerr(EVP_F_EVP_MD_CTX_COPY,ERR_R_ENGINE_LIB); | 261 | EVPerr(EVP_F_EVP_MD_CTX_COPY_EX,ERR_R_ENGINE_LIB); |
| 307 | return 0; | 262 | return 0; |
| 308 | } | 263 | } |
| 309 | #endif | 264 | #endif |
| @@ -330,7 +285,7 @@ int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in) | |||
| 330 | return 1; | 285 | return 1; |
| 331 | } | 286 | } |
| 332 | 287 | ||
| 333 | int EVP_Digest(void *data, unsigned int count, | 288 | int EVP_Digest(const void *data, size_t count, |
| 334 | unsigned char *md, unsigned int *size, const EVP_MD *type, ENGINE *impl) | 289 | unsigned char *md, unsigned int *size, const EVP_MD *type, ENGINE *impl) |
| 335 | { | 290 | { |
| 336 | EVP_MD_CTX ctx; | 291 | EVP_MD_CTX ctx; |
diff --git a/src/lib/libssl/src/crypto/evp/e_aes.c b/src/lib/libssl/src/crypto/evp/e_aes.c index 7b67984fa1..bd6c0a3a62 100644 --- a/src/lib/libssl/src/crypto/evp/e_aes.c +++ b/src/lib/libssl/src/crypto/evp/e_aes.c | |||
| @@ -48,10 +48,12 @@ | |||
| 48 | * | 48 | * |
| 49 | */ | 49 | */ |
| 50 | 50 | ||
| 51 | #include <openssl/opensslconf.h> | ||
| 51 | #ifndef OPENSSL_NO_AES | 52 | #ifndef OPENSSL_NO_AES |
| 52 | #include <openssl/evp.h> | 53 | #include <openssl/evp.h> |
| 53 | #include <openssl/err.h> | 54 | #include <openssl/err.h> |
| 54 | #include <string.h> | 55 | #include <string.h> |
| 56 | #include <assert.h> | ||
| 55 | #include <openssl/aes.h> | 57 | #include <openssl/aes.h> |
| 56 | #include "evp_locl.h" | 58 | #include "evp_locl.h" |
| 57 | 59 | ||
| @@ -67,32 +69,32 @@ typedef struct | |||
| 67 | 69 | ||
| 68 | IMPLEMENT_BLOCK_CIPHER(aes_128, ks, AES, EVP_AES_KEY, | 70 | IMPLEMENT_BLOCK_CIPHER(aes_128, ks, AES, EVP_AES_KEY, |
| 69 | NID_aes_128, 16, 16, 16, 128, | 71 | NID_aes_128, 16, 16, 16, 128, |
| 70 | EVP_CIPH_FLAG_FIPS, aes_init_key, NULL, | 72 | 0, aes_init_key, NULL, |
| 71 | EVP_CIPHER_set_asn1_iv, | 73 | EVP_CIPHER_set_asn1_iv, |
| 72 | EVP_CIPHER_get_asn1_iv, | 74 | EVP_CIPHER_get_asn1_iv, |
| 73 | NULL) | 75 | NULL) |
| 74 | IMPLEMENT_BLOCK_CIPHER(aes_192, ks, AES, EVP_AES_KEY, | 76 | IMPLEMENT_BLOCK_CIPHER(aes_192, ks, AES, EVP_AES_KEY, |
| 75 | NID_aes_192, 16, 24, 16, 128, | 77 | NID_aes_192, 16, 24, 16, 128, |
| 76 | EVP_CIPH_FLAG_FIPS, aes_init_key, NULL, | 78 | 0, aes_init_key, NULL, |
| 77 | EVP_CIPHER_set_asn1_iv, | 79 | EVP_CIPHER_set_asn1_iv, |
| 78 | EVP_CIPHER_get_asn1_iv, | 80 | EVP_CIPHER_get_asn1_iv, |
| 79 | NULL) | 81 | NULL) |
| 80 | IMPLEMENT_BLOCK_CIPHER(aes_256, ks, AES, EVP_AES_KEY, | 82 | IMPLEMENT_BLOCK_CIPHER(aes_256, ks, AES, EVP_AES_KEY, |
| 81 | NID_aes_256, 16, 32, 16, 128, | 83 | NID_aes_256, 16, 32, 16, 128, |
| 82 | EVP_CIPH_FLAG_FIPS, aes_init_key, NULL, | 84 | 0, aes_init_key, NULL, |
| 83 | EVP_CIPHER_set_asn1_iv, | 85 | EVP_CIPHER_set_asn1_iv, |
| 84 | EVP_CIPHER_get_asn1_iv, | 86 | EVP_CIPHER_get_asn1_iv, |
| 85 | NULL) | 87 | NULL) |
| 86 | 88 | ||
| 87 | #define IMPLEMENT_AES_CFBR(ksize,cbits,flags) IMPLEMENT_CFBR(aes,AES,EVP_AES_KEY,ks,ksize,cbits,16,flags) | 89 | #define IMPLEMENT_AES_CFBR(ksize,cbits) IMPLEMENT_CFBR(aes,AES,EVP_AES_KEY,ks,ksize,cbits,16) |
| 88 | 90 | ||
| 89 | IMPLEMENT_AES_CFBR(128,1,EVP_CIPH_FLAG_FIPS) | 91 | IMPLEMENT_AES_CFBR(128,1) |
| 90 | IMPLEMENT_AES_CFBR(192,1,EVP_CIPH_FLAG_FIPS) | 92 | IMPLEMENT_AES_CFBR(192,1) |
| 91 | IMPLEMENT_AES_CFBR(256,1,EVP_CIPH_FLAG_FIPS) | 93 | IMPLEMENT_AES_CFBR(256,1) |
| 92 | 94 | ||
| 93 | IMPLEMENT_AES_CFBR(128,8,EVP_CIPH_FLAG_FIPS) | 95 | IMPLEMENT_AES_CFBR(128,8) |
| 94 | IMPLEMENT_AES_CFBR(192,8,EVP_CIPH_FLAG_FIPS) | 96 | IMPLEMENT_AES_CFBR(192,8) |
| 95 | IMPLEMENT_AES_CFBR(256,8,EVP_CIPH_FLAG_FIPS) | 97 | IMPLEMENT_AES_CFBR(256,8) |
| 96 | 98 | ||
| 97 | static int aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, | 99 | static int aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, |
| 98 | const unsigned char *iv, int enc) | 100 | const unsigned char *iv, int enc) |
diff --git a/src/lib/libssl/src/crypto/evp/e_bf.c b/src/lib/libssl/src/crypto/evp/e_bf.c index e74337567b..cc224e5363 100644 --- a/src/lib/libssl/src/crypto/evp/e_bf.c +++ b/src/lib/libssl/src/crypto/evp/e_bf.c | |||
| @@ -56,9 +56,9 @@ | |||
| 56 | * [including the GNU Public Licence.] | 56 | * [including the GNU Public Licence.] |
| 57 | */ | 57 | */ |
| 58 | 58 | ||
| 59 | #ifndef OPENSSL_NO_BF | ||
| 60 | #include <stdio.h> | 59 | #include <stdio.h> |
| 61 | #include "cryptlib.h" | 60 | #include "cryptlib.h" |
| 61 | #ifndef OPENSSL_NO_BF | ||
| 62 | #include <openssl/evp.h> | 62 | #include <openssl/evp.h> |
| 63 | #include "evp_locl.h" | 63 | #include "evp_locl.h" |
| 64 | #include <openssl/objects.h> | 64 | #include <openssl/objects.h> |
diff --git a/src/lib/libssl/src/crypto/evp/e_cast.c b/src/lib/libssl/src/crypto/evp/e_cast.c index 3400fef187..d77bcd9298 100644 --- a/src/lib/libssl/src/crypto/evp/e_cast.c +++ b/src/lib/libssl/src/crypto/evp/e_cast.c | |||
| @@ -56,10 +56,10 @@ | |||
| 56 | * [including the GNU Public Licence.] | 56 | * [including the GNU Public Licence.] |
| 57 | */ | 57 | */ |
| 58 | 58 | ||
| 59 | #ifndef OPENSSL_NO_CAST | ||
| 60 | |||
| 61 | #include <stdio.h> | 59 | #include <stdio.h> |
| 62 | #include "cryptlib.h" | 60 | #include "cryptlib.h" |
| 61 | |||
| 62 | #ifndef OPENSSL_NO_CAST | ||
| 63 | #include <openssl/evp.h> | 63 | #include <openssl/evp.h> |
| 64 | #include <openssl/objects.h> | 64 | #include <openssl/objects.h> |
| 65 | #include "evp_locl.h" | 65 | #include "evp_locl.h" |
diff --git a/src/lib/libssl/src/crypto/evp/e_des.c b/src/lib/libssl/src/crypto/evp/e_des.c index 46e2899825..856323648c 100644 --- a/src/lib/libssl/src/crypto/evp/e_des.c +++ b/src/lib/libssl/src/crypto/evp/e_des.c | |||
| @@ -63,9 +63,11 @@ | |||
| 63 | #include <openssl/objects.h> | 63 | #include <openssl/objects.h> |
| 64 | #include "evp_locl.h" | 64 | #include "evp_locl.h" |
| 65 | #include <openssl/des.h> | 65 | #include <openssl/des.h> |
| 66 | #include <openssl/rand.h> | ||
| 66 | 67 | ||
| 67 | static int des_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, | 68 | static int des_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, |
| 68 | const unsigned char *iv, int enc); | 69 | const unsigned char *iv, int enc); |
| 70 | static int des_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr); | ||
| 69 | 71 | ||
| 70 | /* Because of various casts and different names can't use IMPLEMENT_BLOCK_CIPHER */ | 72 | /* Because of various casts and different names can't use IMPLEMENT_BLOCK_CIPHER */ |
| 71 | 73 | ||
| @@ -127,28 +129,48 @@ static int des_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, | |||
| 127 | } | 129 | } |
| 128 | 130 | ||
| 129 | BLOCK_CIPHER_defs(des, DES_key_schedule, NID_des, 8, 8, 8, 64, | 131 | BLOCK_CIPHER_defs(des, DES_key_schedule, NID_des, 8, 8, 8, 64, |
| 130 | EVP_CIPH_FLAG_FIPS, des_init_key, NULL, | 132 | EVP_CIPH_RAND_KEY, des_init_key, NULL, |
| 131 | EVP_CIPHER_set_asn1_iv, | 133 | EVP_CIPHER_set_asn1_iv, |
| 132 | EVP_CIPHER_get_asn1_iv, | 134 | EVP_CIPHER_get_asn1_iv, |
| 133 | NULL) | 135 | des_ctrl) |
| 134 | 136 | ||
| 135 | BLOCK_CIPHER_def_cfb(des,DES_key_schedule,NID_des,8,8,1, | 137 | BLOCK_CIPHER_def_cfb(des,DES_key_schedule,NID_des,8,8,1, |
| 136 | EVP_CIPH_FLAG_FIPS,des_init_key,NULL, | 138 | EVP_CIPH_RAND_KEY, des_init_key,NULL, |
| 137 | EVP_CIPHER_set_asn1_iv, | 139 | EVP_CIPHER_set_asn1_iv, |
| 138 | EVP_CIPHER_get_asn1_iv,NULL) | 140 | EVP_CIPHER_get_asn1_iv,des_ctrl) |
| 139 | 141 | ||
| 140 | BLOCK_CIPHER_def_cfb(des,DES_key_schedule,NID_des,8,8,8, | 142 | BLOCK_CIPHER_def_cfb(des,DES_key_schedule,NID_des,8,8,8, |
| 141 | EVP_CIPH_FLAG_FIPS,des_init_key,NULL, | 143 | EVP_CIPH_RAND_KEY,des_init_key,NULL, |
| 142 | EVP_CIPHER_set_asn1_iv, | 144 | EVP_CIPHER_set_asn1_iv, |
| 143 | EVP_CIPHER_get_asn1_iv,NULL) | 145 | EVP_CIPHER_get_asn1_iv,des_ctrl) |
| 144 | 146 | ||
| 145 | static int des_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, | 147 | static int des_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, |
| 146 | const unsigned char *iv, int enc) | 148 | const unsigned char *iv, int enc) |
| 147 | { | 149 | { |
| 148 | DES_cblock *deskey = (DES_cblock *)key; | 150 | DES_cblock *deskey = (DES_cblock *)key; |
| 149 | 151 | #ifdef EVP_CHECK_DES_KEY | |
| 152 | if(DES_set_key_checked(deskey,ctx->cipher_data) != 0) | ||
| 153 | return 0; | ||
| 154 | #else | ||
| 150 | DES_set_key_unchecked(deskey,ctx->cipher_data); | 155 | DES_set_key_unchecked(deskey,ctx->cipher_data); |
| 156 | #endif | ||
| 151 | return 1; | 157 | return 1; |
| 152 | } | 158 | } |
| 153 | 159 | ||
| 160 | static int des_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) | ||
| 161 | { | ||
| 162 | |||
| 163 | switch(type) | ||
| 164 | { | ||
| 165 | case EVP_CTRL_RAND_KEY: | ||
| 166 | if (RAND_bytes(ptr, 8) <= 0) | ||
| 167 | return 0; | ||
| 168 | DES_set_odd_parity((DES_cblock *)ptr); | ||
| 169 | return 1; | ||
| 170 | |||
| 171 | default: | ||
| 172 | return -1; | ||
| 173 | } | ||
| 174 | } | ||
| 175 | |||
| 154 | #endif | 176 | #endif |
diff --git a/src/lib/libssl/src/crypto/evp/e_des3.c b/src/lib/libssl/src/crypto/evp/e_des3.c index 677322bf02..ac148efab2 100644 --- a/src/lib/libssl/src/crypto/evp/e_des3.c +++ b/src/lib/libssl/src/crypto/evp/e_des3.c | |||
| @@ -63,6 +63,7 @@ | |||
| 63 | #include <openssl/objects.h> | 63 | #include <openssl/objects.h> |
| 64 | #include "evp_locl.h" | 64 | #include "evp_locl.h" |
| 65 | #include <openssl/des.h> | 65 | #include <openssl/des.h> |
| 66 | #include <openssl/rand.h> | ||
| 66 | 67 | ||
| 67 | static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, | 68 | static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, |
| 68 | const unsigned char *iv,int enc); | 69 | const unsigned char *iv,int enc); |
| @@ -70,6 +71,8 @@ static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, | |||
| 70 | static int des_ede3_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, | 71 | static int des_ede3_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, |
| 71 | const unsigned char *iv,int enc); | 72 | const unsigned char *iv,int enc); |
| 72 | 73 | ||
| 74 | static int des3_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr); | ||
| 75 | |||
| 73 | typedef struct | 76 | typedef struct |
| 74 | { | 77 | { |
| 75 | DES_key_schedule ks1;/* key schedule */ | 78 | DES_key_schedule ks1;/* key schedule */ |
| @@ -85,7 +88,8 @@ static int des_ede_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, | |||
| 85 | const unsigned char *in, unsigned int inl) | 88 | const unsigned char *in, unsigned int inl) |
| 86 | { | 89 | { |
| 87 | BLOCK_CIPHER_ecb_loop() | 90 | BLOCK_CIPHER_ecb_loop() |
| 88 | DES_ecb3_encrypt(in + i,out + i, | 91 | DES_ecb3_encrypt((const_DES_cblock *)(in + i), |
| 92 | (DES_cblock *)(out + i), | ||
| 89 | &data(ctx)->ks1, &data(ctx)->ks2, | 93 | &data(ctx)->ks1, &data(ctx)->ks2, |
| 90 | &data(ctx)->ks3, | 94 | &data(ctx)->ks3, |
| 91 | ctx->encrypt); | 95 | ctx->encrypt); |
| @@ -160,10 +164,10 @@ static int des_ede3_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, | |||
| 160 | } | 164 | } |
| 161 | 165 | ||
| 162 | BLOCK_CIPHER_defs(des_ede, DES_EDE_KEY, NID_des_ede, 8, 16, 8, 64, | 166 | BLOCK_CIPHER_defs(des_ede, DES_EDE_KEY, NID_des_ede, 8, 16, 8, 64, |
| 163 | EVP_CIPH_FLAG_FIPS, des_ede_init_key, NULL, | 167 | EVP_CIPH_RAND_KEY, des_ede_init_key, NULL, |
| 164 | EVP_CIPHER_set_asn1_iv, | 168 | EVP_CIPHER_set_asn1_iv, |
| 165 | EVP_CIPHER_get_asn1_iv, | 169 | EVP_CIPHER_get_asn1_iv, |
| 166 | NULL) | 170 | des3_ctrl) |
| 167 | 171 | ||
| 168 | #define des_ede3_cfb64_cipher des_ede_cfb64_cipher | 172 | #define des_ede3_cfb64_cipher des_ede_cfb64_cipher |
| 169 | #define des_ede3_ofb_cipher des_ede_ofb_cipher | 173 | #define des_ede3_ofb_cipher des_ede_ofb_cipher |
| @@ -171,28 +175,35 @@ BLOCK_CIPHER_defs(des_ede, DES_EDE_KEY, NID_des_ede, 8, 16, 8, 64, | |||
| 171 | #define des_ede3_ecb_cipher des_ede_ecb_cipher | 175 | #define des_ede3_ecb_cipher des_ede_ecb_cipher |
| 172 | 176 | ||
| 173 | BLOCK_CIPHER_defs(des_ede3, DES_EDE_KEY, NID_des_ede3, 8, 24, 8, 64, | 177 | BLOCK_CIPHER_defs(des_ede3, DES_EDE_KEY, NID_des_ede3, 8, 24, 8, 64, |
| 174 | EVP_CIPH_FLAG_FIPS, des_ede3_init_key, NULL, | 178 | EVP_CIPH_RAND_KEY, des_ede3_init_key, NULL, |
| 175 | EVP_CIPHER_set_asn1_iv, | 179 | EVP_CIPHER_set_asn1_iv, |
| 176 | EVP_CIPHER_get_asn1_iv, | 180 | EVP_CIPHER_get_asn1_iv, |
| 177 | NULL) | 181 | des3_ctrl) |
| 178 | 182 | ||
| 179 | BLOCK_CIPHER_def_cfb(des_ede3,DES_EDE_KEY,NID_des_ede3,24,8,1, | 183 | BLOCK_CIPHER_def_cfb(des_ede3,DES_EDE_KEY,NID_des_ede3,24,8,1, |
| 180 | EVP_CIPH_FLAG_FIPS, des_ede3_init_key,NULL, | 184 | EVP_CIPH_RAND_KEY, des_ede3_init_key,NULL, |
| 181 | EVP_CIPHER_set_asn1_iv, | 185 | EVP_CIPHER_set_asn1_iv, |
| 182 | EVP_CIPHER_get_asn1_iv,NULL) | 186 | EVP_CIPHER_get_asn1_iv, |
| 187 | des3_ctrl) | ||
| 183 | 188 | ||
| 184 | BLOCK_CIPHER_def_cfb(des_ede3,DES_EDE_KEY,NID_des_ede3,24,8,8, | 189 | BLOCK_CIPHER_def_cfb(des_ede3,DES_EDE_KEY,NID_des_ede3,24,8,8, |
| 185 | EVP_CIPH_FLAG_FIPS, des_ede3_init_key,NULL, | 190 | EVP_CIPH_RAND_KEY, des_ede3_init_key,NULL, |
| 186 | EVP_CIPHER_set_asn1_iv, | 191 | EVP_CIPHER_set_asn1_iv, |
| 187 | EVP_CIPHER_get_asn1_iv,NULL) | 192 | EVP_CIPHER_get_asn1_iv, |
| 193 | des3_ctrl) | ||
| 188 | 194 | ||
| 189 | static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, | 195 | static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, |
| 190 | const unsigned char *iv, int enc) | 196 | const unsigned char *iv, int enc) |
| 191 | { | 197 | { |
| 192 | DES_cblock *deskey = (DES_cblock *)key; | 198 | DES_cblock *deskey = (DES_cblock *)key; |
| 193 | 199 | #ifdef EVP_CHECK_DES_KEY | |
| 200 | if (DES_set_key_checked(&deskey[0],&data(ctx)->ks1) | ||
| 201 | !! DES_set_key_checked(&deskey[1],&data(ctx)->ks2)) | ||
| 202 | return 0; | ||
| 203 | #else | ||
| 194 | DES_set_key_unchecked(&deskey[0],&data(ctx)->ks1); | 204 | DES_set_key_unchecked(&deskey[0],&data(ctx)->ks1); |
| 195 | DES_set_key_unchecked(&deskey[1],&data(ctx)->ks2); | 205 | DES_set_key_unchecked(&deskey[1],&data(ctx)->ks2); |
| 206 | #endif | ||
| 196 | memcpy(&data(ctx)->ks3,&data(ctx)->ks1, | 207 | memcpy(&data(ctx)->ks3,&data(ctx)->ks1, |
| 197 | sizeof(data(ctx)->ks1)); | 208 | sizeof(data(ctx)->ks1)); |
| 198 | return 1; | 209 | return 1; |
| @@ -213,13 +224,41 @@ static int des_ede3_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, | |||
| 213 | } | 224 | } |
| 214 | #endif /* KSSL_DEBUG */ | 225 | #endif /* KSSL_DEBUG */ |
| 215 | 226 | ||
| 227 | #ifdef EVP_CHECK_DES_KEY | ||
| 228 | if (DES_set_key_checked(&deskey[0],&data(ctx)->ks1) | ||
| 229 | || DES_set_key_checked(&deskey[1],&data(ctx)->ks2) | ||
| 230 | || DES_set_key_checked(&deskey[2],&data(ctx)->ks3)) | ||
| 231 | return 0; | ||
| 232 | #else | ||
| 216 | DES_set_key_unchecked(&deskey[0],&data(ctx)->ks1); | 233 | DES_set_key_unchecked(&deskey[0],&data(ctx)->ks1); |
| 217 | DES_set_key_unchecked(&deskey[1],&data(ctx)->ks2); | 234 | DES_set_key_unchecked(&deskey[1],&data(ctx)->ks2); |
| 218 | DES_set_key_unchecked(&deskey[2],&data(ctx)->ks3); | 235 | DES_set_key_unchecked(&deskey[2],&data(ctx)->ks3); |
| 219 | 236 | #endif | |
| 220 | return 1; | 237 | return 1; |
| 221 | } | 238 | } |
| 222 | 239 | ||
| 240 | static int des3_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) | ||
| 241 | { | ||
| 242 | |||
| 243 | DES_cblock *deskey = ptr; | ||
| 244 | |||
| 245 | switch(type) | ||
| 246 | { | ||
| 247 | case EVP_CTRL_RAND_KEY: | ||
| 248 | if (RAND_bytes(ptr, c->key_len) <= 0) | ||
| 249 | return 0; | ||
| 250 | DES_set_odd_parity(deskey); | ||
| 251 | if (c->key_len >= 16) | ||
| 252 | DES_set_odd_parity(deskey + 1); | ||
| 253 | if (c->key_len >= 24) | ||
| 254 | DES_set_odd_parity(deskey + 2); | ||
| 255 | return 1; | ||
| 256 | |||
| 257 | default: | ||
| 258 | return -1; | ||
| 259 | } | ||
| 260 | } | ||
| 261 | |||
| 223 | const EVP_CIPHER *EVP_des_ede(void) | 262 | const EVP_CIPHER *EVP_des_ede(void) |
| 224 | { | 263 | { |
| 225 | return &des_ede_ecb; | 264 | return &des_ede_ecb; |
diff --git a/src/lib/libssl/src/crypto/evp/e_idea.c b/src/lib/libssl/src/crypto/evp/e_idea.c index b9efa75ae7..48c33a774a 100644 --- a/src/lib/libssl/src/crypto/evp/e_idea.c +++ b/src/lib/libssl/src/crypto/evp/e_idea.c | |||
| @@ -56,10 +56,10 @@ | |||
| 56 | * [including the GNU Public Licence.] | 56 | * [including the GNU Public Licence.] |
| 57 | */ | 57 | */ |
| 58 | 58 | ||
| 59 | #ifndef OPENSSL_NO_IDEA | ||
| 60 | |||
| 61 | #include <stdio.h> | 59 | #include <stdio.h> |
| 62 | #include "cryptlib.h" | 60 | #include "cryptlib.h" |
| 61 | |||
| 62 | #ifndef OPENSSL_NO_IDEA | ||
| 63 | #include <openssl/evp.h> | 63 | #include <openssl/evp.h> |
| 64 | #include <openssl/objects.h> | 64 | #include <openssl/objects.h> |
| 65 | #include "evp_locl.h" | 65 | #include "evp_locl.h" |
diff --git a/src/lib/libssl/src/crypto/evp/e_null.c b/src/lib/libssl/src/crypto/evp/e_null.c index a84b0f14b1..5205259f18 100644 --- a/src/lib/libssl/src/crypto/evp/e_null.c +++ b/src/lib/libssl/src/crypto/evp/e_null.c | |||
| @@ -69,13 +69,14 @@ static const EVP_CIPHER n_cipher= | |||
| 69 | { | 69 | { |
| 70 | NID_undef, | 70 | NID_undef, |
| 71 | 1,0,0, | 71 | 1,0,0, |
| 72 | EVP_CIPH_FLAG_FIPS, | 72 | 0, |
| 73 | null_init_key, | 73 | null_init_key, |
| 74 | null_cipher, | 74 | null_cipher, |
| 75 | NULL, | 75 | NULL, |
| 76 | 0, | 76 | 0, |
| 77 | NULL, | 77 | NULL, |
| 78 | NULL, | 78 | NULL, |
| 79 | NULL, | ||
| 79 | NULL | 80 | NULL |
| 80 | }; | 81 | }; |
| 81 | 82 | ||
| @@ -95,7 +96,7 @@ static int null_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, | |||
| 95 | const unsigned char *in, unsigned int inl) | 96 | const unsigned char *in, unsigned int inl) |
| 96 | { | 97 | { |
| 97 | if (in != out) | 98 | if (in != out) |
| 98 | memcpy((char *)out,(char *)in,(int)inl); | 99 | memcpy((char *)out,(const char *)in,(size_t)inl); |
| 99 | return 1; | 100 | return 1; |
| 100 | } | 101 | } |
| 101 | 102 | ||
diff --git a/src/lib/libssl/src/crypto/evp/e_rc2.c b/src/lib/libssl/src/crypto/evp/e_rc2.c index d42cbfd17e..d37726ffae 100644 --- a/src/lib/libssl/src/crypto/evp/e_rc2.c +++ b/src/lib/libssl/src/crypto/evp/e_rc2.c | |||
| @@ -56,10 +56,11 @@ | |||
| 56 | * [including the GNU Public Licence.] | 56 | * [including the GNU Public Licence.] |
| 57 | */ | 57 | */ |
| 58 | 58 | ||
| 59 | #ifndef OPENSSL_NO_RC2 | ||
| 60 | |||
| 61 | #include <stdio.h> | 59 | #include <stdio.h> |
| 62 | #include "cryptlib.h" | 60 | #include "cryptlib.h" |
| 61 | |||
| 62 | #ifndef OPENSSL_NO_RC2 | ||
| 63 | |||
| 63 | #include <openssl/evp.h> | 64 | #include <openssl/evp.h> |
| 64 | #include <openssl/objects.h> | 65 | #include <openssl/objects.h> |
| 65 | #include "evp_locl.h" | 66 | #include "evp_locl.h" |
| @@ -167,16 +168,17 @@ static int rc2_magic_to_meth(int i) | |||
| 167 | static int rc2_get_asn1_type_and_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type) | 168 | static int rc2_get_asn1_type_and_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type) |
| 168 | { | 169 | { |
| 169 | long num=0; | 170 | long num=0; |
| 170 | int i=0,l; | 171 | int i=0; |
| 171 | int key_bits; | 172 | int key_bits; |
| 173 | unsigned int l; | ||
| 172 | unsigned char iv[EVP_MAX_IV_LENGTH]; | 174 | unsigned char iv[EVP_MAX_IV_LENGTH]; |
| 173 | 175 | ||
| 174 | if (type != NULL) | 176 | if (type != NULL) |
| 175 | { | 177 | { |
| 176 | l=EVP_CIPHER_CTX_iv_length(c); | 178 | l=EVP_CIPHER_CTX_iv_length(c); |
| 177 | OPENSSL_assert(l <= sizeof iv); | 179 | OPENSSL_assert(l <= sizeof(iv)); |
| 178 | i=ASN1_TYPE_get_int_octetstring(type,&num,iv,l); | 180 | i=ASN1_TYPE_get_int_octetstring(type,&num,iv,l); |
| 179 | if (i != l) | 181 | if (i != (int)l) |
| 180 | return(-1); | 182 | return(-1); |
| 181 | key_bits =rc2_magic_to_meth((int)num); | 183 | key_bits =rc2_magic_to_meth((int)num); |
| 182 | if (!key_bits) | 184 | if (!key_bits) |
diff --git a/src/lib/libssl/src/crypto/evp/e_rc4.c b/src/lib/libssl/src/crypto/evp/e_rc4.c index 8aa70585b9..67af850bea 100644 --- a/src/lib/libssl/src/crypto/evp/e_rc4.c +++ b/src/lib/libssl/src/crypto/evp/e_rc4.c | |||
| @@ -56,13 +56,13 @@ | |||
| 56 | * [including the GNU Public Licence.] | 56 | * [including the GNU Public Licence.] |
| 57 | */ | 57 | */ |
| 58 | 58 | ||
| 59 | #ifndef OPENSSL_NO_RC4 | ||
| 60 | |||
| 61 | #include <stdio.h> | 59 | #include <stdio.h> |
| 62 | #include "cryptlib.h" | 60 | #include "cryptlib.h" |
| 61 | |||
| 62 | #ifndef OPENSSL_NO_RC4 | ||
| 63 | |||
| 63 | #include <openssl/evp.h> | 64 | #include <openssl/evp.h> |
| 64 | #include <openssl/objects.h> | 65 | #include <openssl/objects.h> |
| 65 | #include "evp_locl.h" | ||
| 66 | #include <openssl/rc4.h> | 66 | #include <openssl/rc4.h> |
| 67 | 67 | ||
| 68 | /* FIXME: surely this is available elsewhere? */ | 68 | /* FIXME: surely this is available elsewhere? */ |
| @@ -90,6 +90,7 @@ static const EVP_CIPHER r4_cipher= | |||
| 90 | sizeof(EVP_RC4_KEY), | 90 | sizeof(EVP_RC4_KEY), |
| 91 | NULL, | 91 | NULL, |
| 92 | NULL, | 92 | NULL, |
| 93 | NULL, | ||
| 93 | NULL | 94 | NULL |
| 94 | }; | 95 | }; |
| 95 | 96 | ||
| @@ -104,6 +105,7 @@ static const EVP_CIPHER r4_40_cipher= | |||
| 104 | sizeof(EVP_RC4_KEY), | 105 | sizeof(EVP_RC4_KEY), |
| 105 | NULL, | 106 | NULL, |
| 106 | NULL, | 107 | NULL, |
| 108 | NULL, | ||
| 107 | NULL | 109 | NULL |
| 108 | }; | 110 | }; |
| 109 | 111 | ||
diff --git a/src/lib/libssl/src/crypto/evp/e_rc5.c b/src/lib/libssl/src/crypto/evp/e_rc5.c index 3c7713b181..19a10c6402 100644 --- a/src/lib/libssl/src/crypto/evp/e_rc5.c +++ b/src/lib/libssl/src/crypto/evp/e_rc5.c | |||
| @@ -56,10 +56,11 @@ | |||
| 56 | * [including the GNU Public Licence.] | 56 | * [including the GNU Public Licence.] |
| 57 | */ | 57 | */ |
| 58 | 58 | ||
| 59 | #ifndef OPENSSL_NO_RC5 | ||
| 60 | |||
| 61 | #include <stdio.h> | 59 | #include <stdio.h> |
| 62 | #include "cryptlib.h" | 60 | #include "cryptlib.h" |
| 61 | |||
| 62 | #ifndef OPENSSL_NO_RC5 | ||
| 63 | |||
| 63 | #include <openssl/evp.h> | 64 | #include <openssl/evp.h> |
| 64 | #include <openssl/objects.h> | 65 | #include <openssl/objects.h> |
| 65 | #include "evp_locl.h" | 66 | #include "evp_locl.h" |
diff --git a/src/lib/libssl/src/crypto/evp/e_xcbc_d.c b/src/lib/libssl/src/crypto/evp/e_xcbc_d.c index a6f849e93d..8832da2433 100644 --- a/src/lib/libssl/src/crypto/evp/e_xcbc_d.c +++ b/src/lib/libssl/src/crypto/evp/e_xcbc_d.c | |||
| @@ -56,9 +56,11 @@ | |||
| 56 | * [including the GNU Public Licence.] | 56 | * [including the GNU Public Licence.] |
| 57 | */ | 57 | */ |
| 58 | 58 | ||
| 59 | #ifndef OPENSSL_NO_DES | ||
| 60 | #include <stdio.h> | 59 | #include <stdio.h> |
| 61 | #include "cryptlib.h" | 60 | #include "cryptlib.h" |
| 61 | |||
| 62 | #ifndef OPENSSL_NO_DES | ||
| 63 | |||
| 62 | #include <openssl/evp.h> | 64 | #include <openssl/evp.h> |
| 63 | #include <openssl/objects.h> | 65 | #include <openssl/objects.h> |
| 64 | #include <openssl/des.h> | 66 | #include <openssl/des.h> |
| @@ -89,6 +91,7 @@ static const EVP_CIPHER d_xcbc_cipher= | |||
| 89 | sizeof(DESX_CBC_KEY), | 91 | sizeof(DESX_CBC_KEY), |
| 90 | EVP_CIPHER_set_asn1_iv, | 92 | EVP_CIPHER_set_asn1_iv, |
| 91 | EVP_CIPHER_get_asn1_iv, | 93 | EVP_CIPHER_get_asn1_iv, |
| 94 | NULL, | ||
| 92 | NULL | 95 | NULL |
| 93 | }; | 96 | }; |
| 94 | 97 | ||
diff --git a/src/lib/libssl/src/crypto/evp/encode.c b/src/lib/libssl/src/crypto/evp/encode.c index 33e540087d..5921f0d710 100644 --- a/src/lib/libssl/src/crypto/evp/encode.c +++ b/src/lib/libssl/src/crypto/evp/encode.c | |||
| @@ -129,14 +129,14 @@ void EVP_EncodeInit(EVP_ENCODE_CTX *ctx) | |||
| 129 | } | 129 | } |
| 130 | 130 | ||
| 131 | void EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl, | 131 | void EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl, |
| 132 | unsigned char *in, int inl) | 132 | const unsigned char *in, int inl) |
| 133 | { | 133 | { |
| 134 | int i,j; | 134 | int i,j; |
| 135 | unsigned int total=0; | 135 | unsigned int total=0; |
| 136 | 136 | ||
| 137 | *outl=0; | 137 | *outl=0; |
| 138 | if (inl == 0) return; | 138 | if (inl == 0) return; |
| 139 | OPENSSL_assert(ctx->length <= sizeof ctx->enc_data); | 139 | OPENSSL_assert(ctx->length <= (int)sizeof(ctx->enc_data)); |
| 140 | if ((ctx->num+inl) < ctx->length) | 140 | if ((ctx->num+inl) < ctx->length) |
| 141 | { | 141 | { |
| 142 | memcpy(&(ctx->enc_data[ctx->num]),in,inl); | 142 | memcpy(&(ctx->enc_data[ctx->num]),in,inl); |
| @@ -233,7 +233,7 @@ void EVP_DecodeInit(EVP_ENCODE_CTX *ctx) | |||
| 233 | * 1 for full line | 233 | * 1 for full line |
| 234 | */ | 234 | */ |
| 235 | int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl, | 235 | int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl, |
| 236 | unsigned char *in, int inl) | 236 | const unsigned char *in, int inl) |
| 237 | { | 237 | { |
| 238 | int seof= -1,eof=0,rv= -1,ret=0,i,v,tmp,n,ln,tmp2,exp_nl; | 238 | int seof= -1,eof=0,rv= -1,ret=0,i,v,tmp,n,ln,tmp2,exp_nl; |
| 239 | unsigned char *d; | 239 | unsigned char *d; |
| @@ -259,7 +259,7 @@ int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl, | |||
| 259 | /* only save the good data :-) */ | 259 | /* only save the good data :-) */ |
| 260 | if (!B64_NOT_BASE64(v)) | 260 | if (!B64_NOT_BASE64(v)) |
| 261 | { | 261 | { |
| 262 | OPENSSL_assert(n < sizeof ctx->enc_data); | 262 | OPENSSL_assert(n < (int)sizeof(ctx->enc_data)); |
| 263 | d[n++]=tmp; | 263 | d[n++]=tmp; |
| 264 | ln++; | 264 | ln++; |
| 265 | } | 265 | } |
| @@ -323,8 +323,8 @@ int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl, | |||
| 323 | if (n > 0) | 323 | if (n > 0) |
| 324 | { | 324 | { |
| 325 | v=EVP_DecodeBlock(out,d,n); | 325 | v=EVP_DecodeBlock(out,d,n); |
| 326 | if (v < 0) { rv=0; goto end; } | ||
| 327 | n=0; | 326 | n=0; |
| 327 | if (v < 0) { rv=0; goto end; } | ||
| 328 | ret+=(v-eof); | 328 | ret+=(v-eof); |
| 329 | } | 329 | } |
| 330 | else | 330 | else |
diff --git a/src/lib/libssl/src/crypto/evp/evp.h b/src/lib/libssl/src/crypto/evp/evp.h index f29e0ba8f0..c19d764c15 100644 --- a/src/lib/libssl/src/crypto/evp/evp.h +++ b/src/lib/libssl/src/crypto/evp/evp.h | |||
| @@ -75,10 +75,6 @@ | |||
| 75 | #include <openssl/bio.h> | 75 | #include <openssl/bio.h> |
| 76 | #endif | 76 | #endif |
| 77 | 77 | ||
| 78 | #ifdef OPENSSL_FIPS | ||
| 79 | #include <openssl/fips.h> | ||
| 80 | #endif | ||
| 81 | |||
| 82 | /* | 78 | /* |
| 83 | #define EVP_RC2_KEY_SIZE 16 | 79 | #define EVP_RC2_KEY_SIZE 16 |
| 84 | #define EVP_RC4_KEY_SIZE 16 | 80 | #define EVP_RC4_KEY_SIZE 16 |
| @@ -86,7 +82,7 @@ | |||
| 86 | #define EVP_CAST5_KEY_SIZE 16 | 82 | #define EVP_CAST5_KEY_SIZE 16 |
| 87 | #define EVP_RC5_32_12_16_KEY_SIZE 16 | 83 | #define EVP_RC5_32_12_16_KEY_SIZE 16 |
| 88 | */ | 84 | */ |
| 89 | #define EVP_MAX_MD_SIZE 64 /* longest known SHA512 */ | 85 | #define EVP_MAX_MD_SIZE 64 /* longest known is SHA512 */ |
| 90 | #define EVP_MAX_KEY_LENGTH 32 | 86 | #define EVP_MAX_KEY_LENGTH 32 |
| 91 | #define EVP_MAX_IV_LENGTH 16 | 87 | #define EVP_MAX_IV_LENGTH 16 |
| 92 | #define EVP_MAX_BLOCK_LENGTH 32 | 88 | #define EVP_MAX_BLOCK_LENGTH 32 |
| @@ -100,11 +96,13 @@ | |||
| 100 | #define EVP_PK_RSA 0x0001 | 96 | #define EVP_PK_RSA 0x0001 |
| 101 | #define EVP_PK_DSA 0x0002 | 97 | #define EVP_PK_DSA 0x0002 |
| 102 | #define EVP_PK_DH 0x0004 | 98 | #define EVP_PK_DH 0x0004 |
| 99 | #define EVP_PK_EC 0x0008 | ||
| 103 | #define EVP_PKT_SIGN 0x0010 | 100 | #define EVP_PKT_SIGN 0x0010 |
| 104 | #define EVP_PKT_ENC 0x0020 | 101 | #define EVP_PKT_ENC 0x0020 |
| 105 | #define EVP_PKT_EXCH 0x0040 | 102 | #define EVP_PKT_EXCH 0x0040 |
| 106 | #define EVP_PKS_RSA 0x0100 | 103 | #define EVP_PKS_RSA 0x0100 |
| 107 | #define EVP_PKS_DSA 0x0200 | 104 | #define EVP_PKS_DSA 0x0200 |
| 105 | #define EVP_PKS_EC 0x0400 | ||
| 108 | #define EVP_PKT_EXP 0x1000 /* <= 512 bit key */ | 106 | #define EVP_PKT_EXP 0x1000 /* <= 512 bit key */ |
| 109 | 107 | ||
| 110 | #define EVP_PKEY_NONE NID_undef | 108 | #define EVP_PKEY_NONE NID_undef |
| @@ -116,6 +114,7 @@ | |||
| 116 | #define EVP_PKEY_DSA3 NID_dsaWithSHA1 | 114 | #define EVP_PKEY_DSA3 NID_dsaWithSHA1 |
| 117 | #define EVP_PKEY_DSA4 NID_dsaWithSHA1_2 | 115 | #define EVP_PKEY_DSA4 NID_dsaWithSHA1_2 |
| 118 | #define EVP_PKEY_DH NID_dhKeyAgreement | 116 | #define EVP_PKEY_DH NID_dhKeyAgreement |
| 117 | #define EVP_PKEY_EC NID_X9_62_id_ecPublicKey | ||
| 119 | 118 | ||
| 120 | #ifdef __cplusplus | 119 | #ifdef __cplusplus |
| 121 | extern "C" { | 120 | extern "C" { |
| @@ -140,6 +139,9 @@ struct evp_pkey_st | |||
| 140 | #ifndef OPENSSL_NO_DH | 139 | #ifndef OPENSSL_NO_DH |
| 141 | struct dh_st *dh; /* DH */ | 140 | struct dh_st *dh; /* DH */ |
| 142 | #endif | 141 | #endif |
| 142 | #ifndef OPENSSL_NO_EC | ||
| 143 | struct ec_key_st *ec; /* ECC */ | ||
| 144 | #endif | ||
| 143 | } pkey; | 145 | } pkey; |
| 144 | int save_parameters; | 146 | int save_parameters; |
| 145 | STACK_OF(X509_ATTRIBUTE) *attributes; /* [ 0 ] */ | 147 | STACK_OF(X509_ATTRIBUTE) *attributes; /* [ 0 ] */ |
| @@ -225,39 +227,58 @@ struct env_md_st | |||
| 225 | int md_size; | 227 | int md_size; |
| 226 | unsigned long flags; | 228 | unsigned long flags; |
| 227 | int (*init)(EVP_MD_CTX *ctx); | 229 | int (*init)(EVP_MD_CTX *ctx); |
| 228 | int (*update)(EVP_MD_CTX *ctx,const void *data,unsigned long count); | 230 | int (*update)(EVP_MD_CTX *ctx,const void *data,size_t count); |
| 229 | int (*final)(EVP_MD_CTX *ctx,unsigned char *md); | 231 | int (*final)(EVP_MD_CTX *ctx,unsigned char *md); |
| 230 | int (*copy)(EVP_MD_CTX *to,const EVP_MD_CTX *from); | 232 | int (*copy)(EVP_MD_CTX *to,const EVP_MD_CTX *from); |
| 231 | int (*cleanup)(EVP_MD_CTX *ctx); | 233 | int (*cleanup)(EVP_MD_CTX *ctx); |
| 232 | 234 | ||
| 233 | /* FIXME: prototype these some day */ | 235 | /* FIXME: prototype these some day */ |
| 234 | int (*sign)(); | 236 | int (*sign)(int type, const unsigned char *m, unsigned int m_length, |
| 235 | int (*verify)(); | 237 | unsigned char *sigret, unsigned int *siglen, void *key); |
| 238 | int (*verify)(int type, const unsigned char *m, unsigned int m_length, | ||
| 239 | const unsigned char *sigbuf, unsigned int siglen, | ||
| 240 | void *key); | ||
| 236 | int required_pkey_type[5]; /*EVP_PKEY_xxx */ | 241 | int required_pkey_type[5]; /*EVP_PKEY_xxx */ |
| 237 | int block_size; | 242 | int block_size; |
| 238 | int ctx_size; /* how big does the ctx->md_data need to be */ | 243 | int ctx_size; /* how big does the ctx->md_data need to be */ |
| 239 | } /* EVP_MD */; | 244 | } /* EVP_MD */; |
| 240 | 245 | ||
| 246 | typedef int evp_sign_method(int type,const unsigned char *m, | ||
| 247 | unsigned int m_length,unsigned char *sigret, | ||
| 248 | unsigned int *siglen, void *key); | ||
| 249 | typedef int evp_verify_method(int type,const unsigned char *m, | ||
| 250 | unsigned int m_length,const unsigned char *sigbuf, | ||
| 251 | unsigned int siglen, void *key); | ||
| 252 | |||
| 241 | #define EVP_MD_FLAG_ONESHOT 0x0001 /* digest can only handle a single | 253 | #define EVP_MD_FLAG_ONESHOT 0x0001 /* digest can only handle a single |
| 242 | * block */ | 254 | * block */ |
| 243 | #define EVP_MD_FLAG_FIPS 0x0400 /* Note if suitable for use in FIPS mode */ | ||
| 244 | 255 | ||
| 245 | #define EVP_PKEY_NULL_method NULL,NULL,{0,0,0,0} | 256 | #define EVP_PKEY_NULL_method NULL,NULL,{0,0,0,0} |
| 246 | 257 | ||
| 247 | #ifndef OPENSSL_NO_DSA | 258 | #ifndef OPENSSL_NO_DSA |
| 248 | #define EVP_PKEY_DSA_method DSA_sign,DSA_verify, \ | 259 | #define EVP_PKEY_DSA_method (evp_sign_method *)DSA_sign, \ |
| 260 | (evp_verify_method *)DSA_verify, \ | ||
| 249 | {EVP_PKEY_DSA,EVP_PKEY_DSA2,EVP_PKEY_DSA3, \ | 261 | {EVP_PKEY_DSA,EVP_PKEY_DSA2,EVP_PKEY_DSA3, \ |
| 250 | EVP_PKEY_DSA4,0} | 262 | EVP_PKEY_DSA4,0} |
| 251 | #else | 263 | #else |
| 252 | #define EVP_PKEY_DSA_method EVP_PKEY_NULL_method | 264 | #define EVP_PKEY_DSA_method EVP_PKEY_NULL_method |
| 253 | #endif | 265 | #endif |
| 254 | 266 | ||
| 267 | #ifndef OPENSSL_NO_ECDSA | ||
| 268 | #define EVP_PKEY_ECDSA_method (evp_sign_method *)ECDSA_sign, \ | ||
| 269 | (evp_verify_method *)ECDSA_verify, \ | ||
| 270 | {EVP_PKEY_EC,0,0,0} | ||
| 271 | #else | ||
| 272 | #define EVP_PKEY_ECDSA_method EVP_PKEY_NULL_method | ||
| 273 | #endif | ||
| 274 | |||
| 255 | #ifndef OPENSSL_NO_RSA | 275 | #ifndef OPENSSL_NO_RSA |
| 256 | #define EVP_PKEY_RSA_method RSA_sign,RSA_verify, \ | 276 | #define EVP_PKEY_RSA_method (evp_sign_method *)RSA_sign, \ |
| 277 | (evp_verify_method *)RSA_verify, \ | ||
| 257 | {EVP_PKEY_RSA,EVP_PKEY_RSA2,0,0} | 278 | {EVP_PKEY_RSA,EVP_PKEY_RSA2,0,0} |
| 258 | #define EVP_PKEY_RSA_ASN1_OCTET_STRING_method \ | 279 | #define EVP_PKEY_RSA_ASN1_OCTET_STRING_method \ |
| 259 | RSA_sign_ASN1_OCTET_STRING, \ | 280 | (evp_sign_method *)RSA_sign_ASN1_OCTET_STRING, \ |
| 260 | RSA_verify_ASN1_OCTET_STRING, \ | 281 | (evp_verify_method *)RSA_verify_ASN1_OCTET_STRING, \ |
| 261 | {EVP_PKEY_RSA,EVP_PKEY_RSA2,0,0} | 282 | {EVP_PKEY_RSA,EVP_PKEY_RSA2,0,0} |
| 262 | #else | 283 | #else |
| 263 | #define EVP_PKEY_RSA_method EVP_PKEY_NULL_method | 284 | #define EVP_PKEY_RSA_method EVP_PKEY_NULL_method |
| @@ -283,9 +304,6 @@ struct env_md_ctx_st | |||
| 283 | #define EVP_MD_CTX_FLAG_REUSE 0x0004 /* Don't free up ctx->md_data | 304 | #define EVP_MD_CTX_FLAG_REUSE 0x0004 /* Don't free up ctx->md_data |
| 284 | * in EVP_MD_CTX_cleanup */ | 305 | * in EVP_MD_CTX_cleanup */ |
| 285 | 306 | ||
| 286 | #define EVP_MD_CTX_FLAG_NON_FIPS_ALLOW 0x0008 /* Allow use of non FIPS digest | ||
| 287 | * in FIPS mode */ | ||
| 288 | |||
| 289 | struct evp_cipher_st | 307 | struct evp_cipher_st |
| 290 | { | 308 | { |
| 291 | int nid; | 309 | int nid; |
| @@ -327,10 +345,8 @@ struct evp_cipher_st | |||
| 327 | #define EVP_CIPH_CUSTOM_KEY_LENGTH 0x80 | 345 | #define EVP_CIPH_CUSTOM_KEY_LENGTH 0x80 |
| 328 | /* Don't use standard block padding */ | 346 | /* Don't use standard block padding */ |
| 329 | #define EVP_CIPH_NO_PADDING 0x100 | 347 | #define EVP_CIPH_NO_PADDING 0x100 |
| 330 | /* Note if suitable for use in FIPS mode */ | 348 | /* cipher handles random key generation */ |
| 331 | #define EVP_CIPH_FLAG_FIPS 0x400 | 349 | #define EVP_CIPH_RAND_KEY 0x200 |
| 332 | /* Allow non FIPS cipher in FIPS mode */ | ||
| 333 | #define EVP_CIPH_FLAG_NON_FIPS_ALLOW 0x800 | ||
| 334 | 350 | ||
| 335 | /* ctrl() values */ | 351 | /* ctrl() values */ |
| 336 | 352 | ||
| @@ -341,6 +357,7 @@ struct evp_cipher_st | |||
| 341 | #define EVP_CTRL_GET_RC5_ROUNDS 0x4 | 357 | #define EVP_CTRL_GET_RC5_ROUNDS 0x4 |
| 342 | #define EVP_CTRL_SET_RC5_ROUNDS 0x5 | 358 | #define EVP_CTRL_SET_RC5_ROUNDS 0x5 |
| 343 | #define EVP_CTRL_SET_ACSS_MODE 0x6 | 359 | #define EVP_CTRL_SET_ACSS_MODE 0x6 |
| 360 | #define EVP_CTRL_RAND_KEY 0x7 | ||
| 344 | 361 | ||
| 345 | typedef struct evp_cipher_info_st | 362 | typedef struct evp_cipher_info_st |
| 346 | { | 363 | { |
| @@ -402,45 +419,47 @@ typedef int (EVP_PBE_KEYGEN)(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, | |||
| 402 | (char *)(dh)) | 419 | (char *)(dh)) |
| 403 | #endif | 420 | #endif |
| 404 | 421 | ||
| 422 | #ifndef OPENSSL_NO_EC | ||
| 423 | #define EVP_PKEY_assign_EC_KEY(pkey,eckey) EVP_PKEY_assign((pkey),EVP_PKEY_EC,\ | ||
| 424 | (char *)(eckey)) | ||
| 425 | #endif | ||
| 426 | |||
| 405 | /* Add some extra combinations */ | 427 | /* Add some extra combinations */ |
| 406 | #define EVP_get_digestbynid(a) EVP_get_digestbyname(OBJ_nid2sn(a)) | 428 | #define EVP_get_digestbynid(a) EVP_get_digestbyname(OBJ_nid2sn(a)) |
| 407 | #define EVP_get_digestbyobj(a) EVP_get_digestbynid(OBJ_obj2nid(a)) | 429 | #define EVP_get_digestbyobj(a) EVP_get_digestbynid(OBJ_obj2nid(a)) |
| 408 | #define EVP_get_cipherbynid(a) EVP_get_cipherbyname(OBJ_nid2sn(a)) | 430 | #define EVP_get_cipherbynid(a) EVP_get_cipherbyname(OBJ_nid2sn(a)) |
| 409 | #define EVP_get_cipherbyobj(a) EVP_get_cipherbynid(OBJ_obj2nid(a)) | 431 | #define EVP_get_cipherbyobj(a) EVP_get_cipherbynid(OBJ_obj2nid(a)) |
| 410 | 432 | ||
| 411 | #define EVP_MD_type(e) ((e)->type) | 433 | int EVP_MD_type(const EVP_MD *md); |
| 412 | #define EVP_MD_nid(e) EVP_MD_type(e) | 434 | #define EVP_MD_nid(e) EVP_MD_type(e) |
| 413 | #define EVP_MD_name(e) OBJ_nid2sn(EVP_MD_nid(e)) | 435 | #define EVP_MD_name(e) OBJ_nid2sn(EVP_MD_nid(e)) |
| 414 | #define EVP_MD_pkey_type(e) ((e)->pkey_type) | 436 | int EVP_MD_pkey_type(const EVP_MD *md); |
| 415 | #define EVP_MD_size(e) ((e)->md_size) | 437 | int EVP_MD_size(const EVP_MD *md); |
| 416 | #define EVP_MD_block_size(e) ((e)->block_size) | 438 | int EVP_MD_block_size(const EVP_MD *md); |
| 417 | 439 | ||
| 418 | #define EVP_MD_CTX_md(e) ((e)->digest) | 440 | const EVP_MD * EVP_MD_CTX_md(const EVP_MD_CTX *ctx); |
| 419 | #define EVP_MD_CTX_size(e) EVP_MD_size((e)->digest) | 441 | #define EVP_MD_CTX_size(e) EVP_MD_size(EVP_MD_CTX_md(e)) |
| 420 | #define EVP_MD_CTX_block_size(e) EVP_MD_block_size((e)->digest) | 442 | #define EVP_MD_CTX_block_size(e) EVP_MD_block_size(EVP_MD_CTX_md(e)) |
| 421 | #define EVP_MD_CTX_type(e) EVP_MD_type((e)->digest) | 443 | #define EVP_MD_CTX_type(e) EVP_MD_type(EVP_MD_CTX_md(e)) |
| 422 | 444 | ||
| 423 | #define EVP_CIPHER_nid(e) ((e)->nid) | 445 | int EVP_CIPHER_nid(const EVP_CIPHER *cipher); |
| 424 | #define EVP_CIPHER_name(e) OBJ_nid2sn(EVP_CIPHER_nid(e)) | 446 | #define EVP_CIPHER_name(e) OBJ_nid2sn(EVP_CIPHER_nid(e)) |
| 425 | #define EVP_CIPHER_block_size(e) ((e)->block_size) | 447 | int EVP_CIPHER_block_size(const EVP_CIPHER *cipher); |
| 426 | #define EVP_CIPHER_key_length(e) ((e)->key_len) | 448 | int EVP_CIPHER_key_length(const EVP_CIPHER *cipher); |
| 427 | #define EVP_CIPHER_iv_length(e) ((e)->iv_len) | 449 | int EVP_CIPHER_iv_length(const EVP_CIPHER *cipher); |
| 428 | #define EVP_CIPHER_flags(e) ((e)->flags) | 450 | unsigned long EVP_CIPHER_flags(const EVP_CIPHER *cipher); |
| 429 | #define EVP_CIPHER_mode(e) (((e)->flags) & EVP_CIPH_MODE) | 451 | #define EVP_CIPHER_mode(e) (EVP_CIPHER_flags(e) & EVP_CIPH_MODE) |
| 430 | 452 | ||
| 431 | #define EVP_CIPHER_CTX_cipher(e) ((e)->cipher) | 453 | const EVP_CIPHER * EVP_CIPHER_CTX_cipher(const EVP_CIPHER_CTX *ctx); |
| 432 | #define EVP_CIPHER_CTX_nid(e) ((e)->cipher->nid) | 454 | int EVP_CIPHER_CTX_nid(const EVP_CIPHER_CTX *ctx); |
| 433 | #define EVP_CIPHER_CTX_block_size(e) ((e)->cipher->block_size) | 455 | int EVP_CIPHER_CTX_block_size(const EVP_CIPHER_CTX *ctx); |
| 434 | #define EVP_CIPHER_CTX_key_length(e) ((e)->key_len) | 456 | int EVP_CIPHER_CTX_key_length(const EVP_CIPHER_CTX *ctx); |
| 435 | #define EVP_CIPHER_CTX_iv_length(e) ((e)->cipher->iv_len) | 457 | int EVP_CIPHER_CTX_iv_length(const EVP_CIPHER_CTX *ctx); |
| 436 | #define EVP_CIPHER_CTX_get_app_data(e) ((e)->app_data) | 458 | void * EVP_CIPHER_CTX_get_app_data(const EVP_CIPHER_CTX *ctx); |
| 437 | #define EVP_CIPHER_CTX_set_app_data(e,d) ((e)->app_data=(char *)(d)) | 459 | void EVP_CIPHER_CTX_set_app_data(EVP_CIPHER_CTX *ctx, void *data); |
| 438 | #define EVP_CIPHER_CTX_type(c) EVP_CIPHER_type(EVP_CIPHER_CTX_cipher(c)) | 460 | #define EVP_CIPHER_CTX_type(c) EVP_CIPHER_type(EVP_CIPHER_CTX_cipher(c)) |
| 439 | #define EVP_CIPHER_CTX_flags(e) ((e)->cipher->flags) | 461 | unsigned long EVP_CIPHER_CTX_flags(const EVP_CIPHER_CTX *ctx); |
| 440 | #define EVP_CIPHER_CTX_set_flags(ctx,flgs) ((ctx)->flags|=(flgs)) | 462 | #define EVP_CIPHER_CTX_mode(e) (EVP_CIPHER_CTX_flags(e) & EVP_CIPH_MODE) |
| 441 | #define EVP_CIPHER_CTX_clear_flags(ctx,flgs) ((ctx)->flags&=~(flgs)) | ||
| 442 | #define EVP_CIPHER_CTX_test_flags(ctx,flgs) ((ctx)->flags&(flgs)) | ||
| 443 | #define EVP_CIPHER_CTX_mode(e) ((e)->cipher->flags & EVP_CIPH_MODE) | ||
| 444 | 463 | ||
| 445 | #define EVP_ENCODE_LENGTH(l) (((l+2)/3*4)+(l/48+1)*2+80) | 464 | #define EVP_ENCODE_LENGTH(l) (((l+2)/3*4)+(l/48+1)*2+80) |
| 446 | #define EVP_DECODE_LENGTH(l) ((l+3)/4*3+80) | 465 | #define EVP_DECODE_LENGTH(l) ((l+3)/4*3+80) |
| @@ -465,7 +484,10 @@ void BIO_set_md(BIO *,const EVP_MD *md); | |||
| 465 | #define BIO_get_cipher_status(b) BIO_ctrl(b,BIO_C_GET_CIPHER_STATUS,0,NULL) | 484 | #define BIO_get_cipher_status(b) BIO_ctrl(b,BIO_C_GET_CIPHER_STATUS,0,NULL) |
| 466 | #define BIO_get_cipher_ctx(b,c_pp) BIO_ctrl(b,BIO_C_GET_CIPHER_CTX,0,(char *)c_pp) | 485 | #define BIO_get_cipher_ctx(b,c_pp) BIO_ctrl(b,BIO_C_GET_CIPHER_CTX,0,(char *)c_pp) |
| 467 | 486 | ||
| 468 | #define EVP_Cipher(c,o,i,l) (c)->cipher->do_cipher((c),(o),(i),(l)) | 487 | int EVP_Cipher(EVP_CIPHER_CTX *c, |
| 488 | unsigned char *out, | ||
| 489 | const unsigned char *in, | ||
| 490 | unsigned int inl); | ||
| 469 | 491 | ||
| 470 | #define EVP_add_cipher_alias(n,alias) \ | 492 | #define EVP_add_cipher_alias(n,alias) \ |
| 471 | OBJ_NAME_add((alias),OBJ_NAME_TYPE_CIPHER_METH|OBJ_NAME_ALIAS,(n)) | 493 | OBJ_NAME_add((alias),OBJ_NAME_TYPE_CIPHER_METH|OBJ_NAME_ALIAS,(n)) |
| @@ -481,14 +503,14 @@ int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx); | |||
| 481 | EVP_MD_CTX *EVP_MD_CTX_create(void); | 503 | EVP_MD_CTX *EVP_MD_CTX_create(void); |
| 482 | void EVP_MD_CTX_destroy(EVP_MD_CTX *ctx); | 504 | void EVP_MD_CTX_destroy(EVP_MD_CTX *ctx); |
| 483 | int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out,const EVP_MD_CTX *in); | 505 | int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out,const EVP_MD_CTX *in); |
| 484 | #define EVP_MD_CTX_set_flags(ctx,flgs) ((ctx)->flags|=(flgs)) | 506 | void EVP_MD_CTX_set_flags(EVP_MD_CTX *ctx, int flags); |
| 485 | #define EVP_MD_CTX_clear_flags(ctx,flgs) ((ctx)->flags&=~(flgs)) | 507 | void EVP_MD_CTX_clear_flags(EVP_MD_CTX *ctx, int flags); |
| 486 | #define EVP_MD_CTX_test_flags(ctx,flgs) ((ctx)->flags&(flgs)) | 508 | int EVP_MD_CTX_test_flags(const EVP_MD_CTX *ctx,int flags); |
| 487 | int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl); | 509 | int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl); |
| 488 | int EVP_DigestUpdate(EVP_MD_CTX *ctx,const void *d, | 510 | int EVP_DigestUpdate(EVP_MD_CTX *ctx,const void *d, |
| 489 | unsigned int cnt); | 511 | size_t cnt); |
| 490 | int EVP_DigestFinal_ex(EVP_MD_CTX *ctx,unsigned char *md,unsigned int *s); | 512 | int EVP_DigestFinal_ex(EVP_MD_CTX *ctx,unsigned char *md,unsigned int *s); |
| 491 | int EVP_Digest(void *data, unsigned int count, | 513 | int EVP_Digest(const void *data, size_t count, |
| 492 | unsigned char *md, unsigned int *size, const EVP_MD *type, ENGINE *impl); | 514 | unsigned char *md, unsigned int *size, const EVP_MD *type, ENGINE *impl); |
| 493 | 515 | ||
| 494 | int EVP_MD_CTX_copy(EVP_MD_CTX *out,const EVP_MD_CTX *in); | 516 | int EVP_MD_CTX_copy(EVP_MD_CTX *out,const EVP_MD_CTX *in); |
| @@ -496,7 +518,7 @@ int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type); | |||
| 496 | int EVP_DigestFinal(EVP_MD_CTX *ctx,unsigned char *md,unsigned int *s); | 518 | int EVP_DigestFinal(EVP_MD_CTX *ctx,unsigned char *md,unsigned int *s); |
| 497 | 519 | ||
| 498 | int EVP_read_pw_string(char *buf,int length,const char *prompt,int verify); | 520 | int EVP_read_pw_string(char *buf,int length,const char *prompt,int verify); |
| 499 | void EVP_set_pw_prompt(char *prompt); | 521 | void EVP_set_pw_prompt(const char *prompt); |
| 500 | char * EVP_get_pw_prompt(void); | 522 | char * EVP_get_pw_prompt(void); |
| 501 | 523 | ||
| 502 | int EVP_BytesToKey(const EVP_CIPHER *type,const EVP_MD *md, | 524 | int EVP_BytesToKey(const EVP_CIPHER *type,const EVP_MD *md, |
| @@ -535,43 +557,48 @@ int EVP_CipherFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl); | |||
| 535 | int EVP_SignFinal(EVP_MD_CTX *ctx,unsigned char *md,unsigned int *s, | 557 | int EVP_SignFinal(EVP_MD_CTX *ctx,unsigned char *md,unsigned int *s, |
| 536 | EVP_PKEY *pkey); | 558 | EVP_PKEY *pkey); |
| 537 | 559 | ||
| 538 | int EVP_VerifyFinal(EVP_MD_CTX *ctx,unsigned char *sigbuf, | 560 | int EVP_VerifyFinal(EVP_MD_CTX *ctx,const unsigned char *sigbuf, |
| 539 | unsigned int siglen,EVP_PKEY *pkey); | 561 | unsigned int siglen,EVP_PKEY *pkey); |
| 540 | 562 | ||
| 541 | int EVP_OpenInit(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *type,unsigned char *ek, | 563 | int EVP_OpenInit(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *type, |
| 542 | int ekl,unsigned char *iv,EVP_PKEY *priv); | 564 | const unsigned char *ek, int ekl, const unsigned char *iv, |
| 565 | EVP_PKEY *priv); | ||
| 543 | int EVP_OpenFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl); | 566 | int EVP_OpenFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl); |
| 544 | 567 | ||
| 545 | int EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, unsigned char **ek, | 568 | int EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, |
| 546 | int *ekl, unsigned char *iv,EVP_PKEY **pubk, int npubk); | 569 | unsigned char **ek, int *ekl, unsigned char *iv, |
| 570 | EVP_PKEY **pubk, int npubk); | ||
| 547 | int EVP_SealFinal(EVP_CIPHER_CTX *ctx,unsigned char *out,int *outl); | 571 | int EVP_SealFinal(EVP_CIPHER_CTX *ctx,unsigned char *out,int *outl); |
| 548 | 572 | ||
| 549 | void EVP_EncodeInit(EVP_ENCODE_CTX *ctx); | 573 | void EVP_EncodeInit(EVP_ENCODE_CTX *ctx); |
| 550 | void EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx,unsigned char *out, | 574 | void EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx,unsigned char *out,int *outl, |
| 551 | int *outl,unsigned char *in,int inl); | 575 | const unsigned char *in,int inl); |
| 552 | void EVP_EncodeFinal(EVP_ENCODE_CTX *ctx,unsigned char *out,int *outl); | 576 | void EVP_EncodeFinal(EVP_ENCODE_CTX *ctx,unsigned char *out,int *outl); |
| 553 | int EVP_EncodeBlock(unsigned char *t, const unsigned char *f, int n); | 577 | int EVP_EncodeBlock(unsigned char *t, const unsigned char *f, int n); |
| 554 | 578 | ||
| 555 | void EVP_DecodeInit(EVP_ENCODE_CTX *ctx); | 579 | void EVP_DecodeInit(EVP_ENCODE_CTX *ctx); |
| 556 | int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx,unsigned char *out,int *outl, | 580 | int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx,unsigned char *out,int *outl, |
| 557 | unsigned char *in, int inl); | 581 | const unsigned char *in, int inl); |
| 558 | int EVP_DecodeFinal(EVP_ENCODE_CTX *ctx, unsigned | 582 | int EVP_DecodeFinal(EVP_ENCODE_CTX *ctx, unsigned |
| 559 | char *out, int *outl); | 583 | char *out, int *outl); |
| 560 | int EVP_DecodeBlock(unsigned char *t, const unsigned char *f, int n); | 584 | int EVP_DecodeBlock(unsigned char *t, const unsigned char *f, int n); |
| 561 | 585 | ||
| 562 | void EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *a); | 586 | void EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *a); |
| 563 | int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *a); | 587 | int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *a); |
| 588 | EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void); | ||
| 589 | void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *a); | ||
| 564 | int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *x, int keylen); | 590 | int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *x, int keylen); |
| 565 | int EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *c, int pad); | 591 | int EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *c, int pad); |
| 566 | int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr); | 592 | int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr); |
| 593 | int EVP_CIPHER_CTX_rand_key(EVP_CIPHER_CTX *ctx, unsigned char *key); | ||
| 567 | 594 | ||
| 568 | #ifndef OPENSSL_NO_BIO | 595 | #ifndef OPENSSL_NO_BIO |
| 569 | BIO_METHOD *BIO_f_md(void); | 596 | BIO_METHOD *BIO_f_md(void); |
| 570 | BIO_METHOD *BIO_f_base64(void); | 597 | BIO_METHOD *BIO_f_base64(void); |
| 571 | BIO_METHOD *BIO_f_cipher(void); | 598 | BIO_METHOD *BIO_f_cipher(void); |
| 572 | BIO_METHOD *BIO_f_reliable(void); | 599 | BIO_METHOD *BIO_f_reliable(void); |
| 573 | void BIO_set_cipher(BIO *b,const EVP_CIPHER *c,unsigned char *k, | 600 | void BIO_set_cipher(BIO *b,const EVP_CIPHER *c,const unsigned char *k, |
| 574 | unsigned char *i, int enc); | 601 | const unsigned char *i, int enc); |
| 575 | #endif | 602 | #endif |
| 576 | 603 | ||
| 577 | const EVP_MD *EVP_md_null(void); | 604 | const EVP_MD *EVP_md_null(void); |
| @@ -589,7 +616,8 @@ const EVP_MD *EVP_sha(void); | |||
| 589 | const EVP_MD *EVP_sha1(void); | 616 | const EVP_MD *EVP_sha1(void); |
| 590 | const EVP_MD *EVP_dss(void); | 617 | const EVP_MD *EVP_dss(void); |
| 591 | const EVP_MD *EVP_dss1(void); | 618 | const EVP_MD *EVP_dss1(void); |
| 592 | #ifdef OPENSSL_FIPS | 619 | const EVP_MD *EVP_ecdsa(void); |
| 620 | #endif | ||
| 593 | #ifndef OPENSSL_NO_SHA256 | 621 | #ifndef OPENSSL_NO_SHA256 |
| 594 | const EVP_MD *EVP_sha224(void); | 622 | const EVP_MD *EVP_sha224(void); |
| 595 | const EVP_MD *EVP_sha256(void); | 623 | const EVP_MD *EVP_sha256(void); |
| @@ -598,8 +626,6 @@ const EVP_MD *EVP_sha256(void); | |||
| 598 | const EVP_MD *EVP_sha384(void); | 626 | const EVP_MD *EVP_sha384(void); |
| 599 | const EVP_MD *EVP_sha512(void); | 627 | const EVP_MD *EVP_sha512(void); |
| 600 | #endif | 628 | #endif |
| 601 | #endif | ||
| 602 | #endif | ||
| 603 | #ifndef OPENSSL_NO_MDC2 | 629 | #ifndef OPENSSL_NO_MDC2 |
| 604 | const EVP_MD *EVP_mdc2(void); | 630 | const EVP_MD *EVP_mdc2(void); |
| 605 | #endif | 631 | #endif |
| @@ -720,6 +746,37 @@ const EVP_CIPHER *EVP_aes_256_ctr(void); | |||
| 720 | #ifndef OPENSSL_NO_ACSS | 746 | #ifndef OPENSSL_NO_ACSS |
| 721 | const EVP_CIPHER *EVP_acss(void); | 747 | const EVP_CIPHER *EVP_acss(void); |
| 722 | #endif | 748 | #endif |
| 749 | #ifndef OPENSSL_NO_CAMELLIA | ||
| 750 | const EVP_CIPHER *EVP_camellia_128_ecb(void); | ||
| 751 | const EVP_CIPHER *EVP_camellia_128_cbc(void); | ||
| 752 | const EVP_CIPHER *EVP_camellia_128_cfb1(void); | ||
| 753 | const EVP_CIPHER *EVP_camellia_128_cfb8(void); | ||
| 754 | const EVP_CIPHER *EVP_camellia_128_cfb128(void); | ||
| 755 | # define EVP_camellia_128_cfb EVP_camellia_128_cfb128 | ||
| 756 | const EVP_CIPHER *EVP_camellia_128_ofb(void); | ||
| 757 | const EVP_CIPHER *EVP_camellia_192_ecb(void); | ||
| 758 | const EVP_CIPHER *EVP_camellia_192_cbc(void); | ||
| 759 | const EVP_CIPHER *EVP_camellia_192_cfb1(void); | ||
| 760 | const EVP_CIPHER *EVP_camellia_192_cfb8(void); | ||
| 761 | const EVP_CIPHER *EVP_camellia_192_cfb128(void); | ||
| 762 | # define EVP_camellia_192_cfb EVP_camellia_192_cfb128 | ||
| 763 | const EVP_CIPHER *EVP_camellia_192_ofb(void); | ||
| 764 | const EVP_CIPHER *EVP_camellia_256_ecb(void); | ||
| 765 | const EVP_CIPHER *EVP_camellia_256_cbc(void); | ||
| 766 | const EVP_CIPHER *EVP_camellia_256_cfb1(void); | ||
| 767 | const EVP_CIPHER *EVP_camellia_256_cfb8(void); | ||
| 768 | const EVP_CIPHER *EVP_camellia_256_cfb128(void); | ||
| 769 | # define EVP_camellia_256_cfb EVP_camellia_256_cfb128 | ||
| 770 | const EVP_CIPHER *EVP_camellia_256_ofb(void); | ||
| 771 | #endif | ||
| 772 | |||
| 773 | #ifndef OPENSSL_NO_SEED | ||
| 774 | const EVP_CIPHER *EVP_seed_ecb(void); | ||
| 775 | const EVP_CIPHER *EVP_seed_cbc(void); | ||
| 776 | const EVP_CIPHER *EVP_seed_cfb128(void); | ||
| 777 | # define EVP_seed_cfb EVP_seed_cfb128 | ||
| 778 | const EVP_CIPHER *EVP_seed_ofb(void); | ||
| 779 | #endif | ||
| 723 | 780 | ||
| 724 | void OPENSSL_add_all_algorithms_noconf(void); | 781 | void OPENSSL_add_all_algorithms_noconf(void); |
| 725 | void OPENSSL_add_all_algorithms_conf(void); | 782 | void OPENSSL_add_all_algorithms_conf(void); |
| @@ -745,10 +802,12 @@ const EVP_CIPHER *EVP_get_cipherbyname(const char *name); | |||
| 745 | const EVP_MD *EVP_get_digestbyname(const char *name); | 802 | const EVP_MD *EVP_get_digestbyname(const char *name); |
| 746 | void EVP_cleanup(void); | 803 | void EVP_cleanup(void); |
| 747 | 804 | ||
| 748 | int EVP_PKEY_decrypt(unsigned char *dec_key,unsigned char *enc_key, | 805 | int EVP_PKEY_decrypt(unsigned char *dec_key, |
| 749 | int enc_key_len,EVP_PKEY *private_key); | 806 | const unsigned char *enc_key,int enc_key_len, |
| 807 | EVP_PKEY *private_key); | ||
| 750 | int EVP_PKEY_encrypt(unsigned char *enc_key, | 808 | int EVP_PKEY_encrypt(unsigned char *enc_key, |
| 751 | unsigned char *key,int key_len,EVP_PKEY *pub_key); | 809 | const unsigned char *key,int key_len, |
| 810 | EVP_PKEY *pub_key); | ||
| 752 | int EVP_PKEY_type(int type); | 811 | int EVP_PKEY_type(int type); |
| 753 | int EVP_PKEY_bits(EVP_PKEY *pkey); | 812 | int EVP_PKEY_bits(EVP_PKEY *pkey); |
| 754 | int EVP_PKEY_size(EVP_PKEY *pkey); | 813 | int EVP_PKEY_size(EVP_PKEY *pkey); |
| @@ -769,24 +828,31 @@ struct dh_st; | |||
| 769 | int EVP_PKEY_set1_DH(EVP_PKEY *pkey,struct dh_st *key); | 828 | int EVP_PKEY_set1_DH(EVP_PKEY *pkey,struct dh_st *key); |
| 770 | struct dh_st *EVP_PKEY_get1_DH(EVP_PKEY *pkey); | 829 | struct dh_st *EVP_PKEY_get1_DH(EVP_PKEY *pkey); |
| 771 | #endif | 830 | #endif |
| 772 | 831 | #ifndef OPENSSL_NO_EC | |
| 832 | struct ec_key_st; | ||
| 833 | int EVP_PKEY_set1_EC_KEY(EVP_PKEY *pkey,struct ec_key_st *key); | ||
| 834 | struct ec_key_st *EVP_PKEY_get1_EC_KEY(EVP_PKEY *pkey); | ||
| 835 | #endif | ||
| 773 | 836 | ||
| 774 | EVP_PKEY * EVP_PKEY_new(void); | 837 | EVP_PKEY * EVP_PKEY_new(void); |
| 775 | void EVP_PKEY_free(EVP_PKEY *pkey); | 838 | void EVP_PKEY_free(EVP_PKEY *pkey); |
| 776 | EVP_PKEY * d2i_PublicKey(int type,EVP_PKEY **a, unsigned char **pp, | 839 | |
| 840 | EVP_PKEY * d2i_PublicKey(int type,EVP_PKEY **a, const unsigned char **pp, | ||
| 777 | long length); | 841 | long length); |
| 778 | int i2d_PublicKey(EVP_PKEY *a, unsigned char **pp); | 842 | int i2d_PublicKey(EVP_PKEY *a, unsigned char **pp); |
| 779 | 843 | ||
| 780 | EVP_PKEY * d2i_PrivateKey(int type,EVP_PKEY **a, unsigned char **pp, | 844 | EVP_PKEY * d2i_PrivateKey(int type,EVP_PKEY **a, const unsigned char **pp, |
| 781 | long length); | 845 | long length); |
| 782 | EVP_PKEY * d2i_AutoPrivateKey(EVP_PKEY **a, unsigned char **pp, | 846 | EVP_PKEY * d2i_AutoPrivateKey(EVP_PKEY **a, const unsigned char **pp, |
| 783 | long length); | 847 | long length); |
| 784 | int i2d_PrivateKey(EVP_PKEY *a, unsigned char **pp); | 848 | int i2d_PrivateKey(EVP_PKEY *a, unsigned char **pp); |
| 785 | 849 | ||
| 786 | int EVP_PKEY_copy_parameters(EVP_PKEY *to,EVP_PKEY *from); | 850 | int EVP_PKEY_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from); |
| 787 | int EVP_PKEY_missing_parameters(EVP_PKEY *pkey); | 851 | int EVP_PKEY_missing_parameters(const EVP_PKEY *pkey); |
| 788 | int EVP_PKEY_save_parameters(EVP_PKEY *pkey,int mode); | 852 | int EVP_PKEY_save_parameters(EVP_PKEY *pkey,int mode); |
| 789 | int EVP_PKEY_cmp_parameters(EVP_PKEY *a,EVP_PKEY *b); | 853 | int EVP_PKEY_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b); |
| 854 | |||
| 855 | int EVP_PKEY_cmp(const EVP_PKEY *a, const EVP_PKEY *b); | ||
| 790 | 856 | ||
| 791 | int EVP_CIPHER_type(const EVP_CIPHER *ctx); | 857 | int EVP_CIPHER_type(const EVP_CIPHER *ctx); |
| 792 | 858 | ||
| @@ -803,7 +869,7 @@ int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, | |||
| 803 | ASN1_TYPE *param, const EVP_CIPHER *cipher, const EVP_MD *md, | 869 | ASN1_TYPE *param, const EVP_CIPHER *cipher, const EVP_MD *md, |
| 804 | int en_de); | 870 | int en_de); |
| 805 | int PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen, | 871 | int PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen, |
| 806 | unsigned char *salt, int saltlen, int iter, | 872 | const unsigned char *salt, int saltlen, int iter, |
| 807 | int keylen, unsigned char *out); | 873 | int keylen, unsigned char *out); |
| 808 | int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, | 874 | int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, |
| 809 | ASN1_TYPE *param, const EVP_CIPHER *cipher, const EVP_MD *md, | 875 | ASN1_TYPE *param, const EVP_CIPHER *cipher, const EVP_MD *md, |
| @@ -826,30 +892,32 @@ void ERR_load_EVP_strings(void); | |||
| 826 | /* Error codes for the EVP functions. */ | 892 | /* Error codes for the EVP functions. */ |
| 827 | 893 | ||
| 828 | /* Function codes. */ | 894 | /* Function codes. */ |
| 829 | #define EVP_F_AES_INIT_KEY 129 | 895 | #define EVP_F_AES_INIT_KEY 133 |
| 896 | #define EVP_F_CAMELLIA_INIT_KEY 159 | ||
| 830 | #define EVP_F_D2I_PKEY 100 | 897 | #define EVP_F_D2I_PKEY 100 |
| 831 | #define EVP_F_EVP_ADD_CIPHER 130 | 898 | #define EVP_F_DSAPKEY2PKCS8 134 |
| 832 | #define EVP_F_EVP_ADD_DIGEST 131 | 899 | #define EVP_F_DSA_PKEY2PKCS8 135 |
| 833 | #define EVP_F_EVP_CIPHERINIT 123 | 900 | #define EVP_F_ECDSA_PKEY2PKCS8 129 |
| 901 | #define EVP_F_ECKEY_PKEY2PKCS8 132 | ||
| 902 | #define EVP_F_EVP_CIPHERINIT_EX 123 | ||
| 834 | #define EVP_F_EVP_CIPHER_CTX_CTRL 124 | 903 | #define EVP_F_EVP_CIPHER_CTX_CTRL 124 |
| 835 | #define EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH 122 | 904 | #define EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH 122 |
| 836 | #define EVP_F_EVP_DECRYPTFINAL 101 | 905 | #define EVP_F_EVP_DECRYPTFINAL_EX 101 |
| 837 | #define EVP_F_EVP_DIGESTINIT 128 | 906 | #define EVP_F_EVP_DIGESTINIT_EX 128 |
| 838 | #define EVP_F_EVP_ENCRYPTFINAL 127 | 907 | #define EVP_F_EVP_ENCRYPTFINAL_EX 127 |
| 839 | #define EVP_F_EVP_GET_CIPHERBYNAME 132 | 908 | #define EVP_F_EVP_MD_CTX_COPY_EX 110 |
| 840 | #define EVP_F_EVP_GET_DIGESTBYNAME 133 | ||
| 841 | #define EVP_F_EVP_MD_CTX_COPY 110 | ||
| 842 | #define EVP_F_EVP_OPENINIT 102 | 909 | #define EVP_F_EVP_OPENINIT 102 |
| 843 | #define EVP_F_EVP_PBE_ALG_ADD 115 | 910 | #define EVP_F_EVP_PBE_ALG_ADD 115 |
| 844 | #define EVP_F_EVP_PBE_CIPHERINIT 116 | 911 | #define EVP_F_EVP_PBE_CIPHERINIT 116 |
| 845 | #define EVP_F_EVP_PKCS82PKEY 111 | 912 | #define EVP_F_EVP_PKCS82PKEY 111 |
| 846 | #define EVP_F_EVP_PKCS8_SET_BROKEN 112 | 913 | #define EVP_F_EVP_PKEY2PKCS8_BROKEN 113 |
| 847 | #define EVP_F_EVP_PKEY2PKCS8 113 | ||
| 848 | #define EVP_F_EVP_PKEY_COPY_PARAMETERS 103 | 914 | #define EVP_F_EVP_PKEY_COPY_PARAMETERS 103 |
| 849 | #define EVP_F_EVP_PKEY_DECRYPT 104 | 915 | #define EVP_F_EVP_PKEY_DECRYPT 104 |
| 850 | #define EVP_F_EVP_PKEY_ENCRYPT 105 | 916 | #define EVP_F_EVP_PKEY_ENCRYPT 105 |
| 851 | #define EVP_F_EVP_PKEY_GET1_DH 119 | 917 | #define EVP_F_EVP_PKEY_GET1_DH 119 |
| 852 | #define EVP_F_EVP_PKEY_GET1_DSA 120 | 918 | #define EVP_F_EVP_PKEY_GET1_DSA 120 |
| 919 | #define EVP_F_EVP_PKEY_GET1_ECDSA 130 | ||
| 920 | #define EVP_F_EVP_PKEY_GET1_EC_KEY 131 | ||
| 853 | #define EVP_F_EVP_PKEY_GET1_RSA 121 | 921 | #define EVP_F_EVP_PKEY_GET1_RSA 121 |
| 854 | #define EVP_F_EVP_PKEY_NEW 106 | 922 | #define EVP_F_EVP_PKEY_NEW 106 |
| 855 | #define EVP_F_EVP_RIJNDAEL 126 | 923 | #define EVP_F_EVP_RIJNDAEL 126 |
| @@ -857,28 +925,32 @@ void ERR_load_EVP_strings(void); | |||
| 857 | #define EVP_F_EVP_VERIFYFINAL 108 | 925 | #define EVP_F_EVP_VERIFYFINAL 108 |
| 858 | #define EVP_F_PKCS5_PBE_KEYIVGEN 117 | 926 | #define EVP_F_PKCS5_PBE_KEYIVGEN 117 |
| 859 | #define EVP_F_PKCS5_V2_PBE_KEYIVGEN 118 | 927 | #define EVP_F_PKCS5_V2_PBE_KEYIVGEN 118 |
| 928 | #define EVP_F_PKCS8_SET_BROKEN 112 | ||
| 860 | #define EVP_F_RC2_MAGIC_TO_METH 109 | 929 | #define EVP_F_RC2_MAGIC_TO_METH 109 |
| 861 | #define EVP_F_RC5_CTRL 125 | 930 | #define EVP_F_RC5_CTRL 125 |
| 862 | 931 | ||
| 863 | /* Reason codes. */ | 932 | /* Reason codes. */ |
| 864 | #define EVP_R_AES_KEY_SETUP_FAILED 140 | 933 | #define EVP_R_AES_KEY_SETUP_FAILED 143 |
| 934 | #define EVP_R_ASN1_LIB 140 | ||
| 865 | #define EVP_R_BAD_BLOCK_LENGTH 136 | 935 | #define EVP_R_BAD_BLOCK_LENGTH 136 |
| 866 | #define EVP_R_BAD_DECRYPT 100 | 936 | #define EVP_R_BAD_DECRYPT 100 |
| 867 | #define EVP_R_BAD_KEY_LENGTH 137 | 937 | #define EVP_R_BAD_KEY_LENGTH 137 |
| 868 | #define EVP_R_BN_DECODE_ERROR 112 | 938 | #define EVP_R_BN_DECODE_ERROR 112 |
| 869 | #define EVP_R_BN_PUBKEY_ERROR 113 | 939 | #define EVP_R_BN_PUBKEY_ERROR 113 |
| 940 | #define EVP_R_CAMELLIA_KEY_SETUP_FAILED 157 | ||
| 870 | #define EVP_R_CIPHER_PARAMETER_ERROR 122 | 941 | #define EVP_R_CIPHER_PARAMETER_ERROR 122 |
| 871 | #define EVP_R_CTRL_NOT_IMPLEMENTED 132 | 942 | #define EVP_R_CTRL_NOT_IMPLEMENTED 132 |
| 872 | #define EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED 133 | 943 | #define EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED 133 |
| 873 | #define EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH 138 | 944 | #define EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH 138 |
| 874 | #define EVP_R_DECODE_ERROR 114 | 945 | #define EVP_R_DECODE_ERROR 114 |
| 875 | #define EVP_R_DIFFERENT_KEY_TYPES 101 | 946 | #define EVP_R_DIFFERENT_KEY_TYPES 101 |
| 876 | #define EVP_R_DISABLED_FOR_FIPS 141 | ||
| 877 | #define EVP_R_ENCODE_ERROR 115 | 947 | #define EVP_R_ENCODE_ERROR 115 |
| 878 | #define EVP_R_EVP_PBE_CIPHERINIT_ERROR 119 | 948 | #define EVP_R_EVP_PBE_CIPHERINIT_ERROR 119 |
| 879 | #define EVP_R_EXPECTING_AN_RSA_KEY 127 | 949 | #define EVP_R_EXPECTING_AN_RSA_KEY 127 |
| 880 | #define EVP_R_EXPECTING_A_DH_KEY 128 | 950 | #define EVP_R_EXPECTING_A_DH_KEY 128 |
| 881 | #define EVP_R_EXPECTING_A_DSA_KEY 129 | 951 | #define EVP_R_EXPECTING_A_DSA_KEY 129 |
| 952 | #define EVP_R_EXPECTING_A_ECDSA_KEY 141 | ||
| 953 | #define EVP_R_EXPECTING_A_EC_KEY 142 | ||
| 882 | #define EVP_R_INITIALIZATION_ERROR 134 | 954 | #define EVP_R_INITIALIZATION_ERROR 134 |
| 883 | #define EVP_R_INPUT_NOT_INITIALIZED 111 | 955 | #define EVP_R_INPUT_NOT_INITIALIZED 111 |
| 884 | #define EVP_R_INVALID_KEY_LENGTH 130 | 956 | #define EVP_R_INVALID_KEY_LENGTH 130 |
| @@ -903,6 +975,7 @@ void ERR_load_EVP_strings(void); | |||
| 903 | #define EVP_R_UNSUPPORTED_SALT_TYPE 126 | 975 | #define EVP_R_UNSUPPORTED_SALT_TYPE 126 |
| 904 | #define EVP_R_WRONG_FINAL_BLOCK_LENGTH 109 | 976 | #define EVP_R_WRONG_FINAL_BLOCK_LENGTH 109 |
| 905 | #define EVP_R_WRONG_PUBLIC_KEY_TYPE 110 | 977 | #define EVP_R_WRONG_PUBLIC_KEY_TYPE 110 |
| 978 | #define EVP_R_SEED_KEY_SETUP_FAILED 162 | ||
| 906 | 979 | ||
| 907 | #ifdef __cplusplus | 980 | #ifdef __cplusplus |
| 908 | } | 981 | } |
diff --git a/src/lib/libssl/src/crypto/evp/evp_enc.c b/src/lib/libssl/src/crypto/evp/evp_enc.c index f549eeb437..a1904993bf 100644 --- a/src/lib/libssl/src/crypto/evp/evp_enc.c +++ b/src/lib/libssl/src/crypto/evp/evp_enc.c | |||
| @@ -60,12 +60,13 @@ | |||
| 60 | #include "cryptlib.h" | 60 | #include "cryptlib.h" |
| 61 | #include <openssl/evp.h> | 61 | #include <openssl/evp.h> |
| 62 | #include <openssl/err.h> | 62 | #include <openssl/err.h> |
| 63 | #include <openssl/rand.h> | ||
| 63 | #ifndef OPENSSL_NO_ENGINE | 64 | #ifndef OPENSSL_NO_ENGINE |
| 64 | #include <openssl/engine.h> | 65 | #include <openssl/engine.h> |
| 65 | #endif | 66 | #endif |
| 66 | #include "evp_locl.h" | 67 | #include "evp_locl.h" |
| 67 | 68 | ||
| 68 | const char *EVP_version="EVP" OPENSSL_VERSION_PTEXT; | 69 | const char EVP_version[]="EVP" OPENSSL_VERSION_PTEXT; |
| 69 | 70 | ||
| 70 | void EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *ctx) | 71 | void EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *ctx) |
| 71 | { | 72 | { |
| @@ -73,6 +74,13 @@ void EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *ctx) | |||
| 73 | /* ctx->cipher=NULL; */ | 74 | /* ctx->cipher=NULL; */ |
| 74 | } | 75 | } |
| 75 | 76 | ||
| 77 | EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void) | ||
| 78 | { | ||
| 79 | EVP_CIPHER_CTX *ctx=OPENSSL_malloc(sizeof *ctx); | ||
| 80 | if (ctx) | ||
| 81 | EVP_CIPHER_CTX_init(ctx); | ||
| 82 | return ctx; | ||
| 83 | } | ||
| 76 | 84 | ||
| 77 | int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, | 85 | int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, |
| 78 | const unsigned char *key, const unsigned char *iv, int enc) | 86 | const unsigned char *key, const unsigned char *iv, int enc) |
| @@ -82,48 +90,6 @@ int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, | |||
| 82 | return EVP_CipherInit_ex(ctx,cipher,NULL,key,iv,enc); | 90 | return EVP_CipherInit_ex(ctx,cipher,NULL,key,iv,enc); |
| 83 | } | 91 | } |
| 84 | 92 | ||
| 85 | #ifdef OPENSSL_FIPS | ||
| 86 | |||
| 87 | /* The purpose of these is to trap programs that attempt to use non FIPS | ||
| 88 | * algorithms in FIPS mode and ignore the errors. | ||
| 89 | */ | ||
| 90 | |||
| 91 | int bad_init(EVP_CIPHER_CTX *ctx, const unsigned char *key, | ||
| 92 | const unsigned char *iv, int enc) | ||
| 93 | { FIPS_ERROR_IGNORED("Cipher init"); return 0;} | ||
| 94 | |||
| 95 | int bad_do_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, | ||
| 96 | const unsigned char *in, unsigned int inl) | ||
| 97 | { FIPS_ERROR_IGNORED("Cipher update"); return 0;} | ||
| 98 | |||
| 99 | /* NB: no cleanup because it is allowed after failed init */ | ||
| 100 | |||
| 101 | int bad_set_asn1(EVP_CIPHER_CTX *ctx, ASN1_TYPE *typ) | ||
| 102 | { FIPS_ERROR_IGNORED("Cipher set_asn1"); return 0;} | ||
| 103 | int bad_get_asn1(EVP_CIPHER_CTX *ctx, ASN1_TYPE *typ) | ||
| 104 | { FIPS_ERROR_IGNORED("Cipher get_asn1"); return 0;} | ||
| 105 | int bad_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr) | ||
| 106 | { FIPS_ERROR_IGNORED("Cipher ctrl"); return 0;} | ||
| 107 | |||
| 108 | static const EVP_CIPHER bad_cipher = | ||
| 109 | { | ||
| 110 | 0, | ||
| 111 | 0, | ||
| 112 | 0, | ||
| 113 | 0, | ||
| 114 | 0, | ||
| 115 | bad_init, | ||
| 116 | bad_do_cipher, | ||
| 117 | NULL, | ||
| 118 | 0, | ||
| 119 | bad_set_asn1, | ||
| 120 | bad_get_asn1, | ||
| 121 | bad_ctrl, | ||
| 122 | NULL | ||
| 123 | }; | ||
| 124 | |||
| 125 | #endif | ||
| 126 | |||
| 127 | int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *impl, | 93 | int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *impl, |
| 128 | const unsigned char *key, const unsigned char *iv, int enc) | 94 | const unsigned char *key, const unsigned char *iv, int enc) |
| 129 | { | 95 | { |
| @@ -158,7 +124,7 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *imp | |||
| 158 | { | 124 | { |
| 159 | if (!ENGINE_init(impl)) | 125 | if (!ENGINE_init(impl)) |
| 160 | { | 126 | { |
| 161 | EVPerr(EVP_F_EVP_CIPHERINIT, EVP_R_INITIALIZATION_ERROR); | 127 | EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_INITIALIZATION_ERROR); |
| 162 | return 0; | 128 | return 0; |
| 163 | } | 129 | } |
| 164 | } | 130 | } |
| @@ -175,7 +141,7 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *imp | |||
| 175 | * control history, is that we should at least | 141 | * control history, is that we should at least |
| 176 | * be able to avoid using US mispellings of | 142 | * be able to avoid using US mispellings of |
| 177 | * "initialisation"? */ | 143 | * "initialisation"? */ |
| 178 | EVPerr(EVP_F_EVP_CIPHERINIT, EVP_R_INITIALIZATION_ERROR); | 144 | EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_INITIALIZATION_ERROR); |
| 179 | return 0; | 145 | return 0; |
| 180 | } | 146 | } |
| 181 | /* We'll use the ENGINE's private cipher definition */ | 147 | /* We'll use the ENGINE's private cipher definition */ |
| @@ -188,13 +154,14 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *imp | |||
| 188 | else | 154 | else |
| 189 | ctx->engine = NULL; | 155 | ctx->engine = NULL; |
| 190 | #endif | 156 | #endif |
| 157 | |||
| 191 | ctx->cipher=cipher; | 158 | ctx->cipher=cipher; |
| 192 | if (ctx->cipher->ctx_size) | 159 | if (ctx->cipher->ctx_size) |
| 193 | { | 160 | { |
| 194 | ctx->cipher_data=OPENSSL_malloc(ctx->cipher->ctx_size); | 161 | ctx->cipher_data=OPENSSL_malloc(ctx->cipher->ctx_size); |
| 195 | if (!ctx->cipher_data) | 162 | if (!ctx->cipher_data) |
| 196 | { | 163 | { |
| 197 | EVPerr(EVP_F_EVP_CIPHERINIT, ERR_R_MALLOC_FAILURE); | 164 | EVPerr(EVP_F_EVP_CIPHERINIT_EX, ERR_R_MALLOC_FAILURE); |
| 198 | return 0; | 165 | return 0; |
| 199 | } | 166 | } |
| 200 | } | 167 | } |
| @@ -208,14 +175,14 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *imp | |||
| 208 | { | 175 | { |
| 209 | if(!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_INIT, 0, NULL)) | 176 | if(!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_INIT, 0, NULL)) |
| 210 | { | 177 | { |
| 211 | EVPerr(EVP_F_EVP_CIPHERINIT, EVP_R_INITIALIZATION_ERROR); | 178 | EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_INITIALIZATION_ERROR); |
| 212 | return 0; | 179 | return 0; |
| 213 | } | 180 | } |
| 214 | } | 181 | } |
| 215 | } | 182 | } |
| 216 | else if(!ctx->cipher) | 183 | else if(!ctx->cipher) |
| 217 | { | 184 | { |
| 218 | EVPerr(EVP_F_EVP_CIPHERINIT, EVP_R_NO_CIPHER_SET); | 185 | EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_NO_CIPHER_SET); |
| 219 | return 0; | 186 | return 0; |
| 220 | } | 187 | } |
| 221 | #ifndef OPENSSL_NO_ENGINE | 188 | #ifndef OPENSSL_NO_ENGINE |
| @@ -240,7 +207,8 @@ skip_to_init: | |||
| 240 | 207 | ||
| 241 | case EVP_CIPH_CBC_MODE: | 208 | case EVP_CIPH_CBC_MODE: |
| 242 | 209 | ||
| 243 | OPENSSL_assert(EVP_CIPHER_CTX_iv_length(ctx) <= sizeof ctx->iv); | 210 | OPENSSL_assert(EVP_CIPHER_CTX_iv_length(ctx) <= |
| 211 | (int)sizeof(ctx->iv)); | ||
| 244 | if(iv) memcpy(ctx->oiv, iv, EVP_CIPHER_CTX_iv_length(ctx)); | 212 | if(iv) memcpy(ctx->oiv, iv, EVP_CIPHER_CTX_iv_length(ctx)); |
| 245 | memcpy(ctx->iv, ctx->oiv, EVP_CIPHER_CTX_iv_length(ctx)); | 213 | memcpy(ctx->iv, ctx->oiv, EVP_CIPHER_CTX_iv_length(ctx)); |
| 246 | break; | 214 | break; |
| @@ -251,24 +219,6 @@ skip_to_init: | |||
| 251 | } | 219 | } |
| 252 | } | 220 | } |
| 253 | 221 | ||
| 254 | #ifdef OPENSSL_FIPS | ||
| 255 | /* After 'key' is set no further parameters changes are permissible. | ||
| 256 | * So only check for non FIPS enabling at this point. | ||
| 257 | */ | ||
| 258 | if (key && FIPS_mode()) | ||
| 259 | { | ||
| 260 | if (!(ctx->cipher->flags & EVP_CIPH_FLAG_FIPS) | ||
| 261 | & !(ctx->flags & EVP_CIPH_FLAG_NON_FIPS_ALLOW)) | ||
| 262 | { | ||
| 263 | EVPerr(EVP_F_EVP_CIPHERINIT, EVP_R_DISABLED_FOR_FIPS); | ||
| 264 | ERR_add_error_data(2, "cipher=", | ||
| 265 | EVP_CIPHER_name(ctx->cipher)); | ||
| 266 | ctx->cipher = &bad_cipher; | ||
| 267 | return 0; | ||
| 268 | } | ||
| 269 | } | ||
| 270 | #endif | ||
| 271 | |||
| 272 | if(key || (ctx->cipher->flags & EVP_CIPH_ALWAYS_CALL_INIT)) { | 222 | if(key || (ctx->cipher->flags & EVP_CIPH_ALWAYS_CALL_INIT)) { |
| 273 | if(!ctx->cipher->init(ctx,key,iv,enc)) return 0; | 223 | if(!ctx->cipher->init(ctx,key,iv,enc)) return 0; |
| 274 | } | 224 | } |
| @@ -345,7 +295,7 @@ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, | |||
| 345 | } | 295 | } |
| 346 | i=ctx->buf_len; | 296 | i=ctx->buf_len; |
| 347 | bl=ctx->cipher->block_size; | 297 | bl=ctx->cipher->block_size; |
| 348 | OPENSSL_assert(bl <= sizeof ctx->buf); | 298 | OPENSSL_assert(bl <= (int)sizeof(ctx->buf)); |
| 349 | if (i != 0) | 299 | if (i != 0) |
| 350 | { | 300 | { |
| 351 | if (i+inl < bl) | 301 | if (i+inl < bl) |
| @@ -391,7 +341,8 @@ int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) | |||
| 391 | 341 | ||
| 392 | int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) | 342 | int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) |
| 393 | { | 343 | { |
| 394 | int i,n,b,bl,ret; | 344 | int n,ret; |
| 345 | unsigned int i, b, bl; | ||
| 395 | 346 | ||
| 396 | b=ctx->cipher->block_size; | 347 | b=ctx->cipher->block_size; |
| 397 | OPENSSL_assert(b <= sizeof ctx->buf); | 348 | OPENSSL_assert(b <= sizeof ctx->buf); |
| @@ -405,7 +356,7 @@ int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) | |||
| 405 | { | 356 | { |
| 406 | if(bl) | 357 | if(bl) |
| 407 | { | 358 | { |
| 408 | EVPerr(EVP_F_EVP_ENCRYPTFINAL,EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH); | 359 | EVPerr(EVP_F_EVP_ENCRYPTFINAL_EX,EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH); |
| 409 | return 0; | 360 | return 0; |
| 410 | } | 361 | } |
| 411 | *outl = 0; | 362 | *outl = 0; |
| @@ -427,7 +378,8 @@ int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) | |||
| 427 | int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, | 378 | int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, |
| 428 | const unsigned char *in, int inl) | 379 | const unsigned char *in, int inl) |
| 429 | { | 380 | { |
| 430 | int b, fix_len; | 381 | int fix_len; |
| 382 | unsigned int b; | ||
| 431 | 383 | ||
| 432 | if (inl == 0) | 384 | if (inl == 0) |
| 433 | { | 385 | { |
| @@ -480,8 +432,8 @@ int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) | |||
| 480 | 432 | ||
| 481 | int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) | 433 | int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) |
| 482 | { | 434 | { |
| 483 | int i,b; | 435 | int i,n; |
| 484 | int n; | 436 | unsigned int b; |
| 485 | 437 | ||
| 486 | *outl=0; | 438 | *outl=0; |
| 487 | b=ctx->cipher->block_size; | 439 | b=ctx->cipher->block_size; |
| @@ -489,7 +441,7 @@ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) | |||
| 489 | { | 441 | { |
| 490 | if(ctx->buf_len) | 442 | if(ctx->buf_len) |
| 491 | { | 443 | { |
| 492 | EVPerr(EVP_F_EVP_DECRYPTFINAL,EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH); | 444 | EVPerr(EVP_F_EVP_DECRYPTFINAL_EX,EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH); |
| 493 | return 0; | 445 | return 0; |
| 494 | } | 446 | } |
| 495 | *outl = 0; | 447 | *outl = 0; |
| @@ -499,21 +451,21 @@ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) | |||
| 499 | { | 451 | { |
| 500 | if (ctx->buf_len || !ctx->final_used) | 452 | if (ctx->buf_len || !ctx->final_used) |
| 501 | { | 453 | { |
| 502 | EVPerr(EVP_F_EVP_DECRYPTFINAL,EVP_R_WRONG_FINAL_BLOCK_LENGTH); | 454 | EVPerr(EVP_F_EVP_DECRYPTFINAL_EX,EVP_R_WRONG_FINAL_BLOCK_LENGTH); |
| 503 | return(0); | 455 | return(0); |
| 504 | } | 456 | } |
| 505 | OPENSSL_assert(b <= sizeof ctx->final); | 457 | OPENSSL_assert(b <= sizeof ctx->final); |
| 506 | n=ctx->final[b-1]; | 458 | n=ctx->final[b-1]; |
| 507 | if (n > b) | 459 | if (n == 0 || n > (int)b) |
| 508 | { | 460 | { |
| 509 | EVPerr(EVP_F_EVP_DECRYPTFINAL,EVP_R_BAD_DECRYPT); | 461 | EVPerr(EVP_F_EVP_DECRYPTFINAL_EX,EVP_R_BAD_DECRYPT); |
| 510 | return(0); | 462 | return(0); |
| 511 | } | 463 | } |
| 512 | for (i=0; i<n; i++) | 464 | for (i=0; i<n; i++) |
| 513 | { | 465 | { |
| 514 | if (ctx->final[--b] != n) | 466 | if (ctx->final[--b] != n) |
| 515 | { | 467 | { |
| 516 | EVPerr(EVP_F_EVP_DECRYPTFINAL,EVP_R_BAD_DECRYPT); | 468 | EVPerr(EVP_F_EVP_DECRYPTFINAL_EX,EVP_R_BAD_DECRYPT); |
| 517 | return(0); | 469 | return(0); |
| 518 | } | 470 | } |
| 519 | } | 471 | } |
| @@ -527,6 +479,15 @@ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) | |||
| 527 | return(1); | 479 | return(1); |
| 528 | } | 480 | } |
| 529 | 481 | ||
| 482 | void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *ctx) | ||
| 483 | { | ||
| 484 | if (ctx) | ||
| 485 | { | ||
| 486 | EVP_CIPHER_CTX_cleanup(ctx); | ||
| 487 | OPENSSL_free(ctx); | ||
| 488 | } | ||
| 489 | } | ||
| 490 | |||
| 530 | int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *c) | 491 | int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *c) |
| 531 | { | 492 | { |
| 532 | if (c->cipher != NULL) | 493 | if (c->cipher != NULL) |
| @@ -590,3 +551,13 @@ int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr) | |||
| 590 | } | 551 | } |
| 591 | return ret; | 552 | return ret; |
| 592 | } | 553 | } |
| 554 | |||
| 555 | int EVP_CIPHER_CTX_rand_key(EVP_CIPHER_CTX *ctx, unsigned char *key) | ||
| 556 | { | ||
| 557 | if (ctx->cipher->flags & EVP_CIPH_RAND_KEY) | ||
| 558 | return EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_RAND_KEY, 0, key); | ||
| 559 | if (RAND_bytes(key, ctx->key_len) <= 0) | ||
| 560 | return 0; | ||
| 561 | return 1; | ||
| 562 | } | ||
| 563 | |||
diff --git a/src/lib/libssl/src/crypto/evp/evp_err.c b/src/lib/libssl/src/crypto/evp/evp_err.c index 77eee070d3..e8c9e8de9c 100644 --- a/src/lib/libssl/src/crypto/evp/evp_err.c +++ b/src/lib/libssl/src/crypto/evp/evp_err.c | |||
| @@ -71,29 +71,31 @@ | |||
| 71 | static ERR_STRING_DATA EVP_str_functs[]= | 71 | static ERR_STRING_DATA EVP_str_functs[]= |
| 72 | { | 72 | { |
| 73 | {ERR_FUNC(EVP_F_AES_INIT_KEY), "AES_INIT_KEY"}, | 73 | {ERR_FUNC(EVP_F_AES_INIT_KEY), "AES_INIT_KEY"}, |
| 74 | {ERR_FUNC(EVP_F_CAMELLIA_INIT_KEY), "CAMELLIA_INIT_KEY"}, | ||
| 74 | {ERR_FUNC(EVP_F_D2I_PKEY), "D2I_PKEY"}, | 75 | {ERR_FUNC(EVP_F_D2I_PKEY), "D2I_PKEY"}, |
| 75 | {ERR_FUNC(EVP_F_EVP_ADD_CIPHER), "EVP_add_cipher"}, | 76 | {ERR_FUNC(EVP_F_DSAPKEY2PKCS8), "DSAPKEY2PKCS8"}, |
| 76 | {ERR_FUNC(EVP_F_EVP_ADD_DIGEST), "EVP_add_digest"}, | 77 | {ERR_FUNC(EVP_F_DSA_PKEY2PKCS8), "DSA_PKEY2PKCS8"}, |
| 77 | {ERR_FUNC(EVP_F_EVP_CIPHERINIT), "EVP_CipherInit"}, | 78 | {ERR_FUNC(EVP_F_ECDSA_PKEY2PKCS8), "ECDSA_PKEY2PKCS8"}, |
| 79 | {ERR_FUNC(EVP_F_ECKEY_PKEY2PKCS8), "ECKEY_PKEY2PKCS8"}, | ||
| 80 | {ERR_FUNC(EVP_F_EVP_CIPHERINIT_EX), "EVP_CipherInit_ex"}, | ||
| 78 | {ERR_FUNC(EVP_F_EVP_CIPHER_CTX_CTRL), "EVP_CIPHER_CTX_ctrl"}, | 81 | {ERR_FUNC(EVP_F_EVP_CIPHER_CTX_CTRL), "EVP_CIPHER_CTX_ctrl"}, |
| 79 | {ERR_FUNC(EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH), "EVP_CIPHER_CTX_set_key_length"}, | 82 | {ERR_FUNC(EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH), "EVP_CIPHER_CTX_set_key_length"}, |
| 80 | {ERR_FUNC(EVP_F_EVP_DECRYPTFINAL), "EVP_DecryptFinal"}, | 83 | {ERR_FUNC(EVP_F_EVP_DECRYPTFINAL_EX), "EVP_DecryptFinal_ex"}, |
| 81 | {ERR_FUNC(EVP_F_EVP_DIGESTINIT), "EVP_DigestInit"}, | 84 | {ERR_FUNC(EVP_F_EVP_DIGESTINIT_EX), "EVP_DigestInit_ex"}, |
| 82 | {ERR_FUNC(EVP_F_EVP_ENCRYPTFINAL), "EVP_EncryptFinal"}, | 85 | {ERR_FUNC(EVP_F_EVP_ENCRYPTFINAL_EX), "EVP_EncryptFinal_ex"}, |
| 83 | {ERR_FUNC(EVP_F_EVP_GET_CIPHERBYNAME), "EVP_get_cipherbyname"}, | 86 | {ERR_FUNC(EVP_F_EVP_MD_CTX_COPY_EX), "EVP_MD_CTX_copy_ex"}, |
| 84 | {ERR_FUNC(EVP_F_EVP_GET_DIGESTBYNAME), "EVP_get_digestbyname"}, | ||
| 85 | {ERR_FUNC(EVP_F_EVP_MD_CTX_COPY), "EVP_MD_CTX_copy"}, | ||
| 86 | {ERR_FUNC(EVP_F_EVP_OPENINIT), "EVP_OpenInit"}, | 87 | {ERR_FUNC(EVP_F_EVP_OPENINIT), "EVP_OpenInit"}, |
| 87 | {ERR_FUNC(EVP_F_EVP_PBE_ALG_ADD), "EVP_PBE_alg_add"}, | 88 | {ERR_FUNC(EVP_F_EVP_PBE_ALG_ADD), "EVP_PBE_alg_add"}, |
| 88 | {ERR_FUNC(EVP_F_EVP_PBE_CIPHERINIT), "EVP_PBE_CipherInit"}, | 89 | {ERR_FUNC(EVP_F_EVP_PBE_CIPHERINIT), "EVP_PBE_CipherInit"}, |
| 89 | {ERR_FUNC(EVP_F_EVP_PKCS82PKEY), "EVP_PKCS82PKEY"}, | 90 | {ERR_FUNC(EVP_F_EVP_PKCS82PKEY), "EVP_PKCS82PKEY"}, |
| 90 | {ERR_FUNC(EVP_F_EVP_PKCS8_SET_BROKEN), "EVP_PKCS8_SET_BROKEN"}, | 91 | {ERR_FUNC(EVP_F_EVP_PKEY2PKCS8_BROKEN), "EVP_PKEY2PKCS8_broken"}, |
| 91 | {ERR_FUNC(EVP_F_EVP_PKEY2PKCS8), "EVP_PKEY2PKCS8"}, | ||
| 92 | {ERR_FUNC(EVP_F_EVP_PKEY_COPY_PARAMETERS), "EVP_PKEY_copy_parameters"}, | 92 | {ERR_FUNC(EVP_F_EVP_PKEY_COPY_PARAMETERS), "EVP_PKEY_copy_parameters"}, |
| 93 | {ERR_FUNC(EVP_F_EVP_PKEY_DECRYPT), "EVP_PKEY_decrypt"}, | 93 | {ERR_FUNC(EVP_F_EVP_PKEY_DECRYPT), "EVP_PKEY_decrypt"}, |
| 94 | {ERR_FUNC(EVP_F_EVP_PKEY_ENCRYPT), "EVP_PKEY_encrypt"}, | 94 | {ERR_FUNC(EVP_F_EVP_PKEY_ENCRYPT), "EVP_PKEY_encrypt"}, |
| 95 | {ERR_FUNC(EVP_F_EVP_PKEY_GET1_DH), "EVP_PKEY_get1_DH"}, | 95 | {ERR_FUNC(EVP_F_EVP_PKEY_GET1_DH), "EVP_PKEY_get1_DH"}, |
| 96 | {ERR_FUNC(EVP_F_EVP_PKEY_GET1_DSA), "EVP_PKEY_get1_DSA"}, | 96 | {ERR_FUNC(EVP_F_EVP_PKEY_GET1_DSA), "EVP_PKEY_get1_DSA"}, |
| 97 | {ERR_FUNC(EVP_F_EVP_PKEY_GET1_ECDSA), "EVP_PKEY_GET1_ECDSA"}, | ||
| 98 | {ERR_FUNC(EVP_F_EVP_PKEY_GET1_EC_KEY), "EVP_PKEY_get1_EC_KEY"}, | ||
| 97 | {ERR_FUNC(EVP_F_EVP_PKEY_GET1_RSA), "EVP_PKEY_get1_RSA"}, | 99 | {ERR_FUNC(EVP_F_EVP_PKEY_GET1_RSA), "EVP_PKEY_get1_RSA"}, |
| 98 | {ERR_FUNC(EVP_F_EVP_PKEY_NEW), "EVP_PKEY_new"}, | 100 | {ERR_FUNC(EVP_F_EVP_PKEY_NEW), "EVP_PKEY_new"}, |
| 99 | {ERR_FUNC(EVP_F_EVP_RIJNDAEL), "EVP_RIJNDAEL"}, | 101 | {ERR_FUNC(EVP_F_EVP_RIJNDAEL), "EVP_RIJNDAEL"}, |
| @@ -101,6 +103,7 @@ static ERR_STRING_DATA EVP_str_functs[]= | |||
| 101 | {ERR_FUNC(EVP_F_EVP_VERIFYFINAL), "EVP_VerifyFinal"}, | 103 | {ERR_FUNC(EVP_F_EVP_VERIFYFINAL), "EVP_VerifyFinal"}, |
| 102 | {ERR_FUNC(EVP_F_PKCS5_PBE_KEYIVGEN), "PKCS5_PBE_keyivgen"}, | 104 | {ERR_FUNC(EVP_F_PKCS5_PBE_KEYIVGEN), "PKCS5_PBE_keyivgen"}, |
| 103 | {ERR_FUNC(EVP_F_PKCS5_V2_PBE_KEYIVGEN), "PKCS5_v2_PBE_keyivgen"}, | 105 | {ERR_FUNC(EVP_F_PKCS5_V2_PBE_KEYIVGEN), "PKCS5_v2_PBE_keyivgen"}, |
| 106 | {ERR_FUNC(EVP_F_PKCS8_SET_BROKEN), "PKCS8_set_broken"}, | ||
| 104 | {ERR_FUNC(EVP_F_RC2_MAGIC_TO_METH), "RC2_MAGIC_TO_METH"}, | 107 | {ERR_FUNC(EVP_F_RC2_MAGIC_TO_METH), "RC2_MAGIC_TO_METH"}, |
| 105 | {ERR_FUNC(EVP_F_RC5_CTRL), "RC5_CTRL"}, | 108 | {ERR_FUNC(EVP_F_RC5_CTRL), "RC5_CTRL"}, |
| 106 | {0,NULL} | 109 | {0,NULL} |
| @@ -109,23 +112,26 @@ static ERR_STRING_DATA EVP_str_functs[]= | |||
| 109 | static ERR_STRING_DATA EVP_str_reasons[]= | 112 | static ERR_STRING_DATA EVP_str_reasons[]= |
| 110 | { | 113 | { |
| 111 | {ERR_REASON(EVP_R_AES_KEY_SETUP_FAILED) ,"aes key setup failed"}, | 114 | {ERR_REASON(EVP_R_AES_KEY_SETUP_FAILED) ,"aes key setup failed"}, |
| 115 | {ERR_REASON(EVP_R_ASN1_LIB) ,"asn1 lib"}, | ||
| 112 | {ERR_REASON(EVP_R_BAD_BLOCK_LENGTH) ,"bad block length"}, | 116 | {ERR_REASON(EVP_R_BAD_BLOCK_LENGTH) ,"bad block length"}, |
| 113 | {ERR_REASON(EVP_R_BAD_DECRYPT) ,"bad decrypt"}, | 117 | {ERR_REASON(EVP_R_BAD_DECRYPT) ,"bad decrypt"}, |
| 114 | {ERR_REASON(EVP_R_BAD_KEY_LENGTH) ,"bad key length"}, | 118 | {ERR_REASON(EVP_R_BAD_KEY_LENGTH) ,"bad key length"}, |
| 115 | {ERR_REASON(EVP_R_BN_DECODE_ERROR) ,"bn decode error"}, | 119 | {ERR_REASON(EVP_R_BN_DECODE_ERROR) ,"bn decode error"}, |
| 116 | {ERR_REASON(EVP_R_BN_PUBKEY_ERROR) ,"bn pubkey error"}, | 120 | {ERR_REASON(EVP_R_BN_PUBKEY_ERROR) ,"bn pubkey error"}, |
| 121 | {ERR_REASON(EVP_R_CAMELLIA_KEY_SETUP_FAILED),"camellia key setup failed"}, | ||
| 117 | {ERR_REASON(EVP_R_CIPHER_PARAMETER_ERROR),"cipher parameter error"}, | 122 | {ERR_REASON(EVP_R_CIPHER_PARAMETER_ERROR),"cipher parameter error"}, |
| 118 | {ERR_REASON(EVP_R_CTRL_NOT_IMPLEMENTED) ,"ctrl not implemented"}, | 123 | {ERR_REASON(EVP_R_CTRL_NOT_IMPLEMENTED) ,"ctrl not implemented"}, |
| 119 | {ERR_REASON(EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED),"ctrl operation not implemented"}, | 124 | {ERR_REASON(EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED),"ctrl operation not implemented"}, |
| 120 | {ERR_REASON(EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH),"data not multiple of block length"}, | 125 | {ERR_REASON(EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH),"data not multiple of block length"}, |
| 121 | {ERR_REASON(EVP_R_DECODE_ERROR) ,"decode error"}, | 126 | {ERR_REASON(EVP_R_DECODE_ERROR) ,"decode error"}, |
| 122 | {ERR_REASON(EVP_R_DIFFERENT_KEY_TYPES) ,"different key types"}, | 127 | {ERR_REASON(EVP_R_DIFFERENT_KEY_TYPES) ,"different key types"}, |
| 123 | {ERR_REASON(EVP_R_DISABLED_FOR_FIPS) ,"disabled for fips"}, | ||
| 124 | {ERR_REASON(EVP_R_ENCODE_ERROR) ,"encode error"}, | 128 | {ERR_REASON(EVP_R_ENCODE_ERROR) ,"encode error"}, |
| 125 | {ERR_REASON(EVP_R_EVP_PBE_CIPHERINIT_ERROR),"evp pbe cipherinit error"}, | 129 | {ERR_REASON(EVP_R_EVP_PBE_CIPHERINIT_ERROR),"evp pbe cipherinit error"}, |
| 126 | {ERR_REASON(EVP_R_EXPECTING_AN_RSA_KEY) ,"expecting an rsa key"}, | 130 | {ERR_REASON(EVP_R_EXPECTING_AN_RSA_KEY) ,"expecting an rsa key"}, |
| 127 | {ERR_REASON(EVP_R_EXPECTING_A_DH_KEY) ,"expecting a dh key"}, | 131 | {ERR_REASON(EVP_R_EXPECTING_A_DH_KEY) ,"expecting a dh key"}, |
| 128 | {ERR_REASON(EVP_R_EXPECTING_A_DSA_KEY) ,"expecting a dsa key"}, | 132 | {ERR_REASON(EVP_R_EXPECTING_A_DSA_KEY) ,"expecting a dsa key"}, |
| 133 | {ERR_REASON(EVP_R_EXPECTING_A_ECDSA_KEY) ,"expecting a ecdsa key"}, | ||
| 134 | {ERR_REASON(EVP_R_EXPECTING_A_EC_KEY) ,"expecting a ec key"}, | ||
| 129 | {ERR_REASON(EVP_R_INITIALIZATION_ERROR) ,"initialization error"}, | 135 | {ERR_REASON(EVP_R_INITIALIZATION_ERROR) ,"initialization error"}, |
| 130 | {ERR_REASON(EVP_R_INPUT_NOT_INITIALIZED) ,"input not initialized"}, | 136 | {ERR_REASON(EVP_R_INPUT_NOT_INITIALIZED) ,"input not initialized"}, |
| 131 | {ERR_REASON(EVP_R_INVALID_KEY_LENGTH) ,"invalid key length"}, | 137 | {ERR_REASON(EVP_R_INVALID_KEY_LENGTH) ,"invalid key length"}, |
| @@ -157,15 +163,12 @@ static ERR_STRING_DATA EVP_str_reasons[]= | |||
| 157 | 163 | ||
| 158 | void ERR_load_EVP_strings(void) | 164 | void ERR_load_EVP_strings(void) |
| 159 | { | 165 | { |
| 160 | static int init=1; | 166 | #ifndef OPENSSL_NO_ERR |
| 161 | 167 | ||
| 162 | if (init) | 168 | if (ERR_func_error_string(EVP_str_functs[0].error) == NULL) |
| 163 | { | 169 | { |
| 164 | init=0; | ||
| 165 | #ifndef OPENSSL_NO_ERR | ||
| 166 | ERR_load_strings(0,EVP_str_functs); | 170 | ERR_load_strings(0,EVP_str_functs); |
| 167 | ERR_load_strings(0,EVP_str_reasons); | 171 | ERR_load_strings(0,EVP_str_reasons); |
| 168 | #endif | ||
| 169 | |||
| 170 | } | 172 | } |
| 173 | #endif | ||
| 171 | } | 174 | } |
diff --git a/src/lib/libssl/src/crypto/evp/evp_key.c b/src/lib/libssl/src/crypto/evp/evp_key.c index f8650d5df6..361ea69ab6 100644 --- a/src/lib/libssl/src/crypto/evp/evp_key.c +++ b/src/lib/libssl/src/crypto/evp/evp_key.c | |||
| @@ -66,7 +66,7 @@ | |||
| 66 | /* should be init to zeros. */ | 66 | /* should be init to zeros. */ |
| 67 | static char prompt_string[80]; | 67 | static char prompt_string[80]; |
| 68 | 68 | ||
| 69 | void EVP_set_pw_prompt(char *prompt) | 69 | void EVP_set_pw_prompt(const char *prompt) |
| 70 | { | 70 | { |
| 71 | if (prompt == NULL) | 71 | if (prompt == NULL) |
| 72 | prompt_string[0]='\0'; | 72 | prompt_string[0]='\0'; |
diff --git a/src/lib/libssl/src/crypto/evp/evp_lib.c b/src/lib/libssl/src/crypto/evp/evp_lib.c index a63ba19317..edb28ef38e 100644 --- a/src/lib/libssl/src/crypto/evp/evp_lib.c +++ b/src/lib/libssl/src/crypto/evp/evp_lib.c | |||
| @@ -68,7 +68,7 @@ int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type) | |||
| 68 | if (c->cipher->set_asn1_parameters != NULL) | 68 | if (c->cipher->set_asn1_parameters != NULL) |
| 69 | ret=c->cipher->set_asn1_parameters(c,type); | 69 | ret=c->cipher->set_asn1_parameters(c,type); |
| 70 | else | 70 | else |
| 71 | return -1; | 71 | ret=-1; |
| 72 | return(ret); | 72 | return(ret); |
| 73 | } | 73 | } |
| 74 | 74 | ||
| @@ -79,20 +79,21 @@ int EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *c, ASN1_TYPE *type) | |||
| 79 | if (c->cipher->get_asn1_parameters != NULL) | 79 | if (c->cipher->get_asn1_parameters != NULL) |
| 80 | ret=c->cipher->get_asn1_parameters(c,type); | 80 | ret=c->cipher->get_asn1_parameters(c,type); |
| 81 | else | 81 | else |
| 82 | return -1; | 82 | ret=-1; |
| 83 | return(ret); | 83 | return(ret); |
| 84 | } | 84 | } |
| 85 | 85 | ||
| 86 | int EVP_CIPHER_get_asn1_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type) | 86 | int EVP_CIPHER_get_asn1_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type) |
| 87 | { | 87 | { |
| 88 | int i=0,l; | 88 | int i=0; |
| 89 | unsigned int l; | ||
| 89 | 90 | ||
| 90 | if (type != NULL) | 91 | if (type != NULL) |
| 91 | { | 92 | { |
| 92 | l=EVP_CIPHER_CTX_iv_length(c); | 93 | l=EVP_CIPHER_CTX_iv_length(c); |
| 93 | OPENSSL_assert(l <= sizeof c->iv); | 94 | OPENSSL_assert(l <= sizeof(c->iv)); |
| 94 | i=ASN1_TYPE_get_octetstring(type,c->oiv,l); | 95 | i=ASN1_TYPE_get_octetstring(type,c->oiv,l); |
| 95 | if (i != l) | 96 | if (i != (int)l) |
| 96 | return(-1); | 97 | return(-1); |
| 97 | else if (i > 0) | 98 | else if (i > 0) |
| 98 | memcpy(c->iv,c->oiv,l); | 99 | memcpy(c->iv,c->oiv,l); |
| @@ -102,12 +103,13 @@ int EVP_CIPHER_get_asn1_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type) | |||
| 102 | 103 | ||
| 103 | int EVP_CIPHER_set_asn1_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type) | 104 | int EVP_CIPHER_set_asn1_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type) |
| 104 | { | 105 | { |
| 105 | int i=0,j; | 106 | int i=0; |
| 107 | unsigned int j; | ||
| 106 | 108 | ||
| 107 | if (type != NULL) | 109 | if (type != NULL) |
| 108 | { | 110 | { |
| 109 | j=EVP_CIPHER_CTX_iv_length(c); | 111 | j=EVP_CIPHER_CTX_iv_length(c); |
| 110 | OPENSSL_assert(j <= sizeof c->iv); | 112 | OPENSSL_assert(j <= sizeof(c->iv)); |
| 111 | i=ASN1_TYPE_set_octetstring(type,c->oiv,j); | 113 | i=ASN1_TYPE_set_octetstring(type,c->oiv,j); |
| 112 | } | 114 | } |
| 113 | return(i); | 115 | return(i); |
| @@ -166,3 +168,112 @@ int EVP_CIPHER_type(const EVP_CIPHER *ctx) | |||
| 166 | } | 168 | } |
| 167 | } | 169 | } |
| 168 | 170 | ||
| 171 | int EVP_CIPHER_block_size(const EVP_CIPHER *e) | ||
| 172 | { | ||
| 173 | return e->block_size; | ||
| 174 | } | ||
| 175 | |||
| 176 | int EVP_CIPHER_CTX_block_size(const EVP_CIPHER_CTX *ctx) | ||
| 177 | { | ||
| 178 | return ctx->cipher->block_size; | ||
| 179 | } | ||
| 180 | |||
| 181 | int EVP_Cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl) | ||
| 182 | { | ||
| 183 | return ctx->cipher->do_cipher(ctx,out,in,inl); | ||
| 184 | } | ||
| 185 | |||
| 186 | const EVP_CIPHER *EVP_CIPHER_CTX_cipher(const EVP_CIPHER_CTX *ctx) | ||
| 187 | { | ||
| 188 | return ctx->cipher; | ||
| 189 | } | ||
| 190 | |||
| 191 | unsigned long EVP_CIPHER_flags(const EVP_CIPHER *cipher) | ||
| 192 | { | ||
| 193 | return cipher->flags; | ||
| 194 | } | ||
| 195 | |||
| 196 | unsigned long EVP_CIPHER_CTX_flags(const EVP_CIPHER_CTX *ctx) | ||
| 197 | { | ||
| 198 | return ctx->cipher->flags; | ||
| 199 | } | ||
| 200 | |||
| 201 | void *EVP_CIPHER_CTX_get_app_data(const EVP_CIPHER_CTX *ctx) | ||
| 202 | { | ||
| 203 | return ctx->app_data; | ||
| 204 | } | ||
| 205 | |||
| 206 | void EVP_CIPHER_CTX_set_app_data(EVP_CIPHER_CTX *ctx, void *data) | ||
| 207 | { | ||
| 208 | ctx->app_data = data; | ||
| 209 | } | ||
| 210 | |||
| 211 | int EVP_CIPHER_iv_length(const EVP_CIPHER *cipher) | ||
| 212 | { | ||
| 213 | return cipher->iv_len; | ||
| 214 | } | ||
| 215 | |||
| 216 | int EVP_CIPHER_CTX_iv_length(const EVP_CIPHER_CTX *ctx) | ||
| 217 | { | ||
| 218 | return ctx->cipher->iv_len; | ||
| 219 | } | ||
| 220 | |||
| 221 | int EVP_CIPHER_key_length(const EVP_CIPHER *cipher) | ||
| 222 | { | ||
| 223 | return cipher->key_len; | ||
| 224 | } | ||
| 225 | |||
| 226 | int EVP_CIPHER_CTX_key_length(const EVP_CIPHER_CTX *ctx) | ||
| 227 | { | ||
| 228 | return ctx->key_len; | ||
| 229 | } | ||
| 230 | |||
| 231 | int EVP_CIPHER_nid(const EVP_CIPHER *cipher) | ||
| 232 | { | ||
| 233 | return cipher->nid; | ||
| 234 | } | ||
| 235 | |||
| 236 | int EVP_CIPHER_CTX_nid(const EVP_CIPHER_CTX *ctx) | ||
| 237 | { | ||
| 238 | return ctx->cipher->nid; | ||
| 239 | } | ||
| 240 | |||
| 241 | int EVP_MD_block_size(const EVP_MD *md) | ||
| 242 | { | ||
| 243 | return md->block_size; | ||
| 244 | } | ||
| 245 | |||
| 246 | int EVP_MD_type(const EVP_MD *md) | ||
| 247 | { | ||
| 248 | return md->type; | ||
| 249 | } | ||
| 250 | |||
| 251 | int EVP_MD_pkey_type(const EVP_MD *md) | ||
| 252 | { | ||
| 253 | return md->pkey_type; | ||
| 254 | } | ||
| 255 | |||
| 256 | int EVP_MD_size(const EVP_MD *md) | ||
| 257 | { | ||
| 258 | return md->md_size; | ||
| 259 | } | ||
| 260 | |||
| 261 | const EVP_MD * EVP_MD_CTX_md(const EVP_MD_CTX *ctx) | ||
| 262 | { | ||
| 263 | return ctx->digest; | ||
| 264 | } | ||
| 265 | |||
| 266 | void EVP_MD_CTX_set_flags(EVP_MD_CTX *ctx, int flags) | ||
| 267 | { | ||
| 268 | ctx->flags |= flags; | ||
| 269 | } | ||
| 270 | |||
| 271 | void EVP_MD_CTX_clear_flags(EVP_MD_CTX *ctx, int flags) | ||
| 272 | { | ||
| 273 | ctx->flags &= ~flags; | ||
| 274 | } | ||
| 275 | |||
| 276 | int EVP_MD_CTX_test_flags(const EVP_MD_CTX *ctx, int flags) | ||
| 277 | { | ||
| 278 | return (ctx->flags & flags); | ||
| 279 | } | ||
diff --git a/src/lib/libssl/src/crypto/evp/evp_locl.h b/src/lib/libssl/src/crypto/evp/evp_locl.h index f8c5343620..073b0adcff 100644 --- a/src/lib/libssl/src/crypto/evp/evp_locl.h +++ b/src/lib/libssl/src/crypto/evp/evp_locl.h | |||
| @@ -65,7 +65,7 @@ | |||
| 65 | bl = ctx->cipher->block_size;\ | 65 | bl = ctx->cipher->block_size;\ |
| 66 | if(inl < bl) return 1;\ | 66 | if(inl < bl) return 1;\ |
| 67 | inl -= bl; \ | 67 | inl -= bl; \ |
| 68 | for(i=0; i <= inl; i+=bl) \ | 68 | for(i=0; i <= inl; i+=bl) |
| 69 | 69 | ||
| 70 | #define BLOCK_CIPHER_func_ecb(cname, cprefix, kstruct, ksched) \ | 70 | #define BLOCK_CIPHER_func_ecb(cname, cprefix, kstruct, ksched) \ |
| 71 | static int cname##_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl) \ | 71 | static int cname##_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl) \ |
| @@ -92,7 +92,7 @@ static int cname##_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const uns | |||
| 92 | #define BLOCK_CIPHER_func_cfb(cname, cprefix, cbits, kstruct, ksched) \ | 92 | #define BLOCK_CIPHER_func_cfb(cname, cprefix, cbits, kstruct, ksched) \ |
| 93 | static int cname##_cfb##cbits##_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl) \ | 93 | static int cname##_cfb##cbits##_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl) \ |
| 94 | {\ | 94 | {\ |
| 95 | cprefix##_cfb##cbits##_encrypt(in, out, (long)inl, &((kstruct *)ctx->cipher_data)->ksched, ctx->iv, &ctx->num, ctx->encrypt);\ | 95 | cprefix##_cfb##cbits##_encrypt(in, out, (long)(cbits==1?inl*8:inl), &((kstruct *)ctx->cipher_data)->ksched, ctx->iv, &ctx->num, ctx->encrypt);\ |
| 96 | return 1;\ | 96 | return 1;\ |
| 97 | } | 97 | } |
| 98 | 98 | ||
| @@ -226,27 +226,11 @@ const EVP_CIPHER *EVP_##cname##_ecb(void) { return &cname##_ecb; } | |||
| 226 | 226 | ||
| 227 | #define EVP_C_DATA(kstruct, ctx) ((kstruct *)(ctx)->cipher_data) | 227 | #define EVP_C_DATA(kstruct, ctx) ((kstruct *)(ctx)->cipher_data) |
| 228 | 228 | ||
| 229 | #define IMPLEMENT_CFBR(cipher,cprefix,kstruct,ksched,keysize,cbits,iv_len,flags) \ | 229 | #define IMPLEMENT_CFBR(cipher,cprefix,kstruct,ksched,keysize,cbits,iv_len) \ |
| 230 | BLOCK_CIPHER_func_cfb(cipher##_##keysize,cprefix,cbits,kstruct,ksched) \ | 230 | BLOCK_CIPHER_func_cfb(cipher##_##keysize,cprefix,cbits,kstruct,ksched) \ |
| 231 | BLOCK_CIPHER_def_cfb(cipher##_##keysize,kstruct, \ | 231 | BLOCK_CIPHER_def_cfb(cipher##_##keysize,kstruct, \ |
| 232 | NID_##cipher##_##keysize, keysize/8, iv_len, cbits, \ | 232 | NID_##cipher##_##keysize, keysize/8, iv_len, cbits, \ |
| 233 | flags, cipher##_init_key, NULL, \ | 233 | 0, cipher##_init_key, NULL, \ |
| 234 | EVP_CIPHER_set_asn1_iv, \ | 234 | EVP_CIPHER_set_asn1_iv, \ |
| 235 | EVP_CIPHER_get_asn1_iv, \ | 235 | EVP_CIPHER_get_asn1_iv, \ |
| 236 | NULL) | 236 | NULL) |
| 237 | |||
| 238 | #ifdef OPENSSL_FIPS | ||
| 239 | #define RC2_set_key private_RC2_set_key | ||
| 240 | #define RC4_set_key private_RC4_set_key | ||
| 241 | #define CAST_set_key private_CAST_set_key | ||
| 242 | #define RC5_32_set_key private_RC5_32_set_key | ||
| 243 | #define BF_set_key private_BF_set_key | ||
| 244 | #define idea_set_encrypt_key private_idea_set_encrypt_key | ||
| 245 | |||
| 246 | #define MD5_Init private_MD5_Init | ||
| 247 | #define MD4_Init private_MD4_Init | ||
| 248 | #define MD2_Init private_MD2_Init | ||
| 249 | #define MDC2_Init private_MDC2_Init | ||
| 250 | #define SHA_Init private_SHA_Init | ||
| 251 | |||
| 252 | #endif | ||
diff --git a/src/lib/libssl/src/crypto/evp/evp_pbe.c b/src/lib/libssl/src/crypto/evp/evp_pbe.c index 91e545a141..c26d2de0f3 100644 --- a/src/lib/libssl/src/crypto/evp/evp_pbe.c +++ b/src/lib/libssl/src/crypto/evp/evp_pbe.c | |||
| @@ -74,7 +74,7 @@ const EVP_MD *md; | |||
| 74 | EVP_PBE_KEYGEN *keygen; | 74 | EVP_PBE_KEYGEN *keygen; |
| 75 | } EVP_PBE_CTL; | 75 | } EVP_PBE_CTL; |
| 76 | 76 | ||
| 77 | int EVP_PBE_CipherInit (ASN1_OBJECT *pbe_obj, const char *pass, int passlen, | 77 | int EVP_PBE_CipherInit(ASN1_OBJECT *pbe_obj, const char *pass, int passlen, |
| 78 | ASN1_TYPE *param, EVP_CIPHER_CTX *ctx, int en_de) | 78 | ASN1_TYPE *param, EVP_CIPHER_CTX *ctx, int en_de) |
| 79 | { | 79 | { |
| 80 | 80 | ||
| @@ -106,7 +106,8 @@ int EVP_PBE_CipherInit (ASN1_OBJECT *pbe_obj, const char *pass, int passlen, | |||
| 106 | 106 | ||
| 107 | static int pbe_cmp(const char * const *a, const char * const *b) | 107 | static int pbe_cmp(const char * const *a, const char * const *b) |
| 108 | { | 108 | { |
| 109 | EVP_PBE_CTL **pbe1 = (EVP_PBE_CTL **) a, **pbe2 = (EVP_PBE_CTL **)b; | 109 | const EVP_PBE_CTL * const *pbe1 = (const EVP_PBE_CTL * const *) a, |
| 110 | * const *pbe2 = (const EVP_PBE_CTL * const *)b; | ||
| 110 | return ((*pbe1)->pbe_nid - (*pbe2)->pbe_nid); | 111 | return ((*pbe1)->pbe_nid - (*pbe2)->pbe_nid); |
| 111 | } | 112 | } |
| 112 | 113 | ||
diff --git a/src/lib/libssl/src/crypto/evp/evp_pkey.c b/src/lib/libssl/src/crypto/evp/evp_pkey.c index 47a69932a5..0147f3e02a 100644 --- a/src/lib/libssl/src/crypto/evp/evp_pkey.c +++ b/src/lib/libssl/src/crypto/evp/evp_pkey.c | |||
| @@ -3,7 +3,7 @@ | |||
| 3 | * project 1999. | 3 | * project 1999. |
| 4 | */ | 4 | */ |
| 5 | /* ==================================================================== | 5 | /* ==================================================================== |
| 6 | * Copyright (c) 1999 The OpenSSL Project. All rights reserved. | 6 | * Copyright (c) 1999-2002 The OpenSSL Project. All rights reserved. |
| 7 | * | 7 | * |
| 8 | * Redistribution and use in source and binary forms, with or without | 8 | * Redistribution and use in source and binary forms, with or without |
| 9 | * modification, are permitted provided that the following conditions | 9 | * modification, are permitted provided that the following conditions |
| @@ -61,14 +61,24 @@ | |||
| 61 | #include "cryptlib.h" | 61 | #include "cryptlib.h" |
| 62 | #include <openssl/x509.h> | 62 | #include <openssl/x509.h> |
| 63 | #include <openssl/rand.h> | 63 | #include <openssl/rand.h> |
| 64 | #ifndef OPENSSL_NO_RSA | ||
| 65 | #include <openssl/rsa.h> | ||
| 66 | #endif | ||
| 67 | #ifndef OPENSSL_NO_DSA | ||
| 68 | #include <openssl/dsa.h> | ||
| 69 | #endif | ||
| 70 | #include <openssl/bn.h> | ||
| 64 | 71 | ||
| 65 | #ifndef OPENSSL_NO_DSA | 72 | #ifndef OPENSSL_NO_DSA |
| 66 | static int dsa_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8inf, EVP_PKEY *pkey); | 73 | static int dsa_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8inf, EVP_PKEY *pkey); |
| 67 | #endif | 74 | #endif |
| 75 | #ifndef OPENSSL_NO_EC | ||
| 76 | static int eckey_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8inf, EVP_PKEY *pkey); | ||
| 77 | #endif | ||
| 68 | 78 | ||
| 69 | /* Extract a private key from a PKCS8 structure */ | 79 | /* Extract a private key from a PKCS8 structure */ |
| 70 | 80 | ||
| 71 | EVP_PKEY *EVP_PKCS82PKEY (PKCS8_PRIV_KEY_INFO *p8) | 81 | EVP_PKEY *EVP_PKCS82PKEY(PKCS8_PRIV_KEY_INFO *p8) |
| 72 | { | 82 | { |
| 73 | EVP_PKEY *pkey = NULL; | 83 | EVP_PKEY *pkey = NULL; |
| 74 | #ifndef OPENSSL_NO_RSA | 84 | #ifndef OPENSSL_NO_RSA |
| @@ -76,16 +86,24 @@ EVP_PKEY *EVP_PKCS82PKEY (PKCS8_PRIV_KEY_INFO *p8) | |||
| 76 | #endif | 86 | #endif |
| 77 | #ifndef OPENSSL_NO_DSA | 87 | #ifndef OPENSSL_NO_DSA |
| 78 | DSA *dsa = NULL; | 88 | DSA *dsa = NULL; |
| 89 | ASN1_TYPE *t1, *t2; | ||
| 79 | ASN1_INTEGER *privkey; | 90 | ASN1_INTEGER *privkey; |
| 80 | ASN1_TYPE *t1, *t2, *param = NULL; | ||
| 81 | STACK_OF(ASN1_TYPE) *ndsa = NULL; | 91 | STACK_OF(ASN1_TYPE) *ndsa = NULL; |
| 92 | #endif | ||
| 93 | #ifndef OPENSSL_NO_EC | ||
| 94 | EC_KEY *eckey = NULL; | ||
| 95 | const unsigned char *p_tmp; | ||
| 96 | #endif | ||
| 97 | #if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_EC) | ||
| 98 | ASN1_TYPE *param = NULL; | ||
| 82 | BN_CTX *ctx = NULL; | 99 | BN_CTX *ctx = NULL; |
| 83 | int plen; | 100 | int plen; |
| 84 | #endif | 101 | #endif |
| 85 | X509_ALGOR *a; | 102 | X509_ALGOR *a; |
| 86 | unsigned char *p; | 103 | const unsigned char *p; |
| 87 | const unsigned char *cp; | 104 | const unsigned char *cp; |
| 88 | int pkeylen; | 105 | int pkeylen; |
| 106 | int nid; | ||
| 89 | char obj_tmp[80]; | 107 | char obj_tmp[80]; |
| 90 | 108 | ||
| 91 | if(p8->pkey->type == V_ASN1_OCTET_STRING) { | 109 | if(p8->pkey->type == V_ASN1_OCTET_STRING) { |
| @@ -102,7 +120,8 @@ EVP_PKEY *EVP_PKCS82PKEY (PKCS8_PRIV_KEY_INFO *p8) | |||
| 102 | return NULL; | 120 | return NULL; |
| 103 | } | 121 | } |
| 104 | a = p8->pkeyalg; | 122 | a = p8->pkeyalg; |
| 105 | switch (OBJ_obj2nid(a->algorithm)) | 123 | nid = OBJ_obj2nid(a->algorithm); |
| 124 | switch(nid) | ||
| 106 | { | 125 | { |
| 107 | #ifndef OPENSSL_NO_RSA | 126 | #ifndef OPENSSL_NO_RSA |
| 108 | case NID_rsaEncryption: | 127 | case NID_rsaEncryption: |
| @@ -208,6 +227,112 @@ EVP_PKEY *EVP_PKCS82PKEY (PKCS8_PRIV_KEY_INFO *p8) | |||
| 208 | return NULL; | 227 | return NULL; |
| 209 | break; | 228 | break; |
| 210 | #endif | 229 | #endif |
| 230 | #ifndef OPENSSL_NO_EC | ||
| 231 | case NID_X9_62_id_ecPublicKey: | ||
| 232 | p_tmp = p; | ||
| 233 | /* extract the ec parameters */ | ||
| 234 | param = p8->pkeyalg->parameter; | ||
| 235 | |||
| 236 | if (!param || ((param->type != V_ASN1_SEQUENCE) && | ||
| 237 | (param->type != V_ASN1_OBJECT))) | ||
| 238 | { | ||
| 239 | EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR); | ||
| 240 | goto ecerr; | ||
| 241 | } | ||
| 242 | |||
| 243 | if (param->type == V_ASN1_SEQUENCE) | ||
| 244 | { | ||
| 245 | cp = p = param->value.sequence->data; | ||
| 246 | plen = param->value.sequence->length; | ||
| 247 | |||
| 248 | if (!(eckey = d2i_ECParameters(NULL, &cp, plen))) | ||
| 249 | { | ||
| 250 | EVPerr(EVP_F_EVP_PKCS82PKEY, | ||
| 251 | EVP_R_DECODE_ERROR); | ||
| 252 | goto ecerr; | ||
| 253 | } | ||
| 254 | } | ||
| 255 | else | ||
| 256 | { | ||
| 257 | EC_GROUP *group; | ||
| 258 | cp = p = param->value.object->data; | ||
| 259 | plen = param->value.object->length; | ||
| 260 | |||
| 261 | /* type == V_ASN1_OBJECT => the parameters are given | ||
| 262 | * by an asn1 OID | ||
| 263 | */ | ||
| 264 | if ((eckey = EC_KEY_new()) == NULL) | ||
| 265 | { | ||
| 266 | EVPerr(EVP_F_EVP_PKCS82PKEY, | ||
| 267 | ERR_R_MALLOC_FAILURE); | ||
| 268 | goto ecerr; | ||
| 269 | } | ||
| 270 | group = EC_GROUP_new_by_curve_name(OBJ_obj2nid(a->parameter->value.object)); | ||
| 271 | if (group == NULL) | ||
| 272 | goto ecerr; | ||
| 273 | EC_GROUP_set_asn1_flag(group, OPENSSL_EC_NAMED_CURVE); | ||
| 274 | if (EC_KEY_set_group(eckey, group) == 0) | ||
| 275 | goto ecerr; | ||
| 276 | EC_GROUP_free(group); | ||
| 277 | } | ||
| 278 | |||
| 279 | /* We have parameters now set private key */ | ||
| 280 | if (!d2i_ECPrivateKey(&eckey, &p_tmp, pkeylen)) | ||
| 281 | { | ||
| 282 | EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR); | ||
| 283 | goto ecerr; | ||
| 284 | } | ||
| 285 | |||
| 286 | /* calculate public key (if necessary) */ | ||
| 287 | if (EC_KEY_get0_public_key(eckey) == NULL) | ||
| 288 | { | ||
| 289 | const BIGNUM *priv_key; | ||
| 290 | const EC_GROUP *group; | ||
| 291 | EC_POINT *pub_key; | ||
| 292 | /* the public key was not included in the SEC1 private | ||
| 293 | * key => calculate the public key */ | ||
| 294 | group = EC_KEY_get0_group(eckey); | ||
| 295 | pub_key = EC_POINT_new(group); | ||
| 296 | if (pub_key == NULL) | ||
| 297 | { | ||
| 298 | EVPerr(EVP_F_EVP_PKCS82PKEY, ERR_R_EC_LIB); | ||
| 299 | goto ecerr; | ||
| 300 | } | ||
| 301 | if (!EC_POINT_copy(pub_key, EC_GROUP_get0_generator(group))) | ||
| 302 | { | ||
| 303 | EC_POINT_free(pub_key); | ||
| 304 | EVPerr(EVP_F_EVP_PKCS82PKEY, ERR_R_EC_LIB); | ||
| 305 | goto ecerr; | ||
| 306 | } | ||
| 307 | priv_key = EC_KEY_get0_private_key(eckey); | ||
| 308 | if (!EC_POINT_mul(group, pub_key, priv_key, NULL, NULL, ctx)) | ||
| 309 | { | ||
| 310 | EC_POINT_free(pub_key); | ||
| 311 | EVPerr(EVP_F_EVP_PKCS82PKEY, ERR_R_EC_LIB); | ||
| 312 | goto ecerr; | ||
| 313 | } | ||
| 314 | if (EC_KEY_set_public_key(eckey, pub_key) == 0) | ||
| 315 | { | ||
| 316 | EC_POINT_free(pub_key); | ||
| 317 | EVPerr(EVP_F_EVP_PKCS82PKEY, ERR_R_EC_LIB); | ||
| 318 | goto ecerr; | ||
| 319 | } | ||
| 320 | EC_POINT_free(pub_key); | ||
| 321 | } | ||
| 322 | |||
| 323 | EVP_PKEY_assign_EC_KEY(pkey, eckey); | ||
| 324 | if (ctx) | ||
| 325 | BN_CTX_free(ctx); | ||
| 326 | break; | ||
| 327 | ecerr: | ||
| 328 | if (ctx) | ||
| 329 | BN_CTX_free(ctx); | ||
| 330 | if (eckey) | ||
| 331 | EC_KEY_free(eckey); | ||
| 332 | if (pkey) | ||
| 333 | EVP_PKEY_free(pkey); | ||
| 334 | return NULL; | ||
| 335 | #endif | ||
| 211 | default: | 336 | default: |
| 212 | EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM); | 337 | EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM); |
| 213 | if (!a->algorithm) BUF_strlcpy (obj_tmp, "NULL", sizeof obj_tmp); | 338 | if (!a->algorithm) BUF_strlcpy (obj_tmp, "NULL", sizeof obj_tmp); |
| @@ -231,17 +356,17 @@ PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8_broken(EVP_PKEY *pkey, int broken) | |||
| 231 | PKCS8_PRIV_KEY_INFO *p8; | 356 | PKCS8_PRIV_KEY_INFO *p8; |
| 232 | 357 | ||
| 233 | if (!(p8 = PKCS8_PRIV_KEY_INFO_new())) { | 358 | if (!(p8 = PKCS8_PRIV_KEY_INFO_new())) { |
| 234 | EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); | 359 | EVPerr(EVP_F_EVP_PKEY2PKCS8_BROKEN,ERR_R_MALLOC_FAILURE); |
| 235 | return NULL; | 360 | return NULL; |
| 236 | } | 361 | } |
| 237 | p8->broken = broken; | 362 | p8->broken = broken; |
| 238 | if (!ASN1_INTEGER_set(p8->version, 0)) { | 363 | if (!ASN1_INTEGER_set(p8->version, 0)) { |
| 239 | EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); | 364 | EVPerr(EVP_F_EVP_PKEY2PKCS8_BROKEN,ERR_R_MALLOC_FAILURE); |
| 240 | PKCS8_PRIV_KEY_INFO_free (p8); | 365 | PKCS8_PRIV_KEY_INFO_free (p8); |
| 241 | return NULL; | 366 | return NULL; |
| 242 | } | 367 | } |
| 243 | if (!(p8->pkeyalg->parameter = ASN1_TYPE_new ())) { | 368 | if (!(p8->pkeyalg->parameter = ASN1_TYPE_new ())) { |
| 244 | EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); | 369 | EVPerr(EVP_F_EVP_PKEY2PKCS8_BROKEN,ERR_R_MALLOC_FAILURE); |
| 245 | PKCS8_PRIV_KEY_INFO_free (p8); | 370 | PKCS8_PRIV_KEY_INFO_free (p8); |
| 246 | return NULL; | 371 | return NULL; |
| 247 | } | 372 | } |
| @@ -254,9 +379,9 @@ PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8_broken(EVP_PKEY *pkey, int broken) | |||
| 254 | 379 | ||
| 255 | p8->pkeyalg->algorithm = OBJ_nid2obj(NID_rsaEncryption); | 380 | p8->pkeyalg->algorithm = OBJ_nid2obj(NID_rsaEncryption); |
| 256 | p8->pkeyalg->parameter->type = V_ASN1_NULL; | 381 | p8->pkeyalg->parameter->type = V_ASN1_NULL; |
| 257 | if (!ASN1_pack_string ((char *)pkey, i2d_PrivateKey, | 382 | if (!ASN1_pack_string_of (EVP_PKEY,pkey, i2d_PrivateKey, |
| 258 | &p8->pkey->value.octet_string)) { | 383 | &p8->pkey->value.octet_string)) { |
| 259 | EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); | 384 | EVPerr(EVP_F_EVP_PKEY2PKCS8_BROKEN,ERR_R_MALLOC_FAILURE); |
| 260 | PKCS8_PRIV_KEY_INFO_free (p8); | 385 | PKCS8_PRIV_KEY_INFO_free (p8); |
| 261 | return NULL; | 386 | return NULL; |
| 262 | } | 387 | } |
| @@ -271,13 +396,22 @@ PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8_broken(EVP_PKEY *pkey, int broken) | |||
| 271 | 396 | ||
| 272 | break; | 397 | break; |
| 273 | #endif | 398 | #endif |
| 399 | #ifndef OPENSSL_NO_EC | ||
| 400 | case EVP_PKEY_EC: | ||
| 401 | if (!eckey_pkey2pkcs8(p8, pkey)) | ||
| 402 | { | ||
| 403 | PKCS8_PRIV_KEY_INFO_free(p8); | ||
| 404 | return(NULL); | ||
| 405 | } | ||
| 406 | break; | ||
| 407 | #endif | ||
| 274 | default: | 408 | default: |
| 275 | EVPerr(EVP_F_EVP_PKEY2PKCS8, EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM); | 409 | EVPerr(EVP_F_EVP_PKEY2PKCS8_BROKEN, EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM); |
| 276 | PKCS8_PRIV_KEY_INFO_free (p8); | 410 | PKCS8_PRIV_KEY_INFO_free (p8); |
| 277 | return NULL; | 411 | return NULL; |
| 278 | } | 412 | } |
| 279 | RAND_add(p8->pkey->value.octet_string->data, | 413 | RAND_add(p8->pkey->value.octet_string->data, |
| 280 | p8->pkey->value.octet_string->length, 0); | 414 | p8->pkey->value.octet_string->length, 0.0); |
| 281 | return p8; | 415 | return p8; |
| 282 | } | 416 | } |
| 283 | 417 | ||
| @@ -297,10 +431,8 @@ PKCS8_PRIV_KEY_INFO *PKCS8_set_broken(PKCS8_PRIV_KEY_INFO *p8, int broken) | |||
| 297 | break; | 431 | break; |
| 298 | 432 | ||
| 299 | default: | 433 | default: |
| 300 | EVPerr(EVP_F_EVP_PKCS8_SET_BROKEN,EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE); | 434 | EVPerr(EVP_F_PKCS8_SET_BROKEN,EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE); |
| 301 | return NULL; | 435 | return NULL; |
| 302 | break; | ||
| 303 | |||
| 304 | } | 436 | } |
| 305 | } | 437 | } |
| 306 | 438 | ||
| @@ -317,24 +449,24 @@ static int dsa_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8, EVP_PKEY *pkey) | |||
| 317 | p8->pkeyalg->algorithm = OBJ_nid2obj(NID_dsa); | 449 | p8->pkeyalg->algorithm = OBJ_nid2obj(NID_dsa); |
| 318 | len = i2d_DSAparams (pkey->pkey.dsa, NULL); | 450 | len = i2d_DSAparams (pkey->pkey.dsa, NULL); |
| 319 | if (!(p = OPENSSL_malloc(len))) { | 451 | if (!(p = OPENSSL_malloc(len))) { |
| 320 | EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); | 452 | EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); |
| 321 | goto err; | 453 | goto err; |
| 322 | } | 454 | } |
| 323 | q = p; | 455 | q = p; |
| 324 | i2d_DSAparams (pkey->pkey.dsa, &q); | 456 | i2d_DSAparams (pkey->pkey.dsa, &q); |
| 325 | if (!(params = ASN1_STRING_new())) { | 457 | if (!(params = ASN1_STRING_new())) { |
| 326 | EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); | 458 | EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); |
| 327 | goto err; | 459 | goto err; |
| 328 | } | 460 | } |
| 329 | if (!ASN1_STRING_set(params, p, len)) { | 461 | if (!ASN1_STRING_set(params, p, len)) { |
| 330 | EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); | 462 | EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); |
| 331 | goto err; | 463 | goto err; |
| 332 | } | 464 | } |
| 333 | OPENSSL_free(p); | 465 | OPENSSL_free(p); |
| 334 | p = NULL; | 466 | p = NULL; |
| 335 | /* Get private key into integer */ | 467 | /* Get private key into integer */ |
| 336 | if (!(prkey = BN_to_ASN1_INTEGER (pkey->pkey.dsa->priv_key, NULL))) { | 468 | if (!(prkey = BN_to_ASN1_INTEGER (pkey->pkey.dsa->priv_key, NULL))) { |
| 337 | EVPerr(EVP_F_EVP_PKEY2PKCS8,EVP_R_ENCODE_ERROR); | 469 | EVPerr(EVP_F_DSA_PKEY2PKCS8,EVP_R_ENCODE_ERROR); |
| 338 | goto err; | 470 | goto err; |
| 339 | } | 471 | } |
| 340 | 472 | ||
| @@ -343,9 +475,9 @@ static int dsa_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8, EVP_PKEY *pkey) | |||
| 343 | case PKCS8_OK: | 475 | case PKCS8_OK: |
| 344 | case PKCS8_NO_OCTET: | 476 | case PKCS8_NO_OCTET: |
| 345 | 477 | ||
| 346 | if (!ASN1_pack_string((char *)prkey, i2d_ASN1_INTEGER, | 478 | if (!ASN1_pack_string_of(ASN1_INTEGER,prkey, i2d_ASN1_INTEGER, |
| 347 | &p8->pkey->value.octet_string)) { | 479 | &p8->pkey->value.octet_string)) { |
| 348 | EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); | 480 | EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); |
| 349 | goto err; | 481 | goto err; |
| 350 | } | 482 | } |
| 351 | 483 | ||
| @@ -363,39 +495,39 @@ static int dsa_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8, EVP_PKEY *pkey) | |||
| 363 | params = NULL; | 495 | params = NULL; |
| 364 | p8->pkeyalg->parameter->type = V_ASN1_SEQUENCE; | 496 | p8->pkeyalg->parameter->type = V_ASN1_SEQUENCE; |
| 365 | if (!(ndsa = sk_ASN1_TYPE_new_null())) { | 497 | if (!(ndsa = sk_ASN1_TYPE_new_null())) { |
| 366 | EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); | 498 | EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); |
| 367 | goto err; | 499 | goto err; |
| 368 | } | 500 | } |
| 369 | if (!(ttmp = ASN1_TYPE_new())) { | 501 | if (!(ttmp = ASN1_TYPE_new())) { |
| 370 | EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); | 502 | EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); |
| 371 | goto err; | 503 | goto err; |
| 372 | } | 504 | } |
| 373 | if (!(ttmp->value.integer = | 505 | if (!(ttmp->value.integer = |
| 374 | BN_to_ASN1_INTEGER(pkey->pkey.dsa->pub_key, NULL))) { | 506 | BN_to_ASN1_INTEGER(pkey->pkey.dsa->pub_key, NULL))) { |
| 375 | EVPerr(EVP_F_EVP_PKEY2PKCS8,EVP_R_ENCODE_ERROR); | 507 | EVPerr(EVP_F_DSA_PKEY2PKCS8,EVP_R_ENCODE_ERROR); |
| 376 | goto err; | 508 | goto err; |
| 377 | } | 509 | } |
| 378 | ttmp->type = V_ASN1_INTEGER; | 510 | ttmp->type = V_ASN1_INTEGER; |
| 379 | if (!sk_ASN1_TYPE_push(ndsa, ttmp)) { | 511 | if (!sk_ASN1_TYPE_push(ndsa, ttmp)) { |
| 380 | EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); | 512 | EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); |
| 381 | goto err; | 513 | goto err; |
| 382 | } | 514 | } |
| 383 | 515 | ||
| 384 | if (!(ttmp = ASN1_TYPE_new())) { | 516 | if (!(ttmp = ASN1_TYPE_new())) { |
| 385 | EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); | 517 | EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); |
| 386 | goto err; | 518 | goto err; |
| 387 | } | 519 | } |
| 388 | ttmp->value.integer = prkey; | 520 | ttmp->value.integer = prkey; |
| 389 | prkey = NULL; | 521 | prkey = NULL; |
| 390 | ttmp->type = V_ASN1_INTEGER; | 522 | ttmp->type = V_ASN1_INTEGER; |
| 391 | if (!sk_ASN1_TYPE_push(ndsa, ttmp)) { | 523 | if (!sk_ASN1_TYPE_push(ndsa, ttmp)) { |
| 392 | EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); | 524 | EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); |
| 393 | goto err; | 525 | goto err; |
| 394 | } | 526 | } |
| 395 | ttmp = NULL; | 527 | ttmp = NULL; |
| 396 | 528 | ||
| 397 | if (!(p8->pkey->value.octet_string = ASN1_OCTET_STRING_new())) { | 529 | if (!(p8->pkey->value.octet_string = ASN1_OCTET_STRING_new())) { |
| 398 | EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); | 530 | EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); |
| 399 | goto err; | 531 | goto err; |
| 400 | } | 532 | } |
| 401 | 533 | ||
| @@ -403,7 +535,7 @@ static int dsa_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8, EVP_PKEY *pkey) | |||
| 403 | &p8->pkey->value.octet_string->data, | 535 | &p8->pkey->value.octet_string->data, |
| 404 | &p8->pkey->value.octet_string->length)) { | 536 | &p8->pkey->value.octet_string->length)) { |
| 405 | 537 | ||
| 406 | EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); | 538 | EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); |
| 407 | goto err; | 539 | goto err; |
| 408 | } | 540 | } |
| 409 | sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free); | 541 | sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free); |
| @@ -413,36 +545,36 @@ static int dsa_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8, EVP_PKEY *pkey) | |||
| 413 | 545 | ||
| 414 | p8->pkeyalg->parameter->type = V_ASN1_NULL; | 546 | p8->pkeyalg->parameter->type = V_ASN1_NULL; |
| 415 | if (!(ndsa = sk_ASN1_TYPE_new_null())) { | 547 | if (!(ndsa = sk_ASN1_TYPE_new_null())) { |
| 416 | EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); | 548 | EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); |
| 417 | goto err; | 549 | goto err; |
| 418 | } | 550 | } |
| 419 | if (!(ttmp = ASN1_TYPE_new())) { | 551 | if (!(ttmp = ASN1_TYPE_new())) { |
| 420 | EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); | 552 | EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); |
| 421 | goto err; | 553 | goto err; |
| 422 | } | 554 | } |
| 423 | ttmp->value.sequence = params; | 555 | ttmp->value.sequence = params; |
| 424 | params = NULL; | 556 | params = NULL; |
| 425 | ttmp->type = V_ASN1_SEQUENCE; | 557 | ttmp->type = V_ASN1_SEQUENCE; |
| 426 | if (!sk_ASN1_TYPE_push(ndsa, ttmp)) { | 558 | if (!sk_ASN1_TYPE_push(ndsa, ttmp)) { |
| 427 | EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); | 559 | EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); |
| 428 | goto err; | 560 | goto err; |
| 429 | } | 561 | } |
| 430 | 562 | ||
| 431 | if (!(ttmp = ASN1_TYPE_new())) { | 563 | if (!(ttmp = ASN1_TYPE_new())) { |
| 432 | EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); | 564 | EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); |
| 433 | goto err; | 565 | goto err; |
| 434 | } | 566 | } |
| 435 | ttmp->value.integer = prkey; | 567 | ttmp->value.integer = prkey; |
| 436 | prkey = NULL; | 568 | prkey = NULL; |
| 437 | ttmp->type = V_ASN1_INTEGER; | 569 | ttmp->type = V_ASN1_INTEGER; |
| 438 | if (!sk_ASN1_TYPE_push(ndsa, ttmp)) { | 570 | if (!sk_ASN1_TYPE_push(ndsa, ttmp)) { |
| 439 | EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); | 571 | EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); |
| 440 | goto err; | 572 | goto err; |
| 441 | } | 573 | } |
| 442 | ttmp = NULL; | 574 | ttmp = NULL; |
| 443 | 575 | ||
| 444 | if (!(p8->pkey->value.octet_string = ASN1_OCTET_STRING_new())) { | 576 | if (!(p8->pkey->value.octet_string = ASN1_OCTET_STRING_new())) { |
| 445 | EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); | 577 | EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); |
| 446 | goto err; | 578 | goto err; |
| 447 | } | 579 | } |
| 448 | 580 | ||
| @@ -450,7 +582,7 @@ static int dsa_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8, EVP_PKEY *pkey) | |||
| 450 | &p8->pkey->value.octet_string->data, | 582 | &p8->pkey->value.octet_string->data, |
| 451 | &p8->pkey->value.octet_string->length)) { | 583 | &p8->pkey->value.octet_string->length)) { |
| 452 | 584 | ||
| 453 | EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); | 585 | EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); |
| 454 | goto err; | 586 | goto err; |
| 455 | } | 587 | } |
| 456 | sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free); | 588 | sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free); |
| @@ -466,3 +598,197 @@ err: | |||
| 466 | return 0; | 598 | return 0; |
| 467 | } | 599 | } |
| 468 | #endif | 600 | #endif |
| 601 | |||
| 602 | #ifndef OPENSSL_NO_EC | ||
| 603 | static int eckey_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8, EVP_PKEY *pkey) | ||
| 604 | { | ||
| 605 | EC_KEY *ec_key; | ||
| 606 | const EC_GROUP *group; | ||
| 607 | unsigned char *p, *pp; | ||
| 608 | int nid, i, ret = 0; | ||
| 609 | unsigned int tmp_flags, old_flags; | ||
| 610 | |||
| 611 | ec_key = pkey->pkey.ec; | ||
| 612 | if (ec_key == NULL || (group = EC_KEY_get0_group(ec_key)) == NULL) | ||
| 613 | { | ||
| 614 | EVPerr(EVP_F_ECKEY_PKEY2PKCS8, EVP_R_MISSING_PARAMETERS); | ||
| 615 | return 0; | ||
| 616 | } | ||
| 617 | |||
| 618 | /* set the ec parameters OID */ | ||
| 619 | if (p8->pkeyalg->algorithm) | ||
| 620 | ASN1_OBJECT_free(p8->pkeyalg->algorithm); | ||
| 621 | |||
| 622 | p8->pkeyalg->algorithm = OBJ_nid2obj(NID_X9_62_id_ecPublicKey); | ||
| 623 | |||
| 624 | /* set the ec parameters */ | ||
| 625 | |||
| 626 | if (p8->pkeyalg->parameter) | ||
| 627 | { | ||
| 628 | ASN1_TYPE_free(p8->pkeyalg->parameter); | ||
| 629 | p8->pkeyalg->parameter = NULL; | ||
| 630 | } | ||
| 631 | |||
| 632 | if ((p8->pkeyalg->parameter = ASN1_TYPE_new()) == NULL) | ||
| 633 | { | ||
| 634 | EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_MALLOC_FAILURE); | ||
| 635 | return 0; | ||
| 636 | } | ||
| 637 | |||
| 638 | if (EC_GROUP_get_asn1_flag(group) | ||
| 639 | && (nid = EC_GROUP_get_curve_name(group))) | ||
| 640 | { | ||
| 641 | /* we have a 'named curve' => just set the OID */ | ||
| 642 | p8->pkeyalg->parameter->type = V_ASN1_OBJECT; | ||
| 643 | p8->pkeyalg->parameter->value.object = OBJ_nid2obj(nid); | ||
| 644 | } | ||
| 645 | else /* explicit parameters */ | ||
| 646 | { | ||
| 647 | if ((i = i2d_ECParameters(ec_key, NULL)) == 0) | ||
| 648 | { | ||
| 649 | EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_EC_LIB); | ||
| 650 | return 0; | ||
| 651 | } | ||
| 652 | if ((p = (unsigned char *) OPENSSL_malloc(i)) == NULL) | ||
| 653 | { | ||
| 654 | EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_MALLOC_FAILURE); | ||
| 655 | return 0; | ||
| 656 | } | ||
| 657 | pp = p; | ||
| 658 | if (!i2d_ECParameters(ec_key, &pp)) | ||
| 659 | { | ||
| 660 | EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_EC_LIB); | ||
| 661 | OPENSSL_free(p); | ||
| 662 | return 0; | ||
| 663 | } | ||
| 664 | p8->pkeyalg->parameter->type = V_ASN1_SEQUENCE; | ||
| 665 | if ((p8->pkeyalg->parameter->value.sequence | ||
| 666 | = ASN1_STRING_new()) == NULL) | ||
| 667 | { | ||
| 668 | EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_ASN1_LIB); | ||
| 669 | OPENSSL_free(p); | ||
| 670 | return 0; | ||
| 671 | } | ||
| 672 | ASN1_STRING_set(p8->pkeyalg->parameter->value.sequence, p, i); | ||
| 673 | OPENSSL_free(p); | ||
| 674 | } | ||
| 675 | |||
| 676 | /* set the private key */ | ||
| 677 | |||
| 678 | /* do not include the parameters in the SEC1 private key | ||
| 679 | * see PKCS#11 12.11 */ | ||
| 680 | old_flags = EC_KEY_get_enc_flags(pkey->pkey.ec); | ||
| 681 | tmp_flags = old_flags | EC_PKEY_NO_PARAMETERS; | ||
| 682 | EC_KEY_set_enc_flags(pkey->pkey.ec, tmp_flags); | ||
| 683 | i = i2d_ECPrivateKey(pkey->pkey.ec, NULL); | ||
| 684 | if (!i) | ||
| 685 | { | ||
| 686 | EC_KEY_set_enc_flags(pkey->pkey.ec, old_flags); | ||
| 687 | EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_EC_LIB); | ||
| 688 | return 0; | ||
| 689 | } | ||
| 690 | p = (unsigned char *) OPENSSL_malloc(i); | ||
| 691 | if (!p) | ||
| 692 | { | ||
| 693 | EC_KEY_set_enc_flags(pkey->pkey.ec, old_flags); | ||
| 694 | EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_MALLOC_FAILURE); | ||
| 695 | return 0; | ||
| 696 | } | ||
| 697 | pp = p; | ||
| 698 | if (!i2d_ECPrivateKey(pkey->pkey.ec, &pp)) | ||
| 699 | { | ||
| 700 | EC_KEY_set_enc_flags(pkey->pkey.ec, old_flags); | ||
| 701 | EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_EC_LIB); | ||
| 702 | OPENSSL_free(p); | ||
| 703 | return 0; | ||
| 704 | } | ||
| 705 | /* restore old encoding flags */ | ||
| 706 | EC_KEY_set_enc_flags(pkey->pkey.ec, old_flags); | ||
| 707 | |||
| 708 | switch(p8->broken) { | ||
| 709 | |||
| 710 | case PKCS8_OK: | ||
| 711 | p8->pkey->value.octet_string = ASN1_OCTET_STRING_new(); | ||
| 712 | if (!p8->pkey->value.octet_string || | ||
| 713 | !M_ASN1_OCTET_STRING_set(p8->pkey->value.octet_string, | ||
| 714 | (const void *)p, i)) | ||
| 715 | |||
| 716 | { | ||
| 717 | EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_MALLOC_FAILURE); | ||
| 718 | } | ||
| 719 | else | ||
| 720 | ret = 1; | ||
| 721 | break; | ||
| 722 | case PKCS8_NO_OCTET: /* RSA specific */ | ||
| 723 | case PKCS8_NS_DB: /* DSA specific */ | ||
| 724 | case PKCS8_EMBEDDED_PARAM: /* DSA specific */ | ||
| 725 | default: | ||
| 726 | EVPerr(EVP_F_ECKEY_PKEY2PKCS8,EVP_R_ENCODE_ERROR); | ||
| 727 | } | ||
| 728 | OPENSSL_cleanse(p, (size_t)i); | ||
| 729 | OPENSSL_free(p); | ||
| 730 | return ret; | ||
| 731 | } | ||
| 732 | #endif | ||
| 733 | |||
| 734 | /* EVP_PKEY attribute functions */ | ||
| 735 | |||
| 736 | int EVP_PKEY_get_attr_count(const EVP_PKEY *key) | ||
| 737 | { | ||
| 738 | return X509at_get_attr_count(key->attributes); | ||
| 739 | } | ||
| 740 | |||
| 741 | int EVP_PKEY_get_attr_by_NID(const EVP_PKEY *key, int nid, | ||
| 742 | int lastpos) | ||
| 743 | { | ||
| 744 | return X509at_get_attr_by_NID(key->attributes, nid, lastpos); | ||
| 745 | } | ||
| 746 | |||
| 747 | int EVP_PKEY_get_attr_by_OBJ(const EVP_PKEY *key, ASN1_OBJECT *obj, | ||
| 748 | int lastpos) | ||
| 749 | { | ||
| 750 | return X509at_get_attr_by_OBJ(key->attributes, obj, lastpos); | ||
| 751 | } | ||
| 752 | |||
| 753 | X509_ATTRIBUTE *EVP_PKEY_get_attr(const EVP_PKEY *key, int loc) | ||
| 754 | { | ||
| 755 | return X509at_get_attr(key->attributes, loc); | ||
| 756 | } | ||
| 757 | |||
| 758 | X509_ATTRIBUTE *EVP_PKEY_delete_attr(EVP_PKEY *key, int loc) | ||
| 759 | { | ||
| 760 | return X509at_delete_attr(key->attributes, loc); | ||
| 761 | } | ||
| 762 | |||
| 763 | int EVP_PKEY_add1_attr(EVP_PKEY *key, X509_ATTRIBUTE *attr) | ||
| 764 | { | ||
| 765 | if(X509at_add1_attr(&key->attributes, attr)) return 1; | ||
| 766 | return 0; | ||
| 767 | } | ||
| 768 | |||
| 769 | int EVP_PKEY_add1_attr_by_OBJ(EVP_PKEY *key, | ||
| 770 | const ASN1_OBJECT *obj, int type, | ||
| 771 | const unsigned char *bytes, int len) | ||
| 772 | { | ||
| 773 | if(X509at_add1_attr_by_OBJ(&key->attributes, obj, | ||
| 774 | type, bytes, len)) return 1; | ||
| 775 | return 0; | ||
| 776 | } | ||
| 777 | |||
| 778 | int EVP_PKEY_add1_attr_by_NID(EVP_PKEY *key, | ||
| 779 | int nid, int type, | ||
| 780 | const unsigned char *bytes, int len) | ||
| 781 | { | ||
| 782 | if(X509at_add1_attr_by_NID(&key->attributes, nid, | ||
| 783 | type, bytes, len)) return 1; | ||
| 784 | return 0; | ||
| 785 | } | ||
| 786 | |||
| 787 | int EVP_PKEY_add1_attr_by_txt(EVP_PKEY *key, | ||
| 788 | const char *attrname, int type, | ||
| 789 | const unsigned char *bytes, int len) | ||
| 790 | { | ||
| 791 | if(X509at_add1_attr_by_txt(&key->attributes, attrname, | ||
| 792 | type, bytes, len)) return 1; | ||
| 793 | return 0; | ||
| 794 | } | ||
diff --git a/src/lib/libssl/src/crypto/evp/evp_test.c b/src/lib/libssl/src/crypto/evp/evp_test.c index a624cfd248..bb6f02c2e9 100644 --- a/src/lib/libssl/src/crypto/evp/evp_test.c +++ b/src/lib/libssl/src/crypto/evp/evp_test.c | |||
| @@ -52,6 +52,7 @@ | |||
| 52 | 52 | ||
| 53 | #include "../e_os.h" | 53 | #include "../e_os.h" |
| 54 | 54 | ||
| 55 | #include <openssl/opensslconf.h> | ||
| 55 | #include <openssl/evp.h> | 56 | #include <openssl/evp.h> |
| 56 | #ifndef OPENSSL_NO_ENGINE | 57 | #ifndef OPENSSL_NO_ENGINE |
| 57 | #include <openssl/engine.h> | 58 | #include <openssl/engine.h> |
| @@ -136,7 +137,7 @@ static void test1(const EVP_CIPHER *c,const unsigned char *key,int kn, | |||
| 136 | const unsigned char *iv,int in, | 137 | const unsigned char *iv,int in, |
| 137 | const unsigned char *plaintext,int pn, | 138 | const unsigned char *plaintext,int pn, |
| 138 | const unsigned char *ciphertext,int cn, | 139 | const unsigned char *ciphertext,int cn, |
| 139 | int encdec,int multiplier) | 140 | int encdec) |
| 140 | { | 141 | { |
| 141 | EVP_CIPHER_CTX ctx; | 142 | EVP_CIPHER_CTX ctx; |
| 142 | unsigned char out[4096]; | 143 | unsigned char out[4096]; |
| @@ -167,7 +168,7 @@ static void test1(const EVP_CIPHER *c,const unsigned char *key,int kn, | |||
| 167 | } | 168 | } |
| 168 | EVP_CIPHER_CTX_set_padding(&ctx,0); | 169 | EVP_CIPHER_CTX_set_padding(&ctx,0); |
| 169 | 170 | ||
| 170 | if(!EVP_EncryptUpdate(&ctx,out,&outl,plaintext,pn*multiplier)) | 171 | if(!EVP_EncryptUpdate(&ctx,out,&outl,plaintext,pn)) |
| 171 | { | 172 | { |
| 172 | fprintf(stderr,"Encrypt failed\n"); | 173 | fprintf(stderr,"Encrypt failed\n"); |
| 173 | ERR_print_errors_fp(stderr); | 174 | ERR_print_errors_fp(stderr); |
| @@ -180,7 +181,7 @@ static void test1(const EVP_CIPHER *c,const unsigned char *key,int kn, | |||
| 180 | test1_exit(7); | 181 | test1_exit(7); |
| 181 | } | 182 | } |
| 182 | 183 | ||
| 183 | if(outl+outl2 != cn*multiplier) | 184 | if(outl+outl2 != cn) |
| 184 | { | 185 | { |
| 185 | fprintf(stderr,"Ciphertext length mismatch got %d expected %d\n", | 186 | fprintf(stderr,"Ciphertext length mismatch got %d expected %d\n", |
| 186 | outl+outl2,cn); | 187 | outl+outl2,cn); |
| @@ -206,7 +207,7 @@ static void test1(const EVP_CIPHER *c,const unsigned char *key,int kn, | |||
| 206 | } | 207 | } |
| 207 | EVP_CIPHER_CTX_set_padding(&ctx,0); | 208 | EVP_CIPHER_CTX_set_padding(&ctx,0); |
| 208 | 209 | ||
| 209 | if(!EVP_DecryptUpdate(&ctx,out,&outl,ciphertext,cn*multiplier)) | 210 | if(!EVP_DecryptUpdate(&ctx,out,&outl,ciphertext,cn)) |
| 210 | { | 211 | { |
| 211 | fprintf(stderr,"Decrypt failed\n"); | 212 | fprintf(stderr,"Decrypt failed\n"); |
| 212 | ERR_print_errors_fp(stderr); | 213 | ERR_print_errors_fp(stderr); |
| @@ -219,7 +220,7 @@ static void test1(const EVP_CIPHER *c,const unsigned char *key,int kn, | |||
| 219 | test1_exit(7); | 220 | test1_exit(7); |
| 220 | } | 221 | } |
| 221 | 222 | ||
| 222 | if(outl+outl2 != cn*multiplier) | 223 | if(outl+outl2 != cn) |
| 223 | { | 224 | { |
| 224 | fprintf(stderr,"Plaintext length mismatch got %d expected %d\n", | 225 | fprintf(stderr,"Plaintext length mismatch got %d expected %d\n", |
| 225 | outl+outl2,cn); | 226 | outl+outl2,cn); |
| @@ -244,7 +245,7 @@ static int test_cipher(const char *cipher,const unsigned char *key,int kn, | |||
| 244 | const unsigned char *iv,int in, | 245 | const unsigned char *iv,int in, |
| 245 | const unsigned char *plaintext,int pn, | 246 | const unsigned char *plaintext,int pn, |
| 246 | const unsigned char *ciphertext,int cn, | 247 | const unsigned char *ciphertext,int cn, |
| 247 | int encdec,int multiplier) | 248 | int encdec) |
| 248 | { | 249 | { |
| 249 | const EVP_CIPHER *c; | 250 | const EVP_CIPHER *c; |
| 250 | 251 | ||
| @@ -252,7 +253,7 @@ static int test_cipher(const char *cipher,const unsigned char *key,int kn, | |||
| 252 | if(!c) | 253 | if(!c) |
| 253 | return 0; | 254 | return 0; |
| 254 | 255 | ||
| 255 | test1(c,key,kn,iv,in,plaintext,pn,ciphertext,cn,encdec,multiplier); | 256 | test1(c,key,kn,iv,in,plaintext,pn,ciphertext,cn,encdec); |
| 256 | 257 | ||
| 257 | return 1; | 258 | return 1; |
| 258 | } | 259 | } |
| @@ -368,7 +369,6 @@ int main(int argc,char **argv) | |||
| 368 | unsigned char *iv,*key,*plaintext,*ciphertext; | 369 | unsigned char *iv,*key,*plaintext,*ciphertext; |
| 369 | int encdec; | 370 | int encdec; |
| 370 | int kn,in,pn,cn; | 371 | int kn,in,pn,cn; |
| 371 | int multiplier=1; | ||
| 372 | 372 | ||
| 373 | if(!fgets((char *)line,sizeof line,f)) | 373 | if(!fgets((char *)line,sizeof line,f)) |
| 374 | break; | 374 | break; |
| @@ -393,17 +393,44 @@ int main(int argc,char **argv) | |||
| 393 | pn=convert(plaintext); | 393 | pn=convert(plaintext); |
| 394 | cn=convert(ciphertext); | 394 | cn=convert(ciphertext); |
| 395 | 395 | ||
| 396 | if(strchr(cipher,'*')) | 396 | if(!test_cipher(cipher,key,kn,iv,in,plaintext,pn,ciphertext,cn,encdec) |
| 397 | { | ||
| 398 | p=cipher; | ||
| 399 | sstrsep(&p,"*"); | ||
| 400 | multiplier=atoi(sstrsep(&p,"*")); | ||
| 401 | } | ||
| 402 | |||
| 403 | if(!test_cipher(cipher,key,kn,iv,in,plaintext,pn,ciphertext,cn,encdec, | ||
| 404 | multiplier) | ||
| 405 | && !test_digest(cipher,plaintext,pn,ciphertext,cn)) | 397 | && !test_digest(cipher,plaintext,pn,ciphertext,cn)) |
| 406 | { | 398 | { |
| 399 | #ifdef OPENSSL_NO_AES | ||
| 400 | if (strstr(cipher, "AES") == cipher) | ||
| 401 | { | ||
| 402 | fprintf(stdout, "Cipher disabled, skipping %s\n", cipher); | ||
| 403 | continue; | ||
| 404 | } | ||
| 405 | #endif | ||
| 406 | #ifdef OPENSSL_NO_DES | ||
| 407 | if (strstr(cipher, "DES") == cipher) | ||
| 408 | { | ||
| 409 | fprintf(stdout, "Cipher disabled, skipping %s\n", cipher); | ||
| 410 | continue; | ||
| 411 | } | ||
| 412 | #endif | ||
| 413 | #ifdef OPENSSL_NO_RC4 | ||
| 414 | if (strstr(cipher, "RC4") == cipher) | ||
| 415 | { | ||
| 416 | fprintf(stdout, "Cipher disabled, skipping %s\n", cipher); | ||
| 417 | continue; | ||
| 418 | } | ||
| 419 | #endif | ||
| 420 | #ifdef OPENSSL_NO_CAMELLIA | ||
| 421 | if (strstr(cipher, "CAMELLIA") == cipher) | ||
| 422 | { | ||
| 423 | fprintf(stdout, "Cipher disabled, skipping %s\n", cipher); | ||
| 424 | continue; | ||
| 425 | } | ||
| 426 | #endif | ||
| 427 | #ifdef OPENSSL_NO_SEED | ||
| 428 | if (strstr(cipher, "SEED") == cipher) | ||
| 429 | { | ||
| 430 | fprintf(stdout, "Cipher disabled, skipping %s\n", cipher); | ||
| 431 | continue; | ||
| 432 | } | ||
| 433 | #endif | ||
| 407 | fprintf(stderr,"Can't find %s\n",cipher); | 434 | fprintf(stderr,"Can't find %s\n",cipher); |
| 408 | EXIT(3); | 435 | EXIT(3); |
| 409 | } | 436 | } |
diff --git a/src/lib/libssl/src/crypto/evp/evptests.txt b/src/lib/libssl/src/crypto/evp/evptests.txt index dfe91a5bc0..beb12144b6 100644 --- a/src/lib/libssl/src/crypto/evp/evptests.txt +++ b/src/lib/libssl/src/crypto/evp/evptests.txt | |||
| @@ -92,102 +92,7 @@ AES-256-CBC:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:000 | |||
| 92 | AES-256-CBC:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:F58C4C04D6E5F1BA779EABFB5F7BFBD6:AE2D8A571E03AC9C9EB76FAC45AF8E51:9CFC4E967EDB808D679F777BC6702C7D | 92 | AES-256-CBC:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:F58C4C04D6E5F1BA779EABFB5F7BFBD6:AE2D8A571E03AC9C9EB76FAC45AF8E51:9CFC4E967EDB808D679F777BC6702C7D |
| 93 | AES-256-CBC:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:9CFC4E967EDB808D679F777BC6702C7D:30C81C46A35CE411E5FBC1191A0A52EF:39F23369A9D9BACFA530E26304231461 | 93 | AES-256-CBC:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:9CFC4E967EDB808D679F777BC6702C7D:30C81C46A35CE411E5FBC1191A0A52EF:39F23369A9D9BACFA530E26304231461 |
| 94 | AES-256-CBC:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:39F23369A9D9BACFA530E26304231461:F69F2445DF4F9B17AD2B417BE66C3710:B2EB05E2C39BE9FCDA6C19078C6A9D1B | 94 | AES-256-CBC:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:39F23369A9D9BACFA530E26304231461:F69F2445DF4F9B17AD2B417BE66C3710:B2EB05E2C39BE9FCDA6C19078C6A9D1B |
| 95 | 95 | # We don't support CFB{1,8}-AESxxx.{En,De}crypt | |
| 96 | # CFB1-AES128.Encrypt | ||
| 97 | |||
| 98 | AES-128-CFB1:2b7e151628aed2a6abf7158809cf4f3c:000102030405060708090a0b0c0d0e0f:00:00:1 | ||
| 99 | AES-128-CFB1:2b7e151628aed2a6abf7158809cf4f3c:00020406080a0c0e10121416181a1c1e:80:80:1 | ||
| 100 | AES-128-CFB1:2b7e151628aed2a6abf7158809cf4f3c:0004080c1014181c2024282c3034383d:80:80:1 | ||
| 101 | AES-128-CFB1:2b7e151628aed2a6abf7158809cf4f3c:0008101820283038404850586068707b:00:00:1 | ||
| 102 | AES-128-CFB1:2b7e151628aed2a6abf7158809cf4f3c:00102030405060708090a0b0c0d0e0f6:80:80:1 | ||
| 103 | AES-128-CFB1:2b7e151628aed2a6abf7158809cf4f3c:0020406080a0c0e10121416181a1c1ed:00:00:1 | ||
| 104 | AES-128-CFB1:2b7e151628aed2a6abf7158809cf4f3c:004080c1014181c2024282c3034383da:80:00:1 | ||
| 105 | AES-128-CFB1:2b7e151628aed2a6abf7158809cf4f3c:008101820283038404850586068707b4:80:00:1 | ||
| 106 | AES-128-CFB1:2b7e151628aed2a6abf7158809cf4f3c:0102030405060708090a0b0c0d0e0f68:80:80:1 | ||
| 107 | AES-128-CFB1:2b7e151628aed2a6abf7158809cf4f3c:020406080a0c0e10121416181a1c1ed1:80:00:1 | ||
| 108 | AES-128-CFB1:2b7e151628aed2a6abf7158809cf4f3c:04080c1014181c2024282c3034383da2:00:80:1 | ||
| 109 | AES-128-CFB1:2b7e151628aed2a6abf7158809cf4f3c:08101820283038404850586068707b45:00:80:1 | ||
| 110 | AES-128-CFB1:2b7e151628aed2a6abf7158809cf4f3c:102030405060708090a0b0c0d0e0f68b:00:00:1 | ||
| 111 | AES-128-CFB1:2b7e151628aed2a6abf7158809cf4f3c:20406080a0c0e10121416181a1c1ed16:00:00:1 | ||
| 112 | AES-128-CFB1:2b7e151628aed2a6abf7158809cf4f3c:4080c1014181c2024282c3034383da2c:00:80:1 | ||
| 113 | AES-128-CFB1:2b7e151628aed2a6abf7158809cf4f3c:8101820283038404850586068707b459:80:80:1 | ||
| 114 | # all of the above packed into one... | ||
| 115 | # in: 0110 1011 1100 0001 = 6bc1 | ||
| 116 | # out: 0110 1000 1011 0011 = 68b3 | ||
| 117 | AES-128-CFB1*8:2b7e151628aed2a6abf7158809cf4f3c:000102030405060708090a0b0c0d0e0f:6bc1:68b3:1 | ||
| 118 | |||
| 119 | # CFB1-AES128.Decrypt | ||
| 120 | AES-128-CFB1:2b7e151628aed2a6abf7158809cf4f3c:000102030405060708090a0b0c0d0e0f:00:00:0 | ||
| 121 | AES-128-CFB1:2b7e151628aed2a6abf7158809cf4f3c:00020406080a0c0e10121416181a1c1e:80:80:0 | ||
| 122 | AES-128-CFB1:2b7e151628aed2a6abf7158809cf4f3c:0004080c1014181c2024282c3034383d:80:80:0 | ||
| 123 | AES-128-CFB1:2b7e151628aed2a6abf7158809cf4f3c:0008101820283038404850586068707b:00:00:0 | ||
| 124 | AES-128-CFB1:2b7e151628aed2a6abf7158809cf4f3c:00102030405060708090a0b0c0d0e0f6:80:80:0 | ||
| 125 | AES-128-CFB1:2b7e151628aed2a6abf7158809cf4f3c:0020406080a0c0e10121416181a1c1ed:00:00:0 | ||
| 126 | AES-128-CFB1:2b7e151628aed2a6abf7158809cf4f3c:004080c1014181c2024282c3034383da:80:00:0 | ||
| 127 | AES-128-CFB1:2b7e151628aed2a6abf7158809cf4f3c:008101820283038404850586068707b4:80:00:0 | ||
| 128 | AES-128-CFB1:2b7e151628aed2a6abf7158809cf4f3c:0102030405060708090a0b0c0d0e0f68:80:80:0 | ||
| 129 | AES-128-CFB1:2b7e151628aed2a6abf7158809cf4f3c:020406080a0c0e10121416181a1c1ed1:80:00:0 | ||
| 130 | AES-128-CFB1:2b7e151628aed2a6abf7158809cf4f3c:04080c1014181c2024282c3034383da2:00:80:0 | ||
| 131 | AES-128-CFB1:2b7e151628aed2a6abf7158809cf4f3c:08101820283038404850586068707b45:00:80:0 | ||
| 132 | AES-128-CFB1:2b7e151628aed2a6abf7158809cf4f3c:102030405060708090a0b0c0d0e0f68b:00:00:0 | ||
| 133 | AES-128-CFB1:2b7e151628aed2a6abf7158809cf4f3c:20406080a0c0e10121416181a1c1ed16:00:00:0 | ||
| 134 | AES-128-CFB1:2b7e151628aed2a6abf7158809cf4f3c:4080c1014181c2024282c3034383da2c:00:80:0 | ||
| 135 | AES-128-CFB1:2b7e151628aed2a6abf7158809cf4f3c:8101820283038404850586068707b459:80:80:0 | ||
| 136 | # all of the above packed into one... | ||
| 137 | # in: 0110 1000 1011 0011 = 68b3 | ||
| 138 | # out: 0110 1011 1100 0001 = 6bc1 | ||
| 139 | AES-128-CFB1*8:2b7e151628aed2a6abf7158809cf4f3c:000102030405060708090a0b0c0d0e0f:6bc1:68b3:0 | ||
| 140 | |||
| 141 | # TODO: CFB1-AES192 and 256 | ||
| 142 | |||
| 143 | # CFB8-AES128.Encrypt | ||
| 144 | |||
| 145 | AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:000102030405060708090a0b0c0d0e0f:6b:3b:1 | ||
| 146 | AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:0102030405060708090a0b0c0d0e0f3b:c1:79:1 | ||
| 147 | AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:02030405060708090a0b0c0d0e0f3b79:be:42:1 | ||
| 148 | AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:030405060708090a0b0c0d0e0f3b7942:e2:4c:1 | ||
| 149 | AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:0405060708090a0b0c0d0e0f3b79424c:2e:9c:1 | ||
| 150 | AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:05060708090a0b0c0d0e0f3b79424c9c:40:0d:1 | ||
| 151 | AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:060708090a0b0c0d0e0f3b79424c9c0d:9f:d4:1 | ||
| 152 | AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:0708090a0b0c0d0e0f3b79424c9c0dd4:96:36:1 | ||
| 153 | AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:08090a0b0c0d0e0f3b79424c9c0dd436:e9:ba:1 | ||
| 154 | AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:090a0b0c0d0e0f3b79424c9c0dd436ba:3d:ce:1 | ||
| 155 | AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:0a0b0c0d0e0f3b79424c9c0dd436bace:7e:9e:1 | ||
| 156 | AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:0b0c0d0e0f3b79424c9c0dd436bace9e:11:0e:1 | ||
| 157 | AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:0c0d0e0f3b79424c9c0dd436bace9e0e:73:d4:1 | ||
| 158 | AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:0d0e0f3b79424c9c0dd436bace9e0ed4:93:58:1 | ||
| 159 | AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:0e0f3b79424c9c0dd436bace9e0ed458:17:6a:1 | ||
| 160 | AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:0f3b79424c9c0dd436bace9e0ed4586a:2a:4f:1 | ||
| 161 | AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:3b79424c9c0dd436bace9e0ed4586a4f:ae:32:1 | ||
| 162 | AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:79424c9c0dd436bace9e0ed4586a4f32:2d:b9:1 | ||
| 163 | # all of the above packed into one | ||
| 164 | AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:000102030405060708090a0b0c0d0e0f:6bc1bee22e409f96e93d7e117393172aae2d:3b79424c9c0dd436bace9e0ed4586a4f32b9:1 | ||
| 165 | |||
| 166 | # CFB8-AES128.Decrypt | ||
| 167 | |||
| 168 | AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:000102030405060708090a0b0c0d0e0f:6b:3b:0 | ||
| 169 | AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:0102030405060708090a0b0c0d0e0f3b:c1:79:0 | ||
| 170 | AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:02030405060708090a0b0c0d0e0f3b79:be:42:0 | ||
| 171 | AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:030405060708090a0b0c0d0e0f3b7942:e2:4c:0 | ||
| 172 | AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:0405060708090a0b0c0d0e0f3b79424c:2e:9c:0 | ||
| 173 | AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:05060708090a0b0c0d0e0f3b79424c9c:40:0d:0 | ||
| 174 | AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:060708090a0b0c0d0e0f3b79424c9c0d:9f:d4:0 | ||
| 175 | AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:0708090a0b0c0d0e0f3b79424c9c0dd4:96:36:0 | ||
| 176 | AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:08090a0b0c0d0e0f3b79424c9c0dd436:e9:ba:0 | ||
| 177 | AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:090a0b0c0d0e0f3b79424c9c0dd436ba:3d:ce:0 | ||
| 178 | AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:0a0b0c0d0e0f3b79424c9c0dd436bace:7e:9e:0 | ||
| 179 | AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:0b0c0d0e0f3b79424c9c0dd436bace9e:11:0e:0 | ||
| 180 | AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:0c0d0e0f3b79424c9c0dd436bace9e0e:73:d4:0 | ||
| 181 | AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:0d0e0f3b79424c9c0dd436bace9e0ed4:93:58:0 | ||
| 182 | AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:0e0f3b79424c9c0dd436bace9e0ed458:17:6a:0 | ||
| 183 | AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:0f3b79424c9c0dd436bace9e0ed4586a:2a:4f:0 | ||
| 184 | AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:3b79424c9c0dd436bace9e0ed4586a4f:ae:32:0 | ||
| 185 | AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:79424c9c0dd436bace9e0ed4586a4f32:2d:b9:0 | ||
| 186 | # all of the above packed into one | ||
| 187 | AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:000102030405060708090a0b0c0d0e0f:6bc1bee22e409f96e93d7e117393172aae2d:3b79424c9c0dd436bace9e0ed4586a4f32b9:0 | ||
| 188 | |||
| 189 | # TODO: 192 and 256 bit keys | ||
| 190 | |||
| 191 | # For all CFB128 encrypts and decrypts, the transformed sequence is | 96 | # For all CFB128 encrypts and decrypts, the transformed sequence is |
| 192 | # AES-bits-CFB:key:IV/ciphertext':plaintext:ciphertext:encdec | 97 | # AES-bits-CFB:key:IV/ciphertext':plaintext:ciphertext:encdec |
| 193 | # CFB128-AES128.Encrypt | 98 | # CFB128-AES128.Encrypt |
| @@ -269,16 +174,6 @@ DESX-CBC:0123456789abcdeff1e0d3c2b5a49786fedcba9876543210:fedcba9876543210:37363 | |||
| 269 | # DES EDE3 CBC tests (from destest) | 174 | # DES EDE3 CBC tests (from destest) |
| 270 | DES-EDE3-CBC:0123456789abcdeff1e0d3c2b5a49786fedcba9876543210:fedcba9876543210:37363534333231204E6F77206973207468652074696D6520666F722000000000:3FE301C962AC01D02213763C1CBD4CDC799657C064ECF5D41C673812CFDE9675 | 175 | DES-EDE3-CBC:0123456789abcdeff1e0d3c2b5a49786fedcba9876543210:fedcba9876543210:37363534333231204E6F77206973207468652074696D6520666F722000000000:3FE301C962AC01D02213763C1CBD4CDC799657C064ECF5D41C673812CFDE9675 |
| 271 | 176 | ||
| 272 | # DES CFB1 from FIPS 81 | ||
| 273 | # plaintext: 0100 1110 0110 1111 0111 0111 = 4e6f77 | ||
| 274 | # ciphertext: 1100 1101 0001 1110 1100 1001 = cd1ec9 | ||
| 275 | |||
| 276 | DES-CFB1*8:0123456789abcdef:1234567890abcdef:4e6f77:cd1ec9 | ||
| 277 | |||
| 278 | # DES CFB8 from FIPS 81 | ||
| 279 | |||
| 280 | DES-CFB8:0123456789abcdef:1234567890abcdef:4e6f7720697320746865:f31fda07011462ee187f | ||
| 281 | |||
| 282 | # RC4 tests (from rc4test) | 177 | # RC4 tests (from rc4test) |
| 283 | RC4:0123456789abcdef0123456789abcdef::0123456789abcdef:75b7878099e0c596 | 178 | RC4:0123456789abcdef0123456789abcdef::0123456789abcdef:75b7878099e0c596 |
| 284 | RC4:0123456789abcdef0123456789abcdef::0000000000000000:7494c2e7104b0879 | 179 | RC4:0123456789abcdef0123456789abcdef::0000000000000000:7494c2e7104b0879 |
| @@ -286,3 +181,141 @@ RC4:00000000000000000000000000000000::0000000000000000:de188941a3375d3a | |||
| 286 | RC4:ef012345ef012345ef012345ef012345::0000000000000000000000000000000000000000:d6a141a7ec3c38dfbd615a1162e1c7ba36b67858 | 181 | RC4:ef012345ef012345ef012345ef012345::0000000000000000000000000000000000000000:d6a141a7ec3c38dfbd615a1162e1c7ba36b67858 |
| 287 | RC4:0123456789abcdef0123456789abcdef::123456789ABCDEF0123456789ABCDEF0123456789ABCDEF012345678:66a0949f8af7d6891f7f832ba833c00c892ebe30143ce28740011ecf | 182 | RC4:0123456789abcdef0123456789abcdef::123456789ABCDEF0123456789ABCDEF0123456789ABCDEF012345678:66a0949f8af7d6891f7f832ba833c00c892ebe30143ce28740011ecf |
| 288 | RC4:ef012345ef012345ef012345ef012345::00000000000000000000:d6a141a7ec3c38dfbd61 | 183 | RC4:ef012345ef012345ef012345ef012345::00000000000000000000:d6a141a7ec3c38dfbd61 |
| 184 | |||
| 185 | |||
| 186 | # Camellia tests from RFC3713 | ||
| 187 | # For all ECB encrypts and decrypts, the transformed sequence is | ||
| 188 | # CAMELLIA-bits-ECB:key::plaintext:ciphertext:encdec | ||
| 189 | CAMELLIA-128-ECB:0123456789abcdeffedcba9876543210::0123456789abcdeffedcba9876543210:67673138549669730857065648eabe43 | ||
| 190 | CAMELLIA-192-ECB:0123456789abcdeffedcba98765432100011223344556677::0123456789abcdeffedcba9876543210:b4993401b3e996f84ee5cee7d79b09b9 | ||
| 191 | CAMELLIA-256-ECB:0123456789abcdeffedcba987654321000112233445566778899aabbccddeeff::0123456789abcdeffedcba9876543210:9acc237dff16d76c20ef7c919e3a7509 | ||
| 192 | |||
| 193 | # ECB-CAMELLIA128.Encrypt | ||
| 194 | CAMELLIA-128-ECB:000102030405060708090A0B0C0D0E0F::00112233445566778899AABBCCDDEEFF:77CF412067AF8270613529149919546F:1 | ||
| 195 | CAMELLIA-192-ECB:000102030405060708090A0B0C0D0E0F1011121314151617::00112233445566778899AABBCCDDEEFF:B22F3C36B72D31329EEE8ADDC2906C68:1 | ||
| 196 | CAMELLIA-256-ECB:000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F::00112233445566778899AABBCCDDEEFF:2EDF1F3418D53B88841FC8985FB1ECF2:1 | ||
| 197 | |||
| 198 | # ECB-CAMELLIA128.Encrypt and ECB-CAMELLIA128.Decrypt | ||
| 199 | CAMELLIA-128-ECB:2B7E151628AED2A6ABF7158809CF4F3C::6BC1BEE22E409F96E93D7E117393172A:432FC5DCD628115B7C388D770B270C96 | ||
| 200 | CAMELLIA-128-ECB:2B7E151628AED2A6ABF7158809CF4F3C::AE2D8A571E03AC9C9EB76FAC45AF8E51:0BE1F14023782A22E8384C5ABB7FAB2B | ||
| 201 | CAMELLIA-128-ECB:2B7E151628AED2A6ABF7158809CF4F3C::30C81C46A35CE411E5FBC1191A0A52EF:A0A1ABCD1893AB6FE0FE5B65DF5F8636 | ||
| 202 | CAMELLIA-128-ECB:2B7E151628AED2A6ABF7158809CF4F3C::F69F2445DF4F9B17AD2B417BE66C3710:E61925E0D5DFAA9BB29F815B3076E51A | ||
| 203 | |||
| 204 | # ECB-CAMELLIA192.Encrypt and ECB-CAMELLIA192.Decrypt | ||
| 205 | CAMELLIA-192-ECB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B::6BC1BEE22E409F96E93D7E117393172A:CCCC6C4E138B45848514D48D0D3439D3 | ||
| 206 | CAMELLIA-192-ECB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B::AE2D8A571E03AC9C9EB76FAC45AF8E51:5713C62C14B2EC0F8393B6AFD6F5785A | ||
| 207 | CAMELLIA-192-ECB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B::30C81C46A35CE411E5FBC1191A0A52EF:B40ED2B60EB54D09D030CF511FEEF366 | ||
| 208 | CAMELLIA-192-ECB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B::F69F2445DF4F9B17AD2B417BE66C3710:909DBD95799096748CB27357E73E1D26 | ||
| 209 | |||
| 210 | # ECB-CAMELLIA256.Encrypt and ECB-CAMELLIA256.Decrypt | ||
| 211 | CAMELLIA-256-ECB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4::6BC1BEE22E409F96E93D7E117393172A:BEFD219B112FA00098919CD101C9CCFA | ||
| 212 | CAMELLIA-256-ECB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4::AE2D8A571E03AC9C9EB76FAC45AF8E51:C91D3A8F1AEA08A9386CF4B66C0169EA | ||
| 213 | CAMELLIA-256-ECB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4::30C81C46A35CE411E5FBC1191A0A52EF:A623D711DC5F25A51BB8A80D56397D28 | ||
| 214 | CAMELLIA-256-ECB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4::F69F2445DF4F9B17AD2B417BE66C3710:7960109FB6DC42947FCFE59EA3C5EB6B | ||
| 215 | |||
| 216 | # For all CBC encrypts and decrypts, the transformed sequence is | ||
| 217 | # CAMELLIA-bits-CBC:key:IV/ciphertext':plaintext:ciphertext:encdec | ||
| 218 | # CBC-CAMELLIA128.Encrypt and CBC-CAMELLIA128.Decrypt | ||
| 219 | CAMELLIA-128-CBC:2B7E151628AED2A6ABF7158809CF4F3C:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:1607CF494B36BBF00DAEB0B503C831AB | ||
| 220 | CAMELLIA-128-CBC:2B7E151628AED2A6ABF7158809CF4F3C:1607CF494B36BBF00DAEB0B503C831AB:AE2D8A571E03AC9C9EB76FAC45AF8E51:A2F2CF671629EF7840C5A5DFB5074887 | ||
| 221 | CAMELLIA-128-CBC:2B7E151628AED2A6ABF7158809CF4F3C:A2F2CF671629EF7840C5A5DFB5074887:30C81C46A35CE411E5FBC1191A0A52EF:0F06165008CF8B8B5A63586362543E54 | ||
| 222 | CAMELLIA-128-CBC:2B7E151628AED2A6ABF7158809CF4F3C:36A84CDAFD5F9A85ADA0F0A993D6D577:F69F2445DF4F9B17AD2B417BE66C3710:74C64268CDB8B8FAF5B34E8AF3732980 | ||
| 223 | |||
| 224 | # CBC-CAMELLIA192.Encrypt and CBC-CAMELLIA192.Decrypt | ||
| 225 | CAMELLIA-192-CBC:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:2A4830AB5AC4A1A2405955FD2195CF93 | ||
| 226 | CAMELLIA-192-CBC:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:2A4830AB5AC4A1A2405955FD2195CF93:AE2D8A571E03AC9C9EB76FAC45AF8E51:5D5A869BD14CE54264F892A6DD2EC3D5 | ||
| 227 | CAMELLIA-192-CBC:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:5D5A869BD14CE54264F892A6DD2EC3D5:30C81C46A35CE411E5FBC1191A0A52EF:37D359C3349836D884E310ADDF68C449 | ||
| 228 | CAMELLIA-192-CBC:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:37D359C3349836D884E310ADDF68C449:F69F2445DF4F9B17AD2B417BE66C3710:01FAAA930B4AB9916E9668E1428C6B08 | ||
| 229 | |||
| 230 | # CBC-CAMELLIA256.Encrypt and CBC-CAMELLIA256.Decrypt | ||
| 231 | CAMELLIA-256-CBC:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:E6CFA35FC02B134A4D2C0B6737AC3EDA | ||
| 232 | CAMELLIA-256-CBC:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:E6CFA35FC02B134A4D2C0B6737AC3EDA:AE2D8A571E03AC9C9EB76FAC45AF8E51:36CBEB73BD504B4070B1B7DE2B21EB50 | ||
| 233 | CAMELLIA-256-CBC:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:36CBEB73BD504B4070B1B7DE2B21EB50:30C81C46A35CE411E5FBC1191A0A52EF:E31A6055297D96CA3330CDF1B1860A83 | ||
| 234 | CAMELLIA-256-CBC:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:E31A6055297D96CA3330CDF1B1860A83:F69F2445DF4F9B17AD2B417BE66C3710:5D563F6D1CCCF236051C0C5C1C58F28F | ||
| 235 | |||
| 236 | # We don't support CFB{1,8}-CAMELLIAxxx.{En,De}crypt | ||
| 237 | # For all CFB128 encrypts and decrypts, the transformed sequence is | ||
| 238 | # CAMELLIA-bits-CFB:key:IV/ciphertext':plaintext:ciphertext:encdec | ||
| 239 | # CFB128-CAMELLIA128.Encrypt | ||
| 240 | CAMELLIA-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:14F7646187817EB586599146B82BD719:1 | ||
| 241 | CAMELLIA-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:14F7646187817EB586599146B82BD719:AE2D8A571E03AC9C9EB76FAC45AF8E51:A53D28BB82DF741103EA4F921A44880B:1 | ||
| 242 | CAMELLIA-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:A53D28BB82DF741103EA4F921A44880B:30C81C46A35CE411E5FBC1191A0A52EF:9C2157A664626D1DEF9EA420FDE69B96:1 | ||
| 243 | CAMELLIA-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:9C2157A664626D1DEF9EA420FDE69B96:F69F2445DF4F9B17AD2B417BE66C3710:742A25F0542340C7BAEF24CA8482BB09:1 | ||
| 244 | |||
| 245 | # CFB128-CAMELLIA128.Decrypt | ||
| 246 | CAMELLIA-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:14F7646187817EB586599146B82BD719:0 | ||
| 247 | CAMELLIA-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:14F7646187817EB586599146B82BD719:AE2D8A571E03AC9C9EB76FAC45AF8E51:A53D28BB82DF741103EA4F921A44880B:0 | ||
| 248 | CAMELLIA-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:A53D28BB82DF741103EA4F921A44880B:30C81C46A35CE411E5FBC1191A0A52EF:9C2157A664626D1DEF9EA420FDE69B96:0 | ||
| 249 | CAMELLIA-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:9C2157A664626D1DEF9EA420FDE69B96:F69F2445DF4F9B17AD2B417BE66C3710:742A25F0542340C7BAEF24CA8482BB09:0 | ||
| 250 | |||
| 251 | # CFB128-CAMELLIA192.Encrypt | ||
| 252 | CAMELLIA-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:C832BB9780677DAA82D9B6860DCD565E:1 | ||
| 253 | CAMELLIA-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:C832BB9780677DAA82D9B6860DCD565E:AE2D8A571E03AC9C9EB76FAC45AF8E51:86F8491627906D780C7A6D46EA331F98:1 | ||
| 254 | CAMELLIA-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:86F8491627906D780C7A6D46EA331F98:30C81C46A35CE411E5FBC1191A0A52EF:69511CCE594CF710CB98BB63D7221F01:1 | ||
| 255 | CAMELLIA-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:69511CCE594CF710CB98BB63D7221F01:F69F2445DF4F9B17AD2B417BE66C3710:D5B5378A3ABED55803F25565D8907B84:1 | ||
| 256 | |||
| 257 | # CFB128-CAMELLIA192.Decrypt | ||
| 258 | CAMELLIA-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:C832BB9780677DAA82D9B6860DCD565E:0 | ||
| 259 | CAMELLIA-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:C832BB9780677DAA82D9B6860DCD565E:AE2D8A571E03AC9C9EB76FAC45AF8E51:86F8491627906D780C7A6D46EA331F98:0 | ||
| 260 | CAMELLIA-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:86F8491627906D780C7A6D46EA331F98:30C81C46A35CE411E5FBC1191A0A52EF:69511CCE594CF710CB98BB63D7221F01:0 | ||
| 261 | CAMELLIA-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:69511CCE594CF710CB98BB63D7221F01:F69F2445DF4F9B17AD2B417BE66C3710:D5B5378A3ABED55803F25565D8907B84:0 | ||
| 262 | |||
| 263 | # CFB128-CAMELLIA256.Encrypt | ||
| 264 | CAMELLIA-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:CF6107BB0CEA7D7FB1BD31F5E7B06C93:1 | ||
| 265 | CAMELLIA-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:CF6107BB0CEA7D7FB1BD31F5E7B06C93:AE2D8A571E03AC9C9EB76FAC45AF8E51:89BEDB4CCDD864EA11BA4CBE849B5E2B:1 | ||
| 266 | CAMELLIA-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:89BEDB4CCDD864EA11BA4CBE849B5E2B:30C81C46A35CE411E5FBC1191A0A52EF:555FC3F34BDD2D54C62D9E3BF338C1C4:1 | ||
| 267 | CAMELLIA-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:555FC3F34BDD2D54C62D9E3BF338C1C4:F69F2445DF4F9B17AD2B417BE66C3710:5953ADCE14DB8C7F39F1BD39F359BFFA:1 | ||
| 268 | |||
| 269 | # CFB128-CAMELLIA256.Decrypt | ||
| 270 | CAMELLIA-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:CF6107BB0CEA7D7FB1BD31F5E7B06C93:0 | ||
| 271 | CAMELLIA-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:CF6107BB0CEA7D7FB1BD31F5E7B06C93:AE2D8A571E03AC9C9EB76FAC45AF8E51:89BEDB4CCDD864EA11BA4CBE849B5E2B:0 | ||
| 272 | CAMELLIA-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:89BEDB4CCDD864EA11BA4CBE849B5E2B:30C81C46A35CE411E5FBC1191A0A52EF:555FC3F34BDD2D54C62D9E3BF338C1C4:0 | ||
| 273 | CAMELLIA-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:555FC3F34BDD2D54C62D9E3BF338C1C4:F69F2445DF4F9B17AD2B417BE66C3710:5953ADCE14DB8C7F39F1BD39F359BFFA:0 | ||
| 274 | |||
| 275 | # For all OFB encrypts and decrypts, the transformed sequence is | ||
| 276 | # CAMELLIA-bits-OFB:key:IV/output':plaintext:ciphertext:encdec | ||
| 277 | # OFB-CAMELLIA128.Encrypt | ||
| 278 | CAMELLIA-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:14F7646187817EB586599146B82BD719:1 | ||
| 279 | CAMELLIA-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:50FE67CC996D32B6DA0937E99BAFEC60:AE2D8A571E03AC9C9EB76FAC45AF8E51:25623DB569CA51E01482649977E28D84:1 | ||
| 280 | CAMELLIA-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:D9A4DADA0892239F6B8B3D7680E15674:30C81C46A35CE411E5FBC1191A0A52EF:C776634A60729DC657D12B9FCA801E98:1 | ||
| 281 | CAMELLIA-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:A78819583F0308E7A6BF36B1386ABF23:F69F2445DF4F9B17AD2B417BE66C3710:D776379BE0E50825E681DA1A4C980E8E:1 | ||
| 282 | |||
| 283 | # OFB-CAMELLIA128.Decrypt | ||
| 284 | CAMELLIA-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:14F7646187817EB586599146B82BD719:0 | ||
| 285 | CAMELLIA-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:50FE67CC996D32B6DA0937E99BAFEC60:AE2D8A571E03AC9C9EB76FAC45AF8E51:25623DB569CA51E01482649977E28D84:0 | ||
| 286 | CAMELLIA-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:D9A4DADA0892239F6B8B3D7680E15674:30C81C46A35CE411E5FBC1191A0A52EF:C776634A60729DC657D12B9FCA801E98:0 | ||
| 287 | CAMELLIA-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:A78819583F0308E7A6BF36B1386ABF23:F69F2445DF4F9B17AD2B417BE66C3710:D776379BE0E50825E681DA1A4C980E8E:0 | ||
| 288 | |||
| 289 | # OFB-CAMELLIA192.Encrypt | ||
| 290 | CAMELLIA-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:C832BB9780677DAA82D9B6860DCD565E:1 | ||
| 291 | CAMELLIA-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:A609B38DF3B1133DDDFF2718BA09565E:AE2D8A571E03AC9C9EB76FAC45AF8E51:8ECEB7D0350D72C7F78562AEBDF99339:1 | ||
| 292 | CAMELLIA-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:52EF01DA52602FE0975F78AC84BF8A50:30C81C46A35CE411E5FBC1191A0A52EF:BDD62DBBB9700846C53B507F544696F0:1 | ||
| 293 | CAMELLIA-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:BD5286AC63AABD7EB067AC54B553F71D:F69F2445DF4F9B17AD2B417BE66C3710:E28014E046B802F385C4C2E13EAD4A72:1 | ||
| 294 | |||
| 295 | # OFB-CAMELLIA192.Decrypt | ||
| 296 | CAMELLIA-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:C832BB9780677DAA82D9B6860DCD565E:0 | ||
| 297 | CAMELLIA-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:A609B38DF3B1133DDDFF2718BA09565E:AE2D8A571E03AC9C9EB76FAC45AF8E51:8ECEB7D0350D72C7F78562AEBDF99339:0 | ||
| 298 | CAMELLIA-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:52EF01DA52602FE0975F78AC84BF8A50:30C81C46A35CE411E5FBC1191A0A52EF:BDD62DBBB9700846C53B507F544696F0:0 | ||
| 299 | CAMELLIA-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:BD5286AC63AABD7EB067AC54B553F71D:F69F2445DF4F9B17AD2B417BE66C3710:E28014E046B802F385C4C2E13EAD4A72:0 | ||
| 300 | |||
| 301 | # OFB-CAMELLIA256.Encrypt | ||
| 302 | CAMELLIA-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:CF6107BB0CEA7D7FB1BD31F5E7B06C93:1 | ||
| 303 | CAMELLIA-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:B7BF3A5DF43989DD97F0FA97EBCE2F4A:AE2D8A571E03AC9C9EB76FAC45AF8E51:127AD97E8E3994E4820027D7BA109368:1 | ||
| 304 | CAMELLIA-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:E1C656305ED1A7A6563805746FE03EDC:30C81C46A35CE411E5FBC1191A0A52EF:6BFF6265A6A6B7A535BC65A80B17214E:1 | ||
| 305 | CAMELLIA-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:41635BE625B48AFC1666DD42A09D96E7:F69F2445DF4F9B17AD2B417BE66C3710:0A4A0404E26AA78A27CB271E8BF3CF20:1 | ||
| 306 | |||
| 307 | # OFB-CAMELLIA256.Decrypt | ||
| 308 | CAMELLIA-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:CF6107BB0CEA7D7FB1BD31F5E7B06C93:0 | ||
| 309 | CAMELLIA-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:B7BF3A5DF43989DD97F0FA97EBCE2F4A:AE2D8A571E03AC9C9EB76FAC45AF8E51:127AD97E8E3994E4820027D7BA109368:0 | ||
| 310 | CAMELLIA-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:E1C656305ED1A7A6563805746FE03EDC:30C81C46A35CE411E5FBC1191A0A52EF:6BFF6265A6A6B7A535BC65A80B17214E:0 | ||
| 311 | CAMELLIA-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:41635BE625B48AFC1666DD42A09D96E7:F69F2445DF4F9B17AD2B417BE66C3710:0A4A0404E26AA78A27CB271E8BF3CF20:0 | ||
| 312 | |||
| 313 | # SEED test vectors from RFC4269 | ||
| 314 | SEED-ECB:00000000000000000000000000000000::000102030405060708090A0B0C0D0E0F:5EBAC6E0054E166819AFF1CC6D346CDB:0 | ||
| 315 | SEED-ECB:000102030405060708090A0B0C0D0E0F::00000000000000000000000000000000:C11F22F20140505084483597E4370F43:0 | ||
| 316 | SEED-ECB:4706480851E61BE85D74BFB3FD956185::83A2F8A288641FB9A4E9A5CC2F131C7D:EE54D13EBCAE706D226BC3142CD40D4A:0 | ||
| 317 | SEED-ECB:28DBC3BC49FFD87DCFA509B11D422BE7::B41E6BE2EBA84A148E2EED84593C5EC7:9B9B7BFCD1813CB95D0B3618F40F5122:0 | ||
| 318 | SEED-ECB:00000000000000000000000000000000::000102030405060708090A0B0C0D0E0F:5EBAC6E0054E166819AFF1CC6D346CDB:1 | ||
| 319 | SEED-ECB:000102030405060708090A0B0C0D0E0F::00000000000000000000000000000000:C11F22F20140505084483597E4370F43:1 | ||
| 320 | SEED-ECB:4706480851E61BE85D74BFB3FD956185::83A2F8A288641FB9A4E9A5CC2F131C7D:EE54D13EBCAE706D226BC3142CD40D4A:1 | ||
| 321 | SEED-ECB:28DBC3BC49FFD87DCFA509B11D422BE7::B41E6BE2EBA84A148E2EED84593C5EC7:9B9B7BFCD1813CB95D0B3618F40F5122:1 | ||
diff --git a/src/lib/libssl/src/crypto/evp/m_dss.c b/src/lib/libssl/src/crypto/evp/m_dss.c index d393eb3400..a948c77fa4 100644 --- a/src/lib/libssl/src/crypto/evp/m_dss.c +++ b/src/lib/libssl/src/crypto/evp/m_dss.c | |||
| @@ -61,12 +61,16 @@ | |||
| 61 | #include <openssl/evp.h> | 61 | #include <openssl/evp.h> |
| 62 | #include <openssl/objects.h> | 62 | #include <openssl/objects.h> |
| 63 | #include <openssl/x509.h> | 63 | #include <openssl/x509.h> |
| 64 | #ifndef OPENSSL_NO_DSA | ||
| 65 | #include <openssl/dsa.h> | ||
| 66 | #endif | ||
| 64 | 67 | ||
| 65 | #ifndef OPENSSL_NO_SHA | 68 | #ifndef OPENSSL_NO_SHA |
| 69 | |||
| 66 | static int init(EVP_MD_CTX *ctx) | 70 | static int init(EVP_MD_CTX *ctx) |
| 67 | { return SHA1_Init(ctx->md_data); } | 71 | { return SHA1_Init(ctx->md_data); } |
| 68 | 72 | ||
| 69 | static int update(EVP_MD_CTX *ctx,const void *data,unsigned long count) | 73 | static int update(EVP_MD_CTX *ctx,const void *data,size_t count) |
| 70 | { return SHA1_Update(ctx->md_data,data,count); } | 74 | { return SHA1_Update(ctx->md_data,data,count); } |
| 71 | 75 | ||
| 72 | static int final(EVP_MD_CTX *ctx,unsigned char *md) | 76 | static int final(EVP_MD_CTX *ctx,unsigned char *md) |
| @@ -77,7 +81,7 @@ static const EVP_MD dsa_md= | |||
| 77 | NID_dsaWithSHA, | 81 | NID_dsaWithSHA, |
| 78 | NID_dsaWithSHA, | 82 | NID_dsaWithSHA, |
| 79 | SHA_DIGEST_LENGTH, | 83 | SHA_DIGEST_LENGTH, |
| 80 | EVP_MD_FLAG_FIPS, | 84 | 0, |
| 81 | init, | 85 | init, |
| 82 | update, | 86 | update, |
| 83 | final, | 87 | final, |
diff --git a/src/lib/libssl/src/crypto/evp/m_dss1.c b/src/lib/libssl/src/crypto/evp/m_dss1.c index 23b90d0538..c12e13972b 100644 --- a/src/lib/libssl/src/crypto/evp/m_dss1.c +++ b/src/lib/libssl/src/crypto/evp/m_dss1.c | |||
| @@ -56,25 +56,23 @@ | |||
| 56 | * [including the GNU Public Licence.] | 56 | * [including the GNU Public Licence.] |
| 57 | */ | 57 | */ |
| 58 | 58 | ||
| 59 | #ifndef OPENSSL_NO_SHA | ||
| 60 | #include <stdio.h> | 59 | #include <stdio.h> |
| 61 | #include "cryptlib.h" | 60 | #include "cryptlib.h" |
| 61 | |||
| 62 | #ifndef OPENSSL_NO_SHA | ||
| 63 | |||
| 62 | #include <openssl/evp.h> | 64 | #include <openssl/evp.h> |
| 63 | #include <openssl/objects.h> | 65 | #include <openssl/objects.h> |
| 64 | #include <openssl/x509.h> | 66 | #include <openssl/x509.h> |
| 67 | #ifndef OPENSSL_NO_DSA | ||
| 68 | #include <openssl/dsa.h> | ||
| 69 | #endif | ||
| 65 | 70 | ||
| 66 | static int init(EVP_MD_CTX *ctx) | 71 | static int init(EVP_MD_CTX *ctx) |
| 67 | { return SHA1_Init(ctx->md_data); } | 72 | { return SHA1_Init(ctx->md_data); } |
| 68 | 73 | ||
| 69 | static int update(EVP_MD_CTX *ctx,const void *data,unsigned long count) | 74 | static int update(EVP_MD_CTX *ctx,const void *data,size_t count) |
| 70 | #ifndef OPENSSL_FIPS | ||
| 71 | { return SHA1_Update(ctx->md_data,data,count); } | 75 | { return SHA1_Update(ctx->md_data,data,count); } |
| 72 | #else | ||
| 73 | { | ||
| 74 | OPENSSL_assert(sizeof(count)<=sizeof(size_t)); | ||
| 75 | return SHA1_Update(ctx->md_data,data,count); | ||
| 76 | } | ||
| 77 | #endif | ||
| 78 | 76 | ||
| 79 | static int final(EVP_MD_CTX *ctx,unsigned char *md) | 77 | static int final(EVP_MD_CTX *ctx,unsigned char *md) |
| 80 | { return SHA1_Final(md,ctx->md_data); } | 78 | { return SHA1_Final(md,ctx->md_data); } |
| @@ -84,7 +82,7 @@ static const EVP_MD dss1_md= | |||
| 84 | NID_dsa, | 82 | NID_dsa, |
| 85 | NID_dsaWithSHA1, | 83 | NID_dsaWithSHA1, |
| 86 | SHA_DIGEST_LENGTH, | 84 | SHA_DIGEST_LENGTH, |
| 87 | EVP_MD_FLAG_FIPS, | 85 | 0, |
| 88 | init, | 86 | init, |
| 89 | update, | 87 | update, |
| 90 | final, | 88 | final, |
diff --git a/src/lib/libssl/src/crypto/evp/m_md2.c b/src/lib/libssl/src/crypto/evp/m_md2.c index 0df48e5199..5ce849f161 100644 --- a/src/lib/libssl/src/crypto/evp/m_md2.c +++ b/src/lib/libssl/src/crypto/evp/m_md2.c | |||
| @@ -56,19 +56,23 @@ | |||
| 56 | * [including the GNU Public Licence.] | 56 | * [including the GNU Public Licence.] |
| 57 | */ | 57 | */ |
| 58 | 58 | ||
| 59 | #ifndef OPENSSL_NO_MD2 | ||
| 60 | #include <stdio.h> | 59 | #include <stdio.h> |
| 61 | #include "cryptlib.h" | 60 | #include "cryptlib.h" |
| 61 | |||
| 62 | #ifndef OPENSSL_NO_MD2 | ||
| 63 | |||
| 62 | #include <openssl/evp.h> | 64 | #include <openssl/evp.h> |
| 63 | #include "evp_locl.h" | ||
| 64 | #include <openssl/objects.h> | 65 | #include <openssl/objects.h> |
| 65 | #include <openssl/x509.h> | 66 | #include <openssl/x509.h> |
| 66 | #include <openssl/md2.h> | 67 | #include <openssl/md2.h> |
| 68 | #ifndef OPENSSL_NO_RSA | ||
| 69 | #include <openssl/rsa.h> | ||
| 70 | #endif | ||
| 67 | 71 | ||
| 68 | static int init(EVP_MD_CTX *ctx) | 72 | static int init(EVP_MD_CTX *ctx) |
| 69 | { return MD2_Init(ctx->md_data); } | 73 | { return MD2_Init(ctx->md_data); } |
| 70 | 74 | ||
| 71 | static int update(EVP_MD_CTX *ctx,const void *data,unsigned long count) | 75 | static int update(EVP_MD_CTX *ctx,const void *data,size_t count) |
| 72 | { return MD2_Update(ctx->md_data,data,count); } | 76 | { return MD2_Update(ctx->md_data,data,count); } |
| 73 | 77 | ||
| 74 | static int final(EVP_MD_CTX *ctx,unsigned char *md) | 78 | static int final(EVP_MD_CTX *ctx,unsigned char *md) |
diff --git a/src/lib/libssl/src/crypto/evp/m_md4.c b/src/lib/libssl/src/crypto/evp/m_md4.c index 0605e4b707..1e0b7c5b42 100644 --- a/src/lib/libssl/src/crypto/evp/m_md4.c +++ b/src/lib/libssl/src/crypto/evp/m_md4.c | |||
| @@ -56,19 +56,23 @@ | |||
| 56 | * [including the GNU Public Licence.] | 56 | * [including the GNU Public Licence.] |
| 57 | */ | 57 | */ |
| 58 | 58 | ||
| 59 | #ifndef OPENSSL_NO_MD4 | ||
| 60 | #include <stdio.h> | 59 | #include <stdio.h> |
| 61 | #include "cryptlib.h" | 60 | #include "cryptlib.h" |
| 61 | |||
| 62 | #ifndef OPENSSL_NO_MD4 | ||
| 63 | |||
| 62 | #include <openssl/evp.h> | 64 | #include <openssl/evp.h> |
| 63 | #include "evp_locl.h" | ||
| 64 | #include <openssl/objects.h> | 65 | #include <openssl/objects.h> |
| 65 | #include <openssl/x509.h> | 66 | #include <openssl/x509.h> |
| 66 | #include <openssl/md4.h> | 67 | #include <openssl/md4.h> |
| 68 | #ifndef OPENSSL_NO_RSA | ||
| 69 | #include <openssl/rsa.h> | ||
| 70 | #endif | ||
| 67 | 71 | ||
| 68 | static int init(EVP_MD_CTX *ctx) | 72 | static int init(EVP_MD_CTX *ctx) |
| 69 | { return MD4_Init(ctx->md_data); } | 73 | { return MD4_Init(ctx->md_data); } |
| 70 | 74 | ||
| 71 | static int update(EVP_MD_CTX *ctx,const void *data,unsigned long count) | 75 | static int update(EVP_MD_CTX *ctx,const void *data,size_t count) |
| 72 | { return MD4_Update(ctx->md_data,data,count); } | 76 | { return MD4_Update(ctx->md_data,data,count); } |
| 73 | 77 | ||
| 74 | static int final(EVP_MD_CTX *ctx,unsigned char *md) | 78 | static int final(EVP_MD_CTX *ctx,unsigned char *md) |
diff --git a/src/lib/libssl/src/crypto/evp/m_md5.c b/src/lib/libssl/src/crypto/evp/m_md5.c index 752615d473..63c142119e 100644 --- a/src/lib/libssl/src/crypto/evp/m_md5.c +++ b/src/lib/libssl/src/crypto/evp/m_md5.c | |||
| @@ -56,19 +56,23 @@ | |||
| 56 | * [including the GNU Public Licence.] | 56 | * [including the GNU Public Licence.] |
| 57 | */ | 57 | */ |
| 58 | 58 | ||
| 59 | #ifndef OPENSSL_NO_MD5 | ||
| 60 | #include <stdio.h> | 59 | #include <stdio.h> |
| 61 | #include "cryptlib.h" | 60 | #include "cryptlib.h" |
| 61 | |||
| 62 | #ifndef OPENSSL_NO_MD5 | ||
| 63 | |||
| 62 | #include <openssl/evp.h> | 64 | #include <openssl/evp.h> |
| 63 | #include "evp_locl.h" | ||
| 64 | #include <openssl/objects.h> | 65 | #include <openssl/objects.h> |
| 65 | #include <openssl/x509.h> | 66 | #include <openssl/x509.h> |
| 66 | #include <openssl/md5.h> | 67 | #include <openssl/md5.h> |
| 68 | #ifndef OPENSSL_NO_RSA | ||
| 69 | #include <openssl/rsa.h> | ||
| 70 | #endif | ||
| 67 | 71 | ||
| 68 | static int init(EVP_MD_CTX *ctx) | 72 | static int init(EVP_MD_CTX *ctx) |
| 69 | { return MD5_Init(ctx->md_data); } | 73 | { return MD5_Init(ctx->md_data); } |
| 70 | 74 | ||
| 71 | static int update(EVP_MD_CTX *ctx,const void *data,unsigned long count) | 75 | static int update(EVP_MD_CTX *ctx,const void *data,size_t count) |
| 72 | { return MD5_Update(ctx->md_data,data,count); } | 76 | { return MD5_Update(ctx->md_data,data,count); } |
| 73 | 77 | ||
| 74 | static int final(EVP_MD_CTX *ctx,unsigned char *md) | 78 | static int final(EVP_MD_CTX *ctx,unsigned char *md) |
diff --git a/src/lib/libssl/src/crypto/evp/m_mdc2.c b/src/lib/libssl/src/crypto/evp/m_mdc2.c index 62de1336b8..36c4e9b134 100644 --- a/src/lib/libssl/src/crypto/evp/m_mdc2.c +++ b/src/lib/libssl/src/crypto/evp/m_mdc2.c | |||
| @@ -56,19 +56,21 @@ | |||
| 56 | * [including the GNU Public Licence.] | 56 | * [including the GNU Public Licence.] |
| 57 | */ | 57 | */ |
| 58 | 58 | ||
| 59 | #ifndef OPENSSL_NO_MDC2 | ||
| 60 | #include <stdio.h> | 59 | #include <stdio.h> |
| 61 | #include "cryptlib.h" | 60 | #include "cryptlib.h" |
| 61 | |||
| 62 | #ifndef OPENSSL_NO_MDC2 | ||
| 63 | |||
| 62 | #include <openssl/evp.h> | 64 | #include <openssl/evp.h> |
| 63 | #include "evp_locl.h" | ||
| 64 | #include <openssl/objects.h> | 65 | #include <openssl/objects.h> |
| 65 | #include <openssl/x509.h> | 66 | #include <openssl/x509.h> |
| 66 | #include <openssl/mdc2.h> | 67 | #include <openssl/mdc2.h> |
| 68 | #include <openssl/rsa.h> | ||
| 67 | 69 | ||
| 68 | static int init(EVP_MD_CTX *ctx) | 70 | static int init(EVP_MD_CTX *ctx) |
| 69 | { return MDC2_Init(ctx->md_data); } | 71 | { return MDC2_Init(ctx->md_data); } |
| 70 | 72 | ||
| 71 | static int update(EVP_MD_CTX *ctx,const void *data,unsigned long count) | 73 | static int update(EVP_MD_CTX *ctx,const void *data,size_t count) |
| 72 | { return MDC2_Update(ctx->md_data,data,count); } | 74 | { return MDC2_Update(ctx->md_data,data,count); } |
| 73 | 75 | ||
| 74 | static int final(EVP_MD_CTX *ctx,unsigned char *md) | 76 | static int final(EVP_MD_CTX *ctx,unsigned char *md) |
diff --git a/src/lib/libssl/src/crypto/evp/m_null.c b/src/lib/libssl/src/crypto/evp/m_null.c index f6f0a1d2c0..cb0721699d 100644 --- a/src/lib/libssl/src/crypto/evp/m_null.c +++ b/src/lib/libssl/src/crypto/evp/m_null.c | |||
| @@ -65,7 +65,7 @@ | |||
| 65 | static int init(EVP_MD_CTX *ctx) | 65 | static int init(EVP_MD_CTX *ctx) |
| 66 | { return 1; } | 66 | { return 1; } |
| 67 | 67 | ||
| 68 | static int update(EVP_MD_CTX *ctx,const void *data,unsigned long count) | 68 | static int update(EVP_MD_CTX *ctx,const void *data,size_t count) |
| 69 | { return 1; } | 69 | { return 1; } |
| 70 | 70 | ||
| 71 | static int final(EVP_MD_CTX *ctx,unsigned char *md) | 71 | static int final(EVP_MD_CTX *ctx,unsigned char *md) |
diff --git a/src/lib/libssl/src/crypto/evp/m_ripemd.c b/src/lib/libssl/src/crypto/evp/m_ripemd.c index 64725528dc..a1d60ee78d 100644 --- a/src/lib/libssl/src/crypto/evp/m_ripemd.c +++ b/src/lib/libssl/src/crypto/evp/m_ripemd.c | |||
| @@ -56,18 +56,23 @@ | |||
| 56 | * [including the GNU Public Licence.] | 56 | * [including the GNU Public Licence.] |
| 57 | */ | 57 | */ |
| 58 | 58 | ||
| 59 | #ifndef OPENSSL_NO_RIPEMD | ||
| 60 | #include <stdio.h> | 59 | #include <stdio.h> |
| 61 | #include "cryptlib.h" | 60 | #include "cryptlib.h" |
| 61 | |||
| 62 | #ifndef OPENSSL_NO_RIPEMD | ||
| 63 | |||
| 62 | #include <openssl/ripemd.h> | 64 | #include <openssl/ripemd.h> |
| 63 | #include <openssl/evp.h> | 65 | #include <openssl/evp.h> |
| 64 | #include <openssl/objects.h> | 66 | #include <openssl/objects.h> |
| 65 | #include <openssl/x509.h> | 67 | #include <openssl/x509.h> |
| 68 | #ifndef OPENSSL_NO_RSA | ||
| 69 | #include <openssl/rsa.h> | ||
| 70 | #endif | ||
| 66 | 71 | ||
| 67 | static int init(EVP_MD_CTX *ctx) | 72 | static int init(EVP_MD_CTX *ctx) |
| 68 | { return RIPEMD160_Init(ctx->md_data); } | 73 | { return RIPEMD160_Init(ctx->md_data); } |
| 69 | 74 | ||
| 70 | static int update(EVP_MD_CTX *ctx,const void *data,unsigned long count) | 75 | static int update(EVP_MD_CTX *ctx,const void *data,size_t count) |
| 71 | { return RIPEMD160_Update(ctx->md_data,data,count); } | 76 | { return RIPEMD160_Update(ctx->md_data,data,count); } |
| 72 | 77 | ||
| 73 | static int final(EVP_MD_CTX *ctx,unsigned char *md) | 78 | static int final(EVP_MD_CTX *ctx,unsigned char *md) |
diff --git a/src/lib/libssl/src/crypto/evp/m_sha.c b/src/lib/libssl/src/crypto/evp/m_sha.c index ed54909b16..acccc8f92d 100644 --- a/src/lib/libssl/src/crypto/evp/m_sha.c +++ b/src/lib/libssl/src/crypto/evp/m_sha.c | |||
| @@ -56,21 +56,22 @@ | |||
| 56 | * [including the GNU Public Licence.] | 56 | * [including the GNU Public Licence.] |
| 57 | */ | 57 | */ |
| 58 | 58 | ||
| 59 | #if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA0) | ||
| 60 | #include <stdio.h> | 59 | #include <stdio.h> |
| 61 | #include "cryptlib.h" | 60 | #include "cryptlib.h" |
| 62 | /* Including sha.h prior evp.h masks FIPS SHA declarations, but that's | 61 | |
| 63 | * exactly what we want to achieve here... */ | 62 | #if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA0) |
| 64 | #include <openssl/sha.h> | 63 | |
| 65 | #include <openssl/evp.h> | 64 | #include <openssl/evp.h> |
| 66 | #include "evp_locl.h" | ||
| 67 | #include <openssl/objects.h> | 65 | #include <openssl/objects.h> |
| 68 | #include <openssl/x509.h> | 66 | #include <openssl/x509.h> |
| 67 | #ifndef OPENSSL_NO_RSA | ||
| 68 | #include <openssl/rsa.h> | ||
| 69 | #endif | ||
| 69 | 70 | ||
| 70 | static int init(EVP_MD_CTX *ctx) | 71 | static int init(EVP_MD_CTX *ctx) |
| 71 | { return SHA_Init(ctx->md_data); } | 72 | { return SHA_Init(ctx->md_data); } |
| 72 | 73 | ||
| 73 | static int update(EVP_MD_CTX *ctx,const void *data,unsigned long count) | 74 | static int update(EVP_MD_CTX *ctx,const void *data,size_t count) |
| 74 | { return SHA_Update(ctx->md_data,data,count); } | 75 | { return SHA_Update(ctx->md_data,data,count); } |
| 75 | 76 | ||
| 76 | static int final(EVP_MD_CTX *ctx,unsigned char *md) | 77 | static int final(EVP_MD_CTX *ctx,unsigned char *md) |
diff --git a/src/lib/libssl/src/crypto/evp/m_sha1.c b/src/lib/libssl/src/crypto/evp/m_sha1.c index 60da93873c..4679b1c463 100644 --- a/src/lib/libssl/src/crypto/evp/m_sha1.c +++ b/src/lib/libssl/src/crypto/evp/m_sha1.c | |||
| @@ -56,25 +56,23 @@ | |||
| 56 | * [including the GNU Public Licence.] | 56 | * [including the GNU Public Licence.] |
| 57 | */ | 57 | */ |
| 58 | 58 | ||
| 59 | #ifndef OPENSSL_NO_SHA | ||
| 60 | #include <stdio.h> | 59 | #include <stdio.h> |
| 61 | #include "cryptlib.h" | 60 | #include "cryptlib.h" |
| 61 | |||
| 62 | #ifndef OPENSSL_NO_SHA | ||
| 63 | |||
| 62 | #include <openssl/evp.h> | 64 | #include <openssl/evp.h> |
| 63 | #include <openssl/objects.h> | 65 | #include <openssl/objects.h> |
| 64 | #include <openssl/x509.h> | 66 | #include <openssl/x509.h> |
| 67 | #ifndef OPENSSL_NO_RSA | ||
| 68 | #include <openssl/rsa.h> | ||
| 69 | #endif | ||
| 65 | 70 | ||
| 66 | static int init(EVP_MD_CTX *ctx) | 71 | static int init(EVP_MD_CTX *ctx) |
| 67 | { return SHA1_Init(ctx->md_data); } | 72 | { return SHA1_Init(ctx->md_data); } |
| 68 | 73 | ||
| 69 | static int update(EVP_MD_CTX *ctx,const void *data,unsigned long count) | 74 | static int update(EVP_MD_CTX *ctx,const void *data,size_t count) |
| 70 | #ifndef OPENSSL_FIPS | ||
| 71 | { return SHA1_Update(ctx->md_data,data,count); } | 75 | { return SHA1_Update(ctx->md_data,data,count); } |
| 72 | #else | ||
| 73 | { | ||
| 74 | OPENSSL_assert(sizeof(count)<=sizeof(size_t)); | ||
| 75 | return SHA1_Update(ctx->md_data,data,count); | ||
| 76 | } | ||
| 77 | #endif | ||
| 78 | 76 | ||
| 79 | static int final(EVP_MD_CTX *ctx,unsigned char *md) | 77 | static int final(EVP_MD_CTX *ctx,unsigned char *md) |
| 80 | { return SHA1_Final(md,ctx->md_data); } | 78 | { return SHA1_Final(md,ctx->md_data); } |
| @@ -84,7 +82,7 @@ static const EVP_MD sha1_md= | |||
| 84 | NID_sha1, | 82 | NID_sha1, |
| 85 | NID_sha1WithRSAEncryption, | 83 | NID_sha1WithRSAEncryption, |
| 86 | SHA_DIGEST_LENGTH, | 84 | SHA_DIGEST_LENGTH, |
| 87 | EVP_MD_FLAG_FIPS, | 85 | 0, |
| 88 | init, | 86 | init, |
| 89 | update, | 87 | update, |
| 90 | final, | 88 | final, |
| @@ -101,7 +99,6 @@ const EVP_MD *EVP_sha1(void) | |||
| 101 | } | 99 | } |
| 102 | #endif | 100 | #endif |
| 103 | 101 | ||
| 104 | #ifdef OPENSSL_FIPS | ||
| 105 | #ifndef OPENSSL_NO_SHA256 | 102 | #ifndef OPENSSL_NO_SHA256 |
| 106 | static int init224(EVP_MD_CTX *ctx) | 103 | static int init224(EVP_MD_CTX *ctx) |
| 107 | { return SHA224_Init(ctx->md_data); } | 104 | { return SHA224_Init(ctx->md_data); } |
| @@ -112,11 +109,8 @@ static int init256(EVP_MD_CTX *ctx) | |||
| 112 | * SHA256 functions even in SHA224 context. This is what happens | 109 | * SHA256 functions even in SHA224 context. This is what happens |
| 113 | * there anyway, so we can spare few CPU cycles:-) | 110 | * there anyway, so we can spare few CPU cycles:-) |
| 114 | */ | 111 | */ |
| 115 | static int update256(EVP_MD_CTX *ctx,const void *data,unsigned long count) | 112 | static int update256(EVP_MD_CTX *ctx,const void *data,size_t count) |
| 116 | { | 113 | { return SHA256_Update(ctx->md_data,data,count); } |
| 117 | OPENSSL_assert(sizeof(count)<=sizeof(size_t)); | ||
| 118 | return SHA256_Update(ctx->md_data,data,count); | ||
| 119 | } | ||
| 120 | static int final256(EVP_MD_CTX *ctx,unsigned char *md) | 114 | static int final256(EVP_MD_CTX *ctx,unsigned char *md) |
| 121 | { return SHA256_Final(md,ctx->md_data); } | 115 | { return SHA256_Final(md,ctx->md_data); } |
| 122 | 116 | ||
| @@ -125,7 +119,7 @@ static const EVP_MD sha224_md= | |||
| 125 | NID_sha224, | 119 | NID_sha224, |
| 126 | NID_sha224WithRSAEncryption, | 120 | NID_sha224WithRSAEncryption, |
| 127 | SHA224_DIGEST_LENGTH, | 121 | SHA224_DIGEST_LENGTH, |
| 128 | EVP_MD_FLAG_FIPS, | 122 | 0, |
| 129 | init224, | 123 | init224, |
| 130 | update256, | 124 | update256, |
| 131 | final256, | 125 | final256, |
| @@ -144,7 +138,7 @@ static const EVP_MD sha256_md= | |||
| 144 | NID_sha256, | 138 | NID_sha256, |
| 145 | NID_sha256WithRSAEncryption, | 139 | NID_sha256WithRSAEncryption, |
| 146 | SHA256_DIGEST_LENGTH, | 140 | SHA256_DIGEST_LENGTH, |
| 147 | EVP_MD_FLAG_FIPS, | 141 | 0, |
| 148 | init256, | 142 | init256, |
| 149 | update256, | 143 | update256, |
| 150 | final256, | 144 | final256, |
| @@ -157,7 +151,7 @@ static const EVP_MD sha256_md= | |||
| 157 | 151 | ||
| 158 | const EVP_MD *EVP_sha256(void) | 152 | const EVP_MD *EVP_sha256(void) |
| 159 | { return(&sha256_md); } | 153 | { return(&sha256_md); } |
| 160 | #endif /* ifndef OPENSSL_NO_SHA256 */ | 154 | #endif /* ifndef OPENSSL_NO_SHA256 */ |
| 161 | 155 | ||
| 162 | #ifndef OPENSSL_NO_SHA512 | 156 | #ifndef OPENSSL_NO_SHA512 |
| 163 | static int init384(EVP_MD_CTX *ctx) | 157 | static int init384(EVP_MD_CTX *ctx) |
| @@ -165,11 +159,8 @@ static int init384(EVP_MD_CTX *ctx) | |||
| 165 | static int init512(EVP_MD_CTX *ctx) | 159 | static int init512(EVP_MD_CTX *ctx) |
| 166 | { return SHA512_Init(ctx->md_data); } | 160 | { return SHA512_Init(ctx->md_data); } |
| 167 | /* See comment in SHA224/256 section */ | 161 | /* See comment in SHA224/256 section */ |
| 168 | static int update512(EVP_MD_CTX *ctx,const void *data,unsigned long count) | 162 | static int update512(EVP_MD_CTX *ctx,const void *data,size_t count) |
| 169 | { | 163 | { return SHA512_Update(ctx->md_data,data,count); } |
| 170 | OPENSSL_assert(sizeof(count)<=sizeof(size_t)); | ||
| 171 | return SHA512_Update(ctx->md_data,data,count); | ||
| 172 | } | ||
| 173 | static int final512(EVP_MD_CTX *ctx,unsigned char *md) | 164 | static int final512(EVP_MD_CTX *ctx,unsigned char *md) |
| 174 | { return SHA512_Final(md,ctx->md_data); } | 165 | { return SHA512_Final(md,ctx->md_data); } |
| 175 | 166 | ||
| @@ -178,7 +169,7 @@ static const EVP_MD sha384_md= | |||
| 178 | NID_sha384, | 169 | NID_sha384, |
| 179 | NID_sha384WithRSAEncryption, | 170 | NID_sha384WithRSAEncryption, |
| 180 | SHA384_DIGEST_LENGTH, | 171 | SHA384_DIGEST_LENGTH, |
| 181 | EVP_MD_FLAG_FIPS, | 172 | 0, |
| 182 | init384, | 173 | init384, |
| 183 | update512, | 174 | update512, |
| 184 | final512, | 175 | final512, |
| @@ -197,7 +188,7 @@ static const EVP_MD sha512_md= | |||
| 197 | NID_sha512, | 188 | NID_sha512, |
| 198 | NID_sha512WithRSAEncryption, | 189 | NID_sha512WithRSAEncryption, |
| 199 | SHA512_DIGEST_LENGTH, | 190 | SHA512_DIGEST_LENGTH, |
| 200 | EVP_MD_FLAG_FIPS, | 191 | 0, |
| 201 | init512, | 192 | init512, |
| 202 | update512, | 193 | update512, |
| 203 | final512, | 194 | final512, |
| @@ -210,5 +201,4 @@ static const EVP_MD sha512_md= | |||
| 210 | 201 | ||
| 211 | const EVP_MD *EVP_sha512(void) | 202 | const EVP_MD *EVP_sha512(void) |
| 212 | { return(&sha512_md); } | 203 | { return(&sha512_md); } |
| 213 | #endif /* ifndef OPENSSL_NO_SHA512 */ | 204 | #endif /* ifndef OPENSSL_NO_SHA512 */ |
| 214 | #endif /* ifdef OPENSSL_FIPS */ | ||
diff --git a/src/lib/libssl/src/crypto/evp/names.c b/src/lib/libssl/src/crypto/evp/names.c index 7712453046..88c1e780dd 100644 --- a/src/lib/libssl/src/crypto/evp/names.c +++ b/src/lib/libssl/src/crypto/evp/names.c | |||
| @@ -61,17 +61,14 @@ | |||
| 61 | #include <openssl/evp.h> | 61 | #include <openssl/evp.h> |
| 62 | #include <openssl/objects.h> | 62 | #include <openssl/objects.h> |
| 63 | #include <openssl/x509.h> | 63 | #include <openssl/x509.h> |
| 64 | #ifdef OPENSSL_FIPS | ||
| 65 | #include <openssl/fips.h> | ||
| 66 | #endif | ||
| 67 | 64 | ||
| 68 | int EVP_add_cipher(const EVP_CIPHER *c) | 65 | int EVP_add_cipher(const EVP_CIPHER *c) |
| 69 | { | 66 | { |
| 70 | int r; | 67 | int r; |
| 71 | 68 | ||
| 72 | r=OBJ_NAME_add(OBJ_nid2sn(c->nid),OBJ_NAME_TYPE_CIPHER_METH,(char *)c); | 69 | r=OBJ_NAME_add(OBJ_nid2sn(c->nid),OBJ_NAME_TYPE_CIPHER_METH,(const char *)c); |
| 73 | if (r == 0) return(0); | 70 | if (r == 0) return(0); |
| 74 | r=OBJ_NAME_add(OBJ_nid2ln(c->nid),OBJ_NAME_TYPE_CIPHER_METH,(char *)c); | 71 | r=OBJ_NAME_add(OBJ_nid2ln(c->nid),OBJ_NAME_TYPE_CIPHER_METH,(const char *)c); |
| 75 | return(r); | 72 | return(r); |
| 76 | } | 73 | } |
| 77 | 74 | ||
| @@ -81,9 +78,9 @@ int EVP_add_digest(const EVP_MD *md) | |||
| 81 | const char *name; | 78 | const char *name; |
| 82 | 79 | ||
| 83 | name=OBJ_nid2sn(md->type); | 80 | name=OBJ_nid2sn(md->type); |
| 84 | r=OBJ_NAME_add(name,OBJ_NAME_TYPE_MD_METH,(char *)md); | 81 | r=OBJ_NAME_add(name,OBJ_NAME_TYPE_MD_METH,(const char *)md); |
| 85 | if (r == 0) return(0); | 82 | if (r == 0) return(0); |
| 86 | r=OBJ_NAME_add(OBJ_nid2ln(md->type),OBJ_NAME_TYPE_MD_METH,(char *)md); | 83 | r=OBJ_NAME_add(OBJ_nid2ln(md->type),OBJ_NAME_TYPE_MD_METH,(const char *)md); |
| 87 | if (r == 0) return(0); | 84 | if (r == 0) return(0); |
| 88 | 85 | ||
| 89 | if (md->type != md->pkey_type) | 86 | if (md->type != md->pkey_type) |
diff --git a/src/lib/libssl/src/crypto/evp/p5_crpt.c b/src/lib/libssl/src/crypto/evp/p5_crpt.c index a1874e83b2..48d50014a0 100644 --- a/src/lib/libssl/src/crypto/evp/p5_crpt.c +++ b/src/lib/libssl/src/crypto/evp/p5_crpt.c | |||
| @@ -110,12 +110,18 @@ int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen, | |||
| 110 | int i; | 110 | int i; |
| 111 | PBEPARAM *pbe; | 111 | PBEPARAM *pbe; |
| 112 | int saltlen, iter; | 112 | int saltlen, iter; |
| 113 | unsigned char *salt, *pbuf; | 113 | unsigned char *salt; |
| 114 | const unsigned char *pbuf; | ||
| 114 | 115 | ||
| 115 | /* Extract useful info from parameter */ | 116 | /* Extract useful info from parameter */ |
| 117 | if (param == NULL || param->type != V_ASN1_SEQUENCE || | ||
| 118 | param->value.sequence == NULL) { | ||
| 119 | EVPerr(EVP_F_PKCS5_PBE_KEYIVGEN,EVP_R_DECODE_ERROR); | ||
| 120 | return 0; | ||
| 121 | } | ||
| 122 | |||
| 116 | pbuf = param->value.sequence->data; | 123 | pbuf = param->value.sequence->data; |
| 117 | if (!param || (param->type != V_ASN1_SEQUENCE) || | 124 | if (!(pbe = d2i_PBEPARAM(NULL, &pbuf, param->value.sequence->length))) { |
| 118 | !(pbe = d2i_PBEPARAM (NULL, &pbuf, param->value.sequence->length))) { | ||
| 119 | EVPerr(EVP_F_PKCS5_PBE_KEYIVGEN,EVP_R_DECODE_ERROR); | 125 | EVPerr(EVP_F_PKCS5_PBE_KEYIVGEN,EVP_R_DECODE_ERROR); |
| 120 | return 0; | 126 | return 0; |
| 121 | } | 127 | } |
| @@ -140,7 +146,7 @@ int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen, | |||
| 140 | EVP_DigestFinal_ex (&ctx, md_tmp, NULL); | 146 | EVP_DigestFinal_ex (&ctx, md_tmp, NULL); |
| 141 | } | 147 | } |
| 142 | EVP_MD_CTX_cleanup(&ctx); | 148 | EVP_MD_CTX_cleanup(&ctx); |
| 143 | OPENSSL_assert(EVP_CIPHER_key_length(cipher) <= sizeof md_tmp); | 149 | OPENSSL_assert(EVP_CIPHER_key_length(cipher) <= (int)sizeof(md_tmp)); |
| 144 | memcpy(key, md_tmp, EVP_CIPHER_key_length(cipher)); | 150 | memcpy(key, md_tmp, EVP_CIPHER_key_length(cipher)); |
| 145 | OPENSSL_assert(EVP_CIPHER_iv_length(cipher) <= 16); | 151 | OPENSSL_assert(EVP_CIPHER_iv_length(cipher) <= 16); |
| 146 | memcpy(iv, md_tmp + (16 - EVP_CIPHER_iv_length(cipher)), | 152 | memcpy(iv, md_tmp + (16 - EVP_CIPHER_iv_length(cipher)), |
diff --git a/src/lib/libssl/src/crypto/evp/p5_crpt2.c b/src/lib/libssl/src/crypto/evp/p5_crpt2.c index 1d5fabc4b2..c969d5a206 100644 --- a/src/lib/libssl/src/crypto/evp/p5_crpt2.c +++ b/src/lib/libssl/src/crypto/evp/p5_crpt2.c | |||
| @@ -55,10 +55,10 @@ | |||
| 55 | * Hudson (tjh@cryptsoft.com). | 55 | * Hudson (tjh@cryptsoft.com). |
| 56 | * | 56 | * |
| 57 | */ | 57 | */ |
| 58 | #if !defined(OPENSSL_NO_HMAC) && !defined(OPENSSL_NO_SHA) | ||
| 59 | #include <stdio.h> | 58 | #include <stdio.h> |
| 60 | #include <stdlib.h> | 59 | #include <stdlib.h> |
| 61 | #include "cryptlib.h" | 60 | #include "cryptlib.h" |
| 61 | #if !defined(OPENSSL_NO_HMAC) && !defined(OPENSSL_NO_SHA) | ||
| 62 | #include <openssl/x509.h> | 62 | #include <openssl/x509.h> |
| 63 | #include <openssl/evp.h> | 63 | #include <openssl/evp.h> |
| 64 | #include <openssl/hmac.h> | 64 | #include <openssl/hmac.h> |
| @@ -77,7 +77,7 @@ | |||
| 77 | */ | 77 | */ |
| 78 | 78 | ||
| 79 | int PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen, | 79 | int PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen, |
| 80 | unsigned char *salt, int saltlen, int iter, | 80 | const unsigned char *salt, int saltlen, int iter, |
| 81 | int keylen, unsigned char *out) | 81 | int keylen, unsigned char *out) |
| 82 | { | 82 | { |
| 83 | unsigned char digtmp[SHA_DIGEST_LENGTH], *p, itmp[4]; | 83 | unsigned char digtmp[SHA_DIGEST_LENGTH], *p, itmp[4]; |
| @@ -148,16 +148,23 @@ int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, | |||
| 148 | ASN1_TYPE *param, const EVP_CIPHER *c, const EVP_MD *md, | 148 | ASN1_TYPE *param, const EVP_CIPHER *c, const EVP_MD *md, |
| 149 | int en_de) | 149 | int en_de) |
| 150 | { | 150 | { |
| 151 | unsigned char *pbuf, *salt, key[EVP_MAX_KEY_LENGTH]; | 151 | unsigned char *salt, key[EVP_MAX_KEY_LENGTH]; |
| 152 | int saltlen, keylen, iter, plen; | 152 | const unsigned char *pbuf; |
| 153 | int saltlen, iter, plen; | ||
| 154 | unsigned int keylen; | ||
| 153 | PBE2PARAM *pbe2 = NULL; | 155 | PBE2PARAM *pbe2 = NULL; |
| 154 | const EVP_CIPHER *cipher; | 156 | const EVP_CIPHER *cipher; |
| 155 | PBKDF2PARAM *kdf = NULL; | 157 | PBKDF2PARAM *kdf = NULL; |
| 156 | 158 | ||
| 159 | if (param == NULL || param->type != V_ASN1_SEQUENCE || | ||
| 160 | param->value.sequence == NULL) { | ||
| 161 | EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN,EVP_R_DECODE_ERROR); | ||
| 162 | return 0; | ||
| 163 | } | ||
| 164 | |||
| 157 | pbuf = param->value.sequence->data; | 165 | pbuf = param->value.sequence->data; |
| 158 | plen = param->value.sequence->length; | 166 | plen = param->value.sequence->length; |
| 159 | if(!param || (param->type != V_ASN1_SEQUENCE) || | 167 | if(!(pbe2 = d2i_PBE2PARAM(NULL, &pbuf, plen))) { |
| 160 | !(pbe2 = d2i_PBE2PARAM(NULL, &pbuf, plen))) { | ||
| 161 | EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN,EVP_R_DECODE_ERROR); | 168 | EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN,EVP_R_DECODE_ERROR); |
| 162 | return 0; | 169 | return 0; |
| 163 | } | 170 | } |
| @@ -213,7 +220,7 @@ int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, | |||
| 213 | 220 | ||
| 214 | /* Now check the parameters of the kdf */ | 221 | /* Now check the parameters of the kdf */ |
| 215 | 222 | ||
| 216 | if(kdf->keylength && (ASN1_INTEGER_get(kdf->keylength) != keylen)){ | 223 | if(kdf->keylength && (ASN1_INTEGER_get(kdf->keylength) != (int)keylen)){ |
| 217 | EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN, | 224 | EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN, |
| 218 | EVP_R_UNSUPPORTED_KEYLENGTH); | 225 | EVP_R_UNSUPPORTED_KEYLENGTH); |
| 219 | goto err; | 226 | goto err; |
diff --git a/src/lib/libssl/src/crypto/evp/p_dec.c b/src/lib/libssl/src/crypto/evp/p_dec.c index 8af620400e..f64901f653 100644 --- a/src/lib/libssl/src/crypto/evp/p_dec.c +++ b/src/lib/libssl/src/crypto/evp/p_dec.c | |||
| @@ -66,7 +66,7 @@ | |||
| 66 | #include <openssl/objects.h> | 66 | #include <openssl/objects.h> |
| 67 | #include <openssl/x509.h> | 67 | #include <openssl/x509.h> |
| 68 | 68 | ||
| 69 | int EVP_PKEY_decrypt(unsigned char *key, unsigned char *ek, int ekl, | 69 | int EVP_PKEY_decrypt(unsigned char *key, const unsigned char *ek, int ekl, |
| 70 | EVP_PKEY *priv) | 70 | EVP_PKEY *priv) |
| 71 | { | 71 | { |
| 72 | int ret= -1; | 72 | int ret= -1; |
diff --git a/src/lib/libssl/src/crypto/evp/p_enc.c b/src/lib/libssl/src/crypto/evp/p_enc.c index 656883b996..c2dfdc52ad 100644 --- a/src/lib/libssl/src/crypto/evp/p_enc.c +++ b/src/lib/libssl/src/crypto/evp/p_enc.c | |||
| @@ -66,7 +66,7 @@ | |||
| 66 | #include <openssl/objects.h> | 66 | #include <openssl/objects.h> |
| 67 | #include <openssl/x509.h> | 67 | #include <openssl/x509.h> |
| 68 | 68 | ||
| 69 | int EVP_PKEY_encrypt(unsigned char *ek, unsigned char *key, int key_len, | 69 | int EVP_PKEY_encrypt(unsigned char *ek, const unsigned char *key, int key_len, |
| 70 | EVP_PKEY *pubk) | 70 | EVP_PKEY *pubk) |
| 71 | { | 71 | { |
| 72 | int ret=0; | 72 | int ret=0; |
diff --git a/src/lib/libssl/src/crypto/evp/p_lib.c b/src/lib/libssl/src/crypto/evp/p_lib.c index 215b94292a..22155ecf62 100644 --- a/src/lib/libssl/src/crypto/evp/p_lib.c +++ b/src/lib/libssl/src/crypto/evp/p_lib.c | |||
| @@ -58,24 +58,60 @@ | |||
| 58 | 58 | ||
| 59 | #include <stdio.h> | 59 | #include <stdio.h> |
| 60 | #include "cryptlib.h" | 60 | #include "cryptlib.h" |
| 61 | #include <openssl/bn.h> | ||
| 62 | #include <openssl/err.h> | ||
| 61 | #include <openssl/objects.h> | 63 | #include <openssl/objects.h> |
| 62 | #include <openssl/evp.h> | 64 | #include <openssl/evp.h> |
| 63 | #include <openssl/asn1_mac.h> | 65 | #include <openssl/asn1_mac.h> |
| 64 | #include <openssl/x509.h> | 66 | #include <openssl/x509.h> |
| 67 | #ifndef OPENSSL_NO_RSA | ||
| 68 | #include <openssl/rsa.h> | ||
| 69 | #endif | ||
| 70 | #ifndef OPENSSL_NO_DSA | ||
| 71 | #include <openssl/dsa.h> | ||
| 72 | #endif | ||
| 73 | #ifndef OPENSSL_NO_DH | ||
| 74 | #include <openssl/dh.h> | ||
| 75 | #endif | ||
| 65 | 76 | ||
| 66 | static void EVP_PKEY_free_it(EVP_PKEY *x); | 77 | static void EVP_PKEY_free_it(EVP_PKEY *x); |
| 67 | 78 | ||
| 68 | int EVP_PKEY_bits(EVP_PKEY *pkey) | 79 | int EVP_PKEY_bits(EVP_PKEY *pkey) |
| 69 | { | 80 | { |
| 81 | if (0) | ||
| 82 | return 0; | ||
| 70 | #ifndef OPENSSL_NO_RSA | 83 | #ifndef OPENSSL_NO_RSA |
| 71 | if (pkey->type == EVP_PKEY_RSA) | 84 | else if (pkey->type == EVP_PKEY_RSA) |
| 72 | return(BN_num_bits(pkey->pkey.rsa->n)); | 85 | return(BN_num_bits(pkey->pkey.rsa->n)); |
| 73 | else | ||
| 74 | #endif | 86 | #endif |
| 75 | #ifndef OPENSSL_NO_DSA | 87 | #ifndef OPENSSL_NO_DSA |
| 76 | if (pkey->type == EVP_PKEY_DSA) | 88 | else if (pkey->type == EVP_PKEY_DSA) |
| 77 | return(BN_num_bits(pkey->pkey.dsa->p)); | 89 | return(BN_num_bits(pkey->pkey.dsa->p)); |
| 78 | #endif | 90 | #endif |
| 91 | #ifndef OPENSSL_NO_EC | ||
| 92 | else if (pkey->type == EVP_PKEY_EC) | ||
| 93 | { | ||
| 94 | BIGNUM *order = BN_new(); | ||
| 95 | const EC_GROUP *group; | ||
| 96 | int ret; | ||
| 97 | |||
| 98 | if (!order) | ||
| 99 | { | ||
| 100 | ERR_clear_error(); | ||
| 101 | return 0; | ||
| 102 | } | ||
| 103 | group = EC_KEY_get0_group(pkey->pkey.ec); | ||
| 104 | if (!EC_GROUP_get_order(group, order, NULL)) | ||
| 105 | { | ||
| 106 | ERR_clear_error(); | ||
| 107 | return 0; | ||
| 108 | } | ||
| 109 | |||
| 110 | ret = BN_num_bits(order); | ||
| 111 | BN_free(order); | ||
| 112 | return ret; | ||
| 113 | } | ||
| 114 | #endif | ||
| 79 | return(0); | 115 | return(0); |
| 80 | } | 116 | } |
| 81 | 117 | ||
| @@ -92,6 +128,11 @@ int EVP_PKEY_size(EVP_PKEY *pkey) | |||
| 92 | if (pkey->type == EVP_PKEY_DSA) | 128 | if (pkey->type == EVP_PKEY_DSA) |
| 93 | return(DSA_size(pkey->pkey.dsa)); | 129 | return(DSA_size(pkey->pkey.dsa)); |
| 94 | #endif | 130 | #endif |
| 131 | #ifndef OPENSSL_NO_ECDSA | ||
| 132 | if (pkey->type == EVP_PKEY_EC) | ||
| 133 | return(ECDSA_size(pkey->pkey.ec)); | ||
| 134 | #endif | ||
| 135 | |||
| 95 | return(0); | 136 | return(0); |
| 96 | } | 137 | } |
| 97 | 138 | ||
| @@ -107,10 +148,20 @@ int EVP_PKEY_save_parameters(EVP_PKEY *pkey, int mode) | |||
| 107 | return(ret); | 148 | return(ret); |
| 108 | } | 149 | } |
| 109 | #endif | 150 | #endif |
| 151 | #ifndef OPENSSL_NO_EC | ||
| 152 | if (pkey->type == EVP_PKEY_EC) | ||
| 153 | { | ||
| 154 | int ret = pkey->save_parameters; | ||
| 155 | |||
| 156 | if (mode >= 0) | ||
| 157 | pkey->save_parameters = mode; | ||
| 158 | return(ret); | ||
| 159 | } | ||
| 160 | #endif | ||
| 110 | return(0); | 161 | return(0); |
| 111 | } | 162 | } |
| 112 | 163 | ||
| 113 | int EVP_PKEY_copy_parameters(EVP_PKEY *to, EVP_PKEY *from) | 164 | int EVP_PKEY_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from) |
| 114 | { | 165 | { |
| 115 | if (to->type != from->type) | 166 | if (to->type != from->type) |
| 116 | { | 167 | { |
| @@ -141,12 +192,23 @@ int EVP_PKEY_copy_parameters(EVP_PKEY *to, EVP_PKEY *from) | |||
| 141 | to->pkey.dsa->g=a; | 192 | to->pkey.dsa->g=a; |
| 142 | } | 193 | } |
| 143 | #endif | 194 | #endif |
| 195 | #ifndef OPENSSL_NO_EC | ||
| 196 | if (to->type == EVP_PKEY_EC) | ||
| 197 | { | ||
| 198 | EC_GROUP *group = EC_GROUP_dup(EC_KEY_get0_group(from->pkey.ec)); | ||
| 199 | if (group == NULL) | ||
| 200 | goto err; | ||
| 201 | if (EC_KEY_set_group(to->pkey.ec, group) == 0) | ||
| 202 | goto err; | ||
| 203 | EC_GROUP_free(group); | ||
| 204 | } | ||
| 205 | #endif | ||
| 144 | return(1); | 206 | return(1); |
| 145 | err: | 207 | err: |
| 146 | return(0); | 208 | return(0); |
| 147 | } | 209 | } |
| 148 | 210 | ||
| 149 | int EVP_PKEY_missing_parameters(EVP_PKEY *pkey) | 211 | int EVP_PKEY_missing_parameters(const EVP_PKEY *pkey) |
| 150 | { | 212 | { |
| 151 | #ifndef OPENSSL_NO_DSA | 213 | #ifndef OPENSSL_NO_DSA |
| 152 | if (pkey->type == EVP_PKEY_DSA) | 214 | if (pkey->type == EVP_PKEY_DSA) |
| @@ -158,10 +220,18 @@ int EVP_PKEY_missing_parameters(EVP_PKEY *pkey) | |||
| 158 | return(1); | 220 | return(1); |
| 159 | } | 221 | } |
| 160 | #endif | 222 | #endif |
| 223 | #ifndef OPENSSL_NO_EC | ||
| 224 | if (pkey->type == EVP_PKEY_EC) | ||
| 225 | { | ||
| 226 | if (EC_KEY_get0_group(pkey->pkey.ec) == NULL) | ||
| 227 | return(1); | ||
| 228 | } | ||
| 229 | #endif | ||
| 230 | |||
| 161 | return(0); | 231 | return(0); |
| 162 | } | 232 | } |
| 163 | 233 | ||
| 164 | int EVP_PKEY_cmp_parameters(EVP_PKEY *a, EVP_PKEY *b) | 234 | int EVP_PKEY_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b) |
| 165 | { | 235 | { |
| 166 | #ifndef OPENSSL_NO_DSA | 236 | #ifndef OPENSSL_NO_DSA |
| 167 | if ((a->type == EVP_PKEY_DSA) && (b->type == EVP_PKEY_DSA)) | 237 | if ((a->type == EVP_PKEY_DSA) && (b->type == EVP_PKEY_DSA)) |
| @@ -174,9 +244,72 @@ int EVP_PKEY_cmp_parameters(EVP_PKEY *a, EVP_PKEY *b) | |||
| 174 | return(1); | 244 | return(1); |
| 175 | } | 245 | } |
| 176 | #endif | 246 | #endif |
| 247 | #ifndef OPENSSL_NO_EC | ||
| 248 | if (a->type == EVP_PKEY_EC && b->type == EVP_PKEY_EC) | ||
| 249 | { | ||
| 250 | const EC_GROUP *group_a = EC_KEY_get0_group(a->pkey.ec), | ||
| 251 | *group_b = EC_KEY_get0_group(b->pkey.ec); | ||
| 252 | if (EC_GROUP_cmp(group_a, group_b, NULL)) | ||
| 253 | return 0; | ||
| 254 | else | ||
| 255 | return 1; | ||
| 256 | } | ||
| 257 | #endif | ||
| 177 | return(-1); | 258 | return(-1); |
| 178 | } | 259 | } |
| 179 | 260 | ||
| 261 | int EVP_PKEY_cmp(const EVP_PKEY *a, const EVP_PKEY *b) | ||
| 262 | { | ||
| 263 | if (a->type != b->type) | ||
| 264 | return -1; | ||
| 265 | |||
| 266 | if (EVP_PKEY_cmp_parameters(a, b) == 0) | ||
| 267 | return 0; | ||
| 268 | |||
| 269 | switch (a->type) | ||
| 270 | { | ||
| 271 | #ifndef OPENSSL_NO_RSA | ||
| 272 | case EVP_PKEY_RSA: | ||
| 273 | if (BN_cmp(b->pkey.rsa->n,a->pkey.rsa->n) != 0 | ||
| 274 | || BN_cmp(b->pkey.rsa->e,a->pkey.rsa->e) != 0) | ||
| 275 | return 0; | ||
| 276 | break; | ||
| 277 | #endif | ||
| 278 | #ifndef OPENSSL_NO_DSA | ||
| 279 | case EVP_PKEY_DSA: | ||
| 280 | if (BN_cmp(b->pkey.dsa->pub_key,a->pkey.dsa->pub_key) != 0) | ||
| 281 | return 0; | ||
| 282 | break; | ||
| 283 | #endif | ||
| 284 | #ifndef OPENSSL_NO_EC | ||
| 285 | case EVP_PKEY_EC: | ||
| 286 | { | ||
| 287 | int r; | ||
| 288 | const EC_GROUP *group = EC_KEY_get0_group(b->pkey.ec); | ||
| 289 | const EC_POINT *pa = EC_KEY_get0_public_key(a->pkey.ec), | ||
| 290 | *pb = EC_KEY_get0_public_key(b->pkey.ec); | ||
| 291 | r = EC_POINT_cmp(group, pa, pb, NULL); | ||
| 292 | if (r != 0) | ||
| 293 | { | ||
| 294 | if (r == 1) | ||
| 295 | return 0; | ||
| 296 | else | ||
| 297 | return -2; | ||
| 298 | } | ||
| 299 | } | ||
| 300 | break; | ||
| 301 | #endif | ||
| 302 | #ifndef OPENSSL_NO_DH | ||
| 303 | case EVP_PKEY_DH: | ||
| 304 | return -2; | ||
| 305 | #endif | ||
| 306 | default: | ||
| 307 | return -2; | ||
| 308 | } | ||
| 309 | |||
| 310 | return 1; | ||
| 311 | } | ||
| 312 | |||
| 180 | EVP_PKEY *EVP_PKEY_new(void) | 313 | EVP_PKEY *EVP_PKEY_new(void) |
| 181 | { | 314 | { |
| 182 | EVP_PKEY *ret; | 315 | EVP_PKEY *ret; |
| @@ -246,6 +379,29 @@ DSA *EVP_PKEY_get1_DSA(EVP_PKEY *pkey) | |||
| 246 | } | 379 | } |
| 247 | #endif | 380 | #endif |
| 248 | 381 | ||
| 382 | #ifndef OPENSSL_NO_EC | ||
| 383 | |||
| 384 | int EVP_PKEY_set1_EC_KEY(EVP_PKEY *pkey, EC_KEY *key) | ||
| 385 | { | ||
| 386 | int ret = EVP_PKEY_assign_EC_KEY(pkey,key); | ||
| 387 | if (ret) | ||
| 388 | EC_KEY_up_ref(key); | ||
| 389 | return ret; | ||
| 390 | } | ||
| 391 | |||
| 392 | EC_KEY *EVP_PKEY_get1_EC_KEY(EVP_PKEY *pkey) | ||
| 393 | { | ||
| 394 | if (pkey->type != EVP_PKEY_EC) | ||
| 395 | { | ||
| 396 | EVPerr(EVP_F_EVP_PKEY_GET1_EC_KEY, EVP_R_EXPECTING_A_EC_KEY); | ||
| 397 | return NULL; | ||
| 398 | } | ||
| 399 | EC_KEY_up_ref(pkey->pkey.ec); | ||
| 400 | return pkey->pkey.ec; | ||
| 401 | } | ||
| 402 | #endif | ||
| 403 | |||
| 404 | |||
| 249 | #ifndef OPENSSL_NO_DH | 405 | #ifndef OPENSSL_NO_DH |
| 250 | 406 | ||
| 251 | int EVP_PKEY_set1_DH(EVP_PKEY *pkey, DH *key) | 407 | int EVP_PKEY_set1_DH(EVP_PKEY *pkey, DH *key) |
| @@ -282,6 +438,8 @@ int EVP_PKEY_type(int type) | |||
| 282 | return(EVP_PKEY_DSA); | 438 | return(EVP_PKEY_DSA); |
| 283 | case EVP_PKEY_DH: | 439 | case EVP_PKEY_DH: |
| 284 | return(EVP_PKEY_DH); | 440 | return(EVP_PKEY_DH); |
| 441 | case EVP_PKEY_EC: | ||
| 442 | return(EVP_PKEY_EC); | ||
| 285 | default: | 443 | default: |
| 286 | return(NID_undef); | 444 | return(NID_undef); |
| 287 | } | 445 | } |
| @@ -306,6 +464,8 @@ void EVP_PKEY_free(EVP_PKEY *x) | |||
| 306 | } | 464 | } |
| 307 | #endif | 465 | #endif |
| 308 | EVP_PKEY_free_it(x); | 466 | EVP_PKEY_free_it(x); |
| 467 | if (x->attributes) | ||
| 468 | sk_X509_ATTRIBUTE_pop_free(x->attributes, X509_ATTRIBUTE_free); | ||
| 309 | OPENSSL_free(x); | 469 | OPENSSL_free(x); |
| 310 | } | 470 | } |
| 311 | 471 | ||
| @@ -327,6 +487,11 @@ static void EVP_PKEY_free_it(EVP_PKEY *x) | |||
| 327 | DSA_free(x->pkey.dsa); | 487 | DSA_free(x->pkey.dsa); |
| 328 | break; | 488 | break; |
| 329 | #endif | 489 | #endif |
| 490 | #ifndef OPENSSL_NO_EC | ||
| 491 | case EVP_PKEY_EC: | ||
| 492 | EC_KEY_free(x->pkey.ec); | ||
| 493 | break; | ||
| 494 | #endif | ||
| 330 | #ifndef OPENSSL_NO_DH | 495 | #ifndef OPENSSL_NO_DH |
| 331 | case EVP_PKEY_DH: | 496 | case EVP_PKEY_DH: |
| 332 | DH_free(x->pkey.dh); | 497 | DH_free(x->pkey.dh); |
diff --git a/src/lib/libssl/src/crypto/evp/p_open.c b/src/lib/libssl/src/crypto/evp/p_open.c index 5a933d1cda..9935206d0f 100644 --- a/src/lib/libssl/src/crypto/evp/p_open.c +++ b/src/lib/libssl/src/crypto/evp/p_open.c | |||
| @@ -56,15 +56,19 @@ | |||
| 56 | * [including the GNU Public Licence.] | 56 | * [including the GNU Public Licence.] |
| 57 | */ | 57 | */ |
| 58 | 58 | ||
| 59 | #ifndef OPENSSL_NO_RSA | ||
| 60 | #include <stdio.h> | 59 | #include <stdio.h> |
| 61 | #include "cryptlib.h" | 60 | #include "cryptlib.h" |
| 61 | |||
| 62 | #ifndef OPENSSL_NO_RSA | ||
| 63 | |||
| 62 | #include <openssl/evp.h> | 64 | #include <openssl/evp.h> |
| 63 | #include <openssl/objects.h> | 65 | #include <openssl/objects.h> |
| 64 | #include <openssl/x509.h> | 66 | #include <openssl/x509.h> |
| 67 | #include <openssl/rsa.h> | ||
| 65 | 68 | ||
| 66 | int EVP_OpenInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, unsigned char *ek, | 69 | int EVP_OpenInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, |
| 67 | int ekl, unsigned char *iv, EVP_PKEY *priv) | 70 | const unsigned char *ek, int ekl, const unsigned char *iv, |
| 71 | EVP_PKEY *priv) | ||
| 68 | { | 72 | { |
| 69 | unsigned char *key=NULL; | 73 | unsigned char *key=NULL; |
| 70 | int i,size=0,ret=0; | 74 | int i,size=0,ret=0; |
diff --git a/src/lib/libssl/src/crypto/evp/p_seal.c b/src/lib/libssl/src/crypto/evp/p_seal.c index 37e547fe72..8cc8fcb0bd 100644 --- a/src/lib/libssl/src/crypto/evp/p_seal.c +++ b/src/lib/libssl/src/crypto/evp/p_seal.c | |||
| @@ -78,7 +78,7 @@ int EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, unsigned char **ek | |||
| 78 | } | 78 | } |
| 79 | if ((npubk <= 0) || !pubk) | 79 | if ((npubk <= 0) || !pubk) |
| 80 | return 1; | 80 | return 1; |
| 81 | if (RAND_bytes(key,EVP_MAX_KEY_LENGTH) <= 0) | 81 | if (EVP_CIPHER_CTX_rand_key(ctx, key) <= 0) |
| 82 | return 0; | 82 | return 0; |
| 83 | if (EVP_CIPHER_CTX_iv_length(ctx)) | 83 | if (EVP_CIPHER_CTX_iv_length(ctx)) |
| 84 | RAND_pseudo_bytes(iv,EVP_CIPHER_CTX_iv_length(ctx)); | 84 | RAND_pseudo_bytes(iv,EVP_CIPHER_CTX_iv_length(ctx)); |
diff --git a/src/lib/libssl/src/crypto/evp/p_verify.c b/src/lib/libssl/src/crypto/evp/p_verify.c index d854d743a5..21a40a375e 100644 --- a/src/lib/libssl/src/crypto/evp/p_verify.c +++ b/src/lib/libssl/src/crypto/evp/p_verify.c | |||
| @@ -62,7 +62,7 @@ | |||
| 62 | #include <openssl/objects.h> | 62 | #include <openssl/objects.h> |
| 63 | #include <openssl/x509.h> | 63 | #include <openssl/x509.h> |
| 64 | 64 | ||
| 65 | int EVP_VerifyFinal(EVP_MD_CTX *ctx, unsigned char *sigbuf, | 65 | int EVP_VerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sigbuf, |
| 66 | unsigned int siglen, EVP_PKEY *pkey) | 66 | unsigned int siglen, EVP_PKEY *pkey) |
| 67 | { | 67 | { |
| 68 | unsigned char m[EVP_MAX_MD_SIZE]; | 68 | unsigned char m[EVP_MAX_MD_SIZE]; |
diff --git a/src/lib/libssl/src/crypto/ex_data.c b/src/lib/libssl/src/crypto/ex_data.c index 5b2e345c27..3b11e7a556 100644 --- a/src/lib/libssl/src/crypto/ex_data.c +++ b/src/lib/libssl/src/crypto/ex_data.c | |||
| @@ -138,12 +138,8 @@ | |||
| 138 | * | 138 | * |
| 139 | */ | 139 | */ |
| 140 | 140 | ||
| 141 | #include <stdio.h> | ||
| 142 | #include <stdlib.h> | ||
| 143 | #include <openssl/buffer.h> | ||
| 144 | #include <openssl/bio.h> | ||
| 145 | #include <openssl/lhash.h> | ||
| 146 | #include "cryptlib.h" | 141 | #include "cryptlib.h" |
| 142 | #include <openssl/lhash.h> | ||
| 147 | 143 | ||
| 148 | /* What an "implementation of ex_data functionality" looks like */ | 144 | /* What an "implementation of ex_data functionality" looks like */ |
| 149 | struct st_CRYPTO_EX_DATA_IMPL | 145 | struct st_CRYPTO_EX_DATA_IMPL |
| @@ -287,7 +283,7 @@ static void def_cleanup_util_cb(CRYPTO_EX_DATA_FUNCS *funcs) | |||
| 287 | /* This callback is used in lh_doall to destroy all EX_CLASS_ITEM values from | 283 | /* This callback is used in lh_doall to destroy all EX_CLASS_ITEM values from |
| 288 | * "ex_data" prior to the ex_data hash table being itself destroyed. Doesn't do | 284 | * "ex_data" prior to the ex_data hash table being itself destroyed. Doesn't do |
| 289 | * any locking. */ | 285 | * any locking. */ |
| 290 | static void def_cleanup_cb(const void *a_void) | 286 | static void def_cleanup_cb(void *a_void) |
| 291 | { | 287 | { |
| 292 | EX_CLASS_ITEM *item = (EX_CLASS_ITEM *)a_void; | 288 | EX_CLASS_ITEM *item = (EX_CLASS_ITEM *)a_void; |
| 293 | sk_CRYPTO_EX_DATA_FUNCS_pop_free(item->meth, def_cleanup_util_cb); | 289 | sk_CRYPTO_EX_DATA_FUNCS_pop_free(item->meth, def_cleanup_util_cb); |
| @@ -358,7 +354,7 @@ static int def_add_index(EX_CLASS_ITEM *item, long argl, void *argp, | |||
| 358 | } | 354 | } |
| 359 | } | 355 | } |
| 360 | toret = item->meth_num++; | 356 | toret = item->meth_num++; |
| 361 | sk_CRYPTO_EX_DATA_FUNCS_set(item->meth, toret, a); | 357 | (void)sk_CRYPTO_EX_DATA_FUNCS_set(item->meth, toret, a); |
| 362 | err: | 358 | err: |
| 363 | CRYPTO_w_unlock(CRYPTO_LOCK_EX_DATA); | 359 | CRYPTO_w_unlock(CRYPTO_LOCK_EX_DATA); |
| 364 | return toret; | 360 | return toret; |
diff --git a/src/lib/libssl/src/crypto/hmac/hmac.c b/src/lib/libssl/src/crypto/hmac/hmac.c index 6c110bd52b..c45e001492 100644 --- a/src/lib/libssl/src/crypto/hmac/hmac.c +++ b/src/lib/libssl/src/crypto/hmac/hmac.c | |||
| @@ -58,10 +58,8 @@ | |||
| 58 | #include <stdio.h> | 58 | #include <stdio.h> |
| 59 | #include <stdlib.h> | 59 | #include <stdlib.h> |
| 60 | #include <string.h> | 60 | #include <string.h> |
| 61 | #include <openssl/hmac.h> | ||
| 62 | #include "cryptlib.h" | 61 | #include "cryptlib.h" |
| 63 | 62 | #include <openssl/hmac.h> | |
| 64 | #ifndef OPENSSL_FIPS | ||
| 65 | 63 | ||
| 66 | void HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len, | 64 | void HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len, |
| 67 | const EVP_MD *md, ENGINE *impl) | 65 | const EVP_MD *md, ENGINE *impl) |
| @@ -81,7 +79,7 @@ void HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len, | |||
| 81 | { | 79 | { |
| 82 | reset=1; | 80 | reset=1; |
| 83 | j=EVP_MD_block_size(md); | 81 | j=EVP_MD_block_size(md); |
| 84 | OPENSSL_assert(j <= sizeof ctx->key); | 82 | OPENSSL_assert(j <= (int)sizeof(ctx->key)); |
| 85 | if (j < len) | 83 | if (j < len) |
| 86 | { | 84 | { |
| 87 | EVP_DigestInit_ex(&ctx->md_ctx,md, impl); | 85 | EVP_DigestInit_ex(&ctx->md_ctx,md, impl); |
| @@ -91,7 +89,7 @@ void HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len, | |||
| 91 | } | 89 | } |
| 92 | else | 90 | else |
| 93 | { | 91 | { |
| 94 | OPENSSL_assert(len <= sizeof ctx->key); | 92 | OPENSSL_assert(len>=0 && len<=(int)sizeof(ctx->key)); |
| 95 | memcpy(ctx->key,key,len); | 93 | memcpy(ctx->key,key,len); |
| 96 | ctx->key_length=len; | 94 | ctx->key_length=len; |
| 97 | } | 95 | } |
| @@ -123,7 +121,7 @@ void HMAC_Init(HMAC_CTX *ctx, const void *key, int len, | |||
| 123 | HMAC_Init_ex(ctx,key,len,md, NULL); | 121 | HMAC_Init_ex(ctx,key,len,md, NULL); |
| 124 | } | 122 | } |
| 125 | 123 | ||
| 126 | void HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, int len) | 124 | void HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, size_t len) |
| 127 | { | 125 | { |
| 128 | EVP_DigestUpdate(&ctx->md_ctx,data,len); | 126 | EVP_DigestUpdate(&ctx->md_ctx,data,len); |
| 129 | } | 127 | } |
| @@ -158,7 +156,7 @@ void HMAC_CTX_cleanup(HMAC_CTX *ctx) | |||
| 158 | } | 156 | } |
| 159 | 157 | ||
| 160 | unsigned char *HMAC(const EVP_MD *evp_md, const void *key, int key_len, | 158 | unsigned char *HMAC(const EVP_MD *evp_md, const void *key, int key_len, |
| 161 | const unsigned char *d, int n, unsigned char *md, | 159 | const unsigned char *d, size_t n, unsigned char *md, |
| 162 | unsigned int *md_len) | 160 | unsigned int *md_len) |
| 163 | { | 161 | { |
| 164 | HMAC_CTX c; | 162 | HMAC_CTX c; |
| @@ -173,11 +171,3 @@ unsigned char *HMAC(const EVP_MD *evp_md, const void *key, int key_len, | |||
| 173 | return(md); | 171 | return(md); |
| 174 | } | 172 | } |
| 175 | 173 | ||
| 176 | void HMAC_CTX_set_flags(HMAC_CTX *ctx, unsigned long flags) | ||
| 177 | { | ||
| 178 | EVP_MD_CTX_set_flags(&ctx->i_ctx, flags); | ||
| 179 | EVP_MD_CTX_set_flags(&ctx->o_ctx, flags); | ||
| 180 | EVP_MD_CTX_set_flags(&ctx->md_ctx, flags); | ||
| 181 | } | ||
| 182 | |||
| 183 | #endif | ||
diff --git a/src/lib/libssl/src/crypto/hmac/hmac.h b/src/lib/libssl/src/crypto/hmac/hmac.h index c6489c04c8..719fc408ac 100644 --- a/src/lib/libssl/src/crypto/hmac/hmac.h +++ b/src/lib/libssl/src/crypto/hmac/hmac.h | |||
| @@ -58,17 +58,15 @@ | |||
| 58 | #ifndef HEADER_HMAC_H | 58 | #ifndef HEADER_HMAC_H |
| 59 | #define HEADER_HMAC_H | 59 | #define HEADER_HMAC_H |
| 60 | 60 | ||
| 61 | #include <openssl/opensslconf.h> | ||
| 62 | |||
| 61 | #ifdef OPENSSL_NO_HMAC | 63 | #ifdef OPENSSL_NO_HMAC |
| 62 | #error HMAC is disabled. | 64 | #error HMAC is disabled. |
| 63 | #endif | 65 | #endif |
| 64 | 66 | ||
| 65 | #include <openssl/evp.h> | 67 | #include <openssl/evp.h> |
| 66 | 68 | ||
| 67 | #ifdef OPENSSL_FIPS | 69 | #define HMAC_MAX_MD_CBLOCK 128 /* largest known is SHA512 */ |
| 68 | #define HMAC_MAX_MD_CBLOCK 128 | ||
| 69 | #else | ||
| 70 | #define HMAC_MAX_MD_CBLOCK 64 | ||
| 71 | #endif | ||
| 72 | 70 | ||
| 73 | #ifdef __cplusplus | 71 | #ifdef __cplusplus |
| 74 | extern "C" { | 72 | extern "C" { |
| @@ -96,13 +94,12 @@ void HMAC_Init(HMAC_CTX *ctx, const void *key, int len, | |||
| 96 | const EVP_MD *md); /* deprecated */ | 94 | const EVP_MD *md); /* deprecated */ |
| 97 | void HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len, | 95 | void HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len, |
| 98 | const EVP_MD *md, ENGINE *impl); | 96 | const EVP_MD *md, ENGINE *impl); |
| 99 | void HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, int len); | 97 | void HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, size_t len); |
| 100 | void HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len); | 98 | void HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len); |
| 101 | unsigned char *HMAC(const EVP_MD *evp_md, const void *key, int key_len, | 99 | unsigned char *HMAC(const EVP_MD *evp_md, const void *key, int key_len, |
| 102 | const unsigned char *d, int n, unsigned char *md, | 100 | const unsigned char *d, size_t n, unsigned char *md, |
| 103 | unsigned int *md_len); | 101 | unsigned int *md_len); |
| 104 | 102 | ||
| 105 | void HMAC_CTX_set_flags(HMAC_CTX *ctx, unsigned long flags); | ||
| 106 | 103 | ||
| 107 | #ifdef __cplusplus | 104 | #ifdef __cplusplus |
| 108 | } | 105 | } |
diff --git a/src/lib/libssl/src/crypto/idea/idea.h b/src/lib/libssl/src/crypto/idea/idea.h index bf41844fd7..bf97a37e39 100644 --- a/src/lib/libssl/src/crypto/idea/idea.h +++ b/src/lib/libssl/src/crypto/idea/idea.h | |||
| @@ -59,6 +59,8 @@ | |||
| 59 | #ifndef HEADER_IDEA_H | 59 | #ifndef HEADER_IDEA_H |
| 60 | #define HEADER_IDEA_H | 60 | #define HEADER_IDEA_H |
| 61 | 61 | ||
| 62 | #include <openssl/opensslconf.h> /* IDEA_INT, OPENSSL_NO_IDEA */ | ||
| 63 | |||
| 62 | #ifdef OPENSSL_NO_IDEA | 64 | #ifdef OPENSSL_NO_IDEA |
| 63 | #error IDEA is disabled. | 65 | #error IDEA is disabled. |
| 64 | #endif | 66 | #endif |
| @@ -66,7 +68,6 @@ | |||
| 66 | #define IDEA_ENCRYPT 1 | 68 | #define IDEA_ENCRYPT 1 |
| 67 | #define IDEA_DECRYPT 0 | 69 | #define IDEA_DECRYPT 0 |
| 68 | 70 | ||
| 69 | #include <openssl/opensslconf.h> /* IDEA_INT */ | ||
| 70 | #define IDEA_BLOCK 8 | 71 | #define IDEA_BLOCK 8 |
| 71 | #define IDEA_KEY_LENGTH 16 | 72 | #define IDEA_KEY_LENGTH 16 |
| 72 | 73 | ||
| @@ -82,12 +83,8 @@ typedef struct idea_key_st | |||
| 82 | const char *idea_options(void); | 83 | const char *idea_options(void); |
| 83 | void idea_ecb_encrypt(const unsigned char *in, unsigned char *out, | 84 | void idea_ecb_encrypt(const unsigned char *in, unsigned char *out, |
| 84 | IDEA_KEY_SCHEDULE *ks); | 85 | IDEA_KEY_SCHEDULE *ks); |
| 85 | #ifdef OPENSSL_FIPS | ||
| 86 | void private_idea_set_encrypt_key(const unsigned char *key, | ||
| 87 | IDEA_KEY_SCHEDULE *ks); | ||
| 88 | #endif | ||
| 89 | void idea_set_encrypt_key(const unsigned char *key, IDEA_KEY_SCHEDULE *ks); | 86 | void idea_set_encrypt_key(const unsigned char *key, IDEA_KEY_SCHEDULE *ks); |
| 90 | void idea_set_decrypt_key(IDEA_KEY_SCHEDULE *ek, IDEA_KEY_SCHEDULE *dk); | 87 | void idea_set_decrypt_key(const IDEA_KEY_SCHEDULE *ek, IDEA_KEY_SCHEDULE *dk); |
| 91 | void idea_cbc_encrypt(const unsigned char *in, unsigned char *out, | 88 | void idea_cbc_encrypt(const unsigned char *in, unsigned char *out, |
| 92 | long length, IDEA_KEY_SCHEDULE *ks, unsigned char *iv,int enc); | 89 | long length, IDEA_KEY_SCHEDULE *ks, unsigned char *iv,int enc); |
| 93 | void idea_cfb64_encrypt(const unsigned char *in, unsigned char *out, | 90 | void idea_cfb64_encrypt(const unsigned char *in, unsigned char *out, |
diff --git a/src/lib/libssl/src/crypto/install.com b/src/lib/libssl/src/crypto/install.com index b3d155e964..58a4fecdaa 100644 --- a/src/lib/libssl/src/crypto/install.com +++ b/src/lib/libssl/src/crypto/install.com | |||
| @@ -32,14 +32,18 @@ $ IF F$PARSE("WRK_SSLALIB:") .EQS. "" THEN - | |||
| 32 | $ IF F$PARSE("WRK_SSLINCLUDE:") .EQS. "" THEN - | 32 | $ IF F$PARSE("WRK_SSLINCLUDE:") .EQS. "" THEN - |
| 33 | CREATE/DIR/LOG WRK_SSLINCLUDE: | 33 | CREATE/DIR/LOG WRK_SSLINCLUDE: |
| 34 | $ | 34 | $ |
| 35 | $ SDIRS := ,MD2,MD4,MD5,SHA,MDC2,HMAC,RIPEMD,- | 35 | $ SDIRS := ,- |
| 36 | DES,RC2,RC4,RC5,IDEA,BF,CAST,- | 36 | OBJECTS,- |
| 37 | BN,EC,RSA,DSA,DH,DSO,ENGINE,AES,- | 37 | MD2,MD4,MD5,SHA,MDC2,HMAC,RIPEMD,- |
| 38 | BUFFER,BIO,STACK,LHASH,RAND,ERR,OBJECTS,- | 38 | DES,RC2,RC4,RC5,IDEA,BF,CAST,CAMELLIA,SEED,- |
| 39 | BN,EC,RSA,DSA,ECDSA,DH,ECDH,DSO,ENGINE,AES,- | ||
| 40 | BUFFER,BIO,STACK,LHASH,RAND,ERR,- | ||
| 39 | EVP,ASN1,PEM,X509,X509V3,CONF,TXT_DB,PKCS7,PKCS12,COMP,OCSP,- | 41 | EVP,ASN1,PEM,X509,X509V3,CONF,TXT_DB,PKCS7,PKCS12,COMP,OCSP,- |
| 40 | UI,KRB5 | 42 | UI,KRB5,- |
| 43 | STORE,CMS,PQUEUE | ||
| 41 | $ EXHEADER_ := crypto.h,tmdiff.h,opensslv.h,opensslconf.h,ebcdic.h,- | 44 | $ EXHEADER_ := crypto.h,tmdiff.h,opensslv.h,opensslconf.h,ebcdic.h,- |
| 42 | symhacks.h,ossl_typ.h | 45 | symhacks.h,ossl_typ.h |
| 46 | $ EXHEADER_OBJECTS := objects.h,obj_mac.h | ||
| 43 | $ EXHEADER_MD2 := md2.h | 47 | $ EXHEADER_MD2 := md2.h |
| 44 | $ EXHEADER_MD4 := md4.h | 48 | $ EXHEADER_MD4 := md4.h |
| 45 | $ EXHEADER_MD5 := md5.h | 49 | $ EXHEADER_MD5 := md5.h |
| @@ -54,11 +58,15 @@ $ EXHEADER_RC5 := rc5.h | |||
| 54 | $ EXHEADER_IDEA := idea.h | 58 | $ EXHEADER_IDEA := idea.h |
| 55 | $ EXHEADER_BF := blowfish.h | 59 | $ EXHEADER_BF := blowfish.h |
| 56 | $ EXHEADER_CAST := cast.h | 60 | $ EXHEADER_CAST := cast.h |
| 61 | $ EXHEADER_CAMELLIA := camellia.h | ||
| 62 | $ EXHEADER_SEED := seed.h | ||
| 57 | $ EXHEADER_BN := bn.h | 63 | $ EXHEADER_BN := bn.h |
| 58 | $ EXHEADER_EC := ec.h | 64 | $ EXHEADER_EC := ec.h |
| 59 | $ EXHEADER_RSA := rsa.h | 65 | $ EXHEADER_RSA := rsa.h |
| 60 | $ EXHEADER_DSA := dsa.h | 66 | $ EXHEADER_DSA := dsa.h |
| 67 | $ EXHEADER_ECDSA := ecdsa.h | ||
| 61 | $ EXHEADER_DH := dh.h | 68 | $ EXHEADER_DH := dh.h |
| 69 | $ EXHEADER_ECDH := ecdh.h | ||
| 62 | $ EXHEADER_DSO := dso.h | 70 | $ EXHEADER_DSO := dso.h |
| 63 | $ EXHEADER_ENGINE := engine.h | 71 | $ EXHEADER_ENGINE := engine.h |
| 64 | $ EXHEADER_AES := aes.h | 72 | $ EXHEADER_AES := aes.h |
| @@ -68,7 +76,6 @@ $ EXHEADER_STACK := stack.h,safestack.h | |||
| 68 | $ EXHEADER_LHASH := lhash.h | 76 | $ EXHEADER_LHASH := lhash.h |
| 69 | $ EXHEADER_RAND := rand.h | 77 | $ EXHEADER_RAND := rand.h |
| 70 | $ EXHEADER_ERR := err.h | 78 | $ EXHEADER_ERR := err.h |
| 71 | $ EXHEADER_OBJECTS := objects.h,obj_mac.h | ||
| 72 | $ EXHEADER_EVP := evp.h | 79 | $ EXHEADER_EVP := evp.h |
| 73 | $ EXHEADER_ASN1 := asn1.h,asn1_mac.h,asn1t.h | 80 | $ EXHEADER_ASN1 := asn1.h,asn1_mac.h,asn1t.h |
| 74 | $ EXHEADER_PEM := pem.h,pem2.h | 81 | $ EXHEADER_PEM := pem.h,pem2.h |
| @@ -82,6 +89,10 @@ $ EXHEADER_COMP := comp.h | |||
| 82 | $ EXHEADER_OCSP := ocsp.h | 89 | $ EXHEADER_OCSP := ocsp.h |
| 83 | $ EXHEADER_UI := ui.h,ui_compat.h | 90 | $ EXHEADER_UI := ui.h,ui_compat.h |
| 84 | $ EXHEADER_KRB5 := krb5_asn.h | 91 | $ EXHEADER_KRB5 := krb5_asn.h |
| 92 | $! EXHEADER_STORE := store.h,str_compat.h | ||
| 93 | $ EXHEADER_STORE := store.h | ||
| 94 | $ EXHEADER_PQUEUE := pqueue.h,pq_compat.h | ||
| 95 | $ EXHEADER_CMS := cms.h | ||
| 85 | $ LIBS := LIBCRYPTO | 96 | $ LIBS := LIBCRYPTO |
| 86 | $ | 97 | $ |
| 87 | $ VEXE_DIR := [-.VAX.EXE.CRYPTO] | 98 | $ VEXE_DIR := [-.VAX.EXE.CRYPTO] |
diff --git a/src/lib/libssl/src/crypto/krb5/krb5_asn.h b/src/lib/libssl/src/crypto/krb5/krb5_asn.h index 3329477b07..41725d0dc4 100644 --- a/src/lib/libssl/src/crypto/krb5/krb5_asn.h +++ b/src/lib/libssl/src/crypto/krb5/krb5_asn.h | |||
| @@ -225,7 +225,7 @@ DECLARE_STACK_OF(KRB5_AUTHENTBODY) | |||
| 225 | ** void name##_free(type *a); | 225 | ** void name##_free(type *a); |
| 226 | ** DECLARE_ASN1_ENCODE_FUNCTIONS(type, name, name) = | 226 | ** DECLARE_ASN1_ENCODE_FUNCTIONS(type, name, name) = |
| 227 | ** DECLARE_ASN1_ENCODE_FUNCTIONS(type, itname, name) = | 227 | ** DECLARE_ASN1_ENCODE_FUNCTIONS(type, itname, name) = |
| 228 | ** type *d2i_##name(type **a, unsigned char **in, long len); | 228 | ** type *d2i_##name(type **a, const unsigned char **in, long len); |
| 229 | ** int i2d_##name(type *a, unsigned char **out); | 229 | ** int i2d_##name(type *a, unsigned char **out); |
| 230 | ** DECLARE_ASN1_ITEM(itname) = OPENSSL_EXTERN const ASN1_ITEM itname##_it | 230 | ** DECLARE_ASN1_ITEM(itname) = OPENSSL_EXTERN const ASN1_ITEM itname##_it |
| 231 | */ | 231 | */ |
diff --git a/src/lib/libssl/src/crypto/lhash/lhash.c b/src/lib/libssl/src/crypto/lhash/lhash.c index 0a16fcf27d..04ea80203c 100644 --- a/src/lib/libssl/src/crypto/lhash/lhash.c +++ b/src/lib/libssl/src/crypto/lhash/lhash.c | |||
| @@ -100,7 +100,7 @@ | |||
| 100 | #include <openssl/crypto.h> | 100 | #include <openssl/crypto.h> |
| 101 | #include <openssl/lhash.h> | 101 | #include <openssl/lhash.h> |
| 102 | 102 | ||
| 103 | const char *lh_version="lhash" OPENSSL_VERSION_PTEXT; | 103 | const char lh_version[]="lhash" OPENSSL_VERSION_PTEXT; |
| 104 | 104 | ||
| 105 | #undef MIN_NODES | 105 | #undef MIN_NODES |
| 106 | #define MIN_NODES 16 | 106 | #define MIN_NODES 16 |
| @@ -176,11 +176,11 @@ void lh_free(LHASH *lh) | |||
| 176 | OPENSSL_free(lh); | 176 | OPENSSL_free(lh); |
| 177 | } | 177 | } |
| 178 | 178 | ||
| 179 | void *lh_insert(LHASH *lh, const void *data) | 179 | void *lh_insert(LHASH *lh, void *data) |
| 180 | { | 180 | { |
| 181 | unsigned long hash; | 181 | unsigned long hash; |
| 182 | LHASH_NODE *nn,**rn; | 182 | LHASH_NODE *nn,**rn; |
| 183 | const void *ret; | 183 | void *ret; |
| 184 | 184 | ||
| 185 | lh->error=0; | 185 | lh->error=0; |
| 186 | if (lh->up_load <= (lh->num_items*LH_LOAD_MULT/lh->num_nodes)) | 186 | if (lh->up_load <= (lh->num_items*LH_LOAD_MULT/lh->num_nodes)) |
| @@ -211,14 +211,14 @@ void *lh_insert(LHASH *lh, const void *data) | |||
| 211 | (*rn)->data=data; | 211 | (*rn)->data=data; |
| 212 | lh->num_replace++; | 212 | lh->num_replace++; |
| 213 | } | 213 | } |
| 214 | return((void *)ret); | 214 | return(ret); |
| 215 | } | 215 | } |
| 216 | 216 | ||
| 217 | void *lh_delete(LHASH *lh, const void *data) | 217 | void *lh_delete(LHASH *lh, const void *data) |
| 218 | { | 218 | { |
| 219 | unsigned long hash; | 219 | unsigned long hash; |
| 220 | LHASH_NODE *nn,**rn; | 220 | LHASH_NODE *nn,**rn; |
| 221 | const void *ret; | 221 | void *ret; |
| 222 | 222 | ||
| 223 | lh->error=0; | 223 | lh->error=0; |
| 224 | rn=getrn(lh,data,&hash); | 224 | rn=getrn(lh,data,&hash); |
| @@ -242,14 +242,14 @@ void *lh_delete(LHASH *lh, const void *data) | |||
| 242 | (lh->down_load >= (lh->num_items*LH_LOAD_MULT/lh->num_nodes))) | 242 | (lh->down_load >= (lh->num_items*LH_LOAD_MULT/lh->num_nodes))) |
| 243 | contract(lh); | 243 | contract(lh); |
| 244 | 244 | ||
| 245 | return((void *)ret); | 245 | return(ret); |
| 246 | } | 246 | } |
| 247 | 247 | ||
| 248 | void *lh_retrieve(LHASH *lh, const void *data) | 248 | void *lh_retrieve(LHASH *lh, const void *data) |
| 249 | { | 249 | { |
| 250 | unsigned long hash; | 250 | unsigned long hash; |
| 251 | LHASH_NODE **rn; | 251 | LHASH_NODE **rn; |
| 252 | const void *ret; | 252 | void *ret; |
| 253 | 253 | ||
| 254 | lh->error=0; | 254 | lh->error=0; |
| 255 | rn=getrn(lh,data,&hash); | 255 | rn=getrn(lh,data,&hash); |
| @@ -264,7 +264,7 @@ void *lh_retrieve(LHASH *lh, const void *data) | |||
| 264 | ret= (*rn)->data; | 264 | ret= (*rn)->data; |
| 265 | lh->num_retrieve++; | 265 | lh->num_retrieve++; |
| 266 | } | 266 | } |
| 267 | return((void *)ret); | 267 | return(ret); |
| 268 | } | 268 | } |
| 269 | 269 | ||
| 270 | static void doall_util_fn(LHASH *lh, int use_arg, LHASH_DOALL_FN_TYPE func, | 270 | static void doall_util_fn(LHASH *lh, int use_arg, LHASH_DOALL_FN_TYPE func, |
| @@ -339,7 +339,7 @@ static void expand(LHASH *lh) | |||
| 339 | { | 339 | { |
| 340 | j=(int)lh->num_alloc_nodes*2; | 340 | j=(int)lh->num_alloc_nodes*2; |
| 341 | n=(LHASH_NODE **)OPENSSL_realloc(lh->b, | 341 | n=(LHASH_NODE **)OPENSSL_realloc(lh->b, |
| 342 | (unsigned int)sizeof(LHASH_NODE *)*j); | 342 | (int)(sizeof(LHASH_NODE *)*j)); |
| 343 | if (n == NULL) | 343 | if (n == NULL) |
| 344 | { | 344 | { |
| 345 | /* fputs("realloc error in lhash",stderr); */ | 345 | /* fputs("realloc error in lhash",stderr); */ |
| @@ -401,7 +401,7 @@ static LHASH_NODE **getrn(LHASH *lh, const void *data, unsigned long *rhash) | |||
| 401 | { | 401 | { |
| 402 | LHASH_NODE **ret,*n1; | 402 | LHASH_NODE **ret,*n1; |
| 403 | unsigned long hash,nn; | 403 | unsigned long hash,nn; |
| 404 | int (*cf)(); | 404 | LHASH_COMP_FN_TYPE cf; |
| 405 | 405 | ||
| 406 | hash=(*(lh->hash))(data); | 406 | hash=(*(lh->hash))(data); |
| 407 | lh->num_hash_calls++; | 407 | lh->num_hash_calls++; |
diff --git a/src/lib/libssl/src/crypto/lhash/lhash.h b/src/lib/libssl/src/crypto/lhash/lhash.h index dee8207333..d392d0cd80 100644 --- a/src/lib/libssl/src/crypto/lhash/lhash.h +++ b/src/lib/libssl/src/crypto/lhash/lhash.h | |||
| @@ -63,6 +63,7 @@ | |||
| 63 | #ifndef HEADER_LHASH_H | 63 | #ifndef HEADER_LHASH_H |
| 64 | #define HEADER_LHASH_H | 64 | #define HEADER_LHASH_H |
| 65 | 65 | ||
| 66 | #include <openssl/e_os2.h> | ||
| 66 | #ifndef OPENSSL_NO_FP_API | 67 | #ifndef OPENSSL_NO_FP_API |
| 67 | #include <stdio.h> | 68 | #include <stdio.h> |
| 68 | #endif | 69 | #endif |
| @@ -77,7 +78,7 @@ extern "C" { | |||
| 77 | 78 | ||
| 78 | typedef struct lhash_node_st | 79 | typedef struct lhash_node_st |
| 79 | { | 80 | { |
| 80 | const void *data; | 81 | void *data; |
| 81 | struct lhash_node_st *next; | 82 | struct lhash_node_st *next; |
| 82 | #ifndef OPENSSL_NO_HASH_COMP | 83 | #ifndef OPENSSL_NO_HASH_COMP |
| 83 | unsigned long hash; | 84 | unsigned long hash; |
| @@ -86,8 +87,8 @@ typedef struct lhash_node_st | |||
| 86 | 87 | ||
| 87 | typedef int (*LHASH_COMP_FN_TYPE)(const void *, const void *); | 88 | typedef int (*LHASH_COMP_FN_TYPE)(const void *, const void *); |
| 88 | typedef unsigned long (*LHASH_HASH_FN_TYPE)(const void *); | 89 | typedef unsigned long (*LHASH_HASH_FN_TYPE)(const void *); |
| 89 | typedef void (*LHASH_DOALL_FN_TYPE)(const void *); | 90 | typedef void (*LHASH_DOALL_FN_TYPE)(void *); |
| 90 | typedef void (*LHASH_DOALL_ARG_FN_TYPE)(const void *, void *); | 91 | typedef void (*LHASH_DOALL_ARG_FN_TYPE)(void *, void *); |
| 91 | 92 | ||
| 92 | /* Macros for declaring and implementing type-safe wrappers for LHASH callbacks. | 93 | /* Macros for declaring and implementing type-safe wrappers for LHASH callbacks. |
| 93 | * This way, callbacks can be provided to LHASH structures without function | 94 | * This way, callbacks can be provided to LHASH structures without function |
| @@ -117,18 +118,18 @@ typedef void (*LHASH_DOALL_ARG_FN_TYPE)(const void *, void *); | |||
| 117 | 118 | ||
| 118 | /* Third: "doall" functions */ | 119 | /* Third: "doall" functions */ |
| 119 | #define DECLARE_LHASH_DOALL_FN(f_name,o_type) \ | 120 | #define DECLARE_LHASH_DOALL_FN(f_name,o_type) \ |
| 120 | void f_name##_LHASH_DOALL(const void *); | 121 | void f_name##_LHASH_DOALL(void *); |
| 121 | #define IMPLEMENT_LHASH_DOALL_FN(f_name,o_type) \ | 122 | #define IMPLEMENT_LHASH_DOALL_FN(f_name,o_type) \ |
| 122 | void f_name##_LHASH_DOALL(const void *arg) { \ | 123 | void f_name##_LHASH_DOALL(void *arg) { \ |
| 123 | o_type a = (o_type)arg; \ | 124 | o_type a = (o_type)arg; \ |
| 124 | f_name(a); } | 125 | f_name(a); } |
| 125 | #define LHASH_DOALL_FN(f_name) f_name##_LHASH_DOALL | 126 | #define LHASH_DOALL_FN(f_name) f_name##_LHASH_DOALL |
| 126 | 127 | ||
| 127 | /* Fourth: "doall_arg" functions */ | 128 | /* Fourth: "doall_arg" functions */ |
| 128 | #define DECLARE_LHASH_DOALL_ARG_FN(f_name,o_type,a_type) \ | 129 | #define DECLARE_LHASH_DOALL_ARG_FN(f_name,o_type,a_type) \ |
| 129 | void f_name##_LHASH_DOALL_ARG(const void *, void *); | 130 | void f_name##_LHASH_DOALL_ARG(void *, void *); |
| 130 | #define IMPLEMENT_LHASH_DOALL_ARG_FN(f_name,o_type,a_type) \ | 131 | #define IMPLEMENT_LHASH_DOALL_ARG_FN(f_name,o_type,a_type) \ |
| 131 | void f_name##_LHASH_DOALL_ARG(const void *arg1, void *arg2) { \ | 132 | void f_name##_LHASH_DOALL_ARG(void *arg1, void *arg2) { \ |
| 132 | o_type a = (o_type)arg1; \ | 133 | o_type a = (o_type)arg1; \ |
| 133 | a_type b = (a_type)arg2; \ | 134 | a_type b = (a_type)arg2; \ |
| 134 | f_name(a,b); } | 135 | f_name(a,b); } |
| @@ -172,7 +173,7 @@ typedef struct lhash_st | |||
| 172 | 173 | ||
| 173 | LHASH *lh_new(LHASH_HASH_FN_TYPE h, LHASH_COMP_FN_TYPE c); | 174 | LHASH *lh_new(LHASH_HASH_FN_TYPE h, LHASH_COMP_FN_TYPE c); |
| 174 | void lh_free(LHASH *lh); | 175 | void lh_free(LHASH *lh); |
| 175 | void *lh_insert(LHASH *lh, const void *data); | 176 | void *lh_insert(LHASH *lh, void *data); |
| 176 | void *lh_delete(LHASH *lh, const void *data); | 177 | void *lh_delete(LHASH *lh, const void *data); |
| 177 | void *lh_retrieve(LHASH *lh, const void *data); | 178 | void *lh_retrieve(LHASH *lh, const void *data); |
| 178 | void lh_doall(LHASH *lh, LHASH_DOALL_FN_TYPE func); | 179 | void lh_doall(LHASH *lh, LHASH_DOALL_FN_TYPE func); |
diff --git a/src/lib/libssl/src/crypto/md2/md2.h b/src/lib/libssl/src/crypto/md2/md2.h index d0ef9da08e..a46120e7d4 100644 --- a/src/lib/libssl/src/crypto/md2/md2.h +++ b/src/lib/libssl/src/crypto/md2/md2.h | |||
| @@ -59,13 +59,14 @@ | |||
| 59 | #ifndef HEADER_MD2_H | 59 | #ifndef HEADER_MD2_H |
| 60 | #define HEADER_MD2_H | 60 | #define HEADER_MD2_H |
| 61 | 61 | ||
| 62 | #include <openssl/opensslconf.h> /* OPENSSL_NO_MD2, MD2_INT */ | ||
| 62 | #ifdef OPENSSL_NO_MD2 | 63 | #ifdef OPENSSL_NO_MD2 |
| 63 | #error MD2 is disabled. | 64 | #error MD2 is disabled. |
| 64 | #endif | 65 | #endif |
| 66 | #include <stddef.h> | ||
| 65 | 67 | ||
| 66 | #define MD2_DIGEST_LENGTH 16 | 68 | #define MD2_DIGEST_LENGTH 16 |
| 67 | #define MD2_BLOCK 16 | 69 | #define MD2_BLOCK 16 |
| 68 | #include <openssl/opensslconf.h> /* MD2_INT */ | ||
| 69 | 70 | ||
| 70 | #ifdef __cplusplus | 71 | #ifdef __cplusplus |
| 71 | extern "C" { | 72 | extern "C" { |
| @@ -73,20 +74,17 @@ extern "C" { | |||
| 73 | 74 | ||
| 74 | typedef struct MD2state_st | 75 | typedef struct MD2state_st |
| 75 | { | 76 | { |
| 76 | int num; | 77 | unsigned int num; |
| 77 | unsigned char data[MD2_BLOCK]; | 78 | unsigned char data[MD2_BLOCK]; |
| 78 | MD2_INT cksm[MD2_BLOCK]; | 79 | MD2_INT cksm[MD2_BLOCK]; |
| 79 | MD2_INT state[MD2_BLOCK]; | 80 | MD2_INT state[MD2_BLOCK]; |
| 80 | } MD2_CTX; | 81 | } MD2_CTX; |
| 81 | 82 | ||
| 82 | const char *MD2_options(void); | 83 | const char *MD2_options(void); |
| 83 | #ifdef OPENSSL_FIPS | ||
| 84 | int private_MD2_Init(MD2_CTX *c); | ||
| 85 | #endif | ||
| 86 | int MD2_Init(MD2_CTX *c); | 84 | int MD2_Init(MD2_CTX *c); |
| 87 | int MD2_Update(MD2_CTX *c, const unsigned char *data, unsigned long len); | 85 | int MD2_Update(MD2_CTX *c, const unsigned char *data, size_t len); |
| 88 | int MD2_Final(unsigned char *md, MD2_CTX *c); | 86 | int MD2_Final(unsigned char *md, MD2_CTX *c); |
| 89 | unsigned char *MD2(const unsigned char *d, unsigned long n,unsigned char *md); | 87 | unsigned char *MD2(const unsigned char *d, size_t n,unsigned char *md); |
| 90 | #ifdef __cplusplus | 88 | #ifdef __cplusplus |
| 91 | } | 89 | } |
| 92 | #endif | 90 | #endif |
diff --git a/src/lib/libssl/src/crypto/md2/md2_dgst.c b/src/lib/libssl/src/crypto/md2/md2_dgst.c index 8124acd687..6f68b25c6a 100644 --- a/src/lib/libssl/src/crypto/md2/md2_dgst.c +++ b/src/lib/libssl/src/crypto/md2/md2_dgst.c | |||
| @@ -62,10 +62,8 @@ | |||
| 62 | #include <openssl/md2.h> | 62 | #include <openssl/md2.h> |
| 63 | #include <openssl/opensslv.h> | 63 | #include <openssl/opensslv.h> |
| 64 | #include <openssl/crypto.h> | 64 | #include <openssl/crypto.h> |
| 65 | #include <openssl/fips.h> | ||
| 66 | #include <openssl/err.h> | ||
| 67 | 65 | ||
| 68 | const char *MD2_version="MD2" OPENSSL_VERSION_PTEXT; | 66 | const char MD2_version[]="MD2" OPENSSL_VERSION_PTEXT; |
| 69 | 67 | ||
| 70 | /* Implemented from RFC1319 The MD2 Message-Digest Algorithm | 68 | /* Implemented from RFC1319 The MD2 Message-Digest Algorithm |
| 71 | */ | 69 | */ |
| @@ -118,7 +116,7 @@ const char *MD2_options(void) | |||
| 118 | return("md2(int)"); | 116 | return("md2(int)"); |
| 119 | } | 117 | } |
| 120 | 118 | ||
| 121 | FIPS_NON_FIPS_MD_Init(MD2) | 119 | int MD2_Init(MD2_CTX *c) |
| 122 | { | 120 | { |
| 123 | c->num=0; | 121 | c->num=0; |
| 124 | memset(c->state,0,sizeof c->state); | 122 | memset(c->state,0,sizeof c->state); |
| @@ -127,7 +125,7 @@ FIPS_NON_FIPS_MD_Init(MD2) | |||
| 127 | return 1; | 125 | return 1; |
| 128 | } | 126 | } |
| 129 | 127 | ||
| 130 | int MD2_Update(MD2_CTX *c, const unsigned char *data, unsigned long len) | 128 | int MD2_Update(MD2_CTX *c, const unsigned char *data, size_t len) |
| 131 | { | 129 | { |
| 132 | register UCHAR *p; | 130 | register UCHAR *p; |
| 133 | 131 | ||
| @@ -147,7 +145,7 @@ int MD2_Update(MD2_CTX *c, const unsigned char *data, unsigned long len) | |||
| 147 | } | 145 | } |
| 148 | else | 146 | else |
| 149 | { | 147 | { |
| 150 | memcpy(&(p[c->num]),data,(int)len); | 148 | memcpy(&(p[c->num]),data,len); |
| 151 | /* data+=len; */ | 149 | /* data+=len; */ |
| 152 | c->num+=(int)len; | 150 | c->num+=(int)len; |
| 153 | return 1; | 151 | return 1; |
| @@ -161,7 +159,7 @@ int MD2_Update(MD2_CTX *c, const unsigned char *data, unsigned long len) | |||
| 161 | data+=MD2_BLOCK; | 159 | data+=MD2_BLOCK; |
| 162 | len-=MD2_BLOCK; | 160 | len-=MD2_BLOCK; |
| 163 | } | 161 | } |
| 164 | memcpy(p,data,(int)len); | 162 | memcpy(p,data,len); |
| 165 | c->num=(int)len; | 163 | c->num=(int)len; |
| 166 | return 1; | 164 | return 1; |
| 167 | } | 165 | } |
diff --git a/src/lib/libssl/src/crypto/md2/md2_one.c b/src/lib/libssl/src/crypto/md2/md2_one.c index 8c36ba5779..f7fef5cc0a 100644 --- a/src/lib/libssl/src/crypto/md2/md2_one.c +++ b/src/lib/libssl/src/crypto/md2/md2_one.c | |||
| @@ -63,7 +63,7 @@ | |||
| 63 | /* This is a separate file so that #defines in cryptlib.h can | 63 | /* This is a separate file so that #defines in cryptlib.h can |
| 64 | * map my MD functions to different names */ | 64 | * map my MD functions to different names */ |
| 65 | 65 | ||
| 66 | unsigned char *MD2(const unsigned char *d, unsigned long n, unsigned char *md) | 66 | unsigned char *MD2(const unsigned char *d, size_t n, unsigned char *md) |
| 67 | { | 67 | { |
| 68 | MD2_CTX c; | 68 | MD2_CTX c; |
| 69 | static unsigned char m[MD2_DIGEST_LENGTH]; | 69 | static unsigned char m[MD2_DIGEST_LENGTH]; |
diff --git a/src/lib/libssl/src/crypto/md2/md2test.c b/src/lib/libssl/src/crypto/md2/md2test.c index 9c1e28b6ce..db5f5bc6d2 100644 --- a/src/lib/libssl/src/crypto/md2/md2test.c +++ b/src/lib/libssl/src/crypto/md2/md2test.c | |||
| @@ -110,7 +110,7 @@ int main(int argc, char *argv[]) | |||
| 110 | i=1; | 110 | i=1; |
| 111 | while (*P != NULL) | 111 | while (*P != NULL) |
| 112 | { | 112 | { |
| 113 | EVP_Digest((unsigned char *)*P,(unsigned long)strlen(*P),md,NULL,EVP_md2(), NULL); | 113 | EVP_Digest((unsigned char *)*P,strlen(*P),md,NULL,EVP_md2(), NULL); |
| 114 | p=pt(md); | 114 | p=pt(md); |
| 115 | if (strcmp(p,*R) != 0) | 115 | if (strcmp(p,*R) != 0) |
| 116 | { | 116 | { |
| @@ -124,7 +124,11 @@ int main(int argc, char *argv[]) | |||
| 124 | R++; | 124 | R++; |
| 125 | P++; | 125 | P++; |
| 126 | } | 126 | } |
| 127 | #ifdef OPENSSL_SYS_NETWARE | ||
| 128 | if (err) printf("ERROR: %d\n", err); | ||
| 129 | #endif | ||
| 127 | EXIT(err); | 130 | EXIT(err); |
| 131 | return err; | ||
| 128 | } | 132 | } |
| 129 | 133 | ||
| 130 | static char *pt(unsigned char *md) | 134 | static char *pt(unsigned char *md) |
diff --git a/src/lib/libssl/src/crypto/md32_common.h b/src/lib/libssl/src/crypto/md32_common.h index 733da6acaf..089c450290 100644 --- a/src/lib/libssl/src/crypto/md32_common.h +++ b/src/lib/libssl/src/crypto/md32_common.h | |||
| @@ -1,6 +1,6 @@ | |||
| 1 | /* crypto/md32_common.h */ | 1 | /* crypto/md32_common.h */ |
| 2 | /* ==================================================================== | 2 | /* ==================================================================== |
| 3 | * Copyright (c) 1999-2002 The OpenSSL Project. All rights reserved. | 3 | * Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved. |
| 4 | * | 4 | * |
| 5 | * Redistribution and use in source and binary forms, with or without | 5 | * Redistribution and use in source and binary forms, with or without |
| 6 | * modification, are permitted provided that the following conditions | 6 | * modification, are permitted provided that the following conditions |
| @@ -47,10 +47,6 @@ | |||
| 47 | * OF THE POSSIBILITY OF SUCH DAMAGE. | 47 | * OF THE POSSIBILITY OF SUCH DAMAGE. |
| 48 | * ==================================================================== | 48 | * ==================================================================== |
| 49 | * | 49 | * |
| 50 | * This product includes cryptographic software written by Eric Young | ||
| 51 | * (eay@cryptsoft.com). This product includes software written by Tim | ||
| 52 | * Hudson (tjh@cryptsoft.com). | ||
| 53 | * | ||
| 54 | */ | 50 | */ |
| 55 | 51 | ||
| 56 | /* | 52 | /* |
| @@ -76,40 +72,27 @@ | |||
| 76 | * typedef struct { | 72 | * typedef struct { |
| 77 | * ... | 73 | * ... |
| 78 | * HASH_LONG Nl,Nh; | 74 | * HASH_LONG Nl,Nh; |
| 75 | * either { | ||
| 79 | * HASH_LONG data[HASH_LBLOCK]; | 76 | * HASH_LONG data[HASH_LBLOCK]; |
| 80 | * int num; | 77 | * unsigned char data[HASH_CBLOCK]; |
| 78 | * }; | ||
| 79 | * unsigned int num; | ||
| 81 | * ... | 80 | * ... |
| 82 | * } HASH_CTX; | 81 | * } HASH_CTX; |
| 82 | * data[] vector is expected to be zeroed upon first call to | ||
| 83 | * HASH_UPDATE. | ||
| 83 | * HASH_UPDATE | 84 | * HASH_UPDATE |
| 84 | * name of "Update" function, implemented here. | 85 | * name of "Update" function, implemented here. |
| 85 | * HASH_TRANSFORM | 86 | * HASH_TRANSFORM |
| 86 | * name of "Transform" function, implemented here. | 87 | * name of "Transform" function, implemented here. |
| 87 | * HASH_FINAL | 88 | * HASH_FINAL |
| 88 | * name of "Final" function, implemented here. | 89 | * name of "Final" function, implemented here. |
| 89 | * HASH_BLOCK_HOST_ORDER | ||
| 90 | * name of "block" function treating *aligned* input message | ||
| 91 | * in host byte order, implemented externally. | ||
| 92 | * HASH_BLOCK_DATA_ORDER | 90 | * HASH_BLOCK_DATA_ORDER |
| 93 | * name of "block" function treating *unaligned* input message | 91 | * name of "block" function capable of treating *unaligned* input |
| 94 | * in original (data) byte order, implemented externally (it | 92 | * message in original (data) byte order, implemented externally. |
| 95 | * actually is optional if data and host are of the same | ||
| 96 | * "endianess"). | ||
| 97 | * HASH_MAKE_STRING | 93 | * HASH_MAKE_STRING |
| 98 | * macro convering context variables to an ASCII hash string. | 94 | * macro convering context variables to an ASCII hash string. |
| 99 | * | 95 | * |
| 100 | * Optional macros: | ||
| 101 | * | ||
| 102 | * B_ENDIAN or L_ENDIAN | ||
| 103 | * defines host byte-order. | ||
| 104 | * HASH_LONG_LOG2 | ||
| 105 | * defaults to 2 if not states otherwise. | ||
| 106 | * HASH_LBLOCK | ||
| 107 | * assumed to be HASH_CBLOCK/4 if not stated otherwise. | ||
| 108 | * HASH_BLOCK_DATA_ORDER_ALIGNED | ||
| 109 | * alternative "block" function capable of treating | ||
| 110 | * aligned input message in original (data) order, | ||
| 111 | * implemented externally. | ||
| 112 | * | ||
| 113 | * MD5 example: | 96 | * MD5 example: |
| 114 | * | 97 | * |
| 115 | * #define DATA_ORDER_IS_LITTLE_ENDIAN | 98 | * #define DATA_ORDER_IS_LITTLE_ENDIAN |
| @@ -118,20 +101,14 @@ | |||
| 118 | * #define HASH_LONG_LOG2 MD5_LONG_LOG2 | 101 | * #define HASH_LONG_LOG2 MD5_LONG_LOG2 |
| 119 | * #define HASH_CTX MD5_CTX | 102 | * #define HASH_CTX MD5_CTX |
| 120 | * #define HASH_CBLOCK MD5_CBLOCK | 103 | * #define HASH_CBLOCK MD5_CBLOCK |
| 121 | * #define HASH_LBLOCK MD5_LBLOCK | ||
| 122 | * #define HASH_UPDATE MD5_Update | 104 | * #define HASH_UPDATE MD5_Update |
| 123 | * #define HASH_TRANSFORM MD5_Transform | 105 | * #define HASH_TRANSFORM MD5_Transform |
| 124 | * #define HASH_FINAL MD5_Final | 106 | * #define HASH_FINAL MD5_Final |
| 125 | * #define HASH_BLOCK_HOST_ORDER md5_block_host_order | ||
| 126 | * #define HASH_BLOCK_DATA_ORDER md5_block_data_order | 107 | * #define HASH_BLOCK_DATA_ORDER md5_block_data_order |
| 127 | * | 108 | * |
| 128 | * <appro@fy.chalmers.se> | 109 | * <appro@fy.chalmers.se> |
| 129 | */ | 110 | */ |
| 130 | 111 | ||
| 131 | #include <openssl/crypto.h> | ||
| 132 | #include <openssl/fips.h> | ||
| 133 | #include <openssl/err.h> | ||
| 134 | |||
| 135 | #if !defined(DATA_ORDER_IS_BIG_ENDIAN) && !defined(DATA_ORDER_IS_LITTLE_ENDIAN) | 112 | #if !defined(DATA_ORDER_IS_BIG_ENDIAN) && !defined(DATA_ORDER_IS_LITTLE_ENDIAN) |
| 136 | #error "DATA_ORDER must be defined!" | 113 | #error "DATA_ORDER must be defined!" |
| 137 | #endif | 114 | #endif |
| @@ -156,34 +133,16 @@ | |||
| 156 | #error "HASH_FINAL must be defined!" | 133 | #error "HASH_FINAL must be defined!" |
| 157 | #endif | 134 | #endif |
| 158 | 135 | ||
| 159 | #ifndef HASH_BLOCK_HOST_ORDER | ||
| 160 | #error "HASH_BLOCK_HOST_ORDER must be defined!" | ||
| 161 | #endif | ||
| 162 | |||
| 163 | #if 0 | ||
| 164 | /* | ||
| 165 | * Moved below as it's required only if HASH_BLOCK_DATA_ORDER_ALIGNED | ||
| 166 | * isn't defined. | ||
| 167 | */ | ||
| 168 | #ifndef HASH_BLOCK_DATA_ORDER | 136 | #ifndef HASH_BLOCK_DATA_ORDER |
| 169 | #error "HASH_BLOCK_DATA_ORDER must be defined!" | 137 | #error "HASH_BLOCK_DATA_ORDER must be defined!" |
| 170 | #endif | 138 | #endif |
| 171 | #endif | ||
| 172 | |||
| 173 | #ifndef HASH_LBLOCK | ||
| 174 | #define HASH_LBLOCK (HASH_CBLOCK/4) | ||
| 175 | #endif | ||
| 176 | |||
| 177 | #ifndef HASH_LONG_LOG2 | ||
| 178 | #define HASH_LONG_LOG2 2 | ||
| 179 | #endif | ||
| 180 | 139 | ||
| 181 | /* | 140 | /* |
| 182 | * Engage compiler specific rotate intrinsic function if available. | 141 | * Engage compiler specific rotate intrinsic function if available. |
| 183 | */ | 142 | */ |
| 184 | #undef ROTATE | 143 | #undef ROTATE |
| 185 | #ifndef PEDANTIC | 144 | #ifndef PEDANTIC |
| 186 | # if 0 /* defined(_MSC_VER) */ | 145 | # if defined(_MSC_VER) || defined(__ICC) |
| 187 | # define ROTATE(a,n) _lrotl(a,n) | 146 | # define ROTATE(a,n) _lrotl(a,n) |
| 188 | # elif defined(__MWERKS__) | 147 | # elif defined(__MWERKS__) |
| 189 | # if defined(__POWERPC__) | 148 | # if defined(__POWERPC__) |
| @@ -199,7 +158,6 @@ | |||
| 199 | * Some GNU C inline assembler templates. Note that these are | 158 | * Some GNU C inline assembler templates. Note that these are |
| 200 | * rotates by *constant* number of bits! But that's exactly | 159 | * rotates by *constant* number of bits! But that's exactly |
| 201 | * what we need here... | 160 | * what we need here... |
| 202 | * | ||
| 203 | * <appro@fy.chalmers.se> | 161 | * <appro@fy.chalmers.se> |
| 204 | */ | 162 | */ |
| 205 | # if defined(__i386) || defined(__i386__) || defined(__x86_64) || defined(__x86_64__) | 163 | # if defined(__i386) || defined(__i386__) || defined(__x86_64) || defined(__x86_64__) |
| @@ -211,7 +169,8 @@ | |||
| 211 | : "cc"); \ | 169 | : "cc"); \ |
| 212 | ret; \ | 170 | ret; \ |
| 213 | }) | 171 | }) |
| 214 | # elif defined(__powerpc) || defined(__ppc__) || defined(__powerpc64__) | 172 | # elif defined(_ARCH_PPC) || defined(_ARCH_PPC64) || \ |
| 173 | defined(__powerpc) || defined(__ppc__) || defined(__powerpc64__) | ||
| 215 | # define ROTATE(a,n) ({ register unsigned int ret; \ | 174 | # define ROTATE(a,n) ({ register unsigned int ret; \ |
| 216 | asm ( \ | 175 | asm ( \ |
| 217 | "rlwinm %0,%1,%2,0,31" \ | 176 | "rlwinm %0,%1,%2,0,31" \ |
| @@ -219,194 +178,100 @@ | |||
| 219 | : "r"(a), "I"(n)); \ | 178 | : "r"(a), "I"(n)); \ |
| 220 | ret; \ | 179 | ret; \ |
| 221 | }) | 180 | }) |
| 222 | # endif | 181 | # elif defined(__s390x__) |
| 223 | # endif | 182 | # define ROTATE(a,n) ({ register unsigned int ret; \ |
| 224 | 183 | asm ("rll %0,%1,%2" \ | |
| 225 | /* | 184 | : "=r"(ret) \ |
| 226 | * Engage compiler specific "fetch in reverse byte order" | 185 | : "r"(a), "I"(n)); \ |
| 227 | * intrinsic function if available. | 186 | ret; \ |
| 228 | */ | ||
| 229 | # if defined(__GNUC__) && __GNUC__>=2 && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) | ||
| 230 | /* some GNU C inline assembler templates by <appro@fy.chalmers.se> */ | ||
| 231 | # if (defined(__i386) || defined(__i386__) || defined(__x86_64) || defined(__x86_64__)) && !defined(I386_ONLY) | ||
| 232 | # define BE_FETCH32(a) ({ register unsigned int l=(a);\ | ||
| 233 | asm ( \ | ||
| 234 | "bswapl %0" \ | ||
| 235 | : "=r"(l) : "0"(l)); \ | ||
| 236 | l; \ | ||
| 237 | }) | ||
| 238 | # elif defined(__powerpc) | ||
| 239 | # define LE_FETCH32(a) ({ register unsigned int l; \ | ||
| 240 | asm ( \ | ||
| 241 | "lwbrx %0,0,%1" \ | ||
| 242 | : "=r"(l) \ | ||
| 243 | : "r"(a)); \ | ||
| 244 | l; \ | ||
| 245 | }) | ||
| 246 | |||
| 247 | # elif defined(__sparc) && defined(OPENSSL_SYS_ULTRASPARC) | ||
| 248 | # define LE_FETCH32(a) ({ register unsigned int l; \ | ||
| 249 | asm ( \ | ||
| 250 | "lda [%1]#ASI_PRIMARY_LITTLE,%0"\ | ||
| 251 | : "=r"(l) \ | ||
| 252 | : "r"(a)); \ | ||
| 253 | l; \ | ||
| 254 | }) | 187 | }) |
| 255 | # endif | 188 | # endif |
| 256 | # endif | 189 | # endif |
| 257 | #endif /* PEDANTIC */ | 190 | #endif /* PEDANTIC */ |
| 258 | 191 | ||
| 259 | #if HASH_LONG_LOG2==2 /* Engage only if sizeof(HASH_LONG)== 4 */ | ||
| 260 | /* A nice byte order reversal from Wei Dai <weidai@eskimo.com> */ | ||
| 261 | #ifdef ROTATE | ||
| 262 | /* 5 instructions with rotate instruction, else 9 */ | ||
| 263 | #define REVERSE_FETCH32(a,l) ( \ | ||
| 264 | l=*(const HASH_LONG *)(a), \ | ||
| 265 | ((ROTATE(l,8)&0x00FF00FF)|(ROTATE((l&0x00FF00FF),24))) \ | ||
| 266 | ) | ||
| 267 | #else | ||
| 268 | /* 6 instructions with rotate instruction, else 8 */ | ||
| 269 | #define REVERSE_FETCH32(a,l) ( \ | ||
| 270 | l=*(const HASH_LONG *)(a), \ | ||
| 271 | l=(((l>>8)&0x00FF00FF)|((l&0x00FF00FF)<<8)), \ | ||
| 272 | ROTATE(l,16) \ | ||
| 273 | ) | ||
| 274 | /* | ||
| 275 | * Originally the middle line started with l=(((l&0xFF00FF00)>>8)|... | ||
| 276 | * It's rewritten as above for two reasons: | ||
| 277 | * - RISCs aren't good at long constants and have to explicitely | ||
| 278 | * compose 'em with several (well, usually 2) instructions in a | ||
| 279 | * register before performing the actual operation and (as you | ||
| 280 | * already realized:-) having same constant should inspire the | ||
| 281 | * compiler to permanently allocate the only register for it; | ||
| 282 | * - most modern CPUs have two ALUs, but usually only one has | ||
| 283 | * circuitry for shifts:-( this minor tweak inspires compiler | ||
| 284 | * to schedule shift instructions in a better way... | ||
| 285 | * | ||
| 286 | * <appro@fy.chalmers.se> | ||
| 287 | */ | ||
| 288 | #endif | ||
| 289 | #endif | ||
| 290 | |||
| 291 | #ifndef ROTATE | 192 | #ifndef ROTATE |
| 292 | #define ROTATE(a,n) (((a)<<(n))|(((a)&0xffffffff)>>(32-(n)))) | 193 | #define ROTATE(a,n) (((a)<<(n))|(((a)&0xffffffff)>>(32-(n)))) |
| 293 | #endif | 194 | #endif |
| 294 | 195 | ||
| 295 | /* | 196 | #if defined(DATA_ORDER_IS_BIG_ENDIAN) |
| 296 | * Make some obvious choices. E.g., HASH_BLOCK_DATA_ORDER_ALIGNED | ||
| 297 | * and HASH_BLOCK_HOST_ORDER ought to be the same if input data | ||
| 298 | * and host are of the same "endianess". It's possible to mask | ||
| 299 | * this with blank #define HASH_BLOCK_DATA_ORDER though... | ||
| 300 | * | ||
| 301 | * <appro@fy.chalmers.se> | ||
| 302 | */ | ||
| 303 | #if defined(B_ENDIAN) | ||
| 304 | # if defined(DATA_ORDER_IS_BIG_ENDIAN) | ||
| 305 | # if !defined(HASH_BLOCK_DATA_ORDER_ALIGNED) && HASH_LONG_LOG2==2 | ||
| 306 | # define HASH_BLOCK_DATA_ORDER_ALIGNED HASH_BLOCK_HOST_ORDER | ||
| 307 | # endif | ||
| 308 | # elif defined(DATA_ORDER_IS_LITTLE_ENDIAN) | ||
| 309 | # ifndef HOST_FETCH32 | ||
| 310 | # ifdef LE_FETCH32 | ||
| 311 | # define HOST_FETCH32(p,l) LE_FETCH32(p) | ||
| 312 | # elif defined(REVERSE_FETCH32) | ||
| 313 | # define HOST_FETCH32(p,l) REVERSE_FETCH32(p,l) | ||
| 314 | # endif | ||
| 315 | # endif | ||
| 316 | # endif | ||
| 317 | #elif defined(L_ENDIAN) | ||
| 318 | # if defined(DATA_ORDER_IS_LITTLE_ENDIAN) | ||
| 319 | # if !defined(HASH_BLOCK_DATA_ORDER_ALIGNED) && HASH_LONG_LOG2==2 | ||
| 320 | # define HASH_BLOCK_DATA_ORDER_ALIGNED HASH_BLOCK_HOST_ORDER | ||
| 321 | # endif | ||
| 322 | # elif defined(DATA_ORDER_IS_BIG_ENDIAN) | ||
| 323 | # ifndef HOST_FETCH32 | ||
| 324 | # ifdef BE_FETCH32 | ||
| 325 | # define HOST_FETCH32(p,l) BE_FETCH32(p) | ||
| 326 | # elif defined(REVERSE_FETCH32) | ||
| 327 | # define HOST_FETCH32(p,l) REVERSE_FETCH32(p,l) | ||
| 328 | # endif | ||
| 329 | # endif | ||
| 330 | # endif | ||
| 331 | #endif | ||
| 332 | 197 | ||
| 333 | #if !defined(HASH_BLOCK_DATA_ORDER_ALIGNED) | 198 | #ifndef PEDANTIC |
| 334 | #ifndef HASH_BLOCK_DATA_ORDER | 199 | # if defined(__GNUC__) && __GNUC__>=2 && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) |
| 335 | #error "HASH_BLOCK_DATA_ORDER must be defined!" | 200 | # if ((defined(__i386) || defined(__i386__)) && !defined(I386_ONLY)) || \ |
| 201 | (defined(__x86_64) || defined(__x86_64__)) | ||
| 202 | # if !defined(B_ENDIAN) | ||
| 203 | /* | ||
| 204 | * This gives ~30-40% performance improvement in SHA-256 compiled | ||
| 205 | * with gcc [on P4]. Well, first macro to be frank. We can pull | ||
| 206 | * this trick on x86* platforms only, because these CPUs can fetch | ||
| 207 | * unaligned data without raising an exception. | ||
| 208 | */ | ||
| 209 | # define HOST_c2l(c,l) ({ unsigned int r=*((const unsigned int *)(c)); \ | ||
| 210 | asm ("bswapl %0":"=r"(r):"0"(r)); \ | ||
| 211 | (c)+=4; (l)=r; }) | ||
| 212 | # define HOST_l2c(l,c) ({ unsigned int r=(l); \ | ||
| 213 | asm ("bswapl %0":"=r"(r):"0"(r)); \ | ||
| 214 | *((unsigned int *)(c))=r; (c)+=4; r; }) | ||
| 215 | # endif | ||
| 216 | # endif | ||
| 217 | # endif | ||
| 336 | #endif | 218 | #endif |
| 219 | #if defined(__s390__) || defined(__s390x__) | ||
| 220 | # define HOST_c2l(c,l) ((l)=*((const unsigned int *)(c)), (c)+=4, (l)) | ||
| 221 | # define HOST_l2c(l,c) (*((unsigned int *)(c))=(l), (c)+=4, (l)) | ||
| 337 | #endif | 222 | #endif |
| 338 | 223 | ||
| 339 | #if defined(DATA_ORDER_IS_BIG_ENDIAN) | 224 | #ifndef HOST_c2l |
| 340 | |||
| 341 | #define HOST_c2l(c,l) (l =(((unsigned long)(*((c)++)))<<24), \ | 225 | #define HOST_c2l(c,l) (l =(((unsigned long)(*((c)++)))<<24), \ |
| 342 | l|=(((unsigned long)(*((c)++)))<<16), \ | 226 | l|=(((unsigned long)(*((c)++)))<<16), \ |
| 343 | l|=(((unsigned long)(*((c)++)))<< 8), \ | 227 | l|=(((unsigned long)(*((c)++)))<< 8), \ |
| 344 | l|=(((unsigned long)(*((c)++))) ), \ | 228 | l|=(((unsigned long)(*((c)++))) ), \ |
| 345 | l) | 229 | l) |
| 346 | #define HOST_p_c2l(c,l,n) { \ | 230 | #endif |
| 347 | switch (n) { \ | 231 | #ifndef HOST_l2c |
| 348 | case 0: l =((unsigned long)(*((c)++)))<<24; \ | ||
| 349 | case 1: l|=((unsigned long)(*((c)++)))<<16; \ | ||
| 350 | case 2: l|=((unsigned long)(*((c)++)))<< 8; \ | ||
| 351 | case 3: l|=((unsigned long)(*((c)++))); \ | ||
| 352 | } } | ||
| 353 | #define HOST_p_c2l_p(c,l,sc,len) { \ | ||
| 354 | switch (sc) { \ | ||
| 355 | case 0: l =((unsigned long)(*((c)++)))<<24; \ | ||
| 356 | if (--len == 0) break; \ | ||
| 357 | case 1: l|=((unsigned long)(*((c)++)))<<16; \ | ||
| 358 | if (--len == 0) break; \ | ||
| 359 | case 2: l|=((unsigned long)(*((c)++)))<< 8; \ | ||
| 360 | } } | ||
| 361 | /* NOTE the pointer is not incremented at the end of this */ | ||
| 362 | #define HOST_c2l_p(c,l,n) { \ | ||
| 363 | l=0; (c)+=n; \ | ||
| 364 | switch (n) { \ | ||
| 365 | case 3: l =((unsigned long)(*(--(c))))<< 8; \ | ||
| 366 | case 2: l|=((unsigned long)(*(--(c))))<<16; \ | ||
| 367 | case 1: l|=((unsigned long)(*(--(c))))<<24; \ | ||
| 368 | } } | ||
| 369 | #define HOST_l2c(l,c) (*((c)++)=(unsigned char)(((l)>>24)&0xff), \ | 232 | #define HOST_l2c(l,c) (*((c)++)=(unsigned char)(((l)>>24)&0xff), \ |
| 370 | *((c)++)=(unsigned char)(((l)>>16)&0xff), \ | 233 | *((c)++)=(unsigned char)(((l)>>16)&0xff), \ |
| 371 | *((c)++)=(unsigned char)(((l)>> 8)&0xff), \ | 234 | *((c)++)=(unsigned char)(((l)>> 8)&0xff), \ |
| 372 | *((c)++)=(unsigned char)(((l) )&0xff), \ | 235 | *((c)++)=(unsigned char)(((l) )&0xff), \ |
| 373 | l) | 236 | l) |
| 237 | #endif | ||
| 374 | 238 | ||
| 375 | #elif defined(DATA_ORDER_IS_LITTLE_ENDIAN) | 239 | #elif defined(DATA_ORDER_IS_LITTLE_ENDIAN) |
| 376 | 240 | ||
| 241 | #ifndef PEDANTIC | ||
| 242 | # if defined(__GNUC__) && __GNUC__>=2 && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) | ||
| 243 | # if defined(__s390x__) | ||
| 244 | # define HOST_c2l(c,l) ({ asm ("lrv %0,0(%1)" \ | ||
| 245 | :"=r"(l) : "r"(c)); \ | ||
| 246 | (c)+=4; (l); }) | ||
| 247 | # define HOST_l2c(l,c) ({ asm ("strv %0,0(%1)" \ | ||
| 248 | : : "r"(l),"r"(c) : "memory"); \ | ||
| 249 | (c)+=4; (l); }) | ||
| 250 | # endif | ||
| 251 | # endif | ||
| 252 | #endif | ||
| 253 | #if defined(__i386) || defined(__i386__) || defined(__x86_64) || defined(__x86_64__) | ||
| 254 | # ifndef B_ENDIAN | ||
| 255 | /* See comment in DATA_ORDER_IS_BIG_ENDIAN section. */ | ||
| 256 | # define HOST_c2l(c,l) ((l)=*((const unsigned int *)(c)), (c)+=4, l) | ||
| 257 | # define HOST_l2c(l,c) (*((unsigned int *)(c))=(l), (c)+=4, l) | ||
| 258 | # endif | ||
| 259 | #endif | ||
| 260 | |||
| 261 | #ifndef HOST_c2l | ||
| 377 | #define HOST_c2l(c,l) (l =(((unsigned long)(*((c)++))) ), \ | 262 | #define HOST_c2l(c,l) (l =(((unsigned long)(*((c)++))) ), \ |
| 378 | l|=(((unsigned long)(*((c)++)))<< 8), \ | 263 | l|=(((unsigned long)(*((c)++)))<< 8), \ |
| 379 | l|=(((unsigned long)(*((c)++)))<<16), \ | 264 | l|=(((unsigned long)(*((c)++)))<<16), \ |
| 380 | l|=(((unsigned long)(*((c)++)))<<24), \ | 265 | l|=(((unsigned long)(*((c)++)))<<24), \ |
| 381 | l) | 266 | l) |
| 382 | #define HOST_p_c2l(c,l,n) { \ | 267 | #endif |
| 383 | switch (n) { \ | 268 | #ifndef HOST_l2c |
| 384 | case 0: l =((unsigned long)(*((c)++))); \ | ||
| 385 | case 1: l|=((unsigned long)(*((c)++)))<< 8; \ | ||
| 386 | case 2: l|=((unsigned long)(*((c)++)))<<16; \ | ||
| 387 | case 3: l|=((unsigned long)(*((c)++)))<<24; \ | ||
| 388 | } } | ||
| 389 | #define HOST_p_c2l_p(c,l,sc,len) { \ | ||
| 390 | switch (sc) { \ | ||
| 391 | case 0: l =((unsigned long)(*((c)++))); \ | ||
| 392 | if (--len == 0) break; \ | ||
| 393 | case 1: l|=((unsigned long)(*((c)++)))<< 8; \ | ||
| 394 | if (--len == 0) break; \ | ||
| 395 | case 2: l|=((unsigned long)(*((c)++)))<<16; \ | ||
| 396 | } } | ||
| 397 | /* NOTE the pointer is not incremented at the end of this */ | ||
| 398 | #define HOST_c2l_p(c,l,n) { \ | ||
| 399 | l=0; (c)+=n; \ | ||
| 400 | switch (n) { \ | ||
| 401 | case 3: l =((unsigned long)(*(--(c))))<<16; \ | ||
| 402 | case 2: l|=((unsigned long)(*(--(c))))<< 8; \ | ||
| 403 | case 1: l|=((unsigned long)(*(--(c)))); \ | ||
| 404 | } } | ||
| 405 | #define HOST_l2c(l,c) (*((c)++)=(unsigned char)(((l) )&0xff), \ | 269 | #define HOST_l2c(l,c) (*((c)++)=(unsigned char)(((l) )&0xff), \ |
| 406 | *((c)++)=(unsigned char)(((l)>> 8)&0xff), \ | 270 | *((c)++)=(unsigned char)(((l)>> 8)&0xff), \ |
| 407 | *((c)++)=(unsigned char)(((l)>>16)&0xff), \ | 271 | *((c)++)=(unsigned char)(((l)>>16)&0xff), \ |
| 408 | *((c)++)=(unsigned char)(((l)>>24)&0xff), \ | 272 | *((c)++)=(unsigned char)(((l)>>24)&0xff), \ |
| 409 | l) | 273 | l) |
| 274 | #endif | ||
| 410 | 275 | ||
| 411 | #endif | 276 | #endif |
| 412 | 277 | ||
| @@ -414,118 +279,60 @@ | |||
| 414 | * Time for some action:-) | 279 | * Time for some action:-) |
| 415 | */ | 280 | */ |
| 416 | 281 | ||
| 417 | int HASH_UPDATE (HASH_CTX *c, const void *data_, unsigned long len) | 282 | int HASH_UPDATE (HASH_CTX *c, const void *data_, size_t len) |
| 418 | { | 283 | { |
| 419 | const unsigned char *data=data_; | 284 | const unsigned char *data=data_; |
| 420 | register HASH_LONG * p; | 285 | unsigned char *p; |
| 421 | register unsigned long l; | 286 | HASH_LONG l; |
| 422 | int sw,sc,ew,ec; | 287 | size_t n; |
| 423 | 288 | ||
| 424 | if (len==0) return 1; | 289 | if (len==0) return 1; |
| 425 | 290 | ||
| 426 | l=(c->Nl+(len<<3))&0xffffffffL; | 291 | l=(c->Nl+(((HASH_LONG)len)<<3))&0xffffffffUL; |
| 427 | /* 95-05-24 eay Fixed a bug with the overflow handling, thanks to | 292 | /* 95-05-24 eay Fixed a bug with the overflow handling, thanks to |
| 428 | * Wei Dai <weidai@eskimo.com> for pointing it out. */ | 293 | * Wei Dai <weidai@eskimo.com> for pointing it out. */ |
| 429 | if (l < c->Nl) /* overflow */ | 294 | if (l < c->Nl) /* overflow */ |
| 430 | c->Nh++; | 295 | c->Nh++; |
| 431 | c->Nh+=(len>>29); | 296 | c->Nh+=(len>>29); /* might cause compiler warning on 16-bit */ |
| 432 | c->Nl=l; | 297 | c->Nl=l; |
| 433 | 298 | ||
| 434 | if (c->num != 0) | 299 | n = c->num; |
| 300 | if (n != 0) | ||
| 435 | { | 301 | { |
| 436 | p=c->data; | 302 | p=(unsigned char *)c->data; |
| 437 | sw=c->num>>2; | ||
| 438 | sc=c->num&0x03; | ||
| 439 | 303 | ||
| 440 | if ((c->num+len) >= HASH_CBLOCK) | 304 | if ((n+len) >= HASH_CBLOCK) |
| 441 | { | 305 | { |
| 442 | l=p[sw]; HOST_p_c2l(data,l,sc); p[sw++]=l; | 306 | memcpy (p+n,data,HASH_CBLOCK-n); |
| 443 | for (; sw<HASH_LBLOCK; sw++) | 307 | HASH_BLOCK_DATA_ORDER (c,p,1); |
| 444 | { | 308 | n = HASH_CBLOCK-n; |
| 445 | HOST_c2l(data,l); p[sw]=l; | 309 | data += n; |
| 446 | } | 310 | len -= n; |
| 447 | HASH_BLOCK_HOST_ORDER (c,p,1); | 311 | c->num = 0; |
| 448 | len-=(HASH_CBLOCK-c->num); | 312 | memset (p,0,HASH_CBLOCK); /* keep it zeroed */ |
| 449 | c->num=0; | ||
| 450 | /* drop through and do the rest */ | ||
| 451 | } | 313 | } |
| 452 | else | 314 | else |
| 453 | { | 315 | { |
| 454 | c->num+=len; | 316 | memcpy (p+n,data,len); |
| 455 | if ((sc+len) < 4) /* ugly, add char's to a word */ | 317 | c->num += (unsigned int)len; |
| 456 | { | ||
| 457 | l=p[sw]; HOST_p_c2l_p(data,l,sc,len); p[sw]=l; | ||
| 458 | } | ||
| 459 | else | ||
| 460 | { | ||
| 461 | ew=(c->num>>2); | ||
| 462 | ec=(c->num&0x03); | ||
| 463 | if (sc) | ||
| 464 | l=p[sw]; | ||
| 465 | HOST_p_c2l(data,l,sc); | ||
| 466 | p[sw++]=l; | ||
| 467 | for (; sw < ew; sw++) | ||
| 468 | { | ||
| 469 | HOST_c2l(data,l); p[sw]=l; | ||
| 470 | } | ||
| 471 | if (ec) | ||
| 472 | { | ||
| 473 | HOST_c2l_p(data,l,ec); p[sw]=l; | ||
| 474 | } | ||
| 475 | } | ||
| 476 | return 1; | 318 | return 1; |
| 477 | } | 319 | } |
| 478 | } | 320 | } |
| 479 | 321 | ||
| 480 | sw=len/HASH_CBLOCK; | 322 | n = len/HASH_CBLOCK; |
| 481 | if (sw > 0) | 323 | if (n > 0) |
| 482 | { | 324 | { |
| 483 | #if defined(HASH_BLOCK_DATA_ORDER_ALIGNED) | 325 | HASH_BLOCK_DATA_ORDER (c,data,n); |
| 484 | /* | 326 | n *= HASH_CBLOCK; |
| 485 | * Note that HASH_BLOCK_DATA_ORDER_ALIGNED gets defined | 327 | data += n; |
| 486 | * only if sizeof(HASH_LONG)==4. | 328 | len -= n; |
| 487 | */ | ||
| 488 | if ((((unsigned long)data)%4) == 0) | ||
| 489 | { | ||
| 490 | /* data is properly aligned so that we can cast it: */ | ||
| 491 | HASH_BLOCK_DATA_ORDER_ALIGNED (c,(HASH_LONG *)data,sw); | ||
| 492 | sw*=HASH_CBLOCK; | ||
| 493 | data+=sw; | ||
| 494 | len-=sw; | ||
| 495 | } | ||
| 496 | else | ||
| 497 | #if !defined(HASH_BLOCK_DATA_ORDER) | ||
| 498 | while (sw--) | ||
| 499 | { | ||
| 500 | memcpy (p=c->data,data,HASH_CBLOCK); | ||
| 501 | HASH_BLOCK_DATA_ORDER_ALIGNED(c,p,1); | ||
| 502 | data+=HASH_CBLOCK; | ||
| 503 | len-=HASH_CBLOCK; | ||
| 504 | } | ||
| 505 | #endif | ||
| 506 | #endif | ||
| 507 | #if defined(HASH_BLOCK_DATA_ORDER) | ||
| 508 | { | ||
| 509 | HASH_BLOCK_DATA_ORDER(c,data,sw); | ||
| 510 | sw*=HASH_CBLOCK; | ||
| 511 | data+=sw; | ||
| 512 | len-=sw; | ||
| 513 | } | ||
| 514 | #endif | ||
| 515 | } | 329 | } |
| 516 | 330 | ||
| 517 | if (len!=0) | 331 | if (len != 0) |
| 518 | { | 332 | { |
| 519 | p = c->data; | 333 | p = (unsigned char *)c->data; |
| 520 | c->num = len; | 334 | c->num = len; |
| 521 | ew=len>>2; /* words to copy */ | 335 | memcpy (p,data,len); |
| 522 | ec=len&0x03; | ||
| 523 | for (; ew; ew--,p++) | ||
| 524 | { | ||
| 525 | HOST_c2l(data,l); *p=l; | ||
| 526 | } | ||
| 527 | HOST_c2l_p(data,l,ec); | ||
| 528 | *p=l; | ||
| 529 | } | 336 | } |
| 530 | return 1; | 337 | return 1; |
| 531 | } | 338 | } |
| @@ -533,81 +340,38 @@ int HASH_UPDATE (HASH_CTX *c, const void *data_, unsigned long len) | |||
| 533 | 340 | ||
| 534 | void HASH_TRANSFORM (HASH_CTX *c, const unsigned char *data) | 341 | void HASH_TRANSFORM (HASH_CTX *c, const unsigned char *data) |
| 535 | { | 342 | { |
| 536 | #if defined(HASH_BLOCK_DATA_ORDER_ALIGNED) | ||
| 537 | if ((((unsigned long)data)%4) == 0) | ||
| 538 | /* data is properly aligned so that we can cast it: */ | ||
| 539 | HASH_BLOCK_DATA_ORDER_ALIGNED (c,(HASH_LONG *)data,1); | ||
| 540 | else | ||
| 541 | #if !defined(HASH_BLOCK_DATA_ORDER) | ||
| 542 | { | ||
| 543 | memcpy (c->data,data,HASH_CBLOCK); | ||
| 544 | HASH_BLOCK_DATA_ORDER_ALIGNED (c,c->data,1); | ||
| 545 | } | ||
| 546 | #endif | ||
| 547 | #endif | ||
| 548 | #if defined(HASH_BLOCK_DATA_ORDER) | ||
| 549 | HASH_BLOCK_DATA_ORDER (c,data,1); | 343 | HASH_BLOCK_DATA_ORDER (c,data,1); |
| 550 | #endif | ||
| 551 | } | 344 | } |
| 552 | 345 | ||
| 553 | 346 | ||
| 554 | int HASH_FINAL (unsigned char *md, HASH_CTX *c) | 347 | int HASH_FINAL (unsigned char *md, HASH_CTX *c) |
| 555 | { | 348 | { |
| 556 | register HASH_LONG *p; | 349 | unsigned char *p = (unsigned char *)c->data; |
| 557 | register unsigned long l; | 350 | size_t n = c->num; |
| 558 | register int i,j; | ||
| 559 | static const unsigned char end[4]={0x80,0x00,0x00,0x00}; | ||
| 560 | const unsigned char *cp=end; | ||
| 561 | |||
| 562 | #if 0 | ||
| 563 | if(FIPS_mode() && !FIPS_md5_allowed()) | ||
| 564 | { | ||
| 565 | FIPSerr(FIPS_F_HASH_FINAL,FIPS_R_NON_FIPS_METHOD); | ||
| 566 | return 0; | ||
| 567 | } | ||
| 568 | #endif | ||
| 569 | 351 | ||
| 570 | /* c->num should definitly have room for at least one more byte. */ | 352 | p[n] = 0x80; /* there is always room for one */ |
| 571 | p=c->data; | 353 | n++; |
| 572 | i=c->num>>2; | ||
| 573 | j=c->num&0x03; | ||
| 574 | |||
| 575 | #if 0 | ||
| 576 | /* purify often complains about the following line as an | ||
| 577 | * Uninitialized Memory Read. While this can be true, the | ||
| 578 | * following p_c2l macro will reset l when that case is true. | ||
| 579 | * This is because j&0x03 contains the number of 'valid' bytes | ||
| 580 | * already in p[i]. If and only if j&0x03 == 0, the UMR will | ||
| 581 | * occur but this is also the only time p_c2l will do | ||
| 582 | * l= *(cp++) instead of l|= *(cp++) | ||
| 583 | * Many thanks to Alex Tang <altitude@cic.net> for pickup this | ||
| 584 | * 'potential bug' */ | ||
| 585 | #ifdef PURIFY | ||
| 586 | if (j==0) p[i]=0; /* Yeah, but that's not the way to fix it:-) */ | ||
| 587 | #endif | ||
| 588 | l=p[i]; | ||
| 589 | #else | ||
| 590 | l = (j==0) ? 0 : p[i]; | ||
| 591 | #endif | ||
| 592 | HOST_p_c2l(cp,l,j); p[i++]=l; /* i is the next 'undefined word' */ | ||
| 593 | 354 | ||
| 594 | if (i>(HASH_LBLOCK-2)) /* save room for Nl and Nh */ | 355 | if (n > (HASH_CBLOCK-8)) |
| 595 | { | 356 | { |
| 596 | if (i<HASH_LBLOCK) p[i]=0; | 357 | memset (p+n,0,HASH_CBLOCK-n); |
| 597 | HASH_BLOCK_HOST_ORDER (c,p,1); | 358 | n=0; |
| 598 | i=0; | 359 | HASH_BLOCK_DATA_ORDER (c,p,1); |
| 599 | } | 360 | } |
| 600 | for (; i<(HASH_LBLOCK-2); i++) | 361 | memset (p+n,0,HASH_CBLOCK-8-n); |
| 601 | p[i]=0; | ||
| 602 | 362 | ||
| 363 | p += HASH_CBLOCK-8; | ||
| 603 | #if defined(DATA_ORDER_IS_BIG_ENDIAN) | 364 | #if defined(DATA_ORDER_IS_BIG_ENDIAN) |
| 604 | p[HASH_LBLOCK-2]=c->Nh; | 365 | (void)HOST_l2c(c->Nh,p); |
| 605 | p[HASH_LBLOCK-1]=c->Nl; | 366 | (void)HOST_l2c(c->Nl,p); |
| 606 | #elif defined(DATA_ORDER_IS_LITTLE_ENDIAN) | 367 | #elif defined(DATA_ORDER_IS_LITTLE_ENDIAN) |
| 607 | p[HASH_LBLOCK-2]=c->Nl; | 368 | (void)HOST_l2c(c->Nl,p); |
| 608 | p[HASH_LBLOCK-1]=c->Nh; | 369 | (void)HOST_l2c(c->Nh,p); |
| 609 | #endif | 370 | #endif |
| 610 | HASH_BLOCK_HOST_ORDER (c,p,1); | 371 | p -= HASH_CBLOCK; |
| 372 | HASH_BLOCK_DATA_ORDER (c,p,1); | ||
| 373 | c->num=0; | ||
| 374 | memset (p,0,HASH_CBLOCK); | ||
| 611 | 375 | ||
| 612 | #ifndef HASH_MAKE_STRING | 376 | #ifndef HASH_MAKE_STRING |
| 613 | #error "HASH_MAKE_STRING must be defined!" | 377 | #error "HASH_MAKE_STRING must be defined!" |
| @@ -615,11 +379,6 @@ int HASH_FINAL (unsigned char *md, HASH_CTX *c) | |||
| 615 | HASH_MAKE_STRING(c,md); | 379 | HASH_MAKE_STRING(c,md); |
| 616 | #endif | 380 | #endif |
| 617 | 381 | ||
| 618 | c->num=0; | ||
| 619 | /* clear stuff, HASH_BLOCK may be leaving some stuff on the stack | ||
| 620 | * but I'm not worried :-) | ||
| 621 | OPENSSL_cleanse((void *)c,sizeof(HASH_CTX)); | ||
| 622 | */ | ||
| 623 | return 1; | 382 | return 1; |
| 624 | } | 383 | } |
| 625 | 384 | ||
diff --git a/src/lib/libssl/src/crypto/md4/md4.h b/src/lib/libssl/src/crypto/md4/md4.h index 7e761efb62..5598c93a4f 100644 --- a/src/lib/libssl/src/crypto/md4/md4.h +++ b/src/lib/libssl/src/crypto/md4/md4.h | |||
| @@ -60,6 +60,7 @@ | |||
| 60 | #define HEADER_MD4_H | 60 | #define HEADER_MD4_H |
| 61 | 61 | ||
| 62 | #include <openssl/e_os2.h> | 62 | #include <openssl/e_os2.h> |
| 63 | #include <stddef.h> | ||
| 63 | 64 | ||
| 64 | #ifdef __cplusplus | 65 | #ifdef __cplusplus |
| 65 | extern "C" { | 66 | extern "C" { |
| @@ -101,16 +102,13 @@ typedef struct MD4state_st | |||
| 101 | MD4_LONG A,B,C,D; | 102 | MD4_LONG A,B,C,D; |
| 102 | MD4_LONG Nl,Nh; | 103 | MD4_LONG Nl,Nh; |
| 103 | MD4_LONG data[MD4_LBLOCK]; | 104 | MD4_LONG data[MD4_LBLOCK]; |
| 104 | int num; | 105 | unsigned int num; |
| 105 | } MD4_CTX; | 106 | } MD4_CTX; |
| 106 | 107 | ||
| 107 | #ifdef OPENSSL_FIPS | ||
| 108 | int private_MD4_Init(MD4_CTX *c); | ||
| 109 | #endif | ||
| 110 | int MD4_Init(MD4_CTX *c); | 108 | int MD4_Init(MD4_CTX *c); |
| 111 | int MD4_Update(MD4_CTX *c, const void *data, unsigned long len); | 109 | int MD4_Update(MD4_CTX *c, const void *data, size_t len); |
| 112 | int MD4_Final(unsigned char *md, MD4_CTX *c); | 110 | int MD4_Final(unsigned char *md, MD4_CTX *c); |
| 113 | unsigned char *MD4(const unsigned char *d, unsigned long n, unsigned char *md); | 111 | unsigned char *MD4(const unsigned char *d, size_t n, unsigned char *md); |
| 114 | void MD4_Transform(MD4_CTX *c, const unsigned char *b); | 112 | void MD4_Transform(MD4_CTX *c, const unsigned char *b); |
| 115 | #ifdef __cplusplus | 113 | #ifdef __cplusplus |
| 116 | } | 114 | } |
diff --git a/src/lib/libssl/src/crypto/md4/md4_dgst.c b/src/lib/libssl/src/crypto/md4/md4_dgst.c index ee7cc72262..cfef94af39 100644 --- a/src/lib/libssl/src/crypto/md4/md4_dgst.c +++ b/src/lib/libssl/src/crypto/md4/md4_dgst.c | |||
| @@ -60,7 +60,7 @@ | |||
| 60 | #include "md4_locl.h" | 60 | #include "md4_locl.h" |
| 61 | #include <openssl/opensslv.h> | 61 | #include <openssl/opensslv.h> |
| 62 | 62 | ||
| 63 | const char *MD4_version="MD4" OPENSSL_VERSION_PTEXT; | 63 | const char MD4_version[]="MD4" OPENSSL_VERSION_PTEXT; |
| 64 | 64 | ||
| 65 | /* Implemented from RFC1186 The MD4 Message-Digest Algorithm | 65 | /* Implemented from RFC1186 The MD4 Message-Digest Algorithm |
| 66 | */ | 66 | */ |
| @@ -70,7 +70,7 @@ const char *MD4_version="MD4" OPENSSL_VERSION_PTEXT; | |||
| 70 | #define INIT_DATA_C (unsigned long)0x98badcfeL | 70 | #define INIT_DATA_C (unsigned long)0x98badcfeL |
| 71 | #define INIT_DATA_D (unsigned long)0x10325476L | 71 | #define INIT_DATA_D (unsigned long)0x10325476L |
| 72 | 72 | ||
| 73 | FIPS_NON_FIPS_MD_Init(MD4) | 73 | int MD4_Init(MD4_CTX *c) |
| 74 | { | 74 | { |
| 75 | c->A=INIT_DATA_A; | 75 | c->A=INIT_DATA_A; |
| 76 | c->B=INIT_DATA_B; | 76 | c->B=INIT_DATA_B; |
| @@ -82,84 +82,11 @@ FIPS_NON_FIPS_MD_Init(MD4) | |||
| 82 | return 1; | 82 | return 1; |
| 83 | } | 83 | } |
| 84 | 84 | ||
| 85 | #ifndef md4_block_host_order | ||
| 86 | void md4_block_host_order (MD4_CTX *c, const void *data, int num) | ||
| 87 | { | ||
| 88 | const MD4_LONG *X=data; | ||
| 89 | register unsigned MD32_REG_T A,B,C,D; | ||
| 90 | |||
| 91 | A=c->A; | ||
| 92 | B=c->B; | ||
| 93 | C=c->C; | ||
| 94 | D=c->D; | ||
| 95 | |||
| 96 | for (;num--;X+=HASH_LBLOCK) | ||
| 97 | { | ||
| 98 | /* Round 0 */ | ||
| 99 | R0(A,B,C,D,X[ 0], 3,0); | ||
| 100 | R0(D,A,B,C,X[ 1], 7,0); | ||
| 101 | R0(C,D,A,B,X[ 2],11,0); | ||
| 102 | R0(B,C,D,A,X[ 3],19,0); | ||
| 103 | R0(A,B,C,D,X[ 4], 3,0); | ||
| 104 | R0(D,A,B,C,X[ 5], 7,0); | ||
| 105 | R0(C,D,A,B,X[ 6],11,0); | ||
| 106 | R0(B,C,D,A,X[ 7],19,0); | ||
| 107 | R0(A,B,C,D,X[ 8], 3,0); | ||
| 108 | R0(D,A,B,C,X[ 9], 7,0); | ||
| 109 | R0(C,D,A,B,X[10],11,0); | ||
| 110 | R0(B,C,D,A,X[11],19,0); | ||
| 111 | R0(A,B,C,D,X[12], 3,0); | ||
| 112 | R0(D,A,B,C,X[13], 7,0); | ||
| 113 | R0(C,D,A,B,X[14],11,0); | ||
| 114 | R0(B,C,D,A,X[15],19,0); | ||
| 115 | /* Round 1 */ | ||
| 116 | R1(A,B,C,D,X[ 0], 3,0x5A827999L); | ||
| 117 | R1(D,A,B,C,X[ 4], 5,0x5A827999L); | ||
| 118 | R1(C,D,A,B,X[ 8], 9,0x5A827999L); | ||
| 119 | R1(B,C,D,A,X[12],13,0x5A827999L); | ||
| 120 | R1(A,B,C,D,X[ 1], 3,0x5A827999L); | ||
| 121 | R1(D,A,B,C,X[ 5], 5,0x5A827999L); | ||
| 122 | R1(C,D,A,B,X[ 9], 9,0x5A827999L); | ||
| 123 | R1(B,C,D,A,X[13],13,0x5A827999L); | ||
| 124 | R1(A,B,C,D,X[ 2], 3,0x5A827999L); | ||
| 125 | R1(D,A,B,C,X[ 6], 5,0x5A827999L); | ||
| 126 | R1(C,D,A,B,X[10], 9,0x5A827999L); | ||
| 127 | R1(B,C,D,A,X[14],13,0x5A827999L); | ||
| 128 | R1(A,B,C,D,X[ 3], 3,0x5A827999L); | ||
| 129 | R1(D,A,B,C,X[ 7], 5,0x5A827999L); | ||
| 130 | R1(C,D,A,B,X[11], 9,0x5A827999L); | ||
| 131 | R1(B,C,D,A,X[15],13,0x5A827999L); | ||
| 132 | /* Round 2 */ | ||
| 133 | R2(A,B,C,D,X[ 0], 3,0x6ED9EBA1); | ||
| 134 | R2(D,A,B,C,X[ 8], 9,0x6ED9EBA1); | ||
| 135 | R2(C,D,A,B,X[ 4],11,0x6ED9EBA1); | ||
| 136 | R2(B,C,D,A,X[12],15,0x6ED9EBA1); | ||
| 137 | R2(A,B,C,D,X[ 2], 3,0x6ED9EBA1); | ||
| 138 | R2(D,A,B,C,X[10], 9,0x6ED9EBA1); | ||
| 139 | R2(C,D,A,B,X[ 6],11,0x6ED9EBA1); | ||
| 140 | R2(B,C,D,A,X[14],15,0x6ED9EBA1); | ||
| 141 | R2(A,B,C,D,X[ 1], 3,0x6ED9EBA1); | ||
| 142 | R2(D,A,B,C,X[ 9], 9,0x6ED9EBA1); | ||
| 143 | R2(C,D,A,B,X[ 5],11,0x6ED9EBA1); | ||
| 144 | R2(B,C,D,A,X[13],15,0x6ED9EBA1); | ||
| 145 | R2(A,B,C,D,X[ 3], 3,0x6ED9EBA1); | ||
| 146 | R2(D,A,B,C,X[11], 9,0x6ED9EBA1); | ||
| 147 | R2(C,D,A,B,X[ 7],11,0x6ED9EBA1); | ||
| 148 | R2(B,C,D,A,X[15],15,0x6ED9EBA1); | ||
| 149 | |||
| 150 | A = c->A += A; | ||
| 151 | B = c->B += B; | ||
| 152 | C = c->C += C; | ||
| 153 | D = c->D += D; | ||
| 154 | } | ||
| 155 | } | ||
| 156 | #endif | ||
| 157 | |||
| 158 | #ifndef md4_block_data_order | 85 | #ifndef md4_block_data_order |
| 159 | #ifdef X | 86 | #ifdef X |
| 160 | #undef X | 87 | #undef X |
| 161 | #endif | 88 | #endif |
| 162 | void md4_block_data_order (MD4_CTX *c, const void *data_, int num) | 89 | void md4_block_data_order (MD4_CTX *c, const void *data_, size_t num) |
| 163 | { | 90 | { |
| 164 | const unsigned char *data=data_; | 91 | const unsigned char *data=data_; |
| 165 | register unsigned MD32_REG_T A,B,C,D,l; | 92 | register unsigned MD32_REG_T A,B,C,D,l; |
| @@ -240,19 +167,3 @@ void md4_block_data_order (MD4_CTX *c, const void *data_, int num) | |||
| 240 | } | 167 | } |
| 241 | } | 168 | } |
| 242 | #endif | 169 | #endif |
| 243 | |||
| 244 | #ifdef undef | ||
| 245 | int printit(unsigned long *l) | ||
| 246 | { | ||
| 247 | int i,ii; | ||
| 248 | |||
| 249 | for (i=0; i<2; i++) | ||
| 250 | { | ||
| 251 | for (ii=0; ii<8; ii++) | ||
| 252 | { | ||
| 253 | fprintf(stderr,"%08lx ",l[i*8+ii]); | ||
| 254 | } | ||
| 255 | fprintf(stderr,"\n"); | ||
| 256 | } | ||
| 257 | } | ||
| 258 | #endif | ||
diff --git a/src/lib/libssl/src/crypto/md4/md4_locl.h b/src/lib/libssl/src/crypto/md4/md4_locl.h index a8d31d7a73..c8085b0ead 100644 --- a/src/lib/libssl/src/crypto/md4/md4_locl.h +++ b/src/lib/libssl/src/crypto/md4/md4_locl.h | |||
| @@ -65,41 +65,13 @@ | |||
| 65 | #define MD4_LONG_LOG2 2 /* default to 32 bits */ | 65 | #define MD4_LONG_LOG2 2 /* default to 32 bits */ |
| 66 | #endif | 66 | #endif |
| 67 | 67 | ||
| 68 | void md4_block_host_order (MD4_CTX *c, const void *p,int num); | 68 | void md4_block_data_order (MD4_CTX *c, const void *p,size_t num); |
| 69 | void md4_block_data_order (MD4_CTX *c, const void *p,int num); | ||
| 70 | |||
| 71 | #if defined(__i386) || defined(__i386__) || defined(_M_IX86) || defined(__INTEL__) | ||
| 72 | /* | ||
| 73 | * *_block_host_order is expected to handle aligned data while | ||
| 74 | * *_block_data_order - unaligned. As algorithm and host (x86) | ||
| 75 | * are in this case of the same "endianness" these two are | ||
| 76 | * otherwise indistinguishable. But normally you don't want to | ||
| 77 | * call the same function because unaligned access in places | ||
| 78 | * where alignment is expected is usually a "Bad Thing". Indeed, | ||
| 79 | * on RISCs you get punished with BUS ERROR signal or *severe* | ||
| 80 | * performance degradation. Intel CPUs are in turn perfectly | ||
| 81 | * capable of loading unaligned data without such drastic side | ||
| 82 | * effect. Yes, they say it's slower than aligned load, but no | ||
| 83 | * exception is generated and therefore performance degradation | ||
| 84 | * is *incomparable* with RISCs. What we should weight here is | ||
| 85 | * costs of unaligned access against costs of aligning data. | ||
| 86 | * According to my measurements allowing unaligned access results | ||
| 87 | * in ~9% performance improvement on Pentium II operating at | ||
| 88 | * 266MHz. I won't be surprised if the difference will be higher | ||
| 89 | * on faster systems:-) | ||
| 90 | * | ||
| 91 | * <appro@fy.chalmers.se> | ||
| 92 | */ | ||
| 93 | #define md4_block_data_order md4_block_host_order | ||
| 94 | #endif | ||
| 95 | 69 | ||
| 96 | #define DATA_ORDER_IS_LITTLE_ENDIAN | 70 | #define DATA_ORDER_IS_LITTLE_ENDIAN |
| 97 | 71 | ||
| 98 | #define HASH_LONG MD4_LONG | 72 | #define HASH_LONG MD4_LONG |
| 99 | #define HASH_LONG_LOG2 MD4_LONG_LOG2 | ||
| 100 | #define HASH_CTX MD4_CTX | 73 | #define HASH_CTX MD4_CTX |
| 101 | #define HASH_CBLOCK MD4_CBLOCK | 74 | #define HASH_CBLOCK MD4_CBLOCK |
| 102 | #define HASH_LBLOCK MD4_LBLOCK | ||
| 103 | #define HASH_UPDATE MD4_Update | 75 | #define HASH_UPDATE MD4_Update |
| 104 | #define HASH_TRANSFORM MD4_Transform | 76 | #define HASH_TRANSFORM MD4_Transform |
| 105 | #define HASH_FINAL MD4_Final | 77 | #define HASH_FINAL MD4_Final |
| @@ -110,21 +82,7 @@ void md4_block_data_order (MD4_CTX *c, const void *p,int num); | |||
| 110 | ll=(c)->C; HOST_l2c(ll,(s)); \ | 82 | ll=(c)->C; HOST_l2c(ll,(s)); \ |
| 111 | ll=(c)->D; HOST_l2c(ll,(s)); \ | 83 | ll=(c)->D; HOST_l2c(ll,(s)); \ |
| 112 | } while (0) | 84 | } while (0) |
| 113 | #define HASH_BLOCK_HOST_ORDER md4_block_host_order | ||
| 114 | #if !defined(L_ENDIAN) || defined(md4_block_data_order) | ||
| 115 | #define HASH_BLOCK_DATA_ORDER md4_block_data_order | 85 | #define HASH_BLOCK_DATA_ORDER md4_block_data_order |
| 116 | /* | ||
| 117 | * Little-endians (Intel and Alpha) feel better without this. | ||
| 118 | * It looks like memcpy does better job than generic | ||
| 119 | * md4_block_data_order on copying-n-aligning input data. | ||
| 120 | * But frankly speaking I didn't expect such result on Alpha. | ||
| 121 | * On the other hand I've got this with egcs-1.0.2 and if | ||
| 122 | * program is compiled with another (better?) compiler it | ||
| 123 | * might turn out other way around. | ||
| 124 | * | ||
| 125 | * <appro@fy.chalmers.se> | ||
| 126 | */ | ||
| 127 | #endif | ||
| 128 | 86 | ||
| 129 | #include "md32_common.h" | 87 | #include "md32_common.h" |
| 130 | 88 | ||
diff --git a/src/lib/libssl/src/crypto/md4/md4_one.c b/src/lib/libssl/src/crypto/md4/md4_one.c index 50f79352f6..bb64362638 100644 --- a/src/lib/libssl/src/crypto/md4/md4_one.c +++ b/src/lib/libssl/src/crypto/md4/md4_one.c | |||
| @@ -65,7 +65,7 @@ | |||
| 65 | #include <openssl/ebcdic.h> | 65 | #include <openssl/ebcdic.h> |
| 66 | #endif | 66 | #endif |
| 67 | 67 | ||
| 68 | unsigned char *MD4(const unsigned char *d, unsigned long n, unsigned char *md) | 68 | unsigned char *MD4(const unsigned char *d, size_t n, unsigned char *md) |
| 69 | { | 69 | { |
| 70 | MD4_CTX c; | 70 | MD4_CTX c; |
| 71 | static unsigned char m[MD4_DIGEST_LENGTH]; | 71 | static unsigned char m[MD4_DIGEST_LENGTH]; |
diff --git a/src/lib/libssl/src/crypto/md4/md4test.c b/src/lib/libssl/src/crypto/md4/md4test.c index 21a77d96f7..56591728a1 100644 --- a/src/lib/libssl/src/crypto/md4/md4test.c +++ b/src/lib/libssl/src/crypto/md4/md4test.c | |||
| @@ -97,16 +97,16 @@ static char *pt(unsigned char *md); | |||
| 97 | int main(int argc, char *argv[]) | 97 | int main(int argc, char *argv[]) |
| 98 | { | 98 | { |
| 99 | int i,err=0; | 99 | int i,err=0; |
| 100 | unsigned char **P,**R; | 100 | char **P,**R; |
| 101 | char *p; | 101 | char *p; |
| 102 | unsigned char md[MD4_DIGEST_LENGTH]; | 102 | unsigned char md[MD4_DIGEST_LENGTH]; |
| 103 | 103 | ||
| 104 | P=(unsigned char **)test; | 104 | P=test; |
| 105 | R=(unsigned char **)ret; | 105 | R=ret; |
| 106 | i=1; | 106 | i=1; |
| 107 | while (*P != NULL) | 107 | while (*P != NULL) |
| 108 | { | 108 | { |
| 109 | EVP_Digest(&(P[0][0]),(unsigned long)strlen((char *)*P),md,NULL,EVP_md4(), NULL); | 109 | EVP_Digest(&(P[0][0]),strlen((char *)*P),md,NULL,EVP_md4(), NULL); |
| 110 | p=pt(md); | 110 | p=pt(md); |
| 111 | if (strcmp(p,(char *)*R) != 0) | 111 | if (strcmp(p,(char *)*R) != 0) |
| 112 | { | 112 | { |
diff --git a/src/lib/libssl/src/crypto/md5/asm/md5-586.pl b/src/lib/libssl/src/crypto/md5/asm/md5-586.pl index fa3fa3bed5..76ac235f7d 100644 --- a/src/lib/libssl/src/crypto/md5/asm/md5-586.pl +++ b/src/lib/libssl/src/crypto/md5/asm/md5-586.pl | |||
| @@ -29,7 +29,7 @@ $X="esi"; | |||
| 29 | 0, 7, 14, 5, 12, 3, 10, 1, 8, 15, 6, 13, 4, 11, 2, 9, # R3 | 29 | 0, 7, 14, 5, 12, 3, 10, 1, 8, 15, 6, 13, 4, 11, 2, 9, # R3 |
| 30 | ); | 30 | ); |
| 31 | 31 | ||
| 32 | &md5_block("md5_block_asm_host_order"); | 32 | &md5_block("md5_block_asm_data_order"); |
| 33 | &asm_finish(); | 33 | &asm_finish(); |
| 34 | 34 | ||
| 35 | sub Np | 35 | sub Np |
diff --git a/src/lib/libssl/src/crypto/md5/md5.h b/src/lib/libssl/src/crypto/md5/md5.h index c663dd1816..dbdc0e1abc 100644 --- a/src/lib/libssl/src/crypto/md5/md5.h +++ b/src/lib/libssl/src/crypto/md5/md5.h | |||
| @@ -60,6 +60,7 @@ | |||
| 60 | #define HEADER_MD5_H | 60 | #define HEADER_MD5_H |
| 61 | 61 | ||
| 62 | #include <openssl/e_os2.h> | 62 | #include <openssl/e_os2.h> |
| 63 | #include <stddef.h> | ||
| 63 | 64 | ||
| 64 | #ifdef __cplusplus | 65 | #ifdef __cplusplus |
| 65 | extern "C" { | 66 | extern "C" { |
| @@ -101,16 +102,13 @@ typedef struct MD5state_st | |||
| 101 | MD5_LONG A,B,C,D; | 102 | MD5_LONG A,B,C,D; |
| 102 | MD5_LONG Nl,Nh; | 103 | MD5_LONG Nl,Nh; |
| 103 | MD5_LONG data[MD5_LBLOCK]; | 104 | MD5_LONG data[MD5_LBLOCK]; |
| 104 | int num; | 105 | unsigned int num; |
| 105 | } MD5_CTX; | 106 | } MD5_CTX; |
| 106 | 107 | ||
| 107 | #ifdef OPENSSL_FIPS | ||
| 108 | int private_MD5_Init(MD5_CTX *c); | ||
| 109 | #endif | ||
| 110 | int MD5_Init(MD5_CTX *c); | 108 | int MD5_Init(MD5_CTX *c); |
| 111 | int MD5_Update(MD5_CTX *c, const void *data, unsigned long len); | 109 | int MD5_Update(MD5_CTX *c, const void *data, size_t len); |
| 112 | int MD5_Final(unsigned char *md, MD5_CTX *c); | 110 | int MD5_Final(unsigned char *md, MD5_CTX *c); |
| 113 | unsigned char *MD5(const unsigned char *d, unsigned long n, unsigned char *md); | 111 | unsigned char *MD5(const unsigned char *d, size_t n, unsigned char *md); |
| 114 | void MD5_Transform(MD5_CTX *c, const unsigned char *b); | 112 | void MD5_Transform(MD5_CTX *c, const unsigned char *b); |
| 115 | #ifdef __cplusplus | 113 | #ifdef __cplusplus |
| 116 | } | 114 | } |
diff --git a/src/lib/libssl/src/crypto/md5/md5_dgst.c b/src/lib/libssl/src/crypto/md5/md5_dgst.c index 54b33c6509..b96e332ba4 100644 --- a/src/lib/libssl/src/crypto/md5/md5_dgst.c +++ b/src/lib/libssl/src/crypto/md5/md5_dgst.c | |||
| @@ -60,7 +60,7 @@ | |||
| 60 | #include "md5_locl.h" | 60 | #include "md5_locl.h" |
| 61 | #include <openssl/opensslv.h> | 61 | #include <openssl/opensslv.h> |
| 62 | 62 | ||
| 63 | const char *MD5_version="MD5" OPENSSL_VERSION_PTEXT; | 63 | const char MD5_version[]="MD5" OPENSSL_VERSION_PTEXT; |
| 64 | 64 | ||
| 65 | /* Implemented from RFC1321 The MD5 Message-Digest Algorithm | 65 | /* Implemented from RFC1321 The MD5 Message-Digest Algorithm |
| 66 | */ | 66 | */ |
| @@ -70,7 +70,7 @@ const char *MD5_version="MD5" OPENSSL_VERSION_PTEXT; | |||
| 70 | #define INIT_DATA_C (unsigned long)0x98badcfeL | 70 | #define INIT_DATA_C (unsigned long)0x98badcfeL |
| 71 | #define INIT_DATA_D (unsigned long)0x10325476L | 71 | #define INIT_DATA_D (unsigned long)0x10325476L |
| 72 | 72 | ||
| 73 | FIPS_NON_FIPS_MD_Init(MD5) | 73 | int MD5_Init(MD5_CTX *c) |
| 74 | { | 74 | { |
| 75 | c->A=INIT_DATA_A; | 75 | c->A=INIT_DATA_A; |
| 76 | c->B=INIT_DATA_B; | 76 | c->B=INIT_DATA_B; |
| @@ -82,101 +82,11 @@ FIPS_NON_FIPS_MD_Init(MD5) | |||
| 82 | return 1; | 82 | return 1; |
| 83 | } | 83 | } |
| 84 | 84 | ||
| 85 | #ifndef md5_block_host_order | ||
| 86 | void md5_block_host_order (MD5_CTX *c, const void *data, int num) | ||
| 87 | { | ||
| 88 | const MD5_LONG *X=data; | ||
| 89 | register unsigned MD32_REG_T A,B,C,D; | ||
| 90 | |||
| 91 | A=c->A; | ||
| 92 | B=c->B; | ||
| 93 | C=c->C; | ||
| 94 | D=c->D; | ||
| 95 | |||
| 96 | for (;num--;X+=HASH_LBLOCK) | ||
| 97 | { | ||
| 98 | /* Round 0 */ | ||
| 99 | R0(A,B,C,D,X[ 0], 7,0xd76aa478L); | ||
| 100 | R0(D,A,B,C,X[ 1],12,0xe8c7b756L); | ||
| 101 | R0(C,D,A,B,X[ 2],17,0x242070dbL); | ||
| 102 | R0(B,C,D,A,X[ 3],22,0xc1bdceeeL); | ||
| 103 | R0(A,B,C,D,X[ 4], 7,0xf57c0fafL); | ||
| 104 | R0(D,A,B,C,X[ 5],12,0x4787c62aL); | ||
| 105 | R0(C,D,A,B,X[ 6],17,0xa8304613L); | ||
| 106 | R0(B,C,D,A,X[ 7],22,0xfd469501L); | ||
| 107 | R0(A,B,C,D,X[ 8], 7,0x698098d8L); | ||
| 108 | R0(D,A,B,C,X[ 9],12,0x8b44f7afL); | ||
| 109 | R0(C,D,A,B,X[10],17,0xffff5bb1L); | ||
| 110 | R0(B,C,D,A,X[11],22,0x895cd7beL); | ||
| 111 | R0(A,B,C,D,X[12], 7,0x6b901122L); | ||
| 112 | R0(D,A,B,C,X[13],12,0xfd987193L); | ||
| 113 | R0(C,D,A,B,X[14],17,0xa679438eL); | ||
| 114 | R0(B,C,D,A,X[15],22,0x49b40821L); | ||
| 115 | /* Round 1 */ | ||
| 116 | R1(A,B,C,D,X[ 1], 5,0xf61e2562L); | ||
| 117 | R1(D,A,B,C,X[ 6], 9,0xc040b340L); | ||
| 118 | R1(C,D,A,B,X[11],14,0x265e5a51L); | ||
| 119 | R1(B,C,D,A,X[ 0],20,0xe9b6c7aaL); | ||
| 120 | R1(A,B,C,D,X[ 5], 5,0xd62f105dL); | ||
| 121 | R1(D,A,B,C,X[10], 9,0x02441453L); | ||
| 122 | R1(C,D,A,B,X[15],14,0xd8a1e681L); | ||
| 123 | R1(B,C,D,A,X[ 4],20,0xe7d3fbc8L); | ||
| 124 | R1(A,B,C,D,X[ 9], 5,0x21e1cde6L); | ||
| 125 | R1(D,A,B,C,X[14], 9,0xc33707d6L); | ||
| 126 | R1(C,D,A,B,X[ 3],14,0xf4d50d87L); | ||
| 127 | R1(B,C,D,A,X[ 8],20,0x455a14edL); | ||
| 128 | R1(A,B,C,D,X[13], 5,0xa9e3e905L); | ||
| 129 | R1(D,A,B,C,X[ 2], 9,0xfcefa3f8L); | ||
| 130 | R1(C,D,A,B,X[ 7],14,0x676f02d9L); | ||
| 131 | R1(B,C,D,A,X[12],20,0x8d2a4c8aL); | ||
| 132 | /* Round 2 */ | ||
| 133 | R2(A,B,C,D,X[ 5], 4,0xfffa3942L); | ||
| 134 | R2(D,A,B,C,X[ 8],11,0x8771f681L); | ||
| 135 | R2(C,D,A,B,X[11],16,0x6d9d6122L); | ||
| 136 | R2(B,C,D,A,X[14],23,0xfde5380cL); | ||
| 137 | R2(A,B,C,D,X[ 1], 4,0xa4beea44L); | ||
| 138 | R2(D,A,B,C,X[ 4],11,0x4bdecfa9L); | ||
| 139 | R2(C,D,A,B,X[ 7],16,0xf6bb4b60L); | ||
| 140 | R2(B,C,D,A,X[10],23,0xbebfbc70L); | ||
| 141 | R2(A,B,C,D,X[13], 4,0x289b7ec6L); | ||
| 142 | R2(D,A,B,C,X[ 0],11,0xeaa127faL); | ||
| 143 | R2(C,D,A,B,X[ 3],16,0xd4ef3085L); | ||
| 144 | R2(B,C,D,A,X[ 6],23,0x04881d05L); | ||
| 145 | R2(A,B,C,D,X[ 9], 4,0xd9d4d039L); | ||
| 146 | R2(D,A,B,C,X[12],11,0xe6db99e5L); | ||
| 147 | R2(C,D,A,B,X[15],16,0x1fa27cf8L); | ||
| 148 | R2(B,C,D,A,X[ 2],23,0xc4ac5665L); | ||
| 149 | /* Round 3 */ | ||
| 150 | R3(A,B,C,D,X[ 0], 6,0xf4292244L); | ||
| 151 | R3(D,A,B,C,X[ 7],10,0x432aff97L); | ||
| 152 | R3(C,D,A,B,X[14],15,0xab9423a7L); | ||
| 153 | R3(B,C,D,A,X[ 5],21,0xfc93a039L); | ||
| 154 | R3(A,B,C,D,X[12], 6,0x655b59c3L); | ||
| 155 | R3(D,A,B,C,X[ 3],10,0x8f0ccc92L); | ||
| 156 | R3(C,D,A,B,X[10],15,0xffeff47dL); | ||
| 157 | R3(B,C,D,A,X[ 1],21,0x85845dd1L); | ||
| 158 | R3(A,B,C,D,X[ 8], 6,0x6fa87e4fL); | ||
| 159 | R3(D,A,B,C,X[15],10,0xfe2ce6e0L); | ||
| 160 | R3(C,D,A,B,X[ 6],15,0xa3014314L); | ||
| 161 | R3(B,C,D,A,X[13],21,0x4e0811a1L); | ||
| 162 | R3(A,B,C,D,X[ 4], 6,0xf7537e82L); | ||
| 163 | R3(D,A,B,C,X[11],10,0xbd3af235L); | ||
| 164 | R3(C,D,A,B,X[ 2],15,0x2ad7d2bbL); | ||
| 165 | R3(B,C,D,A,X[ 9],21,0xeb86d391L); | ||
| 166 | |||
| 167 | A = c->A += A; | ||
| 168 | B = c->B += B; | ||
| 169 | C = c->C += C; | ||
| 170 | D = c->D += D; | ||
| 171 | } | ||
| 172 | } | ||
| 173 | #endif | ||
| 174 | |||
| 175 | #ifndef md5_block_data_order | 85 | #ifndef md5_block_data_order |
| 176 | #ifdef X | 86 | #ifdef X |
| 177 | #undef X | 87 | #undef X |
| 178 | #endif | 88 | #endif |
| 179 | void md5_block_data_order (MD5_CTX *c, const void *data_, int num) | 89 | void md5_block_data_order (MD5_CTX *c, const void *data_, size_t num) |
| 180 | { | 90 | { |
| 181 | const unsigned char *data=data_; | 91 | const unsigned char *data=data_; |
| 182 | register unsigned MD32_REG_T A,B,C,D,l; | 92 | register unsigned MD32_REG_T A,B,C,D,l; |
| @@ -274,19 +184,3 @@ void md5_block_data_order (MD5_CTX *c, const void *data_, int num) | |||
| 274 | } | 184 | } |
| 275 | } | 185 | } |
| 276 | #endif | 186 | #endif |
| 277 | |||
| 278 | #ifdef undef | ||
| 279 | int printit(unsigned long *l) | ||
| 280 | { | ||
| 281 | int i,ii; | ||
| 282 | |||
| 283 | for (i=0; i<2; i++) | ||
| 284 | { | ||
| 285 | for (ii=0; ii<8; ii++) | ||
| 286 | { | ||
| 287 | fprintf(stderr,"%08lx ",l[i*8+ii]); | ||
| 288 | } | ||
| 289 | fprintf(stderr,"\n"); | ||
| 290 | } | ||
| 291 | } | ||
| 292 | #endif | ||
diff --git a/src/lib/libssl/src/crypto/md5/md5_locl.h b/src/lib/libssl/src/crypto/md5/md5_locl.h index 9e360da732..84e81b960d 100644 --- a/src/lib/libssl/src/crypto/md5/md5_locl.h +++ b/src/lib/libssl/src/crypto/md5/md5_locl.h | |||
| @@ -66,49 +66,19 @@ | |||
| 66 | #endif | 66 | #endif |
| 67 | 67 | ||
| 68 | #ifdef MD5_ASM | 68 | #ifdef MD5_ASM |
| 69 | # if defined(__i386) || defined(__i386__) || defined(_M_IX86) || defined(__INTEL__) | 69 | # if defined(__i386) || defined(__i386__) || defined(_M_IX86) || defined(__INTEL__) || \ |
| 70 | # define md5_block_host_order md5_block_asm_host_order | 70 | defined(__x86_64) || defined(__x86_64__) || defined(_M_AMD64) || defined(_M_X64) |
| 71 | # elif defined(__sparc) && defined(OPENSSL_SYS_ULTRASPARC) | 71 | # define md5_block_data_order md5_block_asm_data_order |
| 72 | void md5_block_asm_data_order_aligned (MD5_CTX *c, const MD5_LONG *p,int num); | ||
| 73 | # define HASH_BLOCK_DATA_ORDER_ALIGNED md5_block_asm_data_order_aligned | ||
| 74 | # endif | 72 | # endif |
| 75 | #endif | 73 | #endif |
| 76 | 74 | ||
| 77 | void md5_block_host_order (MD5_CTX *c, const void *p,int num); | 75 | void md5_block_data_order (MD5_CTX *c, const void *p,size_t num); |
| 78 | void md5_block_data_order (MD5_CTX *c, const void *p,int num); | ||
| 79 | |||
| 80 | #if defined(__i386) || defined(__i386__) || defined(_M_IX86) || defined(__INTEL__) | ||
| 81 | /* | ||
| 82 | * *_block_host_order is expected to handle aligned data while | ||
| 83 | * *_block_data_order - unaligned. As algorithm and host (x86) | ||
| 84 | * are in this case of the same "endianness" these two are | ||
| 85 | * otherwise indistinguishable. But normally you don't want to | ||
| 86 | * call the same function because unaligned access in places | ||
| 87 | * where alignment is expected is usually a "Bad Thing". Indeed, | ||
| 88 | * on RISCs you get punished with BUS ERROR signal or *severe* | ||
| 89 | * performance degradation. Intel CPUs are in turn perfectly | ||
| 90 | * capable of loading unaligned data without such drastic side | ||
| 91 | * effect. Yes, they say it's slower than aligned load, but no | ||
| 92 | * exception is generated and therefore performance degradation | ||
| 93 | * is *incomparable* with RISCs. What we should weight here is | ||
| 94 | * costs of unaligned access against costs of aligning data. | ||
| 95 | * According to my measurements allowing unaligned access results | ||
| 96 | * in ~9% performance improvement on Pentium II operating at | ||
| 97 | * 266MHz. I won't be surprised if the difference will be higher | ||
| 98 | * on faster systems:-) | ||
| 99 | * | ||
| 100 | * <appro@fy.chalmers.se> | ||
| 101 | */ | ||
| 102 | #define md5_block_data_order md5_block_host_order | ||
| 103 | #endif | ||
| 104 | 76 | ||
| 105 | #define DATA_ORDER_IS_LITTLE_ENDIAN | 77 | #define DATA_ORDER_IS_LITTLE_ENDIAN |
| 106 | 78 | ||
| 107 | #define HASH_LONG MD5_LONG | 79 | #define HASH_LONG MD5_LONG |
| 108 | #define HASH_LONG_LOG2 MD5_LONG_LOG2 | ||
| 109 | #define HASH_CTX MD5_CTX | 80 | #define HASH_CTX MD5_CTX |
| 110 | #define HASH_CBLOCK MD5_CBLOCK | 81 | #define HASH_CBLOCK MD5_CBLOCK |
| 111 | #define HASH_LBLOCK MD5_LBLOCK | ||
| 112 | #define HASH_UPDATE MD5_Update | 82 | #define HASH_UPDATE MD5_Update |
| 113 | #define HASH_TRANSFORM MD5_Transform | 83 | #define HASH_TRANSFORM MD5_Transform |
| 114 | #define HASH_FINAL MD5_Final | 84 | #define HASH_FINAL MD5_Final |
| @@ -119,21 +89,7 @@ void md5_block_data_order (MD5_CTX *c, const void *p,int num); | |||
| 119 | ll=(c)->C; HOST_l2c(ll,(s)); \ | 89 | ll=(c)->C; HOST_l2c(ll,(s)); \ |
| 120 | ll=(c)->D; HOST_l2c(ll,(s)); \ | 90 | ll=(c)->D; HOST_l2c(ll,(s)); \ |
| 121 | } while (0) | 91 | } while (0) |
| 122 | #define HASH_BLOCK_HOST_ORDER md5_block_host_order | ||
| 123 | #if !defined(L_ENDIAN) || defined(md5_block_data_order) | ||
| 124 | #define HASH_BLOCK_DATA_ORDER md5_block_data_order | 92 | #define HASH_BLOCK_DATA_ORDER md5_block_data_order |
| 125 | /* | ||
| 126 | * Little-endians (Intel and Alpha) feel better without this. | ||
| 127 | * It looks like memcpy does better job than generic | ||
| 128 | * md5_block_data_order on copying-n-aligning input data. | ||
| 129 | * But frankly speaking I didn't expect such result on Alpha. | ||
| 130 | * On the other hand I've got this with egcs-1.0.2 and if | ||
| 131 | * program is compiled with another (better?) compiler it | ||
| 132 | * might turn out other way around. | ||
| 133 | * | ||
| 134 | * <appro@fy.chalmers.se> | ||
| 135 | */ | ||
| 136 | #endif | ||
| 137 | 93 | ||
| 138 | #include "md32_common.h" | 94 | #include "md32_common.h" |
| 139 | 95 | ||
diff --git a/src/lib/libssl/src/crypto/md5/md5_one.c b/src/lib/libssl/src/crypto/md5/md5_one.c index 44c6c455d1..43fee89379 100644 --- a/src/lib/libssl/src/crypto/md5/md5_one.c +++ b/src/lib/libssl/src/crypto/md5/md5_one.c | |||
| @@ -65,7 +65,7 @@ | |||
| 65 | #include <openssl/ebcdic.h> | 65 | #include <openssl/ebcdic.h> |
| 66 | #endif | 66 | #endif |
| 67 | 67 | ||
| 68 | unsigned char *MD5(const unsigned char *d, unsigned long n, unsigned char *md) | 68 | unsigned char *MD5(const unsigned char *d, size_t n, unsigned char *md) |
| 69 | { | 69 | { |
| 70 | MD5_CTX c; | 70 | MD5_CTX c; |
| 71 | static unsigned char m[MD5_DIGEST_LENGTH]; | 71 | static unsigned char m[MD5_DIGEST_LENGTH]; |
diff --git a/src/lib/libssl/src/crypto/md5/md5test.c b/src/lib/libssl/src/crypto/md5/md5test.c index bfd62629ed..2b37190e32 100644 --- a/src/lib/libssl/src/crypto/md5/md5test.c +++ b/src/lib/libssl/src/crypto/md5/md5test.c | |||
| @@ -97,16 +97,16 @@ static char *pt(unsigned char *md); | |||
| 97 | int main(int argc, char *argv[]) | 97 | int main(int argc, char *argv[]) |
| 98 | { | 98 | { |
| 99 | int i,err=0; | 99 | int i,err=0; |
| 100 | unsigned char **P,**R; | 100 | char **P,**R; |
| 101 | char *p; | 101 | char *p; |
| 102 | unsigned char md[MD5_DIGEST_LENGTH]; | 102 | unsigned char md[MD5_DIGEST_LENGTH]; |
| 103 | 103 | ||
| 104 | P=(unsigned char **)test; | 104 | P=test; |
| 105 | R=(unsigned char **)ret; | 105 | R=ret; |
| 106 | i=1; | 106 | i=1; |
| 107 | while (*P != NULL) | 107 | while (*P != NULL) |
| 108 | { | 108 | { |
| 109 | EVP_Digest(&(P[0][0]),(unsigned long)strlen((char *)*P),md,NULL,EVP_md5(), NULL); | 109 | EVP_Digest(&(P[0][0]),strlen((char *)*P),md,NULL,EVP_md5(), NULL); |
| 110 | p=pt(md); | 110 | p=pt(md); |
| 111 | if (strcmp(p,(char *)*R) != 0) | 111 | if (strcmp(p,(char *)*R) != 0) |
| 112 | { | 112 | { |
| @@ -120,6 +120,10 @@ int main(int argc, char *argv[]) | |||
| 120 | R++; | 120 | R++; |
| 121 | P++; | 121 | P++; |
| 122 | } | 122 | } |
| 123 | |||
| 124 | #ifdef OPENSSL_SYS_NETWARE | ||
| 125 | if (err) printf("ERROR: %d\n", err); | ||
| 126 | #endif | ||
| 123 | EXIT(err); | 127 | EXIT(err); |
| 124 | return(0); | 128 | return(0); |
| 125 | } | 129 | } |
diff --git a/src/lib/libssl/src/crypto/mdc2/Makefile b/src/lib/libssl/src/crypto/mdc2/Makefile index b8e9a9a4fa..1d064f17a6 100644 --- a/src/lib/libssl/src/crypto/mdc2/Makefile +++ b/src/lib/libssl/src/crypto/mdc2/Makefile | |||
| @@ -7,11 +7,6 @@ TOP= ../.. | |||
| 7 | CC= cc | 7 | CC= cc |
| 8 | INCLUDES= | 8 | INCLUDES= |
| 9 | CFLAG=-g | 9 | CFLAG=-g |
| 10 | INSTALL_PREFIX= | ||
| 11 | OPENSSLDIR= /usr/local/ssl | ||
| 12 | INSTALLTOP=/usr/local/ssl | ||
| 13 | MAKEDEPPROG= makedepend | ||
| 14 | MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG) | ||
| 15 | MAKEFILE= Makefile | 10 | MAKEFILE= Makefile |
| 16 | AR= ar r | 11 | AR= ar r |
| 17 | 12 | ||
| @@ -51,6 +46,7 @@ links: | |||
| 51 | @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) | 46 | @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) |
| 52 | 47 | ||
| 53 | install: | 48 | install: |
| 49 | @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile... | ||
| 54 | @headerlist="$(EXHEADER)"; for i in $$headerlist ; \ | 50 | @headerlist="$(EXHEADER)"; for i in $$headerlist ; \ |
| 55 | do \ | 51 | do \ |
| 56 | (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ | 52 | (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ |
| @@ -66,6 +62,7 @@ lint: | |||
| 66 | lint -DLINT $(INCLUDES) $(SRC)>fluff | 62 | lint -DLINT $(INCLUDES) $(SRC)>fluff |
| 67 | 63 | ||
| 68 | depend: | 64 | depend: |
| 65 | @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... | ||
| 69 | $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) | 66 | $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) |
| 70 | 67 | ||
| 71 | dclean: | 68 | dclean: |
| @@ -83,16 +80,14 @@ mdc2_one.o: ../../include/openssl/des.h ../../include/openssl/des_old.h | |||
| 83 | mdc2_one.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h | 80 | mdc2_one.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h |
| 84 | mdc2_one.o: ../../include/openssl/lhash.h ../../include/openssl/mdc2.h | 81 | mdc2_one.o: ../../include/openssl/lhash.h ../../include/openssl/mdc2.h |
| 85 | mdc2_one.o: ../../include/openssl/opensslconf.h | 82 | mdc2_one.o: ../../include/openssl/opensslconf.h |
| 86 | mdc2_one.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h | 83 | mdc2_one.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h |
| 87 | mdc2_one.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h | 84 | mdc2_one.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h |
| 88 | mdc2_one.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h | 85 | mdc2_one.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h |
| 89 | mdc2_one.o: ../cryptlib.h mdc2_one.c | 86 | mdc2_one.o: ../../include/openssl/ui_compat.h ../cryptlib.h mdc2_one.c |
| 90 | mdc2dgst.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h | ||
| 91 | mdc2dgst.o: ../../include/openssl/des.h ../../include/openssl/des_old.h | 87 | mdc2dgst.o: ../../include/openssl/des.h ../../include/openssl/des_old.h |
| 92 | mdc2dgst.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h | 88 | mdc2dgst.o: ../../include/openssl/e_os2.h ../../include/openssl/mdc2.h |
| 93 | mdc2dgst.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h | 89 | mdc2dgst.o: ../../include/openssl/opensslconf.h |
| 94 | mdc2dgst.o: ../../include/openssl/mdc2.h ../../include/openssl/opensslconf.h | 90 | mdc2dgst.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h |
| 95 | mdc2dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h | ||
| 96 | mdc2dgst.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h | 91 | mdc2dgst.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h |
| 97 | mdc2dgst.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h | 92 | mdc2dgst.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h |
| 98 | mdc2dgst.o: mdc2dgst.c | 93 | mdc2dgst.o: mdc2dgst.c |
diff --git a/src/lib/libssl/src/crypto/mdc2/mdc2.h b/src/lib/libssl/src/crypto/mdc2/mdc2.h index 4cba101f37..72778a5212 100644 --- a/src/lib/libssl/src/crypto/mdc2/mdc2.h +++ b/src/lib/libssl/src/crypto/mdc2/mdc2.h | |||
| @@ -74,19 +74,17 @@ extern "C" { | |||
| 74 | 74 | ||
| 75 | typedef struct mdc2_ctx_st | 75 | typedef struct mdc2_ctx_st |
| 76 | { | 76 | { |
| 77 | int num; | 77 | unsigned int num; |
| 78 | unsigned char data[MDC2_BLOCK]; | 78 | unsigned char data[MDC2_BLOCK]; |
| 79 | DES_cblock h,hh; | 79 | DES_cblock h,hh; |
| 80 | int pad_type; /* either 1 or 2, default 1 */ | 80 | int pad_type; /* either 1 or 2, default 1 */ |
| 81 | } MDC2_CTX; | 81 | } MDC2_CTX; |
| 82 | 82 | ||
| 83 | #ifdef OPENSSL_FIPS | 83 | |
| 84 | int private_MDC2_Init(MDC2_CTX *c); | ||
| 85 | #endif | ||
| 86 | int MDC2_Init(MDC2_CTX *c); | 84 | int MDC2_Init(MDC2_CTX *c); |
| 87 | int MDC2_Update(MDC2_CTX *c, const unsigned char *data, unsigned long len); | 85 | int MDC2_Update(MDC2_CTX *c, const unsigned char *data, size_t len); |
| 88 | int MDC2_Final(unsigned char *md, MDC2_CTX *c); | 86 | int MDC2_Final(unsigned char *md, MDC2_CTX *c); |
| 89 | unsigned char *MDC2(const unsigned char *d, unsigned long n, | 87 | unsigned char *MDC2(const unsigned char *d, size_t n, |
| 90 | unsigned char *md); | 88 | unsigned char *md); |
| 91 | 89 | ||
| 92 | #ifdef __cplusplus | 90 | #ifdef __cplusplus |
diff --git a/src/lib/libssl/src/crypto/mem.c b/src/lib/libssl/src/crypto/mem.c index dd86733b77..6635167228 100644 --- a/src/lib/libssl/src/crypto/mem.c +++ b/src/lib/libssl/src/crypto/mem.c | |||
| @@ -324,8 +324,8 @@ void *CRYPTO_realloc(void *str, int num, const char *file, int line) | |||
| 324 | if (str == NULL) | 324 | if (str == NULL) |
| 325 | return CRYPTO_malloc(num, file, line); | 325 | return CRYPTO_malloc(num, file, line); |
| 326 | 326 | ||
| 327 | if (num <= 0) return NULL; | 327 | if (num <= 0) return NULL; |
| 328 | 328 | ||
| 329 | if (realloc_debug_func != NULL) | 329 | if (realloc_debug_func != NULL) |
| 330 | realloc_debug_func(str, NULL, num, file, line, 0); | 330 | realloc_debug_func(str, NULL, num, file, line, 0); |
| 331 | ret = realloc_ex_func(str,num,file,line); | 331 | ret = realloc_ex_func(str,num,file,line); |
| @@ -345,9 +345,9 @@ void *CRYPTO_realloc_clean(void *str, int old_len, int num, const char *file, | |||
| 345 | 345 | ||
| 346 | if (str == NULL) | 346 | if (str == NULL) |
| 347 | return CRYPTO_malloc(num, file, line); | 347 | return CRYPTO_malloc(num, file, line); |
| 348 | 348 | ||
| 349 | if (num <= 0) return NULL; | 349 | if (num <= 0) return NULL; |
| 350 | 350 | ||
| 351 | if (realloc_debug_func != NULL) | 351 | if (realloc_debug_func != NULL) |
| 352 | realloc_debug_func(str, NULL, num, file, line, 0); | 352 | realloc_debug_func(str, NULL, num, file, line, 0); |
| 353 | ret=malloc_ex_func(num,file,line); | 353 | ret=malloc_ex_func(num,file,line); |
diff --git a/src/lib/libssl/src/crypto/mem_dbg.c b/src/lib/libssl/src/crypto/mem_dbg.c index e212de27e4..8316485217 100644 --- a/src/lib/libssl/src/crypto/mem_dbg.c +++ b/src/lib/libssl/src/crypto/mem_dbg.c | |||
| @@ -59,11 +59,11 @@ | |||
| 59 | #include <stdio.h> | 59 | #include <stdio.h> |
| 60 | #include <stdlib.h> | 60 | #include <stdlib.h> |
| 61 | #include <time.h> | 61 | #include <time.h> |
| 62 | #include "cryptlib.h" | ||
| 62 | #include <openssl/crypto.h> | 63 | #include <openssl/crypto.h> |
| 63 | #include <openssl/buffer.h> | 64 | #include <openssl/buffer.h> |
| 64 | #include <openssl/bio.h> | 65 | #include <openssl/bio.h> |
| 65 | #include <openssl/lhash.h> | 66 | #include <openssl/lhash.h> |
| 66 | #include "cryptlib.h" | ||
| 67 | 67 | ||
| 68 | static int mh_mode=CRYPTO_MEM_CHECK_OFF; | 68 | static int mh_mode=CRYPTO_MEM_CHECK_OFF; |
| 69 | /* The state changes to CRYPTO_MEM_CHECK_ON | CRYPTO_MEM_CHECK_ENABLE | 69 | /* The state changes to CRYPTO_MEM_CHECK_ON | CRYPTO_MEM_CHECK_ENABLE |
| @@ -252,8 +252,16 @@ long CRYPTO_dbg_get_options(void) | |||
| 252 | /* static int mem_cmp(MEM *a, MEM *b) */ | 252 | /* static int mem_cmp(MEM *a, MEM *b) */ |
| 253 | static int mem_cmp(const void *a_void, const void *b_void) | 253 | static int mem_cmp(const void *a_void, const void *b_void) |
| 254 | { | 254 | { |
| 255 | #ifdef _WIN64 | ||
| 256 | const char *a=(const char *)((const MEM *)a_void)->addr, | ||
| 257 | *b=(const char *)((const MEM *)b_void)->addr; | ||
| 258 | if (a==b) return 0; | ||
| 259 | else if (a>b) return 1; | ||
| 260 | else return -1; | ||
| 261 | #else | ||
| 255 | return((const char *)((const MEM *)a_void)->addr | 262 | return((const char *)((const MEM *)a_void)->addr |
| 256 | - (const char *)((const MEM *)b_void)->addr); | 263 | - (const char *)((const MEM *)b_void)->addr); |
| 264 | #endif | ||
| 257 | } | 265 | } |
| 258 | 266 | ||
| 259 | /* static unsigned long mem_hash(MEM *a) */ | 267 | /* static unsigned long mem_hash(MEM *a) */ |
diff --git a/src/lib/libssl/src/crypto/objects/o_names.c b/src/lib/libssl/src/crypto/objects/o_names.c index 28c9370ca3..adb5731f76 100644 --- a/src/lib/libssl/src/crypto/objects/o_names.c +++ b/src/lib/libssl/src/crypto/objects/o_names.c | |||
| @@ -111,8 +111,8 @@ int OBJ_NAME_new_index(unsigned long (*hash_func)(const char *), | |||
| 111 | static int obj_name_cmp(const void *a_void, const void *b_void) | 111 | static int obj_name_cmp(const void *a_void, const void *b_void) |
| 112 | { | 112 | { |
| 113 | int ret; | 113 | int ret; |
| 114 | OBJ_NAME *a = (OBJ_NAME *)a_void; | 114 | const OBJ_NAME *a = (const OBJ_NAME *)a_void; |
| 115 | OBJ_NAME *b = (OBJ_NAME *)b_void; | 115 | const OBJ_NAME *b = (const OBJ_NAME *)b_void; |
| 116 | 116 | ||
| 117 | ret=a->type-b->type; | 117 | ret=a->type-b->type; |
| 118 | if (ret == 0) | 118 | if (ret == 0) |
| @@ -133,7 +133,7 @@ static int obj_name_cmp(const void *a_void, const void *b_void) | |||
| 133 | static unsigned long obj_name_hash(const void *a_void) | 133 | static unsigned long obj_name_hash(const void *a_void) |
| 134 | { | 134 | { |
| 135 | unsigned long ret; | 135 | unsigned long ret; |
| 136 | OBJ_NAME *a = (OBJ_NAME *)a_void; | 136 | const OBJ_NAME *a = (const OBJ_NAME *)a_void; |
| 137 | 137 | ||
| 138 | if ((name_funcs_stack != NULL) && (sk_NAME_FUNCS_num(name_funcs_stack) > a->type)) | 138 | if ((name_funcs_stack != NULL) && (sk_NAME_FUNCS_num(name_funcs_stack) > a->type)) |
| 139 | { | 139 | { |
diff --git a/src/lib/libssl/src/crypto/objects/obj_dat.c b/src/lib/libssl/src/crypto/objects/obj_dat.c index f549d078ef..7fd7433241 100644 --- a/src/lib/libssl/src/crypto/objects/obj_dat.c +++ b/src/lib/libssl/src/crypto/objects/obj_dat.c | |||
| @@ -58,10 +58,12 @@ | |||
| 58 | 58 | ||
| 59 | #include <stdio.h> | 59 | #include <stdio.h> |
| 60 | #include <ctype.h> | 60 | #include <ctype.h> |
| 61 | #include <limits.h> | ||
| 61 | #include "cryptlib.h" | 62 | #include "cryptlib.h" |
| 62 | #include <openssl/lhash.h> | 63 | #include <openssl/lhash.h> |
| 63 | #include <openssl/asn1.h> | 64 | #include <openssl/asn1.h> |
| 64 | #include <openssl/objects.h> | 65 | #include <openssl/objects.h> |
| 66 | #include <openssl/bn.h> | ||
| 65 | 67 | ||
| 66 | /* obj_dat.h is generated from objects.h by obj_dat.pl */ | 68 | /* obj_dat.h is generated from objects.h by obj_dat.pl */ |
| 67 | #ifndef OPENSSL_NO_OBJECT | 69 | #ifndef OPENSSL_NO_OBJECT |
| @@ -115,7 +117,7 @@ static unsigned long add_hash(const void *ca_void) | |||
| 115 | int i; | 117 | int i; |
| 116 | unsigned long ret=0; | 118 | unsigned long ret=0; |
| 117 | unsigned char *p; | 119 | unsigned char *p; |
| 118 | ADDED_OBJ *ca = (ADDED_OBJ *)ca_void; | 120 | const ADDED_OBJ *ca = (const ADDED_OBJ *)ca_void; |
| 119 | 121 | ||
| 120 | a=ca->obj; | 122 | a=ca->obj; |
| 121 | switch (ca->type) | 123 | switch (ca->type) |
| @@ -149,8 +151,8 @@ static int add_cmp(const void *ca_void, const void *cb_void) | |||
| 149 | { | 151 | { |
| 150 | ASN1_OBJECT *a,*b; | 152 | ASN1_OBJECT *a,*b; |
| 151 | int i; | 153 | int i; |
| 152 | ADDED_OBJ *ca = (ADDED_OBJ *)ca_void; | 154 | const ADDED_OBJ *ca = (const ADDED_OBJ *)ca_void; |
| 153 | ADDED_OBJ *cb = (ADDED_OBJ *)cb_void; | 155 | const ADDED_OBJ *cb = (const ADDED_OBJ *)cb_void; |
| 154 | 156 | ||
| 155 | i=ca->type-cb->type; | 157 | i=ca->type-cb->type; |
| 156 | if (i) return(i); | 158 | if (i) return(i); |
| @@ -161,7 +163,7 @@ static int add_cmp(const void *ca_void, const void *cb_void) | |||
| 161 | case ADDED_DATA: | 163 | case ADDED_DATA: |
| 162 | i=(a->length - b->length); | 164 | i=(a->length - b->length); |
| 163 | if (i) return(i); | 165 | if (i) return(i); |
| 164 | return(memcmp(a->data,b->data,a->length)); | 166 | return(memcmp(a->data,b->data,(size_t)a->length)); |
| 165 | case ADDED_SNAME: | 167 | case ADDED_SNAME: |
| 166 | if (a->sn == NULL) return(-1); | 168 | if (a->sn == NULL) return(-1); |
| 167 | else if (b->sn == NULL) return(1); | 169 | else if (b->sn == NULL) return(1); |
| @@ -382,8 +384,8 @@ int OBJ_obj2nid(const ASN1_OBJECT *a) | |||
| 382 | adp=(ADDED_OBJ *)lh_retrieve(added,&ad); | 384 | adp=(ADDED_OBJ *)lh_retrieve(added,&ad); |
| 383 | if (adp != NULL) return (adp->obj->nid); | 385 | if (adp != NULL) return (adp->obj->nid); |
| 384 | } | 386 | } |
| 385 | op=(ASN1_OBJECT **)OBJ_bsearch((char *)&a,(char *)obj_objs,NUM_OBJ, | 387 | op=(ASN1_OBJECT **)OBJ_bsearch((const char *)&a,(const char *)obj_objs, |
| 386 | sizeof(ASN1_OBJECT *),obj_cmp); | 388 | NUM_OBJ, sizeof(ASN1_OBJECT *),obj_cmp); |
| 387 | if (op == NULL) | 389 | if (op == NULL) |
| 388 | return(NID_undef); | 390 | return(NID_undef); |
| 389 | return((*op)->nid); | 391 | return((*op)->nid); |
| @@ -399,7 +401,9 @@ ASN1_OBJECT *OBJ_txt2obj(const char *s, int no_name) | |||
| 399 | { | 401 | { |
| 400 | int nid = NID_undef; | 402 | int nid = NID_undef; |
| 401 | ASN1_OBJECT *op=NULL; | 403 | ASN1_OBJECT *op=NULL; |
| 402 | unsigned char *buf,*p; | 404 | unsigned char *buf; |
| 405 | unsigned char *p; | ||
| 406 | const unsigned char *cp; | ||
| 403 | int i, j; | 407 | int i, j; |
| 404 | 408 | ||
| 405 | if(!no_name) { | 409 | if(!no_name) { |
| @@ -411,8 +415,8 @@ ASN1_OBJECT *OBJ_txt2obj(const char *s, int no_name) | |||
| 411 | /* Work out size of content octets */ | 415 | /* Work out size of content octets */ |
| 412 | i=a2d_ASN1_OBJECT(NULL,0,s,-1); | 416 | i=a2d_ASN1_OBJECT(NULL,0,s,-1); |
| 413 | if (i <= 0) { | 417 | if (i <= 0) { |
| 414 | /* Clear the error */ | 418 | /* Don't clear the error */ |
| 415 | ERR_get_error(); | 419 | /*ERR_clear_error();*/ |
| 416 | return NULL; | 420 | return NULL; |
| 417 | } | 421 | } |
| 418 | /* Work out total size */ | 422 | /* Work out total size */ |
| @@ -425,75 +429,170 @@ ASN1_OBJECT *OBJ_txt2obj(const char *s, int no_name) | |||
| 425 | ASN1_put_object(&p,0,i,V_ASN1_OBJECT,V_ASN1_UNIVERSAL); | 429 | ASN1_put_object(&p,0,i,V_ASN1_OBJECT,V_ASN1_UNIVERSAL); |
| 426 | /* Write out contents */ | 430 | /* Write out contents */ |
| 427 | a2d_ASN1_OBJECT(p,i,s,-1); | 431 | a2d_ASN1_OBJECT(p,i,s,-1); |
| 428 | 432 | ||
| 429 | p=buf; | 433 | cp=buf; |
| 430 | op=d2i_ASN1_OBJECT(NULL,&p,j); | 434 | op=d2i_ASN1_OBJECT(NULL,&cp,j); |
| 431 | OPENSSL_free(buf); | 435 | OPENSSL_free(buf); |
| 432 | return op; | 436 | return op; |
| 433 | } | 437 | } |
| 434 | 438 | ||
| 435 | int OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name) | 439 | int OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name) |
| 436 | { | 440 | { |
| 437 | int i,idx=0,n=0,len,nid; | 441 | int i,n=0,len,nid, first, use_bn; |
| 442 | BIGNUM *bl; | ||
| 438 | unsigned long l; | 443 | unsigned long l; |
| 439 | unsigned char *p; | 444 | unsigned char *p; |
| 440 | const char *s; | ||
| 441 | char tbuf[DECIMAL_SIZE(i)+DECIMAL_SIZE(l)+2]; | 445 | char tbuf[DECIMAL_SIZE(i)+DECIMAL_SIZE(l)+2]; |
| 442 | 446 | ||
| 443 | if (buf_len <= 0) return(0); | ||
| 444 | |||
| 445 | if ((a == NULL) || (a->data == NULL)) { | 447 | if ((a == NULL) || (a->data == NULL)) { |
| 446 | buf[0]='\0'; | 448 | buf[0]='\0'; |
| 447 | return(0); | 449 | return(0); |
| 448 | } | 450 | } |
| 449 | 451 | ||
| 450 | if (no_name || (nid=OBJ_obj2nid(a)) == NID_undef) { | ||
| 451 | len=a->length; | ||
| 452 | p=a->data; | ||
| 453 | 452 | ||
| 454 | idx=0; | 453 | if (!no_name && (nid=OBJ_obj2nid(a)) != NID_undef) |
| 455 | l=0; | 454 | { |
| 456 | while (idx < a->length) { | 455 | const char *s; |
| 457 | l|=(p[idx]&0x7f); | 456 | s=OBJ_nid2ln(nid); |
| 458 | if (!(p[idx] & 0x80)) break; | 457 | if (s == NULL) |
| 459 | l<<=7L; | 458 | s=OBJ_nid2sn(nid); |
| 460 | idx++; | 459 | if (buf) |
| 460 | BUF_strlcpy(buf,s,buf_len); | ||
| 461 | n=strlen(s); | ||
| 462 | return n; | ||
| 461 | } | 463 | } |
| 462 | idx++; | ||
| 463 | i=(int)(l/40); | ||
| 464 | if (i > 2) i=2; | ||
| 465 | l-=(long)(i*40); | ||
| 466 | |||
| 467 | BIO_snprintf(tbuf,sizeof tbuf,"%d.%lu",i,l); | ||
| 468 | i=strlen(tbuf); | ||
| 469 | BUF_strlcpy(buf,tbuf,buf_len); | ||
| 470 | buf_len-=i; | ||
| 471 | buf+=i; | ||
| 472 | n+=i; | ||
| 473 | 464 | ||
| 465 | |||
| 466 | len=a->length; | ||
| 467 | p=a->data; | ||
| 468 | |||
| 469 | first = 1; | ||
| 470 | bl = NULL; | ||
| 471 | |||
| 472 | while (len > 0) | ||
| 473 | { | ||
| 474 | l=0; | 474 | l=0; |
| 475 | for (; idx<len; idx++) { | 475 | use_bn = 0; |
| 476 | l|=p[idx]&0x7f; | 476 | for (;;) |
| 477 | if (!(p[idx] & 0x80)) { | 477 | { |
| 478 | BIO_snprintf(tbuf,sizeof tbuf,".%lu",l); | 478 | unsigned char c = *p++; |
| 479 | i=strlen(tbuf); | 479 | len--; |
| 480 | if ((len == 0) && (c & 0x80)) | ||
| 481 | goto err; | ||
| 482 | if (use_bn) | ||
| 483 | { | ||
| 484 | if (!BN_add_word(bl, c & 0x7f)) | ||
| 485 | goto err; | ||
| 486 | } | ||
| 487 | else | ||
| 488 | l |= c & 0x7f; | ||
| 489 | if (!(c & 0x80)) | ||
| 490 | break; | ||
| 491 | if (!use_bn && (l > (ULONG_MAX >> 7L))) | ||
| 492 | { | ||
| 493 | if (!bl && !(bl = BN_new())) | ||
| 494 | goto err; | ||
| 495 | if (!BN_set_word(bl, l)) | ||
| 496 | goto err; | ||
| 497 | use_bn = 1; | ||
| 498 | } | ||
| 499 | if (use_bn) | ||
| 500 | { | ||
| 501 | if (!BN_lshift(bl, bl, 7)) | ||
| 502 | goto err; | ||
| 503 | } | ||
| 504 | else | ||
| 505 | l<<=7L; | ||
| 506 | } | ||
| 507 | |||
| 508 | if (first) | ||
| 509 | { | ||
| 510 | first = 0; | ||
| 511 | if (l >= 80) | ||
| 512 | { | ||
| 513 | i = 2; | ||
| 514 | if (use_bn) | ||
| 515 | { | ||
| 516 | if (!BN_sub_word(bl, 80)) | ||
| 517 | goto err; | ||
| 518 | } | ||
| 519 | else | ||
| 520 | l -= 80; | ||
| 521 | } | ||
| 522 | else | ||
| 523 | { | ||
| 524 | i=(int)(l/40); | ||
| 525 | l-=(long)(i*40); | ||
| 526 | } | ||
| 527 | if (buf && (buf_len > 0)) | ||
| 528 | { | ||
| 529 | *buf++ = i + '0'; | ||
| 530 | buf_len--; | ||
| 531 | } | ||
| 532 | n++; | ||
| 533 | } | ||
| 534 | |||
| 535 | if (use_bn) | ||
| 536 | { | ||
| 537 | char *bndec; | ||
| 538 | bndec = BN_bn2dec(bl); | ||
| 539 | if (!bndec) | ||
| 540 | goto err; | ||
| 541 | i = strlen(bndec); | ||
| 542 | if (buf) | ||
| 543 | { | ||
| 480 | if (buf_len > 0) | 544 | if (buf_len > 0) |
| 481 | BUF_strlcpy(buf,tbuf,buf_len); | 545 | { |
| 482 | buf_len-=i; | 546 | *buf++ = '.'; |
| 483 | buf+=i; | 547 | buf_len--; |
| 484 | n+=i; | 548 | } |
| 485 | l=0; | 549 | BUF_strlcpy(buf,bndec,buf_len); |
| 550 | if (i > buf_len) | ||
| 551 | { | ||
| 552 | buf += buf_len; | ||
| 553 | buf_len = 0; | ||
| 554 | } | ||
| 555 | else | ||
| 556 | { | ||
| 557 | buf+=i; | ||
| 558 | buf_len-=i; | ||
| 559 | } | ||
| 560 | } | ||
| 561 | n++; | ||
| 562 | n += i; | ||
| 563 | OPENSSL_free(bndec); | ||
| 564 | } | ||
| 565 | else | ||
| 566 | { | ||
| 567 | BIO_snprintf(tbuf,sizeof tbuf,".%lu",l); | ||
| 568 | i=strlen(tbuf); | ||
| 569 | if (buf && (buf_len > 0)) | ||
| 570 | { | ||
| 571 | BUF_strlcpy(buf,tbuf,buf_len); | ||
| 572 | if (i > buf_len) | ||
| 573 | { | ||
| 574 | buf += buf_len; | ||
| 575 | buf_len = 0; | ||
| 576 | } | ||
| 577 | else | ||
| 578 | { | ||
| 579 | buf+=i; | ||
| 580 | buf_len-=i; | ||
| 581 | } | ||
| 582 | } | ||
| 583 | n+=i; | ||
| 584 | l=0; | ||
| 486 | } | 585 | } |
| 487 | l<<=7L; | ||
| 488 | } | 586 | } |
| 489 | } else { | 587 | |
| 490 | s=OBJ_nid2ln(nid); | 588 | if (bl) |
| 491 | if (s == NULL) | 589 | BN_free(bl); |
| 492 | s=OBJ_nid2sn(nid); | 590 | return n; |
| 493 | BUF_strlcpy(buf,s,buf_len); | 591 | |
| 494 | n=strlen(s); | 592 | err: |
| 495 | } | 593 | if (bl) |
| 496 | return(n); | 594 | BN_free(bl); |
| 595 | return -1; | ||
| 497 | } | 596 | } |
| 498 | 597 | ||
| 499 | int OBJ_txt2nid(const char *s) | 598 | int OBJ_txt2nid(const char *s) |
| @@ -519,7 +618,7 @@ int OBJ_ln2nid(const char *s) | |||
| 519 | adp=(ADDED_OBJ *)lh_retrieve(added,&ad); | 618 | adp=(ADDED_OBJ *)lh_retrieve(added,&ad); |
| 520 | if (adp != NULL) return (adp->obj->nid); | 619 | if (adp != NULL) return (adp->obj->nid); |
| 521 | } | 620 | } |
| 522 | op=(ASN1_OBJECT **)OBJ_bsearch((char *)&oo,(char *)ln_objs,NUM_LN, | 621 | op=(ASN1_OBJECT **)OBJ_bsearch((char *)&oo,(char *)ln_objs, NUM_LN, |
| 523 | sizeof(ASN1_OBJECT *),ln_cmp); | 622 | sizeof(ASN1_OBJECT *),ln_cmp); |
| 524 | if (op == NULL) return(NID_undef); | 623 | if (op == NULL) return(NID_undef); |
| 525 | return((*op)->nid); | 624 | return((*op)->nid); |
| @@ -547,8 +646,8 @@ int OBJ_sn2nid(const char *s) | |||
| 547 | static int obj_cmp(const void *ap, const void *bp) | 646 | static int obj_cmp(const void *ap, const void *bp) |
| 548 | { | 647 | { |
| 549 | int j; | 648 | int j; |
| 550 | ASN1_OBJECT *a= *(ASN1_OBJECT **)ap; | 649 | const ASN1_OBJECT *a= *(ASN1_OBJECT * const *)ap; |
| 551 | ASN1_OBJECT *b= *(ASN1_OBJECT **)bp; | 650 | const ASN1_OBJECT *b= *(ASN1_OBJECT * const *)bp; |
| 552 | 651 | ||
| 553 | j=(a->length - b->length); | 652 | j=(a->length - b->length); |
| 554 | if (j) return(j); | 653 | if (j) return(j); |
| @@ -558,8 +657,14 @@ static int obj_cmp(const void *ap, const void *bp) | |||
| 558 | const char *OBJ_bsearch(const char *key, const char *base, int num, int size, | 657 | const char *OBJ_bsearch(const char *key, const char *base, int num, int size, |
| 559 | int (*cmp)(const void *, const void *)) | 658 | int (*cmp)(const void *, const void *)) |
| 560 | { | 659 | { |
| 561 | int l,h,i,c; | 660 | return OBJ_bsearch_ex(key, base, num, size, cmp, 0); |
| 562 | const char *p; | 661 | } |
| 662 | |||
| 663 | const char *OBJ_bsearch_ex(const char *key, const char *base, int num, | ||
| 664 | int size, int (*cmp)(const void *, const void *), int flags) | ||
| 665 | { | ||
| 666 | int l,h,i=0,c=0; | ||
| 667 | const char *p = NULL; | ||
| 563 | 668 | ||
| 564 | if (num == 0) return(NULL); | 669 | if (num == 0) return(NULL); |
| 565 | l=0; | 670 | l=0; |
| @@ -574,20 +679,33 @@ const char *OBJ_bsearch(const char *key, const char *base, int num, int size, | |||
| 574 | else if (c > 0) | 679 | else if (c > 0) |
| 575 | l=i+1; | 680 | l=i+1; |
| 576 | else | 681 | else |
| 577 | return(p); | 682 | break; |
| 578 | } | 683 | } |
| 579 | #ifdef CHARSET_EBCDIC | 684 | #ifdef CHARSET_EBCDIC |
| 580 | /* THIS IS A KLUDGE - Because the *_obj is sorted in ASCII order, and | 685 | /* THIS IS A KLUDGE - Because the *_obj is sorted in ASCII order, and |
| 581 | * I don't have perl (yet), we revert to a *LINEAR* search | 686 | * I don't have perl (yet), we revert to a *LINEAR* search |
| 582 | * when the object wasn't found in the binary search. | 687 | * when the object wasn't found in the binary search. |
| 583 | */ | 688 | */ |
| 584 | for (i=0; i<num; ++i) { | 689 | if (c != 0) |
| 585 | p= &(base[i*size]); | 690 | { |
| 586 | if ((*cmp)(key,p) == 0) | 691 | for (i=0; i<num; ++i) |
| 587 | return p; | 692 | { |
| 588 | } | 693 | p= &(base[i*size]); |
| 694 | c = (*cmp)(key,p); | ||
| 695 | if (c == 0 || (c < 0 && (flags & OBJ_BSEARCH_VALUE_ON_NOMATCH))) | ||
| 696 | return p; | ||
| 697 | } | ||
| 698 | } | ||
| 589 | #endif | 699 | #endif |
| 590 | return(NULL); | 700 | if (c != 0 && !(flags & OBJ_BSEARCH_VALUE_ON_NOMATCH)) |
| 701 | p = NULL; | ||
| 702 | else if (c == 0 && (flags & OBJ_BSEARCH_FIRST_VALUE_ON_MATCH)) | ||
| 703 | { | ||
| 704 | while(i > 0 && (*cmp)(key,&(base[(i-1)*size])) == 0) | ||
| 705 | i--; | ||
| 706 | p = &(base[i*size]); | ||
| 707 | } | ||
| 708 | return(p); | ||
| 591 | } | 709 | } |
| 592 | 710 | ||
| 593 | int OBJ_create_objects(BIO *in) | 711 | int OBJ_create_objects(BIO *in) |
diff --git a/src/lib/libssl/src/crypto/objects/obj_dat.pl b/src/lib/libssl/src/crypto/objects/obj_dat.pl index d0371661f9..8a09a46ee6 100644 --- a/src/lib/libssl/src/crypto/objects/obj_dat.pl +++ b/src/lib/libssl/src/crypto/objects/obj_dat.pl | |||
| @@ -94,7 +94,7 @@ for ($i=0; $i<$n; $i++) | |||
| 94 | { | 94 | { |
| 95 | if (!defined($nid{$i})) | 95 | if (!defined($nid{$i})) |
| 96 | { | 96 | { |
| 97 | push(@out,"{NULL,NULL,NID_undef,0,NULL},\n"); | 97 | push(@out,"{NULL,NULL,NID_undef,0,NULL,0},\n"); |
| 98 | } | 98 | } |
| 99 | else | 99 | else |
| 100 | { | 100 | { |
| @@ -138,7 +138,7 @@ for ($i=0; $i<$n; $i++) | |||
| 138 | } | 138 | } |
| 139 | else | 139 | else |
| 140 | { | 140 | { |
| 141 | $out.="0,NULL"; | 141 | $out.="0,NULL,0"; |
| 142 | } | 142 | } |
| 143 | $out.="},\n"; | 143 | $out.="},\n"; |
| 144 | push(@out,$out); | 144 | push(@out,$out); |
diff --git a/src/lib/libssl/src/crypto/objects/obj_err.c b/src/lib/libssl/src/crypto/objects/obj_err.c index 0682979b38..12b48850c6 100644 --- a/src/lib/libssl/src/crypto/objects/obj_err.c +++ b/src/lib/libssl/src/crypto/objects/obj_err.c | |||
| @@ -91,15 +91,12 @@ static ERR_STRING_DATA OBJ_str_reasons[]= | |||
| 91 | 91 | ||
| 92 | void ERR_load_OBJ_strings(void) | 92 | void ERR_load_OBJ_strings(void) |
| 93 | { | 93 | { |
| 94 | static int init=1; | 94 | #ifndef OPENSSL_NO_ERR |
| 95 | 95 | ||
| 96 | if (init) | 96 | if (ERR_func_error_string(OBJ_str_functs[0].error) == NULL) |
| 97 | { | 97 | { |
| 98 | init=0; | ||
| 99 | #ifndef OPENSSL_NO_ERR | ||
| 100 | ERR_load_strings(0,OBJ_str_functs); | 98 | ERR_load_strings(0,OBJ_str_functs); |
| 101 | ERR_load_strings(0,OBJ_str_reasons); | 99 | ERR_load_strings(0,OBJ_str_reasons); |
| 102 | #endif | ||
| 103 | |||
| 104 | } | 100 | } |
| 101 | #endif | ||
| 105 | } | 102 | } |
diff --git a/src/lib/libssl/src/crypto/objects/obj_lib.c b/src/lib/libssl/src/crypto/objects/obj_lib.c index b0b0f2ff24..706fa0b0e7 100644 --- a/src/lib/libssl/src/crypto/objects/obj_lib.c +++ b/src/lib/libssl/src/crypto/objects/obj_lib.c | |||
| @@ -82,7 +82,8 @@ ASN1_OBJECT *OBJ_dup(const ASN1_OBJECT *o) | |||
| 82 | r->data=OPENSSL_malloc(o->length); | 82 | r->data=OPENSSL_malloc(o->length); |
| 83 | if (r->data == NULL) | 83 | if (r->data == NULL) |
| 84 | goto err; | 84 | goto err; |
| 85 | memcpy(r->data,o->data,o->length); | 85 | if (o->data != NULL) |
| 86 | memcpy(r->data,o->data,o->length); | ||
| 86 | r->length=o->length; | 87 | r->length=o->length; |
| 87 | r->nid=o->nid; | 88 | r->nid=o->nid; |
| 88 | r->ln=r->sn=NULL; | 89 | r->ln=r->sn=NULL; |
diff --git a/src/lib/libssl/src/crypto/objects/obj_mac.num b/src/lib/libssl/src/crypto/objects/obj_mac.num index 84555d936e..47815b1e4e 100644 --- a/src/lib/libssl/src/crypto/objects/obj_mac.num +++ b/src/lib/libssl/src/crypto/objects/obj_mac.num | |||
| @@ -673,3 +673,118 @@ sha256 672 | |||
| 673 | sha384 673 | 673 | sha384 673 |
| 674 | sha512 674 | 674 | sha512 674 |
| 675 | sha224 675 | 675 | sha224 675 |
| 676 | identified_organization 676 | ||
| 677 | certicom_arc 677 | ||
| 678 | wap 678 | ||
| 679 | wap_wsg 679 | ||
| 680 | X9_62_id_characteristic_two_basis 680 | ||
| 681 | X9_62_onBasis 681 | ||
| 682 | X9_62_tpBasis 682 | ||
| 683 | X9_62_ppBasis 683 | ||
| 684 | X9_62_c2pnb163v1 684 | ||
| 685 | X9_62_c2pnb163v2 685 | ||
| 686 | X9_62_c2pnb163v3 686 | ||
| 687 | X9_62_c2pnb176v1 687 | ||
| 688 | X9_62_c2tnb191v1 688 | ||
| 689 | X9_62_c2tnb191v2 689 | ||
| 690 | X9_62_c2tnb191v3 690 | ||
| 691 | X9_62_c2onb191v4 691 | ||
| 692 | X9_62_c2onb191v5 692 | ||
| 693 | X9_62_c2pnb208w1 693 | ||
| 694 | X9_62_c2tnb239v1 694 | ||
| 695 | X9_62_c2tnb239v2 695 | ||
| 696 | X9_62_c2tnb239v3 696 | ||
| 697 | X9_62_c2onb239v4 697 | ||
| 698 | X9_62_c2onb239v5 698 | ||
| 699 | X9_62_c2pnb272w1 699 | ||
| 700 | X9_62_c2pnb304w1 700 | ||
| 701 | X9_62_c2tnb359v1 701 | ||
| 702 | X9_62_c2pnb368w1 702 | ||
| 703 | X9_62_c2tnb431r1 703 | ||
| 704 | secp112r1 704 | ||
| 705 | secp112r2 705 | ||
| 706 | secp128r1 706 | ||
| 707 | secp128r2 707 | ||
| 708 | secp160k1 708 | ||
| 709 | secp160r1 709 | ||
| 710 | secp160r2 710 | ||
| 711 | secp192k1 711 | ||
| 712 | secp224k1 712 | ||
| 713 | secp224r1 713 | ||
| 714 | secp256k1 714 | ||
| 715 | secp384r1 715 | ||
| 716 | secp521r1 716 | ||
| 717 | sect113r1 717 | ||
| 718 | sect113r2 718 | ||
| 719 | sect131r1 719 | ||
| 720 | sect131r2 720 | ||
| 721 | sect163k1 721 | ||
| 722 | sect163r1 722 | ||
| 723 | sect163r2 723 | ||
| 724 | sect193r1 724 | ||
| 725 | sect193r2 725 | ||
| 726 | sect233k1 726 | ||
| 727 | sect233r1 727 | ||
| 728 | sect239k1 728 | ||
| 729 | sect283k1 729 | ||
| 730 | sect283r1 730 | ||
| 731 | sect409k1 731 | ||
| 732 | sect409r1 732 | ||
| 733 | sect571k1 733 | ||
| 734 | sect571r1 734 | ||
| 735 | wap_wsg_idm_ecid_wtls1 735 | ||
| 736 | wap_wsg_idm_ecid_wtls3 736 | ||
| 737 | wap_wsg_idm_ecid_wtls4 737 | ||
| 738 | wap_wsg_idm_ecid_wtls5 738 | ||
| 739 | wap_wsg_idm_ecid_wtls6 739 | ||
| 740 | wap_wsg_idm_ecid_wtls7 740 | ||
| 741 | wap_wsg_idm_ecid_wtls8 741 | ||
| 742 | wap_wsg_idm_ecid_wtls9 742 | ||
| 743 | wap_wsg_idm_ecid_wtls10 743 | ||
| 744 | wap_wsg_idm_ecid_wtls11 744 | ||
| 745 | wap_wsg_idm_ecid_wtls12 745 | ||
| 746 | any_policy 746 | ||
| 747 | policy_mappings 747 | ||
| 748 | inhibit_any_policy 748 | ||
| 749 | ipsec3 749 | ||
| 750 | ipsec4 750 | ||
| 751 | camellia_128_cbc 751 | ||
| 752 | camellia_192_cbc 752 | ||
| 753 | camellia_256_cbc 753 | ||
| 754 | camellia_128_ecb 754 | ||
| 755 | camellia_192_ecb 755 | ||
| 756 | camellia_256_ecb 756 | ||
| 757 | camellia_128_cfb128 757 | ||
| 758 | camellia_192_cfb128 758 | ||
| 759 | camellia_256_cfb128 759 | ||
| 760 | camellia_128_cfb1 760 | ||
| 761 | camellia_192_cfb1 761 | ||
| 762 | camellia_256_cfb1 762 | ||
| 763 | camellia_128_cfb8 763 | ||
| 764 | camellia_192_cfb8 764 | ||
| 765 | camellia_256_cfb8 765 | ||
| 766 | camellia_128_ofb128 766 | ||
| 767 | camellia_192_ofb128 767 | ||
| 768 | camellia_256_ofb128 768 | ||
| 769 | subject_directory_attributes 769 | ||
| 770 | issuing_distribution_point 770 | ||
| 771 | certificate_issuer 771 | ||
| 772 | korea 772 | ||
| 773 | kisa 773 | ||
| 774 | kftc 774 | ||
| 775 | npki_alg 775 | ||
| 776 | seed_ecb 776 | ||
| 777 | seed_cbc 777 | ||
| 778 | seed_ofb128 778 | ||
| 779 | seed_cfb128 779 | ||
| 780 | hmac_md5 780 | ||
| 781 | hmac_sha1 781 | ||
| 782 | id_PasswordBasedMAC 782 | ||
| 783 | id_DHBasedMac 783 | ||
| 784 | id_it_suppLangTags 784 | ||
| 785 | caRepository 785 | ||
| 786 | id_smime_ct_compressedData 786 | ||
| 787 | id_ct_asciiTextWithCRLF 787 | ||
| 788 | id_aes128_wrap 788 | ||
| 789 | id_aes192_wrap 789 | ||
| 790 | id_aes256_wrap 790 | ||
diff --git a/src/lib/libssl/src/crypto/objects/objects.h b/src/lib/libssl/src/crypto/objects/objects.h index f859d859b8..7242f76fb0 100644 --- a/src/lib/libssl/src/crypto/objects/objects.h +++ b/src/lib/libssl/src/crypto/objects/objects.h | |||
| @@ -966,7 +966,10 @@ | |||
| 966 | #define OBJ_NAME_TYPE_COMP_METH 0x04 | 966 | #define OBJ_NAME_TYPE_COMP_METH 0x04 |
| 967 | #define OBJ_NAME_TYPE_NUM 0x05 | 967 | #define OBJ_NAME_TYPE_NUM 0x05 |
| 968 | 968 | ||
| 969 | #define OBJ_NAME_ALIAS 0x8000 | 969 | #define OBJ_NAME_ALIAS 0x8000 |
| 970 | |||
| 971 | #define OBJ_BSEARCH_VALUE_ON_NOMATCH 0x01 | ||
| 972 | #define OBJ_BSEARCH_FIRST_VALUE_ON_MATCH 0x02 | ||
| 970 | 973 | ||
| 971 | 974 | ||
| 972 | #ifdef __cplusplus | 975 | #ifdef __cplusplus |
| @@ -1010,6 +1013,8 @@ int OBJ_sn2nid(const char *s); | |||
| 1010 | int OBJ_cmp(const ASN1_OBJECT *a,const ASN1_OBJECT *b); | 1013 | int OBJ_cmp(const ASN1_OBJECT *a,const ASN1_OBJECT *b); |
| 1011 | const char * OBJ_bsearch(const char *key,const char *base,int num,int size, | 1014 | const char * OBJ_bsearch(const char *key,const char *base,int num,int size, |
| 1012 | int (*cmp)(const void *, const void *)); | 1015 | int (*cmp)(const void *, const void *)); |
| 1016 | const char * OBJ_bsearch_ex(const char *key,const char *base,int num, | ||
| 1017 | int size, int (*cmp)(const void *, const void *), int flags); | ||
| 1013 | 1018 | ||
| 1014 | int OBJ_new_nid(int num); | 1019 | int OBJ_new_nid(int num); |
| 1015 | int OBJ_add_object(const ASN1_OBJECT *obj); | 1020 | int OBJ_add_object(const ASN1_OBJECT *obj); |
diff --git a/src/lib/libssl/src/crypto/objects/objects.txt b/src/lib/libssl/src/crypto/objects/objects.txt index 2635c4e667..34c8d1d647 100644 --- a/src/lib/libssl/src/crypto/objects/objects.txt +++ b/src/lib/libssl/src/crypto/objects/objects.txt | |||
| @@ -1,12 +1,28 @@ | |||
| 1 | 0 : CCITT : ccitt | 1 | # CCITT was renamed to ITU-T quite some time ago |
| 2 | 0 : ITU-T : itu-t | ||
| 3 | !Alias ccitt itu-t | ||
| 2 | 4 | ||
| 3 | 1 : ISO : iso | 5 | 1 : ISO : iso |
| 4 | 6 | ||
| 5 | 2 : JOINT-ISO-CCITT : joint-iso-ccitt | 7 | 2 : JOINT-ISO-ITU-T : joint-iso-itu-t |
| 8 | !Alias joint-iso-ccitt joint-iso-itu-t | ||
| 6 | 9 | ||
| 7 | iso 2 : member-body : ISO Member Body | 10 | iso 2 : member-body : ISO Member Body |
