diff options
| author | markus <> | 2002-09-12 20:53:48 +0000 | 
|---|---|---|
| committer | markus <> | 2002-09-12 20:53:48 +0000 | 
| commit | f8f1d7fabf136ce9810602509c477d2c42bf6d1c (patch) | |
| tree | 79ba8d2f1eb402a8b47ada9aeb8f5572d97d1b65 /src | |
| parent | 2a6851ef8adb0e84ff2515493d3704a13c6256b0 (diff) | |
| download | openbsd-f8f1d7fabf136ce9810602509c477d2c42bf6d1c.tar.gz openbsd-f8f1d7fabf136ce9810602509c477d2c42bf6d1c.tar.bz2 openbsd-f8f1d7fabf136ce9810602509c477d2c42bf6d1c.zip | |
import openssl-0.9.7-stable-SNAP-20020911 (without idea)
Diffstat (limited to '')
128 files changed, 6497 insertions, 519 deletions
| diff --git a/src/lib/libcrypto/crypto-lib.com b/src/lib/libcrypto/crypto-lib.com index 4847a69a71..dfcff11860 100644 --- a/src/lib/libcrypto/crypto-lib.com +++ b/src/lib/libcrypto/crypto-lib.com | |||
| @@ -231,7 +231,7 @@ $ LIB_RAND = "md_rand,randfile,rand_lib,rand_err,rand_egd,"+ - | |||
| 231 | "rand_vms" | 231 | "rand_vms" | 
| 232 | $ LIB_ERR = "err,err_all,err_prn" | 232 | $ LIB_ERR = "err,err_all,err_prn" | 
| 233 | $ LIB_OBJECTS = "o_names,obj_dat,obj_lib,obj_err" | 233 | $ LIB_OBJECTS = "o_names,obj_dat,obj_lib,obj_err" | 
| 234 | $ LIB_EVP = "encode,digest,evp_enc,evp_key,"+ - | 234 | $ LIB_EVP = "encode,digest,evp_enc,evp_key,evp_acnf,"+ - | 
| 235 | "e_des,e_bf,e_idea,e_des3,"+ - | 235 | "e_des,e_bf,e_idea,e_des3,"+ - | 
| 236 | "e_rc4,e_aes,names,"+ - | 236 | "e_rc4,e_aes,names,"+ - | 
| 237 | "e_xcbc_d,e_rc2,e_cast,e_rc5" | 237 | "e_xcbc_d,e_rc2,e_cast,e_rc5" | 
| @@ -265,14 +265,14 @@ $ LIB_X509V3 = "v3_bcons,v3_bitst,v3_conf,v3_extku,v3_ia5,v3_lib,"+ - | |||
| 265 | "v3_prn,v3_utl,v3err,v3_genn,v3_alt,v3_skey,v3_akey,v3_pku,"+ - | 265 | "v3_prn,v3_utl,v3err,v3_genn,v3_alt,v3_skey,v3_akey,v3_pku,"+ - | 
| 266 | "v3_int,v3_enum,v3_sxnet,v3_cpols,v3_crld,v3_purp,v3_info,"+ - | 266 | "v3_int,v3_enum,v3_sxnet,v3_cpols,v3_crld,v3_purp,v3_info,"+ - | 
| 267 | "v3_ocsp,v3_akeya" | 267 | "v3_ocsp,v3_akeya" | 
| 268 | $ LIB_CONF = "conf_err,conf_lib,conf_api,conf_def,conf_mod,conf_mall" | 268 | $ LIB_CONF = "conf_err,conf_lib,conf_api,conf_def,conf_mod,conf_mall,conf_sap" | 
| 269 | $ LIB_TXT_DB = "txt_db" | 269 | $ LIB_TXT_DB = "txt_db" | 
| 270 | $ LIB_PKCS7 = "pk7_asn1,pk7_lib,pkcs7err,pk7_doit,pk7_smime,pk7_attr,"+ - | 270 | $ LIB_PKCS7 = "pk7_asn1,pk7_lib,pkcs7err,pk7_doit,pk7_smime,pk7_attr,"+ - | 
| 271 | "pk7_mime" | 271 | "pk7_mime" | 
| 272 | $ LIB_PKCS12 = "p12_add,p12_asn,p12_attr,p12_crpt,p12_crt,p12_decr,"+ - | 272 | $ LIB_PKCS12 = "p12_add,p12_asn,p12_attr,p12_crpt,p12_crt,p12_decr,"+ - | 
| 273 | "p12_init,p12_key,p12_kiss,p12_mutl,"+ - | 273 | "p12_init,p12_key,p12_kiss,p12_mutl,"+ - | 
| 274 | "p12_utl,p12_npas,pk12err,p12_p8d,p12_p8e" | 274 | "p12_utl,p12_npas,pk12err,p12_p8d,p12_p8e" | 
| 275 | $ LIB_COMP = "comp_lib,"+ - | 275 | $ LIB_COMP = "comp_lib,comp_err,"+ - | 
| 276 | "c_rle,c_zlib" | 276 | "c_rle,c_zlib" | 
| 277 | $ LIB_OCSP = "ocsp_asn,ocsp_ext,ocsp_ht,ocsp_lib,ocsp_cl,"+ - | 277 | $ LIB_OCSP = "ocsp_asn,ocsp_ext,ocsp_ht,ocsp_lib,ocsp_cl,"+ - | 
| 278 | "ocsp_srv,ocsp_prn,ocsp_vfy,ocsp_err" | 278 | "ocsp_srv,ocsp_prn,ocsp_vfy,ocsp_err" | 
| @@ -1325,7 +1325,7 @@ $ CC4 = CC - CCDISABLEWARNINGS + CC4DISABLEWARNINGS | |||
| 1325 | $! | 1325 | $! | 
| 1326 | $! Show user the result | 1326 | $! Show user the result | 
| 1327 | $! | 1327 | $! | 
| 1328 | $ WRITE SYS$OUTPUT "Main C Compiling Command: ",CC | 1328 | $ WRITE/SYMBOL SYS$OUTPUT "Main C Compiling Command: ",CC | 
| 1329 | $! | 1329 | $! | 
| 1330 | $! Else The User Entered An Invalid Arguement. | 1330 | $! Else The User Entered An Invalid Arguement. | 
| 1331 | $! | 1331 | $! | 
| @@ -1356,7 +1356,7 @@ $ IF ARCH .EQS. "AXP" THEN MACRO = "MACRO/MIGRATION/''DEBUGGER'/''MACRO_OPTIMIZE | |||
| 1356 | $! | 1356 | $! | 
| 1357 | $! Show user the result | 1357 | $! Show user the result | 
| 1358 | $! | 1358 | $! | 
| 1359 | $ WRITE SYS$OUTPUT "Main MACRO Compiling Command: ",MACRO | 1359 | $ WRITE/SYMBOL SYS$OUTPUT "Main MACRO Compiling Command: ",MACRO | 
| 1360 | $! | 1360 | $! | 
| 1361 | $! Time to check the contents, and to make sure we get the correct library. | 1361 | $! Time to check the contents, and to make sure we get the correct library. | 
| 1362 | $! | 1362 | $! | 
| diff --git a/src/lib/libcrypto/des/des_ver.h b/src/lib/libcrypto/des/des_ver.h index 0fa94d5368..379bbadda2 100644 --- a/src/lib/libcrypto/des/des_ver.h +++ b/src/lib/libcrypto/des/des_ver.h | |||
| @@ -63,5 +63,9 @@ | |||
| 63 | # define OPENSSL_EXTERN OPENSSL_EXPORT | 63 | # define OPENSSL_EXTERN OPENSSL_EXPORT | 
| 64 | #endif | 64 | #endif | 
| 65 | 65 | ||
| 66 | OPENSSL_EXTERN char *DES_version; /* SSLeay version string */ | 66 | /* The following macros make sure the names are different from libdes names */ | 
| 67 | OPENSSL_EXTERN char *libdes_version; /* old libdes version string */ | 67 | #define DES_version OSSL_DES_version | 
| 68 | #define libdes_version OSSL_libdes_version | ||
| 69 | |||
| 70 | OPENSSL_EXTERN const char *OSSL_DES_version; /* SSLeay version string */ | ||
| 71 | OPENSSL_EXTERN const char *OSSL_libdes_version; /* old libdes version string */ | ||
| diff --git a/src/lib/libcrypto/engine/hw_4758_cca.c b/src/lib/libcrypto/engine/hw_4758_cca.c index 1053c52082..bfb80968e2 100644 --- a/src/lib/libcrypto/engine/hw_4758_cca.c +++ b/src/lib/libcrypto/engine/hw_4758_cca.c | |||
| @@ -953,7 +953,7 @@ static void cca_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad, int idx, | |||
| 953 | #ifdef ENGINE_DYNAMIC_SUPPORT | 953 | #ifdef ENGINE_DYNAMIC_SUPPORT | 
| 954 | static int bind_fn(ENGINE *e, const char *id) | 954 | static int bind_fn(ENGINE *e, const char *id) | 
| 955 | { | 955 | { | 
| 956 | if(id && (strcmp(id, engine_cswift_id) != 0)) | 956 | if(id && (strcmp(id, engine_4758_cca_id) != 0)) | 
| 957 | return 0; | 957 | return 0; | 
| 958 | if(!bind_helper(e)) | 958 | if(!bind_helper(e)) | 
| 959 | return 0; | 959 | return 0; | 
| diff --git a/src/lib/libcrypto/engine/hw_ubsec.c b/src/lib/libcrypto/engine/hw_ubsec.c index 63397f868c..ed8401ec16 100644 --- a/src/lib/libcrypto/engine/hw_ubsec.c +++ b/src/lib/libcrypto/engine/hw_ubsec.c | |||
| @@ -93,7 +93,7 @@ static int ubsec_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa); | |||
| 93 | static int ubsec_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, | 93 | static int ubsec_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, | 
| 94 | const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); | 94 | const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); | 
| 95 | #ifndef OPENSSL_NO_DSA | 95 | #ifndef OPENSSL_NO_DSA | 
| 96 | #if NOT_USED | 96 | #ifdef NOT_USED | 
| 97 | static int ubsec_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1, | 97 | static int ubsec_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1, | 
| 98 | BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m, | 98 | BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m, | 
| 99 | BN_CTX *ctx, BN_MONT_CTX *in_mont); | 99 | BN_CTX *ctx, BN_MONT_CTX *in_mont); | 
| @@ -113,7 +113,7 @@ static int ubsec_dh_compute_key(unsigned char *key,const BIGNUM *pub_key,DH *dh) | |||
| 113 | static int ubsec_dh_generate_key(DH *dh); | 113 | static int ubsec_dh_generate_key(DH *dh); | 
| 114 | #endif | 114 | #endif | 
| 115 | 115 | ||
| 116 | #if NOT_USED | 116 | #ifdef NOT_USED | 
| 117 | static int ubsec_rand_bytes(unsigned char *buf, int num); | 117 | static int ubsec_rand_bytes(unsigned char *buf, int num); | 
| 118 | static int ubsec_rand_status(void); | 118 | static int ubsec_rand_status(void); | 
| 119 | #endif | 119 | #endif | 
| @@ -663,7 +663,7 @@ static int ubsec_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, | |||
| 663 | } | 663 | } | 
| 664 | 664 | ||
| 665 | #ifndef OPENSSL_NO_DSA | 665 | #ifndef OPENSSL_NO_DSA | 
| 666 | #if NOT_USED | 666 | #ifdef NOT_USED | 
| 667 | static int ubsec_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1, | 667 | static int ubsec_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1, | 
| 668 | BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m, | 668 | BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m, | 
| 669 | BN_CTX *ctx, BN_MONT_CTX *in_mont) | 669 | BN_CTX *ctx, BN_MONT_CTX *in_mont) | 
| @@ -987,7 +987,7 @@ err: | |||
| 987 | } | 987 | } | 
| 988 | #endif | 988 | #endif | 
| 989 | 989 | ||
| 990 | #if NOT_USED | 990 | #ifdef NOT_USED | 
| 991 | static int ubsec_rand_bytes(unsigned char * buf, | 991 | static int ubsec_rand_bytes(unsigned char * buf, | 
| 992 | int num) | 992 | int num) | 
| 993 | { | 993 | { | 
| diff --git a/src/lib/libcrypto/mem.c b/src/lib/libcrypto/mem.c index effec714e8..a7826908e6 100644 --- a/src/lib/libcrypto/mem.c +++ b/src/lib/libcrypto/mem.c | |||
| @@ -303,6 +303,9 @@ void *CRYPTO_realloc(void *str, int num, const char *file, int line) | |||
| 303 | { | 303 | { | 
| 304 | void *ret = NULL; | 304 | void *ret = NULL; | 
| 305 | 305 | ||
| 306 | if (str == NULL) | ||
| 307 | return CRYPTO_malloc(num, file, line); | ||
| 308 | |||
| 306 | if (realloc_debug_func != NULL) | 309 | if (realloc_debug_func != NULL) | 
| 307 | realloc_debug_func(str, NULL, num, file, line, 0); | 310 | realloc_debug_func(str, NULL, num, file, line, 0); | 
| 308 | ret = realloc_ex_func(str,num,file,line); | 311 | ret = realloc_ex_func(str,num,file,line); | 
| diff --git a/src/lib/libcrypto/ripemd/rmdtest.c b/src/lib/libcrypto/ripemd/rmdtest.c index 19e9741db2..be1fb8b1f6 100644 --- a/src/lib/libcrypto/ripemd/rmdtest.c +++ b/src/lib/libcrypto/ripemd/rmdtest.c | |||
| @@ -59,7 +59,6 @@ | |||
| 59 | #include <stdio.h> | 59 | #include <stdio.h> | 
| 60 | #include <string.h> | 60 | #include <string.h> | 
| 61 | #include <stdlib.h> | 61 | #include <stdlib.h> | 
| 62 | #include <openssl/ripemd.h> | ||
| 63 | 62 | ||
| 64 | #ifdef OPENSSL_NO_RIPEMD | 63 | #ifdef OPENSSL_NO_RIPEMD | 
| 65 | int main(int argc, char *argv[]) | 64 | int main(int argc, char *argv[]) | 
| @@ -68,6 +67,7 @@ int main(int argc, char *argv[]) | |||
| 68 | return(0); | 67 | return(0); | 
| 69 | } | 68 | } | 
| 70 | #else | 69 | #else | 
| 70 | #include <openssl/ripemd.h> | ||
| 71 | #include <openssl/evp.h> | 71 | #include <openssl/evp.h> | 
| 72 | 72 | ||
| 73 | #ifdef CHARSET_EBCDIC | 73 | #ifdef CHARSET_EBCDIC | 
| diff --git a/src/lib/libcrypto/util/libeay.num b/src/lib/libcrypto/util/libeay.num index 512185e257..7e5728495f 100644 --- a/src/lib/libcrypto/util/libeay.num +++ b/src/lib/libcrypto/util/libeay.num | |||
| @@ -2792,3 +2792,4 @@ ASN1_UNIVERSALSTRING_it 3234 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIA | |||
| 2792 | ASN1_UNIVERSALSTRING_it 3234 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: | 2792 | ASN1_UNIVERSALSTRING_it 3234 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: | 
| 2793 | d2i_ASN1_UNIVERSALSTRING 3235 EXIST::FUNCTION: | 2793 | d2i_ASN1_UNIVERSALSTRING 3235 EXIST::FUNCTION: | 
| 2794 | EVP_des_ede3_ecb 3236 EXIST::FUNCTION:DES | 2794 | EVP_des_ede3_ecb 3236 EXIST::FUNCTION:DES | 
| 2795 | X509_REQ_print_ex 3237 EXIST::FUNCTION:BIO | ||
| diff --git a/src/lib/libcrypto/util/pod2mantest b/src/lib/libcrypto/util/pod2mantest index e01c6192a7..412ca8d6d8 100644 --- a/src/lib/libcrypto/util/pod2mantest +++ b/src/lib/libcrypto/util/pod2mantest | |||
| @@ -12,7 +12,8 @@ | |||
| 12 | 12 | ||
| 13 | IFS=: | 13 | IFS=: | 
| 14 | if test "$OSTYPE" = "msdosdjgpp"; then IFS=";"; fi | 14 | if test "$OSTYPE" = "msdosdjgpp"; then IFS=";"; fi | 
| 15 | try_without_dir=false | 15 | |
| 16 | try_without_dir=true | ||
| 16 | # First we try "pod2man", then "$dir/pod2man" for each item in $PATH. | 17 | # First we try "pod2man", then "$dir/pod2man" for each item in $PATH. | 
| 17 | for dir in dummy${IFS}$PATH; do | 18 | for dir in dummy${IFS}$PATH; do | 
| 18 | if [ "$try_without_dir" = true ]; then | 19 | if [ "$try_without_dir" = true ]; then | 
| @@ -30,9 +31,16 @@ for dir in dummy${IFS}$PATH; do | |||
| 30 | if [ ! "$pod2man" = '' ]; then | 31 | if [ ! "$pod2man" = '' ]; then | 
| 31 | failure=none | 32 | failure=none | 
| 32 | 33 | ||
| 34 | if "$pod2man" --section=1 --center=OpenSSL --release=dev pod2mantest.pod | fgrep OpenSSL >/dev/null; then | ||
| 35 | : | ||
| 36 | else | ||
| 37 | failure=BasicTest | ||
| 38 | fi | ||
| 33 | 39 | ||
| 34 | if "$pod2man" --section=1 --center=OpenSSL --release=dev pod2mantest.pod | grep '^MARKER - ' >/dev/null 2>&1; then | 40 | if [ "$failure" = none ]; then | 
| 35 | failure=MultilineTest | 41 | if "$pod2man" --section=1 --center=OpenSSL --release=dev pod2mantest.pod | grep '^MARKER - ' >/dev/null; then | 
| 42 | failure=MultilineTest | ||
| 43 | fi | ||
| 36 | fi | 44 | fi | 
| 37 | 45 | ||
| 38 | 46 | ||
| @@ -46,9 +54,5 @@ for dir in dummy${IFS}$PATH; do | |||
| 46 | done | 54 | done | 
| 47 | 55 | ||
| 48 | echo "No working pod2man found. Consider installing a new version." >&2 | 56 | echo "No working pod2man found. Consider installing a new version." >&2 | 
| 49 | if [ "$1" = ignore ]; then | 57 | echo "As a workaround, we'll use a bundled old copy of pod2man.pl." >&2 | 
| 50 | echo "As a workaround, we'll use a bundled old copy of pod2man.pl." >&2 | 58 | echo "$1 ../../util/pod2man.pl" | 
| 51 | echo "../../util/pod2man.pl" | ||
| 52 | exit 0 | ||
| 53 | fi | ||
| 54 | exit 1 | ||
| diff --git a/src/lib/libssl/src/CHANGES b/src/lib/libssl/src/CHANGES index 5c80970b52..03b697cd7e 100644 --- a/src/lib/libssl/src/CHANGES +++ b/src/lib/libssl/src/CHANGES | |||
| @@ -2,7 +2,13 @@ | |||
| 2 | OpenSSL CHANGES | 2 | OpenSSL CHANGES | 
| 3 | _______________ | 3 | _______________ | 
| 4 | 4 | ||
| 5 | Changes between 0.9.6e and 0.9.7 [XX xxx 2002] | 5 | Changes between 0.9.6h and 0.9.7 [XX xxx 2002] | 
| 6 | |||
| 7 | *) Make -nameopt work fully for req and add -reqopt switch. | ||
| 8 | [Michael Bell <michael.bell@rz.hu-berlin.de>, Steve Henson] | ||
| 9 | |||
| 10 | *) The "block size" for block ciphers in CFB and OFB mode should be 1. | ||
| 11 | [Steve Henson, reported by Yngve Nysaeter Pettersen <yngve@opera.com>] | ||
| 6 | 12 | ||
| 7 | *) Make sure tests can be performed even if the corresponding algorithms | 13 | *) Make sure tests can be performed even if the corresponding algorithms | 
| 8 | have been removed entirely. This was also the last step to make | 14 | have been removed entirely. This was also the last step to make | 
| @@ -1667,6 +1673,37 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k | |||
| 1667 | *) Clean old EAY MD5 hack from e_os.h. | 1673 | *) Clean old EAY MD5 hack from e_os.h. | 
| 1668 | [Richard Levitte] | 1674 | [Richard Levitte] | 
| 1669 | 1675 | ||
| 1676 | Changes between 0.9.6g and 0.9.6h [xx XXX xxxx] | ||
| 1677 | |||
| 1678 | *) Reorder cleanup sequence in SSL_CTX_free(): only remove the ex_data after | ||
| 1679 | the cached sessions are flushed, as the remove_cb() might use ex_data | ||
| 1680 | contents. Bug found by Sam Varshavchik <mrsam@courier-mta.com> | ||
| 1681 | (see [openssl.org #212]). | ||
| 1682 | [Geoff Thorpe, Lutz Jaenicke] | ||
| 1683 | |||
| 1684 | *) Fix typo in OBJ_txt2obj which incorrectly passed the content | ||
| 1685 | length, instead of the encoding length to d2i_ASN1_OBJECT. | ||
| 1686 | [Steve Henson] | ||
| 1687 | |||
| 1688 | Changes between 0.9.6f and 0.9.6g [9 Aug 2002] | ||
| 1689 | |||
| 1690 | *) [In 0.9.6g-engine release:] | ||
| 1691 | Fix crypto/engine/vendor_defns/cswift.h for WIN32 (use '_stdcall'). | ||
| 1692 | [Lynn Gazis <lgazis@rainbow.com>] | ||
| 1693 | |||
| 1694 | Changes between 0.9.6e and 0.9.6f [8 Aug 2002] | ||
| 1695 | |||
| 1696 | *) Fix ASN1 checks. Check for overflow by comparing with LONG_MAX | ||
| 1697 | and get fix the header length calculation. | ||
| 1698 | [Florian Weimer <Weimer@CERT.Uni-Stuttgart.DE>, | ||
| 1699 | Alon Kantor <alonk@checkpoint.com> (and others), | ||
| 1700 | Steve Henson] | ||
| 1701 | |||
| 1702 | *) Use proper error handling instead of 'assertions' in buffer | ||
| 1703 | overflow checks added in 0.9.6e. This prevents DoS (the | ||
| 1704 | assertions could call abort()). | ||
| 1705 | [Arne Ansper <arne@ats.cyber.ee>, Bodo Moeller] | ||
| 1706 | |||
| 1670 | Changes between 0.9.6d and 0.9.6e [30 Jul 2002] | 1707 | Changes between 0.9.6d and 0.9.6e [30 Jul 2002] | 
| 1671 | 1708 | ||
| 1672 | *) Add various sanity checks to asn1_get_length() to reject | 1709 | *) Add various sanity checks to asn1_get_length() to reject | 
| diff --git a/src/lib/libssl/src/Configure b/src/lib/libssl/src/Configure index 74bd8877e5..292ca877c6 100644 --- a/src/lib/libssl/src/Configure +++ b/src/lib/libssl/src/Configure | |||
| @@ -120,7 +120,7 @@ my $alpha_asm="::::::::"; | |||
| 120 | # -DB_ENDIAN slows things down on a sparc for md5, but helps sha1. | 120 | # -DB_ENDIAN slows things down on a sparc for md5, but helps sha1. | 
| 121 | # So the md5_locl.h file has an undef B_ENDIAN if sun is defined | 121 | # So the md5_locl.h file has an undef B_ENDIAN if sun is defined | 
| 122 | 122 | ||
| 123 | #config-string $cc : $cflags : $unistd : $thread_cflag : $sys_id : $lflags : $bn_ops : $bn_obj : $des_obj : $bf_obj : $md5_obj : $sha1_obj : $cast_obj : $rc4_obj : $rmd160_obj : $rc5_obj : $dso_scheme : $shared_target : $shared_cflag : $shared_ldflag : $shared_extension : $ranlib | 123 | #config-string $cc : $cflags : $unistd : $thread_cflag : $sys_id : $lflags : $bn_ops : $bn_obj : $des_obj : $bf_obj : $md5_obj : $sha1_obj : $cast_obj : $rc4_obj : $rmd160_obj : $rc5_obj : $dso_scheme : $shared_target : $shared_cflag : $shared_ldflag : $shared_extension : $ranlib : $arflags | 
| 124 | 124 | ||
| 125 | my %table=( | 125 | my %table=( | 
| 126 | # File 'TABLE' (created by 'make TABLE') contains the data from this list, | 126 | # File 'TABLE' (created by 'make TABLE') contains the data from this list, | 
| @@ -387,8 +387,8 @@ my %table=( | |||
| 387 | "linux-mips", "gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::(unknown):::BN_LLONG:::", | 387 | "linux-mips", "gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::(unknown):::BN_LLONG:::", | 
| 388 | "linux-ppc", "gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | 388 | "linux-ppc", "gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | 
| 389 | "linux-m68k", "gcc:-DB_ENDIAN -DTERMIO -O2 -fomit-frame-pointer -Wall::-D_REENTRANT:::BN_LLONG::", | 389 | "linux-m68k", "gcc:-DB_ENDIAN -DTERMIO -O2 -fomit-frame-pointer -Wall::-D_REENTRANT:::BN_LLONG::", | 
| 390 | "linux-s390", "gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:::BN_LLONG::", | 390 | "linux-s390", "gcc:-DB_ENDIAN -DTERMIO -DNO_ASM -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | 
| 391 | "linux-s390x", "gcc:-DB_ENDIAN -DTERMIO -DNO_ASM -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG:::::::::::linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | 391 | "linux-s390x", "gcc:-DB_ENDIAN -DTERMIO -DNO_ASM -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | 
| 392 | "linux-ia64", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK RC4_CHAR:asm/ia64.o:::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | 392 | "linux-ia64", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK RC4_CHAR:asm/ia64.o:::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | 
| 393 | "NetBSD-sparc", "gcc:-DTERMIOS -O3 -fomit-frame-pointer -mv8 -Wall -DB_ENDIAN::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | 393 | "NetBSD-sparc", "gcc:-DTERMIOS -O3 -fomit-frame-pointer -mv8 -Wall -DB_ENDIAN::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | 
| 394 | "NetBSD-m68", "gcc:-DTERMIOS -O3 -fomit-frame-pointer -Wall -DB_ENDIAN::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | 394 | "NetBSD-m68", "gcc:-DTERMIOS -O3 -fomit-frame-pointer -Wall -DB_ENDIAN::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", | 
| @@ -438,6 +438,7 @@ my %table=( | |||
| 438 | "aix-gcc", "gcc:-O3 -DB_ENDIAN::(unknown):AIX::BN_LLONG RC4_CHAR:::", | 438 | "aix-gcc", "gcc:-O3 -DB_ENDIAN::(unknown):AIX::BN_LLONG RC4_CHAR:::", | 
| 439 | "aix43-cc", "cc:-O -DAIX -DB_ENDIAN -qmaxmem=16384::(unknown):::BN_LLONG RC4_CHAR::::::::::dlfcn:", | 439 | "aix43-cc", "cc:-O -DAIX -DB_ENDIAN -qmaxmem=16384::(unknown):::BN_LLONG RC4_CHAR::::::::::dlfcn:", | 
| 440 | "aix43-gcc", "gcc:-O3 -DAIX -DB_ENDIAN::(unknown):::BN_LLONG RC4_CHAR::::::::::dlfcn:", | 440 | "aix43-gcc", "gcc:-O3 -DAIX -DB_ENDIAN::(unknown):::BN_LLONG RC4_CHAR::::::::::dlfcn:", | 
| 441 | "aix64-cc", "cc:-O -DAIX -DB_ENDIAN -qmaxmem=16384 -q64::(unknown):::SIXTY_FOUR_BIT_LONG RC4_CHAR::::::::::dlfcn::::::-X 64", | ||
| 441 | 442 | ||
| 442 | # | 443 | # | 
| 443 | # Cray T90 and similar (SDSC) | 444 | # Cray T90 and similar (SDSC) | 
| @@ -586,6 +587,7 @@ my $idx_shared_cflag = $idx++; | |||
| 586 | my $idx_shared_ldflag = $idx++; | 587 | my $idx_shared_ldflag = $idx++; | 
| 587 | my $idx_shared_extension = $idx++; | 588 | my $idx_shared_extension = $idx++; | 
| 588 | my $idx_ranlib = $idx++; | 589 | my $idx_ranlib = $idx++; | 
| 590 | my $idx_arflags = $idx++; | ||
| 589 | 591 | ||
| 590 | my $prefix=""; | 592 | my $prefix=""; | 
| 591 | my $openssldir=""; | 593 | my $openssldir=""; | 
| @@ -940,6 +942,7 @@ my $shared_cflag = $fields[$idx_shared_cflag]; | |||
| 940 | my $shared_ldflag = $fields[$idx_shared_ldflag]; | 942 | my $shared_ldflag = $fields[$idx_shared_ldflag]; | 
| 941 | my $shared_extension = $fields[$idx_shared_extension]; | 943 | my $shared_extension = $fields[$idx_shared_extension]; | 
| 942 | my $ranlib = $fields[$idx_ranlib]; | 944 | my $ranlib = $fields[$idx_ranlib]; | 
| 945 | my $arflags = $fields[$idx_arflags]; | ||
| 943 | 946 | ||
| 944 | $cflags="$flags$cflags" if ($flags ne ""); | 947 | $cflags="$flags$cflags" if ($flags ne ""); | 
| 945 | 948 | ||
| @@ -1067,7 +1070,7 @@ if ($zlib) | |||
| 1067 | { | 1070 | { | 
| 1068 | $cflags = "-DZLIB $cflags"; | 1071 | $cflags = "-DZLIB $cflags"; | 
| 1069 | $cflags = "-DZLIB_SHARED $cflags" if $zlib == 2; | 1072 | $cflags = "-DZLIB_SHARED $cflags" if $zlib == 2; | 
| 1070 | $lflags = "$lflags -lz" if $zlib == 2; | 1073 | $lflags = "$lflags -lz" if $zlib == 1; | 
| 1071 | } | 1074 | } | 
| 1072 | 1075 | ||
| 1073 | # You will find shlib_mark1 and shlib_mark2 explained in Makefile.org | 1076 | # You will find shlib_mark1 and shlib_mark2 explained in Makefile.org | 
| @@ -1208,6 +1211,7 @@ while (<IN>) | |||
| 1208 | s/^RMD160_ASM_OBJ=.*$/RMD160_ASM_OBJ= $rmd160_obj/; | 1211 | s/^RMD160_ASM_OBJ=.*$/RMD160_ASM_OBJ= $rmd160_obj/; | 
| 1209 | s/^PROCESSOR=.*/PROCESSOR= $processor/; | 1212 | s/^PROCESSOR=.*/PROCESSOR= $processor/; | 
| 1210 | s/^RANLIB=.*/RANLIB= $ranlib/; | 1213 | s/^RANLIB=.*/RANLIB= $ranlib/; | 
| 1214 | s/^ARFLAGS=.*/ARFLAGS= $arflags/; | ||
| 1211 | s/^PERL=.*/PERL= $perl/; | 1215 | s/^PERL=.*/PERL= $perl/; | 
| 1212 | s/^KRB5_INCLUDES=.*/KRB5_INCLUDES=$withargs{"krb5-include"}/; | 1216 | s/^KRB5_INCLUDES=.*/KRB5_INCLUDES=$withargs{"krb5-include"}/; | 
| 1213 | s/^LIBKRB5=.*/LIBKRB5=$withargs{"krb5-lib"}/; | 1217 | s/^LIBKRB5=.*/LIBKRB5=$withargs{"krb5-lib"}/; | 
| @@ -1254,6 +1258,7 @@ print "SHA1_OBJ_ASM =$sha1_obj\n"; | |||
| 1254 | print "RMD160_OBJ_ASM=$rmd160_obj\n"; | 1258 | print "RMD160_OBJ_ASM=$rmd160_obj\n"; | 
| 1255 | print "PROCESSOR =$processor\n"; | 1259 | print "PROCESSOR =$processor\n"; | 
| 1256 | print "RANLIB =$ranlib\n"; | 1260 | print "RANLIB =$ranlib\n"; | 
| 1261 | print "ARFLAGS =$arflags\n"; | ||
| 1257 | print "PERL =$perl\n"; | 1262 | print "PERL =$perl\n"; | 
| 1258 | print "KRB5_INCLUDES =",$withargs{"krb5-include"},"\n" | 1263 | print "KRB5_INCLUDES =",$withargs{"krb5-include"},"\n" | 
| 1259 | if $withargs{"krb5-include"} ne ""; | 1264 | if $withargs{"krb5-include"} ne ""; | 
| @@ -1561,7 +1566,7 @@ sub print_table_entry | |||
| 1561 | my $bn_ops,my $bn_obj,my $des_obj,my $bf_obj, | 1566 | my $bn_ops,my $bn_obj,my $des_obj,my $bf_obj, | 
| 1562 | my $md5_obj,my $sha1_obj,my $cast_obj,my $rc4_obj,my $rmd160_obj, | 1567 | my $md5_obj,my $sha1_obj,my $cast_obj,my $rc4_obj,my $rmd160_obj, | 
| 1563 | my $rc5_obj,my $dso_scheme,my $shared_target,my $shared_cflag, | 1568 | my $rc5_obj,my $dso_scheme,my $shared_target,my $shared_cflag, | 
| 1564 | my $shared_ldflag,my $shared_extension,my $ranlib)= | 1569 | my $shared_ldflag,my $shared_extension,my $ranlib,my $arflags)= | 
| 1565 | split(/\s*:\s*/,$table{$target} . ":" x 30 , -1); | 1570 | split(/\s*:\s*/,$table{$target} . ":" x 30 , -1); | 
| 1566 | 1571 | ||
| 1567 | print <<EOF | 1572 | print <<EOF | 
| @@ -1589,6 +1594,7 @@ sub print_table_entry | |||
| 1589 | \$shared_ldflag = $shared_ldflag | 1594 | \$shared_ldflag = $shared_ldflag | 
| 1590 | \$shared_extension = $shared_extension | 1595 | \$shared_extension = $shared_extension | 
| 1591 | \$ranlib = $ranlib | 1596 | \$ranlib = $ranlib | 
| 1597 | \$arflags = $arflags | ||
| 1592 | EOF | 1598 | EOF | 
| 1593 | } | 1599 | } | 
| 1594 | 1600 | ||
| diff --git a/src/lib/libssl/src/FAQ b/src/lib/libssl/src/FAQ index ee03d97676..28027fdcac 100644 --- a/src/lib/libssl/src/FAQ +++ b/src/lib/libssl/src/FAQ | |||
| @@ -36,6 +36,7 @@ OpenSSL - Frequently Asked Questions | |||
| 36 | * Why does the linker complain about undefined symbols? | 36 | * Why does the linker complain about undefined symbols? | 
| 37 | * Why does the OpenSSL test fail with "bc: command not found"? | 37 | * Why does the OpenSSL test fail with "bc: command not found"? | 
| 38 | * Why does the OpenSSL test fail with "bc: 1 no implemented"? | 38 | * Why does the OpenSSL test fail with "bc: 1 no implemented"? | 
| 39 | * Why does the OpenSSL test fail with "bc: stack empty"? | ||
| 39 | * Why does the OpenSSL compilation fail on Alpha Tru64 Unix? | 40 | * Why does the OpenSSL compilation fail on Alpha Tru64 Unix? | 
| 40 | * Why does the OpenSSL compilation fail with "ar: command not found"? | 41 | * Why does the OpenSSL compilation fail with "ar: command not found"? | 
| 41 | * Why does the OpenSSL compilation fail on Win32 with VC++? | 42 | * Why does the OpenSSL compilation fail on Win32 with VC++? | 
| @@ -64,7 +65,7 @@ OpenSSL - Frequently Asked Questions | |||
| 64 | * Which is the current version of OpenSSL? | 65 | * Which is the current version of OpenSSL? | 
| 65 | 66 | ||
| 66 | The current version is available from <URL: http://www.openssl.org>. | 67 | The current version is available from <URL: http://www.openssl.org>. | 
| 67 | OpenSSL 0.9.6e was released on July 30, 2002. | 68 | OpenSSL 0.9.6g was released on August 9, 2002. | 
| 68 | 69 | ||
| 69 | In addition to the current stable release, you can also access daily | 70 | In addition to the current stable release, you can also access daily | 
| 70 | snapshots of the OpenSSL development version at <URL: | 71 | snapshots of the OpenSSL development version at <URL: | 
| @@ -402,6 +403,17 @@ and compile/install it. GNU bc (see http://www.gnu.org/software/software.html | |||
| 402 | for download instructions) can be safely used, for example. | 403 | for download instructions) can be safely used, for example. | 
| 403 | 404 | ||
| 404 | 405 | ||
| 406 | * Why does the OpenSSL test fail with "bc: stack empty"? | ||
| 407 | |||
| 408 | On some DG/ux versions, bc seems to have a too small stack for calculations | ||
| 409 | that the OpenSSL bntest throws at it. This gets triggered when you run the | ||
| 410 | test suite (using "make test"). The message returned is "bc: stack empty". | ||
| 411 | |||
| 412 | The best way to deal with this is to find another implementation of bc | ||
| 413 | and compile/install it. GNU bc (see http://www.gnu.org/software/software.html | ||
| 414 | for download instructions) can be safely used, for example. | ||
| 415 | |||
| 416 | |||
| 405 | * Why does the OpenSSL compilation fail on Alpha Tru64 Unix? | 417 | * Why does the OpenSSL compilation fail on Alpha Tru64 Unix? | 
| 406 | 418 | ||
| 407 | On some Alpha installations running Tru64 Unix and Compaq C, the compilation | 419 | On some Alpha installations running Tru64 Unix and Compaq C, the compilation | 
| diff --git a/src/lib/libssl/src/Makefile.org b/src/lib/libssl/src/Makefile.org index 8808dd7922..d7af0815f3 100644 --- a/src/lib/libssl/src/Makefile.org +++ b/src/lib/libssl/src/Makefile.org | |||
| @@ -59,7 +59,8 @@ DEPFLAG= | |||
| 59 | PEX_LIBS= | 59 | PEX_LIBS= | 
| 60 | EX_LIBS= | 60 | EX_LIBS= | 
| 61 | EXE_EXT= | 61 | EXE_EXT= | 
| 62 | AR=ar r | 62 | ARFLAGS= | 
| 63 | AR=ar $(ARFLAGS) r | ||
| 63 | RANLIB= ranlib | 64 | RANLIB= ranlib | 
| 64 | PERL= perl | 65 | PERL= perl | 
| 65 | TAR= tar | 66 | TAR= tar | 
| @@ -251,7 +252,8 @@ link-shared: | |||
| 251 | for i in $(SHLIBDIRS); do \ | 252 | for i in $(SHLIBDIRS); do \ | 
| 252 | prev=lib$$i$(SHLIB_EXT); \ | 253 | prev=lib$$i$(SHLIB_EXT); \ | 
| 253 | for j in $${tmp:-x}; do \ | 254 | for j in $${tmp:-x}; do \ | 
| 254 | ( set -x; ln -f -s $$prev lib$$i$$j ); \ | 255 | ( set -x; \ | 
| 256 | rm -f lib$$i$$j; ln -s $$prev lib$$i$$j ); \ | ||
| 255 | prev=lib$$i$$j; \ | 257 | prev=lib$$i$$j; \ | 
| 256 | done; \ | 258 | done; \ | 
| 257 | done; \ | 259 | done; \ | 
| @@ -273,9 +275,7 @@ do_gnu-shared: | |||
| 273 | done | 275 | done | 
| 274 | 276 | ||
| 275 | DETECT_GNU_LD=${CC} -v 2>&1 | grep '^gcc' >/dev/null 2>&1 && \ | 277 | DETECT_GNU_LD=${CC} -v 2>&1 | grep '^gcc' >/dev/null 2>&1 && \ | 
| 276 | collect2=`gcc -print-prog-name=collect2 2>&1` && \ | 278 | my_ld=`gcc -print-prog-name=ld 2>&1` && \ | 
| 277 | [ -n "$$collect2" ] && \ | ||
| 278 | my_ld=`$$collect2 --help 2>&1 | grep Usage: | sed 's/^Usage: *\([^ ][^ ]*\).*/\1/'` && \ | ||
| 279 | [ -n "$$my_ld" ] && \ | 279 | [ -n "$$my_ld" ] && \ | 
| 280 | $$my_ld -v 2>&1 | grep 'GNU ld' >/dev/null 2>&1 | 280 | $$my_ld -v 2>&1 | grep 'GNU ld' >/dev/null 2>&1 | 
| 281 | 281 | ||
| @@ -731,7 +731,8 @@ install: all install_docs | |||
| 731 | done; \ | 731 | done; \ | 
| 732 | ( here="`pwd`"; \ | 732 | ( here="`pwd`"; \ | 
| 733 | cd $(INSTALL_PREFIX)$(INSTALLTOP)/lib; \ | 733 | cd $(INSTALL_PREFIX)$(INSTALLTOP)/lib; \ | 
| 734 | make -f $$here/Makefile link-shared ); \ | 734 | set $(MAKE); \ | 
| 735 | $$1 -f $$here/Makefile link-shared ); \ | ||
| 735 | fi | 736 | fi | 
| 736 | 737 | ||
| 737 | install_docs: | 738 | install_docs: | 
| @@ -740,22 +741,23 @@ install_docs: | |||
| 740 | $(INSTALL_PREFIX)$(MANDIR)/man3 \ | 741 | $(INSTALL_PREFIX)$(MANDIR)/man3 \ | 
| 741 | $(INSTALL_PREFIX)$(MANDIR)/man5 \ | 742 | $(INSTALL_PREFIX)$(MANDIR)/man5 \ | 
| 742 | $(INSTALL_PREFIX)$(MANDIR)/man7 | 743 | $(INSTALL_PREFIX)$(MANDIR)/man7 | 
| 743 | @for i in doc/apps/*.pod; do \ | 744 | @pod2man="`cd util; ./pod2mantest $(PERL)`"; \ | 
| 745 | for i in doc/apps/*.pod; do \ | ||
| 744 | fn=`basename $$i .pod`; \ | 746 | fn=`basename $$i .pod`; \ | 
| 745 | if [ "$$fn" = "config" ]; then sec=5; else sec=1; fi; \ | 747 | if [ "$$fn" = "config" ]; then sec=5; else sec=1; fi; \ | 
| 746 | echo "installing man$$sec/`basename $$i .pod`.$$sec"; \ | 748 | echo "installing man$$sec/`basename $$i .pod`.$$sec"; \ | 
| 747 | (cd `$(PERL) util/dirname.pl $$i`; \ | 749 | (cd `$(PERL) util/dirname.pl $$i`; \ | 
| 748 | sh -c "$(PERL) `cd ../../util; ./pod2mantest ignore` \ | 750 | sh -c "$$pod2man \ | 
| 749 | --section=$$sec --center=OpenSSL \ | 751 | --section=$$sec --center=OpenSSL \ | 
| 750 | --release=$(VERSION) `basename $$i`") \ | 752 | --release=$(VERSION) `basename $$i`") \ | 
| 751 | > $(INSTALL_PREFIX)$(MANDIR)/man$$sec/`basename $$i .pod`.$$sec; \ | 753 | > $(INSTALL_PREFIX)$(MANDIR)/man$$sec/`basename $$i .pod`.$$sec; \ | 
| 752 | done | 754 | done; \ | 
| 753 | @for i in doc/crypto/*.pod doc/ssl/*.pod; do \ | 755 | for i in doc/crypto/*.pod doc/ssl/*.pod; do \ | 
| 754 | fn=`basename $$i .pod`; \ | 756 | fn=`basename $$i .pod`; \ | 
| 755 | if [ "$$fn" = "des_modes" ]; then sec=7; else sec=3; fi; \ | 757 | if [ "$$fn" = "des_modes" ]; then sec=7; else sec=3; fi; \ | 
| 756 | echo "installing man$$sec/`basename $$i .pod`.$$sec"; \ | 758 | echo "installing man$$sec/`basename $$i .pod`.$$sec"; \ | 
| 757 | (cd `$(PERL) util/dirname.pl $$i`; \ | 759 | (cd `$(PERL) util/dirname.pl $$i`; \ | 
| 758 | sh -c "$(PERL) `cd ../../util; ./pod2mantest ignore` \ | 760 | sh -c "$$pod2man \ | 
| 759 | --section=$$sec --center=OpenSSL \ | 761 | --section=$$sec --center=OpenSSL \ | 
| 760 | --release=$(VERSION) `basename $$i`") \ | 762 | --release=$(VERSION) `basename $$i`") \ | 
| 761 | > $(INSTALL_PREFIX)$(MANDIR)/man$$sec/`basename $$i .pod`.$$sec; \ | 763 | > $(INSTALL_PREFIX)$(MANDIR)/man$$sec/`basename $$i .pod`.$$sec; \ | 
| diff --git a/src/lib/libssl/src/NEWS b/src/lib/libssl/src/NEWS index 9531ba9c6e..418b3b0505 100644 --- a/src/lib/libssl/src/NEWS +++ b/src/lib/libssl/src/NEWS | |||
| @@ -40,6 +40,14 @@ | |||
| 40 | o SSL/TLS: add callback to retrieve SSL/TLS messages. | 40 | o SSL/TLS: add callback to retrieve SSL/TLS messages. | 
| 41 | o SSL/TLS: support AES cipher suites (RFC3268). | 41 | o SSL/TLS: support AES cipher suites (RFC3268). | 
| 42 | 42 | ||
| 43 | Major changes between OpenSSL 0.9.6f and OpenSSL 0.9.6g: | ||
| 44 | |||
| 45 | o Important building fixes on Unix. | ||
| 46 | |||
| 47 | Major changes between OpenSSL 0.9.6e and OpenSSL 0.9.6f: | ||
| 48 | |||
| 49 | o Various important bugfixes. | ||
| 50 | |||
| 43 | Major changes between OpenSSL 0.9.6d and OpenSSL 0.9.6e: | 51 | Major changes between OpenSSL 0.9.6d and OpenSSL 0.9.6e: | 
| 44 | 52 | ||
| 45 | o Important security related bugfixes. | 53 | o Important security related bugfixes. | 
| diff --git a/src/lib/libssl/src/PROBLEMS b/src/lib/libssl/src/PROBLEMS index 70e591a1d1..bf532d112b 100644 --- a/src/lib/libssl/src/PROBLEMS +++ b/src/lib/libssl/src/PROBLEMS | |||
| @@ -38,3 +38,11 @@ may differ on your machine. | |||
| 38 | As long as Apple doesn't fix the problem with ld, this problem building | 38 | As long as Apple doesn't fix the problem with ld, this problem building | 
| 39 | OpenSSL will remain as is. | 39 | OpenSSL will remain as is. | 
| 40 | 40 | ||
| 41 | |||
| 42 | * Parallell make leads to errors | ||
| 43 | |||
| 44 | While running tests, running a parallell make is a bad idea. Many test | ||
| 45 | scripts use the same name for output and input files, which means different | ||
| 46 | will interfere with each other and lead to test failure. | ||
| 47 | |||
| 48 | The solution is simple for now: don't run parallell make when testing. | ||
| diff --git a/src/lib/libssl/src/README b/src/lib/libssl/src/README index 5394a17e3e..4228e145f9 100644 --- a/src/lib/libssl/src/README +++ b/src/lib/libssl/src/README | |||
| @@ -154,7 +154,7 @@ | |||
| 154 | - Stack Traceback (if the application dumps core) | 154 | - Stack Traceback (if the application dumps core) | 
| 155 | 155 | ||
| 156 | Report the bug to the OpenSSL project via the Request Tracker | 156 | Report the bug to the OpenSSL project via the Request Tracker | 
| 157 | (http://www.openssl.org/rt2.html) by mail to: | 157 | (http://www.openssl.org/support/rt2.html) by mail to: | 
| 158 | 158 | ||
| 159 | openssl-bugs@openssl.org | 159 | openssl-bugs@openssl.org | 
| 160 | 160 | ||
| diff --git a/src/lib/libssl/src/apps/apps.c b/src/lib/libssl/src/apps/apps.c index a302119d7f..1a24b1c596 100644 --- a/src/lib/libssl/src/apps/apps.c +++ b/src/lib/libssl/src/apps/apps.c | |||
| @@ -798,7 +798,7 @@ end: | |||
| 798 | return(x); | 798 | return(x); | 
| 799 | } | 799 | } | 
| 800 | 800 | ||
| 801 | EVP_PKEY *load_key(BIO *err, const char *file, int format, | 801 | EVP_PKEY *load_key(BIO *err, const char *file, int format, int maybe_stdin, | 
| 802 | const char *pass, ENGINE *e, const char *key_descrip) | 802 | const char *pass, ENGINE *e, const char *key_descrip) | 
| 803 | { | 803 | { | 
| 804 | BIO *key=NULL; | 804 | BIO *key=NULL; | 
| @@ -808,7 +808,7 @@ EVP_PKEY *load_key(BIO *err, const char *file, int format, | |||
| 808 | cb_data.password = pass; | 808 | cb_data.password = pass; | 
| 809 | cb_data.prompt_info = file; | 809 | cb_data.prompt_info = file; | 
| 810 | 810 | ||
| 811 | if (file == NULL) | 811 | if (file == NULL && (!maybe_stdin || format == FORMAT_ENGINE)) | 
| 812 | { | 812 | { | 
| 813 | BIO_printf(err,"no keyfile specified\n"); | 813 | BIO_printf(err,"no keyfile specified\n"); | 
| 814 | goto end; | 814 | goto end; | 
| @@ -828,12 +828,19 @@ EVP_PKEY *load_key(BIO *err, const char *file, int format, | |||
| 828 | ERR_print_errors(err); | 828 | ERR_print_errors(err); | 
| 829 | goto end; | 829 | goto end; | 
| 830 | } | 830 | } | 
| 831 | if (BIO_read_filename(key,file) <= 0) | 831 | if (file == NULL && maybe_stdin) | 
| 832 | { | 832 | { | 
| 833 | BIO_printf(err, "Error opening %s %s\n", key_descrip, file); | 833 | setvbuf(stdin, NULL, _IONBF, 0); | 
| 834 | ERR_print_errors(err); | 834 | BIO_set_fp(key,stdin,BIO_NOCLOSE); | 
| 835 | goto end; | ||
| 836 | } | 835 | } | 
| 836 | else | ||
| 837 | if (BIO_read_filename(key,file) <= 0) | ||
| 838 | { | ||
| 839 | BIO_printf(err, "Error opening %s %s\n", | ||
| 840 | key_descrip, file); | ||
| 841 | ERR_print_errors(err); | ||
| 842 | goto end; | ||
| 843 | } | ||
| 837 | if (format == FORMAT_ASN1) | 844 | if (format == FORMAT_ASN1) | 
| 838 | { | 845 | { | 
| 839 | pkey=d2i_PrivateKey_bio(key, NULL); | 846 | pkey=d2i_PrivateKey_bio(key, NULL); | 
| @@ -867,7 +874,7 @@ EVP_PKEY *load_key(BIO *err, const char *file, int format, | |||
| 867 | return(pkey); | 874 | return(pkey); | 
| 868 | } | 875 | } | 
| 869 | 876 | ||
| 870 | EVP_PKEY *load_pubkey(BIO *err, const char *file, int format, | 877 | EVP_PKEY *load_pubkey(BIO *err, const char *file, int format, int maybe_stdin, | 
| 871 | const char *pass, ENGINE *e, const char *key_descrip) | 878 | const char *pass, ENGINE *e, const char *key_descrip) | 
| 872 | { | 879 | { | 
| 873 | BIO *key=NULL; | 880 | BIO *key=NULL; | 
| @@ -877,7 +884,7 @@ EVP_PKEY *load_pubkey(BIO *err, const char *file, int format, | |||
| 877 | cb_data.password = pass; | 884 | cb_data.password = pass; | 
| 878 | cb_data.prompt_info = file; | 885 | cb_data.prompt_info = file; | 
| 879 | 886 | ||
| 880 | if (file == NULL) | 887 | if (file == NULL && (!maybe_stdin || format == FORMAT_ENGINE)) | 
| 881 | { | 888 | { | 
| 882 | BIO_printf(err,"no keyfile specified\n"); | 889 | BIO_printf(err,"no keyfile specified\n"); | 
| 883 | goto end; | 890 | goto end; | 
| @@ -897,11 +904,18 @@ EVP_PKEY *load_pubkey(BIO *err, const char *file, int format, | |||
| 897 | ERR_print_errors(err); | 904 | ERR_print_errors(err); | 
| 898 | goto end; | 905 | goto end; | 
| 899 | } | 906 | } | 
| 900 | if (BIO_read_filename(key,file) <= 0) | 907 | if (file == NULL && maybe_stdin) | 
| 901 | { | 908 | { | 
| 902 | BIO_printf(err, "Error opening %s %s\n", key_descrip, file); | 909 | setvbuf(stdin, NULL, _IONBF, 0); | 
| 903 | ERR_print_errors(err); | 910 | BIO_set_fp(key,stdin,BIO_NOCLOSE); | 
| 904 | goto end; | 911 | } | 
| 912 | else | ||
| 913 | if (BIO_read_filename(key,file) <= 0) | ||
| 914 | { | ||
| 915 | BIO_printf(err, "Error opening %s %s\n", | ||
| 916 | key_descrip, file); | ||
| 917 | ERR_print_errors(err); | ||
| 918 | goto end; | ||
| 905 | } | 919 | } | 
| 906 | if (format == FORMAT_ASN1) | 920 | if (format == FORMAT_ASN1) | 
| 907 | { | 921 | { | 
| @@ -1074,6 +1088,7 @@ int set_cert_ex(unsigned long *flags, const char *arg) | |||
| 1074 | { "no_extensions", X509_FLAG_NO_EXTENSIONS, 0}, | 1088 | { "no_extensions", X509_FLAG_NO_EXTENSIONS, 0}, | 
| 1075 | { "no_sigdump", X509_FLAG_NO_SIGDUMP, 0}, | 1089 | { "no_sigdump", X509_FLAG_NO_SIGDUMP, 0}, | 
| 1076 | { "no_aux", X509_FLAG_NO_AUX, 0}, | 1090 | { "no_aux", X509_FLAG_NO_AUX, 0}, | 
| 1091 | { "no_attributes", X509_FLAG_NO_ATTRIBUTES, 0}, | ||
| 1077 | { "ext_default", X509V3_EXT_DEFAULT, X509V3_EXT_UNKNOWN_MASK}, | 1092 | { "ext_default", X509V3_EXT_DEFAULT, X509V3_EXT_UNKNOWN_MASK}, | 
| 1078 | { "ext_error", X509V3_EXT_ERROR_UNKNOWN, X509V3_EXT_UNKNOWN_MASK}, | 1093 | { "ext_error", X509V3_EXT_ERROR_UNKNOWN, X509V3_EXT_UNKNOWN_MASK}, | 
| 1079 | { "ext_parse", X509V3_EXT_PARSE_UNKNOWN, X509V3_EXT_UNKNOWN_MASK}, | 1094 | { "ext_parse", X509V3_EXT_PARSE_UNKNOWN, X509V3_EXT_UNKNOWN_MASK}, | 
| diff --git a/src/lib/libssl/src/apps/apps.h b/src/lib/libssl/src/apps/apps.h index a88902ac13..32a79605ee 100644 --- a/src/lib/libssl/src/apps/apps.h +++ b/src/lib/libssl/src/apps/apps.h | |||
| @@ -233,9 +233,9 @@ int app_passwd(BIO *err, char *arg1, char *arg2, char **pass1, char **pass2); | |||
| 233 | int add_oid_section(BIO *err, CONF *conf); | 233 | int add_oid_section(BIO *err, CONF *conf); | 
| 234 | X509 *load_cert(BIO *err, const char *file, int format, | 234 | X509 *load_cert(BIO *err, const char *file, int format, | 
| 235 | const char *pass, ENGINE *e, const char *cert_descrip); | 235 | const char *pass, ENGINE *e, const char *cert_descrip); | 
| 236 | EVP_PKEY *load_key(BIO *err, const char *file, int format, | 236 | EVP_PKEY *load_key(BIO *err, const char *file, int format, int maybe_stdin, | 
| 237 | const char *pass, ENGINE *e, const char *key_descrip); | 237 | const char *pass, ENGINE *e, const char *key_descrip); | 
| 238 | EVP_PKEY *load_pubkey(BIO *err, const char *file, int format, | 238 | EVP_PKEY *load_pubkey(BIO *err, const char *file, int format, int maybe_stdin, | 
| 239 | const char *pass, ENGINE *e, const char *key_descrip); | 239 | const char *pass, ENGINE *e, const char *key_descrip); | 
| 240 | STACK_OF(X509) *load_certs(BIO *err, const char *file, int format, | 240 | STACK_OF(X509) *load_certs(BIO *err, const char *file, int format, | 
| 241 | const char *pass, ENGINE *e, const char *cert_descrip); | 241 | const char *pass, ENGINE *e, const char *cert_descrip); | 
| diff --git a/src/lib/libssl/src/apps/ca.c b/src/lib/libssl/src/apps/ca.c index 322956de57..492b64f04f 100644 --- a/src/lib/libssl/src/apps/ca.c +++ b/src/lib/libssl/src/apps/ca.c | |||
| @@ -699,7 +699,7 @@ bad: | |||
| 699 | goto err; | 699 | goto err; | 
| 700 | } | 700 | } | 
| 701 | } | 701 | } | 
| 702 | pkey = load_key(bio_err, keyfile, keyform, key, e, | 702 | pkey = load_key(bio_err, keyfile, keyform, 0, key, e, | 
| 703 | "CA private key"); | 703 | "CA private key"); | 
| 704 | if (key) memset(key,0,strlen(key)); | 704 | if (key) memset(key,0,strlen(key)); | 
| 705 | if (pkey == NULL) | 705 | if (pkey == NULL) | 
| @@ -2089,9 +2089,8 @@ again2: | |||
| 2089 | } | 2089 | } | 
| 2090 | } | 2090 | } | 
| 2091 | 2091 | ||
| 2092 | row[DB_name]=X509_NAME_oneline(dn_subject,NULL,0); | ||
| 2093 | row[DB_serial]=BN_bn2hex(serial); | 2092 | row[DB_serial]=BN_bn2hex(serial); | 
| 2094 | if ((row[DB_name] == NULL) || (row[DB_serial] == NULL)) | 2093 | if (row[DB_serial] == NULL) | 
| 2095 | { | 2094 | { | 
| 2096 | BIO_printf(bio_err,"Memory allocation failure\n"); | 2095 | BIO_printf(bio_err,"Memory allocation failure\n"); | 
| 2097 | goto err; | 2096 | goto err; | 
| @@ -2304,10 +2303,10 @@ again2: | |||
| 2304 | 2303 | ||
| 2305 | /* row[DB_serial] done already */ | 2304 | /* row[DB_serial] done already */ | 
| 2306 | row[DB_file]=(char *)OPENSSL_malloc(8); | 2305 | row[DB_file]=(char *)OPENSSL_malloc(8); | 
| 2307 | /* row[DB_name] done already */ | 2306 | row[DB_name]=X509_NAME_oneline(X509_get_subject_name(ret),NULL,0); | 
| 2308 | 2307 | ||
| 2309 | if ((row[DB_type] == NULL) || (row[DB_exp_date] == NULL) || | 2308 | if ((row[DB_type] == NULL) || (row[DB_exp_date] == NULL) || | 
| 2310 | (row[DB_file] == NULL)) | 2309 | (row[DB_file] == NULL) || (row[DB_name] == NULL)) | 
| 2311 | { | 2310 | { | 
| 2312 | BIO_printf(bio_err,"Memory allocation failure\n"); | 2311 | BIO_printf(bio_err,"Memory allocation failure\n"); | 
| 2313 | goto err; | 2312 | goto err; | 
| diff --git a/src/lib/libssl/src/apps/dgst.c b/src/lib/libssl/src/apps/dgst.c index e21c3d83ac..32e40c1f53 100644 --- a/src/lib/libssl/src/apps/dgst.c +++ b/src/lib/libssl/src/apps/dgst.c | |||
| @@ -277,10 +277,10 @@ int MAIN(int argc, char **argv) | |||
| 277 | if(keyfile) | 277 | if(keyfile) | 
| 278 | { | 278 | { | 
| 279 | if (want_pub) | 279 | if (want_pub) | 
| 280 | sigkey = load_pubkey(bio_err, keyfile, keyform, NULL, | 280 | sigkey = load_pubkey(bio_err, keyfile, keyform, 0, NULL, | 
| 281 | e, "key file"); | 281 | e, "key file"); | 
| 282 | else | 282 | else | 
| 283 | sigkey = load_key(bio_err, keyfile, keyform, NULL, | 283 | sigkey = load_key(bio_err, keyfile, keyform, 0, NULL, | 
| 284 | e, "key file"); | 284 | e, "key file"); | 
| 285 | if (!sigkey) | 285 | if (!sigkey) | 
| 286 | { | 286 | { | 
| diff --git a/src/lib/libssl/src/apps/makeapps.com b/src/lib/libssl/src/apps/makeapps.com index 2e666368b7..148246facc 100644 --- a/src/lib/libssl/src/apps/makeapps.com +++ b/src/lib/libssl/src/apps/makeapps.com | |||
| @@ -1086,7 +1086,7 @@ $ CC = CC + "/DEFINE=(" + CCDEFS + ")" + CCDISABLEWARNINGS | |||
| 1086 | $! | 1086 | $! | 
| 1087 | $! Show user the result | 1087 | $! Show user the result | 
| 1088 | $! | 1088 | $! | 
| 1089 | $ WRITE SYS$OUTPUT "Main Compiling Command: ",CC | 1089 | $ WRITE/SYMBOL SYS$OUTPUT "Main Compiling Command: ",CC | 
| 1090 | $! | 1090 | $! | 
| 1091 | $! Special Threads For OpenVMS v7.1 Or Later | 1091 | $! Special Threads For OpenVMS v7.1 Or Later | 
| 1092 | $! | 1092 | $! | 
| diff --git a/src/lib/libssl/src/apps/ocsp.c b/src/lib/libssl/src/apps/ocsp.c index 49a156a1cf..59b97a634b 100644 --- a/src/lib/libssl/src/apps/ocsp.c +++ b/src/lib/libssl/src/apps/ocsp.c | |||
| @@ -613,11 +613,11 @@ int MAIN(int argc, char **argv) | |||
| 613 | NULL, e, "CA certificate"); | 613 | NULL, e, "CA certificate"); | 
| 614 | if (rcertfile) | 614 | if (rcertfile) | 
| 615 | { | 615 | { | 
| 616 | rother = load_certs(bio_err, sign_certfile, FORMAT_PEM, | 616 | rother = load_certs(bio_err, rcertfile, FORMAT_PEM, | 
| 617 | NULL, e, "responder other certificates"); | 617 | NULL, e, "responder other certificates"); | 
| 618 | if (!sign_other) goto end; | 618 | if (!rother) goto end; | 
| 619 | } | 619 | } | 
| 620 | rkey = load_key(bio_err, rkeyfile, FORMAT_PEM, NULL, NULL, | 620 | rkey = load_key(bio_err, rkeyfile, FORMAT_PEM, 0, NULL, NULL, | 
| 621 | "responder private key"); | 621 | "responder private key"); | 
| 622 | if (!rkey) | 622 | if (!rkey) | 
| 623 | goto end; | 623 | goto end; | 
| @@ -663,7 +663,7 @@ int MAIN(int argc, char **argv) | |||
| 663 | NULL, e, "signer certificates"); | 663 | NULL, e, "signer certificates"); | 
| 664 | if (!sign_other) goto end; | 664 | if (!sign_other) goto end; | 
| 665 | } | 665 | } | 
| 666 | key = load_key(bio_err, keyfile, FORMAT_PEM, NULL, NULL, | 666 | key = load_key(bio_err, keyfile, FORMAT_PEM, 0, NULL, NULL, | 
| 667 | "signer private key"); | 667 | "signer private key"); | 
| 668 | if (!key) | 668 | if (!key) | 
| 669 | goto end; | 669 | goto end; | 
| diff --git a/src/lib/libssl/src/apps/pkcs12.c b/src/lib/libssl/src/apps/pkcs12.c index e345cf1489..1697f6157f 100644 --- a/src/lib/libssl/src/apps/pkcs12.c +++ b/src/lib/libssl/src/apps/pkcs12.c | |||
| @@ -427,7 +427,7 @@ int MAIN(int argc, char **argv) | |||
| 427 | CRYPTO_push_info("process -export_cert"); | 427 | CRYPTO_push_info("process -export_cert"); | 
| 428 | CRYPTO_push_info("reading private key"); | 428 | CRYPTO_push_info("reading private key"); | 
| 429 | #endif | 429 | #endif | 
| 430 | key = load_key(bio_err, keyname ? keyname : infile, FORMAT_PEM, | 430 | key = load_key(bio_err, keyname ? keyname : infile, FORMAT_PEM, 1, | 
| 431 | passin, e, "private key"); | 431 | passin, e, "private key"); | 
| 432 | if (!key) { | 432 | if (!key) { | 
| 433 | goto export_end; | 433 | goto export_end; | 
| @@ -508,9 +508,10 @@ int MAIN(int argc, char **argv) | |||
| 508 | /* Exclude verified certificate */ | 508 | /* Exclude verified certificate */ | 
| 509 | for (i = 1; i < sk_X509_num (chain2) ; i++) | 509 | for (i = 1; i < sk_X509_num (chain2) ; i++) | 
| 510 | sk_X509_push(certs, sk_X509_value (chain2, i)); | 510 | sk_X509_push(certs, sk_X509_value (chain2, i)); | 
| 511 | } | 511 | /* Free first certificate */ | 
| 512 | sk_X509_free(chain2); | 512 | X509_free(sk_X509_value(chain2, 0)); | 
| 513 | if (vret) { | 513 | sk_X509_free(chain2); | 
| 514 | } else { | ||
| 514 | BIO_printf (bio_err, "Error %s getting chain.\n", | 515 | BIO_printf (bio_err, "Error %s getting chain.\n", | 
| 515 | X509_verify_cert_error_string(vret)); | 516 | X509_verify_cert_error_string(vret)); | 
| 516 | goto export_end; | 517 | goto export_end; | 
| @@ -537,8 +538,6 @@ int MAIN(int argc, char **argv) | |||
| 537 | } | 538 | } | 
| 538 | sk_X509_pop_free(certs, X509_free); | 539 | sk_X509_pop_free(certs, X509_free); | 
| 539 | certs = NULL; | 540 | certs = NULL; | 
| 540 | /* ucert is part of certs so it is already freed */ | ||
| 541 | ucert = NULL; | ||
| 542 | 541 | ||
| 543 | #ifdef CRYPTO_MDEBUG | 542 | #ifdef CRYPTO_MDEBUG | 
| 544 | CRYPTO_pop_info(); | 543 | CRYPTO_pop_info(); | 
| @@ -627,7 +626,6 @@ int MAIN(int argc, char **argv) | |||
| 627 | if (certs) sk_X509_pop_free(certs, X509_free); | 626 | if (certs) sk_X509_pop_free(certs, X509_free); | 
| 628 | if (safes) sk_PKCS7_pop_free(safes, PKCS7_free); | 627 | if (safes) sk_PKCS7_pop_free(safes, PKCS7_free); | 
| 629 | if (bags) sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free); | 628 | if (bags) sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free); | 
| 630 | if (ucert) X509_free(ucert); | ||
| 631 | 629 | ||
| 632 | #ifdef CRYPTO_MDEBUG | 630 | #ifdef CRYPTO_MDEBUG | 
| 633 | CRYPTO_pop_info(); | 631 | CRYPTO_pop_info(); | 
| diff --git a/src/lib/libssl/src/apps/pkcs8.c b/src/lib/libssl/src/apps/pkcs8.c index ba91caee6b..912e32006b 100644 --- a/src/lib/libssl/src/apps/pkcs8.c +++ b/src/lib/libssl/src/apps/pkcs8.c | |||
| @@ -222,7 +222,8 @@ int MAIN(int argc, char **argv) | |||
| 222 | if (topk8) | 222 | if (topk8) | 
| 223 | { | 223 | { | 
| 224 | BIO_free(in); /* Not needed in this section */ | 224 | BIO_free(in); /* Not needed in this section */ | 
| 225 | pkey = load_key(bio_err, infile, informat, passin, e, "key"); | 225 | pkey = load_key(bio_err, infile, informat, 1, | 
| 226 | passin, e, "key"); | ||
| 226 | if (!pkey) { | 227 | if (!pkey) { | 
| 227 | return (1); | 228 | return (1); | 
| 228 | } | 229 | } | 
| diff --git a/src/lib/libssl/src/apps/req.c b/src/lib/libssl/src/apps/req.c index 5631a3839b..a3c1e0b4c4 100644 --- a/src/lib/libssl/src/apps/req.c +++ b/src/lib/libssl/src/apps/req.c | |||
| @@ -151,7 +151,7 @@ int MAIN(int argc, char **argv) | |||
| 151 | #ifndef OPENSSL_NO_DSA | 151 | #ifndef OPENSSL_NO_DSA | 
| 152 | DSA *dsa_params=NULL; | 152 | DSA *dsa_params=NULL; | 
| 153 | #endif | 153 | #endif | 
| 154 | unsigned long nmflag = 0; | 154 | unsigned long nmflag = 0, reqflag = 0; | 
| 155 | int ex=1,x509=0,days=30; | 155 | int ex=1,x509=0,days=30; | 
| 156 | X509 *x509ss=NULL; | 156 | X509 *x509ss=NULL; | 
| 157 | X509_REQ *req=NULL; | 157 | X509_REQ *req=NULL; | 
| @@ -356,6 +356,11 @@ int MAIN(int argc, char **argv) | |||
| 356 | if (--argc < 1) goto bad; | 356 | if (--argc < 1) goto bad; | 
| 357 | if (!set_name_ex(&nmflag, *(++argv))) goto bad; | 357 | if (!set_name_ex(&nmflag, *(++argv))) goto bad; | 
| 358 | } | 358 | } | 
| 359 | else if (strcmp(*argv,"-reqopt") == 0) | ||
| 360 | { | ||
| 361 | if (--argc < 1) goto bad; | ||
| 362 | if (!set_cert_ex(&reqflag, *(++argv))) goto bad; | ||
| 363 | } | ||
| 359 | else if (strcmp(*argv,"-subject") == 0) | 364 | else if (strcmp(*argv,"-subject") == 0) | 
| 360 | subject=1; | 365 | subject=1; | 
| 361 | else if (strcmp(*argv,"-text") == 0) | 366 | else if (strcmp(*argv,"-text") == 0) | 
| @@ -448,7 +453,8 @@ bad: | |||
| 448 | BIO_printf(bio_err," -extensions .. specify certificate extension section (override value in config file)\n"); | 453 | BIO_printf(bio_err," -extensions .. specify certificate extension section (override value in config file)\n"); | 
| 449 | BIO_printf(bio_err," -reqexts .. specify request extension section (override value in config file)\n"); | 454 | BIO_printf(bio_err," -reqexts .. specify request extension section (override value in config file)\n"); | 
| 450 | BIO_printf(bio_err," -utf8 input characters are UTF8 (default ASCII)\n"); | 455 | BIO_printf(bio_err," -utf8 input characters are UTF8 (default ASCII)\n"); | 
| 451 | BIO_printf(bio_err," -nameopt arg - various certificate name options\n"); | 456 | BIO_printf(bio_err," -nameopt arg - various certificate name options\n"); | 
| 457 | BIO_printf(bio_err," -reqopt arg - various request text options\n\n"); | ||
| 452 | goto end; | 458 | goto end; | 
| 453 | } | 459 | } | 
| 454 | 460 | ||
| @@ -622,7 +628,7 @@ bad: | |||
| 622 | 628 | ||
| 623 | if (keyfile != NULL) | 629 | if (keyfile != NULL) | 
| 624 | { | 630 | { | 
| 625 | pkey = load_key(bio_err, keyfile, keyform, passin, e, | 631 | pkey = load_key(bio_err, keyfile, keyform, 0, passin, e, | 
| 626 | "Private Key"); | 632 | "Private Key"); | 
| 627 | if (!pkey) | 633 | if (!pkey) | 
| 628 | { | 634 | { | 
| @@ -981,9 +987,9 @@ loop: | |||
| 981 | if (text) | 987 | if (text) | 
| 982 | { | 988 | { | 
| 983 | if (x509) | 989 | if (x509) | 
| 984 | X509_print(out,x509ss); | 990 | X509_print_ex(out, x509ss, nmflag, reqflag); | 
| 985 | else | 991 | else | 
| 986 | X509_REQ_print(out,req); | 992 | X509_REQ_print_ex(out, req, nmflag, reqflag); | 
| 987 | } | 993 | } | 
| 988 | 994 | ||
| 989 | if(subject) | 995 | if(subject) | 
| diff --git a/src/lib/libssl/src/apps/rsa.c b/src/lib/libssl/src/apps/rsa.c index 60a3381527..4e19bc16fb 100644 --- a/src/lib/libssl/src/apps/rsa.c +++ b/src/lib/libssl/src/apps/rsa.c | |||
| @@ -238,12 +238,12 @@ bad: | |||
| 238 | if (pubin) | 238 | if (pubin) | 
| 239 | pkey = load_pubkey(bio_err, infile, | 239 | pkey = load_pubkey(bio_err, infile, | 
| 240 | (informat == FORMAT_NETSCAPE && sgckey ? | 240 | (informat == FORMAT_NETSCAPE && sgckey ? | 
| 241 | FORMAT_IISSGC : informat), | 241 | FORMAT_IISSGC : informat), 1, | 
| 242 | passin, e, "Public Key"); | 242 | passin, e, "Public Key"); | 
| 243 | else | 243 | else | 
| 244 | pkey = load_key(bio_err, infile, | 244 | pkey = load_key(bio_err, infile, | 
| 245 | (informat == FORMAT_NETSCAPE && sgckey ? | 245 | (informat == FORMAT_NETSCAPE && sgckey ? | 
| 246 | FORMAT_IISSGC : informat), | 246 | FORMAT_IISSGC : informat), 1, | 
| 247 | passin, e, "Private Key"); | 247 | passin, e, "Private Key"); | 
| 248 | 248 | ||
| 249 | if (pkey != NULL) | 249 | if (pkey != NULL) | 
| diff --git a/src/lib/libssl/src/apps/rsautl.c b/src/lib/libssl/src/apps/rsautl.c index 9b02e6782e..36957e5b84 100644 --- a/src/lib/libssl/src/apps/rsautl.c +++ b/src/lib/libssl/src/apps/rsautl.c | |||
| @@ -169,12 +169,12 @@ int MAIN(int argc, char **argv) | |||
| 169 | 169 | ||
| 170 | switch(key_type) { | 170 | switch(key_type) { | 
| 171 | case KEY_PRIVKEY: | 171 | case KEY_PRIVKEY: | 
| 172 | pkey = load_key(bio_err, keyfile, keyform, | 172 | pkey = load_key(bio_err, keyfile, keyform, 0, | 
| 173 | NULL, e, "Private Key"); | 173 | NULL, e, "Private Key"); | 
| 174 | break; | 174 | break; | 
| 175 | 175 | ||
| 176 | case KEY_PUBKEY: | 176 | case KEY_PUBKEY: | 
| 177 | pkey = load_pubkey(bio_err, keyfile, keyform, | 177 | pkey = load_pubkey(bio_err, keyfile, keyform, 0, | 
| 178 | NULL, e, "Public Key"); | 178 | NULL, e, "Public Key"); | 
| 179 | break; | 179 | break; | 
| 180 | 180 | ||
| diff --git a/src/lib/libssl/src/apps/s_server.c b/src/lib/libssl/src/apps/s_server.c index 497abf44ef..b03231f3ba 100644 --- a/src/lib/libssl/src/apps/s_server.c +++ b/src/lib/libssl/src/apps/s_server.c | |||
| @@ -320,10 +320,10 @@ static char **local_argv; | |||
| 320 | static int ebcdic_new(BIO *bi); | 320 | static int ebcdic_new(BIO *bi); | 
| 321 | static int ebcdic_free(BIO *a); | 321 | static int ebcdic_free(BIO *a); | 
| 322 | static int ebcdic_read(BIO *b, char *out, int outl); | 322 | static int ebcdic_read(BIO *b, char *out, int outl); | 
| 323 | static int ebcdic_write(BIO *b, char *in, int inl); | 323 | static int ebcdic_write(BIO *b, const char *in, int inl); | 
| 324 | static long ebcdic_ctrl(BIO *b, int cmd, long num, char *ptr); | 324 | static long ebcdic_ctrl(BIO *b, int cmd, long num, void *ptr); | 
| 325 | static int ebcdic_gets(BIO *bp, char *buf, int size); | 325 | static int ebcdic_gets(BIO *bp, char *buf, int size); | 
| 326 | static int ebcdic_puts(BIO *bp, char *str); | 326 | static int ebcdic_puts(BIO *bp, const char *str); | 
| 327 | 327 | ||
| 328 | #define BIO_TYPE_EBCDIC_FILTER (18|0x0200) | 328 | #define BIO_TYPE_EBCDIC_FILTER (18|0x0200) | 
| 329 | static BIO_METHOD methods_ebcdic= | 329 | static BIO_METHOD methods_ebcdic= | 
| @@ -388,7 +388,7 @@ static int ebcdic_read(BIO *b, char *out, int outl) | |||
| 388 | return(ret); | 388 | return(ret); | 
| 389 | } | 389 | } | 
| 390 | 390 | ||
| 391 | static int ebcdic_write(BIO *b, char *in, int inl) | 391 | static int ebcdic_write(BIO *b, const char *in, int inl) | 
| 392 | { | 392 | { | 
| 393 | EBCDIC_OUTBUFF *wbuf; | 393 | EBCDIC_OUTBUFF *wbuf; | 
| 394 | int ret=0; | 394 | int ret=0; | 
| @@ -421,7 +421,7 @@ static int ebcdic_write(BIO *b, char *in, int inl) | |||
| 421 | return(ret); | 421 | return(ret); | 
| 422 | } | 422 | } | 
| 423 | 423 | ||
| 424 | static long ebcdic_ctrl(BIO *b, int cmd, long num, char *ptr) | 424 | static long ebcdic_ctrl(BIO *b, int cmd, long num, void *ptr) | 
| 425 | { | 425 | { | 
| 426 | long ret; | 426 | long ret; | 
| 427 | 427 | ||
| @@ -440,7 +440,7 @@ static long ebcdic_ctrl(BIO *b, int cmd, long num, char *ptr) | |||
| 440 | 440 | ||
| 441 | static int ebcdic_gets(BIO *bp, char *buf, int size) | 441 | static int ebcdic_gets(BIO *bp, char *buf, int size) | 
| 442 | { | 442 | { | 
| 443 | int i, ret; | 443 | int i, ret=0; | 
| 444 | if (bp->next_bio == NULL) return(0); | 444 | if (bp->next_bio == NULL) return(0); | 
| 445 | /* return(BIO_gets(bp->next_bio,buf,size));*/ | 445 | /* return(BIO_gets(bp->next_bio,buf,size));*/ | 
| 446 | for (i=0; i<size-1; ++i) | 446 | for (i=0; i<size-1; ++i) | 
| @@ -459,7 +459,7 @@ static int ebcdic_gets(BIO *bp, char *buf, int size) | |||