| 8 | 11 | ||
| 9 | joint-iso-ccitt 5 1 5 : selected-attribute-types : Selected Attribute Types | 12 | iso 3 : identified-organization |
| 13 | |||
| 14 | # HMAC OIDs | ||
| 15 | identified-organization 6 1 5 5 8 1 1 : HMAC-MD5 : hmac-md5 | ||
| 16 | identified-organization 6 1 5 5 8 1 2 : HMAC-SHA1 : hmac-sha1 | ||
| 17 | |||
| 18 | identified-organization 132 : certicom-arc | ||
| 19 | |||
| 20 | joint-iso-itu-t 23 : international-organizations : International Organizations | ||
| 21 | |||
| 22 | international-organizations 43 : wap | ||
| 23 | wap 13 : wap-wsg | ||
| 24 | |||
| 25 | joint-iso-itu-t 5 1 5 : selected-attribute-types : Selected Attribute Types | ||
| 10 | 26 | ||
| 11 | selected-attribute-types 55 : clearance | 27 | selected-attribute-types 55 : clearance |
| 12 | 28 | ||
| @@ -24,12 +40,34 @@ ISO-US 10045 : ansi-X9-62 : ANSI X9.62 | |||
| 24 | !Alias id-fieldType ansi-X9-62 1 | 40 | !Alias id-fieldType ansi-X9-62 1 |
| 25 | X9-62_id-fieldType 1 : prime-field | 41 | X9-62_id-fieldType 1 : prime-field |
| 26 | X9-62_id-fieldType 2 : characteristic-two-field | 42 | X9-62_id-fieldType 2 : characteristic-two-field |
| 27 | # ... characteristic-two-field OID subtree | 43 | X9-62_characteristic-two-field 3 : id-characteristic-two-basis |
| 44 | X9-62_id-characteristic-two-basis 1 : onBasis | ||
| 45 | X9-62_id-characteristic-two-basis 2 : tpBasis | ||
| 46 | X9-62_id-characteristic-two-basis 3 : ppBasis | ||
| 28 | !Alias id-publicKeyType ansi-X9-62 2 | 47 | !Alias id-publicKeyType ansi-X9-62 2 |
| 29 | X9-62_id-publicKeyType 1 : id-ecPublicKey | 48 | X9-62_id-publicKeyType 1 : id-ecPublicKey |
| 30 | !Alias ellipticCurve ansi-X9-62 3 | 49 | !Alias ellipticCurve ansi-X9-62 3 |
| 31 | !Alias c-TwoCurve X9-62_ellipticCurve 0 | 50 | !Alias c-TwoCurve X9-62_ellipticCurve 0 |
| 32 | # ... characteristic 2 curve OIDs | 51 | X9-62_c-TwoCurve 1 : c2pnb163v1 |
| 52 | X9-62_c-TwoCurve 2 : c2pnb163v2 | ||
| 53 | X9-62_c-TwoCurve 3 : c2pnb163v3 | ||
| 54 | X9-62_c-TwoCurve 4 : c2pnb176v1 | ||
| 55 | X9-62_c-TwoCurve 5 : c2tnb191v1 | ||
| 56 | X9-62_c-TwoCurve 6 : c2tnb191v2 | ||
| 57 | X9-62_c-TwoCurve 7 : c2tnb191v3 | ||
| 58 | X9-62_c-TwoCurve 8 : c2onb191v4 | ||
| 59 | X9-62_c-TwoCurve 9 : c2onb191v5 | ||
| 60 | X9-62_c-TwoCurve 10 : c2pnb208w1 | ||
| 61 | X9-62_c-TwoCurve 11 : c2tnb239v1 | ||
| 62 | X9-62_c-TwoCurve 12 : c2tnb239v2 | ||
| 63 | X9-62_c-TwoCurve 13 : c2tnb239v3 | ||
| 64 | X9-62_c-TwoCurve 14 : c2onb239v4 | ||
| 65 | X9-62_c-TwoCurve 15 : c2onb239v5 | ||
| 66 | X9-62_c-TwoCurve 16 : c2pnb272w1 | ||
| 67 | X9-62_c-TwoCurve 17 : c2pnb304w1 | ||
| 68 | X9-62_c-TwoCurve 18 : c2tnb359v1 | ||
| 69 | X9-62_c-TwoCurve 19 : c2pnb368w1 | ||
| 70 | X9-62_c-TwoCurve 20 : c2tnb431r1 | ||
| 33 | !Alias primeCurve X9-62_ellipticCurve 1 | 71 | !Alias primeCurve X9-62_ellipticCurve 1 |
| 34 | X9-62_primeCurve 1 : prime192v1 | 72 | X9-62_primeCurve 1 : prime192v1 |
| 35 | X9-62_primeCurve 2 : prime192v2 | 73 | X9-62_primeCurve 2 : prime192v2 |
| @@ -42,6 +80,60 @@ X9-62_primeCurve 7 : prime256v1 | |||
| 42 | !global | 80 | !global |
| 43 | X9-62_id-ecSigType 1 : ecdsa-with-SHA1 | 81 | X9-62_id-ecSigType 1 : ecdsa-with-SHA1 |
| 44 | 82 | ||
| 83 | # SECG curve OIDs from "SEC 2: Recommended Elliptic Curve Domain Parameters" | ||
| 84 | # (http://www.secg.org/) | ||
| 85 | !Alias secg_ellipticCurve certicom-arc 0 | ||
| 86 | # SECG prime curves OIDs | ||
| 87 | secg-ellipticCurve 6 : secp112r1 | ||
| 88 | secg-ellipticCurve 7 : secp112r2 | ||
| 89 | secg-ellipticCurve 28 : secp128r1 | ||
| 90 | secg-ellipticCurve 29 : secp128r2 | ||
| 91 | secg-ellipticCurve 9 : secp160k1 | ||
| 92 | secg-ellipticCurve 8 : secp160r1 | ||
| 93 | secg-ellipticCurve 30 : secp160r2 | ||
| 94 | secg-ellipticCurve 31 : secp192k1 | ||
| 95 | # NOTE: the curve secp192r1 is the same as prime192v1 defined above | ||
| 96 | # and is therefore omitted | ||
| 97 | secg-ellipticCurve 32 : secp224k1 | ||
| 98 | secg-ellipticCurve 33 : secp224r1 | ||
| 99 | secg-ellipticCurve 10 : secp256k1 | ||
| 100 | # NOTE: the curve secp256r1 is the same as prime256v1 defined above | ||
| 101 | # and is therefore omitted | ||
| 102 | secg-ellipticCurve 34 : secp384r1 | ||
| 103 | secg-ellipticCurve 35 : secp521r1 | ||
| 104 | # SECG characteristic two curves OIDs | ||
| 105 | secg-ellipticCurve 4 : sect113r1 | ||
| 106 | secg-ellipticCurve 5 : sect113r2 | ||
| 107 | secg-ellipticCurve 22 : sect131r1 | ||
| 108 | secg-ellipticCurve 23 : sect131r2 | ||
| 109 | secg-ellipticCurve 1 : sect163k1 | ||
| 110 | secg-ellipticCurve 2 : sect163r1 | ||
| 111 | secg-ellipticCurve 15 : sect163r2 | ||
| 112 | secg-ellipticCurve 24 : sect193r1 | ||
| 113 | secg-ellipticCurve 25 : sect193r2 | ||
| 114 | secg-ellipticCurve 26 : sect233k1 | ||
| 115 | secg-ellipticCurve 27 : sect233r1 | ||
| 116 | secg-ellipticCurve 3 : sect239k1 | ||
| 117 | secg-ellipticCurve 16 : sect283k1 | ||
| 118 | secg-ellipticCurve 17 : sect283r1 | ||
| 119 | secg-ellipticCurve 36 : sect409k1 | ||
| 120 | secg-ellipticCurve 37 : sect409r1 | ||
| 121 | secg-ellipticCurve 38 : sect571k1 | ||
| 122 | secg-ellipticCurve 39 : sect571r1 | ||
| 123 | |||
| 124 | # WAP/TLS curve OIDs (http://www.wapforum.org/) | ||
| 125 | !Alias wap-wsg-idm-ecid wap-wsg 4 | ||
| 126 | wap-wsg-idm-ecid 1 : wap-wsg-idm-ecid-wtls1 | ||
| 127 | wap-wsg-idm-ecid 3 : wap-wsg-idm-ecid-wtls3 | ||
| 128 | wap-wsg-idm-ecid 4 : wap-wsg-idm-ecid-wtls4 | ||
| 129 | wap-wsg-idm-ecid 5 : wap-wsg-idm-ecid-wtls5 | ||
| 130 | wap-wsg-idm-ecid 6 : wap-wsg-idm-ecid-wtls6 | ||
| 131 | wap-wsg-idm-ecid 7 : wap-wsg-idm-ecid-wtls7 | ||
| 132 | wap-wsg-idm-ecid 8 : wap-wsg-idm-ecid-wtls8 | ||
| 133 | wap-wsg-idm-ecid 9 : wap-wsg-idm-ecid-wtls9 | ||
| 134 | wap-wsg-idm-ecid 10 : wap-wsg-idm-ecid-wtls10 | ||
| 135 | wap-wsg-idm-ecid 11 : wap-wsg-idm-ecid-wtls11 | ||
| 136 | wap-wsg-idm-ecid 12 : wap-wsg-idm-ecid-wtls12 | ||
| 45 | 137 | ||
| 46 | 138 | ||
| 47 | ISO-US 113533 7 66 10 : CAST5-CBC : cast5-cbc | 139 | ISO-US 113533 7 66 10 : CAST5-CBC : cast5-cbc |
| @@ -53,6 +145,10 @@ ISO-US 113533 7 66 10 : CAST5-CBC : cast5-cbc | |||
| 53 | !Cname pbeWithMD5AndCast5-CBC | 145 | !Cname pbeWithMD5AndCast5-CBC |
| 54 | ISO-US 113533 7 66 12 : : pbeWithMD5AndCast5CBC | 146 | ISO-US 113533 7 66 12 : : pbeWithMD5AndCast5CBC |
| 55 | 147 | ||
| 148 | # Macs for CMP and CRMF | ||
| 149 | ISO-US 113533 7 66 13 : id-PasswordBasedMAC : password based MAC | ||
| 150 | ISO-US 113533 7 66 30 : id-DHBasedMac : Diffie-Hellman based MAC | ||
| 151 | |||
| 56 | ISO-US 113549 : rsadsi : RSA Data Security, Inc. | 152 | ISO-US 113549 : rsadsi : RSA Data Security, Inc. |
| 57 | 153 | ||
| 58 | rsadsi 1 : pkcs : RSA Data Security, Inc. PKCS | 154 | rsadsi 1 : pkcs : RSA Data Security, Inc. PKCS |
| @@ -149,6 +245,8 @@ id-smime-ct 5 : id-smime-ct-TDTInfo | |||
| 149 | id-smime-ct 6 : id-smime-ct-contentInfo | 245 | id-smime-ct 6 : id-smime-ct-contentInfo |
| 150 | id-smime-ct 7 : id-smime-ct-DVCSRequestData | 246 | id-smime-ct 7 : id-smime-ct-DVCSRequestData |
| 151 | id-smime-ct 8 : id-smime-ct-DVCSResponseData | 247 | id-smime-ct 8 : id-smime-ct-DVCSResponseData |
| 248 | id-smime-ct 9 : id-smime-ct-compressedData | ||
| 249 | id-smime-ct 27 : id-ct-asciiTextWithCRLF | ||
| 152 | 250 | ||
| 153 | # S/MIME Attributes | 251 | # S/MIME Attributes |
| 154 | id-smime-aa 1 : id-smime-aa-receiptRequest | 252 | id-smime-aa 1 : id-smime-aa-receiptRequest |
| @@ -396,6 +494,7 @@ id-it 12 : id-it-revPassphrase | |||
| 396 | id-it 13 : id-it-implicitConfirm | 494 | id-it 13 : id-it-implicitConfirm |
| 397 | id-it 14 : id-it-confirmWaitTime | 495 | id-it 14 : id-it-confirmWaitTime |
| 398 | id-it 15 : id-it-origPKIMessage | 496 | id-it 15 : id-it-origPKIMessage |
| 497 | id-it 16 : id-it-suppLangTags | ||
| 399 | 498 | ||
| 400 | # CRMF registration | 499 | # CRMF registration |
| 401 | id-pkip 1 : id-regCtrl | 500 | id-pkip 1 : id-regCtrl |
| @@ -482,6 +581,7 @@ id-ad 2 : caIssuers : CA Issuers | |||
| 482 | id-ad 3 : ad_timestamping : AD Time Stamping | 581 | id-ad 3 : ad_timestamping : AD Time Stamping |
| 483 | !Cname ad-dvcs | 582 | !Cname ad-dvcs |
| 484 | id-ad 4 : AD_DVCS : ad dvcs | 583 | id-ad 4 : AD_DVCS : ad dvcs |
| 584 | id-ad 5 : caRepository : CA Repository | ||
| 485 | 585 | ||
| 486 | 586 | ||
| 487 | !Alias id-pkix-OCSP ad-OCSP | 587 | !Alias id-pkix-OCSP ad-OCSP |
| @@ -569,6 +669,8 @@ X500algorithms 3 100 : RSA-MDC2 : mdc2WithRSA | |||
| 569 | X500algorithms 3 101 : MDC2 : mdc2 | 669 | X500algorithms 3 101 : MDC2 : mdc2 |
| 570 | 670 | ||
| 571 | X500 29 : id-ce | 671 | X500 29 : id-ce |
| 672 | !Cname subject-directory-attributes | ||
| 673 | id-ce 9 : subjectDirectoryAttributes : X509v3 Subject Directory Attributes | ||
| 572 | !Cname subject-key-identifier | 674 | !Cname subject-key-identifier |
| 573 | id-ce 14 : subjectKeyIdentifier : X509v3 Subject Key Identifier | 675 | id-ce 14 : subjectKeyIdentifier : X509v3 Subject Key Identifier |
| 574 | !Cname key-usage | 676 | !Cname key-usage |
| @@ -589,18 +691,28 @@ id-ce 21 : CRLReason : X509v3 CRL Reason Code | |||
| 589 | id-ce 24 : invalidityDate : Invalidity Date | 691 | id-ce 24 : invalidityDate : Invalidity Date |
| 590 | !Cname delta-crl | 692 | !Cname delta-crl |
| 591 | id-ce 27 : deltaCRL : X509v3 Delta CRL Indicator | 693 | id-ce 27 : deltaCRL : X509v3 Delta CRL Indicator |
| 694 | !Cname issuing-distribution-point | ||
| 695 | id-ce 28 : issuingDistributionPoint : X509v3 Issuing Distrubution Point | ||
| 696 | !Cname certificate-issuer | ||
| 697 | id-ce 29 : certificateIssuer : X509v3 Certificate Issuer | ||
| 592 | !Cname name-constraints | 698 | !Cname name-constraints |
| 593 | id-ce 30 : nameConstraints : X509v3 Name Constraints | 699 | id-ce 30 : nameConstraints : X509v3 Name Constraints |
| 594 | !Cname crl-distribution-points | 700 | !Cname crl-distribution-points |
| 595 | id-ce 31 : crlDistributionPoints : X509v3 CRL Distribution Points | 701 | id-ce 31 : crlDistributionPoints : X509v3 CRL Distribution Points |
| 596 | !Cname certificate-policies | 702 | !Cname certificate-policies |
| 597 | id-ce 32 : certificatePolicies : X509v3 Certificate Policies | 703 | id-ce 32 : certificatePolicies : X509v3 Certificate Policies |
| 704 | !Cname any-policy | ||
| 705 | certificate-policies 0 : anyPolicy : X509v3 Any Policy | ||
| 706 | !Cname policy-mappings | ||
| 707 | id-ce 33 : policyMappings : X509v3 Policy Mappings | ||
| 598 | !Cname authority-key-identifier | 708 | !Cname authority-key-identifier |
| 599 | id-ce 35 : authorityKeyIdentifier : X509v3 Authority Key Identifier | 709 | id-ce 35 : authorityKeyIdentifier : X509v3 Authority Key Identifier |
| 600 | !Cname policy-constraints | 710 | !Cname policy-constraints |
| 601 | id-ce 36 : policyConstraints : X509v3 Policy Constraints | 711 | id-ce 36 : policyConstraints : X509v3 Policy Constraints |
| 602 | !Cname ext-key-usage | 712 | !Cname ext-key-usage |
| 603 | id-ce 37 : extendedKeyUsage : X509v3 Extended Key Usage | 713 | id-ce 37 : extendedKeyUsage : X509v3 Extended Key Usage |
| 714 | !Cname inhibit-any-policy | ||
| 715 | id-ce 54 : inhibitAnyPolicy : X509v3 Inhibit Any Policy | ||
| 604 | !Cname target-information | 716 | !Cname target-information |
| 605 | id-ce 55 : targetInformation : X509v3 AC Targeting | 717 | id-ce 55 : targetInformation : X509v3 AC Targeting |
| 606 | !Cname no-rev-avail | 718 | !Cname no-rev-avail |
| @@ -668,7 +780,7 @@ mime-mhs-headings 2 : id-hex-multipart-message : id-hex-multipart-message | |||
| 668 | !Cname rle-compression | 780 | !Cname rle-compression |
| 669 | 1 1 1 1 666 1 : RLE : run length compression | 781 | 1 1 1 1 666 1 : RLE : run length compression |
| 670 | !Cname zlib-compression | 782 | !Cname zlib-compression |
| 671 | 1 1 1 1 666 2 : ZLIB : zlib compression | 783 | id-smime-alg 8 : ZLIB : zlib compression |
| 672 | 784 | ||
| 673 | # AES aka Rijndael | 785 | # AES aka Rijndael |
| 674 | 786 | ||
| @@ -710,6 +822,10 @@ aes 44 : AES-256-CFB : aes-256-cfb | |||
| 710 | : DES-EDE3-CFB1 : des-ede3-cfb1 | 822 | : DES-EDE3-CFB1 : des-ede3-cfb1 |
| 711 | : DES-EDE3-CFB8 : des-ede3-cfb8 | 823 | : DES-EDE3-CFB8 : des-ede3-cfb8 |
| 712 | 824 | ||
| 825 | aes 5 : id-aes128-wrap | ||
| 826 | aes 25 : id-aes192-wrap | ||
| 827 | aes 45 : id-aes256-wrap | ||
| 828 | |||
| 713 | # OIDs for SHA224, SHA256, SHA385 and SHA512, according to x9.84. | 829 | # OIDs for SHA224, SHA256, SHA385 and SHA512, according to x9.84. |
| 714 | !Alias nist_hashalgs nistAlgorithms 2 | 830 | !Alias nist_hashalgs nistAlgorithms 2 |
| 715 | nist_hashalgs 1 : SHA256 : sha256 | 831 | nist_hashalgs 1 : SHA256 : sha256 |
| @@ -728,9 +844,9 @@ holdInstruction 2 : holdInstructionCallIssuer : Hold Instruction Call Issuer | |||
| 728 | !Cname hold-instruction-reject | 844 | !Cname hold-instruction-reject |
| 729 | holdInstruction 3 : holdInstructionReject : Hold Instruction Reject | 845 | holdInstruction 3 : holdInstructionReject : Hold Instruction Reject |
| 730 | 846 | ||
| 731 | # OID's from CCITT. Most of this is defined in RFC 1274. A couple of | 847 | # OID's from ITU-T. Most of this is defined in RFC 1274. A couple of |
| 732 | # them are also mentioned in RFC 2247 | 848 | # them are also mentioned in RFC 2247 |
| 733 | ccitt 9 : data | 849 | itu-t 9 : data |
| 734 | data 2342 : pss | 850 | data 2342 : pss |
| 735 | pss 19200300 : ucl | 851 | pss 19200300 : ucl |
| 736 | ucl 100 : pilot | 852 | ucl 100 : pilot |
| @@ -804,7 +920,7 @@ pilotAttributeType 54 : : dITRedirect | |||
| 804 | pilotAttributeType 55 : audio | 920 | pilotAttributeType 55 : audio |
| 805 | pilotAttributeType 56 : : documentPublisher | 921 | pilotAttributeType 56 : : documentPublisher |
| 806 | 922 | ||
| 807 | 2 23 42 : id-set : Secure Electronic Transactions | 923 | international-organizations 42 : id-set : Secure Electronic Transactions |
| 808 | 924 | ||
| 809 | id-set 0 : set-ctype : content types | 925 | id-set 0 : set-ctype : content types |
| 810 | id-set 1 : set-msgExt : message extensions | 926 | id-set 1 : set-msgExt : message extensions |
| @@ -950,3 +1066,54 @@ set-brand 6011 : set-brand-Novus | |||
| 950 | 1066 | ||
| 951 | rsadsi 3 10 : DES-CDMF : des-cdmf | 1067 | rsadsi 3 10 : DES-CDMF : des-cdmf |
| 952 | rsadsi 1 1 6 : rsaOAEPEncryptionSET | 1068 | rsadsi 1 1 6 : rsaOAEPEncryptionSET |
| 1069 | |||
| 1070 | : Oakley-EC2N-3 : ipsec3 | ||
| 1071 | : Oakley-EC2N-4 : ipsec4 | ||
| 1072 | |||
| 1073 | |||
| 1074 | # Definitions for Camellia cipher - CBC MODE | ||
| 1075 | 1 2 392 200011 61 1 1 1 2 : CAMELLIA-128-CBC : camellia-128-cbc | ||
| 1076 | 1 2 392 200011 61 1 1 1 3 : CAMELLIA-192-CBC : camellia-192-cbc | ||
| 1077 | 1 2 392 200011 61 1 1 1 4 : CAMELLIA-256-CBC : camellia-256-cbc | ||
| 1078 | |||
| 1079 | # Definitions for Camellia cipher - ECB, CFB, OFB MODE | ||
| 1080 | !Alias ntt-ds 0 3 4401 5 | ||
| 1081 | !Alias camellia ntt-ds 3 1 9 | ||
| 1082 | |||
| 1083 | camellia 1 : CAMELLIA-128-ECB : camellia-128-ecb | ||
| 1084 | !Cname camellia-128-ofb128 | ||
| 1085 | camellia 3 : CAMELLIA-128-OFB : camellia-128-ofb | ||
| 1086 | !Cname camellia-128-cfb128 | ||
| 1087 | camellia 4 : CAMELLIA-128-CFB : camellia-128-cfb | ||
| 1088 | |||
| 1089 | camellia 21 : CAMELLIA-192-ECB : camellia-192-ecb | ||
| 1090 | !Cname camellia-192-ofb128 | ||
| 1091 | camellia 23 : CAMELLIA-192-OFB : camellia-192-ofb | ||
| 1092 | !Cname camellia-192-cfb128 | ||
| 1093 | camellia 24 : CAMELLIA-192-CFB : camellia-192-cfb | ||
| 1094 | |||
| 1095 | camellia 41 : CAMELLIA-256-ECB : camellia-256-ecb | ||
| 1096 | !Cname camellia-256-ofb128 | ||
| 1097 | camellia 43 : CAMELLIA-256-OFB : camellia-256-ofb | ||
| 1098 | !Cname camellia-256-cfb128 | ||
| 1099 | camellia 44 : CAMELLIA-256-CFB : camellia-256-cfb | ||
| 1100 | |||
| 1101 | # There are no OIDs for these modes... | ||
| 1102 | |||
| 1103 | : CAMELLIA-128-CFB1 : camellia-128-cfb1 | ||
| 1104 | : CAMELLIA-192-CFB1 : camellia-192-cfb1 | ||
| 1105 | : CAMELLIA-256-CFB1 : camellia-256-cfb1 | ||
| 1106 | : CAMELLIA-128-CFB8 : camellia-128-cfb8 | ||
| 1107 | : CAMELLIA-192-CFB8 : camellia-192-cfb8 | ||
| 1108 | : CAMELLIA-256-CFB8 : camellia-256-cfb8 | ||
| 1109 | |||
| 1110 | |||
| 1111 | # Definitions for SEED cipher - ECB, CBC, OFB mode | ||
| 1112 | |||
| 1113 | member-body 410 200004 : KISA : kisa | ||
| 1114 | kisa 1 3 : SEED-ECB : seed-ecb | ||
| 1115 | kisa 1 4 : SEED-CBC : seed-cbc | ||
| 1116 | !Cname seed-cfb128 | ||
| 1117 | kisa 1 5 : SEED-CFB : seed-cfb | ||
| 1118 | !Cname seed-ofb128 | ||
| 1119 | kisa 1 6 : SEED-OFB : seed-ofb | ||
diff --git a/src/lib/libssl/src/crypto/ocsp/ocsp.h b/src/lib/libssl/src/crypto/ocsp/ocsp.h index fab3c03182..a0577a717e 100644 --- a/src/lib/libssl/src/crypto/ocsp/ocsp.h +++ b/src/lib/libssl/src/crypto/ocsp/ocsp.h | |||
| @@ -186,11 +186,11 @@ typedef struct ocsp_resp_bytes_st | |||
| 186 | * responseStatus OCSPResponseStatus, | 186 | * responseStatus OCSPResponseStatus, |
| 187 | * responseBytes [0] EXPLICIT ResponseBytes OPTIONAL } | 187 | * responseBytes [0] EXPLICIT ResponseBytes OPTIONAL } |
| 188 | */ | 188 | */ |
| 189 | typedef struct ocsp_response_st | 189 | struct ocsp_response_st |
| 190 | { | 190 | { |
| 191 | ASN1_ENUMERATED *responseStatus; | 191 | ASN1_ENUMERATED *responseStatus; |
| 192 | OCSP_RESPBYTES *responseBytes; | 192 | OCSP_RESPBYTES *responseBytes; |
| 193 | } OCSP_RESPONSE; | 193 | }; |
| 194 | 194 | ||
| 195 | /* ResponderID ::= CHOICE { | 195 | /* ResponderID ::= CHOICE { |
| 196 | * byName [1] Name, | 196 | * byName [1] Name, |
| @@ -198,14 +198,18 @@ typedef struct ocsp_response_st | |||
| 198 | */ | 198 | */ |
| 199 | #define V_OCSP_RESPID_NAME 0 | 199 | #define V_OCSP_RESPID_NAME 0 |
| 200 | #define V_OCSP_RESPID_KEY 1 | 200 | #define V_OCSP_RESPID_KEY 1 |
| 201 | typedef struct ocsp_responder_id_st | 201 | struct ocsp_responder_id_st |
| 202 | { | 202 | { |
| 203 | int type; | 203 | int type; |
| 204 | union { | 204 | union { |
| 205 | X509_NAME* byName; | 205 | X509_NAME* byName; |
| 206 | ASN1_OCTET_STRING *byKey; | 206 | ASN1_OCTET_STRING *byKey; |
| 207 | } value; | 207 | } value; |
| 208 | } OCSP_RESPID; | 208 | }; |
| 209 | |||
| 210 | DECLARE_STACK_OF(OCSP_RESPID) | ||
| 211 | DECLARE_ASN1_FUNCTIONS(OCSP_RESPID) | ||
| 212 | |||
| 209 | /* KeyHash ::= OCTET STRING --SHA-1 hash of responder's public key | 213 | /* KeyHash ::= OCTET STRING --SHA-1 hash of responder's public key |
| 210 | * --(excluding the tag and length fields) | 214 | * --(excluding the tag and length fields) |
| 211 | */ | 215 | */ |
| @@ -349,13 +353,9 @@ typedef struct ocsp_service_locator_st | |||
| 349 | #define PEM_STRING_OCSP_REQUEST "OCSP REQUEST" | 353 | #define PEM_STRING_OCSP_REQUEST "OCSP REQUEST" |
| 350 | #define PEM_STRING_OCSP_RESPONSE "OCSP RESPONSE" | 354 | #define PEM_STRING_OCSP_RESPONSE "OCSP RESPONSE" |
| 351 | 355 | ||
| 352 | #define d2i_OCSP_REQUEST_bio(bp,p) (OCSP_REQUEST*)ASN1_d2i_bio((char*(*)()) \ | 356 | #define d2i_OCSP_REQUEST_bio(bp,p) ASN1_d2i_bio_of(OCSP_REQUEST,OCSP_REQUEST_new,d2i_OCSP_REQUEST,bp,p) |
| 353 | OCSP_REQUEST_new,(char *(*)())d2i_OCSP_REQUEST, (bp),\ | ||
| 354 | (unsigned char **)(p)) | ||
| 355 | 357 | ||
| 356 | #define d2i_OCSP_RESPONSE_bio(bp,p) (OCSP_RESPONSE*)ASN1_d2i_bio((char*(*)())\ | 358 | #define d2i_OCSP_RESPONSE_bio(bp,p) ASN1_d2i_bio_of(OCSP_RESPONSE,OCSP_RESPONSE_new,d2i_OCSP_RESPONSE,bp,p) |
| 357 | OCSP_REQUEST_new,(char *(*)())d2i_OCSP_RESPONSE, (bp),\ | ||
| 358 | (unsigned char **)(p)) | ||
| 359 | 359 | ||
| 360 | #define PEM_read_bio_OCSP_REQUEST(bp,x,cb) (OCSP_REQUEST *)PEM_ASN1_read_bio( \ | 360 | #define PEM_read_bio_OCSP_REQUEST(bp,x,cb) (OCSP_REQUEST *)PEM_ASN1_read_bio( \ |
| 361 | (char *(*)())d2i_OCSP_REQUEST,PEM_STRING_OCSP_REQUEST,bp,(char **)x,cb,NULL) | 361 | (char *(*)())d2i_OCSP_REQUEST,PEM_STRING_OCSP_REQUEST,bp,(char **)x,cb,NULL) |
| @@ -371,11 +371,9 @@ typedef struct ocsp_service_locator_st | |||
| 371 | PEM_ASN1_write_bio((int (*)())i2d_OCSP_RESPONSE,PEM_STRING_OCSP_RESPONSE,\ | 371 | PEM_ASN1_write_bio((int (*)())i2d_OCSP_RESPONSE,PEM_STRING_OCSP_RESPONSE,\ |
| 372 | bp,(char *)o, NULL,NULL,0,NULL,NULL) | 372 | bp,(char *)o, NULL,NULL,0,NULL,NULL) |
| 373 | 373 | ||
| 374 | #define i2d_OCSP_RESPONSE_bio(bp,o) ASN1_i2d_bio(i2d_OCSP_RESPONSE,bp,\ | 374 | #define i2d_OCSP_RESPONSE_bio(bp,o) ASN1_i2d_bio_of(OCSP_RESPONSE,i2d_OCSP_RESPONSE,bp,o) |
| 375 | (unsigned char *)o) | ||
| 376 | 375 | ||
| 377 | #define i2d_OCSP_REQUEST_bio(bp,o) ASN1_i2d_bio(i2d_OCSP_REQUEST,bp,\ | 376 | #define i2d_OCSP_REQUEST_bio(bp,o) ASN1_i2d_bio_of(OCSP_REQUEST,i2d_OCSP_REQUEST,bp,o) |
| 378 | (unsigned char *)o) | ||
| 379 | 377 | ||
| 380 | #define OCSP_REQUEST_sign(o,pkey,md) \ | 378 | #define OCSP_REQUEST_sign(o,pkey,md) \ |
| 381 | ASN1_item_sign(ASN1_ITEM_rptr(OCSP_REQINFO),\ | 379 | ASN1_item_sign(ASN1_ITEM_rptr(OCSP_REQINFO),\ |
| @@ -396,14 +394,17 @@ typedef struct ocsp_service_locator_st | |||
| 396 | #define ASN1_BIT_STRING_digest(data,type,md,len) \ | 394 | #define ASN1_BIT_STRING_digest(data,type,md,len) \ |
| 397 | ASN1_item_digest(ASN1_ITEM_rptr(ASN1_BIT_STRING),type,data,md,len) | 395 | ASN1_item_digest(ASN1_ITEM_rptr(ASN1_BIT_STRING),type,data,md,len) |
| 398 | 396 | ||
| 399 | #define OCSP_CERTID_dup(cid) (OCSP_CERTID*)ASN1_dup((int(*)())i2d_OCSP_CERTID,\ | 397 | #define OCSP_CERTID_dup(cid) ASN1_dup_of(OCSP_CERTID,i2d_OCSP_CERTID,d2i_OCSP_CERTID,cid) |
| 400 | (char *(*)())d2i_OCSP_CERTID,(char *)(cid)) | ||
| 401 | 398 | ||
| 402 | #define OCSP_CERTSTATUS_dup(cs)\ | 399 | #define OCSP_CERTSTATUS_dup(cs)\ |
| 403 | (OCSP_CERTSTATUS*)ASN1_dup((int(*)())i2d_OCSP_CERTSTATUS,\ | 400 | (OCSP_CERTSTATUS*)ASN1_dup((int(*)())i2d_OCSP_CERTSTATUS,\ |
| 404 | (char *(*)())d2i_OCSP_CERTSTATUS,(char *)(cs)) | 401 | (char *(*)())d2i_OCSP_CERTSTATUS,(char *)(cs)) |
| 405 | 402 | ||
| 406 | OCSP_RESPONSE *OCSP_sendreq_bio(BIO *b, char *path, OCSP_REQUEST *req); | 403 | OCSP_RESPONSE *OCSP_sendreq_bio(BIO *b, char *path, OCSP_REQUEST *req); |
| 404 | OCSP_REQ_CTX *OCSP_sendreq_new(BIO *io, char *path, OCSP_REQUEST *req, | ||
| 405 | int maxline); | ||
| 406 | int OCSP_sendreq_nbio(OCSP_RESPONSE **presp, OCSP_REQ_CTX *rctx); | ||
| 407 | void OCSP_REQ_CTX_free(OCSP_REQ_CTX *rctx); | ||
| 407 | 408 | ||
| 408 | OCSP_CERTID *OCSP_cert_to_id(const EVP_MD *dgst, X509 *subject, X509 *issuer); | 409 | OCSP_CERTID *OCSP_cert_to_id(const EVP_MD *dgst, X509 *subject, X509 *issuer); |
| 409 | 410 | ||
| @@ -473,8 +474,10 @@ int OCSP_basic_sign(OCSP_BASICRESP *brsp, | |||
| 473 | X509 *signer, EVP_PKEY *key, const EVP_MD *dgst, | 474 | X509 *signer, EVP_PKEY *key, const EVP_MD *dgst, |
| 474 | STACK_OF(X509) *certs, unsigned long flags); | 475 | STACK_OF(X509) *certs, unsigned long flags); |
| 475 | 476 | ||
| 476 | ASN1_STRING *ASN1_STRING_encode(ASN1_STRING *s, int (*i2d)(), | 477 | ASN1_STRING *ASN1_STRING_encode(ASN1_STRING *s, i2d_of_void *i2d, |
| 477 | char *data, STACK_OF(ASN1_OBJECT) *sk); | 478 | void *data, STACK_OF(ASN1_OBJECT) *sk); |
| 479 | #define ASN1_STRING_encode_of(type,s,i2d,data,sk) \ | ||
| 480 | ASN1_STRING_encode(s, CHECKED_I2D_OF(type, i2d), data, sk) | ||
| 478 | 481 | ||
| 479 | X509_EXTENSION *OCSP_crlID_new(char *url, long *n, char *tim); | 482 | X509_EXTENSION *OCSP_crlID_new(char *url, long *n, char *tim); |
| 480 | 483 | ||
| @@ -564,11 +567,11 @@ void ERR_load_OCSP_strings(void); | |||
| 564 | 567 | ||
| 565 | /* Function codes. */ | 568 | /* Function codes. */ |
| 566 | #define OCSP_F_ASN1_STRING_ENCODE 100 | 569 | #define OCSP_F_ASN1_STRING_ENCODE 100 |
| 567 | #define OCSP_F_CERT_ID_NEW 101 | ||
| 568 | #define OCSP_F_D2I_OCSP_NONCE 102 | 570 | #define OCSP_F_D2I_OCSP_NONCE 102 |
| 569 | #define OCSP_F_OCSP_BASIC_ADD1_STATUS 103 | 571 | #define OCSP_F_OCSP_BASIC_ADD1_STATUS 103 |
| 570 | #define OCSP_F_OCSP_BASIC_SIGN 104 | 572 | #define OCSP_F_OCSP_BASIC_SIGN 104 |
| 571 | #define OCSP_F_OCSP_BASIC_VERIFY 105 | 573 | #define OCSP_F_OCSP_BASIC_VERIFY 105 |
| 574 | #define OCSP_F_OCSP_CERT_ID_NEW 101 | ||
| 572 | #define OCSP_F_OCSP_CHECK_DELEGATED 106 | 575 | #define OCSP_F_OCSP_CHECK_DELEGATED 106 |
| 573 | #define OCSP_F_OCSP_CHECK_IDS 107 | 576 | #define OCSP_F_OCSP_CHECK_IDS 107 |
| 574 | #define OCSP_F_OCSP_CHECK_ISSUER 108 | 577 | #define OCSP_F_OCSP_CHECK_ISSUER 108 |
| @@ -579,6 +582,7 @@ void ERR_load_OCSP_strings(void); | |||
| 579 | #define OCSP_F_OCSP_REQUEST_VERIFY 116 | 582 | #define OCSP_F_OCSP_REQUEST_VERIFY 116 |
| 580 | #define OCSP_F_OCSP_RESPONSE_GET1_BASIC 111 | 583 | #define OCSP_F_OCSP_RESPONSE_GET1_BASIC 111 |
| 581 | #define OCSP_F_OCSP_SENDREQ_BIO 112 | 584 | #define OCSP_F_OCSP_SENDREQ_BIO 112 |
| 585 | #define OCSP_F_PARSE_HTTP_LINE1 117 | ||
| 582 | #define OCSP_F_REQUEST_VERIFY 113 | 586 | #define OCSP_F_REQUEST_VERIFY 113 |
| 583 | 587 | ||
| 584 | /* Reason codes. */ | 588 | /* Reason codes. */ |
diff --git a/src/lib/libssl/src/crypto/ocsp/ocsp_asn.c b/src/lib/libssl/src/crypto/ocsp/ocsp_asn.c index 6a3a360d54..39b7a1c568 100644 --- a/src/lib/libssl/src/crypto/ocsp/ocsp_asn.c +++ b/src/lib/libssl/src/crypto/ocsp/ocsp_asn.c | |||
| @@ -62,7 +62,7 @@ | |||
| 62 | ASN1_SEQUENCE(OCSP_SIGNATURE) = { | 62 | ASN1_SEQUENCE(OCSP_SIGNATURE) = { |
| 63 | ASN1_SIMPLE(OCSP_SIGNATURE, signatureAlgorithm, X509_ALGOR), | 63 | ASN1_SIMPLE(OCSP_SIGNATURE, signatureAlgorithm, X509_ALGOR), |
| 64 | ASN1_SIMPLE(OCSP_SIGNATURE, signature, ASN1_BIT_STRING), | 64 | ASN1_SIMPLE(OCSP_SIGNATURE, signature, ASN1_BIT_STRING), |
| 65 | ASN1_EXP_SEQUENCE_OF(OCSP_SIGNATURE, certs, X509, 0) | 65 | ASN1_EXP_SEQUENCE_OF_OPT(OCSP_SIGNATURE, certs, X509, 0) |
| 66 | } ASN1_SEQUENCE_END(OCSP_SIGNATURE) | 66 | } ASN1_SEQUENCE_END(OCSP_SIGNATURE) |
| 67 | 67 | ||
| 68 | IMPLEMENT_ASN1_FUNCTIONS(OCSP_SIGNATURE) | 68 | IMPLEMENT_ASN1_FUNCTIONS(OCSP_SIGNATURE) |
diff --git a/src/lib/libssl/src/crypto/ocsp/ocsp_cl.c b/src/lib/libssl/src/crypto/ocsp/ocsp_cl.c index 9b3e6dd8ca..17bab5fc59 100644 --- a/src/lib/libssl/src/crypto/ocsp/ocsp_cl.c +++ b/src/lib/libssl/src/crypto/ocsp/ocsp_cl.c | |||
| @@ -101,6 +101,8 @@ int OCSP_request_set1_name(OCSP_REQUEST *req, X509_NAME *nm) | |||
| 101 | { | 101 | { |
| 102 | GENERAL_NAME *gen; | 102 | GENERAL_NAME *gen; |
| 103 | gen = GENERAL_NAME_new(); | 103 | gen = GENERAL_NAME_new(); |
| 104 | if (gen == NULL) | ||
| 105 | return 0; | ||
| 104 | if (!X509_NAME_set(&gen->d.directoryName, nm)) | 106 | if (!X509_NAME_set(&gen->d.directoryName, nm)) |
| 105 | { | 107 | { |
| 106 | GENERAL_NAME_free(gen); | 108 | GENERAL_NAME_free(gen); |
diff --git a/src/lib/libssl/src/crypto/ocsp/ocsp_err.c b/src/lib/libssl/src/crypto/ocsp/ocsp_err.c index 65e6093fbc..d2f2e79f44 100644 --- a/src/lib/libssl/src/crypto/ocsp/ocsp_err.c +++ b/src/lib/libssl/src/crypto/ocsp/ocsp_err.c | |||
| @@ -1,6 +1,6 @@ | |||
| 1 | /* crypto/ocsp/ocsp_err.c */ | 1 | /* crypto/ocsp/ocsp_err.c */ |
| 2 | /* ==================================================================== | 2 | /* ==================================================================== |
| 3 | * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved. | 3 | * Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved. |
| 4 | * | 4 | * |
| 5 | * Redistribution and use in source and binary forms, with or without | 5 | * Redistribution and use in source and binary forms, with or without |
| 6 | * modification, are permitted provided that the following conditions | 6 | * modification, are permitted provided that the following conditions |
| @@ -71,11 +71,11 @@ | |||
| 71 | static ERR_STRING_DATA OCSP_str_functs[]= | 71 | static ERR_STRING_DATA OCSP_str_functs[]= |
| 72 | { | 72 | { |
| 73 | {ERR_FUNC(OCSP_F_ASN1_STRING_ENCODE), "ASN1_STRING_encode"}, | 73 | {ERR_FUNC(OCSP_F_ASN1_STRING_ENCODE), "ASN1_STRING_encode"}, |
| 74 | {ERR_FUNC(OCSP_F_CERT_ID_NEW), "CERT_ID_NEW"}, | ||
| 75 | {ERR_FUNC(OCSP_F_D2I_OCSP_NONCE), "D2I_OCSP_NONCE"}, | 74 | {ERR_FUNC(OCSP_F_D2I_OCSP_NONCE), "D2I_OCSP_NONCE"}, |
| 76 | {ERR_FUNC(OCSP_F_OCSP_BASIC_ADD1_STATUS), "OCSP_basic_add1_status"}, | 75 | {ERR_FUNC(OCSP_F_OCSP_BASIC_ADD1_STATUS), "OCSP_basic_add1_status"}, |
| 77 | {ERR_FUNC(OCSP_F_OCSP_BASIC_SIGN), "OCSP_basic_sign"}, | 76 | {ERR_FUNC(OCSP_F_OCSP_BASIC_SIGN), "OCSP_basic_sign"}, |
| 78 | {ERR_FUNC(OCSP_F_OCSP_BASIC_VERIFY), "OCSP_basic_verify"}, | 77 | {ERR_FUNC(OCSP_F_OCSP_BASIC_VERIFY), "OCSP_basic_verify"}, |
| 78 | {ERR_FUNC(OCSP_F_OCSP_CERT_ID_NEW), "OCSP_cert_id_new"}, | ||
| 79 | {ERR_FUNC(OCSP_F_OCSP_CHECK_DELEGATED), "OCSP_CHECK_DELEGATED"}, | 79 | {ERR_FUNC(OCSP_F_OCSP_CHECK_DELEGATED), "OCSP_CHECK_DELEGATED"}, |
| 80 | {ERR_FUNC(OCSP_F_OCSP_CHECK_IDS), "OCSP_CHECK_IDS"}, | 80 | {ERR_FUNC(OCSP_F_OCSP_CHECK_IDS), "OCSP_CHECK_IDS"}, |
| 81 | {ERR_FUNC(OCSP_F_OCSP_CHECK_ISSUER), "OCSP_CHECK_ISSUER"}, | 81 | {ERR_FUNC(OCSP_F_OCSP_CHECK_ISSUER), "OCSP_CHECK_ISSUER"}, |
| @@ -86,6 +86,7 @@ static ERR_STRING_DATA OCSP_str_functs[]= | |||
| 86 | {ERR_FUNC(OCSP_F_OCSP_REQUEST_VERIFY), "OCSP_request_verify"}, | 86 | {ERR_FUNC(OCSP_F_OCSP_REQUEST_VERIFY), "OCSP_request_verify"}, |
| 87 | {ERR_FUNC(OCSP_F_OCSP_RESPONSE_GET1_BASIC), "OCSP_response_get1_basic"}, | 87 | {ERR_FUNC(OCSP_F_OCSP_RESPONSE_GET1_BASIC), "OCSP_response_get1_basic"}, |
| 88 | {ERR_FUNC(OCSP_F_OCSP_SENDREQ_BIO), "OCSP_sendreq_bio"}, | 88 | {ERR_FUNC(OCSP_F_OCSP_SENDREQ_BIO), "OCSP_sendreq_bio"}, |
| 89 | {ERR_FUNC(OCSP_F_PARSE_HTTP_LINE1), "PARSE_HTTP_LINE1"}, | ||
| 89 | {ERR_FUNC(OCSP_F_REQUEST_VERIFY), "REQUEST_VERIFY"}, | 90 | {ERR_FUNC(OCSP_F_REQUEST_VERIFY), "REQUEST_VERIFY"}, |
| 90 | {0,NULL} | 91 | {0,NULL} |
| 91 | }; | 92 | }; |
| @@ -129,15 +130,12 @@ static ERR_STRING_DATA OCSP_str_reasons[]= | |||
| 129 | 130 | ||
| 130 | void ERR_load_OCSP_strings(void) | 131 | void ERR_load_OCSP_strings(void) |
| 131 | { | 132 | { |
| 132 | static int init=1; | 133 | #ifndef OPENSSL_NO_ERR |
| 133 | 134 | ||
| 134 | if (init) | 135 | if (ERR_func_error_string(OCSP_str_functs[0].error) == NULL) |
| 135 | { | 136 | { |
| 136 | init=0; | ||
| 137 | #ifndef OPENSSL_NO_ERR | ||
| 138 | ERR_load_strings(0,OCSP_str_functs); | 137 | ERR_load_strings(0,OCSP_str_functs); |
| 139 | ERR_load_strings(0,OCSP_str_reasons); | 138 | ERR_load_strings(0,OCSP_str_reasons); |
| 140 | #endif | ||
| 141 | |||
| 142 | } | 139 | } |
| 140 | #endif | ||
| 143 | } | 141 | } |
diff --git a/src/lib/libssl/src/crypto/ocsp/ocsp_ext.c b/src/lib/libssl/src/crypto/ocsp/ocsp_ext.c index 57399433fc..815cc29d58 100644 --- a/src/lib/libssl/src/crypto/ocsp/ocsp_ext.c +++ b/src/lib/libssl/src/crypto/ocsp/ocsp_ext.c | |||
| @@ -265,8 +265,8 @@ int OCSP_SINGLERESP_add_ext(OCSP_SINGLERESP *x, X509_EXTENSION *ex, int loc) | |||
| 265 | 265 | ||
| 266 | /* also CRL Entry Extensions */ | 266 | /* also CRL Entry Extensions */ |
| 267 | 267 | ||
| 268 | ASN1_STRING *ASN1_STRING_encode(ASN1_STRING *s, int (*i2d)(), | 268 | ASN1_STRING *ASN1_STRING_encode(ASN1_STRING *s, i2d_of_void *i2d, |
| 269 | char *data, STACK_OF(ASN1_OBJECT) *sk) | 269 | void *data, STACK_OF(ASN1_OBJECT) *sk) |
| 270 | { | 270 | { |
| 271 | int i; | 271 | int i; |
| 272 | unsigned char *p, *b = NULL; | 272 | unsigned char *p, *b = NULL; |
| @@ -274,18 +274,23 @@ ASN1_STRING *ASN1_STRING_encode(ASN1_STRING *s, int (*i2d)(), | |||
| 274 | if (data) | 274 | if (data) |
| 275 | { | 275 | { |
| 276 | if ((i=i2d(data,NULL)) <= 0) goto err; | 276 | if ((i=i2d(data,NULL)) <= 0) goto err; |
| 277 | if (!(b=p=(unsigned char*)OPENSSL_malloc((unsigned int)i))) | 277 | if (!(b=p=OPENSSL_malloc((unsigned int)i))) |
| 278 | goto err; | 278 | goto err; |
| 279 | if (i2d(data, &p) <= 0) goto err; | 279 | if (i2d(data, &p) <= 0) goto err; |
| 280 | } | 280 | } |
| 281 | else if (sk) | 281 | else if (sk) |
| 282 | { | 282 | { |
| 283 | if ((i=i2d_ASN1_SET_OF_ASN1_OBJECT(sk,NULL,i2d,V_ASN1_SEQUENCE, | 283 | if ((i=i2d_ASN1_SET_OF_ASN1_OBJECT(sk,NULL, |
| 284 | V_ASN1_UNIVERSAL,IS_SEQUENCE))<=0) goto err; | 284 | (I2D_OF(ASN1_OBJECT))i2d, |
| 285 | if (!(b=p=(unsigned char*)OPENSSL_malloc((unsigned int)i))) | 285 | V_ASN1_SEQUENCE, |
| 286 | V_ASN1_UNIVERSAL, | ||
| 287 | IS_SEQUENCE))<=0) goto err; | ||
| 288 | if (!(b=p=OPENSSL_malloc((unsigned int)i))) | ||
| 286 | goto err; | 289 | goto err; |
| 287 | if (i2d_ASN1_SET_OF_ASN1_OBJECT(sk,&p,i2d,V_ASN1_SEQUENCE, | 290 | if (i2d_ASN1_SET_OF_ASN1_OBJECT(sk,&p,(I2D_OF(ASN1_OBJECT))i2d, |
| 288 | V_ASN1_UNIVERSAL,IS_SEQUENCE)<=0) goto err; | 291 | V_ASN1_SEQUENCE, |
| 292 | V_ASN1_UNIVERSAL, | ||
| 293 | IS_SEQUENCE)<=0) goto err; | ||
| 289 | } | 294 | } |
| 290 | else | 295 | else |
| 291 | { | 296 | { |
| @@ -439,7 +444,8 @@ X509_EXTENSION *OCSP_crlID_new(char *url, long *n, char *tim) | |||
| 439 | } | 444 | } |
| 440 | if (!(x = X509_EXTENSION_new())) goto err; | 445 | if (!(x = X509_EXTENSION_new())) goto err; |
| 441 | if (!(x->object = OBJ_nid2obj(NID_id_pkix_OCSP_CrlID))) goto err; | 446 | if (!(x->object = OBJ_nid2obj(NID_id_pkix_OCSP_CrlID))) goto err; |
| 442 | if (!(ASN1_STRING_encode(x->value,i2d_OCSP_CRLID,(char*)cid,NULL))) | 447 | if (!(ASN1_STRING_encode_of(OCSP_CRLID,x->value,i2d_OCSP_CRLID,cid, |
| 448 | NULL))) | ||
| 443 | goto err; | 449 | goto err; |
| 444 | OCSP_CRLID_free(cid); | 450 | OCSP_CRLID_free(cid); |
| 445 | return x; | 451 | return x; |
| @@ -467,7 +473,8 @@ X509_EXTENSION *OCSP_accept_responses_new(char **oids) | |||
| 467 | if (!(x = X509_EXTENSION_new())) goto err; | 473 | if (!(x = X509_EXTENSION_new())) goto err; |
| 468 | if (!(x->object = OBJ_nid2obj(NID_id_pkix_OCSP_acceptableResponses))) | 474 | if (!(x->object = OBJ_nid2obj(NID_id_pkix_OCSP_acceptableResponses))) |
| 469 | goto err; | 475 | goto err; |
| 470 | if (!(ASN1_STRING_encode(x->value,i2d_ASN1_OBJECT,NULL,sk))) | 476 | if (!(ASN1_STRING_encode_of(ASN1_OBJECT,x->value,i2d_ASN1_OBJECT,NULL, |
| 477 | sk))) | ||
| 471 | goto err; | 478 | goto err; |
| 472 | sk_ASN1_OBJECT_pop_free(sk, ASN1_OBJECT_free); | 479 | sk_ASN1_OBJECT_pop_free(sk, ASN1_OBJECT_free); |
| 473 | return x; | 480 | return x; |
| @@ -487,8 +494,8 @@ X509_EXTENSION *OCSP_archive_cutoff_new(char* tim) | |||
| 487 | if (!(ASN1_GENERALIZEDTIME_set_string(gt, tim))) goto err; | 494 | if (!(ASN1_GENERALIZEDTIME_set_string(gt, tim))) goto err; |
| 488 | if (!(x = X509_EXTENSION_new())) goto err; | 495 | if (!(x = X509_EXTENSION_new())) goto err; |
| 489 | if (!(x->object=OBJ_nid2obj(NID_id_pkix_OCSP_archiveCutoff)))goto err; | 496 | if (!(x->object=OBJ_nid2obj(NID_id_pkix_OCSP_archiveCutoff)))goto err; |
| 490 | if (!(ASN1_STRING_encode(x->value,i2d_ASN1_GENERALIZEDTIME, | 497 | if (!(ASN1_STRING_encode_of(ASN1_GENERALIZEDTIME,x->value, |
| 491 | (char*)gt,NULL))) goto err; | 498 | i2d_ASN1_GENERALIZEDTIME,gt,NULL))) goto err; |
| 492 | ASN1_GENERALIZEDTIME_free(gt); | 499 | ASN1_GENERALIZEDTIME_free(gt); |
| 493 | return x; | 500 | return x; |
| 494 | err: | 501 | err: |
| @@ -526,8 +533,8 @@ X509_EXTENSION *OCSP_url_svcloc_new(X509_NAME* issuer, char **urls) | |||
| 526 | if (!(x = X509_EXTENSION_new())) goto err; | 533 | if (!(x = X509_EXTENSION_new())) goto err; |
| 527 | if (!(x->object = OBJ_nid2obj(NID_id_pkix_OCSP_serviceLocator))) | 534 | if (!(x->object = OBJ_nid2obj(NID_id_pkix_OCSP_serviceLocator))) |
| 528 | goto err; | 535 | goto err; |
| 529 | if (!(ASN1_STRING_encode(x->value, i2d_OCSP_SERVICELOC, | 536 | if (!(ASN1_STRING_encode_of(OCSP_SERVICELOC,x->value, |
| 530 | (char*)sloc, NULL))) goto err; | 537 | i2d_OCSP_SERVICELOC,sloc,NULL))) goto err; |
| 531 | OCSP_SERVICELOC_free(sloc); | 538 | OCSP_SERVICELOC_free(sloc); |
| 532 | return x; | 539 | return x; |
| 533 | err: | 540 | err: |
diff --git a/src/lib/libssl/src/crypto/ocsp/ocsp_ht.c b/src/lib/libssl/src/crypto/ocsp/ocsp_ht.c index 2c48171883..a8e569b74a 100644 --- a/src/lib/libssl/src/crypto/ocsp/ocsp_ht.c +++ b/src/lib/libssl/src/crypto/ocsp/ocsp_ht.c | |||
| @@ -1,9 +1,9 @@ | |||
| 1 | /* ocsp_ht.c */ | 1 | /* ocsp_ht.c */ |
| 2 | /* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL | 2 | /* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL |
| 3 | * project 2000. | 3 | * project 2006. |
| 4 | */ | 4 | */ |
| 5 | /* ==================================================================== | 5 | /* ==================================================================== |
| 6 | * Copyright (c) 2000 The OpenSSL Project. All rights reserved. | 6 | * Copyright (c) 2006 The OpenSSL Project. All rights reserved. |
| 7 | * | 7 | * |
| 8 | * Redistribution and use in source and binary forms, with or without | 8 | * Redistribution and use in source and binary forms, with or without |
| 9 | * modification, are permitted provided that the following conditions | 9 | * modification, are permitted provided that the following conditions |
| @@ -68,106 +68,404 @@ | |||
| 68 | #define strtoul (unsigned long)strtol | 68 | #define strtoul (unsigned long)strtol |
| 69 | #endif /* OPENSSL_SYS_SUNOS */ | 69 | #endif /* OPENSSL_SYS_SUNOS */ |
| 70 | 70 | ||
| 71 | /* Quick and dirty HTTP OCSP request handler. | 71 | /* Stateful OCSP request code, supporting non-blocking I/O */ |
| 72 | * Could make this a bit cleverer by adding | ||
| 73 | * support for non blocking BIOs and a few | ||
| 74 | * other refinements. | ||
| 75 | */ | ||
| 76 | 72 | ||
| 77 | OCSP_RESPONSE *OCSP_sendreq_bio(BIO *b, char *path, OCSP_REQUEST *req) | 73 | /* Opaque OCSP request status structure */ |
| 78 | { | 74 | |
| 79 | BIO *mem = NULL; | 75 | struct ocsp_req_ctx_st { |
| 80 | char tmpbuf[1024]; | 76 | int state; /* Current I/O state */ |
| 81 | OCSP_RESPONSE *resp = NULL; | 77 | unsigned char *iobuf; /* Line buffer */ |
| 82 | char *p, *q, *r; | 78 | int iobuflen; /* Line buffer length */ |
| 83 | int len, retcode; | 79 | BIO *io; /* BIO to perform I/O with */ |
| 84 | static char req_txt[] = | 80 | BIO *mem; /* Memory BIO response is built into */ |
| 85 | "POST %s HTTP/1.0\r\n\ | 81 | unsigned long asn1_len; /* ASN1 length of response */ |
| 86 | Content-Type: application/ocsp-request\r\n\ | 82 | }; |
| 87 | Content-Length: %d\r\n\r\n"; | 83 | |
| 88 | 84 | #define OCSP_MAX_REQUEST_LENGTH (100 * 1024) | |
| 89 | len = i2d_OCSP_REQUEST(req, NULL); | 85 | #define OCSP_MAX_LINE_LEN 4096; |
| 90 | if(BIO_printf(b, req_txt, path, len) < 0) { | 86 | |
| 91 | OCSPerr(OCSP_F_OCSP_SENDREQ_BIO,OCSP_R_SERVER_WRITE_ERROR); | 87 | /* OCSP states */ |
| 92 | goto err; | 88 | |
| 93 | } | 89 | /* If set no reading should be performed */ |
| 94 | if(i2d_OCSP_REQUEST_bio(b, req) <= 0) { | 90 | #define OHS_NOREAD 0x1000 |
| 95 | OCSPerr(OCSP_F_OCSP_SENDREQ_BIO,OCSP_R_SERVER_WRITE_ERROR); | 91 | /* Error condition */ |
| 96 | goto err; | 92 | #define OHS_ERROR (0 | OHS_NOREAD) |
| 93 | /* First line being read */ | ||
| 94 | #define OHS_FIRSTLINE 1 | ||
| 95 | /* MIME headers being read */ | ||
| 96 | #define OHS_HEADERS 2 | ||
| 97 | /* OCSP initial header (tag + length) being read */ | ||
| 98 | #define OHS_ASN1_HEADER 3 | ||
| 99 | /* OCSP content octets being read */ | ||
| 100 | #define OHS_ASN1_CONTENT 4 | ||
| 101 | /* Request being sent */ | ||
| 102 | #define OHS_ASN1_WRITE (6 | OHS_NOREAD) | ||
| 103 | /* Request being flushed */ | ||
| 104 | #define OHS_ASN1_FLUSH (7 | OHS_NOREAD) | ||
| 105 | /* Completed */ | ||
| 106 | #define OHS_DONE (8 | OHS_NOREAD) | ||
| 107 | |||
| 108 | |||
| 109 | static int parse_http_line1(char *line); | ||
| 110 | |||
| 111 | void OCSP_REQ_CTX_free(OCSP_REQ_CTX *rctx) | ||
| 112 | { | ||
| 113 | if (rctx->mem) | ||
| 114 | BIO_free(rctx->mem); | ||
| 115 | if (rctx->iobuf) | ||
| 116 | OPENSSL_free(rctx->iobuf); | ||
| 117 | OPENSSL_free(rctx); | ||
| 97 | } | 118 | } |
| 98 | if(!(mem = BIO_new(BIO_s_mem()))) goto err; | 119 | |
| 99 | /* Copy response to a memory BIO: socket bios can't do gets! */ | 120 | OCSP_REQ_CTX *OCSP_sendreq_new(BIO *io, char *path, OCSP_REQUEST *req, |
| 100 | while ((len = BIO_read(b, tmpbuf, sizeof tmpbuf))) { | 121 | int maxline) |
| 101 | if(len < 0) { | 122 | { |
| 102 | OCSPerr(OCSP_F_OCSP_SENDREQ_BIO,OCSP_R_SERVER_READ_ERROR); | 123 | static char post_hdr[] = "POST %s HTTP/1.0\r\n" |
| 103 | goto err; | 124 | "Content-Type: application/ocsp-request\r\n" |
| 125 | "Content-Length: %d\r\n\r\n"; | ||
| 126 | |||
| 127 | OCSP_REQ_CTX *rctx; | ||
| 128 | rctx = OPENSSL_malloc(sizeof(OCSP_REQ_CTX)); | ||
| 129 | rctx->state = OHS_FIRSTLINE; | ||
| 130 | rctx->mem = BIO_new(BIO_s_mem()); | ||
| 131 | rctx->io = io; | ||
| 132 | if (maxline > 0) | ||
| 133 | rctx->iobuflen = maxline; | ||
| 134 | else | ||
| 135 | rctx->iobuflen = OCSP_MAX_LINE_LEN; | ||
| 136 | rctx->iobuf = OPENSSL_malloc(rctx->iobuflen); | ||
| 137 | if (!path) | ||
| 138 | path = "/"; | ||
| 139 | |||
| 140 | if (BIO_printf(rctx->mem, post_hdr, path, | ||
| 141 | i2d_OCSP_REQUEST(req, NULL)) <= 0) | ||
| 142 | { | ||
| 143 | rctx->state = OHS_ERROR; | ||
| 144 | return 0; | ||
| 104 | } | 145 | } |
| 105 | BIO_write(mem, tmpbuf, len); | 146 | if (i2d_OCSP_REQUEST_bio(rctx->mem, req) <= 0) |
| 106 | } | 147 | { |
| 107 | if(BIO_gets(mem, tmpbuf, 512) <= 0) { | 148 | rctx->state = OHS_ERROR; |
| 108 | OCSPerr(OCSP_F_OCSP_SENDREQ_BIO,OCSP_R_SERVER_RESPONSE_PARSE_ERROR); | 149 | return 0; |
| 109 | goto err; | 150 | } |
| 151 | rctx->state = OHS_ASN1_WRITE; | ||
| 152 | rctx->asn1_len = BIO_get_mem_data(rctx->mem, NULL); | ||
| 153 | |||
| 154 | return rctx; | ||
| 110 | } | 155 | } |
| 111 | /* Parse the HTTP response. This will look like this: | ||
| 112 | * "HTTP/1.0 200 OK". We need to obtain the numeric code and | ||
| 113 | * (optional) informational message. | ||
| 114 | */ | ||
| 115 | 156 | ||
| 157 | /* Parse the HTTP response. This will look like this: | ||
| 158 | * "HTTP/1.0 200 OK". We need to obtain the numeric code and | ||
| 159 | * (optional) informational message. | ||
| 160 | */ | ||
| 161 | |||
| 162 | static int parse_http_line1(char *line) | ||
| 163 | { | ||
| 164 | int retcode; | ||
| 165 | char *p, *q, *r; | ||
| 116 | /* Skip to first white space (passed protocol info) */ | 166 | /* Skip to first white space (passed protocol info) */ |
| 117 | for(p = tmpbuf; *p && !isspace((unsigned char)*p); p++) continue; | 167 | |
| 118 | if(!*p) { | 168 | for(p = line; *p && !isspace((unsigned char)*p); p++) |
| 119 | OCSPerr(OCSP_F_OCSP_SENDREQ_BIO,OCSP_R_SERVER_RESPONSE_PARSE_ERROR); | 169 | continue; |
| 120 | goto err; | 170 | if(!*p) |
| 121 | } | 171 | { |
| 172 | OCSPerr(OCSP_F_PARSE_HTTP_LINE1, | ||
| 173 | OCSP_R_SERVER_RESPONSE_PARSE_ERROR); | ||
| 174 | return 0; | ||
| 175 | } | ||
| 176 | |||
| 122 | /* Skip past white space to start of response code */ | 177 | /* Skip past white space to start of response code */ |
| 123 | while(isspace((unsigned char)*p)) p++; | 178 | while(*p && isspace((unsigned char)*p)) |
| 124 | if(!*p) { | 179 | p++; |
| 125 | OCSPerr(OCSP_F_OCSP_SENDREQ_BIO,OCSP_R_SERVER_RESPONSE_PARSE_ERROR); | 180 | |
| 126 | goto err; | 181 | if(!*p) |
| 127 | } | 182 | { |
| 183 | OCSPerr(OCSP_F_PARSE_HTTP_LINE1, | ||
| 184 | OCSP_R_SERVER_RESPONSE_PARSE_ERROR); | ||
| 185 | return 0; | ||
| 186 | } | ||
| 187 | |||
| 128 | /* Find end of response code: first whitespace after start of code */ | 188 | /* Find end of response code: first whitespace after start of code */ |
| 129 | for(q = p; *q && !isspace((unsigned char)*q); q++) continue; | 189 | for(q = p; *q && !isspace((unsigned char)*q); q++) |
| 130 | if(!*q) { | 190 | continue; |
| 131 | OCSPerr(OCSP_F_OCSP_SENDREQ_BIO,OCSP_R_SERVER_RESPONSE_PARSE_ERROR); | 191 | |
| 132 | goto err; | 192 | if(!*q) |
| 133 | } | 193 | { |
| 194 | OCSPerr(OCSP_F_PARSE_HTTP_LINE1, | ||
| 195 | OCSP_R_SERVER_RESPONSE_PARSE_ERROR); | ||
| 196 | return 0; | ||
| 197 | } | ||
| 198 | |||
| 134 | /* Set end of response code and start of message */ | 199 | /* Set end of response code and start of message */ |
| 135 | *q++ = 0; | 200 | *q++ = 0; |
| 201 | |||
| 136 | /* Attempt to parse numeric code */ | 202 | /* Attempt to parse numeric code */ |
| 137 | retcode = strtoul(p, &r, 10); | 203 | retcode = strtoul(p, &r, 10); |
| 138 | if(*r) goto err; | 204 | |
| 205 | if(*r) | ||
| 206 | return 0; | ||
| 207 | |||
| 139 | /* Skip over any leading white space in message */ | 208 | /* Skip over any leading white space in message */ |
| 140 | while(isspace((unsigned char)*q)) q++; | 209 | while(*q && isspace((unsigned char)*q)) |
| 141 | if(*q) { | 210 | q++; |
| 142 | /* Finally zap any trailing white space in message (include CRLF) */ | 211 | |
| 143 | /* We know q has a non white space character so this is OK */ | 212 | if(*q) |
| 144 | for(r = q + strlen(q) - 1; isspace((unsigned char)*r); r--) *r = 0; | 213 | { |
| 145 | } | 214 | /* Finally zap any trailing white space in message (include |
| 146 | if(retcode != 200) { | 215 | * CRLF) */ |
| 147 | OCSPerr(OCSP_F_OCSP_SENDREQ_BIO,OCSP_R_SERVER_RESPONSE_ERROR); | 216 | |
| 148 | if(!*q) { | 217 | /* We know q has a non white space character so this is OK */ |
| 149 | ERR_add_error_data(2, "Code=", p); | 218 | for(r = q + strlen(q) - 1; isspace((unsigned char)*r); r--) |
| 219 | *r = 0; | ||
| 150 | } | 220 | } |
| 151 | else { | 221 | if(retcode != 200) |
| 222 | { | ||
| 223 | OCSPerr(OCSP_F_PARSE_HTTP_LINE1, OCSP_R_SERVER_RESPONSE_ERROR); | ||
| 224 | if(!*q) | ||
| 225 | ERR_add_error_data(2, "Code=", p); | ||
| 226 | else | ||
| 152 | ERR_add_error_data(4, "Code=", p, ",Reason=", q); | 227 | ERR_add_error_data(4, "Code=", p, ",Reason=", q); |
| 228 | return 0; | ||
| 153 | } | 229 | } |
| 154 | goto err; | 230 | |
| 231 | |||
| 232 | return 1; | ||
| 233 | |||
| 155 | } | 234 | } |
| 156 | /* Find blank line marking beginning of content */ | 235 | |
| 157 | while(BIO_gets(mem, tmpbuf, 512) > 0) | 236 | int OCSP_sendreq_nbio(OCSP_RESPONSE **presp, OCSP_REQ_CTX *rctx) |
| 158 | { | 237 | { |
| 159 | for(p = tmpbuf; isspace((unsigned char)*p); p++) continue; | 238 | int i, n; |
| 160 | if(!*p) break; | 239 | const unsigned char *p; |
| 161 | } | 240 | next_io: |
| 162 | if(*p) { | 241 | if (!(rctx->state & OHS_NOREAD)) |
| 163 | OCSPerr(OCSP_F_OCSP_SENDREQ_BIO,OCSP_R_NO_CONTENT); | 242 | { |
| 164 | goto err; | 243 | n = BIO_read(rctx->io, rctx->iobuf, rctx->iobuflen); |
| 244 | |||
| 245 | if (n <= 0) | ||
| 246 | { | ||
| 247 | if (BIO_should_retry(rctx->io)) | ||
| 248 | return -1; | ||
| 249 | return 0; | ||
| 250 | } | ||
| 251 | |||
| 252 | /* Write data to memory BIO */ | ||
| 253 | |||
| 254 | if (BIO_write(rctx->mem, rctx->iobuf, n) != n) | ||
| 255 | return 0; | ||
| 256 | } | ||
| 257 | |||
| 258 | switch(rctx->state) | ||
| 259 | { | ||
| 260 | |||
| 261 | case OHS_ASN1_WRITE: | ||
| 262 | n = BIO_get_mem_data(rctx->mem, &p); | ||
| 263 | |||
| 264 | i = BIO_write(rctx->io, | ||
| 265 | p + (n - rctx->asn1_len), rctx->asn1_len); | ||
| 266 | |||
| 267 | if (i <= 0) | ||
| 268 | { | ||
| 269 | if (BIO_should_retry(rctx->io)) | ||
| 270 | return -1; | ||
| 271 | rctx->state = OHS_ERROR; | ||
| 272 | return 0; | ||
| 273 | } | ||
| 274 | |||
| 275 | rctx->asn1_len -= i; | ||
| 276 | |||
| 277 | if (rctx->asn1_len > 0) | ||
| 278 | goto next_io; | ||
| 279 | |||
| 280 | rctx->state = OHS_ASN1_FLUSH; | ||
| 281 | |||
| 282 | (void)BIO_reset(rctx->mem); | ||
| 283 | |||
| 284 | case OHS_ASN1_FLUSH: | ||
| 285 | |||
| 286 | i = BIO_flush(rctx->io); | ||
| 287 | |||
| 288 | if (i > 0) | ||
| 289 | { | ||
| 290 | rctx->state = OHS_FIRSTLINE; | ||
| 291 | goto next_io; | ||
| 292 | } | ||
| 293 | |||
| 294 | if (BIO_should_retry(rctx->io)) | ||
| 295 | return -1; | ||
| 296 | |||
| 297 | rctx->state = OHS_ERROR; | ||
| 298 | return 0; | ||
| 299 | |||
| 300 | case OHS_ERROR: | ||
| 301 | return 0; | ||
| 302 | |||
| 303 | case OHS_FIRSTLINE: | ||
| 304 | case OHS_HEADERS: | ||
| 305 | |||
| 306 | /* Attempt to read a line in */ | ||
| 307 | |||
| 308 | next_line: | ||
| 309 | /* Due to &%^*$" memory BIO behaviour with BIO_gets we | ||
| 310 | * have to check there's a complete line in there before | ||
| 311 | * calling BIO_gets or we'll just get a partial read. | ||
| 312 | */ | ||
| 313 | n = BIO_get_mem_data(rctx->mem, &p); | ||
| 314 | if ((n <= 0) || !memchr(p, '\n', n)) | ||
| 315 | { | ||
| 316 | if (n >= rctx->iobuflen) | ||
| 317 | { | ||
| 318 | rctx->state = OHS_ERROR; | ||
| 319 | return 0; | ||
| 320 | } | ||
| 321 | goto next_io; | ||
| 322 | } | ||
| 323 | n = BIO_gets(rctx->mem, (char *)rctx->iobuf, rctx->iobuflen); | ||
| 324 | |||
| 325 | if (n <= 0) | ||
| 326 | { | ||
| 327 | if (BIO_should_retry(rctx->mem)) | ||
| 328 | goto next_io; | ||
| 329 | rctx->state = OHS_ERROR; | ||
| 330 | return 0; | ||
| 331 | } | ||
| 332 | |||
| 333 | /* Don't allow excessive lines */ | ||
| 334 | if (n == rctx->iobuflen) | ||
| 335 | { | ||
| 336 | rctx->state = OHS_ERROR; | ||
| 337 | return 0; | ||
| 338 | } | ||
| 339 | |||
| 340 | /* First line */ | ||
| 341 | if (rctx->state == OHS_FIRSTLINE) | ||
| 342 | { | ||
| 343 | if (parse_http_line1((char *)rctx->iobuf)) | ||
| 344 | { | ||
| 345 | rctx->state = OHS_HEADERS; | ||
| 346 | goto next_line; | ||
| 347 | } | ||
| 348 | else | ||
| 349 | { | ||
| 350 | rctx->state = OHS_ERROR; | ||
| 351 | return 0; | ||
| 352 | } | ||
| 353 | } | ||
| 354 | else | ||
| 355 | { | ||
| 356 | /* Look for blank line: end of headers */ | ||
| 357 | for (p = rctx->iobuf; *p; p++) | ||
| 358 | { | ||
| 359 | if ((*p != '\r') && (*p != '\n')) | ||
| 360 | break; | ||
| 361 | } | ||
| 362 | if (*p) | ||
| 363 | goto next_line; | ||
| 364 | |||
| 365 | rctx->state = OHS_ASN1_HEADER; | ||
| 366 | |||
| 367 | } | ||
| 368 | |||
| 369 | /* Fall thru */ | ||
| 370 | |||
| 371 | |||
| 372 | case OHS_ASN1_HEADER: | ||
| 373 | /* Now reading ASN1 header: can read at least 6 bytes which | ||
| 374 | * is more than enough for any valid ASN1 SEQUENCE header | ||
| 375 | */ | ||
| 376 | n = BIO_get_mem_data(rctx->mem, &p); | ||
| 377 | if (n < 6) | ||
| 378 | goto next_io; | ||
| 379 | |||
| 380 | /* Check it is an ASN1 SEQUENCE */ | ||
| 381 | if (*p++ != (V_ASN1_SEQUENCE|V_ASN1_CONSTRUCTED)) | ||
| 382 | { | ||
| 383 | rctx->state = OHS_ERROR; | ||
| 384 | return 0; | ||
| 385 | } | ||
| 386 | |||
| 387 | /* Check out length field */ | ||
| 388 | if (*p & 0x80) | ||
| 389 | { | ||
| 390 | n = *p & 0x7F; | ||
| 391 | /* Not NDEF or excessive length */ | ||
| 392 | if (!n || (n > 4)) | ||
| 393 | { | ||
| 394 | rctx->state = OHS_ERROR; | ||
| 395 | return 0; | ||
| 396 | } | ||
| 397 | p++; | ||
| 398 | rctx->asn1_len = 0; | ||
| 399 | for (i = 0; i < n; i++) | ||
| 400 | { | ||
| 401 | rctx->asn1_len <<= 8; | ||
| 402 | rctx->asn1_len |= *p++; | ||
| 403 | } | ||
| 404 | |||
| 405 | if (rctx->asn1_len > OCSP_MAX_REQUEST_LENGTH) | ||
| 406 | { | ||
| 407 | rctx->state = OHS_ERROR; | ||
| 408 | return 0; | ||
| 409 | } | ||
| 410 | |||
| 411 | rctx->asn1_len += n + 2; | ||
| 412 | } | ||
| 413 | else | ||
| 414 | rctx->asn1_len = *p + 2; | ||
| 415 | |||
| 416 | rctx->state = OHS_ASN1_CONTENT; | ||
| 417 | |||
| 418 | /* Fall thru */ | ||
| 419 | |||
| 420 | case OHS_ASN1_CONTENT: | ||
| 421 | n = BIO_get_mem_data(rctx->mem, &p); | ||
| 422 | if (n < (int)rctx->asn1_len) | ||
| 423 | goto next_io; | ||
| 424 | |||
| 425 | |||
| 426 | *presp = d2i_OCSP_RESPONSE(NULL, &p, rctx->asn1_len); | ||
| 427 | if (*presp) | ||
| 428 | { | ||
| 429 | rctx->state = OHS_DONE; | ||
| 430 | return 1; | ||
| 431 | } | ||
| 432 | |||
| 433 | rctx->state = OHS_ERROR; | ||
| 434 | return 0; | ||
| 435 | |||
| 436 | break; | ||
| 437 | |||
| 438 | case OHS_DONE: | ||
| 439 | return 1; | ||
| 440 | |||
| 441 | } | ||
| 442 | |||
| 443 | |||
| 444 | |||
| 445 | return 0; | ||
| 446 | |||
| 447 | |||
| 165 | } | 448 | } |
| 166 | if(!(resp = d2i_OCSP_RESPONSE_bio(mem, NULL))) { | 449 | |
| 167 | OCSPerr(OCSP_F_OCSP_SENDREQ_BIO,ERR_R_NESTED_ASN1_ERROR); | 450 | /* Blocking OCSP request handler: now a special case of non-blocking I/O */ |
| 168 | goto err; | 451 | |
| 452 | OCSP_RESPONSE *OCSP_sendreq_bio(BIO *b, char *path, OCSP_REQUEST *req) | ||
| 453 | { | ||
| 454 | OCSP_RESPONSE *resp = NULL; | ||
| 455 | OCSP_REQ_CTX *ctx; | ||
| 456 | int rv; | ||
| 457 | |||
| 458 | ctx = OCSP_sendreq_new(b, path, req, -1); | ||
| 459 | |||
| 460 | do | ||
| 461 | { | ||
| 462 | rv = OCSP_sendreq_nbio(&resp, ctx); | ||
| 463 | } while ((rv == -1) && BIO_should_retry(b)); | ||
| 464 | |||
| 465 | OCSP_REQ_CTX_free(ctx); | ||
| 466 | |||
| 467 | if (rv) | ||
| 468 | return resp; | ||
| 469 | |||
| 470 | return NULL; | ||
| 169 | } | 471 | } |
| 170 | err: | ||
| 171 | BIO_free(mem); | ||
| 172 | return resp; | ||
| 173 | } | ||
diff --git a/src/lib/libssl/src/crypto/ocsp/ocsp_lib.c b/src/lib/libssl/src/crypto/ocsp/ocsp_lib.c index 9e87fc7895..27450811d7 100644 --- a/src/lib/libssl/src/crypto/ocsp/ocsp_lib.c +++ b/src/lib/libssl/src/crypto/ocsp/ocsp_lib.c | |||
| @@ -112,7 +112,7 @@ OCSP_CERTID *OCSP_cert_id_new(const EVP_MD *dgst, | |||
| 112 | if (alg->algorithm != NULL) ASN1_OBJECT_free(alg->algorithm); | 112 | if (alg->algorithm != NULL) ASN1_OBJECT_free(alg->algorithm); |
| 113 | if ((nid = EVP_MD_type(dgst)) == NID_undef) | 113 | if ((nid = EVP_MD_type(dgst)) == NID_undef) |
| 114 | { | 114 | { |
| 115 | OCSPerr(OCSP_F_CERT_ID_NEW,OCSP_R_UNKNOWN_NID); | 115 | OCSPerr(OCSP_F_OCSP_CERT_ID_NEW,OCSP_R_UNKNOWN_NID); |
| 116 | goto err; | 116 | goto err; |
| 117 | } | 117 | } |
| 118 | if (!(alg->algorithm=OBJ_nid2obj(nid))) goto err; | 118 | if (!(alg->algorithm=OBJ_nid2obj(nid))) goto err; |
| @@ -134,7 +134,7 @@ OCSP_CERTID *OCSP_cert_id_new(const EVP_MD *dgst, | |||
| 134 | } | 134 | } |
| 135 | return cid; | 135 | return cid; |
| 136 | digerr: | 136 | digerr: |
| 137 | OCSPerr(OCSP_F_CERT_ID_NEW,OCSP_R_DIGEST_ERR); | 137 | OCSPerr(OCSP_F_OCSP_CERT_ID_NEW,OCSP_R_DIGEST_ERR); |
| 138 | err: | 138 | err: |
| 139 | if (cid) OCSP_CERTID_free(cid); | 139 | if (cid) OCSP_CERTID_free(cid); |
| 140 | return NULL; | 140 | return NULL; |
diff --git a/src/lib/libssl/src/crypto/ocsp/ocsp_prn.c b/src/lib/libssl/src/crypto/ocsp/ocsp_prn.c index 4b7bc28769..3dfb51c1e4 100644 --- a/src/lib/libssl/src/crypto/ocsp/ocsp_prn.c +++ b/src/lib/libssl/src/crypto/ocsp/ocsp_prn.c | |||
| @@ -194,7 +194,7 @@ int OCSP_RESPONSE_print(BIO *bp, OCSP_RESPONSE* o, unsigned long flags) | |||
| 194 | 194 | ||
| 195 | if (BIO_puts(bp,"OCSP Response Data:\n") <= 0) goto err; | 195 | if (BIO_puts(bp,"OCSP Response Data:\n") <= 0) goto err; |
| 196 | l=ASN1_ENUMERATED_get(o->responseStatus); | 196 | l=ASN1_ENUMERATED_get(o->responseStatus); |
| 197 | if (BIO_printf(bp," OCSP Response Status: %s (0x%x)\n", | 197 | if (BIO_printf(bp," OCSP Response Status: %s (0x%lx)\n", |
| 198 | OCSP_response_status_str(l), l) <= 0) goto err; | 198 | OCSP_response_status_str(l), l) <= 0) goto err; |
| 199 | if (rb == NULL) return 1; | 199 | if (rb == NULL) return 1; |
| 200 | if (BIO_puts(bp," Response Type: ") <= 0) | 200 | if (BIO_puts(bp," Response Type: ") <= 0) |
| @@ -252,7 +252,7 @@ int OCSP_RESPONSE_print(BIO *bp, OCSP_RESPONSE* o, unsigned long flags) | |||
| 252 | { | 252 | { |
| 253 | l=ASN1_ENUMERATED_get(rev->revocationReason); | 253 | l=ASN1_ENUMERATED_get(rev->revocationReason); |
| 254 | if (BIO_printf(bp, | 254 | if (BIO_printf(bp, |
| 255 | "\n Revocation Reason: %s (0x%x)", | 255 | "\n Revocation Reason: %s (0x%lx)", |
| 256 | OCSP_crl_reason_str(l), l) <= 0) | 256 | OCSP_crl_reason_str(l), l) <= 0) |
| 257 | goto err; | 257 | goto err; |
| 258 | } | 258 | } |
diff --git a/src/lib/libssl/src/crypto/ocsp/ocsp_vfy.c b/src/lib/libssl/src/crypto/ocsp/ocsp_vfy.c index 3d58dfb06c..23ea41c847 100644 --- a/src/lib/libssl/src/crypto/ocsp/ocsp_vfy.c +++ b/src/lib/libssl/src/crypto/ocsp/ocsp_vfy.c | |||
| @@ -367,7 +367,7 @@ int OCSP_request_verify(OCSP_REQUEST *req, STACK_OF(X509) *certs, X509_STORE *st | |||
| 367 | return 0; | 367 | return 0; |
| 368 | } | 368 | } |
| 369 | gen = req->tbsRequest->requestorName; | 369 | gen = req->tbsRequest->requestorName; |
| 370 | if (gen->type != GEN_DIRNAME) | 370 | if (!gen || gen->type != GEN_DIRNAME) |
| 371 | { | 371 | { |
| 372 | OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY, OCSP_R_UNSUPPORTED_REQUESTORNAME_TYPE); | 372 | OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY, OCSP_R_UNSUPPORTED_REQUESTORNAME_TYPE); |
| 373 | return 0; | 373 | return 0; |
diff --git a/src/lib/libssl/src/crypto/opensslconf.h.in b/src/lib/libssl/src/crypto/opensslconf.h.in index 685e83b7a3..cee83acf98 100644 --- a/src/lib/libssl/src/crypto/opensslconf.h.in +++ b/src/lib/libssl/src/crypto/opensslconf.h.in | |||
| @@ -5,6 +5,7 @@ | |||
| 5 | 5 | ||
| 6 | #if !(defined(VMS) || defined(__VMS)) /* VMS uses logical names instead */ | 6 | #if !(defined(VMS) || defined(__VMS)) /* VMS uses logical names instead */ |
| 7 | #if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR) | 7 | #if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR) |
| 8 | #define ENGINESDIR "/usr/local/lib/engines" | ||
| 8 | #define OPENSSLDIR "/usr/local/ssl" | 9 | #define OPENSSLDIR "/usr/local/ssl" |
| 9 | #endif | 10 | #endif |
| 10 | #endif | 11 | #endif |
diff --git a/src/lib/libssl/src/crypto/opensslv.h b/src/lib/libssl/src/crypto/opensslv.h index e50c1baf00..b308894f18 100644 --- a/src/lib/libssl/src/crypto/opensslv.h +++ b/src/lib/libssl/src/crypto/opensslv.h | |||
| @@ -12,7 +12,7 @@ | |||
| 12 | * 0.9.3-beta2 0x00903002 (same as ...beta2-dev) | 12 | * 0.9.3-beta2 0x00903002 (same as ...beta2-dev) |
| 13 | * 0.9.3 0x0090300f | 13 | * 0.9.3 0x0090300f |
| 14 | * 0.9.3a 0x0090301f | 14 | * 0.9.3a 0x0090301f |
| 15 | * 0.9.4 0x0090400f | 15 | * 0.9.4 0x0090400f |
| 16 | * 1.2.3z 0x102031af | 16 | * 1.2.3z 0x102031af |
| 17 | * | 17 | * |
| 18 | * For continuity reasons (because 0.9.5 is already out, and is coded | 18 | * For continuity reasons (because 0.9.5 is already out, and is coded |
| @@ -25,11 +25,11 @@ | |||
| 25 | * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for | 25 | * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for |
| 26 | * major minor fix final patch/beta) | 26 | * major minor fix final patch/beta) |
| 27 | */ | 27 | */ |
| 28 | #define OPENSSL_VERSION_NUMBER 0x009070afL | 28 | #define OPENSSL_VERSION_NUMBER 0x0090808fL |
| 29 | #ifdef OPENSSL_FIPS | 29 | #ifdef OPENSSL_FIPS |
| 30 | #define OPENSSL_VERSION_TEXT "OpenSSL 0.9.7j-fips 04 May 2006" | 30 | #define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8h-fips 28 May 2008" |
| 31 | #else | 31 | #else |
| 32 | #define OPENSSL_VERSION_TEXT "OpenSSL 0.9.7j 04 May 2006" | 32 | #define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8h 28 May 2008" |
| 33 | #endif | 33 | #endif |
| 34 | #define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT | 34 | #define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT |
| 35 | 35 | ||
| @@ -83,7 +83,7 @@ | |||
| 83 | * should only keep the versions that are binary compatible with the current. | 83 | * should only keep the versions that are binary compatible with the current. |
| 84 | */ | 84 | */ |
| 85 | #define SHLIB_VERSION_HISTORY "" | 85 | #define SHLIB_VERSION_HISTORY "" |
| 86 | #define SHLIB_VERSION_NUMBER "0.9.7" | 86 | #define SHLIB_VERSION_NUMBER "0.9.8" |
| 87 | 87 | ||
| 88 | 88 | ||
| 89 | #endif /* HEADER_OPENSSLV_H */ | 89 | #endif /* HEADER_OPENSSLV_H */ |
diff --git a/src/lib/libssl/src/crypto/ossl_typ.h b/src/lib/libssl/src/crypto/ossl_typ.h index 285fd0b1d9..345fb1dc4d 100644 --- a/src/lib/libssl/src/crypto/ossl_typ.h +++ b/src/lib/libssl/src/crypto/ossl_typ.h | |||
| @@ -97,15 +97,43 @@ typedef int ASN1_NULL; | |||
| 97 | 97 | ||
| 98 | #ifdef OPENSSL_SYS_WIN32 | 98 | #ifdef OPENSSL_SYS_WIN32 |
| 99 | #undef X509_NAME | 99 | #undef X509_NAME |
| 100 | #undef X509_EXTENSIONS | ||
| 101 | #undef X509_CERT_PAIR | ||
| 100 | #undef PKCS7_ISSUER_AND_SERIAL | 102 | #undef PKCS7_ISSUER_AND_SERIAL |
| 101 | #endif | 103 | #endif |
| 102 | 104 | ||
| 105 | #ifdef BIGNUM | ||
| 106 | #undef BIGNUM | ||
| 107 | #endif | ||
| 108 | typedef struct bignum_st BIGNUM; | ||
| 109 | typedef struct bignum_ctx BN_CTX; | ||
| 110 | typedef struct bn_blinding_st BN_BLINDING; | ||
| 111 | typedef struct bn_mont_ctx_st BN_MONT_CTX; | ||
| 112 | typedef struct bn_recp_ctx_st BN_RECP_CTX; | ||
| 113 | typedef struct bn_gencb_st BN_GENCB; | ||
| 114 | |||
| 115 | typedef struct buf_mem_st BUF_MEM; | ||
| 116 | |||
| 103 | typedef struct evp_cipher_st EVP_CIPHER; | 117 | typedef struct evp_cipher_st EVP_CIPHER; |
| 104 | typedef struct evp_cipher_ctx_st EVP_CIPHER_CTX; | 118 | typedef struct evp_cipher_ctx_st EVP_CIPHER_CTX; |
| 105 | typedef struct env_md_st EVP_MD; | 119 | typedef struct env_md_st EVP_MD; |
| 106 | typedef struct env_md_ctx_st EVP_MD_CTX; | 120 | typedef struct env_md_ctx_st EVP_MD_CTX; |
| 107 | typedef struct evp_pkey_st EVP_PKEY; | 121 | typedef struct evp_pkey_st EVP_PKEY; |
| 108 | 122 | ||
| 123 | typedef struct dh_st DH; | ||
| 124 | typedef struct dh_method DH_METHOD; | ||
| 125 | |||
| 126 | typedef struct dsa_st DSA; | ||
| 127 | typedef struct dsa_method DSA_METHOD; | ||
| 128 | |||
| 129 | typedef struct rsa_st RSA; | ||
| 130 | typedef struct rsa_meth_st RSA_METHOD; | ||
| 131 | |||
| 132 | typedef struct rand_meth_st RAND_METHOD; | ||
| 133 | |||
| 134 | typedef struct ecdh_method ECDH_METHOD; | ||
| 135 | typedef struct ecdsa_method ECDSA_METHOD; | ||
| 136 | |||
| 109 | typedef struct x509_st X509; | 137 | typedef struct x509_st X509; |
| 110 | typedef struct X509_algor_st X509_ALGOR; | 138 | typedef struct X509_algor_st X509_ALGOR; |
| 111 | typedef struct X509_crl_st X509_CRL; | 139 | typedef struct X509_crl_st X509_CRL; |
| @@ -113,10 +141,39 @@ typedef struct X509_name_st X509_NAME; | |||
| 113 | typedef struct x509_store_st X509_STORE; | 141 | typedef struct x509_store_st X509_STORE; |
| 114 | typedef struct x509_store_ctx_st X509_STORE_CTX; | 142 | typedef struct x509_store_ctx_st X509_STORE_CTX; |
| 115 | 143 | ||
| 144 | typedef struct v3_ext_ctx X509V3_CTX; | ||
| 145 | typedef struct conf_st CONF; | ||
| 146 | |||
| 147 | typedef struct store_st STORE; | ||
| 148 | typedef struct store_method_st STORE_METHOD; | ||
| 149 | |||
| 150 | typedef struct ui_st UI; | ||
| 151 | typedef struct ui_method_st UI_METHOD; | ||
| 152 | |||
| 153 | typedef struct st_ERR_FNS ERR_FNS; | ||
| 154 | |||
| 116 | typedef struct engine_st ENGINE; | 155 | typedef struct engine_st ENGINE; |
| 117 | 156 | ||
| 157 | typedef struct X509_POLICY_NODE_st X509_POLICY_NODE; | ||
| 158 | typedef struct X509_POLICY_LEVEL_st X509_POLICY_LEVEL; | ||
| 159 | typedef struct X509_POLICY_TREE_st X509_POLICY_TREE; | ||
| 160 | typedef struct X509_POLICY_CACHE_st X509_POLICY_CACHE; | ||
| 161 | |||
| 118 | /* If placed in pkcs12.h, we end up with a circular depency with pkcs7.h */ | 162 | /* If placed in pkcs12.h, we end up with a circular depency with pkcs7.h */ |
| 119 | #define DECLARE_PKCS12_STACK_OF(type) /* Nothing */ | 163 | #define DECLARE_PKCS12_STACK_OF(type) /* Nothing */ |
| 120 | #define IMPLEMENT_PKCS12_STACK_OF(type) /* Nothing */ | 164 | #define IMPLEMENT_PKCS12_STACK_OF(type) /* Nothing */ |
| 121 | 165 | ||
| 166 | typedef struct crypto_ex_data_st CRYPTO_EX_DATA; | ||
| 167 | /* Callback types for crypto.h */ | ||
| 168 | typedef int CRYPTO_EX_new(void *parent, void *ptr, CRYPTO_EX_DATA *ad, | ||
| 169 | int idx, long argl, void *argp); | ||
| 170 | typedef void CRYPTO_EX_free(void *parent, void *ptr, CRYPTO_EX_DATA *ad, | ||
| 171 | int idx, long argl, void *argp); | ||
| 172 | typedef int CRYPTO_EX_dup(CRYPTO_EX_DATA *to, CRYPTO_EX_DATA *from, void *from_d, | ||
| 173 | int idx, long argl, void *argp); | ||
| 174 | |||
| 175 | typedef struct ocsp_req_ctx_st OCSP_REQ_CTX; | ||
| 176 | typedef struct ocsp_response_st OCSP_RESPONSE; | ||
| 177 | typedef struct ocsp_responder_id_st OCSP_RESPID; | ||
| 178 | |||
| 122 | #endif /* def HEADER_OPENSSL_TYPES_H */ | 179 | #endif /* def HEADER_OPENSSL_TYPES_H */ |
diff --git a/src/lib/libssl/src/crypto/pem/pem.h b/src/lib/libssl/src/crypto/pem/pem.h index d330cbf9a3..670afa670b 100644 --- a/src/lib/libssl/src/crypto/pem/pem.h +++ b/src/lib/libssl/src/crypto/pem/pem.h | |||
| @@ -59,6 +59,7 @@ | |||
| 59 | #ifndef HEADER_PEM_H | 59 | #ifndef HEADER_PEM_H |
| 60 | #define HEADER_PEM_H | 60 | #define HEADER_PEM_H |
| 61 | 61 | ||
| 62 | #include <openssl/e_os2.h> | ||
| 62 | #ifndef OPENSSL_NO_BIO | 63 | #ifndef OPENSSL_NO_BIO |
| 63 | #include <openssl/bio.h> | 64 | #include <openssl/bio.h> |
| 64 | #endif | 65 | #endif |
| @@ -68,7 +69,6 @@ | |||
| 68 | #include <openssl/evp.h> | 69 | #include <openssl/evp.h> |
| 69 | #include <openssl/x509.h> | 70 | #include <openssl/x509.h> |
| 70 | #include <openssl/pem2.h> | 71 | #include <openssl/pem2.h> |
| 71 | #include <openssl/e_os2.h> | ||
| 72 | 72 | ||
| 73 | #ifdef __cplusplus | 73 | #ifdef __cplusplus |
| 74 | extern "C" { | 74 | extern "C" { |
| @@ -91,6 +91,9 @@ extern "C" { | |||
| 91 | #define PEM_OBJ_DHPARAMS 17 | 91 | #define PEM_OBJ_DHPARAMS 17 |
| 92 | #define PEM_OBJ_DSAPARAMS 18 | 92 | #define PEM_OBJ_DSAPARAMS 18 |
| 93 | #define PEM_OBJ_PRIV_RSA_PUBLIC 19 | 93 | #define PEM_OBJ_PRIV_RSA_PUBLIC 19 |
| 94 | #define PEM_OBJ_PRIV_ECDSA 20 | ||
| 95 | #define PEM_OBJ_PUB_ECDSA 21 | ||
| 96 | #define PEM_OBJ_ECPARAMETERS 22 | ||
| 94 | 97 | ||
| 95 | #define PEM_ERROR 30 | 98 | #define PEM_ERROR 30 |
| 96 | #define PEM_DEK_DES_CBC 40 | 99 | #define PEM_DEK_DES_CBC 40 |
| @@ -110,6 +113,7 @@ extern "C" { | |||
| 110 | 113 | ||
| 111 | #define PEM_STRING_X509_OLD "X509 CERTIFICATE" | 114 | #define PEM_STRING_X509_OLD "X509 CERTIFICATE" |
| 112 | #define PEM_STRING_X509 "CERTIFICATE" | 115 | #define PEM_STRING_X509 "CERTIFICATE" |
| 116 | #define PEM_STRING_X509_PAIR "CERTIFICATE PAIR" | ||
| 113 | #define PEM_STRING_X509_TRUSTED "TRUSTED CERTIFICATE" | 117 | #define PEM_STRING_X509_TRUSTED "TRUSTED CERTIFICATE" |
| 114 | #define PEM_STRING_X509_REQ_OLD "NEW CERTIFICATE REQUEST" | 118 | #define PEM_STRING_X509_REQ_OLD "NEW CERTIFICATE REQUEST" |
| 115 | #define PEM_STRING_X509_REQ "CERTIFICATE REQUEST" | 119 | #define PEM_STRING_X509_REQ "CERTIFICATE REQUEST" |
| @@ -126,6 +130,10 @@ extern "C" { | |||
| 126 | #define PEM_STRING_DHPARAMS "DH PARAMETERS" | 130 | #define PEM_STRING_DHPARAMS "DH PARAMETERS" |
| 127 | #define PEM_STRING_SSL_SESSION "SSL SESSION PARAMETERS" | 131 | #define PEM_STRING_SSL_SESSION "SSL SESSION PARAMETERS" |
| 128 | #define PEM_STRING_DSAPARAMS "DSA PARAMETERS" | 132 | #define PEM_STRING_DSAPARAMS "DSA PARAMETERS" |
| 133 | #define PEM_STRING_ECDSA_PUBLIC "ECDSA PUBLIC KEY" | ||
| 134 | #define PEM_STRING_ECPARAMETERS "EC PARAMETERS" | ||
| 135 | #define PEM_STRING_ECPRIVATEKEY "EC PRIVATE KEY" | ||
| 136 | #define PEM_STRING_CMS "CMS" | ||
| 129 | 137 | ||
| 130 | /* Note that this structure is initialised by PEM_SealInit and cleaned up | 138 | /* Note that this structure is initialised by PEM_SealInit and cleaned up |
| 131 | by PEM_SealFinal (at least for now) */ | 139 | by PEM_SealFinal (at least for now) */ |
| @@ -213,24 +221,50 @@ typedef struct pem_ctx_st | |||
| 213 | #define IMPLEMENT_PEM_read_fp(name, type, str, asn1) \ | 221 | #define IMPLEMENT_PEM_read_fp(name, type, str, asn1) \ |
| 214 | type *PEM_read_##name(FILE *fp, type **x, pem_password_cb *cb, void *u)\ | 222 | type *PEM_read_##name(FILE *fp, type **x, pem_password_cb *cb, void *u)\ |
| 215 | { \ | 223 | { \ |
| 216 | return((type *)PEM_ASN1_read((char *(*)())d2i_##asn1, str,fp,(char **)x,\ | 224 | return (type*)PEM_ASN1_read(CHECKED_D2I_OF(type, d2i_##asn1), \ |
| 217 | cb,u)); \ | 225 | str, fp, \ |
| 218 | } \ | 226 | CHECKED_PPTR_OF(type, x), \ |
| 227 | cb, u); \ | ||
| 228 | } | ||
| 219 | 229 | ||
| 220 | #define IMPLEMENT_PEM_write_fp(name, type, str, asn1) \ | 230 | #define IMPLEMENT_PEM_write_fp(name, type, str, asn1) \ |
| 221 | int PEM_write_##name(FILE *fp, type *x) \ | 231 | int PEM_write_##name(FILE *fp, type *x) \ |
| 222 | { \ | 232 | { \ |
| 223 | return(PEM_ASN1_write((int (*)())i2d_##asn1,str,fp, (char *)x, \ | 233 | return PEM_ASN1_write(CHECKED_I2D_OF(type, i2d_##asn1), \ |
| 224 | NULL,NULL,0,NULL,NULL)); \ | 234 | str, fp, \ |
| 225 | } | 235 | CHECKED_PTR_OF(type, x), \ |
| 236 | NULL, NULL, 0, NULL, NULL); \ | ||
| 237 | } | ||
| 238 | |||
| 239 | #define IMPLEMENT_PEM_write_fp_const(name, type, str, asn1) \ | ||
| 240 | int PEM_write_##name(FILE *fp, const type *x) \ | ||
| 241 | { \ | ||
| 242 | return PEM_ASN1_write(CHECKED_I2D_OF(const type, i2d_##asn1), \ | ||
| 243 | str, fp, \ | ||
| 244 | CHECKED_PTR_OF(const type, x), \ | ||
| 245 | NULL, NULL, 0, NULL, NULL); \ | ||
| 246 | } | ||
| 226 | 247 | ||
| 227 | #define IMPLEMENT_PEM_write_cb_fp(name, type, str, asn1) \ | 248 | #define IMPLEMENT_PEM_write_cb_fp(name, type, str, asn1) \ |
| 228 | int PEM_write_##name(FILE *fp, type *x, const EVP_CIPHER *enc, \ | 249 | int PEM_write_##name(FILE *fp, type *x, const EVP_CIPHER *enc, \ |
| 229 | unsigned char *kstr, int klen, pem_password_cb *cb, \ | 250 | unsigned char *kstr, int klen, pem_password_cb *cb, \ |
| 230 | void *u) \ | 251 | void *u) \ |
| 231 | { \ | 252 | { \ |
| 232 | return(PEM_ASN1_write((int (*)())i2d_##asn1,str,fp, \ | 253 | return PEM_ASN1_write(CHECKED_I2D_OF(type, i2d_##asn1), \ |
| 233 | (char *)x,enc,kstr,klen,cb,u)); \ | 254 | str, fp, \ |
| 255 | CHECKED_PTR_OF(type, x), \ | ||
| 256 | enc, kstr, klen, cb, u); \ | ||
| 257 | } | ||
| 258 | |||
| 259 | #define IMPLEMENT_PEM_write_cb_fp_const(name, type, str, asn1) \ | ||
| 260 | int PEM_write_##name(FILE *fp, type *x, const EVP_CIPHER *enc, \ | ||
| 261 | unsigned char *kstr, int klen, pem_password_cb *cb, \ | ||
| 262 | void *u) \ | ||
| 263 | { \ | ||
| 264 | return PEM_ASN1_write(CHECKED_I2D_OF(const type, i2d_##asn1), \ | ||
| 265 | str, fp, \ | ||
| 266 | CHECKED_PTR_OF(const type, x), \ | ||
| 267 | enc, kstr, klen, cb, u); \ | ||
| 234 | } | 268 | } |
| 235 | 269 | ||
| 236 | #endif | 270 | #endif |
| @@ -238,33 +272,66 @@ int PEM_write_##name(FILE *fp, type *x, const EVP_CIPHER *enc, \ | |||
| 238 | #define IMPLEMENT_PEM_read_bio(name, type, str, asn1) \ | 272 | #define IMPLEMENT_PEM_read_bio(name, type, str, asn1) \ |
| 239 | type *PEM_read_bio_##name(BIO *bp, type **x, pem_password_cb *cb, void *u)\ | 273 | type *PEM_read_bio_##name(BIO *bp, type **x, pem_password_cb *cb, void *u)\ |
| 240 | { \ | 274 | { \ |
| 241 | return((type *)PEM_ASN1_read_bio((char *(*)())d2i_##asn1, str,bp,\ | 275 | return (type*)PEM_ASN1_read_bio(CHECKED_D2I_OF(type, d2i_##asn1), \ |
| 242 | (char **)x,cb,u)); \ | 276 | str, bp, \ |
| 277 | CHECKED_PPTR_OF(type, x), \ | ||
| 278 | cb, u); \ | ||
| 243 | } | 279 | } |
| 244 | 280 | ||
| 245 | #define IMPLEMENT_PEM_write_bio(name, type, str, asn1) \ | 281 | #define IMPLEMENT_PEM_write_bio(name, type, str, asn1) \ |
| 246 | int PEM_write_bio_##name(BIO *bp, type *x) \ | 282 | int PEM_write_bio_##name(BIO *bp, type *x) \ |
| 247 | { \ | 283 | { \ |
| 248 | return(PEM_ASN1_write_bio((int (*)())i2d_##asn1,str,bp, (char *)x, \ | 284 | return PEM_ASN1_write_bio(CHECKED_I2D_OF(type, i2d_##asn1), \ |
| 249 | NULL,NULL,0,NULL,NULL)); \ | 285 | str, bp, \ |
| 286 | CHECKED_PTR_OF(type, x), \ | ||
| 287 | NULL, NULL, 0, NULL, NULL); \ | ||
| 288 | } | ||
| 289 | |||
| 290 | #define IMPLEMENT_PEM_write_bio_const(name, type, str, asn1) \ | ||
| 291 | int PEM_write_bio_##name(BIO *bp, const type *x) \ | ||
| 292 | { \ | ||
| 293 | return PEM_ASN1_write_bio(CHECKED_I2D_OF(const type, i2d_##asn1), \ | ||
| 294 | str, bp, \ | ||
| 295 | CHECKED_PTR_OF(const type, x), \ | ||
| 296 | NULL, NULL, 0, NULL, NULL); \ | ||
| 250 | } | 297 | } |
| 251 | 298 | ||
| 252 | #define IMPLEMENT_PEM_write_cb_bio(name, type, str, asn1) \ | 299 | #define IMPLEMENT_PEM_write_cb_bio(name, type, str, asn1) \ |
| 253 | int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \ | 300 | int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \ |
| 254 | unsigned char *kstr, int klen, pem_password_cb *cb, void *u) \ | 301 | unsigned char *kstr, int klen, pem_password_cb *cb, void *u) \ |
| 255 | { \ | 302 | { \ |
| 256 | return(PEM_ASN1_write_bio((int (*)())i2d_##asn1,str,bp, \ | 303 | return PEM_ASN1_write_bio(CHECKED_I2D_OF(type, i2d_##asn1), \ |
| 257 | (char *)x,enc,kstr,klen,cb,u)); \ | 304 | str, bp, \ |
| 305 | CHECKED_PTR_OF(type, x), \ | ||
| 306 | enc, kstr, klen, cb, u); \ | ||
| 307 | } | ||
| 308 | |||
| 309 | #define IMPLEMENT_PEM_write_cb_bio_const(name, type, str, asn1) \ | ||
| 310 | int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \ | ||
| 311 | unsigned char *kstr, int klen, pem_password_cb *cb, void *u) \ | ||
| 312 | { \ | ||
| 313 | return PEM_ASN1_write_bio(CHECKED_I2D_OF(const type, i2d_##asn1), \ | ||
| 314 | str, bp, \ | ||
| 315 | CHECKED_PTR_OF(const type, x), \ | ||
| 316 | enc, kstr, klen, cb, u); \ | ||
| 258 | } | 317 | } |
| 259 | 318 | ||
| 260 | #define IMPLEMENT_PEM_write(name, type, str, asn1) \ | 319 | #define IMPLEMENT_PEM_write(name, type, str, asn1) \ |
| 261 | IMPLEMENT_PEM_write_bio(name, type, str, asn1) \ | 320 | IMPLEMENT_PEM_write_bio(name, type, str, asn1) \ |
| 262 | IMPLEMENT_PEM_write_fp(name, type, str, asn1) | 321 | IMPLEMENT_PEM_write_fp(name, type, str, asn1) |
| 263 | 322 | ||
| 323 | #define IMPLEMENT_PEM_write_const(name, type, str, asn1) \ | ||
| 324 | IMPLEMENT_PEM_write_bio_const(name, type, str, asn1) \ | ||
| 325 | IMPLEMENT_PEM_write_fp_const(name, type, str, asn1) | ||
| 326 | |||
| 264 | #define IMPLEMENT_PEM_write_cb(name, type, str, asn1) \ | 327 | #define IMPLEMENT_PEM_write_cb(name, type, str, asn1) \ |
| 265 | IMPLEMENT_PEM_write_cb_bio(name, type, str, asn1) \ | 328 | IMPLEMENT_PEM_write_cb_bio(name, type, str, asn1) \ |
| 266 | IMPLEMENT_PEM_write_cb_fp(name, type, str, asn1) | 329 | IMPLEMENT_PEM_write_cb_fp(name, type, str, asn1) |
| 267 | 330 | ||
| 331 | #define IMPLEMENT_PEM_write_cb_const(name, type, str, asn1) \ | ||
| 332 | IMPLEMENT_PEM_write_cb_bio_const(name, type, str, asn1) \ | ||
| 333 | IMPLEMENT_PEM_write_cb_fp_const(name, type, str, asn1) | ||
| 334 | |||
| 268 | #define IMPLEMENT_PEM_read(name, type, str, asn1) \ | 335 | #define IMPLEMENT_PEM_read(name, type, str, asn1) \ |
| 269 | IMPLEMENT_PEM_read_bio(name, type, str, asn1) \ | 336 | IMPLEMENT_PEM_read_bio(name, type, str, asn1) \ |
| 270 | IMPLEMENT_PEM_read_fp(name, type, str, asn1) | 337 | IMPLEMENT_PEM_read_fp(name, type, str, asn1) |
| @@ -273,6 +340,10 @@ int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \ | |||
| 273 | IMPLEMENT_PEM_read(name, type, str, asn1) \ | 340 | IMPLEMENT_PEM_read(name, type, str, asn1) \ |
| 274 | IMPLEMENT_PEM_write(name, type, str, asn1) | 341 | IMPLEMENT_PEM_write(name, type, str, asn1) |
| 275 | 342 | ||
| 343 | #define IMPLEMENT_PEM_rw_const(name, type, str, asn1) \ | ||
| 344 | IMPLEMENT_PEM_read(name, type, str, asn1) \ | ||
| 345 | IMPLEMENT_PEM_write_const(name, type, str, asn1) | ||
| 346 | |||
| 276 | #define IMPLEMENT_PEM_rw_cb(name, type, str, asn1) \ | 347 | #define IMPLEMENT_PEM_rw_cb(name, type, str, asn1) \ |
| 277 | IMPLEMENT_PEM_read(name, type, str, asn1) \ | 348 | IMPLEMENT_PEM_read(name, type, str, asn1) \ |
| 278 | IMPLEMENT_PEM_write_cb(name, type, str, asn1) | 349 | IMPLEMENT_PEM_write_cb(name, type, str, asn1) |
| @@ -293,6 +364,9 @@ int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \ | |||
| 293 | #define DECLARE_PEM_write_fp(name, type) \ | 364 | #define DECLARE_PEM_write_fp(name, type) \ |
| 294 | int PEM_write_##name(FILE *fp, type *x); | 365 | int PEM_write_##name(FILE *fp, type *x); |
| 295 | 366 | ||
| 367 | #define DECLARE_PEM_write_fp_const(name, type) \ | ||
| 368 | int PEM_write_##name(FILE *fp, const type *x); | ||
| 369 | |||
| 296 | #define DECLARE_PEM_write_cb_fp(name, type) \ | 370 | #define DECLARE_PEM_write_cb_fp(name, type) \ |
| 297 | int PEM_write_##name(FILE *fp, type *x, const EVP_CIPHER *enc, \ | 371 | int PEM_write_##name(FILE *fp, type *x, const EVP_CIPHER *enc, \ |
| 298 | unsigned char *kstr, int klen, pem_password_cb *cb, void *u); | 372 | unsigned char *kstr, int klen, pem_password_cb *cb, void *u); |
| @@ -306,6 +380,9 @@ int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \ | |||
| 306 | #define DECLARE_PEM_write_bio(name, type) \ | 380 | #define DECLARE_PEM_write_bio(name, type) \ |
| 307 | int PEM_write_bio_##name(BIO *bp, type *x); | 381 | int PEM_write_bio_##name(BIO *bp, type *x); |
| 308 | 382 | ||
| 383 | #define DECLARE_PEM_write_bio_const(name, type) \ | ||
| 384 | int PEM_write_bio_##name(BIO *bp, const type *x); | ||
| 385 | |||
| 309 | #define DECLARE_PEM_write_cb_bio(name, type) \ | 386 | #define DECLARE_PEM_write_cb_bio(name, type) \ |
| 310 | int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \ | 387 | int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \ |
| 311 | unsigned char *kstr, int klen, pem_password_cb *cb, void *u); | 388 | unsigned char *kstr, int klen, pem_password_cb *cb, void *u); |
| @@ -322,6 +399,10 @@ int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \ | |||
| 322 | DECLARE_PEM_write_bio(name, type) \ | 399 | DECLARE_PEM_write_bio(name, type) \ |
| 323 | DECLARE_PEM_write_fp(name, type) | 400 | DECLARE_PEM_write_fp(name, type) |
| 324 | 401 | ||
| 402 | #define DECLARE_PEM_write_const(name, type) \ | ||
| 403 | DECLARE_PEM_write_bio_const(name, type) \ | ||
| 404 | DECLARE_PEM_write_fp_const(name, type) | ||
| 405 | |||
| 325 | #define DECLARE_PEM_write_cb(name, type) \ | 406 | #define DECLARE_PEM_write_cb(name, type) \ |
| 326 | DECLARE_PEM_write_cb_bio(name, type) \ | 407 | DECLARE_PEM_write_cb_bio(name, type) \ |
| 327 | DECLARE_PEM_write_cb_fp(name, type) | 408 | DECLARE_PEM_write_cb_fp(name, type) |
| @@ -334,6 +415,10 @@ int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \ | |||
| 334 | DECLARE_PEM_read(name, type) \ | 415 | DECLARE_PEM_read(name, type) \ |
| 335 | DECLARE_PEM_write(name, type) | 416 | DECLARE_PEM_write(name, type) |
| 336 | 417 | ||
| 418 | #define DECLARE_PEM_rw_const(name, type) \ | ||
| 419 | DECLARE_PEM_read(name, type) \ | ||
| 420 | DECLARE_PEM_write_const(name, type) | ||
| 421 | |||
| 337 | #define DECLARE_PEM_rw_cb(name, type) \ | 422 | #define DECLARE_PEM_rw_cb(name, type) \ |
| 338 | DECLARE_PEM_read(name, type) \ | 423 | DECLARE_PEM_read(name, type) \ |
| 339 | DECLARE_PEM_write_cb(name, type) | 424 | DECLARE_PEM_write_cb(name, type) |
| @@ -403,9 +488,6 @@ int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \ | |||
| 403 | (char *(*)())d2i_NETSCAPE_CERT_SEQUENCE,PEM_STRING_X509,fp,\ | 488 | (char *(*)())d2i_NETSCAPE_CERT_SEQUENCE,PEM_STRING_X509,fp,\ |
| 404 | (char **)x,cb,u) | 489 | (char **)x,cb,u) |
| 405 | 490 | ||
| 406 | #define PEM_write_bio_SSL_SESSION(bp,x) \ | ||
| 407 | PEM_ASN1_write_bio((int (*)())i2d_SSL_SESSION, \ | ||
| 408 | PEM_STRING_SSL_SESSION,bp, (char *)x, NULL,NULL,0,NULL,NULL) | ||
| 409 | #define PEM_write_bio_X509(bp,x) \ | 491 | #define PEM_write_bio_X509(bp,x) \ |
| 410 | PEM_ASN1_write_bio((int (*)())i2d_X509,PEM_STRING_X509,bp, \ | 492 | PEM_ASN1_write_bio((int (*)())i2d_X509,PEM_STRING_X509,bp, \ |
| 411 | (char *)x, NULL,NULL,0,NULL,NULL) | 493 | (char *)x, NULL,NULL,0,NULL,NULL) |
| @@ -444,8 +526,6 @@ int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \ | |||
| 444 | PEM_STRING_X509,bp, \ | 526 | PEM_STRING_X509,bp, \ |
| 445 | (char *)x, NULL,NULL,0,NULL,NULL) | 527 | (char *)x, NULL,NULL,0,NULL,NULL) |
| 446 | 528 | ||
| 447 | #define PEM_read_bio_SSL_SESSION(bp,x,cb,u) (SSL_SESSION *)PEM_ASN1_read_bio( \ | ||
| 448 | (char *(*)())d2i_SSL_SESSION,PEM_STRING_SSL_SESSION,bp,(char **)x,cb,u) | ||
| 449 | #define PEM_read_bio_X509(bp,x,cb,u) (X509 *)PEM_ASN1_read_bio( \ | 529 | #define PEM_read_bio_X509(bp,x,cb,u) (X509 *)PEM_ASN1_read_bio( \ |
| 450 | (char *(*)())d2i_X509,PEM_STRING_X509,bp,(char **)x,cb,u) | 530 | (char *(*)())d2i_X509,PEM_STRING_X509,bp,(char **)x,cb,u) |
| 451 | #define PEM_read_bio_X509_REQ(bp,x,cb,u) (X509_REQ *)PEM_ASN1_read_bio( \ | 531 | #define PEM_read_bio_X509_REQ(bp,x,cb,u) (X509_REQ *)PEM_ASN1_read_bio( \ |
| @@ -494,11 +574,25 @@ int PEM_write_bio(BIO *bp,const char *name,char *hdr,unsigned char *data, | |||
| 494 | long len); | 574 | long len); |
| 495 | int PEM_bytes_read_bio(unsigned char **pdata, long *plen, char **pnm, const char *name, BIO *bp, | 575 | int PEM_bytes_read_bio(unsigned char **pdata, long *plen, char **pnm, const char *name, BIO *bp, |
| 496 | pem_password_cb *cb, void *u); | 576 | pem_password_cb *cb, void *u); |
| 497 | char * PEM_ASN1_read_bio(char *(*d2i)(),const char *name,BIO *bp,char **x, | 577 | void * PEM_ASN1_read_bio(d2i_of_void *d2i, const char *name, BIO *bp, |
| 498 | pem_password_cb *cb, void *u); | 578 | void **x, pem_password_cb *cb, void *u); |
| 499 | int PEM_ASN1_write_bio(int (*i2d)(),const char *name,BIO *bp,char *x, | 579 | |
| 580 | #define PEM_ASN1_read_bio_of(type,d2i,name,bp,x,cb,u) \ | ||
| 581 | ((type*)PEM_ASN1_read_bio(CHECKED_D2I_OF(type, d2i), \ | ||
| 582 | name, bp, \ | ||
| 583 | CHECKED_PPTR_OF(type, x), \ | ||
| 584 | cb, u)) | ||
| 585 | |||
| 586 | int PEM_ASN1_write_bio(i2d_of_void *i2d,const char *name,BIO *bp,char *x, | ||
| 500 | const EVP_CIPHER *enc,unsigned char *kstr,int klen, | 587 | const EVP_CIPHER *enc,unsigned char *kstr,int klen, |
| 501 | pem_password_cb *cb, void *u); | 588 | pem_password_cb *cb, void *u); |
| 589 | |||
| 590 | #define PEM_ASN1_write_bio_of(type,i2d,name,bp,x,enc,kstr,klen,cb,u) \ | ||
| 591 | (PEM_ASN1_write_bio(CHECKED_I2D_OF(type, i2d), \ | ||
| 592 | name, bp, \ | ||
| 593 | CHECKED_PTR_OF(type, x), \ | ||
| 594 | enc, kstr, klen, cb, u)) | ||
| 595 | |||
| 502 | STACK_OF(X509_INFO) * PEM_X509_INFO_read_bio(BIO *bp, STACK_OF(X509_INFO) *sk, pem_password_cb *cb, void *u); | 596 | STACK_OF(X509_INFO) * PEM_X509_INFO_read_bio(BIO *bp, STACK_OF(X509_INFO) *sk, pem_password_cb *cb, void *u); |
| 503 | int PEM_X509_INFO_write_bio(BIO *bp,X509_INFO *xi, EVP_CIPHER *enc, | 597 | int PEM_X509_INFO_write_bio(BIO *bp,X509_INFO *xi, EVP_CIPHER *enc, |
| 504 | unsigned char *kstr, int klen, pem_password_cb *cd, void *u); | 598 | unsigned char *kstr, int klen, pem_password_cb *cd, void *u); |
| @@ -508,11 +602,11 @@ int PEM_X509_INFO_write_bio(BIO *bp,X509_INFO *xi, EVP_CIPHER *enc, | |||
| 508 | int PEM_read(FILE *fp, char **name, char **header, | 602 | int PEM_read(FILE *fp, char **name, char **header, |
| 509 | unsigned char **data,long *len); | 603 | unsigned char **data,long *len); |
| 510 | int PEM_write(FILE *fp,char *name,char *hdr,unsigned char *data,long len); | 604 | int PEM_write(FILE *fp,char *name,char *hdr,unsigned char *data,long len); |
| 511 | char * PEM_ASN1_read(char *(*d2i)(),const char *name,FILE *fp,char **x, | 605 | void * PEM_ASN1_read(d2i_of_void *d2i, const char *name, FILE *fp, void **x, |
| 512 | pem_password_cb *cb, void *u); | 606 | pem_password_cb *cb, void *u); |
| 513 | int PEM_ASN1_write(int (*i2d)(),const char *name,FILE *fp,char *x, | 607 | int PEM_ASN1_write(i2d_of_void *i2d,const char *name,FILE *fp, |
| 514 | const EVP_CIPHER *enc,unsigned char *kstr,int klen, | 608 | char *x,const EVP_CIPHER *enc,unsigned char *kstr, |
| 515 | pem_password_cb *callback, void *u); | 609 | int klen,pem_password_cb *callback, void *u); |
| 516 | STACK_OF(X509_INFO) * PEM_X509_INFO_read(FILE *fp, STACK_OF(X509_INFO) *sk, | 610 | STACK_OF(X509_INFO) * PEM_X509_INFO_read(FILE *fp, STACK_OF(X509_INFO) *sk, |
| 517 | pem_password_cb *cb, void *u); | 611 | pem_password_cb *cb, void *u); |
| 518 | #endif | 612 | #endif |
| @@ -542,6 +636,8 @@ DECLARE_PEM_rw(X509, X509) | |||
| 542 | 636 | ||
| 543 | DECLARE_PEM_rw(X509_AUX, X509) | 637 | DECLARE_PEM_rw(X509_AUX, X509) |
| 544 | 638 | ||
| 639 | DECLARE_PEM_rw(X509_CERT_PAIR, X509_CERT_PAIR) | ||
| 640 | |||
| 545 | DECLARE_PEM_rw(X509_REQ, X509_REQ) | 641 | DECLARE_PEM_rw(X509_REQ, X509_REQ) |
| 546 | DECLARE_PEM_write(X509_REQ_NEW, X509_REQ) | 642 | DECLARE_PEM_write(X509_REQ_NEW, X509_REQ) |
| 547 | 643 | ||
| @@ -559,7 +655,7 @@ DECLARE_PEM_rw(PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO) | |||
| 559 | 655 | ||
| 560 | DECLARE_PEM_rw_cb(RSAPrivateKey, RSA) | 656 | DECLARE_PEM_rw_cb(RSAPrivateKey, RSA) |
| 561 | 657 | ||
| 562 | DECLARE_PEM_rw(RSAPublicKey, RSA) | 658 | DECLARE_PEM_rw_const(RSAPublicKey, RSA) |
| 563 | DECLARE_PEM_rw(RSA_PUBKEY, RSA) | 659 | DECLARE_PEM_rw(RSA_PUBKEY, RSA) |
| 564 | 660 | ||
| 565 | #endif | 661 | #endif |
| @@ -570,13 +666,19 @@ DECLARE_PEM_rw_cb(DSAPrivateKey, DSA) | |||
| 570 | 666 | ||
| 571 | DECLARE_PEM_rw(DSA_PUBKEY, DSA) | 667 | DECLARE_PEM_rw(DSA_PUBKEY, DSA) |
| 572 | 668 | ||
| 573 | DECLARE_PEM_rw(DSAparams, DSA) | 669 | DECLARE_PEM_rw_const(DSAparams, DSA) |
| 670 | |||
| 671 | #endif | ||
| 574 | 672 | ||
| 673 | #ifndef OPENSSL_NO_EC | ||
| 674 | DECLARE_PEM_rw_const(ECPKParameters, EC_GROUP) | ||
| 675 | DECLARE_PEM_rw_cb(ECPrivateKey, EC_KEY) | ||
| 676 | DECLARE_PEM_rw(EC_PUBKEY, EC_KEY) | ||
| 575 | #endif | 677 | #endif |
| 576 | 678 | ||
| 577 | #ifndef OPENSSL_NO_DH | 679 | #ifndef OPENSSL_NO_DH |
| 578 | 680 | ||
| 579 | DECLARE_PEM_rw(DHparams, DH) | 681 | DECLARE_PEM_rw_const(DHparams, DH) |
| 580 | 682 | ||
| 581 | #endif | 683 | #endif |
| 582 | 684 | ||
| @@ -626,24 +728,27 @@ void ERR_load_PEM_strings(void); | |||
| 626 | /* Function codes. */ | 728 | /* Function codes. */ |
| 627 | #define PEM_F_D2I_PKCS8PRIVATEKEY_BIO 120 | 729 | #define PEM_F_D2I_PKCS8PRIVATEKEY_BIO 120 |
| 628 | #define PEM_F_D2I_PKCS8PRIVATEKEY_FP 121 | 730 | #define PEM_F_D2I_PKCS8PRIVATEKEY_FP 121 |
| 629 | #define PEM_F_DEF_CALLBACK 100 | 731 | #define PEM_F_DO_PK8PKEY 126 |
| 732 | #define PEM_F_DO_PK8PKEY_FP 125 | ||
| 630 | #define PEM_F_LOAD_IV 101 | 733 | #define PEM_F_LOAD_IV 101 |
| 631 | #define PEM_F_PEM_ASN1_READ 102 | 734 | #define PEM_F_PEM_ASN1_READ 102 |
| 632 | #define PEM_F_PEM_ASN1_READ_BIO 103 | 735 | #define PEM_F_PEM_ASN1_READ_BIO 103 |
| 633 | #define PEM_F_PEM_ASN1_WRITE 104 | 736 | #define PEM_F_PEM_ASN1_WRITE 104 |
| 634 | #define PEM_F_PEM_ASN1_WRITE_BIO 105 | 737 | #define PEM_F_PEM_ASN1_WRITE_BIO 105 |
| 738 | #define PEM_F_PEM_DEF_CALLBACK 100 | ||
| 635 | #define PEM_F_PEM_DO_HEADER 106 | 739 | #define PEM_F_PEM_DO_HEADER 106 |
| 636 | #define PEM_F_PEM_F_DO_PK8KEY_FP 122 | ||
| 637 | #define PEM_F_PEM_F_PEM_WRITE_PKCS8PRIVATEKEY 118 | 740 | #define PEM_F_PEM_F_PEM_WRITE_PKCS8PRIVATEKEY 118 |
| 638 | #define PEM_F_PEM_GET_EVP_CIPHER_INFO 107 | 741 | #define PEM_F_PEM_GET_EVP_CIPHER_INFO 107 |
| 742 | #define PEM_F_PEM_PK8PKEY 119 | ||
| 639 | #define PEM_F_PEM_READ 108 | 743 | #define PEM_F_PEM_READ 108 |
| 640 | #define PEM_F_PEM_READ_BIO 109 | 744 | #define PEM_F_PEM_READ_BIO 109 |
| 745 | #define PEM_F_PEM_READ_BIO_PRIVATEKEY 123 | ||
| 746 | #define PEM_F_PEM_READ_PRIVATEKEY 124 | ||
| 641 | #define PEM_F_PEM_SEALFINAL 110 | 747 | #define PEM_F_PEM_SEALFINAL 110 |
| 642 | #define PEM_F_PEM_SEALINIT 111 | 748 | #define PEM_F_PEM_SEALINIT 111 |
| 643 | #define PEM_F_PEM_SIGNFINAL 112 | 749 | #define PEM_F_PEM_SIGNFINAL 112 |
| 644 | #define PEM_F_PEM_WRITE 113 | 750 | #define PEM_F_PEM_WRITE 113 |
| 645 | #define PEM_F_PEM_WRITE_BIO 114 | 751 | #define PEM_F_PEM_WRITE_BIO 114 |
| 646 | #define PEM_F_PEM_WRITE_BIO_PKCS8PRIVATEKEY 119 | ||
| 647 | #define PEM_F_PEM_X509_INFO_READ 115 | 752 | #define PEM_F_PEM_X509_INFO_READ 115 |
| 648 | #define PEM_F_PEM_X509_INFO_READ_BIO 116 | 753 | #define PEM_F_PEM_X509_INFO_READ_BIO 116 |
| 649 | #define PEM_F_PEM_X509_INFO_WRITE_BIO 117 | 754 | #define PEM_F_PEM_X509_INFO_WRITE_BIO 117 |
diff --git a/src/lib/libssl/src/crypto/pem/pem_all.c b/src/lib/libssl/src/crypto/pem/pem_all.c index 07963314c9..66cbc7eb82 100644 --- a/src/lib/libssl/src/crypto/pem/pem_all.c +++ b/src/lib/libssl/src/crypto/pem/pem_all.c | |||
| @@ -55,6 +55,59 @@ | |||
| 55 | * copied and put under another distribution licence | 55 | * copied and put under another distribution licence |
| 56 | * [including the GNU Public Licence.] | 56 | * [including the GNU Public Licence.] |
| 57 | */ | 57 | */ |
| 58 | /* ==================================================================== | ||
| 59 | * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. | ||
| 60 | * | ||
| 61 | * Redistribution and use in source and binary forms, with or without | ||
| 62 | * modification, are permitted provided that the following conditions | ||
| 63 | * are met: | ||
| 64 | * | ||
| 65 | * 1. Redistributions of source code must retain the above copyright | ||
| 66 | * notice, this list of conditions and the following disclaimer. | ||
| 67 | * | ||
| 68 | * 2. Redistributions in binary form must reproduce the above copyright | ||
| 69 | * notice, this list of conditions and the following disclaimer in | ||
| 70 | * the documentation and/or other materials provided with the | ||
| 71 | * distribution. | ||
| 72 | * | ||
| 73 | * 3. All advertising materials mentioning features or use of this | ||
| 74 | * software must display the following acknowledgment: | ||
| 75 | * "This product includes software developed by the OpenSSL Project | ||
| 76 | * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" | ||
| 77 | * | ||
| 78 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | ||
| 79 | * endorse or promote products derived from this software without | ||
| 80 | * prior written permission. For written permission, please contact | ||
| 81 | * openssl-core@openssl.org. | ||
| 82 | * | ||
| 83 | * 5. Products derived from this software may not be called "OpenSSL" | ||
| 84 | * nor may "OpenSSL" appear in their names without prior written | ||
| 85 | * permission of the OpenSSL Project. | ||
| 86 | * | ||
| 87 | * 6. Redistributions of any form whatsoever must retain the following | ||
| 88 | * acknowledgment: | ||
| 89 | * "This product includes software developed by the OpenSSL Project | ||
| 90 | * for use in the OpenSSL Toolkit (http://www.openssl.org/)" | ||
| 91 | * | ||
| 92 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | ||
| 93 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
| 94 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | ||
| 95 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | ||
| 96 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | ||
| 97 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
| 98 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | ||
| 99 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
| 100 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | ||
| 101 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | ||
| 102 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | ||
| 103 | * OF THE POSSIBILITY OF SUCH DAMAGE. | ||
| 104 | * ==================================================================== | ||
| 105 | * | ||
| 106 | * This product includes cryptographic software written by Eric Young | ||
| 107 | * (eay@cryptsoft.com). This product includes software written by Tim | ||
| 108 | * Hudson (tjh@cryptsoft.com). | ||
| 109 | * | ||
| 110 | */ | ||
| 58 | 111 | ||
| 59 | #include <stdio.h> | 112 | #include <stdio.h> |
| 60 | #undef SSLEAY_MACROS | 113 | #undef SSLEAY_MACROS |
| @@ -64,7 +117,15 @@ | |||
| 64 | #include <openssl/x509.h> | 117 | #include <openssl/x509.h> |
| 65 | #include <openssl/pkcs7.h> | 118 | #include <openssl/pkcs7.h> |
| 66 | #include <openssl/pem.h> | 119 | #include <openssl/pem.h> |
| 67 | #include <openssl/fips.h> | 120 | #ifndef OPENSSL_NO_RSA |
| 121 | #include <openssl/rsa.h> | ||
| 122 | #endif | ||
| 123 | #ifndef OPENSSL_NO_DSA | ||
| 124 | #include <openssl/dsa.h> | ||
| 125 | #endif | ||
| 126 | #ifndef OPENSSL_NO_DH | ||
| 127 | #include <openssl/dh.h> | ||
| 128 | #endif | ||
| 68 | 129 | ||
| 69 | #ifndef OPENSSL_NO_RSA | 130 | #ifndef OPENSSL_NO_RSA |
| 70 | static RSA *pkey_get_rsa(EVP_PKEY *key, RSA **rsa); | 131 | static RSA *pkey_get_rsa(EVP_PKEY *key, RSA **rsa); |
| @@ -73,6 +134,10 @@ static RSA *pkey_get_rsa(EVP_PKEY *key, RSA **rsa); | |||
| 73 | static DSA *pkey_get_dsa(EVP_PKEY *key, DSA **dsa); | 134 | static DSA *pkey_get_dsa(EVP_PKEY *key, DSA **dsa); |
| 74 | #endif | 135 | #endif |
| 75 | 136 | ||
| 137 | #ifndef OPENSSL_NO_EC | ||
| 138 | static EC_KEY *pkey_get_eckey(EVP_PKEY *key, EC_KEY **eckey); | ||
| 139 | #endif | ||
| 140 | |||
| 76 | IMPLEMENT_PEM_rw(X509_REQ, X509_REQ, PEM_STRING_X509_REQ, X509_REQ) | 141 | IMPLEMENT_PEM_rw(X509_REQ, X509_REQ, PEM_STRING_X509_REQ, X509_REQ) |
| 77 | 142 | ||
| 78 | IMPLEMENT_PEM_write(X509_REQ_NEW, X509_REQ, PEM_STRING_X509_REQ_OLD, X509_REQ) | 143 | IMPLEMENT_PEM_write(X509_REQ_NEW, X509_REQ, PEM_STRING_X509_REQ_OLD, X509_REQ) |
| @@ -129,50 +194,8 @@ RSA *PEM_read_RSAPrivateKey(FILE *fp, RSA **rsa, pem_password_cb *cb, | |||
| 129 | 194 | ||
| 130 | #endif | 195 | #endif |
| 131 | 196 | ||
| 132 | #ifdef OPENSSL_FIPS | 197 | IMPLEMENT_PEM_write_cb_const(RSAPrivateKey, RSA, PEM_STRING_RSA, RSAPrivateKey) |
| 133 | 198 | IMPLEMENT_PEM_rw_const(RSAPublicKey, RSA, PEM_STRING_RSA_PUBLIC, RSAPublicKey) | |
| 134 | int PEM_write_bio_RSAPrivateKey(BIO *bp, RSA *x, const EVP_CIPHER *enc, | ||
| 135 | unsigned char *kstr, int klen, | ||
| 136 | pem_password_cb *cb, void *u) | ||
| 137 | { | ||
| 138 | EVP_PKEY *k; | ||
| 139 | int ret; | ||
| 140 | k = EVP_PKEY_new(); | ||
| 141 | if (!k) | ||
| 142 | return 0; | ||
| 143 | EVP_PKEY_set1_RSA(k, x); | ||
| 144 | |||
| 145 | ret = PEM_write_bio_PrivateKey(bp, k, enc, kstr, klen, cb, u); | ||
| 146 | EVP_PKEY_free(k); | ||
| 147 | return ret; | ||
| 148 | } | ||
| 149 | |||
| 150 | #ifndef OPENSSL_NO_FP_API | ||
| 151 | int PEM_write_RSAPrivateKey(FILE *fp, RSA *x, const EVP_CIPHER *enc, | ||
| 152 | unsigned char *kstr, int klen, | ||
| 153 | pem_password_cb *cb, void *u) | ||
| 154 | { | ||
| 155 | EVP_PKEY *k; | ||
| 156 | int ret; | ||
| 157 | k = EVP_PKEY_new(); | ||
| 158 | if (!k) | ||
| 159 | return 0; | ||
| 160 | |||
| 161 | EVP_PKEY_set1_RSA(k, x); | ||
| 162 | |||
| 163 | ret = PEM_write_PrivateKey(fp, k, enc, kstr, klen, cb, u); | ||
| 164 | EVP_PKEY_free(k); | ||
| 165 | return ret; | ||
| 166 | } | ||
| 167 | #endif | ||
| 168 | |||
| 169 | #else | ||
| 170 | |||
| 171 | IMPLEMENT_PEM_write_cb(RSAPrivateKey, RSA, PEM_STRING_RSA, RSAPrivateKey) | ||
| 172 | |||
| 173 | #endif | ||
| 174 | |||
| 175 | IMPLEMENT_PEM_rw(RSAPublicKey, RSA, PEM_STRING_RSA_PUBLIC, RSAPublicKey) | ||
| 176 | IMPLEMENT_PEM_rw(RSA_PUBKEY, RSA, PEM_STRING_PUBLIC, RSA_PUBKEY) | 199 | IMPLEMENT_PEM_rw(RSA_PUBKEY, RSA, PEM_STRING_PUBLIC, RSA_PUBKEY) |
| 177 | 200 | ||
| 178 | #endif | 201 | #endif |
| @@ -201,69 +224,73 @@ DSA *PEM_read_bio_DSAPrivateKey(BIO *bp, DSA **dsa, pem_password_cb *cb, | |||
| 201 | return pkey_get_dsa(pktmp, dsa); | 224 | return pkey_get_dsa(pktmp, dsa); |
| 202 | } | 225 | } |
| 203 | 226 | ||
| 227 | IMPLEMENT_PEM_write_cb_const(DSAPrivateKey, DSA, PEM_STRING_DSA, DSAPrivateKey) | ||
| 228 | IMPLEMENT_PEM_rw(DSA_PUBKEY, DSA, PEM_STRING_PUBLIC, DSA_PUBKEY) | ||
| 204 | 229 | ||
| 205 | #ifdef OPENSSL_FIPS | 230 | #ifndef OPENSSL_NO_FP_API |
| 206 | 231 | ||
| 207 | int PEM_write_bio_DSAPrivateKey(BIO *bp, DSA *x, const EVP_CIPHER *enc, | 232 | DSA *PEM_read_DSAPrivateKey(FILE *fp, DSA **dsa, pem_password_cb *cb, |
| 208 | unsigned char *kstr, int klen, | 233 | void *u) |
| 209 | pem_password_cb *cb, void *u) | ||
| 210 | { | 234 | { |
| 211 | EVP_PKEY *k; | 235 | EVP_PKEY *pktmp; |
| 212 | int ret; | 236 | pktmp = PEM_read_PrivateKey(fp, NULL, cb, u); |
| 213 | k = EVP_PKEY_new(); | 237 | return pkey_get_dsa(pktmp, dsa); |
| 214 | if (!k) | ||
| 215 | return 0; | ||
| 216 | EVP_PKEY_set1_DSA(k, x); | ||
| 217 | |||
| 218 | ret = PEM_write_bio_PrivateKey(bp, k, enc, kstr, klen, cb, u); | ||
| 219 | EVP_PKEY_free(k); | ||
| 220 | return ret; | ||
| 221 | } | 238 | } |
| 222 | 239 | ||
| 223 | #ifndef OPENSSL_NO_FP_API | 240 | #endif |
| 224 | int PEM_write_DSAPrivateKey(FILE *fp, DSA *x, const EVP_CIPHER *enc, | 241 | |
| 225 | unsigned char *kstr, int klen, | 242 | IMPLEMENT_PEM_rw_const(DSAparams, DSA, PEM_STRING_DSAPARAMS, DSAparams) |
| 226 | pem_password_cb *cb, void *u) | 243 | |
| 244 | #endif | ||
| 245 | |||
| 246 | |||
| 247 | #ifndef OPENSSL_NO_EC | ||
| 248 | static EC_KEY *pkey_get_eckey(EVP_PKEY *key, EC_KEY **eckey) | ||
| 227 | { | 249 | { |
| 228 | EVP_PKEY *k; | 250 | EC_KEY *dtmp; |
| 229 | int ret; | 251 | if(!key) return NULL; |
| 230 | k = EVP_PKEY_new(); | 252 | dtmp = EVP_PKEY_get1_EC_KEY(key); |
| 231 | if (!k) | 253 | EVP_PKEY_free(key); |
| 232 | return 0; | 254 | if(!dtmp) return NULL; |
| 233 | EVP_PKEY_set1_DSA(k, x); | 255 | if(eckey) |
| 234 | ret = PEM_write_PrivateKey(fp, k, enc, kstr, klen, cb, u); | 256 | { |
| 235 | EVP_PKEY_free(k); | 257 | EC_KEY_free(*eckey); |
| 236 | return ret; | 258 | *eckey = dtmp; |
| 259 | } | ||
| 260 | return dtmp; | ||
| 237 | } | 261 | } |
| 238 | #endif | ||
| 239 | 262 | ||
| 240 | #else | 263 | EC_KEY *PEM_read_bio_ECPrivateKey(BIO *bp, EC_KEY **key, pem_password_cb *cb, |
| 264 | void *u) | ||
| 265 | { | ||
| 266 | EVP_PKEY *pktmp; | ||
| 267 | pktmp = PEM_read_bio_PrivateKey(bp, NULL, cb, u); | ||
| 268 | return pkey_get_eckey(pktmp, key); | ||
| 269 | } | ||
| 241 | 270 | ||
| 242 | IMPLEMENT_PEM_write_cb(DSAPrivateKey, DSA, PEM_STRING_DSA, DSAPrivateKey) | 271 | IMPLEMENT_PEM_rw_const(ECPKParameters, EC_GROUP, PEM_STRING_ECPARAMETERS, ECPKParameters) |
| 243 | 272 | ||
| 244 | #endif | 273 | IMPLEMENT_PEM_write_cb(ECPrivateKey, EC_KEY, PEM_STRING_ECPRIVATEKEY, ECPrivateKey) |
| 245 | 274 | ||
| 246 | IMPLEMENT_PEM_rw(DSA_PUBKEY, DSA, PEM_STRING_PUBLIC, DSA_PUBKEY) | 275 | IMPLEMENT_PEM_rw(EC_PUBKEY, EC_KEY, PEM_STRING_PUBLIC, EC_PUBKEY) |
| 247 | 276 | ||
| 248 | #ifndef OPENSSL_NO_FP_API | 277 | #ifndef OPENSSL_NO_FP_API |
| 249 | 278 | ||
| 250 | DSA *PEM_read_DSAPrivateKey(FILE *fp, DSA **dsa, pem_password_cb *cb, | 279 | EC_KEY *PEM_read_ECPrivateKey(FILE *fp, EC_KEY **eckey, pem_password_cb *cb, |
| 251 | void *u) | 280 | void *u) |
| 252 | { | 281 | { |
| 253 | EVP_PKEY *pktmp; | 282 | EVP_PKEY *pktmp; |
| 254 | pktmp = PEM_read_PrivateKey(fp, NULL, cb, u); | 283 | pktmp = PEM_read_PrivateKey(fp, NULL, cb, u); |
| 255 | return pkey_get_dsa(pktmp, dsa); | 284 | return pkey_get_eckey(pktmp, eckey); |
| 256 | } | 285 | } |
| 257 | 286 | ||
| 258 | #endif | 287 | #endif |
| 259 | 288 | ||
| 260 | IMPLEMENT_PEM_rw(DSAparams, DSA, PEM_STRING_DSAPARAMS, DSAparams) | ||
| 261 | |||
| 262 | #endif | 289 | #endif |
| 263 | 290 | ||
| 264 | #ifndef OPENSSL_NO_DH | 291 | #ifndef OPENSSL_NO_DH |
| 265 | 292 | ||
| 266 | IMPLEMENT_PEM_rw(DHparams, DH, PEM_STRING_DHPARAMS, DHparams) | 293 | IMPLEMENT_PEM_rw_const(DHparams, DH, PEM_STRING_DHPARAMS, DHparams) |
| 267 | 294 | ||
| 268 | #endif | 295 | #endif |
| 269 | 296 | ||
| @@ -274,42 +301,8 @@ IMPLEMENT_PEM_rw(DHparams, DH, PEM_STRING_DHPARAMS, DHparams) | |||
| 274 | * (When reading, parameter PEM_STRING_EVP_PKEY is a wildcard for anything | 301 | * (When reading, parameter PEM_STRING_EVP_PKEY is a wildcard for anything |
| 275 | * appropriate.) | 302 | * appropriate.) |
| 276 | */ | 303 | */ |
| 277 | 304 | IMPLEMENT_PEM_write_cb(PrivateKey, EVP_PKEY, ((x->type == EVP_PKEY_DSA)?PEM_STRING_DSA:\ | |
| 278 | #ifdef OPENSSL_FIPS | 305 | (x->type == EVP_PKEY_RSA)?PEM_STRING_RSA:PEM_STRING_ECPRIVATEKEY), PrivateKey) |
| 279 | |||
| 280 | int PEM_write_bio_PrivateKey(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc, | ||
| 281 | unsigned char *kstr, int klen, | ||
| 282 | pem_password_cb *cb, void *u) | ||
| 283 | { | ||
| 284 | if (FIPS_mode()) | ||
| 285 | return PEM_write_bio_PKCS8PrivateKey(bp, x, enc, | ||
| 286 | (char *)kstr, klen, cb, u); | ||
| 287 | else | ||
| 288 | return PEM_ASN1_write_bio((int (*)())i2d_PrivateKey, | ||
| 289 | (((x)->type == EVP_PKEY_DSA)?PEM_STRING_DSA:PEM_STRING_RSA), | ||
| 290 | bp,(char *)x,enc,kstr,klen,cb,u); | ||
| 291 | } | ||
| 292 | |||
| 293 | #ifndef OPENSSL_NO_FP_API | ||
| 294 | int PEM_write_PrivateKey(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc, | ||
| 295 | unsigned char *kstr, int klen, | ||
| 296 | pem_password_cb *cb, void *u) | ||
| 297 | { | ||
| 298 | if (FIPS_mode()) | ||
| 299 | return PEM_write_PKCS8PrivateKey(fp, x, enc, | ||
| 300 | (char *)kstr, klen, cb, u); | ||
| 301 | else | ||
| 302 | return PEM_ASN1_write((int (*)())i2d_PrivateKey, | ||
| 303 | (((x)->type == EVP_PKEY_DSA)?PEM_STRING_DSA:PEM_STRING_RSA), | ||
| 304 | fp,(char *)x,enc,kstr,klen,cb,u); | ||
| 305 | } | ||
| 306 | #endif | ||
| 307 | |||
| 308 | #else | ||
| 309 | |||
| 310 | IMPLEMENT_PEM_write_cb(PrivateKey, EVP_PKEY, ((x->type == EVP_PKEY_DSA)?PEM_STRING_DSA:PEM_STRING_RSA), PrivateKey) | ||
| 311 | |||
| 312 | #endif | ||
| 313 | 306 | ||
| 314 | IMPLEMENT_PEM_rw(PUBKEY, EVP_PKEY, PEM_STRING_PUBLIC, PUBKEY) | 307 | IMPLEMENT_PEM_rw(PUBKEY, EVP_PKEY, PEM_STRING_PUBLIC, PUBKEY) |
| 315 | 308 | ||
diff --git a/src/lib/libssl/src/crypto/pem/pem_err.c b/src/lib/libssl/src/crypto/pem/pem_err.c index 8527028ebc..3133563d77 100644 --- a/src/lib/libssl/src/crypto/pem/pem_err.c +++ b/src/lib/libssl/src/crypto/pem/pem_err.c | |||
| @@ -72,24 +72,27 @@ static ERR_STRING_DATA PEM_str_functs[]= | |||
| 72 | { | 72 | { |
| 73 | {ERR_FUNC(PEM_F_D2I_PKCS8PRIVATEKEY_BIO), "d2i_PKCS8PrivateKey_bio"}, | 73 | {ERR_FUNC(PEM_F_D2I_PKCS8PRIVATEKEY_BIO), "d2i_PKCS8PrivateKey_bio"}, |
| 74 | {ERR_FUNC(PEM_F_D2I_PKCS8PRIVATEKEY_FP), "d2i_PKCS8PrivateKey_fp"}, | 74 | {ERR_FUNC(PEM_F_D2I_PKCS8PRIVATEKEY_FP), "d2i_PKCS8PrivateKey_fp"}, |
| 75 | {ERR_FUNC(PEM_F_DEF_CALLBACK), "DEF_CALLBACK"}, | 75 | {ERR_FUNC(PEM_F_DO_PK8PKEY), "DO_PK8PKEY"}, |
| 76 | {ERR_FUNC(PEM_F_DO_PK8PKEY_FP), "DO_PK8PKEY_FP"}, | ||
| 76 | {ERR_FUNC(PEM_F_LOAD_IV), "LOAD_IV"}, | 77 | {ERR_FUNC(PEM_F_LOAD_IV), "LOAD_IV"}, |
| 77 | {ERR_FUNC(PEM_F_PEM_ASN1_READ), "PEM_ASN1_read"}, | 78 | {ERR_FUNC(PEM_F_PEM_ASN1_READ), "PEM_ASN1_read"}, |
| 78 | {ERR_FUNC(PEM_F_PEM_ASN1_READ_BIO), "PEM_ASN1_read_bio"}, | 79 | {ERR_FUNC(PEM_F_PEM_ASN1_READ_BIO), "PEM_ASN1_read_bio"}, |
| 79 | {ERR_FUNC(PEM_F_PEM_ASN1_WRITE), "PEM_ASN1_write"}, | 80 | {ERR_FUNC(PEM_F_PEM_ASN1_WRITE), "PEM_ASN1_write"}, |
| 80 | {ERR_FUNC(PEM_F_PEM_ASN1_WRITE_BIO), "PEM_ASN1_write_bio"}, | 81 | {ERR_FUNC(PEM_F_PEM_ASN1_WRITE_BIO), "PEM_ASN1_write_bio"}, |
| 82 | {ERR_FUNC(PEM_F_PEM_DEF_CALLBACK), "PEM_def_callback"}, | ||
| 81 | {ERR_FUNC(PEM_F_PEM_DO_HEADER), "PEM_do_header"}, | 83 | {ERR_FUNC(PEM_F_PEM_DO_HEADER), "PEM_do_header"}, |
| 82 | {ERR_FUNC(PEM_F_PEM_F_DO_PK8KEY_FP), "PEM_F_DO_PK8KEY_FP"}, | ||
| 83 | {ERR_FUNC(PEM_F_PEM_F_PEM_WRITE_PKCS8PRIVATEKEY), "PEM_F_PEM_WRITE_PKCS8PRIVATEKEY"}, | 84 | {ERR_FUNC(PEM_F_PEM_F_PEM_WRITE_PKCS8PRIVATEKEY), "PEM_F_PEM_WRITE_PKCS8PRIVATEKEY"}, |
| 84 | {ERR_FUNC(PEM_F_PEM_GET_EVP_CIPHER_INFO), "PEM_get_EVP_CIPHER_INFO"}, | 85 | {ERR_FUNC(PEM_F_PEM_GET_EVP_CIPHER_INFO), "PEM_get_EVP_CIPHER_INFO"}, |
| 86 | {ERR_FUNC(PEM_F_PEM_PK8PKEY), "PEM_PK8PKEY"}, | ||
| 85 | {ERR_FUNC(PEM_F_PEM_READ), "PEM_read"}, | 87 | {ERR_FUNC(PEM_F_PEM_READ), "PEM_read"}, |
| 86 | {ERR_FUNC(PEM_F_PEM_READ_BIO), "PEM_read_bio"}, | 88 | {ERR_FUNC(PEM_F_PEM_READ_BIO), "PEM_read_bio"}, |
| 89 | {ERR_FUNC(PEM_F_PEM_READ_BIO_PRIVATEKEY), "PEM_READ_BIO_PRIVATEKEY"}, | ||
| 90 | {ERR_FUNC(PEM_F_PEM_READ_PRIVATEKEY), "PEM_READ_PRIVATEKEY"}, | ||
| 87 | {ERR_FUNC(PEM_F_PEM_SEALFINAL), "PEM_SealFinal"}, | 91 | {ERR_FUNC(PEM_F_PEM_SEALFINAL), "PEM_SealFinal"}, |
| 88 | {ERR_FUNC(PEM_F_PEM_SEALINIT), "PEM_SealInit"}, | 92 | {ERR_FUNC(PEM_F_PEM_SEALINIT), "PEM_SealInit"}, |
| 89 | {ERR_FUNC(PEM_F_PEM_SIGNFINAL), "PEM_SignFinal"}, | 93 | {ERR_FUNC(PEM_F_PEM_SIGNFINAL), "PEM_SignFinal"}, |
| 90 | {ERR_FUNC(PEM_F_PEM_WRITE), "PEM_write"}, | 94 | {ERR_FUNC(PEM_F_PEM_WRITE), "PEM_write"}, |
| 91 | {ERR_FUNC(PEM_F_PEM_WRITE_BIO), "PEM_write_bio"}, | 95 | {ERR_FUNC(PEM_F_PEM_WRITE_BIO), "PEM_write_bio"}, |
| 92 | {ERR_FUNC(PEM_F_PEM_WRITE_BIO_PKCS8PRIVATEKEY), "PEM_write_bio_PKCS8PrivateKey"}, | ||
| 93 | {ERR_FUNC(PEM_F_PEM_X509_INFO_READ), "PEM_X509_INFO_read"}, | 96 | {ERR_FUNC(PEM_F_PEM_X509_INFO_READ), "PEM_X509_INFO_read"}, |
| 94 | {ERR_FUNC(PEM_F_PEM_X509_INFO_READ_BIO), "PEM_X509_INFO_read_bio"}, | 97 | {ERR_FUNC(PEM_F_PEM_X509_INFO_READ_BIO), "PEM_X509_INFO_read_bio"}, |
| 95 | {ERR_FUNC(PEM_F_PEM_X509_INFO_WRITE_BIO), "PEM_X509_INFO_write_bio"}, | 98 | {ERR_FUNC(PEM_F_PEM_X509_INFO_WRITE_BIO), "PEM_X509_INFO_write_bio"}, |
| @@ -121,15 +124,12 @@ static ERR_STRING_DATA PEM_str_reasons[]= | |||
| 121 | 124 | ||
| 122 | void ERR_load_PEM_strings(void) | 125 | void ERR_load_PEM_strings(void) |
| 123 | { | 126 | { |
| 124 | static int init=1; | 127 | #ifndef OPENSSL_NO_ERR |
| 125 | 128 | ||
| 126 | if (init) | 129 | if (ERR_func_error_string(PEM_str_functs[0].error) == NULL) |
| 127 | { | 130 | { |
| 128 | init=0; | ||
| 129 | #ifndef OPENSSL_NO_ERR | ||
| 130 | ERR_load_strings(0,PEM_str_functs); | 131 | ERR_load_strings(0,PEM_str_functs); |
| 131 | ERR_load_strings(0,PEM_str_reasons); | 132 | ERR_load_strings(0,PEM_str_reasons); |
| 132 | #endif | ||
| 133 | |||
| 134 | } | 133 | } |
| 134 | #endif | ||
| 135 | } | 135 | } |
diff --git a/src/lib/libssl/src/crypto/pem/pem_info.c b/src/lib/libssl/src/crypto/pem/pem_info.c index 9e4af29c95..3a273f6f70 100644 --- a/src/lib/libssl/src/crypto/pem/pem_info.c +++ b/src/lib/libssl/src/crypto/pem/pem_info.c | |||
| @@ -63,6 +63,12 @@ | |||
| 63 | #include <openssl/evp.h> | 63 | #include <openssl/evp.h> |
| 64 | #include <openssl/x509.h> | 64 | #include <openssl/x509.h> |
| 65 | #include <openssl/pem.h> | 65 | #include <openssl/pem.h> |
| 66 | #ifndef OPENSSL_NO_RSA | ||
| 67 | #include <openssl/rsa.h> | ||
| 68 | #endif | ||
| 69 | #ifndef OPENSSL_NO_DSA | ||
| 70 | #include <openssl/dsa.h> | ||
| 71 | #endif | ||
| 66 | 72 | ||
| 67 | #ifndef OPENSSL_NO_FP_API | 73 | #ifndef OPENSSL_NO_FP_API |
| 68 | STACK_OF(X509_INFO) *PEM_X509_INFO_read(FILE *fp, STACK_OF(X509_INFO) *sk, pem_password_cb *cb, void *u) | 74 | STACK_OF(X509_INFO) *PEM_X509_INFO_read(FILE *fp, STACK_OF(X509_INFO) *sk, pem_password_cb *cb, void *u) |
| @@ -85,13 +91,15 @@ STACK_OF(X509_INFO) *PEM_X509_INFO_read(FILE *fp, STACK_OF(X509_INFO) *sk, pem_p | |||
| 85 | STACK_OF(X509_INFO) *PEM_X509_INFO_read_bio(BIO *bp, STACK_OF(X509_INFO) *sk, pem_password_cb *cb, void *u) | 91 | STACK_OF(X509_INFO) *PEM_X509_INFO_read_bio(BIO *bp, STACK_OF(X509_INFO) *sk, pem_password_cb *cb, void *u) |
| 86 | { | 92 | { |
| 87 | X509_INFO *xi=NULL; | 93 | X509_INFO *xi=NULL; |
| 88 | char *name=NULL,*header=NULL,**pp; | 94 | char *name=NULL,*header=NULL; |
| 89 | unsigned char *data=NULL,*p; | 95 | void *pp; |
| 96 | unsigned char *data=NULL; | ||
| 97 | const unsigned char *p; | ||
| 90 | long len,error=0; | 98 | long len,error=0; |
| 91 | int ok=0; | 99 | int ok=0; |
| 92 | STACK_OF(X509_INFO) *ret=NULL; | 100 | STACK_OF(X509_INFO) *ret=NULL; |
| 93 | unsigned int i,raw; | 101 | unsigned int i,raw; |
| 94 | char *(*d2i)(); | 102 | d2i_of_void *d2i; |
| 95 | 103 | ||
| 96 | if (sk == NULL) | 104 | if (sk == NULL) |
| 97 | { | 105 | { |
| @@ -123,42 +131,42 @@ start: | |||
| 123 | if ( (strcmp(name,PEM_STRING_X509) == 0) || | 131 | if ( (strcmp(name,PEM_STRING_X509) == 0) || |
| 124 | (strcmp(name,PEM_STRING_X509_OLD) == 0)) | 132 | (strcmp(name,PEM_STRING_X509_OLD) == 0)) |
| 125 | { | 133 | { |
| 126 | d2i=(char *(*)())d2i_X509; | 134 | d2i=(D2I_OF(void))d2i_X509; |
| 127 | if (xi->x509 != NULL) | 135 | if (xi->x509 != NULL) |
| 128 | { | 136 | { |
| 129 | if (!sk_X509_INFO_push(ret,xi)) goto err; | 137 | if (!sk_X509_INFO_push(ret,xi)) goto err; |
| 130 | if ((xi=X509_INFO_new()) == NULL) goto err; | 138 | if ((xi=X509_INFO_new()) == NULL) goto err; |
| 131 | goto start; | 139 | goto start; |
| 132 | } | 140 | } |
| 133 | pp=(char **)&(xi->x509); | 141 | pp=&(xi->x509); |
| 134 | } | 142 | } |
| 135 | else if ((strcmp(name,PEM_STRING_X509_TRUSTED) == 0)) | 143 | else if ((strcmp(name,PEM_STRING_X509_TRUSTED) == 0)) |
| 136 | { | 144 | { |
| 137 | d2i=(char *(*)())d2i_X509_AUX; | 145 | d2i=(D2I_OF(void))d2i_X509_AUX; |
| 138 | if (xi->x509 != NULL) | 146 | if (xi->x509 != NULL) |
| 139 | { | 147 | { |
| 140 | if (!sk_X509_INFO_push(ret,xi)) goto err; | 148 | if (!sk_X509_INFO_push(ret,xi)) goto err; |
| 141 | if ((xi=X509_INFO_new()) == NULL) goto err; | 149 | if ((xi=X509_INFO_new()) == NULL) goto err; |
| 142 | goto start; | 150 | goto start; |
| 143 | } | 151 | } |
| 144 | pp=(char **)&(xi->x509); | 152 | pp=&(xi->x509); |
| 145 | } | 153 | } |
| 146 | else if (strcmp(name,PEM_STRING_X509_CRL) == 0) | 154 | else if (strcmp(name,PEM_STRING_X509_CRL) == 0) |
| 147 | { | 155 | { |
| 148 | d2i=(char *(*)())d2i_X509_CRL; | 156 | d2i=(D2I_OF(void))d2i_X509_CRL; |
| 149 | if (xi->crl != NULL) | 157 | if (xi->crl != NULL) |
| 150 | { | 158 | { |
| 151 | if (!sk_X509_INFO_push(ret,xi)) goto err; | 159 | if (!sk_X509_INFO_push(ret,xi)) goto err; |
| 152 | if ((xi=X509_INFO_new()) == NULL) goto err; | 160 | if ((xi=X509_INFO_new()) == NULL) goto err; |
| 153 | goto start; | 161 | goto start; |
| 154 | } | 162 | } |
| 155 | pp=(char **)&(xi->crl); | 163 | pp=&(xi->crl); |
| 156 | } | 164 | } |
| 157 | else | 165 | else |
| 158 | #ifndef OPENSSL_NO_RSA | 166 | #ifndef OPENSSL_NO_RSA |
| 159 | if (strcmp(name,PEM_STRING_RSA) == 0) | 167 | if (strcmp(name,PEM_STRING_RSA) == 0) |
| 160 | { | 168 | { |
| 161 | d2i=(char *(*)())d2i_RSAPrivateKey; | 169 | d2i=(D2I_OF(void))d2i_RSAPrivateKey; |
| 162 | if (xi->x_pkey != NULL) | 170 | if (xi->x_pkey != NULL) |
| 163 | { | 171 | { |
| 164 | if (!sk_X509_INFO_push(ret,xi)) goto err; | 172 | if (!sk_X509_INFO_push(ret,xi)) goto err; |
| @@ -173,7 +181,7 @@ start: | |||
| 173 | if ((xi->x_pkey->dec_pkey=EVP_PKEY_new()) == NULL) | 181 | if ((xi->x_pkey->dec_pkey=EVP_PKEY_new()) == NULL) |
| 174 | goto err; | 182 | goto err; |
| 175 | xi->x_pkey->dec_pkey->type=EVP_PKEY_RSA; | 183 | xi->x_pkey->dec_pkey->type=EVP_PKEY_RSA; |
| 176 | pp=(char **)&(xi->x_pkey->dec_pkey->pkey.rsa); | 184 | pp=&(xi->x_pkey->dec_pkey->pkey.rsa); |
| 177 | if ((int)strlen(header) > 10) /* assume encrypted */ | 185 | if ((int)strlen(header) > 10) /* assume encrypted */ |
| 178 | raw=1; | 186 | raw=1; |
| 179 | } | 187 | } |
| @@ -182,7 +190,7 @@ start: | |||
| 182 | #ifndef OPENSSL_NO_DSA | 190 | #ifndef OPENSSL_NO_DSA |
| 183 | if (strcmp(name,PEM_STRING_DSA) == 0) | 191 | if (strcmp(name,PEM_STRING_DSA) == 0) |
| 184 | { | 192 | { |
| 185 | d2i=(char *(*)())d2i_DSAPrivateKey; | 193 | d2i=(D2I_OF(void))d2i_DSAPrivateKey; |
| 186 | if (xi->x_pkey != NULL) | 194 | if (xi->x_pkey != NULL) |
| 187 | { | 195 | { |
| 188 | if (!sk_X509_INFO_push(ret,xi)) goto err; | 196 | if (!sk_X509_INFO_push(ret,xi)) goto err; |
| @@ -197,12 +205,36 @@ start: | |||
| 197 | if ((xi->x_pkey->dec_pkey=EVP_PKEY_new()) == NULL) | 205 | if ((xi->x_pkey->dec_pkey=EVP_PKEY_new()) == NULL) |
| 198 | goto err; | 206 | goto err; |
| 199 | xi->x_pkey->dec_pkey->type=EVP_PKEY_DSA; | 207 | xi->x_pkey->dec_pkey->type=EVP_PKEY_DSA; |
| 200 | pp=(char **)&(xi->x_pkey->dec_pkey->pkey.dsa); | 208 | pp=&xi->x_pkey->dec_pkey->pkey.dsa; |
| 201 | if ((int)strlen(header) > 10) /* assume encrypted */ | 209 | if ((int)strlen(header) > 10) /* assume encrypted */ |
| 202 | raw=1; | 210 | raw=1; |
| 203 | } | 211 | } |
| 204 | else | 212 | else |
| 205 | #endif | 213 | #endif |
| 214 | #ifndef OPENSSL_NO_EC | ||
| 215 | if (strcmp(name,PEM_STRING_ECPRIVATEKEY) == 0) | ||
| 216 | { | ||
| 217 | d2i=(D2I_OF(void))d2i_ECPrivateKey; | ||
| 218 | if (xi->x_pkey != NULL) | ||
| 219 | { | ||
| 220 | if (!sk_X509_INFO_push(ret,xi)) goto err; | ||
| 221 | if ((xi=X509_INFO_new()) == NULL) goto err; | ||
| 222 | goto start; | ||
| 223 | } | ||
| 224 | |||
| 225 | xi->enc_data=NULL; | ||
| 226 | xi->enc_len=0; | ||
| 227 | |||
| 228 | xi->x_pkey=X509_PKEY_new(); | ||
| 229 | if ((xi->x_pkey->dec_pkey=EVP_PKEY_new()) == NULL) | ||
| 230 | goto err; | ||
| 231 | xi->x_pkey->dec_pkey->type=EVP_PKEY_EC; | ||
| 232 | pp=&(xi->x_pkey->dec_pkey->pkey.ec); | ||
| 233 | if ((int)strlen(header) > 10) /* assume encrypted */ | ||
| 234 | raw=1; | ||
| 235 | } | ||
| 236 | else | ||
| 237 | #endif | ||
| 206 | { | 238 | { |
| 207 | d2i=NULL; | 239 | d2i=NULL; |
| 208 | pp=NULL; | 240 | pp=NULL; |
diff --git a/src/lib/libssl/src/crypto/pem/pem_lib.c b/src/lib/libssl/src/crypto/pem/pem_lib.c index 82815067b3..9bae4c8850 100644 --- a/src/lib/libssl/src/crypto/pem/pem_lib.c +++ b/src/lib/libssl/src/crypto/pem/pem_lib.c | |||
| @@ -69,7 +69,7 @@ | |||
| 69 | #include <openssl/des.h> | 69 | #include <openssl/des.h> |
| 70 | #endif | 70 | #endif |
| 71 | 71 | ||
| 72 | const char *PEM_version="PEM" OPENSSL_VERSION_PTEXT; | 72 | const char PEM_version[]="PEM" OPENSSL_VERSION_PTEXT; |
| 73 | 73 | ||
| 74 | #define MIN_LENGTH 4 | 74 | #define MIN_LENGTH 4 |
| 75 | 75 | ||
| @@ -81,7 +81,7 @@ int PEM_def_callback(char *buf, int num, int w, void *key) | |||
| 81 | #ifdef OPENSSL_NO_FP_API | 81 | #ifdef OPENSSL_NO_FP_API |
| 82 | /* We should not ever call the default callback routine from | 82 | /* We should not ever call the default callback routine from |
| 83 | * windows. */ | 83 | * windows. */ |
| 84 | PEMerr(PEM_F_DEF_CALLBACK,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); | 84 | PEMerr(PEM_F_PEM_DEF_CALLBACK,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); |
| 85 | return(-1); | 85 | return(-1); |
| 86 | #else | 86 | #else |
| 87 | int i,j; | 87 | int i,j; |
| @@ -102,7 +102,7 @@ int PEM_def_callback(char *buf, int num, int w, void *key) | |||
| 102 | i=EVP_read_pw_string(buf,num,prompt,w); | 102 | i=EVP_read_pw_string(buf,num,prompt,w); |
| 103 | if (i != 0) | 103 | if (i != 0) |
| 104 | { | 104 | { |
| 105 | PEMerr(PEM_F_DEF_CALLBACK,PEM_R_PROBLEMS_GETTING_PASSWORD); | 105 | PEMerr(PEM_F_PEM_DEF_CALLBACK,PEM_R_PROBLEMS_GETTING_PASSWORD); |
| 106 | memset(buf,0,(unsigned int)num); | 106 | memset(buf,0,(unsigned int)num); |
| 107 | return(-1); | 107 | return(-1); |
| 108 | } | 108 | } |
| @@ -158,11 +158,11 @@ void PEM_dek_info(char *buf, const char *type, int len, char *str) | |||
| 158 | } | 158 | } |
| 159 | 159 | ||
| 160 | #ifndef OPENSSL_NO_FP_API | 160 | #ifndef OPENSSL_NO_FP_API |
| 161 | char *PEM_ASN1_read(char *(*d2i)(), const char *name, FILE *fp, char **x, | 161 | void *PEM_ASN1_read(d2i_of_void *d2i, const char *name, FILE *fp, void **x, |
| 162 | pem_password_cb *cb, void *u) | 162 | pem_password_cb *cb, void *u) |
| 163 | { | 163 | { |
| 164 | BIO *b; | 164 | BIO *b; |
| 165 | char *ret; | 165 | void *ret; |
| 166 | 166 | ||
| 167 | if ((b=BIO_new(BIO_s_file())) == NULL) | 167 | if ((b=BIO_new(BIO_s_file())) == NULL) |
| 168 | { | 168 | { |
| @@ -195,6 +195,8 @@ static int check_pem(const char *nm, const char *name) | |||
| 195 | if(!strcmp(nm,PEM_STRING_DSA) && | 195 | if(!strcmp(nm,PEM_STRING_DSA) && |
| 196 | !strcmp(name,PEM_STRING_EVP_PKEY)) return 1; | 196 | !strcmp(name,PEM_STRING_EVP_PKEY)) return 1; |
| 197 | 197 | ||
| 198 | if(!strcmp(nm,PEM_STRING_ECPRIVATEKEY) && | ||
| 199 | !strcmp(name,PEM_STRING_EVP_PKEY)) return 1; | ||
| 198 | /* Permit older strings */ | 200 | /* Permit older strings */ |
| 199 | 201 | ||
| 200 | if(!strcmp(nm,PEM_STRING_X509_OLD) && | 202 | if(!strcmp(nm,PEM_STRING_X509_OLD) && |
| @@ -258,9 +260,9 @@ err: | |||
| 258 | } | 260 | } |
| 259 | 261 | ||
| 260 | #ifndef OPENSSL_NO_FP_API | 262 | #ifndef OPENSSL_NO_FP_API |
| 261 | int PEM_ASN1_write(int (*i2d)(), const char *name, FILE *fp, char *x, | 263 | int PEM_ASN1_write(i2d_of_void *i2d, const char *name, FILE *fp, |
| 262 | const EVP_CIPHER *enc, unsigned char *kstr, int klen, | 264 | char *x, const EVP_CIPHER *enc, unsigned char *kstr, |
| 263 | pem_password_cb *callback, void *u) | 265 | int klen, pem_password_cb *callback, void *u) |
| 264 | { | 266 | { |
| 265 | BIO *b; | 267 | BIO *b; |
| 266 | int ret; | 268 | int ret; |
| @@ -277,9 +279,9 @@ int PEM_ASN1_write(int (*i2d)(), const char *name, FILE *fp, char *x, | |||
| 277 | } | 279 | } |
| 278 | #endif | 280 | #endif |
| 279 | 281 | ||
| 280 | int PEM_ASN1_write_bio(int (*i2d)(), const char *name, BIO *bp, char *x, | 282 | int PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp, |
| 281 | const EVP_CIPHER *enc, unsigned char *kstr, int klen, | 283 | char *x, const EVP_CIPHER *enc, unsigned char *kstr, |
| 282 | pem_password_cb *callback, void *u) | 284 | int klen, pem_password_cb *callback, void *u) |
| 283 | { | 285 | { |
| 284 | EVP_CIPHER_CTX ctx; | 286 | EVP_CIPHER_CTX ctx; |
| 285 | int dsize=0,i,j,ret=0; | 287 | int dsize=0,i,j,ret=0; |
| @@ -336,7 +338,7 @@ int PEM_ASN1_write_bio(int (*i2d)(), const char *name, BIO *bp, char *x, | |||
| 336 | kstr=(unsigned char *)buf; | 338 | kstr=(unsigned char *)buf; |
| 337 | } | 339 | } |
| 338 | RAND_add(data,i,0);/* put in the RSA key. */ | 340 | RAND_add(data,i,0);/* put in the RSA key. */ |
| 339 | OPENSSL_assert(enc->iv_len <= sizeof iv); | 341 | OPENSSL_assert(enc->iv_len <= (int)sizeof(iv)); |
| 340 | if (RAND_pseudo_bytes(iv,enc->iv_len) < 0) /* Generate a salt */ | 342 | if (RAND_pseudo_bytes(iv,enc->iv_len) < 0) /* Generate a salt */ |
| 341 | goto err; | 343 | goto err; |
| 342 | /* The 'iv' is used as the iv and as a salt. It is | 344 | /* The 'iv' is used as the iv and as a salt. It is |
| @@ -577,6 +579,7 @@ int PEM_write_bio(BIO *bp, const char *name, char *header, unsigned char *data, | |||
| 577 | } | 579 | } |
| 578 | EVP_EncodeFinal(&ctx,buf,&outl); | 580 | EVP_EncodeFinal(&ctx,buf,&outl); |
| 579 | if ((outl > 0) && (BIO_write(bp,(char *)buf,outl) != outl)) goto err; | 581 | if ((outl > 0) && (BIO_write(bp,(char *)buf,outl) != outl)) goto err; |
| 582 | OPENSSL_cleanse(buf, PEM_BUFSIZE*8); | ||
| 580 | OPENSSL_free(buf); | 583 | OPENSSL_free(buf); |
| 581 | buf = NULL; | 584 | buf = NULL; |
| 582 | if ( (BIO_write(bp,"-----END ",9) != 9) || | 585 | if ( (BIO_write(bp,"-----END ",9) != 9) || |
| @@ -585,8 +588,10 @@ int PEM_write_bio(BIO *bp, const char *name, char *header, unsigned char *data, | |||
| 585 | goto err; | 588 | goto err; |
| 586 | return(i+outl); | 589 | return(i+outl); |
| 587 | err: | 590 | err: |
| 588 | if (buf) | 591 | if (buf) { |
| 592 | OPENSSL_cleanse(buf, PEM_BUFSIZE*8); | ||
| 589 | OPENSSL_free(buf); | 593 | OPENSSL_free(buf); |
| 594 | } | ||
| 590 | PEMerr(PEM_F_PEM_WRITE_BIO,reason); | 595 | PEMerr(PEM_F_PEM_WRITE_BIO,reason); |
| 591 | return(0); | 596 | return(0); |
| 592 | } | 597 | } |
diff --git a/src/lib/libssl/src/crypto/pem/pem_oth.c b/src/lib/libssl/src/crypto/pem/pem_oth.c index 8d9064ea7c..b33868d25a 100644 --- a/src/lib/libssl/src/crypto/pem/pem_oth.c +++ b/src/lib/libssl/src/crypto/pem/pem_oth.c | |||
| @@ -67,10 +67,11 @@ | |||
| 67 | 67 | ||
| 68 | /* Handle 'other' PEMs: not private keys */ | 68 | /* Handle 'other' PEMs: not private keys */ |
| 69 | 69 | ||
| 70 | char *PEM_ASN1_read_bio(char *(*d2i)(), const char *name, BIO *bp, char **x, | 70 | void *PEM_ASN1_read_bio(d2i_of_void *d2i, const char *name, BIO *bp, void **x, |
| 71 | pem_password_cb *cb, void *u) | 71 | pem_password_cb *cb, void *u) |
| 72 | { | 72 | { |
| 73 | unsigned char *p=NULL,*data=NULL; | 73 | const unsigned char *p=NULL; |
| 74 | unsigned char *data=NULL; | ||
| 74 | long len; | 75 | long len; |
| 75 | char *ret=NULL; | 76 | char *ret=NULL; |
| 76 | 77 | ||
diff --git a/src/lib/libssl/src/crypto/pem/pem_pk8.c b/src/lib/libssl/src/crypto/pem/pem_pk8.c index db38a2a79d..6deab8c338 100644 --- a/src/lib/libssl/src/crypto/pem/pem_pk8.c +++ b/src/lib/libssl/src/crypto/pem/pem_pk8.c | |||
| @@ -118,7 +118,7 @@ static int do_pk8pkey(BIO *bp, EVP_PKEY *x, int isder, int nid, const EVP_CIPHER | |||
| 118 | char buf[PEM_BUFSIZE]; | 118 | char buf[PEM_BUFSIZE]; |
| 119 | int ret; | 119 | int ret; |
| 120 | if(!(p8inf = EVP_PKEY2PKCS8(x))) { | 120 | if(!(p8inf = EVP_PKEY2PKCS8(x))) { |
| 121 | PEMerr(PEM_F_PEM_WRITE_BIO_PKCS8PRIVATEKEY, | 121 | PEMerr(PEM_F_DO_PK8PKEY, |
| 122 | PEM_R_ERROR_CONVERTING_PRIVATE_KEY); | 122 | PEM_R_ERROR_CONVERTING_PRIVATE_KEY); |
| 123 | return 0; | 123 | return 0; |
| 124 | } | 124 | } |
| @@ -127,8 +127,7 @@ static int do_pk8pkey(BIO *bp, EVP_PKEY *x, int isder, int nid, const EVP_CIPHER | |||
| 127 | if(!cb) klen = PEM_def_callback(buf, PEM_BUFSIZE, 1, u); | 127 | if(!cb) klen = PEM_def_callback(buf, PEM_BUFSIZE, 1, u); |
| 128 | else klen = cb(buf, PEM_BUFSIZE, 1, u); | 128 | else klen = cb(buf, PEM_BUFSIZE, 1, u); |
| 129 | if(klen <= 0) { | 129 | if(klen <= 0) { |
| 130 | PEMerr(PEM_F_PEM_WRITE_BIO_PKCS8PRIVATEKEY, | 130 | PEMerr(PEM_F_DO_PK8PKEY,PEM_R_READ_KEY); |
| 131 | PEM_R_READ_KEY); | ||
| 132 | PKCS8_PRIV_KEY_INFO_free(p8inf); | 131 | PKCS8_PRIV_KEY_INFO_free(p8inf); |
| 133 | return 0; | 132 | return 0; |
| 134 | } | 133 | } |
| @@ -215,7 +214,7 @@ static int do_pk8pkey_fp(FILE *fp, EVP_PKEY *x, int isder, int nid, const EVP_CI | |||
| 215 | BIO *bp; | 214 | BIO *bp; |
| 216 | int ret; | 215 | int ret; |
| 217 | if(!(bp = BIO_new_fp(fp, BIO_NOCLOSE))) { | 216 | if(!(bp = BIO_new_fp(fp, BIO_NOCLOSE))) { |
| 218 | PEMerr(PEM_F_PEM_F_DO_PK8KEY_FP,ERR_R_BUF_LIB); | 217 | PEMerr(PEM_F_DO_PK8PKEY_FP,ERR_R_BUF_LIB); |
| 219 | return(0); | 218 | return(0); |
| 220 | } | 219 | } |
| 221 | ret = do_pk8pkey(bp, x, isder, nid, enc, kstr, klen, cb, u); | 220 | ret = do_pk8pkey(bp, x, isder, nid, enc, kstr, klen, cb, u); |
diff --git a/src/lib/libssl/src/crypto/pem/pem_pkey.c b/src/lib/libssl/src/crypto/pem/pem_pkey.c index 9ecdbd5419..4da4c31ce5 100644 --- a/src/lib/libssl/src/crypto/pem/pem_pkey.c +++ b/src/lib/libssl/src/crypto/pem/pem_pkey.c | |||
| @@ -70,7 +70,8 @@ | |||
| 70 | EVP_PKEY *PEM_read_bio_PrivateKey(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, void *u) | 70 | EVP_PKEY *PEM_read_bio_PrivateKey(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, void *u) |
| 71 | { | 71 | { |
| 72 | char *nm=NULL; | 72 | char *nm=NULL; |
| 73 | unsigned char *p=NULL,*data=NULL; | 73 | const unsigned char *p=NULL; |
| 74 | unsigned char *data=NULL; | ||
| 74 | long len; | 75 | long len; |
| 75 | EVP_PKEY *ret=NULL; | 76 | EVP_PKEY *ret=NULL; |
| 76 | 77 | ||
| @@ -82,6 +83,8 @@ EVP_PKEY *PEM_read_bio_PrivateKey(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, vo | |||
| 82 | ret=d2i_PrivateKey(EVP_PKEY_RSA,x,&p,len); | 83 | ret=d2i_PrivateKey(EVP_PKEY_RSA,x,&p,len); |
| 83 | else if (strcmp(nm,PEM_STRING_DSA) == 0) | 84 | else if (strcmp(nm,PEM_STRING_DSA) == 0) |
| 84 | ret=d2i_PrivateKey(EVP_PKEY_DSA,x,&p,len); | 85 | ret=d2i_PrivateKey(EVP_PKEY_DSA,x,&p,len); |
| 86 | else if (strcmp(nm,PEM_STRING_ECPRIVATEKEY) == 0) | ||
| 87 | ret=d2i_PrivateKey(EVP_PKEY_EC,x,&p,len); | ||
| 85 | else if (strcmp(nm,PEM_STRING_PKCS8INF) == 0) { | 88 | else if (strcmp(nm,PEM_STRING_PKCS8INF) == 0) { |
| 86 | PKCS8_PRIV_KEY_INFO *p8inf; | 89 | PKCS8_PRIV_KEY_INFO *p8inf; |
| 87 | p8inf=d2i_PKCS8_PRIV_KEY_INFO(NULL, &p, len); | 90 | p8inf=d2i_PKCS8_PRIV_KEY_INFO(NULL, &p, len); |
| @@ -102,7 +105,7 @@ EVP_PKEY *PEM_read_bio_PrivateKey(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, vo | |||
| 102 | if (cb) klen=cb(psbuf,PEM_BUFSIZE,0,u); | 105 | if (cb) klen=cb(psbuf,PEM_BUFSIZE,0,u); |
| 103 | else klen=PEM_def_callback(psbuf,PEM_BUFSIZE,0,u); | 106 | else klen=PEM_def_callback(psbuf,PEM_BUFSIZE,0,u); |
| 104 | if (klen <= 0) { | 107 | if (klen <= 0) { |
| 105 | PEMerr(PEM_F_PEM_ASN1_READ_BIO, | 108 | PEMerr(PEM_F_PEM_READ_BIO_PRIVATEKEY, |
| 106 | PEM_R_BAD_PASSWORD_READ); | 109 | PEM_R_BAD_PASSWORD_READ); |
| 107 | X509_SIG_free(p8); | 110 | X509_SIG_free(p8); |
| 108 | goto err; | 111 | goto err; |
| @@ -119,9 +122,10 @@ EVP_PKEY *PEM_read_bio_PrivateKey(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, vo | |||
| 119 | } | 122 | } |
| 120 | p8err: | 123 | p8err: |
| 121 | if (ret == NULL) | 124 | if (ret == NULL) |
| 122 | PEMerr(PEM_F_PEM_ASN1_READ_BIO,ERR_R_ASN1_LIB); | 125 | PEMerr(PEM_F_PEM_READ_BIO_PRIVATEKEY,ERR_R_ASN1_LIB); |
| 123 | err: | 126 | err: |
| 124 | OPENSSL_free(nm); | 127 | OPENSSL_free(nm); |
| 128 | OPENSSL_cleanse(data, len); | ||
| 125 | OPENSSL_free(data); | 129 | OPENSSL_free(data); |
| 126 | return(ret); | 130 | return(ret); |
| 127 | } | 131 | } |
| @@ -134,7 +138,7 @@ EVP_PKEY *PEM_read_PrivateKey(FILE *fp, EVP_PKEY **x, pem_password_cb *cb, void | |||
| 134 | 138 | ||
| 135 | if ((b=BIO_new(BIO_s_file())) == NULL) | 139 | if ((b=BIO_new(BIO_s_file())) == NULL) |
| 136 | { | 140 | { |
| 137 | PEMerr(PEM_F_PEM_ASN1_READ,ERR_R_BUF_LIB); | 141 | PEMerr(PEM_F_PEM_READ_PRIVATEKEY,ERR_R_BUF_LIB); |
| 138 | return(0); | 142 | return(0); |
| 139 | } | 143 | } |
| 140 | BIO_set_fp(b,fp,BIO_NOCLOSE); | 144 | BIO_set_fp(b,fp,BIO_NOCLOSE); |
diff --git a/src/lib/libssl/src/crypto/pem/pem_seal.c b/src/lib/libssl/src/crypto/pem/pem_seal.c index 56e08abd70..4e554e5481 100644 --- a/src/lib/libssl/src/crypto/pem/pem_seal.c +++ b/src/lib/libssl/src/crypto/pem/pem_seal.c | |||
| @@ -56,6 +56,7 @@ | |||
| 56 | * [including the GNU Public Licence.] | 56 | * [including the GNU Public Licence.] |
| 57 | */ | 57 | */ |
| 58 | 58 | ||
| 59 | #include <openssl/opensslconf.h> /* for OPENSSL_NO_RSA */ | ||
| 59 | #ifndef OPENSSL_NO_RSA | 60 | #ifndef OPENSSL_NO_RSA |
| 60 | #include <stdio.h> | 61 | #include <stdio.h> |
| 61 | #include "cryptlib.h" | 62 | #include "cryptlib.h" |
| @@ -64,6 +65,7 @@ | |||
| 64 | #include <openssl/objects.h> | 65 | #include <openssl/objects.h> |
| 65 | #include <openssl/x509.h> | 66 | #include <openssl/x509.h> |
| 66 | #include <openssl/pem.h> | 67 | #include <openssl/pem.h> |
| 68 | #include <openssl/rsa.h> | ||
| 67 | 69 | ||
| 68 | int PEM_SealInit(PEM_ENCODE_SEAL_CTX *ctx, EVP_CIPHER *type, EVP_MD *md_type, | 70 | int PEM_SealInit(PEM_ENCODE_SEAL_CTX *ctx, EVP_CIPHER *type, EVP_MD *md_type, |
| 69 | unsigned char **ek, int *ekl, unsigned char *iv, EVP_PKEY **pubk, | 71 | unsigned char **ek, int *ekl, unsigned char *iv, EVP_PKEY **pubk, |
diff --git a/src/lib/libssl/src/crypto/pem/pem_xaux.c b/src/lib/libssl/src/crypto/pem/pem_xaux.c index 2f579b5421..63ce660cf1 100644 --- a/src/lib/libssl/src/crypto/pem/pem_xaux.c +++ b/src/lib/libssl/src/crypto/pem/pem_xaux.c | |||
| @@ -66,3 +66,4 @@ | |||
| 66 | #include <openssl/pem.h> | 66 | #include <openssl/pem.h> |
| 67 | 67 | ||
| 68 | IMPLEMENT_PEM_rw(X509_AUX, X509, PEM_STRING_X509_TRUSTED, X509_AUX) | 68 | IMPLEMENT_PEM_rw(X509_AUX, X509, PEM_STRING_X509_TRUSTED, X509_AUX) |
| 69 | IMPLEMENT_PEM_rw(X509_CERT_PAIR, X509_CERT_PAIR, PEM_STRING_X509_PAIR, X509_CERT_PAIR) | ||
diff --git a/src/lib/libssl/src/crypto/perlasm/cbc.pl b/src/lib/libssl/src/crypto/perlasm/cbc.pl index 22149c680e..e43dc9ae15 100644 --- a/src/lib/libssl/src/crypto/perlasm/cbc.pl +++ b/src/lib/libssl/src/crypto/perlasm/cbc.pl | |||
| @@ -322,7 +322,8 @@ sub cbc | |||
| 322 | 322 | ||
| 323 | &function_end_A($name); | 323 | &function_end_A($name); |
| 324 | 324 | ||
| 325 | &set_label("cbc_enc_jmp_table",1); | 325 | &align(64); |
| 326 | &set_label("cbc_enc_jmp_table"); | ||
| 326 | &data_word("0"); | 327 | &data_word("0"); |
| 327 | &data_word(&label("ej1")."-".&label("PIC_point")); | 328 | &data_word(&label("ej1")."-".&label("PIC_point")); |
| 328 | &data_word(&label("ej2")."-".&label("PIC_point")); | 329 | &data_word(&label("ej2")."-".&label("PIC_point")); |
| @@ -341,6 +342,7 @@ sub cbc | |||
| 341 | #&data_word(&label("dj5")."-".&label("PIC_point")); | 342 | #&data_word(&label("dj5")."-".&label("PIC_point")); |
| 342 | #&data_word(&label("dj6")."-".&label("PIC_point")); | 343 | #&data_word(&label("dj6")."-".&label("PIC_point")); |
| 343 | #&data_word(&label("dj7")."-".&label("PIC_point")); | 344 | #&data_word(&label("dj7")."-".&label("PIC_point")); |
| 345 | &align(64); | ||
| 344 | 346 | ||
| 345 | &function_end_B($name); | 347 | &function_end_B($name); |
| 346 | 348 | ||
diff --git a/src/lib/libssl/src/crypto/perlasm/x86asm.pl b/src/lib/libssl/src/crypto/perlasm/x86asm.pl index c3de90c65d..f535c9c7fa 100644 --- a/src/lib/libssl/src/crypto/perlasm/x86asm.pl +++ b/src/lib/libssl/src/crypto/perlasm/x86asm.pl | |||
| @@ -18,7 +18,7 @@ sub main'asm_init | |||
| 18 | ($type,$fn,$i386)=@_; | 18 | ($type,$fn,$i386)=@_; |
| 19 | $filename=$fn; | 19 | $filename=$fn; |
| 20 | 20 | ||
| 21 | $elf=$cpp=$sol=$aout=$win32=$gaswin=$openbsd=0; | 21 | $elf=$cpp=$coff=$aout=$win32=$netware=$mwerks=$openbsd=0; |
| 22 | if ( ($type eq "elf")) | 22 | if ( ($type eq "elf")) |
| 23 | { $elf=1; require "x86unix.pl"; } | 23 | { $elf=1; require "x86unix.pl"; } |
| 24 | elsif ( ($type eq "openbsd-elf")) | 24 | elsif ( ($type eq "openbsd-elf")) |
| @@ -27,28 +27,31 @@ sub main'asm_init | |||
| 27 | { $openbsd=1; require "x86unix.pl"; } | 27 | { $openbsd=1; require "x86unix.pl"; } |
| 28 | elsif ( ($type eq "a.out")) | 28 | elsif ( ($type eq "a.out")) |
| 29 | { $aout=1; require "x86unix.pl"; } | 29 | { $aout=1; require "x86unix.pl"; } |
| 30 | elsif ( ($type eq "gaswin")) | 30 | elsif ( ($type eq "coff" or $type eq "gaswin")) |
| 31 | { $gaswin=1; $aout=1; require "x86unix.pl"; } | 31 | { $coff=1; require "x86unix.pl"; } |
| 32 | elsif ( ($type eq "sol")) | ||
| 33 | { $sol=1; require "x86unix.pl"; } | ||
| 34 | elsif ( ($type eq "cpp")) | 32 | elsif ( ($type eq "cpp")) |
| 35 | { $cpp=1; require "x86unix.pl"; } | 33 | { $cpp=1; require "x86unix.pl"; } |
| 36 | elsif ( ($type eq "win32")) | 34 | elsif ( ($type eq "win32")) |
| 37 | { $win32=1; require "x86ms.pl"; } | 35 | { $win32=1; require "x86ms.pl"; } |
| 38 | elsif ( ($type eq "win32n")) | 36 | elsif ( ($type eq "win32n")) |
| 39 | { $win32=1; require "x86nasm.pl"; } | 37 | { $win32=1; require "x86nasm.pl"; } |
| 38 | elsif ( ($type eq "nw-nasm")) | ||
| 39 | { $netware=1; require "x86nasm.pl"; } | ||
| 40 | elsif ( ($type eq "nw-mwasm")) | ||
| 41 | { $netware=1; $mwerks=1; require "x86nasm.pl"; } | ||
| 40 | else | 42 | else |
| 41 | { | 43 | { |
| 42 | print STDERR <<"EOF"; | 44 | print STDERR <<"EOF"; |
| 43 | Pick one target type from | 45 | Pick one target type from |
| 44 | elf - linux, FreeBSD etc | 46 | elf - Linux, FreeBSD, Solaris x86, etc. |
| 45 | a.out - old linux | 47 | a.out - OpenBSD, DJGPP, etc. |
| 46 | sol - x86 solaris | 48 | coff - GAS/COFF such as Win32 targets |
| 47 | cpp - format so x86unix.cpp can be used | ||
| 48 | win32 - Windows 95/Windows NT | 49 | win32 - Windows 95/Windows NT |
| 49 | win32n - Windows 95/Windows NT NASM format | 50 | win32n - Windows 95/Windows NT NASM format |
| 50 | openbsd-elf - OpenBSD elf | 51 | openbsd-elf - OpenBSD elf |
| 51 | openbsd-a.out - OpenBSD a.out | 52 | openbsd-a.out - OpenBSD a.out |
| 53 | nw-nasm - NetWare NASM format | ||
| 54 | nw-mwasm- NetWare Metrowerks Assembler | ||
| 52 | EOF | 55 | EOF |
| 53 | exit(1); | 56 | exit(1); |
| 54 | } | 57 | } |
| @@ -61,7 +64,7 @@ EOF | |||
| 61 | &comment("Don't even think of reading this code"); | 64 | &comment("Don't even think of reading this code"); |
| 62 | &comment("It was automatically generated by $filename"); | 65 | &comment("It was automatically generated by $filename"); |
| 63 | &comment("Which is a perl program used to generate the x86 assember for"); | 66 | &comment("Which is a perl program used to generate the x86 assember for"); |
| 64 | &comment("any of elf, a.out, BSDI, Win32, gaswin (for GNU as on Win32) or Solaris"); | 67 | &comment("any of ELF, a.out, COFF, Win32, ..."); |
| 65 | &comment("eric <eay\@cryptsoft.com>"); | 68 | &comment("eric <eay\@cryptsoft.com>"); |
| 66 | &comment(""); | 69 | &comment(""); |
| 67 | 70 | ||
| @@ -96,7 +99,7 @@ $tmp | |||
| 96 | #ifdef OUT | 99 | #ifdef OUT |
| 97 | #define OK 1 | 100 | #define OK 1 |
| 98 | #define ALIGN 4 | 101 | #define ALIGN 4 |
| 99 | #if defined(__CYGWIN__) || defined(__DJGPP__) || defined(__MINGW32__) | 102 | #if defined(__CYGWIN__) || defined(__DJGPP__) || (__MINGW32__) |
| 100 | #undef SIZE | 103 | #undef SIZE |
| 101 | #undef TYPE | 104 | #undef TYPE |
| 102 | #define SIZE(a,b) | 105 | #define SIZE(a,b) |
| @@ -130,6 +133,4 @@ BSDI - a.out with a very primative version of as. | |||
| 130 | EOF | 133 | EOF |
| 131 | } | 134 | } |
| 132 | 135 | ||
| 133 | sub main'align() {} # swallow align statements in 0.9.7 context | ||
| 134 | |||
| 135 | 1; | 136 | 1; |
diff --git a/src/lib/libssl/src/crypto/perlasm/x86ms.pl b/src/lib/libssl/src/crypto/perlasm/x86ms.pl index b6bd744057..a0be2934c2 100644 --- a/src/lib/libssl/src/crypto/perlasm/x86ms.pl +++ b/src/lib/libssl/src/crypto/perlasm/x86ms.pl | |||
| @@ -27,7 +27,13 @@ $label="L000"; | |||
| 27 | sub main'asm_init_output { @out=(); } | 27 | sub main'asm_init_output { @out=(); } |
| 28 | sub main'asm_get_output { return(@out); } | 28 | sub main'asm_get_output { return(@out); } |
| 29 | sub main'get_labels { return(@labels); } | 29 | sub main'get_labels { return(@labels); } |
| 30 | sub main'external_label { push(@labels,@_); } | 30 | sub main'external_label |
| 31 | { | ||
| 32 | push(@labels,@_); | ||
| 33 | foreach (@_) { | ||
| 34 | push(@out, "EXTRN\t_$_:DWORD\n"); | ||
| 35 | } | ||
| 36 | } | ||
| 31 | 37 | ||
| 32 | sub main'LB | 38 | sub main'LB |
| 33 | { | 39 | { |
| @@ -51,6 +57,11 @@ sub main'DWP | |||
| 51 | &get_mem("DWORD",@_); | 57 | &get_mem("DWORD",@_); |
| 52 | } | 58 | } |
| 53 | 59 | ||
| 60 | sub main'QWP | ||
| 61 | { | ||
| 62 | &get_mem("QWORD",@_); | ||
| 63 | } | ||
| 64 | |||
| 54 | sub main'BC | 65 | sub main'BC |
| 55 | { | 66 | { |
| 56 | return @_; | 67 | return @_; |
| @@ -87,7 +98,7 @@ sub get_mem | |||
| 87 | $reg2=&conv($1); | 98 | $reg2=&conv($1); |
| 88 | $addr="_$2"; | 99 | $addr="_$2"; |
| 89 | } | 100 | } |
| 90 | elsif ($addr =~ /^[_a-zA-Z]/) | 101 | elsif ($addr =~ /^[_a-z][_a-z0-9]*$/i) |
| 91 | { | 102 | { |
| 92 | $addr="_$addr"; | 103 | $addr="_$addr"; |
| 93 | } | 104 | } |
| @@ -128,12 +139,14 @@ sub main'xorb { &out2("xor",@_); } | |||
| 128 | sub main'add { &out2("add",@_); } | 139 | sub main'add { &out2("add",@_); } |
| 129 | sub main'adc { &out2("adc",@_); } | 140 | sub main'adc { &out2("adc",@_); } |
| 130 | sub main'sub { &out2("sub",@_); } | 141 | sub main'sub { &out2("sub",@_); } |
| 142 | sub main'sbb { &out2("sbb",@_); } | ||
| 131 | sub main'rotl { &out2("rol",@_); } | 143 | sub main'rotl { &out2("rol",@_); } |
| 132 | sub main'rotr { &out2("ror",@_); } | 144 | sub main'rotr { &out2("ror",@_); } |
| 133 | sub main'exch { &out2("xchg",@_); } | 145 | sub main'exch { &out2("xchg",@_); } |
| 134 | sub main'cmp { &out2("cmp",@_); } | 146 | sub main'cmp { &out2("cmp",@_); } |
| 135 | sub main'lea { &out2("lea",@_); } | 147 | sub main'lea { &out2("lea",@_); } |
| 136 | sub main'mul { &out1("mul",@_); } | 148 | sub main'mul { &out1("mul",@_); } |
| 149 | sub main'imul { &out2("imul",@_); } | ||
| 137 | sub main'div { &out1("div",@_); } | 150 | sub main'div { &out1("div",@_); } |
| 138 | sub main'dec { &out1("dec",@_); } | 151 | sub main'dec { &out1("dec",@_); } |
| 139 | sub main'inc { &out1("inc",@_); } | 152 | sub main'inc { &out1("inc",@_); } |
| @@ -155,26 +168,54 @@ sub main'jne { &out1("jne",@_); } | |||
| 155 | sub main'jno { &out1("jno",@_); } | 168 | sub main'jno { &out1("jno",@_); } |
| 156 | sub main'push { &out1("push",@_); $stack+=4; } | 169 | sub main'push { &out1("push",@_); $stack+=4; } |
| 157 | sub main'pop { &out1("pop",@_); $stack-=4; } | 170 | sub main'pop { &out1("pop",@_); $stack-=4; } |
| 171 | sub main'pushf { &out0("pushfd"); $stack+=4; } | ||
| 172 | sub main'popf { &out0("popfd"); $stack-=4; } | ||
| 158 | sub main'bswap { &out1("bswap",@_); &using486(); } | 173 | sub main'bswap { &out1("bswap",@_); &using486(); } |
| 159 | sub main'not { &out1("not",@_); } | 174 | sub main'not { &out1("not",@_); } |
| 160 | sub main'call { &out1("call",($_[0]=~/^\$L/?'':'_').$_[0]); } | 175 | sub main'call { &out1("call",($_[0]=~/^\$L/?'':'_').$_[0]); } |
| 176 | sub main'call_ptr { &out1p("call",@_); } | ||
| 161 | sub main'ret { &out0("ret"); } | 177 | sub main'ret { &out0("ret"); } |
| 162 | sub main'nop { &out0("nop"); } | 178 | sub main'nop { &out0("nop"); } |
| 179 | sub main'test { &out2("test",@_); } | ||
| 180 | sub main'bt { &out2("bt",@_); } | ||
| 181 | sub main'leave { &out0("leave"); } | ||
| 182 | sub main'cpuid { &out0("DW\t0A20Fh"); } | ||
| 183 | sub main'rdtsc { &out0("DW\t0310Fh"); } | ||
| 184 | sub main'halt { &out0("hlt"); } | ||
| 163 | sub main'movz { &out2("movzx",@_); } | 185 | sub main'movz { &out2("movzx",@_); } |
| 186 | sub main'neg { &out1("neg",@_); } | ||
| 187 | sub main'cld { &out0("cld"); } | ||
| 188 | |||
| 189 | # SSE2 | ||
| 190 | sub main'emms { &out0("emms"); } | ||
| 191 | sub main'movd { &out2("movd",@_); } | ||
| 192 | sub main'movq { &out2("movq",@_); } | ||
| 193 | sub main'movdqu { &out2("movdqu",@_); } | ||
| 194 | sub main'movdqa { &out2("movdqa",@_); } | ||
| 195 | sub main'movdq2q{ &out2("movdq2q",@_); } | ||
| 196 | sub main'movq2dq{ &out2("movq2dq",@_); } | ||
| 197 | sub main'paddq { &out2("paddq",@_); } | ||
| 198 | sub main'pmuludq{ &out2("pmuludq",@_); } | ||
| 199 | sub main'psrlq { &out2("psrlq",@_); } | ||
| 200 | sub main'psllq { &out2("psllq",@_); } | ||
| 201 | sub main'pxor { &out2("pxor",@_); } | ||
| 202 | sub main'por { &out2("por",@_); } | ||
| 203 | sub main'pand { &out2("pand",@_); } | ||
| 164 | 204 | ||
| 165 | sub out2 | 205 | sub out2 |
| 166 | { | 206 | { |
| 167 | local($name,$p1,$p2)=@_; | 207 | local($name,$p1,$p2)=@_; |
| 168 | local($l,$t); | 208 | local($l,$t,$line); |
| 169 | 209 | ||
| 170 | push(@out,"\t$name\t"); | 210 | $line="\t$name\t"; |
| 171 | $t=&conv($p1).","; | 211 | $t=&conv($p1).","; |
| 172 | $l=length($t); | 212 | $l=length($t); |
| 173 | push(@out,$t); | 213 | $line.="$t"; |
| 174 | $l=4-($l+9)/8; | 214 | $l=4-($l+9)/8; |
| 175 | push(@out,"\t" x $l); | 215 | $line.="\t" x $l; |
| 176 | push(@out,&conv($p2)); | 216 | $line.=&conv($p2); |
| 177 | push(@out,"\n"); | 217 | if ($line=~/\bxmm[0-7]\b/i) { $line=~s/\b[A-Z]+WORD\s+PTR/XMMWORD PTR/i; } |
| 218 | push(@out,$line."\n"); | ||
| 178 | } | 219 | } |
| 179 | 220 | ||
| 180 | sub out0 | 221 | sub out0 |
| @@ -214,7 +255,9 @@ sub main'file | |||
| 214 | local($tmp)=<<"EOF"; | 255 | local($tmp)=<<"EOF"; |
| 215 | TITLE $file.asm | 256 | TITLE $file.asm |
| 216 | .386 | 257 | .386 |
| 217 | .model FLAT | 258 | .model FLAT |
| 259 | _TEXT\$ SEGMENT PAGE 'CODE' | ||
| 260 | |||
| 218 | EOF | 261 | EOF |
| 219 | push(@out,$tmp); | 262 | push(@out,$tmp); |
| 220 | } | 263 | } |
| @@ -226,7 +269,6 @@ sub main'function_begin | |||
| 226 | push(@labels,$func); | 269 | push(@labels,$func); |
| 227 | 270 | ||
| 228 | local($tmp)=<<"EOF"; | 271 | local($tmp)=<<"EOF"; |
| 229 | _TEXT SEGMENT | ||
| 230 | PUBLIC _$func | 272 | PUBLIC _$func |
| 231 | $extra | 273 | $extra |
| 232 | _$func PROC NEAR | 274 | _$func PROC NEAR |
| @@ -244,7 +286,6 @@ sub main'function_begin_B | |||
| 244 | local($func,$extra)=@_; | 286 | local($func,$extra)=@_; |
| 245 | 287 | ||
| 246 | local($tmp)=<<"EOF"; | 288 | local($tmp)=<<"EOF"; |
| 247 | _TEXT SEGMENT | ||
| 248 | PUBLIC _$func | 289 | PUBLIC _$func |
| 249 | $extra | 290 | $extra |
| 250 | _$func PROC NEAR | 291 | _$func PROC NEAR |
| @@ -264,7 +305,6 @@ sub main'function_end | |||
| 264 | pop ebp | 305 | pop ebp |
| 265 | ret | 306 | ret |
| 266 | _$func ENDP | 307 | _$func ENDP |
| 267 | _TEXT ENDS | ||
| 268 | EOF | 308 | EOF |
| 269 | push(@out,$tmp); | 309 | push(@out,$tmp); |
| 270 | $stack=0; | 310 | $stack=0; |
| @@ -277,7 +317,6 @@ sub main'function_end_B | |||
| 277 | 317 | ||
| 278 | local($tmp)=<<"EOF"; | 318 | local($tmp)=<<"EOF"; |
| 279 | _$func ENDP | 319 | _$func ENDP |
| 280 | _TEXT ENDS | ||
| 281 | EOF | 320 | EOF |
| 282 | push(@out,$tmp); | 321 | push(@out,$tmp); |
| 283 | $stack=0; | 322 | $stack=0; |
| @@ -300,6 +339,20 @@ EOF | |||
| 300 | 339 | ||
| 301 | sub main'file_end | 340 | sub main'file_end |
| 302 | { | 341 | { |
| 342 | # try to detect if SSE2 or MMX extensions were used... | ||
| 343 | my $xmmheader=<<___; | ||
| 344 | .686 | ||
| 345 | .XMM | ||
| 346 | IF \@Version LT 800 | ||
| 347 | XMMWORD STRUCT 16 | ||
| 348 | DQ 2 dup (?) | ||
| 349 | XMMWORD ENDS | ||
| 350 | ENDIF | ||
| 351 | ___ | ||
| 352 | if (grep {/\b[x]?mm[0-7]\b/i} @out) { | ||
| 353 | grep {s/\.[3-7]86/$xmmheader/} @out; | ||
| 354 | } | ||
| 355 | push(@out,"_TEXT\$ ENDS\n"); | ||
| 303 | push(@out,"END\n"); | 356 | push(@out,"END\n"); |
| 304 | } | 357 | } |
| 305 | 358 | ||
| @@ -331,6 +384,12 @@ sub main'comment | |||
| 331 | } | 384 | } |
| 332 | } | 385 | } |
| 333 | 386 | ||
| 387 | sub main'public_label | ||
| 388 | { | ||
| 389 | $label{$_[0]}="_$_[0]" if (!defined($label{$_[0]})); | ||
| 390 | push(@out,"PUBLIC\t$label{$_[0]}\n"); | ||
| 391 | } | ||
| 392 | |||
| 334 | sub main'label | 393 | sub main'label |
| 335 | { | 394 | { |
| 336 | if (!defined($label{$_[0]})) | 395 | if (!defined($label{$_[0]})) |
| @@ -348,19 +407,37 @@ sub main'set_label | |||
| 348 | $label{$_[0]}="\$${label}${_[0]}"; | 407 | $label{$_[0]}="\$${label}${_[0]}"; |
| 349 | $label++; | 408 | $label++; |
| 350 | } | 409 | } |
| 410 | if ($_[1]!=0 && $_[1]>1) | ||
| 411 | { | ||
| 412 | main'align($_[1]); | ||
| 413 | } | ||
| 351 | if((defined $_[2]) && ($_[2] == 1)) | 414 | if((defined $_[2]) && ($_[2] == 1)) |
| 352 | { | 415 | { |
| 353 | push(@out,"$label{$_[0]}::\n"); | 416 | push(@out,"$label{$_[0]}::\n"); |
| 354 | } | 417 | } |
| 418 | elsif ($label{$_[0]} !~ /^\$/) | ||
| 419 | { | ||
| 420 | push(@out,"$label{$_[0]}\tLABEL PTR\n"); | ||
| 421 | } | ||
| 355 | else | 422 | else |
| 356 | { | 423 | { |
| 357 | push(@out,"$label{$_[0]}:\n"); | 424 | push(@out,"$label{$_[0]}:\n"); |
| 358 | } | 425 | } |
| 359 | } | 426 | } |
| 360 | 427 | ||
| 428 | sub main'data_byte | ||
| 429 | { | ||
| 430 | push(@out,"\tDB\t".join(',',@_)."\n"); | ||
| 431 | } | ||
| 432 | |||
| 361 | sub main'data_word | 433 | sub main'data_word |
| 362 | { | 434 | { |
| 363 | push(@out,"\tDD\t$_[0]\n"); | 435 | push(@out,"\tDD\t".join(',',@_)."\n"); |
| 436 | } | ||
| 437 | |||
| 438 | sub main'align | ||
| 439 | { | ||
| 440 | push(@out,"\tALIGN\t$_[0]\n"); | ||
| 364 | } | 441 | } |
| 365 | 442 | ||
| 366 | sub out1p | 443 | sub out1p |
| @@ -368,7 +445,7 @@ sub out1p | |||
| 368 | local($name,$p1)=@_; | 445 | local($name,$p1)=@_; |
| 369 | local($l,$t); | 446 | local($l,$t); |
| 370 | 447 | ||
| 371 | push(@out,"\t$name\t ".&conv($p1)."\n"); | 448 | push(@out,"\t$name\t".&conv($p1)."\n"); |
| 372 | } | 449 | } |
| 373 | 450 | ||
| 374 | sub main'picmeup | 451 | sub main'picmeup |
| @@ -378,3 +455,18 @@ sub main'picmeup | |||
| 378 | } | 455 | } |
| 379 | 456 | ||
| 380 | sub main'blindpop { &out1("pop",@_); } | 457 | sub main'blindpop { &out1("pop",@_); } |
| 458 | |||
| 459 | sub main'initseg | ||
| 460 | { | ||
| 461 | local($f)=@_; | ||
| 462 | local($tmp)=<<___; | ||
| 463 | OPTION DOTNAME | ||
| 464 | .CRT\$XCU SEGMENT DWORD PUBLIC 'DATA' | ||
| 465 | EXTRN _$f:NEAR | ||
| 466 | DD _$f | ||
| 467 | .CRT\$XCU ENDS | ||
| 468 | ___ | ||
| 469 | push(@out,$tmp); | ||
| 470 | } | ||
| 471 | |||
| 472 | 1; | ||
diff --git a/src/lib/libssl/src/crypto/perlasm/x86nasm.pl b/src/lib/libssl/src/crypto/perlasm/x86nasm.pl index 4bdb3fe180..fa38f89c09 100644 --- a/src/lib/libssl/src/crypto/perlasm/x86nasm.pl +++ b/src/lib/libssl/src/crypto/perlasm/x86nasm.pl | |||
| @@ -3,6 +3,7 @@ | |||
| 3 | package x86nasm; | 3 | package x86nasm; |
| 4 | 4 | ||
| 5 | $label="L000"; | 5 | $label="L000"; |
| 6 | $under=($main'netware)?'':'_'; | ||
| 6 | 7 | ||
| 7 | %lb=( 'eax', 'al', | 8 | %lb=( 'eax', 'al', |
| 8 | 'ebx', 'bl', | 9 | 'ebx', 'bl', |
| @@ -32,7 +33,8 @@ sub main'external_label | |||
| 32 | { | 33 | { |
| 33 | push(@labels,@_); | 34 | push(@labels,@_); |
| 34 | foreach (@_) { | 35 | foreach (@_) { |
| 35 | push(@out, "extern\t_$_\n"); | 36 | push(@out,".") if ($main'mwerks); |
| 37 | push(@out, "extern\t${under}$_\n"); | ||
| 36 | } | 38 | } |
| 37 | } | 39 | } |
| 38 | 40 | ||
| @@ -58,14 +60,19 @@ sub main'DWP | |||
| 58 | &get_mem("DWORD",@_); | 60 | &get_mem("DWORD",@_); |
| 59 | } | 61 | } |
| 60 | 62 | ||
| 63 | sub main'QWP | ||
| 64 | { | ||
| 65 | &get_mem("",@_); | ||
| 66 | } | ||
| 67 | |||
| 61 | sub main'BC | 68 | sub main'BC |
| 62 | { | 69 | { |
| 63 | return "BYTE @_"; | 70 | return (($main'mwerks)?"":"BYTE ")."@_"; |
| 64 | } | 71 | } |
| 65 | 72 | ||
| 66 | sub main'DWC | 73 | sub main'DWC |
| 67 | { | 74 | { |
| 68 | return "DWORD @_"; | 75 | return (($main'mwerks)?"":"DWORD ")."@_"; |
| 69 | } | 76 | } |
| 70 | 77 | ||
| 71 | sub main'stack_push | 78 | sub main'stack_push |
| @@ -86,16 +93,22 @@ sub get_mem | |||
| 86 | { | 93 | { |
| 87 | my($size,$addr,$reg1,$reg2,$idx)=@_; | 94 | my($size,$addr,$reg1,$reg2,$idx)=@_; |
| 88 | my($t,$post); | 95 | my($t,$post); |
| 89 | my($ret)="$size ["; | 96 | my($ret)=$size; |
| 97 | if ($ret ne "") | ||
| 98 | { | ||
| 99 | $ret .= " PTR" if ($main'mwerks); | ||
| 100 | $ret .= " "; | ||
| 101 | } | ||
| 102 | $ret .= "["; | ||
| 90 | $addr =~ s/^\s+//; | 103 | $addr =~ s/^\s+//; |
| 91 | if ($addr =~ /^(.+)\+(.+)$/) | 104 | if ($addr =~ /^(.+)\+(.+)$/) |
| 92 | { | 105 | { |
| 93 | $reg2=&conv($1); | 106 | $reg2=&conv($1); |
| 94 | $addr="_$2"; | 107 | $addr="$under$2"; |
| 95 | } | 108 | } |
| 96 | elsif ($addr =~ /^[_a-zA-Z]/) | 109 | elsif ($addr =~ /^[_a-z][_a-z0-9]*$/i) |
| 97 | { | 110 | { |
| 98 | $addr="_$addr"; | 111 | $addr="$under$addr"; |
| 99 | } | 112 | } |
| 100 | 113 | ||
| 101 | if ($addr =~ /^.+\-.+$/) { $addr="($addr)"; } | 114 | if ($addr =~ /^.+\-.+$/) { $addr="($addr)"; } |
| @@ -134,12 +147,14 @@ sub main'xorb { &out2("xor",@_); } | |||
| 134 | sub main'add { &out2("add",@_); } | 147 | sub main'add { &out2("add",@_); } |
| 135 | sub main'adc { &out2("adc",@_); } | 148 | sub main'adc { &out2("adc",@_); } |
| 136 | sub main'sub { &out2("sub",@_); } | 149 | sub main'sub { &out2("sub",@_); } |
| 150 | sub main'sbb { &out2("sbb",@_); } | ||
| 137 | sub main'rotl { &out2("rol",@_); } | 151 | sub main'rotl { &out2("rol",@_); } |
| 138 | sub main'rotr { &out2("ror",@_); } | 152 | sub main'rotr { &out2("ror",@_); } |
| 139 | sub main'exch { &out2("xchg",@_); } | 153 | sub main'exch { &out2("xchg",@_); } |
| 140 | sub main'cmp { &out2("cmp",@_); } | 154 | sub main'cmp { &out2("cmp",@_); } |
| 141 | sub main'lea { &out2("lea",@_); } | 155 | sub main'lea { &out2("lea",@_); } |
| 142 | sub main'mul { &out1("mul",@_); } | 156 | sub main'mul { &out1("mul",@_); } |
| 157 | sub main'imul { &out2("imul",@_); } | ||
| 143 | sub main'div { &out1("div",@_); } | 158 | sub main'div { &out1("div",@_); } |
| 144 | sub main'dec { &out1("dec",@_); } | 159 | sub main'dec { &out1("dec",@_); } |
| 145 | sub main'inc { &out1("inc",@_); } | 160 | sub main'inc { &out1("inc",@_); } |
| @@ -147,29 +162,57 @@ sub main'jmp { &out1("jmp",@_); } | |||
| 147 | sub main'jmp_ptr { &out1p("jmp",@_); } | 162 | sub main'jmp_ptr { &out1p("jmp",@_); } |
| 148 | 163 | ||
| 149 | # This is a bit of a kludge: declare all branches as NEAR. | 164 | # This is a bit of a kludge: declare all branches as NEAR. |
| 150 | sub main'je { &out1("je NEAR",@_); } | 165 | $near=($main'mwerks)?'':'NEAR'; |
| 151 | sub main'jle { &out1("jle NEAR",@_); } | 166 | sub main'je { &out1("je $near",@_); } |
| 152 | sub main'jz { &out1("jz NEAR",@_); } | 167 | sub main'jle { &out1("jle $near",@_); } |
| 153 | sub main'jge { &out1("jge NEAR",@_); } | 168 | sub main'jz { &out1("jz $near",@_); } |
| 154 | sub main'jl { &out1("jl NEAR",@_); } | 169 | sub main'jge { &out1("jge $near",@_); } |
| 155 | sub main'ja { &out1("ja NEAR",@_); } | 170 | sub main'jl { &out1("jl $near",@_); } |
| 156 | sub main'jae { &out1("jae NEAR",@_); } | 171 | sub main'ja { &out1("ja $near",@_); } |
| 157 | sub main'jb { &out1("jb NEAR",@_); } | 172 | sub main'jae { &out1("jae $near",@_); } |
| 158 | sub main'jbe { &out1("jbe NEAR",@_); } | 173 | sub main'jb { &out1("jb $near",@_); } |
| 159 | sub main'jc { &out1("jc NEAR",@_); } | 174 | sub main'jbe { &out1("jbe $near",@_); } |
| 160 | sub main'jnc { &out1("jnc NEAR",@_); } | 175 | sub main'jc { &out1("jc $near",@_); } |
| 161 | sub main'jnz { &out1("jnz NEAR",@_); } | 176 | sub main'jnc { &out1("jnc $near",@_); } |
| 162 | sub main'jne { &out1("jne NEAR",@_); } | 177 | sub main'jnz { &out1("jnz $near",@_); } |
| 163 | sub main'jno { &out1("jno NEAR",@_); } | 178 | sub main'jne { &out1("jne $near",@_); } |
| 179 | sub main'jno { &out1("jno $near",@_); } | ||
| 164 | 180 | ||
| 165 | sub main'push { &out1("push",@_); $stack+=4; } | 181 | sub main'push { &out1("push",@_); $stack+=4; } |
| 166 | sub main'pop { &out1("pop",@_); $stack-=4; } | 182 | sub main'pop { &out1("pop",@_); $stack-=4; } |
| 183 | sub main'pushf { &out0("pushfd"); $stack+=4; } | ||
| 184 | sub main'popf { &out0("popfd"); $stack-=4; } | ||
| 167 | sub main'bswap { &out1("bswap",@_); &using486(); } | 185 | sub main'bswap { &out1("bswap",@_); &using486(); } |
| 168 | sub main'not { &out1("not",@_); } | 186 | sub main'not { &out1("not",@_); } |
| 169 | sub main'call { &out1("call",($_[0]=~/^\$L/?'':'_').$_[0]); } | 187 | sub main'call { &out1("call",($_[0]=~/^\@L/?'':$under).$_[0]); } |
| 188 | sub main'call_ptr { &out1p("call",@_); } | ||
| 170 | sub main'ret { &out0("ret"); } | 189 | sub main'ret { &out0("ret"); } |
| 171 | sub main'nop { &out0("nop"); } | 190 | sub main'nop { &out0("nop"); } |
| 191 | sub main'test { &out2("test",@_); } | ||
| 192 | sub main'bt { &out2("bt",@_); } | ||
| 193 | sub main'leave { &out0("leave"); } | ||
| 194 | sub main'cpuid { &out0("cpuid"); } | ||
| 195 | sub main'rdtsc { &out0("rdtsc"); } | ||
| 196 | sub main'halt { &out0("hlt"); } | ||
| 172 | sub main'movz { &out2("movzx",@_); } | 197 | sub main'movz { &out2("movzx",@_); } |
| 198 | sub main'neg { &out1("neg",@_); } | ||
| 199 | sub main'cld { &out0("cld"); } | ||
| 200 | |||
| 201 | # SSE2 | ||
| 202 | sub main'emms { &out0("emms"); } | ||
| 203 | sub main'movd { &out2("movd",@_); } | ||
| 204 | sub main'movq { &out2("movq",@_); } | ||
| 205 | sub main'movdqu { &out2("movdqu",@_); } | ||
| 206 | sub main'movdqa { &out2("movdqa",@_); } | ||
| 207 | sub main'movdq2q{ &out2("movdq2q",@_); } | ||
| 208 | sub main'movq2dq{ &out2("movq2dq",@_); } | ||
| 209 | sub main'paddq { &out2("paddq",@_); } | ||
| 210 | sub main'pmuludq{ &out2("pmuludq",@_); } | ||
| 211 | sub main'psrlq { &out2("psrlq",@_); } | ||
| 212 | sub main'psllq { &out2("psllq",@_); } | ||
| 213 | sub main'pxor { &out2("pxor",@_); } | ||
| 214 | sub main'por { &out2("por",@_); } | ||
| 215 | sub main'pand { &out2("pand",@_); } | ||
| 173 | 216 | ||
| 174 | sub out2 | 217 | sub out2 |
| 175 | { | 218 | { |
| @@ -177,7 +220,7 @@ sub out2 | |||
| 177 | my($l,$t); | 220 | my($l,$t); |
| 178 | 221 | ||
| 179 | push(@out,"\t$name\t"); | 222 | push(@out,"\t$name\t"); |
| 180 | if ($name eq "lea") | 223 | if (!$main'mwerks and $name eq "lea") |
| 181 | { | 224 | { |
| 182 | $p1 =~ s/^[^\[]*\[/\[/; | 225 | $p1 =~ s/^[^\[]*\[/\[/; |
| 183 | $p2 =~ s/^[^\[]*\[/\[/; | 226 | $p2 =~ s/^[^\[]*\[/\[/; |
| @@ -221,15 +264,17 @@ sub using486 | |||
| 221 | 264 | ||
| 222 | sub main'file | 265 | sub main'file |
| 223 | { | 266 | { |
| 224 | local $tmp; | 267 | if ($main'mwerks) { push(@out,".section\t.text\n"); } |
| 225 | $tmp=<<___; | 268 | else { |
| 269 | local $tmp=<<___; | ||
| 226 | %ifdef __omf__ | 270 | %ifdef __omf__ |
| 227 | section code use32 class=code | 271 | section code use32 class=code |
| 228 | %else | 272 | %else |
| 229 | section .text | 273 | section .text |
| 230 | %endif | 274 | %endif |
| 231 | ___ | 275 | ___ |
| 232 | push(@out,$tmp); | 276 | push(@out,$tmp); |
| 277 | } | ||
| 233 | } | 278 | } |
| 234 | 279 | ||
| 235 | sub main'function_begin | 280 | sub main'function_begin |
| @@ -237,9 +282,10 @@ sub main'function_begin | |||
| 237 | my($func,$extra)=@_; | 282 | my($func,$extra)=@_; |
| 238 | 283 | ||
| 239 | push(@labels,$func); | 284 | push(@labels,$func); |
| 285 | push(@out,".") if ($main'mwerks); | ||
| 240 | my($tmp)=<<"EOF"; | 286 | my($tmp)=<<"EOF"; |
| 241 | global _$func | 287 | global $under$func |
| 242 | _$func: | 288 | $under$func: |
| 243 | push ebp | 289 | push ebp |
| 244 | push ebx | 290 | push ebx |
| 245 | push esi | 291 | push esi |
| @@ -252,9 +298,10 @@ EOF | |||
| 252 | sub main'function_begin_B | 298 | sub main'function_begin_B |
| 253 | { | 299 | { |
| 254 | my($func,$extra)=@_; | 300 | my($func,$extra)=@_; |
| 301 | push(@out,".") if ($main'mwerks); | ||
| 255 | my($tmp)=<<"EOF"; | 302 | my($tmp)=<<"EOF"; |
| 256 | global _$func | 303 | global $under$func |
| 257 | _$func: | 304 | $under$func: |
| 258 | EOF | 305 | EOF |
| 259 | push(@out,$tmp); | 306 | push(@out,$tmp); |
| 260 | $stack=4; | 307 | $stack=4; |
| @@ -328,11 +375,18 @@ sub main'comment | |||
| 328 | } | 375 | } |
| 329 | } | 376 | } |
| 330 | 377 | ||
| 378 | sub main'public_label | ||
| 379 | { | ||
| 380 | $label{$_[0]}="${under}${_[0]}" if (!defined($label{$_[0]})); | ||
| 381 | push(@out,".") if ($main'mwerks); | ||
| 382 | push(@out,"global\t$label{$_[0]}\n"); | ||
| 383 | } | ||
| 384 | |||
| 331 | sub main'label | 385 | sub main'label |
| 332 | { | 386 | { |
| 333 | if (!defined($label{$_[0]})) | 387 | if (!defined($label{$_[0]})) |
| 334 | { | 388 | { |
| 335 | $label{$_[0]}="\$${label}${_[0]}"; | 389 | $label{$_[0]}="\@${label}${_[0]}"; |
| 336 | $label++; | 390 | $label++; |
| 337 | } | 391 | } |
| 338 | return($label{$_[0]}); | 392 | return($label{$_[0]}); |
| @@ -342,15 +396,30 @@ sub main'set_label | |||
| 342 | { | 396 | { |
| 343 | if (!defined($label{$_[0]})) | 397 | if (!defined($label{$_[0]})) |
| 344 | { | 398 | { |
| 345 | $label{$_[0]}="\$${label}${_[0]}"; | 399 | $label{$_[0]}="\@${label}${_[0]}"; |
| 346 | $label++; | 400 | $label++; |
| 347 | } | 401 | } |
| 402 | if ($_[1]!=0 && $_[1]>1) | ||
| 403 | { | ||
| 404 | main'align($_[1]); | ||
| 405 | } | ||
| 348 | push(@out,"$label{$_[0]}:\n"); | 406 | push(@out,"$label{$_[0]}:\n"); |
| 349 | } | 407 | } |
| 350 | 408 | ||
| 409 | sub main'data_byte | ||
| 410 | { | ||
| 411 | push(@out,(($main'mwerks)?".byte\t":"DB\t").join(',',@_)."\n"); | ||
| 412 | } | ||
| 413 | |||
| 351 | sub main'data_word | 414 | sub main'data_word |
| 352 | { | 415 | { |
| 353 | push(@out,"\tDD\t$_[0]\n"); | 416 | push(@out,(($main'mwerks)?".long\t":"DD\t").join(',',@_)."\n"); |
| 417 | } | ||
| 418 | |||
| 419 | sub main'align | ||
| 420 | { | ||
| 421 | push(@out,".") if ($main'mwerks); | ||
| 422 | push(@out,"align\t$_[0]\n"); | ||
| 354 | } | 423 | } |
| 355 | 424 | ||
| 356 | sub out1p | 425 | sub out1p |
| @@ -358,7 +427,7 @@ sub out1p | |||
| 358 | my($name,$p1)=@_; | 427 | my($name,$p1)=@_; |
| 359 | my($l,$t); | 428 | my($l,$t); |
| 360 | 429 | ||
| 361 | push(@out,"\t$name\t ".&conv($p1)."\n"); | 430 | push(@out,"\t$name\t".&conv($p1)."\n"); |
| 362 | } | 431 | } |
| 363 | 432 | ||
| 364 | sub main'picmeup | 433 | sub main'picmeup |
| @@ -368,3 +437,19 @@ sub main'picmeup | |||
| 368 | } | 437 | } |
| 369 | 438 | ||
| 370 | sub main'blindpop { &out1("pop",@_); } | 439 | sub main'blindpop { &out1("pop",@_); } |
| 440 | |||
| 441 | sub main'initseg | ||
| 442 | { | ||
| 443 | local($f)=@_; | ||
| 444 | if ($main'win32) | ||
| 445 | { | ||
| 446 | local($tmp)=<<___; | ||
| 447 | segment .CRT\$XCU data | ||
| 448 | extern $under$f | ||
| 449 | DD $under$f | ||
| 450 | ___ | ||
| 451 | push(@out,$tmp); | ||
| 452 | } | ||
| 453 | } | ||
| 454 | |||
| 455 | 1; | ||
diff --git a/src/lib/libssl/src/crypto/perlasm/x86unix.pl b/src/lib/libssl/src/crypto/perlasm/x86unix.pl index b61425e951..02d72a32bc 100644 --- a/src/lib/libssl/src/crypto/perlasm/x86unix.pl +++ b/src/lib/libssl/src/crypto/perlasm/x86unix.pl | |||
| @@ -1,14 +1,15 @@ | |||
| 1 | #!/usr/local/bin/perl | 1 | #!/usr/local/bin/perl |
| 2 | 2 | ||
| 3 | package x86unix; | 3 | package x86unix; # GAS actually... |
| 4 | 4 | ||
| 5 | $label="L000"; | 5 | $label="L000"; |
| 6 | $const=""; | 6 | $const=""; |
| 7 | $constl=0; | 7 | $constl=0; |
| 8 | 8 | ||
| 9 | $align=($main'aout)?"4":"16"; | 9 | $align=($main'aout)?"4":"16"; |
| 10 | $under=($main'aout)?"_":""; | 10 | $under=($main'aout or $main'coff)?"_":""; |
| 11 | $com_start=($main'sol)?"/":"#"; | 11 | $dot=($main'aout)?"":"."; |
| 12 | $com_start="#" if ($main'aout or $main'coff); | ||
| 12 | 13 | ||
| 13 | sub main'asm_init_output { @out=(); } | 14 | sub main'asm_init_output { @out=(); } |
| 14 | sub main'asm_get_output { return(@out); } | 15 | sub main'asm_get_output { return(@out); } |
| @@ -57,6 +58,24 @@ if ($main'cpp) | |||
| 57 | 'edi', '%edi', | 58 | 'edi', '%edi', |
| 58 | 'ebp', '%ebp', | 59 | 'ebp', '%ebp', |
| 59 | 'esp', '%esp', | 60 | 'esp', '%esp', |
| 61 | |||
| 62 | 'mm0', '%mm0', | ||
| 63 | 'mm1', '%mm1', | ||
| 64 | 'mm2', '%mm2', | ||
| 65 | 'mm3', '%mm3', | ||
| 66 | 'mm4', '%mm4', | ||
| 67 | 'mm5', '%mm5', | ||
| 68 | 'mm6', '%mm6', | ||
| 69 | 'mm7', '%mm7', | ||
| 70 | |||
| 71 | 'xmm0', '%xmm0', | ||
| 72 | 'xmm1', '%xmm1', | ||
| 73 | 'xmm2', '%xmm2', | ||
| 74 | 'xmm3', '%xmm3', | ||
| 75 | 'xmm4', '%xmm4', | ||
| 76 | 'xmm5', '%xmm5', | ||
| 77 | 'xmm6', '%xmm6', | ||
| 78 | 'xmm7', '%xmm7', | ||
| 60 | ); | 79 | ); |
| 61 | 80 | ||
| 62 | %reg_val=( | 81 | %reg_val=( |
| @@ -103,6 +122,11 @@ sub main'DWP | |||
| 103 | return($ret); | 122 | return($ret); |
| 104 | } | 123 | } |
| 105 | 124 | ||
| 125 | sub main'QWP | ||
| 126 | { | ||
| 127 | return(&main'DWP(@_)); | ||
| 128 | } | ||
| 129 | |||
| 106 | sub main'BP | 130 | sub main'BP |
| 107 | { | 131 | { |
| 108 | return(&main'DWP(@_)); | 132 | return(&main'DWP(@_)); |
| @@ -146,12 +170,14 @@ sub main'xorb { &out2("xorb",@_); } | |||
| 146 | sub main'add { &out2($_[0]=~/%[a-d][lh]/?"addb":"addl",@_); } | 170 | sub main'add { &out2($_[0]=~/%[a-d][lh]/?"addb":"addl",@_); } |
| 147 | sub main'adc { &out2("adcl",@_); } | 171 | sub main'adc { &out2("adcl",@_); } |
| 148 | sub main'sub { &out2("subl",@_); } | 172 | sub main'sub { &out2("subl",@_); } |
| 173 | sub main'sbb { &out2("sbbl",@_); } | ||
| 149 | sub main'rotl { &out2("roll",@_); } | 174 | sub main'rotl { &out2("roll",@_); } |
| 150 | sub main'rotr { &out2("rorl",@_); } | 175 | sub main'rotr { &out2("rorl",@_); } |
| 151 | sub main'exch { &out2($_[0]=~/%[a-d][lh]/?"xchgb":"xchgl",@_); } | 176 | sub main'exch { &out2($_[0]=~/%[a-d][lh]/?"xchgb":"xchgl",@_); } |
| 152 | sub main'cmp { &out2("cmpl",@_); } | 177 | sub main'cmp { &out2("cmpl",@_); } |
| 153 | sub main'lea { &out2("leal",@_); } | 178 | sub main'lea { &out2("leal",@_); } |
| 154 | sub main'mul { &out1("mull",@_); } | 179 | sub main'mul { &out1("mull",@_); } |
| 180 | sub main'imul { &out2("imull",@_); } | ||
| 155 | sub main'div { &out1("divl",@_); } | 181 | sub main'div { &out1("divl",@_); } |
| 156 | sub main'jmp { &out1("jmp",@_); } | 182 | sub main'jmp { &out1("jmp",@_); } |
| 157 | sub main'jmp_ptr { &out1p("jmp",@_); } | 183 | sub main'jmp_ptr { &out1p("jmp",@_); } |
| @@ -173,15 +199,48 @@ sub main'dec { &out1("decl",@_); } | |||
| 173 | sub main'inc { &out1($_[0]=~/%[a-d][hl]/?"incb":"incl",@_); } | 199 | sub main'inc { &out1($_[0]=~/%[a-d][hl]/?"incb":"incl",@_); } |
| 174 | sub main'push { &out1("pushl",@_); $stack+=4; } | 200 | sub main'push { &out1("pushl",@_); $stack+=4; } |
| 175 | sub main'pop { &out1("popl",@_); $stack-=4; } | 201 | sub main'pop { &out1("popl",@_); $stack-=4; } |
| 176 | sub main'pushf { &out0("pushf"); $stack+=4; } | 202 | sub main'pushf { &out0("pushfl"); $stack+=4; } |
| 177 | sub main'popf { &out0("popf"); $stack-=4; } | 203 | sub main'popf { &out0("popfl"); $stack-=4; } |
| 178 | sub main'not { &out1("notl",@_); } | 204 | sub main'not { &out1("notl",@_); } |
| 179 | sub main'call { &out1("call",($_[0]=~/^\.L/?'':$under).$_[0]); } | 205 | sub main'call { my $pre=$under; |
| 206 | foreach $i (%label) | ||
| 207 | { if ($label{$i} eq $_[0]) { $pre=''; last; } } | ||
| 208 | &out1("call",$pre.$_[0]); | ||
| 209 | } | ||
| 210 | sub main'call_ptr { &out1p("call",@_); } | ||
| 180 | sub main'ret { &out0("ret"); } | 211 | sub main'ret { &out0("ret"); } |
| 181 | sub main'nop { &out0("nop"); } | 212 | sub main'nop { &out0("nop"); } |
| 182 | sub main'test { &out2("testl",@_); } | 213 | sub main'test { &out2("testl",@_); } |
| 214 | sub main'bt { &out2("btl",@_); } | ||
| 215 | sub main'leave { &out0("leave"); } | ||
| 216 | sub main'cpuid { &out0(".byte\t0x0f,0xa2"); } | ||
| 217 | sub main'rdtsc { &out0(".byte\t0x0f,0x31"); } | ||
| 218 | sub main'halt { &out0("hlt"); } | ||
| 183 | sub main'movz { &out2("movzbl",@_); } | 219 | sub main'movz { &out2("movzbl",@_); } |
| 184 | sub main'neg { &out1("negl",@_); } | 220 | sub main'neg { &out1("negl",@_); } |
| 221 | sub main'cld { &out0("cld"); } | ||
| 222 | |||
| 223 | # SSE2 | ||
| 224 | sub main'emms { &out0("emms"); } | ||
| 225 | sub main'movd { &out2("movd",@_); } | ||
| 226 | sub main'movdqu { &out2("movdqu",@_); } | ||
| 227 | sub main'movdqa { &out2("movdqa",@_); } | ||
| 228 | sub main'movdq2q{ &out2("movdq2q",@_); } | ||
| 229 | sub main'movq2dq{ &out2("movq2dq",@_); } | ||
| 230 | sub main'paddq { &out2("paddq",@_); } | ||
| 231 | sub main'pmuludq{ &out2("pmuludq",@_); } | ||
| 232 | sub main'psrlq { &out2("psrlq",@_); } | ||
| 233 | sub main'psllq { &out2("psllq",@_); } | ||
| 234 | sub main'pxor { &out2("pxor",@_); } | ||
| 235 | sub main'por { &out2("por",@_); } | ||
| 236 | sub main'pand { &out2("pand",@_); } | ||
| 237 | sub main'movq { | ||
| 238 | local($p1,$p2,$optimize)=@_; | ||
| 239 | if ($optimize && $p1=~/^mm[0-7]$/ && $p2=~/^mm[0-7]$/) | ||
| 240 | # movq between mmx registers can sink Intel CPUs | ||
| 241 | { push(@out,"\tpshufw\t\$0xe4,%$p2,%$p1\n"); } | ||
| 242 | else { &out2("movq",@_); } | ||
| 243 | } | ||
| 185 | 244 | ||
| 186 | # The bswapl instruction is new for the 486. Emulate if i386. | 245 | # The bswapl instruction is new for the 486. Emulate if i386. |
| 187 | sub main'bswap | 246 | sub main'bswap |
| @@ -290,8 +349,6 @@ sub main'file | |||
| 290 | 349 | ||
| 291 | local($tmp)=<<"EOF"; | 350 | local($tmp)=<<"EOF"; |
| 292 | .file "$file.s" | 351 | .file "$file.s" |
| 293 | .version "01.01" | ||
| 294 | gcc2_compiled.: | ||
| 295 | EOF | 352 | EOF |
| 296 | push(@out,$tmp); | 353 | push(@out,$tmp); |
| 297 | } | 354 | } |
| @@ -308,15 +365,17 @@ sub main'function_begin | |||
| 308 | 365 | ||
| 309 | local($tmp)=<<"EOF"; | 366 | local($tmp)=<<"EOF"; |
| 310 | .text | 367 | .text |
| 311 | .align $align | 368 | .globl $func |
| 312 | .globl $func | ||
| 313 | EOF | 369 | EOF |
| 314 | push(@out,$tmp); | 370 | push(@out,$tmp); |
| 315 | if ($main'cpp) | 371 | if ($main'cpp) |
| 316 | { $tmp=push(@out,"\tTYPE($func,\@function)\n"); } | 372 | { $tmp=push(@out,"TYPE($func,\@function)\n"); } |
| 317 | elsif ($main'gaswin) | 373 | elsif ($main'coff) |
| 318 | { $tmp=push(@out,"\t.def\t$func;\t.scl\t2;\t.type\t32;\t.endef\n"); } | 374 | { $tmp=push(@out,".def\t$func;\t.scl\t2;\t.type\t32;\t.endef\n"); } |
| 319 | else { $tmp=push(@out,"\t.type\t$func,\@function\n"); } | 375 | elsif ($main'aout and !$main'pic) |
| 376 | { } | ||
| 377 | else { $tmp=push(@out,".type\t$func,\@function\n"); } | ||
| 378 | push(@out,".align\t$align\n"); | ||
| 320 | push(@out,"$func:\n"); | 379 | push(@out,"$func:\n"); |
| 321 | skip: | 380 | skip: |
| 322 | $tmp=<<"EOF"; | 381 | $tmp=<<"EOF"; |
| @@ -342,15 +401,17 @@ sub main'function_begin_B | |||
| 342 | 401 | ||
| 343 | local($tmp)=<<"EOF"; | 402 | local($tmp)=<<"EOF"; |
| 344 | .text | 403 | .text |
| 345 | .align $align | 404 | .globl $func |
| 346 | .globl $func | ||
| 347 | EOF | 405 | EOF |
| 348 | push(@out,$tmp); | 406 | push(@out,$tmp); |
| 349 | if ($main'cpp) | 407 | if ($main'cpp) |
| 350 | { push(@out,"\tTYPE($func,\@function)\n"); } | 408 | { push(@out,"TYPE($func,\@function)\n"); } |
| 351 | elsif ($main'gaswin) | 409 | elsif ($main'coff) |
| 352 | { $tmp=push(@out,"\t.def\t$func;\t.scl\t2;\t.type\t32;\t.endef\n"); } | 410 | { $tmp=push(@out,".def\t$func;\t.scl\t2;\t.type\t32;\t.endef\n"); } |
| 353 | else { push(@out,"\t.type $func,\@function\n"); } | 411 | elsif ($main'aout and !$main'pic) |
| 412 | { } | ||
| 413 | else { push(@out,".type $func,\@function\n"); } | ||
| 414 | push(@out,".align\t$align\n"); | ||
| 354 | push(@out,"$func:\n"); | 415 | push(@out,"$func:\n"); |
| 355 | skip: | 416 | skip: |
| 356 | $stack=4; | 417 | $stack=4; |
| @@ -368,15 +429,15 @@ sub main'function_end | |||
| 368 | popl %ebx | 429 | popl %ebx |
| 369 | popl %ebp | 430 | popl %ebp |
| 370 | ret | 431 | ret |
| 371 | .L_${func}_end: | 432 | ${dot}L_${func}_end: |
| 372 | EOF | 433 | EOF |
| 373 | push(@out,$tmp); | 434 | push(@out,$tmp); |
| 374 | 435 | ||
| 375 | if ($main'cpp) | 436 | if ($main'cpp) |
| 376 | { push(@out,"\tSIZE($func,.L_${func}_end-$func)\n"); } | 437 | { push(@out,"SIZE($func,${dot}L_${func}_end-$func)\n"); } |
| 377 | elsif ($main'gaswin) | 438 | elsif ($main'coff or $main'aout) |
| 378 | { $tmp=push(@out,"\t.align 4\n"); } | 439 | { } |
| 379 | else { push(@out,"\t.size\t$func,.L_${func}_end-$func\n"); } | 440 | else { push(@out,".size\t$func,${dot}L_${func}_end-$func\n"); } |
| 380 | push(@out,".ident \"$func\"\n"); | 441 | push(@out,".ident \"$func\"\n"); |
| 381 | $stack=0; | 442 | $stack=0; |
| 382 | %label=(); | 443 | %label=(); |
| @@ -402,13 +463,13 @@ sub main'function_end_B | |||
| 402 | 463 | ||
| 403 | $func=$under.$func; | 464 | $func=$under.$func; |
| 404 | 465 | ||
| 405 | push(@out,".L_${func}_end:\n"); | 466 | push(@out,"${dot}L_${func}_end:\n"); |
| 406 | if ($main'cpp) | 467 | if ($main'cpp) |
| 407 | { push(@out,"\tSIZE($func,.L_${func}_end-$func)\n"); } | 468 | { push(@out,"SIZE($func,${dot}L_${func}_end-$func)\n"); } |
| 408 | elsif ($main'gaswin) | 469 | elsif ($main'coff or $main'aout) |
| 409 | { push(@out,"\t.align 4\n"); } | 470 | { } |
| 410 | else { push(@out,"\t.size\t$func,.L_${func}_end-$func\n"); } | 471 | else { push(@out,".size\t$func,${dot}L_${func}_end-$func\n"); } |
| 411 | push(@out,".ident \"desasm.pl\"\n"); | 472 | push(@out,".ident \"$func\"\n"); |
| 412 | $stack=0; | 473 | $stack=0; |
| 413 | %label=(); | 474 | %label=(); |
| 414 | } | 475 | } |
| @@ -449,10 +510,10 @@ sub main'swtmp | |||
| 449 | 510 | ||
| 450 | sub main'comment | 511 | sub main'comment |
| 451 | { | 512 | { |
| 452 | if (!$main'openbsd && $main'elf) | 513 | if (!defined($com_start) or $main'elf) |
| 514 | { # Regarding $main'elf above... | ||
| 453 | # GNU and SVR4 as'es use different comment delimiters, | 515 | # GNU and SVR4 as'es use different comment delimiters, |
| 454 | { # so we just skip comments... | 516 | push(@out,"\n"); # so we just skip ELF comments... |
| 455 | push(@out,"\n"); | ||
| 456 | return; | 517 | return; |
| 457 | } | 518 | } |
| 458 | foreach (@_) | 519 | foreach (@_) |
| @@ -465,16 +526,16 @@ sub main'comment | |||
| 465 | } | 526 | } |
| 466 | 527 | ||
| 467 | sub main'public_label | 528 | sub main'public_label |
| 468 | { | 529 | { |
| 469 | $label{$_[0]}="${under}${_[0]}" if (!defined($label{$_[0]})); | 530 | $label{$_[0]}="${under}${_[0]}" if (!defined($label{$_[0]})); |
| 470 | push(@out,".globl\t$label{$_[0]}\n"); | 531 | push(@out,".globl\t$label{$_[0]}\n"); |
| 471 | } | 532 | } |
| 472 | 533 | ||
| 473 | sub main'label | 534 | sub main'label |
| 474 | { | 535 | { |
| 475 | if (!defined($label{$_[0]})) | 536 | if (!defined($label{$_[0]})) |
| 476 | { | 537 | { |
| 477 | $label{$_[0]}=".${label}${_[0]}"; | 538 | $label{$_[0]}="${dot}${label}${_[0]}"; |
| 478 | $label++; | 539 | $label++; |
| 479 | } | 540 | } |
| 480 | return($label{$_[0]}); | 541 | return($label{$_[0]}); |
| @@ -484,18 +545,35 @@ sub main'set_label | |||
| 484 | { | 545 | { |
| 485 | if (!defined($label{$_[0]})) | 546 | if (!defined($label{$_[0]})) |
| 486 | { | 547 | { |
| 487 | $label{$_[0]}=".${label}${_[0]}"; | 548 | $label{$_[0]}="${dot}${label}${_[0]}"; |
| 488 | $label++; | 549 | $label++; |
| 489 | } | 550 | } |
| 490 | if ($main'openbsd) | 551 | if ($_[1]!=0) |
| 491 | { push(@out,"_ALIGN_TEXT\n") if ($_[1] != 0); } | 552 | { |
| 492 | else | 553 | if ($_[1]>1) { main'align($_[1]); } |
| 493 | { push(@out,".align $align\n") if ($_[1] != 0); } | 554 | else |
| 555 | { | ||
| 556 | if ($main'openbsd) | ||
| 557 | { push(@out,"_ALIGN_TEXT\n"); } | ||
| 558 | else | ||
| 559 | { push(@out,".align $align\n"); } | ||
| 560 | } | ||
| 561 | } | ||
| 494 | push(@out,"$label{$_[0]}:\n"); | 562 | push(@out,"$label{$_[0]}:\n"); |
| 495 | } | 563 | } |
| 496 | 564 | ||
| 497 | sub main'file_end | 565 | sub main'file_end |
| 498 | { | 566 | { |
| 567 | # try to detect if SSE2 or MMX extensions were used on ELF platform... | ||
| 568 | if ($main'elf && grep {/\b%[x]*mm[0-7]\b|OPENSSL_ia32cap_P\b/i} @out) { | ||
| 569 | local($tmp); | ||
| 570 | |||
| 571 | push (@out,"\n.section\t.bss\n"); | ||
| 572 | push (@out,".comm\t${under}OPENSSL_ia32cap_P,4,4\n"); | ||
| 573 | |||
| 574 | return; | ||
| 575 | } | ||
| 576 | |||
| 499 | if ($const ne "") | 577 | if ($const ne "") |
| 500 | { | 578 | { |
| 501 | push(@out,".section .rodata\n"); | 579 | push(@out,".section .rodata\n"); |
| @@ -504,11 +582,31 @@ sub main'file_end | |||
| 504 | } | 582 | } |
| 505 | } | 583 | } |
| 506 | 584 | ||
| 585 | sub main'data_byte | ||
| 586 | { | ||
| 587 | push(@out,"\t.byte\t".join(',',@_)."\n"); | ||
| 588 | } | ||
| 589 | |||
| 507 | sub main'data_word | 590 | sub main'data_word |
| 508 | { | 591 | { |
| 509 | push(@out,"\t.long\t".join(',',@_)."\n"); | 592 | push(@out,"\t.long\t".join(',',@_)."\n"); |
| 510 | } | 593 | } |
| 511 | 594 | ||
| 595 | sub main'align | ||
| 596 | { | ||
| 597 | my $val=$_[0],$p2,$i; | ||
| 598 | if ($main'aout) { | ||
| 599 | for ($p2=0;$val!=0;$val>>=1) { $p2++; } | ||
| 600 | $val=$p2-1; | ||
| 601 | $val.=",0x90"; | ||
| 602 | } | ||
| 603 | push(@out,".align\t$val\n"); | ||
| 604 | if ($main'openbsd) | ||
| 605 | { push(@out,"_ALIGN_TEXT\n"); } | ||
| 606 | else | ||
| 607 | { push(@out,".align $tval\n"); } | ||
| 608 | } | ||
| 609 | |||
| 512 | # debug output functions: puts, putx, printf | 610 | # debug output functions: puts, putx, printf |
| 513 | 611 | ||
| 514 | sub main'puts | 612 | sub main'puts |
| @@ -588,7 +686,6 @@ sub main'picmeup | |||
| 588 | { | 686 | { |
| 589 | local($tmp)=<<___; | 687 | local($tmp)=<<___; |
| 590 | #if (defined(ELF) || defined(SOL)) && defined(PIC) | 688 | #if (defined(ELF) || defined(SOL)) && defined(PIC) |
| 591 | .align 8 | ||
| 592 | call 1f | 689 | call 1f |
| 593 | 1: popl $regs{$dst} | 690 | 1: popl $regs{$dst} |
| 594 | addl \$_GLOBAL_OFFSET_TABLE_+[.-1b],$regs{$dst} | 691 | addl \$_GLOBAL_OFFSET_TABLE_+[.-1b],$regs{$dst} |
| @@ -611,13 +708,12 @@ ___ | |||
| 611 | } | 708 | } |
| 612 | elsif ($main'pic && ($main'elf || $main'aout)) | 709 | elsif ($main'pic && ($main'elf || $main'aout)) |
| 613 | { | 710 | { |
| 614 | push(@out,"\t.align\t8\n"); | ||
| 615 | &main'call(&main'label("PIC_me_up")); | 711 | &main'call(&main'label("PIC_me_up")); |
| 616 | &main'set_label("PIC_me_up"); | 712 | &main'set_label("PIC_me_up"); |
| 617 | &main'blindpop($dst); | 713 | &main'blindpop($dst); |
| 618 | &main'add($dst,"\$$under"."_GLOBAL_OFFSET_TABLE_+[.-". | 714 | &main'add($dst,"\$${under}_GLOBAL_OFFSET_TABLE_+[.-". |
| 619 | &main'label("PIC_me_up") . "]"); | 715 | &main'label("PIC_me_up") . "]"); |
| 620 | &main'mov($dst,&main'DWP($sym."\@GOT",$dst)); | 716 | &main'mov($dst,&main'DWP($under.$sym."\@GOT",$dst)); |
| 621 | } | 717 | } |
| 622 | else | 718 | else |
| 623 | { | 719 | { |
| @@ -626,3 +722,41 @@ ___ | |||
| 626 | } | 722 | } |
| 627 | 723 | ||
| 628 | sub main'blindpop { &out1("popl",@_); } | 724 | sub main'blindpop { &out1("popl",@_); } |
| 725 | |||
| 726 | sub main'initseg | ||
| 727 | { | ||
| 728 | local($f)=@_; | ||
| 729 | local($tmp); | ||
| 730 | if ($main'elf) | ||
| 731 | { | ||
| 732 | $tmp=<<___; | ||
| 733 | .section .init | ||
| 734 | call $under$f | ||
| 735 | jmp .Linitalign | ||
| 736 | .align $align | ||
| 737 | .Linitalign: | ||
| 738 | ___ | ||
| 739 | } | ||
| 740 | elsif ($main'coff) | ||
| 741 | { | ||
| 742 | $tmp=<<___; # applies to both Cygwin and Mingw | ||
| 743 | .section .ctors | ||
| 744 | .long $under$f | ||
| 745 | ___ | ||
| 746 | } | ||
| 747 | elsif ($main'aout) | ||
| 748 | { | ||
| 749 | local($ctor)="${under}_GLOBAL_\$I\$$f"; | ||
| 750 | $tmp=".text\n"; | ||
| 751 | $tmp.=".type $ctor,\@function\n" if ($main'pic); | ||
| 752 | $tmp.=<<___; # OpenBSD way... | ||
| 753 | .globl $ctor | ||
| 754 | .align 2 | ||
| 755 | $ctor: | ||
| 756 | jmp $under$f | ||
| 757 | ___ | ||
| 758 | } | ||
| 759 | push(@out,$tmp) if ($tmp); | ||
| 760 | } | ||
| 761 | |||
| 762 | 1; | ||
diff --git a/src/lib/libssl/src/crypto/pkcs12/p12_add.c b/src/lib/libssl/src/crypto/pkcs12/p12_add.c index 27015dd8c3..41bdc00551 100644 --- a/src/lib/libssl/src/crypto/pkcs12/p12_add.c +++ b/src/lib/libssl/src/crypto/pkcs12/p12_add.c | |||
| @@ -68,16 +68,16 @@ PKCS12_SAFEBAG *PKCS12_item_pack_safebag(void *obj, const ASN1_ITEM *it, int nid | |||
| 68 | PKCS12_BAGS *bag; | 68 | PKCS12_BAGS *bag; |
| 69 | PKCS12_SAFEBAG *safebag; | 69 | PKCS12_SAFEBAG *safebag; |
| 70 | if (!(bag = PKCS12_BAGS_new())) { | 70 | if (!(bag = PKCS12_BAGS_new())) { |
| 71 | PKCS12err(PKCS12_F_PKCS12_PACK_SAFEBAG, ERR_R_MALLOC_FAILURE); | 71 | PKCS12err(PKCS12_F_PKCS12_ITEM_PACK_SAFEBAG, ERR_R_MALLOC_FAILURE); |
| 72 | return NULL; | 72 | return NULL; |
| 73 | } | 73 | } |
| 74 | bag->type = OBJ_nid2obj(nid1); | 74 | bag->type = OBJ_nid2obj(nid1); |
| 75 | if (!ASN1_item_pack(obj, it, &bag->value.octet)) { | 75 | if (!ASN1_item_pack(obj, it, &bag->value.octet)) { |
| 76 | PKCS12err(PKCS12_F_PKCS12_PACK_SAFEBAG, ERR_R_MALLOC_FAILURE); | 76 | PKCS12err(PKCS12_F_PKCS12_ITEM_PACK_SAFEBAG, ERR_R_MALLOC_FAILURE); |
| 77 | return NULL; | 77 | return NULL; |
| 78 | } | 78 | } |
| 79 | if (!(safebag = PKCS12_SAFEBAG_new())) { | 79 | if (!(safebag = PKCS12_SAFEBAG_new())) { |
| 80 | PKCS12err(PKCS12_F_PKCS12_PACK_SAFEBAG, ERR_R_MALLOC_FAILURE); | 80 | PKCS12err(PKCS12_F_PKCS12_ITEM_PACK_SAFEBAG, ERR_R_MALLOC_FAILURE); |
| 81 | return NULL; | 81 | return NULL; |
| 82 | } | 82 | } |
| 83 | safebag->value.bag = bag; | 83 | safebag->value.bag = bag; |
diff --git a/src/lib/libssl/src/crypto/pkcs12/p12_crpt.c b/src/lib/libssl/src/crypto/pkcs12/p12_crpt.c index 003ec7a33e..3ad33c49d8 100644 --- a/src/lib/libssl/src/crypto/pkcs12/p12_crpt.c +++ b/src/lib/libssl/src/crypto/pkcs12/p12_crpt.c | |||
| @@ -84,19 +84,25 @@ EVP_PBE_alg_add(NID_pbe_WithSHA1And40BitRC2_CBC, EVP_rc2_40_cbc(), | |||
| 84 | #endif | 84 | #endif |
| 85 | } | 85 | } |
| 86 | 86 | ||
| 87 | int PKCS12_PBE_keyivgen (EVP_CIPHER_CTX *ctx, const char *pass, int passlen, | 87 | int PKCS12_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, |
| 88 | ASN1_TYPE *param, const EVP_CIPHER *cipher, const EVP_MD *md, int en_de) | 88 | ASN1_TYPE *param, const EVP_CIPHER *cipher, const EVP_MD *md, int en_de) |
| 89 | { | 89 | { |
| 90 | PBEPARAM *pbe; | 90 | PBEPARAM *pbe; |
| 91 | int saltlen, iter, ret; | 91 | int saltlen, iter, ret; |
| 92 | unsigned char *salt, *pbuf; | 92 | unsigned char *salt; |
| 93 | const unsigned char *pbuf; | ||
| 93 | unsigned char key[EVP_MAX_KEY_LENGTH], iv[EVP_MAX_IV_LENGTH]; | 94 | unsigned char key[EVP_MAX_KEY_LENGTH], iv[EVP_MAX_IV_LENGTH]; |
| 94 | 95 | ||
| 95 | /* Extract useful info from parameter */ | 96 | /* Extract useful info from parameter */ |
| 97 | if (param == NULL || param->type != V_ASN1_SEQUENCE || | ||
| 98 | param->value.sequence == NULL) { | ||
| 99 | PKCS12err(PKCS12_F_PKCS12_PBE_KEYIVGEN,PKCS12_R_DECODE_ERROR); | ||
| 100 | return 0; | ||
| 101 | } | ||
| 102 | |||
| 96 | pbuf = param->value.sequence->data; | 103 | pbuf = param->value.sequence->data; |
| 97 | if (!param || (param->type != V_ASN1_SEQUENCE) || | 104 | if (!(pbe = d2i_PBEPARAM(NULL, &pbuf, param->value.sequence->length))) { |
| 98 | !(pbe = d2i_PBEPARAM (NULL, &pbuf, param->value.sequence->length))) { | 105 | PKCS12err(PKCS12_F_PKCS12_PBE_KEYIVGEN,PKCS12_R_DECODE_ERROR); |
| 99 | EVPerr(PKCS12_F_PKCS12_PBE_KEYIVGEN,EVP_R_DECODE_ERROR); | ||
| 100 | return 0; | 106 | return 0; |
| 101 | } | 107 | } |
| 102 | 108 | ||
diff --git a/src/lib/libssl/src/crypto/pkcs12/p12_crt.c b/src/lib/libssl/src/crypto/pkcs12/p12_crt.c index 40340a7bef..dbafda17b6 100644 --- a/src/lib/libssl/src/crypto/pkcs12/p12_crt.c +++ b/src/lib/libssl/src/crypto/pkcs12/p12_crt.c | |||
| @@ -1,9 +1,9 @@ | |||
| 1 | /* p12_crt.c */ | 1 | /* p12_crt.c */ |
| 2 | /* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL | 2 | /* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL |
| 3 | * project 1999. | 3 | * project. |
| 4 | */ | 4 | */ |
| 5 | /* ==================================================================== | 5 | /* ==================================================================== |
| 6 | * Copyright (c) 1999 The OpenSSL Project. All rights reserved. | 6 | * Copyright (c) 1999-2002 The OpenSSL Project. All rights reserved. |
| 7 | * | 7 | * |
| 8 | * Redistribution and use in source and binary forms, with or without | 8 | * Redistribution and use in source and binary forms, with or without |
| 9 | * modification, are permitted provided that the following conditions | 9 | * modification, are permitted provided that the following conditions |
| @@ -60,113 +60,289 @@ | |||
| 60 | #include "cryptlib.h" | 60 | #include "cryptlib.h" |
| 61 | #include <openssl/pkcs12.h> | 61 | #include <openssl/pkcs12.h> |
| 62 | 62 | ||
| 63 | |||
| 64 | static int pkcs12_add_bag(STACK_OF(PKCS12_SAFEBAG) **pbags, PKCS12_SAFEBAG *bag); | ||
| 65 | |||
| 63 | PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert, | 66 | PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert, |
| 64 | STACK_OF(X509) *ca, int nid_key, int nid_cert, int iter, int mac_iter, | 67 | STACK_OF(X509) *ca, int nid_key, int nid_cert, int iter, int mac_iter, |
| 65 | int keytype) | 68 | int keytype) |
| 66 | { | 69 | { |
| 67 | PKCS12 *p12; | 70 | PKCS12 *p12 = NULL; |
| 68 | STACK_OF(PKCS12_SAFEBAG) *bags; | 71 | STACK_OF(PKCS7) *safes = NULL; |
| 69 | STACK_OF(PKCS7) *safes; | 72 | STACK_OF(PKCS12_SAFEBAG) *bags = NULL; |
| 70 | PKCS12_SAFEBAG *bag; | 73 | PKCS12_SAFEBAG *bag = NULL; |
| 71 | PKCS8_PRIV_KEY_INFO *p8; | ||
| 72 | PKCS7 *authsafe; | ||
| 73 | X509 *tcert; | ||
| 74 | int i; | 74 | int i; |
| 75 | unsigned char keyid[EVP_MAX_MD_SIZE]; | 75 | unsigned char keyid[EVP_MAX_MD_SIZE]; |
| 76 | unsigned int keyidlen; | 76 | unsigned int keyidlen = 0; |
| 77 | 77 | ||
| 78 | /* Set defaults */ | 78 | /* Set defaults */ |
| 79 | if(!nid_cert) | 79 | if (!nid_cert) |
| 80 | { | 80 | nid_cert = NID_pbe_WithSHA1And40BitRC2_CBC; |
| 81 | #ifdef OPENSSL_FIPS | 81 | if (!nid_key) |
| 82 | if (FIPS_mode()) | 82 | nid_key = NID_pbe_WithSHA1And3_Key_TripleDES_CBC; |
| 83 | nid_cert = NID_pbe_WithSHA1And3_Key_TripleDES_CBC; | 83 | if (!iter) |
| 84 | else | 84 | iter = PKCS12_DEFAULT_ITER; |
| 85 | #endif | 85 | if (!mac_iter) |
| 86 | nid_cert = NID_pbe_WithSHA1And40BitRC2_CBC; | 86 | mac_iter = 1; |
| 87 | } | ||
| 88 | if(!nid_key) nid_key = NID_pbe_WithSHA1And3_Key_TripleDES_CBC; | ||
| 89 | if(!iter) iter = PKCS12_DEFAULT_ITER; | ||
| 90 | if(!mac_iter) mac_iter = 1; | ||
| 91 | 87 | ||
| 92 | if(!pkey || !cert) { | 88 | if(!pkey && !cert && !ca) |
| 89 | { | ||
| 93 | PKCS12err(PKCS12_F_PKCS12_CREATE,PKCS12_R_INVALID_NULL_ARGUMENT); | 90 | PKCS12err(PKCS12_F_PKCS12_CREATE,PKCS12_R_INVALID_NULL_ARGUMENT); |
| 94 | return NULL; | 91 | return NULL; |
| 95 | } | 92 | } |
| 96 | |||
| 97 | if(!X509_check_private_key(cert, pkey)) return NULL; | ||
| 98 | 93 | ||
| 99 | if(!(bags = sk_PKCS12_SAFEBAG_new_null ())) { | 94 | if (pkey && cert) |
| 100 | PKCS12err(PKCS12_F_PKCS12_CREATE,ERR_R_MALLOC_FAILURE); | 95 | { |
| 101 | return NULL; | 96 | if(!X509_check_private_key(cert, pkey)) |
| 102 | } | 97 | return NULL; |
| 98 | X509_digest(cert, EVP_sha1(), keyid, &keyidlen); | ||
| 99 | } | ||
| 103 | 100 | ||
| 104 | /* Add user certificate */ | 101 | if (cert) |
| 105 | if(!(bag = PKCS12_x5092certbag(cert))) return NULL; | 102 | { |
| 106 | if(name && !PKCS12_add_friendlyname(bag, name, -1)) return NULL; | 103 | bag = PKCS12_add_cert(&bags, cert); |
| 107 | X509_digest(cert, EVP_sha1(), keyid, &keyidlen); | 104 | if(name && !PKCS12_add_friendlyname(bag, name, -1)) |
| 108 | if(!PKCS12_add_localkeyid(bag, keyid, keyidlen)) return NULL; | 105 | goto err; |
| 106 | if(keyidlen && !PKCS12_add_localkeyid(bag, keyid, keyidlen)) | ||
| 107 | goto err; | ||
| 108 | } | ||
| 109 | 109 | ||
| 110 | if(!sk_PKCS12_SAFEBAG_push(bags, bag)) { | ||
| 111 | PKCS12err(PKCS12_F_PKCS12_CREATE,ERR_R_MALLOC_FAILURE); | ||
| 112 | return NULL; | ||
| 113 | } | ||
| 114 | |||
| 115 | /* Add all other certificates */ | 110 | /* Add all other certificates */ |
| 116 | if(ca) { | 111 | for(i = 0; i < sk_X509_num(ca); i++) |
| 117 | for(i = 0; i < sk_X509_num(ca); i++) { | 112 | { |
| 118 | tcert = sk_X509_value(ca, i); | 113 | if (!PKCS12_add_cert(&bags, sk_X509_value(ca, i))) |
| 119 | if(!(bag = PKCS12_x5092certbag(tcert))) return NULL; | 114 | goto err; |
| 120 | if(!sk_PKCS12_SAFEBAG_push(bags, bag)) { | 115 | } |
| 121 | PKCS12err(PKCS12_F_PKCS12_CREATE,ERR_R_MALLOC_FAILURE); | 116 | |
| 122 | return NULL; | 117 | if (bags && !PKCS12_add_safe(&safes, bags, nid_cert, iter, pass)) |
| 118 | goto err; | ||
| 119 | |||
| 120 | sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free); | ||
| 121 | bags = NULL; | ||
| 122 | |||
| 123 | if (pkey) | ||
| 124 | { | ||
| 125 | int cspidx; | ||
| 126 | bag = PKCS12_add_key(&bags, pkey, keytype, iter, nid_key, pass); | ||
| 127 | |||
| 128 | if (!bag) | ||
| 129 | goto err; | ||
| 130 | |||
| 131 | cspidx = EVP_PKEY_get_attr_by_NID(pkey, NID_ms_csp_name, -1); | ||
| 132 | if (cspidx >= 0) | ||
| 133 | { | ||
| 134 | X509_ATTRIBUTE *cspattr; | ||
| 135 | cspattr = EVP_PKEY_get_attr(pkey, cspidx); | ||
| 136 | if (!X509at_add1_attr(&bag->attrib, cspattr)) | ||
| 137 | goto err; | ||
| 123 | } | 138 | } |
| 139 | |||
| 140 | if(name && !PKCS12_add_friendlyname(bag, name, -1)) | ||
| 141 | goto err; | ||
| 142 | if(keyidlen && !PKCS12_add_localkeyid(bag, keyid, keyidlen)) | ||
| 143 | goto err; | ||
| 124 | } | 144 | } |
| 125 | } | ||
| 126 | 145 | ||
| 127 | /* Turn certbags into encrypted authsafe */ | 146 | if (bags && !PKCS12_add_safe(&safes, bags, -1, 0, NULL)) |
| 128 | authsafe = PKCS12_pack_p7encdata (nid_cert, pass, -1, NULL, 0, | 147 | goto err; |
| 129 | iter, bags); | 148 | |
| 130 | sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free); | 149 | sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free); |
| 150 | bags = NULL; | ||
| 131 | 151 | ||
| 132 | if (!authsafe) return NULL; | 152 | p12 = PKCS12_add_safes(safes, 0); |
| 153 | |||
| 154 | sk_PKCS7_pop_free(safes, PKCS7_free); | ||
| 155 | |||
| 156 | safes = NULL; | ||
| 157 | |||
| 158 | if ((mac_iter != -1) && | ||
| 159 | !PKCS12_set_mac(p12, pass, -1, NULL, 0, mac_iter, NULL)) | ||
| 160 | goto err; | ||
| 161 | |||
| 162 | return p12; | ||
| 163 | |||
| 164 | err: | ||
| 165 | |||
| 166 | if (p12) | ||
| 167 | PKCS12_free(p12); | ||
| 168 | if (safes) | ||
| 169 | sk_PKCS7_pop_free(safes, PKCS7_free); | ||
| 170 | if (bags) | ||
| 171 | sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free); | ||
| 172 | return NULL; | ||
| 173 | |||
| 174 | } | ||
| 175 | |||
| 176 | PKCS12_SAFEBAG *PKCS12_add_cert(STACK_OF(PKCS12_SAFEBAG) **pbags, X509 *cert) | ||
| 177 | { | ||
| 178 | PKCS12_SAFEBAG *bag = NULL; | ||
| 179 | char *name; | ||
| 180 | int namelen = -1; | ||
| 181 | unsigned char *keyid; | ||
| 182 | int keyidlen = -1; | ||
| 183 | |||
| 184 | /* Add user certificate */ | ||
| 185 | if(!(bag = PKCS12_x5092certbag(cert))) | ||
| 186 | goto err; | ||
| 187 | |||
| 188 | /* Use friendlyName and localKeyID in certificate. | ||
| 189 | * (if present) | ||
| 190 | */ | ||
| 191 | |||
| 192 | name = (char *)X509_alias_get0(cert, &namelen); | ||
| 193 | |||
| 194 | if(name && !PKCS12_add_friendlyname(bag, name, namelen)) | ||
| 195 | goto err; | ||
| 196 | |||
| 197 | keyid = X509_keyid_get0(cert, &keyidlen); | ||
| 198 | |||
| 199 | if(keyid && !PKCS12_add_localkeyid(bag, keyid, keyidlen)) | ||
| 200 | goto err; | ||
| 201 | |||
| 202 | if (!pkcs12_add_bag(pbags, bag)) | ||
| 203 | goto err; | ||
| 204 | |||
| 205 | return bag; | ||
| 206 | |||
| 207 | err: | ||
| 208 | |||
| 209 | if (bag) | ||
| 210 | PKCS12_SAFEBAG_free(bag); | ||
| 211 | |||
| 212 | return NULL; | ||
| 133 | 213 | ||
| 134 | if(!(safes = sk_PKCS7_new_null ()) | ||
| 135 | || !sk_PKCS7_push(safes, authsafe)) { | ||
| 136 | PKCS12err(PKCS12_F_PKCS12_CREATE,ERR_R_MALLOC_FAILURE); | ||
| 137 | return NULL; | ||
| 138 | } | 214 | } |
| 139 | 215 | ||
| 140 | /* Make a shrouded key bag */ | 216 | PKCS12_SAFEBAG *PKCS12_add_key(STACK_OF(PKCS12_SAFEBAG) **pbags, EVP_PKEY *key, |
| 141 | if(!(p8 = EVP_PKEY2PKCS8 (pkey))) return NULL; | 217 | int key_usage, int iter, |
| 142 | if(keytype && !PKCS8_add_keyusage(p8, keytype)) return NULL; | 218 | int nid_key, char *pass) |
| 143 | bag = PKCS12_MAKE_SHKEYBAG (nid_key, pass, -1, NULL, 0, iter, p8); | 219 | { |
| 144 | if(!bag) return NULL; | 220 | |
| 145 | PKCS8_PRIV_KEY_INFO_free(p8); | 221 | PKCS12_SAFEBAG *bag = NULL; |
| 146 | if (name && !PKCS12_add_friendlyname (bag, name, -1)) return NULL; | 222 | PKCS8_PRIV_KEY_INFO *p8 = NULL; |
| 147 | if(!PKCS12_add_localkeyid (bag, keyid, keyidlen)) return NULL; | 223 | |
| 148 | if(!(bags = sk_PKCS12_SAFEBAG_new_null()) | 224 | /* Make a PKCS#8 structure */ |
| 149 | || !sk_PKCS12_SAFEBAG_push (bags, bag)) { | 225 | if(!(p8 = EVP_PKEY2PKCS8(key))) |
| 150 | PKCS12err(PKCS12_F_PKCS12_CREATE,ERR_R_MALLOC_FAILURE); | 226 | goto err; |
| 151 | return NULL; | 227 | if(key_usage && !PKCS8_add_keyusage(p8, key_usage)) |
| 228 | goto err; | ||
| 229 | if (nid_key != -1) | ||
| 230 | { | ||
| 231 | bag = PKCS12_MAKE_SHKEYBAG(nid_key, pass, -1, NULL, 0, iter, p8); | ||
| 232 | PKCS8_PRIV_KEY_INFO_free(p8); | ||
| 233 | } | ||
| 234 | else | ||
| 235 | bag = PKCS12_MAKE_KEYBAG(p8); | ||
| 236 | |||
| 237 | if(!bag) | ||
| 238 | goto err; | ||
| 239 | |||
| 240 | if (!pkcs12_add_bag(pbags, bag)) | ||
| 241 | goto err; | ||
| 242 | |||
| 243 | return bag; | ||
| 244 | |||
| 245 | err: | ||
| 246 | |||
| 247 | if (bag) | ||
| 248 | PKCS12_SAFEBAG_free(bag); | ||
| 249 | |||
| 250 | return NULL; | ||
| 251 | |||
| 152 | } | 252 | } |
| 153 | /* Turn it into unencrypted safe bag */ | 253 | |
| 154 | if(!(authsafe = PKCS12_pack_p7data (bags))) return NULL; | 254 | int PKCS12_add_safe(STACK_OF(PKCS7) **psafes, STACK_OF(PKCS12_SAFEBAG) *bags, |
| 155 | sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free); | 255 | int nid_safe, int iter, char *pass) |
| 156 | if(!sk_PKCS7_push(safes, authsafe)) { | 256 | { |
| 157 | PKCS12err(PKCS12_F_PKCS12_CREATE,ERR_R_MALLOC_FAILURE); | 257 | PKCS7 *p7 = NULL; |
| 158 | return NULL; | 258 | int free_safes = 0; |
| 259 | |||
| 260 | if (!*psafes) | ||
| 261 | { | ||
| 262 | *psafes = sk_PKCS7_new_null(); | ||
| 263 | if (!*psafes) | ||
| 264 | return 0; | ||
| 265 | free_safes = 1; | ||
| 266 | } | ||
| 267 | else | ||
| 268 | free_safes = 0; | ||
| 269 | |||
| 270 | if (nid_safe == 0) | ||
| 271 | nid_safe = NID_pbe_WithSHA1And40BitRC2_CBC; | ||
| 272 | |||
| 273 | if (nid_safe == -1) | ||
| 274 | p7 = PKCS12_pack_p7data(bags); | ||
| 275 | else | ||
| 276 | p7 = PKCS12_pack_p7encdata(nid_safe, pass, -1, NULL, 0, | ||
| 277 | iter, bags); | ||
| 278 | if (!p7) | ||
| 279 | goto err; | ||
| 280 | |||
| 281 | if (!sk_PKCS7_push(*psafes, p7)) | ||
| 282 | goto err; | ||
| 283 | |||
| 284 | return 1; | ||
| 285 | |||
| 286 | err: | ||
| 287 | if (free_safes) | ||
| 288 | { | ||
| 289 | sk_PKCS7_free(*psafes); | ||
| 290 | *psafes = NULL; | ||
| 291 | } | ||
| 292 | |||
| 293 | if (p7) | ||
| 294 | PKCS7_free(p7); | ||
| 295 | |||
| 296 | return 0; | ||
| 297 | |||
| 159 | } | 298 | } |
| 160 | 299 | ||
| 161 | if(!(p12 = PKCS12_init (NID_pkcs7_data))) return NULL; | 300 | static int pkcs12_add_bag(STACK_OF(PKCS12_SAFEBAG) **pbags, PKCS12_SAFEBAG *bag) |
| 301 | { | ||
| 302 | int free_bags; | ||
| 303 | if (!pbags) | ||
| 304 | return 1; | ||
| 305 | if (!*pbags) | ||
| 306 | { | ||
| 307 | *pbags = sk_PKCS12_SAFEBAG_new_null(); | ||
| 308 | if (!*pbags) | ||
| 309 | return 0; | ||
| 310 | free_bags = 1; | ||
| 311 | } | ||
| 312 | else | ||
| 313 | free_bags = 0; | ||
| 162 | 314 | ||
| 163 | if(!PKCS12_pack_authsafes (p12, safes)) return NULL; | 315 | if (!sk_PKCS12_SAFEBAG_push(*pbags, bag)) |
| 316 | { | ||
| 317 | if (free_bags) | ||
| 318 | { | ||
| 319 | sk_PKCS12_SAFEBAG_free(*pbags); | ||
| 320 | *pbags = NULL; | ||
| 321 | } | ||
| 322 | return 0; | ||
| 323 | } | ||
| 164 | 324 | ||
| 165 | sk_PKCS7_pop_free(safes, PKCS7_free); | 325 | return 1; |
| 326 | |||
| 327 | } | ||
| 328 | |||
| 329 | |||
| 330 | PKCS12 *PKCS12_add_safes(STACK_OF(PKCS7) *safes, int nid_p7) | ||
| 331 | { | ||
| 332 | PKCS12 *p12; | ||
| 333 | if (nid_p7 <= 0) | ||
| 334 | nid_p7 = NID_pkcs7_data; | ||
| 335 | p12 = PKCS12_init(nid_p7); | ||
| 336 | |||
| 337 | if (!p12) | ||
| 338 | return NULL; | ||
| 166 | 339 | ||
| 167 | if(!PKCS12_set_mac (p12, pass, -1, NULL, 0, mac_iter, NULL)) | 340 | if(!PKCS12_pack_authsafes(p12, safes)) |
| 168 | return NULL; | 341 | { |
| 342 | PKCS12_free(p12); | ||
| 343 | return NULL; | ||
| 344 | } | ||
| 169 | 345 | ||
| 170 | return p12; | 346 | return p12; |
| 171 | 347 | ||
| 172 | } | 348 | } |
diff --git a/src/lib/libssl/src/crypto/pkcs12/p12_decr.c b/src/lib/libssl/src/crypto/pkcs12/p12_decr.c index b5684a83ba..74c961a92b 100644 --- a/src/lib/libssl/src/crypto/pkcs12/p12_decr.c +++ b/src/lib/libssl/src/crypto/pkcs12/p12_decr.c | |||
| @@ -113,13 +113,14 @@ unsigned char * PKCS12_pbe_crypt(X509_ALGOR *algor, const char *pass, | |||
| 113 | void * PKCS12_item_decrypt_d2i(X509_ALGOR *algor, const ASN1_ITEM *it, | 113 | void * PKCS12_item_decrypt_d2i(X509_ALGOR *algor, const ASN1_ITEM *it, |
| 114 | const char *pass, int passlen, ASN1_OCTET_STRING *oct, int zbuf) | 114 | const char *pass, int passlen, ASN1_OCTET_STRING *oct, int zbuf) |
| 115 | { | 115 | { |
| 116 | unsigned char *out, *p; | 116 | unsigned char *out; |
| 117 | const unsigned char *p; | ||
| 117 | void *ret; | 118 | void *ret; |
| 118 | int outlen; | 119 | int outlen; |
| 119 | 120 | ||
| 120 | if (!PKCS12_pbe_crypt(algor, pass, passlen, oct->data, oct->length, | 121 | if (!PKCS12_pbe_crypt(algor, pass, passlen, oct->data, oct->length, |
| 121 | &out, &outlen, 0)) { | 122 | &out, &outlen, 0)) { |
| 122 | PKCS12err(PKCS12_F_PKCS12_DECRYPT_D2I,PKCS12_R_PKCS12_PBE_CRYPT_ERROR); | 123 | PKCS12err(PKCS12_F_PKCS12_ITEM_DECRYPT_D2I,PKCS12_R_PKCS12_PBE_CRYPT_ERROR); |
| 123 | return NULL; | 124 | return NULL; |
| 124 | } | 125 | } |
| 125 | p = out; | 126 | p = out; |
| @@ -137,7 +138,7 @@ void * PKCS12_item_decrypt_d2i(X509_ALGOR *algor, const ASN1_ITEM *it, | |||
| 137 | #endif | 138 | #endif |
| 138 | ret = ASN1_item_d2i(NULL, &p, outlen, it); | 139 | ret = ASN1_item_d2i(NULL, &p, outlen, it); |
| 139 | if (zbuf) OPENSSL_cleanse(out, outlen); | 140 | if (zbuf) OPENSSL_cleanse(out, outlen); |
| 140 | if(!ret) PKCS12err(PKCS12_F_PKCS12_DECRYPT_D2I,PKCS12_R_DECODE_ERROR); | 141 | if(!ret) PKCS12err(PKCS12_F_PKCS12_ITEM_DECRYPT_D2I,PKCS12_R_DECODE_ERROR); |
| 141 | OPENSSL_free(out); | 142 | OPENSSL_free(out); |
| 142 | return ret; | 143 | return ret; |
| 143 | } | 144 | } |
| @@ -154,17 +155,17 @@ ASN1_OCTET_STRING *PKCS12_item_i2d_encrypt(X509_ALGOR *algor, const ASN1_ITEM *i | |||
| 154 | unsigned char *in = NULL; | 155 | unsigned char *in = NULL; |
| 155 | int inlen; | 156 | int inlen; |
| 156 | if (!(oct = M_ASN1_OCTET_STRING_new ())) { | 157 | if (!(oct = M_ASN1_OCTET_STRING_new ())) { |
| 157 | PKCS12err(PKCS12_F_PKCS12_I2D_ENCRYPT,ERR_R_MALLOC_FAILURE); | 158 | PKCS12err(PKCS12_F_PKCS12_ITEM_I2D_ENCRYPT,ERR_R_MALLOC_FAILURE); |
| 158 | return NULL; | 159 | return NULL; |
| 159 | } | 160 | } |
| 160 | inlen = ASN1_item_i2d(obj, &in, it); | 161 | inlen = ASN1_item_i2d(obj, &in, it); |
| 161 | if (!in) { | 162 | if (!in) { |
| 162 | PKCS12err(PKCS12_F_PKCS12_I2D_ENCRYPT,PKCS12_R_ENCODE_ERROR); | 163 | PKCS12err(PKCS12_F_PKCS12_ITEM_I2D_ENCRYPT,PKCS12_R_ENCODE_ERROR); |
| 163 | return NULL; | 164 | return NULL; |
| 164 | } | 165 | } |
| 165 | if (!PKCS12_pbe_crypt(algor, pass, passlen, in, inlen, &oct->data, | 166 | if (!PKCS12_pbe_crypt(algor, pass, passlen, in, inlen, &oct->data, |
| 166 | &oct->length, 1)) { | 167 | &oct->length, 1)) { |
| 167 | PKCS12err(PKCS12_F_PKCS12_I2D_ENCRYPT,PKCS12_R_ENCRYPT_ERROR); | 168 | PKCS12err(PKCS12_F_PKCS12_ITEM_I2D_ENCRYPT,PKCS12_R_ENCRYPT_ERROR); |
| 168 | OPENSSL_free(in); | 169 | OPENSSL_free(in); |
| 169 | return NULL; | 170 | return NULL; |
| 170 | } | 171 | } |
diff --git a/src/lib/libssl/src/crypto/pkcs12/p12_init.c b/src/lib/libssl/src/crypto/pkcs12/p12_init.c index 5276b12669..6bdc132631 100644 --- a/src/lib/libssl/src/crypto/pkcs12/p12_init.c +++ b/src/lib/libssl/src/crypto/pkcs12/p12_init.c | |||
| @@ -62,7 +62,7 @@ | |||
| 62 | 62 | ||
| 63 | /* Initialise a PKCS12 structure to take data */ | 63 | /* Initialise a PKCS12 structure to take data */ |
| 64 | 64 | ||
| 65 | PKCS12 *PKCS12_init (int mode) | 65 | PKCS12 *PKCS12_init(int mode) |
| 66 | { | 66 | { |
| 67 | PKCS12 *pkcs12; | 67 | PKCS12 *pkcs12; |
| 68 | if (!(pkcs12 = PKCS12_new())) { | 68 | if (!(pkcs12 = PKCS12_new())) { |
diff --git a/src/lib/libssl/src/crypto/pkcs12/p12_key.c b/src/lib/libssl/src/crypto/pkcs12/p12_key.c index 9196a34b4a..18e72d0a1b 100644 --- a/src/lib/libssl/src/crypto/pkcs12/p12_key.c +++ b/src/lib/libssl/src/crypto/pkcs12/p12_key.c | |||
| @@ -59,7 +59,7 @@ | |||
| 59 | #include <stdio.h> | 59 | #include <stdio.h> |
| 60 | #include "cryptlib.h" | 60 | #include "cryptlib.h" |
| 61 | #include <openssl/pkcs12.h> | 61 | #include <openssl/pkcs12.h> |
| 62 | 62 | #include <openssl/bn.h> | |
| 63 | 63 | ||
| 64 | /* Uncomment out this line to get debugging info about key generation */ | 64 | /* Uncomment out this line to get debugging info about key generation */ |
| 65 | /*#define DEBUG_KEYGEN*/ | 65 | /*#define DEBUG_KEYGEN*/ |
diff --git a/src/lib/libssl/src/crypto/pkcs12/p12_kiss.c b/src/lib/libssl/src/crypto/pkcs12/p12_kiss.c index 2b31999e11..c2ee2cc6f3 100644 --- a/src/lib/libssl/src/crypto/pkcs12/p12_kiss.c +++ b/src/lib/libssl/src/crypto/pkcs12/p12_kiss.c | |||
| @@ -80,7 +80,7 @@ static int parse_bag( PKCS12_SAFEBAG *bag, const char *pass, int passlen, | |||
| 80 | * passed unitialised. | 80 | * passed unitialised. |
| 81 | */ | 81 | */ |
| 82 | 82 | ||
| 83 | int PKCS12_parse (PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert, | 83 | int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert, |
| 84 | STACK_OF(X509) **ca) | 84 | STACK_OF(X509) **ca) |
| 85 | { | 85 | { |
| 86 | 86 | ||
| @@ -141,7 +141,7 @@ int PKCS12_parse (PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert, | |||
| 141 | 141 | ||
| 142 | /* Parse the outer PKCS#12 structure */ | 142 | /* Parse the outer PKCS#12 structure */ |
| 143 | 143 | ||
| 144 | static int parse_pk12 (PKCS12 *p12, const char *pass, int passlen, | 144 | static int parse_pk12(PKCS12 *p12, const char *pass, int passlen, |
| 145 | EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca) | 145 | EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca) |
| 146 | { | 146 | { |
| 147 | STACK_OF(PKCS7) *asafes; | 147 | STACK_OF(PKCS7) *asafes; |
| @@ -178,10 +178,10 @@ static int parse_pk12 (PKCS12 *p12, const char *pass, int passlen, | |||
| 178 | } | 178 | } |
| 179 | 179 | ||
| 180 | 180 | ||
| 181 | static int parse_bags (STACK_OF(PKCS12_SAFEBAG) *bags, const char *pass, | 181 | static int parse_bags(STACK_OF(PKCS12_SAFEBAG) *bags, const char *pass, |
| 182 | int passlen, EVP_PKEY **pkey, X509 **cert, | 182 | int passlen, EVP_PKEY **pkey, X509 **cert, |
| 183 | STACK_OF(X509) **ca, ASN1_OCTET_STRING **keyid, | 183 | STACK_OF(X509) **ca, ASN1_OCTET_STRING **keyid, |
| 184 | char *keymatch) | 184 | char *keymatch) |
| 185 | { | 185 | { |
| 186 | int i; | 186 | int i; |
| 187 | for (i = 0; i < sk_PKCS12_SAFEBAG_num(bags); i++) { | 187 | for (i = 0; i < sk_PKCS12_SAFEBAG_num(bags); i++) { |
| @@ -197,9 +197,9 @@ static int parse_bags (STACK_OF(PKCS12_SAFEBAG) *bags, const char *pass, | |||
| 197 | #define MATCH_ALL 0x3 | 197 | #define MATCH_ALL 0x3 |
| 198 | 198 | ||
| 199 | static int parse_bag(PKCS12_SAFEBAG *bag, const char *pass, int passlen, | 199 | static int parse_bag(PKCS12_SAFEBAG *bag, const char *pass, int passlen, |
| 200 | EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca, | 200 | EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca, |
| 201 | ASN1_OCTET_STRING **keyid, | 201 | ASN1_OCTET_STRING **keyid, |
| 202 | char *keymatch) | 202 | char *keymatch) |
| 203 | { | 203 | { |
| 204 | PKCS8_PRIV_KEY_INFO *p8; | 204 | PKCS8_PRIV_KEY_INFO *p8; |
| 205 | X509 *x509; | 205 | X509 *x509; |
| @@ -221,7 +221,7 @@ static int parse_bag(PKCS12_SAFEBAG *bag, const char *pass, int passlen, | |||
| 221 | if (M_ASN1_OCTET_STRING_cmp(*keyid, lkey)) lkey = NULL; | 221 | if (M_ASN1_OCTET_STRING_cmp(*keyid, lkey)) lkey = NULL; |
| 222 | } else { | 222 | } else { |
| 223 | if (!(*keyid = M_ASN1_OCTET_STRING_dup(lkey))) { | 223 | if (!(*keyid = M_ASN1_OCTET_STRING_dup(lkey))) { |
| 224 | PKCS12err(PKCS12_F_PARSE_BAGS,ERR_R_MALLOC_FAILURE); | 224 | PKCS12err(PKCS12_F_PARSE_BAG,ERR_R_MALLOC_FAILURE); |
| 225 | return 0; | 225 | return 0; |
| 226 | } | 226 | } |
| 227 | } | 227 | } |
diff --git a/src/lib/libssl/src/crypto/pkcs12/p12_mutl.c b/src/lib/libssl/src/crypto/pkcs12/p12_mutl.c index 140d21155e..c408cc8ab8 100644 --- a/src/lib/libssl/src/crypto/pkcs12/p12_mutl.c +++ b/src/lib/libssl/src/crypto/pkcs12/p12_mutl.c | |||
| @@ -64,12 +64,12 @@ | |||
| 64 | #include <openssl/pkcs12.h> | 64 | #include <openssl/pkcs12.h> |
| 65 | 65 | ||
| 66 | /* Generate a MAC */ | 66 | /* Generate a MAC */ |
| 67 | int PKCS12_gen_mac (PKCS12 *p12, const char *pass, int passlen, | 67 | int PKCS12_gen_mac(PKCS12 *p12, const char *pass, int passlen, |
| 68 | unsigned char *mac, unsigned int *maclen) | 68 | unsigned char *mac, unsigned int *maclen) |
| 69 | { | 69 | { |
| 70 | const EVP_MD *md_type; | 70 | const EVP_MD *md_type; |
| 71 | HMAC_CTX hmac; | 71 | HMAC_CTX hmac; |
| 72 | unsigned char key[PKCS12_MAC_KEY_LENGTH], *salt; | 72 | unsigned char key[EVP_MAX_MD_SIZE], *salt; |
| 73 | int saltlen, iter; | 73 | int saltlen, iter; |
| 74 | 74 | ||
| 75 | if (!PKCS7_type_is_data(p12->authsafes)) | 75 | if (!PKCS7_type_is_data(p12->authsafes)) |
| @@ -88,12 +88,12 @@ int PKCS12_gen_mac (PKCS12 *p12, const char *pass, int passlen, | |||
| 88 | return 0; | 88 | return 0; |
| 89 | } | 89 | } |
| 90 | if(!PKCS12_key_gen (pass, passlen, salt, saltlen, PKCS12_MAC_ID, iter, | 90 | if(!PKCS12_key_gen (pass, passlen, salt, saltlen, PKCS12_MAC_ID, iter, |
| 91 | PKCS12_MAC_KEY_LENGTH, key, md_type)) { | 91 | EVP_MD_size(md_type), key, md_type)) { |
| 92 | PKCS12err(PKCS12_F_PKCS12_GEN_MAC,PKCS12_R_KEY_GEN_ERROR); | 92 | PKCS12err(PKCS12_F_PKCS12_GEN_MAC,PKCS12_R_KEY_GEN_ERROR); |
| 93 | return 0; | 93 | return 0; |
| 94 | } | 94 | } |
| 95 | HMAC_CTX_init(&hmac); | 95 | HMAC_CTX_init(&hmac); |
| 96 | HMAC_Init_ex(&hmac, key, PKCS12_MAC_KEY_LENGTH, md_type, NULL); | 96 | HMAC_Init_ex(&hmac, key, EVP_MD_size(md_type), md_type, NULL); |
| 97 | HMAC_Update(&hmac, p12->authsafes->d.data->data, | 97 | HMAC_Update(&hmac, p12->authsafes->d.data->data, |
| 98 | p12->authsafes->d.data->length); | 98 | p12->authsafes->d.data->length); |
| 99 | HMAC_Final(&hmac, mac, maclen); | 99 | HMAC_Final(&hmac, mac, maclen); |
| @@ -102,16 +102,16 @@ int PKCS12_gen_mac (PKCS12 *p12, const char *pass, int passlen, | |||
| 102 | } | 102 | } |
| 103 | 103 | ||
| 104 | /* Verify the mac */ | 104 | /* Verify the mac */ |
| 105 | int PKCS12_verify_mac (PKCS12 *p12, const char *pass, int passlen) | 105 | int PKCS12_verify_mac(PKCS12 *p12, const char *pass, int passlen) |
| 106 | { | 106 | { |
| 107 | unsigned char mac[EVP_MAX_MD_SIZE]; | 107 | unsigned char mac[EVP_MAX_MD_SIZE]; |
| 108 | unsigned int maclen; | 108 | unsigned int maclen; |
| 109 | if(p12->mac == NULL) { | 109 | if(p12->mac == NULL) { |
| 110 | PKCS12err(PKCS12_F_VERIFY_MAC,PKCS12_R_MAC_ABSENT); | 110 | PKCS12err(PKCS12_F_PKCS12_VERIFY_MAC,PKCS12_R_MAC_ABSENT); |
| 111 | return 0; | 111 | return 0; |
| 112 | } | 112 | } |
| 113 | if (!PKCS12_gen_mac (p12, pass, passlen, mac, &maclen)) { | 113 | if (!PKCS12_gen_mac (p12, pass, passlen, mac, &maclen)) { |
| 114 | PKCS12err(PKCS12_F_VERIFY_MAC,PKCS12_R_MAC_GENERATION_ERROR); | 114 | PKCS12err(PKCS12_F_PKCS12_VERIFY_MAC,PKCS12_R_MAC_GENERATION_ERROR); |
| 115 | return 0; | 115 | return 0; |
| 116 | } | 116 | } |
| 117 | if ((maclen != (unsigned int)p12->mac->dinfo->digest->length) | 117 | if ((maclen != (unsigned int)p12->mac->dinfo->digest->length) |
| @@ -121,7 +121,7 @@ int PKCS12_verify_mac (PKCS12 *p12, const char *pass, int passlen) | |||
| 121 | 121 | ||
| 122 | /* Set a mac */ | 122 | /* Set a mac */ |
| 123 | 123 | ||
| 124 | int PKCS12_set_mac (PKCS12 *p12, const char *pass, int passlen, | 124 | int PKCS12_set_mac(PKCS12 *p12, const char *pass, int passlen, |
| 125 | unsigned char *salt, int saltlen, int iter, const EVP_MD *md_type) | 125 | unsigned char *salt, int saltlen, int iter, const EVP_MD *md_type) |
| 126 | { | 126 | { |
| 127 | unsigned char mac[EVP_MAX_MD_SIZE]; | 127 | unsigned char mac[EVP_MAX_MD_SIZE]; |
| @@ -145,7 +145,7 @@ int PKCS12_set_mac (PKCS12 *p12, const char *pass, int passlen, | |||
| 145 | } | 145 | } |
| 146 | 146 | ||
| 147 | /* Set up a mac structure */ | 147 | /* Set up a mac structure */ |
| 148 | int PKCS12_setup_mac (PKCS12 *p12, int iter, unsigned char *salt, int saltlen, | 148 | int PKCS12_setup_mac(PKCS12 *p12, int iter, unsigned char *salt, int saltlen, |
| 149 | const EVP_MD *md_type) | 149 | const EVP_MD *md_type) |
| 150 | { | 150 | { |
| 151 | if (!(p12->mac = PKCS12_MAC_DATA_new())) return PKCS12_ERROR; | 151 | if (!(p12->mac = PKCS12_MAC_DATA_new())) return PKCS12_ERROR; |
diff --git a/src/lib/libssl/src/crypto/pkcs12/p12_npas.c b/src/lib/libssl/src/crypto/pkcs12/p12_npas.c index af708a2743..48eacc5c49 100644 --- a/src/lib/libssl/src/crypto/pkcs12/p12_npas.c +++ b/src/lib/libssl/src/crypto/pkcs12/p12_npas.c | |||
| @@ -77,28 +77,26 @@ static int alg_get(X509_ALGOR *alg, int *pnid, int *piter, int *psaltlen); | |||
| 77 | 77 | ||
| 78 | int PKCS12_newpass(PKCS12 *p12, char *oldpass, char *newpass) | 78 | int PKCS12_newpass(PKCS12 *p12, char *oldpass, char *newpass) |
| 79 | { | 79 | { |
| 80 | /* Check for NULL PKCS12 structure */ | ||
| 80 | 81 | ||
| 81 | /* Check for NULL PKCS12 structure */ | 82 | if(!p12) { |
| 82 | 83 | PKCS12err(PKCS12_F_PKCS12_NEWPASS,PKCS12_R_INVALID_NULL_PKCS12_POINTER); | |
| 83 | if(!p12) { | 84 | return 0; |
| 84 | PKCS12err(PKCS12_F_PKCS12_NEWPASS,PKCS12_R_INVALID_NULL_PKCS12_POINTER); | 85 | } |
| 85 | return 0; | ||
| 86 | } | ||
| 87 | |||
| 88 | /* Check the mac */ | ||
| 89 | |||
| 90 | if (!PKCS12_verify_mac(p12, oldpass, -1)) { | ||
| 91 | PKCS12err(PKCS12_F_PKCS12_NEWPASS,PKCS12_R_MAC_VERIFY_FAILURE); | ||
| 92 | return 0; | ||
| 93 | } | ||
| 94 | 86 | ||
| 95 | if (!newpass_p12(p12, oldpass, newpass)) { | 87 | /* Check the mac */ |
| 96 | PKCS12err(PKCS12_F_PKCS12_NEWPASS,PKCS12_R_PARSE_ERROR); | 88 | |
| 97 | return 0; | 89 | if (!PKCS12_verify_mac(p12, oldpass, -1)) { |
| 98 | } | 90 | PKCS12err(PKCS12_F_PKCS12_NEWPASS,PKCS12_R_MAC_VERIFY_FAILURE); |
| 91 | return 0; | ||
| 92 | } | ||
| 99 | 93 | ||
| 100 | return 1; | 94 | if (!newpass_p12(p12, oldpass, newpass)) { |
| 95 | PKCS12err(PKCS12_F_PKCS12_NEWPASS,PKCS12_R_PARSE_ERROR); | ||
| 96 | return 0; | ||
| 97 | } | ||
| 101 | 98 | ||
| 99 | return 1; | ||
| 102 | } | 100 | } |
| 103 | 101 | ||
| 104 | /* Parse the outer PKCS#12 structure */ | 102 | /* Parse the outer PKCS#12 structure */ |
| @@ -206,7 +204,8 @@ static int newpass_bag(PKCS12_SAFEBAG *bag, char *oldpass, char *newpass) | |||
| 206 | static int alg_get(X509_ALGOR *alg, int *pnid, int *piter, int *psaltlen) | 204 | static int alg_get(X509_ALGOR *alg, int *pnid, int *piter, int *psaltlen) |
| 207 | { | 205 | { |
| 208 | PBEPARAM *pbe; | 206 | PBEPARAM *pbe; |
| 209 | unsigned char *p; | 207 | const unsigned char *p; |
| 208 | |||
| 210 | p = alg->parameter->value.sequence->data; | 209 | p = alg->parameter->value.sequence->data; |
| 211 | pbe = d2i_PBEPARAM(NULL, &p, alg->parameter->value.sequence->length); | 210 | pbe = d2i_PBEPARAM(NULL, &p, alg->parameter->value.sequence->length); |
| 212 | *pnid = OBJ_obj2nid(alg->algorithm); | 211 | *pnid = OBJ_obj2nid(alg->algorithm); |
diff --git a/src/lib/libssl/src/crypto/pkcs12/pk12err.c b/src/lib/libssl/src/crypto/pkcs12/pk12err.c index a33b37b1c7..07a1fb6907 100644 --- a/src/lib/libssl/src/crypto/pkcs12/pk12err.c +++ b/src/lib/libssl/src/crypto/pkcs12/pk12err.c | |||
| @@ -70,16 +70,18 @@ | |||
| 70 | 70 | ||
| 71 | static ERR_STRING_DATA PKCS12_str_functs[]= | 71 | static ERR_STRING_DATA PKCS12_str_functs[]= |
| 72 | { | 72 | { |
| 73 | {ERR_FUNC(PKCS12_F_PARSE_BAG), "PARSE_BAG"}, | ||
| 73 | {ERR_FUNC(PKCS12_F_PARSE_BAGS), "PARSE_BAGS"}, | 74 | {ERR_FUNC(PKCS12_F_PARSE_BAGS), "PARSE_BAGS"}, |
| 74 | {ERR_FUNC(PKCS12_F_PKCS12_ADD_FRIENDLYNAME), "PKCS12_ADD_FRIENDLYNAME"}, | 75 | {ERR_FUNC(PKCS12_F_PKCS12_ADD_FRIENDLYNAME), "PKCS12_ADD_FRIENDLYNAME"}, |
| 75 | {ERR_FUNC(PKCS12_F_PKCS12_ADD_FRIENDLYNAME_ASC), "PKCS12_add_friendlyname_asc"}, | 76 | {ERR_FUNC(PKCS12_F_PKCS12_ADD_FRIENDLYNAME_ASC), "PKCS12_add_friendlyname_asc"}, |
| 76 | {ERR_FUNC(PKCS12_F_PKCS12_ADD_FRIENDLYNAME_UNI), "PKCS12_add_friendlyname_uni"}, | 77 | {ERR_FUNC(PKCS12_F_PKCS12_ADD_FRIENDLYNAME_UNI), "PKCS12_add_friendlyname_uni"}, |
| 77 | {ERR_FUNC(PKCS12_F_PKCS12_ADD_LOCALKEYID), "PKCS12_add_localkeyid"}, | 78 | {ERR_FUNC(PKCS12_F_PKCS12_ADD_LOCALKEYID), "PKCS12_add_localkeyid"}, |
| 78 | {ERR_FUNC(PKCS12_F_PKCS12_CREATE), "PKCS12_create"}, | 79 | {ERR_FUNC(PKCS12_F_PKCS12_CREATE), "PKCS12_create"}, |
| 79 | {ERR_FUNC(PKCS12_F_PKCS12_DECRYPT_D2I), "PKCS12_DECRYPT_D2I"}, | ||
| 80 | {ERR_FUNC(PKCS12_F_PKCS12_GEN_MAC), "PKCS12_gen_mac"}, | 80 | {ERR_FUNC(PKCS12_F_PKCS12_GEN_MAC), "PKCS12_gen_mac"}, |
| 81 | {ERR_FUNC(PKCS12_F_PKCS12_I2D_ENCRYPT), "PKCS12_I2D_ENCRYPT"}, | ||
| 82 | {ERR_FUNC(PKCS12_F_PKCS12_INIT), "PKCS12_init"}, | 81 | {ERR_FUNC(PKCS12_F_PKCS12_INIT), "PKCS12_init"}, |
| 82 | {ERR_FUNC(PKCS12_F_PKCS12_ITEM_DECRYPT_D2I), "PKCS12_item_decrypt_d2i"}, | ||
| 83 | {ERR_FUNC(PKCS12_F_PKCS12_ITEM_I2D_ENCRYPT), "PKCS12_item_i2d_encrypt"}, | ||
| 84 | {ERR_FUNC(PKCS12_F_PKCS12_ITEM_PACK_SAFEBAG), "PKCS12_item_pack_safebag"}, | ||
| 83 | {ERR_FUNC(PKCS12_F_PKCS12_KEY_GEN_ASC), "PKCS12_key_gen_asc"}, | 85 | {ERR_FUNC(PKCS12_F_PKCS12_KEY_GEN_ASC), "PKCS12_key_gen_asc"}, |
| 84 | {ERR_FUNC(PKCS12_F_PKCS12_KEY_GEN_UNI), "PKCS12_key_gen_uni"}, | 86 | {ERR_FUNC(PKCS12_F_PKCS12_KEY_GEN_UNI), "PKCS12_key_gen_uni"}, |
| 85 | {ERR_FUNC(PKCS12_F_PKCS12_MAKE_KEYBAG), "PKCS12_MAKE_KEYBAG"}, | 87 | {ERR_FUNC(PKCS12_F_PKCS12_MAKE_KEYBAG), "PKCS12_MAKE_KEYBAG"}, |
| @@ -87,7 +89,6 @@ static ERR_STRING_DATA PKCS12_str_functs[]= | |||
| 87 | {ERR_FUNC(PKCS12_F_PKCS12_NEWPASS), "PKCS12_newpass"}, | 89 | {ERR_FUNC(PKCS12_F_PKCS12_NEWPASS), "PKCS12_newpass"}, |
| 88 | {ERR_FUNC(PKCS12_F_PKCS12_PACK_P7DATA), "PKCS12_pack_p7data"}, | 90 | {ERR_FUNC(PKCS12_F_PKCS12_PACK_P7DATA), "PKCS12_pack_p7data"}, |
| 89 | {ERR_FUNC(PKCS12_F_PKCS12_PACK_P7ENCDATA), "PKCS12_pack_p7encdata"}, | 91 | {ERR_FUNC(PKCS12_F_PKCS12_PACK_P7ENCDATA), "PKCS12_pack_p7encdata"}, |
| 90 | {ERR_FUNC(PKCS12_F_PKCS12_PACK_SAFEBAG), "PKCS12_PACK_SAFEBAG"}, | ||
| 91 | {ERR_FUNC(PKCS12_F_PKCS12_PARSE), "PKCS12_parse"}, | 92 | {ERR_FUNC(PKCS12_F_PKCS12_PARSE), "PKCS12_parse"}, |
| 92 | {ERR_FUNC(PKCS12_F_PKCS12_PBE_CRYPT), "PKCS12_pbe_crypt"}, | 93 | {ERR_FUNC(PKCS12_F_PKCS12_PBE_CRYPT), "PKCS12_pbe_crypt"}, |
| 93 | {ERR_FUNC(PKCS12_F_PKCS12_PBE_KEYIVGEN), "PKCS12_PBE_keyivgen"}, | 94 | {ERR_FUNC(PKCS12_F_PKCS12_PBE_KEYIVGEN), "PKCS12_PBE_keyivgen"}, |
| @@ -95,9 +96,9 @@ static ERR_STRING_DATA PKCS12_str_functs[]= | |||
| 95 | {ERR_FUNC(PKCS12_F_PKCS12_SET_MAC), "PKCS12_set_mac"}, | 96 | {ERR_FUNC(PKCS12_F_PKCS12_SET_MAC), "PKCS12_set_mac"}, |
| 96 | {ERR_FUNC(PKCS12_F_PKCS12_UNPACK_AUTHSAFES), "PKCS12_unpack_authsafes"}, | 97 | {ERR_FUNC(PKCS12_F_PKCS12_UNPACK_AUTHSAFES), "PKCS12_unpack_authsafes"}, |
| 97 | {ERR_FUNC(PKCS12_F_PKCS12_UNPACK_P7DATA), "PKCS12_unpack_p7data"}, | 98 | {ERR_FUNC(PKCS12_F_PKCS12_UNPACK_P7DATA), "PKCS12_unpack_p7data"}, |
| 99 | {ERR_FUNC(PKCS12_F_PKCS12_VERIFY_MAC), "PKCS12_verify_mac"}, | ||
| 98 | {ERR_FUNC(PKCS12_F_PKCS8_ADD_KEYUSAGE), "PKCS8_add_keyusage"}, | 100 | {ERR_FUNC(PKCS12_F_PKCS8_ADD_KEYUSAGE), "PKCS8_add_keyusage"}, |
| 99 | {ERR_FUNC(PKCS12_F_PKCS8_ENCRYPT), "PKCS8_encrypt"}, | 101 | {ERR_FUNC(PKCS12_F_PKCS8_ENCRYPT), "PKCS8_encrypt"}, |
| 100 | {ERR_FUNC(PKCS12_F_VERIFY_MAC), "VERIFY_MAC"}, | ||
| 101 | {0,NULL} | 102 | {0,NULL} |
| 102 | }; | 103 | }; |
| 103 | 104 | ||
| @@ -132,15 +133,12 @@ static ERR_STRING_DATA PKCS12_str_reasons[]= | |||
| 132 | 133 | ||
| 133 | void ERR_load_PKCS12_strings(void) | 134 | void ERR_load_PKCS12_strings(void) |
| 134 | { | 135 | { |
| 135 | static int init=1; | 136 | #ifndef OPENSSL_NO_ERR |
| 136 | 137 | ||
| 137 | if (init) | 138 | if (ERR_func_error_string(PKCS12_str_functs[0].error) == NULL) |
| 138 | { | 139 | { |
| 139 | init=0; | ||
| 140 | #ifndef OPENSSL_NO_ERR | ||
| 141 | ERR_load_strings(0,PKCS12_str_functs); | 140 | ERR_load_strings(0,PKCS12_str_functs); |
| 142 | ERR_load_strings(0,PKCS12_str_reasons); | 141 | ERR_load_strings(0,PKCS12_str_reasons); |
| 143 | #endif | ||
| 144 | |||
| 145 | } | 142 | } |
| 143 | #endif | ||
| 146 | } | 144 | } |
diff --git a/src/lib/libssl/src/crypto/pkcs12/pkcs12.h b/src/lib/libssl/src/crypto/pkcs12/pkcs12.h index fb8af82d4f..a2d7e359a0 100644 --- a/src/lib/libssl/src/crypto/pkcs12/pkcs12.h +++ b/src/lib/libssl/src/crypto/pkcs12/pkcs12.h | |||
| @@ -249,6 +249,15 @@ int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert, | |||
| 249 | PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert, | 249 | PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert, |
| 250 | STACK_OF(X509) *ca, int nid_key, int nid_cert, int iter, | 250 | STACK_OF(X509) *ca, int nid_key, int nid_cert, int iter, |
| 251 | int mac_iter, int keytype); | 251 | int mac_iter, int keytype); |
| 252 | |||
| 253 | PKCS12_SAFEBAG *PKCS12_add_cert(STACK_OF(PKCS12_SAFEBAG) **pbags, X509 *cert); | ||
| 254 | PKCS12_SAFEBAG *PKCS12_add_key(STACK_OF(PKCS12_SAFEBAG) **pbags, EVP_PKEY *key, | ||
| 255 | int key_usage, int iter, | ||
| 256 | int key_nid, char *pass); | ||
| 257 | int PKCS12_add_safe(STACK_OF(PKCS7) **psafes, STACK_OF(PKCS12_SAFEBAG) *bags, | ||
| 258 | int safe_nid, int iter, char *pass); | ||
| 259 | PKCS12 *PKCS12_add_safes(STACK_OF(PKCS7) *safes, int p7_nid); | ||
| 260 | |||
| 252 | int i2d_PKCS12_bio(BIO *bp, PKCS12 *p12); | 261 | int i2d_PKCS12_bio(BIO *bp, PKCS12 *p12); |
| 253 | int i2d_PKCS12_fp(FILE *fp, PKCS12 *p12); | 262 | int i2d_PKCS12_fp(FILE *fp, PKCS12 *p12); |
| 254 | PKCS12 *d2i_PKCS12_bio(BIO *bp, PKCS12 **p12); | 263 | PKCS12 *d2i_PKCS12_bio(BIO *bp, PKCS12 **p12); |
| @@ -264,16 +273,18 @@ void ERR_load_PKCS12_strings(void); | |||
| 264 | /* Error codes for the PKCS12 functions. */ | 273 | /* Error codes for the PKCS12 functions. */ |
| 265 | 274 | ||
| 266 | /* Function codes. */ | 275 | /* Function codes. */ |
| 276 | #define PKCS12_F_PARSE_BAG 129 | ||
| 267 | #define PKCS12_F_PARSE_BAGS 103 | 277 | #define PKCS12_F_PARSE_BAGS 103 |
| 268 | #define PKCS12_F_PKCS12_ADD_FRIENDLYNAME 100 | 278 | #define PKCS12_F_PKCS12_ADD_FRIENDLYNAME 100 |
| 269 | #define PKCS12_F_PKCS12_ADD_FRIENDLYNAME_ASC 127 | 279 | #define PKCS12_F_PKCS12_ADD_FRIENDLYNAME_ASC 127 |
| 270 | #define PKCS12_F_PKCS12_ADD_FRIENDLYNAME_UNI 102 | 280 | #define PKCS12_F_PKCS12_ADD_FRIENDLYNAME_UNI 102 |
| 271 | #define PKCS12_F_PKCS12_ADD_LOCALKEYID 104 | 281 | #define PKCS12_F_PKCS12_ADD_LOCALKEYID 104 |
| 272 | #define PKCS12_F_PKCS12_CREATE 105 | 282 | #define PKCS12_F_PKCS12_CREATE 105 |
| 273 | #define PKCS12_F_PKCS12_DECRYPT_D2I 106 | ||
| 274 | #define PKCS12_F_PKCS12_GEN_MAC 107 | 283 | #define PKCS12_F_PKCS12_GEN_MAC 107 |
| 275 | #define PKCS12_F_PKCS12_I2D_ENCRYPT 108 | ||
| 276 | #define PKCS12_F_PKCS12_INIT 109 | 284 | #define PKCS12_F_PKCS12_INIT 109 |
| 285 | #define PKCS12_F_PKCS12_ITEM_DECRYPT_D2I 106 | ||
| 286 | #define PKCS12_F_PKCS12_ITEM_I2D_ENCRYPT 108 | ||
| 287 | #define PKCS12_F_PKCS12_ITEM_PACK_SAFEBAG 117 | ||
| 277 | #define PKCS12_F_PKCS12_KEY_GEN_ASC 110 | 288 | #define PKCS12_F_PKCS12_KEY_GEN_ASC 110 |
| 278 | #define PKCS12_F_PKCS12_KEY_GEN_UNI 111 | 289 | #define PKCS12_F_PKCS12_KEY_GEN_UNI 111 |
| 279 | #define PKCS12_F_PKCS12_MAKE_KEYBAG 112 | 290 | #define PKCS12_F_PKCS12_MAKE_KEYBAG 112 |
| @@ -281,17 +292,16 @@ void ERR_load_PKCS12_strings(void); | |||
| 281 | #define PKCS12_F_PKCS12_NEWPASS 128 | 292 | #define PKCS12_F_PKCS12_NEWPASS 128 |
| 282 | #define PKCS12_F_PKCS12_PACK_P7DATA 114 | 293 | #define PKCS12_F_PKCS12_PACK_P7DATA 114 |
| 283 | #define PKCS12_F_PKCS12_PACK_P7ENCDATA 115 | 294 | #define PKCS12_F_PKCS12_PACK_P7ENCDATA 115 |
| 284 | #define PKCS12_F_PKCS12_PACK_SAFEBAG 117 | ||
| 285 | #define PKCS12_F_PKCS12_PARSE 118 | 295 | #define PKCS12_F_PKCS12_PARSE 118 |
| 286 | #define PKCS12_F_PKCS12_PBE_CRYPT 119 | 296 | #define PKCS12_F_PKCS12_PBE_CRYPT 119 |
| 287 | #define PKCS12_F_PKCS12_PBE_KEYIVGEN 120 | 297 | #define PKCS12_F_PKCS12_PBE_KEYIVGEN 120 |
| 288 | #define PKCS12_F_PKCS12_SETUP_MAC 122 | 298 | #define PKCS12_F_PKCS12_SETUP_MAC 122 |
| 289 | #define PKCS12_F_PKCS12_SET_MAC 123 | 299 | #define PKCS12_F_PKCS12_SET_MAC 123 |
| 290 | #define PKCS12_F_PKCS12_UNPACK_AUTHSAFES 129 | 300 | #define PKCS12_F_PKCS12_UNPACK_AUTHSAFES 130 |
| 291 | #define PKCS12_F_PKCS12_UNPACK_P7DATA 130 | 301 | #define PKCS12_F_PKCS12_UNPACK_P7DATA 131 |
| 302 | #define PKCS12_F_PKCS12_VERIFY_MAC 126 | ||
| 292 | #define PKCS12_F_PKCS8_ADD_KEYUSAGE 124 | 303 | #define PKCS12_F_PKCS8_ADD_KEYUSAGE 124 |
| 293 | #define PKCS12_F_PKCS8_ENCRYPT 125 | 304 | #define PKCS12_F_PKCS8_ENCRYPT 125 |
| 294 | #define PKCS12_F_VERIFY_MAC 126 | ||
| 295 | 305 | ||
| 296 | /* Reason codes. */ | 306 | /* Reason codes. */ |
| 297 | #define PKCS12_R_CANT_PACK_STRUCTURE 100 | 307 | #define PKCS12_R_CANT_PACK_STRUCTURE 100 |
diff --git a/src/lib/libssl/src/crypto/pkcs7/bio_ber.c b/src/lib/libssl/src/crypto/pkcs7/bio_ber.c index 895a91177b..31973fcd1f 100644 --- a/src/lib/libssl/src/crypto/pkcs7/bio_ber.c +++ b/src/lib/libssl/src/crypto/pkcs7/bio_ber.c | |||
| @@ -204,7 +204,7 @@ int bio_ber_get_header(BIO *bio, BIO_BER_CTX *ctx) | |||
| 204 | if ((ctx->buf_len < BER_BUF_SIZE) && | 204 | if ((ctx->buf_len < BER_BUF_SIZE) && |
| 205 | (ERR_GET_REASON(ERR_peek_error()) == ASN1_R_TOO_LONG)) | 205 | (ERR_GET_REASON(ERR_peek_error()) == ASN1_R_TOO_LONG)) |
| 206 | { | 206 | { |
| 207 | ERR_get_error(); /* clear the error */ | 207 | ERR_clear_error(); /* clear the error */ |
| 208 | BIO_set_retry_read(b); | 208 | BIO_set_retry_read(b); |
| 209 | } | 209 | } |
| 210 | return(-1); | 210 | return(-1); |
diff --git a/src/lib/libssl/src/crypto/pkcs7/example.c b/src/lib/libssl/src/crypto/pkcs7/example.c index c993947cc3..2953d04b5c 100644 --- a/src/lib/libssl/src/crypto/pkcs7/example.c +++ b/src/lib/libssl/src/crypto/pkcs7/example.c | |||
| @@ -123,7 +123,7 @@ int get_signed_seq2string(PKCS7_SIGNER_INFO *si, char **str1, char **str2) | |||
| 123 | so=PKCS7_get_signed_attribute(si,signed_seq2string_nid); | 123 | so=PKCS7_get_signed_attribute(si,signed_seq2string_nid); |
| 124 | if (so && (so->type == V_ASN1_SEQUENCE)) | 124 | if (so && (so->type == V_ASN1_SEQUENCE)) |
| 125 | { | 125 | { |
| 126 | ASN1_CTX c; | 126 | ASN1_const_CTX c; |
| 127 | ASN1_STRING *s; | 127 | ASN1_STRING *s; |
| 128 | long length; | 128 | long length; |
| 129 | ASN1_OCTET_STRING *os1,*os2; | 129 | ASN1_OCTET_STRING *os1,*os2; |
| @@ -144,7 +144,7 @@ int get_signed_seq2string(PKCS7_SIGNER_INFO *si, char **str1, char **str2) | |||
| 144 | goto err; | 144 | goto err; |
| 145 | c.slen-=(c.p-c.q); | 145 | c.slen-=(c.p-c.q); |
| 146 | 146 | ||
| 147 | if (!asn1_Finish(&c)) goto err; | 147 | if (!asn1_const_Finish(&c)) goto err; |
| 148 | *str1=malloc(os1->length+1); | 148 | *str1=malloc(os1->length+1); |
| 149 | *str2=malloc(os2->length+1); | 149 | *str2=malloc(os2->length+1); |
| 150 | memcpy(*str1,os1->data,os1->length); | 150 | memcpy(*str1,os1->data,os1->length); |
| @@ -290,7 +290,7 @@ int sk_get_seq2string(STACK_OF(X509_ATTRIBUTE) *sk, char **str1, char **str2) | |||
| 290 | so=PKCS7_get_signed_attribute(&si,signed_seq2string_nid); | 290 | so=PKCS7_get_signed_attribute(&si,signed_seq2string_nid); |
| 291 | if (so->type == V_ASN1_SEQUENCE) | 291 | if (so->type == V_ASN1_SEQUENCE) |
| 292 | { | 292 | { |
| 293 | ASN1_CTX c; | 293 | ASN1_const_CTX c; |
| 294 | ASN1_STRING *s; | 294 | ASN1_STRING *s; |
| 295 | long length; | 295 | long length; |
| 296 | ASN1_OCTET_STRING *os1,*os2; | 296 | ASN1_OCTET_STRING *os1,*os2; |
| @@ -311,7 +311,7 @@ int sk_get_seq2string(STACK_OF(X509_ATTRIBUTE) *sk, char **str1, char **str2) | |||
| 311 | goto err; | 311 | goto err; |
| 312 | c.slen-=(c.p-c.q); | 312 | c.slen-=(c.p-c.q); |
| 313 | 313 | ||
| 314 | if (!asn1_Finish(&c)) goto err; | 314 | if (!asn1_const_Finish(&c)) goto err; |
| 315 | *str1=malloc(os1->length+1); | 315 | *str1=malloc(os1->length+1); |
| 316 | *str2=malloc(os2->length+1); | 316 | *str2=malloc(os2->length+1); |
| 317 | memcpy(*str1,os1->data,os1->length); | 317 | memcpy(*str1,os1->data,os1->length); |
diff --git a/src/lib/libssl/src/crypto/pkcs7/pk7_asn1.c b/src/lib/libssl/src/crypto/pkcs7/pk7_asn1.c index 46f0fc9375..77931feeb4 100644 --- a/src/lib/libssl/src/crypto/pkcs7/pk7_asn1.c +++ b/src/lib/libssl/src/crypto/pkcs7/pk7_asn1.c | |||
| @@ -69,30 +69,31 @@ | |||
| 69 | ASN1_ADB_TEMPLATE(p7default) = ASN1_EXP_OPT(PKCS7, d.other, ASN1_ANY, 0); | 69 | ASN1_ADB_TEMPLATE(p7default) = ASN1_EXP_OPT(PKCS7, d.other, ASN1_ANY, 0); |
| 70 | 70 | ||
| 71 | ASN1_ADB(PKCS7) = { | 71 | ASN1_ADB(PKCS7) = { |
| 72 | ADB_ENTRY(NID_pkcs7_data, ASN1_EXP_OPT(PKCS7, d.data, ASN1_OCTET_STRING, 0)), | 72 | ADB_ENTRY(NID_pkcs7_data, ASN1_NDEF_EXP_OPT(PKCS7, d.data, ASN1_OCTET_STRING_NDEF, 0)), |
| 73 | ADB_ENTRY(NID_pkcs7_signed, ASN1_EXP_OPT(PKCS7, d.sign, PKCS7_SIGNED, 0)), | 73 | ADB_ENTRY(NID_pkcs7_signed, ASN1_NDEF_EXP_OPT(PKCS7, d.sign, PKCS7_SIGNED, 0)), |
| 74 | ADB_ENTRY(NID_pkcs7_enveloped, ASN1_EXP_OPT(PKCS7, d.enveloped, PKCS7_ENVELOPE, 0)), | 74 | ADB_ENTRY(NID_pkcs7_enveloped, ASN1_NDEF_EXP_OPT(PKCS7, d.enveloped, PKCS7_ENVELOPE, 0)), |
| 75 | ADB_ENTRY(NID_pkcs7_signedAndEnveloped, ASN1_EXP_OPT(PKCS7, d.signed_and_enveloped, PKCS7_SIGN_ENVELOPE, 0)), | 75 | ADB_ENTRY(NID_pkcs7_signedAndEnveloped, ASN1_NDEF_EXP_OPT(PKCS7, d.signed_and_enveloped, PKCS7_SIGN_ENVELOPE, 0)), |
| 76 | ADB_ENTRY(NID_pkcs7_digest, ASN1_EXP_OPT(PKCS7, d.digest, PKCS7_DIGEST, 0)), | 76 | ADB_ENTRY(NID_pkcs7_digest, ASN1_NDEF_EXP_OPT(PKCS7, d.digest, PKCS7_DIGEST, 0)), |
| 77 | ADB_ENTRY(NID_pkcs7_encrypted, ASN1_EXP_OPT(PKCS7, d.encrypted, PKCS7_ENCRYPT, 0)) | 77 | ADB_ENTRY(NID_pkcs7_encrypted, ASN1_NDEF_EXP_OPT(PKCS7, d.encrypted, PKCS7_ENCRYPT, 0)) |
| 78 | } ASN1_ADB_END(PKCS7, 0, type, 0, &p7default_tt, NULL); | 78 | } ASN1_ADB_END(PKCS7, 0, type, 0, &p7default_tt, NULL); |
| 79 | 79 | ||
| 80 | ASN1_SEQUENCE(PKCS7) = { | 80 | ASN1_NDEF_SEQUENCE(PKCS7) = { |
| 81 | ASN1_SIMPLE(PKCS7, type, ASN1_OBJECT), | 81 | ASN1_SIMPLE(PKCS7, type, ASN1_OBJECT), |
| 82 | ASN1_ADB_OBJECT(PKCS7) | 82 | ASN1_ADB_OBJECT(PKCS7) |
| 83 | }ASN1_SEQUENCE_END(PKCS7) | 83 | }ASN1_NDEF_SEQUENCE_END(PKCS7) |
| 84 | 84 | ||
| 85 | IMPLEMENT_ASN1_FUNCTIONS(PKCS7) | 85 | IMPLEMENT_ASN1_FUNCTIONS(PKCS7) |
| 86 | IMPLEMENT_ASN1_NDEF_FUNCTION(PKCS7) | ||
| 86 | IMPLEMENT_ASN1_DUP_FUNCTION(PKCS7) | 87 | IMPLEMENT_ASN1_DUP_FUNCTION(PKCS7) |
| 87 | 88 | ||
| 88 | ASN1_SEQUENCE(PKCS7_SIGNED) = { | 89 | ASN1_NDEF_SEQUENCE(PKCS7_SIGNED) = { |
| 89 | ASN1_SIMPLE(PKCS7_SIGNED, version, ASN1_INTEGER), | 90 | ASN1_SIMPLE(PKCS7_SIGNED, version, ASN1_INTEGER), |
| 90 | ASN1_SET_OF(PKCS7_SIGNED, md_algs, X509_ALGOR), | 91 | ASN1_SET_OF(PKCS7_SIGNED, md_algs, X509_ALGOR), |
| 91 | ASN1_SIMPLE(PKCS7_SIGNED, contents, PKCS7), | 92 | ASN1_SIMPLE(PKCS7_SIGNED, contents, PKCS7), |
| 92 | ASN1_IMP_SEQUENCE_OF_OPT(PKCS7_SIGNED, cert, X509, 0), | 93 | ASN1_IMP_SEQUENCE_OF_OPT(PKCS7_SIGNED, cert, X509, 0), |
| 93 | ASN1_IMP_SET_OF_OPT(PKCS7_SIGNED, crl, X509_CRL, 1), | 94 | ASN1_IMP_SET_OF_OPT(PKCS7_SIGNED, crl, X509_CRL, 1), |
| 94 | ASN1_SET_OF(PKCS7_SIGNED, signer_info, PKCS7_SIGNER_INFO) | 95 | ASN1_SET_OF(PKCS7_SIGNED, signer_info, PKCS7_SIGNER_INFO) |
| 95 | } ASN1_SEQUENCE_END(PKCS7_SIGNED) | 96 | } ASN1_NDEF_SEQUENCE_END(PKCS7_SIGNED) |
| 96 | 97 | ||
| 97 | IMPLEMENT_ASN1_FUNCTIONS(PKCS7_SIGNED) | 98 | IMPLEMENT_ASN1_FUNCTIONS(PKCS7_SIGNED) |
| 98 | 99 | ||
| @@ -130,11 +131,11 @@ ASN1_SEQUENCE(PKCS7_ISSUER_AND_SERIAL) = { | |||
| 130 | 131 | ||
| 131 | IMPLEMENT_ASN1_FUNCTIONS(PKCS7_ISSUER_AND_SERIAL) | 132 | IMPLEMENT_ASN1_FUNCTIONS(PKCS7_ISSUER_AND_SERIAL) |
| 132 | 133 | ||
| 133 | ASN1_SEQUENCE(PKCS7_ENVELOPE) = { | 134 | ASN1_NDEF_SEQUENCE(PKCS7_ENVELOPE) = { |
| 134 | ASN1_SIMPLE(PKCS7_ENVELOPE, version, ASN1_INTEGER), | 135 | ASN1_SIMPLE(PKCS7_ENVELOPE, version, ASN1_INTEGER), |
| 135 | ASN1_SET_OF(PKCS7_ENVELOPE, recipientinfo, PKCS7_RECIP_INFO), | 136 | ASN1_SET_OF(PKCS7_ENVELOPE, recipientinfo, PKCS7_RECIP_INFO), |
| 136 | ASN1_SIMPLE(PKCS7_ENVELOPE, enc_data, PKCS7_ENC_CONTENT) | 137 | ASN1_SIMPLE(PKCS7_ENVELOPE, enc_data, PKCS7_ENC_CONTENT) |
| 137 | } ASN1_SEQUENCE_END(PKCS7_ENVELOPE) | 138 | } ASN1_NDEF_SEQUENCE_END(PKCS7_ENVELOPE) |
| 138 | 139 | ||
| 139 | IMPLEMENT_ASN1_FUNCTIONS(PKCS7_ENVELOPE) | 140 | IMPLEMENT_ASN1_FUNCTIONS(PKCS7_ENVELOPE) |
| 140 | 141 | ||
| @@ -157,15 +158,15 @@ ASN1_SEQUENCE_cb(PKCS7_RECIP_INFO, ri_cb) = { | |||
| 157 | 158 | ||
| 158 | IMPLEMENT_ASN1_FUNCTIONS(PKCS7_RECIP_INFO) | 159 | IMPLEMENT_ASN1_FUNCTIONS(PKCS7_RECIP_INFO) |
| 159 | 160 | ||
| 160 | ASN1_SEQUENCE(PKCS7_ENC_CONTENT) = { | 161 | ASN1_NDEF_SEQUENCE(PKCS7_ENC_CONTENT) = { |
| 161 | ASN1_SIMPLE(PKCS7_ENC_CONTENT, content_type, ASN1_OBJECT), | 162 | ASN1_SIMPLE(PKCS7_ENC_CONTENT, content_type, ASN1_OBJECT), |
| 162 | ASN1_SIMPLE(PKCS7_ENC_CONTENT, algorithm, X509_ALGOR), | 163 | ASN1_SIMPLE(PKCS7_ENC_CONTENT, algorithm, X509_ALGOR), |
| 163 | ASN1_IMP_OPT(PKCS7_ENC_CONTENT, enc_data, ASN1_OCTET_STRING, 0) | 164 | ASN1_IMP_OPT(PKCS7_ENC_CONTENT, enc_data, ASN1_OCTET_STRING, 0) |
| 164 | } ASN1_SEQUENCE_END(PKCS7_ENC_CONTENT) | 165 | } ASN1_NDEF_SEQUENCE_END(PKCS7_ENC_CONTENT) |
| 165 | 166 | ||
| 166 | IMPLEMENT_ASN1_FUNCTIONS(PKCS7_ENC_CONTENT) | 167 | IMPLEMENT_ASN1_FUNCTIONS(PKCS7_ENC_CONTENT) |
| 167 | 168 | ||
| 168 | ASN1_SEQUENCE(PKCS7_SIGN_ENVELOPE) = { | 169 | ASN1_NDEF_SEQUENCE(PKCS7_SIGN_ENVELOPE) = { |
| 169 | ASN1_SIMPLE(PKCS7_SIGN_ENVELOPE, version, ASN1_INTEGER), | 170 | ASN1_SIMPLE(PKCS7_SIGN_ENVELOPE, version, ASN1_INTEGER), |
| 170 | ASN1_SET_OF(PKCS7_SIGN_ENVELOPE, recipientinfo, PKCS7_RECIP_INFO), | 171 | ASN1_SET_OF(PKCS7_SIGN_ENVELOPE, recipientinfo, PKCS7_RECIP_INFO), |
| 171 | ASN1_SET_OF(PKCS7_SIGN_ENVELOPE, md_algs, X509_ALGOR), | 172 | ASN1_SET_OF(PKCS7_SIGN_ENVELOPE, md_algs, X509_ALGOR), |
| @@ -173,23 +174,23 @@ ASN1_SEQUENCE(PKCS7_SIGN_ENVELOPE) = { | |||
| 173 | ASN1_IMP_SET_OF_OPT(PKCS7_SIGN_ENVELOPE, cert, X509, 0), | 174 | ASN1_IMP_SET_OF_OPT(PKCS7_SIGN_ENVELOPE, cert, X509, 0), |
| 174 | ASN1_IMP_SET_OF_OPT(PKCS7_SIGN_ENVELOPE, crl, X509_CRL, 1), | 175 | ASN1_IMP_SET_OF_OPT(PKCS7_SIGN_ENVELOPE, crl, X509_CRL, 1), |
| 175 | ASN1_SET_OF(PKCS7_SIGN_ENVELOPE, signer_info, PKCS7_SIGNER_INFO) | 176 | ASN1_SET_OF(PKCS7_SIGN_ENVELOPE, signer_info, PKCS7_SIGNER_INFO) |
| 176 | } ASN1_SEQUENCE_END(PKCS7_SIGN_ENVELOPE) | 177 | } ASN1_NDEF_SEQUENCE_END(PKCS7_SIGN_ENVELOPE) |
| 177 | 178 | ||
| 178 | IMPLEMENT_ASN1_FUNCTIONS(PKCS7_SIGN_ENVELOPE) | 179 | IMPLEMENT_ASN1_FUNCTIONS(PKCS7_SIGN_ENVELOPE) |
| 179 | 180 | ||
| 180 | ASN1_SEQUENCE(PKCS7_ENCRYPT) = { | 181 | ASN1_NDEF_SEQUENCE(PKCS7_ENCRYPT) = { |
| 181 | ASN1_SIMPLE(PKCS7_ENCRYPT, version, ASN1_INTEGER), | 182 | ASN1_SIMPLE(PKCS7_ENCRYPT, version, ASN1_INTEGER), |
| 182 | ASN1_SIMPLE(PKCS7_ENCRYPT, enc_data, PKCS7_ENC_CONTENT) | 183 | ASN1_SIMPLE(PKCS7_ENCRYPT, enc_data, PKCS7_ENC_CONTENT) |
| 183 | } ASN1_SEQUENCE_END(PKCS7_ENCRYPT) | 184 | } ASN1_NDEF_SEQUENCE_END(PKCS7_ENCRYPT) |
| 184 | 185 | ||
| 185 | IMPLEMENT_ASN1_FUNCTIONS(PKCS7_ENCRYPT) | 186 | IMPLEMENT_ASN1_FUNCTIONS(PKCS7_ENCRYPT) |
| 186 | 187 | ||
| 187 | ASN1_SEQUENCE(PKCS7_DIGEST) = { | 188 | ASN1_NDEF_SEQUENCE(PKCS7_DIGEST) = { |
| 188 | ASN1_SIMPLE(PKCS7_DIGEST, version, ASN1_INTEGER), | 189 | ASN1_SIMPLE(PKCS7_DIGEST, version, ASN1_INTEGER), |
| 189 | ASN1_SIMPLE(PKCS7_DIGEST, md, X509_ALGOR), | 190 | ASN1_SIMPLE(PKCS7_DIGEST, md, X509_ALGOR), |
| 190 | ASN1_SIMPLE(PKCS7_DIGEST, contents, PKCS7), | 191 | ASN1_SIMPLE(PKCS7_DIGEST, contents, PKCS7), |
| 191 | ASN1_SIMPLE(PKCS7_DIGEST, digest, ASN1_OCTET_STRING) | 192 | ASN1_SIMPLE(PKCS7_DIGEST, digest, ASN1_OCTET_STRING) |
| 192 | } ASN1_SEQUENCE_END(PKCS7_DIGEST) | 193 | } ASN1_NDEF_SEQUENCE_END(PKCS7_DIGEST) |
| 193 | 194 | ||
| 194 | IMPLEMENT_ASN1_FUNCTIONS(PKCS7_DIGEST) | 195 | IMPLEMENT_ASN1_FUNCTIONS(PKCS7_DIGEST) |
| 195 | 196 | ||
diff --git a/src/lib/libssl/src/crypto/pkcs7/pk7_attr.c b/src/lib/libssl/src/crypto/pkcs7/pk7_attr.c index 039141027a..735c8800e1 100644 --- a/src/lib/libssl/src/crypto/pkcs7/pk7_attr.c +++ b/src/lib/libssl/src/crypto/pkcs7/pk7_attr.c | |||
| @@ -96,7 +96,8 @@ int PKCS7_add_attrib_smimecap(PKCS7_SIGNER_INFO *si, STACK_OF(X509_ALGOR) *cap) | |||
| 96 | STACK_OF(X509_ALGOR) *PKCS7_get_smimecap(PKCS7_SIGNER_INFO *si) | 96 | STACK_OF(X509_ALGOR) *PKCS7_get_smimecap(PKCS7_SIGNER_INFO *si) |
| 97 | { | 97 | { |
| 98 | ASN1_TYPE *cap; | 98 | ASN1_TYPE *cap; |
| 99 | unsigned char *p; | 99 | const unsigned char *p; |
| 100 | |||
| 100 | cap = PKCS7_get_signed_attribute(si, NID_SMIMECapabilities); | 101 | cap = PKCS7_get_signed_attribute(si, NID_SMIMECapabilities); |
| 101 | if (!cap || (cap->type != V_ASN1_SEQUENCE)) | 102 | if (!cap || (cap->type != V_ASN1_SEQUENCE)) |
| 102 | return NULL; | 103 | return NULL; |
diff --git a/src/lib/libssl/src/crypto/pkcs7/pk7_doit.c b/src/lib/libssl/src/crypto/pkcs7/pk7_doit.c index 4ac29ae14d..a03d7ebedf 100644 --- a/src/lib/libssl/src/crypto/pkcs7/pk7_doit.c +++ b/src/lib/libssl/src/crypto/pkcs7/pk7_doit.c | |||
| @@ -62,6 +62,7 @@ | |||
| 62 | #include <openssl/objects.h> | 62 | #include <openssl/objects.h> |
| 63 | #include <openssl/x509.h> | 63 | #include <openssl/x509.h> |
| 64 | #include <openssl/x509v3.h> | 64 | #include <openssl/x509v3.h> |
| 65 | #include <openssl/err.h> | ||
| 65 | 66 | ||
| 66 | static int add_attribute(STACK_OF(X509_ATTRIBUTE) **sk, int nid, int atrtype, | 67 | static int add_attribute(STACK_OF(X509_ATTRIBUTE) **sk, int nid, int atrtype, |
| 67 | void *value); | 68 | void *value); |
| @@ -101,18 +102,54 @@ static ASN1_OCTET_STRING *PKCS7_get_octet_string(PKCS7 *p7) | |||
| 101 | return NULL; | 102 | return NULL; |
| 102 | } | 103 | } |
| 103 | 104 | ||
| 105 | static int PKCS7_bio_add_digest(BIO **pbio, X509_ALGOR *alg) | ||
| 106 | { | ||
| 107 | BIO *btmp; | ||
| 108 | const EVP_MD *md; | ||
| 109 | if ((btmp=BIO_new(BIO_f_md())) == NULL) | ||
| 110 | { | ||
| 111 | PKCS7err(PKCS7_F_PKCS7_BIO_ADD_DIGEST,ERR_R_BIO_LIB); | ||
| 112 | goto err; | ||
| 113 | } | ||
| 114 | |||
| 115 | md=EVP_get_digestbyobj(alg->algorithm); | ||
| 116 | if (md == NULL) | ||
| 117 | { | ||
| 118 | PKCS7err(PKCS7_F_PKCS7_BIO_ADD_DIGEST,PKCS7_R_UNKNOWN_DIGEST_TYPE); | ||
| 119 | goto err; | ||
| 120 | } | ||
| 121 | |||
| 122 | BIO_set_md(btmp,md); | ||
| 123 | if (*pbio == NULL) | ||
| 124 | *pbio=btmp; | ||
| 125 | else if (!BIO_push(*pbio,btmp)) | ||
| 126 | { | ||
| 127 | PKCS7err(PKCS7_F_PKCS7_BIO_ADD_DIGEST,ERR_R_BIO_LIB); | ||
| 128 | goto err; | ||
| 129 | } | ||
| 130 | btmp=NULL; | ||
| 131 | |||
| 132 | return 1; | ||
| 133 | |||
| 134 | err: | ||
| 135 | if (btmp) | ||
| 136 | BIO_free(btmp); | ||
| 137 | return 0; | ||
| 138 | |||
| 139 | } | ||
| 140 | |||
| 104 | BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio) | 141 | BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio) |
| 105 | { | 142 | { |
| 106 | int i; | 143 | int i; |
| 107 | BIO *out=NULL,*btmp=NULL; | 144 | BIO *out=NULL,*btmp=NULL; |
| 108 | X509_ALGOR *xa; | 145 | X509_ALGOR *xa = NULL; |
| 109 | const EVP_MD *evp_md; | ||
| 110 | const EVP_CIPHER *evp_cipher=NULL; | 146 | const EVP_CIPHER *evp_cipher=NULL; |
| 111 | STACK_OF(X509_ALGOR) *md_sk=NULL; | 147 | STACK_OF(X509_ALGOR) *md_sk=NULL; |
| 112 | STACK_OF(PKCS7_RECIP_INFO) *rsk=NULL; | 148 | STACK_OF(PKCS7_RECIP_INFO) *rsk=NULL; |
| 113 | X509_ALGOR *xalg=NULL; | 149 | X509_ALGOR *xalg=NULL; |
| 114 | PKCS7_RECIP_INFO *ri=NULL; | 150 | PKCS7_RECIP_INFO *ri=NULL; |
| 115 | EVP_PKEY *pkey; | 151 | EVP_PKEY *pkey; |
| 152 | ASN1_OCTET_STRING *os=NULL; | ||
| 116 | 153 | ||
| 117 | i=OBJ_obj2nid(p7->type); | 154 | i=OBJ_obj2nid(p7->type); |
| 118 | p7->state=PKCS7_S_HEADER; | 155 | p7->state=PKCS7_S_HEADER; |
| @@ -121,6 +158,7 @@ BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio) | |||
| 121 | { | 158 | { |
| 122 | case NID_pkcs7_signed: | 159 | case NID_pkcs7_signed: |
| 123 | md_sk=p7->d.sign->md_algs; | 160 | md_sk=p7->d.sign->md_algs; |
| 161 | os = PKCS7_get_octet_string(p7->d.sign->contents); | ||
| 124 | break; | 162 | break; |
| 125 | case NID_pkcs7_signedAndEnveloped: | 163 | case NID_pkcs7_signedAndEnveloped: |
| 126 | rsk=p7->d.signed_and_enveloped->recipientinfo; | 164 | rsk=p7->d.signed_and_enveloped->recipientinfo; |
| @@ -145,37 +183,21 @@ BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio) | |||
| 145 | goto err; | 183 | goto err; |
| 146 | } | 184 | } |
| 147 | break; | 185 | break; |
| 186 | case NID_pkcs7_digest: | ||
| 187 | xa = p7->d.digest->md; | ||
| 188 | os = PKCS7_get_octet_string(p7->d.digest->contents); | ||
| 189 | break; | ||
| 148 | default: | 190 | default: |
| 149 | PKCS7err(PKCS7_F_PKCS7_DATAINIT,PKCS7_R_UNSUPPORTED_CONTENT_TYPE); | 191 | PKCS7err(PKCS7_F_PKCS7_DATAINIT,PKCS7_R_UNSUPPORTED_CONTENT_TYPE); |
| 150 | goto err; | 192 | goto err; |
| 151 | } | 193 | } |
| 152 | 194 | ||
| 153 | if (md_sk != NULL) | 195 | for (i=0; i<sk_X509_ALGOR_num(md_sk); i++) |
| 154 | { | 196 | if (!PKCS7_bio_add_digest(&out, sk_X509_ALGOR_value(md_sk, i))) |
| 155 | for (i=0; i<sk_X509_ALGOR_num(md_sk); i++) | 197 | goto err; |
| 156 | { | ||
| 157 | xa=sk_X509_ALGOR_value(md_sk,i); | ||
| 158 | if ((btmp=BIO_new(BIO_f_md())) == NULL) | ||
| 159 | { | ||
| 160 | PKCS7err(PKCS7_F_PKCS7_DATAINIT,ERR_R_BIO_LIB); | ||
| 161 | goto err; | ||
| 162 | } | ||
| 163 | |||
| 164 | evp_md=EVP_get_digestbyobj(xa->algorithm); | ||
| 165 | if (evp_md == NULL) | ||
| 166 | { | ||
| 167 | PKCS7err(PKCS7_F_PKCS7_DATAINIT,PKCS7_R_UNKNOWN_DIGEST_TYPE); | ||
| 168 | goto err; | ||
| 169 | } | ||
| 170 | 198 | ||
| 171 | BIO_set_md(btmp,evp_md); | 199 | if (xa && !PKCS7_bio_add_digest(&out, xa)) |
| 172 | if (out == NULL) | 200 | goto err; |
| 173 | out=btmp; | ||
| 174 | else | ||
| 175 | BIO_push(out,btmp); | ||
| 176 | btmp=NULL; | ||
| 177 | } | ||
| 178 | } | ||
| 179 | 201 | ||
| 180 | if (evp_cipher != NULL) | 202 | if (evp_cipher != NULL) |
| 181 | { | 203 | { |
| @@ -194,17 +216,25 @@ BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio) | |||
| 194 | BIO_get_cipher_ctx(btmp, &ctx); | 216 | BIO_get_cipher_ctx(btmp, &ctx); |
| 195 | keylen=EVP_CIPHER_key_length(evp_cipher); | 217 | keylen=EVP_CIPHER_key_length(evp_cipher); |
| 196 | ivlen=EVP_CIPHER_iv_length(evp_cipher); | 218 | ivlen=EVP_CIPHER_iv_length(evp_cipher); |
| 197 | if (RAND_bytes(key,keylen) <= 0) | ||
| 198 | goto err; | ||
| 199 | xalg->algorithm = OBJ_nid2obj(EVP_CIPHER_type(evp_cipher)); | 219 | xalg->algorithm = OBJ_nid2obj(EVP_CIPHER_type(evp_cipher)); |
| 200 | if (ivlen > 0) RAND_pseudo_bytes(iv,ivlen); | 220 | if (ivlen > 0) |
| 201 | EVP_CipherInit_ex(ctx, evp_cipher, NULL, key, iv, 1); | 221 | if (RAND_pseudo_bytes(iv,ivlen) <= 0) |
| 222 | goto err; | ||
| 223 | if (EVP_CipherInit_ex(ctx, evp_cipher, NULL, NULL, NULL, 1)<=0) | ||
| 224 | goto err; | ||
| 225 | if (EVP_CIPHER_CTX_rand_key(ctx, key) <= 0) | ||
| 226 | goto err; | ||
| 227 | if (EVP_CipherInit_ex(ctx, NULL, NULL, key, iv, 1) <= 0) | ||
| 228 | goto err; | ||
| 202 | 229 | ||
| 203 | if (ivlen > 0) { | 230 | if (ivlen > 0) { |
| 204 | if (xalg->parameter == NULL) | 231 | if (xalg->parameter == NULL) { |
| 205 | xalg->parameter=ASN1_TYPE_new(); | 232 | xalg->parameter = ASN1_TYPE_new(); |
| 233 | if (xalg->parameter == NULL) | ||
| 234 | goto err; | ||
| 235 | } | ||
| 206 | if(EVP_CIPHER_param_to_asn1(ctx, xalg->parameter) < 0) | 236 | if(EVP_CIPHER_param_to_asn1(ctx, xalg->parameter) < 0) |
| 207 | goto err; | 237 | goto err; |
| 208 | } | 238 | } |
| 209 | 239 | ||
| 210 | /* Lets do the pub key stuff :-) */ | 240 | /* Lets do the pub key stuff :-) */ |
| @@ -217,7 +247,8 @@ BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio) | |||
| 217 | PKCS7err(PKCS7_F_PKCS7_DATAINIT,PKCS7_R_MISSING_CERIPEND_INFO); | 247 | PKCS7err(PKCS7_F_PKCS7_DATAINIT,PKCS7_R_MISSING_CERIPEND_INFO); |
| 218 | goto err; | 248 | goto err; |
| 219 | } | 249 | } |
| 220 | pkey=X509_get_pubkey(ri->cert); | 250 | if ((pkey=X509_get_pubkey(ri->cert)) == NULL) |
| 251 | goto err; | ||
| 221 | jj=EVP_PKEY_size(pkey); | 252 | jj=EVP_PKEY_size(pkey); |
| 222 | EVP_PKEY_free(pkey); | 253 | EVP_PKEY_free(pkey); |
| 223 | if (max < jj) max=jj; | 254 | if (max < jj) max=jj; |
| @@ -230,7 +261,8 @@ BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio) | |||
| 230 | for (i=0; i<sk_PKCS7_RECIP_INFO_num(rsk); i++) | 261 | for (i=0; i<sk_PKCS7_RECIP_INFO_num(rsk); i++) |
| 231 | { | 262 | { |
| 232 | ri=sk_PKCS7_RECIP_INFO_value(rsk,i); | 263 | ri=sk_PKCS7_RECIP_INFO_value(rsk,i); |
| 233 | pkey=X509_get_pubkey(ri->cert); | 264 | if ((pkey=X509_get_pubkey(ri->cert)) == NULL) |
| 265 | goto err; | ||
| 234 | jj=EVP_PKEY_encrypt(tmp,key,keylen,pkey); | 266 | jj=EVP_PKEY_encrypt(tmp,key,keylen,pkey); |
| 235 | EVP_PKEY_free(pkey); | 267 | EVP_PKEY_free(pkey); |
| 236 | if (jj <= 0) | 268 | if (jj <= 0) |
| @@ -261,24 +293,16 @@ BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio) | |||
| 261 | { | 293 | { |
| 262 | if (PKCS7_is_detached(p7)) | 294 | if (PKCS7_is_detached(p7)) |
| 263 | bio=BIO_new(BIO_s_null()); | 295 | bio=BIO_new(BIO_s_null()); |
| 264 | else | 296 | else if (os && os->length > 0) |
| 297 | bio = BIO_new_mem_buf(os->data, os->length); | ||
| 298 | if(bio == NULL) | ||
| 265 | { | 299 | { |
| 266 | if (PKCS7_type_is_signed(p7)) | 300 | bio=BIO_new(BIO_s_mem()); |
| 267 | { | 301 | if (bio == NULL) |
| 268 | ASN1_OCTET_STRING *os; | 302 | goto err; |
| 269 | os = PKCS7_get_octet_string( | 303 | BIO_set_mem_eof_return(bio,0); |
| 270 | p7->d.sign->contents); | ||
| 271 | if (os && os->length > 0) | ||
| 272 | bio = BIO_new_mem_buf(os->data, | ||
| 273 | os->length); | ||
| 274 | } | ||
| 275 | if(bio == NULL) | ||
| 276 | { | ||
| 277 | bio=BIO_new(BIO_s_mem()); | ||
| 278 | BIO_set_mem_eof_return(bio,0); | ||
| 279 | } | ||
| 280 | } | 304 | } |
| 281 | } | 305 | } |
| 282 | BIO_push(out,bio); | 306 | BIO_push(out,bio); |
| 283 | bio=NULL; | 307 | bio=NULL; |
| 284 | if (0) | 308 | if (0) |
| @@ -293,6 +317,17 @@ err: | |||
| 293 | return(out); | 317 | return(out); |
| 294 | } | 318 | } |
| 295 | 319 | ||
| 320 | static int pkcs7_cmp_ri(PKCS7_RECIP_INFO *ri, X509 *pcert) | ||
| 321 | { | ||
| 322 | int ret; | ||
| 323 | ret = X509_NAME_cmp(ri->issuer_and_serial->issuer, | ||
| 324 | pcert->cert_info->issuer); | ||
| 325 | if (ret) | ||
| 326 | return ret; | ||
| 327 | return M_ASN1_INTEGER_cmp(pcert->cert_info->serialNumber, | ||
| 328 | ri->issuer_and_serial->serial); | ||
| 329 | } | ||
| 330 | |||
| 296 | /* int */ | 331 | /* int */ |
| 297 | BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert) | 332 | BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert) |
| 298 | { | 333 | { |
| @@ -403,18 +438,18 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert) | |||
| 403 | * (if any) | 438 | * (if any) |
| 404 | */ | 439 | */ |
| 405 | 440 | ||
| 406 | for (i=0; i<sk_PKCS7_RECIP_INFO_num(rsk); i++) { | 441 | if (pcert) { |
| 407 | ri=sk_PKCS7_RECIP_INFO_value(rsk,i); | 442 | for (i=0; i<sk_PKCS7_RECIP_INFO_num(rsk); i++) { |
| 408 | if(!X509_NAME_cmp(ri->issuer_and_serial->issuer, | 443 | ri=sk_PKCS7_RECIP_INFO_value(rsk,i); |
| 409 | pcert->cert_info->issuer) && | 444 | if (!pkcs7_cmp_ri(ri, pcert)) |
| 410 | !M_ASN1_INTEGER_cmp(pcert->cert_info->serialNumber, | 445 | break; |
| 411 | ri->issuer_and_serial->serial)) break; | 446 | ri=NULL; |
| 412 | ri=NULL; | 447 | } |
| 413 | } | 448 | if (ri == NULL) { |
| 414 | if (ri == NULL) { | 449 | PKCS7err(PKCS7_F_PKCS7_DATADECODE, |
| 415 | PKCS7err(PKCS7_F_PKCS7_DATADECODE, | 450 | PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE); |
| 416 | PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE); | 451 | goto err; |
| 417 | goto err; | 452 | } |
| 418 | } | 453 | } |
| 419 | 454 | ||
| 420 | jj=EVP_PKEY_size(pkey); | 455 | jj=EVP_PKEY_size(pkey); |
| @@ -425,17 +460,46 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert) | |||
| 425 | goto err; | 460 | goto err; |
| 426 | } | 461 | } |
| 427 | 462 | ||
| 428 | jj=EVP_PKEY_decrypt(tmp, M_ASN1_STRING_data(ri->enc_key), | 463 | /* If we haven't got a certificate try each ri in turn */ |
| 429 | M_ASN1_STRING_length(ri->enc_key), pkey); | 464 | |
| 430 | if (jj <= 0) | 465 | if (pcert == NULL) |
| 431 | { | 466 | { |
| 432 | PKCS7err(PKCS7_F_PKCS7_DATADECODE,ERR_R_EVP_LIB); | 467 | for (i=0; i<sk_PKCS7_RECIP_INFO_num(rsk); i++) |
| 433 | goto err; | 468 | { |
| 469 | ri=sk_PKCS7_RECIP_INFO_value(rsk,i); | ||
| 470 | jj=EVP_PKEY_decrypt(tmp, | ||
| 471 | M_ASN1_STRING_data(ri->enc_key), | ||
| 472 | M_ASN1_STRING_length(ri->enc_key), | ||
| 473 | pkey); | ||
| 474 | if (jj > 0) | ||
| 475 | break; | ||
| 476 | ERR_clear_error(); | ||
| 477 | ri = NULL; | ||
| 478 | } | ||
| 479 | if (ri == NULL) | ||
| 480 | { | ||
| 481 | PKCS7err(PKCS7_F_PKCS7_DATADECODE, | ||
| 482 | PKCS7_R_NO_RECIPIENT_MATCHES_KEY); | ||
| 483 | goto err; | ||
| 484 | } | ||
| 485 | } | ||
| 486 | else | ||
| 487 | { | ||
| 488 | jj=EVP_PKEY_decrypt(tmp, | ||
| 489 | M_ASN1_STRING_data(ri->enc_key), | ||
| 490 | M_ASN1_STRING_length(ri->enc_key), pkey); | ||
| 491 | if (jj <= 0) | ||
| 492 | { | ||
| 493 | PKCS7err(PKCS7_F_PKCS7_DATADECODE, | ||
| 494 | ERR_R_EVP_LIB); | ||
| 495 | goto err; | ||
| 496 | } | ||
| 434 | } | 497 | } |
| 435 | 498 | ||
| 436 | evp_ctx=NULL; | 499 | evp_ctx=NULL; |
| 437 | BIO_get_cipher_ctx(etmp,&evp_ctx); | 500 | BIO_get_cipher_ctx(etmp,&evp_ctx); |
| 438 | EVP_CipherInit_ex(evp_ctx,evp_cipher,NULL,NULL,NULL,0); | 501 | if (EVP_CipherInit_ex(evp_ctx,evp_cipher,NULL,NULL,NULL,0) <= 0) |
| 502 | goto err; | ||
| 439 | if (EVP_CIPHER_asn1_to_param(evp_ctx,enc_alg->parameter) < 0) | 503 | if (EVP_CIPHER_asn1_to_param(evp_ctx,enc_alg->parameter) < 0) |
| 440 | goto err; | 504 | goto err; |
| 441 | 505 | ||
| @@ -451,7 +515,8 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert) | |||
| 451 | goto err; | 515 | goto err; |
| 452 | } | 516 | } |
| 453 | } | 517 | } |
| 454 | EVP_CipherInit_ex(evp_ctx,NULL,NULL,tmp,NULL,0); | 518 | if (EVP_CipherInit_ex(evp_ctx,NULL,NULL,tmp,NULL,0) <= 0) |
| 519 | goto err; | ||
| 455 | 520 | ||
| 456 | OPENSSL_cleanse(tmp,jj); | 521 | OPENSSL_cleanse(tmp,jj); |
| 457 | 522 | ||
| @@ -485,6 +550,8 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert) | |||
| 485 | bio=BIO_new(BIO_s_mem()); | 550 | bio=BIO_new(BIO_s_mem()); |
| 486 | BIO_set_mem_eof_return(bio,0); | 551 | BIO_set_mem_eof_return(bio,0); |
| 487 | } | 552 | } |
| 553 | if (bio == NULL) | ||
| 554 | goto err; | ||
| 488 | #endif | 555 | #endif |
| 489 | } | 556 | } |
| 490 | BIO_push(out,bio); | 557 | BIO_push(out,bio); |
| @@ -504,6 +571,29 @@ err: | |||
| 504 | return(out); | 571 | return(out); |
| 505 | } | 572 | } |
| 506 | 573 | ||
| 574 | static BIO *PKCS7_find_digest(EVP_MD_CTX **pmd, BIO *bio, int nid) | ||
| 575 | { | ||
| 576 | for (;;) | ||
| 577 | { | ||
| 578 | bio=BIO_find_type(bio,BIO_TYPE_MD); | ||
| 579 | if (bio == NULL) | ||
| 580 | { | ||
| 581 | PKCS7err(PKCS7_F_PKCS7_FIND_DIGEST,PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST); | ||
| 582 | return NULL; | ||
| 583 | } | ||
| 584 | BIO_get_md_ctx(bio,pmd); | ||
| 585 | if (*pmd == NULL) | ||
| 586 | { | ||
| 587 | PKCS7err(PKCS7_F_PKCS7_FIND_DIGEST,ERR_R_INTERNAL_ERROR); | ||
| 588 | return NULL; | ||
| 589 | } | ||
| 590 | if (EVP_MD_CTX_type(*pmd) == nid) | ||
| 591 | return bio; | ||
| 592 | bio=BIO_next(bio); | ||
| 593 | } | ||
| 594 | return NULL; | ||
| 595 | } | ||
| 596 | |||
| 507 | int PKCS7_dataFinal(PKCS7 *p7, BIO *bio) | 597 | int PKCS7_dataFinal(PKCS7 *p7, BIO *bio) |
| 508 | { | 598 | { |
| 509 | int ret=0; | 599 | int ret=0; |
| @@ -528,7 +618,7 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio) | |||
| 528 | si_sk=p7->d.signed_and_enveloped->signer_info; | 618 | si_sk=p7->d.signed_and_enveloped->signer_info; |
| 529 | if (!(os=M_ASN1_OCTET_STRING_new())) | 619 | if (!(os=M_ASN1_OCTET_STRING_new())) |
| 530 | { | 620 | { |
| 531 | PKCS7err(PKCS7_F_PKCS7_DATASIGN,ERR_R_MALLOC_FAILURE); | 621 | PKCS7err(PKCS7_F_PKCS7_DATAFINAL,ERR_R_MALLOC_FAILURE); |
| 532 | goto err; | 622 | goto err; |
| 533 | } | 623 | } |
| 534 | p7->d.signed_and_enveloped->enc_data->enc_data=os; | 624 | p7->d.signed_and_enveloped->enc_data->enc_data=os; |
| @@ -537,7 +627,7 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio) | |||
| 537 | /* XXXXXXXXXXXXXXXX */ | 627 | /* XXXXXXXXXXXXXXXX */ |
| 538 | if (!(os=M_ASN1_OCTET_STRING_new())) | 628 | if (!(os=M_ASN1_OCTET_STRING_new())) |
| 539 | { | 629 | { |
| 540 | PKCS7err(PKCS7_F_PKCS7_DATASIGN,ERR_R_MALLOC_FAILURE); | 630 | PKCS7err(PKCS7_F_PKCS7_DATAFINAL,ERR_R_MALLOC_FAILURE); |
| 541 | goto err; | 631 | goto err; |
| 542 | } | 632 | } |
| 543 | p7->d.enveloped->enc_data->enc_data=os; | 633 | p7->d.enveloped->enc_data->enc_data=os; |
| @@ -551,13 +641,24 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio) | |||
| 551 | p7->d.sign->contents->d.data = NULL; | 641 | p7->d.sign->contents->d.data = NULL; |
| 552 | } | 642 | } |
| 553 | break; | 643 | break; |
| 644 | |||
| 645 | case NID_pkcs7_digest: | ||
| 646 | os=PKCS7_get_octet_string(p7->d.digest->contents); | ||
| 647 | /* If detached data then the content is excluded */ | ||
| 648 | if(PKCS7_type_is_data(p7->d.digest->contents) && p7->detached) | ||
| 649 | { | ||
| 650 | M_ASN1_OCTET_STRING_free(os); | ||
| 651 | p7->d.digest->contents->d.data = NULL; | ||
| 652 | } | ||
| 653 | break; | ||
| 654 | |||
| 554 | } | 655 | } |
| 555 | 656 | ||
| 556 | if (si_sk != NULL) | 657 | if (si_sk != NULL) |
| 557 | { | 658 | { |
| 558 | if ((buf=BUF_MEM_new()) == NULL) | 659 | if ((buf=BUF_MEM_new()) == NULL) |
| 559 | { | 660 | { |
| 560 | PKCS7err(PKCS7_F_PKCS7_DATASIGN,ERR_R_BIO_LIB); | 661 | PKCS7err(PKCS7_F_PKCS7_DATAFINAL,ERR_R_BIO_LIB); |
| 561 | goto err; | 662 | goto err; |
| 562 | } | 663 | } |
| 563 | for (i=0; i<sk_PKCS7_SIGNER_INFO_num(si_sk); i++) | 664 | for (i=0; i<sk_PKCS7_SIGNER_INFO_num(si_sk); i++) |
| @@ -568,32 +669,18 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio) | |||
| 568 | j=OBJ_obj2nid(si->digest_alg->algorithm); | 669 | j=OBJ_obj2nid(si->digest_alg->algorithm); |
| 569 | 670 | ||
| 570 | btmp=bio; | 671 | btmp=bio; |
| 571 | for (;;) | 672 | |
| 572 | { | 673 | btmp = PKCS7_find_digest(&mdc, btmp, j); |
| 573 | if ((btmp=BIO_find_type(btmp,BIO_TYPE_MD)) | 674 | |
| 574 | == NULL) | 675 | if (btmp == NULL) |
| 575 | { | 676 | goto err; |
| 576 | PKCS7err(PKCS7_F_PKCS7_DATASIGN,PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST); | 677 | |
| 577 | goto err; | ||
| 578 | } | ||
| 579 | BIO_get_md_ctx(btmp,&mdc); | ||
| 580 | if (mdc == NULL) | ||
| 581 | { | ||
| 582 | PKCS7err(PKCS7_F_PKCS7_DATASIGN,ERR_R_INTERNAL_ERROR); | ||
| 583 | goto err; | ||
| 584 | } | ||
| 585 | if (EVP_MD_CTX_type(mdc) == j) | ||
| 586 | break; | ||
| 587 | else | ||
| 588 | btmp=BIO_next(btmp); | ||
| 589 | } | ||
| 590 | |||
| 591 | /* We now have the EVP_MD_CTX, lets do the | 678 | /* We now have the EVP_MD_CTX, lets do the |
| 592 | * signing. */ | 679 | * signing. */ |
| 593 | EVP_MD_CTX_copy_ex(&ctx_tmp,mdc); | 680 | EVP_MD_CTX_copy_ex(&ctx_tmp,mdc); |
| 594 | if (!BUF_MEM_grow_clean(buf,EVP_PKEY_size(si->pkey))) | 681 | if (!BUF_MEM_grow_clean(buf,EVP_PKEY_size(si->pkey))) |
| 595 | { | 682 | { |
| 596 | PKCS7err(PKCS7_F_PKCS7_DATASIGN,ERR_R_BIO_LIB); | 683 | PKCS7err(PKCS7_F_PKCS7_DATAFINAL,ERR_R_BIO_LIB); |
| 597 | goto err; | 684 | goto err; |
| 598 | } | 685 | } |
| 599 | 686 | ||
| @@ -615,13 +702,17 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio) | |||
| 615 | { | 702 | { |
| 616 | if (!(sign_time=X509_gmtime_adj(NULL,0))) | 703 | if (!(sign_time=X509_gmtime_adj(NULL,0))) |
| 617 | { | 704 | { |
| 618 | PKCS7err(PKCS7_F_PKCS7_DATASIGN, | 705 | PKCS7err(PKCS7_F_PKCS7_DATAFINAL, |
| 619 | ERR_R_MALLOC_FAILURE); | 706 | ERR_R_MALLOC_FAILURE); |
| 620 | goto err; | 707 | goto err; |
| 621 | } | 708 | } |
| 622 | PKCS7_add_signed_attribute(si, | 709 | if (!PKCS7_add_signed_attribute(si, |
| 623 | NID_pkcs9_signingTime, | 710 | NID_pkcs9_signingTime, |
| 624 | V_ASN1_UTCTIME,sign_time); | 711 | V_ASN1_UTCTIME,sign_time)) |
| 712 | { | ||
| 713 | M_ASN1_UTCTIME_free(sign_time); | ||
| 714 | goto err; | ||
| 715 | } | ||
| 625 | } | 716 | } |
| 626 | 717 | ||
| 627 | /* Add digest */ | 718 | /* Add digest */ |
| @@ -629,20 +720,25 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio) | |||
| 629 | EVP_DigestFinal_ex(&ctx_tmp,md_data,&md_len); | 720 | EVP_DigestFinal_ex(&ctx_tmp,md_data,&md_len); |
| 630 | if (!(digest=M_ASN1_OCTET_STRING_new())) | 721 | if (!(digest=M_ASN1_OCTET_STRING_new())) |
| 631 | { | 722 | { |
| 632 | PKCS7err(PKCS7_F_PKCS7_DATASIGN, | 723 | PKCS7err(PKCS7_F_PKCS7_DATAFINAL, |
| 633 | ERR_R_MALLOC_FAILURE); | 724 | ERR_R_MALLOC_FAILURE); |
| 634 | goto err; | 725 | goto err; |
| 635 | } | 726 | } |
| 636 | if (!M_ASN1_OCTET_STRING_set(digest,md_data, | 727 | if (!M_ASN1_OCTET_STRING_set(digest,md_data, |
| 637 | md_len)) | 728 | md_len)) |
| 638 | { | 729 | { |
| 639 | PKCS7err(PKCS7_F_PKCS7_DATASIGN, | 730 | PKCS7err(PKCS7_F_PKCS7_DATAFINAL, |
| 640 | ERR_R_MALLOC_FAILURE); | 731 | ERR_R_MALLOC_FAILURE); |
| 732 | M_ASN1_OCTET_STRING_free(digest); | ||
| 641 | goto err; | 733 | goto err; |
| 642 | } | 734 | } |
| 643 | PKCS7_add_signed_attribute(si, | 735 | if (!PKCS7_add_signed_attribute(si, |
| 644 | NID_pkcs9_messageDigest, | 736 | NID_pkcs9_messageDigest, |
| 645 | V_ASN1_OCTET_STRING,digest); | 737 | V_ASN1_OCTET_STRING,digest)) |
| 738 | { | ||
| 739 | M_ASN1_OCTET_STRING_free(digest); | ||
| 740 | goto err; | ||
| 741 | } | ||
| 646 | 742 | ||
| 647 | /* Now sign the attributes */ | 743 | /* Now sign the attributes */ |
| 648 | EVP_SignInit_ex(&ctx_tmp,md_tmp,NULL); | 744 | EVP_SignInit_ex(&ctx_tmp,md_tmp,NULL); |
| @@ -657,28 +753,42 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio) | |||
| 657 | if (si->pkey->type == EVP_PKEY_DSA) | 753 | if (si->pkey->type == EVP_PKEY_DSA) |
| 658 | ctx_tmp.digest=EVP_dss1(); | 754 | ctx_tmp.digest=EVP_dss1(); |
| 659 | #endif | 755 | #endif |
| 756 | #ifndef OPENSSL_NO_ECDSA | ||
| 757 | if (si->pkey->type == EVP_PKEY_EC) | ||
| 758 | ctx_tmp.digest=EVP_ecdsa(); | ||
| 759 | #endif | ||
| 660 | 760 | ||
| 661 | if (!EVP_SignFinal(&ctx_tmp,(unsigned char *)buf->data, | 761 | if (!EVP_SignFinal(&ctx_tmp,(unsigned char *)buf->data, |
| 662 | (unsigned int *)&buf->length,si->pkey)) | 762 | (unsigned int *)&buf->length,si->pkey)) |
| 663 | { | 763 | { |
| 664 | PKCS7err(PKCS7_F_PKCS7_DATASIGN,ERR_R_EVP_LIB); | 764 | PKCS7err(PKCS7_F_PKCS7_DATAFINAL,ERR_R_EVP_LIB); |
| 665 | goto err; | 765 | goto err; |
| 666 | } | 766 | } |
| 667 | if (!ASN1_STRING_set(si->enc_digest, | 767 | if (!ASN1_STRING_set(si->enc_digest, |
| 668 | (unsigned char *)buf->data,buf->length)) | 768 | (unsigned char *)buf->data,buf->length)) |
| 669 | { | 769 | { |
| 670 | PKCS7err(PKCS7_F_PKCS7_DATASIGN,ERR_R_ASN1_LIB); | 770 | PKCS7err(PKCS7_F_PKCS7_DATAFINAL,ERR_R_ASN1_LIB); |
| 671 | goto err; | 771 | goto err; |
| 672 | } | 772 | } |
| 673 | } | 773 | } |
| 674 | } | 774 | } |
| 775 | else if (i == NID_pkcs7_digest) | ||
| 776 | { | ||
| 777 | unsigned char md_data[EVP_MAX_MD_SIZE]; | ||
| 778 | unsigned int md_len; | ||
| 779 | if (!PKCS7_find_digest(&mdc, bio, | ||
| 780 | OBJ_obj2nid(p7->d.digest->md->algorithm))) | ||
| 781 | goto err; | ||
| 782 | EVP_DigestFinal_ex(mdc,md_data,&md_len); | ||
| 783 | M_ASN1_OCTET_STRING_set(p7->d.digest->digest, md_data, md_len); | ||
| 784 | } | ||
| 675 | 785 | ||
| 676 | if (!PKCS7_is_detached(p7)) | 786 | if (!PKCS7_is_detached(p7)) |
| 677 | { | 787 | { |
| 678 | btmp=BIO_find_type(bio,BIO_TYPE_MEM); | 788 | btmp=BIO_find_type(bio,BIO_TYPE_MEM); |
| 679 | if (btmp == NULL) | 789 | if (btmp == NULL) |
| 680 | { | 790 | { |
| 681 | PKCS7err(PKCS7_F_PKCS7_DATASIGN,PKCS7_R_UNABLE_TO_FIND_MEM_BIO); | 791 | PKCS7err(PKCS7_F_PKCS7_DATAFINAL,PKCS7_R_UNABLE_TO_FIND_MEM_BIO); |
| 682 | goto err; | 792 | goto err; |
| 683 | } | 793 | } |
| 684 | BIO_get_mem_ptr(btmp,&buf_mem); | 794 | BIO_get_mem_ptr(btmp,&buf_mem); |
| @@ -859,6 +969,9 @@ for (ii=0; ii<md_len; ii++) printf("%02X",md_dat[ii]); printf(" calc\n"); | |||
| 859 | #ifndef OPENSSL_NO_DSA | 969 | #ifndef OPENSSL_NO_DSA |
| 860 | if(pkey->type == EVP_PKEY_DSA) mdc_tmp.digest=EVP_dss1(); | 970 | if(pkey->type == EVP_PKEY_DSA) mdc_tmp.digest=EVP_dss1(); |
| 861 | #endif | 971 | #endif |
| 972 | #ifndef OPENSSL_NO_ECDSA | ||
| 973 | if (pkey->type == EVP_PKEY_EC) mdc_tmp.digest=EVP_ecdsa(); | ||
| 974 | #endif | ||
| 862 | 975 | ||
| 863 | i=EVP_VerifyFinal(&mdc_tmp,os->data,os->length, pkey); | 976 | i=EVP_VerifyFinal(&mdc_tmp,os->data,os->length, pkey); |
| 864 | EVP_PKEY_free(pkey); | 977 | EVP_PKEY_free(pkey); |
| @@ -883,8 +996,13 @@ PKCS7_ISSUER_AND_SERIAL *PKCS7_get_issuer_and_serial(PKCS7 *p7, int idx) | |||
| 883 | int i; | 996 | int i; |
| 884 | 997 | ||
| 885 | i=OBJ_obj2nid(p7->type); | 998 | i=OBJ_obj2nid(p7->type); |
| 886 | if (i != NID_pkcs7_signedAndEnveloped) return(NULL); | 999 | if (i != NID_pkcs7_signedAndEnveloped) |
| 1000 | return NULL; | ||
| 1001 | if (p7->d.signed_and_enveloped == NULL) | ||
| 1002 | return NULL; | ||
| 887 | rsk=p7->d.signed_and_enveloped->recipientinfo; | 1003 | rsk=p7->d.signed_and_enveloped->recipientinfo; |
| 1004 | if (rsk == NULL) | ||
| 1005 | return NULL; | ||
| 888 | ri=sk_PKCS7_RECIP_INFO_value(rsk,0); | 1006 | ri=sk_PKCS7_RECIP_INFO_value(rsk,0); |
| 889 | if (sk_PKCS7_RECIP_INFO_num(rsk) <= idx) return(NULL); | 1007 | if (sk_PKCS7_RECIP_INFO_num(rsk) <= idx) return(NULL); |
| 890 | ri=sk_PKCS7_RECIP_INFO_value(rsk,idx); | 1008 | ri=sk_PKCS7_RECIP_INFO_value(rsk,idx); |
| @@ -938,6 +1056,8 @@ int PKCS7_set_signed_attributes(PKCS7_SIGNER_INFO *p7si, | |||
| 938 | if (p7si->auth_attr != NULL) | 1056 | if (p7si->auth_attr != NULL) |
| 939 | sk_X509_ATTRIBUTE_pop_free(p7si->auth_attr,X509_ATTRIBUTE_free); | 1057 | sk_X509_ATTRIBUTE_pop_free(p7si->auth_attr,X509_ATTRIBUTE_free); |
| 940 | p7si->auth_attr=sk_X509_ATTRIBUTE_dup(sk); | 1058 | p7si->auth_attr=sk_X509_ATTRIBUTE_dup(sk); |
| 1059 | if (p7si->auth_attr == NULL) | ||
| 1060 | return 0; | ||
| 941 | for (i=0; i<sk_X509_ATTRIBUTE_num(sk); i++) | 1061 | for (i=0; i<sk_X509_ATTRIBUTE_num(sk); i++) |
| 942 | { | 1062 | { |
| 943 | if ((sk_X509_ATTRIBUTE_set(p7si->auth_attr,i, | 1063 | if ((sk_X509_ATTRIBUTE_set(p7si->auth_attr,i, |
| @@ -956,6 +1076,8 @@ int PKCS7_set_attributes(PKCS7_SIGNER_INFO *p7si, STACK_OF(X509_ATTRIBUTE) *sk) | |||
| 956 | sk_X509_ATTRIBUTE_pop_free(p7si->unauth_attr, | 1076 | sk_X509_ATTRIBUTE_pop_free(p7si->unauth_attr, |
| 957 | X509_ATTRIBUTE_free); | 1077 | X509_ATTRIBUTE_free); |
| 958 | p7si->unauth_attr=sk_X509_ATTRIBUTE_dup(sk); | 1078 | p7si->unauth_attr=sk_X509_ATTRIBUTE_dup(sk); |
| 1079 | if (p7si->unauth_attr == NULL) | ||
| 1080 | return 0; | ||
| 959 | for (i=0; i<sk_X509_ATTRIBUTE_num(sk); i++) | 1081 | for (i=0; i<sk_X509_ATTRIBUTE_num(sk); i++) |
| 960 | { | 1082 | { |
| 961 | if ((sk_X509_ATTRIBUTE_set(p7si->unauth_attr,i, | 1083 | if ((sk_X509_ATTRIBUTE_set(p7si->unauth_attr,i, |
| @@ -985,10 +1107,16 @@ static int add_attribute(STACK_OF(X509_ATTRIBUTE) **sk, int nid, int atrtype, | |||
| 985 | 1107 | ||
| 986 | if (*sk == NULL) | 1108 | if (*sk == NULL) |
| 987 | { | 1109 | { |
| 988 | *sk = sk_X509_ATTRIBUTE_new_null(); | 1110 | if (!(*sk = sk_X509_ATTRIBUTE_new_null())) |
| 1111 | return 0; | ||
| 989 | new_attrib: | 1112 | new_attrib: |
| 990 | attr=X509_ATTRIBUTE_create(nid,atrtype,value); | 1113 | if (!(attr=X509_ATTRIBUTE_create(nid,atrtype,value))) |
| 991 | sk_X509_ATTRIBUTE_push(*sk,attr); | 1114 | return 0; |
| 1115 | if (!sk_X509_ATTRIBUTE_push(*sk,attr)) | ||
| 1116 | { | ||
| 1117 | X509_ATTRIBUTE_free(attr); | ||
| 1118 | return 0; | ||
| 1119 | } | ||
| 992 | } | 1120 | } |
| 993 | else | 1121 | else |
| 994 | { | 1122 | { |
| @@ -1001,7 +1129,13 @@ new_attrib: | |||
| 1001 | { | 1129 | { |
| 1002 | X509_ATTRIBUTE_free(attr); | 1130 | X509_ATTRIBUTE_free(attr); |
| 1003 | attr=X509_ATTRIBUTE_create(nid,atrtype,value); | 1131 | attr=X509_ATTRIBUTE_create(nid,atrtype,value); |
| 1004 | sk_X509_ATTRIBUTE_set(*sk,i,attr); | 1132 | if (attr == NULL) |
| 1133 | return 0; | ||
| 1134 | if (!sk_X509_ATTRIBUTE_set(*sk,i,attr)) | ||
| 1135 | { | ||
| 1136 | X509_ATTRIBUTE_free(attr); | ||
| 1137 | return 0; | ||
| 1138 | } | ||
| 1005 | goto end; | 1139 | goto end; |
| 1006 | } | 1140 | } |
| 1007 | } | 1141 | } |
diff --git a/src/lib/libssl/src/crypto/pkcs7/pk7_lib.c b/src/lib/libssl/src/crypto/pkcs7/pk7_lib.c index ee1817c7af..f2490941a3 100644 --- a/src/lib/libssl/src/crypto/pkcs7/pk7_lib.c +++ b/src/lib/libssl/src/crypto/pkcs7/pk7_lib.c | |||
| @@ -138,6 +138,10 @@ int PKCS7_set_content(PKCS7 *p7, PKCS7 *p7_data) | |||
| 138 | p7->d.sign->contents=p7_data; | 138 | p7->d.sign->contents=p7_data; |
| 139 | break; | 139 | break; |
| 140 | case NID_pkcs7_digest: | 140 | case NID_pkcs7_digest: |
| 141 | if (p7->d.digest->contents != NULL) | ||
| 142 | PKCS7_free(p7->d.digest->contents); | ||
| 143 | p7->d.digest->contents=p7_data; | ||
| 144 | break; | ||
| 141 | case NID_pkcs7_data: | 145 | case NID_pkcs7_data: |
| 142 | case NID_pkcs7_enveloped: | 146 | case NID_pkcs7_enveloped: |
| 143 | case NID_pkcs7_signedAndEnveloped: | 147 | case NID_pkcs7_signedAndEnveloped: |
| @@ -206,6 +210,12 @@ int PKCS7_set_type(PKCS7 *p7, int type) | |||
| 206 | break; | 210 | break; |
| 207 | 211 | ||
| 208 | case NID_pkcs7_digest: | 212 | case NID_pkcs7_digest: |
| 213 | p7->type=obj; | ||
| 214 | if ((p7->d.digest=PKCS7_DIGEST_new()) | ||
| 215 | == NULL) goto err; | ||
| 216 | if (!ASN1_INTEGER_set(p7->d.digest->version,0)) | ||
| 217 | goto err; | ||
| 218 | break; | ||
| 209 | default: | 219 | default: |
| 210 | PKCS7err(PKCS7_F_PKCS7_SET_TYPE,PKCS7_R_UNSUPPORTED_CONTENT_TYPE); | 220 | PKCS7err(PKCS7_F_PKCS7_SET_TYPE,PKCS7_R_UNSUPPORTED_CONTENT_TYPE); |
| 211 | goto err; | 221 | goto err; |
| @@ -215,6 +225,13 @@ err: | |||
| 215 | return(0); | 225 | return(0); |
| 216 | } | 226 | } |
| 217 | 227 | ||
| 228 | int PKCS7_set0_type_other(PKCS7 *p7, int type, ASN1_TYPE *other) | ||
| 229 | { | ||
| 230 | p7->type = OBJ_nid2obj(type); | ||
| 231 | p7->d.other = other; | ||
| 232 | return 1; | ||
| 233 | } | ||
| 234 | |||
| 218 | int PKCS7_add_signer(PKCS7 *p7, PKCS7_SIGNER_INFO *psi) | 235 | int PKCS7_add_signer(PKCS7 *p7, PKCS7_SIGNER_INFO *psi) |
| 219 | { | 236 | { |
| 220 | int i,j,nid; | 237 | int i,j,nid; |
| @@ -254,16 +271,23 @@ int PKCS7_add_signer(PKCS7 *p7, PKCS7_SIGNER_INFO *psi) | |||
| 254 | if (!j) /* we need to add another algorithm */ | 271 | if (!j) /* we need to add another algorithm */ |
| 255 | { | 272 | { |
| 256 | if(!(alg=X509_ALGOR_new()) | 273 | if(!(alg=X509_ALGOR_new()) |
| 257 | || !(alg->parameter = ASN1_TYPE_new())) { | 274 | || !(alg->parameter = ASN1_TYPE_new())) |
| 275 | { | ||
| 276 | X509_ALGOR_free(alg); | ||
| 258 | PKCS7err(PKCS7_F_PKCS7_ADD_SIGNER,ERR_R_MALLOC_FAILURE); | 277 | PKCS7err(PKCS7_F_PKCS7_ADD_SIGNER,ERR_R_MALLOC_FAILURE); |
| 259 | return(0); | 278 | return(0); |
| 260 | } | 279 | } |
| 261 | alg->algorithm=OBJ_nid2obj(nid); | 280 | alg->algorithm=OBJ_nid2obj(nid); |
| 262 | alg->parameter->type = V_ASN1_NULL; | 281 | alg->parameter->type = V_ASN1_NULL; |
| 263 | sk_X509_ALGOR_push(md_sk,alg); | 282 | if (!sk_X509_ALGOR_push(md_sk,alg)) |
| 283 | { | ||
| 284 | X509_ALGOR_free(alg); | ||
| 285 | return 0; | ||
| 286 | } | ||
| 264 | } | 287 | } |
| 265 | 288 | ||
| 266 | sk_PKCS7_SIGNER_INFO_push(signer_sk,psi); | 289 | if (!sk_PKCS7_SIGNER_INFO_push(signer_sk,psi)) |
| 290 | return 0; | ||
| 267 | return(1); | 291 | return(1); |
| 268 | } | 292 | } |
| 269 | 293 | ||
| @@ -288,8 +312,17 @@ int PKCS7_add_certificate(PKCS7 *p7, X509 *x509) | |||
| 288 | 312 | ||
| 289 | if (*sk == NULL) | 313 | if (*sk == NULL) |
| 290 | *sk=sk_X509_new_null(); | 314 | *sk=sk_X509_new_null(); |
| 315 | if (*sk == NULL) | ||
| 316 | { | ||
| 317 | PKCS7err(PKCS7_F_PKCS7_ADD_CERTIFICATE,ERR_R_MALLOC_FAILURE); | ||
| 318 | return 0; | ||
| 319 | } | ||
| 291 | CRYPTO_add(&x509->references,1,CRYPTO_LOCK_X509); | 320 | CRYPTO_add(&x509->references,1,CRYPTO_LOCK_X509); |
| 292 | sk_X509_push(*sk,x509); | 321 | if (!sk_X509_push(*sk,x509)) |
| 322 | { | ||
| 323 | X509_free(x509); | ||
| 324 | return 0; | ||
| 325 | } | ||
| 293 | return(1); | 326 | return(1); |
| 294 | } | 327 | } |
| 295 | 328 | ||
| @@ -314,18 +347,31 @@ int PKCS7_add_crl(PKCS7 *p7, X509_CRL *crl) | |||
| 314 | 347 | ||
| 315 | if (*sk == NULL) | 348 | if (*sk == NULL) |
| 316 | *sk=sk_X509_CRL_new_null(); | 349 | *sk=sk_X509_CRL_new_null(); |
| 350 | if (*sk == NULL) | ||
| 351 | { | ||
| 352 | PKCS7err(PKCS7_F_PKCS7_ADD_CRL,ERR_R_MALLOC_FAILURE); | ||
| 353 | return 0; | ||
| 354 | } | ||
| 317 | 355 | ||
| 318 | CRYPTO_add(&crl->references,1,CRYPTO_LOCK_X509_CRL); | 356 | CRYPTO_add(&crl->references,1,CRYPTO_LOCK_X509_CRL); |
| 319 | sk_X509_CRL_push(*sk,crl); | 357 | if (!sk_X509_CRL_push(*sk,crl)) |
| 358 | { | ||
| 359 | X509_CRL_free(crl); | ||
| 360 | return 0; | ||
| 361 | } | ||
| 320 | return(1); | 362 | return(1); |
| 321 | } | 363 | } |
| 322 | 364 | ||
| 323 | int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey, | 365 | int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey, |
| 324 | const EVP_MD *dgst) | 366 | const EVP_MD *dgst) |
| 325 | { | 367 | { |
| 368 | int nid; | ||
| 326 | char is_dsa; | 369 | char is_dsa; |
| 327 | if (pkey->type == EVP_PKEY_DSA) is_dsa = 1; | 370 | |
| 328 | else is_dsa = 0; | 371 | if (pkey->type == EVP_PKEY_DSA || pkey->type == EVP_PKEY_EC) |
| 372 | is_dsa = 1; | ||
| 373 | else | ||
| 374 | is_dsa = 0; | ||
| 329 | /* We now need to add another PKCS7_SIGNER_INFO entry */ | 375 | /* We now need to add another PKCS7_SIGNER_INFO entry */ |
| 330 | if (!ASN1_INTEGER_set(p7i->version,1)) | 376 | if (!ASN1_INTEGER_set(p7i->version,1)) |
| 331 | goto err; | 377 | goto err; |
| @@ -355,16 +401,38 @@ int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey, | |||
| 355 | goto err; | 401 | goto err; |
| 356 | p7i->digest_alg->parameter->type=V_ASN1_NULL; | 402 | p7i->digest_alg->parameter->type=V_ASN1_NULL; |
| 357 | 403 | ||
| 358 | p7i->digest_enc_alg->algorithm=OBJ_nid2obj(EVP_PKEY_type(pkey->type)); | ||
| 359 | |||
| 360 | if (p7i->digest_enc_alg->parameter != NULL) | 404 | if (p7i->digest_enc_alg->parameter != NULL) |
| 361 | ASN1_TYPE_free(p7i->digest_enc_alg->parameter); | 405 | ASN1_TYPE_free(p7i->digest_enc_alg->parameter); |
| 362 | if(is_dsa) p7i->digest_enc_alg->parameter = NULL; | 406 | nid = EVP_PKEY_type(pkey->type); |
| 363 | else { | 407 | if (nid == EVP_PKEY_RSA) |
| 408 | { | ||
| 409 | p7i->digest_enc_alg->algorithm=OBJ_nid2obj(NID_rsaEncryption); | ||
| 364 | if (!(p7i->digest_enc_alg->parameter=ASN1_TYPE_new())) | 410 | if (!(p7i->digest_enc_alg->parameter=ASN1_TYPE_new())) |
| 365 | goto err; | 411 | goto err; |
| 366 | p7i->digest_enc_alg->parameter->type=V_ASN1_NULL; | 412 | p7i->digest_enc_alg->parameter->type=V_ASN1_NULL; |
| 367 | } | 413 | } |
| 414 | else if (nid == EVP_PKEY_DSA) | ||
| 415 | { | ||
| 416 | #if 1 | ||
| 417 | /* use 'dsaEncryption' OID for compatibility with other software | ||
| 418 | * (PKCS #7 v1.5 does specify how to handle DSA) ... */ | ||
| 419 | p7i->digest_enc_alg->algorithm=OBJ_nid2obj(NID_dsa); | ||
| 420 | #else | ||
| 421 | /* ... although the 'dsaWithSHA1' OID (as required by RFC 2630 for CMS) | ||
| 422 | * would make more sense. */ | ||
| 423 | p7i->digest_enc_alg->algorithm=OBJ_nid2obj(NID_dsaWithSHA1); | ||
| 424 | #endif | ||
| 425 | p7i->digest_enc_alg->parameter = NULL; /* special case for DSA: omit 'parameter'! */ | ||
| 426 | } | ||
| 427 | else if (nid == EVP_PKEY_EC) | ||
| 428 | { | ||
| 429 | p7i->digest_enc_alg->algorithm=OBJ_nid2obj(NID_ecdsa_with_SHA1); | ||
| 430 | if (!(p7i->digest_enc_alg->parameter=ASN1_TYPE_new())) | ||
| 431 | goto err; | ||
| 432 | p7i->digest_enc_alg->parameter->type=V_ASN1_NULL; | ||
| 433 | } | ||
| 434 | else | ||
| 435 | return(0); | ||
| 368 | 436 | ||
| 369 | return(1); | 437 | return(1); |
| 370 | err: | 438 | err: |
| @@ -381,9 +449,28 @@ PKCS7_SIGNER_INFO *PKCS7_add_signature(PKCS7 *p7, X509 *x509, EVP_PKEY *pkey, | |||
| 381 | if (!PKCS7_add_signer(p7,si)) goto err; | 449 | if (!PKCS7_add_signer(p7,si)) goto err; |
| 382 | return(si); | 450 | return(si); |
| 383 | err: | 451 | err: |
| 452 | PKCS7_SIGNER_INFO_free(si); | ||
| 384 | return(NULL); | 453 | return(NULL); |
| 385 | } | 454 | } |
| 386 | 455 | ||
| 456 | int PKCS7_set_digest(PKCS7 *p7, const EVP_MD *md) | ||
| 457 | { | ||
| 458 | if (PKCS7_type_is_digest(p7)) | ||
| 459 | { | ||
| 460 | if(!(p7->d.digest->md->parameter = ASN1_TYPE_new())) | ||
| 461 | { | ||
| 462 | PKCS7err(PKCS7_F_PKCS7_SET_DIGEST,ERR_R_MALLOC_FAILURE); | ||
| 463 | return 0; | ||
| 464 | } | ||
| 465 | p7->d.digest->md->parameter->type = V_ASN1_NULL; | ||
| 466 | p7->d.digest->md->algorithm = OBJ_nid2obj(EVP_MD_nid(md)); | ||
| 467 | return 1; | ||
| 468 | } | ||
| 469 | |||
| 470 | PKCS7err(PKCS7_F_PKCS7_SET_DIGEST,PKCS7_R_WRONG_CONTENT_TYPE); | ||
| 471 | return 1; | ||
| 472 | } | ||
| 473 | |||
| 387 | STACK_OF(PKCS7_SIGNER_INFO) *PKCS7_get_signer_info(PKCS7 *p7) | 474 | STACK_OF(PKCS7_SIGNER_INFO) *PKCS7_get_signer_info(PKCS7 *p7) |
| 388 | { | 475 | { |
| 389 | if (PKCS7_type_is_signed(p7)) | 476 | if (PKCS7_type_is_signed(p7)) |
| @@ -407,6 +494,7 @@ PKCS7_RECIP_INFO *PKCS7_add_recipient(PKCS7 *p7, X509 *x509) | |||
| 407 | if (!PKCS7_add_recipient_info(p7,ri)) goto err; | 494 | if (!PKCS7_add_recipient_info(p7,ri)) goto err; |
| 408 | return(ri); | 495 | return(ri); |
| 409 | err: | 496 | err: |
| 497 | PKCS7_RECIP_INFO_free(ri); | ||
| 410 | return(NULL); | 498 | return(NULL); |
| 411 | } | 499 | } |
| 412 | 500 | ||
| @@ -429,7 +517,8 @@ int PKCS7_add_recipient_info(PKCS7 *p7, PKCS7_RECIP_INFO *ri) | |||
| 429 | return(0); | 517 | return(0); |
| 430 | } | 518 | } |
| 431 | 519 | ||
| 432 | sk_PKCS7_RECIP_INFO_push(sk,ri); | 520 | if (!sk_PKCS7_RECIP_INFO_push(sk,ri)) |
| 521 | return 0; | ||
| 433 | return(1); | 522 | return(1); |
| 434 | } | 523 | } |
| 435 | 524 | ||
diff --git a/src/lib/libssl/src/crypto/pkcs7/pk7_mime.c b/src/lib/libssl/src/crypto/pkcs7/pk7_mime.c index 927b88c3e7..17b68992f7 100644 --- a/src/lib/libssl/src/crypto/pkcs7/pk7_mime.c +++ b/src/lib/libssl/src/crypto/pkcs7/pk7_mime.c | |||
| @@ -1,6 +1,6 @@ | |||
| 1 | /* pk7_mime.c */ | 1 | /* pk7_mime.c */ |
| 2 | /* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL | 2 | /* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL |
| 3 | * project 1999. | 3 | * project. |
| 4 | */ | 4 | */ |
| 5 | /* ==================================================================== | 5 | /* ==================================================================== |
| 6 | * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved. | 6 | * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved. |
| @@ -86,6 +86,7 @@ STACK_OF(MIME_PARAM) *params; /* Zero or more parameters */ | |||
| 86 | DECLARE_STACK_OF(MIME_HEADER) | 86 | DECLARE_STACK_OF(MIME_HEADER) |
| 87 | IMPLEMENT_STACK_OF(MIME_HEADER) | 87 | IMPLEMENT_STACK_OF(MIME_HEADER) |
| 88 | 88 | ||
| 89 | static int pkcs7_output_data(BIO *bio, BIO *data, PKCS7 *p7, int flags); | ||
| 89 | static int B64_write_PKCS7(BIO *bio, PKCS7 *p7); | 90 | static int B64_write_PKCS7(BIO *bio, PKCS7 *p7); |
| 90 | static PKCS7 *B64_read_PKCS7(BIO *bio); | 91 | static PKCS7 *B64_read_PKCS7(BIO *bio); |
| 91 | static char * strip_ends(char *name); | 92 | static char * strip_ends(char *name); |
| @@ -109,9 +110,6 @@ static void mime_hdr_free(MIME_HEADER *hdr); | |||
| 109 | #define MAX_SMLEN 1024 | 110 | #define MAX_SMLEN 1024 |
| 110 | #define mime_debug(x) /* x */ | 111 | #define mime_debug(x) /* x */ |
| 111 | 112 | ||
| 112 | |||
| 113 | typedef void (*stkfree)(); | ||
| 114 | |||
| 115 | /* Base 64 read and write of PKCS#7 structure */ | 113 | /* Base 64 read and write of PKCS#7 structure */ |
| 116 | 114 | ||
| 117 | static int B64_write_PKCS7(BIO *bio, PKCS7 *p7) | 115 | static int B64_write_PKCS7(BIO *bio, PKCS7 *p7) |
| @@ -123,7 +121,7 @@ static int B64_write_PKCS7(BIO *bio, PKCS7 *p7) | |||
| 123 | } | 121 | } |
| 124 | bio = BIO_push(b64, bio); | 122 | bio = BIO_push(b64, bio); |
| 125 | i2d_PKCS7_bio(bio, p7); | 123 | i2d_PKCS7_bio(bio, p7); |
| 126 | BIO_flush(bio); | 124 | (void)BIO_flush(bio); |
| 127 | bio = BIO_pop(bio); | 125 | bio = BIO_pop(bio); |
| 128 | BIO_free(b64); | 126 | BIO_free(b64); |
| 129 | return 1; | 127 | return 1; |
| @@ -140,7 +138,7 @@ static PKCS7 *B64_read_PKCS7(BIO *bio) | |||
| 140 | bio = BIO_push(b64, bio); | 138 | bio = BIO_push(b64, bio); |
| 141 | if(!(p7 = d2i_PKCS7_bio(bio, NULL))) | 139 | if(!(p7 = d2i_PKCS7_bio(bio, NULL))) |
| 142 | PKCS7err(PKCS7_F_B64_READ_PKCS7,PKCS7_R_DECODE_ERROR); | 140 | PKCS7err(PKCS7_F_B64_READ_PKCS7,PKCS7_R_DECODE_ERROR); |
| 143 | BIO_flush(bio); | 141 | (void)BIO_flush(bio); |
| 144 | bio = BIO_pop(bio); | 142 | bio = BIO_pop(bio); |
| 145 | BIO_free(b64); | 143 | BIO_free(b64); |
| 146 | return p7; | 144 | return p7; |
| @@ -182,7 +180,7 @@ int SMIME_write_PKCS7(BIO *bio, PKCS7 *p7, BIO *data, int flags) | |||
| 182 | mime_eol, mime_eol); | 180 | mime_eol, mime_eol); |
| 183 | /* Now write out the first part */ | 181 | /* Now write out the first part */ |
| 184 | BIO_printf(bio, "------%s%s", bound, mime_eol); | 182 | BIO_printf(bio, "------%s%s", bound, mime_eol); |
| 185 | SMIME_crlf_copy(data, bio, flags); | 183 | pkcs7_output_data(bio, data, p7, flags); |
| 186 | BIO_printf(bio, "%s------%s%s", mime_eol, bound, mime_eol); | 184 | BIO_printf(bio, "%s------%s%s", mime_eol, bound, mime_eol); |
| 187 | 185 | ||
| 188 | /* Headers for signature */ | 186 | /* Headers for signature */ |
| @@ -196,7 +194,7 @@ int SMIME_write_PKCS7(BIO *bio, PKCS7 *p7, BIO *data, int flags) | |||
| 196 | mime_eol, mime_eol); | 194 | mime_eol, mime_eol); |
| 197 | B64_write_PKCS7(bio, p7); | 195 | B64_write_PKCS7(bio, p7); |
| 198 | BIO_printf(bio,"%s------%s--%s%s", mime_eol, bound, | 196 | BIO_printf(bio,"%s------%s--%s%s", mime_eol, bound, |
| 199 | mime_eol, mime_eol); | 197 | mime_eol, mime_eol); |
| 200 | return 1; | 198 | return 1; |
| 201 | } | 199 | } |
| 202 | 200 | ||
| @@ -231,6 +229,46 @@ int SMIME_write_PKCS7(BIO *bio, PKCS7 *p7, BIO *data, int flags) | |||
| 231 | return 1; | 229 | return 1; |
| 232 | } | 230 | } |
| 233 | 231 | ||
| 232 | /* Handle output of PKCS#7 data */ | ||
| 233 | |||
| 234 | |||
| 235 | static int pkcs7_output_data(BIO *out, BIO *data, PKCS7 *p7, int flags) | ||
| 236 | { | ||
| 237 | BIO *tmpbio, *p7bio; | ||
| 238 | |||
| 239 | if (!(flags & PKCS7_STREAM)) | ||
| 240 | { | ||
| 241 | SMIME_crlf_copy(data, out, flags); | ||
| 242 | return 1; | ||
| 243 | } | ||
| 244 | |||
| 245 | /* Partial sign operation */ | ||
| 246 | |||
| 247 | /* Initialize sign operation */ | ||
| 248 | p7bio = PKCS7_dataInit(p7, out); | ||
| 249 | |||
| 250 | /* Copy data across, computing digests etc */ | ||
| 251 | SMIME_crlf_copy(data, p7bio, flags); | ||
| 252 | |||
| 253 | /* Must be detached */ | ||
| 254 | PKCS7_set_detached(p7, 1); | ||
| 255 | |||
| 256 | /* Finalize signatures */ | ||
| 257 | PKCS7_dataFinal(p7, p7bio); | ||
| 258 | |||
| 259 | /* Now remove any digests prepended to the BIO */ | ||
| 260 | |||
| 261 | while (p7bio != out) | ||
| 262 | { | ||
| 263 | tmpbio = BIO_pop(p7bio); | ||
| 264 | BIO_free(p7bio); | ||
| 265 | p7bio = tmpbio; | ||
| 266 | } | ||
| 267 | |||
| 268 | return 1; | ||
| 269 | |||
| 270 | } | ||
| 271 | |||
| 234 | /* SMIME reader: handle multipart/signed and opaque signing. | 272 | /* SMIME reader: handle multipart/signed and opaque signing. |
| 235 | * in multipart case the content is placed in a memory BIO | 273 | * in multipart case the content is placed in a memory BIO |
| 236 | * pointed to by "bcont". In opaque this is set to NULL | 274 | * pointed to by "bcont". In opaque this is set to NULL |
| @@ -339,56 +377,6 @@ PKCS7 *SMIME_read_PKCS7(BIO *bio, BIO **bcont) | |||
| 339 | 377 | ||
| 340 | } | 378 | } |
| 341 | 379 | ||
| 342 | /* Copy text from one BIO to another making the output CRLF at EOL */ | ||
| 343 | int SMIME_crlf_copy(BIO *in, BIO *out, int flags) | ||
| 344 | { | ||
| 345 | char eol; | ||
| 346 | int len; | ||
| 347 | char linebuf[MAX_SMLEN]; | ||
| 348 | if(flags & PKCS7_BINARY) { | ||
| 349 | while((len = BIO_read(in, linebuf, MAX_SMLEN)) > 0) | ||
| 350 | BIO_write(out, linebuf, len); | ||
| 351 | return 1; | ||
| 352 | } | ||
| 353 | if(flags & PKCS7_TEXT) BIO_printf(out, "Content-Type: text/plain\r\n\r\n"); | ||
| 354 | while ((len = BIO_gets(in, linebuf, MAX_SMLEN)) > 0) { | ||
| 355 | eol = strip_eol(linebuf, &len); | ||
| 356 | if (len) | ||
| 357 | BIO_write(out, linebuf, len); | ||
| 358 | if(eol) BIO_write(out, "\r\n", 2); | ||
| 359 | } | ||
| 360 | return 1; | ||
| 361 | } | ||
| 362 | |||
| 363 | /* Strip off headers if they are text/plain */ | ||
| 364 | int SMIME_text(BIO *in, BIO *out) | ||
| 365 | { | ||
| 366 | char iobuf[4096]; | ||
| 367 | int len; | ||
| 368 | STACK_OF(MIME_HEADER) *headers; | ||
| 369 | MIME_HEADER *hdr; | ||
| 370 | |||
| 371 | if (!(headers = mime_parse_hdr(in))) { | ||
| 372 | PKCS7err(PKCS7_F_SMIME_TEXT,PKCS7_R_MIME_PARSE_ERROR); | ||
| 373 | return 0; | ||
| 374 | } | ||
| 375 | if(!(hdr = mime_hdr_find(headers, "content-type")) || !hdr->value) { | ||
| 376 | PKCS7err(PKCS7_F_SMIME_TEXT,PKCS7_R_MIME_NO_CONTENT_TYPE); | ||
| 377 | sk_MIME_HEADER_pop_free(headers, mime_hdr_free); | ||
| 378 | return 0; | ||
| 379 | } | ||
| 380 | if (strcmp (hdr->value, "text/plain")) { | ||
| 381 | PKCS7err(PKCS7_F_SMIME_TEXT,PKCS7_R_INVALID_MIME_TYPE); | ||
| 382 | ERR_add_error_data(2, "type: ", hdr->value); | ||
| 383 | sk_MIME_HEADER_pop_free(headers, mime_hdr_free); | ||
| 384 | return 0; | ||
| 385 | } | ||
| 386 | sk_MIME_HEADER_pop_free(headers, mime_hdr_free); | ||
| 387 | while ((len = BIO_read(in, iobuf, sizeof(iobuf))) > 0) | ||
| 388 | BIO_write(out, iobuf, len); | ||
| 389 | return 1; | ||
| 390 | } | ||
| 391 | |||
| 392 | /* Split a multipart/XXX message body into component parts: result is | 380 | /* Split a multipart/XXX message body into component parts: result is |
| 393 | * canonical parts in a STACK of bios | 381 | * canonical parts in a STACK of bios |
| 394 | */ | 382 | */ |
diff --git a/src/lib/libssl/src/crypto/pkcs7/pk7_smime.c b/src/lib/libssl/src/crypto/pkcs7/pk7_smime.c index 99a0d63f38..5c6b0fe24b 100644 --- a/src/lib/libssl/src/crypto/pkcs7/pk7_smime.c +++ b/src/lib/libssl/src/crypto/pkcs7/pk7_smime.c | |||
| @@ -1,9 +1,9 @@ | |||
| 1 | /* pk7_smime.c */ | 1 | /* pk7_smime.c */ |
| 2 | /* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL | 2 | /* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL |
| 3 | * project 1999. | 3 | * project. |
| 4 | */ | 4 | */ |
| 5 | /* ==================================================================== | 5 | /* ==================================================================== |
| 6 | * Copyright (c) 1999-2003 The OpenSSL Project. All rights reserved. | 6 | * Copyright (c) 1999-2004 The OpenSSL Project. All rights reserved. |
| 7 | * | 7 | * |
| 8 | * Redistribution and use in source and binary forms, with or without | 8 | * Redistribution and use in source and binary forms, with or without |
| 9 | * modification, are permitted provided that the following conditions | 9 | * modification, are permitted provided that the following conditions |
| @@ -66,10 +66,10 @@ | |||
| 66 | PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs, | 66 | PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs, |
| 67 | BIO *data, int flags) | 67 | BIO *data, int flags) |
| 68 | { | 68 | { |
| 69 | PKCS7 *p7; | 69 | PKCS7 *p7 = NULL; |
| 70 | PKCS7_SIGNER_INFO *si; | 70 | PKCS7_SIGNER_INFO *si; |
| 71 | BIO *p7bio; | 71 | BIO *p7bio = NULL; |
| 72 | STACK_OF(X509_ALGOR) *smcap; | 72 | STACK_OF(X509_ALGOR) *smcap = NULL; |
| 73 | int i; | 73 | int i; |
| 74 | 74 | ||
| 75 | if(!X509_check_private_key(signcert, pkey)) { | 75 | if(!X509_check_private_key(signcert, pkey)) { |
| @@ -82,66 +82,87 @@ PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs, | |||
| 82 | return NULL; | 82 | return NULL; |
| 83 | } | 83 | } |
| 84 | 84 | ||
| 85 | PKCS7_set_type(p7, NID_pkcs7_signed); | 85 | if (!PKCS7_set_type(p7, NID_pkcs7_signed)) |
| 86 | goto err; | ||
| 86 | 87 | ||
| 87 | PKCS7_content_new(p7, NID_pkcs7_data); | 88 | if (!PKCS7_content_new(p7, NID_pkcs7_data)) |
| 89 | goto err; | ||
| 88 | 90 | ||
| 89 | if (!(si = PKCS7_add_signature(p7,signcert,pkey,EVP_sha1()))) { | 91 | if (!(si = PKCS7_add_signature(p7,signcert,pkey,EVP_sha1()))) { |
| 90 | PKCS7err(PKCS7_F_PKCS7_SIGN,PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR); | 92 | PKCS7err(PKCS7_F_PKCS7_SIGN,PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR); |
| 91 | return NULL; | 93 | goto err; |
| 92 | } | 94 | } |
| 93 | 95 | ||
| 94 | if(!(flags & PKCS7_NOCERTS)) { | 96 | if(!(flags & PKCS7_NOCERTS)) { |
| 95 | PKCS7_add_certificate(p7, signcert); | 97 | if (!PKCS7_add_certificate(p7, signcert)) |
| 98 | goto err; | ||
| 96 | if(certs) for(i = 0; i < sk_X509_num(certs); i++) | 99 | if(certs) for(i = 0; i < sk_X509_num(certs); i++) |
| 97 | PKCS7_add_certificate(p7, sk_X509_value(certs, i)); | 100 | if (!PKCS7_add_certificate(p7, sk_X509_value(certs, i))) |
| 98 | } | 101 | goto err; |
| 99 | |||
| 100 | if(!(p7bio = PKCS7_dataInit(p7, NULL))) { | ||
| 101 | PKCS7err(PKCS7_F_PKCS7_SIGN,ERR_R_MALLOC_FAILURE); | ||
| 102 | return NULL; | ||
| 103 | } | 102 | } |
| 104 | 103 | ||
| 105 | |||
| 106 | SMIME_crlf_copy(data, p7bio, flags); | ||
| 107 | |||
| 108 | if(!(flags & PKCS7_NOATTR)) { | 104 | if(!(flags & PKCS7_NOATTR)) { |
| 109 | PKCS7_add_signed_attribute(si, NID_pkcs9_contentType, | 105 | if (!PKCS7_add_signed_attribute(si, NID_pkcs9_contentType, |
| 110 | V_ASN1_OBJECT, OBJ_nid2obj(NID_pkcs7_data)); | 106 | V_ASN1_OBJECT, OBJ_nid2obj(NID_pkcs7_data))) |
| 107 | goto err; | ||
| 111 | /* Add SMIMECapabilities */ | 108 | /* Add SMIMECapabilities */ |
| 112 | if(!(flags & PKCS7_NOSMIMECAP)) | 109 | if(!(flags & PKCS7_NOSMIMECAP)) |
| 113 | { | 110 | { |
| 114 | if(!(smcap = sk_X509_ALGOR_new_null())) { | 111 | if(!(smcap = sk_X509_ALGOR_new_null())) { |
| 115 | PKCS7err(PKCS7_F_PKCS7_SIGN,ERR_R_MALLOC_FAILURE); | 112 | PKCS7err(PKCS7_F_PKCS7_SIGN,ERR_R_MALLOC_FAILURE); |
| 116 | return NULL; | 113 | goto err; |
| 117 | } | 114 | } |
| 118 | #ifndef OPENSSL_NO_DES | 115 | #ifndef OPENSSL_NO_DES |
| 119 | PKCS7_simple_smimecap (smcap, NID_des_ede3_cbc, -1); | 116 | if (!PKCS7_simple_smimecap (smcap, NID_des_ede3_cbc, -1)) |
| 117 | goto err; | ||
| 120 | #endif | 118 | #endif |
| 121 | #ifndef OPENSSL_NO_RC2 | 119 | #ifndef OPENSSL_NO_RC2 |
| 122 | PKCS7_simple_smimecap (smcap, NID_rc2_cbc, 128); | 120 | if (!PKCS7_simple_smimecap (smcap, NID_rc2_cbc, 128)) |
| 123 | PKCS7_simple_smimecap (smcap, NID_rc2_cbc, 64); | 121 | goto err; |
| 122 | if (!PKCS7_simple_smimecap (smcap, NID_rc2_cbc, 64)) | ||
| 123 | goto err; | ||
| 124 | #endif | 124 | #endif |
| 125 | #ifndef OPENSSL_NO_DES | 125 | #ifndef OPENSSL_NO_DES |
| 126 | PKCS7_simple_smimecap (smcap, NID_des_cbc, -1); | 126 | if (!PKCS7_simple_smimecap (smcap, NID_des_cbc, -1)) |
| 127 | goto err; | ||
| 127 | #endif | 128 | #endif |
| 128 | #ifndef OPENSSL_NO_RC2 | 129 | #ifndef OPENSSL_NO_RC2 |
| 129 | PKCS7_simple_smimecap (smcap, NID_rc2_cbc, 40); | 130 | if (!PKCS7_simple_smimecap (smcap, NID_rc2_cbc, 40)) |
| 131 | goto err; | ||
| 130 | #endif | 132 | #endif |
| 131 | PKCS7_add_attrib_smimecap (si, smcap); | 133 | if (!PKCS7_add_attrib_smimecap (si, smcap)) |
| 134 | goto err; | ||
| 132 | sk_X509_ALGOR_pop_free(smcap, X509_ALGOR_free); | 135 | sk_X509_ALGOR_pop_free(smcap, X509_ALGOR_free); |
| 136 | smcap = NULL; | ||
| 133 | } | 137 | } |
| 134 | } | 138 | } |
| 135 | 139 | ||
| 136 | if(flags & PKCS7_DETACHED)PKCS7_set_detached(p7, 1); | 140 | if(flags & PKCS7_DETACHED)PKCS7_set_detached(p7, 1); |
| 137 | 141 | ||
| 138 | if (!PKCS7_dataFinal(p7,p7bio)) { | 142 | if (flags & PKCS7_STREAM) |
| 143 | return p7; | ||
| 144 | |||
| 145 | |||
| 146 | if (!(p7bio = PKCS7_dataInit(p7, NULL))) { | ||
| 147 | PKCS7err(PKCS7_F_PKCS7_SIGN,ERR_R_MALLOC_FAILURE); | ||
| 148 | goto err; | ||
| 149 | } | ||
| 150 | |||
| 151 | SMIME_crlf_copy(data, p7bio, flags); | ||
| 152 | |||
| 153 | |||
| 154 | if (!PKCS7_dataFinal(p7,p7bio)) { | ||
| 139 | PKCS7err(PKCS7_F_PKCS7_SIGN,PKCS7_R_PKCS7_DATASIGN); | 155 | PKCS7err(PKCS7_F_PKCS7_SIGN,PKCS7_R_PKCS7_DATASIGN); |
| 140 | return NULL; | 156 | goto err; |
| 141 | } | 157 | } |
| 142 | 158 | ||
| 143 | BIO_free_all(p7bio); | 159 | BIO_free_all(p7bio); |
| 144 | return p7; | 160 | return p7; |
| 161 | err: | ||
| 162 | sk_X509_ALGOR_pop_free(smcap, X509_ALGOR_free); | ||
| 163 | BIO_free_all(p7bio); | ||
| 164 | PKCS7_free(p7); | ||
| 165 | return NULL; | ||
| 145 | } | 166 | } |
| 146 | 167 | ||
| 147 | int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, | 168 | int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, |
| @@ -215,6 +236,8 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, | |||
| 215 | sk_X509_free(signers); | 236 | sk_X509_free(signers); |
| 216 | return 0; | 237 | return 0; |
| 217 | } | 238 | } |
| 239 | if (!(flags & PKCS7_NOCRL)) | ||
| 240 | X509_STORE_CTX_set0_crls(&cert_ctx, p7->d.sign->crl); | ||
| 218 | i = X509_verify_cert(&cert_ctx); | 241 | i = X509_verify_cert(&cert_ctx); |
| 219 | if (i <= 0) j = X509_STORE_CTX_get_error(&cert_ctx); | 242 | if (i <= 0) j = X509_STORE_CTX_get_error(&cert_ctx); |
| 220 | X509_STORE_CTX_cleanup(&cert_ctx); | 243 | X509_STORE_CTX_cleanup(&cert_ctx); |
| @@ -251,7 +274,8 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, | |||
| 251 | tmpin = indata; | 274 | tmpin = indata; |
| 252 | 275 | ||
| 253 | 276 | ||
| 254 | p7bio=PKCS7_dataInit(p7,tmpin); | 277 | if (!(p7bio=PKCS7_dataInit(p7,tmpin))) |
| 278 | goto err; | ||
| 255 | 279 | ||
| 256 | if(flags & PKCS7_TEXT) { | 280 | if(flags & PKCS7_TEXT) { |
| 257 | if(!(tmpout = BIO_new(BIO_s_mem()))) { | 281 | if(!(tmpout = BIO_new(BIO_s_mem()))) { |
| @@ -330,7 +354,7 @@ STACK_OF(X509) *PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs, int flags) | |||
| 330 | 354 | ||
| 331 | if(sk_PKCS7_SIGNER_INFO_num(sinfos) <= 0) { | 355 | if(sk_PKCS7_SIGNER_INFO_num(sinfos) <= 0) { |
| 332 | PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS,PKCS7_R_NO_SIGNERS); | 356 | PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS,PKCS7_R_NO_SIGNERS); |
| 333 | return 0; | 357 | return NULL; |
| 334 | } | 358 | } |
| 335 | 359 | ||
| 336 | if(!(signers = sk_X509_new_null())) { | 360 | if(!(signers = sk_X509_new_null())) { |
| @@ -353,10 +377,13 @@ STACK_OF(X509) *PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs, int flags) | |||
| 353 | if (!signer) { | 377 | if (!signer) { |
| 354 | PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS,PKCS7_R_SIGNER_CERTIFICATE_NOT_FOUND); | 378 | PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS,PKCS7_R_SIGNER_CERTIFICATE_NOT_FOUND); |
| 355 | sk_X509_free(signers); | 379 | sk_X509_free(signers); |
| 356 | return 0; | 380 | return NULL; |
| 357 | } | 381 | } |
| 358 | 382 | ||
| 359 | sk_X509_push(signers, signer); | 383 | if (!sk_X509_push(signers, signer)) { |
| 384 | sk_X509_free(signers); | ||
| 385 | return NULL; | ||
| 386 | } | ||
| 360 | } | 387 | } |
| 361 | return signers; | 388 | return signers; |
| 362 | } | 389 | } |
| @@ -376,7 +403,8 @@ PKCS7 *PKCS7_encrypt(STACK_OF(X509) *certs, BIO *in, const EVP_CIPHER *cipher, | |||
| 376 | return NULL; | 403 | return NULL; |
| 377 | } | 404 | } |
| 378 | 405 | ||
| 379 | PKCS7_set_type(p7, NID_pkcs7_enveloped); | 406 | if (!PKCS7_set_type(p7, NID_pkcs7_enveloped)) |
| 407 | goto err; | ||
| 380 | if(!PKCS7_set_cipher(p7, cipher)) { | 408 | if(!PKCS7_set_cipher(p7, cipher)) { |
| 381 | PKCS7err(PKCS7_F_PKCS7_ENCRYPT,PKCS7_R_ERROR_SETTING_CIPHER); | 409 | PKCS7err(PKCS7_F_PKCS7_ENCRYPT,PKCS7_R_ERROR_SETTING_CIPHER); |
| 382 | goto err; | 410 | goto err; |
| @@ -398,7 +426,7 @@ PKCS7 *PKCS7_encrypt(STACK_OF(X509) *certs, BIO *in, const EVP_CIPHER *cipher, | |||
| 398 | 426 | ||
| 399 | SMIME_crlf_copy(in, p7bio, flags); | 427 | SMIME_crlf_copy(in, p7bio, flags); |
| 400 | 428 | ||
| 401 | BIO_flush(p7bio); | 429 | (void)BIO_flush(p7bio); |
| 402 | 430 | ||
| 403 | if (!PKCS7_dataFinal(p7,p7bio)) { | 431 | if (!PKCS7_dataFinal(p7,p7bio)) { |
| 404 | PKCS7err(PKCS7_F_PKCS7_ENCRYPT,PKCS7_R_PKCS7_DATAFINAL_ERROR); | 432 | PKCS7err(PKCS7_F_PKCS7_ENCRYPT,PKCS7_R_PKCS7_DATAFINAL_ERROR); |
| @@ -410,7 +438,7 @@ PKCS7 *PKCS7_encrypt(STACK_OF(X509) *certs, BIO *in, const EVP_CIPHER *cipher, | |||
| 410 | 438 | ||
| 411 | err: | 439 | err: |
| 412 | 440 | ||
| 413 | BIO_free(p7bio); | 441 | BIO_free_all(p7bio); |
| 414 | PKCS7_free(p7); | 442 | PKCS7_free(p7); |
| 415 | return NULL; | 443 | return NULL; |
| 416 | 444 | ||
| @@ -432,7 +460,7 @@ int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, int flags) | |||
| 432 | return 0; | 460 | return 0; |
| 433 | } | 461 | } |
| 434 | 462 | ||
| 435 | if(!X509_check_private_key(cert, pkey)) { | 463 | if(cert && !X509_check_private_key(cert, pkey)) { |
| 436 | PKCS7err(PKCS7_F_PKCS7_DECRYPT, | 464 | PKCS7err(PKCS7_F_PKCS7_DECRYPT, |
| 437 | PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE); | 465 | PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE); |
| 438 | return 0; | 466 | return 0; |
| @@ -448,10 +476,13 @@ int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, int flags) | |||
| 448 | /* Encrypt BIOs can't do BIO_gets() so add a buffer BIO */ | 476 | /* Encrypt BIOs can't do BIO_gets() so add a buffer BIO */ |
| 449 | if(!(tmpbuf = BIO_new(BIO_f_buffer()))) { | 477 | if(!(tmpbuf = BIO_new(BIO_f_buffer()))) { |
| 450 | PKCS7err(PKCS7_F_PKCS7_DECRYPT, ERR_R_MALLOC_FAILURE); | 478 | PKCS7err(PKCS7_F_PKCS7_DECRYPT, ERR_R_MALLOC_FAILURE); |
| 479 | BIO_free_all(tmpmem); | ||
| 451 | return 0; | 480 | return 0; |
| 452 | } | 481 | } |
| 453 | if(!(bread = BIO_push(tmpbuf, tmpmem))) { | 482 | if(!(bread = BIO_push(tmpbuf, tmpmem))) { |
| 454 | PKCS7err(PKCS7_F_PKCS7_DECRYPT, ERR_R_MALLOC_FAILURE); | 483 | PKCS7err(PKCS7_F_PKCS7_DECRYPT, ERR_R_MALLOC_FAILURE); |
| 484 | BIO_free_all(tmpbuf); | ||
| 485 | BIO_free_all(tmpmem); | ||
| 455 | return 0; | 486 | return 0; |
| 456 | } | 487 | } |
| 457 | ret = SMIME_text(bread, data); | 488 | ret = SMIME_text(bread, data); |
diff --git a/src/lib/libssl/src/crypto/pkcs7/pkcs7.h b/src/lib/libssl/src/crypto/pkcs7/pkcs7.h index 15372e18f8..cc092d262d 100644 --- a/src/lib/libssl/src/crypto/pkcs7/pkcs7.h +++ b/src/lib/libssl/src/crypto/pkcs7/pkcs7.h | |||
| @@ -233,6 +233,8 @@ DECLARE_PKCS12_STACK_OF(PKCS7) | |||
| 233 | (OBJ_obj2nid((a)->type) == NID_pkcs7_signedAndEnveloped) | 233 | (OBJ_obj2nid((a)->type) == NID_pkcs7_signedAndEnveloped) |
| 234 | #define PKCS7_type_is_data(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_data) | 234 | #define PKCS7_type_is_data(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_data) |
| 235 | 235 | ||
| 236 | #define PKCS7_type_is_digest(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_digest) | ||
| 237 | |||
| 236 | #define PKCS7_set_detached(p,v) \ | 238 | #define PKCS7_set_detached(p,v) \ |
| 237 | PKCS7_ctrl(p,PKCS7_OP_SET_DETACHED_SIGNATURE,v,NULL) | 239 | PKCS7_ctrl(p,PKCS7_OP_SET_DETACHED_SIGNATURE,v,NULL) |
| 238 | #define PKCS7_get_detached(p) \ | 240 | #define PKCS7_get_detached(p) \ |
| @@ -262,6 +264,8 @@ DECLARE_PKCS12_STACK_OF(PKCS7) | |||
| 262 | #define PKCS7_NOSMIMECAP 0x200 | 264 | #define PKCS7_NOSMIMECAP 0x200 |
| 263 | #define PKCS7_NOOLDMIMETYPE 0x400 | 265 | #define PKCS7_NOOLDMIMETYPE 0x400 |
| 264 | #define PKCS7_CRLFEOL 0x800 | 266 | #define PKCS7_CRLFEOL 0x800 |
| 267 | #define PKCS7_STREAM 0x1000 | ||
| 268 | #define PKCS7_NOCRL 0x2000 | ||
| 265 | 269 | ||
| 266 | /* Flags: for compatibility with older code */ | 270 | /* Flags: for compatibility with older code */ |
| 267 | 271 | ||
| @@ -302,10 +306,12 @@ DECLARE_ASN1_FUNCTIONS(PKCS7) | |||
| 302 | DECLARE_ASN1_ITEM(PKCS7_ATTR_SIGN) | 306 | DECLARE_ASN1_ITEM(PKCS7_ATTR_SIGN) |
| 303 | DECLARE_ASN1_ITEM(PKCS7_ATTR_VERIFY) | 307 | DECLARE_ASN1_ITEM(PKCS7_ATTR_VERIFY) |
| 304 | 308 | ||
| 309 | DECLARE_ASN1_NDEF_FUNCTION(PKCS7) | ||
| 305 | 310 | ||
| 306 | long PKCS7_ctrl(PKCS7 *p7, int cmd, long larg, char *parg); | 311 | long PKCS7_ctrl(PKCS7 *p7, int cmd, long larg, char *parg); |
| 307 | 312 | ||
| 308 | int PKCS7_set_type(PKCS7 *p7, int type); | 313 | int PKCS7_set_type(PKCS7 *p7, int type); |
| 314 | int PKCS7_set0_type_other(PKCS7 *p7, int type, ASN1_TYPE *other); | ||
| 309 | int PKCS7_set_content(PKCS7 *p7, PKCS7 *p7_data); | 315 | int PKCS7_set_content(PKCS7 *p7, PKCS7 *p7_data); |
| 310 | int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey, | 316 | int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey, |
| 311 | const EVP_MD *dgst); | 317 | const EVP_MD *dgst); |
| @@ -326,6 +332,7 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert); | |||
| 326 | PKCS7_SIGNER_INFO *PKCS7_add_signature(PKCS7 *p7, X509 *x509, | 332 | PKCS7_SIGNER_INFO *PKCS7_add_signature(PKCS7 *p7, X509 *x509, |
| 327 | EVP_PKEY *pkey, const EVP_MD *dgst); | 333 | EVP_PKEY *pkey, const EVP_MD *dgst); |
| 328 | X509 *PKCS7_cert_from_signer_info(PKCS7 *p7, PKCS7_SIGNER_INFO *si); | 334 | X509 *PKCS7_cert_from_signer_info(PKCS7 *p7, PKCS7_SIGNER_INFO *si); |
| 335 | int PKCS7_set_digest(PKCS7 *p7, const EVP_MD *md); | ||
| 329 | STACK_OF(PKCS7_SIGNER_INFO) *PKCS7_get_signer_info(PKCS7 *p7); | 336 | STACK_OF(PKCS7_SIGNER_INFO) *PKCS7_get_signer_info(PKCS7 *p7); |
| 330 | 337 | ||
| 331 | PKCS7_RECIP_INFO *PKCS7_add_recipient(PKCS7 *p7, X509 *x509); | 338 | PKCS7_RECIP_INFO *PKCS7_add_recipient(PKCS7 *p7, X509 *x509); |
| @@ -381,16 +388,20 @@ void ERR_load_PKCS7_strings(void); | |||
| 381 | #define PKCS7_F_PKCS7_ADD_CRL 101 | 388 | #define PKCS7_F_PKCS7_ADD_CRL 101 |
| 382 | #define PKCS7_F_PKCS7_ADD_RECIPIENT_INFO 102 | 389 | #define PKCS7_F_PKCS7_ADD_RECIPIENT_INFO 102 |
| 383 | #define PKCS7_F_PKCS7_ADD_SIGNER 103 | 390 | #define PKCS7_F_PKCS7_ADD_SIGNER 103 |
| 391 | #define PKCS7_F_PKCS7_BIO_ADD_DIGEST 125 | ||
| 384 | #define PKCS7_F_PKCS7_CTRL 104 | 392 | #define PKCS7_F_PKCS7_CTRL 104 |
| 385 | #define PKCS7_F_PKCS7_DATADECODE 112 | 393 | #define PKCS7_F_PKCS7_DATADECODE 112 |
| 394 | #define PKCS7_F_PKCS7_DATAFINAL 128 | ||
| 386 | #define PKCS7_F_PKCS7_DATAINIT 105 | 395 | #define PKCS7_F_PKCS7_DATAINIT 105 |
| 387 | #define PKCS7_F_PKCS7_DATASIGN 106 | 396 | #define PKCS7_F_PKCS7_DATASIGN 106 |
| 388 | #define PKCS7_F_PKCS7_DATAVERIFY 107 | 397 | #define PKCS7_F_PKCS7_DATAVERIFY 107 |
| 389 | #define PKCS7_F_PKCS7_DECRYPT 114 | 398 | #define PKCS7_F_PKCS7_DECRYPT 114 |
| 390 | #define PKCS7_F_PKCS7_ENCRYPT 115 | 399 | #define PKCS7_F_PKCS7_ENCRYPT 115 |
| 400 | #define PKCS7_F_PKCS7_FIND_DIGEST 127 | ||
| 391 | #define PKCS7_F_PKCS7_GET0_SIGNERS 124 | 401 | #define PKCS7_F_PKCS7_GET0_SIGNERS 124 |
| 392 | #define PKCS7_F_PKCS7_SET_CIPHER 108 | 402 | #define PKCS7_F_PKCS7_SET_CIPHER 108 |
| 393 | #define PKCS7_F_PKCS7_SET_CONTENT 109 | 403 | #define PKCS7_F_PKCS7_SET_CONTENT 109 |
| 404 | #define PKCS7_F_PKCS7_SET_DIGEST 126 | ||
| 394 | #define PKCS7_F_PKCS7_SET_TYPE 110 | 405 | #define PKCS7_F_PKCS7_SET_TYPE 110 |
| 395 | #define PKCS7_F_PKCS7_SIGN 116 | 406 | #define PKCS7_F_PKCS7_SIGN 116 |
| 396 | #define PKCS7_F_PKCS7_SIGNATUREVERIFY 113 | 407 | #define PKCS7_F_PKCS7_SIGNATUREVERIFY 113 |
| @@ -421,13 +432,15 @@ void ERR_load_PKCS7_strings(void); | |||
| 421 | #define PKCS7_R_NO_MULTIPART_BODY_FAILURE 136 | 432 | #define PKCS7_R_NO_MULTIPART_BODY_FAILURE 136 |
| 422 | #define PKCS7_R_NO_MULTIPART_BOUNDARY 137 | 433 | #define PKCS7_R_NO_MULTIPART_BOUNDARY 137 |
| 423 | #define PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE 115 | 434 | #define PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE 115 |
| 435 | #define PKCS7_R_NO_RECIPIENT_MATCHES_KEY 146 | ||
| 424 | #define PKCS7_R_NO_SIGNATURES_ON_DATA 123 | 436 | #define PKCS7_R_NO_SIGNATURES_ON_DATA 123 |
| 425 | #define PKCS7_R_NO_SIGNERS 142 | 437 | #define PKCS7_R_NO_SIGNERS 142 |
| 426 | #define PKCS7_R_NO_SIG_CONTENT_TYPE 138 | 438 | #define PKCS7_R_NO_SIG_CONTENT_TYPE 138 |
| 427 | #define PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE 104 | 439 | #define PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE 104 |
| 428 | #define PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR 124 | 440 | #define PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR 124 |
| 441 | #define PKCS7_R_PKCS7_DATAFINAL 126 | ||
| 429 | #define PKCS7_R_PKCS7_DATAFINAL_ERROR 125 | 442 | #define PKCS7_R_PKCS7_DATAFINAL_ERROR 125 |
| 430 | #define PKCS7_R_PKCS7_DATASIGN 126 | 443 | #define PKCS7_R_PKCS7_DATASIGN 145 |
| 431 | #define PKCS7_R_PKCS7_PARSE_ERROR 139 | 444 | #define PKCS7_R_PKCS7_PARSE_ERROR 139 |
| 432 | #define PKCS7_R_PKCS7_SIG_PARSE_ERROR 140 | 445 | #define PKCS7_R_PKCS7_SIG_PARSE_ERROR 140 |
| 433 | #define PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE 127 | 446 | #define PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE 127 |
diff --git a/src/lib/libssl/src/crypto/pkcs7/pkcs7err.c b/src/lib/libssl/src/crypto/pkcs7/pkcs7err.c index 19894c80a4..c0e3d4cd33 100644 --- a/src/lib/libssl/src/crypto/pkcs7/pkcs7err.c +++ b/src/lib/libssl/src/crypto/pkcs7/pkcs7err.c | |||
| @@ -77,16 +77,20 @@ static ERR_STRING_DATA PKCS7_str_functs[]= | |||
| 77 | {ERR_FUNC(PKCS7_F_PKCS7_ADD_CRL), "PKCS7_add_crl"}, | 77 | {ERR_FUNC(PKCS7_F_PKCS7_ADD_CRL), "PKCS7_add_crl"}, |
| 78 | {ERR_FUNC(PKCS7_F_PKCS7_ADD_RECIPIENT_INFO), "PKCS7_add_recipient_info"}, | 78 | {ERR_FUNC(PKCS7_F_PKCS7_ADD_RECIPIENT_INFO), "PKCS7_add_recipient_info"}, |
| 79 | {ERR_FUNC(PKCS7_F_PKCS7_ADD_SIGNER), "PKCS7_add_signer"}, | 79 | {ERR_FUNC(PKCS7_F_PKCS7_ADD_SIGNER), "PKCS7_add_signer"}, |
| 80 | {ERR_FUNC(PKCS7_F_PKCS7_BIO_ADD_DIGEST), "PKCS7_BIO_ADD_DIGEST"}, | ||
| 80 | {ERR_FUNC(PKCS7_F_PKCS7_CTRL), "PKCS7_ctrl"}, | 81 | {ERR_FUNC(PKCS7_F_PKCS7_CTRL), "PKCS7_ctrl"}, |
| 81 | {ERR_FUNC(PKCS7_F_PKCS7_DATADECODE), "PKCS7_dataDecode"}, | 82 | {ERR_FUNC(PKCS7_F_PKCS7_DATADECODE), "PKCS7_dataDecode"}, |
| 83 | {ERR_FUNC(PKCS7_F_PKCS7_DATAFINAL), "PKCS7_dataFinal"}, | ||
| 82 | {ERR_FUNC(PKCS7_F_PKCS7_DATAINIT), "PKCS7_dataInit"}, | 84 | {ERR_FUNC(PKCS7_F_PKCS7_DATAINIT), "PKCS7_dataInit"}, |
| 83 | {ERR_FUNC(PKCS7_F_PKCS7_DATASIGN), "PKCS7_DATASIGN"}, | 85 | {ERR_FUNC(PKCS7_F_PKCS7_DATASIGN), "PKCS7_DATASIGN"}, |
| 84 | {ERR_FUNC(PKCS7_F_PKCS7_DATAVERIFY), "PKCS7_dataVerify"}, | 86 | {ERR_FUNC(PKCS7_F_PKCS7_DATAVERIFY), "PKCS7_dataVerify"}, |
| 85 | {ERR_FUNC(PKCS7_F_PKCS7_DECRYPT), "PKCS7_decrypt"}, | 87 | {ERR_FUNC(PKCS7_F_PKCS7_DECRYPT), "PKCS7_decrypt"}, |
| 86 | {ERR_FUNC(PKCS7_F_PKCS7_ENCRYPT), "PKCS7_encrypt"}, | 88 | {ERR_FUNC(PKCS7_F_PKCS7_ENCRYPT), "PKCS7_encrypt"}, |
| 89 | {ERR_FUNC(PKCS7_F_PKCS7_FIND_DIGEST), "PKCS7_FIND_DIGEST"}, | ||
| 87 | {ERR_FUNC(PKCS7_F_PKCS7_GET0_SIGNERS), "PKCS7_get0_signers"}, | 90 | {ERR_FUNC(PKCS7_F_PKCS7_GET0_SIGNERS), "PKCS7_get0_signers"}, |
| 88 | {ERR_FUNC(PKCS7_F_PKCS7_SET_CIPHER), "PKCS7_set_cipher"}, | 91 | {ERR_FUNC(PKCS7_F_PKCS7_SET_CIPHER), "PKCS7_set_cipher"}, |
| 89 | {ERR_FUNC(PKCS7_F_PKCS7_SET_CONTENT), "PKCS7_set_content"}, | 92 | {ERR_FUNC(PKCS7_F_PKCS7_SET_CONTENT), "PKCS7_set_content"}, |
| 93 | {ERR_FUNC(PKCS7_F_PKCS7_SET_DIGEST), "PKCS7_set_digest"}, | ||
| 90 | {ERR_FUNC(PKCS7_F_PKCS7_SET_TYPE), "PKCS7_set_type"}, | 94 | {ERR_FUNC(PKCS7_F_PKCS7_SET_TYPE), "PKCS7_set_type"}, |
| 91 | {ERR_FUNC(PKCS7_F_PKCS7_SIGN), "PKCS7_sign"}, | 95 | {ERR_FUNC(PKCS7_F_PKCS7_SIGN), "PKCS7_sign"}, |
| 92 | {ERR_FUNC(PKCS7_F_PKCS7_SIGNATUREVERIFY), "PKCS7_signatureVerify"}, | 96 | {ERR_FUNC(PKCS7_F_PKCS7_SIGNATUREVERIFY), "PKCS7_signatureVerify"}, |
| @@ -120,11 +124,13 @@ static ERR_STRING_DATA PKCS7_str_reasons[]= | |||
| 120 | {ERR_REASON(PKCS7_R_NO_MULTIPART_BODY_FAILURE),"no multipart body failure"}, | 124 | {ERR_REASON(PKCS7_R_NO_MULTIPART_BODY_FAILURE),"no multipart body failure"}, |
| 121 | {ERR_REASON(PKCS7_R_NO_MULTIPART_BOUNDARY),"no multipart boundary"}, | 125 | {ERR_REASON(PKCS7_R_NO_MULTIPART_BOUNDARY),"no multipart boundary"}, |
| 122 | {ERR_REASON(PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE),"no recipient matches certificate"}, | 126 | {ERR_REASON(PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE),"no recipient matches certificate"}, |
| 127 | {ERR_REASON(PKCS7_R_NO_RECIPIENT_MATCHES_KEY),"no recipient matches key"}, | ||
| 123 | {ERR_REASON(PKCS7_R_NO_SIGNATURES_ON_DATA),"no signatures on data"}, | 128 | {ERR_REASON(PKCS7_R_NO_SIGNATURES_ON_DATA),"no signatures on data"}, |
| 124 | {ERR_REASON(PKCS7_R_NO_SIGNERS) ,"no signers"}, | 129 | {ERR_REASON(PKCS7_R_NO_SIGNERS) ,"no signers"}, |
| 125 | {ERR_REASON(PKCS7_R_NO_SIG_CONTENT_TYPE) ,"no sig content type"}, | 130 | {ERR_REASON(PKCS7_R_NO_SIG_CONTENT_TYPE) ,"no sig content type"}, |
| 126 | {ERR_REASON(PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE),"operation not supported on this type"}, | 131 | {ERR_REASON(PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE),"operation not supported on this type"}, |
| 127 | {ERR_REASON(PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR),"pkcs7 add signature error"}, | 132 | {ERR_REASON(PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR),"pkcs7 add signature error"}, |
| 133 | {ERR_REASON(PKCS7_R_PKCS7_DATAFINAL) ,"pkcs7 datafinal"}, | ||
| 128 | {ERR_REASON(PKCS7_R_PKCS7_DATAFINAL_ERROR),"pkcs7 datafinal error"}, | 134 | {ERR_REASON(PKCS7_R_PKCS7_DATAFINAL_ERROR),"pkcs7 datafinal error"}, |
| 129 | {ERR_REASON(PKCS7_R_PKCS7_DATASIGN) ,"pkcs7 datasign"}, | 135 | {ERR_REASON(PKCS7_R_PKCS7_DATASIGN) ,"pkcs7 datasign"}, |
| 130 | {ERR_REASON(PKCS7_R_PKCS7_PARSE_ERROR) ,"pkcs7 parse error"}, | 136 | {ERR_REASON(PKCS7_R_PKCS7_PARSE_ERROR) ,"pkcs7 parse error"}, |
| @@ -150,15 +156,12 @@ static ERR_STRING_DATA PKCS7_str_reasons[]= | |||
| 150 | 156 | ||
| 151 | void ERR_load_PKCS7_strings(void) | 157 | void ERR_load_PKCS7_strings(void) |
| 152 | { | 158 | { |
| 153 | static int init=1; | 159 | #ifndef OPENSSL_NO_ERR |
| 154 | 160 | ||
| 155 | if (init) | 161 | if (ERR_func_error_string(PKCS7_str_functs[0].error) == NULL) |
| 156 | { | 162 | { |
| 157 | init=0; | ||
| 158 | #ifndef OPENSSL_NO_ERR | ||
| 159 | ERR_load_strings(0,PKCS7_str_functs); | 163 | ERR_load_strings(0,PKCS7_str_functs); |
| 160 | ERR_load_strings(0,PKCS7_str_reasons); | 164 | ERR_load_strings(0,PKCS7_str_reasons); |
| 161 | #endif | ||
| 162 | |||
| 163 | } | 165 | } |
| 166 | #endif | ||
| 164 | } | 167 | } |
diff --git a/src/lib/libssl/src/crypto/rand/md_rand.c b/src/lib/libssl/src/crypto/rand/md_rand.c index c84968df88..9783d0c23e 100644 --- a/src/lib/libssl/src/crypto/rand/md_rand.c +++ b/src/lib/libssl/src/crypto/rand/md_rand.c | |||
| @@ -126,7 +126,6 @@ | |||
| 126 | 126 | ||
| 127 | #include <openssl/crypto.h> | 127 | #include <openssl/crypto.h> |
| 128 | #include <openssl/err.h> | 128 | #include <openssl/err.h> |
| 129 | #include <openssl/fips.h> | ||
| 130 | 129 | ||
| 131 | #ifdef BN_DEBUG | 130 | #ifdef BN_DEBUG |
| 132 | # define PREDICT | 131 | # define PREDICT |
| @@ -153,7 +152,7 @@ static unsigned long locking_thread = 0; /* valid iff crypto_lock_rand is set */ | |||
| 153 | int rand_predictable=0; | 152 | int rand_predictable=0; |
| 154 | #endif | 153 | #endif |
| 155 | 154 | ||
| 156 | const char *RAND_version="RAND" OPENSSL_VERSION_PTEXT; | 155 | const char RAND_version[]="RAND" OPENSSL_VERSION_PTEXT; |
| 157 | 156 | ||
| 158 | static void ssleay_rand_cleanup(void); | 157 | static void ssleay_rand_cleanup(void); |
| 159 | static void ssleay_rand_seed(const void *buf, int num); | 158 | static void ssleay_rand_seed(const void *buf, int num); |
| @@ -301,7 +300,7 @@ static void ssleay_rand_add(const void *buf, int num, double add) | |||
| 301 | * other thread's seeding remains without effect (except for | 300 | * other thread's seeding remains without effect (except for |
| 302 | * the incremented counter). By XORing it we keep at least as | 301 | * the incremented counter). By XORing it we keep at least as |
| 303 | * much entropy as fits into md. */ | 302 | * much entropy as fits into md. */ |
| 304 | for (k = 0; k < sizeof md; k++) | 303 | for (k = 0; k < (int)sizeof(md); k++) |
| 305 | { | 304 | { |
| 306 | md[k] ^= local_md[k]; | 305 | md[k] ^= local_md[k]; |
| 307 | } | 306 | } |
| @@ -316,7 +315,7 @@ static void ssleay_rand_add(const void *buf, int num, double add) | |||
| 316 | 315 | ||
| 317 | static void ssleay_rand_seed(const void *buf, int num) | 316 | static void ssleay_rand_seed(const void *buf, int num) |
| 318 | { | 317 | { |
| 319 | ssleay_rand_add(buf, num, num); | 318 | ssleay_rand_add(buf, num, (double)num); |
| 320 | } | 319 | } |
| 321 | 320 | ||
| 322 | static int ssleay_rand_bytes(unsigned char *buf, int num) | 321 | static int ssleay_rand_bytes(unsigned char *buf, int num) |
| @@ -333,14 +332,6 @@ static int ssleay_rand_bytes(unsigned char *buf, int num) | |||
| 333 | #endif | 332 | #endif |
| 334 | int do_stir_pool = 0; | 333 | int do_stir_pool = 0; |
| 335 | 334 | ||
| 336 | #ifdef OPENSSL_FIPS | ||
| 337 | if(FIPS_mode()) | ||
| 338 | { | ||
| 339 | FIPSerr(FIPS_F_SSLEAY_RAND_BYTES,FIPS_R_NON_FIPS_METHOD); | ||
| 340 | return 0; | ||
| 341 | } | ||
| 342 | #endif | ||
| 343 | |||
| 344 | #ifdef PREDICT | 335 | #ifdef PREDICT |
| 345 | if (rand_predictable) | 336 | if (rand_predictable) |
| 346 | { | 337 | { |
| @@ -529,7 +520,7 @@ static int ssleay_rand_pseudo_bytes(unsigned char *buf, int num) | |||
| 529 | err = ERR_peek_error(); | 520 | err = ERR_peek_error(); |
| 530 | if (ERR_GET_LIB(err) == ERR_LIB_RAND && | 521 | if (ERR_GET_LIB(err) == ERR_LIB_RAND && |
| 531 | ERR_GET_REASON(err) == RAND_R_PRNG_NOT_SEEDED) | 522 | ERR_GET_REASON(err) == RAND_R_PRNG_NOT_SEEDED) |
| 532 | (void)ERR_get_error(); | 523 | ERR_clear_error(); |
| 533 | } | 524 | } |
| 534 | return (ret); | 525 | return (ret); |
| 535 | } | 526 | } |
diff --git a/src/lib/libssl/src/crypto/rand/rand.h b/src/lib/libssl/src/crypto/rand/rand.h index 604df9be6c..ac6c021763 100644 --- a/src/lib/libssl/src/crypto/rand/rand.h +++ b/src/lib/libssl/src/crypto/rand/rand.h | |||
| @@ -72,10 +72,13 @@ extern "C" { | |||
| 72 | #endif | 72 | #endif |
| 73 | 73 | ||
| 74 | #if defined(OPENSSL_FIPS) | 74 | #if defined(OPENSSL_FIPS) |
| 75 | #define FIPS_RAND_SIZE_T int | 75 | #define FIPS_RAND_SIZE_T size_t |
| 76 | #endif | 76 | #endif |
| 77 | 77 | ||
| 78 | typedef struct rand_meth_st | 78 | /* Already defined in ossl_typ.h */ |
| 79 | /* typedef struct rand_meth_st RAND_METHOD; */ | ||
| 80 | |||
| 81 | struct rand_meth_st | ||
| 79 | { | 82 | { |
| 80 | void (*seed)(const void *buf, int num); | 83 | void (*seed)(const void *buf, int num); |
| 81 | int (*bytes)(unsigned char *buf, int num); | 84 | int (*bytes)(unsigned char *buf, int num); |
| @@ -83,7 +86,7 @@ typedef struct rand_meth_st | |||
| 83 | void (*add)(const void *buf, int num, double entropy); | 86 | void (*add)(const void *buf, int num, double entropy); |
| 84 | int (*pseudorand)(unsigned char *buf, int num); | 87 | int (*pseudorand)(unsigned char *buf, int num); |
| 85 | int (*status)(void); | 88 | int (*status)(void); |
| 86 | } RAND_METHOD; | 89 | }; |
| 87 | 90 | ||
| 88 | #ifdef BN_DEBUG | 91 | #ifdef BN_DEBUG |
| 89 | extern int rand_predictable; | 92 | extern int rand_predictable; |
| @@ -125,17 +128,11 @@ void ERR_load_RAND_strings(void); | |||
| 125 | /* Error codes for the RAND functions. */ | 128 | /* Error codes for the RAND functions. */ |
| 126 | 129 | ||
| 127 | /* Function codes. */ | 130 | /* Function codes. */ |
| 128 | #define RAND_F_FIPS_RAND_BYTES 102 | ||
| 129 | #define RAND_F_RAND_GET_RAND_METHOD 101 | 131 | #define RAND_F_RAND_GET_RAND_METHOD 101 |
| 130 | #define RAND_F_SSLEAY_RAND_BYTES 100 | 132 | #define RAND_F_SSLEAY_RAND_BYTES 100 |
| 131 | 133 | ||
| 132 | /* Reason codes. */ | 134 | /* Reason codes. */ |
| 133 | #define RAND_R_NON_FIPS_METHOD 101 | ||
| 134 | #define RAND_R_PRNG_ASKING_FOR_TOO_MUCH 105 | ||
| 135 | #define RAND_R_PRNG_NOT_REKEYED 103 | ||
| 136 | #define RAND_R_PRNG_NOT_RESEEDED 104 | ||
| 137 | #define RAND_R_PRNG_NOT_SEEDED 100 | 135 | #define RAND_R_PRNG_NOT_SEEDED 100 |
| 138 | #define RAND_R_PRNG_STUCK 102 | ||
| 139 | 136 | ||
| 140 | #ifdef __cplusplus | 137 | #ifdef __cplusplus |
| 141 | } | 138 | } |
diff --git a/src/lib/libssl/src/crypto/rand/rand_egd.c b/src/lib/libssl/src/crypto/rand/rand_egd.c index cd666abfcb..50bce6caba 100644 --- a/src/lib/libssl/src/crypto/rand/rand_egd.c +++ b/src/lib/libssl/src/crypto/rand/rand_egd.c | |||
| @@ -95,7 +95,7 @@ | |||
| 95 | * RAND_egd() is a wrapper for RAND_egd_bytes() with numbytes=255. | 95 | * RAND_egd() is a wrapper for RAND_egd_bytes() with numbytes=255. |
| 96 | */ | 96 | */ |
| 97 | 97 | ||
| 98 | #if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_VOS) | 98 | #if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_VOS) |
| 99 | int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes) | 99 | int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes) |
| 100 | { | 100 | { |
| 101 | return(-1); | 101 | return(-1); |
diff --git a/src/lib/libssl/src/crypto/rand/rand_err.c b/src/lib/libssl/src/crypto/rand/rand_err.c index 97f96e1aee..386934dcd1 100644 --- a/src/lib/libssl/src/crypto/rand/rand_err.c +++ b/src/lib/libssl/src/crypto/rand/rand_err.c | |||
| @@ -70,7 +70,6 @@ | |||
| 70 | 70 | ||
| 71 | static ERR_STRING_DATA RAND_str_functs[]= | 71 | static ERR_STRING_DATA RAND_str_functs[]= |
| 72 | { | 72 | { |
| 73 | {ERR_FUNC(RAND_F_FIPS_RAND_BYTES), "FIPS_RAND_BYTES"}, | ||
| 74 | {ERR_FUNC(RAND_F_RAND_GET_RAND_METHOD), "RAND_get_rand_method"}, | 73 | {ERR_FUNC(RAND_F_RAND_GET_RAND_METHOD), "RAND_get_rand_method"}, |
| 75 | {ERR_FUNC(RAND_F_SSLEAY_RAND_BYTES), "SSLEAY_RAND_BYTES"}, | 74 | {ERR_FUNC(RAND_F_SSLEAY_RAND_BYTES), "SSLEAY_RAND_BYTES"}, |
| 76 | {0,NULL} | 75 | {0,NULL} |
| @@ -78,12 +77,7 @@ static ERR_STRING_DATA RAND_str_functs[]= | |||
| 78 | 77 | ||
| 79 | static ERR_STRING_DATA RAND_str_reasons[]= | 78 | static ERR_STRING_DATA RAND_str_reasons[]= |
| 80 | { | 79 | { |
| 81 | {ERR_REASON(RAND_R_NON_FIPS_METHOD) ,"non fips method"}, | ||
| 82 | {ERR_REASON(RAND_R_PRNG_ASKING_FOR_TOO_MUCH),"prng asking for too much"}, | ||
| 83 | {ERR_REASON(RAND_R_PRNG_NOT_REKEYED) ,"prng not rekeyed"}, | ||
| 84 | {ERR_REASON(RAND_R_PRNG_NOT_RESEEDED) ,"prng not reseeded"}, | ||
| 85 | {ERR_REASON(RAND_R_PRNG_NOT_SEEDED) ,"PRNG not seeded"}, | 80 | {ERR_REASON(RAND_R_PRNG_NOT_SEEDED) ,"PRNG not seeded"}, |
| 86 | {ERR_REASON(RAND_R_PRNG_STUCK) ,"prng stuck"}, | ||
| 87 | {0,NULL} | 81 | {0,NULL} |
| 88 | }; | 82 | }; |
| 89 | 83 | ||
| @@ -91,15 +85,12 @@ static ERR_STRING_DATA RAND_str_reasons[]= | |||
| 91 | 85 | ||
| 92 | void ERR_load_RAND_strings(void) | 86 | void ERR_load_RAND_strings(void) |
| 93 | { | 87 | { |
| 94 | static int init=1; | 88 | #ifndef OPENSSL_NO_ERR |
| 95 | 89 | ||
| 96 | if (init) | 90 | if (ERR_func_error_string(RAND_str_functs[0].error) == NULL) |
| 97 | { | 91 | { |
| 98 | init=0; | ||
| 99 | #ifndef OPENSSL_NO_ERR | ||
| 100 | ERR_load_strings(0,RAND_str_functs); | 92 | ERR_load_strings(0,RAND_str_functs); |
| 101 | ERR_load_strings(0,RAND_str_reasons); | 93 | ERR_load_strings(0,RAND_str_reasons); |
| 102 | #endif | ||
| 103 | |||
| 104 | } | 94 | } |
| 95 | #endif | ||
| 105 | } | 96 | } |
diff --git a/src/lib/libssl/src/crypto/rand/rand_lib.c b/src/lib/libssl/src/crypto/rand/rand_lib.c index a21bde79de..513e338985 100644 --- a/src/lib/libssl/src/crypto/rand/rand_lib.c +++ b/src/lib/libssl/src/crypto/rand/rand_lib.c | |||
| @@ -63,8 +63,6 @@ | |||
| 63 | #ifndef OPENSSL_NO_ENGINE | 63 | #ifndef OPENSSL_NO_ENGINE |
| 64 | #include <openssl/engine.h> | 64 | #include <openssl/engine.h> |
| 65 | #endif | 65 | #endif |
| 66 | #include <openssl/fips.h> | ||
| 67 | #include <openssl/fips_rand.h> | ||
| 68 | 66 | ||
| 69 | #ifndef OPENSSL_NO_ENGINE | 67 | #ifndef OPENSSL_NO_ENGINE |
| 70 | /* non-NULL if default_RAND_meth is ENGINE-provided */ | 68 | /* non-NULL if default_RAND_meth is ENGINE-provided */ |
| @@ -104,22 +102,8 @@ const RAND_METHOD *RAND_get_rand_method(void) | |||
| 104 | funct_ref = e; | 102 | funct_ref = e; |
| 105 | else | 103 | else |
| 106 | #endif | 104 | #endif |
| 107 | #ifdef OPENSSL_FIPS | 105 | default_RAND_meth = RAND_SSLeay(); |
| 108 | if(FIPS_mode()) | ||
| 109 | default_RAND_meth=FIPS_rand_method(); | ||
| 110 | else | ||
| 111 | #endif | ||
| 112 | default_RAND_meth = RAND_SSLeay(); | ||
| 113 | } | 106 | } |
| 114 | |||
| 115 | #ifdef OPENSSL_FIPS | ||
| 116 | if(FIPS_mode() | ||
| 117 | && default_RAND_meth != FIPS_rand_check()) | ||
| 118 | { | ||
| 119 | RANDerr(RAND_F_RAND_GET_RAND_METHOD,RAND_R_NON_FIPS_METHOD); | ||
| 120 | return 0; | ||
| 121 | } | ||
| 122 | #endif | ||
| 123 | return default_RAND_meth; | 107 | return default_RAND_meth; |
| 124 | } | 108 | } |
| 125 | 109 | ||
diff --git a/src/lib/libssl/src/crypto/rand/rand_unix.c b/src/lib/libssl/src/crypto/rand/rand_unix.c index 9376554fae..6c2be5cb96 100644 --- a/src/lib/libssl/src/crypto/rand/rand_unix.c +++ b/src/lib/libssl/src/crypto/rand/rand_unix.c | |||
| @@ -56,7 +56,7 @@ | |||
| 56 | * [including the GNU Public Licence.] | 56 | * [including the GNU Public Licence.] |
| 57 | */ | 57 | */ |
| 58 | /* ==================================================================== | 58 | /* ==================================================================== |
| 59 | * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved. | 59 | * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. |
| 60 | * | 60 | * |
| 61 | * Redistribution and use in source and binary forms, with or without | 61 | * Redistribution and use in source and binary forms, with or without |
| 62 | * modification, are permitted provided that the following conditions | 62 | * modification, are permitted provided that the following conditions |
| @@ -108,6 +108,7 @@ | |||
| 108 | * Hudson (tjh@cryptsoft.com). | 108 | * Hudson (tjh@cryptsoft.com). |
| 109 | * | 109 | * |
| 110 | */ | 110 | */ |
| 111 | #include <stdio.h> | ||
| 111 | 112 | ||
| 112 | #define USE_SOCKETS | 113 | #define USE_SOCKETS |
| 113 | #include "e_os.h" | 114 | #include "e_os.h" |
| @@ -115,7 +116,7 @@ | |||
| 115 | #include <openssl/rand.h> | 116 | #include <openssl/rand.h> |
| 116 | #include "rand_lcl.h" | 117 | #include "rand_lcl.h" |
| 117 | 118 | ||
| 118 | #if !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2) || defined(OPENSSL_SYS_VXWORKS)) | 119 | #if !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE)) |
| 119 | 120 | ||
| 120 | #include <sys/types.h> | 121 | #include <sys/types.h> |
| 121 | #include <sys/time.h> | 122 | #include <sys/time.h> |
| @@ -124,6 +125,13 @@ | |||
| 124 | #include <fcntl.h> | 125 | #include <fcntl.h> |
| 125 | #include <unistd.h> | 126 | #include <unistd.h> |
| 126 | #include <time.h> | 127 | #include <time.h> |
| 128 | #if defined(OPENSSL_SYS_LINUX) /* should actually be available virtually everywhere */ | ||
| 129 | # include <poll.h> | ||
| 130 | #endif | ||
| 131 | #include <limits.h> | ||
| 132 | #ifndef FD_SETSIZE | ||
| 133 | # define FD_SETSIZE (8*sizeof(fd_set)) | ||
| 134 | #endif | ||
| 127 | 135 | ||
| 128 | #ifdef __OpenBSD__ | 136 | #ifdef __OpenBSD__ |
| 129 | int RAND_poll(void) | 137 | int RAND_poll(void) |
| @@ -142,7 +150,7 @@ int RAND_poll(void) | |||
| 142 | 150 | ||
| 143 | return 1; | 151 | return 1; |
| 144 | } | 152 | } |
| 145 | #else | 153 | #else /* !defined(__OpenBSD__) */ |
| 146 | int RAND_poll(void) | 154 | int RAND_poll(void) |
| 147 | { | 155 | { |
| 148 | unsigned long l; | 156 | unsigned long l; |
| @@ -154,7 +162,8 @@ int RAND_poll(void) | |||
| 154 | #ifdef DEVRANDOM | 162 | #ifdef DEVRANDOM |
| 155 | static const char *randomfiles[] = { DEVRANDOM }; | 163 | static const char *randomfiles[] = { DEVRANDOM }; |
| 156 | struct stat randomstats[sizeof(randomfiles)/sizeof(randomfiles[0])]; | 164 | struct stat randomstats[sizeof(randomfiles)/sizeof(randomfiles[0])]; |
| 157 | int fd,i; | 165 | int fd; |
| 166 | size_t i; | ||
| 158 | #endif | 167 | #endif |
| 159 | #ifdef DEVRANDOM_EGD | 168 | #ifdef DEVRANDOM_EGD |
| 160 | static const char *egdsockets[] = { DEVRANDOM_EGD, NULL }; | 169 | static const char *egdsockets[] = { DEVRANDOM_EGD, NULL }; |
| @@ -182,10 +191,9 @@ int RAND_poll(void) | |||
| 182 | #endif | 191 | #endif |
| 183 | )) >= 0) | 192 | )) >= 0) |
| 184 | { | 193 | { |
| 185 | struct timeval t = { 0, 10*1000 }; /* Spend 10ms on | 194 | int usec = 10*1000; /* spend 10ms on each file */ |
| 186 | each file. */ | 195 | int r; |
| 187 | int r,j; | 196 | size_t j; |
| 188 | fd_set fset; | ||
| 189 | struct stat *st=&randomstats[i]; | 197 | struct stat *st=&randomstats[i]; |
| 190 | 198 | ||
| 191 | /* Avoid using same input... Used to be O_NOFOLLOW | 199 | /* Avoid using same input... Used to be O_NOFOLLOW |
| @@ -201,35 +209,75 @@ int RAND_poll(void) | |||
| 201 | 209 | ||
| 202 | do | 210 | do |
| 203 | { | 211 | { |
| 204 | FD_ZERO(&fset); | 212 | int try_read = 0; |
| 205 | FD_SET(fd, &fset); | ||
| 206 | r = -1; | ||
| 207 | 213 | ||
| 208 | if (select(fd+1,&fset,NULL,NULL,&t) < 0) | 214 | #if defined(OPENSSL_SYS_LINUX) |
| 209 | t.tv_usec=0; | 215 | /* use poll() */ |
| 210 | else if (FD_ISSET(fd, &fset)) | 216 | struct pollfd pset; |
| 217 | |||
| 218 | pset.fd = fd; | ||
| 219 | pset.events = POLLIN; | ||
| 220 | pset.revents = 0; | ||
| 221 | |||
| 222 | if (poll(&pset, 1, usec / 1000) < 0) | ||
| 223 | usec = 0; | ||
| 224 | else | ||
| 225 | try_read = (pset.revents & POLLIN) != 0; | ||
| 226 | |||
| 227 | #else | ||
| 228 | /* use select() */ | ||
| 229 | fd_set fset; | ||
| 230 | struct timeval t; | ||
| 231 | |||
| 232 | t.tv_sec = 0; | ||
| 233 | t.tv_usec = usec; | ||
| 234 | |||
| 235 | if (FD_SETSIZE > 0 && fd >= FD_SETSIZE) | ||
| 236 | { | ||
| 237 | /* can't use select, so just try to read once anyway */ | ||
| 238 | try_read = 1; | ||
| 239 | } | ||
| 240 | else | ||
| 241 | { | ||
| 242 | FD_ZERO(&fset); | ||
| 243 | FD_SET(fd, &fset); | ||
| 244 | |||
| 245 | if (select(fd+1,&fset,NULL,NULL,&t) >= 0) | ||
| 246 | { | ||
| 247 | usec = t.tv_usec; | ||
| 248 | if (FD_ISSET(fd, &fset)) | ||
| 249 | try_read = 1; | ||
| 250 | } | ||
| 251 | else | ||
| 252 | usec = 0; | ||
| 253 | } | ||
| 254 | #endif | ||
| 255 | |||
| 256 | if (try_read) | ||
| 211 | { | 257 | { |
| 212 | r=read(fd,(unsigned char *)tmpbuf+n, | 258 | r = read(fd,(unsigned char *)tmpbuf+n, ENTROPY_NEEDED-n); |
| 213 | ENTROPY_NEEDED-n); | ||
| 214 | if (r > 0) | 259 | if (r > 0) |
| 215 | n += r; | 260 | n += r; |
| 216 | } | 261 | } |
| 217 | 262 | else | |
| 218 | /* Some Unixen will update t, some | 263 | r = -1; |
| 219 | won't. For those who won't, give | 264 | |
| 220 | up here, otherwise, we will do | 265 | /* Some Unixen will update t in select(), some |
| 266 | won't. For those who won't, or if we | ||
| 267 | didn't use select() in the first place, | ||
| 268 | give up here, otherwise, we will do | ||
| 221 | this once again for the remaining | 269 | this once again for the remaining |
| 222 | time. */ | 270 | time. */ |
| 223 | if (t.tv_usec == 10*1000) | 271 | if (usec == 10*1000) |
| 224 | t.tv_usec=0; | 272 | usec = 0; |
| 225 | } | 273 | } |
| 226 | while ((r > 0 || (errno == EINTR || errno == EAGAIN)) | 274 | while ((r > 0 || |
| 227 | && t.tv_usec != 0 && n < ENTROPY_NEEDED); | 275 | (errno == EINTR || errno == EAGAIN)) && usec != 0 && n < ENTROPY_NEEDED); |
| 228 | 276 | ||
| 229 | close(fd); | 277 | close(fd); |
| 230 | } | 278 | } |
| 231 | } | 279 | } |
| 232 | #endif | 280 | #endif /* defined(DEVRANDOM) */ |
| 233 | 281 | ||
| 234 | #ifdef DEVRANDOM_EGD | 282 | #ifdef DEVRANDOM_EGD |
| 235 | /* Use an EGD socket to read entropy from an EGD or PRNGD entropy | 283 | /* Use an EGD socket to read entropy from an EGD or PRNGD entropy |
| @@ -244,24 +292,24 @@ int RAND_poll(void) | |||
| 244 | if (r > 0) | 292 | if (r > 0) |
| 245 | n += r; | 293 | n += r; |
| 246 | } | 294 | } |
| 247 | #endif | 295 | #endif /* defined(DEVRANDOM_EGD) */ |
| 248 | 296 | ||
| 249 | #if defined(DEVRANDOM) || defined(DEVRANDOM_EGD) | 297 | #if defined(DEVRANDOM) || defined(DEVRANDOM_EGD) |
| 250 | if (n > 0) | 298 | if (n > 0) |
| 251 | { | 299 | { |
| 252 | RAND_add(tmpbuf,sizeof tmpbuf,n); | 300 | RAND_add(tmpbuf,sizeof tmpbuf,(double)n); |
| 253 | OPENSSL_cleanse(tmpbuf,n); | 301 | OPENSSL_cleanse(tmpbuf,n); |
| 254 | } | 302 | } |
| 255 | #endif | 303 | #endif |
| 256 | 304 | ||
| 257 | /* put in some default random data, we need more than just this */ | 305 | /* put in some default random data, we need more than just this */ |
| 258 | l=curr_pid; | 306 | l=curr_pid; |
| 259 | RAND_add(&l,sizeof(l),0); | 307 | RAND_add(&l,sizeof(l),0.0); |
| 260 | l=getuid(); | 308 | l=getuid(); |
| 261 | RAND_add(&l,sizeof(l),0); | 309 | RAND_add(&l,sizeof(l),0.0); |
| 262 | 310 | ||
| 263 | l=time(NULL); | 311 | l=time(NULL); |
| 264 | RAND_add(&l,sizeof(l),0); | 312 | RAND_add(&l,sizeof(l),0.0); |
| 265 | 313 | ||
| 266 | #if defined(DEVRANDOM) || defined(DEVRANDOM_EGD) | 314 | #if defined(DEVRANDOM) || defined(DEVRANDOM_EGD) |
| 267 | return 1; | 315 | return 1; |
| @@ -270,12 +318,13 @@ int RAND_poll(void) | |||
| 270 | #endif | 318 | #endif |
| 271 | } | 319 | } |
| 272 | 320 | ||
| 273 | #endif | 321 | #endif /* defined(__OpenBSD__) */ |
| 274 | #endif | 322 | #endif /* !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE)) */ |
| 323 | |||
| 275 | 324 | ||
| 276 | #if defined(OPENSSL_SYS_VXWORKS) | 325 | #if defined(OPENSSL_SYS_VXWORKS) |
| 277 | int RAND_poll(void) | 326 | int RAND_poll(void) |
| 278 | { | 327 | { |
| 279 | return 0; | 328 | return 0; |
| 280 | } | 329 | } |
| 281 | #endif | 330 | #endif |
diff --git a/src/lib/libssl/src/crypto/rand/rand_win.c b/src/lib/libssl/src/crypto/rand/rand_win.c index 30c69161ef..00dbe4232c 100644 --- a/src/lib/libssl/src/crypto/rand/rand_win.c +++ b/src/lib/libssl/src/crypto/rand/rand_win.c | |||
| @@ -121,6 +121,10 @@ | |||
| 121 | #include <wincrypt.h> | 121 | #include <wincrypt.h> |
| 122 | #include <tlhelp32.h> | 122 | #include <tlhelp32.h> |
| 123 | 123 | ||
| 124 | /* Limit the time spent walking through the heap, processes, threads and modules to | ||
| 125 | a maximum of 1000 miliseconds each, unless CryptoGenRandom failed */ | ||
| 126 | #define MAXDELAY 1000 | ||
| 127 | |||
| 124 | /* Intel hardware RNG CSP -- available from | 128 | /* Intel hardware RNG CSP -- available from |
| 125 | * http://developer.intel.com/design/security/rng/redist_license.htm | 129 | * http://developer.intel.com/design/security/rng/redist_license.htm |
| 126 | */ | 130 | */ |
| @@ -152,6 +156,7 @@ typedef struct tagCURSORINFO | |||
| 152 | #define CURSOR_SHOWING 0x00000001 | 156 | #define CURSOR_SHOWING 0x00000001 |
| 153 | #endif /* CURSOR_SHOWING */ | 157 | #endif /* CURSOR_SHOWING */ |
| 154 | 158 | ||
| 159 | #if !defined(OPENSSL_SYS_WINCE) | ||
| 155 | typedef BOOL (WINAPI *CRYPTACQUIRECONTEXTW)(HCRYPTPROV *, LPCWSTR, LPCWSTR, | 160 | typedef BOOL (WINAPI *CRYPTACQUIRECONTEXTW)(HCRYPTPROV *, LPCWSTR, LPCWSTR, |
| 156 | DWORD, DWORD); | 161 | DWORD, DWORD); |
| 157 | typedef BOOL (WINAPI *CRYPTGENRANDOM)(HCRYPTPROV, DWORD, BYTE *); | 162 | typedef BOOL (WINAPI *CRYPTGENRANDOM)(HCRYPTPROV, DWORD, BYTE *); |
| @@ -163,7 +168,7 @@ typedef DWORD (WINAPI *GETQUEUESTATUS)(UINT); | |||
| 163 | 168 | ||
| 164 | typedef HANDLE (WINAPI *CREATETOOLHELP32SNAPSHOT)(DWORD, DWORD); | 169 | typedef HANDLE (WINAPI *CREATETOOLHELP32SNAPSHOT)(DWORD, DWORD); |
| 165 | typedef BOOL (WINAPI *CLOSETOOLHELP32SNAPSHOT)(HANDLE); | 170 | typedef BOOL (WINAPI *CLOSETOOLHELP32SNAPSHOT)(HANDLE); |
| 166 | typedef BOOL (WINAPI *HEAP32FIRST)(LPHEAPENTRY32, DWORD, DWORD); | 171 | typedef BOOL (WINAPI *HEAP32FIRST)(LPHEAPENTRY32, DWORD, size_t); |
| 167 | typedef BOOL (WINAPI *HEAP32NEXT)(LPHEAPENTRY32); | 172 | typedef BOOL (WINAPI *HEAP32NEXT)(LPHEAPENTRY32); |
| 168 | typedef BOOL (WINAPI *HEAP32LIST)(HANDLE, LPHEAPLIST32); | 173 | typedef BOOL (WINAPI *HEAP32LIST)(HANDLE, LPHEAPLIST32); |
| 169 | typedef BOOL (WINAPI *PROCESS32)(HANDLE, LPPROCESSENTRY32); | 174 | typedef BOOL (WINAPI *PROCESS32)(HANDLE, LPPROCESSENTRY32); |
| @@ -171,9 +176,7 @@ typedef BOOL (WINAPI *THREAD32)(HANDLE, LPTHREADENTRY32); | |||
| 171 | typedef BOOL (WINAPI *MODULE32)(HANDLE, LPMODULEENTRY32); | 176 | typedef BOOL (WINAPI *MODULE32)(HANDLE, LPMODULEENTRY32); |
| 172 | 177 | ||
| 173 | #include <lmcons.h> | 178 | #include <lmcons.h> |
| 174 | #ifndef OPENSSL_SYS_WINCE | ||
| 175 | #include <lmstats.h> | 179 | #include <lmstats.h> |
| 176 | #endif | ||
| 177 | #if 1 /* The NET API is Unicode only. It requires the use of the UNICODE | 180 | #if 1 /* The NET API is Unicode only. It requires the use of the UNICODE |
| 178 | * macro. When UNICODE is defined LPTSTR becomes LPWSTR. LMSTR was | 181 | * macro. When UNICODE is defined LPTSTR becomes LPWSTR. LMSTR was |
| 179 | * was added to the Platform SDK to allow the NET API to be used in | 182 | * was added to the Platform SDK to allow the NET API to be used in |
| @@ -184,26 +187,14 @@ typedef NET_API_STATUS (NET_API_FUNCTION * NETSTATGET) | |||
| 184 | (LPWSTR, LPWSTR, DWORD, DWORD, LPBYTE*); | 187 | (LPWSTR, LPWSTR, DWORD, DWORD, LPBYTE*); |
| 185 | typedef NET_API_STATUS (NET_API_FUNCTION * NETFREE)(LPBYTE); | 188 | typedef NET_API_STATUS (NET_API_FUNCTION * NETFREE)(LPBYTE); |
| 186 | #endif /* 1 */ | 189 | #endif /* 1 */ |
| 190 | #endif /* !OPENSSL_SYS_WINCE */ | ||
| 187 | 191 | ||
| 188 | int RAND_poll(void) | 192 | int RAND_poll(void) |
| 189 | { | 193 | { |
| 190 | MEMORYSTATUS m; | 194 | MEMORYSTATUS m; |
| 191 | HCRYPTPROV hProvider = 0; | 195 | HCRYPTPROV hProvider = 0; |
| 192 | BYTE buf[64]; | ||
| 193 | DWORD w; | 196 | DWORD w; |
| 194 | HWND h; | 197 | int good = 0; |
| 195 | |||
| 196 | HMODULE advapi, kernel, user, netapi; | ||
| 197 | CRYPTACQUIRECONTEXTW acquire = 0; | ||
| 198 | CRYPTGENRANDOM gen = 0; | ||
| 199 | CRYPTRELEASECONTEXT release = 0; | ||
| 200 | #if 1 /* There was previously a problem with NETSTATGET. Currently, this | ||
| 201 | * section is still experimental, but if all goes well, this conditional | ||
| 202 | * will be removed | ||
| 203 | */ | ||
| 204 | NETSTATGET netstatget = 0; | ||
| 205 | NETFREE netfree = 0; | ||
| 206 | #endif /* 1 */ | ||
| 207 | 198 | ||
| 208 | /* Determine the OS version we are on so we can turn off things | 199 | /* Determine the OS version we are on so we can turn off things |
| 209 | * that do not work properly. | 200 | * that do not work properly. |
| @@ -212,21 +203,24 @@ int RAND_poll(void) | |||
| 212 | osverinfo.dwOSVersionInfoSize = sizeof(OSVERSIONINFO) ; | 203 | osverinfo.dwOSVersionInfoSize = sizeof(OSVERSIONINFO) ; |
| 213 | GetVersionEx( &osverinfo ) ; | 204 | GetVersionEx( &osverinfo ) ; |
| 214 | 205 | ||
| 215 | #if defined(OPENSSL_SYS_WINCE) && WCEPLATFORM!=MS_HPC_PRO | 206 | #if defined(OPENSSL_SYS_WINCE) |
| 216 | #ifndef CryptAcquireContext | 207 | # if defined(_WIN32_WCE) && _WIN32_WCE>=300 |
| 217 | #define CryptAcquireContext CryptAcquireContextW | 208 | /* Even though MSDN says _WIN32_WCE>=210, it doesn't seem to be available |
| 218 | #endif | 209 | * in commonly available implementations prior 300... */ |
| 210 | { | ||
| 211 | BYTE buf[64]; | ||
| 219 | /* poll the CryptoAPI PRNG */ | 212 | /* poll the CryptoAPI PRNG */ |
| 220 | /* The CryptoAPI returns sizeof(buf) bytes of randomness */ | 213 | /* The CryptoAPI returns sizeof(buf) bytes of randomness */ |
| 221 | if (CryptAcquireContext(&hProvider, 0, 0, PROV_RSA_FULL, CRYPT_VERIFYCONTEXT)) | 214 | if (CryptAcquireContextW(&hProvider, NULL, NULL, PROV_RSA_FULL, |
| 215 | CRYPT_VERIFYCONTEXT)) | ||
| 222 | { | 216 | { |
| 223 | if (CryptGenRandom(hProvider, sizeof(buf), buf)) | 217 | if (CryptGenRandom(hProvider, sizeof(buf), buf)) |
| 224 | RAND_add(buf, sizeof(buf), sizeof(buf)); | 218 | RAND_add(buf, sizeof(buf), sizeof(buf)); |
| 225 | CryptReleaseContext(hProvider, 0); | 219 | CryptReleaseContext(hProvider, 0); |
| 226 | } | 220 | } |
| 227 | #endif | 221 | } |
| 228 | 222 | # endif | |
| 229 | #ifndef OPENSSL_SYS_WINCE | 223 | #else /* OPENSSL_SYS_WINCE */ |
| 230 | /* | 224 | /* |
| 231 | * None of below libraries are present on Windows CE, which is | 225 | * None of below libraries are present on Windows CE, which is |
| 232 | * why we #ifndef the whole section. This also excuses us from | 226 | * why we #ifndef the whole section. This also excuses us from |
| @@ -240,17 +234,19 @@ int RAND_poll(void) | |||
| 240 | * implement own shim routine, which would accept ANSI argument | 234 | * implement own shim routine, which would accept ANSI argument |
| 241 | * and expand it to Unicode. | 235 | * and expand it to Unicode. |
| 242 | */ | 236 | */ |
| 243 | 237 | { | |
| 244 | /* load functions dynamically - not available on all systems */ | 238 | /* load functions dynamically - not available on all systems */ |
| 245 | advapi = LoadLibrary(TEXT("ADVAPI32.DLL")); | 239 | HMODULE advapi = LoadLibrary(TEXT("ADVAPI32.DLL")); |
| 246 | kernel = LoadLibrary(TEXT("KERNEL32.DLL")); | 240 | HMODULE kernel = LoadLibrary(TEXT("KERNEL32.DLL")); |
| 247 | user = LoadLibrary(TEXT("USER32.DLL")); | 241 | HMODULE user = NULL; |
| 248 | netapi = LoadLibrary(TEXT("NETAPI32.DLL")); | 242 | HMODULE netapi = LoadLibrary(TEXT("NETAPI32.DLL")); |
| 249 | 243 | CRYPTACQUIRECONTEXTW acquire = NULL; | |
| 250 | #if 1 /* There was previously a problem with NETSTATGET. Currently, this | 244 | CRYPTGENRANDOM gen = NULL; |
| 251 | * section is still experimental, but if all goes well, this conditional | 245 | CRYPTRELEASECONTEXT release = NULL; |
| 252 | * will be removed | 246 | NETSTATGET netstatget = NULL; |
| 253 | */ | 247 | NETFREE netfree = NULL; |
| 248 | BYTE buf[64]; | ||
| 249 | |||
| 254 | if (netapi) | 250 | if (netapi) |
| 255 | { | 251 | { |
| 256 | netstatget = (NETSTATGET) GetProcAddress(netapi,"NetStatisticsGet"); | 252 | netstatget = (NETSTATGET) GetProcAddress(netapi,"NetStatisticsGet"); |
| @@ -280,7 +276,6 @@ int RAND_poll(void) | |||
| 280 | 276 | ||
| 281 | if (netapi) | 277 | if (netapi) |
| 282 | FreeLibrary(netapi); | 278 | FreeLibrary(netapi); |
| 283 | #endif /* 1 */ | ||
| 284 | 279 | ||
| 285 | /* It appears like this can cause an exception deep within ADVAPI32.DLL | 280 | /* It appears like this can cause an exception deep within ADVAPI32.DLL |
| 286 | * at random times on Windows 2000. Reported by Jeffrey Altman. | 281 | * at random times on Windows 2000. Reported by Jeffrey Altman. |
| @@ -356,12 +351,13 @@ int RAND_poll(void) | |||
| 356 | { | 351 | { |
| 357 | /* poll the CryptoAPI PRNG */ | 352 | /* poll the CryptoAPI PRNG */ |
| 358 | /* The CryptoAPI returns sizeof(buf) bytes of randomness */ | 353 | /* The CryptoAPI returns sizeof(buf) bytes of randomness */ |
| 359 | if (acquire(&hProvider, 0, 0, PROV_RSA_FULL, | 354 | if (acquire(&hProvider, NULL, NULL, PROV_RSA_FULL, |
| 360 | CRYPT_VERIFYCONTEXT)) | 355 | CRYPT_VERIFYCONTEXT)) |
| 361 | { | 356 | { |
| 362 | if (gen(hProvider, sizeof(buf), buf) != 0) | 357 | if (gen(hProvider, sizeof(buf), buf) != 0) |
| 363 | { | 358 | { |
| 364 | RAND_add(buf, sizeof(buf), 0); | 359 | RAND_add(buf, sizeof(buf), 0); |
| 360 | good = 1; | ||
| 365 | #if 0 | 361 | #if 0 |
| 366 | printf("randomness from PROV_RSA_FULL\n"); | 362 | printf("randomness from PROV_RSA_FULL\n"); |
| 367 | #endif | 363 | #endif |
| @@ -375,6 +371,7 @@ int RAND_poll(void) | |||
| 375 | if (gen(hProvider, sizeof(buf), buf) != 0) | 371 | if (gen(hProvider, sizeof(buf), buf) != 0) |
| 376 | { | 372 | { |
| 377 | RAND_add(buf, sizeof(buf), sizeof(buf)); | 373 | RAND_add(buf, sizeof(buf), sizeof(buf)); |
| 374 | good = 1; | ||
| 378 | #if 0 | 375 | #if 0 |
| 379 | printf("randomness from PROV_INTEL_SEC\n"); | 376 | printf("randomness from PROV_INTEL_SEC\n"); |
| 380 | #endif | 377 | #endif |
| @@ -386,7 +383,9 @@ int RAND_poll(void) | |||
| 386 | if (advapi) | 383 | if (advapi) |
| 387 | FreeLibrary(advapi); | 384 | FreeLibrary(advapi); |
| 388 | 385 | ||
| 389 | if (user) | 386 | if ((osverinfo.dwPlatformId != VER_PLATFORM_WIN32_NT || |
| 387 | !OPENSSL_isservice()) && | ||
| 388 | (user = LoadLibrary(TEXT("USER32.DLL")))) | ||
| 390 | { | 389 | { |
| 391 | GETCURSORINFO cursor; | 390 | GETCURSORINFO cursor; |
| 392 | GETFOREGROUNDWINDOW win; | 391 | GETFOREGROUNDWINDOW win; |
| @@ -399,7 +398,7 @@ int RAND_poll(void) | |||
| 399 | if (win) | 398 | if (win) |
| 400 | { | 399 | { |
| 401 | /* window handle */ | 400 | /* window handle */ |
| 402 | h = win(); | 401 | HWND h = win(); |
| 403 | RAND_add(&h, sizeof(h), 0); | 402 | RAND_add(&h, sizeof(h), 0); |
| 404 | } | 403 | } |
| 405 | if (cursor) | 404 | if (cursor) |
| @@ -464,6 +463,7 @@ int RAND_poll(void) | |||
| 464 | PROCESSENTRY32 p; | 463 | PROCESSENTRY32 p; |
| 465 | THREADENTRY32 t; | 464 | THREADENTRY32 t; |
| 466 | MODULEENTRY32 m; | 465 | MODULEENTRY32 m; |
| 466 | DWORD stoptime = 0; | ||
| 467 | 467 | ||
| 468 | snap = (CREATETOOLHELP32SNAPSHOT) | 468 | snap = (CREATETOOLHELP32SNAPSHOT) |
| 469 | GetProcAddress(kernel, "CreateToolhelp32Snapshot"); | 469 | GetProcAddress(kernel, "CreateToolhelp32Snapshot"); |
| @@ -495,6 +495,7 @@ int RAND_poll(void) | |||
| 495 | * of entropy. | 495 | * of entropy. |
| 496 | */ | 496 | */ |
| 497 | hlist.dwSize = sizeof(HEAPLIST32); | 497 | hlist.dwSize = sizeof(HEAPLIST32); |
| 498 | if (good) stoptime = GetTickCount() + MAXDELAY; | ||
| 498 | if (heaplist_first(handle, &hlist)) | 499 | if (heaplist_first(handle, &hlist)) |
| 499 | do | 500 | do |
| 500 | { | 501 | { |
| @@ -512,18 +513,20 @@ int RAND_poll(void) | |||
| 512 | && --entrycnt > 0); | 513 | && --entrycnt > 0); |
| 513 | } | 514 | } |
| 514 | } while (heaplist_next(handle, | 515 | } while (heaplist_next(handle, |
| 515 | &hlist)); | 516 | &hlist) && GetTickCount() < stoptime); |
| 516 | 517 | ||
| 517 | /* process walking */ | 518 | /* process walking */ |
| 518 | /* PROCESSENTRY32 contains 9 fields that will change | 519 | /* PROCESSENTRY32 contains 9 fields that will change |
| 519 | * with each entry. Consider each field a source of | 520 | * with each entry. Consider each field a source of |
| 520 | * 1 byte of entropy. | 521 | * 1 byte of entropy. |
| 521 | */ | 522 | */ |
| 522 | p.dwSize = sizeof(PROCESSENTRY32); | 523 | p.dwSize = sizeof(PROCESSENTRY32); |
| 524 | |||
| 525 | if (good) stoptime = GetTickCount() + MAXDELAY; | ||
| 523 | if (process_first(handle, &p)) | 526 | if (process_first(handle, &p)) |
| 524 | do | 527 | do |
| 525 | RAND_add(&p, p.dwSize, 9); | 528 | RAND_add(&p, p.dwSize, 9); |
| 526 | while (process_next(handle, &p)); | 529 | while (process_next(handle, &p) && GetTickCount() < stoptime); |
| 527 | 530 | ||
| 528 | /* thread walking */ | 531 | /* thread walking */ |
| 529 | /* THREADENTRY32 contains 6 fields that will change | 532 | /* THREADENTRY32 contains 6 fields that will change |
| @@ -531,10 +534,11 @@ int RAND_poll(void) | |||
| 531 | * 1 byte of entropy. | 534 | * 1 byte of entropy. |
| 532 | */ | 535 | */ |
| 533 | t.dwSize = sizeof(THREADENTRY32); | 536 | t.dwSize = sizeof(THREADENTRY32); |
| 537 | if (good) stoptime = GetTickCount() + MAXDELAY; | ||
| 534 | if (thread_first(handle, &t)) | 538 | if (thread_first(handle, &t)) |
| 535 | do | 539 | do |
| 536 | RAND_add(&t, t.dwSize, 6); | 540 | RAND_add(&t, t.dwSize, 6); |
| 537 | while (thread_next(handle, &t)); | 541 | while (thread_next(handle, &t) && GetTickCount() < stoptime); |
| 538 | 542 | ||
| 539 | /* module walking */ | 543 | /* module walking */ |
| 540 | /* MODULEENTRY32 contains 9 fields that will change | 544 | /* MODULEENTRY32 contains 9 fields that will change |
| @@ -542,18 +546,22 @@ int RAND_poll(void) | |||
| 542 | * 1 byte of entropy. | 546 | * 1 byte of entropy. |
| 543 | */ | 547 | */ |
| 544 | m.dwSize = sizeof(MODULEENTRY32); | 548 | m.dwSize = sizeof(MODULEENTRY32); |
| 549 | if (good) stoptime = GetTickCount() + MAXDELAY; | ||
| 545 | if (module_first(handle, &m)) | 550 | if (module_first(handle, &m)) |
| 546 | do | 551 | do |
| 547 | RAND_add(&m, m.dwSize, 9); | 552 | RAND_add(&m, m.dwSize, 9); |
| 548 | while (module_next(handle, &m)); | 553 | while (module_next(handle, &m) |
| 554 | && (GetTickCount() < stoptime)); | ||
| 549 | if (close_snap) | 555 | if (close_snap) |
| 550 | close_snap(handle); | 556 | close_snap(handle); |
| 551 | else | 557 | else |
| 552 | CloseHandle(handle); | 558 | CloseHandle(handle); |
| 559 | |||
| 553 | } | 560 | } |
| 554 | 561 | ||
| 555 | FreeLibrary(kernel); | 562 | FreeLibrary(kernel); |
| 556 | } | 563 | } |
| 564 | } | ||
| 557 | #endif /* !OPENSSL_SYS_WINCE */ | 565 | #endif /* !OPENSSL_SYS_WINCE */ |
| 558 | 566 | ||
| 559 | /* timer data */ | 567 | /* timer data */ |
| @@ -693,6 +701,9 @@ static void readscreen(void) | |||
| 693 | int y; /* y-coordinate of screen lines to grab */ | 701 | int y; /* y-coordinate of screen lines to grab */ |
| 694 | int n = 16; /* number of screen lines to grab at a time */ | 702 | int n = 16; /* number of screen lines to grab at a time */ |
| 695 | 703 | ||
| 704 | if (GetVersion() >= 0x80000000 || !OPENSSL_isservice()) | ||
| 705 | return; | ||
| 706 | |||
| 696 | /* Create a screen DC and a memory DC compatible to screen DC */ | 707 | /* Create a screen DC and a memory DC compatible to screen DC */ |
| 697 | hScrDC = CreateDC(TEXT("DISPLAY"), NULL, NULL, NULL); | 708 | hScrDC = CreateDC(TEXT("DISPLAY"), NULL, NULL, NULL); |
| 698 | hMemDC = CreateCompatibleDC(hScrDC); | 709 | hMemDC = CreateCompatibleDC(hScrDC); |
diff --git a/src/lib/libssl/src/crypto/rand/randfile.c b/src/lib/libssl/src/crypto/rand/randfile.c index d847d8ebdf..005cb38cb0 100644 --- a/src/lib/libssl/src/crypto/rand/randfile.c +++ b/src/lib/libssl/src/crypto/rand/randfile.c | |||
| @@ -102,10 +102,8 @@ int RAND_load_file(const char *file, long bytes) | |||
| 102 | 102 | ||
| 103 | if (file == NULL) return(0); | 103 | if (file == NULL) return(0); |
| 104 | 104 | ||
| 105 | i=stat(file,&sb); | 105 | if (stat(file,&sb) < 0) return(0); |
| 106 | /* If the state fails, put some crap in anyway */ | 106 | RAND_add(&sb,sizeof(sb),0.0); |
| 107 | RAND_add(&sb,sizeof(sb),0); | ||
| 108 | if (i < 0) return(0); | ||
| 109 | if (bytes == 0) return(ret); | 107 | if (bytes == 0) return(ret); |
| 110 | 108 | ||
| 111 | in=fopen(file,"rb"); | 109 | in=fopen(file,"rb"); |
| @@ -128,8 +126,12 @@ int RAND_load_file(const char *file, long bytes) | |||
| 128 | n = BUFSIZE; | 126 | n = BUFSIZE; |
| 129 | i=fread(buf,1,n,in); | 127 | i=fread(buf,1,n,in); |
| 130 | if (i <= 0) break; | 128 | if (i <= 0) break; |
| 129 | #ifdef PURIFY | ||
| 130 | RAND_add(buf,i,(double)i); | ||
| 131 | #else | ||
| 131 | /* even if n != i, use the full array */ | 132 | /* even if n != i, use the full array */ |
| 132 | RAND_add(buf,n,i); | 133 | RAND_add(buf,n,(double)i); |
| 134 | #endif | ||
| 133 | ret+=i; | 135 | ret+=i; |
| 134 | if (bytes > 0) | 136 | if (bytes > 0) |
| 135 | { | 137 | { |
diff --git a/src/lib/libssl/src/crypto/rand/randtest.c b/src/lib/libssl/src/crypto/rand/randtest.c index 701932e6ee..9e92a70b03 100644 --- a/src/lib/libssl/src/crypto/rand/randtest.c +++ b/src/lib/libssl/src/crypto/rand/randtest.c | |||
| @@ -65,7 +65,7 @@ | |||
| 65 | /* some FIPS 140-1 random number test */ | 65 | /* some FIPS 140-1 random number test */ |
| 66 | /* some simple tests */ | 66 | /* some simple tests */ |
| 67 | 67 | ||
| 68 | int main() | 68 | int main(int argc,char **argv) |
| 69 | { | 69 | { |
| 70 | unsigned char buf[2500]; | 70 | unsigned char buf[2500]; |
| 71 | int i,j,k,s,sign,nsign,err=0; | 71 | int i,j,k,s,sign,nsign,err=0; |
| @@ -211,6 +211,9 @@ int main() | |||
| 211 | printf("test 4 done\n"); | 211 | printf("test 4 done\n"); |
| 212 | err: | 212 | err: |
| 213 | err=((err)?1:0); | 213 | err=((err)?1:0); |
| 214 | #ifdef OPENSSL_SYS_NETWARE | ||
| 215 | if (err) printf("ERROR: %d\n", err); | ||
| 216 | #endif | ||
| 214 | EXIT(err); | 217 | EXIT(err); |
| 215 | return(err); | 218 | return(err); |
| 216 | } | 219 | } |
diff --git a/src/lib/libssl/src/crypto/rc2/rc2.h b/src/lib/libssl/src/crypto/rc2/rc2.h index 71788158d8..34c8362317 100644 --- a/src/lib/libssl/src/crypto/rc2/rc2.h +++ b/src/lib/libssl/src/crypto/rc2/rc2.h | |||
| @@ -59,6 +59,7 @@ | |||
| 59 | #ifndef HEADER_RC2_H | 59 | #ifndef HEADER_RC2_H |
| 60 | #define HEADER_RC2_H | 60 | #define HEADER_RC2_H |
| 61 | 61 | ||
| 62 | #include <openssl/opensslconf.h> /* OPENSSL_NO_RC2, RC2_INT */ | ||
| 62 | #ifdef OPENSSL_NO_RC2 | 63 | #ifdef OPENSSL_NO_RC2 |
| 63 | #error RC2 is disabled. | 64 | #error RC2 is disabled. |
| 64 | #endif | 65 | #endif |
| @@ -66,7 +67,6 @@ | |||
| 66 | #define RC2_ENCRYPT 1 | 67 | #define RC2_ENCRYPT 1 |
| 67 | #define RC2_DECRYPT 0 | 68 | #define RC2_DECRYPT 0 |
| 68 | 69 | ||
| 69 | #include <openssl/opensslconf.h> /* RC2_INT */ | ||
| 70 | #define RC2_BLOCK 8 | 70 | #define RC2_BLOCK 8 |
| 71 | #define RC2_KEY_LENGTH 16 | 71 | #define RC2_KEY_LENGTH 16 |
| 72 | 72 | ||
| @@ -79,10 +79,7 @@ typedef struct rc2_key_st | |||
| 79 | RC2_INT data[64]; | 79 | RC2_INT data[64]; |
| 80 | } RC2_KEY; | 80 | } RC2_KEY; |
| 81 | 81 | ||
| 82 | #ifdef OPENSSL_FIPS | 82 | |
| 83 | void private_RC2_set_key(RC2_KEY *key, int len, const unsigned char *data, | ||
| 84 | int bits); | ||
| 85 | #endif | ||
| 86 | void RC2_set_key(RC2_KEY *key, int len, const unsigned char *data,int bits); | 83 | void RC2_set_key(RC2_KEY *key, int len, const unsigned char *data,int bits); |
| 87 | void RC2_ecb_encrypt(const unsigned char *in,unsigned char *out,RC2_KEY *key, | 84 | void RC2_ecb_encrypt(const unsigned char *in,unsigned char *out,RC2_KEY *key, |
| 88 | int enc); | 85 | int enc); |
diff --git a/src/lib/libssl/src/crypto/rc2/rc2_ecb.c b/src/lib/libssl/src/crypto/rc2/rc2_ecb.c index d3e8c2718a..fff86c7af8 100644 --- a/src/lib/libssl/src/crypto/rc2/rc2_ecb.c +++ b/src/lib/libssl/src/crypto/rc2/rc2_ecb.c | |||
| @@ -60,7 +60,7 @@ | |||
| 60 | #include "rc2_locl.h" | 60 | #include "rc2_locl.h" |
| 61 | #include <openssl/opensslv.h> | 61 | #include <openssl/opensslv.h> |
| 62 | 62 | ||
| 63 | const char *RC2_version="RC2" OPENSSL_VERSION_PTEXT; | 63 | const char RC2_version[]="RC2" OPENSSL_VERSION_PTEXT; |
| 64 | 64 | ||
| 65 | /* RC2 as implemented frm a posting from | 65 | /* RC2 as implemented frm a posting from |
| 66 | * Newsgroups: sci.crypt | 66 | * Newsgroups: sci.crypt |
diff --git a/src/lib/libssl/src/crypto/rc2/rc2_skey.c b/src/lib/libssl/src/crypto/rc2/rc2_skey.c index 9652865188..4953642056 100644 --- a/src/lib/libssl/src/crypto/rc2/rc2_skey.c +++ b/src/lib/libssl/src/crypto/rc2/rc2_skey.c | |||
| @@ -57,8 +57,6 @@ | |||
| 57 | */ | 57 | */ |
| 58 | 58 | ||
| 59 | #include <openssl/rc2.h> | 59 | #include <openssl/rc2.h> |
| 60 | #include <openssl/crypto.h> | ||
| 61 | #include <openssl/fips.h> | ||
| 62 | #include "rc2_locl.h" | 60 | #include "rc2_locl.h" |
| 63 | 61 | ||
| 64 | static unsigned char key_table[256]={ | 62 | static unsigned char key_table[256]={ |
| @@ -86,25 +84,17 @@ static unsigned char key_table[256]={ | |||
| 86 | 0xfe,0x7f,0xc1,0xad, | 84 | 0xfe,0x7f,0xc1,0xad, |
| 87 | }; | 85 | }; |
| 88 | 86 | ||
| 87 | #if defined(_MSC_VER) && defined(_ARM_) | ||
| 88 | #pragma optimize("g",off) | ||
| 89 | #endif | ||
| 90 | |||
| 89 | /* It has come to my attention that there are 2 versions of the RC2 | 91 | /* It has come to my attention that there are 2 versions of the RC2 |
| 90 | * key schedule. One which is normal, and anther which has a hook to | 92 | * key schedule. One which is normal, and anther which has a hook to |
| 91 | * use a reduced key length. | 93 | * use a reduced key length. |
| 92 | * BSAFE uses the 'retarded' version. What I previously shipped is | 94 | * BSAFE uses the 'retarded' version. What I previously shipped is |
| 93 | * the same as specifying 1024 for the 'bits' parameter. Bsafe uses | 95 | * the same as specifying 1024 for the 'bits' parameter. Bsafe uses |
| 94 | * a version where the bits parameter is the same as len*8 */ | 96 | * a version where the bits parameter is the same as len*8 */ |
| 95 | |||
| 96 | #ifdef OPENSSL_FIPS | ||
| 97 | void RC2_set_key(RC2_KEY *key, int len, const unsigned char *data, int bits) | ||
| 98 | { | ||
| 99 | if (FIPS_mode()) | ||
| 100 | FIPS_BAD_ABORT(RC2) | ||
| 101 | private_RC2_set_key(key, len, data, bits); | ||
| 102 | } | ||
| 103 | void private_RC2_set_key(RC2_KEY *key, int len, const unsigned char *data, | ||
| 104 | int bits) | ||
| 105 | #else | ||
| 106 | void RC2_set_key(RC2_KEY *key, int len, const unsigned char *data, int bits) | 97 | void RC2_set_key(RC2_KEY *key, int len, const unsigned char *data, int bits) |
| 107 | #endif | ||
| 108 | { | 98 | { |
| 109 | int i,j; | 99 | int i,j; |
| 110 | unsigned char *k; | 100 | unsigned char *k; |
| @@ -150,3 +140,6 @@ void RC2_set_key(RC2_KEY *key, int len, const unsigned char *data, int bits) | |||
| 150 | *(ki--)=((k[i]<<8)|k[i-1])&0xffff; | 140 | *(ki--)=((k[i]<<8)|k[i-1])&0xffff; |
| 151 | } | 141 | } |
| 152 | 142 | ||
| 143 | #if defined(_MSC_VER) | ||
| 144 | #pragma optimize("",on) | ||
| 145 | #endif | ||
diff --git a/src/lib/libssl/src/crypto/rc2/rc2speed.c b/src/lib/libssl/src/crypto/rc2/rc2speed.c index 4d0e1242ea..85cf6f65bf 100644 --- a/src/lib/libssl/src/crypto/rc2/rc2speed.c +++ b/src/lib/libssl/src/crypto/rc2/rc2speed.c | |||
| @@ -69,7 +69,10 @@ | |||
| 69 | #include OPENSSL_UNISTD_IO | 69 | #include OPENSSL_UNISTD_IO |
| 70 | OPENSSL_DECLARE_EXIT | 70 | OPENSSL_DECLARE_EXIT |
| 71 | 71 | ||
| 72 | #ifndef OPENSSL_SYS_NETWARE | ||
| 72 | #include <signal.h> | 73 | #include <signal.h> |
| 74 | #endif | ||
| 75 | |||
| 73 | #ifndef _IRIX | 76 | #ifndef _IRIX |
| 74 | #include <time.h> | 77 | #include <time.h> |
| 75 | #endif | 78 | #endif |
diff --git a/src/lib/libssl/src/crypto/rc2/rc2test.c b/src/lib/libssl/src/crypto/rc2/rc2test.c index b67bafb49f..0e117436bb 100644 --- a/src/lib/libssl/src/crypto/rc2/rc2test.c +++ b/src/lib/libssl/src/crypto/rc2/rc2test.c | |||
| @@ -205,6 +205,9 @@ int main(int argc, char *argv[]) | |||
| 205 | printf("ok\n"); | 205 | printf("ok\n"); |
| 206 | #endif | 206 | #endif |
| 207 | 207 | ||
| 208 | #ifdef OPENSSL_SYS_NETWARE | ||
| 209 | if (err) printf("ERROR: %d\n", err); | ||
| 210 | #endif | ||
| 208 | EXIT(err); | 211 | EXIT(err); |
| 209 | return(err); | 212 | return(err); |
| 210 | } | 213 | } |
diff --git a/src/lib/libssl/src/crypto/rc4/asm/rc4-586.pl b/src/lib/libssl/src/crypto/rc4/asm/rc4-586.pl index d6e98f0811..ef7eee766c 100644 --- a/src/lib/libssl/src/crypto/rc4/asm/rc4-586.pl +++ b/src/lib/libssl/src/crypto/rc4/asm/rc4-586.pl | |||
| @@ -200,22 +200,23 @@ sub RC4 | |||
| 200 | 200 | ||
| 201 | &lea ($ty,&DWP(0,$in,$ty)); | 201 | &lea ($ty,&DWP(0,$in,$ty)); |
| 202 | &mov (&swtmp(2),$ty); | 202 | &mov (&swtmp(2),$ty); |
| 203 | &movz ($tx,&BP(0,$d,$x)); | ||
| 203 | 204 | ||
| 204 | # strangely enough unrolled loop performs over 20% slower... | 205 | # strangely enough unrolled loop performs over 20% slower... |
| 205 | &set_label("RC4_CHAR_loop"); | 206 | &set_label("RC4_CHAR_loop"); |
| 206 | &movz ($tx,&BP(0,$d,$x)); | ||
| 207 | &add (&LB($y),&LB($tx)); | 207 | &add (&LB($y),&LB($tx)); |
| 208 | &movz ($ty,&BP(0,$d,$y)); | 208 | &movz ($ty,&BP(0,$d,$y)); |
| 209 | &movb (&BP(0,$d,$y),&LB($tx)); | 209 | &movb (&BP(0,$d,$y),&LB($tx)); |
| 210 | &movb (&BP(0,$d,$x),&LB($ty)); | 210 | &movb (&BP(0,$d,$x),&LB($ty)); |
| 211 | &add (&LB($ty),&LB($tx)); | 211 | &add (&LB($ty),&LB($tx)); |
| 212 | &movz ($ty,&BP(0,$d,$ty)); | 212 | &movz ($ty,&BP(0,$d,$ty)); |
| 213 | &add (&LB($x),1); | ||
| 213 | &xorb (&LB($ty),&BP(0,$in)); | 214 | &xorb (&LB($ty),&BP(0,$in)); |
| 214 | &movb (&BP(0,$out),&LB($ty)); | 215 | &lea ($in,&DWP(1,$in)); |
| 215 | &inc (&LB($x)); | 216 | &movz ($tx,&BP(0,$d,$x)); |
| 216 | &inc ($in); | ||
| 217 | &inc ($out); | ||
| 218 | &cmp ($in,&swtmp(2)); | 217 | &cmp ($in,&swtmp(2)); |
| 218 | &movb (&BP(0,$out),&LB($ty)); | ||
| 219 | &lea ($out,&DWP(1,$out)); | ||
| 219 | &jb (&label("RC4_CHAR_loop")); | 220 | &jb (&label("RC4_CHAR_loop")); |
| 220 | 221 | ||
| 221 | &set_label("finished"); | 222 | &set_label("finished"); |
diff --git a/src/lib/libssl/src/crypto/rc4/rc4.c b/src/lib/libssl/src/crypto/rc4/rc4.c index b39c070292..c900b26055 100644 --- a/src/lib/libssl/src/crypto/rc4/rc4.c +++ b/src/lib/libssl/src/crypto/rc4/rc4.c | |||
| @@ -60,6 +60,7 @@ | |||
| 60 | #include <stdlib.h> | 60 | #include <stdlib.h> |
| 61 | #include <string.h> | 61 | #include <string.h> |
| 62 | #include <openssl/rc4.h> | 62 | #include <openssl/rc4.h> |
| 63 | #include <openssl/evp.h> | ||
| 63 | 64 | ||
| 64 | char *usage[]={ | 65 | char *usage[]={ |
| 65 | "usage: rc4 args\n", | 66 | "usage: rc4 args\n", |
| @@ -162,7 +163,7 @@ bad: | |||
| 162 | keystr=buf; | 163 | keystr=buf; |
| 163 | } | 164 | } |
| 164 | 165 | ||
| 165 | EVP_Digest((unsigned char *)keystr,(unsigned long)strlen(keystr),md,NULL,EVP_md5()); | 166 | EVP_Digest((unsigned char *)keystr,strlen(keystr),md,NULL,EVP_md5(),NULL); |
| 166 | OPENSSL_cleanse(keystr,strlen(keystr)); | 167 | OPENSSL_cleanse(keystr,strlen(keystr)); |
| 167 | RC4_set_key(&key,MD5_DIGEST_LENGTH,md); | 168 | RC4_set_key(&key,MD5_DIGEST_LENGTH,md); |
| 168 | 169 | ||
diff --git a/src/lib/libssl/src/crypto/rc4/rc4.h b/src/lib/libssl/src/crypto/rc4/rc4.h index ae0cea75b8..7aec04fe93 100644 --- a/src/lib/libssl/src/crypto/rc4/rc4.h +++ b/src/lib/libssl/src/crypto/rc4/rc4.h | |||
| @@ -59,12 +59,11 @@ | |||
| 59 | #ifndef HEADER_RC4_H | 59 | #ifndef HEADER_RC4_H |
| 60 | #define HEADER_RC4_H | 60 | #define HEADER_RC4_H |
| 61 | 61 | ||
| 62 | #include <openssl/opensslconf.h> /* OPENSSL_NO_RC4, RC4_INT */ | ||
| 62 | #ifdef OPENSSL_NO_RC4 | 63 | #ifdef OPENSSL_NO_RC4 |
| 63 | #error RC4 is disabled. | 64 | #error RC4 is disabled. |
| 64 | #endif | 65 | #endif |
| 65 | 66 | ||
| 66 | #include <openssl/opensslconf.h> /* RC4_INT */ | ||
| 67 | |||
| 68 | #ifdef __cplusplus | 67 | #ifdef __cplusplus |
| 69 | extern "C" { | 68 | extern "C" { |
| 70 | #endif | 69 | #endif |
| @@ -77,9 +76,6 @@ typedef struct rc4_key_st | |||
| 77 | 76 | ||
| 78 | 77 | ||
| 79 | const char *RC4_options(void); | 78 | const char *RC4_options(void); |
| 80 | #ifdef OPENSSL_FIPS | ||
| 81 | void private_RC4_set_key(RC4_KEY *key, int len, const unsigned char *data); | ||
| 82 | #endif | ||
| 83 | void RC4_set_key(RC4_KEY *key, int len, const unsigned char *data); | 79 | void RC4_set_key(RC4_KEY *key, int len, const unsigned char *data); |
| 84 | void RC4(RC4_KEY *key, unsigned long len, const unsigned char *indata, | 80 | void RC4(RC4_KEY *key, unsigned long len, const unsigned char *indata, |
| 85 | unsigned char *outdata); | 81 | unsigned char *outdata); |
diff --git a/src/lib/libssl/src/crypto/rc4/rc4_enc.c b/src/lib/libssl/src/crypto/rc4/rc4_enc.c index d5f18a3a70..0660ea60a2 100644 --- a/src/lib/libssl/src/crypto/rc4/rc4_enc.c +++ b/src/lib/libssl/src/crypto/rc4/rc4_enc.c | |||
| @@ -157,7 +157,7 @@ void RC4(RC4_KEY *key, unsigned long len, const unsigned char *indata, | |||
| 157 | if (!is_endian.little) | 157 | if (!is_endian.little) |
| 158 | { /* BIG-ENDIAN CASE */ | 158 | { /* BIG-ENDIAN CASE */ |
| 159 | # define BESHFT(c) (((sizeof(RC4_CHUNK)-(c)-1)*8)&(sizeof(RC4_CHUNK)*8-1)) | 159 | # define BESHFT(c) (((sizeof(RC4_CHUNK)-(c)-1)*8)&(sizeof(RC4_CHUNK)*8-1)) |
| 160 | for (;len&-sizeof(RC4_CHUNK);len-=sizeof(RC4_CHUNK)) | 160 | for (;len&~(sizeof(RC4_CHUNK)-1);len-=sizeof(RC4_CHUNK)) |
| 161 | { | 161 | { |
| 162 | ichunk = *(RC4_CHUNK *)indata; | 162 | ichunk = *(RC4_CHUNK *)indata; |
| 163 | otp = RC4_STEP<<BESHFT(0); | 163 | otp = RC4_STEP<<BESHFT(0); |
| @@ -210,7 +210,7 @@ void RC4(RC4_KEY *key, unsigned long len, const unsigned char *indata, | |||
| 210 | else | 210 | else |
| 211 | { /* LITTLE-ENDIAN CASE */ | 211 | { /* LITTLE-ENDIAN CASE */ |
| 212 | # define LESHFT(c) (((c)*8)&(sizeof(RC4_CHUNK)*8-1)) | 212 | # define LESHFT(c) (((c)*8)&(sizeof(RC4_CHUNK)*8-1)) |
| 213 | for (;len&-sizeof(RC4_CHUNK);len-=sizeof(RC4_CHUNK)) | 213 | for (;len&~(sizeof(RC4_CHUNK)-1);len-=sizeof(RC4_CHUNK)) |
| 214 | { | 214 | { |
| 215 | ichunk = *(RC4_CHUNK *)indata; | 215 | ichunk = *(RC4_CHUNK *)indata; |
| 216 | otp = RC4_STEP; | 216 | otp = RC4_STEP; |
diff --git a/src/lib/libssl/src/crypto/rc4/rc4_skey.c b/src/lib/libssl/src/crypto/rc4/rc4_skey.c index 60510624fd..46b77ec321 100644 --- a/src/lib/libssl/src/crypto/rc4/rc4_skey.c +++ b/src/lib/libssl/src/crypto/rc4/rc4_skey.c | |||
| @@ -57,12 +57,10 @@ | |||
| 57 | */ | 57 | */ |
| 58 | 58 | ||
| 59 | #include <openssl/rc4.h> | 59 | #include <openssl/rc4.h> |
| 60 | #include <openssl/crypto.h> | ||
| 61 | #include <openssl/fips.h> | ||
| 62 | #include "rc4_locl.h" | 60 | #include "rc4_locl.h" |
| 63 | #include <openssl/opensslv.h> | 61 | #include <openssl/opensslv.h> |
| 64 | 62 | ||
| 65 | const char *RC4_version="RC4" OPENSSL_VERSION_PTEXT; | 63 | const char RC4_version[]="RC4" OPENSSL_VERSION_PTEXT; |
| 66 | 64 | ||
| 67 | const char *RC4_options(void) | 65 | const char *RC4_options(void) |
| 68 | { | 66 | { |
| @@ -87,7 +85,7 @@ const char *RC4_options(void) | |||
| 87 | * Date: Wed, 14 Sep 1994 06:35:31 GMT | 85 | * Date: Wed, 14 Sep 1994 06:35:31 GMT |
| 88 | */ | 86 | */ |
| 89 | 87 | ||
| 90 | FIPS_NON_FIPS_VCIPHER_Init(RC4) | 88 | void RC4_set_key(RC4_KEY *key, int len, const unsigned char *data) |
| 91 | { | 89 | { |
| 92 | register RC4_INT tmp; | 90 | register RC4_INT tmp; |
| 93 | register int id1,id2; | 91 | register int id1,id2; |
| @@ -95,26 +93,59 @@ FIPS_NON_FIPS_VCIPHER_Init(RC4) | |||
| 95 | unsigned int i; | 93 | unsigned int i; |
| 96 | 94 | ||
| 97 | d= &(key->data[0]); | 95 | d= &(key->data[0]); |
| 98 | |||
| 99 | for (i=0; i<256; i++) | ||
| 100 | d[i]=i; | ||
| 101 | key->x = 0; | 96 | key->x = 0; |
| 102 | key->y = 0; | 97 | key->y = 0; |
| 103 | id1=id2=0; | 98 | id1=id2=0; |
| 104 | 99 | ||
| 105 | #define SK_LOOP(n) { \ | 100 | #define SK_LOOP(d,n) { \ |
| 106 | tmp=d[(n)]; \ | 101 | tmp=d[(n)]; \ |
| 107 | id2 = (data[id1] + tmp + id2) & 0xff; \ | 102 | id2 = (data[id1] + tmp + id2) & 0xff; \ |
| 108 | if (++id1 == len) id1=0; \ | 103 | if (++id1 == len) id1=0; \ |
| 109 | d[(n)]=d[id2]; \ | 104 | d[(n)]=d[id2]; \ |
| 110 | d[id2]=tmp; } | 105 | d[id2]=tmp; } |
| 111 | 106 | ||
| 107 | #if defined(OPENSSL_CPUID_OBJ) && !defined(OPENSSL_NO_ASM) | ||
| 108 | # if defined(__i386) || defined(__i386__) || defined(_M_IX86) || \ | ||
| 109 | defined(__INTEL__) || \ | ||
| 110 | defined(__x86_64) || defined(__x86_64__) || defined(_M_AMD64) | ||
| 111 | if (sizeof(RC4_INT) > 1) { | ||
| 112 | /* | ||
| 113 | * Unlike all other x86 [and x86_64] implementations, | ||
| 114 | * Intel P4 core [including EM64T] was found to perform | ||
| 115 | * poorly with wider RC4_INT. Performance improvement | ||
| 116 | * for IA-32 hand-coded assembler turned out to be 2.8x | ||
| 117 | * if re-coded for RC4_CHAR! It's however inappropriate | ||
| 118 | * to just switch to RC4_CHAR for x86[_64], as non-P4 | ||
| 119 | * implementations suffer from significant performance | ||
| 120 | * losses then, e.g. PIII exhibits >2x deterioration, | ||
| 121 | * and so does Opteron. In order to assure optimal | ||
| 122 | * all-round performance, we detect P4 at run-time by | ||
| 123 | * checking upon reserved bit 20 in CPU capability | ||
| 124 | * vector and set up compressed key schedule, which is | ||
| 125 | * recognized by correspondingly updated assembler | ||
| 126 | * module... Bit 20 is set up by OPENSSL_ia32_cpuid. | ||
| 127 | * | ||
| 128 | * <appro@fy.chalmers.se> | ||
| 129 | */ | ||
| 130 | if (OPENSSL_ia32cap_P & (1<<20)) { | ||
| 131 | unsigned char *cp=(unsigned char *)d; | ||
| 132 | |||
| 133 | for (i=0;i<256;i++) cp[i]=i; | ||
| 134 | for (i=0;i<256;i++) SK_LOOP(cp,i); | ||
| 135 | /* mark schedule as compressed! */ | ||
| 136 | d[256/sizeof(RC4_INT)]=-1; | ||
| 137 | return; | ||
| 138 | } | ||
| 139 | } | ||
| 140 | # endif | ||
| 141 | #endif | ||
| 142 | for (i=0; i < 256; i++) d[i]=i; | ||
| 112 | for (i=0; i < 256; i+=4) | 143 | for (i=0; i < 256; i+=4) |
| 113 | { | 144 | { |
| 114 | SK_LOOP(i+0); | 145 | SK_LOOP(d,i+0); |
| 115 | SK_LOOP(i+1); | 146 | SK_LOOP(d,i+1); |
| 116 | SK_LOOP(i+2); | 147 | SK_LOOP(d,i+2); |
| 117 | SK_LOOP(i+3); | 148 | SK_LOOP(d,i+3); |
| 118 | } | 149 | } |
| 119 | } | 150 | } |
| 120 | 151 | ||
diff --git a/src/lib/libssl/src/crypto/rc4/rc4speed.c b/src/lib/libssl/src/crypto/rc4/rc4speed.c index ced98c52df..0ebd38123d 100644 --- a/src/lib/libssl/src/crypto/rc4/rc4speed.c +++ b/src/lib/libssl/src/crypto/rc4/rc4speed.c | |||
| @@ -69,7 +69,10 @@ | |||
| 69 | #include OPENSSL_UNISTD_IO | 69 | #include OPENSSL_UNISTD_IO |
| 70 | OPENSSL_DECLARE_EXIT | 70 | OPENSSL_DECLARE_EXIT |
| 71 | 71 | ||
| 72 | #ifndef OPENSSL_SYS_NETWARE | ||
| 72 | #include <signal.h> | 73 | #include <signal.h> |
| 74 | #endif | ||
| 75 | |||
| 73 | #ifndef _IRIX | 76 | #ifndef _IRIX |
| 74 | #include <time.h> | 77 | #include <time.h> |
| 75 | #endif | 78 | #endif |
diff --git a/src/lib/libssl/src/crypto/rc4/rc4test.c b/src/lib/libssl/src/crypto/rc4/rc4test.c index b9d8f20975..54b597fa26 100644 --- a/src/lib/libssl/src/crypto/rc4/rc4test.c +++ b/src/lib/libssl/src/crypto/rc4/rc4test.c | |||
| @@ -70,6 +70,7 @@ int main(int argc, char *argv[]) | |||
| 70 | } | 70 | } |
| 71 | #else | 71 | #else |
| 72 | #include <openssl/rc4.h> | 72 | #include <openssl/rc4.h> |
| 73 | #include <openssl/sha.h> | ||
| 73 | 74 | ||
| 74 | static unsigned char keys[7][30]={ | 75 | static unsigned char keys[7][30]={ |
| 75 | {8,0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef}, | 76 | {8,0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef}, |
| @@ -113,13 +114,11 @@ static unsigned char output[7][30]={ | |||
| 113 | 114 | ||
| 114 | int main(int argc, char *argv[]) | 115 | int main(int argc, char *argv[]) |
| 115 | { | 116 | { |
| 116 | int i,err=0; | 117 | int err=0; |
| 117 | int j; | 118 | unsigned int i, j; |
| 118 | unsigned char *p; | 119 | unsigned char *p; |
| 119 | RC4_KEY key; | 120 | RC4_KEY key; |
| 120 | unsigned char buf[512],obuf[512]; | 121 | unsigned char obuf[512]; |
| 121 | |||
| 122 | for (i=0; i<512; i++) buf[i]=0x01; | ||
| 123 | 122 | ||
| 124 | for (i=0; i<6; i++) | 123 | for (i=0; i<6; i++) |
| 125 | { | 124 | { |
| @@ -130,12 +129,12 @@ int main(int argc, char *argv[]) | |||
| 130 | { | 129 | { |
| 131 | printf("error calculating RC4\n"); | 130 | printf("error calculating RC4\n"); |
| 132 | printf("output:"); | 131 | printf("output:"); |
| 133 | for (j=0; j<data_len[i]+1; j++) | 132 | for (j=0; j<data_len[i]+1U; j++) |
| 134 | printf(" %02x",obuf[j]); | 133 | printf(" %02x",obuf[j]); |
| 135 | printf("\n"); | 134 | printf("\n"); |
| 136 | printf("expect:"); | 135 | printf("expect:"); |
| 137 | p= &(output[i][0]); | 136 | p= &(output[i][0]); |
| 138 | for (j=0; j<data_len[i]+1; j++) | 137 | for (j=0; j<data_len[i]+1U; j++) |
| 139 | printf(" %02x",*(p++)); | 138 | printf(" %02x",*(p++)); |
| 140 | printf("\n"); | 139 | printf("\n"); |
| 141 | err++; | 140 | err++; |
| @@ -181,12 +180,12 @@ int main(int argc, char *argv[]) | |||
| 181 | { | 180 | { |
| 182 | printf("error in RC4 multi-call processing\n"); | 181 | printf("error in RC4 multi-call processing\n"); |
| 183 | printf("output:"); | 182 | printf("output:"); |
| 184 | for (j=0; j<data_len[3]+1; j++) | 183 | for (j=0; j<data_len[3]+1U; j++) |
| 185 | printf(" %02x",obuf[j]); | 184 | printf(" %02x",obuf[j]); |
| 186 | printf("\n"); | 185 | printf("\n"); |
| 187 | printf("expect:"); | 186 | printf("expect:"); |
| 188 | p= &(output[3][0]); | 187 | p= &(output[3][0]); |
| 189 | for (j=0; j<data_len[3]+1; j++) | 188 | for (j=0; j<data_len[3]+1U; j++) |
| 190 | printf(" %02x",*(p++)); | 189 | printf(" %02x",*(p++)); |
| 191 | err++; | 190 | err++; |
| 192 | } | 191 | } |
| @@ -197,6 +196,40 @@ int main(int argc, char *argv[]) | |||
| 197 | } | 196 | } |
| 198 | } | 197 | } |
| 199 | printf("done\n"); | 198 | printf("done\n"); |
| 199 | printf("bulk test "); | ||
| 200 | { unsigned char buf[513]; | ||
| 201 | SHA_CTX c; | ||
| 202 | unsigned char md[SHA_DIGEST_LENGTH]; | ||
| 203 | static unsigned char expected[]={ | ||
| 204 | 0xa4,0x7b,0xcc,0x00,0x3d,0xd0,0xbd,0xe1,0xac,0x5f, | ||
| 205 | 0x12,0x1e,0x45,0xbc,0xfb,0x1a,0xa1,0xf2,0x7f,0xc5 }; | ||
| 206 | |||
| 207 | RC4_set_key(&key,keys[0][0],&(keys[3][1])); | ||
| 208 | memset(buf,'\0',sizeof(buf)); | ||
| 209 | SHA1_Init(&c); | ||
| 210 | for (i=0;i<2571;i++) { | ||
| 211 | RC4(&key,sizeof(buf),buf,buf); | ||
| 212 | SHA1_Update(&c,buf,sizeof(buf)); | ||
| 213 | } | ||
| 214 | SHA1_Final(md,&c); | ||
| 215 | |||
| 216 | if (memcmp(md,expected,sizeof(md))) { | ||
| 217 | printf("error in RC4 bulk test\n"); | ||
| 218 | printf("output:"); | ||
| 219 | for (j=0; j<sizeof(md); j++) | ||
| 220 | printf(" %02x",md[j]); | ||
| 221 | printf("\n"); | ||
| 222 | printf("expect:"); | ||
| 223 | for (j=0; j<sizeof(md); j++) | ||
| 224 | printf(" %02x",expected[j]); | ||
| 225 | printf("\n"); | ||
| 226 | err++; | ||
| 227 | } | ||
| 228 | else printf("ok\n"); | ||
| 229 | } | ||
| 230 | #ifdef OPENSSL_SYS_NETWARE | ||
| 231 | if (err) printf("ERROR: %d\n", err); | ||
| 232 | #endif | ||
| 200 | EXIT(err); | 233 | EXIT(err); |
| 201 | return(0); | 234 | return(0); |
| 202 | } | 235 | } |
diff --git a/src/lib/libssl/src/crypto/rc5/rc5.h b/src/lib/libssl/src/crypto/rc5/rc5.h index aa3f26920b..4b3c153b50 100644 --- a/src/lib/libssl/src/crypto/rc5/rc5.h +++ b/src/lib/libssl/src/crypto/rc5/rc5.h | |||
| @@ -59,6 +59,8 @@ | |||
| 59 | #ifndef HEADER_RC5_H | 59 | #ifndef HEADER_RC5_H |
| 60 | #define HEADER_RC5_H | 60 | #define HEADER_RC5_H |
| 61 | 61 | ||
| 62 | #include <openssl/opensslconf.h> /* OPENSSL_NO_RC5 */ | ||
| 63 | |||
| 62 | #ifdef __cplusplus | 64 | #ifdef __cplusplus |
| 63 | extern "C" { | 65 | extern "C" { |
| 64 | #endif | 66 | #endif |
| @@ -92,10 +94,7 @@ typedef struct rc5_key_st | |||
| 92 | RC5_32_INT data[2*(RC5_16_ROUNDS+1)]; | 94 | RC5_32_INT data[2*(RC5_16_ROUNDS+1)]; |
| 93 | } RC5_32_KEY; | 95 | } RC5_32_KEY; |
| 94 | 96 | ||
| 95 | #ifdef OPENSSL_FIPS | 97 | |
| 96 | void private_RC5_32_set_key(RC5_32_KEY *key, int len, const unsigned char *data, | ||
| 97 | int rounds); | ||
| 98 | #endif | ||
| 99 | void RC5_32_set_key(RC5_32_KEY *key, int len, const unsigned char *data, | 98 | void RC5_32_set_key(RC5_32_KEY *key, int len, const unsigned char *data, |
| 100 | int rounds); | 99 | int rounds); |
| 101 | void RC5_32_ecb_encrypt(const unsigned char *in,unsigned char *out,RC5_32_KEY *key, | 100 | void RC5_32_ecb_encrypt(const unsigned char *in,unsigned char *out,RC5_32_KEY *key, |
diff --git a/src/lib/libssl/src/crypto/ripemd/asm/rmd-586.pl b/src/lib/libssl/src/crypto/ripemd/asm/rmd-586.pl index 0ab6f76bff..4f3c4c967f 100644 --- a/src/lib/libssl/src/crypto/ripemd/asm/rmd-586.pl +++ b/src/lib/libssl/src/crypto/ripemd/asm/rmd-586.pl | |||
| @@ -1,7 +1,7 @@ | |||
| 1 | #!/usr/local/bin/perl | 1 | #!/usr/local/bin/perl |
| 2 | 2 | ||
| 3 | # Normal is the | 3 | # Normal is the |
| 4 | # ripemd160_block_asm_host_order(RIPEMD160_CTX *c, ULONG *X,int blocks); | 4 | # ripemd160_block_asm_data_order(RIPEMD160_CTX *c, ULONG *X,int blocks); |
| 5 | 5 | ||
| 6 | $normal=0; | 6 | $normal=0; |
| 7 | 7 | ||
| @@ -56,7 +56,7 @@ $KR3=0x7A6D76E9; | |||
| 56 | 8, 5,12, 9,12, 5,14, 6, 8,13, 6, 5,15,13,11,11, | 56 | 8, 5,12, 9,12, 5,14, 6, 8,13, 6, 5,15,13,11,11, |
| 57 | ); | 57 | ); |
| 58 | 58 | ||
| 59 | &ripemd160_block("ripemd160_block_asm_host_order"); | 59 | &ripemd160_block("ripemd160_block_asm_data_order"); |
| 60 | &asm_finish(); | 60 | &asm_finish(); |
| 61 | 61 | ||
| 62 | sub Xv | 62 | sub Xv |
diff --git a/src/lib/libssl/src/crypto/ripemd/ripemd.h b/src/lib/libssl/src/crypto/ripemd/ripemd.h index 7d0d998189..033a5965b5 100644 --- a/src/lib/libssl/src/crypto/ripemd/ripemd.h +++ b/src/lib/libssl/src/crypto/ripemd/ripemd.h | |||
| @@ -60,6 +60,7 @@ | |||
| 60 | #define HEADER_RIPEMD_H | 60 | #define HEADER_RIPEMD_H |
| 61 | 61 | ||
| 62 | #include <openssl/e_os2.h> | 62 | #include <openssl/e_os2.h> |
| 63 | #include <stddef.h> | ||
| 63 | 64 | ||
| 64 | #ifdef __cplusplus | 65 | #ifdef __cplusplus |
| 65 | extern "C" { | 66 | extern "C" { |
| @@ -87,16 +88,13 @@ typedef struct RIPEMD160state_st | |||
| 87 | RIPEMD160_LONG A,B,C,D,E; | 88 | RIPEMD160_LONG A,B,C,D,E; |
| 88 | RIPEMD160_LONG Nl,Nh; | 89 | RIPEMD160_LONG Nl,Nh; |
| 89 | RIPEMD160_LONG data[RIPEMD160_LBLOCK]; | 90 | RIPEMD160_LONG data[RIPEMD160_LBLOCK]; |
| 90 | int num; | 91 | unsigned int num; |
| 91 | } RIPEMD160_CTX; | 92 | } RIPEMD160_CTX; |
| 92 | 93 | ||
| 93 | #ifdef OPENSSL_FIPS | ||
| 94 | int private_RIPEMD160_Init(RIPEMD160_CTX *c); | ||
| 95 | #endif | ||
| 96 | int RIPEMD160_Init(RIPEMD160_CTX *c); | 94 | int RIPEMD160_Init(RIPEMD160_CTX *c); |
| 97 | int RIPEMD160_Update(RIPEMD160_CTX *c, const void *data, unsigned long len); | 95 | int RIPEMD160_Update(RIPEMD160_CTX *c, const void *data, size_t len); |
| 98 | int RIPEMD160_Final(unsigned char *md, RIPEMD160_CTX *c); | 96 | int RIPEMD160_Final(unsigned char *md, RIPEMD160_CTX *c); |
| 99 | unsigned char *RIPEMD160(const unsigned char *d, unsigned long n, | 97 | unsigned char *RIPEMD160(const unsigned char *d, size_t n, |
| 100 | unsigned char *md); | 98 | unsigned char *md); |
| 101 | void RIPEMD160_Transform(RIPEMD160_CTX *c, const unsigned char *b); | 99 | void RIPEMD160_Transform(RIPEMD160_CTX *c, const unsigned char *b); |
| 102 | #ifdef __cplusplus | 100 | #ifdef __cplusplus |
diff --git a/src/lib/libssl/src/crypto/ripemd/rmd_dgst.c b/src/lib/libssl/src/crypto/ripemd/rmd_dgst.c index 58ff010d11..1f2401aa7e 100644 --- a/src/lib/libssl/src/crypto/ripemd/rmd_dgst.c +++ b/src/lib/libssl/src/crypto/ripemd/rmd_dgst.c | |||
| @@ -58,19 +58,18 @@ | |||
| 58 | 58 | ||
| 59 | #include <stdio.h> | 59 | #include <stdio.h> |
| 60 | #include "rmd_locl.h" | 60 | #include "rmd_locl.h" |
| 61 | #include <openssl/fips.h> | ||
| 62 | #include <openssl/opensslv.h> | 61 | #include <openssl/opensslv.h> |
| 63 | 62 | ||
| 64 | const char *RMD160_version="RIPE-MD160" OPENSSL_VERSION_PTEXT; | 63 | const char RMD160_version[]="RIPE-MD160" OPENSSL_VERSION_PTEXT; |
| 65 | 64 | ||
| 66 | # ifdef RMD160_ASM | 65 | # ifdef RMD160_ASM |
| 67 | void ripemd160_block_x86(RIPEMD160_CTX *c, unsigned long *p,int num); | 66 | void ripemd160_block_x86(RIPEMD160_CTX *c, unsigned long *p,size_t num); |
| 68 | # define ripemd160_block ripemd160_block_x86 | 67 | # define ripemd160_block ripemd160_block_x86 |
| 69 | # else | 68 | # else |
| 70 | void ripemd160_block(RIPEMD160_CTX *c, unsigned long *p,int num); | 69 | void ripemd160_block(RIPEMD160_CTX *c, unsigned long *p,size_t num); |
| 71 | # endif | 70 | # endif |
| 72 | 71 | ||
| 73 | FIPS_NON_FIPS_MD_Init(RIPEMD160) | 72 | int RIPEMD160_Init(RIPEMD160_CTX *c) |
| 74 | { | 73 | { |
| 75 | c->A=RIPEMD160_A; | 74 | c->A=RIPEMD160_A; |
| 76 | c->B=RIPEMD160_B; | 75 | c->B=RIPEMD160_B; |
| @@ -83,212 +82,11 @@ FIPS_NON_FIPS_MD_Init(RIPEMD160) | |||
| 83 | return 1; | 82 | return 1; |
| 84 | } | 83 | } |
| 85 | 84 | ||
| 86 | #ifndef ripemd160_block_host_order | ||
| 87 | #ifdef X | ||
| 88 | #undef X | ||
| 89 | #endif | ||
| 90 | #define X(i) XX[i] | ||
| 91 | void ripemd160_block_host_order (RIPEMD160_CTX *ctx, const void *p, int num) | ||
| 92 | { | ||
| 93 | const RIPEMD160_LONG *XX=p; | ||
| 94 | register volatile unsigned MD32_REG_T A,B,C,D,E; | ||
| 95 | register unsigned MD32_REG_T a,b,c,d,e; | ||
| 96 | |||
| 97 | for (;num--;XX+=HASH_LBLOCK) | ||
| 98 | { | ||
| 99 | |||
| 100 | A=ctx->A; B=ctx->B; C=ctx->C; D=ctx->D; E=ctx->E; | ||
| 101 | |||
| 102 | RIP1(A,B,C,D,E,WL00,SL00); | ||
| 103 | RIP1(E,A,B,C,D,WL01,SL01); | ||
| 104 | RIP1(D,E,A,B,C,WL02,SL02); | ||
| 105 | RIP1(C,D,E,A,B,WL03,SL03); | ||
| 106 | RIP1(B,C,D,E,A,WL04,SL04); | ||
| 107 | RIP1(A,B,C,D,E,WL05,SL05); | ||
| 108 | RIP1(E,A,B,C,D,WL06,SL06); | ||
| 109 | RIP1(D,E,A,B,C,WL07,SL07); | ||
| 110 | RIP1(C,D,E,A,B,WL08,SL08); | ||
| 111 | RIP1(B,C,D,E,A,WL09,SL09); | ||
| 112 | RIP1(A,B,C,D,E,WL10,SL10); | ||
| 113 | RIP1(E,A,B,C,D,WL11,SL11); | ||
| 114 | RIP1(D,E,A,B,C,WL12,SL12); | ||
| 115 | RIP1(C,D,E,A,B,WL13,SL13); | ||
| 116 | RIP1(B,C,D,E,A,WL14,SL14); | ||
| 117 | RIP1(A,B,C,D,E,WL15,SL15); | ||
| 118 | |||
| 119 | RIP2(E,A,B,C,D,WL16,SL16,KL1); | ||
| 120 | RIP2(D,E,A,B,C,WL17,SL17,KL1); | ||
| 121 | RIP2(C,D,E,A,B,WL18,SL18,KL1); | ||
| 122 | RIP2(B,C,D,E,A,WL19,SL19,KL1); | ||
| 123 | RIP2(A,B,C,D,E,WL20,SL20,KL1); | ||
| 124 | RIP2(E,A,B,C,D,WL21,SL21,KL1); | ||
| 125 | RIP2(D,E,A,B,C,WL22,SL22,KL1); | ||
| 126 | RIP2(C,D,E,A,B,WL23,SL23,KL1); | ||
| 127 | RIP2(B,C,D,E,A,WL24,SL24,KL1); | ||
| 128 | RIP2(A,B,C,D,E,WL25,SL25,KL1); | ||
| 129 | RIP2(E,A,B,C,D,WL26,SL26,KL1); | ||
| 130 | RIP2(D,E,A,B,C,WL27,SL27,KL1); | ||
| 131 | RIP2(C,D,E,A,B,WL28,SL28,KL1); | ||
| 132 | RIP2(B,C,D,E,A,WL29,SL29,KL1); | ||
| 133 | RIP2(A,B,C,D,E,WL30,SL30,KL1); | ||
| 134 | RIP2(E,A,B,C,D,WL31,SL31,KL1); | ||
| 135 | |||
| 136 | RIP3(D,E,A,B,C,WL32,SL32,KL2); | ||
| 137 | RIP3(C,D,E,A,B,WL33,SL33,KL2); | ||
| 138 | RIP3(B,C,D,E,A,WL34,SL34,KL2); | ||
| 139 | RIP3(A,B,C,D,E,WL35,SL35,KL2); | ||
| 140 | RIP3(E,A,B,C,D,WL36,SL36,KL2); | ||
| 141 | RIP3(D,E,A,B,C,WL37,SL37,KL2); | ||
| 142 | RIP3(C,D,E,A,B,WL38,SL38,KL2); | ||
| 143 | RIP3(B,C,D,E,A,WL39,SL39,KL2); | ||
| 144 | RIP3(A,B,C,D,E,WL40,SL40,KL2); | ||
| 145 | RIP3(E,A,B,C,D,WL41,SL41,KL2); | ||
| 146 | RIP3(D,E,A,B,C,WL42,SL42,KL2); | ||
| 147 | RIP3(C,D,E,A,B,WL43,SL43,KL2); | ||
| 148 | RIP3(B,C,D,E,A,WL44,SL44,KL2); | ||
| 149 | RIP3(A,B,C,D,E,WL45,SL45,KL2); | ||
| 150 | RIP3(E,A,B,C,D,WL46,SL46,KL2); | ||
| 151 | RIP3(D,E,A,B,C,WL47,SL47,KL2); | ||
| 152 | |||
| 153 | RIP4(C,D,E,A,B,WL48,SL48,KL3); | ||
| 154 | RIP4(B,C,D,E,A,WL49,SL49,KL3); | ||
| 155 | RIP4(A,B,C,D,E,WL50,SL50,KL3); | ||
| 156 | RIP4(E,A,B,C,D,WL51,SL51,KL3); | ||
| 157 | RIP4(D,E,A,B,C,WL52,SL52,KL3); | ||
| 158 | RIP4(C,D,E,A,B,WL53,SL53,KL3); | ||
| 159 | RIP4(B,C,D,E,A,WL54,SL54,KL3); | ||
| 160 | RIP4(A,B,C,D,E,WL55,SL55,KL3); | ||
| 161 | RIP4(E,A,B,C,D,WL56,SL56,KL3); | ||
| 162 | RIP4(D,E,A,B,C,WL57,SL57,KL3); | ||
| 163 | RIP4(C,D,E,A,B,WL58,SL58,KL3); | ||
| 164 | RIP4(B,C,D,E,A,WL59,SL59,KL3); | ||
| 165 | RIP4(A,B,C,D,E,WL60,SL60,KL3); | ||
| 166 | RIP4(E,A,B,C,D,WL61,SL61,KL3); | ||
| 167 | RIP4(D,E,A,B,C,WL62,SL62,KL3); | ||
| 168 | RIP4(C,D,E,A,B,WL63,SL63,KL3); | ||
| 169 | |||
| 170 | RIP5(B,C,D,E,A,WL64,SL64,KL4); | ||
| 171 | RIP5(A,B,C,D,E,WL65,SL65,KL4); | ||
| 172 | RIP5(E,A,B,C,D,WL66,SL66,KL4); | ||
| 173 | RIP5(D,E,A,B,C,WL67,SL67,KL4); | ||
| 174 | RIP5(C,D,E,A,B,WL68,SL68,KL4); | ||
| 175 | RIP5(B,C,D,E,A,WL69,SL69,KL4); | ||
| 176 | RIP5(A,B,C,D,E,WL70,SL70,KL4); | ||
| 177 | RIP5(E,A,B,C,D,WL71,SL71,KL4); | ||
| 178 | RIP5(D,E,A,B,C,WL72,SL72,KL4); | ||
| 179 | RIP5(C,D,E,A,B,WL73,SL73,KL4); | ||
| 180 | RIP5(B,C,D,E,A,WL74,SL74,KL4); | ||
| 181 | RIP5(A,B,C,D,E,WL75,SL75,KL4); | ||
| 182 | RIP5(E,A,B,C,D,WL76,SL76,KL4); | ||
| 183 | RIP5(D,E,A,B,C,WL77,SL77,KL4); | ||
| 184 | RIP5(C,D,E,A,B,WL78,SL78,KL4); | ||
| 185 | RIP5(B,C,D,E,A,WL79,SL79,KL4); | ||
| 186 | |||
| 187 | a=A; b=B; c=C; d=D; e=E; | ||
| 188 | /* Do other half */ | ||
| 189 | A=ctx->A; B=ctx->B; C=ctx->C; D=ctx->D; E=ctx->E; | ||
| 190 | |||
| 191 | RIP5(A,B,C,D,E,WR00,SR00,KR0); | ||
| 192 | RIP5(E,A,B,C,D,WR01,SR01,KR0); | ||
| 193 | RIP5(D,E,A,B,C,WR02,SR02,KR0); | ||
| 194 | RIP5(C,D,E,A,B,WR03,SR03,KR0); | ||
| 195 | RIP5(B,C,D,E,A,WR04,SR04,KR0); | ||
| 196 | RIP5(A,B,C,D,E,WR05,SR05,KR0); | ||
| 197 | RIP5(E,A,B,C,D,WR06,SR06,KR0); | ||
| 198 | RIP5(D,E,A,B,C,WR07,SR07,KR0); | ||
| 199 | RIP5(C,D,E,A,B,WR08,SR08,KR0); | ||
| 200 | RIP5(B,C,D,E,A,WR09,SR09,KR0); | ||
| 201 | RIP5(A,B,C,D,E,WR10,SR10,KR0); | ||
| 202 | RIP5(E,A,B,C,D,WR11,SR11,KR0); | ||
| 203 | RIP5(D,E,A,B,C,WR12,SR12,KR0); | ||
| 204 | RIP5(C,D,E,A,B,WR13,SR13,KR0); | ||
| 205 | RIP5(B,C,D,E,A,WR14,SR14,KR0); | ||
| 206 | RIP5(A,B,C,D,E,WR15,SR15,KR0); | ||
| 207 | |||
| 208 | RIP4(E,A,B,C,D,WR16,SR16,KR1); | ||
| 209 | RIP4(D,E,A,B,C,WR17,SR17,KR1); | ||
| 210 | RIP4(C,D,E,A,B,WR18,SR18,KR1); | ||
| 211 | RIP4(B,C,D,E,A,WR19,SR19,KR1); | ||
| 212 | RIP4(A,B,C,D,E,WR20,SR20,KR1); | ||
| 213 | RIP4(E,A,B,C,D,WR21,SR21,KR1); | ||
| 214 | RIP4(D,E,A,B,C,WR22,SR22,KR1); | ||
| 215 | RIP4(C,D,E,A,B,WR23,SR23,KR1); | ||
| 216 | RIP4(B,C,D,E,A,WR24,SR24,KR1); | ||
| 217 | RIP4(A,B,C,D,E,WR25,SR25,KR1); | ||
| 218 | RIP4(E,A,B,C,D,WR26,SR26,KR1); | ||
| 219 | RIP4(D,E,A,B,C,WR27,SR27,KR1); | ||
| 220 | RIP4(C,D,E,A,B,WR28,SR28,KR1); | ||
| 221 | RIP4(B,C,D,E,A,WR29,SR29,KR1); | ||
| 222 | RIP4(A,B,C,D,E,WR30,SR30,KR1); | ||
| 223 | RIP4(E,A,B,C,D,WR31,SR31,KR1); | ||
| 224 | |||
| 225 | RIP3(D,E,A,B,C,WR32,SR32,KR2); | ||
| 226 | RIP3(C,D,E,A,B,WR33,SR33,KR2); | ||
| 227 | RIP3(B,C,D,E,A,WR34,SR34,KR2); | ||
| 228 | RIP3(A,B,C,D,E,WR35,SR35,KR2); | ||
| 229 | RIP3(E,A,B,C,D,WR36,SR36,KR2); | ||
| 230 | RIP3(D,E,A,B,C,WR37,SR37,KR2); | ||
| 231 | RIP3(C,D,E,A,B,WR38,SR38,KR2); | ||
| 232 | RIP3(B,C,D,E,A,WR39,SR39,KR2); | ||
| 233 | RIP3(A,B,C,D,E,WR40,SR40,KR2); | ||
| 234 | RIP3(E,A,B,C,D,WR41,SR41,KR2); | ||
| 235 | RIP3(D,E,A,B,C,WR42,SR42,KR2); | ||
| 236 | RIP3(C,D,E,A,B,WR43,SR43,KR2); | ||
| 237 | RIP3(B,C,D,E,A,WR44,SR44,KR2); | ||
| 238 | RIP3(A,B,C,D,E,WR45,SR45,KR2); | ||
| 239 | RIP3(E,A,B,C,D,WR46,SR46,KR2); | ||
| 240 | RIP3(D,E,A,B,C,WR47,SR47,KR2); | ||
| 241 | |||
| 242 | RIP2(C,D,E,A,B,WR48,SR48,KR3); | ||
| 243 | RIP2(B,C,D,E,A,WR49,SR49,KR3); | ||
| 244 | RIP2(A,B,C,D,E,WR50,SR50,KR3); | ||
| 245 | RIP2(E,A,B,C,D,WR51,SR51,KR3); | ||
| 246 | RIP2(D,E,A,B,C,WR52,SR52,KR3); | ||
| 247 | RIP2(C,D,E,A,B,WR53,SR53,KR3); | ||
| 248 | RIP2(B,C,D,E,A,WR54,SR54,KR3); | ||
| 249 | RIP2(A,B,C,D,E,WR55,SR55,KR3); | ||
| 250 | RIP2(E,A,B,C,D,WR56,SR56,KR3); | ||
| 251 | RIP2(D,E,A,B,C,WR57,SR57,KR3); | ||
| 252 | RIP2(C,D,E,A,B,WR58,SR58,KR3); | ||
| 253 | RIP2(B,C,D,E,A,WR59,SR59,KR3); | ||
| 254 | RIP2(A,B,C,D,E,WR60,SR60,KR3); | ||
| 255 | RIP2(E,A,B,C,D,WR61,SR61,KR3); | ||
| 256 | RIP2(D,E,A,B,C,WR62,SR62,KR3); | ||
| 257 | RIP2(C,D,E,A,B,WR63,SR63,KR3); | ||
| 258 | |||
| 259 | RIP1(B,C,D,E,A,WR64,SR64); | ||
| 260 | RIP1(A,B,C,D,E,WR65,SR65); | ||
| 261 | RIP1(E,A,B,C,D,WR66,SR66); | ||
| 262 | RIP1(D,E,A,B,C,WR67,SR67); | ||
| 263 | RIP1(C,D,E,A,B,WR68,SR68); | ||
| 264 | RIP1(B,C,D,E,A,WR69,SR69); | ||
| 265 | RIP1(A,B,C,D,E,WR70,SR70); | ||
| 266 | RIP1(E,A,B,C,D,WR71,SR71); | ||
| 267 | RIP1(D,E,A,B,C,WR72,SR72); | ||
| 268 | RIP1(C,D,E,A,B,WR73,SR73); | ||
| 269 | RIP1(B,C,D,E,A,WR74,SR74); | ||
| 270 | RIP1(A,B,C,D,E,WR75,SR75); | ||
| 271 | RIP1(E,A,B,C,D,WR76,SR76); | ||
| 272 | RIP1(D,E,A,B,C,WR77,SR77); | ||
| 273 | RIP1(C,D,E,A,B,WR78,SR78); | ||
| 274 | RIP1(B,C,D,E,A,WR79,SR79); | ||
| 275 | |||
| 276 | D =ctx->B+c+D; | ||
| 277 | ctx->B=ctx->C+d+E; | ||
| 278 | ctx->C=ctx->D+e+A; | ||
| 279 | ctx->D=ctx->E+a+B; | ||
| 280 | ctx->E=ctx->A+b+C; | ||
| 281 | ctx->A=D; | ||
| 282 | |||
| 283 | } | ||
| 284 | } | ||
| 285 | #endif | ||
| 286 | |||
| 287 | #ifndef ripemd160_block_data_order | 85 | #ifndef ripemd160_block_data_order |
| 288 | #ifdef X | 86 | #ifdef X |
| 289 | #undef X | 87 | #undef X |
| 290 | #endif | 88 | #endif |
| 291 | void ripemd160_block_data_order (RIPEMD160_CTX *ctx, const void *p, int num) | 89 | void ripemd160_block_data_order (RIPEMD160_CTX *ctx, const void *p, size_t num) |
| 292 | { | 90 | { |
| 293 | const unsigned char *data=p; | 91 | const unsigned char *data=p; |
| 294 | register volatile unsigned MD32_REG_T A,B,C,D,E; | 92 | register volatile unsigned MD32_REG_T A,B,C,D,E; |
diff --git a/src/lib/libssl/src/crypto/ripemd/rmd_locl.h b/src/lib/libssl/src/crypto/ripemd/rmd_locl.h index 7b835dfbd4..f14b346e66 100644 --- a/src/lib/libssl/src/crypto/ripemd/rmd_locl.h +++ b/src/lib/libssl/src/crypto/ripemd/rmd_locl.h | |||
| @@ -72,28 +72,20 @@ | |||
| 72 | */ | 72 | */ |
| 73 | #ifdef RMD160_ASM | 73 | #ifdef RMD160_ASM |
| 74 | # if defined(__i386) || defined(__i386__) || defined(_M_IX86) || defined(__INTEL__) | 74 | # if defined(__i386) || defined(__i386__) || defined(_M_IX86) || defined(__INTEL__) |
| 75 | # define ripemd160_block_host_order ripemd160_block_asm_host_order | 75 | # define ripemd160_block_data_order ripemd160_block_asm_data_order |
| 76 | # endif | 76 | # endif |
| 77 | #endif | 77 | #endif |
| 78 | 78 | ||
| 79 | void ripemd160_block_host_order (RIPEMD160_CTX *c, const void *p,int num); | 79 | void ripemd160_block_data_order (RIPEMD160_CTX *c, const void *p,size_t num); |
| 80 | void ripemd160_block_data_order (RIPEMD160_CTX *c, const void *p,int num); | ||
| 81 | |||
| 82 | #if defined(__i386) || defined(__i386__) || defined(_M_IX86) || defined(__INTEL__) | ||
| 83 | #define ripemd160_block_data_order ripemd160_block_host_order | ||
| 84 | #endif | ||
| 85 | 80 | ||
| 86 | #define DATA_ORDER_IS_LITTLE_ENDIAN | 81 | #define DATA_ORDER_IS_LITTLE_ENDIAN |
| 87 | 82 | ||
| 88 | #define HASH_LONG RIPEMD160_LONG | 83 | #define HASH_LONG RIPEMD160_LONG |
| 89 | #define HASH_LONG_LOG2 RIPEMD160_LONG_LOG2 | ||
| 90 | #define HASH_CTX RIPEMD160_CTX | 84 | #define HASH_CTX RIPEMD160_CTX |
| 91 | #define HASH_CBLOCK RIPEMD160_CBLOCK | 85 | #define HASH_CBLOCK RIPEMD160_CBLOCK |
| 92 | #define HASH_LBLOCK RIPEMD160_LBLOCK | ||
| 93 | #define HASH_UPDATE RIPEMD160_Update | 86 | #define HASH_UPDATE RIPEMD160_Update |
| 94 | #define HASH_TRANSFORM RIPEMD160_Transform | 87 | #define HASH_TRANSFORM RIPEMD160_Transform |
| 95 | #define HASH_FINAL RIPEMD160_Final | 88 | #define HASH_FINAL RIPEMD160_Final |
| 96 | #define HASH_BLOCK_HOST_ORDER ripemd160_block_host_order | ||
| 97 | #define HASH_MAKE_STRING(c,s) do { \ | 89 | #define HASH_MAKE_STRING(c,s) do { \ |
| 98 | unsigned long ll; \ | 90 | unsigned long ll; \ |
| 99 | ll=(c)->A; HOST_l2c(ll,(s)); \ | 91 | ll=(c)->A; HOST_l2c(ll,(s)); \ |
| @@ -102,9 +94,7 @@ void ripemd160_block_data_order (RIPEMD160_CTX *c, const void *p,int num); | |||
| 102 | ll=(c)->D; HOST_l2c(ll,(s)); \ | 94 | ll=(c)->D; HOST_l2c(ll,(s)); \ |
| 103 | ll=(c)->E; HOST_l2c(ll,(s)); \ | 95 | ll=(c)->E; HOST_l2c(ll,(s)); \ |
| 104 | } while (0) | 96 | } while (0) |
| 105 | #if !defined(L_ENDIAN) || defined(ripemd160_block_data_order) | ||
| 106 | #define HASH_BLOCK_DATA_ORDER ripemd160_block_data_order | 97 | #define HASH_BLOCK_DATA_ORDER ripemd160_block_data_order |
| 107 | #endif | ||
| 108 | 98 | ||
| 109 | #include "md32_common.h" | 99 | #include "md32_common.h" |
| 110 | 100 | ||
diff --git a/src/lib/libssl/src/crypto/ripemd/rmd_one.c b/src/lib/libssl/src/crypto/ripemd/rmd_one.c index b88446b267..3efb13758f 100644 --- a/src/lib/libssl/src/crypto/ripemd/rmd_one.c +++ b/src/lib/libssl/src/crypto/ripemd/rmd_one.c | |||
| @@ -61,7 +61,7 @@ | |||
| 61 | #include <openssl/ripemd.h> | 61 | #include <openssl/ripemd.h> |
| 62 | #include <openssl/crypto.h> | 62 | #include <openssl/crypto.h> |
| 63 | 63 | ||
| 64 | unsigned char *RIPEMD160(const unsigned char *d, unsigned long n, | 64 | unsigned char *RIPEMD160(const unsigned char *d, size_t n, |
| 65 | unsigned char *md) | 65 | unsigned char *md) |
| 66 | { | 66 | { |
| 67 | RIPEMD160_CTX c; | 67 | RIPEMD160_CTX c; |
diff --git a/src/lib/libssl/src/crypto/ripemd/rmdtest.c b/src/lib/libssl/src/crypto/ripemd/rmdtest.c index d4c709e646..fb34e0e836 100644 --- a/src/lib/libssl/src/crypto/ripemd/rmdtest.c +++ b/src/lib/libssl/src/crypto/ripemd/rmdtest.c | |||
| @@ -103,19 +103,19 @@ static char *pt(unsigned char *md); | |||
| 103 | int main(int argc, char *argv[]) | 103 | int main(int argc, char *argv[]) |
| 104 | { | 104 | { |
| 105 | int i,err=0; | 105 | int i,err=0; |
| 106 | unsigned char **P,**R; | 106 | char **P,**R; |
| 107 | char *p; | 107 | char *p; |
| 108 | unsigned char md[RIPEMD160_DIGEST_LENGTH]; | 108 | unsigned char md[RIPEMD160_DIGEST_LENGTH]; |
| 109 | 109 | ||
| 110 | P=(unsigned char **)test; | 110 | P=test; |
| 111 | R=(unsigned char **)ret; | 111 | R=ret; |
| 112 | i=1; | 112 | i=1; |
| 113 | while (*P != NULL) | 113 | while (*P != NULL) |
| 114 | { | 114 | { |
| 115 | #ifdef CHARSET_EBCDIC | 115 | #ifdef CHARSET_EBCDIC |
| 116 | ebcdic2ascii((char *)*P, (char *)*P, strlen((char *)*P)); | 116 | ebcdic2ascii((char *)*P, (char *)*P, strlen((char *)*P)); |
| 117 | #endif | 117 | #endif |
| 118 | EVP_Digest(&(P[0][0]),(unsigned long)strlen((char *)*P),md,NULL,EVP_ripemd160(), NULL); | 118 | EVP_Digest(&(P[0][0]),strlen((char *)*P),md,NULL,EVP_ripemd160(), NULL); |
| 119 | p=pt(md); | 119 | p=pt(md); |
| 120 | if (strcmp(p,(char *)*R) != 0) | 120 | if (strcmp(p,(char *)*R) != 0) |
| 121 | { | 121 | { |
diff --git a/src/lib/libssl/src/crypto/rsa/rsa.h b/src/lib/libssl/src/crypto/rsa/rsa.h index dbed701e89..6b5e4f8a9a 100644 --- a/src/lib/libssl/src/crypto/rsa/rsa.h +++ b/src/lib/libssl/src/crypto/rsa/rsa.h | |||
| @@ -64,25 +64,25 @@ | |||
| 64 | #ifndef OPENSSL_NO_BIO | 64 | #ifndef OPENSSL_NO_BIO |
| 65 | #include <openssl/bio.h> | 65 | #include <openssl/bio.h> |
| 66 | #endif | 66 | #endif |
| 67 | #include <openssl/bn.h> | ||
| 68 | #include <openssl/crypto.h> | 67 | #include <openssl/crypto.h> |
| 69 | #include <openssl/ossl_typ.h> | 68 | #include <openssl/ossl_typ.h> |
| 69 | #ifndef OPENSSL_NO_DEPRECATED | ||
| 70 | #include <openssl/bn.h> | ||
| 71 | #endif | ||
| 70 | 72 | ||
| 71 | #ifdef OPENSSL_NO_RSA | 73 | #ifdef OPENSSL_NO_RSA |
| 72 | #error RSA is disabled. | 74 | #error RSA is disabled. |
| 73 | #endif | 75 | #endif |
| 74 | 76 | ||
| 75 | #if defined(OPENSSL_FIPS) | ||
| 76 | #define FIPS_RSA_SIZE_T int | ||
| 77 | #endif | ||
| 78 | |||
| 79 | #ifdef __cplusplus | 77 | #ifdef __cplusplus |
| 80 | extern "C" { | 78 | extern "C" { |
| 81 | #endif | 79 | #endif |
| 82 | 80 | ||
| 83 | typedef struct rsa_st RSA; | 81 | /* Declared already in ossl_typ.h */ |
| 82 | /* typedef struct rsa_st RSA; */ | ||
| 83 | /* typedef struct rsa_meth_st RSA_METHOD; */ | ||
| 84 | 84 | ||
| 85 | typedef struct rsa_meth_st | 85 | struct rsa_meth_st |
| 86 | { | 86 | { |
| 87 | const char *name; | 87 | const char *name; |
| 88 | int (*rsa_pub_enc)(int flen,const unsigned char *from, | 88 | int (*rsa_pub_enc)(int flen,const unsigned char *from, |
| @@ -97,7 +97,7 @@ typedef struct rsa_meth_st | |||
| 97 | int (*rsa_priv_dec)(int flen,const unsigned char *from, | 97 | int (*rsa_priv_dec)(int flen,const unsigned char *from, |
| 98 | unsigned char *to, | 98 | unsigned char *to, |
| 99 | RSA *rsa,int padding); | 99 | RSA *rsa,int padding); |
| 100 | int (*rsa_mod_exp)(BIGNUM *r0,const BIGNUM *I,RSA *rsa); /* Can be null */ | 100 | int (*rsa_mod_exp)(BIGNUM *r0,const BIGNUM *I,RSA *rsa,BN_CTX *ctx); /* Can be null */ |
| 101 | int (*bn_mod_exp)(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, | 101 | int (*bn_mod_exp)(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, |
| 102 | const BIGNUM *m, BN_CTX *ctx, | 102 | const BIGNUM *m, BN_CTX *ctx, |
| 103 | BN_MONT_CTX *m_ctx); /* Can be null */ | 103 | BN_MONT_CTX *m_ctx); /* Can be null */ |
| @@ -118,8 +118,12 @@ typedef struct rsa_meth_st | |||
| 118 | int (*rsa_verify)(int dtype, | 118 | int (*rsa_verify)(int dtype, |
| 119 | const unsigned char *m, unsigned int m_length, | 119 | const unsigned char *m, unsigned int m_length, |
| 120 | unsigned char *sigbuf, unsigned int siglen, const RSA *rsa); | 120 | unsigned char *sigbuf, unsigned int siglen, const RSA *rsa); |
| 121 | 121 | /* If this callback is NULL, the builtin software RSA key-gen will be used. This | |
| 122 | } RSA_METHOD; | 122 | * is for behavioural compatibility whilst the code gets rewired, but one day |
| 123 | * it would be nice to assume there are no such things as "builtin software" | ||
| 124 | * implementations. */ | ||
| 125 | int (*rsa_keygen)(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb); | ||
| 126 | }; | ||
| 123 | 127 | ||
| 124 | struct rsa_st | 128 | struct rsa_st |
| 125 | { | 129 | { |
| @@ -152,12 +156,19 @@ struct rsa_st | |||
| 152 | * NULL */ | 156 | * NULL */ |
| 153 | char *bignum_data; | 157 | char *bignum_data; |
| 154 | BN_BLINDING *blinding; | 158 | BN_BLINDING *blinding; |
| 159 | BN_BLINDING *mt_blinding; | ||
| 155 | }; | 160 | }; |
| 156 | 161 | ||
| 157 | #define OPENSSL_RSA_MAX_MODULUS_BITS 16384 | 162 | #ifndef OPENSSL_RSA_MAX_MODULUS_BITS |
| 163 | # define OPENSSL_RSA_MAX_MODULUS_BITS 16384 | ||
| 164 | #endif | ||
| 158 | 165 | ||
| 159 | #define OPENSSL_RSA_SMALL_MODULUS_BITS 3072 | 166 | #ifndef OPENSSL_RSA_SMALL_MODULUS_BITS |
| 160 | #define OPENSSL_RSA_MAX_PUBEXP_BITS 64 /* exponent limit enforced for "small" modulus only */ | 167 | # define OPENSSL_RSA_SMALL_MODULUS_BITS 3072 |
| 168 | #endif | ||
| 169 | #ifndef OPENSSL_RSA_MAX_PUBEXP_BITS | ||
| 170 | # define OPENSSL_RSA_MAX_PUBEXP_BITS 64 /* exponent limit enforced for "large" modulus only */ | ||
| 171 | #endif | ||
| 161 | 172 | ||
| 162 | #define RSA_3 0x3L | 173 | #define RSA_3 0x3L |
| 163 | #define RSA_F4 0x10001L | 174 | #define RSA_F4 0x10001L |
| @@ -184,13 +195,27 @@ struct rsa_st | |||
| 184 | * default (ignoring RSA_FLAG_BLINDING), | 195 | * default (ignoring RSA_FLAG_BLINDING), |
| 185 | * but other engines might not need it | 196 | * but other engines might not need it |
| 186 | */ | 197 | */ |
| 187 | #define RSA_FLAG_NO_EXP_CONSTTIME 0x0100 /* new with 0.9.7h; the built-in RSA | 198 | #define RSA_FLAG_NO_CONSTTIME 0x0100 /* new with 0.9.8f; the built-in RSA |
| 199 | * implementation now uses constant time | ||
| 200 | * operations by default in private key operations, | ||
| 201 | * e.g., constant time modular exponentiation, | ||
| 202 | * modular inverse without leaking branches, | ||
| 203 | * division without leaking branches. This | ||
| 204 | * flag disables these constant time | ||
| 205 | * operations and results in faster RSA | ||
| 206 | * private key operations. | ||
| 207 | */ | ||
| 208 | #ifndef OPENSSL_NO_DEPRECATED | ||
| 209 | #define RSA_FLAG_NO_EXP_CONSTTIME RSA_FLAG_NO_CONSTTIME /* deprecated name for the flag*/ | ||
| 210 | /* new with 0.9.7h; the built-in RSA | ||
| 188 | * implementation now uses constant time | 211 | * implementation now uses constant time |
| 189 | * modular exponentiation for secret exponents | 212 | * modular exponentiation for secret exponents |
| 190 | * by default. This flag causes the | 213 | * by default. This flag causes the |
| 191 | * faster variable sliding window method to | 214 | * faster variable sliding window method to |
| 192 | * be used for all exponents. | 215 | * be used for all exponents. |
| 193 | */ | 216 | */ |
| 217 | #endif | ||
| 218 | |||
| 194 | 219 | ||
| 195 | #define RSA_PKCS1_PADDING 1 | 220 | #define RSA_PKCS1_PADDING 1 |
| 196 | #define RSA_SSLV23_PADDING 2 | 221 | #define RSA_SSLV23_PADDING 2 |
| @@ -206,18 +231,17 @@ struct rsa_st | |||
| 206 | RSA * RSA_new(void); | 231 | RSA * RSA_new(void); |
| 207 | RSA * RSA_new_method(ENGINE *engine); | 232 | RSA * RSA_new_method(ENGINE *engine); |
| 208 | int RSA_size(const RSA *); | 233 | int RSA_size(const RSA *); |
| 234 | |||
| 235 | /* Deprecated version */ | ||
| 236 | #ifndef OPENSSL_NO_DEPRECATED | ||
| 209 | RSA * RSA_generate_key(int bits, unsigned long e,void | 237 | RSA * RSA_generate_key(int bits, unsigned long e,void |
| 210 | (*callback)(int,int,void *),void *cb_arg); | 238 | (*callback)(int,int,void *),void *cb_arg); |
| 239 | #endif /* !defined(OPENSSL_NO_DEPRECATED) */ | ||
| 240 | |||
| 241 | /* New version */ | ||
| 242 | int RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb); | ||
| 243 | |||
| 211 | int RSA_check_key(const RSA *); | 244 | int RSA_check_key(const RSA *); |
| 212 | #ifdef OPENSSL_FIPS | ||
| 213 | int RSA_X931_derive(RSA *rsa, BIGNUM *p1, BIGNUM *p2, BIGNUM *q1, BIGNUM *q2, | ||
| 214 | void (*cb)(int, int, void *), void *cb_arg, | ||
| 215 | const BIGNUM *Xp1, const BIGNUM *Xp2, const BIGNUM *Xp, | ||
| 216 | const BIGNUM *Xq1, const BIGNUM *Xq2, const BIGNUM *Xq, | ||
| 217 | const BIGNUM *e); | ||
| 218 | RSA *RSA_X931_generate_key(int bits, const BIGNUM *e, | ||
| 219 | void (*cb)(int,int,void *), void *cb_arg); | ||
| 220 | #endif | ||
| 221 | /* next 4 return -1 on error */ | 245 | /* next 4 return -1 on error */ |
| 222 | int RSA_public_encrypt(int flen, const unsigned char *from, | 246 | int RSA_public_encrypt(int flen, const unsigned char *from, |
| 223 | unsigned char *to, RSA *rsa,int padding); | 247 | unsigned char *to, RSA *rsa,int padding); |
| @@ -257,11 +281,19 @@ int RSA_print_fp(FILE *fp, const RSA *r,int offset); | |||
| 257 | int RSA_print(BIO *bp, const RSA *r,int offset); | 281 | int RSA_print(BIO *bp, const RSA *r,int offset); |
| 258 | #endif | 282 | #endif |
| 259 | 283 | ||
| 260 | int i2d_RSA_NET(const RSA *a, unsigned char **pp, int (*cb)(), int sgckey); | 284 | int i2d_RSA_NET(const RSA *a, unsigned char **pp, |
| 261 | RSA *d2i_RSA_NET(RSA **a, const unsigned char **pp, long length, int (*cb)(), int sgckey); | 285 | int (*cb)(char *buf, int len, const char *prompt, int verify), |
| 286 | int sgckey); | ||
| 287 | RSA *d2i_RSA_NET(RSA **a, const unsigned char **pp, long length, | ||
| 288 | int (*cb)(char *buf, int len, const char *prompt, int verify), | ||
| 289 | int sgckey); | ||
| 262 | 290 | ||
| 263 | int i2d_Netscape_RSA(const RSA *a, unsigned char **pp, int (*cb)()); | 291 | int i2d_Netscape_RSA(const RSA *a, unsigned char **pp, |
| 264 | RSA *d2i_Netscape_RSA(RSA **a, const unsigned char **pp, long length, int (*cb)()); | 292 | int (*cb)(char *buf, int len, const char *prompt, |
| 293 | int verify)); | ||
| 294 | RSA *d2i_Netscape_RSA(RSA **a, const unsigned char **pp, long length, | ||
| 295 | int (*cb)(char *buf, int len, const char *prompt, | ||
| 296 | int verify)); | ||
| 265 | 297 | ||
| 266 | /* The following 2 functions sign and verify a X509_SIG ASN1 object | 298 | /* The following 2 functions sign and verify a X509_SIG ASN1 object |
| 267 | * inside PKCS#1 padded RSA encryption */ | 299 | * inside PKCS#1 padded RSA encryption */ |
| @@ -281,6 +313,7 @@ int RSA_verify_ASN1_OCTET_STRING(int type, | |||
| 281 | 313 | ||
| 282 | int RSA_blinding_on(RSA *rsa, BN_CTX *ctx); | 314 | int RSA_blinding_on(RSA *rsa, BN_CTX *ctx); |
| 283 | void RSA_blinding_off(RSA *rsa); | 315 | void RSA_blinding_off(RSA *rsa); |
| 316 | BN_BLINDING *RSA_setup_blinding(RSA *rsa, BN_CTX *ctx); | ||
| 284 | 317 | ||
| 285 | int RSA_padding_add_PKCS1_type_1(unsigned char *to,int tlen, | 318 | int RSA_padding_add_PKCS1_type_1(unsigned char *to,int tlen, |
| 286 | const unsigned char *f,int fl); | 319 | const unsigned char *f,int fl); |
| @@ -336,14 +369,21 @@ void ERR_load_RSA_strings(void); | |||
| 336 | 369 | ||
| 337 | /* Function codes. */ | 370 | /* Function codes. */ |
| 338 | #define RSA_F_MEMORY_LOCK 100 | 371 | #define RSA_F_MEMORY_LOCK 100 |
| 372 | #define RSA_F_RSA_BUILTIN_KEYGEN 129 | ||
| 339 | #define RSA_F_RSA_CHECK_KEY 123 | 373 | #define RSA_F_RSA_CHECK_KEY 123 |
| 340 | #define RSA_F_RSA_EAY_PRIVATE_DECRYPT 101 | 374 | #define RSA_F_RSA_EAY_PRIVATE_DECRYPT 101 |
| 341 | #define RSA_F_RSA_EAY_PRIVATE_ENCRYPT 102 | 375 | #define RSA_F_RSA_EAY_PRIVATE_ENCRYPT 102 |
| 342 | #define RSA_F_RSA_EAY_PUBLIC_DECRYPT 103 | 376 | #define RSA_F_RSA_EAY_PUBLIC_DECRYPT 103 |
| 343 | #define RSA_F_RSA_EAY_PUBLIC_ENCRYPT 104 | 377 | #define RSA_F_RSA_EAY_PUBLIC_ENCRYPT 104 |
| 344 | #define RSA_F_RSA_GENERATE_KEY 105 | 378 | #define RSA_F_RSA_GENERATE_KEY 105 |
| 379 | #define RSA_F_RSA_MEMORY_LOCK 130 | ||
| 345 | #define RSA_F_RSA_NEW_METHOD 106 | 380 | #define RSA_F_RSA_NEW_METHOD 106 |
| 346 | #define RSA_F_RSA_NULL 124 | 381 | #define RSA_F_RSA_NULL 124 |
| 382 | #define RSA_F_RSA_NULL_MOD_EXP 131 | ||
| 383 | #define RSA_F_RSA_NULL_PRIVATE_DECRYPT 132 | ||
| 384 | #define RSA_F_RSA_NULL_PRIVATE_ENCRYPT 133 | ||
| 385 | #define RSA_F_RSA_NULL_PUBLIC_DECRYPT 134 | ||
| 386 | #define RSA_F_RSA_NULL_PUBLIC_ENCRYPT 135 | ||
| 347 | #define RSA_F_RSA_PADDING_ADD_NONE 107 | 387 | #define RSA_F_RSA_PADDING_ADD_NONE 107 |
| 348 | #define RSA_F_RSA_PADDING_ADD_PKCS1_OAEP 121 | 388 | #define RSA_F_RSA_PADDING_ADD_PKCS1_OAEP 121 |
| 349 | #define RSA_F_RSA_PADDING_ADD_PKCS1_PSS 125 | 389 | #define RSA_F_RSA_PADDING_ADD_PKCS1_PSS 125 |
| @@ -359,6 +399,7 @@ void ERR_load_RSA_strings(void); | |||
| 359 | #define RSA_F_RSA_PADDING_CHECK_X931 128 | 399 | #define RSA_F_RSA_PADDING_CHECK_X931 128 |
| 360 | #define RSA_F_RSA_PRINT 115 | 400 | #define RSA_F_RSA_PRINT 115 |
| 361 | #define RSA_F_RSA_PRINT_FP 116 | 401 | #define RSA_F_RSA_PRINT_FP 116 |
| 402 | #define RSA_F_RSA_SETUP_BLINDING 136 | ||
| 362 | #define RSA_F_RSA_SIGN 117 | 403 | #define RSA_F_RSA_SIGN 117 |
| 363 | #define RSA_F_RSA_SIGN_ASN1_OCTET_STRING 118 | 404 | #define RSA_F_RSA_SIGN_ASN1_OCTET_STRING 118 |
| 364 | #define RSA_F_RSA_VERIFY 119 | 405 | #define RSA_F_RSA_VERIFY 119 |
| @@ -392,6 +433,7 @@ void ERR_load_RSA_strings(void); | |||
| 392 | #define RSA_R_KEY_SIZE_TOO_SMALL 120 | 433 | #define RSA_R_KEY_SIZE_TOO_SMALL 120 |
| 393 | #define RSA_R_LAST_OCTET_INVALID 134 | 434 | #define RSA_R_LAST_OCTET_INVALID 134 |
| 394 | #define RSA_R_MODULUS_TOO_LARGE 105 | 435 | #define RSA_R_MODULUS_TOO_LARGE 105 |
| 436 | #define RSA_R_NO_PUBLIC_EXPONENT 140 | ||
| 395 | #define RSA_R_NULL_BEFORE_BLOCK_MISSING 113 | 437 | #define RSA_R_NULL_BEFORE_BLOCK_MISSING 113 |
| 396 | #define RSA_R_N_DOES_NOT_EQUAL_P_Q 127 | 438 | #define RSA_R_N_DOES_NOT_EQUAL_P_Q 127 |
| 397 | #define RSA_R_OAEP_DECODING_ERROR 121 | 439 | #define RSA_R_OAEP_DECODING_ERROR 121 |
diff --git a/src/lib/libssl/src/crypto/rsa/rsa_asn1.c b/src/lib/libssl/src/crypto/rsa/rsa_asn1.c index 1455a7e0e4..bbbf26d50e 100644 --- a/src/lib/libssl/src/crypto/rsa/rsa_asn1.c +++ b/src/lib/libssl/src/crypto/rsa/rsa_asn1.c | |||
| @@ -63,10 +63,10 @@ | |||
| 63 | #include <openssl/asn1t.h> | 63 | #include <openssl/asn1t.h> |
| 64 | 64 | ||
| 65 | static ASN1_METHOD method={ | 65 | static ASN1_METHOD method={ |
| 66 | (int (*)()) i2d_RSAPrivateKey, | 66 | (I2D_OF(void)) i2d_RSAPrivateKey, |
| 67 | (char *(*)())d2i_RSAPrivateKey, | 67 | (D2I_OF(void)) d2i_RSAPrivateKey, |
| 68 | (char *(*)())RSA_new, | 68 | (void *(*)(void)) RSA_new, |
| 69 | (void (*)()) RSA_free}; | 69 | (void (*)(void *)) RSA_free}; |
| 70 | 70 | ||
| 71 | ASN1_METHOD *RSAPrivateKey_asn1_meth(void) | 71 | ASN1_METHOD *RSAPrivateKey_asn1_meth(void) |
| 72 | { | 72 | { |
diff --git a/src/lib/libssl/src/crypto/rsa/rsa_chk.c b/src/lib/libssl/src/crypto/rsa/rsa_chk.c index 002f2cb487..9d848db8c6 100644 --- a/src/lib/libssl/src/crypto/rsa/rsa_chk.c +++ b/src/lib/libssl/src/crypto/rsa/rsa_chk.c | |||
| @@ -75,7 +75,7 @@ int RSA_check_key(const RSA *key) | |||
| 75 | } | 75 | } |
| 76 | 76 | ||
| 77 | /* p prime? */ | 77 | /* p prime? */ |
| 78 | r = BN_is_prime(key->p, BN_prime_checks, NULL, NULL, NULL); | 78 | r = BN_is_prime_ex(key->p, BN_prime_checks, NULL, NULL); |
| 79 | if (r != 1) | 79 | if (r != 1) |
| 80 | { | 80 | { |
| 81 | ret = r; | 81 | ret = r; |
| @@ -85,7 +85,7 @@ int RSA_check_key(const RSA *key) | |||
| 85 | } | 85 | } |
| 86 | 86 | ||
| 87 | /* q prime? */ | 87 | /* q prime? */ |
| 88 | r = BN_is_prime(key->q, BN_prime_checks, NULL, NULL, NULL); | 88 | r = BN_is_prime_ex(key->q, BN_prime_checks, NULL, NULL); |
| 89 | if (r != 1) | 89 | if (r != 1) |
| 90 | { | 90 | { |
| 91 | ret = r; | 91 | ret = r; |
diff --git a/src/lib/libssl/src/crypto/rsa/rsa_eay.c b/src/lib/libssl/src/crypto/rsa/rsa_eay.c index 610889dc80..bb77d0f67e 100644 --- a/src/lib/libssl/src/crypto/rsa/rsa_eay.c +++ b/src/lib/libssl/src/crypto/rsa/rsa_eay.c | |||
| @@ -56,7 +56,7 @@ | |||
| 56 | * [including the GNU Public Licence.] | 56 | * [including the GNU Public Licence.] |
| 57 | */ | 57 | */ |
| 58 | /* ==================================================================== | 58 | /* ==================================================================== |
| 59 | * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved. | 59 | * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. |
| 60 | * | 60 | * |
| 61 | * Redistribution and use in source and binary forms, with or without | 61 | * Redistribution and use in source and binary forms, with or without |
| 62 | * modification, are permitted provided that the following conditions | 62 | * modification, are permitted provided that the following conditions |
| @@ -115,7 +115,7 @@ | |||
| 115 | #include <openssl/rsa.h> | 115 | #include <openssl/rsa.h> |
| 116 | #include <openssl/rand.h> | 116 | #include <openssl/rand.h> |
| 117 | 117 | ||
| 118 | #if !defined(RSA_NULL) && !defined(OPENSSL_FIPS) | 118 | #ifndef RSA_NULL |
| 119 | 119 | ||
| 120 | static int RSA_eay_public_encrypt(int flen, const unsigned char *from, | 120 | static int RSA_eay_public_encrypt(int flen, const unsigned char *from, |
| 121 | unsigned char *to, RSA *rsa,int padding); | 121 | unsigned char *to, RSA *rsa,int padding); |
| @@ -125,7 +125,7 @@ static int RSA_eay_public_decrypt(int flen, const unsigned char *from, | |||
| 125 | unsigned char *to, RSA *rsa,int padding); | 125 | unsigned char *to, RSA *rsa,int padding); |
| 126 | static int RSA_eay_private_decrypt(int flen, const unsigned char *from, | 126 | static int RSA_eay_private_decrypt(int flen, const unsigned char *from, |
| 127 | unsigned char *to, RSA *rsa,int padding); | 127 | unsigned char *to, RSA *rsa,int padding); |
| 128 | static int RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *i, RSA *rsa); | 128 | static int RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *i, RSA *rsa, BN_CTX *ctx); |
| 129 | static int RSA_eay_init(RSA *rsa); | 129 | static int RSA_eay_init(RSA *rsa); |
| 130 | static int RSA_eay_finish(RSA *rsa); | 130 | static int RSA_eay_finish(RSA *rsa); |
| 131 | static RSA_METHOD rsa_pkcs1_eay_meth={ | 131 | static RSA_METHOD rsa_pkcs1_eay_meth={ |
| @@ -141,7 +141,8 @@ static RSA_METHOD rsa_pkcs1_eay_meth={ | |||
| 141 | 0, /* flags */ | 141 | 0, /* flags */ |
| 142 | NULL, | 142 | NULL, |
| 143 | 0, /* rsa_sign */ | 143 | 0, /* rsa_sign */ |
| 144 | 0 /* rsa_verify */ | 144 | 0, /* rsa_verify */ |
| 145 | NULL /* rsa_keygen */ | ||
| 145 | }; | 146 | }; |
| 146 | 147 | ||
| 147 | const RSA_METHOD *RSA_PKCS1_SSLeay(void) | 148 | const RSA_METHOD *RSA_PKCS1_SSLeay(void) |
| @@ -149,19 +150,53 @@ const RSA_METHOD *RSA_PKCS1_SSLeay(void) | |||
| 149 | return(&rsa_pkcs1_eay_meth); | 150 | return(&rsa_pkcs1_eay_meth); |
| 150 | } | 151 | } |
| 151 | 152 | ||
| 153 | /* Usage example; | ||
| 154 | * MONT_HELPER(rsa->_method_mod_p, bn_ctx, rsa->p, rsa->flags & RSA_FLAG_CACHE_PRIVATE, goto err); | ||
| 155 | */ | ||
| 156 | #define MONT_HELPER(method_mod, ctx, m, pre_cond, err_instr) \ | ||
| 157 | if ((pre_cond) && ((method_mod) == NULL) && \ | ||
| 158 | !BN_MONT_CTX_set_locked(&(method_mod), \ | ||
| 159 | CRYPTO_LOCK_RSA, \ | ||
| 160 | (m), (ctx))) \ | ||
| 161 | err_instr | ||
| 162 | |||
| 152 | static int RSA_eay_public_encrypt(int flen, const unsigned char *from, | 163 | static int RSA_eay_public_encrypt(int flen, const unsigned char *from, |
| 153 | unsigned char *to, RSA *rsa, int padding) | 164 | unsigned char *to, RSA *rsa, int padding) |
| 154 | { | 165 | { |
| 155 | BIGNUM f,ret; | 166 | BIGNUM *f,*ret; |
| 156 | int i,j,k,num=0,r= -1; | 167 | int i,j,k,num=0,r= -1; |
| 157 | unsigned char *buf=NULL; | 168 | unsigned char *buf=NULL; |
| 158 | BN_CTX *ctx=NULL; | 169 | BN_CTX *ctx=NULL; |
| 159 | 170 | ||
| 160 | BN_init(&f); | 171 | if (BN_num_bits(rsa->n) > OPENSSL_RSA_MAX_MODULUS_BITS) |
| 161 | BN_init(&ret); | 172 | { |
| 173 | RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT, RSA_R_MODULUS_TOO_LARGE); | ||
| 174 | return -1; | ||
| 175 | } | ||
| 176 | |||
| 177 | if (BN_ucmp(rsa->n, rsa->e) <= 0) | ||
| 178 | { | ||
| 179 | RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT, RSA_R_BAD_E_VALUE); | ||
| 180 | return -1; | ||
| 181 | } | ||
| 182 | |||
| 183 | /* for large moduli, enforce exponent limit */ | ||
| 184 | if (BN_num_bits(rsa->n) > OPENSSL_RSA_SMALL_MODULUS_BITS) | ||
| 185 | { | ||
| 186 | if (BN_num_bits(rsa->e) > OPENSSL_RSA_MAX_PUBEXP_BITS) | ||
| 187 | { | ||
| 188 | RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT, RSA_R_BAD_E_VALUE); | ||
| 189 | return -1; | ||
| 190 | } | ||
| 191 | } | ||
| 192 | |||
| 162 | if ((ctx=BN_CTX_new()) == NULL) goto err; | 193 | if ((ctx=BN_CTX_new()) == NULL) goto err; |
| 194 | BN_CTX_start(ctx); | ||
| 195 | f = BN_CTX_get(ctx); | ||
| 196 | ret = BN_CTX_get(ctx); | ||
| 163 | num=BN_num_bytes(rsa->n); | 197 | num=BN_num_bytes(rsa->n); |
| 164 | if ((buf=(unsigned char *)OPENSSL_malloc(num)) == NULL) | 198 | buf = OPENSSL_malloc(num); |
| 199 | if (!f || !ret || !buf) | ||
| 165 | { | 200 | { |
| 166 | RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT,ERR_R_MALLOC_FAILURE); | 201 | RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT,ERR_R_MALLOC_FAILURE); |
| 167 | goto err; | 202 | goto err; |
| @@ -189,37 +224,34 @@ static int RSA_eay_public_encrypt(int flen, const unsigned char *from, | |||
| 189 | } | 224 | } |
| 190 | if (i <= 0) goto err; | 225 | if (i <= 0) goto err; |
| 191 | 226 | ||
| 192 | if (BN_bin2bn(buf,num,&f) == NULL) goto err; | 227 | if (BN_bin2bn(buf,num,f) == NULL) goto err; |
| 193 | 228 | ||
| 194 | if (BN_ucmp(&f, rsa->n) >= 0) | 229 | if (BN_ucmp(f, rsa->n) >= 0) |
| 195 | { | 230 | { |
| 196 | /* usually the padding functions would catch this */ | 231 | /* usually the padding functions would catch this */ |
| 197 | RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT,RSA_R_DATA_TOO_LARGE_FOR_MODULUS); | 232 | RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT,RSA_R_DATA_TOO_LARGE_FOR_MODULUS); |
| 198 | goto err; | 233 | goto err; |
| 199 | } | 234 | } |
| 200 | 235 | ||
| 201 | if (rsa->flags & RSA_FLAG_CACHE_PUBLIC) | 236 | MONT_HELPER(rsa->_method_mod_n, ctx, rsa->n, rsa->flags & RSA_FLAG_CACHE_PUBLIC, goto err); |
| 202 | { | ||
| 203 | if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_n, | ||
| 204 | CRYPTO_LOCK_RSA, rsa->n, ctx)) | ||
| 205 | goto err; | ||
| 206 | } | ||
| 207 | 237 | ||
| 208 | if (!rsa->meth->bn_mod_exp(&ret,&f,rsa->e,rsa->n,ctx, | 238 | if (!rsa->meth->bn_mod_exp(ret,f,rsa->e,rsa->n,ctx, |
| 209 | rsa->_method_mod_n)) goto err; | 239 | rsa->_method_mod_n)) goto err; |
| 210 | 240 | ||
| 211 | /* put in leading 0 bytes if the number is less than the | 241 | /* put in leading 0 bytes if the number is less than the |
| 212 | * length of the modulus */ | 242 | * length of the modulus */ |
| 213 | j=BN_num_bytes(&ret); | 243 | j=BN_num_bytes(ret); |
| 214 | i=BN_bn2bin(&ret,&(to[num-j])); | 244 | i=BN_bn2bin(ret,&(to[num-j])); |
| 215 | for (k=0; k<(num-i); k++) | 245 | for (k=0; k<(num-i); k++) |
| 216 | to[k]=0; | 246 | to[k]=0; |
| 217 | 247 | ||
| 218 | r=num; | 248 | r=num; |
| 219 | err: | 249 | err: |
| 220 | if (ctx != NULL) BN_CTX_free(ctx); | 250 | if (ctx != NULL) |
| 221 | BN_clear_free(&f); | 251 | { |
| 222 | BN_clear_free(&ret); | 252 | BN_CTX_end(ctx); |
| 253 | BN_CTX_free(ctx); | ||
| 254 | } | ||
| 223 | if (buf != NULL) | 255 | if (buf != NULL) |
| 224 | { | 256 | { |
| 225 | OPENSSL_cleanse(buf,num); | 257 | OPENSSL_cleanse(buf,num); |
| @@ -228,64 +260,101 @@ err: | |||
| 228 | return(r); | 260 | return(r); |
| 229 | } | 261 | } |
| 230 | 262 | ||
| 231 | static int rsa_eay_blinding(RSA *rsa, BN_CTX *ctx) | 263 | static BN_BLINDING *rsa_get_blinding(RSA *rsa, int *local, BN_CTX *ctx) |
| 232 | { | 264 | { |
| 233 | int ret = 1; | 265 | BN_BLINDING *ret; |
| 234 | CRYPTO_w_lock(CRYPTO_LOCK_RSA); | 266 | int got_write_lock = 0; |
| 235 | /* Check again inside the lock - the macro's check is racey */ | ||
| 236 | if(rsa->blinding == NULL) | ||
| 237 | ret = RSA_blinding_on(rsa, ctx); | ||
| 238 | CRYPTO_w_unlock(CRYPTO_LOCK_RSA); | ||
| 239 | return ret; | ||
| 240 | } | ||
| 241 | 267 | ||
| 242 | #define BLINDING_HELPER(rsa, ctx, err_instr) \ | 268 | CRYPTO_r_lock(CRYPTO_LOCK_RSA); |
| 243 | do { \ | ||
| 244 | if((!((rsa)->flags & RSA_FLAG_NO_BLINDING)) && \ | ||
| 245 | ((rsa)->blinding == NULL) && \ | ||
| 246 | !rsa_eay_blinding(rsa, ctx)) \ | ||
| 247 | err_instr \ | ||
| 248 | } while(0) | ||
| 249 | 269 | ||
| 250 | static BN_BLINDING *setup_blinding(RSA *rsa, BN_CTX *ctx) | 270 | if (rsa->blinding == NULL) |
| 251 | { | 271 | { |
| 252 | BIGNUM *A, *Ai; | 272 | CRYPTO_r_unlock(CRYPTO_LOCK_RSA); |
| 253 | BN_BLINDING *ret = NULL; | 273 | CRYPTO_w_lock(CRYPTO_LOCK_RSA); |
| 274 | got_write_lock = 1; | ||
| 254 | 275 | ||
| 255 | /* added in OpenSSL 0.9.6j and 0.9.7b */ | 276 | if (rsa->blinding == NULL) |
| 277 | rsa->blinding = RSA_setup_blinding(rsa, ctx); | ||
| 278 | } | ||
| 256 | 279 | ||
| 257 | /* NB: similar code appears in RSA_blinding_on (rsa_lib.c); | 280 | ret = rsa->blinding; |
| 258 | * this should be placed in a new function of its own, but for reasons | 281 | if (ret == NULL) |
| 259 | * of binary compatibility can't */ | 282 | goto err; |
| 260 | 283 | ||
| 261 | BN_CTX_start(ctx); | 284 | if (BN_BLINDING_get_thread_id(ret) == CRYPTO_thread_id()) |
| 262 | A = BN_CTX_get(ctx); | ||
| 263 | if ((RAND_status() == 0) && rsa->d != NULL && rsa->d->d != NULL) | ||
| 264 | { | 285 | { |
| 265 | /* if PRNG is not properly seeded, resort to secret exponent as unpredictable seed */ | 286 | /* rsa->blinding is ours! */ |
| 266 | RAND_add(rsa->d->d, rsa->d->dmax * sizeof rsa->d->d[0], 0); | 287 | |
| 267 | if (!BN_pseudo_rand_range(A,rsa->n)) goto err; | 288 | *local = 1; |
| 268 | } | 289 | } |
| 269 | else | 290 | else |
| 270 | { | 291 | { |
| 271 | if (!BN_rand_range(A,rsa->n)) goto err; | 292 | /* resort to rsa->mt_blinding instead */ |
| 293 | |||
| 294 | *local = 0; /* instructs rsa_blinding_convert(), rsa_blinding_invert() | ||
| 295 | * that the BN_BLINDING is shared, meaning that accesses | ||
| 296 | * require locks, and that the blinding factor must be | ||
| 297 | * stored outside the BN_BLINDING | ||
| 298 | */ | ||
| 299 | |||
| 300 | if (rsa->mt_blinding == NULL) | ||
| 301 | { | ||
| 302 | if (!got_write_lock) | ||
| 303 | { | ||
| 304 | CRYPTO_r_unlock(CRYPTO_LOCK_RSA); | ||
| 305 | CRYPTO_w_lock(CRYPTO_LOCK_RSA); | ||
| 306 | got_write_lock = 1; | ||
| 307 | } | ||
| 308 | |||
| 309 | if (rsa->mt_blinding == NULL) | ||
| 310 | rsa->mt_blinding = RSA_setup_blinding(rsa, ctx); | ||
| 311 | } | ||
| 312 | ret = rsa->mt_blinding; | ||
| 272 | } | 313 | } |
| 273 | if ((Ai=BN_mod_inverse(NULL,A,rsa->n,ctx)) == NULL) goto err; | ||
| 274 | 314 | ||
| 275 | if (!rsa->meth->bn_mod_exp(A,A,rsa->e,rsa->n,ctx,rsa->_method_mod_n)) | 315 | err: |
| 276 | goto err; | 316 | if (got_write_lock) |
| 277 | ret = BN_BLINDING_new(A,Ai,rsa->n); | 317 | CRYPTO_w_unlock(CRYPTO_LOCK_RSA); |
| 278 | BN_free(Ai); | 318 | else |
| 279 | err: | 319 | CRYPTO_r_unlock(CRYPTO_LOCK_RSA); |
| 280 | BN_CTX_end(ctx); | ||
| 281 | return ret; | 320 | return ret; |
| 282 | } | 321 | } |
| 322 | |||
| 323 | static int rsa_blinding_convert(BN_BLINDING *b, int local, BIGNUM *f, | ||
| 324 | BIGNUM *r, BN_CTX *ctx) | ||
| 325 | { | ||
| 326 | if (local) | ||
| 327 | return BN_BLINDING_convert_ex(f, NULL, b, ctx); | ||
| 328 | else | ||
| 329 | { | ||
| 330 | int ret; | ||
| 331 | CRYPTO_r_lock(CRYPTO_LOCK_RSA_BLINDING); | ||
| 332 | ret = BN_BLINDING_convert_ex(f, r, b, ctx); | ||
| 333 | CRYPTO_r_unlock(CRYPTO_LOCK_RSA_BLINDING); | ||
| 334 | return ret; | ||
| 335 | } | ||
| 336 | } | ||
| 337 | |||
| 338 | static int rsa_blinding_invert(BN_BLINDING *b, int local, BIGNUM *f, | ||
| 339 | BIGNUM *r, BN_CTX *ctx) | ||
| 340 | { | ||
| 341 | if (local) | ||
| 342 | return BN_BLINDING_invert_ex(f, NULL, b, ctx); | ||
| 343 | else | ||
| 344 | { | ||
| 345 | int ret; | ||
| 346 | CRYPTO_w_lock(CRYPTO_LOCK_RSA_BLINDING); | ||
| 347 | ret = BN_BLINDING_invert_ex(f, r, b, ctx); | ||
| 348 | CRYPTO_w_unlock(CRYPTO_LOCK_RSA_BLINDING); | ||
| 349 | return ret; | ||
| 350 | } | ||
| 351 | } | ||
| 283 | 352 | ||
| 284 | /* signing */ | 353 | /* signing */ |
| 285 | static int RSA_eay_private_encrypt(int flen, const unsigned char *from, | 354 | static int RSA_eay_private_encrypt(int flen, const unsigned char *from, |
| 286 | unsigned char *to, RSA *rsa, int padding) | 355 | unsigned char *to, RSA *rsa, int padding) |
| 287 | { | 356 | { |
| 288 | BIGNUM f,ret, *res; | 357 | BIGNUM *f, *ret, *br, *res; |
| 289 | int i,j,k,num=0,r= -1; | 358 | int i,j,k,num=0,r= -1; |
| 290 | unsigned char *buf=NULL; | 359 | unsigned char *buf=NULL; |
| 291 | BN_CTX *ctx=NULL; | 360 | BN_CTX *ctx=NULL; |
| @@ -318,8 +387,13 @@ static int RSA_eay_private_encrypt(int flen, const unsigned char *from, | |||
| 318 | } | 387 | } |
| 319 | 388 | ||
| 320 | if ((ctx=BN_CTX_new()) == NULL) goto err; | 389 | if ((ctx=BN_CTX_new()) == NULL) goto err; |
| 321 | num=BN_num_bytes(rsa->n); | 390 | BN_CTX_start(ctx); |
| 322 | if ((buf=(unsigned char *)OPENSSL_malloc(num)) == NULL) | 391 | f = BN_CTX_get(ctx); |
| 392 | br = BN_CTX_get(ctx); | ||
| 393 | ret = BN_CTX_get(ctx); | ||
| 394 | num = BN_num_bytes(rsa->n); | ||
| 395 | buf = OPENSSL_malloc(num); | ||
| 396 | if(!f || !ret || !buf) | ||
| 323 | { | 397 | { |
| 324 | RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT,ERR_R_MALLOC_FAILURE); | 398 | RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT,ERR_R_MALLOC_FAILURE); |
| 325 | goto err; | 399 | goto err; |
| @@ -330,6 +404,9 @@ static int RSA_eay_private_encrypt(int flen, const unsigned char *from, | |||
| 330 | case RSA_PKCS1_PADDING: | 404 | case RSA_PKCS1_PADDING: |
| 331 | i=RSA_padding_add_PKCS1_type_1(buf,num,from,flen); | 405 | i=RSA_padding_add_PKCS1_type_1(buf,num,from,flen); |
| 332 | break; | 406 | break; |
| 407 | case RSA_X931_PADDING: | ||
| 408 | i=RSA_padding_add_X931(buf,num,from,flen); | ||
| 409 | break; | ||
| 333 | case RSA_NO_PADDING: | 410 | case RSA_NO_PADDING: |
| 334 | i=RSA_padding_add_none(buf,num,from,flen); | 411 | i=RSA_padding_add_none(buf,num,from,flen); |
| 335 | break; | 412 | break; |
| @@ -340,26 +417,18 @@ static int RSA_eay_private_encrypt(int flen, const unsigned char *from, | |||
| 340 | } | 417 | } |
| 341 | if (i <= 0) goto err; | 418 | if (i <= 0) goto err; |
| 342 | 419 | ||
| 343 | if (BN_bin2bn(buf,num,&f) == NULL) goto err; | 420 | if (BN_bin2bn(buf,num,f) == NULL) goto err; |
| 344 | 421 | ||
| 345 | if (BN_ucmp(&f, rsa->n) >= 0) | 422 | if (BN_ucmp(f, rsa->n) >= 0) |
| 346 | { | 423 | { |
| 347 | /* usually the padding functions would catch this */ | 424 | /* usually the padding functions would catch this */ |
| 348 | RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT,RSA_R_DATA_TOO_LARGE_FOR_MODULUS); | 425 | RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT,RSA_R_DATA_TOO_LARGE_FOR_MODULUS); |
| 349 | goto err; | 426 | goto err; |
| 350 | } | 427 | } |
| 351 | 428 | ||
| 352 | BLINDING_HELPER(rsa, ctx, goto err;); | ||
| 353 | blinding = rsa->blinding; | ||
| 354 | |||
| 355 | /* Now unless blinding is disabled, 'blinding' is non-NULL. | ||
| 356 | * But the BN_BLINDING object may be owned by some other thread | ||
| 357 | * (we don't want to keep it constant and we don't want to use | ||
| 358 | * lots of locking to avoid race conditions, so only a single | ||
| 359 | * thread can use it; other threads have to use local blinding | ||
| 360 | * factors) */ | ||
| 361 | if (!(rsa->flags & RSA_FLAG_NO_BLINDING)) | 429 | if (!(rsa->flags & RSA_FLAG_NO_BLINDING)) |
| 362 | { | 430 | { |
| 431 | blinding = rsa_get_blinding(rsa, &local_blinding, ctx); | ||
| 363 | if (blinding == NULL) | 432 | if (blinding == NULL) |
| 364 | { | 433 | { |
| 365 | RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT, ERR_R_INTERNAL_ERROR); | 434 | RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT, ERR_R_INTERNAL_ERROR); |
| @@ -368,20 +437,8 @@ static int RSA_eay_private_encrypt(int flen, const unsigned char *from, | |||
| 368 | } | 437 | } |
| 369 | 438 | ||
| 370 | if (blinding != NULL) | 439 | if (blinding != NULL) |
| 371 | { | 440 | if (!rsa_blinding_convert(blinding, local_blinding, f, br, ctx)) |
| 372 | if (blinding->thread_id != CRYPTO_thread_id()) | 441 | goto err; |
| 373 | { | ||
| 374 | /* we need a local one-time blinding factor */ | ||
| 375 | |||
| 376 | blinding = setup_blinding(rsa, ctx); | ||
| 377 | if (blinding == NULL) | ||
| 378 | goto err; | ||
| 379 | local_blinding = 1; | ||
| 380 | } | ||
| 381 | } | ||
| 382 | |||
| 383 | if (blinding) | ||
| 384 | if (!BN_BLINDING_convert(&f, blinding, ctx)) goto err; | ||
| 385 | 442 | ||
| 386 | if ( (rsa->flags & RSA_FLAG_EXT_PKEY) || | 443 | if ( (rsa->flags & RSA_FLAG_EXT_PKEY) || |
| 387 | ((rsa->p != NULL) && | 444 | ((rsa->p != NULL) && |
| @@ -390,37 +447,42 @@ static int RSA_eay_private_encrypt(int flen, const unsigned char *from, | |||
| 390 | (rsa->dmq1 != NULL) && | 447 | (rsa->dmq1 != NULL) && |
| 391 | (rsa->iqmp != NULL)) ) | 448 | (rsa->iqmp != NULL)) ) |
| 392 | { | 449 | { |
| 393 | if (!rsa->meth->rsa_mod_exp(&ret,&f,rsa)) goto err; | 450 | if (!rsa->meth->rsa_mod_exp(ret, f, rsa, ctx)) goto err; |
| 394 | } | 451 | } |
| 395 | else | 452 | else |
| 396 | { | 453 | { |
| 397 | BIGNUM local_d; | 454 | BIGNUM local_d; |
| 398 | BIGNUM *d = NULL; | 455 | BIGNUM *d = NULL; |
| 399 | 456 | ||
| 400 | if (!(rsa->flags & RSA_FLAG_NO_EXP_CONSTTIME)) | 457 | if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) |
| 401 | { | 458 | { |
| 402 | BN_init(&local_d); | 459 | BN_init(&local_d); |
| 403 | d = &local_d; | 460 | d = &local_d; |
| 404 | BN_with_flags(d, rsa->d, BN_FLG_EXP_CONSTTIME); | 461 | BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME); |
| 405 | } | 462 | } |
| 406 | else | 463 | else |
| 407 | d = rsa->d; | 464 | d= rsa->d; |
| 408 | if (!rsa->meth->bn_mod_exp(&ret,&f,d,rsa->n,ctx,NULL)) goto err; | 465 | |
| 466 | MONT_HELPER(rsa->_method_mod_n, ctx, rsa->n, rsa->flags & RSA_FLAG_CACHE_PUBLIC, goto err); | ||
| 467 | |||
| 468 | if (!rsa->meth->bn_mod_exp(ret,f,d,rsa->n,ctx, | ||
| 469 | rsa->_method_mod_n)) goto err; | ||
| 409 | } | 470 | } |
| 410 | 471 | ||
| 411 | if (blinding) | 472 | if (blinding) |
| 412 | if (!BN_BLINDING_invert(&ret, blinding, ctx)) goto err; | 473 | if (!rsa_blinding_invert(blinding, local_blinding, ret, br, ctx)) |
| 474 | goto err; | ||
| 413 | 475 | ||
| 414 | if (padding == RSA_X931_PADDING) | 476 | if (padding == RSA_X931_PADDING) |
| 415 | { | 477 | { |
| 416 | BN_sub(&f, rsa->n, &ret); | 478 | BN_sub(f, rsa->n, ret); |
| 417 | if (BN_cmp(&ret, &f)) | 479 | if (BN_cmp(ret, f)) |
| 418 | res = &f; | 480 | res = f; |
| 419 | else | 481 | else |
| 420 | res = &ret; | 482 | res = ret; |
| 421 | } | 483 | } |
| 422 | else | 484 | else |
| 423 | res = &ret; | 485 | res = ret; |
| 424 | 486 | ||
| 425 | /* put in leading 0 bytes if the number is less than the | 487 | /* put in leading 0 bytes if the number is less than the |
| 426 | * length of the modulus */ | 488 | * length of the modulus */ |
| @@ -431,11 +493,11 @@ static int RSA_eay_private_encrypt(int flen, const unsigned char *from, | |||
| 431 | 493 | ||
| 432 | r=num; | 494 | r=num; |
| 433 | err: | 495 | err: |
| 434 | if (ctx != NULL) BN_CTX_free(ctx); | 496 | if (ctx != NULL) |
| 435 | BN_clear_free(&ret); | 497 | { |
| 436 | BN_clear_free(&f); | 498 | BN_CTX_end(ctx); |
| 437 | if (local_blinding) | 499 | BN_CTX_free(ctx); |
| 438 | BN_BLINDING_free(blinding); | 500 | } |
| 439 | if (buf != NULL) | 501 | if (buf != NULL) |
| 440 | { | 502 | { |
| 441 | OPENSSL_cleanse(buf,num); | 503 | OPENSSL_cleanse(buf,num); |
| @@ -447,7 +509,7 @@ err: | |||
| 447 | static int RSA_eay_private_decrypt(int flen, const unsigned char *from, | 509 | static int RSA_eay_private_decrypt(int flen, const unsigned char *from, |
| 448 | unsigned char *to, RSA *rsa, int padding) | 510 | unsigned char *to, RSA *rsa, int padding) |
| 449 | { | 511 | { |
| 450 | BIGNUM f,ret; | 512 | BIGNUM *f, *ret, *br; |
| 451 | int j,num=0,r= -1; | 513 | int j,num=0,r= -1; |
| 452 | unsigned char *p; | 514 | unsigned char *p; |
| 453 | unsigned char *buf=NULL; | 515 | unsigned char *buf=NULL; |
| @@ -455,14 +517,14 @@ static int RSA_eay_private_decrypt(int flen, const unsigned char *from, | |||
| 455 | int local_blinding = 0; | 517 | int local_blinding = 0; |
| 456 | BN_BLINDING *blinding = NULL; | 518 | BN_BLINDING *blinding = NULL; |
| 457 | 519 | ||
| 458 | BN_init(&f); | 520 | if((ctx = BN_CTX_new()) == NULL) goto err; |
| 459 | BN_init(&ret); | 521 | BN_CTX_start(ctx); |
| 460 | ctx=BN_CTX_new(); | 522 | f = BN_CTX_get(ctx); |
| 461 | if (ctx == NULL) goto err; | 523 | br = BN_CTX_get(ctx); |
| 462 | 524 | ret = BN_CTX_get(ctx); | |
| 463 | num=BN_num_bytes(rsa->n); | 525 | num = BN_num_bytes(rsa->n); |
| 464 | 526 | buf = OPENSSL_malloc(num); | |
| 465 | if ((buf=(unsigned char *)OPENSSL_malloc(num)) == NULL) | 527 | if(!f || !ret || !buf) |
| 466 | { | 528 | { |
| 467 | RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT,ERR_R_MALLOC_FAILURE); | 529 | RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT,ERR_R_MALLOC_FAILURE); |
| 468 | goto err; | 530 | goto err; |
| @@ -477,25 +539,17 @@ static int RSA_eay_private_decrypt(int flen, const unsigned char *from, | |||
| 477 | } | 539 | } |
| 478 | 540 | ||
| 479 | /* make data into a big number */ | 541 | /* make data into a big number */ |
| 480 | if (BN_bin2bn(from,(int)flen,&f) == NULL) goto err; | 542 | if (BN_bin2bn(from,(int)flen,f) == NULL) goto err; |
| 481 | 543 | ||
| 482 | if (BN_ucmp(&f, rsa->n) >= 0) | 544 | if (BN_ucmp(f, rsa->n) >= 0) |
| 483 | { | 545 | { |
| 484 | RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT,RSA_R_DATA_TOO_LARGE_FOR_MODULUS); | 546 | RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT,RSA_R_DATA_TOO_LARGE_FOR_MODULUS); |
| 485 | goto err; | 547 | goto err; |
| 486 | } | 548 | } |
| 487 | 549 | ||
| 488 | BLINDING_HELPER(rsa, ctx, goto err;); | ||
| 489 | blinding = rsa->blinding; | ||
| 490 | |||
| 491 | /* Now unless blinding is disabled, 'blinding' is non-NULL. | ||
| 492 | * But the BN_BLINDING object may be owned by some other thread | ||
| 493 | * (we don't want to keep it constant and we don't want to use | ||
| 494 | * lots of locking to avoid race conditions, so only a single | ||
| 495 | * thread can use it; other threads have to use local blinding | ||
| 496 | * factors) */ | ||
| 497 | if (!(rsa->flags & RSA_FLAG_NO_BLINDING)) | 550 | if (!(rsa->flags & RSA_FLAG_NO_BLINDING)) |
| 498 | { | 551 | { |
| 552 | blinding = rsa_get_blinding(rsa, &local_blinding, ctx); | ||
| 499 | if (blinding == NULL) | 553 | if (blinding == NULL) |
| 500 | { | 554 | { |
| 501 | RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT, ERR_R_INTERNAL_ERROR); | 555 | RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT, ERR_R_INTERNAL_ERROR); |
| @@ -504,20 +558,8 @@ static int RSA_eay_private_decrypt(int flen, const unsigned char *from, | |||
| 504 | } | 558 | } |
| 505 | 559 | ||
| 506 | if (blinding != NULL) | 560 | if (blinding != NULL) |
| 507 | { | 561 | if (!rsa_blinding_convert(blinding, local_blinding, f, br, ctx)) |
| 508 | if (blinding->thread_id != CRYPTO_thread_id()) | 562 | goto err; |
| 509 | { | ||
| 510 | /* we need a local one-time blinding factor */ | ||
| 511 | |||
| 512 | blinding = setup_blinding(rsa, ctx); | ||
| 513 | if (blinding == NULL) | ||
| 514 | goto err; | ||
| 515 | local_blinding = 1; | ||
| 516 | } | ||
| 517 | } | ||
| 518 | |||
| 519 | if (blinding) | ||
| 520 | if (!BN_BLINDING_convert(&f, blinding, ctx)) goto err; | ||
| 521 | 563 | ||
| 522 | /* do the decrypt */ | 564 | /* do the decrypt */ |
| 523 | if ( (rsa->flags & RSA_FLAG_EXT_PKEY) || | 565 | if ( (rsa->flags & RSA_FLAG_EXT_PKEY) || |
| @@ -527,29 +569,33 @@ static int RSA_eay_private_decrypt(int flen, const unsigned char *from, | |||
| 527 | (rsa->dmq1 != NULL) && | 569 | (rsa->dmq1 != NULL) && |
| 528 | (rsa->iqmp != NULL)) ) | 570 | (rsa->iqmp != NULL)) ) |
| 529 | { | 571 | { |
| 530 | if (!rsa->meth->rsa_mod_exp(&ret,&f,rsa)) goto err; | 572 | if (!rsa->meth->rsa_mod_exp(ret, f, rsa, ctx)) goto err; |
| 531 | } | 573 | } |
| 532 | else | 574 | else |
| 533 | { | 575 | { |
| 534 | BIGNUM local_d; | 576 | BIGNUM local_d; |
| 535 | BIGNUM *d = NULL; | 577 | BIGNUM *d = NULL; |
| 536 | 578 | ||
| 537 | if (!(rsa->flags & RSA_FLAG_NO_EXP_CONSTTIME)) | 579 | if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) |
| 538 | { | 580 | { |
| 539 | d = &local_d; | 581 | d = &local_d; |
| 540 | BN_with_flags(d, rsa->d, BN_FLG_EXP_CONSTTIME); | 582 | BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME); |
| 541 | } | 583 | } |
| 542 | else | 584 | else |
| 543 | d = rsa->d; | 585 | d = rsa->d; |
| 544 | if (!rsa->meth->bn_mod_exp(&ret,&f,d,rsa->n,ctx,NULL)) | 586 | |
| 545 | goto err; | 587 | MONT_HELPER(rsa->_method_mod_n, ctx, rsa->n, rsa->flags & RSA_FLAG_CACHE_PUBLIC, goto err); |
| 588 | if (!rsa->meth->bn_mod_exp(ret,f,d,rsa->n,ctx, | ||
| 589 | rsa->_method_mod_n)) | ||
| 590 | goto err; | ||
| 546 | } | 591 | } |
| 547 | 592 | ||
| 548 | if (blinding) | 593 | if (blinding) |
| 549 | if (!BN_BLINDING_invert(&ret, blinding, ctx)) goto err; | 594 | if (!rsa_blinding_invert(blinding, local_blinding, ret, br, ctx)) |
| 595 | goto err; | ||
| 550 | 596 | ||
| 551 | p=buf; | 597 | p=buf; |
| 552 | j=BN_bn2bin(&ret,p); /* j is only used with no-padding mode */ | 598 | j=BN_bn2bin(ret,p); /* j is only used with no-padding mode */ |
| 553 | 599 | ||
| 554 | switch (padding) | 600 | switch (padding) |
| 555 | { | 601 | { |
| @@ -575,11 +621,11 @@ static int RSA_eay_private_decrypt(int flen, const unsigned char *from, | |||
| 575 | RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT,RSA_R_PADDING_CHECK_FAILED); | 621 | RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT,RSA_R_PADDING_CHECK_FAILED); |
| 576 | 622 | ||
| 577 | err: | 623 | err: |
| 578 | if (ctx != NULL) BN_CTX_free(ctx); | 624 | if (ctx != NULL) |
| 579 | BN_clear_free(&f); | 625 | { |
| 580 | BN_clear_free(&ret); | 626 | BN_CTX_end(ctx); |
| 581 | if (local_blinding) | 627 | BN_CTX_free(ctx); |
| 582 | BN_BLINDING_free(blinding); | 628 | } |
| 583 | if (buf != NULL) | 629 | if (buf != NULL) |
| 584 | { | 630 | { |
| 585 | OPENSSL_cleanse(buf,num); | 631 | OPENSSL_cleanse(buf,num); |
| @@ -592,7 +638,7 @@ err: | |||
| 592 | static int RSA_eay_public_decrypt(int flen, const unsigned char *from, | 638 | static int RSA_eay_public_decrypt(int flen, const unsigned char *from, |
| 593 | unsigned char *to, RSA *rsa, int padding) | 639 | unsigned char *to, RSA *rsa, int padding) |
| 594 | { | 640 | { |
| 595 | BIGNUM f,ret; | 641 | BIGNUM *f,*ret; |
| 596 | int i,num=0,r= -1; | 642 | int i,num=0,r= -1; |
| 597 | unsigned char *p; | 643 | unsigned char *p; |
| 598 | unsigned char *buf=NULL; | 644 | unsigned char *buf=NULL; |
| @@ -619,15 +665,14 @@ static int RSA_eay_public_decrypt(int flen, const unsigned char *from, | |||
| 619 | return -1; | 665 | return -1; |
| 620 | } | 666 | } |
| 621 | } | 667 | } |
| 622 | 668 | ||
| 623 | BN_init(&f); | 669 | if((ctx = BN_CTX_new()) == NULL) goto err; |
| 624 | BN_init(&ret); | 670 | BN_CTX_start(ctx); |
| 625 | ctx=BN_CTX_new(); | 671 | f = BN_CTX_get(ctx); |
| 626 | if (ctx == NULL) goto err; | 672 | ret = BN_CTX_get(ctx); |
| 627 | |||
| 628 | num=BN_num_bytes(rsa->n); | 673 | num=BN_num_bytes(rsa->n); |
| 629 | buf=(unsigned char *)OPENSSL_malloc(num); | 674 | buf = OPENSSL_malloc(num); |
| 630 | if (buf == NULL) | 675 | if(!f || !ret || !buf) |
| 631 | { | 676 | { |
| 632 | RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT,ERR_R_MALLOC_FAILURE); | 677 | RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT,ERR_R_MALLOC_FAILURE); |
| 633 | goto err; | 678 | goto err; |
| @@ -641,37 +686,33 @@ static int RSA_eay_public_decrypt(int flen, const unsigned char *from, | |||
| 641 | goto err; | 686 | goto err; |
| 642 | } | 687 | } |
| 643 | 688 | ||
| 644 | if (BN_bin2bn(from,flen,&f) == NULL) goto err; | 689 | if (BN_bin2bn(from,flen,f) == NULL) goto err; |
| 645 | 690 | ||
| 646 | if (BN_ucmp(&f, rsa->n) >= 0) | 691 | if (BN_ucmp(f, rsa->n) >= 0) |
| 647 | { | 692 | { |
| 648 | RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT,RSA_R_DATA_TOO_LARGE_FOR_MODULUS); | 693 | RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT,RSA_R_DATA_TOO_LARGE_FOR_MODULUS); |
| 649 | goto err; | 694 | goto err; |
| 650 | } | 695 | } |
| 651 | 696 | ||
| 652 | /* do the decrypt */ | 697 | MONT_HELPER(rsa->_method_mod_n, ctx, rsa->n, rsa->flags & RSA_FLAG_CACHE_PUBLIC, goto err); |
| 653 | |||
| 654 | if (rsa->flags & RSA_FLAG_CACHE_PUBLIC) | ||
| 655 | { | ||
| 656 | if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_n, | ||
| 657 | CRYPTO_LOCK_RSA, rsa->n, ctx)) | ||
| 658 | goto err; | ||
| 659 | } | ||
| 660 | 698 | ||
| 661 | if (!rsa->meth->bn_mod_exp(&ret,&f,rsa->e,rsa->n,ctx, | 699 | if (!rsa->meth->bn_mod_exp(ret,f,rsa->e,rsa->n,ctx, |
| 662 | rsa->_method_mod_n)) goto err; | 700 | rsa->_method_mod_n)) goto err; |
| 663 | 701 | ||
| 664 | if ((padding == RSA_X931_PADDING) && ((ret.d[0] & 0xf) != 12)) | 702 | if ((padding == RSA_X931_PADDING) && ((ret->d[0] & 0xf) != 12)) |
| 665 | BN_sub(&ret, rsa->n, &ret); | 703 | BN_sub(ret, rsa->n, ret); |
| 666 | 704 | ||
| 667 | p=buf; | 705 | p=buf; |
| 668 | i=BN_bn2bin(&ret,p); | 706 | i=BN_bn2bin(ret,p); |
| 669 | 707 | ||
| 670 | switch (padding) | 708 | switch (padding) |
| 671 | { | 709 | { |
| 672 | case RSA_PKCS1_PADDING: | 710 | case RSA_PKCS1_PADDING: |
| 673 | r=RSA_padding_check_PKCS1_type_1(to,num,buf,i,num); | 711 | r=RSA_padding_check_PKCS1_type_1(to,num,buf,i,num); |
| 674 | break; | 712 | break; |
| 713 | case RSA_X931_PADDING: | ||
| 714 | r=RSA_padding_check_X931(to,num,buf,i,num); | ||
| 715 | break; | ||
| 675 | case RSA_NO_PADDING: | 716 | case RSA_NO_PADDING: |
| 676 | r=RSA_padding_check_none(to,num,buf,i,num); | 717 | r=RSA_padding_check_none(to,num,buf,i,num); |
| 677 | break; | 718 | break; |
| @@ -683,9 +724,11 @@ static int RSA_eay_public_decrypt(int flen, const unsigned char *from, | |||
| 683 | RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT,RSA_R_PADDING_CHECK_FAILED); | 724 | RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT,RSA_R_PADDING_CHECK_FAILED); |
| 684 | 725 | ||
| 685 | err: | 726 | err: |
| 686 | if (ctx != NULL) BN_CTX_free(ctx); | 727 | if (ctx != NULL) |
| 687 | BN_clear_free(&f); | 728 | { |
| 688 | BN_clear_free(&ret); | 729 | BN_CTX_end(ctx); |
| 730 | BN_CTX_free(ctx); | ||
| 731 | } | ||
| 689 | if (buf != NULL) | 732 | if (buf != NULL) |
| 690 | { | 733 | { |
| 691 | OPENSSL_cleanse(buf,num); | 734 | OPENSSL_cleanse(buf,num); |
| @@ -694,59 +737,111 @@ err: | |||
| 694 | return(r); | 737 | return(r); |
| 695 | } | 738 | } |
| 696 | 739 | ||
| 697 | static int RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa) | 740 | static int RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx) |
| 698 | { | 741 | { |
| 699 | BIGNUM r1,m1,vrfy; | 742 | BIGNUM *r1,*m1,*vrfy; |
| 700 | BIGNUM local_dmp1, local_dmq1; | 743 | BIGNUM local_dmp1,local_dmq1,local_c,local_r1; |
| 701 | BIGNUM *dmp1, *dmq1; | 744 | BIGNUM *dmp1,*dmq1,*c,*pr1; |
| 702 | int ret=0; | 745 | int ret=0; |
| 703 | BN_CTX *ctx; | ||
| 704 | 746 | ||
| 705 | BN_init(&m1); | 747 | BN_CTX_start(ctx); |
| 706 | BN_init(&r1); | 748 | r1 = BN_CTX_get(ctx); |
| 707 | BN_init(&vrfy); | 749 | m1 = BN_CTX_get(ctx); |
| 708 | if ((ctx=BN_CTX_new()) == NULL) goto err; | 750 | vrfy = BN_CTX_get(ctx); |
| 751 | |||
| 752 | { | ||
| 753 | BIGNUM local_p, local_q; | ||
| 754 | BIGNUM *p = NULL, *q = NULL; | ||
| 755 | |||
| 756 | /* Make sure BN_mod_inverse in Montgomery intialization uses the | ||
| 757 | * BN_FLG_CONSTTIME flag (unless RSA_FLAG_NO_CONSTTIME is set) | ||
| 758 | */ | ||
| 759 | if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) | ||
| 760 | { | ||
| 761 | BN_init(&local_p); | ||
| 762 | p = &local_p; | ||
| 763 | BN_with_flags(p, rsa->p, BN_FLG_CONSTTIME); | ||
| 764 | |||
| 765 | BN_init(&local_q); | ||
| 766 | q = &local_q; | ||
| 767 | BN_with_flags(q, rsa->q, BN_FLG_CONSTTIME); | ||
| 768 | } | ||
| 769 | else | ||
| 770 | { | ||
| 771 | p = rsa->p; | ||
| 772 | q = rsa->q; | ||
| 773 | } | ||
| 774 | |||
| 775 | MONT_HELPER(rsa->_method_mod_p, ctx, p, rsa->flags & RSA_FLAG_CACHE_PRIVATE, goto err); | ||
| 776 | MONT_HELPER(rsa->_method_mod_q, ctx, q, rsa->flags & RSA_FLAG_CACHE_PRIVATE, goto err); | ||
| 777 | } | ||
| 709 | 778 | ||
| 710 | if (rsa->flags & RSA_FLAG_CACHE_PRIVATE) | 779 | MONT_HELPER(rsa->_method_mod_n, ctx, rsa->n, rsa->flags & RSA_FLAG_CACHE_PUBLIC, goto err); |
| 780 | |||
| 781 | /* compute I mod q */ | ||
| 782 | if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) | ||
| 711 | { | 783 | { |
| 712 | if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_p, | 784 | c = &local_c; |
| 713 | CRYPTO_LOCK_RSA, rsa->p, ctx)) | 785 | BN_with_flags(c, I, BN_FLG_CONSTTIME); |
| 714 | goto err; | 786 | if (!BN_mod(r1,c,rsa->q,ctx)) goto err; |
| 715 | if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_q, | 787 | } |
| 716 | CRYPTO_LOCK_RSA, rsa->q, ctx)) | 788 | else |
| 717 | goto err; | 789 | { |
| 790 | if (!BN_mod(r1,I,rsa->q,ctx)) goto err; | ||
| 718 | } | 791 | } |
| 719 | 792 | ||
| 720 | if (!BN_mod(&r1,I,rsa->q,ctx)) goto err; | 793 | /* compute r1^dmq1 mod q */ |
| 721 | if (!(rsa->flags & RSA_FLAG_NO_EXP_CONSTTIME)) | 794 | if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) |
| 722 | { | 795 | { |
| 723 | dmq1 = &local_dmq1; | 796 | dmq1 = &local_dmq1; |
| 724 | BN_with_flags(dmq1, rsa->dmq1, BN_FLG_EXP_CONSTTIME); | 797 | BN_with_flags(dmq1, rsa->dmq1, BN_FLG_CONSTTIME); |
| 725 | } | 798 | } |
| 726 | else | 799 | else |
| 727 | dmq1 = rsa->dmq1; | 800 | dmq1 = rsa->dmq1; |
| 728 | if (!rsa->meth->bn_mod_exp(&m1,&r1,dmq1,rsa->q,ctx, | 801 | if (!rsa->meth->bn_mod_exp(m1,r1,dmq1,rsa->q,ctx, |
| 729 | rsa->_method_mod_q)) goto err; | 802 | rsa->_method_mod_q)) goto err; |
| 730 | 803 | ||
| 731 | if (!BN_mod(&r1,I,rsa->p,ctx)) goto err; | 804 | /* compute I mod p */ |
| 732 | if (!(rsa->flags & RSA_FLAG_NO_EXP_CONSTTIME)) | 805 | if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) |
| 806 | { | ||
| 807 | c = &local_c; | ||
| 808 | BN_with_flags(c, I, BN_FLG_CONSTTIME); | ||
| 809 | if (!BN_mod(r1,c,rsa->p,ctx)) goto err; | ||
| 810 | } | ||
| 811 | else | ||
| 812 | { | ||
| 813 | if (!BN_mod(r1,I,rsa->p,ctx)) goto err; | ||
| 814 | } | ||
| 815 | |||
| 816 | /* compute r1^dmp1 mod p */ | ||
| 817 | if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) | ||
| 733 | { | 818 | { |
| 734 | dmp1 = &local_dmp1; | 819 | dmp1 = &local_dmp1; |
| 735 | BN_with_flags(dmp1, rsa->dmp1, BN_FLG_EXP_CONSTTIME); | 820 | BN_with_flags(dmp1, rsa->dmp1, BN_FLG_CONSTTIME); |
| 736 | } | 821 | } |
| 737 | else | 822 | else |
| 738 | dmp1 = rsa->dmp1; | 823 | dmp1 = rsa->dmp1; |
| 739 | if (!rsa->meth->bn_mod_exp(r0,&r1,dmp1,rsa->p,ctx, | 824 | if (!rsa->meth->bn_mod_exp(r0,r1,dmp1,rsa->p,ctx, |
| 740 | rsa->_method_mod_p)) goto err; | 825 | rsa->_method_mod_p)) goto err; |
| 741 | 826 | ||
| 742 | if (!BN_sub(r0,r0,&m1)) goto err; | 827 | if (!BN_sub(r0,r0,m1)) goto err; |
| 743 | /* This will help stop the size of r0 increasing, which does | 828 | /* This will help stop the size of r0 increasing, which does |
| 744 | * affect the multiply if it optimised for a power of 2 size */ | 829 | * affect the multiply if it optimised for a power of 2 size */ |
| 745 | if (r0->neg) | 830 | if (BN_is_negative(r0)) |
| 746 | if (!BN_add(r0,r0,rsa->p)) goto err; | 831 | if (!BN_add(r0,r0,rsa->p)) goto err; |
| 747 | 832 | ||
| 748 | if (!BN_mul(&r1,r0,rsa->iqmp,ctx)) goto err; | 833 | if (!BN_mul(r1,r0,rsa->iqmp,ctx)) goto err; |
| 749 | if (!BN_mod(r0,&r1,rsa->p,ctx)) goto err; | 834 | |
| 835 | /* Turn BN_FLG_CONSTTIME flag on before division operation */ | ||
| 836 | if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) | ||
| 837 | { | ||
| 838 | pr1 = &local_r1; | ||
| 839 | BN_with_flags(pr1, r1, BN_FLG_CONSTTIME); | ||
| 840 | } | ||
| 841 | else | ||
| 842 | pr1 = r1; | ||
| 843 | if (!BN_mod(r0,pr1,rsa->p,ctx)) goto err; | ||
| 844 | |||
| 750 | /* If p < q it is occasionally possible for the correction of | 845 | /* If p < q it is occasionally possible for the correction of |
| 751 | * adding 'p' if r0 is negative above to leave the result still | 846 | * adding 'p' if r0 is negative above to leave the result still |
| 752 | * negative. This can break the private key operations: the following | 847 | * negative. This can break the private key operations: the following |
| @@ -754,23 +849,23 @@ static int RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa) | |||
| 754 | * This will *never* happen with OpenSSL generated keys because | 849 | * This will *never* happen with OpenSSL generated keys because |
| 755 | * they ensure p > q [steve] | 850 | * they ensure p > q [steve] |
| 756 | */ | 851 | */ |
| 757 | if (r0->neg) | 852 | if (BN_is_negative(r0)) |
| 758 | if (!BN_add(r0,r0,rsa->p)) goto err; | 853 | if (!BN_add(r0,r0,rsa->p)) goto err; |
| 759 | if (!BN_mul(&r1,r0,rsa->q,ctx)) goto err; | 854 | if (!BN_mul(r1,r0,rsa->q,ctx)) goto err; |
| 760 | if (!BN_add(r0,&r1,&m1)) goto err; | 855 | if (!BN_add(r0,r1,m1)) goto err; |
| 761 | 856 | ||
| 762 | if (rsa->e && rsa->n) | 857 | if (rsa->e && rsa->n) |
| 763 | { | 858 | { |
| 764 | if (!rsa->meth->bn_mod_exp(&vrfy,r0,rsa->e,rsa->n,ctx,NULL)) goto err; | 859 | if (!rsa->meth->bn_mod_exp(vrfy,r0,rsa->e,rsa->n,ctx,rsa->_method_mod_n)) goto err; |
| 765 | /* If 'I' was greater than (or equal to) rsa->n, the operation | 860 | /* If 'I' was greater than (or equal to) rsa->n, the operation |
| 766 | * will be equivalent to using 'I mod n'. However, the result of | 861 | * will be equivalent to using 'I mod n'. However, the result of |
| 767 | * the verify will *always* be less than 'n' so we don't check | 862 | * the verify will *always* be less than 'n' so we don't check |
| 768 | * for absolute equality, just congruency. */ | 863 | * for absolute equality, just congruency. */ |
| 769 | if (!BN_sub(&vrfy, &vrfy, I)) goto err; | 864 | if (!BN_sub(vrfy, vrfy, I)) goto err; |
| 770 | if (!BN_mod(&vrfy, &vrfy, rsa->n, ctx)) goto err; | 865 | if (!BN_mod(vrfy, vrfy, rsa->n, ctx)) goto err; |
| 771 | if (vrfy.neg) | 866 | if (BN_is_negative(vrfy)) |
| 772 | if (!BN_add(&vrfy, &vrfy, rsa->n)) goto err; | 867 | if (!BN_add(vrfy, vrfy, rsa->n)) goto err; |
| 773 | if (!BN_is_zero(&vrfy)) | 868 | if (!BN_is_zero(vrfy)) |
| 774 | { | 869 | { |
| 775 | /* 'I' and 'vrfy' aren't congruent mod n. Don't leak | 870 | /* 'I' and 'vrfy' aren't congruent mod n. Don't leak |
| 776 | * miscalculated CRT output, just do a raw (slower) | 871 | * miscalculated CRT output, just do a raw (slower) |
| @@ -779,22 +874,20 @@ static int RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa) | |||
| 779 | BIGNUM local_d; | 874 | BIGNUM local_d; |
| 780 | BIGNUM *d = NULL; | 875 | BIGNUM *d = NULL; |
| 781 | 876 | ||
| 782 | if (!(rsa->flags & RSA_FLAG_NO_EXP_CONSTTIME)) | 877 | if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) |
| 783 | { | 878 | { |
| 784 | d = &local_d; | 879 | d = &local_d; |
| 785 | BN_with_flags(d, rsa->d, BN_FLG_EXP_CONSTTIME); | 880 | BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME); |
| 786 | } | 881 | } |
| 787 | else | 882 | else |
| 788 | d = rsa->d; | 883 | d = rsa->d; |
| 789 | if (!rsa->meth->bn_mod_exp(r0,I,d,rsa->n,ctx,NULL)) goto err; | 884 | if (!rsa->meth->bn_mod_exp(r0,I,d,rsa->n,ctx, |
| 885 | rsa->_method_mod_n)) goto err; | ||
| 790 | } | 886 | } |
| 791 | } | 887 | } |
| 792 | ret=1; | 888 | ret=1; |
| 793 | err: | 889 | err: |
| 794 | BN_clear_free(&m1); | 890 | BN_CTX_end(ctx); |
| 795 | BN_clear_free(&r1); | ||
| 796 | BN_clear_free(&vrfy); | ||
| 797 | BN_CTX_free(ctx); | ||
| 798 | return(ret); | 891 | return(ret); |
| 799 | } | 892 | } |
| 800 | 893 | ||
diff --git a/src/lib/libssl/src/crypto/rsa/rsa_err.c b/src/lib/libssl/src/crypto/rsa/rsa_err.c index ddcb28e663..fe3ba1b44b 100644 --- a/src/lib/libssl/src/crypto/rsa/rsa_err.c +++ b/src/lib/libssl/src/crypto/rsa/rsa_err.c | |||
| @@ -71,14 +71,21 @@ | |||
| 71 | static ERR_STRING_DATA RSA_str_functs[]= | 71 | static ERR_STRING_DATA RSA_str_functs[]= |
| 72 | { | 72 | { |
| 73 | {ERR_FUNC(RSA_F_MEMORY_LOCK), "MEMORY_LOCK"}, | 73 | {ERR_FUNC(RSA_F_MEMORY_LOCK), "MEMORY_LOCK"}, |
| 74 | {ERR_FUNC(RSA_F_RSA_BUILTIN_KEYGEN), "RSA_BUILTIN_KEYGEN"}, | ||
| 74 | {ERR_FUNC(RSA_F_RSA_CHECK_KEY), "RSA_check_key"}, | 75 | {ERR_FUNC(RSA_F_RSA_CHECK_KEY), "RSA_check_key"}, |
| 75 | {ERR_FUNC(RSA_F_RSA_EAY_PRIVATE_DECRYPT), "RSA_EAY_PRIVATE_DECRYPT"}, | 76 | {ERR_FUNC(RSA_F_RSA_EAY_PRIVATE_DECRYPT), "RSA_EAY_PRIVATE_DECRYPT"}, |
| 76 | {ERR_FUNC(RSA_F_RSA_EAY_PRIVATE_ENCRYPT), "RSA_EAY_PRIVATE_ENCRYPT"}, | 77 | {ERR_FUNC(RSA_F_RSA_EAY_PRIVATE_ENCRYPT), "RSA_EAY_PRIVATE_ENCRYPT"}, |
| 77 | {ERR_FUNC(RSA_F_RSA_EAY_PUBLIC_DECRYPT), "RSA_EAY_PUBLIC_DECRYPT"}, | 78 | {ERR_FUNC(RSA_F_RSA_EAY_PUBLIC_DECRYPT), "RSA_EAY_PUBLIC_DECRYPT"}, |
| 78 | {ERR_FUNC(RSA_F_RSA_EAY_PUBLIC_ENCRYPT), "RSA_EAY_PUBLIC_ENCRYPT"}, | 79 | {ERR_FUNC(RSA_F_RSA_EAY_PUBLIC_ENCRYPT), "RSA_EAY_PUBLIC_ENCRYPT"}, |
| 79 | {ERR_FUNC(RSA_F_RSA_GENERATE_KEY), "RSA_generate_key"}, | 80 | {ERR_FUNC(RSA_F_RSA_GENERATE_KEY), "RSA_generate_key"}, |
| 81 | {ERR_FUNC(RSA_F_RSA_MEMORY_LOCK), "RSA_memory_lock"}, | ||
| 80 | {ERR_FUNC(RSA_F_RSA_NEW_METHOD), "RSA_new_method"}, | 82 | {ERR_FUNC(RSA_F_RSA_NEW_METHOD), "RSA_new_method"}, |
| 81 | {ERR_FUNC(RSA_F_RSA_NULL), "RSA_NULL"}, | 83 | {ERR_FUNC(RSA_F_RSA_NULL), "RSA_NULL"}, |
| 84 | {ERR_FUNC(RSA_F_RSA_NULL_MOD_EXP), "RSA_NULL_MOD_EXP"}, | ||
| 85 | {ERR_FUNC(RSA_F_RSA_NULL_PRIVATE_DECRYPT), "RSA_NULL_PRIVATE_DECRYPT"}, | ||
| 86 | {ERR_FUNC(RSA_F_RSA_NULL_PRIVATE_ENCRYPT), "RSA_NULL_PRIVATE_ENCRYPT"}, | ||
| 87 | {ERR_FUNC(RSA_F_RSA_NULL_PUBLIC_DECRYPT), "RSA_NULL_PUBLIC_DECRYPT"}, | ||
| 88 | {ERR_FUNC(RSA_F_RSA_NULL_PUBLIC_ENCRYPT), "RSA_NULL_PUBLIC_ENCRYPT"}, | ||
| 82 | {ERR_FUNC(RSA_F_RSA_PADDING_ADD_NONE), "RSA_padding_add_none"}, | 89 | {ERR_FUNC(RSA_F_RSA_PADDING_ADD_NONE), "RSA_padding_add_none"}, |
| 83 | {ERR_FUNC(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP), "RSA_padding_add_PKCS1_OAEP"}, | 90 | {ERR_FUNC(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP), "RSA_padding_add_PKCS1_OAEP"}, |
| 84 | {ERR_FUNC(RSA_F_RSA_PADDING_ADD_PKCS1_PSS), "RSA_padding_add_PKCS1_PSS"}, | 91 | {ERR_FUNC(RSA_F_RSA_PADDING_ADD_PKCS1_PSS), "RSA_padding_add_PKCS1_PSS"}, |
| @@ -94,6 +101,7 @@ static ERR_STRING_DATA RSA_str_functs[]= | |||
| 94 | {ERR_FUNC(RSA_F_RSA_PADDING_CHECK_X931), "RSA_padding_check_X931"}, | 101 | {ERR_FUNC(RSA_F_RSA_PADDING_CHECK_X931), "RSA_padding_check_X931"}, |
| 95 | {ERR_FUNC(RSA_F_RSA_PRINT), "RSA_print"}, | 102 | {ERR_FUNC(RSA_F_RSA_PRINT), "RSA_print"}, |
| 96 | {ERR_FUNC(RSA_F_RSA_PRINT_FP), "RSA_print_fp"}, | 103 | {ERR_FUNC(RSA_F_RSA_PRINT_FP), "RSA_print_fp"}, |
| 104 | {ERR_FUNC(RSA_F_RSA_SETUP_BLINDING), "RSA_setup_blinding"}, | ||
| 97 | {ERR_FUNC(RSA_F_RSA_SIGN), "RSA_sign"}, | 105 | {ERR_FUNC(RSA_F_RSA_SIGN), "RSA_sign"}, |
| 98 | {ERR_FUNC(RSA_F_RSA_SIGN_ASN1_OCTET_STRING), "RSA_sign_ASN1_OCTET_STRING"}, | 106 | {ERR_FUNC(RSA_F_RSA_SIGN_ASN1_OCTET_STRING), "RSA_sign_ASN1_OCTET_STRING"}, |
| 99 | {ERR_FUNC(RSA_F_RSA_VERIFY), "RSA_verify"}, | 107 | {ERR_FUNC(RSA_F_RSA_VERIFY), "RSA_verify"}, |
| @@ -130,20 +138,21 @@ static ERR_STRING_DATA RSA_str_reasons[]= | |||
| 130 | {ERR_REASON(RSA_R_KEY_SIZE_TOO_SMALL) ,"key size too small"}, | 138 | {ERR_REASON(RSA_R_KEY_SIZE_TOO_SMALL) ,"key size too small"}, |
| 131 | {ERR_REASON(RSA_R_LAST_OCTET_INVALID) ,"last octet invalid"}, | 139 | {ERR_REASON(RSA_R_LAST_OCTET_INVALID) ,"last octet invalid"}, |
| 132 | {ERR_REASON(RSA_R_MODULUS_TOO_LARGE) ,"modulus too large"}, | 140 | {ERR_REASON(RSA_R_MODULUS_TOO_LARGE) ,"modulus too large"}, |
| 141 | {ERR_REASON(RSA_R_NO_PUBLIC_EXPONENT) ,"no public exponent"}, | ||
| 133 | {ERR_REASON(RSA_R_NULL_BEFORE_BLOCK_MISSING),"null before block missing"}, | 142 | {ERR_REASON(RSA_R_NULL_BEFORE_BLOCK_MISSING),"null before block missing"}, |
| 134 | {ERR_REASON(RSA_R_N_DOES_NOT_EQUAL_P_Q) ,"n does not equal p q"}, | 143 | {ERR_REASON(RSA_R_N_DOES_NOT_EQUAL_P_Q) ,"n does not equal p q"}, |
| 135 | {ERR_REASON(RSA_R_OAEP_DECODING_ERROR) ,"oaep decoding error"}, | 144 | {ERR_REASON(RSA_R_OAEP_DECODING_ERROR) ,"oaep decoding error"}, |
| 136 | {ERR_REASON(RSA_R_SLEN_RECOVERY_FAILED) ,"salt length recovery failed"}, | ||
| 137 | {ERR_REASON(RSA_R_PADDING_CHECK_FAILED) ,"padding check failed"}, | 145 | {ERR_REASON(RSA_R_PADDING_CHECK_FAILED) ,"padding check failed"}, |
| 138 | {ERR_REASON(RSA_R_P_NOT_PRIME) ,"p not prime"}, | 146 | {ERR_REASON(RSA_R_P_NOT_PRIME) ,"p not prime"}, |
| 139 | {ERR_REASON(RSA_R_Q_NOT_PRIME) ,"q not prime"}, | 147 | {ERR_REASON(RSA_R_Q_NOT_PRIME) ,"q not prime"}, |
| 140 | {ERR_REASON(RSA_R_RSA_OPERATIONS_NOT_SUPPORTED),"rsa operations not supported"}, | 148 | {ERR_REASON(RSA_R_RSA_OPERATIONS_NOT_SUPPORTED),"rsa operations not supported"}, |
| 149 | {ERR_REASON(RSA_R_SLEN_CHECK_FAILED) ,"salt length check failed"}, | ||
| 150 | {ERR_REASON(RSA_R_SLEN_RECOVERY_FAILED) ,"salt length recovery failed"}, | ||
| 141 | {ERR_REASON(RSA_R_SSLV3_ROLLBACK_ATTACK) ,"sslv3 rollback attack"}, | 151 | {ERR_REASON(RSA_R_SSLV3_ROLLBACK_ATTACK) ,"sslv3 rollback attack"}, |
| 142 | {ERR_REASON(RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD),"the asn1 object identifier is not known for this md"}, | 152 | {ERR_REASON(RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD),"the asn1 object identifier is not known for this md"}, |
| 143 | {ERR_REASON(RSA_R_UNKNOWN_ALGORITHM_TYPE),"unknown algorithm type"}, | 153 | {ERR_REASON(RSA_R_UNKNOWN_ALGORITHM_TYPE),"unknown algorithm type"}, |
| 144 | {ERR_REASON(RSA_R_UNKNOWN_PADDING_TYPE) ,"unknown padding type"}, | 154 | {ERR_REASON(RSA_R_UNKNOWN_PADDING_TYPE) ,"unknown padding type"}, |
| 145 | {ERR_REASON(RSA_R_WRONG_SIGNATURE_LENGTH),"wrong signature length"}, | 155 | {ERR_REASON(RSA_R_WRONG_SIGNATURE_LENGTH),"wrong signature length"}, |
| 146 | {ERR_REASON(RSA_R_SLEN_CHECK_FAILED) ,"salt length check failed"}, | ||
| 147 | {0,NULL} | 156 | {0,NULL} |
| 148 | }; | 157 | }; |
| 149 | 158 | ||
| @@ -151,15 +160,12 @@ static ERR_STRING_DATA RSA_str_reasons[]= | |||
| 151 | 160 | ||
| 152 | void ERR_load_RSA_strings(void) | 161 | void ERR_load_RSA_strings(void) |
| 153 | { | 162 | { |
| 154 | static int init=1; | 163 | #ifndef OPENSSL_NO_ERR |
| 155 | 164 | ||
| 156 | if (init) | 165 | if (ERR_func_error_string(RSA_str_functs[0].error) == NULL) |
| 157 | { | 166 | { |
| 158 | init=0; | ||
| 159 | #ifndef OPENSSL_NO_ERR | ||
| 160 | ERR_load_strings(0,RSA_str_functs); | 167 | ERR_load_strings(0,RSA_str_functs); |
| 161 | ERR_load_strings(0,RSA_str_reasons); | 168 | ERR_load_strings(0,RSA_str_reasons); |
| 162 | #endif | ||
| 163 | |||
| 164 | } | 169 | } |
| 170 | #endif | ||
| 165 | } | 171 | } |
diff --git a/src/lib/libssl/src/crypto/rsa/rsa_gen.c b/src/lib/libssl/src/crypto/rsa/rsa_gen.c index dd1422cc98..767f7ab682 100644 --- a/src/lib/libssl/src/crypto/rsa/rsa_gen.c +++ b/src/lib/libssl/src/crypto/rsa/rsa_gen.c | |||
| @@ -56,26 +56,42 @@ | |||
| 56 | * [including the GNU Public Licence.] | 56 | * [including the GNU Public Licence.] |
| 57 | */ | 57 | */ |
| 58 | 58 | ||
| 59 | |||
| 60 | /* NB: these functions have been "upgraded", the deprecated versions (which are | ||
| 61 | * compatibility wrappers using these functions) are in rsa_depr.c. | ||
| 62 | * - Geoff | ||
| 63 | */ | ||
| 64 | |||
| 59 | #include <stdio.h> | 65 | #include <stdio.h> |
| 60 | #include <time.h> | 66 | #include <time.h> |
| 61 | #include "cryptlib.h" | 67 | #include "cryptlib.h" |
| 62 | #include <openssl/bn.h> | 68 | #include <openssl/bn.h> |
| 63 | #include <openssl/rsa.h> | 69 | #include <openssl/rsa.h> |
| 64 | 70 | ||
| 65 | #ifndef OPENSSL_FIPS | 71 | static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb); |
| 66 | 72 | ||
| 67 | RSA *RSA_generate_key(int bits, unsigned long e_value, | 73 | /* NB: this wrapper would normally be placed in rsa_lib.c and the static |
| 68 | void (*callback)(int,int,void *), void *cb_arg) | 74 | * implementation would probably be in rsa_eay.c. Nonetheless, is kept here so |
| 75 | * that we don't introduce a new linker dependency. Eg. any application that | ||
| 76 | * wasn't previously linking object code related to key-generation won't have to | ||
| 77 | * now just because key-generation is part of RSA_METHOD. */ | ||
| 78 | int RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb) | ||
| 79 | { | ||
| 80 | if(rsa->meth->rsa_keygen) | ||
| 81 | return rsa->meth->rsa_keygen(rsa, bits, e_value, cb); | ||
| 82 | return rsa_builtin_keygen(rsa, bits, e_value, cb); | ||
| 83 | } | ||
| 84 | |||
| 85 | static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb) | ||
| 69 | { | 86 | { |
| 70 | RSA *rsa=NULL; | ||
| 71 | BIGNUM *r0=NULL,*r1=NULL,*r2=NULL,*r3=NULL,*tmp; | 87 | BIGNUM *r0=NULL,*r1=NULL,*r2=NULL,*r3=NULL,*tmp; |
| 72 | int bitsp,bitsq,ok= -1,n=0,i; | 88 | BIGNUM local_r0,local_d,local_p; |
| 73 | BN_CTX *ctx=NULL,*ctx2=NULL; | 89 | BIGNUM *pr0,*d,*p; |
| 90 | int bitsp,bitsq,ok= -1,n=0; | ||
| 91 | BN_CTX *ctx=NULL; | ||
| 74 | 92 | ||
| 75 | ctx=BN_CTX_new(); | 93 | ctx=BN_CTX_new(); |
| 76 | if (ctx == NULL) goto err; | 94 | if (ctx == NULL) goto err; |
| 77 | ctx2=BN_CTX_new(); | ||
| 78 | if (ctx2 == NULL) goto err; | ||
| 79 | BN_CTX_start(ctx); | 95 | BN_CTX_start(ctx); |
| 80 | r0 = BN_CTX_get(ctx); | 96 | r0 = BN_CTX_get(ctx); |
| 81 | r1 = BN_CTX_get(ctx); | 97 | r1 = BN_CTX_get(ctx); |
| @@ -85,49 +101,58 @@ RSA *RSA_generate_key(int bits, unsigned long e_value, | |||
| 85 | 101 | ||
| 86 | bitsp=(bits+1)/2; | 102 | bitsp=(bits+1)/2; |
| 87 | bitsq=bits-bitsp; | 103 | bitsq=bits-bitsp; |
| 88 | rsa=RSA_new(); | ||
| 89 | if (rsa == NULL) goto err; | ||
| 90 | 104 | ||
| 91 | /* set e */ | 105 | /* We need the RSA components non-NULL */ |
| 92 | rsa->e=BN_new(); | 106 | if(!rsa->n && ((rsa->n=BN_new()) == NULL)) goto err; |
| 93 | if (rsa->e == NULL) goto err; | 107 | if(!rsa->d && ((rsa->d=BN_new()) == NULL)) goto err; |
| 108 | if(!rsa->e && ((rsa->e=BN_new()) == NULL)) goto err; | ||
| 109 | if(!rsa->p && ((rsa->p=BN_new()) == NULL)) goto err; | ||
| 110 | if(!rsa->q && ((rsa->q=BN_new()) == NULL)) goto err; | ||
| 111 | if(!rsa->dmp1 && ((rsa->dmp1=BN_new()) == NULL)) goto err; | ||
| 112 | if(!rsa->dmq1 && ((rsa->dmq1=BN_new()) == NULL)) goto err; | ||
| 113 | if(!rsa->iqmp && ((rsa->iqmp=BN_new()) == NULL)) goto err; | ||
| 94 | 114 | ||
| 95 | #if 1 | 115 | BN_copy(rsa->e, e_value); |
| 96 | /* The problem is when building with 8, 16, or 32 BN_ULONG, | ||
| 97 | * unsigned long can be larger */ | ||
| 98 | for (i=0; i<sizeof(unsigned long)*8; i++) | ||
| 99 | { | ||
| 100 | if (e_value & (1UL<<i)) | ||
| 101 | BN_set_bit(rsa->e,i); | ||
| 102 | } | ||
| 103 | #else | ||
| 104 | if (!BN_set_word(rsa->e,e_value)) goto err; | ||
| 105 | #endif | ||
| 106 | 116 | ||
| 107 | /* generate p and q */ | 117 | /* generate p and q */ |
| 108 | for (;;) | 118 | for (;;) |
| 109 | { | 119 | { |
| 110 | rsa->p=BN_generate_prime(NULL,bitsp,0,NULL,NULL,callback,cb_arg); | 120 | if(!BN_generate_prime_ex(rsa->p, bitsp, 0, NULL, NULL, cb)) |
| 111 | if (rsa->p == NULL) goto err; | 121 | goto err; |
| 112 | if (!BN_sub(r2,rsa->p,BN_value_one())) goto err; | 122 | if (!BN_sub(r2,rsa->p,BN_value_one())) goto err; |
| 113 | if (!BN_gcd(r1,r2,rsa->e,ctx)) goto err; | 123 | if (!BN_gcd(r1,r2,rsa->e,ctx)) goto err; |
| 114 | if (BN_is_one(r1)) break; | 124 | if (BN_is_one(r1)) break; |
| 115 | if (callback != NULL) callback(2,n++,cb_arg); | 125 | if(!BN_GENCB_call(cb, 2, n++)) |
| 116 | BN_free(rsa->p); | 126 | goto err; |
| 117 | } | 127 | } |
| 118 | if (callback != NULL) callback(3,0,cb_arg); | 128 | if(!BN_GENCB_call(cb, 3, 0)) |
| 129 | goto err; | ||
| 119 | for (;;) | 130 | for (;;) |
| 120 | { | 131 | { |
| 121 | rsa->q=BN_generate_prime(NULL,bitsq,0,NULL,NULL,callback,cb_arg); | 132 | /* When generating ridiculously small keys, we can get stuck |
| 122 | if (rsa->q == NULL) goto err; | 133 | * continually regenerating the same prime values. Check for |
| 134 | * this and bail if it happens 3 times. */ | ||
| 135 | unsigned int degenerate = 0; | ||
| 136 | do | ||
| 137 | { | ||
| 138 | if(!BN_generate_prime_ex(rsa->q, bitsq, 0, NULL, NULL, cb)) | ||
| 139 | goto err; | ||
| 140 | } while((BN_cmp(rsa->p, rsa->q) == 0) && (++degenerate < 3)); | ||
| 141 | if(degenerate == 3) | ||
| 142 | { | ||
| 143 | ok = 0; /* we set our own err */ | ||
| 144 | RSAerr(RSA_F_RSA_BUILTIN_KEYGEN,RSA_R_KEY_SIZE_TOO_SMALL); | ||
| 145 | goto err; | ||
| 146 | } | ||
| 123 | if (!BN_sub(r2,rsa->q,BN_value_one())) goto err; | 147 | if (!BN_sub(r2,rsa->q,BN_value_one())) goto err; |
| 124 | if (!BN_gcd(r1,r2,rsa->e,ctx)) goto err; | 148 | if (!BN_gcd(r1,r2,rsa->e,ctx)) goto err; |
| 125 | if (BN_is_one(r1) && (BN_cmp(rsa->p,rsa->q) != 0)) | 149 | if (BN_is_one(r1)) |
| 126 | break; | 150 | break; |
| 127 | if (callback != NULL) callback(2,n++,cb_arg); | 151 | if(!BN_GENCB_call(cb, 2, n++)) |
| 128 | BN_free(rsa->q); | 152 | goto err; |
| 129 | } | 153 | } |
| 130 | if (callback != NULL) callback(3,1,cb_arg); | 154 | if(!BN_GENCB_call(cb, 3, 1)) |
| 155 | goto err; | ||
| 131 | if (BN_cmp(rsa->p,rsa->q) < 0) | 156 | if (BN_cmp(rsa->p,rsa->q) < 0) |
| 132 | { | 157 | { |
| 133 | tmp=rsa->p; | 158 | tmp=rsa->p; |
| @@ -136,66 +161,59 @@ RSA *RSA_generate_key(int bits, unsigned long e_value, | |||
| 136 | } | 161 | } |
| 137 | 162 | ||
| 138 | /* calculate n */ | 163 | /* calculate n */ |
| 139 | rsa->n=BN_new(); | ||
| 140 | if (rsa->n == NULL) goto err; | ||
| 141 | if (!BN_mul(rsa->n,rsa->p,rsa->q,ctx)) goto err; | 164 | if (!BN_mul(rsa->n,rsa->p,rsa->q,ctx)) goto err; |
| 142 | 165 | ||
| 143 | /* calculate d */ | 166 | /* calculate d */ |
| 144 | if (!BN_sub(r1,rsa->p,BN_value_one())) goto err; /* p-1 */ | 167 | if (!BN_sub(r1,rsa->p,BN_value_one())) goto err; /* p-1 */ |
| 145 | if (!BN_sub(r2,rsa->q,BN_value_one())) goto err; /* q-1 */ | 168 | if (!BN_sub(r2,rsa->q,BN_value_one())) goto err; /* q-1 */ |
| 146 | if (!BN_mul(r0,r1,r2,ctx)) goto err; /* (p-1)(q-1) */ | 169 | if (!BN_mul(r0,r1,r2,ctx)) goto err; /* (p-1)(q-1) */ |
| 147 | 170 | if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) | |
| 148 | /* should not be needed, since gcd(p-1,e) == 1 and gcd(q-1,e) == 1 */ | ||
| 149 | /* for (;;) | ||
| 150 | { | 171 | { |
| 151 | if (!BN_gcd(r3,r0,rsa->e,ctx)) goto err; | 172 | pr0 = &local_r0; |
| 152 | if (BN_is_one(r3)) break; | 173 | BN_with_flags(pr0, r0, BN_FLG_CONSTTIME); |
| 174 | } | ||
| 175 | else | ||
| 176 | pr0 = r0; | ||
| 177 | if (!BN_mod_inverse(rsa->d,rsa->e,pr0,ctx)) goto err; /* d */ | ||
| 153 | 178 | ||
| 154 | if (1) | 179 | /* set up d for correct BN_FLG_CONSTTIME flag */ |
| 155 | { | 180 | if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) |
| 156 | if (!BN_add_word(rsa->e,2L)) goto err; | 181 | { |
| 157 | continue; | 182 | d = &local_d; |
| 158 | } | 183 | BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME); |
| 159 | RSAerr(RSA_F_RSA_GENERATE_KEY,RSA_R_BAD_E_VALUE); | ||
| 160 | goto err; | ||
| 161 | } | 184 | } |
| 162 | */ | 185 | else |
| 163 | rsa->d=BN_mod_inverse(NULL,rsa->e,r0,ctx2); /* d */ | 186 | d = rsa->d; |
| 164 | if (rsa->d == NULL) goto err; | ||
| 165 | 187 | ||
| 166 | /* calculate d mod (p-1) */ | 188 | /* calculate d mod (p-1) */ |
| 167 | rsa->dmp1=BN_new(); | 189 | if (!BN_mod(rsa->dmp1,d,r1,ctx)) goto err; |
| 168 | if (rsa->dmp1 == NULL) goto err; | ||
| 169 | if (!BN_mod(rsa->dmp1,rsa->d,r1,ctx)) goto err; | ||
| 170 | 190 | ||
| 171 | /* calculate d mod (q-1) */ | 191 | /* calculate d mod (q-1) */ |
| 172 | rsa->dmq1=BN_new(); | 192 | if (!BN_mod(rsa->dmq1,d,r2,ctx)) goto err; |
| 173 | if (rsa->dmq1 == NULL) goto err; | ||
| 174 | if (!BN_mod(rsa->dmq1,rsa->d,r2,ctx)) goto err; | ||
| 175 | 193 | ||
| 176 | /* calculate inverse of q mod p */ | 194 | /* calculate inverse of q mod p */ |
| 177 | rsa->iqmp=BN_mod_inverse(NULL,rsa->q,rsa->p,ctx2); | 195 | if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) |
| 178 | if (rsa->iqmp == NULL) goto err; | 196 | { |
| 197 | p = &local_p; | ||
| 198 | BN_with_flags(p, rsa->p, BN_FLG_CONSTTIME); | ||
| 199 | } | ||
| 200 | else | ||
| 201 | p = rsa->p; | ||
| 202 | if (!BN_mod_inverse(rsa->iqmp,rsa->q,p,ctx)) goto err; | ||
| 179 | 203 | ||
| 180 | ok=1; | 204 | ok=1; |
| 181 | err: | 205 | err: |
| 182 | if (ok == -1) | 206 | if (ok == -1) |
| 183 | { | 207 | { |
| 184 | RSAerr(RSA_F_RSA_GENERATE_KEY,ERR_LIB_BN); | 208 | RSAerr(RSA_F_RSA_BUILTIN_KEYGEN,ERR_LIB_BN); |
| 185 | ok=0; | 209 | ok=0; |
| 186 | } | 210 | } |
| 187 | if (ctx != NULL) | 211 | if (ctx != NULL) |
| 188 | BN_CTX_end(ctx); | ||
| 189 | BN_CTX_free(ctx); | ||
| 190 | BN_CTX_free(ctx2); | ||
| 191 | |||
| 192 | if (!ok) | ||
| 193 | { | 212 | { |
| 194 | if (rsa != NULL) RSA_free(rsa); | 213 | BN_CTX_end(ctx); |
| 195 | return(NULL); | 214 | BN_CTX_free(ctx); |
| 196 | } | 215 | } |
| 197 | else | 216 | |
| 198 | return(rsa); | 217 | return ok; |
| 199 | } | 218 | } |
| 200 | 219 | ||
| 201 | #endif | ||
diff --git a/src/lib/libssl/src/crypto/rsa/rsa_lib.c b/src/lib/libssl/src/crypto/rsa/rsa_lib.c index e4d622851e..104aa4c1f2 100644 --- a/src/lib/libssl/src/crypto/rsa/rsa_lib.c +++ b/src/lib/libssl/src/crypto/rsa/rsa_lib.c | |||
| @@ -67,7 +67,7 @@ | |||
| 67 | #include <openssl/engine.h> | 67 | #include <openssl/engine.h> |
| 68 | #endif | 68 | #endif |
| 69 | 69 | ||
| 70 | const char *RSA_version="RSA" OPENSSL_VERSION_PTEXT; | 70 | const char RSA_version[]="RSA" OPENSSL_VERSION_PTEXT; |
| 71 | 71 | ||
| 72 | static const RSA_METHOD *default_RSA_meth=NULL; | 72 | static const RSA_METHOD *default_RSA_meth=NULL; |
| 73 | 73 | ||
| @@ -179,6 +179,7 @@ RSA *RSA_new_method(ENGINE *engine) | |||
| 179 | ret->_method_mod_p=NULL; | 179 | ret->_method_mod_p=NULL; |
| 180 | ret->_method_mod_q=NULL; | 180 | ret->_method_mod_q=NULL; |
| 181 | ret->blinding=NULL; | 181 | ret->blinding=NULL; |
| 182 | ret->mt_blinding=NULL; | ||
| 182 | ret->bignum_data=NULL; | 183 | ret->bignum_data=NULL; |
| 183 | ret->flags=ret->meth->flags; | 184 | ret->flags=ret->meth->flags; |
| 184 | CRYPTO_new_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data); | 185 | CRYPTO_new_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data); |
| @@ -232,6 +233,7 @@ void RSA_free(RSA *r) | |||
| 232 | if (r->dmq1 != NULL) BN_clear_free(r->dmq1); | 233 | if (r->dmq1 != NULL) BN_clear_free(r->dmq1); |
| 233 | if (r->iqmp != NULL) BN_clear_free(r->iqmp); | 234 | if (r->iqmp != NULL) BN_clear_free(r->iqmp); |
| 234 | if (r->blinding != NULL) BN_BLINDING_free(r->blinding); | 235 | if (r->blinding != NULL) BN_BLINDING_free(r->blinding); |
| 236 | if (r->mt_blinding != NULL) BN_BLINDING_free(r->mt_blinding); | ||
| 235 | if (r->bignum_data != NULL) OPENSSL_free_locked(r->bignum_data); | 237 | if (r->bignum_data != NULL) OPENSSL_free_locked(r->bignum_data); |
| 236 | OPENSSL_free(r); | 238 | OPENSSL_free(r); |
| 237 | } | 239 | } |
| @@ -314,59 +316,117 @@ void RSA_blinding_off(RSA *rsa) | |||
| 314 | rsa->flags |= RSA_FLAG_NO_BLINDING; | 316 | rsa->flags |= RSA_FLAG_NO_BLINDING; |
| 315 | } | 317 | } |
| 316 | 318 | ||
| 317 | int RSA_blinding_on(RSA *rsa, BN_CTX *p_ctx) | 319 | int RSA_blinding_on(RSA *rsa, BN_CTX *ctx) |
| 318 | { | 320 | { |
| 319 | BIGNUM *A,*Ai = NULL; | ||
| 320 | BN_CTX *ctx; | ||
| 321 | int ret=0; | 321 | int ret=0; |
| 322 | 322 | ||
| 323 | if (p_ctx == NULL) | 323 | if (rsa->blinding != NULL) |
| 324 | RSA_blinding_off(rsa); | ||
| 325 | |||
| 326 | rsa->blinding = RSA_setup_blinding(rsa, ctx); | ||
| 327 | if (rsa->blinding == NULL) | ||
| 328 | goto err; | ||
| 329 | |||
| 330 | rsa->flags |= RSA_FLAG_BLINDING; | ||
| 331 | rsa->flags &= ~RSA_FLAG_NO_BLINDING; | ||
| 332 | ret=1; | ||
| 333 | err: | ||
| 334 | return(ret); | ||
| 335 | } | ||
| 336 | |||
| 337 | static BIGNUM *rsa_get_public_exp(const BIGNUM *d, const BIGNUM *p, | ||
| 338 | const BIGNUM *q, BN_CTX *ctx) | ||
| 339 | { | ||
| 340 | BIGNUM *ret = NULL, *r0, *r1, *r2; | ||
| 341 | |||
| 342 | if (d == NULL || p == NULL || q == NULL) | ||
| 343 | return NULL; | ||
| 344 | |||
| 345 | BN_CTX_start(ctx); | ||
| 346 | r0 = BN_CTX_get(ctx); | ||
| 347 | r1 = BN_CTX_get(ctx); | ||
| 348 | r2 = BN_CTX_get(ctx); | ||
| 349 | if (r2 == NULL) | ||
| 350 | goto err; | ||
| 351 | |||
| 352 | if (!BN_sub(r1, p, BN_value_one())) goto err; | ||
| 353 | if (!BN_sub(r2, q, BN_value_one())) goto err; | ||
| 354 | if (!BN_mul(r0, r1, r2, ctx)) goto err; | ||
| 355 | |||
| 356 | ret = BN_mod_inverse(NULL, d, r0, ctx); | ||
| 357 | err: | ||
| 358 | BN_CTX_end(ctx); | ||
| 359 | return ret; | ||
| 360 | } | ||
| 361 | |||
| 362 | BN_BLINDING *RSA_setup_blinding(RSA *rsa, BN_CTX *in_ctx) | ||
| 363 | { | ||
| 364 | BIGNUM local_n; | ||
| 365 | BIGNUM *e,*n; | ||
| 366 | BN_CTX *ctx; | ||
| 367 | BN_BLINDING *ret = NULL; | ||
| 368 | |||
| 369 | if (in_ctx == NULL) | ||
| 324 | { | 370 | { |
| 325 | if ((ctx=BN_CTX_new()) == NULL) goto err; | 371 | if ((ctx = BN_CTX_new()) == NULL) return 0; |
| 326 | } | 372 | } |
| 327 | else | 373 | else |
| 328 | ctx=p_ctx; | 374 | ctx = in_ctx; |
| 329 | 375 | ||
| 330 | /* XXXXX: Shouldn't this be RSA_blinding_off(rsa)? */ | 376 | BN_CTX_start(ctx); |
| 331 | if (rsa->blinding != NULL) | 377 | e = BN_CTX_get(ctx); |
| 378 | if (e == NULL) | ||
| 332 | { | 379 | { |
| 333 | BN_BLINDING_free(rsa->blinding); | 380 | RSAerr(RSA_F_RSA_SETUP_BLINDING, ERR_R_MALLOC_FAILURE); |
| 334 | rsa->blinding = NULL; | 381 | goto err; |
| 335 | } | 382 | } |
| 336 | 383 | ||
| 337 | /* NB: similar code appears in setup_blinding (rsa_eay.c); | 384 | if (rsa->e == NULL) |
| 338 | * this should be placed in a new function of its own, but for reasons | 385 | { |
| 339 | * of binary compatibility can't */ | 386 | e = rsa_get_public_exp(rsa->d, rsa->p, rsa->q, ctx); |
| 387 | if (e == NULL) | ||
| 388 | { | ||
| 389 | RSAerr(RSA_F_RSA_SETUP_BLINDING, RSA_R_NO_PUBLIC_EXPONENT); | ||
| 390 | goto err; | ||
| 391 | } | ||
| 392 | } | ||
| 393 | else | ||
| 394 | e = rsa->e; | ||
| 340 | 395 | ||
| 341 | BN_CTX_start(ctx); | 396 | |
| 342 | A = BN_CTX_get(ctx); | ||
| 343 | if ((RAND_status() == 0) && rsa->d != NULL && rsa->d->d != NULL) | 397 | if ((RAND_status() == 0) && rsa->d != NULL && rsa->d->d != NULL) |
| 344 | { | 398 | { |
| 345 | /* if PRNG is not properly seeded, resort to secret exponent as unpredictable seed */ | 399 | /* if PRNG is not properly seeded, resort to secret |
| 346 | RAND_add(rsa->d->d, rsa->d->dmax * sizeof rsa->d->d[0], 0); | 400 | * exponent as unpredictable seed */ |
| 347 | if (!BN_pseudo_rand_range(A,rsa->n)) goto err; | 401 | RAND_add(rsa->d->d, rsa->d->dmax * sizeof rsa->d->d[0], 0.0); |
| 348 | } | 402 | } |
| 349 | else | 403 | |
| 404 | if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) | ||
| 350 | { | 405 | { |
| 351 | if (!BN_rand_range(A,rsa->n)) goto err; | 406 | /* Set BN_FLG_CONSTTIME flag */ |
| 407 | n = &local_n; | ||
| 408 | BN_with_flags(n, rsa->n, BN_FLG_CONSTTIME); | ||
| 352 | } | 409 | } |
| 353 | if ((Ai=BN_mod_inverse(NULL,A,rsa->n,ctx)) == NULL) goto err; | 410 | else |
| 411 | n = rsa->n; | ||
| 354 | 412 | ||
| 355 | if (!rsa->meth->bn_mod_exp(A,A,rsa->e,rsa->n,ctx,rsa->_method_mod_n)) | 413 | ret = BN_BLINDING_create_param(NULL, e, n, ctx, |
| 414 | rsa->meth->bn_mod_exp, rsa->_method_mod_n); | ||
| 415 | if (ret == NULL) | ||
| 416 | { | ||
| 417 | RSAerr(RSA_F_RSA_SETUP_BLINDING, ERR_R_BN_LIB); | ||
| 356 | goto err; | 418 | goto err; |
| 357 | if ((rsa->blinding=BN_BLINDING_new(A,Ai,rsa->n)) == NULL) goto err; | 419 | } |
| 358 | /* to make things thread-safe without excessive locking, | 420 | BN_BLINDING_set_thread_id(ret, CRYPTO_thread_id()); |
| 359 | * rsa->blinding will be used just by the current thread: */ | ||
| 360 | rsa->blinding->thread_id = CRYPTO_thread_id(); | ||
| 361 | rsa->flags |= RSA_FLAG_BLINDING; | ||
| 362 | rsa->flags &= ~RSA_FLAG_NO_BLINDING; | ||
| 363 | ret=1; | ||
| 364 | err: | 421 | err: |
| 365 | if (Ai != NULL) BN_free(Ai); | ||
| 366 | BN_CTX_end(ctx); | 422 | BN_CTX_end(ctx); |
| 367 | if (ctx != p_ctx) BN_CTX_free(ctx); | 423 | if (in_ctx == NULL) |
| 368 | return(ret); | 424 | BN_CTX_free(ctx); |
| 369 | } | 425 | if(rsa->e == NULL) |
| 426 | BN_free(e); | ||
| 427 | |||
| 428 | return ret; | ||
| 429 | } | ||
| 370 | 430 | ||
| 371 | int RSA_memory_lock(RSA *r) | 431 | int RSA_memory_lock(RSA *r) |
| 372 | { | 432 | { |
| @@ -389,7 +449,7 @@ int RSA_memory_lock(RSA *r) | |||
| 389 | j+= (*t[i])->top; | 449 | j+= (*t[i])->top; |
| 390 | if ((p=OPENSSL_malloc_locked((off+j)*sizeof(BN_ULONG))) == NULL) | 450 | if ((p=OPENSSL_malloc_locked((off+j)*sizeof(BN_ULONG))) == NULL) |
| 391 | { | 451 | { |
| 392 | RSAerr(RSA_F_MEMORY_LOCK,ERR_R_MALLOC_FAILURE); | 452 | RSAerr(RSA_F_RSA_MEMORY_LOCK,ERR_R_MALLOC_FAILURE); |
| 393 | return(0); | 453 | return(0); |
| 394 | } | 454 | } |
| 395 | bn=(BIGNUM *)p; | 455 | bn=(BIGNUM *)p; |
diff --git a/src/lib/libssl/src/crypto/rsa/rsa_null.c b/src/lib/libssl/src/crypto/rsa/rsa_null.c index 64057fbdcf..491572c82b 100644 --- a/src/lib/libssl/src/crypto/rsa/rsa_null.c +++ b/src/lib/libssl/src/crypto/rsa/rsa_null.c | |||
| @@ -94,6 +94,9 @@ static RSA_METHOD rsa_null_meth={ | |||
| 94 | RSA_null_finish, | 94 | RSA_null_finish, |
| 95 | 0, | 95 | 0, |
| 96 | NULL, | 96 | NULL, |
| 97 | NULL, | ||
| 98 | NULL, | ||
| 99 | NULL | ||
| 97 | }; | 100 | }; |
| 98 | 101 | ||
| 99 | const RSA_METHOD *RSA_null_method(void) | 102 | const RSA_METHOD *RSA_null_method(void) |
| @@ -104,35 +107,35 @@ const RSA_METHOD *RSA_null_method(void) | |||
| 104 | static int RSA_null_public_encrypt(int flen, const unsigned char *from, | 107 | static int RSA_null_public_encrypt(int flen, const unsigned char *from, |
| 105 | unsigned char *to, RSA *rsa, int padding) | 108 | unsigned char *to, RSA *rsa, int padding) |
| 106 | { | 109 | { |
| 107 | RSAerr(RSA_F_RSA_NULL, RSA_R_RSA_OPERATIONS_NOT_SUPPORTED); | 110 | RSAerr(RSA_F_RSA_NULL_PUBLIC_ENCRYPT, RSA_R_RSA_OPERATIONS_NOT_SUPPORTED); |
| 108 | return -1; | 111 | return -1; |
| 109 | } | 112 | } |
| 110 | 113 | ||
| 111 | static int RSA_null_private_encrypt(int flen, const unsigned char *from, | 114 | static int RSA_null_private_encrypt(int flen, const unsigned char *from, |
| 112 | unsigned char *to, RSA *rsa, int padding) | 115 | unsigned char *to, RSA *rsa, int padding) |
| 113 | { | 116 | { |
| 114 | RSAerr(RSA_F_RSA_NULL, RSA_R_RSA_OPERATIONS_NOT_SUPPORTED); | 117 | RSAerr(RSA_F_RSA_NULL_PRIVATE_ENCRYPT, RSA_R_RSA_OPERATIONS_NOT_SUPPORTED); |
| 115 | return -1; | 118 | return -1; |
| 116 | } | 119 | } |
| 117 | 120 | ||
| 118 | static int RSA_null_private_decrypt(int flen, const unsigned char *from, | 121 | static int RSA_null_private_decrypt(int flen, const unsigned char *from, |
| 119 | unsigned char *to, RSA *rsa, int padding) | 122 | unsigned char *to, RSA *rsa, int padding) |
| 120 | { | 123 | { |
| 121 | RSAerr(RSA_F_RSA_NULL, RSA_R_RSA_OPERATIONS_NOT_SUPPORTED); | 124 | RSAerr(RSA_F_RSA_NULL_PRIVATE_DECRYPT, RSA_R_RSA_OPERATIONS_NOT_SUPPORTED); |
| 122 | return -1; | 125 | return -1; |
| 123 | } | 126 | } |
| 124 | 127 | ||
| 125 | static int RSA_null_public_decrypt(int flen, const unsigned char *from, | 128 | static int RSA_null_public_decrypt(int flen, const unsigned char *from, |
| 126 | unsigned char *to, RSA *rsa, int padding) | 129 | unsigned char *to, RSA *rsa, int padding) |
| 127 | { | 130 | { |
| 128 | RSAerr(RSA_F_RSA_NULL, RSA_R_RSA_OPERATIONS_NOT_SUPPORTED); | 131 | RSAerr(RSA_F_RSA_NULL_PUBLIC_DECRYPT, RSA_R_RSA_OPERATIONS_NOT_SUPPORTED); |
| 129 | return -1; | 132 | return -1; |
| 130 | } | 133 | } |
| 131 | 134 | ||
| 132 | #if 0 /* not currently used */ | 135 | #if 0 /* not currently used */ |
| 133 | static int RSA_null_mod_exp(BIGNUM *r0, BIGNUM *I, RSA *rsa) | 136 | static int RSA_null_mod_exp(BIGNUM *r0, BIGNUM *I, RSA *rsa) |
| 134 | { | 137 | { |
| 135 | RSAerr(RSA_F_RSA_NULL, RSA_R_RSA_OPERATIONS_NOT_SUPPORTED); | 138 | ...err(RSA_F_RSA_NULL_MOD_EXP, RSA_R_RSA_OPERATIONS_NOT_SUPPORTED); |
| 136 | return -1; | 139 | return -1; |
| 137 | } | 140 | } |
| 138 | #endif | 141 | #endif |
| @@ -146,5 +149,3 @@ static int RSA_null_finish(RSA *rsa) | |||
| 146 | { | 149 | { |
| 147 | return(1); | 150 | return(1); |
| 148 | } | 151 | } |
| 149 | |||
| 150 | |||
diff --git a/src/lib/libssl/src/crypto/rsa/rsa_oaep.c b/src/lib/libssl/src/crypto/rsa/rsa_oaep.c index d43ecaca63..3652677a99 100644 --- a/src/lib/libssl/src/crypto/rsa/rsa_oaep.c +++ b/src/lib/libssl/src/crypto/rsa/rsa_oaep.c | |||
| @@ -28,6 +28,9 @@ | |||
| 28 | #include <openssl/rand.h> | 28 | #include <openssl/rand.h> |
| 29 | #include <openssl/sha.h> | 29 | #include <openssl/sha.h> |
| 30 | 30 | ||
| 31 | int MGF1(unsigned char *mask, long len, | ||
| 32 | const unsigned char *seed, long seedlen); | ||
| 33 | |||
| 31 | int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen, | 34 | int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen, |
| 32 | const unsigned char *from, int flen, | 35 | const unsigned char *from, int flen, |
| 33 | const unsigned char *param, int plen) | 36 | const unsigned char *param, int plen) |
| @@ -73,13 +76,11 @@ int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen, | |||
| 73 | 20); | 76 | 20); |
| 74 | #endif | 77 | #endif |
| 75 | 78 | ||
| 76 | PKCS1_MGF1(dbmask, emlen - SHA_DIGEST_LENGTH, seed, SHA_DIGEST_LENGTH, | 79 | MGF1(dbmask, emlen - SHA_DIGEST_LENGTH, seed, SHA_DIGEST_LENGTH); |
| 77 | EVP_sha1()); | ||
| 78 | for (i = 0; i < emlen - SHA_DIGEST_LENGTH; i++) | 80 | for (i = 0; i < emlen - SHA_DIGEST_LENGTH; i++) |
| 79 | db[i] ^= dbmask[i]; | 81 | db[i] ^= dbmask[i]; |
| 80 | 82 | ||
| 81 | PKCS1_MGF1(seedmask, SHA_DIGEST_LENGTH, db, emlen - SHA_DIGEST_LENGTH, | 83 | MGF1(seedmask, SHA_DIGEST_LENGTH, db, emlen - SHA_DIGEST_LENGTH); |
| 82 | EVP_sha1()); | ||
| 83 | for (i = 0; i < SHA_DIGEST_LENGTH; i++) | 84 | for (i = 0; i < SHA_DIGEST_LENGTH; i++) |
| 84 | seed[i] ^= seedmask[i]; | 85 | seed[i] ^= seedmask[i]; |
| 85 | 86 | ||
| @@ -95,6 +96,7 @@ int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen, | |||
| 95 | const unsigned char *maskeddb; | 96 | const unsigned char *maskeddb; |
| 96 | int lzero; | 97 | int lzero; |
| 97 | unsigned char *db = NULL, seed[SHA_DIGEST_LENGTH], phash[SHA_DIGEST_LENGTH]; | 98 | unsigned char *db = NULL, seed[SHA_DIGEST_LENGTH], phash[SHA_DIGEST_LENGTH]; |
| 99 | unsigned char *padded_from; | ||
| 98 | int bad = 0; | 100 | int bad = 0; |
| 99 | 101 | ||
| 100 | if (--num < 2 * SHA_DIGEST_LENGTH + 1) | 102 | if (--num < 2 * SHA_DIGEST_LENGTH + 1) |
| @@ -105,8 +107,6 @@ int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen, | |||
| 105 | lzero = num - flen; | 107 | lzero = num - flen; |
| 106 | if (lzero < 0) | 108 | if (lzero < 0) |
| 107 | { | 109 | { |
| 108 | /* lzero == -1 */ | ||
| 109 | |||
| 110 | /* signalling this error immediately after detection might allow | 110 | /* signalling this error immediately after detection might allow |
| 111 | * for side-channel attacks (e.g. timing if 'plen' is huge | 111 | * for side-channel attacks (e.g. timing if 'plen' is huge |
| 112 | * -- cf. James H. Manger, "A Chosen Ciphertext Attack on RSA Optimal | 112 | * -- cf. James H. Manger, "A Chosen Ciphertext Attack on RSA Optimal |
| @@ -114,22 +114,30 @@ int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen, | |||
| 114 | * so we use a 'bad' flag */ | 114 | * so we use a 'bad' flag */ |
| 115 | bad = 1; | 115 | bad = 1; |
| 116 | lzero = 0; | 116 | lzero = 0; |
| 117 | flen = num; /* don't overflow the memcpy to padded_from */ | ||
| 117 | } | 118 | } |
| 118 | maskeddb = from - lzero + SHA_DIGEST_LENGTH; | ||
| 119 | 119 | ||
| 120 | dblen = num - SHA_DIGEST_LENGTH; | 120 | dblen = num - SHA_DIGEST_LENGTH; |
| 121 | db = OPENSSL_malloc(dblen); | 121 | db = OPENSSL_malloc(dblen + num); |
| 122 | if (db == NULL) | 122 | if (db == NULL) |
| 123 | { | 123 | { |
| 124 | RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP, ERR_R_MALLOC_FAILURE); | 124 | RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP, ERR_R_MALLOC_FAILURE); |
| 125 | return -1; | 125 | return -1; |
| 126 | } | 126 | } |
| 127 | 127 | ||
| 128 | PKCS1_MGF1(seed, SHA_DIGEST_LENGTH, maskeddb, dblen, EVP_sha1()); | 128 | /* Always do this zero-padding copy (even when lzero == 0) |
| 129 | for (i = lzero; i < SHA_DIGEST_LENGTH; i++) | 129 | * to avoid leaking timing info about the value of lzero. */ |
| 130 | seed[i] ^= from[i - lzero]; | 130 | padded_from = db + dblen; |
| 131 | memset(padded_from, 0, lzero); | ||
| 132 | memcpy(padded_from + lzero, from, flen); | ||
| 133 | |||
| 134 | maskeddb = padded_from + SHA_DIGEST_LENGTH; | ||
| 135 | |||
| 136 | MGF1(seed, SHA_DIGEST_LENGTH, maskeddb, dblen); | ||
| 137 | for (i = 0; i < SHA_DIGEST_LENGTH; i++) | ||
| 138 | seed[i] ^= padded_from[i]; | ||
| 131 | 139 | ||
| 132 | PKCS1_MGF1(db, dblen, seed, SHA_DIGEST_LENGTH, EVP_sha1()); | 140 | MGF1(db, dblen, seed, SHA_DIGEST_LENGTH); |
| 133 | for (i = 0; i < dblen; i++) | 141 | for (i = 0; i < dblen; i++) |
| 134 | db[i] ^= maskeddb[i]; | 142 | db[i] ^= maskeddb[i]; |
| 135 | 143 | ||
| @@ -142,13 +150,13 @@ int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen, | |||
| 142 | for (i = SHA_DIGEST_LENGTH; i < dblen; i++) | 150 | for (i = SHA_DIGEST_LENGTH; i < dblen; i++) |
| 143 | if (db[i] != 0x00) | 151 | if (db[i] != 0x00) |
| 144 | break; | 152 | break; |
| 145 | if (db[i] != 0x01 || i++ >= dblen) | 153 | if (i == dblen || db[i] != 0x01) |
| 146 | goto decoding_err; | 154 | goto decoding_err; |
| 147 | else | 155 | else |
| 148 | { | 156 | { |
| 149 | /* everything looks OK */ | 157 | /* everything looks OK */ |
| 150 | 158 | ||
| 151 | mlen = dblen - i; | 159 | mlen = dblen - ++i; |
| 152 | if (tlen < mlen) | 160 | if (tlen < mlen) |
| 153 | { | 161 | { |
| 154 | RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP, RSA_R_DATA_TOO_LARGE); | 162 | RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP, RSA_R_DATA_TOO_LARGE); |
diff --git a/src/lib/libssl/src/crypto/rsa/rsa_saos.c b/src/lib/libssl/src/crypto/rsa/rsa_saos.c index 24fc94835e..f98e0a80a6 100644 --- a/src/lib/libssl/src/crypto/rsa/rsa_saos.c +++ b/src/lib/libssl/src/crypto/rsa/rsa_saos.c | |||
| @@ -107,7 +107,8 @@ int RSA_verify_ASN1_OCTET_STRING(int dtype, | |||
| 107 | RSA *rsa) | 107 | RSA *rsa) |
| 108 | { | 108 | { |
| 109 | int i,ret=0; | 109 | int i,ret=0; |
| 110 | unsigned char *p,*s; | 110 | unsigned char *s; |
| 111 | const unsigned char *p; | ||
| 111 | ASN1_OCTET_STRING *sig=NULL; | 112 | ASN1_OCTET_STRING *sig=NULL; |
| 112 | 113 | ||
| 113 | if (siglen != (unsigned int)RSA_size(rsa)) | 114 | if (siglen != (unsigned int)RSA_size(rsa)) |
diff --git a/src/lib/libssl/src/crypto/rsa/rsa_sign.c b/src/lib/libssl/src/crypto/rsa/rsa_sign.c index db86f1ac58..71aabeea1b 100644 --- a/src/lib/libssl/src/crypto/rsa/rsa_sign.c +++ b/src/lib/libssl/src/crypto/rsa/rsa_sign.c | |||
| @@ -146,7 +146,7 @@ int RSA_verify(int dtype, const unsigned char *m, unsigned int m_len, | |||
| 146 | unsigned char *sigbuf, unsigned int siglen, RSA *rsa) | 146 | unsigned char *sigbuf, unsigned int siglen, RSA *rsa) |
| 147 | { | 147 | { |
| 148 | int i,ret=0,sigtype; | 148 | int i,ret=0,sigtype; |
| 149 | unsigned char *p,*s; | 149 | unsigned char *s; |
| 150 | X509_SIG *sig=NULL; | 150 | X509_SIG *sig=NULL; |
| 151 | 151 | ||
| 152 | if (siglen != (unsigned int)RSA_size(rsa)) | 152 | if (siglen != (unsigned int)RSA_size(rsa)) |
| @@ -181,7 +181,7 @@ int RSA_verify(int dtype, const unsigned char *m, unsigned int m_len, | |||
| 181 | RSAerr(RSA_F_RSA_VERIFY,RSA_R_BAD_SIGNATURE); | 181 | RSAerr(RSA_F_RSA_VERIFY,RSA_R_BAD_SIGNATURE); |
| 182 | else ret = 1; | 182 | else ret = 1; |
| 183 | } else { | 183 | } else { |
| 184 | p=s; | 184 | const unsigned char *p=s; |
| 185 | sig=d2i_X509_SIG(NULL,&p,(long)i); | 185 | sig=d2i_X509_SIG(NULL,&p,(long)i); |
| 186 | 186 | ||
| 187 | if (sig == NULL) goto err; | 187 | if (sig == NULL) goto err; |
diff --git a/src/lib/libssl/src/crypto/rsa/rsa_test.c b/src/lib/libssl/src/crypto/rsa/rsa_test.c index 218bb2a39b..4080de8bcf 100644 --- a/src/lib/libssl/src/crypto/rsa/rsa_test.c +++ b/src/lib/libssl/src/crypto/rsa/rsa_test.c | |||
| @@ -8,6 +8,7 @@ | |||
| 8 | #include <openssl/crypto.h> | 8 | #include <openssl/crypto.h> |
| 9 | #include <openssl/err.h> | 9 | #include <openssl/err.h> |
| 10 | #include <openssl/rand.h> | 10 | #include <openssl/rand.h> |
| 11 | #include <openssl/bn.h> | ||
| 11 | #ifdef OPENSSL_NO_RSA | 12 | #ifdef OPENSSL_NO_RSA |
| 12 | int main(int argc, char *argv[]) | 13 | int main(int argc, char *argv[]) |
| 13 | { | 14 | { |
| @@ -218,6 +219,7 @@ int main(int argc, char *argv[]) | |||
| 218 | int plen; | 219 | int plen; |
| 219 | int clen = 0; | 220 | int clen = 0; |
| 220 | int num; | 221 | int num; |
| 222 | int n; | ||
| 221 | 223 | ||
| 222 | CRYPTO_malloc_debug_init(); | 224 | CRYPTO_malloc_debug_init(); |
| 223 | CRYPTO_dbg_set_options(V_CRYPTO_MDEBUG_ALL); | 225 | CRYPTO_dbg_set_options(V_CRYPTO_MDEBUG_ALL); |
| @@ -241,7 +243,7 @@ int main(int argc, char *argv[]) | |||
| 241 | clen = key3(key, ctext_ex); | 243 | clen = key3(key, ctext_ex); |
| 242 | break; | 244 | break; |
| 243 | } | 245 | } |
| 244 | if (v/3 > 1) key->flags |= RSA_FLAG_NO_EXP_CONSTTIME; | 246 | if (v/3 >= 1) key->flags |= RSA_FLAG_NO_CONSTTIME; |
| 245 | 247 | ||
| 246 | num = RSA_public_encrypt(plen, ptext_ex, ctext, key, | 248 | num = RSA_public_encrypt(plen, ptext_ex, ctext, key, |
| 247 | RSA_PKCS1_PADDING); | 249 | RSA_PKCS1_PADDING); |
| @@ -277,7 +279,7 @@ int main(int argc, char *argv[]) | |||
| 277 | err=1; | 279 | err=1; |
| 278 | goto next; | 280 | goto next; |
| 279 | } | 281 | } |
| 280 | 282 | ||
| 281 | num = RSA_private_decrypt(num, ctext, ptext, key, | 283 | num = RSA_private_decrypt(num, ctext, ptext, key, |
| 282 | RSA_PKCS1_OAEP_PADDING); | 284 | RSA_PKCS1_OAEP_PADDING); |
| 283 | if (num != plen || memcmp(ptext, ptext_ex, num) != 0) | 285 | if (num != plen || memcmp(ptext, ptext_ex, num) != 0) |
| @@ -286,10 +288,7 @@ int main(int argc, char *argv[]) | |||
| 286 | err=1; | 288 | err=1; |
| 287 | } | 289 | } |
| 288 | else if (memcmp(ctext, ctext_ex, num) == 0) | 290 | else if (memcmp(ctext, ctext_ex, num) == 0) |
| 289 | { | ||
| 290 | printf("OAEP test vector %d passed!\n", v); | 291 | printf("OAEP test vector %d passed!\n", v); |
| 291 | goto next; | ||
| 292 | } | ||
| 293 | 292 | ||
| 294 | /* Different ciphertexts (rsa_oaep.c without -DPKCS_TESTVECT). | 293 | /* Different ciphertexts (rsa_oaep.c without -DPKCS_TESTVECT). |
| 295 | Try decrypting ctext_ex */ | 294 | Try decrypting ctext_ex */ |
| @@ -304,6 +303,26 @@ int main(int argc, char *argv[]) | |||
| 304 | } | 303 | } |
| 305 | else | 304 | else |
| 306 | printf("OAEP encryption/decryption ok\n"); | 305 | printf("OAEP encryption/decryption ok\n"); |
| 306 | |||
| 307 | /* Try decrypting corrupted ciphertexts */ | ||
| 308 | for(n = 0 ; n < clen ; ++n) | ||
| 309 | { | ||
| 310 | int b; | ||
| 311 | unsigned char saved = ctext[n]; | ||
| 312 | for(b = 0 ; b < 256 ; ++b) | ||
| 313 | { | ||
| 314 | if(b == saved) | ||
| 315 | continue; | ||
| 316 | ctext[n] = b; | ||
| 317 | num = RSA_private_decrypt(num, ctext, ptext, key, | ||
| 318 | RSA_PKCS1_OAEP_PADDING); | ||
| 319 | if(num > 0) | ||
| 320 | { | ||
| 321 | printf("Corrupt data decrypted!\n"); | ||
| 322 | err = 1; | ||
| 323 | } | ||
| 324 | } | ||
| 325 | } | ||
| 307 | next: | 326 | next: |
| 308 | RSA_free(key); | 327 | RSA_free(key); |
| 309 | } | 328 | } |
| @@ -313,6 +332,9 @@ int main(int argc, char *argv[]) | |||
| 313 | 332 | ||
| 314 | CRYPTO_mem_leaks_fp(stderr); | 333 | CRYPTO_mem_leaks_fp(stderr); |
| 315 | 334 | ||
| 335 | #ifdef OPENSSL_SYS_NETWARE | ||
| 336 | if (err) printf("ERROR: %d\n", err); | ||
| 337 | #endif | ||
| 316 | return err; | 338 | return err; |
| 317 | } | 339 | } |
| 318 | #endif | 340 | #endif |
diff --git a/src/lib/libssl/src/crypto/sha/asm/sha1-586.pl b/src/lib/libssl/src/crypto/sha/asm/sha1-586.pl index 041acc0348..0b4dab2bd5 100644 --- a/src/lib/libssl/src/crypto/sha/asm/sha1-586.pl +++ b/src/lib/libssl/src/crypto/sha/asm/sha1-586.pl | |||
| @@ -1,4 +1,16 @@ | |||
| 1 | #!/usr/local/bin/perl | 1 | #!/usr/bin/env perl |
| 2 | |||
| 3 | # ==================================================================== | ||
| 4 | # [Re]written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL | ||
| 5 | # project. The module is, however, dual licensed under OpenSSL and | ||
| 6 | # CRYPTOGAMS licenses depending on where you obtain it. For further | ||
| 7 | # details see http://www.openssl.org/~appro/cryptogams/. | ||
| 8 | # ==================================================================== | ||
| 9 | |||
| 10 | # "[Re]written" was achieved in two major overhauls. In 2004 BODY_* | ||
| 11 | # functions were re-implemented to address P4 performance issue [see | ||
| 12 | # commentary below], and in 2006 the rest was rewritten in order to | ||
| 13 | # gain freedom to liberate licensing terms. | ||
| 2 | 14 | ||
| 3 | # It was noted that Intel IA-32 C compiler generates code which | 15 | # It was noted that Intel IA-32 C compiler generates code which |
| 4 | # performs ~30% *faster* on P4 CPU than original *hand-coded* | 16 | # performs ~30% *faster* on P4 CPU than original *hand-coded* |
| @@ -9,7 +21,7 @@ | |||
| 9 | # | 21 | # |
| 10 | # compared with original compared with Intel cc | 22 | # compared with original compared with Intel cc |
| 11 | # assembler impl. generated code | 23 | # assembler impl. generated code |
| 12 | # Pentium -25% +37% | 24 | # Pentium -16% +48% |
| 13 | # PIII/AMD +8% +16% | 25 | # PIII/AMD +8% +16% |
| 14 | # P4 +85%(!) +45% | 26 | # P4 +85%(!) +45% |
| 15 | # | 27 | # |
| @@ -17,174 +29,115 @@ | |||
| 17 | # improvement on P4 outweights the loss and incorporate this | 29 | # improvement on P4 outweights the loss and incorporate this |
| 18 | # re-tuned code to 0.9.7 and later. | 30 | # re-tuned code to 0.9.7 and later. |
| 19 | # ---------------------------------------------------------------- | 31 | # ---------------------------------------------------------------- |
| 20 | # Those who for any particular reason absolutely must score on | ||
| 21 | # Pentium can replace this module with one from 0.9.6 distribution. | ||
| 22 | # This "offer" shall be revoked the moment programming interface to | ||
| 23 | # this module is changed, in which case this paragraph should be | ||
| 24 | # removed. | ||
| 25 | # ---------------------------------------------------------------- | ||
| 26 | # <appro@fy.chalmers.se> | 32 | # <appro@fy.chalmers.se> |
| 27 | 33 | ||
| 28 | $normal=0; | 34 | $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; |
| 29 | 35 | push(@INC,"${dir}","${dir}../../perlasm"); | |
| 30 | push(@INC,"perlasm","../../perlasm"); | ||
| 31 | require "x86asm.pl"; | 36 | require "x86asm.pl"; |
| 32 | 37 | ||
| 33 | &asm_init($ARGV[0],"sha1-586.pl",$ARGV[$#ARGV] eq "386"); | 38 | &asm_init($ARGV[0],"sha1-586.pl",$ARGV[$#ARGV] eq "386"); |
| 34 | 39 | ||
| 35 | $A="eax"; | 40 | $A="eax"; |
| 36 | $B="ecx"; | 41 | $B="ebx"; |
| 37 | $C="ebx"; | 42 | $C="ecx"; |
| 38 | $D="edx"; | 43 | $D="edx"; |
| 39 | $E="edi"; | 44 | $E="edi"; |
| 40 | $T="esi"; | 45 | $T="esi"; |
| 41 | $tmp1="ebp"; | 46 | $tmp1="ebp"; |
| 42 | 47 | ||
| 43 | $off=9*4; | 48 | @V=($A,$B,$C,$D,$E,$T); |
| 44 | |||
| 45 | @K=(0x5a827999,0x6ed9eba1,0x8f1bbcdc,0xca62c1d6); | ||
| 46 | |||
| 47 | &sha1_block_data("sha1_block_asm_data_order"); | ||
| 48 | |||
| 49 | &asm_finish(); | ||
| 50 | |||
| 51 | sub Nn | ||
| 52 | { | ||
| 53 | local($p)=@_; | ||
| 54 | local(%n)=($A,$T,$B,$A,$C,$B,$D,$C,$E,$D,$T,$E); | ||
| 55 | return($n{$p}); | ||
| 56 | } | ||
| 57 | |||
| 58 | sub Np | ||
| 59 | { | ||
| 60 | local($p)=@_; | ||
| 61 | local(%n)=($A,$T,$B,$A,$C,$B,$D,$C,$E,$D,$T,$E); | ||
| 62 | local(%n)=($A,$B,$B,$C,$C,$D,$D,$E,$E,$T,$T,$A); | ||
| 63 | return($n{$p}); | ||
| 64 | } | ||
| 65 | |||
| 66 | sub Na | ||
| 67 | { | ||
| 68 | local($n)=@_; | ||
| 69 | return( (($n )&0x0f), | ||
| 70 | (($n+ 2)&0x0f), | ||
| 71 | (($n+ 8)&0x0f), | ||
| 72 | (($n+13)&0x0f), | ||
| 73 | (($n+ 1)&0x0f)); | ||
| 74 | } | ||
| 75 | |||
| 76 | sub X_expand | ||
| 77 | { | ||
| 78 | local($in)=@_; | ||
| 79 | |||
| 80 | &comment("First, load the words onto the stack in network byte order"); | ||
| 81 | for ($i=0; $i<16; $i+=2) | ||
| 82 | { | ||
| 83 | &mov($A,&DWP(($i+0)*4,$in,"",0));# unless $i == 0; | ||
| 84 | &mov($B,&DWP(($i+1)*4,$in,"",0)); | ||
| 85 | &bswap($A); | ||
| 86 | &bswap($B); | ||
| 87 | &mov(&swtmp($i+0),$A); | ||
| 88 | &mov(&swtmp($i+1),$B); | ||
| 89 | } | ||
| 90 | |||
| 91 | &comment("We now have the X array on the stack"); | ||
| 92 | &comment("starting at sp-4"); | ||
| 93 | } | ||
| 94 | |||
| 95 | # Rules of engagement | ||
| 96 | # F is always trashable at the start, the running total. | ||
| 97 | # E becomes the next F so it can be trashed after it has been 'accumulated' | ||
| 98 | # F becomes A in the next round. We don't need to access it much. | ||
| 99 | # During the X update part, the result ends up in $X[$n0]. | ||
| 100 | 49 | ||
| 101 | sub BODY_00_15 | 50 | sub BODY_00_15 |
| 102 | { | 51 | { |
| 103 | local($pos,$K,$X,$n,$a,$b,$c,$d,$e,$f)=@_; | 52 | local($n,$a,$b,$c,$d,$e,$f)=@_; |
| 104 | 53 | ||
| 105 | &comment("00_15 $n"); | 54 | &comment("00_15 $n"); |
| 106 | 55 | ||
| 107 | &mov($tmp1,$a); | 56 | &mov($f,$c); # f to hold F_00_19(b,c,d) |
| 108 | &mov($f,$c); # f to hold F_00_19(b,c,d) | 57 | if ($n==0) { &mov($tmp1,$a); } |
| 58 | else { &mov($a,$tmp1); } | ||
| 109 | &rotl($tmp1,5); # tmp1=ROTATE(a,5) | 59 | &rotl($tmp1,5); # tmp1=ROTATE(a,5) |
| 110 | &xor($f,$d); | 60 | &xor($f,$d); |
| 111 | &and($f,$b); | ||
| 112 | &rotr($b,2); # b=ROTATE(b,30) | ||
| 113 | &add($tmp1,$e); # tmp1+=e; | 61 | &add($tmp1,$e); # tmp1+=e; |
| 114 | &mov($e,&swtmp($n)); # e becomes volatile and | 62 | &and($f,$b); |
| 115 | # is loaded with xi | 63 | &mov($e,&swtmp($n%16)); # e becomes volatile and is loaded |
| 116 | &xor($f,$d); # f holds F_00_19(b,c,d) | 64 | # with xi, also note that e becomes |
| 117 | &lea($tmp1,&DWP($K,$tmp1,$e,1));# tmp1+=K_00_19+xi | 65 | # f in next round... |
| 118 | 66 | &xor($f,$d); # f holds F_00_19(b,c,d) | |
| 119 | &add($f,$tmp1); # f+=tmp1 | 67 | &rotr($b,2); # b=ROTATE(b,30) |
| 68 | &lea($tmp1,&DWP(0x5a827999,$tmp1,$e)); # tmp1+=K_00_19+xi | ||
| 69 | |||
| 70 | if ($n==15) { &add($f,$tmp1); } # f+=tmp1 | ||
| 71 | else { &add($tmp1,$f); } # f becomes a in next round | ||
| 120 | } | 72 | } |
| 121 | 73 | ||
| 122 | sub BODY_16_19 | 74 | sub BODY_16_19 |
| 123 | { | 75 | { |
| 124 | local($pos,$K,$X,$n,$a,$b,$c,$d,$e,$f)=@_; | 76 | local($n,$a,$b,$c,$d,$e,$f)=@_; |
| 125 | local($n0,$n1,$n2,$n3,$np)=&Na($n); | ||
| 126 | 77 | ||
| 127 | &comment("16_19 $n"); | 78 | &comment("16_19 $n"); |
| 128 | 79 | ||
| 129 | &mov($f,&swtmp($n1)); # f to hold Xupdate(xi,xa,xb,xc,xd) | 80 | &mov($f,&swtmp($n%16)); # f to hold Xupdate(xi,xa,xb,xc,xd) |
| 130 | &mov($tmp1,$c); # tmp1 to hold F_00_19(b,c,d) | 81 | &mov($tmp1,$c); # tmp1 to hold F_00_19(b,c,d) |
| 131 | &xor($f,&swtmp($n0)); | 82 | &xor($f,&swtmp(($n+2)%16)); |
| 132 | &xor($tmp1,$d); | 83 | &xor($tmp1,$d); |
| 133 | &xor($f,&swtmp($n2)); | 84 | &xor($f,&swtmp(($n+8)%16)); |
| 134 | &and($tmp1,$b); # tmp1 holds F_00_19(b,c,d) | 85 | &and($tmp1,$b); # tmp1 holds F_00_19(b,c,d) |
| 135 | &xor($f,&swtmp($n3)); # f holds xa^xb^xc^xd | 86 | &rotr($b,2); # b=ROTATE(b,30) |
| 136 | &rotr($b,2); # b=ROTATE(b,30) | 87 | &xor($f,&swtmp(($n+13)%16)); # f holds xa^xb^xc^xd |
| 137 | &xor($tmp1,$d); # tmp1=F_00_19(b,c,d) | 88 | &rotl($f,1); # f=ROTATE(f,1) |
| 138 | &rotl($f,1); # f=ROATE(f,1) | 89 | &xor($tmp1,$d); # tmp1=F_00_19(b,c,d) |
| 139 | &mov(&swtmp($n0),$f); # xi=f | 90 | &mov(&swtmp($n%16),$f); # xi=f |
| 140 | &lea($f,&DWP($K,$f,$e,1)); # f+=K_00_19+e | 91 | &lea($f,&DWP(0x5a827999,$f,$e));# f+=K_00_19+e |
| 141 | &mov($e,$a); # e becomes volatile | 92 | &mov($e,$a); # e becomes volatile |
| 142 | &add($f,$tmp1); # f+=F_00_19(b,c,d) | 93 | &rotl($e,5); # e=ROTATE(a,5) |
| 143 | &rotl($e,5); # e=ROTATE(a,5) | 94 | &add($f,$tmp1); # f+=F_00_19(b,c,d) |
| 144 | &add($f,$e); # f+=ROTATE(a,5) | 95 | &add($f,$e); # f+=ROTATE(a,5) |
| 145 | } | 96 | } |
| 146 | 97 | ||
| 147 | sub BODY_20_39 | 98 | sub BODY_20_39 |
| 148 | { | 99 | { |
| 149 | local($pos,$K,$X,$n,$a,$b,$c,$d,$e,$f)=@_; | 100 | local($n,$a,$b,$c,$d,$e,$f)=@_; |
| 101 | local $K=($n<40)?0x6ed9eba1:0xca62c1d6; | ||
| 150 | 102 | ||
| 151 | &comment("20_39 $n"); | 103 | &comment("20_39 $n"); |
| 152 | local($n0,$n1,$n2,$n3,$np)=&Na($n); | ||
| 153 | 104 | ||
| 154 | &mov($f,&swtmp($n0)); # f to hold Xupdate(xi,xa,xb,xc,xd) | 105 | &mov($tmp1,$b); # tmp1 to hold F_20_39(b,c,d) |
| 155 | &mov($tmp1,$b); # tmp1 to hold F_20_39(b,c,d) | 106 | &mov($f,&swtmp($n%16)); # f to hold Xupdate(xi,xa,xb,xc,xd) |
| 156 | &xor($f,&swtmp($n1)); | 107 | &rotr($b,2); # b=ROTATE(b,30) |
| 157 | &rotr($b,2); # b=ROTATE(b,30) | 108 | &xor($f,&swtmp(($n+2)%16)); |
| 158 | &xor($f,&swtmp($n2)); | 109 | &xor($tmp1,$c); |
| 159 | &xor($tmp1,$c); | 110 | &xor($f,&swtmp(($n+8)%16)); |
| 160 | &xor($f,&swtmp($n3)); # f holds xa^xb^xc^xd | 111 | &xor($tmp1,$d); # tmp1 holds F_20_39(b,c,d) |
| 161 | &xor($tmp1,$d); # tmp1 holds F_20_39(b,c,d) | 112 | &xor($f,&swtmp(($n+13)%16)); # f holds xa^xb^xc^xd |
| 162 | &rotl($f,1); # f=ROTATE(f,1) | 113 | &rotl($f,1); # f=ROTATE(f,1) |
| 163 | &mov(&swtmp($n0),$f); # xi=f | 114 | &add($tmp1,$e); |
| 164 | &lea($f,&DWP($K,$f,$e,1)); # f+=K_20_39+e | 115 | &mov(&swtmp($n%16),$f); # xi=f |
| 165 | &mov($e,$a); # e becomes volatile | 116 | &mov($e,$a); # e becomes volatile |
| 166 | &rotl($e,5); # e=ROTATE(a,5) | 117 | &rotl($e,5); # e=ROTATE(a,5) |
| 167 | &add($f,$tmp1); # f+=F_20_39(b,c,d) | 118 | &lea($f,&DWP($K,$f,$tmp1)); # f+=K_20_39+e |
| 168 | &add($f,$e); # f+=ROTATE(a,5) | 119 | &add($f,$e); # f+=ROTATE(a,5) |
| 169 | } | 120 | } |
| 170 | 121 | ||
| 171 | sub BODY_40_59 | 122 | sub BODY_40_59 |
| 172 | { | 123 | { |
| 173 | local($pos,$K,$X,$n,$a,$b,$c,$d,$e,$f)=@_; | 124 | local($n,$a,$b,$c,$d,$e,$f)=@_; |
| 174 | 125 | ||
| 175 | &comment("40_59 $n"); | 126 | &comment("40_59 $n"); |
| 176 | local($n0,$n1,$n2,$n3,$np)=&Na($n); | ||
| 177 | 127 | ||
| 178 | &mov($f,&swtmp($n0)); # f to hold Xupdate(xi,xa,xb,xc,xd) | 128 | &mov($f,&swtmp($n%16)); # f to hold Xupdate(xi,xa,xb,xc,xd) |
| 129 | &mov($tmp1,&swtmp(($n+2)%16)); | ||
| 130 | &xor($f,$tmp1); | ||
| 131 | &mov($tmp1,&swtmp(($n+8)%16)); | ||
| 132 | &xor($f,$tmp1); | ||
| 133 | &mov($tmp1,&swtmp(($n+13)%16)); | ||
| 134 | &xor($f,$tmp1); # f holds xa^xb^xc^xd | ||
| 179 | &mov($tmp1,$b); # tmp1 to hold F_40_59(b,c,d) | 135 | &mov($tmp1,$b); # tmp1 to hold F_40_59(b,c,d) |
| 180 | &xor($f,&swtmp($n1)); | 136 | &rotl($f,1); # f=ROTATE(f,1) |
| 181 | &or($tmp1,$c); | 137 | &or($tmp1,$c); |
| 182 | &xor($f,&swtmp($n2)); | 138 | &mov(&swtmp($n%16),$f); # xi=f |
| 183 | &and($tmp1,$d); | 139 | &and($tmp1,$d); |
| 184 | &xor($f,&swtmp($n3)); # f holds xa^xb^xc^xd | 140 | &lea($f,&DWP(0x8f1bbcdc,$f,$e));# f+=K_40_59+e |
| 185 | &rotl($f,1); # f=ROTATE(f,1) | ||
| 186 | &mov(&swtmp($n0),$f); # xi=f | ||
| 187 | &lea($f,&DWP($K,$f,$e,1)); # f+=K_40_59+e | ||
| 188 | &mov($e,$b); # e becomes volatile and is used | 141 | &mov($e,$b); # e becomes volatile and is used |
| 189 | # to calculate F_40_59(b,c,d) | 142 | # to calculate F_40_59(b,c,d) |
| 190 | &rotr($b,2); # b=ROTATE(b,30) | 143 | &rotr($b,2); # b=ROTATE(b,30) |
| @@ -192,234 +145,75 @@ sub BODY_40_59 | |||
| 192 | &or($tmp1,$e); # tmp1 holds F_40_59(b,c,d) | 145 | &or($tmp1,$e); # tmp1 holds F_40_59(b,c,d) |
| 193 | &mov($e,$a); | 146 | &mov($e,$a); |
| 194 | &rotl($e,5); # e=ROTATE(a,5) | 147 | &rotl($e,5); # e=ROTATE(a,5) |
| 195 | &add($tmp1,$e); # tmp1+=ROTATE(a,5) | 148 | &add($f,$tmp1); # f+=tmp1; |
| 196 | &add($f,$tmp1); # f+=tmp1; | 149 | &add($f,$e); # f+=ROTATE(a,5) |
| 197 | } | ||
| 198 | |||
| 199 | sub BODY_60_79 | ||
| 200 | { | ||
| 201 | &BODY_20_39(@_); | ||
| 202 | } | 150 | } |
| 203 | 151 | ||
| 204 | sub sha1_block_host | 152 | &function_begin("sha1_block_data_order",16); |
| 205 | { | 153 | &mov($tmp1,&wparam(0)); # SHA_CTX *c |
| 206 | local($name, $sclabel)=@_; | 154 | &mov($T,&wparam(1)); # const void *input |
| 155 | &mov($A,&wparam(2)); # size_t num | ||
| 156 | &stack_push(16); # allocate X[16] | ||
| 157 | &shl($A,6); | ||
| 158 | &add($A,$T); | ||
| 159 | &mov(&wparam(2),$A); # pointer beyond the end of input | ||
| 160 | &mov($E,&DWP(16,$tmp1));# pre-load E | ||
| 207 | 161 | ||
| 208 | &function_begin_B($name,""); | 162 | &set_label("loop",16); |
| 209 | 163 | ||
| 210 | # parameter 1 is the MD5_CTX structure. | 164 | # copy input chunk to X, but reversing byte order! |
| 211 | # A 0 | 165 | for ($i=0; $i<16; $i+=4) |
| 212 | # B 4 | ||
| 213 | # C 8 | ||
| 214 | # D 12 | ||
| 215 | # E 16 | ||
| 216 | |||
| 217 | &mov("ecx", &wparam(2)); | ||
| 218 | &push("esi"); | ||
| 219 | &shl("ecx",6); | ||
| 220 | &mov("esi", &wparam(1)); | ||
| 221 | &push("ebp"); | ||
| 222 | &add("ecx","esi"); # offset to leave on | ||
| 223 | &push("ebx"); | ||
| 224 | &mov("ebp", &wparam(0)); | ||
| 225 | &push("edi"); | ||
| 226 | &mov($D, &DWP(12,"ebp","",0)); | ||
| 227 | &stack_push(18+9); | ||
| 228 | &mov($E, &DWP(16,"ebp","",0)); | ||
| 229 | &mov($C, &DWP( 8,"ebp","",0)); | ||
| 230 | &mov(&swtmp(17),"ecx"); | ||
| 231 | |||
| 232 | &comment("First we need to setup the X array"); | ||
| 233 | |||
| 234 | for ($i=0; $i<16; $i+=2) | ||
| 235 | { | 166 | { |
| 236 | &mov($A,&DWP(($i+0)*4,"esi","",0));# unless $i == 0; | 167 | &mov($A,&DWP(4*($i+0),$T)); |
| 237 | &mov($B,&DWP(($i+1)*4,"esi","",0)); | 168 | &mov($B,&DWP(4*($i+1),$T)); |
| 169 | &mov($C,&DWP(4*($i+2),$T)); | ||
| 170 | &mov($D,&DWP(4*($i+3),$T)); | ||
| 171 | &bswap($A); | ||
| 172 | &bswap($B); | ||
| 173 | &bswap($C); | ||
| 174 | &bswap($D); | ||
| 238 | &mov(&swtmp($i+0),$A); | 175 | &mov(&swtmp($i+0),$A); |
| 239 | &mov(&swtmp($i+1),$B); | 176 | &mov(&swtmp($i+1),$B); |
| 177 | &mov(&swtmp($i+2),$C); | ||
| 178 | &mov(&swtmp($i+3),$D); | ||
| 240 | } | 179 | } |
| 241 | &jmp($sclabel); | 180 | &mov(&wparam(1),$T); # redundant in 1st spin |
| 242 | &function_end_B($name); | 181 | |
| 243 | } | 182 | &mov($A,&DWP(0,$tmp1)); # load SHA_CTX |
| 244 | 183 | &mov($B,&DWP(4,$tmp1)); | |
| 245 | 184 | &mov($C,&DWP(8,$tmp1)); | |
| 246 | sub sha1_block_data | 185 | &mov($D,&DWP(12,$tmp1)); |
| 247 | { | 186 | # E is pre-loaded |
| 248 | local($name)=@_; | 187 | |
| 249 | 188 | for($i=0;$i<16;$i++) { &BODY_00_15($i,@V); unshift(@V,pop(@V)); } | |
| 250 | &function_begin_B($name,""); | 189 | for(;$i<20;$i++) { &BODY_16_19($i,@V); unshift(@V,pop(@V)); } |
| 251 | 190 | for(;$i<40;$i++) { &BODY_20_39($i,@V); unshift(@V,pop(@V)); } | |
| 252 | # parameter 1 is the MD5_CTX structure. | 191 | for(;$i<60;$i++) { &BODY_40_59($i,@V); unshift(@V,pop(@V)); } |
| 253 | # A 0 | 192 | for(;$i<80;$i++) { &BODY_20_39($i,@V); unshift(@V,pop(@V)); } |
| 254 | # B 4 | 193 | |
| 255 | # C 8 | 194 | (($V[5] eq $D) and ($V[0] eq $E)) or die; # double-check |
| 256 | # D 12 | 195 | |
| 257 | # E 16 | 196 | &mov($tmp1,&wparam(0)); # re-load SHA_CTX* |
| 258 | 197 | &mov($D,&wparam(1)); # D is last "T" and is discarded | |
| 259 | &mov("ecx", &wparam(2)); | 198 | |
| 260 | &push("esi"); | 199 | &add($E,&DWP(0,$tmp1)); # E is last "A"... |
| 261 | &shl("ecx",6); | 200 | &add($T,&DWP(4,$tmp1)); |
| 262 | &mov("esi", &wparam(1)); | 201 | &add($A,&DWP(8,$tmp1)); |
| 263 | &push("ebp"); | 202 | &add($B,&DWP(12,$tmp1)); |
| 264 | &add("ecx","esi"); # offset to leave on | 203 | &add($C,&DWP(16,$tmp1)); |
| 265 | &push("ebx"); | 204 | |
| 266 | &mov("ebp", &wparam(0)); | 205 | &mov(&DWP(0,$tmp1),$E); # update SHA_CTX |
| 267 | &push("edi"); | 206 | &add($D,64); # advance input pointer |
| 268 | &mov($D, &DWP(12,"ebp","",0)); | 207 | &mov(&DWP(4,$tmp1),$T); |
| 269 | &stack_push(18+9); | 208 | &cmp($D,&wparam(2)); # have we reached the end yet? |
| 270 | &mov($E, &DWP(16,"ebp","",0)); | 209 | &mov(&DWP(8,$tmp1),$A); |
| 271 | &mov($C, &DWP( 8,"ebp","",0)); | 210 | &mov($E,$C); # C is last "E" which needs to be "pre-loaded" |
| 272 | &mov(&swtmp(17),"ecx"); | 211 | &mov(&DWP(12,$tmp1),$B); |
| 273 | 212 | &mov($T,$D); # input pointer | |
| 274 | &comment("First we need to setup the X array"); | 213 | &mov(&DWP(16,$tmp1),$C); |
| 275 | 214 | &jb(&label("loop")); | |
| 276 | &set_label("start") unless $normal; | 215 | |
| 277 | 216 | &stack_pop(16); | |
| 278 | &X_expand("esi"); | 217 | &function_end("sha1_block_data_order"); |
| 279 | &mov(&wparam(1),"esi"); | ||
| 280 | |||
| 281 | &set_label("shortcut", 0, 1); | ||
| 282 | &comment(""); | ||
| 283 | &comment("Start processing"); | ||
| 284 | |||
| 285 | # odd start | ||
| 286 | &mov($A, &DWP( 0,"ebp","",0)); | ||
| 287 | &mov($B, &DWP( 4,"ebp","",0)); | ||
| 288 | $X="esp"; | ||
| 289 | &BODY_00_15(-2,$K[0],$X, 0,$A,$B,$C,$D,$E,$T); | ||
| 290 | &BODY_00_15( 0,$K[0],$X, 1,$T,$A,$B,$C,$D,$E); | ||
| 291 | &BODY_00_15( 0,$K[0],$X, 2,$E,$T,$A,$B,$C,$D); | ||
| 292 | &BODY_00_15( 0,$K[0],$X, 3,$D,$E,$T,$A,$B,$C); | ||
| 293 | &BODY_00_15( 0,$K[0],$X, 4,$C,$D,$E,$T,$A,$B); | ||
| 294 | &BODY_00_15( 0,$K[0],$X, 5,$B,$C,$D,$E,$T,$A); | ||
| 295 | &BODY_00_15( 0,$K[0],$X, 6,$A,$B,$C,$D,$E,$T); | ||
| 296 | &BODY_00_15( 0,$K[0],$X, 7,$T,$A,$B,$C,$D,$E); | ||
| 297 | &BODY_00_15( 0,$K[0],$X, 8,$E,$T,$A,$B,$C,$D); | ||
| 298 | &BODY_00_15( 0,$K[0],$X, 9,$D,$E,$T,$A,$B,$C); | ||
| 299 | &BODY_00_15( 0,$K[0],$X,10,$C,$D,$E,$T,$A,$B); | ||
| 300 | &BODY_00_15( 0,$K[0],$X,11,$B,$C,$D,$E,$T,$A); | ||
| 301 | &BODY_00_15( 0,$K[0],$X,12,$A,$B,$C,$D,$E,$T); | ||
| 302 | &BODY_00_15( 0,$K[0],$X,13,$T,$A,$B,$C,$D,$E); | ||
| 303 | &BODY_00_15( 0,$K[0],$X,14,$E,$T,$A,$B,$C,$D); | ||
| 304 | &BODY_00_15( 1,$K[0],$X,15,$D,$E,$T,$A,$B,$C); | ||
| 305 | &BODY_16_19(-1,$K[0],$X,16,$C,$D,$E,$T,$A,$B); | ||
| 306 | &BODY_16_19( 0,$K[0],$X,17,$B,$C,$D,$E,$T,$A); | ||
| 307 | &BODY_16_19( 0,$K[0],$X,18,$A,$B,$C,$D,$E,$T); | ||
| 308 | &BODY_16_19( 1,$K[0],$X,19,$T,$A,$B,$C,$D,$E); | ||
| 309 | |||
| 310 | &BODY_20_39(-1,$K[1],$X,20,$E,$T,$A,$B,$C,$D); | ||
| 311 | &BODY_20_39( 0,$K[1],$X,21,$D,$E,$T,$A,$B,$C); | ||
| 312 | &BODY_20_39( 0,$K[1],$X,22,$C,$D,$E,$T,$A,$B); | ||
| 313 | &BODY_20_39( 0,$K[1],$X,23,$B,$C,$D,$E,$T,$A); | ||
| 314 | &BODY_20_39( 0,$K[1],$X,24,$A,$B,$C,$D,$E,$T); | ||
| 315 | &BODY_20_39( 0,$K[1],$X,25,$T,$A,$B,$C,$D,$E); | ||
| 316 | &BODY_20_39( 0,$K[1],$X,26,$E,$T,$A,$B,$C,$D); | ||
| 317 | &BODY_20_39( 0,$K[1],$X,27,$D,$E,$T,$A,$B,$C); | ||
| 318 | &BODY_20_39( 0,$K[1],$X,28,$C,$D,$E,$T,$A,$B); | ||
| 319 | &BODY_20_39( 0,$K[1],$X,29,$B,$C,$D,$E,$T,$A); | ||
| 320 | &BODY_20_39( 0,$K[1],$X,30,$A,$B,$C,$D,$E,$T); | ||
| 321 | &BODY_20_39( 0,$K[1],$X,31,$T,$A,$B,$C,$D,$E); | ||
| 322 | &BODY_20_39( 0,$K[1],$X,32,$E,$T,$A,$B,$C,$D); | ||
| 323 | &BODY_20_39( 0,$K[1],$X,33,$D,$E,$T,$A,$B,$C); | ||
| 324 | &BODY_20_39( 0,$K[1],$X,34,$C,$D,$E,$T,$A,$B); | ||
| 325 | &BODY_20_39( 0,$K[1],$X,35,$B,$C,$D,$E,$T,$A); | ||
| 326 | &BODY_20_39( 0,$K[1],$X,36,$A,$B,$C,$D,$E,$T); | ||
| 327 | &BODY_20_39( 0,$K[1],$X,37,$T,$A,$B,$C,$D,$E); | ||
| 328 | &BODY_20_39( 0,$K[1],$X,38,$E,$T,$A,$B,$C,$D); | ||
| 329 | &BODY_20_39( 1,$K[1],$X,39,$D,$E,$T,$A,$B,$C); | ||
| 330 | |||
| 331 | &BODY_40_59(-1,$K[2],$X,40,$C,$D,$E,$T,$A,$B); | ||
| 332 | &BODY_40_59( 0,$K[2],$X,41,$B,$C,$D,$E,$T,$A); | ||
| 333 | &BODY_40_59( 0,$K[2],$X,42,$A,$B,$C,$D,$E,$T); | ||
| 334 | &BODY_40_59( 0,$K[2],$X,43,$T,$A,$B,$C,$D,$E); | ||
| 335 | &BODY_40_59( 0,$K[2],$X,44,$E,$T,$A,$B,$C,$D); | ||
| 336 | &BODY_40_59( 0,$K[2],$X,45,$D,$E,$T,$A,$B,$C); | ||
| 337 | &BODY_40_59( 0,$K[2],$X,46,$C,$D,$E,$T,$A,$B); | ||
| 338 | &BODY_40_59( 0,$K[2],$X,47,$B,$C,$D,$E,$T,$A); | ||
| 339 | &BODY_40_59( 0,$K[2],$X,48,$A,$B,$C,$D,$E,$T); | ||
| 340 | &BODY_40_59( 0,$K[2],$X,49,$T,$A,$B,$C,$D,$E); | ||
| 341 | &BODY_40_59( 0,$K[2],$X,50,$E,$T,$A,$B,$C,$D); | ||
| 342 | &BODY_40_59( 0,$K[2],$X,51,$D,$E,$T,$A,$B,$C); | ||
| 343 | &BODY_40_59( 0,$K[2],$X,52,$C,$D,$E,$T,$A,$B); | ||
| 344 | &BODY_40_59( 0,$K[2],$X,53,$B,$C,$D,$E,$T,$A); | ||
| 345 | &BODY_40_59( 0,$K[2],$X,54,$A,$B,$C,$D,$E,$T); | ||
| 346 | &BODY_40_59( 0,$K[2],$X,55,$T,$A,$B,$C,$D,$E); | ||
| 347 | &BODY_40_59( 0,$K[2],$X,56,$E,$T,$A,$B,$C,$D); | ||
| 348 | &BODY_40_59( 0,$K[2],$X,57,$D,$E,$T,$A,$B,$C); | ||
| 349 | &BODY_40_59( 0,$K[2],$X,58,$C,$D,$E,$T,$A,$B); | ||
| 350 | &BODY_40_59( 1,$K[2],$X,59,$B,$C,$D,$E,$T,$A); | ||
| 351 | |||
| 352 | &BODY_60_79(-1,$K[3],$X,60,$A,$B,$C,$D,$E,$T); | ||
| 353 | &BODY_60_79( 0,$K[3],$X,61,$T,$A,$B,$C,$D,$E); | ||
| 354 | &BODY_60_79( 0,$K[3],$X,62,$E,$T,$A,$B,$C,$D); | ||
| 355 | &BODY_60_79( 0,$K[3],$X,63,$D,$E,$T,$A,$B,$C); | ||
| 356 | &BODY_60_79( 0,$K[3],$X,64,$C,$D,$E,$T,$A,$B); | ||
| 357 | &BODY_60_79( 0,$K[3],$X,65,$B,$C,$D,$E,$T,$A); | ||
| 358 | &BODY_60_79( 0,$K[3],$X,66,$A,$B,$C,$D,$E,$T); | ||
| 359 | &BODY_60_79( 0,$K[3],$X,67,$T,$A,$B,$C,$D,$E); | ||
| 360 | &BODY_60_79( 0,$K[3],$X,68,$E,$T,$A,$B,$C,$D); | ||
| 361 | &BODY_60_79( 0,$K[3],$X,69,$D,$E,$T,$A,$B,$C); | ||
| 362 | &BODY_60_79( 0,$K[3],$X,70,$C,$D,$E,$T,$A,$B); | ||
| 363 | &BODY_60_79( 0,$K[3],$X,71,$B,$C,$D,$E,$T,$A); | ||
| 364 | &BODY_60_79( 0,$K[3],$X,72,$A,$B,$C,$D,$E,$T); | ||
| 365 | &BODY_60_79( 0,$K[3],$X,73,$T,$A,$B,$C,$D,$E); | ||
| 366 | &BODY_60_79( 0,$K[3],$X,74,$E,$T,$A,$B,$C,$D); | ||
| 367 | &BODY_60_79( 0,$K[3],$X,75,$D,$E,$T,$A,$B,$C); | ||
| 368 | &BODY_60_79( 0,$K[3],$X,76,$C,$D,$E,$T,$A,$B); | ||
| 369 | &BODY_60_79( 0,$K[3],$X,77,$B,$C,$D,$E,$T,$A); | ||
| 370 | &BODY_60_79( 0,$K[3],$X,78,$A,$B,$C,$D,$E,$T); | ||
| 371 | &BODY_60_79( 2,$K[3],$X,79,$T,$A,$B,$C,$D,$E); | ||
| 372 | |||
| 373 | &comment("End processing"); | ||
| 374 | &comment(""); | ||
| 375 | # D is the tmp value | ||
| 376 | |||
| 377 | # E -> A | ||
| 378 | # T -> B | ||
| 379 | # A -> C | ||
| 380 | # B -> D | ||
| 381 | # C -> E | ||
| 382 | # D -> T | ||
| 383 | |||
| 384 | &mov($tmp1,&wparam(0)); | ||
| 385 | |||
| 386 | &mov($D, &DWP(12,$tmp1,"",0)); | ||
| 387 | &add($D,$B); | ||
| 388 | &mov($B, &DWP( 4,$tmp1,"",0)); | ||
| 389 | &add($B,$T); | ||
| 390 | &mov($T, $A); | ||
| 391 | &mov($A, &DWP( 0,$tmp1,"",0)); | ||
| 392 | &mov(&DWP(12,$tmp1,"",0),$D); | ||
| 393 | |||
| 394 | &add($A,$E); | ||
| 395 | &mov($E, &DWP(16,$tmp1,"",0)); | ||
| 396 | &add($E,$C); | ||
| 397 | &mov($C, &DWP( 8,$tmp1,"",0)); | ||
| 398 | &add($C,$T); | ||
| 399 | |||
| 400 | &mov(&DWP( 0,$tmp1,"",0),$A); | ||
| 401 | &mov("esi",&wparam(1)); | ||
| 402 | &mov(&DWP( 8,$tmp1,"",0),$C); | ||
| 403 | &add("esi",64); | ||
| 404 | &mov("eax",&swtmp(17)); | ||
| 405 | &mov(&DWP(16,$tmp1,"",0),$E); | ||
| 406 | &cmp("esi","eax"); | ||
| 407 | &mov(&DWP( 4,$tmp1,"",0),$B); | ||
| 408 | &jb(&label("start")); | ||
| 409 | |||
| 410 | &stack_pop(18+9); | ||
| 411 | &pop("edi"); | ||
| 412 | &pop("ebx"); | ||
| 413 | &pop("ebp"); | ||
| 414 | &pop("esi"); | ||
| 415 | &ret(); | ||
| 416 | |||
| 417 | # keep a note of shortcut label so it can be used outside | ||
| 418 | # block. | ||
| 419 | my $sclabel = &label("shortcut"); | ||
| 420 | |||
| 421 | &function_end_B($name); | ||
| 422 | # Putting this here avoids problems with MASM in debugging mode | ||
| 423 | &sha1_block_host("sha1_block_asm_host_order", $sclabel); | ||
| 424 | } | ||
| 425 | 218 | ||
| 219 | &asm_finish(); | ||
diff --git a/src/lib/libssl/src/crypto/sha/sha.h b/src/lib/libssl/src/crypto/sha/sha.h index 79c07b0fd1..eed44d7f94 100644 --- a/src/lib/libssl/src/crypto/sha/sha.h +++ b/src/lib/libssl/src/crypto/sha/sha.h | |||
| @@ -60,6 +60,7 @@ | |||
| 60 | #define HEADER_SHA_H | 60 | #define HEADER_SHA_H |
| 61 | 61 | ||
| 62 | #include <openssl/e_os2.h> | 62 | #include <openssl/e_os2.h> |
| 63 | #include <stddef.h> | ||
| 63 | 64 | ||
| 64 | #ifdef __cplusplus | 65 | #ifdef __cplusplus |
| 65 | extern "C" { | 66 | extern "C" { |
| @@ -70,7 +71,7 @@ extern "C" { | |||
| 70 | #endif | 71 | #endif |
| 71 | 72 | ||
| 72 | #if defined(OPENSSL_FIPS) | 73 | #if defined(OPENSSL_FIPS) |
| 73 | #define FIPS_SHA_SIZE_T unsigned long | 74 | #define FIPS_SHA_SIZE_T size_t |
| 74 | #endif | 75 | #endif |
| 75 | 76 | ||
| 76 | /* | 77 | /* |
| @@ -101,26 +102,97 @@ typedef struct SHAstate_st | |||
| 101 | SHA_LONG h0,h1,h2,h3,h4; | 102 | SHA_LONG h0,h1,h2,h3,h4; |
| 102 | SHA_LONG Nl,Nh; | 103 | SHA_LONG Nl,Nh; |
| 103 | SHA_LONG data[SHA_LBLOCK]; | 104 | SHA_LONG data[SHA_LBLOCK]; |
| 104 | int num; | 105 | unsigned int num; |
| 105 | } SHA_CTX; | 106 | } SHA_CTX; |
| 106 | 107 | ||
| 107 | #ifndef OPENSSL_NO_SHA0 | 108 | #ifndef OPENSSL_NO_SHA0 |
| 108 | #ifdef OPENSSL_FIPS | ||
| 109 | int private_SHA_Init(SHA_CTX *c); | ||
| 110 | #endif | ||
| 111 | int SHA_Init(SHA_CTX *c); | 109 | int SHA_Init(SHA_CTX *c); |
| 112 | int SHA_Update(SHA_CTX *c, const void *data, unsigned long len); | 110 | int SHA_Update(SHA_CTX *c, const void *data, size_t len); |
| 113 | int SHA_Final(unsigned char *md, SHA_CTX *c); | 111 | int SHA_Final(unsigned char *md, SHA_CTX *c); |
| 114 | unsigned char *SHA(const unsigned char *d, unsigned long n,unsigned char *md); | 112 | unsigned char *SHA(const unsigned char *d, size_t n, unsigned char *md); |
| 115 | void SHA_Transform(SHA_CTX *c, const unsigned char *data); | 113 | void SHA_Transform(SHA_CTX *c, const unsigned char *data); |
| 116 | #endif | 114 | #endif |
| 117 | #ifndef OPENSSL_NO_SHA1 | 115 | #ifndef OPENSSL_NO_SHA1 |
| 118 | int SHA1_Init(SHA_CTX *c); | 116 | int SHA1_Init(SHA_CTX *c); |
| 119 | int SHA1_Update(SHA_CTX *c, const void *data, unsigned long len); | 117 | int SHA1_Update(SHA_CTX *c, const void *data, size_t len); |
| 120 | int SHA1_Final(unsigned char *md, SHA_CTX *c); | 118 | int SHA1_Final(unsigned char *md, SHA_CTX *c); |
| 121 | unsigned char *SHA1(const unsigned char *d, unsigned long n,unsigned char *md); | 119 | unsigned char *SHA1(const unsigned char *d, size_t n, unsigned char *md); |
| 122 | void SHA1_Transform(SHA_CTX *c, const unsigned char *data); | 120 | void SHA1_Transform(SHA_CTX *c, const unsigned char *data); |
| 123 | #endif | 121 | #endif |
| 122 | |||
| 123 | #define SHA256_CBLOCK (SHA_LBLOCK*4) /* SHA-256 treats input data as a | ||
| 124 | * contiguous array of 32 bit | ||
| 125 | * wide big-endian values. */ | ||
| 126 | #define SHA224_DIGEST_LENGTH 28 | ||
| 127 | #define SHA256_DIGEST_LENGTH 32 | ||
| 128 | |||
| 129 | typedef struct SHA256state_st | ||
| 130 | { | ||
| 131 | SHA_LONG h[8]; | ||
| 132 | SHA_LONG Nl,Nh; | ||
| 133 | SHA_LONG data[SHA_LBLOCK]; | ||
| 134 | unsigned int num,md_len; | ||
| 135 | } SHA256_CTX; | ||
| 136 | |||
| 137 | #ifndef OPENSSL_NO_SHA256 | ||
| 138 | int SHA224_Init(SHA256_CTX *c); | ||
| 139 | int SHA224_Update(SHA256_CTX *c, const void *data, size_t len); | ||
| 140 | int SHA224_Final(unsigned char *md, SHA256_CTX *c); | ||
| 141 | unsigned char *SHA224(const unsigned char *d, size_t n,unsigned char *md); | ||
| 142 | int SHA256_Init(SHA256_CTX *c); | ||
| 143 | int SHA256_Update(SHA256_CTX *c, const void *data, size_t len); | ||
| 144 | int SHA256_Final(unsigned char *md, SHA256_CTX *c); | ||
| 145 | unsigned char *SHA256(const unsigned char *d, size_t n,unsigned char *md); | ||
| 146 | void SHA256_Transform(SHA256_CTX *c, const unsigned char *data); | ||
| 147 | #endif | ||
| 148 | |||
| 149 | #define SHA384_DIGEST_LENGTH 48 | ||
| 150 | #define SHA512_DIGEST_LENGTH 64 | ||
| 151 | |||
| 152 | #ifndef OPENSSL_NO_SHA512 | ||
| 153 | /* | ||
| 154 | * Unlike 32-bit digest algorithms, SHA-512 *relies* on SHA_LONG64 | ||
| 155 | * being exactly 64-bit wide. See Implementation Notes in sha512.c | ||
| 156 | * for further details. | ||
| 157 | */ | ||
| 158 | #define SHA512_CBLOCK (SHA_LBLOCK*8) /* SHA-512 treats input data as a | ||
| 159 | * contiguous array of 64 bit | ||
| 160 | * wide big-endian values. */ | ||
| 161 | #if (defined(_WIN32) || defined(_WIN64)) && !defined(__MINGW32__) | ||
| 162 | #define SHA_LONG64 unsigned __int64 | ||
| 163 | #define U64(C) C##UI64 | ||
| 164 | #elif defined(__arch64__) | ||
| 165 | #define SHA_LONG64 unsigned long | ||
| 166 | #define U64(C) C##UL | ||
| 167 | #else | ||
| 168 | #define SHA_LONG64 unsigned long long | ||
| 169 | #define U64(C) C##ULL | ||
| 170 | #endif | ||
| 171 | |||
| 172 | typedef struct SHA512state_st | ||
| 173 | { | ||
| 174 | SHA_LONG64 h[8]; | ||
| 175 | SHA_LONG64 Nl,Nh; | ||
| 176 | union { | ||
| 177 | SHA_LONG64 d[SHA_LBLOCK]; | ||
| 178 | unsigned char p[SHA512_CBLOCK]; | ||
| 179 | } u; | ||
| 180 | unsigned int num,md_len; | ||
| 181 | } SHA512_CTX; | ||
| 182 | #endif | ||
| 183 | |||
| 184 | #ifndef OPENSSL_NO_SHA512 | ||
| 185 | int SHA384_Init(SHA512_CTX *c); | ||
| 186 | int SHA384_Update(SHA512_CTX *c, const void *data, size_t len); | ||
| 187 | int SHA384_Final(unsigned char *md, SHA512_CTX *c); | ||
| 188 | unsigned char *SHA384(const unsigned char *d, size_t n,unsigned char *md); | ||
| 189 | int SHA512_Init(SHA512_CTX *c); | ||
| 190 | int SHA512_Update(SHA512_CTX *c, const void *data, size_t len); | ||
| 191 | int SHA512_Final(unsigned char *md, SHA512_CTX *c); | ||
| 192 | unsigned char *SHA512(const unsigned char *d, size_t n,unsigned char *md); | ||
| 193 | void SHA512_Transform(SHA512_CTX *c, const unsigned char *data); | ||
| 194 | #endif | ||
| 195 | |||
| 124 | #ifdef __cplusplus | 196 | #ifdef __cplusplus |
| 125 | } | 197 | } |
| 126 | #endif | 198 | #endif |
diff --git a/src/lib/libssl/src/crypto/sha/sha1_one.c b/src/lib/libssl/src/crypto/sha/sha1_one.c index f4694b701b..7c65b60276 100644 --- a/src/lib/libssl/src/crypto/sha/sha1_one.c +++ b/src/lib/libssl/src/crypto/sha/sha1_one.c | |||
| @@ -61,8 +61,8 @@ | |||
| 61 | #include <openssl/sha.h> | 61 | #include <openssl/sha.h> |
| 62 | #include <openssl/crypto.h> | 62 | #include <openssl/crypto.h> |
| 63 | 63 | ||
| 64 | #if !defined(OPENSSL_NO_SHA1) && !defined(OPENSSL_FIPS) | 64 | #ifndef OPENSSL_NO_SHA1 |
| 65 | unsigned char *SHA1(const unsigned char *d, unsigned long n, unsigned char *md) | 65 | unsigned char *SHA1(const unsigned char *d, size_t n, unsigned char *md) |
| 66 | { | 66 | { |
| 67 | SHA_CTX c; | 67 | SHA_CTX c; |
| 68 | static unsigned char m[SHA_DIGEST_LENGTH]; | 68 | static unsigned char m[SHA_DIGEST_LENGTH]; |
diff --git a/src/lib/libssl/src/crypto/sha/sha1dgst.c b/src/lib/libssl/src/crypto/sha/sha1dgst.c index 1e2009b760..50d1925cde 100644 --- a/src/lib/libssl/src/crypto/sha/sha1dgst.c +++ b/src/lib/libssl/src/crypto/sha/sha1dgst.c | |||
| @@ -56,26 +56,19 @@ | |||
| 56 | * [including the GNU Public Licence.] | 56 | * [including the GNU Public Licence.] |
| 57 | */ | 57 | */ |
| 58 | 58 | ||
| 59 | #include <openssl/opensslconf.h> | ||
| 59 | #if !defined(OPENSSL_NO_SHA1) && !defined(OPENSSL_NO_SHA) | 60 | #if !defined(OPENSSL_NO_SHA1) && !defined(OPENSSL_NO_SHA) |
| 60 | 61 | ||
| 61 | #undef SHA_0 | 62 | #undef SHA_0 |
| 62 | #define SHA_1 | 63 | #define SHA_1 |
| 63 | 64 | ||
| 64 | #include <openssl/opensslv.h> | 65 | #include <openssl/opensslv.h> |
| 65 | #include <openssl/opensslconf.h> | ||
| 66 | 66 | ||
| 67 | #ifndef OPENSSL_FIPS | 67 | const char SHA1_version[]="SHA1" OPENSSL_VERSION_PTEXT; |
| 68 | const char *SHA1_version="SHA1" OPENSSL_VERSION_PTEXT; | ||
| 69 | 68 | ||
| 70 | /* The implementation is in ../md32_common.h */ | 69 | /* The implementation is in ../md32_common.h */ |
| 71 | 70 | ||
| 72 | #include "sha_locl.h" | 71 | #include "sha_locl.h" |
| 73 | 72 | ||
| 74 | #else /* ndef OPENSSL_FIPS */ | ||
| 75 | |||
| 76 | static void *dummy=&dummy; | ||
| 77 | |||
| 78 | #endif /* ndef OPENSSL_FIPS */ | ||
| 79 | |||
| 80 | #endif | 73 | #endif |
| 81 | 74 | ||
diff --git a/src/lib/libssl/src/crypto/sha/sha1test.c b/src/lib/libssl/src/crypto/sha/sha1test.c index 4f2e4ada2d..6feb3964c7 100644 --- a/src/lib/libssl/src/crypto/sha/sha1test.c +++ b/src/lib/libssl/src/crypto/sha/sha1test.c | |||
| @@ -106,7 +106,7 @@ static char *pt(unsigned char *md); | |||
| 106 | int main(int argc, char *argv[]) | 106 | int main(int argc, char *argv[]) |
| 107 | { | 107 | { |
| 108 | int i,err=0; | 108 | int i,err=0; |
| 109 | unsigned char **P,**R; | 109 | char **P,**R; |
| 110 | static unsigned char buf[1000]; | 110 | static unsigned char buf[1000]; |
| 111 | char *p,*r; | 111 | char *p,*r; |
| 112 | EVP_MD_CTX c; | 112 | EVP_MD_CTX c; |
| @@ -118,12 +118,12 @@ int main(int argc, char *argv[]) | |||
| 118 | #endif | 118 | #endif |
| 119 | 119 | ||
| 120 | EVP_MD_CTX_init(&c); | 120 | EVP_MD_CTX_init(&c); |
| 121 | P=(unsigned char **)test; | 121 | P=test; |
| 122 | R=(unsigned char **)ret; | 122 | R=ret; |
| 123 | i=1; | 123 | i=1; |
| 124 | while (*P != NULL) | 124 | while (*P != NULL) |
| 125 | { | 125 | { |
| 126 | EVP_Digest(*P,(unsigned long)strlen((char *)*P),md,NULL,EVP_sha1(), NULL); | 126 | EVP_Digest(*P,strlen((char *)*P),md,NULL,EVP_sha1(), NULL); |
| 127 | p=pt(md); | 127 | p=pt(md); |
| 128 | if (strcmp(p,(char *)*R) != 0) | 128 | if (strcmp(p,(char *)*R) != 0) |
| 129 | { | 129 | { |
| @@ -157,6 +157,10 @@ int main(int argc, char *argv[]) | |||
| 157 | } | 157 | } |
| 158 | else | 158 | else |
| 159 | printf("test 3 ok\n"); | 159 | printf("test 3 ok\n"); |
| 160 | |||
| 161 | #ifdef OPENSSL_SYS_NETWARE | ||
| 162 | if (err) printf("ERROR: %d\n", err); | ||
| 163 | #endif | ||
| 160 | EXIT(err); | 164 | EXIT(err); |
| 161 | EVP_MD_CTX_cleanup(&c); | 165 | EVP_MD_CTX_cleanup(&c); |
| 162 | return(0); | 166 | return(0); |
diff --git a/src/lib/libssl/src/crypto/sha/sha_dgst.c b/src/lib/libssl/src/crypto/sha/sha_dgst.c index 5a4b3ab204..70eb56032c 100644 --- a/src/lib/libssl/src/crypto/sha/sha_dgst.c +++ b/src/lib/libssl/src/crypto/sha/sha_dgst.c | |||
| @@ -56,6 +56,7 @@ | |||
| 56 | * [including the GNU Public Licence.] | 56 | * [including the GNU Public Licence.] |
| 57 | */ | 57 | */ |
| 58 | 58 | ||
| 59 | #include <openssl/opensslconf.h> | ||
| 59 | #if !defined(OPENSSL_NO_SHA0) && !defined(OPENSSL_NO_SHA) | 60 | #if !defined(OPENSSL_NO_SHA0) && !defined(OPENSSL_NO_SHA) |
| 60 | 61 | ||
| 61 | #undef SHA_1 | 62 | #undef SHA_1 |
| @@ -63,7 +64,7 @@ | |||
| 63 | 64 | ||
| 64 | #include <openssl/opensslv.h> | 65 | #include <openssl/opensslv.h> |
| 65 | 66 | ||
| 66 | const char *SHA_version="SHA" OPENSSL_VERSION_PTEXT; | 67 | const char SHA_version[]="SHA" OPENSSL_VERSION_PTEXT; |
| 67 | 68 | ||
| 68 | /* The implementation is in ../md32_common.h */ | 69 | /* The implementation is in ../md32_common.h */ |
| 69 | 70 | ||
diff --git a/src/lib/libssl/src/crypto/sha/sha_locl.h b/src/lib/libssl/src/crypto/sha/sha_locl.h index a3623f72da..e37e5726e3 100644 --- a/src/lib/libssl/src/crypto/sha/sha_locl.h +++ b/src/lib/libssl/src/crypto/sha/sha_locl.h | |||
| @@ -62,17 +62,11 @@ | |||
| 62 | #include <openssl/opensslconf.h> | 62 | #include <openssl/opensslconf.h> |
| 63 | #include <openssl/sha.h> | 63 | #include <openssl/sha.h> |
| 64 | 64 | ||
| 65 | #ifndef SHA_LONG_LOG2 | ||
| 66 | #define SHA_LONG_LOG2 2 /* default to 32 bits */ | ||
| 67 | #endif | ||
| 68 | |||
| 69 | #define DATA_ORDER_IS_BIG_ENDIAN | 65 | #define DATA_ORDER_IS_BIG_ENDIAN |
| 70 | 66 | ||
| 71 | #define HASH_LONG SHA_LONG | 67 | #define HASH_LONG SHA_LONG |
| 72 | #define HASH_LONG_LOG2 SHA_LONG_LOG2 | ||
| 73 | #define HASH_CTX SHA_CTX | 68 | #define HASH_CTX SHA_CTX |
| 74 | #define HASH_CBLOCK SHA_CBLOCK | 69 | #define HASH_CBLOCK SHA_CBLOCK |
| 75 | #define HASH_LBLOCK SHA_LBLOCK | ||
| 76 | #define HASH_MAKE_STRING(c,s) do { \ | 70 | #define HASH_MAKE_STRING(c,s) do { \ |
| 77 | unsigned long ll; \ | 71 | unsigned long ll; \ |
| 78 | ll=(c)->h0; HOST_l2c(ll,(s)); \ | 72 | ll=(c)->h0; HOST_l2c(ll,(s)); \ |
| @@ -88,12 +82,10 @@ | |||
| 88 | # define HASH_TRANSFORM SHA_Transform | 82 | # define HASH_TRANSFORM SHA_Transform |
| 89 | # define HASH_FINAL SHA_Final | 83 | # define HASH_FINAL SHA_Final |
| 90 | # define HASH_INIT SHA_Init | 84 | # define HASH_INIT SHA_Init |
| 91 | # define HASH_BLOCK_HOST_ORDER sha_block_host_order | ||
| 92 | # define HASH_BLOCK_DATA_ORDER sha_block_data_order | 85 | # define HASH_BLOCK_DATA_ORDER sha_block_data_order |
| 93 | # define Xupdate(a,ix,ia,ib,ic,id) (ix=(a)=(ia^ib^ic^id)) | 86 | # define Xupdate(a,ix,ia,ib,ic,id) (ix=(a)=(ia^ib^ic^id)) |
| 94 | 87 | ||
| 95 | void sha_block_host_order (SHA_CTX *c, const void *p,int num); | 88 | static void sha_block_data_order (SHA_CTX *c, const void *p,size_t num); |
| 96 | void sha_block_data_order (SHA_CTX *c, const void *p,int num); | ||
| 97 | 89 | ||
| 98 | #elif defined(SHA_1) | 90 | #elif defined(SHA_1) |
| 99 | 91 | ||
| @@ -101,7 +93,6 @@ | |||
| 101 | # define HASH_TRANSFORM SHA1_Transform | 93 | # define HASH_TRANSFORM SHA1_Transform |
| 102 | # define HASH_FINAL SHA1_Final | 94 | # define HASH_FINAL SHA1_Final |
| 103 | # define HASH_INIT SHA1_Init | 95 | # define HASH_INIT SHA1_Init |
| 104 | # define HASH_BLOCK_HOST_ORDER sha1_block_host_order | ||
| 105 | # define HASH_BLOCK_DATA_ORDER sha1_block_data_order | 96 | # define HASH_BLOCK_DATA_ORDER sha1_block_data_order |
| 106 | # if defined(__MWERKS__) && defined(__MC68K__) | 97 | # if defined(__MWERKS__) && defined(__MC68K__) |
| 107 | /* Metrowerks for Motorola fails otherwise:-( <appro@fy.chalmers.se> */ | 98 | /* Metrowerks for Motorola fails otherwise:-( <appro@fy.chalmers.se> */ |
| @@ -114,22 +105,10 @@ | |||
| 114 | ) | 105 | ) |
| 115 | # endif | 106 | # endif |
| 116 | 107 | ||
| 117 | # ifdef SHA1_ASM | 108 | #ifndef SHA1_ASM |
| 118 | # if defined(__i386) || defined(__i386__) || defined(_M_IX86) || defined(__INTEL__) | 109 | static |
| 119 | # define sha1_block_host_order sha1_block_asm_host_order | 110 | #endif |
| 120 | # define DONT_IMPLEMENT_BLOCK_HOST_ORDER | 111 | void sha1_block_data_order (SHA_CTX *c, const void *p,size_t num); |
| 121 | # define sha1_block_data_order sha1_block_asm_data_order | ||
| 122 | # define DONT_IMPLEMENT_BLOCK_DATA_ORDER | ||
| 123 | # define HASH_BLOCK_DATA_ORDER_ALIGNED sha1_block_asm_data_order | ||
| 124 | # elif defined(__ia64) || defined(__ia64__) || defined(_M_IA64) | ||
| 125 | # define sha1_block_host_order sha1_block_asm_host_order | ||
| 126 | # define DONT_IMPLEMENT_BLOCK_HOST_ORDER | ||
| 127 | # define sha1_block_data_order sha1_block_asm_data_order | ||
| 128 | # define DONT_IMPLEMENT_BLOCK_DATA_ORDER | ||
| 129 | # endif | ||
| 130 | # endif | ||
| 131 | void sha1_block_host_order (SHA_CTX *c, const void *p,int num); | ||
| 132 | void sha1_block_data_order (SHA_CTX *c, const void *p,int num); | ||
| 133 | 112 | ||
| 134 | #else | 113 | #else |
| 135 | # error "Either SHA_0 or SHA_1 must be defined." | 114 | # error "Either SHA_0 or SHA_1 must be defined." |
| @@ -143,11 +122,7 @@ | |||
| 143 | #define INIT_DATA_h3 0x10325476UL | 122 | #define INIT_DATA_h3 0x10325476UL |
| 144 | #define INIT_DATA_h4 0xc3d2e1f0UL | 123 | #define INIT_DATA_h4 0xc3d2e1f0UL |
| 145 | 124 | ||
| 146 | #if defined(SHA_0) && defined(OPENSSL_FIPS) | ||
| 147 | FIPS_NON_FIPS_MD_Init(SHA) | ||
| 148 | #else | ||
| 149 | int HASH_INIT (SHA_CTX *c) | 125 | int HASH_INIT (SHA_CTX *c) |
| 150 | #endif | ||
| 151 | { | 126 | { |
| 152 | c->h0=INIT_DATA_h0; | 127 | c->h0=INIT_DATA_h0; |
| 153 | c->h1=INIT_DATA_h1; | 128 | c->h1=INIT_DATA_h1; |
| @@ -177,6 +152,8 @@ int HASH_INIT (SHA_CTX *c) | |||
| 177 | #define F_40_59(b,c,d) (((b) & (c)) | (((b)|(c)) & (d))) | 152 | #define F_40_59(b,c,d) (((b) & (c)) | (((b)|(c)) & (d))) |
| 178 | #define F_60_79(b,c,d) F_20_39(b,c,d) | 153 | #define F_60_79(b,c,d) F_20_39(b,c,d) |
| 179 | 154 | ||
| 155 | #ifndef OPENSSL_SMALL_FOOTPRINT | ||
| 156 | |||
| 180 | #define BODY_00_15(i,a,b,c,d,e,f,xi) \ | 157 | #define BODY_00_15(i,a,b,c,d,e,f,xi) \ |
| 181 | (f)=xi+(e)+K_00_19+ROTATE((a),5)+F_00_19((b),(c),(d)); \ | 158 | (f)=xi+(e)+K_00_19+ROTATE((a),5)+F_00_19((b),(c),(d)); \ |
| 182 | (b)=ROTATE((b),30); | 159 | (b)=ROTATE((b),30); |
| @@ -229,11 +206,11 @@ int HASH_INIT (SHA_CTX *c) | |||
| 229 | # define X(i) XX[i] | 206 | # define X(i) XX[i] |
| 230 | #endif | 207 | #endif |
| 231 | 208 | ||
| 232 | #ifndef DONT_IMPLEMENT_BLOCK_HOST_ORDER | 209 | #if !defined(SHA_1) || !defined(SHA1_ASM) |
| 233 | void HASH_BLOCK_HOST_ORDER (SHA_CTX *c, const void *d, int num) | 210 | static void HASH_BLOCK_DATA_ORDER (SHA_CTX *c, const void *p, size_t num) |
| 234 | { | 211 | { |
| 235 | const SHA_LONG *W=d; | 212 | const unsigned char *data=p; |
| 236 | register unsigned MD32_REG_T A,B,C,D,E,T; | 213 | register unsigned MD32_REG_T A,B,C,D,E,T,l; |
| 237 | #ifndef MD32_XARRAY | 214 | #ifndef MD32_XARRAY |
| 238 | unsigned MD32_REG_T XX0, XX1, XX2, XX3, XX4, XX5, XX6, XX7, | 215 | unsigned MD32_REG_T XX0, XX1, XX2, XX3, XX4, XX5, XX6, XX7, |
| 239 | XX8, XX9,XX10,XX11,XX12,XX13,XX14,XX15; | 216 | XX8, XX9,XX10,XX11,XX12,XX13,XX14,XX15; |
| @@ -248,41 +225,71 @@ void HASH_BLOCK_HOST_ORDER (SHA_CTX *c, const void *d, int num) | |||
| 248 | E=c->h4; | 225 | E=c->h4; |
| 249 | 226 | ||
| 250 | for (;;) | 227 | for (;;) |
| 228 | { | ||
| 229 | const union { long one; char little; } is_endian = {1}; | ||
| 230 | |||
| 231 | if (!is_endian.little && sizeof(SHA_LONG)==4 && ((size_t)p%4)==0) | ||
| 232 | { | ||
| 233 | const SHA_LONG *W=(const SHA_LONG *)data; | ||
| 234 | |||
| 235 | X( 0) = W[0]; X( 1) = W[ 1]; | ||
| 236 | BODY_00_15( 0,A,B,C,D,E,T,X( 0)); X( 2) = W[ 2]; | ||
| 237 | BODY_00_15( 1,T,A,B,C,D,E,X( 1)); X( 3) = W[ 3]; | ||
| 238 | BODY_00_15( 2,E,T,A,B,C,D,X( 2)); X( 4) = W[ 4]; | ||
| 239 | BODY_00_15( 3,D,E,T,A,B,C,X( 3)); X( 5) = W[ 5]; | ||
| 240 | BODY_00_15( 4,C,D,E,T,A,B,X( 4)); X( 6) = W[ 6]; | ||
| 241 | BODY_00_15( 5,B,C,D,E,T,A,X( 5)); X( 7) = W[ 7]; | ||
| 242 | BODY_00_15( 6,A,B,C,D,E,T,X( 6)); X( 8) = W[ 8]; | ||
| 243 | BODY_00_15( 7,T,A,B,C,D,E,X( 7)); X( 9) = W[ 9]; | ||
| 244 | BODY_00_15( 8,E,T,A,B,C,D,X( 8)); X(10) = W[10]; | ||
| 245 | BODY_00_15( 9,D,E,T,A,B,C,X( 9)); X(11) = W[11]; | ||
| 246 | BODY_00_15(10,C,D,E,T,A,B,X(10)); X(12) = W[12]; | ||
| 247 | BODY_00_15(11,B,C,D,E,T,A,X(11)); X(13) = W[13]; | ||
| 248 | BODY_00_15(12,A,B,C,D,E,T,X(12)); X(14) = W[14]; | ||
| 249 | BODY_00_15(13,T,A,B,C,D,E,X(13)); X(15) = W[15]; | ||
| 250 | BODY_00_15(14,E,T,A,B,C,D,X(14)); | ||
| 251 | BODY_00_15(15,D,E,T,A,B,C,X(15)); | ||
| 252 | |||
| 253 | data += SHA_CBLOCK; | ||
| 254 | } | ||
| 255 | else | ||
| 251 | { | 256 | { |
| 252 | BODY_00_15( 0,A,B,C,D,E,T,W[ 0]); | 257 | HOST_c2l(data,l); X( 0)=l; HOST_c2l(data,l); X( 1)=l; |
| 253 | BODY_00_15( 1,T,A,B,C,D,E,W[ 1]); | 258 | BODY_00_15( 0,A,B,C,D,E,T,X( 0)); HOST_c2l(data,l); X( 2)=l; |
| 254 | BODY_00_15( 2,E,T,A,B,C,D,W[ 2]); | 259 | BODY_00_15( 1,T,A,B,C,D,E,X( 1)); HOST_c2l(data,l); X( 3)=l; |
| 255 | BODY_00_15( 3,D,E,T,A,B,C,W[ 3]); | 260 | BODY_00_15( 2,E,T,A,B,C,D,X( 2)); HOST_c2l(data,l); X( 4)=l; |
| 256 | BODY_00_15( 4,C,D,E,T,A,B,W[ 4]); | 261 | BODY_00_15( 3,D,E,T,A,B,C,X( 3)); HOST_c2l(data,l); X( 5)=l; |
| 257 | BODY_00_15( 5,B,C,D,E,T,A,W[ 5]); | 262 | BODY_00_15( 4,C,D,E,T,A,B,X( 4)); HOST_c2l(data,l); X( 6)=l; |
| 258 | BODY_00_15( 6,A,B,C,D,E,T,W[ 6]); | 263 | BODY_00_15( 5,B,C,D,E,T,A,X( 5)); HOST_c2l(data,l); X( 7)=l; |
| 259 | BODY_00_15( 7,T,A,B,C,D,E,W[ 7]); | 264 | BODY_00_15( 6,A,B,C,D,E,T,X( 6)); HOST_c2l(data,l); X( 8)=l; |
| 260 | BODY_00_15( 8,E,T,A,B,C,D,W[ 8]); | 265 | BODY_00_15( 7,T,A,B,C,D,E,X( 7)); HOST_c2l(data,l); X( 9)=l; |
| 261 | BODY_00_15( 9,D,E,T,A,B,C,W[ 9]); | 266 | BODY_00_15( 8,E,T,A,B,C,D,X( 8)); HOST_c2l(data,l); X(10)=l; |
| 262 | BODY_00_15(10,C,D,E,T,A,B,W[10]); | 267 | BODY_00_15( 9,D,E,T,A,B,C,X( 9)); HOST_c2l(data,l); X(11)=l; |
| 263 | BODY_00_15(11,B,C,D,E,T,A,W[11]); | 268 | BODY_00_15(10,C,D,E,T,A,B,X(10)); HOST_c2l(data,l); X(12)=l; |
| 264 | BODY_00_15(12,A,B,C,D,E,T,W[12]); | 269 | BODY_00_15(11,B,C,D,E,T,A,X(11)); HOST_c2l(data,l); X(13)=l; |
| 265 | BODY_00_15(13,T,A,B,C,D,E,W[13]); | 270 | BODY_00_15(12,A,B,C,D,E,T,X(12)); HOST_c2l(data,l); X(14)=l; |
| 266 | BODY_00_15(14,E,T,A,B,C,D,W[14]); | 271 | BODY_00_15(13,T,A,B,C,D,E,X(13)); HOST_c2l(data,l); X(15)=l; |
| 267 | BODY_00_15(15,D,E,T,A,B,C,W[15]); | 272 | BODY_00_15(14,E,T,A,B,C,D,X(14)); |
| 268 | 273 | BODY_00_15(15,D,E,T,A,B,C,X(15)); | |
| 269 | BODY_16_19(16,C,D,E,T,A,B,X( 0),W[ 0],W[ 2],W[ 8],W[13]); | 274 | } |
| 270 | BODY_16_19(17,B,C,D,E,T,A,X( 1),W[ 1],W[ 3],W[ 9],W[14]); | 275 | |
| 271 | BODY_16_19(18,A,B,C,D,E,T,X( 2),W[ 2],W[ 4],W[10],W[15]); | 276 | BODY_16_19(16,C,D,E,T,A,B,X( 0),X( 0),X( 2),X( 8),X(13)); |
| 272 | BODY_16_19(19,T,A,B,C,D,E,X( 3),W[ 3],W[ 5],W[11],X( 0)); | 277 | BODY_16_19(17,B,C,D,E,T,A,X( 1),X( 1),X( 3),X( 9),X(14)); |
| 273 | 278 | BODY_16_19(18,A,B,C,D,E,T,X( 2),X( 2),X( 4),X(10),X(15)); | |
| 274 | BODY_20_31(20,E,T,A,B,C,D,X( 4),W[ 4],W[ 6],W[12],X( 1)); | 279 | BODY_16_19(19,T,A,B,C,D,E,X( 3),X( 3),X( 5),X(11),X( 0)); |
| 275 | BODY_20_31(21,D,E,T,A,B,C,X( 5),W[ 5],W[ 7],W[13],X( 2)); | 280 | |
| 276 | BODY_20_31(22,C,D,E,T,A,B,X( 6),W[ 6],W[ 8],W[14],X( 3)); | 281 | BODY_20_31(20,E,T,A,B,C,D,X( 4),X( 4),X( 6),X(12),X( 1)); |
| 277 | BODY_20_31(23,B,C,D,E,T,A,X( 7),W[ 7],W[ 9],W[15],X( 4)); | 282 | BODY_20_31(21,D,E,T,A,B,C,X( 5),X( 5),X( 7),X(13),X( 2)); |
| 278 | BODY_20_31(24,A,B,C,D,E,T,X( 8),W[ 8],W[10],X( 0),X( 5)); | 283 | BODY_20_31(22,C,D,E,T,A,B,X( 6),X( 6),X( 8),X(14),X( 3)); |
| 279 | BODY_20_31(25,T,A,B,C,D,E,X( 9),W[ 9],W[11],X( 1),X( 6)); | 284 | BODY_20_31(23,B,C,D,E,T,A,X( 7),X( 7),X( 9),X(15),X( 4)); |
| 280 | BODY_20_31(26,E,T,A,B,C,D,X(10),W[10],W[12],X( 2),X( 7)); | 285 | BODY_20_31(24,A,B,C,D,E,T,X( 8),X( 8),X(10),X( 0),X( 5)); |
| 281 | BODY_20_31(27,D,E,T,A,B,C,X(11),W[11],W[13],X( 3),X( 8)); | 286 | BODY_20_31(25,T,A,B,C,D,E,X( 9),X( 9),X(11),X( 1),X( 6)); |
| 282 | BODY_20_31(28,C,D,E,T,A,B,X(12),W[12],W[14],X( 4),X( 9)); | 287 | BODY_20_31(26,E,T,A,B,C,D,X(10),X(10),X(12),X( 2),X( 7)); |
| 283 | BODY_20_31(29,B,C,D,E,T,A,X(13),W[13],W[15],X( 5),X(10)); | 288 | BODY_20_31(27,D,E,T,A,B,C,X(11),X(11),X(13),X( 3),X( 8)); |
| 284 | BODY_20_31(30,A,B,C,D,E,T,X(14),W[14],X( 0),X( 6),X(11)); | 289 | BODY_20_31(28,C,D,E,T,A,B,X(12),X(12),X(14),X( 4),X( 9)); |
| 285 | BODY_20_31(31,T,A,B,C,D,E,X(15),W[15],X( 1),X( 7),X(12)); | 290 | BODY_20_31(29,B,C,D,E,T,A,X(13),X(13),X(15),X( 5),X(10)); |
| 291 | BODY_20_31(30,A,B,C,D,E,T,X(14),X(14),X( 0),X( 6),X(11)); | ||
| 292 | BODY_20_31(31,T,A,B,C,D,E,X(15),X(15),X( 1),X( 7),X(12)); | ||
| 286 | 293 | ||
| 287 | BODY_32_39(32,E,T,A,B,C,D,X( 0),X( 2),X( 8),X(13)); | 294 | BODY_32_39(32,E,T,A,B,C,D,X( 0),X( 2),X( 8),X(13)); |
| 288 | BODY_32_39(33,D,E,T,A,B,C,X( 1),X( 3),X( 9),X(14)); | 295 | BODY_32_39(33,D,E,T,A,B,C,X( 1),X( 3),X( 9),X(14)); |
| @@ -341,7 +348,7 @@ void HASH_BLOCK_HOST_ORDER (SHA_CTX *c, const void *d, int num) | |||
| 341 | c->h3=(c->h3+B)&0xffffffffL; | 348 | c->h3=(c->h3+B)&0xffffffffL; |
| 342 | c->h4=(c->h4+C)&0xffffffffL; | 349 | c->h4=(c->h4+C)&0xffffffffL; |
| 343 | 350 | ||
| 344 | if (--num <= 0) break; | 351 | if (--num == 0) break; |
| 345 | 352 | ||
| 346 | A=c->h0; | 353 | A=c->h0; |
| 347 | B=c->h1; | 354 | B=c->h1; |
| @@ -349,22 +356,48 @@ void HASH_BLOCK_HOST_ORDER (SHA_CTX *c, const void *d, int num) | |||
| 349 | D=c->h3; | 356 | D=c->h3; |
| 350 | E=c->h4; | 357 | E=c->h4; |
| 351 | 358 | ||
| 352 | W+=SHA_LBLOCK; | 359 | } |
| 353 | } | ||
| 354 | } | 360 | } |
| 355 | #endif | 361 | #endif |
| 356 | 362 | ||
| 357 | #ifndef DONT_IMPLEMENT_BLOCK_DATA_ORDER | 363 | #else /* OPENSSL_SMALL_FOOTPRINT */ |
| 358 | void HASH_BLOCK_DATA_ORDER (SHA_CTX *c, const void *p, int num) | 364 | |
| 365 | #define BODY_00_15(xi) do { \ | ||
| 366 | T=E+K_00_19+F_00_19(B,C,D); \ | ||
| 367 | E=D, D=C, C=ROTATE(B,30), B=A; \ | ||
| 368 | A=ROTATE(A,5)+T+xi; } while(0) | ||
| 369 | |||
| 370 | #define BODY_16_19(xa,xb,xc,xd) do { \ | ||
| 371 | Xupdate(T,xa,xa,xb,xc,xd); \ | ||
| 372 | T+=E+K_00_19+F_00_19(B,C,D); \ | ||
| 373 | E=D, D=C, C=ROTATE(B,30), B=A; \ | ||
| 374 | A=ROTATE(A,5)+T; } while(0) | ||
| 375 | |||
| 376 | #define BODY_20_39(xa,xb,xc,xd) do { \ | ||
| 377 | Xupdate(T,xa,xa,xb,xc,xd); \ | ||
| 378 | T+=E+K_20_39+F_20_39(B,C,D); \ | ||
| 379 | E=D, D=C, C=ROTATE(B,30), B=A; \ | ||
| 380 | A=ROTATE(A,5)+T; } while(0) | ||
| 381 | |||
| 382 | #define BODY_40_59(xa,xb,xc,xd) do { \ | ||
| 383 | Xupdate(T,xa,xa,xb,xc,xd); \ | ||
| 384 | T+=E+K_40_59+F_40_59(B,C,D); \ | ||
| 385 | E=D, D=C, C=ROTATE(B,30), B=A; \ | ||
| 386 | A=ROTATE(A,5)+T; } while(0) | ||
| 387 | |||
| 388 | #define BODY_60_79(xa,xb,xc,xd) do { \ | ||
| 389 | Xupdate(T,xa,xa,xb,xc,xd); \ | ||
| 390 | T=E+K_60_79+F_60_79(B,C,D); \ | ||
| 391 | E=D, D=C, C=ROTATE(B,30), B=A; \ | ||
| 392 | A=ROTATE(A,5)+T+xa; } while(0) | ||
| 393 | |||
| 394 | #if !defined(SHA_1) || !defined(SHA1_ASM) | ||
| 395 | static void HASH_BLOCK_DATA_ORDER (SHA_CTX *c, const void *p, size_t num) | ||
| 359 | { | 396 | { |
| 360 | const unsigned char *data=p; | 397 | const unsigned char *data=p; |
| 361 | register unsigned MD32_REG_T A,B,C,D,E,T,l; | 398 | register unsigned MD32_REG_T A,B,C,D,E,T,l; |
| 362 | #ifndef MD32_XARRAY | 399 | int i; |
| 363 | unsigned MD32_REG_T XX0, XX1, XX2, XX3, XX4, XX5, XX6, XX7, | 400 | SHA_LONG X[16]; |
| 364 | XX8, XX9,XX10,XX11,XX12,XX13,XX14,XX15; | ||
| 365 | #else | ||
| 366 | SHA_LONG XX[16]; | ||
| 367 | #endif | ||
| 368 | 401 | ||
| 369 | A=c->h0; | 402 | A=c->h0; |
| 370 | B=c->h1; | 403 | B=c->h1; |
| @@ -374,101 +407,24 @@ void HASH_BLOCK_DATA_ORDER (SHA_CTX *c, const void *p, int num) | |||
| 374 | 407 | ||
| 375 | for (;;) | 408 | for (;;) |
| 376 | { | 409 | { |
| 377 | 410 | for (i=0;i<16;i++) | |
| 378 | HOST_c2l(data,l); X( 0)=l; HOST_c2l(data,l); X( 1)=l; | 411 | { HOST_c2l(data,l); X[i]=l; BODY_00_15(X[i]); } |
| 379 | BODY_00_15( 0,A,B,C,D,E,T,X( 0)); HOST_c2l(data,l); X( 2)=l; | 412 | for (i=0;i<4;i++) |
| 380 | BODY_00_15( 1,T,A,B,C,D,E,X( 1)); HOST_c2l(data,l); X( 3)=l; | 413 | { BODY_16_19(X[i], X[i+2], X[i+8], X[(i+13)&15]); } |
| 381 | BODY_00_15( 2,E,T,A,B,C,D,X( 2)); HOST_c2l(data,l); X( 4)=l; | 414 | for (;i<24;i++) |
| 382 | BODY_00_15( 3,D,E,T,A,B,C,X( 3)); HOST_c2l(data,l); X( 5)=l; | 415 | { BODY_20_39(X[i&15], X[(i+2)&15], X[(i+8)&15],X[(i+13)&15]); } |
| 383 | BODY_00_15( 4,C,D,E,T,A,B,X( 4)); HOST_c2l(data,l); X( 6)=l; | 416 | for (i=0;i<20;i++) |
| 384 | BODY_00_15( 5,B,C,D,E,T,A,X( 5)); HOST_c2l(data,l); X( 7)=l; | 417 | { BODY_40_59(X[(i+8)&15],X[(i+10)&15],X[i&15], X[(i+5)&15]); } |
| 385 | BODY_00_15( 6,A,B,C,D,E,T,X( 6)); HOST_c2l(data,l); X( 8)=l; | 418 | for (i=4;i<24;i++) |
| 386 | BODY_00_15( 7,T,A,B,C,D,E,X( 7)); HOST_c2l(data,l); X( 9)=l; | 419 | { BODY_60_79(X[(i+8)&15],X[(i+10)&15],X[i&15], X[(i+5)&15]); } |
| 387 | BODY_00_15( 8,E,T,A,B,C,D,X( 8)); HOST_c2l(data,l); X(10)=l; | 420 | |
| 388 | BODY_00_15( 9,D,E,T,A,B,C,X( 9)); HOST_c2l(data,l); X(11)=l; | 421 | c->h0=(c->h0+A)&0xffffffffL; |
| 389 | BODY_00_15(10,C,D,E,T,A,B,X(10)); HOST_c2l(data,l); X(12)=l; | 422 | c->h1=(c->h1+B)&0xffffffffL; |
| 390 | BODY_00_15(11,B,C,D,E,T,A,X(11)); HOST_c2l(data,l); X(13)=l; | 423 | c->h2=(c->h2+C)&0xffffffffL; |
| 391 | BODY_00_15(12,A,B,C,D,E,T,X(12)); HOST_c2l(data,l); X(14)=l; | 424 | c->h3=(c->h3+D)&0xffffffffL; |
| 392 | BODY_00_15(13,T,A,B,C,D,E,X(13)); HOST_c2l(data,l); X(15)=l; | 425 | c->h4=(c->h4+E)&0xffffffffL; |
| 393 | BODY_00_15(14,E,T,A,B,C,D,X(14)); | 426 | |
| 394 | BODY_00_15(15,D,E,T,A,B,C,X(15)); | 427 | if (--num == 0) break; |
| 395 | |||
| 396 | BODY_16_19(16,C,D,E,T,A,B,X( 0),X( 0),X( 2),X( 8),X(13)); | ||
| 397 | BODY_16_19(17,B,C,D,E,T,A,X( 1),X( 1),X( 3),X( 9),X(14)); | ||
| 398 | BODY_16_19(18,A,B,C,D,E,T,X( 2),X( 2),X( 4),X(10),X(15)); | ||
| 399 | BODY_16_19(19,T,A,B,C,D,E,X( 3),X( 3),X( 5),X(11),X( 0)); | ||
| 400 | |||
| 401 | BODY_20_31(20,E,T,A,B,C,D,X( 4),X( 4),X( 6),X(12),X( 1)); | ||
| 402 | BODY_20_31(21,D,E,T,A,B,C,X( 5),X( 5),X( 7),X(13),X( 2)); | ||
| 403 | BODY_20_31(22,C,D,E,T,A,B,X( 6),X( 6),X( 8),X(14),X( 3)); | ||
| 404 | BODY_20_31(23,B,C,D,E,T,A,X( 7),X( 7),X( 9),X(15),X( 4)); | ||
| 405 | BODY_20_31(24,A,B,C,D,E,T,X( 8),X( 8),X(10),X( 0),X( 5)); | ||
| 406 | BODY_20_31(25,T,A,B,C,D,E,X( 9),X( 9),X(11),X( 1),X( 6)); | ||
| 407 | BODY_20_31(26,E,T,A,B,C,D,X(10),X(10),X(12),X( 2),X( 7)); | ||
| 408 | BODY_20_31(27,D,E,T,A,B,C,X(11),X(11),X(13),X( 3),X( 8)); | ||
| 409 | BODY_20_31(28,C,D,E,T,A,B,X(12),X(12),X(14),X( 4),X( 9)); | ||
| 410 | BODY_20_31(29,B,C,D,E,T,A,X(13),X(13),X(15),X( 5),X(10)); | ||
| 411 | BODY_20_31(30,A,B,C,D,E,T,X(14),X(14),X( 0),X( 6),X(11)); | ||
| 412 | BODY_20_31(31,T,A,B,C,D,E,X(15),X(15),X( 1),X( 7),X(12)); | ||
| 413 | |||
| 414 | BODY_32_39(32,E,T,A,B,C,D,X( 0),X( 2),X( 8),X(13)); | ||
| 415 | BODY_32_39(33,D,E,T,A,B,C,X( 1),X( 3),X( 9),X(14)); | ||
| 416 | BODY_32_39(34,C,D,E,T,A,B,X( 2),X( 4),X(10),X(15)); | ||
| 417 | BODY_32_39(35,B,C,D,E,T,A,X( 3),X( 5),X(11),X( 0)); | ||
| 418 | BODY_32_39(36,A,B,C,D,E,T,X( 4),X( 6),X(12),X( 1)); | ||
| 419 | BODY_32_39(37,T,A,B,C,D,E,X( 5),X( 7),X(13),X( 2)); | ||
| 420 | BODY_32_39(38,E,T,A,B,C,D,X( 6),X( 8),X(14),X( 3)); | ||
| 421 | BODY_32_39(39,D,E,T,A,B,C,X( 7),X( 9),X(15),X( 4)); | ||
| 422 | |||
| 423 | BODY_40_59(40,C,D,E,T,A,B,X( 8),X(10),X( 0),X( 5)); | ||
| 424 | BODY_40_59(41,B,C,D,E,T,A,X( 9),X(11),X( 1),X( 6)); | ||
| 425 | BODY_40_59(42,A,B,C,D,E,T,X(10),X(12),X( 2),X( 7)); | ||
| 426 | BODY_40_59(43,T,A,B,C,D,E,X(11),X(13),X( 3),X( 8)); | ||
| 427 | BODY_40_59(44,E,T,A,B,C,D,X(12),X(14),X( 4),X( 9)); | ||
| 428 | BODY_40_59(45,D,E,T,A,B,C,X(13),X(15),X( 5),X(10)); | ||
| 429 | BODY_40_59(46,C,D,E,T,A,B,X(14),X( 0),X( 6),X(11)); | ||
| 430 | BODY_40_59(47,B,C,D,E,T,A,X(15),X( 1),X( 7),X(12)); | ||
| 431 | BODY_40_59(48,A,B,C,D,E,T,X( 0),X( 2),X( 8),X(13)); | ||
| 432 | BODY_40_59(49,T,A,B,C,D,E,X( 1),X( 3),X( 9),X(14)); | ||
| 433 | BODY_40_59(50,E,T,A,B,C,D,X( 2),X( 4),X(10),X(15)); | ||
| 434 | BODY_40_59(51,D,E,T,A,B,C,X( 3),X( 5),X(11),X( 0)); | ||
| 435 | BODY_40_59(52,C,D,E,T,A,B,X( 4),X( 6),X(12),X( 1)); | ||
| 436 | BODY_40_59(53,B,C,D,E,T,A,X( 5),X( 7),X(13),X( 2)); | ||
| 437 | BODY_40_59(54,A,B,C,D,E,T,X( 6),X( 8),X(14),X( 3)); | ||
| 438 | BODY_40_59(55,T,A,B,C,D,E,X( 7),X( 9),X(15),X( 4)); | ||
| 439 | BODY_40_59(56,E,T,A,B,C,D,X( 8),X(10),X( 0),X( 5)); | ||
| 440 | BODY_40_59(57,D,E,T,A,B,C,X( 9),X(11),X( 1),X( 6)); | ||
| 441 | BODY_40_59(58,C,D,E,T,A,B,X(10),X(12),X( 2),X( 7)); | ||
| 442 | BODY_40_59(59,B,C,D,E,T,A,X(11),X(13),X( 3),X( 8)); | ||
| 443 | |||
| 444 | BODY_60_79(60,A,B,C,D,E,T,X(12),X(14),X( 4),X( 9)); | ||
| 445 | BODY_60_79(61,T,A,B,C,D,E,X(13),X(15),X( 5),X(10)); | ||
| 446 | BODY_60_79(62,E,T,A,B,C,D,X(14),X( 0),X( 6),X(11)); | ||
| 447 | BODY_60_79(63,D,E,T,A,B,C,X(15),X( 1),X( 7),X(12)); | ||
| 448 | BODY_60_79(64,C,D,E,T,A,B,X( 0),X( 2),X( 8),X(13)); | ||
| 449 | BODY_60_79(65,B,C,D,E,T,A,X( 1),X( 3),X( 9),X(14)); | ||
| 450 | BODY_60_79(66,A,B,C,D,E,T,X( 2),X( 4),X(10),X(15)); | ||
| 451 | BODY_60_79(67,T,A,B,C,D,E,X( 3),X( 5),X(11),X( 0)); | ||
| 452 | BODY_60_79(68,E,T,A,B,C,D,X( 4),X( 6),X(12),X( 1)); | ||
| 453 | BODY_60_79(69,D,E,T,A,B,C,X( 5),X( 7),X(13),X( 2)); | ||
| 454 | BODY_60_79(70,C,D,E,T,A,B,X( 6),X( 8),X(14),X( 3)); | ||
| 455 | BODY_60_79(71,B,C,D,E,T,A,X( 7),X( 9),X(15),X( 4)); | ||
| 456 | BODY_60_79(72,A,B,C,D,E,T,X( 8),X(10),X( 0),X( 5)); | ||
| 457 | BODY_60_79(73,T,A,B,C,D,E,X( 9),X(11),X( 1),X( 6)); | ||
| 458 | BODY_60_79(74,E,T,A,B,C,D,X(10),X(12),X( 2),X( 7)); | ||
| 459 | BODY_60_79(75,D,E,T,A,B,C,X(11),X(13),X( 3),X( 8)); | ||
| 460 | BODY_60_79(76,C,D,E,T,A,B,X(12),X(14),X( 4),X( 9)); | ||
| 461 | BODY_60_79(77,B,C,D,E,T,A,X(13),X(15),X( 5),X(10)); | ||
| 462 | BODY_60_79(78,A,B,C,D,E,T,X(14),X( 0),X( 6),X(11)); | ||
| 463 | BODY_60_79(79,T,A,B,C,D,E,X(15),X( 1),X( 7),X(12)); | ||
| 464 | |||
| 465 | c->h0=(c->h0+E)&0xffffffffL; | ||
| 466 | c->h1=(c->h1+T)&0xffffffffL; | ||
| 467 | c->h2=(c->h2+A)&0xffffffffL; | ||
| 468 | c->h3=(c->h3+B)&0xffffffffL; | ||
| 469 | c->h4=(c->h4+C)&0xffffffffL; | ||
| 470 | |||
| 471 | if (--num <= 0) break; | ||
| 472 | 428 | ||
| 473 | A=c->h0; | 429 | A=c->h0; |
| 474 | B=c->h1; | 430 | B=c->h1; |
| @@ -479,3 +435,5 @@ void HASH_BLOCK_DATA_ORDER (SHA_CTX *c, const void *p, int num) | |||
| 479 | } | 435 | } |
| 480 | } | 436 | } |
| 481 | #endif | 437 | #endif |
| 438 | |||
| 439 | #endif | ||
diff --git a/src/lib/libssl/src/crypto/sha/sha_one.c b/src/lib/libssl/src/crypto/sha/sha_one.c index d4f4d344df..3bae623ce8 100644 --- a/src/lib/libssl/src/crypto/sha/sha_one.c +++ b/src/lib/libssl/src/crypto/sha/sha_one.c | |||
| @@ -62,7 +62,7 @@ | |||
| 62 | #include <openssl/crypto.h> | 62 | #include <openssl/crypto.h> |
| 63 | 63 | ||
| 64 | #ifndef OPENSSL_NO_SHA0 | 64 | #ifndef OPENSSL_NO_SHA0 |
| 65 | unsigned char *SHA(const unsigned char *d, unsigned long n, unsigned char *md) | 65 | unsigned char *SHA(const unsigned char *d, size_t n, unsigned char *md) |
| 66 | { | 66 | { |
| 67 | SHA_CTX c; | 67 | SHA_CTX c; |
| 68 | static unsigned char m[SHA_DIGEST_LENGTH]; | 68 | static unsigned char m[SHA_DIGEST_LENGTH]; |
diff --git a/src/lib/libssl/src/crypto/sha/shatest.c b/src/lib/libssl/src/crypto/sha/shatest.c index ff702aa53e..ed0fe06a7b 100644 --- a/src/lib/libssl/src/crypto/sha/shatest.c +++ b/src/lib/libssl/src/crypto/sha/shatest.c | |||
| @@ -106,7 +106,7 @@ static char *pt(unsigned char *md); | |||
| 106 | int main(int argc, char *argv[]) | 106 | int main(int argc, char *argv[]) |
| 107 | { | 107 | { |
| 108 | int i,err=0; | 108 | int i,err=0; |
| 109 | unsigned char **P,**R; | 109 | char **P,**R; |
| 110 | static unsigned char buf[1000]; | 110 | static unsigned char buf[1000]; |
| 111 | char *p,*r; | 111 | char *p,*r; |
| 112 | EVP_MD_CTX c; | 112 | EVP_MD_CTX c; |
| @@ -118,12 +118,12 @@ int main(int argc, char *argv[]) | |||
| 118 | #endif | 118 | #endif |
| 119 | 119 | ||
| 120 | EVP_MD_CTX_init(&c); | 120 | EVP_MD_CTX_init(&c); |
| 121 | P=(unsigned char **)test; | 121 | P=test; |
| 122 | R=(unsigned char **)ret; | 122 | R=ret; |
| 123 | i=1; | 123 | i=1; |
| 124 | while (*P != NULL) | 124 | while (*P != NULL) |
| 125 | { | 125 | { |
| 126 | EVP_Digest(*P,(unsigned long)strlen((char *)*P),md,NULL,EVP_sha(), NULL); | 126 | EVP_Digest(*P,strlen((char *)*P),md,NULL,EVP_sha(), NULL); |
| 127 | p=pt(md); | 127 | p=pt(md); |
| 128 | if (strcmp(p,(char *)*R) != 0) | 128 | if (strcmp(p,(char *)*R) != 0) |
| 129 | { | 129 | { |
| @@ -157,6 +157,10 @@ int main(int argc, char *argv[]) | |||
| 157 | } | 157 | } |
| 158 | else | 158 | else |
| 159 | printf("test 3 ok\n"); | 159 | printf("test 3 ok\n"); |
| 160 | |||
| 161 | #ifdef OPENSSL_SYS_NETWARE | ||
| 162 | if (err) printf("ERROR: %d\n", err); | ||
| 163 | #endif | ||
| 160 | EVP_MD_CTX_cleanup(&c); | 164 | EVP_MD_CTX_cleanup(&c); |
| 161 | EXIT(err); | 165 | EXIT(err); |
| 162 | return(0); | 166 | return(0); |
diff --git a/src/lib/libssl/src/crypto/stack/safestack.h b/src/lib/libssl/src/crypto/stack/safestack.h index 6010b7f122..78cc485e6d 100644 --- a/src/lib/libssl/src/crypto/stack/safestack.h +++ b/src/lib/libssl/src/crypto/stack/safestack.h | |||
| @@ -55,13 +55,22 @@ | |||
| 55 | #ifndef HEADER_SAFESTACK_H | 55 | #ifndef HEADER_SAFESTACK_H |
| 56 | #define HEADER_SAFESTACK_H | 56 | #define HEADER_SAFESTACK_H |
| 57 | 57 | ||
| 58 | typedef void (*openssl_fptr)(void); | ||
| 59 | #define openssl_fcast(f) ((openssl_fptr)f) | ||
| 60 | |||
| 61 | #include <openssl/stack.h> | 58 | #include <openssl/stack.h> |
| 62 | 59 | ||
| 63 | #ifdef DEBUG_SAFESTACK | 60 | #ifdef DEBUG_SAFESTACK |
| 64 | 61 | ||
| 62 | #ifndef CHECKED_PTR_OF | ||
| 63 | #define CHECKED_PTR_OF(type, p) \ | ||
| 64 | ((void*) (1 ? p : (type*)0)) | ||
| 65 | #endif | ||
| 66 | |||
| 67 | #define CHECKED_SK_FREE_FUNC(type, p) \ | ||
| 68 | ((void (*)(void *)) ((1 ? p : (void (*)(type *))0))) | ||
| 69 | |||
| 70 | #define CHECKED_SK_CMP_FUNC(type, p) \ | ||
| 71 | ((int (*)(const char * const *, const char * const *)) \ | ||
| 72 | ((1 ? p : (int (*)(const type * const *, const type * const *))0))) | ||
| 73 | |||
| 65 | #define STACK_OF(type) struct stack_st_##type | 74 | #define STACK_OF(type) struct stack_st_##type |
| 66 | #define PREDECLARE_STACK_OF(type) STACK_OF(type); | 75 | #define PREDECLARE_STACK_OF(type) STACK_OF(type); |
| 67 | 76 | ||
| @@ -76,75 +85,71 @@ STACK_OF(type) \ | |||
| 76 | /* SKM_sk_... stack macros are internal to safestack.h: | 85 | /* SKM_sk_... stack macros are internal to safestack.h: |
| 77 | * never use them directly, use sk_<type>_... instead */ | 86 | * never use them directly, use sk_<type>_... instead */ |
| 78 | #define SKM_sk_new(type, cmp) \ | 87 | #define SKM_sk_new(type, cmp) \ |
| 79 | ((STACK_OF(type) * (*)(int (*)(const type * const *, const type * const *)))openssl_fcast(sk_new))(cmp) | 88 | ((STACK_OF(type) *)sk_new(CHECKED_SK_CMP_FUNC(type, cmp))) |
| 80 | #define SKM_sk_new_null(type) \ | 89 | #define SKM_sk_new_null(type) \ |
| 81 | ((STACK_OF(type) * (*)(void))openssl_fcast(sk_new_null))() | 90 | ((STACK_OF(type) *)sk_new_null()) |
| 82 | #define SKM_sk_free(type, st) \ | 91 | #define SKM_sk_free(type, st) \ |
| 83 | ((void (*)(STACK_OF(type) *))openssl_fcast(sk_free))(st) | 92 | sk_free(CHECKED_PTR_OF(STACK_OF(type), st)) |
| 84 | #define SKM_sk_num(type, st) \ | 93 | #define SKM_sk_num(type, st) \ |
| 85 | ((int (*)(const STACK_OF(type) *))openssl_fcast(sk_num))(st) | 94 | sk_num(CHECKED_PTR_OF(STACK_OF(type), st)) |
| 86 | #define SKM_sk_value(type, st,i) \ | 95 | #define SKM_sk_value(type, st,i) \ |
| 87 | ((type * (*)(const STACK_OF(type) *, int))openssl_fcast(sk_value))(st, i) | 96 | ((type *)sk_value(CHECKED_PTR_OF(STACK_OF(type), st), i)) |
| 88 | #define SKM_sk_set(type, st,i,val) \ | 97 | #define SKM_sk_set(type, st,i,val) \ |
| 89 | ((type * (*)(STACK_OF(type) *, int, type *))openssl_fcast(sk_set))(st, i, val) | 98 | sk_set(CHECKED_PTR_OF(STACK_OF(type), st), i, CHECKED_PTR_OF(type, val)) |
| 90 | #define SKM_sk_zero(type, st) \ | 99 | #define SKM_sk_zero(type, st) \ |
| 91 | ((void (*)(STACK_OF(type) *))openssl_fcast(sk_zero))(st) | 100 | sk_zero(CHECKED_PTR_OF(STACK_OF(type), st)) |
| 92 | #define SKM_sk_push(type, st,val) \ | 101 | #define SKM_sk_push(type, st,val) \ |
| 93 | ((int (*)(STACK_OF(type) *, type *))openssl_fcast(sk_push))(st, val) | 102 | sk_push(CHECKED_PTR_OF(STACK_OF(type), st), CHECKED_PTR_OF(type, val)) |
| 94 | #define SKM_sk_unshift(type, st,val) \ | 103 | #define SKM_sk_unshift(type, st,val) \ |
| 95 | ((int (*)(STACK_OF(type) *, type *))openssl_fcast(sk_unshift))(st, val) | 104 | sk_unshift(CHECKED_PTR_OF(STACK_OF(type), st), CHECKED_PTR_OF(type, val)) |
| 96 | #define SKM_sk_find(type, st,val) \ | 105 | #define SKM_sk_find(type, st,val) \ |
| 97 | ((int (*)(STACK_OF(type) *, type *))openssl_fcast(sk_find))(st, val) | 106 | sk_find(CHECKED_PTR_OF(STACK_OF(type), st), CHECKED_PTR_OF(type, val)) |
| 98 | #define SKM_sk_delete(type, st,i) \ | 107 | #define SKM_sk_delete(type, st,i) \ |
| 99 | ((type * (*)(STACK_OF(type) *, int))openssl_fcast(sk_delete))(st, i) | 108 | (type *)sk_delete(CHECKED_PTR_OF(STACK_OF(type), st), i) |
| 100 | #define SKM_sk_delete_ptr(type, st,ptr) \ | 109 | #define SKM_sk_delete_ptr(type, st,ptr) \ |
| 101 | ((type * (*)(STACK_OF(type) *, type *))openssl_fcast(sk_delete_ptr))(st, ptr) | 110 | (type *)sk_delete_ptr(CHECKED_PTR_OF(STACK_OF(type), st), CHECKED_PTR_OF(type, ptr)) |
| 102 | #define SKM_sk_insert(type, st,val,i) \ | 111 | #define SKM_sk_insert(type, st,val,i) \ |
| 103 | ((int (*)(STACK_OF(type) *, type *, int))openssl_fcast(sk_insert))(st, val, i) | 112 | sk_insert(CHECKED_PTR_OF(STACK_OF(type), st), CHECKED_PTR_OF(type, val), i) |
| 104 | #define SKM_sk_set_cmp_func(type, st,cmp) \ | 113 | #define SKM_sk_set_cmp_func(type, st,cmp) \ |
| 105 | ((int (*(*)(STACK_OF(type) *, int (*)(const type * const *, const type * const *))) \ | 114 | ((int (*)(const type * const *,const type * const *)) \ |
| 106 | (const type * const *, const type * const *))openssl_fcast(sk_set_cmp_func))\ | 115 | sk_set_cmp_func(CHECKED_PTR_OF(STACK_OF(type), st), CHECKED_SK_CMP_FUNC(type, cmp))) |
| 107 | (st, cmp) | ||
| 108 | #define SKM_sk_dup(type, st) \ | 116 | #define SKM_sk_dup(type, st) \ |
| 109 | ((STACK_OF(type) *(*)(STACK_OF(type) *))openssl_fcast(sk_dup))(st) | 117 | (STACK_OF(type) *)sk_dup(CHECKED_PTR_OF(STACK_OF(type), st)) |
| 110 | #define SKM_sk_pop_free(type, st,free_func) \ | 118 | #define SKM_sk_pop_free(type, st,free_func) \ |
| 111 | ((void (*)(STACK_OF(type) *, void (*)(type *)))openssl_fcast(sk_pop_free))\ | 119 | sk_pop_free(CHECKED_PTR_OF(STACK_OF(type), st), CHECKED_SK_FREE_FUNC(type, free_func)) |
| 112 | (st, free_func) | ||
| 113 | #define SKM_sk_shift(type, st) \ | 120 | #define SKM_sk_shift(type, st) \ |
| 114 | ((type * (*)(STACK_OF(type) *))openssl_fcast(sk_shift))(st) | 121 | (type *)sk_shift(CHECKED_PTR_OF(STACK_OF(type), st)) |
| 115 | #define SKM_sk_pop(type, st) \ | 122 | #define SKM_sk_pop(type, st) \ |
| 116 | ((type * (*)(STACK_OF(type) *))openssl_fcast(sk_pop))(st) | 123 | (type *)sk_pop(CHECKED_PTR_OF(STACK_OF(type), st)) |
| 117 | #define SKM_sk_sort(type, st) \ | 124 | #define SKM_sk_sort(type, st) \ |
| 118 | ((void (*)(STACK_OF(type) *))openssl_fcast(sk_sort))(st) | 125 | sk_sort(CHECKED_PTR_OF(STACK_OF(type), st)) |
| 119 | #define SKM_sk_is_sorted(type, st) \ | 126 | #define SKM_sk_is_sorted(type, st) \ |
| 120 | ((int (*)(const STACK_OF(type) *))openssl_fcast(sk_is_sorted))(st) | 127 | sk_is_sorted(CHECKED_PTR_OF(STACK_OF(type), st)) |
| 121 | 128 | ||
| 122 | #define SKM_ASN1_SET_OF_d2i(type, st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ | 129 | #define SKM_ASN1_SET_OF_d2i(type, st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ |
| 123 | ((STACK_OF(type) * (*) (STACK_OF(type) **,unsigned char **, long , \ | 130 | (STACK_OF(type) *)d2i_ASN1_SET(CHECKED_PTR_OF(STACK_OF(type), st), \ |
| 124 | type *(*)(type **, unsigned char **,long), \ | 131 | pp, length, \ |
| 125 | void (*)(type *), int ,int )) openssl_fcast(d2i_ASN1_SET)) \ | 132 | CHECKED_D2I_OF(type, d2i_func), \ |
| 126 | (st,pp,length, d2i_func, free_func, ex_tag,ex_class) | 133 | CHECKED_SK_FREE_FUNC(type, free_func), \ |
| 134 | ex_tag, ex_class) | ||
| 135 | |||
| 127 | #define SKM_ASN1_SET_OF_i2d(type, st, pp, i2d_func, ex_tag, ex_class, is_set) \ | 136 | #define SKM_ASN1_SET_OF_i2d(type, st, pp, i2d_func, ex_tag, ex_class, is_set) \ |
| 128 | ((int (*)(STACK_OF(type) *,unsigned char **, \ | 137 | i2d_ASN1_SET(CHECKED_PTR_OF(STACK_OF(type), st), pp, \ |
| 129 | int (*)(type *,unsigned char **), int , int , int)) openssl_fcast(i2d_ASN1_SET)) \ | 138 | CHECKED_I2D_OF(type, i2d_func), \ |
| 130 | (st,pp,i2d_func,ex_tag,ex_class,is_set) | 139 | ex_tag, ex_class, is_set) |
| 131 | 140 | ||
| 132 | #define SKM_ASN1_seq_pack(type, st, i2d_func, buf, len) \ | 141 | #define SKM_ASN1_seq_pack(type, st, i2d_func, buf, len) \ |
| 133 | ((unsigned char *(*)(STACK_OF(type) *, \ | 142 | ASN1_seq_pack(CHECKED_PTR_OF(STACK_OF(type), st), \ |
| 134 | int (*)(type *,unsigned char **), unsigned char **,int *)) openssl_fcast(ASN1_seq_pack)) \ | 143 | CHECKED_I2D_OF(type, i2d_func), buf, len) |
| 135 | (st, i2d_func, buf, len) | 144 | |
| 136 | #define SKM_ASN1_seq_unpack(type, buf, len, d2i_func, free_func) \ | 145 | #define SKM_ASN1_seq_unpack(type, buf, len, d2i_func, free_func) \ |
| 137 | ((STACK_OF(type) * (*)(unsigned char *,int, \ | 146 | (STACK_OF(type) *)ASN1_seq_unpack(buf, len, CHECKED_D2I_OF(type, d2i_func), CHECKED_SK_FREE_FUNC(type, free_func)) |
| 138 | type *(*)(type **,unsigned char **, long), \ | ||
| 139 | void (*)(type *)))openssl_fcast(ASN1_seq_unpack)) \ | ||
| 140 | (buf,len,d2i_func, free_func) | ||
| 141 | 147 | ||
| 142 | #define SKM_PKCS12_decrypt_d2i(type, algor, d2i_func, free_func, pass, passlen, oct, seq) \ | 148 | #define SKM_PKCS12_decrypt_d2i(type, algor, d2i_func, free_func, pass, passlen, oct, seq) \ |
| 143 | ((STACK_OF(type) * (*)(X509_ALGOR *, \ | 149 | (STACK_OF(type) *)PKCS12_decrypt_d2i(algor, \ |
| 144 | type *(*)(type **, unsigned char **, long), void (*)(type *), \ | 150 | CHECKED_D2I_OF(type, d2i_func), \ |
| 145 | const char *, int, \ | 151 | CHECKED_SK_FREE_FUNC(type, free_func), \ |
| 146 | ASN1_STRING *, int))openssl_fcast(PKCS12_decrypt_d2i)) \ | 152 | pass, passlen, oct, seq) |
| 147 | (algor,d2i_func,free_func,pass,passlen,oct,seq) | ||
| 148 | 153 | ||
| 149 | #else | 154 | #else |
| 150 | 155 | ||
| @@ -170,7 +175,7 @@ STACK_OF(type) \ | |||
| 170 | #define SKM_sk_push(type, st,val) \ | 175 | #define SKM_sk_push(type, st,val) \ |
| 171 | sk_push(st, (char *)val) | 176 | sk_push(st, (char *)val) |
| 172 | #define SKM_sk_unshift(type, st,val) \ | 177 | #define SKM_sk_unshift(type, st,val) \ |
| 173 | sk_unshift(st, val) | 178 | sk_unshift(st, (char *)val) |
| 174 | #define SKM_sk_find(type, st,val) \ | 179 | #define SKM_sk_find(type, st,val) \ |
| 175 | sk_find(st, (char *)val) | 180 | sk_find(st, (char *)val) |
| 176 | #define SKM_sk_delete(type, st,i) \ | 181 | #define SKM_sk_delete(type, st,i) \ |
| @@ -196,14 +201,14 @@ STACK_OF(type) \ | |||
| 196 | sk_is_sorted(st) | 201 | sk_is_sorted(st) |
| 197 | 202 | ||
| 198 | #define SKM_ASN1_SET_OF_d2i(type, st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ | 203 | #define SKM_ASN1_SET_OF_d2i(type, st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ |
| 199 | d2i_ASN1_SET(st,pp,length, (char *(*)())d2i_func, (void (*)(void *))free_func, ex_tag,ex_class) | 204 | d2i_ASN1_SET(st,pp,length, (void *(*)(void ** ,const unsigned char ** ,long))d2i_func, (void (*)(void *))free_func, ex_tag,ex_class) |
| 200 | #define SKM_ASN1_SET_OF_i2d(type, st, pp, i2d_func, ex_tag, ex_class, is_set) \ | 205 | #define SKM_ASN1_SET_OF_i2d(type, st, pp, i2d_func, ex_tag, ex_class, is_set) \ |
| 201 | i2d_ASN1_SET(st,pp,i2d_func,ex_tag,ex_class,is_set) | 206 | i2d_ASN1_SET(st,pp,(int (*)(void *, unsigned char **))i2d_func,ex_tag,ex_class,is_set) |
| 202 | 207 | ||
| 203 | #define SKM_ASN1_seq_pack(type, st, i2d_func, buf, len) \ | 208 | #define SKM_ASN1_seq_pack(type, st, i2d_func, buf, len) \ |
| 204 | ASN1_seq_pack(st, i2d_func, buf, len) | 209 | ASN1_seq_pack(st, (int (*)(void *, unsigned char **))i2d_func, buf, len) |
| 205 | #define SKM_ASN1_seq_unpack(type, buf, len, d2i_func, free_func) \ | 210 | #define SKM_ASN1_seq_unpack(type, buf, len, d2i_func, free_func) \ |
| 206 | ASN1_seq_unpack(buf,len,(char *(*)())d2i_func, (void(*)(void *))free_func) | 211 | ASN1_seq_unpack(buf,len,(void *(*)(void **,const unsigned char **,long))d2i_func, (void(*)(void *))free_func) |
| 207 | 212 | ||
| 208 | #define SKM_PKCS12_decrypt_d2i(type, algor, d2i_func, free_func, pass, passlen, oct, seq) \ | 213 | #define SKM_PKCS12_decrypt_d2i(type, algor, d2i_func, free_func, pass, passlen, oct, seq) \ |
| 209 | ((STACK *)PKCS12_decrypt_d2i(algor,(char *(*)())d2i_func, (void(*)(void *))free_func,pass,passlen,oct,seq)) | 214 | ((STACK *)PKCS12_decrypt_d2i(algor,(char *(*)())d2i_func, (void(*)(void *))free_func,pass,passlen,oct,seq)) |
| @@ -221,6 +226,7 @@ STACK_OF(type) \ | |||
| 221 | #define sk_ACCESS_DESCRIPTION_push(st, val) SKM_sk_push(ACCESS_DESCRIPTION, (st), (val)) | 226 | #define sk_ACCESS_DESCRIPTION_push(st, val) SKM_sk_push(ACCESS_DESCRIPTION, (st), (val)) |
| 222 | #define sk_ACCESS_DESCRIPTION_unshift(st, val) SKM_sk_unshift(ACCESS_DESCRIPTION, (st), (val)) | 227 | #define sk_ACCESS_DESCRIPTION_unshift(st, val) SKM_sk_unshift(ACCESS_DESCRIPTION, (st), (val)) |
| 223 | #define sk_ACCESS_DESCRIPTION_find(st, val) SKM_sk_find(ACCESS_DESCRIPTION, (st), (val)) | 228 | #define sk_ACCESS_DESCRIPTION_find(st, val) SKM_sk_find(ACCESS_DESCRIPTION, (st), (val)) |
| 229 | #define sk_ACCESS_DESCRIPTION_find_ex(st, val) SKM_sk_find_ex(ACCESS_DESCRIPTION, (st), (val)) | ||
| 224 | #define sk_ACCESS_DESCRIPTION_delete(st, i) SKM_sk_delete(ACCESS_DESCRIPTION, (st), (i)) | 230 | #define sk_ACCESS_DESCRIPTION_delete(st, i) SKM_sk_delete(ACCESS_DESCRIPTION, (st), (i)) |
| 225 | #define sk_ACCESS_DESCRIPTION_delete_ptr(st, ptr) SKM_sk_delete_ptr(ACCESS_DESCRIPTION, (st), (ptr)) | 231 | #define sk_ACCESS_DESCRIPTION_delete_ptr(st, ptr) SKM_sk_delete_ptr(ACCESS_DESCRIPTION, (st), (ptr)) |
| 226 | #define sk_ACCESS_DESCRIPTION_insert(st, val, i) SKM_sk_insert(ACCESS_DESCRIPTION, (st), (val), (i)) | 232 | #define sk_ACCESS_DESCRIPTION_insert(st, val, i) SKM_sk_insert(ACCESS_DESCRIPTION, (st), (val), (i)) |
| @@ -232,6 +238,28 @@ STACK_OF(type) \ | |||
| 232 | #define sk_ACCESS_DESCRIPTION_sort(st) SKM_sk_sort(ACCESS_DESCRIPTION, (st)) | 238 | #define sk_ACCESS_DESCRIPTION_sort(st) SKM_sk_sort(ACCESS_DESCRIPTION, (st)) |
| 233 | #define sk_ACCESS_DESCRIPTION_is_sorted(st) SKM_sk_is_sorted(ACCESS_DESCRIPTION, (st)) | 239 | #define sk_ACCESS_DESCRIPTION_is_sorted(st) SKM_sk_is_sorted(ACCESS_DESCRIPTION, (st)) |
| 234 | 240 | ||
| 241 | #define sk_ASIdOrRange_new(st) SKM_sk_new(ASIdOrRange, (st)) | ||
| 242 | #define sk_ASIdOrRange_new_null() SKM_sk_new_null(ASIdOrRange) | ||
| 243 | #define sk_ASIdOrRange_free(st) SKM_sk_free(ASIdOrRange, (st)) | ||
| 244 | #define sk_ASIdOrRange_num(st) SKM_sk_num(ASIdOrRange, (st)) | ||
| 245 | #define sk_ASIdOrRange_value(st, i) SKM_sk_value(ASIdOrRange, (st), (i)) | ||
| 246 | #define sk_ASIdOrRange_set(st, i, val) SKM_sk_set(ASIdOrRange, (st), (i), (val)) | ||
| 247 | #define sk_ASIdOrRange_zero(st) SKM_sk_zero(ASIdOrRange, (st)) | ||
| 248 | #define sk_ASIdOrRange_push(st, val) SKM_sk_push(ASIdOrRange, (st), (val)) | ||
| 249 | #define sk_ASIdOrRange_unshift(st, val) SKM_sk_unshift(ASIdOrRange, (st), (val)) | ||
| 250 | #define sk_ASIdOrRange_find(st, val) SKM_sk_find(ASIdOrRange, (st), (val)) | ||
| 251 | #define sk_ASIdOrRange_find_ex(st, val) SKM_sk_find_ex(ASIdOrRange, (st), (val)) | ||
| 252 | #define sk_ASIdOrRange_delete(st, i) SKM_sk_delete(ASIdOrRange, (st), (i)) | ||
| 253 | #define sk_ASIdOrRange_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASIdOrRange, (st), (ptr)) | ||
| 254 | #define sk_ASIdOrRange_insert(st, val, i) SKM_sk_insert(ASIdOrRange, (st), (val), (i)) | ||
| 255 | #define sk_ASIdOrRange_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ASIdOrRange, (st), (cmp)) | ||
| 256 | #define sk_ASIdOrRange_dup(st) SKM_sk_dup(ASIdOrRange, st) | ||
| 257 | #define sk_ASIdOrRange_pop_free(st, free_func) SKM_sk_pop_free(ASIdOrRange, (st), (free_func)) | ||
| 258 | #define sk_ASIdOrRange_shift(st) SKM_sk_shift(ASIdOrRange, (st)) | ||
| 259 | #define sk_ASIdOrRange_pop(st) SKM_sk_pop(ASIdOrRange, (st)) | ||
| 260 | #define sk_ASIdOrRange_sort(st) SKM_sk_sort(ASIdOrRange, (st)) | ||
| 261 | #define sk_ASIdOrRange_is_sorted(st) SKM_sk_is_sorted(ASIdOrRange, (st)) | ||
| 262 | |||
| 235 | #define sk_ASN1_GENERALSTRING_new(st) SKM_sk_new(ASN1_GENERALSTRING, (st)) | 263 | #define sk_ASN1_GENERALSTRING_new(st) SKM_sk_new(ASN1_GENERALSTRING, (st)) |
| 236 | #define sk_ASN1_GENERALSTRING_new_null() SKM_sk_new_null(ASN1_GENERALSTRING) | 264 | #define sk_ASN1_GENERALSTRING_new_null() SKM_sk_new_null(ASN1_GENERALSTRING) |
| 237 | #define sk_ASN1_GENERALSTRING_free(st) SKM_sk_free(ASN1_GENERALSTRING, (st)) | 265 | #define sk_ASN1_GENERALSTRING_free(st) SKM_sk_free(ASN1_GENERALSTRING, (st)) |
| @@ -242,6 +270,7 @@ STACK_OF(type) \ | |||
| 242 | #define sk_ASN1_GENERALSTRING_push(st, val) SKM_sk_push(ASN1_GENERALSTRING, (st), (val)) | 270 | #define sk_ASN1_GENERALSTRING_push(st, val) SKM_sk_push(ASN1_GENERALSTRING, (st), (val)) |
| 243 | #define sk_ASN1_GENERALSTRING_unshift(st, val) SKM_sk_unshift(ASN1_GENERALSTRING, (st), (val)) | 271 | #define sk_ASN1_GENERALSTRING_unshift(st, val) SKM_sk_unshift(ASN1_GENERALSTRING, (st), (val)) |
| 244 | #define sk_ASN1_GENERALSTRING_find(st, val) SKM_sk_find(ASN1_GENERALSTRING, (st), (val)) | 272 | #define sk_ASN1_GENERALSTRING_find(st, val) SKM_sk_find(ASN1_GENERALSTRING, (st), (val)) |
| 273 | #define sk_ASN1_GENERALSTRING_find_ex(st, val) SKM_sk_find_ex(ASN1_GENERALSTRING, (st), (val)) | ||
| 245 | #define sk_ASN1_GENERALSTRING_delete(st, i) SKM_sk_delete(ASN1_GENERALSTRING, (st), (i)) | 274 | #define sk_ASN1_GENERALSTRING_delete(st, i) SKM_sk_delete(ASN1_GENERALSTRING, (st), (i)) |
| 246 | #define sk_ASN1_GENERALSTRING_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASN1_GENERALSTRING, (st), (ptr)) | 275 | #define sk_ASN1_GENERALSTRING_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASN1_GENERALSTRING, (st), (ptr)) |
| 247 | #define sk_ASN1_GENERALSTRING_insert(st, val, i) SKM_sk_insert(ASN1_GENERALSTRING, (st), (val), (i)) | 276 | #define sk_ASN1_GENERALSTRING_insert(st, val, i) SKM_sk_insert(ASN1_GENERALSTRING, (st), (val), (i)) |
| @@ -263,6 +292,7 @@ STACK_OF(type) \ | |||
| 263 | #define sk_ASN1_INTEGER_push(st, val) SKM_sk_push(ASN1_INTEGER, (st), (val)) | 292 | #define sk_ASN1_INTEGER_push(st, val) SKM_sk_push(ASN1_INTEGER, (st), (val)) |
| 264 | #define sk_ASN1_INTEGER_unshift(st, val) SKM_sk_unshift(ASN1_INTEGER, (st), (val)) | 293 | #define sk_ASN1_INTEGER_unshift(st, val) SKM_sk_unshift(ASN1_INTEGER, (st), (val)) |
| 265 | #define sk_ASN1_INTEGER_find(st, val) SKM_sk_find(ASN1_INTEGER, (st), (val)) | 294 | #define sk_ASN1_INTEGER_find(st, val) SKM_sk_find(ASN1_INTEGER, (st), (val)) |
| 295 | #define sk_ASN1_INTEGER_find_ex(st, val) SKM_sk_find_ex(ASN1_INTEGER, (st), (val)) | ||
| 266 | #define sk_ASN1_INTEGER_delete(st, i) SKM_sk_delete(ASN1_INTEGER, (st), (i)) | 296 | #define sk_ASN1_INTEGER_delete(st, i) SKM_sk_delete(ASN1_INTEGER, (st), (i)) |
| 267 | #define sk_ASN1_INTEGER_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASN1_INTEGER, (st), (ptr)) | 297 | #define sk_ASN1_INTEGER_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASN1_INTEGER, (st), (ptr)) |
| 268 | #define sk_ASN1_INTEGER_insert(st, val, i) SKM_sk_insert(ASN1_INTEGER, (st), (val), (i)) | 298 | #define sk_ASN1_INTEGER_insert(st, val, i) SKM_sk_insert(ASN1_INTEGER, (st), (val), (i)) |
| @@ -284,6 +314,7 @@ STACK_OF(type) \ | |||
| 284 | #define sk_ASN1_OBJECT_push(st, val) SKM_sk_push(ASN1_OBJECT, (st), (val)) | 314 | #define sk_ASN1_OBJECT_push(st, val) SKM_sk_push(ASN1_OBJECT, (st), (val)) |
| 285 | #define sk_ASN1_OBJECT_unshift(st, val) SKM_sk_unshift(ASN1_OBJECT, (st), (val)) | 315 | #define sk_ASN1_OBJECT_unshift(st, val) SKM_sk_unshift(ASN1_OBJECT, (st), (val)) |
| 286 | #define sk_ASN1_OBJECT_find(st, val) SKM_sk_find(ASN1_OBJECT, (st), (val)) | 316 | #define sk_ASN1_OBJECT_find(st, val) SKM_sk_find(ASN1_OBJECT, (st), (val)) |
| 317 | #define sk_ASN1_OBJECT_find_ex(st, val) SKM_sk_find_ex(ASN1_OBJECT, (st), (val)) | ||
| 287 | #define sk_ASN1_OBJECT_delete(st, i) SKM_sk_delete(ASN1_OBJECT, (st), (i)) | 318 | #define sk_ASN1_OBJECT_delete(st, i) SKM_sk_delete(ASN1_OBJECT, (st), (i)) |
| 288 | #define sk_ASN1_OBJECT_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASN1_OBJECT, (st), (ptr)) | 319 | #define sk_ASN1_OBJECT_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASN1_OBJECT, (st), (ptr)) |
| 289 | #define sk_ASN1_OBJECT_insert(st, val, i) SKM_sk_insert(ASN1_OBJECT, (st), (val), (i)) | 320 | #define sk_ASN1_OBJECT_insert(st, val, i) SKM_sk_insert(ASN1_OBJECT, (st), (val), (i)) |
| @@ -305,6 +336,7 @@ STACK_OF(type) \ | |||
| 305 | #define sk_ASN1_STRING_TABLE_push(st, val) SKM_sk_push(ASN1_STRING_TABLE, (st), (val)) | 336 | #define sk_ASN1_STRING_TABLE_push(st, val) SKM_sk_push(ASN1_STRING_TABLE, (st), (val)) |
| 306 | #define sk_ASN1_STRING_TABLE_unshift(st, val) SKM_sk_unshift(ASN1_STRING_TABLE, (st), (val)) | 337 | #define sk_ASN1_STRING_TABLE_unshift(st, val) SKM_sk_unshift(ASN1_STRING_TABLE, (st), (val)) |
| 307 | #define sk_ASN1_STRING_TABLE_find(st, val) SKM_sk_find(ASN1_STRING_TABLE, (st), (val)) | 338 | #define sk_ASN1_STRING_TABLE_find(st, val) SKM_sk_find(ASN1_STRING_TABLE, (st), (val)) |
| 339 | #define sk_ASN1_STRING_TABLE_find_ex(st, val) SKM_sk_find_ex(ASN1_STRING_TABLE, (st), (val)) | ||
| 308 | #define sk_ASN1_STRING_TABLE_delete(st, i) SKM_sk_delete(ASN1_STRING_TABLE, (st), (i)) | 340 | #define sk_ASN1_STRING_TABLE_delete(st, i) SKM_sk_delete(ASN1_STRING_TABLE, (st), (i)) |
| 309 | #define sk_ASN1_STRING_TABLE_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASN1_STRING_TABLE, (st), (ptr)) | 341 | #define sk_ASN1_STRING_TABLE_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASN1_STRING_TABLE, (st), (ptr)) |
| 310 | #define sk_ASN1_STRING_TABLE_insert(st, val, i) SKM_sk_insert(ASN1_STRING_TABLE, (st), (val), (i)) | 342 | #define sk_ASN1_STRING_TABLE_insert(st, val, i) SKM_sk_insert(ASN1_STRING_TABLE, (st), (val), (i)) |
| @@ -326,6 +358,7 @@ STACK_OF(type) \ | |||
| 326 | #define sk_ASN1_TYPE_push(st, val) SKM_sk_push(ASN1_TYPE, (st), (val)) | 358 | #define sk_ASN1_TYPE_push(st, val) SKM_sk_push(ASN1_TYPE, (st), (val)) |
| 327 | #define sk_ASN1_TYPE_unshift(st, val) SKM_sk_unshift(ASN1_TYPE, (st), (val)) | 359 | #define sk_ASN1_TYPE_unshift(st, val) SKM_sk_unshift(ASN1_TYPE, (st), (val)) |
| 328 | #define sk_ASN1_TYPE_find(st, val) SKM_sk_find(ASN1_TYPE, (st), (val)) | 360 | #define sk_ASN1_TYPE_find(st, val) SKM_sk_find(ASN1_TYPE, (st), (val)) |
| 361 | #define sk_ASN1_TYPE_find_ex(st, val) SKM_sk_find_ex(ASN1_TYPE, (st), (val)) | ||
| 329 | #define sk_ASN1_TYPE_delete(st, i) SKM_sk_delete(ASN1_TYPE, (st), (i)) | 362 | #define sk_ASN1_TYPE_delete(st, i) SKM_sk_delete(ASN1_TYPE, (st), (i)) |
| 330 | #define sk_ASN1_TYPE_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASN1_TYPE, (st), (ptr)) | 363 | #define sk_ASN1_TYPE_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASN1_TYPE, (st), (ptr)) |
| 331 | #define sk_ASN1_TYPE_insert(st, val, i) SKM_sk_insert(ASN1_TYPE, (st), (val), (i)) | 364 | #define sk_ASN1_TYPE_insert(st, val, i) SKM_sk_insert(ASN1_TYPE, (st), (val), (i)) |
| @@ -347,6 +380,7 @@ STACK_OF(type) \ | |||
| 347 | #define sk_ASN1_VALUE_push(st, val) SKM_sk_push(ASN1_VALUE, (st), (val)) | 380 | #define sk_ASN1_VALUE_push(st, val) SKM_sk_push(ASN1_VALUE, (st), (val)) |
| 348 | #define sk_ASN1_VALUE_unshift(st, val) SKM_sk_unshift(ASN1_VALUE, (st), (val)) | 381 | #define sk_ASN1_VALUE_unshift(st, val) SKM_sk_unshift(ASN1_VALUE, (st), (val)) |
| 349 | #define sk_ASN1_VALUE_find(st, val) SKM_sk_find(ASN1_VALUE, (st), (val)) | 382 | #define sk_ASN1_VALUE_find(st, val) SKM_sk_find(ASN1_VALUE, (st), (val)) |
| 383 | #define sk_ASN1_VALUE_find_ex(st, val) SKM_sk_find_ex(ASN1_VALUE, (st), (val)) | ||
| 350 | #define sk_ASN1_VALUE_delete(st, i) SKM_sk_delete(ASN1_VALUE, (st), (i)) | 384 | #define sk_ASN1_VALUE_delete(st, i) SKM_sk_delete(ASN1_VALUE, (st), (i)) |
| 351 | #define sk_ASN1_VALUE_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASN1_VALUE, (st), (ptr)) | 385 | #define sk_ASN1_VALUE_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASN1_VALUE, (st), (ptr)) |
| 352 | #define sk_ASN1_VALUE_insert(st, val, i) SKM_sk_insert(ASN1_VALUE, (st), (val), (i)) | 386 | #define sk_ASN1_VALUE_insert(st, val, i) SKM_sk_insert(ASN1_VALUE, (st), (val), (i)) |
| @@ -368,6 +402,7 @@ STACK_OF(type) \ | |||
| 368 | #define sk_BIO_push(st, val) SKM_sk_push(BIO, (st), (val)) | 402 | #define sk_BIO_push(st, val) SKM_sk_push(BIO, (st), (val)) |
| 369 | #define sk_BIO_unshift(st, val) SKM_sk_unshift(BIO, (st), (val)) | 403 | #define sk_BIO_unshift(st, val) SKM_sk_unshift(BIO, (st), (val)) |
| 370 | #define sk_BIO_find(st, val) SKM_sk_find(BIO, (st), (val)) | 404 | #define sk_BIO_find(st, val) SKM_sk_find(BIO, (st), (val)) |
| 405 | #define sk_BIO_find_ex(st, val) SKM_sk_find_ex(BIO, (st), (val)) | ||
| 371 | #define sk_BIO_delete(st, i) SKM_sk_delete(BIO, (st), (i)) | 406 | #define sk_BIO_delete(st, i) SKM_sk_delete(BIO, (st), (i)) |
| 372 | #define sk_BIO_delete_ptr(st, ptr) SKM_sk_delete_ptr(BIO, (st), (ptr)) | 407 | #define sk_BIO_delete_ptr(st, ptr) SKM_sk_delete_ptr(BIO, (st), (ptr)) |
| 373 | #define sk_BIO_insert(st, val, i) SKM_sk_insert(BIO, (st), (val), (i)) | 408 | #define sk_BIO_insert(st, val, i) SKM_sk_insert(BIO, (st), (val), (i)) |
| @@ -379,6 +414,94 @@ STACK_OF(type) \ | |||
| 379 | #define sk_BIO_sort(st) SKM_sk_sort(BIO, (st)) | 414 | #define sk_BIO_sort(st) SKM_sk_sort(BIO, (st)) |
| 380 | #define sk_BIO_is_sorted(st) SKM_sk_is_sorted(BIO, (st)) | 415 | #define sk_BIO_is_sorted(st) SKM_sk_is_sorted(BIO, (st)) |
| 381 | 416 | ||
| 417 | #define sk_CMS_CertificateChoices_new(st) SKM_sk_new(CMS_CertificateChoices, (st)) | ||
| 418 | #define sk_CMS_CertificateChoices_new_null() SKM_sk_new_null(CMS_CertificateChoices) | ||
| 419 | #define sk_CMS_CertificateChoices_free(st) SKM_sk_free(CMS_CertificateChoices, (st)) | ||
| 420 | #define sk_CMS_CertificateChoices_num(st) SKM_sk_num(CMS_CertificateChoices, (st)) | ||
| 421 | #define sk_CMS_CertificateChoices_value(st, i) SKM_sk_value(CMS_CertificateChoices, (st), (i)) | ||
| 422 | #define sk_CMS_CertificateChoices_set(st, i, val) SKM_sk_set(CMS_CertificateChoices, (st), (i), (val)) | ||
| 423 | #define sk_CMS_CertificateChoices_zero(st) SKM_sk_zero(CMS_CertificateChoices, (st)) | ||
| 424 | #define sk_CMS_CertificateChoices_push(st, val) SKM_sk_push(CMS_CertificateChoices, (st), (val)) | ||
| 425 | #define sk_CMS_CertificateChoices_unshift(st, val) SKM_sk_unshift(CMS_CertificateChoices, (st), (val)) | ||
| 426 | #define sk_CMS_CertificateChoices_find(st, val) SKM_sk_find(CMS_CertificateChoices, (st), (val)) | ||
| 427 | #define sk_CMS_CertificateChoices_find_ex(st, val) SKM_sk_find_ex(CMS_CertificateChoices, (st), (val)) | ||
| 428 | #define sk_CMS_CertificateChoices_delete(st, i) SKM_sk_delete(CMS_CertificateChoices, (st), (i)) | ||
| 429 | #define sk_CMS_CertificateChoices_delete_ptr(st, ptr) SKM_sk_delete_ptr(CMS_CertificateChoices, (st), (ptr)) | ||
| 430 | #define sk_CMS_CertificateChoices_insert(st, val, i) SKM_sk_insert(CMS_CertificateChoices, (st), (val), (i)) | ||
| 431 | #define sk_CMS_CertificateChoices_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CMS_CertificateChoices, (st), (cmp)) | ||
| 432 | #define sk_CMS_CertificateChoices_dup(st) SKM_sk_dup(CMS_CertificateChoices, st) | ||
| 433 | #define sk_CMS_CertificateChoices_pop_free(st, free_func) SKM_sk_pop_free(CMS_CertificateChoices, (st), (free_func)) | ||
| 434 | #define sk_CMS_CertificateChoices_shift(st) SKM_sk_shift(CMS_CertificateChoices, (st)) | ||
| 435 | #define sk_CMS_CertificateChoices_pop(st) SKM_sk_pop(CMS_CertificateChoices, (st)) | ||
| 436 | #define sk_CMS_CertificateChoices_sort(st) SKM_sk_sort(CMS_CertificateChoices, (st)) | ||
| 437 | #define sk_CMS_CertificateChoices_is_sorted(st) SKM_sk_is_sorted(CMS_CertificateChoices, (st)) | ||
| 438 | |||
| 439 | #define sk_CMS_RecipientInfo_new(st) SKM_sk_new(CMS_RecipientInfo, (st)) | ||
| 440 | #define sk_CMS_RecipientInfo_new_null() SKM_sk_new_null(CMS_RecipientInfo) | ||
| 441 | #define sk_CMS_RecipientInfo_free(st) SKM_sk_free(CMS_RecipientInfo, (st)) | ||
| 442 | #define sk_CMS_RecipientInfo_num(st) SKM_sk_num(CMS_RecipientInfo, (st)) | ||
| 443 | #define sk_CMS_RecipientInfo_value(st, i) SKM_sk_value(CMS_RecipientInfo, (st), (i)) | ||
| 444 | #define sk_CMS_RecipientInfo_set(st, i, val) SKM_sk_set(CMS_RecipientInfo, (st), (i), (val)) | ||
| 445 | #define sk_CMS_RecipientInfo_zero(st) SKM_sk_zero(CMS_RecipientInfo, (st)) | ||
| 446 | #define sk_CMS_RecipientInfo_push(st, val) SKM_sk_push(CMS_RecipientInfo, (st), (val)) | ||
| 447 | #define sk_CMS_RecipientInfo_unshift(st, val) SKM_sk_unshift(CMS_RecipientInfo, (st), (val)) | ||
| 448 | #define sk_CMS_RecipientInfo_find(st, val) SKM_sk_find(CMS_RecipientInfo, (st), (val)) | ||
| 449 | #define sk_CMS_RecipientInfo_find_ex(st, val) SKM_sk_find_ex(CMS_RecipientInfo, (st), (val)) | ||
| 450 | #define sk_CMS_RecipientInfo_delete(st, i) SKM_sk_delete(CMS_RecipientInfo, (st), (i)) | ||
| 451 | #define sk_CMS_RecipientInfo_delete_ptr(st, ptr) SKM_sk_delete_ptr(CMS_RecipientInfo, (st), (ptr)) | ||
| 452 | #define sk_CMS_RecipientInfo_insert(st, val, i) SKM_sk_insert(CMS_RecipientInfo, (st), (val), (i)) | ||
| 453 | #define sk_CMS_RecipientInfo_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CMS_RecipientInfo, (st), (cmp)) | ||
| 454 | #define sk_CMS_RecipientInfo_dup(st) SKM_sk_dup(CMS_RecipientInfo, st) | ||
| 455 | #define sk_CMS_RecipientInfo_pop_free(st, free_func) SKM_sk_pop_free(CMS_RecipientInfo, (st), (free_func)) | ||
| 456 | #define sk_CMS_RecipientInfo_shift(st) SKM_sk_shift(CMS_RecipientInfo, (st)) | ||
| 457 | #define sk_CMS_RecipientInfo_pop(st) SKM_sk_pop(CMS_RecipientInfo, (st)) | ||
| 458 | #define sk_CMS_RecipientInfo_sort(st) SKM_sk_sort(CMS_RecipientInfo, (st)) | ||
| 459 | #define sk_CMS_RecipientInfo_is_sorted(st) SKM_sk_is_sorted(CMS_RecipientInfo, (st)) | ||
| 460 | |||
| 461 | #define sk_CMS_RevocationInfoChoice_new(st) SKM_sk_new(CMS_RevocationInfoChoice, (st)) | ||
| 462 | #define sk_CMS_RevocationInfoChoice_new_null() SKM_sk_new_null(CMS_RevocationInfoChoice) | ||
| 463 | #define sk_CMS_RevocationInfoChoice_free(st) SKM_sk_free(CMS_RevocationInfoChoice, (st)) | ||
| 464 | #define sk_CMS_RevocationInfoChoice_num(st) SKM_sk_num(CMS_RevocationInfoChoice, (st)) | ||
| 465 | #define sk_CMS_RevocationInfoChoice_value(st, i) SKM_sk_value(CMS_RevocationInfoChoice, (st), (i)) | ||
| 466 | #define sk_CMS_RevocationInfoChoice_set(st, i, val) SKM_sk_set(CMS_RevocationInfoChoice, (st), (i), (val)) | ||
| 467 | #define sk_CMS_RevocationInfoChoice_zero(st) SKM_sk_zero(CMS_RevocationInfoChoice, (st)) | ||
| 468 | #define sk_CMS_RevocationInfoChoice_push(st, val) SKM_sk_push(CMS_RevocationInfoChoice, (st), (val)) | ||
| 469 | #define sk_CMS_RevocationInfoChoice_unshift(st, val) SKM_sk_unshift(CMS_RevocationInfoChoice, (st), (val)) | ||
| 470 | #define sk_CMS_RevocationInfoChoice_find(st, val) SKM_sk_find(CMS_RevocationInfoChoice, (st), (val)) | ||
| 471 | #define sk_CMS_RevocationInfoChoice_find_ex(st, val) SKM_sk_find_ex(CMS_RevocationInfoChoice, (st), (val)) | ||
| 472 | #define sk_CMS_RevocationInfoChoice_delete(st, i) SKM_sk_delete(CMS_RevocationInfoChoice, (st), (i)) | ||
| 473 | #define sk_CMS_RevocationInfoChoice_delete_ptr(st, ptr) SKM_sk_delete_ptr(CMS_RevocationInfoChoice, (st), (ptr)) | ||
| 474 | #define sk_CMS_RevocationInfoChoice_insert(st, val, i) SKM_sk_insert(CMS_RevocationInfoChoice, (st), (val), (i)) | ||
| 475 | #define sk_CMS_RevocationInfoChoice_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CMS_RevocationInfoChoice, (st), (cmp)) | ||
| 476 | #define sk_CMS_RevocationInfoChoice_dup(st) SKM_sk_dup(CMS_RevocationInfoChoice, st) | ||
| 477 | #define sk_CMS_RevocationInfoChoice_pop_free(st, free_func) SKM_sk_pop_free(CMS_RevocationInfoChoice, (st), (free_func)) | ||
| 478 | #define sk_CMS_RevocationInfoChoice_shift(st) SKM_sk_shift(CMS_RevocationInfoChoice, (st)) | ||
| 479 | #define sk_CMS_RevocationInfoChoice_pop(st) SKM_sk_pop(CMS_RevocationInfoChoice, (st)) | ||
| 480 | #define sk_CMS_RevocationInfoChoice_sort(st) SKM_sk_sort(CMS_RevocationInfoChoice, (st)) | ||
| 481 | #define sk_CMS_RevocationInfoChoice_is_sorted(st) SKM_sk_is_sorted(CMS_RevocationInfoChoice, (st)) | ||
| 482 | |||
| 483 | #define sk_CMS_SignerInfo_new(st) SKM_sk_new(CMS_SignerInfo, (st)) | ||
| 484 | #define sk_CMS_SignerInfo_new_null() SKM_sk_new_null(CMS_SignerInfo) | ||
| 485 | #define sk_CMS_SignerInfo_free(st) SKM_sk_free(CMS_SignerInfo, (st)) | ||
| 486 | #define sk_CMS_SignerInfo_num(st) SKM_sk_num(CMS_SignerInfo, (st)) | ||
| 487 | #define sk_CMS_SignerInfo_value(st, i) SKM_sk_value(CMS_SignerInfo, (st), (i)) | ||
| 488 | #define sk_CMS_SignerInfo_set(st, i, val) SKM_sk_set(CMS_SignerInfo, (st), (i), (val)) | ||
| 489 | #define sk_CMS_SignerInfo_zero(st) SKM_sk_zero(CMS_SignerInfo, (st)) | ||
| 490 | #define sk_CMS_SignerInfo_push(st, val) SKM_sk_push(CMS_SignerInfo, (st), (val)) | ||
| 491 | #define sk_CMS_SignerInfo_unshift(st, val) SKM_sk_unshift(CMS_SignerInfo, (st), (val)) | ||
| 492 | #define sk_CMS_SignerInfo_find(st, val) SKM_sk_find(CMS_SignerInfo, (st), (val)) | ||
| 493 | #define sk_CMS_SignerInfo_find_ex(st, val) SKM_sk_find_ex(CMS_SignerInfo, (st), (val)) | ||
| 494 | #define sk_CMS_SignerInfo_delete(st, i) SKM_sk_delete(CMS_SignerInfo, (st), (i)) | ||
| 495 | #define sk_CMS_SignerInfo_delete_ptr(st, ptr) SKM_sk_delete_ptr(CMS_SignerInfo, (st), (ptr)) | ||
| 496 | #define sk_CMS_SignerInfo_insert(st, val, i) SKM_sk_insert(CMS_SignerInfo, (st), (val), (i)) | ||
| 497 | #define sk_CMS_SignerInfo_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CMS_SignerInfo, (st), (cmp)) | ||
| 498 | #define sk_CMS_SignerInfo_dup(st) SKM_sk_dup(CMS_SignerInfo, st) | ||
| 499 | #define sk_CMS_SignerInfo_pop_free(st, free_func) SKM_sk_pop_free(CMS_SignerInfo, (st), (free_func)) | ||
| 500 | #define sk_CMS_SignerInfo_shift(st) SKM_sk_shift(CMS_SignerInfo, (st)) | ||
| 501 | #define sk_CMS_SignerInfo_pop(st) SKM_sk_pop(CMS_SignerInfo, (st)) | ||
| 502 | #define sk_CMS_SignerInfo_sort(st) SKM_sk_sort(CMS_SignerInfo, (st)) | ||
| 503 | #define sk_CMS_SignerInfo_is_sorted(st) SKM_sk_is_sorted(CMS_SignerInfo, (st)) | ||
| 504 | |||
| 382 | #define sk_CONF_IMODULE_new(st) SKM_sk_new(CONF_IMODULE, (st)) | 505 | #define sk_CONF_IMODULE_new(st) SKM_sk_new(CONF_IMODULE, (st)) |
| 383 | #define sk_CONF_IMODULE_new_null() SKM_sk_new_null(CONF_IMODULE) | 506 | #define sk_CONF_IMODULE_new_null() SKM_sk_new_null(CONF_IMODULE) |
| 384 | #define sk_CONF_IMODULE_free(st) SKM_sk_free(CONF_IMODULE, (st)) | 507 | #define sk_CONF_IMODULE_free(st) SKM_sk_free(CONF_IMODULE, (st)) |
| @@ -389,6 +512,7 @@ STACK_OF(type) \ | |||
| 389 | #define sk_CONF_IMODULE_push(st, val) SKM_sk_push(CONF_IMODULE, (st), (val)) | 512 | #define sk_CONF_IMODULE_push(st, val) SKM_sk_push(CONF_IMODULE, (st), (val)) |
| 390 | #define sk_CONF_IMODULE_unshift(st, val) SKM_sk_unshift(CONF_IMODULE, (st), (val)) | 513 | #define sk_CONF_IMODULE_unshift(st, val) SKM_sk_unshift(CONF_IMODULE, (st), (val)) |
| 391 | #define sk_CONF_IMODULE_find(st, val) SKM_sk_find(CONF_IMODULE, (st), (val)) | 514 | #define sk_CONF_IMODULE_find(st, val) SKM_sk_find(CONF_IMODULE, (st), (val)) |
| 515 | #define sk_CONF_IMODULE_find_ex(st, val) SKM_sk_find_ex(CONF_IMODULE, (st), (val)) | ||
| 392 | #define sk_CONF_IMODULE_delete(st, i) SKM_sk_delete(CONF_IMODULE, (st), (i)) | 516 | #define sk_CONF_IMODULE_delete(st, i) SKM_sk_delete(CONF_IMODULE, (st), (i)) |
| 393 | #define sk_CONF_IMODULE_delete_ptr(st, ptr) SKM_sk_delete_ptr(CONF_IMODULE, (st), (ptr)) | 517 | #define sk_CONF_IMODULE_delete_ptr(st, ptr) SKM_sk_delete_ptr(CONF_IMODULE, (st), (ptr)) |
| 394 | #define sk_CONF_IMODULE_insert(st, val, i) SKM_sk_insert(CONF_IMODULE, (st), (val), (i)) | 518 | #define sk_CONF_IMODULE_insert(st, val, i) SKM_sk_insert(CONF_IMODULE, (st), (val), (i)) |
| @@ -410,6 +534,7 @@ STACK_OF(type) \ | |||
| 410 | #define sk_CONF_MODULE_push(st, val) SKM_sk_push(CONF_MODULE, (st), (val)) | 534 | #define sk_CONF_MODULE_push(st, val) SKM_sk_push(CONF_MODULE, (st), (val)) |
| 411 | #define sk_CONF_MODULE_unshift(st, val) SKM_sk_unshift(CONF_MODULE, (st), (val)) | 535 | #define sk_CONF_MODULE_unshift(st, val) SKM_sk_unshift(CONF_MODULE, (st), (val)) |
| 412 | #define sk_CONF_MODULE_find(st, val) SKM_sk_find(CONF_MODULE, (st), (val)) | 536 | #define sk_CONF_MODULE_find(st, val) SKM_sk_find(CONF_MODULE, (st), (val)) |
| 537 | #define sk_CONF_MODULE_find_ex(st, val) SKM_sk_find_ex(CONF_MODULE, (st), (val)) | ||
| 413 | #define sk_CONF_MODULE_delete(st, i) SKM_sk_delete(CONF_MODULE, (st), (i)) | 538 | #define sk_CONF_MODULE_delete(st, i) SKM_sk_delete(CONF_MODULE, (st), (i)) |
| 414 | #define sk_CONF_MODULE_delete_ptr(st, ptr) SKM_sk_delete_ptr(CONF_MODULE, (st), (ptr)) | 539 | #define sk_CONF_MODULE_delete_ptr(st, ptr) SKM_sk_delete_ptr(CONF_MODULE, (st), (ptr)) |
| 415 | #define sk_CONF_MODULE_insert(st, val, i) SKM_sk_insert(CONF_MODULE, (st), (val), (i)) | 540 | #define sk_CONF_MODULE_insert(st, val, i) SKM_sk_insert(CONF_MODULE, (st), (val), (i)) |
| @@ -431,6 +556,7 @@ STACK_OF(type) \ | |||
| 431 | #define sk_CONF_VALUE_push(st, val) SKM_sk_push(CONF_VALUE, (st), (val)) | 556 | #define sk_CONF_VALUE_push(st, val) SKM_sk_push(CONF_VALUE, (st), (val)) |
| 432 | #define sk_CONF_VALUE_unshift(st, val) SKM_sk_unshift(CONF_VALUE, (st), (val)) | 557 | #define sk_CONF_VALUE_unshift(st, val) SKM_sk_unshift(CONF_VALUE, (st), (val)) |
| 433 | #define sk_CONF_VALUE_find(st, val) SKM_sk_find(CONF_VALUE, (st), (val)) | 558 | #define sk_CONF_VALUE_find(st, val) SKM_sk_find(CONF_VALUE, (st), (val)) |
| 559 | #define sk_CONF_VALUE_find_ex(st, val) SKM_sk_find_ex(CONF_VALUE, (st), (val)) | ||
| 434 | #define sk_CONF_VALUE_delete(st, i) SKM_sk_delete(CONF_VALUE, (st), (i)) | 560 | #define sk_CONF_VALUE_delete(st, i) SKM_sk_delete(CONF_VALUE, (st), (i)) |
| 435 | #define sk_CONF_VALUE_delete_ptr(st, ptr) SKM_sk_delete_ptr(CONF_VALUE, (st), (ptr)) | 561 | #define sk_CONF_VALUE_delete_ptr(st, ptr) SKM_sk_delete_ptr(CONF_VALUE, (st), (ptr)) |
| 436 | #define sk_CONF_VALUE_insert(st, val, i) SKM_sk_insert(CONF_VALUE, (st), (val), (i)) | 562 | #define sk_CONF_VALUE_insert(st, val, i) SKM_sk_insert(CONF_VALUE, (st), (val), (i)) |
| @@ -452,6 +578,7 @@ STACK_OF(type) \ | |||
| 452 | #define sk_CRYPTO_EX_DATA_FUNCS_push(st, val) SKM_sk_push(CRYPTO_EX_DATA_FUNCS, (st), (val)) | 578 | #define sk_CRYPTO_EX_DATA_FUNCS_push(st, val) SKM_sk_push(CRYPTO_EX_DATA_FUNCS, (st), (val)) |
| 453 | #define sk_CRYPTO_EX_DATA_FUNCS_unshift(st, val) SKM_sk_unshift(CRYPTO_EX_DATA_FUNCS, (st), (val)) | 579 | #define sk_CRYPTO_EX_DATA_FUNCS_unshift(st, val) SKM_sk_unshift(CRYPTO_EX_DATA_FUNCS, (st), (val)) |
| 454 | #define sk_CRYPTO_EX_DATA_FUNCS_find(st, val) SKM_sk_find(CRYPTO_EX_DATA_FUNCS, (st), (val)) | 580 | #define sk_CRYPTO_EX_DATA_FUNCS_find(st, val) SKM_sk_find(CRYPTO_EX_DATA_FUNCS, (st), (val)) |
| 581 | #define sk_CRYPTO_EX_DATA_FUNCS_find_ex(st, val) SKM_sk_find_ex(CRYPTO_EX_DATA_FUNCS, (st), (val)) | ||
| 455 | #define sk_CRYPTO_EX_DATA_FUNCS_delete(st, i) SKM_sk_delete(CRYPTO_EX_DATA_FUNCS, (st), (i)) | 582 | #define sk_CRYPTO_EX_DATA_FUNCS_delete(st, i) SKM_sk_delete(CRYPTO_EX_DATA_FUNCS, (st), (i)) |
| 456 | #define sk_CRYPTO_EX_DATA_FUNCS_delete_ptr(st, ptr) SKM_sk_delete_ptr(CRYPTO_EX_DATA_FUNCS, (st), (ptr)) | 583 | #define sk_CRYPTO_EX_DATA_FUNCS_delete_ptr(st, ptr) SKM_sk_delete_ptr(CRYPTO_EX_DATA_FUNCS, (st), (ptr)) |
| 457 | #define sk_CRYPTO_EX_DATA_FUNCS_insert(st, val, i) SKM_sk_insert(CRYPTO_EX_DATA_FUNCS, (st), (val), (i)) | 584 | #define sk_CRYPTO_EX_DATA_FUNCS_insert(st, val, i) SKM_sk_insert(CRYPTO_EX_DATA_FUNCS, (st), (val), (i)) |
| @@ -473,6 +600,7 @@ STACK_OF(type) \ | |||
| 473 | #define sk_CRYPTO_dynlock_push(st, val) SKM_sk_push(CRYPTO_dynlock, (st), (val)) | 600 | #define sk_CRYPTO_dynlock_push(st, val) SKM_sk_push(CRYPTO_dynlock, (st), (val)) |
| 474 | #define sk_CRYPTO_dynlock_unshift(st, val) SKM_sk_unshift(CRYPTO_dynlock, (st), (val)) | 601 | #define sk_CRYPTO_dynlock_unshift(st, val) SKM_sk_unshift(CRYPTO_dynlock, (st), (val)) |
| 475 | #define sk_CRYPTO_dynlock_find(st, val) SKM_sk_find(CRYPTO_dynlock, (st), (val)) | 602 | #define sk_CRYPTO_dynlock_find(st, val) SKM_sk_find(CRYPTO_dynlock, (st), (val)) |
| 603 | #define sk_CRYPTO_dynlock_find_ex(st, val) SKM_sk_find_ex(CRYPTO_dynlock, (st), (val)) | ||
| 476 | #define sk_CRYPTO_dynlock_delete(st, i) SKM_sk_delete(CRYPTO_dynlock, (st), (i)) | 604 | #define sk_CRYPTO_dynlock_delete(st, i) SKM_sk_delete(CRYPTO_dynlock, (st), (i)) |
| 477 | #define sk_CRYPTO_dynlock_delete_ptr(st, ptr) SKM_sk_delete_ptr(CRYPTO_dynlock, (st), (ptr)) | 605 | #define sk_CRYPTO_dynlock_delete_ptr(st, ptr) SKM_sk_delete_ptr(CRYPTO_dynlock, (st), (ptr)) |
| 478 | #define sk_CRYPTO_dynlock_insert(st, val, i) SKM_sk_insert(CRYPTO_dynlock, (st), (val), (i)) | 606 | #define sk_CRYPTO_dynlock_insert(st, val, i) SKM_sk_insert(CRYPTO_dynlock, (st), (val), (i)) |
| @@ -494,6 +622,7 @@ STACK_OF(type) \ | |||
| 494 | #define sk_DIST_POINT_push(st, val) SKM_sk_push(DIST_POINT, (st), (val)) | 622 | #define sk_DIST_POINT_push(st, val) SKM_sk_push(DIST_POINT, (st), (val)) |
| 495 | #define sk_DIST_POINT_unshift(st, val) SKM_sk_unshift(DIST_POINT, (st), (val)) | 623 | #define sk_DIST_POINT_unshift(st, val) SKM_sk_unshift(DIST_POINT, (st), (val)) |
| 496 | #define sk_DIST_POINT_find(st, val) SKM_sk_find(DIST_POINT, (st), (val)) | 624 | #define sk_DIST_POINT_find(st, val) SKM_sk_find(DIST_POINT, (st), (val)) |
| 625 | #define sk_DIST_POINT_find_ex(st, val) SKM_sk_find_ex(DIST_POINT, (st), (val)) | ||
| 497 | #define sk_DIST_POINT_delete(st, i) SKM_sk_delete(DIST_POINT, (st), (i)) | 626 | #define sk_DIST_POINT_delete(st, i) SKM_sk_delete(DIST_POINT, (st), (i)) |
| 498 | #define sk_DIST_POINT_delete_ptr(st, ptr) SKM_sk_delete_ptr(DIST_POINT, (st), (ptr)) | 627 | #define sk_DIST_POINT_delete_ptr(st, ptr) SKM_sk_delete_ptr(DIST_POINT, (st), (ptr)) |
| 499 | #define sk_DIST_POINT_insert(st, val, i) SKM_sk_insert(DIST_POINT, (st), (val), (i)) | 628 | #define sk_DIST_POINT_insert(st, val, i) SKM_sk_insert(DIST_POINT, (st), (val), (i)) |
| @@ -515,6 +644,7 @@ STACK_OF(type) \ | |||
| 515 | #define sk_ENGINE_push(st, val) SKM_sk_push(ENGINE, (st), (val)) | 644 | #define sk_ENGINE_push(st, val) SKM_sk_push(ENGINE, (st), (val)) |
| 516 | #define sk_ENGINE_unshift(st, val) SKM_sk_unshift(ENGINE, (st), (val)) | 645 | #define sk_ENGINE_unshift(st, val) SKM_sk_unshift(ENGINE, (st), (val)) |
| 517 | #define sk_ENGINE_find(st, val) SKM_sk_find(ENGINE, (st), (val)) | 646 | #define sk_ENGINE_find(st, val) SKM_sk_find(ENGINE, (st), (val)) |
| 647 | #define sk_ENGINE_find_ex(st, val) SKM_sk_find_ex(ENGINE, (st), (val)) | ||
| 518 | #define sk_ENGINE_delete(st, i) SKM_sk_delete(ENGINE, (st), (i)) | 648 | #define sk_ENGINE_delete(st, i) SKM_sk_delete(ENGINE, (st), (i)) |
| 519 | #define sk_ENGINE_delete_ptr(st, ptr) SKM_sk_delete_ptr(ENGINE, (st), (ptr)) | 649 | #define sk_ENGINE_delete_ptr(st, ptr) SKM_sk_delete_ptr(ENGINE, (st), (ptr)) |
| 520 | #define sk_ENGINE_insert(st, val, i) SKM_sk_insert(ENGINE, (st), (val), (i)) | 650 | #define sk_ENGINE_insert(st, val, i) SKM_sk_insert(ENGINE, (st), (val), (i)) |
| @@ -536,6 +666,7 @@ STACK_OF(type) \ | |||
| 536 | #define sk_ENGINE_CLEANUP_ITEM_push(st, val) SKM_sk_push(ENGINE_CLEANUP_ITEM, (st), (val)) | 666 | #define sk_ENGINE_CLEANUP_ITEM_push(st, val) SKM_sk_push(ENGINE_CLEANUP_ITEM, (st), (val)) |
| 537 | #define sk_ENGINE_CLEANUP_ITEM_unshift(st, val) SKM_sk_unshift(ENGINE_CLEANUP_ITEM, (st), (val)) | 667 | #define sk_ENGINE_CLEANUP_ITEM_unshift(st, val) SKM_sk_unshift(ENGINE_CLEANUP_ITEM, (st), (val)) |
| 538 | #define sk_ENGINE_CLEANUP_ITEM_find(st, val) SKM_sk_find(ENGINE_CLEANUP_ITEM, (st), (val)) | 668 | #define sk_ENGINE_CLEANUP_ITEM_find(st, val) SKM_sk_find(ENGINE_CLEANUP_ITEM, (st), (val)) |
| 669 | #define sk_ENGINE_CLEANUP_ITEM_find_ex(st, val) SKM_sk_find_ex(ENGINE_CLEANUP_ITEM, (st), (val)) | ||
| 539 | #define sk_ENGINE_CLEANUP_ITEM_delete(st, i) SKM_sk_delete(ENGINE_CLEANUP_ITEM, (st), (i)) | 670 | #define sk_ENGINE_CLEANUP_ITEM_delete(st, i) SKM_sk_delete(ENGINE_CLEANUP_ITEM, (st), (i)) |
| 540 | #define sk_ENGINE_CLEANUP_ITEM_delete_ptr(st, ptr) SKM_sk_delete_ptr(ENGINE_CLEANUP_ITEM, (st), (ptr)) | 671 | #define sk_ENGINE_CLEANUP_ITEM_delete_ptr(st, ptr) SKM_sk_delete_ptr(ENGINE_CLEANUP_ITEM, (st), (ptr)) |
| 541 | #define sk_ENGINE_CLEANUP_ITEM_insert(st, val, i) SKM_sk_insert(ENGINE_CLEANUP_ITEM, (st), (val), (i)) | 672 | #define sk_ENGINE_CLEANUP_ITEM_insert(st, val, i) SKM_sk_insert(ENGINE_CLEANUP_ITEM, (st), (val), (i)) |
| @@ -557,6 +688,7 @@ STACK_OF(type) \ | |||
| 557 | #define sk_GENERAL_NAME_push(st, val) SKM_sk_push(GENERAL_NAME, (st), (val)) | 688 | #define sk_GENERAL_NAME_push(st, val) SKM_sk_push(GENERAL_NAME, (st), (val)) |
| 558 | #define sk_GENERAL_NAME_unshift(st, val) SKM_sk_unshift(GENERAL_NAME, (st), (val)) | 689 | #define sk_GENERAL_NAME_unshift(st, val) SKM_sk_unshift(GENERAL_NAME, (st), (val)) |
| 559 | #define sk_GENERAL_NAME_find(st, val) SKM_sk_find(GENERAL_NAME, (st), (val)) | 690 | #define sk_GENERAL_NAME_find(st, val) SKM_sk_find(GENERAL_NAME, (st), (val)) |
| 691 | #define sk_GENERAL_NAME_find_ex(st, val) SKM_sk_find_ex(GENERAL_NAME, (st), (val)) | ||
| 560 | #define sk_GENERAL_NAME_delete(st, i) SKM_sk_delete(GENERAL_NAME, (st), (i)) | 692 | #define sk_GENERAL_NAME_delete(st, i) SKM_sk_delete(GENERAL_NAME, (st), (i)) |
| 561 | #define sk_GENERAL_NAME_delete_ptr(st, ptr) SKM_sk_delete_ptr(GENERAL_NAME, (st), (ptr)) | 693 | #define sk_GENERAL_NAME_delete_ptr(st, ptr) SKM_sk_delete_ptr(GENERAL_NAME, (st), (ptr)) |
| 562 | #define sk_GENERAL_NAME_insert(st, val, i) SKM_sk_insert(GENERAL_NAME, (st), (val), (i)) | 694 | #define sk_GENERAL_NAME_insert(st, val, i) SKM_sk_insert(GENERAL_NAME, (st), (val), (i)) |
| @@ -568,6 +700,94 @@ STACK_OF(type) \ | |||
| 568 | #define sk_GENERAL_NAME_sort(st) SKM_sk_sort(GENERAL_NAME, (st)) | 700 | #define sk_GENERAL_NAME_sort(st) SKM_sk_sort(GENERAL_NAME, (st)) |
| 569 | #define sk_GENERAL_NAME_is_sorted(st) SKM_sk_is_sorted(GENERAL_NAME, (st)) | 701 | #define sk_GENERAL_NAME_is_sorted(st) SKM_sk_is_sorted(GENERAL_NAME, (st)) |
| 570 | 702 | ||
| 703 | #define sk_GENERAL_NAMES_new(st) SKM_sk_new(GENERAL_NAMES, (st)) | ||
| 704 | #define sk_GENERAL_NAMES_new_null() SKM_sk_new_null(GENERAL_NAMES) | ||
| 705 | #define sk_GENERAL_NAMES_free(st) SKM_sk_free(GENERAL_NAMES, (st)) | ||
| 706 | #define sk_GENERAL_NAMES_num(st) SKM_sk_num(GENERAL_NAMES, (st)) | ||
| 707 | #define sk_GENERAL_NAMES_value(st, i) SKM_sk_value(GENERAL_NAMES, (st), (i)) | ||
| 708 | #define sk_GENERAL_NAMES_set(st, i, val) SKM_sk_set(GENERAL_NAMES, (st), (i), (val)) | ||
| 709 | #define sk_GENERAL_NAMES_zero(st) SKM_sk_zero(GENERAL_NAMES, (st)) | ||
| 710 | #define sk_GENERAL_NAMES_push(st, val) SKM_sk_push(GENERAL_NAMES, (st), (val)) | ||
| 711 | #define sk_GENERAL_NAMES_unshift(st, val) SKM_sk_unshift(GENERAL_NAMES, (st), (val)) | ||
| 712 | #define sk_GENERAL_NAMES_find(st, val) SKM_sk_find(GENERAL_NAMES, (st), (val)) | ||
| 713 | #define sk_GENERAL_NAMES_find_ex(st, val) SKM_sk_find_ex(GENERAL_NAMES, (st), (val)) | ||
| 714 | #define sk_GENERAL_NAMES_delete(st, i) SKM_sk_delete(GENERAL_NAMES, (st), (i)) | ||
| 715 | #define sk_GENERAL_NAMES_delete_ptr(st, ptr) SKM_sk_delete_ptr(GENERAL_NAMES, (st), (ptr)) | ||
| 716 | #define sk_GENERAL_NAMES_insert(st, val, i) SKM_sk_insert(GENERAL_NAMES, (st), (val), (i)) | ||
| 717 | #define sk_GENERAL_NAMES_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(GENERAL_NAMES, (st), (cmp)) | ||
| 718 | #define sk_GENERAL_NAMES_dup(st) SKM_sk_dup(GENERAL_NAMES, st) | ||
| 719 | #define sk_GENERAL_NAMES_pop_free(st, free_func) SKM_sk_pop_free(GENERAL_NAMES, (st), (free_func)) | ||
| 720 | #define sk_GENERAL_NAMES_shift(st) SKM_sk_shift(GENERAL_NAMES, (st)) | ||
| 721 | #define sk_GENERAL_NAMES_pop(st) SKM_sk_pop(GENERAL_NAMES, (st)) | ||
| 722 | #define sk_GENERAL_NAMES_sort(st) SKM_sk_sort(GENERAL_NAMES, (st)) | ||
| 723 | #define sk_GENERAL_NAMES_is_sorted(st) SKM_sk_is_sorted(GENERAL_NAMES, (st)) | ||
| 724 | |||
| 725 | #define sk_GENERAL_SUBTREE_new(st) SKM_sk_new(GENERAL_SUBTREE, (st)) | ||
| 726 | #define sk_GENERAL_SUBTREE_new_null() SKM_sk_new_null(GENERAL_SUBTREE) | ||
| 727 | #define sk_GENERAL_SUBTREE_free(st) SKM_sk_free(GENERAL_SUBTREE, (st)) | ||
| 728 | #define sk_GENERAL_SUBTREE_num(st) SKM_sk_num(GENERAL_SUBTREE, (st)) | ||
| 729 | #define sk_GENERAL_SUBTREE_value(st, i) SKM_sk_value(GENERAL_SUBTREE, (st), (i)) | ||
| 730 | #define sk_GENERAL_SUBTREE_set(st, i, val) SKM_sk_set(GENERAL_SUBTREE, (st), (i), (val)) | ||
| 731 | #define sk_GENERAL_SUBTREE_zero(st) SKM_sk_zero(GENERAL_SUBTREE, (st)) | ||
| 732 | #define sk_GENERAL_SUBTREE_push(st, val) SKM_sk_push(GENERAL_SUBTREE, (st), (val)) | ||
| 733 | #define sk_GENERAL_SUBTREE_unshift(st, val) SKM_sk_unshift(GENERAL_SUBTREE, (st), (val)) | ||
| 734 | #define sk_GENERAL_SUBTREE_find(st, val) SKM_sk_find(GENERAL_SUBTREE, (st), (val)) | ||
| 735 | #define sk_GENERAL_SUBTREE_find_ex(st, val) SKM_sk_find_ex(GENERAL_SUBTREE, (st), (val)) | ||
| 736 | #define sk_GENERAL_SUBTREE_delete(st, i) SKM_sk_delete(GENERAL_SUBTREE, (st), (i)) | ||
| 737 | #define sk_GENERAL_SUBTREE_delete_ptr(st, ptr) SKM_sk_delete_ptr(GENERAL_SUBTREE, (st), (ptr)) | ||
| 738 | #define sk_GENERAL_SUBTREE_insert(st, val, i) SKM_sk_insert(GENERAL_SUBTREE, (st), (val), (i)) | ||
| 739 | #define sk_GENERAL_SUBTREE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(GENERAL_SUBTREE, (st), (cmp)) | ||
| 740 | #define sk_GENERAL_SUBTREE_dup(st) SKM_sk_dup(GENERAL_SUBTREE, st) | ||
| 741 | #define sk_GENERAL_SUBTREE_pop_free(st, free_func) SKM_sk_pop_free(GENERAL_SUBTREE, (st), (free_func)) | ||
| 742 | #define sk_GENERAL_SUBTREE_shift(st) SKM_sk_shift(GENERAL_SUBTREE, (st)) | ||
| 743 | #define sk_GENERAL_SUBTREE_pop(st) SKM_sk_pop(GENERAL_SUBTREE, (st)) | ||
| 744 | #define sk_GENERAL_SUBTREE_sort(st) SKM_sk_sort(GENERAL_SUBTREE, (st)) | ||
| 745 | #define sk_GENERAL_SUBTREE_is_sorted(st) SKM_sk_is_sorted(GENERAL_SUBTREE, (st)) | ||
| 746 | |||
| 747 | #define sk_IPAddressFamily_new(st) SKM_sk_new(IPAddressFamily, (st)) | ||
| 748 | #define sk_IPAddressFamily_new_null() SKM_sk_new_null(IPAddressFamily) | ||
| 749 | #define sk_IPAddressFamily_free(st) SKM_sk_free(IPAddressFamily, (st)) | ||
| 750 | #define sk_IPAddressFamily_num(st) SKM_sk_num(IPAddressFamily, (st)) | ||
| 751 | #define sk_IPAddressFamily_value(st, i) SKM_sk_value(IPAddressFamily, (st), (i)) | ||
| 752 | #define sk_IPAddressFamily_set(st, i, val) SKM_sk_set(IPAddressFamily, (st), (i), (val)) | ||
| 753 | #define sk_IPAddressFamily_zero(st) SKM_sk_zero(IPAddressFamily, (st)) | ||
| 754 | #define sk_IPAddressFamily_push(st, val) SKM_sk_push(IPAddressFamily, (st), (val)) | ||
| 755 | #define sk_IPAddressFamily_unshift(st, val) SKM_sk_unshift(IPAddressFamily, (st), (val)) | ||
| 756 | #define sk_IPAddressFamily_find(st, val) SKM_sk_find(IPAddressFamily, (st), (val)) | ||
| 757 | #define sk_IPAddressFamily_find_ex(st, val) SKM_sk_find_ex(IPAddressFamily, (st), (val)) | ||
| 758 | #define sk_IPAddressFamily_delete(st, i) SKM_sk_delete(IPAddressFamily, (st), (i)) | ||
| 759 | #define sk_IPAddressFamily_delete_ptr(st, ptr) SKM_sk_delete_ptr(IPAddressFamily, (st), (ptr)) | ||
| 760 | #define sk_IPAddressFamily_insert(st, val, i) SKM_sk_insert(IPAddressFamily, (st), (val), (i)) | ||
| 761 | #define sk_IPAddressFamily_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(IPAddressFamily, (st), (cmp)) | ||
| 762 | #define sk_IPAddressFamily_dup(st) SKM_sk_dup(IPAddressFamily, st) | ||
| 763 | #define sk_IPAddressFamily_pop_free(st, free_func) SKM_sk_pop_free(IPAddressFamily, (st), (free_func)) | ||
| 764 | #define sk_IPAddressFamily_shift(st) SKM_sk_shift(IPAddressFamily, (st)) | ||
| 765 | #define sk_IPAddressFamily_pop(st) SKM_sk_pop(IPAddressFamily, (st)) | ||
| 766 | #define sk_IPAddressFamily_sort(st) SKM_sk_sort(IPAddressFamily, (st)) | ||
| 767 | #define sk_IPAddressFamily_is_sorted(st) SKM_sk_is_sorted(IPAddressFamily, (st)) | ||
| 768 | |||
| 769 | #define sk_IPAddressOrRange_new(st) SKM_sk_new(IPAddressOrRange, (st)) | ||
| 770 | #define sk_IPAddressOrRange_new_null() SKM_sk_new_null(IPAddressOrRange) | ||
| 771 | #define sk_IPAddressOrRange_free(st) SKM_sk_free(IPAddressOrRange, (st)) | ||
| 772 | #define sk_IPAddressOrRange_num(st) SKM_sk_num(IPAddressOrRange, (st)) | ||
| 773 | #define sk_IPAddressOrRange_value(st, i) SKM_sk_value(IPAddressOrRange, (st), (i)) | ||
| 774 | #define sk_IPAddressOrRange_set(st, i, val) SKM_sk_set(IPAddressOrRange, (st), (i), (val)) | ||
| 775 | #define sk_IPAddressOrRange_zero(st) SKM_sk_zero(IPAddressOrRange, (st)) | ||
| 776 | #define sk_IPAddressOrRange_push(st, val) SKM_sk_push(IPAddressOrRange, (st), (val)) | ||
| 777 | #define sk_IPAddressOrRange_unshift(st, val) SKM_sk_unshift(IPAddressOrRange, (st), (val)) | ||
| 778 | #define sk_IPAddressOrRange_find(st, val) SKM_sk_find(IPAddressOrRange, (st), (val)) | ||
| 779 | #define sk_IPAddressOrRange_find_ex(st, val) SKM_sk_find_ex(IPAddressOrRange, (st), (val)) | ||
| 780 | #define sk_IPAddressOrRange_delete(st, i) SKM_sk_delete(IPAddressOrRange, (st), (i)) | ||
| 781 | #define sk_IPAddressOrRange_delete_ptr(st, ptr) SKM_sk_delete_ptr(IPAddressOrRange, (st), (ptr)) | ||
| 782 | #define sk_IPAddressOrRange_insert(st, val, i) SKM_sk_insert(IPAddressOrRange, (st), (val), (i)) | ||
| 783 | #define sk_IPAddressOrRange_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(IPAddressOrRange, (st), (cmp)) | ||
| 784 | #define sk_IPAddressOrRange_dup(st) SKM_sk_dup(IPAddressOrRange, st) | ||
| 785 | #define sk_IPAddressOrRange_pop_free(st, free_func) SKM_sk_pop_free(IPAddressOrRange, (st), (free_func)) | ||
| 786 | #define sk_IPAddressOrRange_shift(st) SKM_sk_shift(IPAddressOrRange, (st)) | ||
| 787 | #define sk_IPAddressOrRange_pop(st) SKM_sk_pop(IPAddressOrRange, (st)) | ||
| 788 | #define sk_IPAddressOrRange_sort(st) SKM_sk_sort(IPAddressOrRange, (st)) | ||
| 789 | #define sk_IPAddressOrRange_is_sorted(st) SKM_sk_is_sorted(IPAddressOrRange, (st)) | ||
| 790 | |||
| 571 | #define sk_KRB5_APREQBODY_new(st) SKM_sk_new(KRB5_APREQBODY, (st)) | 791 | #define sk_KRB5_APREQBODY_new(st) SKM_sk_new(KRB5_APREQBODY, (st)) |
| 572 | #define sk_KRB5_APREQBODY_new_null() SKM_sk_new_null(KRB5_APREQBODY) | 792 | #define sk_KRB5_APREQBODY_new_null() SKM_sk_new_null(KRB5_APREQBODY) |
| 573 | #define sk_KRB5_APREQBODY_free(st) SKM_sk_free(KRB5_APREQBODY, (st)) | 793 | #define sk_KRB5_APREQBODY_free(st) SKM_sk_free(KRB5_APREQBODY, (st)) |
| @@ -578,6 +798,7 @@ STACK_OF(type) \ | |||
| 578 | #define sk_KRB5_APREQBODY_push(st, val) SKM_sk_push(KRB5_APREQBODY, (st), (val)) | 798 | #define sk_KRB5_APREQBODY_push(st, val) SKM_sk_push(KRB5_APREQBODY, (st), (val)) |
| 579 | #define sk_KRB5_APREQBODY_unshift(st, val) SKM_sk_unshift(KRB5_APREQBODY, (st), (val)) | 799 | #define sk_KRB5_APREQBODY_unshift(st, val) SKM_sk_unshift(KRB5_APREQBODY, (st), (val)) |
| 580 | #define sk_KRB5_APREQBODY_find(st, val) SKM_sk_find(KRB5_APREQBODY, (st), (val)) | 800 | #define sk_KRB5_APREQBODY_find(st, val) SKM_sk_find(KRB5_APREQBODY, (st), (val)) |
| 801 | #define sk_KRB5_APREQBODY_find_ex(st, val) SKM_sk_find_ex(KRB5_APREQBODY, (st), (val)) | ||
| 581 | #define sk_KRB5_APREQBODY_delete(st, i) SKM_sk_delete(KRB5_APREQBODY, (st), (i)) | 802 | #define sk_KRB5_APREQBODY_delete(st, i) SKM_sk_delete(KRB5_APREQBODY, (st), (i)) |
| 582 | #define sk_KRB5_APREQBODY_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_APREQBODY, (st), (ptr)) | 803 | #define sk_KRB5_APREQBODY_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_APREQBODY, (st), (ptr)) |
| 583 | #define sk_KRB5_APREQBODY_insert(st, val, i) SKM_sk_insert(KRB5_APREQBODY, (st), (val), (i)) | 804 | #define sk_KRB5_APREQBODY_insert(st, val, i) SKM_sk_insert(KRB5_APREQBODY, (st), (val), (i)) |
| @@ -599,6 +820,7 @@ STACK_OF(type) \ | |||
| 599 | #define sk_KRB5_AUTHDATA_push(st, val) SKM_sk_push(KRB5_AUTHDATA, (st), (val)) | 820 | #define sk_KRB5_AUTHDATA_push(st, val) SKM_sk_push(KRB5_AUTHDATA, (st), (val)) |
| 600 | #define sk_KRB5_AUTHDATA_unshift(st, val) SKM_sk_unshift(KRB5_AUTHDATA, (st), (val)) | 821 | #define sk_KRB5_AUTHDATA_unshift(st, val) SKM_sk_unshift(KRB5_AUTHDATA, (st), (val)) |
| 601 | #define sk_KRB5_AUTHDATA_find(st, val) SKM_sk_find(KRB5_AUTHDATA, (st), (val)) | 822 | #define sk_KRB5_AUTHDATA_find(st, val) SKM_sk_find(KRB5_AUTHDATA, (st), (val)) |
| 823 | #define sk_KRB5_AUTHDATA_find_ex(st, val) SKM_sk_find_ex(KRB5_AUTHDATA, (st), (val)) | ||
| 602 | #define sk_KRB5_AUTHDATA_delete(st, i) SKM_sk_delete(KRB5_AUTHDATA, (st), (i)) | 824 | #define sk_KRB5_AUTHDATA_delete(st, i) SKM_sk_delete(KRB5_AUTHDATA, (st), (i)) |
| 603 | #define sk_KRB5_AUTHDATA_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_AUTHDATA, (st), (ptr)) | 825 | #define sk_KRB5_AUTHDATA_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_AUTHDATA, (st), (ptr)) |
| 604 | #define sk_KRB5_AUTHDATA_insert(st, val, i) SKM_sk_insert(KRB5_AUTHDATA, (st), (val), (i)) | 826 | #define sk_KRB5_AUTHDATA_insert(st, val, i) SKM_sk_insert(KRB5_AUTHDATA, (st), (val), (i)) |
| @@ -620,6 +842,7 @@ STACK_OF(type) \ | |||
| 620 | #define sk_KRB5_AUTHENTBODY_push(st, val) SKM_sk_push(KRB5_AUTHENTBODY, (st), (val)) | 842 | #define sk_KRB5_AUTHENTBODY_push(st, val) SKM_sk_push(KRB5_AUTHENTBODY, (st), (val)) |
| 621 | #define sk_KRB5_AUTHENTBODY_unshift(st, val) SKM_sk_unshift(KRB5_AUTHENTBODY, (st), (val)) | 843 | #define sk_KRB5_AUTHENTBODY_unshift(st, val) SKM_sk_unshift(KRB5_AUTHENTBODY, (st), (val)) |
| 622 | #define sk_KRB5_AUTHENTBODY_find(st, val) SKM_sk_find(KRB5_AUTHENTBODY, (st), (val)) | 844 | #define sk_KRB5_AUTHENTBODY_find(st, val) SKM_sk_find(KRB5_AUTHENTBODY, (st), (val)) |
| 845 | #define sk_KRB5_AUTHENTBODY_find_ex(st, val) SKM_sk_find_ex(KRB5_AUTHENTBODY, (st), (val)) | ||
| 623 | #define sk_KRB5_AUTHENTBODY_delete(st, i) SKM_sk_delete(KRB5_AUTHENTBODY, (st), (i)) | 846 | #define sk_KRB5_AUTHENTBODY_delete(st, i) SKM_sk_delete(KRB5_AUTHENTBODY, (st), (i)) |
| 624 | #define sk_KRB5_AUTHENTBODY_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_AUTHENTBODY, (st), (ptr)) | 847 | #define sk_KRB5_AUTHENTBODY_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_AUTHENTBODY, (st), (ptr)) |
| 625 | #define sk_KRB5_AUTHENTBODY_insert(st, val, i) SKM_sk_insert(KRB5_AUTHENTBODY, (st), (val), (i)) | 848 | #define sk_KRB5_AUTHENTBODY_insert(st, val, i) SKM_sk_insert(KRB5_AUTHENTBODY, (st), (val), (i)) |
| @@ -641,6 +864,7 @@ STACK_OF(type) \ | |||
| 641 | #define sk_KRB5_CHECKSUM_push(st, val) SKM_sk_push(KRB5_CHECKSUM, (st), (val)) | 864 | #define sk_KRB5_CHECKSUM_push(st, val) SKM_sk_push(KRB5_CHECKSUM, (st), (val)) |
| 642 | #define sk_KRB5_CHECKSUM_unshift(st, val) SKM_sk_unshift(KRB5_CHECKSUM, (st), (val)) | 865 | #define sk_KRB5_CHECKSUM_unshift(st, val) SKM_sk_unshift(KRB5_CHECKSUM, (st), (val)) |
| 643 | #define sk_KRB5_CHECKSUM_find(st, val) SKM_sk_find(KRB5_CHECKSUM, (st), (val)) | 866 | #define sk_KRB5_CHECKSUM_find(st, val) SKM_sk_find(KRB5_CHECKSUM, (st), (val)) |
| 867 | #define sk_KRB5_CHECKSUM_find_ex(st, val) SKM_sk_find_ex(KRB5_CHECKSUM, (st), (val)) | ||
| 644 | #define sk_KRB5_CHECKSUM_delete(st, i) SKM_sk_delete(KRB5_CHECKSUM, (st), (i)) | 868 | #define sk_KRB5_CHECKSUM_delete(st, i) SKM_sk_delete(KRB5_CHECKSUM, (st), (i)) |
| 645 | #define sk_KRB5_CHECKSUM_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_CHECKSUM, (st), (ptr)) | 869 | #define sk_KRB5_CHECKSUM_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_CHECKSUM, (st), (ptr)) |
| 646 | #define sk_KRB5_CHECKSUM_insert(st, val, i) SKM_sk_insert(KRB5_CHECKSUM, (st), (val), (i)) | 870 | #define sk_KRB5_CHECKSUM_insert(st, val, i) SKM_sk_insert(KRB5_CHECKSUM, (st), (val), (i)) |
| @@ -662,6 +886,7 @@ STACK_OF(type) \ | |||
| 662 | #define sk_KRB5_ENCDATA_push(st, val) SKM_sk_push(KRB5_ENCDATA, (st), (val)) | 886 | #define sk_KRB5_ENCDATA_push(st, val) SKM_sk_push(KRB5_ENCDATA, (st), (val)) |
| 663 | #define sk_KRB5_ENCDATA_unshift(st, val) SKM_sk_unshift(KRB5_ENCDATA, (st), (val)) | 887 | #define sk_KRB5_ENCDATA_unshift(st, val) SKM_sk_unshift(KRB5_ENCDATA, (st), (val)) |
| 664 | #define sk_KRB5_ENCDATA_find(st, val) SKM_sk_find(KRB5_ENCDATA, (st), (val)) | 888 | #define sk_KRB5_ENCDATA_find(st, val) SKM_sk_find(KRB5_ENCDATA, (st), (val)) |
| 889 | #define sk_KRB5_ENCDATA_find_ex(st, val) SKM_sk_find_ex(KRB5_ENCDATA, (st), (val)) | ||
| 665 | #define sk_KRB5_ENCDATA_delete(st, i) SKM_sk_delete(KRB5_ENCDATA, (st), (i)) | 890 | #define sk_KRB5_ENCDATA_delete(st, i) SKM_sk_delete(KRB5_ENCDATA, (st), (i)) |
| 666 | #define sk_KRB5_ENCDATA_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_ENCDATA, (st), (ptr)) | 891 | #define sk_KRB5_ENCDATA_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_ENCDATA, (st), (ptr)) |
| 667 | #define sk_KRB5_ENCDATA_insert(st, val, i) SKM_sk_insert(KRB5_ENCDATA, (st), (val), (i)) | 892 | #define sk_KRB5_ENCDATA_insert(st, val, i) SKM_sk_insert(KRB5_ENCDATA, (st), (val), (i)) |
| @@ -683,6 +908,7 @@ STACK_OF(type) \ | |||
| 683 | #define sk_KRB5_ENCKEY_push(st, val) SKM_sk_push(KRB5_ENCKEY, (st), (val)) | 908 | #define sk_KRB5_ENCKEY_push(st, val) SKM_sk_push(KRB5_ENCKEY, (st), (val)) |
| 684 | #define sk_KRB5_ENCKEY_unshift(st, val) SKM_sk_unshift(KRB5_ENCKEY, (st), (val)) | 909 | #define sk_KRB5_ENCKEY_unshift(st, val) SKM_sk_unshift(KRB5_ENCKEY, (st), (val)) |
| 685 | #define sk_KRB5_ENCKEY_find(st, val) SKM_sk_find(KRB5_ENCKEY, (st), (val)) | 910 | #define sk_KRB5_ENCKEY_find(st, val) SKM_sk_find(KRB5_ENCKEY, (st), (val)) |
| 911 | #define sk_KRB5_ENCKEY_find_ex(st, val) SKM_sk_find_ex(KRB5_ENCKEY, (st), (val)) | ||
| 686 | #define sk_KRB5_ENCKEY_delete(st, i) SKM_sk_delete(KRB5_ENCKEY, (st), (i)) | 912 | #define sk_KRB5_ENCKEY_delete(st, i) SKM_sk_delete(KRB5_ENCKEY, (st), (i)) |
| 687 | #define sk_KRB5_ENCKEY_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_ENCKEY, (st), (ptr)) | 913 | #define sk_KRB5_ENCKEY_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_ENCKEY, (st), (ptr)) |
| 688 | #define sk_KRB5_ENCKEY_insert(st, val, i) SKM_sk_insert(KRB5_ENCKEY, (st), (val), (i)) | 914 | #define sk_KRB5_ENCKEY_insert(st, val, i) SKM_sk_insert(KRB5_ENCKEY, (st), (val), (i)) |
| @@ -704,6 +930,7 @@ STACK_OF(type) \ | |||
| 704 | #define sk_KRB5_PRINCNAME_push(st, val) SKM_sk_push(KRB5_PRINCNAME, (st), (val)) | 930 | #define sk_KRB5_PRINCNAME_push(st, val) SKM_sk_push(KRB5_PRINCNAME, (st), (val)) |
| 705 | #define sk_KRB5_PRINCNAME_unshift(st, val) SKM_sk_unshift(KRB5_PRINCNAME, (st), (val)) | 931 | #define sk_KRB5_PRINCNAME_unshift(st, val) SKM_sk_unshift(KRB5_PRINCNAME, (st), (val)) |
| 706 | #define sk_KRB5_PRINCNAME_find(st, val) SKM_sk_find(KRB5_PRINCNAME, (st), (val)) | 932 | #define sk_KRB5_PRINCNAME_find(st, val) SKM_sk_find(KRB5_PRINCNAME, (st), (val)) |
| 933 | #define sk_KRB5_PRINCNAME_find_ex(st, val) SKM_sk_find_ex(KRB5_PRINCNAME, (st), (val)) | ||
| 707 | #define sk_KRB5_PRINCNAME_delete(st, i) SKM_sk_delete(KRB5_PRINCNAME, (st), (i)) | 934 | #define sk_KRB5_PRINCNAME_delete(st, i) SKM_sk_delete(KRB5_PRINCNAME, (st), (i)) |
| 708 | #define sk_KRB5_PRINCNAME_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_PRINCNAME, (st), (ptr)) | 935 | #define sk_KRB5_PRINCNAME_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_PRINCNAME, (st), (ptr)) |
| 709 | #define sk_KRB5_PRINCNAME_insert(st, val, i) SKM_sk_insert(KRB5_PRINCNAME, (st), (val), (i)) | 936 | #define sk_KRB5_PRINCNAME_insert(st, val, i) SKM_sk_insert(KRB5_PRINCNAME, (st), (val), (i)) |
| @@ -725,6 +952,7 @@ STACK_OF(type) \ | |||
| 725 | #define sk_KRB5_TKTBODY_push(st, val) SKM_sk_push(KRB5_TKTBODY, (st), (val)) | 952 | #define sk_KRB5_TKTBODY_push(st, val) SKM_sk_push(KRB5_TKTBODY, (st), (val)) |
| 726 | #define sk_KRB5_TKTBODY_unshift(st, val) SKM_sk_unshift(KRB5_TKTBODY, (st), (val)) | 953 | #define sk_KRB5_TKTBODY_unshift(st, val) SKM_sk_unshift(KRB5_TKTBODY, (st), (val)) |
| 727 | #define sk_KRB5_TKTBODY_find(st, val) SKM_sk_find(KRB5_TKTBODY, (st), (val)) | 954 | #define sk_KRB5_TKTBODY_find(st, val) SKM_sk_find(KRB5_TKTBODY, (st), (val)) |
| 955 | #define sk_KRB5_TKTBODY_find_ex(st, val) SKM_sk_find_ex(KRB5_TKTBODY, (st), (val)) | ||
| 728 | #define sk_KRB5_TKTBODY_delete(st, i) SKM_sk_delete(KRB5_TKTBODY, (st), (i)) | 956 | #define sk_KRB5_TKTBODY_delete(st, i) SKM_sk_delete(KRB5_TKTBODY, (st), (i)) |
| 729 | #define sk_KRB5_TKTBODY_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_TKTBODY, (st), (ptr)) | 957 | #define sk_KRB5_TKTBODY_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_TKTBODY, (st), (ptr)) |
| 730 | #define sk_KRB5_TKTBODY_insert(st, val, i) SKM_sk_insert(KRB5_TKTBODY, (st), (val), (i)) | 958 | #define sk_KRB5_TKTBODY_insert(st, val, i) SKM_sk_insert(KRB5_TKTBODY, (st), (val), (i)) |
| @@ -746,6 +974,7 @@ STACK_OF(type) \ | |||
| 746 | #define sk_MIME_HEADER_push(st, val) SKM_sk_push(MIME_HEADER, (st), (val)) | 974 | #define sk_MIME_HEADER_push(st, val) SKM_sk_push(MIME_HEADER, (st), (val)) |
| 747 | #define sk_MIME_HEADER_unshift(st, val) SKM_sk_unshift(MIME_HEADER, (st), (val)) | 975 | #define sk_MIME_HEADER_unshift(st, val) SKM_sk_unshift(MIME_HEADER, (st), (val)) |
| 748 | #define sk_MIME_HEADER_find(st, val) SKM_sk_find(MIME_HEADER, (st), (val)) | 976 | #define sk_MIME_HEADER_find(st, val) SKM_sk_find(MIME_HEADER, (st), (val)) |
| 977 | #define sk_MIME_HEADER_find_ex(st, val) SKM_sk_find_ex(MIME_HEADER, (st), (val)) | ||
| 749 | #define sk_MIME_HEADER_delete(st, i) SKM_sk_delete(MIME_HEADER, (st), (i)) | 978 | #define sk_MIME_HEADER_delete(st, i) SKM_sk_delete(MIME_HEADER, (st), (i)) |
| 750 | #define sk_MIME_HEADER_delete_ptr(st, ptr) SKM_sk_delete_ptr(MIME_HEADER, (st), (ptr)) | 979 | #define sk_MIME_HEADER_delete_ptr(st, ptr) SKM_sk_delete_ptr(MIME_HEADER, (st), (ptr)) |
| 751 | #define sk_MIME_HEADER_insert(st, val, i) SKM_sk_insert(MIME_HEADER, (st), (val), (i)) | 980 | #define sk_MIME_HEADER_insert(st, val, i) SKM_sk_insert(MIME_HEADER, (st), (val), (i)) |
| @@ -767,6 +996,7 @@ STACK_OF(type) \ | |||
| 767 | #define sk_MIME_PARAM_push(st, val) SKM_sk_push(MIME_PARAM, (st), (val)) | 996 | #define sk_MIME_PARAM_push(st, val) SKM_sk_push(MIME_PARAM, (st), (val)) |
| 768 | #define sk_MIME_PARAM_unshift(st, val) SKM_sk_unshift(MIME_PARAM, (st), (val)) | 997 | #define sk_MIME_PARAM_unshift(st, val) SKM_sk_unshift(MIME_PARAM, (st), (val)) |
| 769 | #define sk_MIME_PARAM_find(st, val) SKM_sk_find(MIME_PARAM, (st), (val)) | 998 | #define sk_MIME_PARAM_find(st, val) SKM_sk_find(MIME_PARAM, (st), (val)) |
| 999 | #define sk_MIME_PARAM_find_ex(st, val) SKM_sk_find_ex(MIME_PARAM, (st), (val)) | ||
| 770 | #define sk_MIME_PARAM_delete(st, i) SKM_sk_delete(MIME_PARAM, (st), (i)) | 1000 | #define sk_MIME_PARAM_delete(st, i) SKM_sk_delete(MIME_PARAM, (st), (i)) |
| 771 | #define sk_MIME_PARAM_delete_ptr(st, ptr) SKM_sk_delete_ptr(MIME_PARAM, (st), (ptr)) | 1001 | #define sk_MIME_PARAM_delete_ptr(st, ptr) SKM_sk_delete_ptr(MIME_PARAM, (st), (ptr)) |
| 772 | #define sk_MIME_PARAM_insert(st, val, i) SKM_sk_insert(MIME_PARAM, (st), (val), (i)) | 1002 | #define sk_MIME_PARAM_insert(st, val, i) SKM_sk_insert(MIME_PARAM, (st), (val), (i)) |
| @@ -788,6 +1018,7 @@ STACK_OF(type) \ | |||
| 788 | #define sk_NAME_FUNCS_push(st, val) SKM_sk_push(NAME_FUNCS, (st), (val)) | 1018 | #define sk_NAME_FUNCS_push(st, val) SKM_sk_push(NAME_FUNCS, (st), (val)) |
| 789 | #define sk_NAME_FUNCS_unshift(st, val) SKM_sk_unshift(NAME_FUNCS, (st), (val)) | 1019 | #define sk_NAME_FUNCS_unshift(st, val) SKM_sk_unshift(NAME_FUNCS, (st), (val)) |
| 790 | #define sk_NAME_FUNCS_find(st, val) SKM_sk_find(NAME_FUNCS, (st), (val)) | 1020 | #define sk_NAME_FUNCS_find(st, val) SKM_sk_find(NAME_FUNCS, (st), (val)) |
| 1021 | #define sk_NAME_FUNCS_find_ex(st, val) SKM_sk_find_ex(NAME_FUNCS, (st), (val)) | ||
| 791 | #define sk_NAME_FUNCS_delete(st, i) SKM_sk_delete(NAME_FUNCS, (st), (i)) | 1022 | #define sk_NAME_FUNCS_delete(st, i) SKM_sk_delete(NAME_FUNCS, (st), (i)) |
| 792 | #define sk_NAME_FUNCS_delete_ptr(st, ptr) SKM_sk_delete_ptr(NAME_FUNCS, (st), (ptr)) | 1023 | #define sk_NAME_FUNCS_delete_ptr(st, ptr) SKM_sk_delete_ptr(NAME_FUNCS, (st), (ptr)) |
| 793 | #define sk_NAME_FUNCS_insert(st, val, i) SKM_sk_insert(NAME_FUNCS, (st), (val), (i)) | 1024 | #define sk_NAME_FUNCS_insert(st, val, i) SKM_sk_insert(NAME_FUNCS, (st), (val), (i)) |
| @@ -809,6 +1040,7 @@ STACK_OF(type) \ | |||
| 809 | #define sk_OCSP_CERTID_push(st, val) SKM_sk_push(OCSP_CERTID, (st), (val)) | 1040 | #define sk_OCSP_CERTID_push(st, val) SKM_sk_push(OCSP_CERTID, (st), (val)) |
| 810 | #define sk_OCSP_CERTID_unshift(st, val) SKM_sk_unshift(OCSP_CERTID, (st), (val)) | 1041 | #define sk_OCSP_CERTID_unshift(st, val) SKM_sk_unshift(OCSP_CERTID, (st), (val)) |
| 811 | #define sk_OCSP_CERTID_find(st, val) SKM_sk_find(OCSP_CERTID, (st), (val)) | 1042 | #define sk_OCSP_CERTID_find(st, val) SKM_sk_find(OCSP_CERTID, (st), (val)) |
| 1043 | #define sk_OCSP_CERTID_find_ex(st, val) SKM_sk_find_ex(OCSP_CERTID, (st), (val)) | ||
| 812 | #define sk_OCSP_CERTID_delete(st, i) SKM_sk_delete(OCSP_CERTID, (st), (i)) | 1044 | #define sk_OCSP_CERTID_delete(st, i) SKM_sk_delete(OCSP_CERTID, (st), (i)) |
| 813 | #define sk_OCSP_CERTID_delete_ptr(st, ptr) SKM_sk_delete_ptr(OCSP_CERTID, (st), (ptr)) | 1045 | #define sk_OCSP_CERTID_delete_ptr(st, ptr) SKM_sk_delete_ptr(OCSP_CERTID, (st), (ptr)) |
| 814 | #define sk_OCSP_CERTID_insert(st, val, i) SKM_sk_insert(OCSP_CERTID, (st), (val), (i)) | 1046 | #define sk_OCSP_CERTID_insert(st, val, i) SKM_sk_insert(OCSP_CERTID, (st), (val), (i)) |
| @@ -830,6 +1062,7 @@ STACK_OF(type) \ | |||
| 830 | #define sk_OCSP_ONEREQ_push(st, val) SKM_sk_push(OCSP_ONEREQ, (st), (val)) | 1062 | #define sk_OCSP_ONEREQ_push(st, val) SKM_sk_push(OCSP_ONEREQ, (st), (val)) |
| 831 | #define sk_OCSP_ONEREQ_unshift(st, val) SKM_sk_unshift(OCSP_ONEREQ, (st), (val)) | 1063 | #define sk_OCSP_ONEREQ_unshift(st, val) SKM_sk_unshift(OCSP_ONEREQ, (st), (val)) |
| 832 | #define sk_OCSP_ONEREQ_find(st, val) SKM_sk_find(OCSP_ONEREQ, (st), (val)) | 1064 | #define sk_OCSP_ONEREQ_find(st, val) SKM_sk_find(OCSP_ONEREQ, (st), (val)) |
| 1065 | #define sk_OCSP_ONEREQ_find_ex(st, val) SKM_sk_find_ex(OCSP_ONEREQ, (st), (val)) | ||
| 833 | #define sk_OCSP_ONEREQ_delete(st, i) SKM_sk_delete(OCSP_ONEREQ, (st), (i)) | 1066 | #define sk_OCSP_ONEREQ_delete(st, i) SKM_sk_delete(OCSP_ONEREQ, (st), (i)) |
| 834 | #define sk_OCSP_ONEREQ_delete_ptr(st, ptr) SKM_sk_delete_ptr(OCSP_ONEREQ, (st), (ptr)) | 1067 | #define sk_OCSP_ONEREQ_delete_ptr(st, ptr) SKM_sk_delete_ptr(OCSP_ONEREQ, (st), (ptr)) |
| 835 | #define sk_OCSP_ONEREQ_insert(st, val, i) SKM_sk_insert(OCSP_ONEREQ, (st), (val), (i)) | 1068 | #define sk_OCSP_ONEREQ_insert(st, val, i) SKM_sk_insert(OCSP_ONEREQ, (st), (val), (i)) |
| @@ -841,6 +1074,28 @@ STACK_OF(type) \ | |||
| 841 | #define sk_OCSP_ONEREQ_sort(st) SKM_sk_sort(OCSP_ONEREQ, (st)) | 1074 | #define sk_OCSP_ONEREQ_sort(st) SKM_sk_sort(OCSP_ONEREQ, (st)) |
| 842 | #define sk_OCSP_ONEREQ_is_sorted(st) SKM_sk_is_sorted(OCSP_ONEREQ, (st)) | 1075 | #define sk_OCSP_ONEREQ_is_sorted(st) SKM_sk_is_sorted(OCSP_ONEREQ, (st)) |
| 843 | 1076 | ||
| 1077 | #define sk_OCSP_RESPID_new(st) SKM_sk_new(OCSP_RESPID, (st)) | ||
| 1078 | #define sk_OCSP_RESPID_new_null() SKM_sk_new_null(OCSP_RESPID) | ||
| 1079 | #define sk_OCSP_RESPID_free(st) SKM_sk_free(OCSP_RESPID, (st)) | ||
| 1080 | #define sk_OCSP_RESPID_num(st) SKM_sk_num(OCSP_RESPID, (st)) | ||
| 1081 | #define sk_OCSP_RESPID_value(st, i) SKM_sk_value(OCSP_RESPID, (st), (i)) | ||
| 1082 | #define sk_OCSP_RESPID_set(st, i, val) SKM_sk_set(OCSP_RESPID, (st), (i), (val)) | ||
| 1083 | #define sk_OCSP_RESPID_zero(st) SKM_sk_zero(OCSP_RESPID, (st)) | ||
| 1084 | #define sk_OCSP_RESPID_push(st, val) SKM_sk_push(OCSP_RESPID, (st), (val)) | ||
| 1085 | #define sk_OCSP_RESPID_unshift(st, val) SKM_sk_unshift(OCSP_RESPID, (st), (val)) | ||
| 1086 | #define sk_OCSP_RESPID_find(st, val) SKM_sk_find(OCSP_RESPID, (st), (val)) | ||
| 1087 | #define sk_OCSP_RESPID_find_ex(st, val) SKM_sk_find_ex(OCSP_RESPID, (st), (val)) | ||
| 1088 | #define sk_OCSP_RESPID_delete(st, i) SKM_sk_delete(OCSP_RESPID, (st), (i)) | ||
| 1089 | #define sk_OCSP_RESPID_delete_ptr(st, ptr) SKM_sk_delete_ptr(OCSP_RESPID, (st), (ptr)) | ||
| 1090 | #define sk_OCSP_RESPID_insert(st, val, i) SKM_sk_insert(OCSP_RESPID, (st), (val), (i)) | ||
| 1091 | #define sk_OCSP_RESPID_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(OCSP_RESPID, (st), (cmp)) | ||
| 1092 | #define sk_OCSP_RESPID_dup(st) SKM_sk_dup(OCSP_RESPID, st) | ||
| 1093 | #define sk_OCSP_RESPID_pop_free(st, free_func) SKM_sk_pop_free(OCSP_RESPID, (st), (free_func)) | ||
| 1094 | #define sk_OCSP_RESPID_shift(st) SKM_sk_shift(OCSP_RESPID, (st)) | ||
| 1095 | #define sk_OCSP_RESPID_pop(st) SKM_sk_pop(OCSP_RESPID, (st)) | ||
| 1096 | #define sk_OCSP_RESPID_sort(st) SKM_sk_sort(OCSP_RESPID, (st)) | ||
| 1097 | #define sk_OCSP_RESPID_is_sorted(st) SKM_sk_is_sorted(OCSP_RESPID, (st)) | ||
| 1098 | |||
| 844 | #define sk_OCSP_SINGLERESP_new(st) SKM_sk_new(OCSP_SINGLERESP, (st)) | 1099 | #define sk_OCSP_SINGLERESP_new(st) SKM_sk_new(OCSP_SINGLERESP, (st)) |
| 845 | #define sk_OCSP_SINGLERESP_new_null() SKM_sk_new_null(OCSP_SINGLERESP) | 1100 | #define sk_OCSP_SINGLERESP_new_null() SKM_sk_new_null(OCSP_SINGLERESP) |
| 846 | #define sk_OCSP_SINGLERESP_free(st) SKM_sk_free(OCSP_SINGLERESP, (st)) | 1101 | #define sk_OCSP_SINGLERESP_free(st) SKM_sk_free(OCSP_SINGLERESP, (st)) |
| @@ -851,6 +1106,7 @@ STACK_OF(type) \ | |||
| 851 | #define sk_OCSP_SINGLERESP_push(st, val) SKM_sk_push(OCSP_SINGLERESP, (st), (val)) | 1106 | #define sk_OCSP_SINGLERESP_push(st, val) SKM_sk_push(OCSP_SINGLERESP, (st), (val)) |
| 852 | #define sk_OCSP_SINGLERESP_unshift(st, val) SKM_sk_unshift(OCSP_SINGLERESP, (st), (val)) | 1107 | #define sk_OCSP_SINGLERESP_unshift(st, val) SKM_sk_unshift(OCSP_SINGLERESP, (st), (val)) |
| 853 | #define sk_OCSP_SINGLERESP_find(st, val) SKM_sk_find(OCSP_SINGLERESP, (st), (val)) | 1108 | #define sk_OCSP_SINGLERESP_find(st, val) SKM_sk_find(OCSP_SINGLERESP, (st), (val)) |
| 1109 | #define sk_OCSP_SINGLERESP_find_ex(st, val) SKM_sk_find_ex(OCSP_SINGLERESP, (st), (val)) | ||
| 854 | #define sk_OCSP_SINGLERESP_delete(st, i) SKM_sk_delete(OCSP_SINGLERESP, (st), (i)) | 1110 | #define sk_OCSP_SINGLERESP_delete(st, i) SKM_sk_delete(OCSP_SINGLERESP, (st), (i)) |
| 855 | #define sk_OCSP_SINGLERESP_delete_ptr(st, ptr) SKM_sk_delete_ptr(OCSP_SINGLERESP, (st), (ptr)) | 1111 | #define sk_OCSP_SINGLERESP_delete_ptr(st, ptr) SKM_sk_delete_ptr(OCSP_SINGLERESP, (st), (ptr)) |
| 856 | #define sk_OCSP_SINGLERESP_insert(st, val, i) SKM_sk_insert(OCSP_SINGLERESP, (st), (val), (i)) | 1112 | #define sk_OCSP_SINGLERESP_insert(st, val, i) SKM_sk_insert(OCSP_SINGLERESP, (st), (val), (i)) |
| @@ -872,6 +1128,7 @@ STACK_OF(type) \ | |||
| 872 | #define sk_PKCS12_SAFEBAG_push(st, val) SKM_sk_push(PKCS12_SAFEBAG, (st), (val)) | 1128 | #define sk_PKCS12_SAFEBAG_push(st, val) SKM_sk_push(PKCS12_SAFEBAG, (st), (val)) |
| 873 | #define sk_PKCS12_SAFEBAG_unshift(st, val) SKM_sk_unshift(PKCS12_SAFEBAG, (st), (val)) | 1129 | #define sk_PKCS12_SAFEBAG_unshift(st, val) SKM_sk_unshift(PKCS12_SAFEBAG, (st), (val)) |
| 874 | #define sk_PKCS12_SAFEBAG_find(st, val) SKM_sk_find(PKCS12_SAFEBAG, (st), (val)) | 1130 | #define sk_PKCS12_SAFEBAG_find(st, val) SKM_sk_find(PKCS12_SAFEBAG, (st), (val)) |
| 1131 | #define sk_PKCS12_SAFEBAG_find_ex(st, val) SKM_sk_find_ex(PKCS12_SAFEBAG, (st), (val)) | ||
| 875 | #define sk_PKCS12_SAFEBAG_delete(st, i) SKM_sk_delete(PKCS12_SAFEBAG, (st), (i)) | 1132 | #define sk_PKCS12_SAFEBAG_delete(st, i) SKM_sk_delete(PKCS12_SAFEBAG, (st), (i)) |
| 876 | #define sk_PKCS12_SAFEBAG_delete_ptr(st, ptr) SKM_sk_delete_ptr(PKCS12_SAFEBAG, (st), (ptr)) | 1133 | #define sk_PKCS12_SAFEBAG_delete_ptr(st, ptr) SKM_sk_delete_ptr(PKCS12_SAFEBAG, (st), (ptr)) |
| 877 | #define sk_PKCS12_SAFEBAG_insert(st, val, i) SKM_sk_insert(PKCS12_SAFEBAG, (st), (val), (i)) | 1134 | #define sk_PKCS12_SAFEBAG_insert(st, val, i) SKM_sk_insert(PKCS12_SAFEBAG, (st), (val), (i)) |
| @@ -893,6 +1150,7 @@ STACK_OF(type) \ | |||
| 893 | #define sk_PKCS7_push(st, val) SKM_sk_push(PKCS7, (st), (val)) | 1150 | #define sk_PKCS7_push(st, val) SKM_sk_push(PKCS7, (st), (val)) |
| 894 | #define sk_PKCS7_unshift(st, val) SKM_sk_unshift(PKCS7, (st), (val)) | 1151 | #define sk_PKCS7_unshift(st, val) SKM_sk_unshift(PKCS7, (st), (val)) |
| 895 | #define sk_PKCS7_find(st, val) SKM_sk_find(PKCS7, (st), (val)) | 1152 | #define sk_PKCS7_find(st, val) SKM_sk_find(PKCS7, (st), (val)) |
| 1153 | #define sk_PKCS7_find_ex(st, val) SKM_sk_find_ex(PKCS7, (st), (val)) | ||
| 896 | #define sk_PKCS7_delete(st, i) SKM_sk_delete(PKCS7, (st), (i)) | 1154 | #define sk_PKCS7_delete(st, i) SKM_sk_delete(PKCS7, (st), (i)) |
| 897 | #define sk_PKCS7_delete_ptr(st, ptr) SKM_sk_delete_ptr(PKCS7, (st), (ptr)) | 1155 | #define sk_PKCS7_delete_ptr(st, ptr) SKM_sk_delete_ptr(PKCS7, (st), (ptr)) |
| 898 | #define sk_PKCS7_insert(st, val, i) SKM_sk_insert(PKCS7, (st), (val), (i)) | 1156 | #define sk_PKCS7_insert(st, val, i) SKM_sk_insert(PKCS7, (st), (val), (i)) |
| @@ -914,6 +1172,7 @@ STACK_OF(type) \ | |||
| 914 | #define sk_PKCS7_RECIP_INFO_push(st, val) SKM_sk_push(PKCS7_RECIP_INFO, (st), (val)) | 1172 | #define sk_PKCS7_RECIP_INFO_push(st, val) SKM_sk_push(PKCS7_RECIP_INFO, (st), (val)) |
| 915 | #define sk_PKCS7_RECIP_INFO_unshift(st, val) SKM_sk_unshift(PKCS7_RECIP_INFO, (st), (val)) | 1173 | #define sk_PKCS7_RECIP_INFO_unshift(st, val) SKM_sk_unshift(PKCS7_RECIP_INFO, (st), (val)) |
| 916 | #define sk_PKCS7_RECIP_INFO_find(st, val) SKM_sk_find(PKCS7_RECIP_INFO, (st), (val)) | 1174 | #define sk_PKCS7_RECIP_INFO_find(st, val) SKM_sk_find(PKCS7_RECIP_INFO, (st), (val)) |
| 1175 | #define sk_PKCS7_RECIP_INFO_find_ex(st, val) SKM_sk_find_ex(PKCS7_RECIP_INFO, (st), (val)) | ||
| 917 | #define sk_PKCS7_RECIP_INFO_delete(st, i) SKM_sk_delete(PKCS7_RECIP_INFO, (st), (i)) | 1176 | #define sk_PKCS7_RECIP_INFO_delete(st, i) SKM_sk_delete(PKCS7_RECIP_INFO, (st), (i)) |
| 918 | #define sk_PKCS7_RECIP_INFO_delete_ptr(st, ptr) SKM_sk_delete_ptr(PKCS7_RECIP_INFO, (st), (ptr)) | 1177 | #define sk_PKCS7_RECIP_INFO_delete_ptr(st, ptr) SKM_sk_delete_ptr(PKCS7_RECIP_INFO, (st), (ptr)) |
| 919 | #define sk_PKCS7_RECIP_INFO_insert(st, val, i) SKM_sk_insert(PKCS7_RECIP_INFO, (st), (val), (i)) | 1178 | #define sk_PKCS7_RECIP_INFO_insert(st, val, i) SKM_sk_insert(PKCS7_RECIP_INFO, (st), (val), (i)) |
| @@ -935,6 +1194,7 @@ STACK_OF(type) \ | |||
| 935 | #define sk_PKCS7_SIGNER_INFO_push(st, val) SKM_sk_push(PKCS7_SIGNER_INFO, (st), (val)) | 1194 | #define sk_PKCS7_SIGNER_INFO_push(st, val) SKM_sk_push(PKCS7_SIGNER_INFO, (st), (val)) |
| 936 | #define sk_PKCS7_SIGNER_INFO_unshift(st, val) SKM_sk_unshift(PKCS7_SIGNER_INFO, (st), (val)) | 1195 | #define sk_PKCS7_SIGNER_INFO_unshift(st, val) SKM_sk_unshift(PKCS7_SIGNER_INFO, (st), (val)) |
| 937 | #define sk_PKCS7_SIGNER_INFO_find(st, val) SKM_sk_find(PKCS7_SIGNER_INFO, (st), (val)) | 1196 | #define sk_PKCS7_SIGNER_INFO_find(st, val) SKM_sk_find(PKCS7_SIGNER_INFO, (st), (val)) |
| 1197 | #define sk_PKCS7_SIGNER_INFO_find_ex(st, val) SKM_sk_find_ex(PKCS7_SIGNER_INFO, (st), (val)) | ||
| 938 | #define sk_PKCS7_SIGNER_INFO_delete(st, i) SKM_sk_delete(PKCS7_SIGNER_INFO, (st), (i)) | 1198 | #define sk_PKCS7_SIGNER_INFO_delete(st, i) SKM_sk_delete(PKCS7_SIGNER_INFO, (st), (i)) |
| 939 | #define sk_PKCS7_SIGNER_INFO_delete_ptr(st, ptr) SKM_sk_delete_ptr(PKCS7_SIGNER_INFO, (st), (ptr)) | 1199 | #define sk_PKCS7_SIGNER_INFO_delete_ptr(st, ptr) SKM_sk_delete_ptr(PKCS7_SIGNER_INFO, (st), (ptr)) |
| 940 | #define sk_PKCS7_SIGNER_INFO_insert(st, val, i) SKM_sk_insert(PKCS7_SIGNER_INFO, (st), (val), (i)) | 1200 | #define sk_PKCS7_SIGNER_INFO_insert(st, val, i) SKM_sk_insert(PKCS7_SIGNER_INFO, (st), (val), (i)) |
| @@ -956,6 +1216,7 @@ STACK_OF(type) \ | |||
| 956 | #define sk_POLICYINFO_push(st, val) SKM_sk_push(POLICYINFO, (st), (val)) | 1216 | #define sk_POLICYINFO_push(st, val) SKM_sk_push(POLICYINFO, (st), (val)) |
| 957 | #define sk_POLICYINFO_unshift(st, val) SKM_sk_unshift(POLICYINFO, (st), (val)) | 1217 | #define sk_POLICYINFO_unshift(st, val) SKM_sk_unshift(POLICYINFO, (st), (val)) |
| 958 | #define sk_POLICYINFO_find(st, val) SKM_sk_find(POLICYINFO, (st), (val)) | 1218 | #define sk_POLICYINFO_find(st, val) SKM_sk_find(POLICYINFO, (st), (val)) |
| 1219 | #define sk_POLICYINFO_find_ex(st, val) SKM_sk_find_ex(POLICYINFO, (st), (val)) | ||
| 959 | #define sk_POLICYINFO_delete(st, i) SKM_sk_delete(POLICYINFO, (st), (i)) | 1220 | #define sk_POLICYINFO_delete(st, i) SKM_sk_delete(POLICYINFO, (st), (i)) |
| 960 | #define sk_POLICYINFO_delete_ptr(st, ptr) SKM_sk_delete_ptr(POLICYINFO, (st), (ptr)) | 1221 | #define sk_POLICYINFO_delete_ptr(st, ptr) SKM_sk_delete_ptr(POLICYINFO, (st), (ptr)) |
| 961 | #define sk_POLICYINFO_insert(st, val, i) SKM_sk_insert(POLICYINFO, (st), (val), (i)) | 1222 | #define sk_POLICYINFO_insert(st, val, i) SKM_sk_insert(POLICYINFO, (st), (val), (i)) |
| @@ -977,6 +1238,7 @@ STACK_OF(type) \ | |||
| 977 | #define sk_POLICYQUALINFO_push(st, val) SKM_sk_push(POLICYQUALINFO, (st), (val)) | 1238 | #define sk_POLICYQUALINFO_push(st, val) SKM_sk_push(POLICYQUALINFO, (st), (val)) |
| 978 | #define sk_POLICYQUALINFO_unshift(st, val) SKM_sk_unshift(POLICYQUALINFO, (st), (val)) | 1239 | #define sk_POLICYQUALINFO_unshift(st, val) SKM_sk_unshift(POLICYQUALINFO, (st), (val)) |
| 979 | #define sk_POLICYQUALINFO_find(st, val) SKM_sk_find(POLICYQUALINFO, (st), (val)) | 1240 | #define sk_POLICYQUALINFO_find(st, val) SKM_sk_find(POLICYQUALINFO, (st), (val)) |
| 1241 | #define sk_POLICYQUALINFO_find_ex(st, val) SKM_sk_find_ex(POLICYQUALINFO, (st), (val)) | ||
| 980 | #define sk_POLICYQUALINFO_delete(st, i) SKM_sk_delete(POLICYQUALINFO, (st), (i)) | 1242 | #define sk_POLICYQUALINFO_delete(st, i) SKM_sk_delete(POLICYQUALINFO, (st), (i)) |
| 981 | #define sk_POLICYQUALINFO_delete_ptr(st, ptr) SKM_sk_delete_ptr(POLICYQUALINFO, (st), (ptr)) | 1243 | #define sk_POLICYQUALINFO_delete_ptr(st, ptr) SKM_sk_delete_ptr(POLICYQUALINFO, (st), (ptr)) |
| 982 | #define sk_POLICYQUALINFO_insert(st, val, i) SKM_sk_insert(POLICYQUALINFO, (st), (val), (i)) | 1244 | #define sk_POLICYQUALINFO_insert(st, val, i) SKM_sk_insert(POLICYQUALINFO, (st), (val), (i)) |
| @@ -988,6 +1250,28 @@ STACK_OF(type) \ | |||
| 988 | #define sk_POLICYQUALINFO_sort(st) SKM_sk_sort(POLICYQUALINFO, (st)) | 1250 | #define sk_POLICYQUALINFO_sort(st) SKM_sk_sort(POLICYQUALINFO, (st)) |
| 989 | #define sk_POLICYQUALINFO_is_sorted(st) SKM_sk_is_sorted(POLICYQUALINFO, (st)) | 1251 | #define sk_POLICYQUALINFO_is_sorted(st) SKM_sk_is_sorted(POLICYQUALINFO, (st)) |
| 990 | 1252 | ||
| 1253 | #define sk_POLICY_MAPPING_new(st) SKM_sk_new(POLICY_MAPPING, (st)) | ||
| 1254 | #define sk_POLICY_MAPPING_new_null() SKM_sk_new_null(POLICY_MAPPING) | ||
| 1255 | #define sk_POLICY_MAPPING_free(st) SKM_sk_free(POLICY_MAPPING, (st)) | ||
| 1256 | #define sk_POLICY_MAPPING_num(st) SKM_sk_num(POLICY_MAPPING, (st)) | ||
| 1257 | #define sk_POLICY_MAPPING_value(st, i) SKM_sk_value(POLICY_MAPPING, (st), (i)) | ||
| 1258 | #define sk_POLICY_MAPPING_set(st, i, val) SKM_sk_set(POLICY_MAPPING, (st), (i), (val)) | ||
| 1259 | #define sk_POLICY_MAPPING_zero(st) SKM_sk_zero(POLICY_MAPPING, (st)) | ||
| 1260 | #define sk_POLICY_MAPPING_push(st, val) SKM_sk_push(POLICY_MAPPING, (st), (val)) | ||
| 1261 | #define sk_POLICY_MAPPING_unshift(st, val) SKM_sk_unshift(POLICY_MAPPING, (st), (val)) | ||
| 1262 | #define sk_POLICY_MAPPING_find(st, val) SKM_sk_find(POLICY_MAPPING, (st), (val)) | ||
| 1263 | #define sk_POLICY_MAPPING_find_ex(st, val) SKM_sk_find_ex(POLICY_MAPPING, (st), (val)) | ||
| 1264 | #define sk_POLICY_MAPPING_delete(st, i) SKM_sk_delete(POLICY_MAPPING, (st), (i)) | ||
| 1265 | #define sk_POLICY_MAPPING_delete_ptr(st, ptr) SKM_sk_delete_ptr(POLICY_MAPPING, (st), (ptr)) | ||
| 1266 | #define sk_POLICY_MAPPING_insert(st, val, i) SKM_sk_insert(POLICY_MAPPING, (st), (val), (i)) | ||
| 1267 | #define sk_POLICY_MAPPING_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(POLICY_MAPPING, (st), (cmp)) | ||
| 1268 | #define sk_POLICY_MAPPING_dup(st) SKM_sk_dup(POLICY_MAPPING, st) | ||
| 1269 | #define sk_POLICY_MAPPING_pop_free(st, free_func) SKM_sk_pop_free(POLICY_MAPPING, (st), (free_func)) | ||
| 1270 | #define sk_POLICY_MAPPING_shift(st) SKM_sk_shift(POLICY_MAPPING, (st)) | ||
| 1271 | #define sk_POLICY_MAPPING_pop(st) SKM_sk_pop(POLICY_MAPPING, (st)) | ||
| 1272 | #define sk_POLICY_MAPPING_sort(st) SKM_sk_sort(POLICY_MAPPING, (st)) | ||
| 1273 | #define sk_POLICY_MAPPING_is_sorted(st) SKM_sk_is_sorted(POLICY_MAPPING, (st)) | ||
| 1274 | |||
| 991 | #define sk_SSL_CIPHER_new(st) SKM_sk_new(SSL_CIPHER, (st)) | 1275 | #define sk_SSL_CIPHER_new(st) SKM_sk_new(SSL_CIPHER, (st)) |
| 992 | #define sk_SSL_CIPHER_new_null() SKM_sk_new_null(SSL_CIPHER) | 1276 | #define sk_SSL_CIPHER_new_null() SKM_sk_new_null(SSL_CIPHER) |
| 993 | #define sk_SSL_CIPHER_free(st) SKM_sk_free(SSL_CIPHER, (st)) | 1277 | #define sk_SSL_CIPHER_free(st) SKM_sk_free(SSL_CIPHER, (st)) |
| @@ -998,6 +1282,7 @@ STACK_OF(type) \ | |||
| 998 | #define sk_SSL_CIPHER_push(st, val) SKM_sk_push(SSL_CIPHER, (st), (val)) | 1282 | #define sk_SSL_CIPHER_push(st, val) SKM_sk_push(SSL_CIPHER, (st), (val)) |
| 999 | #define sk_SSL_CIPHER_unshift(st, val) SKM_sk_unshift(SSL_CIPHER, (st), (val)) | 1283 | #define sk_SSL_CIPHER_unshift(st, val) SKM_sk_unshift(SSL_CIPHER, (st), (val)) |
| 1000 | #define sk_SSL_CIPHER_find(st, val) SKM_sk_find(SSL_CIPHER, (st), (val)) | 1284 | #define sk_SSL_CIPHER_find(st, val) SKM_sk_find(SSL_CIPHER, (st), (val)) |
| 1285 | #define sk_SSL_CIPHER_find_ex(st, val) SKM_sk_find_ex(SSL_CIPHER, (st), (val)) | ||
| 1001 | #define sk_SSL_CIPHER_delete(st, i) SKM_sk_delete(SSL_CIPHER, (st), (i)) | 1286 | #define sk_SSL_CIPHER_delete(st, i) SKM_sk_delete(SSL_CIPHER, (st), (i)) |
| 1002 | #define sk_SSL_CIPHER_delete_ptr(st, ptr) SKM_sk_delete_ptr(SSL_CIPHER, (st), (ptr)) | 1287 | #define sk_SSL_CIPHER_delete_ptr(st, ptr) SKM_sk_delete_ptr(SSL_CIPHER, (st), (ptr)) |
| 1003 | #define sk_SSL_CIPHER_insert(st, val, i) SKM_sk_insert(SSL_CIPHER, (st), (val), (i)) | 1288 | #define sk_SSL_CIPHER_insert(st, val, i) SKM_sk_insert(SSL_CIPHER, (st), (val), (i)) |
| @@ -1019,6 +1304,7 @@ STACK_OF(type) \ | |||
| 1019 | #define sk_SSL_COMP_push(st, val) SKM_sk_push(SSL_COMP, (st), (val)) | 1304 | #define sk_SSL_COMP_push(st, val) SKM_sk_push(SSL_COMP, (st), (val)) |
| 1020 | #define sk_SSL_COMP_unshift(st, val) SKM_sk_unshift(SSL_COMP, (st), (val)) | 1305 | #define sk_SSL_COMP_unshift(st, val) SKM_sk_unshift(SSL_COMP, (st), (val)) |
| 1021 | #define sk_SSL_COMP_find(st, val) SKM_sk_find(SSL_COMP, (st), (val)) | 1306 | #define sk_SSL_COMP_find(st, val) SKM_sk_find(SSL_COMP, (st), (val)) |
| 1307 | #define sk_SSL_COMP_find_ex(st, val) SKM_sk_find_ex(SSL_COMP, (st), (val)) | ||
| 1022 | #define sk_SSL_COMP_delete(st, i) SKM_sk_delete(SSL_COMP, (st), (i)) | 1308 | #define sk_SSL_COMP_delete(st, i) SKM_sk_delete(SSL_COMP, (st), (i)) |
| 1023 | #define sk_SSL_COMP_delete_ptr(st, ptr) SKM_sk_delete_ptr(SSL_COMP, (st), (ptr)) | 1309 | #define sk_SSL_COMP_delete_ptr(st, ptr) SKM_sk_delete_ptr(SSL_COMP, (st), (ptr)) |
| 1024 | #define sk_SSL_COMP_insert(st, val, i) SKM_sk_insert(SSL_COMP, (st), (val), (i)) | 1310 | #define sk_SSL_COMP_insert(st, val, i) SKM_sk_insert(SSL_COMP, (st), (val), (i)) |
| @@ -1030,6 +1316,28 @@ STACK_OF(type) \ | |||
| 1030 | #define sk_SSL_COMP_sort(st) SKM_sk_sort(SSL_COMP, (st)) | 1316 | #define sk_SSL_COMP_sort(st) SKM_sk_sort(SSL_COMP, (st)) |
| 1031 | #define sk_SSL_COMP_is_sorted(st) SKM_sk_is_sorted(SSL_COMP, (st)) | 1317 | #define sk_SSL_COMP_is_sorted(st) SKM_sk_is_sorted(SSL_COMP, (st)) |
| 1032 | 1318 | ||
| 1319 | #define sk_STORE_OBJECT_new(st) SKM_sk_new(STORE_OBJECT, (st)) | ||
| 1320 | #define sk_STORE_OBJECT_new_null() SKM_sk_new_null(STORE_OBJECT) | ||
| 1321 | #define sk_STORE_OBJECT_free(st) SKM_sk_free(STORE_OBJECT, (st)) | ||
| 1322 | #define sk_STORE_OBJECT_num(st) SKM_sk_num(STORE_OBJECT, (st)) | ||
| 1323 | #define sk_STORE_OBJECT_value(st, i) SKM_sk_value(STORE_OBJECT, (st), (i)) | ||
| 1324 | #define sk_STORE_OBJECT_set(st, i, val) SKM_sk_set(STORE_OBJECT, (st), (i), (val)) | ||
| 1325 | #define sk_STORE_OBJECT_zero(st) SKM_sk_zero(STORE_OBJECT, (st)) | ||
| 1326 | #define sk_STORE_OBJECT_push(st, val) SKM_sk_push(STORE_OBJECT, (st), (val)) | ||
| 1327 | #define sk_STORE_OBJECT_unshift(st, val) SKM_sk_unshift(STORE_OBJECT, (st), (val)) | ||
| 1328 | #define sk_STORE_OBJECT_find(st, val) SKM_sk_find(STORE_OBJECT, (st), (val)) | ||
| 1329 | #define sk_STORE_OBJECT_find_ex(st, val) SKM_sk_find_ex(STORE_OBJECT, (st), (val)) | ||
| 1330 | #define sk_STORE_OBJECT_delete(st, i) SKM_sk_delete(STORE_OBJECT, (st), (i)) | ||
| 1331 | #define sk_STORE_OBJECT_delete_ptr(st, ptr) SKM_sk_delete_ptr(STORE_OBJECT, (st), (ptr)) | ||
| 1332 | #define sk_STORE_OBJECT_insert(st, val, i) SKM_sk_insert(STORE_OBJECT, (st), (val), (i)) | ||
| 1333 | #define sk_STORE_OBJECT_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(STORE_OBJECT, (st), (cmp)) | ||
| 1334 | #define sk_STORE_OBJECT_dup(st) SKM_sk_dup(STORE_OBJECT, st) | ||
| 1335 | #define sk_STORE_OBJECT_pop_free(st, free_func) SKM_sk_pop_free(STORE_OBJECT, (st), (free_func)) | ||
| 1336 | #define sk_STORE_OBJECT_shift(st) SKM_sk_shift(STORE_OBJECT, (st)) | ||
| 1337 | #define sk_STORE_OBJECT_pop(st) SKM_sk_pop(STORE_OBJECT, (st)) | ||
| 1338 | #define sk_STORE_OBJECT_sort(st) SKM_sk_sort(STORE_OBJECT, (st)) | ||
| 1339 | #define sk_STORE_OBJECT_is_sorted(st) SKM_sk_is_sorted(STORE_OBJECT, (st)) | ||
| 1340 | |||
| 1033 | #define sk_SXNETID_new(st) SKM_sk_new(SXNETID, (st)) | 1341 | #define sk_SXNETID_new(st) SKM_sk_new(SXNETID, (st)) |
| 1034 | #define sk_SXNETID_new_null() SKM_sk_new_null(SXNETID) | 1342 | #define sk_SXNETID_new_null() SKM_sk_new_null(SXNETID) |
| 1035 | #define sk_SXNETID_free(st) SKM_sk_free(SXNETID, (st)) | 1343 | #define sk_SXNETID_free(st) SKM_sk_free(SXNETID, (st)) |
| @@ -1040,6 +1348,7 @@ STACK_OF(type) \ | |||
| 1040 | #define sk_SXNETID_push(st, val) SKM_sk_push(SXNETID, (st), (val)) | 1348 | #define sk_SXNETID_push(st, val) SKM_sk_push(SXNETID, (st), (val)) |
| 1041 | #define sk_SXNETID_unshift(st, val) SKM_sk_unshift(SXNETID, (st), (val)) | 1349 | #define sk_SXNETID_unshift(st, val) SKM_sk_unshift(SXNETID, (st), (val)) |
| 1042 | #define sk_SXNETID_find(st, val) SKM_sk_find(SXNETID, (st), (val)) | 1350 | #define sk_SXNETID_find(st, val) SKM_sk_find(SXNETID, (st), (val)) |
| 1351 | #define sk_SXNETID_find_ex(st, val) SKM_sk_find_ex(SXNETID, (st), (val)) | ||
| 1043 | #define sk_SXNETID_delete(st, i) SKM_sk_delete(SXNETID, (st), (i)) | 1352 | #define sk_SXNETID_delete(st, i) SKM_sk_delete(SXNETID, (st), (i)) |
| 1044 | #define sk_SXNETID_delete_ptr(st, ptr) SKM_sk_delete_ptr(SXNETID, (st), (ptr)) | 1353 | #define sk_SXNETID_delete_ptr(st, ptr) SKM_sk_delete_ptr(SXNETID, (st), (ptr)) |
| 1045 | #define sk_SXNETID_insert(st, val, i) SKM_sk_insert(SXNETID, (st), (val), (i)) | 1354 | #define sk_SXNETID_insert(st, val, i) SKM_sk_insert(SXNETID, (st), (val), (i)) |
| @@ -1061,6 +1370,7 @@ STACK_OF(type) \ | |||
| 1061 | #define sk_UI_STRING_push(st, val) SKM_sk_push(UI_STRING, (st), (val)) | 1370 | #define sk_UI_STRING_push(st, val) SKM_sk_push(UI_STRING, (st), (val)) |
| 1062 | #define sk_UI_STRING_unshift(st, val) SKM_sk_unshift(UI_STRING, (st), (val)) | 1371 | #define sk_UI_STRING_unshift(st, val) SKM_sk_unshift(UI_STRING, (st), (val)) |
| 1063 | #define sk_UI_STRING_find(st, val) SKM_sk_find(UI_STRING, (st), (val)) | 1372 | #define sk_UI_STRING_find(st, val) SKM_sk_find(UI_STRING, (st), (val)) |
| 1373 | #define sk_UI_STRING_find_ex(st, val) SKM_sk_find_ex(UI_STRING, (st), (val)) | ||
| 1064 | #define sk_UI_STRING_delete(st, i) SKM_sk_delete(UI_STRING, (st), (i)) | 1374 | #define sk_UI_STRING_delete(st, i) SKM_sk_delete(UI_STRING, (st), (i)) |
| 1065 | #define sk_UI_STRING_delete_ptr(st, ptr) SKM_sk_delete_ptr(UI_STRING, (st), (ptr)) | 1375 | #define sk_UI_STRING_delete_ptr(st, ptr) SKM_sk_delete_ptr(UI_STRING, (st), (ptr)) |
| 1066 | #define sk_UI_STRING_insert(st, val, i) SKM_sk_insert(UI_STRING, (st), (val), (i)) | 1376 | #define sk_UI_STRING_insert(st, val, i) SKM_sk_insert(UI_STRING, (st), (val), (i)) |
| @@ -1082,6 +1392,7 @@ STACK_OF(type) \ | |||
| 1082 | #define sk_X509_push(st, val) SKM_sk_push(X509, (st), (val)) | 1392 | #define sk_X509_push(st, val) SKM_sk_push(X509, (st), (val)) |
| 1083 | #define sk_X509_unshift(st, val) SKM_sk_unshift(X509, (st), (val)) | 1393 | #define sk_X509_unshift(st, val) SKM_sk_unshift(X509, (st), (val)) |
| 1084 | #define sk_X509_find(st, val) SKM_sk_find(X509, (st), (val)) | 1394 | #define sk_X509_find(st, val) SKM_sk_find(X509, (st), (val)) |
| 1395 | #define sk_X509_find_ex(st, val) SKM_sk_find_ex(X509, (st), (val)) | ||
| 1085 | #define sk_X509_delete(st, i) SKM_sk_delete(X509, (st), (i)) | 1396 | #define sk_X509_delete(st, i) SKM_sk_delete(X509, (st), (i)) |
| 1086 | #define sk_X509_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509, (st), (ptr)) | 1397 | #define sk_X509_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509, (st), (ptr)) |
| 1087 | #define sk_X509_insert(st, val, i) SKM_sk_insert(X509, (st), (val), (i)) | 1398 | #define sk_X509_insert(st, val, i) SKM_sk_insert(X509, (st), (val), (i)) |
| @@ -1103,6 +1414,7 @@ STACK_OF(type) \ | |||
| 1103 | #define sk_X509V3_EXT_METHOD_push(st, val) SKM_sk_push(X509V3_EXT_METHOD, (st), (val)) | 1414 | #define sk_X509V3_EXT_METHOD_push(st, val) SKM_sk_push(X509V3_EXT_METHOD, (st), (val)) |
| 1104 | #define sk_X509V3_EXT_METHOD_unshift(st, val) SKM_sk_unshift(X509V3_EXT_METHOD, (st), (val)) | 1415 | #define sk_X509V3_EXT_METHOD_unshift(st, val) SKM_sk_unshift(X509V3_EXT_METHOD, (st), (val)) |
| 1105 | #define sk_X509V3_EXT_METHOD_find(st, val) SKM_sk_find(X509V3_EXT_METHOD, (st), (val)) | 1416 | #define sk_X509V3_EXT_METHOD_find(st, val) SKM_sk_find(X509V3_EXT_METHOD, (st), (val)) |
| 1417 | #define sk_X509V3_EXT_METHOD_find_ex(st, val) SKM_sk_find_ex(X509V3_EXT_METHOD, (st), (val)) | ||
| 1106 | #define sk_X509V3_EXT_METHOD_delete(st, i) SKM_sk_delete(X509V3_EXT_METHOD, (st), (i)) | 1418 | #define sk_X509V3_EXT_METHOD_delete(st, i) SKM_sk_delete(X509V3_EXT_METHOD, (st), (i)) |
| 1107 | #define sk_X509V3_EXT_METHOD_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509V3_EXT_METHOD, (st), (ptr)) | 1419 | #define sk_X509V3_EXT_METHOD_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509V3_EXT_METHOD, (st), (ptr)) |
| 1108 | #define sk_X509V3_EXT_METHOD_insert(st, val, i) SKM_sk_insert(X509V3_EXT_METHOD, (st), (val), (i)) | 1420 | #define sk_X509V3_EXT_METHOD_insert(st, val, i) SKM_sk_insert(X509V3_EXT_METHOD, (st), (val), (i)) |
| @@ -1124,6 +1436,7 @@ STACK_OF(type) \ | |||
| 1124 | #define sk_X509_ALGOR_push(st, val) SKM_sk_push(X509_ALGOR, (st), (val)) | 1436 | #define sk_X509_ALGOR_push(st, val) SKM_sk_push(X509_ALGOR, (st), (val)) |
| 1125 | #define sk_X509_ALGOR_unshift(st, val) SKM_sk_unshift(X509_ALGOR, (st), (val)) | 1437 | #define sk_X509_ALGOR_unshift(st, val) SKM_sk_unshift(X509_ALGOR, (st), (val)) |
| 1126 | #define sk_X509_ALGOR_find(st, val) SKM_sk_find(X509_ALGOR, (st), (val)) | 1438 | #define sk_X509_ALGOR_find(st, val) SKM_sk_find(X509_ALGOR, (st), (val)) |
| 1439 | #define sk_X509_ALGOR_find_ex(st, val) SKM_sk_find_ex(X509_ALGOR, (st), (val)) | ||
| 1127 | #define sk_X509_ALGOR_delete(st, i) SKM_sk_delete(X509_ALGOR, (st), (i)) | 1440 | #define sk_X509_ALGOR_delete(st, i) SKM_sk_delete(X509_ALGOR, (st), (i)) |
| 1128 | #define sk_X509_ALGOR_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_ALGOR, (st), (ptr)) | 1441 | #define sk_X509_ALGOR_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_ALGOR, (st), (ptr)) |
| 1129 | #define sk_X509_ALGOR_insert(st, val, i) SKM_sk_insert(X509_ALGOR, (st), (val), (i)) | 1442 | #define sk_X509_ALGOR_insert(st, val, i) SKM_sk_insert(X509_ALGOR, (st), (val), (i)) |
| @@ -1145,6 +1458,7 @@ STACK_OF(type) \ | |||
| 1145 | #define sk_X509_ATTRIBUTE_push(st, val) SKM_sk_push(X509_ATTRIBUTE, (st), (val)) | 1458 | #define sk_X509_ATTRIBUTE_push(st, val) SKM_sk_push(X509_ATTRIBUTE, (st), (val)) |
| 1146 | #define sk_X509_ATTRIBUTE_unshift(st, val) SKM_sk_unshift(X509_ATTRIBUTE, (st), (val)) | 1459 | #define sk_X509_ATTRIBUTE_unshift(st, val) SKM_sk_unshift(X509_ATTRIBUTE, (st), (val)) |
| 1147 | #define sk_X509_ATTRIBUTE_find(st, val) SKM_sk_find(X509_ATTRIBUTE, (st), (val)) | 1460 | #define sk_X509_ATTRIBUTE_find(st, val) SKM_sk_find(X509_ATTRIBUTE, (st), (val)) |
| 1461 | #define sk_X509_ATTRIBUTE_find_ex(st, val) SKM_sk_find_ex(X509_ATTRIBUTE, (st), (val)) | ||
| 1148 | #define sk_X509_ATTRIBUTE_delete(st, i) SKM_sk_delete(X509_ATTRIBUTE, (st), (i)) | 1462 | #define sk_X509_ATTRIBUTE_delete(st, i) SKM_sk_delete(X509_ATTRIBUTE, (st), (i)) |
| 1149 | #define sk_X509_ATTRIBUTE_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_ATTRIBUTE, (st), (ptr)) | 1463 | #define sk_X509_ATTRIBUTE_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_ATTRIBUTE, (st), (ptr)) |
| 1150 | #define sk_X509_ATTRIBUTE_insert(st, val, i) SKM_sk_insert(X509_ATTRIBUTE, (st), (val), (i)) | 1464 | #define sk_X509_ATTRIBUTE_insert(st, val, i) SKM_sk_insert(X509_ATTRIBUTE, (st), (val), (i)) |
| @@ -1166,6 +1480,7 @@ STACK_OF(type) \ | |||
| 1166 | #define sk_X509_CRL_push(st, val) SKM_sk_push(X509_CRL, (st), (val)) | 1480 | #define sk_X509_CRL_push(st, val) SKM_sk_push(X509_CRL, (st), (val)) |
| 1167 | #define sk_X509_CRL_unshift(st, val) SKM_sk_unshift(X509_CRL, (st), (val)) | 1481 | #define sk_X509_CRL_unshift(st, val) SKM_sk_unshift(X509_CRL, (st), (val)) |
| 1168 | #define sk_X509_CRL_find(st, val) SKM_sk_find(X509_CRL, (st), (val)) | 1482 | #define sk_X509_CRL_find(st, val) SKM_sk_find(X509_CRL, (st), (val)) |
| 1483 | #define sk_X509_CRL_find_ex(st, val) SKM_sk_find_ex(X509_CRL, (st), (val)) | ||
| 1169 | #define sk_X509_CRL_delete(st, i) SKM_sk_delete(X509_CRL, (st), (i)) | 1484 | #define sk_X509_CRL_delete(st, i) SKM_sk_delete(X509_CRL, (st), (i)) |
| 1170 | #define sk_X509_CRL_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_CRL, (st), (ptr)) | 1485 | #define sk_X509_CRL_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_CRL, (st), (ptr)) |
| 1171 | #define sk_X509_CRL_insert(st, val, i) SKM_sk_insert(X509_CRL, (st), (val), (i)) | 1486 | #define sk_X509_CRL_insert(st, val, i) SKM_sk_insert(X509_CRL, (st), (val), (i)) |
| @@ -1187,6 +1502,7 @@ STACK_OF(type) \ | |||
| 1187 | #define sk_X509_EXTENSION_push(st, val) SKM_sk_push(X509_EXTENSION, (st), (val)) | 1502 | #define sk_X509_EXTENSION_push(st, val) SKM_sk_push(X509_EXTENSION, (st), (val)) |
| 1188 | #define sk_X509_EXTENSION_unshift(st, val) SKM_sk_unshift(X509_EXTENSION, (st), (val)) | 1503 | #define sk_X509_EXTENSION_unshift(st, val) SKM_sk_unshift(X509_EXTENSION, (st), (val)) |
| 1189 | #define sk_X509_EXTENSION_find(st, val) SKM_sk_find(X509_EXTENSION, (st), (val)) | 1504 | #define sk_X509_EXTENSION_find(st, val) SKM_sk_find(X509_EXTENSION, (st), (val)) |
| 1505 | #define sk_X509_EXTENSION_find_ex(st, val) SKM_sk_find_ex(X509_EXTENSION, (st), (val)) | ||
| 1190 | #define sk_X509_EXTENSION_delete(st, i) SKM_sk_delete(X509_EXTENSION, (st), (i)) | 1506 | #define sk_X509_EXTENSION_delete(st, i) SKM_sk_delete(X509_EXTENSION, (st), (i)) |
| 1191 | #define sk_X509_EXTENSION_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_EXTENSION, (st), (ptr)) | 1507 | #define sk_X509_EXTENSION_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_EXTENSION, (st), (ptr)) |
| 1192 | #define sk_X509_EXTENSION_insert(st, val, i) SKM_sk_insert(X509_EXTENSION, (st), (val), (i)) | 1508 | #define sk_X509_EXTENSION_insert(st, val, i) SKM_sk_insert(X509_EXTENSION, (st), (val), (i)) |
| @@ -1208,6 +1524,7 @@ STACK_OF(type) \ | |||
| 1208 | #define sk_X509_INFO_push(st, val) SKM_sk_push(X509_INFO, (st), (val)) | 1524 | #define sk_X509_INFO_push(st, val) SKM_sk_push(X509_INFO, (st), (val)) |
| 1209 | #define sk_X509_INFO_unshift(st, val) SKM_sk_unshift(X509_INFO, (st), (val)) | 1525 | #define sk_X509_INFO_unshift(st, val) SKM_sk_unshift(X509_INFO, (st), (val)) |
| 1210 | #define sk_X509_INFO_find(st, val) SKM_sk_find(X509_INFO, (st), (val)) | 1526 | #define sk_X509_INFO_find(st, val) SKM_sk_find(X509_INFO, (st), (val)) |
| 1527 | #define sk_X509_INFO_find_ex(st, val) SKM_sk_find_ex(X509_INFO, (st), (val)) | ||
| 1211 | #define sk_X509_INFO_delete(st, i) SKM_sk_delete(X509_INFO, (st), (i)) | 1528 | #define sk_X509_INFO_delete(st, i) SKM_sk_delete(X509_INFO, (st), (i)) |
| 1212 | #define sk_X509_INFO_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_INFO, (st), (ptr)) | 1529 | #define sk_X509_INFO_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_INFO, (st), (ptr)) |
| 1213 | #define sk_X509_INFO_insert(st, val, i) SKM_sk_insert(X509_INFO, (st), (val), (i)) | 1530 | #define sk_X509_INFO_insert(st, val, i) SKM_sk_insert(X509_INFO, (st), (val), (i)) |
| @@ -1229,6 +1546,7 @@ STACK_OF(type) \ | |||
| 1229 | #define sk_X509_LOOKUP_push(st, val) SKM_sk_push(X509_LOOKUP, (st), (val)) | 1546 | #define sk_X509_LOOKUP_push(st, val) SKM_sk_push(X509_LOOKUP, (st), (val)) |
| 1230 | #define sk_X509_LOOKUP_unshift(st, val) SKM_sk_unshift(X509_LOOKUP, (st), (val)) | 1547 | #define sk_X509_LOOKUP_unshift(st, val) SKM_sk_unshift(X509_LOOKUP, (st), (val)) |
| 1231 | #define sk_X509_LOOKUP_find(st, val) SKM_sk_find(X509_LOOKUP, (st), (val)) | 1548 | #define sk_X509_LOOKUP_find(st, val) SKM_sk_find(X509_LOOKUP, (st), (val)) |
| 1549 | #define sk_X509_LOOKUP_find_ex(st, val) SKM_sk_find_ex(X509_LOOKUP, (st), (val)) | ||
| 1232 | #define sk_X509_LOOKUP_delete(st, i) SKM_sk_delete(X509_LOOKUP, (st), (i)) | 1550 | #define sk_X509_LOOKUP_delete(st, i) SKM_sk_delete(X509_LOOKUP, (st), (i)) |
| 1233 | #define sk_X509_LOOKUP_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_LOOKUP, (st), (ptr)) | 1551 | #define sk_X509_LOOKUP_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_LOOKUP, (st), (ptr)) |
| 1234 | #define sk_X509_LOOKUP_insert(st, val, i) SKM_sk_insert(X509_LOOKUP, (st), (val), (i)) | 1552 | #define sk_X509_LOOKUP_insert(st, val, i) SKM_sk_insert(X509_LOOKUP, (st), (val), (i)) |
| @@ -1250,6 +1568,7 @@ STACK_OF(type) \ | |||
| 1250 | #define sk_X509_NAME_push(st, val) SKM_sk_push(X509_NAME, (st), (val)) | 1568 | #define sk_X509_NAME_push(st, val) SKM_sk_push(X509_NAME, (st), (val)) |
| 1251 | #define sk_X509_NAME_unshift(st, val) SKM_sk_unshift(X509_NAME, (st), (val)) | 1569 | #define sk_X509_NAME_unshift(st, val) SKM_sk_unshift(X509_NAME, (st), (val)) |
| 1252 | #define sk_X509_NAME_find(st, val) SKM_sk_find(X509_NAME, (st), (val)) | 1570 | #define sk_X509_NAME_find(st, val) SKM_sk_find(X509_NAME, (st), (val)) |
| 1571 | #define sk_X509_NAME_find_ex(st, val) SKM_sk_find_ex(X509_NAME, (st), (val)) | ||
| 1253 | #define sk_X509_NAME_delete(st, i) SKM_sk_delete(X509_NAME, (st), (i)) | 1572 | #define sk_X509_NAME_delete(st, i) SKM_sk_delete(X509_NAME, (st), (i)) |
| 1254 | #define sk_X509_NAME_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_NAME, (st), (ptr)) | 1573 | #define sk_X509_NAME_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_NAME, (st), (ptr)) |
| 1255 | #define sk_X509_NAME_insert(st, val, i) SKM_sk_insert(X509_NAME, (st), (val), (i)) | 1574 | #define sk_X509_NAME_insert(st, val, i) SKM_sk_insert(X509_NAME, (st), (val), (i)) |
| @@ -1271,6 +1590,7 @@ STACK_OF(type) \ | |||
| 1271 | #define sk_X509_NAME_ENTRY_push(st, val) SKM_sk_push(X509_NAME_ENTRY, (st), (val)) | 1590 | #define sk_X509_NAME_ENTRY_push(st, val) SKM_sk_push(X509_NAME_ENTRY, (st), (val)) |
| 1272 | #define sk_X509_NAME_ENTRY_unshift(st, val) SKM_sk_unshift(X509_NAME_ENTRY, (st), (val)) | 1591 | #define sk_X509_NAME_ENTRY_unshift(st, val) SKM_sk_unshift(X509_NAME_ENTRY, (st), (val)) |
| 1273 | #define sk_X509_NAME_ENTRY_find(st, val) SKM_sk_find(X509_NAME_ENTRY, (st), (val)) | 1592 | #define sk_X509_NAME_ENTRY_find(st, val) SKM_sk_find(X509_NAME_ENTRY, (st), (val)) |
| 1593 | #define sk_X509_NAME_ENTRY_find_ex(st, val) SKM_sk_find_ex(X509_NAME_ENTRY, (st), (val)) | ||
| 1274 | #define sk_X509_NAME_ENTRY_delete(st, i) SKM_sk_delete(X509_NAME_ENTRY, (st), (i)) | 1594 | #define sk_X509_NAME_ENTRY_delete(st, i) SKM_sk_delete(X509_NAME_ENTRY, (st), (i)) |
| 1275 | #define sk_X509_NAME_ENTRY_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_NAME_ENTRY, (st), (ptr)) | 1595 | #define sk_X509_NAME_ENTRY_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_NAME_ENTRY, (st), (ptr)) |
| 1276 | #define sk_X509_NAME_ENTRY_insert(st, val, i) SKM_sk_insert(X509_NAME_ENTRY, (st), (val), (i)) | 1596 | #define sk_X509_NAME_ENTRY_insert(st, val, i) SKM_sk_insert(X509_NAME_ENTRY, (st), (val), (i)) |
| @@ -1292,6 +1612,7 @@ STACK_OF(type) \ | |||
| 1292 | #define sk_X509_OBJECT_push(st, val) SKM_sk_push(X509_OBJECT, (st), (val)) | 1612 | #define sk_X509_OBJECT_push(st, val) SKM_sk_push(X509_OBJECT, (st), (val)) |
| 1293 | #define sk_X509_OBJECT_unshift(st, val) SKM_sk_unshift(X509_OBJECT, (st), (val)) | 1613 | #define sk_X509_OBJECT_unshift(st, val) SKM_sk_unshift(X509_OBJECT, (st), (val)) |
| 1294 | #define sk_X509_OBJECT_find(st, val) SKM_sk_find(X509_OBJECT, (st), (val)) | 1614 | #define sk_X509_OBJECT_find(st, val) SKM_sk_find(X509_OBJECT, (st), (val)) |
| 1615 | #define sk_X509_OBJECT_find_ex(st, val) SKM_sk_find_ex(X509_OBJECT, (st), (val)) | ||
| 1295 | #define sk_X509_OBJECT_delete(st, i) SKM_sk_delete(X509_OBJECT, (st), (i)) | 1616 | #define sk_X509_OBJECT_delete(st, i) SKM_sk_delete(X509_OBJECT, (st), (i)) |
| 1296 | #define sk_X509_OBJECT_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_OBJECT, (st), (ptr)) | 1617 | #define sk_X509_OBJECT_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_OBJECT, (st), (ptr)) |
| 1297 | #define sk_X509_OBJECT_insert(st, val, i) SKM_sk_insert(X509_OBJECT, (st), (val), (i)) | 1618 | #define sk_X509_OBJECT_insert(st, val, i) SKM_sk_insert(X509_OBJECT, (st), (val), (i)) |
| @@ -1303,6 +1624,72 @@ STACK_OF(type) \ | |||
| 1303 | #define sk_X509_OBJECT_sort(st) SKM_sk_sort(X509_OBJECT, (st)) | 1624 | #define sk_X509_OBJECT_sort(st) SKM_sk_sort(X509_OBJECT, (st)) |
| 1304 | #define sk_X509_OBJECT_is_sorted(st) SKM_sk_is_sorted(X509_OBJECT, (st)) | 1625 | #define sk_X509_OBJECT_is_sorted(st) SKM_sk_is_sorted(X509_OBJECT, (st)) |
| 1305 | 1626 | ||
| 1627 | #define sk_X509_POLICY_DATA_new(st) SKM_sk_new(X509_POLICY_DATA, (st)) | ||
| 1628 | #define sk_X509_POLICY_DATA_new_null() SKM_sk_new_null(X509_POLICY_DATA) | ||
| 1629 | #define sk_X509_POLICY_DATA_free(st) SKM_sk_free(X509_POLICY_DATA, (st)) | ||
| 1630 | #define sk_X509_POLICY_DATA_num(st) SKM_sk_num(X509_POLICY_DATA, (st)) | ||
| 1631 | #define sk_X509_POLICY_DATA_value(st, i) SKM_sk_value(X509_POLICY_DATA, (st), (i)) | ||
| 1632 | #define sk_X509_POLICY_DATA_set(st, i, val) SKM_sk_set(X509_POLICY_DATA, (st), (i), (val)) | ||
| 1633 | #define sk_X509_POLICY_DATA_zero(st) SKM_sk_zero(X509_POLICY_DATA, (st)) | ||
| 1634 | #define sk_X509_POLICY_DATA_push(st, val) SKM_sk_push(X509_POLICY_DATA, (st), (val)) | ||
| 1635 | #define sk_X509_POLICY_DATA_unshift(st, val) SKM_sk_unshift(X509_POLICY_DATA, (st), (val)) | ||
| 1636 | #define sk_X509_POLICY_DATA_find(st, val) SKM_sk_find(X509_POLICY_DATA, (st), (val)) | ||
| 1637 | #define sk_X509_POLICY_DATA_find_ex(st, val) SKM_sk_find_ex(X509_POLICY_DATA, (st), (val)) | ||
| 1638 | #define sk_X509_POLICY_DATA_delete(st, i) SKM_sk_delete(X509_POLICY_DATA, (st), (i)) | ||
| 1639 | #define sk_X509_POLICY_DATA_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_POLICY_DATA, (st), (ptr)) | ||
| 1640 | #define sk_X509_POLICY_DATA_insert(st, val, i) SKM_sk_insert(X509_POLICY_DATA, (st), (val), (i)) | ||
| 1641 | #define sk_X509_POLICY_DATA_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_POLICY_DATA, (st), (cmp)) | ||
| 1642 | #define sk_X509_POLICY_DATA_dup(st) SKM_sk_dup(X509_POLICY_DATA, st) | ||
| 1643 | #define sk_X509_POLICY_DATA_pop_free(st, free_func) SKM_sk_pop_free(X509_POLICY_DATA, (st), (free_func)) | ||
| 1644 | #define sk_X509_POLICY_DATA_shift(st) SKM_sk_shift(X509_POLICY_DATA, (st)) | ||
| 1645 | #define sk_X509_POLICY_DATA_pop(st) SKM_sk_pop(X509_POLICY_DATA, (st)) | ||
| 1646 | #define sk_X509_POLICY_DATA_sort(st) SKM_sk_sort(X509_POLICY_DATA, (st)) | ||
| 1647 | #define sk_X509_POLICY_DATA_is_sorted(st) SKM_sk_is_sorted(X509_POLICY_DATA, (st)) | ||
| 1648 | |||
| 1649 | #define sk_X509_POLICY_NODE_new(st) SKM_sk_new(X509_POLICY_NODE, (st)) | ||
| 1650 | #define sk_X509_POLICY_NODE_new_null() SKM_sk_new_null(X509_POLICY_NODE) | ||
| 1651 | #define sk_X509_POLICY_NODE_free(st) SKM_sk_free(X509_POLICY_NODE, (st)) | ||
| 1652 | #define sk_X509_POLICY_NODE_num(st) SKM_sk_num(X509_POLICY_NODE, (st)) | ||
| 1653 | #define sk_X509_POLICY_NODE_value(st, i) SKM_sk_value(X509_POLICY_NODE, (st), (i)) | ||
| 1654 | #define sk_X509_POLICY_NODE_set(st, i, val) SKM_sk_set(X509_POLICY_NODE, (st), (i), (val)) | ||
| 1655 | #define sk_X509_POLICY_NODE_zero(st) SKM_sk_zero(X509_POLICY_NODE, (st)) | ||
| 1656 | #define sk_X509_POLICY_NODE_push(st, val) SKM_sk_push(X509_POLICY_NODE, (st), (val)) | ||
| 1657 | #define sk_X509_POLICY_NODE_unshift(st, val) SKM_sk_unshift(X509_POLICY_NODE, (st), (val)) | ||
| 1658 | #define sk_X509_POLICY_NODE_find(st, val) SKM_sk_find(X509_POLICY_NODE, (st), (val)) | ||
| 1659 | #define sk_X509_POLICY_NODE_find_ex(st, val) SKM_sk_find_ex(X509_POLICY_NODE, (st), (val)) | ||
| 1660 | #define sk_X509_POLICY_NODE_delete(st, i) SKM_sk_delete(X509_POLICY_NODE, (st), (i)) | ||
| 1661 | #define sk_X509_POLICY_NODE_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_POLICY_NODE, (st), (ptr)) | ||
| 1662 | #define sk_X509_POLICY_NODE_insert(st, val, i) SKM_sk_insert(X509_POLICY_NODE, (st), (val), (i)) | ||
| 1663 | #define sk_X509_POLICY_NODE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_POLICY_NODE, (st), (cmp)) | ||
| 1664 | #define sk_X509_POLICY_NODE_dup(st) SKM_sk_dup(X509_POLICY_NODE, st) | ||
| 1665 | #define sk_X509_POLICY_NODE_pop_free(st, free_func) SKM_sk_pop_free(X509_POLICY_NODE, (st), (free_func)) | ||
| 1666 | #define sk_X509_POLICY_NODE_shift(st) SKM_sk_shift(X509_POLICY_NODE, (st)) | ||
| 1667 | #define sk_X509_POLICY_NODE_pop(st) SKM_sk_pop(X509_POLICY_NODE, (st)) | ||
| 1668 | #define sk_X509_POLICY_NODE_sort(st) SKM_sk_sort(X509_POLICY_NODE, (st)) | ||
| 1669 | #define sk_X509_POLICY_NODE_is_sorted(st) SKM_sk_is_sorted(X509_POLICY_NODE, (st)) | ||
| 1670 | |||
| 1671 | #define sk_X509_POLICY_REF_new(st) SKM_sk_new(X509_POLICY_REF, (st)) | ||
| 1672 | #define sk_X509_POLICY_REF_new_null() SKM_sk_new_null(X509_POLICY_REF) | ||
| 1673 | #define sk_X509_POLICY_REF_free(st) SKM_sk_free(X509_POLICY_REF, (st)) | ||
| 1674 | #define sk_X509_POLICY_REF_num(st) SKM_sk_num(X509_POLICY_REF, (st)) | ||
| 1675 | #define sk_X509_POLICY_REF_value(st, i) SKM_sk_value(X509_POLICY_REF, (st), (i)) | ||
| 1676 | #define sk_X509_POLICY_REF_set(st, i, val) SKM_sk_set(X509_POLICY_REF, (st), (i), (val)) | ||
| 1677 | #define sk_X509_POLICY_REF_zero(st) SKM_sk_zero(X509_POLICY_REF, (st)) | ||
| 1678 | #define sk_X509_POLICY_REF_push(st, val) SKM_sk_push(X509_POLICY_REF, (st), (val)) | ||
| 1679 | #define sk_X509_POLICY_REF_unshift(st, val) SKM_sk_unshift(X509_POLICY_REF, (st), (val)) | ||
| 1680 | #define sk_X509_POLICY_REF_find(st, val) SKM_sk_find(X509_POLICY_REF, (st), (val)) | ||
| 1681 | #define sk_X509_POLICY_REF_find_ex(st, val) SKM_sk_find_ex(X509_POLICY_REF, (st), (val)) | ||
| 1682 | #define sk_X509_POLICY_REF_delete(st, i) SKM_sk_delete(X509_POLICY_REF, (st), (i)) | ||
| 1683 | #define sk_X509_POLICY_REF_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_POLICY_REF, (st), (ptr)) | ||
| 1684 | #define sk_X509_POLICY_REF_insert(st, val, i) SKM_sk_insert(X509_POLICY_REF, (st), (val), (i)) | ||
| 1685 | #define sk_X509_POLICY_REF_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_POLICY_REF, (st), (cmp)) | ||
| 1686 | #define sk_X509_POLICY_REF_dup(st) SKM_sk_dup(X509_POLICY_REF, st) | ||
| 1687 | #define sk_X509_POLICY_REF_pop_free(st, free_func) SKM_sk_pop_free(X509_POLICY_REF, (st), (free_func)) | ||
| 1688 | #define sk_X509_POLICY_REF_shift(st) SKM_sk_shift(X509_POLICY_REF, (st)) | ||
| 1689 | #define sk_X509_POLICY_REF_pop(st) SKM_sk_pop(X509_POLICY_REF, (st)) | ||
| 1690 | #define sk_X509_POLICY_REF_sort(st) SKM_sk_sort(X509_POLICY_REF, (st)) | ||
| 1691 | #define sk_X509_POLICY_REF_is_sorted(st) SKM_sk_is_sorted(X509_POLICY_REF, (st)) | ||
| 1692 | |||
| 1306 | #define sk_X509_PURPOSE_new(st) SKM_sk_new(X509_PURPOSE, (st)) | 1693 | #define sk_X509_PURPOSE_new(st) SKM_sk_new(X509_PURPOSE, (st)) |
| 1307 | #define sk_X509_PURPOSE_new_null() SKM_sk_new_null(X509_PURPOSE) | 1694 | #define sk_X509_PURPOSE_new_null() SKM_sk_new_null(X509_PURPOSE) |
| 1308 | #define sk_X509_PURPOSE_free(st) SKM_sk_free(X509_PURPOSE, (st)) | 1695 | #define sk_X509_PURPOSE_free(st) SKM_sk_free(X509_PURPOSE, (st)) |
| @@ -1313,6 +1700,7 @@ STACK_OF(type) \ | |||
| 1313 | #define sk_X509_PURPOSE_push(st, val) SKM_sk_push(X509_PURPOSE, (st), (val)) | 1700 | #define sk_X509_PURPOSE_push(st, val) SKM_sk_push(X509_PURPOSE, (st), (val)) |
| 1314 | #define sk_X509_PURPOSE_unshift(st, val) SKM_sk_unshift(X509_PURPOSE, (st), (val)) | 1701 | #define sk_X509_PURPOSE_unshift(st, val) SKM_sk_unshift(X509_PURPOSE, (st), (val)) |
| 1315 | #define sk_X509_PURPOSE_find(st, val) SKM_sk_find(X509_PURPOSE, (st), (val)) | 1702 | #define sk_X509_PURPOSE_find(st, val) SKM_sk_find(X509_PURPOSE, (st), (val)) |
| 1703 | #define sk_X509_PURPOSE_find_ex(st, val) SKM_sk_find_ex(X509_PURPOSE, (st), (val)) | ||
| 1316 | #define sk_X509_PURPOSE_delete(st, i) SKM_sk_delete(X509_PURPOSE, (st), (i)) | 1704 | #define sk_X509_PURPOSE_delete(st, i) SKM_sk_delete(X509_PURPOSE, (st), (i)) |
| 1317 | #define sk_X509_PURPOSE_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_PURPOSE, (st), (ptr)) | 1705 | #define sk_X509_PURPOSE_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_PURPOSE, (st), (ptr)) |
| 1318 | #define sk_X509_PURPOSE_insert(st, val, i) SKM_sk_insert(X509_PURPOSE, (st), (val), (i)) | 1706 | #define sk_X509_PURPOSE_insert(st, val, i) SKM_sk_insert(X509_PURPOSE, (st), (val), (i)) |
| @@ -1334,6 +1722,7 @@ STACK_OF(type) \ | |||
| 1334 | #define sk_X509_REVOKED_push(st, val) SKM_sk_push(X509_REVOKED, (st), (val)) | 1722 | #define sk_X509_REVOKED_push(st, val) SKM_sk_push(X509_REVOKED, (st), (val)) |
| 1335 | #define sk_X509_REVOKED_unshift(st, val) SKM_sk_unshift(X509_REVOKED, (st), (val)) | 1723 | #define sk_X509_REVOKED_unshift(st, val) SKM_sk_unshift(X509_REVOKED, (st), (val)) |
| 1336 | #define sk_X509_REVOKED_find(st, val) SKM_sk_find(X509_REVOKED, (st), (val)) | 1724 | #define sk_X509_REVOKED_find(st, val) SKM_sk_find(X509_REVOKED, (st), (val)) |
| 1725 | #define sk_X509_REVOKED_find_ex(st, val) SKM_sk_find_ex(X509_REVOKED, (st), (val)) | ||
| 1337 | #define sk_X509_REVOKED_delete(st, i) SKM_sk_delete(X509_REVOKED, (st), (i)) | 1726 | #define sk_X509_REVOKED_delete(st, i) SKM_sk_delete(X509_REVOKED, (st), (i)) |
| 1338 | #define sk_X509_REVOKED_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_REVOKED, (st), (ptr)) | 1727 | #define sk_X509_REVOKED_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_REVOKED, (st), (ptr)) |
| 1339 | #define sk_X509_REVOKED_insert(st, val, i) SKM_sk_insert(X509_REVOKED, (st), (val), (i)) | 1728 | #define sk_X509_REVOKED_insert(st, val, i) SKM_sk_insert(X509_REVOKED, (st), (val), (i)) |
| @@ -1355,6 +1744,7 @@ STACK_OF(type) \ | |||
| 1355 | #define sk_X509_TRUST_push(st, val) SKM_sk_push(X509_TRUST, (st), (val)) | 1744 | #define sk_X509_TRUST_push(st, val) SKM_sk_push(X509_TRUST, (st), (val)) |
| 1356 | #define sk_X509_TRUST_unshift(st, val) SKM_sk_unshift(X509_TRUST, (st), (val)) | 1745 | #define sk_X509_TRUST_unshift(st, val) SKM_sk_unshift(X509_TRUST, (st), (val)) |
| 1357 | #define sk_X509_TRUST_find(st, val) SKM_sk_find(X509_TRUST, (st), (val)) | 1746 | #define sk_X509_TRUST_find(st, val) SKM_sk_find(X509_TRUST, (st), (val)) |
| 1747 | #define sk_X509_TRUST_find_ex(st, val) SKM_sk_find_ex(X509_TRUST, (st), (val)) | ||
| 1358 | #define sk_X509_TRUST_delete(st, i) SKM_sk_delete(X509_TRUST, (st), (i)) | 1748 | #define sk_X509_TRUST_delete(st, i) SKM_sk_delete(X509_TRUST, (st), (i)) |