| 459 | return (ret < 0 && i == 0) ? ret : i; | 459 | return (ret < 0 && i == 0) ? ret : i; | 
| 460 | } | 460 | } | 
| 461 | 461 | ||
| 462 | static int ebcdic_puts(BIO *bp, char *str) | 462 | static int ebcdic_puts(BIO *bp, const char *str) | 
| 463 | { | 463 | { | 
| 464 | if (bp->next_bio == NULL) return(0); | 464 | if (bp->next_bio == NULL) return(0); | 
| 465 | return ebcdic_write(bp, str, strlen(str)); | 465 | return ebcdic_write(bp, str, strlen(str)); | 
| diff --git a/src/lib/libssl/src/apps/smime.c b/src/lib/libssl/src/apps/smime.c index 90fe026f56..ef0e477464 100644 --- a/src/lib/libssl/src/apps/smime.c +++ b/src/lib/libssl/src/apps/smime.c | |||
| @@ -428,7 +428,7 @@ int MAIN(int argc, char **argv) | |||
| 428 | } else keyfile = NULL; | 428 | } else keyfile = NULL; | 
| 429 | 429 | ||
| 430 | if(keyfile) { | 430 | if(keyfile) { | 
| 431 | key = load_key(bio_err, keyfile, keyform, passin, e, | 431 | key = load_key(bio_err, keyfile, keyform, 0, passin, e, | 
| 432 | "signing key file"); | 432 | "signing key file"); | 
| 433 | if (!key) { | 433 | if (!key) { | 
| 434 | goto end; | 434 | goto end; | 
| diff --git a/src/lib/libssl/src/apps/spkac.c b/src/lib/libssl/src/apps/spkac.c index 049a37963c..4ce53e36c9 100644 --- a/src/lib/libssl/src/apps/spkac.c +++ b/src/lib/libssl/src/apps/spkac.c | |||
| @@ -186,7 +186,7 @@ bad: | |||
| 186 | if(keyfile) { | 186 | if(keyfile) { | 
| 187 | pkey = load_key(bio_err, | 187 | pkey = load_key(bio_err, | 
| 188 | strcmp(keyfile, "-") ? keyfile : NULL, | 188 | strcmp(keyfile, "-") ? keyfile : NULL, | 
| 189 | FORMAT_PEM, passin, e, "private key"); | 189 | FORMAT_PEM, 1, passin, e, "private key"); | 
| 190 | if(!pkey) { | 190 | if(!pkey) { | 
| 191 | goto end; | 191 | goto end; | 
| 192 | } | 192 | } | 
| diff --git a/src/lib/libssl/src/apps/x509.c b/src/lib/libssl/src/apps/x509.c index a797da0ffa..5a41c389ee 100644 --- a/src/lib/libssl/src/apps/x509.c +++ b/src/lib/libssl/src/apps/x509.c | |||
| @@ -861,8 +861,8 @@ bad: | |||
| 861 | if (Upkey == NULL) | 861 | if (Upkey == NULL) | 
| 862 | { | 862 | { | 
| 863 | Upkey=load_key(bio_err, | 863 | Upkey=load_key(bio_err, | 
| 864 | keyfile,keyformat, passin, e, | 864 | keyfile, keyformat, 0, | 
| 865 | "Private key"); | 865 | passin, e, "Private key"); | 
| 866 | if (Upkey == NULL) goto end; | 866 | if (Upkey == NULL) goto end; | 
| 867 | } | 867 | } | 
| 868 | #ifndef OPENSSL_NO_DSA | 868 | #ifndef OPENSSL_NO_DSA | 
| @@ -880,8 +880,9 @@ bad: | |||
| 880 | if (CAkeyfile != NULL) | 880 | if (CAkeyfile != NULL) | 
| 881 | { | 881 | { | 
| 882 | CApkey=load_key(bio_err, | 882 | CApkey=load_key(bio_err, | 
| 883 | CAkeyfile,CAkeyformat, passin, | 883 | CAkeyfile, CAkeyformat, | 
| 884 | e, "CA Private Key"); | 884 | 0, passin, e, | 
| 885 | "CA Private Key"); | ||
| 885 | if (CApkey == NULL) goto end; | 886 | if (CApkey == NULL) goto end; | 
| 886 | } | 887 | } | 
| 887 | #ifndef OPENSSL_NO_DSA | 888 | #ifndef OPENSSL_NO_DSA | 
| @@ -908,8 +909,8 @@ bad: | |||
| 908 | else | 909 | else | 
| 909 | { | 910 | { | 
| 910 | pk=load_key(bio_err, | 911 | pk=load_key(bio_err, | 
| 911 | keyfile,FORMAT_PEM, passin, e, | 912 | keyfile, FORMAT_PEM, 0, | 
| 912 | "request key"); | 913 | passin, e, "request key"); | 
| 913 | if (pk == NULL) goto end; | 914 | if (pk == NULL) goto end; | 
| 914 | } | 915 | } | 
| 915 | 916 | ||
| diff --git a/src/lib/libssl/src/config b/src/lib/libssl/src/config index 972cdb70a3..3e9af7680a 100644 --- a/src/lib/libssl/src/config +++ b/src/lib/libssl/src/config | |||
| @@ -393,6 +393,9 @@ exit 0 | |||
| 393 | GCCVER=`(gcc -dumpversion) 2>/dev/null` | 393 | GCCVER=`(gcc -dumpversion) 2>/dev/null` | 
| 394 | if [ "$GCCVER" != "" ]; then | 394 | if [ "$GCCVER" != "" ]; then | 
| 395 | CC=gcc | 395 | CC=gcc | 
| 396 | # then strip off whatever prefix egcs prepends the number with... | ||
| 397 | # Hopefully, this will work for any future prefixes as well. | ||
| 398 | GCCVER=`echo $GCCVER | sed 's/^[a-zA-Z]*\-//'` | ||
| 396 | # Since gcc 3.1 gcc --version behaviour has changed. gcc -dumpversion | 399 | # Since gcc 3.1 gcc --version behaviour has changed. gcc -dumpversion | 
| 397 | # does give us what we want though, so we use that. We just just the | 400 | # does give us what we want though, so we use that. We just just the | 
| 398 | # major and minor version numbers. | 401 | # major and minor version numbers. | 
| diff --git a/src/lib/libssl/src/crypto/asn1/a_bitstr.c b/src/lib/libssl/src/crypto/asn1/a_bitstr.c index ed0bdfbde1..e0265f69d2 100644 --- a/src/lib/libssl/src/crypto/asn1/a_bitstr.c +++ b/src/lib/libssl/src/crypto/asn1/a_bitstr.c | |||
| @@ -120,6 +120,12 @@ ASN1_BIT_STRING *c2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a, unsigned char **pp, | |||
| 120 | unsigned char *p,*s; | 120 | unsigned char *p,*s; | 
| 121 | int i; | 121 | int i; | 
| 122 | 122 | ||
| 123 | if (len < 1) | ||
| 124 | { | ||
| 125 | i=ASN1_R_STRING_TOO_SHORT; | ||
| 126 | goto err; | ||
| 127 | } | ||
| 128 | |||
| 123 | if ((a == NULL) || ((*a) == NULL)) | 129 | if ((a == NULL) || ((*a) == NULL)) | 
| 124 | { | 130 | { | 
| 125 | if ((ret=M_ASN1_BIT_STRING_new()) == NULL) return(NULL); | 131 | if ((ret=M_ASN1_BIT_STRING_new()) == NULL) return(NULL); | 
| diff --git a/src/lib/libssl/src/crypto/asn1/a_strex.c b/src/lib/libssl/src/crypto/asn1/a_strex.c index 8dab29dca1..7ddb7662f1 100644 --- a/src/lib/libssl/src/crypto/asn1/a_strex.c +++ b/src/lib/libssl/src/crypto/asn1/a_strex.c | |||
| @@ -544,7 +544,7 @@ int ASN1_STRING_to_UTF8(unsigned char **out, ASN1_STRING *in) | |||
| 544 | { | 544 | { | 
| 545 | ASN1_STRING stmp, *str = &stmp; | 545 | ASN1_STRING stmp, *str = &stmp; | 
| 546 | int mbflag, type, ret; | 546 | int mbflag, type, ret; | 
| 547 | if(!*out || !in) return -1; | 547 | if(!in) return -1; | 
| 548 | type = in->type; | 548 | type = in->type; | 
| 549 | if((type < 0) || (type > 30)) return -1; | 549 | if((type < 0) || (type > 30)) return -1; | 
| 550 | mbflag = tag2nbyte[type]; | 550 | mbflag = tag2nbyte[type]; | 
| @@ -553,6 +553,6 @@ int ASN1_STRING_to_UTF8(unsigned char **out, ASN1_STRING *in) | |||
| 553 | stmp.data = NULL; | 553 | stmp.data = NULL; | 
| 554 | ret = ASN1_mbstring_copy(&str, in->data, in->length, mbflag, B_ASN1_UTF8STRING); | 554 | ret = ASN1_mbstring_copy(&str, in->data, in->length, mbflag, B_ASN1_UTF8STRING); | 
| 555 | if(ret < 0) return ret; | 555 | if(ret < 0) return ret; | 
| 556 | if(out) *out = stmp.data; | 556 | *out = stmp.data; | 
| 557 | return stmp.length; | 557 | return stmp.length; | 
| 558 | } | 558 | } | 
| diff --git a/src/lib/libssl/src/crypto/asn1/asn1_lib.c b/src/lib/libssl/src/crypto/asn1/asn1_lib.c index 422685a3b4..0638870ab7 100644 --- a/src/lib/libssl/src/crypto/asn1/asn1_lib.c +++ b/src/lib/libssl/src/crypto/asn1/asn1_lib.c | |||
| @@ -57,6 +57,7 @@ | |||
| 57 | */ | 57 | */ | 
| 58 | 58 | ||
| 59 | #include <stdio.h> | 59 | #include <stdio.h> | 
| 60 | #include <limits.h> | ||
| 60 | #include "cryptlib.h" | 61 | #include "cryptlib.h" | 
| 61 | #include <openssl/asn1.h> | 62 | #include <openssl/asn1.h> | 
| 62 | #include <openssl/asn1_mac.h> | 63 | #include <openssl/asn1_mac.h> | 
| @@ -124,7 +125,7 @@ int ASN1_get_object(unsigned char **pp, long *plength, int *ptag, int *pclass, | |||
| 124 | (int)(omax+ *pp)); | 125 | (int)(omax+ *pp)); | 
| 125 | 126 | ||
| 126 | #endif | 127 | #endif | 
| 127 | if (*plength > (omax - (*pp - p))) | 128 | if (*plength > (omax - (p - *pp))) | 
| 128 | { | 129 | { | 
| 129 | ASN1err(ASN1_F_ASN1_GET_OBJECT,ASN1_R_TOO_LONG); | 130 | ASN1err(ASN1_F_ASN1_GET_OBJECT,ASN1_R_TOO_LONG); | 
| 130 | /* Set this so that even if things are not long enough | 131 | /* Set this so that even if things are not long enough | 
| @@ -141,7 +142,7 @@ err: | |||
| 141 | static int asn1_get_length(unsigned char **pp, int *inf, long *rl, int max) | 142 | static int asn1_get_length(unsigned char **pp, int *inf, long *rl, int max) | 
| 142 | { | 143 | { | 
| 143 | unsigned char *p= *pp; | 144 | unsigned char *p= *pp; | 
| 144 | long ret=0; | 145 | unsigned long ret=0; | 
| 145 | int i; | 146 | int i; | 
| 146 | 147 | ||
| 147 | if (max-- < 1) return(0); | 148 | if (max-- < 1) return(0); | 
| @@ -170,10 +171,10 @@ static int asn1_get_length(unsigned char **pp, int *inf, long *rl, int max) | |||
| 170 | else | 171 | else | 
| 171 | ret=i; | 172 | ret=i; | 
| 172 | } | 173 | } | 
| 173 | if (ret < 0) | 174 | if (ret > LONG_MAX) | 
| 174 | return 0; | 175 | return 0; | 
| 175 | *pp=p; | 176 | *pp=p; | 
| 176 | *rl=ret; | 177 | *rl=(long)ret; | 
| 177 | return(1); | 178 | return(1); | 
| 178 | } | 179 | } | 
| 179 | 180 | ||
| diff --git a/src/lib/libssl/src/crypto/asn1/t_req.c b/src/lib/libssl/src/crypto/asn1/t_req.c index 848c29a2dd..739f272ecf 100644 --- a/src/lib/libssl/src/crypto/asn1/t_req.c +++ b/src/lib/libssl/src/crypto/asn1/t_req.c | |||
| @@ -82,7 +82,7 @@ int X509_REQ_print_fp(FILE *fp, X509_REQ *x) | |||
| 82 | } | 82 | } | 
| 83 | #endif | 83 | #endif | 
| 84 | 84 | ||
| 85 | int X509_REQ_print(BIO *bp, X509_REQ *x) | 85 | int X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflags, unsigned long cflag) | 
| 86 | { | 86 | { | 
| 87 | unsigned long l; | 87 | unsigned long l; | 
| 88 | int i; | 88 | int i; | 
| @@ -92,143 +92,185 @@ int X509_REQ_print(BIO *bp, X509_REQ *x) | |||
| 92 | STACK_OF(X509_ATTRIBUTE) *sk; | 92 | STACK_OF(X509_ATTRIBUTE) *sk; | 
| 93 | STACK_OF(X509_EXTENSION) *exts; | 93 | STACK_OF(X509_EXTENSION) *exts; | 
| 94 | char str[128]; | 94 | char str[128]; | 
| 95 | char mlch = ' '; | ||
| 96 | int nmindent = 0; | ||
| 97 | |||
| 98 | if((nmflags & XN_FLAG_SEP_MASK) == XN_FLAG_SEP_MULTILINE) { | ||
| 99 | mlch = '\n'; | ||
| 100 | nmindent = 12; | ||
| 101 | } | ||
| 102 | |||
| 103 | if(nmflags == X509_FLAG_COMPAT) | ||
| 104 | nmindent = 16; | ||
| 105 | |||
| 95 | 106 | ||
| 96 | ri=x->req_info; | 107 | ri=x->req_info; | 
| 97 | sprintf(str,"Certificate Request:\n"); | 108 | if(!(cflag & X509_FLAG_NO_HEADER)) | 
| 98 | if (BIO_puts(bp,str) <= 0) goto err; | ||
| 99 | sprintf(str,"%4sData:\n",""); | ||
| 100 | if (BIO_puts(bp,str) <= 0) goto err; | ||
| 101 | |||
| 102 | neg=(ri->version->type == V_ASN1_NEG_INTEGER)?"-":""; | ||
| 103 | l=0; | ||
| 104 | for (i=0; i<ri->version->length; i++) | ||
| 105 | { l<<=8; l+=ri->version->data[i]; } | ||
| 106 | sprintf(str,"%8sVersion: %s%lu (%s0x%lx)\n","",neg,l,neg,l); | ||
| 107 | if (BIO_puts(bp,str) <= 0) goto err; | ||
| 108 | sprintf(str,"%8sSubject: ",""); | ||
| 109 | if (BIO_puts(bp,str) <= 0) goto err; | ||
| 110 | |||
| 111 | X509_NAME_print(bp,ri->subject,16); | ||
| 112 | sprintf(str,"\n%8sSubject Public Key Info:\n",""); | ||
| 113 | if (BIO_puts(bp,str) <= 0) goto err; | ||
| 114 | i=OBJ_obj2nid(ri->pubkey->algor->algorithm); | ||
| 115 | sprintf(str,"%12sPublic Key Algorithm: %s\n","", | ||
| 116 | (i == NID_undef)?"UNKNOWN":OBJ_nid2ln(i)); | ||
| 117 | if (BIO_puts(bp,str) <= 0) goto err; | ||
| 118 | |||
| 119 | pkey=X509_REQ_get_pubkey(x); | ||
| 120 | #ifndef OPENSSL_NO_RSA | ||
| 121 | if (pkey != NULL && pkey->type == EVP_PKEY_RSA) | ||
| 122 | { | 109 | { | 
| 123 | BIO_printf(bp,"%12sRSA Public Key: (%d bit)\n","", | 110 | if (BIO_write(bp,"Certificate Request:\n",21) <= 0) goto err; | 
| 124 | BN_num_bits(pkey->pkey.rsa->n)); | 111 | if (BIO_write(bp," Data:\n",10) <= 0) goto err; | 
| 125 | RSA_print(bp,pkey->pkey.rsa,16); | ||
| 126 | } | 112 | } | 
| 127 | else | 113 | if(!(cflag & X509_FLAG_NO_VERSION)) | 
| 128 | #endif | ||
| 129 | #ifndef OPENSSL_NO_DSA | ||
| 130 | if (pkey != NULL && pkey->type == EVP_PKEY_DSA) | ||
| 131 | { | 114 | { | 
| 132 | BIO_printf(bp,"%12sDSA Public Key:\n",""); | 115 | neg=(ri->version->type == V_ASN1_NEG_INTEGER)?"-":""; | 
| 133 | DSA_print(bp,pkey->pkey.dsa,16); | 116 | l=0; | 
| 117 | for (i=0; i<ri->version->length; i++) | ||
| 118 | { l<<=8; l+=ri->version->data[i]; } | ||
| 119 | sprintf(str,"%8sVersion: %s%lu (%s0x%lx)\n","",neg,l,neg,l); | ||
| 120 | if (BIO_puts(bp,str) <= 0) goto err; | ||
| 134 | } | 121 | } | 
| 135 | else | 122 | if(!(cflag & X509_FLAG_NO_SUBJECT)) | 
| 136 | #endif | 123 | { | 
| 137 | BIO_printf(bp,"%12sUnknown Public Key:\n",""); | 124 | if (BIO_printf(bp," Subject:%c",mlch) <= 0) goto err; | 
| 125 | if (X509_NAME_print_ex(bp,ri->subject,nmindent, nmflags) < 0) goto err; | ||
| 126 | if (BIO_write(bp,"\n",1) <= 0) goto err; | ||
| 127 | } | ||
| 128 | if(!(cflag & X509_FLAG_NO_PUBKEY)) | ||
| 129 | { | ||
| 130 | if (BIO_write(bp," Subject Public Key Info:\n",33) <= 0) | ||
| 131 | goto err; | ||
| 132 | if (BIO_printf(bp,"%12sPublic Key Algorithm: ","") <= 0) | ||
| 133 | goto err; | ||
| 134 | if (i2a_ASN1_OBJECT(bp, ri->pubkey->algor->algorithm) <= 0) | ||
| 135 | goto err; | ||
| 136 | if (BIO_puts(bp, "\n") <= 0) | ||
| 137 | goto err; | ||
| 138 | 138 | ||
| 139 | if (pkey != NULL) | 139 | pkey=X509_REQ_get_pubkey(x); | 
| 140 | EVP_PKEY_free(pkey); | 140 | if (pkey == NULL) | 
| 141 | { | ||
| 142 | BIO_printf(bp,"%12sUnable to load Public Key\n",""); | ||
| 143 | ERR_print_errors(bp); | ||
| 144 | } | ||
| 145 | else | ||
| 146 | #ifndef OPENSSL_NO_RSA | ||
| 147 | if (pkey->type == EVP_PKEY_RSA) | ||
| 148 | { | ||
| 149 | BIO_printf(bp,"%12sRSA Public Key: (%d bit)\n","", | ||
| 150 | BN_num_bits(pkey->pkey.rsa->n)); | ||
| 151 | RSA_print(bp,pkey->pkey.rsa,16); | ||
| 152 | } | ||
| 153 | else | ||
| 154 | #endif | ||
| 155 | #ifndef OPENSSL_NO_DSA | ||
| 156 | if (pkey->type == EVP_PKEY_DSA) | ||
| 157 | { | ||
| 158 | BIO_printf(bp,"%12sDSA Public Key:\n",""); | ||
| 159 | DSA_print(bp,pkey->pkey.dsa,16); | ||
| 160 | } | ||
| 161 | else | ||
| 162 | #endif | ||
| 163 | BIO_printf(bp,"%12sUnknown Public Key:\n",""); | ||
| 141 | 164 | ||
| 142 | /* may not be */ | 165 | EVP_PKEY_free(pkey); | 
| 143 | sprintf(str,"%8sAttributes:\n",""); | 166 | } | 
| 144 | if (BIO_puts(bp,str) <= 0) goto err; | ||
| 145 | 167 | ||
| 146 | sk=x->req_info->attributes; | 168 | if(!(cflag & X509_FLAG_NO_ATTRIBUTES)) | 
| 147 | if (sk_X509_ATTRIBUTE_num(sk) == 0) | ||
| 148 | { | 169 | { | 
| 149 | sprintf(str,"%12sa0:00\n",""); | 170 | /* may not be */ | 
| 171 | sprintf(str,"%8sAttributes:\n",""); | ||
| 150 | if (BIO_puts(bp,str) <= 0) goto err; | 172 | if (BIO_puts(bp,str) <= 0) goto err; | 
| 151 | } | 173 | |
| 152 | else | 174 | sk=x->req_info->attributes; | 
| 153 | { | 175 | if (sk_X509_ATTRIBUTE_num(sk) == 0) | 
| 154 | for (i=0; i<sk_X509_ATTRIBUTE_num(sk); i++) | ||
| 155 | { | 176 | { | 
| 156 | ASN1_TYPE *at; | 177 | sprintf(str,"%12sa0:00\n",""); | 
| 157 | X509_ATTRIBUTE *a; | ||
| 158 | ASN1_BIT_STRING *bs=NULL; | ||
| 159 | ASN1_TYPE *t; | ||
| 160 | int j,type=0,count=1,ii=0; | ||
| 161 | |||
| 162 | a=sk_X509_ATTRIBUTE_value(sk,i); | ||
| 163 | if(X509_REQ_extension_nid(OBJ_obj2nid(a->object))) | ||
| 164 | continue; | ||
| 165 | sprintf(str,"%12s",""); | ||
| 166 | if (BIO_puts(bp,str) <= 0) goto err; | 178 | if (BIO_puts(bp,str) <= 0) goto err; | 
| 167 | if ((j=i2a_ASN1_OBJECT(bp,a->object)) > 0) | 179 | } | 
| 180 | else | ||
| 168 | { | 181 | { | 
| 169 | if (a->single) | 182 | for (i=0; i<sk_X509_ATTRIBUTE_num(sk); i++) | 
| 170 | { | 183 | { | 
| 171 | t=a->value.single; | 184 | ASN1_TYPE *at; | 
| 172 | type=t->type; | 185 | X509_ATTRIBUTE *a; | 
| 173 | bs=t->value.bit_string; | 186 | ASN1_BIT_STRING *bs=NULL; | 
| 174 | } | 187 | ASN1_TYPE *t; | 
| 175 | else | 188 | int j,type=0,count=1,ii=0; | 
| 189 | |||
| 190 | a=sk_X509_ATTRIBUTE_value(sk,i); | ||
| 191 | if(X509_REQ_extension_nid(OBJ_obj2nid(a->object))) | ||
| 192 | continue; | ||
| 193 | sprintf(str,"%12s",""); | ||
| 194 | if (BIO_puts(bp,str) <= 0) goto err; | ||
| 195 | if ((j=i2a_ASN1_OBJECT(bp,a->object)) > 0) | ||
| 176 | { | 196 | { | 
| 177 | ii=0; | 197 | if (a->single) | 
| 178 | count=sk_ASN1_TYPE_num(a->value.set); | 198 | { | 
| 199 | t=a->value.single; | ||
| 200 | type=t->type; | ||
| 201 | bs=t->value.bit_string; | ||
| 202 | } | ||
| 203 | else | ||
| 204 | { | ||
| 205 | ii=0; | ||
| 206 | count=sk_ASN1_TYPE_num(a->value.set); | ||
| 179 | get_next: | 207 | get_next: | 
| 180 | at=sk_ASN1_TYPE_value(a->value.set,ii); | 208 | at=sk_ASN1_TYPE_value(a->value.set,ii); | 
| 181 | type=at->type; | 209 | type=at->type; | 
| 182 | bs=at->value.asn1_string; | 210 | bs=at->value.asn1_string; | 
| 211 | } | ||
| 212 | } | ||
| 213 | for (j=25-j; j>0; j--) | ||
| 214 | if (BIO_write(bp," ",1) != 1) goto err; | ||
| 215 | if (BIO_puts(bp,":") <= 0) goto err; | ||
| 216 | if ( (type == V_ASN1_PRINTABLESTRING) || | ||
| 217 | (type == V_ASN1_T61STRING) || | ||
| 218 | (type == V_ASN1_IA5STRING)) | ||
| 219 | { | ||
| 220 | if (BIO_write(bp,(char *)bs->data,bs->length) | ||
| 221 | != bs->length) | ||
| 222 | goto err; | ||
| 223 | BIO_puts(bp,"\n"); | ||
| 224 | } | ||
| 225 | else | ||
| 226 | { | ||
| 227 | BIO_puts(bp,"unable to print attribute\n"); | ||
| 228 | } | ||
| 229 | if (++ii < count) goto get_next; | ||
| 183 | } | 230 | } | 
| 184 | } | 231 | } | 
| 185 | for (j=25-j; j>0; j--) | 232 | } | 
| 186 | if (BIO_write(bp," ",1) != 1) goto err; | 233 | if(!(cflag & X509_FLAG_NO_ATTRIBUTES)) | 
| 187 | if (BIO_puts(bp,":") <= 0) goto err; | 234 | { | 
| 188 | if ( (type == V_ASN1_PRINTABLESTRING) || | 235 | exts = X509_REQ_get_extensions(x); | 
| 189 | (type == V_ASN1_T61STRING) || | 236 | if(exts) | 
| 190 | (type == V_ASN1_IA5STRING)) | 237 | { | 
| 238 | BIO_printf(bp,"%8sRequested Extensions:\n",""); | ||
| 239 | for (i=0; i<sk_X509_EXTENSION_num(exts); i++) | ||
| 191 | { | 240 | { | 
| 192 | if (BIO_write(bp,(char *)bs->data,bs->length) | 241 | ASN1_OBJECT *obj; | 
| 193 | != bs->length) | 242 | X509_EXTENSION *ex; | 
| 243 | int j; | ||
| 244 | ex=sk_X509_EXTENSION_value(exts, i); | ||
| 245 | if (BIO_printf(bp,"%12s","") <= 0) goto err; | ||
| 246 | obj=X509_EXTENSION_get_object(ex); | ||
| 247 | i2a_ASN1_OBJECT(bp,obj); | ||
| 248 | j=X509_EXTENSION_get_critical(ex); | ||
| 249 | if (BIO_printf(bp,": %s\n",j?"critical":"","") <= 0) | ||
| 194 | goto err; | 250 | goto err; | 
| 195 | BIO_puts(bp,"\n"); | 251 | if(!X509V3_EXT_print(bp, ex, 0, 16)) | 
| 196 | } | 252 | { | 
| 197 | else | 253 | BIO_printf(bp, "%16s", ""); | 
| 198 | { | 254 | M_ASN1_OCTET_STRING_print(bp,ex->value); | 
| 199 | BIO_puts(bp,"unable to print attribute\n"); | 255 | } | 
| 256 | if (BIO_write(bp,"\n",1) <= 0) goto err; | ||
| 200 | } | 257 | } | 
| 201 | if (++ii < count) goto get_next; | 258 | sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free); | 
| 202 | } | 259 | } | 
| 203 | } | 260 | } | 
| 204 | 261 | ||
| 205 | exts = X509_REQ_get_extensions(x); | 262 | if(!(cflag & X509_FLAG_NO_SIGDUMP)) | 
| 206 | if(exts) { | 263 | { | 
| 207 | BIO_printf(bp,"%8sRequested Extensions:\n",""); | 264 | if(!X509_signature_print(bp, x->sig_alg, x->signature)) goto err; | 
| 208 | for (i=0; i<sk_X509_EXTENSION_num(exts); i++) { | ||
| 209 | ASN1_OBJECT *obj; | ||
| 210 | X509_EXTENSION *ex; | ||
| 211 | int j; | ||
| 212 | ex=sk_X509_EXTENSION_value(exts, i); | ||
| 213 | if (BIO_printf(bp,"%12s","") <= 0) goto err; | ||
| 214 | obj=X509_EXTENSION_get_object(ex); | ||
| 215 | i2a_ASN1_OBJECT(bp,obj); | ||
| 216 | j=X509_EXTENSION_get_critical(ex); | ||
| 217 | if (BIO_printf(bp,": %s\n",j?"critical":"","") <= 0) | ||
| 218 | goto err; | ||
| 219 | if(!X509V3_EXT_print(bp, ex, 0, 16)) { | ||
| 220 | BIO_printf(bp, "%16s", ""); | ||
| 221 | M_ASN1_OCTET_STRING_print(bp,ex->value); | ||
| 222 | } | ||
| 223 | if (BIO_write(bp,"\n",1) <= 0) goto err; | ||
| 224 | } | 265 | } | 
| 225 | sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free); | ||
| 226 | } | ||
| 227 | |||
| 228 | if(!X509_signature_print(bp, x->sig_alg, x->signature)) goto err; | ||
| 229 | 266 | ||
| 230 | return(1); | 267 | return(1); | 
| 231 | err: | 268 | err: | 
| 232 | X509err(X509_F_X509_REQ_PRINT,ERR_R_BUF_LIB); | 269 | X509err(X509_F_X509_REQ_PRINT,ERR_R_BUF_LIB); | 
| 233 | return(0); | 270 | return(0); | 
| 234 | } | 271 | } | 
| 272 | |||
| 273 | int X509_REQ_print(BIO *bp, X509_REQ *x) | ||
| 274 | { | ||
| 275 | return X509_REQ_print_ex(bp, x, XN_FLAG_COMPAT, X509_FLAG_COMPAT); | ||
| 276 | } | ||
| diff --git a/src/lib/libssl/src/crypto/asn1/tasn_dec.c b/src/lib/libssl/src/crypto/asn1/tasn_dec.c index 0fc1f421e2..f87c08793a 100644 --- a/src/lib/libssl/src/crypto/asn1/tasn_dec.c +++ b/src/lib/libssl/src/crypto/asn1/tasn_dec.c | |||
| @@ -913,10 +913,10 @@ static int asn1_check_tlen(long *olen, int *otag, unsigned char *oclass, char *i | |||
| 913 | ctx->ptag = ptag; | 913 | ctx->ptag = ptag; | 
| 914 | ctx->hdrlen = p - q; | 914 | ctx->hdrlen = p - q; | 
| 915 | ctx->valid = 1; | 915 | ctx->valid = 1; | 
| 916 | /* If definite length, length + header can't exceed total | 916 | /* If definite length, and no error, length + | 
| 917 | * amount of data available. | 917 | * header can't exceed total amount of data available. | 
| 918 | */ | 918 | */ | 
| 919 | if(!(i & 1) && ((plen + ctx->hdrlen) > len)) { | 919 | if(!(i & 0x81) && ((plen + ctx->hdrlen) > len)) { | 
| 920 | ASN1err(ASN1_F_ASN1_CHECK_TLEN, ASN1_R_TOO_LONG); | 920 | ASN1err(ASN1_F_ASN1_CHECK_TLEN, ASN1_R_TOO_LONG); | 
| 921 | asn1_tlc_clear(ctx); | 921 | asn1_tlc_clear(ctx); | 
| 922 | return 0; | 922 | return 0; | 
| diff --git a/src/lib/libssl/src/crypto/bio/b_print.c b/src/lib/libssl/src/crypto/bio/b_print.c index 3ce1290772..80c9cb69db 100644 --- a/src/lib/libssl/src/crypto/bio/b_print.c +++ b/src/lib/libssl/src/crypto/bio/b_print.c | |||
| @@ -109,7 +109,7 @@ | |||
| 109 | * o ... (for OpenSSL) | 109 | * o ... (for OpenSSL) | 
| 110 | */ | 110 | */ | 
| 111 | 111 | ||
| 112 | #if HAVE_LONG_DOUBLE | 112 | #ifdef HAVE_LONG_DOUBLE | 
| 113 | #define LDOUBLE long double | 113 | #define LDOUBLE long double | 
| 114 | #else | 114 | #else | 
| 115 | #define LDOUBLE double | 115 | #define LDOUBLE double | 
| diff --git a/src/lib/libssl/src/crypto/bn/bn.h b/src/lib/libssl/src/crypto/bn/bn.h index 1eaf879553..b40682f831 100644 --- a/src/lib/libssl/src/crypto/bn/bn.h +++ b/src/lib/libssl/src/crypto/bn/bn.h | |||
| @@ -430,7 +430,7 @@ int BN_mod_mul_montgomery(BIGNUM *r,const BIGNUM *a,const BIGNUM *b, | |||
| 430 | int BN_from_montgomery(BIGNUM *r,const BIGNUM *a, | 430 | int BN_from_montgomery(BIGNUM *r,const BIGNUM *a, | 
| 431 | BN_MONT_CTX *mont, BN_CTX *ctx); | 431 | BN_MONT_CTX *mont, BN_CTX *ctx); | 
| 432 | void BN_MONT_CTX_free(BN_MONT_CTX *mont); | 432 | void BN_MONT_CTX_free(BN_MONT_CTX *mont); | 
| 433 | int BN_MONT_CTX_set(BN_MONT_CTX *mont,const BIGNUM *modulus,BN_CTX *ctx); | 433 | int BN_MONT_CTX_set(BN_MONT_CTX *mont,const BIGNUM *mod,BN_CTX *ctx); | 
| 434 | BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to,BN_MONT_CTX *from); | 434 | BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to,BN_MONT_CTX *from); | 
| 435 | 435 | ||
| 436 | BN_BLINDING *BN_BLINDING_new(BIGNUM *A,BIGNUM *Ai,BIGNUM *mod); | 436 | BN_BLINDING *BN_BLINDING_new(BIGNUM *A,BIGNUM *Ai,BIGNUM *mod); | 
| diff --git a/src/lib/libssl/src/crypto/cryptlib.c b/src/lib/libssl/src/crypto/cryptlib.c index d301b376f7..612b3b93b4 100644 --- a/src/lib/libssl/src/crypto/cryptlib.c +++ b/src/lib/libssl/src/crypto/cryptlib.c | |||
| @@ -492,11 +492,3 @@ BOOL WINAPI DLLEntryPoint(HINSTANCE hinstDLL, DWORD fdwReason, | |||
| 492 | #endif | 492 | #endif | 
| 493 | 493 | ||
| 494 | #endif | 494 | #endif | 
| 495 | |||
| 496 | void OpenSSLDie(const char *file,int line,const char *assertion) | ||
| 497 | { | ||
| 498 | fprintf(stderr,"%s(%d): OpenSSL internal error, assertion failed: %s\n", | ||
| 499 | file,line,assertion); | ||
| 500 | abort(); | ||
| 501 | } | ||
| 502 | |||
| diff --git a/src/lib/libssl/src/crypto/cryptlib.h b/src/lib/libssl/src/crypto/cryptlib.h index 985a6d377c..88e4ae509f 100644 --- a/src/lib/libssl/src/crypto/cryptlib.h +++ b/src/lib/libssl/src/crypto/cryptlib.h | |||
| @@ -93,10 +93,6 @@ extern "C" { | |||
| 93 | #define DECIMAL_SIZE(type) ((sizeof(type)*8+2)/3+1) | 93 | #define DECIMAL_SIZE(type) ((sizeof(type)*8+2)/3+1) | 
| 94 | #define HEX_SIZE(type) ((sizeof(type)*2) | 94 | #define HEX_SIZE(type) ((sizeof(type)*2) | 
| 95 | 95 | ||
| 96 | /* die if we have to */ | ||
| 97 | void OpenSSLDie(const char *file,int line,const char *assertion); | ||
| 98 | #define die(e) ((e) ? (void)0 : OpenSSLDie(__FILE__, __LINE__, #e)) | ||
| 99 | |||
| 100 | #ifdef __cplusplus | 96 | #ifdef __cplusplus | 
| 101 | } | 97 | } | 
| 102 | #endif | 98 | #endif | 
| diff --git a/src/lib/libssl/src/crypto/crypto-lib.com b/src/lib/libssl/src/crypto/crypto-lib.com index 4847a69a71..dfcff11860 100644 --- a/src/lib/libssl/src/crypto/crypto-lib.com +++ b/src/lib/libssl/src/crypto/crypto-lib.com | |||
| @@ -231,7 +231,7 @@ $ LIB_RAND = "md_rand,randfile,rand_lib,rand_err,rand_egd,"+ - | |||
| 231 | "rand_vms" | 231 | "rand_vms" | 
| 232 | $ LIB_ERR = "err,err_all,err_prn" | 232 | $ LIB_ERR = "err,err_all,err_prn" | 
| 233 | $ LIB_OBJECTS = "o_names,obj_dat,obj_lib,obj_err" | 233 | $ LIB_OBJECTS = "o_names,obj_dat,obj_lib,obj_err" | 
| 234 | $ LIB_EVP = "encode,digest,evp_enc,evp_key,"+ - | 234 | $ LIB_EVP = "encode,digest,evp_enc,evp_key,evp_acnf,"+ - | 
| 235 | "e_des,e_bf,e_idea,e_des3,"+ - | 235 | "e_des,e_bf,e_idea,e_des3,"+ - | 
| 236 | "e_rc4,e_aes,names,"+ - | 236 | "e_rc4,e_aes,names,"+ - | 
| 237 | "e_xcbc_d,e_rc2,e_cast,e_rc5" | 237 | "e_xcbc_d,e_rc2,e_cast,e_rc5" | 
| @@ -265,14 +265,14 @@ $ LIB_X509V3 = "v3_bcons,v3_bitst,v3_conf,v3_extku,v3_ia5,v3_lib,"+ - | |||
| 265 | "v3_prn,v3_utl,v3err,v3_genn,v3_alt,v3_skey,v3_akey,v3_pku,"+ - | 265 | "v3_prn,v3_utl,v3err,v3_genn,v3_alt,v3_skey,v3_akey,v3_pku,"+ - | 
| 266 | "v3_int,v3_enum,v3_sxnet,v3_cpols,v3_crld,v3_purp,v3_info,"+ - | 266 | "v3_int,v3_enum,v3_sxnet,v3_cpols,v3_crld,v3_purp,v3_info,"+ - | 
| 267 | "v3_ocsp,v3_akeya" | 267 | "v3_ocsp,v3_akeya" | 
| 268 | $ LIB_CONF = "conf_err,conf_lib,conf_api,conf_def,conf_mod,conf_mall" | 268 | $ LIB_CONF = "conf_err,conf_lib,conf_api,conf_def,conf_mod,conf_mall,conf_sap" | 
| 269 | $ LIB_TXT_DB = "txt_db" | 269 | $ LIB_TXT_DB = "txt_db" | 
| 270 | $ LIB_PKCS7 = "pk7_asn1,pk7_lib,pkcs7err,pk7_doit,pk7_smime,pk7_attr,"+ - | 270 | $ LIB_PKCS7 = "pk7_asn1,pk7_lib,pkcs7err,pk7_doit,pk7_smime,pk7_attr,"+ - | 
| 271 | "pk7_mime" | 271 | "pk7_mime" | 
| 272 | $ LIB_PKCS12 = "p12_add,p12_asn,p12_attr,p12_crpt,p12_crt,p12_decr,"+ - | 272 | $ LIB_PKCS12 = "p12_add,p12_asn,p12_attr,p12_crpt,p12_crt,p12_decr,"+ - | 
| 273 | "p12_init,p12_key,p12_kiss,p12_mutl,"+ - | 273 | "p12_init,p12_key,p12_kiss,p12_mutl,"+ - | 
| 274 | "p12_utl,p12_npas,pk12err,p12_p8d,p12_p8e" | 274 | "p12_utl,p12_npas,pk12err,p12_p8d,p12_p8e" | 
| 275 | $ LIB_COMP = "comp_lib,"+ - | 275 | $ LIB_COMP = "comp_lib,comp_err,"+ - | 
| 276 | "c_rle,c_zlib" | 276 | "c_rle,c_zlib" | 
| 277 | $ LIB_OCSP = "ocsp_asn,ocsp_ext,ocsp_ht,ocsp_lib,ocsp_cl,"+ - | 277 | $ LIB_OCSP = "ocsp_asn,ocsp_ext,ocsp_ht,ocsp_lib,ocsp_cl,"+ - | 
| 278 | "ocsp_srv,ocsp_prn,ocsp_vfy,ocsp_err" | 278 | "ocsp_srv,ocsp_prn,ocsp_vfy,ocsp_err" | 
| @@ -1325,7 +1325,7 @@ $ CC4 = CC - CCDISABLEWARNINGS + CC4DISABLEWARNINGS | |||
| 1325 | $! | 1325 | $! | 
| 1326 | $! Show user the result | 1326 | $! Show user the result | 
| 1327 | $! | 1327 | $! | 
| 1328 | $ WRITE SYS$OUTPUT "Main C Compiling Command: ",CC | 1328 | $ WRITE/SYMBOL SYS$OUTPUT "Main C Compiling Command: ",CC | 
| 1329 | $! | 1329 | $! | 
| 1330 | $! Else The User Entered An Invalid Arguement. | 1330 | $! Else The User Entered An Invalid Arguement. | 
| 1331 | $! | 1331 | $! | 
| @@ -1356,7 +1356,7 @@ $ IF ARCH .EQS. "AXP" THEN MACRO = "MACRO/MIGRATION/''DEBUGGER'/''MACRO_OPTIMIZE | |||
| 1356 | $! | 1356 | $! | 
| 1357 | $! Show user the result | 1357 | $! Show user the result | 
| 1358 | $! | 1358 | $! | 
| 1359 | $ WRITE SYS$OUTPUT "Main MACRO Compiling Command: ",MACRO | 1359 | $ WRITE/SYMBOL SYS$OUTPUT "Main MACRO Compiling Command: ",MACRO | 
| 1360 | $! | 1360 | $! | 
| 1361 | $! Time to check the contents, and to make sure we get the correct library. | 1361 | $! Time to check the contents, and to make sure we get the correct library. | 
| 1362 | $! | 1362 | $! | 
| diff --git a/src/lib/libssl/src/crypto/des/des_ver.h b/src/lib/libssl/src/crypto/des/des_ver.h index 0fa94d5368..379bbadda2 100644 --- a/src/lib/libssl/src/crypto/des/des_ver.h +++ b/src/lib/libssl/src/crypto/des/des_ver.h | |||
| @@ -63,5 +63,9 @@ | |||
| 63 | # define OPENSSL_EXTERN OPENSSL_EXPORT | 63 | # define OPENSSL_EXTERN OPENSSL_EXPORT | 
| 64 | #endif | 64 | #endif | 
| 65 | 65 | ||
| 66 | OPENSSL_EXTERN char *DES_version; /* SSLeay version string */ | 66 | /* The following macros make sure the names are different from libdes names */ | 
| 67 | OPENSSL_EXTERN char *libdes_version; /* old libdes version string */ | 67 | #define DES_version OSSL_DES_version | 
| 68 | #define libdes_version OSSL_libdes_version | ||
| 69 | |||
| 70 | OPENSSL_EXTERN const char *OSSL_DES_version; /* SSLeay version string */ | ||
| 71 | OPENSSL_EXTERN const char *OSSL_libdes_version; /* old libdes version string */ | ||
| diff --git a/src/lib/libssl/src/crypto/des/ecb_enc.c b/src/lib/libssl/src/crypto/des/ecb_enc.c index 4650f2fa0f..1b70f68806 100644 --- a/src/lib/libssl/src/crypto/des/ecb_enc.c +++ b/src/lib/libssl/src/crypto/des/ecb_enc.c | |||
| @@ -57,6 +57,7 @@ | |||
| 57 | */ | 57 | */ | 
| 58 | 58 | ||
| 59 | #include "des_locl.h" | 59 | #include "des_locl.h" | 
| 60 | #include "des_ver.h" | ||
| 60 | #include "spr.h" | 61 | #include "spr.h" | 
| 61 | #include <openssl/opensslv.h> | 62 | #include <openssl/opensslv.h> | 
| 62 | 63 | ||
| diff --git a/src/lib/libssl/src/crypto/des/set_key.c b/src/lib/libssl/src/crypto/des/set_key.c index 683916e71b..143008ed9c 100644 --- a/src/lib/libssl/src/crypto/des/set_key.c +++ b/src/lib/libssl/src/crypto/des/set_key.c | |||
| @@ -342,7 +342,7 @@ void DES_set_key_unchecked(const_DES_cblock *key, DES_key_schedule *schedule) | |||
| 342 | register DES_LONG *k; | 342 | register DES_LONG *k; | 
| 343 | register int i; | 343 | register int i; | 
| 344 | 344 | ||
| 345 | #if OPENBSD_DEV_CRYPTO | 345 | #ifdef OPENBSD_DEV_CRYPTO | 
| 346 | memcpy(schedule->key,key,sizeof schedule->key); | 346 | memcpy(schedule->key,key,sizeof schedule->key); | 
| 347 | schedule->session=NULL; | 347 | schedule->session=NULL; | 
| 348 | #endif | 348 | #endif | 
| diff --git a/src/lib/libssl/src/crypto/engine/hw_4758_cca.c b/src/lib/libssl/src/crypto/engine/hw_4758_cca.c index 1053c52082..bfb80968e2 100644 --- a/src/lib/libssl/src/crypto/engine/hw_4758_cca.c +++ b/src/lib/libssl/src/crypto/engine/hw_4758_cca.c | |||
| @@ -953,7 +953,7 @@ static void cca_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad, int idx, | |||
| 953 | #ifdef ENGINE_DYNAMIC_SUPPORT | 953 | #ifdef ENGINE_DYNAMIC_SUPPORT | 
| 954 | static int bind_fn(ENGINE *e, const char *id) | 954 | static int bind_fn(ENGINE *e, const char *id) | 
| 955 | { | 955 | { | 
| 956 | if(id && (strcmp(id, engine_cswift_id) != 0)) | 956 | if(id && (strcmp(id, engine_4758_cca_id) != 0)) | 
| 957 | return 0; | 957 | return 0; | 
| 958 | if(!bind_helper(e)) | 958 | if(!bind_helper(e)) | 
| 959 | return 0; | 959 | return 0; | 
| diff --git a/src/lib/libssl/src/crypto/engine/hw_ubsec.c b/src/lib/libssl/src/crypto/engine/hw_ubsec.c index 63397f868c..ed8401ec16 100644 --- a/src/lib/libssl/src/crypto/engine/hw_ubsec.c +++ b/src/lib/libssl/src/crypto/engine/hw_ubsec.c | |||
| @@ -93,7 +93,7 @@ static int ubsec_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa); | |||
| 93 | static int ubsec_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, | 93 | static int ubsec_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, | 
| 94 | const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); | 94 | const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); | 
| 95 | #ifndef OPENSSL_NO_DSA | 95 | #ifndef OPENSSL_NO_DSA | 
| 96 | #if NOT_USED | 96 | #ifdef NOT_USED | 
| 97 | static int ubsec_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1, | 97 | static int ubsec_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1, | 
| 98 | BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m, | 98 | BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m, | 
| 99 | BN_CTX *ctx, BN_MONT_CTX *in_mont); | 99 | BN_CTX *ctx, BN_MONT_CTX *in_mont); | 
| @@ -113,7 +113,7 @@ static int ubsec_dh_compute_key(unsigned char *key,const BIGNUM *pub_key,DH *dh) | |||
| 113 | static int ubsec_dh_generate_key(DH *dh); | 113 | static int ubsec_dh_generate_key(DH *dh); | 
| 114 | #endif | 114 | #endif | 
| 115 | 115 | ||
| 116 | #if NOT_USED | 116 | #ifdef NOT_USED | 
| 117 | static int ubsec_rand_bytes(unsigned char *buf, int num); | 117 | static int ubsec_rand_bytes(unsigned char *buf, int num); | 
| 118 | static int ubsec_rand_status(void); | 118 | static int ubsec_rand_status(void); | 
| 119 | #endif | 119 | #endif | 
| @@ -663,7 +663,7 @@ static int ubsec_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, | |||
| 663 | } | 663 | } | 
| 664 | 664 | ||
| 665 | #ifndef OPENSSL_NO_DSA | 665 | #ifndef OPENSSL_NO_DSA | 
| 666 | #if NOT_USED | 666 | #ifdef NOT_USED | 
| 667 | static int ubsec_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1, | 667 | static int ubsec_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1, | 
| 668 | BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m, | 668 | BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m, | 
| 669 | BN_CTX *ctx, BN_MONT_CTX *in_mont) | 669 | BN_CTX *ctx, BN_MONT_CTX *in_mont) | 
| @@ -987,7 +987,7 @@ err: | |||
| 987 | } | 987 | } | 
| 988 | #endif | 988 | #endif | 
| 989 | 989 | ||
| 990 | #if NOT_USED | 990 | #ifdef NOT_USED | 
| 991 | static int ubsec_rand_bytes(unsigned char * buf, | 991 | static int ubsec_rand_bytes(unsigned char * buf, | 
| 992 | int num) | 992 | int num) | 
| 993 | { | 993 | { | 
| diff --git a/src/lib/libssl/src/crypto/evp/evp_locl.h b/src/lib/libssl/src/crypto/evp/evp_locl.h index 7b088b4848..4d81a3bf4c 100644 --- a/src/lib/libssl/src/crypto/evp/evp_locl.h +++ b/src/lib/libssl/src/crypto/evp/evp_locl.h | |||
| @@ -124,17 +124,17 @@ const EVP_CIPHER *EVP_##cname##_##mode(void) { return &cname##_##mode; } | |||
| 124 | BLOCK_CIPHER_def1(cname, cbc, cbc, CBC, kstruct, nid, block_size, key_len, \ | 124 | BLOCK_CIPHER_def1(cname, cbc, cbc, CBC, kstruct, nid, block_size, key_len, \ | 
| 125 | iv_len, flags, init_key, cleanup, set_asn1, get_asn1, ctrl) | 125 | iv_len, flags, init_key, cleanup, set_asn1, get_asn1, ctrl) | 
| 126 | 126 | ||
| 127 | #define BLOCK_CIPHER_def_cfb(cname, kstruct, nid, block_size, key_len, \ | 127 | #define BLOCK_CIPHER_def_cfb(cname, kstruct, nid, key_len, \ | 
| 128 | iv_len, cbits, flags, init_key, cleanup, \ | 128 | iv_len, cbits, flags, init_key, cleanup, \ | 
| 129 | set_asn1, get_asn1, ctrl) \ | 129 | set_asn1, get_asn1, ctrl) \ | 
| 130 | BLOCK_CIPHER_def1(cname, cfb##cbits, cfb, CFB, kstruct, nid, block_size, \ | 130 | BLOCK_CIPHER_def1(cname, cfb##cbits, cfb, CFB, kstruct, nid, 1, \ | 
| 131 | key_len, iv_len, flags, init_key, cleanup, set_asn1, \ | 131 | key_len, iv_len, flags, init_key, cleanup, set_asn1, \ | 
| 132 | get_asn1, ctrl) | 132 | get_asn1, ctrl) | 
| 133 | 133 | ||
| 134 | #define BLOCK_CIPHER_def_ofb(cname, kstruct, nid, block_size, key_len, \ | 134 | #define BLOCK_CIPHER_def_ofb(cname, kstruct, nid, key_len, \ | 
| 135 | iv_len, cbits, flags, init_key, cleanup, \ | 135 | iv_len, cbits, flags, init_key, cleanup, \ | 
| 136 | set_asn1, get_asn1, ctrl) \ | 136 | set_asn1, get_asn1, ctrl) \ | 
| 137 | BLOCK_CIPHER_def1(cname, ofb##cbits, ofb, OFB, kstruct, nid, block_size, \ | 137 | BLOCK_CIPHER_def1(cname, ofb##cbits, ofb, OFB, kstruct, nid, 1, \ | 
| 138 | key_len, iv_len, flags, init_key, cleanup, set_asn1, \ | 138 | key_len, iv_len, flags, init_key, cleanup, set_asn1, \ | 
| 139 | get_asn1, ctrl) | 139 | get_asn1, ctrl) | 
| 140 | 140 | ||
| @@ -149,9 +149,9 @@ BLOCK_CIPHER_def1(cname, ecb, ecb, ECB, kstruct, nid, block_size, key_len, \ | |||
| 149 | init_key, cleanup, set_asn1, get_asn1, ctrl) \ | 149 | init_key, cleanup, set_asn1, get_asn1, ctrl) \ | 
| 150 | BLOCK_CIPHER_def_cbc(cname, kstruct, nid, block_size, key_len, iv_len, flags, \ | 150 | BLOCK_CIPHER_def_cbc(cname, kstruct, nid, block_size, key_len, iv_len, flags, \ | 
| 151 | init_key, cleanup, set_asn1, get_asn1, ctrl) \ | 151 | init_key, cleanup, set_asn1, get_asn1, ctrl) \ | 
| 152 | BLOCK_CIPHER_def_cfb(cname, kstruct, nid, block_size, key_len, iv_len, cbits, \ | 152 | BLOCK_CIPHER_def_cfb(cname, kstruct, nid, key_len, iv_len, cbits, \ | 
| 153 | flags, init_key, cleanup, set_asn1, get_asn1, ctrl) \ | 153 | flags, init_key, cleanup, set_asn1, get_asn1, ctrl) \ | 
| 154 | BLOCK_CIPHER_def_ofb(cname, kstruct, nid, block_size, key_len, iv_len, cbits, \ | 154 | BLOCK_CIPHER_def_ofb(cname, kstruct, nid, key_len, iv_len, cbits, \ | 
| 155 | flags, init_key, cleanup, set_asn1, get_asn1, ctrl) \ | 155 | flags, init_key, cleanup, set_asn1, get_asn1, ctrl) \ | 
| 156 | BLOCK_CIPHER_def_ecb(cname, kstruct, nid, block_size, key_len, iv_len, flags, \ | 156 | BLOCK_CIPHER_def_ecb(cname, kstruct, nid, block_size, key_len, iv_len, flags, \ | 
| 157 | init_key, cleanup, set_asn1, get_asn1, ctrl) | 157 | init_key, cleanup, set_asn1, get_asn1, ctrl) | 
| diff --git a/src/lib/libssl/src/crypto/mem.c b/src/lib/libssl/src/crypto/mem.c index effec714e8..a7826908e6 100644 --- a/src/lib/libssl/src/crypto/mem.c +++ b/src/lib/libssl/src/crypto/mem.c | |||
| @@ -303,6 +303,9 @@ void *CRYPTO_realloc(void *str, int num, const char *file, int line) | |||
| 303 | { | 303 | { | 
| 304 | void *ret = NULL; | 304 | void *ret = NULL; | 
| 305 | 305 | ||
| 306 | if (str == NULL) | ||
| 307 | return CRYPTO_malloc(num, file, line); | ||
| 308 | |||
| 306 | if (realloc_debug_func != NULL) | 309 | if (realloc_debug_func != NULL) | 
| 307 | realloc_debug_func(str, NULL, num, file, line, 0); | 310 | realloc_debug_func(str, NULL, num, file, line, 0); | 
| 308 | ret = realloc_ex_func(str,num,file,line); | 311 | ret = realloc_ex_func(str,num,file,line); | 
| diff --git a/src/lib/libssl/src/crypto/objects/obj_dat.c b/src/lib/libssl/src/crypto/objects/obj_dat.c index 02c3719f04..ce779dc1b5 100644 --- a/src/lib/libssl/src/crypto/objects/obj_dat.c +++ b/src/lib/libssl/src/crypto/objects/obj_dat.c | |||
| @@ -425,7 +425,7 @@ ASN1_OBJECT *OBJ_txt2obj(const char *s, int no_name) | |||
| 425 | a2d_ASN1_OBJECT(p,i,s,-1); | 425 | a2d_ASN1_OBJECT(p,i,s,-1); | 
| 426 | 426 | ||
| 427 | p=buf; | 427 | p=buf; | 
| 428 | op=d2i_ASN1_OBJECT(NULL,&p,i); | 428 | op=d2i_ASN1_OBJECT(NULL,&p,j); | 
| 429 | OPENSSL_free(buf); | 429 | OPENSSL_free(buf); | 
| 430 | return op; | 430 | return op; | 
| 431 | } | 431 | } | 
| diff --git a/src/lib/libssl/src/crypto/pem/pem_lib.c b/src/lib/libssl/src/crypto/pem/pem_lib.c index 18b751a91a..a8db6ffbf5 100644 --- a/src/lib/libssl/src/crypto/pem/pem_lib.c +++ b/src/lib/libssl/src/crypto/pem/pem_lib.c | |||
| @@ -366,8 +366,11 @@ err: | |||
| 366 | memset(iv,0,sizeof(iv)); | 366 | memset(iv,0,sizeof(iv)); | 
| 367 | memset((char *)&ctx,0,sizeof(ctx)); | 367 | memset((char *)&ctx,0,sizeof(ctx)); | 
| 368 | memset(buf,0,PEM_BUFSIZE); | 368 | memset(buf,0,PEM_BUFSIZE); | 
| 369 | memset(data,0,(unsigned int)dsize); | 369 | if (data != NULL) | 
| 370 | OPENSSL_free(data); | 370 | { | 
| 371 | memset(data,0,(unsigned int)dsize); | ||
| 372 | OPENSSL_free(data); | ||
| 373 | } | ||
| 371 | return(ret); | 374 | return(ret); | 
| 372 | } | 375 | } | 
| 373 | 376 | ||
| diff --git a/src/lib/libssl/src/crypto/pkcs12/p12_asn.c b/src/lib/libssl/src/crypto/pkcs12/p12_asn.c index c327bdba03..a3739fee1a 100644 --- a/src/lib/libssl/src/crypto/pkcs12/p12_asn.c +++ b/src/lib/libssl/src/crypto/pkcs12/p12_asn.c | |||
| @@ -83,8 +83,8 @@ ASN1_ADB_TEMPLATE(bag_default) = ASN1_EXP(PKCS12_BAGS, value.other, ASN1_ANY, 0) | |||
| 83 | 83 | ||
| 84 | ASN1_ADB(PKCS12_BAGS) = { | 84 | ASN1_ADB(PKCS12_BAGS) = { | 
| 85 | ADB_ENTRY(NID_x509Certificate, ASN1_EXP(PKCS12_BAGS, value.x509cert, ASN1_OCTET_STRING, 0)), | 85 | ADB_ENTRY(NID_x509Certificate, ASN1_EXP(PKCS12_BAGS, value.x509cert, ASN1_OCTET_STRING, 0)), | 
| 86 | ADB_ENTRY(NID_x509Certificate, ASN1_EXP(PKCS12_BAGS, value.x509crl, ASN1_OCTET_STRING, 0)), | 86 | ADB_ENTRY(NID_x509Crl, ASN1_EXP(PKCS12_BAGS, value.x509crl, ASN1_OCTET_STRING, 0)), | 
| 87 | ADB_ENTRY(NID_x509Certificate, ASN1_EXP(PKCS12_BAGS, value.sdsicert, ASN1_IA5STRING, 0)), | 87 | ADB_ENTRY(NID_sdsiCertificate, ASN1_EXP(PKCS12_BAGS, value.sdsicert, ASN1_IA5STRING, 0)), | 
| 88 | } ASN1_ADB_END(PKCS12_BAGS, 0, type, 0, &bag_default_tt, NULL); | 88 | } ASN1_ADB_END(PKCS12_BAGS, 0, type, 0, &bag_default_tt, NULL); | 
| 89 | 89 | ||
| 90 | ASN1_SEQUENCE(PKCS12_BAGS) = { | 90 | ASN1_SEQUENCE(PKCS12_BAGS) = { | 
| @@ -98,7 +98,7 @@ ASN1_ADB_TEMPLATE(safebag_default) = ASN1_EXP(PKCS12_SAFEBAG, value.other, ASN1_ | |||
| 98 | 98 | ||
| 99 | ASN1_ADB(PKCS12_SAFEBAG) = { | 99 | ASN1_ADB(PKCS12_SAFEBAG) = { | 
| 100 | ADB_ENTRY(NID_keyBag, ASN1_EXP(PKCS12_SAFEBAG, value.keybag, PKCS8_PRIV_KEY_INFO, 0)), | 100 | ADB_ENTRY(NID_keyBag, ASN1_EXP(PKCS12_SAFEBAG, value.keybag, PKCS8_PRIV_KEY_INFO, 0)), | 
| 101 | ADB_ENTRY(NID_pkcs8ShroudedKeyBag, ASN1_EXP(PKCS12_SAFEBAG, value.keybag, X509_SIG, 0)), | 101 | ADB_ENTRY(NID_pkcs8ShroudedKeyBag, ASN1_EXP(PKCS12_SAFEBAG, value.shkeybag, X509_SIG, 0)), | 
| 102 | ADB_ENTRY(NID_safeContentsBag, ASN1_EXP_SET_OF(PKCS12_SAFEBAG, value.safes, PKCS12_SAFEBAG, 0)), | 102 | ADB_ENTRY(NID_safeContentsBag, ASN1_EXP_SET_OF(PKCS12_SAFEBAG, value.safes, PKCS12_SAFEBAG, 0)), | 
| 103 | ADB_ENTRY(NID_certBag, ASN1_EXP(PKCS12_SAFEBAG, value.bag, PKCS12_BAGS, 0)), | 103 | ADB_ENTRY(NID_certBag, ASN1_EXP(PKCS12_SAFEBAG, value.bag, PKCS12_BAGS, 0)), | 
| 104 | ADB_ENTRY(NID_crlBag, ASN1_EXP(PKCS12_SAFEBAG, value.bag, PKCS12_BAGS, 0)), | 104 | ADB_ENTRY(NID_crlBag, ASN1_EXP(PKCS12_SAFEBAG, value.bag, PKCS12_BAGS, 0)), | 
| diff --git a/src/lib/libssl/src/crypto/pkcs7/pk7_lib.c b/src/lib/libssl/src/crypto/pkcs7/pk7_lib.c index c00ed6833a..985b07245c 100644 --- a/src/lib/libssl/src/crypto/pkcs7/pk7_lib.c +++ b/src/lib/libssl/src/crypto/pkcs7/pk7_lib.c | |||
| @@ -74,6 +74,13 @@ long PKCS7_ctrl(PKCS7 *p7, int cmd, long larg, char *parg) | |||
| 74 | if (nid == NID_pkcs7_signed) | 74 | if (nid == NID_pkcs7_signed) | 
| 75 | { | 75 | { | 
| 76 | ret=p7->detached=(int)larg; | 76 | ret=p7->detached=(int)larg; | 
| 77 | if (ret && PKCS7_type_is_data(p7->d.sign->contents)) | ||
| 78 | { | ||
| 79 | ASN1_OCTET_STRING *os; | ||
| 80 | os=p7->d.sign->contents->d.data; | ||
| 81 | ASN1_OCTET_STRING_free(os); | ||
| 82 | p7->d.sign->contents->d.data = NULL; | ||
| 83 | } | ||
| 77 | } | 84 | } | 
| 78 | else | 85 | else | 
| 79 | { | 86 | { | 
| diff --git a/src/lib/libssl/src/crypto/ripemd/rmdtest.c b/src/lib/libssl/src/crypto/ripemd/rmdtest.c index 19e9741db2..be1fb8b1f6 100644 --- a/src/lib/libssl/src/crypto/ripemd/rmdtest.c +++ b/src/lib/libssl/src/crypto/ripemd/rmdtest.c | |||
| @@ -59,7 +59,6 @@ | |||
| 59 | #include <stdio.h> | 59 | #include <stdio.h> | 
| 60 | #include <string.h> | 60 | #include <string.h> | 
| 61 | #include <stdlib.h> | 61 | #include <stdlib.h> | 
| 62 | #include <openssl/ripemd.h> | ||
| 63 | 62 | ||
| 64 | #ifdef OPENSSL_NO_RIPEMD | 63 | #ifdef OPENSSL_NO_RIPEMD | 
| 65 | int main(int argc, char *argv[]) | 64 | int main(int argc, char *argv[]) | 
| @@ -68,6 +67,7 @@ int main(int argc, char *argv[]) | |||
| 68 | return(0); | 67 | return(0); | 
| 69 | } | 68 | } | 
| 70 | #else | 69 | #else | 
| 70 | #include <openssl/ripemd.h> | ||
| 71 | #include <openssl/evp.h> | 71 | #include <openssl/evp.h> | 
| 72 | 72 | ||
| 73 | #ifdef CHARSET_EBCDIC | 73 | #ifdef CHARSET_EBCDIC | 
| diff --git a/src/lib/libssl/src/crypto/x509/x509.h b/src/lib/libssl/src/crypto/x509/x509.h index c75aa0c717..7095440d36 100644 --- a/src/lib/libssl/src/crypto/x509/x509.h +++ b/src/lib/libssl/src/crypto/x509/x509.h | |||
| @@ -331,6 +331,7 @@ DECLARE_STACK_OF(X509_TRUST) | |||
| 331 | #define X509_FLAG_NO_EXTENSIONS (1L << 8) | 331 | #define X509_FLAG_NO_EXTENSIONS (1L << 8) | 
| 332 | #define X509_FLAG_NO_SIGDUMP (1L << 9) | 332 | #define X509_FLAG_NO_SIGDUMP (1L << 9) | 
| 333 | #define X509_FLAG_NO_AUX (1L << 10) | 333 | #define X509_FLAG_NO_AUX (1L << 10) | 
| 334 | #define X509_FLAG_NO_ATTRIBUTES (1L << 11) | ||
| 334 | 335 | ||
| 335 | /* Flags specific to X509_NAME_print_ex() */ | 336 | /* Flags specific to X509_NAME_print_ex() */ | 
| 336 | 337 | ||
| @@ -1015,6 +1016,7 @@ int X509_print(BIO *bp,X509 *x); | |||
| 1015 | int X509_ocspid_print(BIO *bp,X509 *x); | 1016 | int X509_ocspid_print(BIO *bp,X509 *x); | 
| 1016 | int X509_CERT_AUX_print(BIO *bp,X509_CERT_AUX *x, int indent); | 1017 | int X509_CERT_AUX_print(BIO *bp,X509_CERT_AUX *x, int indent); | 
| 1017 | int X509_CRL_print(BIO *bp,X509_CRL *x); | 1018 | int X509_CRL_print(BIO *bp,X509_CRL *x); | 
| 1019 | int X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflag, unsigned long cflag); | ||
| 1018 | int X509_REQ_print(BIO *bp,X509_REQ *req); | 1020 | int X509_REQ_print(BIO *bp,X509_REQ *req); | 
| 1019 | #endif | 1021 | #endif | 
| 1020 | 1022 | ||
| diff --git a/src/lib/libssl/src/demos/engines/cluster_labs/Makefile b/src/lib/libssl/src/demos/engines/cluster_labs/Makefile new file mode 100644 index 0000000000..956193f093 --- /dev/null +++ b/src/lib/libssl/src/demos/engines/cluster_labs/Makefile | |||
| @@ -0,0 +1,114 @@ | |||
| 1 | LIBNAME= libclabs | ||
| 2 | SRC= hw_cluster_labs.c | ||
| 3 | OBJ= hw_cluster_labs.o | ||
| 4 | HEADER= hw_cluster_labs.h | ||
| 5 | |||
| 6 | CC= gcc | ||
| 7 | PIC= -fPIC | ||
| 8 | CFLAGS= -g -I../../../include $(PIC) -DENGINE_DYNAMIC_SUPPORT -DFLAT_INC | ||
| 9 | AR= ar r | ||
| 10 | RANLIB= ranlib | ||
| 11 | |||
| 12 | LIB= $(LIBNAME).a | ||
| 13 | SHLIB= $(LIBNAME).so | ||
| 14 | |||
| 15 | all: | ||
| 16 | @echo 'Please choose a system to build on:' | ||
| 17 | @echo '' | ||
| 18 | @echo 'tru64: Tru64 Unix, Digital Unix, Digital OSF/1' | ||
| 19 | @echo 'solaris: Solaris' | ||
| 20 | @echo 'irix: IRIX' | ||
| 21 | @echo 'hpux32: 32-bit HP/UX' | ||
| 22 | @echo 'hpux64: 64-bit HP/UX' | ||
| 23 | @echo 'aix: AIX' | ||
| 24 | @echo 'gnu: Generic GNU-based system (gcc and GNU ld)' | ||
| 25 | @echo '' | ||
| 26 | |||
| 27 | FORCE.update: | ||
| 28 | update: FORCE.update | ||
| 29 | perl ../../../util/mkerr.pl -conf hw_cluster_labs.ec \ | ||
| 30 | -nostatic -staticloader -write hw_cluster_labs.c | ||
| 31 | |||
| 32 | gnu: $(SHLIB).gnu | ||
| 33 | tru64: $(SHLIB).tru64 | ||
| 34 | solaris: $(SHLIB).solaris | ||
| 35 | irix: $(SHLIB).irix | ||
| 36 | hpux32: $(SHLIB).hpux32 | ||
| 37 | hpux64: $(SHLIB).hpux64 | ||
| 38 | aix: $(SHLIB).aix | ||
| 39 | |||
| 40 | $(LIB): $(OBJ) | ||
| 41 | $(AR) $(LIB) $(OBJ) | ||
| 42 | - $(RANLIB) $(LIB) | ||
| 43 | |||
| 44 | LINK_SO= \ | ||
| 45 | ld -r -o $(LIBNAME).o $$ALLSYMSFLAGS $(LIB) && \ | ||
| 46 | (nm -Pg $(LIBNAME).o | grep ' [BDT] ' | cut -f1 -d' ' > $(LIBNAME).exp; \ | ||
| 47 | $$SHAREDCMD $$SHAREDFLAGS -o $(SHLIB) $(LIBNAME).o -L ../../.. -lcrypto -lc) | ||
| 48 | |||
| 49 | $(SHLIB).gnu: $(LIB) | ||
| 50 | ALLSYMSFLAGS='--whole-archive' \ | ||
| 51 | SHAREDFLAGS='-shared -Wl,-soname=$(SHLIB)' \ | ||
| 52 | SHAREDCMD='$(CC)'; \ | ||
| 53 | $(LINK_SO) | ||
| 54 | touch $(SHLIB).gnu | ||
| 55 | $(SHLIB).tru64: $(LIB) | ||
| 56 | ALLSYMSFLAGS='-all' \ | ||
| 57 | SHAREDFLAGS='-shared' \ | ||
| 58 | SHAREDCMD='$(CC)'; \ | ||
| 59 | $(LINK_SO) | ||
| 60 | touch $(SHLIB).tru64 | ||
| 61 | $(SHLIB).solaris: $(LIB) | ||
| 62 | ALLSYMSFLAGS='-z allextract' \ | ||
| 63 | SHAREDFLAGS='-G -h $(SHLIB)' \ | ||
| 64 | SHAREDCMD='$(CC)'; \ | ||
| 65 | $(LINK_SO) | ||
| 66 | touch $(SHLIB).solaris | ||
| 67 | $(SHLIB).irix: $(LIB) | ||
| 68 | ALLSYMSFLAGS='-all' \ | ||
| 69 | SHAREDFLAGS='-shared -Wl,-soname,$(SHLIB)' \ | ||
| 70 | SHAREDCMD='$(CC)'; \ | ||
| 71 | $(LINK_SO) | ||
| 72 | touch $(SHLIB).irix | ||
| 73 | $(SHLIB).hpux32: $(LIB) | ||
| 74 | ALLSYMSFLAGS='-Fl' \ | ||
| 75 | SHAREDFLAGS='+vnocompatwarnings -b -z +s +h $(SHLIB)' \ | ||
| 76 | SHAREDCMD='/usr/ccs/bin/ld'; \ | ||
| 77 | $(LINK_SO) | ||
| 78 | touch $(SHLIB).hpux32 | ||
| 79 | $(SHLIB).hpux64: $(LIB) | ||
| 80 | ALLSYMSFLAGS='+forceload' \ | ||
| 81 | SHAREDFLAGS='-b -z +h $(SHLIB)' \ | ||
| 82 | SHAREDCMD='/usr/ccs/bin/ld'; \ | ||
| 83 | $(LINK_SO) | ||
| 84 | touch $(SHLIB).hpux64 | ||
| 85 | $(SHLIB).aix: $(LIB) | ||
| 86 | ALLSYMSFLAGS='-bnogc' \ | ||
| 87 | SHAREDFLAGS='-G -bE:$(LIBNAME).exp -bM:SRE' \ | ||
| 88 | SHAREDCMD='$(CC)'; \ | ||
| 89 | $(LINK_SO) | ||
| 90 | touch $(SHLIB).aix | ||
| 91 | |||
| 92 | depend: | ||
| 93 | sed -e '/^# DO NOT DELETE.*/,$$d' < Makefile > Makefile.tmp | ||
| 94 | echo '# DO NOT DELETE THIS LINE -- make depend depends on it.' >> Makefile.tmp | ||
| 95 | gcc -M $(CFLAGS) $(SRC) >> Makefile.tmp | ||
| 96 | perl ../../../util/clean-depend.pl < Makefile.tmp > Makefile.new | ||
| 97 | rm -f Makefile.tmp Makefile | ||
| 98 | mv Makefile.new Makefile | ||
| 99 | |||
| 100 | # DO NOT DELETE THIS LINE -- make depend depends on it. | ||
| 101 | |||
| 102 | rsaref.o: ../../../include/openssl/asn1.h ../../../include/openssl/bio.h | ||
| 103 | rsaref.o: ../../../include/openssl/bn.h ../../../include/openssl/crypto.h | ||
| 104 | rsaref.o: ../../../include/openssl/dh.h ../../../include/openssl/dsa.h | ||
| 105 | rsaref.o: ../../../include/openssl/e_os2.h ../../../include/openssl/engine.h | ||
| 106 | rsaref.o: ../../../include/openssl/err.h ../../../include/openssl/lhash.h | ||
| 107 | rsaref.o: ../../../include/openssl/opensslconf.h | ||
| 108 | rsaref.o: ../../../include/openssl/opensslv.h | ||
| 109 | rsaref.o: ../../../include/openssl/ossl_typ.h ../../../include/openssl/rand.h | ||
| 110 | rsaref.o: ../../../include/openssl/rsa.h ../../../include/openssl/safestack.h | ||
| 111 | rsaref.o: ../../../include/openssl/stack.h ../../../include/openssl/symhacks.h | ||
| 112 | rsaref.o: ../../../include/openssl/ui.h rsaref.c rsaref_err.c rsaref_err.h | ||
| 113 | rsaref.o: source/des.h source/global.h source/md2.h source/md5.h source/rsa.h | ||
| 114 | rsaref.o: source/rsaref.h | ||
| diff --git a/src/lib/libssl/src/demos/engines/cluster_labs/cluster_labs.h b/src/lib/libssl/src/demos/engines/cluster_labs/cluster_labs.h new file mode 100644 index 0000000000..d0926796f0 --- /dev/null +++ b/src/lib/libssl/src/demos/engines/cluster_labs/cluster_labs.h | |||
| @@ -0,0 +1,35 @@ | |||
| 1 | typedef int cl_engine_init(void); | ||
| 2 | typedef int cl_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, | ||
| 3 | const BIGNUM *m, BN_CTX *cgx); | ||
| 4 | typedef int cl_mod_exp_crt(BIGNUM *r, BIGNUM *a, const BIGNUM *p, | ||
| 5 | const BIGNUM *q, const BIGNUM *dmp1, const BIGNUM *dmq1, | ||
| 6 | const BIGNUM *iqmp, BN_CTX *ctx); | ||
| 7 | typedef int cl_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa); | ||
| 8 | typedef int cl_rsa_pub_enc(int flen, const unsigned char *from, | ||
| 9 | unsigned char *to, RSA *rsa, int padding); | ||
| 10 | typedef int cl_rsa_pub_dec(int flen, const unsigned char *from, | ||
| 11 | unsigned char *to, RSA *rsa, int padding); | ||
| 12 | typedef int cl_rsa_priv_enc(int flen, const unsigned char *from, | ||
| 13 | unsigned char *to, RSA *rsa, int padding); | ||
| 14 | typedef int cl_rsa_priv_dec(int flen, const unsigned char *from, | ||
| 15 | unsigned char *to, RSA *rsa, int padding); | ||
| 16 | typedef int cl_rand_bytes(unsigned char *buf, int num); | ||
| 17 | typedef DSA_SIG *cl_dsa_sign(const unsigned char *dgst, int dlen, DSA *dsa); | ||
| 18 | typedef int cl_dsa_verify(const unsigned char *dgst, int dgst_len, | ||
| 19 | DSA_SIG *sig, DSA *dsa); | ||
| 20 | |||
| 21 | |||
| 22 | static const char *CLUSTER_LABS_LIB_NAME = "cluster_labs"; | ||
| 23 | static const char *CLUSTER_LABS_F1 = "hw_engine_init"; | ||
| 24 | static const char *CLUSTER_LABS_F2 = "hw_mod_exp"; | ||
| 25 | static const char *CLUSTER_LABS_F3 = "hw_mod_exp_crt"; | ||
| 26 | static const char *CLUSTER_LABS_F4 = "hw_rsa_mod_exp"; | ||
| 27 | static const char *CLUSTER_LABS_F5 = "hw_rsa_priv_enc"; | ||
| 28 | static const char *CLUSTER_LABS_F6 = "hw_rsa_priv_dec"; | ||
| 29 | static const char *CLUSTER_LABS_F7 = "hw_rsa_pub_enc"; | ||
| 30 | static const char *CLUSTER_LABS_F8 = "hw_rsa_pub_dec"; | ||
| 31 | static const char *CLUSTER_LABS_F20 = "hw_rand_bytes"; | ||
| 32 | static const char *CLUSTER_LABS_F30 = "hw_dsa_sign"; | ||
| 33 | static const char *CLUSTER_LABS_F31 = "hw_dsa_verify"; | ||
| 34 | |||
| 35 | |||
| diff --git a/src/lib/libssl/src/demos/engines/cluster_labs/hw_cluster_labs.c b/src/lib/libssl/src/demos/engines/cluster_labs/hw_cluster_labs.c new file mode 100644 index 0000000000..00c14f2755 --- /dev/null +++ b/src/lib/libssl/src/demos/engines/cluster_labs/hw_cluster_labs.c | |||
| @@ -0,0 +1,718 @@ | |||
| 1 | /* crypto/engine/hw_cluster_labs.c */ | ||
| 2 | /* Written by Jan Tschirschwitz (jan.tschirschwitz@cluster-labs.com | ||
| 3 | * for the OpenSSL project 2000. | ||
| 4 | */ | ||
| 5 | /* ==================================================================== | ||
| 6 | * Copyright (c) 1999 The OpenSSL Project. All rights reserved. | ||
| 7 | * | ||
| 8 | * Redistribution and use in source and binary forms, with or without | ||
| 9 | * modification, are permitted provided that the following conditions | ||
| 10 | * are met: | ||
| 11 | * | ||
| 12 | * 1. Redistributions of source code must retain the above copyright | ||
| 13 | * notice, this list of conditions and the following disclaimer. | ||
| 14 | * | ||
| 15 | * 2. Redistributions in binary form must reproduce the above copyright | ||
| 16 | * notice, this list of conditions and the following disclaimer in | ||
| 17 | * the documentation and/or other materials provided with the | ||
| 18 | * distribution. | ||
| 19 | * | ||
| 20 | * 3. All advertising materials mentioning features or use of this | ||
| 21 | * software must display the following acknowledgment: | ||
| 22 | * "This product includes software developed by the OpenSSL Project | ||
| 23 | * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" | ||
| 24 | * | ||
| 25 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | ||
| 26 | * endorse or promote products derived from this software without | ||
| 27 | * prior written permission. For written permission, please contact | ||
| 28 | * licensing@OpenSSL.org. | ||
| 29 | * | ||
| 30 | * 5. Products derived from this software may not be called "OpenSSL" | ||
| 31 | * nor may "OpenSSL" appear in their names without prior written | ||
| 32 | * permission of the OpenSSL Project. | ||
| 33 | * | ||
| 34 | * 6. Redistributions of any form whatsoever must retain the following | ||
| 35 | * acknowledgment: | ||
| 36 | * "This product includes software developed by the OpenSSL Project | ||
| 37 | * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" | ||
| 38 | * | ||
| 39 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | ||
| 40 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
| 41 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | ||
| 42 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | ||
| 43 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | ||
| 44 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
| 45 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | ||
| 46 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
| 47 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | ||
| 48 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | ||
| 49 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | ||
| 50 | * OF THE POSSIBILITY OF SUCH DAMAGE. | ||
| 51 | * ==================================================================== | ||
| 52 | * | ||
| 53 | * This product includes cryptographic software written by Eric Young | ||
| 54 | * (eay@cryptsoft.com). This product includes software written by Tim | ||
| 55 | * Hudson (tjh@cryptsoft.com). | ||
| 56 | * | ||
| 57 | */ | ||
| 58 | |||
| 59 | #define MSC_VER /* only used cryptic.h */ | ||
| 60 | |||
| 61 | #include <stdio.h> | ||
| 62 | #include <openssl/crypto.h> | ||
| 63 | #include <openssl/dso.h> | ||
| 64 | #include <openssl/des.h> | ||
| 65 | #include <openssl/engine.h> | ||
| 66 | |||
| 67 | #ifndef NO_HW | ||
| 68 | #ifndef NO_HW_CLUSTER_LABS | ||
| 69 | |||
| 70 | #ifdef FLAT_INC | ||
| 71 | #include "cluster_labs.h" | ||
| 72 | #else | ||
| 73 | #include "vendor_defns/cluster_labs.h" | ||
| 74 | #endif | ||
| 75 | |||
| 76 | #define CL_LIB_NAME "cluster_labs engine" | ||
| 77 | #include "hw_cluster_labs_err.c" | ||
| 78 | |||
| 79 | |||
| 80 | static int cluster_labs_destroy(ENGINE *e); | ||
| 81 | static int cluster_labs_init(ENGINE *e); | ||
| 82 | static int cluster_labs_finish(ENGINE *e); | ||
| 83 | static int cluster_labs_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)()); | ||
| 84 | |||
| 85 | |||
| 86 | /* BIGNUM stuff */ | ||
| 87 | /* This function is aliased to mod_exp (with the mont stuff dropped). */ | ||
| 88 | static int cluster_labs_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, | ||
| 89 | const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); | ||
| 90 | |||
| 91 | /* RSA stuff */ | ||
| 92 | #ifndef OPENSSL_NO_RSA | ||
| 93 | static int cluster_labs_rsa_pub_enc(int flen, const unsigned char *from, | ||
| 94 | unsigned char *to, RSA *rsa, int padding); | ||
| 95 | static int cluster_labs_rsa_pub_dec(int flen, const unsigned char *from, | ||
| 96 | unsigned char *to, RSA *rsa, int padding); | ||
| 97 | static int cluster_labs_rsa_priv_enc(int flen, const unsigned char *from, | ||
| 98 | unsigned char *to, RSA *rsa, int padding); | ||
| 99 | static int cluster_labs_rsa_priv_dec(int flen, const unsigned char *from, | ||
| 100 | unsigned char *to, RSA *rsa, int padding); | ||
| 101 | static int cluster_labs_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa); | ||
| 102 | #endif | ||
| 103 | |||