| 1359 | #define sk_X509_TRUST_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_TRUST, (st), (ptr)) | 1749 | #define sk_X509_TRUST_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_TRUST, (st), (ptr)) |
| 1360 | #define sk_X509_TRUST_insert(st, val, i) SKM_sk_insert(X509_TRUST, (st), (val), (i)) | 1750 | #define sk_X509_TRUST_insert(st, val, i) SKM_sk_insert(X509_TRUST, (st), (val), (i)) |
| @@ -1366,6 +1756,28 @@ STACK_OF(type) \ | |||
| 1366 | #define sk_X509_TRUST_sort(st) SKM_sk_sort(X509_TRUST, (st)) | 1756 | #define sk_X509_TRUST_sort(st) SKM_sk_sort(X509_TRUST, (st)) |
| 1367 | #define sk_X509_TRUST_is_sorted(st) SKM_sk_is_sorted(X509_TRUST, (st)) | 1757 | #define sk_X509_TRUST_is_sorted(st) SKM_sk_is_sorted(X509_TRUST, (st)) |
| 1368 | 1758 | ||
| 1759 | #define sk_X509_VERIFY_PARAM_new(st) SKM_sk_new(X509_VERIFY_PARAM, (st)) | ||
| 1760 | #define sk_X509_VERIFY_PARAM_new_null() SKM_sk_new_null(X509_VERIFY_PARAM) | ||
| 1761 | #define sk_X509_VERIFY_PARAM_free(st) SKM_sk_free(X509_VERIFY_PARAM, (st)) | ||
| 1762 | #define sk_X509_VERIFY_PARAM_num(st) SKM_sk_num(X509_VERIFY_PARAM, (st)) | ||
| 1763 | #define sk_X509_VERIFY_PARAM_value(st, i) SKM_sk_value(X509_VERIFY_PARAM, (st), (i)) | ||
| 1764 | #define sk_X509_VERIFY_PARAM_set(st, i, val) SKM_sk_set(X509_VERIFY_PARAM, (st), (i), (val)) | ||
| 1765 | #define sk_X509_VERIFY_PARAM_zero(st) SKM_sk_zero(X509_VERIFY_PARAM, (st)) | ||
| 1766 | #define sk_X509_VERIFY_PARAM_push(st, val) SKM_sk_push(X509_VERIFY_PARAM, (st), (val)) | ||
| 1767 | #define sk_X509_VERIFY_PARAM_unshift(st, val) SKM_sk_unshift(X509_VERIFY_PARAM, (st), (val)) | ||
| 1768 | #define sk_X509_VERIFY_PARAM_find(st, val) SKM_sk_find(X509_VERIFY_PARAM, (st), (val)) | ||
| 1769 | #define sk_X509_VERIFY_PARAM_find_ex(st, val) SKM_sk_find_ex(X509_VERIFY_PARAM, (st), (val)) | ||
| 1770 | #define sk_X509_VERIFY_PARAM_delete(st, i) SKM_sk_delete(X509_VERIFY_PARAM, (st), (i)) | ||
| 1771 | #define sk_X509_VERIFY_PARAM_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_VERIFY_PARAM, (st), (ptr)) | ||
| 1772 | #define sk_X509_VERIFY_PARAM_insert(st, val, i) SKM_sk_insert(X509_VERIFY_PARAM, (st), (val), (i)) | ||
| 1773 | #define sk_X509_VERIFY_PARAM_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_VERIFY_PARAM, (st), (cmp)) | ||
| 1774 | #define sk_X509_VERIFY_PARAM_dup(st) SKM_sk_dup(X509_VERIFY_PARAM, st) | ||
| 1775 | #define sk_X509_VERIFY_PARAM_pop_free(st, free_func) SKM_sk_pop_free(X509_VERIFY_PARAM, (st), (free_func)) | ||
| 1776 | #define sk_X509_VERIFY_PARAM_shift(st) SKM_sk_shift(X509_VERIFY_PARAM, (st)) | ||
| 1777 | #define sk_X509_VERIFY_PARAM_pop(st) SKM_sk_pop(X509_VERIFY_PARAM, (st)) | ||
| 1778 | #define sk_X509_VERIFY_PARAM_sort(st) SKM_sk_sort(X509_VERIFY_PARAM, (st)) | ||
| 1779 | #define sk_X509_VERIFY_PARAM_is_sorted(st) SKM_sk_is_sorted(X509_VERIFY_PARAM, (st)) | ||
| 1780 | |||
| 1369 | #define d2i_ASN1_SET_OF_ACCESS_DESCRIPTION(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ | 1781 | #define d2i_ASN1_SET_OF_ACCESS_DESCRIPTION(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ |
| 1370 | SKM_ASN1_SET_OF_d2i(ACCESS_DESCRIPTION, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) | 1782 | SKM_ASN1_SET_OF_d2i(ACCESS_DESCRIPTION, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) |
| 1371 | #define i2d_ASN1_SET_OF_ACCESS_DESCRIPTION(st, pp, i2d_func, ex_tag, ex_class, is_set) \ | 1783 | #define i2d_ASN1_SET_OF_ACCESS_DESCRIPTION(st, pp, i2d_func, ex_tag, ex_class, is_set) \ |
diff --git a/src/lib/libssl/src/crypto/stack/stack.c b/src/lib/libssl/src/crypto/stack/stack.c index c7173eb6ab..378bd7c796 100644 --- a/src/lib/libssl/src/crypto/stack/stack.c +++ b/src/lib/libssl/src/crypto/stack/stack.c | |||
| @@ -68,11 +68,12 @@ | |||
| 68 | #include <stdio.h> | 68 | #include <stdio.h> |
| 69 | #include "cryptlib.h" | 69 | #include "cryptlib.h" |
| 70 | #include <openssl/stack.h> | 70 | #include <openssl/stack.h> |
| 71 | #include <openssl/objects.h> | ||
| 71 | 72 | ||
| 72 | #undef MIN_NODES | 73 | #undef MIN_NODES |
| 73 | #define MIN_NODES 4 | 74 | #define MIN_NODES 4 |
| 74 | 75 | ||
| 75 | const char *STACK_version="Stack" OPENSSL_VERSION_PTEXT; | 76 | const char STACK_version[]="Stack" OPENSSL_VERSION_PTEXT; |
| 76 | 77 | ||
| 77 | #include <errno.h> | 78 | #include <errno.h> |
| 78 | 79 | ||
| @@ -209,7 +210,7 @@ char *sk_delete(STACK *st, int loc) | |||
| 209 | return(ret); | 210 | return(ret); |
| 210 | } | 211 | } |
| 211 | 212 | ||
| 212 | int sk_find(STACK *st, char *data) | 213 | static int internal_find(STACK *st, char *data, int ret_val_options) |
| 213 | { | 214 | { |
| 214 | char **r; | 215 | char **r; |
| 215 | int i; | 216 | int i; |
| @@ -232,19 +233,19 @@ int sk_find(STACK *st, char *data) | |||
| 232 | * not (type *) pointers, but the *pointers* to (type *) pointers, | 233 | * not (type *) pointers, but the *pointers* to (type *) pointers, |
| 233 | * so we get our extra level of pointer dereferencing that way. */ | 234 | * so we get our extra level of pointer dereferencing that way. */ |
| 234 | comp_func=(int (*)(const void *,const void *))(st->comp); | 235 | comp_func=(int (*)(const void *,const void *))(st->comp); |
| 235 | r=(char **)bsearch(&data,(char *)st->data, | 236 | r=(char **)OBJ_bsearch_ex((char *)&data,(char *)st->data, |
| 236 | st->num,sizeof(char *), comp_func); | 237 | st->num,sizeof(char *),comp_func,ret_val_options); |
| 237 | if (r == NULL) return(-1); | 238 | if (r == NULL) return(-1); |
| 238 | i=(int)(r-st->data); | 239 | return((int)(r-st->data)); |
| 239 | for ( ; i>0; i--) | 240 | } |
| 240 | /* This needs a cast because the type being pointed to from | 241 | |
| 241 | * the "&" expressions are (char *) rather than (const char *). | 242 | int sk_find(STACK *st, char *data) |
| 242 | * For an explanation, read: | 243 | { |
| 243 | * http://www.eskimo.com/~scs/C-faq/q11.10.html :-) */ | 244 | return internal_find(st, data, OBJ_BSEARCH_FIRST_VALUE_ON_MATCH); |
| 244 | if ((*st->comp)((const char * const *)&(st->data[i-1]), | 245 | } |
| 245 | (const char * const *)&data) < 0) | 246 | int sk_find_ex(STACK *st, char *data) |
| 246 | break; | 247 | { |
| 247 | return(i); | 248 | return internal_find(st, data, OBJ_BSEARCH_VALUE_ON_NOMATCH); |
| 248 | } | 249 | } |
| 249 | 250 | ||
| 250 | int sk_push(STACK *st, char *data) | 251 | int sk_push(STACK *st, char *data) |
diff --git a/src/lib/libssl/src/crypto/stack/stack.h b/src/lib/libssl/src/crypto/stack/stack.h index 7570b85fe8..5cbb116a8b 100644 --- a/src/lib/libssl/src/crypto/stack/stack.h +++ b/src/lib/libssl/src/crypto/stack/stack.h | |||
| @@ -89,6 +89,7 @@ int sk_insert(STACK *sk,char *data,int where); | |||
| 89 | char *sk_delete(STACK *st,int loc); | 89 | char *sk_delete(STACK *st,int loc); |
| 90 | char *sk_delete_ptr(STACK *st, char *p); | 90 | char *sk_delete_ptr(STACK *st, char *p); |
| 91 | int sk_find(STACK *st,char *data); | 91 | int sk_find(STACK *st,char *data); |
| 92 | int sk_find_ex(STACK *st,char *data); | ||
| 92 | int sk_push(STACK *st,char *data); | 93 | int sk_push(STACK *st,char *data); |
| 93 | int sk_unshift(STACK *st,char *data); | 94 | int sk_unshift(STACK *st,char *data); |
| 94 | char *sk_shift(STACK *st); | 95 | char *sk_shift(STACK *st); |
diff --git a/src/lib/libssl/src/crypto/symhacks.h b/src/lib/libssl/src/crypto/symhacks.h index 774162fec9..64528ad5c2 100644 --- a/src/lib/libssl/src/crypto/symhacks.h +++ b/src/lib/libssl/src/crypto/symhacks.h | |||
| @@ -127,6 +127,12 @@ | |||
| 127 | /* Hack some long X509 names */ | 127 | /* Hack some long X509 names */ |
| 128 | #undef X509_REVOKED_get_ext_by_critical | 128 | #undef X509_REVOKED_get_ext_by_critical |
| 129 | #define X509_REVOKED_get_ext_by_critical X509_REVOKED_get_ext_by_critic | 129 | #define X509_REVOKED_get_ext_by_critical X509_REVOKED_get_ext_by_critic |
| 130 | #undef X509_policy_tree_get0_user_policies | ||
| 131 | #define X509_policy_tree_get0_user_policies X509_pcy_tree_get0_usr_policies | ||
| 132 | #undef X509_policy_node_get0_qualifiers | ||
| 133 | #define X509_policy_node_get0_qualifiers X509_pcy_node_get0_qualifiers | ||
| 134 | #undef X509_STORE_CTX_get_explicit_policy | ||
| 135 | #define X509_STORE_CTX_get_explicit_policy X509_STORE_CTX_get_expl_policy | ||
| 130 | 136 | ||
| 131 | /* Hack some long CRYPTO names */ | 137 | /* Hack some long CRYPTO names */ |
| 132 | #undef CRYPTO_set_dynlock_destroy_callback | 138 | #undef CRYPTO_set_dynlock_destroy_callback |
| @@ -153,16 +159,16 @@ | |||
| 153 | #define SSL_get_ex_data_X509_STORE_CTX_idx SSL_get_ex_d_X509_STORE_CTX_idx | 159 | #define SSL_get_ex_data_X509_STORE_CTX_idx SSL_get_ex_d_X509_STORE_CTX_idx |
| 154 | #undef SSL_add_file_cert_subjects_to_stack | 160 | #undef SSL_add_file_cert_subjects_to_stack |
| 155 | #define SSL_add_file_cert_subjects_to_stack SSL_add_file_cert_subjs_to_stk | 161 | #define SSL_add_file_cert_subjects_to_stack SSL_add_file_cert_subjs_to_stk |
| 156 | #if 0 /* This function is not defined i VMS. */ | ||
| 157 | #undef SSL_add_dir_cert_subjects_to_stack | 162 | #undef SSL_add_dir_cert_subjects_to_stack |
| 158 | #define SSL_add_dir_cert_subjects_to_stack SSL_add_dir_cert_subjs_to_stk | 163 | #define SSL_add_dir_cert_subjects_to_stack SSL_add_dir_cert_subjs_to_stk |
| 159 | #endif | ||
| 160 | #undef SSL_CTX_use_certificate_chain_file | 164 | #undef SSL_CTX_use_certificate_chain_file |
| 161 | #define SSL_CTX_use_certificate_chain_file SSL_CTX_use_cert_chain_file | 165 | #define SSL_CTX_use_certificate_chain_file SSL_CTX_use_cert_chain_file |
| 162 | #undef SSL_CTX_set_cert_verify_callback | 166 | #undef SSL_CTX_set_cert_verify_callback |
| 163 | #define SSL_CTX_set_cert_verify_callback SSL_CTX_set_cert_verify_cb | 167 | #define SSL_CTX_set_cert_verify_callback SSL_CTX_set_cert_verify_cb |
| 164 | #undef SSL_CTX_set_default_passwd_cb_userdata | 168 | #undef SSL_CTX_set_default_passwd_cb_userdata |
| 165 | #define SSL_CTX_set_default_passwd_cb_userdata SSL_CTX_set_def_passwd_cb_ud | 169 | #define SSL_CTX_set_default_passwd_cb_userdata SSL_CTX_set_def_passwd_cb_ud |
| 170 | #undef SSL_COMP_get_compression_methods | ||
| 171 | #define SSL_COMP_get_compression_methods SSL_COMP_get_compress_methods | ||
| 166 | 172 | ||
| 167 | /* Hack some long ENGINE names */ | 173 | /* Hack some long ENGINE names */ |
| 168 | #undef ENGINE_get_default_BN_mod_exp_crt | 174 | #undef ENGINE_get_default_BN_mod_exp_crt |
| @@ -195,6 +201,12 @@ | |||
| 195 | #define OPENSSL_add_all_algorithms_conf OPENSSL_add_all_algo_conf | 201 | #define OPENSSL_add_all_algorithms_conf OPENSSL_add_all_algo_conf |
| 196 | 202 | ||
| 197 | /* Hack some long EC names */ | 203 | /* Hack some long EC names */ |
| 204 | #undef EC_GROUP_set_point_conversion_form | ||
| 205 | #define EC_GROUP_set_point_conversion_form EC_GROUP_set_point_conv_form | ||
| 206 | #undef EC_GROUP_get_point_conversion_form | ||
| 207 | #define EC_GROUP_get_point_conversion_form EC_GROUP_get_point_conv_form | ||
| 208 | #undef EC_GROUP_clear_free_all_extra_data | ||
| 209 | #define EC_GROUP_clear_free_all_extra_data EC_GROUP_clr_free_all_xtra_data | ||
| 198 | #undef EC_POINT_set_Jprojective_coordinates_GFp | 210 | #undef EC_POINT_set_Jprojective_coordinates_GFp |
| 199 | #define EC_POINT_set_Jprojective_coordinates_GFp \ | 211 | #define EC_POINT_set_Jprojective_coordinates_GFp \ |
| 200 | EC_POINT_set_Jproj_coords_GFp | 212 | EC_POINT_set_Jproj_coords_GFp |
| @@ -207,6 +219,32 @@ | |||
| 207 | #define EC_POINT_get_affine_coordinates_GFp EC_POINT_get_affine_coords_GFp | 219 | #define EC_POINT_get_affine_coordinates_GFp EC_POINT_get_affine_coords_GFp |
| 208 | #undef EC_POINT_set_compressed_coordinates_GFp | 220 | #undef EC_POINT_set_compressed_coordinates_GFp |
| 209 | #define EC_POINT_set_compressed_coordinates_GFp EC_POINT_set_compr_coords_GFp | 221 | #define EC_POINT_set_compressed_coordinates_GFp EC_POINT_set_compr_coords_GFp |
| 222 | #undef EC_POINT_set_affine_coordinates_GF2m | ||
| 223 | #define EC_POINT_set_affine_coordinates_GF2m EC_POINT_set_affine_coords_GF2m | ||
| 224 | #undef EC_POINT_get_affine_coordinates_GF2m | ||
| 225 | #define EC_POINT_get_affine_coordinates_GF2m EC_POINT_get_affine_coords_GF2m | ||
| 226 | #undef EC_POINT_set_compressed_coordinates_GF2m | ||
| 227 | #define EC_POINT_set_compressed_coordinates_GF2m \ | ||
| 228 | EC_POINT_set_compr_coords_GF2m | ||
| 229 | #undef ec_GF2m_simple_group_clear_finish | ||
| 230 | #define ec_GF2m_simple_group_clear_finish ec_GF2m_simple_grp_clr_finish | ||
| 231 | #undef ec_GF2m_simple_group_check_discriminant | ||
| 232 | #define ec_GF2m_simple_group_check_discriminant ec_GF2m_simple_grp_chk_discrim | ||
| 233 | #undef ec_GF2m_simple_point_clear_finish | ||
| 234 | #define ec_GF2m_simple_point_clear_finish ec_GF2m_simple_pt_clr_finish | ||
| 235 | #undef ec_GF2m_simple_point_set_to_infinity | ||
| 236 | #define ec_GF2m_simple_point_set_to_infinity ec_GF2m_simple_pt_set_to_inf | ||
| 237 | #undef ec_GF2m_simple_points_make_affine | ||
| 238 | #define ec_GF2m_simple_points_make_affine ec_GF2m_simple_pts_make_affine | ||
| 239 | #undef ec_GF2m_simple_point_set_affine_coordinates | ||
| 240 | #define ec_GF2m_simple_point_set_affine_coordinates \ | ||
| 241 | ec_GF2m_smp_pt_set_af_coords | ||
| 242 | #undef ec_GF2m_simple_point_get_affine_coordinates | ||
| 243 | #define ec_GF2m_simple_point_get_affine_coordinates \ | ||
| 244 | ec_GF2m_smp_pt_get_af_coords | ||
| 245 | #undef ec_GF2m_simple_set_compressed_coordinates | ||
| 246 | #define ec_GF2m_simple_set_compressed_coordinates \ | ||
| 247 | ec_GF2m_smp_set_compr_coords | ||
| 210 | #undef ec_GFp_simple_group_set_curve_GFp | 248 | #undef ec_GFp_simple_group_set_curve_GFp |
| 211 | #define ec_GFp_simple_group_set_curve_GFp ec_GFp_simple_grp_set_curve_GFp | 249 | #define ec_GFp_simple_group_set_curve_GFp ec_GFp_simple_grp_set_curve_GFp |
| 212 | #undef ec_GFp_simple_group_get_curve_GFp | 250 | #undef ec_GFp_simple_group_get_curve_GFp |
| @@ -242,6 +280,81 @@ | |||
| 242 | #undef ec_GFp_simple_set_compressed_coordinates_GFp | 280 | #undef ec_GFp_simple_set_compressed_coordinates_GFp |
| 243 | #define ec_GFp_simple_set_compressed_coordinates_GFp \ | 281 | #define ec_GFp_simple_set_compressed_coordinates_GFp \ |
| 244 | ec_GFp_smp_set_compr_coords_GFp | 282 | ec_GFp_smp_set_compr_coords_GFp |
| 283 | #undef ec_GFp_simple_point_set_affine_coordinates | ||
| 284 | #define ec_GFp_simple_point_set_affine_coordinates \ | ||
| 285 | ec_GFp_smp_pt_set_af_coords | ||
| 286 | #undef ec_GFp_simple_point_get_affine_coordinates | ||
| 287 | #define ec_GFp_simple_point_get_affine_coordinates \ | ||
| 288 | ec_GFp_smp_pt_get_af_coords | ||
| 289 | #undef ec_GFp_simple_set_compressed_coordinates | ||
| 290 | #define ec_GFp_simple_set_compressed_coordinates \ | ||
| 291 | ec_GFp_smp_set_compr_coords | ||
| 292 | #undef ec_GFp_simple_group_check_discriminant | ||
| 293 | #define ec_GFp_simple_group_check_discriminant ec_GFp_simple_grp_chk_discrim | ||
| 294 | |||
| 295 | /* Hack som long STORE names */ | ||
| 296 | #undef STORE_method_set_initialise_function | ||
| 297 | #define STORE_method_set_initialise_function STORE_meth_set_initialise_fn | ||
| 298 | #undef STORE_method_set_cleanup_function | ||
| 299 | #define STORE_method_set_cleanup_function STORE_meth_set_cleanup_fn | ||
| 300 | #undef STORE_method_set_generate_function | ||
| 301 | #define STORE_method_set_generate_function STORE_meth_set_generate_fn | ||
| 302 | #undef STORE_method_set_modify_function | ||
| 303 | #define STORE_method_set_modify_function STORE_meth_set_modify_fn | ||
| 304 | #undef STORE_method_set_revoke_function | ||
| 305 | #define STORE_method_set_revoke_function STORE_meth_set_revoke_fn | ||
| 306 | #undef STORE_method_set_delete_function | ||
| 307 | #define STORE_method_set_delete_function STORE_meth_set_delete_fn | ||
| 308 | #undef STORE_method_set_list_start_function | ||
| 309 | #define STORE_method_set_list_start_function STORE_meth_set_list_start_fn | ||
| 310 | #undef STORE_method_set_list_next_function | ||
| 311 | #define STORE_method_set_list_next_function STORE_meth_set_list_next_fn | ||
| 312 | #undef STORE_method_set_list_end_function | ||
| 313 | #define STORE_method_set_list_end_function STORE_meth_set_list_end_fn | ||
| 314 | #undef STORE_method_set_update_store_function | ||
| 315 | #define STORE_method_set_update_store_function STORE_meth_set_update_store_fn | ||
| 316 | #undef STORE_method_set_lock_store_function | ||
| 317 | #define STORE_method_set_lock_store_function STORE_meth_set_lock_store_fn | ||
| 318 | #undef STORE_method_set_unlock_store_function | ||
| 319 | #define STORE_method_set_unlock_store_function STORE_meth_set_unlock_store_fn | ||
| 320 | #undef STORE_method_get_initialise_function | ||
| 321 | #define STORE_method_get_initialise_function STORE_meth_get_initialise_fn | ||
| 322 | #undef STORE_method_get_cleanup_function | ||
| 323 | #define STORE_method_get_cleanup_function STORE_meth_get_cleanup_fn | ||
| 324 | #undef STORE_method_get_generate_function | ||
| 325 | #define STORE_method_get_generate_function STORE_meth_get_generate_fn | ||
| 326 | #undef STORE_method_get_modify_function | ||
| 327 | #define STORE_method_get_modify_function STORE_meth_get_modify_fn | ||
| 328 | #undef STORE_method_get_revoke_function | ||
| 329 | #define STORE_method_get_revoke_function STORE_meth_get_revoke_fn | ||
| 330 | #undef STORE_method_get_delete_function | ||
| 331 | #define STORE_method_get_delete_function STORE_meth_get_delete_fn | ||
| 332 | #undef STORE_method_get_list_start_function | ||
| 333 | #define STORE_method_get_list_start_function STORE_meth_get_list_start_fn | ||
| 334 | #undef STORE_method_get_list_next_function | ||
| 335 | #define STORE_method_get_list_next_function STORE_meth_get_list_next_fn | ||
| 336 | #undef STORE_method_get_list_end_function | ||
| 337 | #define STORE_method_get_list_end_function STORE_meth_get_list_end_fn | ||
| 338 | #undef STORE_method_get_update_store_function | ||
| 339 | #define STORE_method_get_update_store_function STORE_meth_get_update_store_fn | ||
| 340 | #undef STORE_method_get_lock_store_function | ||
| 341 | #define STORE_method_get_lock_store_function STORE_meth_get_lock_store_fn | ||
| 342 | #undef STORE_method_get_unlock_store_function | ||
| 343 | #define STORE_method_get_unlock_store_function STORE_meth_get_unlock_store_fn | ||
| 344 | |||
| 345 | /* Hack some long CMS names */ | ||
| 346 | #undef CMS_RecipientInfo_ktri_get0_algs | ||
| 347 | #define CMS_RecipientInfo_ktri_get0_algs CMS_RecipInfo_ktri_get0_algs | ||
| 348 | #undef CMS_RecipientInfo_ktri_get0_signer_id | ||
| 349 | #define CMS_RecipientInfo_ktri_get0_signer_id CMS_RecipInfo_ktri_get0_sigr_id | ||
| 350 | #undef CMS_OtherRevocationInfoFormat_it | ||
| 351 | #define CMS_OtherRevocationInfoFormat_it CMS_OtherRevocInfoFormat_it | ||
| 352 | #undef CMS_KeyAgreeRecipientIdentifier_it | ||
| 353 | #define CMS_KeyAgreeRecipientIdentifier_it CMS_KeyAgreeRecipIdentifier_it | ||
| 354 | #undef CMS_OriginatorIdentifierOrKey_it | ||
| 355 | #define CMS_OriginatorIdentifierOrKey_it CMS_OriginatorIdOrKey_it | ||
| 356 | #undef cms_SignerIdentifier_get0_signer_id | ||
| 357 | #define cms_SignerIdentifier_get0_signer_id cms_SignerId_get0_signer_id | ||
| 245 | 358 | ||
| 246 | #endif /* defined OPENSSL_SYS_VMS */ | 359 | #endif /* defined OPENSSL_SYS_VMS */ |
| 247 | 360 | ||
| @@ -253,6 +366,15 @@ | |||
| 253 | #undef OCSP_crlID_new | 366 | #undef OCSP_crlID_new |
| 254 | #define OCSP_crlID_new OCSP_crlID2_new | 367 | #define OCSP_crlID_new OCSP_crlID2_new |
| 255 | 368 | ||
| 369 | #undef d2i_ECPARAMETERS | ||
| 370 | #define d2i_ECPARAMETERS d2i_UC_ECPARAMETERS | ||
| 371 | #undef i2d_ECPARAMETERS | ||
| 372 | #define i2d_ECPARAMETERS i2d_UC_ECPARAMETERS | ||
| 373 | #undef d2i_ECPKPARAMETERS | ||
| 374 | #define d2i_ECPKPARAMETERS d2i_UC_ECPKPARAMETERS | ||
| 375 | #undef i2d_ECPKPARAMETERS | ||
| 376 | #define i2d_ECPKPARAMETERS i2d_UC_ECPKPARAMETERS | ||
| 377 | |||
| 256 | /* These functions do not seem to exist! However, I'm paranoid... | 378 | /* These functions do not seem to exist! However, I'm paranoid... |
| 257 | Original command in x509v3.h: | 379 | Original command in x509v3.h: |
| 258 | These functions are being redefined in another directory, | 380 | These functions are being redefined in another directory, |
| @@ -273,3 +395,6 @@ | |||
| 273 | 395 | ||
| 274 | 396 | ||
| 275 | #endif /* ! defined HEADER_VMS_IDHACKS_H */ | 397 | #endif /* ! defined HEADER_VMS_IDHACKS_H */ |
| 398 | /* This one clashes with CMS_data_create */ | ||
| 399 | #undef cms_Data_create | ||
| 400 | #define cms_Data_create priv_cms_Data_create | ||
diff --git a/src/lib/libssl/src/crypto/threads/mttest.c b/src/lib/libssl/src/crypto/threads/mttest.c index 7588966cb2..f6f3df4b6a 100644 --- a/src/lib/libssl/src/crypto/threads/mttest.c +++ b/src/lib/libssl/src/crypto/threads/mttest.c | |||
| @@ -77,6 +77,12 @@ | |||
| 77 | #ifdef PTHREADS | 77 | #ifdef PTHREADS |
| 78 | #include <pthread.h> | 78 | #include <pthread.h> |
| 79 | #endif | 79 | #endif |
| 80 | #ifdef OPENSSL_SYS_NETWARE | ||
| 81 | #if !defined __int64 | ||
| 82 | # define __int64 long long | ||
| 83 | #endif | ||
| 84 | #include <nwmpk.h> | ||
| 85 | #endif | ||
| 80 | #include <openssl/lhash.h> | 86 | #include <openssl/lhash.h> |
| 81 | #include <openssl/crypto.h> | 87 | #include <openssl/crypto.h> |
| 82 | #include <openssl/buffer.h> | 88 | #include <openssl/buffer.h> |
| @@ -86,8 +92,18 @@ | |||
| 86 | #include <openssl/err.h> | 92 | #include <openssl/err.h> |
| 87 | #include <openssl/rand.h> | 93 | #include <openssl/rand.h> |
| 88 | 94 | ||
| 95 | #ifdef OPENSSL_NO_FP_API | ||
| 96 | #define APPS_WIN16 | ||
| 97 | #include "../buffer/bss_file.c" | ||
| 98 | #endif | ||
| 99 | |||
| 100 | #ifdef OPENSSL_SYS_NETWARE | ||
| 101 | #define TEST_SERVER_CERT "/openssl/apps/server.pem" | ||
| 102 | #define TEST_CLIENT_CERT "/openssl/apps/client.pem" | ||
| 103 | #else | ||
| 89 | #define TEST_SERVER_CERT "../../apps/server.pem" | 104 | #define TEST_SERVER_CERT "../../apps/server.pem" |
| 90 | #define TEST_CLIENT_CERT "../../apps/client.pem" | 105 | #define TEST_CLIENT_CERT "../../apps/client.pem" |
| 106 | #endif | ||
| 91 | 107 | ||
| 92 | #define MAX_THREAD_NUMBER 100 | 108 | #define MAX_THREAD_NUMBER 100 |
| 93 | 109 | ||
| @@ -100,10 +116,18 @@ void irix_locking_callback(int mode,int type,char *file,int line); | |||
| 100 | void solaris_locking_callback(int mode,int type,char *file,int line); | 116 | void solaris_locking_callback(int mode,int type,char *file,int line); |
| 101 | void win32_locking_callback(int mode,int type,char *file,int line); | 117 | void win32_locking_callback(int mode,int type,char *file,int line); |
| 102 | void pthreads_locking_callback(int mode,int type,char *file,int line); | 118 | void pthreads_locking_callback(int mode,int type,char *file,int line); |
| 119 | void netware_locking_callback(int mode,int type,char *file,int line); | ||
| 103 | 120 | ||
| 104 | unsigned long irix_thread_id(void ); | 121 | unsigned long irix_thread_id(void ); |
| 105 | unsigned long solaris_thread_id(void ); | 122 | unsigned long solaris_thread_id(void ); |
| 106 | unsigned long pthreads_thread_id(void ); | 123 | unsigned long pthreads_thread_id(void ); |
| 124 | unsigned long netware_thread_id(void ); | ||
| 125 | |||
| 126 | #if defined(OPENSSL_SYS_NETWARE) | ||
| 127 | static MPKMutex *lock_cs; | ||
| 128 | static MPKSema ThreadSem; | ||
| 129 | static long *lock_count; | ||
| 130 | #endif | ||
| 107 | 131 | ||
| 108 | BIO *bio_err=NULL; | 132 | BIO *bio_err=NULL; |
| 109 | BIO *bio_stdout=NULL; | 133 | BIO *bio_stdout=NULL; |
| @@ -384,6 +408,9 @@ int ndoit(SSL_CTX *ssl_ctx[2]) | |||
| 384 | SSL_free((SSL *)ctx[2]); | 408 | SSL_free((SSL *)ctx[2]); |
| 385 | SSL_free((SSL *)ctx[3]); | 409 | SSL_free((SSL *)ctx[3]); |
| 386 | } | 410 | } |
| 411 | # ifdef OPENSSL_SYS_NETWARE | ||
| 412 | MPKSemaphoreSignal(ThreadSem); | ||
| 413 | # endif | ||
| 387 | return(0); | 414 | return(0); |
| 388 | } | 415 | } |
| 389 | 416 | ||
| @@ -627,6 +654,9 @@ int doit(char *ctx[4]) | |||
| 627 | } | 654 | } |
| 628 | 655 | ||
| 629 | if ((done & S_DONE) && (done & C_DONE)) break; | 656 | if ((done & S_DONE) && (done & C_DONE)) break; |
| 657 | # if defined(OPENSSL_SYS_NETWARE) | ||
| 658 | ThreadSwitchWithDelay(); | ||
| 659 | # endif | ||
| 630 | } | 660 | } |
| 631 | 661 | ||
| 632 | SSL_set_shutdown(c_ssl,SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN); | 662 | SSL_set_shutdown(c_ssl,SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN); |
| @@ -1094,3 +1124,88 @@ unsigned long pthreads_thread_id(void) | |||
| 1094 | 1124 | ||
| 1095 | 1125 | ||
| 1096 | 1126 | ||
| 1127 | #ifdef OPENSSL_SYS_NETWARE | ||
| 1128 | |||
| 1129 | void thread_setup(void) | ||
| 1130 | { | ||
| 1131 | int i; | ||
| 1132 | |||
| 1133 | lock_cs=OPENSSL_malloc(CRYPTO_num_locks() * sizeof(MPKMutex)); | ||
| 1134 | lock_count=OPENSSL_malloc(CRYPTO_num_locks() * sizeof(long)); | ||
| 1135 | for (i=0; i<CRYPTO_num_locks(); i++) | ||
| 1136 | { | ||
| 1137 | lock_count[i]=0; | ||
| 1138 | lock_cs[i]=MPKMutexAlloc("OpenSSL mutex"); | ||
| 1139 | } | ||
| 1140 | |||
| 1141 | ThreadSem = MPKSemaphoreAlloc("OpenSSL mttest semaphore", 0 ); | ||
| 1142 | |||
| 1143 | CRYPTO_set_id_callback((unsigned long (*)())netware_thread_id); | ||
| 1144 | CRYPTO_set_locking_callback((void (*)())netware_locking_callback); | ||
| 1145 | } | ||
| 1146 | |||
| 1147 | void thread_cleanup(void) | ||
| 1148 | { | ||
| 1149 | int i; | ||
| 1150 | |||
| 1151 | CRYPTO_set_locking_callback(NULL); | ||
| 1152 | |||
| 1153 | fprintf(stdout,"thread_cleanup\n"); | ||
| 1154 | |||
| 1155 | for (i=0; i<CRYPTO_num_locks(); i++) | ||
| 1156 | { | ||
| 1157 | MPKMutexFree(lock_cs[i]); | ||
| 1158 | fprintf(stdout,"%8ld:%s\n",lock_count[i],CRYPTO_get_lock_name(i)); | ||
| 1159 | } | ||
| 1160 | OPENSSL_free(lock_cs); | ||
| 1161 | OPENSSL_free(lock_count); | ||
| 1162 | |||
| 1163 | MPKSemaphoreFree(ThreadSem); | ||
| 1164 | |||
| 1165 | fprintf(stdout,"done cleanup\n"); | ||
| 1166 | } | ||
| 1167 | |||
| 1168 | void netware_locking_callback(int mode, int type, char *file, int line) | ||
| 1169 | { | ||
| 1170 | if (mode & CRYPTO_LOCK) | ||
| 1171 | { | ||
| 1172 | MPKMutexLock(lock_cs[type]); | ||
| 1173 | lock_count[type]++; | ||
| 1174 | } | ||
| 1175 | else | ||
| 1176 | MPKMutexUnlock(lock_cs[type]); | ||
| 1177 | } | ||
| 1178 | |||
| 1179 | void do_threads(SSL_CTX *s_ctx, SSL_CTX *c_ctx) | ||
| 1180 | { | ||
| 1181 | SSL_CTX *ssl_ctx[2]; | ||
| 1182 | int i; | ||
| 1183 | ssl_ctx[0]=s_ctx; | ||
| 1184 | ssl_ctx[1]=c_ctx; | ||
| 1185 | |||
| 1186 | for (i=0; i<thread_number; i++) | ||
| 1187 | { | ||
| 1188 | BeginThread( (void(*)(void*))ndoit, NULL, THREAD_STACK_SIZE, | ||
| 1189 | (void*)ssl_ctx); | ||
| 1190 | ThreadSwitchWithDelay(); | ||
| 1191 | } | ||
| 1192 | |||
| 1193 | printf("reaping\n"); | ||
| 1194 | |||
| 1195 | /* loop until all threads have signaled the semaphore */ | ||
| 1196 | for (i=0; i<thread_number; i++) | ||
| 1197 | { | ||
| 1198 | MPKSemaphoreWait(ThreadSem); | ||
| 1199 | } | ||
| 1200 | printf("netware threads done (%d,%d)\n", | ||
| 1201 | s_ctx->references,c_ctx->references); | ||
| 1202 | } | ||
| 1203 | |||
| 1204 | unsigned long netware_thread_id(void) | ||
| 1205 | { | ||
| 1206 | unsigned long ret; | ||
| 1207 | |||
| 1208 | ret=(unsigned long)GetThreadID(); | ||
| 1209 | return(ret); | ||
| 1210 | } | ||
| 1211 | #endif /* NETWARE */ | ||
diff --git a/src/lib/libssl/src/crypto/threads/th-lock.c b/src/lib/libssl/src/crypto/threads/th-lock.c index a6a79b9f45..14aae5f912 100644 --- a/src/lib/libssl/src/crypto/threads/th-lock.c +++ b/src/lib/libssl/src/crypto/threads/th-lock.c | |||
| @@ -80,7 +80,7 @@ | |||
| 80 | #include <openssl/lhash.h> | 80 | #include <openssl/lhash.h> |
| 81 | #include <openssl/crypto.h> | 81 | #include <openssl/crypto.h> |
| 82 | #include <openssl/buffer.h> | 82 | #include <openssl/buffer.h> |
| 83 | #include <openssl/e_os.h> | 83 | #include "../../e_os.h" |
| 84 | #include <openssl/x509.h> | 84 | #include <openssl/x509.h> |
| 85 | #include <openssl/ssl.h> | 85 | #include <openssl/ssl.h> |
| 86 | #include <openssl/err.h> | 86 | #include <openssl/err.h> |
diff --git a/src/lib/libssl/src/crypto/tmdiff.c b/src/lib/libssl/src/crypto/tmdiff.c index 307523ebba..1c6e052ac9 100644 --- a/src/lib/libssl/src/crypto/tmdiff.c +++ b/src/lib/libssl/src/crypto/tmdiff.c | |||
| @@ -72,7 +72,11 @@ | |||
| 72 | # define TIMES | 72 | # define TIMES |
| 73 | #endif | 73 | #endif |
| 74 | 74 | ||
| 75 | #ifndef _IRIX | 75 | #ifdef OPENSSL_SYS_NETWARE |
| 76 | #undef TIMES | ||
| 77 | #endif | ||
| 78 | |||
| 79 | #if !defined(_IRIX) || defined (OPENSSL_SYS_NETWARE) | ||
| 76 | # include <time.h> | 80 | # include <time.h> |
| 77 | #endif | 81 | #endif |
| 78 | #ifdef TIMES | 82 | #ifdef TIMES |
| @@ -94,7 +98,7 @@ | |||
| 94 | #include <sys/param.h> | 98 | #include <sys/param.h> |
| 95 | #endif | 99 | #endif |
| 96 | 100 | ||
| 97 | #if !defined(TIMES) && !defined(OPENSSL_SYS_VXWORKS) | 101 | #if !defined(TIMES) && !defined(OPENSSL_SYS_VXWORKS) && !defined(OPENSSL_SYS_NETWARE) |
| 98 | #include <sys/timeb.h> | 102 | #include <sys/timeb.h> |
| 99 | #endif | 103 | #endif |
| 100 | 104 | ||
| @@ -106,7 +110,8 @@ | |||
| 106 | #ifndef HZ | 110 | #ifndef HZ |
| 107 | # if defined(_SC_CLK_TCK) \ | 111 | # if defined(_SC_CLK_TCK) \ |
| 108 | && (!defined(OPENSSL_SYS_VMS) || __CTRL_VER >= 70000000) | 112 | && (!defined(OPENSSL_SYS_VMS) || __CTRL_VER >= 70000000) |
| 109 | # define HZ ((double)sysconf(_SC_CLK_TCK)) | 113 | /* # define HZ ((double)sysconf(_SC_CLK_TCK)) */ |
| 114 | # define HZ sysconf(_SC_CLK_TCK) | ||
| 110 | # else | 115 | # else |
| 111 | # ifndef CLK_TCK | 116 | # ifndef CLK_TCK |
| 112 | # ifndef _BSD_CLK_TCK_ /* FreeBSD hack */ | 117 | # ifndef _BSD_CLK_TCK_ /* FreeBSD hack */ |
| @@ -120,7 +125,7 @@ | |||
| 120 | # endif | 125 | # endif |
| 121 | #endif | 126 | #endif |
| 122 | 127 | ||
| 123 | typedef struct ms_tm | 128 | struct ms_tm |
| 124 | { | 129 | { |
| 125 | #ifdef TIMES | 130 | #ifdef TIMES |
| 126 | struct tms ms_tms; | 131 | struct tms ms_tms; |
| @@ -128,6 +133,8 @@ typedef struct ms_tm | |||
| 128 | # ifdef OPENSSL_SYS_WIN32 | 133 | # ifdef OPENSSL_SYS_WIN32 |
| 129 | HANDLE thread_id; | 134 | HANDLE thread_id; |
| 130 | FILETIME ms_win32; | 135 | FILETIME ms_win32; |
| 136 | # elif defined (OPENSSL_SYS_NETWARE) | ||
| 137 | clock_t ms_clock; | ||
| 131 | # else | 138 | # else |
| 132 | # ifdef OPENSSL_SYS_VXWORKS | 139 | # ifdef OPENSSL_SYS_VXWORKS |
| 133 | unsigned long ticks; | 140 | unsigned long ticks; |
| @@ -136,9 +143,9 @@ typedef struct ms_tm | |||
| 136 | # endif | 143 | # endif |
| 137 | # endif | 144 | # endif |
| 138 | #endif | 145 | #endif |
| 139 | } MS_TM; | 146 | }; |
| 140 | 147 | ||
| 141 | char *ms_time_new(void) | 148 | MS_TM *ms_time_new(void) |
| 142 | { | 149 | { |
| 143 | MS_TM *ret; | 150 | MS_TM *ret; |
| 144 | 151 | ||
| @@ -149,18 +156,17 @@ char *ms_time_new(void) | |||
| 149 | #ifdef OPENSSL_SYS_WIN32 | 156 | #ifdef OPENSSL_SYS_WIN32 |
| 150 | ret->thread_id=GetCurrentThread(); | 157 | ret->thread_id=GetCurrentThread(); |
| 151 | #endif | 158 | #endif |
| 152 | return((char *)ret); | 159 | return ret; |
| 153 | } | 160 | } |
| 154 | 161 | ||
| 155 | void ms_time_free(char *a) | 162 | void ms_time_free(MS_TM *a) |
| 156 | { | 163 | { |
| 157 | if (a != NULL) | 164 | if (a != NULL) |
| 158 | OPENSSL_free(a); | 165 | OPENSSL_free(a); |
| 159 | } | 166 | } |
| 160 | 167 | ||
| 161 | void ms_time_get(char *a) | 168 | void ms_time_get(MS_TM *tm) |
| 162 | { | 169 | { |
| 163 | MS_TM *tm=(MS_TM *)a; | ||
| 164 | #ifdef OPENSSL_SYS_WIN32 | 170 | #ifdef OPENSSL_SYS_WIN32 |
| 165 | FILETIME tmpa,tmpb,tmpc; | 171 | FILETIME tmpa,tmpb,tmpc; |
| 166 | #endif | 172 | #endif |
| @@ -170,6 +176,8 @@ void ms_time_get(char *a) | |||
| 170 | #else | 176 | #else |
| 171 | # ifdef OPENSSL_SYS_WIN32 | 177 | # ifdef OPENSSL_SYS_WIN32 |
| 172 | GetThreadTimes(tm->thread_id,&tmpa,&tmpb,&tmpc,&(tm->ms_win32)); | 178 | GetThreadTimes(tm->thread_id,&tmpa,&tmpb,&tmpc,&(tm->ms_win32)); |
| 179 | # elif defined (OPENSSL_SYS_NETWARE) | ||
| 180 | tm->ms_clock = clock(); | ||
| 173 | # else | 181 | # else |
| 174 | # ifdef OPENSSL_SYS_VXWORKS | 182 | # ifdef OPENSSL_SYS_VXWORKS |
| 175 | tm->ticks = tickGet(); | 183 | tm->ticks = tickGet(); |
| @@ -180,14 +188,13 @@ void ms_time_get(char *a) | |||
| 180 | #endif | 188 | #endif |
| 181 | } | 189 | } |
| 182 | 190 | ||
| 183 | double ms_time_diff(char *ap, char *bp) | 191 | double ms_time_diff(MS_TM *a, MS_TM *b) |
| 184 | { | 192 | { |
| 185 | MS_TM *a=(MS_TM *)ap; | ||
| 186 | MS_TM *b=(MS_TM *)bp; | ||
| 187 | double ret; | 193 | double ret; |
| 188 | 194 | ||
| 189 | #ifdef TIMES | 195 | #ifdef TIMES |
| 190 | ret=(b->ms_tms.tms_utime-a->ms_tms.tms_utime)/HZ; | 196 | ret = HZ; |
| 197 | ret = (b->ms_tms.tms_utime-a->ms_tms.tms_utime) / ret; | ||
| 191 | #else | 198 | #else |
| 192 | # ifdef OPENSSL_SYS_WIN32 | 199 | # ifdef OPENSSL_SYS_WIN32 |
| 193 | { | 200 | { |
| @@ -204,6 +211,8 @@ double ms_time_diff(char *ap, char *bp) | |||
| 204 | lb+=b->ms_win32.dwLowDateTime; | 211 | lb+=b->ms_win32.dwLowDateTime; |
| 205 | ret=((double)(lb-la))/1e7; | 212 | ret=((double)(lb-la))/1e7; |
| 206 | } | 213 | } |
| 214 | # elif defined (OPENSSL_SYS_NETWARE) | ||
| 215 | ret= (double)(b->ms_clock - a->ms_clock); | ||
| 207 | # else | 216 | # else |
| 208 | # ifdef OPENSSL_SYS_VXWORKS | 217 | # ifdef OPENSSL_SYS_VXWORKS |
| 209 | ret = (double)(b->ticks - a->ticks) / (double)sysClkRateGet(); | 218 | ret = (double)(b->ticks - a->ticks) / (double)sysClkRateGet(); |
| @@ -217,18 +226,20 @@ double ms_time_diff(char *ap, char *bp) | |||
| 217 | return((ret < 0.0000001)?0.0000001:ret); | 226 | return((ret < 0.0000001)?0.0000001:ret); |
| 218 | } | 227 | } |
| 219 | 228 | ||
| 220 | int ms_time_cmp(char *ap, char *bp) | 229 | int ms_time_cmp(const MS_TM *a, const MS_TM *b) |
| 221 | { | 230 | { |
| 222 | MS_TM *a=(MS_TM *)ap,*b=(MS_TM *)bp; | ||
| 223 | double d; | 231 | double d; |
| 224 | int ret; | 232 | int ret; |
| 225 | 233 | ||
| 226 | #ifdef TIMES | 234 | #ifdef TIMES |
| 227 | d=(b->ms_tms.tms_utime-a->ms_tms.tms_utime)/HZ; | 235 | d = HZ; |
| 236 | d = (b->ms_tms.tms_utime-a->ms_tms.tms_utime) / d; | ||
| 228 | #else | 237 | #else |
| 229 | # ifdef OPENSSL_SYS_WIN32 | 238 | # ifdef OPENSSL_SYS_WIN32 |
| 230 | d =(b->ms_win32.dwHighDateTime&0x000fffff)*10+b->ms_win32.dwLowDateTime/1e7; | 239 | d =(b->ms_win32.dwHighDateTime&0x000fffff)*10+b->ms_win32.dwLowDateTime/1e7; |
| 231 | d-=(a->ms_win32.dwHighDateTime&0x000fffff)*10+a->ms_win32.dwLowDateTime/1e7; | 240 | d-=(a->ms_win32.dwHighDateTime&0x000fffff)*10+a->ms_win32.dwLowDateTime/1e7; |
| 241 | # elif defined (OPENSSL_SYS_NETWARE) | ||
| 242 | d= (double)(b->ms_clock - a->ms_clock); | ||
| 232 | # else | 243 | # else |
| 233 | # ifdef OPENSSL_SYS_VXWORKS | 244 | # ifdef OPENSSL_SYS_VXWORKS |
| 234 | d = (b->ticks - a->ticks); | 245 | d = (b->ticks - a->ticks); |
diff --git a/src/lib/libssl/src/crypto/tmdiff.h b/src/lib/libssl/src/crypto/tmdiff.h index 41a8a1e0e0..af5c41c649 100644 --- a/src/lib/libssl/src/crypto/tmdiff.h +++ b/src/lib/libssl/src/crypto/tmdiff.h | |||
| @@ -59,6 +59,16 @@ | |||
| 59 | /* Header for dynamic hash table routines | 59 | /* Header for dynamic hash table routines |
| 60 | * Author - Eric Young | 60 | * Author - Eric Young |
| 61 | */ | 61 | */ |
| 62 | /* ... erm yeah, "dynamic hash tables" you say? | ||
| 63 | * | ||
| 64 | * And what would dynamic hash tables have to do with any of this code *now*? | ||
| 65 | * AFAICS, this code is only referenced by crypto/bn/exp.c which is an unused | ||
| 66 | * file that I doubt compiles any more. speed.c is the only thing that could | ||
| 67 | * use this (and it has nothing to do with hash tables), yet it instead has its | ||
| 68 | * own duplication of all this stuff and looks, if anything, more complete. See | ||
| 69 | * the corresponding note in apps/speed.c. | ||
| 70 | * The Bemused - Geoff | ||
| 71 | */ | ||
| 62 | 72 | ||
| 63 | #ifndef HEADER_TMDIFF_H | 73 | #ifndef HEADER_TMDIFF_H |
| 64 | #define HEADER_TMDIFF_H | 74 | #define HEADER_TMDIFF_H |
| @@ -67,11 +77,13 @@ | |||
| 67 | extern "C" { | 77 | extern "C" { |
| 68 | #endif | 78 | #endif |
| 69 | 79 | ||
| 70 | char *ms_time_new(void ); | 80 | typedef struct ms_tm MS_TM; |
| 71 | void ms_time_free(char *a); | 81 | |
| 72 | void ms_time_get(char *a); | 82 | MS_TM *ms_time_new(void ); |
| 73 | double ms_time_diff(char *start,char *end); | 83 | void ms_time_free(MS_TM *a); |
| 74 | int ms_time_cmp(char *ap,char *bp); | 84 | void ms_time_get(MS_TM *a); |
| 85 | double ms_time_diff(MS_TM *start, MS_TM *end); | ||
| 86 | int ms_time_cmp(const MS_TM *ap, const MS_TM *bp); | ||
| 75 | 87 | ||
| 76 | #ifdef __cplusplus | 88 | #ifdef __cplusplus |
| 77 | } | 89 | } |
diff --git a/src/lib/libssl/src/crypto/txt_db/txt_db.c b/src/lib/libssl/src/crypto/txt_db/txt_db.c index 58b300b00b..3ed5f72ee9 100644 --- a/src/lib/libssl/src/crypto/txt_db/txt_db.c +++ b/src/lib/libssl/src/crypto/txt_db/txt_db.c | |||
| @@ -66,7 +66,7 @@ | |||
| 66 | #undef BUFSIZE | 66 | #undef BUFSIZE |
| 67 | #define BUFSIZE 512 | 67 | #define BUFSIZE 512 |
| 68 | 68 | ||
| 69 | const char *TXT_DB_version="TXT_DB" OPENSSL_VERSION_PTEXT; | 69 | const char TXT_DB_version[]="TXT_DB" OPENSSL_VERSION_PTEXT; |
| 70 | 70 | ||
| 71 | TXT_DB *TXT_DB_read(BIO *in, int num) | 71 | TXT_DB *TXT_DB_read(BIO *in, int num) |
| 72 | { | 72 | { |
| @@ -92,7 +92,7 @@ TXT_DB *TXT_DB_read(BIO *in, int num) | |||
| 92 | goto err; | 92 | goto err; |
| 93 | if ((ret->index=(LHASH **)OPENSSL_malloc(sizeof(LHASH *)*num)) == NULL) | 93 | if ((ret->index=(LHASH **)OPENSSL_malloc(sizeof(LHASH *)*num)) == NULL) |
| 94 | goto err; | 94 | goto err; |
| 95 | if ((ret->qual=(int (**)())OPENSSL_malloc(sizeof(int (**)())*num)) == NULL) | 95 | if ((ret->qual=(int (**)(char **))OPENSSL_malloc(sizeof(int (**)(char **))*num)) == NULL) |
| 96 | goto err; | 96 | goto err; |
| 97 | for (i=0; i<num; i++) | 97 | for (i=0; i<num; i++) |
| 98 | { | 98 | { |
| @@ -179,10 +179,13 @@ err: | |||
| 179 | #if !defined(OPENSSL_NO_STDIO) && !defined(OPENSSL_SYS_WIN16) | 179 | #if !defined(OPENSSL_NO_STDIO) && !defined(OPENSSL_SYS_WIN16) |
| 180 | if (er == 1) fprintf(stderr,"OPENSSL_malloc failure\n"); | 180 | if (er == 1) fprintf(stderr,"OPENSSL_malloc failure\n"); |
| 181 | #endif | 181 | #endif |
| 182 | if (ret->data != NULL) sk_free(ret->data); | 182 | if (ret != NULL) |
| 183 | if (ret->index != NULL) OPENSSL_free(ret->index); | 183 | { |
| 184 | if (ret->qual != NULL) OPENSSL_free(ret->qual); | 184 | if (ret->data != NULL) sk_free(ret->data); |
| 185 | if (ret != NULL) OPENSSL_free(ret); | 185 | if (ret->index != NULL) OPENSSL_free(ret->index); |
| 186 | if (ret->qual != NULL) OPENSSL_free(ret->qual); | ||
| 187 | if (ret != NULL) OPENSSL_free(ret); | ||
| 188 | } | ||
| 186 | return(NULL); | 189 | return(NULL); |
| 187 | } | 190 | } |
| 188 | else | 191 | else |
| @@ -210,11 +213,11 @@ char **TXT_DB_get_by_index(TXT_DB *db, int idx, char **value) | |||
| 210 | return(ret); | 213 | return(ret); |
| 211 | } | 214 | } |
| 212 | 215 | ||
| 213 | int TXT_DB_create_index(TXT_DB *db, int field, int (*qual)(), | 216 | int TXT_DB_create_index(TXT_DB *db, int field, int (*qual)(char **), |
| 214 | LHASH_HASH_FN_TYPE hash, LHASH_COMP_FN_TYPE cmp) | 217 | LHASH_HASH_FN_TYPE hash, LHASH_COMP_FN_TYPE cmp) |
| 215 | { | 218 | { |
| 216 | LHASH *idx; | 219 | LHASH *idx; |
| 217 | char *r; | 220 | char **r; |
| 218 | int i,n; | 221 | int i,n; |
| 219 | 222 | ||
| 220 | if (field >= db->num_fields) | 223 | if (field >= db->num_fields) |
| @@ -230,12 +233,12 @@ int TXT_DB_create_index(TXT_DB *db, int field, int (*qual)(), | |||
| 230 | n=sk_num(db->data); | 233 | n=sk_num(db->data); |
| 231 | for (i=0; i<n; i++) | 234 | for (i=0; i<n; i++) |
| 232 | { | 235 | { |
| 233 | r=(char *)sk_value(db->data,i); | 236 | r=(char **)sk_value(db->data,i); |
| 234 | if ((qual != NULL) && (qual(r) == 0)) continue; | 237 | if ((qual != NULL) && (qual(r) == 0)) continue; |
| 235 | if ((r=lh_insert(idx,r)) != NULL) | 238 | if ((r=lh_insert(idx,r)) != NULL) |
| 236 | { | 239 | { |
| 237 | db->error=DB_ERROR_INDEX_CLASH; | 240 | db->error=DB_ERROR_INDEX_CLASH; |
| 238 | db->arg1=sk_find(db->data,r); | 241 | db->arg1=sk_find(db->data,(char *)r); |
| 239 | db->arg2=i; | 242 | db->arg2=i; |
| 240 | lh_free(idx); | 243 | lh_free(idx); |
| 241 | return(0); | 244 | return(0); |
diff --git a/src/lib/libssl/src/crypto/txt_db/txt_db.h b/src/lib/libssl/src/crypto/txt_db/txt_db.h index 563392aeff..307e1ba23f 100644 --- a/src/lib/libssl/src/crypto/txt_db/txt_db.h +++ b/src/lib/libssl/src/crypto/txt_db/txt_db.h | |||
| @@ -59,6 +59,7 @@ | |||
| 59 | #ifndef HEADER_TXT_DB_H | 59 | #ifndef HEADER_TXT_DB_H |
| 60 | #define HEADER_TXT_DB_H | 60 | #define HEADER_TXT_DB_H |
| 61 | 61 | ||
| 62 | #include <openssl/opensslconf.h> | ||
| 62 | #ifndef OPENSSL_NO_BIO | 63 | #ifndef OPENSSL_NO_BIO |
| 63 | #include <openssl/bio.h> | 64 | #include <openssl/bio.h> |
| 64 | #endif | 65 | #endif |
| @@ -81,7 +82,7 @@ typedef struct txt_db_st | |||
| 81 | int num_fields; | 82 | int num_fields; |
| 82 | STACK /* char ** */ *data; | 83 | STACK /* char ** */ *data; |
| 83 | LHASH **index; | 84 | LHASH **index; |
| 84 | int (**qual)(); | 85 | int (**qual)(char **); |
| 85 | long error; | 86 | long error; |
| 86 | long arg1; | 87 | long arg1; |
| 87 | long arg2; | 88 | long arg2; |
| @@ -95,7 +96,7 @@ long TXT_DB_write(BIO *out, TXT_DB *db); | |||
| 95 | TXT_DB *TXT_DB_read(char *in, int num); | 96 | TXT_DB *TXT_DB_read(char *in, int num); |
| 96 | long TXT_DB_write(char *out, TXT_DB *db); | 97 | long TXT_DB_write(char *out, TXT_DB *db); |
| 97 | #endif | 98 | #endif |
| 98 | int TXT_DB_create_index(TXT_DB *db,int field,int (*qual)(), | 99 | int TXT_DB_create_index(TXT_DB *db,int field,int (*qual)(char **), |
| 99 | LHASH_HASH_FN_TYPE hash, LHASH_COMP_FN_TYPE cmp); | 100 | LHASH_HASH_FN_TYPE hash, LHASH_COMP_FN_TYPE cmp); |
| 100 | void TXT_DB_free(TXT_DB *db); | 101 | void TXT_DB_free(TXT_DB *db); |
| 101 | char **TXT_DB_get_by_index(TXT_DB *db, int idx, char **value); | 102 | char **TXT_DB_get_by_index(TXT_DB *db, int idx, char **value); |
diff --git a/src/lib/libssl/src/crypto/ui/ui.h b/src/lib/libssl/src/crypto/ui/ui.h index 735a2d988e..018296412b 100644 --- a/src/lib/libssl/src/crypto/ui/ui.h +++ b/src/lib/libssl/src/crypto/ui/ui.h | |||
| @@ -59,25 +59,19 @@ | |||
| 59 | #ifndef HEADER_UI_H | 59 | #ifndef HEADER_UI_H |
| 60 | #define HEADER_UI_H | 60 | #define HEADER_UI_H |
| 61 | 61 | ||
| 62 | #ifndef OPENSSL_NO_DEPRECATED | ||
| 62 | #include <openssl/crypto.h> | 63 | #include <openssl/crypto.h> |
| 64 | #endif | ||
| 63 | #include <openssl/safestack.h> | 65 | #include <openssl/safestack.h> |
| 66 | #include <openssl/ossl_typ.h> | ||
| 64 | 67 | ||
| 65 | #ifdef __cplusplus | 68 | #ifdef __cplusplus |
| 66 | extern "C" { | 69 | extern "C" { |
| 67 | #endif | 70 | #endif |
| 68 | 71 | ||
| 69 | /* The UI type is a holder for a specific user interface session. It can | 72 | /* Declared already in ossl_typ.h */ |
| 70 | contain an illimited number of informational or error strings as well | 73 | /* typedef struct ui_st UI; */ |
| 71 | as things to prompt for, both passwords (noecho mode) and others (echo | 74 | /* typedef struct ui_method_st UI_METHOD; */ |
| 72 | mode), and verification of the same. All of these are called strings, | ||
| 73 | and are further described below. */ | ||
| 74 | typedef struct ui_st UI; | ||
| 75 | |||
| 76 | /* All instances of UI have a reference to a method structure, which is a | ||
| 77 | ordered vector of functions that implement the lower level things to do. | ||
| 78 | There is an instruction on the implementation further down, in the section | ||
| 79 | for method implementors. */ | ||
| 80 | typedef struct ui_method_st UI_METHOD; | ||
| 81 | 75 | ||
| 82 | 76 | ||
| 83 | /* All the following functions return -1 or NULL on error and in some cases | 77 | /* All the following functions return -1 or NULL on error and in some cases |
| @@ -217,7 +211,7 @@ int UI_process(UI *ui); | |||
| 217 | /* Give a user interface parametrised control commands. This can be used to | 211 | /* Give a user interface parametrised control commands. This can be used to |
| 218 | send down an integer, a data pointer or a function pointer, as well as | 212 | send down an integer, a data pointer or a function pointer, as well as |
| 219 | be used to get information from a UI. */ | 213 | be used to get information from a UI. */ |
| 220 | int UI_ctrl(UI *ui, int cmd, long i, void *p, void (*f)()); | 214 | int UI_ctrl(UI *ui, int cmd, long i, void *p, void (*f)(void)); |
| 221 | 215 | ||
| 222 | /* The commands */ | 216 | /* The commands */ |
| 223 | /* Use UI_CONTROL_PRINT_ERRORS with the value 1 to have UI_process print the | 217 | /* Use UI_CONTROL_PRINT_ERRORS with the value 1 to have UI_process print the |
diff --git a/src/lib/libssl/src/crypto/ui/ui_err.c b/src/lib/libssl/src/crypto/ui/ui_err.c index d983cdd66f..786bd0dbc3 100644 --- a/src/lib/libssl/src/crypto/ui/ui_err.c +++ b/src/lib/libssl/src/crypto/ui/ui_err.c | |||
| @@ -101,15 +101,12 @@ static ERR_STRING_DATA UI_str_reasons[]= | |||
| 101 | 101 | ||
| 102 | void ERR_load_UI_strings(void) | 102 | void ERR_load_UI_strings(void) |
| 103 | { | 103 | { |
| 104 | static int init=1; | 104 | #ifndef OPENSSL_NO_ERR |
| 105 | 105 | ||
| 106 | if (init) | 106 | if (ERR_func_error_string(UI_str_functs[0].error) == NULL) |
| 107 | { | 107 | { |
| 108 | init=0; | ||
| 109 | #ifndef OPENSSL_NO_ERR | ||
| 110 | ERR_load_strings(0,UI_str_functs); | 108 | ERR_load_strings(0,UI_str_functs); |
| 111 | ERR_load_strings(0,UI_str_reasons); | 109 | ERR_load_strings(0,UI_str_reasons); |
| 112 | #endif | ||
| 113 | |||
| 114 | } | 110 | } |
| 111 | #endif | ||
| 115 | } | 112 | } |
diff --git a/src/lib/libssl/src/crypto/ui/ui_lib.c b/src/lib/libssl/src/crypto/ui/ui_lib.c index dbc9711a2d..7ab249c3be 100644 --- a/src/lib/libssl/src/crypto/ui/ui_lib.c +++ b/src/lib/libssl/src/crypto/ui/ui_lib.c | |||
| @@ -57,12 +57,12 @@ | |||
| 57 | */ | 57 | */ |
| 58 | 58 | ||
| 59 | #include <string.h> | 59 | #include <string.h> |
| 60 | #include "cryptlib.h" | ||
| 60 | #include <openssl/e_os2.h> | 61 | #include <openssl/e_os2.h> |
| 61 | #include <openssl/buffer.h> | 62 | #include <openssl/buffer.h> |
| 62 | #include <openssl/ui.h> | 63 | #include <openssl/ui.h> |
| 63 | #include <openssl/err.h> | 64 | #include <openssl/err.h> |
| 64 | #include "ui_locl.h" | 65 | #include "ui_locl.h" |
| 65 | #include "cryptlib.h" | ||
| 66 | 66 | ||
| 67 | IMPLEMENT_STACK_OF(UI_STRING_ST) | 67 | IMPLEMENT_STACK_OF(UI_STRING_ST) |
| 68 | 68 | ||
| @@ -545,7 +545,7 @@ int UI_process(UI *ui) | |||
| 545 | return ok; | 545 | return ok; |
| 546 | } | 546 | } |
| 547 | 547 | ||
| 548 | int UI_ctrl(UI *ui, int cmd, long i, void *p, void (*f)()) | 548 | int UI_ctrl(UI *ui, int cmd, long i, void *p, void (*f)(void)) |
| 549 | { | 549 | { |
| 550 | if (ui == NULL) | 550 | if (ui == NULL) |
| 551 | { | 551 | { |
| @@ -620,8 +620,10 @@ UI_METHOD *UI_create_method(char *name) | |||
| 620 | UI_METHOD *ui_method = (UI_METHOD *)OPENSSL_malloc(sizeof(UI_METHOD)); | 620 | UI_METHOD *ui_method = (UI_METHOD *)OPENSSL_malloc(sizeof(UI_METHOD)); |
| 621 | 621 | ||
| 622 | if (ui_method) | 622 | if (ui_method) |
| 623 | { | ||
| 623 | memset(ui_method, 0, sizeof(*ui_method)); | 624 | memset(ui_method, 0, sizeof(*ui_method)); |
| 624 | ui_method->name = BUF_strdup(name); | 625 | ui_method->name = BUF_strdup(name); |
| 626 | } | ||
| 625 | return ui_method; | 627 | return ui_method; |
| 626 | } | 628 | } |
| 627 | 629 | ||
diff --git a/src/lib/libssl/src/crypto/ui/ui_locl.h b/src/lib/libssl/src/crypto/ui/ui_locl.h index 7d3a75a619..aa4a55637d 100644 --- a/src/lib/libssl/src/crypto/ui/ui_locl.h +++ b/src/lib/libssl/src/crypto/ui/ui_locl.h | |||
| @@ -60,6 +60,11 @@ | |||
| 60 | #define HEADER_UI_LOCL_H | 60 | #define HEADER_UI_LOCL_H |
| 61 | 61 | ||
| 62 | #include <openssl/ui.h> | 62 | #include <openssl/ui.h> |
| 63 | #include <openssl/crypto.h> | ||
| 64 | |||
| 65 | #ifdef _ | ||
| 66 | #undef _ | ||
| 67 | #endif | ||
| 63 | 68 | ||
| 64 | struct ui_method_st | 69 | struct ui_method_st |
| 65 | { | 70 | { |
diff --git a/src/lib/libssl/src/crypto/ui/ui_openssl.c b/src/lib/libssl/src/crypto/ui/ui_openssl.c index d03aeba91a..8446673ed4 100644 --- a/src/lib/libssl/src/crypto/ui/ui_openssl.c +++ b/src/lib/libssl/src/crypto/ui/ui_openssl.c | |||
| @@ -117,6 +117,17 @@ | |||
| 117 | 117 | ||
| 118 | #include <openssl/e_os2.h> | 118 | #include <openssl/e_os2.h> |
| 119 | 119 | ||
| 120 | /* need for #define _POSIX_C_SOURCE arises whenever you pass -ansi to gcc | ||
| 121 | * [maybe others?], because it masks interfaces not discussed in standard, | ||
| 122 | * sigaction and fileno included. -pedantic would be more appropriate for | ||
| 123 | * the intended purposes, but we can't prevent users from adding -ansi. | ||
| 124 | */ | ||
| 125 | #define _POSIX_C_SOURCE 1 | ||
| 126 | #include <signal.h> | ||
| 127 | #include <stdio.h> | ||
| 128 | #include <string.h> | ||
| 129 | #include <errno.h> | ||
| 130 | |||
| 120 | #if !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_VMS) | 131 | #if !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_VMS) |
| 121 | # ifdef OPENSSL_UNISTD | 132 | # ifdef OPENSSL_UNISTD |
| 122 | # include OPENSSL_UNISTD | 133 | # include OPENSSL_UNISTD |
| @@ -145,10 +156,6 @@ | |||
| 145 | /* 06-Apr-92 Luke Brennan Support for VMS */ | 156 | /* 06-Apr-92 Luke Brennan Support for VMS */ |
| 146 | #include "ui_locl.h" | 157 | #include "ui_locl.h" |
| 147 | #include "cryptlib.h" | 158 | #include "cryptlib.h" |
| 148 | #include <signal.h> | ||
| 149 | #include <stdio.h> | ||
| 150 | #include <string.h> | ||
| 151 | #include <errno.h> | ||
| 152 | 159 | ||
| 153 | #ifdef OPENSSL_SYS_VMS /* prototypes for sys$whatever */ | 160 | #ifdef OPENSSL_SYS_VMS /* prototypes for sys$whatever */ |
| 154 | # include <starlet.h> | 161 | # include <starlet.h> |
| @@ -199,6 +206,12 @@ | |||
| 199 | #undef SGTTY | 206 | #undef SGTTY |
| 200 | #endif | 207 | #endif |
| 201 | 208 | ||
| 209 | #if defined(OPENSSL_SYS_NETWARE) | ||
| 210 | #undef TERMIOS | ||
| 211 | #undef TERMIO | ||
| 212 | #undef SGTTY | ||
| 213 | #endif | ||
| 214 | |||
| 202 | #ifdef TERMIOS | 215 | #ifdef TERMIOS |
| 203 | # include <termios.h> | 216 | # include <termios.h> |
| 204 | # define TTY_STRUCT struct termios | 217 | # define TTY_STRUCT struct termios |
| @@ -247,7 +260,7 @@ struct IOSB { | |||
| 247 | typedef int sig_atomic_t; | 260 | typedef int sig_atomic_t; |
| 248 | #endif | 261 | #endif |
| 249 | 262 | ||
| 250 | #if defined(OPENSSL_SYS_MACINTOSH_CLASSIC) || defined(MAC_OS_GUSI_SOURCE) | 263 | #if defined(OPENSSL_SYS_MACINTOSH_CLASSIC) || defined(MAC_OS_GUSI_SOURCE) || defined(OPENSSL_SYS_NETWARE) |
| 251 | /* | 264 | /* |
| 252 | * This one needs work. As a matter of fact the code is unoperational | 265 | * This one needs work. As a matter of fact the code is unoperational |
| 253 | * and this is only a trick to get it compiled. | 266 | * and this is only a trick to get it compiled. |
| @@ -461,7 +474,7 @@ static int open_console(UI *ui) | |||
| 461 | CRYPTO_w_lock(CRYPTO_LOCK_UI); | 474 | CRYPTO_w_lock(CRYPTO_LOCK_UI); |
| 462 | is_a_tty = 1; | 475 | is_a_tty = 1; |
| 463 | 476 | ||
| 464 | #if defined(OPENSSL_SYS_MACINTOSH_CLASSIC) || defined(OPENSSL_SYS_VXWORKS) | 477 | #if defined(OPENSSL_SYS_MACINTOSH_CLASSIC) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE) |
| 465 | tty_in=stdin; | 478 | tty_in=stdin; |
| 466 | tty_out=stderr; | 479 | tty_out=stderr; |
| 467 | #else | 480 | #else |
| @@ -477,7 +490,7 @@ static int open_console(UI *ui) | |||
| 477 | #endif | 490 | #endif |
| 478 | 491 | ||
| 479 | #if defined(TTY_get) && !defined(OPENSSL_SYS_VMS) | 492 | #if defined(TTY_get) && !defined(OPENSSL_SYS_VMS) |
| 480 | if (TTY_get(fileno(tty_in),&tty_orig) == -1) | 493 | if (TTY_get(fileno(tty_in),&tty_orig) == -1) |
| 481 | { | 494 | { |
| 482 | #ifdef ENOTTY | 495 | #ifdef ENOTTY |
| 483 | if (errno == ENOTTY) | 496 | if (errno == ENOTTY) |
| @@ -566,7 +579,9 @@ static int close_console(UI *ui) | |||
| 566 | /* Internal functions to handle signals and act on them */ | 579 | /* Internal functions to handle signals and act on them */ |
| 567 | static void pushsig(void) | 580 | static void pushsig(void) |
| 568 | { | 581 | { |
| 582 | #ifndef OPENSSL_SYS_WIN32 | ||
| 569 | int i; | 583 | int i; |
| 584 | #endif | ||
| 570 | #ifdef SIGACTION | 585 | #ifdef SIGACTION |
| 571 | struct sigaction sa; | 586 | struct sigaction sa; |
| 572 | 587 | ||
| @@ -574,6 +589,14 @@ static void pushsig(void) | |||
| 574 | sa.sa_handler=recsig; | 589 | sa.sa_handler=recsig; |
| 575 | #endif | 590 | #endif |
| 576 | 591 | ||
| 592 | #ifdef OPENSSL_SYS_WIN32 | ||
| 593 | savsig[SIGABRT]=signal(SIGABRT,recsig); | ||
| 594 | savsig[SIGFPE]=signal(SIGFPE,recsig); | ||
| 595 | savsig[SIGILL]=signal(SIGILL,recsig); | ||
| 596 | savsig[SIGINT]=signal(SIGINT,recsig); | ||
| 597 | savsig[SIGSEGV]=signal(SIGSEGV,recsig); | ||
| 598 | savsig[SIGTERM]=signal(SIGTERM,recsig); | ||
| 599 | #else | ||
| 577 | for (i=1; i<NX509_SIG; i++) | 600 | for (i=1; i<NX509_SIG; i++) |
| 578 | { | 601 | { |
| 579 | #ifdef SIGUSR1 | 602 | #ifdef SIGUSR1 |
| @@ -594,6 +617,7 @@ static void pushsig(void) | |||
| 594 | savsig[i]=signal(i,recsig); | 617 | savsig[i]=signal(i,recsig); |
| 595 | #endif | 618 | #endif |
| 596 | } | 619 | } |
| 620 | #endif | ||
| 597 | 621 | ||
| 598 | #ifdef SIGWINCH | 622 | #ifdef SIGWINCH |
| 599 | signal(SIGWINCH,SIG_DFL); | 623 | signal(SIGWINCH,SIG_DFL); |
| @@ -602,8 +626,15 @@ static void pushsig(void) | |||
| 602 | 626 | ||
| 603 | static void popsig(void) | 627 | static void popsig(void) |
| 604 | { | 628 | { |
| 629 | #ifdef OPENSSL_SYS_WIN32 | ||
| 630 | signal(SIGABRT,savsig[SIGABRT]); | ||
| 631 | signal(SIGFPE,savsig[SIGFPE]); | ||
| 632 | signal(SIGILL,savsig[SIGILL]); | ||
| 633 | signal(SIGINT,savsig[SIGINT]); | ||
| 634 | signal(SIGSEGV,savsig[SIGSEGV]); | ||
| 635 | signal(SIGTERM,savsig[SIGTERM]); | ||
| 636 | #else | ||
| 605 | int i; | 637 | int i; |
| 606 | |||
| 607 | for (i=1; i<NX509_SIG; i++) | 638 | for (i=1; i<NX509_SIG; i++) |
| 608 | { | 639 | { |
| 609 | #ifdef SIGUSR1 | 640 | #ifdef SIGUSR1 |
| @@ -620,6 +651,7 @@ static void popsig(void) | |||
| 620 | signal(i,savsig[i]); | 651 | signal(i,savsig[i]); |
| 621 | #endif | 652 | #endif |
| 622 | } | 653 | } |
| 654 | #endif | ||
| 623 | } | 655 | } |
| 624 | 656 | ||
| 625 | static void recsig(int i) | 657 | static void recsig(int i) |
diff --git a/src/lib/libssl/src/crypto/ui/ui_util.c b/src/lib/libssl/src/crypto/ui/ui_util.c index 46bc8c1a9a..5d9760bb7b 100644 --- a/src/lib/libssl/src/crypto/ui/ui_util.c +++ b/src/lib/libssl/src/crypto/ui/ui_util.c | |||
| @@ -54,7 +54,7 @@ | |||
| 54 | */ | 54 | */ |
| 55 | 55 | ||
| 56 | #include <string.h> | 56 | #include <string.h> |
| 57 | #include <openssl/ui.h> | 57 | #include "ui_locl.h" |
| 58 | 58 | ||
| 59 | int UI_UTIL_read_pw_string(char *buf,int length,const char *prompt,int verify) | 59 | int UI_UTIL_read_pw_string(char *buf,int length,const char *prompt,int verify) |
| 60 | { | 60 | { |
diff --git a/src/lib/libssl/src/crypto/uid.c b/src/lib/libssl/src/crypto/uid.c index 73205a4baa..b1fd52bada 100644 --- a/src/lib/libssl/src/crypto/uid.c +++ b/src/lib/libssl/src/crypto/uid.c | |||
| @@ -65,7 +65,7 @@ int OPENSSL_issetugid(void) | |||
| 65 | return issetugid(); | 65 | return issetugid(); |
| 66 | } | 66 | } |
| 67 | 67 | ||
| 68 | #elif defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VXWORKS) | 68 | #elif defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE) |
| 69 | 69 | ||
| 70 | int OPENSSL_issetugid(void) | 70 | int OPENSSL_issetugid(void) |
| 71 | { | 71 | { |
diff --git a/src/lib/libssl/src/crypto/x509/by_dir.c b/src/lib/libssl/src/crypto/x509/by_dir.c index ea689aed1a..37f9a48206 100644 --- a/src/lib/libssl/src/crypto/x509/by_dir.c +++ b/src/lib/libssl/src/crypto/x509/by_dir.c | |||
| @@ -189,7 +189,7 @@ static int add_cert_dir(BY_DIR *ctx, const char *dir, int type) | |||
| 189 | 189 | ||
| 190 | s=dir; | 190 | s=dir; |
| 191 | p=s; | 191 | p=s; |
| 192 | for (;;) | 192 | for (;;p++) |
| 193 | { | 193 | { |
| 194 | if ((*p == LIST_SEPARATOR_CHAR) || (*p == '\0')) | 194 | if ((*p == LIST_SEPARATOR_CHAR) || (*p == '\0')) |
| 195 | { | 195 | { |
| @@ -198,8 +198,11 @@ static int add_cert_dir(BY_DIR *ctx, const char *dir, int type) | |||
| 198 | len=(int)(p-ss); | 198 | len=(int)(p-ss); |
| 199 | if (len == 0) continue; | 199 | if (len == 0) continue; |
| 200 | for (j=0; j<ctx->num_dirs; j++) | 200 | for (j=0; j<ctx->num_dirs; j++) |
| 201 | if (strncmp(ctx->dirs[j],ss,(unsigned int)len) == 0) | 201 | if (strlen(ctx->dirs[j]) == (size_t)len && |
| 202 | continue; | 202 | strncmp(ctx->dirs[j],ss,(unsigned int)len) == 0) |
| 203 | break; | ||
| 204 | if (j<ctx->num_dirs) | ||
| 205 | continue; | ||
| 203 | if (ctx->num_dirs_alloced < (ctx->num_dirs+1)) | 206 | if (ctx->num_dirs_alloced < (ctx->num_dirs+1)) |
| 204 | { | 207 | { |
| 205 | ctx->num_dirs_alloced+=10; | 208 | ctx->num_dirs_alloced+=10; |
| @@ -231,7 +234,6 @@ static int add_cert_dir(BY_DIR *ctx, const char *dir, int type) | |||
| 231 | ctx->num_dirs++; | 234 | ctx->num_dirs++; |
| 232 | } | 235 | } |
| 233 | if (*p == '\0') break; | 236 | if (*p == '\0') break; |
| 234 | p++; | ||
| 235 | } | 237 | } |
| 236 | return(1); | 238 | return(1); |
| 237 | } | 239 | } |
diff --git a/src/lib/libssl/src/crypto/x509/x509.h b/src/lib/libssl/src/crypto/x509/x509.h index e8c1a59cf2..e71b5257e5 100644 --- a/src/lib/libssl/src/crypto/x509/x509.h +++ b/src/lib/libssl/src/crypto/x509/x509.h | |||
| @@ -55,10 +55,16 @@ | |||
| 55 | * copied and put under another distribution licence | 55 | * copied and put under another distribution licence |
| 56 | * [including the GNU Public Licence.] | 56 | * [including the GNU Public Licence.] |
| 57 | */ | 57 | */ |
| 58 | /* ==================================================================== | ||
| 59 | * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. | ||
| 60 | * ECDH support in OpenSSL originally developed by | ||
| 61 | * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. | ||
| 62 | */ | ||
| 58 | 63 | ||
| 59 | #ifndef HEADER_X509_H | 64 | #ifndef HEADER_X509_H |
| 60 | #define HEADER_X509_H | 65 | #define HEADER_X509_H |
| 61 | 66 | ||
| 67 | #include <openssl/e_os2.h> | ||
| 62 | #include <openssl/symhacks.h> | 68 | #include <openssl/symhacks.h> |
| 63 | #ifndef OPENSSL_NO_BUFFER | 69 | #ifndef OPENSSL_NO_BUFFER |
| 64 | #include <openssl/buffer.h> | 70 | #include <openssl/buffer.h> |
| @@ -73,21 +79,33 @@ | |||
| 73 | #include <openssl/asn1.h> | 79 | #include <openssl/asn1.h> |
| 74 | #include <openssl/safestack.h> | 80 | #include <openssl/safestack.h> |
| 75 | 81 | ||
| 82 | #ifndef OPENSSL_NO_EC | ||
| 83 | #include <openssl/ec.h> | ||
| 84 | #endif | ||
| 85 | |||
| 86 | #ifndef OPENSSL_NO_ECDSA | ||
| 87 | #include <openssl/ecdsa.h> | ||
| 88 | #endif | ||
| 89 | |||
| 90 | #ifndef OPENSSL_NO_ECDH | ||
| 91 | #include <openssl/ecdh.h> | ||
| 92 | #endif | ||
| 93 | |||
| 94 | #ifndef OPENSSL_NO_DEPRECATED | ||
| 76 | #ifndef OPENSSL_NO_RSA | 95 | #ifndef OPENSSL_NO_RSA |
| 77 | #include <openssl/rsa.h> | 96 | #include <openssl/rsa.h> |
| 78 | #endif | 97 | #endif |
| 79 | |||
| 80 | #ifndef OPENSSL_NO_DSA | 98 | #ifndef OPENSSL_NO_DSA |
| 81 | #include <openssl/dsa.h> | 99 | #include <openssl/dsa.h> |
| 82 | #endif | 100 | #endif |
| 83 | |||
| 84 | #ifndef OPENSSL_NO_DH | 101 | #ifndef OPENSSL_NO_DH |
| 85 | #include <openssl/dh.h> | 102 | #include <openssl/dh.h> |
| 86 | #endif | 103 | #endif |
| 104 | #endif | ||
| 105 | |||
| 87 | #ifndef OPENSSL_NO_SHA | 106 | #ifndef OPENSSL_NO_SHA |
| 88 | #include <openssl/sha.h> | 107 | #include <openssl/sha.h> |
| 89 | #endif | 108 | #endif |
| 90 | #include <openssl/e_os2.h> | ||
| 91 | #include <openssl/ossl_typ.h> | 109 | #include <openssl/ossl_typ.h> |
| 92 | 110 | ||
| 93 | #ifdef __cplusplus | 111 | #ifdef __cplusplus |
| @@ -95,8 +113,9 @@ extern "C" { | |||
| 95 | #endif | 113 | #endif |
| 96 | 114 | ||
| 97 | #ifdef OPENSSL_SYS_WIN32 | 115 | #ifdef OPENSSL_SYS_WIN32 |
| 98 | /* Under Win32 this is defined in wincrypt.h */ | 116 | /* Under Win32 these are defined in wincrypt.h */ |
| 99 | #undef X509_NAME | 117 | #undef X509_NAME |
| 118 | #undef X509_CERT_PAIR | ||
| 100 | #endif | 119 | #endif |
| 101 | 120 | ||
| 102 | #define X509_FILETYPE_PEM 1 | 121 | #define X509_FILETYPE_PEM 1 |
| @@ -117,8 +136,8 @@ extern "C" { | |||
| 117 | typedef struct X509_objects_st | 136 | typedef struct X509_objects_st |
| 118 | { | 137 | { |
| 119 | int nid; | 138 | int nid; |
| 120 | int (*a2i)(); | 139 | int (*a2i)(void); |
| 121 | int (*i2a)(); | 140 | int (*i2a)(void); |
| 122 | } X509_OBJECTS; | 141 | } X509_OBJECTS; |
| 123 | 142 | ||
| 124 | struct X509_algor_st | 143 | struct X509_algor_st |
| @@ -127,9 +146,10 @@ struct X509_algor_st | |||
| 127 | ASN1_TYPE *parameter; | 146 | ASN1_TYPE *parameter; |
| 128 | } /* X509_ALGOR */; | 147 | } /* X509_ALGOR */; |
| 129 | 148 | ||
| 130 | DECLARE_STACK_OF(X509_ALGOR) | ||
| 131 | DECLARE_ASN1_SET_OF(X509_ALGOR) | 149 | DECLARE_ASN1_SET_OF(X509_ALGOR) |
| 132 | 150 | ||
| 151 | typedef STACK_OF(X509_ALGOR) X509_ALGORS; | ||
| 152 | |||
| 133 | typedef struct X509_val_st | 153 | typedef struct X509_val_st |
| 134 | { | 154 | { |
| 135 | ASN1_TIME *notBefore; | 155 | ASN1_TIME *notBefore; |
| @@ -184,6 +204,8 @@ typedef struct X509_extension_st | |||
| 184 | ASN1_OCTET_STRING *value; | 204 | ASN1_OCTET_STRING *value; |
| 185 | } X509_EXTENSION; | 205 | } X509_EXTENSION; |
| 186 | 206 | ||
| 207 | typedef STACK_OF(X509_EXTENSION) X509_EXTENSIONS; | ||
| 208 | |||
| 187 | DECLARE_STACK_OF(X509_EXTENSION) | 209 | DECLARE_STACK_OF(X509_EXTENSION) |
| 188 | DECLARE_ASN1_SET_OF(X509_EXTENSION) | 210 | DECLARE_ASN1_SET_OF(X509_EXTENSION) |
| 189 | 211 | ||
| @@ -261,12 +283,18 @@ struct x509_st | |||
| 261 | CRYPTO_EX_DATA ex_data; | 283 | CRYPTO_EX_DATA ex_data; |
| 262 | /* These contain copies of various extension values */ | 284 | /* These contain copies of various extension values */ |
| 263 | long ex_pathlen; | 285 | long ex_pathlen; |
| 286 | long ex_pcpathlen; | ||
| 264 | unsigned long ex_flags; | 287 | unsigned long ex_flags; |
| 265 | unsigned long ex_kusage; | 288 | unsigned long ex_kusage; |
| 266 | unsigned long ex_xkusage; | 289 | unsigned long ex_xkusage; |
| 267 | unsigned long ex_nscert; | 290 | unsigned long ex_nscert; |
| 268 | ASN1_OCTET_STRING *skid; | 291 | ASN1_OCTET_STRING *skid; |
| 269 | struct AUTHORITY_KEYID_st *akid; | 292 | struct AUTHORITY_KEYID_st *akid; |
| 293 | X509_POLICY_CACHE *policy_cache; | ||
| 294 | #ifndef OPENSSL_NO_RFC3779 | ||
| 295 | STACK_OF(IPAddressFamily) *rfc3779_addr; | ||
| 296 | struct ASIdentifiers_st *rfc3779_asid; | ||
| 297 | #endif | ||
| 270 | #ifndef OPENSSL_NO_SHA | 298 | #ifndef OPENSSL_NO_SHA |
| 271 | unsigned char sha1_hash[SHA_DIGEST_LENGTH]; | 299 | unsigned char sha1_hash[SHA_DIGEST_LENGTH]; |
| 272 | #endif | 300 | #endif |
| @@ -289,6 +317,11 @@ typedef struct x509_trust_st { | |||
| 289 | 317 | ||
| 290 | DECLARE_STACK_OF(X509_TRUST) | 318 | DECLARE_STACK_OF(X509_TRUST) |
| 291 | 319 | ||
| 320 | typedef struct x509_cert_pair_st { | ||
| 321 | X509 *forward; | ||
| 322 | X509 *reverse; | ||
| 323 | } X509_CERT_PAIR; | ||
| 324 | |||
| 292 | /* standard trust ids */ | 325 | /* standard trust ids */ |
| 293 | 326 | ||
| 294 | #define X509_TRUST_DEFAULT -1 /* Only valid in purpose settings */ | 327 | #define X509_TRUST_DEFAULT -1 /* Only valid in purpose settings */ |
| @@ -655,6 +688,17 @@ extern "C" { | |||
| 655 | #define i2d_DSAPrivateKey_bio(bp,dsa) ASN1_i2d_bio(i2d_DSAPrivateKey,bp, \ | 688 | #define i2d_DSAPrivateKey_bio(bp,dsa) ASN1_i2d_bio(i2d_DSAPrivateKey,bp, \ |
| 656 | (unsigned char *)dsa) | 689 | (unsigned char *)dsa) |
| 657 | 690 | ||
| 691 | #define d2i_ECPrivateKey_fp(fp,ecdsa) (EC_KEY *)ASN1_d2i_fp((char *(*)())\ | ||
| 692 | EC_KEY_new,(char *(*)())d2i_ECPrivateKey, (fp), \ | ||
| 693 | (unsigned char **)(ecdsa)) | ||
| 694 | #define i2d_ECPrivateKey_fp(fp,ecdsa) ASN1_i2d_fp(i2d_ECPrivateKey,fp, \ | ||
| 695 | (unsigned char *)ecdsa) | ||
| 696 | #define d2i_ECPrivateKey_bio(bp,ecdsa) (EC_KEY *)ASN1_d2i_bio((char *(*)())\ | ||
| 697 | EC_KEY_new,(char *(*)())d2i_ECPrivateKey, (bp), \ | ||
| 698 | (unsigned char **)(ecdsa)) | ||
| 699 | #define i2d_ECPrivateKey_bio(bp,ecdsa) ASN1_i2d_bio(i2d_ECPrivateKey,bp, \ | ||
| 700 | (unsigned char *)ecdsa) | ||
| 701 | |||
| 658 | #define X509_ALGOR_dup(xn) (X509_ALGOR *)ASN1_dup((int (*)())i2d_X509_ALGOR,\ | 702 | #define X509_ALGOR_dup(xn) (X509_ALGOR *)ASN1_dup((int (*)())i2d_X509_ALGOR,\ |
| 659 | (char *(*)())d2i_X509_ALGOR,(char *)xn) | 703 | (char *(*)())d2i_X509_ALGOR,(char *)xn) |
| 660 | 704 | ||
| @@ -758,6 +802,12 @@ int i2d_DSA_PUBKEY_fp(FILE *fp, DSA *dsa); | |||
| 758 | DSA *d2i_DSAPrivateKey_fp(FILE *fp, DSA **dsa); | 802 | DSA *d2i_DSAPrivateKey_fp(FILE *fp, DSA **dsa); |
| 759 | int i2d_DSAPrivateKey_fp(FILE *fp, DSA *dsa); | 803 | int i2d_DSAPrivateKey_fp(FILE *fp, DSA *dsa); |
| 760 | #endif | 804 | #endif |
| 805 | #ifndef OPENSSL_NO_EC | ||
| 806 | EC_KEY *d2i_EC_PUBKEY_fp(FILE *fp, EC_KEY **eckey); | ||
| 807 | int i2d_EC_PUBKEY_fp(FILE *fp, EC_KEY *eckey); | ||
| 808 | EC_KEY *d2i_ECPrivateKey_fp(FILE *fp, EC_KEY **eckey); | ||
| 809 | int i2d_ECPrivateKey_fp(FILE *fp, EC_KEY *eckey); | ||
| 810 | #endif | ||
| 761 | X509_SIG *d2i_PKCS8_fp(FILE *fp,X509_SIG **p8); | 811 | X509_SIG *d2i_PKCS8_fp(FILE *fp,X509_SIG **p8); |
| 762 | int i2d_PKCS8_fp(FILE *fp,X509_SIG *p8); | 812 | int i2d_PKCS8_fp(FILE *fp,X509_SIG *p8); |
| 763 | PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_fp(FILE *fp, | 813 | PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_fp(FILE *fp, |
| @@ -791,6 +841,12 @@ int i2d_DSA_PUBKEY_bio(BIO *bp, DSA *dsa); | |||
| 791 | DSA *d2i_DSAPrivateKey_bio(BIO *bp, DSA **dsa); | 841 | DSA *d2i_DSAPrivateKey_bio(BIO *bp, DSA **dsa); |
| 792 | int i2d_DSAPrivateKey_bio(BIO *bp, DSA *dsa); | 842 | int i2d_DSAPrivateKey_bio(BIO *bp, DSA *dsa); |
| 793 | #endif | 843 | #endif |
| 844 | #ifndef OPENSSL_NO_EC | ||
| 845 | EC_KEY *d2i_EC_PUBKEY_bio(BIO *bp, EC_KEY **eckey); | ||
| 846 | int i2d_EC_PUBKEY_bio(BIO *bp, EC_KEY *eckey); | ||
| 847 | EC_KEY *d2i_ECPrivateKey_bio(BIO *bp, EC_KEY **eckey); | ||
| 848 | int i2d_ECPrivateKey_bio(BIO *bp, EC_KEY *eckey); | ||
| 849 | #endif | ||
| 794 | X509_SIG *d2i_PKCS8_bio(BIO *bp,X509_SIG **p8); | 850 | X509_SIG *d2i_PKCS8_bio(BIO *bp,X509_SIG **p8); |
| 795 | int i2d_PKCS8_bio(BIO *bp,X509_SIG *p8); | 851 | int i2d_PKCS8_bio(BIO *bp,X509_SIG *p8); |
| 796 | PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_bio(BIO *bp, | 852 | PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_bio(BIO *bp, |
| @@ -809,6 +865,10 @@ X509_EXTENSION *X509_EXTENSION_dup(X509_EXTENSION *ex); | |||
| 809 | X509_CRL *X509_CRL_dup(X509_CRL *crl); | 865 | X509_CRL *X509_CRL_dup(X509_CRL *crl); |
| 810 | X509_REQ *X509_REQ_dup(X509_REQ *req); | 866 | X509_REQ *X509_REQ_dup(X509_REQ *req); |
| 811 | X509_ALGOR *X509_ALGOR_dup(X509_ALGOR *xn); | 867 | X509_ALGOR *X509_ALGOR_dup(X509_ALGOR *xn); |
| 868 | int X509_ALGOR_set0(X509_ALGOR *alg, ASN1_OBJECT *aobj, int ptype, void *pval); | ||
| 869 | void X509_ALGOR_get0(ASN1_OBJECT **paobj, int *pptype, void **ppval, | ||
| 870 | X509_ALGOR *algor); | ||
| 871 | |||
| 812 | X509_NAME *X509_NAME_dup(X509_NAME *xn); | 872 | X509_NAME *X509_NAME_dup(X509_NAME *xn); |
| 813 | X509_NAME_ENTRY *X509_NAME_ENTRY_dup(X509_NAME_ENTRY *ne); | 873 | X509_NAME_ENTRY *X509_NAME_ENTRY_dup(X509_NAME_ENTRY *ne); |
| 814 | 874 | ||
| @@ -830,6 +890,7 @@ X509_REQ * X509_to_X509_REQ(X509 *x, EVP_PKEY *pkey, const EVP_MD *md); | |||
| 830 | X509 * X509_REQ_to_X509(X509_REQ *r, int days,EVP_PKEY *pkey); | 890 | X509 * X509_REQ_to_X509(X509_REQ *r, int days,EVP_PKEY *pkey); |
| 831 | 891 | ||
| 832 | DECLARE_ASN1_FUNCTIONS(X509_ALGOR) | 892 | DECLARE_ASN1_FUNCTIONS(X509_ALGOR) |
| 893 | DECLARE_ASN1_ENCODE_FUNCTIONS(X509_ALGORS, X509_ALGORS, X509_ALGORS) | ||
| 833 | DECLARE_ASN1_FUNCTIONS(X509_VAL) | 894 | DECLARE_ASN1_FUNCTIONS(X509_VAL) |
| 834 | 895 | ||
| 835 | DECLARE_ASN1_FUNCTIONS(X509_PUBKEY) | 896 | DECLARE_ASN1_FUNCTIONS(X509_PUBKEY) |
| @@ -839,16 +900,21 @@ EVP_PKEY * X509_PUBKEY_get(X509_PUBKEY *key); | |||
| 839 | int X509_get_pubkey_parameters(EVP_PKEY *pkey, | 900 | int X509_get_pubkey_parameters(EVP_PKEY *pkey, |
| 840 | STACK_OF(X509) *chain); | 901 | STACK_OF(X509) *chain); |
| 841 | int i2d_PUBKEY(EVP_PKEY *a,unsigned char **pp); | 902 | int i2d_PUBKEY(EVP_PKEY *a,unsigned char **pp); |
| 842 | EVP_PKEY * d2i_PUBKEY(EVP_PKEY **a,unsigned char **pp, | 903 | EVP_PKEY * d2i_PUBKEY(EVP_PKEY **a,const unsigned char **pp, |
| 843 | long length); | 904 | long length); |
| 844 | #ifndef OPENSSL_NO_RSA | 905 | #ifndef OPENSSL_NO_RSA |
| 845 | int i2d_RSA_PUBKEY(RSA *a,unsigned char **pp); | 906 | int i2d_RSA_PUBKEY(RSA *a,unsigned char **pp); |
| 846 | RSA * d2i_RSA_PUBKEY(RSA **a,unsigned char **pp, | 907 | RSA * d2i_RSA_PUBKEY(RSA **a,const unsigned char **pp, |
| 847 | long length); | 908 | long length); |
| 848 | #endif | 909 | #endif |
| 849 | #ifndef OPENSSL_NO_DSA | 910 | #ifndef OPENSSL_NO_DSA |
| 850 | int i2d_DSA_PUBKEY(DSA *a,unsigned char **pp); | 911 | int i2d_DSA_PUBKEY(DSA *a,unsigned char **pp); |
| 851 | DSA * d2i_DSA_PUBKEY(DSA **a,unsigned char **pp, | 912 | DSA * d2i_DSA_PUBKEY(DSA **a,const unsigned char **pp, |
| 913 | long length); | ||
| 914 | #endif | ||
| 915 | #ifndef OPENSSL_NO_EC | ||
| 916 | int i2d_EC_PUBKEY(EC_KEY *a, unsigned char **pp); | ||
| 917 | EC_KEY *d2i_EC_PUBKEY(EC_KEY **a, const unsigned char **pp, | ||
| 852 | long length); | 918 | long length); |
| 853 | #endif | 919 | #endif |
| 854 | 920 | ||
| @@ -860,6 +926,7 @@ DECLARE_ASN1_FUNCTIONS(X509_ATTRIBUTE) | |||
| 860 | X509_ATTRIBUTE *X509_ATTRIBUTE_create(int nid, int atrtype, void *value); | 926 | X509_ATTRIBUTE *X509_ATTRIBUTE_create(int nid, int atrtype, void *value); |
| 861 | 927 | ||
| 862 | DECLARE_ASN1_FUNCTIONS(X509_EXTENSION) | 928 | DECLARE_ASN1_FUNCTIONS(X509_EXTENSION) |
| 929 | DECLARE_ASN1_ENCODE_FUNCTIONS(X509_EXTENSIONS, X509_EXTENSIONS, X509_EXTENSIONS) | ||
| 863 | 930 | ||
| 864 | DECLARE_ASN1_FUNCTIONS(X509_NAME_ENTRY) | 931 | DECLARE_ASN1_FUNCTIONS(X509_NAME_ENTRY) |
| 865 | 932 | ||
| @@ -872,16 +939,19 @@ DECLARE_ASN1_FUNCTIONS(X509_CINF) | |||
| 872 | DECLARE_ASN1_FUNCTIONS(X509) | 939 | DECLARE_ASN1_FUNCTIONS(X509) |
| 873 | DECLARE_ASN1_FUNCTIONS(X509_CERT_AUX) | 940 | DECLARE_ASN1_FUNCTIONS(X509_CERT_AUX) |
| 874 | 941 | ||
| 942 | DECLARE_ASN1_FUNCTIONS(X509_CERT_PAIR) | ||
| 943 | |||
| 875 | int X509_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, | 944 | int X509_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, |
| 876 | CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); | 945 | CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); |
| 877 | int X509_set_ex_data(X509 *r, int idx, void *arg); | 946 | int X509_set_ex_data(X509 *r, int idx, void *arg); |
| 878 | void *X509_get_ex_data(X509 *r, int idx); | 947 | void *X509_get_ex_data(X509 *r, int idx); |
| 879 | int i2d_X509_AUX(X509 *a,unsigned char **pp); | 948 | int i2d_X509_AUX(X509 *a,unsigned char **pp); |
| 880 | X509 * d2i_X509_AUX(X509 **a,unsigned char **pp,long length); | 949 | X509 * d2i_X509_AUX(X509 **a,const unsigned char **pp,long length); |
| 881 | 950 | ||
| 882 | int X509_alias_set1(X509 *x, unsigned char *name, int len); | 951 | int X509_alias_set1(X509 *x, unsigned char *name, int len); |
| 883 | int X509_keyid_set1(X509 *x, unsigned char *id, int len); | 952 | int X509_keyid_set1(X509 *x, unsigned char *id, int len); |
| 884 | unsigned char * X509_alias_get0(X509 *x, int *len); | 953 | unsigned char * X509_alias_get0(X509 *x, int *len); |
| 954 | unsigned char * X509_keyid_get0(X509 *x, int *len); | ||
| 885 | int (*X509_TRUST_set_default(int (*trust)(int , X509 *, int)))(int, X509 *, int); | 955 | int (*X509_TRUST_set_default(int (*trust)(int , X509 *, int)))(int, X509 *, int); |
| 886 | int X509_TRUST_set(int *t, int trust); | 956 | int X509_TRUST_set(int *t, int trust); |
| 887 | int X509_add1_trust_object(X509 *x, ASN1_OBJECT *obj); | 957 | int X509_add1_trust_object(X509 *x, ASN1_OBJECT *obj); |
| @@ -898,7 +968,7 @@ int X509_CRL_add0_revoked(X509_CRL *crl, X509_REVOKED *rev); | |||
| 898 | X509_PKEY * X509_PKEY_new(void ); | 968 | X509_PKEY * X509_PKEY_new(void ); |
| 899 | void X509_PKEY_free(X509_PKEY *a); | 969 | void X509_PKEY_free(X509_PKEY *a); |
| 900 | int i2d_X509_PKEY(X509_PKEY *a,unsigned char **pp); | 970 | int i2d_X509_PKEY(X509_PKEY *a,unsigned char **pp); |
| 901 | X509_PKEY * d2i_X509_PKEY(X509_PKEY **a,unsigned char **pp,long length); | 971 | X509_PKEY * d2i_X509_PKEY(X509_PKEY **a,const unsigned char **pp,long length); |
| 902 | 972 | ||
| 903 | DECLARE_ASN1_FUNCTIONS(NETSCAPE_SPKI) | 973 | DECLARE_ASN1_FUNCTIONS(NETSCAPE_SPKI) |
| 904 | DECLARE_ASN1_FUNCTIONS(NETSCAPE_SPKAC) | 974 | DECLARE_ASN1_FUNCTIONS(NETSCAPE_SPKAC) |
| @@ -909,15 +979,15 @@ X509_INFO * X509_INFO_new(void); | |||
| 909 | void X509_INFO_free(X509_INFO *a); | 979 | void X509_INFO_free(X509_INFO *a); |
| 910 | char * X509_NAME_oneline(X509_NAME *a,char *buf,int size); | 980 | char * X509_NAME_oneline(X509_NAME *a,char *buf,int size); |
| 911 | 981 | ||
| 912 | int ASN1_verify(int (*i2d)(), X509_ALGOR *algor1, | 982 | int ASN1_verify(i2d_of_void *i2d, X509_ALGOR *algor1, |
| 913 | ASN1_BIT_STRING *signature,char *data,EVP_PKEY *pkey); | 983 | ASN1_BIT_STRING *signature,char *data,EVP_PKEY *pkey); |
| 914 | 984 | ||
| 915 | int ASN1_digest(int (*i2d)(),const EVP_MD *type,char *data, | 985 | int ASN1_digest(i2d_of_void *i2d,const EVP_MD *type,char *data, |
| 916 | unsigned char *md,unsigned int *len); | 986 | unsigned char *md,unsigned int *len); |
| 917 | 987 | ||
| 918 | int ASN1_sign(int (*i2d)(), X509_ALGOR *algor1, X509_ALGOR *algor2, | 988 | int ASN1_sign(i2d_of_void *i2d, X509_ALGOR *algor1, |
| 919 | ASN1_BIT_STRING *signature, | 989 | X509_ALGOR *algor2, ASN1_BIT_STRING *signature, |
| 920 | char *data,EVP_PKEY *pkey, const EVP_MD *type); | 990 | char *data,EVP_PKEY *pkey, const EVP_MD *type); |
| 921 | 991 | ||
| 922 | int ASN1_item_digest(const ASN1_ITEM *it,const EVP_MD *type,void *data, | 992 | int ASN1_item_digest(const ASN1_ITEM *it,const EVP_MD *type,void *data, |
| 923 | unsigned char *md,unsigned int *len); | 993 | unsigned char *md,unsigned int *len); |
| @@ -982,6 +1052,8 @@ int X509_CRL_sort(X509_CRL *crl); | |||
| 982 | int X509_REVOKED_set_serialNumber(X509_REVOKED *x, ASN1_INTEGER *serial); | 1052 | int X509_REVOKED_set_serialNumber(X509_REVOKED *x, ASN1_INTEGER *serial); |
| 983 | int X509_REVOKED_set_revocationDate(X509_REVOKED *r, ASN1_TIME *tm); | 1053 | int X509_REVOKED_set_revocationDate(X509_REVOKED *r, ASN1_TIME *tm); |
| 984 | 1054 | ||
| 1055 | int X509_REQ_check_private_key(X509_REQ *x509,EVP_PKEY *pkey); | ||
| 1056 | |||
| 985 | int X509_check_private_key(X509 *x509,EVP_PKEY *pkey); | 1057 | int X509_check_private_key(X509 *x509,EVP_PKEY *pkey); |
| 986 | 1058 | ||
| 987 | int X509_issuer_and_serial_cmp(const X509 *a, const X509 *b); | 1059 | int X509_issuer_and_serial_cmp(const X509 *a, const X509 *b); |
| @@ -1128,6 +1200,8 @@ STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_NID(STACK_OF(X509_ATTRIBUTE) **x, | |||
| 1128 | STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_txt(STACK_OF(X509_ATTRIBUTE) **x, | 1200 | STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_txt(STACK_OF(X509_ATTRIBUTE) **x, |
| 1129 | const char *attrname, int type, | 1201 | const char *attrname, int type, |
| 1130 | const unsigned char *bytes, int len); | 1202 | const unsigned char *bytes, int len); |
| 1203 | void *X509at_get0_data_by_OBJ(STACK_OF(X509_ATTRIBUTE) *x, | ||
| 1204 | ASN1_OBJECT *obj, int lastpos, int type); | ||
| 1131 | X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_NID(X509_ATTRIBUTE **attr, int nid, | 1205 | X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_NID(X509_ATTRIBUTE **attr, int nid, |
| 1132 | int atrtype, const void *data, int len); | 1206 | int atrtype, const void *data, int len); |
| 1133 | X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_OBJ(X509_ATTRIBUTE **attr, | 1207 | X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_OBJ(X509_ATTRIBUTE **attr, |
| @@ -1142,6 +1216,24 @@ int X509_ATTRIBUTE_count(X509_ATTRIBUTE *attr); | |||
| 1142 | ASN1_OBJECT *X509_ATTRIBUTE_get0_object(X509_ATTRIBUTE *attr); | 1216 | ASN1_OBJECT *X509_ATTRIBUTE_get0_object(X509_ATTRIBUTE *attr); |
| 1143 | ASN1_TYPE *X509_ATTRIBUTE_get0_type(X509_ATTRIBUTE *attr, int idx); | 1217 | ASN1_TYPE *X509_ATTRIBUTE_get0_type(X509_ATTRIBUTE *attr, int idx); |
| 1144 | 1218 | ||
| 1219 | int EVP_PKEY_get_attr_count(const EVP_PKEY *key); | ||
| 1220 | int EVP_PKEY_get_attr_by_NID(const EVP_PKEY *key, int nid, | ||
| 1221 | int lastpos); | ||
| 1222 | int EVP_PKEY_get_attr_by_OBJ(const EVP_PKEY *key, ASN1_OBJECT *obj, | ||
| 1223 | int lastpos); | ||
| 1224 | X509_ATTRIBUTE *EVP_PKEY_get_attr(const EVP_PKEY *key, int loc); | ||
| 1225 | X509_ATTRIBUTE *EVP_PKEY_delete_attr(EVP_PKEY *key, int loc); | ||
| 1226 | int EVP_PKEY_add1_attr(EVP_PKEY *key, X509_ATTRIBUTE *attr); | ||
| 1227 | int EVP_PKEY_add1_attr_by_OBJ(EVP_PKEY *key, | ||
| 1228 | const ASN1_OBJECT *obj, int type, | ||
| 1229 | const unsigned char *bytes, int len); | ||
| 1230 | int EVP_PKEY_add1_attr_by_NID(EVP_PKEY *key, | ||
| 1231 | int nid, int type, | ||
| 1232 | const unsigned char *bytes, int len); | ||
| 1233 | int EVP_PKEY_add1_attr_by_txt(EVP_PKEY *key, | ||
| 1234 | const char *attrname, int type, | ||
| 1235 | const unsigned char *bytes, int len); | ||
| 1236 | |||
| 1145 | int X509_verify_cert(X509_STORE_CTX *ctx); | 1237 | int X509_verify_cert(X509_STORE_CTX *ctx); |
| 1146 | 1238 | ||
| 1147 | /* lookup a cert from a X509 STACK */ | 1239 | /* lookup a cert from a X509 STACK */ |
| @@ -1188,18 +1280,20 @@ void ERR_load_X509_strings(void); | |||
| 1188 | /* Function codes. */ | 1280 | /* Function codes. */ |
| 1189 | #define X509_F_ADD_CERT_DIR 100 | 1281 | #define X509_F_ADD_CERT_DIR 100 |
| 1190 | #define X509_F_BY_FILE_CTRL 101 | 1282 | #define X509_F_BY_FILE_CTRL 101 |
| 1283 | #define X509_F_CHECK_POLICY 145 | ||
| 1191 | #define X509_F_DIR_CTRL 102 | 1284 | #define X509_F_DIR_CTRL 102 |
| 1192 | #define X509_F_GET_CERT_BY_SUBJECT 103 | 1285 | #define X509_F_GET_CERT_BY_SUBJECT 103 |
| 1193 | #define X509_F_NETSCAPE_SPKI_B64_DECODE 129 | 1286 | #define X509_F_NETSCAPE_SPKI_B64_DECODE 129 |
| 1194 | #define X509_F_NETSCAPE_SPKI_B64_ENCODE 130 | 1287 | #define X509_F_NETSCAPE_SPKI_B64_ENCODE 130 |
| 1288 | #define X509_F_X509AT_ADD1_ATTR 135 | ||
| 1195 | #define X509_F_X509V3_ADD_EXT 104 | 1289 | #define X509_F_X509V3_ADD_EXT 104 |
| 1196 | #define X509_F_X509_ADD_ATTR 135 | ||
| 1197 | #define X509_F_X509_ATTRIBUTE_CREATE_BY_NID 136 | 1290 | #define X509_F_X509_ATTRIBUTE_CREATE_BY_NID 136 |
| 1198 | #define X509_F_X509_ATTRIBUTE_CREATE_BY_OBJ 137 | 1291 | #define X509_F_X509_ATTRIBUTE_CREATE_BY_OBJ 137 |
| 1199 | #define X509_F_X509_ATTRIBUTE_CREATE_BY_TXT 140 | 1292 | #define X509_F_X509_ATTRIBUTE_CREATE_BY_TXT 140 |
| 1200 | #define X509_F_X509_ATTRIBUTE_GET0_DATA 139 | 1293 | #define X509_F_X509_ATTRIBUTE_GET0_DATA 139 |
| 1201 | #define X509_F_X509_ATTRIBUTE_SET1_DATA 138 | 1294 | #define X509_F_X509_ATTRIBUTE_SET1_DATA 138 |
| 1202 | #define X509_F_X509_CHECK_PRIVATE_KEY 128 | 1295 | #define X509_F_X509_CHECK_PRIVATE_KEY 128 |
| 1296 | #define X509_F_X509_CRL_PRINT_FP 147 | ||
| 1203 | #define X509_F_X509_EXTENSION_CREATE_BY_NID 108 | 1297 | #define X509_F_X509_EXTENSION_CREATE_BY_NID 108 |
| 1204 | #define X509_F_X509_EXTENSION_CREATE_BY_OBJ 109 | 1298 | #define X509_F_X509_EXTENSION_CREATE_BY_OBJ 109 |
| 1205 | #define X509_F_X509_GET_PUBKEY_PARAMETERS 110 | 1299 | #define X509_F_X509_GET_PUBKEY_PARAMETERS 110 |
| @@ -1212,14 +1306,16 @@ void ERR_load_X509_strings(void); | |||
| 1212 | #define X509_F_X509_NAME_ENTRY_SET_OBJECT 115 | 1306 | #define X509_F_X509_NAME_ENTRY_SET_OBJECT 115 |
| 1213 | #define X509_F_X509_NAME_ONELINE 116 | 1307 | #define X509_F_X509_NAME_ONELINE 116 |
| 1214 | #define X509_F_X509_NAME_PRINT 117 | 1308 | #define X509_F_X509_NAME_PRINT 117 |
| 1215 | #define X509_F_X509_PRINT_FP 118 | 1309 | #define X509_F_X509_PRINT_EX_FP 118 |
| 1216 | #define X509_F_X509_PUBKEY_GET 119 | 1310 | #define X509_F_X509_PUBKEY_GET 119 |
| 1217 | #define X509_F_X509_PUBKEY_SET 120 | 1311 | #define X509_F_X509_PUBKEY_SET 120 |
| 1218 | #define X509_F_X509_REQ_PRINT 121 | 1312 | #define X509_F_X509_REQ_CHECK_PRIVATE_KEY 144 |
| 1313 | #define X509_F_X509_REQ_PRINT_EX 121 | ||
| 1219 | #define X509_F_X509_REQ_PRINT_FP 122 | 1314 | #define X509_F_X509_REQ_PRINT_FP 122 |
| 1220 | #define X509_F_X509_REQ_TO_X509 123 | 1315 | #define X509_F_X509_REQ_TO_X509 123 |
| 1221 | #define X509_F_X509_STORE_ADD_CERT 124 | 1316 | #define X509_F_X509_STORE_ADD_CERT 124 |
| 1222 | #define X509_F_X509_STORE_ADD_CRL 125 | 1317 | #define X509_F_X509_STORE_ADD_CRL 125 |
| 1318 | #define X509_F_X509_STORE_CTX_GET1_ISSUER 146 | ||
| 1223 | #define X509_F_X509_STORE_CTX_INIT 143 | 1319 | #define X509_F_X509_STORE_CTX_INIT 143 |
| 1224 | #define X509_F_X509_STORE_CTX_NEW 142 | 1320 | #define X509_F_X509_STORE_CTX_NEW 142 |
| 1225 | #define X509_F_X509_STORE_CTX_PURPOSE_INHERIT 134 | 1321 | #define X509_F_X509_STORE_CTX_PURPOSE_INHERIT 134 |
diff --git a/src/lib/libssl/src/crypto/x509/x509_att.c b/src/lib/libssl/src/crypto/x509/x509_att.c index 0bae3d32a1..511b49d589 100644 --- a/src/lib/libssl/src/crypto/x509/x509_att.c +++ b/src/lib/libssl/src/crypto/x509/x509_att.c | |||
| @@ -67,8 +67,7 @@ | |||
| 67 | 67 | ||
| 68 | int X509at_get_attr_count(const STACK_OF(X509_ATTRIBUTE) *x) | 68 | int X509at_get_attr_count(const STACK_OF(X509_ATTRIBUTE) *x) |
| 69 | { | 69 | { |
| 70 | if (!x) return 0; | 70 | return sk_X509_ATTRIBUTE_num(x); |
| 71 | return(sk_X509_ATTRIBUTE_num(x)); | ||
| 72 | } | 71 | } |
| 73 | 72 | ||
| 74 | int X509at_get_attr_by_NID(const STACK_OF(X509_ATTRIBUTE) *x, int nid, | 73 | int X509at_get_attr_by_NID(const STACK_OF(X509_ATTRIBUTE) *x, int nid, |
| @@ -125,7 +124,13 @@ STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr(STACK_OF(X509_ATTRIBUTE) **x, | |||
| 125 | X509_ATTRIBUTE *new_attr=NULL; | 124 | X509_ATTRIBUTE *new_attr=NULL; |
| 126 | STACK_OF(X509_ATTRIBUTE) *sk=NULL; | 125 | STACK_OF(X509_ATTRIBUTE) *sk=NULL; |
| 127 | 126 | ||
| 128 | if ((x != NULL) && (*x == NULL)) | 127 | if (x == NULL) |
| 128 | { | ||
| 129 | X509err(X509_F_X509AT_ADD1_ATTR, ERR_R_PASSED_NULL_PARAMETER); | ||
| 130 | goto err2; | ||
| 131 | } | ||
| 132 | |||
| 133 | if (*x == NULL) | ||
| 129 | { | 134 | { |
| 130 | if ((sk=sk_X509_ATTRIBUTE_new_null()) == NULL) | 135 | if ((sk=sk_X509_ATTRIBUTE_new_null()) == NULL) |
| 131 | goto err; | 136 | goto err; |
| @@ -137,11 +142,11 @@ STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr(STACK_OF(X509_ATTRIBUTE) **x, | |||
| 137 | goto err2; | 142 | goto err2; |
| 138 | if (!sk_X509_ATTRIBUTE_push(sk,new_attr)) | 143 | if (!sk_X509_ATTRIBUTE_push(sk,new_attr)) |
| 139 | goto err; | 144 | goto err; |
| 140 | if ((x != NULL) && (*x == NULL)) | 145 | if (*x == NULL) |
| 141 | *x=sk; | 146 | *x=sk; |
| 142 | return(sk); | 147 | return(sk); |
| 143 | err: | 148 | err: |
| 144 | X509err(X509_F_X509_ADD_ATTR,ERR_R_MALLOC_FAILURE); | 149 | X509err(X509_F_X509AT_ADD1_ATTR,ERR_R_MALLOC_FAILURE); |
| 145 | err2: | 150 | err2: |
| 146 | if (new_attr != NULL) X509_ATTRIBUTE_free(new_attr); | 151 | if (new_attr != NULL) X509_ATTRIBUTE_free(new_attr); |
| 147 | if (sk != NULL) sk_X509_ATTRIBUTE_free(sk); | 152 | if (sk != NULL) sk_X509_ATTRIBUTE_free(sk); |
| @@ -187,6 +192,22 @@ STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_txt(STACK_OF(X509_ATTRIBUTE) **x, | |||
| 187 | return ret; | 192 | return ret; |
| 188 | } | 193 | } |
| 189 | 194 | ||
| 195 | void *X509at_get0_data_by_OBJ(STACK_OF(X509_ATTRIBUTE) *x, | ||
| 196 | ASN1_OBJECT *obj, int lastpos, int type) | ||
| 197 | { | ||
| 198 | int i; | ||
| 199 | X509_ATTRIBUTE *at; | ||
| 200 | i = X509at_get_attr_by_OBJ(x, obj, lastpos); | ||
| 201 | if (i == -1) | ||
| 202 | return NULL; | ||
| 203 | if ((lastpos <= -2) && (X509at_get_attr_by_OBJ(x, obj, i) != -1)) | ||
| 204 | return NULL; | ||
| 205 | at = X509at_get_attr(x, i); | ||
| 206 | if (lastpos <= -3 && (X509_ATTRIBUTE_count(at) != 1)) | ||
| 207 | return NULL; | ||
| 208 | return X509_ATTRIBUTE_get0_data(at, 0, type, NULL); | ||
| 209 | } | ||
| 210 | |||
| 190 | X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_NID(X509_ATTRIBUTE **attr, int nid, | 211 | X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_NID(X509_ATTRIBUTE **attr, int nid, |
| 191 | int atrtype, const void *data, int len) | 212 | int atrtype, const void *data, int len) |
| 192 | { | 213 | { |
| @@ -264,8 +285,8 @@ int X509_ATTRIBUTE_set1_object(X509_ATTRIBUTE *attr, const ASN1_OBJECT *obj) | |||
| 264 | int X509_ATTRIBUTE_set1_data(X509_ATTRIBUTE *attr, int attrtype, const void *data, int len) | 285 | int X509_ATTRIBUTE_set1_data(X509_ATTRIBUTE *attr, int attrtype, const void *data, int len) |
| 265 | { | 286 | { |
| 266 | ASN1_TYPE *ttmp; | 287 | ASN1_TYPE *ttmp; |
| 267 | ASN1_STRING *stmp; | 288 | ASN1_STRING *stmp = NULL; |
| 268 | int atype; | 289 | int atype = 0; |
| 269 | if (!attr) return 0; | 290 | if (!attr) return 0; |
| 270 | if(attrtype & MBSTRING_FLAG) { | 291 | if(attrtype & MBSTRING_FLAG) { |
| 271 | stmp = ASN1_STRING_set_by_NID(NULL, data, len, attrtype, | 292 | stmp = ASN1_STRING_set_by_NID(NULL, data, len, attrtype, |
| @@ -275,16 +296,22 @@ int X509_ATTRIBUTE_set1_data(X509_ATTRIBUTE *attr, int attrtype, const void *dat | |||
| 275 | return 0; | 296 | return 0; |
| 276 | } | 297 | } |
| 277 | atype = stmp->type; | 298 | atype = stmp->type; |
| 278 | } else { | 299 | } else if (len != -1){ |
| 279 | if(!(stmp = ASN1_STRING_type_new(attrtype))) goto err; | 300 | if(!(stmp = ASN1_STRING_type_new(attrtype))) goto err; |
| 280 | if(!ASN1_STRING_set(stmp, data, len)) goto err; | 301 | if(!ASN1_STRING_set(stmp, data, len)) goto err; |
| 281 | atype = attrtype; | 302 | atype = attrtype; |
| 282 | } | 303 | } |
| 283 | if(!(attr->value.set = sk_ASN1_TYPE_new_null())) goto err; | 304 | if(!(attr->value.set = sk_ASN1_TYPE_new_null())) goto err; |
| 284 | if(!(ttmp = ASN1_TYPE_new())) goto err; | 305 | if(!(ttmp = ASN1_TYPE_new())) goto err; |
| 306 | if (len == -1) | ||
| 307 | { | ||
| 308 | if (!ASN1_TYPE_set1(ttmp, attrtype, data)) | ||
| 309 | goto err; | ||
| 310 | } | ||
| 311 | else | ||
| 312 | ASN1_TYPE_set(ttmp, atype, stmp); | ||
| 285 | if(!sk_ASN1_TYPE_push(attr->value.set, ttmp)) goto err; | 313 | if(!sk_ASN1_TYPE_push(attr->value.set, ttmp)) goto err; |
| 286 | attr->single = 0; | 314 | attr->single = 0; |
| 287 | ASN1_TYPE_set(ttmp, atype, stmp); | ||
| 288 | return 1; | 315 | return 1; |
| 289 | err: | 316 | err: |
| 290 | X509err(X509_F_X509_ATTRIBUTE_SET1_DATA, ERR_R_MALLOC_FAILURE); | 317 | X509err(X509_F_X509_ATTRIBUTE_SET1_DATA, ERR_R_MALLOC_FAILURE); |
diff --git a/src/lib/libssl/src/crypto/x509/x509_cmp.c b/src/lib/libssl/src/crypto/x509/x509_cmp.c index 030d0966fc..0d6bc653b2 100644 --- a/src/lib/libssl/src/crypto/x509/x509_cmp.c +++ b/src/lib/libssl/src/crypto/x509/x509_cmp.c | |||
| @@ -322,16 +322,10 @@ unsigned long X509_NAME_hash(X509_NAME *x) | |||
| 322 | { | 322 | { |
| 323 | unsigned long ret=0; | 323 | unsigned long ret=0; |
| 324 | unsigned char md[16]; | 324 | unsigned char md[16]; |
| 325 | EVP_MD_CTX md_ctx; | ||
| 326 | 325 | ||
| 327 | /* Make sure X509_NAME structure contains valid cached encoding */ | 326 | /* Make sure X509_NAME structure contains valid cached encoding */ |
| 328 | i2d_X509_NAME(x,NULL); | 327 | i2d_X509_NAME(x,NULL); |
| 329 | EVP_MD_CTX_init(&md_ctx); | 328 | EVP_Digest(x->bytes->data, x->bytes->length, md, NULL, EVP_md5(), NULL); |
| 330 | EVP_MD_CTX_set_flags(&md_ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); | ||
| 331 | EVP_DigestInit_ex(&md_ctx, EVP_md5(), NULL); | ||
| 332 | EVP_DigestUpdate(&md_ctx, x->bytes->data, x->bytes->length); | ||
| 333 | EVP_DigestFinal_ex(&md_ctx,md,NULL); | ||
| 334 | EVP_MD_CTX_cleanup(&md_ctx); | ||
| 335 | 329 | ||
| 336 | ret=( ((unsigned long)md[0] )|((unsigned long)md[1]<<8L)| | 330 | ret=( ((unsigned long)md[0] )|((unsigned long)md[1]<<8L)| |
| 337 | ((unsigned long)md[2]<<16L)|((unsigned long)md[3]<<24L) | 331 | ((unsigned long)md[2]<<16L)|((unsigned long)md[3]<<24L) |
| @@ -396,45 +390,36 @@ int X509_check_private_key(X509 *x, EVP_PKEY *k) | |||
| 396 | int ok=0; | 390 | int ok=0; |
| 397 | 391 | ||
| 398 | xk=X509_get_pubkey(x); | 392 | xk=X509_get_pubkey(x); |
| 399 | if (xk->type != k->type) | 393 | switch (EVP_PKEY_cmp(xk, k)) |
| 400 | { | ||
| 401 | X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_KEY_TYPE_MISMATCH); | ||
| 402 | goto err; | ||
| 403 | } | ||
| 404 | switch (k->type) | ||
| 405 | { | 394 | { |
| 406 | #ifndef OPENSSL_NO_RSA | 395 | case 1: |
| 407 | case EVP_PKEY_RSA: | 396 | ok=1; |
| 408 | if (BN_cmp(xk->pkey.rsa->n,k->pkey.rsa->n) != 0 | ||
| 409 | || BN_cmp(xk->pkey.rsa->e,k->pkey.rsa->e) != 0) | ||
| 410 | { | ||
| 411 | X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_KEY_VALUES_MISMATCH); | ||
| 412 | goto err; | ||
| 413 | } | ||
| 414 | break; | 397 | break; |
| 415 | #endif | 398 | case 0: |
| 416 | #ifndef OPENSSL_NO_DSA | 399 | X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_KEY_VALUES_MISMATCH); |
| 417 | case EVP_PKEY_DSA: | 400 | break; |
| 418 | if (BN_cmp(xk->pkey.dsa->pub_key,k->pkey.dsa->pub_key) != 0) | 401 | case -1: |
| 419 | { | 402 | X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_KEY_TYPE_MISMATCH); |
| 420 | X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_KEY_VALUES_MISMATCH); | ||
| 421 | goto err; | ||
| 422 | } | ||
| 423 | break; | 403 | break; |
| 404 | case -2: | ||
| 405 | #ifndef OPENSSL_NO_EC | ||
| 406 | if (k->type == EVP_PKEY_EC) | ||
| 407 | { | ||
| 408 | X509err(X509_F_X509_CHECK_PRIVATE_KEY, ERR_R_EC_LIB); | ||
| 409 | break; | ||
| 410 | } | ||
| 424 | #endif | 411 | #endif |
| 425 | #ifndef OPENSSL_NO_DH | 412 | #ifndef OPENSSL_NO_DH |
| 426 | case EVP_PKEY_DH: | 413 | if (k->type == EVP_PKEY_DH) |
| 427 | /* No idea */ | 414 | { |
| 428 | X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_CANT_CHECK_DH_KEY); | 415 | /* No idea */ |
| 429 | goto err; | 416 | X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_CANT_CHECK_DH_KEY); |
| 417 | break; | ||
| 418 | } | ||
| 430 | #endif | 419 | #endif |
| 431 | default: | ||
| 432 | X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_UNKNOWN_KEY_TYPE); | 420 | X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_UNKNOWN_KEY_TYPE); |
| 433 | goto err; | ||
| 434 | } | 421 | } |
| 435 | 422 | ||
| 436 | ok=1; | ||
| 437 | err: | ||
| 438 | EVP_PKEY_free(xk); | 423 | EVP_PKEY_free(xk); |
| 439 | return(ok); | 424 | return(ok); |
| 440 | } | 425 | } |
diff --git a/src/lib/libssl/src/crypto/x509/x509_err.c b/src/lib/libssl/src/crypto/x509/x509_err.c index d44d046027..fb377292da 100644 --- a/src/lib/libssl/src/crypto/x509/x509_err.c +++ b/src/lib/libssl/src/crypto/x509/x509_err.c | |||
| @@ -72,18 +72,20 @@ static ERR_STRING_DATA X509_str_functs[]= | |||
| 72 | { | 72 | { |
| 73 | {ERR_FUNC(X509_F_ADD_CERT_DIR), "ADD_CERT_DIR"}, | 73 | {ERR_FUNC(X509_F_ADD_CERT_DIR), "ADD_CERT_DIR"}, |
| 74 | {ERR_FUNC(X509_F_BY_FILE_CTRL), "BY_FILE_CTRL"}, | 74 | {ERR_FUNC(X509_F_BY_FILE_CTRL), "BY_FILE_CTRL"}, |
| 75 | {ERR_FUNC(X509_F_CHECK_POLICY), "CHECK_POLICY"}, | ||
| 75 | {ERR_FUNC(X509_F_DIR_CTRL), "DIR_CTRL"}, | 76 | {ERR_FUNC(X509_F_DIR_CTRL), "DIR_CTRL"}, |
| 76 | {ERR_FUNC(X509_F_GET_CERT_BY_SUBJECT), "GET_CERT_BY_SUBJECT"}, | 77 | {ERR_FUNC(X509_F_GET_CERT_BY_SUBJECT), "GET_CERT_BY_SUBJECT"}, |
| 77 | {ERR_FUNC(X509_F_NETSCAPE_SPKI_B64_DECODE), "NETSCAPE_SPKI_b64_decode"}, | 78 | {ERR_FUNC(X509_F_NETSCAPE_SPKI_B64_DECODE), "NETSCAPE_SPKI_b64_decode"}, |
| 78 | {ERR_FUNC(X509_F_NETSCAPE_SPKI_B64_ENCODE), "NETSCAPE_SPKI_b64_encode"}, | 79 | {ERR_FUNC(X509_F_NETSCAPE_SPKI_B64_ENCODE), "NETSCAPE_SPKI_b64_encode"}, |
| 80 | {ERR_FUNC(X509_F_X509AT_ADD1_ATTR), "X509at_add1_attr"}, | ||
| 79 | {ERR_FUNC(X509_F_X509V3_ADD_EXT), "X509v3_add_ext"}, | 81 | {ERR_FUNC(X509_F_X509V3_ADD_EXT), "X509v3_add_ext"}, |
| 80 | {ERR_FUNC(X509_F_X509_ADD_ATTR), "X509_ADD_ATTR"}, | ||
| 81 | {ERR_FUNC(X509_F_X509_ATTRIBUTE_CREATE_BY_NID), "X509_ATTRIBUTE_create_by_NID"}, | 82 | {ERR_FUNC(X509_F_X509_ATTRIBUTE_CREATE_BY_NID), "X509_ATTRIBUTE_create_by_NID"}, |
| 82 | {ERR_FUNC(X509_F_X509_ATTRIBUTE_CREATE_BY_OBJ), "X509_ATTRIBUTE_create_by_OBJ"}, | 83 | {ERR_FUNC(X509_F_X509_ATTRIBUTE_CREATE_BY_OBJ), "X509_ATTRIBUTE_create_by_OBJ"}, |
| 83 | {ERR_FUNC(X509_F_X509_ATTRIBUTE_CREATE_BY_TXT), "X509_ATTRIBUTE_create_by_txt"}, | 84 | {ERR_FUNC(X509_F_X509_ATTRIBUTE_CREATE_BY_TXT), "X509_ATTRIBUTE_create_by_txt"}, |
| 84 | {ERR_FUNC(X509_F_X509_ATTRIBUTE_GET0_DATA), "X509_ATTRIBUTE_get0_data"}, | 85 | {ERR_FUNC(X509_F_X509_ATTRIBUTE_GET0_DATA), "X509_ATTRIBUTE_get0_data"}, |
| 85 | {ERR_FUNC(X509_F_X509_ATTRIBUTE_SET1_DATA), "X509_ATTRIBUTE_set1_data"}, | 86 | {ERR_FUNC(X509_F_X509_ATTRIBUTE_SET1_DATA), "X509_ATTRIBUTE_set1_data"}, |
| 86 | {ERR_FUNC(X509_F_X509_CHECK_PRIVATE_KEY), "X509_check_private_key"}, | 87 | {ERR_FUNC(X509_F_X509_CHECK_PRIVATE_KEY), "X509_check_private_key"}, |
| 88 | {ERR_FUNC(X509_F_X509_CRL_PRINT_FP), "X509_CRL_print_fp"}, | ||
| 87 | {ERR_FUNC(X509_F_X509_EXTENSION_CREATE_BY_NID), "X509_EXTENSION_create_by_NID"}, | 89 | {ERR_FUNC(X509_F_X509_EXTENSION_CREATE_BY_NID), "X509_EXTENSION_create_by_NID"}, |
| 88 | {ERR_FUNC(X509_F_X509_EXTENSION_CREATE_BY_OBJ), "X509_EXTENSION_create_by_OBJ"}, | 90 | {ERR_FUNC(X509_F_X509_EXTENSION_CREATE_BY_OBJ), "X509_EXTENSION_create_by_OBJ"}, |
| 89 | {ERR_FUNC(X509_F_X509_GET_PUBKEY_PARAMETERS), "X509_get_pubkey_parameters"}, | 91 | {ERR_FUNC(X509_F_X509_GET_PUBKEY_PARAMETERS), "X509_get_pubkey_parameters"}, |
| @@ -96,14 +98,16 @@ static ERR_STRING_DATA X509_str_functs[]= | |||
| 96 | {ERR_FUNC(X509_F_X509_NAME_ENTRY_SET_OBJECT), "X509_NAME_ENTRY_set_object"}, | 98 | {ERR_FUNC(X509_F_X509_NAME_ENTRY_SET_OBJECT), "X509_NAME_ENTRY_set_object"}, |
| 97 | {ERR_FUNC(X509_F_X509_NAME_ONELINE), "X509_NAME_oneline"}, | 99 | {ERR_FUNC(X509_F_X509_NAME_ONELINE), "X509_NAME_oneline"}, |
| 98 | {ERR_FUNC(X509_F_X509_NAME_PRINT), "X509_NAME_print"}, | 100 | {ERR_FUNC(X509_F_X509_NAME_PRINT), "X509_NAME_print"}, |
| 99 | {ERR_FUNC(X509_F_X509_PRINT_FP), "X509_print_fp"}, | 101 | {ERR_FUNC(X509_F_X509_PRINT_EX_FP), "X509_print_ex_fp"}, |
| 100 | {ERR_FUNC(X509_F_X509_PUBKEY_GET), "X509_PUBKEY_get"}, | 102 | {ERR_FUNC(X509_F_X509_PUBKEY_GET), "X509_PUBKEY_get"}, |
| 101 | {ERR_FUNC(X509_F_X509_PUBKEY_SET), "X509_PUBKEY_set"}, | 103 | {ERR_FUNC(X509_F_X509_PUBKEY_SET), "X509_PUBKEY_set"}, |
| 102 | {ERR_FUNC(X509_F_X509_REQ_PRINT), "X509_REQ_print"}, | 104 | {ERR_FUNC(X509_F_X509_REQ_CHECK_PRIVATE_KEY), "X509_REQ_check_private_key"}, |
| 105 | {ERR_FUNC(X509_F_X509_REQ_PRINT_EX), "X509_REQ_print_ex"}, | ||
| 103 | {ERR_FUNC(X509_F_X509_REQ_PRINT_FP), "X509_REQ_print_fp"}, | 106 | {ERR_FUNC(X509_F_X509_REQ_PRINT_FP), "X509_REQ_print_fp"}, |
| 104 | {ERR_FUNC(X509_F_X509_REQ_TO_X509), "X509_REQ_to_X509"}, | 107 | {ERR_FUNC(X509_F_X509_REQ_TO_X509), "X509_REQ_to_X509"}, |
| 105 | {ERR_FUNC(X509_F_X509_STORE_ADD_CERT), "X509_STORE_add_cert"}, | 108 | {ERR_FUNC(X509_F_X509_STORE_ADD_CERT), "X509_STORE_add_cert"}, |
| 106 | {ERR_FUNC(X509_F_X509_STORE_ADD_CRL), "X509_STORE_add_crl"}, | 109 | {ERR_FUNC(X509_F_X509_STORE_ADD_CRL), "X509_STORE_add_crl"}, |
| 110 | {ERR_FUNC(X509_F_X509_STORE_CTX_GET1_ISSUER), "X509_STORE_CTX_get1_issuer"}, | ||
| 107 | {ERR_FUNC(X509_F_X509_STORE_CTX_INIT), "X509_STORE_CTX_init"}, | 111 | {ERR_FUNC(X509_F_X509_STORE_CTX_INIT), "X509_STORE_CTX_init"}, |
| 108 | {ERR_FUNC(X509_F_X509_STORE_CTX_NEW), "X509_STORE_CTX_new"}, | 112 | {ERR_FUNC(X509_F_X509_STORE_CTX_NEW), "X509_STORE_CTX_new"}, |
| 109 | {ERR_FUNC(X509_F_X509_STORE_CTX_PURPOSE_INHERIT), "X509_STORE_CTX_purpose_inherit"}, | 113 | {ERR_FUNC(X509_F_X509_STORE_CTX_PURPOSE_INHERIT), "X509_STORE_CTX_purpose_inherit"}, |
| @@ -146,15 +150,12 @@ static ERR_STRING_DATA X509_str_reasons[]= | |||
| 146 | 150 | ||
| 147 | void ERR_load_X509_strings(void) | 151 | void ERR_load_X509_strings(void) |
| 148 | { | 152 | { |
| 149 | static int init=1; | 153 | #ifndef OPENSSL_NO_ERR |
| 150 | 154 | ||
| 151 | if (init) | 155 | if (ERR_func_error_string(X509_str_functs[0].error) == NULL) |
| 152 | { | 156 | { |
| 153 | init=0; | ||
| 154 | #ifndef OPENSSL_NO_ERR | ||
| 155 | ERR_load_strings(0,X509_str_functs); | 157 | ERR_load_strings(0,X509_str_functs); |
| 156 | ERR_load_strings(0,X509_str_reasons); | 158 | ERR_load_strings(0,X509_str_reasons); |
| 157 | #endif | ||
| 158 | |||
| 159 | } | 159 | } |
| 160 | #endif | ||
| 160 | } | 161 | } |
diff --git a/src/lib/libssl/src/crypto/x509/x509_lu.c b/src/lib/libssl/src/crypto/x509/x509_lu.c index b780dae5e2..cd2cfb6d85 100644 --- a/src/lib/libssl/src/crypto/x509/x509_lu.c +++ b/src/lib/libssl/src/crypto/x509/x509_lu.c | |||
| @@ -187,10 +187,8 @@ X509_STORE *X509_STORE_new(void) | |||
| 187 | ret->verify=0; | 187 | ret->verify=0; |
| 188 | ret->verify_cb=0; | 188 | ret->verify_cb=0; |
| 189 | 189 | ||
| 190 | ret->purpose = 0; | 190 | if ((ret->param = X509_VERIFY_PARAM_new()) == NULL) |
| 191 | ret->trust = 0; | 191 | return NULL; |
| 192 | |||
| 193 | ret->flags = 0; | ||
| 194 | 192 | ||
| 195 | ret->get_issuer = 0; | 193 | ret->get_issuer = 0; |
| 196 | ret->check_issued = 0; | 194 | ret->check_issued = 0; |
| @@ -202,7 +200,6 @@ X509_STORE *X509_STORE_new(void) | |||
| 202 | 200 | ||
| 203 | CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509_STORE, ret, &ret->ex_data); | 201 | CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509_STORE, ret, &ret->ex_data); |
| 204 | ret->references=1; | 202 | ret->references=1; |
| 205 | ret->depth=0; | ||
| 206 | return ret; | 203 | return ret; |
| 207 | } | 204 | } |
| 208 | 205 | ||
| @@ -244,6 +241,8 @@ void X509_STORE_free(X509_STORE *vfy) | |||
| 244 | sk_X509_OBJECT_pop_free(vfy->objs, cleanup); | 241 | sk_X509_OBJECT_pop_free(vfy->objs, cleanup); |
| 245 | 242 | ||
| 246 | CRYPTO_free_ex_data(CRYPTO_EX_INDEX_X509_STORE, vfy, &vfy->ex_data); | 243 | CRYPTO_free_ex_data(CRYPTO_EX_INDEX_X509_STORE, vfy, &vfy->ex_data); |
| 244 | if (vfy->param) | ||
| 245 | X509_VERIFY_PARAM_free(vfy->param); | ||
| 247 | OPENSSL_free(vfy); | 246 | OPENSSL_free(vfy); |
| 248 | } | 247 | } |
| 249 | 248 | ||
| @@ -498,7 +497,7 @@ int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x) | |||
| 498 | if (ok == X509_LU_RETRY) | 497 | if (ok == X509_LU_RETRY) |
| 499 | { | 498 | { |
| 500 | X509_OBJECT_free_contents(&obj); | 499 | X509_OBJECT_free_contents(&obj); |
| 501 | X509err(X509_F_X509_VERIFY_CERT,X509_R_SHOULD_RETRY); | 500 | X509err(X509_F_X509_STORE_CTX_GET1_ISSUER,X509_R_SHOULD_RETRY); |
| 502 | return -1; | 501 | return -1; |
| 503 | } | 502 | } |
| 504 | else if (ok != X509_LU_FAIL) | 503 | else if (ok != X509_LU_FAIL) |
| @@ -538,19 +537,30 @@ int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x) | |||
| 538 | return 0; | 537 | return 0; |
| 539 | } | 538 | } |
| 540 | 539 | ||
| 541 | void X509_STORE_set_flags(X509_STORE *ctx, long flags) | 540 | int X509_STORE_set_flags(X509_STORE *ctx, unsigned long flags) |
| 542 | { | 541 | { |
| 543 | ctx->flags |= flags; | 542 | return X509_VERIFY_PARAM_set_flags(ctx->param, flags); |
| 543 | } | ||
| 544 | |||
| 545 | int X509_STORE_set_depth(X509_STORE *ctx, int depth) | ||
| 546 | { | ||
| 547 | X509_VERIFY_PARAM_set_depth(ctx->param, depth); | ||
| 548 | return 1; | ||
| 544 | } | 549 | } |
| 545 | 550 | ||
| 546 | int X509_STORE_set_purpose(X509_STORE *ctx, int purpose) | 551 | int X509_STORE_set_purpose(X509_STORE *ctx, int purpose) |
| 547 | { | 552 | { |
| 548 | return X509_PURPOSE_set(&ctx->purpose, purpose); | 553 | return X509_VERIFY_PARAM_set_purpose(ctx->param, purpose); |
| 549 | } | 554 | } |
| 550 | 555 | ||
| 551 | int X509_STORE_set_trust(X509_STORE *ctx, int trust) | 556 | int X509_STORE_set_trust(X509_STORE *ctx, int trust) |
| 552 | { | 557 | { |
| 553 | return X509_TRUST_set(&ctx->trust, trust); | 558 | return X509_VERIFY_PARAM_set_trust(ctx->param, trust); |
| 559 | } | ||
| 560 | |||
| 561 | int X509_STORE_set1_param(X509_STORE *ctx, X509_VERIFY_PARAM *param) | ||
| 562 | { | ||
| 563 | return X509_VERIFY_PARAM_set1(ctx->param, param); | ||
| 554 | } | 564 | } |
| 555 | 565 | ||
| 556 | IMPLEMENT_STACK_OF(X509_LOOKUP) | 566 | IMPLEMENT_STACK_OF(X509_LOOKUP) |
diff --git a/src/lib/libssl/src/crypto/x509/x509_r2x.c b/src/lib/libssl/src/crypto/x509/x509_r2x.c index fb8a78dabe..254a14693d 100644 --- a/src/lib/libssl/src/crypto/x509/x509_r2x.c +++ b/src/lib/libssl/src/crypto/x509/x509_r2x.c | |||
| @@ -89,8 +89,10 @@ X509 *X509_REQ_to_X509(X509_REQ *r, int days, EVP_PKEY *pkey) | |||
| 89 | } | 89 | } |
| 90 | 90 | ||
| 91 | xn=X509_REQ_get_subject_name(r); | 91 | xn=X509_REQ_get_subject_name(r); |
| 92 | X509_set_subject_name(ret,X509_NAME_dup(xn)); | 92 | if (X509_set_subject_name(ret,X509_NAME_dup(xn)) == 0) |
| 93 | X509_set_issuer_name(ret,X509_NAME_dup(xn)); | 93 | goto err; |
| 94 | if (X509_set_issuer_name(ret,X509_NAME_dup(xn)) == 0) | ||
| 95 | goto err; | ||
| 94 | 96 | ||
| 95 | if (X509_gmtime_adj(xi->validity->notBefore,0) == NULL) | 97 | if (X509_gmtime_adj(xi->validity->notBefore,0) == NULL) |
| 96 | goto err; | 98 | goto err; |
diff --git a/src/lib/libssl/src/crypto/x509/x509_req.c b/src/lib/libssl/src/crypto/x509/x509_req.c index 59fc6ca548..3872e1fb64 100644 --- a/src/lib/libssl/src/crypto/x509/x509_req.c +++ b/src/lib/libssl/src/crypto/x509/x509_req.c | |||
| @@ -113,6 +113,46 @@ EVP_PKEY *X509_REQ_get_pubkey(X509_REQ *req) | |||
| 113 | return(X509_PUBKEY_get(req->req_info->pubkey)); | 113 | return(X509_PUBKEY_get(req->req_info->pubkey)); |
| 114 | } | 114 | } |
| 115 | 115 | ||
| 116 | int X509_REQ_check_private_key(X509_REQ *x, EVP_PKEY *k) | ||
| 117 | { | ||
| 118 | EVP_PKEY *xk=NULL; | ||
| 119 | int ok=0; | ||
| 120 | |||
| 121 | xk=X509_REQ_get_pubkey(x); | ||
| 122 | switch (EVP_PKEY_cmp(xk, k)) | ||
| 123 | { | ||
| 124 | case 1: | ||
| 125 | ok=1; | ||
| 126 | break; | ||
| 127 | case 0: | ||
| 128 | X509err(X509_F_X509_REQ_CHECK_PRIVATE_KEY,X509_R_KEY_VALUES_MISMATCH); | ||
| 129 | break; | ||
| 130 | case -1: | ||
| 131 | X509err(X509_F_X509_REQ_CHECK_PRIVATE_KEY,X509_R_KEY_TYPE_MISMATCH); | ||
| 132 | break; | ||
| 133 | case -2: | ||
| 134 | #ifndef OPENSSL_NO_EC | ||
| 135 | if (k->type == EVP_PKEY_EC) | ||
| 136 | { | ||
| 137 | X509err(X509_F_X509_REQ_CHECK_PRIVATE_KEY, ERR_R_EC_LIB); | ||
| 138 | break; | ||
| 139 | } | ||
| 140 | #endif | ||
| 141 | #ifndef OPENSSL_NO_DH | ||
| 142 | if (k->type == EVP_PKEY_DH) | ||
| 143 | { | ||
| 144 | /* No idea */ | ||
| 145 | X509err(X509_F_X509_REQ_CHECK_PRIVATE_KEY,X509_R_CANT_CHECK_DH_KEY); | ||
| 146 | break; | ||
| 147 | } | ||
| 148 | #endif | ||
| 149 | X509err(X509_F_X509_REQ_CHECK_PRIVATE_KEY,X509_R_UNKNOWN_KEY_TYPE); | ||
| 150 | } | ||
| 151 | |||
| 152 | EVP_PKEY_free(xk); | ||
| 153 | return(ok); | ||
| 154 | } | ||
| 155 | |||
| 116 | /* It seems several organisations had the same idea of including a list of | 156 | /* It seems several organisations had the same idea of including a list of |
| 117 | * extensions in a certificate request. There are at least two OIDs that are | 157 | * extensions in a certificate request. There are at least two OIDs that are |
| 118 | * used and there may be more: so the list is configurable. | 158 | * used and there may be more: so the list is configurable. |
| @@ -147,7 +187,7 @@ STACK_OF(X509_EXTENSION) *X509_REQ_get_extensions(X509_REQ *req) | |||
| 147 | X509_ATTRIBUTE *attr; | 187 | X509_ATTRIBUTE *attr; |
| 148 | ASN1_TYPE *ext = NULL; | 188 | ASN1_TYPE *ext = NULL; |
| 149 | int idx, *pnid; | 189 | int idx, *pnid; |
| 150 | unsigned char *p; | 190 | const unsigned char *p; |
| 151 | 191 | ||
| 152 | if ((req == NULL) || (req->req_info == NULL) || !ext_nids) | 192 | if ((req == NULL) || (req->req_info == NULL) || !ext_nids) |
| 153 | return(NULL); | 193 | return(NULL); |
| @@ -169,7 +209,7 @@ STACK_OF(X509_EXTENSION) *X509_REQ_get_extensions(X509_REQ *req) | |||
| 169 | ext->value.sequence->length, | 209 | ext->value.sequence->length, |
| 170 | d2i_X509_EXTENSION, X509_EXTENSION_free, | 210 | d2i_X509_EXTENSION, X509_EXTENSION_free, |
| 171 | V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL); | 211 | V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL); |
| 172 | } | 212 | } |
| 173 | 213 | ||
| 174 | /* Add a STACK_OF extensions to a certificate request: allow alternative OIDs | 214 | /* Add a STACK_OF extensions to a certificate request: allow alternative OIDs |
| 175 | * in case we want to create a non standard one. | 215 | * in case we want to create a non standard one. |
| @@ -202,6 +242,11 @@ int X509_REQ_add_extensions_nid(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts, | |||
| 202 | at = NULL; | 242 | at = NULL; |
| 203 | attr->single = 0; | 243 | attr->single = 0; |
| 204 | attr->object = OBJ_nid2obj(nid); | 244 | attr->object = OBJ_nid2obj(nid); |
| 245 | if (!req->req_info->attributes) | ||
| 246 | { | ||
| 247 | if (!(req->req_info->attributes = sk_X509_ATTRIBUTE_new_null())) | ||
| 248 | goto err; | ||
| 249 | } | ||
| 205 | if(!sk_X509_ATTRIBUTE_push(req->req_info->attributes, attr)) goto err; | 250 | if(!sk_X509_ATTRIBUTE_push(req->req_info->attributes, attr)) goto err; |
| 206 | return 1; | 251 | return 1; |
| 207 | err: | 252 | err: |
diff --git a/src/lib/libssl/src/crypto/x509/x509_trs.c b/src/lib/libssl/src/crypto/x509/x509_trs.c index 881252608d..9c84a59d52 100644 --- a/src/lib/libssl/src/crypto/x509/x509_trs.c +++ b/src/lib/libssl/src/crypto/x509/x509_trs.c | |||
| @@ -128,7 +128,7 @@ int X509_TRUST_get_count(void) | |||
| 128 | X509_TRUST * X509_TRUST_get0(int idx) | 128 | X509_TRUST * X509_TRUST_get0(int idx) |
| 129 | { | 129 | { |
| 130 | if(idx < 0) return NULL; | 130 | if(idx < 0) return NULL; |
| 131 | if(idx < X509_TRUST_COUNT) return trstandard + idx; | 131 | if(idx < (int)X509_TRUST_COUNT) return trstandard + idx; |
| 132 | return sk_X509_TRUST_value(trtable, idx - X509_TRUST_COUNT); | 132 | return sk_X509_TRUST_value(trtable, idx - X509_TRUST_COUNT); |
| 133 | } | 133 | } |
| 134 | 134 | ||
| @@ -219,7 +219,7 @@ static void trtable_free(X509_TRUST *p) | |||
| 219 | 219 | ||
| 220 | void X509_TRUST_cleanup(void) | 220 | void X509_TRUST_cleanup(void) |
| 221 | { | 221 | { |
| 222 | int i; | 222 | unsigned int i; |
| 223 | for(i = 0; i < X509_TRUST_COUNT; i++) trtable_free(trstandard + i); | 223 | for(i = 0; i < X509_TRUST_COUNT; i++) trtable_free(trstandard + i); |
| 224 | sk_X509_TRUST_pop_free(trtable, trtable_free); | 224 | sk_X509_TRUST_pop_free(trtable, trtable_free); |
| 225 | trtable = NULL; | 225 | trtable = NULL; |
diff --git a/src/lib/libssl/src/crypto/x509/x509_txt.c b/src/lib/libssl/src/crypto/x509/x509_txt.c index f19e66a238..73a8ec726f 100644 --- a/src/lib/libssl/src/crypto/x509/x509_txt.c +++ b/src/lib/libssl/src/crypto/x509/x509_txt.c | |||
| @@ -129,7 +129,7 @@ const char *X509_verify_cert_error_string(long n) | |||
| 129 | case X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED: | 129 | case X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED: |
| 130 | return("proxy path length constraint exceeded"); | 130 | return("proxy path length constraint exceeded"); |
| 131 | case X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED: | 131 | case X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED: |
| 132 | return("proxy cerificates not allowed, please set the appropriate flag"); | 132 | return("proxy certificates not allowed, please set the appropriate flag"); |
| 133 | case X509_V_ERR_INVALID_PURPOSE: | 133 | case X509_V_ERR_INVALID_PURPOSE: |
| 134 | return ("unsupported certificate purpose"); | 134 | return ("unsupported certificate purpose"); |
| 135 | case X509_V_ERR_CERT_UNTRUSTED: | 135 | case X509_V_ERR_CERT_UNTRUSTED: |
| @@ -156,6 +156,14 @@ const char *X509_verify_cert_error_string(long n) | |||
| 156 | return("key usage does not include digital signature"); | 156 | return("key usage does not include digital signature"); |
| 157 | case X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION: | 157 | case X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION: |
| 158 | return("unhandled critical CRL extension"); | 158 | return("unhandled critical CRL extension"); |
| 159 | case X509_V_ERR_INVALID_EXTENSION: | ||
| 160 | return("invalid or inconsistent certificate extension"); | ||
| 161 | case X509_V_ERR_INVALID_POLICY_EXTENSION: | ||
| 162 | return("invalid or inconsistent certificate policy extension"); | ||
| 163 | case X509_V_ERR_NO_EXPLICIT_POLICY: | ||
| 164 | return("no explicit policy"); | ||
| 165 | case X509_V_ERR_UNNESTED_RESOURCE: | ||
| 166 | return("RFC 3779 resource not subset of parent's resources"); | ||
| 159 | default: | 167 | default: |
| 160 | BIO_snprintf(buf,sizeof buf,"error number %ld",n); | 168 | BIO_snprintf(buf,sizeof buf,"error number %ld",n); |
| 161 | return(buf); | 169 | return(buf); |
diff --git a/src/lib/libssl/src/crypto/x509/x509_v3.c b/src/lib/libssl/src/crypto/x509/x509_v3.c index 67b1796a92..42e6f0ab05 100644 --- a/src/lib/libssl/src/crypto/x509/x509_v3.c +++ b/src/lib/libssl/src/crypto/x509/x509_v3.c | |||
| @@ -147,7 +147,13 @@ STACK_OF(X509_EXTENSION) *X509v3_add_ext(STACK_OF(X509_EXTENSION) **x, | |||
| 147 | int n; | 147 | int n; |
| 148 | STACK_OF(X509_EXTENSION) *sk=NULL; | 148 | STACK_OF(X509_EXTENSION) *sk=NULL; |
| 149 | 149 | ||
| 150 | if ((x != NULL) && (*x == NULL)) | 150 | if (x == NULL) |
| 151 | { | ||
| 152 | X509err(X509_F_X509V3_ADD_EXT,ERR_R_PASSED_NULL_PARAMETER); | ||
| 153 | goto err2; | ||
| 154 | } | ||
| 155 | |||
| 156 | if (*x == NULL) | ||
| 151 | { | 157 | { |
| 152 | if ((sk=sk_X509_EXTENSION_new_null()) == NULL) | 158 | if ((sk=sk_X509_EXTENSION_new_null()) == NULL) |
| 153 | goto err; | 159 | goto err; |
| @@ -163,7 +169,7 @@ STACK_OF(X509_EXTENSION) *X509v3_add_ext(STACK_OF(X509_EXTENSION) **x, | |||
| 163 | goto err2; | 169 | goto err2; |
| 164 | if (!sk_X509_EXTENSION_insert(sk,new_ex,loc)) | 170 | if (!sk_X509_EXTENSION_insert(sk,new_ex,loc)) |
| 165 | goto err; | 171 | goto err; |
| 166 | if ((x != NULL) && (*x == NULL)) | 172 | if (*x == NULL) |
| 167 | *x=sk; | 173 | *x=sk; |
| 168 | return(sk); | 174 | return(sk); |
| 169 | err: | 175 | err: |
diff --git a/src/lib/libssl/src/crypto/x509/x509_vfy.c b/src/lib/libssl/src/crypto/x509/x509_vfy.c index 383e082aba..9a62ebcf67 100644 --- a/src/lib/libssl/src/crypto/x509/x509_vfy.c +++ b/src/lib/libssl/src/crypto/x509/x509_vfy.c | |||
| @@ -77,8 +77,9 @@ static int check_chain_extensions(X509_STORE_CTX *ctx); | |||
| 77 | static int check_trust(X509_STORE_CTX *ctx); | 77 | static int check_trust(X509_STORE_CTX *ctx); |
| 78 | static int check_revocation(X509_STORE_CTX *ctx); | 78 | static int check_revocation(X509_STORE_CTX *ctx); |
| 79 | static int check_cert(X509_STORE_CTX *ctx); | 79 | static int check_cert(X509_STORE_CTX *ctx); |
| 80 | static int check_policy(X509_STORE_CTX *ctx); | ||
| 80 | static int internal_verify(X509_STORE_CTX *ctx); | 81 | static int internal_verify(X509_STORE_CTX *ctx); |
| 81 | const char *X509_version="X.509" OPENSSL_VERSION_PTEXT; | 82 | const char X509_version[]="X.509" OPENSSL_VERSION_PTEXT; |
| 82 | 83 | ||
| 83 | 84 | ||
| 84 | static int null_callback(int ok, X509_STORE_CTX *e) | 85 | static int null_callback(int ok, X509_STORE_CTX *e) |
| @@ -97,11 +98,12 @@ int X509_verify_cert(X509_STORE_CTX *ctx) | |||
| 97 | { | 98 | { |
| 98 | X509 *x,*xtmp,*chain_ss=NULL; | 99 | X509 *x,*xtmp,*chain_ss=NULL; |
| 99 | X509_NAME *xn; | 100 | X509_NAME *xn; |
| 101 | int bad_chain = 0; | ||
| 102 | X509_VERIFY_PARAM *param = ctx->param; | ||
| 100 | int depth,i,ok=0; | 103 | int depth,i,ok=0; |
| 101 | int num; | 104 | int num; |
| 102 | int (*cb)(); | 105 | int (*cb)(int xok,X509_STORE_CTX *xctx); |
| 103 | STACK_OF(X509) *sktmp=NULL; | 106 | STACK_OF(X509) *sktmp=NULL; |
| 104 | |||
| 105 | if (ctx->cert == NULL) | 107 | if (ctx->cert == NULL) |
| 106 | { | 108 | { |
| 107 | X509err(X509_F_X509_VERIFY_CERT,X509_R_NO_CERT_SET_FOR_US_TO_VERIFY); | 109 | X509err(X509_F_X509_VERIFY_CERT,X509_R_NO_CERT_SET_FOR_US_TO_VERIFY); |
| @@ -134,7 +136,7 @@ int X509_verify_cert(X509_STORE_CTX *ctx) | |||
| 134 | 136 | ||
| 135 | num=sk_X509_num(ctx->chain); | 137 | num=sk_X509_num(ctx->chain); |
| 136 | x=sk_X509_value(ctx->chain,num-1); | 138 | x=sk_X509_value(ctx->chain,num-1); |
| 137 | depth=ctx->depth; | 139 | depth=param->depth; |
| 138 | 140 | ||
| 139 | 141 | ||
| 140 | for (;;) | 142 | for (;;) |
| @@ -162,7 +164,7 @@ int X509_verify_cert(X509_STORE_CTX *ctx) | |||
| 162 | goto end; | 164 | goto end; |
| 163 | } | 165 | } |
| 164 | CRYPTO_add(&xtmp->references,1,CRYPTO_LOCK_X509); | 166 | CRYPTO_add(&xtmp->references,1,CRYPTO_LOCK_X509); |
| 165 | sk_X509_delete_ptr(sktmp,xtmp); | 167 | (void)sk_X509_delete_ptr(sktmp,xtmp); |
| 166 | ctx->last_untrusted++; | 168 | ctx->last_untrusted++; |
| 167 | x=xtmp; | 169 | x=xtmp; |
| 168 | num++; | 170 | num++; |
| @@ -201,6 +203,7 @@ int X509_verify_cert(X509_STORE_CTX *ctx) | |||
| 201 | ctx->current_cert=x; | 203 | ctx->current_cert=x; |
| 202 | ctx->error_depth=i-1; | 204 | ctx->error_depth=i-1; |
| 203 | if (ok == 1) X509_free(xtmp); | 205 | if (ok == 1) X509_free(xtmp); |
| 206 | bad_chain = 1; | ||
| 204 | ok=cb(0,ctx); | 207 | ok=cb(0,ctx); |
| 205 | if (!ok) goto end; | 208 | if (!ok) goto end; |
| 206 | } | 209 | } |
| @@ -211,7 +214,7 @@ int X509_verify_cert(X509_STORE_CTX *ctx) | |||
| 211 | */ | 214 | */ |
| 212 | X509_free(x); | 215 | X509_free(x); |
| 213 | x = xtmp; | 216 | x = xtmp; |
| 214 | sk_X509_set(ctx->chain, i - 1, x); | 217 | (void)sk_X509_set(ctx->chain, i - 1, x); |
| 215 | ctx->last_untrusted=0; | 218 | ctx->last_untrusted=0; |
| 216 | } | 219 | } |
| 217 | } | 220 | } |
| @@ -276,6 +279,7 @@ int X509_verify_cert(X509_STORE_CTX *ctx) | |||
| 276 | } | 279 | } |
| 277 | 280 | ||
| 278 | ctx->error_depth=num-1; | 281 | ctx->error_depth=num-1; |
| 282 | bad_chain = 1; | ||
| 279 | ok=cb(0,ctx); | 283 | ok=cb(0,ctx); |
| 280 | if (!ok) goto end; | 284 | if (!ok) goto end; |
| 281 | } | 285 | } |
| @@ -287,7 +291,7 @@ int X509_verify_cert(X509_STORE_CTX *ctx) | |||
| 287 | 291 | ||
| 288 | /* The chain extensions are OK: check trust */ | 292 | /* The chain extensions are OK: check trust */ |
| 289 | 293 | ||
| 290 | if (ctx->trust > 0) ok = check_trust(ctx); | 294 | if (param->trust > 0) ok = check_trust(ctx); |
| 291 | 295 | ||
| 292 | if (!ok) goto end; | 296 | if (!ok) goto end; |
| 293 | 297 | ||
| @@ -301,11 +305,25 @@ int X509_verify_cert(X509_STORE_CTX *ctx) | |||
| 301 | ok = ctx->check_revocation(ctx); | 305 | ok = ctx->check_revocation(ctx); |
| 302 | if(!ok) goto end; | 306 | if(!ok) goto end; |
| 303 | 307 | ||
| 304 | /* At this point, we have a chain and just need to verify it */ | 308 | /* At this point, we have a chain and need to verify it */ |
| 305 | if (ctx->verify != NULL) | 309 | if (ctx->verify != NULL) |
| 306 | ok=ctx->verify(ctx); | 310 | ok=ctx->verify(ctx); |
| 307 | else | 311 | else |
| 308 | ok=internal_verify(ctx); | 312 | ok=internal_verify(ctx); |
| 313 | if(!ok) goto end; | ||
| 314 | |||
| 315 | #ifndef OPENSSL_NO_RFC3779 | ||
| 316 | /* RFC 3779 path validation, now that CRL check has been done */ | ||
| 317 | ok = v3_asid_validate_path(ctx); | ||
| 318 | if (!ok) goto end; | ||
| 319 | ok = v3_addr_validate_path(ctx); | ||
| 320 | if (!ok) goto end; | ||
| 321 | #endif | ||
| 322 | |||
| 323 | /* If we get this far evaluate policies */ | ||
| 324 | if (!bad_chain && (ctx->param->flags & X509_V_FLAG_POLICY_CHECK)) | ||
| 325 | ok = ctx->check_policy(ctx); | ||
| 326 | if(!ok) goto end; | ||
| 309 | if (0) | 327 | if (0) |
| 310 | { | 328 | { |
| 311 | end: | 329 | end: |
| @@ -342,7 +360,7 @@ static int check_issued(X509_STORE_CTX *ctx, X509 *x, X509 *issuer) | |||
| 342 | if (ret == X509_V_OK) | 360 | if (ret == X509_V_OK) |
| 343 | return 1; | 361 | return 1; |
| 344 | /* If we haven't asked for issuer errors don't set ctx */ | 362 | /* If we haven't asked for issuer errors don't set ctx */ |
| 345 | if (!(ctx->flags & X509_V_FLAG_CB_ISSUER_CHECK)) | 363 | if (!(ctx->param->flags & X509_V_FLAG_CB_ISSUER_CHECK)) |
| 346 | return 0; | 364 | return 0; |
| 347 | 365 | ||
| 348 | ctx->error = ret; | 366 | ctx->error = ret; |
| @@ -365,7 +383,7 @@ static int get_issuer_sk(X509 **issuer, X509_STORE_CTX *ctx, X509 *x) | |||
| 365 | else | 383 | else |
| 366 | return 0; | 384 | return 0; |
| 367 | } | 385 | } |
| 368 | 386 | ||
| 369 | 387 | ||
| 370 | /* Check a certificate chains extensions for consistency | 388 | /* Check a certificate chains extensions for consistency |
| 371 | * with the supplied purpose | 389 | * with the supplied purpose |
| @@ -378,9 +396,10 @@ static int check_chain_extensions(X509_STORE_CTX *ctx) | |||
| 378 | #else | 396 | #else |
| 379 | int i, ok=0, must_be_ca; | 397 | int i, ok=0, must_be_ca; |
| 380 | X509 *x; | 398 | X509 *x; |
| 381 | int (*cb)(); | 399 | int (*cb)(int xok,X509_STORE_CTX *xctx); |
| 382 | int proxy_path_length = 0; | 400 | int proxy_path_length = 0; |
| 383 | int allow_proxy_certs = !!(ctx->flags & X509_V_FLAG_ALLOW_PROXY_CERTS); | 401 | int allow_proxy_certs = |
| 402 | !!(ctx->param->flags & X509_V_FLAG_ALLOW_PROXY_CERTS); | ||
| 384 | cb=ctx->verify_cb; | 403 | cb=ctx->verify_cb; |
| 385 | 404 | ||
| 386 | /* must_be_ca can have 1 of 3 values: | 405 | /* must_be_ca can have 1 of 3 values: |
| @@ -403,7 +422,7 @@ static int check_chain_extensions(X509_STORE_CTX *ctx) | |||
| 403 | { | 422 | { |
| 404 | int ret; | 423 | int ret; |
| 405 | x = sk_X509_value(ctx->chain, i); | 424 | x = sk_X509_value(ctx->chain, i); |
| 406 | if (!(ctx->flags & X509_V_FLAG_IGNORE_CRITICAL) | 425 | if (!(ctx->param->flags & X509_V_FLAG_IGNORE_CRITICAL) |
| 407 | && (x->ex_flags & EXFLAG_CRITICAL)) | 426 | && (x->ex_flags & EXFLAG_CRITICAL)) |
| 408 | { | 427 | { |
| 409 | ctx->error = X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION; | 428 | ctx->error = X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION; |
| @@ -424,7 +443,7 @@ static int check_chain_extensions(X509_STORE_CTX *ctx) | |||
| 424 | switch(must_be_ca) | 443 | switch(must_be_ca) |
| 425 | { | 444 | { |
| 426 | case -1: | 445 | case -1: |
| 427 | if ((ctx->flags & X509_V_FLAG_X509_STRICT) | 446 | if ((ctx->param->flags & X509_V_FLAG_X509_STRICT) |
| 428 | && (ret != 1) && (ret != 0)) | 447 | && (ret != 1) && (ret != 0)) |
| 429 | { | 448 | { |
| 430 | ret = 0; | 449 | ret = 0; |
| @@ -444,7 +463,7 @@ static int check_chain_extensions(X509_STORE_CTX *ctx) | |||
| 444 | break; | 463 | break; |
| 445 | default: | 464 | default: |
| 446 | if ((ret == 0) | 465 | if ((ret == 0) |
| 447 | || ((ctx->flags & X509_V_FLAG_X509_STRICT) | 466 | || ((ctx->param->flags & X509_V_FLAG_X509_STRICT) |
| 448 | && (ret != 1))) | 467 | && (ret != 1))) |
| 449 | { | 468 | { |
| 450 | ret = 0; | 469 | ret = 0; |
| @@ -461,12 +480,12 @@ static int check_chain_extensions(X509_STORE_CTX *ctx) | |||
| 461 | ok=cb(0,ctx); | 480 | ok=cb(0,ctx); |
| 462 | if (!ok) goto end; | 481 | if (!ok) goto end; |
| 463 | } | 482 | } |
| 464 | if (ctx->purpose > 0) | 483 | if (ctx->param->purpose > 0) |
| 465 | { | 484 | { |
| 466 | ret = X509_check_purpose(x, ctx->purpose, | 485 | ret = X509_check_purpose(x, ctx->param->purpose, |
| 467 | must_be_ca > 0); | 486 | must_be_ca > 0); |
| 468 | if ((ret == 0) | 487 | if ((ret == 0) |
| 469 | || ((ctx->flags & X509_V_FLAG_X509_STRICT) | 488 | || ((ctx->param->flags & X509_V_FLAG_X509_STRICT) |
| 470 | && (ret != 1))) | 489 | && (ret != 1))) |
| 471 | { | 490 | { |
| 472 | ctx->error = X509_V_ERR_INVALID_PURPOSE; | 491 | ctx->error = X509_V_ERR_INVALID_PURPOSE; |
| @@ -492,21 +511,15 @@ static int check_chain_extensions(X509_STORE_CTX *ctx) | |||
| 492 | CA certificate. */ | 511 | CA certificate. */ |
| 493 | if (x->ex_flags & EXFLAG_PROXY) | 512 | if (x->ex_flags & EXFLAG_PROXY) |
| 494 | { | 513 | { |
| 495 | PROXY_CERT_INFO_EXTENSION *pci = | 514 | if (x->ex_pcpathlen != -1 && i > x->ex_pcpathlen) |
| 496 | X509_get_ext_d2i(x, NID_proxyCertInfo, | ||
| 497 | NULL, NULL); | ||
| 498 | if (pci->pcPathLengthConstraint && | ||
| 499 | ASN1_INTEGER_get(pci->pcPathLengthConstraint) | ||
| 500 | < i) | ||
| 501 | { | 515 | { |
| 502 | PROXY_CERT_INFO_EXTENSION_free(pci); | 516 | ctx->error = |
| 503 | ctx->error = X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED; | 517 | X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED; |
| 504 | ctx->error_depth = i; | 518 | ctx->error_depth = i; |
| 505 | ctx->current_cert = x; | 519 | ctx->current_cert = x; |
| 506 | ok=cb(0,ctx); | 520 | ok=cb(0,ctx); |
| 507 | if (!ok) goto end; | 521 | if (!ok) goto end; |
| 508 | } | 522 | } |
| 509 | PROXY_CERT_INFO_EXTENSION_free(pci); | ||
| 510 | proxy_path_length++; | 523 | proxy_path_length++; |
| 511 | must_be_ca = 0; | 524 | must_be_ca = 0; |
| 512 | } | 525 | } |
| @@ -526,12 +539,12 @@ static int check_trust(X509_STORE_CTX *ctx) | |||
| 526 | #else | 539 | #else |
| 527 | int i, ok; | 540 | int i, ok; |
| 528 | X509 *x; | 541 | X509 *x; |
| 529 | int (*cb)(); | 542 | int (*cb)(int xok,X509_STORE_CTX *xctx); |
| 530 | cb=ctx->verify_cb; | 543 | cb=ctx->verify_cb; |
| 531 | /* For now just check the last certificate in the chain */ | 544 | /* For now just check the last certificate in the chain */ |
| 532 | i = sk_X509_num(ctx->chain) - 1; | 545 | i = sk_X509_num(ctx->chain) - 1; |
| 533 | x = sk_X509_value(ctx->chain, i); | 546 | x = sk_X509_value(ctx->chain, i); |
| 534 | ok = X509_check_trust(x, ctx->trust, 0); | 547 | ok = X509_check_trust(x, ctx->param->trust, 0); |
| 535 | if (ok == X509_TRUST_TRUSTED) | 548 | if (ok == X509_TRUST_TRUSTED) |
| 536 | return 1; | 549 | return 1; |
| 537 | ctx->error_depth = i; | 550 | ctx->error_depth = i; |
| @@ -548,9 +561,9 @@ static int check_trust(X509_STORE_CTX *ctx) | |||
| 548 | static int check_revocation(X509_STORE_CTX *ctx) | 561 | static int check_revocation(X509_STORE_CTX *ctx) |
| 549 | { | 562 | { |
| 550 | int i, last, ok; | 563 | int i, last, ok; |
| 551 | if (!(ctx->flags & X509_V_FLAG_CRL_CHECK)) | 564 | if (!(ctx->param->flags & X509_V_FLAG_CRL_CHECK)) |
| 552 | return 1; | 565 | return 1; |
| 553 | if (ctx->flags & X509_V_FLAG_CRL_CHECK_ALL) | 566 | if (ctx->param->flags & X509_V_FLAG_CRL_CHECK_ALL) |
| 554 | last = sk_X509_num(ctx->chain) - 1; | 567 | last = sk_X509_num(ctx->chain) - 1; |
| 555 | else | 568 | else |
| 556 | last = 0; | 569 | last = 0; |
| @@ -593,17 +606,124 @@ static int check_cert(X509_STORE_CTX *ctx) | |||
| 593 | 606 | ||
| 594 | } | 607 | } |
| 595 | 608 | ||
| 609 | /* Check CRL times against values in X509_STORE_CTX */ | ||
| 610 | |||
| 611 | static int check_crl_time(X509_STORE_CTX *ctx, X509_CRL *crl, int notify) | ||
| 612 | { | ||
| 613 | time_t *ptime; | ||
| 614 | int i; | ||
| 615 | ctx->current_crl = crl; | ||
| 616 | if (ctx->param->flags & X509_V_FLAG_USE_CHECK_TIME) | ||
| 617 | ptime = &ctx->param->check_time; | ||
| 618 | else | ||
| 619 | ptime = NULL; | ||
| 620 | |||
| 621 | i=X509_cmp_time(X509_CRL_get_lastUpdate(crl), ptime); | ||
| 622 | if (i == 0) | ||
| 623 | { | ||
| 624 | ctx->error=X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD; | ||
| 625 | if (!notify || !ctx->verify_cb(0, ctx)) | ||
| 626 | return 0; | ||
| 627 | } | ||
| 628 | |||
| 629 | if (i > 0) | ||
| 630 | { | ||
| 631 | ctx->error=X509_V_ERR_CRL_NOT_YET_VALID; | ||
| 632 | if (!notify || !ctx->verify_cb(0, ctx)) | ||
| 633 | return 0; | ||
| 634 | } | ||
| 635 | |||
| 636 | if(X509_CRL_get_nextUpdate(crl)) | ||
| 637 | { | ||
| 638 | i=X509_cmp_time(X509_CRL_get_nextUpdate(crl), ptime); | ||
| 639 | |||
| 640 | if (i == 0) | ||
| 641 | { | ||
| 642 | ctx->error=X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD; | ||
| 643 | if (!notify || !ctx->verify_cb(0, ctx)) | ||
| 644 | return 0; | ||
| 645 | } | ||
| 646 | |||
| 647 | if (i < 0) | ||
| 648 | { | ||
| 649 | ctx->error=X509_V_ERR_CRL_HAS_EXPIRED; | ||
| 650 | if (!notify || !ctx->verify_cb(0, ctx)) | ||
| 651 | return 0; | ||
| 652 | } | ||
| 653 | } | ||
| 654 | |||
| 655 | ctx->current_crl = NULL; | ||
| 656 | |||
| 657 | return 1; | ||
| 658 | } | ||
| 659 | |||
| 660 | /* Lookup CRLs from the supplied list. Look for matching isser name | ||
| 661 | * and validity. If we can't find a valid CRL return the last one | ||
| 662 | * with matching name. This gives more meaningful error codes. Otherwise | ||
| 663 | * we'd get a CRL not found error if a CRL existed with matching name but | ||
| 664 | * was invalid. | ||
| 665 | */ | ||
| 666 | |||
| 667 | static int get_crl_sk(X509_STORE_CTX *ctx, X509_CRL **pcrl, | ||
| 668 | X509_NAME *nm, STACK_OF(X509_CRL) *crls) | ||
| 669 | { | ||
| 670 | int i; | ||
| 671 | X509_CRL *crl, *best_crl = NULL; | ||
| 672 | for (i = 0; i < sk_X509_CRL_num(crls); i++) | ||
| 673 | { | ||
| 674 | crl = sk_X509_CRL_value(crls, i); | ||
| 675 | if (X509_NAME_cmp(nm, X509_CRL_get_issuer(crl))) | ||
| 676 | continue; | ||
| 677 | if (check_crl_time(ctx, crl, 0)) | ||
| 678 | { | ||
| 679 | *pcrl = crl; | ||
| 680 | CRYPTO_add(&crl->references, 1, CRYPTO_LOCK_X509); | ||
| 681 | return 1; | ||
| 682 | } | ||
| 683 | best_crl = crl; | ||
| 684 | } | ||
| 685 | if (best_crl) | ||
| 686 | { | ||
| 687 | *pcrl = best_crl; | ||
| 688 | CRYPTO_add(&best_crl->references, 1, CRYPTO_LOCK_X509); | ||
| 689 | } | ||
| 690 | |||
| 691 | return 0; | ||
| 692 | } | ||
| 693 | |||
| 596 | /* Retrieve CRL corresponding to certificate: currently just a | 694 | /* Retrieve CRL corresponding to certificate: currently just a |
| 597 | * subject lookup: maybe use AKID later... | 695 | * subject lookup: maybe use AKID later... |
| 598 | * Also might look up any included CRLs too (e.g PKCS#7 signedData). | ||
| 599 | */ | 696 | */ |
| 600 | static int get_crl(X509_STORE_CTX *ctx, X509_CRL **crl, X509 *x) | 697 | static int get_crl(X509_STORE_CTX *ctx, X509_CRL **pcrl, X509 *x) |
| 601 | { | 698 | { |
| 602 | int ok; | 699 | int ok; |
| 700 | X509_CRL *crl = NULL; | ||
| 603 | X509_OBJECT xobj; | 701 | X509_OBJECT xobj; |
| 604 | ok = X509_STORE_get_by_subject(ctx, X509_LU_CRL, X509_get_issuer_name(x), &xobj); | 702 | X509_NAME *nm; |
| 605 | if (!ok) return 0; | 703 | nm = X509_get_issuer_name(x); |
| 606 | *crl = xobj.data.crl; | 704 | ok = get_crl_sk(ctx, &crl, nm, ctx->crls); |
| 705 | if (ok) | ||
| 706 | { | ||
| 707 | *pcrl = crl; | ||
| 708 | return 1; | ||
| 709 | } | ||
| 710 | |||
| 711 | ok = X509_STORE_get_by_subject(ctx, X509_LU_CRL, nm, &xobj); | ||
| 712 | |||
| 713 | if (!ok) | ||
| 714 | { | ||
| 715 | /* If we got a near match from get_crl_sk use that */ | ||
| 716 | if (crl) | ||
| 717 | { | ||
| 718 | *pcrl = crl; | ||
| 719 | return 1; | ||
| 720 | } | ||
| 721 | return 0; | ||
| 722 | } | ||
| 723 | |||
| 724 | *pcrl = xobj.data.crl; | ||
| 725 | if (crl) | ||
| 726 | X509_CRL_free(crl); | ||
| 607 | return 1; | 727 | return 1; |
| 608 | } | 728 | } |
| 609 | 729 | ||
| @@ -612,8 +732,7 @@ static int check_crl(X509_STORE_CTX *ctx, X509_CRL *crl) | |||
| 612 | { | 732 | { |
| 613 | X509 *issuer = NULL; | 733 | X509 *issuer = NULL; |
| 614 | EVP_PKEY *ikey = NULL; | 734 | EVP_PKEY *ikey = NULL; |
| 615 | int ok = 0, chnum, cnum, i; | 735 | int ok = 0, chnum, cnum; |
| 616 | time_t *ptime; | ||
| 617 | cnum = ctx->error_depth; | 736 | cnum = ctx->error_depth; |
| 618 | chnum = sk_X509_num(ctx->chain) - 1; | 737 | chnum = sk_X509_num(ctx->chain) - 1; |
| 619 | /* Find CRL issuer: if not last certificate then issuer | 738 | /* Find CRL issuer: if not last certificate then issuer |
| @@ -665,45 +784,9 @@ static int check_crl(X509_STORE_CTX *ctx, X509_CRL *crl) | |||
| 665 | } | 784 | } |
| 666 | } | 785 | } |
| 667 | 786 | ||
| 668 | /* OK, CRL signature valid check times */ | 787 | ok = check_crl_time(ctx, crl, 1); |
| 669 | if (ctx->flags & X509_V_FLAG_USE_CHECK_TIME) | 788 | if (!ok) |
| 670 | ptime = &ctx->check_time; | 789 | goto err; |
| 671 | else | ||
| 672 | ptime = NULL; | ||
| 673 | |||
| 674 | i=X509_cmp_time(X509_CRL_get_lastUpdate(crl), ptime); | ||
| 675 | if (i == 0) | ||
| 676 | { | ||
| 677 | ctx->error=X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD; | ||
| 678 | ok = ctx->verify_cb(0, ctx); | ||
| 679 | if (!ok) goto err; | ||
| 680 | } | ||
| 681 | |||
| 682 | if (i > 0) | ||
| 683 | { | ||
| 684 | ctx->error=X509_V_ERR_CRL_NOT_YET_VALID; | ||
| 685 | ok = ctx->verify_cb(0, ctx); | ||
| 686 | if (!ok) goto err; | ||
| 687 | } | ||
| 688 | |||
| 689 | if(X509_CRL_get_nextUpdate(crl)) | ||
| 690 | { | ||
| 691 | i=X509_cmp_time(X509_CRL_get_nextUpdate(crl), ptime); | ||
| 692 | |||
| 693 | if (i == 0) | ||
| 694 | { | ||
| 695 | ctx->error=X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD; | ||
| 696 | ok = ctx->verify_cb(0, ctx); | ||
| 697 | if (!ok) goto err; | ||
| 698 | } | ||
| 699 | |||
| 700 | if (i < 0) | ||
| 701 | { | ||
| 702 | ctx->error=X509_V_ERR_CRL_HAS_EXPIRED; | ||
| 703 | ok = ctx->verify_cb(0, ctx); | ||
| 704 | if (!ok) goto err; | ||
| 705 | } | ||
| 706 | } | ||
| 707 | 790 | ||
| 708 | ok = 1; | 791 | ok = 1; |
| 709 | 792 | ||
| @@ -741,7 +824,7 @@ static int cert_crl(X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x) | |||
| 741 | if (!ok) return 0; | 824 | if (!ok) return 0; |
| 742 | } | 825 | } |
| 743 | 826 | ||
| 744 | if (ctx->flags & X509_V_FLAG_IGNORE_CRITICAL) | 827 | if (ctx->param->flags & X509_V_FLAG_IGNORE_CRITICAL) |
| 745 | return 1; | 828 | return 1; |
| 746 | 829 | ||
| 747 | /* See if we have any critical CRL extensions: since we | 830 | /* See if we have any critical CRL extensions: since we |
| @@ -768,13 +851,106 @@ static int cert_crl(X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x) | |||
| 768 | return 1; | 851 | return 1; |
| 769 | } | 852 | } |
| 770 | 853 | ||
| 854 | static int check_policy(X509_STORE_CTX *ctx) | ||
| 855 | { | ||
| 856 | int ret; | ||
| 857 | ret = X509_policy_check(&ctx->tree, &ctx->explicit_policy, ctx->chain, | ||
| 858 | ctx->param->policies, ctx->param->flags); | ||
| 859 | if (ret == 0) | ||
| 860 | { | ||
| 861 | X509err(X509_F_CHECK_POLICY,ERR_R_MALLOC_FAILURE); | ||
| 862 | return 0; | ||
| 863 | } | ||
| 864 | /* Invalid or inconsistent extensions */ | ||
| 865 | if (ret == -1) | ||
| 866 | { | ||
| 867 | /* Locate certificates with bad extensions and notify | ||
| 868 | * callback. | ||
| 869 | */ | ||
| 870 | X509 *x; | ||
| 871 | int i; | ||
| 872 | for (i = 1; i < sk_X509_num(ctx->chain); i++) | ||
| 873 | { | ||
| 874 | x = sk_X509_value(ctx->chain, i); | ||
| 875 | if (!(x->ex_flags & EXFLAG_INVALID_POLICY)) | ||
| 876 | continue; | ||
| 877 | ctx->current_cert = x; | ||
| 878 | ctx->error = X509_V_ERR_INVALID_POLICY_EXTENSION; | ||
| 879 | ret = ctx->verify_cb(0, ctx); | ||
| 880 | } | ||
| 881 | return 1; | ||
| 882 | } | ||
| 883 | if (ret == -2) | ||
| 884 | { | ||
| 885 | ctx->current_cert = NULL; | ||
| 886 | ctx->error = X509_V_ERR_NO_EXPLICIT_POLICY; | ||
| 887 | return ctx->verify_cb(0, ctx); | ||
| 888 | } | ||
| 889 | |||
| 890 | if (ctx->param->flags & X509_V_FLAG_NOTIFY_POLICY) | ||
| 891 | { | ||
| 892 | ctx->current_cert = NULL; | ||
| 893 | ctx->error = X509_V_OK; | ||
| 894 | if (!ctx->verify_cb(2, ctx)) | ||
| 895 | return 0; | ||
| 896 | } | ||
| 897 | |||
| 898 | return 1; | ||
| 899 | } | ||
| 900 | |||
| 901 | static int check_cert_time(X509_STORE_CTX *ctx, X509 *x) | ||
| 902 | { | ||
| 903 | time_t *ptime; | ||
| 904 | int i; | ||
| 905 | |||
| 906 | if (ctx->param->flags & X509_V_FLAG_USE_CHECK_TIME) | ||
| 907 | ptime = &ctx->param->check_time; | ||
| 908 | else | ||
| 909 | ptime = NULL; | ||
| 910 | |||
| 911 | i=X509_cmp_time(X509_get_notBefore(x), ptime); | ||
| 912 | if (i == 0) | ||
| 913 | { | ||
| 914 | ctx->error=X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD; | ||
| 915 | ctx->current_cert=x; | ||
| 916 | if (!ctx->verify_cb(0, ctx)) | ||
| 917 | return 0; | ||
| 918 | } | ||
| 919 | |||
| 920 | if (i > 0) | ||
| 921 | { | ||
| 922 | ctx->error=X509_V_ERR_CERT_NOT_YET_VALID; | ||
| 923 | ctx->current_cert=x; | ||
| 924 | if (!ctx->verify_cb(0, ctx)) | ||
| 925 | return 0; | ||
| 926 | } | ||
| 927 | |||
| 928 | i=X509_cmp_time(X509_get_notAfter(x), ptime); | ||
| 929 | if (i == 0) | ||
| 930 | { | ||
| 931 | ctx->error=X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD; | ||
| 932 | ctx->current_cert=x; | ||
| 933 | if (!ctx->verify_cb(0, ctx)) | ||
| 934 | return 0; | ||
| 935 | } | ||
| 936 | |||
| 937 | if (i < 0) | ||
| 938 | { | ||
| 939 | ctx->error=X509_V_ERR_CERT_HAS_EXPIRED; | ||
| 940 | ctx->current_cert=x; | ||
| 941 | if (!ctx->verify_cb(0, ctx)) | ||
| 942 | return 0; | ||
| 943 | } | ||
| 944 | |||
| 945 | return 1; | ||
| 946 | } | ||
| 947 | |||
| 771 | static int internal_verify(X509_STORE_CTX *ctx) | 948 | static int internal_verify(X509_STORE_CTX *ctx) |
| 772 | { | 949 | { |
| 773 | int i,ok=0,n; | 950 | int ok=0,n; |
| 774 | X509 *xs,*xi; | 951 | X509 *xs,*xi; |
| 775 | EVP_PKEY *pkey=NULL; | 952 | EVP_PKEY *pkey=NULL; |
| 776 | time_t *ptime; | 953 | int (*cb)(int xok,X509_STORE_CTX *xctx); |
| 777 | int (*cb)(); | ||
| 778 | 954 | ||
| 779 | cb=ctx->verify_cb; | 955 | cb=ctx->verify_cb; |
| 780 | 956 | ||
| @@ -782,10 +958,7 @@ static int internal_verify(X509_STORE_CTX *ctx) | |||
| 782 | ctx->error_depth=n-1; | 958 | ctx->error_depth=n-1; |
| 783 | n--; | 959 | n--; |
| 784 | xi=sk_X509_value(ctx->chain,n); | 960 | xi=sk_X509_value(ctx->chain,n); |
| 785 | if (ctx->flags & X509_V_FLAG_USE_CHECK_TIME) | 961 | |
| 786 | ptime = &ctx->check_time; | ||
| 787 | else | ||
| 788 | ptime = NULL; | ||
| 789 | if (ctx->check_issued(ctx, xi, xi)) | 962 | if (ctx->check_issued(ctx, xi, xi)) |
| 790 | xs=xi; | 963 | xs=xi; |
| 791 | else | 964 | else |
| @@ -838,41 +1011,13 @@ static int internal_verify(X509_STORE_CTX *ctx) | |||
| 838 | } | 1011 | } |
| 839 | EVP_PKEY_free(pkey); | 1012 | EVP_PKEY_free(pkey); |
| 840 | pkey=NULL; | 1013 | pkey=NULL; |
| 841 | |||
| 842 | i=X509_cmp_time(X509_get_notBefore(xs), ptime); | ||
| 843 | if (i == 0) | ||
| 844 | { | ||
| 845 | ctx->error=X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD; | ||
| 846 | ctx->current_cert=xs; | ||
| 847 | ok=(*cb)(0,ctx); | ||
| 848 | if (!ok) goto end; | ||
| 849 | } | ||
| 850 | if (i > 0) | ||
| 851 | { | ||
| 852 | ctx->error=X509_V_ERR_CERT_NOT_YET_VALID; | ||
| 853 | ctx->current_cert=xs; | ||
| 854 | ok=(*cb)(0,ctx); | ||
| 855 | if (!ok) goto end; | ||
| 856 | } | ||
| 857 | xs->valid=1; | ||
| 858 | } | 1014 | } |
| 859 | 1015 | ||
| 860 | i=X509_cmp_time(X509_get_notAfter(xs), ptime); | 1016 | xs->valid = 1; |
| 861 | if (i == 0) | ||
| 862 | { | ||
| 863 | ctx->error=X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD; | ||
| 864 | ctx->current_cert=xs; | ||
| 865 | ok=(*cb)(0,ctx); | ||
| 866 | if (!ok) goto end; | ||
| 867 | } | ||
| 868 | 1017 | ||
| 869 | if (i < 0) | 1018 | ok = check_cert_time(ctx, xs); |
| 870 | { | 1019 | if (!ok) |
| 871 | ctx->error=X509_V_ERR_CERT_HAS_EXPIRED; | 1020 | goto end; |
| 872 | ctx->current_cert=xs; | ||
| 873 | ok=(*cb)(0,ctx); | ||
| 874 | if (!ok) goto end; | ||
| 875 | } | ||
| 876 | 1021 | ||
| 877 | /* The last error (if any) is still in the error value */ | 1022 | /* The last error (if any) is still in the error value */ |
| 878 | ctx->current_issuer=xi; | 1023 | ctx->current_issuer=xi; |
| @@ -1105,6 +1250,11 @@ void X509_STORE_CTX_set_chain(X509_STORE_CTX *ctx, STACK_OF(X509) *sk) | |||
| 1105 | ctx->untrusted=sk; | 1250 | ctx->untrusted=sk; |
| 1106 | } | 1251 | } |
| 1107 | 1252 | ||
| 1253 | void X509_STORE_CTX_set0_crls(X509_STORE_CTX *ctx, STACK_OF(X509_CRL) *sk) | ||
| 1254 | { | ||
| 1255 | ctx->crls=sk; | ||
| 1256 | } | ||
| 1257 | |||
| 1108 | int X509_STORE_CTX_set_purpose(X509_STORE_CTX *ctx, int purpose) | 1258 | int X509_STORE_CTX_set_purpose(X509_STORE_CTX *ctx, int purpose) |
| 1109 | { | 1259 | { |
| 1110 | return X509_STORE_CTX_purpose_inherit(ctx, 0, purpose, 0); | 1260 | return X509_STORE_CTX_purpose_inherit(ctx, 0, purpose, 0); |
| @@ -1168,8 +1318,8 @@ int X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose, | |||
| 1168 | } | 1318 | } |
| 1169 | } | 1319 | } |
| 1170 | 1320 | ||
| 1171 | if (purpose && !ctx->purpose) ctx->purpose = purpose; | 1321 | if (purpose && !ctx->param->purpose) ctx->param->purpose = purpose; |
| 1172 | if (trust && !ctx->trust) ctx->trust = trust; | 1322 | if (trust && !ctx->param->trust) ctx->param->trust = trust; |
| 1173 | return 1; | 1323 | return 1; |
| 1174 | } | 1324 | } |
| 1175 | 1325 | ||
| @@ -1195,20 +1345,30 @@ void X509_STORE_CTX_free(X509_STORE_CTX *ctx) | |||
| 1195 | int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509, | 1345 | int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509, |
| 1196 | STACK_OF(X509) *chain) | 1346 | STACK_OF(X509) *chain) |
| 1197 | { | 1347 | { |
| 1348 | int ret = 1; | ||
| 1198 | ctx->ctx=store; | 1349 | ctx->ctx=store; |
| 1199 | ctx->current_method=0; | 1350 | ctx->current_method=0; |
| 1200 | ctx->cert=x509; | 1351 | ctx->cert=x509; |
| 1201 | ctx->untrusted=chain; | 1352 | ctx->untrusted=chain; |
| 1353 | ctx->crls = NULL; | ||
| 1202 | ctx->last_untrusted=0; | 1354 | ctx->last_untrusted=0; |
| 1203 | ctx->check_time=0; | ||
| 1204 | ctx->other_ctx=NULL; | 1355 | ctx->other_ctx=NULL; |
| 1205 | ctx->valid=0; | 1356 | ctx->valid=0; |
| 1206 | ctx->chain=NULL; | 1357 | ctx->chain=NULL; |
| 1207 | ctx->depth=9; | ||
| 1208 | ctx->error=0; | 1358 | ctx->error=0; |
| 1359 | ctx->explicit_policy=0; | ||
| 1209 | ctx->error_depth=0; | 1360 | ctx->error_depth=0; |
| 1210 | ctx->current_cert=NULL; | 1361 | ctx->current_cert=NULL; |
| 1211 | ctx->current_issuer=NULL; | 1362 | ctx->current_issuer=NULL; |
| 1363 | ctx->tree = NULL; | ||
| 1364 | |||
| 1365 | ctx->param = X509_VERIFY_PARAM_new(); | ||
| 1366 | |||
| 1367 | if (!ctx->param) | ||
| 1368 | { | ||
| 1369 | X509err(X509_F_X509_STORE_CTX_INIT,ERR_R_MALLOC_FAILURE); | ||
| 1370 | return 0; | ||
| 1371 | } | ||
| 1212 | 1372 | ||
| 1213 | /* Inherit callbacks and flags from X509_STORE if not set | 1373 | /* Inherit callbacks and flags from X509_STORE if not set |
| 1214 | * use defaults. | 1374 | * use defaults. |
| @@ -1216,18 +1376,26 @@ int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509, | |||
| 1216 | 1376 | ||
| 1217 | 1377 | ||
| 1218 | if (store) | 1378 | if (store) |
| 1379 | ret = X509_VERIFY_PARAM_inherit(ctx->param, store->param); | ||
| 1380 | else | ||
| 1381 | ctx->param->flags |= X509_VP_FLAG_DEFAULT|X509_VP_FLAG_ONCE; | ||
| 1382 | |||
| 1383 | if (store) | ||
| 1219 | { | 1384 | { |
| 1220 | ctx->purpose=store->purpose; | 1385 | ctx->verify_cb = store->verify_cb; |
| 1221 | ctx->trust=store->trust; | ||
| 1222 | ctx->flags = store->flags; | ||
| 1223 | ctx->cleanup = store->cleanup; | 1386 | ctx->cleanup = store->cleanup; |
| 1224 | } | 1387 | } |
| 1225 | else | 1388 | else |
| 1226 | { | ||
| 1227 | ctx->purpose = 0; | ||
| 1228 | ctx->trust = 0; | ||
| 1229 | ctx->flags = 0; | ||
| 1230 | ctx->cleanup = 0; | 1389 | ctx->cleanup = 0; |
| 1390 | |||
| 1391 | if (ret) | ||
| 1392 | ret = X509_VERIFY_PARAM_inherit(ctx->param, | ||
| 1393 | X509_VERIFY_PARAM_lookup("default")); | ||
| 1394 | |||
| 1395 | if (ret == 0) | ||
| 1396 | { | ||
| 1397 | X509err(X509_F_X509_STORE_CTX_INIT,ERR_R_MALLOC_FAILURE); | ||
| 1398 | return 0; | ||
| 1231 | } | 1399 | } |
| 1232 | 1400 | ||
| 1233 | if (store && store->check_issued) | 1401 | if (store && store->check_issued) |
| @@ -1270,6 +1438,8 @@ int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509, | |||
| 1270 | else | 1438 | else |
| 1271 | ctx->cert_crl = cert_crl; | 1439 | ctx->cert_crl = cert_crl; |
| 1272 | 1440 | ||
| 1441 | ctx->check_policy = check_policy; | ||
| 1442 | |||
| 1273 | 1443 | ||
| 1274 | /* This memset() can't make any sense anyway, so it's removed. As | 1444 | /* This memset() can't make any sense anyway, so it's removed. As |
| 1275 | * X509_STORE_CTX_cleanup does a proper "free" on the ex_data, we put a | 1445 | * X509_STORE_CTX_cleanup does a proper "free" on the ex_data, we put a |
| @@ -1298,6 +1468,16 @@ void X509_STORE_CTX_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk) | |||
| 1298 | void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx) | 1468 | void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx) |
| 1299 | { | 1469 | { |
| 1300 | if (ctx->cleanup) ctx->cleanup(ctx); | 1470 | if (ctx->cleanup) ctx->cleanup(ctx); |
| 1471 | if (ctx->param != NULL) | ||
| 1472 | { | ||
| 1473 | X509_VERIFY_PARAM_free(ctx->param); | ||
| 1474 | ctx->param=NULL; | ||
| 1475 | } | ||
| 1476 | if (ctx->tree != NULL) | ||
| 1477 | { | ||
| 1478 | X509_policy_tree_free(ctx->tree); | ||
| 1479 | ctx->tree=NULL; | ||
| 1480 | } | ||
| 1301 | if (ctx->chain != NULL) | 1481 | if (ctx->chain != NULL) |
| 1302 | { | 1482 | { |
| 1303 | sk_X509_pop_free(ctx->chain,X509_free); | 1483 | sk_X509_pop_free(ctx->chain,X509_free); |
| @@ -1307,15 +1487,19 @@ void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx) | |||
| 1307 | memset(&ctx->ex_data,0,sizeof(CRYPTO_EX_DATA)); | 1487 | memset(&ctx->ex_data,0,sizeof(CRYPTO_EX_DATA)); |
| 1308 | } | 1488 | } |
| 1309 | 1489 | ||
| 1310 | void X509_STORE_CTX_set_flags(X509_STORE_CTX *ctx, long flags) | 1490 | void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth) |
| 1311 | { | 1491 | { |
| 1312 | ctx->flags |= flags; | 1492 | X509_VERIFY_PARAM_set_depth(ctx->param, depth); |
| 1313 | } | 1493 | } |
| 1314 | 1494 | ||
| 1315 | void X509_STORE_CTX_set_time(X509_STORE_CTX *ctx, long flags, time_t t) | 1495 | void X509_STORE_CTX_set_flags(X509_STORE_CTX *ctx, unsigned long flags) |
| 1316 | { | 1496 | { |
| 1317 | ctx->check_time = t; | 1497 | X509_VERIFY_PARAM_set_flags(ctx->param, flags); |
| 1318 | ctx->flags |= X509_V_FLAG_USE_CHECK_TIME; | 1498 | } |
| 1499 | |||
| 1500 | void X509_STORE_CTX_set_time(X509_STORE_CTX *ctx, unsigned long flags, time_t t) | ||
| 1501 | { | ||
| 1502 | X509_VERIFY_PARAM_set_time(ctx->param, t); | ||
| 1319 | } | 1503 | } |
| 1320 | 1504 | ||
| 1321 | void X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx, | 1505 | void X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx, |
| @@ -1324,6 +1508,37 @@ void X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx, | |||
| 1324 | ctx->verify_cb=verify_cb; | 1508 | ctx->verify_cb=verify_cb; |
| 1325 | } | 1509 | } |
| 1326 | 1510 | ||
| 1511 | X509_POLICY_TREE *X509_STORE_CTX_get0_policy_tree(X509_STORE_CTX *ctx) | ||
| 1512 | { | ||
| 1513 | return ctx->tree; | ||
| 1514 | } | ||
| 1515 | |||
| 1516 | int X509_STORE_CTX_get_explicit_policy(X509_STORE_CTX *ctx) | ||
| 1517 | { | ||
| 1518 | return ctx->explicit_policy; | ||
| 1519 | } | ||
| 1520 | |||
| 1521 | int X509_STORE_CTX_set_default(X509_STORE_CTX *ctx, const char *name) | ||
| 1522 | { | ||
| 1523 | const X509_VERIFY_PARAM *param; | ||
| 1524 | param = X509_VERIFY_PARAM_lookup(name); | ||
| 1525 | if (!param) | ||
| 1526 | return 0; | ||
| 1527 | return X509_VERIFY_PARAM_inherit(ctx->param, param); | ||
| 1528 | } | ||
| 1529 | |||
| 1530 | X509_VERIFY_PARAM *X509_STORE_CTX_get0_param(X509_STORE_CTX *ctx) | ||
| 1531 | { | ||
| 1532 | return ctx->param; | ||
| 1533 | } | ||
| 1534 | |||
| 1535 | void X509_STORE_CTX_set0_param(X509_STORE_CTX *ctx, X509_VERIFY_PARAM *param) | ||
| 1536 | { | ||
| 1537 | if (ctx->param) | ||
| 1538 | X509_VERIFY_PARAM_free(ctx->param); | ||
| 1539 | ctx->param = param; | ||
| 1540 | } | ||
| 1541 | |||
| 1327 | IMPLEMENT_STACK_OF(X509) | 1542 | IMPLEMENT_STACK_OF(X509) |
| 1328 | IMPLEMENT_ASN1_SET_OF(X509) | 1543 | IMPLEMENT_ASN1_SET_OF(X509) |
| 1329 | 1544 | ||
diff --git a/src/lib/libssl/src/crypto/x509/x509_vfy.h b/src/lib/libssl/src/crypto/x509/x509_vfy.h index 7fd1f0bc4d..76c76e1719 100644 --- a/src/lib/libssl/src/crypto/x509/x509_vfy.h +++ b/src/lib/libssl/src/crypto/x509/x509_vfy.h | |||
| @@ -65,6 +65,7 @@ | |||
| 65 | #ifndef HEADER_X509_VFY_H | 65 | #ifndef HEADER_X509_VFY_H |
| 66 | #define HEADER_X509_VFY_H | 66 | #define HEADER_X509_VFY_H |
| 67 | 67 | ||
| 68 | #include <openssl/opensslconf.h> | ||
| 68 | #ifndef OPENSSL_NO_LHASH | 69 | #ifndef OPENSSL_NO_LHASH |
| 69 | #include <openssl/lhash.h> | 70 | #include <openssl/lhash.h> |
| 70 | #endif | 71 | #endif |
| @@ -155,6 +156,25 @@ typedef struct x509_lookup_method_st | |||
| 155 | X509_OBJECT *ret); | 156 | X509_OBJECT *ret); |
| 156 | } X509_LOOKUP_METHOD; | 157 | } X509_LOOKUP_METHOD; |
| 157 | 158 | ||
| 159 | /* This structure hold all parameters associated with a verify operation | ||
| 160 | * by including an X509_VERIFY_PARAM structure in related structures the | ||
| 161 | * parameters used can be customized | ||
| 162 | */ | ||
| 163 | |||
| 164 | typedef struct X509_VERIFY_PARAM_st | ||
| 165 | { | ||
| 166 | char *name; | ||
| 167 | time_t check_time; /* Time to use */ | ||
| 168 | unsigned long inh_flags; /* Inheritance flags */ | ||
| 169 | unsigned long flags; /* Various verify flags */ | ||
| 170 | int purpose; /* purpose to check untrusted certificates */ | ||
| 171 | int trust; /* trust setting to check */ | ||
| 172 | int depth; /* Verify depth */ | ||
| 173 | STACK_OF(ASN1_OBJECT) *policies; /* Permissible policies */ | ||
| 174 | } X509_VERIFY_PARAM; | ||
| 175 | |||
| 176 | DECLARE_STACK_OF(X509_VERIFY_PARAM) | ||
| 177 | |||
| 158 | /* This is used to hold everything. It is used for all certificate | 178 | /* This is used to hold everything. It is used for all certificate |
| 159 | * validation. Once we have a certificate chain, the 'verify' | 179 | * validation. Once we have a certificate chain, the 'verify' |
| 160 | * function is then called to actually check the cert chain. */ | 180 | * function is then called to actually check the cert chain. */ |
| @@ -167,13 +187,8 @@ struct x509_store_st | |||
| 167 | /* These are external lookup methods */ | 187 | /* These are external lookup methods */ |
| 168 | STACK_OF(X509_LOOKUP) *get_cert_methods; | 188 | STACK_OF(X509_LOOKUP) *get_cert_methods; |
| 169 | 189 | ||
| 170 | /* The following fields are not used by X509_STORE but are | 190 | X509_VERIFY_PARAM *param; |
| 171 | * inherited by X509_STORE_CTX when it is initialised. | ||
| 172 | */ | ||
| 173 | 191 | ||
| 174 | unsigned long flags; /* Various verify flags */ | ||
| 175 | int purpose; | ||
| 176 | int trust; | ||
| 177 | /* Callbacks for various operations */ | 192 | /* Callbacks for various operations */ |
| 178 | int (*verify)(X509_STORE_CTX *ctx); /* called to verify a certificate */ | 193 | int (*verify)(X509_STORE_CTX *ctx); /* called to verify a certificate */ |
| 179 | int (*verify_cb)(int ok,X509_STORE_CTX *ctx); /* error callback */ | 194 | int (*verify_cb)(int ok,X509_STORE_CTX *ctx); /* error callback */ |
| @@ -187,10 +202,9 @@ struct x509_store_st | |||
| 187 | 202 | ||
| 188 | CRYPTO_EX_DATA ex_data; | 203 | CRYPTO_EX_DATA ex_data; |
| 189 | int references; | 204 | int references; |
| 190 | int depth; /* how deep to look (still unused -- X509_STORE_CTX's depth is used) */ | ||
| 191 | } /* X509_STORE */; | 205 | } /* X509_STORE */; |
| 192 | 206 | ||
| 193 | #define X509_STORE_set_depth(ctx,d) ((ctx)->depth=(d)) | 207 | int X509_STORE_set_depth(X509_STORE *store, int depth); |
| 194 | 208 | ||
| 195 | #define X509_STORE_set_verify_cb_func(ctx,func) ((ctx)->verify_cb=(func)) | 209 | #define X509_STORE_set_verify_cb_func(ctx,func) ((ctx)->verify_cb=(func)) |
| 196 | #define X509_STORE_set_verify_func(ctx,func) ((ctx)->verify=(func)) | 210 | #define X509_STORE_set_verify_func(ctx,func) ((ctx)->verify=(func)) |
| @@ -217,10 +231,9 @@ struct x509_store_ctx_st /* X509_STORE_CTX */ | |||
| 217 | /* The following are set by the caller */ | 231 | /* The following are set by the caller */ |
| 218 | X509 *cert; /* The cert to check */ | 232 | X509 *cert; /* The cert to check */ |
| 219 | STACK_OF(X509) *untrusted; /* chain of X509s - untrusted - passed in */ | 233 | STACK_OF(X509) *untrusted; /* chain of X509s - untrusted - passed in */ |
| 220 | int purpose; /* purpose to check untrusted certificates */ | 234 | STACK_OF(X509_CRL) *crls; /* set of CRLs passed in */ |
| 221 | int trust; /* trust setting to check */ | 235 | |
| 222 | time_t check_time; /* time to make verify at */ | 236 | X509_VERIFY_PARAM *param; |
| 223 | unsigned long flags; /* Various verify flags */ | ||
| 224 | void *other_ctx; /* Other info for use with get_issuer() */ | 237 | void *other_ctx; /* Other info for use with get_issuer() */ |
| 225 | 238 | ||
| 226 | /* Callbacks for various operations */ | 239 | /* Callbacks for various operations */ |
| @@ -232,13 +245,16 @@ struct x509_store_ctx_st /* X509_STORE_CTX */ | |||
| 232 | int (*get_crl)(X509_STORE_CTX *ctx, X509_CRL **crl, X509 *x); /* retrieve CRL */ | 245 | int (*get_crl)(X509_STORE_CTX *ctx, X509_CRL **crl, X509 *x); /* retrieve CRL */ |
| 233 | int (*check_crl)(X509_STORE_CTX *ctx, X509_CRL *crl); /* Check CRL validity */ | 246 | int (*check_crl)(X509_STORE_CTX *ctx, X509_CRL *crl); /* Check CRL validity */ |
| 234 | int (*cert_crl)(X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x); /* Check certificate against CRL */ | 247 | int (*cert_crl)(X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x); /* Check certificate against CRL */ |
| 248 | int (*check_policy)(X509_STORE_CTX *ctx); | ||
| 235 | int (*cleanup)(X509_STORE_CTX *ctx); | 249 | int (*cleanup)(X509_STORE_CTX *ctx); |
| 236 | 250 | ||
| 237 | /* The following is built up */ | 251 | /* The following is built up */ |
| 238 | int depth; /* how far to go looking up certs */ | ||
| 239 | int valid; /* if 0, rebuild chain */ | 252 | int valid; /* if 0, rebuild chain */ |
| 240 | int last_untrusted; /* index of last untrusted cert */ | 253 | int last_untrusted; /* index of last untrusted cert */ |
| 241 | STACK_OF(X509) *chain; /* chain of X509s - built up and trusted */ | 254 | STACK_OF(X509) *chain; /* chain of X509s - built up and trusted */ |
| 255 | X509_POLICY_TREE *tree; /* Valid policy tree */ | ||
| 256 | |||
| 257 | int explicit_policy; /* Require explicit policy value */ | ||
| 242 | 258 | ||
| 243 | /* When something goes wrong, this is why */ | 259 | /* When something goes wrong, this is why */ |
| 244 | int error_depth; | 260 | int error_depth; |
| @@ -250,7 +266,7 @@ struct x509_store_ctx_st /* X509_STORE_CTX */ | |||
| 250 | CRYPTO_EX_DATA ex_data; | 266 | CRYPTO_EX_DATA ex_data; |
| 251 | } /* X509_STORE_CTX */; | 267 | } /* X509_STORE_CTX */; |
| 252 | 268 | ||
| 253 | #define X509_STORE_CTX_set_depth(ctx,d) ((ctx)->depth=(d)) | 269 | void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth); |
| 254 | 270 | ||
| 255 | #define X509_STORE_CTX_set_app_data(ctx,data) \ | 271 | #define X509_STORE_CTX_set_app_data(ctx,data) \ |
| 256 | X509_STORE_CTX_set_ex_data(ctx,0,data) | 272 | X509_STORE_CTX_set_ex_data(ctx,0,data) |
| @@ -311,6 +327,12 @@ struct x509_store_ctx_st /* X509_STORE_CTX */ | |||
| 311 | #define X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE 39 | 327 | #define X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE 39 |
| 312 | #define X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED 40 | 328 | #define X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED 40 |
| 313 | 329 | ||
| 330 | #define X509_V_ERR_INVALID_EXTENSION 41 | ||
| 331 | #define X509_V_ERR_INVALID_POLICY_EXTENSION 42 | ||
| 332 | #define X509_V_ERR_NO_EXPLICIT_POLICY 43 | ||
| 333 | |||
| 334 | #define X509_V_ERR_UNNESTED_RESOURCE 44 | ||
| 335 | |||
| 314 | /* The application is not happy */ | 336 | /* The application is not happy */ |
| 315 | #define X509_V_ERR_APPLICATION_VERIFICATION 50 | 337 | #define X509_V_ERR_APPLICATION_VERIFICATION 50 |
| 316 | 338 | ||
| @@ -330,6 +352,28 @@ struct x509_store_ctx_st /* X509_STORE_CTX */ | |||
| 330 | #define X509_V_FLAG_X509_STRICT 0x20 | 352 | #define X509_V_FLAG_X509_STRICT 0x20 |
| 331 | /* Enable proxy certificate validation */ | 353 | /* Enable proxy certificate validation */ |
| 332 | #define X509_V_FLAG_ALLOW_PROXY_CERTS 0x40 | 354 | #define X509_V_FLAG_ALLOW_PROXY_CERTS 0x40 |
| 355 | /* Enable policy checking */ | ||
| 356 | #define X509_V_FLAG_POLICY_CHECK 0x80 | ||
| 357 | /* Policy variable require-explicit-policy */ | ||
| 358 | #define X509_V_FLAG_EXPLICIT_POLICY 0x100 | ||
| 359 | /* Policy variable inhibit-any-policy */ | ||
| 360 | #define X509_V_FLAG_INHIBIT_ANY 0x200 | ||
| 361 | /* Policy variable inhibit-policy-mapping */ | ||
| 362 | #define X509_V_FLAG_INHIBIT_MAP 0x400 | ||
| 363 | /* Notify callback that policy is OK */ | ||
| 364 | #define X509_V_FLAG_NOTIFY_POLICY 0x800 | ||
| 365 | |||
| 366 | #define X509_VP_FLAG_DEFAULT 0x1 | ||
| 367 | #define X509_VP_FLAG_OVERWRITE 0x2 | ||
| 368 | #define X509_VP_FLAG_RESET_FLAGS 0x4 | ||
| 369 | #define X509_VP_FLAG_LOCKED 0x8 | ||
| 370 | #define X509_VP_FLAG_ONCE 0x10 | ||
| 371 | |||
| 372 | /* Internal use: mask of policy related options */ | ||
| 373 | #define X509_V_FLAG_POLICY_MASK (X509_V_FLAG_POLICY_CHECK \ | ||
| 374 | | X509_V_FLAG_EXPLICIT_POLICY \ | ||
| 375 | | X509_V_FLAG_INHIBIT_ANY \ | ||
| 376 | | X509_V_FLAG_INHIBIT_MAP) | ||
| 333 | 377 | ||
| 334 | int X509_OBJECT_idx_by_subject(STACK_OF(X509_OBJECT) *h, int type, | 378 | int X509_OBJECT_idx_by_subject(STACK_OF(X509_OBJECT) *h, int type, |
| 335 | X509_NAME *name); | 379 | X509_NAME *name); |
| @@ -340,9 +384,10 @@ void X509_OBJECT_free_contents(X509_OBJECT *a); | |||
| 340 | X509_STORE *X509_STORE_new(void ); | 384 | X509_STORE *X509_STORE_new(void ); |
| 341 | void X509_STORE_free(X509_STORE *v); | 385 | void X509_STORE_free(X509_STORE *v); |
| 342 | 386 | ||
| 343 | void X509_STORE_set_flags(X509_STORE *ctx, long flags); | 387 | int X509_STORE_set_flags(X509_STORE *ctx, unsigned long flags); |
| 344 | int X509_STORE_set_purpose(X509_STORE *ctx, int purpose); | 388 | int X509_STORE_set_purpose(X509_STORE *ctx, int purpose); |
| 345 | int X509_STORE_set_trust(X509_STORE *ctx, int trust); | 389 | int X509_STORE_set_trust(X509_STORE *ctx, int trust); |
| 390 | int X509_STORE_set1_param(X509_STORE *ctx, X509_VERIFY_PARAM *pm); | ||
| 346 | 391 | ||
| 347 | X509_STORE_CTX *X509_STORE_CTX_new(void); | 392 | X509_STORE_CTX *X509_STORE_CTX_new(void); |
| 348 | 393 | ||
| @@ -406,14 +451,78 @@ STACK_OF(X509) *X509_STORE_CTX_get_chain(X509_STORE_CTX *ctx); | |||
| 406 | STACK_OF(X509) *X509_STORE_CTX_get1_chain(X509_STORE_CTX *ctx); | 451 | STACK_OF(X509) *X509_STORE_CTX_get1_chain(X509_STORE_CTX *ctx); |
| 407 | void X509_STORE_CTX_set_cert(X509_STORE_CTX *c,X509 *x); | 452 | void X509_STORE_CTX_set_cert(X509_STORE_CTX *c,X509 *x); |
| 408 | void X509_STORE_CTX_set_chain(X509_STORE_CTX *c,STACK_OF(X509) *sk); | 453 | void X509_STORE_CTX_set_chain(X509_STORE_CTX *c,STACK_OF(X509) *sk); |
| 454 | void X509_STORE_CTX_set0_crls(X509_STORE_CTX *c,STACK_OF(X509_CRL) *sk); | ||
| 409 | int X509_STORE_CTX_set_purpose(X509_STORE_CTX *ctx, int purpose); | 455 | int X509_STORE_CTX_set_purpose(X509_STORE_CTX *ctx, int purpose); |
| 410 | int X509_STORE_CTX_set_trust(X509_STORE_CTX *ctx, int trust); | 456 | int X509_STORE_CTX_set_trust(X509_STORE_CTX *ctx, int trust); |
| 411 | int X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose, | 457 | int X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose, |
| 412 | int purpose, int trust); | 458 | int purpose, int trust); |
| 413 | void X509_STORE_CTX_set_flags(X509_STORE_CTX *ctx, long flags); | 459 | void X509_STORE_CTX_set_flags(X509_STORE_CTX *ctx, unsigned long flags); |
| 414 | void X509_STORE_CTX_set_time(X509_STORE_CTX *ctx, long flags, time_t t); | 460 | void X509_STORE_CTX_set_time(X509_STORE_CTX *ctx, unsigned long flags, |
| 461 | time_t t); | ||
| 415 | void X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx, | 462 | void X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx, |
| 416 | int (*verify_cb)(int, X509_STORE_CTX *)); | 463 | int (*verify_cb)(int, X509_STORE_CTX *)); |
| 464 | |||
| 465 | X509_POLICY_TREE *X509_STORE_CTX_get0_policy_tree(X509_STORE_CTX *ctx); | ||
| 466 | int X509_STORE_CTX_get_explicit_policy(X509_STORE_CTX *ctx); | ||
| 467 | |||
| 468 | X509_VERIFY_PARAM *X509_STORE_CTX_get0_param(X509_STORE_CTX *ctx); | ||
| 469 | void X509_STORE_CTX_set0_param(X509_STORE_CTX *ctx, X509_VERIFY_PARAM *param); | ||
| 470 | int X509_STORE_CTX_set_default(X509_STORE_CTX *ctx, const char *name); | ||
| 471 | |||
| 472 | /* X509_VERIFY_PARAM functions */ | ||
| 473 | |||
| 474 | X509_VERIFY_PARAM *X509_VERIFY_PARAM_new(void); | ||
| 475 | void X509_VERIFY_PARAM_free(X509_VERIFY_PARAM *param); | ||
| 476 | int X509_VERIFY_PARAM_inherit(X509_VERIFY_PARAM *to, | ||
| 477 | const X509_VERIFY_PARAM *from); | ||
| 478 | int X509_VERIFY_PARAM_set1(X509_VERIFY_PARAM *to, | ||
| 479 | const X509_VERIFY_PARAM *from); | ||
| 480 | int X509_VERIFY_PARAM_set1_name(X509_VERIFY_PARAM *param, const char *name); | ||
| 481 | int X509_VERIFY_PARAM_set_flags(X509_VERIFY_PARAM *param, unsigned long flags); | ||
| 482 | int X509_VERIFY_PARAM_clear_flags(X509_VERIFY_PARAM *param, | ||
| 483 | unsigned long flags); | ||
| 484 | unsigned long X509_VERIFY_PARAM_get_flags(X509_VERIFY_PARAM *param); | ||
| 485 | int X509_VERIFY_PARAM_set_purpose(X509_VERIFY_PARAM *param, int purpose); | ||
| 486 | int X509_VERIFY_PARAM_set_trust(X509_VERIFY_PARAM *param, int trust); | ||
| 487 | void X509_VERIFY_PARAM_set_depth(X509_VERIFY_PARAM *param, int depth); | ||
| 488 | void X509_VERIFY_PARAM_set_time(X509_VERIFY_PARAM *param, time_t t); | ||
| 489 | int X509_VERIFY_PARAM_add0_policy(X509_VERIFY_PARAM *param, | ||
| 490 | ASN1_OBJECT *policy); | ||
| 491 | int X509_VERIFY_PARAM_set1_policies(X509_VERIFY_PARAM *param, | ||
| 492 | STACK_OF(ASN1_OBJECT) *policies); | ||
| 493 | int X509_VERIFY_PARAM_get_depth(const X509_VERIFY_PARAM *param); | ||
| 494 | |||
| 495 | int X509_VERIFY_PARAM_add0_table(X509_VERIFY_PARAM *param); | ||
| 496 | const X509_VERIFY_PARAM *X509_VERIFY_PARAM_lookup(const char *name); | ||
| 497 | void X509_VERIFY_PARAM_table_cleanup(void); | ||
| 498 | |||
| 499 | int X509_policy_check(X509_POLICY_TREE **ptree, int *pexplicit_policy, | ||
| 500 | STACK_OF(X509) *certs, | ||
| 501 | STACK_OF(ASN1_OBJECT) *policy_oids, | ||
| 502 | unsigned int flags); | ||
| 503 | |||
| 504 | void X509_policy_tree_free(X509_POLICY_TREE *tree); | ||
| 505 | |||
| 506 | int X509_policy_tree_level_count(const X509_POLICY_TREE *tree); | ||
| 507 | X509_POLICY_LEVEL * | ||
| 508 | X509_policy_tree_get0_level(const X509_POLICY_TREE *tree, int i); | ||
| 509 | |||
| 510 | STACK_OF(X509_POLICY_NODE) * | ||
| 511 | X509_policy_tree_get0_policies(const X509_POLICY_TREE *tree); | ||
| 512 | |||
| 513 | STACK_OF(X509_POLICY_NODE) * | ||
| 514 | X509_policy_tree_get0_user_policies(const X509_POLICY_TREE *tree); | ||
| 515 | |||
| 516 | int X509_policy_level_node_count(X509_POLICY_LEVEL *level); | ||
| 517 | |||
| 518 | X509_POLICY_NODE *X509_policy_level_get0_node(X509_POLICY_LEVEL *level, int i); | ||
| 519 | |||
| 520 | const ASN1_OBJECT *X509_policy_node_get0_policy(const X509_POLICY_NODE *node); | ||
| 521 | |||
| 522 | STACK_OF(POLICYQUALINFO) * | ||
| 523 | X509_policy_node_get0_qualifiers(const X509_POLICY_NODE *node); | ||
| 524 | const X509_POLICY_NODE * | ||
| 525 | X509_policy_node_get0_parent(const X509_POLICY_NODE *node); | ||
| 417 | 526 | ||
| 418 | #ifdef __cplusplus | 527 | #ifdef __cplusplus |
| 419 | } | 528 | } |
diff --git a/src/lib/libssl/src/crypto/x509/x509spki.c b/src/lib/libssl/src/crypto/x509/x509spki.c index 4c3af946ec..ed868b838e 100644 --- a/src/lib/libssl/src/crypto/x509/x509spki.c +++ b/src/lib/libssl/src/crypto/x509/x509spki.c | |||
| @@ -77,7 +77,8 @@ EVP_PKEY *NETSCAPE_SPKI_get_pubkey(NETSCAPE_SPKI *x) | |||
| 77 | 77 | ||
| 78 | NETSCAPE_SPKI * NETSCAPE_SPKI_b64_decode(const char *str, int len) | 78 | NETSCAPE_SPKI * NETSCAPE_SPKI_b64_decode(const char *str, int len) |
| 79 | { | 79 | { |
| 80 | unsigned char *spki_der, *p; | 80 | unsigned char *spki_der; |
| 81 | const unsigned char *p; | ||
| 81 | int spki_len; | 82 | int spki_len; |
| 82 | NETSCAPE_SPKI *spki; | 83 | NETSCAPE_SPKI *spki; |
| 83 | if(len <= 0) len = strlen(str); | 84 | if(len <= 0) len = strlen(str); |
diff --git a/src/lib/libssl/src/crypto/x509/x509type.c b/src/lib/libssl/src/crypto/x509/x509type.c index c25959a742..2cd994c5b0 100644 --- a/src/lib/libssl/src/crypto/x509/x509type.c +++ b/src/lib/libssl/src/crypto/x509/x509type.c | |||
| @@ -86,6 +86,9 @@ int X509_certificate_type(X509 *x, EVP_PKEY *pkey) | |||
| 86 | case EVP_PKEY_DSA: | 86 | case EVP_PKEY_DSA: |
| 87 | ret=EVP_PK_DSA|EVP_PKT_SIGN; | 87 | ret=EVP_PK_DSA|EVP_PKT_SIGN; |
| 88 | break; | 88 | break; |
| 89 | case EVP_PKEY_EC: | ||
| 90 | ret=EVP_PK_EC|EVP_PKT_SIGN|EVP_PKT_EXCH; | ||
| 91 | break; | ||
| 89 | case EVP_PKEY_DH: | 92 | case EVP_PKEY_DH: |
| 90 | ret=EVP_PK_DH|EVP_PKT_EXCH; | 93 | ret=EVP_PK_DH|EVP_PKT_EXCH; |
| 91 | break; | 94 | break; |
| @@ -102,6 +105,9 @@ int X509_certificate_type(X509 *x, EVP_PKEY *pkey) | |||
| 102 | case EVP_PKEY_DSA: | 105 | case EVP_PKEY_DSA: |
| 103 | ret|=EVP_PKS_DSA; | 106 | ret|=EVP_PKS_DSA; |
| 104 | break; | 107 | break; |
| 108 | case EVP_PKEY_EC: | ||
| 109 | ret|=EVP_PKS_EC; | ||
| 110 | break; | ||
| 105 | default: | 111 | default: |
| 106 | break; | 112 | break; |
| 107 | } | 113 | } |
diff --git a/src/lib/libssl/src/crypto/x509/x_all.c b/src/lib/libssl/src/crypto/x509/x_all.c index ac6dea493a..9039caad60 100644 --- a/src/lib/libssl/src/crypto/x509/x_all.c +++ b/src/lib/libssl/src/crypto/x509/x_all.c | |||
| @@ -64,6 +64,12 @@ | |||
| 64 | #include <openssl/asn1.h> | 64 | #include <openssl/asn1.h> |
| 65 | #include <openssl/evp.h> | 65 | #include <openssl/evp.h> |
| 66 | #include <openssl/x509.h> | 66 | #include <openssl/x509.h> |
| 67 | #ifndef OPENSSL_NO_RSA | ||
| 68 | #include <openssl/rsa.h> | ||
| 69 | #endif | ||
| 70 | #ifndef OPENSSL_NO_DSA | ||
| 71 | #include <openssl/dsa.h> | ||
| 72 | #endif | ||
| 67 | 73 | ||
| 68 | int X509_verify(X509 *a, EVP_PKEY *r) | 74 | int X509_verify(X509 *a, EVP_PKEY *r) |
| 69 | { | 75 | { |
| @@ -223,9 +229,9 @@ RSA *d2i_RSAPublicKey_fp(FILE *fp, RSA **rsa) | |||
| 223 | 229 | ||
| 224 | RSA *d2i_RSA_PUBKEY_fp(FILE *fp, RSA **rsa) | 230 | RSA *d2i_RSA_PUBKEY_fp(FILE *fp, RSA **rsa) |
| 225 | { | 231 | { |
| 226 | return((RSA *)ASN1_d2i_fp((char *(*)()) | 232 | return ASN1_d2i_fp((void *(*)(void)) |
| 227 | RSA_new,(char *(*)())d2i_RSA_PUBKEY, (fp), | 233 | RSA_new,(D2I_OF(void))d2i_RSA_PUBKEY, fp, |
| 228 | (unsigned char **)(rsa))); | 234 | (void **)rsa); |
| 229 | } | 235 | } |
| 230 | 236 | ||
| 231 | int i2d_RSAPublicKey_fp(FILE *fp, RSA *rsa) | 237 | int i2d_RSAPublicKey_fp(FILE *fp, RSA *rsa) |
| @@ -235,7 +241,7 @@ int i2d_RSAPublicKey_fp(FILE *fp, RSA *rsa) | |||
| 235 | 241 | ||
| 236 | int i2d_RSA_PUBKEY_fp(FILE *fp, RSA *rsa) | 242 | int i2d_RSA_PUBKEY_fp(FILE *fp, RSA *rsa) |
| 237 | { | 243 | { |
| 238 | return(ASN1_i2d_fp(i2d_RSA_PUBKEY,fp,(unsigned char *)rsa)); | 244 | return ASN1_i2d_fp((I2D_OF(void))i2d_RSA_PUBKEY,fp,rsa); |
| 239 | } | 245 | } |
| 240 | #endif | 246 | #endif |
| 241 | 247 | ||
| @@ -257,9 +263,7 @@ RSA *d2i_RSAPublicKey_bio(BIO *bp, RSA **rsa) | |||
| 257 | 263 | ||
| 258 | RSA *d2i_RSA_PUBKEY_bio(BIO *bp, RSA **rsa) | 264 | RSA *d2i_RSA_PUBKEY_bio(BIO *bp, RSA **rsa) |
| 259 | { | 265 | { |
| 260 | return((RSA *)ASN1_d2i_bio((char *(*)()) | 266 | return ASN1_d2i_bio_of(RSA,RSA_new,d2i_RSA_PUBKEY,bp,rsa); |
| 261 | RSA_new,(char *(*)())d2i_RSA_PUBKEY, (bp), | ||
| 262 | (unsigned char **)(rsa))); | ||
| 263 | } | 267 | } |
| 264 | 268 | ||
| 265 | int i2d_RSAPublicKey_bio(BIO *bp, RSA *rsa) | 269 | int i2d_RSAPublicKey_bio(BIO *bp, RSA *rsa) |
| @@ -269,7 +273,7 @@ int i2d_RSAPublicKey_bio(BIO *bp, RSA *rsa) | |||
| 269 | 273 | ||
| 270 | int i2d_RSA_PUBKEY_bio(BIO *bp, RSA *rsa) | 274 | int i2d_RSA_PUBKEY_bio(BIO *bp, RSA *rsa) |
| 271 | { | 275 | { |
| 272 | return(ASN1_i2d_bio(i2d_RSA_PUBKEY,bp,(unsigned char *)rsa)); | 276 | return ASN1_i2d_bio_of(RSA,i2d_RSA_PUBKEY,bp,rsa); |
| 273 | } | 277 | } |
| 274 | #endif | 278 | #endif |
| 275 | 279 | ||
| @@ -277,55 +281,92 @@ int i2d_RSA_PUBKEY_bio(BIO *bp, RSA *rsa) | |||
| 277 | #ifndef OPENSSL_NO_FP_API | 281 | #ifndef OPENSSL_NO_FP_API |
| 278 | DSA *d2i_DSAPrivateKey_fp(FILE *fp, DSA **dsa) | 282 | DSA *d2i_DSAPrivateKey_fp(FILE *fp, DSA **dsa) |
| 279 | { | 283 | { |
| 280 | return((DSA *)ASN1_d2i_fp((char *(*)()) | 284 | return ASN1_d2i_fp_of(DSA,DSA_new,d2i_DSAPrivateKey,fp,dsa); |
| 281 | DSA_new,(char *(*)())d2i_DSAPrivateKey, (fp), | ||
| 282 | (unsigned char **)(dsa))); | ||
| 283 | } | 285 | } |
| 284 | 286 | ||
| 285 | int i2d_DSAPrivateKey_fp(FILE *fp, DSA *dsa) | 287 | int i2d_DSAPrivateKey_fp(FILE *fp, DSA *dsa) |
| 286 | { | 288 | { |
| 287 | return(ASN1_i2d_fp(i2d_DSAPrivateKey,fp,(unsigned char *)dsa)); | 289 | return ASN1_i2d_fp_of_const(DSA,i2d_DSAPrivateKey,fp,dsa); |
| 288 | } | 290 | } |
| 289 | 291 | ||
| 290 | DSA *d2i_DSA_PUBKEY_fp(FILE *fp, DSA **dsa) | 292 | DSA *d2i_DSA_PUBKEY_fp(FILE *fp, DSA **dsa) |
| 291 | { | 293 | { |
| 292 | return((DSA *)ASN1_d2i_fp((char *(*)()) | 294 | return ASN1_d2i_fp_of(DSA,DSA_new,d2i_DSA_PUBKEY,fp,dsa); |
| 293 | DSA_new,(char *(*)())d2i_DSA_PUBKEY, (fp), | ||
| 294 | (unsigned char **)(dsa))); | ||
| 295 | } | 295 | } |
| 296 | 296 | ||
| 297 | int i2d_DSA_PUBKEY_fp(FILE *fp, DSA *dsa) | 297 | int i2d_DSA_PUBKEY_fp(FILE *fp, DSA *dsa) |
| 298 | { | 298 | { |
| 299 | return(ASN1_i2d_fp(i2d_DSA_PUBKEY,fp,(unsigned char *)dsa)); | 299 | return ASN1_i2d_fp_of(DSA,i2d_DSA_PUBKEY,fp,dsa); |
| 300 | } | 300 | } |
| 301 | #endif | 301 | #endif |
| 302 | 302 | ||
| 303 | DSA *d2i_DSAPrivateKey_bio(BIO *bp, DSA **dsa) | 303 | DSA *d2i_DSAPrivateKey_bio(BIO *bp, DSA **dsa) |
| 304 | { | 304 | { |
| 305 | return((DSA *)ASN1_d2i_bio((char *(*)()) | 305 | return ASN1_d2i_bio_of(DSA,DSA_new,d2i_DSAPrivateKey,bp,dsa |
| 306 | DSA_new,(char *(*)())d2i_DSAPrivateKey, (bp), | 306 | ); |
| 307 | (unsigned char **)(dsa))); | ||
| 308 | } | 307 | } |
| 309 | 308 | ||
| 310 | int i2d_DSAPrivateKey_bio(BIO *bp, DSA *dsa) | 309 | int i2d_DSAPrivateKey_bio(BIO *bp, DSA *dsa) |
| 311 | { | 310 | { |
| 312 | return(ASN1_i2d_bio(i2d_DSAPrivateKey,bp,(unsigned char *)dsa)); | 311 | return ASN1_i2d_bio_of_const(DSA,i2d_DSAPrivateKey,bp,dsa); |
| 313 | } | 312 | } |
| 314 | 313 | ||
| 315 | DSA *d2i_DSA_PUBKEY_bio(BIO *bp, DSA **dsa) | 314 | DSA *d2i_DSA_PUBKEY_bio(BIO *bp, DSA **dsa) |
| 316 | { | 315 | { |
| 317 | return((DSA *)ASN1_d2i_bio((char *(*)()) | 316 | return ASN1_d2i_bio_of(DSA,DSA_new,d2i_DSA_PUBKEY,bp,dsa); |
| 318 | DSA_new,(char *(*)())d2i_DSA_PUBKEY, (bp), | ||
| 319 | (unsigned char **)(dsa))); | ||
| 320 | } | 317 | } |
| 321 | 318 | ||
| 322 | int i2d_DSA_PUBKEY_bio(BIO *bp, DSA *dsa) | 319 | int i2d_DSA_PUBKEY_bio(BIO *bp, DSA *dsa) |
| 323 | { | 320 | { |
| 324 | return(ASN1_i2d_bio(i2d_DSA_PUBKEY,bp,(unsigned char *)dsa)); | 321 | return ASN1_i2d_bio_of(DSA,i2d_DSA_PUBKEY,bp,dsa); |
| 325 | } | 322 | } |
| 326 | 323 | ||
| 327 | #endif | 324 | #endif |
| 328 | 325 | ||
| 326 | #ifndef OPENSSL_NO_EC | ||
| 327 | #ifndef OPENSSL_NO_FP_API | ||
| 328 | EC_KEY *d2i_EC_PUBKEY_fp(FILE *fp, EC_KEY **eckey) | ||
| 329 | { | ||
| 330 | return ASN1_d2i_fp_of(EC_KEY,EC_KEY_new,d2i_EC_PUBKEY,fp,eckey); | ||
| 331 | } | ||
| 332 | |||
| 333 | int i2d_EC_PUBKEY_fp(FILE *fp, EC_KEY *eckey) | ||
| 334 | { | ||
| 335 | return ASN1_i2d_fp_of(EC_KEY,i2d_EC_PUBKEY,fp,eckey); | ||
| 336 | } | ||
| 337 | |||
| 338 | EC_KEY *d2i_ECPrivateKey_fp(FILE *fp, EC_KEY **eckey) | ||
| 339 | { | ||
| 340 | return ASN1_d2i_fp_of(EC_KEY,EC_KEY_new,d2i_ECPrivateKey,fp,eckey); | ||
| 341 | } | ||
| 342 | |||
| 343 | int i2d_ECPrivateKey_fp(FILE *fp, EC_KEY *eckey) | ||
| 344 | { | ||
| 345 | return ASN1_i2d_fp_of(EC_KEY,i2d_ECPrivateKey,fp,eckey); | ||
| 346 | } | ||
| 347 | #endif | ||
| 348 | EC_KEY *d2i_EC_PUBKEY_bio(BIO *bp, EC_KEY **eckey) | ||
| 349 | { | ||
| 350 | return ASN1_d2i_bio_of(EC_KEY,EC_KEY_new,d2i_EC_PUBKEY,bp,eckey); | ||
| 351 | } | ||
| 352 | |||
| 353 | int i2d_EC_PUBKEY_bio(BIO *bp, EC_KEY *ecdsa) | ||
| 354 | { | ||
| 355 | return ASN1_i2d_bio_of(EC_KEY,i2d_EC_PUBKEY,bp,ecdsa); | ||
| 356 | } | ||
| 357 | |||
| 358 | EC_KEY *d2i_ECPrivateKey_bio(BIO *bp, EC_KEY **eckey) | ||
| 359 | { | ||
| 360 | return ASN1_d2i_bio_of(EC_KEY,EC_KEY_new,d2i_ECPrivateKey,bp,eckey); | ||
| 361 | } | ||
| 362 | |||
| 363 | int i2d_ECPrivateKey_bio(BIO *bp, EC_KEY *eckey) | ||
| 364 | { | ||
| 365 | return ASN1_i2d_bio_of(EC_KEY,i2d_ECPrivateKey,bp,eckey); | ||
| 366 | } | ||
| 367 | #endif | ||
| 368 | |||
| 369 | |||
| 329 | int X509_pubkey_digest(const X509 *data, const EVP_MD *type, unsigned char *md, | 370 | int X509_pubkey_digest(const X509 *data, const EVP_MD *type, unsigned char *md, |
| 330 | unsigned int *len) | 371 | unsigned int *len) |
| 331 | { | 372 | { |
| @@ -370,40 +411,37 @@ int PKCS7_ISSUER_AND_SERIAL_digest(PKCS7_ISSUER_AND_SERIAL *data, const EVP_MD * | |||
| 370 | #ifndef OPENSSL_NO_FP_API | 411 | #ifndef OPENSSL_NO_FP_API |
| 371 | X509_SIG *d2i_PKCS8_fp(FILE *fp, X509_SIG **p8) | 412 | X509_SIG *d2i_PKCS8_fp(FILE *fp, X509_SIG **p8) |
| 372 | { | 413 | { |
| 373 | return((X509_SIG *)ASN1_d2i_fp((char *(*)())X509_SIG_new, | 414 | return ASN1_d2i_fp_of(X509_SIG,X509_SIG_new,d2i_X509_SIG,fp,p8); |
| 374 | (char *(*)())d2i_X509_SIG, (fp),(unsigned char **)(p8))); | ||
| 375 | } | 415 | } |
| 376 | 416 | ||
| 377 | int i2d_PKCS8_fp(FILE *fp, X509_SIG *p8) | 417 | int i2d_PKCS8_fp(FILE *fp, X509_SIG *p8) |
| 378 | { | 418 | { |
| 379 | return(ASN1_i2d_fp(i2d_X509_SIG,fp,(unsigned char *)p8)); | 419 | return ASN1_i2d_fp_of(X509_SIG,i2d_X509_SIG,fp,p8); |
| 380 | } | 420 | } |
| 381 | #endif | 421 | #endif |
| 382 | 422 | ||
| 383 | X509_SIG *d2i_PKCS8_bio(BIO *bp, X509_SIG **p8) | 423 | X509_SIG *d2i_PKCS8_bio(BIO *bp, X509_SIG **p8) |
| 384 | { | 424 | { |
| 385 | return((X509_SIG *)ASN1_d2i_bio((char *(*)())X509_SIG_new, | 425 | return ASN1_d2i_bio_of(X509_SIG,X509_SIG_new,d2i_X509_SIG,bp,p8); |
| 386 | (char *(*)())d2i_X509_SIG, (bp),(unsigned char **)(p8))); | ||
| 387 | } | 426 | } |
| 388 | 427 | ||
| 389 | int i2d_PKCS8_bio(BIO *bp, X509_SIG *p8) | 428 | int i2d_PKCS8_bio(BIO *bp, X509_SIG *p8) |
| 390 | { | 429 | { |
| 391 | return(ASN1_i2d_bio(i2d_X509_SIG,bp,(unsigned char *)p8)); | 430 | return ASN1_i2d_bio_of(X509_SIG,i2d_X509_SIG,bp,p8); |
| 392 | } | 431 | } |
| 393 | 432 | ||
| 394 | #ifndef OPENSSL_NO_FP_API | 433 | #ifndef OPENSSL_NO_FP_API |
| 395 | PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_fp(FILE *fp, | 434 | PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_fp(FILE *fp, |
| 396 | PKCS8_PRIV_KEY_INFO **p8inf) | 435 | PKCS8_PRIV_KEY_INFO **p8inf) |
| 397 | { | 436 | { |
| 398 | return((PKCS8_PRIV_KEY_INFO *)ASN1_d2i_fp( | 437 | return ASN1_d2i_fp_of(PKCS8_PRIV_KEY_INFO,PKCS8_PRIV_KEY_INFO_new, |
| 399 | (char *(*)())PKCS8_PRIV_KEY_INFO_new, | 438 | d2i_PKCS8_PRIV_KEY_INFO,fp,p8inf); |
| 400 | (char *(*)())d2i_PKCS8_PRIV_KEY_INFO, (fp), | ||
| 401 | (unsigned char **)(p8inf))); | ||
| 402 | } | 439 | } |
| 403 | 440 | ||
| 404 | int i2d_PKCS8_PRIV_KEY_INFO_fp(FILE *fp, PKCS8_PRIV_KEY_INFO *p8inf) | 441 | int i2d_PKCS8_PRIV_KEY_INFO_fp(FILE *fp, PKCS8_PRIV_KEY_INFO *p8inf) |
| 405 | { | 442 | { |
| 406 | return(ASN1_i2d_fp(i2d_PKCS8_PRIV_KEY_INFO,fp,(unsigned char *)p8inf)); | 443 | return ASN1_i2d_fp_of(PKCS8_PRIV_KEY_INFO,i2d_PKCS8_PRIV_KEY_INFO,fp, |
| 444 | p8inf); | ||
| 407 | } | 445 | } |
| 408 | 446 | ||
| 409 | int i2d_PKCS8PrivateKeyInfo_fp(FILE *fp, EVP_PKEY *key) | 447 | int i2d_PKCS8PrivateKeyInfo_fp(FILE *fp, EVP_PKEY *key) |
| @@ -419,24 +457,22 @@ int i2d_PKCS8PrivateKeyInfo_fp(FILE *fp, EVP_PKEY *key) | |||
| 419 | 457 | ||
| 420 | int i2d_PrivateKey_fp(FILE *fp, EVP_PKEY *pkey) | 458 | int i2d_PrivateKey_fp(FILE *fp, EVP_PKEY *pkey) |
| 421 | { | 459 | { |
| 422 | return(ASN1_i2d_fp(i2d_PrivateKey,fp,(unsigned char *)pkey)); | 460 | return ASN1_i2d_fp_of(EVP_PKEY,i2d_PrivateKey,fp,pkey); |
| 423 | } | 461 | } |
| 424 | 462 | ||
| 425 | EVP_PKEY *d2i_PrivateKey_fp(FILE *fp, EVP_PKEY **a) | 463 | EVP_PKEY *d2i_PrivateKey_fp(FILE *fp, EVP_PKEY **a) |
| 426 | { | 464 | { |
| 427 | return((EVP_PKEY *)ASN1_d2i_fp((char *(*)())EVP_PKEY_new, | 465 | return ASN1_d2i_fp_of(EVP_PKEY,EVP_PKEY_new,d2i_AutoPrivateKey,fp,a); |
| 428 | (char *(*)())d2i_AutoPrivateKey, (fp),(unsigned char **)(a))); | ||
| 429 | } | 466 | } |
| 430 | 467 | ||
| 431 | int i2d_PUBKEY_fp(FILE *fp, EVP_PKEY *pkey) | 468 | int i2d_PUBKEY_fp(FILE *fp, EVP_PKEY *pkey) |
| 432 | { | 469 | { |
| 433 | return(ASN1_i2d_fp(i2d_PUBKEY,fp,(unsigned char *)pkey)); | 470 | return ASN1_i2d_fp_of(EVP_PKEY,i2d_PUBKEY,fp,pkey); |
| 434 | } | 471 | } |
| 435 | 472 | ||
| 436 | EVP_PKEY *d2i_PUBKEY_fp(FILE *fp, EVP_PKEY **a) | 473 | EVP_PKEY *d2i_PUBKEY_fp(FILE *fp, EVP_PKEY **a) |
| 437 | { | 474 | { |
| 438 | return((EVP_PKEY *)ASN1_d2i_fp((char *(*)())EVP_PKEY_new, | 475 | return ASN1_d2i_fp_of(EVP_PKEY,EVP_PKEY_new,d2i_PUBKEY,fp,a); |
| 439 | (char *(*)())d2i_PUBKEY, (fp),(unsigned char **)(a))); | ||
| 440 | } | 476 | } |
| 441 | 477 | ||
| 442 | #endif | 478 | #endif |
| @@ -444,15 +480,14 @@ EVP_PKEY *d2i_PUBKEY_fp(FILE *fp, EVP_PKEY **a) | |||
| 444 | PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_bio(BIO *bp, | 480 | PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_bio(BIO *bp, |
| 445 | PKCS8_PRIV_KEY_INFO **p8inf) | 481 | PKCS8_PRIV_KEY_INFO **p8inf) |
| 446 | { | 482 | { |
| 447 | return((PKCS8_PRIV_KEY_INFO *)ASN1_d2i_bio( | 483 | return ASN1_d2i_bio_of(PKCS8_PRIV_KEY_INFO,PKCS8_PRIV_KEY_INFO_new, |
| 448 | (char *(*)())PKCS8_PRIV_KEY_INFO_new, | 484 | d2i_PKCS8_PRIV_KEY_INFO,bp,p8inf); |
| 449 | (char *(*)())d2i_PKCS8_PRIV_KEY_INFO, (bp), | ||
| 450 | (unsigned char **)(p8inf))); | ||
| 451 | } | 485 | } |
| 452 | 486 | ||
| 453 | int i2d_PKCS8_PRIV_KEY_INFO_bio(BIO *bp, PKCS8_PRIV_KEY_INFO *p8inf) | 487 | int i2d_PKCS8_PRIV_KEY_INFO_bio(BIO *bp, PKCS8_PRIV_KEY_INFO *p8inf) |
| 454 | { | 488 | { |
| 455 | return(ASN1_i2d_bio(i2d_PKCS8_PRIV_KEY_INFO,bp,(unsigned char *)p8inf)); | 489 | return ASN1_i2d_bio_of(PKCS8_PRIV_KEY_INFO,i2d_PKCS8_PRIV_KEY_INFO,bp, |
| 490 | p8inf); | ||
| 456 | } | 491 | } |
| 457 | 492 | ||
| 458 | int i2d_PKCS8PrivateKeyInfo_bio(BIO *bp, EVP_PKEY *key) | 493 | int i2d_PKCS8PrivateKeyInfo_bio(BIO *bp, EVP_PKEY *key) |
| @@ -468,22 +503,20 @@ int i2d_PKCS8PrivateKeyInfo_bio(BIO *bp, EVP_PKEY *key) | |||
| 468 | 503 | ||
| 469 | int i2d_PrivateKey_bio(BIO *bp, EVP_PKEY *pkey) | 504 | int i2d_PrivateKey_bio(BIO *bp, EVP_PKEY *pkey) |
| 470 | { | 505 | { |
| 471 | return(ASN1_i2d_bio(i2d_PrivateKey,bp,(unsigned char *)pkey)); | 506 | return ASN1_i2d_bio_of(EVP_PKEY,i2d_PrivateKey,bp,pkey); |
| 472 | } | 507 | } |
| 473 | 508 | ||
| 474 | EVP_PKEY *d2i_PrivateKey_bio(BIO *bp, EVP_PKEY **a) | 509 | EVP_PKEY *d2i_PrivateKey_bio(BIO *bp, EVP_PKEY **a) |
| 475 | { | 510 | { |
| 476 | return((EVP_PKEY *)ASN1_d2i_bio((char *(*)())EVP_PKEY_new, | 511 | return ASN1_d2i_bio_of(EVP_PKEY,EVP_PKEY_new,d2i_AutoPrivateKey,bp,a); |
| 477 | (char *(*)())d2i_AutoPrivateKey, (bp),(unsigned char **)(a))); | ||
| 478 | } | 512 | } |
| 479 | 513 | ||
| 480 | int i2d_PUBKEY_bio(BIO *bp, EVP_PKEY *pkey) | 514 | int i2d_PUBKEY_bio(BIO *bp, EVP_PKEY *pkey) |
| 481 | { | 515 | { |
| 482 | return(ASN1_i2d_bio(i2d_PUBKEY,bp,(unsigned char *)pkey)); | 516 | return ASN1_i2d_bio_of(EVP_PKEY,i2d_PUBKEY,bp,pkey); |
| 483 | } | 517 | } |
| 484 | 518 | ||
| 485 | EVP_PKEY *d2i_PUBKEY_bio(BIO *bp, EVP_PKEY **a) | 519 | EVP_PKEY *d2i_PUBKEY_bio(BIO *bp, EVP_PKEY **a) |
| 486 | { | 520 | { |
| 487 | return((EVP_PKEY *)ASN1_d2i_bio((char *(*)())EVP_PKEY_new, | 521 | return ASN1_d2i_bio_of(EVP_PKEY,EVP_PKEY_new,d2i_PUBKEY,bp,a); |
| 488 | (char *(*)())d2i_PUBKEY, (bp),(unsigned char **)(a))); | ||
| 489 | } | 522 | } |
diff --git a/src/lib/libssl/src/crypto/x509v3/ext_dat.h b/src/lib/libssl/src/crypto/x509v3/ext_dat.h index d8328ac468..5c063ac65d 100644 --- a/src/lib/libssl/src/crypto/x509v3/ext_dat.h +++ b/src/lib/libssl/src/crypto/x509v3/ext_dat.h | |||
| @@ -65,6 +65,11 @@ extern X509V3_EXT_METHOD v3_delta_crl, v3_cpols, v3_crld; | |||
| 65 | extern X509V3_EXT_METHOD v3_ocsp_nonce, v3_ocsp_accresp, v3_ocsp_acutoff; | 65 | extern X509V3_EXT_METHOD v3_ocsp_nonce, v3_ocsp_accresp, v3_ocsp_acutoff; |
| 66 | extern X509V3_EXT_METHOD v3_ocsp_crlid, v3_ocsp_nocheck, v3_ocsp_serviceloc; | 66 | extern X509V3_EXT_METHOD v3_ocsp_crlid, v3_ocsp_nocheck, v3_ocsp_serviceloc; |
| 67 | extern X509V3_EXT_METHOD v3_crl_hold, v3_pci; | 67 | extern X509V3_EXT_METHOD v3_crl_hold, v3_pci; |
| 68 | extern X509V3_EXT_METHOD v3_policy_mappings, v3_policy_constraints; | ||
| 69 | extern X509V3_EXT_METHOD v3_name_constraints, v3_inhibit_anyp; | ||
| 70 | #ifndef OPENSSL_NO_RFC3779 | ||
| 71 | extern X509V3_EXT_METHOD v3_addr, v3_asid; | ||
| 72 | #endif | ||
| 68 | 73 | ||
| 69 | /* This table will be searched using OBJ_bsearch so it *must* kept in | 74 | /* This table will be searched using OBJ_bsearch so it *must* kept in |
| 70 | * order of the ext_nid values. | 75 | * order of the ext_nid values. |
| @@ -97,6 +102,10 @@ static X509V3_EXT_METHOD *standard_exts[] = { | |||
| 97 | #endif | 102 | #endif |
| 98 | &v3_sxnet, | 103 | &v3_sxnet, |
| 99 | &v3_info, | 104 | &v3_info, |
| 105 | #ifndef OPENSSL_NO_RFC3779 | ||
| 106 | &v3_addr, | ||
| 107 | &v3_asid, | ||
| 108 | #endif | ||
| 100 | #ifndef OPENSSL_NO_OCSP | 109 | #ifndef OPENSSL_NO_OCSP |
| 101 | &v3_ocsp_nonce, | 110 | &v3_ocsp_nonce, |
| 102 | &v3_ocsp_crlid, | 111 | &v3_ocsp_crlid, |
| @@ -106,10 +115,14 @@ static X509V3_EXT_METHOD *standard_exts[] = { | |||
| 106 | &v3_ocsp_serviceloc, | 115 | &v3_ocsp_serviceloc, |
| 107 | #endif | 116 | #endif |
| 108 | &v3_sinfo, | 117 | &v3_sinfo, |
| 118 | &v3_policy_constraints, | ||
| 109 | #ifndef OPENSSL_NO_OCSP | 119 | #ifndef OPENSSL_NO_OCSP |
| 110 | &v3_crl_hold, | 120 | &v3_crl_hold, |
| 111 | #endif | 121 | #endif |
| 112 | &v3_pci, | 122 | &v3_pci, |
| 123 | &v3_name_constraints, | ||
| 124 | &v3_policy_mappings, | ||
| 125 | &v3_inhibit_anyp | ||
| 113 | }; | 126 | }; |
| 114 | 127 | ||
| 115 | /* Number of standard extensions */ | 128 | /* Number of standard extensions */ |
diff --git a/src/lib/libssl/src/crypto/x509v3/v3_akey.c b/src/lib/libssl/src/crypto/x509v3/v3_akey.c index 97e686f97a..ac0548b775 100644 --- a/src/lib/libssl/src/crypto/x509v3/v3_akey.c +++ b/src/lib/libssl/src/crypto/x509v3/v3_akey.c | |||
| @@ -68,15 +68,17 @@ static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_KEYID(X509V3_EXT_METHOD *method, | |||
| 68 | static AUTHORITY_KEYID *v2i_AUTHORITY_KEYID(X509V3_EXT_METHOD *method, | 68 | static AUTHORITY_KEYID *v2i_AUTHORITY_KEYID(X509V3_EXT_METHOD *method, |
| 69 | X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values); | 69 | X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values); |
| 70 | 70 | ||
| 71 | X509V3_EXT_METHOD v3_akey_id = { | 71 | const X509V3_EXT_METHOD v3_akey_id = |
| 72 | NID_authority_key_identifier, X509V3_EXT_MULTILINE, ASN1_ITEM_ref(AUTHORITY_KEYID), | 72 | { |
| 73 | 0,0,0,0, | 73 | NID_authority_key_identifier, |
| 74 | 0,0, | 74 | X509V3_EXT_MULTILINE, ASN1_ITEM_ref(AUTHORITY_KEYID), |
| 75 | (X509V3_EXT_I2V)i2v_AUTHORITY_KEYID, | 75 | 0,0,0,0, |
| 76 | (X509V3_EXT_V2I)v2i_AUTHORITY_KEYID, | 76 | 0,0, |
| 77 | 0,0, | 77 | (X509V3_EXT_I2V)i2v_AUTHORITY_KEYID, |
| 78 | NULL | 78 | (X509V3_EXT_V2I)v2i_AUTHORITY_KEYID, |
| 79 | }; | 79 | 0,0, |
| 80 | NULL | ||
| 81 | }; | ||
| 80 | 82 | ||
| 81 | static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_KEYID(X509V3_EXT_METHOD *method, | 83 | static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_KEYID(X509V3_EXT_METHOD *method, |
| 82 | AUTHORITY_KEYID *akeyid, STACK_OF(CONF_VALUE) *extlist) | 84 | AUTHORITY_KEYID *akeyid, STACK_OF(CONF_VALUE) *extlist) |
| @@ -108,83 +110,99 @@ static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_KEYID(X509V3_EXT_METHOD *method, | |||
| 108 | 110 | ||
| 109 | static AUTHORITY_KEYID *v2i_AUTHORITY_KEYID(X509V3_EXT_METHOD *method, | 111 | static AUTHORITY_KEYID *v2i_AUTHORITY_KEYID(X509V3_EXT_METHOD *method, |
| 110 | X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values) | 112 | X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values) |
| 111 | { | 113 | { |
| 112 | char keyid=0, issuer=0; | 114 | char keyid=0, issuer=0; |
| 113 | int i; | 115 | int i; |
| 114 | CONF_VALUE *cnf; | 116 | CONF_VALUE *cnf; |
| 115 | ASN1_OCTET_STRING *ikeyid = NULL; | 117 | ASN1_OCTET_STRING *ikeyid = NULL; |
| 116 | X509_NAME *isname = NULL; | 118 | X509_NAME *isname = NULL; |
| 117 | GENERAL_NAMES * gens = NULL; | 119 | GENERAL_NAMES * gens = NULL; |
| 118 | GENERAL_NAME *gen = NULL; | 120 | GENERAL_NAME *gen = NULL; |
| 119 | ASN1_INTEGER *serial = NULL; | 121 | ASN1_INTEGER *serial = NULL; |
| 120 | X509_EXTENSION *ext; | 122 | X509_EXTENSION *ext; |
| 121 | X509 *cert; | 123 | X509 *cert; |
| 122 | AUTHORITY_KEYID *akeyid; | 124 | AUTHORITY_KEYID *akeyid; |
| 123 | for(i = 0; i < sk_CONF_VALUE_num(values); i++) { | 125 | |
| 124 | cnf = sk_CONF_VALUE_value(values, i); | 126 | for(i = 0; i < sk_CONF_VALUE_num(values); i++) |
| 125 | if(!strcmp(cnf->name, "keyid")) { | 127 | { |
| 126 | keyid = 1; | 128 | cnf = sk_CONF_VALUE_value(values, i); |
| 127 | if(cnf->value && !strcmp(cnf->value, "always")) keyid = 2; | 129 | if(!strcmp(cnf->name, "keyid")) |
| 128 | } else if(!strcmp(cnf->name, "issuer")) { | 130 | { |
| 129 | issuer = 1; | 131 | keyid = 1; |
| 130 | if(cnf->value && !strcmp(cnf->value, "always")) issuer = 2; | 132 | if(cnf->value && !strcmp(cnf->value, "always")) |
| 131 | } else { | 133 | keyid = 2; |
| 132 | X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,X509V3_R_UNKNOWN_OPTION); | 134 | } |
| 133 | ERR_add_error_data(2, "name=", cnf->name); | 135 | else if(!strcmp(cnf->name, "issuer")) |
| 136 | { | ||
| 137 | issuer = 1; | ||
| 138 | if(cnf->value && !strcmp(cnf->value, "always")) | ||
| 139 | issuer = 2; | ||
| 140 | } | ||
| 141 | else | ||
| 142 | { | ||
| 143 | X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,X509V3_R_UNKNOWN_OPTION); | ||
| 144 | ERR_add_error_data(2, "name=", cnf->name); | ||
| 145 | return NULL; | ||
| 146 | } | ||
| 147 | } | ||
| 148 | |||
| 149 | if(!ctx || !ctx->issuer_cert) | ||
| 150 | { | ||
| 151 | if(ctx && (ctx->flags==CTX_TEST)) | ||
| 152 | return AUTHORITY_KEYID_new(); | ||
| 153 | X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,X509V3_R_NO_ISSUER_CERTIFICATE); | ||
| 134 | return NULL; | 154 | return NULL; |
| 135 | } | 155 | } |
| 136 | } | 156 | |
| 137 | 157 | cert = ctx->issuer_cert; | |
| 138 | if(!ctx || !ctx->issuer_cert) { | 158 | |
| 139 | if(ctx && (ctx->flags==CTX_TEST)) return AUTHORITY_KEYID_new(); | 159 | if(keyid) |
| 140 | X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,X509V3_R_NO_ISSUER_CERTIFICATE); | 160 | { |
| 161 | i = X509_get_ext_by_NID(cert, NID_subject_key_identifier, -1); | ||
| 162 | if((i >= 0) && (ext = X509_get_ext(cert, i))) | ||
| 163 | ikeyid = X509V3_EXT_d2i(ext); | ||
| 164 | if(keyid==2 && !ikeyid) | ||
| 165 | { | ||
| 166 | X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,X509V3_R_UNABLE_TO_GET_ISSUER_KEYID); | ||
| 167 | return NULL; | ||
| 168 | } | ||
| 169 | } | ||
| 170 | |||
| 171 | if((issuer && !ikeyid) || (issuer == 2)) | ||
| 172 | { | ||
| 173 | isname = X509_NAME_dup(X509_get_issuer_name(cert)); | ||
| 174 | serial = M_ASN1_INTEGER_dup(X509_get_serialNumber(cert)); | ||
| 175 | if(!isname || !serial) | ||
| 176 | { | ||
| 177 | X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS); | ||
| 178 | goto err; | ||
| 179 | } | ||
| 180 | } | ||
| 181 | |||
| 182 | if(!(akeyid = AUTHORITY_KEYID_new())) goto err; | ||
| 183 | |||
| 184 | if(isname) | ||
| 185 | { | ||
| 186 | if(!(gens = sk_GENERAL_NAME_new_null()) | ||
| 187 | || !(gen = GENERAL_NAME_new()) | ||
| 188 | || !sk_GENERAL_NAME_push(gens, gen)) | ||
| 189 | { | ||
| 190 | X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,ERR_R_MALLOC_FAILURE); | ||
| 191 | goto err; | ||
| 192 | } | ||
| 193 | gen->type = GEN_DIRNAME; | ||
| 194 | gen->d.dirn = isname; | ||
| 195 | } | ||
| 196 | |||
| 197 | akeyid->issuer = gens; | ||
| 198 | akeyid->serial = serial; | ||
| 199 | akeyid->keyid = ikeyid; | ||
| 200 | |||
| 201 | return akeyid; | ||
| 202 | |||
| 203 | err: | ||
| 204 | X509_NAME_free(isname); | ||
| 205 | M_ASN1_INTEGER_free(serial); | ||
| 206 | M_ASN1_OCTET_STRING_free(ikeyid); | ||
| 141 | return NULL; | 207 | return NULL; |
| 142 | } | ||
| 143 | |||
| 144 | cert = ctx->issuer_cert; | ||
| 145 | |||
| 146 | if(keyid) { | ||
| 147 | i = X509_get_ext_by_NID(cert, NID_subject_key_identifier, -1); | ||
| 148 | if((i >= 0) && (ext = X509_get_ext(cert, i))) | ||
| 149 | ikeyid = X509V3_EXT_d2i(ext); | ||
| 150 | if(keyid==2 && !ikeyid) { | ||
| 151 | X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,X509V3_R_UNABLE_TO_GET_ISSUER_KEYID); | ||
| 152 | return NULL; | ||
| 153 | } | ||
| 154 | } | ||
| 155 | |||
| 156 | if((issuer && !ikeyid) || (issuer == 2)) { | ||
| 157 | isname = X509_NAME_dup(X509_get_issuer_name(cert)); | ||
| 158 | serial = M_ASN1_INTEGER_dup(X509_get_serialNumber(cert)); | ||
| 159 | if(!isname || !serial) { | ||
| 160 | X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS); | ||
| 161 | goto err; | ||
| 162 | } | 208 | } |
| 163 | } | ||
| 164 | |||
| 165 | if(!(akeyid = AUTHORITY_KEYID_new())) goto err; | ||
| 166 | |||
| 167 | if(isname) { | ||
| 168 | if(!(gens = sk_GENERAL_NAME_new_null()) || !(gen = GENERAL_NAME_new()) | ||
| 169 | || !sk_GENERAL_NAME_push(gens, gen)) { | ||
| 170 | X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,ERR_R_MALLOC_FAILURE); | ||
| 171 | goto err; | ||
| 172 | } | ||
| 173 | gen->type = GEN_DIRNAME; | ||
| 174 | gen->d.dirn = isname; | ||
| 175 | } | ||
| 176 | |||
| 177 | akeyid->issuer = gens; | ||
| 178 | akeyid->serial = serial; | ||
| 179 | akeyid->keyid = ikeyid; | ||
| 180 | |||
| 181 | return akeyid; | ||
| 182 | |||
| 183 | err: | ||
| 184 | X509_NAME_free(isname); | ||
| 185 | M_ASN1_INTEGER_free(serial); | ||
| 186 | M_ASN1_OCTET_STRING_free(ikeyid); | ||
| 187 | return NULL; | ||
| 188 | |||
| 189 | } | ||
| 190 | |||
diff --git a/src/lib/libssl/src/crypto/x509v3/v3_alt.c b/src/lib/libssl/src/crypto/x509v3/v3_alt.c index 58b935a3b6..bb2f5bc54e 100644 --- a/src/lib/libssl/src/crypto/x509v3/v3_alt.c +++ b/src/lib/libssl/src/crypto/x509v3/v3_alt.c | |||
| @@ -1,9 +1,9 @@ | |||
| 1 | /* v3_alt.c */ | 1 | /* v3_alt.c */ |
| 2 | /* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL | 2 | /* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL |
| 3 | * project 1999. | 3 | * project. |
| 4 | */ | 4 | */ |
| 5 | /* ==================================================================== | 5 | /* ==================================================================== |
| 6 | * Copyright (c) 1999 The OpenSSL Project. All rights reserved. | 6 | * Copyright (c) 1999-2003 The OpenSSL Project. All rights reserved. |
| 7 | * | 7 | * |
| 8 | * Redistribution and use in source and binary forms, with or without | 8 | * Redistribution and use in source and binary forms, with or without |
| 9 | * modification, are permitted provided that the following conditions | 9 | * modification, are permitted provided that the following conditions |
| @@ -65,7 +65,10 @@ static GENERAL_NAMES *v2i_subject_alt(X509V3_EXT_METHOD *method, X509V3_CTX *ctx | |||
| 65 | static GENERAL_NAMES *v2i_issuer_alt(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval); | 65 | static GENERAL_NAMES *v2i_issuer_alt(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval); |
| 66 | static int copy_email(X509V3_CTX *ctx, GENERAL_NAMES *gens, int move_p); | 66 | static int copy_email(X509V3_CTX *ctx, GENERAL_NAMES *gens, int move_p); |
| 67 | static int copy_issuer(X509V3_CTX *ctx, GENERAL_NAMES *gens); | 67 | static int copy_issuer(X509V3_CTX *ctx, GENERAL_NAMES *gens); |
| 68 | X509V3_EXT_METHOD v3_alt[] = { | 68 | static int do_othername(GENERAL_NAME *gen, char *value, X509V3_CTX *ctx); |
| 69 | static int do_dirname(GENERAL_NAME *gen, char *value, X509V3_CTX *ctx); | ||
| 70 | |||
| 71 | const X509V3_EXT_METHOD v3_alt[] = { | ||
| 69 | { NID_subject_alt_name, 0, ASN1_ITEM_ref(GENERAL_NAMES), | 72 | { NID_subject_alt_name, 0, ASN1_ITEM_ref(GENERAL_NAMES), |
| 70 | 0,0,0,0, | 73 | 0,0,0,0, |
| 71 | 0,0, | 74 | 0,0, |
| @@ -98,7 +101,8 @@ STACK_OF(CONF_VALUE) *i2v_GENERAL_NAME(X509V3_EXT_METHOD *method, | |||
| 98 | GENERAL_NAME *gen, STACK_OF(CONF_VALUE) *ret) | 101 | GENERAL_NAME *gen, STACK_OF(CONF_VALUE) *ret) |
| 99 | { | 102 | { |
| 100 | unsigned char *p; | 103 | unsigned char *p; |
| 101 | char oline[256]; | 104 | char oline[256], htmp[5]; |
| 105 | int i; | ||
| 102 | switch (gen->type) | 106 | switch (gen->type) |
| 103 | { | 107 | { |
| 104 | case GEN_OTHERNAME: | 108 | case GEN_OTHERNAME: |
| @@ -132,13 +136,27 @@ STACK_OF(CONF_VALUE) *i2v_GENERAL_NAME(X509V3_EXT_METHOD *method, | |||
| 132 | 136 | ||
| 133 | case GEN_IPADD: | 137 | case GEN_IPADD: |
| 134 | p = gen->d.ip->data; | 138 | p = gen->d.ip->data; |
| 135 | /* BUG: doesn't support IPV6 */ | 139 | if(gen->d.ip->length == 4) |
| 136 | if(gen->d.ip->length != 4) { | 140 | BIO_snprintf(oline, sizeof oline, |
| 141 | "%d.%d.%d.%d", p[0], p[1], p[2], p[3]); | ||
| 142 | else if(gen->d.ip->length == 16) | ||
| 143 | { | ||
| 144 | oline[0] = 0; | ||
| 145 | for (i = 0; i < 8; i++) | ||
| 146 | { | ||
| 147 | BIO_snprintf(htmp, sizeof htmp, | ||
| 148 | "%X", p[0] << 8 | p[1]); | ||
| 149 | p += 2; | ||
| 150 | strcat(oline, htmp); | ||
| 151 | if (i != 7) | ||
| 152 | strcat(oline, ":"); | ||
| 153 | } | ||
| 154 | } | ||
| 155 | else | ||
| 156 | { | ||
| 137 | X509V3_add_value("IP Address","<invalid>", &ret); | 157 | X509V3_add_value("IP Address","<invalid>", &ret); |
| 138 | break; | 158 | break; |
| 139 | } | 159 | } |
| 140 | BIO_snprintf(oline, sizeof oline, | ||
| 141 | "%d.%d.%d.%d", p[0], p[1], p[2], p[3]); | ||
| 142 | X509V3_add_value("IP Address",oline, &ret); | 160 | X509V3_add_value("IP Address",oline, &ret); |
| 143 | break; | 161 | break; |
| 144 | 162 | ||
| @@ -153,6 +171,7 @@ STACK_OF(CONF_VALUE) *i2v_GENERAL_NAME(X509V3_EXT_METHOD *method, | |||
| 153 | int GENERAL_NAME_print(BIO *out, GENERAL_NAME *gen) | 171 | int GENERAL_NAME_print(BIO *out, GENERAL_NAME *gen) |
| 154 | { | 172 | { |
| 155 | unsigned char *p; | 173 | unsigned char *p; |
| 174 | int i; | ||
| 156 | switch (gen->type) | 175 | switch (gen->type) |
| 157 | { | 176 | { |
| 158 | case GEN_OTHERNAME: | 177 | case GEN_OTHERNAME: |
| @@ -187,12 +206,24 @@ int GENERAL_NAME_print(BIO *out, GENERAL_NAME *gen) | |||
| 187 | 206 | ||
| 188 | case GEN_IPADD: | 207 | case GEN_IPADD: |
| 189 | p = gen->d.ip->data; | 208 | p = gen->d.ip->data; |
| 190 | /* BUG: doesn't support IPV6 */ | 209 | if(gen->d.ip->length == 4) |
| 191 | if(gen->d.ip->length != 4) { | 210 | BIO_printf(out, "IP Address:%d.%d.%d.%d", |
| 211 | p[0], p[1], p[2], p[3]); | ||
| 212 | else if(gen->d.ip->length == 16) | ||
| 213 | { | ||
| 214 | BIO_printf(out, "IP Address"); | ||
| 215 | for (i = 0; i < 8; i++) | ||
| 216 | { | ||
| 217 | BIO_printf(out, ":%X", p[0] << 8 | p[1]); | ||
| 218 | p += 2; | ||
| 219 | } | ||
| 220 | BIO_puts(out, "\n"); | ||
| 221 | } | ||
| 222 | else | ||
| 223 | { | ||
| 192 | BIO_printf(out,"IP Address:<invalid>"); | 224 | BIO_printf(out,"IP Address:<invalid>"); |
| 193 | break; | 225 | break; |
| 194 | } | 226 | } |
| 195 | BIO_printf(out, "IP Address:%d.%d.%d.%d", p[0], p[1], p[2], p[3]); | ||
| 196 | break; | 227 | break; |
| 197 | 228 | ||
| 198 | case GEN_RID: | 229 | case GEN_RID: |
| @@ -210,7 +241,7 @@ static GENERAL_NAMES *v2i_issuer_alt(X509V3_EXT_METHOD *method, | |||
| 210 | CONF_VALUE *cnf; | 241 | CONF_VALUE *cnf; |
| 211 | int i; | 242 | int i; |
| 212 | if(!(gens = sk_GENERAL_NAME_new_null())) { | 243 | if(!(gens = sk_GENERAL_NAME_new_null())) { |
| 213 | X509V3err(X509V3_F_V2I_GENERAL_NAMES,ERR_R_MALLOC_FAILURE); | 244 | X509V3err(X509V3_F_V2I_ISSUER_ALT,ERR_R_MALLOC_FAILURE); |
| 214 | return NULL; | 245 | return NULL; |
| 215 | } | 246 | } |
| 216 | for(i = 0; i < sk_CONF_VALUE_num(nval); i++) { | 247 | for(i = 0; i < sk_CONF_VALUE_num(nval); i++) { |
| @@ -275,7 +306,7 @@ static GENERAL_NAMES *v2i_subject_alt(X509V3_EXT_METHOD *method, | |||
| 275 | CONF_VALUE *cnf; | 306 | CONF_VALUE *cnf; |
| 276 | int i; | 307 | int i; |
| 277 | if(!(gens = sk_GENERAL_NAME_new_null())) { | 308 | if(!(gens = sk_GENERAL_NAME_new_null())) { |
| 278 | X509V3err(X509V3_F_V2I_GENERAL_NAMES,ERR_R_MALLOC_FAILURE); | 309 | X509V3err(X509V3_F_V2I_SUBJECT_ALT,ERR_R_MALLOC_FAILURE); |
| 279 | return NULL; | 310 | return NULL; |
| 280 | } | 311 | } |
| 281 | for(i = 0; i < sk_CONF_VALUE_num(nval); i++) { | 312 | for(i = 0; i < sk_CONF_VALUE_num(nval); i++) { |
| @@ -310,7 +341,8 @@ static int copy_email(X509V3_CTX *ctx, GENERAL_NAMES *gens, int move_p) | |||
| 310 | X509_NAME_ENTRY *ne; | 341 | X509_NAME_ENTRY *ne; |
| 311 | GENERAL_NAME *gen = NULL; | 342 | GENERAL_NAME *gen = NULL; |
| 312 | int i; | 343 | int i; |
| 313 | if(ctx->flags == CTX_TEST) return 1; | 344 | if(ctx != NULL && ctx->flags == CTX_TEST) |
| 345 | return 1; | ||
| 314 | if(!ctx || (!ctx->subject_cert && !ctx->subject_req)) { | 346 | if(!ctx || (!ctx->subject_cert && !ctx->subject_req)) { |
| 315 | X509V3err(X509V3_F_COPY_EMAIL,X509V3_R_NO_SUBJECT_DETAILS); | 347 | X509V3err(X509V3_F_COPY_EMAIL,X509V3_R_NO_SUBJECT_DETAILS); |
| 316 | goto err; | 348 | goto err; |
| @@ -378,81 +410,172 @@ GENERAL_NAMES *v2i_GENERAL_NAMES(X509V3_EXT_METHOD *method, | |||
| 378 | 410 | ||
| 379 | GENERAL_NAME *v2i_GENERAL_NAME(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, | 411 | GENERAL_NAME *v2i_GENERAL_NAME(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, |
| 380 | CONF_VALUE *cnf) | 412 | CONF_VALUE *cnf) |
| 381 | { | 413 | { |
| 382 | char is_string = 0; | 414 | return v2i_GENERAL_NAME_ex(NULL, method, ctx, cnf, 0); |
| 383 | int type; | 415 | } |
| 384 | GENERAL_NAME *gen = NULL; | ||
| 385 | 416 | ||
| 386 | char *name, *value; | 417 | GENERAL_NAME *v2i_GENERAL_NAME_ex(GENERAL_NAME *out, |
| 418 | X509V3_EXT_METHOD *method, X509V3_CTX *ctx, | ||
| 419 | CONF_VALUE *cnf, int is_nc) | ||
| 420 | { | ||
| 421 | char is_string = 0; | ||
| 422 | int type; | ||
| 423 | GENERAL_NAME *gen = NULL; | ||
| 387 | 424 | ||
| 388 | name = cnf->name; | 425 | char *name, *value; |
| 389 | value = cnf->value; | ||
| 390 | 426 | ||
| 391 | if(!value) { | 427 | name = cnf->name; |
| 392 | X509V3err(X509V3_F_V2I_GENERAL_NAME,X509V3_R_MISSING_VALUE); | 428 | value = cnf->value; |
| 393 | return NULL; | ||
| 394 | } | ||
| 395 | 429 | ||
| 396 | if(!(gen = GENERAL_NAME_new())) { | 430 | if(!value) |
| 397 | X509V3err(X509V3_F_V2I_GENERAL_NAME,ERR_R_MALLOC_FAILURE); | 431 | { |
| 398 | return NULL; | 432 | X509V3err(X509V3_F_V2I_GENERAL_NAME_EX,X509V3_R_MISSING_VALUE); |
| 399 | } | 433 | return NULL; |
| 434 | } | ||
| 400 | 435 | ||
| 401 | if(!name_cmp(name, "email")) { | 436 | if (out) |
| 402 | is_string = 1; | 437 | gen = out; |
| 403 | type = GEN_EMAIL; | 438 | else |
| 404 | } else if(!name_cmp(name, "URI")) { | 439 | { |
| 405 | is_string = 1; | 440 | gen = GENERAL_NAME_new(); |
| 406 | type = GEN_URI; | 441 | if(gen == NULL) |
| 407 | } else if(!name_cmp(name, "DNS")) { | 442 | { |
| 408 | is_string = 1; | 443 | X509V3err(X509V3_F_V2I_GENERAL_NAME_EX,ERR_R_MALLOC_FAILURE); |
| 409 | type = GEN_DNS; | 444 | return NULL; |
| 410 | } else if(!name_cmp(name, "RID")) { | 445 | } |
| 411 | ASN1_OBJECT *obj; | 446 | } |
| 412 | if(!(obj = OBJ_txt2obj(value,0))) { | 447 | |
| 413 | X509V3err(X509V3_F_V2I_GENERAL_NAME,X509V3_R_BAD_OBJECT); | 448 | if(!name_cmp(name, "email")) |
| 414 | ERR_add_error_data(2, "value=", value); | 449 | { |
| 415 | goto err; | 450 | is_string = 1; |
| 416 | } | 451 | type = GEN_EMAIL; |
| 417 | gen->d.rid = obj; | 452 | } |
| 418 | type = GEN_RID; | 453 | else if(!name_cmp(name, "URI")) |
| 419 | } else if(!name_cmp(name, "IP")) { | 454 | { |
| 420 | int i1,i2,i3,i4; | 455 | is_string = 1; |
| 421 | unsigned char ip[4]; | 456 | type = GEN_URI; |
| 422 | if((sscanf(value, "%d.%d.%d.%d",&i1,&i2,&i3,&i4) != 4) || | 457 | } |
| 423 | (i1 < 0) || (i1 > 255) || (i2 < 0) || (i2 > 255) || | 458 | else if(!name_cmp(name, "DNS")) |
| 424 | (i3 < 0) || (i3 > 255) || (i4 < 0) || (i4 > 255) ) { | 459 | { |
| 425 | X509V3err(X509V3_F_V2I_GENERAL_NAME,X509V3_R_BAD_IP_ADDRESS); | 460 | is_string = 1; |
| 426 | ERR_add_error_data(2, "value=", value); | 461 | type = GEN_DNS; |
| 462 | } | ||
| 463 | else if(!name_cmp(name, "RID")) | ||
| 464 | { | ||
| 465 | ASN1_OBJECT *obj; | ||
| 466 | if(!(obj = OBJ_txt2obj(value,0))) | ||
| 467 | { | ||
| 468 | X509V3err(X509V3_F_V2I_GENERAL_NAME_EX,X509V3_R_BAD_OBJECT); | ||
| 469 | ERR_add_error_data(2, "value=", value); | ||
| 470 | goto err; | ||
| 471 | } | ||
| 472 | gen->d.rid = obj; | ||
| 473 | type = GEN_RID; | ||
| 474 | } | ||
| 475 | else if(!name_cmp(name, "IP")) | ||
| 476 | { | ||
| 477 | if (is_nc) | ||
| 478 | gen->d.ip = a2i_IPADDRESS_NC(value); | ||
| 479 | else | ||
| 480 | gen->d.ip = a2i_IPADDRESS(value); | ||
| 481 | if(gen->d.ip == NULL) | ||
| 482 | { | ||
| 483 | X509V3err(X509V3_F_V2I_GENERAL_NAME_EX,X509V3_R_BAD_IP_ADDRESS); | ||
| 484 | ERR_add_error_data(2, "value=", value); | ||
| 485 | goto err; | ||
| 486 | } | ||
| 487 | type = GEN_IPADD; | ||
| 488 | } | ||
| 489 | else if(!name_cmp(name, "dirName")) | ||
| 490 | { | ||
| 491 | type = GEN_DIRNAME; | ||
| 492 | if (!do_dirname(gen, value, ctx)) | ||
| 493 | { | ||
| 494 | X509V3err(X509V3_F_V2I_GENERAL_NAME_EX,X509V3_R_DIRNAME_ERROR); | ||
| 495 | goto err; | ||
| 496 | } | ||
| 497 | } | ||
| 498 | else if(!name_cmp(name, "otherName")) | ||
| 499 | { | ||
| 500 | if (!do_othername(gen, value, ctx)) | ||
| 501 | { | ||
| 502 | X509V3err(X509V3_F_V2I_GENERAL_NAME_EX,X509V3_R_OTHERNAME_ERROR); | ||
| 503 | goto err; | ||
| 504 | } | ||
| 505 | type = GEN_OTHERNAME; | ||
| 506 | } | ||
| 507 | else | ||
| 508 | { | ||
| 509 | X509V3err(X509V3_F_V2I_GENERAL_NAME_EX,X509V3_R_UNSUPPORTED_OPTION); | ||
| 510 | ERR_add_error_data(2, "name=", name); | ||
| 427 | goto err; | 511 | goto err; |
| 428 | } | 512 | } |
| 429 | ip[0] = i1; ip[1] = i2 ; ip[2] = i3 ; ip[3] = i4; | 513 | |
| 430 | if(!(gen->d.ip = M_ASN1_OCTET_STRING_new()) || | 514 | if(is_string) |
| 431 | !ASN1_STRING_set(gen->d.ip, ip, 4)) { | 515 | { |
| 432 | X509V3err(X509V3_F_V2I_GENERAL_NAME,ERR_R_MALLOC_FAILURE); | 516 | if(!(gen->d.ia5 = M_ASN1_IA5STRING_new()) || |
| 517 | !ASN1_STRING_set(gen->d.ia5, (unsigned char*)value, | ||
| 518 | strlen(value))) | ||
| 519 | { | ||
| 520 | X509V3err(X509V3_F_V2I_GENERAL_NAME_EX,ERR_R_MALLOC_FAILURE); | ||
| 433 | goto err; | 521 | goto err; |
| 434 | } | 522 | } |
| 435 | type = GEN_IPADD; | 523 | } |
| 436 | } else { | ||
| 437 | X509V3err(X509V3_F_V2I_GENERAL_NAME,X509V3_R_UNSUPPORTED_OPTION); | ||
| 438 | ERR_add_error_data(2, "name=", name); | ||
| 439 | goto err; | ||
| 440 | } | ||
| 441 | 524 | ||
| 442 | if(is_string) { | 525 | gen->type = type; |
| 443 | if(!(gen->d.ia5 = M_ASN1_IA5STRING_new()) || | 526 | |
| 444 | !ASN1_STRING_set(gen->d.ia5, (unsigned char*)value, | 527 | return gen; |
| 445 | strlen(value))) { | ||
| 446 | X509V3err(X509V3_F_V2I_GENERAL_NAME,ERR_R_MALLOC_FAILURE); | ||
| 447 | goto err; | ||
| 448 | } | ||
| 449 | } | ||
| 450 | 528 | ||
| 451 | gen->type = type; | 529 | err: |
| 530 | GENERAL_NAME_free(gen); | ||
| 531 | return NULL; | ||
| 532 | } | ||
| 452 | 533 | ||
| 453 | return gen; | 534 | static int do_othername(GENERAL_NAME *gen, char *value, X509V3_CTX *ctx) |
| 535 | { | ||
| 536 | char *objtmp = NULL, *p; | ||
| 537 | int objlen; | ||
| 538 | if (!(p = strchr(value, ';'))) | ||
| 539 | return 0; | ||
| 540 | if (!(gen->d.otherName = OTHERNAME_new())) | ||
| 541 | return 0; | ||
| 542 | /* Free this up because we will overwrite it. | ||
| 543 | * no need to free type_id because it is static | ||
| 544 | */ | ||
| 545 | ASN1_TYPE_free(gen->d.otherName->value); | ||
| 546 | if (!(gen->d.otherName->value = ASN1_generate_v3(p + 1, ctx))) | ||
| 547 | return 0; | ||
| 548 | objlen = p - value; | ||
| 549 | objtmp = OPENSSL_malloc(objlen + 1); | ||
| 550 | strncpy(objtmp, value, objlen); | ||
| 551 | objtmp[objlen] = 0; | ||
| 552 | gen->d.otherName->type_id = OBJ_txt2obj(objtmp, 0); | ||
| 553 | OPENSSL_free(objtmp); | ||
| 554 | if (!gen->d.otherName->type_id) | ||
| 555 | return 0; | ||
| 556 | return 1; | ||
| 557 | } | ||
| 454 | 558 | ||
| 455 | err: | 559 | static int do_dirname(GENERAL_NAME *gen, char *value, X509V3_CTX *ctx) |
| 456 | GENERAL_NAME_free(gen); | 560 | { |
| 457 | return NULL; | 561 | int ret; |
| 458 | } | 562 | STACK_OF(CONF_VALUE) *sk; |
| 563 | X509_NAME *nm; | ||
| 564 | if (!(nm = X509_NAME_new())) | ||
| 565 | return 0; | ||
| 566 | sk = X509V3_get_section(ctx, value); | ||
| 567 | if (!sk) | ||
| 568 | { | ||
| 569 | X509V3err(X509V3_F_DO_DIRNAME,X509V3_R_SECTION_NOT_FOUND); | ||
| 570 | ERR_add_error_data(2, "section=", value); | ||
| 571 | X509_NAME_free(nm); | ||
| 572 | return 0; | ||
| 573 | } | ||
| 574 | /* FIXME: should allow other character types... */ | ||
| 575 | ret = X509V3_NAME_from_section(nm, sk, MBSTRING_ASC); | ||
| 576 | if (!ret) | ||
| 577 | X509_NAME_free(nm); | ||
| 578 | gen->d.dirn = nm; | ||
| 579 | |||
| 580 | return ret; | ||
| 581 | } | ||
diff --git a/src/lib/libssl/src/crypto/x509v3/v3_bcons.c b/src/lib/libssl/src/crypto/x509v3/v3_bcons.c index cbb012715e..74b1233071 100644 --- a/src/lib/libssl/src/crypto/x509v3/v3_bcons.c +++ b/src/lib/libssl/src/crypto/x509v3/v3_bcons.c | |||
| @@ -67,7 +67,7 @@ | |||
| 67 | static STACK_OF(CONF_VALUE) *i2v_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method, BASIC_CONSTRAINTS *bcons, STACK_OF(CONF_VALUE) *extlist); | 67 | static STACK_OF(CONF_VALUE) *i2v_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method, BASIC_CONSTRAINTS *bcons, STACK_OF(CONF_VALUE) *extlist); |
| 68 | static BASIC_CONSTRAINTS *v2i_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values); | 68 | static BASIC_CONSTRAINTS *v2i_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values); |
| 69 | 69 | ||
| 70 | X509V3_EXT_METHOD v3_bcons = { | 70 | const X509V3_EXT_METHOD v3_bcons = { |
| 71 | NID_basic_constraints, 0, | 71 | NID_basic_constraints, 0, |
| 72 | ASN1_ITEM_ref(BASIC_CONSTRAINTS), | 72 | ASN1_ITEM_ref(BASIC_CONSTRAINTS), |
| 73 | 0,0,0,0, | 73 | 0,0,0,0, |
diff --git a/src/lib/libssl/src/crypto/x509v3/v3_bitst.c b/src/lib/libssl/src/crypto/x509v3/v3_bitst.c index 274965306d..cf31f0816e 100644 --- a/src/lib/libssl/src/crypto/x509v3/v3_bitst.c +++ b/src/lib/libssl/src/crypto/x509v3/v3_bitst.c | |||
| @@ -61,12 +61,6 @@ | |||
| 61 | #include <openssl/conf.h> | 61 | #include <openssl/conf.h> |
| 62 | #include <openssl/x509v3.h> | 62 | #include <openssl/x509v3.h> |
| 63 | 63 | ||
| 64 | static ASN1_BIT_STRING *v2i_ASN1_BIT_STRING(X509V3_EXT_METHOD *method, | ||
| 65 | X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval); | ||
| 66 | static STACK_OF(CONF_VALUE) *i2v_ASN1_BIT_STRING(X509V3_EXT_METHOD *method, | ||
| 67 | ASN1_BIT_STRING *bits, | ||
| 68 | STACK_OF(CONF_VALUE) *extlist); | ||
| 69 | |||
| 70 | static BIT_STRING_BITNAME ns_cert_type_table[] = { | 64 | static BIT_STRING_BITNAME ns_cert_type_table[] = { |
| 71 | {0, "SSL Client", "client"}, | 65 | {0, "SSL Client", "client"}, |
| 72 | {1, "SSL Server", "server"}, | 66 | {1, "SSL Server", "server"}, |
| @@ -94,10 +88,10 @@ static BIT_STRING_BITNAME key_usage_type_table[] = { | |||
| 94 | 88 | ||
| 95 | 89 | ||
| 96 | 90 | ||
| 97 | X509V3_EXT_METHOD v3_nscert = EXT_BITSTRING(NID_netscape_cert_type, ns_cert_type_table); | 91 | const X509V3_EXT_METHOD v3_nscert = EXT_BITSTRING(NID_netscape_cert_type, ns_cert_type_table); |
| 98 | X509V3_EXT_METHOD v3_key_usage = EXT_BITSTRING(NID_key_usage, key_usage_type_table); | 92 | const X509V3_EXT_METHOD v3_key_usage = EXT_BITSTRING(NID_key_usage, key_usage_type_table); |
| 99 | 93 | ||
| 100 | static STACK_OF(CONF_VALUE) *i2v_ASN1_BIT_STRING(X509V3_EXT_METHOD *method, | 94 | STACK_OF(CONF_VALUE) *i2v_ASN1_BIT_STRING(X509V3_EXT_METHOD *method, |
| 101 | ASN1_BIT_STRING *bits, STACK_OF(CONF_VALUE) *ret) | 95 | ASN1_BIT_STRING *bits, STACK_OF(CONF_VALUE) *ret) |
| 102 | { | 96 | { |
| 103 | BIT_STRING_BITNAME *bnam; | 97 | BIT_STRING_BITNAME *bnam; |
| @@ -108,7 +102,7 @@ static STACK_OF(CONF_VALUE) *i2v_ASN1_BIT_STRING(X509V3_EXT_METHOD *method, | |||
| 108 | return ret; | 102 | return ret; |
| 109 | } | 103 | } |
| 110 | 104 | ||
| 111 | static ASN1_BIT_STRING *v2i_ASN1_BIT_STRING(X509V3_EXT_METHOD *method, | 105 | ASN1_BIT_STRING *v2i_ASN1_BIT_STRING(X509V3_EXT_METHOD *method, |
| 112 | X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval) | 106 | X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval) |
| 113 | { | 107 | { |
| 114 | CONF_VALUE *val; | 108 | CONF_VALUE *val; |
diff --git a/src/lib/libssl/src/crypto/x509v3/v3_conf.c b/src/lib/libssl/src/crypto/x509v3/v3_conf.c index 1284d5aaa5..2b867305fb 100644 --- a/src/lib/libssl/src/crypto/x509v3/v3_conf.c +++ b/src/lib/libssl/src/crypto/x509v3/v3_conf.c | |||
| @@ -3,7 +3,7 @@ | |||
| 3 | * project 1999. | 3 | * project 1999. |
| 4 | */ | 4 | */ |
| 5 | /* ==================================================================== | 5 | /* ==================================================================== |
| 6 | * Copyright (c) 1999 The OpenSSL Project. All rights reserved. | 6 | * Copyright (c) 1999-2002 The OpenSSL Project. All rights reserved. |
| 7 | * | 7 | * |
| 8 | * Redistribution and use in source and binary forms, with or without | 8 | * Redistribution and use in source and binary forms, with or without |
| 9 | * modification, are permitted provided that the following conditions | 9 | * modification, are permitted provided that the following conditions |
| @@ -69,11 +69,12 @@ | |||
| 69 | static int v3_check_critical(char **value); | 69 | static int v3_check_critical(char **value); |
| 70 | static int v3_check_generic(char **value); | 70 | static int v3_check_generic(char **value); |
| 71 | static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid, int crit, char *value); | 71 | static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid, int crit, char *value); |
| 72 | static X509_EXTENSION *v3_generic_extension(const char *ext, char *value, int crit, int type); | 72 | static X509_EXTENSION *v3_generic_extension(const char *ext, char *value, int crit, int type, X509V3_CTX *ctx); |
| 73 | static char *conf_lhash_get_string(void *db, char *section, char *value); | 73 | static char *conf_lhash_get_string(void *db, char *section, char *value); |
| 74 | static STACK_OF(CONF_VALUE) *conf_lhash_get_section(void *db, char *section); | 74 | static STACK_OF(CONF_VALUE) *conf_lhash_get_section(void *db, char *section); |
| 75 | static X509_EXTENSION *do_ext_i2d(X509V3_EXT_METHOD *method, int ext_nid, | 75 | static X509_EXTENSION *do_ext_i2d(X509V3_EXT_METHOD *method, int ext_nid, |
| 76 | int crit, void *ext_struc); | 76 | int crit, void *ext_struc); |
| 77 | static unsigned char *generic_asn1(char *value, X509V3_CTX *ctx, long *ext_len); | ||
| 77 | /* CONF *conf: Config file */ | 78 | /* CONF *conf: Config file */ |
| 78 | /* char *name: Name */ | 79 | /* char *name: Name */ |
| 79 | /* char *value: Value */ | 80 | /* char *value: Value */ |
| @@ -85,11 +86,11 @@ X509_EXTENSION *X509V3_EXT_nconf(CONF *conf, X509V3_CTX *ctx, char *name, | |||
| 85 | X509_EXTENSION *ret; | 86 | X509_EXTENSION *ret; |
| 86 | crit = v3_check_critical(&value); | 87 | crit = v3_check_critical(&value); |
| 87 | if ((ext_type = v3_check_generic(&value))) | 88 | if ((ext_type = v3_check_generic(&value))) |
| 88 | return v3_generic_extension(name, value, crit, ext_type); | 89 | return v3_generic_extension(name, value, crit, ext_type, ctx); |
| 89 | ret = do_ext_nconf(conf, ctx, OBJ_sn2nid(name), crit, value); | 90 | ret = do_ext_nconf(conf, ctx, OBJ_sn2nid(name), crit, value); |
| 90 | if (!ret) | 91 | if (!ret) |
| 91 | { | 92 | { |
| 92 | X509V3err(X509V3_F_X509V3_EXT_CONF,X509V3_R_ERROR_IN_EXTENSION); | 93 | X509V3err(X509V3_F_X509V3_EXT_NCONF,X509V3_R_ERROR_IN_EXTENSION); |
| 93 | ERR_add_error_data(4,"name=", name, ", value=", value); | 94 | ERR_add_error_data(4,"name=", name, ", value=", value); |
| 94 | } | 95 | } |
| 95 | return ret; | 96 | return ret; |
| @@ -105,7 +106,7 @@ X509_EXTENSION *X509V3_EXT_nconf_nid(CONF *conf, X509V3_CTX *ctx, int ext_nid, | |||
| 105 | crit = v3_check_critical(&value); | 106 | crit = v3_check_critical(&value); |
| 106 | if ((ext_type = v3_check_generic(&value))) | 107 | if ((ext_type = v3_check_generic(&value))) |
| 107 | return v3_generic_extension(OBJ_nid2sn(ext_nid), | 108 | return v3_generic_extension(OBJ_nid2sn(ext_nid), |
| 108 | value, crit, ext_type); | 109 | value, crit, ext_type, ctx); |
| 109 | return do_ext_nconf(conf, ctx, ext_nid, crit, value); | 110 | return do_ext_nconf(conf, ctx, ext_nid, crit, value); |
| 110 | } | 111 | } |
| 111 | 112 | ||
| @@ -120,12 +121,12 @@ static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid, | |||
| 120 | void *ext_struc; | 121 | void *ext_struc; |
| 121 | if (ext_nid == NID_undef) | 122 | if (ext_nid == NID_undef) |
| 122 | { | 123 | { |
| 123 | X509V3err(X509V3_F_DO_EXT_CONF,X509V3_R_UNKNOWN_EXTENSION_NAME); | 124 | X509V3err(X509V3_F_DO_EXT_NCONF,X509V3_R_UNKNOWN_EXTENSION_NAME); |
| 124 | return NULL; | 125 | return NULL; |
| 125 | } | 126 | } |
| 126 | if (!(method = X509V3_EXT_get_nid(ext_nid))) | 127 | if (!(method = X509V3_EXT_get_nid(ext_nid))) |
| 127 | { | 128 | { |
| 128 | X509V3err(X509V3_F_DO_EXT_CONF,X509V3_R_UNKNOWN_EXTENSION); | 129 | X509V3err(X509V3_F_DO_EXT_NCONF,X509V3_R_UNKNOWN_EXTENSION); |
| 129 | return NULL; | 130 | return NULL; |
| 130 | } | 131 | } |
| 131 | /* Now get internal extension representation based on type */ | 132 | /* Now get internal extension representation based on type */ |
| @@ -133,9 +134,9 @@ static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid, | |||
| 133 | { | 134 | { |
| 134 | if(*value == '@') nval = NCONF_get_section(conf, value + 1); | 135 | if(*value == '@') nval = NCONF_get_section(conf, value + 1); |
| 135 | else nval = X509V3_parse_list(value); | 136 | else nval = X509V3_parse_list(value); |
| 136 | if(!nval) | 137 | if(sk_CONF_VALUE_num(nval) <= 0) |
| 137 | { | 138 | { |
| 138 | X509V3err(X509V3_F_X509V3_EXT_CONF,X509V3_R_INVALID_EXTENSION_STRING); | 139 | X509V3err(X509V3_F_DO_EXT_NCONF,X509V3_R_INVALID_EXTENSION_STRING); |
| 139 | ERR_add_error_data(4, "name=", OBJ_nid2sn(ext_nid), ",section=", value); | 140 | ERR_add_error_data(4, "name=", OBJ_nid2sn(ext_nid), ",section=", value); |
| 140 | return NULL; | 141 | return NULL; |
| 141 | } | 142 | } |
| @@ -150,16 +151,16 @@ static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid, | |||
| 150 | } | 151 | } |
| 151 | else if(method->r2i) | 152 | else if(method->r2i) |
| 152 | { | 153 | { |
| 153 | if(!ctx->db) | 154 | if(!ctx->db || !ctx->db_meth) |
| 154 | { | 155 | { |
| 155 | X509V3err(X509V3_F_X509V3_EXT_CONF,X509V3_R_NO_CONFIG_DATABASE); | 156 | X509V3err(X509V3_F_DO_EXT_NCONF,X509V3_R_NO_CONFIG_DATABASE); |
| 156 | return NULL; | 157 | return NULL; |
| 157 | } | 158 | } |
| 158 | if(!(ext_struc = method->r2i(method, ctx, value))) return NULL; | 159 | if(!(ext_struc = method->r2i(method, ctx, value))) return NULL; |
| 159 | } | 160 | } |
| 160 | else | 161 | else |
| 161 | { | 162 | { |
| 162 | X509V3err(X509V3_F_X509V3_EXT_CONF,X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED); | 163 | X509V3err(X509V3_F_DO_EXT_NCONF,X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED); |
| 163 | ERR_add_error_data(2, "name=", OBJ_nid2sn(ext_nid)); | 164 | ERR_add_error_data(2, "name=", OBJ_nid2sn(ext_nid)); |
| 164 | return NULL; | 165 | return NULL; |
| 165 | } | 166 | } |
| @@ -235,17 +236,29 @@ static int v3_check_critical(char **value) | |||
| 235 | /* Check extension string for generic extension and return the type */ | 236 | /* Check extension string for generic extension and return the type */ |
| 236 | static int v3_check_generic(char **value) | 237 | static int v3_check_generic(char **value) |
| 237 | { | 238 | { |
| 239 | int gen_type = 0; | ||
| 238 | char *p = *value; | 240 | char *p = *value; |
| 239 | if ((strlen(p) < 4) || strncmp(p, "DER:", 4)) return 0; | 241 | if ((strlen(p) >= 4) && !strncmp(p, "DER:", 4)) |
| 240 | p+=4; | 242 | { |
| 243 | p+=4; | ||
| 244 | gen_type = 1; | ||
| 245 | } | ||
| 246 | else if ((strlen(p) >= 5) && !strncmp(p, "ASN1:", 5)) | ||
| 247 | { | ||
| 248 | p+=5; | ||
| 249 | gen_type = 2; | ||
| 250 | } | ||
| 251 | else | ||
| 252 | return 0; | ||
| 253 | |||
| 241 | while (isspace((unsigned char)*p)) p++; | 254 | while (isspace((unsigned char)*p)) p++; |
| 242 | *value = p; | 255 | *value = p; |
| 243 | return 1; | 256 | return gen_type; |
| 244 | } | 257 | } |
| 245 | 258 | ||
| 246 | /* Create a generic extension: for now just handle DER type */ | 259 | /* Create a generic extension: for now just handle DER type */ |
| 247 | static X509_EXTENSION *v3_generic_extension(const char *ext, char *value, | 260 | static X509_EXTENSION *v3_generic_extension(const char *ext, char *value, |
| 248 | int crit, int type) | 261 | int crit, int gen_type, X509V3_CTX *ctx) |
| 249 | { | 262 | { |
| 250 | unsigned char *ext_der=NULL; | 263 | unsigned char *ext_der=NULL; |
| 251 | long ext_len; | 264 | long ext_len; |
| @@ -259,7 +272,12 @@ static X509_EXTENSION *v3_generic_extension(const char *ext, char *value, | |||
| 259 | goto err; | 272 | goto err; |
| 260 | } | 273 | } |
| 261 | 274 | ||
| 262 | if (!(ext_der = string_to_hex(value, &ext_len))) | 275 | if (gen_type == 1) |
| 276 | ext_der = string_to_hex(value, &ext_len); | ||
| 277 | else if (gen_type == 2) | ||
| 278 | ext_der = generic_asn1(value, ctx, &ext_len); | ||
| 279 | |||
| 280 | if (ext_der == NULL) | ||
| 263 | { | 281 | { |
| 264 | X509V3err(X509V3_F_V3_GENERIC_EXTENSION,X509V3_R_EXTENSION_VALUE_ERROR); | 282 | X509V3err(X509V3_F_V3_GENERIC_EXTENSION,X509V3_R_EXTENSION_VALUE_ERROR); |
| 265 | ERR_add_error_data(2, "value=", value); | 283 | ERR_add_error_data(2, "value=", value); |
| @@ -286,6 +304,17 @@ static X509_EXTENSION *v3_generic_extension(const char *ext, char *value, | |||
| 286 | 304 | ||
| 287 | } | 305 | } |
| 288 | 306 | ||
| 307 | static unsigned char *generic_asn1(char *value, X509V3_CTX *ctx, long *ext_len) | ||
| 308 | { | ||
| 309 | ASN1_TYPE *typ; | ||
| 310 | unsigned char *ext_der = NULL; | ||
| 311 | typ = ASN1_generate_v3(value, ctx); | ||
| 312 | if (typ == NULL) | ||
| 313 | return NULL; | ||
| 314 | *ext_len = i2d_ASN1_TYPE(typ, &ext_der); | ||
| 315 | ASN1_TYPE_free(typ); | ||
| 316 | return ext_der; | ||
| 317 | } | ||
| 289 | 318 | ||
| 290 | /* This is the main function: add a bunch of extensions based on a config file | 319 | /* This is the main function: add a bunch of extensions based on a config file |
| 291 | * section to an extension STACK. | 320 | * section to an extension STACK. |
| @@ -354,6 +383,11 @@ int X509V3_EXT_REQ_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, | |||
| 354 | 383 | ||
| 355 | char * X509V3_get_string(X509V3_CTX *ctx, char *name, char *section) | 384 | char * X509V3_get_string(X509V3_CTX *ctx, char *name, char *section) |
| 356 | { | 385 | { |
| 386 | if(!ctx->db || !ctx->db_meth || !ctx->db_meth->get_string) | ||
| 387 | { | ||
| 388 | X509V3err(X509V3_F_X509V3_GET_STRING,X509V3_R_OPERATION_NOT_DEFINED); | ||
| 389 | return NULL; | ||
| 390 | } | ||
| 357 | if (ctx->db_meth->get_string) | 391 | if (ctx->db_meth->get_string) |
| 358 | return ctx->db_meth->get_string(ctx->db, name, section); | 392 | return ctx->db_meth->get_string(ctx->db, name, section); |
| 359 | return NULL; | 393 | return NULL; |
| @@ -361,6 +395,11 @@ char * X509V3_get_string(X509V3_CTX *ctx, char *name, char *section) | |||
| 361 | 395 | ||
| 362 | STACK_OF(CONF_VALUE) * X509V3_get_section(X509V3_CTX *ctx, char *section) | 396 | STACK_OF(CONF_VALUE) * X509V3_get_section(X509V3_CTX *ctx, char *section) |
| 363 | { | 397 | { |
| 398 | if(!ctx->db || !ctx->db_meth || !ctx->db_meth->get_section) | ||
| 399 | { | ||
| 400 | X509V3err(X509V3_F_X509V3_GET_SECTION,X509V3_R_OPERATION_NOT_DEFINED); | ||
| 401 | return NULL; | ||
| 402 | } | ||
| 364 | if (ctx->db_meth->get_section) | 403 | if (ctx->db_meth->get_section) |
| 365 | return ctx->db_meth->get_section(ctx->db, section); | 404 | return ctx->db_meth->get_section(ctx->db, section); |
| 366 | return NULL; | 405 | return NULL; |
diff --git a/src/lib/libssl/src/crypto/x509v3/v3_cpols.c b/src/lib/libssl/src/crypto/x509v3/v3_cpols.c index 867525f336..a40f490aa9 100644 --- a/src/lib/libssl/src/crypto/x509v3/v3_cpols.c +++ b/src/lib/libssl/src/crypto/x509v3/v3_cpols.c | |||
| @@ -3,7 +3,7 @@ | |||
| 3 | * project 1999. | 3 | * project 1999. |
| 4 | */ | 4 | */ |
| 5 | /* ==================================================================== | 5 | /* ==================================================================== |
| 6 | * Copyright (c) 1999 The OpenSSL Project. All rights reserved. | 6 | * Copyright (c) 1999-2004 The OpenSSL Project. All rights reserved. |
| 7 | * | 7 | * |
| 8 | * Redistribution and use in source and binary forms, with or without | 8 | * Redistribution and use in source and binary forms, with or without |
| 9 | * modification, are permitted provided that the following conditions | 9 | * modification, are permitted provided that the following conditions |
| @@ -63,6 +63,8 @@ | |||
| 63 | #include <openssl/asn1t.h> | 63 | #include <openssl/asn1t.h> |
| 64 | #include <openssl/x509v3.h> | 64 | #include <openssl/x509v3.h> |
| 65 | 65 | ||
| 66 | #include "pcy_int.h" | ||
| 67 | |||
| 66 | /* Certificate policies extension support: this one is a bit complex... */ | 68 | /* Certificate policies extension support: this one is a bit complex... */ |
| 67 | 69 | ||
| 68 | static int i2r_certpol(X509V3_EXT_METHOD *method, STACK_OF(POLICYINFO) *pol, BIO *out, int indent); | 70 | static int i2r_certpol(X509V3_EXT_METHOD *method, STACK_OF(POLICYINFO) *pol, BIO *out, int indent); |
| @@ -75,7 +77,7 @@ static POLICYQUALINFO *notice_section(X509V3_CTX *ctx, | |||
| 75 | STACK_OF(CONF_VALUE) *unot, int ia5org); | 77 | STACK_OF(CONF_VALUE) *unot, int ia5org); |
| 76 | static int nref_nos(STACK_OF(ASN1_INTEGER) *nnums, STACK_OF(CONF_VALUE) *nos); | 78 | static int nref_nos(STACK_OF(ASN1_INTEGER) *nnums, STACK_OF(CONF_VALUE) *nos); |
| 77 | 79 | ||
| 78 | X509V3_EXT_METHOD v3_cpols = { | 80 | const X509V3_EXT_METHOD v3_cpols = { |
| 79 | NID_certificate_policies, 0,ASN1_ITEM_ref(CERTIFICATEPOLICIES), | 81 | NID_certificate_policies, 0,ASN1_ITEM_ref(CERTIFICATEPOLICIES), |
| 80 | 0,0,0,0, | 82 | 0,0,0,0, |
| 81 | 0,0, | 83 | 0,0, |
| @@ -348,7 +350,7 @@ static int nref_nos(STACK_OF(ASN1_INTEGER) *nnums, STACK_OF(CONF_VALUE) *nos) | |||
| 348 | return 1; | 350 | return 1; |
| 349 | 351 | ||
| 350 | merr: | 352 | merr: |
| 351 | X509V3err(X509V3_F_NOTICE_SECTION,ERR_R_MALLOC_FAILURE); | 353 | X509V3err(X509V3_F_NREF_NOS,ERR_R_MALLOC_FAILURE); |
| 352 | 354 | ||
| 353 | err: | 355 | err: |
| 354 | sk_ASN1_INTEGER_pop_free(nnums, ASN1_STRING_free); | 356 | sk_ASN1_INTEGER_pop_free(nnums, ASN1_STRING_free); |
| @@ -429,3 +431,19 @@ static void print_notice(BIO *out, USERNOTICE *notice, int indent) | |||
| 429 | notice->exptext->data); | 431 | notice->exptext->data); |
| 430 | } | 432 | } |
| 431 | 433 | ||
| 434 | void X509_POLICY_NODE_print(BIO *out, X509_POLICY_NODE *node, int indent) | ||
| 435 | { | ||
| 436 | const X509_POLICY_DATA *dat = node->data; | ||
| 437 | |||
| 438 | BIO_printf(out, "%*sPolicy: ", indent, ""); | ||
| 439 | |||
| 440 | i2a_ASN1_OBJECT(out, dat->valid_policy); | ||
| 441 | BIO_puts(out, "\n"); | ||
| 442 | BIO_printf(out, "%*s%s\n", indent + 2, "", | ||
| 443 | node_data_critical(dat) ? "Critical" : "Non Critical"); | ||
| 444 | if (dat->qualifier_set) | ||
| 445 | print_qualifiers(out, dat->qualifier_set, indent + 2); | ||
| 446 | else | ||
| 447 | BIO_printf(out, "%*sNo Qualifiers\n", indent + 2, ""); | ||
| 448 | } | ||
| 449 | |||
diff --git a/src/lib/libssl/src/crypto/x509v3/v3_crld.c b/src/lib/libssl/src/crypto/x509v3/v3_crld.c index f90829c574..c6e3ebae7b 100644 --- a/src/lib/libssl/src/crypto/x509v3/v3_crld.c +++ b/src/lib/libssl/src/crypto/x509v3/v3_crld.c | |||
| @@ -68,7 +68,7 @@ static STACK_OF(CONF_VALUE) *i2v_crld(X509V3_EXT_METHOD *method, | |||
| 68 | static STACK_OF(DIST_POINT) *v2i_crld(X509V3_EXT_METHOD *method, | 68 | static STACK_OF(DIST_POINT) *v2i_crld(X509V3_EXT_METHOD *method, |
| 69 | X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval); | 69 | X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval); |
| 70 | 70 | ||
| 71 | X509V3_EXT_METHOD v3_crld = { | 71 | const X509V3_EXT_METHOD v3_crld = { |
| 72 | NID_crl_distribution_points, X509V3_EXT_MULTILINE, ASN1_ITEM_ref(CRL_DIST_POINTS), | 72 | NID_crl_distribution_points, X509V3_EXT_MULTILINE, ASN1_ITEM_ref(CRL_DIST_POINTS), |
| 73 | 0,0,0,0, | 73 | 0,0,0,0, |
| 74 | 0,0, | 74 | 0,0, |
diff --git a/src/lib/libssl/src/crypto/x509v3/v3_enum.c b/src/lib/libssl/src/crypto/x509v3/v3_enum.c index 010c9d6260..a236cb22e1 100644 --- a/src/lib/libssl/src/crypto/x509v3/v3_enum.c +++ b/src/lib/libssl/src/crypto/x509v3/v3_enum.c | |||
| @@ -72,7 +72,7 @@ static ENUMERATED_NAMES crl_reasons[] = { | |||
| 72 | {-1, NULL, NULL} | 72 | {-1, NULL, NULL} |
| 73 | }; | 73 | }; |
| 74 | 74 | ||
| 75 | X509V3_EXT_METHOD v3_crl_reason = { | 75 | const X509V3_EXT_METHOD v3_crl_reason = { |
| 76 | NID_crl_reason, 0, ASN1_ITEM_ref(ASN1_ENUMERATED), | 76 | NID_crl_reason, 0, ASN1_ITEM_ref(ASN1_ENUMERATED), |
| 77 | 0,0,0,0, | 77 | 0,0,0,0, |
| 78 | (X509V3_EXT_I2S)i2s_ASN1_ENUMERATED_TABLE, | 78 | (X509V3_EXT_I2S)i2s_ASN1_ENUMERATED_TABLE, |
diff --git a/src/lib/libssl/src/crypto/x509v3/v3_extku.c b/src/lib/libssl/src/crypto/x509v3/v3_extku.c index b1cfaba1aa..a4efe0031e 100644 --- a/src/lib/libssl/src/crypto/x509v3/v3_extku.c +++ b/src/lib/libssl/src/crypto/x509v3/v3_extku.c | |||
| @@ -68,7 +68,7 @@ static void *v2i_EXTENDED_KEY_USAGE(X509V3_EXT_METHOD *method, | |||
| 68 | static STACK_OF(CONF_VALUE) *i2v_EXTENDED_KEY_USAGE(X509V3_EXT_METHOD *method, | 68 | static STACK_OF(CONF_VALUE) *i2v_EXTENDED_KEY_USAGE(X509V3_EXT_METHOD *method, |
| 69 | void *eku, STACK_OF(CONF_VALUE) *extlist); | 69 | void *eku, STACK_OF(CONF_VALUE) *extlist); |
| 70 | 70 | ||
| 71 | X509V3_EXT_METHOD v3_ext_ku = { | 71 | const X509V3_EXT_METHOD v3_ext_ku = { |
| 72 | NID_ext_key_usage, 0, | 72 | NID_ext_key_usage, 0, |
| 73 | ASN1_ITEM_ref(EXTENDED_KEY_USAGE), | 73 | ASN1_ITEM_ref(EXTENDED_KEY_USAGE), |
| 74 | 0,0,0,0, | 74 | 0,0,0,0, |
| @@ -80,7 +80,7 @@ X509V3_EXT_METHOD v3_ext_ku = { | |||
| 80 | }; | 80 | }; |
| 81 | 81 | ||
| 82 | /* NB OCSP acceptable responses also is a SEQUENCE OF OBJECT */ | 82 | /* NB OCSP acceptable responses also is a SEQUENCE OF OBJECT */ |
| 83 | X509V3_EXT_METHOD v3_ocsp_accresp = { | 83 | const X509V3_EXT_METHOD v3_ocsp_accresp = { |
| 84 | NID_id_pkix_OCSP_acceptableResponses, 0, | 84 | NID_id_pkix_OCSP_acceptableResponses, 0, |
| 85 | ASN1_ITEM_ref(EXTENDED_KEY_USAGE), | 85 | ASN1_ITEM_ref(EXTENDED_KEY_USAGE), |
| 86 | 0,0,0,0, | 86 | 0,0,0,0, |
| @@ -122,7 +122,7 @@ static void *v2i_EXTENDED_KEY_USAGE(X509V3_EXT_METHOD *method, | |||
| 122 | int i; | 122 | int i; |
| 123 | 123 | ||
| 124 | if(!(extku = sk_ASN1_OBJECT_new_null())) { | 124 | if(!(extku = sk_ASN1_OBJECT_new_null())) { |
| 125 | X509V3err(X509V3_F_V2I_EXT_KU,ERR_R_MALLOC_FAILURE); | 125 | X509V3err(X509V3_F_V2I_EXTENDED_KEY_USAGE,ERR_R_MALLOC_FAILURE); |
| 126 | return NULL; | 126 | return NULL; |
| 127 | } | 127 | } |
| 128 | 128 | ||
| @@ -132,7 +132,7 @@ static void *v2i_EXTENDED_KEY_USAGE(X509V3_EXT_METHOD *method, | |||
| 132 | else extval = val->name; | 132 | else extval = val->name; |
| 133 | if(!(objtmp = OBJ_txt2obj(extval, 0))) { | 133 | if(!(objtmp = OBJ_txt2obj(extval, 0))) { |
| 134 | sk_ASN1_OBJECT_pop_free(extku, ASN1_OBJECT_free); | 134 | sk_ASN1_OBJECT_pop_free(extku, ASN1_OBJECT_free); |
| 135 | X509V3err(X509V3_F_V2I_EXT_KU,X509V3_R_INVALID_OBJECT_IDENTIFIER); | 135 | X509V3err(X509V3_F_V2I_EXTENDED_KEY_USAGE,X509V3_R_INVALID_OBJECT_IDENTIFIER); |
| 136 | X509V3_conf_err(val); | 136 | X509V3_conf_err(val); |
| 137 | return NULL; | 137 | return NULL; |
| 138 | } | 138 | } |
diff --git a/src/lib/libssl/src/crypto/x509v3/v3_ia5.c b/src/lib/libssl/src/crypto/x509v3/v3_ia5.c index 9683afa47c..b739ccd036 100644 --- a/src/lib/libssl/src/crypto/x509v3/v3_ia5.c +++ b/src/lib/libssl/src/crypto/x509v3/v3_ia5.c | |||
| @@ -65,7 +65,7 @@ | |||
| 65 | 65 | ||
| 66 | static char *i2s_ASN1_IA5STRING(X509V3_EXT_METHOD *method, ASN1_IA5STRING *ia5); | 66 | static char *i2s_ASN1_IA5STRING(X509V3_EXT_METHOD *method, ASN1_IA5STRING *ia5); |
| 67 | static ASN1_IA5STRING *s2i_ASN1_IA5STRING(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *str); | 67 | static ASN1_IA5STRING *s2i_ASN1_IA5STRING(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *str); |
| 68 | X509V3_EXT_METHOD v3_ns_ia5_list[] = { | 68 | const X509V3_EXT_METHOD v3_ns_ia5_list[] = { |
| 69 | EXT_IA5STRING(NID_netscape_base_url), | 69 | EXT_IA5STRING(NID_netscape_base_url), |
| 70 | EXT_IA5STRING(NID_netscape_revocation_url), | 70 | EXT_IA5STRING(NID_netscape_revocation_url), |
| 71 | EXT_IA5STRING(NID_netscape_ca_revocation_url), | 71 | EXT_IA5STRING(NID_netscape_ca_revocation_url), |
diff --git a/src/lib/libssl/src/crypto/x509v3/v3_info.c b/src/lib/libssl/src/crypto/x509v3/v3_info.c index 53e3f48859..e0ef69de42 100644 --- a/src/lib/libssl/src/crypto/x509v3/v3_info.c +++ b/src/lib/libssl/src/crypto/x509v3/v3_info.c | |||
| @@ -69,7 +69,7 @@ static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD *method | |||
| 69 | static AUTHORITY_INFO_ACCESS *v2i_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD *method, | 69 | static AUTHORITY_INFO_ACCESS *v2i_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD *method, |
| 70 | X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval); | 70 | X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval); |
| 71 | 71 | ||
| 72 | X509V3_EXT_METHOD v3_info = | 72 | const X509V3_EXT_METHOD v3_info = |
| 73 | { NID_info_access, X509V3_EXT_MULTILINE, ASN1_ITEM_ref(AUTHORITY_INFO_ACCESS), | 73 | { NID_info_access, X509V3_EXT_MULTILINE, ASN1_ITEM_ref(AUTHORITY_INFO_ACCESS), |
| 74 | 0,0,0,0, | 74 | 0,0,0,0, |
| 75 | 0,0, | 75 | 0,0, |
| @@ -78,7 +78,7 @@ X509V3_EXT_METHOD v3_info = | |||
| 78 | 0,0, | 78 | 0,0, |
| 79 | NULL}; | 79 | NULL}; |
| 80 | 80 | ||
| 81 | X509V3_EXT_METHOD v3_sinfo = | 81 | const X509V3_EXT_METHOD v3_sinfo = |
| 82 | { NID_sinfo_access, X509V3_EXT_MULTILINE, ASN1_ITEM_ref(AUTHORITY_INFO_ACCESS), | 82 | { NID_sinfo_access, X509V3_EXT_MULTILINE, ASN1_ITEM_ref(AUTHORITY_INFO_ACCESS), |
| 83 | 0,0,0,0, | 83 | 0,0,0,0, |
| 84 | 0,0, | 84 | 0,0, |
| @@ -141,36 +141,35 @@ static AUTHORITY_INFO_ACCESS *v2i_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD *metho | |||
| 141 | int i, objlen; | 141 | int i, objlen; |
| 142 | char *objtmp, *ptmp; | 142 | char *objtmp, *ptmp; |
| 143 | if(!(ainfo = sk_ACCESS_DESCRIPTION_new_null())) { | 143 | if(!(ainfo = sk_ACCESS_DESCRIPTION_new_null())) { |
| 144 | X509V3err(X509V3_F_V2I_ACCESS_DESCRIPTION,ERR_R_MALLOC_FAILURE); | 144 | X509V3err(X509V3_F_V2I_AUTHORITY_INFO_ACCESS,ERR_R_MALLOC_FAILURE); |
| 145 | return NULL; | 145 | return NULL; |
| 146 | } | 146 | } |
| 147 | for(i = 0; i < sk_CONF_VALUE_num(nval); i++) { | 147 | for(i = 0; i < sk_CONF_VALUE_num(nval); i++) { |
| 148 | cnf = sk_CONF_VALUE_value(nval, i); | 148 | cnf = sk_CONF_VALUE_value(nval, i); |
| 149 | if(!(acc = ACCESS_DESCRIPTION_new()) | 149 | if(!(acc = ACCESS_DESCRIPTION_new()) |
| 150 | || !sk_ACCESS_DESCRIPTION_push(ainfo, acc)) { | 150 | || !sk_ACCESS_DESCRIPTION_push(ainfo, acc)) { |
| 151 | X509V3err(X509V3_F_V2I_ACCESS_DESCRIPTION,ERR_R_MALLOC_FAILURE); | 151 | X509V3err(X509V3_F_V2I_AUTHORITY_INFO_ACCESS,ERR_R_MALLOC_FAILURE); |
| 152 | goto err; | 152 | goto err; |
| 153 | } | 153 | } |
| 154 | ptmp = strchr(cnf->name, ';'); | 154 | ptmp = strchr(cnf->name, ';'); |
| 155 | if(!ptmp) { | 155 | if(!ptmp) { |
| 156 | X509V3err(X509V3_F_V2I_ACCESS_DESCRIPTION,X509V3_R_INVALID_SYNTAX); | 156 | X509V3err(X509V3_F_V2I_AUTHORITY_INFO_ACCESS,X509V3_R_INVALID_SYNTAX); |
| 157 | goto err; | 157 | goto err; |
| 158 | } | 158 | } |
| 159 | objlen = ptmp - cnf->name; | 159 | objlen = ptmp - cnf->name; |
| 160 | ctmp.name = ptmp + 1; | 160 | ctmp.name = ptmp + 1; |
| 161 | ctmp.value = cnf->value; | 161 | ctmp.value = cnf->value; |
| 162 | GENERAL_NAME_free(acc->location); | 162 | if(!v2i_GENERAL_NAME_ex(acc->location, method, ctx, &ctmp, 0)) |
| 163 | if(!(acc->location = v2i_GENERAL_NAME(method, ctx, &ctmp))) | ||
| 164 | goto err; | 163 | goto err; |
| 165 | if(!(objtmp = OPENSSL_malloc(objlen + 1))) { | 164 | if(!(objtmp = OPENSSL_malloc(objlen + 1))) { |
| 166 | X509V3err(X509V3_F_V2I_ACCESS_DESCRIPTION,ERR_R_MALLOC_FAILURE); | 165 | X509V3err(X509V3_F_V2I_AUTHORITY_INFO_ACCESS,ERR_R_MALLOC_FAILURE); |
| 167 | goto err; | 166 | goto err; |
| 168 | } | 167 | } |
| 169 | strncpy(objtmp, cnf->name, objlen); | 168 | strncpy(objtmp, cnf->name, objlen); |
| 170 | objtmp[objlen] = 0; | 169 | objtmp[objlen] = 0; |
| 171 | acc->method = OBJ_txt2obj(objtmp, 0); | 170 | acc->method = OBJ_txt2obj(objtmp, 0); |
| 172 | if(!acc->method) { | 171 | if(!acc->method) { |
| 173 | X509V3err(X509V3_F_V2I_ACCESS_DESCRIPTION,X509V3_R_BAD_OBJECT); | 172 | X509V3err(X509V3_F_V2I_AUTHORITY_INFO_ACCESS,X509V3_R_BAD_OBJECT); |
| 174 | ERR_add_error_data(2, "value=", objtmp); | 173 | ERR_add_error_data(2, "value=", objtmp); |
| 175 | OPENSSL_free(objtmp); | 174 | OPENSSL_free(objtmp); |
| 176 | goto err; | 175 | goto err; |
diff --git a/src/lib/libssl/src/crypto/x509v3/v3_int.c b/src/lib/libssl/src/crypto/x509v3/v3_int.c index 7a43b4717b..9a48dc1508 100644 --- a/src/lib/libssl/src/crypto/x509v3/v3_int.c +++ b/src/lib/libssl/src/crypto/x509v3/v3_int.c | |||
| @@ -60,17 +60,30 @@ | |||
| 60 | #include "cryptlib.h" | 60 | #include "cryptlib.h" |
| 61 | #include <openssl/x509v3.h> | 61 | #include <openssl/x509v3.h> |
| 62 | 62 | ||
| 63 | X509V3_EXT_METHOD v3_crl_num = { | 63 | const X509V3_EXT_METHOD v3_crl_num = { |
| 64 | NID_crl_number, 0, ASN1_ITEM_ref(ASN1_INTEGER), | 64 | NID_crl_number, 0, ASN1_ITEM_ref(ASN1_INTEGER), |
| 65 | 0,0,0,0, | 65 | 0,0,0,0, |
| 66 | (X509V3_EXT_I2S)i2s_ASN1_INTEGER, | 66 | (X509V3_EXT_I2S)i2s_ASN1_INTEGER, |
| 67 | 0, | 67 | 0, |
| 68 | 0,0,0,0, NULL}; | 68 | 0,0,0,0, NULL}; |
| 69 | 69 | ||
| 70 | X509V3_EXT_METHOD v3_delta_crl = { | 70 | const X509V3_EXT_METHOD v3_delta_crl = { |
| 71 | NID_delta_crl, 0, ASN1_ITEM_ref(ASN1_INTEGER), | 71 | NID_delta_crl, 0, ASN1_ITEM_ref(ASN1_INTEGER), |
| 72 | 0,0,0,0, | 72 | 0,0,0,0, |
| 73 | (X509V3_EXT_I2S)i2s_ASN1_INTEGER, | 73 | (X509V3_EXT_I2S)i2s_ASN1_INTEGER, |
| 74 | 0, | 74 | 0, |
| 75 | 0,0,0,0, NULL}; | 75 | 0,0,0,0, NULL}; |
| 76 | 76 | ||
| 77 | static void * s2i_asn1_int(X509V3_EXT_METHOD *meth, X509V3_CTX *ctx, char *value) | ||
| 78 | { | ||
| 79 | return s2i_ASN1_INTEGER(meth, value); | ||
| 80 | } | ||
| 81 | |||
| 82 | const X509V3_EXT_METHOD v3_inhibit_anyp = { | ||
| 83 | NID_inhibit_any_policy, 0, ASN1_ITEM_ref(ASN1_INTEGER), | ||
| 84 | 0,0,0,0, | ||
| 85 | (X509V3_EXT_I2S)i2s_ASN1_INTEGER, | ||
| 86 | (X509V3_EXT_S2I)s2i_asn1_int, | ||
| 87 | 0,0,0,0, NULL}; | ||
| 88 | |||
| 89 | |||
diff --git a/src/lib/libssl/src/crypto/x509v3/v3_lib.c b/src/lib/libssl/src/crypto/x509v3/v3_lib.c index ca5a4a4a57..f3015ea610 100644 --- a/src/lib/libssl/src/crypto/x509v3/v3_lib.c +++ b/src/lib/libssl/src/crypto/x509v3/v3_lib.c | |||
| @@ -162,7 +162,8 @@ int X509V3_add_standard_extensions(void) | |||
| 162 | void *X509V3_EXT_d2i(X509_EXTENSION *ext) | 162 | void *X509V3_EXT_d2i(X509_EXTENSION *ext) |
| 163 | { | 163 | { |
| 164 | X509V3_EXT_METHOD *method; | 164 | X509V3_EXT_METHOD *method; |
| 165 | unsigned char *p; | 165 | const unsigned char *p; |
| 166 | |||
| 166 | if(!(method = X509V3_EXT_get(ext))) return NULL; | 167 | if(!(method = X509V3_EXT_get(ext))) return NULL; |
| 167 | p = ext->value->data; | 168 | p = ext->value->data; |
| 168 | if(method->it) return ASN1_item_d2i(NULL, &p, ext->value->length, ASN1_ITEM_ptr(method->it)); | 169 | if(method->it) return ASN1_item_d2i(NULL, &p, ext->value->length, ASN1_ITEM_ptr(method->it)); |
| @@ -276,7 +277,7 @@ int X509V3_add1_i2d(STACK_OF(X509_EXTENSION) **x, int nid, void *value, | |||
| 276 | ext = X509V3_EXT_i2d(nid, crit, value); | 277 | ext = X509V3_EXT_i2d(nid, crit, value); |
| 277 | 278 | ||
| 278 | if(!ext) { | 279 | if(!ext) { |
| 279 | X509V3err(X509V3_F_X509V3_ADD_I2D, X509V3_R_ERROR_CREATING_EXTENSION); | 280 | X509V3err(X509V3_F_X509V3_ADD1_I2D, X509V3_R_ERROR_CREATING_EXTENSION); |
| 280 | return 0; | 281 | return 0; |
| 281 | } | 282 | } |
| 282 | 283 | ||
| @@ -295,7 +296,7 @@ int X509V3_add1_i2d(STACK_OF(X509_EXTENSION) **x, int nid, void *value, | |||
| 295 | 296 | ||
| 296 | err: | 297 | err: |
| 297 | if(!(flags & X509V3_ADD_SILENT)) | 298 | if(!(flags & X509V3_ADD_SILENT)) |
| 298 | X509V3err(X509V3_F_X509V3_ADD_I2D, errcode); | 299 | X509V3err(X509V3_F_X509V3_ADD1_I2D, errcode); |
| 299 | return 0; | 300 | return 0; |
| 300 | } | 301 | } |
| 301 | 302 | ||
diff --git a/src/lib/libssl/src/crypto/x509v3/v3_ocsp.c b/src/lib/libssl/src/crypto/x509v3/v3_ocsp.c index 21badc13f9..62aac06335 100644 --- a/src/lib/libssl/src/crypto/x509v3/v3_ocsp.c +++ b/src/lib/libssl/src/crypto/x509v3/v3_ocsp.c | |||
| @@ -74,15 +74,15 @@ static int i2r_object(X509V3_EXT_METHOD *method, void *obj, BIO *out, int indent | |||
| 74 | 74 | ||
| 75 | static void *ocsp_nonce_new(void); | 75 | static void *ocsp_nonce_new(void); |
| 76 | static int i2d_ocsp_nonce(void *a, unsigned char **pp); | 76 | static int i2d_ocsp_nonce(void *a, unsigned char **pp); |
| 77 | static void *d2i_ocsp_nonce(void *a, unsigned char **pp, long length); | 77 | static void *d2i_ocsp_nonce(void *a, const unsigned char **pp, long length); |
| 78 | static void ocsp_nonce_free(void *a); | 78 | static void ocsp_nonce_free(void *a); |
| 79 | static int i2r_ocsp_nonce(X509V3_EXT_METHOD *method, void *nonce, BIO *out, int indent); | 79 | static int i2r_ocsp_nonce(X509V3_EXT_METHOD *method, void *nonce, BIO *out, int indent); |
| 80 | 80 | ||
| 81 | static int i2r_ocsp_nocheck(X509V3_EXT_METHOD *method, void *nocheck, BIO *out, int indent); | 81 | static int i2r_ocsp_nocheck(X509V3_EXT_METHOD *method, void *nocheck, BIO *out, int indent); |
| 82 | static void *s2i_ocsp_nocheck(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *str); | 82 | static void *s2i_ocsp_nocheck(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, const char *str); |
| 83 | static int i2r_ocsp_serviceloc(X509V3_EXT_METHOD *method, void *in, BIO *bp, int ind); | 83 | static int i2r_ocsp_serviceloc(X509V3_EXT_METHOD *method, void *in, BIO *bp, int ind); |
| 84 | 84 | ||
| 85 | X509V3_EXT_METHOD v3_ocsp_crlid = { | 85 | const X509V3_EXT_METHOD v3_ocsp_crlid = { |
| 86 | NID_id_pkix_OCSP_CrlID, 0, ASN1_ITEM_ref(OCSP_CRLID), | 86 | NID_id_pkix_OCSP_CrlID, 0, ASN1_ITEM_ref(OCSP_CRLID), |
| 87 | 0,0,0,0, | 87 | 0,0,0,0, |
| 88 | 0,0, | 88 | 0,0, |
| @@ -91,7 +91,7 @@ X509V3_EXT_METHOD v3_ocsp_crlid = { | |||
| 91 | NULL | 91 | NULL |
| 92 | }; | 92 | }; |
| 93 | 93 | ||
| 94 | X509V3_EXT_METHOD v3_ocsp_acutoff = { | 94 | const X509V3_EXT_METHOD v3_ocsp_acutoff = { |
| 95 | NID_id_pkix_OCSP_archiveCutoff, 0, ASN1_ITEM_ref(ASN1_GENERALIZEDTIME), | 95 | NID_id_pkix_OCSP_archiveCutoff, 0, ASN1_ITEM_ref(ASN1_GENERALIZEDTIME), |
| 96 | 0,0,0,0, | 96 | 0,0,0,0, |
| 97 | 0,0, | 97 | 0,0, |
| @@ -100,7 +100,7 @@ X509V3_EXT_METHOD v3_ocsp_acutoff = { | |||
| 100 | NULL | 100 | NULL |
| 101 | }; | 101 | }; |
| 102 | 102 | ||
| 103 | X509V3_EXT_METHOD v3_crl_invdate = { | 103 | const X509V3_EXT_METHOD v3_crl_invdate = { |
| 104 | NID_invalidity_date, 0, ASN1_ITEM_ref(ASN1_GENERALIZEDTIME), | 104 | NID_invalidity_date, 0, ASN1_ITEM_ref(ASN1_GENERALIZEDTIME), |
| 105 | 0,0,0,0, | 105 | 0,0,0,0, |
| 106 | 0,0, | 106 | 0,0, |
| @@ -109,7 +109,7 @@ X509V3_EXT_METHOD v3_crl_invdate = { | |||
| 109 | NULL | 109 | NULL |
| 110 | }; | 110 | }; |
| 111 | 111 | ||
| 112 | X509V3_EXT_METHOD v3_crl_hold = { | 112 | const X509V3_EXT_METHOD v3_crl_hold = { |
| 113 | NID_hold_instruction_code, 0, ASN1_ITEM_ref(ASN1_OBJECT), | 113 | NID_hold_instruction_code, 0, ASN1_ITEM_ref(ASN1_OBJECT), |
| 114 | 0,0,0,0, | 114 | 0,0,0,0, |
| 115 | 0,0, | 115 | 0,0, |
| @@ -118,7 +118,7 @@ X509V3_EXT_METHOD v3_crl_hold = { | |||
| 118 | NULL | 118 | NULL |
| 119 | }; | 119 | }; |
| 120 | 120 | ||
| 121 | X509V3_EXT_METHOD v3_ocsp_nonce = { | 121 | const X509V3_EXT_METHOD v3_ocsp_nonce = { |
| 122 | NID_id_pkix_OCSP_Nonce, 0, NULL, | 122 | NID_id_pkix_OCSP_Nonce, 0, NULL, |
| 123 | ocsp_nonce_new, | 123 | ocsp_nonce_new, |
| 124 | ocsp_nonce_free, | 124 | ocsp_nonce_free, |
| @@ -130,7 +130,7 @@ X509V3_EXT_METHOD v3_ocsp_nonce = { | |||
| 130 | NULL | 130 | NULL |
| 131 | }; | 131 | }; |
| 132 | 132 | ||
| 133 | X509V3_EXT_METHOD v3_ocsp_nocheck = { | 133 | const X509V3_EXT_METHOD v3_ocsp_nocheck = { |
| 134 | NID_id_pkix_OCSP_noCheck, 0, ASN1_ITEM_ref(ASN1_NULL), | 134 | NID_id_pkix_OCSP_noCheck, 0, ASN1_ITEM_ref(ASN1_NULL), |
| 135 | 0,0,0,0, | 135 | 0,0,0,0, |
| 136 | 0,s2i_ocsp_nocheck, | 136 | 0,s2i_ocsp_nocheck, |
| @@ -139,7 +139,7 @@ X509V3_EXT_METHOD v3_ocsp_nocheck = { | |||
| 139 | NULL | 139 | NULL |
| 140 | }; | 140 | }; |
| 141 | 141 | ||
| 142 | X509V3_EXT_METHOD v3_ocsp_serviceloc = { | 142 | const X509V3_EXT_METHOD v3_ocsp_serviceloc = { |
| 143 | NID_id_pkix_OCSP_serviceLocator, 0, ASN1_ITEM_ref(OCSP_SERVICELOC), | 143 | NID_id_pkix_OCSP_serviceLocator, 0, ASN1_ITEM_ref(OCSP_SERVICELOC), |
| 144 | 0,0,0,0, | 144 | 0,0,0,0, |
| 145 | 0,0, | 145 | 0,0, |
| @@ -208,7 +208,7 @@ static int i2d_ocsp_nonce(void *a, unsigned char **pp) | |||
| 208 | return os->length; | 208 | return os->length; |
| 209 | } | 209 | } |
| 210 | 210 | ||
| 211 | static void *d2i_ocsp_nonce(void *a, unsigned char **pp, long length) | 211 | static void *d2i_ocsp_nonce(void *a, const unsigned char **pp, long length) |
| 212 | { | 212 | { |
| 213 | ASN1_OCTET_STRING *os, **pos; | 213 | ASN1_OCTET_STRING *os, **pos; |
| 214 | pos = a; | 214 | pos = a; |
| @@ -246,7 +246,7 @@ static int i2r_ocsp_nocheck(X509V3_EXT_METHOD *method, void *nocheck, BIO *out, | |||
| 246 | return 1; | 246 | return 1; |
| 247 | } | 247 | } |
| 248 | 248 | ||
| 249 | static void *s2i_ocsp_nocheck(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *str) | 249 | static void *s2i_ocsp_nocheck(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, const char *str) |
| 250 | { | 250 | { |
| 251 | return ASN1_NULL_new(); | 251 | return ASN1_NULL_new(); |
| 252 | } | 252 | } |
diff --git a/src/lib/libssl/src/crypto/x509v3/v3_pku.c b/src/lib/libssl/src/crypto/x509v3/v3_pku.c index 49a2e4697a..5c4626e89b 100644 --- a/src/lib/libssl/src/crypto/x509v3/v3_pku.c +++ b/src/lib/libssl/src/crypto/x509v3/v3_pku.c | |||
| @@ -66,7 +66,7 @@ static int i2r_PKEY_USAGE_PERIOD(X509V3_EXT_METHOD *method, PKEY_USAGE_PERIOD *u | |||
| 66 | /* | 66 | /* |
| 67 | static PKEY_USAGE_PERIOD *v2i_PKEY_USAGE_PERIOD(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values); | 67 | static PKEY_USAGE_PERIOD *v2i_PKEY_USAGE_PERIOD(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values); |
| 68 | */ | 68 | */ |
| 69 | X509V3_EXT_METHOD v3_pkey_usage_period = { | 69 | const X509V3_EXT_METHOD v3_pkey_usage_period = { |
| 70 | NID_private_key_usage_period, 0, ASN1_ITEM_ref(PKEY_USAGE_PERIOD), | 70 | NID_private_key_usage_period, 0, ASN1_ITEM_ref(PKEY_USAGE_PERIOD), |
| 71 | 0,0,0,0, | 71 | 0,0,0,0, |
| 72 | 0,0,0,0, | 72 | 0,0,0,0, |
diff --git a/src/lib/libssl/src/crypto/x509v3/v3_prn.c b/src/lib/libssl/src/crypto/x509v3/v3_prn.c index 5d268eb768..20bd9bda19 100644 --- a/src/lib/libssl/src/crypto/x509v3/v3_prn.c +++ b/src/lib/libssl/src/crypto/x509v3/v3_prn.c | |||
| @@ -109,10 +109,11 @@ int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, unsigned long flag, int inde | |||
| 109 | { | 109 | { |
| 110 | void *ext_str = NULL; | 110 | void *ext_str = NULL; |
| 111 | char *value = NULL; | 111 | char *value = NULL; |
| 112 | unsigned char *p; | 112 | const unsigned char *p; |
| 113 | X509V3_EXT_METHOD *method; | 113 | X509V3_EXT_METHOD *method; |
| 114 | STACK_OF(CONF_VALUE) *nval = NULL; | 114 | STACK_OF(CONF_VALUE) *nval = NULL; |
| 115 | int ok = 1; | 115 | int ok = 1; |
| 116 | |||
| 116 | if(!(method = X509V3_EXT_get(ext))) | 117 | if(!(method = X509V3_EXT_get(ext))) |
| 117 | return unknown_ext_print(out, ext, flag, indent, 0); | 118 | return unknown_ext_print(out, ext, flag, indent, 0); |
| 118 | p = ext->value->data; | 119 | p = ext->value->data; |
| @@ -182,7 +183,7 @@ int X509V3_extensions_print(BIO *bp, char *title, STACK_OF(X509_EXTENSION) *exts | |||
| 182 | obj=X509_EXTENSION_get_object(ex); | 183 | obj=X509_EXTENSION_get_object(ex); |
| 183 | i2a_ASN1_OBJECT(bp,obj); | 184 | i2a_ASN1_OBJECT(bp,obj); |
| 184 | j=X509_EXTENSION_get_critical(ex); | 185 | j=X509_EXTENSION_get_critical(ex); |
| 185 | if (BIO_printf(bp,": %s\n",j?"critical":"","") <= 0) | 186 | if (BIO_printf(bp,": %s\n",j?"critical":"") <= 0) |
| 186 | return 0; | 187 | return 0; |
| 187 | if(!X509V3_EXT_print(bp, ex, flag, indent + 4)) | 188 | if(!X509V3_EXT_print(bp, ex, flag, indent + 4)) |
| 188 | { | 189 | { |
diff --git a/src/lib/libssl/src/crypto/x509v3/v3_purp.c b/src/lib/libssl/src/crypto/x509v3/v3_purp.c index bbdf6da493..b2f5cdfa05 100644 --- a/src/lib/libssl/src/crypto/x509v3/v3_purp.c +++ b/src/lib/libssl/src/crypto/x509v3/v3_purp.c | |||
| @@ -139,7 +139,7 @@ int X509_PURPOSE_get_count(void) | |||
| 139 | X509_PURPOSE * X509_PURPOSE_get0(int idx) | 139 | X509_PURPOSE * X509_PURPOSE_get0(int idx) |
| 140 | { | 140 | { |
| 141 | if(idx < 0) return NULL; | 141 | if(idx < 0) return NULL; |
| 142 | if(idx < X509_PURPOSE_COUNT) return xstandard + idx; | 142 | if(idx < (int)X509_PURPOSE_COUNT) return xstandard + idx; |
| 143 | return sk_X509_PURPOSE_value(xptable, idx - X509_PURPOSE_COUNT); | 143 | return sk_X509_PURPOSE_value(xptable, idx - X509_PURPOSE_COUNT); |
| 144 | } | 144 | } |
| 145 | 145 | ||
| @@ -239,7 +239,7 @@ static void xptable_free(X509_PURPOSE *p) | |||
| 239 | 239 | ||
| 240 | void X509_PURPOSE_cleanup(void) | 240 | void X509_PURPOSE_cleanup(void) |
| 241 | { | 241 | { |
| 242 | int i; | 242 | unsigned int i; |
| 243 | sk_X509_PURPOSE_pop_free(xptable, xptable_free); | 243 | sk_X509_PURPOSE_pop_free(xptable, xptable_free); |
| 244 | for(i = 0; i < X509_PURPOSE_COUNT; i++) xptable_free(xstandard + i); | 244 | for(i = 0; i < X509_PURPOSE_COUNT; i++) xptable_free(xstandard + i); |
| 245 | xptable = NULL; | 245 | xptable = NULL; |
| @@ -285,7 +285,12 @@ int X509_supported_extension(X509_EXTENSION *ex) | |||
| 285 | NID_key_usage, /* 83 */ | 285 | NID_key_usage, /* 83 */ |
| 286 | NID_subject_alt_name, /* 85 */ | 286 | NID_subject_alt_name, /* 85 */ |
| 287 | NID_basic_constraints, /* 87 */ | 287 | NID_basic_constraints, /* 87 */ |
| 288 | NID_certificate_policies, /* 89 */ | ||
| 288 | NID_ext_key_usage, /* 126 */ | 289 | NID_ext_key_usage, /* 126 */ |
| 290 | #ifndef OPENSSL_NO_RFC3779 | ||
| 291 | NID_sbgp_ipAddrBlock, /* 290 */ | ||
| 292 | NID_sbgp_autonomousSysNum, /* 291 */ | ||
| 293 | #endif | ||
| 289 | NID_proxyCertInfo /* 661 */ | 294 | NID_proxyCertInfo /* 661 */ |
| 290 | }; | 295 | }; |
| 291 | 296 | ||
| @@ -343,6 +348,10 @@ static void x509v3_cache_extensions(X509 *x) | |||
| 343 | || X509_get_ext_by_NID(x, NID_issuer_alt_name, 0) >= 0) { | 348 | || X509_get_ext_by_NID(x, NID_issuer_alt_name, 0) >= 0) { |
| 344 | x->ex_flags |= EXFLAG_INVALID; | 349 | x->ex_flags |= EXFLAG_INVALID; |
| 345 | } | 350 | } |
| 351 | if (pci->pcPathLengthConstraint) { | ||
| 352 | x->ex_pcpathlen = | ||
| 353 | ASN1_INTEGER_get(pci->pcPathLengthConstraint); | ||
| 354 | } else x->ex_pcpathlen = -1; | ||
| 346 | PROXY_CERT_INFO_EXTENSION_free(pci); | 355 | PROXY_CERT_INFO_EXTENSION_free(pci); |
| 347 | x->ex_flags |= EXFLAG_PROXY; | 356 | x->ex_flags |= EXFLAG_PROXY; |
| 348 | } | 357 | } |
| @@ -406,6 +415,11 @@ static void x509v3_cache_extensions(X509 *x) | |||
| 406 | } | 415 | } |
| 407 | x->skid =X509_get_ext_d2i(x, NID_subject_key_identifier, NULL, NULL); | 416 | x->skid =X509_get_ext_d2i(x, NID_subject_key_identifier, NULL, NULL); |
| 408 | x->akid =X509_get_ext_d2i(x, NID_authority_key_identifier, NULL, NULL); | 417 | x->akid =X509_get_ext_d2i(x, NID_authority_key_identifier, NULL, NULL); |
| 418 | #ifndef OPENSSL_NO_RFC3779 | ||
| 419 | x->rfc3779_addr =X509_get_ext_d2i(x, NID_sbgp_ipAddrBlock, NULL, NULL); | ||
| 420 | x->rfc3779_asid =X509_get_ext_d2i(x, NID_sbgp_autonomousSysNum, | ||
| 421 | NULL, NULL); | ||
| 422 | #endif | ||
| 409 | for (i = 0; i < X509_get_ext_count(x); i++) | 423 | for (i = 0; i < X509_get_ext_count(x); i++) |
| 410 | { | 424 | { |
| 411 | ex = X509_get_ext(x, i); | 425 | ex = X509_get_ext(x, i); |
diff --git a/src/lib/libssl/src/crypto/x509v3/v3_skey.c b/src/lib/libssl/src/crypto/x509v3/v3_skey.c index c0f044ac1b..da0a3558f6 100644 --- a/src/lib/libssl/src/crypto/x509v3/v3_skey.c +++ b/src/lib/libssl/src/crypto/x509v3/v3_skey.c | |||
| @@ -62,7 +62,7 @@ | |||
| 62 | #include <openssl/x509v3.h> | 62 | #include <openssl/x509v3.h> |
| 63 | 63 | ||
| 64 | static ASN1_OCTET_STRING *s2i_skey_id(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *str); | 64 | static ASN1_OCTET_STRING *s2i_skey_id(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *str); |
| 65 | X509V3_EXT_METHOD v3_skey_id = { | 65 | const X509V3_EXT_METHOD v3_skey_id = { |
| 66 | NID_subject_key_identifier, 0, ASN1_ITEM_ref(ASN1_OCTET_STRING), | 66 | NID_subject_key_identifier, 0, ASN1_ITEM_ref(ASN1_OCTET_STRING), |
| 67 | 0,0,0,0, | 67 | 0,0,0,0, |
| 68 | (X509V3_EXT_I2S)i2s_ASN1_OCTET_STRING, | 68 | (X509V3_EXT_I2S)i2s_ASN1_OCTET_STRING, |
| @@ -109,14 +109,14 @@ static ASN1_OCTET_STRING *s2i_skey_id(X509V3_EXT_METHOD *method, | |||
| 109 | if(strcmp(str, "hash")) return s2i_ASN1_OCTET_STRING(method, ctx, str); | 109 | if(strcmp(str, "hash")) return s2i_ASN1_OCTET_STRING(method, ctx, str); |
| 110 | 110 | ||
| 111 | if(!(oct = M_ASN1_OCTET_STRING_new())) { | 111 | if(!(oct = M_ASN1_OCTET_STRING_new())) { |
| 112 | X509V3err(X509V3_F_S2I_S2I_SKEY_ID,ERR_R_MALLOC_FAILURE); | 112 | X509V3err(X509V3_F_S2I_SKEY_ID,ERR_R_MALLOC_FAILURE); |
| 113 | return NULL; | 113 | return NULL; |
| 114 | } | 114 | } |
| 115 | 115 | ||
| 116 | if(ctx && (ctx->flags == CTX_TEST)) return oct; | 116 | if(ctx && (ctx->flags == CTX_TEST)) return oct; |
| 117 | 117 | ||
| 118 | if(!ctx || (!ctx->subject_req && !ctx->subject_cert)) { | 118 | if(!ctx || (!ctx->subject_req && !ctx->subject_cert)) { |
| 119 | X509V3err(X509V3_F_S2I_ASN1_SKEY_ID,X509V3_R_NO_PUBLIC_KEY); | 119 | X509V3err(X509V3_F_S2I_SKEY_ID,X509V3_R_NO_PUBLIC_KEY); |
| 120 | goto err; | 120 | goto err; |
| 121 | } | 121 | } |
| 122 | 122 | ||
| @@ -125,14 +125,14 @@ static ASN1_OCTET_STRING *s2i_skey_id(X509V3_EXT_METHOD *method, | |||
| 125 | else pk = ctx->subject_cert->cert_info->key->public_key; | 125 | else pk = ctx->subject_cert->cert_info->key->public_key; |
| 126 | 126 | ||
| 127 | if(!pk) { | 127 | if(!pk) { |
| 128 | X509V3err(X509V3_F_S2I_ASN1_SKEY_ID,X509V3_R_NO_PUBLIC_KEY); | 128 | X509V3err(X509V3_F_S2I_SKEY_ID,X509V3_R_NO_PUBLIC_KEY); |
| 129 | goto err; | 129 | goto err; |
| 130 | } | 130 | } |
| 131 | 131 | ||
| 132 | EVP_Digest(pk->data, pk->length, pkey_dig, &diglen, EVP_sha1(), NULL); | 132 | EVP_Digest(pk->data, pk->length, pkey_dig, &diglen, EVP_sha1(), NULL); |
| 133 | 133 | ||
| 134 | if(!M_ASN1_OCTET_STRING_set(oct, pkey_dig, diglen)) { | 134 | if(!M_ASN1_OCTET_STRING_set(oct, pkey_dig, diglen)) { |
| 135 | X509V3err(X509V3_F_S2I_S2I_SKEY_ID,ERR_R_MALLOC_FAILURE); | 135 | X509V3err(X509V3_F_S2I_SKEY_ID,ERR_R_MALLOC_FAILURE); |
| 136 | goto err; | 136 | goto err; |
| 137 | } | 137 | } |
| 138 | 138 | ||
diff --git a/src/lib/libssl/src/crypto/x509v3/v3_sxnet.c b/src/lib/libssl/src/crypto/x509v3/v3_sxnet.c index d3f4ba3a72..eaea9ea01b 100644 --- a/src/lib/libssl/src/crypto/x509v3/v3_sxnet.c +++ b/src/lib/libssl/src/crypto/x509v3/v3_sxnet.c | |||
| @@ -72,7 +72,7 @@ static int sxnet_i2r(X509V3_EXT_METHOD *method, SXNET *sx, BIO *out, int indent) | |||
| 72 | static SXNET * sxnet_v2i(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, | 72 | static SXNET * sxnet_v2i(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, |
| 73 | STACK_OF(CONF_VALUE) *nval); | 73 | STACK_OF(CONF_VALUE) *nval); |
| 74 | #endif | 74 | #endif |
| 75 | X509V3_EXT_METHOD v3_sxnet = { | 75 | const X509V3_EXT_METHOD v3_sxnet = { |
| 76 | NID_sxnet, X509V3_EXT_MULTILINE, ASN1_ITEM_ref(SXNET), | 76 | NID_sxnet, X509V3_EXT_MULTILINE, ASN1_ITEM_ref(SXNET), |
| 77 | 0,0,0,0, | 77 | 0,0,0,0, |
| 78 | 0,0, | 78 | 0,0, |
| @@ -109,7 +109,7 @@ static int sxnet_i2r(X509V3_EXT_METHOD *method, SXNET *sx, BIO *out, | |||
| 109 | SXNETID *id; | 109 | SXNETID *id; |
| 110 | int i; | 110 | int i; |
| 111 | v = ASN1_INTEGER_get(sx->version); | 111 | v = ASN1_INTEGER_get(sx->version); |
| 112 | BIO_printf(out, "%*sVersion: %d (0x%X)", indent, "", v + 1, v); | 112 | BIO_printf(out, "%*sVersion: %ld (0x%lX)", indent, "", v + 1, v); |
| 113 | for(i = 0; i < sk_SXNETID_num(sx->ids); i++) { | 113 | for(i = 0; i < sk_SXNETID_num(sx->ids); i++) { |
| 114 | id = sk_SXNETID_value(sx->ids, i); | 114 | id = sk_SXNETID_value(sx->ids, i); |
| 115 | tmp = i2s_ASN1_INTEGER(NULL, id->zone); | 115 | tmp = i2s_ASN1_INTEGER(NULL, id->zone); |
| @@ -154,7 +154,7 @@ int SXNET_add_id_asc(SXNET **psx, char *zone, char *user, | |||
| 154 | { | 154 | { |
| 155 | ASN1_INTEGER *izone = NULL; | 155 | ASN1_INTEGER *izone = NULL; |
| 156 | if(!(izone = s2i_ASN1_INTEGER(NULL, zone))) { | 156 | if(!(izone = s2i_ASN1_INTEGER(NULL, zone))) { |
| 157 | X509V3err(X509V3_F_SXNET_ADD_ASC,X509V3_R_ERROR_CONVERTING_ZONE); | 157 | X509V3err(X509V3_F_SXNET_ADD_ID_ASC,X509V3_R_ERROR_CONVERTING_ZONE); |
| 158 | return 0; | 158 | return 0; |
| 159 | } | 159 | } |
| 160 | return SXNET_add_id_INTEGER(psx, izone, user, userlen); | 160 | return SXNET_add_id_INTEGER(psx, izone, user, userlen); |
diff --git a/src/lib/libssl/src/crypto/x509v3/v3_utl.c b/src/lib/libssl/src/crypto/x509v3/v3_utl.c index f23a8d29a0..57be441399 100644 --- a/src/lib/libssl/src/crypto/x509v3/v3_utl.c +++ b/src/lib/libssl/src/crypto/x509v3/v3_utl.c | |||
| @@ -1,9 +1,9 @@ | |||
| 1 | /* v3_utl.c */ | 1 | /* v3_utl.c */ |
| 2 | /* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL | 2 | /* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL |
| 3 | * project 1999. | 3 | * project. |
| 4 | */ | 4 | */ |
| 5 | /* ==================================================================== | 5 | /* ==================================================================== |
| 6 | * Copyright (c) 1999 The OpenSSL Project. All rights reserved. | 6 | * Copyright (c) 1999-2003 The OpenSSL Project. All rights reserved. |
| 7 | * | 7 | * |
| 8 | * Redistribution and use in source and binary forms, with or without | 8 | * Redistribution and use in source and binary forms, with or without |
| 9 | * modification, are permitted provided that the following conditions | 9 | * modification, are permitted provided that the following conditions |
| @@ -63,6 +63,7 @@ | |||
| 63 | #include "cryptlib.h" | 63 | #include "cryptlib.h" |
| 64 | #include <openssl/conf.h> | 64 | #include <openssl/conf.h> |
| 65 | #include <openssl/x509v3.h> | 65 | #include <openssl/x509v3.h> |
| 66 | #include <openssl/bn.h> | ||
| 66 | 67 | ||
| 67 | static char *strip_spaces(char *name); | 68 | static char *strip_spaces(char *name); |
| 68 | static int sk_strcmp(const char * const *a, const char * const *b); | 69 | static int sk_strcmp(const char * const *a, const char * const *b); |
| @@ -70,6 +71,11 @@ static STACK *get_email(X509_NAME *name, GENERAL_NAMES *gens); | |||
| 70 | static void str_free(void *str); | 71 | static void str_free(void *str); |
| 71 | static int append_ia5(STACK **sk, ASN1_IA5STRING *email); | 72 | static int append_ia5(STACK **sk, ASN1_IA5STRING *email); |
| 72 | 73 | ||
| 74 | static int ipv4_from_asc(unsigned char *v4, const char *in); | ||
| 75 | static int ipv6_from_asc(unsigned char *v6, const char *in); | ||
| 76 | static int ipv6_cb(const char *elem, int len, void *usr); | ||
| 77 | static int ipv6_hex(unsigned char *out, const char *in, int inlen); | ||
| 78 | |||
| 73 | /* Add a CONF_VALUE name value pair to stack */ | 79 | /* Add a CONF_VALUE name value pair to stack */ |
| 74 | 80 | ||
| 75 | int X509V3_add_value(const char *name, const char *value, | 81 | int X509V3_add_value(const char *name, const char *value, |
| @@ -156,11 +162,11 @@ ASN1_INTEGER *s2i_ASN1_INTEGER(X509V3_EXT_METHOD *method, char *value) | |||
| 156 | ASN1_INTEGER *aint; | 162 | ASN1_INTEGER *aint; |
| 157 | int isneg, ishex; | 163 | int isneg, ishex; |
| 158 | int ret; | 164 | int ret; |
| 159 | bn = BN_new(); | ||
| 160 | if (!value) { | 165 | if (!value) { |
| 161 | X509V3err(X509V3_F_S2I_ASN1_INTEGER,X509V3_R_INVALID_NULL_VALUE); | 166 | X509V3err(X509V3_F_S2I_ASN1_INTEGER,X509V3_R_INVALID_NULL_VALUE); |
| 162 | return 0; | 167 | return 0; |
| 163 | } | 168 | } |
| 169 | bn = BN_new(); | ||
| 164 | if (value[0] == '-') { | 170 | if (value[0] == '-') { |
| 165 | value++; | 171 | value++; |
| 166 | isneg = 1; | 172 | isneg = 1; |
| @@ -174,7 +180,8 @@ ASN1_INTEGER *s2i_ASN1_INTEGER(X509V3_EXT_METHOD *method, char *value) | |||
| 174 | if (ishex) ret = BN_hex2bn(&bn, value); | 180 | if (ishex) ret = BN_hex2bn(&bn, value); |
| 175 | else ret = BN_dec2bn(&bn, value); | 181 | else ret = BN_dec2bn(&bn, value); |
| 176 | 182 | ||
| 177 | if (!ret) { | 183 | if (!ret || value[ret]) { |
| 184 | BN_free(bn); | ||
| 178 | X509V3err(X509V3_F_S2I_ASN1_INTEGER,X509V3_R_BN_DEC2BN_ERROR); | 185 | X509V3err(X509V3_F_S2I_ASN1_INTEGER,X509V3_R_BN_DEC2BN_ERROR); |
| 179 | return 0; | 186 | return 0; |
| 180 | } | 187 | } |
| @@ -358,7 +365,7 @@ char *hex_to_string(unsigned char *buffer, long len) | |||
| 358 | char *tmp, *q; | 365 | char *tmp, *q; |
| 359 | unsigned char *p; | 366 | unsigned char *p; |
| 360 | int i; | 367 | int i; |
| 361 | static char hexdig[] = "0123456789ABCDEF"; | 368 | const static char hexdig[] = "0123456789ABCDEF"; |
| 362 | if(!buffer || !len) return NULL; | 369 | if(!buffer || !len) return NULL; |
| 363 | if(!(tmp = OPENSSL_malloc(len * 3 + 1))) { | 370 | if(!(tmp = OPENSSL_malloc(len * 3 + 1))) { |
| 364 | X509V3err(X509V3_F_HEX_TO_STRING,ERR_R_MALLOC_FAILURE); | 371 | X509V3err(X509V3_F_HEX_TO_STRING,ERR_R_MALLOC_FAILURE); |
| @@ -466,6 +473,30 @@ STACK *X509_get1_email(X509 *x) | |||
| 466 | return ret; | 473 | return ret; |
| 467 | } | 474 | } |
| 468 | 475 | ||
| 476 | STACK *X509_get1_ocsp(X509 *x) | ||
| 477 | { | ||
| 478 | AUTHORITY_INFO_ACCESS *info; | ||
| 479 | STACK *ret = NULL; | ||
| 480 | int i; | ||
| 481 | info = X509_get_ext_d2i(x, NID_info_access, NULL, NULL); | ||
| 482 | if (!info) | ||
| 483 | return NULL; | ||
| 484 | for (i = 0; i < sk_ACCESS_DESCRIPTION_num(info); i++) | ||
| 485 | { | ||
| 486 | ACCESS_DESCRIPTION *ad = sk_ACCESS_DESCRIPTION_value(info, i); | ||
| 487 | if (OBJ_obj2nid(ad->method) == NID_ad_OCSP) | ||
| 488 | { | ||
| 489 | if (ad->location->type == GEN_URI) | ||
| 490 | { | ||
| 491 | if (!append_ia5(&ret, ad->location->d.uniformResourceIdentifier)) | ||
| 492 | break; | ||
| 493 | } | ||
| 494 | } | ||
| 495 | } | ||
| 496 | AUTHORITY_INFO_ACCESS_free(info); | ||
| 497 | return ret; | ||
| 498 | } | ||
| 499 | |||
| 469 | STACK *X509_REQ_get1_email(X509_REQ *x) | 500 | STACK *X509_REQ_get1_email(X509_REQ *x) |
| 470 | { | 501 | { |
| 471 | GENERAL_NAMES *gens; | 502 | GENERAL_NAMES *gens; |
| @@ -533,3 +564,305 @@ void X509_email_free(STACK *sk) | |||
| 533 | { | 564 | { |
| 534 | sk_pop_free(sk, str_free); | 565 | sk_pop_free(sk, str_free); |
| 535 | } | 566 | } |
| 567 | |||
| 568 | /* Convert IP addresses both IPv4 and IPv6 into an | ||
| 569 | * OCTET STRING compatible with RFC3280. | ||
| 570 | */ | ||
| 571 | |||
| 572 | ASN1_OCTET_STRING *a2i_IPADDRESS(const char *ipasc) | ||
| 573 | { | ||
| 574 | unsigned char ipout[16]; | ||
| 575 | ASN1_OCTET_STRING *ret; | ||
| 576 | int iplen; | ||
| 577 | |||
| 578 | /* If string contains a ':' assume IPv6 */ | ||
| 579 | |||
| 580 | iplen = a2i_ipadd(ipout, ipasc); | ||
| 581 | |||
| 582 | if (!iplen) | ||
| 583 | return NULL; | ||
| 584 | |||
| 585 | ret = ASN1_OCTET_STRING_new(); | ||
| 586 | if (!ret) | ||
| 587 | return NULL; | ||
| 588 | if (!ASN1_OCTET_STRING_set(ret, ipout, iplen)) | ||
| 589 | { | ||
| 590 | ASN1_OCTET_STRING_free(ret); | ||
| 591 | return NULL; | ||
| 592 | } | ||
| 593 | return ret; | ||
| 594 | } | ||
| 595 | |||
| 596 | ASN1_OCTET_STRING *a2i_IPADDRESS_NC(const char *ipasc) | ||
| 597 | { | ||
| 598 | ASN1_OCTET_STRING *ret = NULL; | ||
| 599 | unsigned char ipout[32]; | ||
| 600 | char *iptmp = NULL, *p; | ||
| 601 | int iplen1, iplen2; | ||
| 602 | p = strchr(ipasc,'/'); | ||
| 603 | if (!p) | ||
| 604 | return NULL; | ||
| 605 | iptmp = BUF_strdup(ipasc); | ||
| 606 | if (!iptmp) | ||
| 607 | return NULL; | ||
| 608 | p = iptmp + (p - ipasc); | ||
| 609 | *p++ = 0; | ||
| 610 | |||
| 611 | iplen1 = a2i_ipadd(ipout, iptmp); | ||
| 612 | |||
| 613 | if (!iplen1) | ||
| 614 | goto err; | ||
| 615 | |||
| 616 | iplen2 = a2i_ipadd(ipout + iplen1, p); | ||
| 617 | |||
| 618 | OPENSSL_free(iptmp); | ||
| 619 | iptmp = NULL; | ||
| 620 | |||
| 621 | if (!iplen2 || (iplen1 != iplen2)) | ||
| 622 | goto err; | ||
| 623 | |||
| 624 | ret = ASN1_OCTET_STRING_new(); | ||
| 625 | if (!ret) | ||
| 626 | goto err; | ||
| 627 | if (!ASN1_OCTET_STRING_set(ret, ipout, iplen1 + iplen2)) | ||
| 628 | goto err; | ||
| 629 | |||
| 630 | return ret; | ||
| 631 | |||
| 632 | err: | ||
| 633 | if (iptmp) | ||
| 634 | OPENSSL_free(iptmp); | ||
| 635 | if (ret) | ||
| 636 | ASN1_OCTET_STRING_free(ret); | ||
| 637 | return NULL; | ||
| 638 | } | ||
| 639 | |||
| 640 | |||
| 641 | int a2i_ipadd(unsigned char *ipout, const char *ipasc) | ||
| 642 | { | ||
| 643 | /* If string contains a ':' assume IPv6 */ | ||
| 644 | |||
| 645 | if (strchr(ipasc, ':')) | ||
| 646 | { | ||
| 647 | if (!ipv6_from_asc(ipout, ipasc)) | ||
| 648 | return 0; | ||
| 649 | return 16; | ||
| 650 | } | ||
| 651 | else | ||
| 652 | { | ||
| 653 | if (!ipv4_from_asc(ipout, ipasc)) | ||
| 654 | return 0; | ||
| 655 | return 4; | ||
| 656 | } | ||
| 657 | } | ||
| 658 | |||
| 659 | static int ipv4_from_asc(unsigned char *v4, const char *in) | ||
| 660 | { | ||
| 661 | int a0, a1, a2, a3; | ||
| 662 | if (sscanf(in, "%d.%d.%d.%d", &a0, &a1, &a2, &a3) != 4) | ||
| 663 | return 0; | ||
| 664 | if ((a0 < 0) || (a0 > 255) || (a1 < 0) || (a1 > 255) | ||
| 665 | || (a2 < 0) || (a2 > 255) || (a3 < 0) || (a3 > 255)) | ||
| 666 | return 0; | ||
| 667 | v4[0] = a0; | ||
| 668 | v4[1] = a1; | ||
| 669 | v4[2] = a2; | ||
| 670 | v4[3] = a3; | ||
| 671 | return 1; | ||
| 672 | } | ||
| 673 | |||
| 674 | typedef struct { | ||
| 675 | /* Temporary store for IPV6 output */ | ||
| 676 | unsigned char tmp[16]; | ||
| 677 | /* Total number of bytes in tmp */ | ||
| 678 | int total; | ||
| 679 | /* The position of a zero (corresponding to '::') */ | ||
| 680 | int zero_pos; | ||
| 681 | /* Number of zeroes */ | ||
| 682 | int zero_cnt; | ||
| 683 | } IPV6_STAT; | ||
| 684 | |||
| 685 | |||
| 686 | static int ipv6_from_asc(unsigned char *v6, const char *in) | ||
| 687 | { | ||
| 688 | IPV6_STAT v6stat; | ||
| 689 | v6stat.total = 0; | ||
| 690 | v6stat.zero_pos = -1; | ||
| 691 | v6stat.zero_cnt = 0; | ||
| 692 | /* Treat the IPv6 representation as a list of values | ||
| 693 | * separated by ':'. The presence of a '::' will parse | ||
| 694 | * as one, two or three zero length elements. | ||
| 695 | */ | ||
| 696 | if (!CONF_parse_list(in, ':', 0, ipv6_cb, &v6stat)) | ||
| 697 | return 0; | ||
| 698 | |||
| 699 | /* Now for some sanity checks */ | ||
| 700 | |||
| 701 | if (v6stat.zero_pos == -1) | ||
| 702 | { | ||
| 703 | /* If no '::' must have exactly 16 bytes */ | ||
| 704 | if (v6stat.total != 16) | ||
| 705 | return 0; | ||
| 706 | } | ||
| 707 | else | ||
| 708 | { | ||
| 709 | /* If '::' must have less than 16 bytes */ | ||
| 710 | if (v6stat.total == 16) | ||
| 711 | return 0; | ||
| 712 | /* More than three zeroes is an error */ | ||
| 713 | if (v6stat.zero_cnt > 3) | ||
| 714 | return 0; | ||
| 715 | /* Can only have three zeroes if nothing else present */ | ||
| 716 | else if (v6stat.zero_cnt == 3) | ||
| 717 | { | ||
| 718 | if (v6stat.total > 0) | ||
| 719 | return 0; | ||
| 720 | } | ||
| 721 | /* Can only have two zeroes if at start or end */ | ||
| 722 | else if (v6stat.zero_cnt == 2) | ||
| 723 | { | ||
| 724 | if ((v6stat.zero_pos != 0) | ||
| 725 | && (v6stat.zero_pos != v6stat.total)) | ||
| 726 | return 0; | ||
| 727 | } | ||
| 728 | else | ||
| 729 | /* Can only have one zero if *not* start or end */ | ||
| 730 | { | ||
| 731 | if ((v6stat.zero_pos == 0) | ||
| 732 | || (v6stat.zero_pos == v6stat.total)) | ||
| 733 | return 0; | ||
| 734 | } | ||
| 735 | } | ||
| 736 | |||
| 737 | /* Format result */ | ||
| 738 | |||
| 739 | /* Copy initial part */ | ||
| 740 | if (v6stat.zero_pos > 0) | ||
| 741 | memcpy(v6, v6stat.tmp, v6stat.zero_pos); | ||
| 742 | /* Zero middle */ | ||
| 743 | if (v6stat.total != 16) | ||
| 744 | memset(v6 + v6stat.zero_pos, 0, 16 - v6stat.total); | ||
| 745 | /* Copy final part */ | ||
| 746 | if (v6stat.total != v6stat.zero_pos) | ||
| 747 | memcpy(v6 + v6stat.zero_pos + 16 - v6stat.total, | ||
| 748 | v6stat.tmp + v6stat.zero_pos, | ||
| 749 | v6stat.total - v6stat.zero_pos); | ||
| 750 | |||
| 751 | return 1; | ||
| 752 | } | ||
| 753 | |||
| 754 | static int ipv6_cb(const char *elem, int len, void *usr) | ||
| 755 | { | ||
| 756 | IPV6_STAT *s = usr; | ||
| 757 | /* Error if 16 bytes written */ | ||
| 758 | if (s->total == 16) | ||
| 759 | return 0; | ||
| 760 | if (len == 0) | ||
| 761 | { | ||
| 762 | /* Zero length element, corresponds to '::' */ | ||
| 763 | if (s->zero_pos == -1) | ||
| 764 | s->zero_pos = s->total; | ||
| 765 | /* If we've already got a :: its an error */ | ||
| 766 | else if (s->zero_pos != s->total) | ||
| 767 | return 0; | ||
| 768 | s->zero_cnt++; | ||
| 769 | } | ||
| 770 | else | ||
| 771 | { | ||
| 772 | /* If more than 4 characters could be final a.b.c.d form */ | ||
| 773 | if (len > 4) | ||
| 774 | { | ||
| 775 | /* Need at least 4 bytes left */ | ||
| 776 | if (s->total > 12) | ||
| 777 | return 0; | ||
| 778 | /* Must be end of string */ | ||
| 779 | if (elem[len]) | ||
| 780 | return 0; | ||
| 781 | if (!ipv4_from_asc(s->tmp + s->total, elem)) | ||
| 782 | return 0; | ||
| 783 | s->total += 4; | ||
| 784 | } | ||
| 785 | else | ||
| 786 | { | ||
| 787 | if (!ipv6_hex(s->tmp + s->total, elem, len)) | ||
| 788 | return 0; | ||
| 789 | s->total += 2; | ||
| 790 | } | ||
| 791 | } | ||
| 792 | return 1; | ||
| 793 | } | ||
| 794 | |||
| 795 | /* Convert a string of up to 4 hex digits into the corresponding | ||
| 796 | * IPv6 form. | ||
| 797 | */ | ||
| 798 | |||
| 799 | static int ipv6_hex(unsigned char *out, const char *in, int inlen) | ||
| 800 | { | ||
| 801 | unsigned char c; | ||
| 802 | unsigned int num = 0; | ||
| 803 | if (inlen > 4) | ||
| 804 | return 0; | ||
| 805 | while(inlen--) | ||
| 806 | { | ||
| 807 | c = *in++; | ||
| 808 | num <<= 4; | ||
| 809 | if ((c >= '0') && (c <= '9')) | ||
| 810 | num |= c - '0'; | ||
| 811 | else if ((c >= 'A') && (c <= 'F')) | ||
| 812 | num |= c - 'A' + 10; | ||
| 813 | else if ((c >= 'a') && (c <= 'f')) | ||
| 814 | num |= c - 'a' + 10; | ||
| 815 | else | ||
| 816 | return 0; | ||
| 817 | } | ||
| 818 | out[0] = num >> 8; | ||
| 819 | out[1] = num & 0xff; | ||
| 820 | return 1; | ||
| 821 | } | ||
| 822 | |||
| 823 | |||
| 824 | int X509V3_NAME_from_section(X509_NAME *nm, STACK_OF(CONF_VALUE)*dn_sk, | ||
| 825 | unsigned long chtype) | ||
| 826 | { | ||
| 827 | CONF_VALUE *v; | ||
| 828 | int i, mval; | ||
| 829 | char *p, *type; | ||
| 830 | if (!nm) | ||
| 831 | return 0; | ||
| 832 | |||
| 833 | for (i = 0; i < sk_CONF_VALUE_num(dn_sk); i++) | ||
| 834 | { | ||
| 835 | v=sk_CONF_VALUE_value(dn_sk,i); | ||
| 836 | type=v->name; | ||
| 837 | /* Skip past any leading X. X: X, etc to allow for | ||
| 838 | * multiple instances | ||
| 839 | */ | ||
| 840 | for(p = type; *p ; p++) | ||
| 841 | #ifndef CHARSET_EBCDIC | ||
| 842 | if ((*p == ':') || (*p == ',') || (*p == '.')) | ||
| 843 | #else | ||
| 844 | if ((*p == os_toascii[':']) || (*p == os_toascii[',']) || (*p == os_toascii['.'])) | ||
| 845 | #endif | ||
| 846 | { | ||
| 847 | p++; | ||
| 848 | if(*p) type = p; | ||
| 849 | break; | ||
| 850 | } | ||
| 851 | #ifndef CHARSET_EBCDIC | ||
| 852 | if (*type == '+') | ||
| 853 | #else | ||
| 854 | if (*type == os_toascii['+']) | ||
| 855 | #endif | ||
| 856 | { | ||
| 857 | mval = -1; | ||
| 858 | type++; | ||
| 859 | } | ||
| 860 | else | ||
| 861 | mval = 0; | ||
| 862 | if (!X509_NAME_add_entry_by_txt(nm,type, chtype, | ||
| 863 | (unsigned char *) v->value,-1,-1,mval)) | ||
| 864 | return 0; | ||
| 865 | |||
| 866 | } | ||
| 867 | return 1; | ||
| 868 | } | ||
diff --git a/src/lib/libssl/src/crypto/x509v3/v3err.c b/src/lib/libssl/src/crypto/x509v3/v3err.c index e1edaf5248..d538ad8b80 100644 --- a/src/lib/libssl/src/crypto/x509v3/v3err.c +++ b/src/lib/libssl/src/crypto/x509v3/v3err.c | |||
| @@ -70,10 +70,15 @@ | |||
| 70 | 70 | ||
| 71 | static ERR_STRING_DATA X509V3_str_functs[]= | 71 | static ERR_STRING_DATA X509V3_str_functs[]= |
| 72 | { | 72 | { |
| 73 | {ERR_FUNC(X509V3_F_ASIDENTIFIERCHOICE_CANONIZE), "ASIDENTIFIERCHOICE_CANONIZE"}, | ||
| 74 | {ERR_FUNC(X509V3_F_ASIDENTIFIERCHOICE_IS_CANONICAL), "ASIDENTIFIERCHOICE_IS_CANONICAL"}, | ||
| 73 | {ERR_FUNC(X509V3_F_COPY_EMAIL), "COPY_EMAIL"}, | 75 | {ERR_FUNC(X509V3_F_COPY_EMAIL), "COPY_EMAIL"}, |
| 74 | {ERR_FUNC(X509V3_F_COPY_ISSUER), "COPY_ISSUER"}, | 76 | {ERR_FUNC(X509V3_F_COPY_ISSUER), "COPY_ISSUER"}, |
| 77 | {ERR_FUNC(X509V3_F_DO_DIRNAME), "DO_DIRNAME"}, | ||
| 75 | {ERR_FUNC(X509V3_F_DO_EXT_CONF), "DO_EXT_CONF"}, | 78 | {ERR_FUNC(X509V3_F_DO_EXT_CONF), "DO_EXT_CONF"}, |
| 76 | {ERR_FUNC(X509V3_F_DO_EXT_I2D), "DO_EXT_I2D"}, | 79 | {ERR_FUNC(X509V3_F_DO_EXT_I2D), "DO_EXT_I2D"}, |
| 80 | {ERR_FUNC(X509V3_F_DO_EXT_NCONF), "DO_EXT_NCONF"}, | ||
| 81 | {ERR_FUNC(X509V3_F_DO_I2V_NAME_CONSTRAINTS), "DO_I2V_NAME_CONSTRAINTS"}, | ||
| 77 | {ERR_FUNC(X509V3_F_HEX_TO_STRING), "hex_to_string"}, | 82 | {ERR_FUNC(X509V3_F_HEX_TO_STRING), "hex_to_string"}, |
| 78 | {ERR_FUNC(X509V3_F_I2S_ASN1_ENUMERATED), "i2s_ASN1_ENUMERATED"}, | 83 | {ERR_FUNC(X509V3_F_I2S_ASN1_ENUMERATED), "i2s_ASN1_ENUMERATED"}, |
| 79 | {ERR_FUNC(X509V3_F_I2S_ASN1_IA5STRING), "I2S_ASN1_IA5STRING"}, | 84 | {ERR_FUNC(X509V3_F_I2S_ASN1_IA5STRING), "I2S_ASN1_IA5STRING"}, |
| @@ -82,34 +87,46 @@ static ERR_STRING_DATA X509V3_str_functs[]= | |||
| 82 | {ERR_FUNC(X509V3_F_NOTICE_SECTION), "NOTICE_SECTION"}, | 87 | {ERR_FUNC(X509V3_F_NOTICE_SECTION), "NOTICE_SECTION"}, |
| 83 | {ERR_FUNC(X509V3_F_NREF_NOS), "NREF_NOS"}, | 88 | {ERR_FUNC(X509V3_F_NREF_NOS), "NREF_NOS"}, |
| 84 | {ERR_FUNC(X509V3_F_POLICY_SECTION), "POLICY_SECTION"}, | 89 | {ERR_FUNC(X509V3_F_POLICY_SECTION), "POLICY_SECTION"}, |
| 90 | {ERR_FUNC(X509V3_F_PROCESS_PCI_VALUE), "PROCESS_PCI_VALUE"}, | ||
| 85 | {ERR_FUNC(X509V3_F_R2I_CERTPOL), "R2I_CERTPOL"}, | 91 | {ERR_FUNC(X509V3_F_R2I_CERTPOL), "R2I_CERTPOL"}, |
| 86 | {ERR_FUNC(X509V3_F_R2I_PCI), "R2I_PCI"}, | 92 | {ERR_FUNC(X509V3_F_R2I_PCI), "R2I_PCI"}, |
| 87 | {ERR_FUNC(X509V3_F_S2I_ASN1_IA5STRING), "S2I_ASN1_IA5STRING"}, | 93 | {ERR_FUNC(X509V3_F_S2I_ASN1_IA5STRING), "S2I_ASN1_IA5STRING"}, |
| 88 | {ERR_FUNC(X509V3_F_S2I_ASN1_INTEGER), "s2i_ASN1_INTEGER"}, | 94 | {ERR_FUNC(X509V3_F_S2I_ASN1_INTEGER), "s2i_ASN1_INTEGER"}, |
| 89 | {ERR_FUNC(X509V3_F_S2I_ASN1_OCTET_STRING), "s2i_ASN1_OCTET_STRING"}, | 95 | {ERR_FUNC(X509V3_F_S2I_ASN1_OCTET_STRING), "s2i_ASN1_OCTET_STRING"}, |
| 90 | {ERR_FUNC(X509V3_F_S2I_ASN1_SKEY_ID), "S2I_ASN1_SKEY_ID"}, | 96 | {ERR_FUNC(X509V3_F_S2I_ASN1_SKEY_ID), "S2I_ASN1_SKEY_ID"}, |
| 91 | {ERR_FUNC(X509V3_F_S2I_S2I_SKEY_ID), "S2I_S2I_SKEY_ID"}, | 97 | {ERR_FUNC(X509V3_F_S2I_SKEY_ID), "S2I_SKEY_ID"}, |
| 92 | {ERR_FUNC(X509V3_F_STRING_TO_HEX), "string_to_hex"}, | 98 | {ERR_FUNC(X509V3_F_STRING_TO_HEX), "string_to_hex"}, |
| 93 | {ERR_FUNC(X509V3_F_SXNET_ADD_ASC), "SXNET_ADD_ASC"}, | 99 | {ERR_FUNC(X509V3_F_SXNET_ADD_ID_ASC), "SXNET_add_id_asc"}, |
| 94 | {ERR_FUNC(X509V3_F_SXNET_ADD_ID_INTEGER), "SXNET_add_id_INTEGER"}, | 100 | {ERR_FUNC(X509V3_F_SXNET_ADD_ID_INTEGER), "SXNET_add_id_INTEGER"}, |
| 95 | {ERR_FUNC(X509V3_F_SXNET_ADD_ID_ULONG), "SXNET_add_id_ulong"}, | 101 | {ERR_FUNC(X509V3_F_SXNET_ADD_ID_ULONG), "SXNET_add_id_ulong"}, |
| 96 | {ERR_FUNC(X509V3_F_SXNET_GET_ID_ASC), "SXNET_get_id_asc"}, | 102 | {ERR_FUNC(X509V3_F_SXNET_GET_ID_ASC), "SXNET_get_id_asc"}, |
| 97 | {ERR_FUNC(X509V3_F_SXNET_GET_ID_ULONG), "SXNET_get_id_ulong"}, | 103 | {ERR_FUNC(X509V3_F_SXNET_GET_ID_ULONG), "SXNET_get_id_ulong"}, |
| 98 | {ERR_FUNC(X509V3_F_V2I_ACCESS_DESCRIPTION), "V2I_ACCESS_DESCRIPTION"}, | 104 | {ERR_FUNC(X509V3_F_V2I_ASIDENTIFIERS), "V2I_ASIDENTIFIERS"}, |
| 99 | {ERR_FUNC(X509V3_F_V2I_ASN1_BIT_STRING), "V2I_ASN1_BIT_STRING"}, | 105 | {ERR_FUNC(X509V3_F_V2I_ASN1_BIT_STRING), "v2i_ASN1_BIT_STRING"}, |
| 106 | {ERR_FUNC(X509V3_F_V2I_AUTHORITY_INFO_ACCESS), "V2I_AUTHORITY_INFO_ACCESS"}, | ||
| 100 | {ERR_FUNC(X509V3_F_V2I_AUTHORITY_KEYID), "V2I_AUTHORITY_KEYID"}, | 107 | {ERR_FUNC(X509V3_F_V2I_AUTHORITY_KEYID), "V2I_AUTHORITY_KEYID"}, |
| 101 | {ERR_FUNC(X509V3_F_V2I_BASIC_CONSTRAINTS), "V2I_BASIC_CONSTRAINTS"}, | 108 | {ERR_FUNC(X509V3_F_V2I_BASIC_CONSTRAINTS), "V2I_BASIC_CONSTRAINTS"}, |
| 102 | {ERR_FUNC(X509V3_F_V2I_CRLD), "V2I_CRLD"}, | 109 | {ERR_FUNC(X509V3_F_V2I_CRLD), "V2I_CRLD"}, |
| 103 | {ERR_FUNC(X509V3_F_V2I_EXT_KU), "V2I_EXT_KU"}, | 110 | {ERR_FUNC(X509V3_F_V2I_EXTENDED_KEY_USAGE), "V2I_EXTENDED_KEY_USAGE"}, |
| 104 | {ERR_FUNC(X509V3_F_V2I_GENERAL_NAME), "v2i_GENERAL_NAME"}, | ||
| 105 | {ERR_FUNC(X509V3_F_V2I_GENERAL_NAMES), "v2i_GENERAL_NAMES"}, | 111 | {ERR_FUNC(X509V3_F_V2I_GENERAL_NAMES), "v2i_GENERAL_NAMES"}, |
| 112 | {ERR_FUNC(X509V3_F_V2I_GENERAL_NAME_EX), "v2i_GENERAL_NAME_ex"}, | ||
| 113 | {ERR_FUNC(X509V3_F_V2I_IPADDRBLOCKS), "V2I_IPADDRBLOCKS"}, | ||
| 114 | {ERR_FUNC(X509V3_F_V2I_ISSUER_ALT), "V2I_ISSUER_ALT"}, | ||
| 115 | {ERR_FUNC(X509V3_F_V2I_NAME_CONSTRAINTS), "V2I_NAME_CONSTRAINTS"}, | ||
| 116 | {ERR_FUNC(X509V3_F_V2I_POLICY_CONSTRAINTS), "V2I_POLICY_CONSTRAINTS"}, | ||
| 117 | {ERR_FUNC(X509V3_F_V2I_POLICY_MAPPINGS), "V2I_POLICY_MAPPINGS"}, | ||
| 118 | {ERR_FUNC(X509V3_F_V2I_SUBJECT_ALT), "V2I_SUBJECT_ALT"}, | ||
| 119 | {ERR_FUNC(X509V3_F_V3_ADDR_VALIDATE_PATH_INTERNAL), "V3_ADDR_VALIDATE_PATH_INTERNAL"}, | ||
| 106 | {ERR_FUNC(X509V3_F_V3_GENERIC_EXTENSION), "V3_GENERIC_EXTENSION"}, | 120 | {ERR_FUNC(X509V3_F_V3_GENERIC_EXTENSION), "V3_GENERIC_EXTENSION"}, |
| 107 | {ERR_FUNC(X509V3_F_X509V3_ADD_I2D), "X509V3_ADD_I2D"}, | 121 | {ERR_FUNC(X509V3_F_X509V3_ADD1_I2D), "X509V3_add1_i2d"}, |
| 108 | {ERR_FUNC(X509V3_F_X509V3_ADD_VALUE), "X509V3_add_value"}, | 122 | {ERR_FUNC(X509V3_F_X509V3_ADD_VALUE), "X509V3_add_value"}, |
| 109 | {ERR_FUNC(X509V3_F_X509V3_EXT_ADD), "X509V3_EXT_add"}, | 123 | {ERR_FUNC(X509V3_F_X509V3_EXT_ADD), "X509V3_EXT_add"}, |
| 110 | {ERR_FUNC(X509V3_F_X509V3_EXT_ADD_ALIAS), "X509V3_EXT_add_alias"}, | 124 | {ERR_FUNC(X509V3_F_X509V3_EXT_ADD_ALIAS), "X509V3_EXT_add_alias"}, |
| 111 | {ERR_FUNC(X509V3_F_X509V3_EXT_CONF), "X509V3_EXT_conf"}, | 125 | {ERR_FUNC(X509V3_F_X509V3_EXT_CONF), "X509V3_EXT_conf"}, |
| 112 | {ERR_FUNC(X509V3_F_X509V3_EXT_I2D), "X509V3_EXT_i2d"}, | 126 | {ERR_FUNC(X509V3_F_X509V3_EXT_I2D), "X509V3_EXT_i2d"}, |
| 127 | {ERR_FUNC(X509V3_F_X509V3_EXT_NCONF), "X509V3_EXT_nconf"}, | ||
| 128 | {ERR_FUNC(X509V3_F_X509V3_GET_SECTION), "X509V3_get_section"}, | ||
| 129 | {ERR_FUNC(X509V3_F_X509V3_GET_STRING), "X509V3_get_string"}, | ||
| 113 | {ERR_FUNC(X509V3_F_X509V3_GET_VALUE_BOOL), "X509V3_get_value_bool"}, | 130 | {ERR_FUNC(X509V3_F_X509V3_GET_VALUE_BOOL), "X509V3_get_value_bool"}, |
| 114 | {ERR_FUNC(X509V3_F_X509V3_PARSE_LIST), "X509V3_parse_list"}, | 131 | {ERR_FUNC(X509V3_F_X509V3_PARSE_LIST), "X509V3_parse_list"}, |
| 115 | {ERR_FUNC(X509V3_F_X509_PURPOSE_ADD), "X509_PURPOSE_add"}, | 132 | {ERR_FUNC(X509V3_F_X509_PURPOSE_ADD), "X509_PURPOSE_add"}, |
| @@ -123,6 +140,7 @@ static ERR_STRING_DATA X509V3_str_reasons[]= | |||
| 123 | {ERR_REASON(X509V3_R_BAD_OBJECT) ,"bad object"}, | 140 | {ERR_REASON(X509V3_R_BAD_OBJECT) ,"bad object"}, |
| 124 | {ERR_REASON(X509V3_R_BN_DEC2BN_ERROR) ,"bn dec2bn error"}, | 141 | {ERR_REASON(X509V3_R_BN_DEC2BN_ERROR) ,"bn dec2bn error"}, |
| 125 | {ERR_REASON(X509V3_R_BN_TO_ASN1_INTEGER_ERROR),"bn to asn1 integer error"}, | 142 | {ERR_REASON(X509V3_R_BN_TO_ASN1_INTEGER_ERROR),"bn to asn1 integer error"}, |
| 143 | {ERR_REASON(X509V3_R_DIRNAME_ERROR) ,"dirname error"}, | ||
| 126 | {ERR_REASON(X509V3_R_DUPLICATE_ZONE_ID) ,"duplicate zone id"}, | 144 | {ERR_REASON(X509V3_R_DUPLICATE_ZONE_ID) ,"duplicate zone id"}, |
| 127 | {ERR_REASON(X509V3_R_ERROR_CONVERTING_ZONE),"error converting zone"}, | 145 | {ERR_REASON(X509V3_R_ERROR_CONVERTING_ZONE),"error converting zone"}, |
| 128 | {ERR_REASON(X509V3_R_ERROR_CREATING_EXTENSION),"error creating extension"}, | 146 | {ERR_REASON(X509V3_R_ERROR_CREATING_EXTENSION),"error creating extension"}, |
| @@ -133,10 +151,15 @@ static ERR_STRING_DATA X509V3_str_reasons[]= | |||
| 133 | {ERR_REASON(X509V3_R_EXTENSION_NOT_FOUND),"extension not found"}, | 151 | {ERR_REASON(X509V3_R_EXTENSION_NOT_FOUND),"extension not found"}, |
| 134 | {ERR_REASON(X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED),"extension setting not supported"}, | 152 | {ERR_REASON(X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED),"extension setting not supported"}, |
| 135 | {ERR_REASON(X509V3_R_EXTENSION_VALUE_ERROR),"extension value error"}, | 153 | {ERR_REASON(X509V3_R_EXTENSION_VALUE_ERROR),"extension value error"}, |
| 154 | {ERR_REASON(X509V3_R_ILLEGAL_EMPTY_EXTENSION),"illegal empty extension"}, | ||
| 136 | {ERR_REASON(X509V3_R_ILLEGAL_HEX_DIGIT) ,"illegal hex digit"}, | 155 | {ERR_REASON(X509V3_R_ILLEGAL_HEX_DIGIT) ,"illegal hex digit"}, |
| 137 | {ERR_REASON(X509V3_R_INCORRECT_POLICY_SYNTAX_TAG),"incorrect policy syntax tag"}, | 156 | {ERR_REASON(X509V3_R_INCORRECT_POLICY_SYNTAX_TAG),"incorrect policy syntax tag"}, |
| 157 | {ERR_REASON(X509V3_R_INVALID_ASNUMBER) ,"invalid asnumber"}, | ||
| 158 | {ERR_REASON(X509V3_R_INVALID_ASRANGE) ,"invalid asrange"}, | ||
| 138 | {ERR_REASON(X509V3_R_INVALID_BOOLEAN_STRING),"invalid boolean string"}, | 159 | {ERR_REASON(X509V3_R_INVALID_BOOLEAN_STRING),"invalid boolean string"}, |
| 139 | {ERR_REASON(X509V3_R_INVALID_EXTENSION_STRING),"invalid extension string"}, | 160 | {ERR_REASON(X509V3_R_INVALID_EXTENSION_STRING),"invalid extension string"}, |
| 161 | {ERR_REASON(X509V3_R_INVALID_INHERITANCE),"invalid inheritance"}, | ||
| 162 | {ERR_REASON(X509V3_R_INVALID_IPADDRESS) ,"invalid ipaddress"}, | ||
| 140 | {ERR_REASON(X509V3_R_INVALID_NAME) ,"invalid name"}, | 163 | {ERR_REASON(X509V3_R_INVALID_NAME) ,"invalid name"}, |
| 141 | {ERR_REASON(X509V3_R_INVALID_NULL_ARGUMENT),"invalid null argument"}, | 164 | {ERR_REASON(X509V3_R_INVALID_NULL_ARGUMENT),"invalid null argument"}, |
| 142 | {ERR_REASON(X509V3_R_INVALID_NULL_NAME) ,"invalid null name"}, | 165 | {ERR_REASON(X509V3_R_INVALID_NULL_NAME) ,"invalid null name"}, |
| @@ -146,9 +169,9 @@ static ERR_STRING_DATA X509V3_str_reasons[]= | |||
| 146 | {ERR_REASON(X509V3_R_INVALID_OBJECT_IDENTIFIER),"invalid object identifier"}, | 169 | {ERR_REASON(X509V3_R_INVALID_OBJECT_IDENTIFIER),"invalid object identifier"}, |
| 147 | {ERR_REASON(X509V3_R_INVALID_OPTION) ,"invalid option"}, | 170 | {ERR_REASON(X509V3_R_INVALID_OPTION) ,"invalid option"}, |
| 148 | {ERR_REASON(X509V3_R_INVALID_POLICY_IDENTIFIER),"invalid policy identifier"}, | 171 | {ERR_REASON(X509V3_R_INVALID_POLICY_IDENTIFIER),"invalid policy identifier"}, |
| 149 | {ERR_REASON(X509V3_R_INVALID_PROXY_POLICY_IDENTIFIER),"invalid proxy policy identifier"}, | ||
| 150 | {ERR_REASON(X509V3_R_INVALID_PROXY_POLICY_SETTING),"invalid proxy policy setting"}, | 172 | {ERR_REASON(X509V3_R_INVALID_PROXY_POLICY_SETTING),"invalid proxy policy setting"}, |
| 151 | {ERR_REASON(X509V3_R_INVALID_PURPOSE) ,"invalid purpose"}, | 173 | {ERR_REASON(X509V3_R_INVALID_PURPOSE) ,"invalid purpose"}, |
| 174 | {ERR_REASON(X509V3_R_INVALID_SAFI) ,"invalid safi"}, | ||
| 152 | {ERR_REASON(X509V3_R_INVALID_SECTION) ,"invalid section"}, | 175 | {ERR_REASON(X509V3_R_INVALID_SECTION) ,"invalid section"}, |
| 153 | {ERR_REASON(X509V3_R_INVALID_SYNTAX) ,"invalid syntax"}, | 176 | {ERR_REASON(X509V3_R_INVALID_SYNTAX) ,"invalid syntax"}, |
| 154 | {ERR_REASON(X509V3_R_ISSUER_DECODE_ERROR),"issuer decode error"}, | 177 | {ERR_REASON(X509V3_R_ISSUER_DECODE_ERROR),"issuer decode error"}, |
| @@ -162,12 +185,14 @@ static ERR_STRING_DATA X509V3_str_reasons[]= | |||
| 162 | {ERR_REASON(X509V3_R_NO_PUBLIC_KEY) ,"no public key"}, | 185 | {ERR_REASON(X509V3_R_NO_PUBLIC_KEY) ,"no public key"}, |
| 163 | {ERR_REASON(X509V3_R_NO_SUBJECT_DETAILS) ,"no subject details"}, | 186 | {ERR_REASON(X509V3_R_NO_SUBJECT_DETAILS) ,"no subject details"}, |
| 164 | {ERR_REASON(X509V3_R_ODD_NUMBER_OF_DIGITS),"odd number of digits"}, | 187 | {ERR_REASON(X509V3_R_ODD_NUMBER_OF_DIGITS),"odd number of digits"}, |
| 188 | {ERR_REASON(X509V3_R_OPERATION_NOT_DEFINED),"operation not defined"}, | ||
| 189 | {ERR_REASON(X509V3_R_OTHERNAME_ERROR) ,"othername error"}, | ||
| 165 | {ERR_REASON(X509V3_R_POLICY_LANGUAGE_ALREADTY_DEFINED),"policy language alreadty defined"}, | 190 | {ERR_REASON(X509V3_R_POLICY_LANGUAGE_ALREADTY_DEFINED),"policy language alreadty defined"}, |
| 166 | {ERR_REASON(X509V3_R_POLICY_PATH_LENGTH) ,"policy path length"}, | 191 | {ERR_REASON(X509V3_R_POLICY_PATH_LENGTH) ,"policy path length"}, |
| 167 | {ERR_REASON(X509V3_R_POLICY_PATH_LENGTH_ALREADTY_DEFINED),"policy path length alreadty defined"}, | 192 | {ERR_REASON(X509V3_R_POLICY_PATH_LENGTH_ALREADTY_DEFINED),"policy path length alreadty defined"}, |
| 168 | {ERR_REASON(X509V3_R_POLICY_SYNTAX_NOT) ,"policy syntax not"}, | ||
| 169 | {ERR_REASON(X509V3_R_POLICY_SYNTAX_NOT_CURRENTLY_SUPPORTED),"policy syntax not currently supported"}, | 193 | {ERR_REASON(X509V3_R_POLICY_SYNTAX_NOT_CURRENTLY_SUPPORTED),"policy syntax not currently supported"}, |
| 170 | {ERR_REASON(X509V3_R_POLICY_WHEN_PROXY_LANGUAGE_REQUIRES_NO_POLICY),"policy when proxy language requires no policy"}, | 194 | {ERR_REASON(X509V3_R_POLICY_WHEN_PROXY_LANGUAGE_REQUIRES_NO_POLICY),"policy when proxy language requires no policy"}, |
| 195 | {ERR_REASON(X509V3_R_SECTION_NOT_FOUND) ,"section not found"}, | ||
| 171 | {ERR_REASON(X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS),"unable to get issuer details"}, | 196 | {ERR_REASON(X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS),"unable to get issuer details"}, |
| 172 | {ERR_REASON(X509V3_R_UNABLE_TO_GET_ISSUER_KEYID),"unable to get issuer keyid"}, | 197 | {ERR_REASON(X509V3_R_UNABLE_TO_GET_ISSUER_KEYID),"unable to get issuer keyid"}, |
| 173 | {ERR_REASON(X509V3_R_UNKNOWN_BIT_STRING_ARGUMENT),"unknown bit string argument"}, | 198 | {ERR_REASON(X509V3_R_UNKNOWN_BIT_STRING_ARGUMENT),"unknown bit string argument"}, |
| @@ -183,15 +208,12 @@ static ERR_STRING_DATA X509V3_str_reasons[]= | |||
| 183 | 208 | ||
| 184 | void ERR_load_X509V3_strings(void) | 209 | void ERR_load_X509V3_strings(void) |
| 185 | { | 210 | { |
| 186 | static int init=1; | 211 | #ifndef OPENSSL_NO_ERR |
| 187 | 212 | ||
| 188 | if (init) | 213 | if (ERR_func_error_string(X509V3_str_functs[0].error) == NULL) |
| 189 | { | 214 | { |
| 190 | init=0; | ||
| 191 | #ifndef OPENSSL_NO_ERR | ||
| 192 | ERR_load_strings(0,X509V3_str_functs); | 215 | ERR_load_strings(0,X509V3_str_functs); |
| 193 | ERR_load_strings(0,X509V3_str_reasons); | 216 | ERR_load_strings(0,X509V3_str_reasons); |
| 194 | #endif | ||
| 195 | |||
| 196 | } | 217 | } |
| 218 | #endif | ||
| 197 | } | 219 | } |
diff --git a/src/lib/libssl/src/crypto/x509v3/x509v3.h b/src/lib/libssl/src/crypto/x509v3/x509v3.h index e6d91251c2..db2b0482c1 100644 --- a/src/lib/libssl/src/crypto/x509v3/x509v3.h +++ b/src/lib/libssl/src/crypto/x509v3/x509v3.h | |||
| @@ -3,7 +3,7 @@ | |||
| 3 | * project 1999. | 3 | * project 1999. |
| 4 | */ | 4 | */ |
| 5 | /* ==================================================================== | 5 | /* ==================================================================== |
| 6 | * Copyright (c) 1999 The OpenSSL Project. All rights reserved. | 6 | * Copyright (c) 1999-2004 The OpenSSL Project. All rights reserved. |
| 7 | * | 7 | * |
| 8 | * Redistribution and use in source and binary forms, with or without | 8 | * Redistribution and use in source and binary forms, with or without |
| 9 | * modification, are permitted provided that the following conditions | 9 | * modification, are permitted provided that the following conditions |
| @@ -74,14 +74,14 @@ struct v3_ext_ctx; | |||
| 74 | 74 | ||
| 75 | typedef void * (*X509V3_EXT_NEW)(void); | 75 | typedef void * (*X509V3_EXT_NEW)(void); |
| 76 | typedef void (*X509V3_EXT_FREE)(void *); | 76 | typedef void (*X509V3_EXT_FREE)(void *); |
| 77 | typedef void * (*X509V3_EXT_D2I)(void *, unsigned char ** , long); | 77 | typedef void * (*X509V3_EXT_D2I)(void *, const unsigned char ** , long); |
| 78 | typedef int (*X509V3_EXT_I2D)(void *, unsigned char **); | 78 | typedef int (*X509V3_EXT_I2D)(void *, unsigned char **); |
| 79 | typedef STACK_OF(CONF_VALUE) * (*X509V3_EXT_I2V)(struct v3_ext_method *method, void *ext, STACK_OF(CONF_VALUE) *extlist); | 79 | typedef STACK_OF(CONF_VALUE) * (*X509V3_EXT_I2V)(struct v3_ext_method *method, void *ext, STACK_OF(CONF_VALUE) *extlist); |
| 80 | typedef void * (*X509V3_EXT_V2I)(struct v3_ext_method *method, struct v3_ext_ctx *ctx, STACK_OF(CONF_VALUE) *values); | 80 | typedef void * (*X509V3_EXT_V2I)(struct v3_ext_method *method, struct v3_ext_ctx *ctx, STACK_OF(CONF_VALUE) *values); |
| 81 | typedef char * (*X509V3_EXT_I2S)(struct v3_ext_method *method, void *ext); | 81 | typedef char * (*X509V3_EXT_I2S)(struct v3_ext_method *method, void *ext); |
| 82 | typedef void * (*X509V3_EXT_S2I)(struct v3_ext_method *method, struct v3_ext_ctx *ctx, char *str); | 82 | typedef void * (*X509V3_EXT_S2I)(struct v3_ext_method *method, struct v3_ext_ctx *ctx, const char *str); |
| 83 | typedef int (*X509V3_EXT_I2R)(struct v3_ext_method *method, void *ext, BIO *out, int indent); | 83 | typedef int (*X509V3_EXT_I2R)(struct v3_ext_method *method, void *ext, BIO *out, int indent); |
| 84 | typedef void * (*X509V3_EXT_R2I)(struct v3_ext_method *method, struct v3_ext_ctx *ctx, char *str); | 84 | typedef void * (*X509V3_EXT_R2I)(struct v3_ext_method *method, struct v3_ext_ctx *ctx, const char *str); |
| 85 | 85 | ||
| 86 | /* V3 extension structure */ | 86 | /* V3 extension structure */ |
| 87 | 87 | ||
| @@ -132,7 +132,6 @@ void *db; | |||
| 132 | }; | 132 | }; |
| 133 | 133 | ||
| 134 | typedef struct v3_ext_method X509V3_EXT_METHOD; | 134 | typedef struct v3_ext_method X509V3_EXT_METHOD; |
| 135 | typedef struct v3_ext_ctx X509V3_CTX; | ||
| 136 | 135 | ||
| 137 | DECLARE_STACK_OF(X509V3_EXT_METHOD) | 136 | DECLARE_STACK_OF(X509V3_EXT_METHOD) |
| 138 | 137 | ||
| @@ -287,6 +286,33 @@ typedef STACK_OF(POLICYINFO) CERTIFICATEPOLICIES; | |||
| 287 | DECLARE_STACK_OF(POLICYINFO) | 286 | DECLARE_STACK_OF(POLICYINFO) |
| 288 | DECLARE_ASN1_SET_OF(POLICYINFO) | 287 | DECLARE_ASN1_SET_OF(POLICYINFO) |
| 289 | 288 | ||
| 289 | typedef struct POLICY_MAPPING_st { | ||
| 290 | ASN1_OBJECT *issuerDomainPolicy; | ||
| 291 | ASN1_OBJECT *subjectDomainPolicy; | ||
| 292 | } POLICY_MAPPING; | ||
| 293 | |||
| 294 | DECLARE_STACK_OF(POLICY_MAPPING) | ||
| 295 | |||
| 296 | typedef STACK_OF(POLICY_MAPPING) POLICY_MAPPINGS; | ||
| 297 | |||
| 298 | typedef struct GENERAL_SUBTREE_st { | ||
| 299 | GENERAL_NAME *base; | ||
| 300 | ASN1_INTEGER *minimum; | ||
| 301 | ASN1_INTEGER *maximum; | ||
| 302 | } GENERAL_SUBTREE; | ||
| 303 | |||
| 304 | DECLARE_STACK_OF(GENERAL_SUBTREE) | ||
| 305 | |||
| 306 | typedef struct NAME_CONSTRAINTS_st { | ||
| 307 | STACK_OF(GENERAL_SUBTREE) *permittedSubtrees; | ||
| 308 | STACK_OF(GENERAL_SUBTREE) *excludedSubtrees; | ||
| 309 | } NAME_CONSTRAINTS; | ||
| 310 | |||
| 311 | typedef struct POLICY_CONSTRAINTS_st { | ||
| 312 | ASN1_INTEGER *requireExplicitPolicy; | ||
| 313 | ASN1_INTEGER *inhibitPolicyMapping; | ||
| 314 | } POLICY_CONSTRAINTS; | ||
| 315 | |||
| 290 | /* Proxy certificate structures, see RFC 3820 */ | 316 | /* Proxy certificate structures, see RFC 3820 */ |
| 291 | typedef struct PROXY_POLICY_st | 317 | typedef struct PROXY_POLICY_st |
| 292 | { | 318 | { |
| @@ -344,6 +370,8 @@ DECLARE_ASN1_FUNCTIONS(PROXY_CERT_INFO_EXTENSION) | |||
| 344 | #define EXFLAG_CRITICAL 0x200 | 370 | #define EXFLAG_CRITICAL 0x200 |
| 345 | #define EXFLAG_PROXY 0x400 | 371 | #define EXFLAG_PROXY 0x400 |
| 346 | 372 | ||
| 373 | #define EXFLAG_INVALID_POLICY 0x400 | ||
| 374 | |||
| 347 | #define KU_DIGITAL_SIGNATURE 0x0080 | 375 | #define KU_DIGITAL_SIGNATURE 0x0080 |
| 348 | #define KU_NON_REPUDIATION 0x0040 | 376 | #define KU_NON_REPUDIATION 0x0040 |
| 349 | #define KU_KEY_ENCIPHERMENT 0x0020 | 377 | #define KU_KEY_ENCIPHERMENT 0x0020 |
| @@ -442,6 +470,13 @@ DECLARE_ASN1_FUNCTIONS(PKEY_USAGE_PERIOD) | |||
| 442 | 470 | ||
| 443 | DECLARE_ASN1_FUNCTIONS(GENERAL_NAME) | 471 | DECLARE_ASN1_FUNCTIONS(GENERAL_NAME) |
| 444 | 472 | ||
| 473 | |||
| 474 | ASN1_BIT_STRING *v2i_ASN1_BIT_STRING(X509V3_EXT_METHOD *method, | ||
| 475 | X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval); | ||
| 476 | STACK_OF(CONF_VALUE) *i2v_ASN1_BIT_STRING(X509V3_EXT_METHOD *method, | ||
| 477 | ASN1_BIT_STRING *bits, | ||
| 478 | STACK_OF(CONF_VALUE) *extlist); | ||
| 479 | |||
| 445 | STACK_OF(CONF_VALUE) *i2v_GENERAL_NAME(X509V3_EXT_METHOD *method, GENERAL_NAME *gen, STACK_OF(CONF_VALUE) *ret); | 480 | STACK_OF(CONF_VALUE) *i2v_GENERAL_NAME(X509V3_EXT_METHOD *method, GENERAL_NAME *gen, STACK_OF(CONF_VALUE) *ret); |
| 446 | int GENERAL_NAME_print(BIO *out, GENERAL_NAME *gen); | 481 | int GENERAL_NAME_print(BIO *out, GENERAL_NAME *gen); |
| 447 | 482 | ||
| @@ -474,8 +509,24 @@ DECLARE_ASN1_FUNCTIONS(DIST_POINT_NAME) | |||
| 474 | DECLARE_ASN1_FUNCTIONS(ACCESS_DESCRIPTION) | 509 | DECLARE_ASN1_FUNCTIONS(ACCESS_DESCRIPTION) |
| 475 | DECLARE_ASN1_FUNCTIONS(AUTHORITY_INFO_ACCESS) | 510 | DECLARE_ASN1_FUNCTIONS(AUTHORITY_INFO_ACCESS) |
| 476 | 511 | ||
| 512 | DECLARE_ASN1_ITEM(POLICY_MAPPING) | ||
| 513 | DECLARE_ASN1_ALLOC_FUNCTIONS(POLICY_MAPPING) | ||
| 514 | DECLARE_ASN1_ITEM(POLICY_MAPPINGS) | ||
| 515 | |||
| 516 | DECLARE_ASN1_ITEM(GENERAL_SUBTREE) | ||
| 517 | DECLARE_ASN1_ALLOC_FUNCTIONS(GENERAL_SUBTREE) | ||
| 518 | |||
| 519 | DECLARE_ASN1_ITEM(NAME_CONSTRAINTS) | ||
| 520 | DECLARE_ASN1_ALLOC_FUNCTIONS(NAME_CONSTRAINTS) | ||
| 521 | |||
| 522 | DECLARE_ASN1_ALLOC_FUNCTIONS(POLICY_CONSTRAINTS) | ||
| 523 | DECLARE_ASN1_ITEM(POLICY_CONSTRAINTS) | ||
| 524 | |||
| 477 | #ifdef HEADER_CONF_H | 525 | #ifdef HEADER_CONF_H |
| 478 | GENERAL_NAME *v2i_GENERAL_NAME(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, CONF_VALUE *cnf); | 526 | GENERAL_NAME *v2i_GENERAL_NAME(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, |
| 527 | CONF_VALUE *cnf); | ||
| 528 | GENERAL_NAME *v2i_GENERAL_NAME_ex(GENERAL_NAME *out, X509V3_EXT_METHOD *method, | ||
| 529 | X509V3_CTX *ctx, CONF_VALUE *cnf, int is_nc); | ||
| 479 | void X509V3_conf_free(CONF_VALUE *val); | 530 | void X509V3_conf_free(CONF_VALUE *val); |
| 480 | 531 | ||
| 481 | X509_EXTENSION *X509V3_EXT_nconf_nid(CONF *conf, X509V3_CTX *ctx, int ext_nid, char *value); | 532 | X509_EXTENSION *X509V3_EXT_nconf_nid(CONF *conf, X509V3_CTX *ctx, int ext_nid, char *value); |
| @@ -566,7 +617,164 @@ int X509_PURPOSE_get_id(X509_PURPOSE *); | |||
| 566 | STACK *X509_get1_email(X509 *x); | 617 | STACK *X509_get1_email(X509 *x); |
| 567 | STACK *X509_REQ_get1_email(X509_REQ *x); | 618 | STACK *X509_REQ_get1_email(X509_REQ *x); |
| 568 | void X509_email_free(STACK *sk); | 619 | void X509_email_free(STACK *sk); |
| 620 | STACK *X509_get1_ocsp(X509 *x); | ||
| 621 | |||
| 622 | ASN1_OCTET_STRING *a2i_IPADDRESS(const char *ipasc); | ||
| 623 | ASN1_OCTET_STRING *a2i_IPADDRESS_NC(const char *ipasc); | ||
| 624 | int a2i_ipadd(unsigned char *ipout, const char *ipasc); | ||
| 625 | int X509V3_NAME_from_section(X509_NAME *nm, STACK_OF(CONF_VALUE)*dn_sk, | ||
| 626 | unsigned long chtype); | ||
| 627 | |||
| 628 | void X509_POLICY_NODE_print(BIO *out, X509_POLICY_NODE *node, int indent); | ||
| 629 | |||
| 630 | #ifndef OPENSSL_NO_RFC3779 | ||
| 631 | |||
| 632 | typedef struct ASRange_st { | ||
| 633 | ASN1_INTEGER *min, *max; | ||
| 634 | } ASRange; | ||
| 635 | |||
| 636 | #define ASIdOrRange_id 0 | ||
| 637 | #define ASIdOrRange_range 1 | ||
| 638 | |||
| 639 | typedef struct ASIdOrRange_st { | ||
| 640 | int type; | ||
| 641 | union { | ||
| 642 | ASN1_INTEGER *id; | ||
| 643 | ASRange *range; | ||
| 644 | } u; | ||
| 645 | } ASIdOrRange; | ||
| 646 | |||
| 647 | typedef STACK_OF(ASIdOrRange) ASIdOrRanges; | ||
| 648 | DECLARE_STACK_OF(ASIdOrRange) | ||
| 649 | |||
| 650 | #define ASIdentifierChoice_inherit 0 | ||
| 651 | #define ASIdentifierChoice_asIdsOrRanges 1 | ||
| 652 | |||
| 653 | typedef struct ASIdentifierChoice_st { | ||
| 654 | int type; | ||
| 655 | union { | ||
| 656 | ASN1_NULL *inherit; | ||
| 657 | ASIdOrRanges *asIdsOrRanges; | ||
| 658 | } u; | ||
| 659 | } ASIdentifierChoice; | ||
| 660 | |||
| 661 | typedef struct ASIdentifiers_st { | ||
| 662 | ASIdentifierChoice *asnum, *rdi; | ||
| 663 | } ASIdentifiers; | ||
| 664 | |||
| 665 | DECLARE_ASN1_FUNCTIONS(ASRange) | ||
| 666 | DECLARE_ASN1_FUNCTIONS(ASIdOrRange) | ||
| 667 | DECLARE_ASN1_FUNCTIONS(ASIdentifierChoice) | ||
| 668 | DECLARE_ASN1_FUNCTIONS(ASIdentifiers) | ||
| 669 | |||
| 670 | |||
| 671 | typedef struct IPAddressRange_st { | ||
| 672 | ASN1_BIT_STRING *min, *max; | ||
| 673 | } IPAddressRange; | ||
| 674 | |||
| 675 | #define IPAddressOrRange_addressPrefix 0 | ||
| 676 | #define IPAddressOrRange_addressRange 1 | ||
| 677 | |||
| 678 | typedef struct IPAddressOrRange_st { | ||
| 679 | int type; | ||
| 680 | union { | ||
| 681 | ASN1_BIT_STRING *addressPrefix; | ||
| 682 | IPAddressRange *addressRange; | ||
| 683 | } u; | ||
| 684 | } IPAddressOrRange; | ||
| 685 | |||
| 686 | typedef STACK_OF(IPAddressOrRange) IPAddressOrRanges; | ||
| 687 | DECLARE_STACK_OF(IPAddressOrRange) | ||
| 688 | |||
| 689 | #define IPAddressChoice_inherit 0 | ||
| 690 | #define IPAddressChoice_addressesOrRanges 1 | ||
| 691 | |||
| 692 | typedef struct IPAddressChoice_st { | ||
| 693 | int type; | ||
| 694 | union { | ||
| 695 | ASN1_NULL *inherit; | ||
| 696 | IPAddressOrRanges *addressesOrRanges; | ||
| 697 | } u; | ||
| 698 | } IPAddressChoice; | ||
| 699 | |||
| 700 | typedef struct IPAddressFamily_st { | ||
| 701 | ASN1_OCTET_STRING *addressFamily; | ||
| 702 | IPAddressChoice *ipAddressChoice; | ||
| 703 | } IPAddressFamily; | ||
| 704 | |||
| 705 | typedef STACK_OF(IPAddressFamily) IPAddrBlocks; | ||
| 706 | DECLARE_STACK_OF(IPAddressFamily) | ||
| 707 | |||
| 708 | DECLARE_ASN1_FUNCTIONS(IPAddressRange) | ||
| 709 | DECLARE_ASN1_FUNCTIONS(IPAddressOrRange) | ||
| 710 | DECLARE_ASN1_FUNCTIONS(IPAddressChoice) | ||
| 711 | DECLARE_ASN1_FUNCTIONS(IPAddressFamily) | ||
| 712 | |||
| 713 | /* | ||
| 714 | * API tag for elements of the ASIdentifer SEQUENCE. | ||
| 715 | */ | ||
| 716 | #define V3_ASID_ASNUM 0 | ||
| 717 | #define V3_ASID_RDI 1 | ||
| 718 | |||
| 719 | /* | ||
| 720 | * AFI values, assigned by IANA. It'd be nice to make the AFI | ||
| 721 | * handling code totally generic, but there are too many little things | ||
| 722 | * that would need to be defined for other address families for it to | ||
| 723 | * be worth the trouble. | ||
| 724 | */ | ||
| 725 | #define IANA_AFI_IPV4 1 | ||
| 726 | #define IANA_AFI_IPV6 2 | ||
| 727 | |||
| 728 | /* | ||
| 729 | * Utilities to construct and extract values from RFC3779 extensions, | ||
| 730 | * since some of the encodings (particularly for IP address prefixes | ||
| 731 | * and ranges) are a bit tedious to work with directly. | ||
| 732 | */ | ||
| 733 | int v3_asid_add_inherit(ASIdentifiers *asid, int which); | ||
| 734 | int v3_asid_add_id_or_range(ASIdentifiers *asid, int which, | ||
| 735 | ASN1_INTEGER *min, ASN1_INTEGER *max); | ||
| 736 | int v3_addr_add_inherit(IPAddrBlocks *addr, | ||
| 737 | const unsigned afi, const unsigned *safi); | ||
| 738 | int v3_addr_add_prefix(IPAddrBlocks *addr, | ||
| 739 | const unsigned afi, const unsigned *safi, | ||
| 740 | unsigned char *a, const int prefixlen); | ||
| 741 | int v3_addr_add_range(IPAddrBlocks *addr, | ||
| 742 | const unsigned afi, const unsigned *safi, | ||
| 743 | unsigned char *min, unsigned char *max); | ||
| 744 | unsigned v3_addr_get_afi(const IPAddressFamily *f); | ||
| 745 | int v3_addr_get_range(IPAddressOrRange *aor, const unsigned afi, | ||
| 746 | unsigned char *min, unsigned char *max, | ||
| 747 | const int length); | ||
| 748 | |||
| 749 | /* | ||
| 750 | * Canonical forms. | ||
| 751 | */ | ||
| 752 | int v3_asid_is_canonical(ASIdentifiers *asid); | ||
| 753 | int v3_addr_is_canonical(IPAddrBlocks *addr); | ||
| 754 | int v3_asid_canonize(ASIdentifiers *asid); | ||
| 755 | int v3_addr_canonize(IPAddrBlocks *addr); | ||
| 756 | |||
| 757 | /* | ||
| 758 | * Tests for inheritance and containment. | ||
| 759 | */ | ||
| 760 | int v3_asid_inherits(ASIdentifiers *asid); | ||
| 761 | int v3_addr_inherits(IPAddrBlocks *addr); | ||
| 762 | int v3_asid_subset(ASIdentifiers *a, ASIdentifiers *b); | ||
| 763 | int v3_addr_subset(IPAddrBlocks *a, IPAddrBlocks *b); | ||
| 764 | |||
| 765 | /* | ||
| 766 | * Check whether RFC 3779 extensions nest properly in chains. | ||
| 767 | */ | ||
| 768 | int v3_asid_validate_path(X509_STORE_CTX *); | ||
| 769 | int v3_addr_validate_path(X509_STORE_CTX *); | ||
| 770 | int v3_asid_validate_resource_set(STACK_OF(X509) *chain, | ||
| 771 | ASIdentifiers *ext, | ||
| 772 | int allow_inheritance); | ||
| 773 | int v3_addr_validate_resource_set(STACK_OF(X509) *chain, | ||
| 774 | IPAddrBlocks *ext, | ||
| 775 | int allow_inheritance); | ||
| 569 | 776 | ||
| 777 | #endif /* OPENSSL_NO_RFC3779 */ | ||
| 570 | 778 | ||
| 571 | /* BEGIN ERROR CODES */ | 779 | /* BEGIN ERROR CODES */ |
| 572 | /* The following lines are auto generated by the script mkerr.pl. Any changes | 780 | /* The following lines are auto generated by the script mkerr.pl. Any changes |
| @@ -577,46 +785,63 @@ void ERR_load_X509V3_strings(void); | |||
| 577 | /* Error codes for the X509V3 functions. */ | 785 | /* Error codes for the X509V3 functions. */ |
| 578 | 786 | ||
| 579 | /* Function codes. */ | 787 | /* Function codes. */ |
| 788 | #define X509V3_F_ASIDENTIFIERCHOICE_CANONIZE 156 | ||
| 789 | #define X509V3_F_ASIDENTIFIERCHOICE_IS_CANONICAL 157 | ||
| 580 | #define X509V3_F_COPY_EMAIL 122 | 790 | #define X509V3_F_COPY_EMAIL 122 |
| 581 | #define X509V3_F_COPY_ISSUER 123 | 791 | #define X509V3_F_COPY_ISSUER 123 |
| 792 | #define X509V3_F_DO_DIRNAME 144 | ||
| 582 | #define X509V3_F_DO_EXT_CONF 124 | 793 | #define X509V3_F_DO_EXT_CONF 124 |
| 583 | #define X509V3_F_DO_EXT_I2D 135 | 794 | #define X509V3_F_DO_EXT_I2D 135 |
| 795 | #define X509V3_F_DO_EXT_NCONF 151 | ||
| 796 | #define X509V3_F_DO_I2V_NAME_CONSTRAINTS 148 | ||
| 584 | #define X509V3_F_HEX_TO_STRING 111 | 797 | #define X509V3_F_HEX_TO_STRING 111 |
| 585 | #define X509V3_F_I2S_ASN1_ENUMERATED 121 | 798 | #define X509V3_F_I2S_ASN1_ENUMERATED 121 |
| 586 | #define X509V3_F_I2S_ASN1_IA5STRING 142 | 799 | #define X509V3_F_I2S_ASN1_IA5STRING 149 |
| 587 | #define X509V3_F_I2S_ASN1_INTEGER 120 | 800 | #define X509V3_F_I2S_ASN1_INTEGER 120 |
| 588 | #define X509V3_F_I2V_AUTHORITY_INFO_ACCESS 138 | 801 | #define X509V3_F_I2V_AUTHORITY_INFO_ACCESS 138 |
| 589 | #define X509V3_F_NOTICE_SECTION 132 | 802 | #define X509V3_F_NOTICE_SECTION 132 |
| 590 | #define X509V3_F_NREF_NOS 133 | 803 | #define X509V3_F_NREF_NOS 133 |
| 591 | #define X509V3_F_POLICY_SECTION 131 | 804 | #define X509V3_F_POLICY_SECTION 131 |
| 805 | #define X509V3_F_PROCESS_PCI_VALUE 150 | ||
| 592 | #define X509V3_F_R2I_CERTPOL 130 | 806 | #define X509V3_F_R2I_CERTPOL 130 |
| 593 | #define X509V3_F_R2I_PCI 142 | 807 | #define X509V3_F_R2I_PCI 155 |
| 594 | #define X509V3_F_S2I_ASN1_IA5STRING 100 | 808 | #define X509V3_F_S2I_ASN1_IA5STRING 100 |
| 595 | #define X509V3_F_S2I_ASN1_INTEGER 108 | 809 | #define X509V3_F_S2I_ASN1_INTEGER 108 |
| 596 | #define X509V3_F_S2I_ASN1_OCTET_STRING 112 | 810 | #define X509V3_F_S2I_ASN1_OCTET_STRING 112 |
| 597 | #define X509V3_F_S2I_ASN1_SKEY_ID 114 | 811 | #define X509V3_F_S2I_ASN1_SKEY_ID 114 |
| 598 | #define X509V3_F_S2I_S2I_SKEY_ID 115 | 812 | #define X509V3_F_S2I_SKEY_ID 115 |
| 599 | #define X509V3_F_STRING_TO_HEX 113 | 813 | #define X509V3_F_STRING_TO_HEX 113 |
| 600 | #define X509V3_F_SXNET_ADD_ASC 125 | 814 | #define X509V3_F_SXNET_ADD_ID_ASC 125 |
| 601 | #define X509V3_F_SXNET_ADD_ID_INTEGER 126 | 815 | #define X509V3_F_SXNET_ADD_ID_INTEGER 126 |
| 602 | #define X509V3_F_SXNET_ADD_ID_ULONG 127 | 816 | #define X509V3_F_SXNET_ADD_ID_ULONG 127 |
| 603 | #define X509V3_F_SXNET_GET_ID_ASC 128 | 817 | #define X509V3_F_SXNET_GET_ID_ASC 128 |
| 604 | #define X509V3_F_SXNET_GET_ID_ULONG 129 | 818 | #define X509V3_F_SXNET_GET_ID_ULONG 129 |
| 605 | #define X509V3_F_V2I_ACCESS_DESCRIPTION 139 | 819 | #define X509V3_F_V2I_ASIDENTIFIERS 158 |
| 606 | #define X509V3_F_V2I_ASN1_BIT_STRING 101 | 820 | #define X509V3_F_V2I_ASN1_BIT_STRING 101 |
| 821 | #define X509V3_F_V2I_AUTHORITY_INFO_ACCESS 139 | ||
| 607 | #define X509V3_F_V2I_AUTHORITY_KEYID 119 | 822 | #define X509V3_F_V2I_AUTHORITY_KEYID 119 |
| 608 | #define X509V3_F_V2I_BASIC_CONSTRAINTS 102 | 823 | #define X509V3_F_V2I_BASIC_CONSTRAINTS 102 |
| 609 | #define X509V3_F_V2I_CRLD 134 | 824 | #define X509V3_F_V2I_CRLD 134 |
| 610 | #define X509V3_F_V2I_EXT_KU 103 | 825 | #define X509V3_F_V2I_EXTENDED_KEY_USAGE 103 |
| 611 | #define X509V3_F_V2I_GENERAL_NAME 117 | ||
| 612 | #define X509V3_F_V2I_GENERAL_NAMES 118 | 826 | #define X509V3_F_V2I_GENERAL_NAMES 118 |
| 827 | #define X509V3_F_V2I_GENERAL_NAME_EX 117 | ||
| 828 | #define X509V3_F_V2I_IPADDRBLOCKS 159 | ||
| 829 | #define X509V3_F_V2I_ISSUER_ALT 153 | ||
| 830 | #define X509V3_F_V2I_NAME_CONSTRAINTS 147 | ||
| 831 | #define X509V3_F_V2I_POLICY_CONSTRAINTS 146 | ||
| 832 | #define X509V3_F_V2I_POLICY_MAPPINGS 145 | ||
| 833 | #define X509V3_F_V2I_SUBJECT_ALT 154 | ||
| 834 | #define X509V3_F_V3_ADDR_VALIDATE_PATH_INTERNAL 160 | ||
| 613 | #define X509V3_F_V3_GENERIC_EXTENSION 116 | 835 | #define X509V3_F_V3_GENERIC_EXTENSION 116 |
| 614 | #define X509V3_F_X509V3_ADD_I2D 140 | 836 | #define X509V3_F_X509V3_ADD1_I2D 140 |
| 615 | #define X509V3_F_X509V3_ADD_VALUE 105 | 837 | #define X509V3_F_X509V3_ADD_VALUE 105 |
| 616 | #define X509V3_F_X509V3_EXT_ADD 104 | 838 | #define X509V3_F_X509V3_EXT_ADD 104 |
| 617 | #define X509V3_F_X509V3_EXT_ADD_ALIAS 106 | 839 | #define X509V3_F_X509V3_EXT_ADD_ALIAS 106 |
| 618 | #define X509V3_F_X509V3_EXT_CONF 107 | 840 | #define X509V3_F_X509V3_EXT_CONF 107 |
| 619 | #define X509V3_F_X509V3_EXT_I2D 136 | 841 | #define X509V3_F_X509V3_EXT_I2D 136 |
| 842 | #define X509V3_F_X509V3_EXT_NCONF 152 | ||
| 843 | #define X509V3_F_X509V3_GET_SECTION 142 | ||
| 844 | #define X509V3_F_X509V3_GET_STRING 143 | ||
| 620 | #define X509V3_F_X509V3_GET_VALUE_BOOL 110 | 845 | #define X509V3_F_X509V3_GET_VALUE_BOOL 110 |
| 621 | #define X509V3_F_X509V3_PARSE_LIST 109 | 846 | #define X509V3_F_X509V3_PARSE_LIST 109 |
| 622 | #define X509V3_F_X509_PURPOSE_ADD 137 | 847 | #define X509V3_F_X509_PURPOSE_ADD 137 |
| @@ -627,6 +852,7 @@ void ERR_load_X509V3_strings(void); | |||
| 627 | #define X509V3_R_BAD_OBJECT 119 | 852 | #define X509V3_R_BAD_OBJECT 119 |
| 628 | #define X509V3_R_BN_DEC2BN_ERROR 100 | 853 | #define X509V3_R_BN_DEC2BN_ERROR 100 |
| 629 | #define X509V3_R_BN_TO_ASN1_INTEGER_ERROR 101 | 854 | #define X509V3_R_BN_TO_ASN1_INTEGER_ERROR 101 |
| 855 | #define X509V3_R_DIRNAME_ERROR 149 | ||
| 630 | #define X509V3_R_DUPLICATE_ZONE_ID 133 | 856 | #define X509V3_R_DUPLICATE_ZONE_ID 133 |
| 631 | #define X509V3_R_ERROR_CONVERTING_ZONE 131 | 857 | #define X509V3_R_ERROR_CONVERTING_ZONE 131 |
| 632 | #define X509V3_R_ERROR_CREATING_EXTENSION 144 | 858 | #define X509V3_R_ERROR_CREATING_EXTENSION 144 |
| @@ -637,10 +863,15 @@ void ERR_load_X509V3_strings(void); | |||
| 637 | #define X509V3_R_EXTENSION_NOT_FOUND 102 | 863 | #define X509V3_R_EXTENSION_NOT_FOUND 102 |
| 638 | #define X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED 103 | 864 | #define X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED 103 |
| 639 | #define X509V3_R_EXTENSION_VALUE_ERROR 116 | 865 | #define X509V3_R_EXTENSION_VALUE_ERROR 116 |
| 866 | #define X509V3_R_ILLEGAL_EMPTY_EXTENSION 151 | ||
| 640 | #define X509V3_R_ILLEGAL_HEX_DIGIT 113 | 867 | #define X509V3_R_ILLEGAL_HEX_DIGIT 113 |
| 641 | #define X509V3_R_INCORRECT_POLICY_SYNTAX_TAG 153 | 868 | #define X509V3_R_INCORRECT_POLICY_SYNTAX_TAG 152 |
| 869 | #define X509V3_R_INVALID_ASNUMBER 160 | ||
| 870 | #define X509V3_R_INVALID_ASRANGE 161 | ||
| 642 | #define X509V3_R_INVALID_BOOLEAN_STRING 104 | 871 | #define X509V3_R_INVALID_BOOLEAN_STRING 104 |
| 643 | #define X509V3_R_INVALID_EXTENSION_STRING 105 | 872 | #define X509V3_R_INVALID_EXTENSION_STRING 105 |
| 873 | #define X509V3_R_INVALID_INHERITANCE 162 | ||
| 874 | #define X509V3_R_INVALID_IPADDRESS 163 | ||
| 644 | #define X509V3_R_INVALID_NAME 106 | 875 | #define X509V3_R_INVALID_NAME 106 |
| 645 | #define X509V3_R_INVALID_NULL_ARGUMENT 107 | 876 | #define X509V3_R_INVALID_NULL_ARGUMENT 107 |
| 646 | #define X509V3_R_INVALID_NULL_NAME 108 | 877 | #define X509V3_R_INVALID_NULL_NAME 108 |
| @@ -650,9 +881,9 @@ void ERR_load_X509V3_strings(void); | |||
| 650 | #define X509V3_R_INVALID_OBJECT_IDENTIFIER 110 | 881 | #define X509V3_R_INVALID_OBJECT_IDENTIFIER 110 |
| 651 | #define X509V3_R_INVALID_OPTION 138 | 882 | #define X509V3_R_INVALID_OPTION 138 |
| 652 | #define X509V3_R_INVALID_POLICY_IDENTIFIER 134 | 883 | #define X509V3_R_INVALID_POLICY_IDENTIFIER 134 |
| 653 | #define X509V3_R_INVALID_PROXY_POLICY_IDENTIFIER 147 | 884 | #define X509V3_R_INVALID_PROXY_POLICY_SETTING 153 |
| 654 | #define X509V3_R_INVALID_PROXY_POLICY_SETTING 151 | ||
| 655 | #define X509V3_R_INVALID_PURPOSE 146 | 885 | #define X509V3_R_INVALID_PURPOSE 146 |
| 886 | #define X509V3_R_INVALID_SAFI 164 | ||
| 656 | #define X509V3_R_INVALID_SECTION 135 | 887 | #define X509V3_R_INVALID_SECTION 135 |
| 657 | #define X509V3_R_INVALID_SYNTAX 143 | 888 | #define X509V3_R_INVALID_SYNTAX 143 |
| 658 | #define X509V3_R_ISSUER_DECODE_ERROR 126 | 889 | #define X509V3_R_ISSUER_DECODE_ERROR 126 |
| @@ -662,16 +893,18 @@ void ERR_load_X509V3_strings(void); | |||
| 662 | #define X509V3_R_NO_ISSUER_CERTIFICATE 121 | 893 | #define X509V3_R_NO_ISSUER_CERTIFICATE 121 |
| 663 | #define X509V3_R_NO_ISSUER_DETAILS 127 | 894 | #define X509V3_R_NO_ISSUER_DETAILS 127 |
| 664 | #define X509V3_R_NO_POLICY_IDENTIFIER 139 | 895 | #define X509V3_R_NO_POLICY_IDENTIFIER 139 |
| 665 | #define X509V3_R_NO_PROXY_CERT_POLICY_LANGUAGE_DEFINED 148 | 896 | #define X509V3_R_NO_PROXY_CERT_POLICY_LANGUAGE_DEFINED 154 |
| 666 | #define X509V3_R_NO_PUBLIC_KEY 114 | 897 | #define X509V3_R_NO_PUBLIC_KEY 114 |
| 667 | #define X509V3_R_NO_SUBJECT_DETAILS 125 | 898 | #define X509V3_R_NO_SUBJECT_DETAILS 125 |
| 668 | #define X509V3_R_ODD_NUMBER_OF_DIGITS 112 | 899 | #define X509V3_R_ODD_NUMBER_OF_DIGITS 112 |
| 669 | #define X509V3_R_POLICY_LANGUAGE_ALREADTY_DEFINED 149 | 900 | #define X509V3_R_OPERATION_NOT_DEFINED 148 |
| 670 | #define X509V3_R_POLICY_PATH_LENGTH 152 | 901 | #define X509V3_R_OTHERNAME_ERROR 147 |
| 671 | #define X509V3_R_POLICY_PATH_LENGTH_ALREADTY_DEFINED 150 | 902 | #define X509V3_R_POLICY_LANGUAGE_ALREADTY_DEFINED 155 |
| 672 | #define X509V3_R_POLICY_SYNTAX_NOT 154 | 903 | #define X509V3_R_POLICY_PATH_LENGTH 156 |
| 673 | #define X509V3_R_POLICY_SYNTAX_NOT_CURRENTLY_SUPPORTED 155 | 904 | #define X509V3_R_POLICY_PATH_LENGTH_ALREADTY_DEFINED 157 |
| 674 | #define X509V3_R_POLICY_WHEN_PROXY_LANGUAGE_REQUIRES_NO_POLICY 156 | 905 | #define X509V3_R_POLICY_SYNTAX_NOT_CURRENTLY_SUPPORTED 158 |
| 906 | #define X509V3_R_POLICY_WHEN_PROXY_LANGUAGE_REQUIRES_NO_POLICY 159 | ||
| 907 | #define X509V3_R_SECTION_NOT_FOUND 150 | ||
| 675 | #define X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS 122 | 908 | #define X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS 122 |
| 676 | #define X509V3_R_UNABLE_TO_GET_ISSUER_KEYID 123 | 909 | #define X509V3_R_UNABLE_TO_GET_ISSUER_KEYID 123 |
| 677 | #define X509V3_R_UNKNOWN_BIT_STRING_ARGUMENT 111 | 910 | #define X509V3_R_UNKNOWN_BIT_STRING_ARGUMENT 111 |
diff --git a/src/lib/libssl/src/demos/easy_tls/easy-tls.c b/src/lib/libssl/src/demos/easy_tls/easy-tls.c index c958f4b609..b4c9f9e77b 100644 --- a/src/lib/libssl/src/demos/easy_tls/easy-tls.c +++ b/src/lib/libssl/src/demos/easy_tls/easy-tls.c | |||
| @@ -1,7 +1,7 @@ | |||
| 1 | /* -*- Mode: C; c-file-style: "bsd" -*- */ | 1 | /* -*- Mode: C; c-file-style: "bsd" -*- */ |
| 2 | /* | 2 | /* |
| 3 | * easy-tls.c -- generic TLS proxy. | 3 | * easy-tls.c -- generic TLS proxy. |
| 4 | * $Id: easy-tls.c,v 1.3 2002/09/10 16:31:56 markus Exp $ | 4 | * $Id: easy-tls.c,v 1.4 2008/09/06 12:17:52 djm Exp $ |
| 5 | */ | 5 | */ |
| 6 | /* | 6 | /* |
| 7 | (c) Copyright 1999 Bodo Moeller. All rights reserved. | 7 | (c) Copyright 1999 Bodo Moeller. All rights reserved. |
| @@ -73,7 +73,7 @@ | |||
| 73 | */ | 73 | */ |
| 74 | 74 | ||
| 75 | static char const rcsid[] = | 75 | static char const rcsid[] = |
| 76 | "$Id: easy-tls.c,v 1.3 2002/09/10 16:31:56 markus Exp $"; | 76 | "$Id: easy-tls.c,v 1.4 2008/09/06 12:17:52 djm Exp $"; |
| 77 | 77 | ||
| 78 | #include <assert.h> | 78 | #include <assert.h> |
| 79 | #include <errno.h> | 79 | #include <errno.h> |
diff --git a/src/lib/libssl/src/demos/tunala/autoungunk.sh b/src/lib/libssl/src/demos/tunala/autoungunk.sh index 14d10790fd..0c9123b6cf 100644 --- a/src/lib/libssl/src/demos/tunala/autoungunk.sh +++ b/src/lib/libssl/src/demos/tunala/autoungunk.sh | |||
| @@ -4,13 +4,13 @@ | |||
| 4 | # mess has been left in the directory thanks to autoconf, automake, and their | 4 | # mess has been left in the directory thanks to autoconf, automake, and their |
| 5 | # friends. | 5 | # friends. |
| 6 | 6 | ||
| 7 | if test -f Makefile; then | ||
| 8 | make distclean | ||
| 9 | rm -f Makefile | ||
| 10 | fi | ||
| 11 | |||
| 12 | if test -f Makefile.plain; then | 7 | if test -f Makefile.plain; then |
| 8 | if test -f Makefile; then | ||
| 9 | make distclean | ||
| 10 | fi | ||
| 13 | mv Makefile.plain Makefile | 11 | mv Makefile.plain Makefile |
| 12 | else | ||
| 13 | make clean | ||
| 14 | fi | 14 | fi |
| 15 | 15 | ||
| 16 | rm -f aclocal.m4 config.* configure install-sh \ | 16 | rm -f aclocal.m4 config.* configure install-sh \ |
diff --git a/src/lib/libssl/src/demos/tunala/cb.c b/src/lib/libssl/src/demos/tunala/cb.c index cd32f74c70..e64983896e 100644 --- a/src/lib/libssl/src/demos/tunala/cb.c +++ b/src/lib/libssl/src/demos/tunala/cb.c | |||
| @@ -129,5 +129,15 @@ void cb_ssl_verify_set_level(unsigned int level) | |||
| 129 | cb_ssl_verify_level = level; | 129 | cb_ssl_verify_level = level; |
| 130 | } | 130 | } |
| 131 | 131 | ||
| 132 | RSA *cb_generate_tmp_rsa(SSL *s, int is_export, int keylength) | ||
| 133 | { | ||
| 134 | /* TODO: Perhaps make it so our global key can be generated on-the-fly | ||
| 135 | * after certain intervals? */ | ||
| 136 | static RSA *rsa_tmp = NULL; | ||
| 137 | if(!rsa_tmp) | ||
| 138 | rsa_tmp = RSA_generate_key(keylength, RSA_F4, NULL, NULL); | ||
| 139 | return rsa_tmp; | ||
| 140 | } | ||
| 141 | |||
| 132 | #endif /* !defined(NO_OPENSSL) */ | 142 | #endif /* !defined(NO_OPENSSL) */ |
| 133 | 143 | ||
diff --git a/src/lib/libssl/src/demos/tunala/configure.in b/src/lib/libssl/src/demos/tunala/configure.in index b2a6ffc756..590cdbfd26 100644 --- a/src/lib/libssl/src/demos/tunala/configure.in +++ b/src/lib/libssl/src/demos/tunala/configure.in | |||
| @@ -10,6 +10,7 @@ dnl AM_PROG_LIBTOOL | |||
| 10 | 10 | ||
| 11 | dnl Checks for libraries. | 11 | dnl Checks for libraries. |
| 12 | AC_CHECK_LIB(dl, dlopen) | 12 | AC_CHECK_LIB(dl, dlopen) |
| 13 | AC_CHECK_LIB(z, inflate) | ||
| 13 | AC_CHECK_LIB(socket, socket) | 14 | AC_CHECK_LIB(socket, socket) |
| 14 | AC_CHECK_LIB(nsl, gethostbyname) | 15 | AC_CHECK_LIB(nsl, gethostbyname) |
| 15 | 16 | ||
diff --git a/src/lib/libssl/src/demos/tunala/tunala.c b/src/lib/libssl/src/demos/tunala/tunala.c index e802a6209f..e918cba2ce 100644 --- a/src/lib/libssl/src/demos/tunala/tunala.c +++ b/src/lib/libssl/src/demos/tunala/tunala.c | |||
| @@ -69,8 +69,8 @@ typedef struct _tunala_world_t { | |||
| 69 | static SSL_CTX *initialise_ssl_ctx(int server_mode, const char *engine_id, | 69 | static SSL_CTX *initialise_ssl_ctx(int server_mode, const char *engine_id, |
| 70 | const char *CAfile, const char *cert, const char *key, | 70 | const char *CAfile, const char *cert, const char *key, |
| 71 | const char *dcert, const char *dkey, const char *cipher_list, | 71 | const char *dcert, const char *dkey, const char *cipher_list, |
| 72 | const char *dh_file, const char *dh_special, int ctx_options, | 72 | const char *dh_file, const char *dh_special, int tmp_rsa, |
| 73 | int out_state, int out_verify, int verify_mode, | 73 | int ctx_options, int out_state, int out_verify, int verify_mode, |
| 74 | unsigned int verify_depth); | 74 | unsigned int verify_depth); |
| 75 | static void selector_init(tunala_selector_t *selector); | 75 | static void selector_init(tunala_selector_t *selector); |
| 76 | static void selector_add_listener(tunala_selector_t *selector, int fd); | 76 | static void selector_add_listener(tunala_selector_t *selector, int fd); |
| @@ -102,6 +102,7 @@ static int def_flipped = 0; | |||
| 102 | static const char *def_cipher_list = NULL; | 102 | static const char *def_cipher_list = NULL; |
| 103 | static const char *def_dh_file = NULL; | 103 | static const char *def_dh_file = NULL; |
| 104 | static const char *def_dh_special = NULL; | 104 | static const char *def_dh_special = NULL; |
| 105 | static int def_tmp_rsa = 1; | ||
| 105 | static int def_ctx_options = 0; | 106 | static int def_ctx_options = 0; |
| 106 | static int def_verify_mode = 0; | 107 | static int def_verify_mode = 0; |
| 107 | static unsigned int def_verify_depth = 10; | 108 | static unsigned int def_verify_depth = 10; |
| @@ -127,6 +128,7 @@ static const char *helpstring = | |||
| 127 | " -cipher <list> (specifies cipher list to use)\n" | 128 | " -cipher <list> (specifies cipher list to use)\n" |
| 128 | " -dh_file <path> (a PEM file containing DH parameters to use)\n" | 129 | " -dh_file <path> (a PEM file containing DH parameters to use)\n" |
| 129 | " -dh_special <NULL|generate|standard> (see below: def=NULL)\n" | 130 | " -dh_special <NULL|generate|standard> (see below: def=NULL)\n" |
| 131 | " -no_tmp_rsa (don't generate temporary RSA keys)\n" | ||
| 130 | " -no_ssl2 (disable SSLv2)\n" | 132 | " -no_ssl2 (disable SSLv2)\n" |
| 131 | " -no_ssl3 (disable SSLv3)\n" | 133 | " -no_ssl3 (disable SSLv3)\n" |
| 132 | " -no_tls1 (disable TLSv1)\n" | 134 | " -no_tls1 (disable TLSv1)\n" |
| @@ -306,6 +308,7 @@ int main(int argc, char *argv[]) | |||
| 306 | const char *cipher_list = def_cipher_list; | 308 | const char *cipher_list = def_cipher_list; |
| 307 | const char *dh_file = def_dh_file; | 309 | const char *dh_file = def_dh_file; |
| 308 | const char *dh_special = def_dh_special; | 310 | const char *dh_special = def_dh_special; |
| 311 | int tmp_rsa = def_tmp_rsa; | ||
| 309 | int ctx_options = def_ctx_options; | 312 | int ctx_options = def_ctx_options; |
| 310 | int verify_mode = def_verify_mode; | 313 | int verify_mode = def_verify_mode; |
| 311 | unsigned int verify_depth = def_verify_depth; | 314 | unsigned int verify_depth = def_verify_depth; |
| @@ -427,6 +430,9 @@ next_arg: | |||
| 427 | if(!parse_dh_special(*argv, &dh_special)) | 430 | if(!parse_dh_special(*argv, &dh_special)) |
| 428 | return 1; | 431 | return 1; |
| 429 | goto next_arg; | 432 | goto next_arg; |
| 433 | } else if(strcmp(*argv, "-no_tmp_rsa") == 0) { | ||
| 434 | tmp_rsa = 0; | ||
| 435 | goto next_arg; | ||
| 430 | } else if(strcmp(*argv, "-no_ssl2") == 0) { | 436 | } else if(strcmp(*argv, "-no_ssl2") == 0) { |
| 431 | ctx_options |= SSL_OP_NO_SSLv2; | 437 | ctx_options |= SSL_OP_NO_SSLv2; |
| 432 | goto next_arg; | 438 | goto next_arg; |
| @@ -487,7 +493,7 @@ next_arg: | |||
| 487 | /* Create the SSL_CTX */ | 493 | /* Create the SSL_CTX */ |
| 488 | if((world.ssl_ctx = initialise_ssl_ctx(server_mode, engine_id, | 494 | if((world.ssl_ctx = initialise_ssl_ctx(server_mode, engine_id, |
| 489 | cacert, cert, key, dcert, dkey, cipher_list, dh_file, | 495 | cacert, cert, key, dcert, dkey, cipher_list, dh_file, |
| 490 | dh_special, ctx_options, out_state, out_verify, | 496 | dh_special, tmp_rsa, ctx_options, out_state, out_verify, |
| 491 | verify_mode, verify_depth)) == NULL) | 497 | verify_mode, verify_depth)) == NULL) |
| 492 | return err_str1("initialise_ssl_ctx(engine_id=%s) failed", | 498 | return err_str1("initialise_ssl_ctx(engine_id=%s) failed", |
| 493 | (engine_id == NULL) ? "NULL" : engine_id); | 499 | (engine_id == NULL) ? "NULL" : engine_id); |
| @@ -522,8 +528,13 @@ main_loop: | |||
| 522 | /* Now do the select */ | 528 | /* Now do the select */ |
| 523 | switch(selector_select(&world.selector)) { | 529 | switch(selector_select(&world.selector)) { |
| 524 | case -1: | 530 | case -1: |
| 525 | fprintf(stderr, "selector_select returned a badness error.\n"); | 531 | if(errno != EINTR) { |
| 526 | goto shouldnt_happen; | 532 | fprintf(stderr, "selector_select returned a " |
| 533 | "badness error.\n"); | ||
| 534 | goto shouldnt_happen; | ||
| 535 | } | ||
| 536 | fprintf(stderr, "Warn, selector interrupted by a signal\n"); | ||
| 537 | goto main_loop; | ||
| 527 | case 0: | 538 | case 0: |
| 528 | fprintf(stderr, "Warn, selector_select returned 0 - signal?""?\n"); | 539 | fprintf(stderr, "Warn, selector_select returned 0 - signal?""?\n"); |
| 529 | goto main_loop; | 540 | goto main_loop; |
| @@ -717,8 +728,8 @@ do_it: | |||
| 717 | static SSL_CTX *initialise_ssl_ctx(int server_mode, const char *engine_id, | 728 | static SSL_CTX *initialise_ssl_ctx(int server_mode, const char *engine_id, |
| 718 | const char *CAfile, const char *cert, const char *key, | 729 | const char *CAfile, const char *cert, const char *key, |
| 719 | const char *dcert, const char *dkey, const char *cipher_list, | 730 | const char *dcert, const char *dkey, const char *cipher_list, |
| 720 | const char *dh_file, const char *dh_special, int ctx_options, | 731 | const char *dh_file, const char *dh_special, int tmp_rsa, |
| 721 | int out_state, int out_verify, int verify_mode, | 732 | int ctx_options, int out_state, int out_verify, int verify_mode, |
| 722 | unsigned int verify_depth) | 733 | unsigned int verify_depth) |
| 723 | { | 734 | { |
| 724 | SSL_CTX *ctx = NULL, *ret = NULL; | 735 | SSL_CTX *ctx = NULL, *ret = NULL; |
| @@ -770,6 +781,9 @@ static SSL_CTX *initialise_ssl_ctx(int server_mode, const char *engine_id, | |||
| 770 | /* dcert and dkey */ | 781 | /* dcert and dkey */ |
| 771 | if((dcert || dkey) && !ctx_set_cert(ctx, dcert, dkey)) | 782 | if((dcert || dkey) && !ctx_set_cert(ctx, dcert, dkey)) |
| 772 | goto err; | 783 | goto err; |
| 784 | /* temporary RSA key generation */ | ||
| 785 | if(tmp_rsa) | ||
| 786 | SSL_CTX_set_tmp_rsa_callback(ctx, cb_generate_tmp_rsa); | ||
| 773 | 787 | ||
| 774 | /* cipher_list */ | 788 | /* cipher_list */ |
| 775 | if(cipher_list) { | 789 | if(cipher_list) { |
diff --git a/src/lib/libssl/src/demos/tunala/tunala.h b/src/lib/libssl/src/demos/tunala/tunala.h index b4c8ec78d8..3a752f259a 100644 --- a/src/lib/libssl/src/demos/tunala/tunala.h +++ b/src/lib/libssl/src/demos/tunala/tunala.h | |||
| @@ -149,6 +149,7 @@ int cb_ssl_verify(int ok, X509_STORE_CTX *ctx); | |||
| 149 | void cb_ssl_verify_set_output(FILE *fp); | 149 | void cb_ssl_verify_set_output(FILE *fp); |
| 150 | void cb_ssl_verify_set_depth(unsigned int verify_depth); | 150 | void cb_ssl_verify_set_depth(unsigned int verify_depth); |
| 151 | void cb_ssl_verify_set_level(unsigned int level); | 151 | void cb_ssl_verify_set_level(unsigned int level); |
| 152 | RSA *cb_generate_tmp_rsa(SSL *s, int is_export, int keylength); | ||
| 152 | #endif /* !defined(NO_OPENSSL) */ | 153 | #endif /* !defined(NO_OPENSSL) */ |
| 153 | #endif /* !defined(OPENSSL_NO_BUFFER) */ | 154 | #endif /* !defined(OPENSSL_NO_BUFFER) */ |
| 154 | 155 | ||
diff --git a/src/lib/libssl/src/doc/HOWTO/certificates.txt b/src/lib/libssl/src/doc/HOWTO/certificates.txt index d3a62545ad..a8a34c7abc 100644 --- a/src/lib/libssl/src/doc/HOWTO/certificates.txt +++ b/src/lib/libssl/src/doc/HOWTO/certificates.txt | |||
| @@ -66,14 +66,13 @@ Section 5 will tell you more on how to handle the certificate you | |||
| 66 | received. | 66 | received. |
| 67 | 67 | ||
| 68 | 68 | ||
| 69 | 4. Creating a self-signed certificate | 69 | 4. Creating a self-signed test certificate |
| 70 | 70 | ||
| 71 | If you don't want to deal with another certificate authority, or just | 71 | If you don't want to deal with another certificate authority, or just |
| 72 | want to create a test certificate for yourself, or are setting up a | 72 | want to create a test certificate for yourself. This is similar to |
| 73 | certificate authority of your own, you may want to make the requested | 73 | creating a certificate request, but creates a certificate instead of |
| 74 | certificate a self-signed one. This is similar to creating a | 74 | a certificate request. This is NOT the recommended way to create a |
| 75 | certificate request, but creates a certificate instead of a | 75 | CA certificate, see ca.txt. |
| 76 | certificate request (1095 is 3 years): | ||
| 77 | 76 | ||
| 78 | openssl req -new -x509 -key privkey.pem -out cacert.pem -days 1095 | 77 | openssl req -new -x509 -key privkey.pem -out cacert.pem -days 1095 |
| 79 | 78 | ||
diff --git a/src/lib/libssl/src/doc/apps/asn1parse.pod b/src/lib/libssl/src/doc/apps/asn1parse.pod index 69ee4dfee6..542d969066 100644 --- a/src/lib/libssl/src/doc/apps/asn1parse.pod +++ b/src/lib/libssl/src/doc/apps/asn1parse.pod | |||
| @@ -16,6 +16,8 @@ B<openssl> B<asn1parse> | |||
| 16 | [B<-i>] | 16 | [B<-i>] |
| 17 | [B<-oid filename>] | 17 | [B<-oid filename>] |
| 18 | [B<-strparse offset>] | 18 | [B<-strparse offset>] |
| 19 | [B<-genstr string>] | ||
| 20 | [B<-genconf file>] | ||
| 19 | 21 | ||
| 20 | =head1 DESCRIPTION | 22 | =head1 DESCRIPTION |
| 21 | 23 | ||
| @@ -67,6 +69,14 @@ file is described in the NOTES section below. | |||
| 67 | parse the contents octets of the ASN.1 object starting at B<offset>. This | 69 | parse the contents octets of the ASN.1 object starting at B<offset>. This |
| 68 | option can be used multiple times to "drill down" into a nested structure. | 70 | option can be used multiple times to "drill down" into a nested structure. |
| 69 | 71 | ||
| 72 | =item B<-genstr string>, B<-genconf file> | ||
| 73 | |||
| 74 | generate encoded data based on B<string>, B<file> or both using | ||
| 75 | ASN1_generate_nconf() format. If B<file> only is present then the string | ||
| 76 | is obtained from the default section using the name B<asn1>. The encoded | ||
| 77 | data is passed through the ASN1 parser and printed out as though it came | ||
| 78 | from a file, the contents can thus be examined and written to a file | ||
| 79 | using the B<out> option. | ||
| 70 | 80 | ||
| 71 | =back | 81 | =back |
| 72 | 82 | ||
| @@ -121,6 +131,38 @@ by white space. The final column is the rest of the line and is the | |||
| 121 | 131 | ||
| 122 | C<1.2.3.4 shortName A long name> | 132 | C<1.2.3.4 shortName A long name> |
| 123 | 133 | ||
| 134 | =head1 EXAMPLES | ||
| 135 | |||
| 136 | Parse a file: | ||
| 137 | |||
| 138 | openssl asn1parse -in file.pem | ||
| 139 | |||
| 140 | Parse a DER file: | ||
| 141 | |||
| 142 | openssl asn1parse -inform DER -in file.der | ||
| 143 | |||
| 144 | Generate a simple UTF8String: | ||
| 145 | |||
| 146 | openssl asn1parse -genstr 'UTF8:Hello World' | ||
| 147 | |||
| 148 | Generate and write out a UTF8String, don't print parsed output: | ||
| 149 | |||
| 150 | openssl asn1parse -genstr 'UTF8:Hello World' -noout -out utf8.der | ||
| 151 | |||
| 152 | Generate using a config file: | ||
| 153 | |||
| 154 | openssl asn1parse -genconf asn1.cnf -noout -out asn1.der | ||
| 155 | |||
| 156 | Example config file: | ||
| 157 | |||
| 158 | asn1=SEQUENCE:seq_sect | ||
| 159 | |||
| 160 | [seq_sect] | ||
| 161 | |||
| 162 | field1=BOOL:TRUE | ||
| 163 | field2=EXP:0, UTF8:some random string | ||
| 164 | |||
| 165 | |||
| 124 | =head1 BUGS | 166 | =head1 BUGS |
| 125 | 167 | ||
| 126 | There should be options to change the format of output lines. The output of some | 168 | There should be options to change the format of output lines. The output of some |
diff --git a/src/lib/libssl/src/doc/apps/ca.pod b/src/lib/libssl/src/doc/apps/ca.pod index f15df49d4f..5618c2dc9d 100644 --- a/src/lib/libssl/src/doc/apps/ca.pod +++ b/src/lib/libssl/src/doc/apps/ca.pod | |||
| @@ -17,7 +17,6 @@ B<openssl> B<ca> | |||
| 17 | [B<-crl_hold instruction>] | 17 | [B<-crl_hold instruction>] |
| 18 | [B<-crl_compromise time>] | 18 | [B<-crl_compromise time>] |
| 19 | [B<-crl_CA_compromise time>] | 19 | [B<-crl_CA_compromise time>] |
| 20 | [B<-subj arg>] | ||
| 21 | [B<-crldays days>] | 20 | [B<-crldays days>] |
| 22 | [B<-crlhours hours>] | 21 | [B<-crlhours hours>] |
| 23 | [B<-crlexts section>] | 22 | [B<-crlexts section>] |
| @@ -30,6 +29,7 @@ B<openssl> B<ca> | |||
| 30 | [B<-key arg>] | 29 | [B<-key arg>] |
| 31 | [B<-passin arg>] | 30 | [B<-passin arg>] |
| 32 | [B<-cert file>] | 31 | [B<-cert file>] |
| 32 | [B<-selfsign>] | ||
| 33 | [B<-in file>] | 33 | [B<-in file>] |
| 34 | [B<-out file>] | 34 | [B<-out file>] |
| 35 | [B<-notext>] | 35 | [B<-notext>] |
| @@ -44,6 +44,9 @@ B<openssl> B<ca> | |||
| 44 | [B<-extensions section>] | 44 | [B<-extensions section>] |
| 45 | [B<-extfile section>] | 45 | [B<-extfile section>] |
| 46 | [B<-engine id>] | 46 | [B<-engine id>] |
| 47 | [B<-subj arg>] | ||
| 48 | [B<-utf8>] | ||
| 49 | [B<-multivalue-rdn>] | ||
| 47 | 50 | ||
| 48 | =head1 DESCRIPTION | 51 | =head1 DESCRIPTION |
| 49 | 52 | ||
| @@ -113,6 +116,20 @@ the password used to encrypt the private key. Since on some | |||
| 113 | systems the command line arguments are visible (e.g. Unix with | 116 | systems the command line arguments are visible (e.g. Unix with |
| 114 | the 'ps' utility) this option should be used with caution. | 117 | the 'ps' utility) this option should be used with caution. |
| 115 | 118 | ||
| 119 | =item B<-selfsign> | ||
| 120 | |||
| 121 | indicates the issued certificates are to be signed with the key | ||
| 122 | the certificate requests were signed with (given with B<-keyfile>). | ||
| 123 | Cerificate requests signed with a different key are ignored. If | ||
| 124 | B<-spkac>, B<-ss_cert> or B<-gencrl> are given, B<-selfsign> is | ||
| 125 | ignored. | ||
| 126 | |||
| 127 | A consequence of using B<-selfsign> is that the self-signed | ||
| 128 | certificate appears among the entries in the certificate database | ||
| 129 | (see the configuration option B<database>), and uses the same | ||
| 130 | serial number counter as all other certificates sign with the | ||
| 131 | self-signed certificate. | ||
| 132 | |||
| 116 | =item B<-passin arg> | 133 | =item B<-passin arg> |
| 117 | 134 | ||
| 118 | the key password source. For more information about the format of B<arg> | 135 | the key password source. For more information about the format of B<arg> |
| @@ -203,6 +220,28 @@ to attempt to obtain a functional reference to the specified engine, | |||
| 203 | thus initialising it if needed. The engine will then be set as the default | 220 | thus initialising it if needed. The engine will then be set as the default |
| 204 | for all available algorithms. | 221 | for all available algorithms. |
| 205 | 222 | ||
| 223 | =item B<-subj arg> | ||
| 224 | |||
| 225 | supersedes subject name given in the request. | ||
| 226 | The arg must be formatted as I</type0=value0/type1=value1/type2=...>, | ||
| 227 | characters may be escaped by \ (backslash), no spaces are skipped. | ||
| 228 | |||
| 229 | =item B<-utf8> | ||
| 230 | |||
| 231 | this option causes field values to be interpreted as UTF8 strings, by | ||
| 232 | default they are interpreted as ASCII. This means that the field | ||
| 233 | values, whether prompted from a terminal or obtained from a | ||
| 234 | configuration file, must be valid UTF8 strings. | ||
| 235 | |||
| 236 | =item B<-multivalue-rdn> | ||
| 237 | |||
| 238 | this option causes the -subj argument to be interpretedt with full | ||
| 239 | support for multivalued RDNs. Example: | ||
| 240 | |||
| 241 | I</DC=org/DC=OpenSSL/DC=users/UID=123456+CN=John Doe> | ||
| 242 | |||
| 243 | If -multi-rdn is not used then the UID value is I<123456+CN=John Doe>. | ||
| 244 | |||
| 206 | =back | 245 | =back |
| 207 | 246 | ||
| 208 | =head1 CRL OPTIONS | 247 | =head1 CRL OPTIONS |
| @@ -253,12 +292,6 @@ B<time>. B<time> should be in GeneralizedTime format that is B<YYYYMMDDHHMMSSZ>. | |||
| 253 | This is the same as B<crl_compromise> except the revocation reason is set to | 292 | This is the same as B<crl_compromise> except the revocation reason is set to |
| 254 | B<CACompromise>. | 293 | B<CACompromise>. |
| 255 | 294 | ||
| 256 | =item B<-subj arg> | ||
| 257 | |||
| 258 | supersedes subject name given in the request. | ||
| 259 | The arg must be formatted as I</type0=value0/type1=value1/type2=...>, | ||
| 260 | characters may be escaped by \ (backslash), no spaces are skipped. | ||
| 261 | |||
| 262 | =item B<-crlexts section> | 295 | =item B<-crlexts section> |
| 263 | 296 | ||
| 264 | the section of the configuration file containing CRL extensions to | 297 | the section of the configuration file containing CRL extensions to |
| @@ -359,11 +392,27 @@ the same as the B<-md> option. The message digest to use. Mandatory. | |||
| 359 | the text database file to use. Mandatory. This file must be present | 392 | the text database file to use. Mandatory. This file must be present |
| 360 | though initially it will be empty. | 393 | though initially it will be empty. |
| 361 | 394 | ||
| 395 | =item B<unique_subject> | ||
| 396 | |||
| 397 | if the value B<yes> is given, the valid certificate entries in the | ||
| 398 | database must have unique subjects. if the value B<no> is given, | ||
| 399 | several valid certificate entries may have the exact same subject. | ||
| 400 | The default value is B<yes>, to be compatible with older (pre 0.9.8) | ||
| 401 | versions of OpenSSL. However, to make CA certificate roll-over easier, | ||
| 402 | it's recommended to use the value B<no>, especially if combined with | ||
| 403 | the B<-selfsign> command line option. | ||
| 404 | |||
| 362 | =item B<serial> | 405 | =item B<serial> |
| 363 | 406 | ||
| 364 | a text file containing the next serial number to use in hex. Mandatory. | 407 | a text file containing the next serial number to use in hex. Mandatory. |
| 365 | This file must be present and contain a valid serial number. | 408 | This file must be present and contain a valid serial number. |
| 366 | 409 | ||
| 410 | =item B<crlnumber> | ||
| 411 | |||
| 412 | a text file containing the next CRL number to use in hex. The crl number | ||
| 413 | will be inserted in the CRLs only if this file exists. If this file is | ||
| 414 | present, it must contain a valid CRL number. | ||
| 415 | |||
| 367 | =item B<x509_extensions> | 416 | =item B<x509_extensions> |
| 368 | 417 | ||
| 369 | the same as B<-extensions>. | 418 | the same as B<-extensions>. |
| @@ -554,8 +603,7 @@ if corrupted it can be difficult to fix. It is theoretically possible | |||
| 554 | to rebuild the index file from all the issued certificates and a current | 603 | to rebuild the index file from all the issued certificates and a current |
| 555 | CRL: however there is no option to do this. | 604 | CRL: however there is no option to do this. |
| 556 | 605 | ||
| 557 | V2 CRL features like delta CRL support and CRL numbers are not currently | 606 | V2 CRL features like delta CRLs are not currently supported. |
| 558 | supported. | ||
| 559 | 607 | ||
| 560 | Although several requests can be input and handled at once it is only | 608 | Although several requests can be input and handled at once it is only |
| 561 | possible to include one SPKAC or self signed certificate. | 609 | possible to include one SPKAC or self signed certificate. |
| @@ -566,12 +614,6 @@ The use of an in memory text database can cause problems when large | |||
| 566 | numbers of certificates are present because, as the name implies | 614 | numbers of certificates are present because, as the name implies |
| 567 | the database has to be kept in memory. | 615 | the database has to be kept in memory. |
| 568 | 616 | ||
| 569 | It is not possible to certify two certificates with the same DN: this | ||
| 570 | is a side effect of how the text database is indexed and it cannot easily | ||
| 571 | be fixed without introducing other problems. Some S/MIME clients can use | ||
| 572 | two certificates with the same DN for separate signing and encryption | ||
| 573 | keys. | ||
| 574 | |||
| 575 | The B<ca> command really needs rewriting or the required functionality | 617 | The B<ca> command really needs rewriting or the required functionality |
| 576 | exposed at either a command or interface level so a more friendly utility | 618 | exposed at either a command or interface level so a more friendly utility |
| 577 | (perl script or GUI) can handle things properly. The scripts B<CA.sh> and | 619 | (perl script or GUI) can handle things properly. The scripts B<CA.sh> and |
diff --git a/src/lib/libssl/src/doc/apps/ciphers.pod b/src/lib/libssl/src/doc/apps/ciphers.pod index 81a2c43893..694e433ef3 100644 --- a/src/lib/libssl/src/doc/apps/ciphers.pod +++ b/src/lib/libssl/src/doc/apps/ciphers.pod | |||
| @@ -105,7 +105,7 @@ The following is a list of all permitted cipher strings and their meanings. | |||
| 105 | =item B<DEFAULT> | 105 | =item B<DEFAULT> |
| 106 | 106 | ||
| 107 | the default cipher list. This is determined at compile time and is normally | 107 | the default cipher list. This is determined at compile time and is normally |
| 108 | B<ALL:!ADH:RC4+RSA:+SSLv2:@STRENGTH>. This must be the first cipher string | 108 | B<AES:ALL:!aNULL:!eNULL:+RC4:@STRENGTH>. This must be the first cipher string |
| 109 | specified. | 109 | specified. |
| 110 | 110 | ||
| 111 | =item B<COMPLEMENTOFDEFAULT> | 111 | =item B<COMPLEMENTOFDEFAULT> |
| @@ -125,11 +125,11 @@ the cipher suites not enabled by B<ALL>, currently being B<eNULL>. | |||
| 125 | =item B<HIGH> | 125 | =item B<HIGH> |
| 126 | 126 | ||
| 127 | "high" encryption cipher suites. This currently means those with key lengths larger | 127 | "high" encryption cipher suites. This currently means those with key lengths larger |
| 128 | than 128 bits. | 128 | than 128 bits, and some cipher suites with 128-bit keys. |
| 129 | 129 | ||
| 130 | =item B<MEDIUM> | 130 | =item B<MEDIUM> |
| 131 | 131 | ||
| 132 | "medium" encryption cipher suites, currently those using 128 bit encryption. | 132 | "medium" encryption cipher suites, currently some of those using 128 bit encryption. |
| 133 | 133 | ||
| 134 | =item B<LOW> | 134 | =item B<LOW> |
| 135 | 135 | ||
| @@ -146,7 +146,9 @@ export encryption algorithms. Including 40 and 56 bits algorithms. | |||
| 146 | 146 | ||
| 147 | =item B<EXPORT56> | 147 | =item B<EXPORT56> |
| 148 | 148 | ||
| 149 | 56 bit export encryption algorithms. | 149 | 56 bit export encryption algorithms. In OpenSSL 0.9.8c and later the set of |
| 150 | 56 bit export ciphers is empty unless OpenSSL has been explicitly configured | ||
| 151 | with support for experimental ciphers. | ||
| 150 | 152 | ||
| 151 | =item B<eNULL>, B<NULL> | 153 | =item B<eNULL>, B<NULL> |
| 152 | 154 | ||
| @@ -207,6 +209,10 @@ anonymous DH cipher suites. | |||
| 207 | 209 | ||
| 208 | cipher suites using AES. | 210 | cipher suites using AES. |
| 209 | 211 | ||
| 212 | =item B<CAMELLIA> | ||
| 213 | |||
| 214 | cipher suites using Camellia. | ||
| 215 | |||
| 210 | =item B<3DES> | 216 | =item B<3DES> |
| 211 | 217 | ||
| 212 | cipher suites using triple DES. | 218 | cipher suites using triple DES. |
| @@ -227,6 +233,10 @@ cipher suites using RC2. | |||
| 227 | 233 | ||
| 228 | cipher suites using IDEA. | 234 | cipher suites using IDEA. |
| 229 | 235 | ||
| 236 | =item B<SEED> | ||
| 237 | |||
| 238 | cipher suites using SEED. | ||
| 239 | |||
| 230 | =item B<MD5> | 240 | =item B<MD5> |
| 231 | 241 | ||
| 232 | cipher suites using MD5. | 242 | cipher suites using MD5. |
| @@ -317,10 +327,10 @@ e.g. DES-CBC3-SHA. In these cases, RSA authentication is used. | |||
| 317 | TLS_RSA_WITH_AES_128_CBC_SHA AES128-SHA | 327 | TLS_RSA_WITH_AES_128_CBC_SHA AES128-SHA |
| 318 | TLS_RSA_WITH_AES_256_CBC_SHA AES256-SHA | 328 | TLS_RSA_WITH_AES_256_CBC_SHA AES256-SHA |
| 319 | 329 | ||
| 320 | TLS_DH_DSS_WITH_AES_128_CBC_SHA DH-DSS-AES128-SHA | 330 | TLS_DH_DSS_WITH_AES_128_CBC_SHA Not implemented. |
| 321 | TLS_DH_DSS_WITH_AES_256_CBC_SHA DH-DSS-AES256-SHA | 331 | TLS_DH_DSS_WITH_AES_256_CBC_SHA Not implemented. |
| 322 | TLS_DH_RSA_WITH_AES_128_CBC_SHA DH-RSA-AES128-SHA | 332 | TLS_DH_RSA_WITH_AES_128_CBC_SHA Not implemented. |
| 323 | TLS_DH_RSA_WITH_AES_256_CBC_SHA DH-RSA-AES256-SHA | 333 | TLS_DH_RSA_WITH_AES_256_CBC_SHA Not implemented. |
| 324 | 334 | ||
| 325 | TLS_DHE_DSS_WITH_AES_128_CBC_SHA DHE-DSS-AES128-SHA | 335 | TLS_DHE_DSS_WITH_AES_128_CBC_SHA DHE-DSS-AES128-SHA |
| 326 | TLS_DHE_DSS_WITH_AES_256_CBC_SHA DHE-DSS-AES256-SHA | 336 | TLS_DHE_DSS_WITH_AES_256_CBC_SHA DHE-DSS-AES256-SHA |
| @@ -330,6 +340,36 @@ e.g. DES-CBC3-SHA. In these cases, RSA authentication is used. | |||
| 330 | TLS_DH_anon_WITH_AES_128_CBC_SHA ADH-AES128-SHA | 340 | TLS_DH_anon_WITH_AES_128_CBC_SHA ADH-AES128-SHA |
| 331 | TLS_DH_anon_WITH_AES_256_CBC_SHA ADH-AES256-SHA | 341 | TLS_DH_anon_WITH_AES_256_CBC_SHA ADH-AES256-SHA |
| 332 | 342 | ||
| 343 | =head2 Camellia ciphersuites from RFC4132, extending TLS v1.0 | ||
| 344 | |||
| 345 | TLS_RSA_WITH_CAMELLIA_128_CBC_SHA CAMELLIA128-SHA | ||
| 346 | TLS_RSA_WITH_CAMELLIA_256_CBC_SHA CAMELLIA256-SHA | ||
| 347 | |||
| 348 | TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA Not implemented. | ||
| 349 | TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA Not implemented. | ||
| 350 | TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA Not implemented. | ||
| 351 | TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA Not implemented. | ||
| 352 | |||
| 353 | TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA DHE-DSS-CAMELLIA128-SHA | ||
| 354 | TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA DHE-DSS-CAMELLIA256-SHA | ||
| 355 | TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA DHE-RSA-CAMELLIA128-SHA | ||
| 356 | TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA DHE-RSA-CAMELLIA256-SHA | ||
| 357 | |||
| 358 | TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA ADH-CAMELLIA128-SHA | ||
| 359 | TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA ADH-CAMELLIA256-SHA | ||
| 360 | |||
| 361 | =head2 SEED ciphersuites from RFC4162, extending TLS v1.0 | ||
| 362 | |||
| 363 | TLS_RSA_WITH_SEED_CBC_SHA SEED-SHA | ||
| 364 | |||
| 365 | TLS_DH_DSS_WITH_SEED_CBC_SHA Not implemented. | ||
| 366 | TLS_DH_RSA_WITH_SEED_CBC_SHA Not implemented. | ||
| 367 | |||
| 368 | TLS_DHE_DSS_WITH_SEED_CBC_SHA DHE-DSS-SEED-SHA | ||
| 369 | TLS_DHE_RSA_WITH_SEED_CBC_SHA DHE-RSA-SEED-SHA | ||
| 370 | |||
| 371 | TLS_DH_anon_WITH_SEED_CBC_SHA ADH-SEED-SHA | ||
| 372 | |||
| 333 | =head2 Additional Export 1024 and other cipher suites | 373 | =head2 Additional Export 1024 and other cipher suites |
| 334 | 374 | ||
| 335 | Note: these ciphers can also be used in SSL v3. | 375 | Note: these ciphers can also be used in SSL v3. |
diff --git a/src/lib/libssl/src/doc/apps/config.pod b/src/lib/libssl/src/doc/apps/config.pod index 8f823fa6d6..ace34b62bd 100644 --- a/src/lib/libssl/src/doc/apps/config.pod +++ b/src/lib/libssl/src/doc/apps/config.pod | |||
| @@ -1,6 +1,8 @@ | |||
| 1 | 1 | ||
| 2 | =pod | 2 | =pod |
| 3 | 3 | ||
| 4 | =for comment openssl_manual_section:5 | ||
| 5 | |||
| 4 | =head1 NAME | 6 | =head1 NAME |
| 5 | 7 | ||
| 6 | config - OpenSSL CONF library configuration files | 8 | config - OpenSSL CONF library configuration files |
| @@ -105,6 +107,11 @@ as any compliant applications. For example: | |||
| 105 | some_new_oid = 1.2.3.4 | 107 | some_new_oid = 1.2.3.4 |
| 106 | some_other_oid = 1.2.3.5 | 108 | some_other_oid = 1.2.3.5 |
| 107 | 109 | ||
| 110 | In OpenSSL 0.9.8 it is also possible to set the value to the long name followed | ||
| 111 | by a comma and the numerical OID form. For example: | ||
| 112 | |||
| 113 | shortName = some object long name, 1.2.3.4 | ||
| 114 | |||
| 108 | =head2 ENGINE CONFIGURATION MODULE | 115 | =head2 ENGINE CONFIGURATION MODULE |
| 109 | 116 | ||
| 110 | This ENGINE configuration module has the name B<engines>. The value of this | 117 | This ENGINE configuration module has the name B<engines>. The value of this |
diff --git a/src/lib/libssl/src/doc/apps/dgst.pod b/src/lib/libssl/src/doc/apps/dgst.pod index b0d198724c..908cd2a6d6 100644 --- a/src/lib/libssl/src/doc/apps/dgst.pod +++ b/src/lib/libssl/src/doc/apps/dgst.pod | |||
| @@ -18,6 +18,7 @@ B<openssl> B<dgst> | |||
| 18 | [B<-verify filename>] | 18 | [B<-verify filename>] |
| 19 | [B<-prverify filename>] | 19 | [B<-prverify filename>] |
| 20 | [B<-signature filename>] | 20 | [B<-signature filename>] |
| 21 | [B<-hmac key>] | ||
| 21 | [B<file...>] | 22 | [B<file...>] |
| 22 | 23 | ||
| 23 | [B<md5|md4|md2|sha1|sha|mdc2|ripemd160>] | 24 | [B<md5|md4|md2|sha1|sha|mdc2|ripemd160>] |
| @@ -78,6 +79,10 @@ verify the signature using the the private key in "filename". | |||
| 78 | 79 | ||
| 79 | the actual signature to verify. | 80 | the actual signature to verify. |
| 80 | 81 | ||
| 82 | =item B<-hmac key> | ||
| 83 | |||
| 84 | create a hashed MAC using "key". | ||
| 85 | |||
| 81 | =item B<-rand file(s)> | 86 | =item B<-rand file(s)> |
| 82 | 87 | ||
| 83 | a file or files containing random data used to seed the random number | 88 | a file or files containing random data used to seed the random number |
diff --git a/src/lib/libssl/src/doc/apps/enc.pod b/src/lib/libssl/src/doc/apps/enc.pod index c43da5b3f1..4391c93360 100644 --- a/src/lib/libssl/src/doc/apps/enc.pod +++ b/src/lib/libssl/src/doc/apps/enc.pod | |||
| @@ -227,6 +227,14 @@ Blowfish and RC5 algorithms use a 128 bit key. | |||
| 227 | rc5-ecb RC5 cipher in ECB mode | 227 | rc5-ecb RC5 cipher in ECB mode |
| 228 | rc5-ofb RC5 cipher in OFB mode | 228 | rc5-ofb RC5 cipher in OFB mode |
| 229 | 229 | ||
| 230 | aes-[128|192|256]-cbc 128/192/256 bit AES in CBC mode | ||
| 231 | aes-[128|192|256] Alias for aes-[128|192|256]-cbc | ||
| 232 | aes-[128|192|256]-cfb 128/192/256 bit AES in 128 bit CFB mode | ||
| 233 | aes-[128|192|256]-cfb1 128/192/256 bit AES in 1 bit CFB mode | ||
| 234 | aes-[128|192|256]-cfb8 128/192/256 bit AES in 8 bit CFB mode | ||
| 235 | aes-[128|192|256]-ecb 128/192/256 bit AES in ECB mode | ||
| 236 | aes-[128|192|256]-ofb 128/192/256 bit AES in OFB mode | ||
| 237 | |||
| 230 | =head1 EXAMPLES | 238 | =head1 EXAMPLES |
| 231 | 239 | ||
| 232 | Just base64 encode a binary file: | 240 | Just base64 encode a binary file: |
diff --git a/src/lib/libssl/src/doc/apps/ocsp.pod b/src/lib/libssl/src/doc/apps/ocsp.pod index 4f266058e5..b58ddc1788 100644 --- a/src/lib/libssl/src/doc/apps/ocsp.pod +++ b/src/lib/libssl/src/doc/apps/ocsp.pod | |||
| @@ -73,7 +73,7 @@ specify output filename, default is standard output. | |||
| 73 | 73 | ||
| 74 | This specifies the current issuer certificate. This option can be used | 74 | This specifies the current issuer certificate. This option can be used |
| 75 | multiple times. The certificate specified in B<filename> must be in | 75 | multiple times. The certificate specified in B<filename> must be in |
| 76 | PEM format. | 76 | PEM format. This option B<MUST> come before any B<-cert> options. |
| 77 | 77 | ||
| 78 | =item B<-cert filename> | 78 | =item B<-cert filename> |
| 79 | 79 | ||
| @@ -146,7 +146,7 @@ certificate in such cases. | |||
| 146 | 146 | ||
| 147 | =item B<-trust_other> | 147 | =item B<-trust_other> |
| 148 | 148 | ||
| 149 | the certificates specified by the B<-verify_certs> option should be explicitly | 149 | the certificates specified by the B<-verify_other> option should be explicitly |
| 150 | trusted and no additional checks will be performed on them. This is useful | 150 | trusted and no additional checks will be performed on them. This is useful |
| 151 | when the complete responder certificate chain is not available or trusting a | 151 | when the complete responder certificate chain is not available or trusting a |
| 152 | root CA is not appropriate. | 152 | root CA is not appropriate. |
| @@ -154,7 +154,7 @@ root CA is not appropriate. | |||
| 154 | =item B<-VAfile file> | 154 | =item B<-VAfile file> |
| 155 | 155 | ||
| 156 | file containing explicitly trusted responder certificates. Equivalent to the | 156 | file containing explicitly trusted responder certificates. Equivalent to the |
| 157 | B<-verify_certs> and B<-trust_other> options. | 157 | B<-verify_other> and B<-trust_other> options. |
| 158 | 158 | ||
| 159 | =item B<-noverify> | 159 | =item B<-noverify> |
| 160 | 160 | ||
| @@ -166,7 +166,7 @@ of the responders certificate. | |||
| 166 | 166 | ||
| 167 | ignore certificates contained in the OCSP response when searching for the | 167 | ignore certificates contained in the OCSP response when searching for the |
| 168 | signers certificate. With this option the signers certificate must be specified | 168 | signers certificate. With this option the signers certificate must be specified |
| 169 | with either the B<-verify_certs> or B<-VAfile> options. | 169 | with either the B<-verify_other> or B<-VAfile> options. |
| 170 | 170 | ||
| 171 | =item B<-no_signature_verify> | 171 | =item B<-no_signature_verify> |
| 172 | 172 | ||
diff --git a/src/lib/libssl/src/doc/apps/openssl.pod b/src/lib/libssl/src/doc/apps/openssl.pod index dc0f49ddca..964cdf0f02 100644 --- a/src/lib/libssl/src/doc/apps/openssl.pod +++ b/src/lib/libssl/src/doc/apps/openssl.pod | |||
| @@ -227,6 +227,22 @@ SHA Digest | |||
| 227 | 227 | ||
| 228 | SHA-1 Digest | 228 | SHA-1 Digest |
| 229 | 229 | ||
| 230 | =item B<sha224> | ||
| 231 | |||
| 232 | SHA-224 Digest | ||
| 233 | |||
| 234 | =item B<sha256> | ||
| 235 | |||
| 236 | SHA-256 Digest | ||
| 237 | |||
| 238 | =item B<sha384> | ||
| 239 | |||
| 240 | SHA-384 Digest | ||
| 241 | |||
| 242 | =item B<sha512> | ||
| 243 | |||
| 244 | SHA-512 Digest | ||
| 245 | |||
| 230 | =back | 246 | =back |
| 231 | 247 | ||
| 232 | =head2 ENCODING AND CIPHER COMMANDS | 248 | =head2 ENCODING AND CIPHER COMMANDS |
diff --git a/src/lib/libssl/src/doc/apps/req.pod b/src/lib/libssl/src/doc/apps/req.pod index e2b5d0d8ec..82b565c9d4 100644 --- a/src/lib/libssl/src/doc/apps/req.pod +++ b/src/lib/libssl/src/doc/apps/req.pod | |||
| @@ -30,6 +30,7 @@ B<openssl> B<req> | |||
| 30 | [B<-[md5|sha1|md2|mdc2]>] | 30 | [B<-[md5|sha1|md2|mdc2]>] |
| 31 | [B<-config filename>] | 31 | [B<-config filename>] |
| 32 | [B<-subj arg>] | 32 | [B<-subj arg>] |
| 33 | [B<-multivalue-rdn>] | ||
| 33 | [B<-x509>] | 34 | [B<-x509>] |
| 34 | [B<-days n>] | 35 | [B<-days n>] |
| 35 | [B<-set_serial n>] | 36 | [B<-set_serial n>] |
| @@ -173,6 +174,15 @@ when processing a request. | |||
| 173 | The arg must be formatted as I</type0=value0/type1=value1/type2=...>, | 174 | The arg must be formatted as I</type0=value0/type1=value1/type2=...>, |
| 174 | characters may be escaped by \ (backslash), no spaces are skipped. | 175 | characters may be escaped by \ (backslash), no spaces are skipped. |
| 175 | 176 | ||
| 177 | =item B<-multivalue-rdn> | ||
| 178 | |||
| 179 | this option causes the -subj argument to be interpreted with full | ||
| 180 | support for multivalued RDNs. Example: | ||
| 181 | |||
| 182 | I</DC=org/DC=OpenSSL/DC=users/UID=123456+CN=John Doe> | ||
| 183 | |||
| 184 | If -multi-rdn is not used then the UID value is I<123456+CN=John Doe>. | ||
| 185 | |||
| 176 | =item B<-x509> | 186 | =item B<-x509> |
| 177 | 187 | ||
| 178 | this option outputs a self signed certificate instead of a certificate | 188 | this option outputs a self signed certificate instead of a certificate |
diff --git a/src/lib/libssl/src/doc/apps/rsautl.pod b/src/lib/libssl/src/doc/apps/rsautl.pod index a7c1681d98..1a498c2f62 100644 --- a/src/lib/libssl/src/doc/apps/rsautl.pod +++ b/src/lib/libssl/src/doc/apps/rsautl.pod | |||
| @@ -152,7 +152,7 @@ The final BIT STRING contains the actual signature. It can be extracted with: | |||
| 152 | 152 | ||
| 153 | The certificate public key can be extracted with: | 153 | The certificate public key can be extracted with: |
| 154 | 154 | ||
| 155 | openssl x509 -in test/testx509.pem -pubout -noout >pubkey.pem | 155 | openssl x509 -in test/testx509.pem -pubkey -noout >pubkey.pem |
| 156 | 156 | ||
| 157 | The signature can be analysed with: | 157 | The signature can be analysed with: |
| 158 | 158 | ||
diff --git a/src/lib/libssl/src/doc/apps/s_client.pod b/src/lib/libssl/src/doc/apps/s_client.pod index 8d19079973..c44d357cf7 100644 --- a/src/lib/libssl/src/doc/apps/s_client.pod +++ b/src/lib/libssl/src/doc/apps/s_client.pod | |||
| @@ -11,7 +11,10 @@ B<openssl> B<s_client> | |||
| 11 | [B<-connect host:port>] | 11 | [B<-connect host:port>] |
| 12 | [B<-verify depth>] | 12 | [B<-verify depth>] |
| 13 | [B<-cert filename>] | 13 | [B<-cert filename>] |
| 14 | [B<-certform DER|PEM>] | ||
| 14 | [B<-key filename>] | 15 | [B<-key filename>] |
| 16 | [B<-keyform DER|PEM>] | ||
| 17 | [B<-pass arg>] | ||
| 15 | [B<-CApath directory>] | 18 | [B<-CApath directory>] |
| 16 | [B<-CAfile filename>] | 19 | [B<-CAfile filename>] |
| 17 | [B<-reconnect>] | 20 | [B<-reconnect>] |
| @@ -35,6 +38,10 @@ B<openssl> B<s_client> | |||
| 35 | [B<-cipher cipherlist>] | 38 | [B<-cipher cipherlist>] |
| 36 | [B<-starttls protocol>] | 39 | [B<-starttls protocol>] |
| 37 | [B<-engine id>] | 40 | [B<-engine id>] |
| 41 | [B<-tlsextdebug>] | ||
| 42 | [B<-no_ticket>] | ||
| 43 | [B<-sess_out filename>] | ||
| 44 | [B<-sess_in filename>] | ||
| 38 | [B<-rand file(s)>] | 45 | [B<-rand file(s)>] |
| 39 | 46 | ||
| 40 | =head1 DESCRIPTION | 47 | =head1 DESCRIPTION |
| @@ -57,11 +64,24 @@ then an attempt is made to connect to the local host on port 4433. | |||
| 57 | The certificate to use, if one is requested by the server. The default is | 64 | The certificate to use, if one is requested by the server. The default is |
| 58 | not to use a certificate. | 65 | not to use a certificate. |
| 59 | 66 | ||
| 67 | =item B<-certform format> | ||
| 68 | |||
| 69 | The certificate format to use: DER or PEM. PEM is the default. | ||
| 70 | |||
| 60 | =item B<-key keyfile> | 71 | =item B<-key keyfile> |
| 61 | 72 | ||
| 62 | The private key to use. If not specified then the certificate file will | 73 | The private key to use. If not specified then the certificate file will |
| 63 | be used. | 74 | be used. |
| 64 | 75 | ||
| 76 | =item B<-keyform format> | ||
| 77 | |||
| 78 | The private format to use: DER or PEM. PEM is the default. | ||
| 79 | |||
| 80 | =item B<-pass arg> | ||
| 81 | |||
| 82 | the private key password source. For more information about the format of B<arg> | ||
| 83 | see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)|openssl(1)>. | ||
| 84 | |||
| 65 | =item B<-verify depth> | 85 | =item B<-verify depth> |
| 66 | 86 | ||
| 67 | The verify depth to use. This specifies the maximum length of the | 87 | The verify depth to use. This specifies the maximum length of the |
| @@ -168,7 +188,27 @@ command for more information. | |||
| 168 | 188 | ||
| 169 | send the protocol-specific message(s) to switch to TLS for communication. | 189 | send the protocol-specific message(s) to switch to TLS for communication. |
| 170 | B<protocol> is a keyword for the intended protocol. Currently, the only | 190 | B<protocol> is a keyword for the intended protocol. Currently, the only |
| 171 | supported keywords are "smtp" and "pop3". | 191 | supported keywords are "smtp", "pop3", "imap", and "ftp". |
| 192 | |||
| 193 | =item B<-tlsextdebug> | ||
| 194 | |||
| 195 | print out a hex dump of any TLS extensions received from the server. Note: this | ||
| 196 | option is only available if extension support is explicitly enabled at compile | ||
| 197 | time | ||
| 198 | |||
| 199 | =item B<-no_ticket> | ||
| 200 | |||
| 201 | disable RFC4507bis session ticket support. Note: this option is only available | ||
| 202 | if extension support is explicitly enabled at compile time | ||
| 203 | |||
| 204 | =item B<-sess_out filename> | ||
| 205 | |||
| 206 | output SSL session to B<filename> | ||
| 207 | |||
| 208 | =item B<-sess_in sess.pem> | ||
| 209 | |||
| 210 | load SSL session from B<filename>. The client will attempt to resume a | ||
| 211 | connection from this session. | ||
| 172 | 212 | ||
| 173 | =item B<-engine id> | 213 | =item B<-engine id> |
| 174 | 214 | ||
| @@ -230,6 +270,13 @@ on the command line is no guarantee that the certificate works. | |||
| 230 | If there are problems verifying a server certificate then the | 270 | If there are problems verifying a server certificate then the |
| 231 | B<-showcerts> option can be used to show the whole chain. | 271 | B<-showcerts> option can be used to show the whole chain. |
| 232 | 272 | ||
| 273 | Since the SSLv23 client hello cannot include compression methods or extensions | ||
| 274 | these will only be supported if its use is disabled, for example by using the | ||
| 275 | B<-no_sslv2> option. | ||
| 276 | |||
| 277 | TLS extensions are only supported in OpenSSL 0.9.8 if they are explictly | ||
| 278 | enabled at compile time using for example the B<enable-tlsext> switch. | ||
| 279 | |||
| 233 | =head1 BUGS | 280 | =head1 BUGS |
| 234 | 281 | ||
| 235 | Because this program has a lot of options and also because some of | 282 | Because this program has a lot of options and also because some of |
diff --git a/src/lib/libssl/src/doc/apps/s_server.pod b/src/lib/libssl/src/doc/apps/s_server.pod index 1d21921e47..fdcc170e28 100644 --- a/src/lib/libssl/src/doc/apps/s_server.pod +++ b/src/lib/libssl/src/doc/apps/s_server.pod | |||
| @@ -12,10 +12,18 @@ B<openssl> B<s_server> | |||
| 12 | [B<-context id>] | 12 | [B<-context id>] |
| 13 | [B<-verify depth>] | 13 | [B<-verify depth>] |
| 14 | [B<-Verify depth>] | 14 | [B<-Verify depth>] |
| 15 | [B<-crl_check>] | ||
| 16 | [B<-crl_check_all>] | ||
| 15 | [B<-cert filename>] | 17 | [B<-cert filename>] |
| 18 | [B<-certform DER|PEM>] | ||
| 16 | [B<-key keyfile>] | 19 | [B<-key keyfile>] |
| 20 | [B<-keyform DER|PEM>] | ||
| 21 | [B<-pass arg>] | ||
| 17 | [B<-dcert filename>] | 22 | [B<-dcert filename>] |
| 23 | [B<-dcertform DER|PEM>] | ||
| 18 | [B<-dkey keyfile>] | 24 | [B<-dkey keyfile>] |
| 25 | [B<-dkeyform DER|PEM>] | ||
| 26 | [B<-dpass arg>] | ||
| 19 | [B<-dhparam filename>] | 27 | [B<-dhparam filename>] |
| 20 | [B<-nbio>] | 28 | [B<-nbio>] |
| 21 | [B<-nbio_test>] | 29 | [B<-nbio_test>] |
| @@ -42,6 +50,8 @@ B<openssl> B<s_server> | |||
| 42 | [B<-WWW>] | 50 | [B<-WWW>] |
| 43 | [B<-HTTP>] | 51 | [B<-HTTP>] |
| 44 | [B<-engine id>] | 52 | [B<-engine id>] |
| 53 | [B<-tlsextdebug>] | ||
| 54 | [B<-no_ticket>] | ||
| 45 | [B<-id_prefix arg>] | 55 | [B<-id_prefix arg>] |
| 46 | [B<-rand file(s)>] | 56 | [B<-rand file(s)>] |
| 47 | 57 | ||
| @@ -70,11 +80,24 @@ certificate and some require a certificate with a certain public key type: | |||
| 70 | for example the DSS cipher suites require a certificate containing a DSS | 80 | for example the DSS cipher suites require a certificate containing a DSS |
| 71 | (DSA) key. If not specified then the filename "server.pem" will be used. | 81 | (DSA) key. If not specified then the filename "server.pem" will be used. |
| 72 | 82 | ||
| 83 | =item B<-certform format> | ||
| 84 | |||
| 85 | The certificate format to use: DER or PEM. PEM is the default. | ||
| 86 | |||
| 73 | =item B<-key keyfile> | 87 | =item B<-key keyfile> |
| 74 | 88 | ||
| 75 | The private key to use. If not specified then the certificate file will | 89 | The private key to use. If not specified then the certificate file will |
| 76 | be used. | 90 | be used. |
| 77 | 91 | ||
| 92 | =item B<-keyform format> | ||
| 93 | |||
| 94 | The private format to use: DER or PEM. PEM is the default. | ||
| 95 | |||
| 96 | =item B<-pass arg> | ||
| 97 | |||
| 98 | the private key password source. For more information about the format of B<arg> | ||
| 99 | see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)|openssl(1)>. | ||
| 100 | |||
| 78 | =item B<-dcert filename>, B<-dkey keyname> | 101 | =item B<-dcert filename>, B<-dkey keyname> |
| 79 | 102 | ||
| 80 | specify an additional certificate and private key, these behave in the | 103 | specify an additional certificate and private key, these behave in the |
| @@ -86,6 +109,10 @@ and some a DSS (DSA) key. By using RSA and DSS certificates and keys | |||
| 86 | a server can support clients which only support RSA or DSS cipher suites | 109 | a server can support clients which only support RSA or DSS cipher suites |
| 87 | by using an appropriate certificate. | 110 | by using an appropriate certificate. |
| 88 | 111 | ||
| 112 | =item B<-dcertform format>, B<-dkeyform format>, B<-dpass arg> | ||
| 113 | |||
| 114 | addtional certificate and private key format and passphrase respectively. | ||
| 115 | |||
| 89 | =item B<-nocert> | 116 | =item B<-nocert> |
| 90 | 117 | ||
| 91 | if this option is set then no certificate is used. This restricts the | 118 | if this option is set then no certificate is used. This restricts the |
| @@ -117,6 +144,12 @@ the client. With the B<-verify> option a certificate is requested but the | |||
| 117 | client does not have to send one, with the B<-Verify> option the client | 144 | client does not have to send one, with the B<-Verify> option the client |
| 118 | must supply a certificate or an error occurs. | 145 | must supply a certificate or an error occurs. |
| 119 | 146 | ||
| 147 | =item B<-crl_check>, B<-crl_check_all> | ||
| 148 | |||
| 149 | Check the peer certificate has not been revoked by its CA. | ||
| 150 | The CRL(s) are appended to the certificate file. With the B<-crl_check_all> | ||
| 151 | option all CRLs of all CAs in the chain are checked. | ||
| 152 | |||
| 120 | =item B<-CApath directory> | 153 | =item B<-CApath directory> |
| 121 | 154 | ||
| 122 | The directory to use for client certificate verification. This directory | 155 | The directory to use for client certificate verification. This directory |
| @@ -182,6 +215,14 @@ also included in the server list is used. Because the client specifies | |||
| 182 | the preference order, the order of the server cipherlist irrelevant. See | 215 | the preference order, the order of the server cipherlist irrelevant. See |
| 183 | the B<ciphers> command for more information. | 216 | the B<ciphers> command for more information. |
| 184 | 217 | ||
| 218 | =item B<-tlsextdebug> | ||
| 219 | |||
| 220 | print out a hex dump of any TLS extensions received from the server. | ||
| 221 | |||
| 222 | =item B<-no_ticket> | ||
| 223 | |||
| 224 | disable RFC4507bis session ticket support. | ||
| 225 | |||
| 185 | =item B<-www> | 226 | =item B<-www> |
| 186 | 227 | ||
| 187 | sends a status message back to the client when it connects. This includes | 228 | sends a status message back to the client when it connects. This includes |
| @@ -284,6 +325,9 @@ mean any CA is acceptable. This is useful for debugging purposes. | |||
| 284 | 325 | ||
| 285 | The session parameters can printed out using the B<sess_id> program. | 326 | The session parameters can printed out using the B<sess_id> program. |
| 286 | 327 | ||
| 328 | TLS extensions are only supported in OpenSSL 0.9.8 if they are explictly | ||
| 329 | enabled at compile time using for example the B<enable-tlsext> switch. | ||
| 330 | |||
| 287 | =head1 BUGS | 331 | =head1 BUGS |
| 288 | 332 | ||
| 289 | Because this program has a lot of options and also because some of | 333 | Because this program has a lot of options and also because some of |
diff --git a/src/lib/libssl/src/doc/apps/smime.pod b/src/lib/libssl/src/doc/apps/smime.pod index 84b673f791..caf2d2689e 100644 --- a/src/lib/libssl/src/doc/apps/smime.pod +++ b/src/lib/libssl/src/doc/apps/smime.pod | |||
| @@ -20,6 +20,9 @@ B<openssl> B<smime> | |||
| 20 | [B<-aes128>] | 20 | [B<-aes128>] |
| 21 | [B<-aes192>] | 21 | [B<-aes192>] |
| 22 | [B<-aes256>] | 22 | [B<-aes256>] |
| 23 | [B<-camellia128>] | ||
| 24 | [B<-camellia192>] | ||
| 25 | [B<-camellia256>] | ||
| 23 | [B<-in file>] | 26 | [B<-in file>] |
| 24 | [B<-certfile file>] | 27 | [B<-certfile file>] |
| 25 | [B<-signer file>] | 28 | [B<-signer file>] |
| @@ -129,10 +132,10 @@ B<-verify>. This directory must be a standard certificate directory: that | |||
| 129 | is a hash of each subject name (using B<x509 -hash>) should be linked | 132 | is a hash of each subject name (using B<x509 -hash>) should be linked |
| 130 | to each certificate. | 133 | to each certificate. |
| 131 | 134 | ||
| 132 | =item B<-des -des3 -rc2-40 -rc2-64 -rc2-128 -aes128 -aes192 -aes256> | 135 | =item B<-des -des3 -rc2-40 -rc2-64 -rc2-128 -aes128 -aes192 -aes256 -camellia128 -camellia192 -camellia256> |
| 133 | 136 | ||
| 134 | the encryption algorithm to use. DES (56 bits), triple DES (168 bits), | 137 | the encryption algorithm to use. DES (56 bits), triple DES (168 bits), |
| 135 | 40, 64 or 128 bit RC2 or 128, 192 or 256 bit AES respectively. If not | 138 | 40, 64 or 128 bit RC2, 128, 192 or 256 bit AES, or 128, 192 or 256 bit Camellia respectively. If not |
| 136 | specified 40 bit RC2 is used. Only used with B<-encrypt>. | 139 | specified 40 bit RC2 is used. Only used with B<-encrypt>. |
| 137 | 140 | ||
| 138 | =item B<-nointern> | 141 | =item B<-nointern> |
| @@ -354,6 +357,10 @@ alternatively you can base64 decode the signature and use | |||
| 354 | 357 | ||
| 355 | openssl smime -verify -inform DER -in signature.der -content content.txt | 358 | openssl smime -verify -inform DER -in signature.der -content content.txt |
| 356 | 359 | ||
| 360 | Create an encrypted message using 128 bit Camellia: | ||
| 361 | |||
| 362 | openssl smime -encrypt -in plain.txt -camellia128 -out mail.msg cert.pem | ||
| 363 | |||
| 357 | =head1 BUGS | 364 | =head1 BUGS |
| 358 | 365 | ||
| 359 | The MIME parser isn't very clever: it seems to handle most messages that I've thrown | 366 | The MIME parser isn't very clever: it seems to handle most messages that I've thrown |
diff --git a/src/lib/libssl/src/doc/apps/verify.pod b/src/lib/libssl/src/doc/apps/verify.pod index ea5c29c150..ff2629d2cf 100644 --- a/src/lib/libssl/src/doc/apps/verify.pod +++ b/src/lib/libssl/src/doc/apps/verify.pod | |||
| @@ -169,7 +169,7 @@ the operation was successful. | |||
| 169 | the issuer certificate could not be found: this occurs if the issuer certificate | 169 | the issuer certificate could not be found: this occurs if the issuer certificate |
| 170 | of an untrusted certificate cannot be found. | 170 | of an untrusted certificate cannot be found. |
| 171 | 171 | ||
| 172 | =item B<3 X509_V_ERR_UNABLE_TO_GET_CRL unable to get certificate CRL> | 172 | =item B<3 X509_V_ERR_UNABLE_TO_GET_CRL: unable to get certificate CRL> |
| 173 | 173 | ||
| 174 | the CRL of a certificate could not be found. Unused. | 174 | the CRL of a certificate could not be found. Unused. |
| 175 | 175 | ||
diff --git a/src/lib/libssl/src/doc/apps/x509.pod b/src/lib/libssl/src/doc/apps/x509.pod index 50343cd685..a925da41f1 100644 --- a/src/lib/libssl/src/doc/apps/x509.pod +++ b/src/lib/libssl/src/doc/apps/x509.pod | |||
| @@ -17,6 +17,8 @@ B<openssl> B<x509> | |||
| 17 | [B<-out filename>] | 17 | [B<-out filename>] |
| 18 | [B<-serial>] | 18 | [B<-serial>] |
| 19 | [B<-hash>] | 19 | [B<-hash>] |
| 20 | [B<-subject_hash>] | ||
| 21 | [B<-issuer_hash>] | ||
| 20 | [B<-subject>] | 22 | [B<-subject>] |
| 21 | [B<-issuer>] | 23 | [B<-issuer>] |
| 22 | [B<-nameopt option>] | 24 | [B<-nameopt option>] |
| @@ -96,8 +98,8 @@ default. | |||
| 96 | 98 | ||
| 97 | the digest to use. This affects any signing or display option that uses a message | 99 | the digest to use. This affects any signing or display option that uses a message |
| 98 | digest, such as the B<-fingerprint>, B<-signkey> and B<-CA> options. If not | 100 | digest, such as the B<-fingerprint>, B<-signkey> and B<-CA> options. If not |
| 99 | specified then MD5 is used. If the key being used to sign with is a DSA key then | 101 | specified then SHA1 is used. If the key being used to sign with is a DSA key |
| 100 | this option has no effect: SHA1 is always used with DSA keys. | 102 | then this option has no effect: SHA1 is always used with DSA keys. |
| 101 | 103 | ||
| 102 | =item B<-engine id> | 104 | =item B<-engine id> |
| 103 | 105 | ||
| @@ -141,12 +143,20 @@ contained in the certificate. | |||
| 141 | 143 | ||
| 142 | outputs the certificate serial number. | 144 | outputs the certificate serial number. |
| 143 | 145 | ||
| 144 | =item B<-hash> | 146 | =item B<-subject_hash> |
| 145 | 147 | ||
| 146 | outputs the "hash" of the certificate subject name. This is used in OpenSSL to | 148 | outputs the "hash" of the certificate subject name. This is used in OpenSSL to |
| 147 | form an index to allow certificates in a directory to be looked up by subject | 149 | form an index to allow certificates in a directory to be looked up by subject |
| 148 | name. | 150 | name. |
| 149 | 151 | ||
| 152 | =item B<-issuer_hash> | ||
| 153 | |||
| 154 | outputs the "hash" of the certificate issuer name. | ||
| 155 | |||
| 156 | =item B<-hash> | ||
| 157 | |||
| 158 | synonym for "-hash" for backward compatibility reasons. | ||
| 159 | |||
| 150 | =item B<-subject> | 160 | =item B<-subject> |
| 151 | 161 | ||
| 152 | outputs the subject name. | 162 | outputs the subject name. |
| @@ -394,13 +404,13 @@ B<sep_comma_plus>, B<dn_rev> and B<sname>. | |||
| 394 | 404 | ||
| 395 | a oneline format which is more readable than RFC2253. It is equivalent to | 405 | a oneline format which is more readable than RFC2253. It is equivalent to |
| 396 | specifying the B<esc_2253>, B<esc_ctrl>, B<esc_msb>, B<utf8>, B<dump_nostr>, | 406 | specifying the B<esc_2253>, B<esc_ctrl>, B<esc_msb>, B<utf8>, B<dump_nostr>, |
| 397 | B<dump_der>, B<use_quote>, B<sep_comma_plus_spc>, B<spc_eq> and B<sname> | 407 | B<dump_der>, B<use_quote>, B<sep_comma_plus_space>, B<space_eq> and B<sname> |
| 398 | options. | 408 | options. |
| 399 | 409 | ||
| 400 | =item B<multiline> | 410 | =item B<multiline> |
| 401 | 411 | ||
| 402 | a multiline format. It is equivalent B<esc_ctrl>, B<esc_msb>, B<sep_multiline>, | 412 | a multiline format. It is equivalent B<esc_ctrl>, B<esc_msb>, B<sep_multiline>, |
| 403 | B<spc_eq>, B<lname> and B<align>. | 413 | B<space_eq>, B<lname> and B<align>. |
| 404 | 414 | ||
| 405 | =item B<esc_2253> | 415 | =item B<esc_2253> |
| 406 | 416 | ||
| @@ -500,7 +510,7 @@ diagnostic purpose. | |||
| 500 | align field values for a more readable output. Only usable with | 510 | align field values for a more readable output. Only usable with |
| 501 | B<sep_multiline>. | 511 | B<sep_multiline>. |
| 502 | 512 | ||
| 503 | =item B<spc_eq> | 513 | =item B<space_eq> |
| 504 | 514 | ||
| 505 | places spaces round the B<=> character which follows the field | 515 | places spaces round the B<=> character which follows the field |
| 506 | name. | 516 | name. |
| @@ -610,7 +620,7 @@ Display the certificate subject name in RFC2253 form: | |||
| 610 | Display the certificate subject name in oneline form on a terminal | 620 | Display the certificate subject name in oneline form on a terminal |
| 611 | supporting UTF8: | 621 | supporting UTF8: |
| 612 | 622 | ||
| 613 | openssl x509 -in cert.pem -noout -subject -nameopt oneline,-escmsb | 623 | openssl x509 -in cert.pem -noout -subject -nameopt oneline,-esc_msb |
| 614 | 624 | ||
| 615 | Display the certificate MD5 fingerprint: | 625 | Display the certificate MD5 fingerprint: |
| 616 | 626 | ||
| @@ -815,4 +825,8 @@ OpenSSL 0.9.5 and later. | |||
| 815 | L<req(1)|req(1)>, L<ca(1)|ca(1)>, L<genrsa(1)|genrsa(1)>, | 825 | L<req(1)|req(1)>, L<ca(1)|ca(1)>, L<genrsa(1)|genrsa(1)>, |
| 816 | L<gendsa(1)|gendsa(1)>, L<verify(1)|verify(1)> | 826 | L<gendsa(1)|gendsa(1)>, L<verify(1)|verify(1)> |
| 817 | 827 | ||
| 828 | =head1 HISTORY | ||
| 829 | |||
| 830 | Before OpenSSL 0.9.8, the default digest for RSA keys was MD5. | ||
| 831 | |||
| 818 | =cut | 832 | =cut |
diff --git a/src/lib/libssl/src/doc/c-indentation.el b/src/lib/libssl/src/doc/c-indentation.el index cbf01cb172..90861d3979 100644 --- a/src/lib/libssl/src/doc/c-indentation.el +++ b/src/lib/libssl/src/doc/c-indentation.el | |||
| @@ -20,6 +20,7 @@ | |||
| 20 | 20 | ||
| 21 | (c-add-style "eay" | 21 | (c-add-style "eay" |
| 22 | '((c-basic-offset . 8) | 22 | '((c-basic-offset . 8) |
| 23 | (indent-tabs-mode . t) | ||
| 23 | (c-comment-only-line-offset . 0) | 24 | (c-comment-only-line-offset . 0) |
| 24 | (c-hanging-braces-alist) | 25 | (c-hanging-braces-alist) |
| 25 | (c-offsets-alist . ((defun-open . +) | 26 | (c-offsets-alist . ((defun-open . +) |
diff --git a/src/lib/libssl/src/doc/crypto/BIO_f_base64.pod b/src/lib/libssl/src/doc/crypto/BIO_f_base64.pod index 929557d22f..438af3b6b6 100644 --- a/src/lib/libssl/src/doc/crypto/BIO_f_base64.pod +++ b/src/lib/libssl/src/doc/crypto/BIO_f_base64.pod | |||
| @@ -63,7 +63,7 @@ data to standard output: | |||
| 63 | bio = BIO_new_fp(stdin, BIO_NOCLOSE); | 63 | bio = BIO_new_fp(stdin, BIO_NOCLOSE); |
| 64 | bio_out = BIO_new_fp(stdout, BIO_NOCLOSE); | 64 | bio_out = BIO_new_fp(stdout, BIO_NOCLOSE); |
| 65 | bio = BIO_push(b64, bio); | 65 | bio = BIO_push(b64, bio); |
| 66 | while((inlen = BIO_read(bio, inbuf, 512) > 0) | 66 | while((inlen = BIO_read(bio, inbuf, 512)) > 0) |
| 67 | BIO_write(bio_out, inbuf, inlen); | 67 | BIO_write(bio_out, inbuf, inlen); |
| 68 | 68 | ||
| 69 | BIO_free_all(bio); | 69 | BIO_free_all(bio); |
diff --git a/src/lib/libssl/src/doc/crypto/BIO_set_callback.pod b/src/lib/libssl/src/doc/crypto/BIO_set_callback.pod index 9b6961ca8d..4759556245 100644 --- a/src/lib/libssl/src/doc/crypto/BIO_set_callback.pod +++ b/src/lib/libssl/src/doc/crypto/BIO_set_callback.pod | |||
| @@ -17,7 +17,7 @@ BIO_debug_callback - BIO callback functions | |||
| 17 | long BIO_debug_callback(BIO *bio,int cmd,const char *argp,int argi, | 17 | long BIO_debug_callback(BIO *bio,int cmd,const char *argp,int argi, |
| 18 | long argl,long ret); | 18 | long argl,long ret); |
| 19 | 19 | ||
| 20 | typedef long callback(BIO *b, int oper, const char *argp, | 20 | typedef long (*callback)(BIO *b, int oper, const char *argp, |
| 21 | int argi, long argl, long retvalue); | 21 | int argi, long argl, long retvalue); |
| 22 | 22 | ||
| 23 | =head1 DESCRIPTION | 23 | =head1 DESCRIPTION |
diff --git a/src/lib/libssl/src/doc/crypto/BN_add_word.pod b/src/lib/libssl/src/doc/crypto/BN_add_word.pod index 94244adea4..70667d2893 100644 --- a/src/lib/libssl/src/doc/crypto/BN_add_word.pod +++ b/src/lib/libssl/src/doc/crypto/BN_add_word.pod | |||
| @@ -29,11 +29,11 @@ BN_add_word() adds B<w> to B<a> (C<a+=w>). | |||
| 29 | 29 | ||
| 30 | BN_sub_word() subtracts B<w> from B<a> (C<a-=w>). | 30 | BN_sub_word() subtracts B<w> from B<a> (C<a-=w>). |
| 31 | 31 | ||
| 32 | BN_mul_word() multiplies B<a> and B<w> (C<a*=b>). | 32 | BN_mul_word() multiplies B<a> and B<w> (C<a*=w>). |
| 33 | 33 | ||
| 34 | BN_div_word() divides B<a> by B<w> (C<a/=w>) and returns the remainder. | 34 | BN_div_word() divides B<a> by B<w> (C<a/=w>) and returns the remainder. |
| 35 | 35 | ||
| 36 | BN_mod_word() returns the remainder of B<a> divided by B<w> (C<a%m>). | 36 | BN_mod_word() returns the remainder of B<a> divided by B<w> (C<a%w>). |
| 37 | 37 | ||
| 38 | For BN_div_word() and BN_mod_word(), B<w> must not be 0. | 38 | For BN_div_word() and BN_mod_word(), B<w> must not be 0. |
| 39 | 39 | ||
| @@ -42,7 +42,8 @@ For BN_div_word() and BN_mod_word(), B<w> must not be 0. | |||
| 42 | BN_add_word(), BN_sub_word() and BN_mul_word() return 1 for success, 0 | 42 | BN_add_word(), BN_sub_word() and BN_mul_word() return 1 for success, 0 |
| 43 | on error. The error codes can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>. | 43 | on error. The error codes can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>. |
| 44 | 44 | ||
| 45 | BN_mod_word() and BN_div_word() return B<a>%B<w>. | 45 | BN_mod_word() and BN_div_word() return B<a>%B<w> on success and |
| 46 | B<(BN_ULONG)-1> if an error occurred. | ||
| 46 | 47 | ||
| 47 | =head1 SEE ALSO | 48 | =head1 SEE ALSO |
| 48 | 49 | ||
| @@ -54,4 +55,7 @@ BN_add_word() and BN_mod_word() are available in all versions of | |||
| 54 | SSLeay and OpenSSL. BN_div_word() was added in SSLeay 0.8, and | 55 | SSLeay and OpenSSL. BN_div_word() was added in SSLeay 0.8, and |
| 55 | BN_sub_word() and BN_mul_word() in SSLeay 0.9.0. | 56 | BN_sub_word() and BN_mul_word() in SSLeay 0.9.0. |
| 56 | 57 | ||
| 58 | Before 0.9.8a the return value for BN_div_word() and BN_mod_word() | ||
| 59 | in case of an error was 0. | ||
| 60 | |||
| 57 | =cut | 61 | =cut |
diff --git a/src/lib/libssl/src/doc/crypto/BN_new.pod b/src/lib/libssl/src/doc/crypto/BN_new.pod index 3033789c51..ab7a105e3a 100644 --- a/src/lib/libssl/src/doc/crypto/BN_new.pod +++ b/src/lib/libssl/src/doc/crypto/BN_new.pod | |||
| @@ -20,7 +20,7 @@ BN_new, BN_init, BN_clear, BN_free, BN_clear_free - allocate and free BIGNUMs | |||
| 20 | 20 | ||
| 21 | =head1 DESCRIPTION | 21 | =head1 DESCRIPTION |
| 22 | 22 | ||
| 23 | BN_new() allocated and initializes a B<BIGNUM> structure. BN_init() | 23 | BN_new() allocates and initializes a B<BIGNUM> structure. BN_init() |
| 24 | initializes an existing uninitialized B<BIGNUM>. | 24 | initializes an existing uninitialized B<BIGNUM>. |
| 25 | 25 | ||
| 26 | BN_clear() is used to destroy sensitive data such as keys when they | 26 | BN_clear() is used to destroy sensitive data such as keys when they |
diff --git a/src/lib/libssl/src/doc/crypto/DH_set_method.pod b/src/lib/libssl/src/doc/crypto/DH_set_method.pod index 73261fc467..d5cdc3be0c 100644 --- a/src/lib/libssl/src/doc/crypto/DH_set_method.pod +++ b/src/lib/libssl/src/doc/crypto/DH_set_method.pod | |||
| @@ -36,7 +36,7 @@ structures created later. B<NB>: This is true only whilst no ENGINE has been set | |||
| 36 | as a default for DH, so this function is no longer recommended. | 36 | as a default for DH, so this function is no longer recommended. |
| 37 | 37 | ||
| 38 | DH_get_default_method() returns a pointer to the current default DH_METHOD. | 38 | DH_get_default_method() returns a pointer to the current default DH_METHOD. |
| 39 | However, the meaningfulness of this result is dependant on whether the ENGINE | 39 | However, the meaningfulness of this result is dependent on whether the ENGINE |
| 40 | API is being used, so this function is no longer recommended. | 40 | API is being used, so this function is no longer recommended. |
| 41 | 41 | ||
| 42 | DH_set_method() selects B<meth> to perform all operations using the key B<dh>. | 42 | DH_set_method() selects B<meth> to perform all operations using the key B<dh>. |
diff --git a/src/lib/libssl/src/doc/crypto/DSA_set_method.pod b/src/lib/libssl/src/doc/crypto/DSA_set_method.pod index bc3cfb1f0a..9c1434bd8d 100644 --- a/src/lib/libssl/src/doc/crypto/DSA_set_method.pod +++ b/src/lib/libssl/src/doc/crypto/DSA_set_method.pod | |||
| @@ -36,7 +36,7 @@ structures created later. B<NB>: This is true only whilst no ENGINE has | |||
| 36 | been set as a default for DSA, so this function is no longer recommended. | 36 | been set as a default for DSA, so this function is no longer recommended. |
| 37 | 37 | ||
| 38 | DSA_get_default_method() returns a pointer to the current default | 38 | DSA_get_default_method() returns a pointer to the current default |
| 39 | DSA_METHOD. However, the meaningfulness of this result is dependant on | 39 | DSA_METHOD. However, the meaningfulness of this result is dependent on |
| 40 | whether the ENGINE API is being used, so this function is no longer | 40 | whether the ENGINE API is being used, so this function is no longer |
| 41 | recommended. | 41 | recommended. |
| 42 | 42 | ||
diff --git a/src/lib/libssl/src/doc/crypto/EVP_BytesToKey.pod b/src/lib/libssl/src/doc/crypto/EVP_BytesToKey.pod index 016381f3e9..d375c46e03 100644 --- a/src/lib/libssl/src/doc/crypto/EVP_BytesToKey.pod +++ b/src/lib/libssl/src/doc/crypto/EVP_BytesToKey.pod | |||
| @@ -60,7 +60,7 @@ EVP_BytesToKey() returns the size of the derived key in bytes. | |||
| 60 | =head1 SEE ALSO | 60 | =head1 SEE ALSO |
| 61 | 61 | ||
| 62 | L<evp(3)|evp(3)>, L<rand(3)|rand(3)>, | 62 | L<evp(3)|evp(3)>, L<rand(3)|rand(3)>, |
| 63 | L<EVP_EncryptInit(3)|EVP_EncryptInit(3)>, | 63 | L<EVP_EncryptInit(3)|EVP_EncryptInit(3)> |
| 64 | 64 | ||
| 65 | =head1 HISTORY | 65 | =head1 HISTORY |
| 66 | 66 | ||
diff --git a/src/lib/libssl/src/doc/crypto/EVP_DigestInit.pod b/src/lib/libssl/src/doc/crypto/EVP_DigestInit.pod index faa992286b..236e2fa8d1 100644 --- a/src/lib/libssl/src/doc/crypto/EVP_DigestInit.pod +++ b/src/lib/libssl/src/doc/crypto/EVP_DigestInit.pod | |||
| @@ -18,7 +18,7 @@ EVP digest routines | |||
| 18 | EVP_MD_CTX *EVP_MD_CTX_create(void); | 18 | EVP_MD_CTX *EVP_MD_CTX_create(void); |
| 19 | 19 | ||
| 20 | int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl); | 20 | int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl); |
| 21 | int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *d, unsigned int cnt); | 21 | int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *d, size_t cnt); |
| 22 | int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, | 22 | int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, |
| 23 | unsigned int *s); | 23 | unsigned int *s); |
| 24 | 24 | ||
diff --git a/src/lib/libssl/src/doc/crypto/EVP_SealInit.pod b/src/lib/libssl/src/doc/crypto/EVP_SealInit.pod index 48a0e29954..7d793e19ef 100644 --- a/src/lib/libssl/src/doc/crypto/EVP_SealInit.pod +++ b/src/lib/libssl/src/doc/crypto/EVP_SealInit.pod | |||
| @@ -8,9 +8,9 @@ EVP_SealInit, EVP_SealUpdate, EVP_SealFinal - EVP envelope encryption | |||
| 8 | 8 | ||
| 9 | #include <openssl/evp.h> | 9 | #include <openssl/evp.h> |
| 10 | 10 | ||
| 11 | int EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, | 11 | int EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, |
| 12 | unsigned char **ek, int *ekl, unsigned char *iv, | 12 | unsigned char **ek, int *ekl, unsigned char *iv, |
| 13 | EVP_PKEY **pubk, int npubk); | 13 | EVP_PKEY **pubk, int npubk); |
| 14 | int EVP_SealUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, | 14 | int EVP_SealUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, |
| 15 | int *outl, unsigned char *in, int inl); | 15 | int *outl, unsigned char *in, int inl); |
| 16 | int EVP_SealFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, | 16 | int EVP_SealFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, |
diff --git a/src/lib/libssl/src/doc/crypto/RAND_bytes.pod b/src/lib/libssl/src/doc/crypto/RAND_bytes.pod index ce6329ce54..1a9b91e281 100644 --- a/src/lib/libssl/src/doc/crypto/RAND_bytes.pod +++ b/src/lib/libssl/src/doc/crypto/RAND_bytes.pod | |||
| @@ -25,6 +25,9 @@ unpredictable. They can be used for non-cryptographic purposes and for | |||
| 25 | certain purposes in cryptographic protocols, but usually not for key | 25 | certain purposes in cryptographic protocols, but usually not for key |
| 26 | generation etc. | 26 | generation etc. |
| 27 | 27 | ||
| 28 | The contents of B<buf> is mixed into the entropy pool before retrieving | ||
| 29 | the new pseudo-random bytes unless disabled at compile time (see FAQ). | ||
| 30 | |||
| 28 | =head1 RETURN VALUES | 31 | =head1 RETURN VALUES |
| 29 | 32 | ||
| 30 | RAND_bytes() returns 1 on success, 0 otherwise. The error code can be | 33 | RAND_bytes() returns 1 on success, 0 otherwise. The error code can be |
diff --git a/src/lib/libssl/src/doc/crypto/RAND_egd.pod b/src/lib/libssl/src/doc/crypto/RAND_egd.pod index 62adbe19b2..079838ea2e 100644 --- a/src/lib/libssl/src/doc/crypto/RAND_egd.pod +++ b/src/lib/libssl/src/doc/crypto/RAND_egd.pod | |||
| @@ -50,7 +50,7 @@ non-blocking mode. | |||
| 50 | 50 | ||
| 51 | Alternatively, the EGD-interface compatible daemon PRNGD can be used. It is | 51 | Alternatively, the EGD-interface compatible daemon PRNGD can be used. It is |
| 52 | available from | 52 | available from |
| 53 | http://www.aet.tu-cottbus.de/personen/jaenicke/postfix_tls/prngd.html . | 53 | http://prngd.sourceforge.net/ . |
| 54 | PRNGD does employ an internal PRNG itself and can therefore never run | 54 | PRNGD does employ an internal PRNG itself and can therefore never run |
| 55 | out of entropy. | 55 | out of entropy. |
| 56 | 56 | ||
diff --git a/src/lib/libssl/src/doc/crypto/RAND_set_rand_method.pod b/src/lib/libssl/src/doc/crypto/RAND_set_rand_method.pod index c9bb6d9f27..e5b780fad0 100644 --- a/src/lib/libssl/src/doc/crypto/RAND_set_rand_method.pod +++ b/src/lib/libssl/src/doc/crypto/RAND_set_rand_method.pod | |||
| @@ -30,7 +30,7 @@ true only whilst no ENGINE has been set as a default for RAND, so this function | |||
| 30 | is no longer recommended. | 30 | is no longer recommended. |
| 31 | 31 | ||
| 32 | RAND_get_default_method() returns a pointer to the current RAND_METHOD. | 32 | RAND_get_default_method() returns a pointer to the current RAND_METHOD. |
| 33 | However, the meaningfulness of this result is dependant on whether the ENGINE | 33 | However, the meaningfulness of this result is dependent on whether the ENGINE |
| 34 | API is being used, so this function is no longer recommended. | 34 | API is being used, so this function is no longer recommended. |
| 35 | 35 | ||
| 36 | =head1 THE RAND_METHOD STRUCTURE | 36 | =head1 THE RAND_METHOD STRUCTURE |
diff --git a/src/lib/libssl/src/doc/crypto/RSA_get_ex_new_index.pod b/src/lib/libssl/src/doc/crypto/RSA_get_ex_new_index.pod index 46cc8f5359..7d0fd1f91d 100644 --- a/src/lib/libssl/src/doc/crypto/RSA_get_ex_new_index.pod +++ b/src/lib/libssl/src/doc/crypto/RSA_get_ex_new_index.pod | |||
| @@ -17,12 +17,12 @@ RSA_get_ex_new_index, RSA_set_ex_data, RSA_get_ex_data - add application specifi | |||
| 17 | 17 | ||
| 18 | void *RSA_get_ex_data(RSA *r, int idx); | 18 | void *RSA_get_ex_data(RSA *r, int idx); |
| 19 | 19 | ||
| 20 | typedef int new_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad, | 20 | typedef int CRYPTO_EX_new(void *parent, void *ptr, CRYPTO_EX_DATA *ad, |
| 21 | int idx, long argl, void *argp); | 21 | int idx, long argl, void *argp); |
| 22 | typedef void free_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad, | 22 | typedef void CRYPTO_EX_free(void *parent, void *ptr, CRYPTO_EX_DATA *ad, |
| 23 | int idx, long argl, void *argp); | 23 | int idx, long argl, void *argp); |
| 24 | typedef int dup_func(CRYPTO_EX_DATA *to, CRYPTO_EX_DATA *from, void *from_d, | 24 | typedef int CRYPTO_EX_dup(CRYPTO_EX_DATA *to, CRYPTO_EX_DATA *from, void *from_d, |
| 25 | int idx, long argl, void *argp); | 25 | int idx, long argl, void *argp); |
| 26 | 26 | ||
| 27 | =head1 DESCRIPTION | 27 | =head1 DESCRIPTION |
| 28 | 28 | ||
diff --git a/src/lib/libssl/src/doc/crypto/RSA_set_method.pod b/src/lib/libssl/src/doc/crypto/RSA_set_method.pod index 0a305f6b14..2c963d7e5b 100644 --- a/src/lib/libssl/src/doc/crypto/RSA_set_method.pod +++ b/src/lib/libssl/src/doc/crypto/RSA_set_method.pod | |||
| @@ -42,7 +42,7 @@ structures created later. B<NB>: This is true only whilst no ENGINE has | |||
| 42 | been set as a default for RSA, so this function is no longer recommended. | 42 | been set as a default for RSA, so this function is no longer recommended. |
| 43 | 43 | ||
| 44 | RSA_get_default_method() returns a pointer to the current default | 44 | RSA_get_default_method() returns a pointer to the current default |
| 45 | RSA_METHOD. However, the meaningfulness of this result is dependant on | 45 | RSA_METHOD. However, the meaningfulness of this result is dependent on |
| 46 | whether the ENGINE API is being used, so this function is no longer | 46 | whether the ENGINE API is being used, so this function is no longer |
| 47 | recommended. | 47 | recommended. |
| 48 | 48 | ||
diff --git a/src/lib/libssl/src/doc/crypto/RSA_sign.pod b/src/lib/libssl/src/doc/crypto/RSA_sign.pod index 71688a665e..8553be8e99 100644 --- a/src/lib/libssl/src/doc/crypto/RSA_sign.pod +++ b/src/lib/libssl/src/doc/crypto/RSA_sign.pod | |||
| @@ -8,10 +8,10 @@ RSA_sign, RSA_verify - RSA signatures | |||
| 8 | 8 | ||
| 9 | #include <openssl/rsa.h> | 9 | #include <openssl/rsa.h> |
| 10 | 10 | ||
| 11 | int RSA_sign(int type, unsigned char *m, unsigned int m_len, | 11 | int RSA_sign(int type, const unsigned char *m, unsigned int m_len, |
| 12 | unsigned char *sigret, unsigned int *siglen, RSA *rsa); | 12 | unsigned char *sigret, unsigned int *siglen, RSA *rsa); |
| 13 | 13 | ||
| 14 | int RSA_verify(int type, unsigned char *m, unsigned int m_len, | 14 | int RSA_verify(int type, const unsigned char *m, unsigned int m_len, |
| 15 | unsigned char *sigbuf, unsigned int siglen, RSA *rsa); | 15 | unsigned char *sigbuf, unsigned int siglen, RSA *rsa); |
| 16 | 16 | ||
| 17 | =head1 DESCRIPTION | 17 | =head1 DESCRIPTION |
diff --git a/src/lib/libssl/src/doc/crypto/bn.pod b/src/lib/libssl/src/doc/crypto/bn.pod index 210dfeac08..cd2f8e50c6 100644 --- a/src/lib/libssl/src/doc/crypto/bn.pod +++ b/src/lib/libssl/src/doc/crypto/bn.pod | |||
| @@ -27,6 +27,9 @@ bn - multiprecision integer arithmetics | |||
| 27 | int BN_num_bits(const BIGNUM *a); | 27 | int BN_num_bits(const BIGNUM *a); |
| 28 | int BN_num_bits_word(BN_ULONG w); | 28 | int BN_num_bits_word(BN_ULONG w); |
| 29 | 29 | ||
| 30 | void BN_set_negative(BIGNUM *a, int n); | ||
| 31 | int BN_is_negative(const BIGNUM *a); | ||
| 32 | |||
| 30 | int BN_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); | 33 | int BN_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); |
| 31 | int BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); | 34 | int BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); |
| 32 | int BN_mul(BIGNUM *r, BIGNUM *a, BIGNUM *b, BN_CTX *ctx); | 35 | int BN_mul(BIGNUM *r, BIGNUM *a, BIGNUM *b, BN_CTX *ctx); |
| @@ -118,6 +121,25 @@ bn - multiprecision integer arithmetics | |||
| 118 | int BN_to_montgomery(BIGNUM *r, BIGNUM *a, BN_MONT_CTX *mont, | 121 | int BN_to_montgomery(BIGNUM *r, BIGNUM *a, BN_MONT_CTX *mont, |
| 119 | BN_CTX *ctx); | 122 | BN_CTX *ctx); |
| 120 | 123 | ||
| 124 | BN_BLINDING *BN_BLINDING_new(const BIGNUM *A, const BIGNUM *Ai, | ||
| 125 | BIGNUM *mod); | ||
| 126 | void BN_BLINDING_free(BN_BLINDING *b); | ||
| 127 | int BN_BLINDING_update(BN_BLINDING *b,BN_CTX *ctx); | ||
| 128 | int BN_BLINDING_convert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx); | ||
| 129 | int BN_BLINDING_invert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx); | ||
| 130 | int BN_BLINDING_convert_ex(BIGNUM *n, BIGNUM *r, BN_BLINDING *b, | ||
| 131 | BN_CTX *ctx); | ||
| 132 | int BN_BLINDING_invert_ex(BIGNUM *n,const BIGNUM *r,BN_BLINDING *b, | ||
| 133 | BN_CTX *ctx); | ||
| 134 | unsigned long BN_BLINDING_get_thread_id(const BN_BLINDING *); | ||
| 135 | void BN_BLINDING_set_thread_id(BN_BLINDING *, unsigned long); | ||
| 136 | unsigned long BN_BLINDING_get_flags(const BN_BLINDING *); | ||
| 137 | void BN_BLINDING_set_flags(BN_BLINDING *, unsigned long); | ||
| 138 | BN_BLINDING *BN_BLINDING_create_param(BN_BLINDING *b, | ||
| 139 | const BIGNUM *e, BIGNUM *m, BN_CTX *ctx, | ||
| 140 | int (*bn_mod_exp)(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, | ||
| 141 | const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx), | ||
| 142 | BN_MONT_CTX *m_ctx); | ||
| 121 | 143 | ||
| 122 | =head1 DESCRIPTION | 144 | =head1 DESCRIPTION |
| 123 | 145 | ||
| @@ -153,6 +175,7 @@ L<BN_cmp(3)|BN_cmp(3)>, L<BN_zero(3)|BN_zero(3)>, L<BN_rand(3)|BN_rand(3)>, | |||
| 153 | L<BN_generate_prime(3)|BN_generate_prime(3)>, L<BN_set_bit(3)|BN_set_bit(3)>, | 175 | L<BN_generate_prime(3)|BN_generate_prime(3)>, L<BN_set_bit(3)|BN_set_bit(3)>, |
| 154 | L<BN_bn2bin(3)|BN_bn2bin(3)>, L<BN_mod_inverse(3)|BN_mod_inverse(3)>, | 176 | L<BN_bn2bin(3)|BN_bn2bin(3)>, L<BN_mod_inverse(3)|BN_mod_inverse(3)>, |
| 155 | L<BN_mod_mul_reciprocal(3)|BN_mod_mul_reciprocal(3)>, | 177 | L<BN_mod_mul_reciprocal(3)|BN_mod_mul_reciprocal(3)>, |
| 156 | L<BN_mod_mul_montgomery(3)|BN_mod_mul_montgomery(3)> | 178 | L<BN_mod_mul_montgomery(3)|BN_mod_mul_montgomery(3)>, |
| 179 | L<BN_BLINDING_new(3)|BN_BLINDING_new(3)> | ||
| 157 | 180 | ||
| 158 | =cut | 181 | =cut |
diff --git a/src/lib/libssl/src/doc/crypto/bn_internal.pod b/src/lib/libssl/src/doc/crypto/bn_internal.pod index 9805a7c9f2..891914678c 100644 --- a/src/lib/libssl/src/doc/crypto/bn_internal.pod +++ b/src/lib/libssl/src/doc/crypto/bn_internal.pod | |||
| @@ -72,19 +72,19 @@ applications. | |||
| 72 | 72 | ||
| 73 | typedef struct bignum_st | 73 | typedef struct bignum_st |
| 74 | { | 74 | { |
| 75 | int top; /* index of last used d (most significant word) */ | 75 | int top; /* number of words used in d */ |
| 76 | BN_ULONG *d; /* pointer to an array of 'BITS2' bit chunks */ | 76 | BN_ULONG *d; /* pointer to an array containing the integer value */ |
| 77 | int max; /* size of the d array */ | 77 | int max; /* size of the d array */ |
| 78 | int neg; /* sign */ | 78 | int neg; /* sign */ |
| 79 | } BIGNUM; | 79 | } BIGNUM; |
| 80 | 80 | ||
| 81 | The big number is stored in B<d>, a malloc()ed array of B<BN_ULONG>s, | 81 | The integer value is stored in B<d>, a malloc()ed array of words (B<BN_ULONG>), |
| 82 | least significant first. A B<BN_ULONG> can be either 16, 32 or 64 bits | 82 | least significant word first. A B<BN_ULONG> can be either 16, 32 or 64 bits |
| 83 | in size (B<BITS2>), depending on the 'number of bits' specified in | 83 | in size, depending on the 'number of bits' (B<BITS2>) specified in |
| 84 | C<openssl/bn.h>. | 84 | C<openssl/bn.h>. |
| 85 | 85 | ||
| 86 | B<max> is the size of the B<d> array that has been allocated. B<top> | 86 | B<max> is the size of the B<d> array that has been allocated. B<top> |
| 87 | is the 'last' entry being used, so for a value of 4, bn.d[0]=4 and | 87 | is the number of words being used, so for a value of 4, bn.d[0]=4 and |
| 88 | bn.top=1. B<neg> is 1 if the number is negative. When a B<BIGNUM> is | 88 | bn.top=1. B<neg> is 1 if the number is negative. When a B<BIGNUM> is |
| 89 | B<0>, the B<d> field can be B<NULL> and B<top> == B<0>. | 89 | B<0>, the B<d> field can be B<NULL> and B<top> == B<0>. |
| 90 | 90 | ||
| @@ -202,7 +202,7 @@ call bn_expand2(), which allocates a new B<d> array and copies the | |||
| 202 | data. They return B<NULL> on error, B<b> otherwise. | 202 | data. They return B<NULL> on error, B<b> otherwise. |
| 203 | 203 | ||
| 204 | The bn_fix_top() macro reduces B<a-E<gt>top> to point to the most | 204 | The bn_fix_top() macro reduces B<a-E<gt>top> to point to the most |
| 205 | significant non-zero word when B<a> has shrunk. | 205 | significant non-zero word plus one when B<a> has shrunk. |
| 206 | 206 | ||
| 207 | =head2 Debugging | 207 | =head2 Debugging |
| 208 | 208 | ||
diff --git a/src/lib/libssl/src/doc/crypto/des_modes.pod b/src/lib/libssl/src/doc/crypto/des_modes.pod index 0cc22150e7..0ad01eafe2 100644 --- a/src/lib/libssl/src/doc/crypto/des_modes.pod +++ b/src/lib/libssl/src/doc/crypto/des_modes.pod | |||
| @@ -1,5 +1,7 @@ | |||
| 1 | =pod | 1 | =pod |
| 2 | 2 | ||
| 3 | =for comment openssl_manual_section:7 | ||
| 4 | |||
| 3 | =head1 NAME | 5 | =head1 NAME |
| 4 | 6 | ||
| 5 | des_modes - the variants of DES and other crypto algorithms of OpenSSL | 7 | des_modes - the variants of DES and other crypto algorithms of OpenSSL |
diff --git a/src/lib/libssl/src/doc/crypto/md5.pod b/src/lib/libssl/src/doc/crypto/md5.pod index 6e6322dcdc..d11d5c32cb 100644 --- a/src/lib/libssl/src/doc/crypto/md5.pod +++ b/src/lib/libssl/src/doc/crypto/md5.pod | |||
| @@ -12,10 +12,10 @@ MD4_Final, MD5_Init, MD5_Update, MD5_Final - MD2, MD4, and MD5 hash functions | |||
| 12 | unsigned char *MD2(const unsigned char *d, unsigned long n, | 12 | unsigned char *MD2(const unsigned char *d, unsigned long n, |
| 13 | unsigned char *md); | 13 | unsigned char *md); |
| 14 | 14 | ||
| 15 | void MD2_Init(MD2_CTX *c); | 15 | int MD2_Init(MD2_CTX *c); |
| 16 | void MD2_Update(MD2_CTX *c, const unsigned char *data, | 16 | int MD2_Update(MD2_CTX *c, const unsigned char *data, |
| 17 | unsigned long len); | 17 | unsigned long len); |
| 18 | void MD2_Final(unsigned char *md, MD2_CTX *c); | 18 | int MD2_Final(unsigned char *md, MD2_CTX *c); |
| 19 | 19 | ||
| 20 | 20 | ||
| 21 | #include <openssl/md4.h> | 21 | #include <openssl/md4.h> |
| @@ -23,10 +23,10 @@ MD4_Final, MD5_Init, MD5_Update, MD5_Final - MD2, MD4, and MD5 hash functions | |||
| 23 | unsigned char *MD4(const unsigned char *d, unsigned long n, | 23 | unsigned char *MD4(const unsigned char *d, unsigned long n, |
| 24 | unsigned char *md); | 24 | unsigned char *md); |
| 25 | 25 | ||
| 26 | void MD4_Init(MD4_CTX *c); | 26 | int MD4_Init(MD4_CTX *c); |
| 27 | void MD4_Update(MD4_CTX *c, const void *data, | 27 | int MD4_Update(MD4_CTX *c, const void *data, |
| 28 | unsigned long len); | 28 | unsigned long len); |
| 29 | void MD4_Final(unsigned char *md, MD4_CTX *c); | 29 | int MD4_Final(unsigned char *md, MD4_CTX *c); |
| 30 | 30 | ||
| 31 | 31 | ||
| 32 | #include <openssl/md5.h> | 32 | #include <openssl/md5.h> |
| @@ -34,10 +34,10 @@ MD4_Final, MD5_Init, MD5_Update, MD5_Final - MD2, MD4, and MD5 hash functions | |||
| 34 | unsigned char *MD5(const unsigned char *d, unsigned long n, | 34 | unsigned char *MD5(const unsigned char *d, unsigned long n, |
| 35 | unsigned char *md); | 35 | unsigned char *md); |
| 36 | 36 | ||
| 37 | void MD5_Init(MD5_CTX *c); | 37 | int MD5_Init(MD5_CTX *c); |
| 38 | void MD5_Update(MD5_CTX *c, const void *data, | 38 | int MD5_Update(MD5_CTX *c, const void *data, |
| 39 | unsigned long len); | 39 | unsigned long len); |
| 40 | void MD5_Final(unsigned char *md, MD5_CTX *c); | 40 | int MD5_Final(unsigned char *md, MD5_CTX *c); |
| 41 | 41 | ||
| 42 | =head1 DESCRIPTION | 42 | =head1 DESCRIPTION |
| 43 | 43 | ||
| @@ -78,8 +78,8 @@ preferred. | |||
| 78 | MD2(), MD4(), and MD5() return pointers to the hash value. | 78 | MD2(), MD4(), and MD5() return pointers to the hash value. |
| 79 | 79 | ||
| 80 | MD2_Init(), MD2_Update(), MD2_Final(), MD4_Init(), MD4_Update(), | 80 | MD2_Init(), MD2_Update(), MD2_Final(), MD4_Init(), MD4_Update(), |
| 81 | MD4_Final(), MD5_Init(), MD5_Update(), and MD5_Final() do not return | 81 | MD4_Final(), MD5_Init(), MD5_Update(), and MD5_Final() return 1 for |
| 82 | values. | 82 | success, 0 otherwise. |
| 83 | 83 | ||
| 84 | =head1 CONFORMING TO | 84 | =head1 CONFORMING TO |
| 85 | 85 | ||
diff --git a/src/lib/libssl/src/doc/crypto/mdc2.pod b/src/lib/libssl/src/doc/crypto/mdc2.pod index 538f474e30..2fab9a9871 100644 --- a/src/lib/libssl/src/doc/crypto/mdc2.pod +++ b/src/lib/libssl/src/doc/crypto/mdc2.pod | |||
| @@ -11,10 +11,10 @@ MDC2, MDC2_Init, MDC2_Update, MDC2_Final - MDC2 hash function | |||
| 11 | unsigned char *MDC2(const unsigned char *d, unsigned long n, | 11 | unsigned char *MDC2(const unsigned char *d, unsigned long n, |
| 12 | unsigned char *md); | 12 | unsigned char *md); |
| 13 | 13 | ||
| 14 | void MDC2_Init(MDC2_CTX *c); | 14 | int MDC2_Init(MDC2_CTX *c); |
| 15 | void MDC2_Update(MDC2_CTX *c, const unsigned char *data, | 15 | int MDC2_Update(MDC2_CTX *c, const unsigned char *data, |
| 16 | unsigned long len); | 16 | unsigned long len); |
| 17 | void MDC2_Final(unsigned char *md, MDC2_CTX *c); | 17 | int MDC2_Final(unsigned char *md, MDC2_CTX *c); |
| 18 | 18 | ||
| 19 | =head1 DESCRIPTION | 19 | =head1 DESCRIPTION |
| 20 | 20 | ||
| @@ -46,7 +46,7 @@ hash functions directly. | |||
| 46 | 46 | ||
| 47 | MDC2() returns a pointer to the hash value. | 47 | MDC2() returns a pointer to the hash value. |
| 48 | 48 | ||
| 49 | MDC2_Init(), MDC2_Update() and MDC2_Final() do not return values. | 49 | MDC2_Init(), MDC2_Update() and MDC2_Final() return 1 for success, 0 otherwise. |
| 50 | 50 | ||
| 51 | =head1 CONFORMING TO | 51 | =head1 CONFORMING TO |
| 52 | 52 | ||
diff --git a/src/lib/libssl/src/doc/crypto/ripemd.pod b/src/lib/libssl/src/doc/crypto/ripemd.pod index 9a634ca866..348ef7c961 100644 --- a/src/lib/libssl/src/doc/crypto/ripemd.pod +++ b/src/lib/libssl/src/doc/crypto/ripemd.pod | |||
| @@ -12,10 +12,10 @@ RIPEMD-160 hash function | |||
| 12 | unsigned char *RIPEMD160(const unsigned char *d, unsigned long n, | 12 | unsigned char *RIPEMD160(const unsigned char *d, unsigned long n, |
| 13 | unsigned char *md); | 13 | unsigned char *md); |
| 14 | 14 | ||
| 15 | void RIPEMD160_Init(RIPEMD160_CTX *c); | 15 | int RIPEMD160_Init(RIPEMD160_CTX *c); |
| 16 | void RIPEMD160_Update(RIPEMD_CTX *c, const void *data, | 16 | int RIPEMD160_Update(RIPEMD_CTX *c, const void *data, |
| 17 | unsigned long len); | 17 | unsigned long len); |
| 18 | void RIPEMD160_Final(unsigned char *md, RIPEMD160_CTX *c); | 18 | int RIPEMD160_Final(unsigned char *md, RIPEMD160_CTX *c); |
| 19 | 19 | ||
| 20 | =head1 DESCRIPTION | 20 | =head1 DESCRIPTION |
| 21 | 21 | ||
| @@ -47,8 +47,8 @@ hash functions directly. | |||
| 47 | 47 | ||
| 48 | RIPEMD160() returns a pointer to the hash value. | 48 | RIPEMD160() returns a pointer to the hash value. |
| 49 | 49 | ||
| 50 | RIPEMD160_Init(), RIPEMD160_Update() and RIPEMD160_Final() do not | 50 | RIPEMD160_Init(), RIPEMD160_Update() and RIPEMD160_Final() return 1 for |
| 51 | return values. | 51 | success, 0 otherwise. |
| 52 | 52 | ||
| 53 | =head1 CONFORMING TO | 53 | =head1 CONFORMING TO |
| 54 | 54 | ||
diff --git a/src/lib/libssl/src/doc/crypto/sha.pod b/src/lib/libssl/src/doc/crypto/sha.pod index 158457270f..d7a56accd3 100644 --- a/src/lib/libssl/src/doc/crypto/sha.pod +++ b/src/lib/libssl/src/doc/crypto/sha.pod | |||
| @@ -11,10 +11,10 @@ SHA1, SHA1_Init, SHA1_Update, SHA1_Final - Secure Hash Algorithm | |||
| 11 | unsigned char *SHA1(const unsigned char *d, unsigned long n, | 11 | unsigned char *SHA1(const unsigned char *d, unsigned long n, |
| 12 | unsigned char *md); | 12 | unsigned char *md); |
| 13 | 13 | ||
| 14 | void SHA1_Init(SHA_CTX *c); | 14 | int SHA1_Init(SHA_CTX *c); |
| 15 | void SHA1_Update(SHA_CTX *c, const void *data, | 15 | int SHA1_Update(SHA_CTX *c, const void *data, |
| 16 | unsigned long len); | 16 | unsigned long len); |
| 17 | void SHA1_Final(unsigned char *md, SHA_CTX *c); | 17 | int SHA1_Final(unsigned char *md, SHA_CTX *c); |
| 18 | 18 | ||
| 19 | =head1 DESCRIPTION | 19 | =head1 DESCRIPTION |
| 20 | 20 | ||
| @@ -48,7 +48,7 @@ used only when backward compatibility is required. | |||
| 48 | 48 | ||
| 49 | SHA1() returns a pointer to the hash value. | 49 | SHA1() returns a pointer to the hash value. |
| 50 | 50 | ||
| 51 | SHA1_Init(), SHA1_Update() and SHA1_Final() do not return values. | 51 | SHA1_Init(), SHA1_Update() and SHA1_Final() return 1 for success, 0 otherwise. |
| 52 | 52 | ||
| 53 | =head1 CONFORMING TO | 53 | =head1 CONFORMING TO |
| 54 | 54 | ||
diff --git a/src/lib/libssl/src/doc/openssl.txt b/src/lib/libssl/src/doc/openssl.txt index 432a17b66c..f8817b0a71 100644 --- a/src/lib/libssl/src/doc/openssl.txt +++ b/src/lib/libssl/src/doc/openssl.txt | |||
| @@ -154,8 +154,22 @@ for example contain data in multiple sections. The correct syntax to | |||
| 154 | use is defined by the extension code itself: check out the certificate | 154 | use is defined by the extension code itself: check out the certificate |
| 155 | policies extension for an example. | 155 | policies extension for an example. |
| 156 | 156 | ||
| 157 | In addition it is also possible to use the word DER to include arbitrary | 157 | There are two ways to encode arbitrary extensions. |
| 158 | data in any extension. | 158 | |
| 159 | The first way is to use the word ASN1 followed by the extension content | ||
| 160 | using the same syntax as ASN1_generate_nconf(). For example: | ||
| 161 | |||
| 162 | 1.2.3.4=critical,ASN1:UTF8String:Some random data | ||
| 163 | |||
| 164 | 1.2.3.4=ASN1:SEQUENCE:seq_sect | ||
| 165 | |||
| 166 | [seq_sect] | ||
| 167 | |||
| 168 | field1 = UTF8:field1 | ||
| 169 | field2 = UTF8:field2 | ||
| 170 | |||
| 171 | It is also possible to use the word DER to include arbitrary data in any | ||
| 172 | extension. | ||
| 159 | 173 | ||
| 160 | 1.2.3.4=critical,DER:01:02:03:04 | 174 | 1.2.3.4=critical,DER:01:02:03:04 |
| 161 | 1.2.3.4=DER:01020304 | 175 | 1.2.3.4=DER:01020304 |
| @@ -336,16 +350,21 @@ Subject Alternative Name. | |||
| 336 | The subject alternative name extension allows various literal values to be | 350 | The subject alternative name extension allows various literal values to be |
| 337 | included in the configuration file. These include "email" (an email address) | 351 | included in the configuration file. These include "email" (an email address) |
| 338 | "URI" a uniform resource indicator, "DNS" (a DNS domain name), RID (a | 352 | "URI" a uniform resource indicator, "DNS" (a DNS domain name), RID (a |
| 339 | registered ID: OBJECT IDENTIFIER) and IP (and IP address). | 353 | registered ID: OBJECT IDENTIFIER), IP (and IP address) and otherName. |
| 340 | 354 | ||
| 341 | Also the email option include a special 'copy' value. This will automatically | 355 | Also the email option include a special 'copy' value. This will automatically |
| 342 | include and email addresses contained in the certificate subject name in | 356 | include and email addresses contained in the certificate subject name in |
| 343 | the extension. | 357 | the extension. |
| 344 | 358 | ||
| 359 | otherName can include arbitrary data associated with an OID: the value | ||
| 360 | should be the OID followed by a semicolon and the content in standard | ||
| 361 | ASN1_generate_nconf() format. | ||
| 362 | |||
| 345 | Examples: | 363 | Examples: |
| 346 | 364 | ||
| 347 | subjectAltName=email:copy,email:my@other.address,URI:http://my.url.here/ | 365 | subjectAltName=email:copy,email:my@other.address,URI:http://my.url.here/ |
| 348 | subjectAltName=email:my@other.address,RID:1.2.3.4 | 366 | subjectAltName=email:my@other.address,RID:1.2.3.4 |
| 367 | subjectAltName=otherName:1.2.3.4;UTF8:some other identifier | ||
| 349 | 368 | ||
| 350 | Issuer Alternative Name. | 369 | Issuer Alternative Name. |
| 351 | 370 | ||
| @@ -759,7 +778,7 @@ called. | |||
| 759 | 778 | ||
| 760 | The X509V3_EXT_METHOD structure is described below. | 779 | The X509V3_EXT_METHOD structure is described below. |
| 761 | 780 | ||
| 762 | strut { | 781 | struct { |
| 763 | int ext_nid; | 782 | int ext_nid; |
| 764 | int ext_flags; | 783 | int ext_flags; |
| 765 | X509V3_EXT_NEW ext_new; | 784 | X509V3_EXT_NEW ext_new; |
diff --git a/src/lib/libssl/src/doc/ssl/SSL_CTX_set_options.pod b/src/lib/libssl/src/doc/ssl/SSL_CTX_set_options.pod index fa63263601..eaed190809 100644 --- a/src/lib/libssl/src/doc/ssl/SSL_CTX_set_options.pod +++ b/src/lib/libssl/src/doc/ssl/SSL_CTX_set_options.pod | |||
| @@ -201,6 +201,15 @@ When performing renegotiation as a server, always start a new session | |||
| 201 | (i.e., session resumption requests are only accepted in the initial | 201 | (i.e., session resumption requests are only accepted in the initial |
| 202 | handshake). This option is not needed for clients. | 202 | handshake). This option is not needed for clients. |
| 203 | 203 | ||
| 204 | =item SSL_OP_NO_TICKET | ||
| 205 | |||
| 206 | Normally clients and servers will, where possible, transparently make use | ||
| 207 | of RFC4507bis tickets for stateless session resumption if extension support | ||
| 208 | is explicitly set when OpenSSL is compiled. | ||
| 209 | |||
| 210 | If this option is set this functionality is disabled and tickets will | ||
| 211 | not be used by clients or servers. | ||
| 212 | |||
| 204 | =back | 213 | =back |
| 205 | 214 | ||
| 206 | =head1 RETURN VALUES | 215 | =head1 RETURN VALUES |
diff --git a/src/lib/libssl/src/doc/ssl/SSL_CTX_set_tmp_rsa_callback.pod b/src/lib/libssl/src/doc/ssl/SSL_CTX_set_tmp_rsa_callback.pod index f85775927d..534643cd9d 100644 --- a/src/lib/libssl/src/doc/ssl/SSL_CTX_set_tmp_rsa_callback.pod +++ b/src/lib/libssl/src/doc/ssl/SSL_CTX_set_tmp_rsa_callback.pod | |||
| @@ -18,7 +18,7 @@ SSL_CTX_set_tmp_rsa_callback, SSL_CTX_set_tmp_rsa, SSL_CTX_need_tmp_rsa, SSL_set | |||
| 18 | long SSL_set_tmp_rsa(SSL *ssl, RSA *rsa) | 18 | long SSL_set_tmp_rsa(SSL *ssl, RSA *rsa) |
| 19 | long SSL_need_tmp_rsa(SSL *ssl) | 19 | long SSL_need_tmp_rsa(SSL *ssl) |
| 20 | 20 | ||
| 21 | RSA *(*tmp_rsa_callback)(SSL *ssl, int is_export, int keylength)); | 21 | RSA *(*tmp_rsa_callback)(SSL *ssl, int is_export, int keylength); |
| 22 | 22 | ||
| 23 | =head1 DESCRIPTION | 23 | =head1 DESCRIPTION |
| 24 | 24 | ||
diff --git a/src/lib/libssl/src/doc/ssl/SSL_CTX_use_certificate.pod b/src/lib/libssl/src/doc/ssl/SSL_CTX_use_certificate.pod index 48c888c337..10be95fdb1 100644 --- a/src/lib/libssl/src/doc/ssl/SSL_CTX_use_certificate.pod +++ b/src/lib/libssl/src/doc/ssl/SSL_CTX_use_certificate.pod | |||
| @@ -77,6 +77,12 @@ SSL_CTX_use_PrivateKey() adds B<pkey> as private key to B<ctx>. | |||
| 77 | SSL_CTX_use_RSAPrivateKey() adds the private key B<rsa> of type RSA | 77 | SSL_CTX_use_RSAPrivateKey() adds the private key B<rsa> of type RSA |
| 78 | to B<ctx>. SSL_use_PrivateKey() adds B<pkey> as private key to B<ssl>; | 78 | to B<ctx>. SSL_use_PrivateKey() adds B<pkey> as private key to B<ssl>; |
| 79 | SSL_use_RSAPrivateKey() adds B<rsa> as private key of type RSA to B<ssl>. | 79 | SSL_use_RSAPrivateKey() adds B<rsa> as private key of type RSA to B<ssl>. |
| 80 | If a certificate has already been set and the private does not belong | ||
| 81 | to the certificate an error is returned. To change a certificate, private | ||
| 82 | key pair the new certificate needs to be set with SSL_use_certificate() | ||
| 83 | or SSL_CTX_use_certificate() before setting the private key with | ||
| 84 | SSL_CTX_use_PrivateKey() or SSL_use_PrivateKey(). | ||
| 85 | |||
| 80 | 86 | ||
| 81 | SSL_CTX_use_PrivateKey_ASN1() adds the private key of type B<pk> | 87 | SSL_CTX_use_PrivateKey_ASN1() adds the private key of type B<pk> |
| 82 | stored at memory location B<d> (length B<len>) to B<ctx>. | 88 | stored at memory location B<d> (length B<len>) to B<ctx>. |
| @@ -154,4 +160,10 @@ L<SSL_CTX_set_cipher_list(3)|SSL_CTX_set_cipher_list(3)>, | |||
| 154 | L<SSL_CTX_set_client_cert_cb(3)|SSL_CTX_set_client_cert_cb(3)>, | 160 | L<SSL_CTX_set_client_cert_cb(3)|SSL_CTX_set_client_cert_cb(3)>, |
| 155 | L<SSL_CTX_add_extra_chain_cert(3)|SSL_CTX_add_extra_chain_cert(3)> | 161 | L<SSL_CTX_add_extra_chain_cert(3)|SSL_CTX_add_extra_chain_cert(3)> |
| 156 | 162 | ||
| 163 | =head1 HISTORY | ||
| 164 | |||
| 165 | Support for DER encoded private keys (SSL_FILETYPE_ASN1) in | ||
| 166 | SSL_CTX_use_PrivateKey_file() and SSL_use_PrivateKey_file() was added | ||
| 167 | in 0.9.8 . | ||
| 168 | |||
| 157 | =cut | 169 | =cut |
diff --git a/src/lib/libssl/src/doc/ssl/SSL_SESSION_get_time.pod b/src/lib/libssl/src/doc/ssl/SSL_SESSION_get_time.pod index 00883ed2a0..490337a32f 100644 --- a/src/lib/libssl/src/doc/ssl/SSL_SESSION_get_time.pod +++ b/src/lib/libssl/src/doc/ssl/SSL_SESSION_get_time.pod | |||
| @@ -2,7 +2,7 @@ | |||
| 2 | 2 | ||
| 3 | =head1 NAME | 3 | =head1 NAME |
| 4 | 4 | ||
| 5 | SSL_SESSION_get_time, SSL_SESSION_set_time, SSL_SESSION_get_timeout, SSL_SESSION_get_timeout - retrieve and manipulate session time and timeout settings | 5 | SSL_SESSION_get_time, SSL_SESSION_set_time, SSL_SESSION_get_timeout, SSL_SESSION_set_timeout - retrieve and manipulate session time and timeout settings |
| 6 | 6 | ||
| 7 | =head1 SYNOPSIS | 7 | =head1 SYNOPSIS |
| 8 | 8 | ||
diff --git a/src/lib/libssl/src/doc/ssleay.txt b/src/lib/libssl/src/doc/ssleay.txt index 666de94e50..a8b04d7059 100644 --- a/src/lib/libssl/src/doc/ssleay.txt +++ b/src/lib/libssl/src/doc/ssleay.txt | |||
| @@ -4295,7 +4295,7 @@ X-Status: | |||
| 4295 | Loading client certs into MSIE 3.01 | 4295 | Loading client certs into MSIE 3.01 |
| 4296 | =================================== | 4296 | =================================== |
| 4297 | 4297 | ||
| 4298 | This document conatains all the information necessary to succesfully set up | 4298 | This document contains all the information necessary to successfully set up |
| 4299 | some scripts to issue client certs to Microsoft Internet Explorer. It | 4299 | some scripts to issue client certs to Microsoft Internet Explorer. It |
| 4300 | includes the required knowledge about the model MSIE uses for client | 4300 | includes the required knowledge about the model MSIE uses for client |
| 4301 | certification and includes complete sample scripts ready to play with. The | 4301 | certification and includes complete sample scripts ready to play with. The |
diff --git a/src/lib/libssl/src/doc/standards.txt b/src/lib/libssl/src/doc/standards.txt index f6675b574b..a5ce778f8e 100644 --- a/src/lib/libssl/src/doc/standards.txt +++ b/src/lib/libssl/src/doc/standards.txt | |||
| @@ -88,10 +88,26 @@ PKCS#12: Personal Information Exchange Syntax Standard, version 1.0. | |||
| 88 | (Format: TXT=143173 bytes) (Obsoletes RFC2437) (Status: | 88 | (Format: TXT=143173 bytes) (Obsoletes RFC2437) (Status: |
| 89 | INFORMATIONAL) | 89 | INFORMATIONAL) |
| 90 | 90 | ||
| 91 | 3713 A Description of the Camellia Encryption Algorithm. M. Matsui, | ||
| 92 | J. Nakajima, S. Moriai. April 2004. (Format: TXT=25031 bytes) | ||
| 93 | (Status: INFORMATIONAL) | ||
| 94 | |||
| 91 | 3820 Internet X.509 Public Key Infrastructure (PKI) Proxy Certificate | 95 | 3820 Internet X.509 Public Key Infrastructure (PKI) Proxy Certificate |
| 92 | Profile. S. Tuecke, V. Welch, D. Engert, L. Pearlman, M. Thompson. | 96 | Profile. S. Tuecke, V. Welch, D. Engert, L. Pearlman, M. Thompson. |
| 93 | June 2004. (Format: TXT=86374 bytes) (Status: PROPOSED STANDARD) | 97 | June 2004. (Format: TXT=86374 bytes) (Status: PROPOSED STANDARD) |
| 94 | 98 | ||
| 99 | 4132 Addition of Camellia Cipher Suites to Transport Layer Security | ||
| 100 | (TLS). S. Moriai, A. Kato, M. Kanda. July 2005. (Format: TXT=13590 | ||
| 101 | bytes) (Status: PROPOSED STANDARD) | ||
| 102 | |||
| 103 | 4162 Addition of SEED Cipher Suites to Transport Layer Security (TLS). | ||
| 104 | H.J. Lee, J.H. Yoon, J.I. Lee. August 2005. (Format: TXT=10578 bytes) | ||
| 105 | (Status: PROPOSED STANDARD) | ||
| 106 | |||
| 107 | 4269 The SEED Encryption Algorithm. H.J. Lee, S.J. Lee, J.H. Yoon, | ||
| 108 | D.H. Cheon, J.I. Lee. December 2005. (Format: TXT=34390 bytes) | ||
| 109 | (Obsoletes RFC4009) (Status: INFORMATIONAL) | ||
| 110 | |||
| 95 | 111 | ||
| 96 | Related: | 112 | Related: |
| 97 | -------- | 113 | -------- |
| @@ -250,7 +266,11 @@ STARTTLS documents. | |||
| 250 | Protocol. A. Jungmaier, E. Rescorla, M. Tuexen. December 2002. | 266 | Protocol. A. Jungmaier, E. Rescorla, M. Tuexen. December 2002. |
| 251 | (Format: TXT=16333 bytes) (Status: PROPOSED STANDARD) | 267 | (Format: TXT=16333 bytes) (Status: PROPOSED STANDARD) |
| 252 | 268 | ||
| 253 | "Securing FTP with TLS", 01/27/2000, <draft-murray-auth-ftp-ssl-05.txt> | 269 | 3657 Use of the Camellia Encryption Algorithm in Cryptographic |
| 270 | Message Syntax (CMS). S. Moriai, A. Kato. January 2004. | ||
| 271 | (Format: TXT=26282 bytes) (Status: PROPOSED STANDARD) | ||
| 272 | |||
| 273 | "Securing FTP with TLS", 01/27/2000, <draft-murray-auth-ftp-ssl-05.txt> | ||
| 254 | 274 | ||
| 255 | 275 | ||
| 256 | To be implemented: | 276 | To be implemented: |
diff --git a/src/lib/libssl/src/e_os.h b/src/lib/libssl/src/e_os.h index e2b6561066..acc6a15eb7 100644 --- a/src/lib/libssl/src/e_os.h +++ b/src/lib/libssl/src/e_os.h | |||
| @@ -181,6 +181,25 @@ extern "C" { | |||
| 181 | #define closesocket(s) close(s) | 181 | #define closesocket(s) close(s) |
| 182 | #define readsocket(s,b,n) read((s),(b),(n)) | 182 | #define readsocket(s,b,n) read((s),(b),(n)) |
| 183 | #define writesocket(s,b,n) write((s),(char *)(b),(n)) | 183 | #define writesocket(s,b,n) write((s),(char *)(b),(n)) |
| 184 | #elif defined(OPENSSL_SYS_NETWARE) | ||
| 185 | #if defined(NETWARE_BSDSOCK) | ||
| 186 | #define get_last_socket_error() errno | ||
| 187 | #define clear_socket_error() errno=0 | ||
| 188 | #define closesocket(s) close(s) | ||
| 189 | #define ioctlsocket(a,b,c) ioctl(a,b,c) | ||
| 190 | #if defined(NETWARE_LIBC) | ||
| 191 | #define readsocket(s,b,n) recv((s),(b),(n),0) | ||
| 192 | #define writesocket(s,b,n) send((s),(b),(n),0) | ||
| 193 | #else | ||
| 194 | #define readsocket(s,b,n) recv((s),(char*)(b),(n),0) | ||
| 195 | #define writesocket(s,b,n) send((s),(char*)(b),(n),0) | ||
| 196 | #endif | ||
| 197 | #else | ||
| 198 | #define get_last_socket_error() WSAGetLastError() | ||
| 199 | #define clear_socket_error() WSASetLastError(0) | ||
| 200 | #define readsocket(s,b,n) recv((s),(b),(n),0) | ||
| 201 | #define writesocket(s,b,n) send((s),(b),(n),0) | ||
| 202 | #endif | ||
| 184 | #else | 203 | #else |
| 185 | #define get_last_socket_error() errno | 204 | #define get_last_socket_error() errno |
| 186 | #define clear_socket_error() errno=0 | 205 | #define clear_socket_error() errno=0 |
| @@ -191,7 +210,6 @@ extern "C" { | |||
| 191 | #endif | 210 | #endif |
| 192 | 211 | ||
| 193 | #ifdef WIN16 | 212 | #ifdef WIN16 |
| 194 | # define OPENSSL_NO_FP_API | ||
| 195 | # define MS_CALLBACK _far _loadds | 213 | # define MS_CALLBACK _far _loadds |
| 196 | # define MS_FAR _far | 214 | # define MS_FAR _far |
| 197 | #else | 215 | #else |
| @@ -200,6 +218,7 @@ extern "C" { | |||
| 200 | #endif | 218 | #endif |
| 201 | 219 | ||
| 202 | #ifdef OPENSSL_NO_STDIO | 220 | #ifdef OPENSSL_NO_STDIO |
| 221 | # undef OPENSSL_NO_FP_API | ||
| 203 | # define OPENSSL_NO_FP_API | 222 | # define OPENSSL_NO_FP_API |
| 204 | #endif | 223 | #endif |
| 205 | 224 | ||
| @@ -232,11 +251,46 @@ extern "C" { | |||
| 232 | # define NO_DIRENT | 251 | # define NO_DIRENT |
| 233 | 252 | ||
| 234 | # ifdef WINDOWS | 253 | # ifdef WINDOWS |
| 254 | # if !defined(_WIN32_WCE) && !defined(_WIN32_WINNT) | ||
| 255 | /* | ||
| 256 | * Defining _WIN32_WINNT here in e_os.h implies certain "discipline." | ||
| 257 | * Most notably we ought to check for availability of each specific | ||
| 258 | * routine with GetProcAddress() and/or quard NT-specific calls with | ||
| 259 | * GetVersion() < 0x80000000. One can argue that in latter "or" case | ||
| 260 | * we ought to /DELAYLOAD some .DLLs in order to protect ourselves | ||
| 261 | * against run-time link errors. This doesn't seem to be necessary, | ||
| 262 | * because it turned out that already Windows 95, first non-NT Win32 | ||
| 263 | * implementation, is equipped with at least NT 3.51 stubs, dummy | ||
| 264 | * routines with same name, but which do nothing. Meaning that it's | ||
| 265 | * apparently appropriate to guard generic NT calls with GetVersion | ||
| 266 | * alone, while NT 4.0 and above calls ought to be additionally | ||
| 267 | * checked upon with GetProcAddress. | ||
| 268 | */ | ||
| 269 | # define _WIN32_WINNT 0x0400 | ||
| 270 | # endif | ||
| 235 | # include <windows.h> | 271 | # include <windows.h> |
| 236 | # include <stddef.h> | 272 | # include <stddef.h> |
| 237 | # include <errno.h> | 273 | # include <errno.h> |
| 238 | # include <string.h> | 274 | # include <string.h> |
| 275 | # ifdef _WIN64 | ||
| 276 | # define strlen(s) _strlen31(s) | ||
| 277 | /* cut strings to 2GB */ | ||
| 278 | static unsigned int _strlen31(const char *str) | ||
| 279 | { | ||
| 280 | unsigned int len=0; | ||
| 281 | while (*str && len<0x80000000U) str++, len++; | ||
| 282 | return len&0x7FFFFFFF; | ||
| 283 | } | ||
| 284 | # endif | ||
| 239 | # include <malloc.h> | 285 | # include <malloc.h> |
| 286 | # if defined(_MSC_VER) && _MSC_VER<=1200 && defined(_MT) && defined(isspace) | ||
| 287 | /* compensate for bug is VC6 ctype.h */ | ||
| 288 | # undef isspace | ||
| 289 | # undef isdigit | ||
| 290 | # undef isalnum | ||
| 291 | # undef isupper | ||
| 292 | # undef isxdigit | ||
| 293 | # endif | ||
| 240 | # endif | 294 | # endif |
| 241 | # include <io.h> | 295 | # include <io.h> |
| 242 | # include <fcntl.h> | 296 | # include <fcntl.h> |
| @@ -323,6 +377,32 @@ extern "C" { | |||
| 323 | __VMS_EXIT |= 0x10000000; \ | 377 | __VMS_EXIT |= 0x10000000; \ |
| 324 | exit(__VMS_EXIT); } while(0) | 378 | exit(__VMS_EXIT); } while(0) |
| 325 | # define NO_SYS_PARAM_H | 379 | # define NO_SYS_PARAM_H |
| 380 | |||
| 381 | # elif defined(OPENSSL_SYS_NETWARE) | ||
| 382 | # include <fcntl.h> | ||
| 383 | # include <unistd.h> | ||
| 384 | # define NO_SYS_TYPES_H | ||
| 385 | # undef DEVRANDOM | ||
| 386 | # ifdef NETWARE_CLIB | ||
| 387 | # define getpid GetThreadID | ||
| 388 | extern int GetThreadID(void); | ||
| 389 | /* # include <conio.h> */ | ||
| 390 | extern int kbhit(void); | ||
| 391 | extern void delay(unsigned milliseconds); | ||
| 392 | # else | ||
| 393 | # include <screen.h> | ||
| 394 | # endif | ||
| 395 | # define NO_SYSLOG | ||
| 396 | # define _setmode setmode | ||
| 397 | # define _kbhit kbhit | ||
| 398 | # define _O_TEXT O_TEXT | ||
| 399 | # define _O_BINARY O_BINARY | ||
| 400 | # define OPENSSL_CONF "openssl.cnf" | ||
| 401 | # define SSLEAY_CONF OPENSSL_CONF | ||
| 402 | # define RFILE ".rnd" | ||
| 403 | # define LIST_SEPARATOR_CHAR ';' | ||
| 404 | # define EXIT(n) { if (n) printf("ERROR: %d\n", (int)n); exit(n); } | ||
| 405 | |||
| 326 | # else | 406 | # else |
| 327 | /* !defined VMS */ | 407 | /* !defined VMS */ |
| 328 | # ifdef OPENSSL_SYS_MPE | 408 | # ifdef OPENSSL_SYS_MPE |
| @@ -376,6 +456,15 @@ extern "C" { | |||
| 376 | # elif !defined(__DJGPP__) | 456 | # elif !defined(__DJGPP__) |
| 377 | # include <winsock.h> | 457 | # include <winsock.h> |
| 378 | extern HINSTANCE _hInstance; | 458 | extern HINSTANCE _hInstance; |
| 459 | # ifdef _WIN64 | ||
| 460 | /* | ||
| 461 | * Even though sizeof(SOCKET) is 8, it's safe to cast it to int, because | ||
| 462 | * the value constitutes an index in per-process table of limited size | ||
| 463 | * and not a real pointer. | ||
| 464 | */ | ||
| 465 | # define socket(d,t,p) ((int)socket(d,t,p)) | ||
| 466 | # define accept(s,f,l) ((int)accept(s,f,l)) | ||
| 467 | # endif | ||
| 379 | # define SSLeay_Write(a,b,c) send((a),(b),(c),0) | 468 | # define SSLeay_Write(a,b,c) send((a),(b),(c),0) |
| 380 | # define SSLeay_Read(a,b,c) recv((a),(b),(c),0) | 469 | # define SSLeay_Read(a,b,c) recv((a),(b),(c),0) |
| 381 | # define SHUTDOWN(fd) { shutdown((fd),0); closesocket(fd); } | 470 | # define SHUTDOWN(fd) { shutdown((fd),0); closesocket(fd); } |
| @@ -395,6 +484,27 @@ extern HINSTANCE _hInstance; | |||
| 395 | # define SHUTDOWN(fd) MacSocket_close(fd) | 484 | # define SHUTDOWN(fd) MacSocket_close(fd) |
| 396 | # define SHUTDOWN2(fd) MacSocket_close(fd) | 485 | # define SHUTDOWN2(fd) MacSocket_close(fd) |
| 397 | 486 | ||
| 487 | # elif defined(OPENSSL_SYS_NETWARE) | ||
| 488 | /* NetWare uses the WinSock2 interfaces by default, but can be configured for BSD | ||
| 489 | */ | ||
| 490 | # if defined(NETWARE_BSDSOCK) | ||
| 491 | # include <sys/socket.h> | ||
| 492 | # include <netinet/in.h> | ||
| 493 | # include <sys/time.h> | ||
| 494 | # if defined(NETWARE_CLIB) | ||
| 495 | # include <sys/bsdskt.h> | ||
| 496 | # else | ||
| 497 | # include <sys/select.h> | ||
| 498 | # endif | ||
| 499 | # define INVALID_SOCKET (int)(~0) | ||
| 500 | # else | ||
| 501 | # include <novsock2.h> | ||
| 502 | # endif | ||
| 503 | # define SSLeay_Write(a,b,c) send((a),(b),(c),0) | ||
| 504 | # define SSLeay_Read(a,b,c) recv((a),(b),(c),0) | ||
| 505 | # define SHUTDOWN(fd) { shutdown((fd),0); closesocket(fd); } | ||
| 506 | # define SHUTDOWN2(fd) { shutdown((fd),2); closesocket(fd); } | ||
| 507 | |||
| 398 | # else | 508 | # else |
| 399 | 509 | ||
| 400 | # ifndef NO_SYS_PARAM_H | 510 | # ifndef NO_SYS_PARAM_H |
| @@ -479,6 +589,9 @@ extern HINSTANCE _hInstance; | |||
| 479 | extern char *sys_errlist[]; extern int sys_nerr; | 589 | extern char *sys_errlist[]; extern int sys_nerr; |
| 480 | # define strerror(errnum) \ | 590 | # define strerror(errnum) \ |
| 481 | (((errnum)<0 || (errnum)>=sys_nerr) ? NULL : sys_errlist[errnum]) | 591 | (((errnum)<0 || (errnum)>=sys_nerr) ? NULL : sys_errlist[errnum]) |
| 592 | /* Being signed SunOS 4.x memcpy breaks ASN1_OBJECT table lookup */ | ||
| 593 | #include "crypto/o_str.h" | ||
| 594 | # define memcmp OPENSSL_memcmp | ||
| 482 | #endif | 595 | #endif |
| 483 | 596 | ||
| 484 | #ifndef OPENSSL_EXIT | 597 | #ifndef OPENSSL_EXIT |
| @@ -524,13 +637,12 @@ extern char *sys_errlist[]; extern int sys_nerr; | |||
| 524 | #elif defined(OPENSSL_SYS_OS2) && defined(__EMX__) | 637 | #elif defined(OPENSSL_SYS_OS2) && defined(__EMX__) |
| 525 | # define strcasecmp stricmp | 638 | # define strcasecmp stricmp |
| 526 | # define strncasecmp strnicmp | 639 | # define strncasecmp strnicmp |
| 527 | #else | 640 | #elif defined(OPENSSL_SYS_NETWARE) |
| 528 | # ifdef NO_STRINGS_H | 641 | # include <string.h> |
| 529 | int strcasecmp(); | 642 | # if defined(NETWARE_CLIB) |
| 530 | int strncasecmp(); | 643 | # define strcasecmp stricmp |
| 531 | # else | 644 | # define strncasecmp strnicmp |
| 532 | # include <strings.h> | 645 | # endif /* NETWARE_CLIB */ |
| 533 | # endif /* NO_STRINGS_H */ | ||
| 534 | #endif | 646 | #endif |
| 535 | 647 | ||
| 536 | #if defined(OPENSSL_SYS_OS2) && defined(__EMX__) | 648 | #if defined(OPENSSL_SYS_OS2) && defined(__EMX__) |
diff --git a/src/lib/libssl/src/e_os2.h b/src/lib/libssl/src/e_os2.h index d8de8beead..9da0b65448 100644 --- a/src/lib/libssl/src/e_os2.h +++ b/src/lib/libssl/src/e_os2.h | |||
| @@ -76,17 +76,20 @@ extern "C" { | |||
| 76 | # define OPENSSL_SYS_MACINTOSH_CLASSIC | 76 | # define OPENSSL_SYS_MACINTOSH_CLASSIC |
| 77 | #endif | 77 | #endif |
| 78 | 78 | ||
| 79 | /* ----------------------- NetWare ----------------------------------------- */ | ||
| 80 | #if defined(NETWARE) || defined(OPENSSL_SYSNAME_NETWARE) | ||
| 81 | # undef OPENSSL_SYS_UNIX | ||
| 82 | # define OPENSSL_SYS_NETWARE | ||
| 83 | #endif | ||
| 84 | |||
| 79 | /* ---------------------- Microsoft operating systems ---------------------- */ | 85 | /* ---------------------- Microsoft operating systems ---------------------- */ |
| 80 | 86 | ||
| 81 | /* The 16 bit environments are pretty straightforward */ | 87 | /* Note that MSDOS actually denotes 32-bit environments running on top of |
| 82 | #if defined(OPENSSL_SYSNAME_WIN16) || defined(OPENSSL_SYSNAME_MSDOS) | 88 | MS-DOS, such as DJGPP one. */ |
| 89 | #if defined(OPENSSL_SYSNAME_MSDOS) | ||
| 83 | # undef OPENSSL_SYS_UNIX | 90 | # undef OPENSSL_SYS_UNIX |
| 84 | # define OPENSSL_SYS_MSDOS | 91 | # define OPENSSL_SYS_MSDOS |
| 85 | #endif | 92 | #endif |
| 86 | #if defined(OPENSSL_SYSNAME_WIN16) | ||
| 87 | # undef OPENSSL_SYS_UNIX | ||
| 88 | # define OPENSSL_SYS_WIN16 | ||
| 89 | #endif | ||
| 90 | 93 | ||
| 91 | /* For 32 bit environment, there seems to be the CygWin environment and then | 94 | /* For 32 bit environment, there seems to be the CygWin environment and then |
| 92 | all the others that try to do the same thing Microsoft does... */ | 95 | all the others that try to do the same thing Microsoft does... */ |
| @@ -114,7 +117,7 @@ extern "C" { | |||
| 114 | #endif | 117 | #endif |
| 115 | 118 | ||
| 116 | /* Anything that tries to look like Microsoft is "Windows" */ | 119 | /* Anything that tries to look like Microsoft is "Windows" */ |
| 117 | #if defined(OPENSSL_SYS_WIN16) || defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WINNT) || defined(OPENSSL_SYS_WINCE) | 120 | #if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WINNT) || defined(OPENSSL_SYS_WINCE) |
| 118 | # undef OPENSSL_SYS_UNIX | 121 | # undef OPENSSL_SYS_UNIX |
| 119 | # define OPENSSL_SYS_WINDOWS | 122 | # define OPENSSL_SYS_WINDOWS |
| 120 | # ifndef OPENSSL_SYS_MSDOS | 123 | # ifndef OPENSSL_SYS_MSDOS |
| @@ -248,7 +251,7 @@ extern "C" { | |||
| 248 | #define OPENSSL_EXTERN OPENSSL_IMPORT | 251 | #define OPENSSL_EXTERN OPENSSL_IMPORT |
| 249 | 252 | ||
| 250 | /* Macros to allow global variables to be reached through function calls when | 253 | /* Macros to allow global variables to be reached through function calls when |
| 251 | required (if a shared library version requires it, for example. | 254 | required (if a shared library version requvres it, for example. |
| 252 | The way it's done allows definitions like this: | 255 | The way it's done allows definitions like this: |
| 253 | 256 | ||
| 254 | // in foobar.c | 257 | // in foobar.c |
diff --git a/src/lib/libssl/src/install.com b/src/lib/libssl/src/install.com index 8de3a7f977..4e4fe80dfe 100644 --- a/src/lib/libssl/src/install.com +++ b/src/lib/libssl/src/install.com | |||
| @@ -52,23 +52,23 @@ $ IF F$PARSE("WRK_SSLPRIVATE:") .EQS. "" THEN - | |||
| 52 | $ IF F$PARSE("WRK_SSLROOT:[VMS]") .EQS. "" THEN - | 52 | $ IF F$PARSE("WRK_SSLROOT:[VMS]") .EQS. "" THEN - |
| 53 | CREATE/DIR/LOG WRK_SSLROOT:[VMS] | 53 | CREATE/DIR/LOG WRK_SSLROOT:[VMS] |
| 54 | $ | 54 | $ |
| 55 | $ DIRS := CRYPTO,FIPS,SSL,APPS,VMS!,RSAREF,TEST,TOOLS | 55 | $ SDIRS := CRYPTO,SSL,APPS,VMS!,RSAREF,TEST,TOOLS |
| 56 | $ EXHEADER := e_os2.h | 56 | $ EXHEADER := e_os2.h |
| 57 | $ | 57 | $ |
| 58 | $ COPY 'EXHEADER' WRK_SSLINCLUDE: /LOG | 58 | $ COPY 'EXHEADER' WRK_SSLINCLUDE: /LOG |
| 59 | $ SET FILE/PROT=WORLD:RE WRK_SSLINCLUDE:'EXHEADER' | 59 | $ SET FILE/PROT=WORLD:RE WRK_SSLINCLUDE:'EXHEADER' |
| 60 | $ | 60 | $ |
| 61 | $ I = 0 | 61 | $ I = 0 |
| 62 | $ LOOP_DIRS: | 62 | $ LOOP_SDIRS: |
| 63 | $ D = F$ELEMENT(I, ",", DIRS) | 63 | $ D = F$ELEMENT(I, ",", SDIRS) |
| 64 | $ I = I + 1 | 64 | $ I = I + 1 |
| 65 | $ IF D .EQS. "," THEN GOTO LOOP_DIRS_END | 65 | $ IF D .EQS. "," THEN GOTO LOOP_SDIRS_END |
| 66 | $ WRITE SYS$OUTPUT "Installing ",D," files." | 66 | $ WRITE SYS$OUTPUT "Installing ",D," files." |
| 67 | $ SET DEFAULT [.'D'] | 67 | $ SET DEFAULT [.'D'] |
| 68 | $ @INSTALL 'ROOT'] | 68 | $ @INSTALL 'ROOT'] |
| 69 | $ SET DEFAULT [-] | 69 | $ SET DEFAULT [-] |
| 70 | $ GOTO LOOP_DIRS | 70 | $ GOTO LOOP_SDIRS |
| 71 | $ LOOP_DIRS_END: | 71 | $ LOOP_SDIRS_END: |
| 72 | $ | 72 | $ |
| 73 | $ DEASSIGN WRK_SSLROOT | 73 | $ DEASSIGN WRK_SSLROOT |
| 74 | $ DEASSIGN WRK_SSLVLIB | 74 | $ DEASSIGN WRK_SSLVLIB |
diff --git a/src/lib/libssl/src/makevms.com b/src/lib/libssl/src/makevms.com index a739625302..4f70308082 100644 --- a/src/lib/libssl/src/makevms.com +++ b/src/lib/libssl/src/makevms.com | |||
| @@ -28,6 +28,7 @@ $! SSL Just build the "[.xxx.EXE.SSL]LIBSSL.OLB" library. | |||
| 28 | $! SSL_TASK Just build the "[.xxx.EXE.SSL]SSL_TASK.EXE" program. | 28 | $! SSL_TASK Just build the "[.xxx.EXE.SSL]SSL_TASK.EXE" program. |
| 29 | $! TEST Just build the "[.xxx.EXE.TEST]" test programs for OpenSSL. | 29 | $! TEST Just build the "[.xxx.EXE.TEST]" test programs for OpenSSL. |
| 30 | $! APPS Just build the "[.xxx.EXE.APPS]" application programs for OpenSSL. | 30 | $! APPS Just build the "[.xxx.EXE.APPS]" application programs for OpenSSL. |
| 31 | $! ENGINES Just build the "[.xxx.EXE.ENGINES]" application programs for OpenSSL. | ||
| 31 | $! | 32 | $! |
| 32 | $! | 33 | $! |
| 33 | $! P2 is ignored (it was used to denote if RSAref should be used or not, | 34 | $! P2 is ignored (it was used to denote if RSAref should be used or not, |
| @@ -138,6 +139,10 @@ $! Build The [.xxx.EXE.APPS] OpenSSL Application Utilities. | |||
| 138 | $! | 139 | $! |
| 139 | $ GOSUB APPS | 140 | $ GOSUB APPS |
| 140 | $! | 141 | $! |
| 142 | $! Build The [.xxx.EXE.ENGINES] OpenSSL Shareable Engines. | ||
| 143 | $! | ||
| 144 | $ GOSUB ENGINES | ||
| 145 | $! | ||
| 141 | $! Else... | 146 | $! Else... |
| 142 | $! | 147 | $! |
| 143 | $ ELSE | 148 | $ ELSE |
| @@ -178,7 +183,7 @@ $ WRITE H_FILE "# define OPENSSL_SYS_VMS" | |||
| 178 | $ WRITE H_FILE "#endif" | 183 | $ WRITE H_FILE "#endif" |
| 179 | $ CONFIG_LOGICALS := NO_ASM,NO_RSA,NO_DSA,NO_DH,NO_MD2,NO_MD5,NO_RIPEMD,- | 184 | $ CONFIG_LOGICALS := NO_ASM,NO_RSA,NO_DSA,NO_DH,NO_MD2,NO_MD5,NO_RIPEMD,- |
| 180 | NO_SHA,NO_SHA0,NO_SHA1,NO_DES/NO_MDC2;NO_MDC2,NO_RC2,NO_RC4,NO_RC5,- | 185 | NO_SHA,NO_SHA0,NO_SHA1,NO_DES/NO_MDC2;NO_MDC2,NO_RC2,NO_RC4,NO_RC5,- |
| 181 | NO_IDEA,NO_BF,NO_CAST,NO_HMAC,NO_SSL2,FIPS | 186 | NO_IDEA,NO_BF,NO_CAST,NO_CAMELLIA,NO_SEED,NO_HMAC,NO_SSL2 |
| 182 | $ CONFIG_LOG_I = 0 | 187 | $ CONFIG_LOG_I = 0 |
| 183 | $ CONFIG_LOG_LOOP: | 188 | $ CONFIG_LOG_LOOP: |
| 184 | $ CONFIG_LOG_E1 = F$ELEMENT(CONFIG_LOG_I,",",CONFIG_LOGICALS) | 189 | $ CONFIG_LOG_E1 = F$ELEMENT(CONFIG_LOG_I,",",CONFIG_LOGICALS) |
| @@ -214,6 +219,9 @@ $ ENDIF | |||
| 214 | $ ENDIF | 219 | $ ENDIF |
| 215 | $ GOTO CONFIG_LOG_LOOP | 220 | $ GOTO CONFIG_LOG_LOOP |
| 216 | $ CONFIG_LOG_LOOP_END: | 221 | $ CONFIG_LOG_LOOP_END: |
| 222 | $ WRITE H_FILE "#ifndef OPENSSL_NO_STATIC_ENGINE" | ||
| 223 | $ WRITE H_FILE "# define OPENSSL_NO_STATIC_ENGINE" | ||
| 224 | $ WRITE H_FILE "#endif" | ||
| 217 | $ WRITE H_FILE "#ifndef OPENSSL_THREADS" | 225 | $ WRITE H_FILE "#ifndef OPENSSL_THREADS" |
| 218 | $ WRITE H_FILE "# define OPENSSL_THREADS" | 226 | $ WRITE H_FILE "# define OPENSSL_THREADS" |
| 219 | $ WRITE H_FILE "#endif" | 227 | $ WRITE H_FILE "#endif" |
| @@ -266,6 +274,7 @@ $ WRITE H_FILE "#define DES_UNROLL" | |||
| 266 | $ WRITE H_FILE "#endif" | 274 | $ WRITE H_FILE "#endif" |
| 267 | $! | 275 | $! |
| 268 | $ WRITE H_FILE "#if defined(HEADER_BN_H)" | 276 | $ WRITE H_FILE "#if defined(HEADER_BN_H)" |
| 277 | $ WRITE H_FILE "#undef BN_LLONG" ! Never define with SIXTY_FOUR_BIT | ||
| 269 | $ WRITE H_FILE "#undef SIXTY_FOUR_BIT_LONG" | 278 | $ WRITE H_FILE "#undef SIXTY_FOUR_BIT_LONG" |
| 270 | $ WRITE H_FILE "#undef SIXTY_FOUR_BIT" | 279 | $ WRITE H_FILE "#undef SIXTY_FOUR_BIT" |
| 271 | $ WRITE H_FILE "#define SIXTY_FOUR_BIT" | 280 | $ WRITE H_FILE "#define SIXTY_FOUR_BIT" |
| @@ -300,6 +309,7 @@ $ WRITE H_FILE "#undef DES_UNROLL" | |||
| 300 | $ WRITE H_FILE "#endif" | 309 | $ WRITE H_FILE "#endif" |
| 301 | $! | 310 | $! |
| 302 | $ WRITE H_FILE "#if defined(HEADER_BN_H)" | 311 | $ WRITE H_FILE "#if defined(HEADER_BN_H)" |
| 312 | $ WRITE H_FILE "#undef BN_LLONG" ! VAX C/DEC C doesn't have long long | ||
| 303 | $ WRITE H_FILE "#undef SIXTY_FOUR_BIT_LONG" | 313 | $ WRITE H_FILE "#undef SIXTY_FOUR_BIT_LONG" |
| 304 | $ WRITE H_FILE "#undef SIXTY_FOUR_BIT" | 314 | $ WRITE H_FILE "#undef SIXTY_FOUR_BIT" |
| 305 | $ WRITE H_FILE "#undef THIRTY_TWO_BIT" | 315 | $ WRITE H_FILE "#undef THIRTY_TWO_BIT" |
| @@ -307,7 +317,12 @@ $ WRITE H_FILE "#define THIRTY_TWO_BIT" | |||
| 307 | $ WRITE H_FILE "#undef SIXTEEN_BIT" | 317 | $ WRITE H_FILE "#undef SIXTEEN_BIT" |
| 308 | $ WRITE H_FILE "#undef EIGHT_BIT" | 318 | $ WRITE H_FILE "#undef EIGHT_BIT" |
| 309 | $ WRITE H_FILE "#endif" | 319 | $ WRITE H_FILE "#endif" |
| 310 | $ | 320 | $! |
| 321 | $ WRITE H_FILE "#if defined(HEADER_SHA_H)" | ||
| 322 | $ WRITE H_FILE "#undef OPENSSL_NO_SHA512" | ||
| 323 | $ WRITE H_FILE "#define OPENSSL_NO_SHA512" | ||
| 324 | $ WRITE H_FILE "#endif" | ||
| 325 | $! | ||
| 311 | $ WRITE H_FILE "#undef OPENSSL_EXPORT_VAR_AS_FUNCTION" | 326 | $ WRITE H_FILE "#undef OPENSSL_EXPORT_VAR_AS_FUNCTION" |
| 312 | $ WRITE H_FILE "#define OPENSSL_EXPORT_VAR_AS_FUNCTION" | 327 | $ WRITE H_FILE "#define OPENSSL_EXPORT_VAR_AS_FUNCTION" |
| 313 | $! | 328 | $! |
| @@ -388,6 +403,7 @@ $! | |||
| 388 | $! Copy all the *TEST.C files from [.CRYPTO...] into [.TEST] | 403 | $! Copy all the *TEST.C files from [.CRYPTO...] into [.TEST] |
| 389 | $! | 404 | $! |
| 390 | $ COPY SYS$DISK:[.CRYPTO.*]%*TEST.C SYS$DISK:[.TEST] | 405 | $ COPY SYS$DISK:[.CRYPTO.*]%*TEST.C SYS$DISK:[.TEST] |
| 406 | $ COPY SYS$DISK:[.CRYPTO.SHA]SHA%%%T.C SYS$DISK:[.TEST] | ||
| 391 | $ COPY SYS$DISK:[.CRYPTO.EVP]EVPTESTS.TXT SYS$DISK:[.TEST] | 407 | $ COPY SYS$DISK:[.CRYPTO.EVP]EVPTESTS.TXT SYS$DISK:[.TEST] |
| 392 | $! | 408 | $! |
| 393 | $! Copy all the *TEST.C files from [.SSL...] into [.TEST] | 409 | $! Copy all the *TEST.C files from [.SSL...] into [.TEST] |
| @@ -410,13 +426,17 @@ $ COPY 'EXHEADER' SYS$DISK:[.INCLUDE.OPENSSL] | |||
| 410 | $! | 426 | $! |
| 411 | $! Copy All The ".H" Files From The [.CRYPTO] Directory Tree. | 427 | $! Copy All The ".H" Files From The [.CRYPTO] Directory Tree. |
| 412 | $! | 428 | $! |
| 413 | $ SDIRS := ,MD2,MD4,MD5,SHA,MDC2,HMAC,RIPEMD,- | 429 | $ SDIRS := ,- |
| 414 | DES,RC2,RC4,RC5,IDEA,BF,CAST,- | 430 | OBJECTS,- |
| 415 | BN,EC,RSA,DSA,DH,DSO,ENGINE,AES,- | 431 | MD2,MD4,MD5,SHA,MDC2,HMAC,RIPEMD,- |
| 416 | BUFFER,BIO,STACK,LHASH,RAND,ERR,OBJECTS,- | 432 | DES,RC2,RC4,RC5,IDEA,BF,CAST,CAMELLIA,SEED,- |
| 417 | EVP,ASN1,PEM,X509,X509V3,CONF,TXT_DB,PKCS7,PKCS12,COMP,OCSP,UI,KRB5 | 433 | BN,EC,RSA,DSA,ECDSA,DH,ECDH,DSO,ENGINE,AES,- |
| 434 | BUFFER,BIO,STACK,LHASH,RAND,ERR,- | ||
| 435 | EVP,ASN1,PEM,X509,X509V3,CONF,TXT_DB,PKCS7,PKCS12,COMP,OCSP,UI,KRB5,- | ||
| 436 | STORE,CMS,PQUEUE | ||
| 418 | $ EXHEADER_ := crypto.h,tmdiff.h,opensslv.h,opensslconf.h,ebcdic.h,symhacks.h,- | 437 | $ EXHEADER_ := crypto.h,tmdiff.h,opensslv.h,opensslconf.h,ebcdic.h,symhacks.h,- |
| 419 | ossl_typ.h | 438 | ossl_typ.h |
| 439 | $ EXHEADER_OBJECTS := objects.h,obj_mac.h | ||
| 420 | $ EXHEADER_MD2 := md2.h | 440 | $ EXHEADER_MD2 := md2.h |
| 421 | $ EXHEADER_MD4 := md4.h | 441 | $ EXHEADER_MD4 := md4.h |
| 422 | $ EXHEADER_MD5 := md5.h | 442 | $ EXHEADER_MD5 := md5.h |
| @@ -431,11 +451,15 @@ $ EXHEADER_RC5 := rc5.h | |||
| 431 | $ EXHEADER_IDEA := idea.h | 451 | $ EXHEADER_IDEA := idea.h |
| 432 | $ EXHEADER_BF := blowfish.h | 452 | $ EXHEADER_BF := blowfish.h |
| 433 | $ EXHEADER_CAST := cast.h | 453 | $ EXHEADER_CAST := cast.h |
| 454 | $ EXHEADER_CAMELLIA := camellia.h | ||
| 455 | $ EXHEADER_SEED := seed.h | ||
| 434 | $ EXHEADER_BN := bn.h | 456 | $ EXHEADER_BN := bn.h |
| 435 | $ EXHEADER_EC := ec.h | 457 | $ EXHEADER_EC := ec.h |
| 436 | $ EXHEADER_RSA := rsa.h | 458 | $ EXHEADER_RSA := rsa.h |
| 437 | $ EXHEADER_DSA := dsa.h | 459 | $ EXHEADER_DSA := dsa.h |
| 460 | $ EXHEADER_ECDSA := ecdsa.h | ||
| 438 | $ EXHEADER_DH := dh.h | 461 | $ EXHEADER_DH := dh.h |
| 462 | $ EXHEADER_ECDH := ecdh.h | ||
| 439 | $ EXHEADER_DSO := dso.h | 463 | $ EXHEADER_DSO := dso.h |
| 440 | $ EXHEADER_ENGINE := engine.h | 464 | $ EXHEADER_ENGINE := engine.h |
| 441 | $ EXHEADER_AES := aes.h | 465 | $ EXHEADER_AES := aes.h |
| @@ -445,7 +469,6 @@ $ EXHEADER_STACK := stack.h,safestack.h | |||
| 445 | $ EXHEADER_LHASH := lhash.h | 469 | $ EXHEADER_LHASH := lhash.h |
| 446 | $ EXHEADER_RAND := rand.h | 470 | $ EXHEADER_RAND := rand.h |
| 447 | $ EXHEADER_ERR := err.h | 471 | $ EXHEADER_ERR := err.h |
| 448 | $ EXHEADER_OBJECTS := objects.h,obj_mac.h | ||
| 449 | $ EXHEADER_EVP := evp.h | 472 | $ EXHEADER_EVP := evp.h |
| 450 | $ EXHEADER_ASN1 := asn1.h,asn1_mac.h,asn1t.h | 473 | $ EXHEADER_ASN1 := asn1.h,asn1_mac.h,asn1t.h |
| 451 | $ EXHEADER_PEM := pem.h,pem2.h | 474 | $ EXHEADER_PEM := pem.h,pem2.h |
| @@ -459,6 +482,10 @@ $ EXHEADER_COMP := comp.h | |||
| 459 | $ EXHEADER_OCSP := ocsp.h | 482 | $ EXHEADER_OCSP := ocsp.h |
| 460 | $ EXHEADER_UI := ui.h,ui_compat.h | 483 | $ EXHEADER_UI := ui.h,ui_compat.h |
| 461 | $ EXHEADER_KRB5 := krb5_asn.h | 484 | $ EXHEADER_KRB5 := krb5_asn.h |
| 485 | $!EXHEADER_STORE := store.h,str_compat.h | ||
| 486 | $ EXHEADER_STORE := store.h | ||
| 487 | $ EXHEADER_CMS := cms.h | ||
| 488 | $ EXHEADER_PQUEUE := pqueue.h,pq_compat.h | ||
| 462 | $ | 489 | $ |
| 463 | $ I = 0 | 490 | $ I = 0 |
| 464 | $ LOOP_SDIRS: | 491 | $ LOOP_SDIRS: |
| @@ -477,38 +504,9 @@ $ LOOP_SDIRS_END: | |||
| 477 | $! | 504 | $! |
| 478 | $! Copy All The ".H" Files From The [.SSL] Directory. | 505 | $! Copy All The ".H" Files From The [.SSL] Directory. |
| 479 | $! | 506 | $! |
| 480 | $ EXHEADER := ssl.h,ssl2.h,ssl3.h,ssl23.h,tls1.h,kssl.h | 507 | $ EXHEADER := ssl.h,ssl2.h,ssl3.h,ssl23.h,tls1.h,dtls1.h,kssl.h |
| 481 | $ COPY SYS$DISK:[.SSL]'EXHEADER' SYS$DISK:[.INCLUDE.OPENSSL] | 508 | $ COPY SYS$DISK:[.SSL]'EXHEADER' SYS$DISK:[.INCLUDE.OPENSSL] |
| 482 | $! | 509 | $! |
| 483 | $! Copy All The ".H" Files From The [.FIPS-1_0] Directories. | ||
| 484 | $! | ||
| 485 | $ FDIRS := ,SHA,RAND,DES,AES,DSA,RSA,DH,HMAC | ||
| 486 | $ EXHEADER_ := fips.h | ||
| 487 | $ EXHEADER_SHA := fips_sha.h | ||
| 488 | $ EXHEADER_RAND := fips_rand.h | ||
| 489 | $ EXHEADER_DES := | ||
| 490 | $ EXHEADER_AES := | ||
| 491 | $ EXHEADER_DSA := | ||
| 492 | $ EXHEADER_RSA := | ||
| 493 | $ EXHEADER_DH := | ||
| 494 | $ EXHEADER_HMAC := | ||
| 495 | $ | ||
| 496 | $ I = 0 | ||
| 497 | $ LOOP_FDIRS: | ||
| 498 | $ D = F$EDIT(F$ELEMENT(I, ",", FDIRS),"TRIM") | ||
| 499 | $ I = I + 1 | ||
| 500 | $ IF D .EQS. "," THEN GOTO LOOP_FDIRS_END | ||
| 501 | $ tmp = EXHEADER_'D' | ||
| 502 | $ IF tmp .EQS. "" THEN GOTO LOOP_FDIRS | ||
| 503 | $ IF D .EQS. "" | ||
| 504 | $ THEN | ||
| 505 | $ COPY [.FIPS-1_0]'tmp' SYS$DISK:[.INCLUDE.OPENSSL] !/LOG | ||
| 506 | $ ELSE | ||
| 507 | $ COPY [.FIPS-1_0.'D']'tmp' SYS$DISK:[.INCLUDE.OPENSSL] !/LOG | ||
| 508 | $ ENDIF | ||
| 509 | $ GOTO LOOP_FDIRS | ||
| 510 | $ LOOP_FDIRS_END: | ||
| 511 | $! | ||
| 512 | $! Purge all doubles | 510 | $! Purge all doubles |
| 513 | $! | 511 | $! |
| 514 | $ PURGE SYS$DISK:[.INCLUDE.OPENSSL]*.H | 512 | $ PURGE SYS$DISK:[.INCLUDE.OPENSSL]*.H |
| @@ -534,21 +532,9 @@ $! Build The [.xxx.EXE.CRYPTO]LIBCRYPTO.OLB Library. | |||
| 534 | $! | 532 | $! |
| 535 | $ @CRYPTO-LIB LIBRARY 'DEBUGGER' "''COMPILER'" "''TCPIP_TYPE'" "''ISSEVEN'" "''BUILDPART'" | 533 | $ @CRYPTO-LIB LIBRARY 'DEBUGGER' "''COMPILER'" "''TCPIP_TYPE'" "''ISSEVEN'" "''BUILDPART'" |
| 536 | $! | 534 | $! |
| 537 | $! Go Back To The Main Directory. | ||
| 538 | $! | ||
| 539 | $ SET DEFAULT [-] | ||
| 540 | $! | ||
| 541 | $! Go To The [.FIPS-1_0] Directory. | ||
| 542 | $! | ||
| 543 | $ SET DEFAULT SYS$DISK:[.FIPS-1_0] | ||
| 544 | $! | ||
| 545 | $! Build The [.xxx.EXE.CRYPTO]LIBCRYPTO.OLB Library. | ||
| 546 | $! | ||
| 547 | $ @FIPS-LIB LIBRARY 'DEBUGGER' "''COMPILER'" "''TCPIP_TYPE'" "''ISSEVEN'" "''BUILDPART'" | ||
| 548 | $! | ||
| 549 | $! Build The [.xxx.EXE.CRYPTO]*.EXE Test Applications. | 535 | $! Build The [.xxx.EXE.CRYPTO]*.EXE Test Applications. |
| 550 | $! | 536 | $! |
| 551 | $ @FIPS-LIB APPS 'DEBUGGER' "''COMPILER'" "''TCPIP_TYPE'" 'ISSEVEN' | 537 | $ @CRYPTO-LIB APPS 'DEBUGGER' "''COMPILER'" "''TCPIP_TYPE'" 'ISSEVEN' "''BUILDPART'" |
| 552 | $! | 538 | $! |
| 553 | $! Go Back To The Main Directory. | 539 | $! Go Back To The Main Directory. |
| 554 | $! | 540 | $! |
| @@ -658,6 +644,31 @@ $! That's All, Time To RETURN. | |||
| 658 | $! | 644 | $! |
| 659 | $ RETURN | 645 | $ RETURN |
| 660 | $! | 646 | $! |
| 647 | $! Build The OpenSSL Application Programs. | ||
| 648 | $! | ||
| 649 | $ ENGINES: | ||
| 650 | $! | ||
| 651 | $! Tell The User What We Are Doing. | ||
| 652 | $! | ||
| 653 | $ WRITE SYS$OUTPUT "" | ||
| 654 | $ WRITE SYS$OUTPUT "Building OpenSSL [.",ARCH,".EXE.ENGINES] Engines." | ||
| 655 | $! | ||
| 656 | $! Go To The [.ENGINES] Directory. | ||
| 657 | $! | ||
| 658 | $ SET DEFAULT SYS$DISK:[.ENGINES] | ||
| 659 | $! | ||
| 660 | $! Build The Application Programs. | ||
| 661 | $! | ||
| 662 | $ @MAKEENGINES ENGINES 'DEBUGGER' "''COMPILER'" "''TCPIP_TYPE'" 'ISSEVEN' "''BUILDPART'" | ||
| 663 | $! | ||
| 664 | $! Go Back To The Main Directory. | ||
| 665 | $! | ||
| 666 | $ SET DEFAULT [-] | ||
| 667 | $! | ||
| 668 | $! That's All, Time To RETURN. | ||
| 669 | $! | ||
| 670 | $ RETURN | ||
| 671 | $! | ||
| 661 | $! Check The User's Options. | 672 | $! Check The User's Options. |
| 662 | $! | 673 | $! |
| 663 | $ CHECK_OPTIONS: | 674 | $ CHECK_OPTIONS: |
diff --git a/src/lib/libssl/src/ms/do_masm.bat b/src/lib/libssl/src/ms/do_masm.bat index ce22a44305..6ea1c98716 100644 --- a/src/lib/libssl/src/ms/do_masm.bat +++ b/src/lib/libssl/src/ms/do_masm.bat | |||
| @@ -1,69 +1,77 @@ | |||
| 1 | 1 | @echo off | |
| 2 | @echo off | 2 | |
| 3 | echo Generating x86 for MASM assember | 3 | SET ASMOPTS=-DOPENSSL_IA32_SSE2 |
| 4 | 4 | echo Generating x86 for MASM assember | |
| 5 | echo Bignum | 5 | |
| 6 | cd crypto\bn\asm | 6 | echo Bignum |
| 7 | perl x86.pl win32 > bn_win32.asm | 7 | cd crypto\bn\asm |
| 8 | cd ..\..\.. | 8 | perl bn-586.pl win32 %ASMOPTS% > bn_win32.asm |
| 9 | 9 | perl co-586.pl win32 %ASMOPTS% > co_win32.asm | |
| 10 | echo DES | 10 | cd ..\..\.. |
| 11 | cd crypto\des\asm | 11 | |
| 12 | perl des-586.pl win32 > d_win32.asm | 12 | echo AES |
| 13 | cd ..\..\.. | 13 | cd crypto\aes\asm |
| 14 | 14 | perl aes-586.pl win32 %ASMOPTS% > a_win32.asm | |
| 15 | echo "crypt(3)" | 15 | cd ..\..\.. |
| 16 | 16 | ||
| 17 | cd crypto\des\asm | 17 | echo DES |
| 18 | perl crypt586.pl win32 > y_win32.asm | 18 | cd crypto\des\asm |
| 19 | cd ..\..\.. | 19 | perl des-586.pl win32 %ASMOPTS% > d_win32.asm |
| 20 | 20 | cd ..\..\.. | |
| 21 | echo Blowfish | 21 | |
| 22 | 22 | echo "crypt(3)" | |
| 23 | cd crypto\bf\asm | 23 | |
| 24 | perl bf-586.pl win32 > b_win32.asm | 24 | cd crypto\des\asm |
| 25 | cd ..\..\.. | 25 | perl crypt586.pl win32 %ASMOPTS% > y_win32.asm |
| 26 | 26 | cd ..\..\.. | |
| 27 | echo CAST5 | 27 | |
| 28 | cd crypto\cast\asm | 28 | echo Blowfish |
| 29 | perl cast-586.pl win32 > c_win32.asm | 29 | |
| 30 | cd ..\..\.. | 30 | cd crypto\bf\asm |
| 31 | 31 | perl bf-586.pl win32 %ASMOPTS% > b_win32.asm | |
| 32 | echo RC4 | 32 | cd ..\..\.. |
| 33 | cd crypto\rc4\asm | 33 | |
| 34 | perl rc4-586.pl win32 > r4_win32.asm | 34 | echo CAST5 |
| 35 | cd ..\..\.. | 35 | cd crypto\cast\asm |
| 36 | 36 | perl cast-586.pl win32 %ASMOPTS% > c_win32.asm | |
| 37 | echo MD5 | 37 | cd ..\..\.. |
| 38 | cd crypto\md5\asm | 38 | |
| 39 | perl md5-586.pl win32 > m5_win32.asm | 39 | echo RC4 |
| 40 | cd ..\..\.. | 40 | cd crypto\rc4\asm |
| 41 | 41 | perl rc4-586.pl win32 %ASMOPTS% > r4_win32.asm | |
| 42 | echo SHA1 | 42 | cd ..\..\.. |
| 43 | cd crypto\sha\asm | 43 | |
| 44 | perl sha1-586.pl win32 > s1_win32.asm | 44 | echo MD5 |
| 45 | cd ..\..\.. | 45 | cd crypto\md5\asm |
| 46 | 46 | perl md5-586.pl win32 %ASMOPTS% > m5_win32.asm | |
| 47 | echo RIPEMD160 | 47 | cd ..\..\.. |
| 48 | cd crypto\ripemd\asm | 48 | |
| 49 | perl rmd-586.pl win32 > rm_win32.asm | 49 | echo SHA1 |
| 50 | cd ..\..\.. | 50 | cd crypto\sha\asm |
| 51 | 51 | perl sha1-586.pl win32 %ASMOPTS% > s1_win32.asm | |
| 52 | echo RC5\32 | 52 | perl sha512-sse2.pl win32 %ASMOPTS% > sha512-sse2.asm |
| 53 | cd crypto\rc5\asm | 53 | cd ..\..\.. |
| 54 | perl rc5-586.pl win32 > r5_win32.asm | 54 | |
| 55 | cd ..\..\.. | 55 | echo RIPEMD160 |
| 56 | 56 | cd crypto\ripemd\asm | |
| 57 | echo on | 57 | perl rmd-586.pl win32 %ASMOPTS% > rm_win32.asm |
| 58 | 58 | cd ..\..\.. | |
| 59 | perl util\mkfiles.pl >MINFO | 59 | |
| 60 | rem perl util\mk1mf.pl no-sock %1 VC-MSDOS >ms\msdos.mak | 60 | echo RC5\32 |
| 61 | rem perl util\mk1mf.pl %1 VC-W31-32 >ms\w31.mak | 61 | cd crypto\rc5\asm |
| 62 | rem perl util\mk1mf.pl dll %1 VC-W31-32 >ms\w31dll.mak | 62 | perl rc5-586.pl win32 %ASMOPTS% > r5_win32.asm |
| 63 | perl util\mk1mf.pl %1 VC-WIN32 >ms\nt.mak | 63 | cd ..\..\.. |
| 64 | perl util\mk1mf.pl dll %1 VC-WIN32 >ms\ntdll.mak | 64 | |
| 65 | 65 | echo CPU-ID | |
| 66 | perl util\mkdef.pl 16 libeay %1 > ms\libeay16.def | 66 | cd crypto |
| 67 | perl util\mkdef.pl 32 libeay %1 > ms\libeay32.def | 67 | perl x86cpuid.pl win32 %ASMOPTS% > cpu_win32.asm |
| 68 | perl util\mkdef.pl 16 ssleay %1 > ms\ssleay16.def | 68 | cd .. |
| 69 | perl util\mkdef.pl 32 ssleay %1 > ms\ssleay32.def | 69 | |
| 70 | echo on | ||
| 71 | |||
| 72 | perl util\mkfiles.pl >MINFO | ||
| 73 | perl util\mk1mf.pl VC-WIN32 >ms\nt.mak | ||
| 74 | perl util\mk1mf.pl dll VC-WIN32 >ms\ntdll.mak | ||
| 75 | |||
| 76 | perl util\mkdef.pl 32 libeay > ms\libeay32.def | ||
| 77 | perl util\mkdef.pl 32 ssleay > ms\ssleay32.def | ||
diff --git a/src/lib/libssl/src/ms/do_ms.bat b/src/lib/libssl/src/ms/do_ms.bat index 4a76921298..9323336f9b 100644 --- a/src/lib/libssl/src/ms/do_ms.bat +++ b/src/lib/libssl/src/ms/do_ms.bat | |||
| @@ -1,14 +1,9 @@ | |||
| 1 | 1 | ||
| 2 | perl util\mkfiles.pl >MINFO | 2 | perl util\mkfiles.pl >MINFO |
| 3 | rem perl util\mk1mf.pl no-sock %1 VC-MSDOS >ms\msdos.mak | 3 | perl util\mk1mf.pl no-asm VC-WIN32 >ms\nt.mak |
| 4 | rem perl util\mk1mf.pl %1 VC-W31-32 >ms\w31.mak | 4 | perl util\mk1mf.pl dll no-asm VC-WIN32 >ms\ntdll.mak |
| 5 | rem perl util\mk1mf.pl dll %1 VC-W31-32 >ms\w31dll.mak | 5 | perl util\mk1mf.pl no-asm VC-CE >ms\ce.mak |
| 6 | perl util\mk1mf.pl no-asm %1 VC-WIN32 >ms\nt.mak | 6 | perl util\mk1mf.pl dll no-asm VC-CE >ms\cedll.mak |
| 7 | perl util\mk1mf.pl dll no-asm %1 VC-WIN32 >ms\ntdll.mak | ||
| 8 | perl util\mk1mf.pl no-asm %1 VC-CE >ms\ce.mak | ||
| 9 | perl util\mk1mf.pl dll no-asm %1 VC-CE >ms\cedll.mak | ||
| 10 | 7 | ||
| 11 | perl util\mkdef.pl 16 libeay %1 > ms\libeay16.def | 8 | perl util\mkdef.pl 32 libeay > ms\libeay32.def |
| 12 | perl util\mkdef.pl 32 libeay %1 > ms\libeay32.def | 9 | perl util\mkdef.pl 32 ssleay > ms\ssleay32.def |
| 13 | perl util\mkdef.pl 16 ssleay %1 > ms\ssleay16.def | ||
| 14 | perl util\mkdef.pl 32 ssleay %1 > ms\ssleay32.def | ||
diff --git a/src/lib/libssl/src/ms/do_nasm.bat b/src/lib/libssl/src/ms/do_nasm.bat index 270dab0058..7a2fa45663 100644 --- a/src/lib/libssl/src/ms/do_nasm.bat +++ b/src/lib/libssl/src/ms/do_nasm.bat | |||
| @@ -1,71 +1,79 @@ | |||
| 1 | rem use "fips" as the first argument to make a proper FIPS build. | 1 | |
| 2 | 2 | @echo off | |
| 3 | @echo off | 3 | |
| 4 | echo Generating x86 for NASM assember | 4 | SET ASMOPTS=-DOPENSSL_IA32_SSE2 |
| 5 | 5 | echo Generating x86 for NASM assember | |
| 6 | echo Bignum | 6 | |
| 7 | cd crypto\bn\asm | 7 | echo Bignum |
| 8 | perl x86.pl win32n > bn_win32.asm | 8 | cd crypto\bn\asm |
| 9 | cd ..\..\.. | 9 | perl bn-586.pl win32n %ASMOPTS% > bn_win32.asm |
| 10 | 10 | perl co-586.pl win32n %ASMOPTS% > co_win32.asm | |
| 11 | echo DES | 11 | cd ..\..\.. |
| 12 | cd crypto\des\asm | 12 | |
| 13 | perl des-586.pl win32n > d_win32.asm | 13 | echo AES |
| 14 | cd ..\..\.. | 14 | cd crypto\aes\asm |
| 15 | 15 | perl aes-586.pl win32n %ASMOPTS% > a_win32.asm | |
| 16 | echo "crypt(3)" | 16 | cd ..\..\.. |
| 17 | 17 | ||
| 18 | cd crypto\des\asm | 18 | echo DES |
| 19 | perl crypt586.pl win32n > y_win32.asm | 19 | cd crypto\des\asm |
| 20 | cd ..\..\.. | 20 | perl des-586.pl win32n %ASMOPTS% > d_win32.asm |
| 21 | 21 | cd ..\..\.. | |
| 22 | echo Blowfish | 22 | |
| 23 | 23 | echo "crypt(3)" | |
| 24 | cd crypto\bf\asm | 24 | |
| 25 | perl bf-586.pl win32n > b_win32.asm | 25 | cd crypto\des\asm |
| 26 | cd ..\..\.. | 26 | perl crypt586.pl win32n %ASMOPTS% > y_win32.asm |
| 27 | 27 | cd ..\..\.. | |
| 28 | echo CAST5 | 28 | |
| 29 | cd crypto\cast\asm | 29 | echo Blowfish |
| 30 | perl cast-586.pl win32n > c_win32.asm | 30 | |
| 31 | cd ..\..\.. | 31 | cd crypto\bf\asm |
| 32 | 32 | perl bf-586.pl win32n %ASMOPTS% > b_win32.asm | |
| 33 | echo RC4 | 33 | cd ..\..\.. |
| 34 | cd crypto\rc4\asm | 34 | |
| 35 | perl rc4-586.pl win32n > r4_win32.asm | 35 | echo CAST5 |
| 36 | cd ..\..\.. | 36 | cd crypto\cast\asm |
| 37 | 37 | perl cast-586.pl win32n %ASMOPTS% > c_win32.asm | |
| 38 | echo MD5 | 38 | cd ..\..\.. |
| 39 | cd crypto\md5\asm | 39 | |
| 40 | perl md5-586.pl win32n > m5_win32.asm | 40 | echo RC4 |
| 41 | cd ..\..\.. | 41 | cd crypto\rc4\asm |
| 42 | 42 | perl rc4-586.pl win32n %ASMOPTS% > r4_win32.asm | |
| 43 | echo SHA1 | 43 | cd ..\..\.. |
| 44 | cd crypto\sha\asm | 44 | |
| 45 | perl sha1-586.pl win32n > s1_win32.asm | 45 | echo MD5 |
| 46 | cd ..\..\.. | 46 | cd crypto\md5\asm |
| 47 | 47 | perl md5-586.pl win32n %ASMOPTS% > m5_win32.asm | |
| 48 | echo RIPEMD160 | 48 | cd ..\..\.. |
| 49 | cd crypto\ripemd\asm | 49 | |
| 50 | perl rmd-586.pl win32n > rm_win32.asm | 50 | echo SHA1 |
| 51 | cd ..\..\.. | 51 | cd crypto\sha\asm |
| 52 | 52 | perl sha1-586.pl win32n %ASMOPTS% > s1_win32.asm | |
| 53 | echo RC5\32 | 53 | perl sha512-sse2.pl win32n %ASMOPTS% > sha512-sse2.asm |
| 54 | cd crypto\rc5\asm | 54 | cd ..\..\.. |
| 55 | perl rc5-586.pl win32n > r5_win32.asm | 55 | |
| 56 | cd ..\..\.. | 56 | echo RIPEMD160 |
| 57 | 57 | cd crypto\ripemd\asm | |
| 58 | echo on | 58 | perl rmd-586.pl win32n %ASMOPTS% > rm_win32.asm |
| 59 | 59 | cd ..\..\.. | |
| 60 | perl util\mkfiles.pl >MINFO | 60 | |
| 61 | rem perl util\mk1mf.pl no-sock %1 VC-MSDOS >ms\msdos.mak | 61 | echo RC5\32 |
| 62 | rem perl util\mk1mf.pl %1 VC-W31-32 >ms\w31.mak | 62 | cd crypto\rc5\asm |
| 63 | perl util\mk1mf.pl dll %1 VC-W31-32 >ms\w31dll.mak | 63 | perl rc5-586.pl win32n %ASMOPTS% > r5_win32.asm |
| 64 | perl util\mk1mf.pl nasm %1 VC-WIN32 >ms\nt.mak | 64 | cd ..\..\.. |
| 65 | perl util\mk1mf.pl dll nasm %1 VC-WIN32 >ms\ntdll.mak | 65 | |
| 66 | perl util\mk1mf.pl nasm %1 BC-NT >ms\bcb.mak | 66 | echo CPU-ID |
| 67 | 67 | cd crypto | |
| 68 | perl util\mkdef.pl 16 libeay %1 > ms\libeay16.def | 68 | perl x86cpuid.pl win32n %ASMOPTS% > cpu_win32.asm |
| 69 | perl util\mkdef.pl 32 libeay %1 > ms\libeay32.def | 69 | cd .. |
| 70 | perl util\mkdef.pl 16 ssleay %1 > ms\ssleay16.def | 70 | |
| 71 | perl util\mkdef.pl 32 ssleay %1 > ms\ssleay32.def | 71 | echo on |
| 72 | |||
| 73 | perl util\mkfiles.pl >MINFO | ||
| 74 | perl util\mk1mf.pl nasm VC-WIN32 >ms\nt.mak | ||
| 75 | perl util\mk1mf.pl dll nasm VC-WIN32 >ms\ntdll.mak | ||
| 76 | perl util\mk1mf.pl nasm BC-NT >ms\bcb.mak | ||
| 77 | |||
| 78 | perl util\mkdef.pl 32 libeay > ms\libeay32.def | ||
| 79 | perl util\mkdef.pl 32 ssleay > ms\ssleay32.def | ||
diff --git a/src/lib/libssl/src/ms/do_nt.bat b/src/lib/libssl/src/ms/do_nt.bat index 66b408b283..9c06c27caa 100644 --- a/src/lib/libssl/src/ms/do_nt.bat +++ b/src/lib/libssl/src/ms/do_nt.bat | |||
| @@ -1,7 +1,7 @@ | |||
| 1 | 1 | ||
| 2 | perl util\mkfiles.pl >MINFO | 2 | perl util\mkfiles.pl >MINFO |
| 3 | perl util\mk1mf.pl no-asm %1 VC-NT >ms\nt.mak | 3 | perl util\mk1mf.pl no-asm VC-NT >ms\nt.mak |
| 4 | perl util\mk1mf.pl dll no-asm %1 VC-NT >ms\ntdll.mak | 4 | perl util\mk1mf.pl dll no-asm VC-NT >ms\ntdll.mak |
| 5 | 5 | ||
| 6 | perl util\mkdef.pl libeay NT %1 > ms\libeay32.def | 6 | perl util\mkdef.pl libeay NT > ms\libeay32.def |
| 7 | perl util\mkdef.pl ssleay NT %1 > ms\ssleay32.def | 7 | perl util\mkdef.pl ssleay NT > ms\ssleay32.def |
diff --git a/src/lib/libssl/src/ms/mingw32.bat b/src/lib/libssl/src/ms/mingw32.bat index 8c7c63e0f2..f9377a8695 100644 --- a/src/lib/libssl/src/ms/mingw32.bat +++ b/src/lib/libssl/src/ms/mingw32.bat | |||
| @@ -1,90 +1,94 @@ | |||
| 1 | @rem OpenSSL with Mingw32+GNU as | 1 | @rem OpenSSL with Mingw32+GNU as |
| 2 | @rem --------------------------- | 2 | @rem --------------------------- |
| 3 | 3 | ||
| 4 | perl Configure mingw %1 %2 %3 %4 %5 %6 %7 %8 | 4 | perl Configure mingw %1 %2 %3 %4 %5 %6 %7 %8 |
| 5 | 5 | ||
| 6 | @echo off | 6 | @echo off |
| 7 | 7 | ||
| 8 | perl -e "exit 1 if '%1' eq 'no-asm'" | 8 | perl -e "exit 1 if '%1' eq 'no-asm'" |
| 9 | if errorlevel 1 goto noasm | 9 | if errorlevel 1 goto noasm |
| 10 | 10 | ||
| 11 | echo Generating x86 for GNU assember | 11 | echo Generating x86 for GNU assember |
| 12 | 12 | ||
| 13 | echo Bignum | 13 | echo Bignum |
| 14 | cd crypto\bn\asm | 14 | cd crypto\bn\asm |
| 15 | perl bn-586.pl gaswin > bn-win32.s | 15 | perl bn-586.pl gaswin > bn-win32.s |
| 16 | perl co-586.pl gaswin > co-win32.s | 16 | perl co-586.pl gaswin > co-win32.s |
| 17 | cd ..\..\.. | 17 | cd ..\..\.. |
| 18 | 18 | ||
| 19 | echo DES | 19 | echo DES |
| 20 | cd crypto\des\asm | 20 | cd crypto\des\asm |
| 21 | perl des-586.pl gaswin > d-win32.s | 21 | perl des-586.pl gaswin > d-win32.s |
| 22 | cd ..\..\.. | 22 | cd ..\..\.. |
| 23 | 23 | ||
| 24 | echo crypt | 24 | echo crypt |
| 25 | cd crypto\des\asm | 25 | cd crypto\des\asm |
| 26 | perl crypt586.pl gaswin > y-win32.s | 26 | perl crypt586.pl gaswin > y-win32.s |
| 27 | cd ..\..\.. | 27 | cd ..\..\.. |
| 28 | 28 | ||
| 29 | echo Blowfish | 29 | echo Blowfish |
| 30 | cd crypto\bf\asm | 30 | cd crypto\bf\asm |
| 31 | perl bf-586.pl gaswin > b-win32.s | 31 | perl bf-586.pl gaswin > b-win32.s |
| 32 | cd ..\..\.. | 32 | cd ..\..\.. |
| 33 | 33 | ||
| 34 | echo CAST5 | 34 | echo CAST5 |
| 35 | cd crypto\cast\asm | 35 | cd crypto\cast\asm |
| 36 | perl cast-586.pl gaswin > c-win32.s | 36 | perl cast-586.pl gaswin > c-win32.s |
| 37 | cd ..\..\.. | 37 | cd ..\..\.. |
| 38 | 38 | ||
| 39 | echo RC4 | 39 | echo RC4 |
| 40 | cd crypto\rc4\asm | 40 | cd crypto\rc4\asm |
| 41 | perl rc4-586.pl gaswin > r4-win32.s | 41 | perl rc4-586.pl gaswin > r4-win32.s |
| 42 | cd ..\..\.. | 42 | cd ..\..\.. |
| 43 | 43 | ||
| 44 | echo MD5 | 44 | echo MD5 |
| 45 | cd crypto\md5\asm | 45 | cd crypto\md5\asm |
| 46 | perl md5-586.pl gaswin > m5-win32.s | 46 | perl md5-586.pl gaswin > m5-win32.s |
| 47 | cd ..\..\.. | 47 | cd ..\..\.. |
| 48 | 48 | ||
| 49 | echo SHA1 | 49 | echo SHA1 |
| 50 | cd crypto\sha\asm | 50 | cd crypto\sha\asm |
| 51 | perl sha1-586.pl gaswin > s1-win32.s | 51 | perl sha1-586.pl gaswin > s1-win32.s |
| 52 | cd ..\..\.. | 52 | cd ..\..\.. |
| 53 | 53 | ||
| 54 | echo RIPEMD160 | 54 | echo RIPEMD160 |
| 55 | cd crypto\ripemd\asm | 55 | cd crypto\ripemd\asm |
| 56 | perl rmd-586.pl gaswin > rm-win32.s | 56 | perl rmd-586.pl gaswin > rm-win32.s |
| 57 | cd ..\..\.. | 57 | cd ..\..\.. |
| 58 | 58 | ||
| 59 | echo RC5\32 | 59 | echo RC5\32 |
| 60 | cd crypto\rc5\asm | 60 | cd crypto\rc5\asm |
| 61 | perl rc5-586.pl gaswin > r5-win32.s | 61 | perl rc5-586.pl gaswin > r5-win32.s |
| 62 | cd ..\..\.. | 62 | cd ..\..\.. |
| 63 | 63 | echo CPUID | |
| 64 | :noasm | 64 | cd crypto |
| 65 | 65 | perl x86cpuid.pl gaswin > cpu-win32.s | |
| 66 | echo Generating makefile | 66 | cd .. |
| 67 | perl util\mkfiles.pl >MINFO | 67 | |
| 68 | perl util\mk1mf.pl gaswin Mingw32 >ms\mingw32a.mak | 68 | :noasm |
| 69 | echo Generating DLL definition files | 69 | |
| 70 | perl util\mkdef.pl 32 libeay >ms\libeay32.def | 70 | echo Generating makefile |
| 71 | if errorlevel 1 goto end | 71 | perl util\mkfiles.pl >MINFO |
| 72 | perl util\mkdef.pl 32 ssleay >ms\ssleay32.def | 72 | perl util\mk1mf.pl gaswin Mingw32 >ms\mingw32a.mak |
| 73 | if errorlevel 1 goto end | 73 | echo Generating DLL definition files |
| 74 | 74 | perl util\mkdef.pl 32 libeay >ms\libeay32.def | |
| 75 | rem copy ms\tlhelp32.h outinc | 75 | if errorlevel 1 goto end |
| 76 | 76 | perl util\mkdef.pl 32 ssleay >ms\ssleay32.def | |
| 77 | echo Building the libraries | 77 | if errorlevel 1 goto end |
| 78 | mingw32-make -f ms/mingw32a.mak | 78 | |
| 79 | if errorlevel 1 goto end | 79 | rem copy ms\tlhelp32.h outinc |
| 80 | 80 | ||
| 81 | echo Generating the DLLs and input libraries | 81 | echo Building the libraries |
| 82 | dllwrap --dllname libeay32.dll --output-lib out/libeay32.a --def ms/libeay32.def out/libcrypto.a -lwsock32 -lgdi32 | 82 | mingw32-make -f ms/mingw32a.mak |
| 83 | if errorlevel 1 goto end | 83 | if errorlevel 1 goto end |
| 84 | dllwrap --dllname libssl32.dll --output-lib out/libssl32.a --def ms/ssleay32.def out/libssl.a out/libeay32.a | 84 | |
| 85 | if errorlevel 1 goto end | 85 | echo Generating the DLLs and input libraries |
| 86 | 86 | dllwrap --dllname libeay32.dll --output-lib out/libeay32.a --def ms/libeay32.def out/libcrypto.a -lwsock32 -lgdi32 | |
| 87 | echo Done compiling OpenSSL | 87 | if errorlevel 1 goto end |
| 88 | 88 | dllwrap --dllname libssl32.dll --output-lib out/libssl32.a --def ms/ssleay32.def out/libssl.a out/libeay32.a | |
| 89 | :end | 89 | if errorlevel 1 goto end |
| 90 | 90 | ||
| 91 | echo Done compiling OpenSSL | ||
| 92 | |||
| 93 | :end | ||
| 94 | |||
diff --git a/src/lib/libssl/src/ms/test.bat b/src/lib/libssl/src/ms/test.bat index 7fb0442147..5085670b99 100644 --- a/src/lib/libssl/src/ms/test.bat +++ b/src/lib/libssl/src/ms/test.bat | |||
| @@ -39,10 +39,6 @@ echo md2test | |||
| 39 | md2test | 39 | md2test |
| 40 | if errorlevel 1 goto done | 40 | if errorlevel 1 goto done |
| 41 | 41 | ||
| 42 | echo mdc2test | ||
| 43 | mdc2test | ||
| 44 | if errorlevel 1 goto done | ||
| 45 | |||
| 46 | echo rc2test | 42 | echo rc2test |
| 47 | rc2test | 43 | rc2test |
| 48 | if errorlevel 1 goto done | 44 | if errorlevel 1 goto done |
diff --git a/src/lib/libssl/src/ms/x86asm.bat b/src/lib/libssl/src/ms/x86asm.bat index 4d80e706e4..ba26637812 100644 --- a/src/lib/libssl/src/ms/x86asm.bat +++ b/src/lib/libssl/src/ms/x86asm.bat | |||
| @@ -1,57 +1,63 @@ | |||
| 1 | 1 | ||
| 2 | @echo off | 2 | @echo off |
| 3 | echo Generating x86 assember | 3 | echo Bignum |
| 4 | 4 | cd crypto\bn\asm | |
| 5 | echo Bignum | 5 | perl x86.pl %1 > bn%2 |
| 6 | cd crypto\bn\asm | 6 | perl bn-586.pl %1 > bn%2 |
| 7 | perl x86.pl win32n > bn-win32.asm | 7 | perl co-586.pl %1 > co%2 |
| 8 | cd ..\..\.. | 8 | cd ..\..\.. |
| 9 | 9 | ||
| 10 | echo DES | 10 | echo DES |
| 11 | cd crypto\des\asm | 11 | cd crypto\des\asm |
| 12 | perl des-586.pl win32n > d-win32.asm | 12 | perl des-586.pl %1 > d%2 |
| 13 | cd ..\..\.. | 13 | cd ..\..\.. |
| 14 | 14 | ||
| 15 | echo "crypt(3)" | 15 | echo "crypt(3)" |
| 16 | 16 | ||
| 17 | cd crypto\des\asm | 17 | cd crypto\des\asm |
| 18 | perl crypt586.pl win32n > y-win32.asm | 18 | perl crypt586.pl %1 > y%2 |
| 19 | cd ..\..\.. | 19 | cd ..\..\.. |
| 20 | 20 | ||
| 21 | echo Blowfish | 21 | echo Blowfish |
| 22 | 22 | ||
| 23 | cd crypto\bf\asm | 23 | cd crypto\bf\asm |
| 24 | perl bf-586.pl win32n > b-win32.asm | 24 | perl bf-586.pl %1 > b%2 |
| 25 | cd ..\..\.. | 25 | cd ..\..\.. |
| 26 | 26 | ||
| 27 | echo CAST5 | 27 | echo CAST5 |
| 28 | cd crypto\cast\asm | 28 | cd crypto\cast\asm |
| 29 | perl cast-586.pl win32n > c-win32.asm | 29 | perl cast-586.pl %1 > c%2 |
| 30 | cd ..\..\.. | 30 | cd ..\..\.. |
| 31 | 31 | ||
| 32 | echo RC4 | 32 | echo RC4 |
| 33 | cd crypto\rc4\asm | 33 | cd crypto\rc4\asm |
| 34 | perl rc4-586.pl win32n > r4-win32.asm | 34 | perl rc4-586.pl %1 > r4%2 |
| 35 | cd ..\..\.. | 35 | cd ..\..\.. |
| 36 | 36 | ||
| 37 | echo MD5 | 37 | echo MD5 |
| 38 | cd crypto\md5\asm | 38 | cd crypto\md5\asm |
| 39 | perl md5-586.pl win32n > m5-win32.asm | 39 | perl md5-586.pl %1 > m5%2 |
| 40 | cd ..\..\.. | 40 | cd ..\..\.. |
| 41 | 41 | ||
| 42 | echo SHA1 | 42 | echo SHA1 |
| 43 | cd crypto\sha\asm | 43 | cd crypto\sha\asm |
| 44 | perl sha1-586.pl win32n > s1-win32.asm | 44 | perl sha1-586.pl %1 > s1%2 |
| 45 | cd ..\..\.. | 45 | cd ..\..\.. |
| 46 | 46 | ||
| 47 | echo RIPEMD160 | 47 | echo RIPEMD160 |
| 48 | cd crypto\ripemd\asm | 48 | cd crypto\ripemd\asm |
| 49 | perl rmd-586.pl win32n > rm-win32.asm | 49 | perl rmd-586.pl %1 > rm%2 |
| 50 | cd ..\..\.. | 50 | cd ..\..\.. |
| 51 | 51 | ||
| 52 | echo RC5\32 | 52 | echo RC5\32 |
| 53 | cd crypto\rc5\asm | 53 | cd crypto\rc5\asm |
| 54 | perl rc5-586.pl win32n > r5-win32.asm | 54 | perl rc5-586.pl %1 > r5%2 |
| 55 | cd ..\..\.. | 55 | cd ..\..\.. |
| 56 | 56 | ||
| 57 | echo on | 57 | echo CPUID |
| 58 | cd crypto | ||
| 59 | perl x86cpuid.pl %1 > x86cpuid%2 | ||
| 60 | cd ..\ | ||
| 61 | |||
| 62 | |||
| 63 | echo on | ||
diff --git a/src/lib/libssl/src/openssl.spec b/src/lib/libssl/src/openssl.spec index 3dad37d49b..4acba76aa2 100644 --- a/src/lib/libssl/src/openssl.spec +++ b/src/lib/libssl/src/openssl.spec | |||
| @@ -1,8 +1,8 @@ | |||
| 1 | %define libmaj 0 | 1 | %define libmaj 0 |
| 2 | %define libmin 9 | 2 | %define libmin 9 |
| 3 | %define librel 7 | 3 | %define librel 8 |
| 4 | %define librev j | 4 | %define librev h |
| 5 | Release: 2 | 5 | Release: 1 |
| 6 | 6 | ||
| 7 | %define openssldir /var/ssl | 7 | %define openssldir /var/ssl |
| 8 | 8 | ||
diff --git a/src/lib/libssl/src/shlib/Makefile.hpux10-cc b/src/lib/libssl/src/shlib/Makefile.hpux10-cc index 4d2d19bcf2..89c28dcf46 100644 --- a/src/lib/libssl/src/shlib/Makefile.hpux10-cc +++ b/src/lib/libssl/src/shlib/Makefile.hpux10-cc | |||
| @@ -1,6 +1,6 @@ | |||
| 1 | # Makefile.hpux-cc | 1 | # Makefile.hpux-cc |
| 2 | 2 | ||
| 3 | major=0.9.7 | 3 | major=0.9.8 |
| 4 | 4 | ||
| 5 | slib=libssl | 5 | slib=libssl |
| 6 | sh_slib=$(slib).sl.$(major) | 6 | sh_slib=$(slib).sl.$(major) |
diff --git a/src/lib/libssl/src/shlib/hpux10-cc.sh b/src/lib/libssl/src/shlib/hpux10-cc.sh index fcadda827d..ceeb8c5236 100644 --- a/src/lib/libssl/src/shlib/hpux10-cc.sh +++ b/src/lib/libssl/src/shlib/hpux10-cc.sh | |||
| @@ -60,9 +60,9 @@ mkdir /usr/local | |||
| 60 | mkdir /usr/local/ssl | 60 | mkdir /usr/local/ssl |
| 61 | mkdir /usr/local/ssl/lib | 61 | mkdir /usr/local/ssl/lib |
| 62 | chmod 444 lib*_pic.a | 62 | chmod 444 lib*_pic.a |
| 63 | chmod 555 lib*.sl.0.9.7 | 63 | chmod 555 lib*.sl.0.9.8 |
| 64 | cp -p lib*_pic.a lib*.sl.0.9.7 /usr/local/ssl/lib | 64 | cp -p lib*_pic.a lib*.sl.0.9.8 /usr/local/ssl/lib |
| 65 | (cd /usr/local/ssl/lib ; ln -sf libcrypto.sl.0.9.7 libcrypto.sl ; ln -sf libssl.sl.0.9.7 libssl.sl) | 65 | (cd /usr/local/ssl/lib ; ln -sf libcrypto.sl.0.9.8 libcrypto.sl ; ln -sf libssl.sl.0.9.8 libssl.sl) |
| 66 | 66 | ||
| 67 | # Reconfigure without pic to compile the executables. Unfortunately, while | 67 | # Reconfigure without pic to compile the executables. Unfortunately, while |
| 68 | # performing this task we have to recompile the library components, even | 68 | # performing this task we have to recompile the library components, even |
| @@ -74,9 +74,9 @@ make clean | |||
| 74 | 74 | ||
| 75 | # Hack the Makefiles to pick up the dynamic libraries during linking | 75 | # Hack the Makefiles to pick up the dynamic libraries during linking |
| 76 | # | 76 | # |
| 77 | sed 's/^PEX_LIBS=.*$/PEX_LIBS=-L\/usr\/local\/ssl\/lib/' Makefile >xxx; mv xxx Makefile.ssl | 77 | sed 's/^PEX_LIBS=.*$/PEX_LIBS=-L\/usr\/local\/ssl\/lib/' Makefile.ssl >xxx; mv xxx Makefile.ssl |
| 78 | sed 's/-L\.\.//' apps/Makefile >xxx; mv xxx apps/Makefile | 78 | sed 's/-L\.\.//' apps/Makefile.ssl >xxx; mv xxx apps/Makefile.ssl |
| 79 | sed 's/-L\.\.//' test/Makefile >xxx; mv xxx test/Makefile | 79 | sed 's/-L\.\.//' test/Makefile.ssl >xxx; mv xxx test/Makefile.ssl |
| 80 | # Build the static libs and the executables in one make. | 80 | # Build the static libs and the executables in one make. |
| 81 | make | 81 | make |
| 82 | # Install everything | 82 | # Install everything |
diff --git a/src/lib/libssl/src/ssl/bio_ssl.c b/src/lib/libssl/src/ssl/bio_ssl.c index d683ee43e1..420deb7fc9 100644 --- a/src/lib/libssl/src/ssl/bio_ssl.c +++ b/src/lib/libssl/src/ssl/bio_ssl.c | |||
| @@ -456,7 +456,7 @@ static long ssl_ctrl(BIO *b, int cmd, long num, void *ptr) | |||
| 456 | case BIO_CTRL_SET_CALLBACK: | 456 | case BIO_CTRL_SET_CALLBACK: |
| 457 | { | 457 | { |
| 458 | #if 0 /* FIXME: Should this be used? -- Richard Levitte */ | 458 | #if 0 /* FIXME: Should this be used? -- Richard Levitte */ |
| 459 | BIOerr(SSL_F_SSL_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); | 459 | SSLerr(SSL_F_SSL_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); |
| 460 | ret = -1; | 460 | ret = -1; |
| 461 | #else | 461 | #else |
| 462 | ret=0; | 462 | ret=0; |
| @@ -465,9 +465,9 @@ static long ssl_ctrl(BIO *b, int cmd, long num, void *ptr) | |||
| 465 | break; | 465 | break; |
| 466 | case BIO_CTRL_GET_CALLBACK: | 466 | case BIO_CTRL_GET_CALLBACK: |
| 467 | { | 467 | { |
| 468 | void (**fptr)(); | 468 | void (**fptr)(const SSL *xssl,int type,int val); |
| 469 | 469 | ||
| 470 | fptr=(void (**)())ptr; | 470 | fptr=(void (**)(const SSL *xssl,int type,int val))ptr; |
| 471 | *fptr=SSL_get_info_callback(ssl); | 471 | *fptr=SSL_get_info_callback(ssl); |
| 472 | } | 472 | } |
| 473 | break; | 473 | break; |
diff --git a/src/lib/libssl/src/ssl/install.com b/src/lib/libssl/src/ssl/install.com index 7fc008f91a..fce8c66737 100644 --- a/src/lib/libssl/src/ssl/install.com +++ b/src/lib/libssl/src/ssl/install.com | |||
| @@ -38,7 +38,7 @@ $ IF F$PARSE("WRK_SSLVEXE:") .EQS. "" THEN - | |||
| 38 | $ IF F$PARSE("WRK_SSLAEXE:") .EQS. "" THEN - | 38 | $ IF F$PARSE("WRK_SSLAEXE:") .EQS. "" THEN - |
| 39 | CREATE/DIR/LOG WRK_SSLAEXE: | 39 | CREATE/DIR/LOG WRK_SSLAEXE: |
| 40 | $ | 40 | $ |
| 41 | $ EXHEADER := ssl.h,ssl2.h,ssl3.h,ssl23.h,tls1.h,kssl.h | 41 | $ EXHEADER := ssl.h,ssl2.h,ssl3.h,ssl23.h,tls1.h,dtls1.h,kssl.h |
| 42 | $ E_EXE := ssl_task | 42 | $ E_EXE := ssl_task |
| 43 | $ LIBS := LIBSSL | 43 | $ LIBS := LIBSSL |
| 44 | $ | 44 | $ |
diff --git a/src/lib/libssl/src/ssl/kssl.c b/src/lib/libssl/src/ssl/kssl.c index 926db44b80..019030ae3c 100644 --- a/src/lib/libssl/src/ssl/kssl.c +++ b/src/lib/libssl/src/ssl/kssl.c | |||
| @@ -70,7 +70,7 @@ | |||
| 70 | 70 | ||
| 71 | #define _XOPEN_SOURCE 500 /* glibc2 needs this to declare strptime() */ | 71 | #define _XOPEN_SOURCE 500 /* glibc2 needs this to declare strptime() */ |
| 72 | #include <time.h> | 72 | #include <time.h> |
| 73 | #if 0 /* Experimental */ | 73 | #if 0 /* experimental */ |
| 74 | #undef _XOPEN_SOURCE /* To avoid clashes with anything else... */ | 74 | #undef _XOPEN_SOURCE /* To avoid clashes with anything else... */ |
| 75 | #endif | 75 | #endif |
| 76 | #include <string.h> | 76 | #include <string.h> |
| @@ -784,6 +784,25 @@ kssl_krb5_kt_get_entry(krb5_context context, krb5_keytab keytab, | |||
| 784 | } | 784 | } |
| 785 | #endif /* OPENSSL_SYS_WINDOWS || OPENSSL_SYS_WIN32 */ | 785 | #endif /* OPENSSL_SYS_WINDOWS || OPENSSL_SYS_WIN32 */ |
| 786 | 786 | ||
| 787 | |||
| 788 | /* memory allocation functions for non-temporary storage | ||
| 789 | * (e.g. stuff that gets saved into the kssl context) */ | ||
| 790 | static void* kssl_calloc(size_t nmemb, size_t size) | ||
| 791 | { | ||
| 792 | void* p; | ||
| 793 | |||
| 794 | p=OPENSSL_malloc(nmemb*size); | ||
| 795 | if (p){ | ||
| 796 | memset(p, 0, nmemb*size); | ||
| 797 | } | ||
| 798 | return p; | ||
| 799 | } | ||
| 800 | |||
| 801 | #define kssl_malloc(size) OPENSSL_malloc((size)) | ||
| 802 | #define kssl_realloc(ptr, size) OPENSSL_realloc(ptr, size) | ||
| 803 | #define kssl_free(ptr) OPENSSL_free((ptr)) | ||
| 804 | |||
| 805 | |||
| 787 | char | 806 | char |
| 788 | *kstring(char *string) | 807 | *kstring(char *string) |
| 789 | { | 808 | { |
| @@ -1132,7 +1151,7 @@ kssl_cget_tkt( /* UPDATE */ KSSL_CTX *kssl_ctx, | |||
| 1132 | if (authenp) | 1151 | if (authenp) |
| 1133 | { | 1152 | { |
| 1134 | krb5_data krb5in_data; | 1153 | krb5_data krb5in_data; |
| 1135 | unsigned char *p; | 1154 | const unsigned char *p; |
| 1136 | long arlen; | 1155 | long arlen; |
| 1137 | KRB5_APREQBODY *ap_req; | 1156 | KRB5_APREQBODY *ap_req; |
| 1138 | 1157 | ||
| @@ -1301,7 +1320,7 @@ kssl_sget_tkt( /* UPDATE */ KSSL_CTX *kssl_ctx, | |||
| 1301 | static krb5_auth_context krb5auth_context = NULL; | 1320 | static krb5_auth_context krb5auth_context = NULL; |
| 1302 | krb5_ticket *krb5ticket = NULL; | 1321 | krb5_ticket *krb5ticket = NULL; |
| 1303 | KRB5_TKTBODY *asn1ticket = NULL; | 1322 | KRB5_TKTBODY *asn1ticket = NULL; |
| 1304 | unsigned char *p; | 1323 | const unsigned char *p; |
| 1305 | krb5_keytab krb5keytab = NULL; | 1324 | krb5_keytab krb5keytab = NULL; |
| 1306 | krb5_keytab_entry kt_entry; | 1325 | krb5_keytab_entry kt_entry; |
| 1307 | krb5_principal krb5server; | 1326 | krb5_principal krb5server; |
| @@ -1548,7 +1567,7 @@ kssl_sget_tkt( /* UPDATE */ KSSL_CTX *kssl_ctx, | |||
| 1548 | KSSL_CTX * | 1567 | KSSL_CTX * |
| 1549 | kssl_ctx_new(void) | 1568 | kssl_ctx_new(void) |
| 1550 | { | 1569 | { |
| 1551 | return ((KSSL_CTX *) calloc(1, sizeof(KSSL_CTX))); | 1570 | return ((KSSL_CTX *) kssl_calloc(1, sizeof(KSSL_CTX))); |
| 1552 | } | 1571 | } |
| 1553 | 1572 | ||
| 1554 | 1573 | ||
| @@ -1562,13 +1581,13 @@ kssl_ctx_free(KSSL_CTX *kssl_ctx) | |||
| 1562 | 1581 | ||
| 1563 | if (kssl_ctx->key) OPENSSL_cleanse(kssl_ctx->key, | 1582 | if (kssl_ctx->key) OPENSSL_cleanse(kssl_ctx->key, |
| 1564 | kssl_ctx->length); | 1583 | kssl_ctx->length); |
| 1565 | if (kssl_ctx->key) free(kssl_ctx->key); | 1584 | if (kssl_ctx->key) kssl_free(kssl_ctx->key); |
| 1566 | if (kssl_ctx->client_princ) free(kssl_ctx->client_princ); | 1585 | if (kssl_ctx->client_princ) kssl_free(kssl_ctx->client_princ); |
| 1567 | if (kssl_ctx->service_host) free(kssl_ctx->service_host); | 1586 | if (kssl_ctx->service_host) kssl_free(kssl_ctx->service_host); |
| 1568 | if (kssl_ctx->service_name) free(kssl_ctx->service_name); | 1587 | if (kssl_ctx->service_name) kssl_free(kssl_ctx->service_name); |
| 1569 | if (kssl_ctx->keytab_file) free(kssl_ctx->keytab_file); | 1588 | if (kssl_ctx->keytab_file) kssl_free(kssl_ctx->keytab_file); |
| 1570 | 1589 | ||
| 1571 | free(kssl_ctx); | 1590 | kssl_free(kssl_ctx); |
| 1572 | return (KSSL_CTX *) NULL; | 1591 | return (KSSL_CTX *) NULL; |
| 1573 | } | 1592 | } |
| 1574 | 1593 | ||
| @@ -1593,7 +1612,7 @@ kssl_ctx_setprinc(KSSL_CTX *kssl_ctx, int which, | |||
| 1593 | case KSSL_SERVER: princ = &kssl_ctx->service_host; break; | 1612 | case KSSL_SERVER: princ = &kssl_ctx->service_host; break; |
| 1594 | default: return KSSL_CTX_ERR; break; | 1613 | default: return KSSL_CTX_ERR; break; |
| 1595 | } | 1614 | } |
| 1596 | if (*princ) free(*princ); | 1615 | if (*princ) kssl_free(*princ); |
| 1597 | 1616 | ||
| 1598 | /* Add up all the entity->lengths */ | 1617 | /* Add up all the entity->lengths */ |
| 1599 | length = 0; | 1618 | length = 0; |
| @@ -1606,7 +1625,7 @@ kssl_ctx_setprinc(KSSL_CTX *kssl_ctx, int which, | |||
| 1606 | /* Space for the ('@'+realm+NULL | NULL) */ | 1625 | /* Space for the ('@'+realm+NULL | NULL) */ |
| 1607 | length += ((realm)? realm->length + 2: 1); | 1626 | length += ((realm)? realm->length + 2: 1); |
| 1608 | 1627 | ||
| 1609 | if ((*princ = calloc(1, length)) == NULL) | 1628 | if ((*princ = kssl_calloc(1, length)) == NULL) |
| 1610 | return KSSL_CTX_ERR; | 1629 | return KSSL_CTX_ERR; |
| 1611 | else | 1630 | else |
| 1612 | { | 1631 | { |
| @@ -1649,7 +1668,7 @@ kssl_ctx_setstring(KSSL_CTX *kssl_ctx, int which, char *text) | |||
| 1649 | case KSSL_KEYTAB: string = &kssl_ctx->keytab_file; break; | 1668 | case KSSL_KEYTAB: string = &kssl_ctx->keytab_file; break; |
| 1650 | default: return KSSL_CTX_ERR; break; | 1669 | default: return KSSL_CTX_ERR; break; |
| 1651 | } | 1670 | } |
| 1652 | if (*string) free(*string); | 1671 | if (*string) kssl_free(*string); |
| 1653 | 1672 | ||
| 1654 | if (!text) | 1673 | if (!text) |
| 1655 | { | 1674 | { |
| @@ -1657,7 +1676,7 @@ kssl_ctx_setstring(KSSL_CTX *kssl_ctx, int which, char *text) | |||
| 1657 | return KSSL_CTX_OK; | 1676 | return KSSL_CTX_OK; |
| 1658 | } | 1677 | } |
| 1659 | 1678 | ||
| 1660 | if ((*string = calloc(1, strlen(text) + 1)) == NULL) | 1679 | if ((*string = kssl_calloc(1, strlen(text) + 1)) == NULL) |
| 1661 | return KSSL_CTX_ERR; | 1680 | return KSSL_CTX_ERR; |
| 1662 | else | 1681 | else |
| 1663 | strcpy(*string, text); | 1682 | strcpy(*string, text); |
| @@ -1681,7 +1700,7 @@ kssl_ctx_setkey(KSSL_CTX *kssl_ctx, krb5_keyblock *session) | |||
| 1681 | if (kssl_ctx->key) | 1700 | if (kssl_ctx->key) |
| 1682 | { | 1701 | { |
| 1683 | OPENSSL_cleanse(kssl_ctx->key, kssl_ctx->length); | 1702 | OPENSSL_cleanse(kssl_ctx->key, kssl_ctx->length); |
| 1684 | free(kssl_ctx->key); | 1703 | kssl_free(kssl_ctx->key); |
| 1685 | } | 1704 | } |
| 1686 | 1705 | ||
| 1687 | if (session) | 1706 | if (session) |
| @@ -1707,7 +1726,7 @@ kssl_ctx_setkey(KSSL_CTX *kssl_ctx, krb5_keyblock *session) | |||
| 1707 | } | 1726 | } |
| 1708 | 1727 | ||
| 1709 | if ((kssl_ctx->key = | 1728 | if ((kssl_ctx->key = |
| 1710 | (krb5_octet FAR *) calloc(1, kssl_ctx->length)) == NULL) | 1729 | (krb5_octet FAR *) kssl_calloc(1, kssl_ctx->length)) == NULL) |
| 1711 | { | 1730 | { |
| 1712 | kssl_ctx->length = 0; | 1731 | kssl_ctx->length = 0; |
| 1713 | return KSSL_CTX_ERR; | 1732 | return KSSL_CTX_ERR; |
| @@ -1986,7 +2005,8 @@ krb5_error_code kssl_check_authent( | |||
| 1986 | EVP_CIPHER_CTX ciph_ctx; | 2005 | EVP_CIPHER_CTX ciph_ctx; |
| 1987 | const EVP_CIPHER *enc = NULL; | 2006 | const EVP_CIPHER *enc = NULL; |
| 1988 | unsigned char iv[EVP_MAX_IV_LENGTH]; | 2007 | unsigned char iv[EVP_MAX_IV_LENGTH]; |
| 1989 | unsigned char *p, *unenc_authent; | 2008 | const unsigned char *p; |
| 2009 | unsigned char *unenc_authent; | ||
| 1990 | int outl, unencbufsize; | 2010 | int outl, unencbufsize; |
| 1991 | struct tm tm_time, *tm_l, *tm_g; | 2011 | struct tm tm_time, *tm_l, *tm_g; |
| 1992 | time_t now, tl, tg, tr, tz_offset; | 2012 | time_t now, tl, tg, tr, tz_offset; |
| @@ -2176,7 +2196,7 @@ krb5_error_code kssl_build_principal_2( | |||
| 2176 | #else /* !OPENSSL_NO_KRB5 */ | 2196 | #else /* !OPENSSL_NO_KRB5 */ |
| 2177 | 2197 | ||
| 2178 | #if defined(PEDANTIC) || defined(OPENSSL_SYS_VMS) | 2198 | #if defined(PEDANTIC) || defined(OPENSSL_SYS_VMS) |
| 2179 | static int dummy=(int)&dummy; | 2199 | static void *dummy=&dummy; |
| 2180 | #endif | 2200 | #endif |
| 2181 | 2201 | ||
| 2182 | #endif /* !OPENSSL_NO_KRB5 */ | 2202 | #endif /* !OPENSSL_NO_KRB5 */ |
diff --git a/src/lib/libssl/src/ssl/s23_clnt.c b/src/lib/libssl/src/ssl/s23_clnt.c index 86356731ea..c45a8e0a04 100644 --- a/src/lib/libssl/src/ssl/s23_clnt.c +++ b/src/lib/libssl/src/ssl/s23_clnt.c | |||
| @@ -80,28 +80,10 @@ static SSL_METHOD *ssl23_get_client_method(int ver) | |||
| 80 | return(NULL); | 80 | return(NULL); |
| 81 | } | 81 | } |
| 82 | 82 | ||
| 83 | SSL_METHOD *SSLv23_client_method(void) | 83 | IMPLEMENT_ssl23_meth_func(SSLv23_client_method, |
| 84 | { | 84 | ssl_undefined_function, |
| 85 | static int init=1; | 85 | ssl23_connect, |
| 86 | static SSL_METHOD SSLv23_client_data; | 86 | ssl23_get_client_method) |
| 87 | |||
| 88 | if (init) | ||
| 89 | { | ||
| 90 | CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD); | ||
| 91 | |||
| 92 | if (init) | ||
| 93 | { | ||
| 94 | memcpy((char *)&SSLv23_client_data, | ||
| 95 | (char *)sslv23_base_method(),sizeof(SSL_METHOD)); | ||
| 96 | SSLv23_client_data.ssl_connect=ssl23_connect; | ||
| 97 | SSLv23_client_data.get_ssl_method=ssl23_get_client_method; | ||
| 98 | init=0; | ||
| 99 | } | ||
| 100 | |||
| 101 | CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD); | ||
| 102 | } | ||
| 103 | return(&SSLv23_client_data); | ||
| 104 | } | ||
| 105 | 87 | ||
| 106 | int ssl23_connect(SSL *s) | 88 | int ssl23_connect(SSL *s) |
| 107 | { | 89 | { |
| @@ -241,6 +223,17 @@ static int ssl23_client_hello(SSL *s) | |||
| 241 | { | 223 | { |
| 242 | version = SSL2_VERSION; | 224 | version = SSL2_VERSION; |
| 243 | } | 225 | } |
| 226 | #ifndef OPENSSL_NO_TLSEXT | ||
| 227 | if (version != SSL2_VERSION) | ||
| 228 | { | ||
| 229 | /* have to disable SSL 2.0 compatibility if we need TLS extensions */ | ||
| 230 | |||
| 231 | if (s->tlsext_hostname != NULL) | ||
| 232 | ssl2_compat = 0; | ||
| 233 | if (s->tlsext_status_type != -1) | ||
| 234 | ssl2_compat = 0; | ||
| 235 | } | ||
| 236 | #endif | ||
| 244 | 237 | ||
| 245 | buf=(unsigned char *)s->init_buf->data; | 238 | buf=(unsigned char *)s->init_buf->data; |
| 246 | if (s->state == SSL23_ST_CW_CLNT_HELLO_A) | 239 | if (s->state == SSL23_ST_CW_CLNT_HELLO_A) |
| @@ -254,7 +247,7 @@ static int ssl23_client_hello(SSL *s) | |||
| 254 | #endif | 247 | #endif |
| 255 | 248 | ||
| 256 | p=s->s3->client_random; | 249 | p=s->s3->client_random; |
| 257 | Time=(unsigned long)time(NULL); /* Time */ | 250 | Time=(unsigned long)time(NULL); /* Time */ |
| 258 | l2n(Time,p); | 251 | l2n(Time,p); |
| 259 | if (RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-4) <= 0) | 252 | if (RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-4) <= 0) |
| 260 | return -1; | 253 | return -1; |
| @@ -264,14 +257,6 @@ static int ssl23_client_hello(SSL *s) | |||
| 264 | version_major = TLS1_VERSION_MAJOR; | 257 | version_major = TLS1_VERSION_MAJOR; |
| 265 | version_minor = TLS1_VERSION_MINOR; | 258 | version_minor = TLS1_VERSION_MINOR; |
| 266 | } | 259 | } |
| 267 | #ifdef OPENSSL_FIPS | ||
| 268 | else if(FIPS_mode()) | ||
| 269 | { | ||
| 270 | SSLerr(SSL_F_SSL23_CLIENT_HELLO, | ||
| 271 | SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE); | ||
| 272 | return -1; | ||
| 273 | } | ||
| 274 | #endif | ||
| 275 | else if (version == SSL3_VERSION) | 260 | else if (version == SSL3_VERSION) |
| 276 | { | 261 | { |
| 277 | version_major = SSL3_VERSION_MAJOR; | 262 | version_major = SSL3_VERSION_MAJOR; |
| @@ -386,6 +371,13 @@ static int ssl23_client_hello(SSL *s) | |||
| 386 | *(p++)=comp->id; | 371 | *(p++)=comp->id; |
| 387 | } | 372 | } |
| 388 | *(p++)=0; /* Add the NULL method */ | 373 | *(p++)=0; /* Add the NULL method */ |
| 374 | #ifndef OPENSSL_NO_TLSEXT | ||
| 375 | if ((p = ssl_add_clienthello_tlsext(s, p, buf+SSL3_RT_MAX_PLAIN_LENGTH)) == NULL) | ||
| 376 | { | ||
| 377 | SSLerr(SSL_F_SSL23_CLIENT_HELLO,ERR_R_INTERNAL_ERROR); | ||
| 378 | return -1; | ||
| 379 | } | ||
| 380 | #endif | ||
| 389 | 381 | ||
| 390 | l = p-d; | 382 | l = p-d; |
| 391 | *p = 42; | 383 | *p = 42; |
| @@ -544,14 +536,6 @@ static int ssl23_get_server_hello(SSL *s) | |||
| 544 | if ((p[2] == SSL3_VERSION_MINOR) && | 536 | if ((p[2] == SSL3_VERSION_MINOR) && |
| 545 | !(s->options & SSL_OP_NO_SSLv3)) | 537 | !(s->options & SSL_OP_NO_SSLv3)) |
| 546 | { | 538 | { |
| 547 | #ifdef OPENSSL_FIPS | ||
| 548 | if(FIPS_mode()) | ||
| 549 | { | ||
| 550 | SSLerr(SSL_F_SSL23_GET_SERVER_HELLO, | ||
| 551 | SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE); | ||
| 552 | goto err; | ||
| 553 | } | ||
| 554 | #endif | ||
| 555 | s->version=SSL3_VERSION; | 539 | s->version=SSL3_VERSION; |
| 556 | s->method=SSLv3_client_method(); | 540 | s->method=SSLv3_client_method(); |
| 557 | } | 541 | } |
| @@ -608,7 +592,6 @@ static int ssl23_get_server_hello(SSL *s) | |||
| 608 | if (!ssl_get_new_session(s,0)) | 592 | if (!ssl_get_new_session(s,0)) |
| 609 | goto err; | 593 | goto err; |
| 610 | 594 | ||
| 611 | s->first_packet=1; | ||
| 612 | return(SSL_connect(s)); | 595 | return(SSL_connect(s)); |
| 613 | err: | 596 | err: |
| 614 | return(-1); | 597 | return(-1); |
diff --git a/src/lib/libssl/src/ssl/s23_lib.c b/src/lib/libssl/src/ssl/s23_lib.c index 8d7dbcf569..fc2981308d 100644 --- a/src/lib/libssl/src/ssl/s23_lib.c +++ b/src/lib/libssl/src/ssl/s23_lib.c | |||
| @@ -60,55 +60,17 @@ | |||
| 60 | #include <openssl/objects.h> | 60 | #include <openssl/objects.h> |
| 61 | #include "ssl_locl.h" | 61 | #include "ssl_locl.h" |
| 62 | 62 | ||
| 63 | static int ssl23_num_ciphers(void ); | 63 | long ssl23_default_timeout(void) |
| 64 | static SSL_CIPHER *ssl23_get_cipher(unsigned int u); | ||
| 65 | static int ssl23_read(SSL *s, void *buf, int len); | ||
| 66 | static int ssl23_peek(SSL *s, void *buf, int len); | ||
| 67 | static int ssl23_write(SSL *s, const void *buf, int len); | ||
| 68 | static long ssl23_default_timeout(void ); | ||
| 69 | static int ssl23_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p); | ||
| 70 | static SSL_CIPHER *ssl23_get_cipher_by_char(const unsigned char *p); | ||
| 71 | const char *SSL23_version_str="SSLv2/3 compatibility" OPENSSL_VERSION_PTEXT; | ||
| 72 | |||
| 73 | static SSL_METHOD SSLv23_data= { | ||
| 74 | TLS1_VERSION, | ||
| 75 | tls1_new, | ||
| 76 | tls1_clear, | ||
| 77 | tls1_free, | ||
| 78 | ssl_undefined_function, | ||
| 79 | ssl_undefined_function, | ||
| 80 | ssl23_read, | ||
| 81 | ssl23_peek, | ||
| 82 | ssl23_write, | ||
| 83 | ssl_undefined_function, | ||
| 84 | ssl_undefined_function, | ||
| 85 | ssl_ok, | ||
| 86 | ssl3_ctrl, | ||
| 87 | ssl3_ctx_ctrl, | ||
| 88 | ssl23_get_cipher_by_char, | ||
| 89 | ssl23_put_cipher_by_char, | ||
| 90 | ssl_undefined_const_function, | ||
| 91 | ssl23_num_ciphers, | ||
| 92 | ssl23_get_cipher, | ||
| 93 | ssl_bad_method, | ||
| 94 | ssl23_default_timeout, | ||
| 95 | &ssl3_undef_enc_method, | ||
| 96 | ssl_undefined_function, | ||
| 97 | ssl3_callback_ctrl, | ||
| 98 | ssl3_ctx_callback_ctrl, | ||
| 99 | }; | ||
| 100 | |||
| 101 | static long ssl23_default_timeout(void) | ||
| 102 | { | 64 | { |
| 103 | return(300); | 65 | return(300); |
| 104 | } | 66 | } |
| 105 | 67 | ||
| 106 | SSL_METHOD *sslv23_base_method(void) | 68 | IMPLEMENT_ssl23_meth_func(sslv23_base_method, |
| 107 | { | 69 | ssl_undefined_function, |
| 108 | return(&SSLv23_data); | 70 | ssl_undefined_function, |
| 109 | } | 71 | ssl_bad_method) |
| 110 | 72 | ||
| 111 | static int ssl23_num_ciphers(void) | 73 | int ssl23_num_ciphers(void) |
| 112 | { | 74 | { |
| 113 | return(ssl3_num_ciphers() | 75 | return(ssl3_num_ciphers() |
| 114 | #ifndef OPENSSL_NO_SSL2 | 76 | #ifndef OPENSSL_NO_SSL2 |
| @@ -117,7 +79,7 @@ static int ssl23_num_ciphers(void) | |||
| 117 | ); | 79 | ); |
| 118 | } | 80 | } |
| 119 | 81 | ||
| 120 | static SSL_CIPHER *ssl23_get_cipher(unsigned int u) | 82 | SSL_CIPHER *ssl23_get_cipher(unsigned int u) |
| 121 | { | 83 | { |
| 122 | unsigned int uu=ssl3_num_ciphers(); | 84 | unsigned int uu=ssl3_num_ciphers(); |
| 123 | 85 | ||
| @@ -133,7 +95,7 @@ static SSL_CIPHER *ssl23_get_cipher(unsigned int u) | |||
| 133 | 95 | ||
| 134 | /* This function needs to check if the ciphers required are actually | 96 | /* This function needs to check if the ciphers required are actually |
| 135 | * available */ | 97 | * available */ |
| 136 | static SSL_CIPHER *ssl23_get_cipher_by_char(const unsigned char *p) | 98 | SSL_CIPHER *ssl23_get_cipher_by_char(const unsigned char *p) |
| 137 | { | 99 | { |
| 138 | SSL_CIPHER c,*cp; | 100 | SSL_CIPHER c,*cp; |
| 139 | unsigned long id; | 101 | unsigned long id; |
| @@ -151,7 +113,7 @@ static SSL_CIPHER *ssl23_get_cipher_by_char(const unsigned char *p) | |||
| 151 | return(cp); | 113 | return(cp); |
| 152 | } | 114 | } |
| 153 | 115 | ||
| 154 | static int ssl23_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p) | 116 | int ssl23_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p) |
| 155 | { | 117 | { |
| 156 | long l; | 118 | long l; |
| 157 | 119 | ||
| @@ -166,7 +128,7 @@ static int ssl23_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p) | |||
| 166 | return(3); | 128 | return(3); |
| 167 | } | 129 | } |
| 168 | 130 | ||
| 169 | static int ssl23_read(SSL *s, void *buf, int len) | 131 | int ssl23_read(SSL *s, void *buf, int len) |
| 170 | { | 132 | { |
| 171 | int n; | 133 | int n; |
| 172 | 134 | ||
| @@ -189,7 +151,7 @@ static int ssl23_read(SSL *s, void *buf, int len) | |||
| 189 | } | 151 | } |
| 190 | } | 152 | } |
| 191 | 153 | ||
| 192 | static int ssl23_peek(SSL *s, void *buf, int len) | 154 | int ssl23_peek(SSL *s, void *buf, int len) |
| 193 | { | 155 | { |
| 194 | int n; | 156 | int n; |
| 195 | 157 | ||
| @@ -212,7 +174,7 @@ static int ssl23_peek(SSL *s, void *buf, int len) | |||
| 212 | } | 174 | } |
| 213 | } | 175 | } |
| 214 | 176 | ||
| 215 | static int ssl23_write(SSL *s, const void *buf, int len) | 177 | int ssl23_write(SSL *s, const void *buf, int len) |
| 216 | { | 178 | { |
| 217 | int n; | 179 | int n; |
| 218 | 180 | ||
diff --git a/src/lib/libssl/src/ssl/s23_meth.c b/src/lib/libssl/src/ssl/s23_meth.c index f207140835..950d9aab3d 100644 --- a/src/lib/libssl/src/ssl/s23_meth.c +++ b/src/lib/libssl/src/ssl/s23_meth.c | |||
| @@ -63,37 +63,26 @@ | |||
| 63 | static SSL_METHOD *ssl23_get_method(int ver); | 63 | static SSL_METHOD *ssl23_get_method(int ver); |
| 64 | static SSL_METHOD *ssl23_get_method(int ver) | 64 | static SSL_METHOD *ssl23_get_method(int ver) |
| 65 | { | 65 | { |
| 66 | #ifndef OPENSSL_NO_SSL2 | ||
| 66 | if (ver == SSL2_VERSION) | 67 | if (ver == SSL2_VERSION) |
| 67 | return(SSLv2_method()); | 68 | return(SSLv2_method()); |
| 68 | else if (ver == SSL3_VERSION) | 69 | else |
| 70 | #endif | ||
| 71 | #ifndef OPENSSL_NO_SSL3 | ||
| 72 | if (ver == SSL3_VERSION) | ||
| 69 | return(SSLv3_method()); | 73 | return(SSLv3_method()); |
| 70 | else if (ver == TLS1_VERSION) | 74 | else |
| 75 | #endif | ||
| 76 | #ifndef OPENSSL_NO_TLS1 | ||
| 77 | if (ver == TLS1_VERSION) | ||
| 71 | return(TLSv1_method()); | 78 | return(TLSv1_method()); |
| 72 | else | 79 | else |
| 80 | #endif | ||
| 73 | return(NULL); | 81 | return(NULL); |
| 74 | } | 82 | } |
| 75 | 83 | ||
| 76 | SSL_METHOD *SSLv23_method(void) | 84 | IMPLEMENT_ssl23_meth_func(SSLv23_method, |
| 77 | { | 85 | ssl23_accept, |
| 78 | static int init=1; | 86 | ssl23_connect, |
| 79 | static SSL_METHOD SSLv23_data; | 87 | ssl23_get_method) |
| 80 | |||
| 81 | if (init) | ||
| 82 | { | ||
| 83 | CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD); | ||
| 84 | |||
| 85 | if (init) | ||
| 86 | { | ||
| 87 | memcpy((char *)&SSLv23_data,(char *)sslv23_base_method(), | ||
| 88 | sizeof(SSL_METHOD)); | ||
| 89 | SSLv23_data.ssl_connect=ssl23_connect; | ||
| 90 | SSLv23_data.ssl_accept=ssl23_accept; | ||
| 91 | SSLv23_data.get_ssl_method=ssl23_get_method; | ||
| 92 | init=0; | ||
| 93 | } | ||
| 94 | |||
| 95 | CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD); | ||
| 96 | } | ||
| 97 | return(&SSLv23_data); | ||
| 98 | } | ||
| 99 | 88 | ||
diff --git a/src/lib/libssl/src/ssl/s23_srvr.c b/src/lib/libssl/src/ssl/s23_srvr.c index b73abc448f..6637bb9549 100644 --- a/src/lib/libssl/src/ssl/s23_srvr.c +++ b/src/lib/libssl/src/ssl/s23_srvr.c | |||
| @@ -132,28 +132,10 @@ static SSL_METHOD *ssl23_get_server_method(int ver) | |||
| 132 | return(NULL); | 132 | return(NULL); |
| 133 | } | 133 | } |
| 134 | 134 | ||
| 135 | SSL_METHOD *SSLv23_server_method(void) | 135 | IMPLEMENT_ssl23_meth_func(SSLv23_server_method, |
| 136 | { | 136 | ssl23_accept, |
| 137 | static int init=1; | 137 | ssl_undefined_function, |
| 138 | static SSL_METHOD SSLv23_server_data; | 138 | ssl23_get_server_method) |
| 139 | |||
| 140 | if (init) | ||
| 141 | { | ||
| 142 | CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD); | ||
| 143 | |||
| 144 | if (init) | ||
| 145 | { | ||
| 146 | memcpy((char *)&SSLv23_server_data, | ||
| 147 | (char *)sslv23_base_method(),sizeof(SSL_METHOD)); | ||
| 148 | SSLv23_server_data.ssl_accept=ssl23_accept; | ||
| 149 | SSLv23_server_data.get_ssl_method=ssl23_get_server_method; | ||
| 150 | init=0; | ||
| 151 | } | ||
| 152 | |||
| 153 | CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD); | ||
| 154 | } | ||
| 155 | return(&SSLv23_server_data); | ||
| 156 | } | ||
| 157 | 139 | ||
| 158 | int ssl23_accept(SSL *s) | 140 | int ssl23_accept(SSL *s) |
| 159 | { | 141 | { |
| @@ -404,15 +386,6 @@ int ssl23_get_client_hello(SSL *s) | |||
| 404 | } | 386 | } |
| 405 | } | 387 | } |
| 406 | 388 | ||
| 407 | #ifdef OPENSSL_FIPS | ||
| 408 | if (FIPS_mode() && (s->version < TLS1_VERSION)) | ||
| 409 | { | ||
| 410 | SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO, | ||
| 411 | SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE); | ||
| 412 | goto err; | ||
| 413 | } | ||
| 414 | #endif | ||
| 415 | |||
| 416 | if (s->state == SSL23_ST_SR_CLNT_HELLO_B) | 389 | if (s->state == SSL23_ST_SR_CLNT_HELLO_B) |
| 417 | { | 390 | { |
| 418 | /* we have SSLv3/TLSv1 in an SSLv2 header | 391 | /* we have SSLv3/TLSv1 in an SSLv2 header |
| @@ -592,7 +565,6 @@ int ssl23_get_client_hello(SSL *s) | |||
| 592 | s->init_num=0; | 565 | s->init_num=0; |
| 593 | 566 | ||
| 594 | if (buf != buf_space) OPENSSL_free(buf); | 567 | if (buf != buf_space) OPENSSL_free(buf); |
| 595 | s->first_packet=1; | ||
| 596 | return(SSL_accept(s)); | 568 | return(SSL_accept(s)); |
| 597 | err: | 569 | err: |
| 598 | if (buf != buf_space) OPENSSL_free(buf); | 570 | if (buf != buf_space) OPENSSL_free(buf); |
diff --git a/src/lib/libssl/src/ssl/s2_clnt.c b/src/lib/libssl/src/ssl/s2_clnt.c index 003809271b..e2a90a3ca2 100644 --- a/src/lib/libssl/src/ssl/s2_clnt.c +++ b/src/lib/libssl/src/ssl/s2_clnt.c | |||
| @@ -137,28 +137,10 @@ static SSL_METHOD *ssl2_get_client_method(int ver) | |||
| 137 | return(NULL); | 137 | return(NULL); |
| 138 | } | 138 | } |
| 139 | 139 | ||
| 140 | SSL_METHOD *SSLv2_client_method(void) | 140 | IMPLEMENT_ssl2_meth_func(SSLv2_client_method, |
| 141 | { | 141 | ssl_undefined_function, |
| 142 | static int init=1; | 142 | ssl2_connect, |
| 143 | static SSL_METHOD SSLv2_client_data; | 143 | ssl2_get_client_method) |
| 144 | |||
| 145 | if (init) | ||
| 146 | { | ||
| 147 | CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD); | ||
| 148 | |||
| 149 | if (init) | ||
| 150 | { | ||
| 151 | memcpy((char *)&SSLv2_client_data,(char *)sslv2_base_method(), | ||
| 152 | sizeof(SSL_METHOD)); | ||
| 153 | SSLv2_client_data.ssl_connect=ssl2_connect; | ||
| 154 | SSLv2_client_data.get_ssl_method=ssl2_get_client_method; | ||
| 155 | init=0; | ||
| 156 | } | ||
| 157 | |||
| 158 | CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD); | ||
| 159 | } | ||
| 160 | return(&SSLv2_client_data); | ||
| 161 | } | ||
| 162 | 144 | ||
| 163 | int ssl2_connect(SSL *s) | 145 | int ssl2_connect(SSL *s) |
| 164 | { | 146 | { |
| @@ -484,11 +466,11 @@ static int get_server_hello(SSL *s) | |||
| 484 | return(-1); | 466 | return(-1); |
| 485 | } | 467 | } |
| 486 | 468 | ||
| 487 | sk_SSL_CIPHER_set_cmp_func(sk,ssl_cipher_ptr_id_cmp); | 469 | (void)sk_SSL_CIPHER_set_cmp_func(sk,ssl_cipher_ptr_id_cmp); |
| 488 | 470 | ||
| 489 | /* get the array of ciphers we will accept */ | 471 | /* get the array of ciphers we will accept */ |
| 490 | cl=SSL_get_ciphers(s); | 472 | cl=SSL_get_ciphers(s); |
| 491 | sk_SSL_CIPHER_set_cmp_func(cl,ssl_cipher_ptr_id_cmp); | 473 | (void)sk_SSL_CIPHER_set_cmp_func(cl,ssl_cipher_ptr_id_cmp); |
| 492 | 474 | ||
| 493 | /* | 475 | /* |
| 494 | * If server preference flag set, choose the first | 476 | * If server preference flag set, choose the first |
| @@ -538,8 +520,8 @@ static int get_server_hello(SSL *s) | |||
| 538 | CRYPTO_add(&s->session->peer->references, 1, CRYPTO_LOCK_X509); | 520 | CRYPTO_add(&s->session->peer->references, 1, CRYPTO_LOCK_X509); |
| 539 | } | 521 | } |
| 540 | 522 | ||
| 541 | if (s->session->sess_cert == NULL || | 523 | if (s->session->sess_cert == NULL |
| 542 | s->session->peer != s->session->sess_cert->peer_key->x509) | 524 | || s->session->peer != s->session->sess_cert->peer_key->x509) |
| 543 | /* can't happen */ | 525 | /* can't happen */ |
| 544 | { | 526 | { |
| 545 | ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR); | 527 | ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR); |
| @@ -613,7 +595,7 @@ static int client_hello(SSL *s) | |||
| 613 | s->s2->challenge_length=SSL2_CHALLENGE_LENGTH; | 595 | s->s2->challenge_length=SSL2_CHALLENGE_LENGTH; |
| 614 | s2n(SSL2_CHALLENGE_LENGTH,p); /* challenge length */ | 596 | s2n(SSL2_CHALLENGE_LENGTH,p); /* challenge length */ |
| 615 | /*challenge id data*/ | 597 | /*challenge id data*/ |
| 616 | if(RAND_pseudo_bytes(s->s2->challenge,SSL2_CHALLENGE_LENGTH) <= 0) | 598 | if (RAND_pseudo_bytes(s->s2->challenge,SSL2_CHALLENGE_LENGTH) <= 0) |
| 617 | return -1; | 599 | return -1; |
| 618 | memcpy(d,s->s2->challenge,SSL2_CHALLENGE_LENGTH); | 600 | memcpy(d,s->s2->challenge,SSL2_CHALLENGE_LENGTH); |
| 619 | d+=SSL2_CHALLENGE_LENGTH; | 601 | d+=SSL2_CHALLENGE_LENGTH; |
| @@ -663,7 +645,7 @@ static int client_master_key(SSL *s) | |||
| 663 | return -1; | 645 | return -1; |
| 664 | } | 646 | } |
| 665 | if (i > 0) | 647 | if (i > 0) |
| 666 | if(RAND_pseudo_bytes(sess->key_arg,i) <= 0) | 648 | if (RAND_pseudo_bytes(sess->key_arg,i) <= 0) |
| 667 | return -1; | 649 | return -1; |
| 668 | 650 | ||
| 669 | /* make a master key */ | 651 | /* make a master key */ |
| @@ -671,7 +653,7 @@ static int client_master_key(SSL *s) | |||
| 671 | sess->master_key_length=i; | 653 | sess->master_key_length=i; |
| 672 | if (i > 0) | 654 | if (i > 0) |
| 673 | { | 655 | { |
| 674 | if (i > sizeof sess->master_key) | 656 | if (i > (int)sizeof(sess->master_key)) |
| 675 | { | 657 | { |
| 676 | ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR); | 658 | ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR); |
| 677 | SSLerr(SSL_F_CLIENT_MASTER_KEY, ERR_R_INTERNAL_ERROR); | 659 | SSLerr(SSL_F_CLIENT_MASTER_KEY, ERR_R_INTERNAL_ERROR); |
| @@ -691,7 +673,7 @@ static int client_master_key(SSL *s) | |||
| 691 | else | 673 | else |
| 692 | enc=i; | 674 | enc=i; |
| 693 | 675 | ||
| 694 | if (i < enc) | 676 | if ((int)i < enc) |
| 695 | { | 677 | { |
| 696 | ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); | 678 | ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); |
| 697 | SSLerr(SSL_F_CLIENT_MASTER_KEY,SSL_R_CIPHER_TABLE_SRC_ERROR); | 679 | SSLerr(SSL_F_CLIENT_MASTER_KEY,SSL_R_CIPHER_TABLE_SRC_ERROR); |
| @@ -720,7 +702,7 @@ static int client_master_key(SSL *s) | |||
| 720 | d+=enc; | 702 | d+=enc; |
| 721 | karg=sess->key_arg_length; | 703 | karg=sess->key_arg_length; |
| 722 | s2n(karg,p); /* key arg size */ | 704 | s2n(karg,p); /* key arg size */ |
| 723 | if (karg > sizeof sess->key_arg) | 705 | if (karg > (int)sizeof(sess->key_arg)) |
| 724 | { | 706 | { |
| 725 | ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); | 707 | ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); |
| 726 | SSLerr(SSL_F_CLIENT_MASTER_KEY, ERR_R_INTERNAL_ERROR); | 708 | SSLerr(SSL_F_CLIENT_MASTER_KEY, ERR_R_INTERNAL_ERROR); |
| @@ -1038,7 +1020,7 @@ static int get_server_finished(SSL *s) | |||
| 1038 | } | 1020 | } |
| 1039 | 1021 | ||
| 1040 | /* loads in the certificate from the server */ | 1022 | /* loads in the certificate from the server */ |
| 1041 | int ssl2_set_certificate(SSL *s, int type, int len, unsigned char *data) | 1023 | int ssl2_set_certificate(SSL *s, int type, int len, const unsigned char *data) |
| 1042 | { | 1024 | { |
| 1043 | STACK_OF(X509) *sk=NULL; | 1025 | STACK_OF(X509) *sk=NULL; |
| 1044 | EVP_PKEY *pkey=NULL; | 1026 | EVP_PKEY *pkey=NULL; |
diff --git a/src/lib/libssl/src/ssl/s2_enc.c b/src/lib/libssl/src/ssl/s2_enc.c index 21a06f76cb..1f62acd5b1 100644 --- a/src/lib/libssl/src/ssl/s2_enc.c +++ b/src/lib/libssl/src/ssl/s2_enc.c | |||
| @@ -82,15 +82,18 @@ int ssl2_enc_init(SSL *s, int client) | |||
| 82 | ((s->enc_read_ctx=(EVP_CIPHER_CTX *) | 82 | ((s->enc_read_ctx=(EVP_CIPHER_CTX *) |
| 83 | OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL)) | 83 | OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL)) |
| 84 | goto err; | 84 | goto err; |
| 85 | |||
| 86 | /* make sure it's intialized in case the malloc for enc_write_ctx fails | ||
| 87 | * and we exit with an error */ | ||
| 88 | rs= s->enc_read_ctx; | ||
| 89 | EVP_CIPHER_CTX_init(rs); | ||
| 90 | |||
| 85 | if ((s->enc_write_ctx == NULL) && | 91 | if ((s->enc_write_ctx == NULL) && |
| 86 | ((s->enc_write_ctx=(EVP_CIPHER_CTX *) | 92 | ((s->enc_write_ctx=(EVP_CIPHER_CTX *) |
| 87 | OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL)) | 93 | OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL)) |
| 88 | goto err; | 94 | goto err; |
| 89 | 95 | ||
| 90 | rs= s->enc_read_ctx; | ||
| 91 | ws= s->enc_write_ctx; | 96 | ws= s->enc_write_ctx; |
| 92 | |||
| 93 | EVP_CIPHER_CTX_init(rs); | ||
| 94 | EVP_CIPHER_CTX_init(ws); | 97 | EVP_CIPHER_CTX_init(ws); |
| 95 | 98 | ||
| 96 | num=c->key_len; | 99 | num=c->key_len; |
| @@ -100,7 +103,7 @@ int ssl2_enc_init(SSL *s, int client) | |||
| 100 | if (ssl2_generate_key_material(s) <= 0) | 103 | if (ssl2_generate_key_material(s) <= 0) |
| 101 | return 0; | 104 | return 0; |
| 102 | 105 | ||
| 103 | OPENSSL_assert(c->iv_len <= sizeof s->session->key_arg); | 106 | OPENSSL_assert(c->iv_len <= (int)sizeof(s->session->key_arg)); |
| 104 | EVP_EncryptInit_ex(ws,c,NULL,&(s->s2->key_material[(client)?num:0]), | 107 | EVP_EncryptInit_ex(ws,c,NULL,&(s->s2->key_material[(client)?num:0]), |
| 105 | s->session->key_arg); | 108 | s->session->key_arg); |
| 106 | EVP_DecryptInit_ex(rs,c,NULL,&(s->s2->key_material[(client)?0:num]), | 109 | EVP_DecryptInit_ex(rs,c,NULL,&(s->s2->key_material[(client)?0:num]), |
diff --git a/src/lib/libssl/src/ssl/s2_lib.c b/src/lib/libssl/src/ssl/s2_lib.c index 26ce8c8d98..10751b22ba 100644 --- a/src/lib/libssl/src/ssl/s2_lib.c +++ b/src/lib/libssl/src/ssl/s2_lib.c | |||
| @@ -59,16 +59,15 @@ | |||
| 59 | #include "ssl_locl.h" | 59 | #include "ssl_locl.h" |
| 60 | #ifndef OPENSSL_NO_SSL2 | 60 | #ifndef OPENSSL_NO_SSL2 |
| 61 | #include <stdio.h> | 61 | #include <stdio.h> |
| 62 | #include <openssl/rsa.h> | ||
| 63 | #include <openssl/objects.h> | 62 | #include <openssl/objects.h> |
| 64 | #include <openssl/evp.h> | 63 | #include <openssl/evp.h> |
| 65 | #include <openssl/md5.h> | 64 | #include <openssl/md5.h> |
| 66 | 65 | ||
| 67 | static long ssl2_default_timeout(void ); | 66 | const char ssl2_version_str[]="SSLv2" OPENSSL_VERSION_PTEXT; |
| 68 | const char *ssl2_version_str="SSLv2" OPENSSL_VERSION_PTEXT; | ||
| 69 | 67 | ||
| 70 | #define SSL2_NUM_CIPHERS (sizeof(ssl2_ciphers)/sizeof(SSL_CIPHER)) | 68 | #define SSL2_NUM_CIPHERS (sizeof(ssl2_ciphers)/sizeof(SSL_CIPHER)) |
| 71 | 69 | ||
| 70 | /* list of available SSLv2 ciphers (sorted by id) */ | ||
| 72 | OPENSSL_GLOBAL SSL_CIPHER ssl2_ciphers[]={ | 71 | OPENSSL_GLOBAL SSL_CIPHER ssl2_ciphers[]={ |
| 73 | /* NULL_WITH_MD5 v3 */ | 72 | /* NULL_WITH_MD5 v3 */ |
| 74 | #if 0 | 73 | #if 0 |
| @@ -85,19 +84,6 @@ OPENSSL_GLOBAL SSL_CIPHER ssl2_ciphers[]={ | |||
| 85 | SSL_ALL_STRENGTHS, | 84 | SSL_ALL_STRENGTHS, |
| 86 | }, | 85 | }, |
| 87 | #endif | 86 | #endif |
| 88 | /* RC4_128_EXPORT40_WITH_MD5 */ | ||
| 89 | { | ||
| 90 | 1, | ||
| 91 | SSL2_TXT_RC4_128_EXPORT40_WITH_MD5, | ||
| 92 | SSL2_CK_RC4_128_EXPORT40_WITH_MD5, | ||
| 93 | SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_MD5|SSL_SSLV2, | ||
| 94 | SSL_EXPORT|SSL_EXP40, | ||
| 95 | SSL2_CF_5_BYTE_ENC, | ||
| 96 | 40, | ||
| 97 | 128, | ||
| 98 | SSL_ALL_CIPHERS, | ||
| 99 | SSL_ALL_STRENGTHS, | ||
| 100 | }, | ||
| 101 | /* RC4_128_WITH_MD5 */ | 87 | /* RC4_128_WITH_MD5 */ |
| 102 | { | 88 | { |
| 103 | 1, | 89 | 1, |
| @@ -111,12 +97,12 @@ OPENSSL_GLOBAL SSL_CIPHER ssl2_ciphers[]={ | |||
| 111 | SSL_ALL_CIPHERS, | 97 | SSL_ALL_CIPHERS, |
| 112 | SSL_ALL_STRENGTHS, | 98 | SSL_ALL_STRENGTHS, |
| 113 | }, | 99 | }, |
| 114 | /* RC2_128_CBC_EXPORT40_WITH_MD5 */ | 100 | /* RC4_128_EXPORT40_WITH_MD5 */ |
| 115 | { | 101 | { |
| 116 | 1, | 102 | 1, |
| 117 | SSL2_TXT_RC2_128_CBC_EXPORT40_WITH_MD5, | 103 | SSL2_TXT_RC4_128_EXPORT40_WITH_MD5, |
| 118 | SSL2_CK_RC2_128_CBC_EXPORT40_WITH_MD5, | 104 | SSL2_CK_RC4_128_EXPORT40_WITH_MD5, |
| 119 | SSL_kRSA|SSL_aRSA|SSL_RC2|SSL_MD5|SSL_SSLV2, | 105 | SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_MD5|SSL_SSLV2, |
| 120 | SSL_EXPORT|SSL_EXP40, | 106 | SSL_EXPORT|SSL_EXP40, |
| 121 | SSL2_CF_5_BYTE_ENC, | 107 | SSL2_CF_5_BYTE_ENC, |
| 122 | 40, | 108 | 40, |
| @@ -137,6 +123,19 @@ OPENSSL_GLOBAL SSL_CIPHER ssl2_ciphers[]={ | |||
| 137 | SSL_ALL_CIPHERS, | 123 | SSL_ALL_CIPHERS, |
| 138 | SSL_ALL_STRENGTHS, | 124 | SSL_ALL_STRENGTHS, |
| 139 | }, | 125 | }, |
| 126 | /* RC2_128_CBC_EXPORT40_WITH_MD5 */ | ||
| 127 | { | ||
| 128 | 1, | ||
| 129 | SSL2_TXT_RC2_128_CBC_EXPORT40_WITH_MD5, | ||
| 130 | SSL2_CK_RC2_128_CBC_EXPORT40_WITH_MD5, | ||
| 131 | SSL_kRSA|SSL_aRSA|SSL_RC2|SSL_MD5|SSL_SSLV2, | ||
| 132 | SSL_EXPORT|SSL_EXP40, | ||
| 133 | SSL2_CF_5_BYTE_ENC, | ||
| 134 | 40, | ||
| 135 | 128, | ||
| 136 | SSL_ALL_CIPHERS, | ||
| 137 | SSL_ALL_STRENGTHS, | ||
| 138 | }, | ||
| 140 | /* IDEA_128_CBC_WITH_MD5 */ | 139 | /* IDEA_128_CBC_WITH_MD5 */ |
| 141 | #ifndef OPENSSL_NO_IDEA | 140 | #ifndef OPENSSL_NO_IDEA |
| 142 | { | 141 | { |
| @@ -179,7 +178,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl2_ciphers[]={ | |||
| 179 | SSL_ALL_STRENGTHS, | 178 | SSL_ALL_STRENGTHS, |
| 180 | }, | 179 | }, |
| 181 | /* RC4_64_WITH_MD5 */ | 180 | /* RC4_64_WITH_MD5 */ |
| 182 | #if 1 | 181 | #if 0 |
| 183 | { | 182 | { |
| 184 | 1, | 183 | 1, |
| 185 | SSL2_TXT_RC4_64_WITH_MD5, | 184 | SSL2_TXT_RC4_64_WITH_MD5, |
| @@ -212,43 +211,15 @@ OPENSSL_GLOBAL SSL_CIPHER ssl2_ciphers[]={ | |||
| 212 | /* end of list :-) */ | 211 | /* end of list :-) */ |
| 213 | }; | 212 | }; |
| 214 | 213 | ||
| 215 | static SSL_METHOD SSLv2_data= { | 214 | long ssl2_default_timeout(void) |
| 216 | SSL2_VERSION, | ||
| 217 | ssl2_new, /* local */ | ||
| 218 | ssl2_clear, /* local */ | ||
| 219 | ssl2_free, /* local */ | ||
| 220 | ssl_undefined_function, | ||
| 221 | ssl_undefined_function, | ||
| 222 | ssl2_read, | ||
| 223 | ssl2_peek, | ||
| 224 | ssl2_write, | ||
| 225 | ssl2_shutdown, | ||
| 226 | ssl_ok, /* NULL - renegotiate */ | ||
| 227 | ssl_ok, /* NULL - check renegotiate */ | ||
| 228 | ssl2_ctrl, /* local */ | ||
| 229 | ssl2_ctx_ctrl, /* local */ | ||
| 230 | ssl2_get_cipher_by_char, | ||
| 231 | ssl2_put_cipher_by_char, | ||
| 232 | ssl2_pending, | ||
| 233 | ssl2_num_ciphers, | ||
| 234 | ssl2_get_cipher, | ||
| 235 | ssl_bad_method, | ||
| 236 | ssl2_default_timeout, | ||
| 237 | &ssl3_undef_enc_method, | ||
| 238 | ssl_undefined_function, | ||
| 239 | ssl2_callback_ctrl, /* local */ | ||
| 240 | ssl2_ctx_callback_ctrl, /* local */ | ||
| 241 | }; | ||
| 242 | |||
| 243 | static long ssl2_default_timeout(void) | ||
| 244 | { | 215 | { |
| 245 | return(300); | 216 | return(300); |
| 246 | } | 217 | } |
| 247 | 218 | ||
| 248 | SSL_METHOD *sslv2_base_method(void) | 219 | IMPLEMENT_ssl2_meth_func(sslv2_base_method, |
| 249 | { | 220 | ssl_undefined_function, |
| 250 | return(&SSLv2_data); | 221 | ssl_undefined_function, |
| 251 | } | 222 | ssl_bad_method) |
| 252 | 223 | ||
| 253 | int ssl2_num_ciphers(void) | 224 | int ssl2_num_ciphers(void) |
| 254 | { | 225 | { |
| @@ -349,7 +320,7 @@ long ssl2_ctrl(SSL *s, int cmd, long larg, void *parg) | |||
| 349 | return(ret); | 320 | return(ret); |
| 350 | } | 321 | } |
| 351 | 322 | ||
| 352 | long ssl2_callback_ctrl(SSL *s, int cmd, void (*fp)()) | 323 | long ssl2_callback_ctrl(SSL *s, int cmd, void (*fp)(void)) |
| 353 | { | 324 | { |
| 354 | return(0); | 325 | return(0); |
| 355 | } | 326 | } |
| @@ -359,7 +330,7 @@ long ssl2_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) | |||
| 359 | return(0); | 330 | return(0); |
| 360 | } | 331 | } |
| 361 | 332 | ||
| 362 | long ssl2_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)()) | 333 | long ssl2_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void)) |
| 363 | { | 334 | { |
| 364 | return(0); | 335 | return(0); |
| 365 | } | 336 | } |
| @@ -368,42 +339,20 @@ long ssl2_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)()) | |||
| 368 | * available */ | 339 | * available */ |
| 369 | SSL_CIPHER *ssl2_get_cipher_by_char(const unsigned char *p) | 340 | SSL_CIPHER *ssl2_get_cipher_by_char(const unsigned char *p) |
| 370 | { | 341 | { |
| 371 | static int init=1; | 342 | SSL_CIPHER c,*cp; |
| 372 | static SSL_CIPHER *sorted[SSL2_NUM_CIPHERS]; | ||
| 373 | SSL_CIPHER c,*cp= &c,**cpp; | ||
| 374 | unsigned long id; | 343 | unsigned long id; |
| 375 | int i; | ||
| 376 | |||
| 377 | if (init) | ||
| 378 | { | ||
| 379 | CRYPTO_w_lock(CRYPTO_LOCK_SSL); | ||
| 380 | |||
| 381 | if (init) | ||
| 382 | { | ||
| 383 | for (i=0; i<SSL2_NUM_CIPHERS; i++) | ||
| 384 | sorted[i]= &(ssl2_ciphers[i]); | ||
| 385 | |||
| 386 | qsort((char *)sorted, | ||
| 387 | SSL2_NUM_CIPHERS,sizeof(SSL_CIPHER *), | ||
| 388 | FP_ICC ssl_cipher_ptr_id_cmp); | ||
| 389 | |||
| 390 | init=0; | ||
| 391 | } | ||
| 392 | |||
| 393 | CRYPTO_w_unlock(CRYPTO_LOCK_SSL); | ||
| 394 | } | ||
| 395 | 344 | ||
| 396 | id=0x02000000L|((unsigned long)p[0]<<16L)| | 345 | id=0x02000000L|((unsigned long)p[0]<<16L)| |
| 397 | ((unsigned long)p[1]<<8L)|(unsigned long)p[2]; | 346 | ((unsigned long)p[1]<<8L)|(unsigned long)p[2]; |
| 398 | c.id=id; | 347 | c.id=id; |
| 399 | cpp=(SSL_CIPHER **)OBJ_bsearch((char *)&cp, | 348 | cp = (SSL_CIPHER *)OBJ_bsearch((char *)&c, |
| 400 | (char *)sorted, | 349 | (char *)ssl2_ciphers, |
| 401 | SSL2_NUM_CIPHERS,sizeof(SSL_CIPHER *), | 350 | SSL2_NUM_CIPHERS,sizeof(SSL_CIPHER), |
| 402 | FP_ICC ssl_cipher_ptr_id_cmp); | 351 | FP_ICC ssl_cipher_id_cmp); |
| 403 | if ((cpp == NULL) || !(*cpp)->valid) | 352 | if ((cp == NULL) || (cp->valid == 0)) |
| 404 | return(NULL); | 353 | return NULL; |
| 405 | else | 354 | else |
| 406 | return(*cpp); | 355 | return cp; |
| 407 | } | 356 | } |
| 408 | 357 | ||
| 409 | int ssl2_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p) | 358 | int ssl2_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p) |
| @@ -438,7 +387,8 @@ int ssl2_generate_key_material(SSL *s) | |||
| 438 | EVP_MD_CTX_init(&ctx); | 387 | EVP_MD_CTX_init(&ctx); |
| 439 | km=s->s2->key_material; | 388 | km=s->s2->key_material; |
| 440 | 389 | ||
| 441 | if (s->session->master_key_length < 0 || s->session->master_key_length > sizeof s->session->master_key) | 390 | if (s->session->master_key_length < 0 || |
| 391 | s->session->master_key_length > (int)sizeof(s->session->master_key)) | ||
| 442 | { | 392 | { |
| 443 | SSLerr(SSL_F_SSL2_GENERATE_KEY_MATERIAL, ERR_R_INTERNAL_ERROR); | 393 | SSLerr(SSL_F_SSL2_GENERATE_KEY_MATERIAL, ERR_R_INTERNAL_ERROR); |
| 444 | return 0; | 394 | return 0; |
| @@ -446,7 +396,8 @@ int ssl2_generate_key_material(SSL *s) | |||
| 446 | 396 | ||
| 447 | for (i=0; i<s->s2->key_material_length; i += EVP_MD_size(md5)) | 397 | for (i=0; i<s->s2->key_material_length; i += EVP_MD_size(md5)) |
| 448 | { | 398 | { |
| 449 | if (((km - s->s2->key_material) + EVP_MD_size(md5)) > sizeof s->s2->key_material) | 399 | if (((km - s->s2->key_material) + EVP_MD_size(md5)) > |
| 400 | (int)sizeof(s->s2->key_material)) | ||
| 450 | { | 401 | { |
| 451 | /* EVP_DigestFinal_ex() below would write beyond buffer */ | 402 | /* EVP_DigestFinal_ex() below would write beyond buffer */ |
| 452 | SSLerr(SSL_F_SSL2_GENERATE_KEY_MATERIAL, ERR_R_INTERNAL_ERROR); | 403 | SSLerr(SSL_F_SSL2_GENERATE_KEY_MATERIAL, ERR_R_INTERNAL_ERROR); |
| @@ -457,7 +408,7 @@ int ssl2_generate_key_material(SSL *s) | |||
| 457 | 408 | ||
| 458 | OPENSSL_assert(s->session->master_key_length >= 0 | 409 | OPENSSL_assert(s->session->master_key_length >= 0 |
| 459 | && s->session->master_key_length | 410 | && s->session->master_key_length |
| 460 | < sizeof s->session->master_key); | 411 | < (int)sizeof(s->session->master_key)); |
| 461 | EVP_DigestUpdate(&ctx,s->session->master_key,s->session->master_key_length); | 412 | EVP_DigestUpdate(&ctx,s->session->master_key,s->session->master_key_length); |
| 462 | EVP_DigestUpdate(&ctx,&c,1); | 413 | EVP_DigestUpdate(&ctx,&c,1); |
| 463 | c++; | 414 | c++; |
| @@ -496,7 +447,7 @@ void ssl2_write_error(SSL *s) | |||
| 496 | 447 | ||
| 497 | error=s->error; /* number of bytes left to write */ | 448 | error=s->error; /* number of bytes left to write */ |
| 498 | s->error=0; | 449 | s->error=0; |
| 499 | OPENSSL_assert(error >= 0 && error <= sizeof buf); | 450 | OPENSSL_assert(error >= 0 && error <= (int)sizeof(buf)); |
| 500 | i=ssl2_write(s,&(buf[3-error]),error); | 451 | i=ssl2_write(s,&(buf[3-error]),error); |
| 501 | 452 | ||
| 502 | /* if (i == error) s->rwstate=state; */ | 453 | /* if (i == error) s->rwstate=state; */ |
diff --git a/src/lib/libssl/src/ssl/s2_meth.c b/src/lib/libssl/src/ssl/s2_meth.c index 8b6cbd086e..a35e435b71 100644 --- a/src/lib/libssl/src/ssl/s2_meth.c +++ b/src/lib/libssl/src/ssl/s2_meth.c | |||
| @@ -70,29 +70,11 @@ static SSL_METHOD *ssl2_get_method(int ver) | |||
| 70 | return(NULL); | 70 | return(NULL); |
| 71 | } | 71 | } |
| 72 | 72 | ||
| 73 | SSL_METHOD *SSLv2_method(void) | 73 | IMPLEMENT_ssl2_meth_func(SSLv2_method, |
| 74 | { | 74 | ssl2_accept, |
| 75 | static int init=1; | 75 | ssl2_connect, |
| 76 | static SSL_METHOD SSLv2_data; | 76 | ssl2_get_method) |
| 77 | 77 | ||
| 78 | if (init) | ||
| 79 | { | ||
| 80 | CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD); | ||
| 81 | |||
| 82 | if (init) | ||
| 83 | { | ||
| 84 | memcpy((char *)&SSLv2_data,(char *)sslv2_base_method(), | ||
| 85 | sizeof(SSL_METHOD)); | ||
| 86 | SSLv2_data.ssl_connect=ssl2_connect; | ||
| 87 | SSLv2_data.ssl_accept=ssl2_accept; | ||
| 88 | SSLv2_data.get_ssl_method=ssl2_get_method; | ||
| 89 | init=0; | ||
| 90 | } | ||
| 91 | |||
| 92 | CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD); | ||
| 93 | } | ||
| 94 | return(&SSLv2_data); | ||
| 95 | } | ||
| 96 | #else /* !OPENSSL_NO_SSL2 */ | 78 | #else /* !OPENSSL_NO_SSL2 */ |
| 97 | 79 | ||
| 98 | # if PEDANTIC | 80 | # if PEDANTIC |
diff --git a/src/lib/libssl/src/ssl/s2_srvr.c b/src/lib/libssl/src/ssl/s2_srvr.c index 7a4992b7aa..0daf2b129d 100644 --- a/src/lib/libssl/src/ssl/s2_srvr.c +++ b/src/lib/libssl/src/ssl/s2_srvr.c | |||
| @@ -137,28 +137,10 @@ static SSL_METHOD *ssl2_get_server_method(int ver) | |||
| 137 | return(NULL); | 137 | return(NULL); |
| 138 | } | 138 | } |
| 139 | 139 | ||
| 140 | SSL_METHOD *SSLv2_server_method(void) | 140 | IMPLEMENT_ssl2_meth_func(SSLv2_server_method, |
| 141 | { | 141 | ssl2_accept, |
| 142 | static int init=1; | 142 | ssl_undefined_function, |
| 143 | static SSL_METHOD SSLv2_server_data; | 143 | ssl2_get_server_method) |
| 144 | |||
| 145 | if (init) | ||
| 146 | { | ||
| 147 | CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD); | ||
| 148 | |||
| 149 | if (init) | ||
| 150 | { | ||
| 151 | memcpy((char *)&SSLv2_server_data,(char *)sslv2_base_method(), | ||
| 152 | sizeof(SSL_METHOD)); | ||
| 153 | SSLv2_server_data.ssl_accept=ssl2_accept; | ||
| 154 | SSLv2_server_data.get_ssl_method=ssl2_get_server_method; | ||
| 155 | init=0; | ||
| 156 | } | ||
| 157 | |||
| 158 | CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD); | ||
| 159 | } | ||
| 160 | return(&SSLv2_server_data); | ||
| 161 | } | ||
| 162 | 144 | ||
| 163 | int ssl2_accept(SSL *s) | 145 | int ssl2_accept(SSL *s) |
| 164 | { | 146 | { |
| @@ -498,8 +480,8 @@ static int get_client_master_key(SSL *s) | |||
| 498 | i=ek; | 480 | i=ek; |
| 499 | else | 481 | else |
| 500 | i=EVP_CIPHER_key_length(c); | 482 | i=EVP_CIPHER_key_length(c); |
| 501 | if(RAND_pseudo_bytes(p,i) <= 0) | 483 | if (RAND_pseudo_bytes(p,i) <= 0) |
| 502 | return 0; | 484 | return 0; |
| 503 | } | 485 | } |
| 504 | #else | 486 | #else |
| 505 | if (i < 0) | 487 | if (i < 0) |
| @@ -625,7 +607,7 @@ static int get_client_hello(SSL *s) | |||
| 625 | else | 607 | else |
| 626 | { | 608 | { |
| 627 | i=ssl_get_prev_session(s,&(p[s->s2->tmp.cipher_spec_length]), | 609 | i=ssl_get_prev_session(s,&(p[s->s2->tmp.cipher_spec_length]), |
| 628 | s->s2->tmp.session_id_length); | 610 | s->s2->tmp.session_id_length, NULL); |
| 629 | if (i == 1) | 611 | if (i == 1) |
| 630 | { /* previous session */ | 612 | { /* previous session */ |
| 631 | s->hit=1; | 613 | s->hit=1; |
| @@ -675,7 +657,7 @@ static int get_client_hello(SSL *s) | |||
| 675 | { | 657 | { |
| 676 | if (sk_SSL_CIPHER_find(allow,sk_SSL_CIPHER_value(prio,z)) < 0) | 658 | if (sk_SSL_CIPHER_find(allow,sk_SSL_CIPHER_value(prio,z)) < 0) |
| 677 | { | 659 | { |
| 678 | sk_SSL_CIPHER_delete(prio,z); | 660 | (void)sk_SSL_CIPHER_delete(prio,z); |
| 679 | z--; | 661 | z--; |
| 680 | } | 662 | } |
| 681 | } | 663 | } |
| @@ -805,8 +787,8 @@ static int server_hello(SSL *s) | |||
| 805 | /* make and send conn_id */ | 787 | /* make and send conn_id */ |
| 806 | s2n(SSL2_CONNECTION_ID_LENGTH,p); /* add conn_id length */ | 788 | s2n(SSL2_CONNECTION_ID_LENGTH,p); /* add conn_id length */ |
| 807 | s->s2->conn_id_length=SSL2_CONNECTION_ID_LENGTH; | 789 | s->s2->conn_id_length=SSL2_CONNECTION_ID_LENGTH; |
| 808 | if(RAND_pseudo_bytes(s->s2->conn_id,(int)s->s2->conn_id_length) <= 0) | 790 | if (RAND_pseudo_bytes(s->s2->conn_id,(int)s->s2->conn_id_length) <= 0) |
| 809 | return -1; | 791 | return -1; |
| 810 | memcpy(d,s->s2->conn_id,SSL2_CONNECTION_ID_LENGTH); | 792 | memcpy(d,s->s2->conn_id,SSL2_CONNECTION_ID_LENGTH); |
| 811 | d+=SSL2_CONNECTION_ID_LENGTH; | 793 | d+=SSL2_CONNECTION_ID_LENGTH; |
| 812 | 794 | ||
| @@ -938,6 +920,7 @@ static int server_finish(SSL *s) | |||
| 938 | /* send the request and check the response */ | 920 | /* send the request and check the response */ |
| 939 | static int request_certificate(SSL *s) | 921 | static int request_certificate(SSL *s) |
| 940 | { | 922 | { |
| 923 | const unsigned char *cp; | ||
| 941 | unsigned char *p,*p2,*buf2; | 924 | unsigned char *p,*p2,*buf2; |
| 942 | unsigned char *ccd; | 925 | unsigned char *ccd; |
| 943 | int i,j,ctype,ret= -1; | 926 | int i,j,ctype,ret= -1; |
| @@ -951,7 +934,7 @@ static int request_certificate(SSL *s) | |||
| 951 | p=(unsigned char *)s->init_buf->data; | 934 | p=(unsigned char *)s->init_buf->data; |
| 952 | *(p++)=SSL2_MT_REQUEST_CERTIFICATE; | 935 | *(p++)=SSL2_MT_REQUEST_CERTIFICATE; |
| 953 | *(p++)=SSL2_AT_MD5_WITH_RSA_ENCRYPTION; | 936 | *(p++)=SSL2_AT_MD5_WITH_RSA_ENCRYPTION; |
| 954 | if(RAND_pseudo_bytes(ccd,SSL2_MIN_CERT_CHALLENGE_LENGTH) <= 0) | 937 | if (RAND_pseudo_bytes(ccd,SSL2_MIN_CERT_CHALLENGE_LENGTH) <= 0) |
| 955 | return -1; | 938 | return -1; |
| 956 | memcpy(p,ccd,SSL2_MIN_CERT_CHALLENGE_LENGTH); | 939 | memcpy(p,ccd,SSL2_MIN_CERT_CHALLENGE_LENGTH); |
| 957 | 940 | ||
| @@ -1055,7 +1038,8 @@ static int request_certificate(SSL *s) | |||
| 1055 | s->msg_callback(0, s->version, 0, p, len, s, s->msg_callback_arg); /* CLIENT-CERTIFICATE */ | 1038 | s->msg_callback(0, s->version, 0, p, len, s, s->msg_callback_arg); /* CLIENT-CERTIFICATE */ |
| 1056 | p += 6; | 1039 | p += 6; |
| 1057 | 1040 | ||
| 1058 | x509=(X509 *)d2i_X509(NULL,&p,(long)s->s2->tmp.clen); | 1041 | cp = p; |
| 1042 | x509=(X509 *)d2i_X509(NULL,&cp,(long)s->s2->tmp.clen); | ||
| 1059 | if (x509 == NULL) | 1043 | if (x509 == NULL) |
| 1060 | { | 1044 | { |
| 1061 | SSLerr(SSL_F_REQUEST_CERTIFICATE,ERR_R_X509_LIB); | 1045 | SSLerr(SSL_F_REQUEST_CERTIFICATE,ERR_R_X509_LIB); |
| @@ -1095,7 +1079,7 @@ static int request_certificate(SSL *s) | |||
| 1095 | 1079 | ||
| 1096 | pkey=X509_get_pubkey(x509); | 1080 | pkey=X509_get_pubkey(x509); |
| 1097 | if (pkey == NULL) goto end; | 1081 | if (pkey == NULL) goto end; |
| 1098 | i=EVP_VerifyFinal(&ctx,p,s->s2->tmp.rlen,pkey); | 1082 | i=EVP_VerifyFinal(&ctx,cp,s->s2->tmp.rlen,pkey); |
| 1099 | EVP_PKEY_free(pkey); | 1083 | EVP_PKEY_free(pkey); |
| 1100 | EVP_MD_CTX_cleanup(&ctx); | 1084 | EVP_MD_CTX_cleanup(&ctx); |
| 1101 | 1085 | ||
diff --git a/src/lib/libssl/src/ssl/s3_both.c b/src/lib/libssl/src/ssl/s3_both.c index 64d317b7ac..2ecfbb77cb 100644 --- a/src/lib/libssl/src/ssl/s3_both.c +++ b/src/lib/libssl/src/ssl/s3_both.c | |||
| @@ -108,6 +108,11 @@ | |||
| 108 | * Hudson (tjh@cryptsoft.com). | 108 | * Hudson (tjh@cryptsoft.com). |
| 109 | * | 109 | * |
| 110 | */ | 110 | */ |
| 111 | /* ==================================================================== | ||
| 112 | * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. | ||
| 113 | * ECC cipher suite support in OpenSSL originally developed by | ||
| 114 | * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. | ||
| 115 | */ | ||
| 111 | 116 | ||
| 112 | #include <limits.h> | 117 | #include <limits.h> |
| 113 | #include <string.h> | 118 | #include <string.h> |
| @@ -192,7 +197,7 @@ int ssl3_get_finished(SSL *s, int a, int b) | |||
| 192 | * change cipher spec message and is in s->s3->tmp.peer_finish_md | 197 | * change cipher spec message and is in s->s3->tmp.peer_finish_md |
| 193 | */ | 198 | */ |
| 194 | 199 | ||
| 195 | n=ssl3_get_message(s, | 200 | n=s->method->ssl_get_message(s, |
| 196 | a, | 201 | a, |
| 197 | b, | 202 | b, |
| 198 | SSL3_MT_FINISHED, | 203 | SSL3_MT_FINISHED, |
| @@ -386,8 +391,8 @@ long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok) | |||
| 386 | { | 391 | { |
| 387 | while (s->init_num < 4) | 392 | while (s->init_num < 4) |
| 388 | { | 393 | { |
| 389 | i=ssl3_read_bytes(s,SSL3_RT_HANDSHAKE,&p[s->init_num], | 394 | i=s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE, |
| 390 | 4 - s->init_num, 0); | 395 | &p[s->init_num],4 - s->init_num, 0); |
| 391 | if (i <= 0) | 396 | if (i <= 0) |
| 392 | { | 397 | { |
| 393 | s->rwstate=SSL_READING; | 398 | s->rwstate=SSL_READING; |
| @@ -467,7 +472,7 @@ long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok) | |||
| 467 | n = s->s3->tmp.message_size - s->init_num; | 472 | n = s->s3->tmp.message_size - s->init_num; |
| 468 | while (n > 0) | 473 | while (n > 0) |
| 469 | { | 474 | { |
| 470 | i=ssl3_read_bytes(s,SSL3_RT_HANDSHAKE,&p[s->init_num],n,0); | 475 | i=s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE,&p[s->init_num],n,0); |
| 471 | if (i <= 0) | 476 | if (i <= 0) |
| 472 | { | 477 | { |
| 473 | s->rwstate=SSL_READING; | 478 | s->rwstate=SSL_READING; |
| @@ -492,7 +497,7 @@ err: | |||
| 492 | int ssl_cert_type(X509 *x, EVP_PKEY *pkey) | 497 | int ssl_cert_type(X509 *x, EVP_PKEY *pkey) |
| 493 | { | 498 | { |
| 494 | EVP_PKEY *pk; | 499 | EVP_PKEY *pk; |
| 495 | int ret= -1,i,j; | 500 | int ret= -1,i; |
| 496 | 501 | ||
| 497 | if (pkey == NULL) | 502 | if (pkey == NULL) |
| 498 | pk=X509_get_pubkey(x); | 503 | pk=X509_get_pubkey(x); |
| @@ -504,35 +509,17 @@ int ssl_cert_type(X509 *x, EVP_PKEY *pkey) | |||
| 504 | if (i == EVP_PKEY_RSA) | 509 | if (i == EVP_PKEY_RSA) |
| 505 | { | 510 | { |
| 506 | ret=SSL_PKEY_RSA_ENC; | 511 | ret=SSL_PKEY_RSA_ENC; |
| 507 | if (x != NULL) | ||
| 508 | { | ||
| 509 | j=X509_get_ext_count(x); | ||
| 510 | /* check to see if this is a signing only certificate */ | ||
| 511 | /* EAY EAY EAY EAY */ | ||
| 512 | } | ||
| 513 | } | 512 | } |
| 514 | else if (i == EVP_PKEY_DSA) | 513 | else if (i == EVP_PKEY_DSA) |
| 515 | { | 514 | { |
| 516 | ret=SSL_PKEY_DSA_SIGN; | 515 | ret=SSL_PKEY_DSA_SIGN; |
| 517 | } | 516 | } |
| 518 | else if (i == EVP_PKEY_DH) | 517 | #ifndef OPENSSL_NO_EC |
| 518 | else if (i == EVP_PKEY_EC) | ||
| 519 | { | 519 | { |
| 520 | /* if we just have a key, we needs to be guess */ | 520 | ret = SSL_PKEY_ECC; |
| 521 | |||
| 522 | if (x == NULL) | ||
| 523 | ret=SSL_PKEY_DH_DSA; | ||
| 524 | else | ||
| 525 | { | ||
| 526 | j=X509_get_signature_type(x); | ||
| 527 | if (j == EVP_PKEY_RSA) | ||
| 528 | ret=SSL_PKEY_DH_RSA; | ||
| 529 | else if (j== EVP_PKEY_DSA) | ||
| 530 | ret=SSL_PKEY_DH_DSA; | ||
| 531 | else ret= -1; | ||
| 532 | } | ||
| 533 | } | 521 | } |
| 534 | else | 522 | #endif |
| 535 | ret= -1; | ||
| 536 | 523 | ||
| 537 | err: | 524 | err: |
| 538 | if(!pkey) EVP_PKEY_free(pk); | 525 | if(!pkey) EVP_PKEY_free(pk); |
diff --git a/src/lib/libssl/src/ssl/s3_clnt.c b/src/lib/libssl/src/ssl/s3_clnt.c index 4163d97944..9a87c1cfb3 100644 --- a/src/lib/libssl/src/ssl/s3_clnt.c +++ b/src/lib/libssl/src/ssl/s3_clnt.c | |||
| @@ -56,7 +56,7 @@ | |||
| 56 | * [including the GNU Public Licence.] | 56 | * [including the GNU Public Licence.] |
| 57 | */ | 57 | */ |
| 58 | /* ==================================================================== | 58 | /* ==================================================================== |
| 59 | * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. | 59 | * Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved. |
| 60 | * | 60 | * |
| 61 | * Redistribution and use in source and binary forms, with or without | 61 | * Redistribution and use in source and binary forms, with or without |
| 62 | * modification, are permitted provided that the following conditions | 62 | * modification, are permitted provided that the following conditions |
| @@ -108,6 +108,19 @@ | |||
| 108 | * Hudson (tjh@cryptsoft.com). | 108 | * Hudson (tjh@cryptsoft.com). |
| 109 | * | 109 | * |
| 110 | */ | 110 | */ |
| 111 | /* ==================================================================== | ||
| 112 | * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. | ||
| 113 | * | ||
| 114 | * Portions of the attached software ("Contribution") are developed by | ||
| 115 | * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project. | ||
| 116 | * | ||
| 117 | * The Contribution is licensed pursuant to the OpenSSL open source | ||
| 118 | * license provided above. | ||
| 119 | * | ||
| 120 | * ECC cipher suite support in OpenSSL originally written by | ||
| 121 | * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories. | ||
| 122 | * | ||
| 123 | */ | ||
| 111 | 124 | ||
| 112 | #include <stdio.h> | 125 | #include <stdio.h> |
| 113 | #include "ssl_locl.h" | 126 | #include "ssl_locl.h" |
| @@ -117,20 +130,22 @@ | |||
| 117 | #include <openssl/objects.h> | 130 | #include <openssl/objects.h> |
| 118 | #include <openssl/evp.h> | 131 | #include <openssl/evp.h> |
| 119 | #include <openssl/md5.h> | 132 | #include <openssl/md5.h> |
| 120 | #include <openssl/fips.h> | 133 | #ifndef OPENSSL_NO_DH |
| 134 | #include <openssl/dh.h> | ||
| 135 | #endif | ||
| 136 | #include <openssl/bn.h> | ||
| 121 | 137 | ||
| 122 | static SSL_METHOD *ssl3_get_client_method(int ver); | 138 | static SSL_METHOD *ssl3_get_client_method(int ver); |
| 123 | static int ssl3_client_hello(SSL *s); | ||
| 124 | static int ssl3_get_server_hello(SSL *s); | ||
| 125 | static int ssl3_get_certificate_request(SSL *s); | ||
| 126 | static int ca_dn_cmp(const X509_NAME * const *a,const X509_NAME * const *b); | 139 | static int ca_dn_cmp(const X509_NAME * const *a,const X509_NAME * const *b); |
| 127 | static int ssl3_get_server_done(SSL *s); | 140 | #ifndef OPENSSL_NO_TLSEXT |
| 128 | static int ssl3_send_client_verify(SSL *s); | 141 | static int ssl3_check_finished(SSL *s); |
| 129 | static int ssl3_send_client_certificate(SSL *s); | 142 | #endif |
| 130 | static int ssl3_send_client_key_exchange(SSL *s); | 143 | |
| 131 | static int ssl3_get_key_exchange(SSL *s); | 144 | #ifndef OPENSSL_NO_ECDH |
| 132 | static int ssl3_get_server_certificate(SSL *s); | 145 | static int curve_id2nid(int curve_id); |
| 133 | static int ssl3_check_cert_and_algorithm(SSL *s); | 146 | int check_srvr_ecc_cert_and_alg(X509 *x, SSL_CIPHER *cs); |
| 147 | #endif | ||
| 148 | |||
| 134 | static SSL_METHOD *ssl3_get_client_method(int ver) | 149 | static SSL_METHOD *ssl3_get_client_method(int ver) |
| 135 | { | 150 | { |
| 136 | if (ver == SSL3_VERSION) | 151 | if (ver == SSL3_VERSION) |
| @@ -139,28 +154,10 @@ static SSL_METHOD *ssl3_get_client_method(int ver) | |||
| 139 | return(NULL); | 154 | return(NULL); |
| 140 | } | 155 | } |
| 141 | 156 | ||
| 142 | SSL_METHOD *SSLv3_client_method(void) | 157 | IMPLEMENT_ssl3_meth_func(SSLv3_client_method, |
| 143 | { | 158 | ssl_undefined_function, |
| 144 | static int init=1; | 159 | ssl3_connect, |
| 145 | static SSL_METHOD SSLv3_client_data; | 160 | ssl3_get_client_method) |
| 146 | |||
| 147 | if (init) | ||
| 148 | { | ||
| 149 | CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD); | ||
| 150 | |||
| 151 | if (init) | ||
| 152 | { | ||
| 153 | memcpy((char *)&SSLv3_client_data,(char *)sslv3_base_method(), | ||
| 154 | sizeof(SSL_METHOD)); | ||
| 155 | SSLv3_client_data.ssl_connect=ssl3_connect; | ||
| 156 | SSLv3_client_data.get_ssl_method=ssl3_get_client_method; | ||
| 157 | init=0; | ||
| 158 | } | ||
| 159 | |||
| 160 | CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD); | ||
| 161 | } | ||
| 162 | return(&SSLv3_client_data); | ||
| 163 | } | ||
| 164 | 161 | ||
| 165 | int ssl3_connect(SSL *s) | 162 | int ssl3_connect(SSL *s) |
| 166 | { | 163 | { |
| @@ -270,15 +267,43 @@ int ssl3_connect(SSL *s) | |||
| 270 | 267 | ||
| 271 | case SSL3_ST_CR_CERT_A: | 268 | case SSL3_ST_CR_CERT_A: |
| 272 | case SSL3_ST_CR_CERT_B: | 269 | case SSL3_ST_CR_CERT_B: |
| 273 | /* Check if it is anon DH */ | 270 | #ifndef OPENSSL_NO_TLSEXT |
| 271 | ret=ssl3_check_finished(s); | ||
| 272 | if (ret <= 0) goto end; | ||
| 273 | if (ret == 2) | ||
| 274 | { | ||
| 275 | s->hit = 1; | ||
| 276 | if (s->tlsext_ticket_expected) | ||
| 277 | s->state=SSL3_ST_CR_SESSION_TICKET_A; | ||
| 278 | else | ||
| 279 | s->state=SSL3_ST_CR_FINISHED_A; | ||
| 280 | s->init_num=0; | ||
| 281 | break; | ||
| 282 | } | ||
| 283 | #endif | ||
| 284 | /* Check if it is anon DH/ECDH */ | ||
| 274 | if (!(s->s3->tmp.new_cipher->algorithms & SSL_aNULL)) | 285 | if (!(s->s3->tmp.new_cipher->algorithms & SSL_aNULL)) |
| 275 | { | 286 | { |
| 276 | ret=ssl3_get_server_certificate(s); | 287 | ret=ssl3_get_server_certificate(s); |
| 277 | if (ret <= 0) goto end; | 288 | if (ret <= 0) goto end; |
| 289 | #ifndef OPENSSL_NO_TLSEXT | ||
| 290 | if (s->tlsext_status_expected) | ||
| 291 | s->state=SSL3_ST_CR_CERT_STATUS_A; | ||
| 292 | else | ||
| 293 | s->state=SSL3_ST_CR_KEY_EXCH_A; | ||
| 294 | } | ||
| 295 | else | ||
| 296 | { | ||
| 297 | skip = 1; | ||
| 298 | s->state=SSL3_ST_CR_KEY_EXCH_A; | ||
| 299 | } | ||
| 300 | #else | ||
| 278 | } | 301 | } |
| 279 | else | 302 | else |
| 280 | skip=1; | 303 | skip=1; |
| 304 | |||
| 281 | s->state=SSL3_ST_CR_KEY_EXCH_A; | 305 | s->state=SSL3_ST_CR_KEY_EXCH_A; |
| 306 | #endif | ||
| 282 | s->init_num=0; | 307 | s->init_num=0; |
| 283 | break; | 308 | break; |
| 284 | 309 | ||
| @@ -337,6 +362,13 @@ int ssl3_connect(SSL *s) | |||
| 337 | * sent back */ | 362 | * sent back */ |
| 338 | /* For TLS, cert_req is set to 2, so a cert chain | 363 | /* For TLS, cert_req is set to 2, so a cert chain |
| 339 | * of nothing is sent, but no verify packet is sent */ | 364 | * of nothing is sent, but no verify packet is sent */ |
| 365 | /* XXX: For now, we do not support client | ||
| 366 | * authentication in ECDH cipher suites with | ||
| 367 | * ECDH (rather than ECDSA) certificates. | ||
| 368 | * We need to skip the certificate verify | ||
| 369 | * message when client's ECDH public key is sent | ||
| 370 | * inside the client certificate. | ||
| 371 | */ | ||
| 340 | if (s->s3->tmp.cert_req == 1) | 372 | if (s->s3->tmp.cert_req == 1) |
| 341 | { | 373 | { |
| 342 | s->state=SSL3_ST_CW_CERT_VRFY_A; | 374 | s->state=SSL3_ST_CW_CERT_VRFY_A; |
| @@ -368,11 +400,15 @@ int ssl3_connect(SSL *s) | |||
| 368 | s->init_num=0; | 400 | s->init_num=0; |
| 369 | 401 | ||
| 370 | s->session->cipher=s->s3->tmp.new_cipher; | 402 | s->session->cipher=s->s3->tmp.new_cipher; |
| 403 | #ifdef OPENSSL_NO_COMP | ||
| 404 | s->session->compress_meth=0; | ||
| 405 | #else | ||
| 371 | if (s->s3->tmp.new_compression == NULL) | 406 | if (s->s3->tmp.new_compression == NULL) |
| 372 | s->session->compress_meth=0; | 407 | s->session->compress_meth=0; |
| 373 | else | 408 | else |
| 374 | s->session->compress_meth= | 409 | s->session->compress_meth= |
| 375 | s->s3->tmp.new_compression->id; | 410 | s->s3->tmp.new_compression->id; |
| 411 | #endif | ||
| 376 | if (!s->method->ssl3_enc->setup_key_block(s)) | 412 | if (!s->method->ssl3_enc->setup_key_block(s)) |
| 377 | { | 413 | { |
| 378 | ret= -1; | 414 | ret= -1; |
| @@ -411,11 +447,36 @@ int ssl3_connect(SSL *s) | |||
| 411 | } | 447 | } |
| 412 | else | 448 | else |
| 413 | { | 449 | { |
| 450 | #ifndef OPENSSL_NO_TLSEXT | ||
| 451 | /* Allow NewSessionTicket if ticket expected */ | ||
| 452 | if (s->tlsext_ticket_expected) | ||
| 453 | s->s3->tmp.next_state=SSL3_ST_CR_SESSION_TICKET_A; | ||
| 454 | else | ||
| 455 | #endif | ||
| 456 | |||
| 414 | s->s3->tmp.next_state=SSL3_ST_CR_FINISHED_A; | 457 | s->s3->tmp.next_state=SSL3_ST_CR_FINISHED_A; |
| 415 | } | 458 | } |
| 416 | s->init_num=0; | 459 | s->init_num=0; |
| 417 | break; | 460 | break; |
| 418 | 461 | ||
| 462 | #ifndef OPENSSL_NO_TLSEXT | ||
| 463 | case SSL3_ST_CR_SESSION_TICKET_A: | ||
| 464 | case SSL3_ST_CR_SESSION_TICKET_B: | ||
| 465 | ret=ssl3_get_new_session_ticket(s); | ||
| 466 | if (ret <= 0) goto end; | ||
| 467 | s->state=SSL3_ST_CR_FINISHED_A; | ||
| 468 | s->init_num=0; | ||
| 469 | break; | ||
| 470 | |||
| 471 | case SSL3_ST_CR_CERT_STATUS_A: | ||
| 472 | case SSL3_ST_CR_CERT_STATUS_B: | ||
| 473 | ret=ssl3_get_cert_status(s); | ||
| 474 | if (ret <= 0) goto end; | ||
| 475 | s->state=SSL3_ST_CR_KEY_EXCH_A; | ||
| 476 | s->init_num=0; | ||
| 477 | break; | ||
| 478 | #endif | ||
| 479 | |||
| 419 | case SSL3_ST_CR_FINISHED_A: | 480 | case SSL3_ST_CR_FINISHED_A: |
| 420 | case SSL3_ST_CR_FINISHED_B: | 481 | case SSL3_ST_CR_FINISHED_B: |
| 421 | 482 | ||
| @@ -512,13 +573,16 @@ end: | |||
| 512 | } | 573 | } |
| 513 | 574 | ||
| 514 | 575 | ||
| 515 | static int ssl3_client_hello(SSL *s) | 576 | int ssl3_client_hello(SSL *s) |
| 516 | { | 577 | { |
| 517 | unsigned char *buf; | 578 | unsigned char *buf; |
| 518 | unsigned char *p,*d; | 579 | unsigned char *p,*d; |
| 519 | int i,j; | 580 | int i; |
| 520 | unsigned long Time,l; | 581 | unsigned long Time,l; |
| 582 | #ifndef OPENSSL_NO_COMP | ||
| 583 | int j; | ||
| 521 | SSL_COMP *comp; | 584 | SSL_COMP *comp; |
| 585 | #endif | ||
| 522 | 586 | ||
| 523 | buf=(unsigned char *)s->init_buf->data; | 587 | buf=(unsigned char *)s->init_buf->data; |
| 524 | if (s->state == SSL3_ST_CW_CLNT_HELLO_A) | 588 | if (s->state == SSL3_ST_CW_CLNT_HELLO_A) |
| @@ -535,8 +599,8 @@ static int ssl3_client_hello(SSL *s) | |||
| 535 | p=s->s3->client_random; | 599 | p=s->s3->client_random; |
| 536 | Time=(unsigned long)time(NULL); /* Time */ | 600 | Time=(unsigned long)time(NULL); /* Time */ |
| 537 | l2n(Time,p); | 601 | l2n(Time,p); |
| 538 | if(RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-4) <= 0) | 602 | if (RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-4) <= 0) |
| 539 | goto err; | 603 | goto err; |
| 540 | 604 | ||
| 541 | /* Do the message type and length last */ | 605 | /* Do the message type and length last */ |
| 542 | d=p= &(buf[4]); | 606 | d=p= &(buf[4]); |
| @@ -557,7 +621,7 @@ static int ssl3_client_hello(SSL *s) | |||
| 557 | *(p++)=i; | 621 | *(p++)=i; |
| 558 | if (i != 0) | 622 | if (i != 0) |
| 559 | { | 623 | { |
| 560 | if (i > sizeof s->session->session_id) | 624 | if (i > (int)sizeof(s->session->session_id)) |
| 561 | { | 625 | { |
| 562 | SSLerr(SSL_F_SSL3_CLIENT_HELLO, ERR_R_INTERNAL_ERROR); | 626 | SSLerr(SSL_F_SSL3_CLIENT_HELLO, ERR_R_INTERNAL_ERROR); |
| 563 | goto err; | 627 | goto err; |
| @@ -577,6 +641,9 @@ static int ssl3_client_hello(SSL *s) | |||
| 577 | p+=i; | 641 | p+=i; |
| 578 | 642 | ||
| 579 | /* COMPRESSION */ | 643 | /* COMPRESSION */ |
| 644 | #ifdef OPENSSL_NO_COMP | ||
| 645 | *(p++)=1; | ||
| 646 | #else | ||
| 580 | if (s->ctx->comp_methods == NULL) | 647 | if (s->ctx->comp_methods == NULL) |
| 581 | j=0; | 648 | j=0; |
| 582 | else | 649 | else |
| @@ -587,8 +654,15 @@ static int ssl3_client_hello(SSL *s) | |||
| 587 | comp=sk_SSL_COMP_value(s->ctx->comp_methods,i); | 654 | comp=sk_SSL_COMP_value(s->ctx->comp_methods,i); |
| 588 | *(p++)=comp->id; | 655 | *(p++)=comp->id; |
| 589 | } | 656 | } |
| 657 | #endif | ||
| 590 | *(p++)=0; /* Add the NULL method */ | 658 | *(p++)=0; /* Add the NULL method */ |
| 591 | 659 | #ifndef OPENSSL_NO_TLSEXT | |
| 660 | if ((p = ssl_add_clienthello_tlsext(s, p, buf+SSL3_RT_MAX_PLAIN_LENGTH)) == NULL) | ||
| 661 | { | ||
| 662 | SSLerr(SSL_F_SSL3_CLIENT_HELLO,ERR_R_INTERNAL_ERROR); | ||
| 663 | goto err; | ||
| 664 | } | ||
| 665 | #endif | ||
| 592 | l=(p-d); | 666 | l=(p-d); |
| 593 | d=buf; | 667 | d=buf; |
| 594 | *(d++)=SSL3_MT_CLIENT_HELLO; | 668 | *(d++)=SSL3_MT_CLIENT_HELLO; |
| @@ -606,7 +680,7 @@ err: | |||
| 606 | return(-1); | 680 | return(-1); |
| 607 | } | 681 | } |
| 608 | 682 | ||
| 609 | static int ssl3_get_server_hello(SSL *s) | 683 | int ssl3_get_server_hello(SSL *s) |
| 610 | { | 684 | { |
| 611 | STACK_OF(SSL_CIPHER) *sk; | 685 | STACK_OF(SSL_CIPHER) *sk; |
| 612 | SSL_CIPHER *c; | 686 | SSL_CIPHER *c; |
| @@ -614,16 +688,44 @@ static int ssl3_get_server_hello(SSL *s) | |||
| 614 | int i,al,ok; | 688 | int i,al,ok; |
| 615 | unsigned int j; | 689 | unsigned int j; |
| 616 | long n; | 690 | long n; |
| 691 | #ifndef OPENSSL_NO_COMP | ||
| 617 | SSL_COMP *comp; | 692 | SSL_COMP *comp; |
| 693 | #endif | ||
| 618 | 694 | ||
| 619 | n=ssl3_get_message(s, | 695 | n=s->method->ssl_get_message(s, |
| 620 | SSL3_ST_CR_SRVR_HELLO_A, | 696 | SSL3_ST_CR_SRVR_HELLO_A, |
| 621 | SSL3_ST_CR_SRVR_HELLO_B, | 697 | SSL3_ST_CR_SRVR_HELLO_B, |
| 622 | SSL3_MT_SERVER_HELLO, | 698 | -1, |
| 623 | 300, /* ?? */ | 699 | 20000, /* ?? */ |
| 624 | &ok); | 700 | &ok); |
| 625 | 701 | ||
| 626 | if (!ok) return((int)n); | 702 | if (!ok) return((int)n); |
| 703 | |||
| 704 | if ( SSL_version(s) == DTLS1_VERSION) | ||
| 705 | { | ||
| 706 | if ( s->s3->tmp.message_type == DTLS1_MT_HELLO_VERIFY_REQUEST) | ||
| 707 | { | ||
| 708 | if ( s->d1->send_cookie == 0) | ||
| 709 | { | ||
| 710 | s->s3->tmp.reuse_message = 1; | ||
| 711 | return 1; | ||
| 712 | } | ||
| 713 | else /* already sent a cookie */ | ||
| 714 | { | ||
| 715 | al=SSL_AD_UNEXPECTED_MESSAGE; | ||
| 716 | SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_BAD_MESSAGE_TYPE); | ||
| 717 | goto f_err; | ||
| 718 | } | ||
| 719 | } | ||
| 720 | } | ||
| 721 | |||
| 722 | if ( s->s3->tmp.message_type != SSL3_MT_SERVER_HELLO) | ||
| 723 | { | ||
| 724 | al=SSL_AD_UNEXPECTED_MESSAGE; | ||
| 725 | SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_BAD_MESSAGE_TYPE); | ||
| 726 | goto f_err; | ||
| 727 | } | ||
| 728 | |||
| 627 | d=p=(unsigned char *)s->init_msg; | 729 | d=p=(unsigned char *)s->init_msg; |
| 628 | 730 | ||
| 629 | if ((p[0] != (s->version>>8)) || (p[1] != (s->version&0xff))) | 731 | if ((p[0] != (s->version>>8)) || (p[1] != (s->version&0xff))) |
| @@ -719,6 +821,14 @@ static int ssl3_get_server_hello(SSL *s) | |||
| 719 | 821 | ||
| 720 | /* lets get the compression algorithm */ | 822 | /* lets get the compression algorithm */ |
| 721 | /* COMPRESSION */ | 823 | /* COMPRESSION */ |
| 824 | #ifdef OPENSSL_NO_COMP | ||
| 825 | if (*(p++) != 0) | ||
| 826 | { | ||
| 827 | al=SSL_AD_ILLEGAL_PARAMETER; | ||
| 828 | SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM); | ||
| 829 | goto f_err; | ||
| 830 | } | ||
| 831 | #else | ||
| 722 | j= *(p++); | 832 | j= *(p++); |
| 723 | if (j == 0) | 833 | if (j == 0) |
| 724 | comp=NULL; | 834 | comp=NULL; |
| @@ -735,6 +845,25 @@ static int ssl3_get_server_hello(SSL *s) | |||
| 735 | { | 845 | { |
| 736 | s->s3->tmp.new_compression=comp; | 846 | s->s3->tmp.new_compression=comp; |
| 737 | } | 847 | } |
| 848 | #endif | ||
| 849 | #ifndef OPENSSL_NO_TLSEXT | ||
| 850 | /* TLS extensions*/ | ||
| 851 | if (s->version > SSL3_VERSION) | ||
| 852 | { | ||
| 853 | if (!ssl_parse_serverhello_tlsext(s,&p,d,n, &al)) | ||
| 854 | { | ||
| 855 | /* 'al' set by ssl_parse_serverhello_tlsext */ | ||
| 856 | SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_PARSE_TLSEXT); | ||
| 857 | goto f_err; | ||
| 858 | } | ||
| 859 | if (ssl_check_serverhello_tlsext(s) <= 0) | ||
| 860 | { | ||
| 861 | SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_SERVERHELLO_TLSEXT); | ||
| 862 | goto err; | ||
| 863 | } | ||
| 864 | } | ||
| 865 | #endif | ||
| 866 | |||
| 738 | 867 | ||
| 739 | if (p != (d+n)) | 868 | if (p != (d+n)) |
| 740 | { | 869 | { |
| @@ -751,18 +880,19 @@ err: | |||
| 751 | return(-1); | 880 | return(-1); |
| 752 | } | 881 | } |
| 753 | 882 | ||
| 754 | static int ssl3_get_server_certificate(SSL *s) | 883 | int ssl3_get_server_certificate(SSL *s) |
| 755 | { | 884 | { |
| 756 | int al,i,ok,ret= -1; | 885 | int al,i,ok,ret= -1; |
| 757 | unsigned long n,nc,llen,l; | 886 | unsigned long n,nc,llen,l; |
| 758 | X509 *x=NULL; | 887 | X509 *x=NULL; |
| 759 | unsigned char *p,*d,*q; | 888 | const unsigned char *q,*p; |
| 889 | unsigned char *d; | ||
| 760 | STACK_OF(X509) *sk=NULL; | 890 | STACK_OF(X509) *sk=NULL; |
| 761 | SESS_CERT *sc; | 891 | SESS_CERT *sc; |
| 762 | EVP_PKEY *pkey=NULL; | 892 | EVP_PKEY *pkey=NULL; |
| 763 | int need_cert = 1; /* VRS: 0=> will allow null cert if auth == KRB5 */ | 893 | int need_cert = 1; /* VRS: 0=> will allow null cert if auth == KRB5 */ |
| 764 | 894 | ||
| 765 | n=ssl3_get_message(s, | 895 | n=s->method->ssl_get_message(s, |
| 766 | SSL3_ST_CR_CERT_A, | 896 | SSL3_ST_CR_CERT_A, |
| 767 | SSL3_ST_CR_CERT_B, | 897 | SSL3_ST_CR_CERT_B, |
| 768 | -1, | 898 | -1, |
| @@ -771,7 +901,9 @@ static int ssl3_get_server_certificate(SSL *s) | |||
| 771 | 901 | ||
| 772 | if (!ok) return((int)n); | 902 | if (!ok) return((int)n); |
| 773 | 903 | ||
| 774 | if (s->s3->tmp.message_type == SSL3_MT_SERVER_KEY_EXCHANGE) | 904 | if ((s->s3->tmp.message_type == SSL3_MT_SERVER_KEY_EXCHANGE) || |
| 905 | ((s->s3->tmp.new_cipher->algorithms & SSL_aKRB5) && | ||
| 906 | (s->s3->tmp.message_type == SSL3_MT_SERVER_DONE))) | ||
| 775 | { | 907 | { |
| 776 | s->s3->tmp.reuse_message=1; | 908 | s->s3->tmp.reuse_message=1; |
| 777 | return(1); | 909 | return(1); |
| @@ -783,7 +915,7 @@ static int ssl3_get_server_certificate(SSL *s) | |||
| 783 | SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_BAD_MESSAGE_TYPE); | 915 | SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_BAD_MESSAGE_TYPE); |
| 784 | goto f_err; | 916 | goto f_err; |
| 785 | } | 917 | } |
| 786 | d=p=(unsigned char *)s->init_msg; | 918 | p=d=(unsigned char *)s->init_msg; |
| 787 | 919 | ||
| 788 | if ((sk=sk_X509_new_null()) == NULL) | 920 | if ((sk=sk_X509_new_null()) == NULL) |
| 789 | { | 921 | { |
| @@ -835,10 +967,10 @@ static int ssl3_get_server_certificate(SSL *s) | |||
| 835 | i=ssl_verify_cert_chain(s,sk); | 967 | i=ssl_verify_cert_chain(s,sk); |
| 836 | if ((s->verify_mode != SSL_VERIFY_NONE) && (!i) | 968 | if ((s->verify_mode != SSL_VERIFY_NONE) && (!i) |
| 837 | #ifndef OPENSSL_NO_KRB5 | 969 | #ifndef OPENSSL_NO_KRB5 |
| 838 | && (s->s3->tmp.new_cipher->algorithms & (SSL_MKEY_MASK|SSL_AUTH_MASK)) | 970 | && (s->s3->tmp.new_cipher->algorithms & (SSL_MKEY_MASK|SSL_AUTH_MASK)) |
| 839 | != (SSL_aKRB5|SSL_kKRB5) | 971 | != (SSL_aKRB5|SSL_kKRB5) |
| 840 | #endif /* OPENSSL_NO_KRB5 */ | 972 | #endif /* OPENSSL_NO_KRB5 */ |
| 841 | ) | 973 | ) |
| 842 | { | 974 | { |
| 843 | al=ssl_verify_alarm_type(s->verify_result); | 975 | al=ssl_verify_alarm_type(s->verify_result); |
| 844 | SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_CERTIFICATE_VERIFY_FAILED); | 976 | SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_CERTIFICATE_VERIFY_FAILED); |
| @@ -861,16 +993,16 @@ static int ssl3_get_server_certificate(SSL *s) | |||
| 861 | 993 | ||
| 862 | pkey=X509_get_pubkey(x); | 994 | pkey=X509_get_pubkey(x); |
| 863 | 995 | ||
| 864 | /* VRS: allow null cert if auth == KRB5 */ | 996 | /* VRS: allow null cert if auth == KRB5 */ |
| 865 | need_cert = ((s->s3->tmp.new_cipher->algorithms | 997 | need_cert = ((s->s3->tmp.new_cipher->algorithms |
| 866 | & (SSL_MKEY_MASK|SSL_AUTH_MASK)) | 998 | & (SSL_MKEY_MASK|SSL_AUTH_MASK)) |
| 867 | == (SSL_aKRB5|SSL_kKRB5))? 0: 1; | 999 | == (SSL_aKRB5|SSL_kKRB5))? 0: 1; |
| 868 | 1000 | ||
| 869 | #ifdef KSSL_DEBUG | 1001 | #ifdef KSSL_DEBUG |
| 870 | printf("pkey,x = %p, %p\n", pkey,x); | 1002 | printf("pkey,x = %p, %p\n", pkey,x); |
| 871 | printf("ssl_cert_type(x,pkey) = %d\n", ssl_cert_type(x,pkey)); | 1003 | printf("ssl_cert_type(x,pkey) = %d\n", ssl_cert_type(x,pkey)); |
| 872 | printf("cipher, alg, nc = %s, %lx, %d\n", s->s3->tmp.new_cipher->name, | 1004 | printf("cipher, alg, nc = %s, %lx, %d\n", s->s3->tmp.new_cipher->name, |
| 873 | s->s3->tmp.new_cipher->algorithms, need_cert); | 1005 | s->s3->tmp.new_cipher->algorithms, need_cert); |
| 874 | #endif /* KSSL_DEBUG */ | 1006 | #endif /* KSSL_DEBUG */ |
| 875 | 1007 | ||
| 876 | if (need_cert && ((pkey == NULL) || EVP_PKEY_missing_parameters(pkey))) | 1008 | if (need_cert && ((pkey == NULL) || EVP_PKEY_missing_parameters(pkey))) |
| @@ -892,31 +1024,31 @@ static int ssl3_get_server_certificate(SSL *s) | |||
| 892 | goto f_err; | 1024 | goto f_err; |
| 893 | } | 1025 | } |
| 894 | 1026 | ||
| 895 | if (need_cert) | 1027 | if (need_cert) |
| 896 | { | 1028 | { |
| 897 | sc->peer_cert_type=i; | 1029 | sc->peer_cert_type=i; |
| 898 | CRYPTO_add(&x->references,1,CRYPTO_LOCK_X509); | 1030 | CRYPTO_add(&x->references,1,CRYPTO_LOCK_X509); |
| 899 | /* Why would the following ever happen? | 1031 | /* Why would the following ever happen? |
| 900 | * We just created sc a couple of lines ago. */ | 1032 | * We just created sc a couple of lines ago. */ |
| 901 | if (sc->peer_pkeys[i].x509 != NULL) | 1033 | if (sc->peer_pkeys[i].x509 != NULL) |
| 902 | X509_free(sc->peer_pkeys[i].x509); | 1034 | X509_free(sc->peer_pkeys[i].x509); |
| 903 | sc->peer_pkeys[i].x509=x; | 1035 | sc->peer_pkeys[i].x509=x; |
| 904 | sc->peer_key= &(sc->peer_pkeys[i]); | 1036 | sc->peer_key= &(sc->peer_pkeys[i]); |
| 905 | 1037 | ||
| 906 | if (s->session->peer != NULL) | 1038 | if (s->session->peer != NULL) |
| 907 | X509_free(s->session->peer); | 1039 | X509_free(s->session->peer); |
| 908 | CRYPTO_add(&x->references,1,CRYPTO_LOCK_X509); | 1040 | CRYPTO_add(&x->references,1,CRYPTO_LOCK_X509); |
| 909 | s->session->peer=x; | 1041 | s->session->peer=x; |
| 910 | } | 1042 | } |
| 911 | else | 1043 | else |
| 912 | { | 1044 | { |
| 913 | sc->peer_cert_type=i; | 1045 | sc->peer_cert_type=i; |
| 914 | sc->peer_key= NULL; | 1046 | sc->peer_key= NULL; |
| 915 | 1047 | ||
| 916 | if (s->session->peer != NULL) | 1048 | if (s->session->peer != NULL) |
| 917 | X509_free(s->session->peer); | 1049 | X509_free(s->session->peer); |
| 918 | s->session->peer=NULL; | 1050 | s->session->peer=NULL; |
| 919 | } | 1051 | } |
| 920 | s->session->verify_result = s->verify_result; | 1052 | s->session->verify_result = s->verify_result; |
| 921 | 1053 | ||
| 922 | x=NULL; | 1054 | x=NULL; |
| @@ -934,7 +1066,7 @@ err: | |||
| 934 | return(ret); | 1066 | return(ret); |
| 935 | } | 1067 | } |
| 936 | 1068 | ||
| 937 | static int ssl3_get_key_exchange(SSL *s) | 1069 | int ssl3_get_key_exchange(SSL *s) |
| 938 | { | 1070 | { |
| 939 | #ifndef OPENSSL_NO_RSA | 1071 | #ifndef OPENSSL_NO_RSA |
| 940 | unsigned char *q,md_buf[EVP_MAX_MD_SIZE*2]; | 1072 | unsigned char *q,md_buf[EVP_MAX_MD_SIZE*2]; |
| @@ -950,10 +1082,17 @@ static int ssl3_get_key_exchange(SSL *s) | |||
| 950 | #ifndef OPENSSL_NO_DH | 1082 | #ifndef OPENSSL_NO_DH |
| 951 | DH *dh=NULL; | 1083 | DH *dh=NULL; |
| 952 | #endif | 1084 | #endif |
| 1085 | #ifndef OPENSSL_NO_ECDH | ||
| 1086 | EC_KEY *ecdh = NULL; | ||
| 1087 | BN_CTX *bn_ctx = NULL; | ||
| 1088 | EC_POINT *srvr_ecpoint = NULL; | ||
| 1089 | int curve_nid = 0; | ||
| 1090 | int encoded_pt_len = 0; | ||
| 1091 | #endif | ||
| 953 | 1092 | ||
| 954 | /* use same message size as in ssl3_get_certificate_request() | 1093 | /* use same message size as in ssl3_get_certificate_request() |
| 955 | * as ServerKeyExchange message may be skipped */ | 1094 | * as ServerKeyExchange message may be skipped */ |
| 956 | n=ssl3_get_message(s, | 1095 | n=s->method->ssl_get_message(s, |
| 957 | SSL3_ST_CR_KEY_EXCH_A, | 1096 | SSL3_ST_CR_KEY_EXCH_A, |
| 958 | SSL3_ST_CR_KEY_EXCH_B, | 1097 | SSL3_ST_CR_KEY_EXCH_B, |
| 959 | -1, | 1098 | -1, |
| @@ -986,6 +1125,13 @@ static int ssl3_get_key_exchange(SSL *s) | |||
| 986 | s->session->sess_cert->peer_dh_tmp=NULL; | 1125 | s->session->sess_cert->peer_dh_tmp=NULL; |
| 987 | } | 1126 | } |
| 988 | #endif | 1127 | #endif |
| 1128 | #ifndef OPENSSL_NO_ECDH | ||
| 1129 | if (s->session->sess_cert->peer_ecdh_tmp) | ||
| 1130 | { | ||
| 1131 | EC_KEY_free(s->session->sess_cert->peer_ecdh_tmp); | ||
| 1132 | s->session->sess_cert->peer_ecdh_tmp=NULL; | ||
| 1133 | } | ||
| 1134 | #endif | ||
| 989 | } | 1135 | } |
| 990 | else | 1136 | else |
| 991 | { | 1137 | { |
| @@ -1127,6 +1273,114 @@ static int ssl3_get_key_exchange(SSL *s) | |||
| 1127 | goto f_err; | 1273 | goto f_err; |
| 1128 | } | 1274 | } |
| 1129 | #endif /* !OPENSSL_NO_DH */ | 1275 | #endif /* !OPENSSL_NO_DH */ |
| 1276 | |||
| 1277 | #ifndef OPENSSL_NO_ECDH | ||
| 1278 | else if (alg & SSL_kECDHE) | ||
| 1279 | { | ||
| 1280 | EC_GROUP *ngroup; | ||
| 1281 | const EC_GROUP *group; | ||
| 1282 | |||
| 1283 | if ((ecdh=EC_KEY_new()) == NULL) | ||
| 1284 | { | ||
| 1285 | SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE); | ||
| 1286 | goto err; | ||
| 1287 | } | ||
| 1288 | |||
| 1289 | /* Extract elliptic curve parameters and the | ||
| 1290 | * server's ephemeral ECDH public key. | ||
| 1291 | * Keep accumulating lengths of various components in | ||
| 1292 | * param_len and make sure it never exceeds n. | ||
| 1293 | */ | ||
| 1294 | |||
| 1295 | /* XXX: For now we only support named (not generic) curves | ||
| 1296 | * and the ECParameters in this case is just three bytes. | ||
| 1297 | */ | ||
| 1298 | param_len=3; | ||
| 1299 | if ((param_len > n) || | ||
| 1300 | (*p != NAMED_CURVE_TYPE) || | ||
| 1301 | ((curve_nid = curve_id2nid(*(p + 2))) == 0)) | ||
| 1302 | { | ||
| 1303 | al=SSL_AD_INTERNAL_ERROR; | ||
| 1304 | SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS); | ||
| 1305 | goto f_err; | ||
| 1306 | } | ||
| 1307 | |||
| 1308 | ngroup = EC_GROUP_new_by_curve_name(curve_nid); | ||
| 1309 | if (ngroup == NULL) | ||
| 1310 | { | ||
| 1311 | SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_EC_LIB); | ||
| 1312 | goto err; | ||
| 1313 | } | ||
| 1314 | if (EC_KEY_set_group(ecdh, ngroup) == 0) | ||
| 1315 | { | ||
| 1316 | SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_EC_LIB); | ||
| 1317 | goto err; | ||
| 1318 | } | ||
| 1319 | EC_GROUP_free(ngroup); | ||
| 1320 | |||
| 1321 | group = EC_KEY_get0_group(ecdh); | ||
| 1322 | |||
| 1323 | if (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) && | ||
| 1324 | (EC_GROUP_get_degree(group) > 163)) | ||
| 1325 | { | ||
| 1326 | al=SSL_AD_EXPORT_RESTRICTION; | ||
| 1327 | SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER); | ||
| 1328 | goto f_err; | ||
| 1329 | } | ||
| 1330 | |||
| 1331 | p+=3; | ||
| 1332 | |||
| 1333 | /* Next, get the encoded ECPoint */ | ||
| 1334 | if (((srvr_ecpoint = EC_POINT_new(group)) == NULL) || | ||
| 1335 | ((bn_ctx = BN_CTX_new()) == NULL)) | ||
| 1336 | { | ||
| 1337 | SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE); | ||
| 1338 | goto err; | ||
| 1339 | } | ||
| 1340 | |||
| 1341 | encoded_pt_len = *p; /* length of encoded point */ | ||
| 1342 | p+=1; | ||
| 1343 | param_len += (1 + encoded_pt_len); | ||
| 1344 | if ((param_len > n) || | ||
| 1345 | (EC_POINT_oct2point(group, srvr_ecpoint, | ||
| 1346 | p, encoded_pt_len, bn_ctx) == 0)) | ||
| 1347 | { | ||
| 1348 | al=SSL_AD_DECODE_ERROR; | ||
| 1349 | SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_ECPOINT); | ||
| 1350 | goto f_err; | ||
| 1351 | } | ||
| 1352 | |||
| 1353 | n-=param_len; | ||
| 1354 | p+=encoded_pt_len; | ||
| 1355 | |||
| 1356 | /* The ECC/TLS specification does not mention | ||
| 1357 | * the use of DSA to sign ECParameters in the server | ||
| 1358 | * key exchange message. We do support RSA and ECDSA. | ||
| 1359 | */ | ||
| 1360 | if (0) ; | ||
| 1361 | #ifndef OPENSSL_NO_RSA | ||
| 1362 | else if (alg & SSL_aRSA) | ||
| 1363 | pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509); | ||
| 1364 | #endif | ||
| 1365 | #ifndef OPENSSL_NO_ECDSA | ||
| 1366 | else if (alg & SSL_aECDSA) | ||
| 1367 | pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_ECC].x509); | ||
| 1368 | #endif | ||
| 1369 | /* else anonymous ECDH, so no certificate or pkey. */ | ||
| 1370 | EC_KEY_set_public_key(ecdh, srvr_ecpoint); | ||
| 1371 | s->session->sess_cert->peer_ecdh_tmp=ecdh; | ||
| 1372 | ecdh=NULL; | ||
| 1373 | BN_CTX_free(bn_ctx); | ||
| 1374 | EC_POINT_free(srvr_ecpoint); | ||
| 1375 | srvr_ecpoint = NULL; | ||
| 1376 | } | ||
| 1377 | else if (alg & SSL_kECDH) | ||
| 1378 | { | ||
| 1379 | al=SSL_AD_UNEXPECTED_MESSAGE; | ||
| 1380 | SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_UNEXPECTED_MESSAGE); | ||
| 1381 | goto f_err; | ||
| 1382 | } | ||
| 1383 | #endif /* !OPENSSL_NO_ECDH */ | ||
| 1130 | if (alg & SSL_aFZA) | 1384 | if (alg & SSL_aFZA) |
| 1131 | { | 1385 | { |
| 1132 | al=SSL_AD_HANDSHAKE_FAILURE; | 1386 | al=SSL_AD_HANDSHAKE_FAILURE; |
| @@ -1137,7 +1391,6 @@ static int ssl3_get_key_exchange(SSL *s) | |||
| 1137 | 1391 | ||
| 1138 | /* p points to the next byte, there are 'n' bytes left */ | 1392 | /* p points to the next byte, there are 'n' bytes left */ |
| 1139 | 1393 | ||
| 1140 | |||
| 1141 | /* if it was signed, check the signature */ | 1394 | /* if it was signed, check the signature */ |
| 1142 | if (pkey != NULL) | 1395 | if (pkey != NULL) |
| 1143 | { | 1396 | { |
| @@ -1162,14 +1415,11 @@ static int ssl3_get_key_exchange(SSL *s) | |||
| 1162 | q=md_buf; | 1415 | q=md_buf; |
| 1163 | for (num=2; num > 0; num--) | 1416 | for (num=2; num > 0; num--) |
| 1164 | { | 1417 | { |
| 1165 | EVP_MD_CTX_set_flags(&md_ctx, | ||
| 1166 | EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); | ||
| 1167 | EVP_DigestInit_ex(&md_ctx,(num == 2) | 1418 | EVP_DigestInit_ex(&md_ctx,(num == 2) |
| 1168 | ?s->ctx->md5:s->ctx->sha1, NULL); | 1419 | ?s->ctx->md5:s->ctx->sha1, NULL); |
| 1169 | EVP_DigestUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE); | 1420 | EVP_DigestUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE); |
| 1170 | EVP_DigestUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE); | 1421 | EVP_DigestUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE); |
| 1171 | EVP_DigestUpdate(&md_ctx,param,param_len); | 1422 | EVP_DigestUpdate(&md_ctx,param,param_len); |
| 1172 | |||
| 1173 | EVP_DigestFinal_ex(&md_ctx,q,(unsigned int *)&i); | 1423 | EVP_DigestFinal_ex(&md_ctx,q,(unsigned int *)&i); |
| 1174 | q+=i; | 1424 | q+=i; |
| 1175 | j+=i; | 1425 | j+=i; |
| @@ -1210,6 +1460,24 @@ static int ssl3_get_key_exchange(SSL *s) | |||
| 1210 | } | 1460 | } |
| 1211 | else | 1461 | else |
| 1212 | #endif | 1462 | #endif |
| 1463 | #ifndef OPENSSL_NO_ECDSA | ||
| 1464 | if (pkey->type == EVP_PKEY_EC) | ||
| 1465 | { | ||
| 1466 | /* let's do ECDSA */ | ||
| 1467 | EVP_VerifyInit_ex(&md_ctx,EVP_ecdsa(), NULL); | ||
| 1468 | EVP_VerifyUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE); | ||
| 1469 | EVP_VerifyUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE); | ||
| 1470 | EVP_VerifyUpdate(&md_ctx,param,param_len); | ||
| 1471 | if (!EVP_VerifyFinal(&md_ctx,p,(int)n,pkey)) | ||
| 1472 | { | ||
| 1473 | /* bad signature */ | ||
| 1474 | al=SSL_AD_DECRYPT_ERROR; | ||
| 1475 | SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_SIGNATURE); | ||
| 1476 | goto f_err; | ||
| 1477 | } | ||
| 1478 | } | ||
| 1479 | else | ||
| 1480 | #endif | ||
| 1213 | { | 1481 | { |
| 1214 | SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_INTERNAL_ERROR); | 1482 | SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_INTERNAL_ERROR); |
| 1215 | goto err; | 1483 | goto err; |
| @@ -1245,20 +1513,27 @@ err: | |||
| 1245 | if (dh != NULL) | 1513 | if (dh != NULL) |
| 1246 | DH_free(dh); | 1514 | DH_free(dh); |
| 1247 | #endif | 1515 | #endif |
| 1516 | #ifndef OPENSSL_NO_ECDH | ||
| 1517 | BN_CTX_free(bn_ctx); | ||
| 1518 | EC_POINT_free(srvr_ecpoint); | ||
| 1519 | if (ecdh != NULL) | ||
| 1520 | EC_KEY_free(ecdh); | ||
| 1521 | #endif | ||
| 1248 | EVP_MD_CTX_cleanup(&md_ctx); | 1522 | EVP_MD_CTX_cleanup(&md_ctx); |
| 1249 | return(-1); | 1523 | return(-1); |
| 1250 | } | 1524 | } |
| 1251 | 1525 | ||
| 1252 | static int ssl3_get_certificate_request(SSL *s) | 1526 | int ssl3_get_certificate_request(SSL *s) |
| 1253 | { | 1527 | { |
| 1254 | int ok,ret=0; | 1528 | int ok,ret=0; |
| 1255 | unsigned long n,nc,l; | 1529 | unsigned long n,nc,l; |
| 1256 | unsigned int llen,ctype_num,i; | 1530 | unsigned int llen,ctype_num,i; |
| 1257 | X509_NAME *xn=NULL; | 1531 | X509_NAME *xn=NULL; |
| 1258 | unsigned char *p,*d,*q; | 1532 | const unsigned char *p,*q; |
| 1533 | unsigned char *d; | ||
| 1259 | STACK_OF(X509_NAME) *ca_sk=NULL; | 1534 | STACK_OF(X509_NAME) *ca_sk=NULL; |
| 1260 | 1535 | ||
| 1261 | n=ssl3_get_message(s, | 1536 | n=s->method->ssl_get_message(s, |
| 1262 | SSL3_ST_CR_CERT_REQ_A, | 1537 | SSL3_ST_CR_CERT_REQ_A, |
| 1263 | SSL3_ST_CR_CERT_REQ_B, | 1538 | SSL3_ST_CR_CERT_REQ_B, |
| 1264 | -1, | 1539 | -1, |
| @@ -1294,7 +1569,7 @@ static int ssl3_get_certificate_request(SSL *s) | |||
| 1294 | } | 1569 | } |
| 1295 | } | 1570 | } |
| 1296 | 1571 | ||
| 1297 | d=p=(unsigned char *)s->init_msg; | 1572 | p=d=(unsigned char *)s->init_msg; |
| 1298 | 1573 | ||
| 1299 | if ((ca_sk=sk_X509_NAME_new(ca_dn_cmp)) == NULL) | 1574 | if ((ca_sk=sk_X509_NAME_new(ca_dn_cmp)) == NULL) |
| 1300 | { | 1575 | { |
| @@ -1395,13 +1670,150 @@ static int ca_dn_cmp(const X509_NAME * const *a, const X509_NAME * const *b) | |||
| 1395 | { | 1670 | { |
| 1396 | return(X509_NAME_cmp(*a,*b)); | 1671 | return(X509_NAME_cmp(*a,*b)); |
| 1397 | } | 1672 | } |
| 1673 | #ifndef OPENSSL_NO_TLSEXT | ||
| 1674 | int ssl3_get_new_session_ticket(SSL *s) | ||
| 1675 | { | ||
| 1676 | int ok,al,ret=0, ticklen; | ||
| 1677 | long n; | ||
| 1678 | const unsigned char *p; | ||
| 1679 | unsigned char *d; | ||
| 1398 | 1680 | ||
| 1399 | static int ssl3_get_server_done(SSL *s) | 1681 | n=s->method->ssl_get_message(s, |
| 1682 | SSL3_ST_CR_SESSION_TICKET_A, | ||
| 1683 | SSL3_ST_CR_SESSION_TICKET_B, | ||
| 1684 | -1, | ||
| 1685 | 16384, | ||
| 1686 | &ok); | ||
| 1687 | |||
| 1688 | if (!ok) | ||
| 1689 | return((int)n); | ||
| 1690 | |||
| 1691 | if (s->s3->tmp.message_type == SSL3_MT_FINISHED) | ||
| 1692 | { | ||
| 1693 | s->s3->tmp.reuse_message=1; | ||
| 1694 | return(1); | ||
| 1695 | } | ||
| 1696 | if (s->s3->tmp.message_type != SSL3_MT_NEWSESSION_TICKET) | ||
| 1697 | { | ||
| 1698 | al=SSL_AD_UNEXPECTED_MESSAGE; | ||
| 1699 | SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET,SSL_R_BAD_MESSAGE_TYPE); | ||
| 1700 | goto f_err; | ||
| 1701 | } | ||
| 1702 | if (n < 6) | ||
| 1703 | { | ||
| 1704 | /* need at least ticket_lifetime_hint + ticket length */ | ||
| 1705 | al = SSL3_AL_FATAL,SSL_AD_DECODE_ERROR; | ||
| 1706 | SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET,SSL_R_LENGTH_MISMATCH); | ||
| 1707 | goto f_err; | ||
| 1708 | } | ||
| 1709 | p=d=(unsigned char *)s->init_msg; | ||
| 1710 | n2l(p, s->session->tlsext_tick_lifetime_hint); | ||
| 1711 | n2s(p, ticklen); | ||
| 1712 | /* ticket_lifetime_hint + ticket_length + ticket */ | ||
| 1713 | if (ticklen + 6 != n) | ||
| 1714 | { | ||
| 1715 | al = SSL3_AL_FATAL,SSL_AD_DECODE_ERROR; | ||
| 1716 | SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET,SSL_R_LENGTH_MISMATCH); | ||
| 1717 | goto f_err; | ||
| 1718 | } | ||
| 1719 | if (s->session->tlsext_tick) | ||
| 1720 | { | ||
| 1721 | OPENSSL_free(s->session->tlsext_tick); | ||
| 1722 | s->session->tlsext_ticklen = 0; | ||
| 1723 | } | ||
| 1724 | s->session->tlsext_tick = OPENSSL_malloc(ticklen); | ||
| 1725 | if (!s->session->tlsext_tick) | ||
| 1726 | { | ||
| 1727 | SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET,ERR_R_MALLOC_FAILURE); | ||
| 1728 | goto err; | ||
| 1729 | } | ||
| 1730 | memcpy(s->session->tlsext_tick, p, ticklen); | ||
| 1731 | s->session->tlsext_ticklen = ticklen; | ||
| 1732 | |||
| 1733 | ret=1; | ||
| 1734 | return(ret); | ||
| 1735 | f_err: | ||
| 1736 | ssl3_send_alert(s,SSL3_AL_FATAL,al); | ||
| 1737 | err: | ||
| 1738 | return(-1); | ||
| 1739 | } | ||
| 1740 | |||
| 1741 | int ssl3_get_cert_status(SSL *s) | ||
| 1742 | { | ||
| 1743 | int ok, al; | ||
| 1744 | unsigned long resplen; | ||
| 1745 | long n; | ||
| 1746 | const unsigned char *p; | ||
| 1747 | |||
| 1748 | n=s->method->ssl_get_message(s, | ||
| 1749 | SSL3_ST_CR_CERT_STATUS_A, | ||
| 1750 | SSL3_ST_CR_CERT_STATUS_B, | ||
| 1751 | SSL3_MT_CERTIFICATE_STATUS, | ||
| 1752 | 16384, | ||
| 1753 | &ok); | ||
| 1754 | |||
| 1755 | if (!ok) return((int)n); | ||
| 1756 | if (n < 4) | ||
| 1757 | { | ||
| 1758 | /* need at least status type + length */ | ||
| 1759 | al = SSL_AD_DECODE_ERROR; | ||
| 1760 | SSLerr(SSL_F_SSL3_GET_CERT_STATUS,SSL_R_LENGTH_MISMATCH); | ||
| 1761 | goto f_err; | ||
| 1762 | } | ||
| 1763 | p = (unsigned char *)s->init_msg; | ||
| 1764 | if (*p++ != TLSEXT_STATUSTYPE_ocsp) | ||
| 1765 | { | ||
| 1766 | al = SSL_AD_DECODE_ERROR; | ||
| 1767 | SSLerr(SSL_F_SSL3_GET_CERT_STATUS,SSL_R_UNSUPPORTED_STATUS_TYPE); | ||
| 1768 | goto f_err; | ||
| 1769 | } | ||
| 1770 | n2l3(p, resplen); | ||
| 1771 | if (resplen + 4 != n) | ||
| 1772 | { | ||
| 1773 | al = SSL_AD_DECODE_ERROR; | ||
| 1774 | SSLerr(SSL_F_SSL3_GET_CERT_STATUS,SSL_R_LENGTH_MISMATCH); | ||
| 1775 | goto f_err; | ||
| 1776 | } | ||
| 1777 | if (s->tlsext_ocsp_resp) | ||
| 1778 | OPENSSL_free(s->tlsext_ocsp_resp); | ||
| 1779 | s->tlsext_ocsp_resp = BUF_memdup(p, resplen); | ||
| 1780 | if (!s->tlsext_ocsp_resp) | ||
| 1781 | { | ||
| 1782 | al = SSL_AD_INTERNAL_ERROR; | ||
| 1783 | SSLerr(SSL_F_SSL3_GET_CERT_STATUS,ERR_R_MALLOC_FAILURE); | ||
| 1784 | goto f_err; | ||
| 1785 | } | ||
| 1786 | s->tlsext_ocsp_resplen = resplen; | ||
| 1787 | if (s->ctx->tlsext_status_cb) | ||
| 1788 | { | ||
| 1789 | int ret; | ||
| 1790 | ret = s->ctx->tlsext_status_cb(s, s->ctx->tlsext_status_arg); | ||
| 1791 | if (ret == 0) | ||
| 1792 | { | ||
| 1793 | al = SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE; | ||
| 1794 | SSLerr(SSL_F_SSL3_GET_CERT_STATUS,SSL_R_INVALID_STATUS_RESPONSE); | ||
| 1795 | goto f_err; | ||
| 1796 | } | ||
| 1797 | if (ret < 0) | ||
| 1798 | { | ||
| 1799 | al = SSL_AD_INTERNAL_ERROR; | ||
| 1800 | SSLerr(SSL_F_SSL3_GET_CERT_STATUS,ERR_R_MALLOC_FAILURE); | ||
| 1801 | goto f_err; | ||
| 1802 | } | ||
| 1803 | } | ||
| 1804 | return 1; | ||
| 1805 | f_err: | ||
| 1806 | ssl3_send_alert(s,SSL3_AL_FATAL,al); | ||
| 1807 | return(-1); | ||
| 1808 | } | ||
| 1809 | #endif | ||
| 1810 | |||
| 1811 | int ssl3_get_server_done(SSL *s) | ||
| 1400 | { | 1812 | { |
| 1401 | int ok,ret=0; | 1813 | int ok,ret=0; |
| 1402 | long n; | 1814 | long n; |
| 1403 | 1815 | ||
| 1404 | n=ssl3_get_message(s, | 1816 | n=s->method->ssl_get_message(s, |
| 1405 | SSL3_ST_CR_SRVR_DONE_A, | 1817 | SSL3_ST_CR_SRVR_DONE_A, |
| 1406 | SSL3_ST_CR_SRVR_DONE_B, | 1818 | SSL3_ST_CR_SRVR_DONE_B, |
| 1407 | SSL3_MT_SERVER_DONE, | 1819 | SSL3_MT_SERVER_DONE, |
| @@ -1420,7 +1832,8 @@ static int ssl3_get_server_done(SSL *s) | |||
| 1420 | return(ret); | 1832 | return(ret); |
| 1421 | } | 1833 | } |
| 1422 | 1834 | ||
| 1423 | static int ssl3_send_client_key_exchange(SSL *s) | 1835 | |
| 1836 | int ssl3_send_client_key_exchange(SSL *s) | ||
| 1424 | { | 1837 | { |
| 1425 | unsigned char *p,*d; | 1838 | unsigned char *p,*d; |
| 1426 | int n; | 1839 | int n; |
| @@ -1430,8 +1843,16 @@ static int ssl3_send_client_key_exchange(SSL *s) | |||
| 1430 | EVP_PKEY *pkey=NULL; | 1843 | EVP_PKEY *pkey=NULL; |
| 1431 | #endif | 1844 | #endif |
| 1432 | #ifndef OPENSSL_NO_KRB5 | 1845 | #ifndef OPENSSL_NO_KRB5 |
| 1433 | KSSL_ERR kssl_err; | 1846 | KSSL_ERR kssl_err; |
| 1434 | #endif /* OPENSSL_NO_KRB5 */ | 1847 | #endif /* OPENSSL_NO_KRB5 */ |
| 1848 | #ifndef OPENSSL_NO_ECDH | ||
| 1849 | EC_KEY *clnt_ecdh = NULL; | ||
| 1850 | const EC_POINT *srvr_ecpoint = NULL; | ||
| 1851 | EVP_PKEY *srvr_pub_pkey = NULL; | ||
| 1852 | unsigned char *encodedPoint = NULL; | ||
| 1853 | int encoded_pt_len = 0; | ||
| 1854 | BN_CTX * bn_ctx = NULL; | ||
| 1855 | #endif | ||
| 1435 | 1856 | ||
| 1436 | if (s->state == SSL3_ST_CW_KEY_EXCH_A) | 1857 | if (s->state == SSL3_ST_CW_KEY_EXCH_A) |
| 1437 | { | 1858 | { |
| @@ -1440,8 +1861,8 @@ static int ssl3_send_client_key_exchange(SSL *s) | |||
| 1440 | 1861 | ||
| 1441 | l=s->s3->tmp.new_cipher->algorithms; | 1862 | l=s->s3->tmp.new_cipher->algorithms; |
| 1442 | 1863 | ||
| 1443 | /* Fool emacs indentation */ | 1864 | /* Fool emacs indentation */ |
| 1444 | if (0) {} | 1865 | if (0) {} |
| 1445 | #ifndef OPENSSL_NO_RSA | 1866 | #ifndef OPENSSL_NO_RSA |
| 1446 | else if (l & SSL_kRSA) | 1867 | else if (l & SSL_kRSA) |
| 1447 | { | 1868 | { |
| @@ -1503,12 +1924,12 @@ static int ssl3_send_client_key_exchange(SSL *s) | |||
| 1503 | #endif | 1924 | #endif |
| 1504 | #ifndef OPENSSL_NO_KRB5 | 1925 | #ifndef OPENSSL_NO_KRB5 |
| 1505 | else if (l & SSL_kKRB5) | 1926 | else if (l & SSL_kKRB5) |
| 1506 | { | 1927 | { |
| 1507 | krb5_error_code krb5rc; | 1928 | krb5_error_code krb5rc; |
| 1508 | KSSL_CTX *kssl_ctx = s->kssl_ctx; | 1929 | KSSL_CTX *kssl_ctx = s->kssl_ctx; |
| 1509 | /* krb5_data krb5_ap_req; */ | 1930 | /* krb5_data krb5_ap_req; */ |
| 1510 | krb5_data *enc_ticket; | 1931 | krb5_data *enc_ticket; |
| 1511 | krb5_data authenticator, *authp = NULL; | 1932 | krb5_data authenticator, *authp = NULL; |
| 1512 | EVP_CIPHER_CTX ciph_ctx; | 1933 | EVP_CIPHER_CTX ciph_ctx; |
| 1513 | EVP_CIPHER *enc = NULL; | 1934 | EVP_CIPHER *enc = NULL; |
| 1514 | unsigned char iv[EVP_MAX_IV_LENGTH]; | 1935 | unsigned char iv[EVP_MAX_IV_LENGTH]; |
| @@ -1520,8 +1941,8 @@ static int ssl3_send_client_key_exchange(SSL *s) | |||
| 1520 | EVP_CIPHER_CTX_init(&ciph_ctx); | 1941 | EVP_CIPHER_CTX_init(&ciph_ctx); |
| 1521 | 1942 | ||
| 1522 | #ifdef KSSL_DEBUG | 1943 | #ifdef KSSL_DEBUG |
| 1523 | printf("ssl3_send_client_key_exchange(%lx & %lx)\n", | 1944 | printf("ssl3_send_client_key_exchange(%lx & %lx)\n", |
| 1524 | l, SSL_kKRB5); | 1945 | l, SSL_kKRB5); |
| 1525 | #endif /* KSSL_DEBUG */ | 1946 | #endif /* KSSL_DEBUG */ |
| 1526 | 1947 | ||
| 1527 | authp = NULL; | 1948 | authp = NULL; |
| @@ -1529,37 +1950,37 @@ static int ssl3_send_client_key_exchange(SSL *s) | |||
| 1529 | if (KRB5SENDAUTH) authp = &authenticator; | 1950 | if (KRB5SENDAUTH) authp = &authenticator; |
| 1530 | #endif /* KRB5SENDAUTH */ | 1951 | #endif /* KRB5SENDAUTH */ |
| 1531 | 1952 | ||
| 1532 | krb5rc = kssl_cget_tkt(kssl_ctx, &enc_ticket, authp, | 1953 | krb5rc = kssl_cget_tkt(kssl_ctx, &enc_ticket, authp, |
| 1533 | &kssl_err); | 1954 | &kssl_err); |
| 1534 | enc = kssl_map_enc(kssl_ctx->enctype); | 1955 | enc = kssl_map_enc(kssl_ctx->enctype); |
| 1535 | if (enc == NULL) | 1956 | if (enc == NULL) |
| 1536 | goto err; | 1957 | goto err; |
| 1537 | #ifdef KSSL_DEBUG | 1958 | #ifdef KSSL_DEBUG |
| 1538 | { | 1959 | { |
| 1539 | printf("kssl_cget_tkt rtn %d\n", krb5rc); | 1960 | printf("kssl_cget_tkt rtn %d\n", krb5rc); |
| 1540 | if (krb5rc && kssl_err.text) | 1961 | if (krb5rc && kssl_err.text) |
| 1541 | printf("kssl_cget_tkt kssl_err=%s\n", kssl_err.text); | 1962 | printf("kssl_cget_tkt kssl_err=%s\n", kssl_err.text); |
| 1542 | } | 1963 | } |
| 1543 | #endif /* KSSL_DEBUG */ | 1964 | #endif /* KSSL_DEBUG */ |
| 1544 | 1965 | ||
| 1545 | if (krb5rc) | 1966 | if (krb5rc) |
| 1546 | { | 1967 | { |
| 1547 | ssl3_send_alert(s,SSL3_AL_FATAL, | 1968 | ssl3_send_alert(s,SSL3_AL_FATAL, |
| 1548 | SSL_AD_HANDSHAKE_FAILURE); | 1969 | SSL_AD_HANDSHAKE_FAILURE); |
| 1549 | SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, | 1970 | SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, |
| 1550 | kssl_err.reason); | 1971 | kssl_err.reason); |
| 1551 | goto err; | 1972 | goto err; |
| 1552 | } | 1973 | } |
| 1553 | 1974 | ||
| 1554 | /* 20010406 VRS - Earlier versions used KRB5 AP_REQ | 1975 | /* 20010406 VRS - Earlier versions used KRB5 AP_REQ |
| 1555 | ** in place of RFC 2712 KerberosWrapper, as in: | 1976 | ** in place of RFC 2712 KerberosWrapper, as in: |
| 1556 | ** | 1977 | ** |
| 1557 | ** Send ticket (copy to *p, set n = length) | 1978 | ** Send ticket (copy to *p, set n = length) |
| 1558 | ** n = krb5_ap_req.length; | 1979 | ** n = krb5_ap_req.length; |
| 1559 | ** memcpy(p, krb5_ap_req.data, krb5_ap_req.length); | 1980 | ** memcpy(p, krb5_ap_req.data, krb5_ap_req.length); |
| 1560 | ** if (krb5_ap_req.data) | 1981 | ** if (krb5_ap_req.data) |
| 1561 | ** kssl_krb5_free_data_contents(NULL,&krb5_ap_req); | 1982 | ** kssl_krb5_free_data_contents(NULL,&krb5_ap_req); |
| 1562 | ** | 1983 | ** |
| 1563 | ** Now using real RFC 2712 KerberosWrapper | 1984 | ** Now using real RFC 2712 KerberosWrapper |
| 1564 | ** (Thanks to Simon Wilkinson <sxw@sxw.org.uk>) | 1985 | ** (Thanks to Simon Wilkinson <sxw@sxw.org.uk>) |
| 1565 | ** Note: 2712 "opaque" types are here replaced | 1986 | ** Note: 2712 "opaque" types are here replaced |
| @@ -1594,8 +2015,10 @@ static int ssl3_send_client_key_exchange(SSL *s) | |||
| 1594 | n+=2; | 2015 | n+=2; |
| 1595 | } | 2016 | } |
| 1596 | 2017 | ||
| 1597 | if (RAND_bytes(tmp_buf,sizeof tmp_buf) <= 0) | 2018 | tmp_buf[0]=s->client_version>>8; |
| 1598 | goto err; | 2019 | tmp_buf[1]=s->client_version&0xff; |
| 2020 | if (RAND_bytes(&(tmp_buf[2]),sizeof tmp_buf-2) <= 0) | ||
| 2021 | goto err; | ||
| 1599 | 2022 | ||
| 1600 | /* 20010420 VRS. Tried it this way; failed. | 2023 | /* 20010420 VRS. Tried it this way; failed. |
| 1601 | ** EVP_EncryptInit_ex(&ciph_ctx,enc, NULL,NULL); | 2024 | ** EVP_EncryptInit_ex(&ciph_ctx,enc, NULL,NULL); |
| @@ -1624,20 +2047,27 @@ static int ssl3_send_client_key_exchange(SSL *s) | |||
| 1624 | p+=outl; | 2047 | p+=outl; |
| 1625 | n+=outl + 2; | 2048 | n+=outl + 2; |
| 1626 | 2049 | ||
| 1627 | s->session->master_key_length= | 2050 | s->session->master_key_length= |
| 1628 | s->method->ssl3_enc->generate_master_secret(s, | 2051 | s->method->ssl3_enc->generate_master_secret(s, |
| 1629 | s->session->master_key, | 2052 | s->session->master_key, |
| 1630 | tmp_buf, sizeof tmp_buf); | 2053 | tmp_buf, sizeof tmp_buf); |
| 1631 | 2054 | ||
| 1632 | OPENSSL_cleanse(tmp_buf, sizeof tmp_buf); | 2055 | OPENSSL_cleanse(tmp_buf, sizeof tmp_buf); |
| 1633 | OPENSSL_cleanse(epms, outl); | 2056 | OPENSSL_cleanse(epms, outl); |
| 1634 | } | 2057 | } |
| 1635 | #endif | 2058 | #endif |
| 1636 | #ifndef OPENSSL_NO_DH | 2059 | #ifndef OPENSSL_NO_DH |
| 1637 | else if (l & (SSL_kEDH|SSL_kDHr|SSL_kDHd)) | 2060 | else if (l & (SSL_kEDH|SSL_kDHr|SSL_kDHd)) |
| 1638 | { | 2061 | { |
| 1639 | DH *dh_srvr,*dh_clnt; | 2062 | DH *dh_srvr,*dh_clnt; |
| 1640 | 2063 | ||
| 2064 | if (s->session->sess_cert == NULL) | ||
| 2065 | { | ||
| 2066 | ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_UNEXPECTED_MESSAGE); | ||
| 2067 | SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,SSL_R_UNEXPECTED_MESSAGE); | ||
| 2068 | goto err; | ||
| 2069 | } | ||
| 2070 | |||
| 1641 | if (s->session->sess_cert->peer_dh_tmp != NULL) | 2071 | if (s->session->sess_cert->peer_dh_tmp != NULL) |
| 1642 | dh_srvr=s->session->sess_cert->peer_dh_tmp; | 2072 | dh_srvr=s->session->sess_cert->peer_dh_tmp; |
| 1643 | else | 2073 | else |
| @@ -1689,10 +2119,198 @@ static int ssl3_send_client_key_exchange(SSL *s) | |||
| 1689 | /* perhaps clean things up a bit EAY EAY EAY EAY*/ | 2119 | /* perhaps clean things up a bit EAY EAY EAY EAY*/ |
| 1690 | } | 2120 | } |
| 1691 | #endif | 2121 | #endif |
| 2122 | |||
| 2123 | #ifndef OPENSSL_NO_ECDH | ||
| 2124 | else if ((l & SSL_kECDH) || (l & SSL_kECDHE)) | ||
| 2125 | { | ||
| 2126 | const EC_GROUP *srvr_group = NULL; | ||
| 2127 | EC_KEY *tkey; | ||
| 2128 | int ecdh_clnt_cert = 0; | ||
| 2129 | int field_size = 0; | ||
| 2130 | |||
| 2131 | /* Did we send out the client's | ||
| 2132 | * ECDH share for use in premaster | ||
| 2133 | * computation as part of client certificate? | ||
| 2134 | * If so, set ecdh_clnt_cert to 1. | ||
| 2135 | */ | ||
| 2136 | if ((l & SSL_kECDH) && (s->cert != NULL)) | ||
| 2137 | { | ||
| 2138 | /* XXX: For now, we do not support client | ||
| 2139 | * authentication using ECDH certificates. | ||
| 2140 | * To add such support, one needs to add | ||
| 2141 | * code that checks for appropriate | ||
| 2142 | * conditions and sets ecdh_clnt_cert to 1. | ||
| 2143 | * For example, the cert have an ECC | ||
| 2144 | * key on the same curve as the server's | ||
| 2145 | * and the key should be authorized for | ||
| 2146 | * key agreement. | ||
| 2147 | * | ||
| 2148 | * One also needs to add code in ssl3_connect | ||
| 2149 | * to skip sending the certificate verify | ||
| 2150 | * message. | ||
| 2151 | * | ||
| 2152 | * if ((s->cert->key->privatekey != NULL) && | ||
| 2153 | * (s->cert->key->privatekey->type == | ||
| 2154 | * EVP_PKEY_EC) && ...) | ||
| 2155 | * ecdh_clnt_cert = 1; | ||
| 2156 | */ | ||
| 2157 | } | ||
| 2158 | |||
| 2159 | if (s->session->sess_cert->peer_ecdh_tmp != NULL) | ||
| 2160 | { | ||
| 2161 | tkey = s->session->sess_cert->peer_ecdh_tmp; | ||
| 2162 | } | ||
| 2163 | else | ||
| 2164 | { | ||
| 2165 | /* Get the Server Public Key from Cert */ | ||
| 2166 | srvr_pub_pkey = X509_get_pubkey(s->session-> \ | ||
| 2167 | sess_cert->peer_pkeys[SSL_PKEY_ECC].x509); | ||
| 2168 | if ((srvr_pub_pkey == NULL) || | ||
| 2169 | (srvr_pub_pkey->type != EVP_PKEY_EC) || | ||
| 2170 | (srvr_pub_pkey->pkey.ec == NULL)) | ||
| 2171 | { | ||
| 2172 | SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, | ||
| 2173 | ERR_R_INTERNAL_ERROR); | ||
| 2174 | goto err; | ||
| 2175 | } | ||
| 2176 | |||
| 2177 | tkey = srvr_pub_pkey->pkey.ec; | ||
| 2178 | } | ||
| 2179 | |||
| 2180 | srvr_group = EC_KEY_get0_group(tkey); | ||
| 2181 | srvr_ecpoint = EC_KEY_get0_public_key(tkey); | ||
| 2182 | |||
| 2183 | if ((srvr_group == NULL) || (srvr_ecpoint == NULL)) | ||
| 2184 | { | ||
| 2185 | SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, | ||
| 2186 | ERR_R_INTERNAL_ERROR); | ||
| 2187 | goto err; | ||
| 2188 | } | ||
| 2189 | |||
| 2190 | if ((clnt_ecdh=EC_KEY_new()) == NULL) | ||
| 2191 | { | ||
| 2192 | SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE); | ||
| 2193 | goto err; | ||
| 2194 | } | ||
| 2195 | |||
| 2196 | if (!EC_KEY_set_group(clnt_ecdh, srvr_group)) | ||
| 2197 | { | ||
| 2198 | SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_EC_LIB); | ||
| 2199 | goto err; | ||
| 2200 | } | ||
| 2201 | if (ecdh_clnt_cert) | ||
| 2202 | { | ||
| 2203 | /* Reuse key info from our certificate | ||
| 2204 | * We only need our private key to perform | ||
| 2205 | * the ECDH computation. | ||
| 2206 | */ | ||
| 2207 | const BIGNUM *priv_key; | ||
| 2208 | tkey = s->cert->key->privatekey->pkey.ec; | ||
| 2209 | priv_key = EC_KEY_get0_private_key(tkey); | ||
| 2210 | if (priv_key == NULL) | ||
| 2211 | { | ||
| 2212 | SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE); | ||
| 2213 | goto err; | ||
| 2214 | } | ||
| 2215 | if (!EC_KEY_set_private_key(clnt_ecdh, priv_key)) | ||
| 2216 | { | ||
| 2217 | SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_EC_LIB); | ||
| 2218 | goto err; | ||
| 2219 | } | ||
| 2220 | } | ||
| 2221 | else | ||
| 2222 | { | ||
| 2223 | /* Generate a new ECDH key pair */ | ||
| 2224 | if (!(EC_KEY_generate_key(clnt_ecdh))) | ||
| 2225 | { | ||
| 2226 | SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_ECDH_LIB); | ||
| 2227 | goto err; | ||
| 2228 | } | ||
| 2229 | } | ||
| 2230 | |||
| 2231 | /* use the 'p' output buffer for the ECDH key, but | ||
| 2232 | * make sure to clear it out afterwards | ||
| 2233 | */ | ||
| 2234 | |||
| 2235 | field_size = EC_GROUP_get_degree(srvr_group); | ||
| 2236 | if (field_size <= 0) | ||
| 2237 | { | ||
| 2238 | SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, | ||
| 2239 | ERR_R_ECDH_LIB); | ||
| 2240 | goto err; | ||
| 2241 | } | ||
| 2242 | n=ECDH_compute_key(p, (field_size+7)/8, srvr_ecpoint, clnt_ecdh, NULL); | ||
| 2243 | if (n <= 0) | ||
| 2244 | { | ||
| 2245 | SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, | ||
| 2246 | ERR_R_ECDH_LIB); | ||
| 2247 | goto err; | ||
| 2248 | } | ||
| 2249 | |||
| 2250 | /* generate master key from the result */ | ||
| 2251 | s->session->master_key_length = s->method->ssl3_enc \ | ||
| 2252 | -> generate_master_secret(s, | ||
| 2253 | s->session->master_key, | ||
| 2254 | p, n); | ||
| 2255 | |||
| 2256 | memset(p, 0, n); /* clean up */ | ||
| 2257 | |||
| 2258 | if (ecdh_clnt_cert) | ||
| 2259 | { | ||
| 2260 | /* Send empty client key exch message */ | ||
| 2261 | n = 0; | ||
| 2262 | } | ||
| 2263 | else | ||
| 2264 | { | ||
| 2265 | /* First check the size of encoding and | ||
| 2266 | * allocate memory accordingly. | ||
| 2267 | */ | ||
| 2268 | encoded_pt_len = | ||
| 2269 | EC_POINT_point2oct(srvr_group, | ||
| 2270 | EC_KEY_get0_public_key(clnt_ecdh), | ||
| 2271 | POINT_CONVERSION_UNCOMPRESSED, | ||
| 2272 | NULL, 0, NULL); | ||
| 2273 | |||
| 2274 | encodedPoint = (unsigned char *) | ||
| 2275 | OPENSSL_malloc(encoded_pt_len * | ||
| 2276 | sizeof(unsigned char)); | ||
| 2277 | bn_ctx = BN_CTX_new(); | ||
| 2278 | if ((encodedPoint == NULL) || | ||
| 2279 | (bn_ctx == NULL)) | ||
| 2280 | { | ||
| 2281 | SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE); | ||
| 2282 | goto err; | ||
| 2283 | } | ||
| 2284 | |||
| 2285 | /* Encode the public key */ | ||
| 2286 | n = EC_POINT_point2oct(srvr_group, | ||
| 2287 | EC_KEY_get0_public_key(clnt_ecdh), | ||
| 2288 | POINT_CONVERSION_UNCOMPRESSED, | ||
| 2289 | encodedPoint, encoded_pt_len, bn_ctx); | ||
| 2290 | |||
| 2291 | *p = n; /* length of encoded point */ | ||
| 2292 | /* Encoded point will be copied here */ | ||
| 2293 | p += 1; | ||
| 2294 | /* copy the point */ | ||
| 2295 | memcpy((unsigned char *)p, encodedPoint, n); | ||
| 2296 | /* increment n to account for length field */ | ||
| 2297 | n += 1; | ||
| 2298 | } | ||
| 2299 | |||
| 2300 | /* Free allocated memory */ | ||
| 2301 | BN_CTX_free(bn_ctx); | ||
| 2302 | if (encodedPoint != NULL) OPENSSL_free(encodedPoint); | ||
| 2303 | if (clnt_ecdh != NULL) | ||
| 2304 | EC_KEY_free(clnt_ecdh); | ||
| 2305 | EVP_PKEY_free(srvr_pub_pkey); | ||
| 2306 | } | ||
| 2307 | #endif /* !OPENSSL_NO_ECDH */ | ||
| 1692 | else | 2308 | else |
| 1693 | { | 2309 | { |
| 1694 | ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE_FAILURE); | 2310 | ssl3_send_alert(s, SSL3_AL_FATAL, |
| 1695 | SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_INTERNAL_ERROR); | 2311 | SSL_AD_HANDSHAKE_FAILURE); |
| 2312 | SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, | ||
| 2313 | ERR_R_INTERNAL_ERROR); | ||
| 1696 | goto err; | 2314 | goto err; |
| 1697 | } | 2315 | } |
| 1698 | 2316 | ||
| @@ -1708,10 +2326,17 @@ static int ssl3_send_client_key_exchange(SSL *s) | |||
| 1708 | /* SSL3_ST_CW_KEY_EXCH_B */ | 2326 | /* SSL3_ST_CW_KEY_EXCH_B */ |
| 1709 | return(ssl3_do_write(s,SSL3_RT_HANDSHAKE)); | 2327 | return(ssl3_do_write(s,SSL3_RT_HANDSHAKE)); |
| 1710 | err: | 2328 | err: |
| 2329 | #ifndef OPENSSL_NO_ECDH | ||
| 2330 | BN_CTX_free(bn_ctx); | ||
| 2331 | if (encodedPoint != NULL) OPENSSL_free(encodedPoint); | ||
| 2332 | if (clnt_ecdh != NULL) | ||
| 2333 | EC_KEY_free(clnt_ecdh); | ||
| 2334 | EVP_PKEY_free(srvr_pub_pkey); | ||
| 2335 | #endif | ||
| 1711 | return(-1); | 2336 | return(-1); |
| 1712 | } | 2337 | } |
| 1713 | 2338 | ||
| 1714 | static int ssl3_send_client_verify(SSL *s) | 2339 | int ssl3_send_client_verify(SSL *s) |
| 1715 | { | 2340 | { |
| 1716 | unsigned char *p,*d; | 2341 | unsigned char *p,*d; |
| 1717 | unsigned char data[MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH]; | 2342 | unsigned char data[MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH]; |
| @@ -1720,7 +2345,7 @@ static int ssl3_send_client_verify(SSL *s) | |||
| 1720 | unsigned u=0; | 2345 | unsigned u=0; |
| 1721 | #endif | 2346 | #endif |
| 1722 | unsigned long n; | 2347 | unsigned long n; |
| 1723 | #ifndef OPENSSL_NO_DSA | 2348 | #if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_ECDSA) |
| 1724 | int j; | 2349 | int j; |
| 1725 | #endif | 2350 | #endif |
| 1726 | 2351 | ||
| @@ -1766,6 +2391,23 @@ static int ssl3_send_client_verify(SSL *s) | |||
| 1766 | } | 2391 | } |
| 1767 | else | 2392 | else |
| 1768 | #endif | 2393 | #endif |
| 2394 | #ifndef OPENSSL_NO_ECDSA | ||
| 2395 | if (pkey->type == EVP_PKEY_EC) | ||
| 2396 | { | ||
| 2397 | if (!ECDSA_sign(pkey->save_type, | ||
| 2398 | &(data[MD5_DIGEST_LENGTH]), | ||
| 2399 | SHA_DIGEST_LENGTH,&(p[2]), | ||
| 2400 | (unsigned int *)&j,pkey->pkey.ec)) | ||
| 2401 | { | ||
| 2402 | SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY, | ||
| 2403 | ERR_R_ECDSA_LIB); | ||
| 2404 | goto err; | ||
| 2405 | } | ||
| 2406 | s2n(j,p); | ||
| 2407 | n=j+2; | ||
| 2408 | } | ||
| 2409 | else | ||
| 2410 | #endif | ||
| 1769 | { | 2411 | { |
| 1770 | SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,ERR_R_INTERNAL_ERROR); | 2412 | SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,ERR_R_INTERNAL_ERROR); |
| 1771 | goto err; | 2413 | goto err; |
| @@ -1782,7 +2424,7 @@ err: | |||
| 1782 | return(-1); | 2424 | return(-1); |
| 1783 | } | 2425 | } |
| 1784 | 2426 | ||
| 1785 | static int ssl3_send_client_certificate(SSL *s) | 2427 | int ssl3_send_client_certificate(SSL *s) |
| 1786 | { | 2428 | { |
| 1787 | X509 *x509=NULL; | 2429 | X509 *x509=NULL; |
| 1788 | EVP_PKEY *pkey=NULL; | 2430 | EVP_PKEY *pkey=NULL; |
| @@ -1861,7 +2503,7 @@ static int ssl3_send_client_certificate(SSL *s) | |||
| 1861 | 2503 | ||
| 1862 | #define has_bits(i,m) (((i)&(m)) == (m)) | 2504 | #define has_bits(i,m) (((i)&(m)) == (m)) |
| 1863 | 2505 | ||
| 1864 | static int ssl3_check_cert_and_algorithm(SSL *s) | 2506 | int ssl3_check_cert_and_algorithm(SSL *s) |
| 1865 | { | 2507 | { |
| 1866 | int i,idx; | 2508 | int i,idx; |
| 1867 | long algs; | 2509 | long algs; |
| @@ -1876,18 +2518,18 @@ static int ssl3_check_cert_and_algorithm(SSL *s) | |||
| 1876 | 2518 | ||
| 1877 | sc=s->session->sess_cert; | 2519 | sc=s->session->sess_cert; |
| 1878 | 2520 | ||
| 1879 | if (sc == NULL) | ||
| 1880 | { | ||
| 1881 | SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,ERR_R_INTERNAL_ERROR); | ||
| 1882 | goto err; | ||
| 1883 | } | ||
| 1884 | |||
| 1885 | algs=s->s3->tmp.new_cipher->algorithms; | 2521 | algs=s->s3->tmp.new_cipher->algorithms; |
| 1886 | 2522 | ||
| 1887 | /* we don't have a certificate */ | 2523 | /* we don't have a certificate */ |
| 1888 | if (algs & (SSL_aDH|SSL_aNULL|SSL_aKRB5)) | 2524 | if (algs & (SSL_aDH|SSL_aNULL|SSL_aKRB5)) |
| 1889 | return(1); | 2525 | return(1); |
| 1890 | 2526 | ||
| 2527 | if (sc == NULL) | ||
| 2528 | { | ||
| 2529 | SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,ERR_R_INTERNAL_ERROR); | ||
| 2530 | goto err; | ||
| 2531 | } | ||
| 2532 | |||
| 1891 | #ifndef OPENSSL_NO_RSA | 2533 | #ifndef OPENSSL_NO_RSA |
| 1892 | rsa=s->session->sess_cert->peer_rsa_tmp; | 2534 | rsa=s->session->sess_cert->peer_rsa_tmp; |
| 1893 | #endif | 2535 | #endif |
| @@ -1898,6 +2540,21 @@ static int ssl3_check_cert_and_algorithm(SSL *s) | |||
| 1898 | /* This is the passed certificate */ | 2540 | /* This is the passed certificate */ |
| 1899 | 2541 | ||
| 1900 | idx=sc->peer_cert_type; | 2542 | idx=sc->peer_cert_type; |
| 2543 | #ifndef OPENSSL_NO_ECDH | ||
| 2544 | if (idx == SSL_PKEY_ECC) | ||
| 2545 | { | ||
| 2546 | if (check_srvr_ecc_cert_and_alg(sc->peer_pkeys[idx].x509, | ||
| 2547 | s->s3->tmp.new_cipher) == 0) | ||
| 2548 | { /* check failed */ | ||
| 2549 | SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_BAD_ECC_CERT); | ||
| 2550 | goto f_err; | ||
| 2551 | } | ||
| 2552 | else | ||
| 2553 | { | ||
| 2554 | return 1; | ||
| 2555 | } | ||
| 2556 | } | ||
| 2557 | #endif | ||
| 1901 | pkey=X509_get_pubkey(sc->peer_pkeys[idx].x509); | 2558 | pkey=X509_get_pubkey(sc->peer_pkeys[idx].x509); |
| 1902 | i=X509_certificate_type(sc->peer_pkeys[idx].x509,pkey); | 2559 | i=X509_certificate_type(sc->peer_pkeys[idx].x509,pkey); |
| 1903 | EVP_PKEY_free(pkey); | 2560 | EVP_PKEY_free(pkey); |
| @@ -1983,3 +2640,79 @@ err: | |||
| 1983 | return(0); | 2640 | return(0); |
| 1984 | } | 2641 | } |
| 1985 | 2642 | ||
| 2643 | |||
| 2644 | #ifndef OPENSSL_NO_ECDH | ||
| 2645 | /* This is the complement of nid2curve_id in s3_srvr.c. */ | ||
| 2646 | static int curve_id2nid(int curve_id) | ||
| 2647 | { | ||
| 2648 | /* ECC curves from draft-ietf-tls-ecc-01.txt (Mar 15, 2001) | ||
| 2649 | * (no changes in draft-ietf-tls-ecc-03.txt [June 2003]) */ | ||
| 2650 | static int nid_list[26] = | ||
| 2651 | { | ||
| 2652 | 0, | ||
| 2653 | NID_sect163k1, /* sect163k1 (1) */ | ||
| 2654 | NID_sect163r1, /* sect163r1 (2) */ | ||
| 2655 | NID_sect163r2, /* sect163r2 (3) */ | ||
| 2656 | NID_sect193r1, /* sect193r1 (4) */ | ||
| 2657 | NID_sect193r2, /* sect193r2 (5) */ | ||
| 2658 | NID_sect233k1, /* sect233k1 (6) */ | ||
| 2659 | NID_sect233r1, /* sect233r1 (7) */ | ||
| 2660 | NID_sect239k1, /* sect239k1 (8) */ | ||
| 2661 | NID_sect283k1, /* sect283k1 (9) */ | ||
| 2662 | NID_sect283r1, /* sect283r1 (10) */ | ||
| 2663 | NID_sect409k1, /* sect409k1 (11) */ | ||
| 2664 | NID_sect409r1, /* sect409r1 (12) */ | ||
| 2665 | NID_sect571k1, /* sect571k1 (13) */ | ||
| 2666 | NID_sect571r1, /* sect571r1 (14) */ | ||
| 2667 | NID_secp160k1, /* secp160k1 (15) */ | ||
| 2668 | NID_secp160r1, /* secp160r1 (16) */ | ||
| 2669 | NID_secp160r2, /* secp160r2 (17) */ | ||
| 2670 | NID_secp192k1, /* secp192k1 (18) */ | ||
| 2671 | NID_X9_62_prime192v1, /* secp192r1 (19) */ | ||
| 2672 | NID_secp224k1, /* secp224k1 (20) */ | ||
| 2673 | NID_secp224r1, /* secp224r1 (21) */ | ||
| 2674 | NID_secp256k1, /* secp256k1 (22) */ | ||
| 2675 | NID_X9_62_prime256v1, /* secp256r1 (23) */ | ||
| 2676 | NID_secp384r1, /* secp384r1 (24) */ | ||
| 2677 | NID_secp521r1 /* secp521r1 (25) */ | ||
| 2678 | }; | ||
| 2679 | |||
| 2680 | if ((curve_id < 1) || (curve_id > 25)) return 0; | ||
| 2681 | |||
| 2682 | return nid_list[curve_id]; | ||
| 2683 | } | ||
| 2684 | #endif | ||
| 2685 | |||
| 2686 | /* Check to see if handshake is full or resumed. Usually this is just a | ||
| 2687 | * case of checking to see if a cache hit has occurred. In the case of | ||
| 2688 | * session tickets we have to check the next message to be sure. | ||
| 2689 | */ | ||
| 2690 | |||
| 2691 | #ifndef OPENSSL_NO_TLSEXT | ||
| 2692 | static int ssl3_check_finished(SSL *s) | ||
| 2693 | { | ||
| 2694 | int ok; | ||
| 2695 | long n; | ||
| 2696 | /* If we have no ticket or session ID is non-zero length (a match of | ||
| 2697 | * a non-zero session length would never reach here) it cannot be a | ||
| 2698 | * resumed session. | ||
| 2699 | */ | ||
| 2700 | if (!s->session->tlsext_tick || s->session->session_id_length) | ||
| 2701 | return 1; | ||
| 2702 | /* this function is called when we really expect a Certificate | ||
| 2703 | * message, so permit appropriate message length */ | ||
| 2704 | n=s->method->ssl_get_message(s, | ||
| 2705 | SSL3_ST_CR_CERT_A, | ||
| 2706 | SSL3_ST_CR_CERT_B, | ||
| 2707 | -1, | ||
| 2708 | s->max_cert_list, | ||
| 2709 | &ok); | ||
| 2710 | if (!ok) return((int)n); | ||
| 2711 | s->s3->tmp.reuse_message = 1; | ||
| 2712 | if ((s->s3->tmp.message_type == SSL3_MT_FINISHED) | ||
| 2713 | || (s->s3->tmp.message_type == SSL3_MT_NEWSESSION_TICKET)) | ||
| 2714 | return 2; | ||
| 2715 | |||
| 2716 | return 1; | ||
| 2717 | } | ||
| 2718 | #endif | ||
diff --git a/src/lib/libssl/src/ssl/s3_enc.c b/src/lib/libssl/src/ssl/s3_enc.c index a012d3f2b5..2859351b00 100644 --- a/src/lib/libssl/src/ssl/s3_enc.c +++ b/src/lib/libssl/src/ssl/s3_enc.c | |||
| @@ -139,16 +139,15 @@ static int ssl3_generate_key_block(SSL *s, unsigned char *km, int num) | |||
| 139 | EVP_MD_CTX s1; | 139 | EVP_MD_CTX s1; |
| 140 | unsigned char buf[16],smd[SHA_DIGEST_LENGTH]; | 140 | unsigned char buf[16],smd[SHA_DIGEST_LENGTH]; |
| 141 | unsigned char c='A'; | 141 | unsigned char c='A'; |
| 142 | int i,j,k; | 142 | unsigned int i,j,k; |
| 143 | 143 | ||
| 144 | #ifdef CHARSET_EBCDIC | 144 | #ifdef CHARSET_EBCDIC |
| 145 | c = os_toascii[c]; /*'A' in ASCII */ | 145 | c = os_toascii[c]; /*'A' in ASCII */ |
| 146 | #endif | 146 | #endif |
| 147 | k=0; | 147 | k=0; |
| 148 | EVP_MD_CTX_init(&m5); | 148 | EVP_MD_CTX_init(&m5); |
| 149 | EVP_MD_CTX_set_flags(&m5, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); | ||
| 150 | EVP_MD_CTX_init(&s1); | 149 | EVP_MD_CTX_init(&s1); |
| 151 | for (i=0; i<num; i+=MD5_DIGEST_LENGTH) | 150 | for (i=0; (int)i<num; i+=MD5_DIGEST_LENGTH) |
| 152 | { | 151 | { |
| 153 | k++; | 152 | k++; |
| 154 | if (k > sizeof buf) | 153 | if (k > sizeof buf) |
| @@ -173,7 +172,7 @@ static int ssl3_generate_key_block(SSL *s, unsigned char *km, int num) | |||
| 173 | EVP_DigestUpdate(&m5,s->session->master_key, | 172 | EVP_DigestUpdate(&m5,s->session->master_key, |
| 174 | s->session->master_key_length); | 173 | s->session->master_key_length); |
| 175 | EVP_DigestUpdate(&m5,smd,SHA_DIGEST_LENGTH); | 174 | EVP_DigestUpdate(&m5,smd,SHA_DIGEST_LENGTH); |
| 176 | if ((i+MD5_DIGEST_LENGTH) > num) | 175 | if ((int)(i+MD5_DIGEST_LENGTH) > num) |
| 177 | { | 176 | { |
| 178 | EVP_DigestFinal_ex(&m5,smd,NULL); | 177 | EVP_DigestFinal_ex(&m5,smd,NULL); |
| 179 | memcpy(km,smd,(num-i)); | 178 | memcpy(km,smd,(num-i)); |
| @@ -197,7 +196,9 @@ int ssl3_change_cipher_state(SSL *s, int which) | |||
| 197 | unsigned char *ms,*key,*iv,*er1,*er2; | 196 | unsigned char *ms,*key,*iv,*er1,*er2; |
| 198 | EVP_CIPHER_CTX *dd; | 197 | EVP_CIPHER_CTX *dd; |
| 199 | const EVP_CIPHER *c; | 198 | const EVP_CIPHER *c; |
| 199 | #ifndef OPENSSL_NO_COMP | ||
| 200 | COMP_METHOD *comp; | 200 | COMP_METHOD *comp; |
| 201 | #endif | ||
| 201 | const EVP_MD *m; | 202 | const EVP_MD *m; |
| 202 | EVP_MD_CTX md; | 203 | EVP_MD_CTX md; |
| 203 | int is_exp,n,i,j,k,cl; | 204 | int is_exp,n,i,j,k,cl; |
| @@ -206,10 +207,12 @@ int ssl3_change_cipher_state(SSL *s, int which) | |||
| 206 | is_exp=SSL_C_IS_EXPORT(s->s3->tmp.new_cipher); | 207 | is_exp=SSL_C_IS_EXPORT(s->s3->tmp.new_cipher); |
| 207 | c=s->s3->tmp.new_sym_enc; | 208 | c=s->s3->tmp.new_sym_enc; |
| 208 | m=s->s3->tmp.new_hash; | 209 | m=s->s3->tmp.new_hash; |
| 210 | #ifndef OPENSSL_NO_COMP | ||
| 209 | if (s->s3->tmp.new_compression == NULL) | 211 | if (s->s3->tmp.new_compression == NULL) |
| 210 | comp=NULL; | 212 | comp=NULL; |
| 211 | else | 213 | else |
| 212 | comp=s->s3->tmp.new_compression->method; | 214 | comp=s->s3->tmp.new_compression->method; |
| 215 | #endif | ||
| 213 | key_block=s->s3->tmp.key_block; | 216 | key_block=s->s3->tmp.key_block; |
| 214 | 217 | ||
| 215 | if (which & SSL3_CC_READ) | 218 | if (which & SSL3_CC_READ) |
| @@ -218,8 +221,12 @@ int ssl3_change_cipher_state(SSL *s, int which) | |||
| 218 | reuse_dd = 1; | 221 | reuse_dd = 1; |
| 219 | else if ((s->enc_read_ctx=OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL) | 222 | else if ((s->enc_read_ctx=OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL) |
| 220 | goto err; | 223 | goto err; |
| 224 | else | ||
| 225 | /* make sure it's intialized in case we exit later with an error */ | ||
| 226 | EVP_CIPHER_CTX_init(s->enc_read_ctx); | ||
| 221 | dd= s->enc_read_ctx; | 227 | dd= s->enc_read_ctx; |
| 222 | s->read_hash=m; | 228 | s->read_hash=m; |
| 229 | #ifndef OPENSSL_NO_COMP | ||
| 223 | /* COMPRESS */ | 230 | /* COMPRESS */ |
| 224 | if (s->expand != NULL) | 231 | if (s->expand != NULL) |
| 225 | { | 232 | { |
| @@ -240,6 +247,7 @@ int ssl3_change_cipher_state(SSL *s, int which) | |||
| 240 | if (s->s3->rrec.comp == NULL) | 247 | if (s->s3->rrec.comp == NULL) |
| 241 | goto err; | 248 | goto err; |
| 242 | } | 249 | } |
| 250 | #endif | ||
| 243 | memset(&(s->s3->read_sequence[0]),0,8); | 251 | memset(&(s->s3->read_sequence[0]),0,8); |
| 244 | mac_secret= &(s->s3->read_mac_secret[0]); | 252 | mac_secret= &(s->s3->read_mac_secret[0]); |
| 245 | } | 253 | } |
| @@ -249,8 +257,12 @@ int ssl3_change_cipher_state(SSL *s, int which) | |||
| 249 | reuse_dd = 1; | 257 | reuse_dd = 1; |
| 250 | else if ((s->enc_write_ctx=OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL) | 258 | else if ((s->enc_write_ctx=OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL) |
| 251 | goto err; | 259 | goto err; |
| 260 | else | ||
| 261 | /* make sure it's intialized in case we exit later with an error */ | ||
| 262 | EVP_CIPHER_CTX_init(s->enc_write_ctx); | ||
| 252 | dd= s->enc_write_ctx; | 263 | dd= s->enc_write_ctx; |
| 253 | s->write_hash=m; | 264 | s->write_hash=m; |
| 265 | #ifndef OPENSSL_NO_COMP | ||
| 254 | /* COMPRESS */ | 266 | /* COMPRESS */ |
| 255 | if (s->compress != NULL) | 267 | if (s->compress != NULL) |
| 256 | { | 268 | { |
| @@ -266,19 +278,19 @@ int ssl3_change_cipher_state(SSL *s, int which) | |||
| 266 | goto err2; | 278 | goto err2; |
| 267 | } | 279 | } |
| 268 | } | 280 | } |
| 281 | #endif | ||
| 269 | memset(&(s->s3->write_sequence[0]),0,8); | 282 | memset(&(s->s3->write_sequence[0]),0,8); |
| 270 | mac_secret= &(s->s3->write_mac_secret[0]); | 283 | mac_secret= &(s->s3->write_mac_secret[0]); |
| 271 | } | 284 | } |
| 272 | 285 | ||
| 273 | if (reuse_dd) | 286 | if (reuse_dd) |
| 274 | EVP_CIPHER_CTX_cleanup(dd); | 287 | EVP_CIPHER_CTX_cleanup(dd); |
| 275 | EVP_CIPHER_CTX_init(dd); | ||
| 276 | 288 | ||
| 277 | p=s->s3->tmp.key_block; | 289 | p=s->s3->tmp.key_block; |
| 278 | i=EVP_MD_size(m); | 290 | i=EVP_MD_size(m); |
| 279 | cl=EVP_CIPHER_key_length(c); | 291 | cl=EVP_CIPHER_key_length(c); |
| 280 | j=is_exp ? (cl < SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher) ? | 292 | j=is_exp ? (cl < SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher) ? |
| 281 | cl : SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher)) : cl; | 293 | cl : SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher)) : cl; |
| 282 | /* Was j=(is_exp)?5:EVP_CIPHER_key_length(c); */ | 294 | /* Was j=(is_exp)?5:EVP_CIPHER_key_length(c); */ |
| 283 | k=EVP_CIPHER_iv_length(c); | 295 | k=EVP_CIPHER_iv_length(c); |
| 284 | if ( (which == SSL3_CHANGE_CIPHER_CLIENT_WRITE) || | 296 | if ( (which == SSL3_CHANGE_CIPHER_CLIENT_WRITE) || |
| @@ -364,7 +376,11 @@ int ssl3_setup_key_block(SSL *s) | |||
| 364 | 376 | ||
| 365 | s->s3->tmp.new_sym_enc=c; | 377 | s->s3->tmp.new_sym_enc=c; |
| 366 | s->s3->tmp.new_hash=hash; | 378 | s->s3->tmp.new_hash=hash; |
| 379 | #ifdef OPENSSL_NO_COMP | ||
| 380 | s->s3->tmp.new_compression=NULL; | ||
| 381 | #else | ||
| 367 | s->s3->tmp.new_compression=comp; | 382 | s->s3->tmp.new_compression=comp; |
| 383 | #endif | ||
| 368 | 384 | ||
| 369 | num=EVP_CIPHER_key_length(c)+EVP_MD_size(hash)+EVP_CIPHER_iv_length(c); | 385 | num=EVP_CIPHER_key_length(c)+EVP_MD_size(hash)+EVP_CIPHER_iv_length(c); |
| 370 | num*=2; | 386 | num*=2; |
| @@ -502,8 +518,6 @@ int ssl3_enc(SSL *s, int send) | |||
| 502 | 518 | ||
| 503 | void ssl3_init_finished_mac(SSL *s) | 519 | void ssl3_init_finished_mac(SSL *s) |
| 504 | { | 520 | { |
| 505 | EVP_MD_CTX_set_flags(&(s->s3->finish_dgst1), | ||
| 506 | EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); | ||
| 507 | EVP_DigestInit_ex(&(s->s3->finish_dgst1),s->ctx->md5, NULL); | 521 | EVP_DigestInit_ex(&(s->s3->finish_dgst1),s->ctx->md5, NULL); |
| 508 | EVP_DigestInit_ex(&(s->s3->finish_dgst2),s->ctx->sha1, NULL); | 522 | EVP_DigestInit_ex(&(s->s3->finish_dgst2),s->ctx->sha1, NULL); |
| 509 | } | 523 | } |
| @@ -572,7 +586,7 @@ int ssl3_mac(SSL *ssl, unsigned char *md, int send) | |||
| 572 | const EVP_MD *hash; | 586 | const EVP_MD *hash; |
| 573 | unsigned char *p,rec_char; | 587 | unsigned char *p,rec_char; |
| 574 | unsigned int md_size; | 588 | unsigned int md_size; |
| 575 | int npad,i; | 589 | int npad; |
| 576 | 590 | ||
| 577 | if (send) | 591 | if (send) |
| 578 | { | 592 | { |
| @@ -615,13 +629,19 @@ int ssl3_mac(SSL *ssl, unsigned char *md, int send) | |||
| 615 | 629 | ||
| 616 | EVP_MD_CTX_cleanup(&md_ctx); | 630 | EVP_MD_CTX_cleanup(&md_ctx); |
| 617 | 631 | ||
| 632 | ssl3_record_sequence_update(seq); | ||
| 633 | return(md_size); | ||
| 634 | } | ||
| 635 | |||
| 636 | void ssl3_record_sequence_update(unsigned char *seq) | ||
| 637 | { | ||
| 638 | int i; | ||
| 639 | |||
| 618 | for (i=7; i>=0; i--) | 640 | for (i=7; i>=0; i--) |
| 619 | { | 641 | { |
| 620 | ++seq[i]; | 642 | ++seq[i]; |
| 621 | if (seq[i] != 0) break; | 643 | if (seq[i] != 0) break; |
| 622 | } | 644 | } |
| 623 | |||
| 624 | return(md_size); | ||
| 625 | } | 645 | } |
| 626 | 646 | ||
| 627 | int ssl3_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p, | 647 | int ssl3_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p, |
| @@ -644,7 +664,6 @@ int ssl3_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p, | |||
| 644 | unsigned int n; | 664 | unsigned int n; |
| 645 | 665 | ||
| 646 | EVP_MD_CTX_init(&ctx); | 666 | EVP_MD_CTX_init(&ctx); |
| 647 | EVP_MD_CTX_set_flags(&ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); | ||
| 648 | for (i=0; i<3; i++) | 667 | for (i=0; i<3; i++) |
| 649 | { | 668 | { |
| 650 | EVP_DigestInit_ex(&ctx,s->ctx->sha1, NULL); | 669 | EVP_DigestInit_ex(&ctx,s->ctx->sha1, NULL); |
diff --git a/src/lib/libssl/src/ssl/s3_lib.c b/src/lib/libssl/src/ssl/s3_lib.c index a77588e725..bdbcd44f27 100644 --- a/src/lib/libssl/src/ssl/s3_lib.c +++ b/src/lib/libssl/src/ssl/s3_lib.c | |||
| @@ -56,7 +56,7 @@ | |||
| 56 | * [including the GNU Public Licence.] | 56 | * [including the GNU Public Licence.] |
| 57 | */ | 57 | */ |
| 58 | /* ==================================================================== | 58 | /* ==================================================================== |
| 59 | * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. | 59 | * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. |
| 60 | * | 60 | * |
| 61 | * Redistribution and use in source and binary forms, with or without | 61 | * Redistribution and use in source and binary forms, with or without |
| 62 | * modification, are permitted provided that the following conditions | 62 | * modification, are permitted provided that the following conditions |
| @@ -108,19 +108,35 @@ | |||
| 108 | * Hudson (tjh@cryptsoft.com). | 108 | * Hudson (tjh@cryptsoft.com). |
| 109 | * | 109 | * |
| 110 | */ | 110 | */ |
| 111 | /* ==================================================================== | ||
| 112 | * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. | ||
| 113 | * | ||
| 114 | * Portions of the attached software ("Contribution") are developed by | ||
| 115 | * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project. | ||
| 116 | * | ||
| 117 | * The Contribution is licensed pursuant to the OpenSSL open source | ||
| 118 | * license provided above. | ||
| 119 | * | ||
| 120 | * ECC cipher suite support in OpenSSL originally written by | ||
| 121 | * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories. | ||
| 122 | * | ||
| 123 | */ | ||
| 111 | 124 | ||
| 112 | #include <stdio.h> | 125 | #include <stdio.h> |
| 113 | #include <openssl/objects.h> | 126 | #include <openssl/objects.h> |
| 114 | #include "ssl_locl.h" | 127 | #include "ssl_locl.h" |
| 115 | #include "kssl_lcl.h" | 128 | #include "kssl_lcl.h" |
| 116 | #include <openssl/md5.h> | 129 | #include <openssl/md5.h> |
| 130 | #ifndef OPENSSL_NO_DH | ||
| 131 | #include <openssl/dh.h> | ||
| 132 | #endif | ||
| 133 | #include <openssl/pq_compat.h> | ||
| 117 | 134 | ||
| 118 | const char *ssl3_version_str="SSLv3" OPENSSL_VERSION_PTEXT; | 135 | const char ssl3_version_str[]="SSLv3" OPENSSL_VERSION_PTEXT; |
| 119 | 136 | ||
| 120 | #define SSL3_NUM_CIPHERS (sizeof(ssl3_ciphers)/sizeof(SSL_CIPHER)) | 137 | #define SSL3_NUM_CIPHERS (sizeof(ssl3_ciphers)/sizeof(SSL_CIPHER)) |
| 121 | 138 | ||
| 122 | static long ssl3_default_timeout(void ); | 139 | /* list of available SSLv3 ciphers (sorted by id) */ |
| 123 | |||
| 124 | OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ | 140 | OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ |
| 125 | /* The RSA ciphers */ | 141 | /* The RSA ciphers */ |
| 126 | /* Cipher 01 */ | 142 | /* Cipher 01 */ |
| @@ -142,82 +158,13 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ | |||
| 142 | SSL3_TXT_RSA_NULL_SHA, | 158 | SSL3_TXT_RSA_NULL_SHA, |
| 143 | SSL3_CK_RSA_NULL_SHA, | 159 | SSL3_CK_RSA_NULL_SHA, |
| 144 | SSL_kRSA|SSL_aRSA|SSL_eNULL |SSL_SHA1|SSL_SSLV3, | 160 | SSL_kRSA|SSL_aRSA|SSL_eNULL |SSL_SHA1|SSL_SSLV3, |
| 145 | SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS, | 161 | SSL_NOT_EXP|SSL_STRONG_NONE, |
| 146 | 0, | ||
| 147 | 0, | ||
| 148 | 0, | ||
| 149 | SSL_ALL_CIPHERS, | ||
| 150 | SSL_ALL_STRENGTHS, | ||
| 151 | }, | ||
| 152 | |||
| 153 | /* anon DH */ | ||
| 154 | /* Cipher 17 */ | ||
| 155 | { | ||
| 156 | 1, | ||
| 157 | SSL3_TXT_ADH_RC4_40_MD5, | ||
| 158 | SSL3_CK_ADH_RC4_40_MD5, | ||
| 159 | SSL_kEDH |SSL_aNULL|SSL_RC4 |SSL_MD5 |SSL_SSLV3, | ||
| 160 | SSL_EXPORT|SSL_EXP40, | ||
| 161 | 0, | ||
| 162 | 40, | ||
| 163 | 128, | ||
| 164 | SSL_ALL_CIPHERS, | ||
| 165 | SSL_ALL_STRENGTHS, | ||
| 166 | }, | ||
| 167 | /* Cipher 18 */ | ||
| 168 | { | ||
| 169 | 1, | ||
| 170 | SSL3_TXT_ADH_RC4_128_MD5, | ||
| 171 | SSL3_CK_ADH_RC4_128_MD5, | ||
| 172 | SSL_kEDH |SSL_aNULL|SSL_RC4 |SSL_MD5 |SSL_SSLV3, | ||
| 173 | SSL_NOT_EXP|SSL_MEDIUM, | ||
| 174 | 0, | ||
| 175 | 128, | ||
| 176 | 128, | ||
| 177 | SSL_ALL_CIPHERS, | ||
| 178 | SSL_ALL_STRENGTHS, | ||
| 179 | }, | ||
| 180 | /* Cipher 19 */ | ||
| 181 | { | ||
| 182 | 1, | ||
| 183 | SSL3_TXT_ADH_DES_40_CBC_SHA, | ||
| 184 | SSL3_CK_ADH_DES_40_CBC_SHA, | ||
| 185 | SSL_kEDH |SSL_aNULL|SSL_DES|SSL_SHA1|SSL_SSLV3, | ||
| 186 | SSL_EXPORT|SSL_EXP40|SSL_FIPS, | ||
| 187 | 0, | 162 | 0, |
| 188 | 40, | ||
| 189 | 128, | ||
| 190 | SSL_ALL_CIPHERS, | ||
| 191 | SSL_ALL_STRENGTHS, | ||
| 192 | }, | ||
| 193 | /* Cipher 1A */ | ||
| 194 | { | ||
| 195 | 1, | ||
| 196 | SSL3_TXT_ADH_DES_64_CBC_SHA, | ||
| 197 | SSL3_CK_ADH_DES_64_CBC_SHA, | ||
| 198 | SSL_kEDH |SSL_aNULL|SSL_DES |SSL_SHA1|SSL_SSLV3, | ||
| 199 | SSL_NOT_EXP|SSL_LOW|SSL_FIPS, | ||
| 200 | 0, | 163 | 0, |
| 201 | 56, | ||
| 202 | 56, | ||
| 203 | SSL_ALL_CIPHERS, | ||
| 204 | SSL_ALL_STRENGTHS, | ||
| 205 | }, | ||
| 206 | /* Cipher 1B */ | ||
| 207 | { | ||
| 208 | 1, | ||
| 209 | SSL3_TXT_ADH_DES_192_CBC_SHA, | ||
| 210 | SSL3_CK_ADH_DES_192_CBC_SHA, | ||
| 211 | SSL_kEDH |SSL_aNULL|SSL_3DES |SSL_SHA1|SSL_SSLV3, | ||
| 212 | SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, | ||
| 213 | 0, | 164 | 0, |
| 214 | 168, | ||
| 215 | 168, | ||
| 216 | SSL_ALL_CIPHERS, | 165 | SSL_ALL_CIPHERS, |
| 217 | SSL_ALL_STRENGTHS, | 166 | SSL_ALL_STRENGTHS, |
| 218 | }, | 167 | }, |
| 219 | |||
| 220 | /* RSA again */ | ||
| 221 | /* Cipher 03 */ | 168 | /* Cipher 03 */ |
| 222 | { | 169 | { |
| 223 | 1, | 170 | 1, |
| @@ -291,7 +238,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ | |||
| 291 | SSL3_TXT_RSA_DES_40_CBC_SHA, | 238 | SSL3_TXT_RSA_DES_40_CBC_SHA, |
| 292 | SSL3_CK_RSA_DES_40_CBC_SHA, | 239 | SSL3_CK_RSA_DES_40_CBC_SHA, |
| 293 | SSL_kRSA|SSL_aRSA|SSL_DES|SSL_SHA1|SSL_SSLV3, | 240 | SSL_kRSA|SSL_aRSA|SSL_DES|SSL_SHA1|SSL_SSLV3, |
| 294 | SSL_EXPORT|SSL_EXP40|SSL_FIPS, | 241 | SSL_EXPORT|SSL_EXP40, |
| 295 | 0, | 242 | 0, |
| 296 | 40, | 243 | 40, |
| 297 | 56, | 244 | 56, |
| @@ -304,7 +251,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ | |||
| 304 | SSL3_TXT_RSA_DES_64_CBC_SHA, | 251 | SSL3_TXT_RSA_DES_64_CBC_SHA, |
| 305 | SSL3_CK_RSA_DES_64_CBC_SHA, | 252 | SSL3_CK_RSA_DES_64_CBC_SHA, |
| 306 | SSL_kRSA|SSL_aRSA|SSL_DES |SSL_SHA1|SSL_SSLV3, | 253 | SSL_kRSA|SSL_aRSA|SSL_DES |SSL_SHA1|SSL_SSLV3, |
| 307 | SSL_NOT_EXP|SSL_LOW|SSL_FIPS, | 254 | SSL_NOT_EXP|SSL_LOW, |
| 308 | 0, | 255 | 0, |
| 309 | 56, | 256 | 56, |
| 310 | 56, | 257 | 56, |
| @@ -317,22 +264,21 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ | |||
| 317 | SSL3_TXT_RSA_DES_192_CBC3_SHA, | 264 | SSL3_TXT_RSA_DES_192_CBC3_SHA, |
| 318 | SSL3_CK_RSA_DES_192_CBC3_SHA, | 265 | SSL3_CK_RSA_DES_192_CBC3_SHA, |
| 319 | SSL_kRSA|SSL_aRSA|SSL_3DES |SSL_SHA1|SSL_SSLV3, | 266 | SSL_kRSA|SSL_aRSA|SSL_3DES |SSL_SHA1|SSL_SSLV3, |
| 320 | SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, | 267 | SSL_NOT_EXP|SSL_HIGH, |
| 321 | 0, | 268 | 0, |
| 322 | 168, | 269 | 168, |
| 323 | 168, | 270 | 168, |
| 324 | SSL_ALL_CIPHERS, | 271 | SSL_ALL_CIPHERS, |
| 325 | SSL_ALL_STRENGTHS, | 272 | SSL_ALL_STRENGTHS, |
| 326 | }, | 273 | }, |
| 327 | 274 | /* The DH ciphers */ | |
| 328 | /* The DH ciphers */ | ||
| 329 | /* Cipher 0B */ | 275 | /* Cipher 0B */ |
| 330 | { | 276 | { |
| 331 | 0, | 277 | 0, |
| 332 | SSL3_TXT_DH_DSS_DES_40_CBC_SHA, | 278 | SSL3_TXT_DH_DSS_DES_40_CBC_SHA, |
| 333 | SSL3_CK_DH_DSS_DES_40_CBC_SHA, | 279 | SSL3_CK_DH_DSS_DES_40_CBC_SHA, |
| 334 | SSL_kDHd |SSL_aDH|SSL_DES|SSL_SHA1|SSL_SSLV3, | 280 | SSL_kDHd |SSL_aDH|SSL_DES|SSL_SHA1|SSL_SSLV3, |
| 335 | SSL_EXPORT|SSL_EXP40|SSL_FIPS, | 281 | SSL_EXPORT|SSL_EXP40, |
| 336 | 0, | 282 | 0, |
| 337 | 40, | 283 | 40, |
| 338 | 56, | 284 | 56, |
| @@ -345,7 +291,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ | |||
| 345 | SSL3_TXT_DH_DSS_DES_64_CBC_SHA, | 291 | SSL3_TXT_DH_DSS_DES_64_CBC_SHA, |
| 346 | SSL3_CK_DH_DSS_DES_64_CBC_SHA, | 292 | SSL3_CK_DH_DSS_DES_64_CBC_SHA, |
| 347 | SSL_kDHd |SSL_aDH|SSL_DES |SSL_SHA1|SSL_SSLV3, | 293 | SSL_kDHd |SSL_aDH|SSL_DES |SSL_SHA1|SSL_SSLV3, |
| 348 | SSL_NOT_EXP|SSL_LOW|SSL_FIPS, | 294 | SSL_NOT_EXP|SSL_LOW, |
| 349 | 0, | 295 | 0, |
| 350 | 56, | 296 | 56, |
| 351 | 56, | 297 | 56, |
| @@ -358,7 +304,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ | |||
| 358 | SSL3_TXT_DH_DSS_DES_192_CBC3_SHA, | 304 | SSL3_TXT_DH_DSS_DES_192_CBC3_SHA, |
| 359 | SSL3_CK_DH_DSS_DES_192_CBC3_SHA, | 305 | SSL3_CK_DH_DSS_DES_192_CBC3_SHA, |
| 360 | SSL_kDHd |SSL_aDH|SSL_3DES |SSL_SHA1|SSL_SSLV3, | 306 | SSL_kDHd |SSL_aDH|SSL_3DES |SSL_SHA1|SSL_SSLV3, |
| 361 | SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, | 307 | SSL_NOT_EXP|SSL_HIGH, |
| 362 | 0, | 308 | 0, |
| 363 | 168, | 309 | 168, |
| 364 | 168, | 310 | 168, |
| @@ -371,7 +317,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ | |||
| 371 | SSL3_TXT_DH_RSA_DES_40_CBC_SHA, | 317 | SSL3_TXT_DH_RSA_DES_40_CBC_SHA, |
| 372 | SSL3_CK_DH_RSA_DES_40_CBC_SHA, | 318 | SSL3_CK_DH_RSA_DES_40_CBC_SHA, |
| 373 | SSL_kDHr |SSL_aDH|SSL_DES|SSL_SHA1|SSL_SSLV3, | 319 | SSL_kDHr |SSL_aDH|SSL_DES|SSL_SHA1|SSL_SSLV3, |
| 374 | SSL_EXPORT|SSL_EXP40|SSL_FIPS, | 320 | SSL_EXPORT|SSL_EXP40, |
| 375 | 0, | 321 | 0, |
| 376 | 40, | 322 | 40, |
| 377 | 56, | 323 | 56, |
| @@ -384,7 +330,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ | |||
| 384 | SSL3_TXT_DH_RSA_DES_64_CBC_SHA, | 330 | SSL3_TXT_DH_RSA_DES_64_CBC_SHA, |
| 385 | SSL3_CK_DH_RSA_DES_64_CBC_SHA, | 331 | SSL3_CK_DH_RSA_DES_64_CBC_SHA, |
| 386 | SSL_kDHr |SSL_aDH|SSL_DES |SSL_SHA1|SSL_SSLV3, | 332 | SSL_kDHr |SSL_aDH|SSL_DES |SSL_SHA1|SSL_SSLV3, |
| 387 | SSL_NOT_EXP|SSL_LOW|SSL_FIPS, | 333 | SSL_NOT_EXP|SSL_LOW, |
| 388 | 0, | 334 | 0, |
| 389 | 56, | 335 | 56, |
| 390 | 56, | 336 | 56, |
| @@ -397,7 +343,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ | |||
| 397 | SSL3_TXT_DH_RSA_DES_192_CBC3_SHA, | 343 | SSL3_TXT_DH_RSA_DES_192_CBC3_SHA, |
| 398 | SSL3_CK_DH_RSA_DES_192_CBC3_SHA, | 344 | SSL3_CK_DH_RSA_DES_192_CBC3_SHA, |
| 399 | SSL_kDHr |SSL_aDH|SSL_3DES |SSL_SHA1|SSL_SSLV3, | 345 | SSL_kDHr |SSL_aDH|SSL_3DES |SSL_SHA1|SSL_SSLV3, |
| 400 | SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, | 346 | SSL_NOT_EXP|SSL_HIGH, |
| 401 | 0, | 347 | 0, |
| 402 | 168, | 348 | 168, |
| 403 | 168, | 349 | 168, |
| @@ -412,7 +358,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ | |||
| 412 | SSL3_TXT_EDH_DSS_DES_40_CBC_SHA, | 358 | SSL3_TXT_EDH_DSS_DES_40_CBC_SHA, |
| 413 | SSL3_CK_EDH_DSS_DES_40_CBC_SHA, | 359 | SSL3_CK_EDH_DSS_DES_40_CBC_SHA, |
| 414 | SSL_kEDH|SSL_aDSS|SSL_DES|SSL_SHA1|SSL_SSLV3, | 360 | SSL_kEDH|SSL_aDSS|SSL_DES|SSL_SHA1|SSL_SSLV3, |
| 415 | SSL_EXPORT|SSL_EXP40|SSL_FIPS, | 361 | SSL_EXPORT|SSL_EXP40, |
| 416 | 0, | 362 | 0, |
| 417 | 40, | 363 | 40, |
| 418 | 56, | 364 | 56, |
| @@ -425,7 +371,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ | |||
| 425 | SSL3_TXT_EDH_DSS_DES_64_CBC_SHA, | 371 | SSL3_TXT_EDH_DSS_DES_64_CBC_SHA, |
| 426 | SSL3_CK_EDH_DSS_DES_64_CBC_SHA, | 372 | SSL3_CK_EDH_DSS_DES_64_CBC_SHA, |
| 427 | SSL_kEDH|SSL_aDSS|SSL_DES |SSL_SHA1|SSL_SSLV3, | 373 | SSL_kEDH|SSL_aDSS|SSL_DES |SSL_SHA1|SSL_SSLV3, |
| 428 | SSL_NOT_EXP|SSL_LOW|SSL_FIPS, | 374 | SSL_NOT_EXP|SSL_LOW, |
| 429 | 0, | 375 | 0, |
| 430 | 56, | 376 | 56, |
| 431 | 56, | 377 | 56, |
| @@ -438,7 +384,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ | |||
| 438 | SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA, | 384 | SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA, |
| 439 | SSL3_CK_EDH_DSS_DES_192_CBC3_SHA, | 385 | SSL3_CK_EDH_DSS_DES_192_CBC3_SHA, |
| 440 | SSL_kEDH|SSL_aDSS|SSL_3DES |SSL_SHA1|SSL_SSLV3, | 386 | SSL_kEDH|SSL_aDSS|SSL_3DES |SSL_SHA1|SSL_SSLV3, |
| 441 | SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, | 387 | SSL_NOT_EXP|SSL_HIGH, |
| 442 | 0, | 388 | 0, |
| 443 | 168, | 389 | 168, |
| 444 | 168, | 390 | 168, |
| @@ -451,7 +397,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ | |||
| 451 | SSL3_TXT_EDH_RSA_DES_40_CBC_SHA, | 397 | SSL3_TXT_EDH_RSA_DES_40_CBC_SHA, |
| 452 | SSL3_CK_EDH_RSA_DES_40_CBC_SHA, | 398 | SSL3_CK_EDH_RSA_DES_40_CBC_SHA, |
| 453 | SSL_kEDH|SSL_aRSA|SSL_DES|SSL_SHA1|SSL_SSLV3, | 399 | SSL_kEDH|SSL_aRSA|SSL_DES|SSL_SHA1|SSL_SSLV3, |
| 454 | SSL_EXPORT|SSL_EXP40|SSL_FIPS, | 400 | SSL_EXPORT|SSL_EXP40, |
| 455 | 0, | 401 | 0, |
| 456 | 40, | 402 | 40, |
| 457 | 56, | 403 | 56, |
| @@ -464,7 +410,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ | |||
| 464 | SSL3_TXT_EDH_RSA_DES_64_CBC_SHA, | 410 | SSL3_TXT_EDH_RSA_DES_64_CBC_SHA, |
| 465 | SSL3_CK_EDH_RSA_DES_64_CBC_SHA, | 411 | SSL3_CK_EDH_RSA_DES_64_CBC_SHA, |
| 466 | SSL_kEDH|SSL_aRSA|SSL_DES |SSL_SHA1|SSL_SSLV3, | 412 | SSL_kEDH|SSL_aRSA|SSL_DES |SSL_SHA1|SSL_SSLV3, |
| 467 | SSL_NOT_EXP|SSL_LOW|SSL_FIPS, | 413 | SSL_NOT_EXP|SSL_LOW, |
| 468 | 0, | 414 | 0, |
| 469 | 56, | 415 | 56, |
| 470 | 56, | 416 | 56, |
| @@ -477,7 +423,72 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ | |||
| 477 | SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA, | 423 | SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA, |
| 478 | SSL3_CK_EDH_RSA_DES_192_CBC3_SHA, | 424 | SSL3_CK_EDH_RSA_DES_192_CBC3_SHA, |
| 479 | SSL_kEDH|SSL_aRSA|SSL_3DES |SSL_SHA1|SSL_SSLV3, | 425 | SSL_kEDH|SSL_aRSA|SSL_3DES |SSL_SHA1|SSL_SSLV3, |
| 480 | SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, | 426 | SSL_NOT_EXP|SSL_HIGH, |
| 427 | 0, | ||
| 428 | 168, | ||
| 429 | 168, | ||
| 430 | SSL_ALL_CIPHERS, | ||
| 431 | SSL_ALL_STRENGTHS, | ||
| 432 | }, | ||
| 433 | /* Cipher 17 */ | ||
| 434 | { | ||
| 435 | 1, | ||
| 436 | SSL3_TXT_ADH_RC4_40_MD5, | ||
| 437 | SSL3_CK_ADH_RC4_40_MD5, | ||
| 438 | SSL_kEDH |SSL_aNULL|SSL_RC4 |SSL_MD5 |SSL_SSLV3, | ||
| 439 | SSL_EXPORT|SSL_EXP40, | ||
| 440 | 0, | ||
| 441 | 40, | ||
| 442 | 128, | ||
| 443 | SSL_ALL_CIPHERS, | ||
| 444 | SSL_ALL_STRENGTHS, | ||
| 445 | }, | ||
| 446 | /* Cipher 18 */ | ||
| 447 | { | ||
| 448 | 1, | ||
| 449 | SSL3_TXT_ADH_RC4_128_MD5, | ||
| 450 | SSL3_CK_ADH_RC4_128_MD5, | ||
| 451 | SSL_kEDH |SSL_aNULL|SSL_RC4 |SSL_MD5 |SSL_SSLV3, | ||
| 452 | SSL_NOT_EXP|SSL_MEDIUM, | ||
| 453 | 0, | ||
| 454 | 128, | ||
| 455 | 128, | ||
| 456 | SSL_ALL_CIPHERS, | ||
| 457 | SSL_ALL_STRENGTHS, | ||
| 458 | }, | ||
| 459 | /* Cipher 19 */ | ||
| 460 | { | ||
| 461 | 1, | ||
| 462 | SSL3_TXT_ADH_DES_40_CBC_SHA, | ||
| 463 | SSL3_CK_ADH_DES_40_CBC_SHA, | ||
| 464 | SSL_kEDH |SSL_aNULL|SSL_DES|SSL_SHA1|SSL_SSLV3, | ||
| 465 | SSL_EXPORT|SSL_EXP40, | ||
| 466 | 0, | ||
| 467 | 40, | ||
| 468 | 128, | ||
| 469 | SSL_ALL_CIPHERS, | ||
| 470 | SSL_ALL_STRENGTHS, | ||
| 471 | }, | ||
| 472 | /* Cipher 1A */ | ||
| 473 | { | ||
| 474 | 1, | ||
| 475 | SSL3_TXT_ADH_DES_64_CBC_SHA, | ||
| 476 | SSL3_CK_ADH_DES_64_CBC_SHA, | ||
| 477 | SSL_kEDH |SSL_aNULL|SSL_DES |SSL_SHA1|SSL_SSLV3, | ||
| 478 | SSL_NOT_EXP|SSL_LOW, | ||
| 479 | 0, | ||
| 480 | 56, | ||
| 481 | 56, | ||
| 482 | SSL_ALL_CIPHERS, | ||
| 483 | SSL_ALL_STRENGTHS, | ||
| 484 | }, | ||
| 485 | /* Cipher 1B */ | ||
| 486 | { | ||
| 487 | 1, | ||
| 488 | SSL3_TXT_ADH_DES_192_CBC_SHA, | ||
| 489 | SSL3_CK_ADH_DES_192_CBC_SHA, | ||
| 490 | SSL_kEDH |SSL_aNULL|SSL_3DES |SSL_SHA1|SSL_SSLV3, | ||
| 491 | SSL_NOT_EXP|SSL_HIGH, | ||
| 481 | 0, | 492 | 0, |
| 482 | 168, | 493 | 168, |
| 483 | 168, | 494 | 168, |
| @@ -531,17 +542,14 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ | |||
| 531 | #endif | 542 | #endif |
| 532 | 543 | ||
| 533 | #ifndef OPENSSL_NO_KRB5 | 544 | #ifndef OPENSSL_NO_KRB5 |
| 534 | /* The Kerberos ciphers | 545 | /* The Kerberos ciphers */ |
| 535 | ** 20000107 VRS: And the first shall be last, | 546 | /* Cipher 1E */ |
| 536 | ** in hopes of avoiding the lynx ssl renegotiation problem. | ||
| 537 | */ | ||
| 538 | /* Cipher 1E VRS */ | ||
| 539 | { | 547 | { |
| 540 | 1, | 548 | 1, |
| 541 | SSL3_TXT_KRB5_DES_64_CBC_SHA, | 549 | SSL3_TXT_KRB5_DES_64_CBC_SHA, |
| 542 | SSL3_CK_KRB5_DES_64_CBC_SHA, | 550 | SSL3_CK_KRB5_DES_64_CBC_SHA, |
| 543 | SSL_kKRB5|SSL_aKRB5| SSL_DES|SSL_SHA1 |SSL_SSLV3, | 551 | SSL_kKRB5|SSL_aKRB5| SSL_DES|SSL_SHA1 |SSL_SSLV3, |
| 544 | SSL_NOT_EXP|SSL_LOW|SSL_FIPS, | 552 | SSL_NOT_EXP|SSL_LOW, |
| 545 | 0, | 553 | 0, |
| 546 | 56, | 554 | 56, |
| 547 | 56, | 555 | 56, |
| @@ -549,21 +557,21 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ | |||
| 549 | SSL_ALL_STRENGTHS, | 557 | SSL_ALL_STRENGTHS, |
| 550 | }, | 558 | }, |
| 551 | 559 | ||
| 552 | /* Cipher 1F VRS */ | 560 | /* Cipher 1F */ |
| 553 | { | 561 | { |
| 554 | 1, | 562 | 1, |
| 555 | SSL3_TXT_KRB5_DES_192_CBC3_SHA, | 563 | SSL3_TXT_KRB5_DES_192_CBC3_SHA, |
| 556 | SSL3_CK_KRB5_DES_192_CBC3_SHA, | 564 | SSL3_CK_KRB5_DES_192_CBC3_SHA, |
| 557 | SSL_kKRB5|SSL_aKRB5| SSL_3DES|SSL_SHA1 |SSL_SSLV3, | 565 | SSL_kKRB5|SSL_aKRB5| SSL_3DES|SSL_SHA1 |SSL_SSLV3, |
| 558 | SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, | 566 | SSL_NOT_EXP|SSL_HIGH, |
| 559 | 0, | 567 | 0, |
| 560 | 112, | 568 | 168, |
| 561 | 168, | 569 | 168, |
| 562 | SSL_ALL_CIPHERS, | 570 | SSL_ALL_CIPHERS, |
| 563 | SSL_ALL_STRENGTHS, | 571 | SSL_ALL_STRENGTHS, |
| 564 | }, | 572 | }, |
| 565 | 573 | ||
| 566 | /* Cipher 20 VRS */ | 574 | /* Cipher 20 */ |
| 567 | { | 575 | { |
| 568 | 1, | 576 | 1, |
| 569 | SSL3_TXT_KRB5_RC4_128_SHA, | 577 | SSL3_TXT_KRB5_RC4_128_SHA, |
| @@ -577,7 +585,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ | |||
| 577 | SSL_ALL_STRENGTHS, | 585 | SSL_ALL_STRENGTHS, |
| 578 | }, | 586 | }, |
| 579 | 587 | ||
| 580 | /* Cipher 21 VRS */ | 588 | /* Cipher 21 */ |
| 581 | { | 589 | { |
| 582 | 1, | 590 | 1, |
| 583 | SSL3_TXT_KRB5_IDEA_128_CBC_SHA, | 591 | SSL3_TXT_KRB5_IDEA_128_CBC_SHA, |
| @@ -591,7 +599,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ | |||
| 591 | SSL_ALL_STRENGTHS, | 599 | SSL_ALL_STRENGTHS, |
| 592 | }, | 600 | }, |
| 593 | 601 | ||
| 594 | /* Cipher 22 VRS */ | 602 | /* Cipher 22 */ |
| 595 | { | 603 | { |
| 596 | 1, | 604 | 1, |
| 597 | SSL3_TXT_KRB5_DES_64_CBC_MD5, | 605 | SSL3_TXT_KRB5_DES_64_CBC_MD5, |
| @@ -605,7 +613,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ | |||
| 605 | SSL_ALL_STRENGTHS, | 613 | SSL_ALL_STRENGTHS, |
| 606 | }, | 614 | }, |
| 607 | 615 | ||
| 608 | /* Cipher 23 VRS */ | 616 | /* Cipher 23 */ |
| 609 | { | 617 | { |
| 610 | 1, | 618 | 1, |
| 611 | SSL3_TXT_KRB5_DES_192_CBC3_MD5, | 619 | SSL3_TXT_KRB5_DES_192_CBC3_MD5, |
| @@ -613,13 +621,13 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ | |||
| 613 | SSL_kKRB5|SSL_aKRB5| SSL_3DES|SSL_MD5 |SSL_SSLV3, | 621 | SSL_kKRB5|SSL_aKRB5| SSL_3DES|SSL_MD5 |SSL_SSLV3, |
| 614 | SSL_NOT_EXP|SSL_HIGH, | 622 | SSL_NOT_EXP|SSL_HIGH, |
| 615 | 0, | 623 | 0, |
| 616 | 112, | 624 | 168, |
| 617 | 168, | 625 | 168, |
| 618 | SSL_ALL_CIPHERS, | 626 | SSL_ALL_CIPHERS, |
| 619 | SSL_ALL_STRENGTHS, | 627 | SSL_ALL_STRENGTHS, |
| 620 | }, | 628 | }, |
| 621 | 629 | ||
| 622 | /* Cipher 24 VRS */ | 630 | /* Cipher 24 */ |
| 623 | { | 631 | { |
| 624 | 1, | 632 | 1, |
| 625 | SSL3_TXT_KRB5_RC4_128_MD5, | 633 | SSL3_TXT_KRB5_RC4_128_MD5, |
| @@ -633,7 +641,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ | |||
| 633 | SSL_ALL_STRENGTHS, | 641 | SSL_ALL_STRENGTHS, |
| 634 | }, | 642 | }, |
| 635 | 643 | ||
| 636 | /* Cipher 25 VRS */ | 644 | /* Cipher 25 */ |
| 637 | { | 645 | { |
| 638 | 1, | 646 | 1, |
| 639 | SSL3_TXT_KRB5_IDEA_128_CBC_MD5, | 647 | SSL3_TXT_KRB5_IDEA_128_CBC_MD5, |
| @@ -647,13 +655,13 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ | |||
| 647 | SSL_ALL_STRENGTHS, | 655 | SSL_ALL_STRENGTHS, |
| 648 | }, | 656 | }, |
| 649 | 657 | ||
| 650 | /* Cipher 26 VRS */ | 658 | /* Cipher 26 */ |
| 651 | { | 659 | { |
| 652 | 1, | 660 | 1, |
| 653 | SSL3_TXT_KRB5_DES_40_CBC_SHA, | 661 | SSL3_TXT_KRB5_DES_40_CBC_SHA, |
| 654 | SSL3_CK_KRB5_DES_40_CBC_SHA, | 662 | SSL3_CK_KRB5_DES_40_CBC_SHA, |
| 655 | SSL_kKRB5|SSL_aKRB5| SSL_DES|SSL_SHA1 |SSL_SSLV3, | 663 | SSL_kKRB5|SSL_aKRB5| SSL_DES|SSL_SHA1 |SSL_SSLV3, |
| 656 | SSL_EXPORT|SSL_EXP40|SSL_FIPS, | 664 | SSL_EXPORT|SSL_EXP40, |
| 657 | 0, | 665 | 0, |
| 658 | 40, | 666 | 40, |
| 659 | 56, | 667 | 56, |
| @@ -661,7 +669,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ | |||
| 661 | SSL_ALL_STRENGTHS, | 669 | SSL_ALL_STRENGTHS, |
| 662 | }, | 670 | }, |
| 663 | 671 | ||
| 664 | /* Cipher 27 VRS */ | 672 | /* Cipher 27 */ |
| 665 | { | 673 | { |
| 666 | 1, | 674 | 1, |
| 667 | SSL3_TXT_KRB5_RC2_40_CBC_SHA, | 675 | SSL3_TXT_KRB5_RC2_40_CBC_SHA, |
| @@ -675,7 +683,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ | |||
| 675 | SSL_ALL_STRENGTHS, | 683 | SSL_ALL_STRENGTHS, |
| 676 | }, | 684 | }, |
| 677 | 685 | ||
| 678 | /* Cipher 28 VRS */ | 686 | /* Cipher 28 */ |
| 679 | { | 687 | { |
| 680 | 1, | 688 | 1, |
| 681 | SSL3_TXT_KRB5_RC4_40_SHA, | 689 | SSL3_TXT_KRB5_RC4_40_SHA, |
| @@ -683,13 +691,13 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ | |||
| 683 | SSL_kKRB5|SSL_aKRB5| SSL_RC4|SSL_SHA1 |SSL_SSLV3, | 691 | SSL_kKRB5|SSL_aKRB5| SSL_RC4|SSL_SHA1 |SSL_SSLV3, |
| 684 | SSL_EXPORT|SSL_EXP40, | 692 | SSL_EXPORT|SSL_EXP40, |
| 685 | 0, | 693 | 0, |
| 686 | 128, | 694 | 40, |
| 687 | 128, | 695 | 128, |
| 688 | SSL_ALL_CIPHERS, | 696 | SSL_ALL_CIPHERS, |
| 689 | SSL_ALL_STRENGTHS, | 697 | SSL_ALL_STRENGTHS, |
| 690 | }, | 698 | }, |
| 691 | 699 | ||
| 692 | /* Cipher 29 VRS */ | 700 | /* Cipher 29 */ |
| 693 | { | 701 | { |
| 694 | 1, | 702 | 1, |
| 695 | SSL3_TXT_KRB5_DES_40_CBC_MD5, | 703 | SSL3_TXT_KRB5_DES_40_CBC_MD5, |
| @@ -703,7 +711,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ | |||
| 703 | SSL_ALL_STRENGTHS, | 711 | SSL_ALL_STRENGTHS, |
| 704 | }, | 712 | }, |
| 705 | 713 | ||
| 706 | /* Cipher 2A VRS */ | 714 | /* Cipher 2A */ |
| 707 | { | 715 | { |
| 708 | 1, | 716 | 1, |
| 709 | SSL3_TXT_KRB5_RC2_40_CBC_MD5, | 717 | SSL3_TXT_KRB5_RC2_40_CBC_MD5, |
| @@ -717,7 +725,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ | |||
| 717 | SSL_ALL_STRENGTHS, | 725 | SSL_ALL_STRENGTHS, |
| 718 | }, | 726 | }, |
| 719 | 727 | ||
| 720 | /* Cipher 2B VRS */ | 728 | /* Cipher 2B */ |
| 721 | { | 729 | { |
| 722 | 1, | 730 | 1, |
| 723 | SSL3_TXT_KRB5_RC4_40_MD5, | 731 | SSL3_TXT_KRB5_RC4_40_MD5, |
| @@ -725,16 +733,258 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ | |||
| 725 | SSL_kKRB5|SSL_aKRB5| SSL_RC4|SSL_MD5 |SSL_SSLV3, | 733 | SSL_kKRB5|SSL_aKRB5| SSL_RC4|SSL_MD5 |SSL_SSLV3, |
| 726 | SSL_EXPORT|SSL_EXP40, | 734 | SSL_EXPORT|SSL_EXP40, |
| 727 | 0, | 735 | 0, |
| 728 | 128, | 736 | 40, |
| 729 | 128, | 737 | 128, |
| 730 | SSL_ALL_CIPHERS, | 738 | SSL_ALL_CIPHERS, |
| 731 | SSL_ALL_STRENGTHS, | 739 | SSL_ALL_STRENGTHS, |
| 732 | }, | 740 | }, |
| 733 | #endif /* OPENSSL_NO_KRB5 */ | 741 | #endif /* OPENSSL_NO_KRB5 */ |
| 734 | 742 | ||
| 743 | /* New AES ciphersuites */ | ||
| 744 | /* Cipher 2F */ | ||
| 745 | { | ||
| 746 | 1, | ||
| 747 | TLS1_TXT_RSA_WITH_AES_128_SHA, | ||
| 748 | TLS1_CK_RSA_WITH_AES_128_SHA, | ||
| 749 | SSL_kRSA|SSL_aRSA|SSL_AES|SSL_SHA |SSL_TLSV1, | ||
| 750 | SSL_NOT_EXP|SSL_HIGH, | ||
| 751 | 0, | ||
| 752 | 128, | ||
| 753 | 128, | ||
| 754 | SSL_ALL_CIPHERS, | ||
| 755 | SSL_ALL_STRENGTHS, | ||
| 756 | }, | ||
| 757 | /* Cipher 30 */ | ||
| 758 | { | ||
| 759 | 0, | ||
| 760 | TLS1_TXT_DH_DSS_WITH_AES_128_SHA, | ||
| 761 | TLS1_CK_DH_DSS_WITH_AES_128_SHA, | ||
| 762 | SSL_kDHd|SSL_aDH|SSL_AES|SSL_SHA|SSL_TLSV1, | ||
| 763 | SSL_NOT_EXP|SSL_HIGH, | ||
| 764 | 0, | ||
| 765 | 128, | ||
| 766 | 128, | ||
| 767 | SSL_ALL_CIPHERS, | ||
| 768 | SSL_ALL_STRENGTHS, | ||
| 769 | }, | ||
| 770 | /* Cipher 31 */ | ||
| 771 | { | ||
| 772 | 0, | ||
| 773 | TLS1_TXT_DH_RSA_WITH_AES_128_SHA, | ||
| 774 | TLS1_CK_DH_RSA_WITH_AES_128_SHA, | ||
| 775 | SSL_kDHr|SSL_aDH|SSL_AES|SSL_SHA|SSL_TLSV1, | ||
| 776 | SSL_NOT_EXP|SSL_HIGH, | ||
| 777 | 0, | ||
| 778 | 128, | ||
| 779 | 128, | ||
| 780 | SSL_ALL_CIPHERS, | ||
| 781 | SSL_ALL_STRENGTHS, | ||
| 782 | }, | ||
| 783 | /* Cipher 32 */ | ||
| 784 | { | ||
| 785 | 1, | ||
| 786 | TLS1_TXT_DHE_DSS_WITH_AES_128_SHA, | ||
| 787 | TLS1_CK_DHE_DSS_WITH_AES_128_SHA, | ||
| 788 | SSL_kEDH|SSL_aDSS|SSL_AES|SSL_SHA|SSL_TLSV1, | ||
| 789 | SSL_NOT_EXP|SSL_HIGH, | ||
| 790 | 0, | ||
| 791 | 128, | ||
| 792 | 128, | ||
| 793 | SSL_ALL_CIPHERS, | ||
| 794 | SSL_ALL_STRENGTHS, | ||
| 795 | }, | ||
| 796 | /* Cipher 33 */ | ||
| 797 | { | ||
| 798 | 1, | ||
| 799 | TLS1_TXT_DHE_RSA_WITH_AES_128_SHA, | ||
| 800 | TLS1_CK_DHE_RSA_WITH_AES_128_SHA, | ||
| 801 | SSL_kEDH|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1, | ||
| 802 | SSL_NOT_EXP|SSL_HIGH, | ||
| 803 | 0, | ||
| 804 | 128, | ||
| 805 | 128, | ||
| 806 | SSL_ALL_CIPHERS, | ||
| 807 | SSL_ALL_STRENGTHS, | ||
| 808 | }, | ||
| 809 | /* Cipher 34 */ | ||
| 810 | { | ||
| 811 | 1, | ||
| 812 | TLS1_TXT_ADH_WITH_AES_128_SHA, | ||
| 813 | TLS1_CK_ADH_WITH_AES_128_SHA, | ||
| 814 | SSL_kEDH|SSL_aNULL|SSL_AES|SSL_SHA|SSL_TLSV1, | ||
| 815 | SSL_NOT_EXP|SSL_HIGH, | ||
| 816 | 0, | ||
| 817 | 128, | ||
| 818 | 128, | ||
| 819 | SSL_ALL_CIPHERS, | ||
| 820 | SSL_ALL_STRENGTHS, | ||
| 821 | }, | ||
| 822 | |||
| 823 | /* Cipher 35 */ | ||
| 824 | { | ||
| 825 | 1, | ||
| 826 | TLS1_TXT_RSA_WITH_AES_256_SHA, | ||
| 827 | TLS1_CK_RSA_WITH_AES_256_SHA, | ||
| 828 | SSL_kRSA|SSL_aRSA|SSL_AES|SSL_SHA |SSL_TLSV1, | ||
| 829 | SSL_NOT_EXP|SSL_HIGH, | ||
| 830 | 0, | ||
| 831 | 256, | ||
| 832 | 256, | ||
| 833 | SSL_ALL_CIPHERS, | ||
| 834 | SSL_ALL_STRENGTHS, | ||
| 835 | }, | ||
| 836 | /* Cipher 36 */ | ||
| 837 | { | ||
| 838 | 0, | ||
| 839 | TLS1_TXT_DH_DSS_WITH_AES_256_SHA, | ||
| 840 | TLS1_CK_DH_DSS_WITH_AES_256_SHA, | ||
| 841 | SSL_kDHd|SSL_aDH|SSL_AES|SSL_SHA|SSL_TLSV1, | ||
| 842 | SSL_NOT_EXP|SSL_HIGH, | ||
| 843 | 0, | ||
| 844 | 256, | ||
| 845 | 256, | ||
| 846 | SSL_ALL_CIPHERS, | ||
| 847 | SSL_ALL_STRENGTHS, | ||
| 848 | }, | ||
| 849 | /* Cipher 37 */ | ||
| 850 | { | ||
| 851 | 0, | ||
| 852 | TLS1_TXT_DH_RSA_WITH_AES_256_SHA, | ||
| 853 | TLS1_CK_DH_RSA_WITH_AES_256_SHA, | ||
| 854 | SSL_kDHr|SSL_aDH|SSL_AES|SSL_SHA|SSL_TLSV1, | ||
| 855 | SSL_NOT_EXP|SSL_HIGH, | ||
| 856 | 0, | ||
| 857 | 256, | ||
| 858 | 256, | ||
| 859 | SSL_ALL_CIPHERS, | ||
| 860 | SSL_ALL_STRENGTHS, | ||
| 861 | }, | ||
| 862 | /* Cipher 38 */ | ||
| 863 | { | ||
| 864 | 1, | ||
| 865 | TLS1_TXT_DHE_DSS_WITH_AES_256_SHA, | ||
| 866 | TLS1_CK_DHE_DSS_WITH_AES_256_SHA, | ||
| 867 | SSL_kEDH|SSL_aDSS|SSL_AES|SSL_SHA|SSL_TLSV1, | ||
| 868 | SSL_NOT_EXP|SSL_HIGH, | ||
| 869 | 0, | ||
| 870 | 256, | ||
| 871 | 256, | ||
| 872 | SSL_ALL_CIPHERS, | ||
| 873 | SSL_ALL_STRENGTHS, | ||
| 874 | }, | ||
| 875 | /* Cipher 39 */ | ||
| 876 | { | ||
| 877 | 1, | ||
| 878 | TLS1_TXT_DHE_RSA_WITH_AES_256_SHA, | ||
| 879 | TLS1_CK_DHE_RSA_WITH_AES_256_SHA, | ||
| 880 | SSL_kEDH|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1, | ||
| 881 | SSL_NOT_EXP|SSL_HIGH, | ||
| 882 | 0, | ||
| 883 | 256, | ||
| 884 | 256, | ||
| 885 | SSL_ALL_CIPHERS, | ||
| 886 | SSL_ALL_STRENGTHS, | ||
| 887 | }, | ||
| 888 | /* Cipher 3A */ | ||
| 889 | { | ||
| 890 | 1, | ||
| 891 | TLS1_TXT_ADH_WITH_AES_256_SHA, | ||
| 892 | TLS1_CK_ADH_WITH_AES_256_SHA, | ||
| 893 | SSL_kEDH|SSL_aNULL|SSL_AES|SSL_SHA|SSL_TLSV1, | ||
| 894 | SSL_NOT_EXP|SSL_HIGH, | ||
| 895 | 0, | ||
| 896 | 256, | ||
| 897 | 256, | ||
| 898 | SSL_ALL_CIPHERS, | ||
| 899 | SSL_ALL_STRENGTHS, | ||
| 900 | }, | ||
| 901 | |||
| 902 | #ifndef OPENSSL_NO_CAMELLIA | ||
| 903 | /* Camellia ciphersuites from RFC4132 (128-bit portion) */ | ||
| 904 | |||
| 905 | /* Cipher 41 */ | ||
| 906 | { | ||
| 907 | 1, | ||
| 908 | TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA, | ||
| 909 | TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA, | ||
| 910 | SSL_kRSA|SSL_aRSA|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1, | ||
| 911 | SSL_NOT_EXP|SSL_HIGH, | ||
| 912 | 0, | ||
| 913 | 128, | ||
| 914 | 128, | ||
| 915 | SSL_ALL_CIPHERS, | ||
| 916 | SSL_ALL_STRENGTHS | ||
| 917 | }, | ||
| 918 | /* Cipher 42 */ | ||
| 919 | { | ||
| 920 | 0, /* not implemented (non-ephemeral DH) */ | ||
| 921 | TLS1_TXT_DH_DSS_WITH_CAMELLIA_128_CBC_SHA, | ||
| 922 | TLS1_CK_DH_DSS_WITH_CAMELLIA_128_CBC_SHA, | ||
| 923 | SSL_kDHd|SSL_aDH|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1, | ||
| 924 | SSL_NOT_EXP|SSL_HIGH, | ||
| 925 | 0, | ||
| 926 | 128, | ||
| 927 | 128, | ||
| 928 | SSL_ALL_CIPHERS, | ||
| 929 | SSL_ALL_STRENGTHS | ||
| 930 | }, | ||
| 931 | /* Cipher 43 */ | ||
| 932 | { | ||
| 933 | 0, /* not implemented (non-ephemeral DH) */ | ||
| 934 | TLS1_TXT_DH_RSA_WITH_CAMELLIA_128_CBC_SHA, | ||
| 935 | TLS1_CK_DH_RSA_WITH_CAMELLIA_128_CBC_SHA, | ||
| 936 | SSL_kDHr|SSL_aDH|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1, | ||
| 937 | SSL_NOT_EXP|SSL_HIGH, | ||
| 938 | 0, | ||
| 939 | 128, | ||
| 940 | 128, | ||
| 941 | SSL_ALL_CIPHERS, | ||
| 942 | SSL_ALL_STRENGTHS | ||
| 943 | }, | ||
| 944 | /* Cipher 44 */ | ||
| 945 | { | ||
| 946 | 1, | ||
| 947 | TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA, | ||
| 948 | TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA, | ||
| 949 | SSL_kEDH|SSL_aDSS|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1, | ||
| 950 | SSL_NOT_EXP|SSL_HIGH, | ||
| 951 | 0, | ||
| 952 | 128, | ||
| 953 | 128, | ||
| 954 | SSL_ALL_CIPHERS, | ||
| 955 | SSL_ALL_STRENGTHS | ||
| 956 | }, | ||
| 957 | /* Cipher 45 */ | ||
| 958 | { | ||
| 959 | 1, | ||
| 960 | TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, | ||
| 961 | TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, | ||
| 962 | SSL_kEDH|SSL_aRSA|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1, | ||
| 963 | SSL_NOT_EXP|SSL_HIGH, | ||
| 964 | 0, | ||
| 965 | 128, | ||
| 966 | 128, | ||
| 967 | SSL_ALL_CIPHERS, | ||
| 968 | SSL_ALL_STRENGTHS | ||
| 969 | }, | ||
| 970 | /* Cipher 46 */ | ||
| 971 | { | ||
| 972 | 1, | ||
| 973 | TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA, | ||
| 974 | TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA, | ||
| 975 | SSL_kEDH|SSL_aNULL|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1, | ||
| 976 | SSL_NOT_EXP|SSL_HIGH, | ||
| 977 | 0, | ||
| 978 | 128, | ||
| 979 | 128, | ||
| 980 | SSL_ALL_CIPHERS, | ||
| 981 | SSL_ALL_STRENGTHS | ||
| 982 | }, | ||
| 983 | #endif /* OPENSSL_NO_CAMELLIA */ | ||
| 735 | 984 | ||
| 736 | #if TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES | 985 | #if TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES |
| 737 | /* New TLS Export CipherSuites */ | 986 | /* New TLS Export CipherSuites from expired ID */ |
| 987 | #if 0 | ||
| 738 | /* Cipher 60 */ | 988 | /* Cipher 60 */ |
| 739 | { | 989 | { |
| 740 | 1, | 990 | 1, |
| @@ -761,13 +1011,14 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ | |||
| 761 | SSL_ALL_CIPHERS, | 1011 | SSL_ALL_CIPHERS, |
| 762 | SSL_ALL_STRENGTHS, | 1012 | SSL_ALL_STRENGTHS, |
| 763 | }, | 1013 | }, |
| 1014 | #endif | ||
| 764 | /* Cipher 62 */ | 1015 | /* Cipher 62 */ |
| 765 | { | 1016 | { |
| 766 | 1, | 1017 | 1, |
| 767 | TLS1_TXT_RSA_EXPORT1024_WITH_DES_CBC_SHA, | 1018 | TLS1_TXT_RSA_EXPORT1024_WITH_DES_CBC_SHA, |
| 768 | TLS1_CK_RSA_EXPORT1024_WITH_DES_CBC_SHA, | 1019 | TLS1_CK_RSA_EXPORT1024_WITH_DES_CBC_SHA, |
| 769 | SSL_kRSA|SSL_aRSA|SSL_DES|SSL_SHA|SSL_TLSV1, | 1020 | SSL_kRSA|SSL_aRSA|SSL_DES|SSL_SHA|SSL_TLSV1, |
| 770 | SSL_EXPORT|SSL_EXP56|SSL_FIPS, | 1021 | SSL_EXPORT|SSL_EXP56, |
| 771 | 0, | 1022 | 0, |
| 772 | 56, | 1023 | 56, |
| 773 | 56, | 1024 | 56, |
| @@ -780,7 +1031,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ | |||
| 780 | TLS1_TXT_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA, | 1031 | TLS1_TXT_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA, |
| 781 | TLS1_CK_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA, | 1032 | TLS1_CK_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA, |
| 782 | SSL_kEDH|SSL_aDSS|SSL_DES|SSL_SHA|SSL_TLSV1, | 1033 | SSL_kEDH|SSL_aDSS|SSL_DES|SSL_SHA|SSL_TLSV1, |
| 783 | SSL_EXPORT|SSL_EXP56|SSL_FIPS, | 1034 | SSL_EXPORT|SSL_EXP56, |
| 784 | 0, | 1035 | 0, |
| 785 | 56, | 1036 | 56, |
| 786 | 56, | 1037 | 56, |
| @@ -827,170 +1078,536 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ | |||
| 827 | SSL_ALL_STRENGTHS | 1078 | SSL_ALL_STRENGTHS |
| 828 | }, | 1079 | }, |
| 829 | #endif | 1080 | #endif |
| 830 | /* New AES ciphersuites */ | ||
| 831 | 1081 | ||
| 832 | /* Cipher 2F */ | 1082 | #ifndef OPENSSL_NO_CAMELLIA |
| 1083 | /* Camellia ciphersuites from RFC4132 (256-bit portion) */ | ||
| 1084 | |||
| 1085 | /* Cipher 84 */ | ||
| 1086 | { | ||
| 1087 | 1, | ||
| 1088 | TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA, | ||
| 1089 | TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA, | ||
| 1090 | SSL_kRSA|SSL_aRSA|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1, | ||
| 1091 | SSL_NOT_EXP|SSL_HIGH, | ||
| 1092 | 0, | ||
| 1093 | 256, | ||
| 1094 | 256, | ||
| 1095 | SSL_ALL_CIPHERS, | ||
| 1096 | SSL_ALL_STRENGTHS | ||
| 1097 | }, | ||
| 1098 | /* Cipher 85 */ | ||
| 1099 | { | ||
| 1100 | 0, /* not implemented (non-ephemeral DH) */ | ||
| 1101 | TLS1_TXT_DH_DSS_WITH_CAMELLIA_256_CBC_SHA, | ||
| 1102 | TLS1_CK_DH_DSS_WITH_CAMELLIA_256_CBC_SHA, | ||
| 1103 | SSL_kDHd|SSL_aDH|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1, | ||
| 1104 | SSL_NOT_EXP|SSL_HIGH, | ||
| 1105 | 0, | ||
| 1106 | 256, | ||
| 1107 | 256, | ||
| 1108 | SSL_ALL_CIPHERS, | ||
| 1109 | SSL_ALL_STRENGTHS | ||
| 1110 | }, | ||
| 1111 | /* Cipher 86 */ | ||
| 1112 | { | ||
| 1113 | 0, /* not implemented (non-ephemeral DH) */ | ||
| 1114 | TLS1_TXT_DH_RSA_WITH_CAMELLIA_256_CBC_SHA, | ||
| 1115 | TLS1_CK_DH_RSA_WITH_CAMELLIA_256_CBC_SHA, | ||
| 1116 | SSL_kDHr|SSL_aDH|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1, | ||
| 1117 | SSL_NOT_EXP|SSL_HIGH, | ||
| 1118 | 0, | ||
| 1119 | 256, | ||
| 1120 | 256, | ||
| 1121 | SSL_ALL_CIPHERS, | ||
| 1122 | SSL_ALL_STRENGTHS | ||
| 1123 | }, | ||
| 1124 | /* Cipher 87 */ | ||
| 1125 | { | ||
| 1126 | 1, | ||
| 1127 | TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, | ||
| 1128 | TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, | ||
| 1129 | SSL_kEDH|SSL_aDSS|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1, | ||
| 1130 | SSL_NOT_EXP|SSL_HIGH, | ||
| 1131 | 0, | ||
| 1132 | 256, | ||
| 1133 | 256, | ||
| 1134 | SSL_ALL_CIPHERS, | ||
| 1135 | SSL_ALL_STRENGTHS | ||
| 1136 | }, | ||
| 1137 | /* Cipher 88 */ | ||
| 1138 | { | ||
| 1139 | 1, | ||
| 1140 | TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, | ||
| 1141 | TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, | ||
| 1142 | SSL_kEDH|SSL_aRSA|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1, | ||
| 1143 | SSL_NOT_EXP|SSL_HIGH, | ||
| 1144 | 0, | ||
| 1145 | 256, | ||
| 1146 | 256, | ||
| 1147 | SSL_ALL_CIPHERS, | ||
| 1148 | SSL_ALL_STRENGTHS | ||
| 1149 | }, | ||
| 1150 | /* Cipher 89 */ | ||
| 1151 | { | ||
| 1152 | 1, | ||
| 1153 | TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA, | ||
| 1154 | TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA, | ||
| 1155 | SSL_kEDH|SSL_aNULL|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1, | ||
| 1156 | SSL_NOT_EXP|SSL_HIGH, | ||
| 1157 | 0, | ||
| 1158 | 256, | ||
| 1159 | 256, | ||
| 1160 | SSL_ALL_CIPHERS, | ||
| 1161 | SSL_ALL_STRENGTHS | ||
| 1162 | }, | ||
| 1163 | #endif /* OPENSSL_NO_CAMELLIA */ | ||
| 1164 | |||
| 1165 | #ifndef OPENSSL_NO_SEED | ||
| 1166 | /* SEED ciphersuites from RFC4162 */ | ||
| 1167 | |||
| 1168 | /* Cipher 96 */ | ||
| 1169 | { | ||
| 1170 | 1, | ||
| 1171 | TLS1_TXT_RSA_WITH_SEED_SHA, | ||
| 1172 | TLS1_CK_RSA_WITH_SEED_SHA, | ||
| 1173 | SSL_kRSA|SSL_aRSA|SSL_SEED|SSL_SHA1|SSL_TLSV1, | ||
| 1174 | SSL_NOT_EXP|SSL_MEDIUM, | ||
| 1175 | 0, | ||
| 1176 | 128, | ||
| 1177 | 128, | ||
| 1178 | SSL_ALL_CIPHERS, | ||
| 1179 | SSL_ALL_STRENGTHS, | ||
| 1180 | }, | ||
| 1181 | |||
| 1182 | /* Cipher 97 */ | ||
| 1183 | { | ||
| 1184 | 0, /* not implemented (non-ephemeral DH) */ | ||
| 1185 | TLS1_TXT_DH_DSS_WITH_SEED_SHA, | ||
| 1186 | TLS1_CK_DH_DSS_WITH_SEED_SHA, | ||
| 1187 | SSL_kDHd|SSL_aDH|SSL_SEED|SSL_SHA1|SSL_TLSV1, | ||
| 1188 | SSL_NOT_EXP|SSL_MEDIUM, | ||
| 1189 | 0, | ||
| 1190 | 128, | ||
| 1191 | 128, | ||
| 1192 | SSL_ALL_CIPHERS, | ||
| 1193 | SSL_ALL_STRENGTHS, | ||
| 1194 | }, | ||
| 1195 | |||
| 1196 | /* Cipher 98 */ | ||
| 1197 | { | ||
| 1198 | 0, /* not implemented (non-ephemeral DH) */ | ||
| 1199 | TLS1_TXT_DH_RSA_WITH_SEED_SHA, | ||
| 1200 | TLS1_CK_DH_RSA_WITH_SEED_SHA, | ||
| 1201 | SSL_kDHr|SSL_aDH|SSL_SEED|SSL_SHA1|SSL_TLSV1, | ||
| 1202 | SSL_NOT_EXP|SSL_MEDIUM, | ||
| 1203 | 0, | ||
| 1204 | 128, | ||
| 1205 | 128, | ||
| 1206 | SSL_ALL_CIPHERS, | ||
| 1207 | SSL_ALL_STRENGTHS, | ||
| 1208 | }, | ||
| 1209 | |||
| 1210 | /* Cipher 99 */ | ||
| 1211 | { | ||
| 1212 | 1, | ||
| 1213 | TLS1_TXT_DHE_DSS_WITH_SEED_SHA, | ||
| 1214 | TLS1_CK_DHE_DSS_WITH_SEED_SHA, | ||
| 1215 | SSL_kEDH|SSL_aDSS|SSL_SEED|SSL_SHA1|SSL_TLSV1, | ||
| 1216 | SSL_NOT_EXP|SSL_MEDIUM, | ||
| 1217 | 0, | ||
| 1218 | 128, | ||
| 1219 | 128, | ||
| 1220 | SSL_ALL_CIPHERS, | ||
| 1221 | SSL_ALL_STRENGTHS, | ||
| 1222 | }, | ||
| 1223 | |||
| 1224 | /* Cipher 9A */ | ||
| 1225 | { | ||
| 1226 | 1, | ||
| 1227 | TLS1_TXT_DHE_RSA_WITH_SEED_SHA, | ||
| 1228 | TLS1_CK_DHE_RSA_WITH_SEED_SHA, | ||
| 1229 | SSL_kEDH|SSL_aRSA|SSL_SEED|SSL_SHA1|SSL_TLSV1, | ||
| 1230 | SSL_NOT_EXP|SSL_MEDIUM, | ||
| 1231 | 0, | ||
| 1232 | 128, | ||
| 1233 | 128, | ||
| 1234 | SSL_ALL_CIPHERS, | ||
| 1235 | SSL_ALL_STRENGTHS, | ||
| 1236 | }, | ||
| 1237 | |||
| 1238 | /* Cipher 9B */ | ||
| 1239 | { | ||
| 1240 | 1, | ||
| 1241 | TLS1_TXT_ADH_WITH_SEED_SHA, | ||
| 1242 | TLS1_CK_ADH_WITH_SEED_SHA, | ||
| 1243 | SSL_kEDH|SSL_aNULL|SSL_SEED|SSL_SHA1|SSL_TLSV1, | ||
| 1244 | SSL_NOT_EXP|SSL_MEDIUM, | ||
| 1245 | 0, | ||
| 1246 | 128, | ||
| 1247 | 128, | ||
| 1248 | SSL_ALL_CIPHERS, | ||
| 1249 | SSL_ALL_STRENGTHS, | ||
| 1250 | }, | ||
| 1251 | |||
| 1252 | #endif /* OPENSSL_NO_SEED */ | ||
| 1253 | |||
| 1254 | #ifndef OPENSSL_NO_ECDH | ||
| 1255 | /* Cipher C001 */ | ||
| 833 | { | 1256 | { |
| 834 | 1, | 1257 | 1, |
| 835 | TLS1_TXT_RSA_WITH_AES_128_SHA, | 1258 | TLS1_TXT_ECDH_ECDSA_WITH_NULL_SHA, |
| 836 | TLS1_CK_RSA_WITH_AES_128_SHA, | 1259 | TLS1_CK_ECDH_ECDSA_WITH_NULL_SHA, |
| 837 | SSL_kRSA|SSL_aRSA|SSL_AES|SSL_SHA |SSL_TLSV1, | 1260 | SSL_kECDH|SSL_aECDSA|SSL_eNULL|SSL_SHA|SSL_TLSV1, |
| 838 | SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, | 1261 | SSL_NOT_EXP, |
| 839 | 0, | 1262 | 0, |
| 840 | 128, | 1263 | 0, |
| 841 | 128, | 1264 | 0, |
| 842 | SSL_ALL_CIPHERS, | 1265 | SSL_ALL_CIPHERS, |
| 843 | SSL_ALL_STRENGTHS, | 1266 | SSL_ALL_STRENGTHS, |
| 844 | }, | 1267 | }, |
| 845 | /* Cipher 30 */ | 1268 | |
| 1269 | /* Cipher C002 */ | ||
| 846 | { | 1270 | { |
| 847 | 0, | 1271 | 1, |
| 848 | TLS1_TXT_DH_DSS_WITH_AES_128_SHA, | 1272 | TLS1_TXT_ECDH_ECDSA_WITH_RC4_128_SHA, |
| 849 | TLS1_CK_DH_DSS_WITH_AES_128_SHA, | 1273 | TLS1_CK_ECDH_ECDSA_WITH_RC4_128_SHA, |
| 850 | SSL_kDHd|SSL_aDH|SSL_AES|SSL_SHA|SSL_TLSV1, | 1274 | SSL_kECDH|SSL_aECDSA|SSL_RC4|SSL_SHA|SSL_TLSV1, |
| 851 | SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, | 1275 | SSL_NOT_EXP, |
| 852 | 0, | 1276 | 0, |
| 853 | 128, | 1277 | 128, |
| 854 | 128, | 1278 | 128, |
| 855 | SSL_ALL_CIPHERS, | 1279 | SSL_ALL_CIPHERS, |
| 856 | SSL_ALL_STRENGTHS, | 1280 | SSL_ALL_STRENGTHS, |
| 857 | }, | 1281 | }, |
| 858 | /* Cipher 31 */ | 1282 | |
| 1283 | /* Cipher C003 */ | ||
| 859 | { | 1284 | { |
| 860 | 0, | 1285 | 1, |
| 861 | TLS1_TXT_DH_RSA_WITH_AES_128_SHA, | 1286 | TLS1_TXT_ECDH_ECDSA_WITH_DES_192_CBC3_SHA, |
| 862 | TLS1_CK_DH_RSA_WITH_AES_128_SHA, | 1287 | TLS1_CK_ECDH_ECDSA_WITH_DES_192_CBC3_SHA, |
| 863 | SSL_kDHr|SSL_aDH|SSL_AES|SSL_SHA|SSL_TLSV1, | 1288 | SSL_kECDH|SSL_aECDSA|SSL_3DES|SSL_SHA|SSL_TLSV1, |
| 864 | SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, | 1289 | SSL_NOT_EXP|SSL_HIGH, |
| 865 | 0, | 1290 | 0, |
| 866 | 128, | 1291 | 168, |
| 867 | 128, | 1292 | 168, |
| 868 | SSL_ALL_CIPHERS, | 1293 | SSL_ALL_CIPHERS, |
| 869 | SSL_ALL_STRENGTHS, | 1294 | SSL_ALL_STRENGTHS, |
| 870 | }, | 1295 | }, |
| 871 | /* Cipher 32 */ | 1296 | |
| 1297 | /* Cipher C004 */ | ||
| 872 | { | 1298 | { |
| 873 | 1, | 1299 | 1, |
| 874 | TLS1_TXT_DHE_DSS_WITH_AES_128_SHA, | 1300 | TLS1_TXT_ECDH_ECDSA_WITH_AES_128_CBC_SHA, |
| 875 | TLS1_CK_DHE_DSS_WITH_AES_128_SHA, | 1301 | TLS1_CK_ECDH_ECDSA_WITH_AES_128_CBC_SHA, |
| 876 | SSL_kEDH|SSL_aDSS|SSL_AES|SSL_SHA|SSL_TLSV1, | 1302 | SSL_kECDH|SSL_aECDSA|SSL_AES|SSL_SHA|SSL_TLSV1, |
| 877 | SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, | 1303 | SSL_NOT_EXP|SSL_HIGH, |
| 878 | 0, | 1304 | 0, |
| 879 | 128, | 1305 | 128, |
| 880 | 128, | 1306 | 128, |
| 881 | SSL_ALL_CIPHERS, | 1307 | SSL_ALL_CIPHERS, |
| 882 | SSL_ALL_STRENGTHS, | 1308 | SSL_ALL_STRENGTHS, |
| 883 | }, | 1309 | }, |
| 884 | /* Cipher 33 */ | 1310 | |
| 1311 | /* Cipher C005 */ | ||
| 885 | { | 1312 | { |
| 886 | 1, | 1313 | 1, |
| 887 | TLS1_TXT_DHE_RSA_WITH_AES_128_SHA, | 1314 | TLS1_TXT_ECDH_ECDSA_WITH_AES_256_CBC_SHA, |
| 888 | TLS1_CK_DHE_RSA_WITH_AES_128_SHA, | 1315 | TLS1_CK_ECDH_ECDSA_WITH_AES_256_CBC_SHA, |
| 889 | SSL_kEDH|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1, | 1316 | SSL_kECDH|SSL_aECDSA|SSL_AES|SSL_SHA|SSL_TLSV1, |
| 890 | SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, | 1317 | SSL_NOT_EXP|SSL_HIGH, |
| 891 | 0, | 1318 | 0, |
| 892 | 128, | 1319 | 256, |
| 893 | 128, | 1320 | 256, |
| 894 | SSL_ALL_CIPHERS, | 1321 | SSL_ALL_CIPHERS, |
| 895 | SSL_ALL_STRENGTHS, | 1322 | SSL_ALL_STRENGTHS, |
| 896 | }, | 1323 | }, |
| 897 | /* Cipher 34 */ | 1324 | |
| 1325 | /* Cipher C006 */ | ||
| 898 | { | 1326 | { |
| 899 | 1, | 1327 | 1, |
| 900 | TLS1_TXT_ADH_WITH_AES_128_SHA, | 1328 | TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA, |
| 901 | TLS1_CK_ADH_WITH_AES_128_SHA, | 1329 | TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA, |
| 902 | SSL_kEDH|SSL_aNULL|SSL_AES|SSL_SHA|SSL_TLSV1, | 1330 | SSL_kECDHE|SSL_aECDSA|SSL_eNULL|SSL_SHA|SSL_TLSV1, |
| 903 | SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, | 1331 | SSL_NOT_EXP, |
| 904 | 0, | 1332 | 0, |
| 905 | 128, | 1333 | 0, |
| 906 | 128, | 1334 | 0, |
| 907 | SSL_ALL_CIPHERS, | 1335 | SSL_ALL_CIPHERS, |
| 908 | SSL_ALL_STRENGTHS, | 1336 | SSL_ALL_STRENGTHS, |
| 909 | }, | 1337 | }, |
| 910 | 1338 | ||
| 911 | /* Cipher 35 */ | 1339 | /* Cipher C007 */ |
| 912 | { | 1340 | { |
| 913 | 1, | 1341 | 1, |
| 914 | TLS1_TXT_RSA_WITH_AES_256_SHA, | 1342 | TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA, |
| 915 | TLS1_CK_RSA_WITH_AES_256_SHA, | 1343 | TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA, |
| 916 | SSL_kRSA|SSL_aRSA|SSL_AES|SSL_SHA |SSL_TLSV1, | 1344 | SSL_kECDHE|SSL_aECDSA|SSL_RC4|SSL_SHA|SSL_TLSV1, |
| 917 | SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, | 1345 | SSL_NOT_EXP, |
| 918 | 0, | 1346 | 0, |
| 919 | 256, | 1347 | 128, |
| 920 | 256, | 1348 | 128, |
| 921 | SSL_ALL_CIPHERS, | 1349 | SSL_ALL_CIPHERS, |
| 922 | SSL_ALL_STRENGTHS, | 1350 | SSL_ALL_STRENGTHS, |
| 923 | }, | 1351 | }, |
| 924 | /* Cipher 36 */ | 1352 | |
| 1353 | /* Cipher C008 */ | ||
| 925 | { | 1354 | { |
| 926 | 0, | 1355 | 1, |
| 927 | TLS1_TXT_DH_DSS_WITH_AES_256_SHA, | 1356 | TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA, |
| 928 | TLS1_CK_DH_DSS_WITH_AES_256_SHA, | 1357 | TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA, |
| 929 | SSL_kDHd|SSL_aDH|SSL_AES|SSL_SHA|SSL_TLSV1, | 1358 | SSL_kECDHE|SSL_aECDSA|SSL_3DES|SSL_SHA|SSL_TLSV1, |
| 930 | SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, | 1359 | SSL_NOT_EXP|SSL_HIGH, |
| 931 | 0, | 1360 | 0, |
| 932 | 256, | 1361 | 168, |
| 933 | 256, | 1362 | 168, |
| 934 | SSL_ALL_CIPHERS, | 1363 | SSL_ALL_CIPHERS, |
| 935 | SSL_ALL_STRENGTHS, | 1364 | SSL_ALL_STRENGTHS, |
| 936 | }, | 1365 | }, |
| 937 | /* Cipher 37 */ | 1366 | |
| 1367 | /* Cipher C009 */ | ||
| 938 | { | 1368 | { |
| 939 | 0, | 1369 | 1, |
| 940 | TLS1_TXT_DH_RSA_WITH_AES_256_SHA, | 1370 | TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, |
| 941 | TLS1_CK_DH_RSA_WITH_AES_256_SHA, | 1371 | TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, |
| 942 | SSL_kDHr|SSL_aDH|SSL_AES|SSL_SHA|SSL_TLSV1, | 1372 | SSL_kECDHE|SSL_aECDSA|SSL_AES|SSL_SHA|SSL_TLSV1, |
| 943 | SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, | 1373 | SSL_NOT_EXP|SSL_HIGH, |
| 944 | 0, | 1374 | 0, |
| 945 | 256, | 1375 | 128, |
| 946 | 256, | 1376 | 128, |
| 947 | SSL_ALL_CIPHERS, | 1377 | SSL_ALL_CIPHERS, |
| 948 | SSL_ALL_STRENGTHS, | 1378 | SSL_ALL_STRENGTHS, |
| 949 | }, | 1379 | }, |
| 950 | /* Cipher 38 */ | 1380 | |
| 1381 | /* Cipher C00A */ | ||
| 951 | { | 1382 | { |
| 952 | 1, | 1383 | 1, |
| 953 | TLS1_TXT_DHE_DSS_WITH_AES_256_SHA, | 1384 | TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, |
| 954 | TLS1_CK_DHE_DSS_WITH_AES_256_SHA, | 1385 | TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, |
| 955 | SSL_kEDH|SSL_aDSS|SSL_AES|SSL_SHA|SSL_TLSV1, | 1386 | SSL_kECDHE|SSL_aECDSA|SSL_AES|SSL_SHA|SSL_TLSV1, |
| 956 | SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, | 1387 | SSL_NOT_EXP|SSL_HIGH, |
| 957 | 0, | 1388 | 0, |
| 958 | 256, | 1389 | 256, |
| 959 | 256, | 1390 | 256, |
| 960 | SSL_ALL_CIPHERS, | 1391 | SSL_ALL_CIPHERS, |
| 961 | SSL_ALL_STRENGTHS, | 1392 | SSL_ALL_STRENGTHS, |
| 962 | }, | 1393 | }, |
| 963 | /* Cipher 39 */ | 1394 | |
| 1395 | /* Cipher C00B */ | ||
| 964 | { | 1396 | { |
| 965 | 1, | 1397 | 1, |
| 966 | TLS1_TXT_DHE_RSA_WITH_AES_256_SHA, | 1398 | TLS1_TXT_ECDH_RSA_WITH_NULL_SHA, |
| 967 | TLS1_CK_DHE_RSA_WITH_AES_256_SHA, | 1399 | TLS1_CK_ECDH_RSA_WITH_NULL_SHA, |
| 968 | SSL_kEDH|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1, | 1400 | SSL_kECDH|SSL_aRSA|SSL_eNULL|SSL_SHA|SSL_TLSV1, |
| 969 | SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, | 1401 | SSL_NOT_EXP, |
| 970 | 0, | 1402 | 0, |
| 971 | 256, | 1403 | 0, |
| 972 | 256, | 1404 | 0, |
| 973 | SSL_ALL_CIPHERS, | 1405 | SSL_ALL_CIPHERS, |
| 974 | SSL_ALL_STRENGTHS, | 1406 | SSL_ALL_STRENGTHS, |
| 975 | }, | 1407 | }, |
| 976 | /* Cipher 3A */ | 1408 | |
| 1409 | /* Cipher C00C */ | ||
| 977 | { | 1410 | { |
| 978 | 1, | 1411 | 1, |
| 979 | TLS1_TXT_ADH_WITH_AES_256_SHA, | 1412 | TLS1_TXT_ECDH_RSA_WITH_RC4_128_SHA, |
| 980 | TLS1_CK_ADH_WITH_AES_256_SHA, | 1413 | TLS1_CK_ECDH_RSA_WITH_RC4_128_SHA, |
| 981 | SSL_kEDH|SSL_aNULL|SSL_AES|SSL_SHA|SSL_TLSV1, | 1414 | SSL_kECDH|SSL_aRSA|SSL_RC4|SSL_SHA|SSL_TLSV1, |
| 982 | SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, | 1415 | SSL_NOT_EXP, |
| 983 | 0, | 1416 | 0, |
| 984 | 256, | 1417 | 128, |
| 985 | 256, | 1418 | 128, |
| 986 | SSL_ALL_CIPHERS, | 1419 | SSL_ALL_CIPHERS, |
| 987 | SSL_ALL_STRENGTHS, | 1420 | SSL_ALL_STRENGTHS, |
| 1421 | }, | ||
| 1422 | |||
| 1423 | /* Cipher C00D */ | ||
| 1424 | { | ||
| 1425 | 1, | ||
| 1426 | TLS1_TXT_ECDH_RSA_WITH_DES_192_CBC3_SHA, | ||
| 1427 | TLS1_CK_ECDH_RSA_WITH_DES_192_CBC3_SHA, | ||
| 1428 | SSL_kECDH|SSL_aRSA|SSL_3DES|SSL_SHA|SSL_TLSV1, | ||
| 1429 | SSL_NOT_EXP|SSL_HIGH, | ||
| 1430 | 0, | ||
| 1431 | 168, | ||
| 1432 | 168, | ||
| 1433 | SSL_ALL_CIPHERS, | ||
| 1434 | SSL_ALL_STRENGTHS, | ||
| 1435 | }, | ||
| 1436 | |||
| 1437 | /* Cipher C00E */ | ||
| 1438 | { | ||
| 1439 | 1, | ||
| 1440 | TLS1_TXT_ECDH_RSA_WITH_AES_128_CBC_SHA, | ||
| 1441 | TLS1_CK_ECDH_RSA_WITH_AES_128_CBC_SHA, | ||
| 1442 | SSL_kECDH|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1, | ||
| 1443 | SSL_NOT_EXP|SSL_HIGH, | ||
| 1444 | 0, | ||
| 1445 | 128, | ||
| 1446 | 128, | ||
| 1447 | SSL_ALL_CIPHERS, | ||
| 1448 | SSL_ALL_STRENGTHS, | ||
| 1449 | }, | ||
| 1450 | |||
| 1451 | /* Cipher C00F */ | ||
| 1452 | { | ||
| 1453 | 1, | ||
| 1454 | TLS1_TXT_ECDH_RSA_WITH_AES_256_CBC_SHA, | ||
| 1455 | TLS1_CK_ECDH_RSA_WITH_AES_256_CBC_SHA, | ||
| 1456 | SSL_kECDH|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1, | ||
| 1457 | SSL_NOT_EXP|SSL_HIGH, | ||
| 1458 | 0, | ||
| 1459 | 256, | ||
| 1460 | 256, | ||
| 1461 | SSL_ALL_CIPHERS, | ||
| 1462 | SSL_ALL_STRENGTHS, | ||
| 1463 | }, | ||
| 1464 | |||
| 1465 | /* Cipher C010 */ | ||
| 1466 | { | ||
| 1467 | 1, | ||
| 1468 | TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA, | ||
| 1469 | TLS1_CK_ECDHE_RSA_WITH_NULL_SHA, | ||
| 1470 | SSL_kECDHE|SSL_aRSA|SSL_eNULL|SSL_SHA|SSL_TLSV1, | ||
| 1471 | SSL_NOT_EXP, | ||
| 1472 | 0, | ||
| 1473 | 0, | ||
| 1474 | 0, | ||
| 1475 | SSL_ALL_CIPHERS, | ||
| 1476 | SSL_ALL_STRENGTHS, | ||
| 1477 | }, | ||
| 1478 | |||
| 1479 | /* Cipher C011 */ | ||
| 1480 | { | ||
| 1481 | 1, | ||
| 1482 | TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA, | ||
| 1483 | TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA, | ||
| 1484 | SSL_kECDHE|SSL_aRSA|SSL_RC4|SSL_SHA|SSL_TLSV1, | ||
| 1485 | SSL_NOT_EXP, | ||
| 1486 | 0, | ||
| 1487 | 128, | ||
| 1488 | 128, | ||
| 1489 | SSL_ALL_CIPHERS, | ||
| 1490 | SSL_ALL_STRENGTHS, | ||
| 1491 | }, | ||
| 1492 | |||
| 1493 | /* Cipher C012 */ | ||
| 1494 | { | ||
| 1495 | 1, | ||
| 1496 | TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA, | ||
| 1497 | TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA, | ||
| 1498 | SSL_kECDHE|SSL_aRSA|SSL_3DES|SSL_SHA|SSL_TLSV1, | ||
| 1499 | SSL_NOT_EXP|SSL_HIGH, | ||
| 1500 | 0, | ||
| 1501 | 168, | ||
| 1502 | 168, | ||
| 1503 | SSL_ALL_CIPHERS, | ||
| 1504 | SSL_ALL_STRENGTHS, | ||
| 1505 | }, | ||
| 1506 | |||
| 1507 | /* Cipher C013 */ | ||
| 1508 | { | ||
| 1509 | 1, | ||
| 1510 | TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA, | ||
| 1511 | TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA, | ||
| 1512 | SSL_kECDHE|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1, | ||
| 1513 | SSL_NOT_EXP|SSL_HIGH, | ||
| 1514 | 0, | ||
| 1515 | 128, | ||
| 1516 | 128, | ||
| 1517 | SSL_ALL_CIPHERS, | ||
| 1518 | SSL_ALL_STRENGTHS, | ||
| 1519 | }, | ||
| 1520 | |||
| 1521 | /* Cipher C014 */ | ||
| 1522 | { | ||
| 1523 | 1, | ||
| 1524 | TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA, | ||
| 1525 | TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA, | ||
| 1526 | SSL_kECDHE|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1, | ||
| 1527 | SSL_NOT_EXP|SSL_HIGH, | ||
| 1528 | 0, | ||
| 1529 | 256, | ||
| 1530 | 256, | ||
| 1531 | SSL_ALL_CIPHERS, | ||
| 1532 | SSL_ALL_STRENGTHS, | ||
| 1533 | }, | ||
| 1534 | |||
| 1535 | /* Cipher C015 */ | ||
| 1536 | { | ||
| 1537 | 1, | ||
| 1538 | TLS1_TXT_ECDH_anon_WITH_NULL_SHA, | ||
| 1539 | TLS1_CK_ECDH_anon_WITH_NULL_SHA, | ||
| 1540 | SSL_kECDHE|SSL_aNULL|SSL_eNULL|SSL_SHA|SSL_TLSV1, | ||
| 1541 | SSL_NOT_EXP, | ||
| 1542 | 0, | ||
| 1543 | 0, | ||
| 1544 | 0, | ||
| 1545 | SSL_ALL_CIPHERS, | ||
| 1546 | SSL_ALL_STRENGTHS, | ||
| 988 | }, | 1547 | }, |
| 989 | 1548 | ||
| 1549 | /* Cipher C016 */ | ||
| 1550 | { | ||
| 1551 | 1, | ||
| 1552 | TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA, | ||
| 1553 | TLS1_CK_ECDH_anon_WITH_RC4_128_SHA, | ||
| 1554 | SSL_kECDHE|SSL_aNULL|SSL_RC4|SSL_SHA|SSL_TLSV1, | ||
| 1555 | SSL_NOT_EXP, | ||
| 1556 | 0, | ||
| 1557 | 128, | ||
| 1558 | 128, | ||
| 1559 | SSL_ALL_CIPHERS, | ||
| 1560 | SSL_ALL_STRENGTHS, | ||
| 1561 | }, | ||
| 1562 | |||
| 1563 | /* Cipher C017 */ | ||
| 1564 | { | ||
| 1565 | 1, | ||
| 1566 | TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA, | ||
| 1567 | TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA, | ||
| 1568 | SSL_kECDHE|SSL_aNULL|SSL_3DES|SSL_SHA|SSL_TLSV1, | ||
| 1569 | SSL_NOT_EXP|SSL_HIGH, | ||
| 1570 | 0, | ||
| 1571 | 168, | ||
| 1572 | 168, | ||
| 1573 | SSL_ALL_CIPHERS, | ||
| 1574 | SSL_ALL_STRENGTHS, | ||
| 1575 | }, | ||
| 1576 | |||
| 1577 | /* Cipher C018 */ | ||
| 1578 | { | ||
| 1579 | 1, | ||
| 1580 | TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA, | ||
| 1581 | TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA, | ||
| 1582 | SSL_kECDHE|SSL_aNULL|SSL_AES|SSL_SHA|SSL_TLSV1, | ||
| 1583 | SSL_NOT_EXP|SSL_HIGH, | ||
| 1584 | 0, | ||
| 1585 | 128, | ||
| 1586 | 128, | ||
| 1587 | SSL_ALL_CIPHERS, | ||
| 1588 | SSL_ALL_STRENGTHS, | ||
| 1589 | }, | ||
| 1590 | |||
| 1591 | /* Cipher C019 */ | ||
| 1592 | { | ||
| 1593 | 1, | ||
| 1594 | TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA, | ||
| 1595 | TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA, | ||
| 1596 | SSL_kECDHE|SSL_aNULL|SSL_AES|SSL_SHA|SSL_TLSV1, | ||
| 1597 | SSL_NOT_EXP|SSL_HIGH, | ||
| 1598 | 0, | ||
| 1599 | 256, | ||
| 1600 | 256, | ||
| 1601 | SSL_ALL_CIPHERS, | ||
| 1602 | SSL_ALL_STRENGTHS, | ||
| 1603 | }, | ||
| 1604 | #endif /* OPENSSL_NO_ECDH */ | ||
| 1605 | |||
| 1606 | |||
| 990 | /* end of list */ | 1607 | /* end of list */ |
| 991 | }; | 1608 | }; |
| 992 | 1609 | ||
| 993 | static SSL3_ENC_METHOD SSLv3_enc_data={ | 1610 | SSL3_ENC_METHOD SSLv3_enc_data={ |
| 994 | ssl3_enc, | 1611 | ssl3_enc, |
| 995 | ssl3_mac, | 1612 | ssl3_mac, |
| 996 | ssl3_setup_key_block, | 1613 | ssl3_setup_key_block, |
| @@ -1004,45 +1621,17 @@ static SSL3_ENC_METHOD SSLv3_enc_data={ | |||
| 1004 | ssl3_alert_code, | 1621 | ssl3_alert_code, |
| 1005 | }; | 1622 | }; |
| 1006 | 1623 | ||
| 1007 | static SSL_METHOD SSLv3_data= { | 1624 | long ssl3_default_timeout(void) |
| 1008 | SSL3_VERSION, | ||
| 1009 | ssl3_new, | ||
| 1010 | ssl3_clear, | ||
| 1011 | ssl3_free, | ||
| 1012 | ssl_undefined_function, | ||
| 1013 | ssl_undefined_function, | ||
| 1014 | ssl3_read, | ||
| 1015 | ssl3_peek, | ||
| 1016 | ssl3_write, | ||
| 1017 | ssl3_shutdown, | ||
| 1018 | ssl3_renegotiate, | ||
| 1019 | ssl3_renegotiate_check, | ||
| 1020 | ssl3_ctrl, | ||
| 1021 | ssl3_ctx_ctrl, | ||
| 1022 | ssl3_get_cipher_by_char, | ||
| 1023 | ssl3_put_cipher_by_char, | ||
| 1024 | ssl3_pending, | ||
| 1025 | ssl3_num_ciphers, | ||
| 1026 | ssl3_get_cipher, | ||
| 1027 | ssl_bad_method, | ||
| 1028 | ssl3_default_timeout, | ||
| 1029 | &SSLv3_enc_data, | ||
| 1030 | ssl_undefined_function, | ||
| 1031 | ssl3_callback_ctrl, | ||
| 1032 | ssl3_ctx_callback_ctrl, | ||
| 1033 | }; | ||
| 1034 | |||
| 1035 | static long ssl3_default_timeout(void) | ||
| 1036 | { | 1625 | { |
| 1037 | /* 2 hours, the 24 hours mentioned in the SSLv3 spec | 1626 | /* 2 hours, the 24 hours mentioned in the SSLv3 spec |
| 1038 | * is way too long for http, the cache would over fill */ | 1627 | * is way too long for http, the cache would over fill */ |
| 1039 | return(60*60*2); | 1628 | return(60*60*2); |
| 1040 | } | 1629 | } |
| 1041 | 1630 | ||
| 1042 | SSL_METHOD *sslv3_base_method(void) | 1631 | IMPLEMENT_ssl3_meth_func(sslv3_base_method, |
| 1043 | { | 1632 | ssl_undefined_function, |
| 1044 | return(&SSLv3_data); | 1633 | ssl_undefined_function, |
| 1045 | } | 1634 | ssl_bad_method) |
| 1046 | 1635 | ||
| 1047 | int ssl3_num_ciphers(void) | 1636 | int ssl3_num_ciphers(void) |
| 1048 | { | 1637 | { |
| @@ -1073,6 +1662,8 @@ int ssl3_new(SSL *s) | |||
| 1073 | memset(s3,0,sizeof *s3); | 1662 | memset(s3,0,sizeof *s3); |
| 1074 | EVP_MD_CTX_init(&s3->finish_dgst1); | 1663 | EVP_MD_CTX_init(&s3->finish_dgst1); |
| 1075 | EVP_MD_CTX_init(&s3->finish_dgst2); | 1664 | EVP_MD_CTX_init(&s3->finish_dgst2); |