| 104 | /* DSA stuff */ | ||
| 105 | #ifndef OPENSSL_NO_DSA | ||
| 106 | DSA_SIG *cluster_labs_dsa_sign(const unsigned char *dgst, int dlen, DSA *dsa); | ||
| 107 | static int cluster_labs_dsa_verify(const unsigned char *dgst, int dgst_len, | ||
| 108 | DSA_SIG *sig, DSA *dsa); | ||
| 109 | static int cluster_labs_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1, | ||
| 110 | BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m, | ||
| 111 | BN_CTX *ctx, BN_MONT_CTX *in_mont); | ||
| 112 | static int cluster_labs_mod_exp_dsa(DSA *dsa, BIGNUM *r, BIGNUM *a, | ||
| 113 | const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, | ||
| 114 | BN_MONT_CTX *m_ctx); | ||
| 115 | #endif | ||
| 116 | |||
| 117 | /* DH stuff */ | ||
| 118 | #ifndef OPENSSL_NO_DH | ||
| 119 | /* This function is alised to mod_exp (with the DH and mont dropped). */ | ||
| 120 | static int cluster_labs_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a, const BIGNUM *p, | ||
| 121 | const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); | ||
| 122 | #endif | ||
| 123 | |||
| 124 | /* RANDOM stuff */ | ||
| 125 | static int cluster_labs_rand_bytes(unsigned char *buf, int num); | ||
| 126 | |||
| 127 | /* The definitions for control commands specific to this engine */ | ||
| 128 | #define CLUSTER_LABS_CMD_SO_PATH ENGINE_CMD_BASE | ||
| 129 | static const ENGINE_CMD_DEFN cluster_labs_cmd_defns[] = | ||
| 130 | { | ||
| 131 | { CLUSTER_LABS_CMD_SO_PATH, | ||
| 132 | "SO_PATH", | ||
| 133 | "Specifies the path to the 'cluster labs' shared library", | ||
| 134 | ENGINE_CMD_FLAG_STRING | ||
| 135 | }, | ||
| 136 | {0, NULL, NULL, 0} | ||
| 137 | }; | ||
| 138 | |||
| 139 | /* Our internal RSA_METHOD that we provide pointers to */ | ||
| 140 | #ifndef OPENSSL_NO_RSA | ||
| 141 | static RSA_METHOD cluster_labs_rsa = | ||
| 142 | { | ||
| 143 | "Cluster Labs RSA method", | ||
| 144 | cluster_labs_rsa_pub_enc, /* rsa_pub_enc */ | ||
| 145 | cluster_labs_rsa_pub_dec, /* rsa_pub_dec */ | ||
| 146 | cluster_labs_rsa_priv_enc, /* rsa_priv_enc */ | ||
| 147 | cluster_labs_rsa_priv_dec, /* rsa_priv_dec */ | ||
| 148 | cluster_labs_rsa_mod_exp, /* rsa_mod_exp */ | ||
| 149 | cluster_labs_mod_exp_mont, /* bn_mod_exp */ | ||
| 150 | NULL, /* init */ | ||
| 151 | NULL, /* finish */ | ||
| 152 | 0, /* flags */ | ||
| 153 | NULL, /* apps_data */ | ||
| 154 | NULL, /* rsa_sign */ | ||
| 155 | NULL /* rsa_verify */ | ||
| 156 | }; | ||
| 157 | #endif | ||
| 158 | |||
| 159 | /* Our internal DSA_METHOD that we provide pointers to */ | ||
| 160 | #ifndef OPENSSL_NO_DSA | ||
| 161 | static DSA_METHOD cluster_labs_dsa = | ||
| 162 | { | ||
| 163 | "Cluster Labs DSA method", | ||
| 164 | cluster_labs_dsa_sign, /* dsa_do_sign */ | ||
| 165 | NULL, /* dsa_sign_setup */ | ||
| 166 | cluster_labs_dsa_verify, /* dsa_do_verify */ | ||
| 167 | cluster_labs_dsa_mod_exp, /* dsa_mod_exp */ | ||
| 168 | cluster_labs_mod_exp_dsa, /* bn_mod_exp */ | ||
| 169 | NULL, /* init */ | ||
| 170 | NULL, /* finish */ | ||
| 171 | 0, /* flags */ | ||
| 172 | NULL /* app_data */ | ||
| 173 | }; | ||
| 174 | #endif | ||
| 175 | |||
| 176 | /* Our internal DH_METHOD that we provide pointers to */ | ||
| 177 | #ifndef OPENSSL_NO_DH | ||
| 178 | static DH_METHOD cluster_labs_dh = | ||
| 179 | { | ||
| 180 | "Cluster Labs DH method", | ||
| 181 | NULL, /* generate key */ | ||
| 182 | NULL, /* compute key */ | ||
| 183 | cluster_labs_mod_exp_dh, /* bn_mod_exp */ | ||
| 184 | NULL, /* init */ | ||
| 185 | NULL, /* finish */ | ||
| 186 | 0, /* flags */ | ||
| 187 | NULL /* app_data */ | ||
| 188 | }; | ||
| 189 | #endif | ||
| 190 | |||
| 191 | static RAND_METHOD cluster_labs_rand = | ||
| 192 | { | ||
| 193 | /* "Cluster Labs RAND method", */ | ||
| 194 | NULL, /* seed */ | ||
| 195 | cluster_labs_rand_bytes, /* bytes */ | ||
| 196 | NULL, /* cleanup */ | ||
| 197 | NULL, /* add */ | ||
| 198 | cluster_labs_rand_bytes, /* pseudorand */ | ||
| 199 | NULL, /* status */ | ||
| 200 | }; | ||
| 201 | |||
| 202 | static const char *engine_cluster_labs_id = "cluster_labs"; | ||
| 203 | static const char *engine_cluster_labs_name = "Cluster Labs hardware engine support"; | ||
| 204 | |||
| 205 | /* engine implementation */ | ||
| 206 | /*-----------------------*/ | ||
| 207 | static int bind_helper(ENGINE *e) | ||
| 208 | { | ||
| 209 | |||
| 210 | if(!ENGINE_set_id(e, engine_cluster_labs_id) || | ||
| 211 | !ENGINE_set_name(e, engine_cluster_labs_name) || | ||
| 212 | #ifndef OPENSSL_NO_RSA | ||
| 213 | !ENGINE_set_RSA(e, &cluster_labs_rsa) || | ||
| 214 | #endif | ||
| 215 | #ifndef OPENSSL_NO_DSA | ||
| 216 | !ENGINE_set_DSA(e, &cluster_labs_dsa) || | ||
| 217 | #endif | ||
| 218 | #ifndef OPENSSL_NO_DH | ||
| 219 | !ENGINE_set_DH(e, &cluster_labs_dh) || | ||
| 220 | #endif | ||
| 221 | !ENGINE_set_RAND(e, &cluster_labs_rand) || | ||
| 222 | !ENGINE_set_destroy_function(e, cluster_labs_destroy) || | ||
| 223 | !ENGINE_set_init_function(e, cluster_labs_init) || | ||
| 224 | !ENGINE_set_finish_function(e, cluster_labs_finish) || | ||
| 225 | !ENGINE_set_ctrl_function(e, cluster_labs_ctrl) || | ||
| 226 | !ENGINE_set_cmd_defns(e, cluster_labs_cmd_defns)) | ||
| 227 | return 0; | ||
| 228 | /* Ensure the error handling is set up */ | ||
| 229 | ERR_load_CL_strings(); | ||
| 230 | return 1; | ||
| 231 | } | ||
| 232 | |||
| 233 | #ifndef ENGINE_DYNAMIC_SUPPORT | ||
| 234 | static ENGINE *engine_cluster_labs(void) | ||
| 235 | { | ||
| 236 | ENGINE *ret = ENGINE_new(); | ||
| 237 | |||
| 238 | if(!ret) | ||
| 239 | return NULL; | ||
| 240 | if(!bind_helper(ret)) | ||
| 241 | { | ||
| 242 | ENGINE_free(ret); | ||
| 243 | return NULL; | ||
| 244 | } | ||
| 245 | return ret; | ||
| 246 | } | ||
| 247 | |||
| 248 | void ENGINE_load_cluster_labs(void) | ||
| 249 | { | ||
| 250 | |||
| 251 | ENGINE *cluster_labs = engine_cluster_labs(); | ||
| 252 | |||
| 253 | if(!cluster_labs) return; | ||
| 254 | ENGINE_add(cluster_labs); | ||
| 255 | ENGINE_free(cluster_labs); | ||
| 256 | ERR_clear_error(); | ||
| 257 | } | ||
| 258 | #endif /* !ENGINE_DYNAMIC_SUPPORT */ | ||
| 259 | |||
| 260 | static int cluster_labs_destroy(ENGINE *e) | ||
| 261 | { | ||
| 262 | |||
| 263 | ERR_unload_CL_strings(); | ||
| 264 | return 1; | ||
| 265 | } | ||
| 266 | |||
| 267 | |||
| 268 | |||
| 269 | /* This is a process-global DSO handle used for loading and unloading | ||
| 270 | * the Cluster Labs library. NB: This is only set (or unset) during an | ||
| 271 | * init() or finish() call (reference counts permitting) and they're | ||
| 272 | * operating with global locks, so this should be thread-safe | ||
| 273 | * implicitly. */ | ||
| 274 | static DSO *cluster_labs_dso = NULL; | ||
| 275 | |||
| 276 | /* These are the function pointers that are (un)set when the library has | ||
| 277 | * successfully (un)loaded. */ | ||
| 278 | static cl_engine_init *p_cl_engine_init = NULL; | ||
| 279 | static cl_mod_exp *p_cl_mod_exp = NULL; | ||
| 280 | static cl_mod_exp_crt *p_cl_mod_exp_crt = NULL; | ||
| 281 | static cl_rsa_mod_exp *p_cl_rsa_mod_exp = NULL; | ||
| 282 | static cl_rsa_priv_enc *p_cl_rsa_priv_enc = NULL; | ||
| 283 | static cl_rsa_priv_dec *p_cl_rsa_priv_dec = NULL; | ||
| 284 | static cl_rsa_pub_enc *p_cl_rsa_pub_enc = NULL; | ||
| 285 | static cl_rsa_pub_dec *p_cl_rsa_pub_dec = NULL; | ||
| 286 | static cl_rand_bytes *p_cl_rand_bytes = NULL; | ||
| 287 | static cl_dsa_sign *p_cl_dsa_sign = NULL; | ||
| 288 | static cl_dsa_verify *p_cl_dsa_verify = NULL; | ||
| 289 | |||
| 290 | |||
| 291 | int cluster_labs_init(ENGINE *e) | ||
| 292 | { | ||
| 293 | |||
| 294 | cl_engine_init *p1; | ||
| 295 | cl_mod_exp *p2; | ||
| 296 | cl_mod_exp_crt *p3; | ||
| 297 | cl_rsa_mod_exp *p4; | ||
| 298 | cl_rsa_priv_enc *p5; | ||
| 299 | cl_rsa_priv_dec *p6; | ||
| 300 | cl_rsa_pub_enc *p7; | ||
| 301 | cl_rsa_pub_dec *p8; | ||
| 302 | cl_rand_bytes *p20; | ||
| 303 | cl_dsa_sign *p30; | ||
| 304 | cl_dsa_verify *p31; | ||
| 305 | |||
| 306 | /* engine already loaded */ | ||
| 307 | if(cluster_labs_dso != NULL) | ||
| 308 | { | ||
| 309 | CLerr(CL_F_CLUSTER_LABS_INIT,CL_R_ALREADY_LOADED); | ||
| 310 | goto err; | ||
| 311 | } | ||
| 312 | /* try to load engine */ | ||
| 313 | cluster_labs_dso = DSO_load(NULL, CLUSTER_LABS_LIB_NAME, NULL,0); | ||
| 314 | if(cluster_labs_dso == NULL) | ||
| 315 | { | ||
| 316 | CLerr(CL_F_CLUSTER_LABS_INIT,CL_R_DSO_FAILURE); | ||
| 317 | goto err; | ||
| 318 | } | ||
| 319 | /* bind functions */ | ||
| 320 | if( !(p1 = (cl_engine_init *)DSO_bind_func( | ||
| 321 | cluster_labs_dso, CLUSTER_LABS_F1)) || | ||
| 322 | !(p2 = (cl_mod_exp *)DSO_bind_func( | ||
| 323 | cluster_labs_dso, CLUSTER_LABS_F2)) || | ||
| 324 | !(p3 = (cl_mod_exp_crt *)DSO_bind_func( | ||
| 325 | cluster_labs_dso, CLUSTER_LABS_F3)) || | ||
| 326 | !(p4 = (cl_rsa_mod_exp *)DSO_bind_func( | ||
| 327 | cluster_labs_dso, CLUSTER_LABS_F4)) || | ||
| 328 | !(p5 = (cl_rsa_priv_enc *)DSO_bind_func( | ||
| 329 | cluster_labs_dso, CLUSTER_LABS_F5)) || | ||
| 330 | !(p6 = (cl_rsa_priv_dec *)DSO_bind_func( | ||
| 331 | cluster_labs_dso, CLUSTER_LABS_F6)) || | ||
| 332 | !(p7 = (cl_rsa_pub_enc *)DSO_bind_func( | ||
| 333 | cluster_labs_dso, CLUSTER_LABS_F7)) || | ||
| 334 | !(p8 = (cl_rsa_pub_dec *)DSO_bind_func( | ||
| 335 | cluster_labs_dso, CLUSTER_LABS_F8)) || | ||
| 336 | !(p20= (cl_rand_bytes *)DSO_bind_func( | ||
| 337 | cluster_labs_dso, CLUSTER_LABS_F20)) || | ||
| 338 | !(p30= (cl_dsa_sign *)DSO_bind_func( | ||
| 339 | cluster_labs_dso, CLUSTER_LABS_F30)) || | ||
| 340 | !(p31= (cl_dsa_verify *)DSO_bind_func( | ||
| 341 | cluster_labs_dso, CLUSTER_LABS_F31))) | ||
| 342 | { | ||
| 343 | CLerr(CL_F_CLUSTER_LABS_INIT,CL_R_DSO_FAILURE); | ||
| 344 | goto err; | ||
| 345 | } | ||
| 346 | |||
| 347 | /* copy function pointers */ | ||
| 348 | p_cl_engine_init = p1; | ||
| 349 | p_cl_mod_exp = p2; | ||
| 350 | p_cl_mod_exp_crt = p3; | ||
| 351 | p_cl_rsa_mod_exp = p4; | ||
| 352 | p_cl_rsa_priv_enc = p5; | ||
| 353 | p_cl_rsa_priv_dec = p6; | ||
| 354 | p_cl_rsa_pub_enc = p7; | ||
| 355 | p_cl_rsa_pub_dec = p8; | ||
| 356 | p_cl_rand_bytes = p20; | ||
| 357 | p_cl_dsa_sign = p30; | ||
| 358 | p_cl_dsa_verify = p31; | ||
| 359 | |||
| 360 | |||
| 361 | |||
| 362 | /* cluster labs engine init */ | ||
| 363 | if(p_cl_engine_init()== 0){ | ||
| 364 | CLerr(CL_F_CLUSTER_LABS_INIT,CL_R_INIT_FAILED); | ||
| 365 | goto err; | ||
| 366 | } | ||
| 367 | |||
| 368 | return(1); | ||
| 369 | |||
| 370 | err: | ||
| 371 | /* reset all pointers */ | ||
| 372 | if(cluster_labs_dso) | ||
| 373 | DSO_free(cluster_labs_dso); | ||
| 374 | |||
| 375 | cluster_labs_dso = NULL; | ||
| 376 | p_cl_engine_init = NULL; | ||
| 377 | p_cl_mod_exp = NULL; | ||
| 378 | p_cl_mod_exp_crt = NULL; | ||
| 379 | p_cl_rsa_mod_exp = NULL; | ||
| 380 | p_cl_rsa_priv_enc = NULL; | ||
| 381 | p_cl_rsa_priv_dec = NULL; | ||
| 382 | p_cl_rsa_pub_enc = NULL; | ||
| 383 | p_cl_rsa_pub_dec = NULL; | ||
| 384 | p_cl_rand_bytes = NULL; | ||
| 385 | p_cl_dsa_sign = NULL; | ||
| 386 | p_cl_dsa_verify = NULL; | ||
| 387 | |||
| 388 | return(0); | ||
| 389 | } | ||
| 390 | |||
| 391 | |||
| 392 | static int cluster_labs_finish(ENGINE *e) | ||
| 393 | { | ||
| 394 | |||
| 395 | if(cluster_labs_dso == NULL) | ||
| 396 | { | ||
| 397 | CLerr(CL_F_CLUSTER_LABS_FINISH,CL_R_NOT_LOADED); | ||
| 398 | return 0; | ||
| 399 | } | ||
| 400 | if(!DSO_free(cluster_labs_dso)) | ||
| 401 | { | ||
| 402 | CLerr(CL_F_CLUSTER_LABS_FINISH,CL_R_DSO_FAILURE); | ||
| 403 | return 0; | ||
| 404 | } | ||
| 405 | |||
| 406 | cluster_labs_dso = NULL; | ||
| 407 | p_cl_engine_init = NULL; | ||
| 408 | p_cl_mod_exp = NULL; | ||
| 409 | p_cl_rsa_mod_exp = NULL; | ||
| 410 | p_cl_mod_exp_crt = NULL; | ||
| 411 | p_cl_rsa_priv_enc = NULL; | ||
| 412 | p_cl_rsa_priv_dec = NULL; | ||
| 413 | p_cl_rsa_pub_enc = NULL; | ||
| 414 | p_cl_rsa_pub_dec = NULL; | ||
| 415 | p_cl_rand_bytes = NULL; | ||
| 416 | p_cl_dsa_sign = NULL; | ||
| 417 | p_cl_dsa_verify = NULL; | ||
| 418 | |||
| 419 | return(1); | ||
| 420 | |||
| 421 | } | ||
| 422 | |||
| 423 | static int cluster_labs_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)()) | ||
| 424 | { | ||
| 425 | int initialised = ((cluster_labs_dso == NULL) ? 0 : 1); | ||
| 426 | |||
| 427 | switch(cmd) | ||
| 428 | { | ||
| 429 | case CLUSTER_LABS_CMD_SO_PATH: | ||
| 430 | if(p == NULL) | ||
| 431 | { | ||
| 432 | CLerr(CL_F_CLUSTER_LABS_CTRL,ERR_R_PASSED_NULL_PARAMETER); | ||
| 433 | return 0; | ||
| 434 | } | ||
| 435 | if(initialised) | ||
| 436 | { | ||
| 437 | CLerr(CL_F_CLUSTER_LABS_CTRL,CL_R_ALREADY_LOADED); | ||
| 438 | return 0; | ||
| 439 | } | ||
| 440 | CLUSTER_LABS_LIB_NAME = (const char *)p; | ||
| 441 | return 1; | ||
| 442 | default: | ||
| 443 | break; | ||
| 444 | } | ||
| 445 | CLerr(CL_F_CLUSTER_LABS_CTRL,CL_R_COMMAND_NOT_IMPLEMENTED); | ||
| 446 | return 0; | ||
| 447 | } | ||
| 448 | |||
| 449 | |||
| 450 | static int cluster_labs_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, | ||
| 451 | const BIGNUM *m, BN_CTX *ctx) | ||
| 452 | { | ||
| 453 | |||
| 454 | if(cluster_labs_dso == NULL) | ||
| 455 | { | ||
| 456 | CLerr(CL_F_CLUSTER_LABS_MOD_EXP,CL_R_NOT_LOADED); | ||
| 457 | return 0; | ||
| 458 | } | ||
| 459 | if(p_cl_mod_exp == NULL) | ||
| 460 | { | ||
| 461 | CLerr(CL_F_CLUSTER_LABS_MOD_EXP,CL_R_FUNCTION_NOT_BINDED); | ||
| 462 | return 0; | ||
| 463 | } | ||
| 464 | |||
| 465 | return p_cl_mod_exp(r, a, p, m, ctx); | ||
| 466 | |||
| 467 | } | ||
| 468 | |||
| 469 | static int cluster_labs_mod_exp_crt(BIGNUM *r, BIGNUM *a, const BIGNUM *p, | ||
| 470 | const BIGNUM *q, const BIGNUM *dmp1, const BIGNUM *dmq1, | ||
| 471 | const BIGNUM *iqmp, BN_CTX *ctx) | ||
| 472 | { | ||
| 473 | |||
| 474 | if(cluster_labs_dso == NULL) | ||
| 475 | { | ||
| 476 | CLerr(CL_F_CLUSTER_LABS_MOD_EXP_CRT,CL_R_NOT_LOADED); | ||
| 477 | return 0; | ||
| 478 | } | ||
| 479 | if(p_cl_mod_exp_crt == NULL) | ||
| 480 | { | ||
| 481 | CLerr(CL_F_CLUSTER_LABS_MOD_EXP_CRT,CL_R_FUNCTION_NOT_BINDED); | ||
| 482 | return 0; | ||
| 483 | } | ||
| 484 | |||
| 485 | return p_cl_mod_exp_crt(r, a, p, q,dmp1, dmq1, iqmp, ctx); | ||
| 486 | |||
| 487 | } | ||
| 488 | |||
| 489 | static int cluster_labs_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa) | ||
| 490 | { | ||
| 491 | |||
| 492 | if(cluster_labs_dso == NULL) | ||
| 493 | { | ||
| 494 | CLerr(CL_F_CLUSTER_LABS_RSA_MOD_EXP,CL_R_NOT_LOADED); | ||
| 495 | return 0; | ||
| 496 | } | ||
| 497 | if(p_cl_rsa_mod_exp == NULL) | ||
| 498 | { | ||
| 499 | CLerr(CL_F_CLUSTER_LABS_RSA_MOD_EXP,CL_R_FUNCTION_NOT_BINDED); | ||
| 500 | return 0; | ||
| 501 | } | ||
| 502 | |||
| 503 | return p_cl_rsa_mod_exp(r0, I, rsa); | ||
| 504 | |||
| 505 | } | ||
| 506 | |||
| 507 | DSA_SIG *cluster_labs_dsa_sign(const unsigned char *dgst, int dlen, DSA *dsa) | ||
| 508 | { | ||
| 509 | |||
| 510 | if(cluster_labs_dso == NULL) | ||
| 511 | { | ||
| 512 | CLerr(CL_F_CLUSTER_LABS_DSA_SIGN,CL_R_NOT_LOADED); | ||
| 513 | return 0; | ||
| 514 | } | ||
| 515 | if(p_cl_dsa_sign == NULL) | ||
| 516 | { | ||
| 517 | CLerr(CL_F_CLUSTER_LABS_DSA_SIGN,CL_R_FUNCTION_NOT_BINDED); | ||
| 518 | return 0; | ||
| 519 | } | ||
| 520 | |||
| 521 | return p_cl_dsa_sign(dgst, dlen, dsa); | ||
| 522 | |||
| 523 | } | ||
| 524 | |||
| 525 | static int cluster_labs_dsa_verify(const unsigned char *dgst, int dgst_len, | ||
| 526 | DSA_SIG *sig, DSA *dsa) | ||
| 527 | { | ||
| 528 | |||
| 529 | if(cluster_labs_dso == NULL) | ||
| 530 | { | ||
| 531 | CLerr(CL_F_CLUSTER_LABS_DSA_VERIFY,CL_R_NOT_LOADED); | ||
| 532 | return 0; | ||
| 533 | } | ||
| 534 | |||
| 535 | if(p_cl_dsa_verify == NULL) | ||
| 536 | { | ||
| 537 | CLerr(CL_F_CLUSTER_LABS_DSA_VERIFY,CL_R_FUNCTION_NOT_BINDED); | ||
| 538 | return 0; | ||
| 539 | } | ||
| 540 | |||
| 541 | return p_cl_dsa_verify(dgst, dgst_len, sig, dsa); | ||
| 542 | |||
| 543 | } | ||
| 544 | |||
| 545 | static int cluster_labs_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1, | ||
| 546 | BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m, | ||
| 547 | BN_CTX *ctx, BN_MONT_CTX *in_mont) | ||
| 548 | { | ||
| 549 | BIGNUM t; | ||
| 550 | int status = 0; | ||
| 551 | |||
| 552 | BN_init(&t); | ||
| 553 | /* let rr = a1 ^ p1 mod m */ | ||
| 554 | if (!cluster_labs_mod_exp(rr,a1,p1,m,ctx)) goto end; | ||
| 555 | /* let t = a2 ^ p2 mod m */ | ||
| 556 | if (!cluster_labs_mod_exp(&t,a2,p2,m,ctx)) goto end; | ||
| 557 | /* let rr = rr * t mod m */ | ||
| 558 | if (!BN_mod_mul(rr,rr,&t,m,ctx)) goto end; | ||
| 559 | status = 1; | ||
| 560 | end: | ||
| 561 | BN_free(&t); | ||
| 562 | |||
| 563 | return(1); | ||
| 564 | |||
| 565 | } | ||
| 566 | |||
| 567 | static int cluster_labs_mod_exp_dsa(DSA *dsa, BIGNUM *r, BIGNUM *a, | ||
| 568 | const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, | ||
| 569 | BN_MONT_CTX *m_ctx) | ||
| 570 | { | ||
| 571 | return cluster_labs_mod_exp(r, a, p, m, ctx); | ||
| 572 | } | ||
| 573 | |||
| 574 | /* This function is aliased to mod_exp (with the mont stuff dropped). */ | ||
| 575 | static int cluster_labs_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, | ||
| 576 | const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx) | ||
| 577 | { | ||
| 578 | return cluster_labs_mod_exp(r, a, p, m, ctx); | ||
| 579 | } | ||
| 580 | |||
| 581 | |||
| 582 | /* This function is aliased to mod_exp (with the dh and mont dropped). */ | ||
| 583 | static int cluster_labs_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a, const BIGNUM *p, | ||
| 584 | const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx) | ||
| 585 | { | ||
| 586 | return cluster_labs_mod_exp(r, a, p, m, ctx); | ||
| 587 | } | ||
| 588 | |||
| 589 | |||
| 590 | static int cluster_labs_rsa_pub_enc(int flen, const unsigned char *from, | ||
| 591 | unsigned char *to, RSA *rsa, int padding) | ||
| 592 | { | ||
| 593 | |||
| 594 | if(cluster_labs_dso == NULL) | ||
| 595 | { | ||
| 596 | CLerr(CL_F_CLUSTER_LABS_RSA_PUB_ENC,CL_R_NOT_LOADED); | ||
| 597 | return 0; | ||
| 598 | } | ||
| 599 | if(p_cl_rsa_priv_enc == NULL) | ||
| 600 | { | ||
| 601 | CLerr(CL_F_CLUSTER_LABS_RSA_PUB_ENC,CL_R_FUNCTION_NOT_BINDED); | ||
| 602 | return 0; | ||
| 603 | } | ||
| 604 | |||
| 605 | return p_cl_rsa_pub_enc(flen, from, to, rsa, padding); | ||
| 606 | |||
| 607 | } | ||
| 608 | |||
| 609 | static int cluster_labs_rsa_pub_dec(int flen, const unsigned char *from, | ||
| 610 | unsigned char *to, RSA *rsa, int padding) | ||
| 611 | { | ||
| 612 | |||
| 613 | if(cluster_labs_dso == NULL) | ||
| 614 | { | ||
| 615 | CLerr(CL_F_CLUSTER_LABS_RSA_PUB_DEC,CL_R_NOT_LOADED); | ||
| 616 | return 0; | ||
| 617 | } | ||
| 618 | if(p_cl_rsa_priv_enc == NULL) | ||
| 619 | { | ||
| 620 | CLerr(CL_F_CLUSTER_LABS_RSA_PUB_DEC,CL_R_FUNCTION_NOT_BINDED); | ||
| 621 | return 0; | ||
| 622 | } | ||
| 623 | |||
| 624 | return p_cl_rsa_pub_dec(flen, from, to, rsa, padding); | ||
| 625 | |||
| 626 | } | ||
| 627 | |||
| 628 | |||
| 629 | static int cluster_labs_rsa_priv_enc(int flen, const unsigned char *from, | ||
| 630 | unsigned char *to, RSA *rsa, int padding) | ||
| 631 | { | ||
| 632 | |||
| 633 | if(cluster_labs_dso == NULL) | ||
| 634 | { | ||
| 635 | CLerr(CL_F_CLUSTER_LABS_RSA_PRIV_ENC,CL_R_NOT_LOADED); | ||
| 636 | return 0; | ||
| 637 | } | ||
| 638 | |||
| 639 | if(p_cl_rsa_priv_enc == NULL) | ||
| 640 | { | ||
| 641 | CLerr(CL_F_CLUSTER_LABS_RSA_PRIV_ENC,CL_R_FUNCTION_NOT_BINDED); | ||
| 642 | return 0; | ||
| 643 | } | ||
| 644 | |||
| 645 | return p_cl_rsa_priv_enc(flen, from, to, rsa, padding); | ||
| 646 | |||
| 647 | } | ||
| 648 | |||
| 649 | static int cluster_labs_rsa_priv_dec(int flen, const unsigned char *from, | ||
| 650 | unsigned char *to, RSA *rsa, int padding) | ||
| 651 | { | ||
| 652 | |||
| 653 | if(cluster_labs_dso == NULL) | ||
| 654 | { | ||
| 655 | CLerr(CL_F_CLUSTER_LABS_RSA_PRIV_DEC,CL_R_NOT_LOADED); | ||
| 656 | return 0; | ||
| 657 | } | ||
| 658 | if(p_cl_rsa_priv_dec == NULL) | ||
| 659 | { | ||
| 660 | CLerr(CL_F_CLUSTER_LABS_RSA_PRIV_DEC,CL_R_FUNCTION_NOT_BINDED); | ||
| 661 | return 0; | ||
| 662 | } | ||
| 663 | |||
| 664 | return p_cl_rsa_priv_dec(flen, from, to, rsa, padding); | ||
| 665 | |||
| 666 | } | ||
| 667 | |||
| 668 | /************************************************************************************ | ||
| 669 | * Symmetric algorithms | ||
| 670 | ************************************************************************************/ | ||
| 671 | /* this will be come soon! */ | ||
| 672 | |||
| 673 | /************************************************************************************ | ||
| 674 | * Random generator | ||
| 675 | ************************************************************************************/ | ||
| 676 | |||
| 677 | static int cluster_labs_rand_bytes(unsigned char *buf, int num){ | ||
| 678 | |||
| 679 | if(cluster_labs_dso == NULL) | ||
| 680 | { | ||
| 681 | CLerr(CL_F_CLUSTER_LABS_RAND_BYTES,CL_R_NOT_LOADED); | ||
| 682 | return 0; | ||
| 683 | } | ||
| 684 | if(p_cl_mod_exp_crt == NULL) | ||
| 685 | { | ||
| 686 | CLerr(CL_F_CLUSTER_LABS_RAND_BYTES,CL_R_FUNCTION_NOT_BINDED); | ||
| 687 | return 0; | ||
| 688 | } | ||
| 689 | |||
| 690 | return p_cl_rand_bytes(buf, num); | ||
| 691 | |||
| 692 | } | ||
| 693 | |||
| 694 | |||
| 695 | /* This stuff is needed if this ENGINE is being compiled into a self-contained | ||
| 696 | * shared-library. */ | ||
| 697 | #ifdef ENGINE_DYNAMIC_SUPPORT | ||
| 698 | static int bind_fn(ENGINE *e, const char *id) | ||
| 699 | { | ||
| 700 | fprintf(stderr, "bind_fn CLUSTER_LABS\n"); | ||
| 701 | if(id && (strcmp(id, engine_cluster_labs_id) != 0)) { | ||
| 702 | fprintf(stderr, "bind_fn return(0) first\n"); | ||
| 703 | return 0; | ||
| 704 | } | ||
| 705 | if(!bind_helper(e)) { | ||
| 706 | fprintf(stderr, "bind_fn return(1) first\n"); | ||
| 707 | return 0; | ||
| 708 | } | ||
| 709 | fprintf(stderr, "bind_fn return(1)\n"); | ||
| 710 | return 1; | ||
| 711 | } | ||
| 712 | IMPLEMENT_DYNAMIC_CHECK_FN() | ||
| 713 | IMPLEMENT_DYNAMIC_BIND_FN(bind_fn) | ||
| 714 | #endif /* ENGINE_DYNAMIC_SUPPORT */ | ||
| 715 | |||
| 716 | #endif /* !NO_HW_CLUSTER_LABS */ | ||
| 717 | #endif /* !NO_HW */ | ||
| 718 | |||
| diff --git a/src/lib/libssl/src/demos/engines/cluster_labs/hw_cluster_labs.ec b/src/lib/libssl/src/demos/engines/cluster_labs/hw_cluster_labs.ec new file mode 100644 index 0000000000..1f64786542 --- /dev/null +++ b/src/lib/libssl/src/demos/engines/cluster_labs/hw_cluster_labs.ec | |||
| @@ -0,0 +1,8 @@ | |||
| 1 | # configuration file for util/mkerr.pl | ||
| 2 | # | ||
| 3 | # use like this: | ||
| 4 | # | ||
| 5 | # perl ../../../util/mkerr.pl -conf hw_cluster_labs.ec \ | ||
| 6 | # -nostatic -staticloader -write *.c | ||
| 7 | |||
| 8 | L CL hw_cluster_labs_err.h hw_cluster_labs_err.c | ||
| diff --git a/src/lib/libssl/src/demos/engines/cluster_labs/hw_cluster_labs_err.c b/src/lib/libssl/src/demos/engines/cluster_labs/hw_cluster_labs_err.c new file mode 100644 index 0000000000..a7fa4083b1 --- /dev/null +++ b/src/lib/libssl/src/demos/engines/cluster_labs/hw_cluster_labs_err.c | |||
| @@ -0,0 +1,151 @@ | |||
| 1 | /* hw_cluster_labs_err.c */ | ||
| 2 | /* ==================================================================== | ||
| 3 | * Copyright (c) 1999-2002 The OpenSSL Project. All rights reserved. | ||
| 4 | * | ||
| 5 | * Redistribution and use in source and binary forms, with or without | ||
| 6 | * modification, are permitted provided that the following conditions | ||
| 7 | * are met: | ||
| 8 | * | ||
| 9 | * 1. Redistributions of source code must retain the above copyright | ||
| 10 | * notice, this list of conditions and the following disclaimer. | ||
| 11 | * | ||
| 12 | * 2. Redistributions in binary form must reproduce the above copyright | ||
| 13 | * notice, this list of conditions and the following disclaimer in | ||
| 14 | * the documentation and/or other materials provided with the | ||
| 15 | * distribution. | ||
| 16 | * | ||
| 17 | * 3. All advertising materials mentioning features or use of this | ||
| 18 | * software must display the following acknowledgment: | ||
| 19 | * "This product includes software developed by the OpenSSL Project | ||
| 20 | * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" | ||
| 21 | * | ||
| 22 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | ||
| 23 | * endorse or promote products derived from this software without | ||
| 24 | * prior written permission. For written permission, please contact | ||
| 25 | * openssl-core@OpenSSL.org. | ||
| 26 | * | ||
| 27 | * 5. Products derived from this software may not be called "OpenSSL" | ||
| 28 | * nor may "OpenSSL" appear in their names without prior written | ||
| 29 | * permission of the OpenSSL Project. | ||
| 30 | * | ||
| 31 | * 6. Redistributions of any form whatsoever must retain the following | ||
| 32 | * acknowledgment: | ||
| 33 | * "This product includes software developed by the OpenSSL Project | ||
| 34 | * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" | ||
| 35 | * | ||
| 36 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | ||
| 37 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
| 38 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | ||
| 39 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | ||
| 40 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | ||
| 41 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
| 42 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | ||
| 43 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
| 44 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | ||
| 45 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | ||
| 46 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | ||
| 47 | * OF THE POSSIBILITY OF SUCH DAMAGE. | ||
| 48 | * ==================================================================== | ||
| 49 | * | ||
| 50 | * This product includes cryptographic software written by Eric Young | ||
| 51 | * (eay@cryptsoft.com). This product includes software written by Tim | ||
| 52 | * Hudson (tjh@cryptsoft.com). | ||
| 53 | * | ||
| 54 | */ | ||
| 55 | |||
| 56 | /* NOTE: this file was auto generated by the mkerr.pl script: any changes | ||
| 57 | * made to it will be overwritten when the script next updates this file, | ||
| 58 | * only reason strings will be preserved. | ||
| 59 | */ | ||
| 60 | |||
| 61 | #include <stdio.h> | ||
| 62 | #include <openssl/err.h> | ||
| 63 | #include "hw_cluster_labs_err.h" | ||
| 64 | |||
| 65 | /* BEGIN ERROR CODES */ | ||
| 66 | #ifndef OPENSSL_NO_ERR | ||
| 67 | static ERR_STRING_DATA CL_str_functs[]= | ||
| 68 | { | ||
| 69 | {ERR_PACK(0,CL_F_CLUSTER_LABS_CTRL,0), "CLUSTER_LABS_CTRL"}, | ||
| 70 | {ERR_PACK(0,CL_F_CLUSTER_LABS_DSA_SIGN,0), "CLUSTER_LABS_DSA_SIGN"}, | ||
| 71 | {ERR_PACK(0,CL_F_CLUSTER_LABS_DSA_VERIFY,0), "CLUSTER_LABS_DSA_VERIFY"}, | ||
| 72 | {ERR_PACK(0,CL_F_CLUSTER_LABS_FINISH,0), "CLUSTER_LABS_FINISH"}, | ||
| 73 | {ERR_PACK(0,CL_F_CLUSTER_LABS_INIT,0), "CLUSTER_LABS_INIT"}, | ||
| 74 | {ERR_PACK(0,CL_F_CLUSTER_LABS_MOD_EXP,0), "CLUSTER_LABS_MOD_EXP"}, | ||
| 75 | {ERR_PACK(0,CL_F_CLUSTER_LABS_MOD_EXP_CRT,0), "CLUSTER_LABS_MOD_EXP_CRT"}, | ||
| 76 | {ERR_PACK(0,CL_F_CLUSTER_LABS_RAND_BYTES,0), "CLUSTER_LABS_RAND_BYTES"}, | ||
| 77 | {ERR_PACK(0,CL_F_CLUSTER_LABS_RSA_MOD_EXP,0), "CLUSTER_LABS_RSA_MOD_EXP"}, | ||
| 78 | {ERR_PACK(0,CL_F_CLUSTER_LABS_RSA_PRIV_DEC,0), "CLUSTER_LABS_RSA_PRIV_DEC"}, | ||
| 79 | {ERR_PACK(0,CL_F_CLUSTER_LABS_RSA_PRIV_ENC,0), "CLUSTER_LABS_RSA_PRIV_ENC"}, | ||
| 80 | {ERR_PACK(0,CL_F_CLUSTER_LABS_RSA_PUB_DEC,0), "CLUSTER_LABS_RSA_PUB_DEC"}, | ||
| 81 | {ERR_PACK(0,CL_F_CLUSTER_LABS_RSA_PUB_ENC,0), "CLUSTER_LABS_RSA_PUB_ENC"}, | ||
| 82 | {0,NULL} | ||
| 83 | }; | ||
| 84 | |||
| 85 | static ERR_STRING_DATA CL_str_reasons[]= | ||
| 86 | { | ||
| 87 | {CL_R_ALREADY_LOADED ,"already loaded"}, | ||
| 88 | {CL_R_COMMAND_NOT_IMPLEMENTED ,"command not implemented"}, | ||
| 89 | {CL_R_DSO_FAILURE ,"dso failure"}, | ||
| 90 | {CL_R_FUNCTION_NOT_BINDED ,"function not binded"}, | ||
| 91 | {CL_R_INIT_FAILED ,"init failed"}, | ||
| 92 | {CL_R_NOT_LOADED ,"not loaded"}, | ||
| 93 | {0,NULL} | ||
| 94 | }; | ||
| 95 | |||
| 96 | #endif | ||
| 97 | |||
| 98 | #ifdef CL_LIB_NAME | ||
| 99 | static ERR_STRING_DATA CL_lib_name[]= | ||
| 100 | { | ||
| 101 | {0 ,CL_LIB_NAME}, | ||
| 102 | {0,NULL} | ||
| 103 | }; | ||
| 104 | #endif | ||
| 105 | |||
| 106 | |||
| 107 | static int CL_lib_error_code=0; | ||
| 108 | static int CL_error_init=1; | ||
| 109 | |||
| 110 | static void ERR_load_CL_strings(void) | ||
| 111 | { | ||
| 112 | if (CL_lib_error_code == 0) | ||
| 113 | CL_lib_error_code=ERR_get_next_error_library(); | ||
| 114 | |||
| 115 | if (CL_error_init) | ||
| 116 | { | ||
| 117 | CL_error_init=0; | ||
| 118 | #ifndef OPENSSL_NO_ERR | ||
| 119 | ERR_load_strings(CL_lib_error_code,CL_str_functs); | ||
| 120 | ERR_load_strings(CL_lib_error_code,CL_str_reasons); | ||
| 121 | #endif | ||
| 122 | |||
| 123 | #ifdef CL_LIB_NAME | ||
| 124 | CL_lib_name->error = ERR_PACK(CL_lib_error_code,0,0); | ||
| 125 | ERR_load_strings(0,CL_lib_name); | ||
| 126 | #endif | ||
| 127 | } | ||
| 128 | } | ||
| 129 | |||
| 130 | static void ERR_unload_CL_strings(void) | ||
| 131 | { | ||
| 132 | if (CL_error_init == 0) | ||
| 133 | { | ||
| 134 | #ifndef OPENSSL_NO_ERR | ||
| 135 | ERR_unload_strings(CL_lib_error_code,CL_str_functs); | ||
| 136 | ERR_unload_strings(CL_lib_error_code,CL_str_reasons); | ||
| 137 | #endif | ||
| 138 | |||
| 139 | #ifdef CL_LIB_NAME | ||
| 140 | ERR_unload_strings(0,CL_lib_name); | ||
| 141 | #endif | ||
| 142 | CL_error_init=1; | ||
| 143 | } | ||
| 144 | } | ||
| 145 | |||
| 146 | static void ERR_CL_error(int function, int reason, char *file, int line) | ||
| 147 | { | ||
| 148 | if (CL_lib_error_code == 0) | ||
| 149 | CL_lib_error_code=ERR_get_next_error_library(); | ||
| 150 | ERR_PUT_error(CL_lib_error_code,function,reason,file,line); | ||
| 151 | } | ||
| diff --git a/src/lib/libssl/src/demos/engines/cluster_labs/hw_cluster_labs_err.h b/src/lib/libssl/src/demos/engines/cluster_labs/hw_cluster_labs_err.h new file mode 100644 index 0000000000..afc175b133 --- /dev/null +++ b/src/lib/libssl/src/demos/engines/cluster_labs/hw_cluster_labs_err.h | |||
| @@ -0,0 +1,95 @@ | |||
| 1 | /* ==================================================================== | ||
| 2 | * Copyright (c) 2001-2002 The OpenSSL Project. All rights reserved. | ||
| 3 | * | ||
| 4 | * Redistribution and use in source and binary forms, with or without | ||
| 5 | * modification, are permitted provided that the following conditions | ||
| 6 | * are met: | ||
| 7 | * | ||
| 8 | * 1. Redistributions of source code must retain the above copyright | ||
| 9 | * notice, this list of conditions and the following disclaimer. | ||
| 10 | * | ||
| 11 | * 2. Redistributions in binary form must reproduce the above copyright | ||
| 12 | * notice, this list of conditions and the following disclaimer in | ||
| 13 | * the documentation and/or other materials provided with the | ||
| 14 | * distribution. | ||
| 15 | * | ||
| 16 | * 3. All advertising materials mentioning features or use of this | ||
| 17 | * software must display the following acknowledgment: | ||
| 18 | * "This product includes software developed by the OpenSSL Project | ||
| 19 | * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" | ||
| 20 | * | ||
| 21 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | ||
| 22 | * endorse or promote products derived from this software without | ||
| 23 | * prior written permission. For written permission, please contact | ||
| 24 | * openssl-core@openssl.org. | ||
| 25 | * | ||
| 26 | * 5. Products derived from this software may not be called "OpenSSL" | ||
| 27 | * nor may "OpenSSL" appear in their names without prior written | ||
| 28 | * permission of the OpenSSL Project. | ||
| 29 | * | ||
| 30 | * 6. Redistributions of any form whatsoever must retain the following | ||
| 31 | * acknowledgment: | ||
| 32 | * "This product includes software developed by the OpenSSL Project | ||
| 33 | * for use in the OpenSSL Toolkit (http://www.openssl.org/)" | ||
| 34 | * | ||
| 35 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | ||
| 36 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
| 37 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | ||
| 38 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | ||
| 39 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | ||
| 40 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
| 41 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | ||
| 42 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
| 43 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | ||
| 44 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | ||
| 45 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | ||
| 46 | * OF THE POSSIBILITY OF SUCH DAMAGE. | ||
| 47 | * ==================================================================== | ||
| 48 | * | ||
| 49 | * This product includes cryptographic software written by Eric Young | ||
| 50 | * (eay@cryptsoft.com). This product includes software written by Tim | ||
| 51 | * Hudson (tjh@cryptsoft.com). | ||
| 52 | * | ||
| 53 | */ | ||
| 54 | |||
| 55 | #ifndef HEADER_CL_ERR_H | ||
| 56 | #define HEADER_CL_ERR_H | ||
| 57 | |||
| 58 | /* BEGIN ERROR CODES */ | ||
| 59 | /* The following lines are auto generated by the script mkerr.pl. Any changes | ||
| 60 | * made after this point may be overwritten when the script is next run. | ||
| 61 | */ | ||
| 62 | static void ERR_load_CL_strings(void); | ||
| 63 | static void ERR_unload_CL_strings(void); | ||
| 64 | static void ERR_CL_error(int function, int reason, char *file, int line); | ||
| 65 | #define CLerr(f,r) ERR_CL_error((f),(r),__FILE__,__LINE__) | ||
| 66 | |||
| 67 | /* Error codes for the CL functions. */ | ||
| 68 | |||
| 69 | /* Function codes. */ | ||
| 70 | #define CL_F_CLUSTER_LABS_CTRL 100 | ||
| 71 | #define CL_F_CLUSTER_LABS_DSA_SIGN 101 | ||
| 72 | #define CL_F_CLUSTER_LABS_DSA_VERIFY 102 | ||
| 73 | #define CL_F_CLUSTER_LABS_FINISH 103 | ||
| 74 | #define CL_F_CLUSTER_LABS_INIT 104 | ||
| 75 | #define CL_F_CLUSTER_LABS_MOD_EXP 105 | ||
| 76 | #define CL_F_CLUSTER_LABS_MOD_EXP_CRT 106 | ||
| 77 | #define CL_F_CLUSTER_LABS_RAND_BYTES 107 | ||
| 78 | #define CL_F_CLUSTER_LABS_RSA_MOD_EXP 108 | ||
| 79 | #define CL_F_CLUSTER_LABS_RSA_PRIV_DEC 109 | ||
| 80 | #define CL_F_CLUSTER_LABS_RSA_PRIV_ENC 110 | ||
| 81 | #define CL_F_CLUSTER_LABS_RSA_PUB_DEC 111 | ||
| 82 | #define CL_F_CLUSTER_LABS_RSA_PUB_ENC 112 | ||
| 83 | |||
| 84 | /* Reason codes. */ | ||
| 85 | #define CL_R_ALREADY_LOADED 100 | ||
| 86 | #define CL_R_COMMAND_NOT_IMPLEMENTED 101 | ||
| 87 | #define CL_R_DSO_FAILURE 102 | ||
| 88 | #define CL_R_FUNCTION_NOT_BINDED 103 | ||
| 89 | #define CL_R_INIT_FAILED 104 | ||
| 90 | #define CL_R_NOT_LOADED 105 | ||
| 91 | |||
| 92 | #ifdef __cplusplus | ||
| 93 | } | ||
| 94 | #endif | ||
| 95 | #endif | ||
| diff --git a/src/lib/libssl/src/demos/engines/ibmca/Makefile b/src/lib/libssl/src/demos/engines/ibmca/Makefile new file mode 100644 index 0000000000..72f3546359 --- /dev/null +++ b/src/lib/libssl/src/demos/engines/ibmca/Makefile | |||
| @@ -0,0 +1,114 @@ | |||
| 1 | LIBNAME= libibmca | ||
| 2 | SRC= hw_ibmca.c | ||
| 3 | OBJ= hw_ibmca.o | ||
| 4 | HEADER= hw_ibmca.h | ||
| 5 | |||
| 6 | CC= gcc | ||
| 7 | PIC= -fPIC | ||
| 8 | CFLAGS= -g -I../../../include $(PIC) -DENGINE_DYNAMIC_SUPPORT -DFLAT_INC | ||
| 9 | AR= ar r | ||
| 10 | RANLIB= ranlib | ||
| 11 | |||
| 12 | LIB= $(LIBNAME).a | ||
| 13 | SHLIB= $(LIBNAME).so | ||
| 14 | |||
| 15 | all: | ||
| 16 | @echo 'Please choose a system to build on:' | ||
| 17 | @echo '' | ||
| 18 | @echo 'tru64: Tru64 Unix, Digital Unix, Digital OSF/1' | ||
| 19 | @echo 'solaris: Solaris' | ||
| 20 | @echo 'irix: IRIX' | ||
| 21 | @echo 'hpux32: 32-bit HP/UX' | ||
| 22 | @echo 'hpux64: 64-bit HP/UX' | ||
| 23 | @echo 'aix: AIX' | ||
| 24 | @echo 'gnu: Generic GNU-based system (gcc and GNU ld)' | ||
| 25 | @echo '' | ||
| 26 | |||
| 27 | FORCE.update: | ||
| 28 | update: FORCE.update | ||
| 29 | perl ../../../util/mkerr.pl -conf hw_ibmca.ec \ | ||
| 30 | -nostatic -staticloader -write hw_ibmca.c | ||
| 31 | |||
| 32 | gnu: $(SHLIB).gnu | ||
| 33 | tru64: $(SHLIB).tru64 | ||
| 34 | solaris: $(SHLIB).solaris | ||
| 35 | irix: $(SHLIB).irix | ||
| 36 | hpux32: $(SHLIB).hpux32 | ||
| 37 | hpux64: $(SHLIB).hpux64 | ||
| 38 | aix: $(SHLIB).aix | ||
| 39 | |||
| 40 | $(LIB): $(OBJ) | ||
| 41 | $(AR) $(LIB) $(OBJ) | ||
| 42 | - $(RANLIB) $(LIB) | ||
| 43 | |||
| 44 | LINK_SO= \ | ||
| 45 | ld -r -o $(LIBNAME).o $$ALLSYMSFLAGS $(LIB) && \ | ||
| 46 | (nm -Pg $(LIBNAME).o | grep ' [BDT] ' | cut -f1 -d' ' > $(LIBNAME).exp; \ | ||
| 47 | $$SHAREDCMD $$SHAREDFLAGS -o $(SHLIB) $(LIBNAME).o -L ../../.. -lcrypto -lc) | ||
| 48 | |||
| 49 | $(SHLIB).gnu: $(LIB) | ||
| 50 | ALLSYMSFLAGS='--whole-archive' \ | ||
| 51 | SHAREDFLAGS='-shared -Wl,-soname=$(SHLIB)' \ | ||
| 52 | SHAREDCMD='$(CC)'; \ | ||
| 53 | $(LINK_SO) | ||
| 54 | touch $(SHLIB).gnu | ||
| 55 | $(SHLIB).tru64: $(LIB) | ||
| 56 | ALLSYMSFLAGS='-all' \ | ||
| 57 | SHAREDFLAGS='-shared' \ | ||
| 58 | SHAREDCMD='$(CC)'; \ | ||
| 59 | $(LINK_SO) | ||
| 60 | touch $(SHLIB).tru64 | ||
| 61 | $(SHLIB).solaris: $(LIB) | ||
| 62 | ALLSYMSFLAGS='-z allextract' \ | ||
| 63 | SHAREDFLAGS='-G -h $(SHLIB)' \ | ||
| 64 | SHAREDCMD='$(CC)'; \ | ||
| 65 | $(LINK_SO) | ||
| 66 | touch $(SHLIB).solaris | ||
| 67 | $(SHLIB).irix: $(LIB) | ||
| 68 | ALLSYMSFLAGS='-all' \ | ||
| 69 | SHAREDFLAGS='-shared -Wl,-soname,$(SHLIB)' \ | ||
| 70 | SHAREDCMD='$(CC)'; \ | ||
| 71 | $(LINK_SO) | ||
| 72 | touch $(SHLIB).irix | ||
| 73 | $(SHLIB).hpux32: $(LIB) | ||
| 74 | ALLSYMSFLAGS='-Fl' \ | ||
| 75 | SHAREDFLAGS='+vnocompatwarnings -b -z +s +h $(SHLIB)' \ | ||
| 76 | SHAREDCMD='/usr/ccs/bin/ld'; \ | ||
| 77 | $(LINK_SO) | ||
| 78 | touch $(SHLIB).hpux32 | ||
| 79 | $(SHLIB).hpux64: $(LIB) | ||
| 80 | ALLSYMSFLAGS='+forceload' \ | ||
| 81 | SHAREDFLAGS='-b -z +h $(SHLIB)' \ | ||
| 82 | SHAREDCMD='/usr/ccs/bin/ld'; \ | ||
| 83 | $(LINK_SO) | ||
| 84 | touch $(SHLIB).hpux64 | ||
| 85 | $(SHLIB).aix: $(LIB) | ||
| 86 | ALLSYMSFLAGS='-bnogc' \ | ||
| 87 | SHAREDFLAGS='-G -bE:$(LIBNAME).exp -bM:SRE' \ | ||
| 88 | SHAREDCMD='$(CC)'; \ | ||
| 89 | $(LINK_SO) | ||
| 90 | touch $(SHLIB).aix | ||
| 91 | |||
| 92 | depend: | ||
| 93 | sed -e '/^# DO NOT DELETE.*/,$$d' < Makefile > Makefile.tmp | ||
| 94 | echo '# DO NOT DELETE THIS LINE -- make depend depends on it.' >> Makefile.tmp | ||
| 95 | gcc -M $(CFLAGS) $(SRC) >> Makefile.tmp | ||
| 96 | perl ../../../util/clean-depend.pl < Makefile.tmp > Makefile.new | ||
| 97 | rm -f Makefile.tmp Makefile | ||
| 98 | mv Makefile.new Makefile | ||
| 99 | |||
| 100 | # DO NOT DELETE THIS LINE -- make depend depends on it. | ||
| 101 | |||
| 102 | rsaref.o: ../../../include/openssl/asn1.h ../../../include/openssl/bio.h | ||
| 103 | rsaref.o: ../../../include/openssl/bn.h ../../../include/openssl/crypto.h | ||
| 104 | rsaref.o: ../../../include/openssl/dh.h ../../../include/openssl/dsa.h | ||
| 105 | rsaref.o: ../../../include/openssl/e_os2.h ../../../include/openssl/engine.h | ||
| 106 | rsaref.o: ../../../include/openssl/err.h ../../../include/openssl/lhash.h | ||
| 107 | rsaref.o: ../../../include/openssl/opensslconf.h | ||
| 108 | rsaref.o: ../../../include/openssl/opensslv.h | ||
| 109 | rsaref.o: ../../../include/openssl/ossl_typ.h ../../../include/openssl/rand.h | ||
| 110 | rsaref.o: ../../../include/openssl/rsa.h ../../../include/openssl/safestack.h | ||
| 111 | rsaref.o: ../../../include/openssl/stack.h ../../../include/openssl/symhacks.h | ||
| 112 | rsaref.o: ../../../include/openssl/ui.h rsaref.c rsaref_err.c rsaref_err.h | ||
| 113 | rsaref.o: source/des.h source/global.h source/md2.h source/md5.h source/rsa.h | ||
| 114 | rsaref.o: source/rsaref.h | ||
| diff --git a/src/lib/libssl/src/demos/engines/ibmca/hw_ibmca.c b/src/lib/libssl/src/demos/engines/ibmca/hw_ibmca.c new file mode 100644 index 0000000000..881b16a7cb --- /dev/null +++ b/src/lib/libssl/src/demos/engines/ibmca/hw_ibmca.c | |||
| @@ -0,0 +1,917 @@ | |||
| 1 | /* crypto/engine/hw_ibmca.c */ | ||
| 2 | /* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL | ||
| 3 | * project 2000. | ||
| 4 | */ | ||
| 5 | /* ==================================================================== | ||
| 6 | * Copyright (c) 1999 The OpenSSL Project. All rights reserved. | ||
| 7 | * | ||
| 8 | * Redistribution and use in source and binary forms, with or without | ||
| 9 | * modification, are permitted provided that the following conditions | ||
| 10 | * are met: | ||
| 11 | * | ||
| 12 | * 1. Redistributions of source code must retain the above copyright | ||
| 13 | * notice, this list of conditions and the following disclaimer. | ||
| 14 | * | ||
| 15 | * 2. Redistributions in binary form must reproduce the above copyright | ||
| 16 | * notice, this list of conditions and the following disclaimer in | ||
| 17 | * the documentation and/or other materials provided with the | ||
| 18 | * distribution. | ||
| 19 | * | ||
| 20 | * 3. All advertising materials mentioning features or use of this | ||
| 21 | * software must display the following acknowledgment: | ||
| 22 | * "This product includes software developed by the OpenSSL Project | ||
| 23 | * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" | ||
| 24 | * | ||
| 25 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | ||
| 26 | * endorse or promote products derived from this software without | ||
| 27 | * prior written permission. For written permission, please contact | ||
| 28 | * licensing@OpenSSL.org. | ||
| 29 | * | ||
| 30 | * 5. Products derived from this software may not be called "OpenSSL" | ||
| 31 | * nor may "OpenSSL" appear in their names without prior written | ||
| 32 | * permission of the OpenSSL Project. | ||
| 33 | * | ||
| 34 | * 6. Redistributions of any form whatsoever must retain the following | ||
| 35 | * acknowledgment: | ||
| 36 | * "This product includes software developed by the OpenSSL Project | ||
| 37 | * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" | ||
| 38 | * | ||
| 39 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | ||
| 40 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
| 41 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | ||
| 42 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | ||
| 43 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | ||
| 44 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
| 45 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | ||
| 46 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
| 47 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | ||
| 48 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | ||
| 49 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | ||
| 50 | * OF THE POSSIBILITY OF SUCH DAMAGE. | ||
| 51 | * ==================================================================== | ||
| 52 | * | ||
| 53 | * This product includes cryptographic software written by Eric Young | ||
| 54 | * (eay@cryptsoft.com). This product includes software written by Tim | ||
| 55 | * Hudson (tjh@cryptsoft.com). | ||
| 56 | * | ||
| 57 | */ | ||
| 58 | |||
| 59 | /* (C) COPYRIGHT International Business Machines Corp. 2001 */ | ||
| 60 | |||
| 61 | #include <stdio.h> | ||
| 62 | #include <openssl/crypto.h> | ||
| 63 | #include <openssl/dso.h> | ||
| 64 | #include <openssl/engine.h> | ||
| 65 | |||
| 66 | #ifndef OPENSSL_NO_HW | ||
| 67 | #ifndef OPENSSL_NO_HW_IBMCA | ||
| 68 | |||
| 69 | #ifdef FLAT_INC | ||
| 70 | #include "ica_openssl_api.h" | ||
| 71 | #else | ||
| 72 | #include "vendor_defns/ica_openssl_api.h" | ||
| 73 | #endif | ||
| 74 | |||
| 75 | #define IBMCA_LIB_NAME "ibmca engine" | ||
| 76 | #include "hw_ibmca_err.c" | ||
| 77 | |||
| 78 | static int ibmca_destroy(ENGINE *e); | ||
| 79 | static int ibmca_init(ENGINE *e); | ||
| 80 | static int ibmca_finish(ENGINE *e); | ||
| 81 | static int ibmca_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)()); | ||
| 82 | |||
| 83 | static const char *IBMCA_F1 = "icaOpenAdapter"; | ||
| 84 | static const char *IBMCA_F2 = "icaCloseAdapter"; | ||
| 85 | static const char *IBMCA_F3 = "icaRsaModExpo"; | ||
| 86 | static const char *IBMCA_F4 = "icaRandomNumberGenerate"; | ||
| 87 | static const char *IBMCA_F5 = "icaRsaCrt"; | ||
| 88 | |||
| 89 | ICA_ADAPTER_HANDLE handle=0; | ||
| 90 | |||
| 91 | /* BIGNUM stuff */ | ||
| 92 | static int ibmca_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, | ||
| 93 | const BIGNUM *m, BN_CTX *ctx); | ||
| 94 | |||
| 95 | static int ibmca_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, | ||
| 96 | const BIGNUM *q, const BIGNUM *dmp1, const BIGNUM *dmq1, | ||
| 97 | const BIGNUM *iqmp, BN_CTX *ctx); | ||
| 98 | |||
| 99 | #ifndef OPENSSL_NO_RSA | ||
| 100 | /* RSA stuff */ | ||
| 101 | static int ibmca_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa); | ||
| 102 | #endif | ||
| 103 | |||
| 104 | /* This function is aliased to mod_exp (with the mont stuff dropped). */ | ||
| 105 | static int ibmca_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, | ||
| 106 | const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); | ||
| 107 | |||
| 108 | #ifndef OPENSSL_NO_DSA | ||
| 109 | /* DSA stuff */ | ||
| 110 | static int ibmca_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1, | ||
| 111 | BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m, | ||
| 112 | BN_CTX *ctx, BN_MONT_CTX *in_mont); | ||
| 113 | static int ibmca_mod_exp_dsa(DSA *dsa, BIGNUM *r, BIGNUM *a, | ||
| 114 | const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, | ||
| 115 | BN_MONT_CTX *m_ctx); | ||
| 116 | #endif | ||
| 117 | |||
| 118 | #ifndef OPENSSL_NO_DH | ||
| 119 | /* DH stuff */ | ||
| 120 | /* This function is alised to mod_exp (with the DH and mont dropped). */ | ||
| 121 | static int ibmca_mod_exp_dh(const DH *dh, BIGNUM *r, | ||
| 122 | const BIGNUM *a, const BIGNUM *p, | ||
| 123 | const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); | ||
| 124 | #endif | ||
| 125 | |||
| 126 | /* RAND stuff */ | ||
| 127 | static int ibmca_rand_bytes(unsigned char *buf, int num); | ||
| 128 | static int ibmca_rand_status(void); | ||
| 129 | |||
| 130 | |||
| 131 | /* WJH - check for more commands, like in nuron */ | ||
| 132 | |||
| 133 | /* The definitions for control commands specific to this engine */ | ||
| 134 | #define IBMCA_CMD_SO_PATH ENGINE_CMD_BASE | ||
| 135 | static const ENGINE_CMD_DEFN ibmca_cmd_defns[] = { | ||
| 136 | {IBMCA_CMD_SO_PATH, | ||
| 137 | "SO_PATH", | ||
| 138 | "Specifies the path to the 'atasi' shared library", | ||
| 139 | ENGINE_CMD_FLAG_STRING}, | ||
| 140 | {0, NULL, NULL, 0} | ||
| 141 | }; | ||
| 142 | |||
| 143 | #ifndef OPENSSL_NO_RSA | ||
| 144 | /* Our internal RSA_METHOD that we provide pointers to */ | ||
| 145 | static RSA_METHOD ibmca_rsa = | ||
| 146 | { | ||
| 147 | "Ibmca RSA method", | ||
| 148 | NULL, | ||
| 149 | NULL, | ||
| 150 | NULL, | ||
| 151 | NULL, | ||
| 152 | ibmca_rsa_mod_exp, | ||
| 153 | ibmca_mod_exp_mont, | ||
| 154 | NULL, | ||
| 155 | NULL, | ||
| 156 | 0, | ||
| 157 | NULL, | ||
| 158 | NULL, | ||
| 159 | NULL | ||
| 160 | }; | ||
| 161 | #endif | ||
| 162 | |||
| 163 | #ifndef OPENSSL_NO_DSA | ||
| 164 | /* Our internal DSA_METHOD that we provide pointers to */ | ||
| 165 | static DSA_METHOD ibmca_dsa = | ||
| 166 | { | ||
| 167 | "Ibmca DSA method", | ||
| 168 | NULL, /* dsa_do_sign */ | ||
| 169 | NULL, /* dsa_sign_setup */ | ||
| 170 | NULL, /* dsa_do_verify */ | ||
| 171 | ibmca_dsa_mod_exp, /* dsa_mod_exp */ | ||
| 172 | ibmca_mod_exp_dsa, /* bn_mod_exp */ | ||
| 173 | NULL, /* init */ | ||
| 174 | NULL, /* finish */ | ||
| 175 | 0, /* flags */ | ||
| 176 | NULL /* app_data */ | ||
| 177 | }; | ||
| 178 | #endif | ||
| 179 | |||
| 180 | #ifndef OPENSSL_NO_DH | ||
| 181 | /* Our internal DH_METHOD that we provide pointers to */ | ||
| 182 | static DH_METHOD ibmca_dh = | ||
| 183 | { | ||
| 184 | "Ibmca DH method", | ||
| 185 | NULL, | ||
| 186 | NULL, | ||
| 187 | ibmca_mod_exp_dh, | ||
| 188 | NULL, | ||
| 189 | NULL, | ||
| 190 | 0, | ||
| 191 | NULL | ||
| 192 | }; | ||
| 193 | #endif | ||
| 194 | |||
| 195 | static RAND_METHOD ibmca_rand = | ||
| 196 | { | ||
| 197 | /* "IBMCA RAND method", */ | ||
| 198 | NULL, | ||
| 199 | ibmca_rand_bytes, | ||
| 200 | NULL, | ||
| 201 | NULL, | ||
| 202 | ibmca_rand_bytes, | ||
| 203 | ibmca_rand_status, | ||
| 204 | }; | ||
| 205 | |||
| 206 | /* Constants used when creating the ENGINE */ | ||
| 207 | static const char *engine_ibmca_id = "ibmca"; | ||
| 208 | static const char *engine_ibmca_name = "Ibmca hardware engine support"; | ||
| 209 | |||
| 210 | /* This internal function is used by ENGINE_ibmca() and possibly by the | ||
| 211 | * "dynamic" ENGINE support too */ | ||
| 212 | static int bind_helper(ENGINE *e) | ||
| 213 | { | ||
| 214 | #ifndef OPENSSL_NO_RSA | ||
| 215 | const RSA_METHOD *meth1; | ||
| 216 | #endif | ||
| 217 | #ifndef OPENSSL_NO_DSA | ||
| 218 | const DSA_METHOD *meth2; | ||
| 219 | #endif | ||
| 220 | #ifndef OPENSSL_NO_DH | ||
| 221 | const DH_METHOD *meth3; | ||
| 222 | #endif | ||
| 223 | if(!ENGINE_set_id(e, engine_ibmca_id) || | ||
| 224 | !ENGINE_set_name(e, engine_ibmca_name) || | ||
| 225 | #ifndef OPENSSL_NO_RSA | ||
| 226 | !ENGINE_set_RSA(e, &ibmca_rsa) || | ||
| 227 | #endif | ||
| 228 | #ifndef OPENSSL_NO_DSA | ||
| 229 | !ENGINE_set_DSA(e, &ibmca_dsa) || | ||
| 230 | #endif | ||
| 231 | #ifndef OPENSSL_NO_DH | ||
| 232 | !ENGINE_set_DH(e, &ibmca_dh) || | ||
| 233 | #endif | ||
| 234 | !ENGINE_set_RAND(e, &ibmca_rand) || | ||
| 235 | !ENGINE_set_destroy_function(e, ibmca_destroy) || | ||
| 236 | !ENGINE_set_init_function(e, ibmca_init) || | ||
| 237 | !ENGINE_set_finish_function(e, ibmca_finish) || | ||
| 238 | !ENGINE_set_ctrl_function(e, ibmca_ctrl) || | ||
| 239 | !ENGINE_set_cmd_defns(e, ibmca_cmd_defns)) | ||
| 240 | return 0; | ||
| 241 | |||
| 242 | #ifndef OPENSSL_NO_RSA | ||
| 243 | /* We know that the "PKCS1_SSLeay()" functions hook properly | ||
| 244 | * to the ibmca-specific mod_exp and mod_exp_crt so we use | ||
| 245 | * those functions. NB: We don't use ENGINE_openssl() or | ||
| 246 | * anything "more generic" because something like the RSAref | ||
| 247 | * code may not hook properly, and if you own one of these | ||
| 248 | * cards then you have the right to do RSA operations on it | ||
| 249 | * anyway! */ | ||
| 250 | meth1 = RSA_PKCS1_SSLeay(); | ||
| 251 | ibmca_rsa.rsa_pub_enc = meth1->rsa_pub_enc; | ||
| 252 | ibmca_rsa.rsa_pub_dec = meth1->rsa_pub_dec; | ||
| 253 | ibmca_rsa.rsa_priv_enc = meth1->rsa_priv_enc; | ||
| 254 | ibmca_rsa.rsa_priv_dec = meth1->rsa_priv_dec; | ||
| 255 | #endif | ||
| 256 | |||
| 257 | #ifndef OPENSSL_NO_DSA | ||
| 258 | /* Use the DSA_OpenSSL() method and just hook the mod_exp-ish | ||
| 259 | * bits. */ | ||
| 260 | meth2 = DSA_OpenSSL(); | ||
| 261 | ibmca_dsa.dsa_do_sign = meth2->dsa_do_sign; | ||
| 262 | ibmca_dsa.dsa_sign_setup = meth2->dsa_sign_setup; | ||
| 263 | ibmca_dsa.dsa_do_verify = meth2->dsa_do_verify; | ||
| 264 | #endif | ||
| 265 | |||
| 266 | #ifndef OPENSSL_NO_DH | ||
| 267 | /* Much the same for Diffie-Hellman */ | ||
| 268 | meth3 = DH_OpenSSL(); | ||
| 269 | ibmca_dh.generate_key = meth3->generate_key; | ||
| 270 | ibmca_dh.compute_key = meth3->compute_key; | ||
| 271 | #endif | ||
| 272 | |||
| 273 | /* Ensure the ibmca error handling is set up */ | ||
| 274 | ERR_load_IBMCA_strings(); | ||
| 275 | return 1; | ||
| 276 | } | ||
| 277 | |||
| 278 | static ENGINE *engine_ibmca(void) | ||
| 279 | { | ||
| 280 | ENGINE *ret = ENGINE_new(); | ||
| 281 | if(!ret) | ||
| 282 | return NULL; | ||
| 283 | if(!bind_helper(ret)) | ||
| 284 | { | ||
| 285 | ENGINE_free(ret); | ||
| 286 | return NULL; | ||
| 287 | } | ||
| 288 | return ret; | ||
| 289 | } | ||
| 290 | |||
| 291 | void ENGINE_load_ibmca(void) | ||
| 292 | { | ||
| 293 | /* Copied from eng_[openssl|dyn].c */ | ||
| 294 | ENGINE *toadd = engine_ibmca(); | ||
| 295 | if(!toadd) return; | ||
| 296 | ENGINE_add(toadd); | ||
| 297 | ENGINE_free(toadd); | ||
| 298 | ERR_clear_error(); | ||
| 299 | } | ||
| 300 | |||
| 301 | /* Destructor (complements the "ENGINE_ibmca()" constructor) */ | ||
| 302 | static int ibmca_destroy(ENGINE *e) | ||
| 303 | { | ||
| 304 | /* Unload the ibmca error strings so any error state including our | ||
| 305 | * functs or reasons won't lead to a segfault (they simply get displayed | ||
| 306 | * without corresponding string data because none will be found). */ | ||
| 307 | ERR_unload_IBMCA_strings(); | ||
| 308 | return 1; | ||
| 309 | } | ||
| 310 | |||
| 311 | |||
| 312 | /* This is a process-global DSO handle used for loading and unloading | ||
| 313 | * the Ibmca library. NB: This is only set (or unset) during an | ||
| 314 | * init() or finish() call (reference counts permitting) and they're | ||
| 315 | * operating with global locks, so this should be thread-safe | ||
| 316 | * implicitly. */ | ||
| 317 | |||
| 318 | static DSO *ibmca_dso = NULL; | ||
| 319 | |||
| 320 | /* These are the function pointers that are (un)set when the library has | ||
| 321 | * successfully (un)loaded. */ | ||
| 322 | |||
| 323 | static unsigned int (ICA_CALL *p_icaOpenAdapter)(); | ||
| 324 | static unsigned int (ICA_CALL *p_icaCloseAdapter)(); | ||
| 325 | static unsigned int (ICA_CALL *p_icaRsaModExpo)(); | ||
| 326 | static unsigned int (ICA_CALL *p_icaRandomNumberGenerate)(); | ||
| 327 | static unsigned int (ICA_CALL *p_icaRsaCrt)(); | ||
| 328 | |||
| 329 | /* utility function to obtain a context */ | ||
| 330 | static int get_context(ICA_ADAPTER_HANDLE *p_handle) | ||
| 331 | { | ||
| 332 | unsigned int status=0; | ||
| 333 | |||
| 334 | status = p_icaOpenAdapter(0, p_handle); | ||
| 335 | if(status != 0) | ||
| 336 | return 0; | ||
| 337 | return 1; | ||
| 338 | } | ||
| 339 | |||
| 340 | /* similarly to release one. */ | ||
| 341 | static void release_context(ICA_ADAPTER_HANDLE handle) | ||
| 342 | { | ||
| 343 | p_icaCloseAdapter(handle); | ||
| 344 | } | ||
| 345 | |||
| 346 | /* (de)initialisation functions. */ | ||
| 347 | static int ibmca_init(ENGINE *e) | ||
| 348 | { | ||
| 349 | |||
| 350 | void (*p1)(); | ||
| 351 | void (*p2)(); | ||
| 352 | void (*p3)(); | ||
| 353 | void (*p4)(); | ||
| 354 | void (*p5)(); | ||
| 355 | |||
| 356 | if(ibmca_dso != NULL) | ||
| 357 | { | ||
| 358 | IBMCAerr(IBMCA_F_IBMCA_INIT,IBMCA_R_ALREADY_LOADED); | ||
| 359 | goto err; | ||
| 360 | } | ||
| 361 | /* Attempt to load libatasi.so/atasi.dll/whatever. Needs to be | ||
| 362 | * changed unfortunately because the Ibmca drivers don't have | ||
| 363 | * standard library names that can be platform-translated well. */ | ||
| 364 | /* TODO: Work out how to actually map to the names the Ibmca | ||
| 365 | * drivers really use - for now a symbollic link needs to be | ||
| 366 | * created on the host system from libatasi.so to atasi.so on | ||
| 367 | * unix variants. */ | ||
| 368 | |||
| 369 | /* WJH XXX check name translation */ | ||
| 370 | |||
| 371 | ibmca_dso = DSO_load(NULL, IBMCA_LIBNAME, NULL, | ||
| 372 | /* DSO_FLAG_NAME_TRANSLATION */ 0); | ||
| 373 | if(ibmca_dso == NULL) | ||
| 374 | { | ||
| 375 | IBMCAerr(IBMCA_F_IBMCA_INIT,IBMCA_R_DSO_FAILURE); | ||
| 376 | goto err; | ||
| 377 | } | ||
| 378 | |||
| 379 | if(!(p1 = DSO_bind_func( | ||
| 380 | ibmca_dso, IBMCA_F1)) || | ||
| 381 | !(p2 = DSO_bind_func( | ||
| 382 | ibmca_dso, IBMCA_F2)) || | ||
| 383 | !(p3 = DSO_bind_func( | ||
| 384 | ibmca_dso, IBMCA_F3)) || | ||
| 385 | !(p4 = DSO_bind_func( | ||
| 386 | ibmca_dso, IBMCA_F4)) || | ||
| 387 | !(p5 = DSO_bind_func( | ||
| 388 | ibmca_dso, IBMCA_F5))) | ||
| 389 | { | ||
| 390 | IBMCAerr(IBMCA_F_IBMCA_INIT,IBMCA_R_DSO_FAILURE); | ||
| 391 | goto err; | ||
| 392 | } | ||
| 393 | |||
| 394 | /* Copy the pointers */ | ||
| 395 | |||
| 396 | p_icaOpenAdapter = (unsigned int (ICA_CALL *)())p1; | ||
| 397 | p_icaCloseAdapter = (unsigned int (ICA_CALL *)())p2; | ||
| 398 | p_icaRsaModExpo = (unsigned int (ICA_CALL *)())p3; | ||
| 399 | p_icaRandomNumberGenerate = (unsigned int (ICA_CALL *)())p4; | ||
| 400 | p_icaRsaCrt = (unsigned int (ICA_CALL *)())p5; | ||
| 401 | |||
| 402 | if(!get_context(&handle)) | ||
| 403 | { | ||
| 404 | IBMCAerr(IBMCA_F_IBMCA_INIT,IBMCA_R_UNIT_FAILURE); | ||
| 405 | goto err; | ||
| 406 | } | ||
| 407 | |||
| 408 | return 1; | ||
| 409 | err: | ||
| 410 | if(ibmca_dso) | ||
| 411 | DSO_free(ibmca_dso); | ||
| 412 | |||
| 413 | p_icaOpenAdapter = NULL; | ||
| 414 | p_icaCloseAdapter = NULL; | ||
| 415 | p_icaRsaModExpo = NULL; | ||
| 416 | p_icaRandomNumberGenerate = NULL; | ||
| 417 | |||
| 418 | return 0; | ||
| 419 | } | ||
| 420 | |||
| 421 | static int ibmca_finish(ENGINE *e) | ||
| 422 | { | ||
| 423 | if(ibmca_dso == NULL) | ||
| 424 | { | ||
| 425 | IBMCAerr(IBMCA_F_IBMCA_FINISH,IBMCA_R_NOT_LOADED); | ||
| 426 | return 0; | ||
| 427 | } | ||
| 428 | release_context(handle); | ||
| 429 | if(!DSO_free(ibmca_dso)) | ||
| 430 | { | ||
| 431 | IBMCAerr(IBMCA_F_IBMCA_FINISH,IBMCA_R_DSO_FAILURE); | ||
| 432 | return 0; | ||
| 433 | } | ||
| 434 | ibmca_dso = NULL; | ||
| 435 | |||
| 436 | return 1; | ||
| 437 | } | ||
| 438 | |||
| 439 | static int ibmca_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)()) | ||
| 440 | { | ||
| 441 | int initialised = ((ibmca_dso == NULL) ? 0 : 1); | ||
| 442 | switch(cmd) | ||
| 443 | { | ||
| 444 | case IBMCA_CMD_SO_PATH: | ||
| 445 | if(p == NULL) | ||
| 446 | { | ||
| 447 | IBMCAerr(IBMCA_F_IBMCA_CTRL,ERR_R_PASSED_NULL_PARAMETER); | ||
| 448 | return 0; | ||
| 449 | } | ||
| 450 | if(initialised) | ||
| 451 | { | ||
| 452 | IBMCAerr(IBMCA_F_IBMCA_CTRL,IBMCA_R_ALREADY_LOADED); | ||
| 453 | return 0; | ||
| 454 | } | ||
| 455 | IBMCA_LIBNAME = (const char *)p; | ||