| 1665 | pq_64bit_init(&(s3->rrec.seq_num)); | ||
| 1666 | pq_64bit_init(&(s3->wrec.seq_num)); | ||
| 1076 | 1667 | ||
| 1077 | s->s3=s3; | 1668 | s->s3=s3; |
| 1078 | 1669 | ||
| @@ -1098,10 +1689,18 @@ void ssl3_free(SSL *s) | |||
| 1098 | if (s->s3->tmp.dh != NULL) | 1689 | if (s->s3->tmp.dh != NULL) |
| 1099 | DH_free(s->s3->tmp.dh); | 1690 | DH_free(s->s3->tmp.dh); |
| 1100 | #endif | 1691 | #endif |
| 1692 | #ifndef OPENSSL_NO_ECDH | ||
| 1693 | if (s->s3->tmp.ecdh != NULL) | ||
| 1694 | EC_KEY_free(s->s3->tmp.ecdh); | ||
| 1695 | #endif | ||
| 1696 | |||
| 1101 | if (s->s3->tmp.ca_names != NULL) | 1697 | if (s->s3->tmp.ca_names != NULL) |
| 1102 | sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free); | 1698 | sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free); |
| 1103 | EVP_MD_CTX_cleanup(&s->s3->finish_dgst1); | 1699 | EVP_MD_CTX_cleanup(&s->s3->finish_dgst1); |
| 1104 | EVP_MD_CTX_cleanup(&s->s3->finish_dgst2); | 1700 | EVP_MD_CTX_cleanup(&s->s3->finish_dgst2); |
| 1701 | pq_64bit_free(&(s->s3->rrec.seq_num)); | ||
| 1702 | pq_64bit_free(&(s->s3->wrec.seq_num)); | ||
| 1703 | |||
| 1105 | OPENSSL_cleanse(s->s3,sizeof *s->s3); | 1704 | OPENSSL_cleanse(s->s3,sizeof *s->s3); |
| 1106 | OPENSSL_free(s->s3); | 1705 | OPENSSL_free(s->s3); |
| 1107 | s->s3=NULL; | 1706 | s->s3=NULL; |
| @@ -1125,6 +1724,10 @@ void ssl3_clear(SSL *s) | |||
| 1125 | if (s->s3->tmp.dh != NULL) | 1724 | if (s->s3->tmp.dh != NULL) |
| 1126 | DH_free(s->s3->tmp.dh); | 1725 | DH_free(s->s3->tmp.dh); |
| 1127 | #endif | 1726 | #endif |
| 1727 | #ifndef OPENSSL_NO_ECDH | ||
| 1728 | if (s->s3->tmp.ecdh != NULL) | ||
| 1729 | EC_KEY_free(s->s3->tmp.ecdh); | ||
| 1730 | #endif | ||
| 1128 | 1731 | ||
| 1129 | rp = s->s3->rbuf.buf; | 1732 | rp = s->s3->rbuf.buf; |
| 1130 | wp = s->s3->wbuf.buf; | 1733 | wp = s->s3->wbuf.buf; |
| @@ -1263,13 +1866,122 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) | |||
| 1263 | } | 1866 | } |
| 1264 | break; | 1867 | break; |
| 1265 | #endif | 1868 | #endif |
| 1869 | #ifndef OPENSSL_NO_ECDH | ||
| 1870 | case SSL_CTRL_SET_TMP_ECDH: | ||
| 1871 | { | ||
| 1872 | EC_KEY *ecdh = NULL; | ||
| 1873 | |||
| 1874 | if (parg == NULL) | ||
| 1875 | { | ||
| 1876 | SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER); | ||
| 1877 | return(ret); | ||
| 1878 | } | ||
| 1879 | if (!EC_KEY_up_ref((EC_KEY *)parg)) | ||
| 1880 | { | ||
| 1881 | SSLerr(SSL_F_SSL3_CTRL,ERR_R_ECDH_LIB); | ||
| 1882 | return(ret); | ||
| 1883 | } | ||
| 1884 | ecdh = (EC_KEY *)parg; | ||
| 1885 | if (!(s->options & SSL_OP_SINGLE_ECDH_USE)) | ||
| 1886 | { | ||
| 1887 | if (!EC_KEY_generate_key(ecdh)) | ||
| 1888 | { | ||
| 1889 | EC_KEY_free(ecdh); | ||
| 1890 | SSLerr(SSL_F_SSL3_CTRL,ERR_R_ECDH_LIB); | ||
| 1891 | return(ret); | ||
| 1892 | } | ||
| 1893 | } | ||
| 1894 | if (s->cert->ecdh_tmp != NULL) | ||
| 1895 | EC_KEY_free(s->cert->ecdh_tmp); | ||
| 1896 | s->cert->ecdh_tmp = ecdh; | ||
| 1897 | ret = 1; | ||
| 1898 | } | ||
| 1899 | break; | ||
| 1900 | case SSL_CTRL_SET_TMP_ECDH_CB: | ||
| 1901 | { | ||
| 1902 | SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); | ||
| 1903 | return(ret); | ||
| 1904 | } | ||
| 1905 | break; | ||
| 1906 | #endif /* !OPENSSL_NO_ECDH */ | ||
| 1907 | #ifndef OPENSSL_NO_TLSEXT | ||
| 1908 | case SSL_CTRL_SET_TLSEXT_HOSTNAME: | ||
| 1909 | if (larg == TLSEXT_NAMETYPE_host_name) | ||
| 1910 | { | ||
| 1911 | if (s->tlsext_hostname != NULL) | ||
| 1912 | OPENSSL_free(s->tlsext_hostname); | ||
| 1913 | s->tlsext_hostname = NULL; | ||
| 1914 | |||
| 1915 | ret = 1; | ||
| 1916 | if (parg == NULL) | ||
| 1917 | break; | ||
| 1918 | if (strlen((char *)parg) > TLSEXT_MAXLEN_host_name) | ||
| 1919 | { | ||
| 1920 | SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME); | ||
| 1921 | return 0; | ||
| 1922 | } | ||
| 1923 | if ((s->tlsext_hostname = BUF_strdup((char *)parg)) == NULL) | ||
| 1924 | { | ||
| 1925 | SSLerr(SSL_F_SSL3_CTRL, ERR_R_INTERNAL_ERROR); | ||
| 1926 | return 0; | ||
| 1927 | } | ||
| 1928 | } | ||
| 1929 | else | ||
| 1930 | { | ||
| 1931 | SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE); | ||
| 1932 | return 0; | ||
| 1933 | } | ||
| 1934 | break; | ||
| 1935 | case SSL_CTRL_SET_TLSEXT_DEBUG_ARG: | ||
| 1936 | s->tlsext_debug_arg=parg; | ||
| 1937 | ret = 1; | ||
| 1938 | break; | ||
| 1939 | |||
| 1940 | case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE: | ||
| 1941 | s->tlsext_status_type=larg; | ||
| 1942 | ret = 1; | ||
| 1943 | break; | ||
| 1944 | |||
| 1945 | case SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS: | ||
| 1946 | *(STACK_OF(X509_EXTENSION) **)parg = s->tlsext_ocsp_exts; | ||
| 1947 | ret = 1; | ||
| 1948 | break; | ||
| 1949 | |||
| 1950 | case SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS: | ||
| 1951 | s->tlsext_ocsp_exts = parg; | ||
| 1952 | ret = 1; | ||
| 1953 | break; | ||
| 1954 | |||
| 1955 | case SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS: | ||
| 1956 | *(STACK_OF(OCSP_RESPID) **)parg = s->tlsext_ocsp_ids; | ||
| 1957 | ret = 1; | ||
| 1958 | break; | ||
| 1959 | |||
| 1960 | case SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS: | ||
| 1961 | s->tlsext_ocsp_ids = parg; | ||
| 1962 | ret = 1; | ||
| 1963 | break; | ||
| 1964 | |||
| 1965 | case SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP: | ||
| 1966 | *(unsigned char **)parg = s->tlsext_ocsp_resp; | ||
| 1967 | return s->tlsext_ocsp_resplen; | ||
| 1968 | |||
| 1969 | case SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP: | ||
| 1970 | if (s->tlsext_ocsp_resp) | ||
| 1971 | OPENSSL_free(s->tlsext_ocsp_resp); | ||
| 1972 | s->tlsext_ocsp_resp = parg; | ||
| 1973 | s->tlsext_ocsp_resplen = larg; | ||
| 1974 | ret = 1; | ||
| 1975 | break; | ||
| 1976 | |||
| 1977 | #endif /* !OPENSSL_NO_TLSEXT */ | ||
| 1266 | default: | 1978 | default: |
| 1267 | break; | 1979 | break; |
| 1268 | } | 1980 | } |
| 1269 | return(ret); | 1981 | return(ret); |
| 1270 | } | 1982 | } |
| 1271 | 1983 | ||
| 1272 | long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp)()) | 1984 | long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp)(void)) |
| 1273 | { | 1985 | { |
| 1274 | int ret=0; | 1986 | int ret=0; |
| 1275 | 1987 | ||
| @@ -1307,6 +2019,19 @@ long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp)()) | |||
| 1307 | } | 2019 | } |
| 1308 | break; | 2020 | break; |
| 1309 | #endif | 2021 | #endif |
| 2022 | #ifndef OPENSSL_NO_ECDH | ||
| 2023 | case SSL_CTRL_SET_TMP_ECDH_CB: | ||
| 2024 | { | ||
| 2025 | s->cert->ecdh_tmp_cb = (EC_KEY *(*)(SSL *, int, int))fp; | ||
| 2026 | } | ||
| 2027 | break; | ||
| 2028 | #endif | ||
| 2029 | #ifndef OPENSSL_NO_TLSEXT | ||
| 2030 | case SSL_CTRL_SET_TLSEXT_DEBUG_CB: | ||
| 2031 | s->tlsext_debug_cb=(void (*)(SSL *,int ,int, | ||
| 2032 | unsigned char *, int, void *))fp; | ||
| 2033 | break; | ||
| 2034 | #endif | ||
| 1310 | default: | 2035 | default: |
| 1311 | break; | 2036 | break; |
| 1312 | } | 2037 | } |
| @@ -1399,6 +2124,83 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) | |||
| 1399 | } | 2124 | } |
| 1400 | break; | 2125 | break; |
| 1401 | #endif | 2126 | #endif |
| 2127 | #ifndef OPENSSL_NO_ECDH | ||
| 2128 | case SSL_CTRL_SET_TMP_ECDH: | ||
| 2129 | { | ||
| 2130 | EC_KEY *ecdh = NULL; | ||
| 2131 | |||
| 2132 | if (parg == NULL) | ||
| 2133 | { | ||
| 2134 | SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_ECDH_LIB); | ||
| 2135 | return 0; | ||
| 2136 | } | ||
| 2137 | ecdh = EC_KEY_dup((EC_KEY *)parg); | ||
| 2138 | if (ecdh == NULL) | ||
| 2139 | { | ||
| 2140 | SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_EC_LIB); | ||
| 2141 | return 0; | ||
| 2142 | } | ||
| 2143 | if (!(ctx->options & SSL_OP_SINGLE_ECDH_USE)) | ||
| 2144 | { | ||
| 2145 | if (!EC_KEY_generate_key(ecdh)) | ||
| 2146 | { | ||
| 2147 | EC_KEY_free(ecdh); | ||
| 2148 | SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_ECDH_LIB); | ||
| 2149 | return 0; | ||
| 2150 | } | ||
| 2151 | } | ||
| 2152 | |||
| 2153 | if (cert->ecdh_tmp != NULL) | ||
| 2154 | { | ||
| 2155 | EC_KEY_free(cert->ecdh_tmp); | ||
| 2156 | } | ||
| 2157 | cert->ecdh_tmp = ecdh; | ||
| 2158 | return 1; | ||
| 2159 | } | ||
| 2160 | /* break; */ | ||
| 2161 | case SSL_CTRL_SET_TMP_ECDH_CB: | ||
| 2162 | { | ||
| 2163 | SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); | ||
| 2164 | return(0); | ||
| 2165 | } | ||
| 2166 | break; | ||
| 2167 | #endif /* !OPENSSL_NO_ECDH */ | ||
| 2168 | #ifndef OPENSSL_NO_TLSEXT | ||
| 2169 | case SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG: | ||
| 2170 | ctx->tlsext_servername_arg=parg; | ||
| 2171 | break; | ||
| 2172 | case SSL_CTRL_SET_TLSEXT_TICKET_KEYS: | ||
| 2173 | case SSL_CTRL_GET_TLSEXT_TICKET_KEYS: | ||
| 2174 | { | ||
| 2175 | unsigned char *keys = parg; | ||
| 2176 | if (!keys) | ||
| 2177 | return 48; | ||
| 2178 | if (larg != 48) | ||
| 2179 | { | ||
| 2180 | SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_INVALID_TICKET_KEYS_LENGTH); | ||
| 2181 | return 0; | ||
| 2182 | } | ||
| 2183 | if (cmd == SSL_CTRL_SET_TLSEXT_TICKET_KEYS) | ||
| 2184 | { | ||
| 2185 | memcpy(ctx->tlsext_tick_key_name, keys, 16); | ||
| 2186 | memcpy(ctx->tlsext_tick_hmac_key, keys + 16, 16); | ||
| 2187 | memcpy(ctx->tlsext_tick_aes_key, keys + 32, 16); | ||
| 2188 | } | ||
| 2189 | else | ||
| 2190 | { | ||
| 2191 | memcpy(keys, ctx->tlsext_tick_key_name, 16); | ||
| 2192 | memcpy(keys + 16, ctx->tlsext_tick_hmac_key, 16); | ||
| 2193 | memcpy(keys + 32, ctx->tlsext_tick_aes_key, 16); | ||
| 2194 | } | ||
| 2195 | return 1; | ||
| 2196 | } | ||
| 2197 | |||
| 2198 | case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG: | ||
| 2199 | ctx->tlsext_status_arg=parg; | ||
| 2200 | return 1; | ||
| 2201 | break; | ||
| 2202 | |||
| 2203 | #endif /* !OPENSSL_NO_TLSEXT */ | ||
| 1402 | /* A Thawte special :-) */ | 2204 | /* A Thawte special :-) */ |
| 1403 | case SSL_CTRL_EXTRA_CHAIN_CERT: | 2205 | case SSL_CTRL_EXTRA_CHAIN_CERT: |
| 1404 | if (ctx->extra_certs == NULL) | 2206 | if (ctx->extra_certs == NULL) |
| @@ -1415,7 +2217,7 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) | |||
| 1415 | return(1); | 2217 | return(1); |
| 1416 | } | 2218 | } |
| 1417 | 2219 | ||
| 1418 | long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)()) | 2220 | long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void)) |
| 1419 | { | 2221 | { |
| 1420 | CERT *cert; | 2222 | CERT *cert; |
| 1421 | 2223 | ||
| @@ -1437,6 +2239,30 @@ long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)()) | |||
| 1437 | } | 2239 | } |
| 1438 | break; | 2240 | break; |
| 1439 | #endif | 2241 | #endif |
| 2242 | #ifndef OPENSSL_NO_ECDH | ||
| 2243 | case SSL_CTRL_SET_TMP_ECDH_CB: | ||
| 2244 | { | ||
| 2245 | cert->ecdh_tmp_cb = (EC_KEY *(*)(SSL *, int, int))fp; | ||
| 2246 | } | ||
| 2247 | break; | ||
| 2248 | #endif | ||
| 2249 | #ifndef OPENSSL_NO_TLSEXT | ||
| 2250 | case SSL_CTRL_SET_TLSEXT_SERVERNAME_CB: | ||
| 2251 | ctx->tlsext_servername_callback=(int (*)(SSL *,int *,void *))fp; | ||
| 2252 | break; | ||
| 2253 | |||
| 2254 | case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB: | ||
| 2255 | ctx->tlsext_status_cb=(int (*)(SSL *,void *))fp; | ||
| 2256 | break; | ||
| 2257 | |||
| 2258 | case SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB: | ||
| 2259 | ctx->tlsext_ticket_key_cb=(int (*)(SSL *,unsigned char *, | ||
| 2260 | unsigned char *, | ||
| 2261 | EVP_CIPHER_CTX *, | ||
| 2262 | HMAC_CTX *, int))fp; | ||
| 2263 | break; | ||
| 2264 | |||
| 2265 | #endif | ||
| 1440 | default: | 2266 | default: |
| 1441 | return(0); | 2267 | return(0); |
| 1442 | } | 2268 | } |
| @@ -1447,41 +2273,19 @@ long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)()) | |||
| 1447 | * available */ | 2273 | * available */ |
| 1448 | SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p) | 2274 | SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p) |
| 1449 | { | 2275 | { |
| 1450 | static int init=1; | 2276 | SSL_CIPHER c,*cp; |
| 1451 | static SSL_CIPHER *sorted[SSL3_NUM_CIPHERS]; | ||
| 1452 | SSL_CIPHER c,*cp= &c,**cpp; | ||
| 1453 | unsigned long id; | 2277 | unsigned long id; |
| 1454 | int i; | ||
| 1455 | |||
| 1456 | if (init) | ||
| 1457 | { | ||
| 1458 | CRYPTO_w_lock(CRYPTO_LOCK_SSL); | ||
| 1459 | |||
| 1460 | if (init) | ||
| 1461 | { | ||
| 1462 | for (i=0; i<SSL3_NUM_CIPHERS; i++) | ||
| 1463 | sorted[i]= &(ssl3_ciphers[i]); | ||
| 1464 | |||
| 1465 | qsort(sorted, | ||
| 1466 | SSL3_NUM_CIPHERS,sizeof(SSL_CIPHER *), | ||
| 1467 | FP_ICC ssl_cipher_ptr_id_cmp); | ||
| 1468 | |||
| 1469 | init=0; | ||
| 1470 | } | ||
| 1471 | |||
| 1472 | CRYPTO_w_unlock(CRYPTO_LOCK_SSL); | ||
| 1473 | } | ||
| 1474 | 2278 | ||
| 1475 | id=0x03000000L|((unsigned long)p[0]<<8L)|(unsigned long)p[1]; | 2279 | id=0x03000000L|((unsigned long)p[0]<<8L)|(unsigned long)p[1]; |
| 1476 | c.id=id; | 2280 | c.id=id; |
| 1477 | cpp=(SSL_CIPHER **)OBJ_bsearch((char *)&cp, | 2281 | cp = (SSL_CIPHER *)OBJ_bsearch((char *)&c, |
| 1478 | (char *)sorted, | 2282 | (char *)ssl3_ciphers, |
| 1479 | SSL3_NUM_CIPHERS,sizeof(SSL_CIPHER *), | 2283 | SSL3_NUM_CIPHERS,sizeof(SSL_CIPHER), |
| 1480 | FP_ICC ssl_cipher_ptr_id_cmp); | 2284 | FP_ICC ssl_cipher_id_cmp); |
| 1481 | if ((cpp == NULL) || !(*cpp)->valid) | 2285 | if (cp == NULL || cp->valid == 0) |
| 1482 | return(NULL); | 2286 | return NULL; |
| 1483 | else | 2287 | else |
| 1484 | return(*cpp); | 2288 | return cp; |
| 1485 | } | 2289 | } |
| 1486 | 2290 | ||
| 1487 | int ssl3_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p) | 2291 | int ssl3_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p) |
| @@ -1504,6 +2308,7 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, | |||
| 1504 | SSL_CIPHER *c,*ret=NULL; | 2308 | SSL_CIPHER *c,*ret=NULL; |
| 1505 | STACK_OF(SSL_CIPHER) *prio, *allow; | 2309 | STACK_OF(SSL_CIPHER) *prio, *allow; |
| 1506 | int i,j,ok; | 2310 | int i,j,ok; |
| 2311 | |||
| 1507 | CERT *cert; | 2312 | CERT *cert; |
| 1508 | unsigned long alg,mask,emask; | 2313 | unsigned long alg,mask,emask; |
| 1509 | 2314 | ||
| @@ -1584,7 +2389,6 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, | |||
| 1584 | } | 2389 | } |
| 1585 | 2390 | ||
| 1586 | if (!ok) continue; | 2391 | if (!ok) continue; |
| 1587 | |||
| 1588 | j=sk_SSL_CIPHER_find(allow,c); | 2392 | j=sk_SSL_CIPHER_find(allow,c); |
| 1589 | if (j >= 0) | 2393 | if (j >= 0) |
| 1590 | { | 2394 | { |
| @@ -1629,6 +2433,26 @@ int ssl3_get_req_cert_type(SSL *s, unsigned char *p) | |||
| 1629 | #ifndef OPENSSL_NO_DSA | 2433 | #ifndef OPENSSL_NO_DSA |
| 1630 | p[ret++]=SSL3_CT_DSS_SIGN; | 2434 | p[ret++]=SSL3_CT_DSS_SIGN; |
| 1631 | #endif | 2435 | #endif |
| 2436 | #ifndef OPENSSL_NO_ECDH | ||
| 2437 | /* We should ask for fixed ECDH certificates only | ||
| 2438 | * for SSL_kECDH (and not SSL_kECDHE) | ||
| 2439 | */ | ||
| 2440 | if ((alg & SSL_kECDH) && (s->version >= TLS1_VERSION)) | ||
| 2441 | { | ||
| 2442 | p[ret++]=TLS_CT_RSA_FIXED_ECDH; | ||
| 2443 | p[ret++]=TLS_CT_ECDSA_FIXED_ECDH; | ||
| 2444 | } | ||
| 2445 | #endif | ||
| 2446 | |||
| 2447 | #ifndef OPENSSL_NO_ECDSA | ||
| 2448 | /* ECDSA certs can be used with RSA cipher suites as well | ||
| 2449 | * so we don't need to check for SSL_kECDH or SSL_kECDHE | ||
| 2450 | */ | ||
| 2451 | if (s->version >= TLS1_VERSION) | ||
| 2452 | { | ||
| 2453 | p[ret++]=TLS_CT_ECDSA_SIGN; | ||
| 2454 | } | ||
| 2455 | #endif | ||
| 1632 | return(ret); | 2456 | return(ret); |
| 1633 | } | 2457 | } |
| 1634 | 2458 | ||
| @@ -1656,13 +2480,13 @@ int ssl3_shutdown(SSL *s) | |||
| 1656 | { | 2480 | { |
| 1657 | /* resend it if not sent */ | 2481 | /* resend it if not sent */ |
| 1658 | #if 1 | 2482 | #if 1 |
| 1659 | ssl3_dispatch_alert(s); | 2483 | s->method->ssl_dispatch_alert(s); |
| 1660 | #endif | 2484 | #endif |
| 1661 | } | 2485 | } |
| 1662 | else if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) | 2486 | else if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) |
| 1663 | { | 2487 | { |
| 1664 | /* If we are waiting for a close from our peer, we are closed */ | 2488 | /* If we are waiting for a close from our peer, we are closed */ |
| 1665 | ssl3_read_bytes(s,0,NULL,0,0); | 2489 | s->method->ssl_read_bytes(s,0,NULL,0,0); |
| 1666 | } | 2490 | } |
| 1667 | 2491 | ||
| 1668 | if ((s->shutdown == (SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN)) && | 2492 | if ((s->shutdown == (SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN)) && |
| @@ -1717,8 +2541,8 @@ int ssl3_write(SSL *s, const void *buf, int len) | |||
| 1717 | } | 2541 | } |
| 1718 | else | 2542 | else |
| 1719 | { | 2543 | { |
| 1720 | ret=ssl3_write_bytes(s,SSL3_RT_APPLICATION_DATA, | 2544 | ret=s->method->ssl_write_bytes(s,SSL3_RT_APPLICATION_DATA, |
| 1721 | buf,len); | 2545 | buf,len); |
| 1722 | if (ret <= 0) return(ret); | 2546 | if (ret <= 0) return(ret); |
| 1723 | } | 2547 | } |
| 1724 | 2548 | ||
| @@ -1732,7 +2556,7 @@ static int ssl3_read_internal(SSL *s, void *buf, int len, int peek) | |||
| 1732 | clear_sys_error(); | 2556 | clear_sys_error(); |
| 1733 | if (s->s3->renegotiate) ssl3_renegotiate_check(s); | 2557 | if (s->s3->renegotiate) ssl3_renegotiate_check(s); |
| 1734 | s->s3->in_read_app_data=1; | 2558 | s->s3->in_read_app_data=1; |
| 1735 | ret=ssl3_read_bytes(s,SSL3_RT_APPLICATION_DATA,buf,len,peek); | 2559 | ret=s->method->ssl_read_bytes(s,SSL3_RT_APPLICATION_DATA,buf,len,peek); |
| 1736 | if ((ret == -1) && (s->s3->in_read_app_data == 2)) | 2560 | if ((ret == -1) && (s->s3->in_read_app_data == 2)) |
| 1737 | { | 2561 | { |
| 1738 | /* ssl3_read_bytes decided to call s->handshake_func, which | 2562 | /* ssl3_read_bytes decided to call s->handshake_func, which |
| @@ -1741,7 +2565,7 @@ static int ssl3_read_internal(SSL *s, void *buf, int len, int peek) | |||
| 1741 | * and thinks that application data makes sense here; so disable | 2565 | * and thinks that application data makes sense here; so disable |
| 1742 | * handshake processing and try to read application data again. */ | 2566 | * handshake processing and try to read application data again. */ |
| 1743 | s->in_handshake++; | 2567 | s->in_handshake++; |
| 1744 | ret=ssl3_read_bytes(s,SSL3_RT_APPLICATION_DATA,buf,len,peek); | 2568 | ret=s->method->ssl_read_bytes(s,SSL3_RT_APPLICATION_DATA,buf,len,peek); |
| 1745 | s->in_handshake--; | 2569 | s->in_handshake--; |
| 1746 | } | 2570 | } |
| 1747 | else | 2571 | else |
diff --git a/src/lib/libssl/src/ssl/s3_meth.c b/src/lib/libssl/src/ssl/s3_meth.c index 1fd7a96f87..6a6eb1c58f 100644 --- a/src/lib/libssl/src/ssl/s3_meth.c +++ b/src/lib/libssl/src/ssl/s3_meth.c | |||
| @@ -69,27 +69,9 @@ static SSL_METHOD *ssl3_get_method(int ver) | |||
| 69 | return(NULL); | 69 | return(NULL); |
| 70 | } | 70 | } |
| 71 | 71 | ||
| 72 | SSL_METHOD *SSLv3_method(void) | 72 | IMPLEMENT_ssl3_meth_func(SSLv3_method, |
| 73 | { | 73 | ssl3_accept, |
| 74 | static int init=1; | 74 | ssl3_connect, |
| 75 | static SSL_METHOD SSLv3_data; | 75 | ssl3_get_method) |
| 76 | |||
| 77 | if (init) | ||
| 78 | { | ||
| 79 | CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD); | ||
| 80 | |||
| 81 | if (init) | ||
| 82 | { | ||
| 83 | memcpy((char *)&SSLv3_data,(char *)sslv3_base_method(), | ||
| 84 | sizeof(SSL_METHOD)); | ||
| 85 | SSLv3_data.ssl_connect=ssl3_connect; | ||
| 86 | SSLv3_data.ssl_accept=ssl3_accept; | ||
| 87 | SSLv3_data.get_ssl_method=ssl3_get_method; | ||
| 88 | init=0; | ||
| 89 | } | ||
| 90 | 76 | ||
| 91 | CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD); | ||
| 92 | } | ||
| 93 | return(&SSLv3_data); | ||
| 94 | } | ||
| 95 | 77 | ||
diff --git a/src/lib/libssl/src/ssl/s3_pkt.c b/src/lib/libssl/src/ssl/s3_pkt.c index cb0b12b400..44c7c143fe 100644 --- a/src/lib/libssl/src/ssl/s3_pkt.c +++ b/src/lib/libssl/src/ssl/s3_pkt.c | |||
| @@ -118,15 +118,9 @@ | |||
| 118 | 118 | ||
| 119 | static int do_ssl3_write(SSL *s, int type, const unsigned char *buf, | 119 | static int do_ssl3_write(SSL *s, int type, const unsigned char *buf, |
| 120 | unsigned int len, int create_empty_fragment); | 120 | unsigned int len, int create_empty_fragment); |
| 121 | static int ssl3_write_pending(SSL *s, int type, const unsigned char *buf, | ||
| 122 | unsigned int len); | ||
| 123 | static int ssl3_get_record(SSL *s); | 121 | static int ssl3_get_record(SSL *s); |
| 124 | static int do_compress(SSL *ssl); | ||
| 125 | static int do_uncompress(SSL *ssl); | ||
| 126 | static int do_change_cipher_spec(SSL *ssl); | ||
| 127 | 122 | ||
| 128 | /* used only by ssl3_get_record */ | 123 | int ssl3_read_n(SSL *s, int n, int max, int extend) |
| 129 | static int ssl3_read_n(SSL *s, int n, int max, int extend) | ||
| 130 | { | 124 | { |
| 131 | /* If extend == 0, obtain new n-byte packet; if extend == 1, increase | 125 | /* If extend == 0, obtain new n-byte packet; if extend == 1, increase |
| 132 | * packet by another n bytes. | 126 | * packet by another n bytes. |
| @@ -147,6 +141,14 @@ static int ssl3_read_n(SSL *s, int n, int max, int extend) | |||
| 147 | /* ... now we can act as if 'extend' was set */ | 141 | /* ... now we can act as if 'extend' was set */ |
| 148 | } | 142 | } |
| 149 | 143 | ||
| 144 | /* extend reads should not span multiple packets for DTLS */ | ||
| 145 | if ( SSL_version(s) == DTLS1_VERSION && | ||
| 146 | extend) | ||
| 147 | { | ||
| 148 | if ( s->s3->rbuf.left > 0 && n > s->s3->rbuf.left) | ||
| 149 | n = s->s3->rbuf.left; | ||
| 150 | } | ||
| 151 | |||
| 150 | /* if there is enough in the buffer from a previous read, take some */ | 152 | /* if there is enough in the buffer from a previous read, take some */ |
| 151 | if (s->s3->rbuf.left >= (int)n) | 153 | if (s->s3->rbuf.left >= (int)n) |
| 152 | { | 154 | { |
| @@ -275,11 +277,7 @@ again: | |||
| 275 | n2s(p,rr->length); | 277 | n2s(p,rr->length); |
| 276 | 278 | ||
| 277 | /* Lets check version */ | 279 | /* Lets check version */ |
| 278 | if (s->first_packet) | 280 | if (!s->first_packet) |
| 279 | { | ||
| 280 | s->first_packet=0; | ||
| 281 | } | ||
| 282 | else | ||
| 283 | { | 281 | { |
| 284 | if (version != s->version) | 282 | if (version != s->version) |
| 285 | { | 283 | { |
| @@ -434,7 +432,7 @@ printf("\n"); | |||
| 434 | SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_COMPRESSED_LENGTH_TOO_LONG); | 432 | SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_COMPRESSED_LENGTH_TOO_LONG); |
| 435 | goto f_err; | 433 | goto f_err; |
| 436 | } | 434 | } |
| 437 | if (!do_uncompress(s)) | 435 | if (!ssl3_do_uncompress(s)) |
| 438 | { | 436 | { |
| 439 | al=SSL_AD_DECOMPRESSION_FAILURE; | 437 | al=SSL_AD_DECOMPRESSION_FAILURE; |
| 440 | SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_BAD_DECOMPRESSION); | 438 | SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_BAD_DECOMPRESSION); |
| @@ -472,8 +470,9 @@ err: | |||
| 472 | return(ret); | 470 | return(ret); |
| 473 | } | 471 | } |
| 474 | 472 | ||
| 475 | static int do_uncompress(SSL *ssl) | 473 | int ssl3_do_uncompress(SSL *ssl) |
| 476 | { | 474 | { |
| 475 | #ifndef OPENSSL_NO_COMP | ||
| 477 | int i; | 476 | int i; |
| 478 | SSL3_RECORD *rr; | 477 | SSL3_RECORD *rr; |
| 479 | 478 | ||
| @@ -485,12 +484,13 @@ static int do_uncompress(SSL *ssl) | |||
| 485 | else | 484 | else |
| 486 | rr->length=i; | 485 | rr->length=i; |
| 487 | rr->data=rr->comp; | 486 | rr->data=rr->comp; |
| 488 | 487 | #endif | |
| 489 | return(1); | 488 | return(1); |
| 490 | } | 489 | } |
| 491 | 490 | ||
| 492 | static int do_compress(SSL *ssl) | 491 | int ssl3_do_compress(SSL *ssl) |
| 493 | { | 492 | { |
| 493 | #ifndef OPENSSL_NO_COMP | ||
| 494 | int i; | 494 | int i; |
| 495 | SSL3_RECORD *wr; | 495 | SSL3_RECORD *wr; |
| 496 | 496 | ||
| @@ -504,6 +504,7 @@ static int do_compress(SSL *ssl) | |||
| 504 | wr->length=i; | 504 | wr->length=i; |
| 505 | 505 | ||
| 506 | wr->input=wr->data; | 506 | wr->input=wr->data; |
| 507 | #endif | ||
| 507 | return(1); | 508 | return(1); |
| 508 | } | 509 | } |
| 509 | 510 | ||
| @@ -580,7 +581,7 @@ static int do_ssl3_write(SSL *s, int type, const unsigned char *buf, | |||
| 580 | /* If we have an alert to send, lets send it */ | 581 | /* If we have an alert to send, lets send it */ |
| 581 | if (s->s3->alert_dispatch) | 582 | if (s->s3->alert_dispatch) |
| 582 | { | 583 | { |
| 583 | i=ssl3_dispatch_alert(s); | 584 | i=s->method->ssl_dispatch_alert(s); |
| 584 | if (i <= 0) | 585 | if (i <= 0) |
| 585 | return(i); | 586 | return(i); |
| 586 | /* if it went, fall through and send more stuff */ | 587 | /* if it went, fall through and send more stuff */ |
| @@ -655,7 +656,7 @@ static int do_ssl3_write(SSL *s, int type, const unsigned char *buf, | |||
| 655 | /* first we compress */ | 656 | /* first we compress */ |
| 656 | if (s->compress != NULL) | 657 | if (s->compress != NULL) |
| 657 | { | 658 | { |
| 658 | if (!do_compress(s)) | 659 | if (!ssl3_do_compress(s)) |
| 659 | { | 660 | { |
| 660 | SSLerr(SSL_F_DO_SSL3_WRITE,SSL_R_COMPRESSION_FAILURE); | 661 | SSLerr(SSL_F_DO_SSL3_WRITE,SSL_R_COMPRESSION_FAILURE); |
| 661 | goto err; | 662 | goto err; |
| @@ -716,8 +717,8 @@ err: | |||
| 716 | } | 717 | } |
| 717 | 718 | ||
| 718 | /* if s->s3->wbuf.left != 0, we need to call this */ | 719 | /* if s->s3->wbuf.left != 0, we need to call this */ |
| 719 | static int ssl3_write_pending(SSL *s, int type, const unsigned char *buf, | 720 | int ssl3_write_pending(SSL *s, int type, const unsigned char *buf, |
| 720 | unsigned int len) | 721 | unsigned int len) |
| 721 | { | 722 | { |
| 722 | int i; | 723 | int i; |
| 723 | 724 | ||
| @@ -1089,7 +1090,7 @@ start: | |||
| 1089 | if (s->s3->tmp.new_cipher == NULL) | 1090 | if (s->s3->tmp.new_cipher == NULL) |
| 1090 | { | 1091 | { |
| 1091 | al=SSL_AD_UNEXPECTED_MESSAGE; | 1092 | al=SSL_AD_UNEXPECTED_MESSAGE; |
| 1092 | SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_CCS_RECEIVED_EARLY); | 1093 | SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_CCS_RECEIVED_EARLY); |
| 1093 | goto f_err; | 1094 | goto f_err; |
| 1094 | } | 1095 | } |
| 1095 | 1096 | ||
| @@ -1099,7 +1100,7 @@ start: | |||
| 1099 | s->msg_callback(0, s->version, SSL3_RT_CHANGE_CIPHER_SPEC, rr->data, 1, s, s->msg_callback_arg); | 1100 | s->msg_callback(0, s->version, SSL3_RT_CHANGE_CIPHER_SPEC, rr->data, 1, s, s->msg_callback_arg); |
| 1100 | 1101 | ||
| 1101 | s->s3->change_cipher_spec=1; | 1102 | s->s3->change_cipher_spec=1; |
| 1102 | if (!do_change_cipher_spec(s)) | 1103 | if (!ssl3_do_change_cipher_spec(s)) |
| 1103 | goto err; | 1104 | goto err; |
| 1104 | else | 1105 | else |
| 1105 | goto start; | 1106 | goto start; |
| @@ -1211,7 +1212,7 @@ err: | |||
| 1211 | return(-1); | 1212 | return(-1); |
| 1212 | } | 1213 | } |
| 1213 | 1214 | ||
| 1214 | static int do_change_cipher_spec(SSL *s) | 1215 | int ssl3_do_change_cipher_spec(SSL *s) |
| 1215 | { | 1216 | { |
| 1216 | int i; | 1217 | int i; |
| 1217 | const char *sender; | 1218 | const char *sender; |
| @@ -1268,7 +1269,7 @@ void ssl3_send_alert(SSL *s, int level, int desc) | |||
| 1268 | s->s3->send_alert[0]=level; | 1269 | s->s3->send_alert[0]=level; |
| 1269 | s->s3->send_alert[1]=desc; | 1270 | s->s3->send_alert[1]=desc; |
| 1270 | if (s->s3->wbuf.left == 0) /* data still being written out? */ | 1271 | if (s->s3->wbuf.left == 0) /* data still being written out? */ |
| 1271 | ssl3_dispatch_alert(s); | 1272 | s->method->ssl_dispatch_alert(s); |
| 1272 | /* else data is still being written out, we will get written | 1273 | /* else data is still being written out, we will get written |
| 1273 | * some time in the future */ | 1274 | * some time in the future */ |
| 1274 | } | 1275 | } |
diff --git a/src/lib/libssl/src/ssl/s3_srvr.c b/src/lib/libssl/src/ssl/s3_srvr.c index 36fc39d7f8..903522ab59 100644 --- a/src/lib/libssl/src/ssl/s3_srvr.c +++ b/src/lib/libssl/src/ssl/s3_srvr.c | |||
| @@ -56,7 +56,7 @@ | |||
| 56 | * [including the GNU Public Licence.] | 56 | * [including the GNU Public Licence.] |
| 57 | */ | 57 | */ |
| 58 | /* ==================================================================== | 58 | /* ==================================================================== |
| 59 | * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. | 59 | * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved. |
| 60 | * | 60 | * |
| 61 | * Redistribution and use in source and binary forms, with or without | 61 | * Redistribution and use in source and binary forms, with or without |
| 62 | * modification, are permitted provided that the following conditions | 62 | * modification, are permitted provided that the following conditions |
| @@ -108,11 +108,23 @@ | |||
| 108 | * Hudson (tjh@cryptsoft.com). | 108 | * Hudson (tjh@cryptsoft.com). |
| 109 | * | 109 | * |
| 110 | */ | 110 | */ |
| 111 | /* ==================================================================== | ||
| 112 | * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. | ||
| 113 | * | ||
| 114 | * Portions of the attached software ("Contribution") are developed by | ||
| 115 | * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project. | ||
| 116 | * | ||
| 117 | * The Contribution is licensed pursuant to the OpenSSL open source | ||
| 118 | * license provided above. | ||
| 119 | * | ||
| 120 | * ECC cipher suite support in OpenSSL originally written by | ||
| 121 | * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories. | ||
| 122 | * | ||
| 123 | */ | ||
| 111 | 124 | ||
| 112 | #define REUSE_CIPHER_BUG | 125 | #define REUSE_CIPHER_BUG |
| 113 | #define NETSCAPE_HANG_BUG | 126 | #define NETSCAPE_HANG_BUG |
| 114 | 127 | ||
| 115 | |||
| 116 | #include <stdio.h> | 128 | #include <stdio.h> |
| 117 | #include "ssl_locl.h" | 129 | #include "ssl_locl.h" |
| 118 | #include "kssl_lcl.h" | 130 | #include "kssl_lcl.h" |
| @@ -120,24 +132,21 @@ | |||
| 120 | #include <openssl/rand.h> | 132 | #include <openssl/rand.h> |
| 121 | #include <openssl/objects.h> | 133 | #include <openssl/objects.h> |
| 122 | #include <openssl/evp.h> | 134 | #include <openssl/evp.h> |
| 135 | #include <openssl/hmac.h> | ||
| 123 | #include <openssl/x509.h> | 136 | #include <openssl/x509.h> |
| 137 | #ifndef OPENSSL_NO_DH | ||
| 138 | #include <openssl/dh.h> | ||
| 139 | #endif | ||
| 140 | #include <openssl/bn.h> | ||
| 124 | #ifndef OPENSSL_NO_KRB5 | 141 | #ifndef OPENSSL_NO_KRB5 |
| 125 | #include <openssl/krb5_asn.h> | 142 | #include <openssl/krb5_asn.h> |
| 126 | #endif | 143 | #endif |
| 127 | #include <openssl/md5.h> | 144 | #include <openssl/md5.h> |
| 128 | #include <openssl/fips.h> | ||
| 129 | 145 | ||
| 130 | static SSL_METHOD *ssl3_get_server_method(int ver); | 146 | static SSL_METHOD *ssl3_get_server_method(int ver); |
| 131 | static int ssl3_get_client_hello(SSL *s); | 147 | #ifndef OPENSSL_NO_ECDH |
| 132 | static int ssl3_check_client_hello(SSL *s); | 148 | static int nid2curve_id(int nid); |
| 133 | static int ssl3_send_server_hello(SSL *s); | 149 | #endif |
| 134 | static int ssl3_send_server_key_exchange(SSL *s); | ||
| 135 | static int ssl3_send_certificate_request(SSL *s); | ||
| 136 | static int ssl3_send_server_done(SSL *s); | ||
| 137 | static int ssl3_get_client_key_exchange(SSL *s); | ||
| 138 | static int ssl3_get_client_certificate(SSL *s); | ||
| 139 | static int ssl3_get_cert_verify(SSL *s); | ||
| 140 | static int ssl3_send_hello_request(SSL *s); | ||
| 141 | 150 | ||
| 142 | static SSL_METHOD *ssl3_get_server_method(int ver) | 151 | static SSL_METHOD *ssl3_get_server_method(int ver) |
| 143 | { | 152 | { |
| @@ -147,28 +156,10 @@ static SSL_METHOD *ssl3_get_server_method(int ver) | |||
| 147 | return(NULL); | 156 | return(NULL); |
| 148 | } | 157 | } |
| 149 | 158 | ||
| 150 | SSL_METHOD *SSLv3_server_method(void) | 159 | IMPLEMENT_ssl3_meth_func(SSLv3_server_method, |
| 151 | { | 160 | ssl3_accept, |
| 152 | static int init=1; | 161 | ssl_undefined_function, |
| 153 | static SSL_METHOD SSLv3_server_data; | 162 | ssl3_get_server_method) |
| 154 | |||
| 155 | if (init) | ||
| 156 | { | ||
| 157 | CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD); | ||
| 158 | |||
| 159 | if (init) | ||
| 160 | { | ||
| 161 | memcpy((char *)&SSLv3_server_data,(char *)sslv3_base_method(), | ||
| 162 | sizeof(SSL_METHOD)); | ||
| 163 | SSLv3_server_data.ssl_accept=ssl3_accept; | ||
| 164 | SSLv3_server_data.get_ssl_method=ssl3_get_server_method; | ||
| 165 | init=0; | ||
| 166 | } | ||
| 167 | |||
| 168 | CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD); | ||
| 169 | } | ||
| 170 | return(&SSLv3_server_data); | ||
| 171 | } | ||
| 172 | 163 | ||
| 173 | int ssl3_accept(SSL *s) | 164 | int ssl3_accept(SSL *s) |
| 174 | { | 165 | { |
| @@ -299,9 +290,18 @@ int ssl3_accept(SSL *s) | |||
| 299 | case SSL3_ST_SW_SRVR_HELLO_B: | 290 | case SSL3_ST_SW_SRVR_HELLO_B: |
| 300 | ret=ssl3_send_server_hello(s); | 291 | ret=ssl3_send_server_hello(s); |
| 301 | if (ret <= 0) goto end; | 292 | if (ret <= 0) goto end; |
| 302 | 293 | #ifndef OPENSSL_NO_TLSEXT | |
| 303 | if (s->hit) | 294 | if (s->hit) |
| 304 | s->state=SSL3_ST_SW_CHANGE_A; | 295 | { |
| 296 | if (s->tlsext_ticket_expected) | ||
| 297 | s->state=SSL3_ST_SW_SESSION_TICKET_A; | ||
| 298 | else | ||
| 299 | s->state=SSL3_ST_SW_CHANGE_A; | ||
| 300 | } | ||
| 301 | #else | ||
| 302 | if (s->hit) | ||
| 303 | s->state=SSL3_ST_SW_CHANGE_A; | ||
| 304 | #endif | ||
| 305 | else | 305 | else |
| 306 | s->state=SSL3_ST_SW_CERT_A; | 306 | s->state=SSL3_ST_SW_CERT_A; |
| 307 | s->init_num=0; | 307 | s->init_num=0; |
| @@ -309,15 +309,30 @@ int ssl3_accept(SSL *s) | |||
| 309 | 309 | ||
| 310 | case SSL3_ST_SW_CERT_A: | 310 | case SSL3_ST_SW_CERT_A: |
| 311 | case SSL3_ST_SW_CERT_B: | 311 | case SSL3_ST_SW_CERT_B: |
| 312 | /* Check if it is anon DH */ | 312 | /* Check if it is anon DH or anon ECDH or KRB5 */ |
| 313 | if (!(s->s3->tmp.new_cipher->algorithms & SSL_aNULL)) | 313 | if (!(s->s3->tmp.new_cipher->algorithms & SSL_aNULL) |
| 314 | && !(s->s3->tmp.new_cipher->algorithms & SSL_aKRB5)) | ||
| 314 | { | 315 | { |
| 315 | ret=ssl3_send_server_certificate(s); | 316 | ret=ssl3_send_server_certificate(s); |
| 316 | if (ret <= 0) goto end; | 317 | if (ret <= 0) goto end; |
| 318 | #ifndef OPENSSL_NO_TLSEXT | ||
| 319 | if (s->tlsext_status_expected) | ||
| 320 | s->state=SSL3_ST_SW_CERT_STATUS_A; | ||
| 321 | else | ||
| 322 | s->state=SSL3_ST_SW_KEY_EXCH_A; | ||
| 323 | } | ||
| 324 | else | ||
| 325 | { | ||
| 326 | skip = 1; | ||
| 327 | s->state=SSL3_ST_SW_KEY_EXCH_A; | ||
| 328 | } | ||
| 329 | #else | ||
| 317 | } | 330 | } |
| 318 | else | 331 | else |
| 319 | skip=1; | 332 | skip=1; |
| 333 | |||
| 320 | s->state=SSL3_ST_SW_KEY_EXCH_A; | 334 | s->state=SSL3_ST_SW_KEY_EXCH_A; |
| 335 | #endif | ||
| 321 | s->init_num=0; | 336 | s->init_num=0; |
| 322 | break; | 337 | break; |
| 323 | 338 | ||
| @@ -340,9 +355,18 @@ int ssl3_accept(SSL *s) | |||
| 340 | else | 355 | else |
| 341 | s->s3->tmp.use_rsa_tmp=0; | 356 | s->s3->tmp.use_rsa_tmp=0; |
| 342 | 357 | ||
| 358 | |||
| 343 | /* only send if a DH key exchange, fortezza or | 359 | /* only send if a DH key exchange, fortezza or |
| 344 | * RSA but we have a sign only certificate */ | 360 | * RSA but we have a sign only certificate |
| 361 | * | ||
| 362 | * For ECC ciphersuites, we send a serverKeyExchange | ||
| 363 | * message only if the cipher suite is either | ||
| 364 | * ECDH-anon or ECDHE. In other cases, the | ||
| 365 | * server certificate contains the server's | ||
| 366 | * public key for key exchange. | ||
| 367 | */ | ||
| 345 | if (s->s3->tmp.use_rsa_tmp | 368 | if (s->s3->tmp.use_rsa_tmp |
| 369 | || (l & SSL_kECDHE) | ||
| 346 | || (l & (SSL_DH|SSL_kFZA)) | 370 | || (l & (SSL_DH|SSL_kFZA)) |
| 347 | || ((l & SSL_kRSA) | 371 | || ((l & SSL_kRSA) |
| 348 | && (s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL | 372 | && (s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL |
| @@ -446,19 +470,33 @@ int ssl3_accept(SSL *s) | |||
| 446 | case SSL3_ST_SR_KEY_EXCH_A: | 470 | case SSL3_ST_SR_KEY_EXCH_A: |
| 447 | case SSL3_ST_SR_KEY_EXCH_B: | 471 | case SSL3_ST_SR_KEY_EXCH_B: |
| 448 | ret=ssl3_get_client_key_exchange(s); | 472 | ret=ssl3_get_client_key_exchange(s); |
| 449 | if (ret <= 0) goto end; | 473 | if (ret <= 0) |
| 450 | s->state=SSL3_ST_SR_CERT_VRFY_A; | 474 | goto end; |
| 451 | s->init_num=0; | 475 | if (ret == 2) |
| 452 | 476 | { | |
| 453 | /* We need to get hashes here so if there is | 477 | /* For the ECDH ciphersuites when |
| 454 | * a client cert, it can be verified */ | 478 | * the client sends its ECDH pub key in |
| 455 | s->method->ssl3_enc->cert_verify_mac(s, | 479 | * a certificate, the CertificateVerify |
| 456 | &(s->s3->finish_dgst1), | 480 | * message is not sent. |
| 457 | &(s->s3->tmp.cert_verify_md[0])); | 481 | */ |
| 458 | s->method->ssl3_enc->cert_verify_mac(s, | 482 | s->state=SSL3_ST_SR_FINISHED_A; |
| 459 | &(s->s3->finish_dgst2), | 483 | s->init_num = 0; |
| 460 | &(s->s3->tmp.cert_verify_md[MD5_DIGEST_LENGTH])); | 484 | } |
| 485 | else | ||
| 486 | { | ||
| 487 | s->state=SSL3_ST_SR_CERT_VRFY_A; | ||
| 488 | s->init_num=0; | ||
| 461 | 489 | ||
| 490 | /* We need to get hashes here so if there is | ||
| 491 | * a client cert, it can be verified | ||
| 492 | */ | ||
| 493 | s->method->ssl3_enc->cert_verify_mac(s, | ||
| 494 | &(s->s3->finish_dgst1), | ||
| 495 | &(s->s3->tmp.cert_verify_md[0])); | ||
| 496 | s->method->ssl3_enc->cert_verify_mac(s, | ||
| 497 | &(s->s3->finish_dgst2), | ||
| 498 | &(s->s3->tmp.cert_verify_md[MD5_DIGEST_LENGTH])); | ||
| 499 | } | ||
| 462 | break; | 500 | break; |
| 463 | 501 | ||
| 464 | case SSL3_ST_SR_CERT_VRFY_A: | 502 | case SSL3_ST_SR_CERT_VRFY_A: |
| @@ -479,11 +517,34 @@ int ssl3_accept(SSL *s) | |||
| 479 | if (ret <= 0) goto end; | 517 | if (ret <= 0) goto end; |
| 480 | if (s->hit) | 518 | if (s->hit) |
| 481 | s->state=SSL_ST_OK; | 519 | s->state=SSL_ST_OK; |
| 520 | #ifndef OPENSSL_NO_TLSEXT | ||
| 521 | else if (s->tlsext_ticket_expected) | ||
| 522 | s->state=SSL3_ST_SW_SESSION_TICKET_A; | ||
| 523 | #endif | ||
| 482 | else | 524 | else |
| 483 | s->state=SSL3_ST_SW_CHANGE_A; | 525 | s->state=SSL3_ST_SW_CHANGE_A; |
| 484 | s->init_num=0; | 526 | s->init_num=0; |
| 485 | break; | 527 | break; |
| 486 | 528 | ||
| 529 | #ifndef OPENSSL_NO_TLSEXT | ||
| 530 | case SSL3_ST_SW_SESSION_TICKET_A: | ||
| 531 | case SSL3_ST_SW_SESSION_TICKET_B: | ||
| 532 | ret=ssl3_send_newsession_ticket(s); | ||
| 533 | if (ret <= 0) goto end; | ||
| 534 | s->state=SSL3_ST_SW_CHANGE_A; | ||
| 535 | s->init_num=0; | ||
| 536 | break; | ||
| 537 | |||
| 538 | case SSL3_ST_SW_CERT_STATUS_A: | ||
| 539 | case SSL3_ST_SW_CERT_STATUS_B: | ||
| 540 | ret=ssl3_send_cert_status(s); | ||
| 541 | if (ret <= 0) goto end; | ||
| 542 | s->state=SSL3_ST_SW_KEY_EXCH_A; | ||
| 543 | s->init_num=0; | ||
| 544 | break; | ||
| 545 | |||
| 546 | #endif | ||
| 547 | |||
| 487 | case SSL3_ST_SW_CHANGE_A: | 548 | case SSL3_ST_SW_CHANGE_A: |
| 488 | case SSL3_ST_SW_CHANGE_B: | 549 | case SSL3_ST_SW_CHANGE_B: |
| 489 | 550 | ||
| @@ -589,7 +650,7 @@ end: | |||
| 589 | return(ret); | 650 | return(ret); |
| 590 | } | 651 | } |
| 591 | 652 | ||
| 592 | static int ssl3_send_hello_request(SSL *s) | 653 | int ssl3_send_hello_request(SSL *s) |
| 593 | { | 654 | { |
| 594 | unsigned char *p; | 655 | unsigned char *p; |
| 595 | 656 | ||
| @@ -611,14 +672,14 @@ static int ssl3_send_hello_request(SSL *s) | |||
| 611 | return(ssl3_do_write(s,SSL3_RT_HANDSHAKE)); | 672 | return(ssl3_do_write(s,SSL3_RT_HANDSHAKE)); |
| 612 | } | 673 | } |
| 613 | 674 | ||
| 614 | static int ssl3_check_client_hello(SSL *s) | 675 | int ssl3_check_client_hello(SSL *s) |
| 615 | { | 676 | { |
| 616 | int ok; | 677 | int ok; |
| 617 | long n; | 678 | long n; |
| 618 | 679 | ||
| 619 | /* this function is called when we really expect a Certificate message, | 680 | /* this function is called when we really expect a Certificate message, |
| 620 | * so permit appropriate message length */ | 681 | * so permit appropriate message length */ |
| 621 | n=ssl3_get_message(s, | 682 | n=s->method->ssl_get_message(s, |
| 622 | SSL3_ST_SR_CERT_A, | 683 | SSL3_ST_SR_CERT_A, |
| 623 | SSL3_ST_SR_CERT_B, | 684 | SSL3_ST_SR_CERT_B, |
| 624 | -1, | 685 | -1, |
| @@ -644,14 +705,17 @@ static int ssl3_check_client_hello(SSL *s) | |||
| 644 | return 1; | 705 | return 1; |
| 645 | } | 706 | } |
| 646 | 707 | ||
| 647 | static int ssl3_get_client_hello(SSL *s) | 708 | int ssl3_get_client_hello(SSL *s) |
| 648 | { | 709 | { |
| 649 | int i,j,ok,al,ret= -1; | 710 | int i,j,ok,al,ret= -1; |
| 711 | unsigned int cookie_len; | ||
| 650 | long n; | 712 | long n; |
| 651 | unsigned long id; | 713 | unsigned long id; |
| 652 | unsigned char *p,*d,*q; | 714 | unsigned char *p,*d,*q; |
| 653 | SSL_CIPHER *c; | 715 | SSL_CIPHER *c; |
| 716 | #ifndef OPENSSL_NO_COMP | ||
| 654 | SSL_COMP *comp=NULL; | 717 | SSL_COMP *comp=NULL; |
| 718 | #endif | ||
| 655 | STACK_OF(SSL_CIPHER) *ciphers=NULL; | 719 | STACK_OF(SSL_CIPHER) *ciphers=NULL; |
| 656 | 720 | ||
| 657 | /* We do this so that we will respond with our native type. | 721 | /* We do this so that we will respond with our native type. |
| @@ -662,10 +726,10 @@ static int ssl3_get_client_hello(SSL *s) | |||
| 662 | */ | 726 | */ |
| 663 | if (s->state == SSL3_ST_SR_CLNT_HELLO_A) | 727 | if (s->state == SSL3_ST_SR_CLNT_HELLO_A) |
| 664 | { | 728 | { |
| 665 | s->first_packet=1; | ||
| 666 | s->state=SSL3_ST_SR_CLNT_HELLO_B; | 729 | s->state=SSL3_ST_SR_CLNT_HELLO_B; |
| 667 | } | 730 | } |
| 668 | n=ssl3_get_message(s, | 731 | s->first_packet=1; |
| 732 | n=s->method->ssl_get_message(s, | ||
| 669 | SSL3_ST_SR_CLNT_HELLO_B, | 733 | SSL3_ST_SR_CLNT_HELLO_B, |
| 670 | SSL3_ST_SR_CLNT_HELLO_C, | 734 | SSL3_ST_SR_CLNT_HELLO_C, |
| 671 | SSL3_MT_CLIENT_HELLO, | 735 | SSL3_MT_CLIENT_HELLO, |
| @@ -673,6 +737,7 @@ static int ssl3_get_client_hello(SSL *s) | |||
| 673 | &ok); | 737 | &ok); |
| 674 | 738 | ||
| 675 | if (!ok) return((int)n); | 739 | if (!ok) return((int)n); |
| 740 | s->first_packet=0; | ||
| 676 | d=p=(unsigned char *)s->init_msg; | 741 | d=p=(unsigned char *)s->init_msg; |
| 677 | 742 | ||
| 678 | /* use version from inside client hello, not from record header | 743 | /* use version from inside client hello, not from record header |
| @@ -680,7 +745,8 @@ static int ssl3_get_client_hello(SSL *s) | |||
| 680 | s->client_version=(((int)p[0])<<8)|(int)p[1]; | 745 | s->client_version=(((int)p[0])<<8)|(int)p[1]; |
| 681 | p+=2; | 746 | p+=2; |
| 682 | 747 | ||
| 683 | if (s->client_version < s->version) | 748 | if ((s->version == DTLS1_VERSION && s->client_version > s->version) || |
| 749 | (s->version != DTLS1_VERSION && s->client_version < s->version)) | ||
| 684 | { | 750 | { |
| 685 | SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_WRONG_VERSION_NUMBER); | 751 | SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_WRONG_VERSION_NUMBER); |
| 686 | if ((s->client_version>>8) == SSL3_VERSION_MAJOR) | 752 | if ((s->client_version>>8) == SSL3_VERSION_MAJOR) |
| @@ -708,14 +774,14 @@ static int ssl3_get_client_hello(SSL *s) | |||
| 708 | * might be written that become totally unsecure when compiled with | 774 | * might be written that become totally unsecure when compiled with |
| 709 | * an earlier library version) | 775 | * an earlier library version) |
| 710 | */ | 776 | */ |
| 711 | if (j == 0 || (s->new_session && (s->options & SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION))) | 777 | if ((s->new_session && (s->options & SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION))) |
| 712 | { | 778 | { |
| 713 | if (!ssl_get_new_session(s,1)) | 779 | if (!ssl_get_new_session(s,1)) |
| 714 | goto err; | 780 | goto err; |
| 715 | } | 781 | } |
| 716 | else | 782 | else |
| 717 | { | 783 | { |
| 718 | i=ssl_get_prev_session(s,p,j); | 784 | i=ssl_get_prev_session(s, p, j, d + n); |
| 719 | if (i == 1) | 785 | if (i == 1) |
| 720 | { /* previous session */ | 786 | { /* previous session */ |
| 721 | s->hit=1; | 787 | s->hit=1; |
| @@ -730,6 +796,68 @@ static int ssl3_get_client_hello(SSL *s) | |||
| 730 | } | 796 | } |
| 731 | 797 | ||
| 732 | p+=j; | 798 | p+=j; |
| 799 | |||
| 800 | if (s->version == DTLS1_VERSION) | ||
| 801 | { | ||
| 802 | /* cookie stuff */ | ||
| 803 | cookie_len = *(p++); | ||
| 804 | |||
| 805 | if ( (SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE) && | ||
| 806 | s->d1->send_cookie == 0) | ||
| 807 | { | ||
| 808 | /* HelloVerifyMessage has already been sent */ | ||
| 809 | if ( cookie_len != s->d1->cookie_len) | ||
| 810 | { | ||
| 811 | al = SSL_AD_HANDSHAKE_FAILURE; | ||
| 812 | SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_COOKIE_MISMATCH); | ||
| 813 | goto f_err; | ||
| 814 | } | ||
| 815 | } | ||
| 816 | |||
| 817 | /* | ||
| 818 | * The ClientHello may contain a cookie even if the | ||
| 819 | * HelloVerify message has not been sent--make sure that it | ||
| 820 | * does not cause an overflow. | ||
| 821 | */ | ||
| 822 | if ( cookie_len > sizeof(s->d1->rcvd_cookie)) | ||
| 823 | { | ||
| 824 | /* too much data */ | ||
| 825 | al = SSL_AD_DECODE_ERROR; | ||
| 826 | SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_COOKIE_MISMATCH); | ||
| 827 | goto f_err; | ||
| 828 | } | ||
| 829 | |||
| 830 | /* verify the cookie if appropriate option is set. */ | ||
| 831 | if ( (SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE) && | ||
| 832 | cookie_len > 0) | ||
| 833 | { | ||
| 834 | memcpy(s->d1->rcvd_cookie, p, cookie_len); | ||
| 835 | |||
| 836 | if ( s->ctx->app_verify_cookie_cb != NULL) | ||
| 837 | { | ||
| 838 | if ( s->ctx->app_verify_cookie_cb(s, s->d1->rcvd_cookie, | ||
| 839 | cookie_len) == 0) | ||
| 840 | { | ||
| 841 | al=SSL_AD_HANDSHAKE_FAILURE; | ||
| 842 | SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, | ||
| 843 | SSL_R_COOKIE_MISMATCH); | ||
| 844 | goto f_err; | ||
| 845 | } | ||
| 846 | /* else cookie verification succeeded */ | ||
| 847 | } | ||
| 848 | else if ( memcmp(s->d1->rcvd_cookie, s->d1->cookie, | ||
| 849 | s->d1->cookie_len) != 0) /* default verification */ | ||
| 850 | { | ||
| 851 | al=SSL_AD_HANDSHAKE_FAILURE; | ||
| 852 | SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, | ||
| 853 | SSL_R_COOKIE_MISMATCH); | ||
| 854 | goto f_err; | ||
| 855 | } | ||
| 856 | } | ||
| 857 | |||
| 858 | p += cookie_len; | ||
| 859 | } | ||
| 860 | |||
| 733 | n2s(p,i); | 861 | n2s(p,i); |
| 734 | if ((i == 0) && (j != 0)) | 862 | if ((i == 0) && (j != 0)) |
| 735 | { | 863 | { |
| @@ -779,8 +907,7 @@ static int ssl3_get_client_hello(SSL *s) | |||
| 779 | if ((s->options & SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG) && (sk_SSL_CIPHER_num(ciphers) == 1)) | 907 | if ((s->options & SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG) && (sk_SSL_CIPHER_num(ciphers) == 1)) |
| 780 | { | 908 | { |
| 781 | /* Very bad for multi-threading.... */ | 909 | /* Very bad for multi-threading.... */ |
| 782 | s->session->cipher=sk_SSL_CIPHER_value(ciphers, | 910 | s->session->cipher=sk_SSL_CIPHER_value(ciphers, 0); |
| 783 | 0); | ||
| 784 | } | 911 | } |
| 785 | else | 912 | else |
| 786 | { | 913 | { |
| @@ -817,10 +944,27 @@ static int ssl3_get_client_hello(SSL *s) | |||
| 817 | goto f_err; | 944 | goto f_err; |
| 818 | } | 945 | } |
| 819 | 946 | ||
| 947 | #ifndef OPENSSL_NO_TLSEXT | ||
| 948 | /* TLS extensions*/ | ||
| 949 | if (s->version > SSL3_VERSION) | ||
| 950 | { | ||
| 951 | if (!ssl_parse_clienthello_tlsext(s,&p,d,n, &al)) | ||
| 952 | { | ||
| 953 | /* 'al' set by ssl_parse_clienthello_tlsext */ | ||
| 954 | SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_PARSE_TLSEXT); | ||
| 955 | goto f_err; | ||
| 956 | } | ||
| 957 | } | ||
| 958 | if (ssl_check_clienthello_tlsext(s) <= 0) { | ||
| 959 | SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_CLIENTHELLO_TLSEXT); | ||
| 960 | goto err; | ||
| 961 | } | ||
| 962 | #endif | ||
| 820 | /* Worst case, we will use the NULL compression, but if we have other | 963 | /* Worst case, we will use the NULL compression, but if we have other |
| 821 | * options, we will now look for them. We have i-1 compression | 964 | * options, we will now look for them. We have i-1 compression |
| 822 | * algorithms from the client, starting at q. */ | 965 | * algorithms from the client, starting at q. */ |
| 823 | s->s3->tmp.new_compression=NULL; | 966 | s->s3->tmp.new_compression=NULL; |
| 967 | #ifndef OPENSSL_NO_COMP | ||
| 824 | if (s->ctx->comp_methods != NULL) | 968 | if (s->ctx->comp_methods != NULL) |
| 825 | { /* See if we have a match */ | 969 | { /* See if we have a match */ |
| 826 | int m,nn,o,v,done=0; | 970 | int m,nn,o,v,done=0; |
| @@ -845,6 +989,7 @@ static int ssl3_get_client_hello(SSL *s) | |||
| 845 | else | 989 | else |
| 846 | comp=NULL; | 990 | comp=NULL; |
| 847 | } | 991 | } |
| 992 | #endif | ||
| 848 | 993 | ||
| 849 | /* TLS does not mind if there is extra stuff */ | 994 | /* TLS does not mind if there is extra stuff */ |
| 850 | #if 0 /* SSL 3.0 does not mind either, so we should disable this test | 995 | #if 0 /* SSL 3.0 does not mind either, so we should disable this test |
| @@ -868,7 +1013,11 @@ static int ssl3_get_client_hello(SSL *s) | |||
| 868 | 1013 | ||
| 869 | if (!s->hit) | 1014 | if (!s->hit) |
| 870 | { | 1015 | { |
| 1016 | #ifdef OPENSSL_NO_COMP | ||
| 1017 | s->session->compress_meth=0; | ||
| 1018 | #else | ||
| 871 | s->session->compress_meth=(comp == NULL)?0:comp->id; | 1019 | s->session->compress_meth=(comp == NULL)?0:comp->id; |
| 1020 | #endif | ||
| 872 | if (s->session->ciphers != NULL) | 1021 | if (s->session->ciphers != NULL) |
| 873 | sk_SSL_CIPHER_free(s->session->ciphers); | 1022 | sk_SSL_CIPHER_free(s->session->ciphers); |
| 874 | s->session->ciphers=ciphers; | 1023 | s->session->ciphers=ciphers; |
| @@ -943,7 +1092,7 @@ err: | |||
| 943 | return(ret); | 1092 | return(ret); |
| 944 | } | 1093 | } |
| 945 | 1094 | ||
| 946 | static int ssl3_send_server_hello(SSL *s) | 1095 | int ssl3_send_server_hello(SSL *s) |
| 947 | { | 1096 | { |
| 948 | unsigned char *buf; | 1097 | unsigned char *buf; |
| 949 | unsigned char *p,*d; | 1098 | unsigned char *p,*d; |
| @@ -956,7 +1105,7 @@ static int ssl3_send_server_hello(SSL *s) | |||
| 956 | p=s->s3->server_random; | 1105 | p=s->s3->server_random; |
| 957 | Time=(unsigned long)time(NULL); /* Time */ | 1106 | Time=(unsigned long)time(NULL); /* Time */ |
| 958 | l2n(Time,p); | 1107 | l2n(Time,p); |
| 959 | if(RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-4) <= 0) | 1108 | if (RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-4) <= 0) |
| 960 | return -1; | 1109 | return -1; |
| 961 | /* Do the message type and length last */ | 1110 | /* Do the message type and length last */ |
| 962 | d=p= &(buf[4]); | 1111 | d=p= &(buf[4]); |
| @@ -975,12 +1124,20 @@ static int ssl3_send_server_hello(SSL *s) | |||
| 975 | * session-id if we want it to be single use. | 1124 | * session-id if we want it to be single use. |
| 976 | * Currently I will not implement the '0' length session-id | 1125 | * Currently I will not implement the '0' length session-id |
| 977 | * 12-Jan-98 - I'll now support the '0' length stuff. | 1126 | * 12-Jan-98 - I'll now support the '0' length stuff. |
| 1127 | * | ||
| 1128 | * We also have an additional case where stateless session | ||
| 1129 | * resumption is successful: we always send back the old | ||
| 1130 | * session id. In this case s->hit is non zero: this can | ||
| 1131 | * only happen if stateless session resumption is succesful | ||
| 1132 | * if session caching is disabled so existing functionality | ||
| 1133 | * is unaffected. | ||
| 978 | */ | 1134 | */ |
| 979 | if (!(s->ctx->session_cache_mode & SSL_SESS_CACHE_SERVER)) | 1135 | if (!(s->ctx->session_cache_mode & SSL_SESS_CACHE_SERVER) |
| 1136 | && !s->hit) | ||
| 980 | s->session->session_id_length=0; | 1137 | s->session->session_id_length=0; |
| 981 | 1138 | ||
| 982 | sl=s->session->session_id_length; | 1139 | sl=s->session->session_id_length; |
| 983 | if (sl > sizeof s->session->session_id) | 1140 | if (sl > (int)sizeof(s->session->session_id)) |
| 984 | { | 1141 | { |
| 985 | SSLerr(SSL_F_SSL3_SEND_SERVER_HELLO, ERR_R_INTERNAL_ERROR); | 1142 | SSLerr(SSL_F_SSL3_SEND_SERVER_HELLO, ERR_R_INTERNAL_ERROR); |
| 986 | return -1; | 1143 | return -1; |
| @@ -994,11 +1151,21 @@ static int ssl3_send_server_hello(SSL *s) | |||
| 994 | p+=i; | 1151 | p+=i; |
| 995 | 1152 | ||
| 996 | /* put the compression method */ | 1153 | /* put the compression method */ |
| 1154 | #ifdef OPENSSL_NO_COMP | ||
| 1155 | *(p++)=0; | ||
| 1156 | #else | ||
| 997 | if (s->s3->tmp.new_compression == NULL) | 1157 | if (s->s3->tmp.new_compression == NULL) |
| 998 | *(p++)=0; | 1158 | *(p++)=0; |
| 999 | else | 1159 | else |
| 1000 | *(p++)=s->s3->tmp.new_compression->id; | 1160 | *(p++)=s->s3->tmp.new_compression->id; |
| 1001 | 1161 | #endif | |
| 1162 | #ifndef OPENSSL_NO_TLSEXT | ||
| 1163 | if ((p = ssl_add_serverhello_tlsext(s, p, buf+SSL3_RT_MAX_PLAIN_LENGTH)) == NULL) | ||
| 1164 | { | ||
| 1165 | SSLerr(SSL_F_SSL3_SEND_SERVER_HELLO,ERR_R_INTERNAL_ERROR); | ||
| 1166 | return -1; | ||
| 1167 | } | ||
| 1168 | #endif | ||
| 1002 | /* do the header */ | 1169 | /* do the header */ |
| 1003 | l=(p-d); | 1170 | l=(p-d); |
| 1004 | d=buf; | 1171 | d=buf; |
| @@ -1015,7 +1182,7 @@ static int ssl3_send_server_hello(SSL *s) | |||
| 1015 | return(ssl3_do_write(s,SSL3_RT_HANDSHAKE)); | 1182 | return(ssl3_do_write(s,SSL3_RT_HANDSHAKE)); |
| 1016 | } | 1183 | } |
| 1017 | 1184 | ||
| 1018 | static int ssl3_send_server_done(SSL *s) | 1185 | int ssl3_send_server_done(SSL *s) |
| 1019 | { | 1186 | { |
| 1020 | unsigned char *p; | 1187 | unsigned char *p; |
| 1021 | 1188 | ||
| @@ -1039,7 +1206,7 @@ static int ssl3_send_server_done(SSL *s) | |||
| 1039 | return(ssl3_do_write(s,SSL3_RT_HANDSHAKE)); | 1206 | return(ssl3_do_write(s,SSL3_RT_HANDSHAKE)); |
| 1040 | } | 1207 | } |
| 1041 | 1208 | ||
| 1042 | static int ssl3_send_server_key_exchange(SSL *s) | 1209 | int ssl3_send_server_key_exchange(SSL *s) |
| 1043 | { | 1210 | { |
| 1044 | #ifndef OPENSSL_NO_RSA | 1211 | #ifndef OPENSSL_NO_RSA |
| 1045 | unsigned char *q; | 1212 | unsigned char *q; |
| @@ -1051,6 +1218,13 @@ static int ssl3_send_server_key_exchange(SSL *s) | |||
| 1051 | #ifndef OPENSSL_NO_DH | 1218 | #ifndef OPENSSL_NO_DH |
| 1052 | DH *dh=NULL,*dhp; | 1219 | DH *dh=NULL,*dhp; |
| 1053 | #endif | 1220 | #endif |
| 1221 | #ifndef OPENSSL_NO_ECDH | ||
| 1222 | EC_KEY *ecdh=NULL, *ecdhp; | ||
| 1223 | unsigned char *encodedPoint = NULL; | ||
| 1224 | int encodedlen = 0; | ||
| 1225 | int curve_id = 0; | ||
| 1226 | BN_CTX *bn_ctx = NULL; | ||
| 1227 | #endif | ||
| 1054 | EVP_PKEY *pkey; | 1228 | EVP_PKEY *pkey; |
| 1055 | unsigned char *p,*d; | 1229 | unsigned char *p,*d; |
| 1056 | int al,i; | 1230 | int al,i; |
| @@ -1159,6 +1333,134 @@ static int ssl3_send_server_key_exchange(SSL *s) | |||
| 1159 | } | 1333 | } |
| 1160 | else | 1334 | else |
| 1161 | #endif | 1335 | #endif |
| 1336 | #ifndef OPENSSL_NO_ECDH | ||
| 1337 | if (type & SSL_kECDHE) | ||
| 1338 | { | ||
| 1339 | const EC_GROUP *group; | ||
| 1340 | |||
| 1341 | ecdhp=cert->ecdh_tmp; | ||
| 1342 | if ((ecdhp == NULL) && (s->cert->ecdh_tmp_cb != NULL)) | ||
| 1343 | { | ||
| 1344 | ecdhp=s->cert->ecdh_tmp_cb(s, | ||
| 1345 | SSL_C_IS_EXPORT(s->s3->tmp.new_cipher), | ||
| 1346 | SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)); | ||
| 1347 | } | ||
| 1348 | if (ecdhp == NULL) | ||
| 1349 | { | ||
| 1350 | al=SSL_AD_HANDSHAKE_FAILURE; | ||
| 1351 | SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,SSL_R_MISSING_TMP_ECDH_KEY); | ||
| 1352 | goto f_err; | ||
| 1353 | } | ||
| 1354 | |||
| 1355 | if (s->s3->tmp.ecdh != NULL) | ||
| 1356 | { | ||
| 1357 | EC_KEY_free(s->s3->tmp.ecdh); | ||
| 1358 | SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); | ||
| 1359 | goto err; | ||
| 1360 | } | ||
| 1361 | |||
| 1362 | /* Duplicate the ECDH structure. */ | ||
| 1363 | if (ecdhp == NULL) | ||
| 1364 | { | ||
| 1365 | SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB); | ||
| 1366 | goto err; | ||
| 1367 | } | ||
| 1368 | if (!EC_KEY_up_ref(ecdhp)) | ||
| 1369 | { | ||
| 1370 | SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB); | ||
| 1371 | goto err; | ||
| 1372 | } | ||
| 1373 | ecdh = ecdhp; | ||
| 1374 | |||
| 1375 | s->s3->tmp.ecdh=ecdh; | ||
| 1376 | if ((EC_KEY_get0_public_key(ecdh) == NULL) || | ||
| 1377 | (EC_KEY_get0_private_key(ecdh) == NULL) || | ||
| 1378 | (s->options & SSL_OP_SINGLE_ECDH_USE)) | ||
| 1379 | { | ||
| 1380 | if(!EC_KEY_generate_key(ecdh)) | ||
| 1381 | { | ||
| 1382 | SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB); | ||
| 1383 | goto err; | ||
| 1384 | } | ||
| 1385 | } | ||
| 1386 | |||
| 1387 | if (((group = EC_KEY_get0_group(ecdh)) == NULL) || | ||
| 1388 | (EC_KEY_get0_public_key(ecdh) == NULL) || | ||
| 1389 | (EC_KEY_get0_private_key(ecdh) == NULL)) | ||
| 1390 | { | ||
| 1391 | SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB); | ||
| 1392 | goto err; | ||
| 1393 | } | ||
| 1394 | |||
| 1395 | if (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) && | ||
| 1396 | (EC_GROUP_get_degree(group) > 163)) | ||
| 1397 | { | ||
| 1398 | SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER); | ||
| 1399 | goto err; | ||
| 1400 | } | ||
| 1401 | |||
| 1402 | /* XXX: For now, we only support ephemeral ECDH | ||
| 1403 | * keys over named (not generic) curves. For | ||
| 1404 | * supported named curves, curve_id is non-zero. | ||
| 1405 | */ | ||
| 1406 | if ((curve_id = | ||
| 1407 | nid2curve_id(EC_GROUP_get_curve_name(group))) | ||
| 1408 | == 0) | ||
| 1409 | { | ||
| 1410 | SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,SSL_R_UNSUPPORTED_ELLIPTIC_CURVE); | ||
| 1411 | goto err; | ||
| 1412 | } | ||
| 1413 | |||
| 1414 | /* Encode the public key. | ||
| 1415 | * First check the size of encoding and | ||
| 1416 | * allocate memory accordingly. | ||
| 1417 | */ | ||
| 1418 | encodedlen = EC_POINT_point2oct(group, | ||
| 1419 | EC_KEY_get0_public_key(ecdh), | ||
| 1420 | POINT_CONVERSION_UNCOMPRESSED, | ||
| 1421 | NULL, 0, NULL); | ||
| 1422 | |||
| 1423 | encodedPoint = (unsigned char *) | ||
| 1424 | OPENSSL_malloc(encodedlen*sizeof(unsigned char)); | ||
| 1425 | bn_ctx = BN_CTX_new(); | ||
| 1426 | if ((encodedPoint == NULL) || (bn_ctx == NULL)) | ||
| 1427 | { | ||
| 1428 | SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE); | ||
| 1429 | goto err; | ||
| 1430 | } | ||
| 1431 | |||
| 1432 | |||
| 1433 | encodedlen = EC_POINT_point2oct(group, | ||
| 1434 | EC_KEY_get0_public_key(ecdh), | ||
| 1435 | POINT_CONVERSION_UNCOMPRESSED, | ||
| 1436 | encodedPoint, encodedlen, bn_ctx); | ||
| 1437 | |||
| 1438 | if (encodedlen == 0) | ||
| 1439 | { | ||
| 1440 | SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB); | ||
| 1441 | goto err; | ||
| 1442 | } | ||
| 1443 | |||
| 1444 | BN_CTX_free(bn_ctx); bn_ctx=NULL; | ||
| 1445 | |||
| 1446 | /* XXX: For now, we only support named (not | ||
| 1447 | * generic) curves in ECDH ephemeral key exchanges. | ||
| 1448 | * In this situation, we need four additional bytes | ||
| 1449 | * to encode the entire ServerECDHParams | ||
| 1450 | * structure. | ||
| 1451 | */ | ||
| 1452 | n = 4 + encodedlen; | ||
| 1453 | |||
| 1454 | /* We'll generate the serverKeyExchange message | ||
| 1455 | * explicitly so we can set these to NULLs | ||
| 1456 | */ | ||
| 1457 | r[0]=NULL; | ||
| 1458 | r[1]=NULL; | ||
| 1459 | r[2]=NULL; | ||
| 1460 | r[3]=NULL; | ||
| 1461 | } | ||
| 1462 | else | ||
| 1463 | #endif /* !OPENSSL_NO_ECDH */ | ||
| 1162 | { | 1464 | { |
| 1163 | al=SSL_AD_HANDSHAKE_FAILURE; | 1465 | al=SSL_AD_HANDSHAKE_FAILURE; |
| 1164 | SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE); | 1466 | SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE); |
| @@ -1201,6 +1503,31 @@ static int ssl3_send_server_key_exchange(SSL *s) | |||
| 1201 | p+=nr[i]; | 1503 | p+=nr[i]; |
| 1202 | } | 1504 | } |
| 1203 | 1505 | ||
| 1506 | #ifndef OPENSSL_NO_ECDH | ||
| 1507 | if (type & SSL_kECDHE) | ||
| 1508 | { | ||
| 1509 | /* XXX: For now, we only support named (not generic) curves. | ||
| 1510 | * In this situation, the serverKeyExchange message has: | ||
| 1511 | * [1 byte CurveType], [2 byte CurveName] | ||
| 1512 | * [1 byte length of encoded point], followed by | ||
| 1513 | * the actual encoded point itself | ||
| 1514 | */ | ||
| 1515 | *p = NAMED_CURVE_TYPE; | ||
| 1516 | p += 1; | ||
| 1517 | *p = 0; | ||
| 1518 | p += 1; | ||
| 1519 | *p = curve_id; | ||
| 1520 | p += 1; | ||
| 1521 | *p = encodedlen; | ||
| 1522 | p += 1; | ||
| 1523 | memcpy((unsigned char*)p, | ||
| 1524 | (unsigned char *)encodedPoint, | ||
| 1525 | encodedlen); | ||
| 1526 | OPENSSL_free(encodedPoint); | ||
| 1527 | p += encodedlen; | ||
| 1528 | } | ||
| 1529 | #endif | ||
| 1530 | |||
| 1204 | /* not anonymous */ | 1531 | /* not anonymous */ |
| 1205 | if (pkey != NULL) | 1532 | if (pkey != NULL) |
| 1206 | { | 1533 | { |
| @@ -1213,8 +1540,6 @@ static int ssl3_send_server_key_exchange(SSL *s) | |||
| 1213 | j=0; | 1540 | j=0; |
| 1214 | for (num=2; num > 0; num--) | 1541 | for (num=2; num > 0; num--) |
| 1215 | { | 1542 | { |
| 1216 | EVP_MD_CTX_set_flags(&md_ctx, | ||
| 1217 | EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); | ||
| 1218 | EVP_DigestInit_ex(&md_ctx,(num == 2) | 1543 | EVP_DigestInit_ex(&md_ctx,(num == 2) |
| 1219 | ?s->ctx->md5:s->ctx->sha1, NULL); | 1544 | ?s->ctx->md5:s->ctx->sha1, NULL); |
| 1220 | EVP_DigestUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE); | 1545 | EVP_DigestUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE); |
| @@ -1255,6 +1580,25 @@ static int ssl3_send_server_key_exchange(SSL *s) | |||
| 1255 | } | 1580 | } |
| 1256 | else | 1581 | else |
| 1257 | #endif | 1582 | #endif |
| 1583 | #if !defined(OPENSSL_NO_ECDSA) | ||
| 1584 | if (pkey->type == EVP_PKEY_EC) | ||
| 1585 | { | ||
| 1586 | /* let's do ECDSA */ | ||
| 1587 | EVP_SignInit_ex(&md_ctx,EVP_ecdsa(), NULL); | ||
| 1588 | EVP_SignUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE); | ||
| 1589 | EVP_SignUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE); | ||
| 1590 | EVP_SignUpdate(&md_ctx,&(d[4]),n); | ||
| 1591 | if (!EVP_SignFinal(&md_ctx,&(p[2]), | ||
| 1592 | (unsigned int *)&i,pkey)) | ||
| 1593 | { | ||
| 1594 | SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_LIB_ECDSA); | ||
| 1595 | goto err; | ||
| 1596 | } | ||
| 1597 | s2n(i,p); | ||
| 1598 | n+=i+2; | ||
| 1599 | } | ||
| 1600 | else | ||
| 1601 | #endif | ||
| 1258 | { | 1602 | { |
| 1259 | /* Is this error check actually needed? */ | 1603 | /* Is this error check actually needed? */ |
| 1260 | al=SSL_AD_HANDSHAKE_FAILURE; | 1604 | al=SSL_AD_HANDSHAKE_FAILURE; |
| @@ -1278,11 +1622,15 @@ static int ssl3_send_server_key_exchange(SSL *s) | |||
| 1278 | f_err: | 1622 | f_err: |
| 1279 | ssl3_send_alert(s,SSL3_AL_FATAL,al); | 1623 | ssl3_send_alert(s,SSL3_AL_FATAL,al); |
| 1280 | err: | 1624 | err: |
| 1625 | #ifndef OPENSSL_NO_ECDH | ||
| 1626 | if (encodedPoint != NULL) OPENSSL_free(encodedPoint); | ||
| 1627 | BN_CTX_free(bn_ctx); | ||
| 1628 | #endif | ||
| 1281 | EVP_MD_CTX_cleanup(&md_ctx); | 1629 | EVP_MD_CTX_cleanup(&md_ctx); |
| 1282 | return(-1); | 1630 | return(-1); |
| 1283 | } | 1631 | } |
| 1284 | 1632 | ||
| 1285 | static int ssl3_send_certificate_request(SSL *s) | 1633 | int ssl3_send_certificate_request(SSL *s) |
| 1286 | { | 1634 | { |
| 1287 | unsigned char *p,*d; | 1635 | unsigned char *p,*d; |
| 1288 | int i,j,nl,off,n; | 1636 | int i,j,nl,off,n; |
| @@ -1371,7 +1719,7 @@ err: | |||
| 1371 | return(-1); | 1719 | return(-1); |
| 1372 | } | 1720 | } |
| 1373 | 1721 | ||
| 1374 | static int ssl3_get_client_key_exchange(SSL *s) | 1722 | int ssl3_get_client_key_exchange(SSL *s) |
| 1375 | { | 1723 | { |
| 1376 | int i,al,ok; | 1724 | int i,al,ok; |
| 1377 | long n; | 1725 | long n; |
| @@ -1389,7 +1737,14 @@ static int ssl3_get_client_key_exchange(SSL *s) | |||
| 1389 | KSSL_ERR kssl_err; | 1737 | KSSL_ERR kssl_err; |
| 1390 | #endif /* OPENSSL_NO_KRB5 */ | 1738 | #endif /* OPENSSL_NO_KRB5 */ |
| 1391 | 1739 | ||
| 1392 | n=ssl3_get_message(s, | 1740 | #ifndef OPENSSL_NO_ECDH |
| 1741 | EC_KEY *srvr_ecdh = NULL; | ||
| 1742 | EVP_PKEY *clnt_pub_pkey = NULL; | ||
| 1743 | EC_POINT *clnt_ecpoint = NULL; | ||
| 1744 | BN_CTX *bn_ctx = NULL; | ||
| 1745 | #endif | ||
| 1746 | |||
| 1747 | n=s->method->ssl_get_message(s, | ||
| 1393 | SSL3_ST_SR_KEY_EXCH_A, | 1748 | SSL3_ST_SR_KEY_EXCH_A, |
| 1394 | SSL3_ST_SR_KEY_EXCH_B, | 1749 | SSL3_ST_SR_KEY_EXCH_B, |
| 1395 | SSL3_MT_CLIENT_KEY_EXCHANGE, | 1750 | SSL3_MT_CLIENT_KEY_EXCHANGE, |
| @@ -1433,8 +1788,9 @@ static int ssl3_get_client_key_exchange(SSL *s) | |||
| 1433 | rsa=pkey->pkey.rsa; | 1788 | rsa=pkey->pkey.rsa; |
| 1434 | } | 1789 | } |
| 1435 | 1790 | ||
| 1436 | /* TLS */ | 1791 | /* TLS and [incidentally] DTLS, including pre-0.9.8f */ |
| 1437 | if (s->version > SSL3_VERSION) | 1792 | if (s->version > SSL3_VERSION && |
| 1793 | s->client_version != DTLS1_BAD_VER) | ||
| 1438 | { | 1794 | { |
| 1439 | n2s(p,i); | 1795 | n2s(p,i); |
| 1440 | if (n != i+2) | 1796 | if (n != i+2) |
| @@ -1495,7 +1851,7 @@ static int ssl3_get_client_key_exchange(SSL *s) | |||
| 1495 | i = SSL_MAX_MASTER_KEY_LENGTH; | 1851 | i = SSL_MAX_MASTER_KEY_LENGTH; |
| 1496 | p[0] = s->client_version >> 8; | 1852 | p[0] = s->client_version >> 8; |
| 1497 | p[1] = s->client_version & 0xff; | 1853 | p[1] = s->client_version & 0xff; |
| 1498 | if(RAND_pseudo_bytes(p+2, i-2) <= 0) /* should be RAND_bytes, but we cannot work around a failure */ | 1854 | if (RAND_pseudo_bytes(p+2, i-2) <= 0) /* should be RAND_bytes, but we cannot work around a failure */ |
| 1499 | goto err; | 1855 | goto err; |
| 1500 | } | 1856 | } |
| 1501 | 1857 | ||
| @@ -1594,7 +1950,7 @@ static int ssl3_get_client_key_exchange(SSL *s) | |||
| 1594 | n2s(p,i); | 1950 | n2s(p,i); |
| 1595 | enc_ticket.length = i; | 1951 | enc_ticket.length = i; |
| 1596 | 1952 | ||
| 1597 | if (n < (long)enc_ticket.length + 6) | 1953 | if (n < (int)enc_ticket.length + 6) |
| 1598 | { | 1954 | { |
| 1599 | SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, | 1955 | SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, |
| 1600 | SSL_R_DATA_LENGTH_TOO_LONG); | 1956 | SSL_R_DATA_LENGTH_TOO_LONG); |
| @@ -1607,7 +1963,7 @@ static int ssl3_get_client_key_exchange(SSL *s) | |||
| 1607 | n2s(p,i); | 1963 | n2s(p,i); |
| 1608 | authenticator.length = i; | 1964 | authenticator.length = i; |
| 1609 | 1965 | ||
| 1610 | if (n < (long)(enc_ticket.length + authenticator.length + 6)) | 1966 | if (n < (int)(enc_ticket.length + authenticator.length) + 6) |
| 1611 | { | 1967 | { |
| 1612 | SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, | 1968 | SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, |
| 1613 | SSL_R_DATA_LENGTH_TOO_LONG); | 1969 | SSL_R_DATA_LENGTH_TOO_LONG); |
| @@ -1649,7 +2005,7 @@ static int ssl3_get_client_key_exchange(SSL *s) | |||
| 1649 | if (kssl_err.text) | 2005 | if (kssl_err.text) |
| 1650 | printf("kssl_err text= %s\n", kssl_err.text); | 2006 | printf("kssl_err text= %s\n", kssl_err.text); |
| 1651 | #endif /* KSSL_DEBUG */ | 2007 | #endif /* KSSL_DEBUG */ |
| 1652 | SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, | 2008 | SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, |
| 1653 | kssl_err.reason); | 2009 | kssl_err.reason); |
| 1654 | goto err; | 2010 | goto err; |
| 1655 | } | 2011 | } |
| @@ -1666,14 +2022,14 @@ static int ssl3_get_client_key_exchange(SSL *s) | |||
| 1666 | if (kssl_err.text) | 2022 | if (kssl_err.text) |
| 1667 | printf("kssl_err text= %s\n", kssl_err.text); | 2023 | printf("kssl_err text= %s\n", kssl_err.text); |
| 1668 | #endif /* KSSL_DEBUG */ | 2024 | #endif /* KSSL_DEBUG */ |
| 1669 | SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, | 2025 | SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, |
| 1670 | kssl_err.reason); | 2026 | kssl_err.reason); |
| 1671 | goto err; | 2027 | goto err; |
| 1672 | } | 2028 | } |
| 1673 | 2029 | ||
| 1674 | if ((krb5rc = kssl_validate_times(authtime, &ttimes)) != 0) | 2030 | if ((krb5rc = kssl_validate_times(authtime, &ttimes)) != 0) |
| 1675 | { | 2031 | { |
| 1676 | SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, krb5rc); | 2032 | SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, krb5rc); |
| 1677 | goto err; | 2033 | goto err; |
| 1678 | } | 2034 | } |
| 1679 | 2035 | ||
| @@ -1719,6 +2075,24 @@ static int ssl3_get_client_key_exchange(SSL *s) | |||
| 1719 | SSL_R_DATA_LENGTH_TOO_LONG); | 2075 | SSL_R_DATA_LENGTH_TOO_LONG); |
| 1720 | goto err; | 2076 | goto err; |
| 1721 | } | 2077 | } |
| 2078 | if (!((pms[0] == (s->client_version>>8)) && (pms[1] == (s->client_version & 0xff)))) | ||
| 2079 | { | ||
| 2080 | /* The premaster secret must contain the same version number as the | ||
| 2081 | * ClientHello to detect version rollback attacks (strangely, the | ||
| 2082 | * protocol does not offer such protection for DH ciphersuites). | ||
| 2083 | * However, buggy clients exist that send random bytes instead of | ||
| 2084 | * the protocol version. | ||
| 2085 | * If SSL_OP_TLS_ROLLBACK_BUG is set, tolerate such clients. | ||
| 2086 | * (Perhaps we should have a separate BUG value for the Kerberos cipher) | ||
| 2087 | */ | ||
| 2088 | if (!(s->options & SSL_OP_TLS_ROLLBACK_BUG)) | ||
| 2089 | { | ||
| 2090 | SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, | ||
| 2091 | SSL_AD_DECODE_ERROR); | ||
| 2092 | goto err; | ||
| 2093 | } | ||
| 2094 | } | ||
| 2095 | |||
| 1722 | EVP_CIPHER_CTX_cleanup(&ciph_ctx); | 2096 | EVP_CIPHER_CTX_cleanup(&ciph_ctx); |
| 1723 | 2097 | ||
| 1724 | s->session->master_key_length= | 2098 | s->session->master_key_length= |
| @@ -1727,7 +2101,7 @@ static int ssl3_get_client_key_exchange(SSL *s) | |||
| 1727 | 2101 | ||
| 1728 | if (kssl_ctx->client_princ) | 2102 | if (kssl_ctx->client_princ) |
| 1729 | { | 2103 | { |
| 1730 | int len = strlen(kssl_ctx->client_princ); | 2104 | size_t len = strlen(kssl_ctx->client_princ); |
| 1731 | if ( len < SSL_MAX_KRB5_PRINCIPAL_LENGTH ) | 2105 | if ( len < SSL_MAX_KRB5_PRINCIPAL_LENGTH ) |
| 1732 | { | 2106 | { |
| 1733 | s->session->krb5_client_princ_len = len; | 2107 | s->session->krb5_client_princ_len = len; |
| @@ -1744,6 +2118,156 @@ static int ssl3_get_client_key_exchange(SSL *s) | |||
| 1744 | } | 2118 | } |
| 1745 | else | 2119 | else |
| 1746 | #endif /* OPENSSL_NO_KRB5 */ | 2120 | #endif /* OPENSSL_NO_KRB5 */ |
| 2121 | |||
| 2122 | #ifndef OPENSSL_NO_ECDH | ||
| 2123 | if ((l & SSL_kECDH) || (l & SSL_kECDHE)) | ||
| 2124 | { | ||
| 2125 | int ret = 1; | ||
| 2126 | int field_size = 0; | ||
| 2127 | const EC_KEY *tkey; | ||
| 2128 | const EC_GROUP *group; | ||
| 2129 | const BIGNUM *priv_key; | ||
| 2130 | |||
| 2131 | /* initialize structures for server's ECDH key pair */ | ||
| 2132 | if ((srvr_ecdh = EC_KEY_new()) == NULL) | ||
| 2133 | { | ||
| 2134 | SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, | ||
| 2135 | ERR_R_MALLOC_FAILURE); | ||
| 2136 | goto err; | ||
| 2137 | } | ||
| 2138 | |||
| 2139 | /* Let's get server private key and group information */ | ||
| 2140 | if (l & SSL_kECDH) | ||
| 2141 | { | ||
| 2142 | /* use the certificate */ | ||
| 2143 | tkey = s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec; | ||
| 2144 | } | ||
| 2145 | else | ||
| 2146 | { | ||
| 2147 | /* use the ephermeral values we saved when | ||
| 2148 | * generating the ServerKeyExchange msg. | ||
| 2149 | */ | ||
| 2150 | tkey = s->s3->tmp.ecdh; | ||
| 2151 | } | ||
| 2152 | |||
| 2153 | group = EC_KEY_get0_group(tkey); | ||
| 2154 | priv_key = EC_KEY_get0_private_key(tkey); | ||
| 2155 | |||
| 2156 | if (!EC_KEY_set_group(srvr_ecdh, group) || | ||
| 2157 | !EC_KEY_set_private_key(srvr_ecdh, priv_key)) | ||
| 2158 | { | ||
| 2159 | SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, | ||
| 2160 | ERR_R_EC_LIB); | ||
| 2161 | goto err; | ||
| 2162 | } | ||
| 2163 | |||
| 2164 | /* Let's get client's public key */ | ||
| 2165 | if ((clnt_ecpoint = EC_POINT_new(group)) == NULL) | ||
| 2166 | { | ||
| 2167 | SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, | ||
| 2168 | ERR_R_MALLOC_FAILURE); | ||
| 2169 | goto err; | ||
| 2170 | } | ||
| 2171 | |||
| 2172 | if (n == 0L) | ||
| 2173 | { | ||
| 2174 | /* Client Publickey was in Client Certificate */ | ||
| 2175 | |||
| 2176 | if (l & SSL_kECDHE) | ||
| 2177 | { | ||
| 2178 | al=SSL_AD_HANDSHAKE_FAILURE; | ||
| 2179 | SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_MISSING_TMP_ECDH_KEY); | ||
| 2180 | goto f_err; | ||
| 2181 | } | ||
| 2182 | if (((clnt_pub_pkey=X509_get_pubkey(s->session->peer)) | ||
| 2183 | == NULL) || | ||
| 2184 | (clnt_pub_pkey->type != EVP_PKEY_EC)) | ||
| 2185 | { | ||
| 2186 | /* XXX: For now, we do not support client | ||
| 2187 | * authentication using ECDH certificates | ||
| 2188 | * so this branch (n == 0L) of the code is | ||
| 2189 | * never executed. When that support is | ||
| 2190 | * added, we ought to ensure the key | ||
| 2191 | * received in the certificate is | ||
| 2192 | * authorized for key agreement. | ||
| 2193 | * ECDH_compute_key implicitly checks that | ||
| 2194 | * the two ECDH shares are for the same | ||
| 2195 | * group. | ||
| 2196 | */ | ||
| 2197 | al=SSL_AD_HANDSHAKE_FAILURE; | ||
| 2198 | SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, | ||
| 2199 | SSL_R_UNABLE_TO_DECODE_ECDH_CERTS); | ||
| 2200 | goto f_err; | ||
| 2201 | } | ||
| 2202 | |||
| 2203 | if (EC_POINT_copy(clnt_ecpoint, | ||
| 2204 | EC_KEY_get0_public_key(clnt_pub_pkey->pkey.ec)) == 0) | ||
| 2205 | { | ||
| 2206 | SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, | ||
| 2207 | ERR_R_EC_LIB); | ||
| 2208 | goto err; | ||
| 2209 | } | ||
| 2210 | ret = 2; /* Skip certificate verify processing */ | ||
| 2211 | } | ||
| 2212 | else | ||
| 2213 | { | ||
| 2214 | /* Get client's public key from encoded point | ||
| 2215 | * in the ClientKeyExchange message. | ||
| 2216 | */ | ||
| 2217 | if ((bn_ctx = BN_CTX_new()) == NULL) | ||
| 2218 | { | ||
| 2219 | SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, | ||
| 2220 | ERR_R_MALLOC_FAILURE); | ||
| 2221 | goto err; | ||
| 2222 | } | ||
| 2223 | |||
| 2224 | /* Get encoded point length */ | ||
| 2225 | i = *p; | ||
| 2226 | p += 1; | ||
| 2227 | if (EC_POINT_oct2point(group, | ||
| 2228 | clnt_ecpoint, p, i, bn_ctx) == 0) | ||
| 2229 | { | ||
| 2230 | SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, | ||
| 2231 | ERR_R_EC_LIB); | ||
| 2232 | goto err; | ||
| 2233 | } | ||
| 2234 | /* p is pointing to somewhere in the buffer | ||
| 2235 | * currently, so set it to the start | ||
| 2236 | */ | ||
| 2237 | p=(unsigned char *)s->init_buf->data; | ||
| 2238 | } | ||
| 2239 | |||
| 2240 | /* Compute the shared pre-master secret */ | ||
| 2241 | field_size = EC_GROUP_get_degree(group); | ||
| 2242 | if (field_size <= 0) | ||
| 2243 | { | ||
| 2244 | SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, | ||
| 2245 | ERR_R_ECDH_LIB); | ||
| 2246 | goto err; | ||
| 2247 | } | ||
| 2248 | i = ECDH_compute_key(p, (field_size+7)/8, clnt_ecpoint, srvr_ecdh, NULL); | ||
| 2249 | if (i <= 0) | ||
| 2250 | { | ||
| 2251 | SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, | ||
| 2252 | ERR_R_ECDH_LIB); | ||
| 2253 | goto err; | ||
| 2254 | } | ||
| 2255 | |||
| 2256 | EVP_PKEY_free(clnt_pub_pkey); | ||
| 2257 | EC_POINT_free(clnt_ecpoint); | ||
| 2258 | if (srvr_ecdh != NULL) | ||
| 2259 | EC_KEY_free(srvr_ecdh); | ||
| 2260 | BN_CTX_free(bn_ctx); | ||
| 2261 | |||
| 2262 | /* Compute the master secret */ | ||
| 2263 | s->session->master_key_length = s->method->ssl3_enc-> \ | ||
| 2264 | generate_master_secret(s, s->session->master_key, p, i); | ||
| 2265 | |||
| 2266 | OPENSSL_cleanse(p, i); | ||
| 2267 | return (ret); | ||
| 2268 | } | ||
| 2269 | else | ||
| 2270 | #endif | ||
| 1747 | { | 2271 | { |
| 1748 | al=SSL_AD_HANDSHAKE_FAILURE; | 2272 | al=SSL_AD_HANDSHAKE_FAILURE; |
| 1749 | SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, | 2273 | SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, |
| @@ -1754,13 +2278,20 @@ static int ssl3_get_client_key_exchange(SSL *s) | |||
| 1754 | return(1); | 2278 | return(1); |
| 1755 | f_err: | 2279 | f_err: |
| 1756 | ssl3_send_alert(s,SSL3_AL_FATAL,al); | 2280 | ssl3_send_alert(s,SSL3_AL_FATAL,al); |
| 1757 | #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_RSA) | 2281 | #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_RSA) || !defined(OPENSSL_NO_ECDH) |
| 1758 | err: | 2282 | err: |
| 1759 | #endif | 2283 | #endif |
| 2284 | #ifndef OPENSSL_NO_ECDH | ||
| 2285 | EVP_PKEY_free(clnt_pub_pkey); | ||
| 2286 | EC_POINT_free(clnt_ecpoint); | ||
| 2287 | if (srvr_ecdh != NULL) | ||
| 2288 | EC_KEY_free(srvr_ecdh); | ||
| 2289 | BN_CTX_free(bn_ctx); | ||
| 2290 | #endif | ||
| 1760 | return(-1); | 2291 | return(-1); |
| 1761 | } | 2292 | } |
| 1762 | 2293 | ||
| 1763 | static int ssl3_get_cert_verify(SSL *s) | 2294 | int ssl3_get_cert_verify(SSL *s) |
| 1764 | { | 2295 | { |
| 1765 | EVP_PKEY *pkey=NULL; | 2296 | EVP_PKEY *pkey=NULL; |
| 1766 | unsigned char *p; | 2297 | unsigned char *p; |
| @@ -1769,7 +2300,7 @@ static int ssl3_get_cert_verify(SSL *s) | |||
| 1769 | int type=0,i,j; | 2300 | int type=0,i,j; |
| 1770 | X509 *peer; | 2301 | X509 *peer; |
| 1771 | 2302 | ||
| 1772 | n=ssl3_get_message(s, | 2303 | n=s->method->ssl_get_message(s, |
| 1773 | SSL3_ST_SR_CERT_VRFY_A, | 2304 | SSL3_ST_SR_CERT_VRFY_A, |
| 1774 | SSL3_ST_SR_CERT_VRFY_B, | 2305 | SSL3_ST_SR_CERT_VRFY_B, |
| 1775 | -1, | 2306 | -1, |
| @@ -1880,6 +2411,23 @@ static int ssl3_get_cert_verify(SSL *s) | |||
| 1880 | } | 2411 | } |
| 1881 | else | 2412 | else |
| 1882 | #endif | 2413 | #endif |
| 2414 | #ifndef OPENSSL_NO_ECDSA | ||
| 2415 | if (pkey->type == EVP_PKEY_EC) | ||
| 2416 | { | ||
| 2417 | j=ECDSA_verify(pkey->save_type, | ||
| 2418 | &(s->s3->tmp.cert_verify_md[MD5_DIGEST_LENGTH]), | ||
| 2419 | SHA_DIGEST_LENGTH,p,i,pkey->pkey.ec); | ||
| 2420 | if (j <= 0) | ||
| 2421 | { | ||
| 2422 | /* bad signature */ | ||
| 2423 | al=SSL_AD_DECRYPT_ERROR; | ||
| 2424 | SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, | ||
| 2425 | SSL_R_BAD_ECDSA_SIGNATURE); | ||
| 2426 | goto f_err; | ||
| 2427 | } | ||
| 2428 | } | ||
| 2429 | else | ||
| 2430 | #endif | ||
| 1883 | { | 2431 | { |
| 1884 | SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,ERR_R_INTERNAL_ERROR); | 2432 | SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,ERR_R_INTERNAL_ERROR); |
| 1885 | al=SSL_AD_UNSUPPORTED_CERTIFICATE; | 2433 | al=SSL_AD_UNSUPPORTED_CERTIFICATE; |
| @@ -1898,15 +2446,16 @@ end: | |||
| 1898 | return(ret); | 2446 | return(ret); |
| 1899 | } | 2447 | } |
| 1900 | 2448 | ||
| 1901 | static int ssl3_get_client_certificate(SSL *s) | 2449 | int ssl3_get_client_certificate(SSL *s) |
| 1902 | { | 2450 | { |
| 1903 | int i,ok,al,ret= -1; | 2451 | int i,ok,al,ret= -1; |
| 1904 | X509 *x=NULL; | 2452 | X509 *x=NULL; |
| 1905 | unsigned long l,nc,llen,n; | 2453 | unsigned long l,nc,llen,n; |
| 1906 | unsigned char *p,*d,*q; | 2454 | const unsigned char *p,*q; |
| 2455 | unsigned char *d; | ||
| 1907 | STACK_OF(X509) *sk=NULL; | 2456 | STACK_OF(X509) *sk=NULL; |
| 1908 | 2457 | ||
| 1909 | n=ssl3_get_message(s, | 2458 | n=s->method->ssl_get_message(s, |
| 1910 | SSL3_ST_SR_CERT_A, | 2459 | SSL3_ST_SR_CERT_A, |
| 1911 | SSL3_ST_SR_CERT_B, | 2460 | SSL3_ST_SR_CERT_B, |
| 1912 | -1, | 2461 | -1, |
| @@ -1941,7 +2490,7 @@ static int ssl3_get_client_certificate(SSL *s) | |||
| 1941 | SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_WRONG_MESSAGE_TYPE); | 2490 | SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_WRONG_MESSAGE_TYPE); |
| 1942 | goto f_err; | 2491 | goto f_err; |
| 1943 | } | 2492 | } |
| 1944 | d=p=(unsigned char *)s->init_msg; | 2493 | p=d=(unsigned char *)s->init_msg; |
| 1945 | 2494 | ||
| 1946 | if ((sk=sk_X509_new_null()) == NULL) | 2495 | if ((sk=sk_X509_new_null()) == NULL) |
| 1947 | { | 2496 | { |
| @@ -2080,3 +2629,209 @@ int ssl3_send_server_certificate(SSL *s) | |||
| 2080 | /* SSL3_ST_SW_CERT_B */ | 2629 | /* SSL3_ST_SW_CERT_B */ |
| 2081 | return(ssl3_do_write(s,SSL3_RT_HANDSHAKE)); | 2630 | return(ssl3_do_write(s,SSL3_RT_HANDSHAKE)); |
| 2082 | } | 2631 | } |
| 2632 | |||
| 2633 | |||
| 2634 | #ifndef OPENSSL_NO_ECDH | ||
| 2635 | /* This is the complement of curve_id2nid in s3_clnt.c. */ | ||
| 2636 | static int nid2curve_id(int nid) | ||
| 2637 | { | ||
| 2638 | /* ECC curves from draft-ietf-tls-ecc-01.txt (Mar 15, 2001) | ||
| 2639 | * (no changes in draft-ietf-tls-ecc-03.txt [June 2003]) */ | ||
| 2640 | switch (nid) { | ||
| 2641 | case NID_sect163k1: /* sect163k1 (1) */ | ||
| 2642 | return 1; | ||
| 2643 | case NID_sect163r1: /* sect163r1 (2) */ | ||
| 2644 | return 2; | ||
| 2645 | case NID_sect163r2: /* sect163r2 (3) */ | ||
| 2646 | return 3; | ||
| 2647 | case NID_sect193r1: /* sect193r1 (4) */ | ||
| 2648 | return 4; | ||
| 2649 | case NID_sect193r2: /* sect193r2 (5) */ | ||
| 2650 | return 5; | ||
| 2651 | case NID_sect233k1: /* sect233k1 (6) */ | ||
| 2652 | return 6; | ||
| 2653 | case NID_sect233r1: /* sect233r1 (7) */ | ||
| 2654 | return 7; | ||
| 2655 | case NID_sect239k1: /* sect239k1 (8) */ | ||
| 2656 | return 8; | ||
| 2657 | case NID_sect283k1: /* sect283k1 (9) */ | ||
| 2658 | return 9; | ||
| 2659 | case NID_sect283r1: /* sect283r1 (10) */ | ||
| 2660 | return 10; | ||
| 2661 | case NID_sect409k1: /* sect409k1 (11) */ | ||
| 2662 | return 11; | ||
| 2663 | case NID_sect409r1: /* sect409r1 (12) */ | ||
| 2664 | return 12; | ||
| 2665 | case NID_sect571k1: /* sect571k1 (13) */ | ||
| 2666 | return 13; | ||
| 2667 | case NID_sect571r1: /* sect571r1 (14) */ | ||
| 2668 | return 14; | ||
| 2669 | case NID_secp160k1: /* secp160k1 (15) */ | ||
| 2670 | return 15; | ||
| 2671 | case NID_secp160r1: /* secp160r1 (16) */ | ||
| 2672 | return 16; | ||
| 2673 | case NID_secp160r2: /* secp160r2 (17) */ | ||
| 2674 | return 17; | ||
| 2675 | case NID_secp192k1: /* secp192k1 (18) */ | ||
| 2676 | return 18; | ||
| 2677 | case NID_X9_62_prime192v1: /* secp192r1 (19) */ | ||
| 2678 | return 19; | ||
| 2679 | case NID_secp224k1: /* secp224k1 (20) */ | ||
| 2680 | return 20; | ||
| 2681 | case NID_secp224r1: /* secp224r1 (21) */ | ||
| 2682 | return 21; | ||
| 2683 | case NID_secp256k1: /* secp256k1 (22) */ | ||
| 2684 | return 22; | ||
| 2685 | case NID_X9_62_prime256v1: /* secp256r1 (23) */ | ||
| 2686 | return 23; | ||
| 2687 | case NID_secp384r1: /* secp384r1 (24) */ | ||
| 2688 | return 24; | ||
| 2689 | case NID_secp521r1: /* secp521r1 (25) */ | ||
| 2690 | return 25; | ||
| 2691 | default: | ||
| 2692 | return 0; | ||
| 2693 | } | ||
| 2694 | } | ||
| 2695 | #endif | ||
| 2696 | #ifndef OPENSSL_NO_TLSEXT | ||
| 2697 | int ssl3_send_newsession_ticket(SSL *s) | ||
| 2698 | { | ||
| 2699 | if (s->state == SSL3_ST_SW_SESSION_TICKET_A) | ||
| 2700 | { | ||
| 2701 | unsigned char *p, *senc, *macstart; | ||
| 2702 | int len, slen; | ||
| 2703 | unsigned int hlen; | ||
| 2704 | EVP_CIPHER_CTX ctx; | ||
| 2705 | HMAC_CTX hctx; | ||
| 2706 | unsigned char iv[EVP_MAX_IV_LENGTH]; | ||
| 2707 | unsigned char key_name[16]; | ||
| 2708 | |||
| 2709 | /* get session encoding length */ | ||
| 2710 | slen = i2d_SSL_SESSION(s->session, NULL); | ||
| 2711 | /* Some length values are 16 bits, so forget it if session is | ||
| 2712 | * too long | ||
| 2713 | */ | ||
| 2714 | if (slen > 0xFF00) | ||
| 2715 | return -1; | ||
| 2716 | /* Grow buffer if need be: the length calculation is as | ||
| 2717 | * follows 1 (size of message name) + 3 (message length | ||
| 2718 | * bytes) + 4 (ticket lifetime hint) + 2 (ticket length) + | ||
| 2719 | * 16 (key name) + max_iv_len (iv length) + | ||
| 2720 | * session_length + max_enc_block_size (max encrypted session | ||
| 2721 | * length) + max_md_size (HMAC). | ||
| 2722 | */ | ||
| 2723 | if (!BUF_MEM_grow(s->init_buf, | ||
| 2724 | 26 + EVP_MAX_IV_LENGTH + EVP_MAX_BLOCK_LENGTH + | ||
| 2725 | EVP_MAX_MD_SIZE + slen)) | ||
| 2726 | return -1; | ||
| 2727 | senc = OPENSSL_malloc(slen); | ||
| 2728 | if (!senc) | ||
| 2729 | return -1; | ||
| 2730 | p = senc; | ||
| 2731 | i2d_SSL_SESSION(s->session, &p); | ||
| 2732 | |||
| 2733 | p=(unsigned char *)s->init_buf->data; | ||
| 2734 | /* do the header */ | ||
| 2735 | *(p++)=SSL3_MT_NEWSESSION_TICKET; | ||
| 2736 | /* Skip message length for now */ | ||
| 2737 | p += 3; | ||
| 2738 | EVP_CIPHER_CTX_init(&ctx); | ||
| 2739 | HMAC_CTX_init(&hctx); | ||
| 2740 | /* Initialize HMAC and cipher contexts. If callback present | ||
| 2741 | * it does all the work otherwise use generated values | ||
| 2742 | * from parent ctx. | ||
| 2743 | */ | ||
| 2744 | if (s->ctx->tlsext_ticket_key_cb) | ||
| 2745 | { | ||
| 2746 | if (s->ctx->tlsext_ticket_key_cb(s, key_name, iv, &ctx, | ||
| 2747 | &hctx, 1) < 0) | ||
| 2748 | { | ||
| 2749 | OPENSSL_free(senc); | ||
| 2750 | return -1; | ||
| 2751 | } | ||
| 2752 | } | ||
| 2753 | else | ||
| 2754 | { | ||
| 2755 | RAND_pseudo_bytes(iv, 16); | ||
| 2756 | EVP_EncryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, | ||
| 2757 | s->ctx->tlsext_tick_aes_key, iv); | ||
| 2758 | HMAC_Init_ex(&hctx, s->ctx->tlsext_tick_hmac_key, 16, | ||
| 2759 | tlsext_tick_md(), NULL); | ||
| 2760 | memcpy(key_name, s->ctx->tlsext_tick_key_name, 16); | ||
| 2761 | } | ||
| 2762 | l2n(s->session->tlsext_tick_lifetime_hint, p); | ||
| 2763 | /* Skip ticket length for now */ | ||
| 2764 | p += 2; | ||
| 2765 | /* Output key name */ | ||
| 2766 | macstart = p; | ||
| 2767 | memcpy(p, key_name, 16); | ||
| 2768 | p += 16; | ||
| 2769 | /* output IV */ | ||
| 2770 | memcpy(p, iv, EVP_CIPHER_CTX_iv_length(&ctx)); | ||
| 2771 | p += EVP_CIPHER_CTX_iv_length(&ctx); | ||
| 2772 | /* Encrypt session data */ | ||
| 2773 | EVP_EncryptUpdate(&ctx, p, &len, senc, slen); | ||
| 2774 | p += len; | ||
| 2775 | EVP_EncryptFinal(&ctx, p, &len); | ||
| 2776 | p += len; | ||
| 2777 | EVP_CIPHER_CTX_cleanup(&ctx); | ||
| 2778 | |||
| 2779 | HMAC_Update(&hctx, macstart, p - macstart); | ||
| 2780 | HMAC_Final(&hctx, p, &hlen); | ||
| 2781 | HMAC_CTX_cleanup(&hctx); | ||
| 2782 | |||
| 2783 | p += hlen; | ||
| 2784 | /* Now write out lengths: p points to end of data written */ | ||
| 2785 | /* Total length */ | ||
| 2786 | len = p - (unsigned char *)s->init_buf->data; | ||
| 2787 | p=(unsigned char *)s->init_buf->data + 1; | ||
| 2788 | l2n3(len - 4, p); /* Message length */ | ||
| 2789 | p += 4; | ||
| 2790 | s2n(len - 10, p); /* Ticket length */ | ||
| 2791 | |||
| 2792 | /* number of bytes to write */ | ||
| 2793 | s->init_num= len; | ||
| 2794 | s->state=SSL3_ST_SW_SESSION_TICKET_B; | ||
| 2795 | s->init_off=0; | ||
| 2796 | OPENSSL_free(senc); | ||
| 2797 | } | ||
| 2798 | |||
| 2799 | /* SSL3_ST_SW_SESSION_TICKET_B */ | ||
| 2800 | return(ssl3_do_write(s,SSL3_RT_HANDSHAKE)); | ||
| 2801 | } | ||
| 2802 | |||
| 2803 | int ssl3_send_cert_status(SSL *s) | ||
| 2804 | { | ||
| 2805 | if (s->state == SSL3_ST_SW_CERT_STATUS_A) | ||
| 2806 | { | ||
| 2807 | unsigned char *p; | ||
| 2808 | /* Grow buffer if need be: the length calculation is as | ||
| 2809 | * follows 1 (message type) + 3 (message length) + | ||
| 2810 | * 1 (ocsp response type) + 3 (ocsp response length) | ||
| 2811 | * + (ocsp response) | ||
| 2812 | */ | ||
| 2813 | if (!BUF_MEM_grow(s->init_buf, 8 + s->tlsext_ocsp_resplen)) | ||
| 2814 | return -1; | ||
| 2815 | |||
| 2816 | p=(unsigned char *)s->init_buf->data; | ||
| 2817 | |||
| 2818 | /* do the header */ | ||
| 2819 | *(p++)=SSL3_MT_CERTIFICATE_STATUS; | ||
| 2820 | /* message length */ | ||
| 2821 | l2n3(s->tlsext_ocsp_resplen + 4, p); | ||
| 2822 | /* status type */ | ||
| 2823 | *(p++)= s->tlsext_status_type; | ||
| 2824 | /* length of OCSP response */ | ||
| 2825 | l2n3(s->tlsext_ocsp_resplen, p); | ||
| 2826 | /* actual response */ | ||
| 2827 | memcpy(p, s->tlsext_ocsp_resp, s->tlsext_ocsp_resplen); | ||
| 2828 | /* number of bytes to write */ | ||
| 2829 | s->init_num = 8 + s->tlsext_ocsp_resplen; | ||
| 2830 | s->state=SSL3_ST_SW_CERT_STATUS_B; | ||
| 2831 | s->init_off = 0; | ||
| 2832 | } | ||
| 2833 | |||
| 2834 | /* SSL3_ST_SW_CERT_STATUS_B */ | ||
| 2835 | return(ssl3_do_write(s,SSL3_RT_HANDSHAKE)); | ||
| 2836 | } | ||
| 2837 | #endif | ||
diff --git a/src/lib/libssl/src/ssl/ssl-lib.com b/src/lib/libssl/src/ssl/ssl-lib.com index f0665c6b86..fcd7ff774c 100644 --- a/src/lib/libssl/src/ssl/ssl-lib.com +++ b/src/lib/libssl/src/ssl/ssl-lib.com | |||
| @@ -174,6 +174,8 @@ $ LIB_SSL = "s2_meth,s2_srvr,s2_clnt,s2_lib,s2_enc,s2_pkt,"+ - | |||
| 174 | "s3_meth,s3_srvr,s3_clnt,s3_lib,s3_enc,s3_pkt,s3_both,"+ - | 174 | "s3_meth,s3_srvr,s3_clnt,s3_lib,s3_enc,s3_pkt,s3_both,"+ - |
| 175 | "s23_meth,s23_srvr,s23_clnt,s23_lib,s23_pkt,"+ - | 175 | "s23_meth,s23_srvr,s23_clnt,s23_lib,s23_pkt,"+ - |
| 176 | "t1_meth,t1_srvr,t1_clnt,t1_lib,t1_enc,"+ - | 176 | "t1_meth,t1_srvr,t1_clnt,t1_lib,t1_enc,"+ - |
| 177 | "d1_meth,d1_srvr,d1_clnt,d1_lib,d1_pkt,"+ - | ||
| 178 | "d1_both,d1_enc,"+ - | ||
| 177 | "ssl_lib,ssl_err2,ssl_cert,ssl_sess,"+ - | 179 | "ssl_lib,ssl_err2,ssl_cert,ssl_sess,"+ - |
| 178 | "ssl_ciph,ssl_stat,ssl_rsa,"+ - | 180 | "ssl_ciph,ssl_stat,ssl_rsa,"+ - |
| 179 | "ssl_asn1,ssl_txt,ssl_algs,"+ - | 181 | "ssl_asn1,ssl_txt,ssl_algs,"+ - |
diff --git a/src/lib/libssl/src/ssl/ssl.h b/src/lib/libssl/src/ssl/ssl.h index 99e188086b..6df921f3c1 100644 --- a/src/lib/libssl/src/ssl/ssl.h +++ b/src/lib/libssl/src/ssl/ssl.h | |||
| @@ -109,7 +109,7 @@ | |||
| 109 | * | 109 | * |
| 110 | */ | 110 | */ |
| 111 | /* ==================================================================== | 111 | /* ==================================================================== |
| 112 | * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. | 112 | * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. |
| 113 | * | 113 | * |
| 114 | * Redistribution and use in source and binary forms, with or without | 114 | * Redistribution and use in source and binary forms, with or without |
| 115 | * modification, are permitted provided that the following conditions | 115 | * modification, are permitted provided that the following conditions |
| @@ -161,6 +161,11 @@ | |||
| 161 | * Hudson (tjh@cryptsoft.com). | 161 | * Hudson (tjh@cryptsoft.com). |
| 162 | * | 162 | * |
| 163 | */ | 163 | */ |
| 164 | /* ==================================================================== | ||
| 165 | * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. | ||
| 166 | * ECC cipher suite support in OpenSSL originally developed by | ||
| 167 | * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. | ||
| 168 | */ | ||
| 164 | 169 | ||
| 165 | #ifndef HEADER_SSL_H | 170 | #ifndef HEADER_SSL_H |
| 166 | #define HEADER_SSL_H | 171 | #define HEADER_SSL_H |
| @@ -173,9 +178,17 @@ | |||
| 173 | #ifndef OPENSSL_NO_BIO | 178 | #ifndef OPENSSL_NO_BIO |
| 174 | #include <openssl/bio.h> | 179 | #include <openssl/bio.h> |
| 175 | #endif | 180 | #endif |
| 181 | #ifndef OPENSSL_NO_DEPRECATED | ||
| 176 | #ifndef OPENSSL_NO_X509 | 182 | #ifndef OPENSSL_NO_X509 |
| 177 | #include <openssl/x509.h> | 183 | #include <openssl/x509.h> |
| 178 | #endif | 184 | #endif |
| 185 | #include <openssl/crypto.h> | ||
| 186 | #include <openssl/lhash.h> | ||
| 187 | #include <openssl/buffer.h> | ||
| 188 | #endif | ||
| 189 | #include <openssl/pem.h> | ||
| 190 | #include <openssl/hmac.h> | ||
| 191 | |||
| 179 | #include <openssl/kssl.h> | 192 | #include <openssl/kssl.h> |
| 180 | #include <openssl/safestack.h> | 193 | #include <openssl/safestack.h> |
| 181 | #include <openssl/symhacks.h> | 194 | #include <openssl/symhacks.h> |
| @@ -239,7 +252,6 @@ extern "C" { | |||
| 239 | #define SSL_TXT_LOW "LOW" | 252 | #define SSL_TXT_LOW "LOW" |
| 240 | #define SSL_TXT_MEDIUM "MEDIUM" | 253 | #define SSL_TXT_MEDIUM "MEDIUM" |
| 241 | #define SSL_TXT_HIGH "HIGH" | 254 | #define SSL_TXT_HIGH "HIGH" |
| 242 | #define SSL_TXT_FIPS "FIPS" | ||
| 243 | #define SSL_TXT_kFZA "kFZA" | 255 | #define SSL_TXT_kFZA "kFZA" |
| 244 | #define SSL_TXT_aFZA "aFZA" | 256 | #define SSL_TXT_aFZA "aFZA" |
| 245 | #define SSL_TXT_eFZA "eFZA" | 257 | #define SSL_TXT_eFZA "eFZA" |
| @@ -270,7 +282,9 @@ extern "C" { | |||
| 270 | #define SSL_TXT_RC4 "RC4" | 282 | #define SSL_TXT_RC4 "RC4" |
| 271 | #define SSL_TXT_RC2 "RC2" | 283 | #define SSL_TXT_RC2 "RC2" |
| 272 | #define SSL_TXT_IDEA "IDEA" | 284 | #define SSL_TXT_IDEA "IDEA" |
| 285 | #define SSL_TXT_SEED "SEED" | ||
| 273 | #define SSL_TXT_AES "AES" | 286 | #define SSL_TXT_AES "AES" |
| 287 | #define SSL_TXT_CAMELLIA "CAMELLIA" | ||
| 274 | #define SSL_TXT_MD5 "MD5" | 288 | #define SSL_TXT_MD5 "MD5" |
| 275 | #define SSL_TXT_SHA1 "SHA1" | 289 | #define SSL_TXT_SHA1 "SHA1" |
| 276 | #define SSL_TXT_SHA "SHA" | 290 | #define SSL_TXT_SHA "SHA" |
| @@ -282,6 +296,7 @@ extern "C" { | |||
| 282 | #define SSL_TXT_SSLV3 "SSLv3" | 296 | #define SSL_TXT_SSLV3 "SSLv3" |
| 283 | #define SSL_TXT_TLSV1 "TLSv1" | 297 | #define SSL_TXT_TLSV1 "TLSv1" |
| 284 | #define SSL_TXT_ALL "ALL" | 298 | #define SSL_TXT_ALL "ALL" |
| 299 | #define SSL_TXT_ECC "ECCdraft" /* ECC ciphersuites are not yet official */ | ||
| 285 | 300 | ||
| 286 | /* | 301 | /* |
| 287 | * COMPLEMENTOF* definitions. These identifiers are used to (de-select) | 302 | * COMPLEMENTOF* definitions. These identifiers are used to (de-select) |
| @@ -303,7 +318,7 @@ extern "C" { | |||
| 303 | /* The following cipher list is used by default. | 318 | /* The following cipher list is used by default. |
| 304 | * It also is substituted when an application-defined cipher list string | 319 | * It also is substituted when an application-defined cipher list string |
| 305 | * starts with 'DEFAULT'. */ | 320 | * starts with 'DEFAULT'. */ |
| 306 | #define SSL_DEFAULT_CIPHER_LIST "ALL:!ADH:+RC4:@STRENGTH" /* low priority for RC4 */ | 321 | #define SSL_DEFAULT_CIPHER_LIST "AES:ALL:!aNULL:!eNULL:+RC4:@STRENGTH" /* low priority for RC4 */ |
| 307 | 322 | ||
| 308 | /* Used in SSL_set_shutdown()/SSL_get_shutdown(); */ | 323 | /* Used in SSL_set_shutdown()/SSL_get_shutdown(); */ |
| 309 | #define SSL_SENT_SHUTDOWN 1 | 324 | #define SSL_SENT_SHUTDOWN 1 |
| @@ -313,11 +328,6 @@ extern "C" { | |||
| 313 | } | 328 | } |
| 314 | #endif | 329 | #endif |
| 315 | 330 | ||
| 316 | #include <openssl/crypto.h> | ||
| 317 | #include <openssl/lhash.h> | ||
| 318 | #include <openssl/buffer.h> | ||
| 319 | #include <openssl/pem.h> | ||
| 320 | |||
| 321 | #ifdef __cplusplus | 331 | #ifdef __cplusplus |
| 322 | extern "C" { | 332 | extern "C" { |
| 323 | #endif | 333 | #endif |
| @@ -369,6 +379,12 @@ typedef struct ssl_method_st | |||
| 369 | int (*ssl_shutdown)(SSL *s); | 379 | int (*ssl_shutdown)(SSL *s); |
| 370 | int (*ssl_renegotiate)(SSL *s); | 380 | int (*ssl_renegotiate)(SSL *s); |
| 371 | int (*ssl_renegotiate_check)(SSL *s); | 381 | int (*ssl_renegotiate_check)(SSL *s); |
| 382 | long (*ssl_get_message)(SSL *s, int st1, int stn, int mt, long | ||
| 383 | max, int *ok); | ||
| 384 | int (*ssl_read_bytes)(SSL *s, int type, unsigned char *buf, int len, | ||
| 385 | int peek); | ||
| 386 | int (*ssl_write_bytes)(SSL *s, int type, const void *buf_, int len); | ||
| 387 | int (*ssl_dispatch_alert)(SSL *s); | ||
| 372 | long (*ssl_ctrl)(SSL *s,int cmd,long larg,void *parg); | 388 | long (*ssl_ctrl)(SSL *s,int cmd,long larg,void *parg); |
| 373 | long (*ssl_ctx_ctrl)(SSL_CTX *ctx,int cmd,long larg,void *parg); | 389 | long (*ssl_ctx_ctrl)(SSL_CTX *ctx,int cmd,long larg,void *parg); |
| 374 | SSL_CIPHER *(*get_cipher_by_char)(const unsigned char *ptr); | 390 | SSL_CIPHER *(*get_cipher_by_char)(const unsigned char *ptr); |
| @@ -379,9 +395,9 @@ typedef struct ssl_method_st | |||
| 379 | struct ssl_method_st *(*get_ssl_method)(int version); | 395 | struct ssl_method_st *(*get_ssl_method)(int version); |
| 380 | long (*get_timeout)(void); | 396 | long (*get_timeout)(void); |
| 381 | struct ssl3_enc_method *ssl3_enc; /* Extra SSLv3/TLS stuff */ | 397 | struct ssl3_enc_method *ssl3_enc; /* Extra SSLv3/TLS stuff */ |
| 382 | int (*ssl_version)(); | 398 | int (*ssl_version)(void); |
| 383 | long (*ssl_callback_ctrl)(SSL *s, int cb_id, void (*fp)()); | 399 | long (*ssl_callback_ctrl)(SSL *s, int cb_id, void (*fp)(void)); |
| 384 | long (*ssl_ctx_callback_ctrl)(SSL_CTX *s, int cb_id, void (*fp)()); | 400 | long (*ssl_ctx_callback_ctrl)(SSL_CTX *s, int cb_id, void (*fp)(void)); |
| 385 | } SSL_METHOD; | 401 | } SSL_METHOD; |
| 386 | 402 | ||
| 387 | /* Lets make this into an ASN.1 type structure as follows | 403 | /* Lets make this into an ASN.1 type structure as follows |
| @@ -459,6 +475,13 @@ typedef struct ssl_session_st | |||
| 459 | /* These are used to make removal of session-ids more | 475 | /* These are used to make removal of session-ids more |
| 460 | * efficient and to implement a maximum cache size. */ | 476 | * efficient and to implement a maximum cache size. */ |
| 461 | struct ssl_session_st *prev,*next; | 477 | struct ssl_session_st *prev,*next; |
| 478 | #ifndef OPENSSL_NO_TLSEXT | ||
| 479 | char *tlsext_hostname; | ||
| 480 | /* RFC4507 info */ | ||
| 481 | unsigned char *tlsext_tick; /* Session ticket */ | ||
| 482 | size_t tlsext_ticklen; /* Session ticket length */ | ||
| 483 | long tlsext_tick_lifetime_hint; /* Session lifetime hint in seconds */ | ||
| 484 | #endif | ||
| 462 | } SSL_SESSION; | 485 | } SSL_SESSION; |
| 463 | 486 | ||
| 464 | 487 | ||
| @@ -483,8 +506,17 @@ typedef struct ssl_session_st | |||
| 483 | * This used to be 0x000FFFFFL before 0.9.7. */ | 506 | * This used to be 0x000FFFFFL before 0.9.7. */ |
| 484 | #define SSL_OP_ALL 0x00000FFFL | 507 | #define SSL_OP_ALL 0x00000FFFL |
| 485 | 508 | ||
| 509 | /* DTLS options */ | ||
| 510 | #define SSL_OP_NO_QUERY_MTU 0x00001000L | ||
| 511 | /* Turn on Cookie Exchange (on relevant for servers) */ | ||
| 512 | #define SSL_OP_COOKIE_EXCHANGE 0x00002000L | ||
| 513 | /* Don't use RFC4507 ticket extension */ | ||
| 514 | #define SSL_OP_NO_TICKET 0x00004000L | ||
| 515 | |||
| 486 | /* As server, disallow session resumption on renegotiation */ | 516 | /* As server, disallow session resumption on renegotiation */ |
| 487 | #define SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION 0x00010000L | 517 | #define SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION 0x00010000L |
| 518 | /* If set, always create a new key when using tmp_ecdh parameters */ | ||
| 519 | #define SSL_OP_SINGLE_ECDH_USE 0x00080000L | ||
| 488 | /* If set, always create a new key when using tmp_dh parameters */ | 520 | /* If set, always create a new key when using tmp_dh parameters */ |
| 489 | #define SSL_OP_SINGLE_DH_USE 0x00100000L | 521 | #define SSL_OP_SINGLE_DH_USE 0x00100000L |
| 490 | /* Set to always use the tmp_rsa key when doing RSA operations, | 522 | /* Set to always use the tmp_rsa key when doing RSA operations, |
| @@ -546,6 +578,8 @@ typedef struct ssl_session_st | |||
| 546 | SSL_ctrl((ssl),SSL_CTRL_MODE,(op),NULL) | 578 | SSL_ctrl((ssl),SSL_CTRL_MODE,(op),NULL) |
| 547 | #define SSL_get_mode(ssl) \ | 579 | #define SSL_get_mode(ssl) \ |
| 548 | SSL_ctrl((ssl),SSL_CTRL_MODE,0,NULL) | 580 | SSL_ctrl((ssl),SSL_CTRL_MODE,0,NULL) |
| 581 | #define SSL_set_mtu(ssl, mtu) \ | ||
| 582 | SSL_ctrl((ssl),SSL_CTRL_SET_MTU,(mtu),NULL) | ||
| 549 | 583 | ||
| 550 | 584 | ||
| 551 | void SSL_CTX_set_msg_callback(SSL_CTX *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)); | 585 | void SSL_CTX_set_msg_callback(SSL_CTX *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)); |
| @@ -582,7 +616,7 @@ typedef int (*GEN_SESSION_CB)(const SSL *ssl, unsigned char *id, | |||
| 582 | typedef struct ssl_comp_st | 616 | typedef struct ssl_comp_st |
| 583 | { | 617 | { |
| 584 | int id; | 618 | int id; |
| 585 | char *name; | 619 | const char *name; |
| 586 | #ifndef OPENSSL_NO_COMP | 620 | #ifndef OPENSSL_NO_COMP |
| 587 | COMP_METHOD *method; | 621 | COMP_METHOD *method; |
| 588 | #else | 622 | #else |
| @@ -670,6 +704,14 @@ struct ssl_ctx_st | |||
| 670 | /* get client cert callback */ | 704 | /* get client cert callback */ |
| 671 | int (*client_cert_cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey); | 705 | int (*client_cert_cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey); |
| 672 | 706 | ||
| 707 | /* cookie generate callback */ | ||
| 708 | int (*app_gen_cookie_cb)(SSL *ssl, unsigned char *cookie, | ||
| 709 | unsigned int *cookie_len); | ||
| 710 | |||
| 711 | /* verify cookie callback */ | ||
| 712 | int (*app_verify_cookie_cb)(SSL *ssl, unsigned char *cookie, | ||
| 713 | unsigned int cookie_len); | ||
| 714 | |||
| 673 | CRYPTO_EX_DATA ex_data; | 715 | CRYPTO_EX_DATA ex_data; |
| 674 | 716 | ||
| 675 | const EVP_MD *rsa_md5;/* For SSLv2 - name is 'ssl2-md5' */ | 717 | const EVP_MD *rsa_md5;/* For SSLv2 - name is 'ssl2-md5' */ |
| @@ -702,7 +744,6 @@ struct ssl_ctx_st | |||
| 702 | void *msg_callback_arg; | 744 | void *msg_callback_arg; |
| 703 | 745 | ||
| 704 | int verify_mode; | 746 | int verify_mode; |
| 705 | int verify_depth; | ||
| 706 | unsigned int sid_ctx_length; | 747 | unsigned int sid_ctx_length; |
| 707 | unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH]; | 748 | unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH]; |
| 708 | int (*default_verify_callback)(int ok,X509_STORE_CTX *ctx); /* called 'verify_callback' in the SSL */ | 749 | int (*default_verify_callback)(int ok,X509_STORE_CTX *ctx); /* called 'verify_callback' in the SSL */ |
| @@ -710,10 +751,35 @@ struct ssl_ctx_st | |||
| 710 | /* Default generate session ID callback. */ | 751 | /* Default generate session ID callback. */ |
| 711 | GEN_SESSION_CB generate_session_id; | 752 | GEN_SESSION_CB generate_session_id; |
| 712 | 753 | ||
| 754 | X509_VERIFY_PARAM *param; | ||
| 755 | |||
| 756 | #if 0 | ||
| 713 | int purpose; /* Purpose setting */ | 757 | int purpose; /* Purpose setting */ |
| 714 | int trust; /* Trust setting */ | 758 | int trust; /* Trust setting */ |
| 759 | #endif | ||
| 715 | 760 | ||
| 716 | int quiet_shutdown; | 761 | int quiet_shutdown; |
| 762 | |||
| 763 | #ifndef OPENSSL_NO_TLSEXT | ||
| 764 | /* TLS extensions servername callback */ | ||
| 765 | int (*tlsext_servername_callback)(SSL*, int *, void *); | ||
| 766 | void *tlsext_servername_arg; | ||
| 767 | /* RFC 4507 session ticket keys */ | ||
| 768 | unsigned char tlsext_tick_key_name[16]; | ||
| 769 | unsigned char tlsext_tick_hmac_key[16]; | ||
| 770 | unsigned char tlsext_tick_aes_key[16]; | ||
| 771 | /* Callback to support customisation of ticket key setting */ | ||
| 772 | int (*tlsext_ticket_key_cb)(SSL *ssl, | ||
| 773 | unsigned char *name, unsigned char *iv, | ||
| 774 | EVP_CIPHER_CTX *ectx, | ||
| 775 | HMAC_CTX *hctx, int enc); | ||
| 776 | |||
| 777 | /* certificate status request info */ | ||
| 778 | /* Callback for status request */ | ||
| 779 | int (*tlsext_status_cb)(SSL *ssl, void *arg); | ||
| 780 | void *tlsext_status_arg; | ||
| 781 | #endif | ||
| 782 | |||
| 717 | }; | 783 | }; |
| 718 | 784 | ||
| 719 | #define SSL_SESS_CACHE_OFF 0x0000 | 785 | #define SSL_SESS_CACHE_OFF 0x0000 |
| @@ -753,16 +819,18 @@ struct ssl_ctx_st | |||
| 753 | #define SSL_CTX_sess_cache_full(ctx) \ | 819 | #define SSL_CTX_sess_cache_full(ctx) \ |
| 754 | SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CACHE_FULL,0,NULL) | 820 | SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CACHE_FULL,0,NULL) |
| 755 | 821 | ||
| 756 | #define SSL_CTX_sess_set_new_cb(ctx,cb) ((ctx)->new_session_cb=(cb)) | 822 | void SSL_CTX_sess_set_new_cb(SSL_CTX *ctx, int (*new_session_cb)(struct ssl_st *ssl,SSL_SESSION *sess)); |
| 757 | #define SSL_CTX_sess_get_new_cb(ctx) ((ctx)->new_session_cb) | 823 | int (*SSL_CTX_sess_get_new_cb(SSL_CTX *ctx))(struct ssl_st *ssl, SSL_SESSION *sess); |
| 758 | #define SSL_CTX_sess_set_remove_cb(ctx,cb) ((ctx)->remove_session_cb=(cb)) | 824 | void SSL_CTX_sess_set_remove_cb(SSL_CTX *ctx, void (*remove_session_cb)(struct ssl_ctx_st *ctx,SSL_SESSION *sess)); |
| 759 | #define SSL_CTX_sess_get_remove_cb(ctx) ((ctx)->remove_session_cb) | 825 | void (*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx))(struct ssl_ctx_st *ctx, SSL_SESSION *sess); |
| 760 | #define SSL_CTX_sess_set_get_cb(ctx,cb) ((ctx)->get_session_cb=(cb)) | 826 | void SSL_CTX_sess_set_get_cb(SSL_CTX *ctx, SSL_SESSION *(*get_session_cb)(struct ssl_st *ssl, unsigned char *data,int len,int *copy)); |
| 761 | #define SSL_CTX_sess_get_get_cb(ctx) ((ctx)->get_session_cb) | 827 | SSL_SESSION *(*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx))(struct ssl_st *ssl, unsigned char *Data, int len, int *copy); |
| 762 | #define SSL_CTX_set_info_callback(ctx,cb) ((ctx)->info_callback=(cb)) | 828 | void SSL_CTX_set_info_callback(SSL_CTX *ctx, void (*cb)(const SSL *ssl,int type,int val)); |
| 763 | #define SSL_CTX_get_info_callback(ctx) ((ctx)->info_callback) | 829 | void (*SSL_CTX_get_info_callback(SSL_CTX *ctx))(const SSL *ssl,int type,int val); |
| 764 | #define SSL_CTX_set_client_cert_cb(ctx,cb) ((ctx)->client_cert_cb=(cb)) | 830 | void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx, int (*client_cert_cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey)); |
| 765 | #define SSL_CTX_get_client_cert_cb(ctx) ((ctx)->client_cert_cb) | 831 | int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx))(SSL *ssl, X509 **x509, EVP_PKEY **pkey); |
| 832 | void SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx, int (*app_gen_cookie_cb)(SSL *ssl, unsigned char *cookie, unsigned int *cookie_len)); | ||
| 833 | void SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx, int (*app_verify_cookie_cb)(SSL *ssl, unsigned char *cookie, unsigned int cookie_len)); | ||
| 766 | 834 | ||
| 767 | #define SSL_NOTHING 1 | 835 | #define SSL_NOTHING 1 |
| 768 | #define SSL_WRITING 2 | 836 | #define SSL_WRITING 2 |
| @@ -778,7 +846,7 @@ struct ssl_ctx_st | |||
| 778 | struct ssl_st | 846 | struct ssl_st |
| 779 | { | 847 | { |
| 780 | /* protocol version | 848 | /* protocol version |
| 781 | * (one of SSL2_VERSION, SSL3_VERSION, TLS1_VERSION) | 849 | * (one of SSL2_VERSION, SSL3_VERSION, TLS1_VERSION, DTLS1_VERSION) |
| 782 | */ | 850 | */ |
| 783 | int version; | 851 | int version; |
| 784 | int type; /* SSL_ST_CONNECT or SSL_ST_ACCEPT */ | 852 | int type; /* SSL_ST_CONNECT or SSL_ST_ACCEPT */ |
| @@ -807,7 +875,7 @@ struct ssl_st | |||
| 807 | 875 | ||
| 808 | /* true when we are actually in SSL_accept() or SSL_connect() */ | 876 | /* true when we are actually in SSL_accept() or SSL_connect() */ |
| 809 | int in_handshake; | 877 | int in_handshake; |
| 810 | int (*handshake_func)(); | 878 | int (*handshake_func)(SSL *); |
| 811 | 879 | ||
| 812 | /* Imagine that here's a boolean member "init" that is | 880 | /* Imagine that here's a boolean member "init" that is |
| 813 | * switched as soon as SSL_set_{accept/connect}_state | 881 | * switched as soon as SSL_set_{accept/connect}_state |
| @@ -842,6 +910,7 @@ struct ssl_st | |||
| 842 | 910 | ||
| 843 | struct ssl2_state_st *s2; /* SSLv2 variables */ | 911 | struct ssl2_state_st *s2; /* SSLv2 variables */ |
| 844 | struct ssl3_state_st *s3; /* SSLv3 variables */ | 912 | struct ssl3_state_st *s3; /* SSLv3 variables */ |
| 913 | struct dtls1_state_st *d1; /* DTLSv1 variables */ | ||
| 845 | 914 | ||
| 846 | int read_ahead; /* Read as many input bytes as possible | 915 | int read_ahead; /* Read as many input bytes as possible |
| 847 | * (for non-blocking reads) */ | 916 | * (for non-blocking reads) */ |
| @@ -852,8 +921,12 @@ struct ssl_st | |||
| 852 | 921 | ||
| 853 | int hit; /* reusing a previous session */ | 922 | int hit; /* reusing a previous session */ |
| 854 | 923 | ||
| 924 | X509_VERIFY_PARAM *param; | ||
| 925 | |||
| 926 | #if 0 | ||
| 855 | int purpose; /* Purpose setting */ | 927 | int purpose; /* Purpose setting */ |
| 856 | int trust; /* Trust setting */ | 928 | int trust; /* Trust setting */ |
| 929 | #endif | ||
| 857 | 930 | ||
| 858 | /* crypto */ | 931 | /* crypto */ |
| 859 | STACK_OF(SSL_CIPHER) *cipher_list; | 932 | STACK_OF(SSL_CIPHER) *cipher_list; |
| @@ -898,7 +971,6 @@ struct ssl_st | |||
| 898 | /* Used in SSL2 and SSL3 */ | 971 | /* Used in SSL2 and SSL3 */ |
| 899 | int verify_mode; /* 0 don't care about verify failure. | 972 | int verify_mode; /* 0 don't care about verify failure. |
| 900 | * 1 fail if verify fails */ | 973 | * 1 fail if verify fails */ |
| 901 | int verify_depth; | ||
| 902 | int (*verify_callback)(int ok,X509_STORE_CTX *ctx); /* fail if callback returns 0 */ | 974 | int (*verify_callback)(int ok,X509_STORE_CTX *ctx); /* fail if callback returns 0 */ |
| 903 | 975 | ||
| 904 | void (*info_callback)(const SSL *ssl,int type,int val); /* optional informational callback */ | 976 | void (*info_callback)(const SSL *ssl,int type,int val); /* optional informational callback */ |
| @@ -929,6 +1001,37 @@ struct ssl_st | |||
| 929 | int first_packet; | 1001 | int first_packet; |
| 930 | int client_version; /* what was passed, used for | 1002 | int client_version; /* what was passed, used for |
| 931 | * SSLv3/TLS rollback check */ | 1003 | * SSLv3/TLS rollback check */ |
| 1004 | #ifndef OPENSSL_NO_TLSEXT | ||
| 1005 | /* TLS extension debug callback */ | ||
| 1006 | void (*tlsext_debug_cb)(SSL *s, int client_server, int type, | ||
| 1007 | unsigned char *data, int len, | ||
| 1008 | void *arg); | ||
| 1009 | void *tlsext_debug_arg; | ||
| 1010 | char *tlsext_hostname; | ||
| 1011 | int servername_done; /* no further mod of servername | ||
| 1012 | 0 : call the servername extension callback. | ||
| 1013 | 1 : prepare 2, allow last ack just after in server callback. | ||
| 1014 | 2 : don't call servername callback, no ack in server hello | ||
| 1015 | */ | ||
| 1016 | /* certificate status request info */ | ||
| 1017 | /* Status type or -1 if no status type */ | ||
| 1018 | int tlsext_status_type; | ||
| 1019 | /* Expect OCSP CertificateStatus message */ | ||
| 1020 | int tlsext_status_expected; | ||
| 1021 | /* OCSP status request only */ | ||
| 1022 | STACK_OF(OCSP_RESPID) *tlsext_ocsp_ids; | ||
| 1023 | X509_EXTENSIONS *tlsext_ocsp_exts; | ||
| 1024 | /* OCSP response received or to be sent */ | ||
| 1025 | unsigned char *tlsext_ocsp_resp; | ||
| 1026 | int tlsext_ocsp_resplen; | ||
| 1027 | |||
| 1028 | /* RFC4507 session ticket expected to be received or sent */ | ||
| 1029 | int tlsext_ticket_expected; | ||
| 1030 | SSL_CTX * initial_ctx; /* initial ctx, used to store sessions */ | ||
| 1031 | #define session_ctx initial_ctx | ||
| 1032 | #else | ||
| 1033 | #define session_ctx ctx | ||
| 1034 | #endif | ||
| 932 | }; | 1035 | }; |
| 933 | 1036 | ||
| 934 | #ifdef __cplusplus | 1037 | #ifdef __cplusplus |
| @@ -938,6 +1041,7 @@ struct ssl_st | |||
| 938 | #include <openssl/ssl2.h> | 1041 | #include <openssl/ssl2.h> |
| 939 | #include <openssl/ssl3.h> | 1042 | #include <openssl/ssl3.h> |
| 940 | #include <openssl/tls1.h> /* This is mostly sslv3 with a few tweaks */ | 1043 | #include <openssl/tls1.h> /* This is mostly sslv3 with a few tweaks */ |
| 1044 | #include <openssl/dtls1.h> /* Datagram TLS */ | ||
| 941 | #include <openssl/ssl23.h> | 1045 | #include <openssl/ssl23.h> |
| 942 | 1046 | ||
| 943 | #ifdef __cplusplus | 1047 | #ifdef __cplusplus |
| @@ -1035,21 +1139,16 @@ size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count); | |||
| 1035 | #define SSL_set_timeout(a,b) SSL_SESSION_set_timeout((a),(b)) | 1139 | #define SSL_set_timeout(a,b) SSL_SESSION_set_timeout((a),(b)) |
| 1036 | 1140 | ||
| 1037 | #if 1 /*SSLEAY_MACROS*/ | 1141 | #if 1 /*SSLEAY_MACROS*/ |
| 1038 | #define d2i_SSL_SESSION_bio(bp,s_id) (SSL_SESSION *)ASN1_d2i_bio( \ | 1142 | #define d2i_SSL_SESSION_bio(bp,s_id) ASN1_d2i_bio_of(SSL_SESSION,SSL_SESSION_new,d2i_SSL_SESSION,bp,s_id) |
| 1039 | (char *(*)())SSL_SESSION_new,(char *(*)())d2i_SSL_SESSION, \ | 1143 | #define i2d_SSL_SESSION_bio(bp,s_id) ASN1_i2d_bio_of(SSL_SESSION,i2d_SSL_SESSION,bp,s_id) |
| 1040 | (bp),(unsigned char **)(s_id)) | ||
| 1041 | #define i2d_SSL_SESSION_bio(bp,s_id) ASN1_i2d_bio(i2d_SSL_SESSION, \ | ||
| 1042 | bp,(unsigned char *)s_id) | ||
| 1043 | #define PEM_read_SSL_SESSION(fp,x,cb,u) (SSL_SESSION *)PEM_ASN1_read( \ | 1144 | #define PEM_read_SSL_SESSION(fp,x,cb,u) (SSL_SESSION *)PEM_ASN1_read( \ |
| 1044 | (char *(*)())d2i_SSL_SESSION,PEM_STRING_SSL_SESSION,fp,(char **)x,cb,u) | 1145 | (char *(*)())d2i_SSL_SESSION,PEM_STRING_SSL_SESSION,fp,(char **)x,cb,u) |
| 1045 | #define PEM_read_bio_SSL_SESSION(bp,x,cb,u) (SSL_SESSION *)PEM_ASN1_read_bio( \ | 1146 | #define PEM_read_bio_SSL_SESSION(bp,x,cb,u) PEM_ASN1_read_bio_of(SSL_SESSION,d2i_SSL_SESSION,PEM_STRING_SSL_SESSION,bp,x,cb,u) |
| 1046 | (char *(*)())d2i_SSL_SESSION,PEM_STRING_SSL_SESSION,bp,(char **)x,cb,u) | ||
| 1047 | #define PEM_write_SSL_SESSION(fp,x) \ | 1147 | #define PEM_write_SSL_SESSION(fp,x) \ |
| 1048 | PEM_ASN1_write((int (*)())i2d_SSL_SESSION, \ | 1148 | PEM_ASN1_write((int (*)())i2d_SSL_SESSION, \ |
| 1049 | PEM_STRING_SSL_SESSION,fp, (char *)x, NULL,NULL,0,NULL,NULL) | 1149 | PEM_STRING_SSL_SESSION,fp, (char *)x, NULL,NULL,0,NULL,NULL) |
| 1050 | #define PEM_write_bio_SSL_SESSION(bp,x) \ | 1150 | #define PEM_write_bio_SSL_SESSION(bp,x) \ |
| 1051 | PEM_ASN1_write_bio((int (*)())i2d_SSL_SESSION, \ | 1151 | PEM_ASN1_write_bio_of(SSL_SESSION,i2d_SSL_SESSION,PEM_STRING_SSL_SESSION,bp,x,NULL,NULL,0,NULL,NULL) |
| 1052 | PEM_STRING_SSL_SESSION,bp, (char *)x, NULL,NULL,0,NULL,NULL) | ||
| 1053 | #endif | 1152 | #endif |
| 1054 | 1153 | ||
| 1055 | #define SSL_AD_REASON_OFFSET 1000 | 1154 | #define SSL_AD_REASON_OFFSET 1000 |
| @@ -1078,6 +1177,10 @@ size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count); | |||
| 1078 | #define SSL_AD_INTERNAL_ERROR TLS1_AD_INTERNAL_ERROR /* fatal */ | 1177 | #define SSL_AD_INTERNAL_ERROR TLS1_AD_INTERNAL_ERROR /* fatal */ |
| 1079 | #define SSL_AD_USER_CANCELLED TLS1_AD_USER_CANCELLED | 1178 | #define SSL_AD_USER_CANCELLED TLS1_AD_USER_CANCELLED |
| 1080 | #define SSL_AD_NO_RENEGOTIATION TLS1_AD_NO_RENEGOTIATION | 1179 | #define SSL_AD_NO_RENEGOTIATION TLS1_AD_NO_RENEGOTIATION |
| 1180 | #define SSL_AD_UNSUPPORTED_EXTENSION TLS1_AD_UNSUPPORTED_EXTENSION | ||
| 1181 | #define SSL_AD_CERTIFICATE_UNOBTAINABLE TLS1_AD_CERTIFICATE_UNOBTAINABLE | ||
| 1182 | #define SSL_AD_UNRECOGNIZED_NAME TLS1_AD_UNRECOGNIZED_NAME | ||
| 1183 | #define SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE | ||
| 1081 | 1184 | ||
| 1082 | #define SSL_ERROR_NONE 0 | 1185 | #define SSL_ERROR_NONE 0 |
| 1083 | #define SSL_ERROR_SSL 1 | 1186 | #define SSL_ERROR_SSL 1 |
| @@ -1092,20 +1195,24 @@ size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count); | |||
| 1092 | #define SSL_CTRL_NEED_TMP_RSA 1 | 1195 | #define SSL_CTRL_NEED_TMP_RSA 1 |
| 1093 | #define SSL_CTRL_SET_TMP_RSA 2 | 1196 | #define SSL_CTRL_SET_TMP_RSA 2 |
| 1094 | #define SSL_CTRL_SET_TMP_DH 3 | 1197 | #define SSL_CTRL_SET_TMP_DH 3 |
| 1095 | #define SSL_CTRL_SET_TMP_RSA_CB 4 | 1198 | #define SSL_CTRL_SET_TMP_ECDH 4 |
| 1096 | #define SSL_CTRL_SET_TMP_DH_CB 5 | 1199 | #define SSL_CTRL_SET_TMP_RSA_CB 5 |
| 1097 | 1200 | #define SSL_CTRL_SET_TMP_DH_CB 6 | |
| 1098 | #define SSL_CTRL_GET_SESSION_REUSED 6 | 1201 | #define SSL_CTRL_SET_TMP_ECDH_CB 7 |
| 1099 | #define SSL_CTRL_GET_CLIENT_CERT_REQUEST 7 | 1202 | |
| 1100 | #define SSL_CTRL_GET_NUM_RENEGOTIATIONS 8 | 1203 | #define SSL_CTRL_GET_SESSION_REUSED 8 |
| 1101 | #define SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS 9 | 1204 | #define SSL_CTRL_GET_CLIENT_CERT_REQUEST 9 |
| 1102 | #define SSL_CTRL_GET_TOTAL_RENEGOTIATIONS 10 | 1205 | #define SSL_CTRL_GET_NUM_RENEGOTIATIONS 10 |
| 1103 | #define SSL_CTRL_GET_FLAGS 11 | 1206 | #define SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS 11 |
| 1104 | #define SSL_CTRL_EXTRA_CHAIN_CERT 12 | 1207 | #define SSL_CTRL_GET_TOTAL_RENEGOTIATIONS 12 |
| 1105 | 1208 | #define SSL_CTRL_GET_FLAGS 13 | |
| 1106 | #define SSL_CTRL_SET_MSG_CALLBACK 13 | 1209 | #define SSL_CTRL_EXTRA_CHAIN_CERT 14 |
| 1107 | #define SSL_CTRL_SET_MSG_CALLBACK_ARG 14 | 1210 | |
| 1108 | 1211 | #define SSL_CTRL_SET_MSG_CALLBACK 15 | |
| 1212 | #define SSL_CTRL_SET_MSG_CALLBACK_ARG 16 | ||
| 1213 | |||
| 1214 | /* only applies to datagram connections */ | ||
| 1215 | #define SSL_CTRL_SET_MTU 17 | ||
| 1109 | /* Stats */ | 1216 | /* Stats */ |
| 1110 | #define SSL_CTRL_SESS_NUMBER 20 | 1217 | #define SSL_CTRL_SESS_NUMBER 20 |
| 1111 | #define SSL_CTRL_SESS_CONNECT 21 | 1218 | #define SSL_CTRL_SESS_CONNECT 21 |
| @@ -1132,6 +1239,29 @@ size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count); | |||
| 1132 | #define SSL_CTRL_GET_MAX_CERT_LIST 50 | 1239 | #define SSL_CTRL_GET_MAX_CERT_LIST 50 |
| 1133 | #define SSL_CTRL_SET_MAX_CERT_LIST 51 | 1240 | #define SSL_CTRL_SET_MAX_CERT_LIST 51 |
| 1134 | 1241 | ||
| 1242 | /* see tls1.h for macros based on these */ | ||
| 1243 | #ifndef OPENSSL_NO_TLSEXT | ||
| 1244 | #define SSL_CTRL_SET_TLSEXT_SERVERNAME_CB 53 | ||
| 1245 | #define SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG 54 | ||
| 1246 | #define SSL_CTRL_SET_TLSEXT_HOSTNAME 55 | ||
| 1247 | #define SSL_CTRL_SET_TLSEXT_DEBUG_CB 56 | ||
| 1248 | #define SSL_CTRL_SET_TLSEXT_DEBUG_ARG 57 | ||
| 1249 | #define SSL_CTRL_GET_TLSEXT_TICKET_KEYS 58 | ||
| 1250 | #define SSL_CTRL_SET_TLSEXT_TICKET_KEYS 59 | ||
| 1251 | |||
| 1252 | #define SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB 63 | ||
| 1253 | #define SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG 64 | ||
| 1254 | #define SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE 65 | ||
| 1255 | #define SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS 66 | ||
| 1256 | #define SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS 67 | ||
| 1257 | #define SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS 68 | ||
| 1258 | #define SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS 69 | ||
| 1259 | #define SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP 70 | ||
| 1260 | #define SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP 71 | ||
| 1261 | |||
| 1262 | #define SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB 72 | ||
| 1263 | #endif | ||
| 1264 | |||
| 1135 | #define SSL_session_reused(ssl) \ | 1265 | #define SSL_session_reused(ssl) \ |
| 1136 | SSL_ctrl((ssl),SSL_CTRL_GET_SESSION_REUSED,0,NULL) | 1266 | SSL_ctrl((ssl),SSL_CTRL_GET_SESSION_REUSED,0,NULL) |
| 1137 | #define SSL_num_renegotiations(ssl) \ | 1267 | #define SSL_num_renegotiations(ssl) \ |
| @@ -1147,6 +1277,8 @@ size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count); | |||
| 1147 | SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_RSA,0,(char *)rsa) | 1277 | SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_RSA,0,(char *)rsa) |
| 1148 | #define SSL_CTX_set_tmp_dh(ctx,dh) \ | 1278 | #define SSL_CTX_set_tmp_dh(ctx,dh) \ |
| 1149 | SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_DH,0,(char *)dh) | 1279 | SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_DH,0,(char *)dh) |
| 1280 | #define SSL_CTX_set_tmp_ecdh(ctx,ecdh) \ | ||
| 1281 | SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_ECDH,0,(char *)ecdh) | ||
| 1150 | 1282 | ||
| 1151 | #define SSL_need_tmp_RSA(ssl) \ | 1283 | #define SSL_need_tmp_RSA(ssl) \ |
| 1152 | SSL_ctrl(ssl,SSL_CTRL_NEED_TMP_RSA,0,NULL) | 1284 | SSL_ctrl(ssl,SSL_CTRL_NEED_TMP_RSA,0,NULL) |
| @@ -1154,6 +1286,8 @@ size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count); | |||
| 1154 | SSL_ctrl(ssl,SSL_CTRL_SET_TMP_RSA,0,(char *)rsa) | 1286 | SSL_ctrl(ssl,SSL_CTRL_SET_TMP_RSA,0,(char *)rsa) |
| 1155 | #define SSL_set_tmp_dh(ssl,dh) \ | 1287 | #define SSL_set_tmp_dh(ssl,dh) \ |
| 1156 | SSL_ctrl(ssl,SSL_CTRL_SET_TMP_DH,0,(char *)dh) | 1288 | SSL_ctrl(ssl,SSL_CTRL_SET_TMP_DH,0,(char *)dh) |
| 1289 | #define SSL_set_tmp_ecdh(ssl,ecdh) \ | ||
| 1290 | SSL_ctrl(ssl,SSL_CTRL_SET_TMP_ECDH,0,(char *)ecdh) | ||
| 1157 | 1291 | ||
| 1158 | #define SSL_CTX_add_extra_chain_cert(ctx,x509) \ | 1292 | #define SSL_CTX_add_extra_chain_cert(ctx,x509) \ |
| 1159 | SSL_CTX_ctrl(ctx,SSL_CTRL_EXTRA_CHAIN_CERT,0,(char *)x509) | 1293 | SSL_CTX_ctrl(ctx,SSL_CTRL_EXTRA_CHAIN_CERT,0,(char *)x509) |
| @@ -1215,9 +1349,9 @@ int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa); | |||
| 1215 | #endif | 1349 | #endif |
| 1216 | int SSL_use_RSAPrivateKey_ASN1(SSL *ssl, unsigned char *d, long len); | 1350 | int SSL_use_RSAPrivateKey_ASN1(SSL *ssl, unsigned char *d, long len); |
| 1217 | int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey); | 1351 | int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey); |
| 1218 | int SSL_use_PrivateKey_ASN1(int pk,SSL *ssl, unsigned char *d, long len); | 1352 | int SSL_use_PrivateKey_ASN1(int pk,SSL *ssl, const unsigned char *d, long len); |
| 1219 | int SSL_use_certificate(SSL *ssl, X509 *x); | 1353 | int SSL_use_certificate(SSL *ssl, X509 *x); |
| 1220 | int SSL_use_certificate_ASN1(SSL *ssl, unsigned char *d, int len); | 1354 | int SSL_use_certificate_ASN1(SSL *ssl, const unsigned char *d, int len); |
| 1221 | 1355 | ||
| 1222 | #ifndef OPENSSL_NO_STDIO | 1356 | #ifndef OPENSSL_NO_STDIO |
| 1223 | int SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type); | 1357 | int SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type); |
| @@ -1253,6 +1387,7 @@ void SSL_copy_session_id(SSL *to,const SSL *from); | |||
| 1253 | SSL_SESSION *SSL_SESSION_new(void); | 1387 | SSL_SESSION *SSL_SESSION_new(void); |
| 1254 | unsigned long SSL_SESSION_hash(const SSL_SESSION *a); | 1388 | unsigned long SSL_SESSION_hash(const SSL_SESSION *a); |
| 1255 | int SSL_SESSION_cmp(const SSL_SESSION *a,const SSL_SESSION *b); | 1389 | int SSL_SESSION_cmp(const SSL_SESSION *a,const SSL_SESSION *b); |
| 1390 | const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s, unsigned int *len); | ||
| 1256 | #ifndef OPENSSL_NO_FP_API | 1391 | #ifndef OPENSSL_NO_FP_API |
| 1257 | int SSL_SESSION_print_fp(FILE *fp,const SSL_SESSION *ses); | 1392 | int SSL_SESSION_print_fp(FILE *fp,const SSL_SESSION *ses); |
| 1258 | #endif | 1393 | #endif |
| @@ -1268,7 +1403,7 @@ int SSL_CTX_set_generate_session_id(SSL_CTX *, GEN_SESSION_CB); | |||
| 1268 | int SSL_set_generate_session_id(SSL *, GEN_SESSION_CB); | 1403 | int SSL_set_generate_session_id(SSL *, GEN_SESSION_CB); |
| 1269 | int SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id, | 1404 | int SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id, |
| 1270 | unsigned int id_len); | 1405 | unsigned int id_len); |
| 1271 | SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a,const unsigned char * const *pp, | 1406 | SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a,const unsigned char **pp, |
| 1272 | long length); | 1407 | long length); |
| 1273 | 1408 | ||
| 1274 | #ifdef HEADER_X509_H | 1409 | #ifdef HEADER_X509_H |
| @@ -1287,12 +1422,12 @@ void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, int (*cb)(X509_STORE_CTX *,v | |||
| 1287 | #ifndef OPENSSL_NO_RSA | 1422 | #ifndef OPENSSL_NO_RSA |
| 1288 | int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa); | 1423 | int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa); |
| 1289 | #endif | 1424 | #endif |
| 1290 | int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, unsigned char *d, long len); | 1425 | int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, const unsigned char *d, long len); |
| 1291 | int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey); | 1426 | int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey); |
| 1292 | int SSL_CTX_use_PrivateKey_ASN1(int pk,SSL_CTX *ctx, | 1427 | int SSL_CTX_use_PrivateKey_ASN1(int pk,SSL_CTX *ctx, |
| 1293 | unsigned char *d, long len); | 1428 | const unsigned char *d, long len); |
| 1294 | int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x); | 1429 | int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x); |
| 1295 | int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, unsigned char *d); | 1430 | int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, const unsigned char *d); |
| 1296 | 1431 | ||
| 1297 | void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb); | 1432 | void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb); |
| 1298 | void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx, void *u); | 1433 | void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx, void *u); |
| @@ -1319,9 +1454,9 @@ int SSL_read(SSL *ssl,void *buf,int num); | |||
| 1319 | int SSL_peek(SSL *ssl,void *buf,int num); | 1454 | int SSL_peek(SSL *ssl,void *buf,int num); |
| 1320 | int SSL_write(SSL *ssl,const void *buf,int num); | 1455 | int SSL_write(SSL *ssl,const void *buf,int num); |
| 1321 | long SSL_ctrl(SSL *ssl,int cmd, long larg, void *parg); | 1456 | long SSL_ctrl(SSL *ssl,int cmd, long larg, void *parg); |
| 1322 | long SSL_callback_ctrl(SSL *, int, void (*)()); | 1457 | long SSL_callback_ctrl(SSL *, int, void (*)(void)); |
| 1323 | long SSL_CTX_ctrl(SSL_CTX *ctx,int cmd, long larg, void *parg); | 1458 | long SSL_CTX_ctrl(SSL_CTX *ctx,int cmd, long larg, void *parg); |
| 1324 | long SSL_CTX_callback_ctrl(SSL_CTX *, int, void (*)()); | 1459 | long SSL_CTX_callback_ctrl(SSL_CTX *, int, void (*)(void)); |
| 1325 | 1460 | ||
| 1326 | int SSL_get_error(const SSL *s,int ret_code); | 1461 | int SSL_get_error(const SSL *s,int ret_code); |
| 1327 | const char *SSL_get_version(const SSL *s); | 1462 | const char *SSL_get_version(const SSL *s); |
| @@ -1345,6 +1480,10 @@ SSL_METHOD *TLSv1_method(void); /* TLSv1.0 */ | |||
| 1345 | SSL_METHOD *TLSv1_server_method(void); /* TLSv1.0 */ | 1480 | SSL_METHOD *TLSv1_server_method(void); /* TLSv1.0 */ |
| 1346 | SSL_METHOD *TLSv1_client_method(void); /* TLSv1.0 */ | 1481 | SSL_METHOD *TLSv1_client_method(void); /* TLSv1.0 */ |
| 1347 | 1482 | ||
| 1483 | SSL_METHOD *DTLSv1_method(void); /* DTLSv1.0 */ | ||
| 1484 | SSL_METHOD *DTLSv1_server_method(void); /* DTLSv1.0 */ | ||
| 1485 | SSL_METHOD *DTLSv1_client_method(void); /* DTLSv1.0 */ | ||
| 1486 | |||
| 1348 | STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *s); | 1487 | STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *s); |
| 1349 | 1488 | ||
| 1350 | int SSL_do_handshake(SSL *s); | 1489 | int SSL_do_handshake(SSL *s); |
| @@ -1395,6 +1534,7 @@ int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile, | |||
| 1395 | SSL_SESSION *SSL_get_session(const SSL *ssl); | 1534 | SSL_SESSION *SSL_get_session(const SSL *ssl); |
| 1396 | SSL_SESSION *SSL_get1_session(SSL *ssl); /* obtain a reference count */ | 1535 | SSL_SESSION *SSL_get1_session(SSL *ssl); /* obtain a reference count */ |
| 1397 | SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl); | 1536 | SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl); |
| 1537 | SSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX* ctx); | ||
| 1398 | void SSL_set_info_callback(SSL *ssl, | 1538 | void SSL_set_info_callback(SSL *ssl, |
| 1399 | void (*cb)(const SSL *ssl,int type,int val)); | 1539 | void (*cb)(const SSL *ssl,int type,int val)); |
| 1400 | void (*SSL_get_info_callback(const SSL *ssl))(const SSL *ssl,int type,int val); | 1540 | void (*SSL_get_info_callback(const SSL *ssl))(const SSL *ssl,int type,int val); |
| @@ -1462,11 +1602,27 @@ void SSL_set_tmp_dh_callback(SSL *ssl, | |||
| 1462 | DH *(*dh)(SSL *ssl,int is_export, | 1602 | DH *(*dh)(SSL *ssl,int is_export, |
| 1463 | int keylength)); | 1603 | int keylength)); |
| 1464 | #endif | 1604 | #endif |
| 1605 | #ifndef OPENSSL_NO_ECDH | ||
| 1606 | void SSL_CTX_set_tmp_ecdh_callback(SSL_CTX *ctx, | ||
| 1607 | EC_KEY *(*ecdh)(SSL *ssl,int is_export, | ||
| 1608 | int keylength)); | ||
| 1609 | void SSL_set_tmp_ecdh_callback(SSL *ssl, | ||
| 1610 | EC_KEY *(*ecdh)(SSL *ssl,int is_export, | ||
| 1611 | int keylength)); | ||
| 1612 | #endif | ||
| 1465 | 1613 | ||
| 1466 | #ifndef OPENSSL_NO_COMP | 1614 | #ifndef OPENSSL_NO_COMP |
| 1615 | const COMP_METHOD *SSL_get_current_compression(SSL *s); | ||
| 1616 | const COMP_METHOD *SSL_get_current_expansion(SSL *s); | ||
| 1617 | const char *SSL_COMP_get_name(const COMP_METHOD *comp); | ||
| 1618 | STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void); | ||
| 1467 | int SSL_COMP_add_compression_method(int id,COMP_METHOD *cm); | 1619 | int SSL_COMP_add_compression_method(int id,COMP_METHOD *cm); |
| 1468 | #else | 1620 | #else |
| 1469 | int SSL_COMP_add_compression_method(int id,char *cm); | 1621 | const void *SSL_get_current_compression(SSL *s); |
| 1622 | const void *SSL_get_current_expansion(SSL *s); | ||
| 1623 | const char *SSL_COMP_get_name(const void *comp); | ||
| 1624 | void *SSL_COMP_get_compression_methods(void); | ||
| 1625 | int SSL_COMP_add_compression_method(int id,void *cm); | ||
| 1470 | #endif | 1626 | #endif |
| 1471 | 1627 | ||
| 1472 | /* BEGIN ERROR CODES */ | 1628 | /* BEGIN ERROR CODES */ |
| @@ -1479,11 +1635,36 @@ void ERR_load_SSL_strings(void); | |||
| 1479 | 1635 | ||
| 1480 | /* Function codes. */ | 1636 | /* Function codes. */ |
| 1481 | #define SSL_F_CLIENT_CERTIFICATE 100 | 1637 | #define SSL_F_CLIENT_CERTIFICATE 100 |
| 1482 | #define SSL_F_CLIENT_FINISHED 238 | 1638 | #define SSL_F_CLIENT_FINISHED 167 |
| 1483 | #define SSL_F_CLIENT_HELLO 101 | 1639 | #define SSL_F_CLIENT_HELLO 101 |
| 1484 | #define SSL_F_CLIENT_MASTER_KEY 102 | 1640 | #define SSL_F_CLIENT_MASTER_KEY 102 |
| 1485 | #define SSL_F_D2I_SSL_SESSION 103 | 1641 | #define SSL_F_D2I_SSL_SESSION 103 |
| 1642 | #define SSL_F_DO_DTLS1_WRITE 245 | ||
| 1486 | #define SSL_F_DO_SSL3_WRITE 104 | 1643 | #define SSL_F_DO_SSL3_WRITE 104 |
| 1644 | #define SSL_F_DTLS1_ACCEPT 246 | ||
| 1645 | #define SSL_F_DTLS1_BUFFER_RECORD 247 | ||
| 1646 | #define SSL_F_DTLS1_CLIENT_HELLO 248 | ||
| 1647 | #define SSL_F_DTLS1_CONNECT 249 | ||
| 1648 | #define SSL_F_DTLS1_ENC 250 | ||
| 1649 | #define SSL_F_DTLS1_GET_HELLO_VERIFY 251 | ||
| 1650 | #define SSL_F_DTLS1_GET_MESSAGE 252 | ||
| 1651 | #define SSL_F_DTLS1_GET_MESSAGE_FRAGMENT 253 | ||
| 1652 | #define SSL_F_DTLS1_GET_RECORD 254 | ||
| 1653 | #define SSL_F_DTLS1_OUTPUT_CERT_CHAIN 255 | ||
| 1654 | #define SSL_F_DTLS1_PREPROCESS_FRAGMENT 277 | ||
| 1655 | #define SSL_F_DTLS1_PROCESS_OUT_OF_SEQ_MESSAGE 256 | ||
| 1656 | #define SSL_F_DTLS1_PROCESS_RECORD 257 | ||
| 1657 | #define SSL_F_DTLS1_READ_BYTES 258 | ||
| 1658 | #define SSL_F_DTLS1_READ_FAILED 259 | ||
| 1659 | #define SSL_F_DTLS1_SEND_CERTIFICATE_REQUEST 260 | ||
| 1660 | #define SSL_F_DTLS1_SEND_CLIENT_CERTIFICATE 261 | ||
| 1661 | #define SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE 262 | ||
| 1662 | #define SSL_F_DTLS1_SEND_CLIENT_VERIFY 263 | ||
| 1663 | #define SSL_F_DTLS1_SEND_HELLO_VERIFY_REQUEST 264 | ||
| 1664 | #define SSL_F_DTLS1_SEND_SERVER_CERTIFICATE 265 | ||
| 1665 | #define SSL_F_DTLS1_SEND_SERVER_HELLO 266 | ||
| 1666 | #define SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE 267 | ||
| 1667 | #define SSL_F_DTLS1_WRITE_APP_DATA_BYTES 268 | ||
| 1487 | #define SSL_F_GET_CLIENT_FINISHED 105 | 1668 | #define SSL_F_GET_CLIENT_FINISHED 105 |
| 1488 | #define SSL_F_GET_CLIENT_HELLO 106 | 1669 | #define SSL_F_GET_CLIENT_HELLO 106 |
| 1489 | #define SSL_F_GET_CLIENT_MASTER_KEY 107 | 1670 | #define SSL_F_GET_CLIENT_MASTER_KEY 107 |
| @@ -1524,6 +1705,7 @@ void ERR_load_SSL_strings(void); | |||
| 1524 | #define SSL_F_SSL3_ENC 134 | 1705 | #define SSL_F_SSL3_ENC 134 |
| 1525 | #define SSL_F_SSL3_GENERATE_KEY_BLOCK 238 | 1706 | #define SSL_F_SSL3_GENERATE_KEY_BLOCK 238 |
| 1526 | #define SSL_F_SSL3_GET_CERTIFICATE_REQUEST 135 | 1707 | #define SSL_F_SSL3_GET_CERTIFICATE_REQUEST 135 |
| 1708 | #define SSL_F_SSL3_GET_CERT_STATUS 288 | ||
| 1527 | #define SSL_F_SSL3_GET_CERT_VERIFY 136 | 1709 | #define SSL_F_SSL3_GET_CERT_VERIFY 136 |
| 1528 | #define SSL_F_SSL3_GET_CLIENT_CERTIFICATE 137 | 1710 | #define SSL_F_SSL3_GET_CLIENT_CERTIFICATE 137 |
| 1529 | #define SSL_F_SSL3_GET_CLIENT_HELLO 138 | 1711 | #define SSL_F_SSL3_GET_CLIENT_HELLO 138 |
| @@ -1531,10 +1713,12 @@ void ERR_load_SSL_strings(void); | |||
| 1531 | #define SSL_F_SSL3_GET_FINISHED 140 | 1713 | #define SSL_F_SSL3_GET_FINISHED 140 |
| 1532 | #define SSL_F_SSL3_GET_KEY_EXCHANGE 141 | 1714 | #define SSL_F_SSL3_GET_KEY_EXCHANGE 141 |
| 1533 | #define SSL_F_SSL3_GET_MESSAGE 142 | 1715 | #define SSL_F_SSL3_GET_MESSAGE 142 |
| 1716 | #define SSL_F_SSL3_GET_NEW_SESSION_TICKET 283 | ||
| 1534 | #define SSL_F_SSL3_GET_RECORD 143 | 1717 | #define SSL_F_SSL3_GET_RECORD 143 |
| 1535 | #define SSL_F_SSL3_GET_SERVER_CERTIFICATE 144 | 1718 | #define SSL_F_SSL3_GET_SERVER_CERTIFICATE 144 |
| 1536 | #define SSL_F_SSL3_GET_SERVER_DONE 145 | 1719 | #define SSL_F_SSL3_GET_SERVER_DONE 145 |
| 1537 | #define SSL_F_SSL3_GET_SERVER_HELLO 146 | 1720 | #define SSL_F_SSL3_GET_SERVER_HELLO 146 |
| 1721 | #define SSL_F_SSL3_NEW_SESSION_TICKET 284 | ||
| 1538 | #define SSL_F_SSL3_OUTPUT_CERT_CHAIN 147 | 1722 | #define SSL_F_SSL3_OUTPUT_CERT_CHAIN 147 |
| 1539 | #define SSL_F_SSL3_PEEK 235 | 1723 | #define SSL_F_SSL3_PEEK 235 |
| 1540 | #define SSL_F_SSL3_READ_BYTES 148 | 1724 | #define SSL_F_SSL3_READ_BYTES 148 |
| @@ -1550,8 +1734,10 @@ void ERR_load_SSL_strings(void); | |||
| 1550 | #define SSL_F_SSL3_SETUP_KEY_BLOCK 157 | 1734 | #define SSL_F_SSL3_SETUP_KEY_BLOCK 157 |
| 1551 | #define SSL_F_SSL3_WRITE_BYTES 158 | 1735 | #define SSL_F_SSL3_WRITE_BYTES 158 |
| 1552 | #define SSL_F_SSL3_WRITE_PENDING 159 | 1736 | #define SSL_F_SSL3_WRITE_PENDING 159 |
| 1737 | #define SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT 272 | ||
| 1553 | #define SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK 215 | 1738 | #define SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK 215 |
| 1554 | #define SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK 216 | 1739 | #define SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK 216 |
| 1740 | #define SSL_F_SSL_ADD_SERVERHELLO_TLSEXT 273 | ||
| 1555 | #define SSL_F_SSL_BAD_METHOD 160 | 1741 | #define SSL_F_SSL_BAD_METHOD 160 |
| 1556 | #define SSL_F_SSL_BYTES_TO_CIPHER_LIST 161 | 1742 | #define SSL_F_SSL_BYTES_TO_CIPHER_LIST 161 |
| 1557 | #define SSL_F_SSL_CERT_DUP 221 | 1743 | #define SSL_F_SSL_CERT_DUP 221 |
| @@ -1559,6 +1745,7 @@ void ERR_load_SSL_strings(void); | |||
| 1559 | #define SSL_F_SSL_CERT_INSTANTIATE 214 | 1745 | #define SSL_F_SSL_CERT_INSTANTIATE 214 |
| 1560 | #define SSL_F_SSL_CERT_NEW 162 | 1746 | #define SSL_F_SSL_CERT_NEW 162 |
| 1561 | #define SSL_F_SSL_CHECK_PRIVATE_KEY 163 | 1747 | #define SSL_F_SSL_CHECK_PRIVATE_KEY 163 |
| 1748 | #define SSL_F_SSL_CHECK_SERVERHELLO_TLSEXT 274 | ||
| 1562 | #define SSL_F_SSL_CIPHER_PROCESS_RULESTR 230 | 1749 | #define SSL_F_SSL_CIPHER_PROCESS_RULESTR 230 |
| 1563 | #define SSL_F_SSL_CIPHER_STRENGTH_SORT 231 | 1750 | #define SSL_F_SSL_CIPHER_STRENGTH_SORT 231 |
| 1564 | #define SSL_F_SSL_CLEAR 164 | 1751 | #define SSL_F_SSL_CLEAR 164 |
| @@ -1590,6 +1777,9 @@ void ERR_load_SSL_strings(void); | |||
| 1590 | #define SSL_F_SSL_INIT_WBIO_BUFFER 184 | 1777 | #define SSL_F_SSL_INIT_WBIO_BUFFER 184 |
| 1591 | #define SSL_F_SSL_LOAD_CLIENT_CA_FILE 185 | 1778 | #define SSL_F_SSL_LOAD_CLIENT_CA_FILE 185 |
| 1592 | #define SSL_F_SSL_NEW 186 | 1779 | #define SSL_F_SSL_NEW 186 |
| 1780 | #define SSL_F_SSL_PEEK 270 | ||
| 1781 | #define SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT 275 | ||
| 1782 | #define SSL_F_SSL_PREPARE_SERVERHELLO_TLSEXT 276 | ||
| 1593 | #define SSL_F_SSL_READ 223 | 1783 | #define SSL_F_SSL_READ 223 |
| 1594 | #define SSL_F_SSL_RSA_PRIVATE_DECRYPT 187 | 1784 | #define SSL_F_SSL_RSA_PRIVATE_DECRYPT 187 |
| 1595 | #define SSL_F_SSL_RSA_PUBLIC_ENCRYPT 188 | 1785 | #define SSL_F_SSL_RSA_PUBLIC_ENCRYPT 188 |
| @@ -1609,6 +1799,7 @@ void ERR_load_SSL_strings(void); | |||
| 1609 | #define SSL_F_SSL_SHUTDOWN 224 | 1799 | #define SSL_F_SSL_SHUTDOWN 224 |
| 1610 | #define SSL_F_SSL_UNDEFINED_CONST_FUNCTION 243 | 1800 | #define SSL_F_SSL_UNDEFINED_CONST_FUNCTION 243 |
| 1611 | #define SSL_F_SSL_UNDEFINED_FUNCTION 197 | 1801 | #define SSL_F_SSL_UNDEFINED_FUNCTION 197 |
| 1802 | #define SSL_F_SSL_UNDEFINED_VOID_FUNCTION 244 | ||
| 1612 | #define SSL_F_SSL_USE_CERTIFICATE 198 | 1803 | #define SSL_F_SSL_USE_CERTIFICATE 198 |
| 1613 | #define SSL_F_SSL_USE_CERTIFICATE_ASN1 199 | 1804 | #define SSL_F_SSL_USE_CERTIFICATE_ASN1 199 |
| 1614 | #define SSL_F_SSL_USE_CERTIFICATE_FILE 200 | 1805 | #define SSL_F_SSL_USE_CERTIFICATE_FILE 200 |
| @@ -1639,6 +1830,9 @@ void ERR_load_SSL_strings(void); | |||
| 1639 | #define SSL_R_BAD_DH_P_LENGTH 110 | 1830 | #define SSL_R_BAD_DH_P_LENGTH 110 |
| 1640 | #define SSL_R_BAD_DIGEST_LENGTH 111 | 1831 | #define SSL_R_BAD_DIGEST_LENGTH 111 |
| 1641 | #define SSL_R_BAD_DSA_SIGNATURE 112 | 1832 | #define SSL_R_BAD_DSA_SIGNATURE 112 |
| 1833 | #define SSL_R_BAD_ECC_CERT 304 | ||
| 1834 | #define SSL_R_BAD_ECDSA_SIGNATURE 305 | ||
| 1835 | #define SSL_R_BAD_ECPOINT 306 | ||
| 1642 | #define SSL_R_BAD_HELLO_REQUEST 105 | 1836 | #define SSL_R_BAD_HELLO_REQUEST 105 |
| 1643 | #define SSL_R_BAD_LENGTH 271 | 1837 | #define SSL_R_BAD_LENGTH 271 |
| 1644 | #define SSL_R_BAD_MAC_DECODE 113 | 1838 | #define SSL_R_BAD_MAC_DECODE 113 |
| @@ -1668,17 +1862,22 @@ void ERR_load_SSL_strings(void); | |||
| 1668 | #define SSL_R_CIPHER_CODE_WRONG_LENGTH 137 | 1862 | #define SSL_R_CIPHER_CODE_WRONG_LENGTH 137 |
| 1669 | #define SSL_R_CIPHER_OR_HASH_UNAVAILABLE 138 | 1863 | #define SSL_R_CIPHER_OR_HASH_UNAVAILABLE 138 |
| 1670 | #define SSL_R_CIPHER_TABLE_SRC_ERROR 139 | 1864 | #define SSL_R_CIPHER_TABLE_SRC_ERROR 139 |
| 1865 | #define SSL_R_CLIENTHELLO_TLSEXT 157 | ||
| 1671 | #define SSL_R_COMPRESSED_LENGTH_TOO_LONG 140 | 1866 | #define SSL_R_COMPRESSED_LENGTH_TOO_LONG 140 |
| 1672 | #define SSL_R_COMPRESSION_FAILURE 141 | 1867 | #define SSL_R_COMPRESSION_FAILURE 141 |
| 1868 | #define SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE 307 | ||
| 1673 | #define SSL_R_COMPRESSION_LIBRARY_ERROR 142 | 1869 | #define SSL_R_COMPRESSION_LIBRARY_ERROR 142 |
| 1674 | #define SSL_R_CONNECTION_ID_IS_DIFFERENT 143 | 1870 | #define SSL_R_CONNECTION_ID_IS_DIFFERENT 143 |
| 1675 | #define SSL_R_CONNECTION_TYPE_NOT_SET 144 | 1871 | #define SSL_R_CONNECTION_TYPE_NOT_SET 144 |
| 1872 | #define SSL_R_COOKIE_MISMATCH 308 | ||
| 1676 | #define SSL_R_DATA_BETWEEN_CCS_AND_FINISHED 145 | 1873 | #define SSL_R_DATA_BETWEEN_CCS_AND_FINISHED 145 |
| 1677 | #define SSL_R_DATA_LENGTH_TOO_LONG 146 | 1874 | #define SSL_R_DATA_LENGTH_TOO_LONG 146 |
| 1678 | #define SSL_R_DECRYPTION_FAILED 147 | 1875 | #define SSL_R_DECRYPTION_FAILED 147 |
| 1679 | #define SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC 281 | 1876 | #define SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC 281 |
| 1680 | #define SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG 148 | 1877 | #define SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG 148 |
| 1681 | #define SSL_R_DIGEST_CHECK_FAILED 149 | 1878 | #define SSL_R_DIGEST_CHECK_FAILED 149 |
| 1879 | #define SSL_R_DUPLICATE_COMPRESSION_ID 309 | ||
| 1880 | #define SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER 310 | ||
| 1682 | #define SSL_R_ENCRYPTED_LENGTH_TOO_LONG 150 | 1881 | #define SSL_R_ENCRYPTED_LENGTH_TOO_LONG 150 |
| 1683 | #define SSL_R_ERROR_GENERATING_TMP_RSA_KEY 282 | 1882 | #define SSL_R_ERROR_GENERATING_TMP_RSA_KEY 282 |
| 1684 | #define SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST 151 | 1883 | #define SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST 151 |
| @@ -1691,6 +1890,8 @@ void ERR_load_SSL_strings(void); | |||
| 1691 | #define SSL_R_INVALID_CHALLENGE_LENGTH 158 | 1890 | #define SSL_R_INVALID_CHALLENGE_LENGTH 158 |
| 1692 | #define SSL_R_INVALID_COMMAND 280 | 1891 | #define SSL_R_INVALID_COMMAND 280 |
| 1693 | #define SSL_R_INVALID_PURPOSE 278 | 1892 | #define SSL_R_INVALID_PURPOSE 278 |
| 1893 | #define SSL_R_INVALID_STATUS_RESPONSE 316 | ||
| 1894 | #define SSL_R_INVALID_TICKET_KEYS_LENGTH 275 | ||
| 1694 | #define SSL_R_INVALID_TRUST 279 | 1895 | #define SSL_R_INVALID_TRUST 279 |
| 1695 | #define SSL_R_KEY_ARG_TOO_LONG 284 | 1896 | #define SSL_R_KEY_ARG_TOO_LONG 284 |
| 1696 | #define SSL_R_KRB5 285 | 1897 | #define SSL_R_KRB5 285 |
| @@ -1719,6 +1920,7 @@ void ERR_load_SSL_strings(void); | |||
| 1719 | #define SSL_R_MISSING_RSA_ENCRYPTING_CERT 169 | 1920 | #define SSL_R_MISSING_RSA_ENCRYPTING_CERT 169 |
| 1720 | #define SSL_R_MISSING_RSA_SIGNING_CERT 170 | 1921 | #define SSL_R_MISSING_RSA_SIGNING_CERT 170 |
| 1721 | #define SSL_R_MISSING_TMP_DH_KEY 171 | 1922 | #define SSL_R_MISSING_TMP_DH_KEY 171 |
| 1923 | #define SSL_R_MISSING_TMP_ECDH_KEY 311 | ||
| 1722 | #define SSL_R_MISSING_TMP_RSA_KEY 172 | 1924 | #define SSL_R_MISSING_TMP_RSA_KEY 172 |
| 1723 | #define SSL_R_MISSING_TMP_RSA_PKEY 173 | 1925 | #define SSL_R_MISSING_TMP_RSA_PKEY 173 |
| 1724 | #define SSL_R_MISSING_VERIFY_MESSAGE 174 | 1926 | #define SSL_R_MISSING_VERIFY_MESSAGE 174 |
| @@ -1747,6 +1949,7 @@ void ERR_load_SSL_strings(void); | |||
| 1747 | #define SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED 197 | 1949 | #define SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED 197 |
| 1748 | #define SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE 297 | 1950 | #define SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE 297 |
| 1749 | #define SSL_R_PACKET_LENGTH_TOO_LONG 198 | 1951 | #define SSL_R_PACKET_LENGTH_TOO_LONG 198 |
| 1952 | #define SSL_R_PARSE_TLSEXT 223 | ||
| 1750 | #define SSL_R_PATH_TOO_LONG 270 | 1953 | #define SSL_R_PATH_TOO_LONG 270 |
| 1751 | #define SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE 199 | 1954 | #define SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE 199 |
| 1752 | #define SSL_R_PEER_ERROR 200 | 1955 | #define SSL_R_PEER_ERROR 200 |
| @@ -1761,6 +1964,7 @@ void ERR_load_SSL_strings(void); | |||
| 1761 | #define SSL_R_PUBLIC_KEY_IS_NOT_RSA 209 | 1964 | #define SSL_R_PUBLIC_KEY_IS_NOT_RSA 209 |
| 1762 | #define SSL_R_PUBLIC_KEY_NOT_RSA 210 | 1965 | #define SSL_R_PUBLIC_KEY_NOT_RSA 210 |
| 1763 | #define SSL_R_READ_BIO_NOT_SET 211 | 1966 | #define SSL_R_READ_BIO_NOT_SET 211 |
| 1967 | #define SSL_R_READ_TIMEOUT_EXPIRED 312 | ||
| 1764 | #define SSL_R_READ_WRONG_PACKET_TYPE 212 | 1968 | #define SSL_R_READ_WRONG_PACKET_TYPE 212 |
| 1765 | #define SSL_R_RECORD_LENGTH_MISMATCH 213 | 1969 | #define SSL_R_RECORD_LENGTH_MISMATCH 213 |
| 1766 | #define SSL_R_RECORD_TOO_LARGE 214 | 1970 | #define SSL_R_RECORD_TOO_LARGE 214 |
| @@ -1769,11 +1973,14 @@ void ERR_load_SSL_strings(void); | |||
| 1769 | #define SSL_R_REUSE_CERT_LENGTH_NOT_ZERO 216 | 1973 | #define SSL_R_REUSE_CERT_LENGTH_NOT_ZERO 216 |
| 1770 | #define SSL_R_REUSE_CERT_TYPE_NOT_ZERO 217 | 1974 | #define SSL_R_REUSE_CERT_TYPE_NOT_ZERO 217 |
| 1771 | #define SSL_R_REUSE_CIPHER_LIST_NOT_ZERO 218 | 1975 | #define SSL_R_REUSE_CIPHER_LIST_NOT_ZERO 218 |
| 1976 | #define SSL_R_SERVERHELLO_TLSEXT 224 | ||
| 1772 | #define SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED 277 | 1977 | #define SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED 277 |
| 1773 | #define SSL_R_SHORT_READ 219 | 1978 | #define SSL_R_SHORT_READ 219 |
| 1774 | #define SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE 220 | 1979 | #define SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE 220 |
| 1775 | #define SSL_R_SSL23_DOING_SESSION_ID_REUSE 221 | 1980 | #define SSL_R_SSL23_DOING_SESSION_ID_REUSE 221 |
| 1776 | #define SSL_R_SSL2_CONNECTION_ID_TOO_LONG 299 | 1981 | #define SSL_R_SSL2_CONNECTION_ID_TOO_LONG 299 |
| 1982 | #define SSL_R_SSL3_EXT_INVALID_SERVERNAME 225 | ||
| 1983 | #define SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE 226 | ||
| 1777 | #define SSL_R_SSL3_SESSION_ID_TOO_LONG 300 | 1984 | #define SSL_R_SSL3_SESSION_ID_TOO_LONG 300 |
| 1778 | #define SSL_R_SSL3_SESSION_ID_TOO_SHORT 222 | 1985 | #define SSL_R_SSL3_SESSION_ID_TOO_SHORT 222 |
| 1779 | #define SSL_R_SSLV3_ALERT_BAD_CERTIFICATE 1042 | 1986 | #define SSL_R_SSLV3_ALERT_BAD_CERTIFICATE 1042 |
| @@ -1808,12 +2015,15 @@ void ERR_load_SSL_strings(void); | |||
| 1808 | #define SSL_R_TLSV1_ALERT_UNKNOWN_CA 1048 | 2015 | #define SSL_R_TLSV1_ALERT_UNKNOWN_CA 1048 |
| 1809 | #define SSL_R_TLSV1_ALERT_USER_CANCELLED 1090 | 2016 | #define SSL_R_TLSV1_ALERT_USER_CANCELLED 1090 |
| 1810 | #define SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER 232 | 2017 | #define SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER 232 |
| 2018 | #define SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST 227 | ||
| 1811 | #define SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST 233 | 2019 | #define SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST 233 |
| 1812 | #define SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG 234 | 2020 | #define SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG 234 |
| 1813 | #define SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER 235 | 2021 | #define SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER 235 |
| 1814 | #define SSL_R_UNABLE_TO_DECODE_DH_CERTS 236 | 2022 | #define SSL_R_UNABLE_TO_DECODE_DH_CERTS 236 |
| 2023 | #define SSL_R_UNABLE_TO_DECODE_ECDH_CERTS 313 | ||
| 1815 | #define SSL_R_UNABLE_TO_EXTRACT_PUBLIC_KEY 237 | 2024 | #define SSL_R_UNABLE_TO_EXTRACT_PUBLIC_KEY 237 |
| 1816 | #define SSL_R_UNABLE_TO_FIND_DH_PARAMETERS 238 | 2025 | #define SSL_R_UNABLE_TO_FIND_DH_PARAMETERS 238 |
| 2026 | #define SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS 314 | ||
| 1817 | #define SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS 239 | 2027 | #define SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS 239 |
| 1818 | #define SSL_R_UNABLE_TO_FIND_SSL_METHOD 240 | 2028 | #define SSL_R_UNABLE_TO_FIND_SSL_METHOD 240 |
| 1819 | #define SSL_R_UNABLE_TO_LOAD_SSL2_MD5_ROUTINES 241 | 2029 | #define SSL_R_UNABLE_TO_LOAD_SSL2_MD5_ROUTINES 241 |
| @@ -1834,8 +2044,10 @@ void ERR_load_SSL_strings(void); | |||
| 1834 | #define SSL_R_UNKNOWN_STATE 255 | 2044 | #define SSL_R_UNKNOWN_STATE 255 |
| 1835 | #define SSL_R_UNSUPPORTED_CIPHER 256 | 2045 | #define SSL_R_UNSUPPORTED_CIPHER 256 |
| 1836 | #define SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM 257 | 2046 | #define SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM 257 |
| 2047 | #define SSL_R_UNSUPPORTED_ELLIPTIC_CURVE 315 | ||
| 1837 | #define SSL_R_UNSUPPORTED_PROTOCOL 258 | 2048 | #define SSL_R_UNSUPPORTED_PROTOCOL 258 |
| 1838 | #define SSL_R_UNSUPPORTED_SSL_VERSION 259 | 2049 | #define SSL_R_UNSUPPORTED_SSL_VERSION 259 |
| 2050 | #define SSL_R_UNSUPPORTED_STATUS_TYPE 329 | ||
| 1839 | #define SSL_R_WRITE_BIO_NOT_SET 260 | 2051 | #define SSL_R_WRITE_BIO_NOT_SET 260 |
| 1840 | #define SSL_R_WRONG_CIPHER_RETURNED 261 | 2052 | #define SSL_R_WRONG_CIPHER_RETURNED 261 |
| 1841 | #define SSL_R_WRONG_MESSAGE_TYPE 262 | 2053 | #define SSL_R_WRONG_MESSAGE_TYPE 262 |
diff --git a/src/lib/libssl/src/ssl/ssl3.h b/src/lib/libssl/src/ssl/ssl3.h index 1153aeda74..4b1e2e9834 100644 --- a/src/lib/libssl/src/ssl/ssl3.h +++ b/src/lib/libssl/src/ssl/ssl3.h | |||
| @@ -108,6 +108,11 @@ | |||
| 108 | * Hudson (tjh@cryptsoft.com). | 108 | * Hudson (tjh@cryptsoft.com). |
| 109 | * | 109 | * |
| 110 | */ | 110 | */ |
| 111 | /* ==================================================================== | ||
| 112 | * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. | ||
| 113 | * ECC cipher suite support in OpenSSL originally developed by | ||
| 114 | * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. | ||
| 115 | */ | ||
| 111 | 116 | ||
| 112 | #ifndef HEADER_SSL3_H | 117 | #ifndef HEADER_SSL3_H |
| 113 | #define HEADER_SSL3_H | 118 | #define HEADER_SSL3_H |
| @@ -118,6 +123,7 @@ | |||
| 118 | #include <openssl/buffer.h> | 123 | #include <openssl/buffer.h> |
| 119 | #include <openssl/evp.h> | 124 | #include <openssl/evp.h> |
| 120 | #include <openssl/ssl.h> | 125 | #include <openssl/ssl.h> |
| 126 | #include <openssl/pq_compat.h> | ||
| 121 | 127 | ||
| 122 | #ifdef __cplusplus | 128 | #ifdef __cplusplus |
| 123 | extern "C" { | 129 | extern "C" { |
| @@ -248,7 +254,11 @@ extern "C" { | |||
| 248 | #endif | 254 | #endif |
| 249 | 255 | ||
| 250 | #define SSL3_RT_MAX_PLAIN_LENGTH 16384 | 256 | #define SSL3_RT_MAX_PLAIN_LENGTH 16384 |
| 257 | #ifdef OPENSSL_NO_COMP | ||
| 258 | #define SSL3_RT_MAX_COMPRESSED_LENGTH SSL3_RT_MAX_PLAIN_LENGTH | ||
| 259 | #else | ||
| 251 | #define SSL3_RT_MAX_COMPRESSED_LENGTH (1024+SSL3_RT_MAX_PLAIN_LENGTH) | 260 | #define SSL3_RT_MAX_COMPRESSED_LENGTH (1024+SSL3_RT_MAX_PLAIN_LENGTH) |
| 261 | #endif | ||
| 252 | #define SSL3_RT_MAX_ENCRYPTED_LENGTH (1024+SSL3_RT_MAX_COMPRESSED_LENGTH) | 262 | #define SSL3_RT_MAX_ENCRYPTED_LENGTH (1024+SSL3_RT_MAX_COMPRESSED_LENGTH) |
| 253 | #define SSL3_RT_MAX_PACKET_SIZE (SSL3_RT_MAX_ENCRYPTED_LENGTH+SSL3_RT_HEADER_LENGTH) | 263 | #define SSL3_RT_MAX_PACKET_SIZE (SSL3_RT_MAX_ENCRYPTED_LENGTH+SSL3_RT_HEADER_LENGTH) |
| 254 | #define SSL3_RT_MAX_DATA_SIZE (1024*1024) | 264 | #define SSL3_RT_MAX_DATA_SIZE (1024*1024) |
| @@ -289,6 +299,8 @@ typedef struct ssl3_record_st | |||
| 289 | /*rw*/ unsigned char *data; /* pointer to the record data */ | 299 | /*rw*/ unsigned char *data; /* pointer to the record data */ |
| 290 | /*rw*/ unsigned char *input; /* where the decode bytes are */ | 300 | /*rw*/ unsigned char *input; /* where the decode bytes are */ |
| 291 | /*r */ unsigned char *comp; /* only used with decompression - malloc()ed */ | 301 | /*r */ unsigned char *comp; /* only used with decompression - malloc()ed */ |
| 302 | /*r */ unsigned long epoch; /* epoch number, needed by DTLS1 */ | ||
| 303 | /*r */ PQ_64BIT seq_num; /* sequence number, needed by DTLS1 */ | ||
| 292 | } SSL3_RECORD; | 304 | } SSL3_RECORD; |
| 293 | 305 | ||
| 294 | typedef struct ssl3_buffer_st | 306 | typedef struct ssl3_buffer_st |
| @@ -307,7 +319,12 @@ typedef struct ssl3_buffer_st | |||
| 307 | #define SSL3_CT_RSA_EPHEMERAL_DH 5 | 319 | #define SSL3_CT_RSA_EPHEMERAL_DH 5 |
| 308 | #define SSL3_CT_DSS_EPHEMERAL_DH 6 | 320 | #define SSL3_CT_DSS_EPHEMERAL_DH 6 |
| 309 | #define SSL3_CT_FORTEZZA_DMS 20 | 321 | #define SSL3_CT_FORTEZZA_DMS 20 |
| 310 | #define SSL3_CT_NUMBER 7 | 322 | /* SSL3_CT_NUMBER is used to size arrays and it must be large |
| 323 | * enough to contain all of the cert types defined either for | ||
| 324 | * SSLv3 and TLSv1. | ||
| 325 | */ | ||
| 326 | #define SSL3_CT_NUMBER 7 | ||
| 327 | |||
| 311 | 328 | ||
| 312 | #define SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS 0x0001 | 329 | #define SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS 0x0001 |
| 313 | #define SSL3_FLAGS_DELAY_CLIENT_FINISHED 0x0002 | 330 | #define SSL3_FLAGS_DELAY_CLIENT_FINISHED 0x0002 |
| @@ -392,6 +409,11 @@ typedef struct ssl3_state_st | |||
| 392 | #ifndef OPENSSL_NO_DH | 409 | #ifndef OPENSSL_NO_DH |
| 393 | DH *dh; | 410 | DH *dh; |
| 394 | #endif | 411 | #endif |
| 412 | |||
| 413 | #ifndef OPENSSL_NO_ECDH | ||
| 414 | EC_KEY *ecdh; /* holds short lived ECDH key */ | ||
| 415 | #endif | ||
| 416 | |||
| 395 | /* used when SSL_ST_FLUSH_DATA is entered */ | 417 | /* used when SSL_ST_FLUSH_DATA is entered */ |
| 396 | int next_state; | 418 | int next_state; |
| 397 | 419 | ||
| @@ -420,6 +442,7 @@ typedef struct ssl3_state_st | |||
| 420 | 442 | ||
| 421 | } SSL3_STATE; | 443 | } SSL3_STATE; |
| 422 | 444 | ||
| 445 | |||
| 423 | /* SSLv3 */ | 446 | /* SSLv3 */ |
| 424 | /*client */ | 447 | /*client */ |
| 425 | /* extra state */ | 448 | /* extra state */ |
| @@ -430,6 +453,8 @@ typedef struct ssl3_state_st | |||
| 430 | /* read from server */ | 453 | /* read from server */ |
| 431 | #define SSL3_ST_CR_SRVR_HELLO_A (0x120|SSL_ST_CONNECT) | 454 | #define SSL3_ST_CR_SRVR_HELLO_A (0x120|SSL_ST_CONNECT) |
| 432 | #define SSL3_ST_CR_SRVR_HELLO_B (0x121|SSL_ST_CONNECT) | 455 | #define SSL3_ST_CR_SRVR_HELLO_B (0x121|SSL_ST_CONNECT) |
| 456 | #define DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A (0x126|SSL_ST_CONNECT) | ||
| 457 | #define DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B (0x127|SSL_ST_CONNECT) | ||
| 433 | #define SSL3_ST_CR_CERT_A (0x130|SSL_ST_CONNECT) | 458 | #define SSL3_ST_CR_CERT_A (0x130|SSL_ST_CONNECT) |
| 434 | #define SSL3_ST_CR_CERT_B (0x131|SSL_ST_CONNECT) | 459 | #define SSL3_ST_CR_CERT_B (0x131|SSL_ST_CONNECT) |
| 435 | #define SSL3_ST_CR_KEY_EXCH_A (0x140|SSL_ST_CONNECT) | 460 | #define SSL3_ST_CR_KEY_EXCH_A (0x140|SSL_ST_CONNECT) |
| @@ -456,6 +481,10 @@ typedef struct ssl3_state_st | |||
| 456 | #define SSL3_ST_CR_CHANGE_B (0x1C1|SSL_ST_CONNECT) | 481 | #define SSL3_ST_CR_CHANGE_B (0x1C1|SSL_ST_CONNECT) |
| 457 | #define SSL3_ST_CR_FINISHED_A (0x1D0|SSL_ST_CONNECT) | 482 | #define SSL3_ST_CR_FINISHED_A (0x1D0|SSL_ST_CONNECT) |
| 458 | #define SSL3_ST_CR_FINISHED_B (0x1D1|SSL_ST_CONNECT) | 483 | #define SSL3_ST_CR_FINISHED_B (0x1D1|SSL_ST_CONNECT) |
| 484 | #define SSL3_ST_CR_SESSION_TICKET_A (0x1E0|SSL_ST_CONNECT) | ||
| 485 | #define SSL3_ST_CR_SESSION_TICKET_B (0x1E1|SSL_ST_CONNECT) | ||
| 486 | #define SSL3_ST_CR_CERT_STATUS_A (0x1F0|SSL_ST_CONNECT) | ||
| 487 | #define SSL3_ST_CR_CERT_STATUS_B (0x1F1|SSL_ST_CONNECT) | ||
| 459 | 488 | ||
| 460 | /* server */ | 489 | /* server */ |
| 461 | /* extra state */ | 490 | /* extra state */ |
| @@ -466,6 +495,8 @@ typedef struct ssl3_state_st | |||
| 466 | #define SSL3_ST_SR_CLNT_HELLO_B (0x111|SSL_ST_ACCEPT) | 495 | #define SSL3_ST_SR_CLNT_HELLO_B (0x111|SSL_ST_ACCEPT) |
| 467 | #define SSL3_ST_SR_CLNT_HELLO_C (0x112|SSL_ST_ACCEPT) | 496 | #define SSL3_ST_SR_CLNT_HELLO_C (0x112|SSL_ST_ACCEPT) |
| 468 | /* write to client */ | 497 | /* write to client */ |
| 498 | #define DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A (0x113|SSL_ST_ACCEPT) | ||
| 499 | #define DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B (0x114|SSL_ST_ACCEPT) | ||
| 469 | #define SSL3_ST_SW_HELLO_REQ_A (0x120|SSL_ST_ACCEPT) | 500 | #define SSL3_ST_SW_HELLO_REQ_A (0x120|SSL_ST_ACCEPT) |
| 470 | #define SSL3_ST_SW_HELLO_REQ_B (0x121|SSL_ST_ACCEPT) | 501 | #define SSL3_ST_SW_HELLO_REQ_B (0x121|SSL_ST_ACCEPT) |
| 471 | #define SSL3_ST_SW_HELLO_REQ_C (0x122|SSL_ST_ACCEPT) | 502 | #define SSL3_ST_SW_HELLO_REQ_C (0x122|SSL_ST_ACCEPT) |
| @@ -495,10 +526,15 @@ typedef struct ssl3_state_st | |||
| 495 | #define SSL3_ST_SW_CHANGE_B (0x1D1|SSL_ST_ACCEPT) | 526 | #define SSL3_ST_SW_CHANGE_B (0x1D1|SSL_ST_ACCEPT) |
| 496 | #define SSL3_ST_SW_FINISHED_A (0x1E0|SSL_ST_ACCEPT) | 527 | #define SSL3_ST_SW_FINISHED_A (0x1E0|SSL_ST_ACCEPT) |
| 497 | #define SSL3_ST_SW_FINISHED_B (0x1E1|SSL_ST_ACCEPT) | 528 | #define SSL3_ST_SW_FINISHED_B (0x1E1|SSL_ST_ACCEPT) |
| 529 | #define SSL3_ST_SW_SESSION_TICKET_A (0x1F0|SSL_ST_ACCEPT) | ||
| 530 | #define SSL3_ST_SW_SESSION_TICKET_B (0x1F1|SSL_ST_ACCEPT) | ||
| 531 | #define SSL3_ST_SW_CERT_STATUS_A (0x200|SSL_ST_ACCEPT) | ||
| 532 | #define SSL3_ST_SW_CERT_STATUS_B (0x201|SSL_ST_ACCEPT) | ||
| 498 | 533 | ||
| 499 | #define SSL3_MT_HELLO_REQUEST 0 | 534 | #define SSL3_MT_HELLO_REQUEST 0 |
| 500 | #define SSL3_MT_CLIENT_HELLO 1 | 535 | #define SSL3_MT_CLIENT_HELLO 1 |
| 501 | #define SSL3_MT_SERVER_HELLO 2 | 536 | #define SSL3_MT_SERVER_HELLO 2 |
| 537 | #define SSL3_MT_NEWSESSION_TICKET 4 | ||
| 502 | #define SSL3_MT_CERTIFICATE 11 | 538 | #define SSL3_MT_CERTIFICATE 11 |
| 503 | #define SSL3_MT_SERVER_KEY_EXCHANGE 12 | 539 | #define SSL3_MT_SERVER_KEY_EXCHANGE 12 |
| 504 | #define SSL3_MT_CERTIFICATE_REQUEST 13 | 540 | #define SSL3_MT_CERTIFICATE_REQUEST 13 |
| @@ -506,6 +542,9 @@ typedef struct ssl3_state_st | |||
| 506 | #define SSL3_MT_CERTIFICATE_VERIFY 15 | 542 | #define SSL3_MT_CERTIFICATE_VERIFY 15 |
| 507 | #define SSL3_MT_CLIENT_KEY_EXCHANGE 16 | 543 | #define SSL3_MT_CLIENT_KEY_EXCHANGE 16 |
| 508 | #define SSL3_MT_FINISHED 20 | 544 | #define SSL3_MT_FINISHED 20 |
| 545 | #define SSL3_MT_CERTIFICATE_STATUS 22 | ||
| 546 | #define DTLS1_MT_HELLO_VERIFY_REQUEST 3 | ||
| 547 | |||
| 509 | 548 | ||
| 510 | #define SSL3_MT_CCS 1 | 549 | #define SSL3_MT_CCS 1 |
| 511 | 550 | ||
diff --git a/src/lib/libssl/src/ssl/ssl_algs.c b/src/lib/libssl/src/ssl/ssl_algs.c index 3d1299ee7b..4717c0e6e1 100644 --- a/src/lib/libssl/src/ssl/ssl_algs.c +++ b/src/lib/libssl/src/ssl/ssl_algs.c | |||
| @@ -82,6 +82,16 @@ int SSL_library_init(void) | |||
| 82 | EVP_add_cipher(EVP_aes_192_cbc()); | 82 | EVP_add_cipher(EVP_aes_192_cbc()); |
| 83 | EVP_add_cipher(EVP_aes_256_cbc()); | 83 | EVP_add_cipher(EVP_aes_256_cbc()); |
| 84 | #endif | 84 | #endif |
| 85 | |||
| 86 | #ifndef OPENSSL_NO_CAMELLIA | ||
| 87 | EVP_add_cipher(EVP_camellia_128_cbc()); | ||
| 88 | EVP_add_cipher(EVP_camellia_256_cbc()); | ||
| 89 | #endif | ||
| 90 | |||
| 91 | #ifndef OPENSSL_NO_SEED | ||
| 92 | EVP_add_cipher(EVP_seed_cbc()); | ||
| 93 | #endif | ||
| 94 | |||
| 85 | #ifndef OPENSSL_NO_MD2 | 95 | #ifndef OPENSSL_NO_MD2 |
| 86 | EVP_add_digest(EVP_md2()); | 96 | EVP_add_digest(EVP_md2()); |
| 87 | #endif | 97 | #endif |
| @@ -101,11 +111,22 @@ int SSL_library_init(void) | |||
| 101 | EVP_add_digest_alias(SN_dsaWithSHA1,"DSS1"); | 111 | EVP_add_digest_alias(SN_dsaWithSHA1,"DSS1"); |
| 102 | EVP_add_digest_alias(SN_dsaWithSHA1,"dss1"); | 112 | EVP_add_digest_alias(SN_dsaWithSHA1,"dss1"); |
| 103 | #endif | 113 | #endif |
| 114 | #ifndef OPENSSL_NO_ECDSA | ||
| 115 | EVP_add_digest(EVP_ecdsa()); | ||
| 116 | #endif | ||
| 104 | /* If you want support for phased out ciphers, add the following */ | 117 | /* If you want support for phased out ciphers, add the following */ |
| 105 | #if 0 | 118 | #if 0 |
| 106 | EVP_add_digest(EVP_sha()); | 119 | EVP_add_digest(EVP_sha()); |
| 107 | EVP_add_digest(EVP_dss()); | 120 | EVP_add_digest(EVP_dss()); |
| 108 | #endif | 121 | #endif |
| 122 | #ifndef OPENSSL_NO_COMP | ||
| 123 | /* This will initialise the built-in compression algorithms. | ||
| 124 | The value returned is a STACK_OF(SSL_COMP), but that can | ||
| 125 | be discarded safely */ | ||
| 126 | (void)SSL_COMP_get_compression_methods(); | ||
| 127 | #endif | ||
| 128 | /* initialize cipher/digest methods table */ | ||
| 129 | ssl_load_ciphers(); | ||
| 109 | return(1); | 130 | return(1); |
| 110 | } | 131 | } |
| 111 | 132 | ||
diff --git a/src/lib/libssl/src/ssl/ssl_asn1.c b/src/lib/libssl/src/ssl/ssl_asn1.c index fc5fcce108..6e14f4d834 100644 --- a/src/lib/libssl/src/ssl/ssl_asn1.c +++ b/src/lib/libssl/src/ssl/ssl_asn1.c | |||
| @@ -78,6 +78,11 @@ typedef struct ssl_session_asn1_st | |||
| 78 | ASN1_INTEGER time; | 78 | ASN1_INTEGER time; |
| 79 | ASN1_INTEGER timeout; | 79 | ASN1_INTEGER timeout; |
| 80 | ASN1_INTEGER verify_result; | 80 | ASN1_INTEGER verify_result; |
| 81 | #ifndef OPENSSL_NO_TLSEXT | ||
| 82 | ASN1_OCTET_STRING tlsext_hostname; | ||
| 83 | ASN1_INTEGER tlsext_tick_lifetime; | ||
| 84 | ASN1_OCTET_STRING tlsext_tick; | ||
| 85 | #endif /* OPENSSL_NO_TLSEXT */ | ||
| 81 | } SSL_SESSION_ASN1; | 86 | } SSL_SESSION_ASN1; |
| 82 | 87 | ||
| 83 | int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp) | 88 | int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp) |
| @@ -86,6 +91,10 @@ int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp) | |||
| 86 | int v1=0,v2=0,v3=0,v4=0,v5=0; | 91 | int v1=0,v2=0,v3=0,v4=0,v5=0; |
| 87 | unsigned char buf[4],ibuf1[LSIZE2],ibuf2[LSIZE2]; | 92 | unsigned char buf[4],ibuf1[LSIZE2],ibuf2[LSIZE2]; |
| 88 | unsigned char ibuf3[LSIZE2],ibuf4[LSIZE2],ibuf5[LSIZE2]; | 93 | unsigned char ibuf3[LSIZE2],ibuf4[LSIZE2],ibuf5[LSIZE2]; |
| 94 | #ifndef OPENSSL_NO_TLSEXT | ||
| 95 | int v6=0,v9=0,v10=0; | ||
| 96 | unsigned char ibuf6[LSIZE2]; | ||
| 97 | #endif | ||
| 89 | long l; | 98 | long l; |
| 90 | SSL_SESSION_ASN1 a; | 99 | SSL_SESSION_ASN1 a; |
| 91 | M_ASN1_I2D_vars(in); | 100 | M_ASN1_I2D_vars(in); |
| @@ -178,7 +187,33 @@ int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp) | |||
| 178 | ASN1_INTEGER_set(&a.verify_result,in->verify_result); | 187 | ASN1_INTEGER_set(&a.verify_result,in->verify_result); |
| 179 | } | 188 | } |
| 180 | 189 | ||
| 181 | 190 | #ifndef OPENSSL_NO_TLSEXT | |
| 191 | if (in->tlsext_hostname) | ||
| 192 | { | ||
| 193 | a.tlsext_hostname.length=strlen(in->tlsext_hostname); | ||
| 194 | a.tlsext_hostname.type=V_ASN1_OCTET_STRING; | ||
| 195 | a.tlsext_hostname.data=(unsigned char *)in->tlsext_hostname; | ||
| 196 | } | ||
| 197 | if (in->tlsext_tick) | ||
| 198 | { | ||
| 199 | a.tlsext_tick.length= in->tlsext_ticklen; | ||
| 200 | a.tlsext_tick.type=V_ASN1_OCTET_STRING; | ||
| 201 | a.tlsext_tick.data=(unsigned char *)in->tlsext_tick; | ||
| 202 | /* If we have a ticket set session ID to empty because | ||
| 203 | * it will be bogus. If liftime hint is -1 treat as a special | ||
| 204 | * case because the session is being used as a container | ||
| 205 | */ | ||
| 206 | if (in->tlsext_ticklen && (in->tlsext_tick_lifetime_hint != -1)) | ||
| 207 | a.session_id.length=0; | ||
| 208 | } | ||
| 209 | if (in->tlsext_tick_lifetime_hint > 0) | ||
| 210 | { | ||
| 211 | a.tlsext_tick_lifetime.length=LSIZE2; | ||
| 212 | a.tlsext_tick_lifetime.type=V_ASN1_INTEGER; | ||
| 213 | a.tlsext_tick_lifetime.data=ibuf6; | ||
| 214 | ASN1_INTEGER_set(&a.tlsext_tick_lifetime,in->tlsext_tick_lifetime_hint); | ||
| 215 | } | ||
| 216 | #endif /* OPENSSL_NO_TLSEXT */ | ||
| 182 | M_ASN1_I2D_len(&(a.version), i2d_ASN1_INTEGER); | 217 | M_ASN1_I2D_len(&(a.version), i2d_ASN1_INTEGER); |
| 183 | M_ASN1_I2D_len(&(a.ssl_version), i2d_ASN1_INTEGER); | 218 | M_ASN1_I2D_len(&(a.ssl_version), i2d_ASN1_INTEGER); |
| 184 | M_ASN1_I2D_len(&(a.cipher), i2d_ASN1_OCTET_STRING); | 219 | M_ASN1_I2D_len(&(a.cipher), i2d_ASN1_OCTET_STRING); |
| @@ -200,6 +235,14 @@ int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp) | |||
| 200 | if (in->verify_result != X509_V_OK) | 235 | if (in->verify_result != X509_V_OK) |
| 201 | M_ASN1_I2D_len_EXP_opt(&(a.verify_result),i2d_ASN1_INTEGER,5,v5); | 236 | M_ASN1_I2D_len_EXP_opt(&(a.verify_result),i2d_ASN1_INTEGER,5,v5); |
| 202 | 237 | ||
| 238 | #ifndef OPENSSL_NO_TLSEXT | ||
| 239 | if (in->tlsext_tick_lifetime_hint > 0) | ||
| 240 | M_ASN1_I2D_len_EXP_opt(&a.tlsext_tick_lifetime, i2d_ASN1_INTEGER,9,v9); | ||
| 241 | if (in->tlsext_tick) | ||
| 242 | M_ASN1_I2D_len_EXP_opt(&(a.tlsext_tick), i2d_ASN1_OCTET_STRING,10,v10); | ||
| 243 | if (in->tlsext_hostname) | ||
| 244 | M_ASN1_I2D_len_EXP_opt(&(a.tlsext_hostname), i2d_ASN1_OCTET_STRING,6,v6); | ||
| 245 | #endif /* OPENSSL_NO_TLSEXT */ | ||
| 203 | M_ASN1_I2D_seq_total(); | 246 | M_ASN1_I2D_seq_total(); |
| 204 | 247 | ||
| 205 | M_ASN1_I2D_put(&(a.version), i2d_ASN1_INTEGER); | 248 | M_ASN1_I2D_put(&(a.version), i2d_ASN1_INTEGER); |
| @@ -223,10 +266,18 @@ int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp) | |||
| 223 | v4); | 266 | v4); |
| 224 | if (in->verify_result != X509_V_OK) | 267 | if (in->verify_result != X509_V_OK) |
| 225 | M_ASN1_I2D_put_EXP_opt(&a.verify_result,i2d_ASN1_INTEGER,5,v5); | 268 | M_ASN1_I2D_put_EXP_opt(&a.verify_result,i2d_ASN1_INTEGER,5,v5); |
| 269 | #ifndef OPENSSL_NO_TLSEXT | ||
| 270 | if (in->tlsext_hostname) | ||
| 271 | M_ASN1_I2D_put_EXP_opt(&(a.tlsext_hostname), i2d_ASN1_OCTET_STRING,6,v6); | ||
| 272 | if (in->tlsext_tick_lifetime_hint > 0) | ||
| 273 | M_ASN1_I2D_put_EXP_opt(&a.tlsext_tick_lifetime, i2d_ASN1_INTEGER,9,v9); | ||
| 274 | if (in->tlsext_tick) | ||
| 275 | M_ASN1_I2D_put_EXP_opt(&(a.tlsext_tick), i2d_ASN1_OCTET_STRING,10,v10); | ||
| 276 | #endif /* OPENSSL_NO_TLSEXT */ | ||
| 226 | M_ASN1_I2D_finish(); | 277 | M_ASN1_I2D_finish(); |
| 227 | } | 278 | } |
| 228 | 279 | ||
| 229 | SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char * const *pp, | 280 | SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, |
| 230 | long length) | 281 | long length) |
| 231 | { | 282 | { |
| 232 | int version,ssl_version=0,i; | 283 | int version,ssl_version=0,i; |
| @@ -242,18 +293,18 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char * const *pp, | |||
| 242 | M_ASN1_D2I_start_sequence(); | 293 | M_ASN1_D2I_start_sequence(); |
| 243 | 294 | ||
| 244 | ai.data=NULL; ai.length=0; | 295 | ai.data=NULL; ai.length=0; |
| 245 | M_ASN1_D2I_get(aip,d2i_ASN1_INTEGER); | 296 | M_ASN1_D2I_get_x(ASN1_INTEGER,aip,d2i_ASN1_INTEGER); |
| 246 | version=(int)ASN1_INTEGER_get(aip); | 297 | version=(int)ASN1_INTEGER_get(aip); |
| 247 | if (ai.data != NULL) { OPENSSL_free(ai.data); ai.data=NULL; ai.length=0; } | 298 | if (ai.data != NULL) { OPENSSL_free(ai.data); ai.data=NULL; ai.length=0; } |
| 248 | 299 | ||
| 249 | /* we don't care about the version right now :-) */ | 300 | /* we don't care about the version right now :-) */ |
| 250 | M_ASN1_D2I_get(aip,d2i_ASN1_INTEGER); | 301 | M_ASN1_D2I_get_x(ASN1_INTEGER,aip,d2i_ASN1_INTEGER); |
| 251 | ssl_version=(int)ASN1_INTEGER_get(aip); | 302 | ssl_version=(int)ASN1_INTEGER_get(aip); |
| 252 | ret->ssl_version=ssl_version; | 303 | ret->ssl_version=ssl_version; |
| 253 | if (ai.data != NULL) { OPENSSL_free(ai.data); ai.data=NULL; ai.length=0; } | 304 | if (ai.data != NULL) { OPENSSL_free(ai.data); ai.data=NULL; ai.length=0; } |
| 254 | 305 | ||
| 255 | os.data=NULL; os.length=0; | 306 | os.data=NULL; os.length=0; |
| 256 | M_ASN1_D2I_get(osp,d2i_ASN1_OCTET_STRING); | 307 | M_ASN1_D2I_get_x(ASN1_OCTET_STRING,osp,d2i_ASN1_OCTET_STRING); |
| 257 | if (ssl_version == SSL2_VERSION) | 308 | if (ssl_version == SSL2_VERSION) |
| 258 | { | 309 | { |
| 259 | if (os.length != 3) | 310 | if (os.length != 3) |
| @@ -286,22 +337,22 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char * const *pp, | |||
| 286 | ret->cipher=NULL; | 337 | ret->cipher=NULL; |
| 287 | ret->cipher_id=id; | 338 | ret->cipher_id=id; |
| 288 | 339 | ||
| 289 | M_ASN1_D2I_get(osp,d2i_ASN1_OCTET_STRING); | 340 | M_ASN1_D2I_get_x(ASN1_OCTET_STRING,osp,d2i_ASN1_OCTET_STRING); |
| 290 | if ((ssl_version>>8) == SSL3_VERSION_MAJOR) | 341 | if ((ssl_version>>8) == SSL3_VERSION_MAJOR) |
| 291 | i=SSL3_MAX_SSL_SESSION_ID_LENGTH; | 342 | i=SSL3_MAX_SSL_SESSION_ID_LENGTH; |
| 292 | else /* if (ssl_version == SSL2_VERSION_MAJOR) */ | 343 | else /* if (ssl_version>>8 == SSL2_VERSION_MAJOR) */ |
| 293 | i=SSL2_MAX_SSL_SESSION_ID_LENGTH; | 344 | i=SSL2_MAX_SSL_SESSION_ID_LENGTH; |
| 294 | 345 | ||
| 295 | if (os.length > i) | 346 | if (os.length > i) |
| 296 | os.length = i; | 347 | os.length = i; |
| 297 | if (os.length > sizeof ret->session_id) /* can't happen */ | 348 | if (os.length > (int)sizeof(ret->session_id)) /* can't happen */ |
| 298 | os.length = sizeof ret->session_id; | 349 | os.length = sizeof(ret->session_id); |
| 299 | 350 | ||
| 300 | ret->session_id_length=os.length; | 351 | ret->session_id_length=os.length; |
| 301 | OPENSSL_assert(os.length <= sizeof ret->session_id); | 352 | OPENSSL_assert(os.length <= (int)sizeof(ret->session_id)); |
| 302 | memcpy(ret->session_id,os.data,os.length); | 353 | memcpy(ret->session_id,os.data,os.length); |
| 303 | 354 | ||
| 304 | M_ASN1_D2I_get(osp,d2i_ASN1_OCTET_STRING); | 355 | M_ASN1_D2I_get_x(ASN1_OCTET_STRING,osp,d2i_ASN1_OCTET_STRING); |
| 305 | if (ret->master_key_length > SSL_MAX_MASTER_KEY_LENGTH) | 356 | if (ret->master_key_length > SSL_MAX_MASTER_KEY_LENGTH) |
| 306 | ret->master_key_length=SSL_MAX_MASTER_KEY_LENGTH; | 357 | ret->master_key_length=SSL_MAX_MASTER_KEY_LENGTH; |
| 307 | else | 358 | else |
| @@ -394,5 +445,56 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char * const *pp, | |||
| 394 | else | 445 | else |
| 395 | ret->verify_result=X509_V_OK; | 446 | ret->verify_result=X509_V_OK; |
| 396 | 447 | ||
| 448 | #ifndef OPENSSL_NO_TLSEXT | ||
| 449 | os.length=0; | ||
| 450 | os.data=NULL; | ||
| 451 | M_ASN1_D2I_get_EXP_opt(osp,d2i_ASN1_OCTET_STRING,6); | ||
| 452 | if (os.data) | ||
| 453 | { | ||
| 454 | ret->tlsext_hostname = BUF_strndup((char *)os.data, os.length); | ||
| 455 | OPENSSL_free(os.data); | ||
| 456 | os.data = NULL; | ||
| 457 | os.length = 0; | ||
| 458 | } | ||
| 459 | else | ||
| 460 | ret->tlsext_hostname=NULL; | ||
| 461 | ai.length=0; | ||
| 462 | M_ASN1_D2I_get_EXP_opt(aip,d2i_ASN1_INTEGER,9); | ||
| 463 | if (ai.data != NULL) | ||
| 464 | { | ||
| 465 | ret->tlsext_tick_lifetime_hint=ASN1_INTEGER_get(aip); | ||
| 466 | OPENSSL_free(ai.data); ai.data=NULL; ai.length=0; | ||
| 467 | } | ||
| 468 | else if (ret->tlsext_ticklen && ret->session_id_length) | ||
| 469 | ret->tlsext_tick_lifetime_hint = -1; | ||
| 470 | else | ||
| 471 | ret->tlsext_tick_lifetime_hint = 0; | ||
| 472 | os.length=0; | ||
| 473 | os.data=NULL; | ||
| 474 | M_ASN1_D2I_get_EXP_opt(osp,d2i_ASN1_OCTET_STRING,10); | ||
| 475 | if (os.data) | ||
| 476 | { | ||
| 477 | ret->tlsext_tick = os.data; | ||
| 478 | ret->tlsext_ticklen = os.length; | ||
| 479 | os.data = NULL; | ||
| 480 | os.length = 0; | ||
| 481 | #if 0 | ||
| 482 | /* There are two ways to detect a resumed ticket sesion. | ||
| 483 | * One is to set a random session ID and then the server | ||
| 484 | * must return a match in ServerHello. This allows the normal | ||
| 485 | * client session ID matching to work. | ||
| 486 | */ | ||
| 487 | if (ret->session_id_length == 0) | ||
| 488 | { | ||
| 489 | ret->session_id_length=SSL3_MAX_SSL_SESSION_ID_LENGTH; | ||
| 490 | RAND_pseudo_bytes(ret->session_id, | ||
| 491 | ret->session_id_length); | ||
| 492 | } | ||
| 493 | #endif | ||
| 494 | } | ||
| 495 | else | ||
| 496 | ret->tlsext_tick=NULL; | ||
| 497 | #endif /* OPENSSL_NO_TLSEXT */ | ||
| 498 | |||
| 397 | M_ASN1_D2I_Finish(a,SSL_SESSION_free,SSL_F_D2I_SSL_SESSION); | 499 | M_ASN1_D2I_Finish(a,SSL_SESSION_free,SSL_F_D2I_SSL_SESSION); |
| 398 | } | 500 | } |
diff --git a/src/lib/libssl/src/ssl/ssl_cert.c b/src/lib/libssl/src/ssl/ssl_cert.c index b779e6bb4d..a32b2d4446 100644 --- a/src/lib/libssl/src/ssl/ssl_cert.c +++ b/src/lib/libssl/src/ssl/ssl_cert.c | |||
| @@ -56,7 +56,7 @@ | |||
| 56 | * [including the GNU Public Licence.] | 56 | * [including the GNU Public Licence.] |
| 57 | */ | 57 | */ |
| 58 | /* ==================================================================== | 58 | /* ==================================================================== |
| 59 | * Copyright (c) 1999 The OpenSSL Project. All rights reserved. | 59 | * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. |
| 60 | * | 60 | * |
| 61 | * Redistribution and use in source and binary forms, with or without | 61 | * Redistribution and use in source and binary forms, with or without |
| 62 | * modification, are permitted provided that the following conditions | 62 | * modification, are permitted provided that the following conditions |
| @@ -73,12 +73,12 @@ | |||
| 73 | * 3. All advertising materials mentioning features or use of this | 73 | * 3. All advertising materials mentioning features or use of this |
| 74 | * software must display the following acknowledgment: | 74 | * software must display the following acknowledgment: |
| 75 | * "This product includes software developed by the OpenSSL Project | 75 | * "This product includes software developed by the OpenSSL Project |
| 76 | * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" | 76 | * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" |
| 77 | * | 77 | * |
| 78 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | 78 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to |
| 79 | * endorse or promote products derived from this software without | 79 | * endorse or promote products derived from this software without |
| 80 | * prior written permission. For written permission, please contact | 80 | * prior written permission. For written permission, please contact |
| 81 | * openssl-core@OpenSSL.org. | 81 | * openssl-core@openssl.org. |
| 82 | * | 82 | * |
| 83 | * 5. Products derived from this software may not be called "OpenSSL" | 83 | * 5. Products derived from this software may not be called "OpenSSL" |
| 84 | * nor may "OpenSSL" appear in their names without prior written | 84 | * nor may "OpenSSL" appear in their names without prior written |
| @@ -87,7 +87,7 @@ | |||
| 87 | * 6. Redistributions of any form whatsoever must retain the following | 87 | * 6. Redistributions of any form whatsoever must retain the following |
| 88 | * acknowledgment: | 88 | * acknowledgment: |
| 89 | * "This product includes software developed by the OpenSSL Project | 89 | * "This product includes software developed by the OpenSSL Project |
| 90 | * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" | 90 | * for use in the OpenSSL Toolkit (http://www.openssl.org/)" |
| 91 | * | 91 | * |
| 92 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | 92 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY |
| 93 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | 93 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
| @@ -102,6 +102,16 @@ | |||
| 102 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | 102 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED |
| 103 | * OF THE POSSIBILITY OF SUCH DAMAGE. | 103 | * OF THE POSSIBILITY OF SUCH DAMAGE. |
| 104 | * ==================================================================== | 104 | * ==================================================================== |
| 105 | * | ||
| 106 | * This product includes cryptographic software written by Eric Young | ||
| 107 | * (eay@cryptsoft.com). This product includes software written by Tim | ||
| 108 | * Hudson (tjh@cryptsoft.com). | ||
| 109 | * | ||
| 110 | */ | ||
| 111 | /* ==================================================================== | ||
| 112 | * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. | ||
| 113 | * ECC cipher suite support in OpenSSL originally developed by | ||
| 114 | * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. | ||
| 105 | */ | 115 | */ |
| 106 | 116 | ||
| 107 | #include <stdio.h> | 117 | #include <stdio.h> |
| @@ -111,45 +121,42 @@ | |||
| 111 | # include <sys/types.h> | 121 | # include <sys/types.h> |
| 112 | #endif | 122 | #endif |
| 113 | 123 | ||
| 114 | #if !defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_SYS_VMS) && !defined(NeXT) && !defined(MAC_OS_pre_X) | 124 | #include "o_dir.h" |
| 115 | #include <dirent.h> | ||
| 116 | #endif | ||
| 117 | |||
| 118 | #if defined(WIN32) | ||
| 119 | #include <windows.h> | ||
| 120 | #include <tchar.h> | ||
| 121 | #endif | ||
| 122 | |||
| 123 | #ifdef NeXT | ||
| 124 | #include <sys/dir.h> | ||
| 125 | #define dirent direct | ||
| 126 | #endif | ||
| 127 | |||
| 128 | #include <openssl/objects.h> | 125 | #include <openssl/objects.h> |
| 129 | #include <openssl/bio.h> | 126 | #include <openssl/bio.h> |
| 130 | #include <openssl/pem.h> | 127 | #include <openssl/pem.h> |
| 131 | #include <openssl/x509v3.h> | 128 | #include <openssl/x509v3.h> |
| 129 | #ifndef OPENSSL_NO_DH | ||
| 130 | #include <openssl/dh.h> | ||
| 131 | #endif | ||
| 132 | #include <openssl/bn.h> | ||
| 132 | #include "ssl_locl.h" | 133 | #include "ssl_locl.h" |
| 133 | #include <openssl/fips.h> | ||
| 134 | 134 | ||
| 135 | int SSL_get_ex_data_X509_STORE_CTX_idx(void) | 135 | int SSL_get_ex_data_X509_STORE_CTX_idx(void) |
| 136 | { | 136 | { |
| 137 | static volatile int ssl_x509_store_ctx_idx= -1; | 137 | static volatile int ssl_x509_store_ctx_idx= -1; |
| 138 | int got_write_lock = 0; | ||
| 139 | |||
| 140 | CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX); | ||
| 138 | 141 | ||
| 139 | if (ssl_x509_store_ctx_idx < 0) | 142 | if (ssl_x509_store_ctx_idx < 0) |
| 140 | { | 143 | { |
| 141 | /* any write lock will do; usually this branch | 144 | CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX); |
| 142 | * will only be taken once anyway */ | ||
| 143 | CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX); | 145 | CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX); |
| 146 | got_write_lock = 1; | ||
| 144 | 147 | ||
| 145 | if (ssl_x509_store_ctx_idx < 0) | 148 | if (ssl_x509_store_ctx_idx < 0) |
| 146 | { | 149 | { |
| 147 | ssl_x509_store_ctx_idx=X509_STORE_CTX_get_ex_new_index( | 150 | ssl_x509_store_ctx_idx=X509_STORE_CTX_get_ex_new_index( |
| 148 | 0,"SSL for verify callback",NULL,NULL,NULL); | 151 | 0,"SSL for verify callback",NULL,NULL,NULL); |
| 149 | } | 152 | } |
| 150 | |||
| 151 | CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX); | ||
| 152 | } | 153 | } |
| 154 | |||
| 155 | if (got_write_lock) | ||
| 156 | CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX); | ||
| 157 | else | ||
| 158 | CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX); | ||
| 159 | |||
| 153 | return ssl_x509_store_ctx_idx; | 160 | return ssl_x509_store_ctx_idx; |
| 154 | } | 161 | } |
| 155 | 162 | ||
| @@ -205,7 +212,6 @@ CERT *ssl_cert_dup(CERT *cert) | |||
| 205 | #ifndef OPENSSL_NO_DH | 212 | #ifndef OPENSSL_NO_DH |
| 206 | if (cert->dh_tmp != NULL) | 213 | if (cert->dh_tmp != NULL) |
| 207 | { | 214 | { |
| 208 | /* DH parameters don't have a reference count */ | ||
| 209 | ret->dh_tmp = DHparams_dup(cert->dh_tmp); | 215 | ret->dh_tmp = DHparams_dup(cert->dh_tmp); |
| 210 | if (ret->dh_tmp == NULL) | 216 | if (ret->dh_tmp == NULL) |
| 211 | { | 217 | { |
| @@ -236,6 +242,19 @@ CERT *ssl_cert_dup(CERT *cert) | |||
| 236 | ret->dh_tmp_cb = cert->dh_tmp_cb; | 242 | ret->dh_tmp_cb = cert->dh_tmp_cb; |
| 237 | #endif | 243 | #endif |
| 238 | 244 | ||
| 245 | #ifndef OPENSSL_NO_ECDH | ||
| 246 | if (cert->ecdh_tmp) | ||
| 247 | { | ||
| 248 | ret->ecdh_tmp = EC_KEY_dup(cert->ecdh_tmp); | ||
| 249 | if (ret->ecdh_tmp == NULL) | ||
| 250 | { | ||
| 251 | SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_EC_LIB); | ||
| 252 | goto err; | ||
| 253 | } | ||
| 254 | } | ||
| 255 | ret->ecdh_tmp_cb = cert->ecdh_tmp_cb; | ||
| 256 | #endif | ||
| 257 | |||
| 239 | for (i = 0; i < SSL_PKEY_NUM; i++) | 258 | for (i = 0; i < SSL_PKEY_NUM; i++) |
| 240 | { | 259 | { |
| 241 | if (cert->pkeys[i].x509 != NULL) | 260 | if (cert->pkeys[i].x509 != NULL) |
| @@ -270,7 +289,11 @@ CERT *ssl_cert_dup(CERT *cert) | |||
| 270 | case SSL_PKEY_DH_DSA: | 289 | case SSL_PKEY_DH_DSA: |
| 271 | /* We have a DH key. */ | 290 | /* We have a DH key. */ |
| 272 | break; | 291 | break; |
| 273 | 292 | ||
| 293 | case SSL_PKEY_ECC: | ||
| 294 | /* We have an ECC key */ | ||
| 295 | break; | ||
| 296 | |||
| 274 | default: | 297 | default: |
| 275 | /* Can't happen. */ | 298 | /* Can't happen. */ |
| 276 | SSLerr(SSL_F_SSL_CERT_DUP, SSL_R_LIBRARY_BUG); | 299 | SSLerr(SSL_F_SSL_CERT_DUP, SSL_R_LIBRARY_BUG); |
| @@ -285,7 +308,7 @@ CERT *ssl_cert_dup(CERT *cert) | |||
| 285 | 308 | ||
| 286 | return(ret); | 309 | return(ret); |
| 287 | 310 | ||
| 288 | #ifndef OPENSSL_NO_DH /* avoid 'unreferenced label' warning if OPENSSL_NO_DH is defined */ | 311 | #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_ECDH) |
| 289 | err: | 312 | err: |
| 290 | #endif | 313 | #endif |
| 291 | #ifndef OPENSSL_NO_RSA | 314 | #ifndef OPENSSL_NO_RSA |
| @@ -296,6 +319,10 @@ err: | |||
| 296 | if (ret->dh_tmp != NULL) | 319 | if (ret->dh_tmp != NULL) |
| 297 | DH_free(ret->dh_tmp); | 320 | DH_free(ret->dh_tmp); |
| 298 | #endif | 321 | #endif |
| 322 | #ifndef OPENSSL_NO_ECDH | ||
| 323 | if (ret->ecdh_tmp != NULL) | ||
| 324 | EC_KEY_free(ret->ecdh_tmp); | ||
| 325 | #endif | ||
| 299 | 326 | ||
| 300 | for (i = 0; i < SSL_PKEY_NUM; i++) | 327 | for (i = 0; i < SSL_PKEY_NUM; i++) |
| 301 | { | 328 | { |
| @@ -335,6 +362,9 @@ void ssl_cert_free(CERT *c) | |||
| 335 | #ifndef OPENSSL_NO_DH | 362 | #ifndef OPENSSL_NO_DH |
| 336 | if (c->dh_tmp) DH_free(c->dh_tmp); | 363 | if (c->dh_tmp) DH_free(c->dh_tmp); |
| 337 | #endif | 364 | #endif |
| 365 | #ifndef OPENSSL_NO_ECDH | ||
| 366 | if (c->ecdh_tmp) EC_KEY_free(c->ecdh_tmp); | ||
| 367 | #endif | ||
| 338 | 368 | ||
| 339 | for (i=0; i<SSL_PKEY_NUM; i++) | 369 | for (i=0; i<SSL_PKEY_NUM; i++) |
| 340 | { | 370 | { |
| @@ -441,6 +471,10 @@ void ssl_sess_cert_free(SESS_CERT *sc) | |||
| 441 | if (sc->peer_dh_tmp != NULL) | 471 | if (sc->peer_dh_tmp != NULL) |
| 442 | DH_free(sc->peer_dh_tmp); | 472 | DH_free(sc->peer_dh_tmp); |
| 443 | #endif | 473 | #endif |
| 474 | #ifndef OPENSSL_NO_ECDH | ||
| 475 | if (sc->peer_ecdh_tmp != NULL) | ||
| 476 | EC_KEY_free(sc->peer_ecdh_tmp); | ||
| 477 | #endif | ||
| 444 | 478 | ||
| 445 | OPENSSL_free(sc); | 479 | OPENSSL_free(sc); |
| 446 | } | 480 | } |
| @@ -466,20 +500,22 @@ int ssl_verify_cert_chain(SSL *s,STACK_OF(X509) *sk) | |||
| 466 | SSLerr(SSL_F_SSL_VERIFY_CERT_CHAIN,ERR_R_X509_LIB); | 500 | SSLerr(SSL_F_SSL_VERIFY_CERT_CHAIN,ERR_R_X509_LIB); |
| 467 | return(0); | 501 | return(0); |
| 468 | } | 502 | } |
| 503 | if (s->param) | ||
| 504 | X509_VERIFY_PARAM_inherit(X509_STORE_CTX_get0_param(&ctx), | ||
| 505 | s->param); | ||
| 506 | #if 0 | ||
| 469 | if (SSL_get_verify_depth(s) >= 0) | 507 | if (SSL_get_verify_depth(s) >= 0) |
| 470 | X509_STORE_CTX_set_depth(&ctx, SSL_get_verify_depth(s)); | 508 | X509_STORE_CTX_set_depth(&ctx, SSL_get_verify_depth(s)); |
| 509 | #endif | ||
| 471 | X509_STORE_CTX_set_ex_data(&ctx,SSL_get_ex_data_X509_STORE_CTX_idx(),s); | 510 | X509_STORE_CTX_set_ex_data(&ctx,SSL_get_ex_data_X509_STORE_CTX_idx(),s); |
| 472 | 511 | ||
| 473 | /* We need to set the verify purpose. The purpose can be determined by | 512 | /* We need to inherit the verify parameters. These can be determined by |
| 474 | * the context: if its a server it will verify SSL client certificates | 513 | * the context: if its a server it will verify SSL client certificates |
| 475 | * or vice versa. | 514 | * or vice versa. |
| 476 | */ | 515 | */ |
| 477 | if (s->server) | ||
| 478 | i = X509_PURPOSE_SSL_CLIENT; | ||
| 479 | else | ||
| 480 | i = X509_PURPOSE_SSL_SERVER; | ||
| 481 | 516 | ||
| 482 | X509_STORE_CTX_purpose_inherit(&ctx, i, s->purpose, s->trust); | 517 | X509_STORE_CTX_set_default(&ctx, |
| 518 | s->server ? "ssl_client" : "ssl_server"); | ||
| 483 | 519 | ||
| 484 | if (s->verify_callback) | 520 | if (s->verify_callback) |
| 485 | X509_STORE_CTX_set_verify_cb(&ctx, s->verify_callback); | 521 | X509_STORE_CTX_set_verify_cb(&ctx, s->verify_callback); |
| @@ -726,7 +762,7 @@ err: | |||
| 726 | if(x != NULL) | 762 | if(x != NULL) |
| 727 | X509_free(x); | 763 | X509_free(x); |
| 728 | 764 | ||
| 729 | sk_X509_NAME_set_cmp_func(stack,oldcmp); | 765 | (void)sk_X509_NAME_set_cmp_func(stack,oldcmp); |
| 730 | 766 | ||
| 731 | return ret; | 767 | return ret; |
| 732 | } | 768 | } |
| @@ -742,157 +778,52 @@ err: | |||
| 742 | * certs may have been added to \c stack. | 778 | * certs may have been added to \c stack. |
| 743 | */ | 779 | */ |
| 744 | 780 | ||
| 745 | #ifndef OPENSSL_SYS_WIN32 | ||
| 746 | #ifndef OPENSSL_SYS_VMS /* XXXX This may be fixed in the future */ | ||
| 747 | #ifndef OPENSSL_SYS_MACINTOSH_CLASSIC /* XXXXX: Better scheme needed! */ | ||
| 748 | |||
| 749 | int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack, | 781 | int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack, |
| 750 | const char *dir) | 782 | const char *dir) |
| 751 | { | 783 | { |
| 752 | DIR *d; | 784 | OPENSSL_DIR_CTX *d = NULL; |
| 753 | struct dirent *dstruct; | 785 | const char *filename; |
| 754 | int ret = 0; | 786 | int ret = 0; |
| 755 | 787 | ||
| 756 | CRYPTO_w_lock(CRYPTO_LOCK_READDIR); | 788 | CRYPTO_w_lock(CRYPTO_LOCK_READDIR); |
| 757 | d = opendir(dir); | ||
| 758 | 789 | ||
| 759 | /* Note that a side effect is that the CAs will be sorted by name */ | 790 | /* Note that a side effect is that the CAs will be sorted by name */ |
| 760 | if(!d) | 791 | |
| 761 | { | 792 | while((filename = OPENSSL_DIR_read(&d, dir))) |
| 762 | SYSerr(SYS_F_OPENDIR, get_last_sys_error()); | ||
| 763 | ERR_add_error_data(3, "opendir('", dir, "')"); | ||
| 764 | SSLerr(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK, ERR_R_SYS_LIB); | ||
| 765 | goto err; | ||
| 766 | } | ||
| 767 | |||
| 768 | while((dstruct=readdir(d))) | ||
| 769 | { | 793 | { |
| 770 | char buf[1024]; | 794 | char buf[1024]; |
| 771 | int r; | 795 | int r; |
| 772 | 796 | ||
| 773 | if(strlen(dir)+strlen(dstruct->d_name)+2 > sizeof buf) | 797 | if(strlen(dir)+strlen(filename)+2 > sizeof buf) |
| 774 | { | 798 | { |
| 775 | SSLerr(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK,SSL_R_PATH_TOO_LONG); | 799 | SSLerr(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK,SSL_R_PATH_TOO_LONG); |
| 776 | goto err; | 800 | goto err; |
| 777 | } | 801 | } |
| 778 | 802 | ||
| 779 | r = BIO_snprintf(buf,sizeof buf,"%s/%s",dir,dstruct->d_name); | 803 | #ifdef OPENSSL_SYS_VMS |
| 780 | if (r <= 0 || r >= sizeof buf) | 804 | r = BIO_snprintf(buf,sizeof buf,"%s%s",dir,filename); |
| 805 | #else | ||
| 806 | r = BIO_snprintf(buf,sizeof buf,"%s/%s",dir,filename); | ||
| 807 | #endif | ||
| 808 | if (r <= 0 || r >= (int)sizeof(buf)) | ||
| 781 | goto err; | 809 | goto err; |
| 782 | if(!SSL_add_file_cert_subjects_to_stack(stack,buf)) | 810 | if(!SSL_add_file_cert_subjects_to_stack(stack,buf)) |
| 783 | goto err; | 811 | goto err; |
| 784 | } | 812 | } |
| 785 | ret = 1; | ||
| 786 | |||
| 787 | err: | ||
| 788 | if (d) closedir(d); | ||
| 789 | CRYPTO_w_unlock(CRYPTO_LOCK_READDIR); | ||
| 790 | return ret; | ||
| 791 | } | ||
| 792 | |||
| 793 | #endif | ||
| 794 | #endif | ||
| 795 | |||
| 796 | #else /* OPENSSL_SYS_WIN32 */ | ||
| 797 | |||
| 798 | #if defined(_WIN32_WCE) | ||
| 799 | # ifndef UNICODE | ||
| 800 | # error "WinCE comes in UNICODE flavor only..." | ||
| 801 | # endif | ||
| 802 | # if _WIN32_WCE<101 && !defined(OPENSSL_NO_MULTIBYTE) | ||
| 803 | # define OPENSSL_NO_MULTIBYTE | ||
| 804 | # endif | ||
| 805 | # ifndef FindFirstFile | ||
| 806 | # define FindFirstFile FindFirstFileW | ||
| 807 | # endif | ||
| 808 | # ifndef FindNextFile | ||
| 809 | # define FindNextFile FindNextFileW | ||
| 810 | # endif | ||
| 811 | #endif | ||
| 812 | |||
| 813 | int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack, | ||
| 814 | const char *dir) | ||
| 815 | { | ||
| 816 | WIN32_FIND_DATA FindFileData; | ||
| 817 | HANDLE hFind; | ||
| 818 | int ret = 0; | ||
| 819 | TCHAR *wdir = NULL; | ||
| 820 | size_t i,len_0 = strlen(dir)+1; /* len_0 accounts for trailing 0 */ | ||
| 821 | char buf[1024],*slash; | ||
| 822 | |||
| 823 | if (len_0 > (sizeof(buf)-14)) /* 14 is just some value... */ | ||
| 824 | { | ||
| 825 | SSLerr(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK,SSL_R_PATH_TOO_LONG); | ||
| 826 | return ret; | ||
| 827 | } | ||
| 828 | |||
| 829 | CRYPTO_w_lock(CRYPTO_LOCK_READDIR); | ||
| 830 | |||
| 831 | if (sizeof(TCHAR) != sizeof(char)) | ||
| 832 | { | ||
| 833 | wdir = (TCHAR *)malloc(len_0*sizeof(TCHAR)); | ||
| 834 | if (wdir == NULL) | ||
| 835 | goto err_noclose; | ||
| 836 | #ifndef OPENSSL_NO_MULTIBYTE | ||
| 837 | if (!MultiByteToWideChar(CP_ACP,0,dir,len_0, | ||
| 838 | (WCHAR *)wdir,len_0)) | ||
| 839 | #endif | ||
| 840 | for (i=0;i<len_0;i++) wdir[i]=(TCHAR)dir[i]; | ||
| 841 | |||
| 842 | hFind = FindFirstFile(wdir, &FindFileData); | ||
| 843 | } | ||
| 844 | else hFind = FindFirstFile((const TCHAR *)dir, &FindFileData); | ||
| 845 | 813 | ||
| 846 | /* Note that a side effect is that the CAs will be sorted by name */ | 814 | if (errno) |
| 847 | if(hFind == INVALID_HANDLE_VALUE) | ||
| 848 | { | 815 | { |
| 849 | SYSerr(SYS_F_OPENDIR, get_last_sys_error()); | 816 | SYSerr(SYS_F_OPENDIR, get_last_sys_error()); |
| 850 | ERR_add_error_data(3, "opendir('", dir, "')"); | 817 | ERR_add_error_data(3, "OPENSSL_DIR_read(&ctx, '", dir, "')"); |
| 851 | SSLerr(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK, ERR_R_SYS_LIB); | 818 | SSLerr(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK, ERR_R_SYS_LIB); |
| 852 | goto err_noclose; | 819 | goto err; |
| 853 | } | 820 | } |
| 854 | 821 | ||
| 855 | strncpy(buf,dir,sizeof(buf)); /* strcpy is safe too... */ | ||
| 856 | buf[len_0-1]='/'; /* no trailing zero! */ | ||
| 857 | slash=buf+len_0; | ||
| 858 | |||
| 859 | do { | ||
| 860 | const TCHAR *fnam=FindFileData.cFileName; | ||
| 861 | size_t flen_0=_tcslen(fnam)+1; | ||
| 862 | |||
| 863 | if (flen_0 > (sizeof(buf)-len_0)) | ||
| 864 | { | ||
| 865 | SSLerr(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK,SSL_R_PATH_TOO_LONG); | ||
| 866 | goto err; | ||
| 867 | } | ||
| 868 | /* else strcpy would be safe too... */ | ||
| 869 | |||
| 870 | if (sizeof(TCHAR) != sizeof(char)) | ||
| 871 | { | ||
| 872 | #ifndef OPENSSL_NO_MULTIBYTE | ||
| 873 | if (!WideCharToMultiByte(CP_ACP,0, | ||
| 874 | (WCHAR *)fnam,flen_0, | ||
| 875 | slash,sizeof(buf)-len_0, | ||
| 876 | NULL,0)) | ||
| 877 | #endif | ||
| 878 | for (i=0;i<flen_0;i++) slash[i]=(char)fnam[i]; | ||
| 879 | } | ||
| 880 | else strncpy(slash,(const char *)fnam,sizeof(buf)-len_0); | ||
| 881 | |||
| 882 | if(!SSL_add_file_cert_subjects_to_stack(stack,buf)) | ||
| 883 | goto err; | ||
| 884 | } | ||
| 885 | while (FindNextFile(hFind, &FindFileData) != FALSE); | ||
| 886 | ret = 1; | 822 | ret = 1; |
| 887 | 823 | ||
| 888 | err: | 824 | err: |
| 889 | FindClose(hFind); | 825 | if (d) OPENSSL_DIR_end(&d); |
| 890 | err_noclose: | ||
| 891 | if (wdir != NULL) | ||
| 892 | free(wdir); | ||
| 893 | |||
| 894 | CRYPTO_w_unlock(CRYPTO_LOCK_READDIR); | 826 | CRYPTO_w_unlock(CRYPTO_LOCK_READDIR); |
| 895 | return ret; | 827 | return ret; |
| 896 | } | 828 | } |
| 897 | 829 | ||
| 898 | #endif | ||
diff --git a/src/lib/libssl/src/ssl/ssl_ciph.c b/src/lib/libssl/src/ssl/ssl_ciph.c index f622180c69..71b645da14 100644 --- a/src/lib/libssl/src/ssl/ssl_ciph.c +++ b/src/lib/libssl/src/ssl/ssl_ciph.c | |||
| @@ -55,11 +55,67 @@ | |||
| 55 | * copied and put under another distribution licence | 55 | * copied and put under another distribution licence |
| 56 | * [including the GNU Public Licence.] | 56 | * [including the GNU Public Licence.] |
| 57 | */ | 57 | */ |
| 58 | 58 | /* ==================================================================== | |
| 59 | * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. | ||
| 60 | * | ||
| 61 | * Redistribution and use in source and binary forms, with or without | ||
| 62 | * modification, are permitted provided that the following conditions | ||
| 63 | * are met: | ||
| 64 | * | ||
| 65 | * 1. Redistributions of source code must retain the above copyright | ||
| 66 | * notice, this list of conditions and the following disclaimer. | ||
| 67 | * | ||
| 68 | * 2. Redistributions in binary form must reproduce the above copyright | ||
| 69 | * notice, this list of conditions and the following disclaimer in | ||
| 70 | * the documentation and/or other materials provided with the | ||
| 71 | * distribution. | ||
| 72 | * | ||
| 73 | * 3. All advertising materials mentioning features or use of this | ||
| 74 | * software must display the following acknowledgment: | ||
| 75 | * "This product includes software developed by the OpenSSL Project | ||
| 76 | * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" | ||
| 77 | * | ||
| 78 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | ||
| 79 | * endorse or promote products derived from this software without | ||
| 80 | * prior written permission. For written permission, please contact | ||
| 81 | * openssl-core@openssl.org. | ||
| 82 | * | ||
| 83 | * 5. Products derived from this software may not be called "OpenSSL" | ||
| 84 | * nor may "OpenSSL" appear in their names without prior written | ||
| 85 | * permission of the OpenSSL Project. | ||
| 86 | * | ||
| 87 | * 6. Redistributions of any form whatsoever must retain the following | ||
| 88 | * acknowledgment: | ||
| 89 | * "This product includes software developed by the OpenSSL Project | ||
| 90 | * for use in the OpenSSL Toolkit (http://www.openssl.org/)" | ||
| 91 | * | ||
| 92 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | ||
| 93 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
| 94 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | ||
| 95 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | ||
| 96 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | ||
| 97 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
| 98 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | ||
| 99 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
| 100 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | ||
| 101 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | ||
| 102 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | ||
| 103 | * OF THE POSSIBILITY OF SUCH DAMAGE. | ||
| 104 | * ==================================================================== | ||
| 105 | * | ||
| 106 | * This product includes cryptographic software written by Eric Young | ||
| 107 | * (eay@cryptsoft.com). This product includes software written by Tim | ||
| 108 | * Hudson (tjh@cryptsoft.com). | ||
| 109 | * | ||
| 110 | */ | ||
| 111 | /* ==================================================================== | ||
| 112 | * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. | ||
| 113 | * ECC cipher suite support in OpenSSL originally developed by | ||
| 114 | * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. | ||
| 115 | */ | ||
| 59 | #include <stdio.h> | 116 | #include <stdio.h> |
| 60 | #include <openssl/objects.h> | 117 | #include <openssl/objects.h> |
| 61 | #include <openssl/comp.h> | 118 | #include <openssl/comp.h> |
| 62 | #include <openssl/fips.h> | ||
| 63 | #include "ssl_locl.h" | 119 | #include "ssl_locl.h" |
| 64 | 120 | ||
| 65 | #define SSL_ENC_DES_IDX 0 | 121 | #define SSL_ENC_DES_IDX 0 |
| @@ -71,12 +127,20 @@ | |||
| 71 | #define SSL_ENC_NULL_IDX 6 | 127 | #define SSL_ENC_NULL_IDX 6 |
| 72 | #define SSL_ENC_AES128_IDX 7 | 128 | #define SSL_ENC_AES128_IDX 7 |
| 73 | #define SSL_ENC_AES256_IDX 8 | 129 | #define SSL_ENC_AES256_IDX 8 |
| 74 | #define SSL_ENC_NUM_IDX 9 | 130 | #define SSL_ENC_CAMELLIA128_IDX 9 |
| 131 | #define SSL_ENC_CAMELLIA256_IDX 10 | ||
| 132 | #define SSL_ENC_SEED_IDX 11 | ||
| 133 | #define SSL_ENC_NUM_IDX 12 | ||
| 134 | |||
| 75 | 135 | ||
| 76 | static const EVP_CIPHER *ssl_cipher_methods[SSL_ENC_NUM_IDX]={ | 136 | static const EVP_CIPHER *ssl_cipher_methods[SSL_ENC_NUM_IDX]={ |
| 77 | NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL | 137 | NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL |
| 78 | }; | 138 | }; |
| 79 | 139 | ||
| 140 | #define SSL_COMP_NULL_IDX 0 | ||
| 141 | #define SSL_COMP_ZLIB_IDX 1 | ||
| 142 | #define SSL_COMP_NUM_IDX 2 | ||
| 143 | |||
| 80 | static STACK_OF(SSL_COMP) *ssl_comp_methods=NULL; | 144 | static STACK_OF(SSL_COMP) *ssl_comp_methods=NULL; |
| 81 | 145 | ||
| 82 | #define SSL_MD_MD5_IDX 0 | 146 | #define SSL_MD_MD5_IDX 0 |
| @@ -102,18 +166,20 @@ typedef struct cipher_order_st | |||
| 102 | 166 | ||
| 103 | static const SSL_CIPHER cipher_aliases[]={ | 167 | static const SSL_CIPHER cipher_aliases[]={ |
| 104 | /* Don't include eNULL unless specifically enabled. */ | 168 | /* Don't include eNULL unless specifically enabled. */ |
| 105 | {0,SSL_TXT_ALL, 0,SSL_ALL & ~SSL_eNULL, SSL_ALL ,0,0,0,SSL_ALL,SSL_ALL}, /* must be first */ | 169 | /* Don't include ECC in ALL because these ciphers are not yet official. */ |
| 106 | {0,SSL_TXT_CMPALL,0,SSL_eNULL,0,0,0,0,SSL_ENC_MASK,0}, /* COMPLEMENT OF ALL */ | 170 | {0,SSL_TXT_ALL, 0,SSL_ALL & ~SSL_eNULL & ~SSL_kECDH & ~SSL_kECDHE, SSL_ALL ,0,0,0,SSL_ALL,SSL_ALL}, /* must be first */ |
| 171 | /* TODO: COMPLEMENT OF ALL and COMPLEMENT OF DEFAULT do not have ECC cipher suites handled properly. */ | ||
| 172 | {0,SSL_TXT_CMPALL,0,SSL_eNULL,0,0,0,0,SSL_ENC_MASK,0}, /* COMPLEMENT OF ALL */ | ||
| 107 | {0,SSL_TXT_CMPDEF,0,SSL_ADH, 0,0,0,0,SSL_AUTH_MASK,0}, | 173 | {0,SSL_TXT_CMPDEF,0,SSL_ADH, 0,0,0,0,SSL_AUTH_MASK,0}, |
| 108 | {0,SSL_TXT_kKRB5,0,SSL_kKRB5,0,0,0,0,SSL_MKEY_MASK,0}, /* VRS Kerberos5 */ | 174 | {0,SSL_TXT_kKRB5,0,SSL_kKRB5,0,0,0,0,SSL_MKEY_MASK,0}, /* VRS Kerberos5 */ |
| 109 | {0,SSL_TXT_kRSA,0,SSL_kRSA, 0,0,0,0,SSL_MKEY_MASK,0}, | 175 | {0,SSL_TXT_kRSA,0,SSL_kRSA, 0,0,0,0,SSL_MKEY_MASK,0}, |
| 110 | {0,SSL_TXT_kDHr,0,SSL_kDHr, 0,0,0,0,SSL_MKEY_MASK,0}, | 176 | {0,SSL_TXT_kDHr,0,SSL_kDHr, 0,0,0,0,SSL_MKEY_MASK,0}, |
| 111 | {0,SSL_TXT_kDHd,0,SSL_kDHd, 0,0,0,0,SSL_MKEY_MASK,0}, | 177 | {0,SSL_TXT_kDHd,0,SSL_kDHd, 0,0,0,0,SSL_MKEY_MASK,0}, |
| 112 | {0,SSL_TXT_kEDH,0,SSL_kEDH, 0,0,0,0,SSL_MKEY_MASK,0}, | 178 | {0,SSL_TXT_kEDH,0,SSL_kEDH, 0,0,0,0,SSL_MKEY_MASK,0}, |
| 113 | {0,SSL_TXT_kFZA,0,SSL_kFZA, 0,0,0,0,SSL_MKEY_MASK,0}, | 179 | {0,SSL_TXT_kFZA,0,SSL_kFZA, 0,0,0,0,SSL_MKEY_MASK,0}, |
| 114 | {0,SSL_TXT_DH, 0,SSL_DH, 0,0,0,0,SSL_MKEY_MASK,0}, | 180 | {0,SSL_TXT_DH, 0,SSL_DH, 0,0,0,0,SSL_MKEY_MASK,0}, |
| 181 | {0,SSL_TXT_ECC, 0,(SSL_kECDH|SSL_kECDHE), 0,0,0,0,SSL_MKEY_MASK,0}, | ||
| 115 | {0,SSL_TXT_EDH, 0,SSL_EDH, 0,0,0,0,SSL_MKEY_MASK|SSL_AUTH_MASK,0}, | 182 | {0,SSL_TXT_EDH, 0,SSL_EDH, 0,0,0,0,SSL_MKEY_MASK|SSL_AUTH_MASK,0}, |
| 116 | |||
| 117 | {0,SSL_TXT_aKRB5,0,SSL_aKRB5,0,0,0,0,SSL_AUTH_MASK,0}, /* VRS Kerberos5 */ | 183 | {0,SSL_TXT_aKRB5,0,SSL_aKRB5,0,0,0,0,SSL_AUTH_MASK,0}, /* VRS Kerberos5 */ |
| 118 | {0,SSL_TXT_aRSA,0,SSL_aRSA, 0,0,0,0,SSL_AUTH_MASK,0}, | 184 | {0,SSL_TXT_aRSA,0,SSL_aRSA, 0,0,0,0,SSL_AUTH_MASK,0}, |
| 119 | {0,SSL_TXT_aDSS,0,SSL_aDSS, 0,0,0,0,SSL_AUTH_MASK,0}, | 185 | {0,SSL_TXT_aDSS,0,SSL_aDSS, 0,0,0,0,SSL_AUTH_MASK,0}, |
| @@ -129,9 +195,11 @@ static const SSL_CIPHER cipher_aliases[]={ | |||
| 129 | #ifndef OPENSSL_NO_IDEA | 195 | #ifndef OPENSSL_NO_IDEA |
| 130 | {0,SSL_TXT_IDEA,0,SSL_IDEA, 0,0,0,0,SSL_ENC_MASK,0}, | 196 | {0,SSL_TXT_IDEA,0,SSL_IDEA, 0,0,0,0,SSL_ENC_MASK,0}, |
| 131 | #endif | 197 | #endif |
| 198 | {0,SSL_TXT_SEED,0,SSL_SEED, 0,0,0,0,SSL_ENC_MASK,0}, | ||
| 132 | {0,SSL_TXT_eNULL,0,SSL_eNULL,0,0,0,0,SSL_ENC_MASK,0}, | 199 | {0,SSL_TXT_eNULL,0,SSL_eNULL,0,0,0,0,SSL_ENC_MASK,0}, |
| 133 | {0,SSL_TXT_eFZA,0,SSL_eFZA, 0,0,0,0,SSL_ENC_MASK,0}, | 200 | {0,SSL_TXT_eFZA,0,SSL_eFZA, 0,0,0,0,SSL_ENC_MASK,0}, |
| 134 | {0,SSL_TXT_AES, 0,SSL_AES, 0,0,0,0,SSL_ENC_MASK,0}, | 201 | {0,SSL_TXT_AES, 0,SSL_AES, 0,0,0,0,SSL_ENC_MASK,0}, |
| 202 | {0,SSL_TXT_CAMELLIA,0,SSL_CAMELLIA, 0,0,0,0,SSL_ENC_MASK,0}, | ||
| 135 | 203 | ||
| 136 | {0,SSL_TXT_MD5, 0,SSL_MD5, 0,0,0,0,SSL_MAC_MASK,0}, | 204 | {0,SSL_TXT_MD5, 0,SSL_MD5, 0,0,0,0,SSL_MAC_MASK,0}, |
| 137 | {0,SSL_TXT_SHA1,0,SSL_SHA1, 0,0,0,0,SSL_MAC_MASK,0}, | 205 | {0,SSL_TXT_SHA1,0,SSL_SHA1, 0,0,0,0,SSL_MAC_MASK,0}, |
| @@ -154,12 +222,9 @@ static const SSL_CIPHER cipher_aliases[]={ | |||
| 154 | {0,SSL_TXT_LOW, 0, 0, SSL_LOW, 0,0,0,0,SSL_STRONG_MASK}, | 222 | {0,SSL_TXT_LOW, 0, 0, SSL_LOW, 0,0,0,0,SSL_STRONG_MASK}, |
| 155 | {0,SSL_TXT_MEDIUM,0, 0,SSL_MEDIUM, 0,0,0,0,SSL_STRONG_MASK}, | 223 | {0,SSL_TXT_MEDIUM,0, 0,SSL_MEDIUM, 0,0,0,0,SSL_STRONG_MASK}, |
| 156 | {0,SSL_TXT_HIGH, 0, 0, SSL_HIGH, 0,0,0,0,SSL_STRONG_MASK}, | 224 | {0,SSL_TXT_HIGH, 0, 0, SSL_HIGH, 0,0,0,0,SSL_STRONG_MASK}, |
| 157 | {0,SSL_TXT_FIPS, 0, 0, SSL_FIPS, 0,0,0,0,SSL_FIPS|SSL_STRONG_NONE}, | ||
| 158 | }; | 225 | }; |
| 159 | 226 | ||
| 160 | static int init_ciphers=1; | 227 | void ssl_load_ciphers(void) |
| 161 | |||
| 162 | static void load_ciphers(void) | ||
| 163 | { | 228 | { |
| 164 | ssl_cipher_methods[SSL_ENC_DES_IDX]= | 229 | ssl_cipher_methods[SSL_ENC_DES_IDX]= |
| 165 | EVP_get_cipherbyname(SN_des_cbc); | 230 | EVP_get_cipherbyname(SN_des_cbc); |
| @@ -179,14 +244,73 @@ static void load_ciphers(void) | |||
| 179 | EVP_get_cipherbyname(SN_aes_128_cbc); | 244 | EVP_get_cipherbyname(SN_aes_128_cbc); |
| 180 | ssl_cipher_methods[SSL_ENC_AES256_IDX]= | 245 | ssl_cipher_methods[SSL_ENC_AES256_IDX]= |
| 181 | EVP_get_cipherbyname(SN_aes_256_cbc); | 246 | EVP_get_cipherbyname(SN_aes_256_cbc); |
| 247 | ssl_cipher_methods[SSL_ENC_CAMELLIA128_IDX]= | ||
| 248 | EVP_get_cipherbyname(SN_camellia_128_cbc); | ||
| 249 | ssl_cipher_methods[SSL_ENC_CAMELLIA256_IDX]= | ||
| 250 | EVP_get_cipherbyname(SN_camellia_256_cbc); | ||
| 251 | ssl_cipher_methods[SSL_ENC_SEED_IDX]= | ||
| 252 | EVP_get_cipherbyname(SN_seed_cbc); | ||
| 182 | 253 | ||
| 183 | ssl_digest_methods[SSL_MD_MD5_IDX]= | 254 | ssl_digest_methods[SSL_MD_MD5_IDX]= |
| 184 | EVP_get_digestbyname(SN_md5); | 255 | EVP_get_digestbyname(SN_md5); |
| 185 | ssl_digest_methods[SSL_MD_SHA1_IDX]= | 256 | ssl_digest_methods[SSL_MD_SHA1_IDX]= |
| 186 | EVP_get_digestbyname(SN_sha1); | 257 | EVP_get_digestbyname(SN_sha1); |
| 187 | init_ciphers=0; | ||
| 188 | } | 258 | } |
| 189 | 259 | ||
| 260 | |||
| 261 | #ifndef OPENSSL_NO_COMP | ||
| 262 | |||
| 263 | static int sk_comp_cmp(const SSL_COMP * const *a, | ||
| 264 | const SSL_COMP * const *b) | ||
| 265 | { | ||
| 266 | return((*a)->id-(*b)->id); | ||
| 267 | } | ||
| 268 | |||
| 269 | static void load_builtin_compressions(void) | ||
| 270 | { | ||
| 271 | int got_write_lock = 0; | ||
| 272 | |||
| 273 | CRYPTO_r_lock(CRYPTO_LOCK_SSL); | ||
| 274 | if (ssl_comp_methods == NULL) | ||
| 275 | { | ||
| 276 | CRYPTO_r_unlock(CRYPTO_LOCK_SSL); | ||
| 277 | CRYPTO_w_lock(CRYPTO_LOCK_SSL); | ||
| 278 | got_write_lock = 1; | ||
| 279 | |||
| 280 | if (ssl_comp_methods == NULL) | ||
| 281 | { | ||
| 282 | SSL_COMP *comp = NULL; | ||
| 283 | |||
| 284 | MemCheck_off(); | ||
| 285 | ssl_comp_methods=sk_SSL_COMP_new(sk_comp_cmp); | ||
| 286 | if (ssl_comp_methods != NULL) | ||
| 287 | { | ||
| 288 | comp=(SSL_COMP *)OPENSSL_malloc(sizeof(SSL_COMP)); | ||
| 289 | if (comp != NULL) | ||
| 290 | { | ||
| 291 | comp->method=COMP_zlib(); | ||
| 292 | if (comp->method | ||
| 293 | && comp->method->type == NID_undef) | ||
| 294 | OPENSSL_free(comp); | ||
| 295 | else | ||
| 296 | { | ||
| 297 | comp->id=SSL_COMP_ZLIB_IDX; | ||
| 298 | comp->name=comp->method->name; | ||
| 299 | sk_SSL_COMP_push(ssl_comp_methods,comp); | ||
| 300 | } | ||
| 301 | } | ||
| 302 | } | ||
| 303 | MemCheck_on(); | ||
| 304 | } | ||
| 305 | } | ||
| 306 | |||
| 307 | if (got_write_lock) | ||
| 308 | CRYPTO_w_unlock(CRYPTO_LOCK_SSL); | ||
| 309 | else | ||
| 310 | CRYPTO_r_unlock(CRYPTO_LOCK_SSL); | ||
| 311 | } | ||
| 312 | #endif | ||
| 313 | |||
| 190 | int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc, | 314 | int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc, |
| 191 | const EVP_MD **md, SSL_COMP **comp) | 315 | const EVP_MD **md, SSL_COMP **comp) |
| 192 | { | 316 | { |
| @@ -198,18 +322,14 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc, | |||
| 198 | if (comp != NULL) | 322 | if (comp != NULL) |
| 199 | { | 323 | { |
| 200 | SSL_COMP ctmp; | 324 | SSL_COMP ctmp; |
| 325 | #ifndef OPENSSL_NO_COMP | ||
| 326 | load_builtin_compressions(); | ||
| 327 | #endif | ||
| 201 | 328 | ||
| 202 | if (s->compress_meth == 0) | 329 | *comp=NULL; |
| 203 | *comp=NULL; | 330 | ctmp.id=s->compress_meth; |
| 204 | else if (ssl_comp_methods == NULL) | 331 | if (ssl_comp_methods != NULL) |
| 205 | { | 332 | { |
| 206 | /* bad */ | ||
| 207 | *comp=NULL; | ||
| 208 | } | ||
| 209 | else | ||
| 210 | { | ||
| 211 | |||
| 212 | ctmp.id=s->compress_meth; | ||
| 213 | i=sk_SSL_COMP_find(ssl_comp_methods,&ctmp); | 333 | i=sk_SSL_COMP_find(ssl_comp_methods,&ctmp); |
| 214 | if (i >= 0) | 334 | if (i >= 0) |
| 215 | *comp=sk_SSL_COMP_value(ssl_comp_methods,i); | 335 | *comp=sk_SSL_COMP_value(ssl_comp_methods,i); |
| @@ -248,6 +368,18 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc, | |||
| 248 | default: i=-1; break; | 368 | default: i=-1; break; |
| 249 | } | 369 | } |
| 250 | break; | 370 | break; |
| 371 | case SSL_CAMELLIA: | ||
| 372 | switch(c->alg_bits) | ||
| 373 | { | ||
| 374 | case 128: i=SSL_ENC_CAMELLIA128_IDX; break; | ||
| 375 | case 256: i=SSL_ENC_CAMELLIA256_IDX; break; | ||
| 376 | default: i=-1; break; | ||
| 377 | } | ||
| 378 | break; | ||
| 379 | case SSL_SEED: | ||
| 380 | i=SSL_ENC_SEED_IDX; | ||
| 381 | break; | ||
| 382 | |||
| 251 | default: | 383 | default: |
| 252 | i= -1; | 384 | i= -1; |
| 253 | break; | 385 | break; |
| @@ -305,9 +437,18 @@ static void ll_append_tail(CIPHER_ORDER **head, CIPHER_ORDER *curr, | |||
| 305 | *tail=curr; | 437 | *tail=curr; |
| 306 | } | 438 | } |
| 307 | 439 | ||
| 308 | static unsigned long ssl_cipher_get_disabled(void) | 440 | struct disabled_masks { /* This is a kludge no longer needed with OpenSSL 0.9.9, |
| 441 | * where 128-bit and 256-bit algorithms simply will get | ||
| 442 | * separate bits. */ | ||
| 443 | unsigned long mask; /* everything except m256 */ | ||
| 444 | unsigned long m256; /* applies to 256-bit algorithms only */ | ||
| 445 | }; | ||
| 446 | |||
| 447 | static struct disabled_masks ssl_cipher_get_disabled(void) | ||
| 309 | { | 448 | { |
| 310 | unsigned long mask; | 449 | unsigned long mask; |
| 450 | unsigned long m256; | ||
| 451 | struct disabled_masks ret; | ||
| 311 | 452 | ||
| 312 | mask = SSL_kFZA; | 453 | mask = SSL_kFZA; |
| 313 | #ifdef OPENSSL_NO_RSA | 454 | #ifdef OPENSSL_NO_RSA |
| @@ -322,7 +463,9 @@ static unsigned long ssl_cipher_get_disabled(void) | |||
| 322 | #ifdef OPENSSL_NO_KRB5 | 463 | #ifdef OPENSSL_NO_KRB5 |
| 323 | mask |= SSL_kKRB5|SSL_aKRB5; | 464 | mask |= SSL_kKRB5|SSL_aKRB5; |
| 324 | #endif | 465 | #endif |
| 325 | 466 | #ifdef OPENSSL_NO_ECDH | |
| 467 | mask |= SSL_kECDH|SSL_kECDHE; | ||
| 468 | #endif | ||
| 326 | #ifdef SSL_FORBID_ENULL | 469 | #ifdef SSL_FORBID_ENULL |
| 327 | mask |= SSL_eNULL; | 470 | mask |= SSL_eNULL; |
| 328 | #endif | 471 | #endif |
| @@ -333,17 +476,27 @@ static unsigned long ssl_cipher_get_disabled(void) | |||
| 333 | mask |= (ssl_cipher_methods[SSL_ENC_RC2_IDX ] == NULL) ? SSL_RC2 :0; | 476 | mask |= (ssl_cipher_methods[SSL_ENC_RC2_IDX ] == NULL) ? SSL_RC2 :0; |
| 334 | mask |= (ssl_cipher_methods[SSL_ENC_IDEA_IDX] == NULL) ? SSL_IDEA:0; | 477 | mask |= (ssl_cipher_methods[SSL_ENC_IDEA_IDX] == NULL) ? SSL_IDEA:0; |
| 335 | mask |= (ssl_cipher_methods[SSL_ENC_eFZA_IDX] == NULL) ? SSL_eFZA:0; | 478 | mask |= (ssl_cipher_methods[SSL_ENC_eFZA_IDX] == NULL) ? SSL_eFZA:0; |
| 336 | mask |= (ssl_cipher_methods[SSL_ENC_AES128_IDX] == NULL) ? SSL_AES:0; | 479 | mask |= (ssl_cipher_methods[SSL_ENC_SEED_IDX] == NULL) ? SSL_SEED:0; |
| 337 | 480 | ||
| 338 | mask |= (ssl_digest_methods[SSL_MD_MD5_IDX ] == NULL) ? SSL_MD5 :0; | 481 | mask |= (ssl_digest_methods[SSL_MD_MD5_IDX ] == NULL) ? SSL_MD5 :0; |
| 339 | mask |= (ssl_digest_methods[SSL_MD_SHA1_IDX] == NULL) ? SSL_SHA1:0; | 482 | mask |= (ssl_digest_methods[SSL_MD_SHA1_IDX] == NULL) ? SSL_SHA1:0; |
| 340 | 483 | ||
| 341 | return(mask); | 484 | /* finally consider algorithms where mask and m256 differ */ |
| 485 | m256 = mask; | ||
| 486 | mask |= (ssl_cipher_methods[SSL_ENC_AES128_IDX] == NULL) ? SSL_AES:0; | ||
| 487 | mask |= (ssl_cipher_methods[SSL_ENC_CAMELLIA128_IDX] == NULL) ? SSL_CAMELLIA:0; | ||
| 488 | m256 |= (ssl_cipher_methods[SSL_ENC_AES256_IDX] == NULL) ? SSL_AES:0; | ||
| 489 | m256 |= (ssl_cipher_methods[SSL_ENC_CAMELLIA256_IDX] == NULL) ? SSL_CAMELLIA:0; | ||
| 490 | |||
| 491 | ret.mask = mask; | ||
| 492 | ret.m256 = m256; | ||
| 493 | return ret; | ||
| 342 | } | 494 | } |
| 343 | 495 | ||
| 344 | static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method, | 496 | static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method, |
| 345 | int num_of_ciphers, unsigned long mask, CIPHER_ORDER *co_list, | 497 | int num_of_ciphers, unsigned long mask, unsigned long m256, |
| 346 | CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p) | 498 | CIPHER_ORDER *co_list, CIPHER_ORDER **head_p, |
| 499 | CIPHER_ORDER **tail_p) | ||
| 347 | { | 500 | { |
| 348 | int i, co_list_num; | 501 | int i, co_list_num; |
| 349 | SSL_CIPHER *c; | 502 | SSL_CIPHER *c; |
| @@ -360,13 +513,9 @@ static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method, | |||
| 360 | for (i = 0; i < num_of_ciphers; i++) | 513 | for (i = 0; i < num_of_ciphers; i++) |
| 361 | { | 514 | { |
| 362 | c = ssl_method->get_cipher(i); | 515 | c = ssl_method->get_cipher(i); |
| 516 | #define IS_MASKED(c) ((c)->algorithms & (((c)->alg_bits == 256) ? m256 : mask)) | ||
| 363 | /* drop those that use any of that is not available */ | 517 | /* drop those that use any of that is not available */ |
| 364 | #ifdef OPENSSL_FIPS | 518 | if ((c != NULL) && c->valid && !IS_MASKED(c)) |
| 365 | if ((c != NULL) && c->valid && !(c->algorithms & mask) | ||
| 366 | && (!FIPS_mode() || (c->algo_strength & SSL_FIPS))) | ||
| 367 | #else | ||
| 368 | if ((c != NULL) && c->valid && !(c->algorithms & mask)) | ||
| 369 | #endif | ||
| 370 | { | 519 | { |
| 371 | co_list[co_list_num].cipher = c; | 520 | co_list[co_list_num].cipher = c; |
| 372 | co_list[co_list_num].next = NULL; | 521 | co_list[co_list_num].next = NULL; |
| @@ -440,7 +589,8 @@ static void ssl_cipher_collect_aliases(SSL_CIPHER **ca_list, | |||
| 440 | *ca_curr = NULL; /* end of list */ | 589 | *ca_curr = NULL; /* end of list */ |
| 441 | } | 590 | } |
| 442 | 591 | ||
| 443 | static void ssl_cipher_apply_rule(unsigned long algorithms, unsigned long mask, | 592 | static void ssl_cipher_apply_rule(unsigned long cipher_id, unsigned long ssl_version, |
| 593 | unsigned long algorithms, unsigned long mask, | ||
| 444 | unsigned long algo_strength, unsigned long mask_strength, | 594 | unsigned long algo_strength, unsigned long mask_strength, |
| 445 | int rule, int strength_bits, CIPHER_ORDER *co_list, | 595 | int rule, int strength_bits, CIPHER_ORDER *co_list, |
| 446 | CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p) | 596 | CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p) |
| @@ -466,11 +616,20 @@ static void ssl_cipher_apply_rule(unsigned long algorithms, unsigned long mask, | |||
| 466 | 616 | ||
| 467 | cp = curr->cipher; | 617 | cp = curr->cipher; |
| 468 | 618 | ||
| 619 | /* If explicit cipher suite, match only that one for its own protocol version. | ||
| 620 | * Usual selection criteria will be used for similar ciphersuites from other version! */ | ||
| 621 | |||
| 622 | if (cipher_id && (cp->algorithms & SSL_SSL_MASK) == ssl_version) | ||
| 623 | { | ||
| 624 | if (cp->id != cipher_id) | ||
| 625 | continue; | ||
| 626 | } | ||
| 627 | |||
| 469 | /* | 628 | /* |
| 470 | * Selection criteria is either the number of strength_bits | 629 | * Selection criteria is either the number of strength_bits |
| 471 | * or the algorithm used. | 630 | * or the algorithm used. |
| 472 | */ | 631 | */ |
| 473 | if (strength_bits == -1) | 632 | else if (strength_bits == -1) |
| 474 | { | 633 | { |
| 475 | ma = mask & cp->algorithms; | 634 | ma = mask & cp->algorithms; |
| 476 | ma_s = mask_strength & cp->algo_strength; | 635 | ma_s = mask_strength & cp->algo_strength; |
| @@ -501,8 +660,22 @@ static void ssl_cipher_apply_rule(unsigned long algorithms, unsigned long mask, | |||
| 501 | { | 660 | { |
| 502 | if (!curr->active) | 661 | if (!curr->active) |
| 503 | { | 662 | { |
| 504 | ll_append_tail(&head, curr, &tail); | 663 | int add_this_cipher = 1; |
| 505 | curr->active = 1; | 664 | |
| 665 | if (((cp->algorithms & (SSL_kECDHE|SSL_kECDH|SSL_aECDSA)) != 0)) | ||
| 666 | { | ||
| 667 | /* Make sure "ECCdraft" ciphersuites are activated only if | ||
| 668 | * *explicitly* requested, but not implicitly (such as | ||
| 669 | * as part of the "AES" alias). */ | ||
| 670 | |||
| 671 | add_this_cipher = (mask & (SSL_kECDHE|SSL_kECDH|SSL_aECDSA)) != 0 || cipher_id != 0; | ||
| 672 | } | ||
| 673 | |||
| 674 | if (add_this_cipher) | ||
| 675 | { | ||
| 676 | ll_append_tail(&head, curr, &tail); | ||
| 677 | curr->active = 1; | ||
| 678 | } | ||
| 506 | } | 679 | } |
| 507 | } | 680 | } |
| 508 | /* Move the added cipher to this location */ | 681 | /* Move the added cipher to this location */ |
| @@ -583,7 +756,7 @@ static int ssl_cipher_strength_sort(CIPHER_ORDER *co_list, | |||
| 583 | */ | 756 | */ |
| 584 | for (i = max_strength_bits; i >= 0; i--) | 757 | for (i = max_strength_bits; i >= 0; i--) |
| 585 | if (number_uses[i] > 0) | 758 | if (number_uses[i] > 0) |
| 586 | ssl_cipher_apply_rule(0, 0, 0, 0, CIPHER_ORD, i, | 759 | ssl_cipher_apply_rule(0, 0, 0, 0, 0, 0, CIPHER_ORD, i, |
| 587 | co_list, head_p, tail_p); | 760 | co_list, head_p, tail_p); |
| 588 | 761 | ||
| 589 | OPENSSL_free(number_uses); | 762 | OPENSSL_free(number_uses); |
| @@ -597,6 +770,7 @@ static int ssl_cipher_process_rulestr(const char *rule_str, | |||
| 597 | unsigned long algorithms, mask, algo_strength, mask_strength; | 770 | unsigned long algorithms, mask, algo_strength, mask_strength; |
| 598 | const char *l, *start, *buf; | 771 | const char *l, *start, *buf; |
| 599 | int j, multi, found, rule, retval, ok, buflen; | 772 | int j, multi, found, rule, retval, ok, buflen; |
| 773 | unsigned long cipher_id = 0, ssl_version = 0; | ||
| 600 | char ch; | 774 | char ch; |
| 601 | 775 | ||
| 602 | retval = 1; | 776 | retval = 1; |
| @@ -686,6 +860,8 @@ static int ssl_cipher_process_rulestr(const char *rule_str, | |||
| 686 | * use strcmp(), because buf is not '\0' terminated.) | 860 | * use strcmp(), because buf is not '\0' terminated.) |
| 687 | */ | 861 | */ |
| 688 | j = found = 0; | 862 | j = found = 0; |
| 863 | cipher_id = 0; | ||
| 864 | ssl_version = 0; | ||
| 689 | while (ca_list[j]) | 865 | while (ca_list[j]) |
| 690 | { | 866 | { |
| 691 | if (!strncmp(buf, ca_list[j]->name, buflen) && | 867 | if (!strncmp(buf, ca_list[j]->name, buflen) && |
| @@ -714,6 +890,14 @@ static int ssl_cipher_process_rulestr(const char *rule_str, | |||
| 714 | (algo_strength & ca_list[j]->algo_strength); | 890 | (algo_strength & ca_list[j]->algo_strength); |
| 715 | mask_strength |= ca_list[j]->mask_strength; | 891 | mask_strength |= ca_list[j]->mask_strength; |
| 716 | 892 | ||
| 893 | /* explicit ciphersuite found */ | ||
| 894 | if (ca_list[j]->valid) | ||
| 895 | { | ||
| 896 | cipher_id = ca_list[j]->id; | ||
| 897 | ssl_version = ca_list[j]->algorithms & SSL_SSL_MASK; | ||
| 898 | break; | ||
| 899 | } | ||
| 900 | |||
| 717 | if (!multi) break; | 901 | if (!multi) break; |
| 718 | } | 902 | } |
| 719 | 903 | ||
| @@ -738,18 +922,18 @@ static int ssl_cipher_process_rulestr(const char *rule_str, | |||
| 738 | * rest of the command, if any left, until | 922 | * rest of the command, if any left, until |
| 739 | * end or ':' is found. | 923 | * end or ':' is found. |
| 740 | */ | 924 | */ |
| 741 | while ((*l != '\0') && ITEM_SEP(*l)) | 925 | while ((*l != '\0') && !ITEM_SEP(*l)) |
| 742 | l++; | 926 | l++; |
| 743 | } | 927 | } |
| 744 | else if (found) | 928 | else if (found) |
| 745 | { | 929 | { |
| 746 | ssl_cipher_apply_rule(algorithms, mask, | 930 | ssl_cipher_apply_rule(cipher_id, ssl_version, algorithms, mask, |
| 747 | algo_strength, mask_strength, rule, -1, | 931 | algo_strength, mask_strength, rule, -1, |
| 748 | co_list, head_p, tail_p); | 932 | co_list, head_p, tail_p); |
| 749 | } | 933 | } |
| 750 | else | 934 | else |
| 751 | { | 935 | { |
| 752 | while ((*l != '\0') && ITEM_SEP(*l)) | 936 | while ((*l != '\0') && !ITEM_SEP(*l)) |
| 753 | l++; | 937 | l++; |
| 754 | } | 938 | } |
| 755 | if (*l == '\0') break; /* done */ | 939 | if (*l == '\0') break; /* done */ |
| @@ -765,6 +949,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, | |||
| 765 | { | 949 | { |
| 766 | int ok, num_of_ciphers, num_of_alias_max, num_of_group_aliases; | 950 | int ok, num_of_ciphers, num_of_alias_max, num_of_group_aliases; |
| 767 | unsigned long disabled_mask; | 951 | unsigned long disabled_mask; |
| 952 | unsigned long disabled_m256; | ||
| 768 | STACK_OF(SSL_CIPHER) *cipherstack, *tmp_cipher_list; | 953 | STACK_OF(SSL_CIPHER) *cipherstack, *tmp_cipher_list; |
| 769 | const char *rule_p; | 954 | const char *rule_p; |
| 770 | CIPHER_ORDER *co_list = NULL, *head = NULL, *tail = NULL, *curr; | 955 | CIPHER_ORDER *co_list = NULL, *head = NULL, *tail = NULL, *curr; |
| @@ -776,18 +961,16 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, | |||
| 776 | if (rule_str == NULL || cipher_list == NULL || cipher_list_by_id == NULL) | 961 | if (rule_str == NULL || cipher_list == NULL || cipher_list_by_id == NULL) |
| 777 | return NULL; | 962 | return NULL; |
| 778 | 963 | ||
| 779 | if (init_ciphers) | ||
| 780 | { | ||
| 781 | CRYPTO_w_lock(CRYPTO_LOCK_SSL); | ||
| 782 | if (init_ciphers) load_ciphers(); | ||
| 783 | CRYPTO_w_unlock(CRYPTO_LOCK_SSL); | ||
| 784 | } | ||
| 785 | |||
| 786 | /* | 964 | /* |
| 787 | * To reduce the work to do we only want to process the compiled | 965 | * To reduce the work to do we only want to process the compiled |
| 788 | * in algorithms, so we first get the mask of disabled ciphers. | 966 | * in algorithms, so we first get the mask of disabled ciphers. |
| 789 | */ | 967 | */ |
| 790 | disabled_mask = ssl_cipher_get_disabled(); | 968 | { |
| 969 | struct disabled_masks d; | ||
| 970 | d = ssl_cipher_get_disabled(); | ||
| 971 | disabled_mask = d.mask; | ||
| 972 | disabled_m256 = d.m256; | ||
| 973 | } | ||
| 791 | 974 | ||
| 792 | /* | 975 | /* |
| 793 | * Now we have to collect the available ciphers from the compiled | 976 | * Now we have to collect the available ciphers from the compiled |
| @@ -806,7 +989,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, | |||
| 806 | } | 989 | } |
| 807 | 990 | ||
| 808 | ssl_cipher_collect_ciphers(ssl_method, num_of_ciphers, disabled_mask, | 991 | ssl_cipher_collect_ciphers(ssl_method, num_of_ciphers, disabled_mask, |
| 809 | co_list, &head, &tail); | 992 | disabled_m256, co_list, &head, &tail); |
| 810 | 993 | ||
| 811 | /* | 994 | /* |
| 812 | * We also need cipher aliases for selecting based on the rule_str. | 995 | * We also need cipher aliases for selecting based on the rule_str. |
| @@ -826,8 +1009,8 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, | |||
| 826 | SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST,ERR_R_MALLOC_FAILURE); | 1009 | SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST,ERR_R_MALLOC_FAILURE); |
| 827 | return(NULL); /* Failure */ | 1010 | return(NULL); /* Failure */ |
| 828 | } | 1011 | } |
| 829 | ssl_cipher_collect_aliases(ca_list, num_of_group_aliases, disabled_mask, | 1012 | ssl_cipher_collect_aliases(ca_list, num_of_group_aliases, |
| 830 | head); | 1013 | (disabled_mask & disabled_m256), head); |
| 831 | 1014 | ||
| 832 | /* | 1015 | /* |
| 833 | * If the rule_string begins with DEFAULT, apply the default rule | 1016 | * If the rule_string begins with DEFAULT, apply the default rule |
| @@ -871,11 +1054,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, | |||
| 871 | */ | 1054 | */ |
| 872 | for (curr = head; curr != NULL; curr = curr->next) | 1055 | for (curr = head; curr != NULL; curr = curr->next) |
| 873 | { | 1056 | { |
| 874 | #ifdef OPENSSL_FIPS | ||
| 875 | if (curr->active && (!FIPS_mode() || curr->cipher->algo_strength & SSL_FIPS)) | ||
| 876 | #else | ||
| 877 | if (curr->active) | 1057 | if (curr->active) |
| 878 | #endif | ||
| 879 | { | 1058 | { |
| 880 | sk_SSL_CIPHER_push(cipherstack, curr->cipher); | 1059 | sk_SSL_CIPHER_push(cipherstack, curr->cipher); |
| 881 | #ifdef CIPHER_DEBUG | 1060 | #ifdef CIPHER_DEBUG |
| @@ -897,7 +1076,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, | |||
| 897 | if (*cipher_list_by_id != NULL) | 1076 | if (*cipher_list_by_id != NULL) |
| 898 | sk_SSL_CIPHER_free(*cipher_list_by_id); | 1077 | sk_SSL_CIPHER_free(*cipher_list_by_id); |
| 899 | *cipher_list_by_id = tmp_cipher_list; | 1078 | *cipher_list_by_id = tmp_cipher_list; |
| 900 | sk_SSL_CIPHER_set_cmp_func(*cipher_list_by_id,ssl_cipher_ptr_id_cmp); | 1079 | (void)sk_SSL_CIPHER_set_cmp_func(*cipher_list_by_id,ssl_cipher_ptr_id_cmp); |
| 901 | 1080 | ||
| 902 | return(cipherstack); | 1081 | return(cipherstack); |
| 903 | } | 1082 | } |
| @@ -905,13 +1084,13 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, | |||
| 905 | char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int len) | 1084 | char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int len) |
| 906 | { | 1085 | { |
| 907 | int is_export,pkl,kl; | 1086 | int is_export,pkl,kl; |
| 908 | char *ver,*exp_str; | 1087 | const char *ver,*exp_str; |
| 909 | char *kx,*au,*enc,*mac; | 1088 | const char *kx,*au,*enc,*mac; |
| 910 | unsigned long alg,alg2,alg_s; | 1089 | unsigned long alg,alg2,alg_s; |
| 911 | #ifdef KSSL_DEBUG | 1090 | #ifdef KSSL_DEBUG |
| 912 | static char *format="%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s%s AL=%lx\n"; | 1091 | static const char *format="%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s%s AL=%lx\n"; |
| 913 | #else | 1092 | #else |
| 914 | static char *format="%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s%s\n"; | 1093 | static const char *format="%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s%s\n"; |
| 915 | #endif /* KSSL_DEBUG */ | 1094 | #endif /* KSSL_DEBUG */ |
| 916 | 1095 | ||
| 917 | alg=cipher->algorithms; | 1096 | alg=cipher->algorithms; |
| @@ -922,7 +1101,7 @@ char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int len) | |||
| 922 | pkl=SSL_C_EXPORT_PKEYLENGTH(cipher); | 1101 | pkl=SSL_C_EXPORT_PKEYLENGTH(cipher); |
| 923 | kl=SSL_C_EXPORT_KEYLENGTH(cipher); | 1102 | kl=SSL_C_EXPORT_KEYLENGTH(cipher); |
| 924 | exp_str=is_export?" export":""; | 1103 | exp_str=is_export?" export":""; |
| 925 | 1104 | ||
| 926 | if (alg & SSL_SSLV2) | 1105 | if (alg & SSL_SSLV2) |
| 927 | ver="SSLv2"; | 1106 | ver="SSLv2"; |
| 928 | else if (alg & SSL_SSLV3) | 1107 | else if (alg & SSL_SSLV3) |
| @@ -951,6 +1130,10 @@ char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int len) | |||
| 951 | case SSL_kEDH: | 1130 | case SSL_kEDH: |
| 952 | kx=is_export?(pkl == 512 ? "DH(512)" : "DH(1024)"):"DH"; | 1131 | kx=is_export?(pkl == 512 ? "DH(512)" : "DH(1024)"):"DH"; |
| 953 | break; | 1132 | break; |
| 1133 | case SSL_kECDH: | ||
| 1134 | case SSL_kECDHE: | ||
| 1135 | kx=is_export?"ECDH(<=163)":"ECDH"; | ||
| 1136 | break; | ||
| 954 | default: | 1137 | default: |
| 955 | kx="unknown"; | 1138 | kx="unknown"; |
| 956 | } | 1139 | } |
| @@ -974,6 +1157,9 @@ char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int len) | |||
| 974 | case SSL_aNULL: | 1157 | case SSL_aNULL: |
| 975 | au="None"; | 1158 | au="None"; |
| 976 | break; | 1159 | break; |
| 1160 | case SSL_aECDSA: | ||
| 1161 | au="ECDSA"; | ||
| 1162 | break; | ||
| 977 | default: | 1163 | default: |
| 978 | au="unknown"; | 1164 | au="unknown"; |
| 979 | break; | 1165 | break; |
| @@ -1012,6 +1198,18 @@ char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int len) | |||
| 1012 | default: enc="AES(?""?""?)"; break; | 1198 | default: enc="AES(?""?""?)"; break; |
| 1013 | } | 1199 | } |
| 1014 | break; | 1200 | break; |
| 1201 | case SSL_CAMELLIA: | ||
| 1202 | switch(cipher->strength_bits) | ||
| 1203 | { | ||
| 1204 | case 128: enc="Camellia(128)"; break; | ||
| 1205 | case 256: enc="Camellia(256)"; break; | ||
| 1206 | default: enc="Camellia(?""?""?)"; break; | ||
| 1207 | } | ||
| 1208 | break; | ||
| 1209 | case SSL_SEED: | ||
| 1210 | enc="SEED(128)"; | ||
| 1211 | break; | ||
| 1212 | |||
| 1015 | default: | 1213 | default: |
| 1016 | enc="unknown"; | 1214 | enc="unknown"; |
| 1017 | break; | 1215 | break; |
| @@ -1098,35 +1296,63 @@ SSL_COMP *ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n) | |||
| 1098 | return(NULL); | 1296 | return(NULL); |
| 1099 | } | 1297 | } |
| 1100 | 1298 | ||
| 1101 | static int sk_comp_cmp(const SSL_COMP * const *a, | 1299 | #ifdef OPENSSL_NO_COMP |
| 1102 | const SSL_COMP * const *b) | 1300 | void *SSL_COMP_get_compression_methods(void) |
| 1103 | { | 1301 | { |
| 1104 | return((*a)->id-(*b)->id); | 1302 | return NULL; |
| 1303 | } | ||
| 1304 | int SSL_COMP_add_compression_method(int id, void *cm) | ||
| 1305 | { | ||
| 1306 | return 1; | ||
| 1105 | } | 1307 | } |
| 1106 | 1308 | ||
| 1309 | const char *SSL_COMP_get_name(const void *comp) | ||
| 1310 | { | ||
| 1311 | return NULL; | ||
| 1312 | } | ||
| 1313 | #else | ||
| 1107 | STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void) | 1314 | STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void) |
| 1108 | { | 1315 | { |
| 1316 | load_builtin_compressions(); | ||
| 1109 | return(ssl_comp_methods); | 1317 | return(ssl_comp_methods); |
| 1110 | } | 1318 | } |
| 1111 | 1319 | ||
| 1112 | int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm) | 1320 | int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm) |
| 1113 | { | 1321 | { |
| 1114 | SSL_COMP *comp; | 1322 | SSL_COMP *comp; |
| 1115 | STACK_OF(SSL_COMP) *sk; | ||
| 1116 | 1323 | ||
| 1117 | if (cm == NULL || cm->type == NID_undef) | 1324 | if (cm == NULL || cm->type == NID_undef) |
| 1118 | return 1; | 1325 | return 1; |
| 1119 | 1326 | ||
| 1327 | /* According to draft-ietf-tls-compression-04.txt, the | ||
| 1328 | compression number ranges should be the following: | ||
| 1329 | |||
| 1330 | 0 to 63: methods defined by the IETF | ||
| 1331 | 64 to 192: external party methods assigned by IANA | ||
| 1332 | 193 to 255: reserved for private use */ | ||
| 1333 | if (id < 193 || id > 255) | ||
| 1334 | { | ||
| 1335 | SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE); | ||
| 1336 | return 0; | ||
| 1337 | } | ||
| 1338 | |||
| 1120 | MemCheck_off(); | 1339 | MemCheck_off(); |
| 1121 | comp=(SSL_COMP *)OPENSSL_malloc(sizeof(SSL_COMP)); | 1340 | comp=(SSL_COMP *)OPENSSL_malloc(sizeof(SSL_COMP)); |
| 1122 | comp->id=id; | 1341 | comp->id=id; |
| 1123 | comp->method=cm; | 1342 | comp->method=cm; |
| 1124 | if (ssl_comp_methods == NULL) | 1343 | load_builtin_compressions(); |
| 1125 | sk=ssl_comp_methods=sk_SSL_COMP_new(sk_comp_cmp); | 1344 | if (ssl_comp_methods |
| 1126 | else | 1345 | && !sk_SSL_COMP_find(ssl_comp_methods,comp)) |
| 1127 | sk=ssl_comp_methods; | ||
| 1128 | if ((sk == NULL) || !sk_SSL_COMP_push(sk,comp)) | ||
| 1129 | { | 1346 | { |
| 1347 | OPENSSL_free(comp); | ||
| 1348 | MemCheck_on(); | ||
| 1349 | SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,SSL_R_DUPLICATE_COMPRESSION_ID); | ||
| 1350 | return(1); | ||
| 1351 | } | ||
| 1352 | else if ((ssl_comp_methods == NULL) | ||
| 1353 | || !sk_SSL_COMP_push(ssl_comp_methods,comp)) | ||
| 1354 | { | ||
| 1355 | OPENSSL_free(comp); | ||
| 1130 | MemCheck_on(); | 1356 | MemCheck_on(); |
| 1131 | SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,ERR_R_MALLOC_FAILURE); | 1357 | SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,ERR_R_MALLOC_FAILURE); |
| 1132 | return(1); | 1358 | return(1); |
| @@ -1137,3 +1363,12 @@ int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm) | |||
| 1137 | return(0); | 1363 | return(0); |
| 1138 | } | 1364 | } |
| 1139 | } | 1365 | } |
| 1366 | |||
| 1367 | const char *SSL_COMP_get_name(const COMP_METHOD *comp) | ||
| 1368 | { | ||
| 1369 | if (comp) | ||
| 1370 | return comp->name; | ||
| 1371 | return NULL; | ||
| 1372 | } | ||
| 1373 | |||
| 1374 | #endif | ||
diff --git a/src/lib/libssl/src/ssl/ssl_err.c b/src/lib/libssl/src/ssl/ssl_err.c index 4bcf591298..50779c1632 100644 --- a/src/lib/libssl/src/ssl/ssl_err.c +++ b/src/lib/libssl/src/ssl/ssl_err.c | |||
| @@ -1,6 +1,6 @@ | |||
| 1 | /* ssl/ssl_err.c */ | 1 | /* ssl/ssl_err.c */ |
| 2 | /* ==================================================================== | 2 | /* ==================================================================== |
| 3 | * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved. | 3 | * Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved. |
| 4 | * | 4 | * |
| 5 | * Redistribution and use in source and binary forms, with or without | 5 | * Redistribution and use in source and binary forms, with or without |
| 6 | * modification, are permitted provided that the following conditions | 6 | * modification, are permitted provided that the following conditions |
| @@ -75,7 +75,32 @@ static ERR_STRING_DATA SSL_str_functs[]= | |||
| 75 | {ERR_FUNC(SSL_F_CLIENT_HELLO), "CLIENT_HELLO"}, | 75 | {ERR_FUNC(SSL_F_CLIENT_HELLO), "CLIENT_HELLO"}, |
| 76 | {ERR_FUNC(SSL_F_CLIENT_MASTER_KEY), "CLIENT_MASTER_KEY"}, | 76 | {ERR_FUNC(SSL_F_CLIENT_MASTER_KEY), "CLIENT_MASTER_KEY"}, |
| 77 | {ERR_FUNC(SSL_F_D2I_SSL_SESSION), "d2i_SSL_SESSION"}, | 77 | {ERR_FUNC(SSL_F_D2I_SSL_SESSION), "d2i_SSL_SESSION"}, |
| 78 | {ERR_FUNC(SSL_F_DO_DTLS1_WRITE), "DO_DTLS1_WRITE"}, | ||
| 78 | {ERR_FUNC(SSL_F_DO_SSL3_WRITE), "DO_SSL3_WRITE"}, | 79 | {ERR_FUNC(SSL_F_DO_SSL3_WRITE), "DO_SSL3_WRITE"}, |
| 80 | {ERR_FUNC(SSL_F_DTLS1_ACCEPT), "DTLS1_ACCEPT"}, | ||
| 81 | {ERR_FUNC(SSL_F_DTLS1_BUFFER_RECORD), "DTLS1_BUFFER_RECORD"}, | ||
| 82 | {ERR_FUNC(SSL_F_DTLS1_CLIENT_HELLO), "DTLS1_CLIENT_HELLO"}, | ||
| 83 | {ERR_FUNC(SSL_F_DTLS1_CONNECT), "DTLS1_CONNECT"}, | ||
| 84 | {ERR_FUNC(SSL_F_DTLS1_ENC), "DTLS1_ENC"}, | ||
| 85 | {ERR_FUNC(SSL_F_DTLS1_GET_HELLO_VERIFY), "DTLS1_GET_HELLO_VERIFY"}, | ||
| 86 | {ERR_FUNC(SSL_F_DTLS1_GET_MESSAGE), "DTLS1_GET_MESSAGE"}, | ||
| 87 | {ERR_FUNC(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT), "DTLS1_GET_MESSAGE_FRAGMENT"}, | ||
| 88 | {ERR_FUNC(SSL_F_DTLS1_GET_RECORD), "DTLS1_GET_RECORD"}, | ||
| 89 | {ERR_FUNC(SSL_F_DTLS1_OUTPUT_CERT_CHAIN), "DTLS1_OUTPUT_CERT_CHAIN"}, | ||
| 90 | {ERR_FUNC(SSL_F_DTLS1_PREPROCESS_FRAGMENT), "DTLS1_PREPROCESS_FRAGMENT"}, | ||
| 91 | {ERR_FUNC(SSL_F_DTLS1_PROCESS_OUT_OF_SEQ_MESSAGE), "DTLS1_PROCESS_OUT_OF_SEQ_MESSAGE"}, | ||
| 92 | {ERR_FUNC(SSL_F_DTLS1_PROCESS_RECORD), "DTLS1_PROCESS_RECORD"}, | ||
| 93 | {ERR_FUNC(SSL_F_DTLS1_READ_BYTES), "DTLS1_READ_BYTES"}, | ||
| 94 | {ERR_FUNC(SSL_F_DTLS1_READ_FAILED), "DTLS1_READ_FAILED"}, | ||
| 95 | {ERR_FUNC(SSL_F_DTLS1_SEND_CERTIFICATE_REQUEST), "DTLS1_SEND_CERTIFICATE_REQUEST"}, | ||
| 96 | {ERR_FUNC(SSL_F_DTLS1_SEND_CLIENT_CERTIFICATE), "DTLS1_SEND_CLIENT_CERTIFICATE"}, | ||
| 97 | {ERR_FUNC(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE), "DTLS1_SEND_CLIENT_KEY_EXCHANGE"}, | ||
| 98 | {ERR_FUNC(SSL_F_DTLS1_SEND_CLIENT_VERIFY), "DTLS1_SEND_CLIENT_VERIFY"}, | ||
| 99 | {ERR_FUNC(SSL_F_DTLS1_SEND_HELLO_VERIFY_REQUEST), "DTLS1_SEND_HELLO_VERIFY_REQUEST"}, | ||
| 100 | {ERR_FUNC(SSL_F_DTLS1_SEND_SERVER_CERTIFICATE), "DTLS1_SEND_SERVER_CERTIFICATE"}, | ||
| 101 | {ERR_FUNC(SSL_F_DTLS1_SEND_SERVER_HELLO), "DTLS1_SEND_SERVER_HELLO"}, | ||
| 102 | {ERR_FUNC(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE), "DTLS1_SEND_SERVER_KEY_EXCHANGE"}, | ||
| 103 | {ERR_FUNC(SSL_F_DTLS1_WRITE_APP_DATA_BYTES), "DTLS1_WRITE_APP_DATA_BYTES"}, | ||
| 79 | {ERR_FUNC(SSL_F_GET_CLIENT_FINISHED), "GET_CLIENT_FINISHED"}, | 104 | {ERR_FUNC(SSL_F_GET_CLIENT_FINISHED), "GET_CLIENT_FINISHED"}, |
| 80 | {ERR_FUNC(SSL_F_GET_CLIENT_HELLO), "GET_CLIENT_HELLO"}, | 105 | {ERR_FUNC(SSL_F_GET_CLIENT_HELLO), "GET_CLIENT_HELLO"}, |
| 81 | {ERR_FUNC(SSL_F_GET_CLIENT_MASTER_KEY), "GET_CLIENT_MASTER_KEY"}, | 106 | {ERR_FUNC(SSL_F_GET_CLIENT_MASTER_KEY), "GET_CLIENT_MASTER_KEY"}, |
| @@ -116,6 +141,7 @@ static ERR_STRING_DATA SSL_str_functs[]= | |||
| 116 | {ERR_FUNC(SSL_F_SSL3_ENC), "SSL3_ENC"}, | 141 | {ERR_FUNC(SSL_F_SSL3_ENC), "SSL3_ENC"}, |
| 117 | {ERR_FUNC(SSL_F_SSL3_GENERATE_KEY_BLOCK), "SSL3_GENERATE_KEY_BLOCK"}, | 142 | {ERR_FUNC(SSL_F_SSL3_GENERATE_KEY_BLOCK), "SSL3_GENERATE_KEY_BLOCK"}, |
| 118 | {ERR_FUNC(SSL_F_SSL3_GET_CERTIFICATE_REQUEST), "SSL3_GET_CERTIFICATE_REQUEST"}, | 143 | {ERR_FUNC(SSL_F_SSL3_GET_CERTIFICATE_REQUEST), "SSL3_GET_CERTIFICATE_REQUEST"}, |
| 144 | {ERR_FUNC(SSL_F_SSL3_GET_CERT_STATUS), "SSL3_GET_CERT_STATUS"}, | ||
| 119 | {ERR_FUNC(SSL_F_SSL3_GET_CERT_VERIFY), "SSL3_GET_CERT_VERIFY"}, | 145 | {ERR_FUNC(SSL_F_SSL3_GET_CERT_VERIFY), "SSL3_GET_CERT_VERIFY"}, |
| 120 | {ERR_FUNC(SSL_F_SSL3_GET_CLIENT_CERTIFICATE), "SSL3_GET_CLIENT_CERTIFICATE"}, | 146 | {ERR_FUNC(SSL_F_SSL3_GET_CLIENT_CERTIFICATE), "SSL3_GET_CLIENT_CERTIFICATE"}, |
| 121 | {ERR_FUNC(SSL_F_SSL3_GET_CLIENT_HELLO), "SSL3_GET_CLIENT_HELLO"}, | 147 | {ERR_FUNC(SSL_F_SSL3_GET_CLIENT_HELLO), "SSL3_GET_CLIENT_HELLO"}, |
| @@ -123,10 +149,12 @@ static ERR_STRING_DATA SSL_str_functs[]= | |||
| 123 | {ERR_FUNC(SSL_F_SSL3_GET_FINISHED), "SSL3_GET_FINISHED"}, | 149 | {ERR_FUNC(SSL_F_SSL3_GET_FINISHED), "SSL3_GET_FINISHED"}, |
| 124 | {ERR_FUNC(SSL_F_SSL3_GET_KEY_EXCHANGE), "SSL3_GET_KEY_EXCHANGE"}, | 150 | {ERR_FUNC(SSL_F_SSL3_GET_KEY_EXCHANGE), "SSL3_GET_KEY_EXCHANGE"}, |
| 125 | {ERR_FUNC(SSL_F_SSL3_GET_MESSAGE), "SSL3_GET_MESSAGE"}, | 151 | {ERR_FUNC(SSL_F_SSL3_GET_MESSAGE), "SSL3_GET_MESSAGE"}, |
| 152 | {ERR_FUNC(SSL_F_SSL3_GET_NEW_SESSION_TICKET), "SSL3_GET_NEW_SESSION_TICKET"}, | ||
| 126 | {ERR_FUNC(SSL_F_SSL3_GET_RECORD), "SSL3_GET_RECORD"}, | 153 | {ERR_FUNC(SSL_F_SSL3_GET_RECORD), "SSL3_GET_RECORD"}, |
| 127 | {ERR_FUNC(SSL_F_SSL3_GET_SERVER_CERTIFICATE), "SSL3_GET_SERVER_CERTIFICATE"}, | 154 | {ERR_FUNC(SSL_F_SSL3_GET_SERVER_CERTIFICATE), "SSL3_GET_SERVER_CERTIFICATE"}, |
| 128 | {ERR_FUNC(SSL_F_SSL3_GET_SERVER_DONE), "SSL3_GET_SERVER_DONE"}, | 155 | {ERR_FUNC(SSL_F_SSL3_GET_SERVER_DONE), "SSL3_GET_SERVER_DONE"}, |
| 129 | {ERR_FUNC(SSL_F_SSL3_GET_SERVER_HELLO), "SSL3_GET_SERVER_HELLO"}, | 156 | {ERR_FUNC(SSL_F_SSL3_GET_SERVER_HELLO), "SSL3_GET_SERVER_HELLO"}, |
| 157 | {ERR_FUNC(SSL_F_SSL3_NEW_SESSION_TICKET), "SSL3_NEW_SESSION_TICKET"}, | ||
| 130 | {ERR_FUNC(SSL_F_SSL3_OUTPUT_CERT_CHAIN), "SSL3_OUTPUT_CERT_CHAIN"}, | 158 | {ERR_FUNC(SSL_F_SSL3_OUTPUT_CERT_CHAIN), "SSL3_OUTPUT_CERT_CHAIN"}, |
| 131 | {ERR_FUNC(SSL_F_SSL3_PEEK), "SSL3_PEEK"}, | 159 | {ERR_FUNC(SSL_F_SSL3_PEEK), "SSL3_PEEK"}, |
| 132 | {ERR_FUNC(SSL_F_SSL3_READ_BYTES), "SSL3_READ_BYTES"}, | 160 | {ERR_FUNC(SSL_F_SSL3_READ_BYTES), "SSL3_READ_BYTES"}, |
| @@ -142,8 +170,10 @@ static ERR_STRING_DATA SSL_str_functs[]= | |||
| 142 | {ERR_FUNC(SSL_F_SSL3_SETUP_KEY_BLOCK), "SSL3_SETUP_KEY_BLOCK"}, | 170 | {ERR_FUNC(SSL_F_SSL3_SETUP_KEY_BLOCK), "SSL3_SETUP_KEY_BLOCK"}, |
| 143 | {ERR_FUNC(SSL_F_SSL3_WRITE_BYTES), "SSL3_WRITE_BYTES"}, | 171 | {ERR_FUNC(SSL_F_SSL3_WRITE_BYTES), "SSL3_WRITE_BYTES"}, |
| 144 | {ERR_FUNC(SSL_F_SSL3_WRITE_PENDING), "SSL3_WRITE_PENDING"}, | 172 | {ERR_FUNC(SSL_F_SSL3_WRITE_PENDING), "SSL3_WRITE_PENDING"}, |
| 173 | {ERR_FUNC(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT), "SSL_ADD_CLIENTHELLO_TLSEXT"}, | ||
| 145 | {ERR_FUNC(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK), "SSL_add_dir_cert_subjects_to_stack"}, | 174 | {ERR_FUNC(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK), "SSL_add_dir_cert_subjects_to_stack"}, |
| 146 | {ERR_FUNC(SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK), "SSL_add_file_cert_subjects_to_stack"}, | 175 | {ERR_FUNC(SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK), "SSL_add_file_cert_subjects_to_stack"}, |
| 176 | {ERR_FUNC(SSL_F_SSL_ADD_SERVERHELLO_TLSEXT), "SSL_ADD_SERVERHELLO_TLSEXT"}, | ||
| 147 | {ERR_FUNC(SSL_F_SSL_BAD_METHOD), "SSL_BAD_METHOD"}, | 177 | {ERR_FUNC(SSL_F_SSL_BAD_METHOD), "SSL_BAD_METHOD"}, |
| 148 | {ERR_FUNC(SSL_F_SSL_BYTES_TO_CIPHER_LIST), "SSL_BYTES_TO_CIPHER_LIST"}, | 178 | {ERR_FUNC(SSL_F_SSL_BYTES_TO_CIPHER_LIST), "SSL_BYTES_TO_CIPHER_LIST"}, |
| 149 | {ERR_FUNC(SSL_F_SSL_CERT_DUP), "SSL_CERT_DUP"}, | 179 | {ERR_FUNC(SSL_F_SSL_CERT_DUP), "SSL_CERT_DUP"}, |
| @@ -151,6 +181,7 @@ static ERR_STRING_DATA SSL_str_functs[]= | |||
| 151 | {ERR_FUNC(SSL_F_SSL_CERT_INSTANTIATE), "SSL_CERT_INSTANTIATE"}, | 181 | {ERR_FUNC(SSL_F_SSL_CERT_INSTANTIATE), "SSL_CERT_INSTANTIATE"}, |
| 152 | {ERR_FUNC(SSL_F_SSL_CERT_NEW), "SSL_CERT_NEW"}, | 182 | {ERR_FUNC(SSL_F_SSL_CERT_NEW), "SSL_CERT_NEW"}, |
| 153 | {ERR_FUNC(SSL_F_SSL_CHECK_PRIVATE_KEY), "SSL_check_private_key"}, | 183 | {ERR_FUNC(SSL_F_SSL_CHECK_PRIVATE_KEY), "SSL_check_private_key"}, |
| 184 | {ERR_FUNC(SSL_F_SSL_CHECK_SERVERHELLO_TLSEXT), "SSL_CHECK_SERVERHELLO_TLSEXT"}, | ||
| 154 | {ERR_FUNC(SSL_F_SSL_CIPHER_PROCESS_RULESTR), "SSL_CIPHER_PROCESS_RULESTR"}, | 185 | {ERR_FUNC(SSL_F_SSL_CIPHER_PROCESS_RULESTR), "SSL_CIPHER_PROCESS_RULESTR"}, |
| 155 | {ERR_FUNC(SSL_F_SSL_CIPHER_STRENGTH_SORT), "SSL_CIPHER_STRENGTH_SORT"}, | 186 | {ERR_FUNC(SSL_F_SSL_CIPHER_STRENGTH_SORT), "SSL_CIPHER_STRENGTH_SORT"}, |
| 156 | {ERR_FUNC(SSL_F_SSL_CLEAR), "SSL_clear"}, | 187 | {ERR_FUNC(SSL_F_SSL_CLEAR), "SSL_clear"}, |
| @@ -182,6 +213,9 @@ static ERR_STRING_DATA SSL_str_functs[]= | |||
| 182 | {ERR_FUNC(SSL_F_SSL_INIT_WBIO_BUFFER), "SSL_INIT_WBIO_BUFFER"}, | 213 | {ERR_FUNC(SSL_F_SSL_INIT_WBIO_BUFFER), "SSL_INIT_WBIO_BUFFER"}, |
| 183 | {ERR_FUNC(SSL_F_SSL_LOAD_CLIENT_CA_FILE), "SSL_load_client_CA_file"}, | 214 | {ERR_FUNC(SSL_F_SSL_LOAD_CLIENT_CA_FILE), "SSL_load_client_CA_file"}, |
| 184 | {ERR_FUNC(SSL_F_SSL_NEW), "SSL_new"}, | 215 | {ERR_FUNC(SSL_F_SSL_NEW), "SSL_new"}, |
| 216 | {ERR_FUNC(SSL_F_SSL_PEEK), "SSL_peek"}, | ||
| 217 | {ERR_FUNC(SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT), "SSL_PREPARE_CLIENTHELLO_TLSEXT"}, | ||
| 218 | {ERR_FUNC(SSL_F_SSL_PREPARE_SERVERHELLO_TLSEXT), "SSL_PREPARE_SERVERHELLO_TLSEXT"}, | ||
| 185 | {ERR_FUNC(SSL_F_SSL_READ), "SSL_read"}, | 219 | {ERR_FUNC(SSL_F_SSL_READ), "SSL_read"}, |
| 186 | {ERR_FUNC(SSL_F_SSL_RSA_PRIVATE_DECRYPT), "SSL_RSA_PRIVATE_DECRYPT"}, | 220 | {ERR_FUNC(SSL_F_SSL_RSA_PRIVATE_DECRYPT), "SSL_RSA_PRIVATE_DECRYPT"}, |
| 187 | {ERR_FUNC(SSL_F_SSL_RSA_PUBLIC_ENCRYPT), "SSL_RSA_PUBLIC_ENCRYPT"}, | 221 | {ERR_FUNC(SSL_F_SSL_RSA_PUBLIC_ENCRYPT), "SSL_RSA_PUBLIC_ENCRYPT"}, |
| @@ -201,6 +235,7 @@ static ERR_STRING_DATA SSL_str_functs[]= | |||
| 201 | {ERR_FUNC(SSL_F_SSL_SHUTDOWN), "SSL_shutdown"}, | 235 | {ERR_FUNC(SSL_F_SSL_SHUTDOWN), "SSL_shutdown"}, |
| 202 | {ERR_FUNC(SSL_F_SSL_UNDEFINED_CONST_FUNCTION), "SSL_UNDEFINED_CONST_FUNCTION"}, | 236 | {ERR_FUNC(SSL_F_SSL_UNDEFINED_CONST_FUNCTION), "SSL_UNDEFINED_CONST_FUNCTION"}, |
| 203 | {ERR_FUNC(SSL_F_SSL_UNDEFINED_FUNCTION), "SSL_UNDEFINED_FUNCTION"}, | 237 | {ERR_FUNC(SSL_F_SSL_UNDEFINED_FUNCTION), "SSL_UNDEFINED_FUNCTION"}, |
| 238 | {ERR_FUNC(SSL_F_SSL_UNDEFINED_VOID_FUNCTION), "SSL_UNDEFINED_VOID_FUNCTION"}, | ||
| 204 | {ERR_FUNC(SSL_F_SSL_USE_CERTIFICATE), "SSL_use_certificate"}, | 239 | {ERR_FUNC(SSL_F_SSL_USE_CERTIFICATE), "SSL_use_certificate"}, |
| 205 | {ERR_FUNC(SSL_F_SSL_USE_CERTIFICATE_ASN1), "SSL_use_certificate_ASN1"}, | 240 | {ERR_FUNC(SSL_F_SSL_USE_CERTIFICATE_ASN1), "SSL_use_certificate_ASN1"}, |
| 206 | {ERR_FUNC(SSL_F_SSL_USE_CERTIFICATE_FILE), "SSL_use_certificate_file"}, | 241 | {ERR_FUNC(SSL_F_SSL_USE_CERTIFICATE_FILE), "SSL_use_certificate_file"}, |
| @@ -234,6 +269,9 @@ static ERR_STRING_DATA SSL_str_reasons[]= | |||
| 234 | {ERR_REASON(SSL_R_BAD_DH_P_LENGTH) ,"bad dh p length"}, | 269 | {ERR_REASON(SSL_R_BAD_DH_P_LENGTH) ,"bad dh p length"}, |
| 235 | {ERR_REASON(SSL_R_BAD_DIGEST_LENGTH) ,"bad digest length"}, | 270 | {ERR_REASON(SSL_R_BAD_DIGEST_LENGTH) ,"bad digest length"}, |
| 236 | {ERR_REASON(SSL_R_BAD_DSA_SIGNATURE) ,"bad dsa signature"}, | 271 | {ERR_REASON(SSL_R_BAD_DSA_SIGNATURE) ,"bad dsa signature"}, |
| 272 | {ERR_REASON(SSL_R_BAD_ECC_CERT) ,"bad ecc cert"}, | ||
| 273 | {ERR_REASON(SSL_R_BAD_ECDSA_SIGNATURE) ,"bad ecdsa signature"}, | ||
| 274 | {ERR_REASON(SSL_R_BAD_ECPOINT) ,"bad ecpoint"}, | ||
| 237 | {ERR_REASON(SSL_R_BAD_HELLO_REQUEST) ,"bad hello request"}, | 275 | {ERR_REASON(SSL_R_BAD_HELLO_REQUEST) ,"bad hello request"}, |
| 238 | {ERR_REASON(SSL_R_BAD_LENGTH) ,"bad length"}, | 276 | {ERR_REASON(SSL_R_BAD_LENGTH) ,"bad length"}, |
| 239 | {ERR_REASON(SSL_R_BAD_MAC_DECODE) ,"bad mac decode"}, | 277 | {ERR_REASON(SSL_R_BAD_MAC_DECODE) ,"bad mac decode"}, |
| @@ -263,17 +301,22 @@ static ERR_STRING_DATA SSL_str_reasons[]= | |||
| 263 | {ERR_REASON(SSL_R_CIPHER_CODE_WRONG_LENGTH),"cipher code wrong length"}, | 301 | {ERR_REASON(SSL_R_CIPHER_CODE_WRONG_LENGTH),"cipher code wrong length"}, |
| 264 | {ERR_REASON(SSL_R_CIPHER_OR_HASH_UNAVAILABLE),"cipher or hash unavailable"}, | 302 | {ERR_REASON(SSL_R_CIPHER_OR_HASH_UNAVAILABLE),"cipher or hash unavailable"}, |
| 265 | {ERR_REASON(SSL_R_CIPHER_TABLE_SRC_ERROR),"cipher table src error"}, | 303 | {ERR_REASON(SSL_R_CIPHER_TABLE_SRC_ERROR),"cipher table src error"}, |
| 304 | {ERR_REASON(SSL_R_CLIENTHELLO_TLSEXT) ,"clienthello tlsext"}, | ||
| 266 | {ERR_REASON(SSL_R_COMPRESSED_LENGTH_TOO_LONG),"compressed length too long"}, | 305 | {ERR_REASON(SSL_R_COMPRESSED_LENGTH_TOO_LONG),"compressed length too long"}, |
| 267 | {ERR_REASON(SSL_R_COMPRESSION_FAILURE) ,"compression failure"}, | 306 | {ERR_REASON(SSL_R_COMPRESSION_FAILURE) ,"compression failure"}, |
| 307 | {ERR_REASON(SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE),"compression id not within private range"}, | ||
| 268 | {ERR_REASON(SSL_R_COMPRESSION_LIBRARY_ERROR),"compression library error"}, | 308 | {ERR_REASON(SSL_R_COMPRESSION_LIBRARY_ERROR),"compression library error"}, |
| 269 | {ERR_REASON(SSL_R_CONNECTION_ID_IS_DIFFERENT),"connection id is different"}, | 309 | {ERR_REASON(SSL_R_CONNECTION_ID_IS_DIFFERENT),"connection id is different"}, |
| 270 | {ERR_REASON(SSL_R_CONNECTION_TYPE_NOT_SET),"connection type not set"}, | 310 | {ERR_REASON(SSL_R_CONNECTION_TYPE_NOT_SET),"connection type not set"}, |
| 311 | {ERR_REASON(SSL_R_COOKIE_MISMATCH) ,"cookie mismatch"}, | ||
| 271 | {ERR_REASON(SSL_R_DATA_BETWEEN_CCS_AND_FINISHED),"data between ccs and finished"}, | 312 | {ERR_REASON(SSL_R_DATA_BETWEEN_CCS_AND_FINISHED),"data between ccs and finished"}, |
| 272 | {ERR_REASON(SSL_R_DATA_LENGTH_TOO_LONG) ,"data length too long"}, | 313 | {ERR_REASON(SSL_R_DATA_LENGTH_TOO_LONG) ,"data length too long"}, |
| 273 | {ERR_REASON(SSL_R_DECRYPTION_FAILED) ,"decryption failed"}, | 314 | {ERR_REASON(SSL_R_DECRYPTION_FAILED) ,"decryption failed"}, |
| 274 | {ERR_REASON(SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC),"decryption failed or bad record mac"}, | 315 | {ERR_REASON(SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC),"decryption failed or bad record mac"}, |
| 275 | {ERR_REASON(SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG),"dh public value length is wrong"}, | 316 | {ERR_REASON(SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG),"dh public value length is wrong"}, |
| 276 | {ERR_REASON(SSL_R_DIGEST_CHECK_FAILED) ,"digest check failed"}, | 317 | {ERR_REASON(SSL_R_DIGEST_CHECK_FAILED) ,"digest check failed"}, |
| 318 | {ERR_REASON(SSL_R_DUPLICATE_COMPRESSION_ID),"duplicate compression id"}, | ||
| 319 | {ERR_REASON(SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER),"ecgroup too large for cipher"}, | ||
| 277 | {ERR_REASON(SSL_R_ENCRYPTED_LENGTH_TOO_LONG),"encrypted length too long"}, | 320 | {ERR_REASON(SSL_R_ENCRYPTED_LENGTH_TOO_LONG),"encrypted length too long"}, |
| 278 | {ERR_REASON(SSL_R_ERROR_GENERATING_TMP_RSA_KEY),"error generating tmp rsa key"}, | 321 | {ERR_REASON(SSL_R_ERROR_GENERATING_TMP_RSA_KEY),"error generating tmp rsa key"}, |
| 279 | {ERR_REASON(SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST),"error in received cipher list"}, | 322 | {ERR_REASON(SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST),"error in received cipher list"}, |
| @@ -286,6 +329,8 @@ static ERR_STRING_DATA SSL_str_reasons[]= | |||
| 286 | {ERR_REASON(SSL_R_INVALID_CHALLENGE_LENGTH),"invalid challenge length"}, | 329 | {ERR_REASON(SSL_R_INVALID_CHALLENGE_LENGTH),"invalid challenge length"}, |
| 287 | {ERR_REASON(SSL_R_INVALID_COMMAND) ,"invalid command"}, | 330 | {ERR_REASON(SSL_R_INVALID_COMMAND) ,"invalid command"}, |
| 288 | {ERR_REASON(SSL_R_INVALID_PURPOSE) ,"invalid purpose"}, | 331 | {ERR_REASON(SSL_R_INVALID_PURPOSE) ,"invalid purpose"}, |
| 332 | {ERR_REASON(SSL_R_INVALID_STATUS_RESPONSE),"invalid status response"}, | ||
| 333 | {ERR_REASON(SSL_R_INVALID_TICKET_KEYS_LENGTH),"invalid ticket keys length"}, | ||
| 289 | {ERR_REASON(SSL_R_INVALID_TRUST) ,"invalid trust"}, | 334 | {ERR_REASON(SSL_R_INVALID_TRUST) ,"invalid trust"}, |
| 290 | {ERR_REASON(SSL_R_KEY_ARG_TOO_LONG) ,"key arg too long"}, | 335 | {ERR_REASON(SSL_R_KEY_ARG_TOO_LONG) ,"key arg too long"}, |
| 291 | {ERR_REASON(SSL_R_KRB5) ,"krb5"}, | 336 | {ERR_REASON(SSL_R_KRB5) ,"krb5"}, |
| @@ -314,6 +359,7 @@ static ERR_STRING_DATA SSL_str_reasons[]= | |||
| 314 | {ERR_REASON(SSL_R_MISSING_RSA_ENCRYPTING_CERT),"missing rsa encrypting cert"}, | 359 | {ERR_REASON(SSL_R_MISSING_RSA_ENCRYPTING_CERT),"missing rsa encrypting cert"}, |
| 315 | {ERR_REASON(SSL_R_MISSING_RSA_SIGNING_CERT),"missing rsa signing cert"}, | 360 | {ERR_REASON(SSL_R_MISSING_RSA_SIGNING_CERT),"missing rsa signing cert"}, |
| 316 | {ERR_REASON(SSL_R_MISSING_TMP_DH_KEY) ,"missing tmp dh key"}, | 361 | {ERR_REASON(SSL_R_MISSING_TMP_DH_KEY) ,"missing tmp dh key"}, |
| 362 | {ERR_REASON(SSL_R_MISSING_TMP_ECDH_KEY) ,"missing tmp ecdh key"}, | ||
| 317 | {ERR_REASON(SSL_R_MISSING_TMP_RSA_KEY) ,"missing tmp rsa key"}, | 363 | {ERR_REASON(SSL_R_MISSING_TMP_RSA_KEY) ,"missing tmp rsa key"}, |
| 318 | {ERR_REASON(SSL_R_MISSING_TMP_RSA_PKEY) ,"missing tmp rsa pkey"}, | 364 | {ERR_REASON(SSL_R_MISSING_TMP_RSA_PKEY) ,"missing tmp rsa pkey"}, |
| 319 | {ERR_REASON(SSL_R_MISSING_VERIFY_MESSAGE),"missing verify message"}, | 365 | {ERR_REASON(SSL_R_MISSING_VERIFY_MESSAGE),"missing verify message"}, |
| @@ -342,6 +388,7 @@ static ERR_STRING_DATA SSL_str_reasons[]= | |||
| 342 | {ERR_REASON(SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED),"old session cipher not returned"}, | 388 | {ERR_REASON(SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED),"old session cipher not returned"}, |
| 343 | {ERR_REASON(SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE),"only tls allowed in fips mode"}, | 389 | {ERR_REASON(SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE),"only tls allowed in fips mode"}, |
| 344 | {ERR_REASON(SSL_R_PACKET_LENGTH_TOO_LONG),"packet length too long"}, | 390 | {ERR_REASON(SSL_R_PACKET_LENGTH_TOO_LONG),"packet length too long"}, |
| 391 | {ERR_REASON(SSL_R_PARSE_TLSEXT) ,"parse tlsext"}, | ||
| 345 | {ERR_REASON(SSL_R_PATH_TOO_LONG) ,"path too long"}, | 392 | {ERR_REASON(SSL_R_PATH_TOO_LONG) ,"path too long"}, |
| 346 | {ERR_REASON(SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE),"peer did not return a certificate"}, | 393 | {ERR_REASON(SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE),"peer did not return a certificate"}, |
| 347 | {ERR_REASON(SSL_R_PEER_ERROR) ,"peer error"}, | 394 | {ERR_REASON(SSL_R_PEER_ERROR) ,"peer error"}, |
| @@ -356,6 +403,7 @@ static ERR_STRING_DATA SSL_str_reasons[]= | |||
| 356 | {ERR_REASON(SSL_R_PUBLIC_KEY_IS_NOT_RSA) ,"public key is not rsa"}, | 403 | {ERR_REASON(SSL_R_PUBLIC_KEY_IS_NOT_RSA) ,"public key is not rsa"}, |
| 357 | {ERR_REASON(SSL_R_PUBLIC_KEY_NOT_RSA) ,"public key not rsa"}, | 404 | {ERR_REASON(SSL_R_PUBLIC_KEY_NOT_RSA) ,"public key not rsa"}, |
| 358 | {ERR_REASON(SSL_R_READ_BIO_NOT_SET) ,"read bio not set"}, | 405 | {ERR_REASON(SSL_R_READ_BIO_NOT_SET) ,"read bio not set"}, |
| 406 | {ERR_REASON(SSL_R_READ_TIMEOUT_EXPIRED) ,"read timeout expired"}, | ||
| 359 | {ERR_REASON(SSL_R_READ_WRONG_PACKET_TYPE),"read wrong packet type"}, | 407 | {ERR_REASON(SSL_R_READ_WRONG_PACKET_TYPE),"read wrong packet type"}, |
| 360 | {ERR_REASON(SSL_R_RECORD_LENGTH_MISMATCH),"record length mismatch"}, | 408 | {ERR_REASON(SSL_R_RECORD_LENGTH_MISMATCH),"record length mismatch"}, |
| 361 | {ERR_REASON(SSL_R_RECORD_TOO_LARGE) ,"record too large"}, | 409 | {ERR_REASON(SSL_R_RECORD_TOO_LARGE) ,"record too large"}, |
| @@ -364,11 +412,14 @@ static ERR_STRING_DATA SSL_str_reasons[]= | |||
| 364 | {ERR_REASON(SSL_R_REUSE_CERT_LENGTH_NOT_ZERO),"reuse cert length not zero"}, | 412 | {ERR_REASON(SSL_R_REUSE_CERT_LENGTH_NOT_ZERO),"reuse cert length not zero"}, |
| 365 | {ERR_REASON(SSL_R_REUSE_CERT_TYPE_NOT_ZERO),"reuse cert type not zero"}, | 413 | {ERR_REASON(SSL_R_REUSE_CERT_TYPE_NOT_ZERO),"reuse cert type not zero"}, |
| 366 | {ERR_REASON(SSL_R_REUSE_CIPHER_LIST_NOT_ZERO),"reuse cipher list not zero"}, | 414 | {ERR_REASON(SSL_R_REUSE_CIPHER_LIST_NOT_ZERO),"reuse cipher list not zero"}, |
| 415 | {ERR_REASON(SSL_R_SERVERHELLO_TLSEXT) ,"serverhello tlsext"}, | ||
| 367 | {ERR_REASON(SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED),"session id context uninitialized"}, | 416 | {ERR_REASON(SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED),"session id context uninitialized"}, |
| 368 | {ERR_REASON(SSL_R_SHORT_READ) ,"short read"}, | 417 | {ERR_REASON(SSL_R_SHORT_READ) ,"short read"}, |
| 369 | {ERR_REASON(SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE),"signature for non signing certificate"}, | 418 | {ERR_REASON(SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE),"signature for non signing certificate"}, |
| 370 | {ERR_REASON(SSL_R_SSL23_DOING_SESSION_ID_REUSE),"ssl23 doing session id reuse"}, | 419 | {ERR_REASON(SSL_R_SSL23_DOING_SESSION_ID_REUSE),"ssl23 doing session id reuse"}, |
| 371 | {ERR_REASON(SSL_R_SSL2_CONNECTION_ID_TOO_LONG),"ssl2 connection id too long"}, | 420 | {ERR_REASON(SSL_R_SSL2_CONNECTION_ID_TOO_LONG),"ssl2 connection id too long"}, |
| 421 | {ERR_REASON(SSL_R_SSL3_EXT_INVALID_SERVERNAME),"ssl3 ext invalid servername"}, | ||
| 422 | {ERR_REASON(SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE),"ssl3 ext invalid servername type"}, | ||
| 372 | {ERR_REASON(SSL_R_SSL3_SESSION_ID_TOO_LONG),"ssl3 session id too long"}, | 423 | {ERR_REASON(SSL_R_SSL3_SESSION_ID_TOO_LONG),"ssl3 session id too long"}, |
| 373 | {ERR_REASON(SSL_R_SSL3_SESSION_ID_TOO_SHORT),"ssl3 session id too short"}, | 424 | {ERR_REASON(SSL_R_SSL3_SESSION_ID_TOO_SHORT),"ssl3 session id too short"}, |
| 374 | {ERR_REASON(SSL_R_SSLV3_ALERT_BAD_CERTIFICATE),"sslv3 alert bad certificate"}, | 425 | {ERR_REASON(SSL_R_SSLV3_ALERT_BAD_CERTIFICATE),"sslv3 alert bad certificate"}, |
| @@ -403,12 +454,15 @@ static ERR_STRING_DATA SSL_str_reasons[]= | |||
| 403 | {ERR_REASON(SSL_R_TLSV1_ALERT_UNKNOWN_CA),"tlsv1 alert unknown ca"}, | 454 | {ERR_REASON(SSL_R_TLSV1_ALERT_UNKNOWN_CA),"tlsv1 alert unknown ca"}, |
| 404 | {ERR_REASON(SSL_R_TLSV1_ALERT_USER_CANCELLED),"tlsv1 alert user cancelled"}, | 455 | {ERR_REASON(SSL_R_TLSV1_ALERT_USER_CANCELLED),"tlsv1 alert user cancelled"}, |
| 405 | {ERR_REASON(SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER),"tls client cert req with anon cipher"}, | 456 | {ERR_REASON(SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER),"tls client cert req with anon cipher"}, |
| 457 | {ERR_REASON(SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST),"tls invalid ecpointformat list"}, | ||
| 406 | {ERR_REASON(SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST),"tls peer did not respond with certificate list"}, | 458 | {ERR_REASON(SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST),"tls peer did not respond with certificate list"}, |
| 407 | {ERR_REASON(SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG),"tls rsa encrypted value length is wrong"}, | 459 | {ERR_REASON(SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG),"tls rsa encrypted value length is wrong"}, |
| 408 | {ERR_REASON(SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER),"tried to use unsupported cipher"}, | 460 | {ERR_REASON(SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER),"tried to use unsupported cipher"}, |
| 409 | {ERR_REASON(SSL_R_UNABLE_TO_DECODE_DH_CERTS),"unable to decode dh certs"}, | 461 | {ERR_REASON(SSL_R_UNABLE_TO_DECODE_DH_CERTS),"unable to decode dh certs"}, |
| 462 | {ERR_REASON(SSL_R_UNABLE_TO_DECODE_ECDH_CERTS),"unable to decode ecdh certs"}, | ||
| 410 | {ERR_REASON(SSL_R_UNABLE_TO_EXTRACT_PUBLIC_KEY),"unable to extract public key"}, | 463 | {ERR_REASON(SSL_R_UNABLE_TO_EXTRACT_PUBLIC_KEY),"unable to extract public key"}, |
| 411 | {ERR_REASON(SSL_R_UNABLE_TO_FIND_DH_PARAMETERS),"unable to find dh parameters"}, | 464 | {ERR_REASON(SSL_R_UNABLE_TO_FIND_DH_PARAMETERS),"unable to find dh parameters"}, |
| 465 | {ERR_REASON(SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS),"unable to find ecdh parameters"}, | ||
| 412 | {ERR_REASON(SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS),"unable to find public key parameters"}, | 466 | {ERR_REASON(SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS),"unable to find public key parameters"}, |
| 413 | {ERR_REASON(SSL_R_UNABLE_TO_FIND_SSL_METHOD),"unable to find ssl method"}, | 467 | {ERR_REASON(SSL_R_UNABLE_TO_FIND_SSL_METHOD),"unable to find ssl method"}, |
| 414 | {ERR_REASON(SSL_R_UNABLE_TO_LOAD_SSL2_MD5_ROUTINES),"unable to load ssl2 md5 routines"}, | 468 | {ERR_REASON(SSL_R_UNABLE_TO_LOAD_SSL2_MD5_ROUTINES),"unable to load ssl2 md5 routines"}, |
| @@ -429,8 +483,10 @@ static ERR_STRING_DATA SSL_str_reasons[]= | |||
| 429 | {ERR_REASON(SSL_R_UNKNOWN_STATE) ,"unknown state"}, | 483 | {ERR_REASON(SSL_R_UNKNOWN_STATE) ,"unknown state"}, |
| 430 | {ERR_REASON(SSL_R_UNSUPPORTED_CIPHER) ,"unsupported cipher"}, | 484 | {ERR_REASON(SSL_R_UNSUPPORTED_CIPHER) ,"unsupported cipher"}, |
| 431 | {ERR_REASON(SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM),"unsupported compression algorithm"}, | 485 | {ERR_REASON(SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM),"unsupported compression algorithm"}, |
| 486 | {ERR_REASON(SSL_R_UNSUPPORTED_ELLIPTIC_CURVE),"unsupported elliptic curve"}, | ||
| 432 | {ERR_REASON(SSL_R_UNSUPPORTED_PROTOCOL) ,"unsupported protocol"}, | 487 | {ERR_REASON(SSL_R_UNSUPPORTED_PROTOCOL) ,"unsupported protocol"}, |
| 433 | {ERR_REASON(SSL_R_UNSUPPORTED_SSL_VERSION),"unsupported ssl version"}, | 488 | {ERR_REASON(SSL_R_UNSUPPORTED_SSL_VERSION),"unsupported ssl version"}, |
| 489 | {ERR_REASON(SSL_R_UNSUPPORTED_STATUS_TYPE),"unsupported status type"}, | ||
| 434 | {ERR_REASON(SSL_R_WRITE_BIO_NOT_SET) ,"write bio not set"}, | 490 | {ERR_REASON(SSL_R_WRITE_BIO_NOT_SET) ,"write bio not set"}, |
| 435 | {ERR_REASON(SSL_R_WRONG_CIPHER_RETURNED) ,"wrong cipher returned"}, | 491 | {ERR_REASON(SSL_R_WRONG_CIPHER_RETURNED) ,"wrong cipher returned"}, |
| 436 | {ERR_REASON(SSL_R_WRONG_MESSAGE_TYPE) ,"wrong message type"}, | 492 | {ERR_REASON(SSL_R_WRONG_MESSAGE_TYPE) ,"wrong message type"}, |
| @@ -448,15 +504,12 @@ static ERR_STRING_DATA SSL_str_reasons[]= | |||
| 448 | 504 | ||
| 449 | void ERR_load_SSL_strings(void) | 505 | void ERR_load_SSL_strings(void) |
| 450 | { | 506 | { |
| 451 | static int init=1; | 507 | #ifndef OPENSSL_NO_ERR |
| 452 | 508 | ||
| 453 | if (init) | 509 | if (ERR_func_error_string(SSL_str_functs[0].error) == NULL) |
| 454 | { | 510 | { |
| 455 | init=0; | ||
| 456 | #ifndef OPENSSL_NO_ERR | ||
| 457 | ERR_load_strings(0,SSL_str_functs); | 511 | ERR_load_strings(0,SSL_str_functs); |
| 458 | ERR_load_strings(0,SSL_str_reasons); | 512 | ERR_load_strings(0,SSL_str_reasons); |
| 459 | #endif | ||
| 460 | |||
| 461 | } | 513 | } |
| 514 | #endif | ||
| 462 | } | 515 | } |
diff --git a/src/lib/libssl/src/ssl/ssl_lib.c b/src/lib/libssl/src/ssl/ssl_lib.c index 0f4b7a475b..31f6318357 100644 --- a/src/lib/libssl/src/ssl/ssl_lib.c +++ b/src/lib/libssl/src/ssl/ssl_lib.c | |||
| @@ -110,7 +110,11 @@ | |||
| 110 | * Hudson (tjh@cryptsoft.com). | 110 | * Hudson (tjh@cryptsoft.com). |
| 111 | * | 111 | * |
| 112 | */ | 112 | */ |
| 113 | 113 | /* ==================================================================== | |
| 114 | * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. | ||
| 115 | * ECC cipher suite support in OpenSSL originally developed by | ||
| 116 | * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. | ||
| 117 | */ | ||
| 114 | 118 | ||
| 115 | #ifdef REF_CHECK | 119 | #ifdef REF_CHECK |
| 116 | # include <assert.h> | 120 | # include <assert.h> |
| @@ -121,7 +125,11 @@ | |||
| 121 | #include <openssl/objects.h> | 125 | #include <openssl/objects.h> |
| 122 | #include <openssl/lhash.h> | 126 | #include <openssl/lhash.h> |
| 123 | #include <openssl/x509v3.h> | 127 | #include <openssl/x509v3.h> |
| 124 | #include <openssl/fips.h> | 128 | #include <openssl/rand.h> |
| 129 | #include <openssl/ocsp.h> | ||
| 130 | #ifndef OPENSSL_NO_DH | ||
| 131 | #include <openssl/dh.h> | ||
| 132 | #endif | ||
| 125 | 133 | ||
| 126 | const char *SSL_version_str=OPENSSL_VERSION_TEXT; | 134 | const char *SSL_version_str=OPENSSL_VERSION_TEXT; |
| 127 | 135 | ||
| @@ -132,7 +140,14 @@ SSL3_ENC_METHOD ssl3_undef_enc_method={ | |||
| 132 | ssl_undefined_function, | 140 | ssl_undefined_function, |
| 133 | (int (*)(SSL *, unsigned char *, unsigned char *, int))ssl_undefined_function, | 141 | (int (*)(SSL *, unsigned char *, unsigned char *, int))ssl_undefined_function, |
| 134 | (int (*)(SSL*, int))ssl_undefined_function, | 142 | (int (*)(SSL*, int))ssl_undefined_function, |
| 135 | (int (*)(SSL *, EVP_MD_CTX *, EVP_MD_CTX *, const char*, int, unsigned char *))ssl_undefined_function | 143 | (int (*)(SSL *, EVP_MD_CTX *, EVP_MD_CTX *, const char*, int, unsigned char *))ssl_undefined_function, |
| 144 | 0, /* finish_mac_length */ | ||
| 145 | (int (*)(SSL *, EVP_MD_CTX *, unsigned char *))ssl_undefined_function, | ||
| 146 | NULL, /* client_finished_label */ | ||
| 147 | 0, /* client_finished_label_len */ | ||
| 148 | NULL, /* server_finished_label */ | ||
| 149 | 0, /* server_finished_label_len */ | ||
| 150 | (int (*)(int))ssl_undefined_function | ||
| 136 | }; | 151 | }; |
| 137 | 152 | ||
| 138 | int SSL_clear(SSL *s) | 153 | int SSL_clear(SSL *s) |
| @@ -272,19 +287,40 @@ SSL *SSL_new(SSL_CTX *ctx) | |||
| 272 | s->msg_callback=ctx->msg_callback; | 287 | s->msg_callback=ctx->msg_callback; |
| 273 | s->msg_callback_arg=ctx->msg_callback_arg; | 288 | s->msg_callback_arg=ctx->msg_callback_arg; |
| 274 | s->verify_mode=ctx->verify_mode; | 289 | s->verify_mode=ctx->verify_mode; |
| 290 | #if 0 | ||
| 275 | s->verify_depth=ctx->verify_depth; | 291 | s->verify_depth=ctx->verify_depth; |
| 292 | #endif | ||
| 276 | s->sid_ctx_length=ctx->sid_ctx_length; | 293 | s->sid_ctx_length=ctx->sid_ctx_length; |
| 277 | OPENSSL_assert(s->sid_ctx_length <= sizeof s->sid_ctx); | 294 | OPENSSL_assert(s->sid_ctx_length <= sizeof s->sid_ctx); |
| 278 | memcpy(&s->sid_ctx,&ctx->sid_ctx,sizeof(s->sid_ctx)); | 295 | memcpy(&s->sid_ctx,&ctx->sid_ctx,sizeof(s->sid_ctx)); |
| 279 | s->verify_callback=ctx->default_verify_callback; | 296 | s->verify_callback=ctx->default_verify_callback; |
| 280 | s->generate_session_id=ctx->generate_session_id; | 297 | s->generate_session_id=ctx->generate_session_id; |
| 298 | |||
| 299 | s->param = X509_VERIFY_PARAM_new(); | ||
| 300 | if (!s->param) | ||
| 301 | goto err; | ||
| 302 | X509_VERIFY_PARAM_inherit(s->param, ctx->param); | ||
| 303 | #if 0 | ||
| 281 | s->purpose = ctx->purpose; | 304 | s->purpose = ctx->purpose; |
| 282 | s->trust = ctx->trust; | 305 | s->trust = ctx->trust; |
| 306 | #endif | ||
| 283 | s->quiet_shutdown=ctx->quiet_shutdown; | 307 | s->quiet_shutdown=ctx->quiet_shutdown; |
| 284 | 308 | ||
| 285 | CRYPTO_add(&ctx->references,1,CRYPTO_LOCK_SSL_CTX); | 309 | CRYPTO_add(&ctx->references,1,CRYPTO_LOCK_SSL_CTX); |
| 286 | s->ctx=ctx; | 310 | s->ctx=ctx; |
| 287 | 311 | #ifndef OPENSSL_NO_TLSEXT | |
| 312 | s->tlsext_debug_cb = 0; | ||
| 313 | s->tlsext_debug_arg = NULL; | ||
| 314 | s->tlsext_ticket_expected = 0; | ||
| 315 | s->tlsext_status_type = -1; | ||
| 316 | s->tlsext_status_expected = 0; | ||
| 317 | s->tlsext_ocsp_ids = NULL; | ||
| 318 | s->tlsext_ocsp_exts = NULL; | ||
| 319 | s->tlsext_ocsp_resp = NULL; | ||
| 320 | s->tlsext_ocsp_resplen = -1; | ||
| 321 | CRYPTO_add(&ctx->references,1,CRYPTO_LOCK_SSL_CTX); | ||
| 322 | s->initial_ctx=ctx; | ||
| 323 | #endif | ||
| 288 | s->verify_result=X509_V_OK; | 324 | s->verify_result=X509_V_OK; |
| 289 | 325 | ||
| 290 | s->method=ctx->method; | 326 | s->method=ctx->method; |
| @@ -393,22 +429,22 @@ int SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id, | |||
| 393 | 429 | ||
| 394 | int SSL_CTX_set_purpose(SSL_CTX *s, int purpose) | 430 | int SSL_CTX_set_purpose(SSL_CTX *s, int purpose) |
| 395 | { | 431 | { |
| 396 | return X509_PURPOSE_set(&s->purpose, purpose); | 432 | return X509_VERIFY_PARAM_set_purpose(s->param, purpose); |
| 397 | } | 433 | } |
| 398 | 434 | ||
| 399 | int SSL_set_purpose(SSL *s, int purpose) | 435 | int SSL_set_purpose(SSL *s, int purpose) |
| 400 | { | 436 | { |
| 401 | return X509_PURPOSE_set(&s->purpose, purpose); | 437 | return X509_VERIFY_PARAM_set_purpose(s->param, purpose); |
| 402 | } | 438 | } |
| 403 | 439 | ||
| 404 | int SSL_CTX_set_trust(SSL_CTX *s, int trust) | 440 | int SSL_CTX_set_trust(SSL_CTX *s, int trust) |
| 405 | { | 441 | { |
| 406 | return X509_TRUST_set(&s->trust, trust); | 442 | return X509_VERIFY_PARAM_set_trust(s->param, trust); |
| 407 | } | 443 | } |
| 408 | 444 | ||
| 409 | int SSL_set_trust(SSL *s, int trust) | 445 | int SSL_set_trust(SSL *s, int trust) |
| 410 | { | 446 | { |
| 411 | return X509_TRUST_set(&s->trust, trust); | 447 | return X509_VERIFY_PARAM_set_trust(s->param, trust); |
| 412 | } | 448 | } |
| 413 | 449 | ||
| 414 | void SSL_free(SSL *s) | 450 | void SSL_free(SSL *s) |
| @@ -431,6 +467,9 @@ void SSL_free(SSL *s) | |||
| 431 | } | 467 | } |
| 432 | #endif | 468 | #endif |
| 433 | 469 | ||
| 470 | if (s->param) | ||
| 471 | X509_VERIFY_PARAM_free(s->param); | ||
| 472 | |||
| 434 | CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->ex_data); | 473 | CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->ex_data); |
| 435 | 474 | ||
| 436 | if (s->bbio != NULL) | 475 | if (s->bbio != NULL) |
| @@ -467,7 +506,16 @@ void SSL_free(SSL *s) | |||
| 467 | /* Free up if allocated */ | 506 | /* Free up if allocated */ |
| 468 | 507 | ||
| 469 | if (s->ctx) SSL_CTX_free(s->ctx); | 508 | if (s->ctx) SSL_CTX_free(s->ctx); |
| 470 | 509 | #ifndef OPENSSL_NO_TLSEXT | |
| 510 | if (s->initial_ctx) SSL_CTX_free(s->initial_ctx); | ||
| 511 | if (s->tlsext_ocsp_exts) | ||
| 512 | sk_X509_EXTENSION_pop_free(s->tlsext_ocsp_exts, | ||
| 513 | X509_EXTENSION_free); | ||
| 514 | if (s->tlsext_ocsp_ids) | ||
| 515 | sk_OCSP_RESPID_pop_free(s->tlsext_ocsp_ids, OCSP_RESPID_free); | ||
| 516 | if (s->tlsext_ocsp_resp) | ||
| 517 | OPENSSL_free(s->tlsext_ocsp_resp); | ||
| 518 | #endif | ||
| 471 | if (s->client_CA != NULL) | 519 | if (s->client_CA != NULL) |
| 472 | sk_X509_NAME_pop_free(s->client_CA,X509_NAME_free); | 520 | sk_X509_NAME_pop_free(s->client_CA,X509_NAME_free); |
| 473 | 521 | ||
| @@ -643,7 +691,7 @@ int SSL_get_verify_mode(const SSL *s) | |||
| 643 | 691 | ||
| 644 | int SSL_get_verify_depth(const SSL *s) | 692 | int SSL_get_verify_depth(const SSL *s) |
| 645 | { | 693 | { |
| 646 | return(s->verify_depth); | 694 | return X509_VERIFY_PARAM_get_depth(s->param); |
| 647 | } | 695 | } |
| 648 | 696 | ||
| 649 | int (*SSL_get_verify_callback(const SSL *s))(int,X509_STORE_CTX *) | 697 | int (*SSL_get_verify_callback(const SSL *s))(int,X509_STORE_CTX *) |
| @@ -658,7 +706,7 @@ int SSL_CTX_get_verify_mode(const SSL_CTX *ctx) | |||
| 658 | 706 | ||
| 659 | int SSL_CTX_get_verify_depth(const SSL_CTX *ctx) | 707 | int SSL_CTX_get_verify_depth(const SSL_CTX *ctx) |
| 660 | { | 708 | { |
| 661 | return(ctx->verify_depth); | 709 | return X509_VERIFY_PARAM_get_depth(ctx->param); |
| 662 | } | 710 | } |
| 663 | 711 | ||
| 664 | int (*SSL_CTX_get_verify_callback(const SSL_CTX *ctx))(int,X509_STORE_CTX *) | 712 | int (*SSL_CTX_get_verify_callback(const SSL_CTX *ctx))(int,X509_STORE_CTX *) |
| @@ -676,7 +724,7 @@ void SSL_set_verify(SSL *s,int mode, | |||
| 676 | 724 | ||
| 677 | void SSL_set_verify_depth(SSL *s,int depth) | 725 | void SSL_set_verify_depth(SSL *s,int depth) |
| 678 | { | 726 | { |
| 679 | s->verify_depth=depth; | 727 | X509_VERIFY_PARAM_set_depth(s->param, depth); |
| 680 | } | 728 | } |
| 681 | 729 | ||
| 682 | void SSL_set_read_ahead(SSL *s,int yes) | 730 | void SSL_set_read_ahead(SSL *s,int yes) |
| @@ -850,7 +898,7 @@ int SSL_peek(SSL *s,void *buf,int num) | |||
| 850 | { | 898 | { |
| 851 | if (s->handshake_func == 0) | 899 | if (s->handshake_func == 0) |
| 852 | { | 900 | { |
| 853 | SSLerr(SSL_F_SSL_READ, SSL_R_UNINITIALIZED); | 901 | SSLerr(SSL_F_SSL_PEEK, SSL_R_UNINITIALIZED); |
| 854 | return -1; | 902 | return -1; |
| 855 | } | 903 | } |
| 856 | 904 | ||
| @@ -941,12 +989,19 @@ long SSL_ctrl(SSL *s,int cmd,long larg,void *parg) | |||
| 941 | l=s->max_cert_list; | 989 | l=s->max_cert_list; |
| 942 | s->max_cert_list=larg; | 990 | s->max_cert_list=larg; |
| 943 | return(l); | 991 | return(l); |
| 992 | case SSL_CTRL_SET_MTU: | ||
| 993 | if (SSL_version(s) == DTLS1_VERSION) | ||
| 994 | { | ||
| 995 | s->d1->mtu = larg; | ||
| 996 | return larg; | ||
| 997 | } | ||
| 998 | return 0; | ||
| 944 | default: | 999 | default: |
| 945 | return(s->method->ssl_ctrl(s,cmd,larg,parg)); | 1000 | return(s->method->ssl_ctrl(s,cmd,larg,parg)); |
| 946 | } | 1001 | } |
| 947 | } | 1002 | } |
| 948 | 1003 | ||
| 949 | long SSL_callback_ctrl(SSL *s, int cmd, void (*fp)()) | 1004 | long SSL_callback_ctrl(SSL *s, int cmd, void (*fp)(void)) |
| 950 | { | 1005 | { |
| 951 | switch(cmd) | 1006 | switch(cmd) |
| 952 | { | 1007 | { |
| @@ -1034,7 +1089,7 @@ long SSL_CTX_ctrl(SSL_CTX *ctx,int cmd,long larg,void *parg) | |||
| 1034 | } | 1089 | } |
| 1035 | } | 1090 | } |
| 1036 | 1091 | ||
| 1037 | long SSL_CTX_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)()) | 1092 | long SSL_CTX_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void)) |
| 1038 | { | 1093 | { |
| 1039 | switch(cmd) | 1094 | switch(cmd) |
| 1040 | { | 1095 | { |
| @@ -1269,6 +1324,29 @@ err: | |||
| 1269 | return(NULL); | 1324 | return(NULL); |
| 1270 | } | 1325 | } |
| 1271 | 1326 | ||
| 1327 | #ifndef OPENSSL_NO_TLSEXT | ||
| 1328 | /** return a servername extension value if provided in Client Hello, or NULL. | ||
| 1329 | * So far, only host_name types are defined (RFC 3546). | ||
| 1330 | */ | ||
| 1331 | |||
| 1332 | const char *SSL_get_servername(const SSL *s, const int type) | ||
| 1333 | { | ||
| 1334 | if (type != TLSEXT_NAMETYPE_host_name) | ||
| 1335 | return NULL; | ||
| 1336 | |||
| 1337 | return s->session && !s->tlsext_hostname ? | ||
| 1338 | s->session->tlsext_hostname : | ||
| 1339 | s->tlsext_hostname; | ||
| 1340 | } | ||
| 1341 | |||
| 1342 | int SSL_get_servername_type(const SSL *s) | ||
| 1343 | { | ||
| 1344 | if (s->session && (!s->tlsext_hostname ? s->session->tlsext_hostname : s->tlsext_hostname)) | ||
| 1345 | return TLSEXT_NAMETYPE_host_name; | ||
| 1346 | return -1; | ||
| 1347 | } | ||
| 1348 | #endif | ||
| 1349 | |||
| 1272 | unsigned long SSL_SESSION_hash(const SSL_SESSION *a) | 1350 | unsigned long SSL_SESSION_hash(const SSL_SESSION *a) |
| 1273 | { | 1351 | { |
| 1274 | unsigned long l; | 1352 | unsigned long l; |
| @@ -1312,14 +1390,6 @@ SSL_CTX *SSL_CTX_new(SSL_METHOD *meth) | |||
| 1312 | return(NULL); | 1390 | return(NULL); |
| 1313 | } | 1391 | } |
| 1314 | 1392 | ||
| 1315 | #ifdef OPENSSL_FIPS | ||
| 1316 | if (FIPS_mode() && (meth->version < TLS1_VERSION)) | ||
| 1317 | { | ||
| 1318 | SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE); | ||
| 1319 | return NULL; | ||
| 1320 | } | ||
| 1321 | #endif | ||
| 1322 | |||
| 1323 | if (SSL_get_ex_data_X509_STORE_CTX_idx() < 0) | 1393 | if (SSL_get_ex_data_X509_STORE_CTX_idx() < 0) |
| 1324 | { | 1394 | { |
| 1325 | SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_X509_VERIFICATION_SETUP_PROBLEMS); | 1395 | SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_X509_VERIFICATION_SETUP_PROBLEMS); |
| @@ -1368,7 +1438,9 @@ SSL_CTX *SSL_CTX_new(SSL_METHOD *meth) | |||
| 1368 | ret->msg_callback=0; | 1438 | ret->msg_callback=0; |
| 1369 | ret->msg_callback_arg=NULL; | 1439 | ret->msg_callback_arg=NULL; |
| 1370 | ret->verify_mode=SSL_VERIFY_NONE; | 1440 | ret->verify_mode=SSL_VERIFY_NONE; |
| 1441 | #if 0 | ||
| 1371 | ret->verify_depth=-1; /* Don't impose a limit (but x509_lu.c does) */ | 1442 | ret->verify_depth=-1; /* Don't impose a limit (but x509_lu.c does) */ |
| 1443 | #endif | ||
| 1372 | ret->sid_ctx_length=0; | 1444 | ret->sid_ctx_length=0; |
| 1373 | ret->default_verify_callback=NULL; | 1445 | ret->default_verify_callback=NULL; |
| 1374 | if ((ret->cert=ssl_cert_new()) == NULL) | 1446 | if ((ret->cert=ssl_cert_new()) == NULL) |
| @@ -1377,6 +1449,8 @@ SSL_CTX *SSL_CTX_new(SSL_METHOD *meth) | |||
| 1377 | ret->default_passwd_callback=0; | 1449 | ret->default_passwd_callback=0; |
| 1378 | ret->default_passwd_callback_userdata=NULL; | 1450 | ret->default_passwd_callback_userdata=NULL; |
| 1379 | ret->client_cert_cb=0; | 1451 | ret->client_cert_cb=0; |
| 1452 | ret->app_gen_cookie_cb=0; | ||
| 1453 | ret->app_verify_cookie_cb=0; | ||
| 1380 | 1454 | ||
| 1381 | ret->sessions=lh_new(LHASH_HASH_FN(SSL_SESSION_hash), | 1455 | ret->sessions=lh_new(LHASH_HASH_FN(SSL_SESSION_hash), |
| 1382 | LHASH_COMP_FN(SSL_SESSION_cmp)); | 1456 | LHASH_COMP_FN(SSL_SESSION_cmp)); |
| @@ -1394,6 +1468,10 @@ SSL_CTX *SSL_CTX_new(SSL_METHOD *meth) | |||
| 1394 | goto err2; | 1468 | goto err2; |
| 1395 | } | 1469 | } |
| 1396 | 1470 | ||
| 1471 | ret->param = X509_VERIFY_PARAM_new(); | ||
| 1472 | if (!ret->param) | ||
| 1473 | goto err; | ||
| 1474 | |||
| 1397 | if ((ret->rsa_md5=EVP_get_digestbyname("ssl2-md5")) == NULL) | 1475 | if ((ret->rsa_md5=EVP_get_digestbyname("ssl2-md5")) == NULL) |
| 1398 | { | 1476 | { |
| 1399 | SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_UNABLE_TO_LOAD_SSL2_MD5_ROUTINES); | 1477 | SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_UNABLE_TO_LOAD_SSL2_MD5_ROUTINES); |
| @@ -1418,6 +1496,20 @@ SSL_CTX *SSL_CTX_new(SSL_METHOD *meth) | |||
| 1418 | ret->extra_certs=NULL; | 1496 | ret->extra_certs=NULL; |
| 1419 | ret->comp_methods=SSL_COMP_get_compression_methods(); | 1497 | ret->comp_methods=SSL_COMP_get_compression_methods(); |
| 1420 | 1498 | ||
| 1499 | #ifndef OPENSSL_NO_TLSEXT | ||
| 1500 | ret->tlsext_servername_callback = 0; | ||
| 1501 | ret->tlsext_servername_arg = NULL; | ||
| 1502 | /* Setup RFC4507 ticket keys */ | ||
| 1503 | if ((RAND_pseudo_bytes(ret->tlsext_tick_key_name, 16) <= 0) | ||
| 1504 | || (RAND_bytes(ret->tlsext_tick_hmac_key, 16) <= 0) | ||
| 1505 | || (RAND_bytes(ret->tlsext_tick_aes_key, 16) <= 0)) | ||
| 1506 | ret->options |= SSL_OP_NO_TICKET; | ||
| 1507 | |||
| 1508 | ret->tlsext_status_cb = 0; | ||
| 1509 | ret->tlsext_status_arg = NULL; | ||
| 1510 | |||
| 1511 | #endif | ||
| 1512 | |||
| 1421 | return(ret); | 1513 | return(ret); |
| 1422 | err: | 1514 | err: |
| 1423 | SSLerr(SSL_F_SSL_CTX_NEW,ERR_R_MALLOC_FAILURE); | 1515 | SSLerr(SSL_F_SSL_CTX_NEW,ERR_R_MALLOC_FAILURE); |
| @@ -1450,6 +1542,9 @@ void SSL_CTX_free(SSL_CTX *a) | |||
| 1450 | } | 1542 | } |
| 1451 | #endif | 1543 | #endif |
| 1452 | 1544 | ||
| 1545 | if (a->param) | ||
| 1546 | X509_VERIFY_PARAM_free(a->param); | ||
| 1547 | |||
| 1453 | /* | 1548 | /* |
| 1454 | * Free internal session cache. However: the remove_cb() may reference | 1549 | * Free internal session cache. However: the remove_cb() may reference |
| 1455 | * the ex_data of SSL_CTX, thus the ex_data store can only be removed | 1550 | * the ex_data of SSL_CTX, thus the ex_data store can only be removed |
| @@ -1512,7 +1607,7 @@ void SSL_CTX_set_verify(SSL_CTX *ctx,int mode,int (*cb)(int, X509_STORE_CTX *)) | |||
| 1512 | 1607 | ||
| 1513 | void SSL_CTX_set_verify_depth(SSL_CTX *ctx,int depth) | 1608 | void SSL_CTX_set_verify_depth(SSL_CTX *ctx,int depth) |
| 1514 | { | 1609 | { |
| 1515 | ctx->verify_depth=depth; | 1610 | X509_VERIFY_PARAM_set_depth(ctx->param, depth); |
| 1516 | } | 1611 | } |
| 1517 | 1612 | ||
| 1518 | void ssl_set_cert_masks(CERT *c, SSL_CIPHER *cipher) | 1613 | void ssl_set_cert_masks(CERT *c, SSL_CIPHER *cipher) |
| @@ -1522,6 +1617,13 @@ void ssl_set_cert_masks(CERT *c, SSL_CIPHER *cipher) | |||
| 1522 | int rsa_enc_export,dh_rsa_export,dh_dsa_export; | 1617 | int rsa_enc_export,dh_rsa_export,dh_dsa_export; |
| 1523 | int rsa_tmp_export,dh_tmp_export,kl; | 1618 | int rsa_tmp_export,dh_tmp_export,kl; |
| 1524 | unsigned long mask,emask; | 1619 | unsigned long mask,emask; |
| 1620 | int have_ecc_cert, ecdh_ok, ecdsa_ok, ecc_pkey_size; | ||
| 1621 | #ifndef OPENSSL_NO_ECDH | ||
| 1622 | int have_ecdh_tmp; | ||
| 1623 | #endif | ||
| 1624 | X509 *x = NULL; | ||
| 1625 | EVP_PKEY *ecc_pkey = NULL; | ||
| 1626 | int signature_nid = 0; | ||
| 1525 | 1627 | ||
| 1526 | if (c == NULL) return; | 1628 | if (c == NULL) return; |
| 1527 | 1629 | ||
| @@ -1542,6 +1644,9 @@ void ssl_set_cert_masks(CERT *c, SSL_CIPHER *cipher) | |||
| 1542 | dh_tmp=dh_tmp_export=0; | 1644 | dh_tmp=dh_tmp_export=0; |
| 1543 | #endif | 1645 | #endif |
| 1544 | 1646 | ||
| 1647 | #ifndef OPENSSL_NO_ECDH | ||
| 1648 | have_ecdh_tmp=(c->ecdh_tmp != NULL || c->ecdh_tmp_cb != NULL); | ||
| 1649 | #endif | ||
| 1545 | cpk= &(c->pkeys[SSL_PKEY_RSA_ENC]); | 1650 | cpk= &(c->pkeys[SSL_PKEY_RSA_ENC]); |
| 1546 | rsa_enc= (cpk->x509 != NULL && cpk->privatekey != NULL); | 1651 | rsa_enc= (cpk->x509 != NULL && cpk->privatekey != NULL); |
| 1547 | rsa_enc_export=(rsa_enc && EVP_PKEY_size(cpk->privatekey)*8 <= kl); | 1652 | rsa_enc_export=(rsa_enc && EVP_PKEY_size(cpk->privatekey)*8 <= kl); |
| @@ -1556,7 +1661,8 @@ void ssl_set_cert_masks(CERT *c, SSL_CIPHER *cipher) | |||
| 1556 | /* FIX THIS EAY EAY EAY */ | 1661 | /* FIX THIS EAY EAY EAY */ |
| 1557 | dh_dsa= (cpk->x509 != NULL && cpk->privatekey != NULL); | 1662 | dh_dsa= (cpk->x509 != NULL && cpk->privatekey != NULL); |
| 1558 | dh_dsa_export=(dh_dsa && EVP_PKEY_size(cpk->privatekey)*8 <= kl); | 1663 | dh_dsa_export=(dh_dsa && EVP_PKEY_size(cpk->privatekey)*8 <= kl); |
| 1559 | 1664 | cpk= &(c->pkeys[SSL_PKEY_ECC]); | |
| 1665 | have_ecc_cert= (cpk->x509 != NULL && cpk->privatekey != NULL); | ||
| 1560 | mask=0; | 1666 | mask=0; |
| 1561 | emask=0; | 1667 | emask=0; |
| 1562 | 1668 | ||
| @@ -1613,11 +1719,127 @@ void ssl_set_cert_masks(CERT *c, SSL_CIPHER *cipher) | |||
| 1613 | emask|=SSL_kKRB5|SSL_aKRB5; | 1719 | emask|=SSL_kKRB5|SSL_aKRB5; |
| 1614 | #endif | 1720 | #endif |
| 1615 | 1721 | ||
| 1722 | /* An ECC certificate may be usable for ECDH and/or | ||
| 1723 | * ECDSA cipher suites depending on the key usage extension. | ||
| 1724 | */ | ||
| 1725 | if (have_ecc_cert) | ||
| 1726 | { | ||
| 1727 | /* This call populates extension flags (ex_flags) */ | ||
| 1728 | x = (c->pkeys[SSL_PKEY_ECC]).x509; | ||
| 1729 | X509_check_purpose(x, -1, 0); | ||
| 1730 | ecdh_ok = (x->ex_flags & EXFLAG_KUSAGE) ? | ||
| 1731 | (x->ex_kusage & X509v3_KU_KEY_AGREEMENT) : 1; | ||
| 1732 | ecdsa_ok = (x->ex_flags & EXFLAG_KUSAGE) ? | ||
| 1733 | (x->ex_kusage & X509v3_KU_DIGITAL_SIGNATURE) : 1; | ||
| 1734 | ecc_pkey = X509_get_pubkey(x); | ||
| 1735 | ecc_pkey_size = (ecc_pkey != NULL) ? | ||
| 1736 | EVP_PKEY_bits(ecc_pkey) : 0; | ||
| 1737 | EVP_PKEY_free(ecc_pkey); | ||
| 1738 | if ((x->sig_alg) && (x->sig_alg->algorithm)) | ||
| 1739 | signature_nid = OBJ_obj2nid(x->sig_alg->algorithm); | ||
| 1740 | #ifndef OPENSSL_NO_ECDH | ||
| 1741 | if (ecdh_ok) | ||
| 1742 | { | ||
| 1743 | if ((signature_nid == NID_md5WithRSAEncryption) || | ||
| 1744 | (signature_nid == NID_md4WithRSAEncryption) || | ||
| 1745 | (signature_nid == NID_md2WithRSAEncryption)) | ||
| 1746 | { | ||
| 1747 | mask|=SSL_kECDH|SSL_aRSA; | ||
| 1748 | if (ecc_pkey_size <= 163) | ||
| 1749 | emask|=SSL_kECDH|SSL_aRSA; | ||
| 1750 | } | ||
| 1751 | if (signature_nid == NID_ecdsa_with_SHA1) | ||
| 1752 | { | ||
| 1753 | mask|=SSL_kECDH|SSL_aECDSA; | ||
| 1754 | if (ecc_pkey_size <= 163) | ||
| 1755 | emask|=SSL_kECDH|SSL_aECDSA; | ||
| 1756 | } | ||
| 1757 | } | ||
| 1758 | #endif | ||
| 1759 | #ifndef OPENSSL_NO_ECDSA | ||
| 1760 | if (ecdsa_ok) | ||
| 1761 | { | ||
| 1762 | mask|=SSL_aECDSA; | ||
| 1763 | emask|=SSL_aECDSA; | ||
| 1764 | } | ||
| 1765 | #endif | ||
| 1766 | } | ||
| 1767 | |||
| 1768 | #ifndef OPENSSL_NO_ECDH | ||
| 1769 | if (have_ecdh_tmp) | ||
| 1770 | { | ||
| 1771 | mask|=SSL_kECDHE; | ||
| 1772 | emask|=SSL_kECDHE; | ||
| 1773 | } | ||
| 1774 | #endif | ||
| 1616 | c->mask=mask; | 1775 | c->mask=mask; |
| 1617 | c->export_mask=emask; | 1776 | c->export_mask=emask; |
| 1618 | c->valid=1; | 1777 | c->valid=1; |
| 1619 | } | 1778 | } |
| 1620 | 1779 | ||
| 1780 | /* This handy macro borrowed from crypto/x509v3/v3_purp.c */ | ||
| 1781 | #define ku_reject(x, usage) \ | ||
| 1782 | (((x)->ex_flags & EXFLAG_KUSAGE) && !((x)->ex_kusage & (usage))) | ||
| 1783 | |||
| 1784 | int check_srvr_ecc_cert_and_alg(X509 *x, SSL_CIPHER *cs) | ||
| 1785 | { | ||
| 1786 | unsigned long alg = cs->algorithms; | ||
| 1787 | EVP_PKEY *pkey = NULL; | ||
| 1788 | int keysize = 0; | ||
| 1789 | int signature_nid = 0; | ||
| 1790 | |||
| 1791 | if (SSL_C_IS_EXPORT(cs)) | ||
| 1792 | { | ||
| 1793 | /* ECDH key length in export ciphers must be <= 163 bits */ | ||
| 1794 | pkey = X509_get_pubkey(x); | ||
| 1795 | if (pkey == NULL) return 0; | ||
| 1796 | keysize = EVP_PKEY_bits(pkey); | ||
| 1797 | EVP_PKEY_free(pkey); | ||
| 1798 | if (keysize > 163) return 0; | ||
| 1799 | } | ||
| 1800 | |||
| 1801 | /* This call populates the ex_flags field correctly */ | ||
| 1802 | X509_check_purpose(x, -1, 0); | ||
| 1803 | if ((x->sig_alg) && (x->sig_alg->algorithm)) | ||
| 1804 | signature_nid = OBJ_obj2nid(x->sig_alg->algorithm); | ||
| 1805 | if (alg & SSL_kECDH) | ||
| 1806 | { | ||
| 1807 | /* key usage, if present, must allow key agreement */ | ||
| 1808 | if (ku_reject(x, X509v3_KU_KEY_AGREEMENT)) | ||
| 1809 | { | ||
| 1810 | return 0; | ||
| 1811 | } | ||
| 1812 | if (alg & SSL_aECDSA) | ||
| 1813 | { | ||
| 1814 | /* signature alg must be ECDSA */ | ||
| 1815 | if (signature_nid != NID_ecdsa_with_SHA1) | ||
| 1816 | { | ||
| 1817 | return 0; | ||
| 1818 | } | ||
| 1819 | } | ||
| 1820 | if (alg & SSL_aRSA) | ||
| 1821 | { | ||
| 1822 | /* signature alg must be RSA */ | ||
| 1823 | if ((signature_nid != NID_md5WithRSAEncryption) && | ||
| 1824 | (signature_nid != NID_md4WithRSAEncryption) && | ||
| 1825 | (signature_nid != NID_md2WithRSAEncryption)) | ||
| 1826 | { | ||
| 1827 | return 0; | ||
| 1828 | } | ||
| 1829 | } | ||
| 1830 | } | ||
| 1831 | else if (alg & SSL_aECDSA) | ||
| 1832 | { | ||
| 1833 | /* key usage, if present, must allow signing */ | ||
| 1834 | if (ku_reject(x, X509v3_KU_DIGITAL_SIGNATURE)) | ||
| 1835 | { | ||
| 1836 | return 0; | ||
| 1837 | } | ||
| 1838 | } | ||
| 1839 | |||
| 1840 | return 1; /* all checks are ok */ | ||
| 1841 | } | ||
| 1842 | |||
| 1621 | /* THIS NEEDS CLEANING UP */ | 1843 | /* THIS NEEDS CLEANING UP */ |
| 1622 | X509 *ssl_get_server_send_cert(SSL *s) | 1844 | X509 *ssl_get_server_send_cert(SSL *s) |
| 1623 | { | 1845 | { |
| @@ -1632,7 +1854,26 @@ X509 *ssl_get_server_send_cert(SSL *s) | |||
| 1632 | mask=is_export?c->export_mask:c->mask; | 1854 | mask=is_export?c->export_mask:c->mask; |
| 1633 | kalg=alg&(SSL_MKEY_MASK|SSL_AUTH_MASK); | 1855 | kalg=alg&(SSL_MKEY_MASK|SSL_AUTH_MASK); |
| 1634 | 1856 | ||
| 1635 | if (kalg & SSL_kDHr) | 1857 | if (kalg & SSL_kECDH) |
| 1858 | { | ||
| 1859 | /* we don't need to look at SSL_kECDHE | ||
| 1860 | * since no certificate is needed for | ||
| 1861 | * anon ECDH and for authenticated | ||
| 1862 | * ECDHE, the check for the auth | ||
| 1863 | * algorithm will set i correctly | ||
| 1864 | * NOTE: For ECDH-RSA, we need an ECC | ||
| 1865 | * not an RSA cert but for ECDHE-RSA | ||
| 1866 | * we need an RSA cert. Placing the | ||
| 1867 | * checks for SSL_kECDH before RSA | ||
| 1868 | * checks ensures the correct cert is chosen. | ||
| 1869 | */ | ||
| 1870 | i=SSL_PKEY_ECC; | ||
| 1871 | } | ||
| 1872 | else if (kalg & SSL_aECDSA) | ||
| 1873 | { | ||
| 1874 | i=SSL_PKEY_ECC; | ||
| 1875 | } | ||
| 1876 | else if (kalg & SSL_kDHr) | ||
| 1636 | i=SSL_PKEY_DH_RSA; | 1877 | i=SSL_PKEY_DH_RSA; |
| 1637 | else if (kalg & SSL_kDHd) | 1878 | else if (kalg & SSL_kDHd) |
| 1638 | i=SSL_PKEY_DH_DSA; | 1879 | i=SSL_PKEY_DH_DSA; |
| @@ -1656,6 +1897,7 @@ X509 *ssl_get_server_send_cert(SSL *s) | |||
| 1656 | return(NULL); | 1897 | return(NULL); |
| 1657 | } | 1898 | } |
| 1658 | if (c->pkeys[i].x509 == NULL) return(NULL); | 1899 | if (c->pkeys[i].x509 == NULL) return(NULL); |
| 1900 | |||
| 1659 | return(c->pkeys[i].x509); | 1901 | return(c->pkeys[i].x509); |
| 1660 | } | 1902 | } |
| 1661 | 1903 | ||
| @@ -1679,6 +1921,9 @@ EVP_PKEY *ssl_get_sign_pkey(SSL *s,SSL_CIPHER *cipher) | |||
| 1679 | else | 1921 | else |
| 1680 | return(NULL); | 1922 | return(NULL); |
| 1681 | } | 1923 | } |
| 1924 | else if ((alg & SSL_aECDSA) && | ||
| 1925 | (c->pkeys[SSL_PKEY_ECC].privatekey != NULL)) | ||
| 1926 | return(c->pkeys[SSL_PKEY_ECC].privatekey); | ||
| 1682 | else /* if (alg & SSL_aNULL) */ | 1927 | else /* if (alg & SSL_aNULL) */ |
| 1683 | { | 1928 | { |
| 1684 | SSLerr(SSL_F_SSL_GET_SIGN_PKEY,ERR_R_INTERNAL_ERROR); | 1929 | SSLerr(SSL_F_SSL_GET_SIGN_PKEY,ERR_R_INTERNAL_ERROR); |
| @@ -1884,6 +2129,12 @@ int ssl_undefined_function(SSL *s) | |||
| 1884 | return(0); | 2129 | return(0); |
| 1885 | } | 2130 | } |
| 1886 | 2131 | ||
| 2132 | int ssl_undefined_void_function(void) | ||
| 2133 | { | ||
| 2134 | SSLerr(SSL_F_SSL_UNDEFINED_VOID_FUNCTION,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); | ||
| 2135 | return(0); | ||
| 2136 | } | ||
| 2137 | |||
| 1887 | int ssl_undefined_const_function(const SSL *s) | 2138 | int ssl_undefined_const_function(const SSL *s) |
| 1888 | { | 2139 | { |
| 1889 | SSLerr(SSL_F_SSL_UNDEFINED_CONST_FUNCTION,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); | 2140 | SSLerr(SSL_F_SSL_UNDEFINED_CONST_FUNCTION,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); |
| @@ -1999,8 +2250,8 @@ SSL *SSL_dup(SSL *s) | |||
| 1999 | ret->rstate=s->rstate; | 2250 | ret->rstate=s->rstate; |
| 2000 | ret->init_num = 0; /* would have to copy ret->init_buf, ret->init_msg, ret->init_num, ret->init_off */ | 2251 | ret->init_num = 0; /* would have to copy ret->init_buf, ret->init_msg, ret->init_num, ret->init_off */ |
| 2001 | ret->hit=s->hit; | 2252 | ret->hit=s->hit; |
| 2002 | ret->purpose=s->purpose; | 2253 | |
| 2003 | ret->trust=s->trust; | 2254 | X509_VERIFY_PARAM_inherit(ret->param, s->param); |
| 2004 | 2255 | ||
| 2005 | /* dup the cipher_list and cipher_list_by_id stacks */ | 2256 | /* dup the cipher_list and cipher_list_by_id stacks */ |
| 2006 | if (s->cipher_list != NULL) | 2257 | if (s->cipher_list != NULL) |
| @@ -2052,6 +2303,7 @@ void ssl_clear_cipher_ctx(SSL *s) | |||
| 2052 | OPENSSL_free(s->enc_write_ctx); | 2303 | OPENSSL_free(s->enc_write_ctx); |
| 2053 | s->enc_write_ctx=NULL; | 2304 | s->enc_write_ctx=NULL; |
| 2054 | } | 2305 | } |
| 2306 | #ifndef OPENSSL_NO_COMP | ||
| 2055 | if (s->expand != NULL) | 2307 | if (s->expand != NULL) |
| 2056 | { | 2308 | { |
| 2057 | COMP_CTX_free(s->expand); | 2309 | COMP_CTX_free(s->expand); |
| @@ -2062,6 +2314,7 @@ void ssl_clear_cipher_ctx(SSL *s) | |||
| 2062 | COMP_CTX_free(s->compress); | 2314 | COMP_CTX_free(s->compress); |
| 2063 | s->compress=NULL; | 2315 | s->compress=NULL; |
| 2064 | } | 2316 | } |
| 2317 | #endif | ||
| 2065 | } | 2318 | } |
| 2066 | 2319 | ||
| 2067 | /* Fix this function so that it takes an optional type parameter */ | 2320 | /* Fix this function so that it takes an optional type parameter */ |
| @@ -2088,6 +2341,31 @@ SSL_CIPHER *SSL_get_current_cipher(const SSL *s) | |||
| 2088 | return(s->session->cipher); | 2341 | return(s->session->cipher); |
| 2089 | return(NULL); | 2342 | return(NULL); |
| 2090 | } | 2343 | } |
| 2344 | #ifdef OPENSSL_NO_COMP | ||
| 2345 | const void *SSL_get_current_compression(SSL *s) | ||
| 2346 | { | ||
| 2347 | return NULL; | ||
| 2348 | } | ||
| 2349 | const void *SSL_get_current_expansion(SSL *s) | ||
| 2350 | { | ||
| 2351 | return NULL; | ||
| 2352 | } | ||
| 2353 | #else | ||
| 2354 | |||
| 2355 | const COMP_METHOD *SSL_get_current_compression(SSL *s) | ||
| 2356 | { | ||
| 2357 | if (s->compress != NULL) | ||
| 2358 | return(s->compress->meth); | ||
| 2359 | return(NULL); | ||
| 2360 | } | ||
| 2361 | |||
| 2362 | const COMP_METHOD *SSL_get_current_expansion(SSL *s) | ||
| 2363 | { | ||
| 2364 | if (s->expand != NULL) | ||
| 2365 | return(s->expand->meth); | ||
| 2366 | return(NULL); | ||
| 2367 | } | ||
| 2368 | #endif | ||
| 2091 | 2369 | ||
| 2092 | int ssl_init_wbio_buffer(SSL *s,int push) | 2370 | int ssl_init_wbio_buffer(SSL *s,int push) |
| 2093 | { | 2371 | { |
| @@ -2181,6 +2459,24 @@ SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl) | |||
| 2181 | return(ssl->ctx); | 2459 | return(ssl->ctx); |
| 2182 | } | 2460 | } |
| 2183 | 2461 | ||
| 2462 | SSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX* ctx) | ||
| 2463 | { | ||
| 2464 | if (ssl->ctx == ctx) | ||
| 2465 | return ssl->ctx; | ||
| 2466 | #ifndef OPENSSL_NO_TLSEXT | ||
| 2467 | if (ctx == NULL) | ||
| 2468 | ctx = ssl->initial_ctx; | ||
| 2469 | #endif | ||
| 2470 | if (ssl->cert != NULL) | ||
| 2471 | ssl_cert_free(ssl->cert); | ||
| 2472 | ssl->cert = ssl_cert_dup(ctx->cert); | ||
| 2473 | CRYPTO_add(&ctx->references,1,CRYPTO_LOCK_SSL_CTX); | ||
| 2474 | if (ssl->ctx != NULL) | ||
| 2475 | SSL_CTX_free(ssl->ctx); /* decrement reference count */ | ||
| 2476 | ssl->ctx = ctx; | ||
| 2477 | return(ssl->ctx); | ||
| 2478 | } | ||
| 2479 | |||
| 2184 | #ifndef OPENSSL_NO_STDIO | 2480 | #ifndef OPENSSL_NO_STDIO |
| 2185 | int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx) | 2481 | int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx) |
| 2186 | { | 2482 | { |
| @@ -2190,19 +2486,19 @@ int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx) | |||
| 2190 | int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile, | 2486 | int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile, |
| 2191 | const char *CApath) | 2487 | const char *CApath) |
| 2192 | { | 2488 | { |
| 2193 | int r; | 2489 | return(X509_STORE_load_locations(ctx->cert_store,CAfile,CApath)); |
| 2194 | r=X509_STORE_load_locations(ctx->cert_store,CAfile,CApath); | ||
| 2195 | return r; | ||
| 2196 | } | 2490 | } |
| 2197 | #endif | 2491 | #endif |
| 2198 | 2492 | ||
| 2199 | void SSL_set_info_callback(SSL *ssl, | 2493 | void SSL_set_info_callback(SSL *ssl, |
| 2200 | void (*cb)(const SSL *ssl,int type,int val)) | 2494 | void (*cb)(const SSL *ssl,int type,int val)) |
| 2201 | { | 2495 | { |
| 2202 | ssl->info_callback=cb; | 2496 | ssl->info_callback=cb; |
| 2203 | } | 2497 | } |
| 2204 | 2498 | ||
| 2205 | void (*SSL_get_info_callback(const SSL *ssl))(const SSL *ssl,int type,int val) | 2499 | /* One compiler (Diab DCC) doesn't like argument names in returned |
| 2500 | function pointer. */ | ||
| 2501 | void (*SSL_get_info_callback(const SSL *ssl))(const SSL * /*ssl*/,int /*type*/,int /*val*/) | ||
| 2206 | { | 2502 | { |
| 2207 | return ssl->info_callback; | 2503 | return ssl->info_callback; |
| 2208 | } | 2504 | } |
| @@ -2289,14 +2585,14 @@ void SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx,RSA *(*cb)(SSL *ssl, | |||
| 2289 | int is_export, | 2585 | int is_export, |
| 2290 | int keylength)) | 2586 | int keylength)) |
| 2291 | { | 2587 | { |
| 2292 | SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TMP_RSA_CB,(void (*)())cb); | 2588 | SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TMP_RSA_CB,(void (*)(void))cb); |
| 2293 | } | 2589 | } |
| 2294 | 2590 | ||
| 2295 | void SSL_set_tmp_rsa_callback(SSL *ssl,RSA *(*cb)(SSL *ssl, | 2591 | void SSL_set_tmp_rsa_callback(SSL *ssl,RSA *(*cb)(SSL *ssl, |
| 2296 | int is_export, | 2592 | int is_export, |
| 2297 | int keylength)) | 2593 | int keylength)) |
| 2298 | { | 2594 | { |
| 2299 | SSL_callback_ctrl(ssl,SSL_CTRL_SET_TMP_RSA_CB,(void (*)())cb); | 2595 | SSL_callback_ctrl(ssl,SSL_CTRL_SET_TMP_RSA_CB,(void (*)(void))cb); |
| 2300 | } | 2596 | } |
| 2301 | #endif | 2597 | #endif |
| 2302 | 2598 | ||
| @@ -2325,24 +2621,38 @@ RSA *cb(SSL *ssl,int is_export,int keylength) | |||
| 2325 | void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx,DH *(*dh)(SSL *ssl,int is_export, | 2621 | void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx,DH *(*dh)(SSL *ssl,int is_export, |
| 2326 | int keylength)) | 2622 | int keylength)) |
| 2327 | { | 2623 | { |
| 2328 | SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TMP_DH_CB,(void (*)())dh); | 2624 | SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TMP_DH_CB,(void (*)(void))dh); |
| 2329 | } | 2625 | } |
| 2330 | 2626 | ||
| 2331 | void SSL_set_tmp_dh_callback(SSL *ssl,DH *(*dh)(SSL *ssl,int is_export, | 2627 | void SSL_set_tmp_dh_callback(SSL *ssl,DH *(*dh)(SSL *ssl,int is_export, |
| 2332 | int keylength)) | 2628 | int keylength)) |
| 2333 | { | 2629 | { |
| 2334 | SSL_callback_ctrl(ssl,SSL_CTRL_SET_TMP_DH_CB,(void (*)())dh); | 2630 | SSL_callback_ctrl(ssl,SSL_CTRL_SET_TMP_DH_CB,(void (*)(void))dh); |
| 2631 | } | ||
| 2632 | #endif | ||
| 2633 | |||
| 2634 | #ifndef OPENSSL_NO_ECDH | ||
| 2635 | void SSL_CTX_set_tmp_ecdh_callback(SSL_CTX *ctx,EC_KEY *(*ecdh)(SSL *ssl,int is_export, | ||
| 2636 | int keylength)) | ||
| 2637 | { | ||
| 2638 | SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TMP_ECDH_CB,(void (*)(void))ecdh); | ||
| 2639 | } | ||
| 2640 | |||
| 2641 | void SSL_set_tmp_ecdh_callback(SSL *ssl,EC_KEY *(*ecdh)(SSL *ssl,int is_export, | ||
| 2642 | int keylength)) | ||
| 2643 | { | ||
| 2644 | SSL_callback_ctrl(ssl,SSL_CTRL_SET_TMP_ECDH_CB,(void (*)(void))ecdh); | ||
| 2335 | } | 2645 | } |
| 2336 | #endif | 2646 | #endif |
| 2337 | 2647 | ||
| 2338 | 2648 | ||
| 2339 | void SSL_CTX_set_msg_callback(SSL_CTX *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)) | 2649 | void SSL_CTX_set_msg_callback(SSL_CTX *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)) |
| 2340 | { | 2650 | { |
| 2341 | SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_MSG_CALLBACK, (void (*)())cb); | 2651 | SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_MSG_CALLBACK, (void (*)(void))cb); |
| 2342 | } | 2652 | } |
| 2343 | void SSL_set_msg_callback(SSL *ssl, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)) | 2653 | void SSL_set_msg_callback(SSL *ssl, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)) |
| 2344 | { | 2654 | { |
| 2345 | SSL_callback_ctrl(ssl, SSL_CTRL_SET_MSG_CALLBACK, (void (*)())cb); | 2655 | SSL_callback_ctrl(ssl, SSL_CTRL_SET_MSG_CALLBACK, (void (*)(void))cb); |
| 2346 | } | 2656 | } |
| 2347 | 2657 | ||
| 2348 | 2658 | ||
diff --git a/src/lib/libssl/src/ssl/ssl_locl.h b/src/lib/libssl/src/ssl/ssl_locl.h index 6a0b7595f4..de94c0d0c7 100644 --- a/src/lib/libssl/src/ssl/ssl_locl.h +++ b/src/lib/libssl/src/ssl/ssl_locl.h | |||
| @@ -108,6 +108,11 @@ | |||
| 108 | * Hudson (tjh@cryptsoft.com). | 108 | * Hudson (tjh@cryptsoft.com). |
| 109 | * | 109 | * |
| 110 | */ | 110 | */ |
| 111 | /* ==================================================================== | ||
| 112 | * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. | ||
| 113 | * ECC cipher suite support in OpenSSL originally developed by | ||
| 114 | * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. | ||
| 115 | */ | ||
| 111 | 116 | ||
| 112 | #ifndef HEADER_SSL_LOCL_H | 117 | #ifndef HEADER_SSL_LOCL_H |
| 113 | #define HEADER_SSL_LOCL_H | 118 | #define HEADER_SSL_LOCL_H |
| @@ -121,10 +126,13 @@ | |||
| 121 | #include <openssl/buffer.h> | 126 | #include <openssl/buffer.h> |
| 122 | #include <openssl/comp.h> | 127 | #include <openssl/comp.h> |
| 123 | #include <openssl/bio.h> | 128 | #include <openssl/bio.h> |
| 124 | #include <openssl/crypto.h> | ||
| 125 | #include <openssl/evp.h> | ||
| 126 | #include <openssl/stack.h> | 129 | #include <openssl/stack.h> |
| 127 | #include <openssl/x509.h> | 130 | #ifndef OPENSSL_NO_RSA |
| 131 | #include <openssl/rsa.h> | ||
| 132 | #endif | ||
| 133 | #ifndef OPENSSL_NO_DSA | ||
| 134 | #include <openssl/dsa.h> | ||
| 135 | #endif | ||
| 128 | #include <openssl/err.h> | 136 | #include <openssl/err.h> |
| 129 | #include <openssl/ssl.h> | 137 | #include <openssl/ssl.h> |
| 130 | #include <openssl/symhacks.h> | 138 | #include <openssl/symhacks.h> |
| @@ -172,6 +180,20 @@ | |||
| 172 | *((c)++)=(unsigned char)(((l)>> 8)&0xff), \ | 180 | *((c)++)=(unsigned char)(((l)>> 8)&0xff), \ |
| 173 | *((c)++)=(unsigned char)(((l) )&0xff)) | 181 | *((c)++)=(unsigned char)(((l) )&0xff)) |
| 174 | 182 | ||
| 183 | #define l2n6(l,c) (*((c)++)=(unsigned char)(((l)>>40)&0xff), \ | ||
| 184 | *((c)++)=(unsigned char)(((l)>>32)&0xff), \ | ||
| 185 | *((c)++)=(unsigned char)(((l)>>24)&0xff), \ | ||
| 186 | *((c)++)=(unsigned char)(((l)>>16)&0xff), \ | ||
| 187 | *((c)++)=(unsigned char)(((l)>> 8)&0xff), \ | ||
| 188 | *((c)++)=(unsigned char)(((l) )&0xff)) | ||
| 189 | |||
| 190 | #define n2l6(c,l) (l =((BN_ULLONG)(*((c)++)))<<40, \ | ||
| 191 | l|=((BN_ULLONG)(*((c)++)))<<32, \ | ||
| 192 | l|=((BN_ULLONG)(*((c)++)))<<24, \ | ||
| 193 | l|=((BN_ULLONG)(*((c)++)))<<16, \ | ||
| 194 | l|=((BN_ULLONG)(*((c)++)))<< 8, \ | ||
| 195 | l|=((BN_ULLONG)(*((c)++)))) | ||
| 196 | |||
| 175 | /* NOTE - c is not incremented as per l2c */ | 197 | /* NOTE - c is not incremented as per l2c */ |
| 176 | #define l2cn(l1,l2,c,n) { \ | 198 | #define l2cn(l1,l2,c,n) { \ |
| 177 | c+=n; \ | 199 | c+=n; \ |
| @@ -227,52 +249,58 @@ | |||
| 227 | * that the different entities within are mutually exclusive: | 249 | * that the different entities within are mutually exclusive: |
| 228 | * ONLY ONE BIT PER MASK CAN BE SET AT A TIME. | 250 | * ONLY ONE BIT PER MASK CAN BE SET AT A TIME. |
| 229 | */ | 251 | */ |
| 230 | #define SSL_MKEY_MASK 0x0000003FL | 252 | #define SSL_MKEY_MASK 0x000000FFL |
| 231 | #define SSL_kRSA 0x00000001L /* RSA key exchange */ | 253 | #define SSL_kRSA 0x00000001L /* RSA key exchange */ |
| 232 | #define SSL_kDHr 0x00000002L /* DH cert RSA CA cert */ | 254 | #define SSL_kDHr 0x00000002L /* DH cert RSA CA cert */ |
| 233 | #define SSL_kDHd 0x00000004L /* DH cert DSA CA cert */ | 255 | #define SSL_kDHd 0x00000004L /* DH cert DSA CA cert */ |
| 234 | #define SSL_kFZA 0x00000008L | 256 | #define SSL_kFZA 0x00000008L |
| 235 | #define SSL_kEDH 0x00000010L /* tmp DH key no DH cert */ | 257 | #define SSL_kEDH 0x00000010L /* tmp DH key no DH cert */ |
| 236 | #define SSL_kKRB5 0x00000020L /* Kerberos5 key exchange */ | 258 | #define SSL_kKRB5 0x00000020L /* Kerberos5 key exchange */ |
| 259 | #define SSL_kECDH 0x00000040L /* ECDH w/ long-term keys */ | ||
| 260 | #define SSL_kECDHE 0x00000080L /* ephemeral ECDH */ | ||
| 237 | #define SSL_EDH (SSL_kEDH|(SSL_AUTH_MASK^SSL_aNULL)) | 261 | #define SSL_EDH (SSL_kEDH|(SSL_AUTH_MASK^SSL_aNULL)) |
| 238 | 262 | ||
| 239 | #define SSL_AUTH_MASK 0x00000FC0L | 263 | #define SSL_AUTH_MASK 0x00007F00L |
| 240 | #define SSL_aRSA 0x00000040L /* Authenticate with RSA */ | 264 | #define SSL_aRSA 0x00000100L /* Authenticate with RSA */ |
| 241 | #define SSL_aDSS 0x00000080L /* Authenticate with DSS */ | 265 | #define SSL_aDSS 0x00000200L /* Authenticate with DSS */ |
| 242 | #define SSL_DSS SSL_aDSS | 266 | #define SSL_DSS SSL_aDSS |
| 243 | #define SSL_aFZA 0x00000100L | 267 | #define SSL_aFZA 0x00000400L |
| 244 | #define SSL_aNULL 0x00000200L /* no Authenticate, ADH */ | 268 | #define SSL_aNULL 0x00000800L /* no Authenticate, ADH */ |
| 245 | #define SSL_aDH 0x00000400L /* no Authenticate, ADH */ | 269 | #define SSL_aDH 0x00001000L /* no Authenticate, ADH */ |
| 246 | #define SSL_aKRB5 0x00000800L /* Authenticate with KRB5 */ | 270 | #define SSL_aKRB5 0x00002000L /* Authenticate with KRB5 */ |
| 271 | #define SSL_aECDSA 0x00004000L /* Authenticate with ECDSA */ | ||
| 247 | 272 | ||
| 248 | #define SSL_NULL (SSL_eNULL) | 273 | #define SSL_NULL (SSL_eNULL) |
| 249 | #define SSL_ADH (SSL_kEDH|SSL_aNULL) | 274 | #define SSL_ADH (SSL_kEDH|SSL_aNULL) |
| 250 | #define SSL_RSA (SSL_kRSA|SSL_aRSA) | 275 | #define SSL_RSA (SSL_kRSA|SSL_aRSA) |
| 251 | #define SSL_DH (SSL_kDHr|SSL_kDHd|SSL_kEDH) | 276 | #define SSL_DH (SSL_kDHr|SSL_kDHd|SSL_kEDH) |
| 277 | #define SSL_ECDH (SSL_kECDH|SSL_kECDHE) | ||
| 252 | #define SSL_FZA (SSL_aFZA|SSL_kFZA|SSL_eFZA) | 278 | #define SSL_FZA (SSL_aFZA|SSL_kFZA|SSL_eFZA) |
| 253 | #define SSL_KRB5 (SSL_kKRB5|SSL_aKRB5) | 279 | #define SSL_KRB5 (SSL_kKRB5|SSL_aKRB5) |
| 254 | 280 | ||
| 255 | #define SSL_ENC_MASK 0x0087F000L | 281 | #define SSL_ENC_MASK 0x1C3F8000L |
| 256 | #define SSL_DES 0x00001000L | 282 | #define SSL_DES 0x00008000L |
| 257 | #define SSL_3DES 0x00002000L | 283 | #define SSL_3DES 0x00010000L |
| 258 | #define SSL_RC4 0x00004000L | 284 | #define SSL_RC4 0x00020000L |
| 259 | #define SSL_RC2 0x00008000L | 285 | #define SSL_RC2 0x00040000L |
| 260 | #define SSL_IDEA 0x00010000L | 286 | #define SSL_IDEA 0x00080000L |
| 261 | #define SSL_eFZA 0x00020000L | 287 | #define SSL_eFZA 0x00100000L |
| 262 | #define SSL_eNULL 0x00040000L | 288 | #define SSL_eNULL 0x00200000L |
| 263 | #define SSL_AES 0x00800000L | 289 | #define SSL_AES 0x04000000L |
| 264 | 290 | #define SSL_CAMELLIA 0x08000000L | |
| 265 | #define SSL_MAC_MASK 0x00180000L | 291 | #define SSL_SEED 0x10000000L |
| 266 | #define SSL_MD5 0x00080000L | 292 | |
| 267 | #define SSL_SHA1 0x00100000L | 293 | #define SSL_MAC_MASK 0x00c00000L |
| 294 | #define SSL_MD5 0x00400000L | ||
| 295 | #define SSL_SHA1 0x00800000L | ||
| 268 | #define SSL_SHA (SSL_SHA1) | 296 | #define SSL_SHA (SSL_SHA1) |
| 269 | 297 | ||
| 270 | #define SSL_SSL_MASK 0x00600000L | 298 | #define SSL_SSL_MASK 0x03000000L |
| 271 | #define SSL_SSLV2 0x00200000L | 299 | #define SSL_SSLV2 0x01000000L |
| 272 | #define SSL_SSLV3 0x00400000L | 300 | #define SSL_SSLV3 0x02000000L |
| 273 | #define SSL_TLSV1 SSL_SSLV3 /* for now */ | 301 | #define SSL_TLSV1 SSL_SSLV3 /* for now */ |
| 274 | 302 | ||
| 275 | /* we have used 007fffff - 9 bits left to go */ | 303 | /* we have used 1fffffff - 3 bits left to go. */ |
| 276 | 304 | ||
| 277 | /* | 305 | /* |
| 278 | * Export and cipher strength information. For each cipher we have to decide | 306 | * Export and cipher strength information. For each cipher we have to decide |
| @@ -302,9 +330,8 @@ | |||
| 302 | #define SSL_LOW 0x00000020L | 330 | #define SSL_LOW 0x00000020L |
| 303 | #define SSL_MEDIUM 0x00000040L | 331 | #define SSL_MEDIUM 0x00000040L |
| 304 | #define SSL_HIGH 0x00000080L | 332 | #define SSL_HIGH 0x00000080L |
| 305 | #define SSL_FIPS 0x00000100L | ||
| 306 | 333 | ||
| 307 | /* we have used 000001ff - 23 bits left to go */ | 334 | /* we have used 000000ff - 24 bits left to go */ |
| 308 | 335 | ||
| 309 | /* | 336 | /* |
| 310 | * Macros to check the export status and cipher strength for export ciphers. | 337 | * Macros to check the export status and cipher strength for export ciphers. |
| @@ -345,7 +372,8 @@ | |||
| 345 | #define SSL_PKEY_DSA_SIGN 2 | 372 | #define SSL_PKEY_DSA_SIGN 2 |
| 346 | #define SSL_PKEY_DH_RSA 3 | 373 | #define SSL_PKEY_DH_RSA 3 |
| 347 | #define SSL_PKEY_DH_DSA 4 | 374 | #define SSL_PKEY_DH_DSA 4 |
| 348 | #define SSL_PKEY_NUM 5 | 375 | #define SSL_PKEY_ECC 5 |
| 376 | #define SSL_PKEY_NUM 6 | ||
| 349 | 377 | ||
| 350 | /* SSL_kRSA <- RSA_ENC | (RSA_TMP & RSA_SIGN) | | 378 | /* SSL_kRSA <- RSA_ENC | (RSA_TMP & RSA_SIGN) | |
| 351 | * <- (EXPORT & (RSA_ENC | RSA_TMP) & RSA_SIGN) | 379 | * <- (EXPORT & (RSA_ENC | RSA_TMP) & RSA_SIGN) |
| @@ -361,6 +389,15 @@ | |||
| 361 | #define CERT_PRIVATE_KEY 2 | 389 | #define CERT_PRIVATE_KEY 2 |
| 362 | */ | 390 | */ |
| 363 | 391 | ||
| 392 | #ifndef OPENSSL_NO_EC | ||
| 393 | /* From ECC-TLS draft, used in encoding the curve type in | ||
| 394 | * ECParameters | ||
| 395 | */ | ||
| 396 | #define EXPLICIT_PRIME_CURVE_TYPE 1 | ||
| 397 | #define EXPLICIT_CHAR2_CURVE_TYPE 2 | ||
| 398 | #define NAMED_CURVE_TYPE 3 | ||
| 399 | #endif /* OPENSSL_NO_EC */ | ||
| 400 | |||
| 364 | typedef struct cert_pkey_st | 401 | typedef struct cert_pkey_st |
| 365 | { | 402 | { |
| 366 | X509 *x509; | 403 | X509 *x509; |
| @@ -387,6 +424,11 @@ typedef struct cert_st | |||
| 387 | DH *dh_tmp; | 424 | DH *dh_tmp; |
| 388 | DH *(*dh_tmp_cb)(SSL *ssl,int is_export,int keysize); | 425 | DH *(*dh_tmp_cb)(SSL *ssl,int is_export,int keysize); |
| 389 | #endif | 426 | #endif |
| 427 | #ifndef OPENSSL_NO_ECDH | ||
| 428 | EC_KEY *ecdh_tmp; | ||
| 429 | /* Callback for generating ephemeral ECDH keys */ | ||
| 430 | EC_KEY *(*ecdh_tmp_cb)(SSL *ssl,int is_export,int keysize); | ||
| 431 | #endif | ||
| 390 | 432 | ||
| 391 | CERT_PKEY pkeys[SSL_PKEY_NUM]; | 433 | CERT_PKEY pkeys[SSL_PKEY_NUM]; |
| 392 | 434 | ||
| @@ -412,6 +454,9 @@ typedef struct sess_cert_st | |||
| 412 | #ifndef OPENSSL_NO_DH | 454 | #ifndef OPENSSL_NO_DH |
| 413 | DH *peer_dh_tmp; /* not used for SSL 2 */ | 455 | DH *peer_dh_tmp; /* not used for SSL 2 */ |
| 414 | #endif | 456 | #endif |
| 457 | #ifndef OPENSSL_NO_ECDH | ||
| 458 | EC_KEY *peer_ecdh_tmp; | ||
| 459 | #endif | ||
| 415 | 460 | ||
| 416 | int references; /* actually always 1 at the moment */ | 461 | int references; /* actually always 1 at the moment */ |
| 417 | } SESS_CERT; | 462 | } SESS_CERT; |
| @@ -466,17 +511,201 @@ extern SSL3_ENC_METHOD ssl3_undef_enc_method; | |||
| 466 | OPENSSL_EXTERN SSL_CIPHER ssl2_ciphers[]; | 511 | OPENSSL_EXTERN SSL_CIPHER ssl2_ciphers[]; |
| 467 | OPENSSL_EXTERN SSL_CIPHER ssl3_ciphers[]; | 512 | OPENSSL_EXTERN SSL_CIPHER ssl3_ciphers[]; |
| 468 | 513 | ||
| 469 | #ifdef OPENSSL_SYS_VMS | ||
| 470 | #undef SSL_COMP_get_compression_methods | ||
| 471 | #define SSL_COMP_get_compression_methods SSL_COMP_get_compress_methods | ||
| 472 | #endif | ||
| 473 | |||
| 474 | 514 | ||
| 475 | SSL_METHOD *ssl_bad_method(int ver); | 515 | SSL_METHOD *ssl_bad_method(int ver); |
| 476 | SSL_METHOD *sslv2_base_method(void); | 516 | SSL_METHOD *sslv2_base_method(void); |
| 477 | SSL_METHOD *sslv23_base_method(void); | 517 | SSL_METHOD *sslv23_base_method(void); |
| 478 | SSL_METHOD *sslv3_base_method(void); | 518 | SSL_METHOD *sslv3_base_method(void); |
| 479 | 519 | ||
| 520 | extern SSL3_ENC_METHOD TLSv1_enc_data; | ||
| 521 | extern SSL3_ENC_METHOD SSLv3_enc_data; | ||
| 522 | extern SSL3_ENC_METHOD DTLSv1_enc_data; | ||
| 523 | |||
| 524 | #define IMPLEMENT_tls1_meth_func(func_name, s_accept, s_connect, s_get_meth) \ | ||
| 525 | SSL_METHOD *func_name(void) \ | ||
| 526 | { \ | ||
| 527 | static SSL_METHOD func_name##_data= { \ | ||
| 528 | TLS1_VERSION, \ | ||
| 529 | tls1_new, \ | ||
| 530 | tls1_clear, \ | ||
| 531 | tls1_free, \ | ||
| 532 | s_accept, \ | ||
| 533 | s_connect, \ | ||
| 534 | ssl3_read, \ | ||
| 535 | ssl3_peek, \ | ||
| 536 | ssl3_write, \ | ||
| 537 | ssl3_shutdown, \ | ||
| 538 | ssl3_renegotiate, \ | ||
| 539 | ssl3_renegotiate_check, \ | ||
| 540 | ssl3_get_message, \ | ||
| 541 | ssl3_read_bytes, \ | ||
| 542 | ssl3_write_bytes, \ | ||
| 543 | ssl3_dispatch_alert, \ | ||
| 544 | ssl3_ctrl, \ | ||
| 545 | ssl3_ctx_ctrl, \ | ||
| 546 | ssl3_get_cipher_by_char, \ | ||
| 547 | ssl3_put_cipher_by_char, \ | ||
| 548 | ssl3_pending, \ | ||
| 549 | ssl3_num_ciphers, \ | ||
| 550 | ssl3_get_cipher, \ | ||
| 551 | s_get_meth, \ | ||
| 552 | tls1_default_timeout, \ | ||
| 553 | &TLSv1_enc_data, \ | ||
| 554 | ssl_undefined_void_function, \ | ||
| 555 | ssl3_callback_ctrl, \ | ||
| 556 | ssl3_ctx_callback_ctrl, \ | ||
| 557 | }; \ | ||
| 558 | return &func_name##_data; \ | ||
| 559 | } | ||
| 560 | |||
| 561 | #define IMPLEMENT_ssl3_meth_func(func_name, s_accept, s_connect, s_get_meth) \ | ||
| 562 | SSL_METHOD *func_name(void) \ | ||
| 563 | { \ | ||
| 564 | static SSL_METHOD func_name##_data= { \ | ||
| 565 | SSL3_VERSION, \ | ||
| 566 | ssl3_new, \ | ||
| 567 | ssl3_clear, \ | ||
| 568 | ssl3_free, \ | ||
| 569 | s_accept, \ | ||
| 570 | s_connect, \ | ||
| 571 | ssl3_read, \ | ||
| 572 | ssl3_peek, \ | ||
| 573 | ssl3_write, \ | ||
| 574 | ssl3_shutdown, \ | ||
| 575 | ssl3_renegotiate, \ | ||
| 576 | ssl3_renegotiate_check, \ | ||
| 577 | ssl3_get_message, \ | ||
| 578 | ssl3_read_bytes, \ | ||
| 579 | ssl3_write_bytes, \ | ||
| 580 | ssl3_dispatch_alert, \ | ||
| 581 | ssl3_ctrl, \ | ||
| 582 | ssl3_ctx_ctrl, \ | ||
| 583 | ssl3_get_cipher_by_char, \ | ||
| 584 | ssl3_put_cipher_by_char, \ | ||
| 585 | ssl3_pending, \ | ||
| 586 | ssl3_num_ciphers, \ | ||
| 587 | ssl3_get_cipher, \ | ||
| 588 | s_get_meth, \ | ||
| 589 | ssl3_default_timeout, \ | ||
| 590 | &SSLv3_enc_data, \ | ||
| 591 | ssl_undefined_void_function, \ | ||
| 592 | ssl3_callback_ctrl, \ | ||
| 593 | ssl3_ctx_callback_ctrl, \ | ||
| 594 | }; \ | ||
| 595 | return &func_name##_data; \ | ||
| 596 | } | ||
| 597 | |||
| 598 | #define IMPLEMENT_ssl23_meth_func(func_name, s_accept, s_connect, s_get_meth) \ | ||
| 599 | SSL_METHOD *func_name(void) \ | ||
| 600 | { \ | ||
| 601 | static SSL_METHOD func_name##_data= { \ | ||
| 602 | TLS1_VERSION, \ | ||
| 603 | tls1_new, \ | ||
| 604 | tls1_clear, \ | ||
| 605 | tls1_free, \ | ||
| 606 | s_accept, \ | ||
| 607 | s_connect, \ | ||
| 608 | ssl23_read, \ | ||
| 609 | ssl23_peek, \ | ||
| 610 | ssl23_write, \ | ||
| 611 | ssl_undefined_function, \ | ||
| 612 | ssl_undefined_function, \ | ||
| 613 | ssl_ok, \ | ||
| 614 | ssl3_get_message, \ | ||
| 615 | ssl3_read_bytes, \ | ||
| 616 | ssl3_write_bytes, \ | ||
| 617 | ssl3_dispatch_alert, \ | ||
| 618 | ssl3_ctrl, \ | ||
| 619 | ssl3_ctx_ctrl, \ | ||
| 620 | ssl23_get_cipher_by_char, \ | ||
| 621 | ssl23_put_cipher_by_char, \ | ||
| 622 | ssl_undefined_const_function, \ | ||
| 623 | ssl23_num_ciphers, \ | ||
| 624 | ssl23_get_cipher, \ | ||
| 625 | s_get_meth, \ | ||
| 626 | ssl23_default_timeout, \ | ||
| 627 | &ssl3_undef_enc_method, \ | ||
| 628 | ssl_undefined_void_function, \ | ||
| 629 | ssl3_callback_ctrl, \ | ||
| 630 | ssl3_ctx_callback_ctrl, \ | ||
| 631 | }; \ | ||
| 632 | return &func_name##_data; \ | ||
| 633 | } | ||
| 634 | |||
| 635 | #define IMPLEMENT_ssl2_meth_func(func_name, s_accept, s_connect, s_get_meth) \ | ||
| 636 | SSL_METHOD *func_name(void) \ | ||
| 637 | { \ | ||
| 638 | static SSL_METHOD func_name##_data= { \ | ||
| 639 | SSL2_VERSION, \ | ||
| 640 | ssl2_new, /* local */ \ | ||
| 641 | ssl2_clear, /* local */ \ | ||
| 642 | ssl2_free, /* local */ \ | ||
| 643 | s_accept, \ | ||
| 644 | s_connect, \ | ||
| 645 | ssl2_read, \ | ||
| 646 | ssl2_peek, \ | ||
| 647 | ssl2_write, \ | ||
| 648 | ssl2_shutdown, \ | ||
| 649 | ssl_ok, /* NULL - renegotiate */ \ | ||
| 650 | ssl_ok, /* NULL - check renegotiate */ \ | ||
| 651 | NULL, /* NULL - ssl_get_message */ \ | ||
| 652 | NULL, /* NULL - ssl_get_record */ \ | ||
| 653 | NULL, /* NULL - ssl_write_bytes */ \ | ||
| 654 | NULL, /* NULL - dispatch_alert */ \ | ||
| 655 | ssl2_ctrl, /* local */ \ | ||
| 656 | ssl2_ctx_ctrl, /* local */ \ | ||
| 657 | ssl2_get_cipher_by_char, \ | ||
| 658 | ssl2_put_cipher_by_char, \ | ||
| 659 | ssl2_pending, \ | ||
| 660 | ssl2_num_ciphers, \ | ||
| 661 | ssl2_get_cipher, \ | ||
| 662 | s_get_meth, \ | ||
| 663 | ssl2_default_timeout, \ | ||
| 664 | &ssl3_undef_enc_method, \ | ||
| 665 | ssl_undefined_void_function, \ | ||
| 666 | ssl2_callback_ctrl, /* local */ \ | ||
| 667 | ssl2_ctx_callback_ctrl, /* local */ \ | ||
| 668 | }; \ | ||
| 669 | return &func_name##_data; \ | ||
| 670 | } | ||
| 671 | |||
| 672 | #define IMPLEMENT_dtls1_meth_func(func_name, s_accept, s_connect, s_get_meth) \ | ||
| 673 | SSL_METHOD *func_name(void) \ | ||
| 674 | { \ | ||
| 675 | static SSL_METHOD func_name##_data= { \ | ||
| 676 | DTLS1_VERSION, \ | ||
| 677 | dtls1_new, \ | ||
| 678 | dtls1_clear, \ | ||
| 679 | dtls1_free, \ | ||
| 680 | s_accept, \ | ||
| 681 | s_connect, \ | ||
| 682 | ssl3_read, \ | ||
| 683 | ssl3_peek, \ | ||
| 684 | ssl3_write, \ | ||
| 685 | ssl3_shutdown, \ | ||
| 686 | ssl3_renegotiate, \ | ||
| 687 | ssl3_renegotiate_check, \ | ||
| 688 | dtls1_get_message, \ | ||
| 689 | dtls1_read_bytes, \ | ||
| 690 | dtls1_write_app_data_bytes, \ | ||
| 691 | dtls1_dispatch_alert, \ | ||
| 692 | ssl3_ctrl, \ | ||
| 693 | ssl3_ctx_ctrl, \ | ||
| 694 | ssl3_get_cipher_by_char, \ | ||
| 695 | ssl3_put_cipher_by_char, \ | ||
| 696 | ssl3_pending, \ | ||
| 697 | ssl3_num_ciphers, \ | ||
| 698 | dtls1_get_cipher, \ | ||
| 699 | s_get_meth, \ | ||
| 700 | dtls1_default_timeout, \ | ||
| 701 | &DTLSv1_enc_data, \ | ||
| 702 | ssl_undefined_void_function, \ | ||
| 703 | ssl3_callback_ctrl, \ | ||
| 704 | ssl3_ctx_callback_ctrl, \ | ||
| 705 | }; \ | ||
| 706 | return &func_name##_data; \ | ||
| 707 | } | ||
| 708 | |||
| 480 | void ssl_clear_cipher_ctx(SSL *s); | 709 | void ssl_clear_cipher_ctx(SSL *s); |
| 481 | int ssl_clear_bad_session(SSL *s); | 710 | int ssl_clear_bad_session(SSL *s); |
| 482 | CERT *ssl_cert_new(void); | 711 | CERT *ssl_cert_new(void); |
| @@ -487,7 +716,7 @@ SESS_CERT *ssl_sess_cert_new(void); | |||
| 487 | void ssl_sess_cert_free(SESS_CERT *sc); | 716 | void ssl_sess_cert_free(SESS_CERT *sc); |
| 488 | int ssl_set_peer_cert_type(SESS_CERT *c, int type); | 717 | int ssl_set_peer_cert_type(SESS_CERT *c, int type); |
| 489 | int ssl_get_new_session(SSL *s, int session); | 718 | int ssl_get_new_session(SSL *s, int session); |
| 490 | int ssl_get_prev_session(SSL *s, unsigned char *session,int len); | 719 | int ssl_get_prev_session(SSL *s, unsigned char *session,int len, const unsigned char *limit); |
| 491 | int ssl_cipher_id_cmp(const SSL_CIPHER *a,const SSL_CIPHER *b); | 720 | int ssl_cipher_id_cmp(const SSL_CIPHER *a,const SSL_CIPHER *b); |
| 492 | int ssl_cipher_ptr_id_cmp(const SSL_CIPHER * const *ap, | 721 | int ssl_cipher_ptr_id_cmp(const SSL_CIPHER * const *ap, |
| 493 | const SSL_CIPHER * const *bp); | 722 | const SSL_CIPHER * const *bp); |
| @@ -504,6 +733,7 @@ int ssl_cipher_get_evp(const SSL_SESSION *s,const EVP_CIPHER **enc, | |||
| 504 | const EVP_MD **md,SSL_COMP **comp); | 733 | const EVP_MD **md,SSL_COMP **comp); |
| 505 | int ssl_verify_cert_chain(SSL *s,STACK_OF(X509) *sk); | 734 | int ssl_verify_cert_chain(SSL *s,STACK_OF(X509) *sk); |
| 506 | int ssl_undefined_function(SSL *s); | 735 | int ssl_undefined_function(SSL *s); |
| 736 | int ssl_undefined_void_function(void); | ||
| 507 | int ssl_undefined_const_function(const SSL *s); | 737 | int ssl_undefined_const_function(const SSL *s); |
| 508 | X509 *ssl_get_server_send_cert(SSL *); | 738 | X509 *ssl_get_server_send_cert(SSL *); |
| 509 | EVP_PKEY *ssl_get_sign_pkey(SSL *,SSL_CIPHER *); | 739 | EVP_PKEY *ssl_get_sign_pkey(SSL *,SSL_CIPHER *); |
| @@ -511,6 +741,7 @@ int ssl_cert_type(X509 *x,EVP_PKEY *pkey); | |||
| 511 | void ssl_set_cert_masks(CERT *c, SSL_CIPHER *cipher); | 741 | void ssl_set_cert_masks(CERT *c, SSL_CIPHER *cipher); |
| 512 | STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s); | 742 | STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s); |
| 513 | int ssl_verify_alarm_type(long type); | 743 | int ssl_verify_alarm_type(long type); |
| 744 | void ssl_load_ciphers(void); | ||
| 514 | 745 | ||
| 515 | int ssl2_enc_init(SSL *s, int client); | 746 | int ssl2_enc_init(SSL *s, int client); |
| 516 | int ssl2_generate_key_material(SSL *s); | 747 | int ssl2_generate_key_material(SSL *s); |
| @@ -520,7 +751,7 @@ SSL_CIPHER *ssl2_get_cipher_by_char(const unsigned char *p); | |||
| 520 | int ssl2_put_cipher_by_char(const SSL_CIPHER *c,unsigned char *p); | 751 | int ssl2_put_cipher_by_char(const SSL_CIPHER *c,unsigned char *p); |
| 521 | int ssl2_part_read(SSL *s, unsigned long f, int i); | 752 | int ssl2_part_read(SSL *s, unsigned long f, int i); |
| 522 | int ssl2_do_write(SSL *s); | 753 | int ssl2_do_write(SSL *s); |
| 523 | int ssl2_set_certificate(SSL *s, int type, int len, unsigned char *data); | 754 | int ssl2_set_certificate(SSL *s, int type, int len, const unsigned char *data); |
| 524 | void ssl2_return_error(SSL *s,int reason); | 755 | void ssl2_return_error(SSL *s,int reason); |
| 525 | void ssl2_write_error(SSL *s); | 756 | void ssl2_write_error(SSL *s); |
| 526 | int ssl2_num_ciphers(void); | 757 | int ssl2_num_ciphers(void); |
| @@ -536,14 +767,17 @@ int ssl2_shutdown(SSL *s); | |||
| 536 | void ssl2_clear(SSL *s); | 767 | void ssl2_clear(SSL *s); |
| 537 | long ssl2_ctrl(SSL *s,int cmd, long larg, void *parg); | 768 | long ssl2_ctrl(SSL *s,int cmd, long larg, void *parg); |
| 538 | long ssl2_ctx_ctrl(SSL_CTX *s,int cmd, long larg, void *parg); | 769 | long ssl2_ctx_ctrl(SSL_CTX *s,int cmd, long larg, void *parg); |
| 539 | long ssl2_callback_ctrl(SSL *s,int cmd, void (*fp)()); | 770 | long ssl2_callback_ctrl(SSL *s,int cmd, void (*fp)(void)); |
| 540 | long ssl2_ctx_callback_ctrl(SSL_CTX *s,int cmd, void (*fp)()); | 771 | long ssl2_ctx_callback_ctrl(SSL_CTX *s,int cmd, void (*fp)(void)); |
| 541 | int ssl2_pending(const SSL *s); | 772 | int ssl2_pending(const SSL *s); |
| 773 | long ssl2_default_timeout(void ); | ||
| 542 | 774 | ||
| 543 | SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p); | 775 | SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p); |
| 544 | int ssl3_put_cipher_by_char(const SSL_CIPHER *c,unsigned char *p); | 776 | int ssl3_put_cipher_by_char(const SSL_CIPHER *c,unsigned char *p); |
| 545 | void ssl3_init_finished_mac(SSL *s); | 777 | void ssl3_init_finished_mac(SSL *s); |
| 546 | int ssl3_send_server_certificate(SSL *s); | 778 | int ssl3_send_server_certificate(SSL *s); |
| 779 | int ssl3_send_newsession_ticket(SSL *s); | ||
| 780 | int ssl3_send_cert_status(SSL *s); | ||
| 547 | int ssl3_get_finished(SSL *s,int state_a,int state_b); | 781 | int ssl3_get_finished(SSL *s,int state_a,int state_b); |
| 548 | int ssl3_setup_key_block(SSL *s); | 782 | int ssl3_setup_key_block(SSL *s); |
| 549 | int ssl3_send_change_cipher_spec(SSL *s,int state_a,int state_b); | 783 | int ssl3_send_change_cipher_spec(SSL *s,int state_a,int state_b); |
| @@ -584,10 +818,94 @@ int ssl3_shutdown(SSL *s); | |||
| 584 | void ssl3_clear(SSL *s); | 818 | void ssl3_clear(SSL *s); |
| 585 | long ssl3_ctrl(SSL *s,int cmd, long larg, void *parg); | 819 | long ssl3_ctrl(SSL *s,int cmd, long larg, void *parg); |
| 586 | long ssl3_ctx_ctrl(SSL_CTX *s,int cmd, long larg, void *parg); | 820 | long ssl3_ctx_ctrl(SSL_CTX *s,int cmd, long larg, void *parg); |
| 587 | long ssl3_callback_ctrl(SSL *s,int cmd, void (*fp)()); | 821 | long ssl3_callback_ctrl(SSL *s,int cmd, void (*fp)(void)); |
| 588 | long ssl3_ctx_callback_ctrl(SSL_CTX *s,int cmd, void (*fp)()); | 822 | long ssl3_ctx_callback_ctrl(SSL_CTX *s,int cmd, void (*fp)(void)); |
| 589 | int ssl3_pending(const SSL *s); | 823 | int ssl3_pending(const SSL *s); |
| 590 | 824 | ||
| 825 | void ssl3_record_sequence_update(unsigned char *seq); | ||
| 826 | int ssl3_do_change_cipher_spec(SSL *ssl); | ||
| 827 | long ssl3_default_timeout(void ); | ||
| 828 | |||
| 829 | int ssl23_num_ciphers(void ); | ||
| 830 | SSL_CIPHER *ssl23_get_cipher(unsigned int u); | ||
| 831 | int ssl23_read(SSL *s, void *buf, int len); | ||
| 832 | int ssl23_peek(SSL *s, void *buf, int len); | ||
| 833 | int ssl23_write(SSL *s, const void *buf, int len); | ||
| 834 | int ssl23_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p); | ||
| 835 | SSL_CIPHER *ssl23_get_cipher_by_char(const unsigned char *p); | ||
| 836 | long ssl23_default_timeout(void ); | ||
| 837 | |||
| 838 | long tls1_default_timeout(void); | ||
| 839 | int dtls1_do_write(SSL *s,int type); | ||
| 840 | int ssl3_read_n(SSL *s, int n, int max, int extend); | ||
| 841 | int dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek); | ||
| 842 | int ssl3_do_compress(SSL *ssl); | ||
| 843 | int ssl3_do_uncompress(SSL *ssl); | ||
| 844 | int ssl3_write_pending(SSL *s, int type, const unsigned char *buf, | ||
| 845 | unsigned int len); | ||
| 846 | unsigned char *dtls1_set_message_header(SSL *s, | ||
| 847 | unsigned char *p, unsigned char mt, unsigned long len, | ||
| 848 | unsigned long frag_off, unsigned long frag_len); | ||
| 849 | |||
| 850 | int dtls1_write_app_data_bytes(SSL *s, int type, const void *buf, int len); | ||
| 851 | int dtls1_write_bytes(SSL *s, int type, const void *buf, int len); | ||
| 852 | |||
| 853 | int dtls1_send_change_cipher_spec(SSL *s, int a, int b); | ||
| 854 | int dtls1_send_finished(SSL *s, int a, int b, const char *sender, int slen); | ||
| 855 | unsigned long dtls1_output_cert_chain(SSL *s, X509 *x); | ||
| 856 | int dtls1_read_failed(SSL *s, int code); | ||
| 857 | int dtls1_buffer_message(SSL *s, int ccs); | ||
| 858 | int dtls1_retransmit_message(SSL *s, unsigned short seq, | ||
| 859 | unsigned long frag_off, int *found); | ||
| 860 | void dtls1_clear_record_buffer(SSL *s); | ||
| 861 | void dtls1_get_message_header(unsigned char *data, struct hm_header_st *msg_hdr); | ||
| 862 | void dtls1_get_ccs_header(unsigned char *data, struct ccs_header_st *ccs_hdr); | ||
| 863 | void dtls1_reset_seq_numbers(SSL *s, int rw); | ||
| 864 | long dtls1_default_timeout(void); | ||
| 865 | SSL_CIPHER *dtls1_get_cipher(unsigned int u); | ||
| 866 | |||
| 867 | |||
| 868 | |||
| 869 | /* some client-only functions */ | ||
| 870 | int ssl3_client_hello(SSL *s); | ||
| 871 | int ssl3_get_server_hello(SSL *s); | ||
| 872 | int ssl3_get_certificate_request(SSL *s); | ||
| 873 | int ssl3_get_new_session_ticket(SSL *s); | ||
| 874 | int ssl3_get_cert_status(SSL *s); | ||
| 875 | int ssl3_get_server_done(SSL *s); | ||
| 876 | int ssl3_send_client_verify(SSL *s); | ||
| 877 | int ssl3_send_client_certificate(SSL *s); | ||
| 878 | int ssl3_send_client_key_exchange(SSL *s); | ||
| 879 | int ssl3_get_key_exchange(SSL *s); | ||
| 880 | int ssl3_get_server_certificate(SSL *s); | ||
| 881 | int ssl3_check_cert_and_algorithm(SSL *s); | ||
| 882 | |||
| 883 | int dtls1_client_hello(SSL *s); | ||
| 884 | int dtls1_send_client_certificate(SSL *s); | ||
| 885 | int dtls1_send_client_key_exchange(SSL *s); | ||
| 886 | int dtls1_send_client_verify(SSL *s); | ||
| 887 | |||
| 888 | /* some server-only functions */ | ||
| 889 | int ssl3_get_client_hello(SSL *s); | ||
| 890 | int ssl3_send_server_hello(SSL *s); | ||
| 891 | int ssl3_send_hello_request(SSL *s); | ||
| 892 | int ssl3_send_server_key_exchange(SSL *s); | ||
| 893 | int ssl3_send_certificate_request(SSL *s); | ||
| 894 | int ssl3_send_server_done(SSL *s); | ||
| 895 | int ssl3_check_client_hello(SSL *s); | ||
| 896 | int ssl3_get_client_certificate(SSL *s); | ||
| 897 | int ssl3_get_client_key_exchange(SSL *s); | ||
| 898 | int ssl3_get_cert_verify(SSL *s); | ||
| 899 | |||
| 900 | int dtls1_send_hello_request(SSL *s); | ||
| 901 | int dtls1_send_server_hello(SSL *s); | ||
| 902 | int dtls1_send_server_certificate(SSL *s); | ||
| 903 | int dtls1_send_server_key_exchange(SSL *s); | ||
| 904 | int dtls1_send_certificate_request(SSL *s); | ||
| 905 | int dtls1_send_server_done(SSL *s); | ||
| 906 | |||
| 907 | |||
| 908 | |||
| 591 | int ssl23_accept(SSL *s); | 909 | int ssl23_accept(SSL *s); |
| 592 | int ssl23_connect(SSL *s); | 910 | int ssl23_connect(SSL *s); |
| 593 | int ssl23_read_bytes(SSL *s, int n); | 911 | int ssl23_read_bytes(SSL *s, int n); |
| @@ -597,9 +915,24 @@ int tls1_new(SSL *s); | |||
| 597 | void tls1_free(SSL *s); | 915 | void tls1_free(SSL *s); |
| 598 | void tls1_clear(SSL *s); | 916 | void tls1_clear(SSL *s); |
| 599 | long tls1_ctrl(SSL *s,int cmd, long larg, void *parg); | 917 | long tls1_ctrl(SSL *s,int cmd, long larg, void *parg); |
| 600 | long tls1_callback_ctrl(SSL *s,int cmd, void (*fp)()); | 918 | long tls1_callback_ctrl(SSL *s,int cmd, void (*fp)(void)); |
| 601 | SSL_METHOD *tlsv1_base_method(void ); | 919 | SSL_METHOD *tlsv1_base_method(void ); |
| 602 | 920 | ||
| 921 | int dtls1_new(SSL *s); | ||
| 922 | int dtls1_accept(SSL *s); | ||
| 923 | int dtls1_connect(SSL *s); | ||
| 924 | void dtls1_free(SSL *s); | ||
| 925 | void dtls1_clear(SSL *s); | ||
| 926 | long dtls1_ctrl(SSL *s,int cmd, long larg, void *parg); | ||
| 927 | SSL_METHOD *dtlsv1_base_method(void ); | ||
| 928 | |||
| 929 | long dtls1_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok); | ||
| 930 | int dtls1_get_record(SSL *s); | ||
| 931 | int do_dtls1_write(SSL *s, int type, const unsigned char *buf, | ||
| 932 | unsigned int len, int create_empty_fragement); | ||
| 933 | int dtls1_dispatch_alert(SSL *s); | ||
| 934 | int dtls1_enc(SSL *s, int snd); | ||
| 935 | |||
| 603 | int ssl_init_wbio_buffer(SSL *s, int push); | 936 | int ssl_init_wbio_buffer(SSL *s, int push); |
| 604 | void ssl_free_wbio_buffer(SSL *s); | 937 | void ssl_free_wbio_buffer(SSL *s); |
| 605 | 938 | ||
| @@ -616,8 +949,28 @@ int tls1_alert_code(int code); | |||
| 616 | int ssl3_alert_code(int code); | 949 | int ssl3_alert_code(int code); |
| 617 | int ssl_ok(SSL *s); | 950 | int ssl_ok(SSL *s); |
| 618 | 951 | ||
| 952 | int check_srvr_ecc_cert_and_alg(X509 *x, SSL_CIPHER *cs); | ||
| 953 | |||
| 619 | SSL_COMP *ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n); | 954 | SSL_COMP *ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n); |
| 620 | STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void); | ||
| 621 | 955 | ||
| 956 | #ifndef OPENSSL_NO_TLSEXT | ||
| 957 | unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned char *limit); | ||
| 958 | unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned char *limit); | ||
| 959 | int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **data, unsigned char *d, int n, int *al); | ||
| 960 | int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **data, unsigned char *d, int n, int *al); | ||
| 961 | int ssl_prepare_clienthello_tlsext(SSL *s); | ||
| 962 | int ssl_prepare_serverhello_tlsext(SSL *s); | ||
| 963 | int ssl_check_clienthello_tlsext(SSL *s); | ||
| 964 | int ssl_check_serverhello_tlsext(SSL *s); | ||
| 965 | #ifdef OPENSSL_NO_SHA256 | ||
| 966 | #define tlsext_tick_md EVP_sha1 | ||
| 967 | #else | ||
| 968 | #define tlsext_tick_md EVP_sha256 | ||
| 969 | #endif | ||
| 970 | int tls1_process_ticket(SSL *s, unsigned char *session_id, int len, | ||
| 971 | const unsigned char *limit, SSL_SESSION **ret); | ||
| 972 | EVP_MD_CTX* ssl_replace_hash(EVP_MD_CTX **hash,const EVP_MD *md) ; | ||
| 973 | void ssl_clear_hash_ctx(EVP_MD_CTX **hash); | ||
| 974 | #endif | ||
| 622 | 975 | ||
| 623 | #endif | 976 | #endif |
diff --git a/src/lib/libssl/src/ssl/ssl_rsa.c b/src/lib/libssl/src/ssl/ssl_rsa.c index fb0bd4d045..27113eba50 100644 --- a/src/lib/libssl/src/ssl/ssl_rsa.c +++ b/src/lib/libssl/src/ssl/ssl_rsa.c | |||
| @@ -131,7 +131,7 @@ end: | |||
| 131 | } | 131 | } |
| 132 | #endif | 132 | #endif |
| 133 | 133 | ||
| 134 | int SSL_use_certificate_ASN1(SSL *ssl, unsigned char *d, int len) | 134 | int SSL_use_certificate_ASN1(SSL *ssl, const unsigned char *d, int len) |
| 135 | { | 135 | { |
| 136 | X509 *x; | 136 | X509 *x; |
| 137 | int ret; | 137 | int ret; |
| @@ -181,7 +181,7 @@ int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa) | |||
| 181 | 181 | ||
| 182 | static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey) | 182 | static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey) |
| 183 | { | 183 | { |
| 184 | int i,ok=0,bad=0; | 184 | int i; |
| 185 | 185 | ||
| 186 | i=ssl_cert_type(NULL,pkey); | 186 | i=ssl_cert_type(NULL,pkey); |
| 187 | if (i < 0) | 187 | if (i < 0) |
| @@ -202,47 +202,18 @@ static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey) | |||
| 202 | /* Don't check the public/private key, this is mostly | 202 | /* Don't check the public/private key, this is mostly |
| 203 | * for smart cards. */ | 203 | * for smart cards. */ |
| 204 | if ((pkey->type == EVP_PKEY_RSA) && | 204 | if ((pkey->type == EVP_PKEY_RSA) && |
| 205 | (RSA_flags(pkey->pkey.rsa) & | 205 | (RSA_flags(pkey->pkey.rsa) & RSA_METHOD_FLAG_NO_CHECK)) |
| 206 | RSA_METHOD_FLAG_NO_CHECK)) | 206 | ; |
| 207 | ok=1; | ||
| 208 | else | 207 | else |
| 209 | #endif | 208 | #endif |
| 210 | if (!X509_check_private_key(c->pkeys[i].x509,pkey)) | 209 | if (!X509_check_private_key(c->pkeys[i].x509,pkey)) |
| 211 | { | 210 | { |
| 212 | if ((i == SSL_PKEY_DH_RSA) || (i == SSL_PKEY_DH_DSA)) | 211 | X509_free(c->pkeys[i].x509); |
| 213 | { | 212 | c->pkeys[i].x509 = NULL; |
| 214 | i=(i == SSL_PKEY_DH_RSA)? | 213 | return 0; |
| 215 | SSL_PKEY_DH_DSA:SSL_PKEY_DH_RSA; | ||
| 216 | |||
| 217 | if (c->pkeys[i].x509 == NULL) | ||
| 218 | ok=1; | ||
| 219 | else | ||
| 220 | { | ||
| 221 | if (!X509_check_private_key( | ||
| 222 | c->pkeys[i].x509,pkey)) | ||
| 223 | bad=1; | ||
| 224 | else | ||
| 225 | ok=1; | ||
| 226 | } | ||
| 227 | } | ||
| 228 | else | ||
| 229 | bad=1; | ||
| 230 | } | 214 | } |
| 231 | else | ||
| 232 | ok=1; | ||
| 233 | } | ||
| 234 | else | ||
| 235 | ok=1; | ||
| 236 | |||
| 237 | if (bad) | ||
| 238 | { | ||
| 239 | X509_free(c->pkeys[i].x509); | ||
| 240 | c->pkeys[i].x509=NULL; | ||
| 241 | return(0); | ||
| 242 | } | 215 | } |
| 243 | 216 | ||
| 244 | ERR_clear_error(); /* make sure no error from X509_check_private_key() | ||
| 245 | * is left if we have chosen to ignore it */ | ||
| 246 | if (c->pkeys[i].privatekey != NULL) | 217 | if (c->pkeys[i].privatekey != NULL) |
| 247 | EVP_PKEY_free(c->pkeys[i].privatekey); | 218 | EVP_PKEY_free(c->pkeys[i].privatekey); |
| 248 | CRYPTO_add(&pkey->references,1,CRYPTO_LOCK_EVP_PKEY); | 219 | CRYPTO_add(&pkey->references,1,CRYPTO_LOCK_EVP_PKEY); |
| @@ -364,6 +335,11 @@ int SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type) | |||
| 364 | pkey=PEM_read_bio_PrivateKey(in,NULL, | 335 | pkey=PEM_read_bio_PrivateKey(in,NULL, |
| 365 | ssl->ctx->default_passwd_callback,ssl->ctx->default_passwd_callback_userdata); | 336 | ssl->ctx->default_passwd_callback,ssl->ctx->default_passwd_callback_userdata); |
| 366 | } | 337 | } |
| 338 | else if (type == SSL_FILETYPE_ASN1) | ||
| 339 | { | ||
| 340 | j = ERR_R_ASN1_LIB; | ||
| 341 | pkey = d2i_PrivateKey_bio(in,NULL); | ||
| 342 | } | ||
| 367 | else | 343 | else |
| 368 | { | 344 | { |
| 369 | SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE,SSL_R_BAD_SSL_FILETYPE); | 345 | SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE,SSL_R_BAD_SSL_FILETYPE); |
| @@ -382,10 +358,10 @@ end: | |||
| 382 | } | 358 | } |
| 383 | #endif | 359 | #endif |
| 384 | 360 | ||
| 385 | int SSL_use_PrivateKey_ASN1(int type, SSL *ssl, unsigned char *d, long len) | 361 | int SSL_use_PrivateKey_ASN1(int type, SSL *ssl, const unsigned char *d, long len) |
| 386 | { | 362 | { |
| 387 | int ret; | 363 | int ret; |
| 388 | unsigned char *p; | 364 | const unsigned char *p; |
| 389 | EVP_PKEY *pkey; | 365 | EVP_PKEY *pkey; |
| 390 | 366 | ||
| 391 | p=d; | 367 | p=d; |
| @@ -418,7 +394,7 @@ int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x) | |||
| 418 | static int ssl_set_cert(CERT *c, X509 *x) | 394 | static int ssl_set_cert(CERT *c, X509 *x) |
| 419 | { | 395 | { |
| 420 | EVP_PKEY *pkey; | 396 | EVP_PKEY *pkey; |
| 421 | int i,ok=0,bad=0; | 397 | int i; |
| 422 | 398 | ||
| 423 | pkey=X509_get_pubkey(x); | 399 | pkey=X509_get_pubkey(x); |
| 424 | if (pkey == NULL) | 400 | if (pkey == NULL) |
| @@ -446,44 +422,23 @@ static int ssl_set_cert(CERT *c, X509 *x) | |||
| 446 | if ((c->pkeys[i].privatekey->type == EVP_PKEY_RSA) && | 422 | if ((c->pkeys[i].privatekey->type == EVP_PKEY_RSA) && |
| 447 | (RSA_flags(c->pkeys[i].privatekey->pkey.rsa) & | 423 | (RSA_flags(c->pkeys[i].privatekey->pkey.rsa) & |
| 448 | RSA_METHOD_FLAG_NO_CHECK)) | 424 | RSA_METHOD_FLAG_NO_CHECK)) |
| 449 | ok=1; | 425 | ; |
| 450 | else | 426 | else |
| 451 | #endif | 427 | #endif /* OPENSSL_NO_RSA */ |
| 452 | { | ||
| 453 | if (!X509_check_private_key(x,c->pkeys[i].privatekey)) | 428 | if (!X509_check_private_key(x,c->pkeys[i].privatekey)) |
| 454 | { | 429 | { |
| 455 | if ((i == SSL_PKEY_DH_RSA) || (i == SSL_PKEY_DH_DSA)) | 430 | /* don't fail for a cert/key mismatch, just free |
| 456 | { | 431 | * current private key (when switching to a different |
| 457 | i=(i == SSL_PKEY_DH_RSA)? | 432 | * cert & key, first this function should be used, |
| 458 | SSL_PKEY_DH_DSA:SSL_PKEY_DH_RSA; | 433 | * then ssl_set_pkey */ |
| 459 | 434 | EVP_PKEY_free(c->pkeys[i].privatekey); | |
| 460 | if (c->pkeys[i].privatekey == NULL) | 435 | c->pkeys[i].privatekey=NULL; |
| 461 | ok=1; | 436 | /* clear error queue */ |
| 462 | else | 437 | ERR_clear_error(); |
| 463 | { | ||
| 464 | if (!X509_check_private_key(x, | ||
| 465 | c->pkeys[i].privatekey)) | ||
| 466 | bad=1; | ||
| 467 | else | ||
| 468 | ok=1; | ||
| 469 | } | ||
| 470 | } | ||
| 471 | else | ||
| 472 | bad=1; | ||
| 473 | } | 438 | } |
| 474 | else | ||
| 475 | ok=1; | ||
| 476 | } /* OPENSSL_NO_RSA */ | ||
| 477 | } | 439 | } |
| 478 | else | ||
| 479 | ok=1; | ||
| 480 | 440 | ||
| 481 | EVP_PKEY_free(pkey); | 441 | EVP_PKEY_free(pkey); |
| 482 | if (bad) | ||
| 483 | { | ||
| 484 | EVP_PKEY_free(c->pkeys[i].privatekey); | ||
| 485 | c->pkeys[i].privatekey=NULL; | ||
| 486 | } | ||
| 487 | 442 | ||
| 488 | if (c->pkeys[i].x509 != NULL) | 443 | if (c->pkeys[i].x509 != NULL) |
| 489 | X509_free(c->pkeys[i].x509); | 444 | X509_free(c->pkeys[i].x509); |
| @@ -545,7 +500,7 @@ end: | |||
| 545 | } | 500 | } |
| 546 | #endif | 501 | #endif |
| 547 | 502 | ||
| 548 | int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, unsigned char *d) | 503 | int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, const unsigned char *d) |
| 549 | { | 504 | { |
| 550 | X509 *x; | 505 | X509 *x; |
| 551 | int ret; | 506 | int ret; |
| @@ -640,7 +595,7 @@ end: | |||
| 640 | } | 595 | } |
| 641 | #endif | 596 | #endif |
| 642 | 597 | ||
| 643 | int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, unsigned char *d, long len) | 598 | int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, const unsigned char *d, long len) |
| 644 | { | 599 | { |
| 645 | int ret; | 600 | int ret; |
| 646 | const unsigned char *p; | 601 | const unsigned char *p; |
| @@ -699,6 +654,11 @@ int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type) | |||
| 699 | pkey=PEM_read_bio_PrivateKey(in,NULL, | 654 | pkey=PEM_read_bio_PrivateKey(in,NULL, |
| 700 | ctx->default_passwd_callback,ctx->default_passwd_callback_userdata); | 655 | ctx->default_passwd_callback,ctx->default_passwd_callback_userdata); |
| 701 | } | 656 | } |
| 657 | else if (type == SSL_FILETYPE_ASN1) | ||
| 658 | { | ||
| 659 | j = ERR_R_ASN1_LIB; | ||
| 660 | pkey = d2i_PrivateKey_bio(in,NULL); | ||
| 661 | } | ||
| 702 | else | 662 | else |
| 703 | { | 663 | { |
| 704 | SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE,SSL_R_BAD_SSL_FILETYPE); | 664 | SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE,SSL_R_BAD_SSL_FILETYPE); |
| @@ -717,11 +677,11 @@ end: | |||
| 717 | } | 677 | } |
| 718 | #endif | 678 | #endif |
| 719 | 679 | ||
| 720 | int SSL_CTX_use_PrivateKey_ASN1(int type, SSL_CTX *ctx, unsigned char *d, | 680 | int SSL_CTX_use_PrivateKey_ASN1(int type, SSL_CTX *ctx, const unsigned char *d, |
| 721 | long len) | 681 | long len) |
| 722 | { | 682 | { |
| 723 | int ret; | 683 | int ret; |
| 724 | unsigned char *p; | 684 | const unsigned char *p; |
| 725 | EVP_PKEY *pkey; | 685 | EVP_PKEY *pkey; |
| 726 | 686 | ||
| 727 | p=d; | 687 | p=d; |
| @@ -748,6 +708,8 @@ int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file) | |||
| 748 | int ret=0; | 708 | int ret=0; |
| 749 | X509 *x=NULL; | 709 | X509 *x=NULL; |
| 750 | 710 | ||
| 711 | ERR_clear_error(); /* clear error stack for SSL_CTX_use_certificate() */ | ||
| 712 | |||
| 751 | in=BIO_new(BIO_s_file_internal()); | 713 | in=BIO_new(BIO_s_file_internal()); |
| 752 | if (in == NULL) | 714 | if (in == NULL) |
| 753 | { | 715 | { |
diff --git a/src/lib/libssl/src/ssl/ssl_sess.c b/src/lib/libssl/src/ssl/ssl_sess.c index 2ba8b9612e..ee88be2b88 100644 --- a/src/lib/libssl/src/ssl/ssl_sess.c +++ b/src/lib/libssl/src/ssl/ssl_sess.c | |||
| @@ -122,10 +122,20 @@ SSL_SESSION *SSL_SESSION_new(void) | |||
| 122 | ss->prev=NULL; | 122 | ss->prev=NULL; |
| 123 | ss->next=NULL; | 123 | ss->next=NULL; |
| 124 | ss->compress_meth=0; | 124 | ss->compress_meth=0; |
| 125 | #ifndef OPENSSL_NO_TLSEXT | ||
| 126 | ss->tlsext_hostname = NULL; | ||
| 127 | #endif | ||
| 125 | CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->ex_data); | 128 | CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->ex_data); |
| 126 | return(ss); | 129 | return(ss); |
| 127 | } | 130 | } |
| 128 | 131 | ||
| 132 | const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s, unsigned int *len) | ||
| 133 | { | ||
| 134 | if(len) | ||
| 135 | *len = s->session_id_length; | ||
| 136 | return s->session_id; | ||
| 137 | } | ||
| 138 | |||
| 129 | /* Even with SSLv2, we have 16 bytes (128 bits) of session ID space. SSLv3/TLSv1 | 139 | /* Even with SSLv2, we have 16 bytes (128 bits) of session ID space. SSLv3/TLSv1 |
| 130 | * has 32 bytes (256 bits). As such, filling the ID with random gunk repeatedly | 140 | * has 32 bytes (256 bits). As such, filling the ID with random gunk repeatedly |
| 131 | * until we have no conflict is going to complete in one iteration pretty much | 141 | * until we have no conflict is going to complete in one iteration pretty much |
| @@ -141,7 +151,7 @@ static int def_generate_session_id(const SSL *ssl, unsigned char *id, | |||
| 141 | { | 151 | { |
| 142 | unsigned int retry = 0; | 152 | unsigned int retry = 0; |
| 143 | do | 153 | do |
| 144 | if(RAND_pseudo_bytes(id, *id_len) <= 0) | 154 | if (RAND_pseudo_bytes(id, *id_len) <= 0) |
| 145 | return 0; | 155 | return 0; |
| 146 | while(SSL_has_matching_session_id(ssl, id, *id_len) && | 156 | while(SSL_has_matching_session_id(ssl, id, *id_len) && |
| 147 | (++retry < MAX_SESS_ID_ATTEMPTS)); | 157 | (++retry < MAX_SESS_ID_ATTEMPTS)); |
| @@ -198,12 +208,25 @@ int ssl_get_new_session(SSL *s, int session) | |||
| 198 | ss->ssl_version=TLS1_VERSION; | 208 | ss->ssl_version=TLS1_VERSION; |
| 199 | ss->session_id_length=SSL3_SSL_SESSION_ID_LENGTH; | 209 | ss->session_id_length=SSL3_SSL_SESSION_ID_LENGTH; |
| 200 | } | 210 | } |
| 211 | else if (s->version == DTLS1_VERSION) | ||
| 212 | { | ||
| 213 | ss->ssl_version=DTLS1_VERSION; | ||
| 214 | ss->session_id_length=SSL3_SSL_SESSION_ID_LENGTH; | ||
| 215 | } | ||
| 201 | else | 216 | else |
| 202 | { | 217 | { |
| 203 | SSLerr(SSL_F_SSL_GET_NEW_SESSION,SSL_R_UNSUPPORTED_SSL_VERSION); | 218 | SSLerr(SSL_F_SSL_GET_NEW_SESSION,SSL_R_UNSUPPORTED_SSL_VERSION); |
| 204 | SSL_SESSION_free(ss); | 219 | SSL_SESSION_free(ss); |
| 205 | return(0); | 220 | return(0); |
| 206 | } | 221 | } |
| 222 | #ifndef OPENSSL_NO_TLSEXT | ||
| 223 | /* If RFC4507 ticket use empty session ID */ | ||
| 224 | if (s->tlsext_ticket_expected) | ||
| 225 | { | ||
| 226 | ss->session_id_length = 0; | ||
| 227 | goto sess_id_done; | ||
| 228 | } | ||
| 229 | #endif | ||
| 207 | /* Choose which callback will set the session ID */ | 230 | /* Choose which callback will set the session ID */ |
| 208 | CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX); | 231 | CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX); |
| 209 | if(s->generate_session_id) | 232 | if(s->generate_session_id) |
| @@ -245,6 +268,17 @@ int ssl_get_new_session(SSL *s, int session) | |||
| 245 | SSL_SESSION_free(ss); | 268 | SSL_SESSION_free(ss); |
| 246 | return(0); | 269 | return(0); |
| 247 | } | 270 | } |
| 271 | #ifndef OPENSSL_NO_TLSEXT | ||
| 272 | sess_id_done: | ||
| 273 | if (s->tlsext_hostname) { | ||
| 274 | ss->tlsext_hostname = BUF_strdup(s->tlsext_hostname); | ||
| 275 | if (ss->tlsext_hostname == NULL) { | ||
| 276 | SSLerr(SSL_F_SSL_GET_NEW_SESSION, ERR_R_INTERNAL_ERROR); | ||
| 277 | SSL_SESSION_free(ss); | ||
| 278 | return 0; | ||
| 279 | } | ||
| 280 | } | ||
| 281 | #endif | ||
| 248 | } | 282 | } |
| 249 | else | 283 | else |
| 250 | { | 284 | { |
| @@ -266,21 +300,41 @@ int ssl_get_new_session(SSL *s, int session) | |||
| 266 | return(1); | 300 | return(1); |
| 267 | } | 301 | } |
| 268 | 302 | ||
| 269 | int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len) | 303 | int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len, |
| 304 | const unsigned char *limit) | ||
| 270 | { | 305 | { |
| 271 | /* This is used only by servers. */ | 306 | /* This is used only by servers. */ |
| 272 | 307 | ||
| 273 | SSL_SESSION *ret=NULL,data; | 308 | SSL_SESSION *ret=NULL; |
| 274 | int fatal = 0; | 309 | int fatal = 0; |
| 275 | 310 | #ifndef OPENSSL_NO_TLSEXT | |
| 276 | data.ssl_version=s->version; | 311 | int r; |
| 277 | data.session_id_length=len; | 312 | #endif |
| 313 | |||
| 278 | if (len > SSL_MAX_SSL_SESSION_ID_LENGTH) | 314 | if (len > SSL_MAX_SSL_SESSION_ID_LENGTH) |
| 279 | goto err; | 315 | goto err; |
| 280 | memcpy(data.session_id,session_id,len); | 316 | #ifndef OPENSSL_NO_TLSEXT |
| 281 | 317 | r = tls1_process_ticket(s, session_id, len, limit, &ret); | |
| 318 | if (r == -1) | ||
| 319 | { | ||
| 320 | fatal = 1; | ||
| 321 | goto err; | ||
| 322 | } | ||
| 323 | else if (r == 0 || (!ret && !len)) | ||
| 324 | goto err; | ||
| 325 | else if (!ret && !(s->session_ctx->session_cache_mode & SSL_SESS_CACHE_NO_INTERNAL_LOOKUP)) | ||
| 326 | #else | ||
| 327 | if (len == 0) | ||
| 328 | goto err; | ||
| 282 | if (!(s->ctx->session_cache_mode & SSL_SESS_CACHE_NO_INTERNAL_LOOKUP)) | 329 | if (!(s->ctx->session_cache_mode & SSL_SESS_CACHE_NO_INTERNAL_LOOKUP)) |
| 330 | #endif | ||
| 283 | { | 331 | { |
| 332 | SSL_SESSION data; | ||
| 333 | data.ssl_version=s->version; | ||
| 334 | data.session_id_length=len; | ||
| 335 | if (len == 0) | ||
| 336 | return 0; | ||
| 337 | memcpy(data.session_id,session_id,len); | ||
| 284 | CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX); | 338 | CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX); |
| 285 | ret=(SSL_SESSION *)lh_retrieve(s->ctx->sessions,&data); | 339 | ret=(SSL_SESSION *)lh_retrieve(s->ctx->sessions,&data); |
| 286 | if (ret != NULL) | 340 | if (ret != NULL) |
| @@ -322,33 +376,35 @@ int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len) | |||
| 322 | 376 | ||
| 323 | /* Now ret is non-NULL, and we own one of its reference counts. */ | 377 | /* Now ret is non-NULL, and we own one of its reference counts. */ |
| 324 | 378 | ||
| 325 | if((s->verify_mode&SSL_VERIFY_PEER) | 379 | if (ret->sid_ctx_length != s->sid_ctx_length |
| 326 | && (!s->sid_ctx_length || ret->sid_ctx_length != s->sid_ctx_length | 380 | || memcmp(ret->sid_ctx,s->sid_ctx,ret->sid_ctx_length)) |
| 327 | || memcmp(ret->sid_ctx,s->sid_ctx,ret->sid_ctx_length))) | 381 | { |
| 328 | { | ||
| 329 | /* We've found the session named by the client, but we don't | 382 | /* We've found the session named by the client, but we don't |
| 330 | * want to use it in this context. */ | 383 | * want to use it in this context. */ |
| 331 | |||
| 332 | if (s->sid_ctx_length == 0) | ||
| 333 | { | ||
| 334 | /* application should have used SSL[_CTX]_set_session_id_context | ||
| 335 | * -- we could tolerate this and just pretend we never heard | ||
| 336 | * of this session, but then applications could effectively | ||
| 337 | * disable the session cache by accident without anyone noticing */ | ||
| 338 | 384 | ||
| 339 | SSLerr(SSL_F_SSL_GET_PREV_SESSION,SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED); | ||
| 340 | fatal = 1; | ||
| 341 | goto err; | ||
| 342 | } | ||
| 343 | else | ||
| 344 | { | ||
| 345 | #if 0 /* The client cannot always know when a session is not appropriate, | 385 | #if 0 /* The client cannot always know when a session is not appropriate, |
| 346 | * so we shouldn't generate an error message. */ | 386 | * so we shouldn't generate an error message. */ |
| 347 | 387 | ||
| 348 | SSLerr(SSL_F_SSL_GET_PREV_SESSION,SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT); | 388 | SSLerr(SSL_F_SSL_GET_PREV_SESSION,SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT); |
| 349 | #endif | 389 | #endif |
| 350 | goto err; /* treat like cache miss */ | 390 | goto err; /* treat like cache miss */ |
| 351 | } | 391 | } |
| 392 | |||
| 393 | if((s->verify_mode & SSL_VERIFY_PEER) && s->sid_ctx_length == 0) | ||
| 394 | { | ||
| 395 | /* We can't be sure if this session is being used out of | ||
| 396 | * context, which is especially important for SSL_VERIFY_PEER. | ||
| 397 | * The application should have used SSL[_CTX]_set_session_id_context. | ||
| 398 | * | ||
| 399 | * For this error case, we generate an error instead of treating | ||
| 400 | * the event like a cache miss (otherwise it would be easy for | ||
| 401 | * applications to effectively disable the session cache by | ||
| 402 | * accident without anyone noticing). | ||
| 403 | */ | ||
| 404 | |||
| 405 | SSLerr(SSL_F_SSL_GET_PREV_SESSION,SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED); | ||
| 406 | fatal = 1; | ||
| 407 | goto err; | ||
| 352 | } | 408 | } |
| 353 | 409 | ||
| 354 | if (ret->cipher == NULL) | 410 | if (ret->cipher == NULL) |
| @@ -534,6 +590,10 @@ void SSL_SESSION_free(SSL_SESSION *ss) | |||
| 534 | if (ss->sess_cert != NULL) ssl_sess_cert_free(ss->sess_cert); | 590 | if (ss->sess_cert != NULL) ssl_sess_cert_free(ss->sess_cert); |
| 535 | if (ss->peer != NULL) X509_free(ss->peer); | 591 | if (ss->peer != NULL) X509_free(ss->peer); |
| 536 | if (ss->ciphers != NULL) sk_SSL_CIPHER_free(ss->ciphers); | 592 | if (ss->ciphers != NULL) sk_SSL_CIPHER_free(ss->ciphers); |
| 593 | #ifndef OPENSSL_NO_TLSEXT | ||
| 594 | if (ss->tlsext_hostname != NULL) OPENSSL_free(ss->tlsext_hostname); | ||
| 595 | if (ss->tlsext_tick != NULL) OPENSSL_free(ss->tlsext_tick); | ||
| 596 | #endif | ||
| 537 | OPENSSL_cleanse(ss,sizeof(*ss)); | 597 | OPENSSL_cleanse(ss,sizeof(*ss)); |
| 538 | OPENSSL_free(ss); | 598 | OPENSSL_free(ss); |
| 539 | } | 599 | } |
| @@ -568,7 +628,7 @@ int SSL_set_session(SSL *s, SSL_SESSION *session) | |||
| 568 | if (s->kssl_ctx && !s->kssl_ctx->client_princ && | 628 | if (s->kssl_ctx && !s->kssl_ctx->client_princ && |
| 569 | session->krb5_client_princ_len > 0) | 629 | session->krb5_client_princ_len > 0) |
| 570 | { | 630 | { |
| 571 | s->kssl_ctx->client_princ = (char *)malloc(session->krb5_client_princ_len + 1); | 631 | s->kssl_ctx->client_princ = (char *)OPENSSL_malloc(session->krb5_client_princ_len + 1); |
| 572 | memcpy(s->kssl_ctx->client_princ,session->krb5_client_princ, | 632 | memcpy(s->kssl_ctx->client_princ,session->krb5_client_princ, |
| 573 | session->krb5_client_princ_len); | 633 | session->krb5_client_princ_len); |
| 574 | s->kssl_ctx->client_princ[session->krb5_client_princ_len] = '\0'; | 634 | s->kssl_ctx->client_princ[session->krb5_client_princ_len] = '\0'; |
| @@ -753,3 +813,72 @@ static void SSL_SESSION_list_add(SSL_CTX *ctx, SSL_SESSION *s) | |||
| 753 | } | 813 | } |
| 754 | } | 814 | } |
| 755 | 815 | ||
| 816 | void SSL_CTX_sess_set_new_cb(SSL_CTX *ctx, | ||
| 817 | int (*cb)(struct ssl_st *ssl,SSL_SESSION *sess)) | ||
| 818 | { | ||
| 819 | ctx->new_session_cb=cb; | ||
| 820 | } | ||
| 821 | |||
| 822 | int (*SSL_CTX_sess_get_new_cb(SSL_CTX *ctx))(SSL *ssl, SSL_SESSION *sess) | ||
| 823 | { | ||
| 824 | return ctx->new_session_cb; | ||
| 825 | } | ||
| 826 | |||
| 827 | void SSL_CTX_sess_set_remove_cb(SSL_CTX *ctx, | ||
| 828 | void (*cb)(SSL_CTX *ctx,SSL_SESSION *sess)) | ||
| 829 | { | ||
| 830 | ctx->remove_session_cb=cb; | ||
| 831 | } | ||
| 832 | |||
| 833 | void (*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx))(SSL_CTX * ctx,SSL_SESSION *sess) | ||
| 834 | { | ||
| 835 | return ctx->remove_session_cb; | ||
| 836 | } | ||
| 837 | |||
| 838 | void SSL_CTX_sess_set_get_cb(SSL_CTX *ctx, | ||
| 839 | SSL_SESSION *(*cb)(struct ssl_st *ssl, | ||
| 840 | unsigned char *data,int len,int *copy)) | ||
| 841 | { | ||
| 842 | ctx->get_session_cb=cb; | ||
| 843 | } | ||
| 844 | |||
| 845 | SSL_SESSION * (*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx))(SSL *ssl, | ||
| 846 | unsigned char *data,int len,int *copy) | ||
| 847 | { | ||
| 848 | return ctx->get_session_cb; | ||
| 849 | } | ||
| 850 | |||
| 851 | void SSL_CTX_set_info_callback(SSL_CTX *ctx, | ||
| 852 | void (*cb)(const SSL *ssl,int type,int val)) | ||
| 853 | { | ||
| 854 | ctx->info_callback=cb; | ||
| 855 | } | ||
| 856 | |||
| 857 | void (*SSL_CTX_get_info_callback(SSL_CTX *ctx))(const SSL *ssl,int type,int val) | ||
| 858 | { | ||
| 859 | return ctx->info_callback; | ||
| 860 | } | ||
| 861 | |||
| 862 | void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx, | ||
| 863 | int (*cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey)) | ||
| 864 | { | ||
| 865 | ctx->client_cert_cb=cb; | ||
| 866 | } | ||
| 867 | |||
| 868 | int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx))(SSL * ssl, X509 ** x509 , EVP_PKEY **pkey) | ||
| 869 | { | ||
| 870 | return ctx->client_cert_cb; | ||
| 871 | } | ||
| 872 | |||
| 873 | void SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx, | ||
| 874 | int (*cb)(SSL *ssl, unsigned char *cookie, unsigned int *cookie_len)) | ||
| 875 | { | ||
| 876 | ctx->app_gen_cookie_cb=cb; | ||
| 877 | } | ||
| 878 | |||
| 879 | void SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx, | ||
| 880 | int (*cb)(SSL *ssl, unsigned char *cookie, unsigned int cookie_len)) | ||
| 881 | { | ||
| 882 | ctx->app_verify_cookie_cb=cb; | ||
| 883 | } | ||
| 884 | |||
diff --git a/src/lib/libssl/src/ssl/ssl_stat.c b/src/lib/libssl/src/ssl/ssl_stat.c index b16d253081..73b02509d4 100644 --- a/src/lib/libssl/src/ssl/ssl_stat.c +++ b/src/lib/libssl/src/ssl/ssl_stat.c | |||
| @@ -127,6 +127,8 @@ case SSL3_ST_CR_KEY_EXCH_A: str="SSLv3 read server key exchange A"; break; | |||
| 127 | case SSL3_ST_CR_KEY_EXCH_B: str="SSLv3 read server key exchange B"; break; | 127 | case SSL3_ST_CR_KEY_EXCH_B: str="SSLv3 read server key exchange B"; break; |
| 128 | case SSL3_ST_CR_CERT_REQ_A: str="SSLv3 read server certificate request A"; break; | 128 | case SSL3_ST_CR_CERT_REQ_A: str="SSLv3 read server certificate request A"; break; |
| 129 | case SSL3_ST_CR_CERT_REQ_B: str="SSLv3 read server certificate request B"; break; | 129 | case SSL3_ST_CR_CERT_REQ_B: str="SSLv3 read server certificate request B"; break; |
| 130 | case SSL3_ST_CR_SESSION_TICKET_A: str="SSLv3 read server session ticket A";break; | ||
| 131 | case SSL3_ST_CR_SESSION_TICKET_B: str="SSLv3 read server session ticket B";break; | ||
| 130 | case SSL3_ST_CR_SRVR_DONE_A: str="SSLv3 read server done A"; break; | 132 | case SSL3_ST_CR_SRVR_DONE_A: str="SSLv3 read server done A"; break; |
| 131 | case SSL3_ST_CR_SRVR_DONE_B: str="SSLv3 read server done B"; break; | 133 | case SSL3_ST_CR_SRVR_DONE_B: str="SSLv3 read server done B"; break; |
| 132 | case SSL3_ST_CW_CERT_A: str="SSLv3 write client certificate A"; break; | 134 | case SSL3_ST_CW_CERT_A: str="SSLv3 write client certificate A"; break; |
| @@ -172,6 +174,8 @@ case SSL3_ST_SW_KEY_EXCH_A: str="SSLv3 write key exchange A"; break; | |||
| 172 | case SSL3_ST_SW_KEY_EXCH_B: str="SSLv3 write key exchange B"; break; | 174 | case SSL3_ST_SW_KEY_EXCH_B: str="SSLv3 write key exchange B"; break; |
| 173 | case SSL3_ST_SW_CERT_REQ_A: str="SSLv3 write certificate request A"; break; | 175 | case SSL3_ST_SW_CERT_REQ_A: str="SSLv3 write certificate request A"; break; |
| 174 | case SSL3_ST_SW_CERT_REQ_B: str="SSLv3 write certificate request B"; break; | 176 | case SSL3_ST_SW_CERT_REQ_B: str="SSLv3 write certificate request B"; break; |
| 177 | case SSL3_ST_SW_SESSION_TICKET_A: str="SSLv3 write session ticket A"; break; | ||
| 178 | case SSL3_ST_SW_SESSION_TICKET_B: str="SSLv3 write session ticket B"; break; | ||
| 175 | case SSL3_ST_SW_SRVR_DONE_A: str="SSLv3 write server done A"; break; | 179 | case SSL3_ST_SW_SRVR_DONE_A: str="SSLv3 write server done A"; break; |
| 176 | case SSL3_ST_SW_SRVR_DONE_B: str="SSLv3 write server done B"; break; | 180 | case SSL3_ST_SW_SRVR_DONE_B: str="SSLv3 write server done B"; break; |
| 177 | case SSL3_ST_SR_CERT_A: str="SSLv3 read client certificate A"; break; | 181 | case SSL3_ST_SR_CERT_A: str="SSLv3 read client certificate A"; break; |
diff --git a/src/lib/libssl/src/ssl/ssl_txt.c b/src/lib/libssl/src/ssl/ssl_txt.c index 8655a31333..06b86750fd 100644 --- a/src/lib/libssl/src/ssl/ssl_txt.c +++ b/src/lib/libssl/src/ssl/ssl_txt.c | |||
| @@ -81,7 +81,7 @@ int SSL_SESSION_print_fp(FILE *fp, const SSL_SESSION *x) | |||
| 81 | int SSL_SESSION_print(BIO *bp, const SSL_SESSION *x) | 81 | int SSL_SESSION_print(BIO *bp, const SSL_SESSION *x) |
| 82 | { | 82 | { |
| 83 | unsigned int i; | 83 | unsigned int i; |
| 84 | char *s; | 84 | const char *s; |
| 85 | 85 | ||
| 86 | if (x == NULL) goto err; | 86 | if (x == NULL) goto err; |
| 87 | if (BIO_puts(bp,"SSL-Session:\n") <= 0) goto err; | 87 | if (BIO_puts(bp,"SSL-Session:\n") <= 0) goto err; |
| @@ -151,9 +151,25 @@ int SSL_SESSION_print(BIO *bp, const SSL_SESSION *x) | |||
| 151 | if (BIO_printf(bp,"%02X",x->krb5_client_princ[i]) <= 0) goto err; | 151 | if (BIO_printf(bp,"%02X",x->krb5_client_princ[i]) <= 0) goto err; |
| 152 | } | 152 | } |
| 153 | #endif /* OPENSSL_NO_KRB5 */ | 153 | #endif /* OPENSSL_NO_KRB5 */ |
| 154 | #ifndef OPENSSL_NO_TLSEXT | ||
| 155 | if (x->tlsext_tick_lifetime_hint) | ||
| 156 | { | ||
| 157 | if (BIO_printf(bp, | ||
| 158 | "\n TLS session ticket lifetime hint: %ld (seconds)", | ||
| 159 | x->tlsext_tick_lifetime_hint) <=0) | ||
| 160 | goto err; | ||
| 161 | } | ||
| 162 | if (x->tlsext_tick) | ||
| 163 | { | ||
| 164 | if (BIO_puts(bp, "\n TLS session ticket:\n") <= 0) goto err; | ||
| 165 | if (BIO_dump_indent(bp, (char *)x->tlsext_tick, x->tlsext_ticklen, 4) <= 0) | ||
| 166 | goto err; | ||
| 167 | } | ||
| 168 | #endif | ||
| 169 | #ifndef OPENSSL_NO_COMP | ||
| 154 | if (x->compress_meth != 0) | 170 | if (x->compress_meth != 0) |
| 155 | { | 171 | { |
| 156 | SSL_COMP *comp; | 172 | SSL_COMP *comp = NULL; |
| 157 | 173 | ||
| 158 | ssl_cipher_get_evp(x,NULL,NULL,&comp); | 174 | ssl_cipher_get_evp(x,NULL,NULL,&comp); |
| 159 | if (comp == NULL) | 175 | if (comp == NULL) |
| @@ -165,6 +181,7 @@ int SSL_SESSION_print(BIO *bp, const SSL_SESSION *x) | |||
| 165 | if (BIO_printf(bp,"\n Compression: %d (%s)", comp->id,comp->method->name) <= 0) goto err; | 181 | if (BIO_printf(bp,"\n Compression: %d (%s)", comp->id,comp->method->name) <= 0) goto err; |
| 166 | } | 182 | } |
| 167 | } | 183 | } |
| 184 | #endif | ||
| 168 | if (x->time != 0L) | 185 | if (x->time != 0L) |
| 169 | { | 186 | { |
| 170 | if (BIO_printf(bp, "\n Start Time: %ld",x->time) <= 0) goto err; | 187 | if (BIO_printf(bp, "\n Start Time: %ld",x->time) <= 0) goto err; |
diff --git a/src/lib/libssl/src/ssl/ssltest.c b/src/lib/libssl/src/ssl/ssltest.c index 9381c435d5..e786b428cd 100644 --- a/src/lib/libssl/src/ssl/ssltest.c +++ b/src/lib/libssl/src/ssl/ssltest.c | |||
| @@ -108,6 +108,11 @@ | |||
| 108 | * Hudson (tjh@cryptsoft.com). | 108 | * Hudson (tjh@cryptsoft.com). |
| 109 | * | 109 | * |
| 110 | */ | 110 | */ |
| 111 | /* ==================================================================== | ||
| 112 | * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. | ||
| 113 | * ECC cipher suite support in OpenSSL originally developed by | ||
| 114 | * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. | ||
| 115 | */ | ||
| 111 | 116 | ||
| 112 | #define _BSD_SOURCE 1 /* Or gethostname won't be declared properly | 117 | #define _BSD_SOURCE 1 /* Or gethostname won't be declared properly |
| 113 | on Linux and GNU platforms. */ | 118 | on Linux and GNU platforms. */ |
| @@ -140,7 +145,16 @@ | |||
| 140 | #endif | 145 | #endif |
| 141 | #include <openssl/err.h> | 146 | #include <openssl/err.h> |
| 142 | #include <openssl/rand.h> | 147 | #include <openssl/rand.h> |
| 143 | #include <openssl/fips.h> | 148 | #ifndef OPENSSL_NO_RSA |
| 149 | #include <openssl/rsa.h> | ||
| 150 | #endif | ||
| 151 | #ifndef OPENSSL_NO_DSA | ||
| 152 | #include <openssl/dsa.h> | ||
| 153 | #endif | ||
| 154 | #ifndef OPENSSL_NO_DH | ||
| 155 | #include <openssl/dh.h> | ||
| 156 | #endif | ||
| 157 | #include <openssl/bn.h> | ||
| 144 | 158 | ||
| 145 | #define _XOPEN_SOURCE_EXTENDED 1 /* Or gethostname won't be declared properly | 159 | #define _XOPEN_SOURCE_EXTENDED 1 /* Or gethostname won't be declared properly |
| 146 | on Compaq platforms (at least with DEC C). | 160 | on Compaq platforms (at least with DEC C). |
| @@ -160,6 +174,9 @@ | |||
| 160 | #elif defined(OPENSSL_SYS_WINCE) | 174 | #elif defined(OPENSSL_SYS_WINCE) |
| 161 | # define TEST_SERVER_CERT "\\OpenSSL\\server.pem" | 175 | # define TEST_SERVER_CERT "\\OpenSSL\\server.pem" |
| 162 | # define TEST_CLIENT_CERT "\\OpenSSL\\client.pem" | 176 | # define TEST_CLIENT_CERT "\\OpenSSL\\client.pem" |
| 177 | #elif defined(OPENSSL_SYS_NETWARE) | ||
| 178 | # define TEST_SERVER_CERT "\\openssl\\apps\\server.pem" | ||
| 179 | # define TEST_CLIENT_CERT "\\openssl\\apps\\client.pem" | ||
| 163 | #else | 180 | #else |
| 164 | # define TEST_SERVER_CERT "../apps/server.pem" | 181 | # define TEST_SERVER_CERT "../apps/server.pem" |
| 165 | # define TEST_CLIENT_CERT "../apps/client.pem" | 182 | # define TEST_CLIENT_CERT "../apps/client.pem" |
| @@ -167,8 +184,8 @@ | |||
| 167 | 184 | ||
| 168 | /* There is really no standard for this, so let's assign some tentative | 185 | /* There is really no standard for this, so let's assign some tentative |
| 169 | numbers. In any case, these numbers are only for this test */ | 186 | numbers. In any case, these numbers are only for this test */ |
| 170 | #define COMP_RLE 1 | 187 | #define COMP_RLE 255 |
| 171 | #define COMP_ZLIB 2 | 188 | #define COMP_ZLIB 1 |
| 172 | 189 | ||
| 173 | static int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx); | 190 | static int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx); |
| 174 | #ifndef OPENSSL_NO_RSA | 191 | #ifndef OPENSSL_NO_RSA |
| @@ -209,13 +226,11 @@ static const char rnd_seed[] = "string to make the random number generator think | |||
| 209 | 226 | ||
| 210 | int doit_biopair(SSL *s_ssl,SSL *c_ssl,long bytes,clock_t *s_time,clock_t *c_time); | 227 | int doit_biopair(SSL *s_ssl,SSL *c_ssl,long bytes,clock_t *s_time,clock_t *c_time); |
| 211 | int doit(SSL *s_ssl,SSL *c_ssl,long bytes); | 228 | int doit(SSL *s_ssl,SSL *c_ssl,long bytes); |
| 229 | static int do_test_cipherlist(void); | ||
| 212 | static void sv_usage(void) | 230 | static void sv_usage(void) |
| 213 | { | 231 | { |
| 214 | fprintf(stderr,"usage: ssltest [args ...]\n"); | 232 | fprintf(stderr,"usage: ssltest [args ...]\n"); |
| 215 | fprintf(stderr,"\n"); | 233 | fprintf(stderr,"\n"); |
| 216 | #ifdef OPENSSL_FIPS | ||
| 217 | fprintf(stderr,"-F - run test in FIPS mode\n"); | ||
| 218 | #endif | ||
| 219 | fprintf(stderr," -server_auth - check server certificate\n"); | 234 | fprintf(stderr," -server_auth - check server certificate\n"); |
| 220 | fprintf(stderr," -client_auth - do client authentication\n"); | 235 | fprintf(stderr," -client_auth - do client authentication\n"); |
| 221 | fprintf(stderr," -proxy - allow proxy certificates\n"); | 236 | fprintf(stderr," -proxy - allow proxy certificates\n"); |
| @@ -231,6 +246,9 @@ static void sv_usage(void) | |||
| 231 | fprintf(stderr," -dhe1024dsa - use 1024 bit key (with 160-bit subprime) for DHE\n"); | 246 | fprintf(stderr," -dhe1024dsa - use 1024 bit key (with 160-bit subprime) for DHE\n"); |
| 232 | fprintf(stderr," -no_dhe - disable DHE\n"); | 247 | fprintf(stderr," -no_dhe - disable DHE\n"); |
| 233 | #endif | 248 | #endif |
| 249 | #ifndef OPENSSL_NO_ECDH | ||
| 250 | fprintf(stderr," -no_ecdhe - disable ECDHE\n"); | ||
| 251 | #endif | ||
| 234 | #ifndef OPENSSL_NO_SSL2 | 252 | #ifndef OPENSSL_NO_SSL2 |
| 235 | fprintf(stderr," -ssl2 - use SSLv2\n"); | 253 | fprintf(stderr," -ssl2 - use SSLv2\n"); |
| 236 | #endif | 254 | #endif |
| @@ -251,7 +269,13 @@ static void sv_usage(void) | |||
| 251 | fprintf(stderr," -f - Test even cases that can't work\n"); | 269 | fprintf(stderr," -f - Test even cases that can't work\n"); |
| 252 | fprintf(stderr," -time - measure processor time used by client and server\n"); | 270 | fprintf(stderr," -time - measure processor time used by client and server\n"); |
| 253 | fprintf(stderr," -zlib - use zlib compression\n"); | 271 | fprintf(stderr," -zlib - use zlib compression\n"); |
| 254 | fprintf(stderr," -time - use rle compression\n"); | 272 | fprintf(stderr," -rle - use rle compression\n"); |
| 273 | #ifndef OPENSSL_NO_ECDH | ||
| 274 | fprintf(stderr," -named_curve arg - Elliptic curve name to use for ephemeral ECDH keys.\n" \ | ||
| 275 | " Use \"openssl ecparam -list_curves\" for all names\n" \ | ||
| 276 | " (default is sect163r2).\n"); | ||
| 277 | #endif | ||
| 278 | fprintf(stderr," -test_cipherlist - verifies the order of the ssl cipher lists\n"); | ||
| 255 | } | 279 | } |
| 256 | 280 | ||
| 257 | static void print_details(SSL *c_ssl, const char *prefix) | 281 | static void print_details(SSL *c_ssl, const char *prefix) |
| @@ -361,6 +385,7 @@ static void lock_dbg_cb(int mode, int type, const char *file, int line) | |||
| 361 | } | 385 | } |
| 362 | } | 386 | } |
| 363 | 387 | ||
| 388 | |||
| 364 | int main(int argc, char *argv[]) | 389 | int main(int argc, char *argv[]) |
| 365 | { | 390 | { |
| 366 | char *CApath=NULL,*CAfile=NULL; | 391 | char *CApath=NULL,*CAfile=NULL; |
| @@ -376,24 +401,32 @@ int main(int argc, char *argv[]) | |||
| 376 | char *server_key=NULL; | 401 | char *server_key=NULL; |
| 377 | char *client_cert=TEST_CLIENT_CERT; | 402 | char *client_cert=TEST_CLIENT_CERT; |
| 378 | char *client_key=NULL; | 403 | char *client_key=NULL; |
| 404 | #ifndef OPENSSL_NO_ECDH | ||
| 405 | char *named_curve = NULL; | ||
| 406 | #endif | ||
| 379 | SSL_CTX *s_ctx=NULL; | 407 | SSL_CTX *s_ctx=NULL; |
| 380 | SSL_CTX *c_ctx=NULL; | 408 | SSL_CTX *c_ctx=NULL; |
| 381 | SSL_METHOD *meth=NULL; | 409 | SSL_METHOD *meth=NULL; |
| 382 | SSL *c_ssl,*s_ssl; | 410 | SSL *c_ssl,*s_ssl; |
| 383 | int number=1,reuse=0; | 411 | int number=1,reuse=0; |
| 384 | long bytes=1L; | 412 | long bytes=256L; |
| 385 | #ifndef OPENSSL_NO_DH | 413 | #ifndef OPENSSL_NO_DH |
| 386 | DH *dh; | 414 | DH *dh; |
| 387 | int dhe1024 = 0, dhe1024dsa = 0; | 415 | int dhe1024 = 0, dhe1024dsa = 0; |
| 388 | #endif | 416 | #endif |
| 417 | #ifndef OPENSSL_NO_ECDH | ||
| 418 | EC_KEY *ecdh = NULL; | ||
| 419 | #endif | ||
| 389 | int no_dhe = 0; | 420 | int no_dhe = 0; |
| 421 | int no_ecdhe = 0; | ||
| 390 | int print_time = 0; | 422 | int print_time = 0; |
| 391 | clock_t s_time = 0, c_time = 0; | 423 | clock_t s_time = 0, c_time = 0; |
| 392 | int comp = 0; | 424 | int comp = 0; |
| 425 | #ifndef OPENSSL_NO_COMP | ||
| 393 | COMP_METHOD *cm = NULL; | 426 | COMP_METHOD *cm = NULL; |
| 394 | #ifdef OPENSSL_FIPS | ||
| 395 | int fips_mode=0; | ||
| 396 | #endif | 427 | #endif |
| 428 | STACK_OF(SSL_COMP) *ssl_comp_methods = NULL; | ||
| 429 | int test_cipherlist = 0; | ||
| 397 | 430 | ||
| 398 | verbose = 0; | 431 | verbose = 0; |
| 399 | debug = 0; | 432 | debug = 0; |
| @@ -425,16 +458,7 @@ int main(int argc, char *argv[]) | |||
| 425 | 458 | ||
| 426 | while (argc >= 1) | 459 | while (argc >= 1) |
| 427 | { | 460 | { |
| 428 | if(!strcmp(*argv,"-F")) | 461 | if (strcmp(*argv,"-server_auth") == 0) |
| 429 | { | ||
| 430 | #ifdef OPENSSL_FIPS | ||
| 431 | fips_mode=1; | ||
| 432 | #else | ||
| 433 | fprintf(stderr,"not compiled with FIPS support, so exitting without running.\n"); | ||
| 434 | EXIT(0); | ||
| 435 | #endif | ||
| 436 | } | ||
| 437 | else if (strcmp(*argv,"-server_auth") == 0) | ||
| 438 | server_auth=1; | 462 | server_auth=1; |
| 439 | else if (strcmp(*argv,"-client_auth") == 0) | 463 | else if (strcmp(*argv,"-client_auth") == 0) |
| 440 | client_auth=1; | 464 | client_auth=1; |
| @@ -472,6 +496,8 @@ int main(int argc, char *argv[]) | |||
| 472 | } | 496 | } |
| 473 | else if (strcmp(*argv,"-no_dhe") == 0) | 497 | else if (strcmp(*argv,"-no_dhe") == 0) |
| 474 | no_dhe=1; | 498 | no_dhe=1; |
| 499 | else if (strcmp(*argv,"-no_ecdhe") == 0) | ||
| 500 | no_ecdhe=1; | ||
| 475 | else if (strcmp(*argv,"-ssl2") == 0) | 501 | else if (strcmp(*argv,"-ssl2") == 0) |
| 476 | ssl2=1; | 502 | ssl2=1; |
| 477 | else if (strcmp(*argv,"-tls1") == 0) | 503 | else if (strcmp(*argv,"-tls1") == 0) |
| @@ -558,6 +584,16 @@ int main(int argc, char *argv[]) | |||
| 558 | { | 584 | { |
| 559 | comp = COMP_RLE; | 585 | comp = COMP_RLE; |
| 560 | } | 586 | } |
| 587 | else if (strcmp(*argv,"-named_curve") == 0) | ||
| 588 | { | ||
| 589 | if (--argc < 1) goto bad; | ||
| 590 | #ifndef OPENSSL_NO_ECDH | ||
| 591 | named_curve = *(++argv); | ||
| 592 | #else | ||
| 593 | fprintf(stderr,"ignoring -named_curve, since I'm compiled without ECDH\n"); | ||
| 594 | ++argv; | ||
| 595 | #endif | ||
| 596 | } | ||
| 561 | else if (strcmp(*argv,"-app_verify") == 0) | 597 | else if (strcmp(*argv,"-app_verify") == 0) |
| 562 | { | 598 | { |
| 563 | app_verify_arg.app_verify = 1; | 599 | app_verify_arg.app_verify = 1; |
| @@ -566,6 +602,10 @@ int main(int argc, char *argv[]) | |||
| 566 | { | 602 | { |
| 567 | app_verify_arg.allow_proxy_certs = 1; | 603 | app_verify_arg.allow_proxy_certs = 1; |
| 568 | } | 604 | } |
| 605 | else if (strcmp(*argv,"-test_cipherlist") == 0) | ||
| 606 | { | ||
| 607 | test_cipherlist = 1; | ||
| 608 | } | ||
| 569 | else | 609 | else |
| 570 | { | 610 | { |
| 571 | fprintf(stderr,"unknown option %s\n",*argv); | 611 | fprintf(stderr,"unknown option %s\n",*argv); |
| @@ -582,6 +622,14 @@ bad: | |||
| 582 | goto end; | 622 | goto end; |
| 583 | } | 623 | } |
| 584 | 624 | ||
| 625 | if (test_cipherlist == 1) | ||
| 626 | { | ||
| 627 | /* ensure that the cipher list are correctly sorted and exit */ | ||
| 628 | if (do_test_cipherlist() == 0) | ||
| 629 | EXIT(1); | ||
| 630 | ret = 0; | ||
| 631 | goto end; | ||
| 632 | } | ||
| 585 | 633 | ||
| 586 | if (!ssl2 && !ssl3 && !tls1 && number > 1 && !reuse && !force) | 634 | if (!ssl2 && !ssl3 && !tls1 && number > 1 && !reuse && !force) |
| 587 | { | 635 | { |
| @@ -592,20 +640,6 @@ bad: | |||
| 592 | EXIT(1); | 640 | EXIT(1); |
| 593 | } | 641 | } |
| 594 | 642 | ||
| 595 | #ifdef OPENSSL_FIPS | ||
| 596 | if(fips_mode) | ||
| 597 | { | ||
| 598 | if(!FIPS_mode_set(1)) | ||
| 599 | { | ||
| 600 | ERR_load_crypto_strings(); | ||
| 601 | ERR_print_errors(BIO_new_fp(stderr,BIO_NOCLOSE)); | ||
| 602 | EXIT(1); | ||
| 603 | } | ||
| 604 | else | ||
| 605 | fprintf(stderr,"*** IN FIPS MODE ***\n"); | ||
| 606 | } | ||
| 607 | #endif | ||
| 608 | |||
| 609 | if (print_time) | 643 | if (print_time) |
| 610 | { | 644 | { |
| 611 | if (!bio_pair) | 645 | if (!bio_pair) |
| @@ -622,6 +656,7 @@ bad: | |||
| 622 | SSL_library_init(); | 656 | SSL_library_init(); |
| 623 | SSL_load_error_strings(); | 657 | SSL_load_error_strings(); |
| 624 | 658 | ||
| 659 | #ifndef OPENSSL_NO_COMP | ||
| 625 | if (comp == COMP_ZLIB) cm = COMP_zlib(); | 660 | if (comp == COMP_ZLIB) cm = COMP_zlib(); |
| 626 | if (comp == COMP_RLE) cm = COMP_rle(); | 661 | if (comp == COMP_RLE) cm = COMP_rle(); |
| 627 | if (cm != NULL) | 662 | if (cm != NULL) |
| @@ -645,6 +680,20 @@ bad: | |||
| 645 | ERR_print_errors_fp(stderr); | 680 | ERR_print_errors_fp(stderr); |
| 646 | } | 681 | } |
| 647 | } | 682 | } |
| 683 | ssl_comp_methods = SSL_COMP_get_compression_methods(); | ||
| 684 | fprintf(stderr, "Available compression methods:\n"); | ||
| 685 | { | ||
| 686 | int j, n = sk_SSL_COMP_num(ssl_comp_methods); | ||
| 687 | if (n == 0) | ||
| 688 | fprintf(stderr, " NONE\n"); | ||
| 689 | else | ||
| 690 | for (j = 0; j < n; j++) | ||
| 691 | { | ||
| 692 | SSL_COMP *c = sk_SSL_COMP_value(ssl_comp_methods, j); | ||
| 693 | fprintf(stderr, " %d: %s\n", c->id, c->name); | ||
| 694 | } | ||
| 695 | } | ||
| 696 | #endif | ||
| 648 | 697 | ||
| 649 | #if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3) | 698 | #if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3) |
| 650 | if (ssl2) | 699 | if (ssl2) |
| @@ -699,6 +748,38 @@ bad: | |||
| 699 | (void)no_dhe; | 748 | (void)no_dhe; |
| 700 | #endif | 749 | #endif |
| 701 | 750 | ||
| 751 | #ifndef OPENSSL_NO_ECDH | ||
| 752 | if (!no_ecdhe) | ||
| 753 | { | ||
| 754 | int nid; | ||
| 755 | |||
| 756 | if (named_curve != NULL) | ||
| 757 | { | ||
| 758 | nid = OBJ_sn2nid(named_curve); | ||
| 759 | if (nid == 0) | ||
| 760 | { | ||
| 761 | BIO_printf(bio_err, "unknown curve name (%s)\n", named_curve); | ||
| 762 | goto end; | ||
| 763 | } | ||
| 764 | } | ||
| 765 | else | ||
| 766 | nid = NID_sect163r2; | ||
| 767 | |||
| 768 | ecdh = EC_KEY_new_by_curve_name(nid); | ||
| 769 | if (ecdh == NULL) | ||
| 770 | { | ||
| 771 | BIO_printf(bio_err, "unable to create curve\n"); | ||
| 772 | goto end; | ||
| 773 | } | ||
| 774 | |||
| 775 | SSL_CTX_set_tmp_ecdh(s_ctx, ecdh); | ||
| 776 | SSL_CTX_set_options(s_ctx, SSL_OP_SINGLE_ECDH_USE); | ||
| 777 | EC_KEY_free(ecdh); | ||
| 778 | } | ||
| 779 | #else | ||
| 780 | (void)no_ecdhe; | ||
| 781 | #endif | ||
| 782 | |||
| 702 | #ifndef OPENSSL_NO_RSA | 783 | #ifndef OPENSSL_NO_RSA |
| 703 | SSL_CTX_set_tmp_rsa_callback(s_ctx,tmp_rsa_cb); | 784 | SSL_CTX_set_tmp_rsa_callback(s_ctx,tmp_rsa_cb); |
| 704 | #endif | 785 | #endif |
| @@ -835,6 +916,7 @@ end: | |||
| 835 | CRYPTO_mem_leaks(bio_err); | 916 | CRYPTO_mem_leaks(bio_err); |
| 836 | if (bio_err != NULL) BIO_free(bio_err); | 917 | if (bio_err != NULL) BIO_free(bio_err); |
| 837 | EXIT(ret); | 918 | EXIT(ret); |
| 919 | return ret; | ||
| 838 | } | 920 | } |
| 839 | 921 | ||
| 840 | int doit_biopair(SSL *s_ssl, SSL *c_ssl, long count, | 922 | int doit_biopair(SSL *s_ssl, SSL *c_ssl, long count, |
| @@ -1325,8 +1407,8 @@ int doit(SSL *s_ssl, SSL *c_ssl, long count) | |||
| 1325 | { | 1407 | { |
| 1326 | if (c_write) | 1408 | if (c_write) |
| 1327 | { | 1409 | { |
| 1328 | j=(cw_num > (long)sizeof(cbuf)) | 1410 | j = (cw_num > (long)sizeof(cbuf)) ? |
| 1329 | ?sizeof(cbuf):(int)cw_num; | 1411 | (int)sizeof(cbuf) : (int)cw_num; |
| 1330 | i=BIO_write(c_bio,cbuf,j); | 1412 | i=BIO_write(c_bio,cbuf,j); |
| 1331 | if (i < 0) | 1413 | if (i < 0) |
| 1332 | { | 1414 | { |
| @@ -1456,8 +1538,8 @@ int doit(SSL *s_ssl, SSL *c_ssl, long count) | |||
| 1456 | } | 1538 | } |
| 1457 | else | 1539 | else |
| 1458 | { | 1540 | { |
| 1459 | j=(sw_num > (long)sizeof(sbuf))? | 1541 | j = (sw_num > (long)sizeof(sbuf)) ? |
| 1460 | sizeof(sbuf):(int)sw_num; | 1542 | (int)sizeof(sbuf) : (int)sw_num; |
| 1461 | i=BIO_write(s_bio,sbuf,j); | 1543 | i=BIO_write(s_bio,sbuf,j); |
| 1462 | if (i < 0) | 1544 | if (i < 0) |
| 1463 | { | 1545 | { |
| @@ -1644,7 +1726,7 @@ static int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx) | |||
| 1644 | fprintf(stderr, " Certificate proxy rights = %*.*s", i, i, s); | 1726 | fprintf(stderr, " Certificate proxy rights = %*.*s", i, i, s); |
| 1645 | while(i-- > 0) | 1727 | while(i-- > 0) |
| 1646 | { | 1728 | { |
| 1647 | char c = *s++; | 1729 | int c = *s++; |
| 1648 | if (isascii(c) && isalpha(c)) | 1730 | if (isascii(c) && isalpha(c)) |
| 1649 | { | 1731 | { |
| 1650 | if (islower(c)) | 1732 | if (islower(c)) |
| @@ -1705,11 +1787,11 @@ static int process_proxy_cond_adders(unsigned int letters[26], | |||
| 1705 | static int process_proxy_cond_val(unsigned int letters[26], | 1787 | static int process_proxy_cond_val(unsigned int letters[26], |
| 1706 | const char *cond, const char **cond_end, int *pos, int indent) | 1788 | const char *cond, const char **cond_end, int *pos, int indent) |
| 1707 | { | 1789 | { |
| 1708 | char c; | 1790 | int c; |
| 1709 | int ok = 1; | 1791 | int ok = 1; |
| 1710 | int negate = 0; | 1792 | int negate = 0; |
| 1711 | 1793 | ||
| 1712 | while(isspace(*cond)) | 1794 | while(isspace((int)*cond)) |
| 1713 | { | 1795 | { |
| 1714 | cond++; (*pos)++; | 1796 | cond++; (*pos)++; |
| 1715 | } | 1797 | } |
| @@ -1724,7 +1806,7 @@ static int process_proxy_cond_val(unsigned int letters[26], | |||
| 1724 | { | 1806 | { |
| 1725 | negate = !negate; | 1807 | negate = !negate; |
| 1726 | cond++; (*pos)++; | 1808 | cond++; (*pos)++; |
| 1727 | while(isspace(*cond)) | 1809 | while(isspace((int)*cond)) |
| 1728 | { | 1810 | { |
| 1729 | cond++; (*pos)++; | 1811 | cond++; (*pos)++; |
| 1730 | } | 1812 | } |
| @@ -1739,7 +1821,7 @@ static int process_proxy_cond_val(unsigned int letters[26], | |||
| 1739 | cond = *cond_end; | 1821 | cond = *cond_end; |
| 1740 | if (ok < 0) | 1822 | if (ok < 0) |
| 1741 | goto end; | 1823 | goto end; |
| 1742 | while(isspace(*cond)) | 1824 | while(isspace((int)*cond)) |
| 1743 | { | 1825 | { |
| 1744 | cond++; (*pos)++; | 1826 | cond++; (*pos)++; |
| 1745 | } | 1827 | } |
| @@ -1799,7 +1881,7 @@ static int process_proxy_cond_multipliers(unsigned int letters[26], | |||
| 1799 | 1881 | ||
| 1800 | while(ok >= 0) | 1882 | while(ok >= 0) |
| 1801 | { | 1883 | { |
| 1802 | while(isspace(*cond)) | 1884 | while(isspace((int)*cond)) |
| 1803 | { | 1885 | { |
| 1804 | cond++; (*pos)++; | 1886 | cond++; (*pos)++; |
| 1805 | } | 1887 | } |
| @@ -1866,7 +1948,7 @@ static int process_proxy_cond_adders(unsigned int letters[26], | |||
| 1866 | 1948 | ||
| 1867 | while(ok >= 0) | 1949 | while(ok >= 0) |
| 1868 | { | 1950 | { |
| 1869 | while(isspace(*cond)) | 1951 | while(isspace((int)*cond)) |
| 1870 | { | 1952 | { |
| 1871 | cond++; (*pos)++; | 1953 | cond++; (*pos)++; |
| 1872 | } | 1954 | } |
| @@ -1949,7 +2031,7 @@ static int MS_CALLBACK app_verify_callback(X509_STORE_CTX *ctx, void *arg) | |||
| 1949 | letters[i] = 0; | 2031 | letters[i] = 0; |
| 1950 | for(sp = cb_arg->proxy_auth; *sp; sp++) | 2032 | for(sp = cb_arg->proxy_auth; *sp; sp++) |
| 1951 | { | 2033 | { |
| 1952 | char c = *sp; | 2034 | int c = *sp; |
| 1953 | if (isascii(c) && isalpha(c)) | 2035 | if (isascii(c) && isalpha(c)) |
| 1954 | { | 2036 | { |
| 1955 | if (islower(c)) | 2037 | if (islower(c)) |
| @@ -1979,7 +2061,15 @@ static int MS_CALLBACK app_verify_callback(X509_STORE_CTX *ctx, void *arg) | |||
| 1979 | } | 2061 | } |
| 1980 | 2062 | ||
| 1981 | #ifndef OPENSSL_NO_X509_VERIFY | 2063 | #ifndef OPENSSL_NO_X509_VERIFY |
| 2064 | # ifdef OPENSSL_FIPS | ||
| 2065 | if(s->version == TLS1_VERSION) | ||
| 2066 | FIPS_allow_md5(1); | ||
| 2067 | # endif | ||
| 1982 | ok = X509_verify_cert(ctx); | 2068 | ok = X509_verify_cert(ctx); |
| 2069 | # ifdef OPENSSL_FIPS | ||
| 2070 | if(s->version == TLS1_VERSION) | ||
| 2071 | FIPS_allow_md5(0); | ||
| 2072 | # endif | ||
| 1983 | #endif | 2073 | #endif |
| 1984 | 2074 | ||
| 1985 | if (cb_arg->proxy_auth) | 2075 | if (cb_arg->proxy_auth) |
| @@ -2014,14 +2104,29 @@ static RSA *rsa_tmp=NULL; | |||
| 2014 | 2104 | ||
| 2015 | static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int is_export, int keylength) | 2105 | static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int is_export, int keylength) |
| 2016 | { | 2106 | { |
| 2107 | BIGNUM *bn = NULL; | ||
| 2017 | if (rsa_tmp == NULL) | 2108 | if (rsa_tmp == NULL) |
| 2018 | { | 2109 | { |
| 2110 | bn = BN_new(); | ||
| 2111 | rsa_tmp = RSA_new(); | ||
| 2112 | if(!bn || !rsa_tmp || !BN_set_word(bn, RSA_F4)) | ||
| 2113 | { | ||
| 2114 | BIO_printf(bio_err, "Memory error..."); | ||
| 2115 | goto end; | ||
| 2116 | } | ||
| 2019 | BIO_printf(bio_err,"Generating temp (%d bit) RSA key...",keylength); | 2117 | BIO_printf(bio_err,"Generating temp (%d bit) RSA key...",keylength); |
| 2020 | (void)BIO_flush(bio_err); | 2118 | (void)BIO_flush(bio_err); |
| 2021 | rsa_tmp=RSA_generate_key(keylength,RSA_F4,NULL,NULL); | 2119 | if(!RSA_generate_key_ex(rsa_tmp,keylength,bn,NULL)) |
| 2120 | { | ||
| 2121 | BIO_printf(bio_err, "Error generating key."); | ||
| 2122 | RSA_free(rsa_tmp); | ||
| 2123 | rsa_tmp = NULL; | ||
| 2124 | } | ||
| 2125 | end: | ||
| 2022 | BIO_printf(bio_err,"\n"); | 2126 | BIO_printf(bio_err,"\n"); |
| 2023 | (void)BIO_flush(bio_err); | 2127 | (void)BIO_flush(bio_err); |
| 2024 | } | 2128 | } |
| 2129 | if(bn) BN_free(bn); | ||
| 2025 | return(rsa_tmp); | 2130 | return(rsa_tmp); |
| 2026 | } | 2131 | } |
| 2027 | 2132 | ||
| @@ -2132,3 +2237,60 @@ static DH *get_dh1024dsa() | |||
| 2132 | return(dh); | 2237 | return(dh); |
| 2133 | } | 2238 | } |
| 2134 | #endif | 2239 | #endif |
| 2240 | |||
| 2241 | static int do_test_cipherlist(void) | ||
| 2242 | { | ||
| 2243 | int i = 0; | ||
| 2244 | const SSL_METHOD *meth; | ||
| 2245 | SSL_CIPHER *ci, *tci = NULL; | ||
| 2246 | |||
| 2247 | #ifndef OPENSSL_NO_SSL2 | ||
| 2248 | fprintf(stderr, "testing SSLv2 cipher list order: "); | ||
| 2249 | meth = SSLv2_method(); | ||
| 2250 | while ((ci = meth->get_cipher(i++)) != NULL) | ||
| 2251 | { | ||
| 2252 | if (tci != NULL) | ||
| 2253 | if (ci->id >= tci->id) | ||
| 2254 | { | ||
| 2255 | fprintf(stderr, "failed %lx vs. %lx\n", ci->id, tci->id); | ||
| 2256 | return 0; | ||
| 2257 | } | ||
| 2258 | tci = ci; | ||
| 2259 | } | ||
| 2260 | fprintf(stderr, "ok\n"); | ||
| 2261 | #endif | ||
| 2262 | #ifndef OPENSSL_NO_SSL3 | ||
| 2263 | fprintf(stderr, "testing SSLv3 cipher list order: "); | ||
| 2264 | meth = SSLv3_method(); | ||
| 2265 | tci = NULL; | ||
| 2266 | while ((ci = meth->get_cipher(i++)) != NULL) | ||
| 2267 | { | ||
| 2268 | if (tci != NULL) | ||
| 2269 | if (ci->id >= tci->id) | ||
| 2270 | { | ||
| 2271 | fprintf(stderr, "failed %lx vs. %lx\n", ci->id, tci->id); | ||
| 2272 | return 0; | ||
| 2273 | } | ||
| 2274 | tci = ci; | ||
| 2275 | } | ||
| 2276 | fprintf(stderr, "ok\n"); | ||
| 2277 | #endif | ||
| 2278 | #ifndef OPENSSL_NO_TLS1 | ||
| 2279 | fprintf(stderr, "testing TLSv1 cipher list order: "); | ||
| 2280 | meth = TLSv1_method(); | ||
| 2281 | tci = NULL; | ||
| 2282 | while ((ci = meth->get_cipher(i++)) != NULL) | ||
| 2283 | { | ||
| 2284 | if (tci != NULL) | ||
| 2285 | if (ci->id >= tci->id) | ||
| 2286 | { | ||
| 2287 | fprintf(stderr, "failed %lx vs. %lx\n", ci->id, tci->id); | ||
| 2288 | return 0; | ||
| 2289 | } | ||
| 2290 | tci = ci; | ||
| 2291 | } | ||
| 2292 | fprintf(stderr, "ok\n"); | ||
| 2293 | #endif | ||
| 2294 | |||
| 2295 | return 1; | ||
| 2296 | } | ||
diff --git a/src/lib/libssl/src/ssl/t1_clnt.c b/src/lib/libssl/src/ssl/t1_clnt.c index 57205fb429..4d1e198cdc 100644 --- a/src/lib/libssl/src/ssl/t1_clnt.c +++ b/src/lib/libssl/src/ssl/t1_clnt.c | |||
| @@ -72,26 +72,8 @@ static SSL_METHOD *tls1_get_client_method(int ver) | |||
| 72 | return(NULL); | 72 | return(NULL); |
| 73 | } | 73 | } |
| 74 | 74 | ||
| 75 | SSL_METHOD *TLSv1_client_method(void) | 75 | IMPLEMENT_tls1_meth_func(TLSv1_client_method, |
| 76 | { | 76 | ssl_undefined_function, |
| 77 | static int init=1; | 77 | ssl3_connect, |
| 78 | static SSL_METHOD TLSv1_client_data; | 78 | tls1_get_client_method) |
| 79 | |||
| 80 | if (init) | ||
| 81 | { | ||
| 82 | CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD); | ||
| 83 | |||
| 84 | if (init) | ||
| 85 | { | ||
| 86 | memcpy((char *)&TLSv1_client_data,(char *)tlsv1_base_method(), | ||
| 87 | sizeof(SSL_METHOD)); | ||
| 88 | TLSv1_client_data.ssl_connect=ssl3_connect; | ||
| 89 | TLSv1_client_data.get_ssl_method=tls1_get_client_method; | ||
| 90 | init=0; | ||
| 91 | } | ||
| 92 | |||
| 93 | CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD); | ||
| 94 | } | ||
| 95 | return(&TLSv1_client_data); | ||
| 96 | } | ||
| 97 | 79 | ||
diff --git a/src/lib/libssl/src/ssl/t1_enc.c b/src/lib/libssl/src/ssl/t1_enc.c index 2c6246abf5..ed5a4a7255 100644 --- a/src/lib/libssl/src/ssl/t1_enc.c +++ b/src/lib/libssl/src/ssl/t1_enc.c | |||
| @@ -115,7 +115,6 @@ | |||
| 115 | #include <openssl/evp.h> | 115 | #include <openssl/evp.h> |
| 116 | #include <openssl/hmac.h> | 116 | #include <openssl/hmac.h> |
| 117 | #include <openssl/md5.h> | 117 | #include <openssl/md5.h> |
| 118 | #include <openssl/fips.h> | ||
| 119 | 118 | ||
| 120 | static void tls1_P_hash(const EVP_MD *md, const unsigned char *sec, | 119 | static void tls1_P_hash(const EVP_MD *md, const unsigned char *sec, |
| 121 | int sec_len, unsigned char *seed, int seed_len, | 120 | int sec_len, unsigned char *seed, int seed_len, |
| @@ -132,8 +131,6 @@ static void tls1_P_hash(const EVP_MD *md, const unsigned char *sec, | |||
| 132 | 131 | ||
| 133 | HMAC_CTX_init(&ctx); | 132 | HMAC_CTX_init(&ctx); |
| 134 | HMAC_CTX_init(&ctx_tmp); | 133 | HMAC_CTX_init(&ctx_tmp); |
| 135 | HMAC_CTX_set_flags(&ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); | ||
| 136 | HMAC_CTX_set_flags(&ctx_tmp, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); | ||
| 137 | HMAC_Init_ex(&ctx,sec,sec_len,md, NULL); | 134 | HMAC_Init_ex(&ctx,sec,sec_len,md, NULL); |
| 138 | HMAC_Init_ex(&ctx_tmp,sec,sec_len,md, NULL); | 135 | HMAC_Init_ex(&ctx_tmp,sec,sec_len,md, NULL); |
| 139 | HMAC_Update(&ctx,seed,seed_len); | 136 | HMAC_Update(&ctx,seed,seed_len); |
| @@ -180,6 +177,7 @@ static void tls1_PRF(const EVP_MD *md5, const EVP_MD *sha1, | |||
| 180 | S2= &(sec[len]); | 177 | S2= &(sec[len]); |
| 181 | len+=(slen&1); /* add for odd, make longer */ | 178 | len+=(slen&1); /* add for odd, make longer */ |
| 182 | 179 | ||
| 180 | |||
| 183 | tls1_P_hash(md5 ,S1,len,label,label_len,out1,olen); | 181 | tls1_P_hash(md5 ,S1,len,label,label_len,out1,olen); |
| 184 | tls1_P_hash(sha1,S2,len,label,label_len,out2,olen); | 182 | tls1_P_hash(sha1,S2,len,label,label_len,out2,olen); |
| 185 | 183 | ||
| @@ -233,7 +231,9 @@ int tls1_change_cipher_state(SSL *s, int which) | |||
| 233 | int client_write; | 231 | int client_write; |
| 234 | EVP_CIPHER_CTX *dd; | 232 | EVP_CIPHER_CTX *dd; |
| 235 | const EVP_CIPHER *c; | 233 | const EVP_CIPHER *c; |
| 234 | #ifndef OPENSSL_NO_COMP | ||
| 236 | const SSL_COMP *comp; | 235 | const SSL_COMP *comp; |
| 236 | #endif | ||
| 237 | const EVP_MD *m; | 237 | const EVP_MD *m; |
| 238 | int is_export,n,i,j,k,exp_label_len,cl; | 238 | int is_export,n,i,j,k,exp_label_len,cl; |
| 239 | int reuse_dd = 0; | 239 | int reuse_dd = 0; |
| @@ -241,7 +241,9 @@ int tls1_change_cipher_state(SSL *s, int which) | |||
| 241 | is_export=SSL_C_IS_EXPORT(s->s3->tmp.new_cipher); | 241 | is_export=SSL_C_IS_EXPORT(s->s3->tmp.new_cipher); |
| 242 | c=s->s3->tmp.new_sym_enc; | 242 | c=s->s3->tmp.new_sym_enc; |
| 243 | m=s->s3->tmp.new_hash; | 243 | m=s->s3->tmp.new_hash; |
| 244 | #ifndef OPENSSL_NO_COMP | ||
| 244 | comp=s->s3->tmp.new_compression; | 245 | comp=s->s3->tmp.new_compression; |
| 246 | #endif | ||
| 245 | key_block=s->s3->tmp.key_block; | 247 | key_block=s->s3->tmp.key_block; |
| 246 | 248 | ||
| 247 | #ifdef KSSL_DEBUG | 249 | #ifdef KSSL_DEBUG |
| @@ -265,8 +267,12 @@ int tls1_change_cipher_state(SSL *s, int which) | |||
| 265 | reuse_dd = 1; | 267 | reuse_dd = 1; |
| 266 | else if ((s->enc_read_ctx=OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL) | 268 | else if ((s->enc_read_ctx=OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL) |
| 267 | goto err; | 269 | goto err; |
| 270 | else | ||
| 271 | /* make sure it's intialized in case we exit later with an error */ | ||
| 272 | EVP_CIPHER_CTX_init(s->enc_read_ctx); | ||
| 268 | dd= s->enc_read_ctx; | 273 | dd= s->enc_read_ctx; |
| 269 | s->read_hash=m; | 274 | s->read_hash=m; |
| 275 | #ifndef OPENSSL_NO_COMP | ||
| 270 | if (s->expand != NULL) | 276 | if (s->expand != NULL) |
| 271 | { | 277 | { |
| 272 | COMP_CTX_free(s->expand); | 278 | COMP_CTX_free(s->expand); |
| @@ -286,7 +292,10 @@ int tls1_change_cipher_state(SSL *s, int which) | |||
| 286 | if (s->s3->rrec.comp == NULL) | 292 | if (s->s3->rrec.comp == NULL) |
| 287 | goto err; | 293 | goto err; |
| 288 | } | 294 | } |
| 289 | memset(&(s->s3->read_sequence[0]),0,8); | 295 | #endif |
| 296 | /* this is done by dtls1_reset_seq_numbers for DTLS1_VERSION */ | ||
| 297 | if (s->version != DTLS1_VERSION) | ||
| 298 | memset(&(s->s3->read_sequence[0]),0,8); | ||
| 290 | mac_secret= &(s->s3->read_mac_secret[0]); | 299 | mac_secret= &(s->s3->read_mac_secret[0]); |
| 291 | } | 300 | } |
| 292 | else | 301 | else |
| @@ -295,12 +304,12 @@ int tls1_change_cipher_state(SSL *s, int which) | |||
| 295 | reuse_dd = 1; | 304 | reuse_dd = 1; |
| 296 | else if ((s->enc_write_ctx=OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL) | 305 | else if ((s->enc_write_ctx=OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL) |
| 297 | goto err; | 306 | goto err; |
| 298 | if ((s->enc_write_ctx == NULL) && | 307 | else |
| 299 | ((s->enc_write_ctx=(EVP_CIPHER_CTX *) | 308 | /* make sure it's intialized in case we exit later with an error */ |
| 300 | OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL)) | 309 | EVP_CIPHER_CTX_init(s->enc_write_ctx); |
| 301 | goto err; | ||
| 302 | dd= s->enc_write_ctx; | 310 | dd= s->enc_write_ctx; |
| 303 | s->write_hash=m; | 311 | s->write_hash=m; |
| 312 | #ifndef OPENSSL_NO_COMP | ||
| 304 | if (s->compress != NULL) | 313 | if (s->compress != NULL) |
| 305 | { | 314 | { |
| 306 | COMP_CTX_free(s->compress); | 315 | COMP_CTX_free(s->compress); |
| @@ -315,13 +324,15 @@ int tls1_change_cipher_state(SSL *s, int which) | |||
| 315 | goto err2; | 324 | goto err2; |
| 316 | } | 325 | } |
| 317 | } | 326 | } |
| 318 | memset(&(s->s3->write_sequence[0]),0,8); | 327 | #endif |
| 328 | /* this is done by dtls1_reset_seq_numbers for DTLS1_VERSION */ | ||
| 329 | if (s->version != DTLS1_VERSION) | ||
| 330 | memset(&(s->s3->write_sequence[0]),0,8); | ||
| 319 | mac_secret= &(s->s3->write_mac_secret[0]); | 331 | mac_secret= &(s->s3->write_mac_secret[0]); |
| 320 | } | 332 | } |
| 321 | 333 | ||
| 322 | if (reuse_dd) | 334 | if (reuse_dd) |
| 323 | EVP_CIPHER_CTX_cleanup(dd); | 335 | EVP_CIPHER_CTX_cleanup(dd); |
| 324 | EVP_CIPHER_CTX_init(dd); | ||
| 325 | 336 | ||
| 326 | p=s->s3->tmp.key_block; | 337 | p=s->s3->tmp.key_block; |
| 327 | i=EVP_MD_size(m); | 338 | i=EVP_MD_size(m); |
| @@ -503,7 +514,7 @@ printf("\nkey block\n"); | |||
| 503 | #endif | 514 | #endif |
| 504 | } | 515 | } |
| 505 | } | 516 | } |
| 506 | 517 | ||
| 507 | return(1); | 518 | return(1); |
| 508 | err: | 519 | err: |
| 509 | SSLerr(SSL_F_TLS1_SETUP_KEY_BLOCK,ERR_R_MALLOC_FAILURE); | 520 | SSLerr(SSL_F_TLS1_SETUP_KEY_BLOCK,ERR_R_MALLOC_FAILURE); |
| @@ -618,7 +629,15 @@ int tls1_enc(SSL *s, int send) | |||
| 618 | { | 629 | { |
| 619 | ii=i=rec->data[l-1]; /* padding_length */ | 630 | ii=i=rec->data[l-1]; /* padding_length */ |
| 620 | i++; | 631 | i++; |
| 621 | if (s->options&SSL_OP_TLS_BLOCK_PADDING_BUG) | 632 | /* NB: if compression is in operation the first packet |
| 633 | * may not be of even length so the padding bug check | ||
| 634 | * cannot be performed. This bug workaround has been | ||
| 635 | * around since SSLeay so hopefully it is either fixed | ||
| 636 | * now or no buggy implementation supports compression | ||
| 637 | * [steve] | ||
| 638 | */ | ||
| 639 | if ( (s->options&SSL_OP_TLS_BLOCK_PADDING_BUG) | ||
| 640 | && !s->expand) | ||
| 622 | { | 641 | { |
| 623 | /* First packet is even in size, so check */ | 642 | /* First packet is even in size, so check */ |
| 624 | if ((memcmp(s->s3->read_sequence, | 643 | if ((memcmp(s->s3->read_sequence, |
| @@ -719,15 +738,35 @@ int tls1_mac(SSL *ssl, unsigned char *md, int send) | |||
| 719 | md_size=EVP_MD_size(hash); | 738 | md_size=EVP_MD_size(hash); |
| 720 | 739 | ||
| 721 | buf[0]=rec->type; | 740 | buf[0]=rec->type; |
| 722 | buf[1]=TLS1_VERSION_MAJOR; | 741 | if (ssl->version == DTLS1_VERSION && ssl->client_version == DTLS1_BAD_VER) |
| 723 | buf[2]=TLS1_VERSION_MINOR; | 742 | { |
| 743 | buf[1]=TLS1_VERSION_MAJOR; | ||
| 744 | buf[2]=TLS1_VERSION_MINOR; | ||
| 745 | } | ||
| 746 | else { | ||
| 747 | buf[1]=(unsigned char)(ssl->version>>8); | ||
| 748 | buf[2]=(unsigned char)(ssl->version); | ||
| 749 | } | ||
| 750 | |||
| 724 | buf[3]=rec->length>>8; | 751 | buf[3]=rec->length>>8; |
| 725 | buf[4]=rec->length&0xff; | 752 | buf[4]=rec->length&0xff; |
| 726 | 753 | ||
| 727 | /* I should fix this up TLS TLS TLS TLS TLS XXXXXXXX */ | 754 | /* I should fix this up TLS TLS TLS TLS TLS XXXXXXXX */ |
| 728 | HMAC_CTX_init(&hmac); | 755 | HMAC_CTX_init(&hmac); |
| 729 | HMAC_Init_ex(&hmac,mac_sec,EVP_MD_size(hash),hash,NULL); | 756 | HMAC_Init_ex(&hmac,mac_sec,EVP_MD_size(hash),hash,NULL); |
| 730 | HMAC_Update(&hmac,seq,8); | 757 | |
| 758 | if (ssl->version == DTLS1_VERSION && ssl->client_version != DTLS1_BAD_VER) | ||
| 759 | { | ||
| 760 | unsigned char dtlsseq[8],*p=dtlsseq; | ||
| 761 | |||
| 762 | s2n(send?ssl->d1->w_epoch:ssl->d1->r_epoch, p); | ||
| 763 | memcpy (p,&seq[2],6); | ||
| 764 | |||
| 765 | HMAC_Update(&hmac,dtlsseq,8); | ||
| 766 | } | ||
| 767 | else | ||
| 768 | HMAC_Update(&hmac,seq,8); | ||
| 769 | |||
| 731 | HMAC_Update(&hmac,buf,5); | 770 | HMAC_Update(&hmac,buf,5); |
| 732 | HMAC_Update(&hmac,rec->input,rec->length); | 771 | HMAC_Update(&hmac,rec->input,rec->length); |
| 733 | HMAC_Final(&hmac,md,&md_size); | 772 | HMAC_Final(&hmac,md,&md_size); |
| @@ -744,10 +783,13 @@ printf("rec="); | |||
| 744 | {unsigned int z; for (z=0; z<rec->length; z++) printf("%02X ",buf[z]); printf("\n"); } | 783 | {unsigned int z; for (z=0; z<rec->length; z++) printf("%02X ",buf[z]); printf("\n"); } |
| 745 | #endif | 784 | #endif |
| 746 | 785 | ||
| 747 | for (i=7; i>=0; i--) | 786 | if ( SSL_version(ssl) != DTLS1_VERSION) |
| 748 | { | 787 | { |
| 749 | ++seq[i]; | 788 | for (i=7; i>=0; i--) |
| 750 | if (seq[i] != 0) break; | 789 | { |
| 790 | ++seq[i]; | ||
| 791 | if (seq[i] != 0) break; | ||
| 792 | } | ||
| 751 | } | 793 | } |
| 752 | 794 | ||
| 753 | #ifdef TLS_DEBUG | 795 | #ifdef TLS_DEBUG |
| @@ -810,6 +852,8 @@ int tls1_alert_code(int code) | |||
| 810 | case SSL_AD_INTERNAL_ERROR: return(TLS1_AD_INTERNAL_ERROR); | 852 | case SSL_AD_INTERNAL_ERROR: return(TLS1_AD_INTERNAL_ERROR); |
| 811 | case SSL_AD_USER_CANCELLED: return(TLS1_AD_USER_CANCELLED); | 853 | case SSL_AD_USER_CANCELLED: return(TLS1_AD_USER_CANCELLED); |
| 812 | case SSL_AD_NO_RENEGOTIATION: return(TLS1_AD_NO_RENEGOTIATION); | 854 | case SSL_AD_NO_RENEGOTIATION: return(TLS1_AD_NO_RENEGOTIATION); |
| 855 | case DTLS1_AD_MISSING_HANDSHAKE_MESSAGE: return | ||
| 856 | (DTLS1_AD_MISSING_HANDSHAKE_MESSAGE); | ||
| 813 | default: return(-1); | 857 | default: return(-1); |
| 814 | } | 858 | } |
| 815 | } | 859 | } |
diff --git a/src/lib/libssl/src/ssl/t1_lib.c b/src/lib/libssl/src/ssl/t1_lib.c index ca6c03d5af..35f04afa4a 100644 --- a/src/lib/libssl/src/ssl/t1_lib.c +++ b/src/lib/libssl/src/ssl/t1_lib.c | |||
| @@ -58,13 +58,20 @@ | |||
| 58 | 58 | ||
| 59 | #include <stdio.h> | 59 | #include <stdio.h> |
| 60 | #include <openssl/objects.h> | 60 | #include <openssl/objects.h> |
| 61 | #include <openssl/evp.h> | ||
| 62 | #include <openssl/hmac.h> | ||
| 63 | #include <openssl/ocsp.h> | ||
| 61 | #include "ssl_locl.h" | 64 | #include "ssl_locl.h" |
| 62 | 65 | ||
| 63 | const char *tls1_version_str="TLSv1" OPENSSL_VERSION_PTEXT; | 66 | const char tls1_version_str[]="TLSv1" OPENSSL_VERSION_PTEXT; |
| 64 | 67 | ||
| 65 | static long tls1_default_timeout(void); | 68 | #ifndef OPENSSL_NO_TLSEXT |
| 69 | static int tls_decrypt_ticket(SSL *s, const unsigned char *tick, int ticklen, | ||
| 70 | const unsigned char *sess_id, int sesslen, | ||
| 71 | SSL_SESSION **psess); | ||
| 72 | #endif | ||
| 66 | 73 | ||
| 67 | static SSL3_ENC_METHOD TLSv1_enc_data={ | 74 | SSL3_ENC_METHOD TLSv1_enc_data={ |
| 68 | tls1_enc, | 75 | tls1_enc, |
| 69 | tls1_mac, | 76 | tls1_mac, |
| 70 | tls1_setup_key_block, | 77 | tls1_setup_key_block, |
| @@ -78,45 +85,17 @@ static SSL3_ENC_METHOD TLSv1_enc_data={ | |||
| 78 | tls1_alert_code, | 85 | tls1_alert_code, |
| 79 | }; | 86 | }; |
| 80 | 87 | ||
| 81 | static SSL_METHOD TLSv1_data= { | 88 | long tls1_default_timeout(void) |
| 82 | TLS1_VERSION, | ||
| 83 | tls1_new, | ||
| 84 | tls1_clear, | ||
| 85 | tls1_free, | ||
| 86 | ssl_undefined_function, | ||
| 87 | ssl_undefined_function, | ||
| 88 | ssl3_read, | ||
| 89 | ssl3_peek, | ||
| 90 | ssl3_write, | ||
| 91 | ssl3_shutdown, | ||
| 92 | ssl3_renegotiate, | ||
| 93 | ssl3_renegotiate_check, | ||
| 94 | ssl3_ctrl, | ||
| 95 | ssl3_ctx_ctrl, | ||
| 96 | ssl3_get_cipher_by_char, | ||
| 97 | ssl3_put_cipher_by_char, | ||
| 98 | ssl3_pending, | ||
| 99 | ssl3_num_ciphers, | ||
| 100 | ssl3_get_cipher, | ||
| 101 | ssl_bad_method, | ||
| 102 | tls1_default_timeout, | ||
| 103 | &TLSv1_enc_data, | ||
| 104 | ssl_undefined_function, | ||
| 105 | ssl3_callback_ctrl, | ||
| 106 | ssl3_ctx_callback_ctrl, | ||
| 107 | }; | ||
| 108 | |||
| 109 | static long tls1_default_timeout(void) | ||
| 110 | { | 89 | { |
| 111 | /* 2 hours, the 24 hours mentioned in the TLSv1 spec | 90 | /* 2 hours, the 24 hours mentioned in the TLSv1 spec |
| 112 | * is way too long for http, the cache would over fill */ | 91 | * is way too long for http, the cache would over fill */ |
| 113 | return(60*60*2); | 92 | return(60*60*2); |
| 114 | } | 93 | } |
| 115 | 94 | ||
| 116 | SSL_METHOD *tlsv1_base_method(void) | 95 | IMPLEMENT_tls1_meth_func(tlsv1_base_method, |
| 117 | { | 96 | ssl_undefined_function, |
| 118 | return(&TLSv1_data); | 97 | ssl_undefined_function, |
| 119 | } | 98 | ssl_bad_method) |
| 120 | 99 | ||
| 121 | int tls1_new(SSL *s) | 100 | int tls1_new(SSL *s) |
| 122 | { | 101 | { |
| @@ -147,3 +126,751 @@ long tls1_callback_ctrl(SSL *s, int cmd, void *(*fp)()) | |||
| 147 | return(0); | 126 | return(0); |
| 148 | } | 127 | } |
| 149 | #endif | 128 | #endif |
| 129 | |||
| 130 | #ifndef OPENSSL_NO_TLSEXT | ||
| 131 | unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned char *limit) | ||
| 132 | { | ||
| 133 | int extdatalen=0; | ||
| 134 | unsigned char *ret = p; | ||
| 135 | |||
| 136 | ret+=2; | ||
| 137 | |||
| 138 | if (ret>=limit) return NULL; /* this really never occurs, but ... */ | ||
| 139 | |||
| 140 | if (s->tlsext_hostname != NULL) | ||
| 141 | { | ||
| 142 | /* Add TLS extension servername to the Client Hello message */ | ||
| 143 | unsigned long size_str; | ||
| 144 | long lenmax; | ||
| 145 | |||
| 146 | /* check for enough space. | ||
| 147 | 4 for the servername type and entension length | ||
| 148 | 2 for servernamelist length | ||
| 149 | 1 for the hostname type | ||
| 150 | 2 for hostname length | ||
| 151 | + hostname length | ||
| 152 | */ | ||
| 153 | |||
| 154 | if ((lenmax = limit - ret - 9) < 0 | ||
| 155 | || (size_str = strlen(s->tlsext_hostname)) > (unsigned long)lenmax) | ||
| 156 | return NULL; | ||
| 157 | |||
| 158 | /* extension type and length */ | ||
| 159 | s2n(TLSEXT_TYPE_server_name,ret); | ||
| 160 | s2n(size_str+5,ret); | ||
| 161 | |||
| 162 | /* length of servername list */ | ||
| 163 | s2n(size_str+3,ret); | ||
| 164 | |||
| 165 | /* hostname type, length and hostname */ | ||
| 166 | *(ret++) = (unsigned char) TLSEXT_NAMETYPE_host_name; | ||
| 167 | s2n(size_str,ret); | ||
| 168 | memcpy(ret, s->tlsext_hostname, size_str); | ||
| 169 | ret+=size_str; | ||
| 170 | |||
| 171 | } | ||
| 172 | |||
| 173 | if (!(SSL_get_options(s) & SSL_OP_NO_TICKET)) | ||
| 174 | { | ||
| 175 | int ticklen; | ||
| 176 | if (s->session && s->session->tlsext_tick) | ||
| 177 | ticklen = s->session->tlsext_ticklen; | ||
| 178 | else | ||
| 179 | ticklen = 0; | ||
| 180 | /* Check for enough room 2 for extension type, 2 for len | ||
| 181 | * rest for ticket | ||
| 182 | */ | ||
| 183 | if (limit - ret - 4 - ticklen < 0) | ||
| 184 | return NULL; | ||
| 185 | s2n(TLSEXT_TYPE_session_ticket,ret); | ||
| 186 | s2n(ticklen,ret); | ||
| 187 | if (ticklen) | ||
| 188 | { | ||
| 189 | memcpy(ret, s->session->tlsext_tick, ticklen); | ||
| 190 | ret += ticklen; | ||
| 191 | } | ||
| 192 | } | ||
| 193 | |||
| 194 | if (s->tlsext_status_type == TLSEXT_STATUSTYPE_ocsp) | ||
| 195 | { | ||
| 196 | int i; | ||
| 197 | long extlen, idlen, itmp; | ||
| 198 | OCSP_RESPID *id; | ||
| 199 | |||
| 200 | idlen = 0; | ||
| 201 | for (i = 0; i < sk_OCSP_RESPID_num(s->tlsext_ocsp_ids); i++) | ||
| 202 | { | ||
| 203 | id = sk_OCSP_RESPID_value(s->tlsext_ocsp_ids, i); | ||
| 204 | itmp = i2d_OCSP_RESPID(id, NULL); | ||
| 205 | if (itmp <= 0) | ||
| 206 | return NULL; | ||
| 207 | idlen += itmp + 2; | ||
| 208 | } | ||
| 209 | |||
| 210 | if (s->tlsext_ocsp_exts) | ||
| 211 | { | ||
| 212 | extlen = i2d_X509_EXTENSIONS(s->tlsext_ocsp_exts, NULL); | ||
| 213 | if (extlen < 0) | ||
| 214 | return NULL; | ||
| 215 | } | ||
| 216 | else | ||
| 217 | extlen = 0; | ||
| 218 | |||
| 219 | if ((long)(limit - ret - 7 - extlen - idlen) < 0) return NULL; | ||
| 220 | s2n(TLSEXT_TYPE_status_request, ret); | ||
| 221 | if (extlen + idlen > 0xFFF0) | ||
| 222 | return NULL; | ||
| 223 | s2n(extlen + idlen + 5, ret); | ||
| 224 | *(ret++) = TLSEXT_STATUSTYPE_ocsp; | ||
| 225 | s2n(idlen, ret); | ||
| 226 | for (i = 0; i < sk_OCSP_RESPID_num(s->tlsext_ocsp_ids); i++) | ||
| 227 | { | ||
| 228 | /* save position of id len */ | ||
| 229 | unsigned char *q = ret; | ||
| 230 | id = sk_OCSP_RESPID_value(s->tlsext_ocsp_ids, i); | ||
| 231 | /* skip over id len */ | ||
| 232 | ret += 2; | ||
| 233 | itmp = i2d_OCSP_RESPID(id, &ret); | ||
| 234 | /* write id len */ | ||
| 235 | s2n(itmp, q); | ||
| 236 | } | ||
| 237 | s2n(extlen, ret); | ||
| 238 | if (extlen > 0) | ||
| 239 | i2d_X509_EXTENSIONS(s->tlsext_ocsp_exts, &ret); | ||
| 240 | } | ||
| 241 | |||
| 242 | if ((extdatalen = ret-p-2)== 0) | ||
| 243 | return p; | ||
| 244 | |||
| 245 | s2n(extdatalen,p); | ||
| 246 | return ret; | ||
| 247 | } | ||
| 248 | |||
| 249 | unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned char *limit) | ||
| 250 | { | ||
| 251 | int extdatalen=0; | ||
| 252 | unsigned char *ret = p; | ||
| 253 | |||
| 254 | ret+=2; | ||
| 255 | if (ret>=limit) return NULL; /* this really never occurs, but ... */ | ||
| 256 | |||
| 257 | if (!s->hit && s->servername_done == 1 && s->session->tlsext_hostname != NULL) | ||
| 258 | { | ||
| 259 | if (limit - ret - 4 < 0) return NULL; | ||
| 260 | |||
| 261 | s2n(TLSEXT_TYPE_server_name,ret); | ||
| 262 | s2n(0,ret); | ||
| 263 | } | ||
| 264 | |||
| 265 | if (s->tlsext_ticket_expected | ||
| 266 | && !(SSL_get_options(s) & SSL_OP_NO_TICKET)) | ||
| 267 | { | ||
| 268 | if (limit - ret - 4 < 0) return NULL; | ||
| 269 | s2n(TLSEXT_TYPE_session_ticket,ret); | ||
| 270 | s2n(0,ret); | ||
| 271 | } | ||
| 272 | |||
| 273 | if (s->tlsext_status_expected) | ||
| 274 | { | ||
| 275 | if ((long)(limit - ret - 4) < 0) return NULL; | ||
| 276 | s2n(TLSEXT_TYPE_status_request,ret); | ||
| 277 | s2n(0,ret); | ||
| 278 | } | ||
| 279 | |||
| 280 | if ((extdatalen = ret-p-2)== 0) | ||
| 281 | return p; | ||
| 282 | |||
| 283 | s2n(extdatalen,p); | ||
| 284 | return ret; | ||
| 285 | } | ||
| 286 | |||
| 287 | int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, int n, int *al) | ||
| 288 | { | ||
| 289 | unsigned short type; | ||
| 290 | unsigned short size; | ||
| 291 | unsigned short len; | ||
| 292 | unsigned char *data = *p; | ||
| 293 | s->servername_done = 0; | ||
| 294 | s->tlsext_status_type = -1; | ||
| 295 | |||
| 296 | if (data >= (d+n-2)) | ||
| 297 | return 1; | ||
| 298 | n2s(data,len); | ||
| 299 | |||
| 300 | if (data > (d+n-len)) | ||
| 301 | return 1; | ||
| 302 | |||
| 303 | while (data <= (d+n-4)) | ||
| 304 | { | ||
| 305 | n2s(data,type); | ||
| 306 | n2s(data,size); | ||
| 307 | |||
| 308 | if (data+size > (d+n)) | ||
| 309 | return 1; | ||
| 310 | |||
| 311 | if (s->tlsext_debug_cb) | ||
| 312 | s->tlsext_debug_cb(s, 0, type, data, size, | ||
| 313 | s->tlsext_debug_arg); | ||
| 314 | /* The servername extension is treated as follows: | ||
| 315 | |||
| 316 | - Only the hostname type is supported with a maximum length of 255. | ||
| 317 | - The servername is rejected if too long or if it contains zeros, | ||
| 318 | in which case an fatal alert is generated. | ||
| 319 | - The servername field is maintained together with the session cache. | ||
| 320 | - When a session is resumed, the servername call back invoked in order | ||
| 321 | to allow the application to position itself to the right context. | ||
| 322 | - The servername is acknowledged if it is new for a session or when | ||
| 323 | it is identical to a previously used for the same session. | ||
| 324 | Applications can control the behaviour. They can at any time | ||
| 325 | set a 'desirable' servername for a new SSL object. This can be the | ||
| 326 | case for example with HTTPS when a Host: header field is received and | ||
| 327 | a renegotiation is requested. In this case, a possible servername | ||
| 328 | presented in the new client hello is only acknowledged if it matches | ||
| 329 | the value of the Host: field. | ||
| 330 | - Applications must use SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION | ||
| 331 | if they provide for changing an explicit servername context for the session, | ||
| 332 | i.e. when the session has been established with a servername extension. | ||
| 333 | - On session reconnect, the servername extension may be absent. | ||
| 334 | |||
| 335 | */ | ||
| 336 | |||
| 337 | if (type == TLSEXT_TYPE_server_name) | ||
| 338 | { | ||
| 339 | unsigned char *sdata; | ||
| 340 | int servname_type; | ||
| 341 | int dsize; | ||
| 342 | |||
| 343 | if (size < 2) | ||
| 344 | { | ||
| 345 | *al = SSL_AD_DECODE_ERROR; | ||
| 346 | return 0; | ||
| 347 | } | ||
| 348 | n2s(data,dsize); | ||
| 349 | size -= 2; | ||
| 350 | if (dsize > size ) | ||
| 351 | { | ||
| 352 | *al = SSL_AD_DECODE_ERROR; | ||
| 353 | return 0; | ||
| 354 | } | ||
| 355 | |||
| 356 | sdata = data; | ||
| 357 | while (dsize > 3) | ||
| 358 | { | ||
| 359 | servname_type = *(sdata++); | ||
| 360 | n2s(sdata,len); | ||
| 361 | dsize -= 3; | ||
| 362 | |||
| 363 | if (len > dsize) | ||
| 364 | { | ||
| 365 | *al = SSL_AD_DECODE_ERROR; | ||
| 366 | return 0; | ||
| 367 | } | ||
| 368 | if (s->servername_done == 0) | ||
| 369 | switch (servname_type) | ||
| 370 | { | ||
| 371 | case TLSEXT_NAMETYPE_host_name: | ||
| 372 | if (s->session->tlsext_hostname == NULL) | ||
| 373 | { | ||
| 374 | if (len > TLSEXT_MAXLEN_host_name || | ||
| 375 | ((s->session->tlsext_hostname = OPENSSL_malloc(len+1)) == NULL)) | ||
| 376 | { | ||
| 377 | *al = TLS1_AD_UNRECOGNIZED_NAME; | ||
| 378 | return 0; | ||
| 379 | } | ||
| 380 | memcpy(s->session->tlsext_hostname, sdata, len); | ||
| 381 | s->session->tlsext_hostname[len]='\0'; | ||
| 382 | if (strlen(s->session->tlsext_hostname) != len) { | ||
| 383 | OPENSSL_free(s->session->tlsext_hostname); | ||
| 384 | s->session->tlsext_hostname = NULL; | ||
| 385 | *al = TLS1_AD_UNRECOGNIZED_NAME; | ||
| 386 | return 0; | ||
| 387 | } | ||
| 388 | s->servername_done = 1; | ||
| 389 | |||
| 390 | } | ||
| 391 | else | ||
| 392 | s->servername_done = strlen(s->session->tlsext_hostname) == len | ||
| 393 | && strncmp(s->session->tlsext_hostname, (char *)sdata, len) == 0; | ||
| 394 | |||
| 395 | break; | ||
| 396 | |||
| 397 | default: | ||
| 398 | break; | ||
| 399 | } | ||
| 400 | |||
| 401 | dsize -= len; | ||
| 402 | } | ||
| 403 | if (dsize != 0) | ||
| 404 | { | ||
| 405 | *al = SSL_AD_DECODE_ERROR; | ||
| 406 | return 0; | ||
| 407 | } | ||
| 408 | |||
| 409 | } | ||
| 410 | else if (type == TLSEXT_TYPE_status_request | ||
| 411 | && s->ctx->tlsext_status_cb) | ||
| 412 | { | ||
| 413 | |||
| 414 | if (size < 5) | ||
| 415 | { | ||
| 416 | *al = SSL_AD_DECODE_ERROR; | ||
| 417 | return 0; | ||
| 418 | } | ||
| 419 | |||
| 420 | s->tlsext_status_type = *data++; | ||
| 421 | size--; | ||
| 422 | if (s->tlsext_status_type == TLSEXT_STATUSTYPE_ocsp) | ||
| 423 | { | ||
| 424 | const unsigned char *sdata; | ||
| 425 | int dsize; | ||
| 426 | /* Read in responder_id_list */ | ||
| 427 | n2s(data,dsize); | ||
| 428 | size -= 2; | ||
| 429 | if (dsize > size ) | ||
| 430 | { | ||
| 431 | *al = SSL_AD_DECODE_ERROR; | ||
| 432 | return 0; | ||
| 433 | } | ||
| 434 | while (dsize > 0) | ||
| 435 | { | ||
| 436 | OCSP_RESPID *id; | ||
| 437 | int idsize; | ||
| 438 | if (dsize < 4) | ||
| 439 | { | ||
| 440 | *al = SSL_AD_DECODE_ERROR; | ||
| 441 | return 0; | ||
| 442 | } | ||
| 443 | n2s(data, idsize); | ||
| 444 | dsize -= 2 + idsize; | ||
| 445 | if (dsize < 0) | ||
| 446 | { | ||
| 447 | *al = SSL_AD_DECODE_ERROR; | ||
| 448 | return 0; | ||
| 449 | } | ||
| 450 | sdata = data; | ||
| 451 | data += idsize; | ||
| 452 | id = d2i_OCSP_RESPID(NULL, | ||
| 453 | &sdata, idsize); | ||
| 454 | if (!id) | ||
| 455 | { | ||
| 456 | *al = SSL_AD_DECODE_ERROR; | ||
| 457 | return 0; | ||
| 458 | } | ||
| 459 | if (data != sdata) | ||
| 460 | { | ||
| 461 | OCSP_RESPID_free(id); | ||
| 462 | *al = SSL_AD_DECODE_ERROR; | ||
| 463 | return 0; | ||
| 464 | } | ||
| 465 | if (!s->tlsext_ocsp_ids | ||
| 466 | && !(s->tlsext_ocsp_ids = | ||
| 467 | sk_OCSP_RESPID_new_null())) | ||
| 468 | { | ||
| 469 | OCSP_RESPID_free(id); | ||
| 470 | *al = SSL_AD_INTERNAL_ERROR; | ||
| 471 | return 0; | ||
| 472 | } | ||
| 473 | if (!sk_OCSP_RESPID_push( | ||
| 474 | s->tlsext_ocsp_ids, id)) | ||
| 475 | { | ||
| 476 | OCSP_RESPID_free(id); | ||
| 477 | *al = SSL_AD_INTERNAL_ERROR; | ||
| 478 | return 0; | ||
| 479 | } | ||
| 480 | } | ||
| 481 | |||
| 482 | /* Read in request_extensions */ | ||
| 483 | n2s(data,dsize); | ||
| 484 | size -= 2; | ||
| 485 | if (dsize > size) | ||
| 486 | { | ||
| 487 | *al = SSL_AD_DECODE_ERROR; | ||
| 488 | return 0; | ||
| 489 | } | ||
| 490 | sdata = data; | ||
| 491 | if (dsize > 0) | ||
| 492 | { | ||
| 493 | s->tlsext_ocsp_exts = | ||
| 494 | d2i_X509_EXTENSIONS(NULL, | ||
| 495 | &sdata, dsize); | ||
| 496 | if (!s->tlsext_ocsp_exts | ||
| 497 | || (data + dsize != sdata)) | ||
| 498 | { | ||
| 499 | *al = SSL_AD_DECODE_ERROR; | ||
| 500 | return 0; | ||
| 501 | } | ||
| 502 | } | ||
| 503 | } | ||
| 504 | /* We don't know what to do with any other type | ||
| 505 | * so ignore it. | ||
| 506 | */ | ||
| 507 | else | ||
| 508 | s->tlsext_status_type = -1; | ||
| 509 | } | ||
| 510 | /* session ticket processed earlier */ | ||
| 511 | |||
| 512 | data+=size; | ||
| 513 | } | ||
| 514 | |||
| 515 | *p = data; | ||
| 516 | return 1; | ||
| 517 | } | ||
| 518 | |||
| 519 | int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d, int n, int *al) | ||
| 520 | { | ||
| 521 | unsigned short type; | ||
| 522 | unsigned short size; | ||
| 523 | unsigned short len; | ||
| 524 | unsigned char *data = *p; | ||
| 525 | |||
| 526 | int tlsext_servername = 0; | ||
| 527 | |||
| 528 | if (data >= (d+n-2)) | ||
| 529 | return 1; | ||
| 530 | |||
| 531 | n2s(data,len); | ||
| 532 | |||
| 533 | while(data <= (d+n-4)) | ||
| 534 | { | ||
| 535 | n2s(data,type); | ||
| 536 | n2s(data,size); | ||
| 537 | |||
| 538 | if (data+size > (d+n)) | ||
| 539 | return 1; | ||
| 540 | |||
| 541 | if (s->tlsext_debug_cb) | ||
| 542 | s->tlsext_debug_cb(s, 1, type, data, size, | ||
| 543 | s->tlsext_debug_arg); | ||
| 544 | |||
| 545 | if (type == TLSEXT_TYPE_server_name) | ||
| 546 | { | ||
| 547 | if (s->tlsext_hostname == NULL || size > 0) | ||
| 548 | { | ||
| 549 | *al = TLS1_AD_UNRECOGNIZED_NAME; | ||
| 550 | return 0; | ||
| 551 | } | ||
| 552 | tlsext_servername = 1; | ||
| 553 | } | ||
| 554 | else if (type == TLSEXT_TYPE_session_ticket) | ||
| 555 | { | ||
| 556 | if ((SSL_get_options(s) & SSL_OP_NO_TICKET) | ||
| 557 | || (size > 0)) | ||
| 558 | { | ||
| 559 | *al = TLS1_AD_UNSUPPORTED_EXTENSION; | ||
| 560 | return 0; | ||
| 561 | } | ||
| 562 | s->tlsext_ticket_expected = 1; | ||
| 563 | } | ||
| 564 | else if (type == TLSEXT_TYPE_status_request) | ||
| 565 | { | ||
| 566 | /* MUST be empty and only sent if we've requested | ||
| 567 | * a status request message. | ||
| 568 | */ | ||
| 569 | if ((s->tlsext_status_type == -1) || (size > 0)) | ||
| 570 | { | ||
| 571 | *al = TLS1_AD_UNSUPPORTED_EXTENSION; | ||
| 572 | return 0; | ||
| 573 | } | ||
| 574 | /* Set flag to expect CertificateStatus message */ | ||
| 575 | s->tlsext_status_expected = 1; | ||
| 576 | } | ||
| 577 | |||
| 578 | data+=size; | ||
| 579 | } | ||
| 580 | |||
| 581 | if (data != d+n) | ||
| 582 | { | ||
| 583 | *al = SSL_AD_DECODE_ERROR; | ||
| 584 | return 0; | ||
| 585 | } | ||
| 586 | |||
| 587 | if (!s->hit && tlsext_servername == 1) | ||
| 588 | { | ||
| 589 | if (s->tlsext_hostname) | ||
| 590 | { | ||
| 591 | if (s->session->tlsext_hostname == NULL) | ||
| 592 | { | ||
| 593 | s->session->tlsext_hostname = BUF_strdup(s->tlsext_hostname); | ||
| 594 | if (!s->session->tlsext_hostname) | ||
| 595 | { | ||
| 596 | *al = SSL_AD_UNRECOGNIZED_NAME; | ||
| 597 | return 0; | ||
| 598 | } | ||
| 599 | } | ||
| 600 | else | ||
| 601 | { | ||
| 602 | *al = SSL_AD_DECODE_ERROR; | ||
| 603 | return 0; | ||
| 604 | } | ||
| 605 | } | ||
| 606 | } | ||
| 607 | |||
| 608 | *p = data; | ||
| 609 | return 1; | ||
| 610 | } | ||
| 611 | |||
| 612 | int ssl_check_clienthello_tlsext(SSL *s) | ||
| 613 | { | ||
| 614 | int ret=SSL_TLSEXT_ERR_NOACK; | ||
| 615 | int al = SSL_AD_UNRECOGNIZED_NAME; | ||
| 616 | |||
| 617 | if (s->ctx != NULL && s->ctx->tlsext_servername_callback != 0) | ||
| 618 | ret = s->ctx->tlsext_servername_callback(s, &al, s->ctx->tlsext_servername_arg); | ||
| 619 | else if (s->initial_ctx != NULL && s->initial_ctx->tlsext_servername_callback != 0) | ||
| 620 | ret = s->initial_ctx->tlsext_servername_callback(s, &al, s->initial_ctx->tlsext_servername_arg); | ||
| 621 | |||
| 622 | /* If status request then ask callback what to do. | ||
| 623 | * Note: this must be called after servername callbacks in case | ||
| 624 | * the certificate has changed. | ||
| 625 | */ | ||
| 626 | if ((s->tlsext_status_type != -1) && s->ctx->tlsext_status_cb) | ||
| 627 | { | ||
| 628 | int r; | ||
| 629 | r = s->ctx->tlsext_status_cb(s, s->ctx->tlsext_status_arg); | ||
| 630 | switch (r) | ||
| 631 | { | ||
| 632 | /* We don't want to send a status request response */ | ||
| 633 | case SSL_TLSEXT_ERR_NOACK: | ||
| 634 | s->tlsext_status_expected = 0; | ||
| 635 | break; | ||
| 636 | /* status request response should be sent */ | ||
| 637 | case SSL_TLSEXT_ERR_OK: | ||
| 638 | if (s->tlsext_ocsp_resp) | ||
| 639 | s->tlsext_status_expected = 1; | ||
| 640 | else | ||
| 641 | s->tlsext_status_expected = 0; | ||
| 642 | break; | ||
| 643 | /* something bad happened */ | ||
| 644 | case SSL_TLSEXT_ERR_ALERT_FATAL: | ||
| 645 | ret = SSL_TLSEXT_ERR_ALERT_FATAL; | ||
| 646 | al = SSL_AD_INTERNAL_ERROR; | ||
| 647 | goto err; | ||
| 648 | } | ||
| 649 | } | ||
| 650 | else | ||
| 651 | s->tlsext_status_expected = 0; | ||
| 652 | err: | ||
| 653 | switch (ret) | ||
| 654 | { | ||
| 655 | case SSL_TLSEXT_ERR_ALERT_FATAL: | ||
| 656 | ssl3_send_alert(s,SSL3_AL_FATAL,al); | ||
| 657 | return -1; | ||
| 658 | |||
| 659 | case SSL_TLSEXT_ERR_ALERT_WARNING: | ||
| 660 | ssl3_send_alert(s,SSL3_AL_WARNING,al); | ||
| 661 | return 1; | ||
| 662 | |||
| 663 | case SSL_TLSEXT_ERR_NOACK: | ||
| 664 | s->servername_done=0; | ||
| 665 | default: | ||
| 666 | return 1; | ||
| 667 | } | ||
| 668 | } | ||
| 669 | |||
| 670 | int ssl_check_serverhello_tlsext(SSL *s) | ||
| 671 | { | ||
| 672 | int ret=SSL_TLSEXT_ERR_NOACK; | ||
| 673 | int al = SSL_AD_UNRECOGNIZED_NAME; | ||
| 674 | |||
| 675 | if (s->ctx != NULL && s->ctx->tlsext_servername_callback != 0) | ||
| 676 | ret = s->ctx->tlsext_servername_callback(s, &al, s->ctx->tlsext_servername_arg); | ||
| 677 | else if (s->initial_ctx != NULL && s->initial_ctx->tlsext_servername_callback != 0) | ||
| 678 | ret = s->initial_ctx->tlsext_servername_callback(s, &al, s->initial_ctx->tlsext_servername_arg); | ||
| 679 | |||
| 680 | /* If we've requested certificate status and we wont get one | ||
| 681 | * tell the callback | ||
| 682 | */ | ||
| 683 | if ((s->tlsext_status_type != -1) && !(s->tlsext_status_expected) | ||
| 684 | && s->ctx->tlsext_status_cb) | ||
| 685 | { | ||
| 686 | int r; | ||
| 687 | /* Set resp to NULL, resplen to -1 so callback knows | ||
| 688 | * there is no response. | ||
| 689 | */ | ||
| 690 | if (s->tlsext_ocsp_resp) | ||
| 691 | { | ||
| 692 | OPENSSL_free(s->tlsext_ocsp_resp); | ||
| 693 | s->tlsext_ocsp_resp = NULL; | ||
| 694 | } | ||
| 695 | s->tlsext_ocsp_resplen = -1; | ||
| 696 | r = s->ctx->tlsext_status_cb(s, s->ctx->tlsext_status_arg); | ||
| 697 | if (r == 0) | ||
| 698 | { | ||
| 699 | al = SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE; | ||
| 700 | ret = SSL_TLSEXT_ERR_ALERT_FATAL; | ||
| 701 | } | ||
| 702 | if (r < 0) | ||
| 703 | { | ||
| 704 | al = SSL_AD_INTERNAL_ERROR; | ||
| 705 | ret = SSL_TLSEXT_ERR_ALERT_FATAL; | ||
| 706 | } | ||
| 707 | } | ||
| 708 | |||
| 709 | switch (ret) | ||
| 710 | { | ||
| 711 | case SSL_TLSEXT_ERR_ALERT_FATAL: | ||
| 712 | ssl3_send_alert(s,SSL3_AL_FATAL,al); | ||
| 713 | return -1; | ||
| 714 | |||
| 715 | case SSL_TLSEXT_ERR_ALERT_WARNING: | ||
| 716 | ssl3_send_alert(s,SSL3_AL_WARNING,al); | ||
| 717 | return 1; | ||
| 718 | |||
| 719 | case SSL_TLSEXT_ERR_NOACK: | ||
| 720 | s->servername_done=0; | ||
| 721 | default: | ||
| 722 | return 1; | ||
| 723 | } | ||
| 724 | } | ||
| 725 | |||
| 726 | /* Since the server cache lookup is done early on in the processing of client | ||
| 727 | * hello and other operations depend on the result we need to handle any TLS | ||
| 728 | * session ticket extension at the same time. | ||
| 729 | */ | ||
| 730 | |||
| 731 | int tls1_process_ticket(SSL *s, unsigned char *session_id, int len, | ||
| 732 | const unsigned char *limit, SSL_SESSION **ret) | ||
| 733 | { | ||
| 734 | /* Point after session ID in client hello */ | ||
| 735 | const unsigned char *p = session_id + len; | ||
| 736 | unsigned short i; | ||
| 737 | if ((s->version <= SSL3_VERSION) || !limit) | ||
| 738 | return 1; | ||
| 739 | if (p >= limit) | ||
| 740 | return -1; | ||
| 741 | /* Skip past cipher list */ | ||
| 742 | n2s(p, i); | ||
| 743 | p+= i; | ||
| 744 | if (p >= limit) | ||
| 745 | return -1; | ||
| 746 | /* Skip past compression algorithm list */ | ||
| 747 | i = *(p++); | ||
| 748 | p += i; | ||
| 749 | if (p > limit) | ||
| 750 | return -1; | ||
| 751 | /* Now at start of extensions */ | ||
| 752 | if ((p + 2) >= limit) | ||
| 753 | return 1; | ||
| 754 | n2s(p, i); | ||
| 755 | while ((p + 4) <= limit) | ||
| 756 | { | ||
| 757 | unsigned short type, size; | ||
| 758 | n2s(p, type); | ||
| 759 | n2s(p, size); | ||
| 760 | if (p + size > limit) | ||
| 761 | return 1; | ||
| 762 | if (type == TLSEXT_TYPE_session_ticket) | ||
| 763 | { | ||
| 764 | /* If tickets disabled indicate cache miss which will | ||
| 765 | * trigger a full handshake | ||
| 766 | */ | ||
| 767 | if (SSL_get_options(s) & SSL_OP_NO_TICKET) | ||
| 768 | return 0; | ||
| 769 | /* If zero length not client will accept a ticket | ||
| 770 | * and indicate cache miss to trigger full handshake | ||
| 771 | */ | ||
| 772 | if (size == 0) | ||
| 773 | { | ||
| 774 | s->tlsext_ticket_expected = 1; | ||
| 775 | return 0; /* Cache miss */ | ||
| 776 | } | ||
| 777 | return tls_decrypt_ticket(s, p, size, session_id, len, | ||
| 778 | ret); | ||
| 779 | } | ||
| 780 | p += size; | ||
| 781 | } | ||
| 782 | return 1; | ||
| 783 | } | ||
| 784 | |||
| 785 | static int tls_decrypt_ticket(SSL *s, const unsigned char *etick, int eticklen, | ||
| 786 | const unsigned char *sess_id, int sesslen, | ||
| 787 | SSL_SESSION **psess) | ||
| 788 | { | ||
| 789 | SSL_SESSION *sess; | ||
| 790 | unsigned char *sdec; | ||
| 791 | const unsigned char *p; | ||
| 792 | int slen, mlen, renew_ticket = 0; | ||
| 793 | unsigned char tick_hmac[EVP_MAX_MD_SIZE]; | ||
| 794 | HMAC_CTX hctx; | ||
| 795 | EVP_CIPHER_CTX ctx; | ||
| 796 | /* Need at least keyname + iv + some encrypted data */ | ||
| 797 | if (eticklen < 48) | ||
| 798 | goto tickerr; | ||
| 799 | /* Initialize session ticket encryption and HMAC contexts */ | ||
| 800 | HMAC_CTX_init(&hctx); | ||
| 801 | EVP_CIPHER_CTX_init(&ctx); | ||
| 802 | if (s->ctx->tlsext_ticket_key_cb) | ||
| 803 | { | ||
| 804 | unsigned char *nctick = (unsigned char *)etick; | ||
| 805 | int rv = s->ctx->tlsext_ticket_key_cb(s, nctick, nctick + 16, | ||
| 806 | &ctx, &hctx, 0); | ||
| 807 | if (rv < 0) | ||
| 808 | return -1; | ||
| 809 | if (rv == 0) | ||
| 810 | goto tickerr; | ||
| 811 | if (rv == 2) | ||
| 812 | renew_ticket = 1; | ||
| 813 | } | ||
| 814 | else | ||
| 815 | { | ||
| 816 | /* Check key name matches */ | ||
| 817 | if (memcmp(etick, s->ctx->tlsext_tick_key_name, 16)) | ||
| 818 | goto tickerr; | ||
| 819 | HMAC_Init_ex(&hctx, s->ctx->tlsext_tick_hmac_key, 16, | ||
| 820 | tlsext_tick_md(), NULL); | ||
| 821 | EVP_DecryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, | ||
| 822 | s->ctx->tlsext_tick_aes_key, etick + 16); | ||
| 823 | } | ||
| 824 | /* Attempt to process session ticket, first conduct sanity and | ||
| 825 | * integrity checks on ticket. | ||
| 826 | */ | ||
| 827 | mlen = HMAC_size(&hctx); | ||
| 828 | eticklen -= mlen; | ||
| 829 | /* Check HMAC of encrypted ticket */ | ||
| 830 | HMAC_Update(&hctx, etick, eticklen); | ||
| 831 | HMAC_Final(&hctx, tick_hmac, NULL); | ||
| 832 | HMAC_CTX_cleanup(&hctx); | ||
| 833 | if (memcmp(tick_hmac, etick + eticklen, mlen)) | ||
| 834 | goto tickerr; | ||
| 835 | /* Attempt to decrypt session data */ | ||
| 836 | /* Move p after IV to start of encrypted ticket, update length */ | ||
| 837 | p = etick + 16 + EVP_CIPHER_CTX_iv_length(&ctx); | ||
| 838 | eticklen -= 16 + EVP_CIPHER_CTX_iv_length(&ctx); | ||
| 839 | sdec = OPENSSL_malloc(eticklen); | ||
| 840 | if (!sdec) | ||
| 841 | { | ||
| 842 | EVP_CIPHER_CTX_cleanup(&ctx); | ||
| 843 | return -1; | ||
| 844 | } | ||
| 845 | EVP_DecryptUpdate(&ctx, sdec, &slen, p, eticklen); | ||
| 846 | if (EVP_DecryptFinal(&ctx, sdec + slen, &mlen) <= 0) | ||
| 847 | goto tickerr; | ||
| 848 | slen += mlen; | ||
| 849 | EVP_CIPHER_CTX_cleanup(&ctx); | ||
| 850 | p = sdec; | ||
| 851 | |||
| 852 | sess = d2i_SSL_SESSION(NULL, &p, slen); | ||
| 853 | OPENSSL_free(sdec); | ||
| 854 | if (sess) | ||
| 855 | { | ||
| 856 | /* The session ID if non-empty is used by some clients to | ||
| 857 | * detect that the ticket has been accepted. So we copy it to | ||
| 858 | * the session structure. If it is empty set length to zero | ||
| 859 | * as required by standard. | ||
| 860 | */ | ||
| 861 | if (sesslen) | ||
| 862 | memcpy(sess->session_id, sess_id, sesslen); | ||
| 863 | sess->session_id_length = sesslen; | ||
| 864 | *psess = sess; | ||
| 865 | s->tlsext_ticket_expected = renew_ticket; | ||
| 866 | return 1; | ||
| 867 | } | ||
| 868 | /* If session decrypt failure indicate a cache miss and set state to | ||
| 869 | * send a new ticket | ||
| 870 | */ | ||
| 871 | tickerr: | ||
| 872 | s->tlsext_ticket_expected = 1; | ||
| 873 | return 0; | ||
| 874 | } | ||
| 875 | |||
| 876 | #endif | ||
diff --git a/src/lib/libssl/src/ssl/t1_meth.c b/src/lib/libssl/src/ssl/t1_meth.c index fcc243f782..f5d8df634e 100644 --- a/src/lib/libssl/src/ssl/t1_meth.c +++ b/src/lib/libssl/src/ssl/t1_meth.c | |||
| @@ -69,28 +69,8 @@ static SSL_METHOD *tls1_get_method(int ver) | |||
| 69 | return(NULL); | 69 | return(NULL); |
| 70 | } | 70 | } |
| 71 | 71 | ||
| 72 | SSL_METHOD *TLSv1_method(void) | 72 | IMPLEMENT_tls1_meth_func(TLSv1_method, |
| 73 | { | 73 | ssl3_accept, |
| 74 | static int init=1; | 74 | ssl3_connect, |
| 75 | static SSL_METHOD TLSv1_data; | 75 | tls1_get_method) |
| 76 | |||
| 77 | if (init) | ||
| 78 | { | ||
| 79 | CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD); | ||
| 80 | |||
| 81 | if (init) | ||
| 82 | { | ||
| 83 | memcpy((char *)&TLSv1_data,(char *)tlsv1_base_method(), | ||
| 84 | sizeof(SSL_METHOD)); | ||
| 85 | TLSv1_data.ssl_connect=ssl3_connect; | ||
| 86 | TLSv1_data.ssl_accept=ssl3_accept; | ||
| 87 | TLSv1_data.get_ssl_method=tls1_get_method; | ||
| 88 | init=0; | ||
| 89 | } | ||
| 90 | |||
| 91 | CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD); | ||
| 92 | } | ||
| 93 | |||
| 94 | return(&TLSv1_data); | ||
| 95 | } | ||
| 96 | 76 | ||
diff --git a/src/lib/libssl/src/ssl/t1_srvr.c b/src/lib/libssl/src/ssl/t1_srvr.c index 1c1149e49f..b75636abba 100644 --- a/src/lib/libssl/src/ssl/t1_srvr.c +++ b/src/lib/libssl/src/ssl/t1_srvr.c | |||
| @@ -73,26 +73,8 @@ static SSL_METHOD *tls1_get_server_method(int ver) | |||
| 73 | return(NULL); | 73 | return(NULL); |
| 74 | } | 74 | } |
| 75 | 75 | ||
| 76 | SSL_METHOD *TLSv1_server_method(void) | 76 | IMPLEMENT_tls1_meth_func(TLSv1_server_method, |
| 77 | { | 77 | ssl3_accept, |
| 78 | static int init=1; | 78 | ssl_undefined_function, |
| 79 | static SSL_METHOD TLSv1_server_data; | 79 | tls1_get_server_method) |
| 80 | |||
| 81 | if (init) | ||
| 82 | { | ||
| 83 | CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD); | ||
| 84 | |||
| 85 | if (init) | ||
| 86 | { | ||
| 87 | memcpy((char *)&TLSv1_server_data,(char *)tlsv1_base_method(), | ||
| 88 | sizeof(SSL_METHOD)); | ||
| 89 | TLSv1_server_data.ssl_accept=ssl3_accept; | ||
| 90 | TLSv1_server_data.get_ssl_method=tls1_get_server_method; | ||
| 91 | init=0; | ||
| 92 | } | ||
| 93 | |||
| 94 | CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD); | ||
| 95 | } | ||
| 96 | return(&TLSv1_server_data); | ||
| 97 | } | ||
| 98 | 80 | ||
diff --git a/src/lib/libssl/src/ssl/tls1.h b/src/lib/libssl/src/ssl/tls1.h index 38838ea9a5..2d1d293e1a 100644 --- a/src/lib/libssl/src/ssl/tls1.h +++ b/src/lib/libssl/src/ssl/tls1.h | |||
| @@ -55,6 +55,19 @@ | |||
| 55 | * copied and put under another distribution licence | 55 | * copied and put under another distribution licence |
| 56 | * [including the GNU Public Licence.] | 56 | * [including the GNU Public Licence.] |
| 57 | */ | 57 | */ |
| 58 | /* ==================================================================== | ||
| 59 | * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. | ||
| 60 | * | ||
| 61 | * Portions of the attached software ("Contribution") are developed by | ||
| 62 | * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project. | ||
| 63 | * | ||
| 64 | * The Contribution is licensed pursuant to the OpenSSL open source | ||
| 65 | * license provided above. | ||
| 66 | * | ||
| 67 | * ECC cipher suite support in OpenSSL originally written by | ||
| 68 | * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories. | ||
| 69 | * | ||
| 70 | */ | ||
| 58 | 71 | ||
| 59 | #ifndef HEADER_TLS1_H | 72 | #ifndef HEADER_TLS1_H |
| 60 | #define HEADER_TLS1_H | 73 | #define HEADER_TLS1_H |
| @@ -65,7 +78,7 @@ | |||
| 65 | extern "C" { | 78 | extern "C" { |
| 66 | #endif | 79 | #endif |
| 67 | 80 | ||
| 68 | #define TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES 1 | 81 | #define TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES 0 |
| 69 | 82 | ||
| 70 | #define TLS1_VERSION 0x0301 | 83 | #define TLS1_VERSION 0x0301 |
| 71 | #define TLS1_VERSION_MAJOR 0x03 | 84 | #define TLS1_VERSION_MAJOR 0x03 |
| @@ -83,6 +96,93 @@ extern "C" { | |||
| 83 | #define TLS1_AD_INTERNAL_ERROR 80 /* fatal */ | 96 | #define TLS1_AD_INTERNAL_ERROR 80 /* fatal */ |
| 84 | #define TLS1_AD_USER_CANCELLED 90 | 97 | #define TLS1_AD_USER_CANCELLED 90 |
| 85 | #define TLS1_AD_NO_RENEGOTIATION 100 | 98 | #define TLS1_AD_NO_RENEGOTIATION 100 |
| 99 | /* codes 110-114 are from RFC3546 */ | ||
| 100 | #define TLS1_AD_UNSUPPORTED_EXTENSION 110 | ||
| 101 | #define TLS1_AD_CERTIFICATE_UNOBTAINABLE 111 | ||
| 102 | #define TLS1_AD_UNRECOGNIZED_NAME 112 | ||
| 103 | #define TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE 113 | ||
| 104 | #define TLS1_AD_BAD_CERTIFICATE_HASH_VALUE 114 | ||
| 105 | #define TLS1_AD_UNKNOWN_PSK_IDENTITY 115 /* fatal */ | ||
| 106 | |||
| 107 | /* ExtensionType values from RFC 3546 */ | ||
| 108 | #define TLSEXT_TYPE_server_name 0 | ||
| 109 | #define TLSEXT_TYPE_max_fragment_length 1 | ||
| 110 | #define TLSEXT_TYPE_client_certificate_url 2 | ||
| 111 | #define TLSEXT_TYPE_trusted_ca_keys 3 | ||
| 112 | #define TLSEXT_TYPE_truncated_hmac 4 | ||
| 113 | #define TLSEXT_TYPE_status_request 5 | ||
| 114 | #define TLSEXT_TYPE_elliptic_curves 10 | ||
| 115 | #define TLSEXT_TYPE_ec_point_formats 11 | ||
| 116 | #define TLSEXT_TYPE_session_ticket 35 | ||
| 117 | |||
| 118 | /* NameType value from RFC 3546 */ | ||
| 119 | #define TLSEXT_NAMETYPE_host_name 0 | ||
| 120 | /* status request value from RFC 3546 */ | ||
| 121 | #define TLSEXT_STATUSTYPE_ocsp 1 | ||
| 122 | |||
| 123 | #ifndef OPENSSL_NO_TLSEXT | ||
| 124 | |||
| 125 | #define TLSEXT_MAXLEN_host_name 255 | ||
| 126 | |||
| 127 | const char *SSL_get_servername(const SSL *s, const int type) ; | ||
| 128 | int SSL_get_servername_type(const SSL *s) ; | ||
| 129 | |||
| 130 | #define SSL_set_tlsext_host_name(s,name) \ | ||
| 131 | SSL_ctrl(s,SSL_CTRL_SET_TLSEXT_HOSTNAME,TLSEXT_NAMETYPE_host_name,(char *)name) | ||
| 132 | |||
| 133 | #define SSL_set_tlsext_debug_callback(ssl, cb) \ | ||
| 134 | SSL_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_DEBUG_CB,(void (*)(void))cb) | ||
| 135 | |||
| 136 | #define SSL_set_tlsext_debug_arg(ssl, arg) \ | ||
| 137 | SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_DEBUG_ARG,0, (void *)arg) | ||
| 138 | |||
| 139 | #define SSL_set_tlsext_status_type(ssl, type) \ | ||
| 140 | SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE,type, NULL) | ||
| 141 | |||
| 142 | #define SSL_get_tlsext_status_exts(ssl, arg) \ | ||
| 143 | SSL_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS,0, (void *)arg) | ||
| 144 | |||
| 145 | #define SSL_set_tlsext_status_exts(ssl, arg) \ | ||
| 146 | SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS,0, (void *)arg) | ||
| 147 | |||
| 148 | #define SSL_get_tlsext_status_ids(ssl, arg) \ | ||
| 149 | SSL_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS,0, (void *)arg) | ||
| 150 | |||
| 151 | #define SSL_set_tlsext_status_ids(ssl, arg) \ | ||
| 152 | SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS,0, (void *)arg) | ||
| 153 | |||
| 154 | #define SSL_get_tlsext_status_ocsp_resp(ssl, arg) \ | ||
| 155 | SSL_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP,0, (void *)arg) | ||
| 156 | |||
| 157 | #define SSL_set_tlsext_status_ocsp_resp(ssl, arg, arglen) \ | ||
| 158 | SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP,arglen, (void *)arg) | ||
| 159 | |||
| 160 | #define SSL_CTX_set_tlsext_servername_callback(ctx, cb) \ | ||
| 161 | SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TLSEXT_SERVERNAME_CB,(void (*)(void))cb) | ||
| 162 | |||
| 163 | #define SSL_TLSEXT_ERR_OK 0 | ||
| 164 | #define SSL_TLSEXT_ERR_ALERT_WARNING 1 | ||
| 165 | #define SSL_TLSEXT_ERR_ALERT_FATAL 2 | ||
| 166 | #define SSL_TLSEXT_ERR_NOACK 3 | ||
| 167 | |||
| 168 | #define SSL_CTX_set_tlsext_servername_arg(ctx, arg) \ | ||
| 169 | SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG,0, (void *)arg) | ||
| 170 | |||
| 171 | #define SSL_CTX_get_tlsext_ticket_keys(ctx, keys, keylen) \ | ||
| 172 | SSL_CTX_ctrl((ctx),SSL_CTRL_GET_TLXEXT_TICKET_KEYS,(keylen),(keys)) | ||
| 173 | #define SSL_CTX_set_tlsext_ticket_keys(ctx, keys, keylen) \ | ||
| 174 | SSL_CTX_ctrl((ctx),SSL_CTRL_SET_TLXEXT_TICKET_KEYS,(keylen),(keys)) | ||
| 175 | |||
| 176 | #define SSL_CTX_set_tlsext_status_cb(ssl, cb) \ | ||
| 177 | SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB,(void (*)(void))cb) | ||
| 178 | |||
| 179 | #define SSL_CTX_set_tlsext_status_arg(ssl, arg) \ | ||
| 180 | SSL_CTX_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG,0, (void *)arg) | ||
| 181 | |||
| 182 | #define SSL_CTX_set_tlsext_ticket_key_cb(ssl, cb) \ | ||
| 183 | SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb) | ||
| 184 | |||
| 185 | #endif | ||
| 86 | 186 | ||
| 87 | /* Additional TLS ciphersuites from draft-ietf-tls-56-bit-ciphersuites-00.txt | 187 | /* Additional TLS ciphersuites from draft-ietf-tls-56-bit-ciphersuites-00.txt |
| 88 | * (available if TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES is defined, see | 188 | * (available if TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES is defined, see |
| @@ -112,6 +212,60 @@ extern "C" { | |||
| 112 | #define TLS1_CK_DHE_RSA_WITH_AES_256_SHA 0x03000039 | 212 | #define TLS1_CK_DHE_RSA_WITH_AES_256_SHA 0x03000039 |
| 113 | #define TLS1_CK_ADH_WITH_AES_256_SHA 0x0300003A | 213 | #define TLS1_CK_ADH_WITH_AES_256_SHA 0x0300003A |
| 114 | 214 | ||
| 215 | /* Camellia ciphersuites from RFC4132 */ | ||
| 216 | #define TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA 0x03000041 | ||
| 217 | #define TLS1_CK_DH_DSS_WITH_CAMELLIA_128_CBC_SHA 0x03000042 | ||
| 218 | #define TLS1_CK_DH_RSA_WITH_CAMELLIA_128_CBC_SHA 0x03000043 | ||
| 219 | #define TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA 0x03000044 | ||
| 220 | #define TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA 0x03000045 | ||
| 221 | #define TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA 0x03000046 | ||
| 222 | |||
| 223 | #define TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA 0x03000084 | ||
| 224 | #define TLS1_CK_DH_DSS_WITH_CAMELLIA_256_CBC_SHA 0x03000085 | ||
| 225 | #define TLS1_CK_DH_RSA_WITH_CAMELLIA_256_CBC_SHA 0x03000086 | ||
| 226 | #define TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA 0x03000087 | ||
| 227 | #define TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 0x03000088 | ||
| 228 | #define TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA 0x03000089 | ||
| 229 | |||
| 230 | /* SEED ciphersuites from RFC4162 */ | ||
| 231 | #define TLS1_CK_RSA_WITH_SEED_SHA 0x03000096 | ||
| 232 | #define TLS1_CK_DH_DSS_WITH_SEED_SHA 0x03000097 | ||
| 233 | #define TLS1_CK_DH_RSA_WITH_SEED_SHA 0x03000098 | ||
| 234 | #define TLS1_CK_DHE_DSS_WITH_SEED_SHA 0x03000099 | ||
| 235 | #define TLS1_CK_DHE_RSA_WITH_SEED_SHA 0x0300009A | ||
| 236 | #define TLS1_CK_ADH_WITH_SEED_SHA 0x0300009B | ||
| 237 | |||
| 238 | /* ECC ciphersuites from draft-ietf-tls-ecc-12.txt with changes soon to be in draft 13 */ | ||
| 239 | #define TLS1_CK_ECDH_ECDSA_WITH_NULL_SHA 0x0300C001 | ||
| 240 | #define TLS1_CK_ECDH_ECDSA_WITH_RC4_128_SHA 0x0300C002 | ||
| 241 | #define TLS1_CK_ECDH_ECDSA_WITH_DES_192_CBC3_SHA 0x0300C003 | ||
| 242 | #define TLS1_CK_ECDH_ECDSA_WITH_AES_128_CBC_SHA 0x0300C004 | ||
| 243 | #define TLS1_CK_ECDH_ECDSA_WITH_AES_256_CBC_SHA 0x0300C005 | ||
| 244 | |||
| 245 | #define TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA 0x0300C006 | ||
| 246 | #define TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA 0x0300C007 | ||
| 247 | #define TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA 0x0300C008 | ||
| 248 | #define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 0x0300C009 | ||
| 249 | #define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 0x0300C00A | ||
| 250 | |||
| 251 | #define TLS1_CK_ECDH_RSA_WITH_NULL_SHA 0x0300C00B | ||
| 252 | #define TLS1_CK_ECDH_RSA_WITH_RC4_128_SHA 0x0300C00C | ||
| 253 | #define TLS1_CK_ECDH_RSA_WITH_DES_192_CBC3_SHA 0x0300C00D | ||
| 254 | #define TLS1_CK_ECDH_RSA_WITH_AES_128_CBC_SHA 0x0300C00E | ||
| 255 | #define TLS1_CK_ECDH_RSA_WITH_AES_256_CBC_SHA 0x0300C00F | ||
| 256 | |||
| 257 | #define TLS1_CK_ECDHE_RSA_WITH_NULL_SHA 0x0300C010 | ||
| 258 | #define TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA 0x0300C011 | ||
| 259 | #define TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA 0x0300C012 | ||
| 260 | #define TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA 0x0300C013 | ||
| 261 | #define TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA 0x0300C014 | ||
| 262 | |||
| 263 | #define TLS1_CK_ECDH_anon_WITH_NULL_SHA 0x0300C015 | ||
| 264 | #define TLS1_CK_ECDH_anon_WITH_RC4_128_SHA 0x0300C016 | ||
| 265 | #define TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA 0x0300C017 | ||
| 266 | #define TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA 0x0300C018 | ||
| 267 | #define TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA 0x0300C019 | ||
| 268 | |||
| 115 | /* XXX | 269 | /* XXX |
| 116 | * Inconsistency alert: | 270 | * Inconsistency alert: |
| 117 | * The OpenSSL names of ciphers with ephemeral DH here include the string | 271 | * The OpenSSL names of ciphers with ephemeral DH here include the string |
| @@ -142,12 +296,68 @@ extern "C" { | |||
| 142 | #define TLS1_TXT_DHE_RSA_WITH_AES_256_SHA "DHE-RSA-AES256-SHA" | 296 | #define TLS1_TXT_DHE_RSA_WITH_AES_256_SHA "DHE-RSA-AES256-SHA" |
| 143 | #define TLS1_TXT_ADH_WITH_AES_256_SHA "ADH-AES256-SHA" | 297 | #define TLS1_TXT_ADH_WITH_AES_256_SHA "ADH-AES256-SHA" |
| 144 | 298 | ||
| 299 | /* ECC ciphersuites from draft-ietf-tls-ecc-01.txt (Mar 15, 2001) */ | ||
| 300 | #define TLS1_TXT_ECDH_ECDSA_WITH_NULL_SHA "ECDH-ECDSA-NULL-SHA" | ||
| 301 | #define TLS1_TXT_ECDH_ECDSA_WITH_RC4_128_SHA "ECDH-ECDSA-RC4-SHA" | ||
| 302 | #define TLS1_TXT_ECDH_ECDSA_WITH_DES_192_CBC3_SHA "ECDH-ECDSA-DES-CBC3-SHA" | ||
| 303 | #define TLS1_TXT_ECDH_ECDSA_WITH_AES_128_CBC_SHA "ECDH-ECDSA-AES128-SHA" | ||
| 304 | #define TLS1_TXT_ECDH_ECDSA_WITH_AES_256_CBC_SHA "ECDH-ECDSA-AES256-SHA" | ||
| 305 | |||
| 306 | #define TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA "ECDHE-ECDSA-NULL-SHA" | ||
| 307 | #define TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA "ECDHE-ECDSA-RC4-SHA" | ||
| 308 | #define TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA "ECDHE-ECDSA-DES-CBC3-SHA" | ||
| 309 | #define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA "ECDHE-ECDSA-AES128-SHA" | ||
| 310 | #define TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA "ECDHE-ECDSA-AES256-SHA" | ||
| 311 | |||
| 312 | #define TLS1_TXT_ECDH_RSA_WITH_NULL_SHA "ECDH-RSA-NULL-SHA" | ||
| 313 | #define TLS1_TXT_ECDH_RSA_WITH_RC4_128_SHA "ECDH-RSA-RC4-SHA" | ||
| 314 | #define TLS1_TXT_ECDH_RSA_WITH_DES_192_CBC3_SHA "ECDH-RSA-DES-CBC3-SHA" | ||
| 315 | #define TLS1_TXT_ECDH_RSA_WITH_AES_128_CBC_SHA "ECDH-RSA-AES128-SHA" | ||
| 316 | #define TLS1_TXT_ECDH_RSA_WITH_AES_256_CBC_SHA "ECDH-RSA-AES256-SHA" | ||
| 317 | |||
| 318 | #define TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA "ECDHE-RSA-NULL-SHA" | ||
| 319 | #define TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA "ECDHE-RSA-RC4-SHA" | ||
| 320 | #define TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA "ECDHE-RSA-DES-CBC3-SHA" | ||
| 321 | #define TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA "ECDHE-RSA-AES128-SHA" | ||
| 322 | #define TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA "ECDHE-RSA-AES256-SHA" | ||
| 323 | |||
| 324 | #define TLS1_TXT_ECDH_anon_WITH_NULL_SHA "AECDH-NULL-SHA" | ||
| 325 | #define TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA "AECDH-RC4-SHA" | ||
| 326 | #define TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA "AECDH-DES-CBC3-SHA" | ||
| 327 | #define TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA "AECDH-AES128-SHA" | ||
| 328 | #define TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA "AECDH-AES256-SHA" | ||
| 329 | |||
| 330 | /* Camellia ciphersuites from RFC4132 */ | ||
| 331 | #define TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA "CAMELLIA128-SHA" | ||
| 332 | #define TLS1_TXT_DH_DSS_WITH_CAMELLIA_128_CBC_SHA "DH-DSS-CAMELLIA128-SHA" | ||
| 333 | #define TLS1_TXT_DH_RSA_WITH_CAMELLIA_128_CBC_SHA "DH-RSA-CAMELLIA128-SHA" | ||
| 334 | #define TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA "DHE-DSS-CAMELLIA128-SHA" | ||
| 335 | #define TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA "DHE-RSA-CAMELLIA128-SHA" | ||
| 336 | #define TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA "ADH-CAMELLIA128-SHA" | ||
| 337 | |||
| 338 | #define TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA "CAMELLIA256-SHA" | ||
| 339 | #define TLS1_TXT_DH_DSS_WITH_CAMELLIA_256_CBC_SHA "DH-DSS-CAMELLIA256-SHA" | ||
| 340 | #define TLS1_TXT_DH_RSA_WITH_CAMELLIA_256_CBC_SHA "DH-RSA-CAMELLIA256-SHA" | ||
| 341 | #define TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA "DHE-DSS-CAMELLIA256-SHA" | ||
| 342 | #define TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA "DHE-RSA-CAMELLIA256-SHA" | ||
| 343 | #define TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA "ADH-CAMELLIA256-SHA" | ||
| 344 | |||
| 345 | /* SEED ciphersuites from RFC4162 */ | ||
| 346 | #define TLS1_TXT_RSA_WITH_SEED_SHA "SEED-SHA" | ||
| 347 | #define TLS1_TXT_DH_DSS_WITH_SEED_SHA "DH-DSS-SEED-SHA" | ||
| 348 | #define TLS1_TXT_DH_RSA_WITH_SEED_SHA "DH-RSA-SEED-SHA" | ||
| 349 | #define TLS1_TXT_DHE_DSS_WITH_SEED_SHA "DHE-DSS-SEED-SHA" | ||
| 350 | #define TLS1_TXT_DHE_RSA_WITH_SEED_SHA "DHE-RSA-SEED-SHA" | ||
| 351 | #define TLS1_TXT_ADH_WITH_SEED_SHA "ADH-SEED-SHA" | ||
| 145 | 352 | ||
| 146 | #define TLS_CT_RSA_SIGN 1 | 353 | #define TLS_CT_RSA_SIGN 1 |
| 147 | #define TLS_CT_DSS_SIGN 2 | 354 | #define TLS_CT_DSS_SIGN 2 |
| 148 | #define TLS_CT_RSA_FIXED_DH 3 | 355 | #define TLS_CT_RSA_FIXED_DH 3 |
| 149 | #define TLS_CT_DSS_FIXED_DH 4 | 356 | #define TLS_CT_DSS_FIXED_DH 4 |
| 150 | #define TLS_CT_NUMBER 4 | 357 | #define TLS_CT_ECDSA_SIGN 64 |
| 358 | #define TLS_CT_RSA_FIXED_ECDH 65 | ||
| 359 | #define TLS_CT_ECDSA_FIXED_ECDH 66 | ||
| 360 | #define TLS_CT_NUMBER 7 | ||
| 151 | 361 | ||
| 152 | #define TLS1_FINISH_MAC_LENGTH 12 | 362 | #define TLS1_FINISH_MAC_LENGTH 12 |
| 153 | 363 | ||
| @@ -193,3 +403,5 @@ extern "C" { | |||
| 193 | #endif | 403 | #endif |
| 194 | #endif | 404 | #endif |
| 195 | 405 | ||
| 406 | |||
| 407 | |||
diff --git a/src/lib/libssl/src/test/bctest b/src/lib/libssl/src/test/bctest index e81fc0733a..bdb3218f7a 100644 --- a/src/lib/libssl/src/test/bctest +++ b/src/lib/libssl/src/test/bctest | |||
| @@ -1,6 +1,6 @@ | |||
| 1 | #!/bin/sh | 1 | #!/bin/sh |
| 2 | 2 | ||
| 3 | # This script is used by test/Makefile to check whether a sane 'bc' | 3 | # This script is used by test/Makefile.ssl to check whether a sane 'bc' |
| 4 | # is installed. | 4 | # is installed. |
| 5 | # ('make test_bn' should not try to run 'bc' if it does not exist or if | 5 | # ('make test_bn' should not try to run 'bc' if it does not exist or if |
| 6 | # it is a broken 'bc' version that is known to cause trouble.) | 6 | # it is a broken 'bc' version that is known to cause trouble.) |
diff --git a/src/lib/libssl/src/test/maketests.com b/src/lib/libssl/src/test/maketests.com index 94621a655b..14cbf06088 100644 --- a/src/lib/libssl/src/test/maketests.com +++ b/src/lib/libssl/src/test/maketests.com | |||
| @@ -127,9 +127,11 @@ $ GOSUB CHECK_OPT_FILE | |||
| 127 | $! | 127 | $! |
| 128 | $! Define The TEST Files. | 128 | $! Define The TEST Files. |
| 129 | $! | 129 | $! |
| 130 | $ TEST_FILES = "BNTEST,ECTEST,IDEATEST,MD2TEST,MD4TEST,MD5TEST,HMACTEST,"+ - | 130 | $ TEST_FILES = "BNTEST,ECTEST,ECDSATEST,ECDHTEST,IDEATEST,"+ - |
| 131 | "MD2TEST,MD4TEST,MD5TEST,HMACTEST,"+ - | ||
| 131 | "RC2TEST,RC4TEST,RC5TEST,"+ - | 132 | "RC2TEST,RC4TEST,RC5TEST,"+ - |
| 132 | "DESTEST,SHATEST,SHA1TEST,MDC2TEST,RMDTEST,"+ - | 133 | "DESTEST,SHATEST,SHA1TEST,SHA256T,SHA512T,"+ - |
| 134 | "MDC2TEST,RMDTEST,"+ - | ||
| 133 | "RANDTEST,DHTEST,ENGINETEST,"+ - | 135 | "RANDTEST,DHTEST,ENGINETEST,"+ - |
| 134 | "BFTEST,CASTTEST,SSLTEST,EXPTEST,DSATEST,RSA_TEST,"+ - | 136 | "BFTEST,CASTTEST,SSLTEST,EXPTEST,DSATEST,RSA_TEST,"+ - |
| 135 | "EVP_TEST" | 137 | "EVP_TEST" |
diff --git a/src/lib/libssl/src/test/tcrl b/src/lib/libssl/src/test/tcrl index 3ffed12a03..055269eab8 100644 --- a/src/lib/libssl/src/test/tcrl +++ b/src/lib/libssl/src/test/tcrl | |||
| @@ -1,12 +1,5 @@ | |||
| 1 | #!/bin/sh | 1 | #!/bin/sh |
| 2 | 2 | ||
| 3 | if test "$OSTYPE" = msdosdjgpp; then | ||
| 4 | PATH=../apps\;$PATH | ||
| 5 | else | ||
| 6 | PATH=../apps:$PATH | ||
| 7 | fi | ||
| 8 | export PATH | ||
| 9 | |||
| 10 | cmd='../util/shlib_wrap.sh ../apps/openssl crl' | 3 | cmd='../util/shlib_wrap.sh ../apps/openssl crl' |
| 11 | 4 | ||
| 12 | if [ "$1"x != "x" ]; then | 5 | if [ "$1"x != "x" ]; then |
diff --git a/src/lib/libssl/src/test/testca b/src/lib/libssl/src/test/testca index 5b2faa78f1..b109cfe271 100644 --- a/src/lib/libssl/src/test/testca +++ b/src/lib/libssl/src/test/testca | |||
| @@ -2,16 +2,16 @@ | |||
| 2 | 2 | ||
| 3 | SH="/bin/sh" | 3 | SH="/bin/sh" |
| 4 | if test "$OSTYPE" = msdosdjgpp; then | 4 | if test "$OSTYPE" = msdosdjgpp; then |
| 5 | PATH=./apps\;../apps\;$PATH | 5 | PATH="../apps\;$PATH" |
| 6 | else | 6 | else |
| 7 | PATH=../apps:$PATH | 7 | PATH="../apps:$PATH" |
| 8 | fi | 8 | fi |
| 9 | export SH PATH | 9 | export SH PATH |
| 10 | 10 | ||
| 11 | SSLEAY_CONFIG="-config CAss.cnf" | 11 | SSLEAY_CONFIG="-config CAss.cnf" |
| 12 | export SSLEAY_CONFIG | 12 | export SSLEAY_CONFIG |
| 13 | 13 | ||
| 14 | OPENSSL="`pwd`/../util/shlib_wrap.sh openssl" | 14 | OPENSSL="`pwd`/../util/opensslwrap.sh" |
| 15 | export OPENSSL | 15 | export OPENSSL |
| 16 | 16 | ||
| 17 | /bin/rm -fr demoCA | 17 | /bin/rm -fr demoCA |
diff --git a/src/lib/libssl/src/test/testenc b/src/lib/libssl/src/test/testenc index 4571ea2875..f5ce7c0c45 100644 --- a/src/lib/libssl/src/test/testenc +++ b/src/lib/libssl/src/test/testenc | |||
| @@ -7,8 +7,8 @@ cmd="../util/shlib_wrap.sh ../apps/openssl" | |||
| 7 | cat $testsrc >$test; | 7 | cat $testsrc >$test; |
| 8 | 8 | ||
| 9 | echo cat | 9 | echo cat |
| 10 | $cmd enc -non-fips-allow < $test > $test.cipher | 10 | $cmd enc < $test > $test.cipher |
| 11 | $cmd enc -non-fips-allow < $test.cipher >$test.clear | 11 | $cmd enc < $test.cipher >$test.clear |
| 12 | cmp $test $test.clear | 12 | cmp $test $test.clear |
| 13 | if [ $? != 0 ] | 13 | if [ $? != 0 ] |
| 14 | then | 14 | then |
| @@ -17,8 +17,8 @@ else | |||
| 17 | /bin/rm $test.cipher $test.clear | 17 | /bin/rm $test.cipher $test.clear |
| 18 | fi | 18 | fi |
| 19 | echo base64 | 19 | echo base64 |
| 20 | $cmd enc -non-fips-allow -a -e < $test > $test.cipher | 20 | $cmd enc -a -e < $test > $test.cipher |
| 21 | $cmd enc -non-fips-allow -a -d < $test.cipher >$test.clear | 21 | $cmd enc -a -d < $test.cipher >$test.clear |
| 22 | cmp $test $test.clear | 22 | cmp $test $test.clear |
| 23 | if [ $? != 0 ] | 23 | if [ $? != 0 ] |
| 24 | then | 24 | then |
| @@ -30,8 +30,8 @@ fi | |||
| 30 | for i in `$cmd list-cipher-commands` | 30 | for i in `$cmd list-cipher-commands` |
| 31 | do | 31 | do |
| 32 | echo $i | 32 | echo $i |
| 33 | $cmd $i -non-fips-allow -bufsize 113 -e -k test < $test > $test.$i.cipher | 33 | $cmd $i -bufsize 113 -e -k test < $test > $test.$i.cipher |
| 34 | $cmd $i -non-fips-allow -bufsize 157 -d -k test < $test.$i.cipher >$test.$i.clear | 34 | $cmd $i -bufsize 157 -d -k test < $test.$i.cipher >$test.$i.clear |
| 35 | cmp $test $test.$i.clear | 35 | cmp $test $test.$i.clear |
| 36 | if [ $? != 0 ] | 36 | if [ $? != 0 ] |
| 37 | then | 37 | then |
| @@ -41,8 +41,8 @@ do | |||
| 41 | fi | 41 | fi |
| 42 | 42 | ||
| 43 | echo $i base64 | 43 | echo $i base64 |
| 44 | $cmd $i -non-fips-allow -bufsize 113 -a -e -k test < $test > $test.$i.cipher | 44 | $cmd $i -bufsize 113 -a -e -k test < $test > $test.$i.cipher |
| 45 | $cmd $i -non-fips-allow -bufsize 157 -a -d -k test < $test.$i.cipher >$test.$i.clear | 45 | $cmd $i -bufsize 157 -a -d -k test < $test.$i.cipher >$test.$i.clear |
| 46 | cmp $test $test.$i.clear | 46 | cmp $test $test.$i.clear |
| 47 | if [ $? != 0 ] | 47 | if [ $? != 0 ] |
| 48 | then | 48 | then |
diff --git a/src/lib/libssl/src/test/tests.com b/src/lib/libssl/src/test/tests.com index 07a3c7f16d..056082e7fe 100644 --- a/src/lib/libssl/src/test/tests.com +++ b/src/lib/libssl/src/test/tests.com | |||
| @@ -22,14 +22,17 @@ $ tests := - | |||
| 22 | test_des,test_idea,test_sha,test_md4,test_md5,test_hmac,- | 22 | test_des,test_idea,test_sha,test_md4,test_md5,test_hmac,- |
| 23 | test_md2,test_mdc2,- | 23 | test_md2,test_mdc2,- |
| 24 | test_rmd,test_rc2,test_rc4,test_rc5,test_bf,test_cast,test_rd,- | 24 | test_rmd,test_rc2,test_rc4,test_rc5,test_bf,test_cast,test_rd,- |
| 25 | test_rand,test_bn,test_ec,test_enc,test_x509,test_rsa,test_crl,test_sid,- | 25 | test_rand,test_bn,test_ec,test_ecdsa,test_ecdh,- |
| 26 | test_enc,test_x509,test_rsa,test_crl,test_sid,- | ||
| 26 | test_gen,test_req,test_pkcs7,test_verify,test_dh,test_dsa,- | 27 | test_gen,test_req,test_pkcs7,test_verify,test_dh,test_dsa,- |
| 27 | test_ss,test_ca,test_engine,test_ssl,test_evp | 28 | test_ss,test_ca,test_engine,test_evp,test_ssl |
| 28 | $ endif | 29 | $ endif |
| 29 | $ tests = f$edit(tests,"COLLAPSE") | 30 | $ tests = f$edit(tests,"COLLAPSE") |
| 30 | $ | 31 | $ |
| 31 | $ BNTEST := bntest | 32 | $ BNTEST := bntest |
| 32 | $ ECTEST := ectest | 33 | $ ECTEST := ectest |
| 34 | $ ECDSATEST := ecdsatest | ||
| 35 | $ ECDHTEST := ecdhtest | ||
| 33 | $ EXPTEST := exptest | 36 | $ EXPTEST := exptest |
| 34 | $ IDEATEST := ideatest | 37 | $ IDEATEST := ideatest |
| 35 | $ SHATEST := shatest | 38 | $ SHATEST := shatest |
| @@ -182,6 +185,14 @@ $ test_ec: | |||
| 182 | $ write sys$output "test elliptic curves" | 185 | $ write sys$output "test elliptic curves" |
| 183 | $ mcr 'texe_dir''ectest' | 186 | $ mcr 'texe_dir''ectest' |
| 184 | $ return | 187 | $ return |
| 188 | $ test_ecdsa: | ||
| 189 | $ write sys$output "test ecdsa" | ||
| 190 | $ mcr 'texe_dir''ecdsatest' | ||
| 191 | $ return | ||
| 192 | $ test_ecdh: | ||
| 193 | $ write sys$output "test ecdh" | ||
| 194 | $ mcr 'texe_dir''ecdhtest' | ||
| 195 | $ return | ||
| 185 | $ test_verify: | 196 | $ test_verify: |
| 186 | $ write sys$output "The following command should have some OK's and some failures" | 197 | $ write sys$output "The following command should have some OK's and some failures" |
| 187 | $ write sys$output "There are definitly a few expired certificates" | 198 | $ write sys$output "There are definitly a few expired certificates" |
diff --git a/src/lib/libssl/src/test/tpkcs7 b/src/lib/libssl/src/test/tpkcs7 index 79bb6e0edf..3e435ffbf9 100644 --- a/src/lib/libssl/src/test/tpkcs7 +++ b/src/lib/libssl/src/test/tpkcs7 | |||
| @@ -1,12 +1,5 @@ | |||
| 1 | #!/bin/sh | 1 | #!/bin/sh |
| 2 | 2 | ||
| 3 | if test "$OSTYPE" = msdosdjgpp; then | ||
| 4 | PATH=../apps\;$PATH | ||
| 5 | else | ||
| 6 | PATH=../apps:$PATH | ||
| 7 | fi | ||
| 8 | export PATH | ||
| 9 | |||
| 10 | cmd='../util/shlib_wrap.sh ../apps/openssl pkcs7' | 3 | cmd='../util/shlib_wrap.sh ../apps/openssl pkcs7' |
| 11 | 4 | ||
| 12 | if [ "$1"x != "x" ]; then | 5 | if [ "$1"x != "x" ]; then |
diff --git a/src/lib/libssl/src/test/tpkcs7d b/src/lib/libssl/src/test/tpkcs7d index 20394b34c4..64fc28e88f 100644 --- a/src/lib/libssl/src/test/tpkcs7d +++ b/src/lib/libssl/src/test/tpkcs7d | |||
| @@ -1,12 +1,5 @@ | |||
| 1 | #!/bin/sh | 1 | #!/bin/sh |
| 2 | 2 | ||
| 3 | if test "$OSTYPE" = msdosdjgpp; then | ||
| 4 | PATH=../apps\;$PATH | ||
| 5 | else | ||
| 6 | PATH=../apps:$PATH | ||
| 7 | fi | ||
| 8 | export PATH | ||
| 9 | |||
| 10 | cmd='../util/shlib_wrap.sh ../apps/openssl pkcs7' | 3 | cmd='../util/shlib_wrap.sh ../apps/openssl pkcs7' |
| 11 | 4 | ||
| 12 | if [ "$1"x != "x" ]; then | 5 | if [ "$1"x != "x" ]; then |
diff --git a/src/lib/libssl/src/test/treq b/src/lib/libssl/src/test/treq index 7e020210a5..77f37dcf3a 100644 --- a/src/lib/libssl/src/test/treq +++ b/src/lib/libssl/src/test/treq | |||
| @@ -1,12 +1,5 @@ | |||
| 1 | #!/bin/sh | 1 | #!/bin/sh |
| 2 | 2 | ||
| 3 | if test "$OSTYPE" = msdosdjgpp; then | ||
| 4 | PATH=../apps\;$PATH | ||
| 5 | else | ||
| 6 | PATH=../apps:$PATH | ||
| 7 | fi | ||
| 8 | export PATH | ||
| 9 | |||
| 10 | cmd='../util/shlib_wrap.sh ../apps/openssl req -config ../apps/openssl.cnf' | 3 | cmd='../util/shlib_wrap.sh ../apps/openssl req -config ../apps/openssl.cnf' |
| 11 | 4 | ||
| 12 | if [ "$1"x != "x" ]; then | 5 | if [ "$1"x != "x" ]; then |
| @@ -15,7 +8,7 @@ else | |||
| 15 | t=testreq.pem | 8 | t=testreq.pem |
| 16 | fi | 9 | fi |
| 17 | 10 | ||
| 18 | if $cmd -in $t -inform p -noout -text | fgrep 'Unknown Public Key'; then | 11 | if $cmd -in $t -inform p -noout -text 2>&1 | fgrep -i 'Unknown Public Key'; then |
| 19 | echo "skipping req conversion test for $t" | 12 | echo "skipping req conversion test for $t" |
| 20 | exit 0 | 13 | exit 0 |
| 21 | fi | 14 | fi |
diff --git a/src/lib/libssl/src/test/trsa b/src/lib/libssl/src/test/trsa index 67b4a98841..249ac1ddcc 100644 --- a/src/lib/libssl/src/test/trsa +++ b/src/lib/libssl/src/test/trsa | |||
| @@ -1,12 +1,5 @@ | |||
| 1 | #!/bin/sh | 1 | #!/bin/sh |
| 2 | 2 | ||
| 3 | if test "$OSTYPE" = msdosdjgpp; then | ||
| 4 | PATH=../apps\;$PATH | ||
| 5 | else | ||
| 6 | PATH=../apps:$PATH | ||
| 7 | fi | ||
| 8 | export PATH | ||
| 9 | |||
| 10 | if ../util/shlib_wrap.sh ../apps/openssl no-rsa; then | 3 | if ../util/shlib_wrap.sh ../apps/openssl no-rsa; then |
| 11 | echo skipping rsa conversion test | 4 | echo skipping rsa conversion test |
| 12 | exit 0 | 5 | exit 0 |
diff --git a/src/lib/libssl/src/test/tsid b/src/lib/libssl/src/test/tsid index fb4a7213b9..6adbd531ce 100644 --- a/src/lib/libssl/src/test/tsid +++ b/src/lib/libssl/src/test/tsid | |||
| @@ -1,12 +1,5 @@ | |||
| 1 | #!/bin/sh | 1 | #!/bin/sh |
| 2 | 2 | ||
| 3 | if test "$OSTYPE" = msdosdjgpp; then | ||
| 4 | PATH=../apps\;$PATH | ||
| 5 | else | ||
| 6 | PATH=../apps:$PATH | ||
| 7 | fi | ||
| 8 | export PATH | ||
| 9 | |||
| 10 | cmd='../util/shlib_wrap.sh ../apps/openssl sess_id' | 3 | cmd='../util/shlib_wrap.sh ../apps/openssl sess_id' |
| 11 | 4 | ||
| 12 | if [ "$1"x != "x" ]; then | 5 | if [ "$1"x != "x" ]; then |
diff --git a/src/lib/libssl/src/test/tx509 b/src/lib/libssl/src/test/tx509 index 1b9c8661f3..4a15b98d17 100644 --- a/src/lib/libssl/src/test/tx509 +++ b/src/lib/libssl/src/test/tx509 | |||
| @@ -1,12 +1,5 @@ | |||
| 1 | #!/bin/sh | 1 | #!/bin/sh |
| 2 | 2 | ||
| 3 | if test "$OSTYPE" = msdosdjgpp; then | ||
| 4 | PATH=../apps\;$PATH | ||
| 5 | else | ||
| 6 | PATH=../apps:$PATH | ||
| 7 | fi | ||
| 8 | export PATH | ||
| 9 | |||
| 10 | cmd='../util/shlib_wrap.sh ../apps/openssl x509' | 3 | cmd='../util/shlib_wrap.sh ../apps/openssl x509' |
| 11 | 4 | ||
| 12 | if [ "$1"x != "x" ]; then | 5 | if [ "$1"x != "x" ]; then |
diff --git a/src/lib/libssl/src/util/ck_errf.pl b/src/lib/libssl/src/util/ck_errf.pl index 7a24d6c5a2..344b422c34 100644 --- a/src/lib/libssl/src/util/ck_errf.pl +++ b/src/lib/libssl/src/util/ck_errf.pl | |||
| @@ -13,16 +13,21 @@ foreach $file (@ARGV) | |||
| 13 | $func=""; | 13 | $func=""; |
| 14 | while (<IN>) | 14 | while (<IN>) |
| 15 | { | 15 | { |
| 16 | if (/^[a-zA-Z].+[\s*]([A-Za-z_0-9]+)\(.*\)/) | 16 | if (!/;$/ && /^([a-zA-Z].*[\s*])?([A-Za-z_0-9]+)\(.*[),]/) |
| 17 | { | 17 | { |
| 18 | $func=$1; | 18 | /^([^()]*(\([^()]*\)[^()]*)*)\(/; |
| 19 | $1 =~ /([A-Za-z_0-9]*)$/; | ||
| 20 | $func = $1; | ||
| 19 | $func =~ tr/A-Z/a-z/; | 21 | $func =~ tr/A-Z/a-z/; |
| 20 | } | 22 | } |
| 21 | if (/([A-Z0-9]+)err\(([^,]+)/) | 23 | if (/([A-Z0-9]+)err\(([^,]+)/) |
| 22 | { | 24 | { |
| 23 | next if ($func eq ""); | ||
| 24 | $errlib=$1; | 25 | $errlib=$1; |
| 25 | $n=$2; | 26 | $n=$2; |
| 27 | |||
| 28 | if ($func eq "") | ||
| 29 | { print "$file:$.:???:$n\n"; next; } | ||
| 30 | |||
| 26 | if ($n !~ /([^_]+)_F_(.+)$/) | 31 | if ($n !~ /([^_]+)_F_(.+)$/) |
| 27 | { | 32 | { |
| 28 | # print "check -$file:$.:$func:$n\n"; | 33 | # print "check -$file:$.:$func:$n\n"; |
| @@ -32,7 +37,7 @@ foreach $file (@ARGV) | |||
| 32 | $n=$2; | 37 | $n=$2; |
| 33 | 38 | ||
| 34 | if ($lib ne $errlib) | 39 | if ($lib ne $errlib) |
| 35 | { print "$file:$.:$func:$n\n"; next; } | 40 | { print "$file:$.:$func:$n [${errlib}err]\n"; next; } |
| 36 | 41 | ||
| 37 | $n =~ tr/A-Z/a-z/; | 42 | $n =~ tr/A-Z/a-z/; |
| 38 | if (($n ne $func) && ($errlib ne "SYS")) | 43 | if (($n ne $func) && ($errlib ne "SYS")) |
diff --git a/src/lib/libssl/src/util/clean-depend.pl b/src/lib/libssl/src/util/clean-depend.pl index 6c485d1e2f..2b2bdb4048 100644 --- a/src/lib/libssl/src/util/clean-depend.pl +++ b/src/lib/libssl/src/util/clean-depend.pl | |||
| @@ -37,8 +37,11 @@ foreach $file (sort keys %files) { | |||
| 37 | $file=~s/^\.\///; | 37 | $file=~s/^\.\///; |
| 38 | push @{$files{$file}},$origfile; | 38 | push @{$files{$file}},$origfile; |
| 39 | my $prevdep=""; | 39 | my $prevdep=""; |
| 40 | foreach $dep (sort @{$files{$file}}) { | 40 | |
| 41 | $dep=~s/^\.\///; | 41 | # Remove leading ./ before sorting |
| 42 | my @deps = map { $_ =~ s/^\.\///; $_ } @{$files{$file}}; | ||
| 43 | |||
| 44 | foreach $dep (sort @deps) { | ||
| 42 | next if $prevdep eq $dep; # to exterminate duplicates... | 45 | next if $prevdep eq $dep; # to exterminate duplicates... |
| 43 | $prevdep = $dep; | 46 | $prevdep = $dep; |
| 44 | $len=0 if $len+length($dep)+1 >= 80; | 47 | $len=0 if $len+length($dep)+1 >= 80; |
diff --git a/src/lib/libssl/src/util/cygwin.sh b/src/lib/libssl/src/util/cygwin.sh index 7f791d47f4..89d1dda95b 100644 --- a/src/lib/libssl/src/util/cygwin.sh +++ b/src/lib/libssl/src/util/cygwin.sh | |||
| @@ -47,6 +47,14 @@ function doc_install() | |||
| 47 | create_cygwin_readme | 47 | create_cygwin_readme |
| 48 | } | 48 | } |
| 49 | 49 | ||
| 50 | function certs_install() | ||
| 51 | { | ||
| 52 | CERTS_DIR=${INSTALL_PREFIX}/usr/ssl/certs | ||
| 53 | |||
| 54 | mkdir -p ${CERTS_DIR} | ||
| 55 | cp -rp certs/* ${CERTS_DIR} | ||
| 56 | } | ||
| 57 | |||
| 50 | function create_cygwin_readme() | 58 | function create_cygwin_readme() |
| 51 | { | 59 | { |
| 52 | README_DIR=${INSTALL_PREFIX}/usr/share/doc/Cygwin | 60 | README_DIR=${INSTALL_PREFIX}/usr/share/doc/Cygwin |
| @@ -104,19 +112,25 @@ base_install | |||
| 104 | 112 | ||
| 105 | doc_install | 113 | doc_install |
| 106 | 114 | ||
| 115 | certs_install | ||
| 116 | |||
| 107 | create_cygwin_readme | 117 | create_cygwin_readme |
| 108 | 118 | ||
| 109 | create_profile_files | 119 | create_profile_files |
| 110 | 120 | ||
| 111 | cd ${INSTALL_PREFIX} | 121 | cd ${INSTALL_PREFIX} |
| 112 | strip usr/bin/*.exe usr/bin/*.dll | 122 | chmod u+w usr/lib/engines/*.so |
| 123 | strip usr/bin/*.exe usr/bin/*.dll usr/lib/engines/*.so | ||
| 124 | chmod u-w usr/lib/engines/*.so | ||
| 113 | 125 | ||
| 114 | # Runtime package | 126 | # Runtime package |
| 115 | find etc usr/bin usr/share/doc usr/ssl/certs usr/ssl/man/man[157] \ | 127 | find etc usr/bin usr/lib/engines usr/share/doc usr/ssl/certs \ |
| 116 | usr/ssl/misc usr/ssl/openssl.cnf usr/ssl/private -empty -o \! -type d | | 128 | usr/ssl/man/man[157] usr/ssl/misc usr/ssl/openssl.cnf usr/ssl/private \ |
| 129 | -empty -o \! -type d | | ||
| 117 | tar cjfT openssl-${VERSION}-${SUBVERSION}.tar.bz2 - | 130 | tar cjfT openssl-${VERSION}-${SUBVERSION}.tar.bz2 - |
| 118 | # Development package | 131 | # Development package |
| 119 | find usr/include usr/lib usr/ssl/man/man3 -empty -o \! -type d | | 132 | find usr/include usr/lib/*.a usr/lib/pkgconfig usr/ssl/man/man3 \ |
| 133 | -empty -o \! -type d | | ||
| 120 | tar cjfT openssl-devel-${VERSION}-${SUBVERSION}.tar.bz2 - | 134 | tar cjfT openssl-devel-${VERSION}-${SUBVERSION}.tar.bz2 - |
| 121 | 135 | ||
| 122 | ls -l openssl-${VERSION}-${SUBVERSION}.tar.bz2 | 136 | ls -l openssl-${VERSION}-${SUBVERSION}.tar.bz2 |
diff --git a/src/lib/libssl/src/util/domd b/src/lib/libssl/src/util/domd index 5610521f0b..691be7a440 100644 --- a/src/lib/libssl/src/util/domd +++ b/src/lib/libssl/src/util/domd | |||
| @@ -26,7 +26,7 @@ if [ "$MAKEDEPEND" = "gcc" ]; then | |||
| 26 | ${PERL} $TOP/util/clean-depend.pl < Makefile.tmp > Makefile.new | 26 | ${PERL} $TOP/util/clean-depend.pl < Makefile.tmp > Makefile.new |
| 27 | rm -f Makefile.tmp | 27 | rm -f Makefile.tmp |
| 28 | else | 28 | else |
| 29 | ${MAKEDEPEND} -D OPENSSL_DOING_MAKEDEPEND -f Makefile $@ | 29 | ${MAKEDEPEND} -D OPENSSL_DOING_MAKEDEPEND $@ |
| 30 | ${PERL} $TOP/util/clean-depend.pl < Makefile > Makefile.new | 30 | ${PERL} $TOP/util/clean-depend.pl < Makefile > Makefile.new |
| 31 | fi | 31 | fi |
| 32 | mv Makefile.new Makefile | 32 | mv Makefile.new Makefile |
diff --git a/src/lib/libssl/src/util/libeay.num b/src/lib/libssl/src/util/libeay.num index 4222bef6d6..2989500c4b 100644 --- a/src/lib/libssl/src/util/libeay.num +++ b/src/lib/libssl/src/util/libeay.num | |||
| @@ -123,10 +123,10 @@ BN_dup 128 EXIST::FUNCTION: | |||
| 123 | BN_free 129 EXIST::FUNCTION: | 123 | BN_free 129 EXIST::FUNCTION: |
| 124 | BN_from_montgomery 130 EXIST::FUNCTION: | 124 | BN_from_montgomery 130 EXIST::FUNCTION: |
| 125 | BN_gcd 131 EXIST::FUNCTION: | 125 | BN_gcd 131 EXIST::FUNCTION: |
| 126 | BN_generate_prime 132 EXIST::FUNCTION: | 126 | BN_generate_prime 132 EXIST::FUNCTION:DEPRECATED |
| 127 | BN_get_word 133 EXIST::FUNCTION: | 127 | BN_get_word 133 EXIST::FUNCTION: |
| 128 | BN_is_bit_set 134 EXIST::FUNCTION: | 128 | BN_is_bit_set 134 EXIST::FUNCTION: |
| 129 | BN_is_prime 135 EXIST::FUNCTION: | 129 | BN_is_prime 135 EXIST::FUNCTION:DEPRECATED |
| 130 | BN_lshift 136 EXIST::FUNCTION: | 130 | BN_lshift 136 EXIST::FUNCTION: |
| 131 | BN_lshift1 137 EXIST::FUNCTION: | 131 | BN_lshift1 137 EXIST::FUNCTION: |
| 132 | BN_mask_bits 138 EXIST::FUNCTION: | 132 | BN_mask_bits 138 EXIST::FUNCTION: |
| @@ -193,14 +193,14 @@ DH_check 200 EXIST::FUNCTION:DH | |||
| 193 | DH_compute_key 201 EXIST::FUNCTION:DH | 193 | DH_compute_key 201 EXIST::FUNCTION:DH |
| 194 | DH_free 202 EXIST::FUNCTION:DH | 194 | DH_free 202 EXIST::FUNCTION:DH |
| 195 | DH_generate_key 203 EXIST::FUNCTION:DH | 195 | DH_generate_key 203 EXIST::FUNCTION:DH |
| 196 | DH_generate_parameters 204 EXIST::FUNCTION:DH | 196 | DH_generate_parameters 204 EXIST::FUNCTION:DEPRECATED,DH |
| 197 | DH_new 205 EXIST::FUNCTION:DH | 197 | DH_new 205 EXIST::FUNCTION:DH |
| 198 | DH_size 206 EXIST::FUNCTION:DH | 198 | DH_size 206 EXIST::FUNCTION:DH |
| 199 | DHparams_print 207 EXIST::FUNCTION:BIO,DH | 199 | DHparams_print 207 EXIST::FUNCTION:BIO,DH |
| 200 | DHparams_print_fp 208 EXIST::FUNCTION:DH,FP_API | 200 | DHparams_print_fp 208 EXIST::FUNCTION:DH,FP_API |
| 201 | DSA_free 209 EXIST::FUNCTION:DSA | 201 | DSA_free 209 EXIST::FUNCTION:DSA |
| 202 | DSA_generate_key 210 EXIST::FUNCTION:DSA | 202 | DSA_generate_key 210 EXIST::FUNCTION:DSA |
| 203 | DSA_generate_parameters 211 EXIST::FUNCTION:DSA | 203 | DSA_generate_parameters 211 EXIST::FUNCTION:DEPRECATED,DSA |
| 204 | DSA_is_prime 212 NOEXIST::FUNCTION: | 204 | DSA_is_prime 212 NOEXIST::FUNCTION: |
| 205 | DSA_new 213 EXIST::FUNCTION:DSA | 205 | DSA_new 213 EXIST::FUNCTION:DSA |
| 206 | DSA_print 214 EXIST::FUNCTION:BIO,DSA | 206 | DSA_print 214 EXIST::FUNCTION:BIO,DSA |
| @@ -474,7 +474,7 @@ RSAPrivateKey_dup 481 EXIST::FUNCTION:RSA | |||
| 474 | RSAPublicKey_dup 482 EXIST::FUNCTION:RSA | 474 | RSAPublicKey_dup 482 EXIST::FUNCTION:RSA |
| 475 | RSA_PKCS1_SSLeay 483 EXIST::FUNCTION:RSA | 475 | RSA_PKCS1_SSLeay 483 EXIST::FUNCTION:RSA |
| 476 | RSA_free 484 EXIST::FUNCTION:RSA | 476 | RSA_free 484 EXIST::FUNCTION:RSA |
| 477 | RSA_generate_key 485 EXIST::FUNCTION:RSA | 477 | RSA_generate_key 485 EXIST::FUNCTION:DEPRECATED,RSA |
| 478 | RSA_new 486 EXIST::FUNCTION:RSA | 478 | RSA_new 486 EXIST::FUNCTION:RSA |
| 479 | RSA_new_method 487 EXIST::FUNCTION:RSA | 479 | RSA_new_method 487 EXIST::FUNCTION:RSA |
| 480 | RSA_print 488 EXIST::FUNCTION:BIO,RSA | 480 | RSA_print 488 EXIST::FUNCTION:BIO,RSA |
| @@ -802,7 +802,7 @@ DES_set_odd_parity 809 EXIST::FUNCTION:DES | |||
| 802 | DES_string_to_2keys 810 EXIST::FUNCTION:DES | 802 | DES_string_to_2keys 810 EXIST::FUNCTION:DES |
| 803 | DES_string_to_key 811 EXIST::FUNCTION:DES | 803 | DES_string_to_key 811 EXIST::FUNCTION:DES |
| 804 | DES_xcbc_encrypt 812 EXIST::FUNCTION:DES | 804 | DES_xcbc_encrypt 812 EXIST::FUNCTION:DES |
| 805 | DES_xwhite_in2out 813 EXIST::FUNCTION:DES | 805 | DES_xwhite_in2out 813 NOEXIST::FUNCTION: |
| 806 | fcrypt_body 814 NOEXIST::FUNCTION: | 806 | fcrypt_body 814 NOEXIST::FUNCTION: |
| 807 | i2a_ASN1_INTEGER 815 EXIST::FUNCTION:BIO | 807 | i2a_ASN1_INTEGER 815 EXIST::FUNCTION:BIO |
| 808 | i2a_ASN1_OBJECT 816 EXIST::FUNCTION:BIO | 808 | i2a_ASN1_OBJECT 816 EXIST::FUNCTION:BIO |
| @@ -1104,7 +1104,7 @@ BN_RECP_CTX_set 1131 EXIST::FUNCTION: | |||
| 1104 | BN_mod_mul_reciprocal 1132 EXIST::FUNCTION: | 1104 | BN_mod_mul_reciprocal 1132 EXIST::FUNCTION: |
| 1105 | BN_mod_exp_recp 1133 EXIST::FUNCTION: | 1105 | BN_mod_exp_recp 1133 EXIST::FUNCTION: |
| 1106 | BN_div_recp 1134 EXIST::FUNCTION: | 1106 | BN_div_recp 1134 EXIST::FUNCTION: |
| 1107 | BN_CTX_init 1135 EXIST::FUNCTION: | 1107 | BN_CTX_init 1135 EXIST::FUNCTION:DEPRECATED |
| 1108 | BN_MONT_CTX_init 1136 EXIST::FUNCTION: | 1108 | BN_MONT_CTX_init 1136 EXIST::FUNCTION: |
| 1109 | RAND_get_rand_method 1137 EXIST::FUNCTION: | 1109 | RAND_get_rand_method 1137 EXIST::FUNCTION: |
| 1110 | PKCS7_add_attribute 1138 EXIST::FUNCTION: | 1110 | PKCS7_add_attribute 1138 EXIST::FUNCTION: |
| @@ -1221,8 +1221,8 @@ BIO_f_reliable 1244 EXIST::FUNCTION:BIO | |||
| 1221 | PKCS7_dataFinal 1245 EXIST::FUNCTION: | 1221 | PKCS7_dataFinal 1245 EXIST::FUNCTION: |
| 1222 | PKCS7_dataDecode 1246 EXIST::FUNCTION: | 1222 | PKCS7_dataDecode 1246 EXIST::FUNCTION: |
| 1223 | X509V3_EXT_CRL_add_conf 1247 EXIST::FUNCTION: | 1223 | X509V3_EXT_CRL_add_conf 1247 EXIST::FUNCTION: |
| 1224 | BN_set_params 1248 EXIST::FUNCTION: | 1224 | BN_set_params 1248 EXIST::FUNCTION:DEPRECATED |
| 1225 | BN_get_params 1249 EXIST::FUNCTION: | 1225 | BN_get_params 1249 EXIST::FUNCTION:DEPRECATED |
| 1226 | BIO_get_ex_num 1250 NOEXIST::FUNCTION: | 1226 | BIO_get_ex_num 1250 NOEXIST::FUNCTION: |
| 1227 | BIO_set_ex_free_func 1251 NOEXIST::FUNCTION: | 1227 | BIO_set_ex_free_func 1251 NOEXIST::FUNCTION: |
| 1228 | EVP_ripemd160 1252 EXIST::FUNCTION:RIPEMD | 1228 | EVP_ripemd160 1252 EXIST::FUNCTION:RIPEMD |
| @@ -1744,7 +1744,7 @@ X509_REQ_add1_attr_by_txt 2217 EXIST::FUNCTION: | |||
| 1744 | X509_ATTRIBUTE_create_by_txt 2218 EXIST::FUNCTION: | 1744 | X509_ATTRIBUTE_create_by_txt 2218 EXIST::FUNCTION: |
| 1745 | X509at_add1_attr_by_txt 2219 EXIST::FUNCTION: | 1745 | X509at_add1_attr_by_txt 2219 EXIST::FUNCTION: |
| 1746 | BN_pseudo_rand 2239 EXIST::FUNCTION: | 1746 | BN_pseudo_rand 2239 EXIST::FUNCTION: |
| 1747 | BN_is_prime_fasttest 2240 EXIST::FUNCTION: | 1747 | BN_is_prime_fasttest 2240 EXIST::FUNCTION:DEPRECATED |
| 1748 | BN_CTX_end 2241 EXIST::FUNCTION: | 1748 | BN_CTX_end 2241 EXIST::FUNCTION: |
| 1749 | BN_CTX_start 2242 EXIST::FUNCTION: | 1749 | BN_CTX_start 2242 EXIST::FUNCTION: |
| 1750 | BN_CTX_get 2243 EXIST::FUNCTION: | 1750 | BN_CTX_get 2243 EXIST::FUNCTION: |
| @@ -2071,7 +2071,7 @@ PKCS7_ATTR_SIGN_it 2632 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTI | |||
| 2071 | UI_add_error_string 2633 EXIST::FUNCTION: | 2071 | UI_add_error_string 2633 EXIST::FUNCTION: |
| 2072 | KRB5_CHECKSUM_free 2634 EXIST::FUNCTION: | 2072 | KRB5_CHECKSUM_free 2634 EXIST::FUNCTION: |
| 2073 | OCSP_REQUEST_get_ext 2635 EXIST::FUNCTION: | 2073 | OCSP_REQUEST_get_ext 2635 EXIST::FUNCTION: |
| 2074 | ENGINE_load_ubsec 2636 EXIST::FUNCTION:ENGINE | 2074 | ENGINE_load_ubsec 2636 EXIST::FUNCTION:ENGINE,STATIC_ENGINE |
| 2075 | ENGINE_register_all_digests 2637 EXIST::FUNCTION:ENGINE | 2075 | ENGINE_register_all_digests 2637 EXIST::FUNCTION:ENGINE |
| 2076 | PKEY_USAGE_PERIOD_it 2638 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: | 2076 | PKEY_USAGE_PERIOD_it 2638 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: |
| 2077 | PKEY_USAGE_PERIOD_it 2638 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: | 2077 | PKEY_USAGE_PERIOD_it 2638 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: |
| @@ -2089,7 +2089,7 @@ OCSP_BASICRESP_get_ext_by_crit 2646 EXIST:VMS:FUNCTION: | |||
| 2089 | OCSP_cert_status_str 2647 EXIST::FUNCTION: | 2089 | OCSP_cert_status_str 2647 EXIST::FUNCTION: |
| 2090 | d2i_OCSP_REQUEST 2648 EXIST::FUNCTION: | 2090 | d2i_OCSP_REQUEST 2648 EXIST::FUNCTION: |
| 2091 | UI_dup_info_string 2649 EXIST::FUNCTION: | 2091 | UI_dup_info_string 2649 EXIST::FUNCTION: |
| 2092 | _ossl_old_des_xwhite_in2out 2650 EXIST::FUNCTION:DES | 2092 | _ossl_old_des_xwhite_in2out 2650 NOEXIST::FUNCTION: |
| 2093 | PKCS12_it 2651 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: | 2093 | PKCS12_it 2651 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: |
| 2094 | PKCS12_it 2651 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: | 2094 | PKCS12_it 2651 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: |
| 2095 | OCSP_SINGLERESP_get_ext_by_critical 2652 EXIST:!VMS:FUNCTION: | 2095 | OCSP_SINGLERESP_get_ext_by_critical 2652 EXIST:!VMS:FUNCTION: |
| @@ -2419,7 +2419,7 @@ UI_get_string_type 2916 EXIST::FUNCTION: | |||
| 2419 | ENGINE_unregister_DH 2917 EXIST::FUNCTION:ENGINE | 2419 | ENGINE_unregister_DH 2917 EXIST::FUNCTION:ENGINE |
| 2420 | ENGINE_register_all_DSA 2918 EXIST::FUNCTION:ENGINE | 2420 | ENGINE_register_all_DSA 2918 EXIST::FUNCTION:ENGINE |
| 2421 | OCSP_ONEREQ_get_ext_by_critical 2919 EXIST::FUNCTION: | 2421 | OCSP_ONEREQ_get_ext_by_critical 2919 EXIST::FUNCTION: |
| 2422 | bn_dup_expand 2920 EXIST::FUNCTION: | 2422 | bn_dup_expand 2920 EXIST::FUNCTION:DEPRECATED |
| 2423 | OCSP_cert_id_new 2921 EXIST::FUNCTION: | 2423 | OCSP_cert_id_new 2921 EXIST::FUNCTION: |
| 2424 | BASIC_CONSTRAINTS_it 2922 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: | 2424 | BASIC_CONSTRAINTS_it 2922 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: |
| 2425 | BASIC_CONSTRAINTS_it 2922 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: | 2425 | BASIC_CONSTRAINTS_it 2922 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: |
| @@ -2545,7 +2545,7 @@ OCSP_RESPONSE_new 3023 EXIST::FUNCTION: | |||
| 2545 | AES_set_encrypt_key 3024 EXIST::FUNCTION:AES | 2545 | AES_set_encrypt_key 3024 EXIST::FUNCTION:AES |
| 2546 | OCSP_resp_count 3025 EXIST::FUNCTION: | 2546 | OCSP_resp_count 3025 EXIST::FUNCTION: |
| 2547 | KRB5_CHECKSUM_new 3026 EXIST::FUNCTION: | 2547 | KRB5_CHECKSUM_new 3026 EXIST::FUNCTION: |
| 2548 | ENGINE_load_cswift 3027 EXIST::FUNCTION:ENGINE | 2548 | ENGINE_load_cswift 3027 EXIST::FUNCTION:ENGINE,STATIC_ENGINE |
| 2549 | OCSP_onereq_get0_id 3028 EXIST::FUNCTION: | 2549 | OCSP_onereq_get0_id 3028 EXIST::FUNCTION: |
| 2550 | ENGINE_set_default_ciphers 3029 EXIST::FUNCTION:ENGINE | 2550 | ENGINE_set_default_ciphers 3029 EXIST::FUNCTION:ENGINE |
| 2551 | NOTICEREF_it 3030 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: | 2551 | NOTICEREF_it 3030 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: |
| @@ -2576,7 +2576,7 @@ ASN1_primitive_free 3051 EXIST::FUNCTION: | |||
| 2576 | i2d_EXTENDED_KEY_USAGE 3052 EXIST::FUNCTION: | 2576 | i2d_EXTENDED_KEY_USAGE 3052 EXIST::FUNCTION: |
| 2577 | i2d_OCSP_SIGNATURE 3053 EXIST::FUNCTION: | 2577 | i2d_OCSP_SIGNATURE 3053 EXIST::FUNCTION: |
| 2578 | asn1_enc_save 3054 EXIST::FUNCTION: | 2578 | asn1_enc_save 3054 EXIST::FUNCTION: |
| 2579 | ENGINE_load_nuron 3055 EXIST::FUNCTION:ENGINE | 2579 | ENGINE_load_nuron 3055 EXIST::FUNCTION:ENGINE,STATIC_ENGINE |
| 2580 | _ossl_old_des_pcbc_encrypt 3056 EXIST::FUNCTION:DES | 2580 | _ossl_old_des_pcbc_encrypt 3056 EXIST::FUNCTION:DES |
| 2581 | PKCS12_MAC_DATA_it 3057 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: | 2581 | PKCS12_MAC_DATA_it 3057 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: |
| 2582 | PKCS12_MAC_DATA_it 3057 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: | 2582 | PKCS12_MAC_DATA_it 3057 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: |
| @@ -2600,7 +2600,7 @@ asn1_get_choice_selector 3071 EXIST::FUNCTION: | |||
| 2600 | i2d_KRB5_CHECKSUM 3072 EXIST::FUNCTION: | 2600 | i2d_KRB5_CHECKSUM 3072 EXIST::FUNCTION: |
| 2601 | ENGINE_set_table_flags 3073 EXIST::FUNCTION:ENGINE | 2601 | ENGINE_set_table_flags 3073 EXIST::FUNCTION:ENGINE |
| 2602 | AES_options 3074 EXIST::FUNCTION:AES | 2602 | AES_options 3074 EXIST::FUNCTION:AES |
| 2603 | ENGINE_load_chil 3075 EXIST::FUNCTION:ENGINE | 2603 | ENGINE_load_chil 3075 EXIST::FUNCTION:ENGINE,STATIC_ENGINE |
| 2604 | OCSP_id_cmp 3076 EXIST::FUNCTION: | 2604 | OCSP_id_cmp 3076 EXIST::FUNCTION: |
| 2605 | OCSP_BASICRESP_new 3077 EXIST::FUNCTION: | 2605 | OCSP_BASICRESP_new 3077 EXIST::FUNCTION: |
| 2606 | OCSP_REQUEST_get_ext_by_NID 3078 EXIST::FUNCTION: | 2606 | OCSP_REQUEST_get_ext_by_NID 3078 EXIST::FUNCTION: |
| @@ -2667,7 +2667,7 @@ OCSP_CRLID_it 3127 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIA | |||
| 2667 | OCSP_CRLID_it 3127 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: | 2667 | OCSP_CRLID_it 3127 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: |
| 2668 | i2d_KRB5_AUTHENTBODY 3128 EXIST::FUNCTION: | 2668 | i2d_KRB5_AUTHENTBODY 3128 EXIST::FUNCTION: |
| 2669 | OCSP_REQUEST_get_ext_count 3129 EXIST::FUNCTION: | 2669 | OCSP_REQUEST_get_ext_count 3129 EXIST::FUNCTION: |
| 2670 | ENGINE_load_atalla 3130 EXIST::FUNCTION:ENGINE | 2670 | ENGINE_load_atalla 3130 EXIST::FUNCTION:ENGINE,STATIC_ENGINE |
| 2671 | X509_NAME_it 3131 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: | 2671 | X509_NAME_it 3131 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: |
| 2672 | X509_NAME_it 3131 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: | 2672 | X509_NAME_it 3131 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: |
| 2673 | USERNOTICE_it 3132 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: | 2673 | USERNOTICE_it 3132 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: |
| @@ -2762,8 +2762,8 @@ DES_read_2passwords 3206 EXIST::FUNCTION:DES | |||
| 2762 | DES_read_password 3207 EXIST::FUNCTION:DES | 2762 | DES_read_password 3207 EXIST::FUNCTION:DES |
| 2763 | UI_UTIL_read_pw 3208 EXIST::FUNCTION: | 2763 | UI_UTIL_read_pw 3208 EXIST::FUNCTION: |
| 2764 | UI_UTIL_read_pw_string 3209 EXIST::FUNCTION: | 2764 | UI_UTIL_read_pw_string 3209 EXIST::FUNCTION: |
| 2765 | ENGINE_load_aep 3210 EXIST::FUNCTION:ENGINE | 2765 | ENGINE_load_aep 3210 EXIST::FUNCTION:ENGINE,STATIC_ENGINE |
| 2766 | ENGINE_load_sureware 3211 EXIST::FUNCTION:ENGINE | 2766 | ENGINE_load_sureware 3211 EXIST::FUNCTION:ENGINE,STATIC_ENGINE |
| 2767 | OPENSSL_add_all_algorithms_noconf 3212 EXIST:!VMS:FUNCTION: | 2767 | OPENSSL_add_all_algorithms_noconf 3212 EXIST:!VMS:FUNCTION: |
| 2768 | OPENSSL_add_all_algo_noconf 3212 EXIST:VMS:FUNCTION: | 2768 | OPENSSL_add_all_algo_noconf 3212 EXIST:VMS:FUNCTION: |
| 2769 | OPENSSL_add_all_algorithms_conf 3213 EXIST:!VMS:FUNCTION: | 2769 | OPENSSL_add_all_algorithms_conf 3213 EXIST:!VMS:FUNCTION: |
| @@ -2772,7 +2772,7 @@ OPENSSL_load_builtin_modules 3214 EXIST::FUNCTION: | |||
| 2772 | AES_ofb128_encrypt 3215 EXIST::FUNCTION:AES | 2772 | AES_ofb128_encrypt 3215 EXIST::FUNCTION:AES |
| 2773 | AES_ctr128_encrypt 3216 EXIST::FUNCTION:AES | 2773 | AES_ctr128_encrypt 3216 EXIST::FUNCTION:AES |
| 2774 | AES_cfb128_encrypt 3217 EXIST::FUNCTION:AES | 2774 | AES_cfb128_encrypt 3217 EXIST::FUNCTION:AES |
| 2775 | ENGINE_load_4758cca 3218 EXIST::FUNCTION:ENGINE | 2775 | ENGINE_load_4758cca 3218 EXIST::FUNCTION:ENGINE,STATIC_ENGINE |
| 2776 | _ossl_096_des_random_seed 3219 EXIST::FUNCTION:DES | 2776 | _ossl_096_des_random_seed 3219 EXIST::FUNCTION:DES |
| 2777 | EVP_aes_256_ofb 3220 EXIST::FUNCTION:AES | 2777 | EVP_aes_256_ofb 3220 EXIST::FUNCTION:AES |
| 2778 | EVP_aes_192_ofb 3221 EXIST::FUNCTION:AES | 2778 | EVP_aes_192_ofb 3221 EXIST::FUNCTION:AES |
| @@ -2804,57 +2804,57 @@ OPENSSL_cleanse 3245 EXIST::FUNCTION: | |||
| 2804 | ENGINE_setup_bsd_cryptodev 3246 EXIST:__FreeBSD__:FUNCTION:ENGINE | 2804 | ENGINE_setup_bsd_cryptodev 3246 EXIST:__FreeBSD__:FUNCTION:ENGINE |
| 2805 | ERR_release_err_state_table 3247 EXIST::FUNCTION:LHASH | 2805 | ERR_release_err_state_table 3247 EXIST::FUNCTION:LHASH |
| 2806 | EVP_aes_128_cfb8 3248 EXIST::FUNCTION:AES | 2806 | EVP_aes_128_cfb8 3248 EXIST::FUNCTION:AES |
| 2807 | FIPS_corrupt_rsa 3249 EXIST:OPENSSL_FIPS:FUNCTION: | 2807 | FIPS_corrupt_rsa 3249 NOEXIST::FUNCTION: |
| 2808 | FIPS_selftest_des 3250 EXIST:OPENSSL_FIPS:FUNCTION: | 2808 | FIPS_selftest_des 3250 NOEXIST::FUNCTION: |
| 2809 | EVP_aes_128_cfb1 3251 EXIST::FUNCTION:AES | 2809 | EVP_aes_128_cfb1 3251 EXIST::FUNCTION:AES |
| 2810 | EVP_aes_192_cfb8 3252 EXIST::FUNCTION:AES | 2810 | EVP_aes_192_cfb8 3252 EXIST::FUNCTION:AES |
| 2811 | FIPS_mode_set 3253 EXIST:OPENSSL_FIPS:FUNCTION: | 2811 | FIPS_mode_set 3253 NOEXIST::FUNCTION: |
| 2812 | FIPS_selftest_dsa 3254 EXIST:OPENSSL_FIPS:FUNCTION: | 2812 | FIPS_selftest_dsa 3254 NOEXIST::FUNCTION: |
| 2813 | EVP_aes_256_cfb8 3255 EXIST::FUNCTION:AES | 2813 | EVP_aes_256_cfb8 3255 EXIST::FUNCTION:AES |
| 2814 | FIPS_allow_md5 3256 NOEXIST::FUNCTION: | 2814 | FIPS_allow_md5 3256 NOEXIST::FUNCTION: |
| 2815 | DES_ede3_cfb_encrypt 3257 EXIST::FUNCTION:DES | 2815 | DES_ede3_cfb_encrypt 3257 EXIST::FUNCTION:DES |
| 2816 | EVP_des_ede3_cfb8 3258 EXIST::FUNCTION:DES | 2816 | EVP_des_ede3_cfb8 3258 EXIST::FUNCTION:DES |
| 2817 | FIPS_rand_seeded 3259 EXIST:OPENSSL_FIPS:FUNCTION: | 2817 | FIPS_rand_seeded 3259 NOEXIST::FUNCTION: |
| 2818 | AES_cfbr_encrypt_block 3260 EXIST::FUNCTION:AES | 2818 | AES_cfbr_encrypt_block 3260 EXIST::FUNCTION:AES |
| 2819 | AES_cfb8_encrypt 3261 EXIST::FUNCTION:AES | 2819 | AES_cfb8_encrypt 3261 EXIST::FUNCTION:AES |
| 2820 | FIPS_rand_seed 3262 EXIST:OPENSSL_FIPS:FUNCTION: | 2820 | FIPS_rand_seed 3262 NOEXIST::FUNCTION: |
| 2821 | FIPS_corrupt_des 3263 EXIST:OPENSSL_FIPS:FUNCTION: | 2821 | FIPS_corrupt_des 3263 NOEXIST::FUNCTION: |
| 2822 | EVP_aes_192_cfb1 3264 EXIST::FUNCTION:AES | 2822 | EVP_aes_192_cfb1 3264 EXIST::FUNCTION:AES |
| 2823 | FIPS_selftest_aes 3265 EXIST:OPENSSL_FIPS:FUNCTION: | 2823 | FIPS_selftest_aes 3265 NOEXIST::FUNCTION: |
| 2824 | FIPS_set_prng_key 3266 EXIST:OPENSSL_FIPS:FUNCTION: | 2824 | FIPS_set_prng_key 3266 NOEXIST::FUNCTION: |
| 2825 | EVP_des_cfb8 3267 EXIST::FUNCTION:DES | 2825 | EVP_des_cfb8 3267 EXIST::FUNCTION:DES |
| 2826 | FIPS_corrupt_dsa 3268 EXIST:OPENSSL_FIPS:FUNCTION: | 2826 | FIPS_corrupt_dsa 3268 NOEXIST::FUNCTION: |
| 2827 | FIPS_test_mode 3269 EXIST:OPENSSL_FIPS:FUNCTION: | 2827 | FIPS_test_mode 3269 NOEXIST::FUNCTION: |
| 2828 | FIPS_rand_method 3270 EXIST:OPENSSL_FIPS:FUNCTION: | 2828 | FIPS_rand_method 3270 NOEXIST::FUNCTION: |
| 2829 | EVP_aes_256_cfb1 3271 EXIST::FUNCTION:AES | 2829 | EVP_aes_256_cfb1 3271 EXIST::FUNCTION:AES |
| 2830 | ERR_load_FIPS_strings 3272 EXIST:OPENSSL_FIPS:FUNCTION: | 2830 | ERR_load_FIPS_strings 3272 NOEXIST::FUNCTION: |
| 2831 | FIPS_corrupt_aes 3273 EXIST:OPENSSL_FIPS:FUNCTION: | 2831 | FIPS_corrupt_aes 3273 NOEXIST::FUNCTION: |
| 2832 | FIPS_selftest_sha1 3274 EXIST:OPENSSL_FIPS:FUNCTION: | 2832 | FIPS_selftest_sha1 3274 NOEXIST::FUNCTION: |
| 2833 | FIPS_selftest_rsa 3275 EXIST:OPENSSL_FIPS:FUNCTION: | 2833 | FIPS_selftest_rsa 3275 NOEXIST::FUNCTION: |
| 2834 | FIPS_corrupt_sha1 3276 EXIST:OPENSSL_FIPS:FUNCTION: | 2834 | FIPS_corrupt_sha1 3276 NOEXIST::FUNCTION: |
| 2835 | EVP_des_cfb1 3277 EXIST::FUNCTION:DES | 2835 | EVP_des_cfb1 3277 EXIST::FUNCTION:DES |
| 2836 | FIPS_dsa_check 3278 EXIST:OPENSSL_FIPS:FUNCTION: | 2836 | FIPS_dsa_check 3278 NOEXIST::FUNCTION: |
| 2837 | AES_cfb1_encrypt 3279 EXIST::FUNCTION:AES | 2837 | AES_cfb1_encrypt 3279 EXIST::FUNCTION:AES |
| 2838 | EVP_des_ede3_cfb1 3280 EXIST::FUNCTION:DES | 2838 | EVP_des_ede3_cfb1 3280 EXIST::FUNCTION:DES |
| 2839 | FIPS_rand_check 3281 EXIST:OPENSSL_FIPS:FUNCTION: | 2839 | FIPS_rand_check 3281 NOEXIST::FUNCTION: |
| 2840 | FIPS_md5_allowed 3282 NOEXIST::FUNCTION: | 2840 | FIPS_md5_allowed 3282 NOEXIST::FUNCTION: |
| 2841 | FIPS_mode 3283 EXIST:OPENSSL_FIPS:FUNCTION: | 2841 | FIPS_mode 3283 NOEXIST::FUNCTION: |
| 2842 | FIPS_selftest_failed 3284 EXIST:OPENSSL_FIPS:FUNCTION: | 2842 | FIPS_selftest_failed 3284 NOEXIST::FUNCTION: |
| 2843 | sk_is_sorted 3285 EXIST::FUNCTION: | 2843 | sk_is_sorted 3285 EXIST::FUNCTION: |
| 2844 | X509_check_ca 3286 EXIST::FUNCTION: | 2844 | X509_check_ca 3286 EXIST::FUNCTION: |
| 2845 | private_idea_set_encrypt_key 3287 EXIST:OPENSSL_FIPS:FUNCTION:IDEA | 2845 | private_idea_set_encrypt_key 3287 NOEXIST::FUNCTION: |
| 2846 | HMAC_CTX_set_flags 3288 EXIST::FUNCTION:HMAC | 2846 | HMAC_CTX_set_flags 3288 NOEXIST::FUNCTION: |
| 2847 | private_SHA_Init 3289 EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA0 | 2847 | private_SHA_Init 3289 NOEXIST::FUNCTION: |
| 2848 | private_CAST_set_key 3290 EXIST:OPENSSL_FIPS:FUNCTION:CAST | 2848 | private_CAST_set_key 3290 NOEXIST::FUNCTION: |
| 2849 | private_RIPEMD160_Init 3291 EXIST:OPENSSL_FIPS:FUNCTION:RIPEMD | 2849 | private_RIPEMD160_Init 3291 NOEXIST::FUNCTION: |
| 2850 | private_RC5_32_set_key 3292 EXIST:OPENSSL_FIPS:FUNCTION:RC5 | 2850 | private_RC5_32_set_key 3292 NOEXIST::FUNCTION: |
| 2851 | private_MD5_Init 3293 EXIST:OPENSSL_FIPS:FUNCTION:MD5 | 2851 | private_MD5_Init 3293 NOEXIST::FUNCTION: |
| 2852 | private_RC4_set_key 3294 EXIST:OPENSSL_FIPS:FUNCTION:RC4 | 2852 | private_RC4_set_key 3294 NOEXIST::FUNCTION: |
| 2853 | private_MDC2_Init 3295 EXIST:OPENSSL_FIPS:FUNCTION:MDC2 | 2853 | private_MDC2_Init 3295 NOEXIST::FUNCTION: |
| 2854 | private_RC2_set_key 3296 EXIST:OPENSSL_FIPS:FUNCTION:RC2 | 2854 | private_RC2_set_key 3296 NOEXIST::FUNCTION: |
| 2855 | private_MD4_Init 3297 EXIST:OPENSSL_FIPS:FUNCTION:MD4 | 2855 | private_MD4_Init 3297 NOEXIST::FUNCTION: |
| 2856 | private_BF_set_key 3298 EXIST:OPENSSL_FIPS:FUNCTION:BF | 2856 | private_BF_set_key 3298 NOEXIST::FUNCTION: |
| 2857 | private_MD2_Init 3299 EXIST:OPENSSL_FIPS:FUNCTION:MD2 | 2857 | private_MD2_Init 3299 NOEXIST::FUNCTION: |
| 2858 | d2i_PROXY_CERT_INFO_EXTENSION 3300 EXIST::FUNCTION: | 2858 | d2i_PROXY_CERT_INFO_EXTENSION 3300 EXIST::FUNCTION: |
| 2859 | PROXY_POLICY_it 3301 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: | 2859 | PROXY_POLICY_it 3301 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: |
| 2860 | PROXY_POLICY_it 3301 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: | 2860 | PROXY_POLICY_it 3301 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: |
| @@ -2868,13 +2868,13 @@ PROXY_CERT_INFO_EXTENSION_it 3307 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTI | |||
| 2868 | PROXY_POLICY_free 3308 EXIST::FUNCTION: | 2868 | PROXY_POLICY_free 3308 EXIST::FUNCTION: |
| 2869 | PROXY_POLICY_new 3309 EXIST::FUNCTION: | 2869 | PROXY_POLICY_new 3309 EXIST::FUNCTION: |
| 2870 | BN_MONT_CTX_set_locked 3310 EXIST::FUNCTION: | 2870 | BN_MONT_CTX_set_locked 3310 EXIST::FUNCTION: |
| 2871 | FIPS_selftest_rng 3311 EXIST:OPENSSL_FIPS:FUNCTION: | 2871 | FIPS_selftest_rng 3311 NOEXIST::FUNCTION: |
| 2872 | EVP_sha384 3312 EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA512 | 2872 | EVP_sha384 3312 EXIST::FUNCTION:SHA,SHA512 |
| 2873 | EVP_sha512 3313 EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA512 | 2873 | EVP_sha512 3313 EXIST::FUNCTION:SHA,SHA512 |
| 2874 | EVP_sha224 3314 EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA256 | 2874 | EVP_sha224 3314 EXIST::FUNCTION:SHA,SHA256 |
| 2875 | EVP_sha256 3315 EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA256 | 2875 | EVP_sha256 3315 EXIST::FUNCTION:SHA,SHA256 |
| 2876 | FIPS_selftest_hmac 3316 EXIST:OPENSSL_FIPS:FUNCTION: | 2876 | FIPS_selftest_hmac 3316 NOEXIST::FUNCTION: |
| 2877 | FIPS_corrupt_rng 3317 EXIST:OPENSSL_FIPS:FUNCTION: | 2877 | FIPS_corrupt_rng 3317 NOEXIST::FUNCTION: |
| 2878 | BN_mod_exp_mont_consttime 3318 EXIST::FUNCTION: | 2878 | BN_mod_exp_mont_consttime 3318 EXIST::FUNCTION: |
| 2879 | RSA_X931_hash_id 3319 EXIST::FUNCTION:RSA | 2879 | RSA_X931_hash_id 3319 EXIST::FUNCTION:RSA |
| 2880 | RSA_padding_check_X931 3320 EXIST::FUNCTION:RSA | 2880 | RSA_padding_check_X931 3320 EXIST::FUNCTION:RSA |
| @@ -2882,26 +2882,773 @@ RSA_verify_PKCS1_PSS 3321 EXIST::FUNCTION:RSA | |||
| 2882 | RSA_padding_add_X931 3322 EXIST::FUNCTION:RSA | 2882 | RSA_padding_add_X931 3322 EXIST::FUNCTION:RSA |
| 2883 | RSA_padding_add_PKCS1_PSS 3323 EXIST::FUNCTION:RSA | 2883 | RSA_padding_add_PKCS1_PSS 3323 EXIST::FUNCTION:RSA |
| 2884 | PKCS1_MGF1 3324 EXIST::FUNCTION:RSA | 2884 | PKCS1_MGF1 3324 EXIST::FUNCTION:RSA |
| 2885 | BN_X931_generate_Xpq 3325 EXIST:OPENSSL_FIPS:FUNCTION: | 2885 | BN_X931_generate_Xpq 3325 NOEXIST::FUNCTION: |
| 2886 | RSA_X931_generate_key 3326 EXIST:OPENSSL_FIPS:FUNCTION:RSA | 2886 | RSA_X931_generate_key 3326 NOEXIST::FUNCTION: |
| 2887 | BN_X931_derive_prime 3327 EXIST:OPENSSL_FIPS:FUNCTION: | 2887 | BN_X931_derive_prime 3327 NOEXIST::FUNCTION: |
| 2888 | BN_X931_generate_prime 3328 EXIST:OPENSSL_FIPS:FUNCTION: | 2888 | BN_X931_generate_prime 3328 NOEXIST::FUNCTION: |
| 2889 | RSA_X931_derive 3329 EXIST:OPENSSL_FIPS:FUNCTION:RSA | 2889 | RSA_X931_derive 3329 NOEXIST::FUNCTION: |
| 2890 | SHA512_Update 3356 EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA512 | 2890 | BIO_new_dgram 3330 EXIST::FUNCTION: |
| 2891 | SHA256_Init 3479 EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA256 | 2891 | BN_get0_nist_prime_384 3331 EXIST::FUNCTION: |
| 2892 | SHA224 3510 EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA256 | 2892 | ERR_set_mark 3332 EXIST::FUNCTION: |
| 2893 | SHA384_Update 3551 EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA512 | 2893 | X509_STORE_CTX_set0_crls 3333 EXIST::FUNCTION: |
| 2894 | SHA224_Final 3560 EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA256 | 2894 | ENGINE_set_STORE 3334 EXIST::FUNCTION:ENGINE |
| 2895 | SHA224_Update 3562 EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA256 | 2895 | ENGINE_register_ECDSA 3335 EXIST::FUNCTION:ENGINE |
| 2896 | SHA512_Final 3581 EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA512 | 2896 | STORE_method_set_list_start_function 3336 EXIST:!VMS:FUNCTION: |
| 2897 | SHA224_Init 3631 EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA256 | 2897 | STORE_meth_set_list_start_fn 3336 EXIST:VMS:FUNCTION: |
| 2898 | SHA512_Init 3633 EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA512 | 2898 | BN_BLINDING_invert_ex 3337 EXIST::FUNCTION: |
| 2899 | SHA256 3654 EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA256 | 2899 | NAME_CONSTRAINTS_free 3338 EXIST::FUNCTION: |
| 2900 | SHA256_Transform 3664 EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA256 | 2900 | STORE_ATTR_INFO_set_number 3339 EXIST::FUNCTION: |
| 2901 | SHA512 3669 EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA512 | 2901 | BN_BLINDING_get_thread_id 3340 EXIST::FUNCTION: |
| 2902 | SHA512_Transform 3675 EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA512 | 2902 | X509_STORE_CTX_set0_param 3341 EXIST::FUNCTION: |
| 2903 | SHA256_Final 3712 EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA256 | 2903 | POLICY_MAPPING_it 3342 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: |
| 2904 | SHA384_Init 3737 EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA512 | 2904 | POLICY_MAPPING_it 3342 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: |
| 2905 | SHA384_Final 3740 EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA512 | 2905 | STORE_parse_attrs_start 3343 EXIST::FUNCTION: |
| 2906 | SHA384 3745 EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA512 | 2906 | POLICY_CONSTRAINTS_free 3344 EXIST::FUNCTION: |
| 2907 | SHA256_Update 3765 EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA256 | 2907 | EVP_PKEY_add1_attr_by_NID 3345 EXIST::FUNCTION: |
| 2908 | BN_nist_mod_192 3346 EXIST::FUNCTION: | ||
| 2909 | EC_GROUP_get_trinomial_basis 3347 EXIST::FUNCTION:EC | ||
| 2910 | STORE_set_method 3348 EXIST::FUNCTION: | ||
| 2911 | GENERAL_SUBTREE_free 3349 EXIST::FUNCTION: | ||
| 2912 | NAME_CONSTRAINTS_it 3350 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: | ||
| 2913 | NAME_CONSTRAINTS_it 3350 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: | ||
| 2914 | ECDH_get_default_method 3351 EXIST::FUNCTION:ECDH | ||
| 2915 | PKCS12_add_safe 3352 EXIST::FUNCTION: | ||
| 2916 | EC_KEY_new_by_curve_name 3353 EXIST::FUNCTION:EC | ||
| 2917 | STORE_method_get_update_store_function 3354 EXIST:!VMS:FUNCTION: | ||
| 2918 | STORE_meth_get_update_store_fn 3354 EXIST:VMS:FUNCTION: | ||
| 2919 | ENGINE_register_ECDH 3355 EXIST::FUNCTION:ENGINE | ||
| 2920 | SHA512_Update 3356 EXIST::FUNCTION:SHA,SHA512 | ||
| 2921 | i2d_ECPrivateKey 3357 EXIST::FUNCTION:EC | ||
| 2922 | BN_get0_nist_prime_192 3358 EXIST::FUNCTION: | ||
| 2923 | STORE_modify_certificate 3359 EXIST::FUNCTION: | ||
| 2924 | EC_POINT_set_affine_coordinates_GF2m 3360 EXIST:!VMS:FUNCTION:EC | ||
| 2925 | EC_POINT_set_affine_coords_GF2m 3360 EXIST:VMS:FUNCTION:EC | ||
| 2926 | BN_GF2m_mod_exp_arr 3361 EXIST::FUNCTION: | ||
| 2927 | STORE_ATTR_INFO_modify_number 3362 EXIST::FUNCTION: | ||
| 2928 | X509_keyid_get0 3363 EXIST::FUNCTION: | ||
| 2929 | ENGINE_load_gmp 3364 EXIST::FUNCTION:ENGINE,GMP,STATIC_ENGINE | ||
| 2930 | pitem_new 3365 EXIST::FUNCTION: | ||
| 2931 | BN_GF2m_mod_mul_arr 3366 EXIST::FUNCTION: | ||
| 2932 | STORE_list_public_key_endp 3367 EXIST::FUNCTION: | ||
| 2933 | o2i_ECPublicKey 3368 EXIST::FUNCTION:EC | ||
| 2934 | EC_KEY_copy 3369 EXIST::FUNCTION:EC | ||
| 2935 | BIO_dump_fp 3370 EXIST::FUNCTION:FP_API | ||
| 2936 | X509_policy_node_get0_parent 3371 EXIST::FUNCTION: | ||
| 2937 | EC_GROUP_check_discriminant 3372 EXIST::FUNCTION:EC | ||
| 2938 | i2o_ECPublicKey 3373 EXIST::FUNCTION:EC | ||
| 2939 | EC_KEY_precompute_mult 3374 EXIST::FUNCTION:EC | ||
| 2940 | a2i_IPADDRESS 3375 EXIST::FUNCTION: | ||
| 2941 | STORE_method_set_initialise_function 3376 EXIST:!VMS:FUNCTION: | ||
| 2942 | STORE_meth_set_initialise_fn 3376 EXIST:VMS:FUNCTION: | ||
| 2943 | X509_STORE_CTX_set_depth 3377 EXIST::FUNCTION: | ||
| 2944 | X509_VERIFY_PARAM_inherit 3378 EXIST::FUNCTION: | ||
| 2945 | EC_POINT_point2bn 3379 EXIST::FUNCTION:EC | ||
| 2946 | STORE_ATTR_INFO_set_dn 3380 EXIST::FUNCTION: | ||
| 2947 | X509_policy_tree_get0_policies 3381 EXIST::FUNCTION: | ||
| 2948 | EC_GROUP_new_curve_GF2m 3382 EXIST::FUNCTION:EC | ||
| 2949 | STORE_destroy_method 3383 EXIST::FUNCTION: | ||
| 2950 | ENGINE_unregister_STORE 3384 EXIST::FUNCTION:ENGINE | ||
| 2951 | EVP_PKEY_get1_EC_KEY 3385 EXIST::FUNCTION:EC | ||
| 2952 | STORE_ATTR_INFO_get0_number 3386 EXIST::FUNCTION: | ||
| 2953 | ENGINE_get_default_ECDH 3387 EXIST::FUNCTION:ENGINE | ||
| 2954 | EC_KEY_get_conv_form 3388 EXIST::FUNCTION:EC | ||
| 2955 | ASN1_OCTET_STRING_NDEF_it 3389 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: | ||
| 2956 | ASN1_OCTET_STRING_NDEF_it 3389 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: | ||
| 2957 | STORE_delete_public_key 3390 EXIST::FUNCTION: | ||
| 2958 | STORE_get_public_key 3391 EXIST::FUNCTION: | ||
| 2959 | STORE_modify_arbitrary 3392 EXIST::FUNCTION: | ||
| 2960 | ENGINE_get_static_state 3393 EXIST::FUNCTION:ENGINE | ||
| 2961 | pqueue_iterator 3394 EXIST::FUNCTION: | ||
| 2962 | ECDSA_SIG_new 3395 EXIST::FUNCTION:ECDSA | ||
| 2963 | OPENSSL_DIR_end 3396 EXIST::FUNCTION: | ||
| 2964 | BN_GF2m_mod_sqr 3397 EXIST::FUNCTION: | ||
| 2965 | EC_POINT_bn2point 3398 EXIST::FUNCTION:EC | ||
| 2966 | X509_VERIFY_PARAM_set_depth 3399 EXIST::FUNCTION: | ||
| 2967 | EC_KEY_set_asn1_flag 3400 EXIST::FUNCTION:EC | ||
| 2968 | STORE_get_method 3401 EXIST::FUNCTION: | ||
| 2969 | EC_KEY_get_key_method_data 3402 EXIST::FUNCTION:EC | ||
| 2970 | ECDSA_sign_ex 3403 EXIST::FUNCTION:ECDSA | ||
| 2971 | STORE_parse_attrs_end 3404 EXIST::FUNCTION: | ||
| 2972 | EC_GROUP_get_point_conversion_form 3405 EXIST:!VMS:FUNCTION:EC | ||
| 2973 | EC_GROUP_get_point_conv_form 3405 EXIST:VMS:FUNCTION:EC | ||
| 2974 | STORE_method_set_store_function 3406 EXIST::FUNCTION: | ||
| 2975 | STORE_ATTR_INFO_in 3407 EXIST::FUNCTION: | ||
| 2976 | PEM_read_bio_ECPKParameters 3408 EXIST::FUNCTION:EC | ||
| 2977 | EC_GROUP_get_pentanomial_basis 3409 EXIST::FUNCTION:EC | ||
| 2978 | EVP_PKEY_add1_attr_by_txt 3410 EXIST::FUNCTION: | ||
| 2979 | BN_BLINDING_set_flags 3411 EXIST::FUNCTION: | ||
| 2980 | X509_VERIFY_PARAM_set1_policies 3412 EXIST::FUNCTION: | ||
| 2981 | X509_VERIFY_PARAM_set1_name 3413 EXIST::FUNCTION: | ||
| 2982 | X509_VERIFY_PARAM_set_purpose 3414 EXIST::FUNCTION: | ||
| 2983 | STORE_get_number 3415 EXIST::FUNCTION: | ||
| 2984 | ECDSA_sign_setup 3416 EXIST::FUNCTION:ECDSA | ||
| 2985 | BN_GF2m_mod_solve_quad_arr 3417 EXIST::FUNCTION: | ||
| 2986 | EC_KEY_up_ref 3418 EXIST::FUNCTION:EC | ||
| 2987 | POLICY_MAPPING_free 3419 EXIST::FUNCTION: | ||
| 2988 | BN_GF2m_mod_div 3420 EXIST::FUNCTION: | ||
| 2989 | X509_VERIFY_PARAM_set_flags 3421 EXIST::FUNCTION: | ||
| 2990 | EC_KEY_free 3422 EXIST::FUNCTION:EC | ||
| 2991 | STORE_method_set_list_next_function 3423 EXIST:!VMS:FUNCTION: | ||
| 2992 | STORE_meth_set_list_next_fn 3423 EXIST:VMS:FUNCTION: | ||
| 2993 | PEM_write_bio_ECPrivateKey 3424 EXIST::FUNCTION:EC | ||
| 2994 | d2i_EC_PUBKEY 3425 EXIST::FUNCTION:EC | ||
| 2995 | STORE_method_get_generate_function 3426 EXIST:!VMS:FUNCTION: | ||
| 2996 | STORE_meth_get_generate_fn 3426 EXIST:VMS:FUNCTION: | ||
| 2997 | STORE_method_set_list_end_function 3427 EXIST:!VMS:FUNCTION: | ||
| 2998 | STORE_meth_set_list_end_fn 3427 EXIST:VMS:FUNCTION: | ||
| 2999 | pqueue_print 3428 EXIST::FUNCTION: | ||
| 3000 | EC_GROUP_have_precompute_mult 3429 EXIST::FUNCTION:EC | ||
| 3001 | EC_KEY_print_fp 3430 EXIST::FUNCTION:EC,FP_API | ||
| 3002 | BN_GF2m_mod_arr 3431 EXIST::FUNCTION: | ||
| 3003 | PEM_write_bio_X509_CERT_PAIR 3432 EXIST::FUNCTION: | ||
| 3004 | EVP_PKEY_cmp 3433 EXIST::FUNCTION: | ||
| 3005 | X509_policy_level_node_count 3434 EXIST::FUNCTION: | ||
| 3006 | STORE_new_engine 3435 EXIST::FUNCTION: | ||
| 3007 | STORE_list_public_key_start 3436 EXIST::FUNCTION: | ||
| 3008 | X509_VERIFY_PARAM_new 3437 EXIST::FUNCTION: | ||
| 3009 | ECDH_get_ex_data 3438 EXIST::FUNCTION:ECDH | ||
| 3010 | EVP_PKEY_get_attr 3439 EXIST::FUNCTION: | ||
| 3011 | ECDSA_do_sign 3440 EXIST::FUNCTION:ECDSA | ||
| 3012 | ENGINE_unregister_ECDH 3441 EXIST::FUNCTION:ENGINE | ||
| 3013 | ECDH_OpenSSL 3442 EXIST::FUNCTION:ECDH | ||
| 3014 | EC_KEY_set_conv_form 3443 EXIST::FUNCTION:EC | ||
| 3015 | EC_POINT_dup 3444 EXIST::FUNCTION:EC | ||
| 3016 | GENERAL_SUBTREE_new 3445 EXIST::FUNCTION: | ||
| 3017 | STORE_list_crl_endp 3446 EXIST::FUNCTION: | ||
| 3018 | EC_get_builtin_curves 3447 EXIST::FUNCTION:EC | ||
| 3019 | X509_policy_node_get0_qualifiers 3448 EXIST:!VMS:FUNCTION: | ||
| 3020 | X509_pcy_node_get0_qualifiers 3448 EXIST:VMS:FUNCTION: | ||
| 3021 | STORE_list_crl_end 3449 EXIST::FUNCTION: | ||
| 3022 | EVP_PKEY_set1_EC_KEY 3450 EXIST::FUNCTION:EC | ||
| 3023 | BN_GF2m_mod_sqrt_arr 3451 EXIST::FUNCTION: | ||
| 3024 | i2d_ECPrivateKey_bio 3452 EXIST::FUNCTION:BIO,EC | ||
| 3025 | ECPKParameters_print_fp 3453 EXIST::FUNCTION:EC,FP_API | ||
| 3026 | pqueue_find 3454 EXIST::FUNCTION: | ||
| 3027 | ECDSA_SIG_free 3455 EXIST::FUNCTION:ECDSA | ||
| 3028 | PEM_write_bio_ECPKParameters 3456 EXIST::FUNCTION:EC | ||
| 3029 | STORE_method_set_ctrl_function 3457 EXIST::FUNCTION: | ||
| 3030 | STORE_list_public_key_end 3458 EXIST::FUNCTION: | ||
| 3031 | EC_KEY_set_private_key 3459 EXIST::FUNCTION:EC | ||
| 3032 | pqueue_peek 3460 EXIST::FUNCTION: | ||
| 3033 | STORE_get_arbitrary 3461 EXIST::FUNCTION: | ||
| 3034 | STORE_store_crl 3462 EXIST::FUNCTION: | ||
| 3035 | X509_policy_node_get0_policy 3463 EXIST::FUNCTION: | ||
| 3036 | PKCS12_add_safes 3464 EXIST::FUNCTION: | ||
| 3037 | BN_BLINDING_convert_ex 3465 EXIST::FUNCTION: | ||
| 3038 | X509_policy_tree_free 3466 EXIST::FUNCTION: | ||
| 3039 | OPENSSL_ia32cap_loc 3467 EXIST::FUNCTION: | ||
| 3040 | BN_GF2m_poly2arr 3468 EXIST::FUNCTION: | ||
| 3041 | STORE_ctrl 3469 EXIST::FUNCTION: | ||
| 3042 | STORE_ATTR_INFO_compare 3470 EXIST::FUNCTION: | ||
| 3043 | BN_get0_nist_prime_224 3471 EXIST::FUNCTION: | ||
| 3044 | i2d_ECParameters 3472 EXIST::FUNCTION:EC | ||
| 3045 | i2d_ECPKParameters 3473 EXIST::FUNCTION:EC | ||
| 3046 | BN_GENCB_call 3474 EXIST::FUNCTION: | ||
| 3047 | d2i_ECPKParameters 3475 EXIST::FUNCTION:EC | ||
| 3048 | STORE_method_set_generate_function 3476 EXIST:!VMS:FUNCTION: | ||
| 3049 | STORE_meth_set_generate_fn 3476 EXIST:VMS:FUNCTION: | ||
| 3050 | ENGINE_set_ECDH 3477 EXIST::FUNCTION:ENGINE | ||
| 3051 | NAME_CONSTRAINTS_new 3478 EXIST::FUNCTION: | ||
| 3052 | SHA256_Init 3479 EXIST::FUNCTION:SHA,SHA256 | ||
| 3053 | EC_KEY_get0_public_key 3480 EXIST::FUNCTION:EC | ||
| 3054 | PEM_write_bio_EC_PUBKEY 3481 EXIST::FUNCTION:EC | ||
| 3055 | STORE_ATTR_INFO_set_cstr 3482 EXIST::FUNCTION: | ||
| 3056 | STORE_list_crl_next 3483 EXIST::FUNCTION: | ||
| 3057 | STORE_ATTR_INFO_in_range 3484 EXIST::FUNCTION: | ||
| 3058 | ECParameters_print 3485 EXIST::FUNCTION:BIO,EC | ||
| 3059 | STORE_method_set_delete_function 3486 EXIST:!VMS:FUNCTION: | ||
| 3060 | STORE_meth_set_delete_fn 3486 EXIST:VMS:FUNCTION: | ||
| 3061 | STORE_list_certificate_next 3487 EXIST::FUNCTION: | ||
| 3062 | ASN1_generate_nconf 3488 EXIST::FUNCTION: | ||
| 3063 | BUF_memdup 3489 EXIST::FUNCTION: | ||
| 3064 | BN_GF2m_mod_mul 3490 EXIST::FUNCTION: | ||
| 3065 | STORE_method_get_list_next_function 3491 EXIST:!VMS:FUNCTION: | ||
| 3066 | STORE_meth_get_list_next_fn 3491 EXIST:VMS:FUNCTION: | ||
| 3067 | STORE_ATTR_INFO_get0_dn 3492 EXIST::FUNCTION: | ||
| 3068 | STORE_list_private_key_next 3493 EXIST::FUNCTION: | ||
| 3069 | EC_GROUP_set_seed 3494 EXIST::FUNCTION:EC | ||
| 3070 | X509_VERIFY_PARAM_set_trust 3495 EXIST::FUNCTION: | ||
| 3071 | STORE_ATTR_INFO_free 3496 EXIST::FUNCTION: | ||
| 3072 | STORE_get_private_key 3497 EXIST::FUNCTION: | ||
| 3073 | EVP_PKEY_get_attr_count 3498 EXIST::FUNCTION: | ||
| 3074 | STORE_ATTR_INFO_new 3499 EXIST::FUNCTION: | ||
| 3075 | EC_GROUP_get_curve_GF2m 3500 EXIST::FUNCTION:EC | ||
| 3076 | STORE_method_set_revoke_function 3501 EXIST:!VMS:FUNCTION: | ||
| 3077 | STORE_meth_set_revoke_fn 3501 EXIST:VMS:FUNCTION: | ||
| 3078 | STORE_store_number 3502 EXIST::FUNCTION: | ||
| 3079 | BN_is_prime_ex 3503 EXIST::FUNCTION: | ||
| 3080 | STORE_revoke_public_key 3504 EXIST::FUNCTION: | ||
| 3081 | X509_STORE_CTX_get0_param 3505 EXIST::FUNCTION: | ||
| 3082 | STORE_delete_arbitrary 3506 EXIST::FUNCTION: | ||
| 3083 | PEM_read_X509_CERT_PAIR 3507 EXIST:!WIN16:FUNCTION: | ||
| 3084 | X509_STORE_set_depth 3508 EXIST::FUNCTION: | ||
| 3085 | ECDSA_get_ex_data 3509 EXIST::FUNCTION:ECDSA | ||
| 3086 | SHA224 3510 EXIST::FUNCTION:SHA,SHA256 | ||
| 3087 | BIO_dump_indent_fp 3511 EXIST::FUNCTION:FP_API | ||
| 3088 | EC_KEY_set_group 3512 EXIST::FUNCTION:EC | ||
| 3089 | BUF_strndup 3513 EXIST::FUNCTION: | ||
| 3090 | STORE_list_certificate_start 3514 EXIST::FUNCTION: | ||
| 3091 | BN_GF2m_mod 3515 EXIST::FUNCTION: | ||
| 3092 | X509_REQ_check_private_key 3516 EXIST::FUNCTION: | ||
| 3093 | EC_GROUP_get_seed_len 3517 EXIST::FUNCTION:EC | ||
| 3094 | ERR_load_STORE_strings 3518 EXIST::FUNCTION: | ||
| 3095 | PEM_read_bio_EC_PUBKEY 3519 EXIST::FUNCTION:EC | ||
| 3096 | STORE_list_private_key_end 3520 EXIST::FUNCTION: | ||
| 3097 | i2d_EC_PUBKEY 3521 EXIST::FUNCTION:EC | ||
| 3098 | ECDSA_get_default_method 3522 EXIST::FUNCTION:ECDSA | ||
| 3099 | ASN1_put_eoc 3523 EXIST::FUNCTION: | ||
| 3100 | X509_STORE_CTX_get_explicit_policy 3524 EXIST:!VMS:FUNCTION: | ||
| 3101 | X509_STORE_CTX_get_expl_policy 3524 EXIST:VMS:FUNCTION: | ||
| 3102 | X509_VERIFY_PARAM_table_cleanup 3525 EXIST::FUNCTION: | ||
| 3103 | STORE_modify_private_key 3526 EXIST::FUNCTION: | ||
| 3104 | X509_VERIFY_PARAM_free 3527 EXIST::FUNCTION: | ||
| 3105 | EC_METHOD_get_field_type 3528 EXIST::FUNCTION:EC | ||
| 3106 | EC_GFp_nist_method 3529 EXIST::FUNCTION:EC | ||
| 3107 | STORE_method_set_modify_function 3530 EXIST:!VMS:FUNCTION: | ||
| 3108 | STORE_meth_set_modify_fn 3530 EXIST:VMS:FUNCTION: | ||
| 3109 | STORE_parse_attrs_next 3531 EXIST::FUNCTION: | ||
| 3110 | ENGINE_load_padlock 3532 EXIST::FUNCTION:ENGINE | ||
| 3111 | EC_GROUP_set_curve_name 3533 EXIST::FUNCTION:EC | ||
| 3112 | X509_CERT_PAIR_it 3534 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: | ||
| 3113 | X509_CERT_PAIR_it 3534 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: | ||
| 3114 | STORE_method_get_revoke_function 3535 EXIST:!VMS:FUNCTION: | ||
| 3115 | STORE_meth_get_revoke_fn 3535 EXIST:VMS:FUNCTION: | ||
| 3116 | STORE_method_set_get_function 3536 EXIST::FUNCTION: | ||
| 3117 | STORE_modify_number 3537 EXIST::FUNCTION: | ||
| 3118 | STORE_method_get_store_function 3538 EXIST::FUNCTION: | ||
| 3119 | STORE_store_private_key 3539 EXIST::FUNCTION: | ||
| 3120 | BN_GF2m_mod_sqr_arr 3540 EXIST::FUNCTION: | ||
| 3121 | RSA_setup_blinding 3541 EXIST::FUNCTION:RSA | ||
| 3122 | BIO_s_datagram 3542 EXIST::FUNCTION:DGRAM | ||
| 3123 | STORE_Memory 3543 EXIST::FUNCTION: | ||
| 3124 | sk_find_ex 3544 EXIST::FUNCTION: | ||
| 3125 | EC_GROUP_set_curve_GF2m 3545 EXIST::FUNCTION:EC | ||
| 3126 | ENGINE_set_default_ECDSA 3546 EXIST::FUNCTION:ENGINE | ||
| 3127 | POLICY_CONSTRAINTS_new 3547 EXIST::FUNCTION: | ||
| 3128 | BN_GF2m_mod_sqrt 3548 EXIST::FUNCTION: | ||
| 3129 | ECDH_set_default_method 3549 EXIST::FUNCTION:ECDH | ||
| 3130 | EC_KEY_generate_key 3550 EXIST::FUNCTION:EC | ||
| 3131 | SHA384_Update 3551 EXIST::FUNCTION:SHA,SHA512 | ||
| 3132 | BN_GF2m_arr2poly 3552 EXIST::FUNCTION: | ||
| 3133 | STORE_method_get_get_function 3553 EXIST::FUNCTION: | ||
| 3134 | STORE_method_set_cleanup_function 3554 EXIST:!VMS:FUNCTION: | ||
| 3135 | STORE_meth_set_cleanup_fn 3554 EXIST:VMS:FUNCTION: | ||
| 3136 | EC_GROUP_check 3555 EXIST::FUNCTION:EC | ||
| 3137 | d2i_ECPrivateKey_bio 3556 EXIST::FUNCTION:BIO,EC | ||
| 3138 | EC_KEY_insert_key_method_data 3557 EXIST::FUNCTION:EC | ||
| 3139 | STORE_method_get_lock_store_function 3558 EXIST:!VMS:FUNCTION: | ||
| 3140 | STORE_meth_get_lock_store_fn 3558 EXIST:VMS:FUNCTION: | ||
| 3141 | X509_VERIFY_PARAM_get_depth 3559 EXIST::FUNCTION: | ||
| 3142 | SHA224_Final 3560 EXIST::FUNCTION:SHA,SHA256 | ||
| 3143 | STORE_method_set_update_store_function 3561 EXIST:!VMS:FUNCTION: | ||
| 3144 | STORE_meth_set_update_store_fn 3561 EXIST:VMS:FUNCTION: | ||
| 3145 | SHA224_Update 3562 EXIST::FUNCTION:SHA,SHA256 | ||
| 3146 | d2i_ECPrivateKey 3563 EXIST::FUNCTION:EC | ||
| 3147 | ASN1_item_ndef_i2d 3564 EXIST::FUNCTION: | ||
| 3148 | STORE_delete_private_key 3565 EXIST::FUNCTION: | ||
| 3149 | ERR_pop_to_mark 3566 EXIST::FUNCTION: | ||
| 3150 | ENGINE_register_all_STORE 3567 EXIST::FUNCTION:ENGINE | ||
| 3151 | X509_policy_level_get0_node 3568 EXIST::FUNCTION: | ||
| 3152 | i2d_PKCS7_NDEF 3569 EXIST::FUNCTION: | ||
| 3153 | EC_GROUP_get_degree 3570 EXIST::FUNCTION:EC | ||
| 3154 | ASN1_generate_v3 3571 EXIST::FUNCTION: | ||
| 3155 | STORE_ATTR_INFO_modify_cstr 3572 EXIST::FUNCTION: | ||
| 3156 | X509_policy_tree_level_count 3573 EXIST::FUNCTION: | ||
| 3157 | BN_GF2m_add 3574 EXIST::FUNCTION: | ||
| 3158 | EC_KEY_get0_group 3575 EXIST::FUNCTION:EC | ||
| 3159 | STORE_generate_crl 3576 EXIST::FUNCTION: | ||
| 3160 | STORE_store_public_key 3577 EXIST::FUNCTION: | ||
| 3161 | X509_CERT_PAIR_free 3578 EXIST::FUNCTION: | ||
| 3162 | STORE_revoke_private_key 3579 EXIST::FUNCTION: | ||
| 3163 | BN_nist_mod_224 3580 EXIST::FUNCTION: | ||
| 3164 | SHA512_Final 3581 EXIST::FUNCTION:SHA,SHA512 | ||
| 3165 | STORE_ATTR_INFO_modify_dn 3582 EXIST::FUNCTION: | ||
| 3166 | STORE_method_get_initialise_function 3583 EXIST:!VMS:FUNCTION: | ||
| 3167 | STORE_meth_get_initialise_fn 3583 EXIST:VMS:FUNCTION: | ||
| 3168 | STORE_delete_number 3584 EXIST::FUNCTION: | ||
| 3169 | i2d_EC_PUBKEY_bio 3585 EXIST::FUNCTION:BIO,EC | ||
| 3170 | BIO_dgram_non_fatal_error 3586 EXIST::FUNCTION: | ||
| 3171 | EC_GROUP_get_asn1_flag 3587 EXIST::FUNCTION:EC | ||
| 3172 | STORE_ATTR_INFO_in_ex 3588 EXIST::FUNCTION: | ||
| 3173 | STORE_list_crl_start 3589 EXIST::FUNCTION: | ||
| 3174 | ECDH_get_ex_new_index 3590 EXIST::FUNCTION:ECDH | ||
| 3175 | STORE_method_get_modify_function 3591 EXIST:!VMS:FUNCTION: | ||
| 3176 | STORE_meth_get_modify_fn 3591 EXIST:VMS:FUNCTION: | ||
| 3177 | v2i_ASN1_BIT_STRING 3592 EXIST::FUNCTION: | ||
| 3178 | STORE_store_certificate 3593 EXIST::FUNCTION: | ||
| 3179 | OBJ_bsearch_ex 3594 EXIST::FUNCTION: | ||
| 3180 | X509_STORE_CTX_set_default 3595 EXIST::FUNCTION: | ||
| 3181 | STORE_ATTR_INFO_set_sha1str 3596 EXIST::FUNCTION: | ||
| 3182 | BN_GF2m_mod_inv 3597 EXIST::FUNCTION: | ||
| 3183 | BN_GF2m_mod_exp 3598 EXIST::FUNCTION: | ||
| 3184 | STORE_modify_public_key 3599 EXIST::FUNCTION: | ||
| 3185 | STORE_method_get_list_start_function 3600 EXIST:!VMS:FUNCTION: | ||
| 3186 | STORE_meth_get_list_start_fn 3600 EXIST:VMS:FUNCTION: | ||
| 3187 | EC_GROUP_get0_seed 3601 EXIST::FUNCTION:EC | ||
| 3188 | STORE_store_arbitrary 3602 EXIST::FUNCTION: | ||
| 3189 | STORE_method_set_unlock_store_function 3603 EXIST:!VMS:FUNCTION: | ||
| 3190 | STORE_meth_set_unlock_store_fn 3603 EXIST:VMS:FUNCTION: | ||
| 3191 | BN_GF2m_mod_div_arr 3604 EXIST::FUNCTION: | ||
| 3192 | ENGINE_set_ECDSA 3605 EXIST::FUNCTION:ENGINE | ||
| 3193 | STORE_create_method 3606 EXIST::FUNCTION: | ||
| 3194 | ECPKParameters_print 3607 EXIST::FUNCTION:BIO,EC | ||
| 3195 | EC_KEY_get0_private_key 3608 EXIST::FUNCTION:EC | ||
| 3196 | PEM_write_EC_PUBKEY 3609 EXIST:!WIN16:FUNCTION:EC | ||
| 3197 | X509_VERIFY_PARAM_set1 3610 EXIST::FUNCTION: | ||
| 3198 | ECDH_set_method 3611 EXIST::FUNCTION:ECDH | ||
| 3199 | v2i_GENERAL_NAME_ex 3612 EXIST::FUNCTION: | ||
| 3200 | ECDH_set_ex_data 3613 EXIST::FUNCTION:ECDH | ||
| 3201 | STORE_generate_key 3614 EXIST::FUNCTION: | ||
| 3202 | BN_nist_mod_521 3615 EXIST::FUNCTION: | ||
| 3203 | X509_policy_tree_get0_level 3616 EXIST::FUNCTION: | ||
| 3204 | EC_GROUP_set_point_conversion_form 3617 EXIST:!VMS:FUNCTION:EC | ||
| 3205 | EC_GROUP_set_point_conv_form 3617 EXIST:VMS:FUNCTION:EC | ||
| 3206 | PEM_read_EC_PUBKEY 3618 EXIST:!WIN16:FUNCTION:EC | ||
| 3207 | i2d_ECDSA_SIG 3619 EXIST::FUNCTION:ECDSA | ||
| 3208 | ECDSA_OpenSSL 3620 EXIST::FUNCTION:ECDSA | ||
| 3209 | STORE_delete_crl 3621 EXIST::FUNCTION: | ||
| 3210 | EC_KEY_get_enc_flags 3622 EXIST::FUNCTION:EC | ||
| 3211 | ASN1_const_check_infinite_end 3623 EXIST::FUNCTION: | ||
| 3212 | EVP_PKEY_delete_attr 3624 EXIST::FUNCTION: | ||
| 3213 | ECDSA_set_default_method 3625 EXIST::FUNCTION:ECDSA | ||
| 3214 | EC_POINT_set_compressed_coordinates_GF2m 3626 EXIST:!VMS:FUNCTION:EC | ||
| 3215 | EC_POINT_set_compr_coords_GF2m 3626 EXIST:VMS:FUNCTION:EC | ||
| 3216 | EC_GROUP_cmp 3627 EXIST::FUNCTION:EC | ||
| 3217 | STORE_revoke_certificate 3628 EXIST::FUNCTION: | ||
| 3218 | BN_get0_nist_prime_256 3629 EXIST::FUNCTION: | ||
| 3219 | STORE_method_get_delete_function 3630 EXIST:!VMS:FUNCTION: | ||
| 3220 | STORE_meth_get_delete_fn 3630 EXIST:VMS:FUNCTION: | ||
| 3221 | SHA224_Init 3631 EXIST::FUNCTION:SHA,SHA256 | ||
| 3222 | PEM_read_ECPrivateKey 3632 EXIST:!WIN16:FUNCTION:EC | ||
| 3223 | SHA512_Init 3633 EXIST::FUNCTION:SHA,SHA512 | ||
| 3224 | STORE_parse_attrs_endp 3634 EXIST::FUNCTION: | ||
| 3225 | BN_set_negative 3635 EXIST::FUNCTION: | ||
| 3226 | ERR_load_ECDSA_strings 3636 EXIST::FUNCTION:ECDSA | ||
| 3227 | EC_GROUP_get_basis_type 3637 EXIST::FUNCTION:EC | ||
| 3228 | STORE_list_public_key_next 3638 EXIST::FUNCTION: | ||
| 3229 | i2v_ASN1_BIT_STRING 3639 EXIST::FUNCTION: | ||
| 3230 | STORE_OBJECT_free 3640 EXIST::FUNCTION: | ||
| 3231 | BN_nist_mod_384 3641 EXIST::FUNCTION: | ||
| 3232 | i2d_X509_CERT_PAIR 3642 EXIST::FUNCTION: | ||
| 3233 | PEM_write_ECPKParameters 3643 EXIST:!WIN16:FUNCTION:EC | ||
| 3234 | ECDH_compute_key 3644 EXIST::FUNCTION:ECDH | ||
| 3235 | STORE_ATTR_INFO_get0_sha1str 3645 EXIST::FUNCTION: | ||
| 3236 | ENGINE_register_all_ECDH 3646 EXIST::FUNCTION:ENGINE | ||
| 3237 | pqueue_pop 3647 EXIST::FUNCTION: | ||
| 3238 | STORE_ATTR_INFO_get0_cstr 3648 EXIST::FUNCTION: | ||
| 3239 | POLICY_CONSTRAINTS_it 3649 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: | ||
| 3240 | POLICY_CONSTRAINTS_it 3649 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: | ||
| 3241 | STORE_get_ex_new_index 3650 EXIST::FUNCTION: | ||
| 3242 | EVP_PKEY_get_attr_by_OBJ 3651 EXIST::FUNCTION: | ||
| 3243 | X509_VERIFY_PARAM_add0_policy 3652 EXIST::FUNCTION: | ||
| 3244 | BN_GF2m_mod_solve_quad 3653 EXIST::FUNCTION: | ||
| 3245 | SHA256 3654 EXIST::FUNCTION:SHA,SHA256 | ||
| 3246 | i2d_ECPrivateKey_fp 3655 EXIST::FUNCTION:EC,FP_API | ||
| 3247 | X509_policy_tree_get0_user_policies 3656 EXIST:!VMS:FUNCTION: | ||
| 3248 | X509_pcy_tree_get0_usr_policies 3656 EXIST:VMS:FUNCTION: | ||
| 3249 | OPENSSL_DIR_read 3657 EXIST::FUNCTION: | ||
| 3250 | ENGINE_register_all_ECDSA 3658 EXIST::FUNCTION:ENGINE | ||
| 3251 | X509_VERIFY_PARAM_lookup 3659 EXIST::FUNCTION: | ||
| 3252 | EC_POINT_get_affine_coordinates_GF2m 3660 EXIST:!VMS:FUNCTION:EC | ||
| 3253 | EC_POINT_get_affine_coords_GF2m 3660 EXIST:VMS:FUNCTION:EC | ||
| 3254 | EC_GROUP_dup 3661 EXIST::FUNCTION:EC | ||
| 3255 | ENGINE_get_default_ECDSA 3662 EXIST::FUNCTION:ENGINE | ||
| 3256 | EC_KEY_new 3663 EXIST::FUNCTION:EC | ||
| 3257 | SHA256_Transform 3664 EXIST::FUNCTION:SHA,SHA256 | ||
| 3258 | EC_KEY_set_enc_flags 3665 EXIST::FUNCTION:EC | ||
| 3259 | ECDSA_verify 3666 EXIST::FUNCTION:ECDSA | ||
| 3260 | EC_POINT_point2hex 3667 EXIST::FUNCTION:EC | ||
| 3261 | ENGINE_get_STORE 3668 EXIST::FUNCTION:ENGINE | ||
| 3262 | SHA512 3669 EXIST::FUNCTION:SHA,SHA512 | ||
| 3263 | STORE_get_certificate 3670 EXIST::FUNCTION: | ||
| 3264 | ECDSA_do_sign_ex 3671 EXIST::FUNCTION:ECDSA | ||
| 3265 | ECDSA_do_verify 3672 EXIST::FUNCTION:ECDSA | ||
| 3266 | d2i_ECPrivateKey_fp 3673 EXIST::FUNCTION:EC,FP_API | ||
| 3267 | STORE_delete_certificate 3674 EXIST::FUNCTION: | ||
| 3268 | SHA512_Transform 3675 EXIST::FUNCTION:SHA,SHA512 | ||
| 3269 | X509_STORE_set1_param 3676 EXIST::FUNCTION: | ||
| 3270 | STORE_method_get_ctrl_function 3677 EXIST::FUNCTION: | ||
| 3271 | STORE_free 3678 EXIST::FUNCTION: | ||
| 3272 | PEM_write_ECPrivateKey 3679 EXIST:!WIN16:FUNCTION:EC | ||
| 3273 | STORE_method_get_unlock_store_function 3680 EXIST:!VMS:FUNCTION: | ||
| 3274 | STORE_meth_get_unlock_store_fn 3680 EXIST:VMS:FUNCTION: | ||
| 3275 | STORE_get_ex_data 3681 EXIST::FUNCTION: | ||
| 3276 | EC_KEY_set_public_key 3682 EXIST::FUNCTION:EC | ||
| 3277 | PEM_read_ECPKParameters 3683 EXIST:!WIN16:FUNCTION:EC | ||
| 3278 | X509_CERT_PAIR_new 3684 EXIST::FUNCTION: | ||
| 3279 | ENGINE_register_STORE 3685 EXIST::FUNCTION:ENGINE | ||
| 3280 | RSA_generate_key_ex 3686 EXIST::FUNCTION:RSA | ||
| 3281 | DSA_generate_parameters_ex 3687 EXIST::FUNCTION:DSA | ||
| 3282 | ECParameters_print_fp 3688 EXIST::FUNCTION:EC,FP_API | ||
| 3283 | X509V3_NAME_from_section 3689 EXIST::FUNCTION: | ||
| 3284 | EVP_PKEY_add1_attr 3690 EXIST::FUNCTION: | ||
| 3285 | STORE_modify_crl 3691 EXIST::FUNCTION: | ||
| 3286 | STORE_list_private_key_start 3692 EXIST::FUNCTION: | ||
| 3287 | POLICY_MAPPINGS_it 3693 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: | ||
| 3288 | POLICY_MAPPINGS_it 3693 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: | ||
| 3289 | GENERAL_SUBTREE_it 3694 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: | ||
| 3290 | GENERAL_SUBTREE_it 3694 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: | ||
| 3291 | EC_GROUP_get_curve_name 3695 EXIST::FUNCTION:EC | ||
| 3292 | PEM_write_X509_CERT_PAIR 3696 EXIST:!WIN16:FUNCTION: | ||
| 3293 | BIO_dump_indent_cb 3697 EXIST::FUNCTION: | ||
| 3294 | d2i_X509_CERT_PAIR 3698 EXIST::FUNCTION: | ||
| 3295 | STORE_list_private_key_endp 3699 EXIST::FUNCTION: | ||
| 3296 | asn1_const_Finish 3700 EXIST::FUNCTION: | ||
| 3297 | i2d_EC_PUBKEY_fp 3701 EXIST::FUNCTION:EC,FP_API | ||
| 3298 | BN_nist_mod_256 3702 EXIST::FUNCTION: | ||
| 3299 | X509_VERIFY_PARAM_add0_table 3703 EXIST::FUNCTION: | ||
| 3300 | pqueue_free 3704 EXIST::FUNCTION: | ||
| 3301 | BN_BLINDING_create_param 3705 EXIST::FUNCTION: | ||
| 3302 | ECDSA_size 3706 EXIST::FUNCTION:ECDSA | ||
| 3303 | d2i_EC_PUBKEY_bio 3707 EXIST::FUNCTION:BIO,EC | ||
| 3304 | BN_get0_nist_prime_521 3708 EXIST::FUNCTION: | ||
| 3305 | STORE_ATTR_INFO_modify_sha1str 3709 EXIST::FUNCTION: | ||
| 3306 | BN_generate_prime_ex 3710 EXIST::FUNCTION: | ||
| 3307 | EC_GROUP_new_by_curve_name 3711 EXIST::FUNCTION:EC | ||
| 3308 | SHA256_Final 3712 EXIST::FUNCTION:SHA,SHA256 | ||
| 3309 | DH_generate_parameters_ex 3713 EXIST::FUNCTION:DH | ||
| 3310 | PEM_read_bio_ECPrivateKey 3714 EXIST::FUNCTION:EC | ||
| 3311 | STORE_method_get_cleanup_function 3715 EXIST:!VMS:FUNCTION: | ||
| 3312 | STORE_meth_get_cleanup_fn 3715 EXIST:VMS:FUNCTION: | ||
| 3313 | ENGINE_get_ECDH 3716 EXIST::FUNCTION:ENGINE | ||
| 3314 | d2i_ECDSA_SIG 3717 EXIST::FUNCTION:ECDSA | ||
| 3315 | BN_is_prime_fasttest_ex 3718 EXIST::FUNCTION: | ||
| 3316 | ECDSA_sign 3719 EXIST::FUNCTION:ECDSA | ||
| 3317 | X509_policy_check 3720 EXIST::FUNCTION: | ||
| 3318 | EVP_PKEY_get_attr_by_NID 3721 EXIST::FUNCTION: | ||
| 3319 | STORE_set_ex_data 3722 EXIST::FUNCTION: | ||
| 3320 | ENGINE_get_ECDSA 3723 EXIST::FUNCTION:ENGINE | ||
| 3321 | EVP_ecdsa 3724 EXIST::FUNCTION:SHA | ||
| 3322 | BN_BLINDING_get_flags 3725 EXIST::FUNCTION: | ||
| 3323 | PKCS12_add_cert 3726 EXIST::FUNCTION: | ||
| 3324 | STORE_OBJECT_new 3727 EXIST::FUNCTION: | ||
| 3325 | ERR_load_ECDH_strings 3728 EXIST::FUNCTION:ECDH | ||
| 3326 | EC_KEY_dup 3729 EXIST::FUNCTION:EC | ||
| 3327 | EVP_CIPHER_CTX_rand_key 3730 EXIST::FUNCTION: | ||
| 3328 | ECDSA_set_method 3731 EXIST::FUNCTION:ECDSA | ||
| 3329 | a2i_IPADDRESS_NC 3732 EXIST::FUNCTION: | ||
| 3330 | d2i_ECParameters 3733 EXIST::FUNCTION:EC | ||
| 3331 | STORE_list_certificate_end 3734 EXIST::FUNCTION: | ||
| 3332 | STORE_get_crl 3735 EXIST::FUNCTION: | ||
| 3333 | X509_POLICY_NODE_print 3736 EXIST::FUNCTION: | ||
| 3334 | SHA384_Init 3737 EXIST::FUNCTION:SHA,SHA512 | ||
| 3335 | EC_GF2m_simple_method 3738 EXIST::FUNCTION:EC | ||
| 3336 | ECDSA_set_ex_data 3739 EXIST::FUNCTION:ECDSA | ||
| 3337 | SHA384_Final 3740 EXIST::FUNCTION:SHA,SHA512 | ||
| 3338 | PKCS7_set_digest 3741 EXIST::FUNCTION: | ||
| 3339 | EC_KEY_print 3742 EXIST::FUNCTION:BIO,EC | ||
| 3340 | STORE_method_set_lock_store_function 3743 EXIST:!VMS:FUNCTION: | ||
| 3341 | STORE_meth_set_lock_store_fn 3743 EXIST:VMS:FUNCTION: | ||
| 3342 | ECDSA_get_ex_new_index 3744 EXIST::FUNCTION:ECDSA | ||
| 3343 | SHA384 3745 EXIST::FUNCTION:SHA,SHA512 | ||
| 3344 | POLICY_MAPPING_new 3746 EXIST::FUNCTION: | ||
| 3345 | STORE_list_certificate_endp 3747 EXIST::FUNCTION: | ||
| 3346 | X509_STORE_CTX_get0_policy_tree 3748 EXIST::FUNCTION: | ||
| 3347 | EC_GROUP_set_asn1_flag 3749 EXIST::FUNCTION:EC | ||
| 3348 | EC_KEY_check_key 3750 EXIST::FUNCTION:EC | ||
| 3349 | d2i_EC_PUBKEY_fp 3751 EXIST::FUNCTION:EC,FP_API | ||
| 3350 | PKCS7_set0_type_other 3752 EXIST::FUNCTION: | ||
| 3351 | PEM_read_bio_X509_CERT_PAIR 3753 EXIST::FUNCTION: | ||
| 3352 | pqueue_next 3754 EXIST::FUNCTION: | ||
| 3353 | STORE_method_get_list_end_function 3755 EXIST:!VMS:FUNCTION: | ||
| 3354 | STORE_meth_get_list_end_fn 3755 EXIST:VMS:FUNCTION: | ||
| 3355 | EVP_PKEY_add1_attr_by_OBJ 3756 EXIST::FUNCTION: | ||
| 3356 | X509_VERIFY_PARAM_set_time 3757 EXIST::FUNCTION: | ||
| 3357 | pqueue_new 3758 EXIST::FUNCTION: | ||
| 3358 | ENGINE_set_default_ECDH 3759 EXIST::FUNCTION:ENGINE | ||
| 3359 | STORE_new_method 3760 EXIST::FUNCTION: | ||
| 3360 | PKCS12_add_key 3761 EXIST::FUNCTION: | ||
| 3361 | DSO_merge 3762 EXIST::FUNCTION: | ||
| 3362 | EC_POINT_hex2point 3763 EXIST::FUNCTION:EC | ||
| 3363 | BIO_dump_cb 3764 EXIST::FUNCTION: | ||
| 3364 | SHA256_Update 3765 EXIST::FUNCTION:SHA,SHA256 | ||
| 3365 | pqueue_insert 3766 EXIST::FUNCTION: | ||
| 3366 | pitem_free 3767 EXIST::FUNCTION: | ||
| 3367 | BN_GF2m_mod_inv_arr 3768 EXIST::FUNCTION: | ||
| 3368 | ENGINE_unregister_ECDSA 3769 EXIST::FUNCTION:ENGINE | ||
| 3369 | BN_BLINDING_set_thread_id 3770 EXIST::FUNCTION: | ||
| 3370 | get_rfc3526_prime_8192 3771 EXIST::FUNCTION: | ||
| 3371 | X509_VERIFY_PARAM_clear_flags 3772 EXIST::FUNCTION: | ||
| 3372 | get_rfc2409_prime_1024 3773 EXIST::FUNCTION: | ||
| 3373 | DH_check_pub_key 3774 EXIST::FUNCTION:DH | ||
| 3374 | get_rfc3526_prime_2048 3775 EXIST::FUNCTION: | ||
| 3375 | get_rfc3526_prime_6144 3776 EXIST::FUNCTION: | ||
| 3376 | get_rfc3526_prime_1536 3777 EXIST::FUNCTION: | ||
| 3377 | get_rfc3526_prime_3072 3778 EXIST::FUNCTION: | ||
| 3378 | get_rfc3526_prime_4096 3779 EXIST::FUNCTION: | ||
| 3379 | get_rfc2409_prime_768 3780 EXIST::FUNCTION: | ||
| 3380 | X509_VERIFY_PARAM_get_flags 3781 EXIST::FUNCTION: | ||
| 3381 | EVP_CIPHER_CTX_new 3782 EXIST::FUNCTION: | ||
| 3382 | EVP_CIPHER_CTX_free 3783 EXIST::FUNCTION: | ||
| 3383 | Camellia_cbc_encrypt 3784 EXIST::FUNCTION:CAMELLIA | ||
| 3384 | Camellia_cfb128_encrypt 3785 EXIST::FUNCTION:CAMELLIA | ||
| 3385 | Camellia_cfb1_encrypt 3786 EXIST::FUNCTION:CAMELLIA | ||
| 3386 | Camellia_cfb8_encrypt 3787 EXIST::FUNCTION:CAMELLIA | ||
| 3387 | Camellia_ctr128_encrypt 3788 EXIST::FUNCTION:CAMELLIA | ||
| 3388 | Camellia_cfbr_encrypt_block 3789 EXIST::FUNCTION:CAMELLIA | ||
| 3389 | Camellia_decrypt 3790 EXIST::FUNCTION:CAMELLIA | ||
| 3390 | Camellia_ecb_encrypt 3791 EXIST::FUNCTION:CAMELLIA | ||
| 3391 | Camellia_encrypt 3792 EXIST::FUNCTION:CAMELLIA | ||
| 3392 | Camellia_ofb128_encrypt 3793 EXIST::FUNCTION:CAMELLIA | ||
| 3393 | Camellia_set_key 3794 EXIST::FUNCTION:CAMELLIA | ||
| 3394 | EVP_camellia_128_cbc 3795 EXIST::FUNCTION:CAMELLIA | ||
| 3395 | EVP_camellia_128_cfb128 3796 EXIST::FUNCTION:CAMELLIA | ||
| 3396 | EVP_camellia_128_cfb1 3797 EXIST::FUNCTION:CAMELLIA | ||
| 3397 | EVP_camellia_128_cfb8 3798 EXIST::FUNCTION:CAMELLIA | ||
| 3398 | EVP_camellia_128_ecb 3799 EXIST::FUNCTION:CAMELLIA | ||
| 3399 | EVP_camellia_128_ofb 3800 EXIST::FUNCTION:CAMELLIA | ||
| 3400 | EVP_camellia_192_cbc 3801 EXIST::FUNCTION:CAMELLIA | ||
| 3401 | EVP_camellia_192_cfb128 3802 EXIST::FUNCTION:CAMELLIA | ||
| 3402 | EVP_camellia_192_cfb1 3803 EXIST::FUNCTION:CAMELLIA | ||
| 3403 | EVP_camellia_192_cfb8 3804 EXIST::FUNCTION:CAMELLIA | ||
| 3404 | EVP_camellia_192_ecb 3805 EXIST::FUNCTION:CAMELLIA | ||
| 3405 | EVP_camellia_192_ofb 3806 EXIST::FUNCTION:CAMELLIA | ||
| 3406 | EVP_camellia_256_cbc 3807 EXIST::FUNCTION:CAMELLIA | ||
| 3407 | EVP_camellia_256_cfb128 3808 EXIST::FUNCTION:CAMELLIA | ||
| 3408 | EVP_camellia_256_cfb1 3809 EXIST::FUNCTION:CAMELLIA | ||
| 3409 | EVP_camellia_256_cfb8 3810 EXIST::FUNCTION:CAMELLIA | ||
| 3410 | EVP_camellia_256_ecb 3811 EXIST::FUNCTION:CAMELLIA | ||
| 3411 | EVP_camellia_256_ofb 3812 EXIST::FUNCTION:CAMELLIA | ||
| 3412 | a2i_ipadd 3813 EXIST::FUNCTION: | ||
| 3413 | ASIdentifiers_free 3814 EXIST::FUNCTION:RFC3779 | ||
| 3414 | i2d_ASIdOrRange 3815 EXIST::FUNCTION:RFC3779 | ||
| 3415 | EVP_CIPHER_block_size 3816 EXIST::FUNCTION: | ||
| 3416 | v3_asid_is_canonical 3817 EXIST::FUNCTION:RFC3779 | ||
| 3417 | IPAddressChoice_free 3818 EXIST::FUNCTION:RFC3779 | ||
| 3418 | EVP_CIPHER_CTX_set_app_data 3819 EXIST::FUNCTION: | ||
| 3419 | BIO_set_callback_arg 3820 EXIST::FUNCTION: | ||
| 3420 | v3_addr_add_prefix 3821 EXIST::FUNCTION:RFC3779 | ||
| 3421 | IPAddressOrRange_it 3822 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:RFC3779 | ||
| 3422 | IPAddressOrRange_it 3822 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:RFC3779 | ||
| 3423 | BIO_set_flags 3823 EXIST::FUNCTION: | ||
| 3424 | ASIdentifiers_it 3824 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:RFC3779 | ||
| 3425 | ASIdentifiers_it 3824 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:RFC3779 | ||
| 3426 | v3_addr_get_range 3825 EXIST::FUNCTION:RFC3779 | ||
| 3427 | BIO_method_type 3826 EXIST::FUNCTION: | ||
| 3428 | v3_addr_inherits 3827 EXIST::FUNCTION:RFC3779 | ||
| 3429 | IPAddressChoice_it 3828 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:RFC3779 | ||
| 3430 | IPAddressChoice_it 3828 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:RFC3779 | ||
| 3431 | AES_ige_encrypt 3829 EXIST::FUNCTION:AES | ||
| 3432 | v3_addr_add_range 3830 EXIST::FUNCTION:RFC3779 | ||
| 3433 | EVP_CIPHER_CTX_nid 3831 EXIST::FUNCTION: | ||
| 3434 | d2i_ASRange 3832 EXIST::FUNCTION:RFC3779 | ||
| 3435 | v3_addr_add_inherit 3833 EXIST::FUNCTION:RFC3779 | ||
| 3436 | v3_asid_add_id_or_range 3834 EXIST::FUNCTION:RFC3779 | ||
| 3437 | v3_addr_validate_resource_set 3835 EXIST::FUNCTION:RFC3779 | ||
| 3438 | EVP_CIPHER_iv_length 3836 EXIST::FUNCTION: | ||
| 3439 | EVP_MD_type 3837 EXIST::FUNCTION: | ||
| 3440 | v3_asid_canonize 3838 EXIST::FUNCTION:RFC3779 | ||
| 3441 | IPAddressRange_free 3839 EXIST::FUNCTION:RFC3779 | ||
| 3442 | v3_asid_add_inherit 3840 EXIST::FUNCTION:RFC3779 | ||
| 3443 | EVP_CIPHER_CTX_key_length 3841 EXIST::FUNCTION: | ||
| 3444 | IPAddressRange_new 3842 EXIST::FUNCTION:RFC3779 | ||
| 3445 | ASIdOrRange_new 3843 EXIST::FUNCTION:RFC3779 | ||
| 3446 | EVP_MD_size 3844 EXIST::FUNCTION: | ||
| 3447 | EVP_MD_CTX_test_flags 3845 EXIST::FUNCTION: | ||
| 3448 | BIO_clear_flags 3846 EXIST::FUNCTION: | ||
| 3449 | i2d_ASRange 3847 EXIST::FUNCTION:RFC3779 | ||
| 3450 | IPAddressRange_it 3848 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:RFC3779 | ||
| 3451 | IPAddressRange_it 3848 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:RFC3779 | ||
| 3452 | IPAddressChoice_new 3849 EXIST::FUNCTION:RFC3779 | ||
| 3453 | ASIdentifierChoice_new 3850 EXIST::FUNCTION:RFC3779 | ||
| 3454 | ASRange_free 3851 EXIST::FUNCTION:RFC3779 | ||
| 3455 | EVP_MD_pkey_type 3852 EXIST::FUNCTION: | ||
| 3456 | EVP_MD_CTX_clear_flags 3853 EXIST::FUNCTION: | ||
| 3457 | IPAddressFamily_free 3854 EXIST::FUNCTION:RFC3779 | ||
| 3458 | i2d_IPAddressFamily 3855 EXIST::FUNCTION:RFC3779 | ||
| 3459 | IPAddressOrRange_new 3856 EXIST::FUNCTION:RFC3779 | ||
| 3460 | EVP_CIPHER_flags 3857 EXIST::FUNCTION: | ||
| 3461 | v3_asid_validate_resource_set 3858 EXIST::FUNCTION:RFC3779 | ||
| 3462 | d2i_IPAddressRange 3859 EXIST::FUNCTION:RFC3779 | ||
| 3463 | AES_bi_ige_encrypt 3860 EXIST::FUNCTION:AES | ||
| 3464 | BIO_get_callback 3861 EXIST::FUNCTION: | ||
| 3465 | IPAddressOrRange_free 3862 EXIST::FUNCTION:RFC3779 | ||
| 3466 | v3_addr_subset 3863 EXIST::FUNCTION:RFC3779 | ||
| 3467 | d2i_IPAddressFamily 3864 EXIST::FUNCTION:RFC3779 | ||
| 3468 | v3_asid_subset 3865 EXIST::FUNCTION:RFC3779 | ||
| 3469 | BIO_test_flags 3866 EXIST::FUNCTION: | ||
| 3470 | i2d_ASIdentifierChoice 3867 EXIST::FUNCTION:RFC3779 | ||
| 3471 | ASRange_it 3868 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:RFC3779 | ||
| 3472 | ASRange_it 3868 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:RFC3779 | ||
| 3473 | d2i_ASIdentifiers 3869 EXIST::FUNCTION:RFC3779 | ||
| 3474 | ASRange_new 3870 EXIST::FUNCTION:RFC3779 | ||
| 3475 | d2i_IPAddressChoice 3871 EXIST::FUNCTION:RFC3779 | ||
| 3476 | v3_addr_get_afi 3872 EXIST::FUNCTION:RFC3779 | ||
| 3477 | EVP_CIPHER_key_length 3873 EXIST::FUNCTION: | ||
| 3478 | EVP_Cipher 3874 EXIST::FUNCTION: | ||
| 3479 | i2d_IPAddressOrRange 3875 EXIST::FUNCTION:RFC3779 | ||
| 3480 | ASIdOrRange_it 3876 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:RFC3779 | ||
| 3481 | ASIdOrRange_it 3876 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:RFC3779 | ||
| 3482 | EVP_CIPHER_nid 3877 EXIST::FUNCTION: | ||
| 3483 | i2d_IPAddressChoice 3878 EXIST::FUNCTION:RFC3779 | ||
| 3484 | EVP_CIPHER_CTX_block_size 3879 EXIST::FUNCTION: | ||
| 3485 | ASIdentifiers_new 3880 EXIST::FUNCTION:RFC3779 | ||
| 3486 | v3_addr_validate_path 3881 EXIST::FUNCTION:RFC3779 | ||
| 3487 | IPAddressFamily_new 3882 EXIST::FUNCTION:RFC3779 | ||
| 3488 | EVP_MD_CTX_set_flags 3883 EXIST::FUNCTION: | ||
| 3489 | v3_addr_is_canonical 3884 EXIST::FUNCTION:RFC3779 | ||
| 3490 | i2d_IPAddressRange 3885 EXIST::FUNCTION:RFC3779 | ||
| 3491 | IPAddressFamily_it 3886 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:RFC3779 | ||
| 3492 | IPAddressFamily_it 3886 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:RFC3779 | ||
| 3493 | v3_asid_inherits 3887 EXIST::FUNCTION:RFC3779 | ||
| 3494 | EVP_CIPHER_CTX_cipher 3888 EXIST::FUNCTION: | ||
| 3495 | EVP_CIPHER_CTX_get_app_data 3889 EXIST::FUNCTION: | ||
| 3496 | EVP_MD_block_size 3890 EXIST::FUNCTION: | ||
| 3497 | EVP_CIPHER_CTX_flags 3891 EXIST::FUNCTION: | ||
| 3498 | v3_asid_validate_path 3892 EXIST::FUNCTION:RFC3779 | ||
| 3499 | d2i_IPAddressOrRange 3893 EXIST::FUNCTION:RFC3779 | ||
| 3500 | v3_addr_canonize 3894 EXIST::FUNCTION:RFC3779 | ||
| 3501 | ASIdentifierChoice_it 3895 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:RFC3779 | ||
| 3502 | ASIdentifierChoice_it 3895 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:RFC3779 | ||
| 3503 | EVP_MD_CTX_md 3896 EXIST::FUNCTION: | ||
| 3504 | d2i_ASIdentifierChoice 3897 EXIST::FUNCTION:RFC3779 | ||
| 3505 | BIO_method_name 3898 EXIST::FUNCTION: | ||
| 3506 | EVP_CIPHER_CTX_iv_length 3899 EXIST::FUNCTION: | ||
| 3507 | ASIdOrRange_free 3900 EXIST::FUNCTION:RFC3779 | ||
| 3508 | ASIdentifierChoice_free 3901 EXIST::FUNCTION:RFC3779 | ||
| 3509 | BIO_get_callback_arg 3902 EXIST::FUNCTION: | ||
| 3510 | BIO_set_callback 3903 EXIST::FUNCTION: | ||
| 3511 | d2i_ASIdOrRange 3904 EXIST::FUNCTION:RFC3779 | ||
| 3512 | i2d_ASIdentifiers 3905 EXIST::FUNCTION:RFC3779 | ||
| 3513 | SEED_decrypt 3908 EXIST::FUNCTION:SEED | ||
| 3514 | SEED_encrypt 3909 EXIST::FUNCTION:SEED | ||
| 3515 | SEED_cbc_encrypt 3910 EXIST::FUNCTION:SEED | ||
| 3516 | EVP_seed_ofb 3911 EXIST::FUNCTION:SEED | ||
| 3517 | SEED_cfb128_encrypt 3912 EXIST::FUNCTION:SEED | ||
| 3518 | SEED_ofb128_encrypt 3913 EXIST::FUNCTION:SEED | ||
| 3519 | EVP_seed_cbc 3914 EXIST::FUNCTION:SEED | ||
| 3520 | SEED_ecb_encrypt 3915 EXIST::FUNCTION:SEED | ||
| 3521 | EVP_seed_ecb 3916 EXIST::FUNCTION:SEED | ||
| 3522 | SEED_set_key 3917 EXIST::FUNCTION:SEED | ||
| 3523 | EVP_seed_cfb128 3918 EXIST::FUNCTION:SEED | ||
| 3524 | X509_EXTENSIONS_it 3919 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: | ||
| 3525 | X509_EXTENSIONS_it 3919 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: | ||
| 3526 | X509_get1_ocsp 3920 EXIST::FUNCTION: | ||
| 3527 | OCSP_REQ_CTX_free 3921 EXIST::FUNCTION: | ||
| 3528 | i2d_X509_EXTENSIONS 3922 EXIST::FUNCTION: | ||
| 3529 | OCSP_sendreq_nbio 3923 EXIST::FUNCTION: | ||
| 3530 | OCSP_sendreq_new 3924 EXIST::FUNCTION: | ||
| 3531 | d2i_X509_EXTENSIONS 3925 EXIST::FUNCTION: | ||
| 3532 | X509_ALGORS_it 3926 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: | ||
| 3533 | X509_ALGORS_it 3926 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: | ||
| 3534 | X509_ALGOR_get0 3927 EXIST::FUNCTION: | ||
| 3535 | X509_ALGOR_set0 3928 EXIST::FUNCTION: | ||
| 3536 | AES_unwrap_key 3929 EXIST::FUNCTION:AES | ||
| 3537 | AES_wrap_key 3930 EXIST::FUNCTION:AES | ||
| 3538 | X509at_get0_data_by_OBJ 3931 EXIST::FUNCTION: | ||
| 3539 | ASN1_TYPE_set1 3932 EXIST::FUNCTION: | ||
| 3540 | ASN1_STRING_set0 3933 EXIST::FUNCTION: | ||
| 3541 | i2d_X509_ALGORS 3934 EXIST::FUNCTION: | ||
| 3542 | BIO_f_zlib 3935 EXIST:ZLIB:FUNCTION: | ||
| 3543 | COMP_zlib_cleanup 3936 EXIST::FUNCTION: | ||
| 3544 | d2i_X509_ALGORS 3937 EXIST::FUNCTION: | ||
| 3545 | CMS_ReceiptRequest_free 3938 EXIST::FUNCTION:CMS | ||
| 3546 | PEM_write_CMS 3939 EXIST:!WIN16:FUNCTION:CMS | ||
| 3547 | CMS_add0_CertificateChoices 3940 EXIST::FUNCTION:CMS | ||
| 3548 | CMS_unsigned_add1_attr_by_OBJ 3941 EXIST::FUNCTION:CMS | ||
| 3549 | ERR_load_CMS_strings 3942 EXIST::FUNCTION:CMS | ||
| 3550 | CMS_sign_receipt 3943 EXIST::FUNCTION:CMS | ||
| 3551 | i2d_CMS_ContentInfo 3944 EXIST::FUNCTION:CMS | ||
| 3552 | CMS_signed_delete_attr 3945 EXIST::FUNCTION:CMS | ||
| 3553 | d2i_CMS_bio 3946 EXIST::FUNCTION:CMS | ||
| 3554 | CMS_unsigned_get_attr_by_NID 3947 EXIST::FUNCTION:CMS | ||
| 3555 | CMS_verify 3948 EXIST::FUNCTION:CMS | ||
| 3556 | SMIME_read_CMS 3949 EXIST::FUNCTION:CMS | ||
| 3557 | CMS_decrypt_set1_key 3950 EXIST::FUNCTION:CMS | ||
| 3558 | CMS_SignerInfo_get0_algs 3951 EXIST::FUNCTION:CMS | ||
| 3559 | CMS_add1_cert 3952 EXIST::FUNCTION:CMS | ||
| 3560 | CMS_set_detached 3953 EXIST::FUNCTION:CMS | ||
| 3561 | CMS_encrypt 3954 EXIST::FUNCTION:CMS | ||
| 3562 | CMS_EnvelopedData_create 3955 EXIST::FUNCTION:CMS | ||
| 3563 | CMS_uncompress 3956 EXIST::FUNCTION:CMS | ||
| 3564 | CMS_add0_crl 3957 EXIST::FUNCTION:CMS | ||
| 3565 | CMS_SignerInfo_verify_content 3958 EXIST::FUNCTION:CMS | ||
| 3566 | CMS_unsigned_get0_data_by_OBJ 3959 EXIST::FUNCTION:CMS | ||
| 3567 | PEM_write_bio_CMS 3960 EXIST::FUNCTION:CMS | ||
| 3568 | CMS_unsigned_get_attr 3961 EXIST::FUNCTION:CMS | ||
| 3569 | CMS_RecipientInfo_ktri_cert_cmp 3962 EXIST::FUNCTION:CMS | ||
| 3570 | CMS_RecipientInfo_ktri_get0_algs 3963 EXIST:!VMS:FUNCTION:CMS | ||
| 3571 | CMS_RecipInfo_ktri_get0_algs 3963 EXIST:VMS:FUNCTION:CMS | ||
| 3572 | CMS_ContentInfo_free 3964 EXIST::FUNCTION:CMS | ||
| 3573 | CMS_final 3965 EXIST::FUNCTION:CMS | ||
| 3574 | CMS_add_simple_smimecap 3966 EXIST::FUNCTION:CMS | ||
| 3575 | CMS_SignerInfo_verify 3967 EXIST::FUNCTION:CMS | ||
| 3576 | CMS_data 3968 EXIST::FUNCTION:CMS | ||
| 3577 | CMS_ContentInfo_it 3969 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:CMS | ||
| 3578 | CMS_ContentInfo_it 3969 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:CMS | ||
| 3579 | d2i_CMS_ReceiptRequest 3970 EXIST::FUNCTION:CMS | ||
| 3580 | CMS_compress 3971 EXIST::FUNCTION:CMS | ||
| 3581 | CMS_digest_create 3972 EXIST::FUNCTION:CMS | ||
| 3582 | CMS_SignerInfo_cert_cmp 3973 EXIST::FUNCTION:CMS | ||
| 3583 | CMS_SignerInfo_sign 3974 EXIST::FUNCTION:CMS | ||
| 3584 | CMS_data_create 3975 EXIST::FUNCTION:CMS | ||
| 3585 | i2d_CMS_bio 3976 EXIST::FUNCTION:CMS | ||
| 3586 | CMS_EncryptedData_set1_key 3977 EXIST::FUNCTION:CMS | ||
| 3587 | CMS_decrypt 3978 EXIST::FUNCTION:CMS | ||
| 3588 | int_smime_write_ASN1 3979 EXIST::FUNCTION: | ||
| 3589 | CMS_unsigned_delete_attr 3980 EXIST::FUNCTION:CMS | ||
| 3590 | CMS_unsigned_get_attr_count 3981 EXIST::FUNCTION:CMS | ||
| 3591 | CMS_add_smimecap 3982 EXIST::FUNCTION:CMS | ||
| 3592 | PEM_read_CMS 3983 EXIST:!WIN16:FUNCTION:CMS | ||
| 3593 | CMS_signed_get_attr_by_OBJ 3984 EXIST::FUNCTION:CMS | ||
| 3594 | d2i_CMS_ContentInfo 3985 EXIST::FUNCTION:CMS | ||
| 3595 | CMS_add_standard_smimecap 3986 EXIST::FUNCTION:CMS | ||
| 3596 | CMS_ContentInfo_new 3987 EXIST::FUNCTION:CMS | ||
| 3597 | CMS_RecipientInfo_type 3988 EXIST::FUNCTION:CMS | ||
| 3598 | CMS_get0_type 3989 EXIST::FUNCTION:CMS | ||
| 3599 | CMS_is_detached 3990 EXIST::FUNCTION:CMS | ||
| 3600 | CMS_sign 3991 EXIST::FUNCTION:CMS | ||
| 3601 | CMS_signed_add1_attr 3992 EXIST::FUNCTION:CMS | ||
| 3602 | CMS_unsigned_get_attr_by_OBJ 3993 EXIST::FUNCTION:CMS | ||
| 3603 | SMIME_write_CMS 3994 EXIST::FUNCTION:CMS | ||
| 3604 | CMS_EncryptedData_decrypt 3995 EXIST::FUNCTION:CMS | ||
| 3605 | CMS_get0_RecipientInfos 3996 EXIST::FUNCTION:CMS | ||
| 3606 | CMS_add0_RevocationInfoChoice 3997 EXIST::FUNCTION:CMS | ||
| 3607 | CMS_decrypt_set1_pkey 3998 EXIST::FUNCTION:CMS | ||
| 3608 | CMS_SignerInfo_set1_signer_cert 3999 EXIST::FUNCTION:CMS | ||
| 3609 | CMS_get0_signers 4000 EXIST::FUNCTION:CMS | ||
| 3610 | CMS_ReceiptRequest_get0_values 4001 EXIST::FUNCTION:CMS | ||
| 3611 | CMS_signed_get0_data_by_OBJ 4002 EXIST::FUNCTION:CMS | ||
| 3612 | CMS_get0_SignerInfos 4003 EXIST::FUNCTION:CMS | ||
| 3613 | CMS_add0_cert 4004 EXIST::FUNCTION:CMS | ||
| 3614 | CMS_EncryptedData_encrypt 4005 EXIST::FUNCTION:CMS | ||
| 3615 | CMS_digest_verify 4006 EXIST::FUNCTION:CMS | ||
| 3616 | CMS_set1_signers_certs 4007 EXIST::FUNCTION:CMS | ||
| 3617 | CMS_signed_get_attr 4008 EXIST::FUNCTION:CMS | ||
| 3618 | CMS_RecipientInfo_set0_key 4009 EXIST::FUNCTION:CMS | ||
| 3619 | CMS_SignedData_init 4010 EXIST::FUNCTION:CMS | ||
| 3620 | CMS_RecipientInfo_kekri_get0_id 4011 EXIST::FUNCTION:CMS | ||
| 3621 | CMS_verify_receipt 4012 EXIST::FUNCTION:CMS | ||
| 3622 | CMS_ReceiptRequest_it 4013 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:CMS | ||
| 3623 | CMS_ReceiptRequest_it 4013 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:CMS | ||
| 3624 | PEM_read_bio_CMS 4014 EXIST::FUNCTION:CMS | ||
| 3625 | CMS_get1_crls 4015 EXIST::FUNCTION:CMS | ||
| 3626 | CMS_add0_recipient_key 4016 EXIST::FUNCTION:CMS | ||
| 3627 | SMIME_read_ASN1 4017 EXIST::FUNCTION: | ||
| 3628 | CMS_ReceiptRequest_new 4018 EXIST::FUNCTION:CMS | ||
| 3629 | CMS_get0_content 4019 EXIST::FUNCTION:CMS | ||
| 3630 | CMS_get1_ReceiptRequest 4020 EXIST::FUNCTION:CMS | ||
| 3631 | CMS_signed_add1_attr_by_OBJ 4021 EXIST::FUNCTION:CMS | ||
| 3632 | CMS_RecipientInfo_kekri_id_cmp 4022 EXIST::FUNCTION:CMS | ||
| 3633 | CMS_add1_ReceiptRequest 4023 EXIST::FUNCTION:CMS | ||
| 3634 | CMS_SignerInfo_get0_signer_id 4024 EXIST::FUNCTION:CMS | ||
| 3635 | CMS_unsigned_add1_attr_by_NID 4025 EXIST::FUNCTION:CMS | ||
| 3636 | CMS_unsigned_add1_attr 4026 EXIST::FUNCTION:CMS | ||
| 3637 | CMS_signed_get_attr_by_NID 4027 EXIST::FUNCTION:CMS | ||
| 3638 | CMS_get1_certs 4028 EXIST::FUNCTION:CMS | ||
| 3639 | CMS_signed_add1_attr_by_NID 4029 EXIST::FUNCTION:CMS | ||
| 3640 | CMS_unsigned_add1_attr_by_txt 4030 EXIST::FUNCTION:CMS | ||
| 3641 | CMS_dataFinal 4031 EXIST::FUNCTION:CMS | ||
| 3642 | CMS_RecipientInfo_ktri_get0_signer_id 4032 EXIST:!VMS:FUNCTION:CMS | ||
| 3643 | CMS_RecipInfo_ktri_get0_sigr_id 4032 EXIST:VMS:FUNCTION:CMS | ||
| 3644 | i2d_CMS_ReceiptRequest 4033 EXIST::FUNCTION:CMS | ||
| 3645 | CMS_add1_recipient_cert 4034 EXIST::FUNCTION:CMS | ||
| 3646 | CMS_dataInit 4035 EXIST::FUNCTION:CMS | ||
| 3647 | CMS_signed_add1_attr_by_txt 4036 EXIST::FUNCTION:CMS | ||
| 3648 | CMS_RecipientInfo_decrypt 4037 EXIST::FUNCTION:CMS | ||
| 3649 | CMS_signed_get_attr_count 4038 EXIST::FUNCTION:CMS | ||
| 3650 | CMS_get0_eContentType 4039 EXIST::FUNCTION:CMS | ||
| 3651 | CMS_set1_eContentType 4040 EXIST::FUNCTION:CMS | ||
| 3652 | CMS_ReceiptRequest_create0 4041 EXIST::FUNCTION:CMS | ||
| 3653 | CMS_add1_signer 4042 EXIST::FUNCTION:CMS | ||
| 3654 | CMS_RecipientInfo_set0_pkey 4043 EXIST::FUNCTION:CMS | ||
diff --git a/src/lib/libssl/src/util/mk1mf.pl b/src/lib/libssl/src/util/mk1mf.pl index 05a6086164..1ac5fd3a50 100644 --- a/src/lib/libssl/src/util/mk1mf.pl +++ b/src/lib/libssl/src/util/mk1mf.pl | |||
| @@ -10,19 +10,11 @@ $OPTIONS=""; | |||
| 10 | $ssl_version=""; | 10 | $ssl_version=""; |
| 11 | $banner="\t\@echo Building OpenSSL"; | 11 | $banner="\t\@echo Building OpenSSL"; |
| 12 | 12 | ||
| 13 | my $no_static_engine = 0; | ||
| 14 | my $engines = ""; | ||
| 13 | local $zlib_opt = 0; # 0 = no zlib, 1 = static, 2 = dynamic | 15 | local $zlib_opt = 0; # 0 = no zlib, 1 = static, 2 = dynamic |
| 14 | local $zlib_lib = ""; | 16 | local $zlib_lib = ""; |
| 15 | 17 | ||
| 16 | my $fips_canister_path = ""; | ||
| 17 | my $fips_premain_dso_exe_path = ""; | ||
| 18 | my $fips_premain_c_path = ""; | ||
| 19 | my $fips_sha1_exe_path = ""; | ||
| 20 | |||
| 21 | my $fipslibdir = ""; | ||
| 22 | my $baseaddr = ""; | ||
| 23 | |||
| 24 | my $ex_l_libs = ""; | ||
| 25 | |||
| 26 | 18 | ||
| 27 | open(IN,"<Makefile") || die "unable to open Makefile!\n"; | 19 | open(IN,"<Makefile") || die "unable to open Makefile!\n"; |
| 28 | while(<IN>) { | 20 | while(<IN>) { |
| @@ -38,22 +30,21 @@ $infile="MINFO"; | |||
| 38 | 30 | ||
| 39 | %ops=( | 31 | %ops=( |
| 40 | "VC-WIN32", "Microsoft Visual C++ [4-6] - Windows NT or 9X", | 32 | "VC-WIN32", "Microsoft Visual C++ [4-6] - Windows NT or 9X", |
| 41 | "VC-WIN32-GMAKE", "Microsoft Visual C++ [4-6] - Windows NT or 9X, GNU make", | 33 | "VC-WIN64I", "Microsoft C/C++ - Win64/IA-64", |
| 34 | "VC-WIN64A", "Microsoft C/C++ - Win64/x64", | ||
| 42 | "VC-CE", "Microsoft eMbedded Visual C++ 3.0 - Windows CE ONLY", | 35 | "VC-CE", "Microsoft eMbedded Visual C++ 3.0 - Windows CE ONLY", |
| 43 | "VC-NT", "Microsoft Visual C++ [4-6] - Windows NT ONLY", | 36 | "VC-NT", "Microsoft Visual C++ [4-6] - Windows NT ONLY", |
| 44 | "VC-W31-16", "Microsoft Visual C++ 1.52 - Windows 3.1 - 286", | ||
| 45 | "VC-WIN16", "Alias for VC-W31-32", | ||
| 46 | "VC-W31-32", "Microsoft Visual C++ 1.52 - Windows 3.1 - 386+", | ||
| 47 | "VC-MSDOS","Microsoft Visual C++ 1.52 - MSDOS", | ||
| 48 | "Mingw32", "GNU C++ - Windows NT or 9x", | 37 | "Mingw32", "GNU C++ - Windows NT or 9x", |
| 49 | "Mingw32-files", "Create files with DOS copy ...", | 38 | "Mingw32-files", "Create files with DOS copy ...", |
| 50 | "BC-NT", "Borland C++ 4.5 - Windows NT", | 39 | "BC-NT", "Borland C++ 4.5 - Windows NT", |
| 51 | "BC-W31", "Borland C++ 4.5 - Windows 3.1 - PROBABLY NOT WORKING", | ||
| 52 | "BC-MSDOS","Borland C++ 4.5 - MSDOS", | ||
| 53 | "linux-elf","Linux elf", | 40 | "linux-elf","Linux elf", |
| 54 | "ultrix-mips","DEC mips ultrix", | 41 | "ultrix-mips","DEC mips ultrix", |
| 55 | "FreeBSD","FreeBSD distribution", | 42 | "FreeBSD","FreeBSD distribution", |
| 56 | "OS2-EMX", "EMX GCC OS/2", | 43 | "OS2-EMX", "EMX GCC OS/2", |
| 44 | "netware-clib", "CodeWarrior for NetWare - CLib - with WinSock Sockets", | ||
| 45 | "netware-clib-bsdsock", "CodeWarrior for NetWare - CLib - with BSD Sockets", | ||
| 46 | "netware-libc", "CodeWarrior for NetWare - LibC - with WinSock Sockets", | ||
| 47 | "netware-libc-bsdsock", "CodeWarrior for NetWare - LibC - with BSD Sockets", | ||
| 57 | "default","cc under unix", | 48 | "default","cc under unix", |
| 58 | ); | 49 | ); |
| 59 | 50 | ||
| @@ -73,16 +64,20 @@ and [options] can be one of | |||
| 73 | no-md2 no-md4 no-md5 no-sha no-mdc2 - Skip this digest | 64 | no-md2 no-md4 no-md5 no-sha no-mdc2 - Skip this digest |
| 74 | no-ripemd | 65 | no-ripemd |
| 75 | no-rc2 no-rc4 no-rc5 no-idea no-des - Skip this symetric cipher | 66 | no-rc2 no-rc4 no-rc5 no-idea no-des - Skip this symetric cipher |
| 76 | no-bf no-cast no-aes | 67 | no-bf no-cast no-aes no-camellia no-seed |
| 77 | no-rsa no-dsa no-dh - Skip this public key cipher | 68 | no-rsa no-dsa no-dh - Skip this public key cipher |
| 78 | no-ssl2 no-ssl3 - Skip this version of SSL | 69 | no-ssl2 no-ssl3 - Skip this version of SSL |
| 79 | just-ssl - remove all non-ssl keys/digest | 70 | just-ssl - remove all non-ssl keys/digest |
| 80 | no-asm - No x86 asm | 71 | no-asm - No x86 asm |
| 81 | no-krb5 - No KRB5 | 72 | no-krb5 - No KRB5 |
| 82 | no-ec - No EC | 73 | no-ec - No EC |
| 74 | no-ecdsa - No ECDSA | ||
| 75 | no-ecdh - No ECDH | ||
| 83 | no-engine - No engine | 76 | no-engine - No engine |
| 84 | no-hw - No hw | 77 | no-hw - No hw |
| 85 | nasm - Use NASM for x86 asm | 78 | nasm - Use NASM for x86 asm |
| 79 | nw-nasm - Use NASM x86 asm for NetWare | ||
| 80 | nw-mwasm - Use Metrowerks x86 asm for NetWare | ||
| 86 | gaswin - Use GNU as with Mingw32 | 81 | gaswin - Use GNU as with Mingw32 |
| 87 | no-socks - No socket code | 82 | no-socks - No socket code |
| 88 | no-err - No error strings | 83 | no-err - No error strings |
| @@ -107,6 +102,8 @@ foreach (grep(!/^$/, split(/ /, $OPTIONS))) | |||
| 107 | print STDERR "unknown option - $_\n" if !&read_options; | 102 | print STDERR "unknown option - $_\n" if !&read_options; |
| 108 | } | 103 | } |
| 109 | 104 | ||
| 105 | $no_static_engine = 0 if (!$shlib); | ||
| 106 | |||
| 110 | $no_mdc2=1 if ($no_des); | 107 | $no_mdc2=1 if ($no_des); |
| 111 | 108 | ||
| 112 | $no_ssl3=1 if ($no_md5 || $no_sha); | 109 | $no_ssl3=1 if ($no_md5 || $no_sha); |
| @@ -119,13 +116,10 @@ $out_def="out"; | |||
| 119 | $inc_def="outinc"; | 116 | $inc_def="outinc"; |
| 120 | $tmp_def="tmp"; | 117 | $tmp_def="tmp"; |
| 121 | 118 | ||
| 122 | $mkdir="-mkdir"; | 119 | $perl="perl" unless defined $perl; |
| 123 | $mkcanister="ld -r -o"; | 120 | $mkdir="-mkdir" unless defined $mkdir; |
| 124 | |||
| 125 | $ex_build_targets = ""; | ||
| 126 | 121 | ||
| 127 | ($ssl,$crypto)=("ssl","crypto"); | 122 | ($ssl,$crypto)=("ssl","crypto"); |
| 128 | $cryptocompat = ""; | ||
| 129 | $ranlib="echo ranlib"; | 123 | $ranlib="echo ranlib"; |
| 130 | 124 | ||
| 131 | $cc=(defined($VARS{'CC'}))?$VARS{'CC'}:'cc'; | 125 | $cc=(defined($VARS{'CC'}))?$VARS{'CC'}:'cc'; |
| @@ -134,40 +128,16 @@ $bin_dir=(defined($VARS{'BIN'}))?$VARS{'BIN'}:''; | |||
| 134 | 128 | ||
| 135 | # $bin_dir.=$o causes a core dump on my sparc :-( | 129 | # $bin_dir.=$o causes a core dump on my sparc :-( |
| 136 | 130 | ||
| 131 | |||
| 137 | $NT=0; | 132 | $NT=0; |
| 138 | 133 | ||
| 139 | push(@INC,"util/pl","pl"); | 134 | push(@INC,"util/pl","pl"); |
| 140 | if ($platform eq "VC-MSDOS") | 135 | if (($platform =~ /VC-(.+)/)) |
| 141 | { | ||
| 142 | $asmbits=16; | ||
| 143 | $msdos=1; | ||
| 144 | require 'VC-16.pl'; | ||
| 145 | } | ||
| 146 | elsif ($platform eq "VC-W31-16") | ||
| 147 | { | 136 | { |
| 148 | $asmbits=16; | 137 | $FLAVOR=$1; |
| 149 | $msdos=1; $win16=1; | 138 | $NT = 1 if $1 eq "NT"; |
| 150 | require 'VC-16.pl'; | ||
| 151 | } | ||
| 152 | elsif (($platform eq "VC-W31-32") || ($platform eq "VC-WIN16")) | ||
| 153 | { | ||
| 154 | $asmbits=32; | ||
| 155 | $msdos=1; $win16=1; | ||
| 156 | require 'VC-16.pl'; | ||
| 157 | } | ||
| 158 | elsif (($platform eq "VC-WIN32") || ($platform eq "VC-NT")) | ||
| 159 | { | ||
| 160 | $NT = 1 if $platform eq "VC-NT"; | ||
| 161 | require 'VC-32.pl'; | 139 | require 'VC-32.pl'; |
| 162 | } | 140 | } |
| 163 | elsif ($platform eq "VC-WIN32-GMAKE") | ||
| 164 | { | ||
| 165 | require 'VC-32-GMAKE.pl'; | ||
| 166 | } | ||
| 167 | elsif ($platform eq "VC-CE") | ||
| 168 | { | ||
| 169 | require 'VC-CE.pl'; | ||
| 170 | } | ||
| 171 | elsif ($platform eq "Mingw32") | 141 | elsif ($platform eq "Mingw32") |
| 172 | { | 142 | { |
| 173 | require 'Mingw32.pl'; | 143 | require 'Mingw32.pl'; |
| @@ -181,23 +151,6 @@ elsif ($platform eq "BC-NT") | |||
| 181 | $bc=1; | 151 | $bc=1; |
| 182 | require 'BC-32.pl'; | 152 | require 'BC-32.pl'; |
| 183 | } | 153 | } |
| 184 | elsif ($platform eq "BC-W31") | ||
| 185 | { | ||
| 186 | $bc=1; | ||
| 187 | $msdos=1; $w16=1; | ||
| 188 | require 'BC-16.pl'; | ||
| 189 | } | ||
| 190 | elsif ($platform eq "BC-Q16") | ||
| 191 | { | ||
| 192 | $msdos=1; $w16=1; $shlib=0; $qw=1; | ||
| 193 | require 'BC-16.pl'; | ||
| 194 | } | ||
| 195 | elsif ($platform eq "BC-MSDOS") | ||
| 196 | { | ||
| 197 | $asmbits=16; | ||
| 198 | $msdos=1; | ||
| 199 | require 'BC-16.pl'; | ||
| 200 | } | ||
| 201 | elsif ($platform eq "FreeBSD") | 154 | elsif ($platform eq "FreeBSD") |
| 202 | { | 155 | { |
| 203 | require 'unix.pl'; | 156 | require 'unix.pl'; |
| @@ -220,6 +173,13 @@ elsif ($platform eq "OS2-EMX") | |||
| 220 | $wc=1; | 173 | $wc=1; |
| 221 | require 'OS2-EMX.pl'; | 174 | require 'OS2-EMX.pl'; |
| 222 | } | 175 | } |
| 176 | elsif (($platform eq "netware-clib") || ($platform eq "netware-libc") || | ||
| 177 | ($platform eq "netware-clib-bsdsock") || ($platform eq "netware-libc-bsdsock")) | ||
| 178 | { | ||
| 179 | $LIBC=1 if $platform eq "netware-libc" || $platform eq "netware-libc-bsdsock"; | ||
| 180 | $BSDSOCK=1 if ($platform eq "netware-libc-bsdsock") || ($platform eq "netware-clib-bsdsock"); | ||
| 181 | require 'netware.pl'; | ||
| 182 | } | ||
| 223 | else | 183 | else |
| 224 | { | 184 | { |
| 225 | require "unix.pl"; | 185 | require "unix.pl"; |
| @@ -238,6 +198,8 @@ $cflags= "$xcflags$cflags" if $xcflags ne ""; | |||
| 238 | 198 | ||
| 239 | $cflags.=" -DOPENSSL_NO_IDEA" if $no_idea; | 199 | $cflags.=" -DOPENSSL_NO_IDEA" if $no_idea; |
| 240 | $cflags.=" -DOPENSSL_NO_AES" if $no_aes; | 200 | $cflags.=" -DOPENSSL_NO_AES" if $no_aes; |
| 201 | $cflags.=" -DOPENSSL_NO_CAMELLIA" if $no_camellia; | ||
| 202 | $cflags.=" -DOPENSSL_NO_SEED" if $no_seed; | ||
| 241 | $cflags.=" -DOPENSSL_NO_RC2" if $no_rc2; | 203 | $cflags.=" -DOPENSSL_NO_RC2" if $no_rc2; |
| 242 | $cflags.=" -DOPENSSL_NO_RC4" if $no_rc4; | 204 | $cflags.=" -DOPENSSL_NO_RC4" if $no_rc4; |
| 243 | $cflags.=" -DOPENSSL_NO_RC5" if $no_rc5; | 205 | $cflags.=" -DOPENSSL_NO_RC5" if $no_rc5; |
| @@ -248,7 +210,7 @@ $cflags.=" -DOPENSSL_NO_SHA" if $no_sha; | |||
| 248 | $cflags.=" -DOPENSSL_NO_SHA1" if $no_sha1; | 210 | $cflags.=" -DOPENSSL_NO_SHA1" if $no_sha1; |
| 249 | $cflags.=" -DOPENSSL_NO_RIPEMD" if $no_ripemd; | 211 | $cflags.=" -DOPENSSL_NO_RIPEMD" if $no_ripemd; |
| 250 | $cflags.=" -DOPENSSL_NO_MDC2" if $no_mdc2; | 212 | $cflags.=" -DOPENSSL_NO_MDC2" if $no_mdc2; |
| 251 | $cflags.=" -DOPENSSL_NO_BF" if $no_bf; | 213 | $cflags.=" -DOPENSSL_NO_BF" if $no_bf; |
| 252 | $cflags.=" -DOPENSSL_NO_CAST" if $no_cast; | 214 | $cflags.=" -DOPENSSL_NO_CAST" if $no_cast; |
| 253 | $cflags.=" -DOPENSSL_NO_DES" if $no_des; | 215 | $cflags.=" -DOPENSSL_NO_DES" if $no_des; |
| 254 | $cflags.=" -DOPENSSL_NO_RSA" if $no_rsa; | 216 | $cflags.=" -DOPENSSL_NO_RSA" if $no_rsa; |
| @@ -257,17 +219,30 @@ $cflags.=" -DOPENSSL_NO_DH" if $no_dh; | |||
| 257 | $cflags.=" -DOPENSSL_NO_SOCK" if $no_sock; | 219 | $cflags.=" -DOPENSSL_NO_SOCK" if $no_sock; |
| 258 | $cflags.=" -DOPENSSL_NO_SSL2" if $no_ssl2; | 220 | $cflags.=" -DOPENSSL_NO_SSL2" if $no_ssl2; |
| 259 | $cflags.=" -DOPENSSL_NO_SSL3" if $no_ssl3; | 221 | $cflags.=" -DOPENSSL_NO_SSL3" if $no_ssl3; |
| 222 | $cflags.=" -DOPENSSL_NO_TLSEXT" if $no_tlsext; | ||
| 223 | $cflags.=" -DOPENSSL_NO_CMS" if $no_cms; | ||
| 260 | $cflags.=" -DOPENSSL_NO_ERR" if $no_err; | 224 | $cflags.=" -DOPENSSL_NO_ERR" if $no_err; |
| 261 | $cflags.=" -DOPENSSL_NO_KRB5" if $no_krb5; | 225 | $cflags.=" -DOPENSSL_NO_KRB5" if $no_krb5; |
| 262 | $cflags.=" -DOPENSSL_NO_EC" if $no_ec; | 226 | $cflags.=" -DOPENSSL_NO_EC" if $no_ec; |
| 227 | $cflags.=" -DOPENSSL_NO_ECDSA" if $no_ecdsa; | ||
| 228 | $cflags.=" -DOPENSSL_NO_ECDH" if $no_ecdh; | ||
| 263 | $cflags.=" -DOPENSSL_NO_ENGINE" if $no_engine; | 229 | $cflags.=" -DOPENSSL_NO_ENGINE" if $no_engine; |
| 264 | $cflags.=" -DOPENSSL_NO_HW" if $no_hw; | 230 | $cflags.=" -DOPENSSL_NO_HW" if $no_hw; |
| 265 | $cflags.=" -DOPENSSL_FIPS" if $fips; | ||
| 266 | #$cflags.=" -DRSAref" if $rsaref ne ""; | ||
| 267 | 231 | ||
| 268 | $cflags.= " -DZLIB" if $zlib_opt; | 232 | $cflags.= " -DZLIB" if $zlib_opt; |
| 269 | $cflags.= " -DZLIB_SHARED" if $zlib_opt == 2; | 233 | $cflags.= " -DZLIB_SHARED" if $zlib_opt == 2; |
| 270 | 234 | ||
| 235 | if ($no_static_engine) | ||
| 236 | { | ||
| 237 | $cflags .= " -DOPENSSL_NO_STATIC_ENGINE"; | ||
| 238 | } | ||
| 239 | else | ||
| 240 | { | ||
| 241 | $cflags .= " -DOPENSSL_NO_DYNAMIC_ENGINE"; | ||
| 242 | } | ||
| 243 | |||
| 244 | #$cflags.=" -DRSAref" if $rsaref ne ""; | ||
| 245 | |||
| 271 | ## if ($unix) | 246 | ## if ($unix) |
| 272 | ## { $cflags="$c_flags" if ($c_flags ne ""); } | 247 | ## { $cflags="$c_flags" if ($c_flags ne ""); } |
| 273 | ##else | 248 | ##else |
| @@ -305,21 +280,11 @@ for (;;) | |||
| 305 | { | 280 | { |
| 306 | if ($lib ne "") | 281 | if ($lib ne "") |
| 307 | { | 282 | { |
| 308 | if ($fips && $dir =~ /^fips/) | 283 | $uc=$lib; |
| 309 | { | 284 | $uc =~ s/^lib(.*)\.a/$1/; |
| 310 | $uc = "FIPS"; | 285 | $uc =~ tr/a-z/A-Z/; |
| 311 | } | 286 | $lib_nam{$uc}=$uc; |
| 312 | else | 287 | $lib_obj{$uc}.=$libobj." "; |
| 313 | { | ||
| 314 | $uc=$lib; | ||
| 315 | $uc =~ s/^lib(.*)\.a/$1/; | ||
| 316 | $uc =~ tr/a-z/A-Z/; | ||
| 317 | } | ||
| 318 | if (($uc ne "FIPS") || $fips_canister_build) | ||
| 319 | { | ||
| 320 | $lib_nam{$uc}=$uc; | ||
| 321 | $lib_obj{$uc}.=$libobj." "; | ||
| 322 | } | ||
| 323 | } | 288 | } |
| 324 | last if ($val eq "FINISHED"); | 289 | last if ($val eq "FINISHED"); |
| 325 | $lib=""; | 290 | $lib=""; |
| @@ -340,10 +305,10 @@ for (;;) | |||
| 340 | { $ex_libs .= " $val" if $val ne "";} | 305 | { $ex_libs .= " $val" if $val ne "";} |
| 341 | 306 | ||
| 342 | if ($key eq "TEST") | 307 | if ($key eq "TEST") |
| 343 | { $test.=&var_add($dir,$val); } | 308 | { $test.=&var_add($dir,$val, 0); } |
| 344 | 309 | ||
| 345 | if (($key eq "PROGS") || ($key eq "E_OBJ")) | 310 | if (($key eq "PROGS") || ($key eq "E_OBJ")) |
| 346 | { $e_exe.=&var_add($dir,$val); } | 311 | { $e_exe.=&var_add($dir,$val, 0); } |
| 347 | 312 | ||
| 348 | if ($key eq "LIB") | 313 | if ($key eq "LIB") |
| 349 | { | 314 | { |
| @@ -352,74 +317,45 @@ for (;;) | |||
| 352 | } | 317 | } |
| 353 | 318 | ||
| 354 | if ($key eq "EXHEADER") | 319 | if ($key eq "EXHEADER") |
| 355 | { $exheader.=&var_add($dir,$val); } | 320 | { $exheader.=&var_add($dir,$val, 1); } |
| 356 | 321 | ||
| 357 | if ($key eq "HEADER") | 322 | if ($key eq "HEADER") |
| 358 | { $header.=&var_add($dir,$val); } | 323 | { $header.=&var_add($dir,$val, 1); } |
| 359 | |||
| 360 | if ($key eq "LIBOBJ") | ||
| 361 | { $libobj=&var_add($dir,$val); } | ||
| 362 | 324 | ||
| 363 | if ($key eq "FIPSLIBDIR") | 325 | if ($key eq "LIBOBJ" && ($dir ne "engines" || !$no_static_engine)) |
| 364 | { $fipslibdir=$val;} | 326 | { $libobj=&var_add($dir,$val, 0); } |
| 365 | 327 | if ($key eq "LIBNAMES" && $dir eq "engines" && $no_static_engine) | |
| 366 | if ($key eq "BASEADDR") | 328 | { $engines.=$val } |
| 367 | { $baseaddr=$val;} | ||
| 368 | 329 | ||
| 369 | if (!($_=<IN>)) | 330 | if (!($_=<IN>)) |
| 370 | { $_="RELATIVE_DIRECTORY=FINISHED\n"; } | 331 | { $_="RELATIVE_DIRECTORY=FINISHED\n"; } |
| 371 | } | 332 | } |
| 372 | close(IN); | 333 | close(IN); |
| 373 | 334 | ||
| 374 | if ($fips_canister_path eq "") | 335 | if ($shlib) |
| 375 | { | ||
| 376 | $fips_canister_path = "\$(FIPSLIB_D)${o}fipscanister.o"; | ||
| 377 | } | ||
| 378 | |||
| 379 | if ($fips_premain_c_path eq "") | ||
| 380 | { | 336 | { |
| 381 | $fips_premain_c_path = "\$(FIPSLIB_D)${o}fips_premain.c"; | 337 | $extra_install= <<"EOF"; |
| 382 | } | 338 | \$(CP) \"\$(O_SSL)\" \"\$(INSTALLTOP)${o}bin\" |
| 383 | 339 | \$(CP) \"\$(O_CRYPTO)\" \"\$(INSTALLTOP)${o}bin\" | |
| 384 | if ($fips) | 340 | \$(CP) \"\$(L_SSL)\" \"\$(INSTALLTOP)${o}lib\" |
| 385 | { | 341 | \$(CP) \"\$(L_CRYPTO)\" \"\$(INSTALLTOP)${o}lib\" |
| 386 | if ($fips_sha1_exe_path eq "") | 342 | EOF |
| 343 | if ($no_static_engine) | ||
| 387 | { | 344 | { |
| 388 | $fips_sha1_exe_path = | 345 | $extra_install .= <<"EOF" |
| 389 | "\$(BIN_D)${o}fips_standalone_sha1$exep"; | 346 | \$(MKDIR) \"\$(INSTALLTOP)${o}lib${o}engines\" |
| 347 | \$(CP) \"\$(E_SHLIB)\" \"\$(INSTALLTOP)${o}lib${o}engines\" | ||
| 348 | EOF | ||
| 390 | } | 349 | } |
| 391 | } | 350 | } |
| 392 | else | 351 | else |
| 393 | { | ||
| 394 | $fips_sha1_exe_path = ""; | ||
| 395 | } | ||
| 396 | |||
| 397 | if ($fips_premain_dso_exe_path eq "") | ||
| 398 | { | ||
| 399 | $fips_premain_dso_exe_path = "\$(BIN_D)${o}fips_premain_dso$exep"; | ||
| 400 | } | ||
| 401 | |||
| 402 | # $ex_build_targets .= "\$(BIN_D)${o}\$(E_PREMAIN_DSO)$exep" if ($fips); | ||
| 403 | |||
| 404 | if ($fips) | ||
| 405 | { | 352 | { |
| 406 | if (!$shlib) | 353 | $extra_install= <<"EOF"; |
| 407 | { | 354 | \$(CP) \"\$(O_SSL)\" \"\$(INSTALLTOP)${o}lib\" |
| 408 | $ex_build_targets .= " \$(LIB_D)$o$crypto_compat \$(PREMAIN_DSO_EXE)"; | 355 | \$(CP) \"\$(O_CRYPTO)\" \"\$(INSTALLTOP)${o}lib\" |
| 409 | $ex_l_libs .= " \$(O_FIPSCANISTER)"; | 356 | EOF |
| 410 | } | 357 | $ex_libs .= " $zlib_lib" if $zlib_opt == 1; |
| 411 | if ($fipslibdir eq "") | ||
| 412 | { | ||
| 413 | open (IN, "util/fipslib_path.txt") || fipslib_error(); | ||
| 414 | $fipslibdir = <IN>; | ||
| 415 | chomp $fipslibdir; | ||
| 416 | close IN; | ||
| 417 | } | ||
| 418 | fips_check_files($fipslibdir, | ||
| 419 | "fipscanister.o", "fipscanister.o.sha1", | ||
| 420 | "fips_premain.c", "fips_premain.c.sha1"); | ||
| 421 | } | 358 | } |
| 422 | |||
| 423 | 359 | ||
| 424 | $defs= <<"EOF"; | 360 | $defs= <<"EOF"; |
| 425 | # This makefile has been automatically generated from the OpenSSL distribution. | 361 | # This makefile has been automatically generated from the OpenSSL distribution. |
| @@ -439,15 +375,6 @@ EOF | |||
| 439 | 375 | ||
| 440 | $defs .= $preamble if defined $preamble; | 376 | $defs .= $preamble if defined $preamble; |
| 441 | 377 | ||
| 442 | if ($platform eq "VC-CE") | ||
| 443 | { | ||
| 444 | $defs.= <<"EOF"; | ||
| 445 | !INCLUDE <\$(WCECOMPAT)/wcedefs.mak> | ||
| 446 | |||
| 447 | EOF | ||
| 448 | $ex_libs .= " $zlib_lib" if $zlib_opt == 1; | ||
| 449 | } | ||
| 450 | |||
| 451 | $defs.= <<"EOF"; | 378 | $defs.= <<"EOF"; |
| 452 | INSTALLTOP=$INSTALLTOP | 379 | INSTALLTOP=$INSTALLTOP |
| 453 | 380 | ||
| @@ -468,10 +395,11 @@ EX_LIBS=$ex_libs | |||
| 468 | SRC_D=$src_dir | 395 | SRC_D=$src_dir |
| 469 | 396 | ||
| 470 | LINK=$link | 397 | LINK=$link |
| 471 | PERL=perl | ||
| 472 | FIPSLINK=\$(PERL) util${o}fipslink.pl | ||
| 473 | LFLAGS=$lflags | 398 | LFLAGS=$lflags |
| 399 | RSC=$rsc | ||
| 474 | 400 | ||
| 401 | AES_ASM_OBJ=$aes_asm_obj | ||
| 402 | AES_ASM_SRC=$aes_asm_src | ||
| 475 | BN_ASM_OBJ=$bn_asm_obj | 403 | BN_ASM_OBJ=$bn_asm_obj |
| 476 | BN_ASM_SRC=$bn_asm_src | 404 | BN_ASM_SRC=$bn_asm_src |
| 477 | BNCO_ASM_OBJ=$bnco_asm_obj | 405 | BNCO_ASM_OBJ=$bnco_asm_obj |
| @@ -492,6 +420,8 @@ SHA1_ASM_OBJ=$sha1_asm_obj | |||
| 492 | SHA1_ASM_SRC=$sha1_asm_src | 420 | SHA1_ASM_SRC=$sha1_asm_src |
| 493 | RMD160_ASM_OBJ=$rmd160_asm_obj | 421 | RMD160_ASM_OBJ=$rmd160_asm_obj |
| 494 | RMD160_ASM_SRC=$rmd160_asm_src | 422 | RMD160_ASM_SRC=$rmd160_asm_src |
| 423 | CPUID_ASM_OBJ=$cpuid_asm_obj | ||
| 424 | CPUID_ASM_SRC=$cpuid_asm_src | ||
| 495 | 425 | ||
| 496 | # The output directory for everything intersting | 426 | # The output directory for everything intersting |
| 497 | OUT_D=$out_dir | 427 | OUT_D=$out_dir |
| @@ -501,9 +431,7 @@ TMP_D=$tmp_dir | |||
| 501 | INC_D=$inc_dir | 431 | INC_D=$inc_dir |
| 502 | INCO_D=$inc_dir${o}openssl | 432 | INCO_D=$inc_dir${o}openssl |
| 503 | 433 | ||
| 504 | # Directory containing FIPS module | 434 | PERL=$perl |
| 505 | |||
| 506 | |||
| 507 | CP=$cp | 435 | CP=$cp |
| 508 | RM=$rm | 436 | RM=$rm |
| 509 | RANLIB=$ranlib | 437 | RANLIB=$ranlib |
| @@ -511,18 +439,6 @@ MKDIR=$mkdir | |||
| 511 | MKLIB=$bin_dir$mklib | 439 | MKLIB=$bin_dir$mklib |
| 512 | MLFLAGS=$mlflags | 440 | MLFLAGS=$mlflags |
| 513 | ASM=$bin_dir$asm | 441 | ASM=$bin_dir$asm |
| 514 | MKCANISTER=$mkcanister | ||
| 515 | |||
| 516 | # FIPS validated module and support file locations | ||
| 517 | |||
| 518 | E_PREMAIN_DSO=fips_premain_dso | ||
| 519 | |||
| 520 | FIPSLIB_D=$fipslibdir | ||
| 521 | BASEADDR=$baseaddr | ||
| 522 | FIPS_PREMAIN_SRC=$fips_premain_c_path | ||
| 523 | O_FIPSCANISTER=$fips_canister_path | ||
| 524 | FIPS_SHA1_EXE=$fips_sha1_exe_path | ||
| 525 | PREMAIN_DSO_EXE=$fips_premain_dso_exe_path | ||
| 526 | 442 | ||
| 527 | ###################################################### | 443 | ###################################################### |
| 528 | # You should not need to touch anything below this point | 444 | # You should not need to touch anything below this point |
| @@ -535,12 +451,14 @@ CRYPTO=$crypto | |||
| 535 | # BIN_D - Binary output directory | 451 | # BIN_D - Binary output directory |
| 536 | # TEST_D - Binary test file output directory | 452 | # TEST_D - Binary test file output directory |
| 537 | # LIB_D - library output directory | 453 | # LIB_D - library output directory |
| 454 | # ENG_D - dynamic engine output directory | ||
| 538 | # Note: if you change these point to different directories then uncomment out | 455 | # Note: if you change these point to different directories then uncomment out |
| 539 | # the lines around the 'NB' comment below. | 456 | # the lines around the 'NB' comment below. |
| 540 | # | 457 | # |
| 541 | BIN_D=\$(OUT_D) | 458 | BIN_D=\$(OUT_D) |
| 542 | TEST_D=\$(OUT_D) | 459 | TEST_D=\$(OUT_D) |
| 543 | LIB_D=\$(OUT_D) | 460 | LIB_D=\$(OUT_D) |
| 461 | ENG_D=\$(OUT_D) | ||
| 544 | 462 | ||
| 545 | # INCL_D - local library directory | 463 | # INCL_D - local library directory |
| 546 | # OBJ_D - temp object file directory | 464 | # OBJ_D - temp object file directory |
| @@ -554,7 +472,7 @@ SO_CRYPTO= $plib\$(CRYPTO)$so_shlibp | |||
| 554 | L_SSL= \$(LIB_D)$o$plib\$(SSL)$libp | 472 | L_SSL= \$(LIB_D)$o$plib\$(SSL)$libp |
| 555 | L_CRYPTO= \$(LIB_D)$o$plib\$(CRYPTO)$libp | 473 | L_CRYPTO= \$(LIB_D)$o$plib\$(CRYPTO)$libp |
| 556 | 474 | ||
| 557 | L_LIBS= \$(L_SSL) \$(L_CRYPTO) $ex_l_libs | 475 | L_LIBS= \$(L_SSL) \$(L_CRYPTO) |
| 558 | 476 | ||
| 559 | ###################################################### | 477 | ###################################################### |
| 560 | # Don't touch anything below this point | 478 | # Don't touch anything below this point |
| @@ -564,19 +482,19 @@ INC=-I\$(INC_D) -I\$(INCL_D) | |||
| 564 | APP_CFLAGS=\$(INC) \$(CFLAG) \$(APP_CFLAG) | 482 | APP_CFLAGS=\$(INC) \$(CFLAG) \$(APP_CFLAG) |
| 565 | LIB_CFLAGS=\$(INC) \$(CFLAG) \$(LIB_CFLAG) | 483 | LIB_CFLAGS=\$(INC) \$(CFLAG) \$(LIB_CFLAG) |
| 566 | SHLIB_CFLAGS=\$(INC) \$(CFLAG) \$(LIB_CFLAG) \$(SHLIB_CFLAG) | 484 | SHLIB_CFLAGS=\$(INC) \$(CFLAG) \$(LIB_CFLAG) \$(SHLIB_CFLAG) |
| 567 | LIBS_DEP=\$(O_CRYPTO) \$(O_SSL) $ex_libs_dep | 485 | LIBS_DEP=\$(O_CRYPTO) \$(O_SSL) |
| 568 | 486 | ||
| 569 | ############################################# | 487 | ############################################# |
| 570 | EOF | 488 | EOF |
| 571 | 489 | ||
| 572 | $rules=<<"EOF"; | 490 | $rules=<<"EOF"; |
| 573 | all: banner \$(TMP_D) \$(BIN_D) \$(TEST_D) \$(LIB_D) \$(INCO_D) headers \$(FIPS_SHA1_EXE) lib exe $ex_build_targets | 491 | all: banner \$(TMP_D) \$(BIN_D) \$(TEST_D) \$(LIB_D) \$(INCO_D) headers lib exe |
| 574 | 492 | ||
| 575 | banner: | 493 | banner: |
| 576 | $banner | 494 | $banner |
| 577 | 495 | ||
| 578 | \$(TMP_D): | 496 | \$(TMP_D): |
| 579 | \$(MKDIR) \$(TMP_D) | 497 | \$(MKDIR) \"\$(TMP_D)\" |
| 580 | # NB: uncomment out these lines if BIN_D, TEST_D and LIB_D are different | 498 | # NB: uncomment out these lines if BIN_D, TEST_D and LIB_D are different |
| 581 | #\$(BIN_D): | 499 | #\$(BIN_D): |
| 582 | # \$(MKDIR) \$(BIN_D) | 500 | # \$(MKDIR) \$(BIN_D) |
| @@ -585,31 +503,36 @@ $banner | |||
| 585 | # \$(MKDIR) \$(TEST_D) | 503 | # \$(MKDIR) \$(TEST_D) |
| 586 | 504 | ||
| 587 | \$(LIB_D): | 505 | \$(LIB_D): |
| 588 | \$(MKDIR) \$(LIB_D) | 506 | \$(MKDIR) \"\$(LIB_D)\" |
| 589 | 507 | ||
| 590 | \$(INCO_D): \$(INC_D) | 508 | \$(INCO_D): \$(INC_D) |
| 591 | \$(MKDIR) \$(INCO_D) | 509 | \$(MKDIR) \"\$(INCO_D)\" |
| 592 | 510 | ||
| 593 | \$(INC_D): | 511 | \$(INC_D): |
| 594 | \$(MKDIR) \$(INC_D) | 512 | \$(MKDIR) \"\$(INC_D)\" |
| 595 | 513 | ||
| 596 | headers: \$(HEADER) \$(EXHEADER) | 514 | headers: \$(HEADER) \$(EXHEADER) |
| 597 | @ | 515 | @ |
| 598 | 516 | ||
| 599 | lib: \$(LIBS_DEP) | 517 | lib: \$(LIBS_DEP) \$(E_SHLIB) |
| 600 | 518 | ||
| 601 | exe: \$(T_EXE) \$(BIN_D)$o\$(E_EXE)$exep | 519 | exe: \$(T_EXE) \$(BIN_D)$o\$(E_EXE)$exep |
| 602 | 520 | ||
| 603 | install: | 521 | install: all |
| 604 | \$(MKDIR) \$(INSTALLTOP) | 522 | \$(MKDIR) \"\$(INSTALLTOP)\" |
| 605 | \$(MKDIR) \$(INSTALLTOP)${o}bin | 523 | \$(MKDIR) \"\$(INSTALLTOP)${o}bin\" |
| 606 | \$(MKDIR) \$(INSTALLTOP)${o}include | 524 | \$(MKDIR) \"\$(INSTALLTOP)${o}include\" |
| 607 | \$(MKDIR) \$(INSTALLTOP)${o}include${o}openssl | 525 | \$(MKDIR) \"\$(INSTALLTOP)${o}include${o}openssl\" |
| 608 | \$(MKDIR) \$(INSTALLTOP)${o}lib | 526 | \$(MKDIR) \"\$(INSTALLTOP)${o}lib\" |
| 609 | \$(CP) \$(INCO_D)${o}*.\[ch\] \$(INSTALLTOP)${o}include${o}openssl | 527 | \$(CP) \"\$(INCO_D)${o}*.\[ch\]\" \"\$(INSTALLTOP)${o}include${o}openssl\" |
| 610 | \$(CP) \$(BIN_D)$o\$(E_EXE)$exep \$(INSTALLTOP)${o}bin | 528 | \$(CP) \"\$(BIN_D)$o\$(E_EXE)$exep\" \"\$(INSTALLTOP)${o}bin\" |
| 611 | \$(CP) \$(O_SSL) \$(INSTALLTOP)${o}lib | 529 | \$(CP) \"apps${o}openssl.cnf\" \"\$(INSTALLTOP)\" |
| 612 | \$(CP) \$(O_CRYPTO) \$(INSTALLTOP)${o}lib | 530 | $extra_install |
| 531 | |||
| 532 | |||
| 533 | test: \$(T_EXE) | ||
| 534 | cd \$(BIN_D) | ||
| 535 | ..${o}ms${o}test | ||
| 613 | 536 | ||
| 614 | clean: | 537 | clean: |
| 615 | \$(RM) \$(TMP_D)$o*.* | 538 | \$(RM) \$(TMP_D)$o*.* |
| @@ -668,11 +591,11 @@ foreach (split(/\s+/,$exheader)){ $h{$_}=1; } | |||
| 668 | foreach (split(/\s+/,$header)) { $h.=$_." " unless $h{$_}; } | 591 | foreach (split(/\s+/,$header)) { $h.=$_." " unless $h{$_}; } |
| 669 | chop($h); $header=$h; | 592 | chop($h); $header=$h; |
| 670 | 593 | ||
| 671 | $defs.=&do_defs("HEADER",$header,"\$(INCL_D)",".h"); | 594 | $defs.=&do_defs("HEADER",$header,"\$(INCL_D)",""); |
| 672 | $rules.=&do_copy_rule("\$(INCL_D)",$header,".h"); | 595 | $rules.=&do_copy_rule("\$(INCL_D)",$header,""); |
| 673 | 596 | ||
| 674 | $defs.=&do_defs("EXHEADER",$exheader,"\$(INCO_D)",".h"); | 597 | $defs.=&do_defs("EXHEADER",$exheader,"\$(INCO_D)",""); |
| 675 | $rules.=&do_copy_rule("\$(INCO_D)",$exheader,".h"); | 598 | $rules.=&do_copy_rule("\$(INCO_D)",$exheader,""); |
| 676 | 599 | ||
| 677 | $defs.=&do_defs("T_OBJ",$test,"\$(OBJ_D)",$obj); | 600 | $defs.=&do_defs("T_OBJ",$test,"\$(OBJ_D)",$obj); |
| 678 | $rules.=&do_compile_rule("\$(OBJ_D)",$test,"\$(APP_CFLAGS)"); | 601 | $rules.=&do_compile_rule("\$(OBJ_D)",$test,"\$(APP_CFLAGS)"); |
| @@ -680,29 +603,6 @@ $rules.=&do_compile_rule("\$(OBJ_D)",$test,"\$(APP_CFLAGS)"); | |||
| 680 | $defs.=&do_defs("E_OBJ",$e_exe,"\$(OBJ_D)",$obj); | 603 | $defs.=&do_defs("E_OBJ",$e_exe,"\$(OBJ_D)",$obj); |
| 681 | $rules.=&do_compile_rule("\$(OBJ_D)",$e_exe,'-DMONOLITH $(APP_CFLAGS)'); | 604 | $rules.=&do_compile_rule("\$(OBJ_D)",$e_exe,'-DMONOLITH $(APP_CFLAGS)'); |
| 682 | 605 | ||
| 683 | # Special case rules for fips_start and fips_end fips_premain_dso | ||
| 684 | |||
| 685 | if ($fips) | ||
| 686 | { | ||
| 687 | if ($fips_canister_build) | ||
| 688 | { | ||
| 689 | $rules.=&cc_compile_target("\$(OBJ_D)${o}fips_start$obj", | ||
| 690 | "fips-1.0${o}fips_canister.c", | ||
| 691 | "-DFIPS_START \$(SHLIB_CFLAGS)"); | ||
| 692 | $rules.=&cc_compile_target("\$(OBJ_D)${o}fips_end$obj", | ||
| 693 | "fips-1.0${o}fips_canister.c", "\$(SHLIB_CFLAGS)"); | ||
| 694 | } | ||
| 695 | $rules.=&cc_compile_target("\$(OBJ_D)${o}fips_standalone_sha1$obj", | ||
| 696 | "fips-1.0${o}sha${o}fips_standalone_sha1.c", | ||
| 697 | "\$(SHLIB_CFLAGS)"); | ||
| 698 | $rules.=&cc_compile_target("\$(OBJ_D)${o}fips_sha1dgst$obj", | ||
| 699 | "fips-1.0${o}sha${o}fips_sha1dgst.c", | ||
| 700 | "\$(SHLIB_CFLAGS)") unless $fips_canister_build; | ||
| 701 | $rules.=&cc_compile_target("\$(OBJ_D)${o}\$(E_PREMAIN_DSO)$obj", | ||
| 702 | "fips-1.0${o}fips_premain.c", | ||
| 703 | "-DFINGERPRINT_PREMAIN_DSO_LOAD \$(SHLIB_CFLAGS)"); | ||
| 704 | } | ||
| 705 | |||
| 706 | foreach (values %lib_nam) | 606 | foreach (values %lib_nam) |
| 707 | { | 607 | { |
| 708 | $lib_obj=$lib_obj{$_}; | 608 | $lib_obj=$lib_obj{$_}; |
| @@ -713,7 +613,12 @@ foreach (values %lib_nam) | |||
| 713 | $rules.="\$(O_SSL):\n\n"; | 613 | $rules.="\$(O_SSL):\n\n"; |
| 714 | next; | 614 | next; |
| 715 | } | 615 | } |
| 716 | 616 | if (($aes_asm_obj ne "") && ($_ eq "CRYPTO")) | |
| 617 | { | ||
| 618 | $lib_obj =~ s/\s(\S*\/aes_core\S*)/ \$(AES_ASM_OBJ)/; | ||
| 619 | $lib_obj =~ s/\s\S*\/aes_cbc\S*//; | ||
| 620 | $rules.=&do_asm_rule($aes_asm_obj,$aes_asm_src); | ||
| 621 | } | ||
| 717 | if (($bn_asm_obj ne "") && ($_ eq "CRYPTO")) | 622 | if (($bn_asm_obj ne "") && ($_ eq "CRYPTO")) |
| 718 | { | 623 | { |
| 719 | $lib_obj =~ s/\s\S*\/bn_asm\S*/ \$(BN_ASM_OBJ)/; | 624 | $lib_obj =~ s/\s\S*\/bn_asm\S*/ \$(BN_ASM_OBJ)/; |
| @@ -765,11 +670,28 @@ foreach (values %lib_nam) | |||
| 765 | $lib_obj =~ s/\s(\S*\/rmd_dgst\S*)/ $1 \$(RMD160_ASM_OBJ)/; | 670 | $lib_obj =~ s/\s(\S*\/rmd_dgst\S*)/ $1 \$(RMD160_ASM_OBJ)/; |
| 766 | $rules.=&do_asm_rule($rmd160_asm_obj,$rmd160_asm_src); | 671 | $rules.=&do_asm_rule($rmd160_asm_obj,$rmd160_asm_src); |
| 767 | } | 672 | } |
| 673 | if (($cpuid_asm_obj ne "") && ($_ eq "CRYPTO")) | ||
| 674 | { | ||
| 675 | $lib_obj =~ s/\s(\S*\/cversion\S*)/ $1 \$(CPUID_ASM_OBJ)/; | ||
| 676 | $rules.=&do_asm_rule($cpuid_asm_obj,$cpuid_asm_src); | ||
| 677 | } | ||
| 768 | $defs.=&do_defs(${_}."OBJ",$lib_obj,"\$(OBJ_D)",$obj); | 678 | $defs.=&do_defs(${_}."OBJ",$lib_obj,"\$(OBJ_D)",$obj); |
| 769 | $lib=($slib)?" \$(SHLIB_CFLAGS)".$shlib_ex_cflags{$_}:" \$(LIB_CFLAGS)"; | 679 | $lib=($slib)?" \$(SHLIB_CFLAGS)".$shlib_ex_cflags{$_}:" \$(LIB_CFLAGS)"; |
| 770 | $rules.=&do_compile_rule("\$(OBJ_D)",$lib_obj{$_},$lib); | 680 | $rules.=&do_compile_rule("\$(OBJ_D)",$lib_obj{$_},$lib); |
| 771 | } | 681 | } |
| 772 | 682 | ||
| 683 | # hack to add version info on MSVC | ||
| 684 | if (($platform eq "VC-WIN32") || ($platform eq "VC-NT")) { | ||
| 685 | $rules.= <<"EOF"; | ||
| 686 | \$(OBJ_D)\\\$(CRYPTO).res: ms\\version32.rc | ||
| 687 | \$(RSC) /fo"\$(OBJ_D)\\\$(CRYPTO).res" /d CRYPTO ms\\version32.rc | ||
| 688 | |||
| 689 | \$(OBJ_D)\\\$(SSL).res: ms\\version32.rc | ||
| 690 | \$(RSC) /fo"\$(OBJ_D)\\\$(SSL).res" /d SSL ms\\version32.rc | ||
| 691 | |||
| 692 | EOF | ||
| 693 | } | ||
| 694 | |||
| 773 | $defs.=&do_defs("T_EXE",$test,"\$(TEST_D)",$exep); | 695 | $defs.=&do_defs("T_EXE",$test,"\$(TEST_D)",$exep); |
| 774 | foreach (split(/\s+/,$test)) | 696 | foreach (split(/\s+/,$test)) |
| 775 | { | 697 | { |
| @@ -778,42 +700,20 @@ foreach (split(/\s+/,$test)) | |||
| 778 | $rules.=&do_link_rule("\$(TEST_D)$o$t$exep",$tt,"\$(LIBS_DEP)","\$(L_LIBS) \$(EX_LIBS)"); | 700 | $rules.=&do_link_rule("\$(TEST_D)$o$t$exep",$tt,"\$(LIBS_DEP)","\$(L_LIBS) \$(EX_LIBS)"); |
| 779 | } | 701 | } |
| 780 | 702 | ||
| 781 | $rules.= &do_lib_rule("\$(SSLOBJ)","\$(O_SSL)",$ssl,$shlib,"\$(SO_SSL)"); | 703 | $defs.=&do_defs("E_SHLIB",$engines,"\$(ENG_D)",$shlibp); |
| 782 | |||
| 783 | 704 | ||
| 784 | if ($fips) | 705 | foreach (split(/\s+/,$engines)) |
| 785 | { | ||
| 786 | if ($shlib) | ||
| 787 | { | ||
| 788 | $rules.= &do_lib_rule("\$(CRYPTOOBJ) \$(O_FIPSCANISTER)", | ||
| 789 | "\$(O_CRYPTO)", | ||
| 790 | "$crypto", | ||
| 791 | $shlib, "\$(SO_CRYPTO)", "\$(BASEADDR)"); | ||
| 792 | } | ||
| 793 | else | ||
| 794 | { | ||
| 795 | $rules.= &do_lib_rule("\$(CRYPTOOBJ)", | ||
| 796 | "\$(O_CRYPTO)",$crypto,$shlib,"\$(SO_CRYPTO)", ""); | ||
| 797 | $rules.= &do_lib_rule("\$(CRYPTOOBJ) \$(O_FIPSCANISTER)", | ||
| 798 | "\$(LIB_D)$o$crypto_compat",$crypto,$shlib,"\$(SO_CRYPTO)", ""); | ||
| 799 | } | ||
| 800 | } | ||
| 801 | else | ||
| 802 | { | 706 | { |
| 803 | $rules.= &do_lib_rule("\$(CRYPTOOBJ)","\$(O_CRYPTO)",$crypto,$shlib, | 707 | $rules.=&do_compile_rule("\$(OBJ_D)","engines${o}e_$_",$lib); |
| 804 | "\$(SO_CRYPTO)"); | 708 | $rules.= &do_lib_rule("\$(OBJ_D)${o}e_${_}.obj","\$(ENG_D)$o$_$shlibp","",$shlib,""); |
| 805 | } | 709 | } |
| 806 | 710 | ||
| 807 | 711 | ||
| 808 | if ($fips) | ||
| 809 | { | ||
| 810 | $rules.= &do_rlink_rule("\$(O_FIPSCANISTER)", "\$(OBJ_D)${o}fips_start$obj \$(FIPSOBJ) \$(OBJ_D)${o}fips_end$obj", "\$(FIPSLIB_D)${o}fips_standalone_sha1$exep", "") if $fips_canister_build; | ||
| 811 | $rules.=&do_link_rule("\$(PREMAIN_DSO_EXE)","\$(OBJ_D)${o}\$(E_PREMAIN_DSO)$obj \$(CRYPTOOBJ) \$(O_FIPSCANISTER)","","\$(EX_LIBS)", 1); | ||
| 812 | |||
| 813 | $rules.=&do_link_rule("\$(FIPS_SHA1_EXE)","\$(OBJ_D)${o}fips_standalone_sha1$obj \$(OBJ_D)${o}fips_sha1dgst$obj","","", 1); | ||
| 814 | } | ||
| 815 | 712 | ||
| 816 | $rules.=&do_link_rule("\$(BIN_D)$o\$(E_EXE)$exep","\$(E_OBJ)","\$(LIBS_DEP)","\$(L_LIBS) \$(EX_LIBS)",0); | 713 | $rules.= &do_lib_rule("\$(SSLOBJ)","\$(O_SSL)",$ssl,$shlib,"\$(SO_SSL)"); |
| 714 | $rules.= &do_lib_rule("\$(CRYPTOOBJ)","\$(O_CRYPTO)",$crypto,$shlib,"\$(SO_CRYPTO)"); | ||
| 715 | |||
| 716 | $rules.=&do_link_rule("\$(BIN_D)$o\$(E_EXE)$exep","\$(E_OBJ)","\$(LIBS_DEP)","\$(L_LIBS) \$(EX_LIBS)"); | ||
| 817 | 717 | ||
| 818 | print $defs; | 718 | print $defs; |
| 819 | 719 | ||
| @@ -833,13 +733,15 @@ print $rules; | |||
| 833 | # directories | 733 | # directories |
| 834 | sub var_add | 734 | sub var_add |
| 835 | { | 735 | { |
| 836 | local($dir,$val)=@_; | 736 | local($dir,$val,$keepext)=@_; |
| 837 | local(@a,$_,$ret); | 737 | local(@a,$_,$ret); |
| 838 | 738 | ||
| 839 | return("") if $no_engine && $dir =~ /\/engine/; | 739 | return("") if $no_engine && $dir =~ /\/engine/; |
| 840 | return("") if $no_hw && $dir =~ /\/hw/; | 740 | return("") if $no_hw && $dir =~ /\/hw/; |
| 841 | return("") if $no_idea && $dir =~ /\/idea/; | 741 | return("") if $no_idea && $dir =~ /\/idea/; |
| 842 | return("") if $no_aes && $dir =~ /\/aes/; | 742 | return("") if $no_aes && $dir =~ /\/aes/; |
| 743 | return("") if $no_camellia && $dir =~ /\/camellia/; | ||
| 744 | return("") if $no_seed && $dir =~ /\/seed/; | ||
| 843 | return("") if $no_rc2 && $dir =~ /\/rc2/; | 745 | return("") if $no_rc2 && $dir =~ /\/rc2/; |
| 844 | return("") if $no_rc4 && $dir =~ /\/rc4/; | 746 | return("") if $no_rc4 && $dir =~ /\/rc4/; |
| 845 | return("") if $no_rc5 && $dir =~ /\/rc5/; | 747 | return("") if $no_rc5 && $dir =~ /\/rc5/; |
| @@ -848,6 +750,7 @@ sub var_add | |||
| 848 | return("") if $no_dsa && $dir =~ /\/dsa/; | 750 | return("") if $no_dsa && $dir =~ /\/dsa/; |
| 849 | return("") if $no_dh && $dir =~ /\/dh/; | 751 | return("") if $no_dh && $dir =~ /\/dh/; |
| 850 | return("") if $no_ec && $dir =~ /\/ec/; | 752 | return("") if $no_ec && $dir =~ /\/ec/; |
| 753 | return("") if $no_cms && $dir =~ /\/cms/; | ||
| 851 | if ($no_des && $dir =~ /\/des/) | 754 | if ($no_des && $dir =~ /\/des/) |
| 852 | { | 755 | { |
| 853 | if ($val =~ /read_pwd/) | 756 | if ($val =~ /read_pwd/) |
| @@ -862,7 +765,7 @@ sub var_add | |||
| 862 | 765 | ||
| 863 | $val =~ s/^\s*(.*)\s*$/$1/; | 766 | $val =~ s/^\s*(.*)\s*$/$1/; |
| 864 | @a=split(/\s+/,$val); | 767 | @a=split(/\s+/,$val); |
| 865 | grep(s/\.[och]$//,@a); | 768 | grep(s/\.[och]$//,@a) unless $keepext; |
| 866 | 769 | ||
| 867 | @a=grep(!/^e_.*_3d$/,@a) if $no_des; | 770 | @a=grep(!/^e_.*_3d$/,@a) if $no_des; |
| 868 | @a=grep(!/^e_.*_d$/,@a) if $no_des; | 771 | @a=grep(!/^e_.*_d$/,@a) if $no_des; |
| @@ -873,6 +776,8 @@ sub var_add | |||
| 873 | @a=grep(!/^e_.*_bf$/,@a) if $no_bf; | 776 | @a=grep(!/^e_.*_bf$/,@a) if $no_bf; |
| 874 | @a=grep(!/^e_.*_c$/,@a) if $no_cast; | 777 | @a=grep(!/^e_.*_c$/,@a) if $no_cast; |
| 875 | @a=grep(!/^e_rc4$/,@a) if $no_rc4; | 778 | @a=grep(!/^e_rc4$/,@a) if $no_rc4; |
| 779 | @a=grep(!/^e_camellia$/,@a) if $no_camellia; | ||
| 780 | @a=grep(!/^e_seed$/,@a) if $no_seed; | ||
| 876 | 781 | ||
| 877 | @a=grep(!/(^s2_)|(^s23_)/,@a) if $no_ssl2; | 782 | @a=grep(!/(^s2_)|(^s23_)/,@a) if $no_ssl2; |
| 878 | @a=grep(!/(^s3_)|(^s23_)/,@a) if $no_ssl3; | 783 | @a=grep(!/(^s3_)|(^s23_)/,@a) if $no_ssl3; |
| @@ -956,13 +861,23 @@ sub do_defs | |||
| 956 | elsif ($_ =~ /RC5_ENC/) { $t="$_ "; } | 861 | elsif ($_ =~ /RC5_ENC/) { $t="$_ "; } |
| 957 | elsif ($_ =~ /MD5_ASM/) { $t="$_ "; } | 862 | elsif ($_ =~ /MD5_ASM/) { $t="$_ "; } |
| 958 | elsif ($_ =~ /SHA1_ASM/){ $t="$_ "; } | 863 | elsif ($_ =~ /SHA1_ASM/){ $t="$_ "; } |
| 864 | elsif ($_ =~ /AES_ASM/){ $t="$_ "; } | ||
| 959 | elsif ($_ =~ /RMD160_ASM/){ $t="$_ "; } | 865 | elsif ($_ =~ /RMD160_ASM/){ $t="$_ "; } |
| 866 | elsif ($_ =~ /CPUID_ASM/){ $t="$_ "; } | ||
| 960 | else { $t="$location${o}$_$pf "; } | 867 | else { $t="$location${o}$_$pf "; } |
| 961 | 868 | ||
| 962 | $Vars{$var}.="$t "; | 869 | $Vars{$var}.="$t "; |
| 963 | $ret.=$t; | 870 | $ret.=$t; |
| 964 | } | 871 | } |
| 965 | chop($ret); | 872 | # hack to add version info on MSVC |
| 873 | if ($shlib && (($platform eq "VC-WIN32") || ($platform eq "VC-NT"))) | ||
| 874 | { | ||
| 875 | if ($var eq "CRYPTOOBJ") | ||
| 876 | { $ret.="\$(OBJ_D)\\\$(CRYPTO).res "; } | ||
| 877 | elsif ($var eq "SSLOBJ") | ||
| 878 | { $ret.="\$(OBJ_D)\\\$(SSL).res "; } | ||
| 879 | } | ||
| 880 | chomp($ret); | ||
| 966 | $ret.="\n\n"; | 881 | $ret.="\n\n"; |
| 967 | return($ret); | 882 | return($ret); |
| 968 | } | 883 | } |
| @@ -1057,61 +972,118 @@ sub do_copy_rule | |||
| 1057 | if ($n =~ /bss_file/) | 972 | if ($n =~ /bss_file/) |
| 1058 | { $pp=".c"; } | 973 | { $pp=".c"; } |
| 1059 | else { $pp=$p; } | 974 | else { $pp=$p; } |
| 1060 | $ret.="$to${o}$n$pp: \$(SRC_D)$o$_$pp\n\t\$(CP) \$(SRC_D)$o$_$pp $to${o}$n$pp\n\n"; | 975 | $ret.="$to${o}$n$pp: \$(SRC_D)$o$_$pp\n\t\$(CP) \"\$(SRC_D)$o$_$pp\" \"$to${o}$n$pp\"\n\n"; |
| 1061 | } | 976 | } |
| 1062 | return($ret); | 977 | return($ret); |
| 1063 | } | 978 | } |
| 1064 | 979 | ||
| 1065 | sub read_options | 980 | sub read_options |
| 1066 | { | 981 | { |
| 1067 | if (/^no-rc2$/) { $no_rc2=1; } | 982 | # Many options are handled in a similar way. In particular |
| 1068 | elsif (/^no-rc4$/) { $no_rc4=1; } | 983 | # no-xxx sets zero or more scalars to 1. |
| 1069 | elsif (/^no-rc5$/) { $no_rc5=1; } | 984 | # Process these using a hash containing the option name and |
| 1070 | elsif (/^no-idea$/) { $no_idea=1; } | 985 | # reference to the scalars to set. |
| 1071 | elsif (/^no-aes$/) { $no_aes=1; } | 986 | |
| 1072 | elsif (/^no-des$/) { $no_des=1; } | 987 | my %valid_options = ( |
| 1073 | elsif (/^no-bf$/) { $no_bf=1; } | 988 | "no-rc2" => \$no_rc2, |
| 1074 | elsif (/^no-cast$/) { $no_cast=1; } | 989 | "no-rc4" => \$no_rc4, |
| 1075 | elsif (/^no-md2$/) { $no_md2=1; } | 990 | "no-rc5" => \$no_rc5, |
| 1076 | elsif (/^no-md4$/) { $no_md4=1; } | 991 | "no-idea" => \$no_idea, |
| 1077 | elsif (/^no-md5$/) { $no_md5=1; } | 992 | "no-aes" => \$no_aes, |
| 1078 | elsif (/^no-sha$/) { $no_sha=1; } | 993 | "no-camellia" => \$no_camellia, |
| 1079 | elsif (/^no-sha1$/) { $no_sha1=1; } | 994 | "no-seed" => \$no_seed, |
| 1080 | elsif (/^no-ripemd$/) { $no_ripemd=1; } | 995 | "no-des" => \$no_des, |
| 1081 | elsif (/^no-mdc2$/) { $no_mdc2=1; } | 996 | "no-bf" => \$no_bf, |
| 1082 | elsif (/^no-patents$/) { $no_rc2=$no_rc4=$no_rc5=$no_idea=$no_rsa=1; } | 997 | "no-cast" => \$no_cast, |
| 1083 | elsif (/^no-rsa$/) { $no_rsa=1; } | 998 | "no-md2" => \$no_md2, |
| 1084 | elsif (/^no-dsa$/) { $no_dsa=1; } | 999 | "no-md4" => \$no_md4, |
| 1085 | elsif (/^no-dh$/) { $no_dh=1; } | 1000 | "no-md5" => \$no_md5, |
| 1086 | elsif (/^no-hmac$/) { $no_hmac=1; } | 1001 | "no-sha" => \$no_sha, |
| 1087 | elsif (/^no-aes$/) { $no_aes=1; } | 1002 | "no-sha1" => \$no_sha1, |
| 1088 | elsif (/^no-asm$/) { $no_asm=1; } | 1003 | "no-ripemd" => \$no_ripemd, |
| 1089 | elsif (/^nasm$/) { $nasm=1; } | 1004 | "no-mdc2" => \$no_mdc2, |
| 1090 | elsif (/^gaswin$/) { $gaswin=1; } | 1005 | "no-patents" => |
| 1091 | elsif (/^no-ssl2$/) { $no_ssl2=1; } | 1006 | [\$no_rc2, \$no_rc4, \$no_rc5, \$no_idea, \$no_rsa], |
| 1092 | elsif (/^no-ssl3$/) { $no_ssl3=1; } | 1007 | "no-rsa" => \$no_rsa, |
| 1093 | elsif (/^no-err$/) { $no_err=1; } | 1008 | "no-dsa" => \$no_dsa, |
| 1094 | elsif (/^no-sock$/) { $no_sock=1; } | 1009 | "no-dh" => \$no_dh, |
| 1095 | elsif (/^no-krb5$/) { $no_krb5=1; } | 1010 | "no-hmac" => \$no_hmac, |
| 1096 | elsif (/^no-ec$/) { $no_ec=1; } | 1011 | "no-asm" => \$no_asm, |
| 1097 | elsif (/^no-engine$/) { $no_engine=1; } | 1012 | "nasm" => \$nasm, |
| 1098 | elsif (/^no-hw$/) { $no_hw=1; } | 1013 | "nw-nasm" => \$nw_nasm, |
| 1099 | 1014 | "nw-mwasm" => \$nw_mwasm, | |
| 1100 | elsif (/^just-ssl$/) { $no_rc2=$no_idea=$no_des=$no_bf=$no_cast=1; | 1015 | "gaswin" => \$gaswin, |
| 1101 | $no_md2=$no_sha=$no_mdc2=$no_dsa=$no_dh=1; | 1016 | "no-ssl2" => \$no_ssl2, |
| 1102 | $no_ssl2=$no_err=$no_ripemd=$no_rc5=1; | 1017 | "no-ssl3" => \$no_ssl3, |
| 1103 | $no_aes=1; } | 1018 | "no-tlsext" => \$no_tlsext, |
| 1104 | 1019 | "no-cms" => \$no_cms, | |
| 1105 | elsif (/^rsaref$/) { } | 1020 | "no-err" => \$no_err, |
| 1106 | elsif (/^fips$/) { $fips=1; } | 1021 | "no-sock" => \$no_sock, |
| 1107 | elsif (/^gcc$/) { $gcc=1; } | 1022 | "no-krb5" => \$no_krb5, |
| 1108 | elsif (/^debug$/) { $debug=1; } | 1023 | "no-ec" => \$no_ec, |
| 1109 | elsif (/^profile$/) { $profile=1; } | 1024 | "no-ecdsa" => \$no_ecdsa, |
| 1110 | elsif (/^shlib$/) { $shlib=1; } | 1025 | "no-ecdh" => \$no_ecdh, |
| 1111 | elsif (/^dll$/) { $shlib=1; } | 1026 | "no-engine" => \$no_engine, |
| 1112 | elsif (/^shared$/) { } # We just need to ignore it for now... | 1027 | "no-hw" => \$no_hw, |
| 1113 | elsif (/^zlib$/) { $zlib_opt = 1 if $zlib_opt == 0 } | 1028 | "just-ssl" => |
| 1114 | elsif (/^zlib-dynamic$/){ $zlib_opt = 2; } | 1029 | [\$no_rc2, \$no_idea, \$no_des, \$no_bf, \$no_cast, |
| 1030 | \$no_md2, \$no_sha, \$no_mdc2, \$no_dsa, \$no_dh, | ||
| 1031 | \$no_ssl2, \$no_err, \$no_ripemd, \$no_rc5, | ||
| 1032 | \$no_aes, \$no_camellia, \$no_seed], | ||
| 1033 | "rsaref" => 0, | ||
| 1034 | "gcc" => \$gcc, | ||
| 1035 | "debug" => \$debug, | ||
| 1036 | "profile" => \$profile, | ||
| 1037 | "shlib" => \$shlib, | ||
| 1038 | "dll" => \$shlib, | ||
| 1039 | "shared" => 0, | ||
| 1040 | "no-gmp" => 0, | ||
| 1041 | "no-rfc3779" => 0, | ||
| 1042 | "no-montasm" => 0, | ||
| 1043 | "no-shared" => 0, | ||
| 1044 | "no-zlib" => 0, | ||
| 1045 | "no-zlib-dynamic" => 0, | ||
| 1046 | ); | ||
| 1047 | |||
| 1048 | if (exists $valid_options{$_}) | ||
| 1049 | { | ||
| 1050 | my $r = $valid_options{$_}; | ||
| 1051 | if ( ref $r eq "SCALAR") | ||
| 1052 | { $$r = 1;} | ||
| 1053 | elsif ( ref $r eq "ARRAY") | ||
| 1054 | { | ||
| 1055 | my $r2; | ||
| 1056 | foreach $r2 (@$r) | ||
| 1057 | { | ||
| 1058 | $$r2 = 1; | ||
| 1059 | } | ||
| 1060 | } | ||
| 1061 | } | ||
| 1062 | elsif (/^no-comp$/) { $xcflags = "-DOPENSSL_NO_COMP $xcflags"; } | ||
| 1063 | elsif (/^enable-zlib$/) { $zlib_opt = 1 if $zlib_opt == 0 } | ||
| 1064 | elsif (/^enable-zlib-dynamic$/) | ||
| 1065 | { | ||
| 1066 | $zlib_opt = 2; | ||
| 1067 | } | ||
| 1068 | elsif (/^no-static-engine/) | ||
| 1069 | { | ||
| 1070 | $no_static_engine = 1; | ||
| 1071 | } | ||
| 1072 | elsif (/^enable-static-engine/) | ||
| 1073 | { | ||
| 1074 | $no_static_engine = 0; | ||
| 1075 | } | ||
| 1076 | # There are also enable-xxx options which correspond to | ||
| 1077 | # the no-xxx. Since the scalars are enabled by default | ||
| 1078 | # these can be ignored. | ||
| 1079 | elsif (/^enable-/) | ||
| 1080 | { | ||
| 1081 | my $t = $_; | ||
| 1082 | $t =~ s/^enable/no/; | ||
| 1083 | if (exists $valid_options{$t}) | ||
| 1084 | {return 1;} | ||
| 1085 | return 0; | ||
| 1086 | } | ||
| 1115 | elsif (/^--with-krb5-flavor=(.*)$/) | 1087 | elsif (/^--with-krb5-flavor=(.*)$/) |
| 1116 | { | 1088 | { |
| 1117 | my $krb5_flavor = $1; | 1089 | my $krb5_flavor = $1; |
| @@ -1135,31 +1107,3 @@ sub read_options | |||
| 1135 | else { return(0); } | 1107 | else { return(0); } |
| 1136 | return(1); | 1108 | return(1); |
| 1137 | } | 1109 | } |
| 1138 | |||
| 1139 | sub fipslib_error | ||
| 1140 | { | ||
| 1141 | print STDERR "***FIPS module directory sanity check failed***\n"; | ||
| 1142 | print STDERR "FIPS module build failed, or was deleted\n"; | ||
| 1143 | print STDERR "Please rebuild FIPS module.\n"; | ||
| 1144 | exit 1; | ||
| 1145 | } | ||
| 1146 | |||
| 1147 | sub fips_check_files | ||
| 1148 | { | ||
| 1149 | my $dir = shift @_; | ||
| 1150 | my $ret = 1; | ||
| 1151 | if (!-d $dir) | ||
| 1152 | { | ||
| 1153 | print STDERR "FIPS module directory $dir does not exist\n"; | ||
| 1154 | fipslib_error(); | ||
| 1155 | } | ||
| 1156 | foreach (@_) | ||
| 1157 | { | ||
| 1158 | if (!-f "$dir${o}$_") | ||
| 1159 | { | ||
| 1160 | print STDERR "FIPS module file $_ does not exist!\n"; | ||
| 1161 | $ret = 0; | ||
| 1162 | } | ||
| 1163 | } | ||
| 1164 | fipslib_error() if ($ret == 0); | ||
| 1165 | } | ||
diff --git a/src/lib/libssl/src/util/mkdef.pl b/src/lib/libssl/src/util/mkdef.pl index 6c1e53bb14..ef1cc6e513 100644 --- a/src/lib/libssl/src/util/mkdef.pl +++ b/src/lib/libssl/src/util/mkdef.pl | |||
| @@ -79,19 +79,29 @@ my $OS2=0; | |||
| 79 | my $safe_stack_def = 0; | 79 | my $safe_stack_def = 0; |
| 80 | 80 | ||
| 81 | my @known_platforms = ( "__FreeBSD__", "PERL5", "NeXT", | 81 | my @known_platforms = ( "__FreeBSD__", "PERL5", "NeXT", |
| 82 | "EXPORT_VAR_AS_FUNCTION", "OPENSSL_FIPS" ); | 82 | "EXPORT_VAR_AS_FUNCTION", "ZLIB" ); |
| 83 | my @known_ossl_platforms = ( "VMS", "WIN16", "WIN32", "WINNT", "OS2" ); | 83 | my @known_ossl_platforms = ( "VMS", "WIN16", "WIN32", "WINNT", "OS2" ); |
| 84 | my @known_algorithms = ( "RC2", "RC4", "RC5", "IDEA", "DES", "BF", | 84 | my @known_algorithms = ( "RC2", "RC4", "RC5", "IDEA", "DES", "BF", |
| 85 | "CAST", "MD2", "MD4", "MD5", "SHA", "SHA0", "SHA1", | 85 | "CAST", "MD2", "MD4", "MD5", "SHA", "SHA0", "SHA1", |
| 86 | "SHA256", "SHA512", "RIPEMD", | 86 | "SHA256", "SHA512", "RIPEMD", |
| 87 | "MDC2", "RSA", "DSA", "DH", "EC", "HMAC", "AES", | 87 | "MDC2", "RSA", "DSA", "DH", "EC", "ECDH", "ECDSA", "HMAC", "AES", "CAMELLIA", "SEED", |
| 88 | # Envelope "algorithms" | 88 | # Envelope "algorithms" |
| 89 | "EVP", "X509", "ASN1_TYPEDEFS", | 89 | "EVP", "X509", "ASN1_TYPEDEFS", |
| 90 | # Helper "algorithms" | 90 | # Helper "algorithms" |
| 91 | "BIO", "COMP", "BUFFER", "LHASH", "STACK", "ERR", | 91 | "BIO", "COMP", "BUFFER", "LHASH", "STACK", "ERR", |
| 92 | "LOCKING", | 92 | "LOCKING", |
| 93 | # External "algorithms" | 93 | # External "algorithms" |
| 94 | "FP_API", "STDIO", "SOCK", "KRB5", "ENGINE", "HW" ); | 94 | "FP_API", "STDIO", "SOCK", "KRB5", "DGRAM", |
| 95 | # Engines | ||
| 96 | "STATIC_ENGINE", "ENGINE", "HW", "GMP", | ||
| 97 | # RFC3779 support | ||
| 98 | "RFC3779", | ||
| 99 | # TLS extension support | ||
| 100 | "TLSEXT", | ||
| 101 | # CMS | ||
| 102 | "CMS", | ||
| 103 | # Deprecated functions | ||
| 104 | "DEPRECATED" ); | ||
| 95 | 105 | ||
| 96 | my $options=""; | 106 | my $options=""; |
| 97 | open(IN,"<Makefile") || die "unable to open Makefile!\n"; | 107 | open(IN,"<Makefile") || die "unable to open Makefile!\n"; |
| @@ -107,9 +117,11 @@ my $no_rc2; my $no_rc4; my $no_rc5; my $no_idea; my $no_des; my $no_bf; | |||
| 107 | my $no_cast; | 117 | my $no_cast; |
| 108 | my $no_md2; my $no_md4; my $no_md5; my $no_sha; my $no_ripemd; my $no_mdc2; | 118 | my $no_md2; my $no_md4; my $no_md5; my $no_sha; my $no_ripemd; my $no_mdc2; |
| 109 | my $no_rsa; my $no_dsa; my $no_dh; my $no_hmac=0; my $no_aes; my $no_krb5; | 119 | my $no_rsa; my $no_dsa; my $no_dh; my $no_hmac=0; my $no_aes; my $no_krb5; |
| 110 | my $no_ec; my $no_engine; my $no_hw; | 120 | my $no_ec; my $no_ecdsa; my $no_ecdh; my $no_engine; my $no_hw; my $no_camellia; |
| 111 | my $no_fp_api; | 121 | my $no_seed; |
| 112 | my $fips; | 122 | my $no_fp_api; my $no_static_engine; my $no_gmp; my $no_deprecated; |
| 123 | my $no_rfc3779; my $no_tlsext; my $no_cms; | ||
| 124 | |||
| 113 | 125 | ||
| 114 | foreach (@ARGV, split(/ /, $options)) | 126 | foreach (@ARGV, split(/ /, $options)) |
| 115 | { | 127 | { |
| @@ -130,7 +142,11 @@ foreach (@ARGV, split(/ /, $options)) | |||
| 130 | } | 142 | } |
| 131 | $VMS=1 if $_ eq "VMS"; | 143 | $VMS=1 if $_ eq "VMS"; |
| 132 | $OS2=1 if $_ eq "OS2"; | 144 | $OS2=1 if $_ eq "OS2"; |
| 133 | $fips=1 if $_ eq "fips"; | 145 | if ($_ eq "zlib" || $_ eq "zlib-dynamic" |
| 146 | || $_ eq "enable-zlib-dynamic") { | ||
| 147 | $zlib = 1; | ||
| 148 | } | ||
| 149 | |||
| 134 | 150 | ||
| 135 | $do_ssl=1 if $_ eq "ssleay"; | 151 | $do_ssl=1 if $_ eq "ssleay"; |
| 136 | if ($_ eq "ssl") { | 152 | if ($_ eq "ssl") { |
| @@ -142,6 +158,8 @@ foreach (@ARGV, split(/ /, $options)) | |||
| 142 | $do_crypto=1; | 158 | $do_crypto=1; |
| 143 | $libname=$_; | 159 | $libname=$_; |
| 144 | } | 160 | } |
| 161 | $no_static_engine=1 if $_ eq "no-static-engine"; | ||
| 162 | $no_static_engine=0 if $_ eq "enable-static-engine"; | ||
| 145 | $do_update=1 if $_ eq "update"; | 163 | $do_update=1 if $_ eq "update"; |
| 146 | $do_rewrite=1 if $_ eq "rewrite"; | 164 | $do_rewrite=1 if $_ eq "rewrite"; |
| 147 | $do_ctest=1 if $_ eq "ctest"; | 165 | $do_ctest=1 if $_ eq "ctest"; |
| @@ -166,8 +184,12 @@ foreach (@ARGV, split(/ /, $options)) | |||
| 166 | elsif (/^no-dsa$/) { $no_dsa=1; } | 184 | elsif (/^no-dsa$/) { $no_dsa=1; } |
| 167 | elsif (/^no-dh$/) { $no_dh=1; } | 185 | elsif (/^no-dh$/) { $no_dh=1; } |
| 168 | elsif (/^no-ec$/) { $no_ec=1; } | 186 | elsif (/^no-ec$/) { $no_ec=1; } |
| 187 | elsif (/^no-ecdsa$/) { $no_ecdsa=1; } | ||
| 188 | elsif (/^no-ecdh$/) { $no_ecdh=1; } | ||
| 169 | elsif (/^no-hmac$/) { $no_hmac=1; } | 189 | elsif (/^no-hmac$/) { $no_hmac=1; } |
| 170 | elsif (/^no-aes$/) { $no_aes=1; } | 190 | elsif (/^no-aes$/) { $no_aes=1; } |
| 191 | elsif (/^no-camellia$/) { $no_camellia=1; } | ||
| 192 | elsif (/^no-seed$/) { $no_seed=1; } | ||
| 171 | elsif (/^no-evp$/) { $no_evp=1; } | 193 | elsif (/^no-evp$/) { $no_evp=1; } |
| 172 | elsif (/^no-lhash$/) { $no_lhash=1; } | 194 | elsif (/^no-lhash$/) { $no_lhash=1; } |
| 173 | elsif (/^no-stack$/) { $no_stack=1; } | 195 | elsif (/^no-stack$/) { $no_stack=1; } |
| @@ -180,6 +202,10 @@ foreach (@ARGV, split(/ /, $options)) | |||
| 180 | elsif (/^no-krb5$/) { $no_krb5=1; } | 202 | elsif (/^no-krb5$/) { $no_krb5=1; } |
| 181 | elsif (/^no-engine$/) { $no_engine=1; } | 203 | elsif (/^no-engine$/) { $no_engine=1; } |
| 182 | elsif (/^no-hw$/) { $no_hw=1; } | 204 | elsif (/^no-hw$/) { $no_hw=1; } |
| 205 | elsif (/^no-gmp$/) { $no_gmp=1; } | ||
| 206 | elsif (/^no-rfc3779$/) { $no_rfc3779=1; } | ||
| 207 | elsif (/^no-tlsext$/) { $no_tlsext=1; } | ||
| 208 | elsif (/^no-cms$/) { $no_cms=1; } | ||
| 183 | } | 209 | } |
| 184 | 210 | ||
| 185 | 211 | ||
| @@ -215,8 +241,10 @@ $max_crypto = $max_num; | |||
| 215 | 241 | ||
| 216 | my $ssl="ssl/ssl.h"; | 242 | my $ssl="ssl/ssl.h"; |
| 217 | $ssl.=" ssl/kssl.h"; | 243 | $ssl.=" ssl/kssl.h"; |
| 244 | $ssl.=" ssl/tls1.h"; | ||
| 218 | 245 | ||
| 219 | my $crypto ="crypto/crypto.h"; | 246 | my $crypto ="crypto/crypto.h"; |
| 247 | $crypto.=" crypto/o_dir.h"; | ||
| 220 | $crypto.=" crypto/des/des.h crypto/des/des_old.h" ; # unless $no_des; | 248 | $crypto.=" crypto/des/des.h crypto/des/des_old.h" ; # unless $no_des; |
| 221 | $crypto.=" crypto/idea/idea.h" ; # unless $no_idea; | 249 | $crypto.=" crypto/idea/idea.h" ; # unless $no_idea; |
| 222 | $crypto.=" crypto/rc4/rc4.h" ; # unless $no_rc4; | 250 | $crypto.=" crypto/rc4/rc4.h" ; # unless $no_rc4; |
| @@ -231,12 +259,16 @@ $crypto.=" crypto/mdc2/mdc2.h" ; # unless $no_mdc2; | |||
| 231 | $crypto.=" crypto/sha/sha.h" ; # unless $no_sha; | 259 | $crypto.=" crypto/sha/sha.h" ; # unless $no_sha; |
| 232 | $crypto.=" crypto/ripemd/ripemd.h" ; # unless $no_ripemd; | 260 | $crypto.=" crypto/ripemd/ripemd.h" ; # unless $no_ripemd; |
| 233 | $crypto.=" crypto/aes/aes.h" ; # unless $no_aes; | 261 | $crypto.=" crypto/aes/aes.h" ; # unless $no_aes; |
| 262 | $crypto.=" crypto/camellia/camellia.h" ; # unless $no_camellia; | ||
| 263 | $crypto.=" crypto/seed/seed.h"; # unless $no_seed; | ||
| 234 | 264 | ||
| 235 | $crypto.=" crypto/bn/bn.h"; | 265 | $crypto.=" crypto/bn/bn.h"; |
| 236 | $crypto.=" crypto/rsa/rsa.h" ; # unless $no_rsa; | 266 | $crypto.=" crypto/rsa/rsa.h" ; # unless $no_rsa; |
| 237 | $crypto.=" crypto/dsa/dsa.h" ; # unless $no_dsa; | 267 | $crypto.=" crypto/dsa/dsa.h" ; # unless $no_dsa; |
| 238 | $crypto.=" crypto/dh/dh.h" ; # unless $no_dh; | 268 | $crypto.=" crypto/dh/dh.h" ; # unless $no_dh; |
| 239 | $crypto.=" crypto/ec/ec.h" ; # unless $no_ec; | 269 | $crypto.=" crypto/ec/ec.h" ; # unless $no_ec; |
| 270 | $crypto.=" crypto/ecdsa/ecdsa.h" ; # unless $no_ecdsa; | ||
| 271 | $crypto.=" crypto/ecdh/ecdh.h" ; # unless $no_ecdh; | ||
| 240 | $crypto.=" crypto/hmac/hmac.h" ; # unless $no_hmac; | 272 | $crypto.=" crypto/hmac/hmac.h" ; # unless $no_hmac; |
| 241 | 273 | ||
| 242 | $crypto.=" crypto/engine/engine.h"; # unless $no_engine; | 274 | $crypto.=" crypto/engine/engine.h"; # unless $no_engine; |
| @@ -267,7 +299,9 @@ $crypto.=" crypto/ocsp/ocsp.h"; | |||
| 267 | $crypto.=" crypto/ui/ui.h crypto/ui/ui_compat.h"; | 299 | $crypto.=" crypto/ui/ui.h crypto/ui/ui_compat.h"; |
| 268 | $crypto.=" crypto/krb5/krb5_asn.h"; | 300 | $crypto.=" crypto/krb5/krb5_asn.h"; |
| 269 | $crypto.=" crypto/tmdiff.h"; | 301 | $crypto.=" crypto/tmdiff.h"; |
| 270 | $crypto.=" fips-1.0/fips.h fips-1.0/rand/fips_rand.h fips-1.0/sha/fips_sha.h"; | 302 | $crypto.=" crypto/store/store.h"; |
| 303 | $crypto.=" crypto/pqueue/pqueue.h"; | ||
| 304 | $crypto.=" crypto/cms/cms.h"; | ||
| 271 | 305 | ||
| 272 | my $symhacks="crypto/symhacks.h"; | 306 | my $symhacks="crypto/symhacks.h"; |
| 273 | 307 | ||
| @@ -423,7 +457,11 @@ sub do_defs | |||
| 423 | 457 | ||
| 424 | print STDERR "DEBUG: parsing ----------\n" if $debug; | 458 | print STDERR "DEBUG: parsing ----------\n" if $debug; |
| 425 | while(<IN>) { | 459 | while(<IN>) { |
| 426 | last if (/\/\* Error codes for the \w+ functions\. \*\//); | 460 | if (/\/\* Error codes for the \w+ functions\. \*\//) |
| 461 | { | ||
| 462 | undef @tag; | ||
| 463 | last; | ||
| 464 | } | ||
| 427 | if ($line ne '') { | 465 | if ($line ne '') { |
| 428 | $_ = $line . $_; | 466 | $_ = $line . $_; |
| 429 | $line = ''; | 467 | $line = ''; |
| @@ -436,17 +474,22 @@ sub do_defs | |||
| 436 | next; | 474 | next; |
| 437 | } | 475 | } |
| 438 | 476 | ||
| 439 | $cpp = 1 if /^\#.*ifdef.*cplusplus/; | 477 | if(/\/\*/) { |
| 478 | if (not /\*\//) { # multiline comment... | ||
| 479 | $line = $_; # ... just accumulate | ||
| 480 | next; | ||
| 481 | } else { | ||
| 482 | s/\/\*.*?\*\///gs;# wipe it | ||
| 483 | } | ||
| 484 | } | ||
| 485 | |||
| 440 | if ($cpp) { | 486 | if ($cpp) { |
| 441 | $cpp = 0 if /^\#.*endif/; | 487 | $cpp++ if /^#\s*if/; |
| 488 | $cpp-- if /^#\s*endif/; | ||
| 442 | next; | 489 | next; |
| 443 | } | 490 | } |
| 491 | $cpp = 1 if /^#.*ifdef.*cplusplus/; | ||
| 444 | 492 | ||
| 445 | s/\/\*.*?\*\///gs; # ignore comments | ||
| 446 | if (/\/\*/) { # if we have part | ||
| 447 | $line = $_; # of a comment, | ||
| 448 | next; # continue reading | ||
| 449 | } | ||
| 450 | s/{[^{}]*}//gs; # ignore {} blocks | 493 | s/{[^{}]*}//gs; # ignore {} blocks |
| 451 | print STDERR "DEBUG: \$def=\"$def\"\n" if $debug && $def ne ""; | 494 | print STDERR "DEBUG: \$def=\"$def\"\n" if $debug && $def ne ""; |
| 452 | print STDERR "DEBUG: \$_=\"$_\"\n" if $debug; | 495 | print STDERR "DEBUG: \$_=\"$_\"\n" if $debug; |
| @@ -505,7 +548,7 @@ sub do_defs | |||
| 505 | } | 548 | } |
| 506 | } elsif (/^\#\s*endif/) { | 549 | } elsif (/^\#\s*endif/) { |
| 507 | my $tag_i = $#tag; | 550 | my $tag_i = $#tag; |
| 508 | while($tag[$tag_i] ne "-") { | 551 | while($tag_i > 0 && $tag[$tag_i] ne "-") { |
| 509 | my $t=$tag[$tag_i]; | 552 | my $t=$tag[$tag_i]; |
| 510 | print STDERR "DEBUG: \$t=\"$t\"\n" if $debug; | 553 | print STDERR "DEBUG: \$t=\"$t\"\n" if $debug; |
| 511 | if ($tag{$t}==2) { | 554 | if ($tag{$t}==2) { |
| @@ -672,6 +715,10 @@ sub do_defs | |||
| 672 | "EXPORT_VAR_AS_FUNCTION", | 715 | "EXPORT_VAR_AS_FUNCTION", |
| 673 | "FUNCTION"); | 716 | "FUNCTION"); |
| 674 | next; | 717 | next; |
| 718 | } elsif (/^\s*DECLARE_ASN1_ALLOC_FUNCTIONS\s*\(\s*(\w*)\s*\)/) { | ||
| 719 | $def .= "int $1_free(void);"; | ||
| 720 | $def .= "int $1_new(void);"; | ||
| 721 | next; | ||
| 675 | } elsif (/^\s*DECLARE_ASN1_FUNCTIONS_name\s*\(\s*(\w*)\s*,\s*(\w*)\s*\)/) { | 722 | } elsif (/^\s*DECLARE_ASN1_FUNCTIONS_name\s*\(\s*(\w*)\s*,\s*(\w*)\s*\)/) { |
| 676 | $def .= "int d2i_$2(void);"; | 723 | $def .= "int d2i_$2(void);"; |
| 677 | $def .= "int i2d_$2(void);"; | 724 | $def .= "int i2d_$2(void);"; |
| @@ -716,12 +763,21 @@ sub do_defs | |||
| 716 | "EXPORT_VAR_AS_FUNCTION", | 763 | "EXPORT_VAR_AS_FUNCTION", |
| 717 | "FUNCTION"); | 764 | "FUNCTION"); |
| 718 | next; | 765 | next; |
| 766 | } elsif (/^\s*DECLARE_ASN1_NDEF_FUNCTION\s*\(\s*(\w*)\s*\)/) { | ||
| 767 | $def .= "int i2d_$1_NDEF(void);"; | ||
| 719 | } elsif (/^\s*DECLARE_ASN1_SET_OF\s*\(\s*(\w*)\s*\)/) { | 768 | } elsif (/^\s*DECLARE_ASN1_SET_OF\s*\(\s*(\w*)\s*\)/) { |
| 720 | next; | 769 | next; |
| 770 | } elsif (/^\s*DECLARE_ASN1_PRINT_FUNCTION\s*\(\s*(\w*)\s*\)/) { | ||
| 771 | $def .= "int $1_print_ctx(void);"; | ||
| 772 | next; | ||
| 773 | } elsif (/^\s*DECLARE_ASN1_PRINT_FUNCTION_name\s*\(\s*(\w*)\s*,\s*(\w*)\s*\)/) { | ||
| 774 | $def .= "int $2_print_ctx(void);"; | ||
| 775 | next; | ||
| 721 | } elsif (/^\s*DECLARE_PKCS12_STACK_OF\s*\(\s*(\w*)\s*\)/) { | 776 | } elsif (/^\s*DECLARE_PKCS12_STACK_OF\s*\(\s*(\w*)\s*\)/) { |
| 722 | next; | 777 | next; |
| 723 | } elsif (/^DECLARE_PEM_rw\s*\(\s*(\w*)\s*,/ || | 778 | } elsif (/^DECLARE_PEM_rw\s*\(\s*(\w*)\s*,/ || |
| 724 | /^DECLARE_PEM_rw_cb\s*\(\s*(\w*)\s*,/ ) { | 779 | /^DECLARE_PEM_rw_cb\s*\(\s*(\w*)\s*,/ || |
| 780 | /^DECLARE_PEM_rw_const\s*\(\s*(\w*)\s*,/ ) { | ||
| 725 | # Things not in Win16 | 781 | # Things not in Win16 |
| 726 | $def .= | 782 | $def .= |
| 727 | "#INFO:" | 783 | "#INFO:" |
| @@ -797,7 +853,7 @@ sub do_defs | |||
| 797 | } | 853 | } |
| 798 | close(IN); | 854 | close(IN); |
| 799 | 855 | ||
| 800 | my $algs = ''; | 856 | my $algs; |
| 801 | my $plays; | 857 | my $plays; |
| 802 | 858 | ||
| 803 | print STDERR "DEBUG: postprocessing ----------\n" if $debug; | 859 | print STDERR "DEBUG: postprocessing ----------\n" if $debug; |
| @@ -809,6 +865,17 @@ sub do_defs | |||
| 809 | next if(/typedef\W/); | 865 | next if(/typedef\W/); |
| 810 | next if(/\#define/); | 866 | next if(/\#define/); |
| 811 | 867 | ||
| 868 | # Reduce argument lists to empty () | ||
| 869 | # fold round brackets recursively: (t(*v)(t),t) -> (t{}{},t) -> {} | ||
| 870 | while(/\(.*\)/s) { | ||
| 871 | s/\([^\(\)]+\)/\{\}/gs; | ||
| 872 | s/\(\s*\*\s*(\w+)\s*\{\}\s*\)/$1/gs; #(*f{}) -> f | ||
| 873 | } | ||
| 874 | # pretend as we didn't use curly braces: {} -> () | ||
| 875 | s/\{\}/\(\)/gs; | ||
| 876 | |||
| 877 | s/STACK_OF\(\)/void/gs; | ||
| 878 | |||
| 812 | print STDERR "DEBUG: \$_ = \"$_\"\n" if $debug; | 879 | print STDERR "DEBUG: \$_ = \"$_\"\n" if $debug; |
| 813 | if (/^\#INFO:([^:]*):(.*)$/) { | 880 | if (/^\#INFO:([^:]*):(.*)$/) { |
| 814 | $plats = $1; | 881 | $plats = $1; |
| @@ -819,21 +886,10 @@ sub do_defs | |||
| 819 | $s = $1; | 886 | $s = $1; |
| 820 | $k = "VARIABLE"; | 887 | $k = "VARIABLE"; |
| 821 | print STDERR "DEBUG: found external variable $s\n" if $debug; | 888 | print STDERR "DEBUG: found external variable $s\n" if $debug; |
| 822 | } elsif (/\(\*(\w*(\{[0-9]+\})?)\([^\)]+/) { | 889 | } elsif (/TYPEDEF_\w+_OF/s) { |
| 823 | $s = $1; | ||
| 824 | print STDERR "DEBUG: found ANSI C function $s\n" if $debug; | ||
| 825 | } elsif (/\w+\W+(\w+)\W*\(\s*\)(\s*__attribute__\(.*\)\s*)?$/s) { | ||
| 826 | # K&R C | ||
| 827 | print STDERR "DEBUG: found K&R C function $s\n" if $debug; | ||
| 828 | next; | 890 | next; |
| 829 | } elsif (/\w+\W+\w+(\{[0-9]+\})?\W*\(.*\)(\s*__attribute__\(.*\)\s*)?$/s) { | 891 | } elsif (/(\w+)\s*\(\).*/s) { # first token prior [first] () is |
| 830 | while (not /\(\)(\s*__attribute__\(.*\)\s*)?$/s) { | 892 | $s = $1; # a function name! |
| 831 | s/[^\(\)]*\)(\s*__attribute__\(.*\)\s*)?$/\)/s; | ||
| 832 | s/\([^\(\)]*\)\)(\s*__attribute__\(.*\)\s*)?$/\)/s; | ||
| 833 | } | ||
| 834 | s/\(void\)//; | ||
| 835 | /(\w+(\{[0-9]+\})?)\W*\(\)/s; | ||
| 836 | $s = $1; | ||
| 837 | print STDERR "DEBUG: found function $s\n" if $debug; | 893 | print STDERR "DEBUG: found function $s\n" if $debug; |
| 838 | } elsif (/\(/ and not (/=/)) { | 894 | } elsif (/\(/ and not (/=/)) { |
| 839 | print STDERR "File $file: cannot parse: $_;\n"; | 895 | print STDERR "File $file: cannot parse: $_;\n"; |
| @@ -864,13 +920,9 @@ sub do_defs | |||
| 864 | $a .= ",RSA" if($s =~ /PEM_Seal(Final|Init|Update)/); | 920 | $a .= ",RSA" if($s =~ /PEM_Seal(Final|Init|Update)/); |
| 865 | $a .= ",RSA" if($s =~ /RSAPrivateKey/); | 921 | $a .= ",RSA" if($s =~ /RSAPrivateKey/); |
| 866 | $a .= ",RSA" if($s =~ /SSLv23?_((client|server)_)?method/); | 922 | $a .= ",RSA" if($s =~ /SSLv23?_((client|server)_)?method/); |
| 867 | # SHA2 algorithms only defined in FIPS mode for | ||
| 868 | # OpenSSL 0.9.7 | ||
| 869 | $p .= "OPENSSL_FIPS" if($s =~ /SHA[235]/); | ||
| 870 | 923 | ||
| 871 | $platform{$s} = | 924 | $platform{$s} = |
| 872 | &reduce_platforms((defined($platform{$s})?$platform{$s}.',':"").$p); | 925 | &reduce_platforms((defined($platform{$s})?$platform{$s}.',':"").$p); |
| 873 | $algorithm{$s} = '' if !defined $algorithm{$s}; | ||
| 874 | $algorithm{$s} .= ','.$a; | 926 | $algorithm{$s} .= ','.$a; |
| 875 | 927 | ||
| 876 | if (defined($variant{$s})) { | 928 | if (defined($variant{$s})) { |
| @@ -1035,9 +1087,7 @@ sub is_valid | |||
| 1035 | if ($keyword eq "EXPORT_VAR_AS_FUNCTION" && ($VMSVAX || $W32 || $W16)) { | 1087 | if ($keyword eq "EXPORT_VAR_AS_FUNCTION" && ($VMSVAX || $W32 || $W16)) { |
| 1036 | return 1; | 1088 | return 1; |
| 1037 | } | 1089 | } |
| 1038 | if ($keyword eq "OPENSSL_FIPS" && $fips) { | 1090 | if ($keyword eq "ZLIB" && $zlib) { return 1; } |
| 1039 | return 1; | ||
| 1040 | } | ||
| 1041 | return 0; | 1091 | return 0; |
| 1042 | } else { | 1092 | } else { |
| 1043 | # algorithms | 1093 | # algorithms |
| @@ -1058,8 +1108,12 @@ sub is_valid | |||
| 1058 | if ($keyword eq "DSA" && $no_dsa) { return 0; } | 1108 | if ($keyword eq "DSA" && $no_dsa) { return 0; } |
| 1059 | if ($keyword eq "DH" && $no_dh) { return 0; } | 1109 | if ($keyword eq "DH" && $no_dh) { return 0; } |
| 1060 | if ($keyword eq "EC" && $no_ec) { return 0; } | 1110 | if ($keyword eq "EC" && $no_ec) { return 0; } |
| 1111 | if ($keyword eq "ECDSA" && $no_ecdsa) { return 0; } | ||
| 1112 | if ($keyword eq "ECDH" && $no_ecdh) { return 0; } | ||
| 1061 | if ($keyword eq "HMAC" && $no_hmac) { return 0; } | 1113 | if ($keyword eq "HMAC" && $no_hmac) { return 0; } |
| 1062 | if ($keyword eq "AES" && $no_aes) { return 0; } | 1114 | if ($keyword eq "AES" && $no_aes) { return 0; } |
| 1115 | if ($keyword eq "CAMELLIA" && $no_camellia) { return 0; } | ||
| 1116 | if ($keyword eq "SEED" && $no_seed) { return 0; } | ||
| 1063 | if ($keyword eq "EVP" && $no_evp) { return 0; } | 1117 | if ($keyword eq "EVP" && $no_evp) { return 0; } |
| 1064 | if ($keyword eq "LHASH" && $no_lhash) { return 0; } | 1118 | if ($keyword eq "LHASH" && $no_lhash) { return 0; } |
| 1065 | if ($keyword eq "STACK" && $no_stack) { return 0; } | 1119 | if ($keyword eq "STACK" && $no_stack) { return 0; } |
| @@ -1072,6 +1126,12 @@ sub is_valid | |||
| 1072 | if ($keyword eq "ENGINE" && $no_engine) { return 0; } | 1126 | if ($keyword eq "ENGINE" && $no_engine) { return 0; } |
| 1073 | if ($keyword eq "HW" && $no_hw) { return 0; } | 1127 | if ($keyword eq "HW" && $no_hw) { return 0; } |
| 1074 | if ($keyword eq "FP_API" && $no_fp_api) { return 0; } | 1128 | if ($keyword eq "FP_API" && $no_fp_api) { return 0; } |
| 1129 | if ($keyword eq "STATIC_ENGINE" && $no_static_engine) { return 0; } | ||
| 1130 | if ($keyword eq "GMP" && $no_gmp) { return 0; } | ||
| 1131 | if ($keyword eq "RFC3779" && $no_rfc3779) { return 0; } | ||
| 1132 | if ($keyword eq "TLSEXT" && $no_tlsext) { return 0; } | ||
| 1133 | if ($keyword eq "CMS" && $no_cms) { return 0; } | ||
| 1134 | if ($keyword eq "DEPRECATED" && $no_deprecated) { return 0; } | ||
| 1075 | 1135 | ||
| 1076 | # Nothing recognise as true | 1136 | # Nothing recognise as true |
| 1077 | return 1; | 1137 | return 1; |
| @@ -1174,8 +1234,6 @@ EOO | |||
| 1174 | 1234 | ||
| 1175 | LIBRARY $libname $liboptions | 1235 | LIBRARY $libname $liboptions |
| 1176 | 1236 | ||
| 1177 | DESCRIPTION '$description' | ||
| 1178 | |||
| 1179 | EOF | 1237 | EOF |
| 1180 | 1238 | ||
| 1181 | if ($W16) { | 1239 | if ($W16) { |
diff --git a/src/lib/libssl/src/util/mkdir-p.pl b/src/lib/libssl/src/util/mkdir-p.pl index 6c69c2daa4..e73d02b073 100644 --- a/src/lib/libssl/src/util/mkdir-p.pl +++ b/src/lib/libssl/src/util/mkdir-p.pl | |||
| @@ -8,6 +8,7 @@ | |||
| 8 | my $arg; | 8 | my $arg; |
| 9 | 9 | ||
| 10 | foreach $arg (@ARGV) { | 10 | foreach $arg (@ARGV) { |
| 11 | $arg =~ tr|\\|/|; | ||
| 11 | &do_mkdir_p($arg); | 12 | &do_mkdir_p($arg); |
| 12 | } | 13 | } |
| 13 | 14 | ||
diff --git a/src/lib/libssl/src/util/mkerr.pl b/src/lib/libssl/src/util/mkerr.pl index 9678514604..53e14ab4df 100644 --- a/src/lib/libssl/src/util/mkerr.pl +++ b/src/lib/libssl/src/util/mkerr.pl | |||
| @@ -44,8 +44,7 @@ while (@ARGV) { | |||
| 44 | } | 44 | } |
| 45 | 45 | ||
| 46 | if($recurse) { | 46 | if($recurse) { |
| 47 | @source = (<crypto/*.c>, <crypto/*/*.c>, <ssl/*.c>, <fips-1.0/*.c>, | 47 | @source = (<crypto/*.c>, <crypto/*/*.c>, <ssl/*.c>); |
| 48 | <fips-1.0/*/*.c>); | ||
| 49 | } else { | 48 | } else { |
| 50 | @source = @ARGV; | 49 | @source = @ARGV; |
| 51 | } | 50 | } |
| @@ -66,6 +65,8 @@ while(<IN>) | |||
| 66 | $csrc{$1} = $3; | 65 | $csrc{$1} = $3; |
| 67 | $fmax{$1} = 99; | 66 | $fmax{$1} = 99; |
| 68 | $rmax{$1} = 99; | 67 | $rmax{$1} = 99; |
| 68 | $fassigned{$1} = ":"; | ||
| 69 | $rassigned{$1} = ":"; | ||
| 69 | $fnew{$1} = 0; | 70 | $fnew{$1} = 0; |
| 70 | $rnew{$1} = 0; | 71 | $rnew{$1} = 0; |
| 71 | } | 72 | } |
| @@ -104,15 +105,24 @@ while (($hdr, $lib) = each %libinc) | |||
| 104 | next; | 105 | next; |
| 105 | } | 106 | } |
| 106 | 107 | ||
| 107 | $cpp = 1 if /^#.*ifdef.*cplusplus/; # skip "C" declaration | 108 | if(/\/\*/) { |
| 109 | if (not /\*\//) { # multiline comment... | ||
| 110 | $line = $_; # ... just accumulate | ||
| 111 | next; | ||
| 112 | } else { | ||
| 113 | s/\/\*.*?\*\///gs; # wipe it | ||
| 114 | } | ||
| 115 | } | ||
| 116 | |||
| 108 | if ($cpp) { | 117 | if ($cpp) { |
| 109 | $cpp = 0 if /^#.*endif/; | 118 | $cpp++ if /^#\s*if/; |
| 119 | $cpp-- if /^#\s*endif/; | ||
| 110 | next; | 120 | next; |
| 111 | } | 121 | } |
| 122 | $cpp = 1 if /^#.*ifdef.*cplusplus/; # skip "C" declaration | ||
| 112 | 123 | ||
| 113 | next if (/^\#/); # skip preprocessor directives | 124 | next if (/^\#/); # skip preprocessor directives |
| 114 | 125 | ||
| 115 | s/\/\*.*?\*\///gs; # ignore comments | ||
| 116 | s/{[^{}]*}//gs; # ignore {} blocks | 126 | s/{[^{}]*}//gs; # ignore {} blocks |
| 117 | 127 | ||
| 118 | if (/\{|\/\*/) { # Add a } so editor works... | 128 | if (/\{|\/\*/) { # Add a } so editor works... |
| @@ -125,31 +135,37 @@ while (($hdr, $lib) = each %libinc) | |||
| 125 | 135 | ||
| 126 | print STDERR " \r" if $debug; | 136 | print STDERR " \r" if $debug; |
| 127 | $defnr = 0; | 137 | $defnr = 0; |
| 138 | # Delete any DECLARE_ macros | ||
| 139 | $def =~ s/DECLARE_\w+\([\w,\s]+\)//gs; | ||
| 128 | foreach (split /;/, $def) { | 140 | foreach (split /;/, $def) { |
| 129 | $defnr++; | 141 | $defnr++; |
| 130 | print STDERR "def: $defnr\r" if $debug; | 142 | print STDERR "def: $defnr\r" if $debug; |
| 131 | 143 | ||
| 144 | # The goal is to collect function names from function declarations. | ||
| 145 | |||
| 132 | s/^[\n\s]*//g; | 146 | s/^[\n\s]*//g; |
| 133 | s/[\n\s]*$//g; | 147 | s/[\n\s]*$//g; |
| 134 | next if(/typedef\W/); | 148 | |
| 135 | if (/\(\*(\w*)\([^\)]+/) { | 149 | # Skip over recognized non-function declarations |
| 136 | my $name = $1; | 150 | next if(/typedef\W/ or /DECLARE_STACK_OF/ or /TYPEDEF_.*_OF/); |
| 137 | $name =~ tr/[a-z]/[A-Z]/; | 151 | |
| 138 | $ftrans{$name} = $1; | 152 | # Remove STACK_OF(foo) |
| 139 | } elsif (/\w+\W+(\w+)\W*\(\s*\)(\s*__attribute__\(.*\)\s*)?$/s){ | 153 | s/STACK_OF\(\w+\)/void/; |
| 140 | # K&R C | 154 | |
| 141 | next ; | 155 | # Reduce argument lists to empty () |
| 142 | } elsif (/\w+\W+\w+\W*\(.*\)(\s*__attribute__\(.*\)\s*)?$/s) { | 156 | # fold round brackets recursively: (t(*v)(t),t) -> (t{}{},t) -> {} |
| 143 | while (not /\(\)(\s*__attribute__\(.*\)\s*)?$/s) { | 157 | while(/\(.*\)/s) { |
| 144 | s/[^\(\)]*\)(\s*__attribute__\(.*\)\s*)?$/\)/s; | 158 | s/\([^\(\)]+\)/\{\}/gs; |
| 145 | s/\([^\(\)]*\)\)(\s*__attribute__\(.*\)\s*)?$/\)/s; | 159 | s/\(\s*\*\s*(\w+)\s*\{\}\s*\)/$1/gs; #(*f{}) -> f |
| 146 | } | 160 | } |
| 147 | s/\(void\)//; | 161 | # pretend as we didn't use curly braces: {} -> () |
| 148 | /(\w+(\{[0-9]+\})?)\W*\(\)/s; | 162 | s/\{\}/\(\)/gs; |
| 149 | my $name = $1; | 163 | |
| 164 | if (/(\w+)\s*\(\).*/s) { # first token prior [first] () is | ||
| 165 | my $name = $1; # a function name! | ||
| 150 | $name =~ tr/[a-z]/[A-Z]/; | 166 | $name =~ tr/[a-z]/[A-Z]/; |
| 151 | $ftrans{$name} = $1; | 167 | $ftrans{$name} = $1; |
| 152 | } elsif (/\(/ and not (/=/ or /DECLARE_STACK/)) { | 168 | } elsif (/[\(\)]/ and not (/=/)) { |
| 153 | print STDERR "Header $hdr: cannot parse: $_;\n"; | 169 | print STDERR "Header $hdr: cannot parse: $_;\n"; |
| 154 | } | 170 | } |
| 155 | } | 171 | } |
| @@ -162,7 +178,7 @@ while (($hdr, $lib) = each %libinc) | |||
| 162 | # maximum code used. | 178 | # maximum code used. |
| 163 | 179 | ||
| 164 | if ($gotfile) { | 180 | if ($gotfile) { |
| 165 | while(<IN>) { | 181 | while(<IN>) { |
| 166 | if(/^\#define\s+(\S+)\s+(\S+)/) { | 182 | if(/^\#define\s+(\S+)\s+(\S+)/) { |
| 167 | $name = $1; | 183 | $name = $1; |
| 168 | $code = $2; | 184 | $code = $2; |
| @@ -173,18 +189,49 @@ while (($hdr, $lib) = each %libinc) | |||
| 173 | } | 189 | } |
| 174 | if($1 eq "R") { | 190 | if($1 eq "R") { |
| 175 | $rcodes{$name} = $code; | 191 | $rcodes{$name} = $code; |
| 192 | if ($rassigned{$lib} =~ /:$code:/) { | ||
| 193 | print STDERR "!! ERROR: $lib reason code $code assigned twice\n"; | ||
| 194 | } | ||
| 195 | $rassigned{$lib} .= "$code:"; | ||
| 176 | if(!(exists $rextra{$name}) && | 196 | if(!(exists $rextra{$name}) && |
| 177 | ($code > $rmax{$lib}) ) { | 197 | ($code > $rmax{$lib}) ) { |
| 178 | $rmax{$lib} = $code; | 198 | $rmax{$lib} = $code; |
| 179 | } | 199 | } |
| 180 | } else { | 200 | } else { |
| 201 | if ($fassigned{$lib} =~ /:$code:/) { | ||
| 202 | print STDERR "!! ERROR: $lib function code $code assigned twice\n"; | ||
| 203 | } | ||
| 204 | $fassigned{$lib} .= "$code:"; | ||
| 181 | if($code > $fmax{$lib}) { | 205 | if($code > $fmax{$lib}) { |
| 182 | $fmax{$lib} = $code; | 206 | $fmax{$lib} = $code; |
| 183 | } | 207 | } |
| 184 | $fcodes{$name} = $code; | 208 | $fcodes{$name} = $code; |
| 185 | } | 209 | } |
| 186 | } | 210 | } |
| 187 | } | 211 | } |
| 212 | } | ||
| 213 | |||
| 214 | if ($debug) { | ||
| 215 | if (defined($fmax{$lib})) { | ||
| 216 | print STDERR "Max function code fmax" . "{" . "$lib" . "} = $fmax{$lib}\n"; | ||
| 217 | $fassigned{$lib} =~ m/^:(.*):$/; | ||
| 218 | @fassigned = sort {$a <=> $b} split(":", $1); | ||
| 219 | print STDERR " @fassigned\n"; | ||
| 220 | } | ||
| 221 | if (defined($rmax{$lib})) { | ||
| 222 | print STDERR "Max reason code rmax" . "{" . "$lib" . "} = $rmax{$lib}\n"; | ||
| 223 | $rassigned{$lib} =~ m/^:(.*):$/; | ||
| 224 | @rassigned = sort {$a <=> $b} split(":", $1); | ||
| 225 | print STDERR " @rassigned\n"; | ||
| 226 | } | ||
| 227 | } | ||
| 228 | |||
| 229 | if ($lib eq "SSL") { | ||
| 230 | if ($rmax{$lib} >= 1000) { | ||
| 231 | print STDERR "!! ERROR: SSL error codes 1000+ are reserved for alerts.\n"; | ||
| 232 | print STDERR "!! Any new alerts must be added to $config.\n"; | ||
| 233 | print STDERR "\n"; | ||
| 234 | } | ||
| 188 | } | 235 | } |
| 189 | close IN; | 236 | close IN; |
| 190 | } | 237 | } |
| @@ -201,11 +248,10 @@ while (($hdr, $lib) = each %libinc) | |||
| 201 | # so all those unreferenced can be printed out. | 248 | # so all those unreferenced can be printed out. |
| 202 | 249 | ||
| 203 | 250 | ||
| 204 | print STDERR "Files loaded: " if $debug; | ||
| 205 | foreach $file (@source) { | 251 | foreach $file (@source) { |
| 206 | # Don't parse the error source file. | 252 | # Don't parse the error source file. |
| 207 | next if exists $cskip{$file}; | 253 | next if exists $cskip{$file}; |
| 208 | print STDERR $file if $debug; | 254 | print STDERR "File loaded: ".$file."\r" if $debug; |
| 209 | open(IN, "<$file") || die "Can't open source file $file\n"; | 255 | open(IN, "<$file") || die "Can't open source file $file\n"; |
| 210 | while(<IN>) { | 256 | while(<IN>) { |
| 211 | if(/(([A-Z0-9]+)_F_([A-Z0-9_]+))/) { | 257 | if(/(([A-Z0-9]+)_F_([A-Z0-9_]+))/) { |
| @@ -229,7 +275,7 @@ foreach $file (@source) { | |||
| 229 | } | 275 | } |
| 230 | close IN; | 276 | close IN; |
| 231 | } | 277 | } |
| 232 | print STDERR "\n" if $debug; | 278 | print STDERR " \n" if $debug; |
| 233 | 279 | ||
| 234 | # Now process each library in turn. | 280 | # Now process each library in turn. |
| 235 | 281 | ||
| @@ -266,7 +312,7 @@ foreach $lib (keys %csrc) | |||
| 266 | } else { | 312 | } else { |
| 267 | push @out, | 313 | push @out, |
| 268 | "/* ====================================================================\n", | 314 | "/* ====================================================================\n", |
| 269 | " * Copyright (c) 2001-2005 The OpenSSL Project. All rights reserved.\n", | 315 | " * Copyright (c) 2001-2008 The OpenSSL Project. All rights reserved.\n", |
| 270 | " *\n", | 316 | " *\n", |
| 271 | " * Redistribution and use in source and binary forms, with or without\n", | 317 | " * Redistribution and use in source and binary forms, with or without\n", |
| 272 | " * modification, are permitted provided that the following conditions\n", | 318 | " * modification, are permitted provided that the following conditions\n", |
| @@ -356,7 +402,16 @@ EOF | |||
| 356 | foreach $i (@function) { | 402 | foreach $i (@function) { |
| 357 | $z=6-int(length($i)/8); | 403 | $z=6-int(length($i)/8); |
| 358 | if($fcodes{$i} eq "X") { | 404 | if($fcodes{$i} eq "X") { |
| 359 | $fcodes{$i} = ++$fmax{$lib}; | 405 | $fassigned{$lib} =~ m/^:([^:]*):/; |
| 406 | $findcode = $1; | ||
| 407 | if (!defined($findcode)) { | ||
| 408 | $findcode = $fmax{$lib}; | ||
| 409 | } | ||
| 410 | while ($fassigned{$lib} =~ m/:$findcode:/) { | ||
| 411 | $findcode++; | ||
| 412 | } | ||
| 413 | $fcodes{$i} = $findcode; | ||
| 414 | $fassigned{$lib} .= "$findcode:"; | ||
| 360 | print STDERR "New Function code $i\n" if $debug; | 415 | print STDERR "New Function code $i\n" if $debug; |
| 361 | } | 416 | } |
| 362 | printf OUT "#define $i%s $fcodes{$i}\n","\t" x $z; | 417 | printf OUT "#define $i%s $fcodes{$i}\n","\t" x $z; |
| @@ -367,7 +422,16 @@ EOF | |||
| 367 | foreach $i (@reasons) { | 422 | foreach $i (@reasons) { |
| 368 | $z=6-int(length($i)/8); | 423 | $z=6-int(length($i)/8); |
| 369 | if($rcodes{$i} eq "X") { | 424 | if($rcodes{$i} eq "X") { |
| 370 | $rcodes{$i} = ++$rmax{$lib}; | 425 | $rassigned{$lib} =~ m/^:([^:]*):/; |
| 426 | $findcode = $1; | ||
| 427 | if (!defined($findcode)) { | ||
| 428 | $findcode = $rmax{$lib}; | ||
| 429 | } | ||
| 430 | while ($rassigned{$lib} =~ m/:$findcode:/) { | ||
| 431 | $findcode++; | ||
| 432 | } | ||
| 433 | $rcodes{$i} = $findcode; | ||
| 434 | $rassigned{$lib} .= "$findcode:"; | ||
| 371 | print STDERR "New Reason code $i\n" if $debug; | 435 | print STDERR "New Reason code $i\n" if $debug; |
| 372 | } | 436 | } |
| 373 | printf OUT "#define $i%s $rcodes{$i}\n","\t" x $z; | 437 | printf OUT "#define $i%s $rcodes{$i}\n","\t" x $z; |
| @@ -422,7 +486,7 @@ EOF | |||
| 422 | print OUT <<"EOF"; | 486 | print OUT <<"EOF"; |
| 423 | /* $cfile */ | 487 | /* $cfile */ |
| 424 | /* ==================================================================== | 488 | /* ==================================================================== |
| 425 | * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved. | 489 | * Copyright (c) 1999-2008 The OpenSSL Project. All rights reserved. |
| 426 | * | 490 | * |
| 427 | * Redistribution and use in source and binary forms, with or without | 491 | * Redistribution and use in source and binary forms, with or without |
| 428 | * modification, are permitted provided that the following conditions | 492 | * modification, are permitted provided that the following conditions |
| @@ -536,17 +600,14 @@ if($static) { | |||
| 536 | 600 | ||
| 537 | ${staticloader}void ERR_load_${lib}_strings(void) | 601 | ${staticloader}void ERR_load_${lib}_strings(void) |
| 538 | { | 602 | { |
| 539 | static int init=1; | 603 | #ifndef OPENSSL_NO_ERR |
| 540 | 604 | ||
| 541 | if (init) | 605 | if (ERR_func_error_string(${lib}_str_functs[0].error) == NULL) |
| 542 | { | 606 | { |
| 543 | init=0; | ||
| 544 | #ifndef OPENSSL_NO_ERR | ||
| 545 | ERR_load_strings($load_errcode,${lib}_str_functs); | 607 | ERR_load_strings($load_errcode,${lib}_str_functs); |
| 546 | ERR_load_strings($load_errcode,${lib}_str_reasons); | 608 | ERR_load_strings($load_errcode,${lib}_str_reasons); |
| 547 | #endif | ||
| 548 | |||
| 549 | } | 609 | } |
| 610 | #endif | ||
| 550 | } | 611 | } |
| 551 | EOF | 612 | EOF |
| 552 | } else { | 613 | } else { |
diff --git a/src/lib/libssl/src/util/mkfiles.pl b/src/lib/libssl/src/util/mkfiles.pl index bc78510f56..1282392fea 100644 --- a/src/lib/libssl/src/util/mkfiles.pl +++ b/src/lib/libssl/src/util/mkfiles.pl | |||
| @@ -24,12 +24,16 @@ my @dirs = ( | |||
| 24 | "crypto/bf", | 24 | "crypto/bf", |
| 25 | "crypto/cast", | 25 | "crypto/cast", |
| 26 | "crypto/aes", | 26 | "crypto/aes", |
| 27 | "crypto/camellia", | ||
| 28 | "crypto/seed", | ||
| 27 | "crypto/bn", | 29 | "crypto/bn", |
| 28 | "crypto/rsa", | 30 | "crypto/rsa", |
| 29 | "crypto/dsa", | 31 | "crypto/dsa", |
| 30 | "crypto/dso", | 32 | "crypto/dso", |
| 31 | "crypto/dh", | 33 | "crypto/dh", |
| 32 | "crypto/ec", | 34 | "crypto/ec", |
| 35 | "crypto/ecdh", | ||
| 36 | "crypto/ecdsa", | ||
| 33 | "crypto/buffer", | 37 | "crypto/buffer", |
| 34 | "crypto/bio", | 38 | "crypto/bio", |
| 35 | "crypto/stack", | 39 | "crypto/stack", |
| @@ -51,17 +55,12 @@ my @dirs = ( | |||
| 51 | "crypto/ocsp", | 55 | "crypto/ocsp", |
| 52 | "crypto/ui", | 56 | "crypto/ui", |
| 53 | "crypto/krb5", | 57 | "crypto/krb5", |
| 54 | "fips-1.0", | 58 | "crypto/store", |
| 55 | "fips-1.0/aes", | 59 | "crypto/pqueue", |
| 56 | "fips-1.0/des", | 60 | "crypto/cms", |
| 57 | "fips-1.0/dsa", | ||
| 58 | "fips-1.0/dh", | ||
| 59 | "fips-1.0/hmac", | ||
| 60 | "fips-1.0/rand", | ||
| 61 | "fips-1.0/rsa", | ||
| 62 | "fips-1.0/sha", | ||
| 63 | "ssl", | 61 | "ssl", |
| 64 | "apps", | 62 | "apps", |
| 63 | "engines", | ||
| 65 | "test", | 64 | "test", |
| 66 | "tools" | 65 | "tools" |
| 67 | ); | 66 | ); |
diff --git a/src/lib/libssl/src/util/mklink.pl b/src/lib/libssl/src/util/mklink.pl index 182732d959..d9bc98aab8 100644 --- a/src/lib/libssl/src/util/mklink.pl +++ b/src/lib/libssl/src/util/mklink.pl | |||
| @@ -14,7 +14,6 @@ | |||
| 14 | # not contain symbolic links and that the parent of / is never referenced. | 14 | # not contain symbolic links and that the parent of / is never referenced. |
| 15 | # Apart from this, this script should be able to handle even the most | 15 | # Apart from this, this script should be able to handle even the most |
| 16 | # pathological cases. | 16 | # pathological cases. |
| 17 | # | ||
| 18 | 17 | ||
| 19 | use Cwd; | 18 | use Cwd; |
| 20 | 19 | ||
diff --git a/src/lib/libssl/src/util/mkstack.pl b/src/lib/libssl/src/util/mkstack.pl index 0ca9eb6a76..2a968f395f 100644 --- a/src/lib/libssl/src/util/mkstack.pl +++ b/src/lib/libssl/src/util/mkstack.pl | |||
| @@ -75,6 +75,7 @@ while(<IN>) { | |||
| 75 | #define sk_${type_thing}_push(st, val) SKM_sk_push($type_thing, (st), (val)) | 75 | #define sk_${type_thing}_push(st, val) SKM_sk_push($type_thing, (st), (val)) |
| 76 | #define sk_${type_thing}_unshift(st, val) SKM_sk_unshift($type_thing, (st), (val)) | 76 | #define sk_${type_thing}_unshift(st, val) SKM_sk_unshift($type_thing, (st), (val)) |
| 77 | #define sk_${type_thing}_find(st, val) SKM_sk_find($type_thing, (st), (val)) | 77 | #define sk_${type_thing}_find(st, val) SKM_sk_find($type_thing, (st), (val)) |
| 78 | #define sk_${type_thing}_find_ex(st, val) SKM_sk_find_ex($type_thing, (st), (val)) | ||
| 78 | #define sk_${type_thing}_delete(st, i) SKM_sk_delete($type_thing, (st), (i)) | 79 | #define sk_${type_thing}_delete(st, i) SKM_sk_delete($type_thing, (st), (i)) |
| 79 | #define sk_${type_thing}_delete_ptr(st, ptr) SKM_sk_delete_ptr($type_thing, (st), (ptr)) | 80 | #define sk_${type_thing}_delete_ptr(st, ptr) SKM_sk_delete_ptr($type_thing, (st), (ptr)) |
| 80 | #define sk_${type_thing}_insert(st, val, i) SKM_sk_insert($type_thing, (st), (val), (i)) | 81 | #define sk_${type_thing}_insert(st, val, i) SKM_sk_insert($type_thing, (st), (val), (i)) |
diff --git a/src/lib/libssl/src/util/pl/BC-32.pl b/src/lib/libssl/src/util/pl/BC-32.pl index 28869c868d..99b8c058d2 100644 --- a/src/lib/libssl/src/util/pl/BC-32.pl +++ b/src/lib/libssl/src/util/pl/BC-32.pl | |||
| @@ -62,7 +62,7 @@ $des_enc_src=''; | |||
| 62 | $bf_enc_obj=''; | 62 | $bf_enc_obj=''; |
| 63 | $bf_enc_src=''; | 63 | $bf_enc_src=''; |
| 64 | 64 | ||
| 65 | if (!$no_asm && !$fips) | 65 | if (!$no_asm) |
| 66 | { | 66 | { |
| 67 | $bn_mulw_obj='crypto\bn\asm\bn_win32.obj'; | 67 | $bn_mulw_obj='crypto\bn\asm\bn_win32.obj'; |
| 68 | $bn_mulw_src='crypto\bn\asm\bn_win32.asm'; | 68 | $bn_mulw_src='crypto\bn\asm\bn_win32.asm'; |
| @@ -126,18 +126,13 @@ ___ | |||
| 126 | 126 | ||
| 127 | sub do_link_rule | 127 | sub do_link_rule |
| 128 | { | 128 | { |
| 129 | local($target,$files,$dep_libs,$libs,$sha1file,$openssl)=@_; | 129 | local($target,$files,$dep_libs,$libs)=@_; |
| 130 | local($ret,$_); | 130 | local($ret,$_); |
| 131 | 131 | ||
| 132 | $file =~ s/\//$o/g if $o ne '/'; | 132 | $file =~ s/\//$o/g if $o ne '/'; |
| 133 | $n=&bname($targer); | 133 | $n=&bname($targer); |
| 134 | $ret.="$target: $files $dep_libs\n"; | 134 | $ret.="$target: $files $dep_libs\n"; |
| 135 | $ret.="\t\$(LINK) \$(LFLAGS) $files \$(APP_EX_OBJ), $target,, $libs\n"; | 135 | $ret.="\t\$(LINK) \$(LFLAGS) $files \$(APP_EX_OBJ), $target,, $libs\n\n"; |
| 136 | if (defined $sha1file) | ||
| 137 | { | ||
| 138 | $ret.="\t$openssl sha1 -hmac etaonrishdlcupfm -binary $target > $sha1file"; | ||
| 139 | } | ||
| 140 | $ret.="\n"; | ||
| 141 | return($ret); | 136 | return($ret); |
| 142 | } | 137 | } |
| 143 | 138 | ||
diff --git a/src/lib/libssl/src/util/pl/Mingw32.pl b/src/lib/libssl/src/util/pl/Mingw32.pl index b9bb24d21d..8f0483fb93 100644 --- a/src/lib/libssl/src/util/pl/Mingw32.pl +++ b/src/lib/libssl/src/util/pl/Mingw32.pl | |||
| @@ -19,9 +19,9 @@ $cc='gcc'; | |||
| 19 | if ($debug) | 19 | if ($debug) |
| 20 | { $cflags="-DL_ENDIAN -DDSO_WIN32 -g2 -ggdb"; } | 20 | { $cflags="-DL_ENDIAN -DDSO_WIN32 -g2 -ggdb"; } |
| 21 | else | 21 | else |
| 22 | { $cflags="-DL_ENDIAN -DDSO_WIN32 -fomit-frame-pointer -O3 -mcpu=i486 -Wall"; } | 22 | { $cflags="-DL_ENDIAN -DDSO_WIN32 -fomit-frame-pointer -O3 -march=i486 -Wall"; } |
| 23 | 23 | ||
| 24 | if ($gaswin and !$no_asm and !$fips) | 24 | if ($gaswin and !$no_asm) |
| 25 | { | 25 | { |
| 26 | $bn_asm_obj='$(OBJ_D)\bn-win32.o'; | 26 | $bn_asm_obj='$(OBJ_D)\bn-win32.o'; |
| 27 | $bn_asm_src='crypto/bn/asm/bn-win32.s'; | 27 | $bn_asm_src='crypto/bn/asm/bn-win32.s'; |
| @@ -43,7 +43,9 @@ if ($gaswin and !$no_asm and !$fips) | |||
| 43 | $rmd160_asm_src='crypto/ripemd/asm/rm-win32.s'; | 43 | $rmd160_asm_src='crypto/ripemd/asm/rm-win32.s'; |
| 44 | $sha1_asm_obj='$(OBJ_D)\s1-win32.o'; | 44 | $sha1_asm_obj='$(OBJ_D)\s1-win32.o'; |
| 45 | $sha1_asm_src='crypto/sha/asm/s1-win32.s'; | 45 | $sha1_asm_src='crypto/sha/asm/s1-win32.s'; |
| 46 | $cflags.=" -DBN_ASM -DMD5_ASM -DSHA1_ASM"; | 46 | $cpuid_asm_obj='$(OBJ_D)\cpu-win32.o'; |
| 47 | $cpuid_asm_src='crypto/cpu-win32.s'; | ||
| 48 | $cflags.=" -DBN_ASM -DMD5_ASM -DSHA1_ASM -DOPENSSL_BN_ASM_PART_WORDS"; | ||
| 47 | } | 49 | } |
| 48 | 50 | ||
| 49 | 51 | ||
| @@ -92,18 +94,13 @@ sub do_lib_rule | |||
| 92 | 94 | ||
| 93 | sub do_link_rule | 95 | sub do_link_rule |
| 94 | { | 96 | { |
| 95 | local($target,$files,$dep_libs,$libs,$sha1file,$openssl)=@_; | 97 | local($target,$files,$dep_libs,$libs)=@_; |
| 96 | local($ret,$_); | 98 | local($ret,$_); |
| 97 | 99 | ||
| 98 | $file =~ s/\//$o/g if $o ne '/'; | 100 | $file =~ s/\//$o/g if $o ne '/'; |
| 99 | $n=&bname($target); | 101 | $n=&bname($target); |
| 100 | $ret.="$target: $files $dep_libs\n"; | 102 | $ret.="$target: $files $dep_libs\n"; |
| 101 | $ret.="\t\$(LINK) ${efile}$target \$(LFLAGS) $files $libs\n"; | 103 | $ret.="\t\$(LINK) ${efile}$target \$(LFLAGS) $files $libs\n\n"; |
| 102 | if (defined $sha1file) | ||
| 103 | { | ||
| 104 | $ret.="\t$openssl sha1 -hmac etaonrishdlcupfm -binary $target > $sha1file"; | ||
| 105 | } | ||
| 106 | $ret.="\n"; | ||
| 107 | return($ret); | 104 | return($ret); |
| 108 | } | 105 | } |
| 109 | 1; | 106 | 1; |
diff --git a/src/lib/libssl/src/util/pl/OS2-EMX.pl b/src/lib/libssl/src/util/pl/OS2-EMX.pl index 8dbeaa7a08..28cd116907 100644 --- a/src/lib/libssl/src/util/pl/OS2-EMX.pl +++ b/src/lib/libssl/src/util/pl/OS2-EMX.pl | |||
| @@ -48,7 +48,7 @@ $des_enc_src=""; | |||
| 48 | $bf_enc_obj=""; | 48 | $bf_enc_obj=""; |
| 49 | $bf_enc_src=""; | 49 | $bf_enc_src=""; |
| 50 | 50 | ||
| 51 | if (!$no_asm && !$fips) | 51 | if (!$no_asm) |
| 52 | { | 52 | { |
| 53 | $bn_asm_obj="crypto/bn/asm/bn-os2$obj crypto/bn/asm/co-os2$obj"; | 53 | $bn_asm_obj="crypto/bn/asm/bn-os2$obj crypto/bn/asm/co-os2$obj"; |
| 54 | $bn_asm_src="crypto/bn/asm/bn-os2.asm crypto/bn/asm/co-os2.asm"; | 54 | $bn_asm_src="crypto/bn/asm/bn-os2.asm crypto/bn/asm/co-os2.asm"; |
| @@ -107,18 +107,13 @@ sub do_lib_rule | |||
| 107 | 107 | ||
| 108 | sub do_link_rule | 108 | sub do_link_rule |
| 109 | { | 109 | { |
| 110 | local($target,$files,$dep_libs,$libs,$sha1file,$openssl)=@_; | 110 | local($target,$files,$dep_libs,$libs)=@_; |
| 111 | local($ret,$_); | 111 | local($ret,$_); |
| 112 | 112 | ||
| 113 | $file =~ s/\//$o/g if $o ne '/'; | 113 | $file =~ s/\//$o/g if $o ne '/'; |
| 114 | $n=&bname($target); | 114 | $n=&bname($target); |
| 115 | $ret.="$target: $files $dep_libs\n"; | 115 | $ret.="$target: $files $dep_libs\n"; |
| 116 | $ret.="\t\$(LINK) ${efile}$target \$(CFLAG) \$(LFLAGS) $files $libs\n"; | 116 | $ret.="\t\$(LINK) ${efile}$target \$(CFLAG) \$(LFLAGS) $files $libs\n\n"; |
| 117 | if (defined $sha1file) | ||
| 118 | { | ||
| 119 | $ret.="\t$openssl sha1 -hmac etaonrishdlcupfm -binary $target > $sha1file"; | ||
| 120 | } | ||
| 121 | $ret.="\n"; | ||
| 122 | return($ret); | 117 | return($ret); |
| 123 | } | 118 | } |
| 124 | 119 | ||
diff --git a/src/lib/libssl/src/util/pl/VC-32.pl b/src/lib/libssl/src/util/pl/VC-32.pl index 4e97dfa9af..9cb2ab7e99 100644 --- a/src/lib/libssl/src/util/pl/VC-32.pl +++ b/src/lib/libssl/src/util/pl/VC-32.pl | |||
| @@ -1,56 +1,154 @@ | |||
| 1 | #!/usr/local/bin/perl | 1 | #!/usr/local/bin/perl |
| 2 | # VCw32lib.pl - the file for Visual C++ 4.[01] for windows NT, static libraries | 2 | # VC-32.pl - unified script for Microsoft Visual C++, covering Win32, |
| 3 | # Win64 and WinCE [follow $FLAVOR variable to trace the differences]. | ||
| 3 | # | 4 | # |
| 4 | 5 | ||
| 5 | $ssl= "ssleay32"; | 6 | $ssl= "ssleay32"; |
| 6 | 7 | $crypto="libeay32"; | |
| 7 | if ($fips && !$shlib) | ||
| 8 | { | ||
| 9 | $crypto="libeayfips32"; | ||
| 10 | $crypto_compat = "libeaycompat32.lib"; | ||
| 11 | } | ||
| 12 | else | ||
| 13 | { | ||
| 14 | $crypto="libeay32"; | ||
| 15 | } | ||
| 16 | 8 | ||
| 17 | $o='\\'; | 9 | $o='\\'; |
| 18 | $cp='copy nul+'; # Timestamps get stuffed otherwise | 10 | $cp='$(PERL) util/copy.pl'; |
| 11 | $mkdir='$(PERL) util/mkdir-p.pl'; | ||
| 19 | $rm='del'; | 12 | $rm='del'; |
| 20 | 13 | ||
| 21 | $zlib_lib="zlib1.lib"; | 14 | $zlib_lib="zlib1.lib"; |
| 22 | 15 | ||
| 23 | # C compiler stuff | 16 | # C compiler stuff |
| 24 | $cc='cl'; | 17 | $cc='cl'; |
| 25 | $cflags=' /MD /W3 /WX /Ox /O2 /Ob2 /Gs0 /GF /Gy /nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DDSO_WIN32'; | 18 | if ($FLAVOR =~ /WIN64/) |
| 26 | $cflags.=' -D_CRT_SECURE_NO_DEPRECATE'; # shut up VC8 | 19 | { |
| 27 | $cflags.=' -D_CRT_NONSTDC_NO_DEPRECATE'; # shut up VC8 | 20 | # Note that we currently don't have /WX on Win64! There is a lot of |
| 28 | $lflags="/nologo /subsystem:console /machine:I386 /opt:ref"; | 21 | # warnings, but only of two types: |
| 22 | # | ||
| 23 | # C4344: conversion from '__int64' to 'int/long', possible loss of data | ||
| 24 | # C4267: conversion from 'size_t' to 'int/long', possible loss of data | ||
| 25 | # | ||
| 26 | # Amount of latter type is minimized by aliasing strlen to function of | ||
| 27 | # own desing and limiting its return value to 2GB-1 (see e_os.h). As | ||
| 28 | # per 0.9.8 release remaining warnings were explicitly examined and | ||
| 29 | # considered safe to ignore. | ||
| 30 | # | ||
| 31 | $base_cflags=' /W3 /Gs0 /GF /Gy /nologo -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DDSO_WIN32 -DOPENSSL_SYSNAME_WIN32 -DOPENSSL_SYSNAME_WINNT -DUNICODE -D_UNICODE'; | ||
| 32 | $base_cflags.=' -D_CRT_SECURE_NO_DEPRECATE'; # shut up VC8 | ||
| 33 | $base_cflags.=' -D_CRT_NONSTDC_NO_DEPRECATE'; # shut up VC8 | ||
| 34 | my $f = $shlib?' /MD':' /MT'; | ||
| 35 | $lib_cflag='/Zl' if (!$shlib); # remove /DEFAULTLIBs from static lib | ||
| 36 | $opt_cflags=$f.' /Ox'; | ||
| 37 | $dbg_cflags=$f.'d /Od -DDEBUG -D_DEBUG'; | ||
| 38 | $lflags="/nologo /subsystem:console /opt:ref"; | ||
| 39 | } | ||
| 40 | elsif ($FLAVOR =~ /CE/) | ||
| 41 | { | ||
| 42 | # sanity check | ||
| 43 | die '%OSVERSION% is not defined' if (!defined($ENV{'OSVERSION'})); | ||
| 44 | die '%PLATFORM% is not defined' if (!defined($ENV{'PLATFORM'})); | ||
| 45 | die '%TARGETCPU% is not defined' if (!defined($ENV{'TARGETCPU'})); | ||
| 46 | |||
| 47 | # | ||
| 48 | # Idea behind this is to mimic flags set by eVC++ IDE... | ||
| 49 | # | ||
| 50 | $wcevers = $ENV{'OSVERSION'}; # WCENNN | ||
| 51 | die '%OSVERSION% value is insane' if ($wcevers !~ /^WCE([1-9])([0-9]{2})$/); | ||
| 52 | $wcecdefs = "-D_WIN32_WCE=$1$2 -DUNDER_CE=$1$2"; # -D_WIN32_WCE=NNN | ||
| 53 | $wcelflag = "/subsystem:windowsce,$1.$2"; # ...,N.NN | ||
| 54 | |||
| 55 | $wceplatf = $ENV{'PLATFORM'}; | ||
| 56 | $wceplatf =~ tr/a-z0-9 /A-Z0-9_/d; | ||
| 57 | $wcecdefs .= " -DWCE_PLATFORM_$wceplatf"; | ||
| 58 | |||
| 59 | $wcetgt = $ENV{'TARGETCPU'}; # just shorter name... | ||
| 60 | SWITCH: for($wcetgt) { | ||
| 61 | /^X86/ && do { $wcecdefs.=" -Dx86 -D_X86_ -D_i386_ -Di_386_"; | ||
| 62 | $wcelflag.=" /machine:IX86"; last; }; | ||
| 63 | /^ARMV4[IT]/ && do { $wcecdefs.=" -DARM -D_ARM_ -D$wcetgt"; | ||
| 64 | $wcecdefs.=" -DTHUMB -D_THUMB_" if($wcetgt=~/T$/); | ||
| 65 | $wcecdefs.=" -QRarch4T -QRinterwork-return"; | ||
| 66 | $wcelflag.=" /machine:THUMB"; last; }; | ||
| 67 | /^ARM/ && do { $wcecdefs.=" -DARM -D_ARM_ -D$wcetgt"; | ||
| 68 | $wcelflag.=" /machine:ARM"; last; }; | ||
| 69 | /^MIPSIV/ && do { $wcecdefs.=" -DMIPS -D_MIPS_ -DR4000 -D$wcetgt"; | ||
| 70 | $wcecdefs.=" -D_MIPS64 -QMmips4 -QMn32"; | ||
| 71 | $wcelflag.=" /machine:MIPSFPU"; last; }; | ||
| 72 | /^MIPS16/ && do { $wcecdefs.=" -DMIPS -D_MIPS_ -DR4000 -D$wcetgt"; | ||
| 73 | $wcecdefs.=" -DMIPSII -QMmips16"; | ||
| 74 | $wcelflag.=" /machine:MIPS16"; last; }; | ||
| 75 | /^MIPSII/ && do { $wcecdefs.=" -DMIPS -D_MIPS_ -DR4000 -D$wcetgt"; | ||
| 76 | $wcecdefs.=" -QMmips2"; | ||
| 77 | $wcelflag.=" /machine:MIPS"; last; }; | ||
| 78 | /^R4[0-9]{3}/ && do { $wcecdefs.=" -DMIPS -D_MIPS_ -DR4000"; | ||
| 79 | $wcelflag.=" /machine:MIPS"; last; }; | ||
| 80 | /^SH[0-9]/ && do { $wcecdefs.=" -D$wcetgt -D_$wcetgt_ -DSHx"; | ||
| 81 | $wcecdefs.=" -Qsh4" if ($wcetgt =~ /^SH4/); | ||
| 82 | $wcelflag.=" /machine:$wcetgt"; last; }; | ||
| 83 | { $wcecdefs.=" -D$wcetgt -D_$wcetgt_"; | ||
| 84 | $wcelflag.=" /machine:$wcetgt"; last; }; | ||
| 85 | } | ||
| 86 | |||
| 87 | $cc='$(CC)'; | ||
| 88 | $base_cflags=' /W3 /WX /GF /Gy /nologo -DUNICODE -D_UNICODE -DOPENSSL_SYSNAME_WINCE -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DDSO_WIN32 -DNO_CHMOD -I$(WCECOMPAT)/include -DOPENSSL_SMALL_FOOTPRINT'; | ||
| 89 | $base_cflags.=" $wcecdefs"; | ||
| 90 | $opt_cflags=' /MC /O1i'; # optimize for space, but with intrinsics... | ||
| 91 | $dbg_clfags=' /MC /Od -DDEBUG -D_DEBUG'; | ||
| 92 | $lflags="/nologo /opt:ref $wcelflag"; | ||
| 93 | } | ||
| 94 | else # Win32 | ||
| 95 | { | ||
| 96 | $base_cflags=' /W3 /WX /Gs0 /GF /Gy /nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DDSO_WIN32'; | ||
| 97 | $base_cflags.=' -D_CRT_SECURE_NO_DEPRECATE'; # shut up VC8 | ||
| 98 | $base_cflags.=' -D_CRT_NONSTDC_NO_DEPRECATE'; # shut up VC8 | ||
| 99 | my $f = $shlib?' /MD':' /MT'; | ||
| 100 | $lib_cflag='/Zl' if (!$shlib); # remove /DEFAULTLIBs from static lib | ||
| 101 | $opt_cflags=$f.' /Ox /O2 /Ob2'; | ||
| 102 | $dbg_cflags=$f.'d /Od -DDEBUG -D_DEBUG'; | ||
| 103 | $lflags="/nologo /subsystem:console /opt:ref"; | ||
| 104 | } | ||
| 29 | $mlflags=''; | 105 | $mlflags=''; |
| 30 | 106 | ||
| 31 | $out_def="out32"; | 107 | $out_def="out32"; $out_def.='_$(TARGETCPU)' if ($FLAVOR =~ /CE/); |
| 32 | $tmp_def="tmp32"; | 108 | $tmp_def="tmp32"; $tmp_def.='_$(TARGETCPU)' if ($FLAVOR =~ /CE/); |
| 33 | $inc_def="inc32"; | 109 | $inc_def="inc32"; |
| 34 | 110 | ||
| 35 | if ($debug) | 111 | if ($debug) |
| 36 | { | 112 | { |
| 37 | $cflags=" /MDd /W3 /WX /Zi /Yd /Od /nologo -DOPENSSL_SYSNAME_WIN32 -D_DEBUG -DL_ENDIAN -DWIN32_LEAN_AND_MEAN -DDEBUG -DDSO_WIN32"; | 113 | $cflags=$dbg_cflags.$base_cflags; |
| 38 | $lflags.=" /debug"; | 114 | $lflags.=" /debug"; |
| 39 | $mlflags.=' /debug'; | 115 | $mlflags.=' /debug'; |
| 40 | } | 116 | } |
| 41 | $cflags .= " -DOPENSSL_SYSNAME_WINNT" if $NT == 1; | 117 | else |
| 118 | { | ||
| 119 | $cflags=$opt_cflags.$base_cflags; | ||
| 120 | } | ||
| 42 | 121 | ||
| 43 | $obj='.obj'; | 122 | $obj='.obj'; |
| 44 | $ofile="/Fo"; | 123 | $ofile="/Fo"; |
| 45 | 124 | ||
| 46 | # EXE linking stuff | 125 | # EXE linking stuff |
| 47 | $link="link"; | 126 | $link="link"; |
| 127 | $rsc="rc"; | ||
| 48 | $efile="/out:"; | 128 | $efile="/out:"; |
| 49 | $exep='.exe'; | 129 | $exep='.exe'; |
| 50 | if ($no_sock) | 130 | if ($no_sock) { $ex_libs=''; } |
| 51 | { $ex_libs=""; } | 131 | elsif ($FLAVOR =~ /CE/) { $ex_libs='winsock.lib'; } |
| 52 | else { $ex_libs="wsock32.lib user32.lib gdi32.lib"; } | 132 | else { $ex_libs='wsock32.lib'; } |
| 53 | 133 | ||
| 134 | if ($FLAVOR =~ /CE/) | ||
| 135 | { | ||
| 136 | $ex_libs.=' $(WCECOMPAT)/lib/wcecompatex.lib'; | ||
| 137 | $ex_libs.=' /nodefaultlib:oldnames.lib coredll.lib corelibc.lib' if ($ENV{'TARGETCPU'} eq "X86"); | ||
| 138 | } | ||
| 139 | else | ||
| 140 | { | ||
| 141 | $ex_libs.=' gdi32.lib advapi32.lib user32.lib'; | ||
| 142 | $ex_libs.=' bufferoverflowu.lib' if ($FLAVOR =~ /WIN64/); | ||
| 143 | } | ||
| 144 | |||
| 145 | # As native NT API is pure UNICODE, our WIN-NT build defaults to UNICODE, | ||
| 146 | # but gets linked with unicows.lib to ensure backward compatibility. | ||
| 147 | if ($FLAVOR =~ /NT/) | ||
| 148 | { | ||
| 149 | $cflags.=" -DOPENSSL_SYSNAME_WINNT -DUNICODE -D_UNICODE"; | ||
| 150 | $ex_libs="unicows.lib $ex_libs"; | ||
| 151 | } | ||
| 54 | # static library stuff | 152 | # static library stuff |
| 55 | $mklib='lib'; | 153 | $mklib='lib'; |
| 56 | $ranlib=''; | 154 | $ranlib=''; |
| @@ -60,9 +158,12 @@ $shlibp=($shlib)?".dll":".lib"; | |||
| 60 | $lfile='/out:'; | 158 | $lfile='/out:'; |
| 61 | 159 | ||
| 62 | $shlib_ex_obj=""; | 160 | $shlib_ex_obj=""; |
| 63 | $app_ex_obj="setargv.obj"; | 161 | $app_ex_obj="setargv.obj" if ($FLAVOR !~ /CE/); |
| 64 | if ($nasm) { | 162 | if ($nasm) { |
| 65 | $asm='nasmw -f win32'; | 163 | my $ver=`nasm -v 2>NUL`; |
| 164 | my $vew=`nasmw -v 2>NUL`; | ||
| 165 | # pick newest version | ||
| 166 | $asm=($ver gt $vew?"nasm":"nasmw")." -f win32"; | ||
| 66 | $afile='-o '; | 167 | $afile='-o '; |
| 67 | } else { | 168 | } else { |
| 68 | $asm='ml /Cp /coff /c /Cx'; | 169 | $asm='ml /Cp /coff /c /Cx'; |
| @@ -77,10 +178,14 @@ $des_enc_src=''; | |||
| 77 | $bf_enc_obj=''; | 178 | $bf_enc_obj=''; |
| 78 | $bf_enc_src=''; | 179 | $bf_enc_src=''; |
| 79 | 180 | ||
| 80 | if (!$no_asm && !$fips) | 181 | if (!$no_asm) |
| 81 | { | 182 | { |
| 183 | $aes_asm_obj='crypto\aes\asm\a_win32.obj'; | ||
| 184 | $aes_asm_src='crypto\aes\asm\a_win32.asm'; | ||
| 82 | $bn_asm_obj='crypto\bn\asm\bn_win32.obj'; | 185 | $bn_asm_obj='crypto\bn\asm\bn_win32.obj'; |
| 83 | $bn_asm_src='crypto\bn\asm\bn_win32.asm'; | 186 | $bn_asm_src='crypto\bn\asm\bn_win32.asm'; |
| 187 | $bnco_asm_obj='crypto\bn\asm\co_win32.obj'; | ||
| 188 | $bnco_asm_src='crypto\bn\asm\co_win32.asm'; | ||
| 84 | $des_enc_obj='crypto\des\asm\d_win32.obj crypto\des\asm\y_win32.obj'; | 189 | $des_enc_obj='crypto\des\asm\d_win32.obj crypto\des\asm\y_win32.obj'; |
| 85 | $des_enc_src='crypto\des\asm\d_win32.asm crypto\des\asm\y_win32.asm'; | 190 | $des_enc_src='crypto\des\asm\d_win32.asm crypto\des\asm\y_win32.asm'; |
| 86 | $bf_enc_obj='crypto\bf\asm\b_win32.obj'; | 191 | $bf_enc_obj='crypto\bf\asm\b_win32.obj'; |
| @@ -93,76 +198,96 @@ if (!$no_asm && !$fips) | |||
| 93 | $rc5_enc_src='crypto\rc5\asm\r5_win32.asm'; | 198 | $rc5_enc_src='crypto\rc5\asm\r5_win32.asm'; |
| 94 | $md5_asm_obj='crypto\md5\asm\m5_win32.obj'; | 199 | $md5_asm_obj='crypto\md5\asm\m5_win32.obj'; |
| 95 | $md5_asm_src='crypto\md5\asm\m5_win32.asm'; | 200 | $md5_asm_src='crypto\md5\asm\m5_win32.asm'; |
| 96 | $sha1_asm_obj='crypto\sha\asm\s1_win32.obj'; | 201 | $sha1_asm_obj='crypto\sha\asm\s1_win32.obj crypto\sha\asm\sha512-sse2.obj'; |
| 97 | $sha1_asm_src='crypto\sha\asm\s1_win32.asm'; | 202 | $sha1_asm_src='crypto\sha\asm\s1_win32.asm crypto\sha\asm\sha512-sse2.asm'; |
| 98 | $rmd160_asm_obj='crypto\ripemd\asm\rm_win32.obj'; | 203 | $rmd160_asm_obj='crypto\ripemd\asm\rm_win32.obj'; |
| 99 | $rmd160_asm_src='crypto\ripemd\asm\rm_win32.asm'; | 204 | $rmd160_asm_src='crypto\ripemd\asm\rm_win32.asm'; |
| 100 | $cflags.=" -DBN_ASM -DMD5_ASM -DSHA1_ASM -DRMD160_ASM"; | 205 | $cpuid_asm_obj='crypto\cpu_win32.obj'; |
| 206 | $cpuid_asm_src='crypto\cpu_win32.asm'; | ||
| 207 | $cflags.=" -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DAES_ASM -DBN_ASM -DOPENSSL_BN_ASM_PART_WORDS -DMD5_ASM -DSHA1_ASM -DRMD160_ASM"; | ||
| 101 | } | 208 | } |
| 102 | 209 | ||
| 103 | if ($shlib) | 210 | if ($shlib && $FLAVOR !~ /CE/) |
| 104 | { | 211 | { |
| 105 | $mlflags.=" $lflags /dll"; | 212 | $mlflags.=" $lflags /dll"; |
| 106 | # $cflags =~ s| /MD| /MT|; | ||
| 107 | $lib_cflag=" -D_WINDLL"; | 213 | $lib_cflag=" -D_WINDLL"; |
| 108 | $out_def="out32dll"; | 214 | $out_def="out32dll"; |
| 109 | $tmp_def="tmp32dll"; | 215 | $tmp_def="tmp32dll"; |
| 216 | # | ||
| 217 | # Engage Applink... | ||
| 218 | # | ||
| 219 | $app_ex_obj.=" \$(OBJ_D)\\applink.obj /implib:\$(TMP_D)\\junk.lib"; | ||
| 220 | $cflags.=" -DOPENSSL_USE_APPLINK -I."; | ||
| 221 | # I'm open for better suggestions than overriding $banner... | ||
| 222 | $banner=<<'___'; | ||
| 223 | @echo Building OpenSSL | ||
| 224 | |||
| 225 | $(OBJ_D)\applink.obj: ms\applink.c | ||
| 226 | $(CC) /Fo$(OBJ_D)\applink.obj $(APP_CFLAGS) -c ms\applink.c | ||
| 227 | $(OBJ_D)\uplink.obj: ms\uplink.c ms\applink.c | ||
| 228 | $(CC) /Fo$(OBJ_D)\uplink.obj $(SHLIB_CFLAGS) -c ms\uplink.c | ||
| 229 | $(INCO_D)\applink.c: ms\applink.c | ||
| 230 | $(CP) ms\applink.c $(INCO_D)\applink.c | ||
| 231 | |||
| 232 | EXHEADER= $(EXHEADER) $(INCO_D)\applink.c | ||
| 233 | |||
| 234 | LIBS_DEP=$(LIBS_DEP) $(OBJ_D)\applink.obj | ||
| 235 | CRYPTOOBJ=$(OBJ_D)\uplink.obj $(CRYPTOOBJ) | ||
| 236 | ___ | ||
| 237 | $banner.=<<'___' if ($FLAVOR =~ /WIN64/); | ||
| 238 | CRYPTOOBJ=ms\uptable.obj $(CRYPTOOBJ) | ||
| 239 | ___ | ||
| 240 | } | ||
| 241 | elsif ($shlib && $FLAVOR =~ /CE/) | ||
| 242 | { | ||
| 243 | $mlflags.=" $lflags /dll"; | ||
| 244 | $lib_cflag=" -D_WINDLL -D_DLL"; | ||
| 245 | $out_def='out32dll_$(TARGETCPU)'; | ||
| 246 | $tmp_def='tmp32dll_$(TARGETCPU)'; | ||
| 110 | } | 247 | } |
| 111 | 248 | ||
| 112 | $cflags.=" /Fd$out_def"; | 249 | $cflags.=" /Fd$out_def"; |
| 113 | 250 | ||
| 114 | sub do_lib_rule | 251 | sub do_lib_rule |
| 115 | { | 252 | { |
| 116 | local($objs,$target,$name,$shlib,$ign,$base_addr) = @_; | 253 | local($objs,$target,$name,$shlib)=@_; |
| 117 | local($ret,$Name); | 254 | local($ret); |
| 118 | 255 | ||
| 119 | $taget =~ s/\//$o/g if $o ne '/'; | 256 | $taget =~ s/\//$o/g if $o ne '/'; |
| 120 | ($Name=$name) =~ tr/a-z/A-Z/; | 257 | if ($name ne "") |
| 121 | my $base_arg; | ||
| 122 | if ($base_addr ne "") | ||
| 123 | { | ||
| 124 | $base_arg= " /base:$base_addr"; | ||
| 125 | } | ||
| 126 | else | ||
| 127 | { | 258 | { |
| 128 | $base_arg = ""; | 259 | $name =~ tr/a-z/A-Z/; |
| 260 | $name = "/def:ms/${name}.def"; | ||
| 129 | } | 261 | } |
| 130 | 262 | ||
| 131 | |||
| 132 | # $target="\$(LIB_D)$o$target"; | 263 | # $target="\$(LIB_D)$o$target"; |
| 264 | $ret.="$target: $objs\n"; | ||
| 133 | if (!$shlib) | 265 | if (!$shlib) |
| 134 | { | 266 | { |
| 135 | # $ret.="\t\$(RM) \$(O_$Name)\n"; | 267 | # $ret.="\t\$(RM) \$(O_$Name)\n"; |
| 136 | $ret.="$target: $objs\n"; | 268 | $ex =' '; |
| 137 | $ex =' advapi32.lib'; | ||
| 138 | $ex.=" \$(FIPSLIB_D)${o}_chkstk.o" if $fips && $target =~ /O_CRYPTO/; | ||
| 139 | $ret.="\t\$(MKLIB) $lfile$target @<<\n $objs $ex\n<<\n"; | 269 | $ret.="\t\$(MKLIB) $lfile$target @<<\n $objs $ex\n<<\n"; |
| 140 | } | 270 | } |
| 141 | else | 271 | else |
| 142 | { | 272 | { |
| 143 | local($ex)=($target =~ /O_SSL/)?' $(L_CRYPTO)':''; | 273 | local($ex)=($target =~ /O_CRYPTO/)?'':' $(L_CRYPTO)'; |
| 144 | $ex.=' wsock32.lib gdi32.lib advapi32.lib user32.lib'; | 274 | if ($name eq "") |
| 145 | $ex.=" $zlib_lib" if $zlib_opt == 1 && $target =~ /O_CRYPTO/; | 275 | { |
| 146 | if ($fips && $target =~ /O_CRYPTO/) | 276 | $ex.=' bufferoverflowu.lib' if ($FLAVOR =~ /WIN64/); |
| 277 | } | ||
| 278 | elsif ($FLAVOR =~ /CE/) | ||
| 147 | { | 279 | { |
| 148 | $ex.=" \$(FIPSLIB_D)${o}_chkstk.o"; | 280 | $ex.=' winsock.lib $(WCECOMPAT)/lib/wcecompatex.lib'; |
| 149 | $ret.="$target: $objs \$(PREMAIN_DSO_EXE)\n"; | ||
| 150 | $ret.="\tSET FIPS_LINK=\$(LINK)\n"; | ||
| 151 | $ret.="\tSET FIPS_CC=\$(CC)\n"; | ||
| 152 | $ret.="\tSET FIPS_CC_ARGS=/Fo\$(OBJ_D)${o}fips_premain.obj \$(SHLIB_CFLAGS) -c\n"; | ||
| 153 | $ret.="\tSET PREMAIN_DSO_EXE=\$(PREMAIN_DSO_EXE)\n"; | ||
| 154 | $ret.="\tSET FIPS_SHA1_EXE=\$(FIPS_SHA1_EXE)\n"; | ||
| 155 | $ret.="\tSET FIPS_TARGET=$target\n"; | ||
| 156 | $ret.="\tSET FIPSLIB_D=\$(FIPSLIB_D)\n"; | ||
| 157 | $ret.="\t\$(FIPSLINK) \$(MLFLAGS) $base_arg $efile$target "; | ||
| 158 | $ret.="/def:ms/${Name}.def @<<\n \$(SHLIB_EX_OBJ) $objs "; | ||
| 159 | $ret.="\$(OBJ_D)${o}fips_premain.obj $ex\n<<\n"; | ||
| 160 | } | 281 | } |
| 161 | else | 282 | else |
| 162 | { | 283 | { |
| 163 | $ret.="$target: $objs\n"; | 284 | $ex.=' unicows.lib' if ($FLAVOR =~ /NT/); |
| 164 | $ret.="\t\$(LINK) \$(MLFLAGS) $base_arg $efile$target /def:ms/${Name}.def @<<\n \$(SHLIB_EX_OBJ) $objs $ex\n<<\n"; | 285 | $ex.=' wsock32.lib gdi32.lib advapi32.lib user32.lib'; |
| 286 | $ex.=' bufferoverflowu.lib' if ($FLAVOR =~ /WIN64/); | ||
| 165 | } | 287 | } |
| 288 | $ex.=" $zlib_lib" if $zlib_opt == 1 && $target =~ /O_CRYPTO/; | ||
| 289 | $ret.="\t\$(LINK) \$(MLFLAGS) $efile$target $name @<<\n \$(SHLIB_EX_OBJ) $objs $ex\n<<\n"; | ||
| 290 | $ret.="\tIF EXIST \$@.manifest mt -nologo -manifest \$@.manifest -outputresource:\$@;2\n\n"; | ||
| 166 | } | 291 | } |
| 167 | $ret.="\n"; | 292 | $ret.="\n"; |
| 168 | return($ret); | 293 | return($ret); |
| @@ -170,51 +295,16 @@ sub do_lib_rule | |||
| 170 | 295 | ||
| 171 | sub do_link_rule | 296 | sub do_link_rule |
| 172 | { | 297 | { |
| 173 | local($target,$files,$dep_libs,$libs,$standalone)=@_; | ||
| 174 | local($ret,$_); | ||
| 175 | $file =~ s/\//$o/g if $o ne '/'; | ||
| 176 | $n=&bname($targer); | ||
| 177 | $ret.="$target: $files $dep_libs\n"; | ||
| 178 | if ($standalone) | ||
| 179 | { | ||
| 180 | $ret.=" \$(LINK) \$(LFLAGS) $efile$target @<<\n\t"; | ||
| 181 | $ret.="\$(FIPSLIB_D)${o}_chkstk.o " if ($files =~ /O_FIPSCANISTER/); | ||
| 182 | $ret.="$files $libs\n<<\n"; | ||
| 183 | } | ||
| 184 | elsif ($fips && !$shlib) | ||
| 185 | { | ||
| 186 | $ret.="\tSET FIPS_LINK=\$(LINK)\n"; | ||
| 187 | $ret.="\tSET FIPS_CC=\$(CC)\n"; | ||
| 188 | $ret.="\tSET FIPS_CC_ARGS=/Fo\$(OBJ_D)${o}fips_premain.obj \$(SHLIB_CFLAGS) -c\n"; | ||
| 189 | $ret.="\tSET PREMAIN_DSO_EXE=\n"; | ||
| 190 | $ret.="\tSET FIPS_TARGET=$target\n"; | ||
| 191 | $ret.="\tSET FIPS_SHA1_EXE=\$(FIPS_SHA1_EXE)\n"; | ||
| 192 | $ret.="\tSET FIPSLIB_D=\$(FIPSLIB_D)\n"; | ||
| 193 | $ret.=" \$(FIPSLINK) \$(LFLAGS) $efile$target @<<\n"; | ||
| 194 | $ret.=" \$(APP_EX_OBJ) $files \$(OBJ_D)${o}fips_premain.obj $libs\n<<\n"; | ||
| 195 | } | ||
| 196 | else | ||
| 197 | { | ||
| 198 | $ret.=" \$(LINK) \$(LFLAGS) $efile$target @<<\n"; | ||
| 199 | $ret.=" \$(APP_EX_OBJ) $files $libs\n<<\n"; | ||
| 200 | } | ||
| 201 | $ret.="\n"; | ||
| 202 | return($ret); | ||
| 203 | } | ||
| 204 | |||
| 205 | sub do_rlink_rule | ||
| 206 | { | ||
| 207 | local($target,$files,$dep_libs,$libs)=@_; | 298 | local($target,$files,$dep_libs,$libs)=@_; |
| 208 | local($ret,$_); | 299 | local($ret,$_); |
| 209 | 300 | ||
| 210 | $file =~ s/\//$o/g if $o ne '/'; | 301 | $file =~ s/\//$o/g if $o ne '/'; |
| 211 | $n=&bname($targer); | 302 | $n=&bname($targer); |
| 212 | $ret.="$target: $files $dep_libs\n"; | 303 | $ret.="$target: $files $dep_libs\n"; |
| 213 | $ret.=" \$(MKCANISTER) $target <<\n"; | 304 | $ret.="\t\$(LINK) \$(LFLAGS) $efile$target @<<\n"; |
| 214 | $ret.="INPUT($files)\n<<\n"; | 305 | $ret.=" \$(APP_EX_OBJ) $files $libs\n<<\n"; |
| 215 | $ret.="\n"; | 306 | $ret.="\tIF EXIST \$@.manifest mt -nologo -manifest \$@.manifest -outputresource:\$@;1\n\n"; |
| 216 | return($ret); | 307 | return($ret); |
| 217 | } | 308 | } |
| 218 | 309 | ||
| 219 | |||
| 220 | 1; | 310 | 1; |
diff --git a/src/lib/libssl/src/util/pl/linux.pl b/src/lib/libssl/src/util/pl/linux.pl index df05c40526..d24f7b7291 100644 --- a/src/lib/libssl/src/util/pl/linux.pl +++ b/src/lib/libssl/src/util/pl/linux.pl | |||
| @@ -39,7 +39,7 @@ if (!$no_asm) | |||
| 39 | $rmd160_asm_src='crypto/ripemd/asm/rm86unix.cpp'; | 39 | $rmd160_asm_src='crypto/ripemd/asm/rm86unix.cpp'; |
| 40 | $sha1_asm_obj='$(OBJ_D)/sx86-elf.o'; | 40 | $sha1_asm_obj='$(OBJ_D)/sx86-elf.o'; |
| 41 | $sha1_asm_src='crypto/sha/asm/sx86unix.cpp'; | 41 | $sha1_asm_src='crypto/sha/asm/sx86unix.cpp'; |
| 42 | $cflags.=" -DBN_ASM -DMD5_ASM -DSHA1_ASM"; | 42 | $cflags.=" -DBN_ASM -DMD5_ASM -DSHA1_ASM -DOPENSSL_BN_ASM_PART_WORDS"; |
| 43 | } | 43 | } |
| 44 | 44 | ||
| 45 | $cflags.=" -DTERMIO -DL_ENDIAN -m486 -Wall"; | 45 | $cflags.=" -DTERMIO -DL_ENDIAN -m486 -Wall"; |
| @@ -72,18 +72,13 @@ sub do_shlib_rule | |||
| 72 | 72 | ||
| 73 | sub do_link_rule | 73 | sub do_link_rule |
| 74 | { | 74 | { |
| 75 | local($target,$files,$dep_libs,$libs,$sha1file,$openssl)=@_; | 75 | local($target,$files,$dep_libs,$libs)=@_; |
| 76 | local($ret,$_); | 76 | local($ret,$_); |
| 77 | 77 | ||
| 78 | $file =~ s/\//$o/g if $o ne '/'; | 78 | $file =~ s/\//$o/g if $o ne '/'; |
| 79 | $n=&bname($target); | 79 | $n=&bname($target); |
| 80 | $ret.="$target: $files $dep_libs\n"; | 80 | $ret.="$target: $files $dep_libs\n"; |
| 81 | $ret.="\t\$(LINK) ${efile}$target \$(LFLAGS) $files $libs\n"; | 81 | $ret.="\t\$(LINK) ${efile}$target \$(LFLAGS) $files $libs\n\n"; |
| 82 | if (defined $sha1file) | ||
| 83 | { | ||
| 84 | $ret.="\t$openssl sha1 -hmac etaonrishdlcupfm -binary $target > $sha1file"; | ||
| 85 | } | ||
| 86 | $ret.="\n"; | ||
| 87 | return($ret); | 82 | return($ret); |
| 88 | } | 83 | } |
| 89 | 84 | ||
diff --git a/src/lib/libssl/src/util/pl/ultrix.pl b/src/lib/libssl/src/util/pl/ultrix.pl index 447b854708..ea370c71f9 100644 --- a/src/lib/libssl/src/util/pl/ultrix.pl +++ b/src/lib/libssl/src/util/pl/ultrix.pl | |||
| @@ -17,7 +17,7 @@ else | |||
| 17 | 17 | ||
| 18 | $cflags.=" -std1 -DL_ENDIAN"; | 18 | $cflags.=" -std1 -DL_ENDIAN"; |
| 19 | 19 | ||
| 20 | if (!$no_asm && !$fips) | 20 | if (!$no_asm) |
| 21 | { | 21 | { |
| 22 | $bn_asm_obj='$(OBJ_D)/mips1.o'; | 22 | $bn_asm_obj='$(OBJ_D)/mips1.o'; |
| 23 | $bn_asm_src='crypto/bn/asm/mips1.s'; | 23 | $bn_asm_src='crypto/bn/asm/mips1.s'; |
| @@ -25,18 +25,13 @@ if (!$no_asm && !$fips) | |||
| 25 | 25 | ||
| 26 | sub do_link_rule | 26 | sub do_link_rule |
| 27 | { | 27 | { |
| 28 | local($target,$files,$dep_libs,$libs,$sha1file,$openssl)=@_; | 28 | local($target,$files,$dep_libs,$libs)=@_; |
| 29 | local($ret,$_); | 29 | local($ret,$_); |
| 30 | 30 | ||
| 31 | $file =~ s/\//$o/g if $o ne '/'; | 31 | $file =~ s/\//$o/g if $o ne '/'; |
| 32 | $n=&bname($target); | 32 | $n=&bname($target); |
| 33 | $ret.="$target: $files $dep_libs\n"; | 33 | $ret.="$target: $files $dep_libs\n"; |
| 34 | $ret.="\t\$(LINK) ${efile}$target \$(LFLAGS) $files $libs\n"; | 34 | $ret.="\t\$(LINK) ${efile}$target \$(LFLAGS) $files $libs\n\n"; |
| 35 | if (defined $sha1file) | ||
| 36 | { | ||
| 37 | $ret.="\t$openssl sha1 -hmac etaonrishdlcupfm -binary $target > $sha1file"; | ||
| 38 | } | ||
| 39 | $ret.="\n"; | ||
| 40 | return($ret); | 35 | return($ret); |
| 41 | } | 36 | } |
| 42 | 37 | ||
diff --git a/src/lib/libssl/src/util/pl/unix.pl b/src/lib/libssl/src/util/pl/unix.pl index bbd1798a2e..146611ad99 100644 --- a/src/lib/libssl/src/util/pl/unix.pl +++ b/src/lib/libssl/src/util/pl/unix.pl | |||
| @@ -70,18 +70,13 @@ sub do_lib_rule | |||
| 70 | 70 | ||
| 71 | sub do_link_rule | 71 | sub do_link_rule |
| 72 | { | 72 | { |
| 73 | local($target,$files,$dep_libs,$libs,$sha1file,$openssl)=@_; | 73 | local($target,$files,$dep_libs,$libs)=@_; |
| 74 | local($ret,$_); | 74 | local($ret,$_); |
| 75 | 75 | ||
| 76 | $file =~ s/\//$o/g if $o ne '/'; | 76 | $file =~ s/\//$o/g if $o ne '/'; |
| 77 | $n=&bname($target); | 77 | $n=&bname($target); |
| 78 | $ret.="$target: $files $dep_libs\n"; | 78 | $ret.="$target: $files $dep_libs\n"; |
| 79 | $ret.="\t\$(LINK) ${efile}$target \$(LFLAGS) $files $libs\n"; | 79 | $ret.="\t\$(LINK) ${efile}$target \$(LFLAGS) $files $libs\n\n"; |
| 80 | if (defined $sha1file) | ||
| 81 | { | ||
| 82 | $ret.="\t$openssl sha1 -hmac etaonrishdlcupfm -binary $target > $sha1file"; | ||
| 83 | } | ||
| 84 | $ret.="\n"; | ||
| 85 | return($ret); | 80 | return($ret); |
| 86 | } | 81 | } |
| 87 | 82 | ||
diff --git a/src/lib/libssl/src/util/ssleay.num b/src/lib/libssl/src/util/ssleay.num index 46e38a131f..b3ac136a56 100644 --- a/src/lib/libssl/src/util/ssleay.num +++ b/src/lib/libssl/src/util/ssleay.num | |||
| @@ -170,7 +170,7 @@ SSL_add_file_cert_subjs_to_stk 185 EXIST:VMS:FUNCTION:STDIO | |||
| 170 | SSL_set_tmp_rsa_callback 186 EXIST::FUNCTION:RSA | 170 | SSL_set_tmp_rsa_callback 186 EXIST::FUNCTION:RSA |
| 171 | SSL_set_tmp_dh_callback 187 EXIST::FUNCTION:DH | 171 | SSL_set_tmp_dh_callback 187 EXIST::FUNCTION:DH |
| 172 | SSL_add_dir_cert_subjects_to_stack 188 EXIST:!VMS:FUNCTION:STDIO | 172 | SSL_add_dir_cert_subjects_to_stack 188 EXIST:!VMS:FUNCTION:STDIO |
| 173 | SSL_add_dir_cert_subjs_to_stk 188 NOEXIST::FUNCTION: | 173 | SSL_add_dir_cert_subjs_to_stk 188 EXIST:VMS:FUNCTION:STDIO |
| 174 | SSL_set_session_id_context 189 EXIST::FUNCTION: | 174 | SSL_set_session_id_context 189 EXIST::FUNCTION: |
| 175 | SSL_CTX_use_certificate_chain_file 222 EXIST:!VMS:FUNCTION:STDIO | 175 | SSL_CTX_use_certificate_chain_file 222 EXIST:!VMS:FUNCTION:STDIO |
| 176 | SSL_CTX_use_cert_chain_file 222 EXIST:VMS:FUNCTION:STDIO | 176 | SSL_CTX_use_cert_chain_file 222 EXIST:VMS:FUNCTION:STDIO |
| @@ -215,3 +215,29 @@ SSL_CTX_set_generate_session_id 264 EXIST::FUNCTION: | |||
| 215 | SSL_renegotiate_pending 265 EXIST::FUNCTION: | 215 | SSL_renegotiate_pending 265 EXIST::FUNCTION: |
| 216 | SSL_CTX_set_msg_callback 266 EXIST::FUNCTION: | 216 | SSL_CTX_set_msg_callback 266 EXIST::FUNCTION: |
| 217 | SSL_set_msg_callback 267 EXIST::FUNCTION: | 217 | SSL_set_msg_callback 267 EXIST::FUNCTION: |
| 218 | DTLSv1_client_method 268 EXIST::FUNCTION: | ||
| 219 | SSL_CTX_set_tmp_ecdh_callback 269 EXIST::FUNCTION:ECDH | ||
| 220 | SSL_set_tmp_ecdh_callback 270 EXIST::FUNCTION:ECDH | ||
| 221 | SSL_COMP_get_name 271 EXIST::FUNCTION:COMP | ||
| 222 | SSL_get_current_compression 272 EXIST::FUNCTION:COMP | ||
| 223 | DTLSv1_method 273 EXIST::FUNCTION: | ||
| 224 | SSL_get_current_expansion 274 EXIST::FUNCTION:COMP | ||
| 225 | DTLSv1_server_method 275 EXIST::FUNCTION: | ||
| 226 | SSL_COMP_get_compression_methods 276 EXIST:!VMS:FUNCTION:COMP | ||
| 227 | SSL_COMP_get_compress_methods 276 EXIST:VMS:FUNCTION:COMP | ||
| 228 | SSL_SESSION_get_id 277 EXIST::FUNCTION: | ||
| 229 | SSL_CTX_sess_set_new_cb 278 EXIST::FUNCTION: | ||
| 230 | SSL_CTX_sess_get_get_cb 279 EXIST::FUNCTION: | ||
| 231 | SSL_CTX_sess_set_get_cb 280 EXIST::FUNCTION: | ||
| 232 | SSL_CTX_set_cookie_verify_cb 281 EXIST::FUNCTION: | ||
| 233 | SSL_CTX_get_info_callback 282 EXIST::FUNCTION: | ||
| 234 | SSL_CTX_set_cookie_generate_cb 283 EXIST::FUNCTION: | ||
| 235 | SSL_CTX_set_client_cert_cb 284 EXIST::FUNCTION: | ||
| 236 | SSL_CTX_sess_set_remove_cb 285 EXIST::FUNCTION: | ||
| 237 | SSL_CTX_set_info_callback 286 EXIST::FUNCTION: | ||
| 238 | SSL_CTX_sess_get_new_cb 287 EXIST::FUNCTION: | ||
| 239 | SSL_CTX_get_client_cert_cb 288 EXIST::FUNCTION: | ||
| 240 | SSL_CTX_sess_get_remove_cb 289 EXIST::FUNCTION: | ||
| 241 | SSL_set_SSL_CTX 290 EXIST::FUNCTION: | ||
| 242 | SSL_get_servername 291 EXIST::FUNCTION:TLSEXT | ||
| 243 | SSL_get_servername_type 292 EXIST::FUNCTION:TLSEXT | ||
diff --git a/src/lib/libssl/ssl.h b/src/lib/libssl/ssl.h index 99e188086b..6df921f3c1 100644 --- a/src/lib/libssl/ssl.h +++ b/src/lib/libssl/ssl.h | |||
| @@ -109,7 +109,7 @@ | |||
| 109 | * | 109 | * |
| 110 | */ | 110 | */ |
| 111 | /* ==================================================================== | 111 | /* ==================================================================== |
| 112 | * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. | 112 | * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. |
| 113 | * | 113 | * |
| 114 | * Redistribution and use in source and binary forms, with or without | 114 | * Redistribution and use in source and binary forms, with or without |
| 115 | * modification, are permitted provided that the following conditions | 115 | * modification, are permitted provided that the following conditions |
| @@ -161,6 +161,11 @@ | |||
| 161 | * Hudson (tjh@cryptsoft.com). | 161 | * Hudson (tjh@cryptsoft.com). |
| 162 | * | 162 | * |
| 163 | */ | 163 | */ |
| 164 | /* ==================================================================== | ||
| 165 | * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. | ||
| 166 | * ECC cipher suite support in OpenSSL originally developed by | ||
| 167 | * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. | ||
| 168 | */ | ||
| 164 | 169 | ||
| 165 | #ifndef HEADER_SSL_H | 170 | #ifndef HEADER_SSL_H |
| 166 | #define HEADER_SSL_H | 171 | #define HEADER_SSL_H |
| @@ -173,9 +178,17 @@ | |||
| 173 | #ifndef OPENSSL_NO_BIO | 178 | #ifndef OPENSSL_NO_BIO |
| 174 | #include <openssl/bio.h> | 179 | #include <openssl/bio.h> |
| 175 | #endif | 180 | #endif |
| 181 | #ifndef OPENSSL_NO_DEPRECATED | ||
| 176 | #ifndef OPENSSL_NO_X509 | 182 | #ifndef OPENSSL_NO_X509 |
| 177 | #include <openssl/x509.h> | 183 | #include <openssl/x509.h> |
| 178 | #endif | 184 | #endif |
| 185 | #include <openssl/crypto.h> | ||
| 186 | #include <openssl/lhash.h> | ||
| 187 | #include <openssl/buffer.h> | ||
| 188 | #endif | ||
| 189 | #include <openssl/pem.h> | ||
| 190 | #include <openssl/hmac.h> | ||
| 191 | |||
| 179 | #include <openssl/kssl.h> | 192 | #include <openssl/kssl.h> |
| 180 | #include <openssl/safestack.h> | 193 | #include <openssl/safestack.h> |
| 181 | #include <openssl/symhacks.h> | 194 | #include <openssl/symhacks.h> |
| @@ -239,7 +252,6 @@ extern "C" { | |||
| 239 | #define SSL_TXT_LOW "LOW" | 252 | #define SSL_TXT_LOW "LOW" |
| 240 | #define SSL_TXT_MEDIUM "MEDIUM" | 253 | #define SSL_TXT_MEDIUM "MEDIUM" |
| 241 | #define SSL_TXT_HIGH "HIGH" | 254 | #define SSL_TXT_HIGH "HIGH" |
| 242 | #define SSL_TXT_FIPS "FIPS" | ||
| 243 | #define SSL_TXT_kFZA "kFZA" | 255 | #define SSL_TXT_kFZA "kFZA" |
| 244 | #define SSL_TXT_aFZA "aFZA" | 256 | #define SSL_TXT_aFZA "aFZA" |
| 245 | #define SSL_TXT_eFZA "eFZA" | 257 | #define SSL_TXT_eFZA "eFZA" |
| @@ -270,7 +282,9 @@ extern "C" { | |||
| 270 | #define SSL_TXT_RC4 "RC4" | 282 | #define SSL_TXT_RC4 "RC4" |
| 271 | #define SSL_TXT_RC2 "RC2" | 283 | #define SSL_TXT_RC2 "RC2" |
| 272 | #define SSL_TXT_IDEA "IDEA" | 284 | #define SSL_TXT_IDEA "IDEA" |
| 285 | #define SSL_TXT_SEED "SEED" | ||
| 273 | #define SSL_TXT_AES "AES" | 286 | #define SSL_TXT_AES "AES" |
| 287 | #define SSL_TXT_CAMELLIA "CAMELLIA" | ||
| 274 | #define SSL_TXT_MD5 "MD5" | 288 | #define SSL_TXT_MD5 "MD5" |
| 275 | #define SSL_TXT_SHA1 "SHA1" | 289 | #define SSL_TXT_SHA1 "SHA1" |
| 276 | #define SSL_TXT_SHA "SHA" | 290 | #define SSL_TXT_SHA "SHA" |
| @@ -282,6 +296,7 @@ extern "C" { | |||
| 282 | #define SSL_TXT_SSLV3 "SSLv3" | 296 | #define SSL_TXT_SSLV3 "SSLv3" |
| 283 | #define SSL_TXT_TLSV1 "TLSv1" | 297 | #define SSL_TXT_TLSV1 "TLSv1" |
| 284 | #define SSL_TXT_ALL "ALL" | 298 | #define SSL_TXT_ALL "ALL" |
| 299 | #define SSL_TXT_ECC "ECCdraft" /* ECC ciphersuites are not yet official */ | ||
| 285 | 300 | ||
| 286 | /* | 301 | /* |
| 287 | * COMPLEMENTOF* definitions. These identifiers are used to (de-select) | 302 | * COMPLEMENTOF* definitions. These identifiers are used to (de-select) |
| @@ -303,7 +318,7 @@ extern "C" { | |||
| 303 | /* The following cipher list is used by default. | 318 | /* The following cipher list is used by default. |
| 304 | * It also is substituted when an application-defined cipher list string | 319 | * It also is substituted when an application-defined cipher list string |
| 305 | * starts with 'DEFAULT'. */ | 320 | * starts with 'DEFAULT'. */ |
| 306 | #define SSL_DEFAULT_CIPHER_LIST "ALL:!ADH:+RC4:@STRENGTH" /* low priority for RC4 */ | 321 | #define SSL_DEFAULT_CIPHER_LIST "AES:ALL:!aNULL:!eNULL:+RC4:@STRENGTH" /* low priority for RC4 */ |
| 307 | 322 | ||
| 308 | /* Used in SSL_set_shutdown()/SSL_get_shutdown(); */ | 323 | /* Used in SSL_set_shutdown()/SSL_get_shutdown(); */ |
| 309 | #define SSL_SENT_SHUTDOWN 1 | 324 | #define SSL_SENT_SHUTDOWN 1 |
| @@ -313,11 +328,6 @@ extern "C" { | |||
| 313 | } | 328 | } |
| 314 | #endif | 329 | #endif |
| 315 | 330 | ||
| 316 | #include <openssl/crypto.h> | ||
| 317 | #include <openssl/lhash.h> | ||
| 318 | #include <openssl/buffer.h> | ||
| 319 | #include <openssl/pem.h> | ||
| 320 | |||
| 321 | #ifdef __cplusplus | 331 | #ifdef __cplusplus |
| 322 | extern "C" { | 332 | extern "C" { |
| 323 | #endif | 333 | #endif |
| @@ -369,6 +379,12 @@ typedef struct ssl_method_st | |||
| 369 | int (*ssl_shutdown)(SSL *s); | 379 | int (*ssl_shutdown)(SSL *s); |
| 370 | int (*ssl_renegotiate)(SSL *s); | 380 | int (*ssl_renegotiate)(SSL *s); |
| 371 | int (*ssl_renegotiate_check)(SSL *s); | 381 | int (*ssl_renegotiate_check)(SSL *s); |
| 382 | long (*ssl_get_message)(SSL *s, int st1, int stn, int mt, long | ||
| 383 | max, int *ok); | ||
| 384 | int (*ssl_read_bytes)(SSL *s, int type, unsigned char *buf, int len, | ||
| 385 | int peek); | ||
| 386 | int (*ssl_write_bytes)(SSL *s, int type, const void *buf_, int len); | ||
| 387 | int (*ssl_dispatch_alert)(SSL *s); | ||
| 372 | long (*ssl_ctrl)(SSL *s,int cmd,long larg,void *parg); | 388 | long (*ssl_ctrl)(SSL *s,int cmd,long larg,void *parg); |
| 373 | long (*ssl_ctx_ctrl)(SSL_CTX *ctx,int cmd,long larg,void *parg); | 389 | long (*ssl_ctx_ctrl)(SSL_CTX *ctx,int cmd,long larg,void *parg); |
| 374 | SSL_CIPHER *(*get_cipher_by_char)(const unsigned char *ptr); | 390 | SSL_CIPHER *(*get_cipher_by_char)(const unsigned char *ptr); |
| @@ -379,9 +395,9 @@ typedef struct ssl_method_st | |||
| 379 | struct ssl_method_st *(*get_ssl_method)(int version); | 395 | struct ssl_method_st *(*get_ssl_method)(int version); |
| 380 | long (*get_timeout)(void); | 396 | long (*get_timeout)(void); |
| 381 | struct ssl3_enc_method *ssl3_enc; /* Extra SSLv3/TLS stuff */ | 397 | struct ssl3_enc_method *ssl3_enc; /* Extra SSLv3/TLS stuff */ |
| 382 | int (*ssl_version)(); | 398 | int (*ssl_version)(void); |
| 383 | long (*ssl_callback_ctrl)(SSL *s, int cb_id, void (*fp)()); | 399 | long (*ssl_callback_ctrl)(SSL *s, int cb_id, void (*fp)(void)); |
| 384 | long (*ssl_ctx_callback_ctrl)(SSL_CTX *s, int cb_id, void (*fp)()); | 400 | long (*ssl_ctx_callback_ctrl)(SSL_CTX *s, int cb_id, void (*fp)(void)); |
| 385 | } SSL_METHOD; | 401 | } SSL_METHOD; |
| 386 | 402 | ||
| 387 | /* Lets make this into an ASN.1 type structure as follows | 403 | /* Lets make this into an ASN.1 type structure as follows |
| @@ -459,6 +475,13 @@ typedef struct ssl_session_st | |||
| 459 | /* These are used to make removal of session-ids more | 475 | /* These are used to make removal of session-ids more |
| 460 | * efficient and to implement a maximum cache size. */ | 476 | * efficient and to implement a maximum cache size. */ |
| 461 | struct ssl_session_st *prev,*next; | 477 | struct ssl_session_st *prev,*next; |
| 478 | #ifndef OPENSSL_NO_TLSEXT | ||
| 479 | char *tlsext_hostname; | ||