| 456 | return 1; | ||
| 457 | default: | ||
| 458 | break; | ||
| 459 | } | ||
| 460 | IBMCAerr(IBMCA_F_IBMCA_CTRL,IBMCA_R_CTRL_COMMAND_NOT_IMPLEMENTED); | ||
| 461 | return 0; | ||
| 462 | } | ||
| 463 | |||
| 464 | |||
| 465 | static int ibmca_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, | ||
| 466 | const BIGNUM *m, BN_CTX *ctx) | ||
| 467 | { | ||
| 468 | /* I need somewhere to store temporary serialised values for | ||
| 469 | * use with the Ibmca API calls. A neat cheat - I'll use | ||
| 470 | * BIGNUMs from the BN_CTX but access their arrays directly as | ||
| 471 | * byte arrays <grin>. This way I don't have to clean anything | ||
| 472 | * up. */ | ||
| 473 | |||
| 474 | BIGNUM *argument=NULL; | ||
| 475 | BIGNUM *result=NULL; | ||
| 476 | BIGNUM *key=NULL; | ||
| 477 | int to_return; | ||
| 478 | int inLen, outLen, tmpLen; | ||
| 479 | |||
| 480 | |||
| 481 | ICA_KEY_RSA_MODEXPO *publKey=NULL; | ||
| 482 | unsigned int rc; | ||
| 483 | |||
| 484 | to_return = 0; /* expect failure */ | ||
| 485 | |||
| 486 | if(!ibmca_dso) | ||
| 487 | { | ||
| 488 | IBMCAerr(IBMCA_F_IBMCA_MOD_EXP,IBMCA_R_NOT_LOADED); | ||
| 489 | goto err; | ||
| 490 | } | ||
| 491 | /* Prepare the params */ | ||
| 492 | BN_CTX_start(ctx); | ||
| 493 | argument = BN_CTX_get(ctx); | ||
| 494 | result = BN_CTX_get(ctx); | ||
| 495 | key = BN_CTX_get(ctx); | ||
| 496 | |||
| 497 | if( !argument || !result || !key) | ||
| 498 | { | ||
| 499 | IBMCAerr(IBMCA_F_IBMCA_MOD_EXP,IBMCA_R_BN_CTX_FULL); | ||
| 500 | goto err; | ||
| 501 | } | ||
| 502 | |||
| 503 | |||
| 504 | if(!bn_wexpand(argument, m->top) || !bn_wexpand(result, m->top) || | ||
| 505 | !bn_wexpand(key, sizeof(*publKey)/BN_BYTES)) | ||
| 506 | |||
| 507 | { | ||
| 508 | IBMCAerr(IBMCA_F_IBMCA_MOD_EXP,IBMCA_R_BN_EXPAND_FAIL); | ||
| 509 | goto err; | ||
| 510 | } | ||
| 511 | |||
| 512 | publKey = (ICA_KEY_RSA_MODEXPO *)key->d; | ||
| 513 | |||
| 514 | if (publKey == NULL) | ||
| 515 | { | ||
| 516 | goto err; | ||
| 517 | } | ||
| 518 | memset(publKey, 0, sizeof(ICA_KEY_RSA_MODEXPO)); | ||
| 519 | |||
| 520 | publKey->keyType = CORRECT_ENDIANNESS(ME_KEY_TYPE); | ||
| 521 | publKey->keyLength = CORRECT_ENDIANNESS(sizeof(ICA_KEY_RSA_MODEXPO)); | ||
| 522 | publKey->expOffset = (char *) publKey->keyRecord - (char *) publKey; | ||
| 523 | |||
| 524 | /* A quirk of the card: the exponent length has to be the same | ||
| 525 | as the modulus (key) length */ | ||
| 526 | |||
| 527 | outLen = BN_num_bytes(m); | ||
| 528 | |||
| 529 | /* check for modulus length SAB*/ | ||
| 530 | if (outLen > 256 ) { | ||
| 531 | IBMCAerr(IBMCA_F_IBMCA_MOD_EXP,IBMCA_R_MEXP_LENGTH_TO_LARGE); | ||
| 532 | goto err; | ||
| 533 | } | ||
| 534 | /* check for modulus length SAB*/ | ||
| 535 | |||
| 536 | |||
| 537 | publKey->expLength = publKey->nLength = outLen; | ||
| 538 | /* SAB Check for underflow condition | ||
| 539 | the size of the exponent is less than the size of the parameter | ||
| 540 | then we have a big problem and will underflow the keyRecord | ||
| 541 | buffer. Bad stuff could happen then | ||
| 542 | */ | ||
| 543 | if (outLen < BN_num_bytes(p)){ | ||
| 544 | IBMCAerr(IBMCA_F_IBMCA_MOD_EXP,IBMCA_R_UNDERFLOW_KEYRECORD); | ||
| 545 | goto err; | ||
| 546 | } | ||
| 547 | /* SAB End check for underflow */ | ||
| 548 | |||
| 549 | |||
| 550 | BN_bn2bin(p, &publKey->keyRecord[publKey->expLength - | ||
| 551 | BN_num_bytes(p)]); | ||
| 552 | BN_bn2bin(m, &publKey->keyRecord[publKey->expLength]); | ||
| 553 | |||
| 554 | |||
| 555 | |||
| 556 | publKey->modulusBitLength = CORRECT_ENDIANNESS(publKey->nLength * 8); | ||
| 557 | publKey->nOffset = CORRECT_ENDIANNESS(publKey->expOffset + | ||
| 558 | publKey->expLength); | ||
| 559 | |||
| 560 | publKey->expOffset = CORRECT_ENDIANNESS((char *) publKey->keyRecord - | ||
| 561 | (char *) publKey); | ||
| 562 | |||
| 563 | tmpLen = outLen; | ||
| 564 | publKey->expLength = publKey->nLength = CORRECT_ENDIANNESS(tmpLen); | ||
| 565 | |||
| 566 | /* Prepare the argument */ | ||
| 567 | |||
| 568 | memset(argument->d, 0, outLen); | ||
| 569 | BN_bn2bin(a, (unsigned char *)argument->d + outLen - | ||
| 570 | BN_num_bytes(a)); | ||
| 571 | |||
| 572 | inLen = outLen; | ||
| 573 | |||
| 574 | /* Perform the operation */ | ||
| 575 | |||
| 576 | if( (rc = p_icaRsaModExpo(handle, inLen,(unsigned char *)argument->d, | ||
| 577 | publKey, &outLen, (unsigned char *)result->d)) | ||
| 578 | !=0 ) | ||
| 579 | |||
| 580 | { | ||
| 581 | printf("rc = %d\n", rc); | ||
| 582 | IBMCAerr(IBMCA_F_IBMCA_MOD_EXP,IBMCA_R_REQUEST_FAILED); | ||
| 583 | goto err; | ||
| 584 | } | ||
| 585 | |||
| 586 | |||
| 587 | /* Convert the response */ | ||
| 588 | BN_bin2bn((unsigned char *)result->d, outLen, r); | ||
| 589 | to_return = 1; | ||
| 590 | err: | ||
| 591 | BN_CTX_end(ctx); | ||
| 592 | return to_return; | ||
| 593 | } | ||
| 594 | |||
| 595 | #ifndef OPENSSL_NO_RSA | ||
| 596 | static int ibmca_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa) | ||
| 597 | { | ||
| 598 | BN_CTX *ctx; | ||
| 599 | int to_return = 0; | ||
| 600 | |||
| 601 | if((ctx = BN_CTX_new()) == NULL) | ||
| 602 | goto err; | ||
| 603 | if(!rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp) | ||
| 604 | { | ||
| 605 | if(!rsa->d || !rsa->n) | ||
| 606 | { | ||
| 607 | IBMCAerr(IBMCA_F_IBMCA_RSA_MOD_EXP, | ||
| 608 | IBMCA_R_MISSING_KEY_COMPONENTS); | ||
| 609 | goto err; | ||
| 610 | } | ||
| 611 | to_return = ibmca_mod_exp(r0, I, rsa->d, rsa->n, ctx); | ||
| 612 | } | ||
| 613 | else | ||
| 614 | { | ||
| 615 | to_return = ibmca_mod_exp_crt(r0, I, rsa->p, rsa->q, rsa->dmp1, | ||
| 616 | rsa->dmq1, rsa->iqmp, ctx); | ||
| 617 | } | ||
| 618 | err: | ||
| 619 | if(ctx) | ||
| 620 | BN_CTX_free(ctx); | ||
| 621 | return to_return; | ||
| 622 | } | ||
| 623 | #endif | ||
| 624 | |||
| 625 | /* Ein kleines chinesisches "Restessen" */ | ||
| 626 | static int ibmca_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, | ||
| 627 | const BIGNUM *q, const BIGNUM *dmp1, | ||
| 628 | const BIGNUM *dmq1, const BIGNUM *iqmp, BN_CTX *ctx) | ||
| 629 | { | ||
| 630 | |||
| 631 | BIGNUM *argument = NULL; | ||
| 632 | BIGNUM *result = NULL; | ||
| 633 | BIGNUM *key = NULL; | ||
| 634 | |||
| 635 | int to_return = 0; /* expect failure */ | ||
| 636 | |||
| 637 | char *pkey=NULL; | ||
| 638 | ICA_KEY_RSA_CRT *privKey=NULL; | ||
| 639 | int inLen, outLen; | ||
| 640 | |||
| 641 | int rc; | ||
| 642 | unsigned int offset, pSize, qSize; | ||
| 643 | /* SAB New variables */ | ||
| 644 | unsigned int keyRecordSize; | ||
| 645 | unsigned int pbytes = BN_num_bytes(p); | ||
| 646 | unsigned int qbytes = BN_num_bytes(q); | ||
| 647 | unsigned int dmp1bytes = BN_num_bytes(dmp1); | ||
| 648 | unsigned int dmq1bytes = BN_num_bytes(dmq1); | ||
| 649 | unsigned int iqmpbytes = BN_num_bytes(iqmp); | ||
| 650 | |||
| 651 | /* Prepare the params */ | ||
| 652 | |||
| 653 | BN_CTX_start(ctx); | ||
| 654 | argument = BN_CTX_get(ctx); | ||
| 655 | result = BN_CTX_get(ctx); | ||
| 656 | key = BN_CTX_get(ctx); | ||
| 657 | |||
| 658 | if(!argument || !result || !key) | ||
| 659 | { | ||
| 660 | IBMCAerr(IBMCA_F_IBMCA_MOD_EXP_CRT,IBMCA_R_BN_CTX_FULL); | ||
| 661 | goto err; | ||
| 662 | } | ||
| 663 | |||
| 664 | if(!bn_wexpand(argument, p->top + q->top) || | ||
| 665 | !bn_wexpand(result, p->top + q->top) || | ||
| 666 | !bn_wexpand(key, sizeof(*privKey)/BN_BYTES )) | ||
| 667 | { | ||
| 668 | IBMCAerr(IBMCA_F_IBMCA_MOD_EXP_CRT,IBMCA_R_BN_EXPAND_FAIL); | ||
| 669 | goto err; | ||
| 670 | } | ||
| 671 | |||
| 672 | |||
| 673 | privKey = (ICA_KEY_RSA_CRT *)key->d; | ||
| 674 | /* SAB Add check for total size in bytes of the parms does not exceed | ||
| 675 | the buffer space we have | ||
| 676 | do this first | ||
| 677 | */ | ||
| 678 | keyRecordSize = pbytes+qbytes+dmp1bytes+dmq1bytes+iqmpbytes; | ||
| 679 | if ( keyRecordSize > sizeof(privKey->keyRecord )) { | ||
| 680 | IBMCAerr(IBMCA_F_IBMCA_MOD_EXP_CRT,IBMCA_R_OPERANDS_TO_LARGE); | ||
| 681 | goto err; | ||
| 682 | } | ||
| 683 | |||
| 684 | if ( (qbytes + dmq1bytes) > 256 ){ | ||
| 685 | IBMCAerr(IBMCA_F_IBMCA_MOD_EXP_CRT,IBMCA_R_OPERANDS_TO_LARGE); | ||
| 686 | goto err; | ||
| 687 | } | ||
| 688 | |||
| 689 | if ( pbytes + dmp1bytes > 256 ) { | ||
| 690 | IBMCAerr(IBMCA_F_IBMCA_MOD_EXP_CRT,IBMCA_R_OPERANDS_TO_LARGE); | ||
| 691 | goto err; | ||
| 692 | } | ||
| 693 | |||
| 694 | /* end SAB additions */ | ||
| 695 | |||
| 696 | memset(privKey, 0, sizeof(ICA_KEY_RSA_CRT)); | ||
| 697 | privKey->keyType = CORRECT_ENDIANNESS(CRT_KEY_TYPE); | ||
| 698 | privKey->keyLength = CORRECT_ENDIANNESS(sizeof(ICA_KEY_RSA_CRT)); | ||
| 699 | privKey->modulusBitLength = | ||
| 700 | CORRECT_ENDIANNESS(BN_num_bytes(q) * 2 * 8); | ||
| 701 | |||
| 702 | /* | ||
| 703 | * p,dp & qInv are 1 QWORD Larger | ||
| 704 | */ | ||
| 705 | privKey->pLength = CORRECT_ENDIANNESS(BN_num_bytes(p)+8); | ||
| 706 | privKey->qLength = CORRECT_ENDIANNESS(BN_num_bytes(q)); | ||
| 707 | privKey->dpLength = CORRECT_ENDIANNESS(BN_num_bytes(dmp1)+8); | ||
| 708 | privKey->dqLength = CORRECT_ENDIANNESS(BN_num_bytes(dmq1)); | ||
| 709 | privKey->qInvLength = CORRECT_ENDIANNESS(BN_num_bytes(iqmp)+8); | ||
| 710 | |||
| 711 | offset = (char *) privKey->keyRecord | ||
| 712 | - (char *) privKey; | ||
| 713 | |||
| 714 | qSize = BN_num_bytes(q); | ||
| 715 | pSize = qSize + 8; /* 1 QWORD larger */ | ||
| 716 | |||
| 717 | |||
| 718 | /* SAB probably aittle redundant, but we'll verify that each of the | ||
| 719 | components which make up a key record sent ot the card does not exceed | ||
| 720 | the space that is allocated for it. this handles the case where even if | ||
| 721 | the total length does not exceed keyrecord zied, if the operands are funny sized | ||
| 722 | they could cause potential side affects on either the card or the result */ | ||
| 723 | |||
| 724 | if ( (pbytes > pSize) || (dmp1bytes > pSize) || | ||
| 725 | (iqmpbytes > pSize) || ( qbytes >qSize) || | ||
| 726 | (dmq1bytes > qSize) ) { | ||
| 727 | IBMCAerr(IBMCA_F_IBMCA_MOD_EXP_CRT, IBMCA_R_OPERANDS_TO_LARGE); | ||
| 728 | goto err; | ||
| 729 | |||
| 730 | } | ||
| 731 | |||
| 732 | |||
| 733 | privKey->dpOffset = CORRECT_ENDIANNESS(offset); | ||
| 734 | |||
| 735 | offset += pSize; | ||
| 736 | privKey->dqOffset = CORRECT_ENDIANNESS(offset); | ||
| 737 | |||
| 738 | offset += qSize; | ||
| 739 | privKey->pOffset = CORRECT_ENDIANNESS(offset); | ||
| 740 | |||
| 741 | offset += pSize; | ||
| 742 | privKey->qOffset = CORRECT_ENDIANNESS(offset); | ||
| 743 | |||
| 744 | offset += qSize; | ||
| 745 | privKey->qInvOffset = CORRECT_ENDIANNESS(offset); | ||
| 746 | |||
| 747 | pkey = (char *) privKey->keyRecord; | ||
| 748 | |||
| 749 | |||
| 750 | /* SAB first check that we don;t under flow the buffer */ | ||
| 751 | if ( pSize < pbytes ) { | ||
| 752 | IBMCAerr(IBMCA_F_IBMCA_MOD_EXP_CRT, IBMCA_R_UNDERFLOW_CONDITION); | ||
| 753 | goto err; | ||
| 754 | } | ||
| 755 | |||
| 756 | /* pkey += pSize - BN_num_bytes(p); WROING this should be dmp1) */ | ||
| 757 | pkey += pSize - BN_num_bytes(dmp1); | ||
| 758 | BN_bn2bin(dmp1, pkey); | ||
| 759 | pkey += BN_num_bytes(dmp1); /* move the pointer */ | ||
| 760 | |||
| 761 | BN_bn2bin(dmq1, pkey); /* Copy over dmq1 */ | ||
| 762 | |||
| 763 | pkey += qSize; /* move pointer */ | ||
| 764 | pkey += pSize - BN_num_bytes(p); /* set up for zero padding of next field */ | ||
| 765 | |||
| 766 | BN_bn2bin(p, pkey); | ||
| 767 | pkey += BN_num_bytes(p); /* increment pointer by number of bytes moved */ | ||
| 768 | |||
| 769 | BN_bn2bin(q, pkey); | ||
| 770 | pkey += qSize ; /* move the pointer */ | ||
| 771 | pkey += pSize - BN_num_bytes(iqmp); /* Adjust for padding */ | ||
| 772 | BN_bn2bin(iqmp, pkey); | ||
| 773 | |||
| 774 | /* Prepare the argument and response */ | ||
| 775 | |||
| 776 | outLen = CORRECT_ENDIANNESS(privKey->qLength) * 2; /* Correct endianess is used | ||
| 777 | because the fields were converted above */ | ||
| 778 | |||
| 779 | if (outLen > 256) { | ||
| 780 | IBMCAerr(IBMCA_F_IBMCA_MOD_EXP_CRT,IBMCA_R_OUTLEN_TO_LARGE); | ||
| 781 | goto err; | ||
| 782 | } | ||
| 783 | |||
| 784 | /* SAB check for underflow here on the argeument */ | ||
| 785 | if ( outLen < BN_num_bytes(a)) { | ||
| 786 | IBMCAerr(IBMCA_F_IBMCA_MOD_EXP_CRT,IBMCA_R_UNDERFLOW_CONDITION); | ||
| 787 | goto err; | ||
| 788 | } | ||
| 789 | |||
| 790 | BN_bn2bin(a, (unsigned char *)argument->d + outLen - | ||
| 791 | BN_num_bytes(a)); | ||
| 792 | inLen = outLen; | ||
| 793 | |||
| 794 | memset(result->d, 0, outLen); | ||
| 795 | |||
| 796 | /* Perform the operation */ | ||
| 797 | |||
| 798 | if ( (rc = p_icaRsaCrt(handle, inLen, (unsigned char *)argument->d, | ||
| 799 | privKey, &outLen, (unsigned char *)result->d)) != 0) | ||
| 800 | { | ||
| 801 | printf("rc = %d\n", rc); | ||
| 802 | IBMCAerr(IBMCA_F_IBMCA_MOD_EXP_CRT,IBMCA_R_REQUEST_FAILED); | ||
| 803 | goto err; | ||
| 804 | } | ||
| 805 | |||
| 806 | /* Convert the response */ | ||
| 807 | |||
| 808 | BN_bin2bn((unsigned char *)result->d, outLen, r); | ||
| 809 | to_return = 1; | ||
| 810 | |||
| 811 | err: | ||
| 812 | BN_CTX_end(ctx); | ||
| 813 | return to_return; | ||
| 814 | |||
| 815 | } | ||
| 816 | |||
| 817 | #ifndef OPENSSL_NO_DSA | ||
| 818 | /* This code was liberated and adapted from the commented-out code in | ||
| 819 | * dsa_ossl.c. Because of the unoptimised form of the Ibmca acceleration | ||
| 820 | * (it doesn't have a CRT form for RSA), this function means that an | ||
| 821 | * Ibmca system running with a DSA server certificate can handshake | ||
| 822 | * around 5 or 6 times faster/more than an equivalent system running with | ||
| 823 | * RSA. Just check out the "signs" statistics from the RSA and DSA parts | ||
| 824 | * of "openssl speed -engine ibmca dsa1024 rsa1024". */ | ||
| 825 | static int ibmca_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1, | ||
| 826 | BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m, | ||
| 827 | BN_CTX *ctx, BN_MONT_CTX *in_mont) | ||
| 828 | { | ||
| 829 | BIGNUM t; | ||
| 830 | int to_return = 0; | ||
| 831 | |||
| 832 | BN_init(&t); | ||
| 833 | /* let rr = a1 ^ p1 mod m */ | ||
| 834 | if (!ibmca_mod_exp(rr,a1,p1,m,ctx)) goto end; | ||
| 835 | /* let t = a2 ^ p2 mod m */ | ||
| 836 | if (!ibmca_mod_exp(&t,a2,p2,m,ctx)) goto end; | ||
| 837 | /* let rr = rr * t mod m */ | ||
| 838 | if (!BN_mod_mul(rr,rr,&t,m,ctx)) goto end; | ||
| 839 | to_return = 1; | ||
| 840 | end: | ||
| 841 | BN_free(&t); | ||
| 842 | return to_return; | ||
| 843 | } | ||
| 844 | |||
| 845 | |||
| 846 | static int ibmca_mod_exp_dsa(DSA *dsa, BIGNUM *r, BIGNUM *a, | ||
| 847 | const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, | ||
| 848 | BN_MONT_CTX *m_ctx) | ||
| 849 | { | ||
| 850 | return ibmca_mod_exp(r, a, p, m, ctx); | ||
| 851 | } | ||
| 852 | #endif | ||
| 853 | |||
| 854 | /* This function is aliased to mod_exp (with the mont stuff dropped). */ | ||
| 855 | static int ibmca_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, | ||
| 856 | const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx) | ||
| 857 | { | ||
| 858 | return ibmca_mod_exp(r, a, p, m, ctx); | ||
| 859 | } | ||
| 860 | |||
| 861 | #ifndef OPENSSL_NO_DH | ||
| 862 | /* This function is aliased to mod_exp (with the dh and mont dropped). */ | ||
| 863 | static int ibmca_mod_exp_dh(DH const *dh, BIGNUM *r, | ||
| 864 | const BIGNUM *a, const BIGNUM *p, | ||
| 865 | const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx) | ||
| 866 | { | ||
| 867 | return ibmca_mod_exp(r, a, p, m, ctx); | ||
| 868 | } | ||
| 869 | #endif | ||
| 870 | |||
| 871 | /* Random bytes are good */ | ||
| 872 | static int ibmca_rand_bytes(unsigned char *buf, int num) | ||
| 873 | { | ||
| 874 | int to_return = 0; /* assume failure */ | ||
| 875 | unsigned int ret; | ||
| 876 | |||
| 877 | |||
| 878 | if(handle == 0) | ||
| 879 | { | ||
| 880 | IBMCAerr(IBMCA_F_IBMCA_RAND_BYTES,IBMCA_R_NOT_INITIALISED); | ||
| 881 | goto err; | ||
| 882 | } | ||
| 883 | |||
| 884 | ret = p_icaRandomNumberGenerate(handle, num, buf); | ||
| 885 | if (ret < 0) | ||
| 886 | { | ||
| 887 | IBMCAerr(IBMCA_F_IBMCA_RAND_BYTES,IBMCA_R_REQUEST_FAILED); | ||
| 888 | goto err; | ||
| 889 | } | ||
| 890 | to_return = 1; | ||
| 891 | err: | ||
| 892 | return to_return; | ||
| 893 | } | ||
| 894 | |||
| 895 | static int ibmca_rand_status(void) | ||
| 896 | { | ||
| 897 | return 1; | ||
| 898 | } | ||
| 899 | |||
| 900 | /* This stuff is needed if this ENGINE is being compiled into a self-contained | ||
| 901 | * shared-library. */ | ||
| 902 | #ifdef ENGINE_DYNAMIC_SUPPORT | ||
| 903 | static int bind_fn(ENGINE *e, const char *id) | ||
| 904 | { | ||
| 905 | if(id && (strcmp(id, engine_ibmca_id) != 0)) /* WJH XXX */ | ||
| 906 | return 0; | ||
| 907 | if(!bind_helper(e)) | ||
| 908 | return 0; | ||
| 909 | return 1; | ||
| 910 | } | ||
| 911 | IMPLEMENT_DYNAMIC_CHECK_FN() | ||
| 912 | IMPLEMENT_DYNAMIC_BIND_FN(bind_fn) | ||
| 913 | #endif /* ENGINE_DYNAMIC_SUPPORT */ | ||
| 914 | |||
| 915 | |||
| 916 | #endif /* !OPENSSL_NO_HW_IBMCA */ | ||
| 917 | #endif /* !OPENSSL_NO_HW */ | ||
| diff --git a/src/lib/libssl/src/demos/engines/ibmca/hw_ibmca.ec b/src/lib/libssl/src/demos/engines/ibmca/hw_ibmca.ec new file mode 100644 index 0000000000..f68646d237 --- /dev/null +++ b/src/lib/libssl/src/demos/engines/ibmca/hw_ibmca.ec | |||
| @@ -0,0 +1,8 @@ | |||
| 1 | # configuration file for util/mkerr.pl | ||
| 2 | # | ||
| 3 | # use like this: | ||
| 4 | # | ||
| 5 | # perl ../../../util/mkerr.pl -conf hw_ibmca.ec \ | ||
| 6 | # -nostatic -staticloader -write *.c | ||
| 7 | |||
| 8 | L IBMCA hw_ibmca_err.h hw_ibmca_err.c | ||
| diff --git a/src/lib/libssl/src/demos/engines/ibmca/hw_ibmca_err.c b/src/lib/libssl/src/demos/engines/ibmca/hw_ibmca_err.c new file mode 100644 index 0000000000..c4053f6d30 --- /dev/null +++ b/src/lib/libssl/src/demos/engines/ibmca/hw_ibmca_err.c | |||
| @@ -0,0 +1,154 @@ | |||
| 1 | /* hw_ibmca_err.c */ | ||
| 2 | /* ==================================================================== | ||
| 3 | * Copyright (c) 1999-2002 The OpenSSL Project. All rights reserved. | ||
| 4 | * | ||
| 5 | * Redistribution and use in source and binary forms, with or without | ||
| 6 | * modification, are permitted provided that the following conditions | ||
| 7 | * are met: | ||
| 8 | * | ||
| 9 | * 1. Redistributions of source code must retain the above copyright | ||
| 10 | * notice, this list of conditions and the following disclaimer. | ||
| 11 | * | ||
| 12 | * 2. Redistributions in binary form must reproduce the above copyright | ||
| 13 | * notice, this list of conditions and the following disclaimer in | ||
| 14 | * the documentation and/or other materials provided with the | ||
| 15 | * distribution. | ||
| 16 | * | ||
| 17 | * 3. All advertising materials mentioning features or use of this | ||
| 18 | * software must display the following acknowledgment: | ||
| 19 | * "This product includes software developed by the OpenSSL Project | ||
| 20 | * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" | ||
| 21 | * | ||
| 22 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | ||
| 23 | * endorse or promote products derived from this software without | ||
| 24 | * prior written permission. For written permission, please contact | ||
| 25 | * openssl-core@OpenSSL.org. | ||
| 26 | * | ||
| 27 | * 5. Products derived from this software may not be called "OpenSSL" | ||
| 28 | * nor may "OpenSSL" appear in their names without prior written | ||
| 29 | * permission of the OpenSSL Project. | ||
| 30 | * | ||
| 31 | * 6. Redistributions of any form whatsoever must retain the following | ||
| 32 | * acknowledgment: | ||
| 33 | * "This product includes software developed by the OpenSSL Project | ||
| 34 | * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" | ||
| 35 | * | ||
| 36 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | ||
| 37 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
| 38 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | ||
| 39 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | ||
| 40 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | ||
| 41 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
| 42 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | ||
| 43 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
| 44 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | ||
| 45 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | ||
| 46 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | ||
| 47 | * OF THE POSSIBILITY OF SUCH DAMAGE. | ||
| 48 | * ==================================================================== | ||
| 49 | * | ||
| 50 | * This product includes cryptographic software written by Eric Young | ||
| 51 | * (eay@cryptsoft.com). This product includes software written by Tim | ||
| 52 | * Hudson (tjh@cryptsoft.com). | ||
| 53 | * | ||
| 54 | */ | ||
| 55 | |||
| 56 | /* NOTE: this file was auto generated by the mkerr.pl script: any changes | ||
| 57 | * made to it will be overwritten when the script next updates this file, | ||
| 58 | * only reason strings will be preserved. | ||
| 59 | */ | ||
| 60 | |||
| 61 | #include <stdio.h> | ||
| 62 | #include <openssl/err.h> | ||
| 63 | #include "hw_ibmca_err.h" | ||
| 64 | |||
| 65 | /* BEGIN ERROR CODES */ | ||
| 66 | #ifndef OPENSSL_NO_ERR | ||
| 67 | static ERR_STRING_DATA IBMCA_str_functs[]= | ||
| 68 | { | ||
| 69 | {ERR_PACK(0,IBMCA_F_IBMCA_CTRL,0), "IBMCA_CTRL"}, | ||
| 70 | {ERR_PACK(0,IBMCA_F_IBMCA_FINISH,0), "IBMCA_FINISH"}, | ||
| 71 | {ERR_PACK(0,IBMCA_F_IBMCA_INIT,0), "IBMCA_INIT"}, | ||
| 72 | {ERR_PACK(0,IBMCA_F_IBMCA_MOD_EXP,0), "IBMCA_MOD_EXP"}, | ||
| 73 | {ERR_PACK(0,IBMCA_F_IBMCA_MOD_EXP_CRT,0), "IBMCA_MOD_EXP_CRT"}, | ||
| 74 | {ERR_PACK(0,IBMCA_F_IBMCA_RAND_BYTES,0), "IBMCA_RAND_BYTES"}, | ||
| 75 | {ERR_PACK(0,IBMCA_F_IBMCA_RSA_MOD_EXP,0), "IBMCA_RSA_MOD_EXP"}, | ||
| 76 | {0,NULL} | ||
| 77 | }; | ||
| 78 | |||
| 79 | static ERR_STRING_DATA IBMCA_str_reasons[]= | ||
| 80 | { | ||
| 81 | {IBMCA_R_ALREADY_LOADED ,"already loaded"}, | ||
| 82 | {IBMCA_R_BN_CTX_FULL ,"bn ctx full"}, | ||
| 83 | {IBMCA_R_BN_EXPAND_FAIL ,"bn expand fail"}, | ||
| 84 | {IBMCA_R_CTRL_COMMAND_NOT_IMPLEMENTED ,"ctrl command not implemented"}, | ||
| 85 | {IBMCA_R_DSO_FAILURE ,"dso failure"}, | ||
| 86 | {IBMCA_R_MEXP_LENGTH_TO_LARGE ,"mexp length to large"}, | ||
| 87 | {IBMCA_R_MISSING_KEY_COMPONENTS ,"missing key components"}, | ||
| 88 | {IBMCA_R_NOT_INITIALISED ,"not initialised"}, | ||
| 89 | {IBMCA_R_NOT_LOADED ,"not loaded"}, | ||
| 90 | {IBMCA_R_OPERANDS_TO_LARGE ,"operands to large"}, | ||
| 91 | {IBMCA_R_OUTLEN_TO_LARGE ,"outlen to large"}, | ||
| 92 | {IBMCA_R_REQUEST_FAILED ,"request failed"}, | ||
| 93 | {IBMCA_R_UNDERFLOW_CONDITION ,"underflow condition"}, | ||
| 94 | {IBMCA_R_UNDERFLOW_KEYRECORD ,"underflow keyrecord"}, | ||
| 95 | {IBMCA_R_UNIT_FAILURE ,"unit failure"}, | ||
| 96 | {0,NULL} | ||
| 97 | }; | ||
| 98 | |||
| 99 | #endif | ||
| 100 | |||
| 101 | #ifdef IBMCA_LIB_NAME | ||
| 102 | static ERR_STRING_DATA IBMCA_lib_name[]= | ||
| 103 | { | ||
| 104 | {0 ,IBMCA_LIB_NAME}, | ||
| 105 | {0,NULL} | ||
| 106 | }; | ||
| 107 | #endif | ||
| 108 | |||
| 109 | |||
| 110 | static int IBMCA_lib_error_code=0; | ||
| 111 | static int IBMCA_error_init=1; | ||
| 112 | |||
| 113 | static void ERR_load_IBMCA_strings(void) | ||
| 114 | { | ||
| 115 | if (IBMCA_lib_error_code == 0) | ||
| 116 | IBMCA_lib_error_code=ERR_get_next_error_library(); | ||
| 117 | |||
| 118 | if (IBMCA_error_init) | ||
| 119 | { | ||
| 120 | IBMCA_error_init=0; | ||
| 121 | #ifndef OPENSSL_NO_ERR | ||
| 122 | ERR_load_strings(IBMCA_lib_error_code,IBMCA_str_functs); | ||
| 123 | ERR_load_strings(IBMCA_lib_error_code,IBMCA_str_reasons); | ||
| 124 | #endif | ||
| 125 | |||
| 126 | #ifdef IBMCA_LIB_NAME | ||
| 127 | IBMCA_lib_name->error = ERR_PACK(IBMCA_lib_error_code,0,0); | ||
| 128 | ERR_load_strings(0,IBMCA_lib_name); | ||
| 129 | #endif | ||
| 130 | } | ||
| 131 | } | ||
| 132 | |||
| 133 | static void ERR_unload_IBMCA_strings(void) | ||
| 134 | { | ||
| 135 | if (IBMCA_error_init == 0) | ||
| 136 | { | ||
| 137 | #ifndef OPENSSL_NO_ERR | ||
| 138 | ERR_unload_strings(IBMCA_lib_error_code,IBMCA_str_functs); | ||
| 139 | ERR_unload_strings(IBMCA_lib_error_code,IBMCA_str_reasons); | ||
| 140 | #endif | ||
| 141 | |||
| 142 | #ifdef IBMCA_LIB_NAME | ||
| 143 | ERR_unload_strings(0,IBMCA_lib_name); | ||
| 144 | #endif | ||
| 145 | IBMCA_error_init=1; | ||
| 146 | } | ||
| 147 | } | ||
| 148 | |||
| 149 | static void ERR_IBMCA_error(int function, int reason, char *file, int line) | ||
| 150 | { | ||
| 151 | if (IBMCA_lib_error_code == 0) | ||
| 152 | IBMCA_lib_error_code=ERR_get_next_error_library(); | ||
| 153 | ERR_PUT_error(IBMCA_lib_error_code,function,reason,file,line); | ||
| 154 | } | ||
| diff --git a/src/lib/libssl/src/demos/engines/ibmca/hw_ibmca_err.h b/src/lib/libssl/src/demos/engines/ibmca/hw_ibmca_err.h new file mode 100644 index 0000000000..da64bde5f2 --- /dev/null +++ b/src/lib/libssl/src/demos/engines/ibmca/hw_ibmca_err.h | |||
| @@ -0,0 +1,98 @@ | |||
| 1 | /* ==================================================================== | ||
| 2 | * Copyright (c) 2001-2002 The OpenSSL Project. All rights reserved. | ||
| 3 | * | ||
| 4 | * Redistribution and use in source and binary forms, with or without | ||
| 5 | * modification, are permitted provided that the following conditions | ||
| 6 | * are met: | ||
| 7 | * | ||
| 8 | * 1. Redistributions of source code must retain the above copyright | ||
| 9 | * notice, this list of conditions and the following disclaimer. | ||
| 10 | * | ||
| 11 | * 2. Redistributions in binary form must reproduce the above copyright | ||
| 12 | * notice, this list of conditions and the following disclaimer in | ||
| 13 | * the documentation and/or other materials provided with the | ||
| 14 | * distribution. | ||
| 15 | * | ||
| 16 | * 3. All advertising materials mentioning features or use of this | ||
| 17 | * software must display the following acknowledgment: | ||
| 18 | * "This product includes software developed by the OpenSSL Project | ||
| 19 | * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" | ||
| 20 | * | ||
| 21 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | ||
| 22 | * endorse or promote products derived from this software without | ||
| 23 | * prior written permission. For written permission, please contact | ||
| 24 | * openssl-core@openssl.org. | ||
| 25 | * | ||
| 26 | * 5. Products derived from this software may not be called "OpenSSL" | ||
| 27 | * nor may "OpenSSL" appear in their names without prior written | ||
| 28 | * permission of the OpenSSL Project. | ||
| 29 | * | ||
| 30 | * 6. Redistributions of any form whatsoever must retain the following | ||
| 31 | * acknowledgment: | ||
| 32 | * "This product includes software developed by the OpenSSL Project | ||
| 33 | * for use in the OpenSSL Toolkit (http://www.openssl.org/)" | ||
| 34 | * | ||
| 35 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | ||
| 36 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
| 37 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | ||
| 38 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | ||
| 39 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | ||
| 40 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
| 41 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | ||
| 42 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
| 43 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | ||
| 44 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | ||
| 45 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | ||
| 46 | * OF THE POSSIBILITY OF SUCH DAMAGE. | ||
| 47 | * ==================================================================== | ||
| 48 | * | ||
| 49 | * This product includes cryptographic software written by Eric Young | ||
| 50 | * (eay@cryptsoft.com). This product includes software written by Tim | ||
| 51 | * Hudson (tjh@cryptsoft.com). | ||
| 52 | * | ||
| 53 | */ | ||
| 54 | |||
| 55 | #ifndef HEADER_IBMCA_ERR_H | ||
| 56 | #define HEADER_IBMCA_ERR_H | ||
| 57 | |||
| 58 | /* BEGIN ERROR CODES */ | ||
| 59 | /* The following lines are auto generated by the script mkerr.pl. Any changes | ||
| 60 | * made after this point may be overwritten when the script is next run. | ||
| 61 | */ | ||
| 62 | static void ERR_load_IBMCA_strings(void); | ||
| 63 | static void ERR_unload_IBMCA_strings(void); | ||
| 64 | static void ERR_IBMCA_error(int function, int reason, char *file, int line); | ||
| 65 | #define IBMCAerr(f,r) ERR_IBMCA_error((f),(r),__FILE__,__LINE__) | ||
| 66 | |||
| 67 | /* Error codes for the IBMCA functions. */ | ||
| 68 | |||
| 69 | /* Function codes. */ | ||
| 70 | #define IBMCA_F_IBMCA_CTRL 100 | ||
| 71 | #define IBMCA_F_IBMCA_FINISH 101 | ||
| 72 | #define IBMCA_F_IBMCA_INIT 102 | ||
| 73 | #define IBMCA_F_IBMCA_MOD_EXP 103 | ||
| 74 | #define IBMCA_F_IBMCA_MOD_EXP_CRT 104 | ||
| 75 | #define IBMCA_F_IBMCA_RAND_BYTES 105 | ||
| 76 | #define IBMCA_F_IBMCA_RSA_MOD_EXP 106 | ||
| 77 | |||
| 78 | /* Reason codes. */ | ||
| 79 | #define IBMCA_R_ALREADY_LOADED 100 | ||
| 80 | #define IBMCA_R_BN_CTX_FULL 101 | ||
| 81 | #define IBMCA_R_BN_EXPAND_FAIL 102 | ||
| 82 | #define IBMCA_R_CTRL_COMMAND_NOT_IMPLEMENTED 103 | ||
| 83 | #define IBMCA_R_DSO_FAILURE 104 | ||
| 84 | #define IBMCA_R_MEXP_LENGTH_TO_LARGE 105 | ||
| 85 | #define IBMCA_R_MISSING_KEY_COMPONENTS 106 | ||
| 86 | #define IBMCA_R_NOT_INITIALISED 107 | ||
| 87 | #define IBMCA_R_NOT_LOADED 108 | ||
| 88 | #define IBMCA_R_OPERANDS_TO_LARGE 109 | ||
| 89 | #define IBMCA_R_OUTLEN_TO_LARGE 110 | ||
| 90 | #define IBMCA_R_REQUEST_FAILED 111 | ||
| 91 | #define IBMCA_R_UNDERFLOW_CONDITION 112 | ||
| 92 | #define IBMCA_R_UNDERFLOW_KEYRECORD 113 | ||
| 93 | #define IBMCA_R_UNIT_FAILURE 114 | ||
| 94 | |||
| 95 | #ifdef __cplusplus | ||
| 96 | } | ||
| 97 | #endif | ||
| 98 | #endif | ||
| diff --git a/src/lib/libssl/src/demos/engines/ibmca/ica_openssl_api.h b/src/lib/libssl/src/demos/engines/ibmca/ica_openssl_api.h new file mode 100644 index 0000000000..c77e0fd5c0 --- /dev/null +++ b/src/lib/libssl/src/demos/engines/ibmca/ica_openssl_api.h | |||
| @@ -0,0 +1,189 @@ | |||
| 1 | |||
| 2 | #ifndef __ICA_OPENSSL_API_H__ | ||
| 3 | #define __ICA_OPENSSL_API_H__ | ||
| 4 | |||
| 5 | /** | ||
| 6 | ** abstract data types for API | ||
| 7 | **/ | ||
| 8 | |||
| 9 | #define ICA_ADAPTER_HANDLE int | ||
| 10 | |||
| 11 | #if defined(linux) || defined (_AIX) | ||
| 12 | #define ICA_CALL | ||
| 13 | #endif | ||
| 14 | |||
| 15 | #if defined(WIN32) || defined(_WIN32) | ||
| 16 | #define ICA_CALL __stdcall | ||
| 17 | #endif | ||
| 18 | |||
| 19 | /*------------------------------------------------* | ||
| 20 | | RSA defines and typedefs | | ||
| 21 | *------------------------------------------------*/ | ||
| 22 | /* | ||
| 23 | * All data elements of the RSA key are in big-endian format | ||
| 24 | * Modulus-Exponent form of key | ||
| 25 | * | ||
| 26 | */ | ||
| 27 | #define MAX_EXP_SIZE 256 | ||
| 28 | #define MAX_MODULUS_SIZE 256 | ||
| 29 | #define MAX_MODEXP_SIZE (MAX_EXP_SIZE + MAX_MODULUS_SIZE) | ||
| 30 | |||
| 31 | #define MAX_OPERAND_SIZE MAX_EXP_SIZE | ||
| 32 | |||
| 33 | typedef unsigned char ICA_KEY_RSA_MODEXPO_REC[MAX_MODEXP_SIZE]; | ||
| 34 | /* | ||
| 35 | * All data elements of the RSA key are in big-endian format | ||
| 36 | * Chinese Remainder Thereom(CRT) form of key | ||
| 37 | * Used only for Decrypt, the encrypt form is typically Modulus-Exponent | ||
| 38 | * | ||
| 39 | */ | ||
| 40 | #define MAX_BP_SIZE 136 | ||
| 41 | #define MAX_BQ_SIZE 128 | ||
| 42 | #define MAX_NP_SIZE 136 | ||
| 43 | #define MAX_NQ_SIZE 128 | ||
| 44 | #define MAX_QINV_SIZE 136 | ||
| 45 | #define MAX_RSACRT_SIZE (MAX_BP_SIZE+MAX_BQ_SIZE+MAX_NP_SIZE+MAX_NQ_SIZE+MAX_QINV_SIZE) | ||
| 46 | |||
| 47 | #define RSA_GEN_OPERAND_MAX 256 /* bytes */ | ||
| 48 | |||
| 49 | typedef unsigned char ICA_KEY_RSA_CRT_REC[MAX_RSACRT_SIZE]; | ||
| 50 | /*------------------------------------------------* | ||
| 51 | | RSA key token types | | ||
| 52 | *------------------------------------------------*/ | ||
| 53 | |||
| 54 | #define RSA_PUBLIC_MODULUS_EXPONENT 3 | ||
| 55 | #define RSA_PKCS_PRIVATE_CHINESE_REMAINDER 6 | ||
| 56 | |||
| 57 | #define KEYTYPE_MODEXPO 1 | ||
| 58 | #define KEYTYPE_PKCSCRT 2 | ||
| 59 | |||
| 60 | |||
| 61 | /*------------------------------------------------* | ||
| 62 | | RSA Key Token format | | ||
| 63 | *------------------------------------------------*/ | ||
| 64 | |||
| 65 | /* | ||
| 66 | * NOTE: All the fields in the ICA_KEY_RSA_MODEXPO structure | ||
| 67 | * (lengths, offsets, exponents, modulus, etc.) are | ||
| 68 | * stored in big-endian format | ||
| 69 | */ | ||
| 70 | |||
| 71 | typedef struct _ICA_KEY_RSA_MODEXPO | ||
| 72 | { unsigned int keyType; /* RSA key type. */ | ||
| 73 | unsigned int keyLength; /* Total length of the token. */ | ||
| 74 | unsigned int modulusBitLength; /* Modulus n bit length. */ | ||
| 75 | /* -- Start of the data length.*/ | ||
| 76 | unsigned int nLength; /* Modulus n = p * q */ | ||
| 77 | unsigned int expLength; /* exponent (public or private)*/ | ||
| 78 | /* e = 1/d * mod(p-1)(q-1) */ | ||
| 79 | /* -- Start of the data offsets*/ | ||
| 80 | unsigned int nOffset; /* Modulus n . */ | ||
| 81 | unsigned int expOffset; /* exponent (public or private)*/ | ||
| 82 | unsigned char reserved[112]; /* reserved area */ | ||
| 83 | /* -- Start of the variable -- */ | ||
| 84 | /* -- length token data. -- */ | ||
| 85 | ICA_KEY_RSA_MODEXPO_REC keyRecord; | ||
| 86 | } ICA_KEY_RSA_MODEXPO; | ||
| 87 | #define SZ_HEADER_MODEXPO (sizeof(ICA_KEY_RSA_MODEXPO) - sizeof(ICA_KEY_RSA_MODEXPO_REC)) | ||
| 88 | |||
| 89 | /* | ||
| 90 | * NOTE: All the fields in the ICA_KEY_RSA_CRT structure | ||
| 91 | * (lengths, offsets, exponents, modulus, etc.) are | ||
| 92 | * stored in big-endian format | ||
| 93 | */ | ||
| 94 | |||
| 95 | typedef struct _ICA_KEY_RSA_CRT | ||
| 96 | { unsigned int keyType; /* RSA key type. */ | ||
| 97 | unsigned int keyLength; /* Total length of the token. */ | ||
| 98 | unsigned int modulusBitLength; /* Modulus n bit length. */ | ||
| 99 | /* -- Start of the data length.*/ | ||
| 100 | #if _AIX | ||
| 101 | unsigned int nLength; /* Modulus n = p * q */ | ||
| 102 | #endif | ||
| 103 | unsigned int pLength; /* Prime number p . */ | ||
| 104 | unsigned int qLength; /* Prime number q . */ | ||
| 105 | unsigned int dpLength; /* dp = d * mod(p-1) . */ | ||
| 106 | unsigned int dqLength; /* dq = d * mod(q-1) . */ | ||
| 107 | unsigned int qInvLength; /* PKCS: qInv = Ap/q */ | ||
| 108 | /* -- Start of the data offsets*/ | ||
| 109 | #if _AIX | ||
| 110 | unsigned int nOffset; /* Modulus n . */ | ||
| 111 | #endif | ||
| 112 | unsigned int pOffset; /* Prime number p . */ | ||
| 113 | unsigned int qOffset; /* Prime number q . */ | ||
| 114 | unsigned int dpOffset; /* dp . */ | ||
| 115 | unsigned int dqOffset; /* dq . */ | ||
| 116 | unsigned int qInvOffset; /* qInv for PKCS */ | ||
| 117 | #if _AIX | ||
| 118 | unsigned char reserved[80]; /* reserved area */ | ||
| 119 | #else | ||
| 120 | unsigned char reserved[88]; /* reserved area */ | ||
| 121 | #endif | ||
| 122 | /* -- Start of the variable -- */ | ||
| 123 | /* -- length token data. -- */ | ||
| 124 | ICA_KEY_RSA_CRT_REC keyRecord; | ||
| 125 | } ICA_KEY_RSA_CRT; | ||
| 126 | #define SZ_HEADER_CRT (sizeof(ICA_KEY_RSA_CRT) - sizeof(ICA_KEY_RSA_CRT_REC)) | ||
| 127 | |||
| 128 | unsigned int | ||
| 129 | icaOpenAdapter( unsigned int adapterId, | ||
| 130 | ICA_ADAPTER_HANDLE *pAdapterHandle ); | ||
| 131 | |||
| 132 | unsigned int | ||
| 133 | icaCloseAdapter( ICA_ADAPTER_HANDLE adapterHandle ); | ||
| 134 | |||
| 135 | unsigned int | ||
| 136 | icaRsaModExpo( ICA_ADAPTER_HANDLE hAdapterHandle, | ||
| 137 | unsigned int inputDataLength, | ||
| 138 | unsigned char *pInputData, | ||
| 139 | ICA_KEY_RSA_MODEXPO *pKeyModExpo, | ||
| 140 | unsigned int *pOutputDataLength, | ||
| 141 | unsigned char *pOutputData ); | ||
| 142 | |||
| 143 | unsigned int | ||
| 144 | icaRsaCrt( ICA_ADAPTER_HANDLE hAdapterHandle, | ||
| 145 | unsigned int inputDataLength, | ||
| 146 | unsigned char *pInputData, | ||
| 147 | ICA_KEY_RSA_CRT *pKeyCrt, | ||
| 148 | unsigned int *pOutputDataLength, | ||
| 149 | unsigned char *pOutputData ); | ||
| 150 | |||
| 151 | unsigned int | ||
| 152 | icaRandomNumberGenerate( ICA_ADAPTER_HANDLE hAdapterHandle, | ||
| 153 | unsigned int outputDataLength, | ||
| 154 | unsigned char *pOutputData ); | ||
| 155 | |||
| 156 | /* Specific macros and definitions to not have IFDEF;s all over the | ||
| 157 | main code */ | ||
| 158 | |||
| 159 | #if (_AIX) | ||
| 160 | static const char *IBMCA_LIBNAME = "/lib/libica.a(shr.o)"; | ||
| 161 | #elif (WIN32) | ||
| 162 | static const char *IBMCA_LIBNAME = "cryptica"; | ||
| 163 | #else | ||
| 164 | static const char *IBMCA_LIBNAME = "ica"; | ||
| 165 | #endif | ||
| 166 | |||
| 167 | #if (WIN32) | ||
| 168 | /* | ||
| 169 | The ICA_KEY_RSA_MODEXPO & ICA_KEY_RSA_CRT lengths and | ||
| 170 | offsets must be in big-endian format. | ||
| 171 | |||
| 172 | */ | ||
| 173 | #define CORRECT_ENDIANNESS(b) ( \ | ||
| 174 | (((unsigned long) (b) & 0x000000ff) << 24) | \ | ||
| 175 | (((unsigned long) (b) & 0x0000ff00) << 8) | \ | ||
| 176 | (((unsigned long) (b) & 0x00ff0000) >> 8) | \ | ||
| 177 | (((unsigned long) (b) & 0xff000000) >> 24) \ | ||
| 178 | ) | ||
| 179 | #define CRT_KEY_TYPE RSA_PKCS_PRIVATE_CHINESE_REMAINDER | ||
| 180 | #define ME_KEY_TYPE RSA_PUBLIC_MODULUS_EXPONENT | ||
| 181 | #else | ||
| 182 | #define CORRECT_ENDIANNESS(b) (b) | ||
| 183 | #define CRT_KEY_TYPE KEYTYPE_PKCSCRT | ||
| 184 | #define ME_KEY_TYPE KEYTYPE_MODEXPO | ||
| 185 | #endif | ||
| 186 | |||
| 187 | |||
| 188 | |||
| 189 | #endif /* __ICA_OPENSSL_API_H__ */ | ||
| diff --git a/src/lib/libssl/src/demos/engines/rsaref/Makefile b/src/lib/libssl/src/demos/engines/rsaref/Makefile index 5fbcda3576..003e35df2e 100644 --- a/src/lib/libssl/src/demos/engines/rsaref/Makefile +++ b/src/lib/libssl/src/demos/engines/rsaref/Makefile | |||
| @@ -48,7 +48,7 @@ $(LIB): $(OBJ) | |||
| 48 | 48 | ||
| 49 | LINK_SO= \ | 49 | LINK_SO= \ | 
| 50 | ld -r -o $(LIBNAME).o $$ALLSYMSFLAGS $(LIB) install/librsaref.a && \ | 50 | ld -r -o $(LIBNAME).o $$ALLSYMSFLAGS $(LIB) install/librsaref.a && \ | 
| 51 | (nm -Pg $(LIBNAME).o | grep ' [BD] ' | cut -f1 -d' ' > $(LIBNAME).exp; \ | 51 | (nm -Pg $(LIBNAME).o | grep ' [BDT] ' | cut -f1 -d' ' > $(LIBNAME).exp; \ | 
| 52 | $$SHAREDCMD $$SHAREDFLAGS -o $(SHLIB) $(LIBNAME).o -L ../../.. -lcrypto -lc) | 52 | $$SHAREDCMD $$SHAREDFLAGS -o $(SHLIB) $(LIBNAME).o -L ../../.. -lcrypto -lc) | 
| 53 | 53 | ||
| 54 | $(SHLIB).gnu: $(LIB) install/librsaref.a | 54 | $(SHLIB).gnu: $(LIB) install/librsaref.a | 
| diff --git a/src/lib/libssl/src/demos/engines/rsaref/rsaref.c b/src/lib/libssl/src/demos/engines/rsaref/rsaref.c index e23f64c01e..f092acbf3f 100644 --- a/src/lib/libssl/src/demos/engines/rsaref/rsaref.c +++ b/src/lib/libssl/src/demos/engines/rsaref/rsaref.c | |||
| @@ -116,7 +116,7 @@ static const EVP_CIPHER cipher_des_cbc = | |||
| 116 | { | 116 | { | 
| 117 | NID_des_cbc, | 117 | NID_des_cbc, | 
| 118 | 8, 8, 8, | 118 | 8, 8, 8, | 
| 119 | 0, | 119 | 0 | EVP_CIPH_CBC_MODE, | 
| 120 | cipher_des_cbc_init, | 120 | cipher_des_cbc_init, | 
| 121 | cipher_des_cbc_code, | 121 | cipher_des_cbc_code, | 
| 122 | cipher_des_cbc_clean, | 122 | cipher_des_cbc_clean, | 
| @@ -131,7 +131,7 @@ static const EVP_CIPHER cipher_des_ede3_cbc = | |||
| 131 | { | 131 | { | 
| 132 | NID_des_ede3_cbc, | 132 | NID_des_ede3_cbc, | 
| 133 | 8, 24, 8, | 133 | 8, 24, 8, | 
| 134 | 0, | 134 | 0 | EVP_CIPH_CBC_MODE, | 
| 135 | cipher_des_ede3_cbc_init, | 135 | cipher_des_ede3_cbc_init, | 
| 136 | cipher_des_ede3_cbc_code, | 136 | cipher_des_ede3_cbc_code, | 
| 137 | cipher_des_ede3_cbc_clean, | 137 | cipher_des_ede3_cbc_clean, | 
| @@ -146,7 +146,7 @@ static const EVP_CIPHER cipher_desx_cbc = | |||
| 146 | { | 146 | { | 
| 147 | NID_desx_cbc, | 147 | NID_desx_cbc, | 
| 148 | 8, 24, 8, | 148 | 8, 24, 8, | 
| 149 | 0, | 149 | 0 | EVP_CIPH_CBC_MODE, | 
| 150 | cipher_desx_cbc_init, | 150 | cipher_desx_cbc_init, | 
| 151 | cipher_desx_cbc_code, | 151 | cipher_desx_cbc_code, | 
| 152 | cipher_desx_cbc_clean, | 152 | cipher_desx_cbc_clean, | 
| diff --git a/src/lib/libssl/src/demos/engines/zencod/Makefile b/src/lib/libssl/src/demos/engines/zencod/Makefile new file mode 100644 index 0000000000..5b6a339ab2 --- /dev/null +++ b/src/lib/libssl/src/demos/engines/zencod/Makefile | |||
| @@ -0,0 +1,114 @@ | |||
| 1 | LIBNAME= libzencod | ||
| 2 | SRC= hw_zencod.c | ||
| 3 | OBJ= hw_zencod.o | ||
| 4 | HEADER= hw_zencod.h | ||
| 5 | |||
| 6 | CC= gcc | ||
| 7 | PIC= -fPIC | ||
| 8 | CFLAGS= -g -I../../../include $(PIC) -DENGINE_DYNAMIC_SUPPORT -DFLAT_INC | ||
| 9 | AR= ar r | ||
| 10 | RANLIB= ranlib | ||
| 11 | |||
| 12 | LIB= $(LIBNAME).a | ||
| 13 | SHLIB= $(LIBNAME).so | ||
| 14 | |||
| 15 | all: | ||
| 16 | @echo 'Please choose a system to build on:' | ||
| 17 | @echo '' | ||
| 18 | @echo 'tru64: Tru64 Unix, Digital Unix, Digital OSF/1' | ||
| 19 | @echo 'solaris: Solaris' | ||
| 20 | @echo 'irix: IRIX' | ||
| 21 | @echo 'hpux32: 32-bit HP/UX' | ||
| 22 | @echo 'hpux64: 64-bit HP/UX' | ||
| 23 | @echo 'aix: AIX' | ||
| 24 | @echo 'gnu: Generic GNU-based system (gcc and GNU ld)' | ||
| 25 | @echo '' | ||
| 26 | |||
| 27 | FORCE.update: | ||
| 28 | update: FORCE.update | ||
| 29 | perl ../../../util/mkerr.pl -conf hw_zencod.ec \ | ||
| 30 | -nostatic -staticloader -write hw_zencod.c | ||
| 31 | |||
| 32 | gnu: $(SHLIB).gnu | ||
| 33 | tru64: $(SHLIB).tru64 | ||
| 34 | solaris: $(SHLIB).solaris | ||
| 35 | irix: $(SHLIB).irix | ||
| 36 | hpux32: $(SHLIB).hpux32 | ||
| 37 | hpux64: $(SHLIB).hpux64 | ||
| 38 | aix: $(SHLIB).aix | ||
| 39 | |||
| 40 | $(LIB): $(OBJ) | ||
| 41 | $(AR) $(LIB) $(OBJ) | ||
| 42 | - $(RANLIB) $(LIB) | ||
| 43 | |||
| 44 | LINK_SO= \ | ||
| 45 | ld -r -o $(LIBNAME).o $$ALLSYMSFLAGS $(LIB) && \ | ||
| 46 | (nm -Pg $(LIBNAME).o | grep ' [BDT] ' | cut -f1 -d' ' > $(LIBNAME).exp; \ | ||
| 47 | $$SHAREDCMD $$SHAREDFLAGS -o $(SHLIB) $(LIBNAME).o -L ../../.. -lcrypto -lc) | ||
| 48 | |||
| 49 | $(SHLIB).gnu: $(LIB) | ||
| 50 | ALLSYMSFLAGS='--whole-archive' \ | ||
| 51 | SHAREDFLAGS='-shared -Wl,-soname=$(SHLIB)' \ | ||
| 52 | SHAREDCMD='$(CC)'; \ | ||
| 53 | $(LINK_SO) | ||
| 54 | touch $(SHLIB).gnu | ||
| 55 | $(SHLIB).tru64: $(LIB) | ||
| 56 | ALLSYMSFLAGS='-all' \ | ||
| 57 | SHAREDFLAGS='-shared' \ | ||
| 58 | SHAREDCMD='$(CC)'; \ | ||
| 59 | $(LINK_SO) | ||
| 60 | touch $(SHLIB).tru64 | ||
| 61 | $(SHLIB).solaris: $(LIB) | ||
| 62 | ALLSYMSFLAGS='-z allextract' \ | ||
| 63 | SHAREDFLAGS='-G -h $(SHLIB)' \ | ||
| 64 | SHAREDCMD='$(CC)'; \ | ||
| 65 | $(LINK_SO) | ||
| 66 | touch $(SHLIB).solaris | ||
| 67 | $(SHLIB).irix: $(LIB) | ||
| 68 | ALLSYMSFLAGS='-all' \ | ||
| 69 | SHAREDFLAGS='-shared -Wl,-soname,$(SHLIB)' \ | ||
| 70 | SHAREDCMD='$(CC)'; \ | ||
| 71 | $(LINK_SO) | ||
| 72 | touch $(SHLIB).irix | ||
| 73 | $(SHLIB).hpux32: $(LIB) | ||
| 74 | ALLSYMSFLAGS='-Fl' \ | ||
| 75 | SHAREDFLAGS='+vnocompatwarnings -b -z +s +h $(SHLIB)' \ | ||
| 76 | SHAREDCMD='/usr/ccs/bin/ld'; \ | ||
| 77 | $(LINK_SO) | ||
| 78 | touch $(SHLIB).hpux32 | ||
| 79 | $(SHLIB).hpux64: $(LIB) | ||
| 80 | ALLSYMSFLAGS='+forceload' \ | ||
| 81 | SHAREDFLAGS='-b -z +h $(SHLIB)' \ | ||
| 82 | SHAREDCMD='/usr/ccs/bin/ld'; \ | ||
| 83 | $(LINK_SO) | ||
| 84 | touch $(SHLIB).hpux64 | ||
| 85 | $(SHLIB).aix: $(LIB) | ||
| 86 | ALLSYMSFLAGS='-bnogc' \ | ||
| 87 | SHAREDFLAGS='-G -bE:$(LIBNAME).exp -bM:SRE' \ | ||
| 88 | SHAREDCMD='$(CC)'; \ | ||
| 89 | $(LINK_SO) | ||
| 90 | touch $(SHLIB).aix | ||
| 91 | |||
| 92 | depend: | ||
| 93 | sed -e '/^# DO NOT DELETE.*/,$$d' < Makefile > Makefile.tmp | ||
| 94 | echo '# DO NOT DELETE THIS LINE -- make depend depends on it.' >> Makefile.tmp | ||
| 95 | gcc -M $(CFLAGS) $(SRC) >> Makefile.tmp | ||
| 96 | perl ../../../util/clean-depend.pl < Makefile.tmp > Makefile.new | ||
| 97 | rm -f Makefile.tmp Makefile | ||
| 98 | mv Makefile.new Makefile | ||
| 99 | |||
| 100 | # DO NOT DELETE THIS LINE -- make depend depends on it. | ||
| 101 | |||
| 102 | rsaref.o: ../../../include/openssl/asn1.h ../../../include/openssl/bio.h | ||
| 103 | rsaref.o: ../../../include/openssl/bn.h ../../../include/openssl/crypto.h | ||
| 104 | rsaref.o: ../../../include/openssl/dh.h ../../../include/openssl/dsa.h | ||
| 105 | rsaref.o: ../../../include/openssl/e_os2.h ../../../include/openssl/engine.h | ||
| 106 | rsaref.o: ../../../include/openssl/err.h ../../../include/openssl/lhash.h | ||
| 107 | rsaref.o: ../../../include/openssl/opensslconf.h | ||
| 108 | rsaref.o: ../../../include/openssl/opensslv.h | ||
| 109 | rsaref.o: ../../../include/openssl/ossl_typ.h ../../../include/openssl/rand.h | ||
| 110 | rsaref.o: ../../../include/openssl/rsa.h ../../../include/openssl/safestack.h | ||
| 111 | rsaref.o: ../../../include/openssl/stack.h ../../../include/openssl/symhacks.h | ||
| 112 | rsaref.o: ../../../include/openssl/ui.h rsaref.c rsaref_err.c rsaref_err.h | ||
| 113 | rsaref.o: source/des.h source/global.h source/md2.h source/md5.h source/rsa.h | ||
| 114 | rsaref.o: source/rsaref.h | ||
| diff --git a/src/lib/libssl/src/demos/engines/zencod/hw_zencod.c b/src/lib/libssl/src/demos/engines/zencod/hw_zencod.c new file mode 100644 index 0000000000..308e18710f --- /dev/null +++ b/src/lib/libssl/src/demos/engines/zencod/hw_zencod.c | |||
| @@ -0,0 +1,1736 @@ | |||
| 1 | /* crypto/engine/hw_zencod.c */ | ||
| 2 | /* Written by Fred Donnat (frederic.donnat@zencod.com) for "zencod" | ||
| 3 | * engine integration in order to redirect crypto computing on a crypto | ||
| 4 | * hardware accelerator zenssl32 ;-) | ||
| 5 | * | ||
| 6 | * Date : 25 jun 2002 | ||
| 7 | * Revision : 17 Ju7 2002 | ||
| 8 | * Version : zencod_engine-0.9.7 | ||
| 9 | */ | ||
| 10 | |||
| 11 | /* ==================================================================== | ||
| 12 | * Copyright (c) 1999-2001 The OpenSSL Project. All rights reserved. | ||
| 13 | * | ||
| 14 | * Redistribution and use in source and binary forms, with or without | ||
| 15 | * modification, are permitted provided that the following conditions | ||
| 16 | * are met: | ||
| 17 | * | ||
| 18 | * 1. Redistributions of source code must retain the above copyright | ||
| 19 | * notice, this list of conditions and the following disclaimer. | ||
| 20 | * | ||
| 21 | * 2. Redistributions in binary form must reproduce the above copyright | ||
| 22 | * notice, this list of conditions and the following disclaimer in | ||
| 23 | * the documentation and/or other materials provided with the | ||
| 24 | * distribution. | ||
| 25 | * | ||
| 26 | * 3. All advertising materials mentioning features or use of this | ||
| 27 | * software must display the following acknowledgment: | ||
| 28 | * "This product includes software developed by the OpenSSL Project | ||
| 29 | * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" | ||
| 30 | * | ||
| 31 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | ||
| 32 | * endorse or promote products derived from this software without | ||
| 33 | * prior written permission. For written permission, please contact | ||
| 34 | * licensing@OpenSSL.org. | ||
| 35 | * | ||
| 36 | * 5. Products derived from this software may not be called "OpenSSL" | ||
| 37 | * nor may "OpenSSL" appear in their names without prior written | ||
| 38 | * permission of the OpenSSL Project. | ||
| 39 | * | ||
| 40 | * 6. Redistributions of any form whatsoever must retain the following | ||
| 41 | * acknowledgment: | ||
| 42 | * "This product includes software developed by the OpenSSL Project | ||
| 43 | * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" | ||
| 44 | * | ||
| 45 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | ||
| 46 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
| 47 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | ||
| 48 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | ||
| 49 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | ||
| 50 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
| 51 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | ||
| 52 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
| 53 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | ||
| 54 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | ||
| 55 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | ||
| 56 | * OF THE POSSIBILITY OF SUCH DAMAGE. | ||
| 57 | * ==================================================================== | ||
| 58 | * | ||
| 59 | * This product includes cryptographic software written by Eric Young | ||
| 60 | * (eay@cryptsoft.com). This product includes software written by Tim | ||
| 61 | * Hudson (tjh@cryptsoft.com). | ||
| 62 | * | ||
| 63 | */ | ||
| 64 | |||
| 65 | |||
| 66 | /* ENGINE general include */ | ||
| 67 | #include <stdio.h> | ||
| 68 | #include <openssl/crypto.h> | ||
| 69 | #include <openssl/dso.h> | ||
| 70 | #include <openssl/engine.h> | ||
| 71 | |||
| 72 | #ifndef OPENSSL_NO_HW | ||
| 73 | #ifndef OPENSSL_NO_HW_ZENCOD | ||
| 74 | |||
| 75 | #ifdef FLAT_INC | ||
| 76 | # include "hw_zencod.h" | ||
| 77 | #else | ||
| 78 | # include "vendor_defns/hw_zencod.h" | ||
| 79 | #endif | ||
| 80 | |||
| 81 | #define ZENCOD_LIB_NAME "zencod engine" | ||
| 82 | #include "hw_zencod_err.c" | ||
| 83 | |||
| 84 | #define FAIL_TO_SOFTWARE -15 | ||
| 85 | |||
| 86 | #define ZEN_LIBRARY "zenbridge" | ||
| 87 | |||
| 88 | #if 0 | ||
| 89 | # define PERROR(s) perror(s) | ||
| 90 | # define CHEESE() fputs("## [ZenEngine] ## " __FUNCTION__ "\n", stderr) | ||
| 91 | #else | ||
| 92 | # define PERROR(s) | ||
| 93 | # define CHEESE() | ||
| 94 | #endif | ||
| 95 | |||
| 96 | |||
| 97 | /* Sorry ;) */ | ||
| 98 | #ifndef WIN32 | ||
| 99 | static inline void esrever ( unsigned char *d, int l ) | ||
| 100 | { | ||
| 101 | for(;--l>0;--l,d++){*d^=*(d+l);*(d+l)^=*d;*d^=*(d+l);} | ||
| 102 | } | ||
| 103 | |||
| 104 | static inline void ypcmem ( unsigned char *d, const unsigned char *s, int l ) | ||
| 105 | { | ||
| 106 | for(d+=l;l--;)*--d=*s++; | ||
| 107 | } | ||
| 108 | #else | ||
| 109 | static __inline void esrever ( unsigned char *d, int l ) | ||
| 110 | { | ||
| 111 | for(;--l>0;--l,d++){*d^=*(d+l);*(d+l)^=*d;*d^=*(d+l);} | ||
| 112 | } | ||
| 113 | |||
| 114 | static __inline void ypcmem ( unsigned char *d, const unsigned char *s, int l ) | ||
| 115 | { | ||
| 116 | for(d+=l;l--;)*--d=*s++; | ||
| 117 | } | ||
| 118 | #endif | ||
| 119 | |||
| 120 | |||
| 121 | #define BIGNUM2ZEN(n, bn) (ptr_zencod_init_number((n), \ | ||
| 122 | (unsigned long) ((bn)->top * BN_BITS2), \ | ||
| 123 | (unsigned char *) ((bn)->d))) | ||
| 124 | |||
| 125 | #define ZEN_BITS(n, bytes) (ptr_zencod_bytes2bits((unsigned char *) (n), (unsigned long) (bytes))) | ||
| 126 | #define ZEN_BYTES(bits) (ptr_zencod_bits2bytes((unsigned long) (bits))) | ||
| 127 | |||
| 128 | |||
| 129 | /* Function for ENGINE detection and control */ | ||
| 130 | static int zencod_destroy ( ENGINE *e ) ; | ||
| 131 | static int zencod_init ( ENGINE *e ) ; | ||
| 132 | static int zencod_finish ( ENGINE *e ) ; | ||
| 133 | static int zencod_ctrl ( ENGINE *e, int cmd, long i, void *p, void (*f) () ) ; | ||
| 134 | |||
| 135 | /* BIGNUM stuff */ | ||
| 136 | static int zencod_bn_mod_exp ( BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx ) ; | ||
| 137 | |||
| 138 | /* RSA stuff */ | ||
| 139 | #ifndef OPENSSL_NO_RSA | ||
| 140 | static int RSA_zencod_rsa_mod_exp ( BIGNUM *r0, const BIGNUM *I, RSA *rsa ) ; | ||
| 141 | static int RSA_zencod_bn_mod_exp ( BIGNUM *r, const BIGNUM *a, const BIGNUM *p, | ||
| 142 | const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx ) ; | ||
| 143 | #endif | ||
| 144 | |||
| 145 | /* DSA stuff */ | ||
| 146 | #ifndef OPENSSL_NO_DSA | ||
| 147 | static int DSA_zencod_bn_mod_exp ( DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, | ||
| 148 | BN_MONT_CTX *m_ctx ) ; | ||
| 149 | |||
| 150 | static DSA_SIG *DSA_zencod_do_sign ( const unsigned char *dgst, int dlen, DSA *dsa ) ; | ||
| 151 | static int DSA_zencod_do_verify ( const unsigned char *dgst, int dgst_len, DSA_SIG *sig, | ||
| 152 | DSA *dsa ) ; | ||
| 153 | #endif | ||
| 154 | |||
| 155 | /* DH stuff */ | ||
| 156 | #ifndef OPENSSL_NO_DH | ||
| 157 | static int DH_zencod_bn_mod_exp ( const DH *dh, BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, | ||
| 158 | BN_MONT_CTX *m_ctx ) ; | ||
| 159 | static int DH_zencod_generate_key ( DH *dh ) ; | ||
| 160 | static int DH_zencod_compute_key ( unsigned char *key, const BIGNUM *pub_key, DH *dh ) ; | ||
| 161 | #endif | ||
| 162 | |||
| 163 | /* Rand stuff */ | ||
| 164 | static void RAND_zencod_seed ( const void *buf, int num ) ; | ||
| 165 | static int RAND_zencod_rand_bytes ( unsigned char *buf, int num ) ; | ||
| 166 | static int RAND_zencod_rand_status ( void ) ; | ||
| 167 | |||
| 168 | /* Digest Stuff */ | ||
| 169 | static int engine_digests ( ENGINE *e, const EVP_MD **digest, const int **nids, int nid ) ; | ||
| 170 | |||
| 171 | /* Cipher Stuff */ | ||
| 172 | static int engine_ciphers ( ENGINE *e, const EVP_CIPHER **cipher, const int **nids, int nid ) ; | ||
| 173 | |||
| 174 | |||
| 175 | #define ZENCOD_CMD_SO_PATH ENGINE_CMD_BASE | ||
| 176 | static const ENGINE_CMD_DEFN zencod_cmd_defns [ ] = | ||
| 177 | { | ||
| 178 | { ZENCOD_CMD_SO_PATH, | ||
| 179 | "SO_PATH", | ||
| 180 | "Specifies the path to the 'zenbridge' shared library", | ||
| 181 | ENGINE_CMD_FLAG_STRING}, | ||
| 182 | { 0, NULL, NULL, 0 } | ||
| 183 | } ; | ||
| 184 | |||
| 185 | |||
| 186 | #ifndef OPENSSL_NO_RSA | ||
| 187 | /* Our internal RSA_METHOD specific to zencod ENGINE providing pointers to our function */ | ||
| 188 | static RSA_METHOD zencod_rsa = | ||
| 189 | { | ||
| 190 | "ZENCOD RSA method", | ||
| 191 | NULL, | ||
| 192 | NULL, | ||
| 193 | NULL, | ||
| 194 | NULL, | ||
| 195 | RSA_zencod_rsa_mod_exp, | ||
| 196 | RSA_zencod_bn_mod_exp, | ||
| 197 | NULL, | ||
| 198 | NULL, | ||
| 199 | 0, | ||
| 200 | NULL, | ||
| 201 | NULL, | ||
| 202 | NULL | ||
| 203 | } ; | ||
| 204 | #endif | ||
| 205 | |||
| 206 | #ifndef OPENSSL_NO_DSA | ||
| 207 | /* Our internal DSA_METHOD specific to zencod ENGINE providing pointers to our function */ | ||
| 208 | static DSA_METHOD zencod_dsa = | ||
| 209 | { | ||
| 210 | "ZENCOD DSA method", | ||
| 211 | DSA_zencod_do_sign, | ||
| 212 | NULL, | ||
| 213 | DSA_zencod_do_verify, | ||
| 214 | NULL, | ||
| 215 | DSA_zencod_bn_mod_exp, | ||
| 216 | NULL, | ||
| 217 | NULL, | ||
| 218 | 0, | ||
| 219 | NULL | ||
| 220 | } ; | ||
| 221 | #endif | ||
| 222 | |||
| 223 | #ifndef OPENSSL_NO_DH | ||
| 224 | /* Our internal DH_METHOD specific to zencod ENGINE providing pointers to our function */ | ||
| 225 | static DH_METHOD zencod_dh = | ||
| 226 | { | ||
| 227 | "ZENCOD DH method", | ||
| 228 | DH_zencod_generate_key, | ||
| 229 | DH_zencod_compute_key, | ||
| 230 | DH_zencod_bn_mod_exp, | ||
| 231 | NULL, | ||
| 232 | NULL, | ||
| 233 | 0, | ||
| 234 | NULL | ||
| 235 | } ; | ||
| 236 | #endif | ||
| 237 | |||
| 238 | /* Our internal RAND_meth specific to zencod ZNGINE providing pointers to our function */ | ||
| 239 | static RAND_METHOD zencod_rand = | ||
| 240 | { | ||
| 241 | RAND_zencod_seed, | ||
| 242 | RAND_zencod_rand_bytes, | ||
| 243 | NULL, | ||
| 244 | NULL, | ||
| 245 | RAND_zencod_rand_bytes, | ||
| 246 | RAND_zencod_rand_status | ||
| 247 | } ; | ||
| 248 | |||
| 249 | |||
| 250 | /* Constants used when creating the ENGINE */ | ||
| 251 | static const char *engine_zencod_id = "zencod"; | ||
| 252 | static const char *engine_zencod_name = "ZENCOD hardware engine support"; | ||
| 253 | |||
| 254 | |||
| 255 | /* This internal function is used by ENGINE_zencod () and possibly by the | ||
| 256 | * "dynamic" ENGINE support too ;-) | ||
| 257 | */ | ||
| 258 | static int bind_helper ( ENGINE *e ) | ||
| 259 | { | ||
| 260 | |||
| 261 | #ifndef OPENSSL_NO_RSA | ||
| 262 | const RSA_METHOD *meth_rsa ; | ||
| 263 | #endif | ||
| 264 | #ifndef OPENSSL_NO_DSA | ||
| 265 | const DSA_METHOD *meth_dsa ; | ||
| 266 | #endif | ||
| 267 | #ifndef OPENSSL_NO_DH | ||
| 268 | const DH_METHOD *meth_dh ; | ||
| 269 | #endif | ||
| 270 | |||
| 271 | const RAND_METHOD *meth_rand ; | ||
| 272 | |||
| 273 | |||
| 274 | if ( !ENGINE_set_id ( e, engine_zencod_id ) || | ||
| 275 | !ENGINE_set_name ( e, engine_zencod_name ) || | ||
| 276 | #ifndef OPENSSL_NO_RSA | ||
| 277 | !ENGINE_set_RSA ( e, &zencod_rsa ) || | ||
| 278 | #endif | ||
| 279 | #ifndef OPENSSL_NO_DSA | ||
| 280 | !ENGINE_set_DSA ( e, &zencod_dsa ) || | ||
| 281 | #endif | ||
| 282 | #ifndef OPENSSL_NO_DH | ||
| 283 | !ENGINE_set_DH ( e, &zencod_dh ) || | ||
| 284 | #endif | ||
| 285 | !ENGINE_set_RAND ( e, &zencod_rand ) || | ||
| 286 | |||
| 287 | !ENGINE_set_destroy_function ( e, zencod_destroy ) || | ||
| 288 | !ENGINE_set_init_function ( e, zencod_init ) || | ||
| 289 | !ENGINE_set_finish_function ( e, zencod_finish ) || | ||
| 290 | !ENGINE_set_ctrl_function ( e, zencod_ctrl ) || | ||
| 291 | !ENGINE_set_cmd_defns ( e, zencod_cmd_defns ) || | ||
| 292 | !ENGINE_set_digests ( e, engine_digests ) || | ||
| 293 | !ENGINE_set_ciphers ( e, engine_ciphers ) ) { | ||
| 294 | return 0 ; | ||
| 295 | } | ||
| 296 | |||
| 297 | #ifndef OPENSSL_NO_RSA | ||
| 298 | /* We know that the "PKCS1_SSLeay()" functions hook properly | ||
| 299 | * to the Zencod-specific mod_exp and mod_exp_crt so we use | ||
| 300 | * those functions. NB: We don't use ENGINE_openssl() or | ||
| 301 | * anything "more generic" because something like the RSAref | ||
| 302 | * code may not hook properly, and if you own one of these | ||
| 303 | * cards then you have the right to do RSA operations on it | ||
| 304 | * anyway! | ||
| 305 | */ | ||
| 306 | meth_rsa = RSA_PKCS1_SSLeay () ; | ||
| 307 | |||
| 308 | zencod_rsa.rsa_pub_enc = meth_rsa->rsa_pub_enc ; | ||
| 309 | zencod_rsa.rsa_pub_dec = meth_rsa->rsa_pub_dec ; | ||
| 310 | zencod_rsa.rsa_priv_enc = meth_rsa->rsa_priv_enc ; | ||
| 311 | zencod_rsa.rsa_priv_dec = meth_rsa->rsa_priv_dec ; | ||
| 312 | /* meth_rsa->rsa_mod_exp */ | ||
| 313 | /* meth_rsa->bn_mod_exp */ | ||
| 314 | zencod_rsa.init = meth_rsa->init ; | ||
| 315 | zencod_rsa.finish = meth_rsa->finish ; | ||
| 316 | #endif | ||
| 317 | |||
| 318 | #ifndef OPENSSL_NO_DSA | ||
| 319 | /* We use OpenSSL meth to supply what we don't provide ;-*) | ||
| 320 | */ | ||
| 321 | meth_dsa = DSA_OpenSSL () ; | ||
| 322 | |||
| 323 | /* meth_dsa->dsa_do_sign */ | ||
| 324 | zencod_dsa.dsa_sign_setup = meth_dsa->dsa_sign_setup ; | ||
| 325 | /* meth_dsa->dsa_do_verify */ | ||
| 326 | zencod_dsa.dsa_mod_exp = meth_dsa->dsa_mod_exp ; | ||
| 327 | /* zencod_dsa.bn_mod_exp = meth_dsa->bn_mod_exp ; */ | ||
| 328 | zencod_dsa.init = meth_dsa->init ; | ||
| 329 | zencod_dsa.finish = meth_dsa->finish ; | ||
| 330 | #endif | ||
| 331 | |||
| 332 | #ifndef OPENSSL_NO_DH | ||
| 333 | /* We use OpenSSL meth to supply what we don't provide ;-*) | ||
| 334 | */ | ||
| 335 | meth_dh = DH_OpenSSL () ; | ||
| 336 | |||
| 337 | /* zencod_dh.generate_key = meth_dh->generate_key ; */ | ||
| 338 | /* zencod_dh.compute_key = meth_dh->compute_key ; */ | ||
| 339 | /* zencod_dh.bn_mod_exp = meth_dh->bn_mod_exp ; */ | ||
| 340 | zencod_dh.init = meth_dh->init ; | ||
| 341 | zencod_dh.finish = meth_dh->finish ; | ||
| 342 | |||
| 343 | #endif | ||
| 344 | |||
| 345 | /* We use OpenSSL (SSLeay) meth to supply what we don't provide ;-*) | ||
| 346 | */ | ||
| 347 | meth_rand = RAND_SSLeay () ; | ||
| 348 | |||
| 349 | /* meth_rand->seed ; */ | ||
| 350 | /* zencod_rand.seed = meth_rand->seed ; */ | ||
| 351 | /* meth_rand->bytes ; */ | ||
| 352 | /* zencod_rand.bytes = meth_rand->bytes ; */ | ||
| 353 | zencod_rand.cleanup = meth_rand->cleanup ; | ||
| 354 | zencod_rand.add = meth_rand->add ; | ||
| 355 | /* meth_rand->pseudorand ; */ | ||
| 356 | /* zencod_rand.pseudorand = meth_rand->pseudorand ; */ | ||
| 357 | /* zencod_rand.status = meth_rand->status ; */ | ||
| 358 | /* meth_rand->status ; */ | ||
| 359 | |||
| 360 | /* Ensure the zencod error handling is set up */ | ||
| 361 | ERR_load_ZENCOD_strings () ; | ||
| 362 | return 1 ; | ||
| 363 | } | ||
| 364 | |||
| 365 | |||
| 366 | /* As this is only ever called once, there's no need for locking | ||
| 367 | * (indeed - the lock will already be held by our caller!!!) | ||
| 368 | */ | ||
| 369 | ENGINE *ENGINE_zencod ( void ) | ||
| 370 | { | ||
| 371 | |||
| 372 | ENGINE *eng = ENGINE_new () ; | ||
| 373 | |||
| 374 | if ( !eng ) { | ||
| 375 | return NULL ; | ||
| 376 | } | ||
| 377 | if ( !bind_helper ( eng ) ) { | ||
| 378 | ENGINE_free ( eng ) ; | ||
| 379 | return NULL ; | ||
| 380 | } | ||
| 381 | |||
| 382 | return eng ; | ||
| 383 | } | ||
| 384 | |||
| 385 | |||
| 386 | void ENGINE_load_zencod ( void ) | ||
| 387 | { | ||
| 388 | /* Copied from eng_[openssl|dyn].c */ | ||
| 389 | ENGINE *toadd = ENGINE_zencod ( ) ; | ||
| 390 | if ( !toadd ) return ; | ||
| 391 | ENGINE_add ( toadd ) ; | ||
| 392 | ENGINE_free ( toadd ) ; | ||
| 393 | ERR_clear_error ( ) ; | ||
| 394 | } | ||
| 395 | |||
| 396 | |||
| 397 | /* This is a process-global DSO handle used for loading and unloading | ||
| 398 | * the ZENBRIDGE library. | ||
| 399 | * NB: This is only set (or unset) during an * init () or finish () call | ||
| 400 | * (reference counts permitting) and they're * operating with global locks, | ||
| 401 | * so this should be thread-safe * implicitly. | ||
| 402 | */ | ||
| 403 | static DSO *zencod_dso = NULL ; | ||
| 404 | |||
| 405 | static t_zencod_test *ptr_zencod_test = NULL ; | ||
| 406 | static t_zencod_bytes2bits *ptr_zencod_bytes2bits = NULL ; | ||
| 407 | static t_zencod_bits2bytes *ptr_zencod_bits2bytes = NULL ; | ||
| 408 | static t_zencod_new_number *ptr_zencod_new_number = NULL ; | ||
| 409 | static t_zencod_init_number *ptr_zencod_init_number = NULL ; | ||
| 410 | |||
| 411 | static t_zencod_rsa_mod_exp *ptr_zencod_rsa_mod_exp = NULL ; | ||
| 412 | static t_zencod_rsa_mod_exp_crt *ptr_zencod_rsa_mod_exp_crt = NULL ; | ||
| 413 | static t_zencod_dsa_do_sign *ptr_zencod_dsa_do_sign = NULL ; | ||
| 414 | static t_zencod_dsa_do_verify *ptr_zencod_dsa_do_verify = NULL ; | ||
| 415 | static t_zencod_dh_generate_key *ptr_zencod_dh_generate_key = NULL ; | ||
| 416 | static t_zencod_dh_compute_key *ptr_zencod_dh_compute_key = NULL ; | ||
| 417 | static t_zencod_rand_bytes *ptr_zencod_rand_bytes = NULL ; | ||
| 418 | static t_zencod_math_mod_exp *ptr_zencod_math_mod_exp = NULL ; | ||
| 419 | |||
| 420 | static t_zencod_md5_init *ptr_zencod_md5_init = NULL ; | ||
| 421 | static t_zencod_md5_update *ptr_zencod_md5_update = NULL ; | ||
| 422 | static t_zencod_md5_do_final *ptr_zencod_md5_do_final = NULL ; | ||
| 423 | static t_zencod_sha1_init *ptr_zencod_sha1_init = NULL ; | ||
| 424 | static t_zencod_sha1_update *ptr_zencod_sha1_update = NULL ; | ||
| 425 | static t_zencod_sha1_do_final *ptr_zencod_sha1_do_final = NULL ; | ||
| 426 | |||
| 427 | static t_zencod_xdes_cipher *ptr_zencod_xdes_cipher = NULL ; | ||
| 428 | static t_zencod_rc4_cipher *ptr_zencod_rc4_cipher = NULL ; | ||
| 429 | |||
| 430 | /* These are the static string constants for the DSO file name and the function | ||
| 431 | * symbol names to bind to. | ||
| 432 | */ | ||
| 433 | static const char *ZENCOD_LIBNAME = ZEN_LIBRARY ; | ||
| 434 | |||
| 435 | static const char *ZENCOD_Fct_0 = "test_device" ; | ||
| 436 | static const char *ZENCOD_Fct_1 = "zenbridge_bytes2bits" ; | ||
| 437 | static const char *ZENCOD_Fct_2 = "zenbridge_bits2bytes" ; | ||
| 438 | static const char *ZENCOD_Fct_3 = "zenbridge_new_number" ; | ||
| 439 | static const char *ZENCOD_Fct_4 = "zenbridge_init_number" ; | ||
| 440 | |||
| 441 | static const char *ZENCOD_Fct_exp_1 = "zenbridge_rsa_mod_exp" ; | ||
| 442 | static const char *ZENCOD_Fct_exp_2 = "zenbridge_rsa_mod_exp_crt" ; | ||
| 443 | static const char *ZENCOD_Fct_dsa_1 = "zenbridge_dsa_do_sign" ; | ||
| 444 | static const char *ZENCOD_Fct_dsa_2 = "zenbridge_dsa_do_verify" ; | ||
| 445 | static const char *ZENCOD_Fct_dh_1 = "zenbridge_dh_generate_key" ; | ||
| 446 | static const char *ZENCOD_Fct_dh_2 = "zenbridge_dh_compute_key" ; | ||
| 447 | static const char *ZENCOD_Fct_rand_1 = "zenbridge_rand_bytes" ; | ||
| 448 | static const char *ZENCOD_Fct_math_1 = "zenbridge_math_mod_exp" ; | ||
| 449 | |||
| 450 | static const char *ZENCOD_Fct_md5_1 = "zenbridge_md5_init" ; | ||
| 451 | static const char *ZENCOD_Fct_md5_2 = "zenbridge_md5_update" ; | ||
| 452 | static const char *ZENCOD_Fct_md5_3 = "zenbridge_md5_do_final" ; | ||
| 453 | static const char *ZENCOD_Fct_sha1_1 = "zenbridge_sha1_init" ; | ||
| 454 | static const char *ZENCOD_Fct_sha1_2 = "zenbridge_sha1_update" ; | ||
| 455 | static const char *ZENCOD_Fct_sha1_3 = "zenbridge_sha1_do_final" ; | ||
| 456 | |||
| 457 | static const char *ZENCOD_Fct_xdes_1 = "zenbridge_xdes_cipher" ; | ||
| 458 | static const char *ZENCOD_Fct_rc4_1 = "zenbridge_rc4_cipher" ; | ||
| 459 | |||
| 460 | /* Destructor (complements the "ENGINE_zencod ()" constructor) | ||
| 461 | */ | ||
| 462 | static int zencod_destroy (ENGINE *e ) | ||
| 463 | { | ||
| 464 | |||
| 465 | ERR_unload_ZENCOD_strings () ; | ||
| 466 | |||
| 467 | return 1 ; | ||
| 468 | } | ||
| 469 | |||
| 470 | |||
| 471 | /* (de)initialisation functions. Control Function | ||
| 472 | */ | ||
| 473 | static int zencod_init ( ENGINE *e ) | ||
| 474 | { | ||
| 475 | |||
| 476 | t_zencod_test *ptr_0 ; | ||
| 477 | t_zencod_bytes2bits *ptr_1 ; | ||
| 478 | t_zencod_bits2bytes *ptr_2 ; | ||
| 479 | t_zencod_new_number *ptr_3 ; | ||
| 480 | t_zencod_init_number *ptr_4 ; | ||
| 481 | t_zencod_rsa_mod_exp *ptr_exp_1 ; | ||
| 482 | t_zencod_rsa_mod_exp_crt *ptr_exp_2 ; | ||
| 483 | t_zencod_dsa_do_sign *ptr_dsa_1 ; | ||
| 484 | t_zencod_dsa_do_verify *ptr_dsa_2 ; | ||
| 485 | t_zencod_dh_generate_key *ptr_dh_1 ; | ||
| 486 | t_zencod_dh_compute_key *ptr_dh_2 ; | ||
| 487 | t_zencod_rand_bytes *ptr_rand_1 ; | ||
| 488 | t_zencod_math_mod_exp *ptr_math_1 ; | ||
| 489 | t_zencod_md5_init *ptr_md5_1 ; | ||
| 490 | t_zencod_md5_update *ptr_md5_2 ; | ||
| 491 | t_zencod_md5_do_final *ptr_md5_3 ; | ||
| 492 | t_zencod_sha1_init *ptr_sha1_1 ; | ||
| 493 | t_zencod_sha1_update *ptr_sha1_2 ; | ||
| 494 | t_zencod_sha1_do_final *ptr_sha1_3 ; | ||
| 495 | t_zencod_xdes_cipher *ptr_xdes_1 ; | ||
| 496 | t_zencod_rc4_cipher *ptr_rc4_1 ; | ||
| 497 | |||
| 498 | CHEESE () ; | ||
| 499 | |||
| 500 | /* | ||
| 501 | * We Should add some tests for non NULL parameters or bad value !! | ||
| 502 | * Stuff to be done ... | ||
| 503 | */ | ||
| 504 | |||
| 505 | if ( zencod_dso != NULL ) { | ||
| 506 | ZENCODerr ( ZENCOD_F_ZENCOD_INIT, ZENCOD_R_ALREADY_LOADED ) ; | ||
| 507 | goto err ; | ||
| 508 | } | ||
| 509 | /* Trying to load the Library "cryptozen" | ||
| 510 | */ | ||
| 511 | zencod_dso = DSO_load ( NULL, ZENCOD_LIBNAME, NULL, 0 ) ; | ||
| 512 | if ( zencod_dso == NULL ) { | ||
| 513 | ZENCODerr ( ZENCOD_F_ZENCOD_INIT, ZENCOD_R_DSO_FAILURE ) ; | ||
| 514 | goto err ; | ||
| 515 | } | ||
| 516 | |||
| 517 | /* Trying to load Function from the Library | ||
| 518 | */ | ||
| 519 | if ( ! ( ptr_1 = (t_zencod_bytes2bits*) DSO_bind_func ( zencod_dso, ZENCOD_Fct_1 ) ) || | ||
| 520 | ! ( ptr_2 = (t_zencod_bits2bytes*) DSO_bind_func ( zencod_dso, ZENCOD_Fct_2 ) ) || | ||
| 521 | ! ( ptr_3 = (t_zencod_new_number*) DSO_bind_func ( zencod_dso, ZENCOD_Fct_3 ) ) || | ||
| 522 | ! ( ptr_4 = (t_zencod_init_number*) DSO_bind_func ( zencod_dso, ZENCOD_Fct_4 ) ) || | ||
| 523 | ! ( ptr_exp_1 = (t_zencod_rsa_mod_exp*) DSO_bind_func ( zencod_dso, ZENCOD_Fct_exp_1 ) ) || | ||
| 524 | ! ( ptr_exp_2 = (t_zencod_rsa_mod_exp_crt*) DSO_bind_func ( zencod_dso, ZENCOD_Fct_exp_2 ) ) || | ||
| 525 | ! ( ptr_dsa_1 = (t_zencod_dsa_do_sign*) DSO_bind_func ( zencod_dso, ZENCOD_Fct_dsa_1 ) ) || | ||
| 526 | ! ( ptr_dsa_2 = (t_zencod_dsa_do_verify*) DSO_bind_func ( zencod_dso, ZENCOD_Fct_dsa_2 ) ) || | ||
| 527 | ! ( ptr_dh_1 = (t_zencod_dh_generate_key*) DSO_bind_func ( zencod_dso, ZENCOD_Fct_dh_1 ) ) || | ||
| 528 | ! ( ptr_dh_2 = (t_zencod_dh_compute_key*) DSO_bind_func ( zencod_dso, ZENCOD_Fct_dh_2 ) ) || | ||
| 529 | ! ( ptr_rand_1 = (t_zencod_rand_bytes*) DSO_bind_func ( zencod_dso, ZENCOD_Fct_rand_1 ) ) || | ||
| 530 | ! ( ptr_math_1 = (t_zencod_math_mod_exp*) DSO_bind_func ( zencod_dso, ZENCOD_Fct_math_1 ) ) || | ||
| 531 | ! ( ptr_0 = (t_zencod_test *) DSO_bind_func ( zencod_dso, ZENCOD_Fct_0 ) ) || | ||
| 532 | ! ( ptr_md5_1 = (t_zencod_md5_init *) DSO_bind_func ( zencod_dso, ZENCOD_Fct_md5_1 ) ) || | ||
| 533 | ! ( ptr_md5_2 = (t_zencod_md5_update *) DSO_bind_func ( zencod_dso, ZENCOD_Fct_md5_2 ) ) || | ||
| 534 | ! ( ptr_md5_3 = (t_zencod_md5_do_final *) DSO_bind_func ( zencod_dso, ZENCOD_Fct_md5_3 ) ) || | ||
| 535 | ! ( ptr_sha1_1 = (t_zencod_sha1_init *) DSO_bind_func ( zencod_dso, ZENCOD_Fct_sha1_1 ) ) || | ||
| 536 | ! ( ptr_sha1_2 = (t_zencod_sha1_update *) DSO_bind_func ( zencod_dso, ZENCOD_Fct_sha1_2 ) ) || | ||
| 537 | ! ( ptr_sha1_3 = (t_zencod_sha1_do_final *) DSO_bind_func ( zencod_dso, ZENCOD_Fct_sha1_3 ) ) || | ||
| 538 | ! ( ptr_xdes_1 = (t_zencod_xdes_cipher *) DSO_bind_func ( zencod_dso, ZENCOD_Fct_xdes_1 ) ) || | ||
| 539 | ! ( ptr_rc4_1 = (t_zencod_rc4_cipher *) DSO_bind_func ( zencod_dso, ZENCOD_Fct_rc4_1 ) ) ) { | ||
| 540 | |||
| 541 | ZENCODerr ( ZENCOD_F_ZENCOD_INIT, ZENCOD_R_DSO_FAILURE ) ; | ||
| 542 | goto err ; | ||
| 543 | } | ||
| 544 | |||
| 545 | /* The function from "cryptozen" Library have been correctly loaded so copy them | ||
| 546 | */ | ||
| 547 | ptr_zencod_test = ptr_0 ; | ||
| 548 | ptr_zencod_bytes2bits = ptr_1 ; | ||
| 549 | ptr_zencod_bits2bytes = ptr_2 ; | ||
| 550 | ptr_zencod_new_number = ptr_3 ; | ||
| 551 | ptr_zencod_init_number = ptr_4 ; | ||
| 552 | ptr_zencod_rsa_mod_exp = ptr_exp_1 ; | ||
| 553 | ptr_zencod_rsa_mod_exp_crt = ptr_exp_2 ; | ||
| 554 | ptr_zencod_dsa_do_sign = ptr_dsa_1 ; | ||
| 555 | ptr_zencod_dsa_do_verify = ptr_dsa_2 ; | ||
| 556 | ptr_zencod_dh_generate_key = ptr_dh_1 ; | ||
| 557 | ptr_zencod_dh_compute_key = ptr_dh_2 ; | ||
| 558 | ptr_zencod_rand_bytes = ptr_rand_1 ; | ||
| 559 | ptr_zencod_math_mod_exp = ptr_math_1 ; | ||
| 560 | ptr_zencod_test = ptr_0 ; | ||
| 561 | ptr_zencod_md5_init = ptr_md5_1 ; | ||
| 562 | ptr_zencod_md5_update = ptr_md5_2 ; | ||
| 563 | ptr_zencod_md5_do_final = ptr_md5_3 ; | ||
| 564 | ptr_zencod_sha1_init = ptr_sha1_1 ; | ||
| 565 | ptr_zencod_sha1_update = ptr_sha1_2 ; | ||
| 566 | ptr_zencod_sha1_do_final = ptr_sha1_3 ; | ||
| 567 | ptr_zencod_xdes_cipher = ptr_xdes_1 ; | ||
| 568 | ptr_zencod_rc4_cipher = ptr_rc4_1 ; | ||
| 569 | |||
| 570 | /* We should peform a test to see if there is actually any unit runnig on the system ... | ||
| 571 | * Even if the cryptozen library is loaded the module coul not be loaded on the system ... | ||
| 572 | * For now we may just open and close the device !! | ||
| 573 | */ | ||
| 574 | |||
| 575 | if ( ptr_zencod_test () != 0 ) { | ||
| 576 | ZENCODerr ( ZENCOD_F_ZENCOD_INIT, ZENCOD_R_UNIT_FAILURE ) ; | ||
| 577 | goto err ; | ||
| 578 | } | ||
| 579 | |||
| 580 | return 1 ; | ||
| 581 | err : | ||
| 582 | if ( zencod_dso ) { | ||
| 583 | DSO_free ( zencod_dso ) ; | ||
| 584 | } | ||
| 585 | zencod_dso = NULL ; | ||
| 586 | ptr_zencod_bytes2bits = NULL ; | ||
| 587 | ptr_zencod_bits2bytes = NULL ; | ||
| 588 | ptr_zencod_new_number = NULL ; | ||
| 589 | ptr_zencod_init_number = NULL ; | ||
| 590 | ptr_zencod_rsa_mod_exp = NULL ; | ||
| 591 | ptr_zencod_rsa_mod_exp_crt = NULL ; | ||
| 592 | ptr_zencod_dsa_do_sign = NULL ; | ||
| 593 | ptr_zencod_dsa_do_verify = NULL ; | ||
| 594 | ptr_zencod_dh_generate_key = NULL ; | ||
| 595 | ptr_zencod_dh_compute_key = NULL ; | ||
| 596 | ptr_zencod_rand_bytes = NULL ; | ||
| 597 | ptr_zencod_math_mod_exp = NULL ; | ||
| 598 | ptr_zencod_test = NULL ; | ||
| 599 | ptr_zencod_md5_init = NULL ; | ||
| 600 | ptr_zencod_md5_update = NULL ; | ||
| 601 | ptr_zencod_md5_do_final = NULL ; | ||
| 602 | ptr_zencod_sha1_init = NULL ; | ||
| 603 | ptr_zencod_sha1_update = NULL ; | ||
| 604 | ptr_zencod_sha1_do_final = NULL ; | ||
| 605 | ptr_zencod_xdes_cipher = NULL ; | ||
| 606 | ptr_zencod_rc4_cipher = NULL ; | ||
| 607 | |||
| 608 | return 0 ; | ||
| 609 | } | ||
| 610 | |||
| 611 | |||
| 612 | static int zencod_finish ( ENGINE *e ) | ||
| 613 | { | ||
| 614 | |||
| 615 | CHEESE () ; | ||
| 616 | |||
| 617 | /* | ||
| 618 | * We Should add some tests for non NULL parameters or bad value !! | ||
| 619 | * Stuff to be done ... | ||
| 620 | */ | ||
| 621 | if ( zencod_dso == NULL ) { | ||
| 622 | ZENCODerr ( ZENCOD_F_ZENCOD_FINISH, ZENCOD_R_NOT_LOADED ) ; | ||
| 623 | return 0 ; | ||
| 624 | } | ||
| 625 | if ( !DSO_free ( zencod_dso ) ) { | ||
| 626 | ZENCODerr ( ZENCOD_F_ZENCOD_FINISH, ZENCOD_R_DSO_FAILURE ) ; | ||
| 627 | return 0 ; | ||
| 628 | } | ||
| 629 | |||
| 630 | zencod_dso = NULL ; | ||
| 631 | |||
| 632 | ptr_zencod_bytes2bits = NULL ; | ||
| 633 | ptr_zencod_bits2bytes = NULL ; | ||
| 634 | ptr_zencod_new_number = NULL ; | ||
| 635 | ptr_zencod_init_number = NULL ; | ||
| 636 | ptr_zencod_rsa_mod_exp = NULL ; | ||
| 637 | ptr_zencod_rsa_mod_exp_crt = NULL ; | ||
| 638 | ptr_zencod_dsa_do_sign = NULL ; | ||
| 639 | ptr_zencod_dsa_do_verify = NULL ; | ||
| 640 | ptr_zencod_dh_generate_key = NULL ; | ||
| 641 | ptr_zencod_dh_compute_key = NULL ; | ||
| 642 | ptr_zencod_rand_bytes = NULL ; | ||
| 643 | ptr_zencod_math_mod_exp = NULL ; | ||
| 644 | ptr_zencod_test = NULL ; | ||
| 645 | ptr_zencod_md5_init = NULL ; | ||
| 646 | ptr_zencod_md5_update = NULL ; | ||
| 647 | ptr_zencod_md5_do_final = NULL ; | ||
| 648 | ptr_zencod_sha1_init = NULL ; | ||
| 649 | ptr_zencod_sha1_update = NULL ; | ||
| 650 | ptr_zencod_sha1_do_final = NULL ; | ||
| 651 | ptr_zencod_xdes_cipher = NULL ; | ||
| 652 | ptr_zencod_rc4_cipher = NULL ; | ||
| 653 | |||
| 654 | return 1 ; | ||
| 655 | } | ||
| 656 | |||
| 657 | |||
| 658 | static int zencod_ctrl ( ENGINE *e, int cmd, long i, void *p, void (*f) () ) | ||
| 659 | { | ||
| 660 | |||
| 661 | int initialised = ( ( zencod_dso == NULL ) ? 0 : 1 ) ; | ||
| 662 | |||
| 663 | CHEESE () ; | ||
| 664 | |||
| 665 | /* | ||
| 666 | * We Should add some tests for non NULL parameters or bad value !! | ||
| 667 | * Stuff to be done ... | ||
| 668 | */ | ||
| 669 | switch ( cmd ) { | ||
| 670 | case ZENCOD_CMD_SO_PATH : | ||
| 671 | if ( p == NULL ) { | ||
| 672 | ZENCODerr ( ZENCOD_F_ZENCOD_CTRL, ERR_R_PASSED_NULL_PARAMETER ) ; | ||
| 673 | return 0 ; | ||
| 674 | } | ||
| 675 | if ( initialised ) { | ||
| 676 | ZENCODerr ( ZENCOD_F_ZENCOD_CTRL, ZENCOD_R_ALREADY_LOADED ) ; | ||
| 677 | return 0 ; | ||
| 678 | } | ||
| 679 | ZENCOD_LIBNAME = (const char *) p ; | ||
| 680 | return 1 ; | ||
| 681 | default : | ||
| 682 | break ; | ||
| 683 | } | ||
| 684 | |||
| 685 | ZENCODerr ( ZENCOD_F_ZENCOD_CTRL, ZENCOD_R_CTRL_COMMAND_NOT_IMPLEMENTED ) ; | ||
| 686 | |||
| 687 | return 0 ; | ||
| 688 | } | ||
| 689 | |||
| 690 | |||
| 691 | /* BIGNUM stuff Functions | ||
| 692 | */ | ||
| 693 | static int zencod_bn_mod_exp ( BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx ) | ||
| 694 | { | ||
| 695 | zen_nb_t y, x, e, n; | ||
| 696 | int ret; | ||
| 697 | |||
| 698 | CHEESE () ; | ||
| 699 | |||
| 700 | if ( !zencod_dso ) { | ||
| 701 | ENGINEerr(ZENCOD_F_ZENCOD_BN_MOD_EXP, ZENCOD_R_NOT_LOADED); | ||
| 702 | return 0; | ||
| 703 | } | ||
| 704 | |||
| 705 | if ( !bn_wexpand(r, m->top + 1) ) { | ||
| 706 | ENGINEerr(ZENCOD_F_ZENCOD_BN_MOD_EXP, ZENCOD_R_BN_EXPAND_FAIL); | ||
| 707 | return 0; | ||
| 708 | } | ||
| 709 | |||
| 710 | memset(r->d, 0, BN_num_bytes(m)); | ||
| 711 | |||
| 712 | ptr_zencod_init_number ( &y, (r->dmax - 1) * sizeof (BN_ULONG) * 8, (unsigned char *) r->d ) ; | ||
| 713 | BIGNUM2ZEN ( &x, a ) ; | ||
| 714 | BIGNUM2ZEN ( &e, p ) ; | ||
| 715 | BIGNUM2ZEN ( &n, m ) ; | ||
| 716 | |||
| 717 | /* Must invert x and e parameter due to BN mod exp prototype ... */ | ||
| 718 | ret = ptr_zencod_math_mod_exp ( &y, &e, &x, &n ) ; | ||
| 719 | |||
| 720 | if ( ret ) { | ||
| 721 | PERROR("zenbridge_math_mod_exp"); | ||
| 722 | ENGINEerr(ZENCOD_F_ZENCOD_BN_MOD_EXP, ZENCOD_R_REQUEST_FAILED); | ||
| 723 | return 0; | ||
| 724 | } | ||
| 725 | |||
| 726 | r->top = (BN_num_bits(m) + BN_BITS2 - 1) / BN_BITS2; | ||
| 727 | |||
| 728 | return 1; | ||
| 729 | } | ||
| 730 | |||
| 731 | |||
| 732 | /* RSA stuff Functions | ||
| 733 | */ | ||
| 734 | #ifndef OPENSSL_NO_RSA | ||
| 735 | static int RSA_zencod_rsa_mod_exp ( BIGNUM *r0, const BIGNUM *i, RSA *rsa ) | ||
| 736 | { | ||
| 737 | |||
| 738 | CHEESE () ; | ||
| 739 | |||
| 740 | if ( !zencod_dso ) { | ||
| 741 | ENGINEerr(ZENCOD_F_ZENCOD_RSA_MOD_EXP_CRT, ZENCOD_R_NOT_LOADED); | ||
| 742 | return 0; | ||
| 743 | } | ||
| 744 | |||
| 745 | if ( !rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp ) { | ||
| 746 | ENGINEerr(ZENCOD_F_ZENCOD_RSA_MOD_EXP_CRT, ZENCOD_R_BAD_KEY_COMPONENTS); | ||
| 747 | return 0; | ||
| 748 | } | ||
| 749 | |||
| 750 | /* Do in software if argument is too large for hardware */ | ||
| 751 | if ( RSA_size(rsa) * 8 > ZENBRIDGE_MAX_KEYSIZE_RSA_CRT ) { | ||
| 752 | const RSA_METHOD *meth; | ||
| 753 | |||
| 754 | meth = RSA_PKCS1_SSLeay(); | ||
| 755 | return meth->rsa_mod_exp(r0, i, rsa); | ||
| 756 | } else { | ||
| 757 | zen_nb_t y, x, p, q, dmp1, dmq1, iqmp; | ||
| 758 | |||
| 759 | if ( !bn_expand(r0, RSA_size(rsa) * 8) ) { | ||
| 760 | ENGINEerr(ZENCOD_F_ZENCOD_RSA_MOD_EXP_CRT, ZENCOD_R_BN_EXPAND_FAIL); | ||
| 761 | return 0; | ||
| 762 | } | ||
| 763 | r0->top = (RSA_size(rsa) * 8 + BN_BITS2 - 1) / BN_BITS2; | ||
| 764 | |||
| 765 | BIGNUM2ZEN ( &x, i ) ; | ||
| 766 | BIGNUM2ZEN ( &y, r0 ) ; | ||
| 767 | BIGNUM2ZEN ( &p, rsa->p ) ; | ||
| 768 | BIGNUM2ZEN ( &q, rsa->q ) ; | ||
| 769 | BIGNUM2ZEN ( &dmp1, rsa->dmp1 ) ; | ||
| 770 | BIGNUM2ZEN ( &dmq1, rsa->dmq1 ) ; | ||
| 771 | BIGNUM2ZEN ( &iqmp, rsa->iqmp ) ; | ||
| 772 | |||
| 773 | if ( ptr_zencod_rsa_mod_exp_crt ( &y, &x, &p, &q, &dmp1, &dmq1, &iqmp ) < 0 ) { | ||
| 774 | PERROR("zenbridge_rsa_mod_exp_crt"); | ||
| 775 | ENGINEerr(ZENCOD_F_ZENCOD_RSA_MOD_EXP_CRT, ZENCOD_R_REQUEST_FAILED); | ||
| 776 | return 0; | ||
| 777 | } | ||
| 778 | |||
| 779 | return 1; | ||
| 780 | } | ||
| 781 | } | ||
| 782 | |||
| 783 | |||
| 784 | /* This function is aliased to RSA_mod_exp (with the mont stuff dropped). | ||
| 785 | */ | ||
| 786 | static int RSA_zencod_bn_mod_exp ( BIGNUM *r, const BIGNUM *a, const BIGNUM *p, | ||
| 787 | const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx ) | ||
| 788 | { | ||
| 789 | |||
| 790 | CHEESE () ; | ||
| 791 | |||
| 792 | if ( !zencod_dso ) { | ||
| 793 | ENGINEerr(ZENCOD_F_ZENCOD_RSA_MOD_EXP, ZENCOD_R_NOT_LOADED); | ||
| 794 | return 0; | ||
| 795 | } | ||
| 796 | |||
| 797 | /* Do in software if argument is too large for hardware */ | ||
| 798 | if ( BN_num_bits(m) > ZENBRIDGE_MAX_KEYSIZE_RSA ) { | ||
| 799 | const RSA_METHOD *meth; | ||
| 800 | |||
| 801 | meth = RSA_PKCS1_SSLeay(); | ||
| 802 | return meth->bn_mod_exp(r, a, p, m, ctx, m_ctx); | ||
| 803 | } else { | ||
| 804 | zen_nb_t y, x, e, n; | ||
| 805 | |||
| 806 | if ( !bn_expand(r, BN_num_bits(m)) ) { | ||
| 807 | ENGINEerr(ZENCOD_F_ZENCOD_RSA_MOD_EXP, ZENCOD_R_BN_EXPAND_FAIL); | ||
| 808 | return 0; | ||
| 809 | } | ||
| 810 | r->top = (BN_num_bits(m) + BN_BITS2 - 1) / BN_BITS2; | ||
| 811 | |||
| 812 | BIGNUM2ZEN ( &x, a ) ; | ||
| 813 | BIGNUM2ZEN ( &y, r ) ; | ||
| 814 | BIGNUM2ZEN ( &e, p ) ; | ||
| 815 | BIGNUM2ZEN ( &n, m ) ; | ||
| 816 | |||
| 817 | if ( ptr_zencod_rsa_mod_exp ( &y, &x, &n, &e ) < 0 ) { | ||
| 818 | PERROR("zenbridge_rsa_mod_exp"); | ||
| 819 | ENGINEerr(ZENCOD_F_ZENCOD_RSA_MOD_EXP, ZENCOD_R_REQUEST_FAILED); | ||
| 820 | return 0; | ||
| 821 | } | ||
| 822 | |||
| 823 | return 1; | ||
| 824 | } | ||
| 825 | } | ||
| 826 | #endif /* !OPENSSL_NO_RSA */ | ||
| 827 | |||
| 828 | |||
| 829 | #ifndef OPENSSL_NO_DSA | ||
| 830 | /* DSA stuff Functions | ||
| 831 | */ | ||
| 832 | static DSA_SIG *DSA_zencod_do_sign ( const unsigned char *dgst, int dlen, DSA *dsa ) | ||
| 833 | { | ||
| 834 | zen_nb_t p, q, g, x, y, r, s, data; | ||
| 835 | DSA_SIG *sig; | ||
| 836 | BIGNUM *bn_r = NULL; | ||
| 837 | BIGNUM *bn_s = NULL; | ||
| 838 | char msg[20]; | ||
| 839 | |||
| 840 | CHEESE(); | ||
| 841 | |||
| 842 | if ( !zencod_dso ) { | ||
| 843 | ENGINEerr(ZENCOD_F_ZENCOD_DSA_DO_SIGN, ZENCOD_R_NOT_LOADED); | ||
| 844 | goto FAILED; | ||
| 845 | } | ||
| 846 | |||
| 847 | if ( dlen > 160 ) { | ||
| 848 | ENGINEerr(ZENCOD_F_ZENCOD_DSA_DO_SIGN, ZENCOD_R_REQUEST_FAILED); | ||
| 849 | goto FAILED; | ||
| 850 | } | ||
| 851 | |||
| 852 | /* Do in software if argument is too large for hardware */ | ||
| 853 | if ( BN_num_bits(dsa->p) > ZENBRIDGE_MAX_KEYSIZE_DSA_SIGN || | ||
| 854 | BN_num_bits(dsa->g) > ZENBRIDGE_MAX_KEYSIZE_DSA_SIGN ) { | ||
| 855 | const DSA_METHOD *meth; | ||
| 856 | ENGINEerr(ZENCOD_F_ZENCOD_DSA_DO_SIGN, ZENCOD_R_BAD_KEY_COMPONENTS); | ||
| 857 | meth = DSA_OpenSSL(); | ||
| 858 | return meth->dsa_do_sign(dgst, dlen, dsa); | ||
| 859 | } | ||
| 860 | |||
| 861 | if ( !(bn_s = BN_new()) || !(bn_r = BN_new()) ) { | ||
| 862 | ENGINEerr(ZENCOD_F_ZENCOD_DSA_DO_SIGN, ZENCOD_R_BAD_KEY_COMPONENTS); | ||
| 863 | goto FAILED; | ||
| 864 | } | ||
| 865 | |||
| 866 | if ( !bn_expand(bn_r, 160) || !bn_expand(bn_s, 160) ) { | ||
| 867 | ENGINEerr(ZENCOD_F_ZENCOD_DSA_DO_SIGN, ZENCOD_R_BN_EXPAND_FAIL); | ||
| 868 | goto FAILED; | ||
| 869 | } | ||
| 870 | |||
| 871 | bn_r->top = bn_s->top = (160 + BN_BITS2 - 1) / BN_BITS2; | ||
| 872 | BIGNUM2ZEN ( &p, dsa->p ) ; | ||
| 873 | BIGNUM2ZEN ( &q, dsa->q ) ; | ||
| 874 | BIGNUM2ZEN ( &g, dsa->g ) ; | ||
| 875 | BIGNUM2ZEN ( &x, dsa->priv_key ) ; | ||
| 876 | BIGNUM2ZEN ( &y, dsa->pub_key ) ; | ||
| 877 | BIGNUM2ZEN ( &r, bn_r ) ; | ||
| 878 | BIGNUM2ZEN ( &s, bn_s ) ; | ||
| 879 | q.len = x.len = 160; | ||
| 880 | |||
| 881 | ypcmem(msg, dgst, 20); | ||
| 882 | ptr_zencod_init_number ( &data, 160, msg ) ; | ||
| 883 | |||
| 884 | if ( ptr_zencod_dsa_do_sign ( 0, &data, &y, &p, &q, &g, &x, &r, &s ) < 0 ) { | ||
| 885 | PERROR("zenbridge_dsa_do_sign"); | ||
| 886 | ENGINEerr(ZENCOD_F_ZENCOD_DSA_DO_SIGN, ZENCOD_R_REQUEST_FAILED); | ||
| 887 | goto FAILED; | ||
| 888 | } | ||
| 889 | |||
| 890 | if ( !( sig = DSA_SIG_new () ) ) { | ||
| 891 | ENGINEerr(ZENCOD_F_ZENCOD_DSA_DO_SIGN, ZENCOD_R_REQUEST_FAILED); | ||
| 892 | goto FAILED; | ||
| 893 | } | ||
| 894 | sig->r = bn_r; | ||
| 895 | sig->s = bn_s; | ||
| 896 | return sig; | ||
| 897 | |||
| 898 | FAILED: | ||
| 899 | if (bn_r) | ||
| 900 | BN_free(bn_r); | ||
| 901 | if (bn_s) | ||
| 902 | BN_free(bn_s); | ||
| 903 | return NULL; | ||
| 904 | } | ||
| 905 | |||
| 906 | |||
| 907 | static int DSA_zencod_do_verify ( const unsigned char *dgst, int dlen, DSA_SIG *sig, DSA *dsa ) | ||
| 908 | { | ||
| 909 | zen_nb_t data, p, q, g, y, r, s, v; | ||
| 910 | char msg[20]; | ||
| 911 | char v_data[20]; | ||
| 912 | int ret; | ||
| 913 | |||
| 914 | CHEESE(); | ||
| 915 | |||
| 916 | if ( !zencod_dso ) { | ||
| 917 | ENGINEerr(ZENCOD_F_ZENCOD_DSA_DO_VERIFY, ZENCOD_R_NOT_LOADED); | ||
| 918 | return 0; | ||
| 919 | } | ||
| 920 | |||
| 921 | if ( dlen > 160 ) { | ||
| 922 | ENGINEerr(ZENCOD_F_ZENCOD_DSA_DO_SIGN, ZENCOD_R_REQUEST_FAILED); | ||
| 923 | return 0; | ||
| 924 | } | ||
| 925 | |||
| 926 | /* Do in software if argument is too large for hardware */ | ||
| 927 | if ( BN_num_bits(dsa->p) > ZENBRIDGE_MAX_KEYSIZE_DSA_SIGN || | ||
| 928 | BN_num_bits(dsa->g) > ZENBRIDGE_MAX_KEYSIZE_DSA_SIGN ) { | ||
| 929 | const DSA_METHOD *meth; | ||
| 930 | ENGINEerr(ZENCOD_F_ZENCOD_DSA_DO_SIGN, ZENCOD_R_BAD_KEY_COMPONENTS); | ||
| 931 | meth = DSA_OpenSSL(); | ||
| 932 | return meth->dsa_do_verify(dgst, dlen, sig, dsa); | ||
| 933 | } | ||
| 934 | |||
| 935 | BIGNUM2ZEN ( &p, dsa->p ) ; | ||
| 936 | BIGNUM2ZEN ( &q, dsa->q ) ; | ||
| 937 | BIGNUM2ZEN ( &g, dsa->g ) ; | ||
| 938 | BIGNUM2ZEN ( &y, dsa->pub_key ) ; | ||
| 939 | BIGNUM2ZEN ( &r, sig->r ) ; | ||
| 940 | BIGNUM2ZEN ( &s, sig->s ) ; | ||
| 941 | ptr_zencod_init_number ( &v, 160, v_data ) ; | ||
| 942 | ypcmem(msg, dgst, 20); | ||
| 943 | ptr_zencod_init_number ( &data, 160, msg ) ; | ||
| 944 | |||
| 945 | if ( ( ret = ptr_zencod_dsa_do_verify ( 0, &data, &p, &q, &g, &y, &r, &s, &v ) ) < 0 ) { | ||
| 946 | PERROR("zenbridge_dsa_do_verify"); | ||
| 947 | ENGINEerr(ZENCOD_F_ZENCOD_DSA_DO_VERIFY, ZENCOD_R_REQUEST_FAILED); | ||
| 948 | return 0; | ||
| 949 | } | ||
| 950 | |||
| 951 | return ( ( ret == 0 ) ? 1 : ret ) ; | ||
| 952 | } | ||
| 953 | |||
| 954 | |||
| 955 | static int DSA_zencod_bn_mod_exp ( DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p, const BIGNUM *m, | ||
| 956 | BN_CTX *ctx, BN_MONT_CTX *m_ctx ) | ||
| 957 | { | ||
| 958 | CHEESE () ; | ||
| 959 | |||
| 960 | return zencod_bn_mod_exp ( r, a, p, m, ctx ) ; | ||
| 961 | } | ||
| 962 | #endif /* !OPENSSL_NO_DSA */ | ||
| 963 | |||
| 964 | |||
| 965 | #ifndef OPENSSl_NO_DH | ||
| 966 | /* DH stuff Functions | ||
| 967 | */ | ||
| 968 | static int DH_zencod_generate_key ( DH *dh ) | ||
| 969 | { | ||
| 970 | BIGNUM *bn_prv = NULL; | ||
| 971 | BIGNUM *bn_pub = NULL; | ||
| 972 | zen_nb_t y, x, g, p; | ||
| 973 | int generate_x; | ||
| 974 | |||
| 975 | CHEESE(); | ||
| 976 | |||
| 977 | if ( !zencod_dso ) { | ||
| 978 | ENGINEerr(ZENCOD_F_ZENCOD_DH_GENERATE, ZENCOD_R_NOT_LOADED); | ||
| 979 | return 0; | ||
| 980 | } | ||
| 981 | |||
| 982 | /* Private key */ | ||
| 983 | if ( dh->priv_key ) { | ||
| 984 | bn_prv = dh->priv_key; | ||
| 985 | generate_x = 0; | ||
| 986 | } else { | ||
| 987 | if (!(bn_prv = BN_new())) { | ||
| 988 | ENGINEerr(ZENCOD_F_ZENCOD_DH_GENERATE, ZENCOD_R_BN_EXPAND_FAIL); | ||
| 989 | goto FAILED; | ||
| 990 | } | ||
| 991 | generate_x = 1; | ||
| 992 | } | ||
| 993 | |||
| 994 | /* Public key */ | ||
| 995 | if ( dh->pub_key ) | ||
| 996 | bn_pub = dh->pub_key; | ||
| 997 | else | ||
| 998 | if ( !( bn_pub = BN_new () ) ) { | ||
| 999 | ENGINEerr(ZENCOD_F_ZENCOD_DH_GENERATE, ZENCOD_R_BN_EXPAND_FAIL); | ||
| 1000 | goto FAILED; | ||
| 1001 | } | ||
| 1002 | |||
| 1003 | /* Expand */ | ||
| 1004 | if ( !bn_wexpand ( bn_prv, dh->p->dmax ) || | ||
| 1005 | !bn_wexpand ( bn_pub, dh->p->dmax ) ) { | ||
| 1006 | ENGINEerr(ZENCOD_F_ZENCOD_DH_GENERATE, ZENCOD_R_BN_EXPAND_FAIL); | ||
| 1007 | goto FAILED; | ||
| 1008 | } | ||
| 1009 | bn_prv->top = dh->p->top; | ||
| 1010 | bn_pub->top = dh->p->top; | ||
| 1011 | |||
| 1012 | /* Convert all keys */ | ||
| 1013 | BIGNUM2ZEN ( &p, dh->p ) ; | ||
| 1014 | BIGNUM2ZEN ( &g, dh->g ) ; | ||
| 1015 | BIGNUM2ZEN ( &y, bn_pub ) ; | ||
| 1016 | BIGNUM2ZEN ( &x, bn_prv ) ; | ||
| 1017 | x.len = DH_size(dh) * 8; | ||
| 1018 | |||
| 1019 | /* Adjust the lengths of P and G */ | ||
| 1020 | p.len = ptr_zencod_bytes2bits ( p.data, ZEN_BYTES ( p.len ) ) ; | ||
| 1021 | g.len = ptr_zencod_bytes2bits ( g.data, ZEN_BYTES ( g.len ) ) ; | ||
| 1022 | |||
| 1023 | /* Send the request to the driver */ | ||
| 1024 | if ( ptr_zencod_dh_generate_key ( &y, &x, &g, &p, generate_x ) < 0 ) { | ||
| 1025 | perror("zenbridge_dh_generate_key"); | ||
| 1026 | ENGINEerr(ZENCOD_F_ZENCOD_DH_GENERATE, ZENCOD_R_REQUEST_FAILED); | ||
| 1027 | goto FAILED; | ||
| 1028 | } | ||
| 1029 | |||
| 1030 | dh->priv_key = bn_prv; | ||
| 1031 | dh->pub_key = bn_pub; | ||
| 1032 | |||
| 1033 | return 1; | ||
| 1034 | |||
| 1035 | FAILED: | ||
| 1036 | if (!dh->priv_key && bn_prv) | ||
| 1037 | BN_free(bn_prv); | ||
| 1038 | if (!dh->pub_key && bn_pub) | ||
| 1039 | BN_free(bn_pub); | ||
| 1040 | |||
| 1041 | return 0; | ||
| 1042 | } | ||
| 1043 | |||
| 1044 | |||
| 1045 | static int DH_zencod_compute_key ( unsigned char *key, const BIGNUM *pub_key, DH *dh ) | ||
| 1046 | { | ||
| 1047 | zen_nb_t y, x, p, k; | ||
| 1048 | |||
| 1049 | CHEESE(); | ||
| 1050 | |||
| 1051 | if ( !zencod_dso ) { | ||
| 1052 | ENGINEerr(ZENCOD_F_ZENCOD_DH_COMPUTE, ZENCOD_R_NOT_LOADED); | ||
| 1053 | return 0; | ||
| 1054 | } | ||
| 1055 | |||
| 1056 | if ( !dh->priv_key ) { | ||
| 1057 | ENGINEerr(ZENCOD_F_ZENCOD_DH_COMPUTE, ZENCOD_R_BAD_KEY_COMPONENTS); | ||
| 1058 | return 0; | ||
| 1059 | } | ||
| 1060 | |||
| 1061 | /* Convert all keys */ | ||
| 1062 | BIGNUM2ZEN ( &y, pub_key ) ; | ||
| 1063 | BIGNUM2ZEN ( &x, dh->priv_key ) ; | ||
| 1064 | BIGNUM2ZEN ( &p, dh->p ) ; | ||
| 1065 | ptr_zencod_init_number ( &k, p.len, key ) ; | ||
| 1066 | |||
| 1067 | /* Adjust the lengths */ | ||
| 1068 | p.len = ptr_zencod_bytes2bits ( p.data, ZEN_BYTES ( p.len ) ) ; | ||
| 1069 | y.len = ptr_zencod_bytes2bits ( y.data, ZEN_BYTES ( y.len ) ) ; | ||
| 1070 | x.len = ptr_zencod_bytes2bits ( x.data, ZEN_BYTES ( x.len ) ) ; | ||
| 1071 | |||
| 1072 | /* Call the hardware */ | ||
| 1073 | if ( ptr_zencod_dh_compute_key ( &k, &y, &x, &p ) < 0 ) { | ||
| 1074 | ENGINEerr(ZENCOD_F_ZENCOD_DH_COMPUTE, ZENCOD_R_REQUEST_FAILED); | ||
| 1075 | return 0; | ||
| 1076 | } | ||
| 1077 | |||
| 1078 | /* The key must be written MSB -> LSB */ | ||
| 1079 | k.len = ptr_zencod_bytes2bits ( k.data, ZEN_BYTES ( k.len ) ) ; | ||
| 1080 | esrever ( key, ZEN_BYTES ( k.len ) ) ; | ||
| 1081 | |||
| 1082 | return ZEN_BYTES ( k.len ) ; | ||
| 1083 | } | ||
| 1084 | |||
| 1085 | |||
| 1086 | static int DH_zencod_bn_mod_exp ( const DH *dh, BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, | ||
| 1087 | BN_MONT_CTX *m_ctx ) | ||
| 1088 | { | ||
| 1089 | CHEESE () ; | ||
| 1090 | |||
| 1091 | return zencod_bn_mod_exp ( r, a, p, m, ctx ) ; | ||
| 1092 | } | ||
| 1093 | #endif /* !OPENSSL_NO_DH */ | ||
| 1094 | |||
| 1095 | |||
| 1096 | /* RAND stuff Functions | ||
| 1097 | */ | ||
| 1098 | static void RAND_zencod_seed ( const void *buf, int num ) | ||
| 1099 | { | ||
| 1100 | /* Nothing to do cause our crypto accelerator provide a true random generator */ | ||
| 1101 | } | ||
| 1102 | |||
| 1103 | |||
| 1104 | static int RAND_zencod_rand_bytes ( unsigned char *buf, int num ) | ||
| 1105 | { | ||
| 1106 | zen_nb_t r; | ||
| 1107 | |||
| 1108 | CHEESE(); | ||
| 1109 | |||
| 1110 | if ( !zencod_dso ) { | ||
| 1111 | ENGINEerr(ZENCOD_F_ZENCOD_RAND, ZENCOD_R_NOT_LOADED); | ||
| 1112 | return 0; | ||
| 1113 | } | ||
| 1114 | |||
| 1115 | ptr_zencod_init_number ( &r, num * 8, buf ) ; | ||
| 1116 | |||
| 1117 | if ( ptr_zencod_rand_bytes ( &r, ZENBRIDGE_RNG_DIRECT ) < 0 ) { | ||
| 1118 | PERROR("zenbridge_rand_bytes"); | ||
| 1119 | ENGINEerr(ZENCOD_F_ZENCOD_RAND, ZENCOD_R_REQUEST_FAILED); | ||
| 1120 | return 0; | ||
| 1121 | } | ||
| 1122 | |||
| 1123 | return 1; | ||
| 1124 | } | ||
| 1125 | |||
| 1126 | |||
| 1127 | static int RAND_zencod_rand_status ( void ) | ||
| 1128 | { | ||
| 1129 | CHEESE () ; | ||
| 1130 | |||
| 1131 | return 1; | ||
| 1132 | } | ||
| 1133 | |||
| 1134 | |||
| 1135 | /* This stuff is needed if this ENGINE is being compiled into a self-contained | ||
| 1136 | * shared-library. | ||
| 1137 | */ | ||
| 1138 | #ifdef ENGINE_DYNAMIC_SUPPORT | ||
| 1139 | static int bind_fn ( ENGINE *e, const char *id ) | ||
| 1140 | { | ||
| 1141 | |||
| 1142 | if ( id && ( strcmp ( id, engine_zencod_id ) != 0 ) ) { | ||
| 1143 | return 0 ; | ||
| 1144 | } | ||
| 1145 | if ( !bind_helper ( e ) ) { | ||
| 1146 | return 0 ; | ||
| 1147 | } | ||
| 1148 | |||
| 1149 | return 1 ; | ||
| 1150 | } | ||
| 1151 | |||
| 1152 | IMPLEMENT_DYNAMIC_CHECK_FN () | ||
| 1153 | IMPLEMENT_DYNAMIC_BIND_FN ( bind_fn ) | ||
| 1154 | #endif /* ENGINE_DYNAMIC_SUPPORT */ | ||
| 1155 | |||
| 1156 | |||
| 1157 | |||
| 1158 | |||
| 1159 | /* | ||
| 1160 | * Adding "Digest" and "Cipher" tools ... | ||
| 1161 | * This is in development ... ;-) | ||
| 1162 | * In orfer to code this, i refer to hw_openbsd_dev_crypto and openssl engine made by Geoff Thorpe (if i'm rigth), | ||
| 1163 | * and evp, sha md5 definitions etc ... | ||
| 1164 | */ | ||
| 1165 | /* First add some include ... */ | ||
| 1166 | #include <openssl/evp.h> | ||
| 1167 | #include <openssl/sha.h> | ||
| 1168 | #include <openssl/md5.h> | ||
| 1169 | #include <openssl/rc4.h> | ||
| 1170 | #include <openssl/des.h> | ||
| 1171 | |||
| 1172 | |||
| 1173 | /* Some variables declaration ... */ | ||
| 1174 | /* DONS: | ||
| 1175 | * Disable symetric computation except DES and 3DES, but let part of the code | ||
| 1176 | */ | ||
| 1177 | /* static int engine_digest_nids [ ] = { NID_sha1, NID_md5 } ; */ | ||
| 1178 | static int engine_digest_nids [ ] = { } ; | ||
| 1179 | static int engine_digest_nids_num = 0 ; | ||
| 1180 | /* static int engine_cipher_nids [ ] = { NID_rc4, NID_rc4_40, NID_des_cbc, NID_des_ede3_cbc } ; */ | ||
| 1181 | static int engine_cipher_nids [ ] = { NID_des_cbc, NID_des_ede3_cbc } ; | ||
| 1182 | static int engine_cipher_nids_num = 2 ; | ||
| 1183 | |||
| 1184 | |||
| 1185 | /* Function prototype ... */ | ||
| 1186 | /* SHA stuff */ | ||
| 1187 | static int engine_sha1_init ( EVP_MD_CTX *ctx ) ; | ||
| 1188 | static int engine_sha1_update ( EVP_MD_CTX *ctx, const void *data, unsigned long count ) ; | ||
| 1189 | static int engine_sha1_final ( EVP_MD_CTX *ctx, unsigned char *md ) ; | ||
| 1190 | |||
| 1191 | /* MD5 stuff */ | ||
| 1192 | static int engine_md5_init ( EVP_MD_CTX *ctx ) ; | ||
| 1193 | static int engine_md5_update ( EVP_MD_CTX *ctx, const void *data, unsigned long count ) ; | ||
| 1194 | static int engine_md5_final ( EVP_MD_CTX *ctx, unsigned char *md ) ; | ||
| 1195 | |||
| 1196 | static int engine_md_cleanup ( EVP_MD_CTX *ctx ) ; | ||
| 1197 | static int engine_md_copy ( EVP_MD_CTX *to, const EVP_MD_CTX *from ) ; | ||
| 1198 | |||
| 1199 | |||
| 1200 | /* RC4 Stuff */ | ||
| 1201 | static int engine_rc4_init_key ( EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc ) ; | ||
| 1202 | static int engine_rc4_cipher ( EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl ) ; | ||
| 1203 | |||
| 1204 | /* DES Stuff */ | ||
| 1205 | static int engine_des_init_key ( EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc ) ; | ||
| 1206 | static int engine_des_cbc_cipher ( EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl ) ; | ||
| 1207 | |||
| 1208 | /* 3DES Stuff */ | ||
| 1209 | static int engine_des_ede3_init_key ( EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc ) ; | ||
| 1210 | static int engine_des_ede3_cbc_cipher ( EVP_CIPHER_CTX *ctx, unsigned char *out,const unsigned char *in, unsigned int inl ) ; | ||
| 1211 | |||
| 1212 | static int engine_cipher_cleanup ( EVP_CIPHER_CTX *ctx ) ; /* cleanup ctx */ | ||
| 1213 | |||
| 1214 | |||
| 1215 | /* The one for SHA ... */ | ||
| 1216 | static const EVP_MD engine_sha1_md = | ||
| 1217 | { | ||
| 1218 | NID_sha1, | ||
| 1219 | NID_sha1WithRSAEncryption, | ||
| 1220 | SHA_DIGEST_LENGTH, | ||
| 1221 | EVP_MD_FLAG_ONESHOT, | ||
| 1222 | /* 0, */ /* EVP_MD_FLAG_ONESHOT = x0001 digest can only handle a single block | ||
| 1223 | * XXX: set according to device info ... */ | ||
| 1224 | engine_sha1_init, | ||
| 1225 | engine_sha1_update, | ||
| 1226 | engine_sha1_final, | ||
| 1227 | engine_md_copy, /* dev_crypto_sha_copy */ | ||
| 1228 | engine_md_cleanup, /* dev_crypto_sha_cleanup */ | ||
| 1229 | EVP_PKEY_RSA_method, | ||
| 1230 | SHA_CBLOCK, | ||
| 1231 | /* sizeof ( EVP_MD * ) + sizeof ( SHA_CTX ) */ | ||
| 1232 | sizeof ( ZEN_MD_DATA ) | ||
| 1233 | /* sizeof ( MD_CTX_DATA ) The message digest data stucture ... */ | ||
| 1234 | } ; | ||
| 1235 | |||
| 1236 | /* The one for MD5 ... */ | ||
| 1237 | static const EVP_MD engine_md5_md = | ||
| 1238 | { | ||
| 1239 | NID_md5, | ||
| 1240 | NID_md5WithRSAEncryption, | ||
| 1241 | MD5_DIGEST_LENGTH, | ||
| 1242 | EVP_MD_FLAG_ONESHOT, | ||
| 1243 | /* 0, */ /* EVP_MD_FLAG_ONESHOT = x0001 digest can only handle a single block | ||
| 1244 | * XXX: set according to device info ... */ | ||
| 1245 | engine_md5_init, | ||
| 1246 | engine_md5_update, | ||
| 1247 | engine_md5_final, | ||
| 1248 | engine_md_copy, /* dev_crypto_md5_copy */ | ||
| 1249 | engine_md_cleanup, /* dev_crypto_md5_cleanup */ | ||
| 1250 | EVP_PKEY_RSA_method, | ||
| 1251 | MD5_CBLOCK, | ||
| 1252 | /* sizeof ( EVP_MD * ) + sizeof ( MD5_CTX ) */ | ||
| 1253 | sizeof ( ZEN_MD_DATA ) | ||
| 1254 | /* sizeof ( MD_CTX_DATA ) The message digest data stucture ... */ | ||
| 1255 | } ; | ||
| 1256 | |||
| 1257 | |||
| 1258 | /* The one for RC4 ... */ | ||
| 1259 | #define EVP_RC4_KEY_SIZE 16 | ||
| 1260 | |||
| 1261 | /* Try something static ... */ | ||
| 1262 | typedef struct | ||
| 1263 | { | ||
| 1264 | unsigned int len ; | ||
| 1265 | unsigned int first ; | ||
| 1266 | unsigned char rc4_state [ 260 ] ; | ||
| 1267 | } NEW_ZEN_RC4_KEY ; | ||
| 1268 | |||
| 1269 | #define rc4_data(ctx) ( (EVP_RC4_KEY *) ( ctx )->cipher_data ) | ||
| 1270 | |||
| 1271 | static const EVP_CIPHER engine_rc4 = | ||
| 1272 | { | ||
| 1273 | NID_rc4, | ||
| 1274 | 1, | ||
| 1275 | 16, /* EVP_RC4_KEY_SIZE should be 128 bits */ | ||
| 1276 | 0, /* FIXME: key should be up to 256 bytes */ | ||
| 1277 | EVP_CIPH_VARIABLE_LENGTH, | ||
| 1278 | engine_rc4_init_key, | ||
| 1279 | engine_rc4_cipher, | ||
| 1280 | engine_cipher_cleanup, | ||
| 1281 | sizeof ( NEW_ZEN_RC4_KEY ), | ||
| 1282 | NULL, | ||
| 1283 | NULL, | ||
| 1284 | NULL | ||
| 1285 | } ; | ||
| 1286 | |||
| 1287 | /* The one for RC4_40 ... */ | ||
| 1288 | static const EVP_CIPHER engine_rc4_40 = | ||
| 1289 | { | ||
| 1290 | NID_rc4_40, | ||
| 1291 | 1, | ||
| 1292 | 5, /* 40 bits */ | ||
| 1293 | 0, | ||
| 1294 | EVP_CIPH_VARIABLE_LENGTH, | ||
| 1295 | engine_rc4_init_key, | ||
| 1296 | engine_rc4_cipher, | ||
| 1297 | engine_cipher_cleanup, | ||
| 1298 | sizeof ( NEW_ZEN_RC4_KEY ), | ||
| 1299 | NULL, | ||
| 1300 | NULL, | ||
| 1301 | NULL | ||
| 1302 | } ; | ||
| 1303 | |||
| 1304 | /* The one for DES ... */ | ||
| 1305 | |||
| 1306 | /* Try something static ... */ | ||
| 1307 | typedef struct | ||
| 1308 | { | ||
| 1309 | unsigned char des_key [ 24 ] ; | ||
| 1310 | unsigned char des_iv [ 8 ] ; | ||
| 1311 | } ZEN_DES_KEY ; | ||
| 1312 | |||
| 1313 | static const EVP_CIPHER engine_des_cbc = | ||
| 1314 | { | ||
| 1315 | NID_des_cbc, | ||
| 1316 | 8, 8, 8, | ||
| 1317 | 0 | EVP_CIPH_CBC_MODE, | ||
| 1318 | engine_des_init_key, | ||
| 1319 | engine_des_cbc_cipher, | ||
| 1320 | engine_cipher_cleanup, | ||
| 1321 | sizeof(ZEN_DES_KEY), | ||
| 1322 | EVP_CIPHER_set_asn1_iv, | ||
| 1323 | EVP_CIPHER_get_asn1_iv, | ||
| 1324 | NULL, | ||
| 1325 | NULL | ||
| 1326 | }; | ||
| 1327 | |||
| 1328 | /* The one for 3DES ... */ | ||
| 1329 | |||
| 1330 | /* Try something static ... */ | ||
| 1331 | typedef struct | ||
| 1332 | { | ||
| 1333 | unsigned char des3_key [ 24 ] ; | ||
| 1334 | unsigned char des3_iv [ 8 ] ; | ||
| 1335 | } ZEN_3DES_KEY ; | ||
| 1336 | |||
| 1337 | #define des_data(ctx) ( (DES_EDE_KEY *) ( ctx )->cipher_data ) | ||
| 1338 | |||
| 1339 | static const EVP_CIPHER engine_des_ede3_cbc = | ||
| 1340 | { | ||
| 1341 | NID_des_ede3_cbc, | ||
| 1342 | 8, 8, 8, | ||
| 1343 | 0 | EVP_CIPH_CBC_MODE, | ||
| 1344 | engine_des_ede3_init_key, | ||
| 1345 | engine_des_ede3_cbc_cipher, | ||
| 1346 | engine_cipher_cleanup, | ||
| 1347 | sizeof(ZEN_3DES_KEY), | ||
| 1348 | EVP_CIPHER_set_asn1_iv, | ||
| 1349 | EVP_CIPHER_get_asn1_iv, | ||
| 1350 | NULL, | ||
| 1351 | NULL | ||
| 1352 | }; | ||
| 1353 | |||
| 1354 | |||
| 1355 | /* General function cloned on hw_openbsd_dev_crypto one ... */ | ||
| 1356 | static int engine_digests ( ENGINE *e, const EVP_MD **digest, const int **nids, int nid ) | ||
| 1357 | { | ||
| 1358 | |||
| 1359 | #ifdef DEBUG_ZENCOD_MD | ||
| 1360 | fprintf ( stderr, "\t=>Function : static int engine_digests () called !\n" ) ; | ||
| 1361 | #endif | ||
| 1362 | |||
| 1363 | if ( !digest ) { | ||
| 1364 | /* We are returning a list of supported nids */ | ||
| 1365 | *nids = engine_digest_nids ; | ||
| 1366 | return engine_digest_nids_num ; | ||
| 1367 | } | ||
| 1368 | /* We are being asked for a specific digest */ | ||
| 1369 | if ( nid == NID_md5 ) { | ||
| 1370 | *digest = &engine_md5_md ; | ||
| 1371 | } | ||
| 1372 | else if ( nid == NID_sha1 ) { | ||
| 1373 | *digest = &engine_sha1_md ; | ||
| 1374 | } | ||
| 1375 | else { | ||
| 1376 | *digest = NULL ; | ||
| 1377 | return 0 ; | ||
| 1378 | } | ||
| 1379 | return 1 ; | ||
| 1380 | } | ||
| 1381 | |||
| 1382 | |||
| 1383 | /* SHA stuff Functions | ||
| 1384 | */ | ||
| 1385 | static int engine_sha1_init ( EVP_MD_CTX *ctx ) | ||
| 1386 | { | ||
| 1387 | |||
| 1388 | int to_return = 0 ; | ||
| 1389 | |||
| 1390 | /* Test with zenbridge library ... */ | ||
| 1391 | to_return = ptr_zencod_sha1_init ( (ZEN_MD_DATA *) ctx->md_data ) ; | ||
| 1392 | to_return = !to_return ; | ||
| 1393 | |||
| 1394 | return to_return ; | ||
| 1395 | } | ||
| 1396 | |||
| 1397 | |||
| 1398 | static int engine_sha1_update ( EVP_MD_CTX *ctx, const void *data, unsigned long count ) | ||
| 1399 | { | ||
| 1400 | |||
| 1401 | zen_nb_t input ; | ||
| 1402 | int to_return = 0 ; | ||
| 1403 | |||
| 1404 | /* Convert parameters ... */ | ||
| 1405 | input.len = count ; | ||
| 1406 | input.data = (unsigned char *) data ; | ||
| 1407 | |||
| 1408 | /* Test with zenbridge library ... */ | ||
| 1409 | to_return = ptr_zencod_sha1_update ( (ZEN_MD_DATA *) ctx->md_data, (const zen_nb_t *) &input ) ; | ||
| 1410 | to_return = !to_return ; | ||
| 1411 | |||
| 1412 | return to_return ; | ||
| 1413 | } | ||
| 1414 | |||
| 1415 | |||
| 1416 | static int engine_sha1_final ( EVP_MD_CTX *ctx, unsigned char *md ) | ||
| 1417 | { | ||
| 1418 | |||
| 1419 | zen_nb_t output ; | ||
| 1420 | int to_return = 0 ; | ||
| 1421 | |||
| 1422 | /* Convert parameters ... */ | ||
| 1423 | output.len = SHA_DIGEST_LENGTH ; | ||
| 1424 | output.data = md ; | ||
| 1425 | |||
| 1426 | /* Test with zenbridge library ... */ | ||
| 1427 | to_return = ptr_zencod_sha1_do_final ( (ZEN_MD_DATA *) ctx->md_data, (zen_nb_t *) &output ) ; | ||
| 1428 | to_return = !to_return ; | ||
| 1429 | |||
| 1430 | return to_return ; | ||
| 1431 | } | ||
| 1432 | |||
| 1433 | |||
| 1434 | |||
| 1435 | /* MD5 stuff Functions | ||
| 1436 | */ | ||
| 1437 | static int engine_md5_init ( EVP_MD_CTX *ctx ) | ||
| 1438 | { | ||
| 1439 | |||
| 1440 | int to_return = 0 ; | ||
| 1441 | |||
| 1442 | /* Test with zenbridge library ... */ | ||
| 1443 | to_return = ptr_zencod_md5_init ( (ZEN_MD_DATA *) ctx->md_data ) ; | ||
| 1444 | to_return = !to_return ; | ||
| 1445 | |||
| 1446 | return to_return ; | ||
| 1447 | } | ||
| 1448 | |||
| 1449 | |||
| 1450 | static int engine_md5_update ( EVP_MD_CTX *ctx, const void *data, unsigned long count ) | ||
| 1451 | { | ||
| 1452 | |||
| 1453 | zen_nb_t input ; | ||
| 1454 | int to_return = 0 ; | ||
| 1455 | |||
| 1456 | /* Convert parameters ... */ | ||
| 1457 | input.len = count ; | ||
| 1458 | input.data = (unsigned char *) data ; | ||
| 1459 | |||
| 1460 | /* Test with zenbridge library ... */ | ||
| 1461 | to_return = ptr_zencod_md5_update ( (ZEN_MD_DATA *) ctx->md_data, (const zen_nb_t *) &input ) ; | ||
| 1462 | to_return = !to_return ; | ||
| 1463 | |||
| 1464 | return to_return ; | ||
| 1465 | } | ||
| 1466 | |||
| 1467 | |||
| 1468 | static int engine_md5_final ( EVP_MD_CTX *ctx, unsigned char *md ) | ||
| 1469 | { | ||
| 1470 | |||
| 1471 | zen_nb_t output ; | ||
| 1472 | int to_return = 0 ; | ||
| 1473 | |||
| 1474 | /* Convert parameters ... */ | ||
| 1475 | output.len = MD5_DIGEST_LENGTH ; | ||
| 1476 | output.data = md ; | ||
| 1477 | |||
| 1478 | /* Test with zenbridge library ... */ | ||
| 1479 | to_return = ptr_zencod_md5_do_final ( (ZEN_MD_DATA *) ctx->md_data, (zen_nb_t *) &output ) ; | ||
| 1480 | to_return = !to_return ; | ||
| 1481 | |||
| 1482 | return to_return ; | ||
| 1483 | } | ||
| 1484 | |||
| 1485 | |||
| 1486 | static int engine_md_cleanup ( EVP_MD_CTX *ctx ) | ||
| 1487 | { | ||
| 1488 | |||
| 1489 | ZEN_MD_DATA *zen_md_data = (ZEN_MD_DATA *) ctx->md_data ; | ||
| 1490 | |||
| 1491 | if ( zen_md_data->HashBuffer != NULL ) { | ||
| 1492 | OPENSSL_free ( zen_md_data->HashBuffer ) ; | ||
| 1493 | zen_md_data->HashBufferSize = 0 ; | ||
| 1494 | ctx->md_data = NULL ; | ||
| 1495 | } | ||
| 1496 | |||
| 1497 | return 1 ; | ||
| 1498 | } | ||
| 1499 | |||
| 1500 | |||
| 1501 | static int engine_md_copy ( EVP_MD_CTX *to, const EVP_MD_CTX *from ) | ||
| 1502 | { | ||
| 1503 | const ZEN_MD_DATA *from_md = (ZEN_MD_DATA *) from->md_data ; | ||
| 1504 | ZEN_MD_DATA *to_md = (ZEN_MD_DATA *) to->md_data ; | ||
| 1505 | |||
| 1506 | to_md->HashBuffer = OPENSSL_malloc ( from_md->HashBufferSize ) ; | ||
| 1507 | memcpy ( to_md->HashBuffer, from_md->HashBuffer, from_md->HashBufferSize ) ; | ||
| 1508 | |||
| 1509 | return 1; | ||
| 1510 | } | ||
| 1511 | |||
| 1512 | |||
| 1513 | /* General function cloned on hw_openbsd_dev_crypto one ... */ | ||
| 1514 | static int engine_ciphers ( ENGINE *e, const EVP_CIPHER **cipher, const int **nids, int nid ) | ||
| 1515 | { | ||
| 1516 | |||
| 1517 | if ( !cipher ) { | ||
| 1518 | /* We are returning a list of supported nids */ | ||
| 1519 | *nids = engine_cipher_nids ; | ||
| 1520 | return engine_cipher_nids_num ; | ||
| 1521 | } | ||
| 1522 | /* We are being asked for a specific cipher */ | ||
| 1523 | if ( nid == NID_rc4 ) { | ||
| 1524 | *cipher = &engine_rc4 ; | ||
| 1525 | } | ||
| 1526 | else if ( nid == NID_rc4_40 ) { | ||
| 1527 | *cipher = &engine_rc4_40 ; | ||
| 1528 | } | ||
| 1529 | else if ( nid == NID_des_cbc ) { | ||
| 1530 | *cipher = &engine_des_cbc ; | ||
| 1531 | } | ||
| 1532 | else if ( nid == NID_des_ede3_cbc ) { | ||
| 1533 | *cipher = &engine_des_ede3_cbc ; | ||
| 1534 | } | ||
| 1535 | else { | ||
| 1536 | *cipher = NULL ; | ||
| 1537 | return 0 ; | ||
| 1538 | } | ||
| 1539 | |||
| 1540 | return 1 ; | ||
| 1541 | } | ||
| 1542 | |||
| 1543 | |||
| 1544 | static int engine_rc4_init_key ( EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc ) | ||
| 1545 | { | ||
| 1546 | int to_return = 0 ; | ||
| 1547 | int i = 0 ; | ||
| 1548 | int nb = 0 ; | ||
| 1549 | NEW_ZEN_RC4_KEY *tmp_rc4_key = NULL ; | ||
| 1550 | |||
| 1551 | tmp_rc4_key = (NEW_ZEN_RC4_KEY *) ( ctx->cipher_data ) ; | ||
| 1552 | tmp_rc4_key->first = 0 ; | ||
| 1553 | tmp_rc4_key->len = ctx->key_len ; | ||
| 1554 | tmp_rc4_key->rc4_state [ 0 ] = 0x00 ; | ||
| 1555 | tmp_rc4_key->rc4_state [ 2 ] = 0x00 ; | ||
| 1556 | nb = 256 / ctx->key_len ; | ||
| 1557 | for ( i = 0; i < nb ; i++ ) { | ||
| 1558 | memcpy ( &( tmp_rc4_key->rc4_state [ 4 + i*ctx->key_len ] ), key, ctx->key_len ) ; | ||
| 1559 | } | ||
| 1560 | |||
| 1561 | to_return = 1 ; | ||
| 1562 | |||
| 1563 | return to_return ; | ||
| 1564 | } | ||
| 1565 | |||
| 1566 | |||
| 1567 | static int engine_rc4_cipher ( EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int in_len ) | ||
| 1568 | { | ||
| 1569 | |||
| 1570 | zen_nb_t output, input ; | ||
| 1571 | zen_nb_t rc4key ; | ||
| 1572 | int to_return = 0 ; | ||
| 1573 | NEW_ZEN_RC4_KEY *tmp_rc4_key = NULL ; | ||
| 1574 | |||
| 1575 | /* Convert parameters ... */ | ||
| 1576 | input.len = in_len ; | ||
| 1577 | input.data = (unsigned char *) in ; | ||
| 1578 | output.len = in_len ; | ||
| 1579 | output.data = (unsigned char *) out ; | ||
| 1580 | |||
| 1581 | tmp_rc4_key = ( (NEW_ZEN_RC4_KEY *) ( ctx->cipher_data ) ) ; | ||
| 1582 | rc4key.len = 260 ; | ||
| 1583 | rc4key.data = &( tmp_rc4_key->rc4_state [ 0 ] ) ; | ||
| 1584 | |||
| 1585 | /* Test with zenbridge library ... */ | ||
| 1586 | to_return = ptr_zencod_rc4_cipher ( &output, &input, (const zen_nb_t *) &rc4key, &( tmp_rc4_key->rc4_state [0] ), &( tmp_rc4_key->rc4_state [3] ), !tmp_rc4_key->first ) ; | ||
| 1587 | to_return = !to_return ; | ||
| 1588 | |||
| 1589 | /* Update encryption state ... */ | ||
| 1590 | tmp_rc4_key->first = 1 ; | ||
| 1591 | tmp_rc4_key = NULL ; | ||
| 1592 | |||
| 1593 | return to_return ; | ||
| 1594 | } | ||
| 1595 | |||
| 1596 | |||
| 1597 | static int engine_des_init_key ( EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc ) | ||
| 1598 | { | ||
| 1599 | |||
| 1600 | ZEN_DES_KEY *tmp_des_key = NULL ; | ||
| 1601 | int to_return = 0 ; | ||
| 1602 | |||
| 1603 | tmp_des_key = (ZEN_DES_KEY *) ( ctx->cipher_data ) ; | ||
| 1604 | memcpy ( &( tmp_des_key->des_key [ 0 ] ), key, 8 ) ; | ||
| 1605 | memcpy ( &( tmp_des_key->des_key [ 8 ] ), key, 8 ) ; | ||
| 1606 | memcpy ( &( tmp_des_key->des_key [ 16 ] ), key, 8 ) ; | ||
| 1607 | memcpy ( &( tmp_des_key->des_iv [ 0 ] ), iv, 8 ) ; | ||
| 1608 | |||
| 1609 | to_return = 1 ; | ||
| 1610 | |||
| 1611 | return to_return ; | ||
| 1612 | } | ||
| 1613 | |||
| 1614 | |||
| 1615 | static int engine_des_cbc_cipher ( EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl ) | ||
| 1616 | { | ||
| 1617 | |||
| 1618 | zen_nb_t output, input ; | ||
| 1619 | zen_nb_t deskey_1, deskey_2, deskey_3, iv ; | ||
| 1620 | int to_return = 0 ; | ||
| 1621 | |||
| 1622 | /* Convert parameters ... */ | ||
| 1623 | input.len = inl ; | ||
| 1624 | input.data = (unsigned char *) in ; | ||
| 1625 | output.len = inl ; | ||
| 1626 | output.data = out ; | ||
| 1627 | |||
| 1628 | /* Set key parameters ... */ | ||
| 1629 | deskey_1.len = 8 ; | ||
| 1630 | deskey_2.len = 8 ; | ||
| 1631 | deskey_3.len = 8 ; | ||
| 1632 | deskey_1.data = (unsigned char *) ( (ZEN_DES_KEY *) ( ctx->cipher_data ) )->des_key ; | ||
| 1633 | deskey_2.data = (unsigned char *) &( (ZEN_DES_KEY *) ( ctx->cipher_data ) )->des_key [ 8 ] ; | ||
| 1634 | deskey_3.data = (unsigned char *) &( (ZEN_DES_KEY *) ( ctx->cipher_data ) )->des_key [ 16 ] ; | ||
| 1635 | |||
| 1636 | /* Key correct iv ... */ | ||
| 1637 | memcpy ( ( (ZEN_DES_KEY *) ( ctx->cipher_data ) )->des_iv, ctx->iv, 8 ) ; | ||
| 1638 | iv.len = 8 ; | ||
| 1639 | iv.data = (unsigned char *) ( (ZEN_DES_KEY *) ( ctx->cipher_data ) )->des_iv ; | ||
| 1640 | |||
| 1641 | if ( ctx->encrypt == 0 ) { | ||
| 1642 | memcpy ( ctx->iv, &( input.data [ input.len - 8 ] ), 8 ) ; | ||
| 1643 | } | ||
| 1644 | |||
| 1645 | /* Test with zenbridge library ... */ | ||
| 1646 | to_return = ptr_zencod_xdes_cipher ( &output, &input, | ||
| 1647 | (zen_nb_t *) &deskey_1, (zen_nb_t *) &deskey_2, (zen_nb_t *) &deskey_3, &iv, ctx->encrypt ) ; | ||
| 1648 | to_return = !to_return ; | ||
| 1649 | |||
| 1650 | /* But we need to set up the rigth iv ... | ||
| 1651 | * Test ENCRYPT or DECRYPT mode to set iv ... */ | ||
| 1652 | if ( ctx->encrypt == 1 ) { | ||
| 1653 | memcpy ( ctx->iv, &( output.data [ output.len - 8 ] ), 8 ) ; | ||
| 1654 | } | ||
| 1655 | |||
| 1656 | return to_return ; | ||
| 1657 | } | ||
| 1658 | |||
| 1659 | |||
| 1660 | static int engine_des_ede3_init_key ( EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc ) | ||
| 1661 | { | ||
| 1662 | |||
| 1663 | ZEN_3DES_KEY *tmp_3des_key = NULL ; | ||
| 1664 | int to_return = 0 ; | ||
| 1665 | |||
| 1666 | tmp_3des_key = (ZEN_3DES_KEY *) ( ctx->cipher_data ) ; | ||
| 1667 | memcpy ( &( tmp_3des_key->des3_key [ 0 ] ), key, 24 ) ; | ||
| 1668 | memcpy ( &( tmp_3des_key->des3_iv [ 0 ] ), iv, 8 ) ; | ||
| 1669 | |||
| 1670 | to_return = 1; | ||
| 1671 | |||
| 1672 | return to_return ; | ||
| 1673 | } | ||
| 1674 | |||
| 1675 | |||
| 1676 | static int engine_des_ede3_cbc_cipher ( EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, | ||
| 1677 | unsigned int in_len ) | ||
| 1678 | { | ||
| 1679 | |||
| 1680 | zen_nb_t output, input ; | ||
| 1681 | zen_nb_t deskey_1, deskey_2, deskey_3, iv ; | ||
| 1682 | int to_return = 0 ; | ||
| 1683 | |||
| 1684 | /* Convert parameters ... */ | ||
| 1685 | input.len = in_len ; | ||
| 1686 | input.data = (unsigned char *) in ; | ||
| 1687 | output.len = in_len ; | ||
| 1688 | output.data = out ; | ||
| 1689 | |||
| 1690 | /* Set key ... */ | ||
| 1691 | deskey_1.len = 8 ; | ||
| 1692 | deskey_2.len = 8 ; | ||
| 1693 | deskey_3.len = 8 ; | ||
| 1694 | deskey_1.data = (unsigned char *) ( (ZEN_3DES_KEY *) ( ctx->cipher_data ) )->des3_key ; | ||
| 1695 | deskey_2.data = (unsigned char *) &( (ZEN_3DES_KEY *) ( ctx->cipher_data ) )->des3_key [ 8 ] ; | ||
| 1696 | deskey_3.data = (unsigned char *) &( (ZEN_3DES_KEY *) ( ctx->cipher_data ) )->des3_key [ 16 ] ; | ||
| 1697 | |||
| 1698 | /* Key correct iv ... */ | ||
| 1699 | memcpy ( ( (ZEN_3DES_KEY *) ( ctx->cipher_data ) )->des3_iv, ctx->iv, 8 ) ; | ||
| 1700 | iv.len = 8 ; | ||
| 1701 | iv.data = (unsigned char *) ( (ZEN_3DES_KEY *) ( ctx->cipher_data ) )->des3_iv ; | ||
| 1702 | |||
| 1703 | if ( ctx->encrypt == 0 ) { | ||
| 1704 | memcpy ( ctx->iv, &( input.data [ input.len - 8 ] ), 8 ) ; | ||
| 1705 | } | ||
| 1706 | |||
| 1707 | /* Test with zenbridge library ... */ | ||
| 1708 | to_return = ptr_zencod_xdes_cipher ( &output, &input, | ||
| 1709 | (zen_nb_t *) &deskey_1, (zen_nb_t *) &deskey_2, (zen_nb_t *) &deskey_3, &iv, ctx->encrypt ) ; | ||
| 1710 | to_return = !to_return ; | ||
| 1711 | |||
| 1712 | if ( ctx->encrypt == 1 ) { | ||
| 1713 | memcpy ( ctx->iv, &( output.data [ output.len - 8 ] ), 8 ) ; | ||
| 1714 | } | ||
| 1715 | |||
| 1716 | return to_return ; | ||
| 1717 | } | ||
| 1718 | |||
| 1719 | |||
| 1720 | static int engine_cipher_cleanup ( EVP_CIPHER_CTX *ctx ) | ||
| 1721 | { | ||
| 1722 | |||
| 1723 | /* Set the key pointer ... */ | ||
| 1724 | if ( ctx->cipher->nid == NID_rc4 || ctx->cipher->nid == NID_rc4_40 ) { | ||
| 1725 | } | ||
| 1726 | else if ( ctx->cipher->nid == NID_des_cbc ) { | ||
| 1727 | } | ||
| 1728 | else if ( ctx->cipher->nid == NID_des_ede3_cbc ) { | ||
| 1729 | } | ||
| 1730 | |||
| 1731 | return 1 ; | ||
| 1732 | } | ||
| 1733 | |||
| 1734 | |||
| 1735 | #endif /* !OPENSSL_NO_HW_ZENCOD */ | ||
| 1736 | #endif /* !OPENSSL_NO_HW */ | ||
| diff --git a/src/lib/libssl/src/demos/engines/zencod/hw_zencod.ec b/src/lib/libssl/src/demos/engines/zencod/hw_zencod.ec new file mode 100644 index 0000000000..1552c79be6 --- /dev/null +++ b/src/lib/libssl/src/demos/engines/zencod/hw_zencod.ec | |||
| @@ -0,0 +1,8 @@ | |||
| 1 | # configuration file for util/mkerr.pl | ||
| 2 | # | ||
| 3 | # use like this: | ||
| 4 | # | ||
| 5 | # perl ../../../util/mkerr.pl -conf hw_zencod.ec \ | ||
| 6 | # -nostatic -staticloader -write *.c | ||
| 7 | |||
| 8 | L ZENCOD hw_zencod_err.h hw_zencod_err.c | ||
| diff --git a/src/lib/libssl/src/demos/engines/zencod/hw_zencod.h b/src/lib/libssl/src/demos/engines/zencod/hw_zencod.h new file mode 100644 index 0000000000..195345d8c6 --- /dev/null +++ b/src/lib/libssl/src/demos/engines/zencod/hw_zencod.h | |||
| @@ -0,0 +1,160 @@ | |||
| 1 | /* File : /crypto/engine/vendor_defns/hw_zencod.h */ | ||
| 2 | /* ==================================================================== | ||
| 3 | * Written by Donnat Frederic (frederic.donnat@zencod.com) from ZENCOD | ||
| 4 | * for "zencod" ENGINE integration in OpenSSL project. | ||
| 5 | */ | ||
| 6 | |||
| 7 | |||
| 8 | #ifndef _HW_ZENCOD_H_ | ||
| 9 | #define _HW_ZENCOD_H_ | ||
| 10 | |||
| 11 | #include <stdio.h> | ||
| 12 | |||
| 13 | #ifdef __cplusplus | ||
| 14 | extern "C" { | ||
| 15 | #endif /* __cplusplus */ | ||
| 16 | |||
| 17 | #define ZENBRIDGE_MAX_KEYSIZE_RSA 2048 | ||
| 18 | #define ZENBRIDGE_MAX_KEYSIZE_RSA_CRT 1024 | ||
| 19 | #define ZENBRIDGE_MAX_KEYSIZE_DSA_SIGN 1024 | ||
| 20 | #define ZENBRIDGE_MAX_KEYSIZE_DSA_VRFY 1024 | ||
| 21 | |||
| 22 | /* Library version computation */ | ||
| 23 | #define ZENBRIDGE_VERSION_MAJOR(x) (((x) >> 16) | 0xff) | ||
| 24 | #define ZENBRIDGE_VERSION_MINOR(x) (((x) >> 8) | 0xff) | ||
| 25 | #define ZENBRIDGE_VERSION_PATCH(x) (((x) >> 0) | 0xff) | ||
| 26 | #define ZENBRIDGE_VERSION(x, y, z) ((x) << 16 | (y) << 8 | (z)) | ||
| 27 | |||
| 28 | /* | ||
| 29 | * Memory type | ||
| 30 | */ | ||
| 31 | typedef struct zencod_number_s { | ||
| 32 | unsigned long len; | ||
| 33 | unsigned char *data; | ||
| 34 | } zen_nb_t; | ||