| 480 | /* RFC4507 info */ | ||
| 481 | unsigned char *tlsext_tick; /* Session ticket */ | ||
| 482 | size_t tlsext_ticklen; /* Session ticket length */ | ||
| 483 | long tlsext_tick_lifetime_hint; /* Session lifetime hint in seconds */ | ||
| 484 | #endif | ||
| 462 | } SSL_SESSION; | 485 | } SSL_SESSION; |
| 463 | 486 | ||
| 464 | 487 | ||
| @@ -483,8 +506,17 @@ typedef struct ssl_session_st | |||
| 483 | * This used to be 0x000FFFFFL before 0.9.7. */ | 506 | * This used to be 0x000FFFFFL before 0.9.7. */ |
| 484 | #define SSL_OP_ALL 0x00000FFFL | 507 | #define SSL_OP_ALL 0x00000FFFL |
| 485 | 508 | ||
| 509 | /* DTLS options */ | ||
| 510 | #define SSL_OP_NO_QUERY_MTU 0x00001000L | ||
| 511 | /* Turn on Cookie Exchange (on relevant for servers) */ | ||
| 512 | #define SSL_OP_COOKIE_EXCHANGE 0x00002000L | ||
| 513 | /* Don't use RFC4507 ticket extension */ | ||
| 514 | #define SSL_OP_NO_TICKET 0x00004000L | ||
| 515 | |||
| 486 | /* As server, disallow session resumption on renegotiation */ | 516 | /* As server, disallow session resumption on renegotiation */ |
| 487 | #define SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION 0x00010000L | 517 | #define SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION 0x00010000L |
| 518 | /* If set, always create a new key when using tmp_ecdh parameters */ | ||
| 519 | #define SSL_OP_SINGLE_ECDH_USE 0x00080000L | ||
| 488 | /* If set, always create a new key when using tmp_dh parameters */ | 520 | /* If set, always create a new key when using tmp_dh parameters */ |
| 489 | #define SSL_OP_SINGLE_DH_USE 0x00100000L | 521 | #define SSL_OP_SINGLE_DH_USE 0x00100000L |
| 490 | /* Set to always use the tmp_rsa key when doing RSA operations, | 522 | /* Set to always use the tmp_rsa key when doing RSA operations, |
| @@ -546,6 +578,8 @@ typedef struct ssl_session_st | |||
| 546 | SSL_ctrl((ssl),SSL_CTRL_MODE,(op),NULL) | 578 | SSL_ctrl((ssl),SSL_CTRL_MODE,(op),NULL) |
| 547 | #define SSL_get_mode(ssl) \ | 579 | #define SSL_get_mode(ssl) \ |
| 548 | SSL_ctrl((ssl),SSL_CTRL_MODE,0,NULL) | 580 | SSL_ctrl((ssl),SSL_CTRL_MODE,0,NULL) |
| 581 | #define SSL_set_mtu(ssl, mtu) \ | ||
| 582 | SSL_ctrl((ssl),SSL_CTRL_SET_MTU,(mtu),NULL) | ||
| 549 | 583 | ||
| 550 | 584 | ||
| 551 | void SSL_CTX_set_msg_callback(SSL_CTX *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)); | 585 | void SSL_CTX_set_msg_callback(SSL_CTX *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)); |
| @@ -582,7 +616,7 @@ typedef int (*GEN_SESSION_CB)(const SSL *ssl, unsigned char *id, | |||
| 582 | typedef struct ssl_comp_st | 616 | typedef struct ssl_comp_st |
| 583 | { | 617 | { |
| 584 | int id; | 618 | int id; |
| 585 | char *name; | 619 | const char *name; |
| 586 | #ifndef OPENSSL_NO_COMP | 620 | #ifndef OPENSSL_NO_COMP |
| 587 | COMP_METHOD *method; | 621 | COMP_METHOD *method; |
| 588 | #else | 622 | #else |
| @@ -670,6 +704,14 @@ struct ssl_ctx_st | |||
| 670 | /* get client cert callback */ | 704 | /* get client cert callback */ |
| 671 | int (*client_cert_cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey); | 705 | int (*client_cert_cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey); |
| 672 | 706 | ||
| 707 | /* cookie generate callback */ | ||
| 708 | int (*app_gen_cookie_cb)(SSL *ssl, unsigned char *cookie, | ||
| 709 | unsigned int *cookie_len); | ||
| 710 | |||
| 711 | /* verify cookie callback */ | ||
| 712 | int (*app_verify_cookie_cb)(SSL *ssl, unsigned char *cookie, | ||
| 713 | unsigned int cookie_len); | ||
| 714 | |||
| 673 | CRYPTO_EX_DATA ex_data; | 715 | CRYPTO_EX_DATA ex_data; |
| 674 | 716 | ||
| 675 | const EVP_MD *rsa_md5;/* For SSLv2 - name is 'ssl2-md5' */ | 717 | const EVP_MD *rsa_md5;/* For SSLv2 - name is 'ssl2-md5' */ |
| @@ -702,7 +744,6 @@ struct ssl_ctx_st | |||
| 702 | void *msg_callback_arg; | 744 | void *msg_callback_arg; |
| 703 | 745 | ||
| 704 | int verify_mode; | 746 | int verify_mode; |
| 705 | int verify_depth; | ||
| 706 | unsigned int sid_ctx_length; | 747 | unsigned int sid_ctx_length; |
| 707 | unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH]; | 748 | unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH]; |
| 708 | int (*default_verify_callback)(int ok,X509_STORE_CTX *ctx); /* called 'verify_callback' in the SSL */ | 749 | int (*default_verify_callback)(int ok,X509_STORE_CTX *ctx); /* called 'verify_callback' in the SSL */ |
| @@ -710,10 +751,35 @@ struct ssl_ctx_st | |||
| 710 | /* Default generate session ID callback. */ | 751 | /* Default generate session ID callback. */ |
| 711 | GEN_SESSION_CB generate_session_id; | 752 | GEN_SESSION_CB generate_session_id; |
| 712 | 753 | ||
| 754 | X509_VERIFY_PARAM *param; | ||
| 755 | |||
| 756 | #if 0 | ||
| 713 | int purpose; /* Purpose setting */ | 757 | int purpose; /* Purpose setting */ |
| 714 | int trust; /* Trust setting */ | 758 | int trust; /* Trust setting */ |
| 759 | #endif | ||
| 715 | 760 | ||
| 716 | int quiet_shutdown; | 761 | int quiet_shutdown; |
| 762 | |||
| 763 | #ifndef OPENSSL_NO_TLSEXT | ||
| 764 | /* TLS extensions servername callback */ | ||
| 765 | int (*tlsext_servername_callback)(SSL*, int *, void *); | ||
| 766 | void *tlsext_servername_arg; | ||
| 767 | /* RFC 4507 session ticket keys */ | ||
| 768 | unsigned char tlsext_tick_key_name[16]; | ||
| 769 | unsigned char tlsext_tick_hmac_key[16]; | ||
| 770 | unsigned char tlsext_tick_aes_key[16]; | ||
| 771 | /* Callback to support customisation of ticket key setting */ | ||
| 772 | int (*tlsext_ticket_key_cb)(SSL *ssl, | ||
| 773 | unsigned char *name, unsigned char *iv, | ||
| 774 | EVP_CIPHER_CTX *ectx, | ||
| 775 | HMAC_CTX *hctx, int enc); | ||
| 776 | |||
| 777 | /* certificate status request info */ | ||
| 778 | /* Callback for status request */ | ||
| 779 | int (*tlsext_status_cb)(SSL *ssl, void *arg); | ||
| 780 | void *tlsext_status_arg; | ||
| 781 | #endif | ||
| 782 | |||
| 717 | }; | 783 | }; |
| 718 | 784 | ||
| 719 | #define SSL_SESS_CACHE_OFF 0x0000 | 785 | #define SSL_SESS_CACHE_OFF 0x0000 |
| @@ -753,16 +819,18 @@ struct ssl_ctx_st | |||
| 753 | #define SSL_CTX_sess_cache_full(ctx) \ | 819 | #define SSL_CTX_sess_cache_full(ctx) \ |
| 754 | SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CACHE_FULL,0,NULL) | 820 | SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CACHE_FULL,0,NULL) |
| 755 | 821 | ||
| 756 | #define SSL_CTX_sess_set_new_cb(ctx,cb) ((ctx)->new_session_cb=(cb)) | 822 | void SSL_CTX_sess_set_new_cb(SSL_CTX *ctx, int (*new_session_cb)(struct ssl_st *ssl,SSL_SESSION *sess)); |
| 757 | #define SSL_CTX_sess_get_new_cb(ctx) ((ctx)->new_session_cb) | 823 | int (*SSL_CTX_sess_get_new_cb(SSL_CTX *ctx))(struct ssl_st *ssl, SSL_SESSION *sess); |
| 758 | #define SSL_CTX_sess_set_remove_cb(ctx,cb) ((ctx)->remove_session_cb=(cb)) | 824 | void SSL_CTX_sess_set_remove_cb(SSL_CTX *ctx, void (*remove_session_cb)(struct ssl_ctx_st *ctx,SSL_SESSION *sess)); |
| 759 | #define SSL_CTX_sess_get_remove_cb(ctx) ((ctx)->remove_session_cb) | 825 | void (*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx))(struct ssl_ctx_st *ctx, SSL_SESSION *sess); |
| 760 | #define SSL_CTX_sess_set_get_cb(ctx,cb) ((ctx)->get_session_cb=(cb)) | 826 | void SSL_CTX_sess_set_get_cb(SSL_CTX *ctx, SSL_SESSION *(*get_session_cb)(struct ssl_st *ssl, unsigned char *data,int len,int *copy)); |
| 761 | #define SSL_CTX_sess_get_get_cb(ctx) ((ctx)->get_session_cb) | 827 | SSL_SESSION *(*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx))(struct ssl_st *ssl, unsigned char *Data, int len, int *copy); |
| 762 | #define SSL_CTX_set_info_callback(ctx,cb) ((ctx)->info_callback=(cb)) | 828 | void SSL_CTX_set_info_callback(SSL_CTX *ctx, void (*cb)(const SSL *ssl,int type,int val)); |
| 763 | #define SSL_CTX_get_info_callback(ctx) ((ctx)->info_callback) | 829 | void (*SSL_CTX_get_info_callback(SSL_CTX *ctx))(const SSL *ssl,int type,int val); |
| 764 | #define SSL_CTX_set_client_cert_cb(ctx,cb) ((ctx)->client_cert_cb=(cb)) | 830 | void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx, int (*client_cert_cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey)); |
| 765 | #define SSL_CTX_get_client_cert_cb(ctx) ((ctx)->client_cert_cb) | 831 | int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx))(SSL *ssl, X509 **x509, EVP_PKEY **pkey); |
| 832 | void SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx, int (*app_gen_cookie_cb)(SSL *ssl, unsigned char *cookie, unsigned int *cookie_len)); | ||
| 833 | void SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx, int (*app_verify_cookie_cb)(SSL *ssl, unsigned char *cookie, unsigned int cookie_len)); | ||
| 766 | 834 | ||
| 767 | #define SSL_NOTHING 1 | 835 | #define SSL_NOTHING 1 |
| 768 | #define SSL_WRITING 2 | 836 | #define SSL_WRITING 2 |
| @@ -778,7 +846,7 @@ struct ssl_ctx_st | |||
| 778 | struct ssl_st | 846 | struct ssl_st |
| 779 | { | 847 | { |
| 780 | /* protocol version | 848 | /* protocol version |
| 781 | * (one of SSL2_VERSION, SSL3_VERSION, TLS1_VERSION) | 849 | * (one of SSL2_VERSION, SSL3_VERSION, TLS1_VERSION, DTLS1_VERSION) |
| 782 | */ | 850 | */ |
| 783 | int version; | 851 | int version; |
| 784 | int type; /* SSL_ST_CONNECT or SSL_ST_ACCEPT */ | 852 | int type; /* SSL_ST_CONNECT or SSL_ST_ACCEPT */ |
| @@ -807,7 +875,7 @@ struct ssl_st | |||
| 807 | 875 | ||
| 808 | /* true when we are actually in SSL_accept() or SSL_connect() */ | 876 | /* true when we are actually in SSL_accept() or SSL_connect() */ |
| 809 | int in_handshake; | 877 | int in_handshake; |
| 810 | int (*handshake_func)(); | 878 | int (*handshake_func)(SSL *); |
| 811 | 879 | ||
| 812 | /* Imagine that here's a boolean member "init" that is | 880 | /* Imagine that here's a boolean member "init" that is |
| 813 | * switched as soon as SSL_set_{accept/connect}_state | 881 | * switched as soon as SSL_set_{accept/connect}_state |
| @@ -842,6 +910,7 @@ struct ssl_st | |||
| 842 | 910 | ||
| 843 | struct ssl2_state_st *s2; /* SSLv2 variables */ | 911 | struct ssl2_state_st *s2; /* SSLv2 variables */ |
| 844 | struct ssl3_state_st *s3; /* SSLv3 variables */ | 912 | struct ssl3_state_st *s3; /* SSLv3 variables */ |
| 913 | struct dtls1_state_st *d1; /* DTLSv1 variables */ | ||
| 845 | 914 | ||
| 846 | int read_ahead; /* Read as many input bytes as possible | 915 | int read_ahead; /* Read as many input bytes as possible |
| 847 | * (for non-blocking reads) */ | 916 | * (for non-blocking reads) */ |
| @@ -852,8 +921,12 @@ struct ssl_st | |||
| 852 | 921 | ||
| 853 | int hit; /* reusing a previous session */ | 922 | int hit; /* reusing a previous session */ |
| 854 | 923 | ||
| 924 | X509_VERIFY_PARAM *param; | ||
| 925 | |||
| 926 | #if 0 | ||
| 855 | int purpose; /* Purpose setting */ | 927 | int purpose; /* Purpose setting */ |
| 856 | int trust; /* Trust setting */ | 928 | int trust; /* Trust setting */ |
| 929 | #endif | ||
| 857 | 930 | ||
| 858 | /* crypto */ | 931 | /* crypto */ |
| 859 | STACK_OF(SSL_CIPHER) *cipher_list; | 932 | STACK_OF(SSL_CIPHER) *cipher_list; |
| @@ -898,7 +971,6 @@ struct ssl_st | |||
| 898 | /* Used in SSL2 and SSL3 */ | 971 | /* Used in SSL2 and SSL3 */ |
| 899 | int verify_mode; /* 0 don't care about verify failure. | 972 | int verify_mode; /* 0 don't care about verify failure. |
| 900 | * 1 fail if verify fails */ | 973 | * 1 fail if verify fails */ |
| 901 | int verify_depth; | ||
| 902 | int (*verify_callback)(int ok,X509_STORE_CTX *ctx); /* fail if callback returns 0 */ | 974 | int (*verify_callback)(int ok,X509_STORE_CTX *ctx); /* fail if callback returns 0 */ |
| 903 | 975 | ||
| 904 | void (*info_callback)(const SSL *ssl,int type,int val); /* optional informational callback */ | 976 | void (*info_callback)(const SSL *ssl,int type,int val); /* optional informational callback */ |
| @@ -929,6 +1001,37 @@ struct ssl_st | |||
| 929 | int first_packet; | 1001 | int first_packet; |
| 930 | int client_version; /* what was passed, used for | 1002 | int client_version; /* what was passed, used for |
| 931 | * SSLv3/TLS rollback check */ | 1003 | * SSLv3/TLS rollback check */ |
| 1004 | #ifndef OPENSSL_NO_TLSEXT | ||
| 1005 | /* TLS extension debug callback */ | ||
| 1006 | void (*tlsext_debug_cb)(SSL *s, int client_server, int type, | ||
| 1007 | unsigned char *data, int len, | ||
| 1008 | void *arg); | ||
| 1009 | void *tlsext_debug_arg; | ||
| 1010 | char *tlsext_hostname; | ||
| 1011 | int servername_done; /* no further mod of servername | ||
| 1012 | 0 : call the servername extension callback. | ||
| 1013 | 1 : prepare 2, allow last ack just after in server callback. | ||
| 1014 | 2 : don't call servername callback, no ack in server hello | ||
| 1015 | */ | ||
| 1016 | /* certificate status request info */ | ||
| 1017 | /* Status type or -1 if no status type */ | ||
| 1018 | int tlsext_status_type; | ||
| 1019 | /* Expect OCSP CertificateStatus message */ | ||
| 1020 | int tlsext_status_expected; | ||
| 1021 | /* OCSP status request only */ | ||
| 1022 | STACK_OF(OCSP_RESPID) *tlsext_ocsp_ids; | ||
| 1023 | X509_EXTENSIONS *tlsext_ocsp_exts; | ||
| 1024 | /* OCSP response received or to be sent */ | ||
| 1025 | unsigned char *tlsext_ocsp_resp; | ||
| 1026 | int tlsext_ocsp_resplen; | ||
| 1027 | |||
| 1028 | /* RFC4507 session ticket expected to be received or sent */ | ||
| 1029 | int tlsext_ticket_expected; | ||
| 1030 | SSL_CTX * initial_ctx; /* initial ctx, used to store sessions */ | ||
| 1031 | #define session_ctx initial_ctx | ||
| 1032 | #else | ||
| 1033 | #define session_ctx ctx | ||
| 1034 | #endif | ||
| 932 | }; | 1035 | }; |
| 933 | 1036 | ||
| 934 | #ifdef __cplusplus | 1037 | #ifdef __cplusplus |
| @@ -938,6 +1041,7 @@ struct ssl_st | |||
| 938 | #include <openssl/ssl2.h> | 1041 | #include <openssl/ssl2.h> |
| 939 | #include <openssl/ssl3.h> | 1042 | #include <openssl/ssl3.h> |
| 940 | #include <openssl/tls1.h> /* This is mostly sslv3 with a few tweaks */ | 1043 | #include <openssl/tls1.h> /* This is mostly sslv3 with a few tweaks */ |
| 1044 | #include <openssl/dtls1.h> /* Datagram TLS */ | ||
| 941 | #include <openssl/ssl23.h> | 1045 | #include <openssl/ssl23.h> |
| 942 | 1046 | ||
| 943 | #ifdef __cplusplus | 1047 | #ifdef __cplusplus |
| @@ -1035,21 +1139,16 @@ size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count); | |||
| 1035 | #define SSL_set_timeout(a,b) SSL_SESSION_set_timeout((a),(b)) | 1139 | #define SSL_set_timeout(a,b) SSL_SESSION_set_timeout((a),(b)) |
| 1036 | 1140 | ||
| 1037 | #if 1 /*SSLEAY_MACROS*/ | 1141 | #if 1 /*SSLEAY_MACROS*/ |
| 1038 | #define d2i_SSL_SESSION_bio(bp,s_id) (SSL_SESSION *)ASN1_d2i_bio( \ | 1142 | #define d2i_SSL_SESSION_bio(bp,s_id) ASN1_d2i_bio_of(SSL_SESSION,SSL_SESSION_new,d2i_SSL_SESSION,bp,s_id) |
| 1039 | (char *(*)())SSL_SESSION_new,(char *(*)())d2i_SSL_SESSION, \ | 1143 | #define i2d_SSL_SESSION_bio(bp,s_id) ASN1_i2d_bio_of(SSL_SESSION,i2d_SSL_SESSION,bp,s_id) |
| 1040 | (bp),(unsigned char **)(s_id)) | ||
| 1041 | #define i2d_SSL_SESSION_bio(bp,s_id) ASN1_i2d_bio(i2d_SSL_SESSION, \ | ||
| 1042 | bp,(unsigned char *)s_id) | ||
| 1043 | #define PEM_read_SSL_SESSION(fp,x,cb,u) (SSL_SESSION *)PEM_ASN1_read( \ | 1144 | #define PEM_read_SSL_SESSION(fp,x,cb,u) (SSL_SESSION *)PEM_ASN1_read( \ |
| 1044 | (char *(*)())d2i_SSL_SESSION,PEM_STRING_SSL_SESSION,fp,(char **)x,cb,u) | 1145 | (char *(*)())d2i_SSL_SESSION,PEM_STRING_SSL_SESSION,fp,(char **)x,cb,u) |
| 1045 | #define PEM_read_bio_SSL_SESSION(bp,x,cb,u) (SSL_SESSION *)PEM_ASN1_read_bio( \ | 1146 | #define PEM_read_bio_SSL_SESSION(bp,x,cb,u) PEM_ASN1_read_bio_of(SSL_SESSION,d2i_SSL_SESSION,PEM_STRING_SSL_SESSION,bp,x,cb,u) |
| 1046 | (char *(*)())d2i_SSL_SESSION,PEM_STRING_SSL_SESSION,bp,(char **)x,cb,u) | ||
| 1047 | #define PEM_write_SSL_SESSION(fp,x) \ | 1147 | #define PEM_write_SSL_SESSION(fp,x) \ |
| 1048 | PEM_ASN1_write((int (*)())i2d_SSL_SESSION, \ | 1148 | PEM_ASN1_write((int (*)())i2d_SSL_SESSION, \ |
| 1049 | PEM_STRING_SSL_SESSION,fp, (char *)x, NULL,NULL,0,NULL,NULL) | 1149 | PEM_STRING_SSL_SESSION,fp, (char *)x, NULL,NULL,0,NULL,NULL) |
| 1050 | #define PEM_write_bio_SSL_SESSION(bp,x) \ | 1150 | #define PEM_write_bio_SSL_SESSION(bp,x) \ |
| 1051 | PEM_ASN1_write_bio((int (*)())i2d_SSL_SESSION, \ | 1151 | PEM_ASN1_write_bio_of(SSL_SESSION,i2d_SSL_SESSION,PEM_STRING_SSL_SESSION,bp,x,NULL,NULL,0,NULL,NULL) |
| 1052 | PEM_STRING_SSL_SESSION,bp, (char *)x, NULL,NULL,0,NULL,NULL) | ||
| 1053 | #endif | 1152 | #endif |
| 1054 | 1153 | ||
| 1055 | #define SSL_AD_REASON_OFFSET 1000 | 1154 | #define SSL_AD_REASON_OFFSET 1000 |
| @@ -1078,6 +1177,10 @@ size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count); | |||
| 1078 | #define SSL_AD_INTERNAL_ERROR TLS1_AD_INTERNAL_ERROR /* fatal */ | 1177 | #define SSL_AD_INTERNAL_ERROR TLS1_AD_INTERNAL_ERROR /* fatal */ |
| 1079 | #define SSL_AD_USER_CANCELLED TLS1_AD_USER_CANCELLED | 1178 | #define SSL_AD_USER_CANCELLED TLS1_AD_USER_CANCELLED |
| 1080 | #define SSL_AD_NO_RENEGOTIATION TLS1_AD_NO_RENEGOTIATION | 1179 | #define SSL_AD_NO_RENEGOTIATION TLS1_AD_NO_RENEGOTIATION |
| 1180 | #define SSL_AD_UNSUPPORTED_EXTENSION TLS1_AD_UNSUPPORTED_EXTENSION | ||
| 1181 | #define SSL_AD_CERTIFICATE_UNOBTAINABLE TLS1_AD_CERTIFICATE_UNOBTAINABLE | ||
| 1182 | #define SSL_AD_UNRECOGNIZED_NAME TLS1_AD_UNRECOGNIZED_NAME | ||
| 1183 | #define SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE | ||
| 1081 | 1184 | ||
| 1082 | #define SSL_ERROR_NONE 0 | 1185 | #define SSL_ERROR_NONE 0 |
| 1083 | #define SSL_ERROR_SSL 1 | 1186 | #define SSL_ERROR_SSL 1 |
| @@ -1092,20 +1195,24 @@ size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count); | |||
| 1092 | #define SSL_CTRL_NEED_TMP_RSA 1 | 1195 | #define SSL_CTRL_NEED_TMP_RSA 1 |
| 1093 | #define SSL_CTRL_SET_TMP_RSA 2 | 1196 | #define SSL_CTRL_SET_TMP_RSA 2 |
| 1094 | #define SSL_CTRL_SET_TMP_DH 3 | 1197 | #define SSL_CTRL_SET_TMP_DH 3 |
| 1095 | #define SSL_CTRL_SET_TMP_RSA_CB 4 | 1198 | #define SSL_CTRL_SET_TMP_ECDH 4 |
| 1096 | #define SSL_CTRL_SET_TMP_DH_CB 5 | 1199 | #define SSL_CTRL_SET_TMP_RSA_CB 5 |
| 1097 | 1200 | #define SSL_CTRL_SET_TMP_DH_CB 6 | |
| 1098 | #define SSL_CTRL_GET_SESSION_REUSED 6 | 1201 | #define SSL_CTRL_SET_TMP_ECDH_CB 7 |
| 1099 | #define SSL_CTRL_GET_CLIENT_CERT_REQUEST 7 | 1202 | |
| 1100 | #define SSL_CTRL_GET_NUM_RENEGOTIATIONS 8 | 1203 | #define SSL_CTRL_GET_SESSION_REUSED 8 |
| 1101 | #define SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS 9 | 1204 | #define SSL_CTRL_GET_CLIENT_CERT_REQUEST 9 |
| 1102 | #define SSL_CTRL_GET_TOTAL_RENEGOTIATIONS 10 | 1205 | #define SSL_CTRL_GET_NUM_RENEGOTIATIONS 10 |
| 1103 | #define SSL_CTRL_GET_FLAGS 11 | 1206 | #define SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS 11 |
| 1104 | #define SSL_CTRL_EXTRA_CHAIN_CERT 12 | 1207 | #define SSL_CTRL_GET_TOTAL_RENEGOTIATIONS 12 |
| 1105 | 1208 | #define SSL_CTRL_GET_FLAGS 13 | |
| 1106 | #define SSL_CTRL_SET_MSG_CALLBACK 13 | 1209 | #define SSL_CTRL_EXTRA_CHAIN_CERT 14 |
| 1107 | #define SSL_CTRL_SET_MSG_CALLBACK_ARG 14 | 1210 | |
| 1108 | 1211 | #define SSL_CTRL_SET_MSG_CALLBACK 15 | |
| 1212 | #define SSL_CTRL_SET_MSG_CALLBACK_ARG 16 | ||
| 1213 | |||
| 1214 | /* only applies to datagram connections */ | ||
| 1215 | #define SSL_CTRL_SET_MTU 17 | ||
| 1109 | /* Stats */ | 1216 | /* Stats */ |
| 1110 | #define SSL_CTRL_SESS_NUMBER 20 | 1217 | #define SSL_CTRL_SESS_NUMBER 20 |
| 1111 | #define SSL_CTRL_SESS_CONNECT 21 | 1218 | #define SSL_CTRL_SESS_CONNECT 21 |
| @@ -1132,6 +1239,29 @@ size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count); | |||
| 1132 | #define SSL_CTRL_GET_MAX_CERT_LIST 50 | 1239 | #define SSL_CTRL_GET_MAX_CERT_LIST 50 |
| 1133 | #define SSL_CTRL_SET_MAX_CERT_LIST 51 | 1240 | #define SSL_CTRL_SET_MAX_CERT_LIST 51 |
| 1134 | 1241 | ||
| 1242 | /* see tls1.h for macros based on these */ | ||
| 1243 | #ifndef OPENSSL_NO_TLSEXT | ||
| 1244 | #define SSL_CTRL_SET_TLSEXT_SERVERNAME_CB 53 | ||
| 1245 | #define SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG 54 | ||
| 1246 | #define SSL_CTRL_SET_TLSEXT_HOSTNAME 55 | ||
| 1247 | #define SSL_CTRL_SET_TLSEXT_DEBUG_CB 56 | ||
| 1248 | #define SSL_CTRL_SET_TLSEXT_DEBUG_ARG 57 | ||
| 1249 | #define SSL_CTRL_GET_TLSEXT_TICKET_KEYS 58 | ||
| 1250 | #define SSL_CTRL_SET_TLSEXT_TICKET_KEYS 59 | ||
| 1251 | |||
| 1252 | #define SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB 63 | ||
| 1253 | #define SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG 64 | ||
| 1254 | #define SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE 65 | ||
| 1255 | #define SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS 66 | ||
| 1256 | #define SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS 67 | ||
| 1257 | #define SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS 68 | ||
| 1258 | #define SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS 69 | ||
| 1259 | #define SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP 70 | ||
| 1260 | #define SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP 71 | ||
| 1261 | |||
| 1262 | #define SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB 72 | ||
| 1263 | #endif | ||
| 1264 | |||
| 1135 | #define SSL_session_reused(ssl) \ | 1265 | #define SSL_session_reused(ssl) \ |
| 1136 | SSL_ctrl((ssl),SSL_CTRL_GET_SESSION_REUSED,0,NULL) | 1266 | SSL_ctrl((ssl),SSL_CTRL_GET_SESSION_REUSED,0,NULL) |
| 1137 | #define SSL_num_renegotiations(ssl) \ | 1267 | #define SSL_num_renegotiations(ssl) \ |
| @@ -1147,6 +1277,8 @@ size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count); | |||
| 1147 | SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_RSA,0,(char *)rsa) | 1277 | SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_RSA,0,(char *)rsa) |
| 1148 | #define SSL_CTX_set_tmp_dh(ctx,dh) \ | 1278 | #define SSL_CTX_set_tmp_dh(ctx,dh) \ |
| 1149 | SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_DH,0,(char *)dh) | 1279 | SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_DH,0,(char *)dh) |
| 1280 | #define SSL_CTX_set_tmp_ecdh(ctx,ecdh) \ | ||
| 1281 | SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_ECDH,0,(char *)ecdh) | ||
| 1150 | 1282 | ||
| 1151 | #define SSL_need_tmp_RSA(ssl) \ | 1283 | #define SSL_need_tmp_RSA(ssl) \ |
| 1152 | SSL_ctrl(ssl,SSL_CTRL_NEED_TMP_RSA,0,NULL) | 1284 | SSL_ctrl(ssl,SSL_CTRL_NEED_TMP_RSA,0,NULL) |
| @@ -1154,6 +1286,8 @@ size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count); | |||
| 1154 | SSL_ctrl(ssl,SSL_CTRL_SET_TMP_RSA,0,(char *)rsa) | 1286 | SSL_ctrl(ssl,SSL_CTRL_SET_TMP_RSA,0,(char *)rsa) |
| 1155 | #define SSL_set_tmp_dh(ssl,dh) \ | 1287 | #define SSL_set_tmp_dh(ssl,dh) \ |
| 1156 | SSL_ctrl(ssl,SSL_CTRL_SET_TMP_DH,0,(char *)dh) | 1288 | SSL_ctrl(ssl,SSL_CTRL_SET_TMP_DH,0,(char *)dh) |
| 1289 | #define SSL_set_tmp_ecdh(ssl,ecdh) \ | ||
| 1290 | SSL_ctrl(ssl,SSL_CTRL_SET_TMP_ECDH,0,(char *)ecdh) | ||
| 1157 | 1291 | ||
| 1158 | #define SSL_CTX_add_extra_chain_cert(ctx,x509) \ | 1292 | #define SSL_CTX_add_extra_chain_cert(ctx,x509) \ |
| 1159 | SSL_CTX_ctrl(ctx,SSL_CTRL_EXTRA_CHAIN_CERT,0,(char *)x509) | 1293 | SSL_CTX_ctrl(ctx,SSL_CTRL_EXTRA_CHAIN_CERT,0,(char *)x509) |
| @@ -1215,9 +1349,9 @@ int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa); | |||
| 1215 | #endif | 1349 | #endif |
| 1216 | int SSL_use_RSAPrivateKey_ASN1(SSL *ssl, unsigned char *d, long len); | 1350 | int SSL_use_RSAPrivateKey_ASN1(SSL *ssl, unsigned char *d, long len); |
| 1217 | int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey); | 1351 | int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey); |
| 1218 | int SSL_use_PrivateKey_ASN1(int pk,SSL *ssl, unsigned char *d, long len); | 1352 | int SSL_use_PrivateKey_ASN1(int pk,SSL *ssl, const unsigned char *d, long len); |
| 1219 | int SSL_use_certificate(SSL *ssl, X509 *x); | 1353 | int SSL_use_certificate(SSL *ssl, X509 *x); |
| 1220 | int SSL_use_certificate_ASN1(SSL *ssl, unsigned char *d, int len); | 1354 | int SSL_use_certificate_ASN1(SSL *ssl, const unsigned char *d, int len); |
| 1221 | 1355 | ||
| 1222 | #ifndef OPENSSL_NO_STDIO | 1356 | #ifndef OPENSSL_NO_STDIO |
| 1223 | int SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type); | 1357 | int SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type); |
| @@ -1253,6 +1387,7 @@ void SSL_copy_session_id(SSL *to,const SSL *from); | |||
| 1253 | SSL_SESSION *SSL_SESSION_new(void); | 1387 | SSL_SESSION *SSL_SESSION_new(void); |
| 1254 | unsigned long SSL_SESSION_hash(const SSL_SESSION *a); | 1388 | unsigned long SSL_SESSION_hash(const SSL_SESSION *a); |
| 1255 | int SSL_SESSION_cmp(const SSL_SESSION *a,const SSL_SESSION *b); | 1389 | int SSL_SESSION_cmp(const SSL_SESSION *a,const SSL_SESSION *b); |
| 1390 | const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s, unsigned int *len); | ||
| 1256 | #ifndef OPENSSL_NO_FP_API | 1391 | #ifndef OPENSSL_NO_FP_API |
| 1257 | int SSL_SESSION_print_fp(FILE *fp,const SSL_SESSION *ses); | 1392 | int SSL_SESSION_print_fp(FILE *fp,const SSL_SESSION *ses); |
| 1258 | #endif | 1393 | #endif |
| @@ -1268,7 +1403,7 @@ int SSL_CTX_set_generate_session_id(SSL_CTX *, GEN_SESSION_CB); | |||
| 1268 | int SSL_set_generate_session_id(SSL *, GEN_SESSION_CB); | 1403 | int SSL_set_generate_session_id(SSL *, GEN_SESSION_CB); |
| 1269 | int SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id, | 1404 | int SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id, |
| 1270 | unsigned int id_len); | 1405 | unsigned int id_len); |
| 1271 | SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a,const unsigned char * const *pp, | 1406 | SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a,const unsigned char **pp, |
| 1272 | long length); | 1407 | long length); |
| 1273 | 1408 | ||
| 1274 | #ifdef HEADER_X509_H | 1409 | #ifdef HEADER_X509_H |
| @@ -1287,12 +1422,12 @@ void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, int (*cb)(X509_STORE_CTX *,v | |||
| 1287 | #ifndef OPENSSL_NO_RSA | 1422 | #ifndef OPENSSL_NO_RSA |
| 1288 | int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa); | 1423 | int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa); |
| 1289 | #endif | 1424 | #endif |
| 1290 | int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, unsigned char *d, long len); | 1425 | int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, const unsigned char *d, long len); |
| 1291 | int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey); | 1426 | int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey); |
| 1292 | int SSL_CTX_use_PrivateKey_ASN1(int pk,SSL_CTX *ctx, | 1427 | int SSL_CTX_use_PrivateKey_ASN1(int pk,SSL_CTX *ctx, |
| 1293 | unsigned char *d, long len); | 1428 | const unsigned char *d, long len); |
| 1294 | int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x); | 1429 | int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x); |
| 1295 | int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, unsigned char *d); | 1430 | int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, const unsigned char *d); |
| 1296 | 1431 | ||
| 1297 | void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb); | 1432 | void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb); |
| 1298 | void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx, void *u); | 1433 | void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx, void *u); |
| @@ -1319,9 +1454,9 @@ int SSL_read(SSL *ssl,void *buf,int num); | |||
| 1319 | int SSL_peek(SSL *ssl,void *buf,int num); | 1454 | int SSL_peek(SSL *ssl,void *buf,int num); |
| 1320 | int SSL_write(SSL *ssl,const void *buf,int num); | 1455 | int SSL_write(SSL *ssl,const void *buf,int num); |
| 1321 | long SSL_ctrl(SSL *ssl,int cmd, long larg, void *parg); | 1456 | long SSL_ctrl(SSL *ssl,int cmd, long larg, void *parg); |
| 1322 | long SSL_callback_ctrl(SSL *, int, void (*)()); | 1457 | long SSL_callback_ctrl(SSL *, int, void (*)(void)); |
| 1323 | long SSL_CTX_ctrl(SSL_CTX *ctx,int cmd, long larg, void *parg); | 1458 | long SSL_CTX_ctrl(SSL_CTX *ctx,int cmd, long larg, void *parg); |
| 1324 | long SSL_CTX_callback_ctrl(SSL_CTX *, int, void (*)()); | 1459 | long SSL_CTX_callback_ctrl(SSL_CTX *, int, void (*)(void)); |
| 1325 | 1460 | ||
| 1326 | int SSL_get_error(const SSL *s,int ret_code); | 1461 | int SSL_get_error(const SSL *s,int ret_code); |
| 1327 | const char *SSL_get_version(const SSL *s); | 1462 | const char *SSL_get_version(const SSL *s); |
| @@ -1345,6 +1480,10 @@ SSL_METHOD *TLSv1_method(void); /* TLSv1.0 */ | |||
| 1345 | SSL_METHOD *TLSv1_server_method(void); /* TLSv1.0 */ | 1480 | SSL_METHOD *TLSv1_server_method(void); /* TLSv1.0 */ |
| 1346 | SSL_METHOD *TLSv1_client_method(void); /* TLSv1.0 */ | 1481 | SSL_METHOD *TLSv1_client_method(void); /* TLSv1.0 */ |
| 1347 | 1482 | ||
| 1483 | SSL_METHOD *DTLSv1_method(void); /* DTLSv1.0 */ | ||
| 1484 | SSL_METHOD *DTLSv1_server_method(void); /* DTLSv1.0 */ | ||
| 1485 | SSL_METHOD *DTLSv1_client_method(void); /* DTLSv1.0 */ | ||
| 1486 | |||
| 1348 | STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *s); | 1487 | STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *s); |
| 1349 | 1488 | ||
| 1350 | int SSL_do_handshake(SSL *s); | 1489 | int SSL_do_handshake(SSL *s); |
| @@ -1395,6 +1534,7 @@ int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile, | |||
| 1395 | SSL_SESSION *SSL_get_session(const SSL *ssl); | 1534 | SSL_SESSION *SSL_get_session(const SSL *ssl); |
| 1396 | SSL_SESSION *SSL_get1_session(SSL *ssl); /* obtain a reference count */ | 1535 | SSL_SESSION *SSL_get1_session(SSL *ssl); /* obtain a reference count */ |
| 1397 | SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl); | 1536 | SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl); |
| 1537 | SSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX* ctx); | ||
| 1398 | void SSL_set_info_callback(SSL *ssl, | 1538 | void SSL_set_info_callback(SSL *ssl, |
| 1399 | void (*cb)(const SSL *ssl,int type,int val)); | 1539 | void (*cb)(const SSL *ssl,int type,int val)); |
| 1400 | void (*SSL_get_info_callback(const SSL *ssl))(const SSL *ssl,int type,int val); | 1540 | void (*SSL_get_info_callback(const SSL *ssl))(const SSL *ssl,int type,int val); |
| @@ -1462,11 +1602,27 @@ void SSL_set_tmp_dh_callback(SSL *ssl, | |||
| 1462 | DH *(*dh)(SSL *ssl,int is_export, | 1602 | DH *(*dh)(SSL *ssl,int is_export, |
| 1463 | int keylength)); | 1603 | int keylength)); |
| 1464 | #endif | 1604 | #endif |
| 1605 | #ifndef OPENSSL_NO_ECDH | ||
| 1606 | void SSL_CTX_set_tmp_ecdh_callback(SSL_CTX *ctx, | ||
| 1607 | EC_KEY *(*ecdh)(SSL *ssl,int is_export, | ||
| 1608 | int keylength)); | ||
| 1609 | void SSL_set_tmp_ecdh_callback(SSL *ssl, | ||
| 1610 | EC_KEY *(*ecdh)(SSL *ssl,int is_export, | ||
| 1611 | int keylength)); | ||
| 1612 | #endif | ||
| 1465 | 1613 | ||
| 1466 | #ifndef OPENSSL_NO_COMP | 1614 | #ifndef OPENSSL_NO_COMP |
| 1615 | const COMP_METHOD *SSL_get_current_compression(SSL *s); | ||
| 1616 | const COMP_METHOD *SSL_get_current_expansion(SSL *s); | ||
| 1617 | const char *SSL_COMP_get_name(const COMP_METHOD *comp); | ||
| 1618 | STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void); | ||
| 1467 | int SSL_COMP_add_compression_method(int id,COMP_METHOD *cm); | 1619 | int SSL_COMP_add_compression_method(int id,COMP_METHOD *cm); |
| 1468 | #else | 1620 | #else |
| 1469 | int SSL_COMP_add_compression_method(int id,char *cm); | 1621 | const void *SSL_get_current_compression(SSL *s); |
| 1622 | const void *SSL_get_current_expansion(SSL *s); | ||
| 1623 | const char *SSL_COMP_get_name(const void *comp); | ||
| 1624 | void *SSL_COMP_get_compression_methods(void); | ||
| 1625 | int SSL_COMP_add_compression_method(int id,void *cm); | ||
| 1470 | #endif | 1626 | #endif |
| 1471 | 1627 | ||
| 1472 | /* BEGIN ERROR CODES */ | 1628 | /* BEGIN ERROR CODES */ |
| @@ -1479,11 +1635,36 @@ void ERR_load_SSL_strings(void); | |||
| 1479 | 1635 | ||
| 1480 | /* Function codes. */ | 1636 | /* Function codes. */ |
| 1481 | #define SSL_F_CLIENT_CERTIFICATE 100 | 1637 | #define SSL_F_CLIENT_CERTIFICATE 100 |
| 1482 | #define SSL_F_CLIENT_FINISHED 238 | 1638 | #define SSL_F_CLIENT_FINISHED 167 |
| 1483 | #define SSL_F_CLIENT_HELLO 101 | 1639 | #define SSL_F_CLIENT_HELLO 101 |
| 1484 | #define SSL_F_CLIENT_MASTER_KEY 102 | 1640 | #define SSL_F_CLIENT_MASTER_KEY 102 |
| 1485 | #define SSL_F_D2I_SSL_SESSION 103 | 1641 | #define SSL_F_D2I_SSL_SESSION 103 |
| 1642 | #define SSL_F_DO_DTLS1_WRITE 245 | ||
| 1486 | #define SSL_F_DO_SSL3_WRITE 104 | 1643 | #define SSL_F_DO_SSL3_WRITE 104 |
| 1644 | #define SSL_F_DTLS1_ACCEPT 246 | ||
| 1645 | #define SSL_F_DTLS1_BUFFER_RECORD 247 | ||
| 1646 | #define SSL_F_DTLS1_CLIENT_HELLO 248 | ||
| 1647 | #define SSL_F_DTLS1_CONNECT 249 | ||
| 1648 | #define SSL_F_DTLS1_ENC 250 | ||
| 1649 | #define SSL_F_DTLS1_GET_HELLO_VERIFY 251 | ||
| 1650 | #define SSL_F_DTLS1_GET_MESSAGE 252 | ||
| 1651 | #define SSL_F_DTLS1_GET_MESSAGE_FRAGMENT 253 | ||
| 1652 | #define SSL_F_DTLS1_GET_RECORD 254 | ||
| 1653 | #define SSL_F_DTLS1_OUTPUT_CERT_CHAIN 255 | ||
| 1654 | #define SSL_F_DTLS1_PREPROCESS_FRAGMENT 277 | ||
| 1655 | #define SSL_F_DTLS1_PROCESS_OUT_OF_SEQ_MESSAGE 256 | ||
| 1656 | #define SSL_F_DTLS1_PROCESS_RECORD 257 | ||
| 1657 | #define SSL_F_DTLS1_READ_BYTES 258 | ||
| 1658 | #define SSL_F_DTLS1_READ_FAILED 259 | ||
| 1659 | #define SSL_F_DTLS1_SEND_CERTIFICATE_REQUEST 260 | ||
| 1660 | #define SSL_F_DTLS1_SEND_CLIENT_CERTIFICATE 261 | ||
| 1661 | #define SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE 262 | ||
| 1662 | #define SSL_F_DTLS1_SEND_CLIENT_VERIFY 263 | ||
| 1663 | #define SSL_F_DTLS1_SEND_HELLO_VERIFY_REQUEST 264 | ||
| 1664 | #define SSL_F_DTLS1_SEND_SERVER_CERTIFICATE 265 | ||
| 1665 | #define SSL_F_DTLS1_SEND_SERVER_HELLO 266 | ||
| 1666 | #define SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE 267 | ||
| 1667 | #define SSL_F_DTLS1_WRITE_APP_DATA_BYTES 268 | ||
| 1487 | #define SSL_F_GET_CLIENT_FINISHED 105 | 1668 | #define SSL_F_GET_CLIENT_FINISHED 105 |
| 1488 | #define SSL_F_GET_CLIENT_HELLO 106 | 1669 | #define SSL_F_GET_CLIENT_HELLO 106 |
| 1489 | #define SSL_F_GET_CLIENT_MASTER_KEY 107 | 1670 | #define SSL_F_GET_CLIENT_MASTER_KEY 107 |
| @@ -1524,6 +1705,7 @@ void ERR_load_SSL_strings(void); | |||
| 1524 | #define SSL_F_SSL3_ENC 134 | 1705 | #define SSL_F_SSL3_ENC 134 |
| 1525 | #define SSL_F_SSL3_GENERATE_KEY_BLOCK 238 | 1706 | #define SSL_F_SSL3_GENERATE_KEY_BLOCK 238 |
| 1526 | #define SSL_F_SSL3_GET_CERTIFICATE_REQUEST 135 | 1707 | #define SSL_F_SSL3_GET_CERTIFICATE_REQUEST 135 |
| 1708 | #define SSL_F_SSL3_GET_CERT_STATUS 288 | ||
| 1527 | #define SSL_F_SSL3_GET_CERT_VERIFY 136 | 1709 | #define SSL_F_SSL3_GET_CERT_VERIFY 136 |
| 1528 | #define SSL_F_SSL3_GET_CLIENT_CERTIFICATE 137 | 1710 | #define SSL_F_SSL3_GET_CLIENT_CERTIFICATE 137 |
| 1529 | #define SSL_F_SSL3_GET_CLIENT_HELLO 138 | 1711 | #define SSL_F_SSL3_GET_CLIENT_HELLO 138 |
| @@ -1531,10 +1713,12 @@ void ERR_load_SSL_strings(void); | |||
| 1531 | #define SSL_F_SSL3_GET_FINISHED 140 | 1713 | #define SSL_F_SSL3_GET_FINISHED 140 |
| 1532 | #define SSL_F_SSL3_GET_KEY_EXCHANGE 141 | 1714 | #define SSL_F_SSL3_GET_KEY_EXCHANGE 141 |
| 1533 | #define SSL_F_SSL3_GET_MESSAGE 142 | 1715 | #define SSL_F_SSL3_GET_MESSAGE 142 |
| 1716 | #define SSL_F_SSL3_GET_NEW_SESSION_TICKET 283 | ||
| 1534 | #define SSL_F_SSL3_GET_RECORD 143 | 1717 | #define SSL_F_SSL3_GET_RECORD 143 |
| 1535 | #define SSL_F_SSL3_GET_SERVER_CERTIFICATE 144 | 1718 | #define SSL_F_SSL3_GET_SERVER_CERTIFICATE 144 |
| 1536 | #define SSL_F_SSL3_GET_SERVER_DONE 145 | 1719 | #define SSL_F_SSL3_GET_SERVER_DONE 145 |
| 1537 | #define SSL_F_SSL3_GET_SERVER_HELLO 146 | 1720 | #define SSL_F_SSL3_GET_SERVER_HELLO 146 |
| 1721 | #define SSL_F_SSL3_NEW_SESSION_TICKET 284 | ||
| 1538 | #define SSL_F_SSL3_OUTPUT_CERT_CHAIN 147 | 1722 | #define SSL_F_SSL3_OUTPUT_CERT_CHAIN 147 |
| 1539 | #define SSL_F_SSL3_PEEK 235 | 1723 | #define SSL_F_SSL3_PEEK 235 |
| 1540 | #define SSL_F_SSL3_READ_BYTES 148 | 1724 | #define SSL_F_SSL3_READ_BYTES 148 |
| @@ -1550,8 +1734,10 @@ void ERR_load_SSL_strings(void); | |||
| 1550 | #define SSL_F_SSL3_SETUP_KEY_BLOCK 157 | 1734 | #define SSL_F_SSL3_SETUP_KEY_BLOCK 157 |
| 1551 | #define SSL_F_SSL3_WRITE_BYTES 158 | 1735 | #define SSL_F_SSL3_WRITE_BYTES 158 |
| 1552 | #define SSL_F_SSL3_WRITE_PENDING 159 | 1736 | #define SSL_F_SSL3_WRITE_PENDING 159 |
| 1737 | #define SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT 272 | ||
| 1553 | #define SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK 215 | 1738 | #define SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK 215 |
| 1554 | #define SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK 216 | 1739 | #define SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK 216 |
| 1740 | #define SSL_F_SSL_ADD_SERVERHELLO_TLSEXT 273 | ||
| 1555 | #define SSL_F_SSL_BAD_METHOD 160 | 1741 | #define SSL_F_SSL_BAD_METHOD 160 |
| 1556 | #define SSL_F_SSL_BYTES_TO_CIPHER_LIST 161 | 1742 | #define SSL_F_SSL_BYTES_TO_CIPHER_LIST 161 |
| 1557 | #define SSL_F_SSL_CERT_DUP 221 | 1743 | #define SSL_F_SSL_CERT_DUP 221 |
| @@ -1559,6 +1745,7 @@ void ERR_load_SSL_strings(void); | |||
| 1559 | #define SSL_F_SSL_CERT_INSTANTIATE 214 | 1745 | #define SSL_F_SSL_CERT_INSTANTIATE 214 |
| 1560 | #define SSL_F_SSL_CERT_NEW 162 | 1746 | #define SSL_F_SSL_CERT_NEW 162 |
| 1561 | #define SSL_F_SSL_CHECK_PRIVATE_KEY 163 | 1747 | #define SSL_F_SSL_CHECK_PRIVATE_KEY 163 |
| 1748 | #define SSL_F_SSL_CHECK_SERVERHELLO_TLSEXT 274 | ||
| 1562 | #define SSL_F_SSL_CIPHER_PROCESS_RULESTR 230 | 1749 | #define SSL_F_SSL_CIPHER_PROCESS_RULESTR 230 |
| 1563 | #define SSL_F_SSL_CIPHER_STRENGTH_SORT 231 | 1750 | #define SSL_F_SSL_CIPHER_STRENGTH_SORT 231 |
| 1564 | #define SSL_F_SSL_CLEAR 164 | 1751 | #define SSL_F_SSL_CLEAR 164 |
| @@ -1590,6 +1777,9 @@ void ERR_load_SSL_strings(void); | |||
| 1590 | #define SSL_F_SSL_INIT_WBIO_BUFFER 184 | 1777 | #define SSL_F_SSL_INIT_WBIO_BUFFER 184 |
| 1591 | #define SSL_F_SSL_LOAD_CLIENT_CA_FILE 185 | 1778 | #define SSL_F_SSL_LOAD_CLIENT_CA_FILE 185 |
| 1592 | #define SSL_F_SSL_NEW 186 | 1779 | #define SSL_F_SSL_NEW 186 |
| 1780 | #define SSL_F_SSL_PEEK 270 | ||
| 1781 | #define SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT 275 | ||
| 1782 | #define SSL_F_SSL_PREPARE_SERVERHELLO_TLSEXT 276 | ||
| 1593 | #define SSL_F_SSL_READ 223 | 1783 | #define SSL_F_SSL_READ 223 |
| 1594 | #define SSL_F_SSL_RSA_PRIVATE_DECRYPT 187 | 1784 | #define SSL_F_SSL_RSA_PRIVATE_DECRYPT 187 |
| 1595 | #define SSL_F_SSL_RSA_PUBLIC_ENCRYPT 188 | 1785 | #define SSL_F_SSL_RSA_PUBLIC_ENCRYPT 188 |
| @@ -1609,6 +1799,7 @@ void ERR_load_SSL_strings(void); | |||
| 1609 | #define SSL_F_SSL_SHUTDOWN 224 | 1799 | #define SSL_F_SSL_SHUTDOWN 224 |
| 1610 | #define SSL_F_SSL_UNDEFINED_CONST_FUNCTION 243 | 1800 | #define SSL_F_SSL_UNDEFINED_CONST_FUNCTION 243 |
| 1611 | #define SSL_F_SSL_UNDEFINED_FUNCTION 197 | 1801 | #define SSL_F_SSL_UNDEFINED_FUNCTION 197 |
| 1802 | #define SSL_F_SSL_UNDEFINED_VOID_FUNCTION 244 | ||
| 1612 | #define SSL_F_SSL_USE_CERTIFICATE 198 | 1803 | #define SSL_F_SSL_USE_CERTIFICATE 198 |
| 1613 | #define SSL_F_SSL_USE_CERTIFICATE_ASN1 199 | 1804 | #define SSL_F_SSL_USE_CERTIFICATE_ASN1 199 |
| 1614 | #define SSL_F_SSL_USE_CERTIFICATE_FILE 200 | 1805 | #define SSL_F_SSL_USE_CERTIFICATE_FILE 200 |
| @@ -1639,6 +1830,9 @@ void ERR_load_SSL_strings(void); | |||
| 1639 | #define SSL_R_BAD_DH_P_LENGTH 110 | 1830 | #define SSL_R_BAD_DH_P_LENGTH 110 |
| 1640 | #define SSL_R_BAD_DIGEST_LENGTH 111 | 1831 | #define SSL_R_BAD_DIGEST_LENGTH 111 |
| 1641 | #define SSL_R_BAD_DSA_SIGNATURE 112 | 1832 | #define SSL_R_BAD_DSA_SIGNATURE 112 |
| 1833 | #define SSL_R_BAD_ECC_CERT 304 | ||
| 1834 | #define SSL_R_BAD_ECDSA_SIGNATURE 305 | ||
| 1835 | #define SSL_R_BAD_ECPOINT 306 | ||
| 1642 | #define SSL_R_BAD_HELLO_REQUEST 105 | 1836 | #define SSL_R_BAD_HELLO_REQUEST 105 |
| 1643 | #define SSL_R_BAD_LENGTH 271 | 1837 | #define SSL_R_BAD_LENGTH 271 |
| 1644 | #define SSL_R_BAD_MAC_DECODE 113 | 1838 | #define SSL_R_BAD_MAC_DECODE 113 |
| @@ -1668,17 +1862,22 @@ void ERR_load_SSL_strings(void); | |||
| 1668 | #define SSL_R_CIPHER_CODE_WRONG_LENGTH 137 | 1862 | #define SSL_R_CIPHER_CODE_WRONG_LENGTH 137 |
| 1669 | #define SSL_R_CIPHER_OR_HASH_UNAVAILABLE 138 | 1863 | #define SSL_R_CIPHER_OR_HASH_UNAVAILABLE 138 |
| 1670 | #define SSL_R_CIPHER_TABLE_SRC_ERROR 139 | 1864 | #define SSL_R_CIPHER_TABLE_SRC_ERROR 139 |
| 1865 | #define SSL_R_CLIENTHELLO_TLSEXT 157 | ||
| 1671 | #define SSL_R_COMPRESSED_LENGTH_TOO_LONG 140 | 1866 | #define SSL_R_COMPRESSED_LENGTH_TOO_LONG 140 |
| 1672 | #define SSL_R_COMPRESSION_FAILURE 141 | 1867 | #define SSL_R_COMPRESSION_FAILURE 141 |
| 1868 | #define SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE 307 | ||
| 1673 | #define SSL_R_COMPRESSION_LIBRARY_ERROR 142 | 1869 | #define SSL_R_COMPRESSION_LIBRARY_ERROR 142 |
| 1674 | #define SSL_R_CONNECTION_ID_IS_DIFFERENT 143 | 1870 | #define SSL_R_CONNECTION_ID_IS_DIFFERENT 143 |
| 1675 | #define SSL_R_CONNECTION_TYPE_NOT_SET 144 | 1871 | #define SSL_R_CONNECTION_TYPE_NOT_SET 144 |
| 1872 | #define SSL_R_COOKIE_MISMATCH 308 | ||
| 1676 | #define SSL_R_DATA_BETWEEN_CCS_AND_FINISHED 145 | 1873 | #define SSL_R_DATA_BETWEEN_CCS_AND_FINISHED 145 |
| 1677 | #define SSL_R_DATA_LENGTH_TOO_LONG 146 | 1874 | #define SSL_R_DATA_LENGTH_TOO_LONG 146 |
| 1678 | #define SSL_R_DECRYPTION_FAILED 147 | 1875 | #define SSL_R_DECRYPTION_FAILED 147 |
| 1679 | #define SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC 281 | 1876 | #define SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC 281 |
| 1680 | #define SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG 148 | 1877 | #define SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG 148 |
| 1681 | #define SSL_R_DIGEST_CHECK_FAILED 149 | 1878 | #define SSL_R_DIGEST_CHECK_FAILED 149 |
| 1879 | #define SSL_R_DUPLICATE_COMPRESSION_ID 309 | ||
| 1880 | #define SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER 310 | ||
| 1682 | #define SSL_R_ENCRYPTED_LENGTH_TOO_LONG 150 | 1881 | #define SSL_R_ENCRYPTED_LENGTH_TOO_LONG 150 |
| 1683 | #define SSL_R_ERROR_GENERATING_TMP_RSA_KEY 282 | 1882 | #define SSL_R_ERROR_GENERATING_TMP_RSA_KEY 282 |
| 1684 | #define SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST 151 | 1883 | #define SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST 151 |
| @@ -1691,6 +1890,8 @@ void ERR_load_SSL_strings(void); | |||
| 1691 | #define SSL_R_INVALID_CHALLENGE_LENGTH 158 | 1890 | #define SSL_R_INVALID_CHALLENGE_LENGTH 158 |
| 1692 | #define SSL_R_INVALID_COMMAND 280 | 1891 | #define SSL_R_INVALID_COMMAND 280 |
| 1693 | #define SSL_R_INVALID_PURPOSE 278 | 1892 | #define SSL_R_INVALID_PURPOSE 278 |
| 1893 | #define SSL_R_INVALID_STATUS_RESPONSE 316 | ||
| 1894 | #define SSL_R_INVALID_TICKET_KEYS_LENGTH 275 | ||
| 1694 | #define SSL_R_INVALID_TRUST 279 | 1895 | #define SSL_R_INVALID_TRUST 279 |
| 1695 | #define SSL_R_KEY_ARG_TOO_LONG 284 | 1896 | #define SSL_R_KEY_ARG_TOO_LONG 284 |
| 1696 | #define SSL_R_KRB5 285 | 1897 | #define SSL_R_KRB5 285 |
| @@ -1719,6 +1920,7 @@ void ERR_load_SSL_strings(void); | |||
| 1719 | #define SSL_R_MISSING_RSA_ENCRYPTING_CERT 169 | 1920 | #define SSL_R_MISSING_RSA_ENCRYPTING_CERT 169 |
| 1720 | #define SSL_R_MISSING_RSA_SIGNING_CERT 170 | 1921 | #define SSL_R_MISSING_RSA_SIGNING_CERT 170 |
| 1721 | #define SSL_R_MISSING_TMP_DH_KEY 171 | 1922 | #define SSL_R_MISSING_TMP_DH_KEY 171 |
| 1923 | #define SSL_R_MISSING_TMP_ECDH_KEY 311 | ||
| 1722 | #define SSL_R_MISSING_TMP_RSA_KEY 172 | 1924 | #define SSL_R_MISSING_TMP_RSA_KEY 172 |
| 1723 | #define SSL_R_MISSING_TMP_RSA_PKEY 173 | 1925 | #define SSL_R_MISSING_TMP_RSA_PKEY 173 |
| 1724 | #define SSL_R_MISSING_VERIFY_MESSAGE 174 | 1926 | #define SSL_R_MISSING_VERIFY_MESSAGE 174 |
| @@ -1747,6 +1949,7 @@ void ERR_load_SSL_strings(void); | |||
| 1747 | #define SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED 197 | 1949 | #define SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED 197 |
| 1748 | #define SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE 297 | 1950 | #define SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE 297 |
| 1749 | #define SSL_R_PACKET_LENGTH_TOO_LONG 198 | 1951 | #define SSL_R_PACKET_LENGTH_TOO_LONG 198 |
| 1952 | #define SSL_R_PARSE_TLSEXT 223 | ||
| 1750 | #define SSL_R_PATH_TOO_LONG 270 | 1953 | #define SSL_R_PATH_TOO_LONG 270 |
| 1751 | #define SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE 199 | 1954 | #define SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE 199 |
| 1752 | #define SSL_R_PEER_ERROR 200 | 1955 | #define SSL_R_PEER_ERROR 200 |
| @@ -1761,6 +1964,7 @@ void ERR_load_SSL_strings(void); | |||
| 1761 | #define SSL_R_PUBLIC_KEY_IS_NOT_RSA 209 | 1964 | #define SSL_R_PUBLIC_KEY_IS_NOT_RSA 209 |
| 1762 | #define SSL_R_PUBLIC_KEY_NOT_RSA 210 | 1965 | #define SSL_R_PUBLIC_KEY_NOT_RSA 210 |
| 1763 | #define SSL_R_READ_BIO_NOT_SET 211 | 1966 | #define SSL_R_READ_BIO_NOT_SET 211 |
| 1967 | #define SSL_R_READ_TIMEOUT_EXPIRED 312 | ||
| 1764 | #define SSL_R_READ_WRONG_PACKET_TYPE 212 | 1968 | #define SSL_R_READ_WRONG_PACKET_TYPE 212 |
| 1765 | #define SSL_R_RECORD_LENGTH_MISMATCH 213 | 1969 | #define SSL_R_RECORD_LENGTH_MISMATCH 213 |
| 1766 | #define SSL_R_RECORD_TOO_LARGE 214 | 1970 | #define SSL_R_RECORD_TOO_LARGE 214 |
| @@ -1769,11 +1973,14 @@ void ERR_load_SSL_strings(void); | |||
| 1769 | #define SSL_R_REUSE_CERT_LENGTH_NOT_ZERO 216 | 1973 | #define SSL_R_REUSE_CERT_LENGTH_NOT_ZERO 216 |
| 1770 | #define SSL_R_REUSE_CERT_TYPE_NOT_ZERO 217 | 1974 | #define SSL_R_REUSE_CERT_TYPE_NOT_ZERO 217 |
| 1771 | #define SSL_R_REUSE_CIPHER_LIST_NOT_ZERO 218 | 1975 | #define SSL_R_REUSE_CIPHER_LIST_NOT_ZERO 218 |
| 1976 | #define SSL_R_SERVERHELLO_TLSEXT 224 | ||
| 1772 | #define SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED 277 | 1977 | #define SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED 277 |
| 1773 | #define SSL_R_SHORT_READ 219 | 1978 | #define SSL_R_SHORT_READ 219 |
| 1774 | #define SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE 220 | 1979 | #define SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE 220 |
| 1775 | #define SSL_R_SSL23_DOING_SESSION_ID_REUSE 221 | 1980 | #define SSL_R_SSL23_DOING_SESSION_ID_REUSE 221 |
| 1776 | #define SSL_R_SSL2_CONNECTION_ID_TOO_LONG 299 | 1981 | #define SSL_R_SSL2_CONNECTION_ID_TOO_LONG 299 |
| 1982 | #define SSL_R_SSL3_EXT_INVALID_SERVERNAME 225 | ||
| 1983 | #define SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE 226 | ||
| 1777 | #define SSL_R_SSL3_SESSION_ID_TOO_LONG 300 | 1984 | #define SSL_R_SSL3_SESSION_ID_TOO_LONG 300 |
| 1778 | #define SSL_R_SSL3_SESSION_ID_TOO_SHORT 222 | 1985 | #define SSL_R_SSL3_SESSION_ID_TOO_SHORT 222 |
| 1779 | #define SSL_R_SSLV3_ALERT_BAD_CERTIFICATE 1042 | 1986 | #define SSL_R_SSLV3_ALERT_BAD_CERTIFICATE 1042 |
| @@ -1808,12 +2015,15 @@ void ERR_load_SSL_strings(void); | |||
| 1808 | #define SSL_R_TLSV1_ALERT_UNKNOWN_CA 1048 | 2015 | #define SSL_R_TLSV1_ALERT_UNKNOWN_CA 1048 |
| 1809 | #define SSL_R_TLSV1_ALERT_USER_CANCELLED 1090 | 2016 | #define SSL_R_TLSV1_ALERT_USER_CANCELLED 1090 |
| 1810 | #define SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER 232 | 2017 | #define SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER 232 |
| 2018 | #define SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST 227 | ||
| 1811 | #define SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST 233 | 2019 | #define SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST 233 |
| 1812 | #define SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG 234 | 2020 | #define SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG 234 |
| 1813 | #define SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER 235 | 2021 | #define SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER 235 |
| 1814 | #define SSL_R_UNABLE_TO_DECODE_DH_CERTS 236 | 2022 | #define SSL_R_UNABLE_TO_DECODE_DH_CERTS 236 |
| 2023 | #define SSL_R_UNABLE_TO_DECODE_ECDH_CERTS 313 | ||
| 1815 | #define SSL_R_UNABLE_TO_EXTRACT_PUBLIC_KEY 237 | 2024 | #define SSL_R_UNABLE_TO_EXTRACT_PUBLIC_KEY 237 |
| 1816 | #define SSL_R_UNABLE_TO_FIND_DH_PARAMETERS 238 | 2025 | #define SSL_R_UNABLE_TO_FIND_DH_PARAMETERS 238 |
| 2026 | #define SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS 314 | ||
| 1817 | #define SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS 239 | 2027 | #define SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS 239 |
| 1818 | #define SSL_R_UNABLE_TO_FIND_SSL_METHOD 240 | 2028 | #define SSL_R_UNABLE_TO_FIND_SSL_METHOD 240 |
| 1819 | #define SSL_R_UNABLE_TO_LOAD_SSL2_MD5_ROUTINES 241 | 2029 | #define SSL_R_UNABLE_TO_LOAD_SSL2_MD5_ROUTINES 241 |
| @@ -1834,8 +2044,10 @@ void ERR_load_SSL_strings(void); | |||
| 1834 | #define SSL_R_UNKNOWN_STATE 255 | 2044 | #define SSL_R_UNKNOWN_STATE 255 |
| 1835 | #define SSL_R_UNSUPPORTED_CIPHER 256 | 2045 | #define SSL_R_UNSUPPORTED_CIPHER 256 |
| 1836 | #define SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM 257 | 2046 | #define SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM 257 |
| 2047 | #define SSL_R_UNSUPPORTED_ELLIPTIC_CURVE 315 | ||
| 1837 | #define SSL_R_UNSUPPORTED_PROTOCOL 258 | 2048 | #define SSL_R_UNSUPPORTED_PROTOCOL 258 |
| 1838 | #define SSL_R_UNSUPPORTED_SSL_VERSION 259 | 2049 | #define SSL_R_UNSUPPORTED_SSL_VERSION 259 |
| 2050 | #define SSL_R_UNSUPPORTED_STATUS_TYPE 329 | ||
| 1839 | #define SSL_R_WRITE_BIO_NOT_SET 260 | 2051 | #define SSL_R_WRITE_BIO_NOT_SET 260 |
| 1840 | #define SSL_R_WRONG_CIPHER_RETURNED 261 | 2052 | #define SSL_R_WRONG_CIPHER_RETURNED 261 |
| 1841 | #define SSL_R_WRONG_MESSAGE_TYPE 262 | 2053 | #define SSL_R_WRONG_MESSAGE_TYPE 262 |
diff --git a/src/lib/libssl/ssl3.h b/src/lib/libssl/ssl3.h index 1153aeda74..4b1e2e9834 100644 --- a/src/lib/libssl/ssl3.h +++ b/src/lib/libssl/ssl3.h | |||
| @@ -108,6 +108,11 @@ | |||
| 108 | * Hudson (tjh@cryptsoft.com). | 108 | * Hudson (tjh@cryptsoft.com). |
| 109 | * | 109 | * |
| 110 | */ | 110 | */ |
| 111 | /* ==================================================================== | ||
| 112 | * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. | ||
| 113 | * ECC cipher suite support in OpenSSL originally developed by | ||
| 114 | * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. | ||
| 115 | */ | ||
| 111 | 116 | ||
| 112 | #ifndef HEADER_SSL3_H | 117 | #ifndef HEADER_SSL3_H |
| 113 | #define HEADER_SSL3_H | 118 | #define HEADER_SSL3_H |
| @@ -118,6 +123,7 @@ | |||
| 118 | #include <openssl/buffer.h> | 123 | #include <openssl/buffer.h> |
| 119 | #include <openssl/evp.h> | 124 | #include <openssl/evp.h> |
| 120 | #include <openssl/ssl.h> | 125 | #include <openssl/ssl.h> |
| 126 | #include <openssl/pq_compat.h> | ||
| 121 | 127 | ||
| 122 | #ifdef __cplusplus | 128 | #ifdef __cplusplus |
| 123 | extern "C" { | 129 | extern "C" { |
| @@ -248,7 +254,11 @@ extern "C" { | |||
| 248 | #endif | 254 | #endif |
| 249 | 255 | ||
| 250 | #define SSL3_RT_MAX_PLAIN_LENGTH 16384 | 256 | #define SSL3_RT_MAX_PLAIN_LENGTH 16384 |
| 257 | #ifdef OPENSSL_NO_COMP | ||
| 258 | #define SSL3_RT_MAX_COMPRESSED_LENGTH SSL3_RT_MAX_PLAIN_LENGTH | ||
| 259 | #else | ||
| 251 | #define SSL3_RT_MAX_COMPRESSED_LENGTH (1024+SSL3_RT_MAX_PLAIN_LENGTH) | 260 | #define SSL3_RT_MAX_COMPRESSED_LENGTH (1024+SSL3_RT_MAX_PLAIN_LENGTH) |
| 261 | #endif | ||
| 252 | #define SSL3_RT_MAX_ENCRYPTED_LENGTH (1024+SSL3_RT_MAX_COMPRESSED_LENGTH) | 262 | #define SSL3_RT_MAX_ENCRYPTED_LENGTH (1024+SSL3_RT_MAX_COMPRESSED_LENGTH) |
| 253 | #define SSL3_RT_MAX_PACKET_SIZE (SSL3_RT_MAX_ENCRYPTED_LENGTH+SSL3_RT_HEADER_LENGTH) | 263 | #define SSL3_RT_MAX_PACKET_SIZE (SSL3_RT_MAX_ENCRYPTED_LENGTH+SSL3_RT_HEADER_LENGTH) |
| 254 | #define SSL3_RT_MAX_DATA_SIZE (1024*1024) | 264 | #define SSL3_RT_MAX_DATA_SIZE (1024*1024) |
| @@ -289,6 +299,8 @@ typedef struct ssl3_record_st | |||
| 289 | /*rw*/ unsigned char *data; /* pointer to the record data */ | 299 | /*rw*/ unsigned char *data; /* pointer to the record data */ |
| 290 | /*rw*/ unsigned char *input; /* where the decode bytes are */ | 300 | /*rw*/ unsigned char *input; /* where the decode bytes are */ |
| 291 | /*r */ unsigned char *comp; /* only used with decompression - malloc()ed */ | 301 | /*r */ unsigned char *comp; /* only used with decompression - malloc()ed */ |
| 302 | /*r */ unsigned long epoch; /* epoch number, needed by DTLS1 */ | ||
| 303 | /*r */ PQ_64BIT seq_num; /* sequence number, needed by DTLS1 */ | ||
| 292 | } SSL3_RECORD; | 304 | } SSL3_RECORD; |
| 293 | 305 | ||
| 294 | typedef struct ssl3_buffer_st | 306 | typedef struct ssl3_buffer_st |
| @@ -307,7 +319,12 @@ typedef struct ssl3_buffer_st | |||
| 307 | #define SSL3_CT_RSA_EPHEMERAL_DH 5 | 319 | #define SSL3_CT_RSA_EPHEMERAL_DH 5 |
| 308 | #define SSL3_CT_DSS_EPHEMERAL_DH 6 | 320 | #define SSL3_CT_DSS_EPHEMERAL_DH 6 |
| 309 | #define SSL3_CT_FORTEZZA_DMS 20 | 321 | #define SSL3_CT_FORTEZZA_DMS 20 |
| 310 | #define SSL3_CT_NUMBER 7 | 322 | /* SSL3_CT_NUMBER is used to size arrays and it must be large |
| 323 | * enough to contain all of the cert types defined either for | ||
| 324 | * SSLv3 and TLSv1. | ||
| 325 | */ | ||
| 326 | #define SSL3_CT_NUMBER 7 | ||
| 327 | |||
| 311 | 328 | ||
| 312 | #define SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS 0x0001 | 329 | #define SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS 0x0001 |
| 313 | #define SSL3_FLAGS_DELAY_CLIENT_FINISHED 0x0002 | 330 | #define SSL3_FLAGS_DELAY_CLIENT_FINISHED 0x0002 |
| @@ -392,6 +409,11 @@ typedef struct ssl3_state_st | |||
| 392 | #ifndef OPENSSL_NO_DH | 409 | #ifndef OPENSSL_NO_DH |
| 393 | DH *dh; | 410 | DH *dh; |
| 394 | #endif | 411 | #endif |
| 412 | |||
| 413 | #ifndef OPENSSL_NO_ECDH | ||
| 414 | EC_KEY *ecdh; /* holds short lived ECDH key */ | ||
| 415 | #endif | ||
| 416 | |||
| 395 | /* used when SSL_ST_FLUSH_DATA is entered */ | 417 | /* used when SSL_ST_FLUSH_DATA is entered */ |
| 396 | int next_state; | 418 | int next_state; |
| 397 | 419 | ||
| @@ -420,6 +442,7 @@ typedef struct ssl3_state_st | |||
| 420 | 442 | ||
| 421 | } SSL3_STATE; | 443 | } SSL3_STATE; |
| 422 | 444 | ||
| 445 | |||
| 423 | /* SSLv3 */ | 446 | /* SSLv3 */ |
| 424 | /*client */ | 447 | /*client */ |
| 425 | /* extra state */ | 448 | /* extra state */ |
| @@ -430,6 +453,8 @@ typedef struct ssl3_state_st | |||
| 430 | /* read from server */ | 453 | /* read from server */ |
| 431 | #define SSL3_ST_CR_SRVR_HELLO_A (0x120|SSL_ST_CONNECT) | 454 | #define SSL3_ST_CR_SRVR_HELLO_A (0x120|SSL_ST_CONNECT) |
| 432 | #define SSL3_ST_CR_SRVR_HELLO_B (0x121|SSL_ST_CONNECT) | 455 | #define SSL3_ST_CR_SRVR_HELLO_B (0x121|SSL_ST_CONNECT) |
| 456 | #define DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A (0x126|SSL_ST_CONNECT) | ||
| 457 | #define DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B (0x127|SSL_ST_CONNECT) | ||
| 433 | #define SSL3_ST_CR_CERT_A (0x130|SSL_ST_CONNECT) | 458 | #define SSL3_ST_CR_CERT_A (0x130|SSL_ST_CONNECT) |
| 434 | #define SSL3_ST_CR_CERT_B (0x131|SSL_ST_CONNECT) | 459 | #define SSL3_ST_CR_CERT_B (0x131|SSL_ST_CONNECT) |
| 435 | #define SSL3_ST_CR_KEY_EXCH_A (0x140|SSL_ST_CONNECT) | 460 | #define SSL3_ST_CR_KEY_EXCH_A (0x140|SSL_ST_CONNECT) |
| @@ -456,6 +481,10 @@ typedef struct ssl3_state_st | |||
| 456 | #define SSL3_ST_CR_CHANGE_B (0x1C1|SSL_ST_CONNECT) | 481 | #define SSL3_ST_CR_CHANGE_B (0x1C1|SSL_ST_CONNECT) |
| 457 | #define SSL3_ST_CR_FINISHED_A (0x1D0|SSL_ST_CONNECT) | 482 | #define SSL3_ST_CR_FINISHED_A (0x1D0|SSL_ST_CONNECT) |
| 458 | #define SSL3_ST_CR_FINISHED_B (0x1D1|SSL_ST_CONNECT) | 483 | #define SSL3_ST_CR_FINISHED_B (0x1D1|SSL_ST_CONNECT) |
| 484 | #define SSL3_ST_CR_SESSION_TICKET_A (0x1E0|SSL_ST_CONNECT) | ||
| 485 | #define SSL3_ST_CR_SESSION_TICKET_B (0x1E1|SSL_ST_CONNECT) | ||
| 486 | #define SSL3_ST_CR_CERT_STATUS_A (0x1F0|SSL_ST_CONNECT) | ||
| 487 | #define SSL3_ST_CR_CERT_STATUS_B (0x1F1|SSL_ST_CONNECT) | ||
| 459 | 488 | ||
| 460 | /* server */ | 489 | /* server */ |
| 461 | /* extra state */ | 490 | /* extra state */ |
| @@ -466,6 +495,8 @@ typedef struct ssl3_state_st | |||
| 466 | #define SSL3_ST_SR_CLNT_HELLO_B (0x111|SSL_ST_ACCEPT) | 495 | #define SSL3_ST_SR_CLNT_HELLO_B (0x111|SSL_ST_ACCEPT) |
| 467 | #define SSL3_ST_SR_CLNT_HELLO_C (0x112|SSL_ST_ACCEPT) | 496 | #define SSL3_ST_SR_CLNT_HELLO_C (0x112|SSL_ST_ACCEPT) |
| 468 | /* write to client */ | 497 | /* write to client */ |
| 498 | #define DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A (0x113|SSL_ST_ACCEPT) | ||
| 499 | #define DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B (0x114|SSL_ST_ACCEPT) | ||
| 469 | #define SSL3_ST_SW_HELLO_REQ_A (0x120|SSL_ST_ACCEPT) | 500 | #define SSL3_ST_SW_HELLO_REQ_A (0x120|SSL_ST_ACCEPT) |
| 470 | #define SSL3_ST_SW_HELLO_REQ_B (0x121|SSL_ST_ACCEPT) | 501 | #define SSL3_ST_SW_HELLO_REQ_B (0x121|SSL_ST_ACCEPT) |
| 471 | #define SSL3_ST_SW_HELLO_REQ_C (0x122|SSL_ST_ACCEPT) | 502 | #define SSL3_ST_SW_HELLO_REQ_C (0x122|SSL_ST_ACCEPT) |
| @@ -495,10 +526,15 @@ typedef struct ssl3_state_st | |||
| 495 | #define SSL3_ST_SW_CHANGE_B (0x1D1|SSL_ST_ACCEPT) | 526 | #define SSL3_ST_SW_CHANGE_B (0x1D1|SSL_ST_ACCEPT) |
| 496 | #define SSL3_ST_SW_FINISHED_A (0x1E0|SSL_ST_ACCEPT) | 527 | #define SSL3_ST_SW_FINISHED_A (0x1E0|SSL_ST_ACCEPT) |
| 497 | #define SSL3_ST_SW_FINISHED_B (0x1E1|SSL_ST_ACCEPT) | 528 | #define SSL3_ST_SW_FINISHED_B (0x1E1|SSL_ST_ACCEPT) |
| 529 | #define SSL3_ST_SW_SESSION_TICKET_A (0x1F0|SSL_ST_ACCEPT) | ||
| 530 | #define SSL3_ST_SW_SESSION_TICKET_B (0x1F1|SSL_ST_ACCEPT) | ||
| 531 | #define SSL3_ST_SW_CERT_STATUS_A (0x200|SSL_ST_ACCEPT) | ||
| 532 | #define SSL3_ST_SW_CERT_STATUS_B (0x201|SSL_ST_ACCEPT) | ||
| 498 | 533 | ||
| 499 | #define SSL3_MT_HELLO_REQUEST 0 | 534 | #define SSL3_MT_HELLO_REQUEST 0 |
| 500 | #define SSL3_MT_CLIENT_HELLO 1 | 535 | #define SSL3_MT_CLIENT_HELLO 1 |
| 501 | #define SSL3_MT_SERVER_HELLO 2 | 536 | #define SSL3_MT_SERVER_HELLO 2 |
| 537 | #define SSL3_MT_NEWSESSION_TICKET 4 | ||
| 502 | #define SSL3_MT_CERTIFICATE 11 | 538 | #define SSL3_MT_CERTIFICATE 11 |
| 503 | #define SSL3_MT_SERVER_KEY_EXCHANGE 12 | 539 | #define SSL3_MT_SERVER_KEY_EXCHANGE 12 |
| 504 | #define SSL3_MT_CERTIFICATE_REQUEST 13 | 540 | #define SSL3_MT_CERTIFICATE_REQUEST 13 |
| @@ -506,6 +542,9 @@ typedef struct ssl3_state_st | |||
| 506 | #define SSL3_MT_CERTIFICATE_VERIFY 15 | 542 | #define SSL3_MT_CERTIFICATE_VERIFY 15 |
| 507 | #define SSL3_MT_CLIENT_KEY_EXCHANGE 16 | 543 | #define SSL3_MT_CLIENT_KEY_EXCHANGE 16 |
| 508 | #define SSL3_MT_FINISHED 20 | 544 | #define SSL3_MT_FINISHED 20 |
| 545 | #define SSL3_MT_CERTIFICATE_STATUS 22 | ||
| 546 | #define DTLS1_MT_HELLO_VERIFY_REQUEST 3 | ||
| 547 | |||
| 509 | 548 | ||
| 510 | #define SSL3_MT_CCS 1 | 549 | #define SSL3_MT_CCS 1 |
| 511 | 550 | ||
diff --git a/src/lib/libssl/ssl_algs.c b/src/lib/libssl/ssl_algs.c index 3d1299ee7b..4717c0e6e1 100644 --- a/src/lib/libssl/ssl_algs.c +++ b/src/lib/libssl/ssl_algs.c | |||
| @@ -82,6 +82,16 @@ int SSL_library_init(void) | |||
| 82 | EVP_add_cipher(EVP_aes_192_cbc()); | 82 | EVP_add_cipher(EVP_aes_192_cbc()); |
| 83 | EVP_add_cipher(EVP_aes_256_cbc()); | 83 | EVP_add_cipher(EVP_aes_256_cbc()); |
| 84 | #endif | 84 | #endif |
| 85 | |||
| 86 | #ifndef OPENSSL_NO_CAMELLIA | ||
| 87 | EVP_add_cipher(EVP_camellia_128_cbc()); | ||
| 88 | EVP_add_cipher(EVP_camellia_256_cbc()); | ||
| 89 | #endif | ||
| 90 | |||
| 91 | #ifndef OPENSSL_NO_SEED | ||
| 92 | EVP_add_cipher(EVP_seed_cbc()); | ||
| 93 | #endif | ||
| 94 | |||
| 85 | #ifndef OPENSSL_NO_MD2 | 95 | #ifndef OPENSSL_NO_MD2 |
| 86 | EVP_add_digest(EVP_md2()); | 96 | EVP_add_digest(EVP_md2()); |
| 87 | #endif | 97 | #endif |
| @@ -101,11 +111,22 @@ int SSL_library_init(void) | |||
| 101 | EVP_add_digest_alias(SN_dsaWithSHA1,"DSS1"); | 111 | EVP_add_digest_alias(SN_dsaWithSHA1,"DSS1"); |
| 102 | EVP_add_digest_alias(SN_dsaWithSHA1,"dss1"); | 112 | EVP_add_digest_alias(SN_dsaWithSHA1,"dss1"); |
| 103 | #endif | 113 | #endif |
| 114 | #ifndef OPENSSL_NO_ECDSA | ||
| 115 | EVP_add_digest(EVP_ecdsa()); | ||
| 116 | #endif | ||
| 104 | /* If you want support for phased out ciphers, add the following */ | 117 | /* If you want support for phased out ciphers, add the following */ |
| 105 | #if 0 | 118 | #if 0 |
| 106 | EVP_add_digest(EVP_sha()); | 119 | EVP_add_digest(EVP_sha()); |
| 107 | EVP_add_digest(EVP_dss()); | 120 | EVP_add_digest(EVP_dss()); |
| 108 | #endif | 121 | #endif |
| 122 | #ifndef OPENSSL_NO_COMP | ||
| 123 | /* This will initialise the built-in compression algorithms. | ||
| 124 | The value returned is a STACK_OF(SSL_COMP), but that can | ||
| 125 | be discarded safely */ | ||
| 126 | (void)SSL_COMP_get_compression_methods(); | ||
| 127 | #endif | ||
| 128 | /* initialize cipher/digest methods table */ | ||
| 129 | ssl_load_ciphers(); | ||
| 109 | return(1); | 130 | return(1); |
| 110 | } | 131 | } |
| 111 | 132 | ||
diff --git a/src/lib/libssl/ssl_asn1.c b/src/lib/libssl/ssl_asn1.c index fc5fcce108..6e14f4d834 100644 --- a/src/lib/libssl/ssl_asn1.c +++ b/src/lib/libssl/ssl_asn1.c | |||
| @@ -78,6 +78,11 @@ typedef struct ssl_session_asn1_st | |||
| 78 | ASN1_INTEGER time; | 78 | ASN1_INTEGER time; |
| 79 | ASN1_INTEGER timeout; | 79 | ASN1_INTEGER timeout; |
| 80 | ASN1_INTEGER verify_result; | 80 | ASN1_INTEGER verify_result; |
| 81 | #ifndef OPENSSL_NO_TLSEXT | ||
| 82 | ASN1_OCTET_STRING tlsext_hostname; | ||
| 83 | ASN1_INTEGER tlsext_tick_lifetime; | ||
| 84 | ASN1_OCTET_STRING tlsext_tick; | ||
| 85 | #endif /* OPENSSL_NO_TLSEXT */ | ||
| 81 | } SSL_SESSION_ASN1; | 86 | } SSL_SESSION_ASN1; |
| 82 | 87 | ||
| 83 | int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp) | 88 | int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp) |
| @@ -86,6 +91,10 @@ int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp) | |||
| 86 | int v1=0,v2=0,v3=0,v4=0,v5=0; | 91 | int v1=0,v2=0,v3=0,v4=0,v5=0; |
| 87 | unsigned char buf[4],ibuf1[LSIZE2],ibuf2[LSIZE2]; | 92 | unsigned char buf[4],ibuf1[LSIZE2],ibuf2[LSIZE2]; |
| 88 | unsigned char ibuf3[LSIZE2],ibuf4[LSIZE2],ibuf5[LSIZE2]; | 93 | unsigned char ibuf3[LSIZE2],ibuf4[LSIZE2],ibuf5[LSIZE2]; |
| 94 | #ifndef OPENSSL_NO_TLSEXT | ||
| 95 | int v6=0,v9=0,v10=0; | ||
| 96 | unsigned char ibuf6[LSIZE2]; | ||
| 97 | #endif | ||
| 89 | long l; | 98 | long l; |
| 90 | SSL_SESSION_ASN1 a; | 99 | SSL_SESSION_ASN1 a; |
| 91 | M_ASN1_I2D_vars(in); | 100 | M_ASN1_I2D_vars(in); |
| @@ -178,7 +187,33 @@ int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp) | |||
| 178 | ASN1_INTEGER_set(&a.verify_result,in->verify_result); | 187 | ASN1_INTEGER_set(&a.verify_result,in->verify_result); |
| 179 | } | 188 | } |
| 180 | 189 | ||
| 181 | 190 | #ifndef OPENSSL_NO_TLSEXT | |
| 191 | if (in->tlsext_hostname) | ||
| 192 | { | ||
| 193 | a.tlsext_hostname.length=strlen(in->tlsext_hostname); | ||
| 194 | a.tlsext_hostname.type=V_ASN1_OCTET_STRING; | ||
| 195 | a.tlsext_hostname.data=(unsigned char *)in->tlsext_hostname; | ||
| 196 | } | ||
| 197 | if (in->tlsext_tick) | ||
| 198 | { | ||
| 199 | a.tlsext_tick.length= in->tlsext_ticklen; | ||
| 200 | a.tlsext_tick.type=V_ASN1_OCTET_STRING; | ||
| 201 | a.tlsext_tick.data=(unsigned char *)in->tlsext_tick; | ||
| 202 | /* If we have a ticket set session ID to empty because | ||
| 203 | * it will be bogus. If liftime hint is -1 treat as a special | ||
| 204 | * case because the session is being used as a container | ||
| 205 | */ | ||
| 206 | if (in->tlsext_ticklen && (in->tlsext_tick_lifetime_hint != -1)) | ||
| 207 | a.session_id.length=0; | ||
| 208 | } | ||
| 209 | if (in->tlsext_tick_lifetime_hint > 0) | ||
| 210 | { | ||
| 211 | a.tlsext_tick_lifetime.length=LSIZE2; | ||
| 212 | a.tlsext_tick_lifetime.type=V_ASN1_INTEGER; | ||
| 213 | a.tlsext_tick_lifetime.data=ibuf6; | ||
| 214 | ASN1_INTEGER_set(&a.tlsext_tick_lifetime,in->tlsext_tick_lifetime_hint); | ||
| 215 | } | ||
| 216 | #endif /* OPENSSL_NO_TLSEXT */ | ||
| 182 | M_ASN1_I2D_len(&(a.version), i2d_ASN1_INTEGER); | 217 | M_ASN1_I2D_len(&(a.version), i2d_ASN1_INTEGER); |
| 183 | M_ASN1_I2D_len(&(a.ssl_version), i2d_ASN1_INTEGER); | 218 | M_ASN1_I2D_len(&(a.ssl_version), i2d_ASN1_INTEGER); |
| 184 | M_ASN1_I2D_len(&(a.cipher), i2d_ASN1_OCTET_STRING); | 219 | M_ASN1_I2D_len(&(a.cipher), i2d_ASN1_OCTET_STRING); |
| @@ -200,6 +235,14 @@ int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp) | |||
| 200 | if (in->verify_result != X509_V_OK) | 235 | if (in->verify_result != X509_V_OK) |
| 201 | M_ASN1_I2D_len_EXP_opt(&(a.verify_result),i2d_ASN1_INTEGER,5,v5); | 236 | M_ASN1_I2D_len_EXP_opt(&(a.verify_result),i2d_ASN1_INTEGER,5,v5); |
| 202 | 237 | ||
| 238 | #ifndef OPENSSL_NO_TLSEXT | ||
| 239 | if (in->tlsext_tick_lifetime_hint > 0) | ||
| 240 | M_ASN1_I2D_len_EXP_opt(&a.tlsext_tick_lifetime, i2d_ASN1_INTEGER,9,v9); | ||
| 241 | if (in->tlsext_tick) | ||
| 242 | M_ASN1_I2D_len_EXP_opt(&(a.tlsext_tick), i2d_ASN1_OCTET_STRING,10,v10); | ||
| 243 | if (in->tlsext_hostname) | ||
| 244 | M_ASN1_I2D_len_EXP_opt(&(a.tlsext_hostname), i2d_ASN1_OCTET_STRING,6,v6); | ||
| 245 | #endif /* OPENSSL_NO_TLSEXT */ | ||
| 203 | M_ASN1_I2D_seq_total(); | 246 | M_ASN1_I2D_seq_total(); |
| 204 | 247 | ||
| 205 | M_ASN1_I2D_put(&(a.version), i2d_ASN1_INTEGER); | 248 | M_ASN1_I2D_put(&(a.version), i2d_ASN1_INTEGER); |
| @@ -223,10 +266,18 @@ int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp) | |||
| 223 | v4); | 266 | v4); |
| 224 | if (in->verify_result != X509_V_OK) | 267 | if (in->verify_result != X509_V_OK) |
| 225 | M_ASN1_I2D_put_EXP_opt(&a.verify_result,i2d_ASN1_INTEGER,5,v5); | 268 | M_ASN1_I2D_put_EXP_opt(&a.verify_result,i2d_ASN1_INTEGER,5,v5); |
| 269 | #ifndef OPENSSL_NO_TLSEXT | ||
| 270 | if (in->tlsext_hostname) | ||
| 271 | M_ASN1_I2D_put_EXP_opt(&(a.tlsext_hostname), i2d_ASN1_OCTET_STRING,6,v6); | ||
| 272 | if (in->tlsext_tick_lifetime_hint > 0) | ||
| 273 | M_ASN1_I2D_put_EXP_opt(&a.tlsext_tick_lifetime, i2d_ASN1_INTEGER,9,v9); | ||
| 274 | if (in->tlsext_tick) | ||
| 275 | M_ASN1_I2D_put_EXP_opt(&(a.tlsext_tick), i2d_ASN1_OCTET_STRING,10,v10); | ||
| 276 | #endif /* OPENSSL_NO_TLSEXT */ | ||
| 226 | M_ASN1_I2D_finish(); | 277 | M_ASN1_I2D_finish(); |
| 227 | } | 278 | } |
| 228 | 279 | ||
| 229 | SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char * const *pp, | 280 | SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, |
| 230 | long length) | 281 | long length) |
| 231 | { | 282 | { |
| 232 | int version,ssl_version=0,i; | 283 | int version,ssl_version=0,i; |
| @@ -242,18 +293,18 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char * const *pp, | |||
| 242 | M_ASN1_D2I_start_sequence(); | 293 | M_ASN1_D2I_start_sequence(); |
| 243 | 294 | ||
| 244 | ai.data=NULL; ai.length=0; | 295 | ai.data=NULL; ai.length=0; |
| 245 | M_ASN1_D2I_get(aip,d2i_ASN1_INTEGER); | 296 | M_ASN1_D2I_get_x(ASN1_INTEGER,aip,d2i_ASN1_INTEGER); |
| 246 | version=(int)ASN1_INTEGER_get(aip); | 297 | version=(int)ASN1_INTEGER_get(aip); |
| 247 | if (ai.data != NULL) { OPENSSL_free(ai.data); ai.data=NULL; ai.length=0; } | 298 | if (ai.data != NULL) { OPENSSL_free(ai.data); ai.data=NULL; ai.length=0; } |
| 248 | 299 | ||
| 249 | /* we don't care about the version right now :-) */ | 300 | /* we don't care about the version right now :-) */ |
| 250 | M_ASN1_D2I_get(aip,d2i_ASN1_INTEGER); | 301 | M_ASN1_D2I_get_x(ASN1_INTEGER,aip,d2i_ASN1_INTEGER); |
| 251 | ssl_version=(int)ASN1_INTEGER_get(aip); | 302 | ssl_version=(int)ASN1_INTEGER_get(aip); |
| 252 | ret->ssl_version=ssl_version; | 303 | ret->ssl_version=ssl_version; |
| 253 | if (ai.data != NULL) { OPENSSL_free(ai.data); ai.data=NULL; ai.length=0; } | 304 | if (ai.data != NULL) { OPENSSL_free(ai.data); ai.data=NULL; ai.length=0; } |
| 254 | 305 | ||
| 255 | os.data=NULL; os.length=0; | 306 | os.data=NULL; os.length=0; |
| 256 | M_ASN1_D2I_get(osp,d2i_ASN1_OCTET_STRING); | 307 | M_ASN1_D2I_get_x(ASN1_OCTET_STRING,osp,d2i_ASN1_OCTET_STRING); |
| 257 | if (ssl_version == SSL2_VERSION) | 308 | if (ssl_version == SSL2_VERSION) |
| 258 | { | 309 | { |
| 259 | if (os.length != 3) | 310 | if (os.length != 3) |
| @@ -286,22 +337,22 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char * const *pp, | |||
| 286 | ret->cipher=NULL; | 337 | ret->cipher=NULL; |
| 287 | ret->cipher_id=id; | 338 | ret->cipher_id=id; |
| 288 | 339 | ||
| 289 | M_ASN1_D2I_get(osp,d2i_ASN1_OCTET_STRING); | 340 | M_ASN1_D2I_get_x(ASN1_OCTET_STRING,osp,d2i_ASN1_OCTET_STRING); |
| 290 | if ((ssl_version>>8) == SSL3_VERSION_MAJOR) | 341 | if ((ssl_version>>8) == SSL3_VERSION_MAJOR) |
| 291 | i=SSL3_MAX_SSL_SESSION_ID_LENGTH; | 342 | i=SSL3_MAX_SSL_SESSION_ID_LENGTH; |
| 292 | else /* if (ssl_version == SSL2_VERSION_MAJOR) */ | 343 | else /* if (ssl_version>>8 == SSL2_VERSION_MAJOR) */ |
| 293 | i=SSL2_MAX_SSL_SESSION_ID_LENGTH; | 344 | i=SSL2_MAX_SSL_SESSION_ID_LENGTH; |
| 294 | 345 | ||
| 295 | if (os.length > i) | 346 | if (os.length > i) |
| 296 | os.length = i; | 347 | os.length = i; |
| 297 | if (os.length > sizeof ret->session_id) /* can't happen */ | 348 | if (os.length > (int)sizeof(ret->session_id)) /* can't happen */ |
| 298 | os.length = sizeof ret->session_id; | 349 | os.length = sizeof(ret->session_id); |
| 299 | 350 | ||
| 300 | ret->session_id_length=os.length; | 351 | ret->session_id_length=os.length; |
| 301 | OPENSSL_assert(os.length <= sizeof ret->session_id); | 352 | OPENSSL_assert(os.length <= (int)sizeof(ret->session_id)); |
| 302 | memcpy(ret->session_id,os.data,os.length); | 353 | memcpy(ret->session_id,os.data,os.length); |
| 303 | 354 | ||
| 304 | M_ASN1_D2I_get(osp,d2i_ASN1_OCTET_STRING); | 355 | M_ASN1_D2I_get_x(ASN1_OCTET_STRING,osp,d2i_ASN1_OCTET_STRING); |
| 305 | if (ret->master_key_length > SSL_MAX_MASTER_KEY_LENGTH) | 356 | if (ret->master_key_length > SSL_MAX_MASTER_KEY_LENGTH) |
| 306 | ret->master_key_length=SSL_MAX_MASTER_KEY_LENGTH; | 357 | ret->master_key_length=SSL_MAX_MASTER_KEY_LENGTH; |
| 307 | else | 358 | else |
| @@ -394,5 +445,56 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char * const *pp, | |||
| 394 | else | 445 | else |
| 395 | ret->verify_result=X509_V_OK; | 446 | ret->verify_result=X509_V_OK; |
| 396 | 447 | ||
| 448 | #ifndef OPENSSL_NO_TLSEXT | ||
| 449 | os.length=0; | ||
| 450 | os.data=NULL; | ||
| 451 | M_ASN1_D2I_get_EXP_opt(osp,d2i_ASN1_OCTET_STRING,6); | ||
| 452 | if (os.data) | ||
| 453 | { | ||
| 454 | ret->tlsext_hostname = BUF_strndup((char *)os.data, os.length); | ||
| 455 | OPENSSL_free(os.data); | ||
| 456 | os.data = NULL; | ||
| 457 | os.length = 0; | ||
| 458 | } | ||
| 459 | else | ||
| 460 | ret->tlsext_hostname=NULL; | ||
| 461 | ai.length=0; | ||
| 462 | M_ASN1_D2I_get_EXP_opt(aip,d2i_ASN1_INTEGER,9); | ||
| 463 | if (ai.data != NULL) | ||
| 464 | { | ||
| 465 | ret->tlsext_tick_lifetime_hint=ASN1_INTEGER_get(aip); | ||
| 466 | OPENSSL_free(ai.data); ai.data=NULL; ai.length=0; | ||
| 467 | } | ||
| 468 | else if (ret->tlsext_ticklen && ret->session_id_length) | ||
| 469 | ret->tlsext_tick_lifetime_hint = -1; | ||
| 470 | else | ||
| 471 | ret->tlsext_tick_lifetime_hint = 0; | ||
| 472 | os.length=0; | ||
| 473 | os.data=NULL; | ||
| 474 | M_ASN1_D2I_get_EXP_opt(osp,d2i_ASN1_OCTET_STRING,10); | ||
| 475 | if (os.data) | ||
| 476 | { | ||
| 477 | ret->tlsext_tick = os.data; | ||
| 478 | ret->tlsext_ticklen = os.length; | ||
| 479 | os.data = NULL; | ||
| 480 | os.length = 0; | ||
| 481 | #if 0 | ||
| 482 | /* There are two ways to detect a resumed ticket sesion. | ||
| 483 | * One is to set a random session ID and then the server | ||
| 484 | * must return a match in ServerHello. This allows the normal | ||
| 485 | * client session ID matching to work. | ||
| 486 | */ | ||
| 487 | if (ret->session_id_length == 0) | ||
| 488 | { | ||
| 489 | ret->session_id_length=SSL3_MAX_SSL_SESSION_ID_LENGTH; | ||
| 490 | RAND_pseudo_bytes(ret->session_id, | ||
| 491 | ret->session_id_length); | ||
| 492 | } | ||
| 493 | #endif | ||
| 494 | } | ||
| 495 | else | ||
| 496 | ret->tlsext_tick=NULL; | ||
| 497 | #endif /* OPENSSL_NO_TLSEXT */ | ||
| 498 | |||
| 397 | M_ASN1_D2I_Finish(a,SSL_SESSION_free,SSL_F_D2I_SSL_SESSION); | 499 | M_ASN1_D2I_Finish(a,SSL_SESSION_free,SSL_F_D2I_SSL_SESSION); |
| 398 | } | 500 | } |
diff --git a/src/lib/libssl/ssl_cert.c b/src/lib/libssl/ssl_cert.c index b779e6bb4d..a32b2d4446 100644 --- a/src/lib/libssl/ssl_cert.c +++ b/src/lib/libssl/ssl_cert.c | |||
| @@ -56,7 +56,7 @@ | |||
| 56 | * [including the GNU Public Licence.] | 56 | * [including the GNU Public Licence.] |
| 57 | */ | 57 | */ |
| 58 | /* ==================================================================== | 58 | /* ==================================================================== |
| 59 | * Copyright (c) 1999 The OpenSSL Project. All rights reserved. | 59 | * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. |
| 60 | * | 60 | * |
| 61 | * Redistribution and use in source and binary forms, with or without | 61 | * Redistribution and use in source and binary forms, with or without |
| 62 | * modification, are permitted provided that the following conditions | 62 | * modification, are permitted provided that the following conditions |
| @@ -73,12 +73,12 @@ | |||
| 73 | * 3. All advertising materials mentioning features or use of this | 73 | * 3. All advertising materials mentioning features or use of this |
| 74 | * software must display the following acknowledgment: | 74 | * software must display the following acknowledgment: |
| 75 | * "This product includes software developed by the OpenSSL Project | 75 | * "This product includes software developed by the OpenSSL Project |
| 76 | * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" | 76 | * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" |
| 77 | * | 77 | * |
| 78 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | 78 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to |
| 79 | * endorse or promote products derived from this software without | 79 | * endorse or promote products derived from this software without |
| 80 | * prior written permission. For written permission, please contact | 80 | * prior written permission. For written permission, please contact |
| 81 | * openssl-core@OpenSSL.org. | 81 | * openssl-core@openssl.org. |
| 82 | * | 82 | * |
| 83 | * 5. Products derived from this software may not be called "OpenSSL" | 83 | * 5. Products derived from this software may not be called "OpenSSL" |
| 84 | * nor may "OpenSSL" appear in their names without prior written | 84 | * nor may "OpenSSL" appear in their names without prior written |
| @@ -87,7 +87,7 @@ | |||
| 87 | * 6. Redistributions of any form whatsoever must retain the following | 87 | * 6. Redistributions of any form whatsoever must retain the following |
| 88 | * acknowledgment: | 88 | * acknowledgment: |
| 89 | * "This product includes software developed by the OpenSSL Project | 89 | * "This product includes software developed by the OpenSSL Project |
| 90 | * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" | 90 | * for use in the OpenSSL Toolkit (http://www.openssl.org/)" |
| 91 | * | 91 | * |
| 92 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | 92 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY |
| 93 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | 93 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
| @@ -102,6 +102,16 @@ | |||
| 102 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | 102 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED |
| 103 | * OF THE POSSIBILITY OF SUCH DAMAGE. | 103 | * OF THE POSSIBILITY OF SUCH DAMAGE. |
| 104 | * ==================================================================== | 104 | * ==================================================================== |
| 105 | * | ||
| 106 | * This product includes cryptographic software written by Eric Young | ||
| 107 | * (eay@cryptsoft.com). This product includes software written by Tim | ||
| 108 | * Hudson (tjh@cryptsoft.com). | ||
| 109 | * | ||
| 110 | */ | ||
| 111 | /* ==================================================================== | ||
| 112 | * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. | ||
| 113 | * ECC cipher suite support in OpenSSL originally developed by | ||
| 114 | * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. | ||
| 105 | */ | 115 | */ |
| 106 | 116 | ||
| 107 | #include <stdio.h> | 117 | #include <stdio.h> |
| @@ -111,45 +121,42 @@ | |||
| 111 | # include <sys/types.h> | 121 | # include <sys/types.h> |
| 112 | #endif | 122 | #endif |
| 113 | 123 | ||
| 114 | #if !defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_SYS_VMS) && !defined(NeXT) && !defined(MAC_OS_pre_X) | 124 | #include "o_dir.h" |
| 115 | #include <dirent.h> | ||
| 116 | #endif | ||
| 117 | |||
| 118 | #if defined(WIN32) | ||
| 119 | #include <windows.h> | ||
| 120 | #include <tchar.h> | ||
| 121 | #endif | ||
| 122 | |||
| 123 | #ifdef NeXT | ||
| 124 | #include <sys/dir.h> | ||
| 125 | #define dirent direct | ||
| 126 | #endif | ||
| 127 | |||
| 128 | #include <openssl/objects.h> | 125 | #include <openssl/objects.h> |
| 129 | #include <openssl/bio.h> | 126 | #include <openssl/bio.h> |
| 130 | #include <openssl/pem.h> | 127 | #include <openssl/pem.h> |
| 131 | #include <openssl/x509v3.h> | 128 | #include <openssl/x509v3.h> |
| 129 | #ifndef OPENSSL_NO_DH | ||
| 130 | #include <openssl/dh.h> | ||
| 131 | #endif | ||
| 132 | #include <openssl/bn.h> | ||
| 132 | #include "ssl_locl.h" | 133 | #include "ssl_locl.h" |
| 133 | #include <openssl/fips.h> | ||
| 134 | 134 | ||
| 135 | int SSL_get_ex_data_X509_STORE_CTX_idx(void) | 135 | int SSL_get_ex_data_X509_STORE_CTX_idx(void) |
| 136 | { | 136 | { |
| 137 | static volatile int ssl_x509_store_ctx_idx= -1; | 137 | static volatile int ssl_x509_store_ctx_idx= -1; |
| 138 | int got_write_lock = 0; | ||
| 139 | |||
| 140 | CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX); | ||
| 138 | 141 | ||
| 139 | if (ssl_x509_store_ctx_idx < 0) | 142 | if (ssl_x509_store_ctx_idx < 0) |
| 140 | { | 143 | { |
| 141 | /* any write lock will do; usually this branch | 144 | CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX); |
| 142 | * will only be taken once anyway */ | ||
| 143 | CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX); | 145 | CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX); |
| 146 | got_write_lock = 1; | ||
| 144 | 147 | ||
| 145 | if (ssl_x509_store_ctx_idx < 0) | 148 | if (ssl_x509_store_ctx_idx < 0) |
| 146 | { | 149 | { |
| 147 | ssl_x509_store_ctx_idx=X509_STORE_CTX_get_ex_new_index( | 150 | ssl_x509_store_ctx_idx=X509_STORE_CTX_get_ex_new_index( |
| 148 | 0,"SSL for verify callback",NULL,NULL,NULL); | 151 | 0,"SSL for verify callback",NULL,NULL,NULL); |
| 149 | } | 152 | } |
| 150 | |||
| 151 | CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX); | ||
| 152 | } | 153 | } |
| 154 | |||
| 155 | if (got_write_lock) | ||
| 156 | CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX); | ||
| 157 | else | ||
| 158 | CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX); | ||
| 159 | |||
| 153 | return ssl_x509_store_ctx_idx; | 160 | return ssl_x509_store_ctx_idx; |
| 154 | } | 161 | } |
| 155 | 162 | ||
| @@ -205,7 +212,6 @@ CERT *ssl_cert_dup(CERT *cert) | |||
| 205 | #ifndef OPENSSL_NO_DH | 212 | #ifndef OPENSSL_NO_DH |
| 206 | if (cert->dh_tmp != NULL) | 213 | if (cert->dh_tmp != NULL) |
| 207 | { | 214 | { |
| 208 | /* DH parameters don't have a reference count */ | ||
| 209 | ret->dh_tmp = DHparams_dup(cert->dh_tmp); | 215 | ret->dh_tmp = DHparams_dup(cert->dh_tmp); |
| 210 | if (ret->dh_tmp == NULL) | 216 | if (ret->dh_tmp == NULL) |
| 211 | { | 217 | { |
| @@ -236,6 +242,19 @@ CERT *ssl_cert_dup(CERT *cert) | |||
| 236 | ret->dh_tmp_cb = cert->dh_tmp_cb; | 242 | ret->dh_tmp_cb = cert->dh_tmp_cb; |
| 237 | #endif | 243 | #endif |
| 238 | 244 | ||
| 245 | #ifndef OPENSSL_NO_ECDH | ||
| 246 | if (cert->ecdh_tmp) | ||
| 247 | { | ||
| 248 | ret->ecdh_tmp = EC_KEY_dup(cert->ecdh_tmp); | ||
| 249 | if (ret->ecdh_tmp == NULL) | ||
| 250 | { | ||
| 251 | SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_EC_LIB); | ||
| 252 | goto err; | ||
| 253 | } | ||
| 254 | } | ||
| 255 | ret->ecdh_tmp_cb = cert->ecdh_tmp_cb; | ||
| 256 | #endif | ||
| 257 | |||
| 239 | for (i = 0; i < SSL_PKEY_NUM; i++) | 258 | for (i = 0; i < SSL_PKEY_NUM; i++) |
| 240 | { | 259 | { |
| 241 | if (cert->pkeys[i].x509 != NULL) | 260 | if (cert->pkeys[i].x509 != NULL) |
| @@ -270,7 +289,11 @@ CERT *ssl_cert_dup(CERT *cert) | |||
| 270 | case SSL_PKEY_DH_DSA: | 289 | case SSL_PKEY_DH_DSA: |
| 271 | /* We have a DH key. */ | 290 | /* We have a DH key. */ |
| 272 | break; | 291 | break; |
| 273 | 292 | ||
| 293 | case SSL_PKEY_ECC: | ||
| 294 | /* We have an ECC key */ | ||
| 295 | break; | ||
| 296 | |||
| 274 | default: | 297 | default: |
| 275 | /* Can't happen. */ | 298 | /* Can't happen. */ |
| 276 | SSLerr(SSL_F_SSL_CERT_DUP, SSL_R_LIBRARY_BUG); | 299 | SSLerr(SSL_F_SSL_CERT_DUP, SSL_R_LIBRARY_BUG); |
| @@ -285,7 +308,7 @@ CERT *ssl_cert_dup(CERT *cert) | |||
| 285 | 308 | ||
| 286 | return(ret); | 309 | return(ret); |
| 287 | 310 | ||
| 288 | #ifndef OPENSSL_NO_DH /* avoid 'unreferenced label' warning if OPENSSL_NO_DH is defined */ | 311 | #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_ECDH) |
| 289 | err: | 312 | err: |
| 290 | #endif | 313 | #endif |
| 291 | #ifndef OPENSSL_NO_RSA | 314 | #ifndef OPENSSL_NO_RSA |
| @@ -296,6 +319,10 @@ err: | |||
| 296 | if (ret->dh_tmp != NULL) | 319 | if (ret->dh_tmp != NULL) |
| 297 | DH_free(ret->dh_tmp); | 320 | DH_free(ret->dh_tmp); |
| 298 | #endif | 321 | #endif |
| 322 | #ifndef OPENSSL_NO_ECDH | ||
| 323 | if (ret->ecdh_tmp != NULL) | ||
| 324 | EC_KEY_free(ret->ecdh_tmp); | ||
| 325 | #endif | ||
| 299 | 326 | ||
| 300 | for (i = 0; i < SSL_PKEY_NUM; i++) | 327 | for (i = 0; i < SSL_PKEY_NUM; i++) |
| 301 | { | 328 | { |
| @@ -335,6 +362,9 @@ void ssl_cert_free(CERT *c) | |||
| 335 | #ifndef OPENSSL_NO_DH | 362 | #ifndef OPENSSL_NO_DH |
| 336 | if (c->dh_tmp) DH_free(c->dh_tmp); | 363 | if (c->dh_tmp) DH_free(c->dh_tmp); |
| 337 | #endif | 364 | #endif |
| 365 | #ifndef OPENSSL_NO_ECDH | ||
| 366 | if (c->ecdh_tmp) EC_KEY_free(c->ecdh_tmp); | ||
| 367 | #endif | ||
| 338 | 368 | ||
| 339 | for (i=0; i<SSL_PKEY_NUM; i++) | 369 | for (i=0; i<SSL_PKEY_NUM; i++) |
| 340 | { | 370 | { |
| @@ -441,6 +471,10 @@ void ssl_sess_cert_free(SESS_CERT *sc) | |||
| 441 | if (sc->peer_dh_tmp != NULL) | 471 | if (sc->peer_dh_tmp != NULL) |
| 442 | DH_free(sc->peer_dh_tmp); | 472 | DH_free(sc->peer_dh_tmp); |
| 443 | #endif | 473 | #endif |
| 474 | #ifndef OPENSSL_NO_ECDH | ||
| 475 | if (sc->peer_ecdh_tmp != NULL) | ||
| 476 | EC_KEY_free(sc->peer_ecdh_tmp); | ||
| 477 | #endif | ||
| 444 | 478 | ||
| 445 | OPENSSL_free(sc); | 479 | OPENSSL_free(sc); |
| 446 | } | 480 | } |
| @@ -466,20 +500,22 @@ int ssl_verify_cert_chain(SSL *s,STACK_OF(X509) *sk) | |||
| 466 | SSLerr(SSL_F_SSL_VERIFY_CERT_CHAIN,ERR_R_X509_LIB); | 500 | SSLerr(SSL_F_SSL_VERIFY_CERT_CHAIN,ERR_R_X509_LIB); |
| 467 | return(0); | 501 | return(0); |
| 468 | } | 502 | } |
| 503 | if (s->param) | ||
| 504 | X509_VERIFY_PARAM_inherit(X509_STORE_CTX_get0_param(&ctx), | ||
| 505 | s->param); | ||
| 506 | #if 0 | ||
| 469 | if (SSL_get_verify_depth(s) >= 0) | 507 | if (SSL_get_verify_depth(s) >= 0) |
| 470 | X509_STORE_CTX_set_depth(&ctx, SSL_get_verify_depth(s)); | 508 | X509_STORE_CTX_set_depth(&ctx, SSL_get_verify_depth(s)); |
| 509 | #endif | ||
| 471 | X509_STORE_CTX_set_ex_data(&ctx,SSL_get_ex_data_X509_STORE_CTX_idx(),s); | 510 | X509_STORE_CTX_set_ex_data(&ctx,SSL_get_ex_data_X509_STORE_CTX_idx(),s); |
| 472 | 511 | ||
| 473 | /* We need to set the verify purpose. The purpose can be determined by | 512 | /* We need to inherit the verify parameters. These can be determined by |
| 474 | * the context: if its a server it will verify SSL client certificates | 513 | * the context: if its a server it will verify SSL client certificates |
| 475 | * or vice versa. | 514 | * or vice versa. |
| 476 | */ | 515 | */ |
| 477 | if (s->server) | ||
| 478 | i = X509_PURPOSE_SSL_CLIENT; | ||
| 479 | else | ||
| 480 | i = X509_PURPOSE_SSL_SERVER; | ||
| 481 | 516 | ||
| 482 | X509_STORE_CTX_purpose_inherit(&ctx, i, s->purpose, s->trust); | 517 | X509_STORE_CTX_set_default(&ctx, |
| 518 | s->server ? "ssl_client" : "ssl_server"); | ||
| 483 | 519 | ||
| 484 | if (s->verify_callback) | 520 | if (s->verify_callback) |
| 485 | X509_STORE_CTX_set_verify_cb(&ctx, s->verify_callback); | 521 | X509_STORE_CTX_set_verify_cb(&ctx, s->verify_callback); |
| @@ -726,7 +762,7 @@ err: | |||
| 726 | if(x != NULL) | 762 | if(x != NULL) |
| 727 | X509_free(x); | 763 | X509_free(x); |
| 728 | 764 | ||
| 729 | sk_X509_NAME_set_cmp_func(stack,oldcmp); | 765 | (void)sk_X509_NAME_set_cmp_func(stack,oldcmp); |
| 730 | 766 | ||
| 731 | return ret; | 767 | return ret; |
| 732 | } | 768 | } |
| @@ -742,157 +778,52 @@ err: | |||
| 742 | * certs may have been added to \c stack. | 778 | * certs may have been added to \c stack. |
| 743 | */ | 779 | */ |
| 744 | 780 | ||
| 745 | #ifndef OPENSSL_SYS_WIN32 | ||
| 746 | #ifndef OPENSSL_SYS_VMS /* XXXX This may be fixed in the future */ | ||
| 747 | #ifndef OPENSSL_SYS_MACINTOSH_CLASSIC /* XXXXX: Better scheme needed! */ | ||
| 748 | |||
| 749 | int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack, | 781 | int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack, |
| 750 | const char *dir) | 782 | const char *dir) |
| 751 | { | 783 | { |
| 752 | DIR *d; | 784 | OPENSSL_DIR_CTX *d = NULL; |
| 753 | struct dirent *dstruct; | 785 | const char *filename; |
| 754 | int ret = 0; | 786 | int ret = 0; |
| 755 | 787 | ||
| 756 | CRYPTO_w_lock(CRYPTO_LOCK_READDIR); | 788 | CRYPTO_w_lock(CRYPTO_LOCK_READDIR); |
| 757 | d = opendir(dir); | ||
| 758 | 789 | ||
| 759 | /* Note that a side effect is that the CAs will be sorted by name */ | 790 | /* Note that a side effect is that the CAs will be sorted by name */ |
| 760 | if(!d) | 791 | |
| 761 | { | 792 | while((filename = OPENSSL_DIR_read(&d, dir))) |
| 762 | SYSerr(SYS_F_OPENDIR, get_last_sys_error()); | ||
| 763 | ERR_add_error_data(3, "opendir('", dir, "')"); | ||
| 764 | SSLerr(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK, ERR_R_SYS_LIB); | ||
| 765 | goto err; | ||
| 766 | } | ||
| 767 | |||
| 768 | while((dstruct=readdir(d))) | ||
| 769 | { | 793 | { |
| 770 | char buf[1024]; | 794 | char buf[1024]; |
| 771 | int r; | 795 | int r; |
| 772 | 796 | ||
| 773 | if(strlen(dir)+strlen(dstruct->d_name)+2 > sizeof buf) | 797 | if(strlen(dir)+strlen(filename)+2 > sizeof buf) |
| 774 | { | 798 | { |
| 775 | SSLerr(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK,SSL_R_PATH_TOO_LONG); | 799 | SSLerr(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK,SSL_R_PATH_TOO_LONG); |
| 776 | goto err; | 800 | goto err; |
| 777 | } | 801 | } |
| 778 | 802 | ||
| 779 | r = BIO_snprintf(buf,sizeof buf,"%s/%s",dir,dstruct->d_name); | 803 | #ifdef OPENSSL_SYS_VMS |
| 780 | if (r <= 0 || r >= sizeof buf) | 804 | r = BIO_snprintf(buf,sizeof buf,"%s%s",dir,filename); |
| 805 | #else | ||
| 806 | r = BIO_snprintf(buf,sizeof buf,"%s/%s",dir,filename); | ||
| 807 | #endif | ||
| 808 | if (r <= 0 || r >= (int)sizeof(buf)) | ||
| 781 | goto err; | 809 | goto err; |
| 782 | if(!SSL_add_file_cert_subjects_to_stack(stack,buf)) | 810 | if(!SSL_add_file_cert_subjects_to_stack(stack,buf)) |
| 783 | goto err; | 811 | goto err; |
| 784 | } | 812 | } |
| 785 | ret = 1; | ||
| 786 | |||
| 787 | err: | ||
| 788 | if (d) closedir(d); | ||
| 789 | CRYPTO_w_unlock(CRYPTO_LOCK_READDIR); | ||
| 790 | return ret; | ||
| 791 | } | ||
| 792 | |||
| 793 | #endif | ||
| 794 | #endif | ||
| 795 | |||
| 796 | #else /* OPENSSL_SYS_WIN32 */ | ||
| 797 | |||
| 798 | #if defined(_WIN32_WCE) | ||
| 799 | # ifndef UNICODE | ||
| 800 | # error "WinCE comes in UNICODE flavor only..." | ||
| 801 | # endif | ||
| 802 | # if _WIN32_WCE<101 && !defined(OPENSSL_NO_MULTIBYTE) | ||
| 803 | # define OPENSSL_NO_MULTIBYTE | ||
| 804 | # endif | ||
| 805 | # ifndef FindFirstFile | ||
| 806 | # define FindFirstFile FindFirstFileW | ||
| 807 | # endif | ||
| 808 | # ifndef FindNextFile | ||
| 809 | # define FindNextFile FindNextFileW | ||
| 810 | # endif | ||
| 811 | #endif | ||
| 812 | |||
| 813 | int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack, | ||
| 814 | const char *dir) | ||
| 815 | { | ||
| 816 | WIN32_FIND_DATA FindFileData; | ||
| 817 | HANDLE hFind; | ||
| 818 | int ret = 0; | ||
| 819 | TCHAR *wdir = NULL; | ||
| 820 | size_t i,len_0 = strlen(dir)+1; /* len_0 accounts for trailing 0 */ | ||
| 821 | char buf[1024],*slash; | ||
| 822 | |||
| 823 | if (len_0 > (sizeof(buf)-14)) /* 14 is just some value... */ | ||
| 824 | { | ||
| 825 | SSLerr(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK,SSL_R_PATH_TOO_LONG); | ||
| 826 | return ret; | ||
| 827 | } | ||
| 828 | |||
| 829 | CRYPTO_w_lock(CRYPTO_LOCK_READDIR); | ||
| 830 | |||
| 831 | if (sizeof(TCHAR) != sizeof(char)) | ||
| 832 | { | ||
| 833 | wdir = (TCHAR *)malloc(len_0*sizeof(TCHAR)); | ||
| 834 | if (wdir == NULL) | ||
| 835 | goto err_noclose; | ||
| 836 | #ifndef OPENSSL_NO_MULTIBYTE | ||
| 837 | if (!MultiByteToWideChar(CP_ACP,0,dir,len_0, | ||
| 838 | (WCHAR *)wdir,len_0)) | ||
| 839 | #endif | ||
| 840 | for (i=0;i<len_0;i++) wdir[i]=(TCHAR)dir[i]; | ||
| 841 | |||
| 842 | hFind = FindFirstFile(wdir, &FindFileData); | ||
| 843 | } | ||
| 844 | else hFind = FindFirstFile((const TCHAR *)dir, &FindFileData); | ||
| 845 | 813 | ||
| 846 | /* Note that a side effect is that the CAs will be sorted by name */ | 814 | if (errno) |
| 847 | if(hFind == INVALID_HANDLE_VALUE) | ||
| 848 | { | 815 | { |
| 849 | SYSerr(SYS_F_OPENDIR, get_last_sys_error()); | 816 | SYSerr(SYS_F_OPENDIR, get_last_sys_error()); |
| 850 | ERR_add_error_data(3, "opendir('", dir, "')"); | 817 | ERR_add_error_data(3, "OPENSSL_DIR_read(&ctx, '", dir, "')"); |
| 851 | SSLerr(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK, ERR_R_SYS_LIB); | 818 | SSLerr(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK, ERR_R_SYS_LIB); |
| 852 | goto err_noclose; | 819 | goto err; |
| 853 | } | 820 | } |
| 854 | 821 | ||
| 855 | strncpy(buf,dir,sizeof(buf)); /* strcpy is safe too... */ | ||
| 856 | buf[len_0-1]='/'; /* no trailing zero! */ | ||
| 857 | slash=buf+len_0; | ||
| 858 | |||
| 859 | do { | ||
| 860 | const TCHAR *fnam=FindFileData.cFileName; | ||
| 861 | size_t flen_0=_tcslen(fnam)+1; | ||
| 862 | |||
| 863 | if (flen_0 > (sizeof(buf)-len_0)) | ||
| 864 | { | ||
| 865 | SSLerr(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK,SSL_R_PATH_TOO_LONG); | ||
| 866 | goto err; | ||
| 867 | } | ||
| 868 | /* else strcpy would be safe too... */ | ||
| 869 | |||
| 870 | if (sizeof(TCHAR) != sizeof(char)) | ||
| 871 | { | ||
| 872 | #ifndef OPENSSL_NO_MULTIBYTE | ||
| 873 | if (!WideCharToMultiByte(CP_ACP,0, | ||
| 874 | (WCHAR *)fnam,flen_0, | ||
| 875 | slash,sizeof(buf)-len_0, | ||
| 876 | NULL,0)) | ||
| 877 | #endif | ||
| 878 | for (i=0;i<flen_0;i++) slash[i]=(char)fnam[i]; | ||
| 879 | } | ||
| 880 | else strncpy(slash,(const char *)fnam,sizeof(buf)-len_0); | ||
| 881 | |||
| 882 | if(!SSL_add_file_cert_subjects_to_stack(stack,buf)) | ||
| 883 | goto err; | ||
| 884 | } | ||
| 885 | while (FindNextFile(hFind, &FindFileData) != FALSE); | ||
| 886 | ret = 1; | 822 | ret = 1; |
| 887 | 823 | ||
| 888 | err: | 824 | err: |
| 889 | FindClose(hFind); | 825 | if (d) OPENSSL_DIR_end(&d); |
| 890 | err_noclose: | ||
| 891 | if (wdir != NULL) | ||
| 892 | free(wdir); | ||
| 893 | |||
| 894 | CRYPTO_w_unlock(CRYPTO_LOCK_READDIR); | 826 | CRYPTO_w_unlock(CRYPTO_LOCK_READDIR); |
| 895 | return ret; | 827 | return ret; |
| 896 | } | 828 | } |
| 897 | 829 | ||
| 898 | #endif | ||
diff --git a/src/lib/libssl/ssl_ciph.c b/src/lib/libssl/ssl_ciph.c index f622180c69..71b645da14 100644 --- a/src/lib/libssl/ssl_ciph.c +++ b/src/lib/libssl/ssl_ciph.c | |||
| @@ -55,11 +55,67 @@ | |||
| 55 | * copied and put under another distribution licence | 55 | * copied and put under another distribution licence |
| 56 | * [including the GNU Public Licence.] | 56 | * [including the GNU Public Licence.] |
| 57 | */ | 57 | */ |
| 58 | 58 | /* ==================================================================== | |
| 59 | * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. | ||
| 60 | * | ||
| 61 | * Redistribution and use in source and binary forms, with or without | ||
| 62 | * modification, are permitted provided that the following conditions | ||
| 63 | * are met: | ||
| 64 | * | ||
| 65 | * 1. Redistributions of source code must retain the above copyright | ||
| 66 | * notice, this list of conditions and the following disclaimer. | ||
| 67 | * | ||
| 68 | * 2. Redistributions in binary form must reproduce the above copyright | ||
| 69 | * notice, this list of conditions and the following disclaimer in | ||
| 70 | * the documentation and/or other materials provided with the | ||
| 71 | * distribution. | ||
| 72 | * | ||
| 73 | * 3. All advertising materials mentioning features or use of this | ||
| 74 | * software must display the following acknowledgment: | ||
| 75 | * "This product includes software developed by the OpenSSL Project | ||
| 76 | * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" | ||
| 77 | * | ||
| 78 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | ||
| 79 | * endorse or promote products derived from this software without | ||
| 80 | * prior written permission. For written permission, please contact | ||
| 81 | * openssl-core@openssl.org. | ||
| 82 | * | ||
| 83 | * 5. Products derived from this software may not be called "OpenSSL" | ||
| 84 | * nor may "OpenSSL" appear in their names without prior written | ||
| 85 | * permission of the OpenSSL Project. | ||
| 86 | * | ||
| 87 | * 6. Redistributions of any form whatsoever must retain the following | ||
| 88 | * acknowledgment: | ||
| 89 | * "This product includes software developed by the OpenSSL Project | ||
| 90 | * for use in the OpenSSL Toolkit (http://www.openssl.org/)" | ||
| 91 | * | ||
| 92 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | ||
| 93 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
| 94 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | ||
| 95 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | ||
| 96 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | ||
| 97 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
| 98 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | ||
| 99 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
| 100 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | ||
| 101 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | ||
| 102 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | ||
| 103 | * OF THE POSSIBILITY OF SUCH DAMAGE. | ||
| 104 | * ==================================================================== | ||
| 105 | * | ||
| 106 | * This product includes cryptographic software written by Eric Young | ||
| 107 | * (eay@cryptsoft.com). This product includes software written by Tim | ||
| 108 | * Hudson (tjh@cryptsoft.com). | ||
| 109 | * | ||
| 110 | */ | ||
| 111 | /* ==================================================================== | ||
| 112 | * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. | ||
| 113 | * ECC cipher suite support in OpenSSL originally developed by | ||
| 114 | * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. | ||
| 115 | */ | ||
| 59 | #include <stdio.h> | 116 | #include <stdio.h> |
| 60 | #include <openssl/objects.h> | 117 | #include <openssl/objects.h> |
| 61 | #include <openssl/comp.h> | 118 | #include <openssl/comp.h> |
| 62 | #include <openssl/fips.h> | ||
| 63 | #include "ssl_locl.h" | 119 | #include "ssl_locl.h" |
| 64 | 120 | ||
| 65 | #define SSL_ENC_DES_IDX 0 | 121 | #define SSL_ENC_DES_IDX 0 |
| @@ -71,12 +127,20 @@ | |||
| 71 | #define SSL_ENC_NULL_IDX 6 | 127 | #define SSL_ENC_NULL_IDX 6 |
| 72 | #define SSL_ENC_AES128_IDX 7 | 128 | #define SSL_ENC_AES128_IDX 7 |
| 73 | #define SSL_ENC_AES256_IDX 8 | 129 | #define SSL_ENC_AES256_IDX 8 |
| 74 | #define SSL_ENC_NUM_IDX 9 | 130 | #define SSL_ENC_CAMELLIA128_IDX 9 |
| 131 | #define SSL_ENC_CAMELLIA256_IDX 10 | ||
| 132 | #define SSL_ENC_SEED_IDX 11 | ||
| 133 | #define SSL_ENC_NUM_IDX 12 | ||
| 134 | |||
| 75 | 135 | ||
| 76 | static const EVP_CIPHER *ssl_cipher_methods[SSL_ENC_NUM_IDX]={ | 136 | static const EVP_CIPHER *ssl_cipher_methods[SSL_ENC_NUM_IDX]={ |
| 77 | NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL | 137 | NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL |
| 78 | }; | 138 | }; |
| 79 | 139 | ||
| 140 | #define SSL_COMP_NULL_IDX 0 | ||
| 141 | #define SSL_COMP_ZLIB_IDX 1 | ||
| 142 | #define SSL_COMP_NUM_IDX 2 | ||
| 143 | |||
| 80 | static STACK_OF(SSL_COMP) *ssl_comp_methods=NULL; | 144 | static STACK_OF(SSL_COMP) *ssl_comp_methods=NULL; |
| 81 | 145 | ||
| 82 | #define SSL_MD_MD5_IDX 0 | 146 | #define SSL_MD_MD5_IDX 0 |
| @@ -102,18 +166,20 @@ typedef struct cipher_order_st | |||
| 102 | 166 | ||
| 103 | static const SSL_CIPHER cipher_aliases[]={ | 167 | static const SSL_CIPHER cipher_aliases[]={ |
| 104 | /* Don't include eNULL unless specifically enabled. */ | 168 | /* Don't include eNULL unless specifically enabled. */ |
| 105 | {0,SSL_TXT_ALL, 0,SSL_ALL & ~SSL_eNULL, SSL_ALL ,0,0,0,SSL_ALL,SSL_ALL}, /* must be first */ | 169 | /* Don't include ECC in ALL because these ciphers are not yet official. */ |
| 106 | {0,SSL_TXT_CMPALL,0,SSL_eNULL,0,0,0,0,SSL_ENC_MASK,0}, /* COMPLEMENT OF ALL */ | 170 | {0,SSL_TXT_ALL, 0,SSL_ALL & ~SSL_eNULL & ~SSL_kECDH & ~SSL_kECDHE, SSL_ALL ,0,0,0,SSL_ALL,SSL_ALL}, /* must be first */ |
| 171 | /* TODO: COMPLEMENT OF ALL and COMPLEMENT OF DEFAULT do not have ECC cipher suites handled properly. */ | ||
| 172 | {0,SSL_TXT_CMPALL,0,SSL_eNULL,0,0,0,0,SSL_ENC_MASK,0}, /* COMPLEMENT OF ALL */ | ||
| 107 | {0,SSL_TXT_CMPDEF,0,SSL_ADH, 0,0,0,0,SSL_AUTH_MASK,0}, | 173 | {0,SSL_TXT_CMPDEF,0,SSL_ADH, 0,0,0,0,SSL_AUTH_MASK,0}, |
| 108 | {0,SSL_TXT_kKRB5,0,SSL_kKRB5,0,0,0,0,SSL_MKEY_MASK,0}, /* VRS Kerberos5 */ | 174 | {0,SSL_TXT_kKRB5,0,SSL_kKRB5,0,0,0,0,SSL_MKEY_MASK,0}, /* VRS Kerberos5 */ |
| 109 | {0,SSL_TXT_kRSA,0,SSL_kRSA, 0,0,0,0,SSL_MKEY_MASK,0}, | 175 | {0,SSL_TXT_kRSA,0,SSL_kRSA, 0,0,0,0,SSL_MKEY_MASK,0}, |
| 110 | {0,SSL_TXT_kDHr,0,SSL_kDHr, 0,0,0,0,SSL_MKEY_MASK,0}, | 176 | {0,SSL_TXT_kDHr,0,SSL_kDHr, 0,0,0,0,SSL_MKEY_MASK,0}, |
| 111 | {0,SSL_TXT_kDHd,0,SSL_kDHd, 0,0,0,0,SSL_MKEY_MASK,0}, | 177 | {0,SSL_TXT_kDHd,0,SSL_kDHd, 0,0,0,0,SSL_MKEY_MASK,0}, |
| 112 | {0,SSL_TXT_kEDH,0,SSL_kEDH, 0,0,0,0,SSL_MKEY_MASK,0}, | 178 | {0,SSL_TXT_kEDH,0,SSL_kEDH, 0,0,0,0,SSL_MKEY_MASK,0}, |
| 113 | {0,SSL_TXT_kFZA,0,SSL_kFZA, 0,0,0,0,SSL_MKEY_MASK,0}, | 179 | {0,SSL_TXT_kFZA,0,SSL_kFZA, 0,0,0,0,SSL_MKEY_MASK,0}, |
| 114 | {0,SSL_TXT_DH, 0,SSL_DH, 0,0,0,0,SSL_MKEY_MASK,0}, | 180 | {0,SSL_TXT_DH, 0,SSL_DH, 0,0,0,0,SSL_MKEY_MASK,0}, |
| 181 | {0,SSL_TXT_ECC, 0,(SSL_kECDH|SSL_kECDHE), 0,0,0,0,SSL_MKEY_MASK,0}, | ||
| 115 | {0,SSL_TXT_EDH, 0,SSL_EDH, 0,0,0,0,SSL_MKEY_MASK|SSL_AUTH_MASK,0}, | 182 | {0,SSL_TXT_EDH, 0,SSL_EDH, 0,0,0,0,SSL_MKEY_MASK|SSL_AUTH_MASK,0}, |
| 116 | |||
| 117 | {0,SSL_TXT_aKRB5,0,SSL_aKRB5,0,0,0,0,SSL_AUTH_MASK,0}, /* VRS Kerberos5 */ | 183 | {0,SSL_TXT_aKRB5,0,SSL_aKRB5,0,0,0,0,SSL_AUTH_MASK,0}, /* VRS Kerberos5 */ |
| 118 | {0,SSL_TXT_aRSA,0,SSL_aRSA, 0,0,0,0,SSL_AUTH_MASK,0}, | 184 | {0,SSL_TXT_aRSA,0,SSL_aRSA, 0,0,0,0,SSL_AUTH_MASK,0}, |
| 119 | {0,SSL_TXT_aDSS,0,SSL_aDSS, 0,0,0,0,SSL_AUTH_MASK,0}, | 185 | {0,SSL_TXT_aDSS,0,SSL_aDSS, 0,0,0,0,SSL_AUTH_MASK,0}, |
| @@ -129,9 +195,11 @@ static const SSL_CIPHER cipher_aliases[]={ | |||
| 129 | #ifndef OPENSSL_NO_IDEA | 195 | #ifndef OPENSSL_NO_IDEA |
| 130 | {0,SSL_TXT_IDEA,0,SSL_IDEA, 0,0,0,0,SSL_ENC_MASK,0}, | 196 | {0,SSL_TXT_IDEA,0,SSL_IDEA, 0,0,0,0,SSL_ENC_MASK,0}, |
| 131 | #endif | 197 | #endif |
| 198 | {0,SSL_TXT_SEED,0,SSL_SEED, 0,0,0,0,SSL_ENC_MASK,0}, | ||
| 132 | {0,SSL_TXT_eNULL,0,SSL_eNULL,0,0,0,0,SSL_ENC_MASK,0}, | 199 | {0,SSL_TXT_eNULL,0,SSL_eNULL,0,0,0,0,SSL_ENC_MASK,0}, |
| 133 | {0,SSL_TXT_eFZA,0,SSL_eFZA, 0,0,0,0,SSL_ENC_MASK,0}, | 200 | {0,SSL_TXT_eFZA,0,SSL_eFZA, 0,0,0,0,SSL_ENC_MASK,0}, |
| 134 | {0,SSL_TXT_AES, 0,SSL_AES, 0,0,0,0,SSL_ENC_MASK,0}, | 201 | {0,SSL_TXT_AES, 0,SSL_AES, 0,0,0,0,SSL_ENC_MASK,0}, |
| 202 | {0,SSL_TXT_CAMELLIA,0,SSL_CAMELLIA, 0,0,0,0,SSL_ENC_MASK,0}, | ||
| 135 | 203 | ||
| 136 | {0,SSL_TXT_MD5, 0,SSL_MD5, 0,0,0,0,SSL_MAC_MASK,0}, | 204 | {0,SSL_TXT_MD5, 0,SSL_MD5, 0,0,0,0,SSL_MAC_MASK,0}, |
| 137 | {0,SSL_TXT_SHA1,0,SSL_SHA1, 0,0,0,0,SSL_MAC_MASK,0}, | 205 | {0,SSL_TXT_SHA1,0,SSL_SHA1, 0,0,0,0,SSL_MAC_MASK,0}, |
| @@ -154,12 +222,9 @@ static const SSL_CIPHER cipher_aliases[]={ | |||
| 154 | {0,SSL_TXT_LOW, 0, 0, SSL_LOW, 0,0,0,0,SSL_STRONG_MASK}, | 222 | {0,SSL_TXT_LOW, 0, 0, SSL_LOW, 0,0,0,0,SSL_STRONG_MASK}, |
| 155 | {0,SSL_TXT_MEDIUM,0, 0,SSL_MEDIUM, 0,0,0,0,SSL_STRONG_MASK}, | 223 | {0,SSL_TXT_MEDIUM,0, 0,SSL_MEDIUM, 0,0,0,0,SSL_STRONG_MASK}, |
| 156 | {0,SSL_TXT_HIGH, 0, 0, SSL_HIGH, 0,0,0,0,SSL_STRONG_MASK}, | 224 | {0,SSL_TXT_HIGH, 0, 0, SSL_HIGH, 0,0,0,0,SSL_STRONG_MASK}, |
| 157 | {0,SSL_TXT_FIPS, 0, 0, SSL_FIPS, 0,0,0,0,SSL_FIPS|SSL_STRONG_NONE}, | ||
| 158 | }; | 225 | }; |
| 159 | 226 | ||
| 160 | static int init_ciphers=1; | 227 | void ssl_load_ciphers(void) |
| 161 | |||
| 162 | static void load_ciphers(void) | ||
| 163 | { | 228 | { |
| 164 | ssl_cipher_methods[SSL_ENC_DES_IDX]= | 229 | ssl_cipher_methods[SSL_ENC_DES_IDX]= |
| 165 | EVP_get_cipherbyname(SN_des_cbc); | 230 | EVP_get_cipherbyname(SN_des_cbc); |
| @@ -179,14 +244,73 @@ static void load_ciphers(void) | |||
| 179 | EVP_get_cipherbyname(SN_aes_128_cbc); | 244 | EVP_get_cipherbyname(SN_aes_128_cbc); |
| 180 | ssl_cipher_methods[SSL_ENC_AES256_IDX]= | 245 | ssl_cipher_methods[SSL_ENC_AES256_IDX]= |
| 181 | EVP_get_cipherbyname(SN_aes_256_cbc); | 246 | EVP_get_cipherbyname(SN_aes_256_cbc); |
| 247 | ssl_cipher_methods[SSL_ENC_CAMELLIA128_IDX]= | ||
| 248 | EVP_get_cipherbyname(SN_camellia_128_cbc); | ||
| 249 | ssl_cipher_methods[SSL_ENC_CAMELLIA256_IDX]= | ||
| 250 | EVP_get_cipherbyname(SN_camellia_256_cbc); | ||
| 251 | ssl_cipher_methods[SSL_ENC_SEED_IDX]= | ||
| 252 | EVP_get_cipherbyname(SN_seed_cbc); | ||
| 182 | 253 | ||
| 183 | ssl_digest_methods[SSL_MD_MD5_IDX]= | 254 | ssl_digest_methods[SSL_MD_MD5_IDX]= |
| 184 | EVP_get_digestbyname(SN_md5); | 255 | EVP_get_digestbyname(SN_md5); |
| 185 | ssl_digest_methods[SSL_MD_SHA1_IDX]= | 256 | ssl_digest_methods[SSL_MD_SHA1_IDX]= |
| 186 | EVP_get_digestbyname(SN_sha1); | 257 | EVP_get_digestbyname(SN_sha1); |
| 187 | init_ciphers=0; | ||
| 188 | } | 258 | } |
| 189 | 259 | ||
| 260 | |||
| 261 | #ifndef OPENSSL_NO_COMP | ||
| 262 | |||
| 263 | static int sk_comp_cmp(const SSL_COMP * const *a, | ||
| 264 | const SSL_COMP * const *b) | ||
| 265 | { | ||
| 266 | return((*a)->id-(*b)->id); | ||
| 267 | } | ||
| 268 | |||
| 269 | static void load_builtin_compressions(void) | ||
| 270 | { | ||
| 271 | int got_write_lock = 0; | ||
| 272 | |||
| 273 | CRYPTO_r_lock(CRYPTO_LOCK_SSL); | ||
| 274 | if (ssl_comp_methods == NULL) | ||
| 275 | { | ||
| 276 | CRYPTO_r_unlock(CRYPTO_LOCK_SSL); | ||
| 277 | CRYPTO_w_lock(CRYPTO_LOCK_SSL); | ||
| 278 | got_write_lock = 1; | ||
| 279 | |||
| 280 | if (ssl_comp_methods == NULL) | ||
| 281 | { | ||
| 282 | SSL_COMP *comp = NULL; | ||
| 283 | |||
| 284 | MemCheck_off(); | ||
| 285 | ssl_comp_methods=sk_SSL_COMP_new(sk_comp_cmp); | ||
| 286 | if (ssl_comp_methods != NULL) | ||
| 287 | { | ||
| 288 | comp=(SSL_COMP *)OPENSSL_malloc(sizeof(SSL_COMP)); | ||
| 289 | if (comp != NULL) | ||
| 290 | { | ||
| 291 | comp->method=COMP_zlib(); | ||
| 292 | if (comp->method | ||
| 293 | && comp->method->type == NID_undef) | ||
| 294 | OPENSSL_free(comp); | ||
| 295 | else | ||
| 296 | { | ||
| 297 | comp->id=SSL_COMP_ZLIB_IDX; | ||
| 298 | comp->name=comp->method->name; | ||
| 299 | sk_SSL_COMP_push(ssl_comp_methods,comp); | ||
| 300 | } | ||
| 301 | } | ||
| 302 | } | ||
| 303 | MemCheck_on(); | ||
| 304 | } | ||
| 305 | } | ||
| 306 | |||
| 307 | if (got_write_lock) | ||
| 308 | CRYPTO_w_unlock(CRYPTO_LOCK_SSL); | ||
| 309 | else | ||
| 310 | CRYPTO_r_unlock(CRYPTO_LOCK_SSL); | ||
| 311 | } | ||
| 312 | #endif | ||
| 313 | |||
| 190 | int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc, | 314 | int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc, |
| 191 | const EVP_MD **md, SSL_COMP **comp) | 315 | const EVP_MD **md, SSL_COMP **comp) |
| 192 | { | 316 | { |
| @@ -198,18 +322,14 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc, | |||
| 198 | if (comp != NULL) | 322 | if (comp != NULL) |
| 199 | { | 323 | { |
| 200 | SSL_COMP ctmp; | 324 | SSL_COMP ctmp; |
| 325 | #ifndef OPENSSL_NO_COMP | ||
| 326 | load_builtin_compressions(); | ||
| 327 | #endif | ||
| 201 | 328 | ||
| 202 | if (s->compress_meth == 0) | 329 | *comp=NULL; |
| 203 | *comp=NULL; | 330 | ctmp.id=s->compress_meth; |
| 204 | else if (ssl_comp_methods == NULL) | 331 | if (ssl_comp_methods != NULL) |
| 205 | { | 332 | { |
| 206 | /* bad */ | ||
| 207 | *comp=NULL; | ||
| 208 | } | ||
| 209 | else | ||
| 210 | { | ||
| 211 | |||
| 212 | ctmp.id=s->compress_meth; | ||
| 213 | i=sk_SSL_COMP_find(ssl_comp_methods,&ctmp); | 333 | i=sk_SSL_COMP_find(ssl_comp_methods,&ctmp); |
| 214 | if (i >= 0) | 334 | if (i >= 0) |
| 215 | *comp=sk_SSL_COMP_value(ssl_comp_methods,i); | 335 | *comp=sk_SSL_COMP_value(ssl_comp_methods,i); |
| @@ -248,6 +368,18 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc, | |||
| 248 | default: i=-1; break; | 368 | default: i=-1; break; |
| 249 | } | 369 | } |
| 250 | break; | 370 | break; |
| 371 | case SSL_CAMELLIA: | ||
| 372 | switch(c->alg_bits) | ||
| 373 | { | ||
| 374 | case 128: i=SSL_ENC_CAMELLIA128_IDX; break; | ||
| 375 | case 256: i=SSL_ENC_CAMELLIA256_IDX; break; | ||
| 376 | default: i=-1; break; | ||
| 377 | } | ||
| 378 | break; | ||
| 379 | case SSL_SEED: | ||
| 380 | i=SSL_ENC_SEED_IDX; | ||
| 381 | break; | ||
| 382 | |||
| 251 | default: | 383 | default: |
| 252 | i= -1; | 384 | i= -1; |
| 253 | break; | 385 | break; |
| @@ -305,9 +437,18 @@ static void ll_append_tail(CIPHER_ORDER **head, CIPHER_ORDER *curr, | |||
| 305 | *tail=curr; | 437 | *tail=curr; |
| 306 | } | 438 | } |
| 307 | 439 | ||
| 308 | static unsigned long ssl_cipher_get_disabled(void) | 440 | struct disabled_masks { /* This is a kludge no longer needed with OpenSSL 0.9.9, |
| 441 | * where 128-bit and 256-bit algorithms simply will get | ||
| 442 | * separate bits. */ | ||
| 443 | unsigned long mask; /* everything except m256 */ | ||
| 444 | unsigned long m256; /* applies to 256-bit algorithms only */ | ||
| 445 | }; | ||
| 446 | |||
| 447 | static struct disabled_masks ssl_cipher_get_disabled(void) | ||
| 309 | { | 448 | { |
| 310 | unsigned long mask; | 449 | unsigned long mask; |
| 450 | unsigned long m256; | ||
| 451 | struct disabled_masks ret; | ||
| 311 | 452 | ||
| 312 | mask = SSL_kFZA; | 453 | mask = SSL_kFZA; |
| 313 | #ifdef OPENSSL_NO_RSA | 454 | #ifdef OPENSSL_NO_RSA |
| @@ -322,7 +463,9 @@ static unsigned long ssl_cipher_get_disabled(void) | |||
| 322 | #ifdef OPENSSL_NO_KRB5 | 463 | #ifdef OPENSSL_NO_KRB5 |
| 323 | mask |= SSL_kKRB5|SSL_aKRB5; | 464 | mask |= SSL_kKRB5|SSL_aKRB5; |
| 324 | #endif | 465 | #endif |
| 325 | 466 | #ifdef OPENSSL_NO_ECDH | |
| 467 | mask |= SSL_kECDH|SSL_kECDHE; | ||
| 468 | #endif | ||
| 326 | #ifdef SSL_FORBID_ENULL | 469 | #ifdef SSL_FORBID_ENULL |
| 327 | mask |= SSL_eNULL; | 470 | mask |= SSL_eNULL; |
| 328 | #endif | 471 | #endif |
| @@ -333,17 +476,27 @@ static unsigned long ssl_cipher_get_disabled(void) | |||
| 333 | mask |= (ssl_cipher_methods[SSL_ENC_RC2_IDX ] == NULL) ? SSL_RC2 :0; | 476 | mask |= (ssl_cipher_methods[SSL_ENC_RC2_IDX ] == NULL) ? SSL_RC2 :0; |
| 334 | mask |= (ssl_cipher_methods[SSL_ENC_IDEA_IDX] == NULL) ? SSL_IDEA:0; | 477 | mask |= (ssl_cipher_methods[SSL_ENC_IDEA_IDX] == NULL) ? SSL_IDEA:0; |
| 335 | mask |= (ssl_cipher_methods[SSL_ENC_eFZA_IDX] == NULL) ? SSL_eFZA:0; | 478 | mask |= (ssl_cipher_methods[SSL_ENC_eFZA_IDX] == NULL) ? SSL_eFZA:0; |
| 336 | mask |= (ssl_cipher_methods[SSL_ENC_AES128_IDX] == NULL) ? SSL_AES:0; | 479 | mask |= (ssl_cipher_methods[SSL_ENC_SEED_IDX] == NULL) ? SSL_SEED:0; |
| 337 | 480 | ||
| 338 | mask |= (ssl_digest_methods[SSL_MD_MD5_IDX ] == NULL) ? SSL_MD5 :0; | 481 | mask |= (ssl_digest_methods[SSL_MD_MD5_IDX ] == NULL) ? SSL_MD5 :0; |
| 339 | mask |= (ssl_digest_methods[SSL_MD_SHA1_IDX] == NULL) ? SSL_SHA1:0; | 482 | mask |= (ssl_digest_methods[SSL_MD_SHA1_IDX] == NULL) ? SSL_SHA1:0; |
| 340 | 483 | ||
| 341 | return(mask); | 484 | /* finally consider algorithms where mask and m256 differ */ |
| 485 | m256 = mask; | ||
| 486 | mask |= (ssl_cipher_methods[SSL_ENC_AES128_IDX] == NULL) ? SSL_AES:0; | ||
| 487 | mask |= (ssl_cipher_methods[SSL_ENC_CAMELLIA128_IDX] == NULL) ? SSL_CAMELLIA:0; | ||
| 488 | m256 |= (ssl_cipher_methods[SSL_ENC_AES256_IDX] == NULL) ? SSL_AES:0; | ||
| 489 | m256 |= (ssl_cipher_methods[SSL_ENC_CAMELLIA256_IDX] == NULL) ? SSL_CAMELLIA:0; | ||
| 490 | |||
| 491 | ret.mask = mask; | ||
| 492 | ret.m256 = m256; | ||
| 493 | return ret; | ||
| 342 | } | 494 | } |
| 343 | 495 | ||
| 344 | static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method, | 496 | static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method, |
| 345 | int num_of_ciphers, unsigned long mask, CIPHER_ORDER *co_list, | 497 | int num_of_ciphers, unsigned long mask, unsigned long m256, |
| 346 | CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p) | 498 | CIPHER_ORDER *co_list, CIPHER_ORDER **head_p, |
| 499 | CIPHER_ORDER **tail_p) | ||
| 347 | { | 500 | { |
| 348 | int i, co_list_num; | 501 | int i, co_list_num; |
| 349 | SSL_CIPHER *c; | 502 | SSL_CIPHER *c; |
| @@ -360,13 +513,9 @@ static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method, | |||
| 360 | for (i = 0; i < num_of_ciphers; i++) | 513 | for (i = 0; i < num_of_ciphers; i++) |
| 361 | { | 514 | { |
| 362 | c = ssl_method->get_cipher(i); | 515 | c = ssl_method->get_cipher(i); |
| 516 | #define IS_MASKED(c) ((c)->algorithms & (((c)->alg_bits == 256) ? m256 : mask)) | ||
| 363 | /* drop those that use any of that is not available */ | 517 | /* drop those that use any of that is not available */ |
| 364 | #ifdef OPENSSL_FIPS | 518 | if ((c != NULL) && c->valid && !IS_MASKED(c)) |
| 365 | if ((c != NULL) && c->valid && !(c->algorithms & mask) | ||
| 366 | && (!FIPS_mode() || (c->algo_strength & SSL_FIPS))) | ||
| 367 | #else | ||
| 368 | if ((c != NULL) && c->valid && !(c->algorithms & mask)) | ||
| 369 | #endif | ||
| 370 | { | 519 | { |
| 371 | co_list[co_list_num].cipher = c; | 520 | co_list[co_list_num].cipher = c; |
| 372 | co_list[co_list_num].next = NULL; | 521 | co_list[co_list_num].next = NULL; |
| @@ -440,7 +589,8 @@ static void ssl_cipher_collect_aliases(SSL_CIPHER **ca_list, | |||
| 440 | *ca_curr = NULL; /* end of list */ | 589 | *ca_curr = NULL; /* end of list */ |
| 441 | } | 590 | } |
| 442 | 591 | ||
| 443 | static void ssl_cipher_apply_rule(unsigned long algorithms, unsigned long mask, | 592 | static void ssl_cipher_apply_rule(unsigned long cipher_id, unsigned long ssl_version, |
| 593 | unsigned long algorithms, unsigned long mask, | ||
| 444 | unsigned long algo_strength, unsigned long mask_strength, | 594 | unsigned long algo_strength, unsigned long mask_strength, |
| 445 | int rule, int strength_bits, CIPHER_ORDER *co_list, | 595 | int rule, int strength_bits, CIPHER_ORDER *co_list, |
| 446 | CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p) | 596 | CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p) |
| @@ -466,11 +616,20 @@ static void ssl_cipher_apply_rule(unsigned long algorithms, unsigned long mask, | |||
| 466 | 616 | ||
| 467 | cp = curr->cipher; | 617 | cp = curr->cipher; |
| 468 | 618 | ||
| 619 | /* If explicit cipher suite, match only that one for its own protocol version. | ||
| 620 | * Usual selection criteria will be used for similar ciphersuites from other version! */ | ||
| 621 | |||
| 622 | if (cipher_id && (cp->algorithms & SSL_SSL_MASK) == ssl_version) | ||
| 623 | { | ||
| 624 | if (cp->id != cipher_id) | ||
| 625 | continue; | ||
| 626 | } | ||
| 627 | |||
| 469 | /* | 628 | /* |
| 470 | * Selection criteria is either the number of strength_bits | 629 | * Selection criteria is either the number of strength_bits |
| 471 | * or the algorithm used. | 630 | * or the algorithm used. |
| 472 | */ | 631 | */ |
| 473 | if (strength_bits == -1) | 632 | else if (strength_bits == -1) |
| 474 | { | 633 | { |
| 475 | ma = mask & cp->algorithms; | 634 | ma = mask & cp->algorithms; |
| 476 | ma_s = mask_strength & cp->algo_strength; | 635 | ma_s = mask_strength & cp->algo_strength; |
| @@ -501,8 +660,22 @@ static void ssl_cipher_apply_rule(unsigned long algorithms, unsigned long mask, | |||
| 501 | { | 660 | { |
| 502 | if (!curr->active) | 661 | if (!curr->active) |
| 503 | { | 662 | { |
| 504 | ll_append_tail(&head, curr, &tail); | 663 | int add_this_cipher = 1; |
| 505 | curr->active = 1; | 664 | |
| 665 | if (((cp->algorithms & (SSL_kECDHE|SSL_kECDH|SSL_aECDSA)) != 0)) | ||
| 666 | { | ||
| 667 | /* Make sure "ECCdraft" ciphersuites are activated only if | ||
| 668 | * *explicitly* requested, but not implicitly (such as | ||
| 669 | * as part of the "AES" alias). */ | ||
| 670 | |||
| 671 | add_this_cipher = (mask & (SSL_kECDHE|SSL_kECDH|SSL_aECDSA)) != 0 || cipher_id != 0; | ||
| 672 | } | ||
| 673 | |||
| 674 | if (add_this_cipher) | ||
| 675 | { | ||
| 676 | ll_append_tail(&head, curr, &tail); | ||
| 677 | curr->active = 1; | ||
| 678 | } | ||
| 506 | } | 679 | } |
| 507 | } | 680 | } |
| 508 | /* Move the added cipher to this location */ | 681 | /* Move the added cipher to this location */ |
| @@ -583,7 +756,7 @@ static int ssl_cipher_strength_sort(CIPHER_ORDER *co_list, | |||
| 583 | */ | 756 | */ |
| 584 | for (i = max_strength_bits; i >= 0; i--) | 757 | for (i = max_strength_bits; i >= 0; i--) |
| 585 | if (number_uses[i] > 0) | 758 | if (number_uses[i] > 0) |
| 586 | ssl_cipher_apply_rule(0, 0, 0, 0, CIPHER_ORD, i, | 759 | ssl_cipher_apply_rule(0, 0, 0, 0, 0, 0, CIPHER_ORD, i, |
| 587 | co_list, head_p, tail_p); | 760 | co_list, head_p, tail_p); |
| 588 | 761 | ||
| 589 | OPENSSL_free(number_uses); | 762 | OPENSSL_free(number_uses); |
| @@ -597,6 +770,7 @@ static int ssl_cipher_process_rulestr(const char *rule_str, | |||
| 597 | unsigned long algorithms, mask, algo_strength, mask_strength; | 770 | unsigned long algorithms, mask, algo_strength, mask_strength; |
| 598 | const char *l, *start, *buf; | 771 | const char *l, *start, *buf; |
| 599 | int j, multi, found, rule, retval, ok, buflen; | 772 | int j, multi, found, rule, retval, ok, buflen; |
| 773 | unsigned long cipher_id = 0, ssl_version = 0; | ||
| 600 | char ch; | 774 | char ch; |
| 601 | 775 | ||
| 602 | retval = 1; | 776 | retval = 1; |
| @@ -686,6 +860,8 @@ static int ssl_cipher_process_rulestr(const char *rule_str, | |||
| 686 | * use strcmp(), because buf is not '\0' terminated.) | 860 | * use strcmp(), because buf is not '\0' terminated.) |
| 687 | */ | 861 | */ |
| 688 | j = found = 0; | 862 | j = found = 0; |
| 863 | cipher_id = 0; | ||
| 864 | ssl_version = 0; | ||
| 689 | while (ca_list[j]) | 865 | while (ca_list[j]) |
| 690 | { | 866 | { |
| 691 | if (!strncmp(buf, ca_list[j]->name, buflen) && | 867 | if (!strncmp(buf, ca_list[j]->name, buflen) && |
| @@ -714,6 +890,14 @@ static int ssl_cipher_process_rulestr(const char *rule_str, | |||
| 714 | (algo_strength & ca_list[j]->algo_strength); | 890 | (algo_strength & ca_list[j]->algo_strength); |
| 715 | mask_strength |= ca_list[j]->mask_strength; | 891 | mask_strength |= ca_list[j]->mask_strength; |
| 716 | 892 | ||
| 893 | /* explicit ciphersuite found */ | ||
| 894 | if (ca_list[j]->valid) | ||
| 895 | { | ||
| 896 | cipher_id = ca_list[j]->id; | ||
| 897 | ssl_version = ca_list[j]->algorithms & SSL_SSL_MASK; | ||
| 898 | break; | ||
| 899 | } | ||
| 900 | |||
| 717 | if (!multi) break; | 901 | if (!multi) break; |
| 718 | } | 902 | } |
| 719 | 903 | ||
| @@ -738,18 +922,18 @@ static int ssl_cipher_process_rulestr(const char *rule_str, | |||
| 738 | * rest of the command, if any left, until | 922 | * rest of the command, if any left, until |
| 739 | * end or ':' is found. | 923 | * end or ':' is found. |
| 740 | */ | 924 | */ |
| 741 | while ((*l != '\0') && ITEM_SEP(*l)) | 925 | while ((*l != '\0') && !ITEM_SEP(*l)) |
| 742 | l++; | 926 | l++; |
| 743 | } | 927 | } |
| 744 | else if (found) | 928 | else if (found) |
| 745 | { | 929 | { |
| 746 | ssl_cipher_apply_rule(algorithms, mask, | 930 | ssl_cipher_apply_rule(cipher_id, ssl_version, algorithms, mask, |
| 747 | algo_strength, mask_strength, rule, -1, | 931 | algo_strength, mask_strength, rule, -1, |
| 748 | co_list, head_p, tail_p); | 932 | co_list, head_p, tail_p); |
| 749 | } | 933 | } |
| 750 | else | 934 | else |
| 751 | { | 935 | { |
| 752 | while ((*l != '\0') && ITEM_SEP(*l)) | 936 | while ((*l != '\0') && !ITEM_SEP(*l)) |
| 753 | l++; | 937 | l++; |
| 754 | } | 938 | } |
| 755 | if (*l == '\0') break; /* done */ | 939 | if (*l == '\0') break; /* done */ |
| @@ -765,6 +949,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, | |||
| 765 | { | 949 | { |
| 766 | int ok, num_of_ciphers, num_of_alias_max, num_of_group_aliases; | 950 | int ok, num_of_ciphers, num_of_alias_max, num_of_group_aliases; |
| 767 | unsigned long disabled_mask; | 951 | unsigned long disabled_mask; |
| 952 | unsigned long disabled_m256; | ||
| 768 | STACK_OF(SSL_CIPHER) *cipherstack, *tmp_cipher_list; | 953 | STACK_OF(SSL_CIPHER) *cipherstack, *tmp_cipher_list; |
| 769 | const char *rule_p; | 954 | const char *rule_p; |
| 770 | CIPHER_ORDER *co_list = NULL, *head = NULL, *tail = NULL, *curr; | 955 | CIPHER_ORDER *co_list = NULL, *head = NULL, *tail = NULL, *curr; |
| @@ -776,18 +961,16 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, | |||
| 776 | if (rule_str == NULL || cipher_list == NULL || cipher_list_by_id == NULL) | 961 | if (rule_str == NULL || cipher_list == NULL || cipher_list_by_id == NULL) |
| 777 | return NULL; | 962 | return NULL; |
| 778 | 963 | ||
| 779 | if (init_ciphers) | ||
| 780 | { | ||
| 781 | CRYPTO_w_lock(CRYPTO_LOCK_SSL); | ||
| 782 | if (init_ciphers) load_ciphers(); | ||
| 783 | CRYPTO_w_unlock(CRYPTO_LOCK_SSL); | ||
| 784 | } | ||
| 785 | |||
| 786 | /* | 964 | /* |
| 787 | * To reduce the work to do we only want to process the compiled | 965 | * To reduce the work to do we only want to process the compiled |
| 788 | * in algorithms, so we first get the mask of disabled ciphers. | 966 | * in algorithms, so we first get the mask of disabled ciphers. |
| 789 | */ | 967 | */ |
| 790 | disabled_mask = ssl_cipher_get_disabled(); | 968 | { |
| 969 | struct disabled_masks d; | ||
| 970 | d = ssl_cipher_get_disabled(); | ||
| 971 | disabled_mask = d.mask; | ||
| 972 | disabled_m256 = d.m256; | ||
| 973 | } | ||
| 791 | 974 | ||
| 792 | /* | 975 | /* |
| 793 | * Now we have to collect the available ciphers from the compiled | 976 | * Now we have to collect the available ciphers from the compiled |
| @@ -806,7 +989,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, | |||
| 806 | } | 989 | } |
| 807 | 990 | ||
| 808 | ssl_cipher_collect_ciphers(ssl_method, num_of_ciphers, disabled_mask, | 991 | ssl_cipher_collect_ciphers(ssl_method, num_of_ciphers, disabled_mask, |
| 809 | co_list, &head, &tail); | 992 | disabled_m256, co_list, &head, &tail); |
| 810 | 993 | ||
| 811 | /* | 994 | /* |
| 812 | * We also need cipher aliases for selecting based on the rule_str. | 995 | * We also need cipher aliases for selecting based on the rule_str. |
| @@ -826,8 +1009,8 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, | |||
| 826 | SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST,ERR_R_MALLOC_FAILURE); | 1009 | SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST,ERR_R_MALLOC_FAILURE); |
| 827 | return(NULL); /* Failure */ | 1010 | return(NULL); /* Failure */ |
| 828 | } | 1011 | } |
| 829 | ssl_cipher_collect_aliases(ca_list, num_of_group_aliases, disabled_mask, | 1012 | ssl_cipher_collect_aliases(ca_list, num_of_group_aliases, |
| 830 | head); | 1013 | (disabled_mask & disabled_m256), head); |
| 831 | 1014 | ||
| 832 | /* | 1015 | /* |
| 833 | * If the rule_string begins with DEFAULT, apply the default rule | 1016 | * If the rule_string begins with DEFAULT, apply the default rule |
| @@ -871,11 +1054,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, | |||
| 871 | */ | 1054 | */ |
| 872 | for (curr = head; curr != NULL; curr = curr->next) | 1055 | for (curr = head; curr != NULL; curr = curr->next) |
| 873 | { | 1056 | { |
| 874 | #ifdef OPENSSL_FIPS | ||
| 875 | if (curr->active && (!FIPS_mode() || curr->cipher->algo_strength & SSL_FIPS)) | ||
| 876 | #else | ||
| 877 | if (curr->active) | 1057 | if (curr->active) |
| 878 | #endif | ||
| 879 | { | 1058 | { |
| 880 | sk_SSL_CIPHER_push(cipherstack, curr->cipher); | 1059 | sk_SSL_CIPHER_push(cipherstack, curr->cipher); |
| 881 | #ifdef CIPHER_DEBUG | 1060 | #ifdef CIPHER_DEBUG |
| @@ -897,7 +1076,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, | |||
| 897 | if (*cipher_list_by_id != NULL) | 1076 | if (*cipher_list_by_id != NULL) |
| 898 | sk_SSL_CIPHER_free(*cipher_list_by_id); | 1077 | sk_SSL_CIPHER_free(*cipher_list_by_id); |
| 899 | *cipher_list_by_id = tmp_cipher_list; | 1078 | *cipher_list_by_id = tmp_cipher_list; |
| 900 | sk_SSL_CIPHER_set_cmp_func(*cipher_list_by_id,ssl_cipher_ptr_id_cmp); | 1079 | (void)sk_SSL_CIPHER_set_cmp_func(*cipher_list_by_id,ssl_cipher_ptr_id_cmp); |
| 901 | 1080 | ||
| 902 | return(cipherstack); | 1081 | return(cipherstack); |
| 903 | } | 1082 | } |
| @@ -905,13 +1084,13 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, | |||
| 905 | char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int len) | 1084 | char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int len) |
| 906 | { | 1085 | { |
| 907 | int is_export,pkl,kl; | 1086 | int is_export,pkl,kl; |
| 908 | char *ver,*exp_str; | 1087 | const char *ver,*exp_str; |
| 909 | char *kx,*au,*enc,*mac; | 1088 | const char *kx,*au,*enc,*mac; |
| 910 | unsigned long alg,alg2,alg_s; | 1089 | unsigned long alg,alg2,alg_s; |
| 911 | #ifdef KSSL_DEBUG | 1090 | #ifdef KSSL_DEBUG |
| 912 | static char *format="%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s%s AL=%lx\n"; | 1091 | static const char *format="%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s%s AL=%lx\n"; |
| 913 | #else | 1092 | #else |
| 914 | static char *format="%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s%s\n"; | 1093 | static const char *format="%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s%s\n"; |
| 915 | #endif /* KSSL_DEBUG */ | 1094 | #endif /* KSSL_DEBUG */ |
| 916 | 1095 | ||
| 917 | alg=cipher->algorithms; | 1096 | alg=cipher->algorithms; |
| @@ -922,7 +1101,7 @@ char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int len) | |||
| 922 | pkl=SSL_C_EXPORT_PKEYLENGTH(cipher); | 1101 | pkl=SSL_C_EXPORT_PKEYLENGTH(cipher); |
| 923 | kl=SSL_C_EXPORT_KEYLENGTH(cipher); | 1102 | kl=SSL_C_EXPORT_KEYLENGTH(cipher); |
| 924 | exp_str=is_export?" export":""; | 1103 | exp_str=is_export?" export":""; |
| 925 | 1104 | ||
| 926 | if (alg & SSL_SSLV2) | 1105 | if (alg & SSL_SSLV2) |
| 927 | ver="SSLv2"; | 1106 | ver="SSLv2"; |
| 928 | else if (alg & SSL_SSLV3) | 1107 | else if (alg & SSL_SSLV3) |
| @@ -951,6 +1130,10 @@ char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int len) | |||
| 951 | case SSL_kEDH: | 1130 | case SSL_kEDH: |
| 952 | kx=is_export?(pkl == 512 ? "DH(512)" : "DH(1024)"):"DH"; | 1131 | kx=is_export?(pkl == 512 ? "DH(512)" : "DH(1024)"):"DH"; |
| 953 | break; | 1132 | break; |
| 1133 | case SSL_kECDH: | ||
| 1134 | case SSL_kECDHE: | ||
| 1135 | kx=is_export?"ECDH(<=163)":"ECDH"; | ||
| 1136 | break; | ||
| 954 | default: | 1137 | default: |
| 955 | kx="unknown"; | 1138 | kx="unknown"; |
| 956 | } | 1139 | } |
| @@ -974,6 +1157,9 @@ char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int len) | |||
| 974 | case SSL_aNULL: | 1157 | case SSL_aNULL: |
| 975 | au="None"; | 1158 | au="None"; |
| 976 | break; | 1159 | break; |
| 1160 | case SSL_aECDSA: | ||
| 1161 | au="ECDSA"; | ||
| 1162 | break; | ||
| 977 | default: | 1163 | default: |
| 978 | au="unknown"; | 1164 | au="unknown"; |
| 979 | break; | 1165 | break; |
| @@ -1012,6 +1198,18 @@ char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int len) | |||
| 1012 | default: enc="AES(?""?""?)"; break; | 1198 | default: enc="AES(?""?""?)"; break; |
| 1013 | } | 1199 | } |
| 1014 | break; | 1200 | break; |
| 1201 | case SSL_CAMELLIA: | ||
| 1202 | switch(cipher->strength_bits) | ||
| 1203 | { | ||
| 1204 | case 128: enc="Camellia(128)"; break; | ||
| 1205 | case 256: enc="Camellia(256)"; break; | ||
| 1206 | default: enc="Camellia(?""?""?)"; break; | ||
| 1207 | } | ||
| 1208 | break; | ||
| 1209 | case SSL_SEED: | ||
| 1210 | enc="SEED(128)"; | ||
| 1211 | break; | ||
| 1212 | |||
| 1015 | default: | 1213 | default: |
| 1016 | enc="unknown"; | 1214 | enc="unknown"; |
| 1017 | break; | 1215 | break; |
| @@ -1098,35 +1296,63 @@ SSL_COMP *ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n) | |||
| 1098 | return(NULL); | 1296 | return(NULL); |
| 1099 | } | 1297 | } |
| 1100 | 1298 | ||
| 1101 | static int sk_comp_cmp(const SSL_COMP * const *a, | 1299 | #ifdef OPENSSL_NO_COMP |
| 1102 | const SSL_COMP * const *b) | 1300 | void *SSL_COMP_get_compression_methods(void) |
| 1103 | { | 1301 | { |
| 1104 | return((*a)->id-(*b)->id); | 1302 | return NULL; |
| 1303 | } | ||
| 1304 | int SSL_COMP_add_compression_method(int id, void *cm) | ||
| 1305 | { | ||
| 1306 | return 1; | ||
| 1105 | } | 1307 | } |
| 1106 | 1308 | ||
| 1309 | const char *SSL_COMP_get_name(const void *comp) | ||
| 1310 | { | ||
| 1311 | return NULL; | ||
| 1312 | } | ||
| 1313 | #else | ||
| 1107 | STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void) | 1314 | STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void) |
| 1108 | { | 1315 | { |
| 1316 | load_builtin_compressions(); | ||
| 1109 | return(ssl_comp_methods); | 1317 | return(ssl_comp_methods); |
| 1110 | } | 1318 | } |
| 1111 | 1319 | ||
| 1112 | int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm) | 1320 | int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm) |
| 1113 | { | 1321 | { |
| 1114 | SSL_COMP *comp; | 1322 | SSL_COMP *comp; |
| 1115 | STACK_OF(SSL_COMP) *sk; | ||
| 1116 | 1323 | ||
| 1117 | if (cm == NULL || cm->type == NID_undef) | 1324 | if (cm == NULL || cm->type == NID_undef) |
| 1118 | return 1; | 1325 | return 1; |
| 1119 | 1326 | ||
| 1327 | /* According to draft-ietf-tls-compression-04.txt, the | ||
| 1328 | compression number ranges should be the following: | ||
| 1329 | |||
| 1330 | 0 to 63: methods defined by the IETF | ||
| 1331 | 64 to 192: external party methods assigned by IANA | ||
| 1332 | 193 to 255: reserved for private use */ | ||
| 1333 | if (id < 193 || id > 255) | ||
| 1334 | { | ||
| 1335 | SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE); | ||
| 1336 | return 0; | ||
| 1337 | } | ||
| 1338 | |||
| 1120 | MemCheck_off(); | 1339 | MemCheck_off(); |
| 1121 | comp=(SSL_COMP *)OPENSSL_malloc(sizeof(SSL_COMP)); | 1340 | comp=(SSL_COMP *)OPENSSL_malloc(sizeof(SSL_COMP)); |
| 1122 | comp->id=id; | 1341 | comp->id=id; |
| 1123 | comp->method=cm; | 1342 | comp->method=cm; |
| 1124 | if (ssl_comp_methods == NULL) | 1343 | load_builtin_compressions(); |
| 1125 | sk=ssl_comp_methods=sk_SSL_COMP_new(sk_comp_cmp); | 1344 | if (ssl_comp_methods |
| 1126 | else | 1345 | && !sk_SSL_COMP_find(ssl_comp_methods,comp)) |
| 1127 | sk=ssl_comp_methods; | ||
| 1128 | if ((sk == NULL) || !sk_SSL_COMP_push(sk,comp)) | ||
| 1129 | { | 1346 | { |
| 1347 | OPENSSL_free(comp); | ||
| 1348 | MemCheck_on(); | ||
| 1349 | SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,SSL_R_DUPLICATE_COMPRESSION_ID); | ||
| 1350 | return(1); | ||
| 1351 | } | ||
| 1352 | else if ((ssl_comp_methods == NULL) | ||
| 1353 | || !sk_SSL_COMP_push(ssl_comp_methods,comp)) | ||
| 1354 | { | ||
| 1355 | OPENSSL_free(comp); | ||
| 1130 | MemCheck_on(); | 1356 | MemCheck_on(); |
| 1131 | SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,ERR_R_MALLOC_FAILURE); | 1357 | SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,ERR_R_MALLOC_FAILURE); |
| 1132 | return(1); | 1358 | return(1); |
| @@ -1137,3 +1363,12 @@ int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm) | |||
| 1137 | return(0); | 1363 | return(0); |
| 1138 | } | 1364 | } |
| 1139 | } | 1365 | } |
| 1366 | |||
| 1367 | const char *SSL_COMP_get_name(const COMP_METHOD *comp) | ||
| 1368 | { | ||
| 1369 | if (comp) | ||
| 1370 | return comp->name; | ||
| 1371 | return NULL; | ||
| 1372 | } | ||
| 1373 | |||
| 1374 | #endif | ||
diff --git a/src/lib/libssl/ssl_err.c b/src/lib/libssl/ssl_err.c index 4bcf591298..50779c1632 100644 --- a/src/lib/libssl/ssl_err.c +++ b/src/lib/libssl/ssl_err.c | |||
| @@ -1,6 +1,6 @@ | |||
| 1 | /* ssl/ssl_err.c */ | 1 | /* ssl/ssl_err.c */ |
| 2 | /* ==================================================================== | 2 | /* ==================================================================== |
| 3 | * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved. | 3 | * Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved. |
| 4 | * | 4 | * |
| 5 | * Redistribution and use in source and binary forms, with or without | 5 | * Redistribution and use in source and binary forms, with or without |
| 6 | * modification, are permitted provided that the following conditions | 6 | * modification, are permitted provided that the following conditions |
| @@ -75,7 +75,32 @@ static ERR_STRING_DATA SSL_str_functs[]= | |||
| 75 | {ERR_FUNC(SSL_F_CLIENT_HELLO), "CLIENT_HELLO"}, | 75 | {ERR_FUNC(SSL_F_CLIENT_HELLO), "CLIENT_HELLO"}, |
| 76 | {ERR_FUNC(SSL_F_CLIENT_MASTER_KEY), "CLIENT_MASTER_KEY"}, | 76 | {ERR_FUNC(SSL_F_CLIENT_MASTER_KEY), "CLIENT_MASTER_KEY"}, |
| 77 | {ERR_FUNC(SSL_F_D2I_SSL_SESSION), "d2i_SSL_SESSION"}, | 77 | {ERR_FUNC(SSL_F_D2I_SSL_SESSION), "d2i_SSL_SESSION"}, |
| 78 | {ERR_FUNC(SSL_F_DO_DTLS1_WRITE), "DO_DTLS1_WRITE"}, | ||
| 78 | {ERR_FUNC(SSL_F_DO_SSL3_WRITE), "DO_SSL3_WRITE"}, | 79 | {ERR_FUNC(SSL_F_DO_SSL3_WRITE), "DO_SSL3_WRITE"}, |
| 80 | {ERR_FUNC(SSL_F_DTLS1_ACCEPT), "DTLS1_ACCEPT"}, | ||
| 81 | {ERR_FUNC(SSL_F_DTLS1_BUFFER_RECORD), "DTLS1_BUFFER_RECORD"}, | ||
| 82 | {ERR_FUNC(SSL_F_DTLS1_CLIENT_HELLO), "DTLS1_CLIENT_HELLO"}, | ||
| 83 | {ERR_FUNC(SSL_F_DTLS1_CONNECT), "DTLS1_CONNECT"}, | ||
| 84 | {ERR_FUNC(SSL_F_DTLS1_ENC), "DTLS1_ENC"}, | ||
| 85 | {ERR_FUNC(SSL_F_DTLS1_GET_HELLO_VERIFY), "DTLS1_GET_HELLO_VERIFY"}, | ||
| 86 | {ERR_FUNC(SSL_F_DTLS1_GET_MESSAGE), "DTLS1_GET_MESSAGE"}, | ||
| 87 | {ERR_FUNC(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT), "DTLS1_GET_MESSAGE_FRAGMENT"}, | ||
| 88 | {ERR_FUNC(SSL_F_DTLS1_GET_RECORD), "DTLS1_GET_RECORD"}, | ||
| 89 | {ERR_FUNC(SSL_F_DTLS1_OUTPUT_CERT_CHAIN), "DTLS1_OUTPUT_CERT_CHAIN"}, | ||
| 90 | {ERR_FUNC(SSL_F_DTLS1_PREPROCESS_FRAGMENT), "DTLS1_PREPROCESS_FRAGMENT"}, | ||
| 91 | {ERR_FUNC(SSL_F_DTLS1_PROCESS_OUT_OF_SEQ_MESSAGE), "DTLS1_PROCESS_OUT_OF_SEQ_MESSAGE"}, | ||
| 92 | {ERR_FUNC(SSL_F_DTLS1_PROCESS_RECORD), "DTLS1_PROCESS_RECORD"}, | ||
| 93 | {ERR_FUNC(SSL_F_DTLS1_READ_BYTES), "DTLS1_READ_BYTES"}, | ||
| 94 | {ERR_FUNC(SSL_F_DTLS1_READ_FAILED), "DTLS1_READ_FAILED"}, | ||
| 95 | {ERR_FUNC(SSL_F_DTLS1_SEND_CERTIFICATE_REQUEST), "DTLS1_SEND_CERTIFICATE_REQUEST"}, | ||
| 96 | {ERR_FUNC(SSL_F_DTLS1_SEND_CLIENT_CERTIFICATE), "DTLS1_SEND_CLIENT_CERTIFICATE"}, | ||
| 97 | {ERR_FUNC(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE), "DTLS1_SEND_CLIENT_KEY_EXCHANGE"}, | ||
| 98 | {ERR_FUNC(SSL_F_DTLS1_SEND_CLIENT_VERIFY), "DTLS1_SEND_CLIENT_VERIFY"}, | ||
| 99 | {ERR_FUNC(SSL_F_DTLS1_SEND_HELLO_VERIFY_REQUEST), "DTLS1_SEND_HELLO_VERIFY_REQUEST"}, | ||
| 100 | {ERR_FUNC(SSL_F_DTLS1_SEND_SERVER_CERTIFICATE), "DTLS1_SEND_SERVER_CERTIFICATE"}, | ||
| 101 | {ERR_FUNC(SSL_F_DTLS1_SEND_SERVER_HELLO), "DTLS1_SEND_SERVER_HELLO"}, | ||
| 102 | {ERR_FUNC(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE), "DTLS1_SEND_SERVER_KEY_EXCHANGE"}, | ||
| 103 | {ERR_FUNC(SSL_F_DTLS1_WRITE_APP_DATA_BYTES), "DTLS1_WRITE_APP_DATA_BYTES"}, | ||
| 79 | {ERR_FUNC(SSL_F_GET_CLIENT_FINISHED), "GET_CLIENT_FINISHED"}, | 104 | {ERR_FUNC(SSL_F_GET_CLIENT_FINISHED), "GET_CLIENT_FINISHED"}, |
| 80 | {ERR_FUNC(SSL_F_GET_CLIENT_HELLO), "GET_CLIENT_HELLO"}, | 105 | {ERR_FUNC(SSL_F_GET_CLIENT_HELLO), "GET_CLIENT_HELLO"}, |
| 81 | {ERR_FUNC(SSL_F_GET_CLIENT_MASTER_KEY), "GET_CLIENT_MASTER_KEY"}, | 106 | {ERR_FUNC(SSL_F_GET_CLIENT_MASTER_KEY), "GET_CLIENT_MASTER_KEY"}, |
| @@ -116,6 +141,7 @@ static ERR_STRING_DATA SSL_str_functs[]= | |||
| 116 | {ERR_FUNC(SSL_F_SSL3_ENC), "SSL3_ENC"}, | 141 | {ERR_FUNC(SSL_F_SSL3_ENC), "SSL3_ENC"}, |
| 117 | {ERR_FUNC(SSL_F_SSL3_GENERATE_KEY_BLOCK), "SSL3_GENERATE_KEY_BLOCK"}, | 142 | {ERR_FUNC(SSL_F_SSL3_GENERATE_KEY_BLOCK), "SSL3_GENERATE_KEY_BLOCK"}, |
| 118 | {ERR_FUNC(SSL_F_SSL3_GET_CERTIFICATE_REQUEST), "SSL3_GET_CERTIFICATE_REQUEST"}, | 143 | {ERR_FUNC(SSL_F_SSL3_GET_CERTIFICATE_REQUEST), "SSL3_GET_CERTIFICATE_REQUEST"}, |
| 144 | {ERR_FUNC(SSL_F_SSL3_GET_CERT_STATUS), "SSL3_GET_CERT_STATUS"}, | ||
| 119 | {ERR_FUNC(SSL_F_SSL3_GET_CERT_VERIFY), "SSL3_GET_CERT_VERIFY"}, | 145 | {ERR_FUNC(SSL_F_SSL3_GET_CERT_VERIFY), "SSL3_GET_CERT_VERIFY"}, |
| 120 | {ERR_FUNC(SSL_F_SSL3_GET_CLIENT_CERTIFICATE), "SSL3_GET_CLIENT_CERTIFICATE"}, | 146 | {ERR_FUNC(SSL_F_SSL3_GET_CLIENT_CERTIFICATE), "SSL3_GET_CLIENT_CERTIFICATE"}, |
| 121 | {ERR_FUNC(SSL_F_SSL3_GET_CLIENT_HELLO), "SSL3_GET_CLIENT_HELLO"}, | 147 | {ERR_FUNC(SSL_F_SSL3_GET_CLIENT_HELLO), "SSL3_GET_CLIENT_HELLO"}, |
| @@ -123,10 +149,12 @@ static ERR_STRING_DATA SSL_str_functs[]= | |||
| 123 | {ERR_FUNC(SSL_F_SSL3_GET_FINISHED), "SSL3_GET_FINISHED"}, | 149 | {ERR_FUNC(SSL_F_SSL3_GET_FINISHED), "SSL3_GET_FINISHED"}, |
| 124 | {ERR_FUNC(SSL_F_SSL3_GET_KEY_EXCHANGE), "SSL3_GET_KEY_EXCHANGE"}, | 150 | {ERR_FUNC(SSL_F_SSL3_GET_KEY_EXCHANGE), "SSL3_GET_KEY_EXCHANGE"}, |
| 125 | {ERR_FUNC(SSL_F_SSL3_GET_MESSAGE), "SSL3_GET_MESSAGE"}, | 151 | {ERR_FUNC(SSL_F_SSL3_GET_MESSAGE), "SSL3_GET_MESSAGE"}, |
| 152 | {ERR_FUNC(SSL_F_SSL3_GET_NEW_SESSION_TICKET), "SSL3_GET_NEW_SESSION_TICKET"}, | ||
| 126 | {ERR_FUNC(SSL_F_SSL3_GET_RECORD), "SSL3_GET_RECORD"}, | 153 | {ERR_FUNC(SSL_F_SSL3_GET_RECORD), "SSL3_GET_RECORD"}, |
| 127 | {ERR_FUNC(SSL_F_SSL3_GET_SERVER_CERTIFICATE), "SSL3_GET_SERVER_CERTIFICATE"}, | 154 | {ERR_FUNC(SSL_F_SSL3_GET_SERVER_CERTIFICATE), "SSL3_GET_SERVER_CERTIFICATE"}, |
| 128 | {ERR_FUNC(SSL_F_SSL3_GET_SERVER_DONE), "SSL3_GET_SERVER_DONE"}, | 155 | {ERR_FUNC(SSL_F_SSL3_GET_SERVER_DONE), "SSL3_GET_SERVER_DONE"}, |
| 129 | {ERR_FUNC(SSL_F_SSL3_GET_SERVER_HELLO), "SSL3_GET_SERVER_HELLO"}, | 156 | {ERR_FUNC(SSL_F_SSL3_GET_SERVER_HELLO), "SSL3_GET_SERVER_HELLO"}, |
| 157 | {ERR_FUNC(SSL_F_SSL3_NEW_SESSION_TICKET), "SSL3_NEW_SESSION_TICKET"}, | ||
| 130 | {ERR_FUNC(SSL_F_SSL3_OUTPUT_CERT_CHAIN), "SSL3_OUTPUT_CERT_CHAIN"}, | 158 | {ERR_FUNC(SSL_F_SSL3_OUTPUT_CERT_CHAIN), "SSL3_OUTPUT_CERT_CHAIN"}, |
| 131 | {ERR_FUNC(SSL_F_SSL3_PEEK), "SSL3_PEEK"}, | 159 | {ERR_FUNC(SSL_F_SSL3_PEEK), "SSL3_PEEK"}, |
| 132 | {ERR_FUNC(SSL_F_SSL3_READ_BYTES), "SSL3_READ_BYTES"}, | 160 | {ERR_FUNC(SSL_F_SSL3_READ_BYTES), "SSL3_READ_BYTES"}, |
| @@ -142,8 +170,10 @@ static ERR_STRING_DATA SSL_str_functs[]= | |||
| 142 | {ERR_FUNC(SSL_F_SSL3_SETUP_KEY_BLOCK), "SSL3_SETUP_KEY_BLOCK"}, | 170 | {ERR_FUNC(SSL_F_SSL3_SETUP_KEY_BLOCK), "SSL3_SETUP_KEY_BLOCK"}, |
| 143 | {ERR_FUNC(SSL_F_SSL3_WRITE_BYTES), "SSL3_WRITE_BYTES"}, | 171 | {ERR_FUNC(SSL_F_SSL3_WRITE_BYTES), "SSL3_WRITE_BYTES"}, |
| 144 | {ERR_FUNC(SSL_F_SSL3_WRITE_PENDING), "SSL3_WRITE_PENDING"}, | 172 | {ERR_FUNC(SSL_F_SSL3_WRITE_PENDING), "SSL3_WRITE_PENDING"}, |
| 173 | {ERR_FUNC(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT), "SSL_ADD_CLIENTHELLO_TLSEXT"}, | ||
| 145 | {ERR_FUNC(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK), "SSL_add_dir_cert_subjects_to_stack"}, | 174 | {ERR_FUNC(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK), "SSL_add_dir_cert_subjects_to_stack"}, |
| 146 | {ERR_FUNC(SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK), "SSL_add_file_cert_subjects_to_stack"}, | 175 | {ERR_FUNC(SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK), "SSL_add_file_cert_subjects_to_stack"}, |
| 176 | {ERR_FUNC(SSL_F_SSL_ADD_SERVERHELLO_TLSEXT), "SSL_ADD_SERVERHELLO_TLSEXT"}, | ||
| 147 | {ERR_FUNC(SSL_F_SSL_BAD_METHOD), "SSL_BAD_METHOD"}, | 177 | {ERR_FUNC(SSL_F_SSL_BAD_METHOD), "SSL_BAD_METHOD"}, |
| 148 | {ERR_FUNC(SSL_F_SSL_BYTES_TO_CIPHER_LIST), "SSL_BYTES_TO_CIPHER_LIST"}, | 178 | {ERR_FUNC(SSL_F_SSL_BYTES_TO_CIPHER_LIST), "SSL_BYTES_TO_CIPHER_LIST"}, |
| 149 | {ERR_FUNC(SSL_F_SSL_CERT_DUP), "SSL_CERT_DUP"}, | 179 | {ERR_FUNC(SSL_F_SSL_CERT_DUP), "SSL_CERT_DUP"}, |
| @@ -151,6 +181,7 @@ static ERR_STRING_DATA SSL_str_functs[]= | |||
| 151 | {ERR_FUNC(SSL_F_SSL_CERT_INSTANTIATE), "SSL_CERT_INSTANTIATE"}, | 181 | {ERR_FUNC(SSL_F_SSL_CERT_INSTANTIATE), "SSL_CERT_INSTANTIATE"}, |
| 152 | {ERR_FUNC(SSL_F_SSL_CERT_NEW), "SSL_CERT_NEW"}, | 182 | {ERR_FUNC(SSL_F_SSL_CERT_NEW), "SSL_CERT_NEW"}, |
| 153 | {ERR_FUNC(SSL_F_SSL_CHECK_PRIVATE_KEY), "SSL_check_private_key"}, | 183 | {ERR_FUNC(SSL_F_SSL_CHECK_PRIVATE_KEY), "SSL_check_private_key"}, |
| 184 | {ERR_FUNC(SSL_F_SSL_CHECK_SERVERHELLO_TLSEXT), "SSL_CHECK_SERVERHELLO_TLSEXT"}, | ||
| 154 | {ERR_FUNC(SSL_F_SSL_CIPHER_PROCESS_RULESTR), "SSL_CIPHER_PROCESS_RULESTR"}, | 185 | {ERR_FUNC(SSL_F_SSL_CIPHER_PROCESS_RULESTR), "SSL_CIPHER_PROCESS_RULESTR"}, |
| 155 | {ERR_FUNC(SSL_F_SSL_CIPHER_STRENGTH_SORT), "SSL_CIPHER_STRENGTH_SORT"}, | 186 | {ERR_FUNC(SSL_F_SSL_CIPHER_STRENGTH_SORT), "SSL_CIPHER_STRENGTH_SORT"}, |
| 156 | {ERR_FUNC(SSL_F_SSL_CLEAR), "SSL_clear"}, | 187 | {ERR_FUNC(SSL_F_SSL_CLEAR), "SSL_clear"}, |
| @@ -182,6 +213,9 @@ static ERR_STRING_DATA SSL_str_functs[]= | |||
| 182 | {ERR_FUNC(SSL_F_SSL_INIT_WBIO_BUFFER), "SSL_INIT_WBIO_BUFFER"}, | 213 | {ERR_FUNC(SSL_F_SSL_INIT_WBIO_BUFFER), "SSL_INIT_WBIO_BUFFER"}, |
| 183 | {ERR_FUNC(SSL_F_SSL_LOAD_CLIENT_CA_FILE), "SSL_load_client_CA_file"}, | 214 | {ERR_FUNC(SSL_F_SSL_LOAD_CLIENT_CA_FILE), "SSL_load_client_CA_file"}, |
| 184 | {ERR_FUNC(SSL_F_SSL_NEW), "SSL_new"}, | 215 | {ERR_FUNC(SSL_F_SSL_NEW), "SSL_new"}, |
| 216 | {ERR_FUNC(SSL_F_SSL_PEEK), "SSL_peek"}, | ||
| 217 | {ERR_FUNC(SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT), "SSL_PREPARE_CLIENTHELLO_TLSEXT"}, | ||
| 218 | {ERR_FUNC(SSL_F_SSL_PREPARE_SERVERHELLO_TLSEXT), "SSL_PREPARE_SERVERHELLO_TLSEXT"}, | ||
| 185 | {ERR_FUNC(SSL_F_SSL_READ), "SSL_read"}, | 219 | {ERR_FUNC(SSL_F_SSL_READ), "SSL_read"}, |
| 186 | {ERR_FUNC(SSL_F_SSL_RSA_PRIVATE_DECRYPT), "SSL_RSA_PRIVATE_DECRYPT"}, | 220 | {ERR_FUNC(SSL_F_SSL_RSA_PRIVATE_DECRYPT), "SSL_RSA_PRIVATE_DECRYPT"}, |
| 187 | {ERR_FUNC(SSL_F_SSL_RSA_PUBLIC_ENCRYPT), "SSL_RSA_PUBLIC_ENCRYPT"}, | 221 | {ERR_FUNC(SSL_F_SSL_RSA_PUBLIC_ENCRYPT), "SSL_RSA_PUBLIC_ENCRYPT"}, |
| @@ -201,6 +235,7 @@ static ERR_STRING_DATA SSL_str_functs[]= | |||
| 201 | {ERR_FUNC(SSL_F_SSL_SHUTDOWN), "SSL_shutdown"}, | 235 | {ERR_FUNC(SSL_F_SSL_SHUTDOWN), "SSL_shutdown"}, |
| 202 | {ERR_FUNC(SSL_F_SSL_UNDEFINED_CONST_FUNCTION), "SSL_UNDEFINED_CONST_FUNCTION"}, | 236 | {ERR_FUNC(SSL_F_SSL_UNDEFINED_CONST_FUNCTION), "SSL_UNDEFINED_CONST_FUNCTION"}, |
| 203 | {ERR_FUNC(SSL_F_SSL_UNDEFINED_FUNCTION), "SSL_UNDEFINED_FUNCTION"}, | 237 | {ERR_FUNC(SSL_F_SSL_UNDEFINED_FUNCTION), "SSL_UNDEFINED_FUNCTION"}, |
| 238 | {ERR_FUNC(SSL_F_SSL_UNDEFINED_VOID_FUNCTION), "SSL_UNDEFINED_VOID_FUNCTION"}, | ||
| 204 | {ERR_FUNC(SSL_F_SSL_USE_CERTIFICATE), "SSL_use_certificate"}, | 239 | {ERR_FUNC(SSL_F_SSL_USE_CERTIFICATE), "SSL_use_certificate"}, |
| 205 | {ERR_FUNC(SSL_F_SSL_USE_CERTIFICATE_ASN1), "SSL_use_certificate_ASN1"}, | 240 | {ERR_FUNC(SSL_F_SSL_USE_CERTIFICATE_ASN1), "SSL_use_certificate_ASN1"}, |
| 206 | {ERR_FUNC(SSL_F_SSL_USE_CERTIFICATE_FILE), "SSL_use_certificate_file"}, | 241 | {ERR_FUNC(SSL_F_SSL_USE_CERTIFICATE_FILE), "SSL_use_certificate_file"}, |
| @@ -234,6 +269,9 @@ static ERR_STRING_DATA SSL_str_reasons[]= | |||
| 234 | {ERR_REASON(SSL_R_BAD_DH_P_LENGTH) ,"bad dh p length"}, | 269 | {ERR_REASON(SSL_R_BAD_DH_P_LENGTH) ,"bad dh p length"}, |
| 235 | {ERR_REASON(SSL_R_BAD_DIGEST_LENGTH) ,"bad digest length"}, | 270 | {ERR_REASON(SSL_R_BAD_DIGEST_LENGTH) ,"bad digest length"}, |
| 236 | {ERR_REASON(SSL_R_BAD_DSA_SIGNATURE) ,"bad dsa signature"}, | 271 | {ERR_REASON(SSL_R_BAD_DSA_SIGNATURE) ,"bad dsa signature"}, |
| 272 | {ERR_REASON(SSL_R_BAD_ECC_CERT) ,"bad ecc cert"}, | ||
| 273 | {ERR_REASON(SSL_R_BAD_ECDSA_SIGNATURE) ,"bad ecdsa signature"}, | ||
| 274 | {ERR_REASON(SSL_R_BAD_ECPOINT) ,"bad ecpoint"}, | ||
| 237 | {ERR_REASON(SSL_R_BAD_HELLO_REQUEST) ,"bad hello request"}, | 275 | {ERR_REASON(SSL_R_BAD_HELLO_REQUEST) ,"bad hello request"}, |
| 238 | {ERR_REASON(SSL_R_BAD_LENGTH) ,"bad length"}, | 276 | {ERR_REASON(SSL_R_BAD_LENGTH) ,"bad length"}, |
| 239 | {ERR_REASON(SSL_R_BAD_MAC_DECODE) ,"bad mac decode"}, | 277 | {ERR_REASON(SSL_R_BAD_MAC_DECODE) ,"bad mac decode"}, |
| @@ -263,17 +301,22 @@ static ERR_STRING_DATA SSL_str_reasons[]= | |||
| 263 | {ERR_REASON(SSL_R_CIPHER_CODE_WRONG_LENGTH),"cipher code wrong length"}, | 301 | {ERR_REASON(SSL_R_CIPHER_CODE_WRONG_LENGTH),"cipher code wrong length"}, |
| 264 | {ERR_REASON(SSL_R_CIPHER_OR_HASH_UNAVAILABLE),"cipher or hash unavailable"}, | 302 | {ERR_REASON(SSL_R_CIPHER_OR_HASH_UNAVAILABLE),"cipher or hash unavailable"}, |
| 265 | {ERR_REASON(SSL_R_CIPHER_TABLE_SRC_ERROR),"cipher table src error"}, | 303 | {ERR_REASON(SSL_R_CIPHER_TABLE_SRC_ERROR),"cipher table src error"}, |
| 304 | {ERR_REASON(SSL_R_CLIENTHELLO_TLSEXT) ,"clienthello tlsext"}, | ||
| 266 | {ERR_REASON(SSL_R_COMPRESSED_LENGTH_TOO_LONG),"compressed length too long"}, | 305 | {ERR_REASON(SSL_R_COMPRESSED_LENGTH_TOO_LONG),"compressed length too long"}, |
| 267 | {ERR_REASON(SSL_R_COMPRESSION_FAILURE) ,"compression failure"}, | 306 | {ERR_REASON(SSL_R_COMPRESSION_FAILURE) ,"compression failure"}, |
| 307 | {ERR_REASON(SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE),"compression id not within private range"}, | ||
| 268 | {ERR_REASON(SSL_R_COMPRESSION_LIBRARY_ERROR),"compression library error"}, | 308 | {ERR_REASON(SSL_R_COMPRESSION_LIBRARY_ERROR),"compression library error"}, |
| 269 | {ERR_REASON(SSL_R_CONNECTION_ID_IS_DIFFERENT),"connection id is different"}, | 309 | {ERR_REASON(SSL_R_CONNECTION_ID_IS_DIFFERENT),"connection id is different"}, |
| 270 | {ERR_REASON(SSL_R_CONNECTION_TYPE_NOT_SET),"connection type not set"}, | 310 | {ERR_REASON(SSL_R_CONNECTION_TYPE_NOT_SET),"connection type not set"}, |
| 311 | {ERR_REASON(SSL_R_COOKIE_MISMATCH) ,"cookie mismatch"}, | ||
| 271 | {ERR_REASON(SSL_R_DATA_BETWEEN_CCS_AND_FINISHED),"data between ccs and finished"}, | 312 | {ERR_REASON(SSL_R_DATA_BETWEEN_CCS_AND_FINISHED),"data between ccs and finished"}, |
| 272 | {ERR_REASON(SSL_R_DATA_LENGTH_TOO_LONG) ,"data length too long"}, | 313 | {ERR_REASON(SSL_R_DATA_LENGTH_TOO_LONG) ,"data length too long"}, |
| 273 | {ERR_REASON(SSL_R_DECRYPTION_FAILED) ,"decryption failed"}, | 314 | {ERR_REASON(SSL_R_DECRYPTION_FAILED) ,"decryption failed"}, |
| 274 | {ERR_REASON(SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC),"decryption failed or bad record mac"}, | 315 | {ERR_REASON(SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC),"decryption failed or bad record mac"}, |
| 275 | {ERR_REASON(SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG),"dh public value length is wrong"}, | 316 | {ERR_REASON(SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG),"dh public value length is wrong"}, |
| 276 | {ERR_REASON(SSL_R_DIGEST_CHECK_FAILED) ,"digest check failed"}, | 317 | {ERR_REASON(SSL_R_DIGEST_CHECK_FAILED) ,"digest check failed"}, |
| 318 | {ERR_REASON(SSL_R_DUPLICATE_COMPRESSION_ID),"duplicate compression id"}, | ||
| 319 | {ERR_REASON(SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER),"ecgroup too large for cipher"}, | ||
| 277 | {ERR_REASON(SSL_R_ENCRYPTED_LENGTH_TOO_LONG),"encrypted length too long"}, | 320 | {ERR_REASON(SSL_R_ENCRYPTED_LENGTH_TOO_LONG),"encrypted length too long"}, |
| 278 | {ERR_REASON(SSL_R_ERROR_GENERATING_TMP_RSA_KEY),"error generating tmp rsa key"}, | 321 | {ERR_REASON(SSL_R_ERROR_GENERATING_TMP_RSA_KEY),"error generating tmp rsa key"}, |
| 279 | {ERR_REASON(SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST),"error in received cipher list"}, | 322 | {ERR_REASON(SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST),"error in received cipher list"}, |
| @@ -286,6 +329,8 @@ static ERR_STRING_DATA SSL_str_reasons[]= | |||
| 286 | {ERR_REASON(SSL_R_INVALID_CHALLENGE_LENGTH),"invalid challenge length"}, | 329 | {ERR_REASON(SSL_R_INVALID_CHALLENGE_LENGTH),"invalid challenge length"}, |
| 287 | {ERR_REASON(SSL_R_INVALID_COMMAND) ,"invalid command"}, | 330 | {ERR_REASON(SSL_R_INVALID_COMMAND) ,"invalid command"}, |
| 288 | {ERR_REASON(SSL_R_INVALID_PURPOSE) ,"invalid purpose"}, | 331 | {ERR_REASON(SSL_R_INVALID_PURPOSE) ,"invalid purpose"}, |
| 332 | {ERR_REASON(SSL_R_INVALID_STATUS_RESPONSE),"invalid status response"}, | ||
| 333 | {ERR_REASON(SSL_R_INVALID_TICKET_KEYS_LENGTH),"invalid ticket keys length"}, | ||
| 289 | {ERR_REASON(SSL_R_INVALID_TRUST) ,"invalid trust"}, | 334 | {ERR_REASON(SSL_R_INVALID_TRUST) ,"invalid trust"}, |
| 290 | {ERR_REASON(SSL_R_KEY_ARG_TOO_LONG) ,"key arg too long"}, | 335 | {ERR_REASON(SSL_R_KEY_ARG_TOO_LONG) ,"key arg too long"}, |
| 291 | {ERR_REASON(SSL_R_KRB5) ,"krb5"}, | 336 | {ERR_REASON(SSL_R_KRB5) ,"krb5"}, |
| @@ -314,6 +359,7 @@ static ERR_STRING_DATA SSL_str_reasons[]= | |||
| 314 | {ERR_REASON(SSL_R_MISSING_RSA_ENCRYPTING_CERT),"missing rsa encrypting cert"}, | 359 | {ERR_REASON(SSL_R_MISSING_RSA_ENCRYPTING_CERT),"missing rsa encrypting cert"}, |
| 315 | {ERR_REASON(SSL_R_MISSING_RSA_SIGNING_CERT),"missing rsa signing cert"}, | 360 | {ERR_REASON(SSL_R_MISSING_RSA_SIGNING_CERT),"missing rsa signing cert"}, |
| 316 | {ERR_REASON(SSL_R_MISSING_TMP_DH_KEY) ,"missing tmp dh key"}, | 361 | {ERR_REASON(SSL_R_MISSING_TMP_DH_KEY) ,"missing tmp dh key"}, |
| 362 | {ERR_REASON(SSL_R_MISSING_TMP_ECDH_KEY) ,"missing tmp ecdh key"}, | ||
| 317 | {ERR_REASON(SSL_R_MISSING_TMP_RSA_KEY) ,"missing tmp rsa key"}, | 363 | {ERR_REASON(SSL_R_MISSING_TMP_RSA_KEY) ,"missing tmp rsa key"}, |
| 318 | {ERR_REASON(SSL_R_MISSING_TMP_RSA_PKEY) ,"missing tmp rsa pkey"}, | 364 | {ERR_REASON(SSL_R_MISSING_TMP_RSA_PKEY) ,"missing tmp rsa pkey"}, |
| 319 | {ERR_REASON(SSL_R_MISSING_VERIFY_MESSAGE),"missing verify message"}, | 365 | {ERR_REASON(SSL_R_MISSING_VERIFY_MESSAGE),"missing verify message"}, |
| @@ -342,6 +388,7 @@ static ERR_STRING_DATA SSL_str_reasons[]= | |||
| 342 | {ERR_REASON(SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED),"old session cipher not returned"}, | 388 | {ERR_REASON(SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED),"old session cipher not returned"}, |
| 343 | {ERR_REASON(SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE),"only tls allowed in fips mode"}, | 389 | {ERR_REASON(SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE),"only tls allowed in fips mode"}, |
| 344 | {ERR_REASON(SSL_R_PACKET_LENGTH_TOO_LONG),"packet length too long"}, | 390 | {ERR_REASON(SSL_R_PACKET_LENGTH_TOO_LONG),"packet length too long"}, |
| 391 | {ERR_REASON(SSL_R_PARSE_TLSEXT) ,"parse tlsext"}, | ||
| 345 | {ERR_REASON(SSL_R_PATH_TOO_LONG) ,"path too long"}, | 392 | {ERR_REASON(SSL_R_PATH_TOO_LONG) ,"path too long"}, |
| 346 | {ERR_REASON(SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE),"peer did not return a certificate"}, | 393 | {ERR_REASON(SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE),"peer did not return a certificate"}, |
| 347 | {ERR_REASON(SSL_R_PEER_ERROR) ,"peer error"}, | 394 | {ERR_REASON(SSL_R_PEER_ERROR) ,"peer error"}, |
| @@ -356,6 +403,7 @@ static ERR_STRING_DATA SSL_str_reasons[]= | |||
| 356 | {ERR_REASON(SSL_R_PUBLIC_KEY_IS_NOT_RSA) ,"public key is not rsa"}, | 403 | {ERR_REASON(SSL_R_PUBLIC_KEY_IS_NOT_RSA) ,"public key is not rsa"}, |
| 357 | {ERR_REASON(SSL_R_PUBLIC_KEY_NOT_RSA) ,"public key not rsa"}, | 404 | {ERR_REASON(SSL_R_PUBLIC_KEY_NOT_RSA) ,"public key not rsa"}, |
| 358 | {ERR_REASON(SSL_R_READ_BIO_NOT_SET) ,"read bio not set"}, | 405 | {ERR_REASON(SSL_R_READ_BIO_NOT_SET) ,"read bio not set"}, |
| 406 | {ERR_REASON(SSL_R_READ_TIMEOUT_EXPIRED) ,"read timeout expired"}, | ||
| 359 | {ERR_REASON(SSL_R_READ_WRONG_PACKET_TYPE),"read wrong packet type"}, | 407 | {ERR_REASON(SSL_R_READ_WRONG_PACKET_TYPE),"read wrong packet type"}, |
| 360 | {ERR_REASON(SSL_R_RECORD_LENGTH_MISMATCH),"record length mismatch"}, | 408 | {ERR_REASON(SSL_R_RECORD_LENGTH_MISMATCH),"record length mismatch"}, |
| 361 | {ERR_REASON(SSL_R_RECORD_TOO_LARGE) ,"record too large"}, | 409 | {ERR_REASON(SSL_R_RECORD_TOO_LARGE) ,"record too large"}, |
| @@ -364,11 +412,14 @@ static ERR_STRING_DATA SSL_str_reasons[]= | |||
| 364 | {ERR_REASON(SSL_R_REUSE_CERT_LENGTH_NOT_ZERO),"reuse cert length not zero"}, | 412 | {ERR_REASON(SSL_R_REUSE_CERT_LENGTH_NOT_ZERO),"reuse cert length not zero"}, |
| 365 | {ERR_REASON(SSL_R_REUSE_CERT_TYPE_NOT_ZERO),"reuse cert type not zero"}, | 413 | {ERR_REASON(SSL_R_REUSE_CERT_TYPE_NOT_ZERO),"reuse cert type not zero"}, |
| 366 | {ERR_REASON(SSL_R_REUSE_CIPHER_LIST_NOT_ZERO),"reuse cipher list not zero"}, | 414 | {ERR_REASON(SSL_R_REUSE_CIPHER_LIST_NOT_ZERO),"reuse cipher list not zero"}, |
| 415 | {ERR_REASON(SSL_R_SERVERHELLO_TLSEXT) ,"serverhello tlsext"}, | ||
| 367 | {ERR_REASON(SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED),"session id context uninitialized"}, | 416 | {ERR_REASON(SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED),"session id context uninitialized"}, |
| 368 | {ERR_REASON(SSL_R_SHORT_READ) ,"short read"}, | 417 | {ERR_REASON(SSL_R_SHORT_READ) ,"short read"}, |
| 369 | {ERR_REASON(SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE),"signature for non signing certificate"}, | 418 | {ERR_REASON(SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE),"signature for non signing certificate"}, |
| 370 | {ERR_REASON(SSL_R_SSL23_DOING_SESSION_ID_REUSE),"ssl23 doing session id reuse"}, | 419 | {ERR_REASON(SSL_R_SSL23_DOING_SESSION_ID_REUSE),"ssl23 doing session id reuse"}, |
| 371 | {ERR_REASON(SSL_R_SSL2_CONNECTION_ID_TOO_LONG),"ssl2 connection id too long"}, | 420 | {ERR_REASON(SSL_R_SSL2_CONNECTION_ID_TOO_LONG),"ssl2 connection id too long"}, |
| 421 | {ERR_REASON(SSL_R_SSL3_EXT_INVALID_SERVERNAME),"ssl3 ext invalid servername"}, | ||
| 422 | {ERR_REASON(SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE),"ssl3 ext invalid servername type"}, | ||
| 372 | {ERR_REASON(SSL_R_SSL3_SESSION_ID_TOO_LONG),"ssl3 session id too long"}, | 423 | {ERR_REASON(SSL_R_SSL3_SESSION_ID_TOO_LONG),"ssl3 session id too long"}, |
| 373 | {ERR_REASON(SSL_R_SSL3_SESSION_ID_TOO_SHORT),"ssl3 session id too short"}, | 424 | {ERR_REASON(SSL_R_SSL3_SESSION_ID_TOO_SHORT),"ssl3 session id too short"}, |
| 374 | {ERR_REASON(SSL_R_SSLV3_ALERT_BAD_CERTIFICATE),"sslv3 alert bad certificate"}, | 425 | {ERR_REASON(SSL_R_SSLV3_ALERT_BAD_CERTIFICATE),"sslv3 alert bad certificate"}, |
| @@ -403,12 +454,15 @@ static ERR_STRING_DATA SSL_str_reasons[]= | |||
| 403 | {ERR_REASON(SSL_R_TLSV1_ALERT_UNKNOWN_CA),"tlsv1 alert unknown ca"}, | 454 | {ERR_REASON(SSL_R_TLSV1_ALERT_UNKNOWN_CA),"tlsv1 alert unknown ca"}, |
| 404 | {ERR_REASON(SSL_R_TLSV1_ALERT_USER_CANCELLED),"tlsv1 alert user cancelled"}, | 455 | {ERR_REASON(SSL_R_TLSV1_ALERT_USER_CANCELLED),"tlsv1 alert user cancelled"}, |
| 405 | {ERR_REASON(SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER),"tls client cert req with anon cipher"}, | 456 | {ERR_REASON(SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER),"tls client cert req with anon cipher"}, |
| 457 | {ERR_REASON(SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST),"tls invalid ecpointformat list"}, | ||
| 406 | {ERR_REASON(SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST),"tls peer did not respond with certificate list"}, | 458 | {ERR_REASON(SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST),"tls peer did not respond with certificate list"}, |
| 407 | {ERR_REASON(SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG),"tls rsa encrypted value length is wrong"}, | 459 | {ERR_REASON(SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG),"tls rsa encrypted value length is wrong"}, |
| 408 | {ERR_REASON(SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER),"tried to use unsupported cipher"}, | 460 | {ERR_REASON(SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER),"tried to use unsupported cipher"}, |
| 409 | {ERR_REASON(SSL_R_UNABLE_TO_DECODE_DH_CERTS),"unable to decode dh certs"}, | 461 | {ERR_REASON(SSL_R_UNABLE_TO_DECODE_DH_CERTS),"unable to decode dh certs"}, |
| 462 | {ERR_REASON(SSL_R_UNABLE_TO_DECODE_ECDH_CERTS),"unable to decode ecdh certs"}, | ||
| 410 | {ERR_REASON(SSL_R_UNABLE_TO_EXTRACT_PUBLIC_KEY),"unable to extract public key"}, | 463 | {ERR_REASON(SSL_R_UNABLE_TO_EXTRACT_PUBLIC_KEY),"unable to extract public key"}, |
| 411 | {ERR_REASON(SSL_R_UNABLE_TO_FIND_DH_PARAMETERS),"unable to find dh parameters"}, | 464 | {ERR_REASON(SSL_R_UNABLE_TO_FIND_DH_PARAMETERS),"unable to find dh parameters"}, |
| 465 | {ERR_REASON(SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS),"unable to find ecdh parameters"}, | ||
| 412 | {ERR_REASON(SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS),"unable to find public key parameters"}, | 466 | {ERR_REASON(SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS),"unable to find public key parameters"}, |
| 413 | {ERR_REASON(SSL_R_UNABLE_TO_FIND_SSL_METHOD),"unable to find ssl method"}, | 467 | {ERR_REASON(SSL_R_UNABLE_TO_FIND_SSL_METHOD),"unable to find ssl method"}, |
| 414 | {ERR_REASON(SSL_R_UNABLE_TO_LOAD_SSL2_MD5_ROUTINES),"unable to load ssl2 md5 routines"}, | 468 | {ERR_REASON(SSL_R_UNABLE_TO_LOAD_SSL2_MD5_ROUTINES),"unable to load ssl2 md5 routines"}, |
| @@ -429,8 +483,10 @@ static ERR_STRING_DATA SSL_str_reasons[]= | |||
| 429 | {ERR_REASON(SSL_R_UNKNOWN_STATE) ,"unknown state"}, | 483 | {ERR_REASON(SSL_R_UNKNOWN_STATE) ,"unknown state"}, |
| 430 | {ERR_REASON(SSL_R_UNSUPPORTED_CIPHER) ,"unsupported cipher"}, | 484 | {ERR_REASON(SSL_R_UNSUPPORTED_CIPHER) ,"unsupported cipher"}, |
| 431 | {ERR_REASON(SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM),"unsupported compression algorithm"}, | 485 | {ERR_REASON(SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM),"unsupported compression algorithm"}, |
| 486 | {ERR_REASON(SSL_R_UNSUPPORTED_ELLIPTIC_CURVE),"unsupported elliptic curve"}, | ||
| 432 | {ERR_REASON(SSL_R_UNSUPPORTED_PROTOCOL) ,"unsupported protocol"}, | 487 | {ERR_REASON(SSL_R_UNSUPPORTED_PROTOCOL) ,"unsupported protocol"}, |
| 433 | {ERR_REASON(SSL_R_UNSUPPORTED_SSL_VERSION),"unsupported ssl version"}, | 488 | {ERR_REASON(SSL_R_UNSUPPORTED_SSL_VERSION),"unsupported ssl version"}, |
| 489 | {ERR_REASON(SSL_R_UNSUPPORTED_STATUS_TYPE),"unsupported status type"}, | ||
| 434 | {ERR_REASON(SSL_R_WRITE_BIO_NOT_SET) ,"write bio not set"}, | 490 | {ERR_REASON(SSL_R_WRITE_BIO_NOT_SET) ,"write bio not set"}, |
| 435 | {ERR_REASON(SSL_R_WRONG_CIPHER_RETURNED) ,"wrong cipher returned"}, | 491 | {ERR_REASON(SSL_R_WRONG_CIPHER_RETURNED) ,"wrong cipher returned"}, |
| 436 | {ERR_REASON(SSL_R_WRONG_MESSAGE_TYPE) ,"wrong message type"}, | 492 | {ERR_REASON(SSL_R_WRONG_MESSAGE_TYPE) ,"wrong message type"}, |
| @@ -448,15 +504,12 @@ static ERR_STRING_DATA SSL_str_reasons[]= | |||
| 448 | 504 | ||
| 449 | void ERR_load_SSL_strings(void) | 505 | void ERR_load_SSL_strings(void) |
| 450 | { | 506 | { |
| 451 | static int init=1; | 507 | #ifndef OPENSSL_NO_ERR |
| 452 | 508 | ||
| 453 | if (init) | 509 | if (ERR_func_error_string(SSL_str_functs[0].error) == NULL) |
| 454 | { | 510 | { |
| 455 | init=0; | ||
| 456 | #ifndef OPENSSL_NO_ERR | ||
| 457 | ERR_load_strings(0,SSL_str_functs); | 511 | ERR_load_strings(0,SSL_str_functs); |
| 458 | ERR_load_strings(0,SSL_str_reasons); | 512 | ERR_load_strings(0,SSL_str_reasons); |
| 459 | #endif | ||
| 460 | |||
| 461 | } | 513 | } |
| 514 | #endif | ||
| 462 | } | 515 | } |
diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c index 0f4b7a475b..31f6318357 100644 --- a/src/lib/libssl/ssl_lib.c +++ b/src/lib/libssl/ssl_lib.c | |||
| @@ -110,7 +110,11 @@ | |||
| 110 | * Hudson (tjh@cryptsoft.com). | 110 | * Hudson (tjh@cryptsoft.com). |
| 111 | * | 111 | * |
| 112 | */ | 112 | */ |
| 113 | 113 | /* ==================================================================== | |
| 114 | * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. | ||
| 115 | * ECC cipher suite support in OpenSSL originally developed by | ||
| 116 | * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. | ||
| 117 | */ | ||
| 114 | 118 | ||
| 115 | #ifdef REF_CHECK | 119 | #ifdef REF_CHECK |
| 116 | # include <assert.h> | 120 | # include <assert.h> |
| @@ -121,7 +125,11 @@ | |||
| 121 | #include <openssl/objects.h> | 125 | #include <openssl/objects.h> |
| 122 | #include <openssl/lhash.h> | 126 | #include <openssl/lhash.h> |
| 123 | #include <openssl/x509v3.h> | 127 | #include <openssl/x509v3.h> |
| 124 | #include <openssl/fips.h> | 128 | #include <openssl/rand.h> |
| 129 | #include <openssl/ocsp.h> | ||
| 130 | #ifndef OPENSSL_NO_DH | ||
| 131 | #include <openssl/dh.h> | ||
| 132 | #endif | ||
| 125 | 133 | ||
| 126 | const char *SSL_version_str=OPENSSL_VERSION_TEXT; | 134 | const char *SSL_version_str=OPENSSL_VERSION_TEXT; |
| 127 | 135 | ||
| @@ -132,7 +140,14 @@ SSL3_ENC_METHOD ssl3_undef_enc_method={ | |||
| 132 | ssl_undefined_function, | 140 | ssl_undefined_function, |
| 133 | (int (*)(SSL *, unsigned char *, unsigned char *, int))ssl_undefined_function, | 141 | (int (*)(SSL *, unsigned char *, unsigned char *, int))ssl_undefined_function, |
| 134 | (int (*)(SSL*, int))ssl_undefined_function, | 142 | (int (*)(SSL*, int))ssl_undefined_function, |
| 135 | (int (*)(SSL *, EVP_MD_CTX *, EVP_MD_CTX *, const char*, int, unsigned char *))ssl_undefined_function | 143 | (int (*)(SSL *, EVP_MD_CTX *, EVP_MD_CTX *, const char*, int, unsigned char *))ssl_undefined_function, |
| 144 | 0, /* finish_mac_length */ | ||
| 145 | (int (*)(SSL *, EVP_MD_CTX *, unsigned char *))ssl_undefined_function, | ||
| 146 | NULL, /* client_finished_label */ | ||
| 147 | 0, /* client_finished_label_len */ | ||
| 148 | NULL, /* server_finished_label */ | ||
| 149 | 0, /* server_finished_label_len */ | ||
| 150 | (int (*)(int))ssl_undefined_function | ||
| 136 | }; | 151 | }; |
| 137 | 152 | ||
| 138 | int SSL_clear(SSL *s) | 153 | int SSL_clear(SSL *s) |
| @@ -272,19 +287,40 @@ SSL *SSL_new(SSL_CTX *ctx) | |||
| 272 | s->msg_callback=ctx->msg_callback; | 287 | s->msg_callback=ctx->msg_callback; |
| 273 | s->msg_callback_arg=ctx->msg_callback_arg; | 288 | s->msg_callback_arg=ctx->msg_callback_arg; |
| 274 | s->verify_mode=ctx->verify_mode; | 289 | s->verify_mode=ctx->verify_mode; |
| 290 | #if 0 | ||
| 275 | s->verify_depth=ctx->verify_depth; | 291 | s->verify_depth=ctx->verify_depth; |
| 292 | #endif | ||
| 276 | s->sid_ctx_length=ctx->sid_ctx_length; | 293 | s->sid_ctx_length=ctx->sid_ctx_length; |
| 277 | OPENSSL_assert(s->sid_ctx_length <= sizeof s->sid_ctx); | 294 | OPENSSL_assert(s->sid_ctx_length <= sizeof s->sid_ctx); |
| 278 | memcpy(&s->sid_ctx,&ctx->sid_ctx,sizeof(s->sid_ctx)); | 295 | memcpy(&s->sid_ctx,&ctx->sid_ctx,sizeof(s->sid_ctx)); |
| 279 | s->verify_callback=ctx->default_verify_callback; | 296 | s->verify_callback=ctx->default_verify_callback; |
| 280 | s->generate_session_id=ctx->generate_session_id; | 297 | s->generate_session_id=ctx->generate_session_id; |
| 298 | |||
| 299 | s->param = X509_VERIFY_PARAM_new(); | ||
| 300 | if (!s->param) | ||
| 301 | goto err; | ||
| 302 | X509_VERIFY_PARAM_inherit(s->param, ctx->param); | ||
| 303 | #if 0 | ||
| 281 | s->purpose = ctx->purpose; | 304 | s->purpose = ctx->purpose; |
| 282 | s->trust = ctx->trust; | 305 | s->trust = ctx->trust; |
| 306 | #endif | ||
| 283 | s->quiet_shutdown=ctx->quiet_shutdown; | 307 | s->quiet_shutdown=ctx->quiet_shutdown; |
| 284 | 308 | ||
| 285 | CRYPTO_add(&ctx->references,1,CRYPTO_LOCK_SSL_CTX); | 309 | CRYPTO_add(&ctx->references,1,CRYPTO_LOCK_SSL_CTX); |
| 286 | s->ctx=ctx; | 310 | s->ctx=ctx; |
| 287 | 311 | #ifndef OPENSSL_NO_TLSEXT | |
| 312 | s->tlsext_debug_cb = 0; | ||
| 313 | s->tlsext_debug_arg = NULL; | ||
| 314 | s->tlsext_ticket_expected = 0; | ||
| 315 | s->tlsext_status_type = -1; | ||
| 316 | s->tlsext_status_expected = 0; | ||
| 317 | s->tlsext_ocsp_ids = NULL; | ||
| 318 | s->tlsext_ocsp_exts = NULL; | ||
| 319 | s->tlsext_ocsp_resp = NULL; | ||
| 320 | s->tlsext_ocsp_resplen = -1; | ||
| 321 | CRYPTO_add(&ctx->references,1,CRYPTO_LOCK_SSL_CTX); | ||
| 322 | s->initial_ctx=ctx; | ||
| 323 | #endif | ||
| 288 | s->verify_result=X509_V_OK; | 324 | s->verify_result=X509_V_OK; |
| 289 | 325 | ||
| 290 | s->method=ctx->method; | 326 | s->method=ctx->method; |
| @@ -393,22 +429,22 @@ int SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id, | |||
| 393 | 429 | ||
| 394 | int SSL_CTX_set_purpose(SSL_CTX *s, int purpose) | 430 | int SSL_CTX_set_purpose(SSL_CTX *s, int purpose) |
| 395 | { | 431 | { |
| 396 | return X509_PURPOSE_set(&s->purpose, purpose); | 432 | return X509_VERIFY_PARAM_set_purpose(s->param, purpose); |
| 397 | } | 433 | } |
| 398 | 434 | ||
| 399 | int SSL_set_purpose(SSL *s, int purpose) | 435 | int SSL_set_purpose(SSL *s, int purpose) |
| 400 | { | 436 | { |
| 401 | return X509_PURPOSE_set(&s->purpose, purpose); | 437 | return X509_VERIFY_PARAM_set_purpose(s->param, purpose); |
| 402 | } | 438 | } |
| 403 | 439 | ||
| 404 | int SSL_CTX_set_trust(SSL_CTX *s, int trust) | 440 | int SSL_CTX_set_trust(SSL_CTX *s, int trust) |
| 405 | { | 441 | { |
| 406 | return X509_TRUST_set(&s->trust, trust); | 442 | return X509_VERIFY_PARAM_set_trust(s->param, trust); |
| 407 | } | 443 | } |
| 408 | 444 | ||
| 409 | int SSL_set_trust(SSL *s, int trust) | 445 | int SSL_set_trust(SSL *s, int trust) |
| 410 | { | 446 | { |
| 411 | return X509_TRUST_set(&s->trust, trust); | 447 | return X509_VERIFY_PARAM_set_trust(s->param, trust); |
| 412 | } | 448 | } |
| 413 | 449 | ||
| 414 | void SSL_free(SSL *s) | 450 | void SSL_free(SSL *s) |
| @@ -431,6 +467,9 @@ void SSL_free(SSL *s) | |||
| 431 | } | 467 | } |
| 432 | #endif | 468 | #endif |
| 433 | 469 | ||
| 470 | if (s->param) | ||
| 471 | X509_VERIFY_PARAM_free(s->param); | ||
| 472 | |||
| 434 | CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->ex_data); | 473 | CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->ex_data); |
| 435 | 474 | ||
| 436 | if (s->bbio != NULL) | 475 | if (s->bbio != NULL) |
| @@ -467,7 +506,16 @@ void SSL_free(SSL *s) | |||
| 467 | /* Free up if allocated */ | 506 | /* Free up if allocated */ |
| 468 | 507 | ||
| 469 | if (s->ctx) SSL_CTX_free(s->ctx); | 508 | if (s->ctx) SSL_CTX_free(s->ctx); |
| 470 | 509 | #ifndef OPENSSL_NO_TLSEXT | |
| 510 | if (s->initial_ctx) SSL_CTX_free(s->initial_ctx); | ||
| 511 | if (s->tlsext_ocsp_exts) | ||
| 512 | sk_X509_EXTENSION_pop_free(s->tlsext_ocsp_exts, | ||
| 513 | X509_EXTENSION_free); | ||
| 514 | if (s->tlsext_ocsp_ids) | ||
| 515 | sk_OCSP_RESPID_pop_free(s->tlsext_ocsp_ids, OCSP_RESPID_free); | ||
| 516 | if (s->tlsext_ocsp_resp) | ||
| 517 | OPENSSL_free(s->tlsext_ocsp_resp); | ||
| 518 | #endif | ||
| 471 | if (s->client_CA != NULL) | 519 | if (s->client_CA != NULL) |
| 472 | sk_X509_NAME_pop_free(s->client_CA,X509_NAME_free); | 520 | sk_X509_NAME_pop_free(s->client_CA,X509_NAME_free); |
| 473 | 521 | ||
| @@ -643,7 +691,7 @@ int SSL_get_verify_mode(const SSL *s) | |||
| 643 | 691 | ||
| 644 | int SSL_get_verify_depth(const SSL *s) | 692 | int SSL_get_verify_depth(const SSL *s) |
| 645 | { | 693 | { |
| 646 | return(s->verify_depth); | 694 | return X509_VERIFY_PARAM_get_depth(s->param); |
| 647 | } | 695 | } |
| 648 | 696 | ||
| 649 | int (*SSL_get_verify_callback(const SSL *s))(int,X509_STORE_CTX *) | 697 | int (*SSL_get_verify_callback(const SSL *s))(int,X509_STORE_CTX *) |
| @@ -658,7 +706,7 @@ int SSL_CTX_get_verify_mode(const SSL_CTX *ctx) | |||
| 658 | 706 | ||
| 659 | int SSL_CTX_get_verify_depth(const SSL_CTX *ctx) | 707 | int SSL_CTX_get_verify_depth(const SSL_CTX *ctx) |
| 660 | { | 708 | { |
| 661 | return(ctx->verify_depth); | 709 | return X509_VERIFY_PARAM_get_depth(ctx->param); |
| 662 | } | 710 | } |
| 663 | 711 | ||
| 664 | int (*SSL_CTX_get_verify_callback(const SSL_CTX *ctx))(int,X509_STORE_CTX *) | 712 | int (*SSL_CTX_get_verify_callback(const SSL_CTX *ctx))(int,X509_STORE_CTX *) |
| @@ -676,7 +724,7 @@ void SSL_set_verify(SSL *s,int mode, | |||
| 676 | 724 | ||
| 677 | void SSL_set_verify_depth(SSL *s,int depth) | 725 | void SSL_set_verify_depth(SSL *s,int depth) |
| 678 | { | 726 | { |
| 679 | s->verify_depth=depth; | 727 | X509_VERIFY_PARAM_set_depth(s->param, depth); |
| 680 | } | 728 | } |
| 681 | 729 | ||
| 682 | void SSL_set_read_ahead(SSL *s,int yes) | 730 | void SSL_set_read_ahead(SSL *s,int yes) |
| @@ -850,7 +898,7 @@ int SSL_peek(SSL *s,void *buf,int num) | |||
| 850 | { | 898 | { |
| 851 | if (s->handshake_func == 0) | 899 | if (s->handshake_func == 0) |
| 852 | { | 900 | { |
| 853 | SSLerr(SSL_F_SSL_READ, SSL_R_UNINITIALIZED); | 901 | SSLerr(SSL_F_SSL_PEEK, SSL_R_UNINITIALIZED); |
| 854 | return -1; | 902 | return -1; |
| 855 | } | 903 | } |
| 856 | 904 | ||
| @@ -941,12 +989,19 @@ long SSL_ctrl(SSL *s,int cmd,long larg,void *parg) | |||
| 941 | l=s->max_cert_list; | 989 | l=s->max_cert_list; |
| 942 | s->max_cert_list=larg; | 990 | s->max_cert_list=larg; |
| 943 | return(l); | 991 | return(l); |
| 992 | case SSL_CTRL_SET_MTU: | ||
| 993 | if (SSL_version(s) == DTLS1_VERSION) | ||
| 994 | { | ||
| 995 | s->d1->mtu = larg; | ||
| 996 | return larg; | ||
| 997 | } | ||
| 998 | return 0; | ||
| 944 | default: | 999 | default: |
| 945 | return(s->method->ssl_ctrl(s,cmd,larg,parg)); | 1000 | return(s->method->ssl_ctrl(s,cmd,larg,parg)); |
| 946 | } | 1001 | } |
| 947 | } | 1002 | } |
| 948 | 1003 | ||
| 949 | long SSL_callback_ctrl(SSL *s, int cmd, void (*fp)()) | 1004 | long SSL_callback_ctrl(SSL *s, int cmd, void (*fp)(void)) |
| 950 | { | 1005 | { |
| 951 | switch(cmd) | 1006 | switch(cmd) |
| 952 | { | 1007 | { |
| @@ -1034,7 +1089,7 @@ long SSL_CTX_ctrl(SSL_CTX *ctx,int cmd,long larg,void *parg) | |||
| 1034 | } | 1089 | } |
| 1035 | } | 1090 | } |
| 1036 | 1091 | ||
| 1037 | long SSL_CTX_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)()) | 1092 | long SSL_CTX_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void)) |
| 1038 | { | 1093 | { |
| 1039 | switch(cmd) | 1094 | switch(cmd) |
| 1040 | { | 1095 | { |
| @@ -1269,6 +1324,29 @@ err: | |||
| 1269 | return(NULL); | 1324 | return(NULL); |
| 1270 | } | 1325 | } |
| 1271 | 1326 | ||
| 1327 | #ifndef OPENSSL_NO_TLSEXT | ||
| 1328 | /** return a servername extension value if provided in Client Hello, or NULL. | ||
| 1329 | * So far, only host_name types are defined (RFC 3546). | ||
| 1330 | */ | ||
| 1331 | |||
| 1332 | const char *SSL_get_servername(const SSL *s, const int type) | ||
| 1333 | { | ||
| 1334 | if (type != TLSEXT_NAMETYPE_host_name) | ||
| 1335 | return NULL; | ||
| 1336 | |||
| 1337 | return s->session && !s->tlsext_hostname ? | ||
| 1338 | s->session->tlsext_hostname : | ||
| 1339 | s->tlsext_hostname; | ||
| 1340 | } | ||
| 1341 | |||
| 1342 | int SSL_get_servername_type(const SSL *s) | ||
| 1343 | { | ||
| 1344 | if (s->session && (!s->tlsext_hostname ? s->session->tlsext_hostname : s->tlsext_hostname)) | ||
| 1345 | return TLSEXT_NAMETYPE_host_name; | ||
| 1346 | return -1; | ||
| 1347 | } | ||
| 1348 | #endif | ||
| 1349 | |||
| 1272 | unsigned long SSL_SESSION_hash(const SSL_SESSION *a) | 1350 | unsigned long SSL_SESSION_hash(const SSL_SESSION *a) |
| 1273 | { | 1351 | { |
| 1274 | unsigned long l; | 1352 | unsigned long l; |
| @@ -1312,14 +1390,6 @@ SSL_CTX *SSL_CTX_new(SSL_METHOD *meth) | |||
| 1312 | return(NULL); | 1390 | return(NULL); |
| 1313 | } | 1391 | } |
| 1314 | 1392 | ||
| 1315 | #ifdef OPENSSL_FIPS | ||
| 1316 | if (FIPS_mode() && (meth->version < TLS1_VERSION)) | ||
| 1317 | { | ||
| 1318 | SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE); | ||
| 1319 | return NULL; | ||
| 1320 | } | ||
| 1321 | #endif | ||
| 1322 | |||
| 1323 | if (SSL_get_ex_data_X509_STORE_CTX_idx() < 0) | 1393 | if (SSL_get_ex_data_X509_STORE_CTX_idx() < 0) |
| 1324 | { | 1394 | { |
| 1325 | SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_X509_VERIFICATION_SETUP_PROBLEMS); | 1395 | SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_X509_VERIFICATION_SETUP_PROBLEMS); |
| @@ -1368,7 +1438,9 @@ SSL_CTX *SSL_CTX_new(SSL_METHOD *meth) | |||
| 1368 | ret->msg_callback=0; | 1438 | ret->msg_callback=0; |
| 1369 | ret->msg_callback_arg=NULL; | 1439 | ret->msg_callback_arg=NULL; |
| 1370 | ret->verify_mode=SSL_VERIFY_NONE; | 1440 | ret->verify_mode=SSL_VERIFY_NONE; |
| 1441 | #if 0 | ||
| 1371 | ret->verify_depth=-1; /* Don't impose a limit (but x509_lu.c does) */ | 1442 | ret->verify_depth=-1; /* Don't impose a limit (but x509_lu.c does) */ |
| 1443 | #endif | ||
| 1372 | ret->sid_ctx_length=0; | 1444 | ret->sid_ctx_length=0; |
| 1373 | ret->default_verify_callback=NULL; | 1445 | ret->default_verify_callback=NULL; |
| 1374 | if ((ret->cert=ssl_cert_new()) == NULL) | 1446 | if ((ret->cert=ssl_cert_new()) == NULL) |
| @@ -1377,6 +1449,8 @@ SSL_CTX *SSL_CTX_new(SSL_METHOD *meth) | |||
| 1377 | ret->default_passwd_callback=0; | 1449 | ret->default_passwd_callback=0; |
| 1378 | ret->default_passwd_callback_userdata=NULL; | 1450 | ret->default_passwd_callback_userdata=NULL; |
| 1379 | ret->client_cert_cb=0; | 1451 | ret->client_cert_cb=0; |
| 1452 | ret->app_gen_cookie_cb=0; | ||
| 1453 | ret->app_verify_cookie_cb=0; | ||
| 1380 | 1454 | ||
| 1381 | ret->sessions=lh_new(LHASH_HASH_FN(SSL_SESSION_hash), | 1455 | ret->sessions=lh_new(LHASH_HASH_FN(SSL_SESSION_hash), |
| 1382 | LHASH_COMP_FN(SSL_SESSION_cmp)); | 1456 | LHASH_COMP_FN(SSL_SESSION_cmp)); |
| @@ -1394,6 +1468,10 @@ SSL_CTX *SSL_CTX_new(SSL_METHOD *meth) | |||
| 1394 | goto err2; | 1468 | goto err2; |
| 1395 | } | 1469 | } |
| 1396 | 1470 | ||
| 1471 | ret->param = X509_VERIFY_PARAM_new(); | ||
| 1472 | if (!ret->param) | ||
| 1473 | goto err; | ||
| 1474 | |||
| 1397 | if ((ret->rsa_md5=EVP_get_digestbyname("ssl2-md5")) == NULL) | 1475 | if ((ret->rsa_md5=EVP_get_digestbyname("ssl2-md5")) == NULL) |
| 1398 | { | 1476 | { |
| 1399 | SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_UNABLE_TO_LOAD_SSL2_MD5_ROUTINES); | 1477 | SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_UNABLE_TO_LOAD_SSL2_MD5_ROUTINES); |
| @@ -1418,6 +1496,20 @@ SSL_CTX *SSL_CTX_new(SSL_METHOD *meth) | |||
| 1418 | ret->extra_certs=NULL; | 1496 | ret->extra_certs=NULL; |
| 1419 | ret->comp_methods=SSL_COMP_get_compression_methods(); | 1497 | ret->comp_methods=SSL_COMP_get_compression_methods(); |
| 1420 | 1498 | ||
| 1499 | #ifndef OPENSSL_NO_TLSEXT | ||
| 1500 | ret->tlsext_servername_callback = 0; | ||
| 1501 | ret->tlsext_servername_arg = NULL; | ||
| 1502 | /* Setup RFC4507 ticket keys */ | ||
| 1503 | if ((RAND_pseudo_bytes(ret->tlsext_tick_key_name, 16) <= 0) | ||
| 1504 | || (RAND_bytes(ret->tlsext_tick_hmac_key, 16) <= 0) | ||
| 1505 | || (RAND_bytes(ret->tlsext_tick_aes_key, 16) <= 0)) | ||
| 1506 | ret->options |= SSL_OP_NO_TICKET; | ||
| 1507 | |||
| 1508 | ret->tlsext_status_cb = 0; | ||
| 1509 | ret->tlsext_status_arg = NULL; | ||
| 1510 | |||
| 1511 | #endif | ||
| 1512 | |||
| 1421 | return(ret); | 1513 | return(ret); |
| 1422 | err: | 1514 | err: |
| 1423 | SSLerr(SSL_F_SSL_CTX_NEW,ERR_R_MALLOC_FAILURE); | 1515 | SSLerr(SSL_F_SSL_CTX_NEW,ERR_R_MALLOC_FAILURE); |
| @@ -1450,6 +1542,9 @@ void SSL_CTX_free(SSL_CTX *a) | |||
| 1450 | } | 1542 | } |
| 1451 | #endif | 1543 | #endif |
| 1452 | 1544 | ||
| 1545 | if (a->param) | ||
| 1546 | X509_VERIFY_PARAM_free(a->param); | ||
| 1547 | |||
| 1453 | /* | 1548 | /* |
| 1454 | * Free internal session cache. However: the remove_cb() may reference | 1549 | * Free internal session cache. However: the remove_cb() may reference |
| 1455 | * the ex_data of SSL_CTX, thus the ex_data store can only be removed | 1550 | * the ex_data of SSL_CTX, thus the ex_data store can only be removed |
| @@ -1512,7 +1607,7 @@ void SSL_CTX_set_verify(SSL_CTX *ctx,int mode,int (*cb)(int, X509_STORE_CTX *)) | |||
| 1512 | 1607 | ||
| 1513 | void SSL_CTX_set_verify_depth(SSL_CTX *ctx,int depth) | 1608 | void SSL_CTX_set_verify_depth(SSL_CTX *ctx,int depth) |
| 1514 | { | 1609 | { |
| 1515 | ctx->verify_depth=depth; | 1610 | X509_VERIFY_PARAM_set_depth(ctx->param, depth); |
| 1516 | } | 1611 | } |
| 1517 | 1612 | ||
| 1518 | void ssl_set_cert_masks(CERT *c, SSL_CIPHER *cipher) | 1613 | void ssl_set_cert_masks(CERT *c, SSL_CIPHER *cipher) |
| @@ -1522,6 +1617,13 @@ void ssl_set_cert_masks(CERT *c, SSL_CIPHER *cipher) | |||
| 1522 | int rsa_enc_export,dh_rsa_export,dh_dsa_export; | 1617 | int rsa_enc_export,dh_rsa_export,dh_dsa_export; |
| 1523 | int rsa_tmp_export,dh_tmp_export,kl; | 1618 | int rsa_tmp_export,dh_tmp_export,kl; |
| 1524 | unsigned long mask,emask; | 1619 | unsigned long mask,emask; |
| 1620 | int have_ecc_cert, ecdh_ok, ecdsa_ok, ecc_pkey_size; | ||
| 1621 | #ifndef OPENSSL_NO_ECDH | ||
| 1622 | int have_ecdh_tmp; | ||
| 1623 | #endif | ||
| 1624 | X509 *x = NULL; | ||
| 1625 | EVP_PKEY *ecc_pkey = NULL; | ||
| 1626 | int signature_nid = 0; | ||
| 1525 | 1627 | ||
| 1526 | if (c == NULL) return; | 1628 | if (c == NULL) return; |
| 1527 | 1629 | ||
| @@ -1542,6 +1644,9 @@ void ssl_set_cert_masks(CERT *c, SSL_CIPHER *cipher) | |||
| 1542 | dh_tmp=dh_tmp_export=0; | 1644 | dh_tmp=dh_tmp_export=0; |
| 1543 | #endif | 1645 | #endif |
| 1544 | 1646 | ||
| 1647 | #ifndef OPENSSL_NO_ECDH | ||
| 1648 | have_ecdh_tmp=(c->ecdh_tmp != NULL || c->ecdh_tmp_cb != NULL); | ||
| 1649 | #endif | ||
| 1545 | cpk= &(c->pkeys[SSL_PKEY_RSA_ENC]); | 1650 | cpk= &(c->pkeys[SSL_PKEY_RSA_ENC]); |
| 1546 | rsa_enc= (cpk->x509 != NULL && cpk->privatekey != NULL); | 1651 | rsa_enc= (cpk->x509 != NULL && cpk->privatekey != NULL); |
| 1547 | rsa_enc_export=(rsa_enc && EVP_PKEY_size(cpk->privatekey)*8 <= kl); | 1652 | rsa_enc_export=(rsa_enc && EVP_PKEY_size(cpk->privatekey)*8 <= kl); |
| @@ -1556,7 +1661,8 @@ void ssl_set_cert_masks(CERT *c, SSL_CIPHER *cipher) | |||
| 1556 | /* FIX THIS EAY EAY EAY */ | 1661 | /* FIX THIS EAY EAY EAY */ |
| 1557 | dh_dsa= (cpk->x509 != NULL && cpk->privatekey != NULL); | 1662 | dh_dsa= (cpk->x509 != NULL && cpk->privatekey != NULL); |
| 1558 | dh_dsa_export=(dh_dsa && EVP_PKEY_size(cpk->privatekey)*8 <= kl); | 1663 | dh_dsa_export=(dh_dsa && EVP_PKEY_size(cpk->privatekey)*8 <= kl); |
| 1559 | 1664 | cpk= &(c->pkeys[SSL_PKEY_ECC]); | |
| 1665 | have_ecc_cert= (cpk->x509 != NULL && cpk->privatekey != NULL); | ||
| 1560 | mask=0; | 1666 | mask=0; |
| 1561 | emask=0; | 1667 | emask=0; |
| 1562 | 1668 | ||
| @@ -1613,11 +1719,127 @@ void ssl_set_cert_masks(CERT *c, SSL_CIPHER *cipher) | |||
| 1613 | emask|=SSL_kKRB5|SSL_aKRB5; | 1719 | emask|=SSL_kKRB5|SSL_aKRB5; |
| 1614 | #endif | 1720 | #endif |
| 1615 | 1721 | ||
| 1722 | /* An ECC certificate may be usable for ECDH and/or | ||
| 1723 | * ECDSA cipher suites depending on the key usage extension. | ||
| 1724 | */ | ||
| 1725 | if (have_ecc_cert) | ||
| 1726 | { | ||
| 1727 | /* This call populates extension flags (ex_flags) */ | ||
| 1728 | x = (c->pkeys[SSL_PKEY_ECC]).x509; | ||
| 1729 | X509_check_purpose(x, -1, 0); | ||
| 1730 | ecdh_ok = (x->ex_flags & EXFLAG_KUSAGE) ? | ||
| 1731 | (x->ex_kusage & X509v3_KU_KEY_AGREEMENT) : 1; | ||
| 1732 | ecdsa_ok = (x->ex_flags & EXFLAG_KUSAGE) ? | ||
| 1733 | (x->ex_kusage & X509v3_KU_DIGITAL_SIGNATURE) : 1; | ||
| 1734 | ecc_pkey = X509_get_pubkey(x); | ||
| 1735 | ecc_pkey_size = (ecc_pkey != NULL) ? | ||
| 1736 | EVP_PKEY_bits(ecc_pkey) : 0; | ||
| 1737 | EVP_PKEY_free(ecc_pkey); | ||
| 1738 | if ((x->sig_alg) && (x->sig_alg->algorithm)) | ||
| 1739 | signature_nid = OBJ_obj2nid(x->sig_alg->algorithm); | ||
| 1740 | #ifndef OPENSSL_NO_ECDH | ||
| 1741 | if (ecdh_ok) | ||
| 1742 | { | ||
| 1743 | if ((signature_nid == NID_md5WithRSAEncryption) || | ||
| 1744 | (signature_nid == NID_md4WithRSAEncryption) || | ||
| 1745 | (signature_nid == NID_md2WithRSAEncryption)) | ||
| 1746 | { | ||
| 1747 | mask|=SSL_kECDH|SSL_aRSA; | ||
| 1748 | if (ecc_pkey_size <= 163) | ||
| 1749 | emask|=SSL_kECDH|SSL_aRSA; | ||
| 1750 | } | ||
| 1751 | if (signature_nid == NID_ecdsa_with_SHA1) | ||
| 1752 | { | ||
| 1753 | mask|=SSL_kECDH|SSL_aECDSA; | ||
| 1754 | if (ecc_pkey_size <= 163) | ||
| 1755 | emask|=SSL_kECDH|SSL_aECDSA; | ||
| 1756 | } | ||
| 1757 | } | ||
| 1758 | #endif | ||
| 1759 | #ifndef OPENSSL_NO_ECDSA | ||
| 1760 | if (ecdsa_ok) | ||
| 1761 | { | ||
| 1762 | mask|=SSL_aECDSA; | ||
| 1763 | emask|=SSL_aECDSA; | ||
| 1764 | } | ||
| 1765 | #endif | ||
| 1766 | } | ||
| 1767 | |||
| 1768 | #ifndef OPENSSL_NO_ECDH | ||
| 1769 | if (have_ecdh_tmp) | ||
| 1770 | { | ||
| 1771 | mask|=SSL_kECDHE; | ||
| 1772 | emask|=SSL_kECDHE; | ||
| 1773 | } | ||
| 1774 | #endif | ||
| 1616 | c->mask=mask; | 1775 | c->mask=mask; |
| 1617 | c->export_mask=emask; | 1776 | c->export_mask=emask; |
| 1618 | c->valid=1; | 1777 | c->valid=1; |
| 1619 | } | 1778 | } |
| 1620 | 1779 | ||
| 1780 | /* This handy macro borrowed from crypto/x509v3/v3_purp.c */ | ||
| 1781 | #define ku_reject(x, usage) \ | ||
| 1782 | (((x)->ex_flags & EXFLAG_KUSAGE) && !((x)->ex_kusage & (usage))) | ||
| 1783 | |||
| 1784 | int check_srvr_ecc_cert_and_alg(X509 *x, SSL_CIPHER *cs) | ||
| 1785 | { | ||
| 1786 | unsigned long alg = cs->algorithms; | ||
| 1787 | EVP_PKEY *pkey = NULL; | ||
| 1788 | int keysize = 0; | ||
| 1789 | int signature_nid = 0; | ||
| 1790 | |||
| 1791 | if (SSL_C_IS_EXPORT(cs)) | ||
| 1792 | { | ||
| 1793 | /* ECDH key length in export ciphers must be <= 163 bits */ | ||
| 1794 | pkey = X509_get_pubkey(x); | ||
| 1795 | if (pkey == NULL) return 0; | ||
| 1796 | keysize = EVP_PKEY_bits(pkey); | ||
| 1797 | EVP_PKEY_free(pkey); | ||
| 1798 | if (keysize > 163) return 0; | ||
| 1799 | } | ||
| 1800 | |||
| 1801 | /* This call populates the ex_flags field correctly */ | ||
| 1802 | X509_check_purpose(x, -1, 0); | ||
| 1803 | if ((x->sig_alg) && (x->sig_alg->algorithm)) | ||
| 1804 | signature_nid = OBJ_obj2nid(x->sig_alg->algorithm); | ||
| 1805 | if (alg & SSL_kECDH) | ||
| 1806 | { | ||
| 1807 | /* key usage, if present, must allow key agreement */ | ||
| 1808 | if (ku_reject(x, X509v3_KU_KEY_AGREEMENT)) | ||
| 1809 | { | ||
| 1810 | return 0; | ||
| 1811 | } | ||
| 1812 | if (alg & SSL_aECDSA) | ||
| 1813 | { | ||
| 1814 | /* signature alg must be ECDSA */ | ||
| 1815 | if (signature_nid != NID_ecdsa_with_SHA1) | ||
| 1816 | { | ||
| 1817 | return 0; | ||
| 1818 | } | ||
| 1819 | } | ||
| 1820 | if (alg & SSL_aRSA) | ||
| 1821 | { | ||
| 1822 | /* signature alg must be RSA */ | ||
| 1823 | if ((signature_nid != NID_md5WithRSAEncryption) && | ||
| 1824 | (signature_nid != NID_md4WithRSAEncryption) && | ||
| 1825 | (signature_nid != NID_md2WithRSAEncryption)) | ||
| 1826 | { | ||
| 1827 | return 0; | ||
| 1828 | } | ||
| 1829 | } | ||
| 1830 | } | ||
| 1831 | else if (alg & SSL_aECDSA) | ||
| 1832 | { | ||
| 1833 | /* key usage, if present, must allow signing */ | ||
| 1834 | if (ku_reject(x, X509v3_KU_DIGITAL_SIGNATURE)) | ||
| 1835 | { | ||
| 1836 | return 0; | ||
| 1837 | } | ||
| 1838 | } | ||
| 1839 | |||
| 1840 | return 1; /* all checks are ok */ | ||
| 1841 | } | ||
| 1842 | |||
| 1621 | /* THIS NEEDS CLEANING UP */ | 1843 | /* THIS NEEDS CLEANING UP */ |
| 1622 | X509 *ssl_get_server_send_cert(SSL *s) | 1844 | X509 *ssl_get_server_send_cert(SSL *s) |
| 1623 | { | 1845 | { |
| @@ -1632,7 +1854,26 @@ X509 *ssl_get_server_send_cert(SSL *s) | |||
| 1632 | mask=is_export?c->export_mask:c->mask; | 1854 | mask=is_export?c->export_mask:c->mask; |
| 1633 | kalg=alg&(SSL_MKEY_MASK|SSL_AUTH_MASK); | 1855 | kalg=alg&(SSL_MKEY_MASK|SSL_AUTH_MASK); |
| 1634 | 1856 | ||
| 1635 | if (kalg & SSL_kDHr) | 1857 | if (kalg & SSL_kECDH) |
| 1858 | { | ||
| 1859 | /* we don't need to look at SSL_kECDHE | ||
| 1860 | * since no certificate is needed for | ||
| 1861 | * anon ECDH and for authenticated | ||
| 1862 | * ECDHE, the check for the auth | ||
| 1863 | * algorithm will set i correctly | ||
| 1864 | * NOTE: For ECDH-RSA, we need an ECC | ||
| 1865 | * not an RSA cert but for ECDHE-RSA | ||
| 1866 | * we need an RSA cert. Placing the | ||
| 1867 | * checks for SSL_kECDH before RSA | ||
| 1868 | * checks ensures the correct cert is chosen. | ||
| 1869 | */ | ||
| 1870 | i=SSL_PKEY_ECC; | ||
| 1871 | } | ||
| 1872 | else if (kalg & SSL_aECDSA) | ||
| 1873 | { | ||
| 1874 | i=SSL_PKEY_ECC; | ||
| 1875 | } | ||
| 1876 | else if (kalg & SSL_kDHr) | ||
| 1636 | i=SSL_PKEY_DH_RSA; | 1877 | i=SSL_PKEY_DH_RSA; |
| 1637 | else if (kalg & SSL_kDHd) | 1878 | else if (kalg & SSL_kDHd) |
| 1638 | i=SSL_PKEY_DH_DSA; | 1879 | i=SSL_PKEY_DH_DSA; |
| @@ -1656,6 +1897,7 @@ X509 *ssl_get_server_send_cert(SSL *s) | |||
| 1656 | return(NULL); | 1897 | return(NULL); |
| 1657 | } | 1898 | } |
| 1658 | if (c->pkeys[i].x509 == NULL) return(NULL); | 1899 | if (c->pkeys[i].x509 == NULL) return(NULL); |
| 1900 | |||
| 1659 | return(c->pkeys[i].x509); | 1901 | return(c->pkeys[i].x509); |
| 1660 | } | 1902 | } |
| 1661 | 1903 | ||
| @@ -1679,6 +1921,9 @@ EVP_PKEY *ssl_get_sign_pkey(SSL *s,SSL_CIPHER *cipher) | |||
| 1679 | else | 1921 | else |
| 1680 | return(NULL); | 1922 | return(NULL); |
| 1681 | } | 1923 | } |
| 1924 | else if ((alg & SSL_aECDSA) && | ||
| 1925 | (c->pkeys[SSL_PKEY_ECC].privatekey != NULL)) | ||
| 1926 | return(c->pkeys[SSL_PKEY_ECC].privatekey); | ||
| 1682 | else /* if (alg & SSL_aNULL) */ | 1927 | else /* if (alg & SSL_aNULL) */ |
| 1683 | { | 1928 | { |
| 1684 | SSLerr(SSL_F_SSL_GET_SIGN_PKEY,ERR_R_INTERNAL_ERROR); | 1929 | SSLerr(SSL_F_SSL_GET_SIGN_PKEY,ERR_R_INTERNAL_ERROR); |
| @@ -1884,6 +2129,12 @@ int ssl_undefined_function(SSL *s) | |||
| 1884 | return(0); | 2129 | return(0); |
| 1885 | } | 2130 | } |
| 1886 | 2131 | ||
| 2132 | int ssl_undefined_void_function(void) | ||
| 2133 | { | ||
| 2134 | SSLerr(SSL_F_SSL_UNDEFINED_VOID_FUNCTION,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); | ||
| 2135 | return(0); | ||
| 2136 | } | ||
| 2137 | |||
| 1887 | int ssl_undefined_const_function(const SSL *s) | 2138 | int ssl_undefined_const_function(const SSL *s) |
| 1888 | { | 2139 | { |
| 1889 | SSLerr(SSL_F_SSL_UNDEFINED_CONST_FUNCTION,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); | 2140 | SSLerr(SSL_F_SSL_UNDEFINED_CONST_FUNCTION,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); |
| @@ -1999,8 +2250,8 @@ SSL *SSL_dup(SSL *s) | |||
| 1999 | ret->rstate=s->rstate; | 2250 | ret->rstate=s->rstate; |
| 2000 | ret->init_num = 0; /* would have to copy ret->init_buf, ret->init_msg, ret->init_num, ret->init_off */ | 2251 | ret->init_num = 0; /* would have to copy ret->init_buf, ret->init_msg, ret->init_num, ret->init_off */ |
| 2001 | ret->hit=s->hit; | 2252 | ret->hit=s->hit; |
| 2002 | ret->purpose=s->purpose; | 2253 | |
| 2003 | ret->trust=s->trust; | 2254 | X509_VERIFY_PARAM_inherit(ret->param, s->param); |
| 2004 | 2255 | ||
| 2005 | /* dup the cipher_list and cipher_list_by_id stacks */ | 2256 | /* dup the cipher_list and cipher_list_by_id stacks */ |
| 2006 | if (s->cipher_list != NULL) | 2257 | if (s->cipher_list != NULL) |
| @@ -2052,6 +2303,7 @@ void ssl_clear_cipher_ctx(SSL *s) | |||
| 2052 | OPENSSL_free(s->enc_write_ctx); | 2303 | OPENSSL_free(s->enc_write_ctx); |
| 2053 | s->enc_write_ctx=NULL; | 2304 | s->enc_write_ctx=NULL; |
| 2054 | } | 2305 | } |
| 2306 | #ifndef OPENSSL_NO_COMP | ||
| 2055 | if (s->expand != NULL) | 2307 | if (s->expand != NULL) |
| 2056 | { | 2308 | { |
| 2057 | COMP_CTX_free(s->expand); | 2309 | COMP_CTX_free(s->expand); |
| @@ -2062,6 +2314,7 @@ void ssl_clear_cipher_ctx(SSL *s) | |||
| 2062 | COMP_CTX_free(s->compress); | 2314 | COMP_CTX_free(s->compress); |
| 2063 | s->compress=NULL; | 2315 | s->compress=NULL; |
| 2064 | } | 2316 | } |
| 2317 | #endif | ||
| 2065 | } | 2318 | } |
| 2066 | 2319 | ||
| 2067 | /* Fix this function so that it takes an optional type parameter */ | 2320 | /* Fix this function so that it takes an optional type parameter */ |
| @@ -2088,6 +2341,31 @@ SSL_CIPHER *SSL_get_current_cipher(const SSL *s) | |||
| 2088 | return(s->session->cipher); | 2341 | return(s->session->cipher); |
| 2089 | return(NULL); | 2342 | return(NULL); |
| 2090 | } | 2343 | } |
| 2344 | #ifdef OPENSSL_NO_COMP | ||
| 2345 | const void *SSL_get_current_compression(SSL *s) | ||
| 2346 | { | ||
| 2347 | return NULL; | ||
| 2348 | } | ||
| 2349 | const void *SSL_get_current_expansion(SSL *s) | ||
| 2350 | { | ||
| 2351 | return NULL; | ||
| 2352 | } | ||
| 2353 | #else | ||
| 2354 | |||
| 2355 | const COMP_METHOD *SSL_get_current_compression(SSL *s) | ||
| 2356 | { | ||
| 2357 | if (s->compress != NULL) | ||
| 2358 | return(s->compress->meth); | ||
| 2359 | return(NULL); | ||
| 2360 | } | ||
| 2361 | |||
| 2362 | const COMP_METHOD *SSL_get_current_expansion(SSL *s) | ||
| 2363 | { | ||
| 2364 | if (s->expand != NULL) | ||
| 2365 | return(s->expand->meth); | ||
| 2366 | return(NULL); | ||
| 2367 | } | ||
| 2368 | #endif | ||
| 2091 | 2369 | ||
| 2092 | int ssl_init_wbio_buffer(SSL *s,int push) | 2370 | int ssl_init_wbio_buffer(SSL *s,int push) |
| 2093 | { | 2371 | { |
| @@ -2181,6 +2459,24 @@ SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl) | |||
| 2181 | return(ssl->ctx); | 2459 | return(ssl->ctx); |
| 2182 | } | 2460 | } |
| 2183 | 2461 | ||
| 2462 | SSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX* ctx) | ||
| 2463 | { | ||
| 2464 | if (ssl->ctx == ctx) | ||
| 2465 | return ssl->ctx; | ||
| 2466 | #ifndef OPENSSL_NO_TLSEXT | ||
| 2467 | if (ctx == NULL) | ||
| 2468 | ctx = ssl->initial_ctx; | ||
| 2469 | #endif | ||
| 2470 | if (ssl->cert != NULL) | ||
| 2471 | ssl_cert_free(ssl->cert); | ||
| 2472 | ssl->cert = ssl_cert_dup(ctx->cert); | ||
| 2473 | CRYPTO_add(&ctx->references,1,CRYPTO_LOCK_SSL_CTX); | ||
| 2474 | if (ssl->ctx != NULL) | ||
| 2475 | SSL_CTX_free(ssl->ctx); /* decrement reference count */ | ||
| 2476 | ssl->ctx = ctx; | ||
| 2477 | return(ssl->ctx); | ||
| 2478 | } | ||
| 2479 | |||
| 2184 | #ifndef OPENSSL_NO_STDIO | 2480 | #ifndef OPENSSL_NO_STDIO |
| 2185 | int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx) | 2481 | int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx) |
| 2186 | { | 2482 | { |
| @@ -2190,19 +2486,19 @@ int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx) | |||
| 2190 | int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile, | 2486 | int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile, |
| 2191 | const char *CApath) | 2487 | const char *CApath) |
| 2192 | { | 2488 | { |
| 2193 | int r; | 2489 | return(X509_STORE_load_locations(ctx->cert_store,CAfile,CApath)); |
| 2194 | r=X509_STORE_load_locations(ctx->cert_store,CAfile,CApath); | ||
| 2195 | return r; | ||
| 2196 | } | 2490 | } |
| 2197 | #endif | 2491 | #endif |
| 2198 | 2492 | ||
| 2199 | void SSL_set_info_callback(SSL *ssl, | 2493 | void SSL_set_info_callback(SSL *ssl, |
| 2200 | void (*cb)(const SSL *ssl,int type,int val)) | 2494 | void (*cb)(const SSL *ssl,int type,int val)) |
| 2201 | { | 2495 | { |
| 2202 | ssl->info_callback=cb; | 2496 | ssl->info_callback=cb; |
| 2203 | } | 2497 | } |
| 2204 | 2498 | ||
| 2205 | void (*SSL_get_info_callback(const SSL *ssl))(const SSL *ssl,int type,int val) | 2499 | /* One compiler (Diab DCC) doesn't like argument names in returned |
| 2500 | function pointer. */ | ||
| 2501 | void (*SSL_get_info_callback(const SSL *ssl))(const SSL * /*ssl*/,int /*type*/,int /*val*/) | ||
| 2206 | { | 2502 | { |
| 2207 | return ssl->info_callback; | 2503 | return ssl->info_callback; |
| 2208 | } | 2504 | } |
| @@ -2289,14 +2585,14 @@ void SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx,RSA *(*cb)(SSL *ssl, | |||
| 2289 | int is_export, | 2585 | int is_export, |
| 2290 | int keylength)) | 2586 | int keylength)) |
| 2291 | { | 2587 | { |
| 2292 | SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TMP_RSA_CB,(void (*)())cb); | 2588 | SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TMP_RSA_CB,(void (*)(void))cb); |
| 2293 | } | 2589 | } |
| 2294 | 2590 | ||
| 2295 | void SSL_set_tmp_rsa_callback(SSL *ssl,RSA *(*cb)(SSL *ssl, | 2591 | void SSL_set_tmp_rsa_callback(SSL *ssl,RSA *(*cb)(SSL *ssl, |
| 2296 | int is_export, | 2592 | int is_export, |
| 2297 | int keylength)) | 2593 | int keylength)) |
| 2298 | { | 2594 | { |
| 2299 | SSL_callback_ctrl(ssl,SSL_CTRL_SET_TMP_RSA_CB,(void (*)())cb); | 2595 | SSL_callback_ctrl(ssl,SSL_CTRL_SET_TMP_RSA_CB,(void (*)(void))cb); |
| 2300 | } | 2596 | } |
| 2301 | #endif | 2597 | #endif |
| 2302 | 2598 | ||
| @@ -2325,24 +2621,38 @@ RSA *cb(SSL *ssl,int is_export,int keylength) | |||
| 2325 | void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx,DH *(*dh)(SSL *ssl,int is_export, | 2621 | void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx,DH *(*dh)(SSL *ssl,int is_export, |
| 2326 | int keylength)) | 2622 | int keylength)) |
| 2327 | { | 2623 | { |
| 2328 | SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TMP_DH_CB,(void (*)())dh); | 2624 | SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TMP_DH_CB,(void (*)(void))dh); |
| 2329 | } | 2625 | } |
| 2330 | 2626 | ||
| 2331 | void SSL_set_tmp_dh_callback(SSL *ssl,DH *(*dh)(SSL *ssl,int is_export, | 2627 | void SSL_set_tmp_dh_callback(SSL *ssl,DH *(*dh)(SSL *ssl,int is_export, |
| 2332 | int keylength)) | 2628 | int keylength)) |
| 2333 | { | 2629 | { |
| 2334 | SSL_callback_ctrl(ssl,SSL_CTRL_SET_TMP_DH_CB,(void (*)())dh); | 2630 | SSL_callback_ctrl(ssl,SSL_CTRL_SET_TMP_DH_CB,(void (*)(void))dh); |
| 2631 | } | ||
| 2632 | #endif | ||
| 2633 | |||
| 2634 | #ifndef OPENSSL_NO_ECDH | ||
| 2635 | void SSL_CTX_set_tmp_ecdh_callback(SSL_CTX *ctx,EC_KEY *(*ecdh)(SSL *ssl,int is_export, | ||
| 2636 | int keylength)) | ||
| 2637 | { | ||
| 2638 | SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TMP_ECDH_CB,(void (*)(void))ecdh); | ||
| 2639 | } | ||
| 2640 | |||
| 2641 | void SSL_set_tmp_ecdh_callback(SSL *ssl,EC_KEY *(*ecdh)(SSL *ssl,int is_export, | ||
| 2642 | int keylength)) | ||
| 2643 | { | ||
| 2644 | SSL_callback_ctrl(ssl,SSL_CTRL_SET_TMP_ECDH_CB,(void (*)(void))ecdh); | ||
| 2335 | } | 2645 | } |
| 2336 | #endif | 2646 | #endif |
| 2337 | 2647 | ||
| 2338 | 2648 | ||
| 2339 | void SSL_CTX_set_msg_callback(SSL_CTX *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)) | 2649 | void SSL_CTX_set_msg_callback(SSL_CTX *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)) |
| 2340 | { | 2650 | { |
| 2341 | SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_MSG_CALLBACK, (void (*)())cb); | 2651 | SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_MSG_CALLBACK, (void (*)(void))cb); |
| 2342 | } | 2652 | } |
| 2343 | void SSL_set_msg_callback(SSL *ssl, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)) | 2653 | void SSL_set_msg_callback(SSL *ssl, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)) |
| 2344 | { | 2654 | { |
| 2345 | SSL_callback_ctrl(ssl, SSL_CTRL_SET_MSG_CALLBACK, (void (*)())cb); | 2655 | SSL_callback_ctrl(ssl, SSL_CTRL_SET_MSG_CALLBACK, (void (*)(void))cb); |
| 2346 | } | 2656 | } |
| 2347 | 2657 | ||
| 2348 | 2658 | ||
diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h index 6a0b7595f4..de94c0d0c7 100644 --- a/src/lib/libssl/ssl_locl.h +++ b/src/lib/libssl/ssl_locl.h | |||
| @@ -108,6 +108,11 @@ | |||
| 108 | * Hudson (tjh@cryptsoft.com). | 108 | * Hudson (tjh@cryptsoft.com). |
| 109 | * | 109 | * |
| 110 | */ | 110 | */ |
| 111 | /* ==================================================================== | ||
| 112 | * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. | ||
| 113 | * ECC cipher suite support in OpenSSL originally developed by | ||
| 114 | * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. | ||
| 115 | */ | ||
| 111 | 116 | ||
| 112 | #ifndef HEADER_SSL_LOCL_H | 117 | #ifndef HEADER_SSL_LOCL_H |
| 113 | #define HEADER_SSL_LOCL_H | 118 | #define HEADER_SSL_LOCL_H |
| @@ -121,10 +126,13 @@ | |||
| 121 | #include <openssl/buffer.h> | 126 | #include <openssl/buffer.h> |
| 122 | #include <openssl/comp.h> | 127 | #include <openssl/comp.h> |
| 123 | #include <openssl/bio.h> | 128 | #include <openssl/bio.h> |
| 124 | #include <openssl/crypto.h> | ||
| 125 | #include <openssl/evp.h> | ||
| 126 | #include <openssl/stack.h> | 129 | #include <openssl/stack.h> |
| 127 | #include <openssl/x509.h> | 130 | #ifndef OPENSSL_NO_RSA |
| 131 | #include <openssl/rsa.h> | ||
| 132 | #endif | ||
| 133 | #ifndef OPENSSL_NO_DSA | ||
| 134 | #include <openssl/dsa.h> | ||
| 135 | #endif | ||
| 128 | #include <openssl/err.h> | 136 | #include <openssl/err.h> |
| 129 | #include <openssl/ssl.h> | 137 | #include <openssl/ssl.h> |
| 130 | #include <openssl/symhacks.h> | 138 | #include <openssl/symhacks.h> |
| @@ -172,6 +180,20 @@ | |||
| 172 | *((c)++)=(unsigned char)(((l)>> 8)&0xff), \ | 180 | *((c)++)=(unsigned char)(((l)>> 8)&0xff), \ |
| 173 | *((c)++)=(unsigned char)(((l) )&0xff)) | 181 | *((c)++)=(unsigned char)(((l) )&0xff)) |
| 174 | 182 | ||
| 183 | #define l2n6(l,c) (*((c)++)=(unsigned char)(((l)>>40)&0xff), \ | ||
| 184 | *((c)++)=(unsigned char)(((l)>>32)&0xff), \ | ||
| 185 | *((c)++)=(unsigned char)(((l)>>24)&0xff), \ | ||
| 186 | *((c)++)=(unsigned char)(((l)>>16)&0xff), \ | ||
| 187 | *((c)++)=(unsigned char)(((l)>> 8)&0xff), \ | ||
| 188 | *((c)++)=(unsigned char)(((l) )&0xff)) | ||
| 189 | |||
| 190 | #define n2l6(c,l) (l =((BN_ULLONG)(*((c)++)))<<40, \ | ||
| 191 | l|=((BN_ULLONG)(*((c)++)))<<32, \ | ||
| 192 | l|=((BN_ULLONG)(*((c)++)))<<24, \ | ||
| 193 | l|=((BN_ULLONG)(*((c)++)))<<16, \ | ||
| 194 | l|=((BN_ULLONG)(*((c)++)))<< 8, \ | ||
| 195 | l|=((BN_ULLONG)(*((c)++)))) | ||
| 196 | |||
| 175 | /* NOTE - c is not incremented as per l2c */ | 197 | /* NOTE - c is not incremented as per l2c */ |
| 176 | #define l2cn(l1,l2,c,n) { \ | 198 | #define l2cn(l1,l2,c,n) { \ |
| 177 | c+=n; \ | 199 | c+=n; \ |
| @@ -227,52 +249,58 @@ | |||
| 227 | * that the different entities within are mutually exclusive: | 249 | * that the different entities within are mutually exclusive: |
| 228 | * ONLY ONE BIT PER MASK CAN BE SET AT A TIME. | 250 | * ONLY ONE BIT PER MASK CAN BE SET AT A TIME. |
| 229 | */ | 251 | */ |
| 230 | #define SSL_MKEY_MASK 0x0000003FL | 252 | #define SSL_MKEY_MASK 0x000000FFL |
| 231 | #define SSL_kRSA 0x00000001L /* RSA key exchange */ | 253 | #define SSL_kRSA 0x00000001L /* RSA key exchange */ |
| 232 | #define SSL_kDHr 0x00000002L /* DH cert RSA CA cert */ | 254 | #define SSL_kDHr 0x00000002L /* DH cert RSA CA cert */ |
| 233 | #define SSL_kDHd 0x00000004L /* DH cert DSA CA cert */ | 255 | #define SSL_kDHd 0x00000004L /* DH cert DSA CA cert */ |
| 234 | #define SSL_kFZA 0x00000008L | 256 | #define SSL_kFZA 0x00000008L |
| 235 | #define SSL_kEDH 0x00000010L /* tmp DH key no DH cert */ | 257 | #define SSL_kEDH 0x00000010L /* tmp DH key no DH cert */ |
| 236 | #define SSL_kKRB5 0x00000020L /* Kerberos5 key exchange */ | 258 | #define SSL_kKRB5 0x00000020L /* Kerberos5 key exchange */ |
| 259 | #define SSL_kECDH 0x00000040L /* ECDH w/ long-term keys */ | ||
| 260 | #define SSL_kECDHE 0x00000080L /* ephemeral ECDH */ | ||
| 237 | #define SSL_EDH (SSL_kEDH|(SSL_AUTH_MASK^SSL_aNULL)) | 261 | #define SSL_EDH (SSL_kEDH|(SSL_AUTH_MASK^SSL_aNULL)) |
| 238 | 262 | ||
| 239 | #define SSL_AUTH_MASK 0x00000FC0L | 263 | #define SSL_AUTH_MASK 0x00007F00L |
| 240 | #define SSL_aRSA 0x00000040L /* Authenticate with RSA */ | 264 | #define SSL_aRSA 0x00000100L /* Authenticate with RSA */ |
| 241 | #define SSL_aDSS 0x00000080L /* Authenticate with DSS */ | 265 | #define SSL_aDSS 0x00000200L /* Authenticate with DSS */ |
| 242 | #define SSL_DSS SSL_aDSS | 266 | #define SSL_DSS SSL_aDSS |
| 243 | #define SSL_aFZA 0x00000100L | 267 | #define SSL_aFZA 0x00000400L |
| 244 | #define SSL_aNULL 0x00000200L /* no Authenticate, ADH */ | 268 | #define SSL_aNULL 0x00000800L /* no Authenticate, ADH */ |
| 245 | #define SSL_aDH 0x00000400L /* no Authenticate, ADH */ | 269 | #define SSL_aDH 0x00001000L /* no Authenticate, ADH */ |
| 246 | #define SSL_aKRB5 0x00000800L /* Authenticate with KRB5 */ | 270 | #define SSL_aKRB5 0x00002000L /* Authenticate with KRB5 */ |
| 271 | #define SSL_aECDSA 0x00004000L /* Authenticate with ECDSA */ | ||
| 247 | 272 | ||
| 248 | #define SSL_NULL (SSL_eNULL) | 273 | #define SSL_NULL (SSL_eNULL) |
| 249 | #define SSL_ADH (SSL_kEDH|SSL_aNULL) | 274 | #define SSL_ADH (SSL_kEDH|SSL_aNULL) |
| 250 | #define SSL_RSA (SSL_kRSA|SSL_aRSA) | 275 | #define SSL_RSA (SSL_kRSA|SSL_aRSA) |
| 251 | #define SSL_DH (SSL_kDHr|SSL_kDHd|SSL_kEDH) | 276 | #define SSL_DH (SSL_kDHr|SSL_kDHd|SSL_kEDH) |
| 277 | #define SSL_ECDH (SSL_kECDH|SSL_kECDHE) | ||
| 252 | #define SSL_FZA (SSL_aFZA|SSL_kFZA|SSL_eFZA) | 278 | #define SSL_FZA (SSL_aFZA|SSL_kFZA|SSL_eFZA) |
| 253 | #define SSL_KRB5 (SSL_kKRB5|SSL_aKRB5) | 279 | #define SSL_KRB5 (SSL_kKRB5|SSL_aKRB5) |
| 254 | 280 | ||
| 255 | #define SSL_ENC_MASK 0x0087F000L | 281 | #define SSL_ENC_MASK 0x1C3F8000L |
| 256 | #define SSL_DES 0x00001000L | 282 | #define SSL_DES 0x00008000L |
| 257 | #define SSL_3DES 0x00002000L | 283 | #define SSL_3DES 0x00010000L |
| 258 | #define SSL_RC4 0x00004000L | 284 | #define SSL_RC4 0x00020000L |
| 259 | #define SSL_RC2 0x00008000L | 285 | #define SSL_RC2 0x00040000L |
| 260 | #define SSL_IDEA 0x00010000L | 286 | #define SSL_IDEA 0x00080000L |
| 261 | #define SSL_eFZA 0x00020000L | 287 | #define SSL_eFZA 0x00100000L |
| 262 | #define SSL_eNULL 0x00040000L | 288 | #define SSL_eNULL 0x00200000L |
| 263 | #define SSL_AES 0x00800000L | 289 | #define SSL_AES 0x04000000L |
| 264 | 290 | #define SSL_CAMELLIA 0x08000000L | |
| 265 | #define SSL_MAC_MASK 0x00180000L | 291 | #define SSL_SEED 0x10000000L |
| 266 | #define SSL_MD5 0x00080000L | 292 | |
| 267 | #define SSL_SHA1 0x00100000L | 293 | #define SSL_MAC_MASK 0x00c00000L |
| 294 | #define SSL_MD5 0x00400000L | ||
| 295 | #define SSL_SHA1 0x00800000L | ||
| 268 | #define SSL_SHA (SSL_SHA1) | 296 | #define SSL_SHA (SSL_SHA1) |
| 269 | 297 | ||
| 270 | #define SSL_SSL_MASK 0x00600000L | 298 | #define SSL_SSL_MASK 0x03000000L |
| 271 | #define SSL_SSLV2 0x00200000L | 299 | #define SSL_SSLV2 0x01000000L |
| 272 | #define SSL_SSLV3 0x00400000L | 300 | #define SSL_SSLV3 0x02000000L |
| 273 | #define SSL_TLSV1 SSL_SSLV3 /* for now */ | 301 | #define SSL_TLSV1 SSL_SSLV3 /* for now */ |
| 274 | 302 | ||
| 275 | /* we have used 007fffff - 9 bits left to go */ | 303 | /* we have used 1fffffff - 3 bits left to go. */ |
| 276 | 304 | ||
| 277 | /* | 305 | /* |
| 278 | * Export and cipher strength information. For each cipher we have to decide | 306 | * Export and cipher strength information. For each cipher we have to decide |
| @@ -302,9 +330,8 @@ | |||
| 302 | #define SSL_LOW 0x00000020L | 330 | #define SSL_LOW 0x00000020L |
| 303 | #define SSL_MEDIUM 0x00000040L | 331 | #define SSL_MEDIUM 0x00000040L |
| 304 | #define SSL_HIGH 0x00000080L | 332 | #define SSL_HIGH 0x00000080L |
| 305 | #define SSL_FIPS 0x00000100L | ||
| 306 | 333 | ||
| 307 | /* we have used 000001ff - 23 bits left to go */ | 334 | /* we have used 000000ff - 24 bits left to go */ |
| 308 | 335 | ||
| 309 | /* | 336 | /* |
| 310 | * Macros to check the export status and cipher strength for export ciphers. | 337 | * Macros to check the export status and cipher strength for export ciphers. |
| @@ -345,7 +372,8 @@ | |||
| 345 | #define SSL_PKEY_DSA_SIGN 2 | 372 | #define SSL_PKEY_DSA_SIGN 2 |
| 346 | #define SSL_PKEY_DH_RSA 3 | 373 | #define SSL_PKEY_DH_RSA 3 |
| 347 | #define SSL_PKEY_DH_DSA 4 | 374 | #define SSL_PKEY_DH_DSA 4 |
| 348 | #define SSL_PKEY_NUM 5 | 375 | #define SSL_PKEY_ECC 5 |
| 376 | #define SSL_PKEY_NUM 6 | ||
| 349 | 377 | ||
| 350 | /* SSL_kRSA <- RSA_ENC | (RSA_TMP & RSA_SIGN) | | 378 | /* SSL_kRSA <- RSA_ENC | (RSA_TMP & RSA_SIGN) | |
| 351 | * <- (EXPORT & (RSA_ENC | RSA_TMP) & RSA_SIGN) | 379 | * <- (EXPORT & (RSA_ENC | RSA_TMP) & RSA_SIGN) |
| @@ -361,6 +389,15 @@ | |||
| 361 | #define CERT_PRIVATE_KEY 2 | 389 | #define CERT_PRIVATE_KEY 2 |
| 362 | */ | 390 | */ |
| 363 | 391 | ||
| 392 | #ifndef OPENSSL_NO_EC | ||
| 393 | /* From ECC-TLS draft, used in encoding the curve type in | ||
| 394 | * ECParameters | ||
| 395 | */ | ||
| 396 | #define EXPLICIT_PRIME_CURVE_TYPE 1 | ||
| 397 | #define EXPLICIT_CHAR2_CURVE_TYPE 2 | ||
| 398 | #define NAMED_CURVE_TYPE 3 | ||
| 399 | #endif /* OPENSSL_NO_EC */ | ||
| 400 | |||
| 364 | typedef struct cert_pkey_st | 401 | typedef struct cert_pkey_st |
| 365 | { | 402 | { |
| 366 | X509 *x509; | 403 | X509 *x509; |
| @@ -387,6 +424,11 @@ typedef struct cert_st | |||
| 387 | DH *dh_tmp; | 424 | DH *dh_tmp; |
| 388 | DH *(*dh_tmp_cb)(SSL *ssl,int is_export,int keysize); | 425 | DH *(*dh_tmp_cb)(SSL *ssl,int is_export,int keysize); |
| 389 | #endif | 426 | #endif |
| 427 | #ifndef OPENSSL_NO_ECDH | ||
| 428 | EC_KEY *ecdh_tmp; | ||
| 429 | /* Callback for generating ephemeral ECDH keys */ | ||
| 430 | EC_KEY *(*ecdh_tmp_cb)(SSL *ssl,int is_export,int keysize); | ||
| 431 | #endif | ||
| 390 | 432 | ||
| 391 | CERT_PKEY pkeys[SSL_PKEY_NUM]; | 433 | CERT_PKEY pkeys[SSL_PKEY_NUM]; |
| 392 | 434 | ||
| @@ -412,6 +454,9 @@ typedef struct sess_cert_st | |||
| 412 | #ifndef OPENSSL_NO_DH | 454 | #ifndef OPENSSL_NO_DH |
| 413 | DH *peer_dh_tmp; /* not used for SSL 2 */ | 455 | DH *peer_dh_tmp; /* not used for SSL 2 */ |
| 414 | #endif | 456 | #endif |
| 457 | #ifndef OPENSSL_NO_ECDH | ||
| 458 | EC_KEY *peer_ecdh_tmp; | ||
| 459 | #endif | ||
| 415 | 460 | ||
| 416 | int references; /* actually always 1 at the moment */ | 461 | int references; /* actually always 1 at the moment */ |
| 417 | } SESS_CERT; | 462 | } SESS_CERT; |
| @@ -466,17 +511,201 @@ extern SSL3_ENC_METHOD ssl3_undef_enc_method; | |||
| 466 | OPENSSL_EXTERN SSL_CIPHER ssl2_ciphers[]; | 511 | OPENSSL_EXTERN SSL_CIPHER ssl2_ciphers[]; |
| 467 | OPENSSL_EXTERN SSL_CIPHER ssl3_ciphers[]; | 512 | OPENSSL_EXTERN SSL_CIPHER ssl3_ciphers[]; |
| 468 | 513 | ||
| 469 | #ifdef OPENSSL_SYS_VMS | ||
| 470 | #undef SSL_COMP_get_compression_methods | ||
| 471 | #define SSL_COMP_get_compression_methods SSL_COMP_get_compress_methods | ||
| 472 | #endif | ||
| 473 | |||
| 474 | 514 | ||
| 475 | SSL_METHOD *ssl_bad_method(int ver); | 515 | SSL_METHOD *ssl_bad_method(int ver); |
| 476 | SSL_METHOD *sslv2_base_method(void); | 516 | SSL_METHOD *sslv2_base_method(void); |
| 477 | SSL_METHOD *sslv23_base_method(void); | 517 | SSL_METHOD *sslv23_base_method(void); |
| 478 | SSL_METHOD *sslv3_base_method(void); | 518 | SSL_METHOD *sslv3_base_method(void); |
| 479 | 519 | ||
| 520 | extern SSL3_ENC_METHOD TLSv1_enc_data; | ||
| 521 | extern SSL3_ENC_METHOD SSLv3_enc_data; | ||
| 522 | extern SSL3_ENC_METHOD DTLSv1_enc_data; | ||
| 523 | |||
| 524 | #define IMPLEMENT_tls1_meth_func(func_name, s_accept, s_connect, s_get_meth) \ | ||
| 525 | SSL_METHOD *func_name(void) \ | ||
| 526 | { \ | ||
| 527 | static SSL_METHOD func_name##_data= { \ | ||
| 528 | TLS1_VERSION, \ | ||
| 529 | tls1_new, \ | ||
| 530 | tls1_clear, \ | ||
| 531 | tls1_free, \ | ||
| 532 | s_accept, \ | ||
| 533 | s_connect, \ | ||
| 534 | ssl3_read, \ | ||
| 535 | ssl3_peek, \ | ||
| 536 | ssl3_write, \ | ||
| 537 | ssl3_shutdown, \ | ||
| 538 | ssl3_renegotiate, \ | ||
| 539 | ssl3_renegotiate_check, \ | ||
| 540 | ssl3_get_message, \ | ||
| 541 | ssl3_read_bytes, \ | ||
| 542 | ssl3_write_bytes, \ | ||
| 543 | ssl3_dispatch_alert, \ | ||
| 544 | ssl3_ctrl, \ | ||
| 545 | ssl3_ctx_ctrl, \ | ||
| 546 | ssl3_get_cipher_by_char, \ | ||
| 547 | ssl3_put_cipher_by_char, \ | ||
| 548 | ssl3_pending, \ | ||
| 549 | ssl3_num_ciphers, \ | ||
| 550 | ssl3_get_cipher, \ | ||
| 551 | s_get_meth, \ | ||
| 552 | tls1_default_timeout, \ | ||
| 553 | &TLSv1_enc_data, \ | ||
| 554 | ssl_undefined_void_function, \ | ||
| 555 | ssl3_callback_ctrl, \ | ||
| 556 | ssl3_ctx_callback_ctrl, \ | ||
| 557 | }; \ | ||
| 558 | return &func_name##_data; \ | ||
| 559 | } | ||
| 560 | |||
| 561 | #define IMPLEMENT_ssl3_meth_func(func_name, s_accept, s_connect, s_get_meth) \ | ||
| 562 | SSL_METHOD *func_name(void) \ | ||
| 563 | { \ | ||
| 564 | static SSL_METHOD func_name##_data= { \ | ||
| 565 | SSL3_VERSION, \ | ||
| 566 | ssl3_new, \ | ||
| 567 | ssl3_clear, \ | ||
| 568 | ssl3_free, \ | ||
| 569 | s_accept, \ | ||
| 570 | s_connect, \ | ||
| 571 | ssl3_read, \ | ||
| 572 | ssl3_peek, \ | ||
| 573 | ssl3_write, \ | ||
| 574 | ssl3_shutdown, \ | ||
| 575 | ssl3_renegotiate, \ | ||
| 576 | ssl3_renegotiate_check, \ | ||
| 577 | ssl3_get_message, \ | ||
| 578 | ssl3_read_bytes, \ | ||
| 579 | ssl3_write_bytes, \ | ||
| 580 | ssl3_dispatch_alert, \ | ||
| 581 | ssl3_ctrl, \ | ||
| 582 | ssl3_ctx_ctrl, \ | ||
| 583 | ssl3_get_cipher_by_char, \ | ||
| 584 | ssl3_put_cipher_by_char, \ | ||
| 585 | ssl3_pending, \ | ||
| 586 | ssl3_num_ciphers, \ | ||
| 587 | ssl3_get_cipher, \ | ||
| 588 | s_get_meth, \ | ||
| 589 | ssl3_default_timeout, \ | ||
| 590 | &SSLv3_enc_data, \ | ||
| 591 | ssl_undefined_void_function, \ | ||
| 592 | ssl3_callback_ctrl, \ | ||
| 593 | ssl3_ctx_callback_ctrl, \ | ||
| 594 | }; \ | ||
| 595 | return &func_name##_data; \ | ||
| 596 | } | ||
| 597 | |||
| 598 | #define IMPLEMENT_ssl23_meth_func(func_name, s_accept, s_connect, s_get_meth) \ | ||
| 599 | SSL_METHOD *func_name(void) \ | ||
| 600 | { \ | ||
| 601 | static SSL_METHOD func_name##_data= { \ | ||
| 602 | TLS1_VERSION, \ | ||
| 603 | tls1_new, \ | ||
| 604 | tls1_clear, \ | ||
| 605 | tls1_free, \ | ||
| 606 | s_accept, \ | ||
| 607 | s_connect, \ | ||
| 608 | ssl23_read, \ | ||
| 609 | ssl23_peek, \ | ||
| 610 | ssl23_write, \ | ||
| 611 | ssl_undefined_function, \ | ||
| 612 | ssl_undefined_function, \ | ||
| 613 | ssl_ok, \ | ||
| 614 | ssl3_get_message, \ | ||
| 615 | ssl3_read_bytes, \ | ||
| 616 | ssl3_write_bytes, \ | ||
| 617 | ssl3_dispatch_alert, \ | ||
| 618 | ssl3_ctrl, \ | ||
| 619 | ssl3_ctx_ctrl, \ | ||
| 620 | ssl23_get_cipher_by_char, \ | ||
| 621 | ssl23_put_cipher_by_char, \ | ||
| 622 | ssl_undefined_const_function, \ | ||
| 623 | ssl23_num_ciphers, \ | ||
| 624 | ssl23_get_cipher, \ | ||
| 625 | s_get_meth, \ | ||
| 626 | ssl23_default_timeout, \ | ||
| 627 | &ssl3_undef_enc_method, \ | ||
| 628 | ssl_undefined_void_function, \ | ||
| 629 | ssl3_callback_ctrl, \ | ||
| 630 | ssl3_ctx_callback_ctrl, \ | ||
| 631 | }; \ | ||
| 632 | return &func_name##_data; \ | ||
| 633 | } | ||
| 634 | |||
| 635 | #define IMPLEMENT_ssl2_meth_func(func_name, s_accept, s_connect, s_get_meth) \ | ||
| 636 | SSL_METHOD *func_name(void) \ | ||
| 637 | { \ | ||
| 638 | static SSL_METHOD func_name##_data= { \ | ||
| 639 | SSL2_VERSION, \ | ||
| 640 | ssl2_new, /* local */ \ | ||
| 641 | ssl2_clear, /* local */ \ | ||
| 642 | ssl2_free, /* local */ \ | ||
| 643 | s_accept, \ | ||
| 644 | s_connect, \ | ||
| 645 | ssl2_read, \ | ||
| 646 | ssl2_peek, \ | ||
| 647 | ssl2_write, \ | ||
| 648 | ssl2_shutdown, \ | ||
| 649 | ssl_ok, /* NULL - renegotiate */ \ | ||
| 650 | ssl_ok, /* NULL - check renegotiate */ \ | ||
| 651 | NULL, /* NULL - ssl_get_message */ \ | ||
| 652 | NULL, /* NULL - ssl_get_record */ \ | ||
| 653 | NULL, /* NULL - ssl_write_bytes */ \ | ||
| 654 | NULL, /* NULL - dispatch_alert */ \ | ||
| 655 | ssl2_ctrl, /* local */ \ | ||
| 656 | ssl2_ctx_ctrl, /* local */ \ | ||
| 657 | ssl2_get_cipher_by_char, \ | ||
| 658 | ssl2_put_cipher_by_char, \ | ||
| 659 | ssl2_pending, \ | ||
| 660 | ssl2_num_ciphers, \ | ||
| 661 | ssl2_get_cipher, \ | ||
| 662 | s_get_meth, \ | ||
| 663 | ssl2_default_timeout, \ | ||
| 664 | &ssl3_undef_enc_method, \ | ||
| 665 | ssl_undefined_void_function, \ | ||
| 666 | ssl2_callback_ctrl, /* local */ \ | ||
| 667 | ssl2_ctx_callback_ctrl, /* local */ \ | ||
| 668 | }; \ | ||
| 669 | return &func_name##_data; \ | ||
| 670 | } | ||
| 671 | |||
| 672 | #define IMPLEMENT_dtls1_meth_func(func_name, s_accept, s_connect, s_get_meth) \ | ||
| 673 | SSL_METHOD *func_name(void) \ | ||
| 674 | { \ | ||
| 675 | static SSL_METHOD func_name##_data= { \ | ||
| 676 | DTLS1_VERSION, \ | ||
| 677 | dtls1_new, \ | ||
| 678 | dtls1_clear, \ | ||
| 679 | dtls1_free, \ | ||
| 680 | s_accept, \ | ||
| 681 | s_connect, \ | ||
| 682 | ssl3_read, \ | ||
| 683 | ssl3_peek, \ | ||
| 684 | ssl3_write, \ | ||
| 685 | ssl3_shutdown, \ | ||
| 686 | ssl3_renegotiate, \ | ||
| 687 | ssl3_renegotiate_check, \ | ||
| 688 | dtls1_get_message, \ | ||
| 689 | dtls1_read_bytes, \ | ||
| 690 | dtls1_write_app_data_bytes, \ | ||
| 691 | dtls1_dispatch_alert, \ | ||
| 692 | ssl3_ctrl, \ | ||
| 693 | ssl3_ctx_ctrl, \ | ||
| 694 | ssl3_get_cipher_by_char, \ | ||
| 695 | ssl3_put_cipher_by_char, \ | ||
| 696 | ssl3_pending, \ | ||
| 697 | ssl3_num_ciphers, \ | ||
| 698 | dtls1_get_cipher, \ | ||
| 699 | s_get_meth, \ | ||
| 700 | dtls1_default_timeout, \ | ||
| 701 | &DTLSv1_enc_data, \ | ||
| 702 | ssl_undefined_void_function, \ | ||
| 703 | ssl3_callback_ctrl, \ | ||
| 704 | ssl3_ctx_callback_ctrl, \ | ||
| 705 | }; \ | ||
| 706 | return &func_name##_data; \ | ||
| 707 | } | ||
| 708 | |||
| 480 | void ssl_clear_cipher_ctx(SSL *s); | 709 | void ssl_clear_cipher_ctx(SSL *s); |
| 481 | int ssl_clear_bad_session(SSL *s); | 710 | int ssl_clear_bad_session(SSL *s); |
| 482 | CERT *ssl_cert_new(void); | 711 | CERT *ssl_cert_new(void); |
| @@ -487,7 +716,7 @@ SESS_CERT *ssl_sess_cert_new(void); | |||
| 487 | void ssl_sess_cert_free(SESS_CERT *sc); | 716 | void ssl_sess_cert_free(SESS_CERT *sc); |
| 488 | int ssl_set_peer_cert_type(SESS_CERT *c, int type); | 717 | int ssl_set_peer_cert_type(SESS_CERT *c, int type); |
| 489 | int ssl_get_new_session(SSL *s, int session); | 718 | int ssl_get_new_session(SSL *s, int session); |
| 490 | int ssl_get_prev_session(SSL *s, unsigned char *session,int len); | 719 | int ssl_get_prev_session(SSL *s, unsigned char *session,int len, const unsigned char *limit); |
| 491 | int ssl_cipher_id_cmp(const SSL_CIPHER *a,const SSL_CIPHER *b); | 720 | int ssl_cipher_id_cmp(const SSL_CIPHER *a,const SSL_CIPHER *b); |
| 492 | int ssl_cipher_ptr_id_cmp(const SSL_CIPHER * const *ap, | 721 | int ssl_cipher_ptr_id_cmp(const SSL_CIPHER * const *ap, |
| 493 | const SSL_CIPHER * const *bp); | 722 | const SSL_CIPHER * const *bp); |
| @@ -504,6 +733,7 @@ int ssl_cipher_get_evp(const SSL_SESSION *s,const EVP_CIPHER **enc, | |||
| 504 | const EVP_MD **md,SSL_COMP **comp); | 733 | const EVP_MD **md,SSL_COMP **comp); |
| 505 | int ssl_verify_cert_chain(SSL *s,STACK_OF(X509) *sk); | 734 | int ssl_verify_cert_chain(SSL *s,STACK_OF(X509) *sk); |
| 506 | int ssl_undefined_function(SSL *s); | 735 | int ssl_undefined_function(SSL *s); |
| 736 | int ssl_undefined_void_function(void); | ||
| 507 | int ssl_undefined_const_function(const SSL *s); | 737 | int ssl_undefined_const_function(const SSL *s); |
| 508 | X509 *ssl_get_server_send_cert(SSL *); | 738 | X509 *ssl_get_server_send_cert(SSL *); |
| 509 | EVP_PKEY *ssl_get_sign_pkey(SSL *,SSL_CIPHER *); | 739 | EVP_PKEY *ssl_get_sign_pkey(SSL *,SSL_CIPHER *); |
| @@ -511,6 +741,7 @@ int ssl_cert_type(X509 *x,EVP_PKEY *pkey); | |||
| 511 | void ssl_set_cert_masks(CERT *c, SSL_CIPHER *cipher); | 741 | void ssl_set_cert_masks(CERT *c, SSL_CIPHER *cipher); |
| 512 | STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s); | 742 | STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s); |
| 513 | int ssl_verify_alarm_type(long type); | 743 | int ssl_verify_alarm_type(long type); |
| 744 | void ssl_load_ciphers(void); | ||
| 514 | 745 | ||
| 515 | int ssl2_enc_init(SSL *s, int client); | 746 | int ssl2_enc_init(SSL *s, int client); |
| 516 | int ssl2_generate_key_material(SSL *s); | 747 | int ssl2_generate_key_material(SSL *s); |
| @@ -520,7 +751,7 @@ SSL_CIPHER *ssl2_get_cipher_by_char(const unsigned char *p); | |||
| 520 | int ssl2_put_cipher_by_char(const SSL_CIPHER *c,unsigned char *p); | 751 | int ssl2_put_cipher_by_char(const SSL_CIPHER *c,unsigned char *p); |
| 521 | int ssl2_part_read(SSL *s, unsigned long f, int i); | 752 | int ssl2_part_read(SSL *s, unsigned long f, int i); |
| 522 | int ssl2_do_write(SSL *s); | 753 | int ssl2_do_write(SSL *s); |
| 523 | int ssl2_set_certificate(SSL *s, int type, int len, unsigned char *data); | 754 | int ssl2_set_certificate(SSL *s, int type, int len, const unsigned char *data); |
| 524 | void ssl2_return_error(SSL *s,int reason); | 755 | void ssl2_return_error(SSL *s,int reason); |
| 525 | void ssl2_write_error(SSL *s); | 756 | void ssl2_write_error(SSL *s); |
| 526 | int ssl2_num_ciphers(void); | 757 | int ssl2_num_ciphers(void); |
| @@ -536,14 +767,17 @@ int ssl2_shutdown(SSL *s); | |||
| 536 | void ssl2_clear(SSL *s); | 767 | void ssl2_clear(SSL *s); |
| 537 | long ssl2_ctrl(SSL *s,int cmd, long larg, void *parg); | 768 | long ssl2_ctrl(SSL *s,int cmd, long larg, void *parg); |
| 538 | long ssl2_ctx_ctrl(SSL_CTX *s,int cmd, long larg, void *parg); | 769 | long ssl2_ctx_ctrl(SSL_CTX *s,int cmd, long larg, void *parg); |
| 539 | long ssl2_callback_ctrl(SSL *s,int cmd, void (*fp)()); | 770 | long ssl2_callback_ctrl(SSL *s,int cmd, void (*fp)(void)); |
| 540 | long ssl2_ctx_callback_ctrl(SSL_CTX *s,int cmd, void (*fp)()); | 771 | long ssl2_ctx_callback_ctrl(SSL_CTX *s,int cmd, void (*fp)(void)); |
| 541 | int ssl2_pending(const SSL *s); | 772 | int ssl2_pending(const SSL *s); |
| 773 | long ssl2_default_timeout(void ); | ||
| 542 | 774 | ||
| 543 | SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p); | 775 | SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p); |
| 544 | int ssl3_put_cipher_by_char(const SSL_CIPHER *c,unsigned char *p); | 776 | int ssl3_put_cipher_by_char(const SSL_CIPHER *c,unsigned char *p); |
| 545 | void ssl3_init_finished_mac(SSL *s); | 777 | void ssl3_init_finished_mac(SSL *s); |
| 546 | int ssl3_send_server_certificate(SSL *s); | 778 | int ssl3_send_server_certificate(SSL *s); |
| 779 | int ssl3_send_newsession_ticket(SSL *s); | ||
| 780 | int ssl3_send_cert_status(SSL *s); | ||
| 547 | int ssl3_get_finished(SSL *s,int state_a,int state_b); | 781 | int ssl3_get_finished(SSL *s,int state_a,int state_b); |
| 548 | int ssl3_setup_key_block(SSL *s); | 782 | int ssl3_setup_key_block(SSL *s); |
| 549 | int ssl3_send_change_cipher_spec(SSL *s,int state_a,int state_b); | 783 | int ssl3_send_change_cipher_spec(SSL *s,int state_a,int state_b); |
| @@ -584,10 +818,94 @@ int ssl3_shutdown(SSL *s); | |||
| 584 | void ssl3_clear(SSL *s); | 818 | void ssl3_clear(SSL *s); |
| 585 | long ssl3_ctrl(SSL *s,int cmd, long larg, void *parg); | 819 | long ssl3_ctrl(SSL *s,int cmd, long larg, void *parg); |
| 586 | long ssl3_ctx_ctrl(SSL_CTX *s,int cmd, long larg, void *parg); | 820 | long ssl3_ctx_ctrl(SSL_CTX *s,int cmd, long larg, void *parg); |
| 587 | long ssl3_callback_ctrl(SSL *s,int cmd, void (*fp)()); | 821 | long ssl3_callback_ctrl(SSL *s,int cmd, void (*fp)(void)); |
| 588 | long ssl3_ctx_callback_ctrl(SSL_CTX *s,int cmd, void (*fp)()); | 822 | long ssl3_ctx_callback_ctrl(SSL_CTX *s,int cmd, void (*fp)(void)); |
| 589 | int ssl3_pending(const SSL *s); | 823 | int ssl3_pending(const SSL *s); |
| 590 | 824 | ||
| 825 | void ssl3_record_sequence_update(unsigned char *seq); | ||
| 826 | int ssl3_do_change_cipher_spec(SSL *ssl); | ||
| 827 | long ssl3_default_timeout(void ); | ||
| 828 | |||
| 829 | int ssl23_num_ciphers(void ); | ||
| 830 | SSL_CIPHER *ssl23_get_cipher(unsigned int u); | ||
| 831 | int ssl23_read(SSL *s, void *buf, int len); | ||
| 832 | int ssl23_peek(SSL *s, void *buf, int len); | ||
| 833 | int ssl23_write(SSL *s, const void *buf, int len); | ||
| 834 | int ssl23_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p); | ||
| 835 | SSL_CIPHER *ssl23_get_cipher_by_char(const unsigned char *p); | ||
| 836 | long ssl23_default_timeout(void ); | ||
| 837 | |||
| 838 | long tls1_default_timeout(void); | ||
| 839 | int dtls1_do_write(SSL *s,int type); | ||
| 840 | int ssl3_read_n(SSL *s, int n, int max, int extend); | ||
| 841 | int dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek); | ||
| 842 | int ssl3_do_compress(SSL *ssl); | ||
| 843 | int ssl3_do_uncompress(SSL *ssl); | ||
| 844 | int ssl3_write_pending(SSL *s, int type, const unsigned char *buf, | ||
| 845 | unsigned int len); | ||
| 846 | unsigned char *dtls1_set_message_header(SSL *s, | ||
| 847 | unsigned char *p, unsigned char mt, unsigned long len, | ||
| 848 | unsigned long frag_off, unsigned long frag_len); | ||
| 849 | |||
| 850 | int dtls1_write_app_data_bytes(SSL *s, int type, const void *buf, int len); | ||
| 851 | int dtls1_write_bytes(SSL *s, int type, const void *buf, int len); | ||
| 852 | |||
| 853 | int dtls1_send_change_cipher_spec(SSL *s, int a, int b); | ||
| 854 | int dtls1_send_finished(SSL *s, int a, int b, const char *sender, int slen); | ||
| 855 | unsigned long dtls1_output_cert_chain(SSL *s, X509 *x); | ||
| 856 | int dtls1_read_failed(SSL *s, int code); | ||
| 857 | int dtls1_buffer_message(SSL *s, int ccs); | ||
| 858 | int dtls1_retransmit_message(SSL *s, unsigned short seq, | ||
| 859 | unsigned long frag_off, int *found); | ||
| 860 | void dtls1_clear_record_buffer(SSL *s); | ||
| 861 | void dtls1_get_message_header(unsigned char *data, struct hm_header_st *msg_hdr); | ||
| 862 | void dtls1_get_ccs_header(unsigned char *data, struct ccs_header_st *ccs_hdr); | ||
| 863 | void dtls1_reset_seq_numbers(SSL *s, int rw); | ||
| 864 | long dtls1_default_timeout(void); | ||
| 865 | SSL_CIPHER *dtls1_get_cipher(unsigned int u); | ||
| 866 | |||
| 867 | |||
| 868 | |||
| 869 | /* some client-only functions */ | ||
| 870 | int ssl3_client_hello(SSL *s); | ||
| 871 | int ssl3_get_server_hello(SSL *s); | ||
| 872 | int ssl3_get_certificate_request(SSL *s); | ||
| 873 | int ssl3_get_new_session_ticket(SSL *s); | ||
| 874 | int ssl3_get_cert_status(SSL *s); | ||
| 875 | int ssl3_get_server_done(SSL *s); | ||
| 876 | int ssl3_send_client_verify(SSL *s); | ||
| 877 | int ssl3_send_client_certificate(SSL *s); | ||
| 878 | int ssl3_send_client_key_exchange(SSL *s); | ||
| 879 | int ssl3_get_key_exchange(SSL *s); | ||
| 880 | int ssl3_get_server_certificate(SSL *s); | ||
| 881 | int ssl3_check_cert_and_algorithm(SSL *s); | ||
| 882 | |||
| 883 | int dtls1_client_hello(SSL *s); | ||
| 884 | int dtls1_send_client_certificate(SSL *s); | ||
| 885 | int dtls1_send_client_key_exchange(SSL *s); | ||
| 886 | int dtls1_send_client_verify(SSL *s); | ||
| 887 | |||
| 888 | /* some server-only functions */ | ||
| 889 | int ssl3_get_client_hello(SSL *s); | ||
| 890 | int ssl3_send_server_hello(SSL *s); | ||
| 891 | int ssl3_send_hello_request(SSL *s); | ||
| 892 | int ssl3_send_server_key_exchange(SSL *s); | ||
| 893 | int ssl3_send_certificate_request(SSL *s); | ||
| 894 | int ssl3_send_server_done(SSL *s); | ||
| 895 | int ssl3_check_client_hello(SSL *s); | ||
| 896 | int ssl3_get_client_certificate(SSL *s); | ||
| 897 | int ssl3_get_client_key_exchange(SSL *s); | ||
| 898 | int ssl3_get_cert_verify(SSL *s); | ||
| 899 | |||
| 900 | int dtls1_send_hello_request(SSL *s); | ||
| 901 | int dtls1_send_server_hello(SSL *s); | ||
| 902 | int dtls1_send_server_certificate(SSL *s); | ||
| 903 | int dtls1_send_server_key_exchange(SSL *s); | ||
| 904 | int dtls1_send_certificate_request(SSL *s); | ||
| 905 | int dtls1_send_server_done(SSL *s); | ||
| 906 | |||
| 907 | |||
| 908 | |||
| 591 | int ssl23_accept(SSL *s); | 909 | int ssl23_accept(SSL *s); |
| 592 | int ssl23_connect(SSL *s); | 910 | int ssl23_connect(SSL *s); |
| 593 | int ssl23_read_bytes(SSL *s, int n); | 911 | int ssl23_read_bytes(SSL *s, int n); |
| @@ -597,9 +915,24 @@ int tls1_new(SSL *s); | |||
| 597 | void tls1_free(SSL *s); | 915 | void tls1_free(SSL *s); |
| 598 | void tls1_clear(SSL *s); | 916 | void tls1_clear(SSL *s); |
| 599 | long tls1_ctrl(SSL *s,int cmd, long larg, void *parg); | 917 | long tls1_ctrl(SSL *s,int cmd, long larg, void *parg); |
| 600 | long tls1_callback_ctrl(SSL *s,int cmd, void (*fp)()); | 918 | long tls1_callback_ctrl(SSL *s,int cmd, void (*fp)(void)); |
| 601 | SSL_METHOD *tlsv1_base_method(void ); | 919 | SSL_METHOD *tlsv1_base_method(void ); |
| 602 | 920 | ||
| 921 | int dtls1_new(SSL *s); | ||
| 922 | int dtls1_accept(SSL *s); | ||
| 923 | int dtls1_connect(SSL *s); | ||
| 924 | void dtls1_free(SSL *s); | ||
| 925 | void dtls1_clear(SSL *s); | ||
| 926 | long dtls1_ctrl(SSL *s,int cmd, long larg, void *parg); | ||
| 927 | SSL_METHOD *dtlsv1_base_method(void ); | ||
| 928 | |||
| 929 | long dtls1_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok); | ||
| 930 | int dtls1_get_record(SSL *s); | ||
| 931 | int do_dtls1_write(SSL *s, int type, const unsigned char *buf, | ||
| 932 | unsigned int len, int create_empty_fragement); | ||
| 933 | int dtls1_dispatch_alert(SSL *s); | ||
| 934 | int dtls1_enc(SSL *s, int snd); | ||
| 935 | |||
| 603 | int ssl_init_wbio_buffer(SSL *s, int push); | 936 | int ssl_init_wbio_buffer(SSL *s, int push); |
| 604 | void ssl_free_wbio_buffer(SSL *s); | 937 | void ssl_free_wbio_buffer(SSL *s); |
| 605 | 938 | ||
| @@ -616,8 +949,28 @@ int tls1_alert_code(int code); | |||
| 616 | int ssl3_alert_code(int code); | 949 | int ssl3_alert_code(int code); |
| 617 | int ssl_ok(SSL *s); | 950 | int ssl_ok(SSL *s); |
| 618 | 951 | ||
| 952 | int check_srvr_ecc_cert_and_alg(X509 *x, SSL_CIPHER *cs); | ||
| 953 | |||
| 619 | SSL_COMP *ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n); | 954 | SSL_COMP *ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n); |
| 620 | STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void); | ||
| 621 | 955 | ||
| 956 | #ifndef OPENSSL_NO_TLSEXT | ||
| 957 | unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned char *limit); | ||
| 958 | unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned char *limit); | ||
| 959 | int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **data, unsigned char *d, int n, int *al); | ||
| 960 | int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **data, unsigned char *d, int n, int *al); | ||
| 961 | int ssl_prepare_clienthello_tlsext(SSL *s); | ||
| 962 | int ssl_prepare_serverhello_tlsext(SSL *s); | ||
| 963 | int ssl_check_clienthello_tlsext(SSL *s); | ||
| 964 | int ssl_check_serverhello_tlsext(SSL *s); | ||
| 965 | #ifdef OPENSSL_NO_SHA256 | ||
| 966 | #define tlsext_tick_md EVP_sha1 | ||
| 967 | #else | ||
| 968 | #define tlsext_tick_md EVP_sha256 | ||
| 969 | #endif | ||
| 970 | int tls1_process_ticket(SSL *s, unsigned char *session_id, int len, | ||
| 971 | const unsigned char *limit, SSL_SESSION **ret); | ||
| 972 | EVP_MD_CTX* ssl_replace_hash(EVP_MD_CTX **hash,const EVP_MD *md) ; | ||
| 973 | void ssl_clear_hash_ctx(EVP_MD_CTX **hash); | ||
| 974 | #endif | ||
| 622 | 975 | ||
| 623 | #endif | 976 | #endif |
diff --git a/src/lib/libssl/ssl_rsa.c b/src/lib/libssl/ssl_rsa.c index fb0bd4d045..27113eba50 100644 --- a/src/lib/libssl/ssl_rsa.c +++ b/src/lib/libssl/ssl_rsa.c | |||
| @@ -131,7 +131,7 @@ end: | |||
| 131 | } | 131 | } |
| 132 | #endif | 132 | #endif |
| 133 | 133 | ||
| 134 | int SSL_use_certificate_ASN1(SSL *ssl, unsigned char *d, int len) | 134 | int SSL_use_certificate_ASN1(SSL *ssl, const unsigned char *d, int len) |
| 135 | { | 135 | { |
| 136 | X509 *x; | 136 | X509 *x; |
| 137 | int ret; | 137 | int ret; |
| @@ -181,7 +181,7 @@ int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa) | |||
| 181 | 181 | ||
| 182 | static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey) | 182 | static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey) |
| 183 | { | 183 | { |
| 184 | int i,ok=0,bad=0; | 184 | int i; |
| 185 | 185 | ||
| 186 | i=ssl_cert_type(NULL,pkey); | 186 | i=ssl_cert_type(NULL,pkey); |
| 187 | if (i < 0) | 187 | if (i < 0) |
| @@ -202,47 +202,18 @@ static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey) | |||
| 202 | /* Don't check the public/private key, this is mostly | 202 | /* Don't check the public/private key, this is mostly |
| 203 | * for smart cards. */ | 203 | * for smart cards. */ |
| 204 | if ((pkey->type == EVP_PKEY_RSA) && | 204 | if ((pkey->type == EVP_PKEY_RSA) && |
| 205 | (RSA_flags(pkey->pkey.rsa) & | 205 | (RSA_flags(pkey->pkey.rsa) & RSA_METHOD_FLAG_NO_CHECK)) |
| 206 | RSA_METHOD_FLAG_NO_CHECK)) | 206 | ; |
| 207 | ok=1; | ||
| 208 | else | 207 | else |
| 209 | #endif | 208 | #endif |
| 210 | if (!X509_check_private_key(c->pkeys[i].x509,pkey)) | 209 | if (!X509_check_private_key(c->pkeys[i].x509,pkey)) |
| 211 | { | 210 | { |
| 212 | if ((i == SSL_PKEY_DH_RSA) || (i == SSL_PKEY_DH_DSA)) | 211 | X509_free(c->pkeys[i].x509); |
| 213 | { | 212 | c->pkeys[i].x509 = NULL; |
| 214 | i=(i == SSL_PKEY_DH_RSA)? | 213 | return 0; |
| 215 | SSL_PKEY_DH_DSA:SSL_PKEY_DH_RSA; | ||
| 216 | |||
| 217 | if (c->pkeys[i].x509 == NULL) | ||
| 218 | ok=1; | ||
| 219 | else | ||
| 220 | { | ||
| 221 | if (!X509_check_private_key( | ||
| 222 | c->pkeys[i].x509,pkey)) | ||
| 223 | bad=1; | ||
| 224 | else | ||
| 225 | ok=1; | ||
| 226 | } | ||
| 227 | } | ||
| 228 | else | ||
| 229 | bad=1; | ||
| 230 | } | 214 | } |
| 231 | else | ||
| 232 | ok=1; | ||
| 233 | } | ||
| 234 | else | ||
| 235 | ok=1; | ||
| 236 | |||
| 237 | if (bad) | ||
| 238 | { | ||
| 239 | X509_free(c->pkeys[i].x509); | ||
| 240 | c->pkeys[i].x509=NULL; | ||
| 241 | return(0); | ||
| 242 | } | 215 | } |
| 243 | 216 | ||
| 244 | ERR_clear_error(); /* make sure no error from X509_check_private_key() | ||
| 245 | * is left if we have chosen to ignore it */ | ||
| 246 | if (c->pkeys[i].privatekey != NULL) | 217 | if (c->pkeys[i].privatekey != NULL) |
| 247 | EVP_PKEY_free(c->pkeys[i].privatekey); | 218 | EVP_PKEY_free(c->pkeys[i].privatekey); |
| 248 | CRYPTO_add(&pkey->references,1,CRYPTO_LOCK_EVP_PKEY); | 219 | CRYPTO_add(&pkey->references,1,CRYPTO_LOCK_EVP_PKEY); |
| @@ -364,6 +335,11 @@ int SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type) | |||
| 364 | pkey=PEM_read_bio_PrivateKey(in,NULL, | 335 | pkey=PEM_read_bio_PrivateKey(in,NULL, |
| 365 | ssl->ctx->default_passwd_callback,ssl->ctx->default_passwd_callback_userdata); | 336 | ssl->ctx->default_passwd_callback,ssl->ctx->default_passwd_callback_userdata); |
| 366 | } | 337 | } |
| 338 | else if (type == SSL_FILETYPE_ASN1) | ||
| 339 | { | ||
| 340 | j = ERR_R_ASN1_LIB; | ||
| 341 | pkey = d2i_PrivateKey_bio(in,NULL); | ||
| 342 | } | ||
| 367 | else | 343 | else |
| 368 | { | 344 | { |
| 369 | SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE,SSL_R_BAD_SSL_FILETYPE); | 345 | SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE,SSL_R_BAD_SSL_FILETYPE); |
| @@ -382,10 +358,10 @@ end: | |||
| 382 | } | 358 | } |
| 383 | #endif | 359 | #endif |
| 384 | 360 | ||
| 385 | int SSL_use_PrivateKey_ASN1(int type, SSL *ssl, unsigned char *d, long len) | 361 | int SSL_use_PrivateKey_ASN1(int type, SSL *ssl, const unsigned char *d, long len) |
| 386 | { | 362 | { |
| 387 | int ret; | 363 | int ret; |
| 388 | unsigned char *p; | 364 | const unsigned char *p; |
| 389 | EVP_PKEY *pkey; | 365 | EVP_PKEY *pkey; |
| 390 | 366 | ||
| 391 | p=d; | 367 | p=d; |
| @@ -418,7 +394,7 @@ int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x) | |||
| 418 | static int ssl_set_cert(CERT *c, X509 *x) | 394 | static int ssl_set_cert(CERT *c, X509 *x) |
| 419 | { | 395 | { |
| 420 | EVP_PKEY *pkey; | 396 | EVP_PKEY *pkey; |
| 421 | int i,ok=0,bad=0; | 397 | int i; |
| 422 | 398 | ||
| 423 | pkey=X509_get_pubkey(x); | 399 | pkey=X509_get_pubkey(x); |
| 424 | if (pkey == NULL) | 400 | if (pkey == NULL) |
| @@ -446,44 +422,23 @@ static int ssl_set_cert(CERT *c, X509 *x) | |||
| 446 | if ((c->pkeys[i].privatekey->type == EVP_PKEY_RSA) && | 422 | if ((c->pkeys[i].privatekey->type == EVP_PKEY_RSA) && |
| 447 | (RSA_flags(c->pkeys[i].privatekey->pkey.rsa) & | 423 | (RSA_flags(c->pkeys[i].privatekey->pkey.rsa) & |
| 448 | RSA_METHOD_FLAG_NO_CHECK)) | 424 | RSA_METHOD_FLAG_NO_CHECK)) |
| 449 | ok=1; | 425 | ; |
| 450 | else | 426 | else |
| 451 | #endif | 427 | #endif /* OPENSSL_NO_RSA */ |
| 452 | { | ||
| 453 | if (!X509_check_private_key(x,c->pkeys[i].privatekey)) | 428 | if (!X509_check_private_key(x,c->pkeys[i].privatekey)) |
| 454 | { | 429 | { |
| 455 | if ((i == SSL_PKEY_DH_RSA) || (i == SSL_PKEY_DH_DSA)) | 430 | /* don't fail for a cert/key mismatch, just free |
| 456 | { | 431 | * current private key (when switching to a different |
| 457 | i=(i == SSL_PKEY_DH_RSA)? | 432 | * cert & key, first this function should be used, |
| 458 | SSL_PKEY_DH_DSA:SSL_PKEY_DH_RSA; | 433 | * then ssl_set_pkey */ |
| 459 | 434 | EVP_PKEY_free(c->pkeys[i].privatekey); | |
| 460 | if (c->pkeys[i].privatekey == NULL) | 435 | c->pkeys[i].privatekey=NULL; |
| 461 | ok=1; | 436 | /* clear error queue */ |
| 462 | else | 437 | ERR_clear_error(); |
| 463 | { | ||
| 464 | if (!X509_check_private_key(x, | ||
| 465 | c->pkeys[i].privatekey)) | ||
| 466 | bad=1; | ||
| 467 | else | ||
| 468 | ok=1; | ||
| 469 | } | ||
| 470 | } | ||
| 471 | else | ||
| 472 | bad=1; | ||
| 473 | } | 438 | } |
| 474 | else | ||
| 475 | ok=1; | ||
| 476 | } /* OPENSSL_NO_RSA */ | ||
| 477 | } | 439 | } |
| 478 | else | ||
| 479 | ok=1; | ||
| 480 | 440 | ||
| 481 | EVP_PKEY_free(pkey); | 441 | EVP_PKEY_free(pkey); |
| 482 | if (bad) | ||
| 483 | { | ||
| 484 | EVP_PKEY_free(c->pkeys[i].privatekey); | ||
| 485 | c->pkeys[i].privatekey=NULL; | ||
| 486 | } | ||
| 487 | 442 | ||
| 488 | if (c->pkeys[i].x509 != NULL) | 443 | if (c->pkeys[i].x509 != NULL) |
| 489 | X509_free(c->pkeys[i].x509); | 444 | X509_free(c->pkeys[i].x509); |
| @@ -545,7 +500,7 @@ end: | |||
| 545 | } | 500 | } |
| 546 | #endif | 501 | #endif |
| 547 | 502 | ||
| 548 | int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, unsigned char *d) | 503 | int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, const unsigned char *d) |
| 549 | { | 504 | { |
| 550 | X509 *x; | 505 | X509 *x; |
| 551 | int ret; | 506 | int ret; |
| @@ -640,7 +595,7 @@ end: | |||
| 640 | } | 595 | } |
| 641 | #endif | 596 | #endif |
| 642 | 597 | ||
| 643 | int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, unsigned char *d, long len) | 598 | int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, const unsigned char *d, long len) |
| 644 | { | 599 | { |
| 645 | int ret; | 600 | int ret; |
| 646 | const unsigned char *p; | 601 | const unsigned char *p; |
| @@ -699,6 +654,11 @@ int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type) | |||
| 699 | pkey=PEM_read_bio_PrivateKey(in,NULL, | 654 | pkey=PEM_read_bio_PrivateKey(in,NULL, |
| 700 | ctx->default_passwd_callback,ctx->default_passwd_callback_userdata); | 655 | ctx->default_passwd_callback,ctx->default_passwd_callback_userdata); |
| 701 | } | 656 | } |
| 657 | else if (type == SSL_FILETYPE_ASN1) | ||
| 658 | { | ||
| 659 | j = ERR_R_ASN1_LIB; | ||
| 660 | pkey = d2i_PrivateKey_bio(in,NULL); | ||
| 661 | } | ||
| 702 | else | 662 | else |
| 703 | { | 663 | { |
| 704 | SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE,SSL_R_BAD_SSL_FILETYPE); | 664 | SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE,SSL_R_BAD_SSL_FILETYPE); |
| @@ -717,11 +677,11 @@ end: | |||
| 717 | } | 677 | } |
| 718 | #endif | 678 | #endif |
| 719 | 679 | ||
| 720 | int SSL_CTX_use_PrivateKey_ASN1(int type, SSL_CTX *ctx, unsigned char *d, | 680 | int SSL_CTX_use_PrivateKey_ASN1(int type, SSL_CTX *ctx, const unsigned char *d, |
| 721 | long len) | 681 | long len) |
| 722 | { | 682 | { |
| 723 | int ret; | 683 | int ret; |
| 724 | unsigned char *p; | 684 | const unsigned char *p; |
| 725 | EVP_PKEY *pkey; | 685 | EVP_PKEY *pkey; |
| 726 | 686 | ||
| 727 | p=d; | 687 | p=d; |
| @@ -748,6 +708,8 @@ int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file) | |||
| 748 | int ret=0; | 708 | int ret=0; |
| 749 | X509 *x=NULL; | 709 | X509 *x=NULL; |
| 750 | 710 | ||
| 711 | ERR_clear_error(); /* clear error stack for SSL_CTX_use_certificate() */ | ||
| 712 | |||
| 751 | in=BIO_new(BIO_s_file_internal()); | 713 | in=BIO_new(BIO_s_file_internal()); |
| 752 | if (in == NULL) | 714 | if (in == NULL) |
| 753 | { | 715 | { |
diff --git a/src/lib/libssl/ssl_sess.c b/src/lib/libssl/ssl_sess.c index 2ba8b9612e..ee88be2b88 100644 --- a/src/lib/libssl/ssl_sess.c +++ b/src/lib/libssl/ssl_sess.c | |||
| @@ -122,10 +122,20 @@ SSL_SESSION *SSL_SESSION_new(void) | |||
| 122 | ss->prev=NULL; | 122 | ss->prev=NULL; |
| 123 | ss->next=NULL; | 123 | ss->next=NULL; |
| 124 | ss->compress_meth=0; | 124 | ss->compress_meth=0; |
| 125 | #ifndef OPENSSL_NO_TLSEXT | ||
| 126 | ss->tlsext_hostname = NULL; | ||
| 127 | #endif | ||
| 125 | CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->ex_data); | 128 | CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->ex_data); |
| 126 | return(ss); | 129 | return(ss); |
| 127 | } | 130 | } |
| 128 | 131 | ||
| 132 | const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s, unsigned int *len) | ||
| 133 | { | ||
| 134 | if(len) | ||
| 135 | *len = s->session_id_length; | ||
| 136 | return s->session_id; | ||
| 137 | } | ||
| 138 | |||
| 129 | /* Even with SSLv2, we have 16 bytes (128 bits) of session ID space. SSLv3/TLSv1 | 139 | /* Even with SSLv2, we have 16 bytes (128 bits) of session ID space. SSLv3/TLSv1 |
| 130 | * has 32 bytes (256 bits). As such, filling the ID with random gunk repeatedly | 140 | * has 32 bytes (256 bits). As such, filling the ID with random gunk repeatedly |
| 131 | * until we have no conflict is going to complete in one iteration pretty much | 141 | * until we have no conflict is going to complete in one iteration pretty much |
| @@ -141,7 +151,7 @@ static int def_generate_session_id(const SSL *ssl, unsigned char *id, | |||
| 141 | { | 151 | { |
| 142 | unsigned int retry = 0; | 152 | unsigned int retry = 0; |
| 143 | do | 153 | do |
| 144 | if(RAND_pseudo_bytes(id, *id_len) <= 0) | 154 | if (RAND_pseudo_bytes(id, *id_len) <= 0) |
| 145 | return 0; | 155 | return 0; |
| 146 | while(SSL_has_matching_session_id(ssl, id, *id_len) && | 156 | while(SSL_has_matching_session_id(ssl, id, *id_len) && |
| 147 | (++retry < MAX_SESS_ID_ATTEMPTS)); | 157 | (++retry < MAX_SESS_ID_ATTEMPTS)); |
| @@ -198,12 +208,25 @@ int ssl_get_new_session(SSL *s, int session) | |||
| 198 | ss->ssl_version=TLS1_VERSION; | 208 | ss->ssl_version=TLS1_VERSION; |
| 199 | ss->session_id_length=SSL3_SSL_SESSION_ID_LENGTH; | 209 | ss->session_id_length=SSL3_SSL_SESSION_ID_LENGTH; |
| 200 | } | 210 | } |
| 211 | else if (s->version == DTLS1_VERSION) | ||
| 212 | { | ||
| 213 | ss->ssl_version=DTLS1_VERSION; | ||
| 214 | ss->session_id_length=SSL3_SSL_SESSION_ID_LENGTH; | ||
| 215 | } | ||
| 201 | else | 216 | else |
| 202 | { | 217 | { |
| 203 | SSLerr(SSL_F_SSL_GET_NEW_SESSION,SSL_R_UNSUPPORTED_SSL_VERSION); | 218 | SSLerr(SSL_F_SSL_GET_NEW_SESSION,SSL_R_UNSUPPORTED_SSL_VERSION); |
| 204 | SSL_SESSION_free(ss); | 219 | SSL_SESSION_free(ss); |
| 205 | return(0); | 220 | return(0); |
| 206 | } | 221 | } |
| 222 | #ifndef OPENSSL_NO_TLSEXT | ||
| 223 | /* If RFC4507 ticket use empty session ID */ | ||
| 224 | if (s->tlsext_ticket_expected) | ||
| 225 | { | ||
| 226 | ss->session_id_length = 0; | ||
| 227 | goto sess_id_done; | ||
| 228 | } | ||
| 229 | #endif | ||
| 207 | /* Choose which callback will set the session ID */ | 230 | /* Choose which callback will set the session ID */ |
| 208 | CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX); | 231 | CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX); |
| 209 | if(s->generate_session_id) | 232 | if(s->generate_session_id) |
| @@ -245,6 +268,17 @@ int ssl_get_new_session(SSL *s, int session) | |||
| 245 | SSL_SESSION_free(ss); | 268 | SSL_SESSION_free(ss); |
| 246 | return(0); | 269 | return(0); |
| 247 | } | 270 | } |
| 271 | #ifndef OPENSSL_NO_TLSEXT | ||
| 272 | sess_id_done: | ||
| 273 | if (s->tlsext_hostname) { | ||
| 274 | ss->tlsext_hostname = BUF_strdup(s->tlsext_hostname); | ||
| 275 | if (ss->tlsext_hostname == NULL) { | ||
| 276 | SSLerr(SSL_F_SSL_GET_NEW_SESSION, ERR_R_INTERNAL_ERROR); | ||
| 277 | SSL_SESSION_free(ss); | ||
| 278 | return 0; | ||
| 279 | } | ||
| 280 | } | ||
| 281 | #endif | ||
| 248 | } | 282 | } |
| 249 | else | 283 | else |
| 250 | { | 284 | { |
| @@ -266,21 +300,41 @@ int ssl_get_new_session(SSL *s, int session) | |||
| 266 | return(1); | 300 | return(1); |
| 267 | } | 301 | } |
| 268 | 302 | ||
| 269 | int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len) | 303 | int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len, |
| 304 | const unsigned char *limit) | ||
| 270 | { | 305 | { |
| 271 | /* This is used only by servers. */ | 306 | /* This is used only by servers. */ |
| 272 | 307 | ||
| 273 | SSL_SESSION *ret=NULL,data; | 308 | SSL_SESSION *ret=NULL; |
| 274 | int fatal = 0; | 309 | int fatal = 0; |
| 275 | 310 | #ifndef OPENSSL_NO_TLSEXT | |
| 276 | data.ssl_version=s->version; | 311 | int r; |
| 277 | data.session_id_length=len; | 312 | #endif |
| 313 | |||
| 278 | if (len > SSL_MAX_SSL_SESSION_ID_LENGTH) | 314 | if (len > SSL_MAX_SSL_SESSION_ID_LENGTH) |
| 279 | goto err; | 315 | goto err; |
| 280 | memcpy(data.session_id,session_id,len); | 316 | #ifndef OPENSSL_NO_TLSEXT |
| 281 | 317 | r = tls1_process_ticket(s, session_id, len, limit, &ret); | |
| 318 | if (r == -1) | ||
| 319 | { | ||
| 320 | fatal = 1; | ||
| 321 | goto err; | ||
| 322 | } | ||
| 323 | else if (r == 0 || (!ret && !len)) | ||
| 324 | goto err; | ||
| 325 | else if (!ret && !(s->session_ctx->session_cache_mode & SSL_SESS_CACHE_NO_INTERNAL_LOOKUP)) | ||
| 326 | #else | ||
| 327 | if (len == 0) | ||
| 328 | goto err; | ||
| 282 | if (!(s->ctx->session_cache_mode & SSL_SESS_CACHE_NO_INTERNAL_LOOKUP)) | 329 | if (!(s->ctx->session_cache_mode & SSL_SESS_CACHE_NO_INTERNAL_LOOKUP)) |
| 330 | #endif | ||
| 283 | { | 331 | { |
| 332 | SSL_SESSION data; | ||
| 333 | data.ssl_version=s->version; | ||
| 334 | data.session_id_length=len; | ||
| 335 | if (len == 0) | ||
| 336 | return 0; | ||
| 337 | memcpy(data.session_id,session_id,len); | ||
| 284 | CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX); | 338 | CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX); |
| 285 | ret=(SSL_SESSION *)lh_retrieve(s->ctx->sessions,&data); | 339 | ret=(SSL_SESSION *)lh_retrieve(s->ctx->sessions,&data); |
| 286 | if (ret != NULL) | 340 | if (ret != NULL) |
| @@ -322,33 +376,35 @@ int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len) | |||
| 322 | 376 | ||
| 323 | /* Now ret is non-NULL, and we own one of its reference counts. */ | 377 | /* Now ret is non-NULL, and we own one of its reference counts. */ |
| 324 | 378 | ||
| 325 | if((s->verify_mode&SSL_VERIFY_PEER) | 379 | if (ret->sid_ctx_length != s->sid_ctx_length |
| 326 | && (!s->sid_ctx_length || ret->sid_ctx_length != s->sid_ctx_length | 380 | || memcmp(ret->sid_ctx,s->sid_ctx,ret->sid_ctx_length)) |
| 327 | || memcmp(ret->sid_ctx,s->sid_ctx,ret->sid_ctx_length))) | 381 | { |
| 328 | { | ||
| 329 | /* We've found the session named by the client, but we don't | 382 | /* We've found the session named by the client, but we don't |
| 330 | * want to use it in this context. */ | 383 | * want to use it in this context. */ |
| 331 | |||
| 332 | if (s->sid_ctx_length == 0) | ||
| 333 | { | ||
| 334 | /* application should have used SSL[_CTX]_set_session_id_context | ||
| 335 | * -- we could tolerate this and just pretend we never heard | ||
| 336 | * of this session, but then applications could effectively | ||
| 337 | * disable the session cache by accident without anyone noticing */ | ||
| 338 | 384 | ||
| 339 | SSLerr(SSL_F_SSL_GET_PREV_SESSION,SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED); | ||
| 340 | fatal = 1; | ||
| 341 | goto err; | ||
| 342 | } | ||
| 343 | else | ||
| 344 | { | ||
| 345 | #if 0 /* The client cannot always know when a session is not appropriate, | 385 | #if 0 /* The client cannot always know when a session is not appropriate, |
| 346 | * so we shouldn't generate an error message. */ | 386 | * so we shouldn't generate an error message. */ |
| 347 | 387 | ||
| 348 | SSLerr(SSL_F_SSL_GET_PREV_SESSION,SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT); | 388 | SSLerr(SSL_F_SSL_GET_PREV_SESSION,SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT); |
| 349 | #endif | 389 | #endif |
| 350 | goto err; /* treat like cache miss */ | 390 | goto err; /* treat like cache miss */ |
| 351 | } | 391 | } |
| 392 | |||
| 393 | if((s->verify_mode & SSL_VERIFY_PEER) && s->sid_ctx_length == 0) | ||
| 394 | { | ||
| 395 | /* We can't be sure if this session is being used out of | ||
| 396 | * context, which is especially important for SSL_VERIFY_PEER. | ||
| 397 | * The application should have used SSL[_CTX]_set_session_id_context. | ||
| 398 | * | ||
| 399 | * For this error case, we generate an error instead of treating | ||
| 400 | * the event like a cache miss (otherwise it would be easy for | ||
| 401 | * applications to effectively disable the session cache by | ||
| 402 | * accident without anyone noticing). | ||
| 403 | */ | ||
| 404 | |||
| 405 | SSLerr(SSL_F_SSL_GET_PREV_SESSION,SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED); | ||
| 406 | fatal = 1; | ||
| 407 | goto err; | ||
| 352 | } | 408 | } |
| 353 | 409 | ||
| 354 | if (ret->cipher == NULL) | 410 | if (ret->cipher == NULL) |
| @@ -534,6 +590,10 @@ void SSL_SESSION_free(SSL_SESSION *ss) | |||
| 534 | if (ss->sess_cert != NULL) ssl_sess_cert_free(ss->sess_cert); | 590 | if (ss->sess_cert != NULL) ssl_sess_cert_free(ss->sess_cert); |
| 535 | if (ss->peer != NULL) X509_free(ss->peer); | 591 | if (ss->peer != NULL) X509_free(ss->peer); |
| 536 | if (ss->ciphers != NULL) sk_SSL_CIPHER_free(ss->ciphers); | 592 | if (ss->ciphers != NULL) sk_SSL_CIPHER_free(ss->ciphers); |
| 593 | #ifndef OPENSSL_NO_TLSEXT | ||
| 594 | if (ss->tlsext_hostname != NULL) OPENSSL_free(ss->tlsext_hostname); | ||
| 595 | if (ss->tlsext_tick != NULL) OPENSSL_free(ss->tlsext_tick); | ||
| 596 | #endif | ||
| 537 | OPENSSL_cleanse(ss,sizeof(*ss)); | 597 | OPENSSL_cleanse(ss,sizeof(*ss)); |
| 538 | OPENSSL_free(ss); | 598 | OPENSSL_free(ss); |
| 539 | } | 599 | } |
| @@ -568,7 +628,7 @@ int SSL_set_session(SSL *s, SSL_SESSION *session) | |||
| 568 | if (s->kssl_ctx && !s->kssl_ctx->client_princ && | 628 | if (s->kssl_ctx && !s->kssl_ctx->client_princ && |
| 569 | session->krb5_client_princ_len > 0) | 629 | session->krb5_client_princ_len > 0) |
| 570 | { | 630 | { |
| 571 | s->kssl_ctx->client_princ = (char *)malloc(session->krb5_client_princ_len + 1); | 631 | s->kssl_ctx->client_princ = (char *)OPENSSL_malloc(session->krb5_client_princ_len + 1); |
| 572 | memcpy(s->kssl_ctx->client_princ,session->krb5_client_princ, | 632 | memcpy(s->kssl_ctx->client_princ,session->krb5_client_princ, |
| 573 | session->krb5_client_princ_len); | 633 | session->krb5_client_princ_len); |
| 574 | s->kssl_ctx->client_princ[session->krb5_client_princ_len] = '\0'; | 634 | s->kssl_ctx->client_princ[session->krb5_client_princ_len] = '\0'; |
| @@ -753,3 +813,72 @@ static void SSL_SESSION_list_add(SSL_CTX *ctx, SSL_SESSION *s) | |||
| 753 | } | 813 | } |
| 754 | } | 814 | } |
| 755 | 815 | ||
| 816 | void SSL_CTX_sess_set_new_cb(SSL_CTX *ctx, | ||
| 817 | int (*cb)(struct ssl_st *ssl,SSL_SESSION *sess)) | ||
| 818 | { | ||
| 819 | ctx->new_session_cb=cb; | ||
| 820 | } | ||
| 821 | |||
| 822 | int (*SSL_CTX_sess_get_new_cb(SSL_CTX *ctx))(SSL *ssl, SSL_SESSION *sess) | ||
| 823 | { | ||
| 824 | return ctx->new_session_cb; | ||
| 825 | } | ||
| 826 | |||
| 827 | void SSL_CTX_sess_set_remove_cb(SSL_CTX *ctx, | ||
| 828 | void (*cb)(SSL_CTX *ctx,SSL_SESSION *sess)) | ||
| 829 | { | ||
| 830 | ctx->remove_session_cb=cb; | ||
| 831 | } | ||
| 832 | |||
| 833 | void (*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx))(SSL_CTX * ctx,SSL_SESSION *sess) | ||
| 834 | { | ||
| 835 | return ctx->remove_session_cb; | ||
| 836 | } | ||
| 837 | |||
| 838 | void SSL_CTX_sess_set_get_cb(SSL_CTX *ctx, | ||
| 839 | SSL_SESSION *(*cb)(struct ssl_st *ssl, | ||
| 840 | unsigned char *data,int len,int *copy)) | ||
| 841 | { | ||
| 842 | ctx->get_session_cb=cb; | ||
| 843 | } | ||
| 844 | |||
| 845 | SSL_SESSION * (*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx))(SSL *ssl, | ||
| 846 | unsigned char *data,int len,int *copy) | ||
| 847 | { | ||
| 848 | return ctx->get_session_cb; | ||
| 849 | } | ||
| 850 | |||
| 851 | void SSL_CTX_set_info_callback(SSL_CTX *ctx, | ||
| 852 | void (*cb)(const SSL *ssl,int type,int val)) | ||
| 853 | { | ||
| 854 | ctx->info_callback=cb; | ||
| 855 | } | ||
| 856 | |||
| 857 | void (*SSL_CTX_get_info_callback(SSL_CTX *ctx))(const SSL *ssl,int type,int val) | ||
| 858 | { | ||
| 859 | return ctx->info_callback; | ||
| 860 | } | ||
| 861 | |||
| 862 | void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx, | ||
| 863 | int (*cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey)) | ||
| 864 | { | ||
| 865 | ctx->client_cert_cb=cb; | ||
| 866 | } | ||
| 867 | |||
| 868 | int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx))(SSL * ssl, X509 ** x509 , EVP_PKEY **pkey) | ||
| 869 | { | ||
| 870 | return ctx->client_cert_cb; | ||
| 871 | } | ||
| 872 | |||
| 873 | void SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx, | ||
| 874 | int (*cb)(SSL *ssl, unsigned char *cookie, unsigned int *cookie_len)) | ||
| 875 | { | ||
| 876 | ctx->app_gen_cookie_cb=cb; | ||
| 877 | } | ||
| 878 | |||
| 879 | void SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx, | ||
| 880 | int (*cb)(SSL *ssl, unsigned char *cookie, unsigned int cookie_len)) | ||
| 881 | { | ||
| 882 | ctx->app_verify_cookie_cb=cb; | ||
| 883 | } | ||
| 884 | |||
diff --git a/src/lib/libssl/ssl_stat.c b/src/lib/libssl/ssl_stat.c index b16d253081..73b02509d4 100644 --- a/src/lib/libssl/ssl_stat.c +++ b/src/lib/libssl/ssl_stat.c | |||
| @@ -127,6 +127,8 @@ case SSL3_ST_CR_KEY_EXCH_A: str="SSLv3 read server key exchange A"; break; | |||
| 127 | case SSL3_ST_CR_KEY_EXCH_B: str="SSLv3 read server key exchange B"; break; | 127 | case SSL3_ST_CR_KEY_EXCH_B: str="SSLv3 read server key exchange B"; break; |
| 128 | case SSL3_ST_CR_CERT_REQ_A: str="SSLv3 read server certificate request A"; break; | 128 | case SSL3_ST_CR_CERT_REQ_A: str="SSLv3 read server certificate request A"; break; |
| 129 | case SSL3_ST_CR_CERT_REQ_B: str="SSLv3 read server certificate request B"; break; | 129 | case SSL3_ST_CR_CERT_REQ_B: str="SSLv3 read server certificate request B"; break; |
| 130 | case SSL3_ST_CR_SESSION_TICKET_A: str="SSLv3 read server session ticket A";break; | ||
| 131 | case SSL3_ST_CR_SESSION_TICKET_B: str="SSLv3 read server session ticket B";break; | ||
| 130 | case SSL3_ST_CR_SRVR_DONE_A: str="SSLv3 read server done A"; break; | 132 | case SSL3_ST_CR_SRVR_DONE_A: str="SSLv3 read server done A"; break; |
| 131 | case SSL3_ST_CR_SRVR_DONE_B: str="SSLv3 read server done B"; break; | 133 | case SSL3_ST_CR_SRVR_DONE_B: str="SSLv3 read server done B"; break; |
| 132 | case SSL3_ST_CW_CERT_A: str="SSLv3 write client certificate A"; break; | 134 | case SSL3_ST_CW_CERT_A: str="SSLv3 write client certificate A"; break; |
| @@ -172,6 +174,8 @@ case SSL3_ST_SW_KEY_EXCH_A: str="SSLv3 write key exchange A"; break; | |||
| 172 | case SSL3_ST_SW_KEY_EXCH_B: str="SSLv3 write key exchange B"; break; | 174 | case SSL3_ST_SW_KEY_EXCH_B: str="SSLv3 write key exchange B"; break; |
| 173 | case SSL3_ST_SW_CERT_REQ_A: str="SSLv3 write certificate request A"; break; | 175 | case SSL3_ST_SW_CERT_REQ_A: str="SSLv3 write certificate request A"; break; |
| 174 | case SSL3_ST_SW_CERT_REQ_B: str="SSLv3 write certificate request B"; break; | 176 | case SSL3_ST_SW_CERT_REQ_B: str="SSLv3 write certificate request B"; break; |
| 177 | case SSL3_ST_SW_SESSION_TICKET_A: str="SSLv3 write session ticket A"; break; | ||
| 178 | case SSL3_ST_SW_SESSION_TICKET_B: str="SSLv3 write session ticket B"; break; | ||
| 175 | case SSL3_ST_SW_SRVR_DONE_A: str="SSLv3 write server done A"; break; | 179 | case SSL3_ST_SW_SRVR_DONE_A: str="SSLv3 write server done A"; break; |
| 176 | case SSL3_ST_SW_SRVR_DONE_B: str="SSLv3 write server done B"; break; | 180 | case SSL3_ST_SW_SRVR_DONE_B: str="SSLv3 write server done B"; break; |
| 177 | case SSL3_ST_SR_CERT_A: str="SSLv3 read client certificate A"; break; | 181 | case SSL3_ST_SR_CERT_A: str="SSLv3 read client certificate A"; break; |
diff --git a/src/lib/libssl/ssl_txt.c b/src/lib/libssl/ssl_txt.c index 8655a31333..06b86750fd 100644 --- a/src/lib/libssl/ssl_txt.c +++ b/src/lib/libssl/ssl_txt.c | |||
| @@ -81,7 +81,7 @@ int SSL_SESSION_print_fp(FILE *fp, const SSL_SESSION *x) | |||
| 81 | int SSL_SESSION_print(BIO *bp, const SSL_SESSION *x) | 81 | int SSL_SESSION_print(BIO *bp, const SSL_SESSION *x) |
| 82 | { | 82 | { |
| 83 | unsigned int i; | 83 | unsigned int i; |
| 84 | char *s; | 84 | const char *s; |
| 85 | 85 | ||
| 86 | if (x == NULL) goto err; | 86 | if (x == NULL) goto err; |
| 87 | if (BIO_puts(bp,"SSL-Session:\n") <= 0) goto err; | 87 | if (BIO_puts(bp,"SSL-Session:\n") <= 0) goto err; |
| @@ -151,9 +151,25 @@ int SSL_SESSION_print(BIO *bp, const SSL_SESSION *x) | |||
| 151 | if (BIO_printf(bp,"%02X",x->krb5_client_princ[i]) <= 0) goto err; | 151 | if (BIO_printf(bp,"%02X",x->krb5_client_princ[i]) <= 0) goto err; |
| 152 | } | 152 | } |
| 153 | #endif /* OPENSSL_NO_KRB5 */ | 153 | #endif /* OPENSSL_NO_KRB5 */ |
| 154 | #ifndef OPENSSL_NO_TLSEXT | ||
| 155 | if (x->tlsext_tick_lifetime_hint) | ||
| 156 | { | ||
| 157 | if (BIO_printf(bp, | ||
| 158 | "\n TLS session ticket lifetime hint: %ld (seconds)", | ||
| 159 | x->tlsext_tick_lifetime_hint) <=0) | ||
| 160 | goto err; | ||
| 161 | } | ||
| 162 | if (x->tlsext_tick) | ||
| 163 | { | ||
| 164 | if (BIO_puts(bp, "\n TLS session ticket:\n") <= 0) goto err; | ||
| 165 | if (BIO_dump_indent(bp, (char *)x->tlsext_tick, x->tlsext_ticklen, 4) <= 0) | ||
| 166 | goto err; | ||
| 167 | } | ||
| 168 | #endif | ||
| 169 | #ifndef OPENSSL_NO_COMP | ||
| 154 | if (x->compress_meth != 0) | 170 | if (x->compress_meth != 0) |
| 155 | { | 171 | { |
| 156 | SSL_COMP *comp; | 172 | SSL_COMP *comp = NULL; |
| 157 | 173 | ||
| 158 | ssl_cipher_get_evp(x,NULL,NULL,&comp); | 174 | ssl_cipher_get_evp(x,NULL,NULL,&comp); |
| 159 | if (comp == NULL) | 175 | if (comp == NULL) |
| @@ -165,6 +181,7 @@ int SSL_SESSION_print(BIO *bp, const SSL_SESSION *x) | |||
| 165 | if (BIO_printf(bp,"\n Compression: %d (%s)", comp->id,comp->method->name) <= 0) goto err; | 181 | if (BIO_printf(bp,"\n Compression: %d (%s)", comp->id,comp->method->name) <= 0) goto err; |
| 166 | } | 182 | } |
| 167 | } | 183 | } |
| 184 | #endif | ||
| 168 | if (x->time != 0L) | 185 | if (x->time != 0L) |
| 169 | { | 186 | { |
| 170 | if (BIO_printf(bp, "\n Start Time: %ld",x->time) <= 0) goto err; | 187 | if (BIO_printf(bp, "\n Start Time: %ld",x->time) <= 0) goto err; |
diff --git a/src/lib/libssl/t1_clnt.c b/src/lib/libssl/t1_clnt.c index 57205fb429..4d1e198cdc 100644 --- a/src/lib/libssl/t1_clnt.c +++ b/src/lib/libssl/t1_clnt.c | |||
| @@ -72,26 +72,8 @@ static SSL_METHOD *tls1_get_client_method(int ver) | |||
| 72 | return(NULL); | 72 | return(NULL); |
| 73 | } | 73 | } |
| 74 | 74 | ||
| 75 | SSL_METHOD *TLSv1_client_method(void) | 75 | IMPLEMENT_tls1_meth_func(TLSv1_client_method, |
| 76 | { | 76 | ssl_undefined_function, |
| 77 | static int init=1; | 77 | ssl3_connect, |
| 78 | static SSL_METHOD TLSv1_client_data; | 78 | tls1_get_client_method) |
| 79 | |||
| 80 | if (init) | ||
| 81 | { | ||
| 82 | CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD); | ||
| 83 | |||
| 84 | if (init) | ||
| 85 | { | ||
| 86 | memcpy((char *)&TLSv1_client_data,(char *)tlsv1_base_method(), | ||
| 87 | sizeof(SSL_METHOD)); | ||
| 88 | TLSv1_client_data.ssl_connect=ssl3_connect; | ||
| 89 | TLSv1_client_data.get_ssl_method=tls1_get_client_method; | ||
| 90 | init=0; | ||
| 91 | } | ||
| 92 | |||
| 93 | CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD); | ||
| 94 | } | ||
| 95 | return(&TLSv1_client_data); | ||
| 96 | } | ||
| 97 | 79 | ||
diff --git a/src/lib/libssl/t1_enc.c b/src/lib/libssl/t1_enc.c index 2c6246abf5..ed5a4a7255 100644 --- a/src/lib/libssl/t1_enc.c +++ b/src/lib/libssl/t1_enc.c | |||
| @@ -115,7 +115,6 @@ | |||
| 115 | #include <openssl/evp.h> | 115 | #include <openssl/evp.h> |
| 116 | #include <openssl/hmac.h> | 116 | #include <openssl/hmac.h> |
| 117 | #include <openssl/md5.h> | 117 | #include <openssl/md5.h> |
| 118 | #include <openssl/fips.h> | ||
| 119 | 118 | ||
| 120 | static void tls1_P_hash(const EVP_MD *md, const unsigned char *sec, | 119 | static void tls1_P_hash(const EVP_MD *md, const unsigned char *sec, |
| 121 | int sec_len, unsigned char *seed, int seed_len, | 120 | int sec_len, unsigned char *seed, int seed_len, |
| @@ -132,8 +131,6 @@ static void tls1_P_hash(const EVP_MD *md, const unsigned char *sec, | |||
| 132 | 131 | ||
| 133 | HMAC_CTX_init(&ctx); | 132 | HMAC_CTX_init(&ctx); |
| 134 | HMAC_CTX_init(&ctx_tmp); | 133 | HMAC_CTX_init(&ctx_tmp); |
| 135 | HMAC_CTX_set_flags(&ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); | ||
| 136 | HMAC_CTX_set_flags(&ctx_tmp, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); | ||
| 137 | HMAC_Init_ex(&ctx,sec,sec_len,md, NULL); | 134 | HMAC_Init_ex(&ctx,sec,sec_len,md, NULL); |
| 138 | HMAC_Init_ex(&ctx_tmp,sec,sec_len,md, NULL); | 135 | HMAC_Init_ex(&ctx_tmp,sec,sec_len,md, NULL); |
| 139 | HMAC_Update(&ctx,seed,seed_len); | 136 | HMAC_Update(&ctx,seed,seed_len); |
| @@ -180,6 +177,7 @@ static void tls1_PRF(const EVP_MD *md5, const EVP_MD *sha1, | |||
| 180 | S2= &(sec[len]); | 177 | S2= &(sec[len]); |
| 181 | len+=(slen&1); /* add for odd, make longer */ | 178 | len+=(slen&1); /* add for odd, make longer */ |
| 182 | 179 | ||
| 180 | |||
| 183 | tls1_P_hash(md5 ,S1,len,label,label_len,out1,olen); | 181 | tls1_P_hash(md5 ,S1,len,label,label_len,out1,olen); |
| 184 | tls1_P_hash(sha1,S2,len,label,label_len,out2,olen); | 182 | tls1_P_hash(sha1,S2,len,label,label_len,out2,olen); |
| 185 | 183 | ||
| @@ -233,7 +231,9 @@ int tls1_change_cipher_state(SSL *s, int which) | |||
| 233 | int client_write; | 231 | int client_write; |
| 234 | EVP_CIPHER_CTX *dd; | 232 | EVP_CIPHER_CTX *dd; |
| 235 | const EVP_CIPHER *c; | 233 | const EVP_CIPHER *c; |
| 234 | #ifndef OPENSSL_NO_COMP | ||
| 236 | const SSL_COMP *comp; | 235 | const SSL_COMP *comp; |
| 236 | #endif | ||
| 237 | const EVP_MD *m; | 237 | const EVP_MD *m; |
| 238 | int is_export,n,i,j,k,exp_label_len,cl; | 238 | int is_export,n,i,j,k,exp_label_len,cl; |
| 239 | int reuse_dd = 0; | 239 | int reuse_dd = 0; |
| @@ -241,7 +241,9 @@ int tls1_change_cipher_state(SSL *s, int which) | |||
| 241 | is_export=SSL_C_IS_EXPORT(s->s3->tmp.new_cipher); | 241 | is_export=SSL_C_IS_EXPORT(s->s3->tmp.new_cipher); |
| 242 | c=s->s3->tmp.new_sym_enc; | 242 | c=s->s3->tmp.new_sym_enc; |
| 243 | m=s->s3->tmp.new_hash; | 243 | m=s->s3->tmp.new_hash; |
| 244 | #ifndef OPENSSL_NO_COMP | ||
| 244 | comp=s->s3->tmp.new_compression; | 245 | comp=s->s3->tmp.new_compression; |
| 246 | #endif | ||
| 245 | key_block=s->s3->tmp.key_block; | 247 | key_block=s->s3->tmp.key_block; |
| 246 | 248 | ||
| 247 | #ifdef KSSL_DEBUG | 249 | #ifdef KSSL_DEBUG |
| @@ -265,8 +267,12 @@ int tls1_change_cipher_state(SSL *s, int which) | |||
| 265 | reuse_dd = 1; | 267 | reuse_dd = 1; |
| 266 | else if ((s->enc_read_ctx=OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL) | 268 | else if ((s->enc_read_ctx=OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL) |
| 267 | goto err; | 269 | goto err; |
| 270 | else | ||
| 271 | /* make sure it's intialized in case we exit later with an error */ | ||
| 272 | EVP_CIPHER_CTX_init(s->enc_read_ctx); | ||
| 268 | dd= s->enc_read_ctx; | 273 | dd= s->enc_read_ctx; |
| 269 | s->read_hash=m; | 274 | s->read_hash=m; |
| 275 | #ifndef OPENSSL_NO_COMP | ||
| 270 | if (s->expand != NULL) | 276 | if (s->expand != NULL) |
| 271 | { | 277 | { |
| 272 | COMP_CTX_free(s->expand); | 278 | COMP_CTX_free(s->expand); |
| @@ -286,7 +292,10 @@ int tls1_change_cipher_state(SSL *s, int which) | |||
| 286 | if (s->s3->rrec.comp == NULL) | 292 | if (s->s3->rrec.comp == NULL) |
| 287 | goto err; | 293 | goto err; |
| 288 | } | 294 | } |
| 289 | memset(&(s->s3->read_sequence[0]),0,8); | 295 | #endif |
| 296 | /* this is done by dtls1_reset_seq_numbers for DTLS1_VERSION */ | ||
| 297 | if (s->version != DTLS1_VERSION) | ||
| 298 | memset(&(s->s3->read_sequence[0]),0,8); | ||
| 290 | mac_secret= &(s->s3->read_mac_secret[0]); | 299 | mac_secret= &(s->s3->read_mac_secret[0]); |
| 291 | } | 300 | } |
| 292 | else | 301 | else |
| @@ -295,12 +304,12 @@ int tls1_change_cipher_state(SSL *s, int which) | |||
| 295 | reuse_dd = 1; | 304 | reuse_dd = 1; |
| 296 | else if ((s->enc_write_ctx=OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL) | 305 | else if ((s->enc_write_ctx=OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL) |
| 297 | goto err; | 306 | goto err; |
| 298 | if ((s->enc_write_ctx == NULL) && | 307 | else |
| 299 | ((s->enc_write_ctx=(EVP_CIPHER_CTX *) | 308 | /* make sure it's intialized in case we exit later with an error */ |
| 300 | OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL)) | 309 | EVP_CIPHER_CTX_init(s->enc_write_ctx); |
| 301 | goto err; | ||
| 302 | dd= s->enc_write_ctx; | 310 | dd= s->enc_write_ctx; |
| 303 | s->write_hash=m; | 311 | s->write_hash=m; |
| 312 | #ifndef OPENSSL_NO_COMP | ||
| 304 | if (s->compress != NULL) | 313 | if (s->compress != NULL) |
| 305 | { | 314 | { |
| 306 | COMP_CTX_free(s->compress); | 315 | COMP_CTX_free(s->compress); |
| @@ -315,13 +324,15 @@ int tls1_change_cipher_state(SSL *s, int which) | |||
| 315 | goto err2; | 324 | goto err2; |
| 316 | } | 325 | } |
| 317 | } | 326 | } |
| 318 | memset(&(s->s3->write_sequence[0]),0,8); | 327 | #endif |
| 328 | /* this is done by dtls1_reset_seq_numbers for DTLS1_VERSION */ | ||
| 329 | if (s->version != DTLS1_VERSION) | ||
| 330 | memset(&(s->s3->write_sequence[0]),0,8); | ||
| 319 | mac_secret= &(s->s3->write_mac_secret[0]); | 331 | mac_secret= &(s->s3->write_mac_secret[0]); |
| 320 | } | 332 | } |
| 321 | 333 | ||
| 322 | if (reuse_dd) | 334 | if (reuse_dd) |
| 323 | EVP_CIPHER_CTX_cleanup(dd); | 335 | EVP_CIPHER_CTX_cleanup(dd); |
| 324 | EVP_CIPHER_CTX_init(dd); | ||
| 325 | 336 | ||
| 326 | p=s->s3->tmp.key_block; | 337 | p=s->s3->tmp.key_block; |
| 327 | i=EVP_MD_size(m); | 338 | i=EVP_MD_size(m); |
| @@ -503,7 +514,7 @@ printf("\nkey block\n"); | |||
| 503 | #endif | 514 | #endif |
| 504 | } | 515 | } |
| 505 | } | 516 | } |
| 506 | 517 | ||
| 507 | return(1); | 518 | return(1); |
| 508 | err: | 519 | err: |
| 509 | SSLerr(SSL_F_TLS1_SETUP_KEY_BLOCK,ERR_R_MALLOC_FAILURE); | 520 | SSLerr(SSL_F_TLS1_SETUP_KEY_BLOCK,ERR_R_MALLOC_FAILURE); |
| @@ -618,7 +629,15 @@ int tls1_enc(SSL *s, int send) | |||
| 618 | { | 629 | { |
| 619 | ii=i=rec->data[l-1]; /* padding_length */ | 630 | ii=i=rec->data[l-1]; /* padding_length */ |
| 620 | i++; | 631 | i++; |
| 621 | if (s->options&SSL_OP_TLS_BLOCK_PADDING_BUG) | 632 | /* NB: if compression is in operation the first packet |
| 633 | * may not be of even length so the padding bug check | ||
| 634 | * cannot be performed. This bug workaround has been | ||
| 635 | * around since SSLeay so hopefully it is either fixed | ||
| 636 | * now or no buggy implementation supports compression | ||
| 637 | * [steve] | ||
| 638 | */ | ||
| 639 | if ( (s->options&SSL_OP_TLS_BLOCK_PADDING_BUG) | ||
| 640 | && !s->expand) | ||
| 622 | { | 641 | { |
| 623 | /* First packet is even in size, so check */ | 642 | /* First packet is even in size, so check */ |
| 624 | if ((memcmp(s->s3->read_sequence, | 643 | if ((memcmp(s->s3->read_sequence, |
| @@ -719,15 +738,35 @@ int tls1_mac(SSL *ssl, unsigned char *md, int send) | |||
| 719 | md_size=EVP_MD_size(hash); | 738 | md_size=EVP_MD_size(hash); |
| 720 | 739 | ||
| 721 | buf[0]=rec->type; | 740 | buf[0]=rec->type; |
| 722 | buf[1]=TLS1_VERSION_MAJOR; | 741 | if (ssl->version == DTLS1_VERSION && ssl->client_version == DTLS1_BAD_VER) |
| 723 | buf[2]=TLS1_VERSION_MINOR; | 742 | { |
| 743 | buf[1]=TLS1_VERSION_MAJOR; | ||
| 744 | buf[2]=TLS1_VERSION_MINOR; | ||
| 745 | } | ||
| 746 | else { | ||
| 747 | buf[1]=(unsigned char)(ssl->version>>8); | ||
| 748 | buf[2]=(unsigned char)(ssl->version); | ||
| 749 | } | ||
| 750 | |||
| 724 | buf[3]=rec->length>>8; | 751 | buf[3]=rec->length>>8; |
| 725 | buf[4]=rec->length&0xff; | 752 | buf[4]=rec->length&0xff; |
| 726 | 753 | ||
| 727 | /* I should fix this up TLS TLS TLS TLS TLS XXXXXXXX */ | 754 | /* I should fix this up TLS TLS TLS TLS TLS XXXXXXXX */ |
| 728 | HMAC_CTX_init(&hmac); | 755 | HMAC_CTX_init(&hmac); |
| 729 | HMAC_Init_ex(&hmac,mac_sec,EVP_MD_size(hash),hash,NULL); | 756 | HMAC_Init_ex(&hmac,mac_sec,EVP_MD_size(hash),hash,NULL); |
| 730 | HMAC_Update(&hmac,seq,8); | 757 | |
| 758 | if (ssl->version == DTLS1_VERSION && ssl->client_version != DTLS1_BAD_VER) | ||
| 759 | { | ||
| 760 | unsigned char dtlsseq[8],*p=dtlsseq; | ||
| 761 | |||
| 762 | s2n(send?ssl->d1->w_epoch:ssl->d1->r_epoch, p); | ||
| 763 | memcpy (p,&seq[2],6); | ||
| 764 | |||
| 765 | HMAC_Update(&hmac,dtlsseq,8); | ||
| 766 | } | ||
| 767 | else | ||
| 768 | HMAC_Update(&hmac,seq,8); | ||
| 769 | |||
| 731 | HMAC_Update(&hmac,buf,5); | 770 | HMAC_Update(&hmac,buf,5); |
| 732 | HMAC_Update(&hmac,rec->input,rec->length); | 771 | HMAC_Update(&hmac,rec->input,rec->length); |
| 733 | HMAC_Final(&hmac,md,&md_size); | 772 | HMAC_Final(&hmac,md,&md_size); |
| @@ -744,10 +783,13 @@ printf("rec="); | |||
| 744 | {unsigned int z; for (z=0; z<rec->length; z++) printf("%02X ",buf[z]); printf("\n"); } | 783 | {unsigned int z; for (z=0; z<rec->length; z++) printf("%02X ",buf[z]); printf("\n"); } |
| 745 | #endif | 784 | #endif |
| 746 | 785 | ||
| 747 | for (i=7; i>=0; i--) | 786 | if ( SSL_version(ssl) != DTLS1_VERSION) |
| 748 | { | 787 | { |
| 749 | ++seq[i]; | 788 | for (i=7; i>=0; i--) |
| 750 | if (seq[i] != 0) break; | 789 | { |
| 790 | ++seq[i]; | ||
| 791 | if (seq[i] != 0) break; | ||
| 792 | } | ||
| 751 | } | 793 | } |
| 752 | 794 | ||
| 753 | #ifdef TLS_DEBUG | 795 | #ifdef TLS_DEBUG |
| @@ -810,6 +852,8 @@ int tls1_alert_code(int code) | |||
| 810 | case SSL_AD_INTERNAL_ERROR: return(TLS1_AD_INTERNAL_ERROR); | 852 | case SSL_AD_INTERNAL_ERROR: return(TLS1_AD_INTERNAL_ERROR); |
| 811 | case SSL_AD_USER_CANCELLED: return(TLS1_AD_USER_CANCELLED); | 853 | case SSL_AD_USER_CANCELLED: return(TLS1_AD_USER_CANCELLED); |
| 812 | case SSL_AD_NO_RENEGOTIATION: return(TLS1_AD_NO_RENEGOTIATION); | 854 | case SSL_AD_NO_RENEGOTIATION: return(TLS1_AD_NO_RENEGOTIATION); |
| 855 | case DTLS1_AD_MISSING_HANDSHAKE_MESSAGE: return | ||
| 856 | (DTLS1_AD_MISSING_HANDSHAKE_MESSAGE); | ||
| 813 | default: return(-1); | 857 | default: return(-1); |
| 814 | } | 858 | } |
| 815 | } | 859 | } |
diff --git a/src/lib/libssl/t1_lib.c b/src/lib/libssl/t1_lib.c index ca6c03d5af..35f04afa4a 100644 --- a/src/lib/libssl/t1_lib.c +++ b/src/lib/libssl/t1_lib.c | |||
| @@ -58,13 +58,20 @@ | |||
| 58 | 58 | ||
| 59 | #include <stdio.h> | 59 | #include <stdio.h> |
| 60 | #include <openssl/objects.h> | 60 | #include <openssl/objects.h> |
| 61 | #include <openssl/evp.h> | ||
| 62 | #include <openssl/hmac.h> | ||
| 63 | #include <openssl/ocsp.h> | ||
| 61 | #include "ssl_locl.h" | 64 | #include "ssl_locl.h" |
| 62 | 65 | ||
| 63 | const char *tls1_version_str="TLSv1" OPENSSL_VERSION_PTEXT; | 66 | const char tls1_version_str[]="TLSv1" OPENSSL_VERSION_PTEXT; |
| 64 | 67 | ||
| 65 | static long tls1_default_timeout(void); | 68 | #ifndef OPENSSL_NO_TLSEXT |
| 69 | static int tls_decrypt_ticket(SSL *s, const unsigned char *tick, int ticklen, | ||
| 70 | const unsigned char *sess_id, int sesslen, | ||
| 71 | SSL_SESSION **psess); | ||
| 72 | #endif | ||
| 66 | 73 | ||
| 67 | static SSL3_ENC_METHOD TLSv1_enc_data={ | 74 | SSL3_ENC_METHOD TLSv1_enc_data={ |
| 68 | tls1_enc, | 75 | tls1_enc, |
| 69 | tls1_mac, | 76 | tls1_mac, |
| 70 | tls1_setup_key_block, | 77 | tls1_setup_key_block, |
| @@ -78,45 +85,17 @@ static SSL3_ENC_METHOD TLSv1_enc_data={ | |||
| 78 | tls1_alert_code, | 85 | tls1_alert_code, |
| 79 | }; | 86 | }; |
| 80 | 87 | ||
| 81 | static SSL_METHOD TLSv1_data= { | 88 | long tls1_default_timeout(void) |
| 82 | TLS1_VERSION, | ||
| 83 | tls1_new, | ||
| 84 | tls1_clear, | ||
| 85 | tls1_free, | ||
| 86 | ssl_undefined_function, | ||
| 87 | ssl_undefined_function, | ||
| 88 | ssl3_read, | ||
| 89 | ssl3_peek, | ||
| 90 | ssl3_write, | ||
| 91 | ssl3_shutdown, | ||
| 92 | ssl3_renegotiate, | ||
| 93 | ssl3_renegotiate_check, | ||
| 94 | ssl3_ctrl, | ||
| 95 | ssl3_ctx_ctrl, | ||
| 96 | ssl3_get_cipher_by_char, | ||
| 97 | ssl3_put_cipher_by_char, | ||
| 98 | ssl3_pending, | ||
| 99 | ssl3_num_ciphers, | ||
| 100 | ssl3_get_cipher, | ||
| 101 | ssl_bad_method, | ||
| 102 | tls1_default_timeout, | ||
| 103 | &TLSv1_enc_data, | ||
| 104 | ssl_undefined_function, | ||
| 105 | ssl3_callback_ctrl, | ||
| 106 | ssl3_ctx_callback_ctrl, | ||
| 107 | }; | ||
| 108 | |||
| 109 | static long tls1_default_timeout(void) | ||
| 110 | { | 89 | { |
| 111 | /* 2 hours, the 24 hours mentioned in the TLSv1 spec | 90 | /* 2 hours, the 24 hours mentioned in the TLSv1 spec |
| 112 | * is way too long for http, the cache would over fill */ | 91 | * is way too long for http, the cache would over fill */ |
| 113 | return(60*60*2); | 92 | return(60*60*2); |
| 114 | } | 93 | } |
| 115 | 94 | ||
| 116 | SSL_METHOD *tlsv1_base_method(void) | 95 | IMPLEMENT_tls1_meth_func(tlsv1_base_method, |
| 117 | { | 96 | ssl_undefined_function, |
| 118 | return(&TLSv1_data); | 97 | ssl_undefined_function, |
| 119 | } | 98 | ssl_bad_method) |
| 120 | 99 | ||
| 121 | int tls1_new(SSL *s) | 100 | int tls1_new(SSL *s) |
| 122 | { | 101 | { |
| @@ -147,3 +126,751 @@ long tls1_callback_ctrl(SSL *s, int cmd, void *(*fp)()) | |||
| 147 | return(0); | 126 | return(0); |
| 148 | } | 127 | } |
| 149 | #endif | 128 | #endif |
| 129 | |||
| 130 | #ifndef OPENSSL_NO_TLSEXT | ||
| 131 | unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned char *limit) | ||
| 132 | { | ||
| 133 | int extdatalen=0; | ||
| 134 | unsigned char *ret = p; | ||
| 135 | |||
| 136 | ret+=2; | ||
| 137 | |||
| 138 | if (ret>=limit) return NULL; /* this really never occurs, but ... */ | ||
| 139 | |||
| 140 | if (s->tlsext_hostname != NULL) | ||
| 141 | { | ||
| 142 | /* Add TLS extension servername to the Client Hello message */ | ||
| 143 | unsigned long size_str; | ||
| 144 | long lenmax; | ||
| 145 | |||
| 146 | /* check for enough space. | ||
| 147 | 4 for the servername type and entension length | ||
| 148 | 2 for servernamelist length | ||
| 149 | 1 for the hostname type | ||
| 150 | 2 for hostname length | ||
| 151 | + hostname length | ||
| 152 | */ | ||
| 153 | |||
| 154 | if ((lenmax = limit - ret - 9) < 0 | ||
| 155 | || (size_str = strlen(s->tlsext_hostname)) > (unsigned long)lenmax) | ||
| 156 | return NULL; | ||
| 157 | |||
| 158 | /* extension type and length */ | ||
| 159 | s2n(TLSEXT_TYPE_server_name,ret); | ||
| 160 | s2n(size_str+5,ret); | ||
| 161 | |||
| 162 | /* length of servername list */ | ||
| 163 | s2n(size_str+3,ret); | ||
| 164 | |||
| 165 | /* hostname type, length and hostname */ | ||
| 166 | *(ret++) = (unsigned char) TLSEXT_NAMETYPE_host_name; | ||
| 167 | s2n(size_str,ret); | ||
| 168 | memcpy(ret, s->tlsext_hostname, size_str); | ||
| 169 | ret+=size_str; | ||
| 170 | |||
| 171 | } | ||
| 172 | |||
| 173 | if (!(SSL_get_options(s) & SSL_OP_NO_TICKET)) | ||
| 174 | { | ||
| 175 | int ticklen; | ||
| 176 | if (s->session && s->session->tlsext_tick) | ||
| 177 | ticklen = s->session->tlsext_ticklen; | ||
| 178 | else | ||
| 179 | ticklen = 0; | ||
| 180 | /* Check for enough room 2 for extension type, 2 for len | ||
| 181 | * rest for ticket | ||
| 182 | */ | ||
| 183 | if (limit - ret - 4 - ticklen < 0) | ||
| 184 | return NULL; | ||
| 185 | s2n(TLSEXT_TYPE_session_ticket,ret); | ||
| 186 | s2n(ticklen,ret); | ||
| 187 | if (ticklen) | ||
| 188 | { | ||
| 189 | memcpy(ret, s->session->tlsext_tick, ticklen); | ||
| 190 | ret += ticklen; | ||
| 191 | } | ||
| 192 | } | ||
| 193 | |||
| 194 | if (s->tlsext_status_type == TLSEXT_STATUSTYPE_ocsp) | ||
| 195 | { | ||
| 196 | int i; | ||
| 197 | long extlen, idlen, itmp; | ||
| 198 | OCSP_RESPID *id; | ||
| 199 | |||
| 200 | idlen = 0; | ||
| 201 | for (i = 0; i < sk_OCSP_RESPID_num(s->tlsext_ocsp_ids); i++) | ||
| 202 | { | ||
| 203 | id = sk_OCSP_RESPID_value(s->tlsext_ocsp_ids, i); | ||
| 204 | itmp = i2d_OCSP_RESPID(id, NULL); | ||
| 205 | if (itmp <= 0) | ||
| 206 | return NULL; | ||
| 207 | idlen += itmp + 2; | ||
| 208 | } | ||
| 209 | |||
| 210 | if (s->tlsext_ocsp_exts) | ||
| 211 | { | ||
| 212 | extlen = i2d_X509_EXTENSIONS(s->tlsext_ocsp_exts, NULL); | ||
| 213 | if (extlen < 0) | ||
| 214 | return NULL; | ||
| 215 | } | ||
| 216 | else | ||
| 217 | extlen = 0; | ||
| 218 | |||
| 219 | if ((long)(limit - ret - 7 - extlen - idlen) < 0) return NULL; | ||
| 220 | s2n(TLSEXT_TYPE_status_request, ret); | ||
| 221 | if (extlen + idlen > 0xFFF0) | ||
| 222 | return NULL; | ||
| 223 | s2n(extlen + idlen + 5, ret); | ||
| 224 | *(ret++) = TLSEXT_STATUSTYPE_ocsp; | ||
| 225 | s2n(idlen, ret); | ||
| 226 | for (i = 0; i < sk_OCSP_RESPID_num(s->tlsext_ocsp_ids); i++) | ||
| 227 | { | ||
| 228 | /* save position of id len */ | ||
| 229 | unsigned char *q = ret; | ||
| 230 | id = sk_OCSP_RESPID_value(s->tlsext_ocsp_ids, i); | ||
| 231 | /* skip over id len */ | ||
| 232 | ret += 2; | ||
| 233 | itmp = i2d_OCSP_RESPID(id, &ret); | ||
| 234 | /* write id len */ | ||
| 235 | s2n(itmp, q); | ||
| 236 | } | ||
| 237 | s2n(extlen, ret); | ||
| 238 | if (extlen > 0) | ||
| 239 | i2d_X509_EXTENSIONS(s->tlsext_ocsp_exts, &ret); | ||
| 240 | } | ||
| 241 | |||
| 242 | if ((extdatalen = ret-p-2)== 0) | ||
| 243 | return p; | ||
| 244 | |||
| 245 | s2n(extdatalen,p); | ||
| 246 | return ret; | ||
| 247 | } | ||
| 248 | |||
| 249 | unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned char *limit) | ||
| 250 | { | ||
| 251 | int extdatalen=0; | ||
| 252 | unsigned char *ret = p; | ||
| 253 | |||
| 254 | ret+=2; | ||
| 255 | if (ret>=limit) return NULL; /* this really never occurs, but ... */ | ||
| 256 | |||
| 257 | if (!s->hit && s->servername_done == 1 && s->session->tlsext_hostname != NULL) | ||
| 258 | { | ||
| 259 | if (limit - ret - 4 < 0) return NULL; | ||
| 260 | |||
| 261 | s2n(TLSEXT_TYPE_server_name,ret); | ||
| 262 | s2n(0,ret); | ||
| 263 | } | ||
| 264 | |||
| 265 | if (s->tlsext_ticket_expected | ||
| 266 | && !(SSL_get_options(s) & SSL_OP_NO_TICKET)) | ||
| 267 | { | ||
| 268 | if (limit - ret - 4 < 0) return NULL; | ||
| 269 | s2n(TLSEXT_TYPE_session_ticket,ret); | ||
| 270 | s2n(0,ret); | ||
| 271 | } | ||
| 272 | |||
| 273 | if (s->tlsext_status_expected) | ||
| 274 | { | ||
| 275 | if ((long)(limit - ret - 4) < 0) return NULL; | ||
| 276 | s2n(TLSEXT_TYPE_status_request,ret); | ||
| 277 | s2n(0,ret); | ||
| 278 | } | ||
| 279 | |||
| 280 | if ((extdatalen = ret-p-2)== 0) | ||
| 281 | return p; | ||
| 282 | |||
| 283 | s2n(extdatalen,p); | ||
| 284 | return ret; | ||
| 285 | } | ||
| 286 | |||
| 287 | int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, int n, int *al) | ||
| 288 | { | ||
| 289 | unsigned short type; | ||
| 290 | unsigned short size; | ||
| 291 | unsigned short len; | ||
| 292 | unsigned char *data = *p; | ||
| 293 | s->servername_done = 0; | ||
| 294 | s->tlsext_status_type = -1; | ||
| 295 | |||
| 296 | if (data >= (d+n-2)) | ||
| 297 | return 1; | ||
| 298 | n2s(data,len); | ||
| 299 | |||
| 300 | if (data > (d+n-len)) | ||
| 301 | return 1; | ||
| 302 | |||
| 303 | while (data <= (d+n-4)) | ||
| 304 | { | ||
| 305 | n2s(data,type); | ||
| 306 | n2s(data,size); | ||
| 307 | |||
| 308 | if (data+size > (d+n)) | ||
| 309 | return 1; | ||
| 310 | |||
| 311 | if (s->tlsext_debug_cb) | ||
| 312 | s->tlsext_debug_cb(s, 0, type, data, size, | ||
| 313 | s->tlsext_debug_arg); | ||
| 314 | /* The servername extension is treated as follows: | ||
| 315 | |||
| 316 | - Only the hostname type is supported with a maximum length of 255. | ||
| 317 | - The servername is rejected if too long or if it contains zeros, | ||
| 318 | in which case an fatal alert is generated. | ||
| 319 | - The servername field is maintained together with the session cache. | ||
| 320 | - When a session is resumed, the servername call back invoked in order | ||
| 321 | to allow the application to position itself to the right context. | ||
| 322 | - The servername is acknowledged if it is new for a session or when | ||
| 323 | it is identical to a previously used for the same session. | ||
| 324 | Applications can control the behaviour. They can at any time | ||
| 325 | set a 'desirable' servername for a new SSL object. This can be the | ||
| 326 | case for example with HTTPS when a Host: header field is received and | ||
| 327 | a renegotiation is requested. In this case, a possible servername | ||
| 328 | presented in the new client hello is only acknowledged if it matches | ||
| 329 | the value of the Host: field. | ||
| 330 | - Applications must use SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION | ||
| 331 | if they provide for changing an explicit servername context for the session, | ||
| 332 | i.e. when the session has been established with a servername extension. | ||
| 333 | - On session reconnect, the servername extension may be absent. | ||
| 334 | |||
| 335 | */ | ||
| 336 | |||
| 337 | if (type == TLSEXT_TYPE_server_name) | ||
| 338 | { | ||
| 339 | unsigned char *sdata; | ||
| 340 | int servname_type; | ||
| 341 | int dsize; | ||
| 342 | |||
| 343 | if (size < 2) | ||
| 344 | { | ||
| 345 | *al = SSL_AD_DECODE_ERROR; | ||
| 346 | return 0; | ||
| 347 | } | ||
| 348 | n2s(data,dsize); | ||
| 349 | size -= 2; | ||
| 350 | if (dsize > size ) | ||
| 351 | { | ||
| 352 | *al = SSL_AD_DECODE_ERROR; | ||
| 353 | return 0; | ||
| 354 | } | ||
| 355 | |||
| 356 | sdata = data; | ||
| 357 | while (dsize > 3) | ||
| 358 | { | ||
| 359 | servname_type = *(sdata++); | ||
| 360 | n2s(sdata,len); | ||
| 361 | dsize -= 3; | ||
| 362 | |||
| 363 | if (len > dsize) | ||
| 364 | { | ||
| 365 | *al = SSL_AD_DECODE_ERROR; | ||
| 366 | return 0; | ||
| 367 | } | ||
| 368 | if (s->servername_done == 0) | ||
| 369 | switch (servname_type) | ||
| 370 | { | ||
| 371 | case TLSEXT_NAMETYPE_host_name: | ||
| 372 | if (s->session->tlsext_hostname == NULL) | ||
| 373 | { | ||
| 374 | if (len > TLSEXT_MAXLEN_host_name || | ||
| 375 | ((s->session->tlsext_hostname = OPENSSL_malloc(len+1)) == NULL)) | ||
| 376 | { | ||
| 377 | *al = TLS1_AD_UNRECOGNIZED_NAME; | ||
| 378 | return 0; | ||
| 379 | } | ||
| 380 | memcpy(s->session->tlsext_hostname, sdata, len); | ||
| 381 | s->session->tlsext_hostname[len]='\0'; | ||
| 382 | if (strlen(s->session->tlsext_hostname) != len) { | ||
| 383 | OPENSSL_free(s->session->tlsext_hostname); | ||
| 384 | s->session->tlsext_hostname = NULL; | ||
| 385 | *al = TLS1_AD_UNRECOGNIZED_NAME; | ||
| 386 | return 0; | ||
| 387 | } | ||
| 388 | s->servername_done = 1; | ||
| 389 | |||
| 390 | } | ||
| 391 | else | ||
| 392 | s->servername_done = strlen(s->session->tlsext_hostname) == len | ||
| 393 | && strncmp(s->session->tlsext_hostname, (char *)sdata, len) == 0; | ||
| 394 | |||
| 395 | break; | ||
| 396 | |||
| 397 | default: | ||
| 398 | break; | ||
| 399 | } | ||
| 400 | |||
| 401 | dsize -= len; | ||
| 402 | } | ||
| 403 | if (dsize != 0) | ||
| 404 | { | ||
| 405 | *al = SSL_AD_DECODE_ERROR; | ||
| 406 | return 0; | ||
| 407 | } | ||
| 408 | |||
| 409 | } | ||
| 410 | else if (type == TLSEXT_TYPE_status_request | ||
| 411 | && s->ctx->tlsext_status_cb) | ||
| 412 | { | ||
| 413 | |||
| 414 | if (size < 5) | ||
| 415 | { | ||
| 416 | *al = SSL_AD_DECODE_ERROR; | ||
| 417 | return 0; | ||
| 418 | } | ||
| 419 | |||
| 420 | s->tlsext_status_type = *data++; | ||
| 421 | size--; | ||
| 422 | if (s->tlsext_status_type == TLSEXT_STATUSTYPE_ocsp) | ||
| 423 | { | ||
| 424 | const unsigned char *sdata; | ||
| 425 | int dsize; | ||
| 426 | /* Read in responder_id_list */ | ||
| 427 | n2s(data,dsize); | ||
| 428 | size -= 2; | ||
| 429 | if (dsize > size ) | ||
| 430 | { | ||
| 431 | *al = SSL_AD_DECODE_ERROR; | ||
| 432 | return 0; | ||
| 433 | } | ||
| 434 | while (dsize > 0) | ||
| 435 | { | ||
| 436 | OCSP_RESPID *id; | ||
| 437 | int idsize; | ||
| 438 | if (dsize < 4) | ||
| 439 | { | ||
| 440 | *al = SSL_AD_DECODE_ERROR; | ||
| 441 | return 0; | ||
| 442 | } | ||
| 443 | n2s(data, idsize); | ||
| 444 | dsize -= 2 + idsize; | ||
| 445 | if (dsize < 0) | ||
| 446 | { | ||
| 447 | *al = SSL_AD_DECODE_ERROR; | ||
| 448 | return 0; | ||
| 449 | } | ||
| 450 | sdata = data; | ||
| 451 | data += idsize; | ||
| 452 | id = d2i_OCSP_RESPID(NULL, | ||
| 453 | &sdata, idsize); | ||
| 454 | if (!id) | ||
| 455 | { | ||
| 456 | *al = SSL_AD_DECODE_ERROR; | ||
| 457 | return 0; | ||
| 458 | } | ||
| 459 | if (data != sdata) | ||
| 460 | { | ||
| 461 | OCSP_RESPID_free(id); | ||
| 462 | *al = SSL_AD_DECODE_ERROR; | ||
| 463 | return 0; | ||
| 464 | } | ||
| 465 | if (!s->tlsext_ocsp_ids | ||
| 466 | && !(s->tlsext_ocsp_ids = | ||
| 467 | sk_OCSP_RESPID_new_null())) | ||
| 468 | { | ||
| 469 | OCSP_RESPID_free(id); | ||
| 470 | *al = SSL_AD_INTERNAL_ERROR; | ||
| 471 | return 0; | ||
| 472 | } | ||
| 473 | if (!sk_OCSP_RESPID_push( | ||
| 474 | s->tlsext_ocsp_ids, id)) | ||
| 475 | { | ||
| 476 | OCSP_RESPID_free(id); | ||
| 477 | *al = SSL_AD_INTERNAL_ERROR; | ||
| 478 | return 0; | ||
| 479 | } | ||
| 480 | } | ||
| 481 | |||
| 482 | /* Read in request_extensions */ | ||
| 483 | n2s(data,dsize); | ||
| 484 | size -= 2; | ||
| 485 | if (dsize > size) | ||
| 486 | { | ||
| 487 | *al = SSL_AD_DECODE_ERROR; | ||
| 488 | return 0; | ||
| 489 | } | ||
| 490 | sdata = data; | ||
| 491 | if (dsize > 0) | ||
| 492 | { | ||
| 493 | s->tlsext_ocsp_exts = | ||
| 494 | d2i_X509_EXTENSIONS(NULL, | ||
| 495 | &sdata, dsize); | ||
| 496 | if (!s->tlsext_ocsp_exts | ||
| 497 | || (data + dsize != sdata)) | ||
| 498 | { | ||
| 499 | *al = SSL_AD_DECODE_ERROR; | ||
| 500 | return 0; | ||
| 501 | } | ||
| 502 | } | ||
| 503 | } | ||
| 504 | /* We don't know what to do with any other type | ||
| 505 | * so ignore it. | ||
| 506 | */ | ||
| 507 | else | ||
| 508 | s->tlsext_status_type = -1; | ||
| 509 | } | ||
| 510 | /* session ticket processed earlier */ | ||
| 511 | |||
| 512 | data+=size; | ||
| 513 | } | ||
| 514 | |||
| 515 | *p = data; | ||
| 516 | return 1; | ||
| 517 | } | ||
| 518 | |||
| 519 | int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d, int n, int *al) | ||
| 520 | { | ||
| 521 | unsigned short type; | ||
| 522 | unsigned short size; | ||
| 523 | unsigned short len; | ||
| 524 | unsigned char *data = *p; | ||
| 525 | |||
| 526 | int tlsext_servername = 0; | ||
| 527 | |||
| 528 | if (data >= (d+n-2)) | ||
| 529 | return 1; | ||
| 530 | |||
| 531 | n2s(data,len); | ||
| 532 | |||
| 533 | while(data <= (d+n-4)) | ||
| 534 | { | ||
| 535 | n2s(data,type); | ||
| 536 | n2s(data,size); | ||
| 537 | |||
| 538 | if (data+size > (d+n)) | ||
| 539 | return 1; | ||
| 540 | |||
| 541 | if (s->tlsext_debug_cb) | ||
| 542 | s->tlsext_debug_cb(s, 1, type, data, size, | ||
| 543 | s->tlsext_debug_arg); | ||
| 544 | |||
| 545 | if (type == TLSEXT_TYPE_server_name) | ||
| 546 | { | ||
| 547 | if (s->tlsext_hostname == NULL || size > 0) | ||
| 548 | { | ||
| 549 | *al = TLS1_AD_UNRECOGNIZED_NAME; | ||
| 550 | return 0; | ||
| 551 | } | ||
| 552 | tlsext_servername = 1; | ||
| 553 | } | ||
| 554 | else if (type == TLSEXT_TYPE_session_ticket) | ||
| 555 | { | ||
| 556 | if ((SSL_get_options(s) & SSL_OP_NO_TICKET) | ||
| 557 | || (size > 0)) | ||
| 558 | { | ||
| 559 | *al = TLS1_AD_UNSUPPORTED_EXTENSION; | ||
| 560 | return 0; | ||
| 561 | } | ||
| 562 | s->tlsext_ticket_expected = 1; | ||
| 563 | } | ||
| 564 | else if (type == TLSEXT_TYPE_status_request) | ||
| 565 | { | ||
| 566 | /* MUST be empty and only sent if we've requested | ||
| 567 | * a status request message. | ||
| 568 | */ | ||
| 569 | if ((s->tlsext_status_type == -1) || (size > 0)) | ||
| 570 | { | ||
| 571 | *al = TLS1_AD_UNSUPPORTED_EXTENSION; | ||
| 572 | return 0; | ||
| 573 | } | ||
| 574 | /* Set flag to expect CertificateStatus message */ | ||
| 575 | s->tlsext_status_expected = 1; | ||
| 576 | } | ||
| 577 | |||
| 578 | data+=size; | ||
| 579 | } | ||
| 580 | |||
| 581 | if (data != d+n) | ||
| 582 | { | ||
| 583 | *al = SSL_AD_DECODE_ERROR; | ||
| 584 | return 0; | ||
| 585 | } | ||
| 586 | |||
| 587 | if (!s->hit && tlsext_servername == 1) | ||
| 588 | { | ||
| 589 | if (s->tlsext_hostname) | ||
| 590 | { | ||
| 591 | if (s->session->tlsext_hostname == NULL) | ||
| 592 | { | ||
| 593 | s->session->tlsext_hostname = BUF_strdup(s->tlsext_hostname); | ||
| 594 | if (!s->session->tlsext_hostname) | ||
| 595 | { | ||
| 596 | *al = SSL_AD_UNRECOGNIZED_NAME; | ||
| 597 | return 0; | ||
| 598 | } | ||
| 599 | } | ||
| 600 | else | ||
| 601 | { | ||
| 602 | *al = SSL_AD_DECODE_ERROR; | ||
| 603 | return 0; | ||
| 604 | } | ||
| 605 | } | ||
| 606 | } | ||
| 607 | |||
| 608 | *p = data; | ||
| 609 | return 1; | ||
| 610 | } | ||
| 611 | |||
| 612 | int ssl_check_clienthello_tlsext(SSL *s) | ||
| 613 | { | ||
| 614 | int ret=SSL_TLSEXT_ERR_NOACK; | ||
| 615 | int al = SSL_AD_UNRECOGNIZED_NAME; | ||
| 616 | |||
| 617 | if (s->ctx != NULL && s->ctx->tlsext_servername_callback != 0) | ||
| 618 | ret = s->ctx->tlsext_servername_callback(s, &al, s->ctx->tlsext_servername_arg); | ||
| 619 | else if (s->initial_ctx != NULL && s->initial_ctx->tlsext_servername_callback != 0) | ||
| 620 | ret = s->initial_ctx->tlsext_servername_callback(s, &al, s->initial_ctx->tlsext_servername_arg); | ||
| 621 | |||
| 622 | /* If status request then ask callback what to do. | ||
| 623 | * Note: this must be called after servername callbacks in case | ||
| 624 | * the certificate has changed. | ||
| 625 | */ | ||
| 626 | if ((s->tlsext_status_type != -1) && s->ctx->tlsext_status_cb) | ||
| 627 | { | ||
| 628 | int r; | ||
| 629 | r = s->ctx->tlsext_status_cb(s, s->ctx->tlsext_status_arg); | ||
| 630 | switch (r) | ||
| 631 | { | ||
| 632 | /* We don't want to send a status request response */ | ||
| 633 | case SSL_TLSEXT_ERR_NOACK: | ||
| 634 | s->tlsext_status_expected = 0; | ||
| 635 | break; | ||
| 636 | /* status request response should be sent */ | ||
| 637 | case SSL_TLSEXT_ERR_OK: | ||
| 638 | if (s->tlsext_ocsp_resp) | ||
| 639 | s->tlsext_status_expected = 1; | ||
| 640 | else | ||
| 641 | s->tlsext_status_expected = 0; | ||
| 642 | break; | ||
| 643 | /* something bad happened */ | ||
| 644 | case SSL_TLSEXT_ERR_ALERT_FATAL: | ||
| 645 | ret = SSL_TLSEXT_ERR_ALERT_FATAL; | ||
| 646 | al = SSL_AD_INTERNAL_ERROR; | ||
| 647 | goto err; | ||
| 648 | } | ||
| 649 | } | ||
| 650 | else | ||
| 651 | s->tlsext_status_expected = 0; | ||
| 652 | err: | ||
| 653 | switch (ret) | ||
| 654 | { | ||
| 655 | case SSL_TLSEXT_ERR_ALERT_FATAL: | ||
| 656 | ssl3_send_alert(s,SSL3_AL_FATAL,al); | ||
| 657 | return -1; | ||
| 658 | |||
| 659 | case SSL_TLSEXT_ERR_ALERT_WARNING: | ||
| 660 | ssl3_send_alert(s,SSL3_AL_WARNING,al); | ||
| 661 | return 1; | ||
| 662 | |||
| 663 | case SSL_TLSEXT_ERR_NOACK: | ||
| 664 | s->servername_done=0; | ||
| 665 | default: | ||
| 666 | return 1; | ||
| 667 | } | ||
| 668 | } | ||
| 669 | |||
| 670 | int ssl_check_serverhello_tlsext(SSL *s) | ||
| 671 | { | ||
| 672 | int ret=SSL_TLSEXT_ERR_NOACK; | ||
| 673 | int al = SSL_AD_UNRECOGNIZED_NAME; | ||
| 674 | |||
| 675 | if (s->ctx != NULL && s->ctx->tlsext_servername_callback != 0) | ||
| 676 | ret = s->ctx->tlsext_servername_callback(s, &al, s->ctx->tlsext_servername_arg); | ||
| 677 | else if (s->initial_ctx != NULL && s->initial_ctx->tlsext_servername_callback != 0) | ||
| 678 | ret = s->initial_ctx->tlsext_servername_callback(s, &al, s->initial_ctx->tlsext_servername_arg); | ||
| 679 | |||
| 680 | /* If we've requested certificate status and we wont get one | ||
| 681 | * tell the callback | ||
| 682 | */ | ||
| 683 | if ((s->tlsext_status_type != -1) && !(s->tlsext_status_expected) | ||
| 684 | && s->ctx->tlsext_status_cb) | ||
| 685 | { | ||
| 686 | int r; | ||
| 687 | /* Set resp to NULL, resplen to -1 so callback knows | ||
| 688 | * there is no response. | ||
| 689 | */ | ||
| 690 | if (s->tlsext_ocsp_resp) | ||
| 691 | { | ||
| 692 | OPENSSL_free(s->tlsext_ocsp_resp); | ||
| 693 | s->tlsext_ocsp_resp = NULL; | ||
| 694 | } | ||
| 695 | s->tlsext_ocsp_resplen = -1; | ||
| 696 | r = s->ctx->tlsext_status_cb(s, s->ctx->tlsext_status_arg); | ||
| 697 | if (r == 0) | ||
| 698 | { | ||
| 699 | al = SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE; | ||
| 700 | ret = SSL_TLSEXT_ERR_ALERT_FATAL; | ||
| 701 | } | ||
| 702 | if (r < 0) | ||
| 703 | { | ||
| 704 | al = SSL_AD_INTERNAL_ERROR; | ||
| 705 | ret = SSL_TLSEXT_ERR_ALERT_FATAL; | ||
| 706 | } | ||
| 707 | } | ||
| 708 | |||
| 709 | switch (ret) | ||
| 710 | { | ||
| 711 | case SSL_TLSEXT_ERR_ALERT_FATAL: | ||
| 712 | ssl3_send_alert(s,SSL3_AL_FATAL,al); | ||
| 713 | return -1; | ||
| 714 | |||
| 715 | case SSL_TLSEXT_ERR_ALERT_WARNING: | ||
| 716 | ssl3_send_alert(s,SSL3_AL_WARNING,al); | ||
| 717 | return 1; | ||
| 718 | |||
| 719 | case SSL_TLSEXT_ERR_NOACK: | ||
| 720 | s->servername_done=0; | ||
| 721 | default: | ||
| 722 | return 1; | ||
| 723 | } | ||
| 724 | } | ||
| 725 | |||
| 726 | /* Since the server cache lookup is done early on in the processing of client | ||
| 727 | * hello and other operations depend on the result we need to handle any TLS | ||
| 728 | * session ticket extension at the same time. | ||
| 729 | */ | ||
| 730 | |||
| 731 | int tls1_process_ticket(SSL *s, unsigned char *session_id, int len, | ||
| 732 | const unsigned char *limit, SSL_SESSION **ret) | ||
| 733 | { | ||
| 734 | /* Point after session ID in client hello */ | ||
| 735 | const unsigned char *p = session_id + len; | ||
| 736 | unsigned short i; | ||
| 737 | if ((s->version <= SSL3_VERSION) || !limit) | ||
| 738 | return 1; | ||
| 739 | if (p >= limit) | ||
| 740 | return -1; | ||
| 741 | /* Skip past cipher list */ | ||
| 742 | n2s(p, i); | ||
| 743 | p+= i; | ||
| 744 | if (p >= limit) | ||
| 745 | return -1; | ||
| 746 | /* Skip past compression algorithm list */ | ||
| 747 | i = *(p++); | ||
| 748 | p += i; | ||
| 749 | if (p > limit) | ||
| 750 | return -1; | ||
| 751 | /* Now at start of extensions */ | ||
| 752 | if ((p + 2) >= limit) | ||
| 753 | return 1; | ||
| 754 | n2s(p, i); | ||
| 755 | while ((p + 4) <= limit) | ||
| 756 | { | ||
| 757 | unsigned short type, size; | ||
| 758 | n2s(p, type); | ||
| 759 | n2s(p, size); | ||
| 760 | if (p + size > limit) | ||
| 761 | return 1; | ||
| 762 | if (type == TLSEXT_TYPE_session_ticket) | ||
| 763 | { | ||
| 764 | /* If tickets disabled indicate cache miss which will | ||
| 765 | * trigger a full handshake | ||
| 766 | */ | ||
| 767 | if (SSL_get_options(s) & SSL_OP_NO_TICKET) | ||
| 768 | return 0; | ||
| 769 | /* If zero length not client will accept a ticket | ||
| 770 | * and indicate cache miss to trigger full handshake | ||
| 771 | */ | ||
| 772 | if (size == 0) | ||
| 773 | { | ||
| 774 | s->tlsext_ticket_expected = 1; | ||
| 775 | return 0; /* Cache miss */ | ||
| 776 | } | ||
| 777 | return tls_decrypt_ticket(s, p, size, session_id, len, | ||
| 778 | ret); | ||
| 779 | } | ||
| 780 | p += size; | ||
| 781 | } | ||
| 782 | return 1; | ||
| 783 | } | ||
| 784 | |||
| 785 | static int tls_decrypt_ticket(SSL *s, const unsigned char *etick, int eticklen, | ||
| 786 | const unsigned char *sess_id, int sesslen, | ||
| 787 | SSL_SESSION **psess) | ||
| 788 | { | ||
| 789 | SSL_SESSION *sess; | ||
| 790 | unsigned char *sdec; | ||
| 791 | const unsigned char *p; | ||
| 792 | int slen, mlen, renew_ticket = 0; | ||
| 793 | unsigned char tick_hmac[EVP_MAX_MD_SIZE]; | ||
| 794 | HMAC_CTX hctx; | ||
| 795 | EVP_CIPHER_CTX ctx; | ||
| 796 | /* Need at least keyname + iv + some encrypted data */ | ||
| 797 | if (eticklen < 48) | ||
| 798 | goto tickerr; | ||
| 799 | /* Initialize session ticket encryption and HMAC contexts */ | ||
| 800 | HMAC_CTX_init(&hctx); | ||
| 801 | EVP_CIPHER_CTX_init(&ctx); | ||
| 802 | if (s->ctx->tlsext_ticket_key_cb) | ||
| 803 | { | ||
| 804 | unsigned char *nctick = (unsigned char *)etick; | ||
| 805 | int rv = s->ctx->tlsext_ticket_key_cb(s, nctick, nctick + 16, | ||
| 806 | &ctx, &hctx, 0); | ||
| 807 | if (rv < 0) | ||
| 808 | return -1; | ||
| 809 | if (rv == 0) | ||
| 810 | goto tickerr; | ||
| 811 | if (rv == 2) | ||
| 812 | renew_ticket = 1; | ||
| 813 | } | ||
| 814 | else | ||
| 815 | { | ||
| 816 | /* Check key name matches */ | ||
| 817 | if (memcmp(etick, s->ctx->tlsext_tick_key_name, 16)) | ||
| 818 | goto tickerr; | ||
| 819 | HMAC_Init_ex(&hctx, s->ctx->tlsext_tick_hmac_key, 16, | ||
| 820 | tlsext_tick_md(), NULL); | ||
| 821 | EVP_DecryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, | ||
| 822 | s->ctx->tlsext_tick_aes_key, etick + 16); | ||
| 823 | } | ||
| 824 | /* Attempt to process session ticket, first conduct sanity and | ||
| 825 | * integrity checks on ticket. | ||
| 826 | */ | ||
| 827 | mlen = HMAC_size(&hctx); | ||
| 828 | eticklen -= mlen; | ||
| 829 | /* Check HMAC of encrypted ticket */ | ||
| 830 | HMAC_Update(&hctx, etick, eticklen); | ||
| 831 | HMAC_Final(&hctx, tick_hmac, NULL); | ||
| 832 | HMAC_CTX_cleanup(&hctx); | ||
| 833 | if (memcmp(tick_hmac, etick + eticklen, mlen)) | ||
| 834 | goto tickerr; | ||
| 835 | /* Attempt to decrypt session data */ | ||
| 836 | /* Move p after IV to start of encrypted ticket, update length */ | ||
| 837 | p = etick + 16 + EVP_CIPHER_CTX_iv_length(&ctx); | ||
| 838 | eticklen -= 16 + EVP_CIPHER_CTX_iv_length(&ctx); | ||
| 839 | sdec = OPENSSL_malloc(eticklen); | ||
| 840 | if (!sdec) | ||
| 841 | { | ||
| 842 | EVP_CIPHER_CTX_cleanup(&ctx); | ||
| 843 | return -1; | ||
| 844 | } | ||
| 845 | EVP_DecryptUpdate(&ctx, sdec, &slen, p, eticklen); | ||
| 846 | if (EVP_DecryptFinal(&ctx, sdec + slen, &mlen) <= 0) | ||
| 847 | goto tickerr; | ||
| 848 | slen += mlen; | ||
| 849 | EVP_CIPHER_CTX_cleanup(&ctx); | ||
| 850 | p = sdec; | ||
| 851 | |||
| 852 | sess = d2i_SSL_SESSION(NULL, &p, slen); | ||
| 853 | OPENSSL_free(sdec); | ||
| 854 | if (sess) | ||
| 855 | { | ||
| 856 | /* The session ID if non-empty is used by some clients to | ||
| 857 | * detect that the ticket has been accepted. So we copy it to | ||
| 858 | * the session structure. If it is empty set length to zero | ||
| 859 | * as required by standard. | ||
| 860 | */ | ||
| 861 | if (sesslen) | ||
| 862 | memcpy(sess->session_id, sess_id, sesslen); | ||
| 863 | sess->session_id_length = sesslen; | ||
| 864 | *psess = sess; | ||
| 865 | s->tlsext_ticket_expected = renew_ticket; | ||
| 866 | return 1; | ||
| 867 | } | ||
| 868 | /* If session decrypt failure indicate a cache miss and set state to | ||
| 869 | * send a new ticket | ||
| 870 | */ | ||
| 871 | tickerr: | ||
| 872 | s->tlsext_ticket_expected = 1; | ||
| 873 | return 0; | ||
| 874 | } | ||
| 875 | |||
| 876 | #endif | ||
diff --git a/src/lib/libssl/t1_meth.c b/src/lib/libssl/t1_meth.c index fcc243f782..f5d8df634e 100644 --- a/src/lib/libssl/t1_meth.c +++ b/src/lib/libssl/t1_meth.c | |||
| @@ -69,28 +69,8 @@ static SSL_METHOD *tls1_get_method(int ver) | |||
| 69 | return(NULL); | 69 | return(NULL); |
| 70 | } | 70 | } |
| 71 | 71 | ||
| 72 | SSL_METHOD *TLSv1_method(void) | 72 | IMPLEMENT_tls1_meth_func(TLSv1_method, |
| 73 | { | 73 | ssl3_accept, |
| 74 | static int init=1; | 74 | ssl3_connect, |
| 75 | static SSL_METHOD TLSv1_data; | 75 | tls1_get_method) |
| 76 | |||
| 77 | if (init) | ||
| 78 | { | ||
| 79 | CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD); | ||
| 80 | |||
| 81 | if (init) | ||
| 82 | { | ||
| 83 | memcpy((char *)&TLSv1_data,(char *)tlsv1_base_method(), | ||
| 84 | sizeof(SSL_METHOD)); | ||
| 85 | TLSv1_data.ssl_connect=ssl3_connect; | ||
| 86 | TLSv1_data.ssl_accept=ssl3_accept; | ||
| 87 | TLSv1_data.get_ssl_method=tls1_get_method; | ||
| 88 | init=0; | ||
| 89 | } | ||
| 90 | |||
| 91 | CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD); | ||
| 92 | } | ||
| 93 | |||
| 94 | return(&TLSv1_data); | ||
| 95 | } | ||
| 96 | 76 | ||
diff --git a/src/lib/libssl/t1_srvr.c b/src/lib/libssl/t1_srvr.c index 1c1149e49f..b75636abba 100644 --- a/src/lib/libssl/t1_srvr.c +++ b/src/lib/libssl/t1_srvr.c | |||
| @@ -73,26 +73,8 @@ static SSL_METHOD *tls1_get_server_method(int ver) | |||
| 73 | return(NULL); | 73 | return(NULL); |
| 74 | } | 74 | } |
| 75 | 75 | ||
| 76 | SSL_METHOD *TLSv1_server_method(void) | 76 | IMPLEMENT_tls1_meth_func(TLSv1_server_method, |
| 77 | { | 77 | ssl3_accept, |
| 78 | static int init=1; | 78 | ssl_undefined_function, |
| 79 | static SSL_METHOD TLSv1_server_data; | 79 | tls1_get_server_method) |
| 80 | |||
| 81 | if (init) | ||
| 82 | { | ||
| 83 | CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD); | ||
| 84 | |||
| 85 | if (init) | ||
| 86 | { | ||
| 87 | memcpy((char *)&TLSv1_server_data,(char *)tlsv1_base_method(), | ||
| 88 | sizeof(SSL_METHOD)); | ||
| 89 | TLSv1_server_data.ssl_accept=ssl3_accept; | ||
| 90 | TLSv1_server_data.get_ssl_method=tls1_get_server_method; | ||
| 91 | init=0; | ||
| 92 | } | ||
| 93 | |||
| 94 | CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD); | ||
| 95 | } | ||
| 96 | return(&TLSv1_server_data); | ||
| 97 | } | ||
| 98 | 80 | ||
diff --git a/src/lib/libssl/test/bctest b/src/lib/libssl/test/bctest index e81fc0733a..bdb3218f7a 100644 --- a/src/lib/libssl/test/bctest +++ b/src/lib/libssl/test/bctest | |||
| @@ -1,6 +1,6 @@ | |||
| 1 | #!/bin/sh | 1 | #!/bin/sh |
| 2 | 2 | ||
| 3 | # This script is used by test/Makefile to check whether a sane 'bc' | 3 | # This script is used by test/Makefile.ssl to check whether a sane 'bc' |
| 4 | # is installed. | 4 | # is installed. |
| 5 | # ('make test_bn' should not try to run 'bc' if it does not exist or if | 5 | # ('make test_bn' should not try to run 'bc' if it does not exist or if |
| 6 | # it is a broken 'bc' version that is known to cause trouble.) | 6 | # it is a broken 'bc' version that is known to cause trouble.) |
diff --git a/src/lib/libssl/test/maketests.com b/src/lib/libssl/test/maketests.com index 94621a655b..14cbf06088 100644 --- a/src/lib/libssl/test/maketests.com +++ b/src/lib/libssl/test/maketests.com | |||
| @@ -127,9 +127,11 @@ $ GOSUB CHECK_OPT_FILE | |||
| 127 | $! | 127 | $! |
| 128 | $! Define The TEST Files. | 128 | $! Define The TEST Files. |
| 129 | $! | 129 | $! |
| 130 | $ TEST_FILES = "BNTEST,ECTEST,IDEATEST,MD2TEST,MD4TEST,MD5TEST,HMACTEST,"+ - | 130 | $ TEST_FILES = "BNTEST,ECTEST,ECDSATEST,ECDHTEST,IDEATEST,"+ - |
| 131 | "MD2TEST,MD4TEST,MD5TEST,HMACTEST,"+ - | ||
| 131 | "RC2TEST,RC4TEST,RC5TEST,"+ - | 132 | "RC2TEST,RC4TEST,RC5TEST,"+ - |
| 132 | "DESTEST,SHATEST,SHA1TEST,MDC2TEST,RMDTEST,"+ - | 133 | "DESTEST,SHATEST,SHA1TEST,SHA256T,SHA512T,"+ - |
| 134 | "MDC2TEST,RMDTEST,"+ - | ||
| 133 | "RANDTEST,DHTEST,ENGINETEST,"+ - | 135 | "RANDTEST,DHTEST,ENGINETEST,"+ - |
| 134 | "BFTEST,CASTTEST,SSLTEST,EXPTEST,DSATEST,RSA_TEST,"+ - | 136 | "BFTEST,CASTTEST,SSLTEST,EXPTEST,DSATEST,RSA_TEST,"+ - |
| 135 | "EVP_TEST" | 137 | "EVP_TEST" |
diff --git a/src/lib/libssl/test/tcrl b/src/lib/libssl/test/tcrl index 3ffed12a03..055269eab8 100644 --- a/src/lib/libssl/test/tcrl +++ b/src/lib/libssl/test/tcrl | |||
| @@ -1,12 +1,5 @@ | |||
| 1 | #!/bin/sh | 1 | #!/bin/sh |
| 2 | 2 | ||
| 3 | if test "$OSTYPE" = msdosdjgpp; then | ||
| 4 | PATH=../apps\;$PATH | ||
| 5 | else | ||
| 6 | PATH=../apps:$PATH | ||
| 7 | fi | ||
| 8 | export PATH | ||
| 9 | |||
| 10 | cmd='../util/shlib_wrap.sh ../apps/openssl crl' | 3 | cmd='../util/shlib_wrap.sh ../apps/openssl crl' |
| 11 | 4 | ||
| 12 | if [ "$1"x != "x" ]; then | 5 | if [ "$1"x != "x" ]; then |
diff --git a/src/lib/libssl/test/testca b/src/lib/libssl/test/testca index 5b2faa78f1..b109cfe271 100644 --- a/src/lib/libssl/test/testca +++ b/src/lib/libssl/test/testca | |||
| @@ -2,16 +2,16 @@ | |||
| 2 | 2 | ||
| 3 | SH="/bin/sh" | 3 | SH="/bin/sh" |
| 4 | if test "$OSTYPE" = msdosdjgpp; then | 4 | if test "$OSTYPE" = msdosdjgpp; then |
| 5 | PATH=./apps\;../apps\;$PATH | 5 | PATH="../apps\;$PATH" |
| 6 | else | 6 | else |
| 7 | PATH=../apps:$PATH | 7 | PATH="../apps:$PATH" |
| 8 | fi | 8 | fi |
| 9 | export SH PATH | 9 | export SH PATH |
| 10 | 10 | ||
| 11 | SSLEAY_CONFIG="-config CAss.cnf" | 11 | SSLEAY_CONFIG="-config CAss.cnf" |
| 12 | export SSLEAY_CONFIG | 12 | export SSLEAY_CONFIG |
| 13 | 13 | ||
| 14 | OPENSSL="`pwd`/../util/shlib_wrap.sh openssl" | 14 | OPENSSL="`pwd`/../util/opensslwrap.sh" |
| 15 | export OPENSSL | 15 | export OPENSSL |
| 16 | 16 | ||
| 17 | /bin/rm -fr demoCA | 17 | /bin/rm -fr demoCA |
diff --git a/src/lib/libssl/test/testenc b/src/lib/libssl/test/testenc index 4571ea2875..f5ce7c0c45 100644 --- a/src/lib/libssl/test/testenc +++ b/src/lib/libssl/test/testenc | |||
| @@ -7,8 +7,8 @@ cmd="../util/shlib_wrap.sh ../apps/openssl" | |||
| 7 | cat $testsrc >$test; | 7 | cat $testsrc >$test; |
| 8 | 8 | ||
| 9 | echo cat | 9 | echo cat |
| 10 | $cmd enc -non-fips-allow < $test > $test.cipher | 10 | $cmd enc < $test > $test.cipher |
| 11 | $cmd enc -non-fips-allow < $test.cipher >$test.clear | 11 | $cmd enc < $test.cipher >$test.clear |
| 12 | cmp $test $test.clear | 12 | cmp $test $test.clear |
| 13 | if [ $? != 0 ] | 13 | if [ $? != 0 ] |
| 14 | then | 14 | then |
| @@ -17,8 +17,8 @@ else | |||
| 17 | /bin/rm $test.cipher $test.clear | 17 | /bin/rm $test.cipher $test.clear |
| 18 | fi | 18 | fi |
| 19 | echo base64 | 19 | echo base64 |
| 20 | $cmd enc -non-fips-allow -a -e < $test > $test.cipher | 20 | $cmd enc -a -e < $test > $test.cipher |
| 21 | $cmd enc -non-fips-allow -a -d < $test.cipher >$test.clear | 21 | $cmd enc -a -d < $test.cipher >$test.clear |
| 22 | cmp $test $test.clear | 22 | cmp $test $test.clear |
| 23 | if [ $? != 0 ] | 23 | if [ $? != 0 ] |
| 24 | then | 24 | then |
| @@ -30,8 +30,8 @@ fi | |||
| 30 | for i in `$cmd list-cipher-commands` | 30 | for i in `$cmd list-cipher-commands` |
| 31 | do | 31 | do |
| 32 | echo $i | 32 | echo $i |
| 33 | $cmd $i -non-fips-allow -bufsize 113 -e -k test < $test > $test.$i.cipher | 33 | $cmd $i -bufsize 113 -e -k test < $test > $test.$i.cipher |
| 34 | $cmd $i -non-fips-allow -bufsize 157 -d -k test < $test.$i.cipher >$test.$i.clear | 34 | $cmd $i -bufsize 157 -d -k test < $test.$i.cipher >$test.$i.clear |
| 35 | cmp $test $test.$i.clear | 35 | cmp $test $test.$i.clear |
| 36 | if [ $? != 0 ] | 36 | if [ $? != 0 ] |
| 37 | then | 37 | then |
| @@ -41,8 +41,8 @@ do | |||
| 41 | fi | 41 | fi |
| 42 | 42 | ||
| 43 | echo $i base64 | 43 | echo $i base64 |
| 44 | $cmd $i -non-fips-allow -bufsize 113 -a -e -k test < $test > $test.$i.cipher | 44 | $cmd $i -bufsize 113 -a -e -k test < $test > $test.$i.cipher |
| 45 | $cmd $i -non-fips-allow -bufsize 157 -a -d -k test < $test.$i.cipher >$test.$i.clear | 45 | $cmd $i -bufsize 157 -a -d -k test < $test.$i.cipher >$test.$i.clear |
| 46 | cmp $test $test.$i.clear | 46 | cmp $test $test.$i.clear |
| 47 | if [ $? != 0 ] | 47 | if [ $? != 0 ] |
| 48 | then | 48 | then |
diff --git a/src/lib/libssl/test/tests.com b/src/lib/libssl/test/tests.com index 07a3c7f16d..056082e7fe 100644 --- a/src/lib/libssl/test/tests.com +++ b/src/lib/libssl/test/tests.com | |||
| @@ -22,14 +22,17 @@ $ tests := - | |||
| 22 | test_des,test_idea,test_sha,test_md4,test_md5,test_hmac,- | 22 | test_des,test_idea,test_sha,test_md4,test_md5,test_hmac,- |
| 23 | test_md2,test_mdc2,- | 23 | test_md2,test_mdc2,- |
| 24 | test_rmd,test_rc2,test_rc4,test_rc5,test_bf,test_cast,test_rd,- | 24 | test_rmd,test_rc2,test_rc4,test_rc5,test_bf,test_cast,test_rd,- |
| 25 | test_rand,test_bn,test_ec,test_enc,test_x509,test_rsa,test_crl,test_sid,- | 25 | test_rand,test_bn,test_ec,test_ecdsa,test_ecdh,- |
| 26 | test_enc,test_x509,test_rsa,test_crl,test_sid,- | ||
| 26 | test_gen,test_req,test_pkcs7,test_verify,test_dh,test_dsa,- | 27 | test_gen,test_req,test_pkcs7,test_verify,test_dh,test_dsa,- |
| 27 | test_ss,test_ca,test_engine,test_ssl,test_evp | 28 | test_ss,test_ca,test_engine,test_evp,test_ssl |
| 28 | $ endif | 29 | $ endif |
| 29 | $ tests = f$edit(tests,"COLLAPSE") | 30 | $ tests = f$edit(tests,"COLLAPSE") |
| 30 | $ | 31 | $ |
| 31 | $ BNTEST := bntest | 32 | $ BNTEST := bntest |
| 32 | $ ECTEST := ectest | 33 | $ ECTEST := ectest |
| 34 | $ ECDSATEST := ecdsatest | ||
| 35 | $ ECDHTEST := ecdhtest | ||
| 33 | $ EXPTEST := exptest | 36 | $ EXPTEST := exptest |
| 34 | $ IDEATEST := ideatest | 37 | $ IDEATEST := ideatest |
| 35 | $ SHATEST := shatest | 38 | $ SHATEST := shatest |
| @@ -182,6 +185,14 @@ $ test_ec: | |||
| 182 | $ write sys$output "test elliptic curves" | 185 | $ write sys$output "test elliptic curves" |
| 183 | $ mcr 'texe_dir''ectest' | 186 | $ mcr 'texe_dir''ectest' |
| 184 | $ return | 187 | $ return |
| 188 | $ test_ecdsa: | ||
| 189 | $ write sys$output "test ecdsa" | ||
| 190 | $ mcr 'texe_dir''ecdsatest' | ||
| 191 | $ return | ||
| 192 | $ test_ecdh: | ||
| 193 | $ write sys$output "test ecdh" | ||
| 194 | $ mcr 'texe_dir''ecdhtest' | ||
| 195 | $ return | ||
| 185 | $ test_verify: | 196 | $ test_verify: |
| 186 | $ write sys$output "The following command should have some OK's and some failures" | 197 | $ write sys$output "The following command should have some OK's and some failures" |
| 187 | $ write sys$output "There are definitly a few expired certificates" | 198 | $ write sys$output "There are definitly a few expired certificates" |
diff --git a/src/lib/libssl/test/tpkcs7 b/src/lib/libssl/test/tpkcs7 index 79bb6e0edf..3e435ffbf9 100644 --- a/src/lib/libssl/test/tpkcs7 +++ b/src/lib/libssl/test/tpkcs7 | |||
| @@ -1,12 +1,5 @@ | |||
| 1 | #!/bin/sh | 1 | #!/bin/sh |
| 2 | 2 | ||
| 3 | if test "$OSTYPE" = msdosdjgpp; then | ||
| 4 | PATH=../apps\;$PATH | ||
| 5 | else | ||
| 6 | PATH=../apps:$PATH | ||
| 7 | fi | ||
| 8 | export PATH | ||
| 9 | |||
| 10 | cmd='../util/shlib_wrap.sh ../apps/openssl pkcs7' | 3 | cmd='../util/shlib_wrap.sh ../apps/openssl pkcs7' |
| 11 | 4 | ||
| 12 | if [ "$1"x != "x" ]; then | 5 | if [ "$1"x != "x" ]; then |
diff --git a/src/lib/libssl/test/tpkcs7d b/src/lib/libssl/test/tpkcs7d index 20394b34c4..64fc28e88f 100644 --- a/src/lib/libssl/test/tpkcs7d +++ b/src/lib/libssl/test/tpkcs7d | |||
| @@ -1,12 +1,5 @@ | |||
| 1 | #!/bin/sh | 1 | #!/bin/sh |
| 2 | 2 | ||
| 3 | if test "$OSTYPE" = msdosdjgpp; then | ||
| 4 | PATH=../apps\;$PATH | ||
| 5 | else | ||
| 6 | PATH=../apps:$PATH | ||
| 7 | fi | ||
| 8 | export PATH | ||
| 9 | |||
| 10 | cmd='../util/shlib_wrap.sh ../apps/openssl pkcs7' | 3 | cmd='../util/shlib_wrap.sh ../apps/openssl pkcs7' |
| 11 | 4 | ||
| 12 | if [ "$1"x != "x" ]; then | 5 | if [ "$1"x != "x" ]; then |
diff --git a/src/lib/libssl/test/treq b/src/lib/libssl/test/treq index 7e020210a5..77f37dcf3a 100644 --- a/src/lib/libssl/test/treq +++ b/src/lib/libssl/test/treq | |||
| @@ -1,12 +1,5 @@ | |||
| 1 | #!/bin/sh | 1 | #!/bin/sh |
| 2 | 2 | ||
| 3 | if test "$OSTYPE" = msdosdjgpp; then | ||
| 4 | PATH=../apps\;$PATH | ||
| 5 | else | ||
| 6 | PATH=../apps:$PATH | ||
| 7 | fi | ||
| 8 | export PATH | ||
| 9 | |||
| 10 | cmd='../util/shlib_wrap.sh ../apps/openssl req -config ../apps/openssl.cnf' | 3 | cmd='../util/shlib_wrap.sh ../apps/openssl req -config ../apps/openssl.cnf' |
| 11 | 4 | ||
| 12 | if [ "$1"x != "x" ]; then | 5 | if [ "$1"x != "x" ]; then |
| @@ -15,7 +8,7 @@ else | |||
| 15 | t=testreq.pem | 8 | t=testreq.pem |
| 16 | fi | 9 | fi |
| 17 | 10 | ||
| 18 | if $cmd -in $t -inform p -noout -text | fgrep 'Unknown Public Key'; then | 11 | if $cmd -in $t -inform p -noout -text 2>&1 | fgrep -i 'Unknown Public Key'; then |
| 19 | echo "skipping req conversion test for $t" | 12 | echo "skipping req conversion test for $t" |
| 20 | exit 0 | 13 | exit 0 |
| 21 | fi | 14 | fi |
diff --git a/src/lib/libssl/test/trsa b/src/lib/libssl/test/trsa index 67b4a98841..249ac1ddcc 100644 --- a/src/lib/libssl/test/trsa +++ b/src/lib/libssl/test/trsa | |||
| @@ -1,12 +1,5 @@ | |||
| 1 | #!/bin/sh | 1 | #!/bin/sh |
| 2 | 2 | ||
| 3 | if test "$OSTYPE" = msdosdjgpp; then | ||
| 4 | PATH=../apps\;$PATH | ||
| 5 | else | ||
| 6 | PATH=../apps:$PATH | ||
| 7 | fi | ||
| 8 | export PATH | ||
| 9 | |||
| 10 | if ../util/shlib_wrap.sh ../apps/openssl no-rsa; then | 3 | if ../util/shlib_wrap.sh ../apps/openssl no-rsa; then |
| 11 | echo skipping rsa conversion test | 4 | echo skipping rsa conversion test |
| 12 | exit 0 | 5 | exit 0 |
diff --git a/src/lib/libssl/test/tsid b/src/lib/libssl/test/tsid index fb4a7213b9..6adbd531ce 100644 --- a/src/lib/libssl/test/tsid +++ b/src/lib/libssl/test/tsid | |||
| @@ -1,12 +1,5 @@ | |||
| 1 | #!/bin/sh | 1 | #!/bin/sh |
| 2 | 2 | ||
| 3 | if test "$OSTYPE" = msdosdjgpp; then | ||
| 4 | PATH=../apps\;$PATH | ||
| 5 | else | ||
| 6 | PATH=../apps:$PATH | ||
| 7 | fi | ||
| 8 | export PATH | ||
| 9 | |||
| 10 | cmd='../util/shlib_wrap.sh ../apps/openssl sess_id' | 3 | cmd='../util/shlib_wrap.sh ../apps/openssl sess_id' |
| 11 | 4 | ||
| 12 | if [ "$1"x != "x" ]; then | 5 | if [ "$1"x != "x" ]; then |
diff --git a/src/lib/libssl/test/tx509 b/src/lib/libssl/test/tx509 index 1b9c8661f3..4a15b98d17 100644 --- a/src/lib/libssl/test/tx509 +++ b/src/lib/libssl/test/tx509 | |||
| @@ -1,12 +1,5 @@ | |||
| 1 | #!/bin/sh | 1 | #!/bin/sh |
| 2 | 2 | ||
| 3 | if test "$OSTYPE" = msdosdjgpp; then | ||
| 4 | PATH=../apps\;$PATH | ||
| 5 | else | ||
| 6 | PATH=../apps:$PATH | ||
| 7 | fi | ||
| 8 | export PATH | ||
| 9 | |||
| 10 | cmd='../util/shlib_wrap.sh ../apps/openssl x509' | 3 | cmd='../util/shlib_wrap.sh ../apps/openssl x509' |
| 11 | 4 | ||
| 12 | if [ "$1"x != "x" ]; then | 5 | if [ "$1"x != "x" ]; then |
diff --git a/src/lib/libssl/tls1.h b/src/lib/libssl/tls1.h index 38838ea9a5..2d1d293e1a 100644 --- a/src/lib/libssl/tls1.h +++ b/src/lib/libssl/tls1.h | |||
| @@ -55,6 +55,19 @@ | |||
| 55 | * copied and put under another distribution licence | 55 | * copied and put under another distribution licence |
| 56 | * [including the GNU Public Licence.] | 56 | * [including the GNU Public Licence.] |
| 57 | */ | 57 | */ |
| 58 | /* ==================================================================== | ||
| 59 | * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. | ||
| 60 | * | ||
| 61 | * Portions of the attached software ("Contribution") are developed by | ||
| 62 | * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project. | ||
| 63 | * | ||
| 64 | * The Contribution is licensed pursuant to the OpenSSL open source | ||
| 65 | * license provided above. | ||
| 66 | * | ||
| 67 | * ECC cipher suite support in OpenSSL originally written by | ||
| 68 | * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories. | ||
| 69 | * | ||
| 70 | */ | ||
| 58 | 71 | ||
| 59 | #ifndef HEADER_TLS1_H | 72 | #ifndef HEADER_TLS1_H |
| 60 | #define HEADER_TLS1_H | 73 | #define HEADER_TLS1_H |
| @@ -65,7 +78,7 @@ | |||
| 65 | extern "C" { | 78 | extern "C" { |
| 66 | #endif | 79 | #endif |
| 67 | 80 | ||
| 68 | #define TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES 1 | 81 | #define TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES 0 |
| 69 | 82 | ||
| 70 | #define TLS1_VERSION 0x0301 | 83 | #define TLS1_VERSION 0x0301 |
| 71 | #define TLS1_VERSION_MAJOR 0x03 | 84 | #define TLS1_VERSION_MAJOR 0x03 |
| @@ -83,6 +96,93 @@ extern "C" { | |||
| 83 | #define TLS1_AD_INTERNAL_ERROR 80 /* fatal */ | 96 | #define TLS1_AD_INTERNAL_ERROR 80 /* fatal */ |
| 84 | #define TLS1_AD_USER_CANCELLED 90 | 97 | #define TLS1_AD_USER_CANCELLED 90 |
| 85 | #define TLS1_AD_NO_RENEGOTIATION 100 | 98 | #define TLS1_AD_NO_RENEGOTIATION 100 |
| 99 | /* codes 110-114 are from RFC3546 */ | ||
| 100 | #define TLS1_AD_UNSUPPORTED_EXTENSION 110 | ||
| 101 | #define TLS1_AD_CERTIFICATE_UNOBTAINABLE 111 | ||
| 102 | #define TLS1_AD_UNRECOGNIZED_NAME 112 | ||
| 103 | #define TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE 113 | ||
| 104 | #define TLS1_AD_BAD_CERTIFICATE_HASH_VALUE 114 | ||
| 105 | #define TLS1_AD_UNKNOWN_PSK_IDENTITY 115 /* fatal */ | ||
| 106 | |||
| 107 | /* ExtensionType values from RFC 3546 */ | ||
| 108 | #define TLSEXT_TYPE_server_name 0 | ||
| 109 | #define TLSEXT_TYPE_max_fragment_length 1 | ||
| 110 | #define TLSEXT_TYPE_client_certificate_url 2 | ||
| 111 | #define TLSEXT_TYPE_trusted_ca_keys 3 | ||
| 112 | #define TLSEXT_TYPE_truncated_hmac 4 | ||
| 113 | #define TLSEXT_TYPE_status_request 5 | ||
| 114 | #define TLSEXT_TYPE_elliptic_curves 10 | ||
| 115 | #define TLSEXT_TYPE_ec_point_formats 11 | ||
| 116 | #define TLSEXT_TYPE_session_ticket 35 | ||
| 117 | |||
| 118 | /* NameType value from RFC 3546 */ | ||
| 119 | #define TLSEXT_NAMETYPE_host_name 0 | ||
| 120 | /* status request value from RFC 3546 */ | ||
| 121 | #define TLSEXT_STATUSTYPE_ocsp 1 | ||
| 122 | |||
| 123 | #ifndef OPENSSL_NO_TLSEXT | ||
| 124 | |||
| 125 | #define TLSEXT_MAXLEN_host_name 255 | ||
| 126 | |||
| 127 | const char *SSL_get_servername(const SSL *s, const int type) ; | ||
| 128 | int SSL_get_servername_type(const SSL *s) ; | ||
| 129 | |||
| 130 | #define SSL_set_tlsext_host_name(s,name) \ | ||
| 131 | SSL_ctrl(s,SSL_CTRL_SET_TLSEXT_HOSTNAME,TLSEXT_NAMETYPE_host_name,(char *)name) | ||
| 132 | |||
| 133 | #define SSL_set_tlsext_debug_callback(ssl, cb) \ | ||
| 134 | SSL_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_DEBUG_CB,(void (*)(void))cb) | ||
| 135 | |||
| 136 | #define SSL_set_tlsext_debug_arg(ssl, arg) \ | ||
| 137 | SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_DEBUG_ARG,0, (void *)arg) | ||
| 138 | |||
| 139 | #define SSL_set_tlsext_status_type(ssl, type) \ | ||
| 140 | SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE,type, NULL) | ||
| 141 | |||
| 142 | #define SSL_get_tlsext_status_exts(ssl, arg) \ | ||
| 143 | SSL_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS,0, (void *)arg) | ||
| 144 | |||
| 145 | #define SSL_set_tlsext_status_exts(ssl, arg) \ | ||
| 146 | SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS,0, (void *)arg) | ||
| 147 | |||
| 148 | #define SSL_get_tlsext_status_ids(ssl, arg) \ | ||
| 149 | SSL_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS,0, (void *)arg) | ||
| 150 | |||
| 151 | #define SSL_set_tlsext_status_ids(ssl, arg) \ | ||
| 152 | SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS,0, (void *)arg) | ||
| 153 | |||
| 154 | #define SSL_get_tlsext_status_ocsp_resp(ssl, arg) \ | ||
| 155 | SSL_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP,0, (void *)arg) | ||
| 156 | |||
| 157 | #define SSL_set_tlsext_status_ocsp_resp(ssl, arg, arglen) \ | ||
| 158 | SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP,arglen, (void *)arg) | ||
| 159 | |||
| 160 | #define SSL_CTX_set_tlsext_servername_callback(ctx, cb) \ | ||
| 161 | SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TLSEXT_SERVERNAME_CB,(void (*)(void))cb) | ||
| 162 | |||
| 163 | #define SSL_TLSEXT_ERR_OK 0 | ||
| 164 | #define SSL_TLSEXT_ERR_ALERT_WARNING 1 | ||
| 165 | #define SSL_TLSEXT_ERR_ALERT_FATAL 2 | ||
| 166 | #define SSL_TLSEXT_ERR_NOACK 3 | ||
| 167 | |||
| 168 | #define SSL_CTX_set_tlsext_servername_arg(ctx, arg) \ | ||
| 169 | SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG,0, (void *)arg) | ||
| 170 | |||
| 171 | #define SSL_CTX_get_tlsext_ticket_keys(ctx, keys, keylen) \ | ||
| 172 | SSL_CTX_ctrl((ctx),SSL_CTRL_GET_TLXEXT_TICKET_KEYS,(keylen),(keys)) | ||
| 173 | #define SSL_CTX_set_tlsext_ticket_keys(ctx, keys, keylen) \ | ||
| 174 | SSL_CTX_ctrl((ctx),SSL_CTRL_SET_TLXEXT_TICKET_KEYS,(keylen),(keys)) | ||
| 175 | |||
| 176 | #define SSL_CTX_set_tlsext_status_cb(ssl, cb) \ | ||
| 177 | SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB,(void (*)(void))cb) | ||
| 178 | |||
| 179 | #define SSL_CTX_set_tlsext_status_arg(ssl, arg) \ | ||
| 180 | SSL_CTX_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG,0, (void *)arg) | ||
| 181 | |||
| 182 | #define SSL_CTX_set_tlsext_ticket_key_cb(ssl, cb) \ | ||
| 183 | SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb) | ||
| 184 | |||
| 185 | #endif | ||
| 86 | 186 | ||
| 87 | /* Additional TLS ciphersuites from draft-ietf-tls-56-bit-ciphersuites-00.txt | 187 | /* Additional TLS ciphersuites from draft-ietf-tls-56-bit-ciphersuites-00.txt |
| 88 | * (available if TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES is defined, see | 188 | * (available if TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES is defined, see |
| @@ -112,6 +212,60 @@ extern "C" { | |||
| 112 | #define TLS1_CK_DHE_RSA_WITH_AES_256_SHA 0x03000039 | 212 | #define TLS1_CK_DHE_RSA_WITH_AES_256_SHA 0x03000039 |
| 113 | #define TLS1_CK_ADH_WITH_AES_256_SHA 0x0300003A | 213 | #define TLS1_CK_ADH_WITH_AES_256_SHA 0x0300003A |
| 114 | 214 | ||
| 215 | /* Camellia ciphersuites from RFC4132 */ | ||
| 216 | #define TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA 0x03000041 | ||
| 217 | #define TLS1_CK_DH_DSS_WITH_CAMELLIA_128_CBC_SHA 0x03000042 | ||
| 218 | #define TLS1_CK_DH_RSA_WITH_CAMELLIA_128_CBC_SHA 0x03000043 | ||
| 219 | #define TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA 0x03000044 | ||
| 220 | #define TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA 0x03000045 | ||
| 221 | #define TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA 0x03000046 | ||
| 222 | |||
| 223 | #define TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA 0x03000084 | ||
| 224 | #define TLS1_CK_DH_DSS_WITH_CAMELLIA_256_CBC_SHA 0x03000085 | ||
| 225 | #define TLS1_CK_DH_RSA_WITH_CAMELLIA_256_CBC_SHA 0x03000086 | ||
| 226 | #define TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA 0x03000087 | ||
| 227 | #define TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 0x03000088 | ||
| 228 | #define TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA 0x03000089 | ||
| 229 | |||
| 230 | /* SEED ciphersuites from RFC4162 */ | ||
| 231 | #define TLS1_CK_RSA_WITH_SEED_SHA 0x03000096 | ||
| 232 | #define TLS1_CK_DH_DSS_WITH_SEED_SHA 0x03000097 | ||
| 233 | #define TLS1_CK_DH_RSA_WITH_SEED_SHA 0x03000098 | ||
| 234 | #define TLS1_CK_DHE_DSS_WITH_SEED_SHA 0x03000099 | ||
| 235 | #define TLS1_CK_DHE_RSA_WITH_SEED_SHA 0x0300009A | ||
| 236 | #define TLS1_CK_ADH_WITH_SEED_SHA 0x0300009B | ||
| 237 | |||
| 238 | /* ECC ciphersuites from draft-ietf-tls-ecc-12.txt with changes soon to be in draft 13 */ | ||
| 239 | #define TLS1_CK_ECDH_ECDSA_WITH_NULL_SHA 0x0300C001 | ||
| 240 | #define TLS1_CK_ECDH_ECDSA_WITH_RC4_128_SHA 0x0300C002 | ||
| 241 | #define TLS1_CK_ECDH_ECDSA_WITH_DES_192_CBC3_SHA 0x0300C003 | ||
| 242 | #define TLS1_CK_ECDH_ECDSA_WITH_AES_128_CBC_SHA 0x0300C004 | ||
| 243 | #define TLS1_CK_ECDH_ECDSA_WITH_AES_256_CBC_SHA 0x0300C005 | ||
| 244 | |||
| 245 | #define TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA 0x0300C006 | ||
| 246 | #define TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA 0x0300C007 | ||
| 247 | #define TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA 0x0300C008 | ||
| 248 | #define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 0x0300C009 | ||
| 249 | #define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 0x0300C00A | ||
| 250 | |||
| 251 | #define TLS1_CK_ECDH_RSA_WITH_NULL_SHA 0x0300C00B | ||
| 252 | #define TLS1_CK_ECDH_RSA_WITH_RC4_128_SHA 0x0300C00C | ||
| 253 | #define TLS1_CK_ECDH_RSA_WITH_DES_192_CBC3_SHA 0x0300C00D | ||
| 254 | #define TLS1_CK_ECDH_RSA_WITH_AES_128_CBC_SHA 0x0300C00E | ||
| 255 | #define TLS1_CK_ECDH_RSA_WITH_AES_256_CBC_SHA 0x0300C00F | ||
| 256 | |||
| 257 | #define TLS1_CK_ECDHE_RSA_WITH_NULL_SHA 0x0300C010 | ||
| 258 | #define TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA 0x0300C011 | ||
| 259 | #define TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA 0x0300C012 | ||
| 260 | #define TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA 0x0300C013 | ||
| 261 | #define TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA 0x0300C014 | ||
| 262 | |||
| 263 | #define TLS1_CK_ECDH_anon_WITH_NULL_SHA 0x0300C015 | ||
| 264 | #define TLS1_CK_ECDH_anon_WITH_RC4_128_SHA 0x0300C016 | ||
| 265 | #define TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA 0x0300C017 | ||
| 266 | #define TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA 0x0300C018 | ||
| 267 | #define TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA 0x0300C019 | ||
| 268 | |||
| 115 | /* XXX | 269 | /* XXX |
| 116 | * Inconsistency alert: | 270 | * Inconsistency alert: |
| 117 | * The OpenSSL names of ciphers with ephemeral DH here include the string | 271 | * The OpenSSL names of ciphers with ephemeral DH here include the string |
| @@ -142,12 +296,68 @@ extern "C" { | |||
| 142 | #define TLS1_TXT_DHE_RSA_WITH_AES_256_SHA "DHE-RSA-AES256-SHA" | 296 | #define TLS1_TXT_DHE_RSA_WITH_AES_256_SHA "DHE-RSA-AES256-SHA" |
| 143 | #define TLS1_TXT_ADH_WITH_AES_256_SHA "ADH-AES256-SHA" | 297 | #define TLS1_TXT_ADH_WITH_AES_256_SHA "ADH-AES256-SHA" |
| 144 | 298 | ||
| 299 | /* ECC ciphersuites from draft-ietf-tls-ecc-01.txt (Mar 15, 2001) */ | ||
| 300 | #define TLS1_TXT_ECDH_ECDSA_WITH_NULL_SHA "ECDH-ECDSA-NULL-SHA" | ||
| 301 | #define TLS1_TXT_ECDH_ECDSA_WITH_RC4_128_SHA "ECDH-ECDSA-RC4-SHA" | ||
| 302 | #define TLS1_TXT_ECDH_ECDSA_WITH_DES_192_CBC3_SHA "ECDH-ECDSA-DES-CBC3-SHA" | ||
| 303 | #define TLS1_TXT_ECDH_ECDSA_WITH_AES_128_CBC_SHA "ECDH-ECDSA-AES128-SHA" | ||
| 304 | #define TLS1_TXT_ECDH_ECDSA_WITH_AES_256_CBC_SHA "ECDH-ECDSA-AES256-SHA" | ||
| 305 | |||
| 306 | #define TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA "ECDHE-ECDSA-NULL-SHA" | ||
| 307 | #define TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA "ECDHE-ECDSA-RC4-SHA" | ||
| 308 | #define TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA "ECDHE-ECDSA-DES-CBC3-SHA" | ||
| 309 | #define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA "ECDHE-ECDSA-AES128-SHA" | ||
| 310 | #define TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA "ECDHE-ECDSA-AES256-SHA" | ||
| 311 | |||
| 312 | #define TLS1_TXT_ECDH_RSA_WITH_NULL_SHA "ECDH-RSA-NULL-SHA" | ||
| 313 | #define TLS1_TXT_ECDH_RSA_WITH_RC4_128_SHA "ECDH-RSA-RC4-SHA" | ||
| 314 | #define TLS1_TXT_ECDH_RSA_WITH_DES_192_CBC3_SHA "ECDH-RSA-DES-CBC3-SHA" | ||
| 315 | #define TLS1_TXT_ECDH_RSA_WITH_AES_128_CBC_SHA "ECDH-RSA-AES128-SHA" | ||
| 316 | #define TLS1_TXT_ECDH_RSA_WITH_AES_256_CBC_SHA "ECDH-RSA-AES256-SHA" | ||
| 317 | |||
| 318 | #define TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA "ECDHE-RSA-NULL-SHA" | ||
| 319 | #define TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA "ECDHE-RSA-RC4-SHA" | ||
| 320 | #define TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA "ECDHE-RSA-DES-CBC3-SHA" | ||
| 321 | #define TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA "ECDHE-RSA-AES128-SHA" | ||
| 322 | #define TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA "ECDHE-RSA-AES256-SHA" | ||
| 323 | |||
| 324 | #define TLS1_TXT_ECDH_anon_WITH_NULL_SHA "AECDH-NULL-SHA" | ||
| 325 | #define TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA "AECDH-RC4-SHA" | ||
| 326 | #define TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA "AECDH-DES-CBC3-SHA" | ||
| 327 | #define TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA "AECDH-AES128-SHA" | ||
| 328 | #define TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA "AECDH-AES256-SHA" | ||
| 329 | |||
| 330 | /* Camellia ciphersuites from RFC4132 */ | ||
| 331 | #define TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA "CAMELLIA128-SHA" | ||
| 332 | #define TLS1_TXT_DH_DSS_WITH_CAMELLIA_128_CBC_SHA "DH-DSS-CAMELLIA128-SHA" | ||
| 333 | #define TLS1_TXT_DH_RSA_WITH_CAMELLIA_128_CBC_SHA "DH-RSA-CAMELLIA128-SHA" | ||
| 334 | #define TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA "DHE-DSS-CAMELLIA128-SHA" | ||
| 335 | #define TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA "DHE-RSA-CAMELLIA128-SHA" | ||
| 336 | #define TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA "ADH-CAMELLIA128-SHA" | ||
| 337 | |||
| 338 | #define TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA "CAMELLIA256-SHA" | ||
| 339 | #define TLS1_TXT_DH_DSS_WITH_CAMELLIA_256_CBC_SHA "DH-DSS-CAMELLIA256-SHA" | ||
| 340 | #define TLS1_TXT_DH_RSA_WITH_CAMELLIA_256_CBC_SHA "DH-RSA-CAMELLIA256-SHA" | ||
| 341 | #define TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA "DHE-DSS-CAMELLIA256-SHA" | ||
| 342 | #define TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA "DHE-RSA-CAMELLIA256-SHA" | ||
| 343 | #define TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA "ADH-CAMELLIA256-SHA" | ||
| 344 | |||
| 345 | /* SEED ciphersuites from RFC4162 */ | ||
| 346 | #define TLS1_TXT_RSA_WITH_SEED_SHA "SEED-SHA" | ||
| 347 | #define TLS1_TXT_DH_DSS_WITH_SEED_SHA "DH-DSS-SEED-SHA" | ||
| 348 | #define TLS1_TXT_DH_RSA_WITH_SEED_SHA "DH-RSA-SEED-SHA" | ||
| 349 | #define TLS1_TXT_DHE_DSS_WITH_SEED_SHA "DHE-DSS-SEED-SHA" | ||
| 350 | #define TLS1_TXT_DHE_RSA_WITH_SEED_SHA "DHE-RSA-SEED-SHA" | ||
| 351 | #define TLS1_TXT_ADH_WITH_SEED_SHA "ADH-SEED-SHA" | ||
| 145 | 352 | ||
| 146 | #define TLS_CT_RSA_SIGN 1 | 353 | #define TLS_CT_RSA_SIGN 1 |
| 147 | #define TLS_CT_DSS_SIGN 2 | 354 | #define TLS_CT_DSS_SIGN 2 |
| 148 | #define TLS_CT_RSA_FIXED_DH 3 | 355 | #define TLS_CT_RSA_FIXED_DH 3 |
| 149 | #define TLS_CT_DSS_FIXED_DH 4 | 356 | #define TLS_CT_DSS_FIXED_DH 4 |
| 150 | #define TLS_CT_NUMBER 4 | 357 | #define TLS_CT_ECDSA_SIGN 64 |
| 358 | #define TLS_CT_RSA_FIXED_ECDH 65 | ||
| 359 | #define TLS_CT_ECDSA_FIXED_ECDH 66 | ||
| 360 | #define TLS_CT_NUMBER 7 | ||
| 151 | 361 | ||
| 152 | #define TLS1_FINISH_MAC_LENGTH 12 | 362 | #define TLS1_FINISH_MAC_LENGTH 12 |
| 153 | 363 | ||
| @@ -193,3 +403,5 @@ extern "C" { | |||
| 193 | #endif | 403 | #endif |
| 194 | #endif | 404 | #endif |
| 195 | 405 | ||
| 406 | |||
| 407 | |||