| 35 | |||
| 36 | #define KEY zen_nb_t | ||
| 37 | |||
| 38 | |||
| 39 | /* | ||
| 40 | * Misc | ||
| 41 | */ | ||
| 42 | typedef int t_zencod_lib_version (void); | ||
| 43 | typedef int t_zencod_hw_version (void); | ||
| 44 | typedef int t_zencod_test (void); | ||
| 45 | typedef int t_zencod_dump_key (FILE *stream, char *msg, KEY *key); | ||
| 46 | |||
| 47 | |||
| 48 | /* | ||
| 49 | * Key managment tools | ||
| 50 | */ | ||
| 51 | typedef KEY *t_zencod_new_number (unsigned long len, unsigned char *data); | ||
| 52 | typedef int t_zencod_init_number (KEY *n, unsigned long len, unsigned char *data); | ||
| 53 | typedef unsigned long t_zencod_bytes2bits (unsigned char *n, unsigned long bytes); | ||
| 54 | typedef unsigned long t_zencod_bits2bytes (unsigned long bits); | ||
| 55 | |||
| 56 | |||
| 57 | /* | ||
| 58 | * RSA API | ||
| 59 | */ | ||
| 60 | /* Compute modular exponential : y = x**e | n */ | ||
| 61 | typedef int t_zencod_rsa_mod_exp (KEY *y, KEY *x, KEY *n, KEY *e); | ||
| 62 | /* Compute modular exponential : y1 = (x | p)**edp | p, y2 = (x | p)**edp | p, y = y2 + (qinv * (y1 - y2) | p) * q */ | ||
| 63 | typedef int t_zencod_rsa_mod_exp_crt (KEY *y, KEY *x, KEY *p, KEY *q, | ||
| 64 | KEY *edp, KEY *edq, KEY *qinv); | ||
| 65 | |||
| 66 | |||
| 67 | /* | ||
| 68 | * DSA API | ||
| 69 | */ | ||
| 70 | typedef int t_zencod_dsa_do_sign (unsigned int hash, KEY *data, KEY *random, | ||
| 71 | KEY *p, KEY *q, KEY *g, KEY *x, KEY *r, KEY *s); | ||
| 72 | typedef int t_zencod_dsa_do_verify (unsigned int hash, KEY *data, | ||
| 73 | KEY *p, KEY *q, KEY *g, KEY *y, | ||
| 74 | KEY *r, KEY *s, KEY *v); | ||
| 75 | |||
| 76 | |||
| 77 | /* | ||
| 78 | * DH API | ||
| 79 | */ | ||
| 80 | /* Key generation : compute public value y = g**x | n */ | ||
| 81 | typedef int t_zencod_dh_generate_key (KEY *y, KEY *x, KEY *g, KEY *n, int gen_x); | ||
| 82 | typedef int t_zencod_dh_compute_key (KEY *k, KEY *y, KEY *x, KEY *n); | ||
| 83 | |||
| 84 | |||
| 85 | /* | ||
| 86 | * RNG API | ||
| 87 | */ | ||
| 88 | #define ZENBRIDGE_RNG_DIRECT 0 | ||
| 89 | #define ZENBRIDGE_RNG_SHA1 1 | ||
| 90 | typedef int t_zencod_rand_bytes (KEY *rand, unsigned int flags); | ||
| 91 | |||
| 92 | |||
| 93 | /* | ||
| 94 | * Math API | ||
| 95 | */ | ||
| 96 | typedef int t_zencod_math_mod_exp (KEY *r, KEY *a, KEY *e, KEY *n); | ||
| 97 | |||
| 98 | |||
| 99 | |||
| 100 | |||
| 101 | /* | ||
| 102 | * Symetric API | ||
| 103 | */ | ||
| 104 | /* Define a data structure for digests operations */ | ||
| 105 | typedef struct ZEN_data_st | ||
| 106 | { | ||
| 107 | unsigned int HashBufferSize ; | ||
| 108 | unsigned char *HashBuffer ; | ||
| 109 | } ZEN_MD_DATA ; | ||
| 110 | |||
| 111 | /* | ||
| 112 | * Functions for Digest (MD5, SHA1) stuff | ||
| 113 | */ | ||
| 114 | /* output : output data buffer */ | ||
| 115 | /* input : input data buffer */ | ||
| 116 | /* algo : hash algorithm, MD5 or SHA1 */ | ||
| 117 | /* typedef int t_zencod_hash ( KEY *output, const KEY *input, int algo ) ; | ||
| 118 | * typedef int t_zencod_sha_hash ( KEY *output, const KEY *input, int algo ) ; | ||
| 119 | */ | ||
| 120 | /* For now separate this stuff that mad it easier to test */ | ||
| 121 | typedef int t_zencod_md5_init ( ZEN_MD_DATA *data ) ; | ||
| 122 | typedef int t_zencod_md5_update ( ZEN_MD_DATA *data, const KEY *input ) ; | ||
| 123 | typedef int t_zencod_md5_do_final ( ZEN_MD_DATA *data, KEY *output ) ; | ||
| 124 | |||
| 125 | typedef int t_zencod_sha1_init ( ZEN_MD_DATA *data ) ; | ||
| 126 | typedef int t_zencod_sha1_update ( ZEN_MD_DATA *data, const KEY *input ) ; | ||
| 127 | typedef int t_zencod_sha1_do_final ( ZEN_MD_DATA *data, KEY *output ) ; | ||
| 128 | |||
| 129 | |||
| 130 | /* | ||
| 131 | * Functions for Cipher (RC4, DES, 3DES) stuff | ||
| 132 | */ | ||
| 133 | /* output : output data buffer */ | ||
| 134 | /* input : input data buffer */ | ||
| 135 | /* key : rc4 key data */ | ||
| 136 | /* index_1 : value of index x from RC4 key structure */ | ||
| 137 | /* index_2 : value of index y from RC4 key structure */ | ||
| 138 | /* Be carefull : RC4 key should be expanded before calling this method (Should we provide an expand function ??) */ | ||
| 139 | typedef int t_zencod_rc4_cipher ( KEY *output, const KEY *input, const KEY *key, | ||
| 140 | unsigned char *index_1, unsigned char *index_2, int mode ) ; | ||
| 141 | |||
| 142 | /* output : output data buffer */ | ||
| 143 | /* input : input data buffer */ | ||
| 144 | /* key_1 : des first key data */ | ||
| 145 | /* key_2 : des second key data */ | ||
| 146 | /* key_3 : des third key data */ | ||
| 147 | /* iv : initial vector */ | ||
| 148 | /* mode : xdes mode (encrypt or decrypt) */ | ||
| 149 | /* Be carefull : In DES mode key_1 = key_2 = key_3 (as far as i can see !!) */ | ||
| 150 | typedef int t_zencod_xdes_cipher ( KEY *output, const KEY *input, const KEY *key_1, | ||
| 151 | const KEY *key_2, const KEY *key_3, const KEY *iv, int mode ) ; | ||
| 152 | |||
| 153 | |||
| 154 | #undef KEY | ||
| 155 | |||
| 156 | #ifdef __cplusplus | ||
| 157 | } | ||
| 158 | #endif /* __cplusplus */ | ||
| 159 | |||
| 160 | #endif /* !_HW_ZENCOD_H_ */ | ||
| diff --git a/src/lib/libssl/src/demos/engines/zencod/hw_zencod_err.c b/src/lib/libssl/src/demos/engines/zencod/hw_zencod_err.c new file mode 100644 index 0000000000..8ed0fffc9c --- /dev/null +++ b/src/lib/libssl/src/demos/engines/zencod/hw_zencod_err.c | |||
| @@ -0,0 +1,151 @@ | |||
| 1 | /* hw_zencod_err.c */ | ||
| 2 | /* ==================================================================== | ||
| 3 | * Copyright (c) 1999-2002 The OpenSSL Project. All rights reserved. | ||
| 4 | * | ||
| 5 | * Redistribution and use in source and binary forms, with or without | ||
| 6 | * modification, are permitted provided that the following conditions | ||
| 7 | * are met: | ||
| 8 | * | ||
| 9 | * 1. Redistributions of source code must retain the above copyright | ||
| 10 | * notice, this list of conditions and the following disclaimer. | ||
| 11 | * | ||
| 12 | * 2. Redistributions in binary form must reproduce the above copyright | ||
| 13 | * notice, this list of conditions and the following disclaimer in | ||
| 14 | * the documentation and/or other materials provided with the | ||
| 15 | * distribution. | ||
| 16 | * | ||
| 17 | * 3. All advertising materials mentioning features or use of this | ||
| 18 | * software must display the following acknowledgment: | ||
| 19 | * "This product includes software developed by the OpenSSL Project | ||
| 20 | * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" | ||
| 21 | * | ||
| 22 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | ||
| 23 | * endorse or promote products derived from this software without | ||
| 24 | * prior written permission. For written permission, please contact | ||
| 25 | * openssl-core@OpenSSL.org. | ||
| 26 | * | ||
| 27 | * 5. Products derived from this software may not be called "OpenSSL" | ||
| 28 | * nor may "OpenSSL" appear in their names without prior written | ||
| 29 | * permission of the OpenSSL Project. | ||
| 30 | * | ||
| 31 | * 6. Redistributions of any form whatsoever must retain the following | ||
| 32 | * acknowledgment: | ||
| 33 | * "This product includes software developed by the OpenSSL Project | ||
| 34 | * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" | ||
| 35 | * | ||
| 36 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | ||
| 37 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
| 38 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | ||
| 39 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | ||
| 40 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | ||
| 41 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
| 42 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | ||
| 43 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
| 44 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | ||
| 45 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | ||
| 46 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | ||
| 47 | * OF THE POSSIBILITY OF SUCH DAMAGE. | ||
| 48 | * ==================================================================== | ||
| 49 | * | ||
| 50 | * This product includes cryptographic software written by Eric Young | ||
| 51 | * (eay@cryptsoft.com). This product includes software written by Tim | ||
| 52 | * Hudson (tjh@cryptsoft.com). | ||
| 53 | * | ||
| 54 | */ | ||
| 55 | |||
| 56 | /* NOTE: this file was auto generated by the mkerr.pl script: any changes | ||
| 57 | * made to it will be overwritten when the script next updates this file, | ||
| 58 | * only reason strings will be preserved. | ||
| 59 | */ | ||
| 60 | |||
| 61 | #include <stdio.h> | ||
| 62 | #include <openssl/err.h> | ||
| 63 | #include "hw_zencod_err.h" | ||
| 64 | |||
| 65 | /* BEGIN ERROR CODES */ | ||
| 66 | #ifndef OPENSSL_NO_ERR | ||
| 67 | static ERR_STRING_DATA ZENCOD_str_functs[]= | ||
| 68 | { | ||
| 69 | {ERR_PACK(0,ZENCOD_F_ZENCOD_BN_MOD_EXP,0), "ZENCOD_BN_MOD_EXP"}, | ||
| 70 | {ERR_PACK(0,ZENCOD_F_ZENCOD_CTRL,0), "ZENCOD_CTRL"}, | ||
| 71 | {ERR_PACK(0,ZENCOD_F_ZENCOD_DH_COMPUTE,0), "ZENCOD_DH_COMPUTE"}, | ||
| 72 | {ERR_PACK(0,ZENCOD_F_ZENCOD_DH_GENERATE,0), "ZENCOD_DH_GENERATE"}, | ||
| 73 | {ERR_PACK(0,ZENCOD_F_ZENCOD_DSA_DO_SIGN,0), "ZENCOD_DSA_DO_SIGN"}, | ||
| 74 | {ERR_PACK(0,ZENCOD_F_ZENCOD_DSA_DO_VERIFY,0), "ZENCOD_DSA_DO_VERIFY"}, | ||
| 75 | {ERR_PACK(0,ZENCOD_F_ZENCOD_FINISH,0), "ZENCOD_FINISH"}, | ||
| 76 | {ERR_PACK(0,ZENCOD_F_ZENCOD_INIT,0), "ZENCOD_INIT"}, | ||
| 77 | {ERR_PACK(0,ZENCOD_F_ZENCOD_RAND,0), "ZENCOD_RAND"}, | ||
| 78 | {ERR_PACK(0,ZENCOD_F_ZENCOD_RSA_MOD_EXP,0), "ZENCOD_RSA_MOD_EXP"}, | ||
| 79 | {ERR_PACK(0,ZENCOD_F_ZENCOD_RSA_MOD_EXP_CRT,0), "ZENCOD_RSA_MOD_EXP_CRT"}, | ||
| 80 | {0,NULL} | ||
| 81 | }; | ||
| 82 | |||
| 83 | static ERR_STRING_DATA ZENCOD_str_reasons[]= | ||
| 84 | { | ||
| 85 | {ZENCOD_R_ALREADY_LOADED ,"already loaded"}, | ||
| 86 | {ZENCOD_R_BAD_KEY_COMPONENTS ,"bad key components"}, | ||
| 87 | {ZENCOD_R_BN_EXPAND_FAIL ,"bn expand fail"}, | ||
| 88 | {ZENCOD_R_CTRL_COMMAND_NOT_IMPLEMENTED ,"ctrl command not implemented"}, | ||
| 89 | {ZENCOD_R_DSO_FAILURE ,"dso failure"}, | ||
| 90 | {ZENCOD_R_NOT_LOADED ,"not loaded"}, | ||
| 91 | {ZENCOD_R_REQUEST_FAILED ,"request failed"}, | ||
| 92 | {ZENCOD_R_UNIT_FAILURE ,"unit failure"}, | ||
| 93 | {0,NULL} | ||
| 94 | }; | ||
| 95 | |||
| 96 | #endif | ||
| 97 | |||
| 98 | #ifdef ZENCOD_LIB_NAME | ||
| 99 | static ERR_STRING_DATA ZENCOD_lib_name[]= | ||
| 100 | { | ||
| 101 | {0 ,ZENCOD_LIB_NAME}, | ||
| 102 | {0,NULL} | ||
| 103 | }; | ||
| 104 | #endif | ||
| 105 | |||
| 106 | |||
| 107 | static int ZENCOD_lib_error_code=0; | ||
| 108 | static int ZENCOD_error_init=1; | ||
| 109 | |||
| 110 | static void ERR_load_ZENCOD_strings(void) | ||
| 111 | { | ||
| 112 | if (ZENCOD_lib_error_code == 0) | ||
| 113 | ZENCOD_lib_error_code=ERR_get_next_error_library(); | ||
| 114 | |||
| 115 | if (ZENCOD_error_init) | ||
| 116 | { | ||
| 117 | ZENCOD_error_init=0; | ||
| 118 | #ifndef OPENSSL_NO_ERR | ||
| 119 | ERR_load_strings(ZENCOD_lib_error_code,ZENCOD_str_functs); | ||
| 120 | ERR_load_strings(ZENCOD_lib_error_code,ZENCOD_str_reasons); | ||
| 121 | #endif | ||
| 122 | |||
| 123 | #ifdef ZENCOD_LIB_NAME | ||
| 124 | ZENCOD_lib_name->error = ERR_PACK(ZENCOD_lib_error_code,0,0); | ||
| 125 | ERR_load_strings(0,ZENCOD_lib_name); | ||
| 126 | #endif | ||
| 127 | } | ||
| 128 | } | ||
| 129 | |||
| 130 | static void ERR_unload_ZENCOD_strings(void) | ||
| 131 | { | ||
| 132 | if (ZENCOD_error_init == 0) | ||
| 133 | { | ||
| 134 | #ifndef OPENSSL_NO_ERR | ||
| 135 | ERR_unload_strings(ZENCOD_lib_error_code,ZENCOD_str_functs); | ||
| 136 | ERR_unload_strings(ZENCOD_lib_error_code,ZENCOD_str_reasons); | ||
| 137 | #endif | ||
| 138 | |||
| 139 | #ifdef ZENCOD_LIB_NAME | ||
| 140 | ERR_unload_strings(0,ZENCOD_lib_name); | ||
| 141 | #endif | ||
| 142 | ZENCOD_error_init=1; | ||
| 143 | } | ||
| 144 | } | ||
| 145 | |||
| 146 | static void ERR_ZENCOD_error(int function, int reason, char *file, int line) | ||
| 147 | { | ||
| 148 | if (ZENCOD_lib_error_code == 0) | ||
| 149 | ZENCOD_lib_error_code=ERR_get_next_error_library(); | ||
| 150 | ERR_PUT_error(ZENCOD_lib_error_code,function,reason,file,line); | ||
| 151 | } | ||
| diff --git a/src/lib/libssl/src/demos/engines/zencod/hw_zencod_err.h b/src/lib/libssl/src/demos/engines/zencod/hw_zencod_err.h new file mode 100644 index 0000000000..1b5dcb5685 --- /dev/null +++ b/src/lib/libssl/src/demos/engines/zencod/hw_zencod_err.h | |||
| @@ -0,0 +1,95 @@ | |||
| 1 | /* ==================================================================== | ||
| 2 | * Copyright (c) 2001-2002 The OpenSSL Project. All rights reserved. | ||
| 3 | * | ||
| 4 | * Redistribution and use in source and binary forms, with or without | ||
| 5 | * modification, are permitted provided that the following conditions | ||
| 6 | * are met: | ||
| 7 | * | ||
| 8 | * 1. Redistributions of source code must retain the above copyright | ||
| 9 | * notice, this list of conditions and the following disclaimer. | ||
| 10 | * | ||
| 11 | * 2. Redistributions in binary form must reproduce the above copyright | ||
| 12 | * notice, this list of conditions and the following disclaimer in | ||
| 13 | * the documentation and/or other materials provided with the | ||
| 14 | * distribution. | ||
| 15 | * | ||
| 16 | * 3. All advertising materials mentioning features or use of this | ||
| 17 | * software must display the following acknowledgment: | ||
| 18 | * "This product includes software developed by the OpenSSL Project | ||
| 19 | * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" | ||
| 20 | * | ||
| 21 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | ||
| 22 | * endorse or promote products derived from this software without | ||
| 23 | * prior written permission. For written permission, please contact | ||
| 24 | * openssl-core@openssl.org. | ||
| 25 | * | ||
| 26 | * 5. Products derived from this software may not be called "OpenSSL" | ||
| 27 | * nor may "OpenSSL" appear in their names without prior written | ||
| 28 | * permission of the OpenSSL Project. | ||
| 29 | * | ||
| 30 | * 6. Redistributions of any form whatsoever must retain the following | ||
| 31 | * acknowledgment: | ||
| 32 | * "This product includes software developed by the OpenSSL Project | ||
| 33 | * for use in the OpenSSL Toolkit (http://www.openssl.org/)" | ||
| 34 | * | ||
| 35 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | ||
| 36 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
| 37 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | ||
| 38 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | ||
| 39 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | ||
| 40 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
| 41 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | ||
| 42 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
| 43 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | ||
| 44 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | ||
| 45 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | ||
| 46 | * OF THE POSSIBILITY OF SUCH DAMAGE. | ||
| 47 | * ==================================================================== | ||
| 48 | * | ||
| 49 | * This product includes cryptographic software written by Eric Young | ||
| 50 | * (eay@cryptsoft.com). This product includes software written by Tim | ||
| 51 | * Hudson (tjh@cryptsoft.com). | ||
| 52 | * | ||
| 53 | */ | ||
| 54 | |||
| 55 | #ifndef HEADER_ZENCOD_ERR_H | ||
| 56 | #define HEADER_ZENCOD_ERR_H | ||
| 57 | |||
| 58 | /* BEGIN ERROR CODES */ | ||
| 59 | /* The following lines are auto generated by the script mkerr.pl. Any changes | ||
| 60 | * made after this point may be overwritten when the script is next run. | ||
| 61 | */ | ||
| 62 | static void ERR_load_ZENCOD_strings(void); | ||
| 63 | static void ERR_unload_ZENCOD_strings(void); | ||
| 64 | static void ERR_ZENCOD_error(int function, int reason, char *file, int line); | ||
| 65 | #define ZENCODerr(f,r) ERR_ZENCOD_error((f),(r),__FILE__,__LINE__) | ||
| 66 | |||
| 67 | /* Error codes for the ZENCOD functions. */ | ||
| 68 | |||
| 69 | /* Function codes. */ | ||
| 70 | #define ZENCOD_F_ZENCOD_BN_MOD_EXP 100 | ||
| 71 | #define ZENCOD_F_ZENCOD_CTRL 101 | ||
| 72 | #define ZENCOD_F_ZENCOD_DH_COMPUTE 102 | ||
| 73 | #define ZENCOD_F_ZENCOD_DH_GENERATE 103 | ||
| 74 | #define ZENCOD_F_ZENCOD_DSA_DO_SIGN 104 | ||
| 75 | #define ZENCOD_F_ZENCOD_DSA_DO_VERIFY 105 | ||
| 76 | #define ZENCOD_F_ZENCOD_FINISH 106 | ||
| 77 | #define ZENCOD_F_ZENCOD_INIT 107 | ||
| 78 | #define ZENCOD_F_ZENCOD_RAND 108 | ||
| 79 | #define ZENCOD_F_ZENCOD_RSA_MOD_EXP 109 | ||
| 80 | #define ZENCOD_F_ZENCOD_RSA_MOD_EXP_CRT 110 | ||
| 81 | |||
| 82 | /* Reason codes. */ | ||
| 83 | #define ZENCOD_R_ALREADY_LOADED 100 | ||
| 84 | #define ZENCOD_R_BAD_KEY_COMPONENTS 101 | ||
| 85 | #define ZENCOD_R_BN_EXPAND_FAIL 102 | ||
| 86 | #define ZENCOD_R_CTRL_COMMAND_NOT_IMPLEMENTED 103 | ||
| 87 | #define ZENCOD_R_DSO_FAILURE 104 | ||
| 88 | #define ZENCOD_R_NOT_LOADED 105 | ||
| 89 | #define ZENCOD_R_REQUEST_FAILED 106 | ||
| 90 | #define ZENCOD_R_UNIT_FAILURE 107 | ||
| 91 | |||
| 92 | #ifdef __cplusplus | ||
| 93 | } | ||
| 94 | #endif | ||
| 95 | #endif | ||
| diff --git a/src/lib/libssl/src/doc/crypto/DH_set_method.pod b/src/lib/libssl/src/doc/crypto/DH_set_method.pod index d990bf8786..73261fc467 100644 --- a/src/lib/libssl/src/doc/crypto/DH_set_method.pod +++ b/src/lib/libssl/src/doc/crypto/DH_set_method.pod | |||
| @@ -2,7 +2,7 @@ | |||
| 2 | 2 | ||
| 3 | =head1 NAME | 3 | =head1 NAME | 
| 4 | 4 | ||
| 5 | DH_set_default_openssl_method, DH_get_default_openssl_method, | 5 | DH_set_default_method, DH_get_default_method, | 
| 6 | DH_set_method, DH_new_method, DH_OpenSSL - select DH method | 6 | DH_set_method, DH_new_method, DH_OpenSSL - select DH method | 
| 7 | 7 | ||
| 8 | =head1 SYNOPSIS | 8 | =head1 SYNOPSIS | 
| @@ -10,45 +10,47 @@ DH_set_method, DH_new_method, DH_OpenSSL - select DH method | |||
| 10 | #include <openssl/dh.h> | 10 | #include <openssl/dh.h> | 
| 11 | #include <openssl/engine.h> | 11 | #include <openssl/engine.h> | 
| 12 | 12 | ||
| 13 | void DH_set_default_openssl_method(DH_METHOD *meth); | 13 | void DH_set_default_method(const DH_METHOD *meth); | 
| 14 | 14 | ||
| 15 | DH_METHOD *DH_get_default_openssl_method(void); | 15 | const DH_METHOD *DH_get_default_method(void); | 
| 16 | 16 | ||
| 17 | int DH_set_method(DH *dh, ENGINE *engine); | 17 | int DH_set_method(DH *dh, const DH_METHOD *meth); | 
| 18 | 18 | ||
| 19 | DH *DH_new_method(ENGINE *engine); | 19 | DH *DH_new_method(ENGINE *engine); | 
| 20 | 20 | ||
| 21 | DH_METHOD *DH_OpenSSL(void); | 21 | const DH_METHOD *DH_OpenSSL(void); | 
| 22 | 22 | ||
| 23 | =head1 DESCRIPTION | 23 | =head1 DESCRIPTION | 
| 24 | 24 | ||
| 25 | A B<DH_METHOD> specifies the functions that OpenSSL uses for Diffie-Hellman | 25 | A B<DH_METHOD> specifies the functions that OpenSSL uses for Diffie-Hellman | 
| 26 | operations. By modifying the method, alternative implementations | 26 | operations. By modifying the method, alternative implementations | 
| 27 | such as hardware accelerators may be used. | 27 | such as hardware accelerators may be used. IMPORTANT: See the NOTES section for | 
| 28 | 28 | important information about how these DH API functions are affected by the use | |
| 29 | Initially, the default is to use the OpenSSL internal implementation. | 29 | of B<ENGINE> API calls. | 
| 30 | DH_OpenSSL() returns a pointer to that method. | 30 | |
| 31 | 31 | Initially, the default DH_METHOD is the OpenSSL internal implementation, as | |
| 32 | DH_set_default_openssl_method() makes B<meth> the default method for all DH | 32 | returned by DH_OpenSSL(). | 
| 33 | structures created later. B<NB:> This is true only whilst the default engine | 33 | |
| 34 | for Diffie-Hellman operations remains as "openssl". ENGINEs provide an | 34 | DH_set_default_method() makes B<meth> the default method for all DH | 
| 35 | encapsulation for implementations of one or more algorithms, and all the DH | 35 | structures created later. B<NB>: This is true only whilst no ENGINE has been set | 
| 36 | functions mentioned here operate within the scope of the default | 36 | as a default for DH, so this function is no longer recommended. | 
| 37 | "openssl" engine. | 37 | |
| 38 | 38 | DH_get_default_method() returns a pointer to the current default DH_METHOD. | |
| 39 | DH_get_default_openssl_method() returns a pointer to the current default | 39 | However, the meaningfulness of this result is dependant on whether the ENGINE | 
| 40 | method for the "openssl" engine. | 40 | API is being used, so this function is no longer recommended. | 
| 41 | 41 | ||
| 42 | DH_set_method() selects B<engine> as the engine that will be responsible for | 42 | DH_set_method() selects B<meth> to perform all operations using the key B<dh>. | 
| 43 | all operations using the structure B<dh>. If this function completes successfully, | 43 | This will replace the DH_METHOD used by the DH key and if the previous method | 
| 44 | then the B<dh> structure will have its own functional reference of B<engine>, so | 44 | was supplied by an ENGINE, the handle to that ENGINE will be released during the | 
| 45 | the caller should remember to free their own reference to B<engine> when they are | 45 | change. It is possible to have DH keys that only work with certain DH_METHOD | 
| 46 | finished with it. NB: An ENGINE's DH_METHOD can be retrieved (or set) by | 46 | implementations (eg. from an ENGINE module that supports embedded | 
| 47 | ENGINE_get_DH() or ENGINE_set_DH(). | 47 | hardware-protected keys), and in such cases attempting to change the DH_METHOD | 
| 48 | 48 | for the key can have unexpected results. | |
| 49 | DH_new_method() allocates and initializes a DH structure so that | 49 | |
| 50 | B<engine> will be used for the DH operations. If B<engine> is NULL, | 50 | DH_new_method() allocates and initializes a DH structure so that B<engine> will | 
| 51 | the default engine for Diffie-Hellman opertaions is used. | 51 | be used for the DH operations. If B<engine> is NULL, the default ENGINE for DH | 
| 52 | operations is used, and if no default ENGINE is set, the DH_METHOD controlled by | ||
| 53 | DH_set_default_method() is used. | ||
| 52 | 54 | ||
| 53 | =head1 THE DH_METHOD STRUCTURE | 55 | =head1 THE DH_METHOD STRUCTURE | 
| 54 | 56 | ||
| @@ -82,17 +84,28 @@ the default engine for Diffie-Hellman opertaions is used. | |||
| 82 | 84 | ||
| 83 | =head1 RETURN VALUES | 85 | =head1 RETURN VALUES | 
| 84 | 86 | ||
| 85 | DH_OpenSSL() and DH_get_default_openssl_method() return pointers to the | 87 | DH_OpenSSL() and DH_get_default_method() return pointers to the respective | 
| 86 | respective B<DH_METHOD>s. | 88 | B<DH_METHOD>s. | 
| 89 | |||
| 90 | DH_set_default_method() returns no value. | ||
| 91 | |||
| 92 | DH_set_method() returns non-zero if the provided B<meth> was successfully set as | ||
| 93 | the method for B<dh> (including unloading the ENGINE handle if the previous | ||
| 94 | method was supplied by an ENGINE). | ||
| 87 | 95 | ||
| 88 | DH_set_default_openssl_method() returns no value. | 96 | DH_new_method() returns NULL and sets an error code that can be obtained by | 
| 97 | L<ERR_get_error(3)|ERR_get_error(3)> if the allocation fails. Otherwise it | ||
| 98 | returns a pointer to the newly allocated structure. | ||
| 89 | 99 | ||
| 90 | DH_set_method() returns non-zero if the ENGINE associated with B<dh> | 100 | =head1 NOTES | 
| 91 | was successfully changed to B<engine>. | ||
| 92 | 101 | ||
| 93 | DH_new_method() returns NULL and sets an error code that can be | 102 | As of version 0.9.7, DH_METHOD implementations are grouped together with other | 
| 94 | obtained by L<ERR_get_error(3)|ERR_get_error(3)> if the allocation fails. | 103 | algorithmic APIs (eg. RSA_METHOD, EVP_CIPHER, etc) in B<ENGINE> modules. If a | 
| 95 | Otherwise it returns a pointer to the newly allocated structure. | 104 | default ENGINE is specified for DH functionality using an ENGINE API function, | 
| 105 | that will override any DH defaults set using the DH API (ie. | ||
| 106 | DH_set_default_method()). For this reason, the ENGINE API is the recommended way | ||
| 107 | to control default implementations for use in DH and other cryptographic | ||
| 108 | algorithms. | ||
| 96 | 109 | ||
| 97 | =head1 SEE ALSO | 110 | =head1 SEE ALSO | 
| 98 | 111 | ||
| @@ -103,9 +116,14 @@ L<dh(3)|dh(3)>, L<DH_new(3)|DH_new(3)> | |||
| 103 | DH_set_default_method(), DH_get_default_method(), DH_set_method(), | 116 | DH_set_default_method(), DH_get_default_method(), DH_set_method(), | 
| 104 | DH_new_method() and DH_OpenSSL() were added in OpenSSL 0.9.4. | 117 | DH_new_method() and DH_OpenSSL() were added in OpenSSL 0.9.4. | 
| 105 | 118 | ||
| 106 | DH_set_default_openssl_method() and DH_get_default_openssl_method() | 119 | DH_set_default_openssl_method() and DH_get_default_openssl_method() replaced | 
| 107 | replaced DH_set_default_method() and DH_get_default_method() respectively, | 120 | DH_set_default_method() and DH_get_default_method() respectively, and | 
| 108 | and DH_set_method() and DH_new_method() were altered to use B<ENGINE>s | 121 | DH_set_method() and DH_new_method() were altered to use B<ENGINE>s rather than | 
| 109 | rather than B<DH_METHOD>s during development of OpenSSL 0.9.6. | 122 | B<DH_METHOD>s during development of the engine version of OpenSSL 0.9.6. For | 
| 123 | 0.9.7, the handling of defaults in the ENGINE API was restructured so that this | ||
| 124 | change was reversed, and behaviour of the other functions resembled more closely | ||
| 125 | the previous behaviour. The behaviour of defaults in the ENGINE API now | ||
| 126 | transparently overrides the behaviour of defaults in the DH API without | ||
| 127 | requiring changing these function prototypes. | ||
| 110 | 128 | ||
| 111 | =cut | 129 | =cut | 
| diff --git a/src/lib/libssl/src/doc/crypto/DSA_dup_DH.pod b/src/lib/libssl/src/doc/crypto/DSA_dup_DH.pod index 29cb1075d1..fdfe125ab0 100644 --- a/src/lib/libssl/src/doc/crypto/DSA_dup_DH.pod +++ b/src/lib/libssl/src/doc/crypto/DSA_dup_DH.pod | |||
| @@ -8,7 +8,7 @@ DSA_dup_DH - create a DH structure out of DSA structure | |||
| 8 | 8 | ||
| 9 | #include <openssl/dsa.h> | 9 | #include <openssl/dsa.h> | 
| 10 | 10 | ||
| 11 | DH * DSA_dup_DH(DSA *r); | 11 | DH * DSA_dup_DH(const DSA *r); | 
| 12 | 12 | ||
| 13 | =head1 DESCRIPTION | 13 | =head1 DESCRIPTION | 
| 14 | 14 | ||
| diff --git a/src/lib/libssl/src/doc/crypto/DSA_new.pod b/src/lib/libssl/src/doc/crypto/DSA_new.pod index 7dde54445b..546146d9de 100644 --- a/src/lib/libssl/src/doc/crypto/DSA_new.pod +++ b/src/lib/libssl/src/doc/crypto/DSA_new.pod | |||
| @@ -14,7 +14,8 @@ DSA_new, DSA_free - allocate and free DSA objects | |||
| 14 | 14 | ||
| 15 | =head1 DESCRIPTION | 15 | =head1 DESCRIPTION | 
| 16 | 16 | ||
| 17 | DSA_new() allocates and initializes a B<DSA> structure. | 17 | DSA_new() allocates and initializes a B<DSA> structure. It is equivalent to | 
| 18 | calling DSA_new_method(NULL). | ||
| 18 | 19 | ||
| 19 | DSA_free() frees the B<DSA> structure and its components. The values are | 20 | DSA_free() frees the B<DSA> structure and its components. The values are | 
| 20 | erased before the memory is returned to the system. | 21 | erased before the memory is returned to the system. | 
| diff --git a/src/lib/libssl/src/doc/crypto/DSA_set_method.pod b/src/lib/libssl/src/doc/crypto/DSA_set_method.pod index 36a1052d27..bc3cfb1f0a 100644 --- a/src/lib/libssl/src/doc/crypto/DSA_set_method.pod +++ b/src/lib/libssl/src/doc/crypto/DSA_set_method.pod | |||
| @@ -2,7 +2,7 @@ | |||
| 2 | 2 | ||
| 3 | =head1 NAME | 3 | =head1 NAME | 
| 4 | 4 | ||
| 5 | DSA_set_default_openssl_method, DSA_get_default_openssl_method, | 5 | DSA_set_default_method, DSA_get_default_method, | 
| 6 | DSA_set_method, DSA_new_method, DSA_OpenSSL - select DSA method | 6 | DSA_set_method, DSA_new_method, DSA_OpenSSL - select DSA method | 
| 7 | 7 | ||
| 8 | =head1 SYNOPSIS | 8 | =head1 SYNOPSIS | 
| @@ -10,11 +10,11 @@ DSA_set_method, DSA_new_method, DSA_OpenSSL - select DSA method | |||
| 10 | #include <openssl/dsa.h> | 10 | #include <openssl/dsa.h> | 
| 11 | #include <openssl/engine.h> | 11 | #include <openssl/engine.h> | 
| 12 | 12 | ||
| 13 | void DSA_set_default_openssl_method(DSA_METHOD *meth); | 13 | void DSA_set_default_method(const DSA_METHOD *meth); | 
| 14 | 14 | ||
| 15 | DSA_METHOD *DSA_get_default_openssl_method(void); | 15 | const DSA_METHOD *DSA_get_default_method(void); | 
| 16 | 16 | ||
| 17 | int DSA_set_method(DSA *dsa, ENGINE *engine); | 17 | int DSA_set_method(DSA *dsa, const DSA_METHOD *meth); | 
| 18 | 18 | ||
| 19 | DSA *DSA_new_method(ENGINE *engine); | 19 | DSA *DSA_new_method(ENGINE *engine); | 
| 20 | 20 | ||
| @@ -24,26 +24,35 @@ DSA_set_method, DSA_new_method, DSA_OpenSSL - select DSA method | |||
| 24 | 24 | ||
| 25 | A B<DSA_METHOD> specifies the functions that OpenSSL uses for DSA | 25 | A B<DSA_METHOD> specifies the functions that OpenSSL uses for DSA | 
| 26 | operations. By modifying the method, alternative implementations | 26 | operations. By modifying the method, alternative implementations | 
| 27 | such as hardware accelerators may be used. | 27 | such as hardware accelerators may be used. IMPORTANT: See the NOTES section for | 
| 28 | 28 | important information about how these DSA API functions are affected by the use | |
| 29 | Initially, the default is to use the OpenSSL internal implementation. | 29 | of B<ENGINE> API calls. | 
| 30 | DSA_OpenSSL() returns a pointer to that method. | 30 | |
| 31 | 31 | Initially, the default DSA_METHOD is the OpenSSL internal implementation, | |
| 32 | DSA_set_default_openssl_method() makes B<meth> the default method for | 32 | as returned by DSA_OpenSSL(). | 
| 33 | all DSA structures created later. B<NB:> This is true only whilst the | 33 | |
| 34 | default engine for DSA operations remains as "openssl". ENGINEs | 34 | DSA_set_default_method() makes B<meth> the default method for all DSA | 
| 35 | provide an encapsulation for implementations of one or more algorithms at a | 35 | structures created later. B<NB>: This is true only whilst no ENGINE has | 
| 36 | time, and all the DSA functions mentioned here operate within the scope | 36 | been set as a default for DSA, so this function is no longer recommended. | 
| 37 | of the default "openssl" engine. | 37 | |
| 38 | 38 | DSA_get_default_method() returns a pointer to the current default | |
| 39 | DSA_get_default_openssl_method() returns a pointer to the current default | 39 | DSA_METHOD. However, the meaningfulness of this result is dependant on | 
| 40 | method for the "openssl" engine. | 40 | whether the ENGINE API is being used, so this function is no longer | 
| 41 | 41 | recommended. | |
| 42 | DSA_set_method() selects B<engine> for all operations using the structure B<dsa>. | 42 | |
| 43 | 43 | DSA_set_method() selects B<meth> to perform all operations using the key | |
| 44 | DSA_new_method() allocates and initializes a DSA structure so that | 44 | B<rsa>. This will replace the DSA_METHOD used by the DSA key and if the | 
| 45 | B<engine> will be used for the DSA operations. If B<engine> is NULL, | 45 | previous method was supplied by an ENGINE, the handle to that ENGINE will | 
| 46 | the default engine for DSA operations is used. | 46 | be released during the change. It is possible to have DSA keys that only | 
| 47 | work with certain DSA_METHOD implementations (eg. from an ENGINE module | ||
| 48 | that supports embedded hardware-protected keys), and in such cases | ||
| 49 | attempting to change the DSA_METHOD for the key can have unexpected | ||
| 50 | results. | ||
| 51 | |||
| 52 | DSA_new_method() allocates and initializes a DSA structure so that B<engine> | ||
| 53 | will be used for the DSA operations. If B<engine> is NULL, the default engine | ||
| 54 | for DSA operations is used, and if no default ENGINE is set, the DSA_METHOD | ||
| 55 | controlled by DSA_set_default_method() is used. | ||
| 47 | 56 | ||
| 48 | =head1 THE DSA_METHOD STRUCTURE | 57 | =head1 THE DSA_METHOD STRUCTURE | 
| 49 | 58 | ||
| @@ -89,18 +98,29 @@ struct | |||
| 89 | 98 | ||
| 90 | =head1 RETURN VALUES | 99 | =head1 RETURN VALUES | 
| 91 | 100 | ||
| 92 | DSA_OpenSSL() and DSA_get_default_openssl_method() return pointers to the | 101 | DSA_OpenSSL() and DSA_get_default_method() return pointers to the respective | 
| 93 | respective B<DSA_METHOD>s. | 102 | B<DSA_METHOD>s. | 
| 94 | 103 | ||
| 95 | DSA_set_default_openssl_method() returns no value. | 104 | DSA_set_default_method() returns no value. | 
| 96 | 105 | ||
| 97 | DSA_set_method() returns non-zero if the ENGINE associated with B<dsa> | 106 | DSA_set_method() returns non-zero if the provided B<meth> was successfully set as | 
| 98 | was successfully changed to B<engine>. | 107 | the method for B<dsa> (including unloading the ENGINE handle if the previous | 
| 108 | method was supplied by an ENGINE). | ||
| 99 | 109 | ||
| 100 | DSA_new_method() returns NULL and sets an error code that can be | 110 | DSA_new_method() returns NULL and sets an error code that can be | 
| 101 | obtained by L<ERR_get_error(3)|ERR_get_error(3)> if the allocation | 111 | obtained by L<ERR_get_error(3)|ERR_get_error(3)> if the allocation | 
| 102 | fails. Otherwise it returns a pointer to the newly allocated structure. | 112 | fails. Otherwise it returns a pointer to the newly allocated structure. | 
| 103 | 113 | ||
| 114 | =head1 NOTES | ||
| 115 | |||
| 116 | As of version 0.9.7, DSA_METHOD implementations are grouped together with other | ||
| 117 | algorithmic APIs (eg. RSA_METHOD, EVP_CIPHER, etc) in B<ENGINE> modules. If a | ||
| 118 | default ENGINE is specified for DSA functionality using an ENGINE API function, | ||
| 119 | that will override any DSA defaults set using the DSA API (ie. | ||
| 120 | DSA_set_default_method()). For this reason, the ENGINE API is the recommended way | ||
| 121 | to control default implementations for use in DSA and other cryptographic | ||
| 122 | algorithms. | ||
| 123 | |||
| 104 | =head1 SEE ALSO | 124 | =head1 SEE ALSO | 
| 105 | 125 | ||
| 106 | L<dsa(3)|dsa(3)>, L<DSA_new(3)|DSA_new(3)> | 126 | L<dsa(3)|dsa(3)>, L<DSA_new(3)|DSA_new(3)> | 
| @@ -110,9 +130,14 @@ L<dsa(3)|dsa(3)>, L<DSA_new(3)|DSA_new(3)> | |||
| 110 | DSA_set_default_method(), DSA_get_default_method(), DSA_set_method(), | 130 | DSA_set_default_method(), DSA_get_default_method(), DSA_set_method(), | 
| 111 | DSA_new_method() and DSA_OpenSSL() were added in OpenSSL 0.9.4. | 131 | DSA_new_method() and DSA_OpenSSL() were added in OpenSSL 0.9.4. | 
| 112 | 132 | ||
| 113 | DSA_set_default_openssl_method() and DSA_get_default_openssl_method() | 133 | DSA_set_default_openssl_method() and DSA_get_default_openssl_method() replaced | 
| 114 | replaced DSA_set_default_method() and DSA_get_default_method() respectively, | 134 | DSA_set_default_method() and DSA_get_default_method() respectively, and | 
| 115 | and DSA_set_method() and DSA_new_method() were altered to use B<ENGINE>s | 135 | DSA_set_method() and DSA_new_method() were altered to use B<ENGINE>s rather than | 
| 116 | rather than B<DSA_METHOD>s during development of OpenSSL 0.9.6. | 136 | B<DSA_METHOD>s during development of the engine version of OpenSSL 0.9.6. For | 
| 137 | 0.9.7, the handling of defaults in the ENGINE API was restructured so that this | ||
| 138 | change was reversed, and behaviour of the other functions resembled more closely | ||
| 139 | the previous behaviour. The behaviour of defaults in the ENGINE API now | ||
| 140 | transparently overrides the behaviour of defaults in the DSA API without | ||
| 141 | requiring changing these function prototypes. | ||
| 117 | 142 | ||
| 118 | =cut | 143 | =cut | 
| diff --git a/src/lib/libssl/src/doc/crypto/DSA_size.pod b/src/lib/libssl/src/doc/crypto/DSA_size.pod index 23b6320a4d..ba4f650361 100644 --- a/src/lib/libssl/src/doc/crypto/DSA_size.pod +++ b/src/lib/libssl/src/doc/crypto/DSA_size.pod | |||
| @@ -8,7 +8,7 @@ DSA_size - get DSA signature size | |||
| 8 | 8 | ||
| 9 | #include <openssl/dsa.h> | 9 | #include <openssl/dsa.h> | 
| 10 | 10 | ||
| 11 | int DSA_size(DSA *dsa); | 11 | int DSA_size(const DSA *dsa); | 
| 12 | 12 | ||
| 13 | =head1 DESCRIPTION | 13 | =head1 DESCRIPTION | 
| 14 | 14 | ||
| diff --git a/src/lib/libssl/src/doc/crypto/EVP_SealInit.pod b/src/lib/libssl/src/doc/crypto/EVP_SealInit.pod index 0451eb648a..25ef07f7c7 100644 --- a/src/lib/libssl/src/doc/crypto/EVP_SealInit.pod +++ b/src/lib/libssl/src/doc/crypto/EVP_SealInit.pod | |||
| @@ -73,4 +73,6 @@ L<EVP_OpenInit(3)|EVP_OpenInit(3)> | |||
| 73 | 73 | ||
| 74 | =head1 HISTORY | 74 | =head1 HISTORY | 
| 75 | 75 | ||
| 76 | EVP_SealFinal() did not return a value before OpenSSL 0.9.7. | ||
| 77 | |||
| 76 | =cut | 78 | =cut | 
| diff --git a/src/lib/libssl/src/doc/crypto/RAND_set_rand_method.pod b/src/lib/libssl/src/doc/crypto/RAND_set_rand_method.pod index 464eba416d..c9bb6d9f27 100644 --- a/src/lib/libssl/src/doc/crypto/RAND_set_rand_method.pod +++ b/src/lib/libssl/src/doc/crypto/RAND_set_rand_method.pod | |||
| @@ -8,22 +8,30 @@ RAND_set_rand_method, RAND_get_rand_method, RAND_SSLeay - select RAND method | |||
| 8 | 8 | ||
| 9 | #include <openssl/rand.h> | 9 | #include <openssl/rand.h> | 
| 10 | 10 | ||
| 11 | void RAND_set_rand_method(RAND_METHOD *meth); | 11 | void RAND_set_rand_method(const RAND_METHOD *meth); | 
| 12 | 12 | ||
| 13 | RAND_METHOD *RAND_get_rand_method(void); | 13 | const RAND_METHOD *RAND_get_rand_method(void); | 
| 14 | 14 | ||
| 15 | RAND_METHOD *RAND_SSLeay(void); | 15 | RAND_METHOD *RAND_SSLeay(void); | 
| 16 | 16 | ||
| 17 | =head1 DESCRIPTION | 17 | =head1 DESCRIPTION | 
| 18 | 18 | ||
| 19 | A B<RAND_METHOD> specifies the functions that OpenSSL uses for random | 19 | A B<RAND_METHOD> specifies the functions that OpenSSL uses for random number | 
| 20 | number generation. By modifying the method, alternative | 20 | generation. By modifying the method, alternative implementations such as | 
| 21 | implementations such as hardware RNGs may be used. Initially, the | 21 | hardware RNGs may be used. IMPORTANT: See the NOTES section for important | 
| 22 | default is to use the OpenSSL internal implementation. RAND_SSLeay() | 22 | information about how these RAND API functions are affected by the use of | 
| 23 | returns a pointer to that method. | 23 | B<ENGINE> API calls. | 
| 24 | 24 | ||
| 25 | RAND_set_rand_method() sets the RAND method to B<meth>. | 25 | Initially, the default RAND_METHOD is the OpenSSL internal implementation, as | 
| 26 | RAND_get_rand_method() returns a pointer to the current method. | 26 | returned by RAND_SSLeay(). | 
| 27 | |||
| 28 | RAND_set_default_method() makes B<meth> the method for PRNG use. B<NB>: This is | ||
| 29 | true only whilst no ENGINE has been set as a default for RAND, so this function | ||
| 30 | is no longer recommended. | ||
| 31 | |||
| 32 | RAND_get_default_method() returns a pointer to the current RAND_METHOD. | ||
| 33 | However, the meaningfulness of this result is dependant on whether the ENGINE | ||
| 34 | API is being used, so this function is no longer recommended. | ||
| 27 | 35 | ||
| 28 | =head1 THE RAND_METHOD STRUCTURE | 36 | =head1 THE RAND_METHOD STRUCTURE | 
| 29 | 37 | ||
| @@ -47,13 +55,29 @@ Each component may be NULL if the function is not implemented. | |||
| 47 | RAND_set_rand_method() returns no value. RAND_get_rand_method() and | 55 | RAND_set_rand_method() returns no value. RAND_get_rand_method() and | 
| 48 | RAND_SSLeay() return pointers to the respective methods. | 56 | RAND_SSLeay() return pointers to the respective methods. | 
| 49 | 57 | ||
| 58 | =head1 NOTES | ||
| 59 | |||
| 60 | As of version 0.9.7, RAND_METHOD implementations are grouped together with other | ||
| 61 | algorithmic APIs (eg. RSA_METHOD, EVP_CIPHER, etc) in B<ENGINE> modules. If a | ||
| 62 | default ENGINE is specified for RAND functionality using an ENGINE API function, | ||
| 63 | that will override any RAND defaults set using the RAND API (ie. | ||
| 64 | RAND_set_rand_method()). For this reason, the ENGINE API is the recommended way | ||
| 65 | to control default implementations for use in RAND and other cryptographic | ||
| 66 | algorithms. | ||
| 67 | |||
| 50 | =head1 SEE ALSO | 68 | =head1 SEE ALSO | 
| 51 | 69 | ||
| 52 | L<rand(3)|rand(3)> | 70 | L<rand(3)|rand(3)>, L<engine(3)|engine(3)> | 
| 53 | 71 | ||
| 54 | =head1 HISTORY | 72 | =head1 HISTORY | 
| 55 | 73 | ||
| 56 | RAND_set_rand_method(), RAND_get_rand_method() and RAND_SSLeay() are | 74 | RAND_set_rand_method(), RAND_get_rand_method() and RAND_SSLeay() are | 
| 57 | available in all versions of OpenSSL. | 75 | available in all versions of OpenSSL. | 
| 58 | 76 | ||
| 77 | In the engine version of version 0.9.6, RAND_set_rand_method() was altered to | ||
| 78 | take an ENGINE pointer as its argument. As of version 0.9.7, that has been | ||
| 79 | reverted as the ENGINE API transparently overrides RAND defaults if used, | ||
| 80 | otherwise RAND API functions work as before. RAND_set_rand_engine() was also | ||
| 81 | introduced in version 0.9.7. | ||
| 82 | |||
| 59 | =cut | 83 | =cut | 
| diff --git a/src/lib/libssl/src/doc/crypto/RSA_new.pod b/src/lib/libssl/src/doc/crypto/RSA_new.pod index f16490ea6a..f0d996c40f 100644 --- a/src/lib/libssl/src/doc/crypto/RSA_new.pod +++ b/src/lib/libssl/src/doc/crypto/RSA_new.pod | |||
| @@ -14,7 +14,8 @@ RSA_new, RSA_free - allocate and free RSA objects | |||
| 14 | 14 | ||
| 15 | =head1 DESCRIPTION | 15 | =head1 DESCRIPTION | 
| 16 | 16 | ||
| 17 | RSA_new() allocates and initializes an B<RSA> structure. | 17 | RSA_new() allocates and initializes an B<RSA> structure. It is equivalent to | 
| 18 | calling RSA_new_method(NULL). | ||
| 18 | 19 | ||
| 19 | RSA_free() frees the B<RSA> structure and its components. The key is | 20 | RSA_free() frees the B<RSA> structure and its components. The key is | 
| 20 | erased before the memory is returned to the system. | 21 | erased before the memory is returned to the system. | 
| @@ -29,7 +30,8 @@ RSA_free() returns no value. | |||
| 29 | 30 | ||
| 30 | =head1 SEE ALSO | 31 | =head1 SEE ALSO | 
| 31 | 32 | ||
| 32 | L<err(3)|err(3)>, L<rsa(3)|rsa(3)>, L<RSA_generate_key(3)|RSA_generate_key(3)> | 33 | L<err(3)|err(3)>, L<rsa(3)|rsa(3)>, L<RSA_generate_key(3)|RSA_generate_key(3)>, | 
| 34 | L<RSA_new_method(3)|RSA_new_method(3)> | ||
| 33 | 35 | ||
| 34 | =head1 HISTORY | 36 | =head1 HISTORY | 
| 35 | 37 | ||
| diff --git a/src/lib/libssl/src/doc/crypto/RSA_set_method.pod b/src/lib/libssl/src/doc/crypto/RSA_set_method.pod index 14917dd35f..0687c2242a 100644 --- a/src/lib/libssl/src/doc/crypto/RSA_set_method.pod +++ b/src/lib/libssl/src/doc/crypto/RSA_set_method.pod | |||
| @@ -11,52 +11,64 @@ RSA_null_method, RSA_flags, RSA_new_method - select RSA method | |||
| 11 | #include <openssl/rsa.h> | 11 | #include <openssl/rsa.h> | 
| 12 | #include <openssl/engine.h> | 12 | #include <openssl/engine.h> | 
| 13 | 13 | ||
| 14 | void RSA_set_default_openssl_method(RSA_METHOD *meth); | 14 | void RSA_set_default_method(const RSA_METHOD *meth); | 
| 15 | 15 | ||
| 16 | RSA_METHOD *RSA_get_default_openssl_method(void); | 16 | RSA_METHOD *RSA_get_default_method(void); | 
| 17 | 17 | ||
| 18 | int RSA_set_method(RSA *rsa, ENGINE *engine); | 18 | int RSA_set_method(RSA *rsa, const RSA_METHOD *meth); | 
| 19 | 19 | ||
| 20 | RSA_METHOD *RSA_get_method(RSA *rsa); | 20 | RSA_METHOD *RSA_get_method(const RSA *rsa); | 
| 21 | 21 | ||
| 22 | RSA_METHOD *RSA_PKCS1_SSLeay(void); | 22 | RSA_METHOD *RSA_PKCS1_SSLeay(void); | 
| 23 | 23 | ||
| 24 | RSA_METHOD *RSA_null_method(void); | 24 | RSA_METHOD *RSA_null_method(void); | 
| 25 | 25 | ||
| 26 | int RSA_flags(RSA *rsa); | 26 | int RSA_flags(const RSA *rsa); | 
| 27 | 27 | ||
| 28 | RSA *RSA_new_method(ENGINE *engine); | 28 | RSA *RSA_new_method(ENGINE *engine); | 
| 29 | 29 | ||
| 30 | =head1 DESCRIPTION | 30 | =head1 DESCRIPTION | 
| 31 | 31 | ||
| 32 | An B<RSA_METHOD> specifies the functions that OpenSSL uses for RSA | 32 | An B<RSA_METHOD> specifies the functions that OpenSSL uses for RSA | 
| 33 | operations. By modifying the method, alternative implementations | 33 | operations. By modifying the method, alternative implementations such as | 
| 34 | such as hardware accelerators may be used. | 34 | hardware accelerators may be used. IMPORTANT: See the NOTES section for | 
| 35 | 35 | important information about how these RSA API functions are affected by the | |
| 36 | Initially, the default is to use the OpenSSL internal implementation. | 36 | use of B<ENGINE> API calls. | 
| 37 | RSA_PKCS1_SSLeay() returns a pointer to that method. | 37 | |
| 38 | 38 | Initially, the default RSA_METHOD is the OpenSSL internal implementation, | |
| 39 | RSA_set_default_openssl_method() makes B<meth> the default method for all B<RSA> | 39 | as returned by RSA_PKCS1_SSLeay(). | 
| 40 | structures created later. B<NB:> This is true only whilst the default engine | 40 | |
| 41 | for RSA operations remains as "openssl". ENGINEs provide an | 41 | RSA_set_default_method() makes B<meth> the default method for all RSA | 
| 42 | encapsulation for implementations of one or more algorithms at a time, and all | 42 | structures created later. B<NB>: This is true only whilst no ENGINE has | 
| 43 | the RSA functions mentioned here operate within the scope of the default | 43 | been set as a default for RSA, so this function is no longer recommended. | 
| 44 | "openssl" engine. | 44 | |
| 45 | 45 | RSA_get_default_method() returns a pointer to the current default | |
| 46 | RSA_get_default_openssl_method() returns a pointer to the current default | 46 | RSA_METHOD. However, the meaningfulness of this result is dependant on | 
| 47 | method for the "openssl" engine. | 47 | whether the ENGINE API is being used, so this function is no longer | 
| 48 | 48 | recommended. | |
| 49 | RSA_set_method() selects B<engine> for all operations using the key | 49 | |
| 50 | B<rsa>. | 50 | RSA_set_method() selects B<meth> to perform all operations using the key | 
| 51 | 51 | B<rsa>. This will replace the RSA_METHOD used by the RSA key and if the | |
| 52 | RSA_get_method() returns a pointer to the RSA_METHOD from the currently | 52 | previous method was supplied by an ENGINE, the handle to that ENGINE will | 
| 53 | selected ENGINE for B<rsa>. | 53 | be released during the change. It is possible to have RSA keys that only | 
| 54 | 54 | work with certain RSA_METHOD implementations (eg. from an ENGINE module | |
| 55 | RSA_flags() returns the B<flags> that are set for B<rsa>'s current method. | 55 | that supports embedded hardware-protected keys), and in such cases | 
| 56 | attempting to change the RSA_METHOD for the key can have unexpected | ||
| 57 | results. | ||
| 58 | |||
| 59 | RSA_get_method() returns a pointer to the RSA_METHOD being used by B<rsa>. | ||
| 60 | This method may or may not be supplied by an ENGINE implementation, but if | ||
| 61 | it is, the return value can only be guaranteed to be valid as long as the | ||
| 62 | RSA key itself is valid and does not have its implementation changed by | ||
| 63 | RSA_set_method(). | ||
| 64 | |||
| 65 | RSA_flags() returns the B<flags> that are set for B<rsa>'s current | ||
| 66 | RSA_METHOD. See the BUGS section. | ||
| 56 | 67 | ||
| 57 | RSA_new_method() allocates and initializes an RSA structure so that | 68 | RSA_new_method() allocates and initializes an RSA structure so that | 
| 58 | B<engine> will be used for the RSA operations. If B<engine> is NULL, | 69 | B<engine> will be used for the RSA operations. If B<engine> is NULL, the | 
| 59 | the default engine for RSA operations is used. | 70 | default ENGINE for RSA operations is used, and if no default ENGINE is set, | 
| 71 | the RSA_METHOD controlled by RSA_set_default_method() is used. | ||
| 60 | 72 | ||
| 61 | =head1 THE RSA_METHOD STRUCTURE | 73 | =head1 THE RSA_METHOD STRUCTURE | 
| 62 | 74 | ||
| @@ -121,22 +133,45 @@ the default engine for RSA operations is used. | |||
| 121 | 133 | ||
| 122 | =head1 RETURN VALUES | 134 | =head1 RETURN VALUES | 
| 123 | 135 | ||
| 124 | RSA_PKCS1_SSLeay(), RSA_PKCS1_null_method(), RSA_get_default_openssl_method() | 136 | RSA_PKCS1_SSLeay(), RSA_PKCS1_null_method(), RSA_get_default_method() | 
| 125 | and RSA_get_method() return pointers to the respective RSA_METHODs. | 137 | and RSA_get_method() return pointers to the respective RSA_METHODs. | 
| 126 | 138 | ||
| 127 | RSA_set_default_openssl_method() returns no value. | 139 | RSA_set_default_method() returns no value. | 
| 128 | 140 | ||
| 129 | RSA_set_method() selects B<engine> as the engine that will be responsible for | 141 | RSA_set_method() returns a pointer to the old RSA_METHOD implementation | 
| 130 | all operations using the structure B<rsa>. If this function completes successfully, | 142 | that was replaced. However, this return value should probably be ignored | 
| 131 | then the B<rsa> structure will have its own functional reference of B<engine>, so | 143 | because if it was supplied by an ENGINE, the pointer could be invalidated | 
| 132 | the caller should remember to free their own reference to B<engine> when they are | 144 | at any time if the ENGINE is unloaded (in fact it could be unloaded as a | 
| 133 | finished with it. NB: An ENGINE's RSA_METHOD can be retrieved (or set) by | 145 | result of the RSA_set_method() function releasing its handle to the | 
| 134 | ENGINE_get_RSA() or ENGINE_set_RSA(). | 146 | ENGINE). For this reason, the return type may be replaced with a B<void> | 
| 147 | declaration in a future release. | ||
| 135 | 148 | ||
| 136 | RSA_new_method() returns NULL and sets an error code that can be | 149 | RSA_new_method() returns NULL and sets an error code that can be obtained | 
| 137 | obtained by L<ERR_get_error(3)|ERR_get_error(3)> if the allocation fails. Otherwise | 150 | by L<ERR_get_error(3)|ERR_get_error(3)> if the allocation fails. Otherwise | 
| 138 | it returns a pointer to the newly allocated structure. | 151 | it returns a pointer to the newly allocated structure. | 
| 139 | 152 | ||
| 153 | =head1 NOTES | ||
| 154 | |||
| 155 | As of version 0.9.7, RSA_METHOD implementations are grouped together with | ||
| 156 | other algorithmic APIs (eg. DSA_METHOD, EVP_CIPHER, etc) into B<ENGINE> | ||
| 157 | modules. If a default ENGINE is specified for RSA functionality using an | ||
| 158 | ENGINE API function, that will override any RSA defaults set using the RSA | ||
| 159 | API (ie. RSA_set_default_method()). For this reason, the ENGINE API is the | ||
| 160 | recommended way to control default implementations for use in RSA and other | ||
| 161 | cryptographic algorithms. | ||
| 162 | |||
| 163 | =head1 BUGS | ||
| 164 | |||
| 165 | The behaviour of RSA_flags() is a mis-feature that is left as-is for now | ||
| 166 | to avoid creating compatibility problems. RSA functionality, such as the | ||
| 167 | encryption functions, are controlled by the B<flags> value in the RSA key | ||
| 168 | itself, not by the B<flags> value in the RSA_METHOD attached to the RSA key | ||
| 169 | (which is what this function returns). If the flags element of an RSA key | ||
| 170 | is changed, the changes will be honoured by RSA functionality but will not | ||
| 171 | be reflected in the return value of the RSA_flags() function - in effect | ||
| 172 | RSA_flags() behaves more like an RSA_default_flags() function (which does | ||
| 173 | not currently exist). | ||
| 174 | |||
| 140 | =head1 SEE ALSO | 175 | =head1 SEE ALSO | 
| 141 | 176 | ||
| 142 | L<rsa(3)|rsa(3)>, L<RSA_new(3)|RSA_new(3)> | 177 | L<rsa(3)|rsa(3)>, L<RSA_new(3)|RSA_new(3)> | 
| @@ -149,8 +184,14 @@ well as the rsa_sign and rsa_verify components of RSA_METHOD were | |||
| 149 | added in OpenSSL 0.9.4. | 184 | added in OpenSSL 0.9.4. | 
| 150 | 185 | ||
| 151 | RSA_set_default_openssl_method() and RSA_get_default_openssl_method() | 186 | RSA_set_default_openssl_method() and RSA_get_default_openssl_method() | 
| 152 | replaced RSA_set_default_method() and RSA_get_default_method() respectively, | 187 | replaced RSA_set_default_method() and RSA_get_default_method() | 
| 153 | and RSA_set_method() and RSA_new_method() were altered to use B<ENGINE>s | 188 | respectively, and RSA_set_method() and RSA_new_method() were altered to use | 
| 154 | rather than B<RSA_METHOD>s during development of OpenSSL 0.9.6. | 189 | B<ENGINE>s rather than B<RSA_METHOD>s during development of the engine | 
| 190 | version of OpenSSL 0.9.6. For 0.9.7, the handling of defaults in the ENGINE | ||
| 191 | API was restructured so that this change was reversed, and behaviour of the | ||
| 192 | other functions resembled more closely the previous behaviour. The | ||
| 193 | behaviour of defaults in the ENGINE API now transparently overrides the | ||
| 194 | behaviour of defaults in the RSA API without requiring changing these | ||
| 195 | function prototypes. | ||
| 155 | 196 | ||
| 156 | =cut | 197 | =cut | 
| diff --git a/src/lib/libssl/src/doc/crypto/RSA_size.pod b/src/lib/libssl/src/doc/crypto/RSA_size.pod index b36b4d58d5..5b7f835f95 100644 --- a/src/lib/libssl/src/doc/crypto/RSA_size.pod +++ b/src/lib/libssl/src/doc/crypto/RSA_size.pod | |||
| @@ -8,7 +8,7 @@ RSA_size - get RSA modulus size | |||
| 8 | 8 | ||
| 9 | #include <openssl/rsa.h> | 9 | #include <openssl/rsa.h> | 
| 10 | 10 | ||
| 11 | int RSA_size(RSA *rsa); | 11 | int RSA_size(const RSA *rsa); | 
| 12 | 12 | ||
| 13 | =head1 DESCRIPTION | 13 | =head1 DESCRIPTION | 
| 14 | 14 | ||
| diff --git a/src/lib/libssl/src/doc/crypto/dh.pod b/src/lib/libssl/src/doc/crypto/dh.pod index b4be4be405..c3ccd06207 100644 --- a/src/lib/libssl/src/doc/crypto/dh.pod +++ b/src/lib/libssl/src/doc/crypto/dh.pod | |||
| @@ -12,20 +12,20 @@ dh - Diffie-Hellman key agreement | |||
| 12 | DH * DH_new(void); | 12 | DH * DH_new(void); | 
| 13 | void DH_free(DH *dh); | 13 | void DH_free(DH *dh); | 
| 14 | 14 | ||
| 15 | int DH_size(DH *dh); | 15 | int DH_size(const DH *dh); | 
| 16 | 16 | ||
| 17 | DH * DH_generate_parameters(int prime_len, int generator, | 17 | DH * DH_generate_parameters(int prime_len, int generator, | 
| 18 | void (*callback)(int, int, void *), void *cb_arg); | 18 | void (*callback)(int, int, void *), void *cb_arg); | 
| 19 | int DH_check(DH *dh, int *codes); | 19 | int DH_check(const DH *dh, int *codes); | 
| 20 | 20 | ||
| 21 | int DH_generate_key(DH *dh); | 21 | int DH_generate_key(DH *dh); | 
| 22 | int DH_compute_key(unsigned char *key, BIGNUM *pub_key, DH *dh); | 22 | int DH_compute_key(unsigned char *key, BIGNUM *pub_key, DH *dh); | 
| 23 | 23 | ||
| 24 | void DH_set_default_openssl_method(DH_METHOD *meth); | 24 | void DH_set_default_method(const DH_METHOD *meth); | 
| 25 | DH_METHOD *DH_get_default_openssl_method(void); | 25 | const DH_METHOD *DH_get_default_method(void); | 
| 26 | int DH_set_method(DH *dh, ENGINE *engine); | 26 | int DH_set_method(DH *dh, const DH_METHOD *meth); | 
| 27 | DH *DH_new_method(ENGINE *engine); | 27 | DH *DH_new_method(ENGINE *engine); | 
| 28 | DH_METHOD *DH_OpenSSL(void); | 28 | const DH_METHOD *DH_OpenSSL(void); | 
| 29 | 29 | ||
| 30 | int DH_get_ex_new_index(long argl, char *argp, int (*new_func)(), | 30 | int DH_get_ex_new_index(long argl, char *argp, int (*new_func)(), | 
| 31 | int (*dup_func)(), void (*free_func)()); | 31 | int (*dup_func)(), void (*free_func)()); | 
| @@ -33,10 +33,10 @@ dh - Diffie-Hellman key agreement | |||
| 33 | char *DH_get_ex_data(DH *d, int idx); | 33 | char *DH_get_ex_data(DH *d, int idx); | 
| 34 | 34 | ||
| 35 | DH * d2i_DHparams(DH **a, unsigned char **pp, long length); | 35 | DH * d2i_DHparams(DH **a, unsigned char **pp, long length); | 
| 36 | int i2d_DHparams(DH *a, unsigned char **pp); | 36 | int i2d_DHparams(const DH *a, unsigned char **pp); | 
| 37 | 37 | ||
| 38 | int DHparams_print_fp(FILE *fp, DH *x); | 38 | int DHparams_print_fp(FILE *fp, const DH *x); | 
| 39 | int DHparams_print(BIO *bp, DH *x); | 39 | int DHparams_print(BIO *bp, const DH *x); | 
| 40 | 40 | ||
| 41 | =head1 DESCRIPTION | 41 | =head1 DESCRIPTION | 
| 42 | 42 | ||
| @@ -57,11 +57,20 @@ The B<DH> structure consists of several BIGNUM components. | |||
| 57 | }; | 57 | }; | 
| 58 | DH | 58 | DH | 
| 59 | 59 | ||
| 60 | Note that DH keys may use non-standard B<DH_METHOD> implementations, | ||
| 61 | either directly or by the use of B<ENGINE> modules. In some cases (eg. an | ||
| 62 | ENGINE providing support for hardware-embedded keys), these BIGNUM values | ||
| 63 | will not be used by the implementation or may be used for alternative data | ||
| 64 | storage. For this reason, applications should generally avoid using DH | ||
| 65 | structure elements directly and instead use API functions to query or | ||
| 66 | modify keys. | ||
| 67 | |||
| 60 | =head1 SEE ALSO | 68 | =head1 SEE ALSO | 
| 61 | 69 | ||
| 62 | L<dhparam(1)|dhparam(1)>, L<bn(3)|bn(3)>, L<dsa(3)|dsa(3)>, L<err(3)|err(3)>, | 70 | L<dhparam(1)|dhparam(1)>, L<bn(3)|bn(3)>, L<dsa(3)|dsa(3)>, L<err(3)|err(3)>, | 
| 63 | L<rand(3)|rand(3)>, L<rsa(3)|rsa(3)>, L<DH_set_method(3)|DH_set_method(3)>, | 71 | L<rand(3)|rand(3)>, L<rsa(3)|rsa(3)>, L<engine(3)|engine(3)>, | 
| 64 | L<DH_new(3)|DH_new(3)>, L<DH_get_ex_new_index(3)|DH_get_ex_new_index(3)>, | 72 | L<DH_set_method(3)|DH_set_method(3)>, L<DH_new(3)|DH_new(3)>, | 
| 73 | L<DH_get_ex_new_index(3)|DH_get_ex_new_index(3)>, | ||
| 65 | L<DH_generate_parameters(3)|DH_generate_parameters(3)>, | 74 | L<DH_generate_parameters(3)|DH_generate_parameters(3)>, | 
| 66 | L<DH_compute_key(3)|DH_compute_key(3)>, L<d2i_DHparams(3)|d2i_DHparams(3)>, | 75 | L<DH_compute_key(3)|DH_compute_key(3)>, L<d2i_DHparams(3)|d2i_DHparams(3)>, | 
| 67 | L<RSA_print(3)|RSA_print(3)> | 76 | L<RSA_print(3)|RSA_print(3)> | 
| diff --git a/src/lib/libssl/src/doc/crypto/dsa.pod b/src/lib/libssl/src/doc/crypto/dsa.pod index 82d7fb77cd..da07d2b930 100644 --- a/src/lib/libssl/src/doc/crypto/dsa.pod +++ b/src/lib/libssl/src/doc/crypto/dsa.pod | |||
| @@ -12,13 +12,13 @@ dsa - Digital Signature Algorithm | |||
| 12 | DSA * DSA_new(void); | 12 | DSA * DSA_new(void); | 
| 13 | void DSA_free(DSA *dsa); | 13 | void DSA_free(DSA *dsa); | 
| 14 | 14 | ||
| 15 | int DSA_size(DSA *dsa); | 15 | int DSA_size(const DSA *dsa); | 
| 16 | 16 | ||
| 17 | DSA * DSA_generate_parameters(int bits, unsigned char *seed, | 17 | DSA * DSA_generate_parameters(int bits, unsigned char *seed, | 
| 18 | int seed_len, int *counter_ret, unsigned long *h_ret, | 18 | int seed_len, int *counter_ret, unsigned long *h_ret, | 
| 19 | void (*callback)(int, int, void *), void *cb_arg); | 19 | void (*callback)(int, int, void *), void *cb_arg); | 
| 20 | 20 | ||
| 21 | DH * DSA_dup_DH(DSA *r); | 21 | DH * DSA_dup_DH(const DSA *r); | 
| 22 | 22 | ||
| 23 | int DSA_generate_key(DSA *dsa); | 23 | int DSA_generate_key(DSA *dsa); | 
| 24 | 24 | ||
| @@ -27,13 +27,13 @@ dsa - Digital Signature Algorithm | |||
| 27 | int DSA_sign_setup(DSA *dsa, BN_CTX *ctx, BIGNUM **kinvp, | 27 | int DSA_sign_setup(DSA *dsa, BN_CTX *ctx, BIGNUM **kinvp, | 
| 28 | BIGNUM **rp); | 28 | BIGNUM **rp); | 
| 29 | int DSA_verify(int dummy, const unsigned char *dgst, int len, | 29 | int DSA_verify(int dummy, const unsigned char *dgst, int len, | 
| 30 | unsigned char *sigbuf, int siglen, DSA *dsa); | 30 | const unsigned char *sigbuf, int siglen, DSA *dsa); | 
| 31 | 31 | ||
| 32 | void DSA_set_default_openssl_method(DSA_METHOD *meth); | 32 | void DSA_set_default_method(const DSA_METHOD *meth); | 
| 33 | DSA_METHOD *DSA_get_default_openssl_method(void); | 33 | const DSA_METHOD *DSA_get_default_method(void); | 
| 34 | int DSA_set_method(DSA *dsa, ENGINE *engine); | 34 | int DSA_set_method(DSA *dsa, const DSA_METHOD *meth); | 
| 35 | DSA *DSA_new_method(ENGINE *engine); | 35 | DSA *DSA_new_method(ENGINE *engine); | 
| 36 | DSA_METHOD *DSA_OpenSSL(void); | 36 | const DSA_METHOD *DSA_OpenSSL(void); | 
| 37 | 37 | ||
| 38 | int DSA_get_ex_new_index(long argl, char *argp, int (*new_func)(), | 38 | int DSA_get_ex_new_index(long argl, char *argp, int (*new_func)(), | 
| 39 | int (*dup_func)(), void (*free_func)()); | 39 | int (*dup_func)(), void (*free_func)()); | 
| @@ -42,7 +42,7 @@ dsa - Digital Signature Algorithm | |||
| 42 | 42 | ||
| 43 | DSA_SIG *DSA_SIG_new(void); | 43 | DSA_SIG *DSA_SIG_new(void); | 
| 44 | void DSA_SIG_free(DSA_SIG *a); | 44 | void DSA_SIG_free(DSA_SIG *a); | 
| 45 | int i2d_DSA_SIG(DSA_SIG *a, unsigned char **pp); | 45 | int i2d_DSA_SIG(const DSA_SIG *a, unsigned char **pp); | 
| 46 | DSA_SIG *d2i_DSA_SIG(DSA_SIG **v, unsigned char **pp, long length); | 46 | DSA_SIG *d2i_DSA_SIG(DSA_SIG **v, unsigned char **pp, long length); | 
| 47 | 47 | ||
| 48 | DSA_SIG *DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa); | 48 | DSA_SIG *DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa); | 
| @@ -52,14 +52,14 @@ dsa - Digital Signature Algorithm | |||
| 52 | DSA * d2i_DSAPublicKey(DSA **a, unsigned char **pp, long length); | 52 | DSA * d2i_DSAPublicKey(DSA **a, unsigned char **pp, long length); | 
| 53 | DSA * d2i_DSAPrivateKey(DSA **a, unsigned char **pp, long length); | 53 | DSA * d2i_DSAPrivateKey(DSA **a, unsigned char **pp, long length); | 
| 54 | DSA * d2i_DSAparams(DSA **a, unsigned char **pp, long length); | 54 | DSA * d2i_DSAparams(DSA **a, unsigned char **pp, long length); | 
| 55 | int i2d_DSAPublicKey(DSA *a, unsigned char **pp); | 55 | int i2d_DSAPublicKey(const DSA *a, unsigned char **pp); | 
| 56 | int i2d_DSAPrivateKey(DSA *a, unsigned char **pp); | 56 | int i2d_DSAPrivateKey(const DSA *a, unsigned char **pp); | 
| 57 | int i2d_DSAparams(DSA *a,unsigned char **pp); | 57 | int i2d_DSAparams(const DSA *a,unsigned char **pp); | 
| 58 | 58 | ||
| 59 | int DSAparams_print(BIO *bp, DSA *x); | 59 | int DSAparams_print(BIO *bp, const DSA *x); | 
| 60 | int DSAparams_print_fp(FILE *fp, DSA *x); | 60 | int DSAparams_print_fp(FILE *fp, const DSA *x); | 
| 61 | int DSA_print(BIO *bp, DSA *x, int off); | 61 | int DSA_print(BIO *bp, const DSA *x, int off); | 
| 62 | int DSA_print_fp(FILE *bp, DSA *x, int off); | 62 | int DSA_print_fp(FILE *bp, const DSA *x, int off); | 
| 63 | 63 | ||
| 64 | =head1 DESCRIPTION | 64 | =head1 DESCRIPTION | 
| 65 | 65 | ||
| @@ -85,6 +85,14 @@ The B<DSA> structure consists of several BIGNUM components. | |||
| 85 | 85 | ||
| 86 | In public keys, B<priv_key> is NULL. | 86 | In public keys, B<priv_key> is NULL. | 
| 87 | 87 | ||
| 88 | Note that DSA keys may use non-standard B<DSA_METHOD> implementations, | ||
| 89 | either directly or by the use of B<ENGINE> modules. In some cases (eg. an | ||
| 90 | ENGINE providing support for hardware-embedded keys), these BIGNUM values | ||
| 91 | will not be used by the implementation or may be used for alternative data | ||
| 92 | storage. For this reason, applications should generally avoid using DSA | ||
| 93 | structure elements directly and instead use API functions to query or | ||
| 94 | modify keys. | ||
| 95 | |||
| 88 | =head1 CONFORMING TO | 96 | =head1 CONFORMING TO | 
| 89 | 97 | ||
| 90 | US Federal Information Processing Standard FIPS 186 (Digital Signature | 98 | US Federal Information Processing Standard FIPS 186 (Digital Signature | 
| @@ -93,7 +101,8 @@ Standard, DSS), ANSI X9.30 | |||
| 93 | =head1 SEE ALSO | 101 | =head1 SEE ALSO | 
| 94 | 102 | ||
| 95 | L<bn(3)|bn(3)>, L<dh(3)|dh(3)>, L<err(3)|err(3)>, L<rand(3)|rand(3)>, | 103 | L<bn(3)|bn(3)>, L<dh(3)|dh(3)>, L<err(3)|err(3)>, L<rand(3)|rand(3)>, | 
| 96 | L<rsa(3)|rsa(3)>, L<sha(3)|sha(3)>, L<DSA_new(3)|DSA_new(3)>, | 104 | L<rsa(3)|rsa(3)>, L<sha(3)|sha(3)>, L<engine(3)|engine(3)>, | 
| 105 | L<DSA_new(3)|DSA_new(3)>, | ||
| 97 | L<DSA_size(3)|DSA_size(3)>, | 106 | L<DSA_size(3)|DSA_size(3)>, | 
| 98 | L<DSA_generate_parameters(3)|DSA_generate_parameters(3)>, | 107 | L<DSA_generate_parameters(3)|DSA_generate_parameters(3)>, | 
| 99 | L<DSA_dup_DH(3)|DSA_dup_DH(3)>, | 108 | L<DSA_dup_DH(3)|DSA_dup_DH(3)>, | 
| diff --git a/src/lib/libssl/src/doc/crypto/engine.pod b/src/lib/libssl/src/doc/crypto/engine.pod new file mode 100644 index 0000000000..61e0264bb7 --- /dev/null +++ b/src/lib/libssl/src/doc/crypto/engine.pod | |||
| @@ -0,0 +1,621 @@ | |||
| 1 | =pod | ||
| 2 | |||
| 3 | =head1 NAME | ||
| 4 | |||
| 5 | engine - ENGINE cryptographic module support | ||
| 6 | |||
| 7 | =head1 SYNOPSIS | ||
| 8 | |||
| 9 | #include <openssl/engine.h> | ||
| 10 | |||
| 11 | ENGINE *ENGINE_get_first(void); | ||
| 12 | ENGINE *ENGINE_get_last(void); | ||
| 13 | ENGINE *ENGINE_get_next(ENGINE *e); | ||
| 14 | ENGINE *ENGINE_get_prev(ENGINE *e); | ||
| 15 | |||
| 16 | int ENGINE_add(ENGINE *e); | ||
| 17 | int ENGINE_remove(ENGINE *e); | ||
| 18 | |||
| 19 | ENGINE *ENGINE_by_id(const char *id); | ||
| 20 | |||
| 21 | int ENGINE_init(ENGINE *e); | ||
| 22 | int ENGINE_finish(ENGINE *e); | ||
| 23 | |||
| 24 | void ENGINE_load_openssl(void); | ||
| 25 | void ENGINE_load_dynamic(void); | ||
| 26 | void ENGINE_load_cswift(void); | ||
| 27 | void ENGINE_load_chil(void); | ||
| 28 | void ENGINE_load_atalla(void); | ||
| 29 | void ENGINE_load_nuron(void); | ||
| 30 | void ENGINE_load_ubsec(void); | ||
| 31 | void ENGINE_load_aep(void); | ||
| 32 | void ENGINE_load_sureware(void); | ||
| 33 | void ENGINE_load_4758cca(void); | ||
| 34 | void ENGINE_load_openbsd_dev_crypto(void); | ||
| 35 | void ENGINE_load_builtin_engines(void); | ||
| 36 | |||
| 37 | void ENGINE_cleanup(void); | ||
| 38 | |||
| 39 | ENGINE *ENGINE_get_default_RSA(void); | ||
| 40 | ENGINE *ENGINE_get_default_DSA(void); | ||
| 41 | ENGINE *ENGINE_get_default_DH(void); | ||
| 42 | ENGINE *ENGINE_get_default_RAND(void); | ||
| 43 | ENGINE *ENGINE_get_cipher_engine(int nid); | ||
| 44 | ENGINE *ENGINE_get_digest_engine(int nid); | ||
| 45 | |||
| 46 | int ENGINE_set_default_RSA(ENGINE *e); | ||
| 47 | int ENGINE_set_default_DSA(ENGINE *e); | ||
| 48 | int ENGINE_set_default_DH(ENGINE *e); | ||
| 49 | int ENGINE_set_default_RAND(ENGINE *e); | ||
| 50 | int ENGINE_set_default_ciphers(ENGINE *e); | ||
| 51 | int ENGINE_set_default_digests(ENGINE *e); | ||
| 52 | int ENGINE_set_default_string(ENGINE *e, const char *list); | ||
| 53 | |||
| 54 | int ENGINE_set_default(ENGINE *e, unsigned int flags); | ||
| 55 | |||
| 56 | unsigned int ENGINE_get_table_flags(void); | ||
| 57 | void ENGINE_set_table_flags(unsigned int flags); | ||
| 58 | |||
| 59 | int ENGINE_register_RSA(ENGINE *e); | ||
| 60 | void ENGINE_unregister_RSA(ENGINE *e); | ||
| 61 | void ENGINE_register_all_RSA(void); | ||
| 62 | int ENGINE_register_DSA(ENGINE *e); | ||
| 63 | void ENGINE_unregister_DSA(ENGINE *e); | ||
| 64 | void ENGINE_register_all_DSA(void); | ||
| 65 | int ENGINE_register_DH(ENGINE *e); | ||
| 66 | void ENGINE_unregister_DH(ENGINE *e); | ||
| 67 | void ENGINE_register_all_DH(void); | ||
| 68 | int ENGINE_register_RAND(ENGINE *e); | ||
| 69 | void ENGINE_unregister_RAND(ENGINE *e); | ||
| 70 | void ENGINE_register_all_RAND(void); | ||
| 71 | int ENGINE_register_ciphers(ENGINE *e); | ||
| 72 | void ENGINE_unregister_ciphers(ENGINE *e); | ||
| 73 | void ENGINE_register_all_ciphers(void); | ||
| 74 | int ENGINE_register_digests(ENGINE *e); | ||
| 75 | void ENGINE_unregister_digests(ENGINE *e); | ||
| 76 | void ENGINE_register_all_digests(void); | ||
| 77 | int ENGINE_register_complete(ENGINE *e); | ||
| 78 | int ENGINE_register_all_complete(void); | ||
| 79 | |||
| 80 | int ENGINE_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)()); | ||
| 81 | int ENGINE_cmd_is_executable(ENGINE *e, int cmd); | ||
| 82 | int ENGINE_ctrl_cmd(ENGINE *e, const char *cmd_name, | ||
| 83 | long i, void *p, void (*f)(), int cmd_optional); | ||
| 84 | int ENGINE_ctrl_cmd_string(ENGINE *e, const char *cmd_name, const char *arg, | ||
| 85 | int cmd_optional); | ||
| 86 | |||
| 87 | int ENGINE_set_ex_data(ENGINE *e, int idx, void *arg); | ||
| 88 | void *ENGINE_get_ex_data(const ENGINE *e, int idx); | ||
| 89 | |||
| 90 | int ENGINE_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, | ||
| 91 | CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); | ||
| 92 | |||
| 93 | ENGINE *ENGINE_new(void); | ||
| 94 | int ENGINE_free(ENGINE *e); | ||
| 95 | |||
| 96 | int ENGINE_set_id(ENGINE *e, const char *id); | ||
| 97 | int ENGINE_set_name(ENGINE *e, const char *name); | ||
| 98 | int ENGINE_set_RSA(ENGINE *e, const RSA_METHOD *rsa_meth); | ||
| 99 | int ENGINE_set_DSA(ENGINE *e, const DSA_METHOD *dsa_meth); | ||
| 100 | int ENGINE_set_DH(ENGINE *e, const DH_METHOD *dh_meth); | ||
| 101 | int ENGINE_set_RAND(ENGINE *e, const RAND_METHOD *rand_meth); | ||
| 102 | int ENGINE_set_destroy_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR destroy_f); | ||
| 103 | int ENGINE_set_init_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR init_f); | ||
| 104 | int ENGINE_set_finish_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR finish_f); | ||
| 105 | int ENGINE_set_ctrl_function(ENGINE *e, ENGINE_CTRL_FUNC_PTR ctrl_f); | ||
| 106 | int ENGINE_set_load_privkey_function(ENGINE *e, ENGINE_LOAD_KEY_PTR loadpriv_f); | ||
| 107 | int ENGINE_set_load_pubkey_function(ENGINE *e, ENGINE_LOAD_KEY_PTR loadpub_f); | ||
| 108 | int ENGINE_set_ciphers(ENGINE *e, ENGINE_CIPHERS_PTR f); | ||
| 109 | int ENGINE_set_digests(ENGINE *e, ENGINE_DIGESTS_PTR f); | ||
| 110 | int ENGINE_set_flags(ENGINE *e, int flags); | ||
| 111 | int ENGINE_set_cmd_defns(ENGINE *e, const ENGINE_CMD_DEFN *defns); | ||
| 112 | |||
| 113 | const char *ENGINE_get_id(const ENGINE *e); | ||
| 114 | const char *ENGINE_get_name(const ENGINE *e); | ||
| 115 | const RSA_METHOD *ENGINE_get_RSA(const ENGINE *e); | ||
| 116 | const DSA_METHOD *ENGINE_get_DSA(const ENGINE *e); | ||
| 117 | const DH_METHOD *ENGINE_get_DH(const ENGINE *e); | ||
| 118 | const RAND_METHOD *ENGINE_get_RAND(const ENGINE *e); | ||
| 119 | ENGINE_GEN_INT_FUNC_PTR ENGINE_get_destroy_function(const ENGINE *e); | ||
| 120 | ENGINE_GEN_INT_FUNC_PTR ENGINE_get_init_function(const ENGINE *e); | ||
| 121 | ENGINE_GEN_INT_FUNC_PTR ENGINE_get_finish_function(const ENGINE *e); | ||
| 122 | ENGINE_CTRL_FUNC_PTR ENGINE_get_ctrl_function(const ENGINE *e); | ||
| 123 | ENGINE_LOAD_KEY_PTR ENGINE_get_load_privkey_function(const ENGINE *e); | ||
| 124 | ENGINE_LOAD_KEY_PTR ENGINE_get_load_pubkey_function(const ENGINE *e); | ||
| 125 | ENGINE_CIPHERS_PTR ENGINE_get_ciphers(const ENGINE *e); | ||
| 126 | ENGINE_DIGESTS_PTR ENGINE_get_digests(const ENGINE *e); | ||
| 127 | const EVP_CIPHER *ENGINE_get_cipher(ENGINE *e, int nid); | ||
| 128 | const EVP_MD *ENGINE_get_digest(ENGINE *e, int nid); | ||
| 129 | int ENGINE_get_flags(const ENGINE *e); | ||
| 130 | const ENGINE_CMD_DEFN *ENGINE_get_cmd_defns(const ENGINE *e); | ||
| 131 | |||
| 132 | EVP_PKEY *ENGINE_load_private_key(ENGINE *e, const char *key_id, | ||
| 133 | UI_METHOD *ui_method, void *callback_data); | ||
| 134 | EVP_PKEY *ENGINE_load_public_key(ENGINE *e, const char *key_id, | ||
| 135 | UI_METHOD *ui_method, void *callback_data); | ||
| 136 | |||
| 137 | void ENGINE_add_conf_module(void); | ||
| 138 | |||
| 139 | =head1 DESCRIPTION | ||
| 140 | |||
| 141 | These functions create, manipulate, and use cryptographic modules in the | ||
| 142 | form of B<ENGINE> objects. These objects act as containers for | ||
| 143 | implementations of cryptographic algorithms, and support a | ||
| 144 | reference-counted mechanism to allow them to be dynamically loaded in and | ||
| 145 | out of the running application. | ||
| 146 | |||
| 147 | The cryptographic functionality that can be provided by an B<ENGINE> | ||
| 148 | implementation includes the following abstractions; | ||
| 149 | |||
| 150 | RSA_METHOD - for providing alternative RSA implementations | ||
| 151 | DSA_METHOD, DH_METHOD, RAND_METHOD - alternative DSA, DH, and RAND | ||
| 152 | EVP_CIPHER - potentially multiple cipher algorithms (indexed by 'nid') | ||
| 153 | EVP_DIGEST - potentially multiple hash algorithms (indexed by 'nid') | ||
| 154 | key-loading - loading public and/or private EVP_PKEY keys | ||
| 155 | |||
| 156 | =head2 Reference counting and handles | ||
| 157 | |||
| 158 | Due to the modular nature of the ENGINE API, pointers to ENGINEs need to be | ||
| 159 | treated as handles - ie. not only as pointers, but also as references to | ||
| 160 | the underlying ENGINE object. Ie. you should obtain a new reference when | ||
| 161 | making copies of an ENGINE pointer if the copies will be used (and | ||
| 162 | released) independantly. | ||
| 163 | |||
| 164 | ENGINE objects have two levels of reference-counting to match the way in | ||
| 165 | which the objects are used. At the most basic level, each ENGINE pointer is | ||
| 166 | inherently a B<structural> reference - you need a structural reference | ||
| 167 | simply to refer to the pointer value at all, as this kind of reference is | ||
| 168 | your guarantee that the structure can not be deallocated until you release | ||
| 169 | your reference. | ||
| 170 | |||
| 171 | However, a structural reference provides no guarantee that the ENGINE has | ||
| 172 | been initiliased to be usable to perform any of its cryptographic | ||
| 173 | implementations - and indeed it's quite possible that most ENGINEs will not | ||
| 174 | initialised at all on standard setups, as ENGINEs are typically used to | ||
| 175 | support specialised hardware. To use an ENGINE's functionality, you need a | ||
| 176 | B<functional> reference. This kind of reference can be considered a | ||
| 177 | specialised form of structural reference, because each functional reference | ||
| 178 | implicitly contains a structural reference as well - however to avoid | ||
| 179 | difficult-to-find programming bugs, it is recommended to treat the two | ||
| 180 | kinds of reference independantly. If you have a functional reference to an | ||
| 181 | ENGINE, you have a guarantee that the ENGINE has been initialised ready to | ||
| 182 | perform cryptographic operations and will not be uninitialised or cleaned | ||
| 183 | up until after you have released your reference. | ||
| 184 | |||
| 185 | We will discuss the two kinds of reference separately, including how to | ||
| 186 | tell which one you are dealing with at any given point in time (after all | ||
| 187 | they are both simply (ENGINE *) pointers, the difference is in the way they | ||
| 188 | are used). | ||
| 189 | |||
| 190 | =head3 Structural references | ||
| 191 | |||
| 192 | This basic type of reference is typically used for creating new ENGINEs | ||
| 193 | dynamically, iterating across OpenSSL's internal linked-list of loaded | ||
| 194 | ENGINEs, reading information about an ENGINE, etc. Essentially a structural | ||
| 195 | reference is sufficient if you only need to query or manipulate the data of | ||
| 196 | an ENGINE implementation rather than use its functionality. | ||
| 197 | |||
| 198 | The ENGINE_new() function returns a structural reference to a new (empty) | ||
| 199 | ENGINE object. Other than that, structural references come from return | ||
| 200 | values to various ENGINE API functions such as; ENGINE_by_id(), | ||
| 201 | ENGINE_get_first(), ENGINE_get_last(), ENGINE_get_next(), | ||
| 202 | ENGINE_get_prev(). All structural references should be released by a | ||
| 203 | corresponding to call to the ENGINE_free() function - the ENGINE object | ||
| 204 | itself will only actually be cleaned up and deallocated when the last | ||
| 205 | structural reference is released. | ||
| 206 | |||
| 207 | It should also be noted that many ENGINE API function calls that accept a | ||
| 208 | structural reference will internally obtain another reference - typically | ||
| 209 | this happens whenever the supplied ENGINE will be needed by OpenSSL after | ||
| 210 | the function has returned. Eg. the function to add a new ENGINE to | ||
| 211 | OpenSSL's internal list is ENGINE_add() - if this function returns success, | ||
| 212 | then OpenSSL will have stored a new structural reference internally so the | ||
| 213 | caller is still responsible for freeing their own reference with | ||
| 214 | ENGINE_free() when they are finished with it. In a similar way, some | ||
| 215 | functions will automatically release the structural reference passed to it | ||
| 216 | if part of the function's job is to do so. Eg. the ENGINE_get_next() and | ||
| 217 | ENGINE_get_prev() functions are used for iterating across the internal | ||
| 218 | ENGINE list - they will return a new structural reference to the next (or | ||
| 219 | previous) ENGINE in the list or NULL if at the end (or beginning) of the | ||
| 220 | list, but in either case the structural reference passed to the function is | ||
| 221 | released on behalf of the caller. | ||
| 222 | |||
| 223 | To clarify a particular function's handling of references, one should | ||
| 224 | always consult that function's documentation "man" page, or failing that | ||
| 225 | the openssl/engine.h header file includes some hints. | ||
| 226 | |||
| 227 | =head3 Functional references | ||
| 228 | |||
| 229 | As mentioned, functional references exist when the cryptographic | ||
| 230 | functionality of an ENGINE is required to be available. A functional | ||
| 231 | reference can be obtained in one of two ways; from an existing structural | ||
| 232 | reference to the required ENGINE, or by asking OpenSSL for the default | ||
| 233 | operational ENGINE for a given cryptographic purpose. | ||
| 234 | |||
| 235 | To obtain a functional reference from an existing structural reference, | ||
| 236 | call the ENGINE_init() function. This returns zero if the ENGINE was not | ||
| 237 | already operational and couldn't be successfully initialised (eg. lack of | ||
| 238 | system drivers, no special hardware attached, etc), otherwise it will | ||
| 239 | return non-zero to indicate that the ENGINE is now operational and will | ||
| 240 | have allocated a new B<functional> reference to the ENGINE. In this case, | ||
| 241 | the supplied ENGINE pointer is, from the point of the view of the caller, | ||
| 242 | both a structural reference and a functional reference - so if the caller | ||
| 243 | intends to use it as a functional reference it should free the structural | ||
| 244 | reference with ENGINE_free() first. If the caller wishes to use it only as | ||
| 245 | a structural reference (eg. if the ENGINE_init() call was simply to test if | ||
| 246 | the ENGINE seems available/online), then it should free the functional | ||
| 247 | reference; all functional references are released by the ENGINE_finish() | ||
| 248 | function. | ||
| 249 | |||
| 250 | The second way to get a functional reference is by asking OpenSSL for a | ||
| 251 | default implementation for a given task, eg. by ENGINE_get_default_RSA(), | ||
| 252 | ENGINE_get_default_cipher_engine(), etc. These are discussed in the next | ||
| 253 | section, though they are not usually required by application programmers as | ||
| 254 | they are used automatically when creating and using the relevant | ||
| 255 | algorithm-specific types in OpenSSL, such as RSA, DSA, EVP_CIPHER_CTX, etc. | ||
| 256 | |||
| 257 | =head2 Default implementations | ||
| 258 | |||
| 259 | For each supported abstraction, the ENGINE code maintains an internal table | ||
| 260 | of state to control which implementations are available for a given | ||
| 261 | abstraction and which should be used by default. These implementations are | ||
| 262 | registered in the tables separated-out by an 'nid' index, because | ||
| 263 | abstractions like EVP_CIPHER and EVP_DIGEST support many distinct | ||
| 264 | algorithms and modes - ENGINEs will support different numbers and | ||
| 265 | combinations of these. In the case of other abstractions like RSA, DSA, | ||
| 266 | etc, there is only one "algorithm" so all implementations implicitly | ||
| 267 | register using the same 'nid' index. ENGINEs can be B<registered> into | ||
| 268 | these tables to make themselves available for use automatically by the | ||
| 269 | various abstractions, eg. RSA. For illustrative purposes, we continue with | ||
| 270 | the RSA example, though all comments apply similarly to the other | ||
| 271 | abstractions (they each get their own table and linkage to the | ||
| 272 | corresponding section of openssl code). | ||
| 273 | |||
| 274 | When a new RSA key is being created, ie. in RSA_new_method(), a | ||
| 275 | "get_default" call will be made to the ENGINE subsystem to process the RSA | ||
| 276 | state table and return a functional reference to an initialised ENGINE | ||
| 277 | whose RSA_METHOD should be used. If no ENGINE should (or can) be used, it | ||
| 278 | will return NULL and the RSA key will operate with a NULL ENGINE handle by | ||
| 279 | using the conventional RSA implementation in OpenSSL (and will from then on | ||
| 280 | behave the way it used to before the ENGINE API existed - for details see | ||
| 281 | L<RSA_new_method(3)|RSA_new_method(3)>). | ||
| 282 | |||
| 283 | Each state table has a flag to note whether it has processed this | ||
| 284 | "get_default" query since the table was last modified, because to process | ||
| 285 | this question it must iterate across all the registered ENGINEs in the | ||
| 286 | table trying to initialise each of them in turn, in case one of them is | ||
| 287 | operational. If it returns a functional reference to an ENGINE, it will | ||
| 288 | also cache another reference to speed up processing future queries (without | ||
| 289 | needing to iterate across the table). Likewise, it will cache a NULL | ||
| 290 | response if no ENGINE was available so that future queries won't repeat the | ||
| 291 | same iteration unless the state table changes. This behaviour can also be | ||
| 292 | changed; if the ENGINE_TABLE_FLAG_NOINIT flag is set (using | ||
| 293 | ENGINE_set_table_flags()), no attempted initialisations will take place, | ||
| 294 | instead the only way for the state table to return a non-NULL ENGINE to the | ||
| 295 | "get_default" query will be if one is expressly set in the table. Eg. | ||
| 296 | ENGINE_set_default_RSA() does the same job as ENGINE_register_RSA() except | ||
| 297 | that it also sets the state table's cached response for the "get_default" | ||
| 298 | query. | ||
| 299 | |||
| 300 | In the case of abstractions like EVP_CIPHER, where implementations are | ||
| 301 | indexed by 'nid', these flags and cached-responses are distinct for each | ||
| 302 | 'nid' value. | ||
| 303 | |||
| 304 | It is worth illustrating the difference between "registration" of ENGINEs | ||
| 305 | into these per-algorithm state tables and using the alternative | ||
| 306 | "set_default" functions. The latter handles both "registration" and also | ||
| 307 | setting the cached "default" ENGINE in each relevant state table - so | ||
| 308 | registered ENGINEs will only have a chance to be initialised for use as a | ||
| 309 | default if a default ENGINE wasn't already set for the same state table. | ||
| 310 | Eg. if ENGINE X supports cipher nids {A,B} and RSA, ENGINE Y supports | ||
| 311 | ciphers {A} and DSA, and the following code is executed; | ||
| 312 | |||
| 313 | ENGINE_register_complete(X); | ||
| 314 | ENGINE_set_default(Y, ENGINE_METHOD_ALL); | ||
| 315 | e1 = ENGINE_get_default_RSA(); | ||
| 316 | e2 = ENGINE_get_cipher_engine(A); | ||
| 317 | e3 = ENGINE_get_cipher_engine(B); | ||
| 318 | e4 = ENGINE_get_default_DSA(); | ||
| 319 | e5 = ENGINE_get_cipher_engine(C); | ||
| 320 | |||
| 321 | The results would be as follows; | ||
| 322 | |||
| 323 | assert(e1 == X); | ||
| 324 | assert(e2 == Y); | ||
| 325 | assert(e3 == X); | ||
| 326 | assert(e4 == Y); | ||
| 327 | assert(e5 == NULL); | ||
| 328 | |||
| 329 | =head2 Application requirements | ||
| 330 | |||
| 331 | This section will explain the basic things an application programmer should | ||
| 332 | support to make the most useful elements of the ENGINE functionality | ||
| 333 | available to the user. The first thing to consider is whether the | ||
| 334 | programmer wishes to make alternative ENGINE modules available to the | ||
| 335 | application and user. OpenSSL maintains an internal linked list of | ||
| 336 | "visible" ENGINEs from which it has to operate - at start-up, this list is | ||
| 337 | empty and in fact if an application does not call any ENGINE API calls and | ||
| 338 | it uses static linking against openssl, then the resulting application | ||
| 339 | binary will not contain any alternative ENGINE code at all. So the first | ||
| 340 | consideration is whether any/all available ENGINE implementations should be | ||
| 341 | made visible to OpenSSL - this is controlled by calling the various "load" | ||
| 342 | functions, eg. | ||
| 343 | |||
| 344 | /* Make the "dynamic" ENGINE available */ | ||
| 345 | void ENGINE_load_dynamic(void); | ||
| 346 | /* Make the CryptoSwift hardware acceleration support available */ | ||
| 347 | void ENGINE_load_cswift(void); | ||
| 348 | /* Make support for nCipher's "CHIL" hardware available */ | ||
| 349 | void ENGINE_load_chil(void); | ||
| 350 | ... | ||
| 351 | /* Make ALL ENGINE implementations bundled with OpenSSL available */ | ||
| 352 | void ENGINE_load_builtin_engines(void); | ||
| 353 | |||
| 354 | Having called any of these functions, ENGINE objects would have been | ||
| 355 | dynamically allocated and populated with these implementations and linked | ||
| 356 | into OpenSSL's internal linked list. At this point it is important to | ||
| 357 | mention an important API function; | ||
| 358 | |||
| 359 | void ENGINE_cleanup(void); | ||
| 360 | |||
| 361 | If no ENGINE API functions are called at all in an application, then there | ||
| 362 | are no inherent memory leaks to worry about from the ENGINE functionality, | ||
| 363 | however if any ENGINEs are "load"ed, even if they are never registered or | ||
| 364 | used, it is necessary to use the ENGINE_cleanup() function to | ||
| 365 | correspondingly cleanup before program exit, if the caller wishes to avoid | ||
| 366 | memory leaks. This mechanism uses an internal callback registration table | ||
| 367 | so that any ENGINE API functionality that knows it requires cleanup can | ||
| 368 | register its cleanup details to be called during ENGINE_cleanup(). This | ||
| 369 | approach allows ENGINE_cleanup() to clean up after any ENGINE functionality | ||
| 370 | at all that your program uses, yet doesn't automatically create linker | ||
| 371 | dependencies to all possible ENGINE functionality - only the cleanup | ||
| 372 | callbacks required by the functionality you do use will be required by the | ||
| 373 | linker. | ||
| 374 | |||
| 375 | The fact that ENGINEs are made visible to OpenSSL (and thus are linked into | ||
| 376 | the program and loaded into memory at run-time) does not mean they are | ||
| 377 | "registered" or called into use by OpenSSL automatically - that behaviour | ||
| 378 | is something for the application to have control over. Some applications | ||
| 379 | will want to allow the user to specify exactly which ENGINE they want used | ||
| 380 | if any is to be used at all. Others may prefer to load all support and have | ||
| 381 | OpenSSL automatically use at run-time any ENGINE that is able to | ||
| 382 | successfully initialise - ie. to assume that this corresponds to | ||
| 383 | acceleration hardware attached to the machine or some such thing. There are | ||
| 384 | probably numerous other ways in which applications may prefer to handle | ||
| 385 | things, so we will simply illustrate the consequences as they apply to a | ||
| 386 | couple of simple cases and leave developers to consider these and the | ||
| 387 | source code to openssl's builtin utilities as guides. | ||
| 388 | |||
| 389 | =head3 Using a specific ENGINE implementation | ||
| 390 | |||
| 391 | Here we'll assume an application has been configured by its user or admin | ||
| 392 | to want to use the "ACME" ENGINE if it is available in the version of | ||
| 393 | OpenSSL the application was compiled with. If it is available, it should be | ||
| 394 | used by default for all RSA, DSA, and symmetric cipher operation, otherwise | ||
| 395 | OpenSSL should use its builtin software as per usual. The following code | ||
| 396 | illustrates how to approach this; | ||
| 397 | |||
| 398 | ENGINE *e; | ||
| 399 | const char *engine_id = "ACME"; | ||
| 400 | ENGINE_load_builtin_engines(); | ||
| 401 | e = ENGINE_by_id(engine_id); | ||
| 402 | if(!e) | ||
| 403 | /* the engine isn't available */ | ||
| 404 | return; | ||
| 405 | if(!ENGINE_init(e)) { | ||
| 406 | /* the engine couldn't initialise, release 'e' */ | ||
| 407 | ENGINE_free(e); | ||
| 408 | return; | ||
| 409 | } | ||
| 410 | if(!ENGINE_set_default_RSA(e)) | ||
| 411 | /* This should only happen when 'e' can't initialise, but the previous | ||
| 412 | * statement suggests it did. */ | ||
| 413 | abort(); | ||
| 414 | ENGINE_set_default_DSA(e); | ||
| 415 | ENGINE_set_default_ciphers(e); | ||
| 416 | /* Release the functional reference from ENGINE_init() */ | ||
| 417 | ENGINE_finish(e); | ||
| 418 | /* Release the structural reference from ENGINE_by_id() */ | ||
| 419 | ENGINE_free(e); | ||
| 420 | |||
| 421 | =head3 Automatically using builtin ENGINE implementations | ||
| 422 | |||
| 423 | Here we'll assume we want to load and register all ENGINE implementations | ||
| 424 | bundled with OpenSSL, such that for any cryptographic algorithm required by | ||
| 425 | OpenSSL - if there is an ENGINE that implements it and can be initialise, | ||
| 426 | it should be used. The following code illustrates how this can work; | ||
| 427 | |||
| 428 | /* Load all bundled ENGINEs into memory and make them visible */ | ||
| 429 | ENGINE_load_builtin_engines(); | ||
| 430 | /* Register all of them for every algorithm they collectively implement */ | ||
| 431 | ENGINE_register_all_complete(); | ||
| 432 | |||
| 433 | That's all that's required. Eg. the next time OpenSSL tries to set up an | ||
| 434 | RSA key, any bundled ENGINEs that implement RSA_METHOD will be passed to | ||
| 435 | ENGINE_init() and if any of those succeed, that ENGINE will be set as the | ||
| 436 | default for use with RSA from then on. | ||
| 437 | |||
| 438 | =head2 Advanced configuration support | ||
| 439 | |||
| 440 | There is a mechanism supported by the ENGINE framework that allows each | ||
| 441 | ENGINE implementation to define an arbitrary set of configuration | ||
| 442 | "commands" and expose them to OpenSSL and any applications based on | ||
| 443 | OpenSSL. This mechanism is entirely based on the use of name-value pairs | ||
| 444 | and and assumes ASCII input (no unicode or UTF for now!), so it is ideal if | ||
| 445 | applications want to provide a transparent way for users to provide | ||
| 446 | arbitrary configuration "directives" directly to such ENGINEs. It is also | ||
| 447 | possible for the application to dynamically interrogate the loaded ENGINE | ||
| 448 | implementations for the names, descriptions, and input flags of their | ||
| 449 | available "control commands", providing a more flexible configuration | ||
| 450 | scheme. However, if the user is expected to know which ENGINE device he/she | ||
| 451 | is using (in the case of specialised hardware, this goes without saying) | ||
| 452 | then applications may not need to concern themselves with discovering the | ||
| 453 | supported control commands and simply prefer to allow settings to passed | ||
| 454 | into ENGINEs exactly as they are provided by the user. | ||
| 455 | |||
| 456 | Before illustrating how control commands work, it is worth mentioning what | ||
| 457 | they are typically used for. Broadly speaking there are two uses for | ||
| 458 | control commands; the first is to provide the necessary details to the | ||
| 459 | implementation (which may know nothing at all specific to the host system) | ||
| 460 | so that it can be initialised for use. This could include the path to any | ||
| 461 | driver or config files it needs to load, required network addresses, | ||
| 462 | smart-card identifiers, passwords to initialise password-protected devices, | ||
| 463 | logging information, etc etc. This class of commands typically needs to be | ||
| 464 | passed to an ENGINE B<before> attempting to initialise it, ie. before | ||
| 465 | calling ENGINE_init(). The other class of commands consist of settings or | ||
| 466 | operations that tweak certain behaviour or cause certain operations to take | ||
| 467 | place, and these commands may work either before or after ENGINE_init(), or | ||
| 468 | in same cases both. ENGINE implementations should provide indications of | ||
| 469 | this in the descriptions attached to builtin control commands and/or in | ||
| 470 | external product documentation. | ||
| 471 | |||
| 472 | =head3 Issuing control commands to an ENGINE | ||
| 473 | |||
| 474 | Let's illustrate by example; a function for which the caller supplies the | ||
| 475 | name of the ENGINE it wishes to use, a table of string-pairs for use before | ||
| 476 | initialisation, and another table for use after initialisation. Note that | ||
| 477 | the string-pairs used for control commands consist of a command "name" | ||
| 478 | followed by the command "parameter" - the parameter could be NULL in some | ||
| 479 | cases but the name can not. This function should initialise the ENGINE | ||
| 480 | (issuing the "pre" commands beforehand and the "post" commands afterwards) | ||
| 481 | and set it as the default for everything except RAND and then return a | ||
| 482 | boolean success or failure. | ||
| 483 | |||
| 484 | int generic_load_engine_fn(const char *engine_id, | ||
| 485 | const char **pre_cmds, int pre_num, | ||
| 486 | const char **post_cmds, int post_num) | ||
| 487 | { | ||
| 488 | ENGINE *e = ENGINE_by_id(engine_id); | ||
| 489 | if(!e) return 0; | ||
| 490 | while(pre_num--) { | ||
| 491 | if(!ENGINE_ctrl_cmd_string(e, pre_cmds[0], pre_cmds[1], 0)) { | ||
| 492 | fprintf(stderr, "Failed command (%s - %s:%s)\n", engine_id, | ||
| 493 | pre_cmds[0], pre_cmds[1] ? pre_cmds[1] : "(NULL)"); | ||
| 494 | ENGINE_free(e); | ||
| 495 | return 0; | ||
| 496 | } | ||
| 497 | pre_cmds += 2; | ||
| 498 | } | ||
| 499 | if(!ENGINE_init(e)) { | ||
| 500 | fprintf(stderr, "Failed initialisation\n"); | ||
| 501 | ENGINE_free(e); | ||
| 502 | return 0; | ||
| 503 | } | ||
| 504 | /* ENGINE_init() returned a functional reference, so free the structural | ||
| 505 | * reference from ENGINE_by_id(). */ | ||
| 506 | ENGINE_free(e); | ||
| 507 | while(post_num--) { | ||
| 508 | if(!ENGINE_ctrl_cmd_string(e, post_cmds[0], post_cmds[1], 0)) { | ||
| 509 | fprintf(stderr, "Failed command (%s - %s:%s)\n", engine_id, | ||
| 510 | post_cmds[0], post_cmds[1] ? post_cmds[1] : "(NULL)"); | ||
| 511 | ENGINE_finish(e); | ||
| 512 | return 0; | ||
| 513 | } | ||
| 514 | post_cmds += 2; | ||
| 515 | } | ||
| 516 | ENGINE_set_default(e, ENGINE_METHOD_ALL & ~ENGINE_METHOD_RAND); | ||
| 517 | /* Success */ | ||
| 518 | return 1; | ||
| 519 | } | ||
| 520 | |||
| 521 | Note that ENGINE_ctrl_cmd_string() accepts a boolean argument that can | ||
| 522 | relax the semantics of the function - if set non-zero it will only return | ||
| 523 | failure if the ENGINE supported the given command name but failed while | ||
| 524 | executing it, if the ENGINE doesn't support the command name it will simply | ||
| 525 | return success without doing anything. In this case we assume the user is | ||
| 526 | only supplying commands specific to the given ENGINE so we set this to | ||
| 527 | FALSE. | ||
| 528 | |||
| 529 | =head3 Discovering supported control commands | ||
| 530 | |||
| 531 | It is possible to discover at run-time the names, numerical-ids, descriptions | ||
| 532 | and input parameters of the control commands supported from a structural | ||
| 533 | reference to any ENGINE. It is first important to note that some control | ||
| 534 | commands are defined by OpenSSL itself and it will intercept and handle these | ||
| 535 | control commands on behalf of the ENGINE, ie. the ENGINE's ctrl() handler is not | ||
| 536 | used for the control command. openssl/engine.h defines a symbol, | ||
| 537 | ENGINE_CMD_BASE, that all control commands implemented by ENGINEs from. Any | ||
| 538 | command value lower than this symbol is considered a "generic" command is | ||
| 539 | handled directly by the OpenSSL core routines. | ||
| 540 | |||
| 541 | It is using these "core" control commands that one can discover the the control | ||
| 542 | commands implemented by a given ENGINE, specifically the commands; | ||
| 543 | |||
| 544 | #define ENGINE_HAS_CTRL_FUNCTION 10 | ||
| 545 | #define ENGINE_CTRL_GET_FIRST_CMD_TYPE 11 | ||
| 546 | #define ENGINE_CTRL_GET_NEXT_CMD_TYPE 12 | ||
| 547 | #define ENGINE_CTRL_GET_CMD_FROM_NAME 13 | ||
| 548 | #define ENGINE_CTRL_GET_NAME_LEN_FROM_CMD 14 | ||
| 549 | #define ENGINE_CTRL_GET_NAME_FROM_CMD 15 | ||
| 550 | #define ENGINE_CTRL_GET_DESC_LEN_FROM_CMD 16 | ||
| 551 | #define ENGINE_CTRL_GET_DESC_FROM_CMD 17 | ||
| 552 | #define ENGINE_CTRL_GET_CMD_FLAGS 18 | ||
| 553 | |||
| 554 | Whilst these commands are automatically processed by the OpenSSL framework code, | ||
| 555 | they use various properties exposed by each ENGINE by which to process these | ||
| 556 | queries. An ENGINE has 3 properties it exposes that can affect this behaviour; | ||
| 557 | it can supply a ctrl() handler, it can specify ENGINE_FLAGS_MANUAL_CMD_CTRL in | ||
| 558 | the ENGINE's flags, and it can expose an array of control command descriptions. | ||
| 559 | If an ENGINE specifies the ENGINE_FLAGS_MANUAL_CMD_CTRL flag, then it will | ||
| 560 | simply pass all these "core" control commands directly to the ENGINE's ctrl() | ||
| 561 | handler (and thus, it must have supplied one), so it is up to the ENGINE to | ||
| 562 | reply to these "discovery" commands itself. If that flag is not set, then the | ||
| 563 | OpenSSL framework code will work with the following rules; | ||
| 564 | |||
| 565 | if no ctrl() handler supplied; | ||
| 566 | ENGINE_HAS_CTRL_FUNCTION returns FALSE (zero), | ||
| 567 | all other commands fail. | ||
| 568 | if a ctrl() handler was supplied but no array of control commands; | ||
| 569 | ENGINE_HAS_CTRL_FUNCTION returns TRUE, | ||
| 570 | all other commands fail. | ||
| 571 | if a ctrl() handler and array of control commands was supplied; | ||
| 572 | ENGINE_HAS_CTRL_FUNCTION returns TRUE, | ||
| 573 | all other commands proceed processing ... | ||
| 574 | |||
| 575 | If the ENGINE's array of control commands is empty then all other commands will | ||
| 576 | fail, otherwise; ENGINE_CTRL_GET_FIRST_CMD_TYPE returns the identifier of | ||
| 577 | the first command supported by the ENGINE, ENGINE_GET_NEXT_CMD_TYPE takes the | ||
| 578 | identifier of a command supported by the ENGINE and returns the next command | ||
| 579 | identifier or fails if there are no more, ENGINE_CMD_FROM_NAME takes a string | ||
| 580 | name for a command and returns the corresponding identifier or fails if no such | ||
| 581 | command name exists, and the remaining commands take a command identifier and | ||
| 582 | return properties of the corresponding commands. All except | ||
| 583 | ENGINE_CTRL_GET_FLAGS return the string length of a command name or description, | ||
| 584 | or populate a supplied character buffer with a copy of the command name or | ||
| 585 | description. ENGINE_CTRL_GET_FLAGS returns a bitwise-OR'd mask of the following | ||
| 586 | possible values; | ||
| 587 | |||
| 588 | #define ENGINE_CMD_FLAG_NUMERIC (unsigned int)0x0001 | ||
| 589 | #define ENGINE_CMD_FLAG_STRING (unsigned int)0x0002 | ||
| 590 | #define ENGINE_CMD_FLAG_NO_INPUT (unsigned int)0x0004 | ||
| 591 | #define ENGINE_CMD_FLAG_INTERNAL (unsigned int)0x0008 | ||
| 592 | |||
| 593 | If the ENGINE_CMD_FLAG_INTERNAL flag is set, then any other flags are purely | ||
| 594 | informational to the caller - this flag will prevent the command being usable | ||
| 595 | for any higher-level ENGINE functions such as ENGINE_ctrl_cmd_string(). | ||
| 596 | "INTERNAL" commands are not intended to be exposed to text-based configuration | ||
| 597 | by applications, administrations, users, etc. These can support arbitrary | ||
| 598 | operations via ENGINE_ctrl(), including passing to and/or from the control | ||
| 599 | commands data of any arbitrary type. These commands are supported in the | ||
| 600 | discovery mechanisms simply to allow applications determinie if an ENGINE | ||
| 601 | supports certain specific commands it might want to use (eg. application "foo" | ||
| 602 | might query various ENGINEs to see if they implement "FOO_GET_VENDOR_LOGO_GIF" - | ||
| 603 | and ENGINE could therefore decide whether or not to support this "foo"-specific | ||
| 604 | extension). | ||
| 605 | |||
| 606 | =head2 Future developments | ||
| 607 | |||
| 608 | The ENGINE API and internal architecture is currently being reviewed. Slated for | ||
| 609 | possible release in 0.9.8 is support for transparent loading of "dynamic" | ||
| 610 | ENGINEs (built as self-contained shared-libraries). This would allow ENGINE | ||
| 611 | implementations to be provided independantly of OpenSSL libraries and/or | ||
| 612 | OpenSSL-based applications, and would also remove any requirement for | ||
| 613 | applications to explicitly use the "dynamic" ENGINE to bind to shared-library | ||
| 614 | implementations. | ||
| 615 | |||
| 616 | =head1 SEE ALSO | ||
| 617 | |||
| 618 | L<rsa(3)|rsa(3)>, L<dsa(3)|dsa(3)>, L<dh(3)|dh(3)>, L<rand(3)|rand(3)>, | ||
| 619 | L<RSA_new_method(3)|RSA_new_method(3)> | ||
| 620 | |||
| 621 | =cut | ||
| diff --git a/src/lib/libssl/src/doc/crypto/evp.pod b/src/lib/libssl/src/doc/crypto/evp.pod index edf47dbde6..b3ca14314f 100644 --- a/src/lib/libssl/src/doc/crypto/evp.pod +++ b/src/lib/libssl/src/doc/crypto/evp.pod | |||
| @@ -24,6 +24,13 @@ functions. The B<EVP_Digest>I<...> functions provide message digests. | |||
| 24 | 24 | ||
| 25 | Algorithms are loaded with OpenSSL_add_all_algorithms(3). | 25 | Algorithms are loaded with OpenSSL_add_all_algorithms(3). | 
| 26 | 26 | ||
| 27 | All the symmetric algorithms (ciphers) and digests can be replaced by ENGINE | ||
| 28 | modules providing alternative implementations. If ENGINE implementations of | ||
| 29 | ciphers or digests are registered as defaults, then the various EVP functions | ||
| 30 | will automatically use those implementations automatically in preference to | ||
| 31 | built in software implementations. For more information, consult the engine(3) | ||
| 32 | man page. | ||
| 33 | |||
| 27 | =head1 SEE ALSO | 34 | =head1 SEE ALSO | 
| 28 | 35 | ||
| 29 | L<EVP_DigestInit(3)|EVP_DigestInit(3)>, | 36 | L<EVP_DigestInit(3)|EVP_DigestInit(3)>, | 
| @@ -32,6 +39,7 @@ L<EVP_OpenInit(3)|EVP_OpenInit(3)>, | |||
| 32 | L<EVP_SealInit(3)|EVP_SealInit(3)>, | 39 | L<EVP_SealInit(3)|EVP_SealInit(3)>, | 
| 33 | L<EVP_SignInit(3)|EVP_SignInit(3)>, | 40 | L<EVP_SignInit(3)|EVP_SignInit(3)>, | 
| 34 | L<EVP_VerifyInit(3)|EVP_VerifyInit(3)>, | 41 | L<EVP_VerifyInit(3)|EVP_VerifyInit(3)>, | 
| 35 | L<OpenSSL_add_all_algorithms(3)|OpenSSL_add_all_algorithms(3)> | 42 | L<OpenSSL_add_all_algorithms(3)|OpenSSL_add_all_algorithms(3)>, | 
| 43 | L<engine(3)|engine(3)> | ||
| 36 | 44 | ||
| 37 | =cut | 45 | =cut | 
| diff --git a/src/lib/libssl/src/doc/crypto/rand.pod b/src/lib/libssl/src/doc/crypto/rand.pod index 96901f109e..1c068c85b3 100644 --- a/src/lib/libssl/src/doc/crypto/rand.pod +++ b/src/lib/libssl/src/doc/crypto/rand.pod | |||
| @@ -8,13 +8,14 @@ rand - pseudo-random number generator | |||
| 8 | 8 | ||
| 9 | #include <openssl/rand.h> | 9 | #include <openssl/rand.h> | 
| 10 | 10 | ||
| 11 | int RAND_set_rand_engine(ENGINE *engine); | ||
| 12 | |||
| 11 | int RAND_bytes(unsigned char *buf, int num); | 13 | int RAND_bytes(unsigned char *buf, int num); | 
| 12 | int RAND_pseudo_bytes(unsigned char *buf, int num); | 14 | int RAND_pseudo_bytes(unsigned char *buf, int num); | 
| 13 | 15 | ||
| 14 | void RAND_seed(const void *buf, int num); | 16 | void RAND_seed(const void *buf, int num); | 
| 15 | void RAND_add(const void *buf, int num, int entropy); | 17 | void RAND_add(const void *buf, int num, int entropy); | 
| 16 | int RAND_status(void); | 18 | int RAND_status(void); | 
| 17 | void RAND_screen(void); | ||
| 18 | 19 | ||
| 19 | int RAND_load_file(const char *file, long max_bytes); | 20 | int RAND_load_file(const char *file, long max_bytes); | 
| 20 | int RAND_write_file(const char *file); | 21 | int RAND_write_file(const char *file); | 
| @@ -22,14 +23,31 @@ rand - pseudo-random number generator | |||
| 22 | 23 | ||
| 23 | int RAND_egd(const char *path); | 24 | int RAND_egd(const char *path); | 
| 24 | 25 | ||
| 25 | void RAND_set_rand_method(RAND_METHOD *meth); | 26 | void RAND_set_rand_method(const RAND_METHOD *meth); | 
| 26 | RAND_METHOD *RAND_get_rand_method(void); | 27 | const RAND_METHOD *RAND_get_rand_method(void); | 
| 27 | RAND_METHOD *RAND_SSLeay(void); | 28 | RAND_METHOD *RAND_SSLeay(void); | 
| 28 | 29 | ||
| 29 | void RAND_cleanup(void); | 30 | void RAND_cleanup(void); | 
| 30 | 31 | ||
| 32 | /* For Win32 only */ | ||
| 33 | void RAND_screen(void); | ||
| 34 | int RAND_event(UINT, WPARAM, LPARAM); | ||
| 35 | |||
| 31 | =head1 DESCRIPTION | 36 | =head1 DESCRIPTION | 
| 32 | 37 | ||
| 38 | Since the introduction of the ENGINE API, the recommended way of controlling | ||
| 39 | default implementations is by using the ENGINE API functions. The default | ||
| 40 | B<RAND_METHOD>, as set by RAND_set_rand_method() and returned by | ||
| 41 | RAND_get_rand_method(), is only used if no ENGINE has been set as the default | ||
| 42 | "rand" implementation. Hence, these two functions are no longer the recommened | ||
| 43 | way to control defaults. | ||
| 44 | |||
| 45 | If an alternative B<RAND_METHOD> implementation is being used (either set | ||
| 46 | directly or as provided by an ENGINE module), then it is entirely responsible | ||
| 47 | for the generation and management of a cryptographically secure PRNG stream. The | ||
| 48 | mechanisms described below relate solely to the software PRNG implementation | ||
| 49 | built in to OpenSSL and used by default. | ||
| 50 | |||
| 33 | These functions implement a cryptographically secure pseudo-random | 51 | These functions implement a cryptographically secure pseudo-random | 
| 34 | number generator (PRNG). It is used by other library functions for | 52 | number generator (PRNG). It is used by other library functions for | 
| 35 | example to generate random keys, and applications can use it when they | 53 | example to generate random keys, and applications can use it when they | 
| diff --git a/src/lib/libssl/src/doc/crypto/rsa.pod b/src/lib/libssl/src/doc/crypto/rsa.pod index 2b93a12b65..45ac53ffc1 100644 --- a/src/lib/libssl/src/doc/crypto/rsa.pod +++ b/src/lib/libssl/src/doc/crypto/rsa.pod | |||
| @@ -16,13 +16,17 @@ rsa - RSA public key cryptosystem | |||
| 16 | unsigned char *to, RSA *rsa, int padding); | 16 | unsigned char *to, RSA *rsa, int padding); | 
| 17 | int RSA_private_decrypt(int flen, unsigned char *from, | 17 | int RSA_private_decrypt(int flen, unsigned char *from, | 
| 18 | unsigned char *to, RSA *rsa, int padding); | 18 | unsigned char *to, RSA *rsa, int padding); | 
| 19 | int RSA_private_encrypt(int flen, unsigned char *from, | ||
| 20 | unsigned char *to, RSA *rsa,int padding); | ||
| 21 | int RSA_public_decrypt(int flen, unsigned char *from, | ||
| 22 | unsigned char *to, RSA *rsa,int padding); | ||
| 19 | 23 | ||
| 20 | int RSA_sign(int type, unsigned char *m, unsigned int m_len, | 24 | int RSA_sign(int type, unsigned char *m, unsigned int m_len, | 
| 21 | unsigned char *sigret, unsigned int *siglen, RSA *rsa); | 25 | unsigned char *sigret, unsigned int *siglen, RSA *rsa); | 
| 22 | int RSA_verify(int type, unsigned char *m, unsigned int m_len, | 26 | int RSA_verify(int type, unsigned char *m, unsigned int m_len, | 
| 23 | unsigned char *sigbuf, unsigned int siglen, RSA *rsa); | 27 | unsigned char *sigbuf, unsigned int siglen, RSA *rsa); | 
| 24 | 28 | ||
| 25 | int RSA_size(RSA *rsa); | 29 | int RSA_size(const RSA *rsa); | 
| 26 | 30 | ||
| 27 | RSA *RSA_generate_key(int num, unsigned long e, | 31 | RSA *RSA_generate_key(int num, unsigned long e, | 
| 28 | void (*callback)(int,int,void *), void *cb_arg); | 32 | void (*callback)(int,int,void *), void *cb_arg); | 
| @@ -32,13 +36,13 @@ rsa - RSA public key cryptosystem | |||
| 32 | int RSA_blinding_on(RSA *rsa, BN_CTX *ctx); | 36 | int RSA_blinding_on(RSA *rsa, BN_CTX *ctx); | 
| 33 | void RSA_blinding_off(RSA *rsa); | 37 | void RSA_blinding_off(RSA *rsa); | 
| 34 | 38 | ||
| 35 | void RSA_set_default_openssl_method(RSA_METHOD *meth); | 39 | void RSA_set_default_method(const RSA_METHOD *meth); | 
| 36 | RSA_METHOD *RSA_get_default_openssl_method(void); | 40 | const RSA_METHOD *RSA_get_default_method(void); | 
| 37 | int RSA_set_method(RSA *rsa, ENGINE *engine); | 41 | int RSA_set_method(RSA *rsa, const RSA_METHOD *meth); | 
| 38 | RSA_METHOD *RSA_get_method(RSA *rsa); | 42 | const RSA_METHOD *RSA_get_method(const RSA *rsa); | 
| 39 | RSA_METHOD *RSA_PKCS1_SSLeay(void); | 43 | RSA_METHOD *RSA_PKCS1_SSLeay(void); | 
| 40 | RSA_METHOD *RSA_null_method(void); | 44 | RSA_METHOD *RSA_null_method(void); | 
| 41 | int RSA_flags(RSA *rsa); | 45 | int RSA_flags(const RSA *rsa); | 
| 42 | RSA *RSA_new_method(ENGINE *engine); | 46 | RSA *RSA_new_method(ENGINE *engine); | 
| 43 | 47 | ||
| 44 | int RSA_print(BIO *bp, RSA *x, int offset); | 48 | int RSA_print(BIO *bp, RSA *x, int offset); | 
| @@ -49,11 +53,6 @@ rsa - RSA public key cryptosystem | |||
| 49 | int RSA_set_ex_data(RSA *r,int idx,char *arg); | 53 | int RSA_set_ex_data(RSA *r,int idx,char *arg); | 
| 50 | char *RSA_get_ex_data(RSA *r, int idx); | 54 | char *RSA_get_ex_data(RSA *r, int idx); | 
| 51 | 55 | ||
| 52 | int RSA_private_encrypt(int flen, unsigned char *from, | ||
| 53 | unsigned char *to, RSA *rsa,int padding); | ||
| 54 | int RSA_public_decrypt(int flen, unsigned char *from, | ||
| 55 | unsigned char *to, RSA *rsa,int padding); | ||
| 56 | |||
| 57 | int RSA_sign_ASN1_OCTET_STRING(int dummy, unsigned char *m, | 56 | int RSA_sign_ASN1_OCTET_STRING(int dummy, unsigned char *m, | 
| 58 | unsigned int m_len, unsigned char *sigret, unsigned int *siglen, | 57 | unsigned int m_len, unsigned char *sigret, unsigned int *siglen, | 
| 59 | RSA *rsa); | 58 | RSA *rsa); | 
| @@ -90,6 +89,14 @@ B<p>, B<q>, B<dmp1>, B<dmq1> and B<iqmp> may be B<NULL> in private | |||
| 90 | keys, but the RSA operations are much faster when these values are | 89 | keys, but the RSA operations are much faster when these values are | 
| 91 | available. | 90 | available. | 
| 92 | 91 | ||
| 92 | Note that RSA keys may use non-standard B<RSA_METHOD> implementations, | ||
| 93 | either directly or by the use of B<ENGINE> modules. In some cases (eg. an | ||
| 94 | ENGINE providing support for hardware-embedded keys), these BIGNUM values | ||
| 95 | will not be used by the implementation or may be used for alternative data | ||
| 96 | storage. For this reason, applications should generally avoid using RSA | ||
| 97 | structure elements directly and instead use API functions to query or | ||
| 98 | modify keys. | ||
| 99 | |||
| 93 | =head1 CONFORMING TO | 100 | =head1 CONFORMING TO | 
| 94 | 101 | ||
| 95 | SSL, PKCS #1 v2.0 | 102 | SSL, PKCS #1 v2.0 | 
| @@ -101,7 +108,7 @@ RSA was covered by a US patent which expired in September 2000. | |||
| 101 | =head1 SEE ALSO | 108 | =head1 SEE ALSO | 
| 102 | 109 | ||
| 103 | L<rsa(1)|rsa(1)>, L<bn(3)|bn(3)>, L<dsa(3)|dsa(3)>, L<dh(3)|dh(3)>, | 110 | L<rsa(1)|rsa(1)>, L<bn(3)|bn(3)>, L<dsa(3)|dsa(3)>, L<dh(3)|dh(3)>, | 
| 104 | L<rand(3)|rand(3)>, L<RSA_new(3)|RSA_new(3)>, | 111 | L<rand(3)|rand(3)>, L<engine(3)|engine(3)>, L<RSA_new(3)|RSA_new(3)>, | 
| 105 | L<RSA_public_encrypt(3)|RSA_public_encrypt(3)>, | 112 | L<RSA_public_encrypt(3)|RSA_public_encrypt(3)>, | 
| 106 | L<RSA_sign(3)|RSA_sign(3)>, L<RSA_size(3)|RSA_size(3)>, | 113 | L<RSA_sign(3)|RSA_sign(3)>, L<RSA_size(3)|RSA_size(3)>, | 
| 107 | L<RSA_generate_key(3)|RSA_generate_key(3)>, | 114 | L<RSA_generate_key(3)|RSA_generate_key(3)>, | 
| diff --git a/src/lib/libssl/src/doc/openssl.txt b/src/lib/libssl/src/doc/openssl.txt index 5da519e7e4..432a17b66c 100644 --- a/src/lib/libssl/src/doc/openssl.txt +++ b/src/lib/libssl/src/doc/openssl.txt | |||
| @@ -344,7 +344,7 @@ the extension. | |||
| 344 | 344 | ||
| 345 | Examples: | 345 | Examples: | 
| 346 | 346 | ||
| 347 | subjectAltName=email:copy,email:my@other.address,URL:http://my.url.here/ | 347 | subjectAltName=email:copy,email:my@other.address,URI:http://my.url.here/ | 
| 348 | subjectAltName=email:my@other.address,RID:1.2.3.4 | 348 | subjectAltName=email:my@other.address,RID:1.2.3.4 | 
| 349 | 349 | ||
| 350 | Issuer Alternative Name. | 350 | Issuer Alternative Name. | 
| diff --git a/src/lib/libssl/src/doc/ssl/SSL_CTX_set_msg_callback.pod b/src/lib/libssl/src/doc/ssl/SSL_CTX_set_msg_callback.pod index a423932d0a..0015e6ea79 100644 --- a/src/lib/libssl/src/doc/ssl/SSL_CTX_set_msg_callback.pod +++ b/src/lib/libssl/src/doc/ssl/SSL_CTX_set_msg_callback.pod | |||
| @@ -69,6 +69,8 @@ The B<SSL> object that received or sent the message. | |||
| 69 | The user-defined argument optionally defined by | 69 | The user-defined argument optionally defined by | 
| 70 | SSL_CTX_set_msg_callback_arg() or SSL_set_msg_callback_arg(). | 70 | SSL_CTX_set_msg_callback_arg() or SSL_set_msg_callback_arg(). | 
| 71 | 71 | ||
| 72 | =back | ||
| 73 | |||
| 72 | =head1 NOTES | 74 | =head1 NOTES | 
| 73 | 75 | ||
| 74 | Protocol messages are passed to the callback function after decryption | 76 | Protocol messages are passed to the callback function after decryption | 
| diff --git a/src/lib/libssl/src/ssl/s2_clnt.c b/src/lib/libssl/src/ssl/s2_clnt.c index 26efe53856..570d0664ed 100644 --- a/src/lib/libssl/src/ssl/s2_clnt.c +++ b/src/lib/libssl/src/ssl/s2_clnt.c | |||
| @@ -536,7 +536,12 @@ static int get_server_hello(SSL *s) | |||
| 536 | } | 536 | } | 
| 537 | 537 | ||
| 538 | s->s2->conn_id_length=s->s2->tmp.conn_id_length; | 538 | s->s2->conn_id_length=s->s2->tmp.conn_id_length; | 
| 539 | die(s->s2->conn_id_length <= sizeof s->s2->conn_id); | 539 | if (s->s2->conn_id_length > sizeof s->s2->conn_id) | 
| 540 | { | ||
| 541 | ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR); | ||
| 542 | SSLerr(SSL_F_GET_SERVER_HELLO, SSL_R_SSL2_CONNECTION_ID_TOO_LONG); | ||
| 543 | return -1; | ||
| 544 | } | ||
| 540 | memcpy(s->s2->conn_id,p,s->s2->tmp.conn_id_length); | 545 | memcpy(s->s2->conn_id,p,s->s2->tmp.conn_id_length); | 
| 541 | return(1); | 546 | return(1); | 
| 542 | } | 547 | } | 
| @@ -638,7 +643,12 @@ static int client_master_key(SSL *s) | |||
| 638 | /* make key_arg data */ | 643 | /* make key_arg data */ | 
| 639 | i=EVP_CIPHER_iv_length(c); | 644 | i=EVP_CIPHER_iv_length(c); | 
| 640 | sess->key_arg_length=i; | 645 | sess->key_arg_length=i; | 
| 641 | die(i <= SSL_MAX_KEY_ARG_LENGTH); | 646 | if (i > SSL_MAX_KEY_ARG_LENGTH) | 
| 647 | { | ||
| 648 | ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR); | ||
| 649 | SSLerr(SSL_F_CLIENT_MASTER_KEY, ERR_R_INTERNAL_ERROR); | ||
| 650 | return -1; | ||
| 651 | } | ||
| 642 | if (i > 0) RAND_pseudo_bytes(sess->key_arg,i); | 652 | if (i > 0) RAND_pseudo_bytes(sess->key_arg,i); | 
| 643 | 653 | ||
| 644 | /* make a master key */ | 654 | /* make a master key */ | 
| @@ -646,7 +656,12 @@ static int client_master_key(SSL *s) | |||
| 646 | sess->master_key_length=i; | 656 | sess->master_key_length=i; | 
| 647 | if (i > 0) | 657 | if (i > 0) | 
| 648 | { | 658 | { | 
| 649 | die(i <= sizeof sess->master_key); | 659 | if (i > sizeof sess->master_key) | 
| 660 | { | ||
| 661 | ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR); | ||
| 662 | SSLerr(SSL_F_CLIENT_MASTER_KEY, ERR_R_INTERNAL_ERROR); | ||
| 663 | return -1; | ||
| 664 | } | ||
| 650 | if (RAND_bytes(sess->master_key,i) <= 0) | 665 | if (RAND_bytes(sess->master_key,i) <= 0) | 
| 651 | { | 666 | { | 
| 652 | ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); | 667 | ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); | 
| @@ -690,7 +705,12 @@ static int client_master_key(SSL *s) | |||
| 690 | d+=enc; | 705 | d+=enc; | 
| 691 | karg=sess->key_arg_length; | 706 | karg=sess->key_arg_length; | 
| 692 | s2n(karg,p); /* key arg size */ | 707 | s2n(karg,p); /* key arg size */ | 
| 693 | die(karg <= sizeof sess->key_arg); | 708 | if (karg > sizeof sess->key_arg) | 
| 709 | { | ||
| 710 | ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); | ||
| 711 | SSLerr(SSL_F_CLIENT_MASTER_KEY, ERR_R_INTERNAL_ERROR); | ||
| 712 | return -1; | ||
| 713 | } | ||
| 694 | memcpy(d,sess->key_arg,(unsigned int)karg); | 714 | memcpy(d,sess->key_arg,(unsigned int)karg); | 
| 695 | d+=karg; | 715 | d+=karg; | 
| 696 | 716 | ||
| @@ -711,7 +731,11 @@ static int client_finished(SSL *s) | |||
| 711 | { | 731 | { | 
| 712 | p=(unsigned char *)s->init_buf->data; | 732 | p=(unsigned char *)s->init_buf->data; | 
| 713 | *(p++)=SSL2_MT_CLIENT_FINISHED; | 733 | *(p++)=SSL2_MT_CLIENT_FINISHED; | 
| 714 | die(s->s2->conn_id_length <= sizeof s->s2->conn_id); | 734 | if (s->s2->conn_id_length > sizeof s->s2->conn_id) | 
| 735 | { | ||
| 736 | SSLerr(SSL_F_CLIENT_FINISHED, ERR_R_INTERNAL_ERROR); | ||
| 737 | return -1; | ||
| 738 | } | ||
| 715 | memcpy(p,s->s2->conn_id,(unsigned int)s->s2->conn_id_length); | 739 | memcpy(p,s->s2->conn_id,(unsigned int)s->s2->conn_id_length); | 
| 716 | 740 | ||
| 717 | s->state=SSL2_ST_SEND_CLIENT_FINISHED_B; | 741 | s->state=SSL2_ST_SEND_CLIENT_FINISHED_B; | 
| @@ -984,10 +1008,9 @@ static int get_server_finished(SSL *s) | |||
| 984 | { | 1008 | { | 
| 985 | if (!(s->options & SSL_OP_MICROSOFT_SESS_ID_BUG)) | 1009 | if (!(s->options & SSL_OP_MICROSOFT_SESS_ID_BUG)) | 
| 986 | { | 1010 | { | 
| 987 | die(s->session->session_id_length | 1011 | if ((s->session->session_id_length > sizeof s->session->session_id) | 
| 988 | <= sizeof s->session->session_id); | 1012 | || (0 != memcmp(buf, s->session->session_id, | 
| 989 | if (memcmp(buf,s->session->session_id, | 1013 | (unsigned int)s->session->session_id_length))) | 
| 990 | (unsigned int)s->session->session_id_length) != 0) | ||
| 991 | { | 1014 | { | 
| 992 | ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); | 1015 | ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); | 
| 993 | SSLerr(SSL_F_GET_SERVER_FINISHED,SSL_R_SSL_SESSION_ID_IS_DIFFERENT); | 1016 | SSLerr(SSL_F_GET_SERVER_FINISHED,SSL_R_SSL_SESSION_ID_IS_DIFFERENT); | 
| diff --git a/src/lib/libssl/src/ssl/s2_enc.c b/src/lib/libssl/src/ssl/s2_enc.c index a28e747d2d..690252e3d3 100644 --- a/src/lib/libssl/src/ssl/s2_enc.c +++ b/src/lib/libssl/src/ssl/s2_enc.c | |||
| @@ -96,7 +96,8 @@ int ssl2_enc_init(SSL *s, int client) | |||
| 96 | num=c->key_len; | 96 | num=c->key_len; | 
| 97 | s->s2->key_material_length=num*2; | 97 | s->s2->key_material_length=num*2; | 
| 98 | 98 | ||
| 99 | ssl2_generate_key_material(s); | 99 | if (ssl2_generate_key_material(s) <= 0) | 
| 100 | return 0; | ||
| 100 | 101 | ||
| 101 | EVP_EncryptInit_ex(ws,c,NULL,&(s->s2->key_material[(client)?num:0]), | 102 | EVP_EncryptInit_ex(ws,c,NULL,&(s->s2->key_material[(client)?num:0]), | 
| 102 | s->session->key_arg); | 103 | s->session->key_arg); | 
| diff --git a/src/lib/libssl/src/ssl/s2_lib.c b/src/lib/libssl/src/ssl/s2_lib.c index 9bf55268df..cc0dcfa956 100644 --- a/src/lib/libssl/src/ssl/s2_lib.c +++ b/src/lib/libssl/src/ssl/s2_lib.c | |||
| @@ -416,12 +416,15 @@ int ssl2_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p) | |||
| 416 | return(3); | 416 | return(3); | 
| 417 | } | 417 | } | 
| 418 | 418 | ||
| 419 | void ssl2_generate_key_material(SSL *s) | 419 | int ssl2_generate_key_material(SSL *s) | 
| 420 | { | 420 | { | 
| 421 | unsigned int i; | 421 | unsigned int i; | 
| 422 | EVP_MD_CTX ctx; | 422 | EVP_MD_CTX ctx; | 
| 423 | unsigned char *km; | 423 | unsigned char *km; | 
| 424 | unsigned char c='0'; | 424 | unsigned char c='0'; | 
| 425 | const EVP_MD *md5; | ||
| 426 | |||
| 427 | md5 = EVP_md5(); | ||
| 425 | 428 | ||
| 426 | #ifdef CHARSET_EBCDIC | 429 | #ifdef CHARSET_EBCDIC | 
| 427 | c = os_toascii['0']; /* Must be an ASCII '0', not EBCDIC '0', | 430 | c = os_toascii['0']; /* Must be an ASCII '0', not EBCDIC '0', | 
| @@ -429,23 +432,35 @@ void ssl2_generate_key_material(SSL *s) | |||
| 429 | #endif | 432 | #endif | 
| 430 | EVP_MD_CTX_init(&ctx); | 433 | EVP_MD_CTX_init(&ctx); | 
| 431 | km=s->s2->key_material; | 434 | km=s->s2->key_material; | 
| 432 | die(s->s2->key_material_length <= sizeof s->s2->key_material); | 435 | |
| 433 | for (i=0; i<s->s2->key_material_length; i+=MD5_DIGEST_LENGTH) | 436 | if (s->session->master_key_length < 0 || s->session->master_key_length > sizeof s->session->master_key) | 
| 437 | { | ||
| 438 | SSLerr(SSL_F_SSL2_GENERATE_KEY_MATERIAL, ERR_R_INTERNAL_ERROR); | ||
| 439 | return 0; | ||
| 440 | } | ||
| 441 | |||
| 442 | for (i=0; i<s->s2->key_material_length; i += EVP_MD_size(md5)) | ||
| 434 | { | 443 | { | 
| 435 | EVP_DigestInit_ex(&ctx,EVP_md5(), NULL); | 444 | if (((km - s->s2->key_material) + EVP_MD_size(md5)) > sizeof s->s2->key_material) | 
| 445 | { | ||
| 446 | /* EVP_DigestFinal_ex() below would write beyond buffer */ | ||
| 447 | SSLerr(SSL_F_SSL2_GENERATE_KEY_MATERIAL, ERR_R_INTERNAL_ERROR); | ||
| 448 | return 0; | ||
| 449 | } | ||
| 450 | |||
| 451 | EVP_DigestInit_ex(&ctx, md5, NULL); | ||
| 436 | 452 | ||
| 437 | die(s->session->master_key_length >= 0 | ||
| 438 | && s->session->master_key_length | ||
| 439 | < sizeof s->session->master_key); | ||
| 440 | EVP_DigestUpdate(&ctx,s->session->master_key,s->session->master_key_length); | 453 | EVP_DigestUpdate(&ctx,s->session->master_key,s->session->master_key_length); | 
| 441 | EVP_DigestUpdate(&ctx,&c,1); | 454 | EVP_DigestUpdate(&ctx,&c,1); | 
| 442 | c++; | 455 | c++; | 
| 443 | EVP_DigestUpdate(&ctx,s->s2->challenge,s->s2->challenge_length); | 456 | EVP_DigestUpdate(&ctx,s->s2->challenge,s->s2->challenge_length); | 
| 444 | EVP_DigestUpdate(&ctx,s->s2->conn_id,s->s2->conn_id_length); | 457 | EVP_DigestUpdate(&ctx,s->s2->conn_id,s->s2->conn_id_length); | 
| 445 | EVP_DigestFinal_ex(&ctx,km,NULL); | 458 | EVP_DigestFinal_ex(&ctx,km,NULL); | 
| 446 | km+=MD5_DIGEST_LENGTH; | 459 | km += EVP_MD_size(md5); | 
| 447 | } | 460 | } | 
| 461 | |||
| 448 | EVP_MD_CTX_cleanup(&ctx); | 462 | EVP_MD_CTX_cleanup(&ctx); | 
| 463 | return 1; | ||
| 449 | } | 464 | } | 
| 450 | 465 | ||
| 451 | void ssl2_return_error(SSL *s, int err) | 466 | void ssl2_return_error(SSL *s, int err) | 
| @@ -470,10 +485,14 @@ void ssl2_write_error(SSL *s) | |||
| 470 | buf[2]=(s->error_code)&0xff; | 485 | buf[2]=(s->error_code)&0xff; | 
| 471 | 486 | ||
| 472 | /* state=s->rwstate;*/ | 487 | /* state=s->rwstate;*/ | 
| 473 | error=s->error; | 488 | |
| 489 | error=s->error; /* number of bytes left to write */ | ||
| 474 | s->error=0; | 490 | s->error=0; | 
| 475 | die(error >= 0 && error <= 3); | 491 | if (error < 0 || error > sizeof buf) /* can't happen */ | 
| 492 | return; | ||
| 493 | |||
| 476 | i=ssl2_write(s,&(buf[3-error]),error); | 494 | i=ssl2_write(s,&(buf[3-error]),error); | 
| 495 | |||
| 477 | /* if (i == error) s->rwstate=state; */ | 496 | /* if (i == error) s->rwstate=state; */ | 
| 478 | 497 | ||
| 479 | if (i < 0) | 498 | if (i < 0) | 
| diff --git a/src/lib/libssl/src/ssl/s2_srvr.c b/src/lib/libssl/src/ssl/s2_srvr.c index 391287bfcd..97dda2dde0 100644 --- a/src/lib/libssl/src/ssl/s2_srvr.c +++ b/src/lib/libssl/src/ssl/s2_srvr.c | |||
| @@ -399,8 +399,7 @@ static int get_client_master_key(SSL *s) | |||
| 399 | SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_READ_WRONG_PACKET_TYPE); | 399 | SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_READ_WRONG_PACKET_TYPE); | 
| 400 | } | 400 | } | 
| 401 | else | 401 | else | 
| 402 | SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, | 402 | SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, SSL_R_PEER_ERROR); | 
| 403 | SSL_R_PEER_ERROR); | ||
| 404 | return(-1); | 403 | return(-1); | 
| 405 | } | 404 | } | 
| 406 | 405 | ||
| @@ -408,8 +407,7 @@ static int get_client_master_key(SSL *s) | |||
| 408 | if (cp == NULL) | 407 | if (cp == NULL) | 
| 409 | { | 408 | { | 
| 410 | ssl2_return_error(s,SSL2_PE_NO_CIPHER); | 409 | ssl2_return_error(s,SSL2_PE_NO_CIPHER); | 
| 411 | SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, | 410 | SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, SSL_R_NO_CIPHER_MATCH); | 
| 412 | SSL_R_NO_CIPHER_MATCH); | ||
| 413 | return(-1); | 411 | return(-1); | 
| 414 | } | 412 | } | 
| 415 | s->session->cipher= cp; | 413 | s->session->cipher= cp; | 
| @@ -420,8 +418,8 @@ static int get_client_master_key(SSL *s) | |||
| 420 | n2s(p,i); s->session->key_arg_length=i; | 418 | n2s(p,i); s->session->key_arg_length=i; | 
| 421 | if(s->session->key_arg_length > SSL_MAX_KEY_ARG_LENGTH) | 419 | if(s->session->key_arg_length > SSL_MAX_KEY_ARG_LENGTH) | 
| 422 | { | 420 | { | 
| 423 | SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, | 421 | ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); | 
| 424 | SSL_R_KEY_ARG_TOO_LONG); | 422 | SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, SSL_R_KEY_ARG_TOO_LONG); | 
| 425 | return -1; | 423 | return -1; | 
| 426 | } | 424 | } | 
| 427 | s->state=SSL2_ST_GET_CLIENT_MASTER_KEY_B; | 425 | s->state=SSL2_ST_GET_CLIENT_MASTER_KEY_B; | 
| @@ -429,11 +427,17 @@ static int get_client_master_key(SSL *s) | |||
| 429 | 427 | ||
| 430 | /* SSL2_ST_GET_CLIENT_MASTER_KEY_B */ | 428 | /* SSL2_ST_GET_CLIENT_MASTER_KEY_B */ | 
| 431 | p=(unsigned char *)s->init_buf->data; | 429 | p=(unsigned char *)s->init_buf->data; | 
| 432 | die(s->init_buf->length >= SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER); | 430 | if (s->init_buf->length < SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER) | 
| 431 | { | ||
| 432 | ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); | ||
| 433 | SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, ERR_R_INTERNAL_ERROR); | ||
| 434 | return -1; | ||
| 435 | } | ||
| 433 | keya=s->session->key_arg_length; | 436 | keya=s->session->key_arg_length; | 
| 434 | len = 10 + (unsigned long)s->s2->tmp.clear + (unsigned long)s->s2->tmp.enc + (unsigned long)keya; | 437 | len = 10 + (unsigned long)s->s2->tmp.clear + (unsigned long)s->s2->tmp.enc + (unsigned long)keya; | 
| 435 | if (len > SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER) | 438 | if (len > SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER) | 
| 436 | { | 439 | { | 
| 440 | ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); | ||
| 437 | SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_MESSAGE_TOO_LONG); | 441 | SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_MESSAGE_TOO_LONG); | 
| 438 | return -1; | 442 | return -1; | 
| 439 | } | 443 | } | 
| @@ -512,7 +516,13 @@ static int get_client_master_key(SSL *s) | |||
| 512 | #endif | 516 | #endif | 
| 513 | 517 | ||
| 514 | if (is_export) i+=s->s2->tmp.clear; | 518 | if (is_export) i+=s->s2->tmp.clear; | 
| 515 | die(i <= SSL_MAX_MASTER_KEY_LENGTH); | 519 | |
| 520 | if (i > SSL_MAX_MASTER_KEY_LENGTH) | ||
| 521 | { | ||
| 522 | ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); | ||
| 523 | SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, ERR_R_INTERNAL_ERROR); | ||
| 524 | return -1; | ||
| 525 | } | ||
| 516 | s->session->master_key_length=i; | 526 | s->session->master_key_length=i; | 
| 517 | memcpy(s->session->master_key,p,(unsigned int)i); | 527 | memcpy(s->session->master_key,p,(unsigned int)i); | 
| 518 | return(1); | 528 | return(1); | 
| @@ -563,6 +573,7 @@ static int get_client_hello(SSL *s) | |||
| 563 | if ( (i < SSL2_MIN_CHALLENGE_LENGTH) || | 573 | if ( (i < SSL2_MIN_CHALLENGE_LENGTH) || | 
| 564 | (i > SSL2_MAX_CHALLENGE_LENGTH)) | 574 | (i > SSL2_MAX_CHALLENGE_LENGTH)) | 
| 565 | { | 575 | { | 
| 576 | ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); | ||
| 566 | SSLerr(SSL_F_GET_CLIENT_HELLO,SSL_R_INVALID_CHALLENGE_LENGTH); | 577 | SSLerr(SSL_F_GET_CLIENT_HELLO,SSL_R_INVALID_CHALLENGE_LENGTH); | 
| 567 | return(-1); | 578 | return(-1); | 
| 568 | } | 579 | } | 
| @@ -574,6 +585,7 @@ static int get_client_hello(SSL *s) | |||
| 574 | len = 9 + (unsigned long)s->s2->tmp.cipher_spec_length + (unsigned long)s->s2->challenge_length + (unsigned long)s->s2->tmp.session_id_length; | 585 | len = 9 + (unsigned long)s->s2->tmp.cipher_spec_length + (unsigned long)s->s2->challenge_length + (unsigned long)s->s2->tmp.session_id_length; | 
| 575 | if (len > SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER) | 586 | if (len > SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER) | 
| 576 | { | 587 | { | 
| 588 | ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); | ||
| 577 | SSLerr(SSL_F_GET_CLIENT_HELLO,SSL_R_MESSAGE_TOO_LONG); | 589 | SSLerr(SSL_F_GET_CLIENT_HELLO,SSL_R_MESSAGE_TOO_LONG); | 
| 578 | return -1; | 590 | return -1; | 
| 579 | } | 591 | } | 
| @@ -679,7 +691,12 @@ static int get_client_hello(SSL *s) | |||
| 679 | p+=s->s2->tmp.session_id_length; | 691 | p+=s->s2->tmp.session_id_length; | 
| 680 | 692 | ||
| 681 | /* challenge */ | 693 | /* challenge */ | 
| 682 | die(s->s2->challenge_length <= sizeof s->s2->challenge); | 694 | if (s->s2->challenge_length > sizeof s->s2->challenge) | 
| 695 | { | ||
| 696 | ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); | ||
| 697 | SSLerr(SSL_F_GET_CLIENT_HELLO, ERR_R_INTERNAL_ERROR); | ||
| 698 | return -1; | ||
| 699 | } | ||
| 683 | memcpy(s->s2->challenge,p,(unsigned int)s->s2->challenge_length); | 700 | memcpy(s->s2->challenge,p,(unsigned int)s->s2->challenge_length); | 
| 684 | return(1); | 701 | return(1); | 
| 685 | mem_err: | 702 | mem_err: | 
| @@ -836,7 +853,12 @@ static int get_client_finished(SSL *s) | |||
| 836 | } | 853 | } | 
| 837 | 854 | ||
| 838 | /* SSL2_ST_GET_CLIENT_FINISHED_B */ | 855 | /* SSL2_ST_GET_CLIENT_FINISHED_B */ | 
| 839 | die(s->s2->conn_id_length <= sizeof s->s2->conn_id); | 856 | if (s->s2->conn_id_length > sizeof s->s2->conn_id) | 
| 857 | { | ||
| 858 | ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); | ||
| 859 | SSLerr(SSL_F_GET_CLIENT_FINISHED, ERR_R_INTERNAL_ERROR); | ||
| 860 | return -1; | ||
| 861 | } | ||
| 840 | len = 1 + (unsigned long)s->s2->conn_id_length; | 862 | len = 1 + (unsigned long)s->s2->conn_id_length; | 
| 841 | n = (int)len - s->init_num; | 863 | n = (int)len - s->init_num; | 
| 842 | i = ssl2_read(s,(char *)&(p[s->init_num]),n); | 864 | i = ssl2_read(s,(char *)&(p[s->init_num]),n); | 
| @@ -864,7 +886,11 @@ static int server_verify(SSL *s) | |||
| 864 | { | 886 | { | 
| 865 | p=(unsigned char *)s->init_buf->data; | 887 | p=(unsigned char *)s->init_buf->data; | 
| 866 | *(p++)=SSL2_MT_SERVER_VERIFY; | 888 | *(p++)=SSL2_MT_SERVER_VERIFY; | 
| 867 | die(s->s2->challenge_length <= sizeof s->s2->challenge); | 889 | if (s->s2->challenge_length > sizeof s->s2->challenge) | 
| 890 | { | ||
| 891 | SSLerr(SSL_F_SERVER_VERIFY, ERR_R_INTERNAL_ERROR); | ||
| 892 | return -1; | ||
| 893 | } | ||
| 868 | memcpy(p,s->s2->challenge,(unsigned int)s->s2->challenge_length); | 894 | memcpy(p,s->s2->challenge,(unsigned int)s->s2->challenge_length); | 
| 869 | /* p+=s->s2->challenge_length; */ | 895 | /* p+=s->s2->challenge_length; */ | 
| 870 | 896 | ||
| @@ -884,10 +910,12 @@ static int server_finish(SSL *s) | |||
| 884 | p=(unsigned char *)s->init_buf->data; | 910 | p=(unsigned char *)s->init_buf->data; | 
| 885 | *(p++)=SSL2_MT_SERVER_FINISHED; | 911 | *(p++)=SSL2_MT_SERVER_FINISHED; | 
| 886 | 912 | ||
| 887 | die(s->session->session_id_length | 913 | if (s->session->session_id_length > sizeof s->session->session_id) | 
| 888 | <= sizeof s->session->session_id); | 914 | { | 
| 889 | memcpy(p,s->session->session_id, | 915 | SSLerr(SSL_F_SERVER_FINISH, ERR_R_INTERNAL_ERROR); | 
| 890 | (unsigned int)s->session->session_id_length); | 916 | return -1; | 
| 917 | } | ||
| 918 | memcpy(p,s->session->session_id, (unsigned int)s->session->session_id_length); | ||
| 891 | /* p+=s->session->session_id_length; */ | 919 | /* p+=s->session->session_id_length; */ | 
| 892 | 920 | ||
| 893 | s->state=SSL2_ST_SEND_SERVER_FINISHED_B; | 921 | s->state=SSL2_ST_SEND_SERVER_FINISHED_B; | 
| @@ -1004,7 +1032,7 @@ static int request_certificate(SSL *s) | |||
| 1004 | len = 6 + (unsigned long)s->s2->tmp.clen + (unsigned long)s->s2->tmp.rlen; | 1032 | len = 6 + (unsigned long)s->s2->tmp.clen + (unsigned long)s->s2->tmp.rlen; | 
| 1005 | if (len > SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER) | 1033 | if (len > SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER) | 
| 1006 | { | 1034 | { | 
| 1007 | SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_MESSAGE_TOO_LONG); | 1035 | SSLerr(SSL_F_REQUEST_CERTIFICATE,SSL_R_MESSAGE_TOO_LONG); | 
| 1008 | goto end; | 1036 | goto end; | 
| 1009 | } | 1037 | } | 
| 1010 | j = (int)len - s->init_num; | 1038 | j = (int)len - s->init_num; | 
| diff --git a/src/lib/libssl/src/ssl/s3_clnt.c b/src/lib/libssl/src/ssl/s3_clnt.c index 2699b5863b..2b58482484 100644 --- a/src/lib/libssl/src/ssl/s3_clnt.c +++ b/src/lib/libssl/src/ssl/s3_clnt.c | |||
| @@ -546,7 +546,11 @@ static int ssl3_client_hello(SSL *s) | |||
| 546 | *(p++)=i; | 546 | *(p++)=i; | 
| 547 | if (i != 0) | 547 | if (i != 0) | 
| 548 | { | 548 | { | 
| 549 | die(i <= sizeof s->session->session_id); | 549 | if (i > sizeof s->session->session_id) | 
| 550 | { | ||
| 551 | SSLerr(SSL_F_SSL3_CLIENT_HELLO, ERR_R_INTERNAL_ERROR); | ||
| 552 | goto err; | ||
| 553 | } | ||
| 550 | memcpy(p,s->session->session_id,i); | 554 | memcpy(p,s->session->session_id,i); | 
| 551 | p+=i; | 555 | p+=i; | 
| 552 | } | 556 | } | 
| @@ -1598,7 +1602,11 @@ static int ssl3_send_client_key_exchange(SSL *s) | |||
| 1598 | SSL_MAX_MASTER_KEY_LENGTH); | 1602 | SSL_MAX_MASTER_KEY_LENGTH); | 
| 1599 | EVP_EncryptFinal_ex(&ciph_ctx,&(epms[outl]),&padl); | 1603 | EVP_EncryptFinal_ex(&ciph_ctx,&(epms[outl]),&padl); | 
| 1600 | outl += padl; | 1604 | outl += padl; | 
| 1601 | die(outl <= sizeof epms); | 1605 | if (outl > sizeof epms) | 
| 1606 | { | ||
| 1607 | SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); | ||
| 1608 | goto err; | ||
| 1609 | } | ||
| 1602 | EVP_CIPHER_CTX_cleanup(&ciph_ctx); | 1610 | EVP_CIPHER_CTX_cleanup(&ciph_ctx); | 
| 1603 | 1611 | ||
| 1604 | /* KerberosWrapper.EncryptedPreMasterSecret */ | 1612 | /* KerberosWrapper.EncryptedPreMasterSecret */ | 
| diff --git a/src/lib/libssl/src/ssl/s3_srvr.c b/src/lib/libssl/src/ssl/s3_srvr.c index 782b57f57a..20d716fb1b 100644 --- a/src/lib/libssl/src/ssl/s3_srvr.c +++ b/src/lib/libssl/src/ssl/s3_srvr.c | |||
| @@ -965,7 +965,11 @@ static int ssl3_send_server_hello(SSL *s) | |||
| 965 | s->session->session_id_length=0; | 965 | s->session->session_id_length=0; | 
| 966 | 966 | ||
| 967 | sl=s->session->session_id_length; | 967 | sl=s->session->session_id_length; | 
| 968 | die(sl <= sizeof s->session->session_id); | 968 | if (sl > sizeof s->session->session_id) | 
| 969 | { | ||
| 970 | SSLerr(SSL_F_SSL3_SEND_SERVER_HELLO, ERR_R_INTERNAL_ERROR); | ||
| 971 | return -1; | ||
| 972 | } | ||
| 969 | *(p++)=sl; | 973 | *(p++)=sl; | 
| 970 | memcpy(p,s->session->session_id,sl); | 974 | memcpy(p,s->session->session_id,sl); | 
| 971 | p+=sl; | 975 | p+=sl; | 
| @@ -1588,7 +1592,7 @@ static int ssl3_get_client_key_exchange(SSL *s) | |||
| 1588 | /* Note that the length is checked again below, | 1592 | /* Note that the length is checked again below, | 
| 1589 | ** after decryption | 1593 | ** after decryption | 
| 1590 | */ | 1594 | */ | 
| 1591 | if(enc.pms_length > sizeof pms) | 1595 | if(enc_pms.length > sizeof pms) | 
| 1592 | { | 1596 | { | 
| 1593 | SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, | 1597 | SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, | 
| 1594 | SSL_R_DATA_LENGTH_TOO_LONG); | 1598 | SSL_R_DATA_LENGTH_TOO_LONG); | 
| diff --git a/src/lib/libssl/src/ssl/ssl-lib.com b/src/lib/libssl/src/ssl/ssl-lib.com index 1f1921e162..d6829a8d64 100644 --- a/src/lib/libssl/src/ssl/ssl-lib.com +++ b/src/lib/libssl/src/ssl/ssl-lib.com | |||
| @@ -1067,7 +1067,7 @@ $ ENDIF | |||
| 1067 | $! | 1067 | $! | 
| 1068 | $! Show user the result | 1068 | $! Show user the result | 
| 1069 | $! | 1069 | $! | 
| 1070 | $ WRITE SYS$OUTPUT "Main Compiling Command: ",CC | 1070 | $ WRITE/SYMBOL SYS$OUTPUT "Main Compiling Command: ",CC | 
| 1071 | $! | 1071 | $! | 
| 1072 | $! Else The User Entered An Invalid Arguement. | 1072 | $! Else The User Entered An Invalid Arguement. | 
| 1073 | $! | 1073 | $! | 
| diff --git a/src/lib/libssl/src/ssl/ssl.h b/src/lib/libssl/src/ssl/ssl.h index d9949e8eb2..e9d1e896d7 100644 --- a/src/lib/libssl/src/ssl/ssl.h +++ b/src/lib/libssl/src/ssl/ssl.h | |||
| @@ -1462,6 +1462,7 @@ void ERR_load_SSL_strings(void); | |||
| 1462 | 1462 | ||
| 1463 | /* Function codes. */ | 1463 | /* Function codes. */ | 
| 1464 | #define SSL_F_CLIENT_CERTIFICATE 100 | 1464 | #define SSL_F_CLIENT_CERTIFICATE 100 | 
| 1465 | #define SSL_F_CLIENT_FINISHED 238 | ||
| 1465 | #define SSL_F_CLIENT_HELLO 101 | 1466 | #define SSL_F_CLIENT_HELLO 101 | 
| 1466 | #define SSL_F_CLIENT_MASTER_KEY 102 | 1467 | #define SSL_F_CLIENT_MASTER_KEY 102 | 
| 1467 | #define SSL_F_D2I_SSL_SESSION 103 | 1468 | #define SSL_F_D2I_SSL_SESSION 103 | 
| @@ -1475,7 +1476,9 @@ void ERR_load_SSL_strings(void); | |||
| 1475 | #define SSL_F_I2D_SSL_SESSION 111 | 1476 | #define SSL_F_I2D_SSL_SESSION 111 | 
| 1476 | #define SSL_F_READ_N 112 | 1477 | #define SSL_F_READ_N 112 | 
| 1477 | #define SSL_F_REQUEST_CERTIFICATE 113 | 1478 | #define SSL_F_REQUEST_CERTIFICATE 113 | 
| 1479 | #define SSL_F_SERVER_FINISH 239 | ||
| 1478 | #define SSL_F_SERVER_HELLO 114 | 1480 | #define SSL_F_SERVER_HELLO 114 | 
| 1481 | #define SSL_F_SERVER_VERIFY 240 | ||
| 1479 | #define SSL_F_SSL23_ACCEPT 115 | 1482 | #define SSL_F_SSL23_ACCEPT 115 | 
| 1480 | #define SSL_F_SSL23_CLIENT_HELLO 116 | 1483 | #define SSL_F_SSL23_CLIENT_HELLO 116 | 
| 1481 | #define SSL_F_SSL23_CONNECT 117 | 1484 | #define SSL_F_SSL23_CONNECT 117 | 
| @@ -1487,6 +1490,7 @@ void ERR_load_SSL_strings(void); | |||
| 1487 | #define SSL_F_SSL2_ACCEPT 122 | 1490 | #define SSL_F_SSL2_ACCEPT 122 | 
| 1488 | #define SSL_F_SSL2_CONNECT 123 | 1491 | #define SSL_F_SSL2_CONNECT 123 | 
| 1489 | #define SSL_F_SSL2_ENC_INIT 124 | 1492 | #define SSL_F_SSL2_ENC_INIT 124 | 
| 1493 | #define SSL_F_SSL2_GENERATE_KEY_MATERIAL 241 | ||
| 1490 | #define SSL_F_SSL2_PEEK 234 | 1494 | #define SSL_F_SSL2_PEEK 234 | 
| 1491 | #define SSL_F_SSL2_READ 125 | 1495 | #define SSL_F_SSL2_READ 125 | 
| 1492 | #define SSL_F_SSL2_READ_INTERNAL 236 | 1496 | #define SSL_F_SSL2_READ_INTERNAL 236 | 
| @@ -1523,6 +1527,7 @@ void ERR_load_SSL_strings(void); | |||
| 1523 | #define SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE 152 | 1527 | #define SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE 152 | 
| 1524 | #define SSL_F_SSL3_SEND_CLIENT_VERIFY 153 | 1528 | #define SSL_F_SSL3_SEND_CLIENT_VERIFY 153 | 
| 1525 | #define SSL_F_SSL3_SEND_SERVER_CERTIFICATE 154 | 1529 | #define SSL_F_SSL3_SEND_SERVER_CERTIFICATE 154 | 
| 1530 | #define SSL_F_SSL3_SEND_SERVER_HELLO 242 | ||
| 1526 | #define SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE 155 | 1531 | #define SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE 155 | 
| 1527 | #define SSL_F_SSL3_SETUP_BUFFERS 156 | 1532 | #define SSL_F_SSL3_SETUP_BUFFERS 156 | 
| 1528 | #define SSL_F_SSL3_SETUP_KEY_BLOCK 157 | 1533 | #define SSL_F_SSL3_SETUP_KEY_BLOCK 157 | 
| @@ -1747,6 +1752,7 @@ void ERR_load_SSL_strings(void); | |||
| 1747 | #define SSL_R_SHORT_READ 219 | 1752 | #define SSL_R_SHORT_READ 219 | 
| 1748 | #define SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE 220 | 1753 | #define SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE 220 | 
| 1749 | #define SSL_R_SSL23_DOING_SESSION_ID_REUSE 221 | 1754 | #define SSL_R_SSL23_DOING_SESSION_ID_REUSE 221 | 
| 1755 | #define SSL_R_SSL2_CONNECTION_ID_TOO_LONG 1114 | ||
| 1750 | #define SSL_R_SSL3_SESSION_ID_TOO_LONG 1113 | 1756 | #define SSL_R_SSL3_SESSION_ID_TOO_LONG 1113 | 
| 1751 | #define SSL_R_SSL3_SESSION_ID_TOO_SHORT 222 | 1757 | #define SSL_R_SSL3_SESSION_ID_TOO_SHORT 222 | 
| 1752 | #define SSL_R_SSLV3_ALERT_BAD_CERTIFICATE 1042 | 1758 | #define SSL_R_SSLV3_ALERT_BAD_CERTIFICATE 1042 | 
| diff --git a/src/lib/libssl/src/ssl/ssl_asn1.c b/src/lib/libssl/src/ssl/ssl_asn1.c index 1638c6b525..3723fc2e37 100644 --- a/src/lib/libssl/src/ssl/ssl_asn1.c +++ b/src/lib/libssl/src/ssl/ssl_asn1.c | |||
| @@ -294,10 +294,11 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, unsigned char **pp, | |||
| 294 | i=SSL2_MAX_SSL_SESSION_ID_LENGTH; | 294 | i=SSL2_MAX_SSL_SESSION_ID_LENGTH; | 
| 295 | 295 | ||
| 296 | if (os.length > i) | 296 | if (os.length > i) | 
| 297 | os.length=i; | 297 | os.length = i; | 
| 298 | if (os.length > sizeof ret->session_id) /* can't happen */ | ||
| 299 | os.length = sizeof ret->session_id; | ||
| 298 | 300 | ||
| 299 | ret->session_id_length=os.length; | 301 | ret->session_id_length=os.length; | 
| 300 | die(os.length <= sizeof ret->session_id); | ||
| 301 | memcpy(ret->session_id,os.data,os.length); | 302 | memcpy(ret->session_id,os.data,os.length); | 
| 302 | 303 | ||
| 303 | M_ASN1_D2I_get(osp,d2i_ASN1_OCTET_STRING); | 304 | M_ASN1_D2I_get(osp,d2i_ASN1_OCTET_STRING); | 
| diff --git a/src/lib/libssl/src/ssl/ssl_err.c b/src/lib/libssl/src/ssl/ssl_err.c index 0cad32c855..7067a745f3 100644 --- a/src/lib/libssl/src/ssl/ssl_err.c +++ b/src/lib/libssl/src/ssl/ssl_err.c | |||
| @@ -67,6 +67,7 @@ | |||
| 67 | static ERR_STRING_DATA SSL_str_functs[]= | 67 | static ERR_STRING_DATA SSL_str_functs[]= | 
| 68 | { | 68 | { | 
| 69 | {ERR_PACK(0,SSL_F_CLIENT_CERTIFICATE,0), "CLIENT_CERTIFICATE"}, | 69 | {ERR_PACK(0,SSL_F_CLIENT_CERTIFICATE,0), "CLIENT_CERTIFICATE"}, | 
| 70 | {ERR_PACK(0,SSL_F_CLIENT_FINISHED,0), "CLIENT_FINISHED"}, | ||
| 70 | {ERR_PACK(0,SSL_F_CLIENT_HELLO,0), "CLIENT_HELLO"}, | 71 | {ERR_PACK(0,SSL_F_CLIENT_HELLO,0), "CLIENT_HELLO"}, | 
| 71 | {ERR_PACK(0,SSL_F_CLIENT_MASTER_KEY,0), "CLIENT_MASTER_KEY"}, | 72 | {ERR_PACK(0,SSL_F_CLIENT_MASTER_KEY,0), "CLIENT_MASTER_KEY"}, | 
| 72 | {ERR_PACK(0,SSL_F_D2I_SSL_SESSION,0), "d2i_SSL_SESSION"}, | 73 | {ERR_PACK(0,SSL_F_D2I_SSL_SESSION,0), "d2i_SSL_SESSION"}, | 
| @@ -80,7 +81,9 @@ static ERR_STRING_DATA SSL_str_functs[]= | |||
| 80 | {ERR_PACK(0,SSL_F_I2D_SSL_SESSION,0), "i2d_SSL_SESSION"}, | 81 | {ERR_PACK(0,SSL_F_I2D_SSL_SESSION,0), "i2d_SSL_SESSION"}, | 
| 81 | {ERR_PACK(0,SSL_F_READ_N,0), "READ_N"}, | 82 | {ERR_PACK(0,SSL_F_READ_N,0), "READ_N"}, | 
| 82 | {ERR_PACK(0,SSL_F_REQUEST_CERTIFICATE,0), "REQUEST_CERTIFICATE"}, | 83 | {ERR_PACK(0,SSL_F_REQUEST_CERTIFICATE,0), "REQUEST_CERTIFICATE"}, | 
| 84 | {ERR_PACK(0,SSL_F_SERVER_FINISH,0), "SERVER_FINISH"}, | ||
| 83 | {ERR_PACK(0,SSL_F_SERVER_HELLO,0), "SERVER_HELLO"}, | 85 | {ERR_PACK(0,SSL_F_SERVER_HELLO,0), "SERVER_HELLO"}, | 
| 86 | {ERR_PACK(0,SSL_F_SERVER_VERIFY,0), "SERVER_VERIFY"}, | ||
| 84 | {ERR_PACK(0,SSL_F_SSL23_ACCEPT,0), "SSL23_ACCEPT"}, | 87 | {ERR_PACK(0,SSL_F_SSL23_ACCEPT,0), "SSL23_ACCEPT"}, | 
| 85 | {ERR_PACK(0,SSL_F_SSL23_CLIENT_HELLO,0), "SSL23_CLIENT_HELLO"}, | 88 | {ERR_PACK(0,SSL_F_SSL23_CLIENT_HELLO,0), "SSL23_CLIENT_HELLO"}, | 
| 86 | {ERR_PACK(0,SSL_F_SSL23_CONNECT,0), "SSL23_CONNECT"}, | 89 | {ERR_PACK(0,SSL_F_SSL23_CONNECT,0), "SSL23_CONNECT"}, | 
| @@ -92,6 +95,7 @@ static ERR_STRING_DATA SSL_str_functs[]= | |||
| 92 | {ERR_PACK(0,SSL_F_SSL2_ACCEPT,0), "SSL2_ACCEPT"}, | 95 | {ERR_PACK(0,SSL_F_SSL2_ACCEPT,0), "SSL2_ACCEPT"}, | 
| 93 | {ERR_PACK(0,SSL_F_SSL2_CONNECT,0), "SSL2_CONNECT"}, | 96 | {ERR_PACK(0,SSL_F_SSL2_CONNECT,0), "SSL2_CONNECT"}, | 
| 94 | {ERR_PACK(0,SSL_F_SSL2_ENC_INIT,0), "SSL2_ENC_INIT"}, | 97 | {ERR_PACK(0,SSL_F_SSL2_ENC_INIT,0), "SSL2_ENC_INIT"}, | 
| 98 | {ERR_PACK(0,SSL_F_SSL2_GENERATE_KEY_MATERIAL,0), "SSL2_GENERATE_KEY_MATERIAL"}, | ||
| 95 | {ERR_PACK(0,SSL_F_SSL2_PEEK,0), "SSL2_PEEK"}, | 99 | {ERR_PACK(0,SSL_F_SSL2_PEEK,0), "SSL2_PEEK"}, | 
| 96 | {ERR_PACK(0,SSL_F_SSL2_READ,0), "SSL2_READ"}, | 100 | {ERR_PACK(0,SSL_F_SSL2_READ,0), "SSL2_READ"}, | 
| 97 | {ERR_PACK(0,SSL_F_SSL2_READ_INTERNAL,0), "SSL2_READ_INTERNAL"}, | 101 | {ERR_PACK(0,SSL_F_SSL2_READ_INTERNAL,0), "SSL2_READ_INTERNAL"}, | 
| @@ -128,6 +132,7 @@ static ERR_STRING_DATA SSL_str_functs[]= | |||
| 128 | {ERR_PACK(0,SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,0), "SSL3_SEND_CLIENT_KEY_EXCHANGE"}, | 132 | {ERR_PACK(0,SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,0), "SSL3_SEND_CLIENT_KEY_EXCHANGE"}, | 
| 129 | {ERR_PACK(0,SSL_F_SSL3_SEND_CLIENT_VERIFY,0), "SSL3_SEND_CLIENT_VERIFY"}, | 133 | {ERR_PACK(0,SSL_F_SSL3_SEND_CLIENT_VERIFY,0), "SSL3_SEND_CLIENT_VERIFY"}, | 
| 130 | {ERR_PACK(0,SSL_F_SSL3_SEND_SERVER_CERTIFICATE,0), "SSL3_SEND_SERVER_CERTIFICATE"}, | 134 | {ERR_PACK(0,SSL_F_SSL3_SEND_SERVER_CERTIFICATE,0), "SSL3_SEND_SERVER_CERTIFICATE"}, | 
| 135 | {ERR_PACK(0,SSL_F_SSL3_SEND_SERVER_HELLO,0), "SSL3_SEND_SERVER_HELLO"}, | ||
| 131 | {ERR_PACK(0,SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,0), "SSL3_SEND_SERVER_KEY_EXCHANGE"}, | 136 | {ERR_PACK(0,SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,0), "SSL3_SEND_SERVER_KEY_EXCHANGE"}, | 
| 132 | {ERR_PACK(0,SSL_F_SSL3_SETUP_BUFFERS,0), "SSL3_SETUP_BUFFERS"}, | 137 | {ERR_PACK(0,SSL_F_SSL3_SETUP_BUFFERS,0), "SSL3_SETUP_BUFFERS"}, | 
| 133 | {ERR_PACK(0,SSL_F_SSL3_SETUP_KEY_BLOCK,0), "SSL3_SETUP_KEY_BLOCK"}, | 138 | {ERR_PACK(0,SSL_F_SSL3_SETUP_KEY_BLOCK,0), "SSL3_SETUP_KEY_BLOCK"}, | 
| @@ -355,6 +360,7 @@ static ERR_STRING_DATA SSL_str_reasons[]= | |||
| 355 | {SSL_R_SHORT_READ ,"short read"}, | 360 | {SSL_R_SHORT_READ ,"short read"}, | 
| 356 | {SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE,"signature for non signing certificate"}, | 361 | {SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE,"signature for non signing certificate"}, | 
| 357 | {SSL_R_SSL23_DOING_SESSION_ID_REUSE ,"ssl23 doing session id reuse"}, | 362 | {SSL_R_SSL23_DOING_SESSION_ID_REUSE ,"ssl23 doing session id reuse"}, | 
| 363 | {SSL_R_SSL2_CONNECTION_ID_TOO_LONG ,"ssl2 connection id too long"}, | ||
| 358 | {SSL_R_SSL3_SESSION_ID_TOO_LONG ,"ssl3 session id too long"}, | 364 | {SSL_R_SSL3_SESSION_ID_TOO_LONG ,"ssl3 session id too long"}, | 
| 359 | {SSL_R_SSL3_SESSION_ID_TOO_SHORT ,"ssl3 session id too short"}, | 365 | {SSL_R_SSL3_SESSION_ID_TOO_SHORT ,"ssl3 session id too short"}, | 
| 360 | {SSL_R_SSLV3_ALERT_BAD_CERTIFICATE ,"sslv3 alert bad certificate"}, | 366 | {SSL_R_SSLV3_ALERT_BAD_CERTIFICATE ,"sslv3 alert bad certificate"}, | 
| diff --git a/src/lib/libssl/src/ssl/ssl_lib.c b/src/lib/libssl/src/ssl/ssl_lib.c index ab172aeaec..4bc4ce5b3a 100644 --- a/src/lib/libssl/src/ssl/ssl_lib.c +++ b/src/lib/libssl/src/ssl/ssl_lib.c | |||
| @@ -1405,13 +1405,24 @@ void SSL_CTX_free(SSL_CTX *a) | |||
| 1405 | abort(); /* ok */ | 1405 | abort(); /* ok */ | 
| 1406 | } | 1406 | } | 
| 1407 | #endif | 1407 | #endif | 
| 1408 | CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_CTX, a, &a->ex_data); | ||
| 1409 | 1408 | ||
| 1409 | /* | ||
| 1410 | * Free internal session cache. However: the remove_cb() may reference | ||
| 1411 | * the ex_data of SSL_CTX, thus the ex_data store can only be removed | ||
| 1412 | * after the sessions were flushed. | ||
| 1413 | * As the ex_data handling routines might also touch the session cache, | ||
| 1414 | * the most secure solution seems to be: empty (flush) the cache, then | ||
| 1415 | * free ex_data, then finally free the cache. | ||
| 1416 | * (See ticket [openssl.org #212].) | ||
| 1417 | */ | ||
| 1410 | if (a->sessions != NULL) | 1418 | if (a->sessions != NULL) | 
| 1411 | { | ||
| 1412 | SSL_CTX_flush_sessions(a,0); | 1419 | SSL_CTX_flush_sessions(a,0); | 
| 1420 | |||
| 1421 | CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_CTX, a, &a->ex_data); | ||
| 1422 | |||
| 1423 | if (a->sessions != NULL) | ||
| 1413 | lh_free(a->sessions); | 1424 | lh_free(a->sessions); | 
| 1414 | } | 1425 | |
| 1415 | if (a->cert_store != NULL) | 1426 | if (a->cert_store != NULL) | 
| 1416 | X509_STORE_free(a->cert_store); | 1427 | X509_STORE_free(a->cert_store); | 
| 1417 | if (a->cipher_list != NULL) | 1428 | if (a->cipher_list != NULL) | 
| diff --git a/src/lib/libssl/src/ssl/ssl_locl.h b/src/lib/libssl/src/ssl/ssl_locl.h index fe4ac839cf..dd6c7a7323 100644 --- a/src/lib/libssl/src/ssl/ssl_locl.h +++ b/src/lib/libssl/src/ssl/ssl_locl.h | |||
| @@ -510,7 +510,7 @@ STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s); | |||
| 510 | int ssl_verify_alarm_type(long type); | 510 | int ssl_verify_alarm_type(long type); | 
| 511 | 511 | ||
| 512 | int ssl2_enc_init(SSL *s, int client); | 512 | int ssl2_enc_init(SSL *s, int client); | 
| 513 | void ssl2_generate_key_material(SSL *s); | 513 | int ssl2_generate_key_material(SSL *s); | 
| 514 | void ssl2_enc(SSL *s,int send_data); | 514 | void ssl2_enc(SSL *s,int send_data); | 
| 515 | void ssl2_mac(SSL *s,unsigned char *mac,int send_data); | 515 | void ssl2_mac(SSL *s,unsigned char *mac,int send_data); | 
| 516 | SSL_CIPHER *ssl2_get_cipher_by_char(const unsigned char *p); | 516 | SSL_CIPHER *ssl2_get_cipher_by_char(const unsigned char *p); | 
| diff --git a/src/lib/libssl/src/ssl/ssl_sess.c b/src/lib/libssl/src/ssl/ssl_sess.c index 8bfc382bb6..ca1a7427be 100644 --- a/src/lib/libssl/src/ssl/ssl_sess.c +++ b/src/lib/libssl/src/ssl/ssl_sess.c | |||
| @@ -251,7 +251,12 @@ int ssl_get_new_session(SSL *s, int session) | |||
| 251 | ss->session_id_length=0; | 251 | ss->session_id_length=0; | 
| 252 | } | 252 | } | 
| 253 | 253 | ||
| 254 | die(s->sid_ctx_length <= sizeof ss->sid_ctx); | 254 | if (s->sid_ctx_length > sizeof ss->sid_ctx) | 
| 255 | { | ||
| 256 | SSLerr(SSL_F_SSL_GET_NEW_SESSION, ERR_R_INTERNAL_ERROR); | ||
| 257 | SSL_SESSION_free(ss); | ||
| 258 | return 0; | ||
| 259 | } | ||
| 255 | memcpy(ss->sid_ctx,s->sid_ctx,s->sid_ctx_length); | 260 | memcpy(ss->sid_ctx,s->sid_ctx,s->sid_ctx_length); | 
| 256 | ss->sid_ctx_length=s->sid_ctx_length; | 261 | ss->sid_ctx_length=s->sid_ctx_length; | 
| 257 | s->session=ss; | 262 | s->session=ss; | 
| diff --git a/src/lib/libssl/src/ssl/ssltest.c b/src/lib/libssl/src/ssl/ssltest.c index 1afdfa7750..4f6379e160 100644 --- a/src/lib/libssl/src/ssl/ssltest.c +++ b/src/lib/libssl/src/ssl/ssltest.c | |||
| @@ -400,12 +400,22 @@ int main(int argc, char *argv[]) | |||
| 400 | debug=1; | 400 | debug=1; | 
| 401 | else if (strcmp(*argv,"-reuse") == 0) | 401 | else if (strcmp(*argv,"-reuse") == 0) | 
| 402 | reuse=1; | 402 | reuse=1; | 
| 403 | #ifndef OPENSSL_NO_DH | ||
| 404 | else if (strcmp(*argv,"-dhe1024") == 0) | 403 | else if (strcmp(*argv,"-dhe1024") == 0) | 
| 404 | { | ||
| 405 | #ifndef OPENSSL_NO_DH | ||
| 405 | dhe1024=1; | 406 | dhe1024=1; | 
| 407 | #else | ||
| 408 | fprintf(stderr,"ignoring -dhe1024, since I'm compiled without DH\n"; | ||
| 409 | #endif | ||
| 410 | } | ||
| 406 | else if (strcmp(*argv,"-dhe1024dsa") == 0) | 411 | else if (strcmp(*argv,"-dhe1024dsa") == 0) | 
| 412 | { | ||
| 413 | #ifndef OPENSSL_NO_DH | ||
| 407 | dhe1024dsa=1; | 414 | dhe1024dsa=1; | 
| 415 | #else | ||
| 416 | fprintf(stderr,"ignoring -dhe1024, since I'm compiled without DH\n"; | ||
| 408 | #endif | 417 | #endif | 
| 418 | } | ||
| 409 | else if (strcmp(*argv,"-no_dhe") == 0) | 419 | else if (strcmp(*argv,"-no_dhe") == 0) | 
| 410 | no_dhe=1; | 420 | no_dhe=1; | 
| 411 | else if (strcmp(*argv,"-ssl2") == 0) | 421 | else if (strcmp(*argv,"-ssl2") == 0) | 
| diff --git a/src/lib/libssl/src/test/dummytest.c b/src/lib/libssl/src/test/dummytest.c index f98f003ef9..5b4467e042 100644 --- a/src/lib/libssl/src/test/dummytest.c +++ b/src/lib/libssl/src/test/dummytest.c | |||
| @@ -8,7 +8,7 @@ | |||
| 8 | 8 | ||
| 9 | int main(int argc, char *argv[]) | 9 | int main(int argc, char *argv[]) | 
| 10 | { | 10 | { | 
| 11 | char *p, *q, *program; | 11 | char *p, *q = 0, *program; | 
| 12 | 12 | ||
| 13 | p = strrchr(argv[0], '/'); | 13 | p = strrchr(argv[0], '/'); | 
| 14 | if (!p) p = strrchr(argv[0], '\\'); | 14 | if (!p) p = strrchr(argv[0], '\\'); | 
| @@ -34,7 +34,8 @@ int main(int argc, char *argv[]) | |||
| 34 | } | 34 | } | 
| 35 | 35 | ||
| 36 | for(p = program; *p; p++) | 36 | for(p = program; *p; p++) | 
| 37 | if (islower(*p)) *p = toupper(*p); | 37 | if (islower((unsigned char)(*p))) | 
| 38 | *p = toupper((unsigned char)(*p)); | ||
| 38 | 39 | ||
| 39 | q = strstr(program, "TEST"); | 40 | q = strstr(program, "TEST"); | 
| 40 | if (q > p && q[-1] == '_') q--; | 41 | if (q > p && q[-1] == '_') q--; | 
| diff --git a/src/lib/libssl/src/test/maketests.com b/src/lib/libssl/src/test/maketests.com index b3bf8bb837..91e859deab 100644 --- a/src/lib/libssl/src/test/maketests.com +++ b/src/lib/libssl/src/test/maketests.com | |||
| @@ -887,7 +887,7 @@ $ CC = CC + "/DEFINE=(" + CCDEFS + ")" + CCDISABLEWARNINGS | |||
| 887 | $! | 887 | $! | 
| 888 | $! Show user the result | 888 | $! Show user the result | 
| 889 | $! | 889 | $! | 
| 890 | $ WRITE SYS$OUTPUT "Main Compiling Command: ",CC | 890 | $ WRITE/SYMBOL SYS$OUTPUT "Main Compiling Command: ",CC | 
| 891 | $! | 891 | $! | 
| 892 | $! Else The User Entered An Invalid Arguement. | 892 | $! Else The User Entered An Invalid Arguement. | 
| 893 | $! | 893 | $! | 
| diff --git a/src/lib/libssl/src/test/tcrl.com b/src/lib/libssl/src/test/tcrl.com index 2e6ab2814d..86bf9735aa 100644 --- a/src/lib/libssl/src/test/tcrl.com +++ b/src/lib/libssl/src/test/tcrl.com | |||
| @@ -13,7 +13,9 @@ $ write sys$output "testing CRL conversions" | |||
| 13 | $ if f$search("fff.*") .nes "" then delete fff.*;* | 13 | $ if f$search("fff.*") .nes "" then delete fff.*;* | 
| 14 | $ if f$search("ff.*") .nes "" then delete ff.*;* | 14 | $ if f$search("ff.*") .nes "" then delete ff.*;* | 
| 15 | $ if f$search("f.*") .nes "" then delete f.*;* | 15 | $ if f$search("f.*") .nes "" then delete f.*;* | 
| 16 | $ copy 't' fff.p | 16 | $ convert/fdl=sys$input: 't' fff.p | 
| 17 | RECORD | ||
| 18 | FORMAT STREAM_LF | ||
| 17 | $ | 19 | $ | 
| 18 | $ write sys$output "p -> d" | 20 | $ write sys$output "p -> d" | 
| 19 | $ 'cmd' -in fff.p -inform p -outform d -out f.d | 21 | $ 'cmd' -in fff.p -inform p -outform d -out f.d | 
| diff --git a/src/lib/libssl/src/test/testenc.com b/src/lib/libssl/src/test/testenc.com index 3b66f2e0d0..c24fa388c0 100644 --- a/src/lib/libssl/src/test/testenc.com +++ b/src/lib/libssl/src/test/testenc.com | |||
| @@ -9,7 +9,9 @@ $ test := p.txt | |||
| 9 | $ cmd := mcr 'exe_dir'openssl | 9 | $ cmd := mcr 'exe_dir'openssl | 
| 10 | $ | 10 | $ | 
| 11 | $ if f$search(test) .nes. "" then delete 'test';* | 11 | $ if f$search(test) .nes. "" then delete 'test';* | 
| 12 | $ copy 'testsrc' 'test' | 12 | $ convert/fdl=sys$input: 'testsrc' 'test' | 
| 13 | RECORD | ||
| 14 | FORMAT STREAM_LF | ||
| 13 | $ | 15 | $ | 
| 14 | $ if f$search(test+"-cipher") .nes. "" then delete 'test'-cipher;* | 16 | $ if f$search(test+"-cipher") .nes. "" then delete 'test'-cipher;* | 
| 15 | $ if f$search(test+"-clear") .nes. "" then delete 'test'-clear;* | 17 | $ if f$search(test+"-clear") .nes. "" then delete 'test'-clear;* | 
| diff --git a/src/lib/libssl/src/test/tpkcs7.com b/src/lib/libssl/src/test/tpkcs7.com index 9e345937c6..047834fba4 100644 --- a/src/lib/libssl/src/test/tpkcs7.com +++ b/src/lib/libssl/src/test/tpkcs7.com | |||
| @@ -13,7 +13,9 @@ $ write sys$output "testing PKCS7 conversions" | |||
| 13 | $ if f$search("fff.*") .nes "" then delete fff.*;* | 13 | $ if f$search("fff.*") .nes "" then delete fff.*;* | 
| 14 | $ if f$search("ff.*") .nes "" then delete ff.*;* | 14 | $ if f$search("ff.*") .nes "" then delete ff.*;* | 
| 15 | $ if f$search("f.*") .nes "" then delete f.*;* | 15 | $ if f$search("f.*") .nes "" then delete f.*;* | 
| 16 | $ copy 't' fff.p | 16 | $ convert/fdl=sys$input: 't' fff.p | 
| 17 | RECORD | ||
| 18 | FORMAT STREAM_LF | ||
| 17 | $ | 19 | $ | 
| 18 | $ write sys$output "p -> d" | 20 | $ write sys$output "p -> d" | 
| 19 | $ 'cmd' -in fff.p -inform p -outform d -out f.d | 21 | $ 'cmd' -in fff.p -inform p -outform d -out f.d | 
| diff --git a/src/lib/libssl/src/test/tpkcs7d.com b/src/lib/libssl/src/test/tpkcs7d.com index 7d4f8794a4..193bb72137 100644 --- a/src/lib/libssl/src/test/tpkcs7d.com +++ b/src/lib/libssl/src/test/tpkcs7d.com | |||
| @@ -13,7 +13,9 @@ $ write sys$output "testing PKCS7 conversions (2)" | |||
| 13 | $ if f$search("fff.*") .nes "" then delete fff.*;* | 13 | $ if f$search("fff.*") .nes "" then delete fff.*;* | 
| 14 | $ if f$search("ff.*") .nes "" then delete ff.*;* | 14 | $ if f$search("ff.*") .nes "" then delete ff.*;* | 
| 15 | $ if f$search("f.*") .nes "" then delete f.*;* | 15 | $ if f$search("f.*") .nes "" then delete f.*;* | 
| 16 | $ copy 't' fff.p | 16 | $ convert/fdl=sys$input: 't' fff.p | 
| 17 | RECORD | ||
| 18 | FORMAT STREAM_LF | ||
| 17 | $ | 19 | $ | 
| 18 | $ write sys$output "p -> d" | 20 | $ write sys$output "p -> d" | 
| 19 | $ 'cmd' -in fff.p -inform p -outform d -out f.d | 21 | $ 'cmd' -in fff.p -inform p -outform d -out f.d | 
| diff --git a/src/lib/libssl/src/test/treq.com b/src/lib/libssl/src/test/treq.com index 22c22c3aa9..5524e485ba 100644 --- a/src/lib/libssl/src/test/treq.com +++ b/src/lib/libssl/src/test/treq.com | |||
| @@ -13,7 +13,9 @@ $ write sys$output "testing req conversions" | |||
| 13 | $ if f$search("fff.*") .nes "" then delete fff.*;* | 13 | $ if f$search("fff.*") .nes "" then delete fff.*;* | 
| 14 | $ if f$search("ff.*") .nes "" then delete ff.*;* | 14 | $ if f$search("ff.*") .nes "" then delete ff.*;* | 
| 15 | $ if f$search("f.*") .nes "" then delete f.*;* | 15 | $ if f$search("f.*") .nes "" then delete f.*;* | 
| 16 | $ copy 't' fff.p | 16 | $ convert/fdl=sys$input: 't' fff.p | 
| 17 | RECORD | ||
| 18 | FORMAT STREAM_LF | ||
| 17 | $ | 19 | $ | 
| 18 | $ write sys$output "p -> d" | 20 | $ write sys$output "p -> d" | 
| 19 | $ 'cmd' -in fff.p -inform p -outform d -out f.d | 21 | $ 'cmd' -in fff.p -inform p -outform d -out f.d | 
| diff --git a/src/lib/libssl/src/test/trsa.com b/src/lib/libssl/src/test/trsa.com index 6b6c318e2b..6dbe59ef64 100644 --- a/src/lib/libssl/src/test/trsa.com +++ b/src/lib/libssl/src/test/trsa.com | |||
| @@ -24,7 +24,9 @@ $ write sys$output "testing RSA conversions" | |||
| 24 | $ if f$search("fff.*") .nes "" then delete fff.*;* | 24 | $ if f$search("fff.*") .nes "" then delete fff.*;* | 
| 25 | $ if f$search("ff.*") .nes "" then delete ff.*;* | 25 | $ if f$search("ff.*") .nes "" then delete ff.*;* | 
| 26 | $ if f$search("f.*") .nes "" then delete f.*;* | 26 | $ if f$search("f.*") .nes "" then delete f.*;* | 
| 27 | $ copy 't' fff.p | 27 | $ convert/fdl=sys$input: 't' fff.p | 
| 28 | RECORD | ||
| 29 | FORMAT STREAM_LF | ||
| 28 | $ | 30 | $ | 
| 29 | $ write sys$output "p -> d" | 31 | $ write sys$output "p -> d" | 
| 30 | $ 'cmd' -in fff.p -inform p -outform d -out f.d | 32 | $ 'cmd' -in fff.p -inform p -outform d -out f.d | 
| diff --git a/src/lib/libssl/src/test/tsid.com b/src/lib/libssl/src/test/tsid.com index bde23f9bb9..abd1d4d737 100644 --- a/src/lib/libssl/src/test/tsid.com +++ b/src/lib/libssl/src/test/tsid.com | |||
| @@ -13,7 +13,9 @@ $ write sys$output "testing session-id conversions" | |||
| 13 | $ if f$search("fff.*") .nes "" then delete fff.*;* | 13 | $ if f$search("fff.*") .nes "" then delete fff.*;* | 
| 14 | $ if f$search("ff.*") .nes "" then delete ff.*;* | 14 | $ if f$search("ff.*") .nes "" then delete ff.*;* | 
| 15 | $ if f$search("f.*") .nes "" then delete f.*;* | 15 | $ if f$search("f.*") .nes "" then delete f.*;* | 
| 16 | $ copy 't' fff.p | 16 | $ convert/fdl=sys$input: 't' fff.p | 
| 17 | RECORD | ||
| 18 | FORMAT STREAM_LF | ||
| 17 | $ | 19 | $ | 
| 18 | $ write sys$output "p -> d" | 20 | $ write sys$output "p -> d" | 
| 19 | $ 'cmd' -in fff.p -inform p -outform d -out f.d | 21 | $ 'cmd' -in fff.p -inform p -outform d -out f.d | 
| diff --git a/src/lib/libssl/src/test/tx509.com b/src/lib/libssl/src/test/tx509.com index 985969c566..7b2592f773 100644 --- a/src/lib/libssl/src/test/tx509.com +++ b/src/lib/libssl/src/test/tx509.com | |||
| @@ -13,7 +13,9 @@ $ write sys$output "testing X509 conversions" | |||
| 13 | $ if f$search("fff.*") .nes "" then delete fff.*;* | 13 | $ if f$search("fff.*") .nes "" then delete fff.*;* | 
| 14 | $ if f$search("ff.*") .nes "" then delete ff.*;* | 14 | $ if f$search("ff.*") .nes "" then delete ff.*;* | 
| 15 | $ if f$search("f.*") .nes "" then delete f.*;* | 15 | $ if f$search("f.*") .nes "" then delete f.*;* | 
| 16 | $ copy 't' fff.p | 16 | $ convert/fdl=sys$input: 't' fff.p | 
| 17 | RECORD | ||
| 18 | FORMAT STREAM_LF | ||
| 17 | $ | 19 | $ | 
| 18 | $ write sys$output "p -> d" | 20 | $ write sys$output "p -> d" | 
| 19 | $ 'cmd' -in fff.p -inform p -outform d -out f.d | 21 | $ 'cmd' -in fff.p -inform p -outform d -out f.d | 
| diff --git a/src/lib/libssl/src/util/libeay.num b/src/lib/libssl/src/util/libeay.num index 512185e257..7e5728495f 100644 --- a/src/lib/libssl/src/util/libeay.num +++ b/src/lib/libssl/src/util/libeay.num | |||
| @@ -2792,3 +2792,4 @@ ASN1_UNIVERSALSTRING_it 3234 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIA | |||
| 2792 | ASN1_UNIVERSALSTRING_it 3234 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: | 2792 | ASN1_UNIVERSALSTRING_it 3234 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: | 
| 2793 | d2i_ASN1_UNIVERSALSTRING 3235 EXIST::FUNCTION: | 2793 | d2i_ASN1_UNIVERSALSTRING 3235 EXIST::FUNCTION: | 
| 2794 | EVP_des_ede3_ecb 3236 EXIST::FUNCTION:DES | 2794 | EVP_des_ede3_ecb 3236 EXIST::FUNCTION:DES | 
| 2795 | X509_REQ_print_ex 3237 EXIST::FUNCTION:BIO | ||
| diff --git a/src/lib/libssl/src/util/pod2mantest b/src/lib/libssl/src/util/pod2mantest index e01c6192a7..412ca8d6d8 100644 --- a/src/lib/libssl/src/util/pod2mantest +++ b/src/lib/libssl/src/util/pod2mantest | |||
| @@ -12,7 +12,8 @@ | |||
| 12 | 12 | ||
| 13 | IFS=: | 13 | IFS=: | 
| 14 | if test "$OSTYPE" = "msdosdjgpp"; then IFS=";"; fi | 14 | if test "$OSTYPE" = "msdosdjgpp"; then IFS=";"; fi | 
| 15 | try_without_dir=false | 15 | |
| 16 | try_without_dir=true | ||
| 16 | # First we try "pod2man", then "$dir/pod2man" for each item in $PATH. | 17 | # First we try "pod2man", then "$dir/pod2man" for each item in $PATH. | 
| 17 | for dir in dummy${IFS}$PATH; do | 18 | for dir in dummy${IFS}$PATH; do | 
| 18 | if [ "$try_without_dir" = true ]; then | 19 | if [ "$try_without_dir" = true ]; then | 
| @@ -30,9 +31,16 @@ for dir in dummy${IFS}$PATH; do | |||
| 30 | if [ ! "$pod2man" = '' ]; then | 31 | if [ ! "$pod2man" = '' ]; then | 
| 31 | failure=none | 32 | failure=none | 
| 32 | 33 | ||
| 34 | if "$pod2man" --section=1 --center=OpenSSL --release=dev pod2mantest.pod | fgrep OpenSSL >/dev/null; then | ||
| 35 | : | ||
| 36 | else | ||
| 37 | failure=BasicTest | ||
| 38 | fi | ||
| 33 | 39 | ||
| 34 | if "$pod2man" --section=1 --center=OpenSSL --release=dev pod2mantest.pod | grep '^MARKER - ' >/dev/null 2>&1; then | 40 | if [ "$failure" = none ]; then | 
| 35 | failure=MultilineTest | 41 | if "$pod2man" --section=1 --center=OpenSSL --release=dev pod2mantest.pod | grep '^MARKER - ' >/dev/null; then | 
| 42 | failure=MultilineTest | ||
| 43 | fi | ||
| 36 | fi | 44 | fi | 
| 37 | 45 | ||
| 38 | 46 | ||
| @@ -46,9 +54,5 @@ for dir in dummy${IFS}$PATH; do | |||
| 46 | done | 54 | done | 
| 47 | 55 | ||
| 48 | echo "No working pod2man found. Consider installing a new version." >&2 | 56 | echo "No working pod2man found. Consider installing a new version." >&2 | 
| 49 | if [ "$1" = ignore ]; then | 57 | echo "As a workaround, we'll use a bundled old copy of pod2man.pl." >&2 | 
| 50 | echo "As a workaround, we'll use a bundled old copy of pod2man.pl." >&2 | 58 | echo "$1 ../../util/pod2man.pl" | 
| 51 | echo "../../util/pod2man.pl" | ||
| 52 | exit 0 | ||
| 53 | fi | ||
| 54 | exit 1 | ||
| diff --git a/src/lib/libssl/test/dummytest.c b/src/lib/libssl/test/dummytest.c index f98f003ef9..5b4467e042 100644 --- a/src/lib/libssl/test/dummytest.c +++ b/src/lib/libssl/test/dummytest.c | |||
| @@ -8,7 +8,7 @@ | |||
| 8 | 8 | ||
| 9 | int main(int argc, char *argv[]) | 9 | int main(int argc, char *argv[]) | 
| 10 | { | 10 | { | 
| 11 | char *p, *q, *program; | 11 | char *p, *q = 0, *program; | 
| 12 | 12 | ||
| 13 | p = strrchr(argv[0], '/'); | 13 | p = strrchr(argv[0], '/'); | 
| 14 | if (!p) p = strrchr(argv[0], '\\'); | 14 | if (!p) p = strrchr(argv[0], '\\'); | 
| @@ -34,7 +34,8 @@ int main(int argc, char *argv[]) | |||
| 34 | } | 34 | } | 
| 35 | 35 | ||
| 36 | for(p = program; *p; p++) | 36 | for(p = program; *p; p++) | 
| 37 | if (islower(*p)) *p = toupper(*p); | 37 | if (islower((unsigned char)(*p))) | 
| 38 | *p = toupper((unsigned char)(*p)); | ||
| 38 | 39 | ||
| 39 | q = strstr(program, "TEST"); | 40 | q = strstr(program, "TEST"); | 
| 40 | if (q > p && q[-1] == '_') q--; | 41 | if (q > p && q[-1] == '_') q--; | 
| diff --git a/src/lib/libssl/test/maketests.com b/src/lib/libssl/test/maketests.com index b3bf8bb837..91e859deab 100644 --- a/src/lib/libssl/test/maketests.com +++ b/src/lib/libssl/test/maketests.com | |||
| @@ -887,7 +887,7 @@ $ CC = CC + "/DEFINE=(" + CCDEFS + ")" + CCDISABLEWARNINGS | |||
| 887 | $! | 887 | $! | 
| 888 | $! Show user the result | 888 | $! Show user the result | 
| 889 | $! | 889 | $! | 
| 890 | $ WRITE SYS$OUTPUT "Main Compiling Command: ",CC | 890 | $ WRITE/SYMBOL SYS$OUTPUT "Main Compiling Command: ",CC | 
| 891 | $! | 891 | $! | 
| 892 | $! Else The User Entered An Invalid Arguement. | 892 | $! Else The User Entered An Invalid Arguement. | 
| 893 | $! | 893 | $! | 
| diff --git a/src/lib/libssl/test/tcrl.com b/src/lib/libssl/test/tcrl.com index 2e6ab2814d..86bf9735aa 100644 --- a/src/lib/libssl/test/tcrl.com +++ b/src/lib/libssl/test/tcrl.com | |||
| @@ -13,7 +13,9 @@ $ write sys$output "testing CRL conversions" | |||
| 13 | $ if f$search("fff.*") .nes "" then delete fff.*;* | 13 | $ if f$search("fff.*") .nes "" then delete fff.*;* | 
| 14 | $ if f$search("ff.*") .nes "" then delete ff.*;* | 14 | $ if f$search("ff.*") .nes "" then delete ff.*;* | 
| 15 | $ if f$search("f.*") .nes "" then delete f.*;* | 15 | $ if f$search("f.*") .nes "" then delete f.*;* | 
| 16 | $ copy 't' fff.p | 16 | $ convert/fdl=sys$input: 't' fff.p | 
| 17 | RECORD | ||
| 18 | FORMAT STREAM_LF | ||
| 17 | $ | 19 | $ | 
| 18 | $ write sys$output "p -> d" | 20 | $ write sys$output "p -> d" | 
| 19 | $ 'cmd' -in fff.p -inform p -outform d -out f.d | 21 | $ 'cmd' -in fff.p -inform p -outform d -out f.d | 
| diff --git a/src/lib/libssl/test/testenc.com b/src/lib/libssl/test/testenc.com index 3b66f2e0d0..c24fa388c0 100644 --- a/src/lib/libssl/test/testenc.com +++ b/src/lib/libssl/test/testenc.com | |||
| @@ -9,7 +9,9 @@ $ test := p.txt | |||
| 9 | $ cmd := mcr 'exe_dir'openssl | 9 | $ cmd := mcr 'exe_dir'openssl | 
| 10 | $ | 10 | $ | 
| 11 | $ if f$search(test) .nes. "" then delete 'test';* | 11 | $ if f$search(test) .nes. "" then delete 'test';* | 
| 12 | $ copy 'testsrc' 'test' | 12 | $ convert/fdl=sys$input: 'testsrc' 'test' | 
| 13 | RECORD | ||
| 14 | FORMAT STREAM_LF | ||
| 13 | $ | 15 | $ | 
| 14 | $ if f$search(test+"-cipher") .nes. "" then delete 'test'-cipher;* | 16 | $ if f$search(test+"-cipher") .nes. "" then delete 'test'-cipher;* | 
| 15 | $ if f$search(test+"-clear") .nes. "" then delete 'test'-clear;* | 17 | $ if f$search(test+"-clear") .nes. "" then delete 'test'-clear;* | 
| diff --git a/src/lib/libssl/test/tpkcs7.com b/src/lib/libssl/test/tpkcs7.com index 9e345937c6..047834fba4 100644 --- a/src/lib/libssl/test/tpkcs7.com +++ b/src/lib/libssl/test/tpkcs7.com | |||
| @@ -13,7 +13,9 @@ $ write sys$output "testing PKCS7 conversions" | |||
| 13 | $ if f$search("fff.*") .nes "" then delete fff.*;* | 13 | $ if f$search("fff.*") .nes "" then delete fff.*;* | 
| 14 | $ if f$search("ff.*") .nes "" then delete ff.*;* | 14 | $ if f$search("ff.*") .nes "" then delete ff.*;* | 
| 15 | $ if f$search("f.*") .nes "" then delete f.*;* | 15 | $ if f$search("f.*") .nes "" then delete f.*;* | 
| 16 | $ copy 't' fff.p | 16 | $ convert/fdl=sys$input: 't' fff.p | 
| 17 | RECORD | ||
| 18 | FORMAT STREAM_LF | ||
| 17 | $ | 19 | $ | 
| 18 | $ write sys$output "p -> d" | 20 | $ write sys$output "p -> d" | 
| 19 | $ 'cmd' -in fff.p -inform p -outform d -out f.d | 21 | $ 'cmd' -in fff.p -inform p -outform d -out f.d | 
| diff --git a/src/lib/libssl/test/tpkcs7d.com b/src/lib/libssl/test/tpkcs7d.com index 7d4f8794a4..193bb72137 100644 --- a/src/lib/libssl/test/tpkcs7d.com +++ b/src/lib/libssl/test/tpkcs7d.com | |||
| @@ -13,7 +13,9 @@ $ write sys$output "testing PKCS7 conversions (2)" | |||
| 13 | $ if f$search("fff.*") .nes "" then delete fff.*;* | 13 | $ if f$search("fff.*") .nes "" then delete fff.*;* | 
| 14 | $ if f$search("ff.*") .nes "" then delete ff.*;* | 14 | $ if f$search("ff.*") .nes "" then delete ff.*;* | 
| 15 | $ if f$search("f.*") .nes "" then delete f.*;* | 15 | $ if f$search("f.*") .nes "" then delete f.*;* | 
| 16 | $ copy 't' fff.p | 16 | $ convert/fdl=sys$input: 't' fff.p | 
| 17 | RECORD | ||
| 18 | FORMAT STREAM_LF | ||
| 17 | $ | 19 | $ | 
| 18 | $ write sys$output "p -> d" | 20 | $ write sys$output "p -> d" | 
| 19 | $ 'cmd' -in fff.p -inform p -outform d -out f.d | 21 | $ 'cmd' -in fff.p -inform p -outform d -out f.d | 
| diff --git a/src/lib/libssl/test/treq.com b/src/lib/libssl/test/treq.com index 22c22c3aa9..5524e485ba 100644 --- a/src/lib/libssl/test/treq.com +++ b/src/lib/libssl/test/treq.com | |||
| @@ -13,7 +13,9 @@ $ write sys$output "testing req conversions" | |||
| 13 | $ if f$search("fff.*") .nes "" then delete fff.*;* | 13 | $ if f$search("fff.*") .nes "" then delete fff.*;* | 
| 14 | $ if f$search("ff.*") .nes "" then delete ff.*;* | 14 | $ if f$search("ff.*") .nes "" then delete ff.*;* | 
| 15 | $ if f$search("f.*") .nes "" then delete f.*;* | 15 | $ if f$search("f.*") .nes "" then delete f.*;* | 
| 16 | $ copy 't' fff.p | 16 | $ convert/fdl=sys$input: 't' fff.p | 
| 17 | RECORD | ||
| 18 | FORMAT STREAM_LF | ||
| 17 | $ | 19 | $ | 
| 18 | $ write sys$output "p -> d" | 20 | $ write sys$output "p -> d" | 
| 19 | $ 'cmd' -in fff.p -inform p -outform d -out f.d | 21 | $ 'cmd' -in fff.p -inform p -outform d -out f.d | 
| diff --git a/src/lib/libssl/test/trsa.com b/src/lib/libssl/test/trsa.com index 6b6c318e2b..6dbe59ef64 100644 --- a/src/lib/libssl/test/trsa.com +++ b/src/lib/libssl/test/trsa.com | |||
| @@ -24,7 +24,9 @@ $ write sys$output "testing RSA conversions" | |||
| 24 | $ if f$search("fff.*") .nes "" then delete fff.*;* | 24 | $ if f$search("fff.*") .nes "" then delete fff.*;* | 
| 25 | $ if f$search("ff.*") .nes "" then delete ff.*;* | 25 | $ if f$search("ff.*") .nes "" then delete ff.*;* | 
| 26 | $ if f$search("f.*") .nes "" then delete f.*;* | 26 | $ if f$search("f.*") .nes "" then delete f.*;* | 
| 27 | $ copy 't' fff.p | 27 | $ convert/fdl=sys$input: 't' fff.p | 
| 28 | RECORD | ||
| 29 | FORMAT STREAM_LF | ||
| 28 | $ | 30 | $ | 
| 29 | $ write sys$output "p -> d" | 31 | $ write sys$output "p -> d" | 
| 30 | $ 'cmd' -in fff.p -inform p -outform d -out f.d | 32 | $ 'cmd' -in fff.p -inform p -outform d -out f.d | 
| diff --git a/src/lib/libssl/test/tsid.com b/src/lib/libssl/test/tsid.com index bde23f9bb9..abd1d4d737 100644 --- a/src/lib/libssl/test/tsid.com +++ b/src/lib/libssl/test/tsid.com | |||
| @@ -13,7 +13,9 @@ $ write sys$output "testing session-id conversions" | |||
| 13 | $ if f$search("fff.*") .nes "" then delete fff.*;* | 13 | $ if f$search("fff.*") .nes "" then delete fff.*;* | 
| 14 | $ if f$search("ff.*") .nes "" then delete ff.*;* | 14 | $ if f$search("ff.*") .nes "" then delete ff.*;* | 
| 15 | $ if f$search("f.*") .nes "" then delete f.*;* | 15 | $ if f$search("f.*") .nes "" then delete f.*;* | 
| 16 | $ copy 't' fff.p | 16 | $ convert/fdl=sys$input: 't' fff.p | 
| 17 | RECORD | ||
| 18 | FORMAT STREAM_LF | ||
| 17 | $ | 19 | $ | 
| 18 | $ write sys$output "p -> d" | 20 | $ write sys$output "p -> d" | 
| 19 | $ 'cmd' -in fff.p -inform p -outform d -out f.d | 21 | $ 'cmd' -in fff.p -inform p -outform d -out f.d | 
| diff --git a/src/lib/libssl/test/tx509.com b/src/lib/libssl/test/tx509.com index 985969c566..7b2592f773 100644 --- a/src/lib/libssl/test/tx509.com +++ b/src/lib/libssl/test/tx509.com | |||
| @@ -13,7 +13,9 @@ $ write sys$output "testing X509 conversions" | |||
| 13 | $ if f$search("fff.*") .nes "" then delete fff.*;* | 13 | $ if f$search("fff.*") .nes "" then delete fff.*;* | 
| 14 | $ if f$search("ff.*") .nes "" then delete ff.*;* | 14 | $ if f$search("ff.*") .nes "" then delete ff.*;* | 
| 15 | $ if f$search("f.*") .nes "" then delete f.*;* | 15 | $ if f$search("f.*") .nes "" then delete f.*;* | 
| 16 | $ copy 't' fff.p | 16 | $ convert/fdl=sys$input: 't' fff.p | 
| 17 | RECORD | ||
| 18 | FORMAT STREAM_LF | ||
| 17 | $ | 19 | $ | 
| 18 | $ write sys$output "p -> d" | 20 | $ write sys$output "p -> d" | 
| 19 | $ 'cmd' -in fff.p -inform p -outform d -out f.d | 21 | $ 'cmd' -in fff.p -inform p -outform d -out f.d | 
